We now have signature check logic in grub which allows us to treat
files differently depending on their file type.
Treat a loaded device tree like an overlayed ACPI table.
Both describe hardware, so I suppose their threat level is the same.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
ARM Xen fallout cleanup after commit ca0a4f689 (verifiers: File type for
fine-grained signature-verification controlling).
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
The API change of grub_file_open() for adding verifiers did not include
a type for device tree blobs. Add GRUB_FILE_TYPE_DEVICE_TREE_IMAGE to
the grub_file_type enum.
Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Verifiers framework provides core file verification functionality which
can be used by various security mechanisms, e.g., UEFI secure boot, TPM,
PGP signature verification, etc.
The patch contains PGP code changes and probably they should be extracted
to separate patch for the sake of clarity.
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
Let's provide file type info to the I/O layer. This way verifiers
framework and its users will be able to differentiate files and verify
only required ones.
This is preparatory patch.
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
(grub_file_seekable): New inline function.
* grub-core/io/gzio.c (test_header): Don't test end magic if file isn't
easily seekable.
(grub_gzio_open): Set not_easly_seekable.
* grub-core/fs/i386/pc/pxe.c (grub_pxefs_open): Set not_easily_seekable.
* grub-core/io/bufio.c (grub_bufio_open): Propagate not_easily_seekable.
Clean up the code to support 64-bit addressing in disks and
files. This change is not enough for filesystems yet.
* util/i386/pc/grub-setup.c (struct boot_blocklist): Change the
type of "start" to grub_uint64_t.
(setup): Change the types of KERNEL_SECTOR and FIRST_SECTOR to
grub_disk_addr_t * and grub_disk_addr_t. Fix the format string in
save_first_sector and save_blocklists. Use grub_le_to_cpu64 to
convert addresses.
* util/i386/pc/biosdisk.c (open_device): Change the type of SECTOR
to grub_disk_addr_t.
* partmap/gpt.c (gpt_partition_map_iterate): Fix the format
string.
* partmap/pc.c (pc_partition_map_iterate): Likewise.
* partmap/amiga.c (amiga_partition_map_iterate): Cast RDSK.MAGIC
to char *.
* normal/script.c (grub_script_parse): Remove unused MEMFREE.
* normal/parser.y (YYLTYPE_IS_TRIVIAL): New macro.
* normal/lexer.c (grub_script_yyerror): Specify unused to LEX.
* loader/i386/pc/multiboot.c (grub_multiboot_load_elf64): Cast -1
to grub_off_t, to detect an error from grub_file_seek.
(grub_multiboot_load_elf32): Likewise.
* kern/misc.c (grub_strtoul): Use grub_strtoull. Return the
maximum unsigned long value when an overflow is detected.
(grub_strtoull): New function.
(grub_divmod64): Likewise.
(grub_lltoa): use grub_divmod64.
* kern/fs.c (struct grub_fs_block): Change the type of "offset" to
grub_disk_addr_t.
(grub_fs_blocklist_open): Increase P if P is not NULL to advance
the pointer to next character. Use grub_strtoull instead of
grub_strtoul.
(grub_fs_blocklist_read): Change the types of SECTOR, OFFSET and
SIZE to grub_disk_addr_t, grub_off_t and grub_size_t,
respectively.
* kern/file.c (grub_file_read): Prevent an oveflow of LEN, as the
return value is signed.
(grub_file_seek): Change the type of OLD to grub_off_t. Do not
test if OFFSET is less than zero, as OFFSET is unsigned now.
* kern/disk.c (struct grub_disk_cache): Change the type of
"sector" to grub_disk_addr_t.
(grub_disk_cache_get_index): Change the type of SECTOR to
grub_disk_addr_t. Calculate the hash with SECTOR casted to
unsigned after shifting.
(grub_disk_cache_invalidate): Change the type of SECTOR to
grub_disk_addr_t.
(grub_disk_cache_unlock): Likewise.
(grub_disk_cache_store): Likewise.
(grub_disk_check_range): Change the types of SECTOR, OFFSET, SIZE,
START and LEN to grub_disk_addr_t *, grub_off_t *, grub_size_t,
grub_disk_addr_t and grub_uint64_t, respectively.
(grub_disk_read): Use an unsigned variable REAL_OFFSET for the
body, as the value of OFFSET is tweaked by
grub_disk_check_range. Change the types of START_SECTOR, LEN and
POS to grub_disk_addr_t, grub_size_t and grub_size_t,
respectively.
(grub_disk_write): Use an unsigned variable REAL_OFFSET for the
body, as the value of OFFSET is tweaked by
grub_disk_check_range. Change the types of LEN and N to
grub_size_t.
* io/gzio.c (struct grub_gzio): Change the types of "data_offset"
and "saved_offset" to grub_off_t.
(test_header): Cast BUF to char *.
(get_byte): Cast GZIO->DATA_OFFSET to grub_off_t. Cast GZIO->INBUF
to char *.
(grub_gzio_read): Change the types of OFFSET and SIZE to
grub_off_t and grub_size_t, respectively.
* include/grub/i386/pc/boot.h (GRUB_BOOT_MACHINE_FORCE_LBA):
Removed.
(GRUB_BOOT_MACHINE_BOOT_DRIVE): Changed to 0x4c.
(GRUB_BOOT_MACHINE_KERNEL_ADDRESS): Changed to 0x40.
(GRUB_BOOT_MACHINE_KERNEL_SEGMENT): Changed to 0x42.
(GRUB_BOOT_MACHINE_DRIVE_CHECK): Changed to 0x4e.
(GRUB_BOOT_MACHINE_LIST_SIZE): Increased to 12.
* include/grub/types.h (grub_off_t): Unconditionally set to
grub_uint64_t.
(grub_disk_addr_t): Changed to grub_uint64_t.
* include/grub/partition.h (struct grub_partition): Change the
types of "start", "len" and "offset" to grub_disk_addr_t,
grub_uint64_t and grub_disk_addr_t, respectively.
(grub_partition_get_start): Return grub_disk_addr_t.
(grub_partition_get_len): Return grub_uint64_t.
* include/grub/misc.h (grub_strtoull): New prototype.
(grub_divmod64): Likewise.
* include/grub/fshelp.h (grub_fshelp_read_file): Change the types
of SECTOR, LEN and FILESIZE to grub_disk_addr_t, grub_size_t and
grub_off_t, respectively.
All callers and references changed.
* include/grub/fs.h (struct grub_fs): Change the type of LEN to
grub_size_t in "read".
All callers and references changed.
* include/grub/file.h (struct grub_file): Change the types of
"offset" and "size" to grub_off_t and grub_off_t,
respectively. Change the type of SECTOR to grub_disk_addr_t in
"read_hook".
(grub_file_read): Change the type of LEN to grub_size_t.
(grub_file_seek): Return grub_off_t. Change the type of OFFSET to
grub_off_t.
(grub_file_size): Return grub_off_t.
(grub_file_tell): Likewise.
All callers and references changed.
* include/grub/disk.h (struct grub_disk_dev): Change the types of
SECTOR and SIZE to grub_disk_addr_t and grub_size_t in "read" and
"write".
(struct grub_disk): Change the type of "total_sectors" to
grub_uint64_t. Change the type of SECTOR to grub_disk_addr_t in
"read_hook".
(grub_disk_read): Change the types of SECTOR, OFFSET and SIZE to
grub_disk_addr_t, grub_off_t and grub_size_t, respectively.
(grub_disk_write): Likewise.
All callers and references changed.
* fs/iso9660.c (grub_iso9660_susp_iterate): Cast parameters to
char * for grub_strncmp to silence gcc.
(grub_iso9660_mount): Likewise.
(grub_iso9660_mount): Likewise.
(grub_iso9660_read_symlink): Likewise. Also, remove the nonsense
return statement.
(grub_iso9660_iterate_dir): Likewise.
(grub_iso9660_label): Cast DATA->VOLDESC.VOLNAME to char *.
* fs/hfs.c (grub_hfs_read_file): Change the types of SECTOR and
LEN to grub_disk_addr_t and grub_size_t, respectively.
* fs/hfsplus.c (grub_hfsplus_read_file): Likewise.
* fs/jfs.c (grub_jfs_read_file): Likewise.
* fs/minix.c (grub_jfs_read_file): Likewise.
* fs/sfs.c (grub_jfs_read_file): Likewise.
* fs/ufs.c (grub_jfs_read_file): Likewise.
* fs/xfs.c (grub_jfs_read_file): Likewise.
* fs/fat.c (grub_fat_read_data): Change the types of SECTOR, LEN
and SIZE to grub_disk_addr_t, grub_size_t and grub_size_t,
respectively.
* fs/ext2.c (grub_ext2_read_block): When an error happens, set
BLKNR to -1 instead of returning GRUB_ERRNO.
(grub_ext2_read_file): Change the types of SECTOR and
LEN to grub_disk_addr_t and grub_size_t, respectively.
* fs/affs.c (grub_affs_read_file): Change the types of SECTOR and
LEN to grub_disk_addr_t and grub_size_t, respectively.
* font/manager.c (grub_font_get_glyph): Cast BITMAP to char * for
grub_file_read.
* disk/ieee1275/ofdisk.c (grub_ofdisk_read): Fix the format
string. Do not cast SECTOR explicitly.
* disk/i386/pc/biosdisk.c (grub_biosdisk_open): Change the type of
TOTAL_SECTORS to grub_uint64_t. Do not mask DRP->TOTAL_SECTORS.
(grub_biosdisk_rw): Change the types of SECTOR and SIZE to
grub_disk_addr_t and grub_size_t, respectively. If the sector is
over 2TB and LBA mode is not supported, raise an error.
(get_safe_sectors): New function.
(grub_biosdisk_read): Use get_safe_sectors.
(grub_biosdisk_write): Likewise.
* disk/efi/efidisk.c (grub_efidisk_read): Fix the format string.
(grub_efidisk_write): Likewise.
* disk/loopback.c (delete_loopback): Cosmetic changes.
(grub_cmd_loopback): Likewise. Also, test NEWDEV->FILENAME
correctly.
(grub_loopback_open): Likewise.
(grub_loopback_read): Likewise. Also, change the type of POS to
grub_off_t, and fix the usage of grub_memset.
* commands/i386/pc/play.c: Include grub/machine/time.h.
* commands/ls.c (grub_ls_list_files): Use "llu" instead of "d" to
print FILE->SIZE.
* commands/configfile.c: Include grub/env.h.
* commands/cmp.c (grub_cmd_cmp): Do not use ERR, but use
GRUB_ERRNO directly instead. Change the type of POS to
grub_off_t. Follow the coding standard.
* commands/blocklist.c: Include grub/partition.h.
(grub_cmd_blocklist): Return an error if the underlying device is
not a disk. Take the starting sector of a partition into account,
if a partition is used.
* boot/i386/pc/diskboot.S (bootloop): Adapted to the new offset of
a length field.
(lba_mode): Support 64-bit addresses.
(chs_mode): Likewise.
(copy_buffer): Adapted to the new offsets of a length field and a
segment field.
(blocklist_default_start): Allocate 64-bit space.
* boot/i386/pc/boot.S (force_lba): Removed.
(boot_drive): Moved to under KERNEL_SECTOR.
(kernel_sector): Moved to under KENREL_SEGMENT. Allocate 64-bit
space.
(real_start): Set %si earlier. Remove code for FORCE_LBA, since it
is useless.
(lba_mode): Refactored to support a 64-bit address. More size
optimization.
(setup_sectors): Likewise.
All symbols prefixed with PUPA_ and pupa_ are renamed to GRUB_
and grub_, respectively. Because the conversion is trivial and
mechanical, I omit the details here. Please refer to the CVS
if you need more information.
Alexander Graf