Libreboot 20241206 rev11 release

fixes a few regressions in grub, since the 73 cve fixes were merged in rev10 most notably, large files sometimes failed to load in rev10, which caused some linux distros to fail booting if the initramfs file was quite large this release revision only adds GRUB fixes Signed-off-by: Leah Rowe <leah@libreboot.org>
Update the GRUB revisions
2025-07-06 17:01:29 +00:00 · 2025-04-20 17:04:33 +01:00 · 2025-04-20 16:57:57 +01:00 · 2025-04-20 16:57:40 +01:00 · 2025-02-19 22:05:59 +00:00 · 2025-02-19 22:04:04 +00:00
63 changed files with 401 additions and 210 deletions
--- a/config/git/pico-serprog/pkg.cfg
+++ b/config/git/pico-serprog/pkg.cfg
@ -1,6 +1,6 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
-rev="e75e3a20e63269a5e3189bc2e49a6a81d45a636a"
+rev="3ea792664ed29ca1ff3e2e78d1d16099684781bd"
 url="https://codeberg.org/libreboot/pico-serprog"
 bkup_url="https://git.disroot.org/libreboot/pico-serprog"
 depend="pico-sdk picotool"
--- a/config/grub/default/config/payload
+++ b/config/grub/default/config/payload
@ -1,5 +1,5 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
-# Copyright (C) 2014-2016,2020-2021,2023-2024 Leah Rowe <leah@libreboot.org>
+# Copyright (C) 2014-2016,2020-2021,2023-2025 Leah Rowe <leah@libreboot.org>
 # Copyright (C) 2015 Klemens Nanni <contact@autoboot.org>
 set prefix=(memdisk)/boot/grub
@ -143,16 +143,12 @@ menuentry 'Load Operating System (incl. fully encrypted disks)  [o]' --hotkey='o
 	# grub device enumeration is very slow, so checks are hardcoded
 	# TODO: add more strings, based on what distros set up when
 	# the user select auto-partitioning on those installers
 	lvmvol="lvm/grubcrypt-bootvol lvm/grubcrypt-rootvol"
 	raidvol="md/0 md/1 md/2 md/3 md/4 md/5 md/6 md/7 md/8 md/9"
-	# in practise, doing multiple redundant checks is perfectly fast and
+	# in practise, doing multiple redundant checks is perfectly fast
 	# TODO: optimize grub itself, and use */? here for everything
-	for vol in ${lvmvol} ${raidvol} ; do
+	for vol in ${raidvol} ; do
 		try_bootcfg "${vol}"
 	done
@ -164,6 +160,9 @@ menuentry 'Load Operating System (incl. fully encrypted disks)  [o]' --hotkey='o
 					bootdev="${bootdev} (ahci${i},${part})"
 				elif [ "${grub_disk}" = "ata" ]; then
 					bootdev="${bootdev} (ata${i},${part})"
 				elif [ "${grub_disk}" = "nvme" ]; then
 					# TODO: do we care about other namesapces
 					bootdev="${bootdev} (nvme${i}n1,${part})"
 				fi
 			done
 		done
@ -171,23 +170,37 @@ menuentry 'Load Operating System (incl. fully encrypted disks)  [o]' --hotkey='o
 	set pager=0
 	echo -n "Attempting to unlock encrypted volumes"
-	for dev in ${bootdev} ${lvmvol} ${raidvol}; do
+	for dev in ${bootdev} ${raidvol}; do
 		if cryptomount "${dev}" ; then break ; fi
 	done
 	set pager=1
 	echo
 	# after cryptomount, lvm volumes might be available
 	for vol in ${lvmvol}; do
 		try_bootcfg "${vol}"
 	done
 	search_bootcfg crypto
-	for vol in lvm/* ; do
+	lvmvol=""
-		try_bootcfg "${vol}"
+
 	# after cryptomount, lvm volumes might be available
 	# using * is slow on some machines, but we use it here,
 	# just once. in so doing, we find every lvm volume
 	for vol in (*); do
 		if regexp ^lvm/ $vol; then
 			lvmvol="${lvmvol} ${vol}"
 			try_bootcfg "${vol}"
 		fi
 	done
 	# user might have put luks inside lvm
 	set pager=0
 	echo "Attempting to unlock encrypted LVMs"
 	for vol in ${lvmvol}; do
 		cryptomount "$vol"
 	done
 	set pager=1
 	echo
 	search_bootcfg crypto
 	true # Prevent pager requiring to accept each line instead of whole screen
 }
--- a/config/grub/default/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch
+++ b/config/grub/default/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch
@ -1,4 +1,4 @@
-From 26b89e90c8d6d89f2e52b00ad15ba58fd2e1fbfb Mon Sep 17 00:00:00 2001
+From 8ccafb60665bba3759248b13d2d1683818aaf4ee Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 31 Oct 2021 03:47:05 +0000
 Subject: [PATCH 01/13] mitigate grub's missing characters for borders/arrow
--- a/config/grub/default/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch
+++ b/config/grub/default/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch
@ -1,4 +1,4 @@
-From 10d264bdfde24fcf78da6f641898eb267f83066f Mon Sep 17 00:00:00 2001
+From 3fb09986e62a9945862456d5f1d63a6ccba2c861 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sat, 19 Nov 2022 16:30:24 +0000
 Subject: [PATCH 02/13] say the name libreboot, in the grub menu
@ -8,7 +8,7 @@ Subject: [PATCH 02/13] say the name libreboot, in the grub menu
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
-index bd4431000..ff16e0f2e 100644
+index 04d058f55..b1cc8f236 100644
 --- a/grub-core/normal/main.c
 +++ b/grub-core/normal/main.c
@@ -209,7 +209,7 @@ grub_normal_init_page (struct grub_term_output *term,
@ -16,7 +16,7 @@ index bd4431000..ff16e0f2e 100644
   grub_term_cls (term);
 -  msg_formatted = grub_xasprintf (_("GNU GRUB  version %s"), PACKAGE_VERSION);
-+  msg_formatted = grub_xasprintf (_("Libreboot 20241206, 8th revision (GRUB menu): https://libreboot.org/"));
+  msg_formatted = grub_xasprintf (_("Libreboot 20241206, 11th revision (GRUB menu): https://libreboot.org/"));
   if (!msg_formatted)
     return;
--- a/config/grub/default/patches/0003-Add-CC0-license.patch
+++ b/config/grub/default/patches/0003-Add-CC0-license.patch
@ -1,4 +1,4 @@
-From 689c09a6b675ba52318cd879b289ac3d67073cd4 Mon Sep 17 00:00:00 2001
+From dc790ff2ba2702ee863c9d16e05cf843a152f3d4 Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 03/13] Add CC0 license
@ -10,10 +10,10 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 2 files changed, 4 insertions(+), 2 deletions(-)
 diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index 8ad015b07..9980bae90 100644
+index de8c3aa8d..4a3be8568 100644
 --- a/grub-core/kern/dl.c
 +++ b/grub-core/kern/dl.c
-@@ -494,7 +494,8 @@ grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e)
+@@ -495,7 +495,8 @@ grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e)
   if (grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3") == 0
       || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3+") == 0
--- a/config/grub/default/patches/0004-Define-GRUB_UINT32_MAX.patch
+++ b/config/grub/default/patches/0004-Define-GRUB_UINT32_MAX.patch
@ -1,4 +1,4 @@
-From 63dc3c9ca6e5635b5c7e7ba24c996b23e79a92e3 Mon Sep 17 00:00:00 2001
+From 298eaaca770545e19dfacd47511c2081c1fece08 Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 04/13] Define GRUB_UINT32_MAX
--- a/config/grub/default/patches/0005-Add-Argon2-algorithm.patch
+++ b/config/grub/default/patches/0005-Add-Argon2-algorithm.patch
@ -1,4 +1,4 @@
-From be6452a88ff3cbe033d37b739829e41798682510 Mon Sep 17 00:00:00 2001
+From 378aa081ac1211d0bf4043eeb0bb7d4aa534043f Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 05/13] Add Argon2 algorithm
@ -30,7 +30,7 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 create mode 100644 grub-core/lib/argon2/ref.c
 diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi
-index 3ad8e3efa..d7c6232af 100644
+index f4367f895..9d96cedf9 100644
 --- a/docs/grub-dev.texi
 +++ b/docs/grub-dev.texi
@@ -503,12 +503,76 @@ GRUB includes some code from other projects, and it is sometimes necessary
--- a/config/grub/default/patches/0006-Error-on-missing-Argon2id-parameters.patch
+++ b/config/grub/default/patches/0006-Error-on-missing-Argon2id-parameters.patch
@ -1,4 +1,4 @@
-From 39f620fbe7c4a791062b59d4a8d26c35408aca45 Mon Sep 17 00:00:00 2001
+From febaf431d235f07b97f07f935611dc168b0b35bb Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 06/13] Error on missing Argon2id parameters
@ -9,10 +9,10 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 1 file changed, 8 insertions(+), 5 deletions(-)
 diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
-index d5106402f..bc818ea69 100644
+index 8036d76ff..efae8ac65 100644
 --- a/grub-core/disk/luks2.c
 +++ b/grub-core/disk/luks2.c
-@@ -38,6 +38,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
+@@ -39,6 +39,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
 enum grub_luks2_kdf_type
 {
   LUKS2_KDF_TYPE_ARGON2I,
@ -20,7 +20,7 @@ index d5106402f..bc818ea69 100644
   LUKS2_KDF_TYPE_PBKDF2
 };
 typedef enum grub_luks2_kdf_type grub_luks2_kdf_type_t;
-@@ -90,7 +91,7 @@ struct grub_luks2_keyslot
+@@ -91,7 +92,7 @@ struct grub_luks2_keyslot
 	grub_int64_t time;
 	grub_int64_t memory;
 	grub_int64_t cpus;
@ -29,7 +29,7 @@ index d5106402f..bc818ea69 100644
       struct
       {
 	const char   *hash;
-@@ -160,10 +161,11 @@ luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot)
+@@ -161,10 +162,11 @@ luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot)
     return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing or invalid KDF");
   else if (!grub_strcmp (type, "argon2i") || !grub_strcmp (type, "argon2id"))
     {
@ -45,7 +45,7 @@ index d5106402f..bc818ea69 100644
 	return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing Argon2i parameters");
     }
   else if (!grub_strcmp (type, "pbkdf2"))
-@@ -459,6 +461,7 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+@@ -460,6 +462,7 @@ luks2_decrypt_key (grub_uint8_t *out_key,
   switch (k->kdf.type)
     {
       case LUKS2_KDF_TYPE_ARGON2I:
--- a/config/grub/default/patches/0007-Compile-with-Argon2id-support.patch
+++ b/config/grub/default/patches/0007-Compile-with-Argon2id-support.patch
@ -1,4 +1,4 @@
-From c192948ea0329d06cf4706667305b473b48c15f5 Mon Sep 17 00:00:00 2001
+From 12d3e4dfff3f92daf2f3f73cc0797425f7bb9df6 Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 07/13] Compile with Argon2id support
@ -48,18 +48,18 @@ index f5f9b040c..f1f38d8d3 100644
 module = {
 diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
-index bc818ea69..5b9eaa599 100644
+index efae8ac65..2e742f5be 100644
 --- a/grub-core/disk/luks2.c
 +++ b/grub-core/disk/luks2.c
-@@ -27,6 +27,7 @@
+@@ -28,6 +28,7 @@
 #include <grub/partition.h>
 #include <grub/i18n.h>
 #include <grub/safemath.h>
 +#include <argon2.h>
 #include <base64.h>
 #include <json.h>
-@@ -462,8 +463,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+@@ -463,8 +464,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
     {
       case LUKS2_KDF_TYPE_ARGON2I:
       case LUKS2_KDF_TYPE_ARGON2ID:
--- a/config/grub/default/patches/0008-Make-grub-install-work-with-Argon2.patch
+++ b/config/grub/default/patches/0008-Make-grub-install-work-with-Argon2.patch
@ -1,4 +1,4 @@
-From 2887e35e882a86e474052112a23608570b3f41b2 Mon Sep 17 00:00:00 2001
+From 8e639e9558c98019566743cc5723e641b1726d15 Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 08/13] Make grub-install work with Argon2
@ -9,7 +9,7 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 1 file changed, 2 insertions(+)
 diff --git a/util/grub-install.c b/util/grub-install.c
-index 7dc5657bb..cf7315891 100644
+index 060246589..059036d3c 100644
 --- a/util/grub-install.c
 +++ b/util/grub-install.c
@@ -448,6 +448,8 @@ probe_mods (grub_disk_t disk)
--- a/config/grub/default/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch
+++ b/config/grub/default/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch
@ -1,4 +1,4 @@
-From 548c5b227718783776b81d1e074b1982e76f2327 Mon Sep 17 00:00:00 2001
+From 8a098ee241040ccfdf03636f558ef6a3b431bb90 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Mon, 30 Oct 2023 22:19:21 +0000
 Subject: [PATCH 09/13] at_keyboard coreboot: force scancodes2+translate
--- a/config/grub/default/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch
+++ b/config/grub/default/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch
@ -1,4 +1,4 @@
-From 89764949b2bcfaad122800f336aa205fea4a1fed Mon Sep 17 00:00:00 2001
+From d86b69fa2c0d73440e5b990d8ab4b66c5c23fa46 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Tue, 31 Oct 2023 10:33:28 +0000
 Subject: [PATCH 10/13] keylayouts: don't print "Unknown key" message
--- a/config/grub/default/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch
+++ b/config/grub/default/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch
@ -1,4 +1,4 @@
-From c6de75a3369aebb51df1659d89a6d7024c84d85e Mon Sep 17 00:00:00 2001
+From 3726c1e12b8896e4a77cc7a2b490e933dc2c08da Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 5 Nov 2023 16:14:58 +0000
 Subject: [PATCH 11/13] don't print missing prefix errors on the screen
@ -85,10 +85,10 @@ index 18de52562..2a0fea6c8 100644
 	    }
 	  file = try_open_from_prefix (prefix, filename);
 diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index 9980bae90..4457cad7c 100644
+index 4a3be8568..6ae3d73f8 100644
 --- a/grub-core/kern/dl.c
 +++ b/grub-core/kern/dl.c
-@@ -871,7 +871,7 @@ grub_dl_load (const char *name)
+@@ -881,7 +881,7 @@ grub_dl_load (const char *name)
     return 0;
   if (! grub_dl_dir) {
--- a/config/grub/default/patches/0012-don-t-print-error-if-module-not-found.patch
+++ b/config/grub/default/patches/0012-don-t-print-error-if-module-not-found.patch
@ -1,4 +1,4 @@
-From e8e419fe16843e7b7d8c614531df9447db689d28 Mon Sep 17 00:00:00 2001
+From c86a635609a4623baa9312f5c1bebfd51f5883a1 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 5 Nov 2023 16:36:22 +0000
 Subject: [PATCH 12/13] don't print error if module not found
@ -17,10 +17,10 @@ Signed-off-by: Leah Rowe <leah@libreboot.org>
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index 4457cad7c..ea9fe8019 100644
+index 6ae3d73f8..4c15027fe 100644
 --- a/grub-core/kern/dl.c
 +++ b/grub-core/kern/dl.c
-@@ -510,7 +510,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e)
+@@ -511,7 +511,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e)
   s = grub_dl_find_section (e, ".modname");
   if (!s)
--- a/config/grub/default/patches/0013-don-t-print-empty-error-messages.patch
+++ b/config/grub/default/patches/0013-don-t-print-empty-error-messages.patch
@ -1,4 +1,4 @@
-From 6eb22aa4110b99245fd31dcaad979d5049d398d6 Mon Sep 17 00:00:00 2001
+From 715ba566042aa140cbeb06836c558460ef6f446f Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 5 Nov 2023 17:25:20 +0000
 Subject: [PATCH 13/13] don't print empty error messages
--- a/config/grub/default/target.cfg
+++ b/config/grub/default/target.cfg
@ -1,4 +1,4 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 tree="default"
-rev="6811f6f09d61996a3acbc4fc0414e45964f0e2d9"
+rev="a4da71dafeea519b034beb159dfe80c486c2107c"
--- a/config/grub/nvme/config/payload
+++ b/config/grub/nvme/config/payload
@ -1,5 +1,5 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
-# Copyright (C) 2014-2016,2020-2021,2023-2024 Leah Rowe <leah@libreboot.org>
+# Copyright (C) 2014-2016,2020-2021,2023-2025 Leah Rowe <leah@libreboot.org>
 # Copyright (C) 2015 Klemens Nanni <contact@autoboot.org>
 set prefix=(memdisk)/boot/grub
@ -155,16 +155,12 @@ menuentry 'Load Operating System (incl. fully encrypted disks)  [o]' --hotkey='o
 	# grub device enumeration is very slow, so checks are hardcoded
 	# TODO: add more strings, based on what distros set up when
 	# the user select auto-partitioning on those installers
 	lvmvol="lvm/grubcrypt-bootvol lvm/grubcrypt-rootvol"
 	raidvol="md/0 md/1 md/2 md/3 md/4 md/5 md/6 md/7 md/8 md/9"
-	# in practise, doing multiple redundant checks is perfectly fast and
+	# in practise, doing multiple redundant checks is perfectly fast
 	# TODO: optimize grub itself, and use */? here for everything
-	for vol in ${lvmvol} ${raidvol} ; do
+	for vol in ${raidvol} ; do
 		try_bootcfg "${vol}"
 	done
@ -186,23 +182,37 @@ menuentry 'Load Operating System (incl. fully encrypted disks)  [o]' --hotkey='o
 	set pager=0
 	echo -n "Attempting to unlock encrypted volumes"
-	for dev in ${bootdev} ${lvmvol} ${raidvol}; do
+	for dev in ${bootdev} ${raidvol}; do
 		if cryptomount "${dev}" ; then break ; fi
 	done
 	set pager=1
 	echo
 	# after cryptomount, lvm volumes might be available
 	for vol in ${lvmvol}; do
 		try_bootcfg "${vol}"
 	done
 	search_bootcfg crypto
-	for vol in lvm/* ; do
+	lvmvol=""
-		try_bootcfg "${vol}"
+
 	# after cryptomount, lvm volumes might be available
 	# using * is slow on some machines, but we use it here,
 	# just once. in so doing, we find every lvm volume
 	for vol in (*); do
 		if regexp ^lvm/ $vol; then
 			lvmvol="${lvmvol} ${vol}"
 			try_bootcfg "${vol}"
 		fi
 	done
 	# user might have put luks inside lvm
 	set pager=0
 	echo "Attempting to unlock encrypted LVMs"
 	for vol in ${lvmvol}; do
 		cryptomount "$vol"
 	done
 	set pager=1
 	echo
 	search_bootcfg crypto
 	true # Prevent pager requiring to accept each line instead of whole screen
 }
--- a/config/grub/nvme/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch
+++ b/config/grub/nvme/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch
@ -1,4 +1,4 @@
-From 985e87b15e60edb31d8b70f765b97cc8d436d10e Mon Sep 17 00:00:00 2001
+From 5f8189d928309146675a56279458d8bb7534ec0c Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 31 Oct 2021 03:47:05 +0000
 Subject: [PATCH 01/14] mitigate grub's missing characters for borders/arrow
--- a/config/grub/nvme/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch
+++ b/config/grub/nvme/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch
@ -1,4 +1,4 @@
-From f9ae737976ff52fc656459942dd0bdbd763e66df Mon Sep 17 00:00:00 2001
+From fce8730b8c20b7de0394976861b3d2ebcc21f425 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sat, 19 Nov 2022 16:30:24 +0000
 Subject: [PATCH 02/14] say the name libreboot, in the grub menu
@ -8,7 +8,7 @@ Subject: [PATCH 02/14] say the name libreboot, in the grub menu
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
-index bd4431000..ff16e0f2e 100644
+index 04d058f55..b1cc8f236 100644
 --- a/grub-core/normal/main.c
 +++ b/grub-core/normal/main.c
@@ -209,7 +209,7 @@ grub_normal_init_page (struct grub_term_output *term,
@ -16,7 +16,7 @@ index bd4431000..ff16e0f2e 100644
   grub_term_cls (term);
 -  msg_formatted = grub_xasprintf (_("GNU GRUB  version %s"), PACKAGE_VERSION);
-+  msg_formatted = grub_xasprintf (_("Libreboot 20241206, 8th revision (GRUB menu): https://libreboot.org/"));
+  msg_formatted = grub_xasprintf (_("Libreboot 20241206, 11th revision (GRUB menu): https://libreboot.org/"));
   if (!msg_formatted)
     return;
--- a/config/grub/nvme/patches/0003-Add-CC0-license.patch
+++ b/config/grub/nvme/patches/0003-Add-CC0-license.patch
@ -1,4 +1,4 @@
-From 40c559b7f1e402520a9044b4d3e22b7afd1bb981 Mon Sep 17 00:00:00 2001
+From 088901d1a7577b52d110803d3c6a0e198130e524 Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 03/14] Add CC0 license
@ -10,10 +10,10 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 2 files changed, 4 insertions(+), 2 deletions(-)
 diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index 8ad015b07..9980bae90 100644
+index de8c3aa8d..4a3be8568 100644
 --- a/grub-core/kern/dl.c
 +++ b/grub-core/kern/dl.c
-@@ -494,7 +494,8 @@ grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e)
+@@ -495,7 +495,8 @@ grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e)
   if (grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3") == 0
       || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3+") == 0
--- a/config/grub/nvme/patches/0004-Define-GRUB_UINT32_MAX.patch
+++ b/config/grub/nvme/patches/0004-Define-GRUB_UINT32_MAX.patch
@ -1,4 +1,4 @@
-From 2d5493a02da107e7f3673b0ff5f0920ad557df78 Mon Sep 17 00:00:00 2001
+From 1a3fdb4075f32eab6ebda0c813720f0336f1bde7 Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 04/14] Define GRUB_UINT32_MAX
--- a/config/grub/nvme/patches/0005-Add-Argon2-algorithm.patch
+++ b/config/grub/nvme/patches/0005-Add-Argon2-algorithm.patch
@ -1,4 +1,4 @@
-From 520573cfa2b370a7d72102321bb0735a86e2999c Mon Sep 17 00:00:00 2001
+From 490fb23a8bd4d669a3dc48f0581321f08f6f2020 Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 05/14] Add Argon2 algorithm
@ -30,7 +30,7 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 create mode 100644 grub-core/lib/argon2/ref.c
 diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi
-index 3ad8e3efa..d7c6232af 100644
+index f4367f895..9d96cedf9 100644
 --- a/docs/grub-dev.texi
 +++ b/docs/grub-dev.texi
@@ -503,12 +503,76 @@ GRUB includes some code from other projects, and it is sometimes necessary
--- a/config/grub/nvme/patches/0006-Error-on-missing-Argon2id-parameters.patch
+++ b/config/grub/nvme/patches/0006-Error-on-missing-Argon2id-parameters.patch
@ -1,4 +1,4 @@
-From d3b500914ce84be6bcae0f4f5fefff21e4e0ca63 Mon Sep 17 00:00:00 2001
+From c8fac788716d0c8723149eee205f1f0bdc92efbe Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 06/14] Error on missing Argon2id parameters
@ -9,10 +9,10 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 1 file changed, 8 insertions(+), 5 deletions(-)
 diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
-index d5106402f..bc818ea69 100644
+index 8036d76ff..efae8ac65 100644
 --- a/grub-core/disk/luks2.c
 +++ b/grub-core/disk/luks2.c
-@@ -38,6 +38,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
+@@ -39,6 +39,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
 enum grub_luks2_kdf_type
 {
   LUKS2_KDF_TYPE_ARGON2I,
@ -20,7 +20,7 @@ index d5106402f..bc818ea69 100644
   LUKS2_KDF_TYPE_PBKDF2
 };
 typedef enum grub_luks2_kdf_type grub_luks2_kdf_type_t;
-@@ -90,7 +91,7 @@ struct grub_luks2_keyslot
+@@ -91,7 +92,7 @@ struct grub_luks2_keyslot
 	grub_int64_t time;
 	grub_int64_t memory;
 	grub_int64_t cpus;
@ -29,7 +29,7 @@ index d5106402f..bc818ea69 100644
       struct
       {
 	const char   *hash;
-@@ -160,10 +161,11 @@ luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot)
+@@ -161,10 +162,11 @@ luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot)
     return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing or invalid KDF");
   else if (!grub_strcmp (type, "argon2i") || !grub_strcmp (type, "argon2id"))
     {
@ -45,7 +45,7 @@ index d5106402f..bc818ea69 100644
 	return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing Argon2i parameters");
     }
   else if (!grub_strcmp (type, "pbkdf2"))
-@@ -459,6 +461,7 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+@@ -460,6 +462,7 @@ luks2_decrypt_key (grub_uint8_t *out_key,
   switch (k->kdf.type)
     {
       case LUKS2_KDF_TYPE_ARGON2I:
--- a/config/grub/nvme/patches/0007-Compile-with-Argon2id-support.patch
+++ b/config/grub/nvme/patches/0007-Compile-with-Argon2id-support.patch
@ -1,4 +1,4 @@
-From 5774fd23a381d7d96e65ede9dd300b7e83fa1f06 Mon Sep 17 00:00:00 2001
+From c9046b0a40ddc43d97e93127538bec0fde62d04e Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 07/14] Compile with Argon2id support
@ -48,18 +48,18 @@ index f5f9b040c..f1f38d8d3 100644
 module = {
 diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
-index bc818ea69..5b9eaa599 100644
+index efae8ac65..2e742f5be 100644
 --- a/grub-core/disk/luks2.c
 +++ b/grub-core/disk/luks2.c
-@@ -27,6 +27,7 @@
+@@ -28,6 +28,7 @@
 #include <grub/partition.h>
 #include <grub/i18n.h>
 #include <grub/safemath.h>
 +#include <argon2.h>
 #include <base64.h>
 #include <json.h>
-@@ -462,8 +463,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+@@ -463,8 +464,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
     {
       case LUKS2_KDF_TYPE_ARGON2I:
       case LUKS2_KDF_TYPE_ARGON2ID:
--- a/config/grub/nvme/patches/0008-Make-grub-install-work-with-Argon2.patch
+++ b/config/grub/nvme/patches/0008-Make-grub-install-work-with-Argon2.patch
@ -1,4 +1,4 @@
-From b8b9be1749d4802dde57f3547a1ee91c8fec1c3e Mon Sep 17 00:00:00 2001
+From bc99124fb0de2e4b0407f5b8591306241ffc7dc1 Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
 Subject: [PATCH 08/14] Make grub-install work with Argon2
@ -9,7 +9,7 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 1 file changed, 2 insertions(+)
 diff --git a/util/grub-install.c b/util/grub-install.c
-index 7dc5657bb..cf7315891 100644
+index 060246589..059036d3c 100644
 --- a/util/grub-install.c
 +++ b/util/grub-install.c
@@ -448,6 +448,8 @@ probe_mods (grub_disk_t disk)
--- a/config/grub/nvme/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch
+++ b/config/grub/nvme/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch
@ -1,4 +1,4 @@
-From 93790c5686ea2ac4da8d2c67377fe84fd37df953 Mon Sep 17 00:00:00 2001
+From 47ee3e0a5635e99d04fb1248a4896c24ff5bc746 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Mon, 30 Oct 2023 22:19:21 +0000
 Subject: [PATCH 09/14] at_keyboard coreboot: force scancodes2+translate
--- a/config/grub/nvme/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch
+++ b/config/grub/nvme/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch
@ -1,4 +1,4 @@
-From a18f0ddb9a396828bd11f540ed134047efe4b2bd Mon Sep 17 00:00:00 2001
+From 1934b92519503bfbb8c2f331afab6a34255250ad Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Tue, 31 Oct 2023 10:33:28 +0000
 Subject: [PATCH 10/14] keylayouts: don't print "Unknown key" message
--- a/config/grub/nvme/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch
+++ b/config/grub/nvme/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch
@ -1,4 +1,4 @@
-From 233c4f1a1182fd10ef60da98dd00b687c9edbee4 Mon Sep 17 00:00:00 2001
+From 6f48f88cd472729f0274f36cef87e76a31b6db35 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 5 Nov 2023 16:14:58 +0000
 Subject: [PATCH 11/14] don't print missing prefix errors on the screen
@ -85,10 +85,10 @@ index 18de52562..2a0fea6c8 100644
 	    }
 	  file = try_open_from_prefix (prefix, filename);
 diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index 9980bae90..4457cad7c 100644
+index 4a3be8568..6ae3d73f8 100644
 --- a/grub-core/kern/dl.c
 +++ b/grub-core/kern/dl.c
-@@ -871,7 +871,7 @@ grub_dl_load (const char *name)
+@@ -881,7 +881,7 @@ grub_dl_load (const char *name)
     return 0;
   if (! grub_dl_dir) {
--- a/config/grub/nvme/patches/0012-don-t-print-error-if-module-not-found.patch
+++ b/config/grub/nvme/patches/0012-don-t-print-error-if-module-not-found.patch
@ -1,4 +1,4 @@
-From c5ef7185f0e32a1a33aca181427cbee8f22af8d2 Mon Sep 17 00:00:00 2001
+From aab095ed496aec3be4428b48a36a502426e0d275 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 5 Nov 2023 16:36:22 +0000
 Subject: [PATCH 12/14] don't print error if module not found
@ -17,10 +17,10 @@ Signed-off-by: Leah Rowe <leah@libreboot.org>
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index 4457cad7c..ea9fe8019 100644
+index 6ae3d73f8..4c15027fe 100644
 --- a/grub-core/kern/dl.c
 +++ b/grub-core/kern/dl.c
-@@ -510,7 +510,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e)
+@@ -511,7 +511,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e)
   s = grub_dl_find_section (e, ".modname");
   if (!s)
--- a/config/grub/nvme/patches/0013-don-t-print-empty-error-messages.patch
+++ b/config/grub/nvme/patches/0013-don-t-print-empty-error-messages.patch
@ -1,4 +1,4 @@
-From 8e8d7a4f391538e4c0d42226ac48f5a1325deeb5 Mon Sep 17 00:00:00 2001
+From 703903ca50b9a5705db0cf5dad1ed2561b28d886 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 5 Nov 2023 17:25:20 +0000
 Subject: [PATCH 13/14] don't print empty error messages
--- a/config/grub/nvme/patches/0014-Add-native-NVMe-driver-based-on-SeaBIOS.patch
+++ b/config/grub/nvme/patches/0014-Add-native-NVMe-driver-based-on-SeaBIOS.patch
@ -1,4 +1,4 @@
-From 0e358c800b58f8122e8d333541eba08cf1b4dbef Mon Sep 17 00:00:00 2001
+From e2d0d0695ded985463aac53f6fec5ce945bd4893 Mon Sep 17 00:00:00 2001
 From: Mate Kukri <km@mkukri.xyz>
 Date: Mon, 20 May 2024 11:43:35 +0100
 Subject: [PATCH 14/14] Add native NVMe driver based on SeaBIOS
@ -31,20 +31,19 @@ index 43635d5ff..2c86dbbf6 100644
 endif
 diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index f1f38d8d3..d09f9ffbc 100644
+index f1f38d8d3..6f45989f8 100644
 --- a/grub-core/Makefile.core.def
 +++ b/grub-core/Makefile.core.def
-@@ -2676,4 +2676,10 @@ module = {
+@@ -2677,3 +2677,9 @@ module = {
   common = tests/asn1/asn1_test.c;
   cflags = '-Wno-uninitialized';
   cppflags = '-I$(srcdir)/lib/libtasn1-grub -I$(srcdir)/tests/asn1/';
-+};
+ };
 +
 +module = {
 +  name = nvme;
 +  common = disk/nvme.c;
 +  enable = pci;
- };
+};
 diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c
 index 6806bff9c..fd68a513e 100644
 --- a/grub-core/commands/nativedisk.c
--- a/config/grub/nvme/target.cfg
+++ b/config/grub/nvme/target.cfg
@ -1,4 +1,4 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 tree="nvme"
-rev="6811f6f09d61996a3acbc4fc0414e45964f0e2d9"
+rev="a4da71dafeea519b034beb159dfe80c486c2107c"
--- a/config/grub/xhci/config/payload
+++ b/config/grub/xhci/config/payload
@ -1,5 +1,5 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
-# Copyright (C) 2014-2016,2020-2021,2023-2024 Leah Rowe <leah@libreboot.org>
+# Copyright (C) 2014-2016,2020-2021,2023-2025 Leah Rowe <leah@libreboot.org>
 # Copyright (C) 2015 Klemens Nanni <contact@autoboot.org>
 set prefix=(memdisk)/boot/grub
@ -156,16 +156,12 @@ menuentry 'Load Operating System (incl. fully encrypted disks)  [o]' --hotkey='o
 	# grub device enumeration is very slow, so checks are hardcoded
 	# TODO: add more strings, based on what distros set up when
 	# the user select auto-partitioning on those installers
 	lvmvol="lvm/grubcrypt-bootvol lvm/grubcrypt-rootvol"
 	raidvol="md/0 md/1 md/2 md/3 md/4 md/5 md/6 md/7 md/8 md/9"
-	# in practise, doing multiple redundant checks is perfectly fast and
+	# in practise, doing multiple redundant checks is perfectly fast
 	# TODO: optimize grub itself, and use */? here for everything
-	for vol in ${lvmvol} ${raidvol} ; do
+	for vol in ${raidvol} ; do
 		try_bootcfg "${vol}"
 	done
@ -187,23 +183,37 @@ menuentry 'Load Operating System (incl. fully encrypted disks)  [o]' --hotkey='o
 	set pager=0
 	echo -n "Attempting to unlock encrypted volumes"
-	for dev in ${bootdev} ${lvmvol} ${raidvol}; do
+	for dev in ${bootdev} ${raidvol}; do
 		if cryptomount "${dev}" ; then break ; fi
 	done
 	set pager=1
 	echo
 	# after cryptomount, lvm volumes might be available
 	for vol in ${lvmvol}; do
 		try_bootcfg "${vol}"
 	done
 	search_bootcfg crypto
-	for vol in lvm/* ; do
+	lvmvol=""
-		try_bootcfg "${vol}"
+
 	# after cryptomount, lvm volumes might be available
 	# using * is slow on some machines, but we use it here,
 	# just once. in so doing, we find every lvm volume
 	for vol in (*); do
 		if regexp ^lvm/ $vol; then
 			lvmvol="${lvmvol} ${vol}"
 			try_bootcfg "${vol}"
 		fi
 	done
 	# user might have put luks inside lvm
 	set pager=0
 	echo "Attempting to unlock encrypted LVMs"
 	for vol in ${lvmvol}; do
 		cryptomount "$vol"
 	done
 	set pager=1
 	echo
 	search_bootcfg crypto
 	true # Prevent pager requiring to accept each line instead of whole screen
 }
--- a/config/grub/xhci/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch
+++ b/config/grub/xhci/patches/0001-mitigate-grub-s-missing-characters-for-borders-arrow.patch
@ -1,7 +1,7 @@
-From c94b9ea258feb53773bab06bc2a6c6e66a44f867 Mon Sep 17 00:00:00 2001
+From 836f5ba3fe25ef53b4cfcd8a0a1f7a6fb9bcb21c Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 31 Oct 2021 03:47:05 +0000
-Subject: [PATCH 01/22] mitigate grub's missing characters for borders/arrow
+Subject: [PATCH 01/25] mitigate grub's missing characters for borders/arrow
 characters
 This cleans up the display on the main screen in GRUB.
--- a/config/grub/xhci/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch
+++ b/config/grub/xhci/patches/0002-say-the-name-libreboot-in-the-grub-menu.patch
@ -1,14 +1,14 @@
-From da775eafbe79e3100ca2262bde49e3e65978e83f Mon Sep 17 00:00:00 2001
+From cb5fe4b9cae34e6ebb12953f62328c883a89a9f2 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sat, 19 Nov 2022 16:30:24 +0000
-Subject: [PATCH 02/22] say the name libreboot, in the grub menu
+Subject: [PATCH 02/25] say the name libreboot, in the grub menu
 ---
 grub-core/normal/main.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
-index bd4431000..ff16e0f2e 100644
+index 04d058f55..b1cc8f236 100644
 --- a/grub-core/normal/main.c
 +++ b/grub-core/normal/main.c
@@ -209,7 +209,7 @@ grub_normal_init_page (struct grub_term_output *term,
@ -16,7 +16,7 @@ index bd4431000..ff16e0f2e 100644
   grub_term_cls (term);
 -  msg_formatted = grub_xasprintf (_("GNU GRUB  version %s"), PACKAGE_VERSION);
-+  msg_formatted = grub_xasprintf (_("Libreboot 20241206, 8th revision (GRUB menu): https://libreboot.org/"));
+  msg_formatted = grub_xasprintf (_("Libreboot 20241206, 11th revision (GRUB menu): https://libreboot.org/"));
   if (!msg_formatted)
     return;
--- a/config/grub/xhci/patches/0003-Add-CC0-license.patch
+++ b/config/grub/xhci/patches/0003-Add-CC0-license.patch
@ -1,7 +1,7 @@
-From b91e5cafa7863b5a61e97d483f98dcece374721a Mon Sep 17 00:00:00 2001
+From ef94d2c0a9dab9cb1a6888b07893fa341c463649 Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
-Subject: [PATCH 03/22] Add CC0 license
+Subject: [PATCH 03/25] Add CC0 license
 Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 ---
@ -10,10 +10,10 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 2 files changed, 4 insertions(+), 2 deletions(-)
 diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index 8ad015b07..9980bae90 100644
+index de8c3aa8d..4a3be8568 100644
 --- a/grub-core/kern/dl.c
 +++ b/grub-core/kern/dl.c
-@@ -494,7 +494,8 @@ grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e)
+@@ -495,7 +495,8 @@ grub_dl_check_license (grub_dl_t mod, Elf_Ehdr *e)
   if (grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3") == 0
       || grub_strcmp ((char *) e + s->sh_offset, "LICENSE=GPLv3+") == 0
--- a/config/grub/xhci/patches/0004-Define-GRUB_UINT32_MAX.patch
+++ b/config/grub/xhci/patches/0004-Define-GRUB_UINT32_MAX.patch
@ -1,7 +1,7 @@
-From 58e0d7b7bcec2392b81dda613d070804f7c68cf5 Mon Sep 17 00:00:00 2001
+From aebfb4ee87203cc0dbe53ae1e951061efb73452f Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
-Subject: [PATCH 04/22] Define GRUB_UINT32_MAX
+Subject: [PATCH 04/25] Define GRUB_UINT32_MAX
 Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 ---
--- a/config/grub/xhci/patches/0005-Add-Argon2-algorithm.patch
+++ b/config/grub/xhci/patches/0005-Add-Argon2-algorithm.patch
@ -1,7 +1,7 @@
-From 65a9b252b79d5d1fa022e3da9ef91459ad8efb94 Mon Sep 17 00:00:00 2001
+From 22a609e508350e2606f90f96d9d0569b2294cfcf Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
-Subject: [PATCH 05/22] Add Argon2 algorithm
+Subject: [PATCH 05/25] Add Argon2 algorithm
 Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 ---
@ -30,7 +30,7 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 create mode 100644 grub-core/lib/argon2/ref.c
 diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi
-index 3ad8e3efa..d7c6232af 100644
+index f4367f895..9d96cedf9 100644
 --- a/docs/grub-dev.texi
 +++ b/docs/grub-dev.texi
@@ -503,12 +503,76 @@ GRUB includes some code from other projects, and it is sometimes necessary
--- a/config/grub/xhci/patches/0006-Error-on-missing-Argon2id-parameters.patch
+++ b/config/grub/xhci/patches/0006-Error-on-missing-Argon2id-parameters.patch
@ -1,7 +1,7 @@
-From 809908898f9d67979885a651b295ca1fa066039c Mon Sep 17 00:00:00 2001
+From 0c0da88e7619e5424ef062ea6867dfe32f032164 Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
-Subject: [PATCH 06/22] Error on missing Argon2id parameters
+Subject: [PATCH 06/25] Error on missing Argon2id parameters
 Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 ---
@ -9,10 +9,10 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 1 file changed, 8 insertions(+), 5 deletions(-)
 diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
-index d5106402f..bc818ea69 100644
+index 8036d76ff..efae8ac65 100644
 --- a/grub-core/disk/luks2.c
 +++ b/grub-core/disk/luks2.c
-@@ -38,6 +38,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
+@@ -39,6 +39,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
 enum grub_luks2_kdf_type
 {
   LUKS2_KDF_TYPE_ARGON2I,
@ -20,7 +20,7 @@ index d5106402f..bc818ea69 100644
   LUKS2_KDF_TYPE_PBKDF2
 };
 typedef enum grub_luks2_kdf_type grub_luks2_kdf_type_t;
-@@ -90,7 +91,7 @@ struct grub_luks2_keyslot
+@@ -91,7 +92,7 @@ struct grub_luks2_keyslot
 	grub_int64_t time;
 	grub_int64_t memory;
 	grub_int64_t cpus;
@ -29,7 +29,7 @@ index d5106402f..bc818ea69 100644
       struct
       {
 	const char   *hash;
-@@ -160,10 +161,11 @@ luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot)
+@@ -161,10 +162,11 @@ luks2_parse_keyslot (grub_luks2_keyslot_t *out, const grub_json_t *keyslot)
     return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing or invalid KDF");
   else if (!grub_strcmp (type, "argon2i") || !grub_strcmp (type, "argon2id"))
     {
@ -45,7 +45,7 @@ index d5106402f..bc818ea69 100644
 	return grub_error (GRUB_ERR_BAD_ARGUMENT, "Missing Argon2i parameters");
     }
   else if (!grub_strcmp (type, "pbkdf2"))
-@@ -459,6 +461,7 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+@@ -460,6 +462,7 @@ luks2_decrypt_key (grub_uint8_t *out_key,
   switch (k->kdf.type)
     {
       case LUKS2_KDF_TYPE_ARGON2I:
--- a/config/grub/xhci/patches/0007-Compile-with-Argon2id-support.patch
+++ b/config/grub/xhci/patches/0007-Compile-with-Argon2id-support.patch
@ -1,7 +1,7 @@
-From 26ae5da9ed8382869b699a653988e6c8f32bd3d1 Mon Sep 17 00:00:00 2001
+From 2a52c5c4f481469667c7c00e43befac28645d57f Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
-Subject: [PATCH 07/22] Compile with Argon2id support
+Subject: [PATCH 07/25] Compile with Argon2id support
 Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 ---
@ -48,18 +48,18 @@ index f5f9b040c..f1f38d8d3 100644
 module = {
 diff --git a/grub-core/disk/luks2.c b/grub-core/disk/luks2.c
-index bc818ea69..5b9eaa599 100644
+index efae8ac65..2e742f5be 100644
 --- a/grub-core/disk/luks2.c
 +++ b/grub-core/disk/luks2.c
-@@ -27,6 +27,7 @@
+@@ -28,6 +28,7 @@
 #include <grub/partition.h>
 #include <grub/i18n.h>
 #include <grub/safemath.h>
 +#include <argon2.h>
 #include <base64.h>
 #include <json.h>
-@@ -462,8 +463,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
+@@ -463,8 +464,16 @@ luks2_decrypt_key (grub_uint8_t *out_key,
     {
       case LUKS2_KDF_TYPE_ARGON2I:
       case LUKS2_KDF_TYPE_ARGON2ID:
--- a/config/grub/xhci/patches/0008-Make-grub-install-work-with-Argon2.patch
+++ b/config/grub/xhci/patches/0008-Make-grub-install-work-with-Argon2.patch
@ -1,7 +1,7 @@
-From 6ce0b0629aa1377237c19290f33008ff81969962 Mon Sep 17 00:00:00 2001
+From 15076c6c38f4b7bc8e684974a908295478fbae9d Mon Sep 17 00:00:00 2001
 From: Ax333l <main@axelen.xyz>
 Date: Thu, 17 Aug 2023 00:00:00 +0000
-Subject: [PATCH 08/22] Make grub-install work with Argon2
+Subject: [PATCH 08/25] Make grub-install work with Argon2
 Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 ---
@ -9,7 +9,7 @@ Signed-off-by: Nicholas Johnson <nick@nicholasjohnson.ch>
 1 file changed, 2 insertions(+)
 diff --git a/util/grub-install.c b/util/grub-install.c
-index 7dc5657bb..cf7315891 100644
+index 060246589..059036d3c 100644
 --- a/util/grub-install.c
 +++ b/util/grub-install.c
@@ -448,6 +448,8 @@ probe_mods (grub_disk_t disk)
--- a/config/grub/xhci/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch
+++ b/config/grub/xhci/patches/0009-at_keyboard-coreboot-force-scancodes2-translate.patch
@ -1,7 +1,7 @@
-From 3f69e2c35ccf2a37fd35f1821c7b85cc6df07ca7 Mon Sep 17 00:00:00 2001
+From 696f0d54d306472ad00b46e5a702080ae16d0101 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Mon, 30 Oct 2023 22:19:21 +0000
-Subject: [PATCH 09/22] at_keyboard coreboot: force scancodes2+translate
+Subject: [PATCH 09/25] at_keyboard coreboot: force scancodes2+translate
 Scan code set 2 with translation should be assumed in
 every case, as the default starting position.
--- a/config/grub/xhci/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch
+++ b/config/grub/xhci/patches/0010-keylayouts-don-t-print-Unknown-key-message.patch
@ -1,7 +1,7 @@
-From 44befdaa1ee588591f46c13d057fdef56b87218c Mon Sep 17 00:00:00 2001
+From 907e8f373bac0c618c491a3a5cb4137d4446de05 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Tue, 31 Oct 2023 10:33:28 +0000
-Subject: [PATCH 10/22] keylayouts: don't print "Unknown key" message
+Subject: [PATCH 10/25] keylayouts: don't print "Unknown key" message
 on keyboards with stuck keys, this results in GRUB just
 spewing it repeatedly, preventing use of GRUB.
--- a/config/grub/xhci/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch
+++ b/config/grub/xhci/patches/0011-don-t-print-missing-prefix-errors-on-the-screen.patch
@ -1,7 +1,7 @@
-From bfecf6d86ccf82fb85af93600931cee589891089 Mon Sep 17 00:00:00 2001
+From b5693f53db4d337b4345192da08130b0f2f9bd08 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 5 Nov 2023 16:14:58 +0000
-Subject: [PATCH 11/22] don't print missing prefix errors on the screen
+Subject: [PATCH 11/25] don't print missing prefix errors on the screen
 we do actually set the prefix. this patch modifies
 grub to still set grub_errno and return accordingly,
@ -85,10 +85,10 @@ index 18de52562..2a0fea6c8 100644
 	    }
 	  file = try_open_from_prefix (prefix, filename);
 diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index 9980bae90..4457cad7c 100644
+index 4a3be8568..6ae3d73f8 100644
 --- a/grub-core/kern/dl.c
 +++ b/grub-core/kern/dl.c
-@@ -871,7 +871,7 @@ grub_dl_load (const char *name)
+@@ -881,7 +881,7 @@ grub_dl_load (const char *name)
     return 0;
   if (! grub_dl_dir) {
--- a/config/grub/xhci/patches/0012-don-t-print-error-if-module-not-found.patch
+++ b/config/grub/xhci/patches/0012-don-t-print-error-if-module-not-found.patch
@ -1,7 +1,7 @@
-From f44fc56f06559313841de2b53637020fbe139803 Mon Sep 17 00:00:00 2001
+From 55c2e4b1d413fa03d9597007b16d136b3a6fa713 Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 5 Nov 2023 16:36:22 +0000
-Subject: [PATCH 12/22] don't print error if module not found
+Subject: [PATCH 12/25] don't print error if module not found
 still set grub_errno accordingly, and otherwise
 behave the same. in libreboot, we remove a lot of
@ -17,10 +17,10 @@ Signed-off-by: Leah Rowe <leah@libreboot.org>
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
-index 4457cad7c..ea9fe8019 100644
+index 6ae3d73f8..4c15027fe 100644
 --- a/grub-core/kern/dl.c
 +++ b/grub-core/kern/dl.c
-@@ -510,7 +510,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e)
+@@ -511,7 +511,7 @@ grub_dl_resolve_name (grub_dl_t mod, Elf_Ehdr *e)
   s = grub_dl_find_section (e, ".modname");
   if (!s)
--- a/config/grub/xhci/patches/0013-don-t-print-empty-error-messages.patch
+++ b/config/grub/xhci/patches/0013-don-t-print-empty-error-messages.patch
@ -1,7 +1,7 @@
-From e459ed55902003644e7bcd76361cc43247231a99 Mon Sep 17 00:00:00 2001
+From 93210cf7c046c0c9c8c77ffde4397a25d391c64d Mon Sep 17 00:00:00 2001
 From: Leah Rowe <leah@libreboot.org>
 Date: Sun, 5 Nov 2023 17:25:20 +0000
-Subject: [PATCH 13/22] don't print empty error messages
+Subject: [PATCH 13/25] don't print empty error messages
 this is part two of the quest to kill the prefix
 error message. after i disabled prefix-related
--- a/config/grub/xhci/patches/0014-grub-core-bus-usb-Parse-SuperSpeed-companion-descrip.patch
+++ b/config/grub/xhci/patches/0014-grub-core-bus-usb-Parse-SuperSpeed-companion-descrip.patch
@ -1,7 +1,7 @@
-From 85fdf29d37b58be96042d6df24f8bc08bba9906d Mon Sep 17 00:00:00 2001
+From a216d09bffcb2f2bff96445cca412c9328b4a6bf Mon Sep 17 00:00:00 2001
 From: Patrick Rudolph <patrick.rudolph@9elements.com>
 Date: Sun, 15 Nov 2020 19:00:27 +0100
-Subject: [PATCH 14/22] grub-core/bus/usb: Parse SuperSpeed companion
+Subject: [PATCH 14/25] grub-core/bus/usb: Parse SuperSpeed companion
 descriptors
 Parse the SS_ENDPOINT_COMPANION descriptor, which is only present on USB 3.0
--- a/config/grub/xhci/patches/0015-usb-Add-enum-for-xHCI.patch
+++ b/config/grub/xhci/patches/0015-usb-Add-enum-for-xHCI.patch
@ -1,7 +1,7 @@
-From 26a5ed135c94b295b9a0037f5e7201eb5d38fde4 Mon Sep 17 00:00:00 2001
+From cb56fbac65869f04fcf9b0b4b360f4ccc6deabed Mon Sep 17 00:00:00 2001
 From: Patrick Rudolph <patrick.rudolph@9elements.com>
-Date: Sun, 15 Nov 2020 19:47:06 +0100
+Date: Mon, 7 Dec 2020 08:41:22 +0100
-Subject: [PATCH 15/22] usb: Add enum for xHCI
+Subject: [PATCH 15/25] usb: Add enum for xHCI
 Will be used in future patches.
--- a/config/grub/xhci/patches/0016-usbtrans-Set-default-maximum-packet-size.patch
+++ b/config/grub/xhci/patches/0016-usbtrans-Set-default-maximum-packet-size.patch
@ -1,7 +1,7 @@
-From 13bc84d9f43328ba47273cbcf87c517398dcfc93 Mon Sep 17 00:00:00 2001
+From 3c735bf84a74e5a5612ca9b59868e050da8a46fe Mon Sep 17 00:00:00 2001
 From: Patrick Rudolph <patrick.rudolph@9elements.com>
-Date: Sun, 15 Nov 2020 19:48:03 +0100
+Date: Mon, 7 Dec 2020 08:41:23 +0100
-Subject: [PATCH 16/22] usbtrans: Set default maximum packet size
+Subject: [PATCH 16/25] usbtrans: Set default maximum packet size
 Set the maximum packet size to 512 for SuperSpeed devices.
--- a/config/grub/xhci/patches/0017-grub-core-bus-usb-Add-function-pointer-for-attach-de.patch
+++ b/config/grub/xhci/patches/0017-grub-core-bus-usb-Add-function-pointer-for-attach-de.patch
@ -1,7 +1,7 @@
-From 1518589ff286b54a27d4b11f017cb43c90cbf566 Mon Sep 17 00:00:00 2001
+From c01366a852d40e060fc060dda6cf2891c9c50bd0 Mon Sep 17 00:00:00 2001
 From: Patrick Rudolph <patrick.rudolph@9elements.com>
 Date: Sun, 15 Nov 2020 19:51:42 +0100
-Subject: [PATCH 17/22] grub-core/bus/usb: Add function pointer for
+Subject: [PATCH 17/25] grub-core/bus/usb: Add function pointer for
 attach/detach events
 The xHCI code needs to be called for attaching or detaching a device.
@ -19,7 +19,7 @@ Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
 5 files changed, 29 insertions(+)
 diff --git a/grub-core/bus/usb/ehci.c b/grub-core/bus/usb/ehci.c
-index 9abebc6bd..953b851c0 100644
+index 2db07c7c0..1ee056015 100644
 --- a/grub-core/bus/usb/ehci.c
 +++ b/grub-core/bus/usb/ehci.c
@@ -1812,6 +1812,8 @@ static struct grub_usb_controller_dev usb_controller = {
--- a/config/grub/xhci/patches/0018-grub-core-bus-usb-usbhub-Add-new-private-fields-for-.patch
+++ b/config/grub/xhci/patches/0018-grub-core-bus-usb-usbhub-Add-new-private-fields-for-.patch
@ -1,7 +1,7 @@
-From 8dd981a95cc7731b63b2d79ce6f98ce2d6b5a993 Mon Sep 17 00:00:00 2001
+From 1ec77a83178e5c1c005b6b27139287f1463f1b49 Mon Sep 17 00:00:00 2001
 From: Patrick Rudolph <patrick.rudolph@9elements.com>
-Date: Sun, 15 Nov 2020 19:54:40 +0100
+Date: Mon, 7 Dec 2020 08:41:25 +0100
-Subject: [PATCH 18/22] grub-core/bus/usb/usbhub: Add new private fields for
+Subject: [PATCH 18/25] grub-core/bus/usb/usbhub: Add new private fields for
 xHCI controller
 Store the root port number, the route, consisting out of the port ID
--- a/config/grub/xhci/patches/0019-grub-core-bus-usb-Add-xhci-support.patch
+++ b/config/grub/xhci/patches/0019-grub-core-bus-usb-Add-xhci-support.patch
@ -1,7 +1,7 @@
-From dde187c07a8f2a1d3357aa362ffcc0fe8dab72d7 Mon Sep 17 00:00:00 2001
+From 03998bc9b74366ecf64d5f76fe4b398ec7fc5d31 Mon Sep 17 00:00:00 2001
 From: Patrick Rudolph <patrick.rudolph@9elements.com>
-Date: Sun, 15 Nov 2020 19:59:25 +0100
+Date: Mon, 7 Dec 2020 08:41:26 +0100
-Subject: [PATCH 19/22] grub-core/bus/usb: Add xhci support
+Subject: [PATCH 19/25] grub-core/bus/usb: Add xhci support
 Add support for xHCI USB controllers.
 The code is based on seabios implementation, but has been heavily
@ -41,13 +41,6 @@ TODO:
  * Test on USB3 hubs
  * Support for USB 3.1 and USB 3.2 controllers
 Tested on qemu using coreboot and grub as payload:
 qemu-system-x86_64 -M q35 -bios $firmware -device qemu-xhci,id=xhci -accel kvm -m 1024M \
 	-device usb-storage,drive=thumbdrive,bus=xhci.0,port=3 \
 	-drive if=none,format=raw,id=thumbdrive,file=ubuntu-20.04.1-desktop-amd64.iso \
 	-device usb-kbd,bus=xhci.0
 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
 Signed-off-by: sylv <sylv@sylv.io>
 ---
--- a/config/grub/xhci/patches/0020-grub-core-bus-usb-usbhub-Add-xHCI-non-root-hub-suppo.patch
+++ b/config/grub/xhci/patches/0020-grub-core-bus-usb-usbhub-Add-xHCI-non-root-hub-suppo.patch
@ -1,7 +1,7 @@
-From 28856bd0646e0396b3d5249a99b731f2743aec5a Mon Sep 17 00:00:00 2001
+From 7571efed2cdd949a203401630a19f42c74095797 Mon Sep 17 00:00:00 2001
 From: Patrick Rudolph <patrick.rudolph@9elements.com>
-Date: Thu, 3 Dec 2020 13:44:55 +0100
+Date: Mon, 7 Dec 2020 08:41:27 +0100
-Subject: [PATCH 20/22] grub-core/bus/usb/usbhub: Add xHCI non root hub support
+Subject: [PATCH 20/25] grub-core/bus/usb/usbhub: Add xHCI non root hub support
 Tested on Intel PCH C246, the USB3 hub can be configured by grub.
--- a/config/grub/xhci/patches/0021-xHCI-also-accept-SBRN-0x31-and-0x32.patch
+++ b/config/grub/xhci/patches/0021-xHCI-also-accept-SBRN-0x31-and-0x32.patch
@ -0,0 +1,26 @@
 From 0c58853bd1e4ca63cdeb5b5ef949d78cbd9028d0 Mon Sep 17 00:00:00 2001
 From: Sven Anderson <sven@anderson.de>
 Date: Sat, 28 May 2022 21:39:23 +0200
 Subject: [PATCH 21/25] xHCI: also accept SBRN 0x31 and 0x32
 Signed-off-by: Sven Anderson <sven@anderson.de>
 ---
 grub-core/bus/usb/xhci-pci.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/grub-core/bus/usb/xhci-pci.c b/grub-core/bus/usb/xhci-pci.c
 index a5bd3c97d..cde21f57a 100644
 --- a/grub-core/bus/usb/xhci-pci.c
 +++ b/grub-core/bus/usb/xhci-pci.c
@@ -76,7 +76,7 @@ grub_xhci_pci_iter (grub_pci_device_t dev, grub_pci_id_t pciid,
       /* Check Serial Bus Release Number */
       addr = grub_pci_make_address (dev, GRUB_XHCI_PCI_SBRN_REG);
       release = grub_pci_read_byte (addr);
 -      if (release != 0x30)
 +      if (release != 0x30 && release != 0x31 &&release != 0x32)
 	{
 	  grub_dprintf ("xhci", "XHCI grub_xhci_pci_iter: Wrong SBRN: %0x\n",
 			release);
 -- 
 2.39.5
--- a/config/grub/xhci/patches/0022-xhci-fix-port-indexing.patch
+++ b/config/grub/xhci/patches/0022-xhci-fix-port-indexing.patch
@ -0,0 +1,43 @@
 From 0da64bd7a144361198ee3dbcd4921fbbdf5c08fa Mon Sep 17 00:00:00 2001
 From: Sven Anderson <sven@anderson.de>
 Date: Mon, 13 Jan 2025 19:51:41 +0100
 Subject: [PATCH 22/25] xhci: fix port indexing
 ---
 grub-core/bus/usb/xhci.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
 diff --git a/grub-core/bus/usb/xhci.c b/grub-core/bus/usb/xhci.c
 index f4591ffb5..dc89b9619 100644
 --- a/grub-core/bus/usb/xhci.c
 +++ b/grub-core/bus/usb/xhci.c
@@ -2250,7 +2250,7 @@ grub_xhci_detect_dev (grub_usb_controller_t dev, int port, int *changed)
   *changed = 0;
   grub_dprintf("xhci", "%s: dev=%p USB%d_%d port %d\n", __func__, dev,
 -	       x->psids[port-1].major, x->psids[port-1].minor, port);
 +	       x->psids[port].major, x->psids[port].minor, port);
   /* On shutdown advertise all ports as disconnected. This will trigger
    * a gracefull detatch. */
@@ -2285,13 +2285,13 @@ grub_xhci_detect_dev (grub_usb_controller_t dev, int port, int *changed)
   if (!(portsc & GRUB_XHCI_PORTSC_CCS))
     return GRUB_USB_SPEED_NONE;
 -  for (grub_uint8_t i = 0; i < 16 && x->psids[port-1].psids[i].id > 0; i++)
 +  for (grub_uint8_t i = 0; i < 16 && x->psids[port].psids[i].id > 0; i++)
     {
 -      if (x->psids[port-1].psids[i].id == speed)
 +      if (x->psids[port].psids[i].id == speed)
         {
 	  grub_dprintf("xhci", "%s: grub_usb_speed = %d\n", __func__,
 -		       x->psids[port-1].psids[i].grub_usb_speed );
 -	  return x->psids[port-1].psids[i].grub_usb_speed;
 +		       x->psids[port].psids[i].grub_usb_speed );
 +	  return x->psids[port].psids[i].grub_usb_speed;
 	}
     }
 -- 
 2.39.5
--- a/config/grub/xhci/patches/0023-xhci-configure-TT-for-non-root-hubs.patch
+++ b/config/grub/xhci/patches/0023-xhci-configure-TT-for-non-root-hubs.patch
@ -0,0 +1,98 @@
 From fa9c2124b1ca476f8b2ce168d56527100757ef90 Mon Sep 17 00:00:00 2001
 From: Sven Anderson <sven@anderson.de>
 Date: Mon, 13 Jan 2025 20:26:32 +0100
 Subject: [PATCH 23/25] xhci: configure TT for non-root-hubs
 ---
 grub-core/bus/usb/usbhub.c |  6 +++++
 grub-core/bus/usb/xhci.c   | 45 +++++++++++++++++++++++++++++++++-----
 include/grub/usb.h         |  2 ++
 3 files changed, 47 insertions(+), 6 deletions(-)
 diff --git a/grub-core/bus/usb/usbhub.c b/grub-core/bus/usb/usbhub.c
 index e96505aa9..629b3ed53 100644
 --- a/grub-core/bus/usb/usbhub.c
 +++ b/grub-core/bus/usb/usbhub.c
@@ -818,3 +818,9 @@ grub_usb_iterate (grub_usb_iterate_hook_t hook, void *hook_data)
   return 0;
 }
 +
 +grub_usb_device_t
 +grub_usb_get_dev (int addr)
 +{
 +  return grub_usb_devs[addr];
 +}
 diff --git a/grub-core/bus/usb/xhci.c b/grub-core/bus/usb/xhci.c
 index dc89b9619..88c9ac57f 100644
 --- a/grub-core/bus/usb/xhci.c
 +++ b/grub-core/bus/usb/xhci.c
@@ -623,13 +623,46 @@ grub_xhci_alloc_inctx(struct grub_xhci *x, int maxepid,
       break;
   }
 -  /* Route is greater zero on devices that are connected to a non root hub */
 -  if (dev->route)
 -    {
 -      /* FIXME: Implement this code for non SuperSpeed hub devices */
 +  /* Set routing string */
 +  slot->ctx[0] |= dev->route;
 +
 +  /* Set root hub port number */
 +  slot->ctx[1] |= (dev->root_port + 1) << 16;
 +
 +  if (dev->split_hubaddr && (dev->speed == GRUB_USB_SPEED_LOW ||
 +                            dev->speed == GRUB_USB_SPEED_FULL)) {
 +
 +    grub_usb_device_t hubdev = grub_usb_get_dev(dev->split_hubaddr);
 +
 +    if (!hubdev || hubdev->descdev.class != GRUB_USB_CLASS_HUB) {
 +      grub_dprintf("xhci", "Invalid hub device at addr %d!\n", dev->split_hubaddr);
 +      return NULL;
 +    }
 +
 +    struct grub_xhci_priv *hub_priv = hubdev->xhci_priv;
 +    if (!hub_priv) {
 +      grub_dprintf("xhci", "Hub has no xhci_priv!\n"); 
 +      return NULL;
 +    }
 +
 +    if (hubdev->speed == GRUB_USB_SPEED_HIGH) {
 +      /* Direct connection to high-speed hub - set up TT */
 +      grub_dprintf("xhci", "Direct high-speed hub connection - configuring TT with "
 +                   "hub slot %d port %d\n", hub_priv->slotid, dev->split_hubport);
 +      slot->ctx[2] |= hub_priv->slotid;
 +      slot->ctx[2] |= dev->split_hubport << 8;
     }
 -  slot->ctx[0]    |= dev->route;
 -  slot->ctx[1]    |= (dev->root_port+1) << 16;
 +    else {
 +      /* Hub is not high-speed, inherit TT settings from parent */
 +      volatile struct grub_xhci_slotctx *hubslot;
 +      grub_dprintf("xhci", "Non high-speed hub - inheriting TT settings from parent\n");
 +      hubslot = grub_dma_phys2virt(x->devs[hub_priv->slotid].ptr_low, x->devs_dma);
 +      slot->ctx[2] = hubslot->ctx[2];
 +    }
 +  }
 +
 +  grub_dprintf("xhci", "Slot context: ctx[0]=0x%08x ctx[1]=0x%08x ctx[2]=0x%08x\n",
 +               slot->ctx[0], slot->ctx[1], slot->ctx[2]);
   grub_arch_sync_dma_caches(in, size);
 diff --git a/include/grub/usb.h b/include/grub/usb.h
 index eb71fa1c7..df97a60cc 100644
 --- a/include/grub/usb.h
 +++ b/include/grub/usb.h
@@ -62,6 +62,8 @@ typedef int (*grub_usb_controller_iterate_hook_t) (grub_usb_controller_t dev,
 /* Call HOOK with each device, until HOOK returns non-zero.  */
 int grub_usb_iterate (grub_usb_iterate_hook_t hook, void *hook_data);
 +grub_usb_device_t grub_usb_get_dev (int addr);
 +
 grub_usb_err_t grub_usb_device_initialize (grub_usb_device_t dev);
 grub_usb_err_t grub_usb_get_descriptor (grub_usb_device_t dev,
 -- 
 2.39.5
--- a/config/grub/xhci/patches/0024-Fix-compilation-on-x86_64.patch
+++ b/config/grub/xhci/patches/0024-Fix-compilation-on-x86_64.patch
@ -1,7 +1,7 @@
-From 040942842dc05c9b94c9be21f01b08da3e25fe6d Mon Sep 17 00:00:00 2001
+From b049a11e2cf54e51b3a9fd4d3435089999e61702 Mon Sep 17 00:00:00 2001
 From: Patrick Rudolph <patrick.rudolph@9elements.com>
 Date: Wed, 24 Feb 2021 08:25:41 +0100
-Subject: [PATCH 21/22] Fix compilation on x86_64
+Subject: [PATCH 24/25] Fix compilation on x86_64
 Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
 ---
@ -9,7 +9,7 @@ Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
 1 file changed, 16 insertions(+), 8 deletions(-)
 diff --git a/grub-core/bus/usb/xhci.c b/grub-core/bus/usb/xhci.c
-index f4591ffb5..3495bb919 100644
+index 88c9ac57f..9b9bae6e5 100644
 --- a/grub-core/bus/usb/xhci.c
 +++ b/grub-core/bus/usb/xhci.c
@@ -184,7 +184,7 @@ enum
@ -36,7 +36,7 @@ index f4591ffb5..3495bb919 100644
 static inline grub_uint32_t
 grub_xhci_port_read (struct grub_xhci *x, grub_uint32_t port)
 {
-@@ -664,7 +672,7 @@ static void xhci_process_events(struct grub_xhci *x)
+@@ -697,7 +705,7 @@ static void xhci_process_events(struct grub_xhci *x)
 	    case ER_TRANSFER:
 	    case ER_COMMAND_COMPLETE:
 	      {
@ -45,7 +45,7 @@ index f4591ffb5..3495bb919 100644
 		struct grub_xhci_ring *ring = XHCI_RING(rtrb);
 		volatile struct grub_xhci_trb  *evt = &ring->evt;
 		grub_uint32_t eidx = rtrb - ring->ring + 1;
-@@ -697,9 +705,9 @@ static void xhci_process_events(struct grub_xhci *x)
+@@ -730,9 +738,9 @@ static void xhci_process_events(struct grub_xhci *x)
 	  }
 	grub_xhci_write32(&evts->nidx, nidx);
 	volatile struct grub_xhci_ir *ir = x->ir;
@ -58,7 +58,7 @@ index f4591ffb5..3495bb919 100644
     }
 }
-@@ -800,7 +808,7 @@ static void xhci_trb_queue(volatile struct grub_xhci_ring *ring,
+@@ -833,7 +841,7 @@ static void xhci_trb_queue(volatile struct grub_xhci_ring *ring,
 			   grub_uint32_t xferlen, grub_uint32_t flags)
 {
   grub_dprintf("xhci", "%s: ring %p data %llx len %d flags 0x%x remain 0x%x\n", __func__,
@ -67,7 +67,7 @@ index f4591ffb5..3495bb919 100644
   if (xhci_ring_full(ring))
     {
-@@ -1907,7 +1915,7 @@ grub_xhci_setup_transfer (grub_usb_controller_t dev,
+@@ -1940,7 +1948,7 @@ grub_xhci_setup_transfer (grub_usb_controller_t dev,
   if (transfer->type == GRUB_USB_TRANSACTION_TYPE_CONTROL)
   {
     volatile struct grub_usb_packet_setup *setupdata;
@ -76,7 +76,7 @@ index f4591ffb5..3495bb919 100644
     grub_dprintf("xhci", "%s: CONTROLL TRANS req %d\n", __func__, setupdata->request);
     grub_dprintf("xhci", "%s: CONTROLL TRANS length %d\n", __func__, setupdata->length);
-@@ -1974,7 +1982,7 @@ grub_xhci_setup_transfer (grub_usb_controller_t dev,
+@@ -2007,7 +2015,7 @@ grub_xhci_setup_transfer (grub_usb_controller_t dev,
 	/* Assume the ring has enough free space for all TRBs */
 	if (flags & TRB_TR_IDT && tr->size <= (int)sizeof(inline_data))
 	  {
--- a/config/grub/xhci/patches/0025-Add-native-NVMe-driver-based-on-SeaBIOS.patch
+++ b/config/grub/xhci/patches/0025-Add-native-NVMe-driver-based-on-SeaBIOS.patch
@ -1,7 +1,7 @@
-From 2fb0de8881bd2fe637d05bec0ae887f380434b7d Mon Sep 17 00:00:00 2001
+From 7bb8bb98b86fc97e1ce04e6169d517acbd476e1e Mon Sep 17 00:00:00 2001
 From: Mate Kukri <km@mkukri.xyz>
 Date: Mon, 20 May 2024 11:43:35 +0100
-Subject: [PATCH 22/22] Add native NVMe driver based on SeaBIOS
+Subject: [PATCH 25/25] Add native NVMe driver based on SeaBIOS
 Tested to successfully boot Debian on QEMU and OptiPlex 3050.
@ -31,20 +31,19 @@ index 65016f856..7bc0866ba 100644
 endif
 diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
-index fda723f0c..27a707fda 100644
+index fda723f0c..367e4b5e6 100644
 --- a/grub-core/Makefile.core.def
 +++ b/grub-core/Makefile.core.def
-@@ -2683,4 +2683,10 @@ module = {
+@@ -2684,3 +2684,9 @@ module = {
   common = tests/asn1/asn1_test.c;
   cflags = '-Wno-uninitialized';
   cppflags = '-I$(srcdir)/lib/libtasn1-grub -I$(srcdir)/tests/asn1/';
-+};
+ };
 +
 +module = {
 +  name = nvme;
 +  common = disk/nvme.c;
 +  enable = pci;
- };
+};
 diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c
 index 6806bff9c..fd68a513e 100644
 --- a/grub-core/commands/nativedisk.c
--- a/config/grub/xhci/target.cfg
+++ b/config/grub/xhci/target.cfg
@ -1,4 +1,4 @@
 # SPDX-License-Identifier: GPL-3.0-or-later
 tree="xhci"
-rev="6811f6f09d61996a3acbc4fc0414e45964f0e2d9"
+rev="a4da71dafeea519b034beb159dfe80c486c2107c"
--- a/config/seabios/default/patches/0003-Print-the-Libreboot-version-in-the-SeaBIOS-menu.patch
+++ b/config/seabios/default/patches/0003-Print-the-Libreboot-version-in-the-SeaBIOS-menu.patch
@ -17,7 +17,7 @@ index 538b316d..8746098c 100644
     // Write to screen.
 -    printf("SeaBIOS (version %s)\n", VERSION);
-+    printf("Libreboot 20241206, 8th revision (SeaBIOS menu): https://libreboot.org/\n");
+    printf("Libreboot 20241206, 11th revision (SeaBIOS menu): https://libreboot.org/\n");
     display_uuid();
 }
--- a/config/u-boot/default/patches/0007-Libreboot-branding-version-on-the-bootflow-menu.patch
+++ b/config/u-boot/default/patches/0007-Libreboot-branding-version-on-the-bootflow-menu.patch
@ -18,7 +18,7 @@ index 84831915a2..8e26ec2aef 100644
 	ret |= scene_obj_set_pos(scn, OBJ_MENU, MARGIN_LEFT, 100);
 	ret |= scene_txt_str(scn, "title", OBJ_MENU_TITLE, STR_MENU_TITLE,
 -			     "U-Boot - Boot Menu", NULL);
-+	    "Libreboot 20241206, 8th revision (U-Boot menu): https://libreboot.org/", NULL);
+	    "Libreboot 20241206, 11th revision (U-Boot menu): https://libreboot.org/", NULL);
 	ret |= scene_menu_set_title(scn, OBJ_MENU, OBJ_PROMPT);
 	logo = video_get_u_boot_logo();
--- a/config/u-boot/x86/patches/0005-Libreboot-branding-version-on-the-bootflow-menu.patch
+++ b/config/u-boot/x86/patches/0005-Libreboot-branding-version-on-the-bootflow-menu.patch
@ -18,7 +18,7 @@ index 84831915a2..8e26ec2aef 100644
 	ret |= scene_obj_set_pos(scn, OBJ_MENU, MARGIN_LEFT, 100);
 	ret |= scene_txt_str(scn, "title", OBJ_MENU_TITLE, STR_MENU_TITLE,
 -			     "U-Boot - Boot Menu", NULL);
-+	    "Libreboot 20241206, 8th revision (U-Boot menu): https://libreboot.org/", NULL);
+	    "Libreboot 20241206, 11th revision (U-Boot menu): https://libreboot.org/", NULL);
 	ret |= scene_menu_set_title(scn, OBJ_MENU, OBJ_PROMPT);
 	logo = video_get_u_boot_logo();
--- a/config/u-boot/x86_64/patches/0005-Libreboot-branding-version-on-the-bootflow-menu.patch
+++ b/config/u-boot/x86_64/patches/0005-Libreboot-branding-version-on-the-bootflow-menu.patch
@ -18,7 +18,7 @@ index 84831915a2..8e26ec2aef 100644
 	ret |= scene_obj_set_pos(scn, OBJ_MENU, MARGIN_LEFT, 100);
 	ret |= scene_txt_str(scn, "title", OBJ_MENU_TITLE, STR_MENU_TITLE,
 -			     "U-Boot - Boot Menu", NULL);
-+	    "Libreboot 20241206, 8th revision (U-Boot menu): https://libreboot.org/", NULL);
+	    "Libreboot 20241206, 11th revision (U-Boot menu): https://libreboot.org/", NULL);
 	ret |= scene_menu_set_title(scn, OBJ_MENU, OBJ_PROMPT);
 	logo = video_get_u_boot_logo();
Author	SHA1	Message	Date
Leah Rowe	bb9546ddb0	Libreboot `20241206` rev11 release fixes a few regressions in grub, since the 73 cve fixes were merged in rev10 most notably, large files sometimes failed to load in rev10, which caused some linux distros to fail booting if the initramfs file was quite large this release revision only adds GRUB fixes Signed-off-by: Leah Rowe <leah@libreboot.org>	2025-04-20 17:04:33 +01:00
Leah Rowe	3f8d71e174	Update the GRUB revisions A number of regressions were caused by the recent CVE fixes, many of which have since been fixed upstream. This includes several ext4 file system bugs, which caused some systems not to boot properly, when dealing with very large initramfs files. No additional patching has been made. This will be tested, and then used to provide a revision update for Libreboot `20241206`. After this, there are several additional OOT patches that will be merged, for the next testing release of Libreboot. Update to this revision, for all GRUB trees: a4da71dafeea519b034beb159dfe80c486c2107c This brings in the following changes from upstream: * a4da71daf util/grub-install: Include raid5rec module for RAID 4 as well * 223fcf808 loader/ia64/efi/linux: Reset grub_errno on failure to allocate * 6504a8d4b lib/datetime: Specify license in emu module * 8fef533cf configure: Add -mno-relax on riscv* * 1fe094855 docs: Document the long options of tpm2_key_protect_init * 6252eb97c INSTALL: Document the packages needed for TPM2 key protector tests * 9d4b382aa docs: Update NV index mode of TPM2 key protector * 2043b6899 tests/tpm2_key_protector_test: Add more NV index mode tests * 9f66a4719 tests/tpm2_key_protector_test: Reset "ret" on fail * b7d89e667 tests/tpm2_key_protector_test: Simplify the NV index mode test * 5934bf51c util/grub-protect: Support NV index mode * cd9cb944d tpm2_key_protector: Support NV index handles * fa69deac5 tpm2_key_protector: Unseal key from a buffer * 75c480885 tss2: Add TPM 2.0 NV index commands * 041164d00 tss2: Fix the missing authCommand * 46c9f3a8d tpm2_key_protector: Add tpm2_dump_pcr command * 617dab9e4 tpm2_key_protector: Dump PCRs on policy fail * 204a6ddfb loader/i386/linux: Update linux_kernel_params to match upstream * 6b64f297e loader/xnu: Fix memory leak * f94d257e8 fs/btrfs: Fix memory leaks * 81146fb62 loader/i386/linux: Fix resource leak * 1d0059447 lib/reloacator: Fix memory leaks * f3f1fcecd disk/ldm: Fix memory leaks * aae2ea619 fs/ntfs: Fix NULL pointer dereference and possible infinite loop * 3b25e494d net/drivers/ieee1275/ofnet: Add missing grub_malloc() * fee6081ec kern/ieee1275/init: Increase MIN_RMA size for CAS negotiation on PowerPC machines * b66c6f918 fs/zfs: Fix a number of memory leaks in ZFS code * 1d59f39b5 tests/util/grub-shell: Remove the work directory on successful run and debug is not on * e0116f3bd tests/grub_cmd_cryptomount: Remove temporary directories if successful and debug is not on * e6e2b73db tests/grub_cmd_cryptomount: Default TMPDIR to /tmp * 32b02bb92 tests/grub_cmd_cryptomount: Cleanup the cryptsetup script unless debug is enabled * c188ca5d5 tests: Cleanup generated files on expected failure in grub_cmd_cryptomount * 50320c093 tests/util/grub-shell-luks-tester: Add missing line to create RET variable in cleanup * bb6d3199b tests/util/grub-shell-luks-tester: Find cryptodisk by UUID * 3fd163e45 tests/util/grub-shell: Default qemuopts to envvar $GRUB_QEMU_OPTS * ff7f55307 disk/lvm: Add informational messages in error cases of ignored features * a16b4304a disk/lvm: Add support for cachevol LV * 9a37d6114 disk/lvm: Add support for integrity LV * 6c14b87d6 lvm: Match all LVM segments before validation * d34b9120e disk/lvm: Remove unused cache_pool * 90848a1f7 disk/lvm: Make cache_lv more generic as ignored_feature_lv * 488ac8bda commands/ls: Add directory header for dir args * 096bf59e4 commands/ls: Print full paths for file args * 90288fc48 commands/ls: Output path for single file arguments given with path * 6337d84af commands/ls: Show modification time for file paths * cbfb031b1 commands/ls: Merge print_files_long() and print_files() into print_file() * 112d2069c commands/ls: Return proper GRUB_ERR_* for functions returning type grub_err_t * da9740cd5 commands/acpi: Use options enum to index command options * 1acf11fe4 docs: Capture additional commands restricted by lockdown * 6a168afd3 docs: Document restricted filesystems in lockdown * be0ae9583 loader/i386/bsd: Fix type passed for the kernel * ee27f07a6 kern/partition: Unbreak support for nested partitions * cb639acea lib/tss2/tss2_structs.h: Fix clang build - remove duplicate typedef * 696e35b7f include/grub/mm.h: Remove duplicate inclusion of grub/err.h * 187338f1a script/execute: Don't let trailing blank lines determine the return code * ff173a1c0 gitignore: Ignore generated files from libtasn * fbcc38891 util/grub.d/30_os-prober.in: Conditionally show or hide chain and efi menu entries * 56ccc5ed5 util/grub.d/30_os-prober.in: Fix GRUB_OS_PROBER_SKIP_LIST for non-EFI * 01f064064 docs: Do not reference non-existent --dumb option * 3f440b5a5 docs: Replace @lbracechar{} and @rbracechar{} with @{ and @} * f20988738 fs/xfs: Fix grub_xfs_iterate_dir() return value in case of failure * 1ed2628b5 fs/xfs: Add new superblock features added in Linux 6.12/6.13 * 348cd416a fs/ext2: Rework out-of-bounds read for inline and external extents * c730eddd2 disk/ahci: Remove conditional operator for endtime * f0a08324d term/ns8250-spcr: Return if redirection is disabled * 7161e2437 commands/file: Fix NULL dereference in the knetbsd tests * 11b9c2dd0 gdb_helper: Typo hueristic * 224aefd05 kern/efi/mm: Reset grub_mm_add_region_fn after ExitBootServices() call * 531750f7b i386/tsc: The GRUB menu gets stuck due to unserialized rdtsc * f2a1f66e7 kern/i386/tsc_pmtimer: The GRUB menu gets stuck due to failed calibration * 13f005ed8 loader/i386/linux: Fix cleanup if kernel doesn't support 64-bit addressing Signed-off-by: Leah Rowe <leah@libreboot.org>	2025-04-20 16:57:57 +01:00
Leah Rowe	c7cb3b7008	grub/xhci: Remove unused patch I was importing a patch for the z790 boards, but Libreboot doesn't support this board yet, and the patch was a hack that may affect other boards. When I do later merge that board, and I find that the hack is needed, I'll simply make another grub tree within lbmk. Signed-off-by: Leah Rowe <leah@libreboot.org>	2025-04-20 16:57:40 +01:00
Leah Rowe	68ebde2f03	Libreboot 20241206rev10 Signed-off-by: Leah Rowe <leah@libreboot.org>	2025-02-19 22:05:59 +00:00
Leah Rowe	697afdea43	Bump GRUB revision to add 73 security patches NOTE: This cherry-pick also imports the following patches from lbmk master: * a4bc37f12 xhci: configure TT for non-root-hubs * 91130b6d8 xhci: workaround z790 non-root-hub speed detection * 0ce513f44 xhci: fix port indexing * 200404dc3 xHCI: also accept SBRN 0x31 and 0x32 * 8e79cfbb1 grub-core/bus/usb/usbhub: Add xHCI non root hub support These patches are present in the GRUB "xhci" tree, in lbmk. It has been decided that these should be included, as part of the Libreboot `20241206` rev10 release. NOTE: This also includes the following lbmk changes: * `66d084e7f7` grub.cfg: scan luks inside lvm * `5a3b0dab96` grub.cfg: Scan every LVM device You can find information about the security patches here: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html GRUB has been on a crusade as of late, to proactively audit and fix many security vulnerabilities. This lbmk change brings in a comprehensive series of patches that fix bugs ranging from possible buffer overflows, use-after frees, null derefs and so on. These changes are critical, so a revision release will be issued, for the Libreboot `20241206` release series. This change imports the following 73 patches which are present on the upstream GRUB repository (commit IDs matched to upstream): * 4dc616657 loader/i386/bsd: Use safe math to avoid underflow * 490a6ab71 loader/i386/linux: Cast left shift to grub_uint32_t * a8d6b0633 kern/misc: Add sanity check after grub_strtoul() call * 8e6e87e79 kern/partition: Add sanity check after grub_strtoul() call * 5b36a5210 normal/menu: Use safe math to avoid an integer overflow * 9907d9c27 bus/usb/ehci: Define GRUB_EHCI_TOGGLE as grub_uint32_t * f8795cde2 misc: Ensure consistent overflow error messages * 66733f7c7 osdep/unix/getroot: Fix potential underflow * d13b6e8eb script/execute: Fix potential underflow and NULL dereference * e3c578a56 fs/sfs: Check if allocated memory is NULL * 1c06ec900 net: Check if returned pointer for allocated memory is NULL * dee2c14fd net: Prevent overflows when allocating memory for arrays * 4beeff8a3 net: Use safe math macros to prevent overflows * dd6a4c8d1 fs/zfs: Add missing NULL check after grub_strdup() call * 13065f69d fs/zfs: Check if returned pointer for allocated memory is NULL * 7f38e32c7 fs/zfs: Prevent overflows when allocating memory for arrays * 88e491a0f fs/zfs: Use safe math macros to prevent overflows * cde9f7f33 fs: Prevent overflows when assigning returned values from read_number() * 84bc0a9a6 fs: Prevent overflows when allocating memory for arrays * 6608163b0 fs: Use safe math macros to prevent overflows * fbaddcca5 disk/ieee1275/ofdisk: Call grub_ieee1275_close() when grub_malloc() fails * 33bd6b5ac disk: Check if returned pointer for allocated memory is NULL * d8151f983 disk: Prevent overflows when allocating memory for arrays * c407724da disk: Use safe math macros to prevent overflows * c4bc55da2 fs: Disable many filesystems under lockdown * 26db66050 fs/bfs: Disable under lockdown * 5f31164ae commands/hexdump: Disable memory reading in lockdown mode * 340e4d058 commands/memrw: Disable memory reading in lockdown mode * 34824806a commands/minicmd: Block the dump command in lockdown mode * c68b7d236 commands/test: Stack overflow due to unlimited recursion depth * dad8f5029 commands/read: Fix an integer overflow when supplying more than 2^31 characters * b970a5ed9 gettext: Integer overflow leads to heap OOB write * 09bd6eb58 gettext: Integer overflow leads to heap OOB write or read * 7580addfc gettext: Remove variables hooks on module unload * 9c1619773 normal: Remove variables hooks on module unload * 2123c5bca commands/pgp: Unregister the "check_signatures" hooks on module unload * 0bf56bce4 commands/ls: Fix NULL dereference * 05be856a8 commands/extcmd: Missing check for failed allocation * 98ad84328 kern/dl: Check for the SHF_INFO_LINK flag in grub_dl_relocate_symbols() * d72208423 kern/dl: Use correct segment in grub_dl_set_mem_attrs() * 500e5fdd8 kern/dl: Fix for an integer overflow in grub_dl_ref() * 2c34af908 video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG * 0707accab net/tftp: Fix stack buffer overflow in tftp_open() * 5eef88152 net: Fix OOB write in grub_net_search_config_file() * aa8b4d7fa net: Remove variables hooks when interface is unregisted * a1dd8e59d net: Unregister net_default_ip and net_default_mac variables hooks on unload * d8a937cca script/execute: Limit the recursion depth * 8a7103fdd kern/partition: Limit recursion in part_iterate() * 18212f064 kern/disk: Limit recursion depth * 67f70f70a disk/loopback: Reference tracking for the loopback * 13febd78d disk/cryptodisk: Require authentication after TPM unlock for CLI access * 16f196874 kern/file: Implement filesystem reference counting * a79106872 kern/file: Ensure file->data is set * d1d6b7ea5 fs/xfs: Ensuring failing to mount sets a grub_errno * 6ccc77b59 fs/xfs: Fix out-of-bounds read * 067b6d225 fs/ntfs: Implement attribute verification * 048777bc2 fs/ntfs: Use a helper function to access attributes * 237a71184 fs/ntfs: Track the end of the MFT attribute buffer * aff263187 fs/ntfs: Fix out-of-bounds read * 7e2f750f0 fs/ext2: Fix out-of-bounds read for inline extents * edd995a26 fs/jfs: Inconsistent signed/unsigned types usage in return values * bd999310f fs/jfs: Use full 40 bits offset and address for a data extent * ab09fd053 fs/jfs: Fix OOB read caused by invalid dir slot index * 66175696f fs/jfs: Fix OOB read in jfs_getent() * 1443833a9 fs/iso9660: Fix invalid free * 965db5970 fs/iso9660: Set a grub_errno if mount fails * f7c070a2e fs/hfsplus: Set a grub_errno if mount fails * 563436258 fs/f2fs: Set a grub_errno if mount fails * 0087bc690 fs/tar: Integer overflow leads to heap OOB write * 2c8ac08c9 fs/tar: Initialize name in grub_cpio_find_file() * 417547c10 fs/hfs: Fix stack OOB write with grub_strcpy() * c1a291b01 fs/ufs: Fix a heap OOB write * ea703528a misc: Implement grub_strlcpy() Signed-off-by: Leah Rowe <leah@libreboot.org>	2025-02-19 22:04:04 +00:00
Riku Viitanen	9196ceb1f9	Update pico-serprog revision Most importantly this should fix issues with rp2350 boards not synchronizing properly. Signed-off-by: Riku Viitanen <riku.viitanen@protonmail.com>	2025-02-12 22:17:47 +00:00