Add support for adding gpg keys to the trusted database with a new command
called "trust_var". This takes the contents of a variable (in ascii-encoded
hex) and interprets it as a gpg public key.
The getenv code was mishandling the conversion of binary to hex. Grub's
sprintf() doesn't seem to support the full set of format conversions, so
fix this in the nasty way.
Timer event to keep grub msec counter was running at 1000HZ. This was too
fast for UEFI timer driver and resulted in a 10x slowdown in grub time
versus wallclock. Reduce the timer event frequency and increase tick
increment accordingly to keep better time.
coreboot has ACPI while 2 others don't. *BSD need ACPI and have trouble
without it. Don't even attempt to boot *BSD on multiboot or qemu targets.
On coreboot boot all *BSD except 32-bit NetBSD which apparently does some
early BIOS calls.
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel int it
before pulling out the individual blocks later on.
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel into it
before pulling out the individual blocks later on.
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI and BIOS systems, but
will measure all modules as they're loaded.
The Secure Boot code currently reads the kernel from disk, validates the
signature and then reads it from disk again. A sufficiently exciting storage
device could modify the kernel between these two events and trigger the
execution of an untrusted kernel. Avoid re-reading it in order to ensure
this isn't a problem, and in the process speed up boot by not reading the
kernel twice.
efiemu is supposed to be disabled when compiling through exe format.
Unfortunately format was determined only after efiemu check. Reorder to fix the
problem
On emu some checks can be laxer like check for relocation range. Additionally
module loading in emu is rarely used. So skip this check rather than making
it laxer for all platforms. In ideal we may want to have slightly different
check for emu but for now this is good enough.
This argument disables generation of calls to __chkstk_ms. Those calls are
useless on GRUB as function is dummy. Yet they increase module size and
use limited-range relocations which may not work under some memory layouts.
We currently don't use such layouts on concerned platforms but lt's correct
this.
This section is generated by clang and is useful only for debugging.
It contains exotic relocations, so strip them to avoid them interferring
with module loading.
Currently only Windows gets distinguished icons, everything else is displayed
using the same generic one. Add additional --class based on os-prober returned
label, which usually is expected to match primary distribution name.
Also use it for Windows as well - chainloader prober may actually return
different strings (Windows, MS-DOS, Windows9xME).
