vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

one patch, on grub-2.04

Browse source
This commit is contained in:
Vincent Batts 2020-10-29 15:48:21 -04:00
parent 2a2e10c1b3
commit 1b24dcf433
61 changed files with 4887 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

6
grub-core/loader/arm64/linux.c
View file

@ -34,6 +34,8 @@
#include <grub/lib/cmdline.h>
#include <grub/verify.h>
#include <grub/verity-hash.h>
GRUB_MOD_LICENSE ("GPLv3+");
static grub_dl_t my_mod;
@ -333,7 +335,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE);
cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE)
+ VERITY_CMDLINE_LENGTH;
linux_args = grub_malloc (cmdline_size);
if (!linux_args)
{
@ -350,6 +353,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
if (grub_errno == GRUB_ERR_NONE)
{
grub_pass_verity_hash (kernel_addr, linux_args, cmdline_size);
grub_loader_set (grub_linux_boot, grub_linux_unload, 0);
loaded = 1;
}

363
grub-core/loader/i386/efi/linux.c Normal file
View file

@ -0,0 +1,363 @@
/*
* GRUB -- GRand Unified Bootloader
* Copyright (C) 2012 Free Software Foundation, Inc.
*
* GRUB is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* GRUB is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with GRUB. If not, see <http://www.gnu.org/licenses/>.
*/
#include <grub/loader.h>
#include <grub/file.h>
#include <grub/err.h>
#include <grub/types.h>
#include <grub/mm.h>
#include <grub/cpu/linux.h>
#include <grub/command.h>
#include <grub/i18n.h>
#include <grub/lib/cmdline.h>
#include <grub/efi/efi.h>
#include <grub/tpm.h>
#include <grub/verity-hash.h>
GRUB_MOD_LICENSE ("GPLv3+");
static grub_dl_t my_mod;
static int loaded;
static void *kernel_mem;
static grub_uint64_t kernel_size;
static grub_uint8_t *initrd_mem;
static grub_uint32_t handover_offset;
struct linux_kernel_params *params;
static char *linux_cmdline;
#define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12)
#define SHIM_LOCK_GUID \
{ 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }
struct grub_efi_shim_lock
{
grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size);
};
typedef struct grub_efi_shim_lock grub_efi_shim_lock_t;
static grub_efi_boolean_t
grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
{
grub_efi_guid_t guid = SHIM_LOCK_GUID;
grub_efi_shim_lock_t *shim_lock;
shim_lock = grub_efi_locate_protocol(&guid, NULL);
if (!shim_lock) {
if (grub_efi_secure_boot())
return 0;
else
return 1;
}
if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS)
return 1;
return 0;
}
typedef void(*handover_func)(void *, grub_efi_system_table_t *, struct linux_kernel_params *);
static grub_err_t
grub_linuxefi_boot (void)
{
handover_func hf;
int offset = 0;
#ifdef __x86_64__
offset = 512;
#endif
hf = (handover_func)((char *)kernel_mem + handover_offset + offset);
asm volatile ("cli");
hf (grub_efi_image_handle, grub_efi_system_table, params);
/* Not reached */
return GRUB_ERR_NONE;
}
static grub_err_t
grub_linuxefi_unload (void)
{
grub_dl_unref (my_mod);
loaded = 0;
if (initrd_mem)
grub_efi_free_pages((grub_efi_physical_address_t)initrd_mem, BYTES_TO_PAGES(params->ramdisk_size));
if (linux_cmdline)
grub_efi_free_pages((grub_efi_physical_address_t)linux_cmdline, BYTES_TO_PAGES(params->cmdline_size + 1));
if (kernel_mem)
grub_efi_free_pages((grub_efi_physical_address_t)kernel_mem, BYTES_TO_PAGES(kernel_size));
if (params)
grub_efi_free_pages((grub_efi_physical_address_t)params, BYTES_TO_PAGES(16384));
return GRUB_ERR_NONE;
}
static grub_err_t
grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
int argc, char *argv[])
{
grub_file_t *files = 0;
int i, nfiles = 0;
grub_size_t size = 0;
grub_uint8_t *ptr;
if (argc == 0)
{
grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
goto fail;
}
if (!loaded)
{
grub_error (GRUB_ERR_BAD_ARGUMENT, N_("you need to load the kernel first"));
goto fail;
}
files = grub_zalloc (argc * sizeof (files[0]));
if (!files)
goto fail;
for (i = 0; i < argc; i++)
{
grub_file_filter_disable_compression ();
files[i] = grub_file_open (argv[i]);
if (! files[i])
goto fail;
nfiles++;
size += ALIGN_UP (grub_file_size (files[i]), 4);
}
initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size));
if (!initrd_mem)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate initrd"));
goto fail;
}
params->ramdisk_size = size;
params->ramdisk_image = (grub_uint32_t)(grub_uint64_t) initrd_mem;
ptr = initrd_mem;
for (i = 0; i < nfiles; i++)
{
grub_ssize_t cursize = grub_file_size (files[i]);
if (grub_file_read (files[i], ptr, cursize) != cursize)
{
if (!grub_errno)
grub_error (GRUB_ERR_FILE_READ_ERROR, N_("premature end of file %s"),
argv[i]);
goto fail;
}
// TODO figure out the GRUB_VERIFY_ equivalent for this one
//grub_tpm_measure (ptr, cursize, GRUB_BINARY_PCR, "Initrd");
//grub_print_error();
ptr += cursize;
grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4));
ptr += ALIGN_UP_OVERHEAD (cursize, 4);
}
params->ramdisk_size = size;
fail:
for (i = 0; i < nfiles; i++)
grub_file_close (files[i]);
grub_free (files);
if (initrd_mem && grub_errno)
grub_efi_free_pages((grub_efi_physical_address_t)initrd_mem, BYTES_TO_PAGES(size));
return grub_errno;
}
static grub_err_t
grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
int argc, char *argv[])
{
grub_file_t file = 0;
struct linux_kernel_header lh;
grub_ssize_t len, start, filelen;
void *kernel = NULL;
grub_dl_ref (my_mod);
if (argc == 0)
{
grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
goto fail;
}
file = grub_file_open (argv[0]);
if (! file)
goto fail;
filelen = grub_file_size (file);
kernel = grub_malloc(filelen);
if (!kernel)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer"));
goto fail;
}
if (grub_file_read (file, kernel, filelen) != filelen)
{
grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), argv[0]);
goto fail;
}
// TODO figure out the GRUB_VERIFY_ equivalent for this one
//grub_tpm_measure (kernel, filelen, GRUB_BINARY_PCR, "Kernel");
//grub_print_error();
if (! grub_linuxefi_secure_validate (kernel, filelen))
{
grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);
grub_free (kernel);
goto fail;
}
params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384));
if (! params)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters");
goto fail;
}
grub_memset (params, 0, 16384);
grub_memcpy (&lh, kernel, sizeof (lh));
if (lh.boot_flag != grub_cpu_to_le16 (0xaa55))
{
grub_error (GRUB_ERR_BAD_OS, N_("invalid magic number"));
goto fail;
}
if (lh.setup_sects > GRUB_LINUX_MAX_SETUP_SECTS)
{
grub_error (GRUB_ERR_BAD_OS, N_("too many setup sectors"));
goto fail;
}
if (lh.version < grub_cpu_to_le16 (0x020b))
{
grub_error (GRUB_ERR_BAD_OS, N_("kernel too old"));
goto fail;
}
if (!lh.handover_offset)
{
grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support EFI handover"));
goto fail;
}
linux_cmdline = grub_efi_allocate_pages_max(0x3fffffff,
BYTES_TO_PAGES(lh.cmdline_size + 1));
if (!linux_cmdline)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline"));
goto fail;
}
grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE));
grub_create_loader_cmdline (argc, argv,
linux_cmdline + sizeof (LINUX_IMAGE) - 1,
lh.cmdline_size - (sizeof (LINUX_IMAGE) - 1));
grub_pass_verity_hash(&lh, linux_cmdline, lh.cmdline_size);
lh.cmd_line_ptr = (grub_uint32_t)(grub_uint64_t)linux_cmdline;
handover_offset = lh.handover_offset;
start = (lh.setup_sects + 1) * 512;
len = grub_file_size(file) - start;
kernel_mem = grub_efi_allocate_pages(lh.pref_address,
BYTES_TO_PAGES(lh.init_size));
if (!kernel_mem)
kernel_mem = grub_efi_allocate_pages_max(0x3fffffff,
BYTES_TO_PAGES(lh.init_size));
if (!kernel_mem)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel"));
goto fail;
}
grub_memcpy (kernel_mem, (char *)kernel + start, len);
grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0);
loaded=1;
lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem;
grub_memcpy (params, &lh, 2 * 512);
params->type_of_loader = 0x21;
fail:
if (file)
grub_file_close (file);
grub_free (kernel);
if (grub_errno != GRUB_ERR_NONE)
{
grub_dl_unref (my_mod);
loaded = 0;
}
if (linux_cmdline && !loaded)
grub_efi_free_pages((grub_efi_physical_address_t)linux_cmdline, BYTES_TO_PAGES(lh.cmdline_size + 1));
if (kernel_mem && !loaded)
grub_efi_free_pages((grub_efi_physical_address_t)kernel_mem, BYTES_TO_PAGES(kernel_size));
if (params && !loaded)
grub_efi_free_pages((grub_efi_physical_address_t)params, BYTES_TO_PAGES(16384));
return grub_errno;
}
static grub_command_t cmd_linux, cmd_initrd;
GRUB_MOD_INIT(linuxefi)
{
cmd_linux =
grub_register_command ("linuxefi", grub_cmd_linux,
0, N_("Load Linux."));
cmd_initrd =
grub_register_command ("initrdefi", grub_cmd_initrd,
0, N_("Load initrd."));
my_mod = mod;
}
GRUB_MOD_FINI(linuxefi)
{
grub_unregister_command (cmd_linux);
grub_unregister_command (cmd_initrd);
}

35
grub-core/loader/i386/linux.c
View file

@ -36,6 +36,9 @@
#include <grub/lib/cmdline.h>
#include <grub/linux.h>
#include <grub/machine/kernel.h>
#include <grub/tpm.h>
#include <grub/verity-hash.h>
GRUB_MOD_LICENSE ("GPLv3+");
@ -642,12 +645,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_file_t file = 0;
struct linux_i386_kernel_header lh;
grub_uint8_t setup_sects;
grub_size_t real_size, prot_size, prot_file_size;
grub_size_t real_size, prot_size, prot_file_size, kernel_offset;
grub_ssize_t len;
int i;
grub_size_t align, min_align;
int relocatable;
grub_uint64_t preferred_address = GRUB_LINUX_BZIMAGE_ADDR;
grub_uint8_t *kernel = NULL;
grub_dl_ref (my_mod);
@ -661,7 +665,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
if (! file)
goto fail;
if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh))
len = grub_file_size (file);
kernel = grub_malloc (len);
if (!kernel)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer"));
goto fail;
}
if (grub_file_read (file, kernel, len) != len)
{
if (!grub_errno)
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
@ -669,6 +681,14 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
// TODO figure out the GRUB_VERIFY_ equivalent for this one
//grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "Kernel");
//grub_print_error();
grub_memcpy (&lh, kernel, sizeof (lh));
kernel_offset = sizeof (lh);
if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55))
{
grub_error (GRUB_ERR_BAD_OS, "invalid magic number");
@ -789,6 +809,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
argv[0]);
goto fail;
}
kernel_offset += len;
linux_params.type_of_loader = GRUB_LINUX_BOOT_LOADER_TYPE;
@ -847,7 +868,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
/* The other parameters are filled when booting. */
grub_file_seek (file, real_size + GRUB_DISK_SECTOR_SIZE);
kernel_offset = real_size + GRUB_DISK_SECTOR_SIZE;
grub_dprintf ("linux", "bzImage, setup=0x%x, size=0x%x\n",
(unsigned) real_size, (unsigned) prot_size);
@ -1000,10 +1021,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
grub_pass_verity_hash(&lh, linux_cmdline, maximal_cmdline_size);
len = prot_file_size;
if (grub_file_read (file, prot_mode_mem, len) != len && !grub_errno)
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
argv[0]);
grub_memcpy (prot_mode_mem, kernel + kernel_offset, len);
kernel_offset += len;
if (grub_errno == GRUB_ERR_NONE)
{
@ -1014,6 +1035,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
fail:
grub_free (kernel);
if (file)
grub_file_close (file);

5
grub-core/loader/i386/multiboot_mbi.c
View file

@ -36,6 +36,7 @@
#include <grub/net.h>
#include <grub/i18n.h>
#include <grub/lib/cmdline.h>
#include <grub/tpm.h>
#ifdef GRUB_MACHINE_EFI
#include <grub/efi/efi.h>
@ -173,6 +174,10 @@ grub_multiboot_load (grub_file_t file, const char *filename)
return grub_errno;
}
// TODO figure out the GRUB_VERIFY_ equivalent for this one
//grub_tpm_measure((unsigned char*)buffer, len, GRUB_BINARY_PCR, filename);
//grub_print_error();
header = find_header (buffer, len);
if (header == 0)

33
grub-core/loader/i386/pc/linux.c
View file

@ -35,6 +35,7 @@
#include <grub/i386/floppy.h>
#include <grub/lib/cmdline.h>
#include <grub/linux.h>
#include <grub/tpm.h>
GRUB_MOD_LICENSE ("GPLv3+");
@ -123,13 +124,14 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_file_t file = 0;
struct linux_i386_kernel_header lh;
grub_uint8_t setup_sects;
grub_size_t real_size;
grub_size_t real_size, kernel_offset = 0;
grub_ssize_t len;
int i;
char *grub_linux_prot_chunk;
int grub_linux_is_bzimage;
grub_addr_t grub_linux_prot_target;
grub_err_t err;
grub_uint8_t *kernel = NULL;
grub_dl_ref (my_mod);
@ -143,7 +145,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
if (! file)
goto fail;
if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh))
len = grub_file_size (file);
kernel = grub_malloc (len);
if (!kernel)
{
grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer"));
goto fail;
}
if (grub_file_read (file, kernel, len) != len)
{
if (!grub_errno)
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
@ -151,6 +161,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
// TODO figure out the GRUB_VERIFY_ equivalent for this one
//grub_tpm_measure (kernel, len, GRUB_BINARY_PCR, "Kernel");
//grub_print_error();
grub_memcpy (&lh, kernel, sizeof (lh));
kernel_offset = sizeof (lh);
if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55))
{
grub_error (GRUB_ERR_BAD_OS, "invalid magic number");
@ -314,13 +331,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_memmove (grub_linux_real_chunk, &lh, sizeof (lh));
len = real_size + GRUB_DISK_SECTOR_SIZE - sizeof (lh);
if (grub_file_read (file, grub_linux_real_chunk + sizeof (lh), len) != len)
{
if (!grub_errno)
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
argv[0]);
goto fail;
}
grub_memcpy (grub_linux_real_chunk + sizeof (lh), kernel + kernel_offset,
len);
kernel_offset += len;
if (lh.header != grub_cpu_to_le32_compile_time (GRUB_LINUX_I386_MAGIC_SIGNATURE)
|| grub_le_to_cpu16 (lh.version) < 0x0200)
@ -370,6 +383,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
fail:
grub_free (kernel);
if (file)
grub_file_close (file);

4
grub-core/loader/i386/xen.c
View file

@ -656,7 +656,9 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)),
if (!file)
return grub_errno;
elf = grub_xen_file (file);
elf = grub_xen_file_and_cmdline (file,
(char *) xen_state.next_start.cmd_line,
sizeof (xen_state.next_start.cmd_line) - 1);
if (!elf)
goto fail;

12
grub-core/loader/i386/xen_file.c
View file

@ -19,11 +19,20 @@
#include <grub/xen_file.h>
#include <grub/i386/linux.h>
#include <grub/misc.h>
#include <grub/verity-hash.h>
#define XZ_MAGIC "\3757zXZ\0"
grub_elf_t
grub_xen_file (grub_file_t file)
{
return grub_xen_file_and_cmdline (file, NULL, 0);
}
grub_elf_t
grub_xen_file_and_cmdline (grub_file_t file,
char *cmdline,
grub_size_t cmdline_max_len)
{
grub_elf_t elf;
struct linux_i386_kernel_header lh;
@ -64,6 +73,9 @@ grub_xen_file (grub_file_t file)
(unsigned long long) payload_offset,
(unsigned long long) lh.payload_length);
if (cmdline)
grub_pass_verity_hash (&lh, cmdline, cmdline_max_len);
grub_file_seek (file, payload_offset);
if (grub_file_read (file, &magic, sizeof (magic)) != sizeof (magic))

5
grub-core/loader/linux.c
View file

@ -4,6 +4,7 @@
#include <grub/misc.h>
#include <grub/file.h>
#include <grub/mm.h>
#include <grub/tpm.h>
struct newc_head
{
@ -288,6 +289,10 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx,
grub_initrd_close (initrd_ctx);
return grub_errno;
}
// TODO figure out the GRUB_VERIFY_ equivalent for this one
//grub_tpm_measure (ptr, cursize, GRUB_BINARY_PCR, "Initrd");
//grub_print_error();
ptr += cursize;
}
if (newc)

4
grub-core/loader/multiboot.c
View file

@ -50,6 +50,7 @@
#include <grub/video.h>
#include <grub/memory.h>
#include <grub/i18n.h>
#include <grub/tpm.h>
GRUB_MOD_LICENSE ("GPLv3+");
@ -437,6 +438,9 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)),
}
grub_file_close (file);
// TODO figure out the GRUB_VERIFY_ equivalent for this one
//grub_tpm_measure (module, size, GRUB_BINARY_PCR, argv[0]);
//grub_print_error();
return GRUB_ERR_NONE;
}

5
grub-core/loader/multiboot_mbi2.c
View file

@ -36,6 +36,7 @@
#include <grub/i18n.h>
#include <grub/net.h>
#include <grub/lib/cmdline.h>
#include <grub/tpm.h>
#if defined (GRUB_MACHINE_EFI)
#include <grub/efi/efi.h>
@ -131,6 +132,10 @@ grub_multiboot2_load (grub_file_t file, const char *filename)
COMPILE_TIME_ASSERT (MULTIBOOT_HEADER_ALIGN % 4 == 0);
// TODO figure out the GRUB_VERIFY_ equivalent for this one
//grub_tpm_measure ((unsigned char *)mld.buffer, len, GRUB_BINARY_PCR, filename);
//grub_print_error();
header = find_header (mld.buffer, len);
if (header == 0)