There are a few spots in the PE generation code for EFI binaries that uses
the section alignment rather than file alignment, even though the alignment
is really only file bound.
Replace those cases with the file alignment constant instead.
Reported-by: Daniel Kiper <dkiper@net-space.pl>
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Julien ROBIN <julien.robin28@free.fr>
The efi-arm case was defining its own header size calculation, even though it's
100% identical to the common EFI32_HEADER_SIZE definition.
So let's clean it up to use the common define.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Julien ROBIN <julien.robin28@free.fr>
Add support for multiple, shared, early initrd images. These early
images will be loaded in the order declared, and all will be loaded
before the initrd image.
While many classes of data can be provided by early images, the
immediate use case would be for distributions to provide CPU
microcode to mitigate the Meltdown and Spectre vulnerabilities.
Xen has also support to load microcode updates provided as additional
modules by the bootloader.
There are two environment variables provided for declaring the early
images.
* GRUB_EARLY_INITRD_LINUX_STOCK is for the distribution declare
images that are provided by the distribution or installed packages.
If undeclared, this will default to a set of common microcode image
names.
* GRUB_EARLY_INITRD_LINUX_CUSTOM is for user created images. User
images will be loaded after the stock images.
These separate configurations allow the distribution and user to
declare different image sets without clobbering each other.
This also makes a minor update to ensure that UUID partition labels
stay disabled when no initrd image is found, even if early images are
present.
This is basically a copy of a698240d "grub-mkconfig/10_linux: Support
multiple early initrd images" by Matthew S. Turnbull.
Signed-off-by: Peter Große <pegro@friiks.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Add xen_pvh support to grub-install.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Support mkimage for xen_pvh.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
In order to avoid using plain integers for the ELF notes use the
available Xen include instead.
Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
This solves the build failing with "Error: no symbol table and no
.moddeps section"
Also see:
- 6371e9c104
- https://savannah.gnu.org/bugs/?49012
Signed-off-by: Hans van Kranenburg <hans@knorrie.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Tested-by: Hans van Kranenburg <hans@knorrie.org>
Device tree (DTB) lengths are being padded to a multiple of 4 bytes
rather than the target-specific pointer size. This causes objects
following OBJ_TYPE_DTB objects to be incorrectly parsed during GRUB
execution on arm64.
Fix by using ALIGN_ADDR(), not ALIGN_UP().
Signed-by-off: Matthew Daley <mattd@bugfuzz.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
If / is on the root dataset in a ZFS pool, then ${bootfs} will be set to
"/" (whereas if it is on a non-root dataset, there will be no trailing
slash). Passing "root=ZFS=${rpool}/" will fail to boot, but
"root=ZFS=${rpool}" works fine, so strip the trailing slash.
Fixes: https://savannah.gnu.org/bugs/?52746
Signed-off-by: Colin Watson <cjwatson@ubuntu.com>
Tested-by: Fejes József <jozsef.fejes@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Let's provide file type info to the I/O layer. This way verifiers
framework and its users will be able to differentiate files and verify
only required ones.
This is preparatory patch.
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
The "for the next boot only" property of grub-reboot is dependent upon
GRUB being able to clear the next_entry variable in the environment
block. However, GRUB cannot write to devices using the diskfilter
and lvm abstractions.
Ref: https://lists.gnu.org/archive/html/grub-devel/2009-12/msg00276.html
Ref: https://bugs.launchpad.net/bugs/788298
Signed-off-by: dann frazier <dann.frazier@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Make it so that when grub-module-verifier complains of an issue, it tells you
which module the issue was with.
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Variable "root" is initialized after root device probing and is null in
current place, so, drop it.
Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Commit 51be337 (templates: Update grub script template files)
lacked one "]", so, add it.
Reported-by: Philip <philm@manjaro.org>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Update grub-mkconfig.in and 10_linux.in to support grub-probe's new
partuuid target. Update grub.texi documentation. The following table
shows how GRUB_DISABLE_LINUX_UUID, GRUB_DISABLE_LINUX_PARTUUID, and
initramfs detection interact:
Initramfs GRUB_DISABLE_LINUX_PARTUUID GRUB_DISABLE_LINUX_UUID Linux Root
detected Set Set ID Method
false false false part UUID
false false true part UUID
false true false dev name
false true true dev name
true false false fs UUID
true false true part UUID
true true false fs UUID
true true true dev name
Note: GRUB_DISABLE_LINUX_PARTUUID and GRUB_DISABLE_LINUX_UUID equate to
'false' when unset or set to any value other than 'true'.
GRUB_DISABLE_LINUX_PARTUUID defaults to 'true'.
Signed-off-by: Nicholas Vinson <nvinson234@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Add PARTUUID detection support grub-probe for MBR and GPT partition schemes.
Signed-off-by: Nicholas Vinson <nvinson234@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Rename grub_gpt_part_type to grub_gpt_part_guid and update grub_gpt_partentry
to use this type for both the partition type GUID string and the partition GUID
string entries. This change ensures that the two GUID fields are handled more
consistently and helps to simplify the changes needed to add Linux partition
GUID support.
Signed-off-by: Nicholas Vinson <nvinson234@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Define print_gpt_guid(), so there is a central function for printing
GUID strings. This change is a precursor for later patches which rely
on this logic.
Signed-off-by: Nicholas Vinson <nvinson234@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
With --disable-nls no locales exist.
Avoid runtime error by moving code that copies locales into its own
function. Return early in case nls was disabled. That way the compiler
will throw away unreachable code, no need to put preprocessor
conditionals everywhere to avoid warnings about unused code.
Fix memleak by freeing srcf and dstf.
Convert tabs to spaces in moved code.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Add support for multiple, shared, early initrd images. These early
images will be loaded in the order declared, and all will be loaded
before the initrd image.
While many classes of data can be provided by early images, the
immediate use case would be for distributions to provide CPU
microcode to mitigate the Meltdown and Spectre vulnerabilities.
There are two environment variables provided for declaring the early
images.
* GRUB_EARLY_INITRD_LINUX_STOCK is for the distribution declare
images that are provided by the distribution or installed packages.
If undeclared, this will default to a set of common microcode image
names.
* GRUB_EARLY_INITRD_LINUX_CUSTOM is for user created images. User
images will be loaded after the stock images.
These separate configurations allow the distribution and user to
declare different image sets without clobbering each other.
This also makes a minor update to ensure that UUID partition labels
stay disabled when no initrd image is found, even if early images are
present.
This is a continuation of a previous patch published by Christian
Hesse in 2016:
http://lists.gnu.org/archive/html/grub-devel/2016-02/msg00025.html
Down stream Gentoo bug:
https://bugs.gentoo.org/645088
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Signed-off-by: Matthew S. Turnbull <sparky@bluefang-logic.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The grub_mkimage_load_image function (commit 7542af6, mkimage: refactor a bunch
of section data into a struct.) introduces a build regression on SPARC:
cc1: warnings being treated as errors
In file included from util/grub-mkimage32.c:23:
util/grub-mkimagexx.c: In function 'grub_mkimage_load_image32':
util/grub-mkimagexx.c:1968: error: missing initializer
util/grub-mkimagexx.c:1968: error: (near initialization for 'smd.sections')
make[2]: *** [util/grub_mkimage-grub-mkimage32.o] Error 1
Initialize the entire section_metadata structure.
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This can cause an issue where GRUB is trying to display both a text and
graphical menu on the display at the same time, resulting in a flickering
effect when e.g. scrolling quickly through a menu (LP: #1752767).
Revert for now while we look for a better solution for the original issue.
This reverts commit 52ef7b23f5.
Signed-off-by: dann frazier <dann.frazier@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Some versions of gcc include a plugin called "annobin", and in some
build systems this is enabled by default. This plugin creates special
ELF note sections to track which ABI-breaking features are used by a
binary, as well as a series of relocations to annotate where.
If grub is compiled with this feature, then when grub-mkimage translates
the binary to another file format which does not strongly associate
relocation data with sections (i.e. when platform is *-efi), these
relocations appear to be against the .text section rather than the
original note section. When the binary is loaded by the PE runtime
loader, hilarity ensues.
This issue is not necessarily limited to the annobin, but could arise
any time there are relocations in sections that are not represented in
grub-mkimage's output.
This patch seeks to avoid this issue by only including relocations that
refer to sections which will be included in the final binary.
As an aside, this should also obviate the need to avoid -funwind-tables,
-fasynchronous-unwind-tables, and any sections similar to .eh_frame in
the future. I've tested it on x86-64-efi with the following gcc command
line options (as recorded by -grecord-gcc-flags), but I still need to
test the result on some other platforms that have been problematic in
the past (especially ARM Aarch64) before I feel comfortable making
changes to the configure.ac bits:
GNU C11 7.2.1 20180116 (Red Hat 7.2.1-7) -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow -msoft-float -mno-stack-arg-probe -mcmodel=large -mno-red-zone -m64 -mtune=generic -march=x86-64 -g3 -Os -freg-struct-return -fno-stack-protector -ffreestanding -funwind-tables -fasynchronous-unwind-tables -fno-strict-aliasing -fstack-clash-protection -fno-ident -fplugin=annobin
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This basically moves a bunch of the section information we pass around a
lot into a struct, and passes a pointer to a single one of those
instead.
This shouldn't change the binary file output or the "grub-mkimage -v"
output in any way.
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This puts both kinds of address initialization at the same place, and also lets
us iterate through the section list one time fewer.
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This renames some things:
- the "strtab" and "strtab_section" in relocate_symbols are changed to "symtab"
instead, so as to be less confusing when "strtab" is moved to a struct in a
later patch.
- The places where we pass section_vaddresses to functions are changed to also
be called section_vaddresses"inside those functions, so I get less confused
when I put addresses and vaddresses in a struct in a later patch.
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This makes it so you can treat grub-mkimagexx.c as a file you can build
directly, so syntax checkers like vim's "syntastic" plugin, which uses
"gcc -x c -fsyntax-only" to build it, will work.
One still has to do whatever setup is required to make it pick the right
include dirs, which -W options we use, etc., but this makes it so you
can do the checking on the file you're editing, rather than on a
different file.
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Starting from binutils commit bd7ab16b4537788ad53521c45469a1bdae84ad4a:
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd7ab16b4537788ad53521c45469a1bdae84ad4a
x86-64 assembler generates R_X86_64_PLT32, instead of R_X86_64_PC32, for
32-bit PC-relative branches. Grub2 should treat R_X86_64_PLT32 as
R_X86_64_PC32.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Code is currently ignoring errors from efibootmgr, giving users
clearly bogus output like:
Setting up grub-efi-amd64 (2.02~beta3-4) ...
Installing for x86_64-efi platform.
Could not delete variable: No space left on device
Could not prepare Boot variable: No space left on device
Installation finished. No error reported.
and then potentially unbootable systems. If efibootmgr fails, grub-install
should know that and report it!
We've been using similar patch in Debian now for some time, with no ill effects.
Signed-off-by: Steve McIntyre <93sam@debian.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Add block-list GPT support for SPARC. The OBP "load" and "boot" methods
are partition aware and neither command can see the partition table. Also
neither command can address the entire physical disk. When the install
happens, grub generates the block-list entries based on the beginning of the
physical disk, not the beginning of the partition. This patch fixes the
block-list entries so they match what OBP expects during boot for a GPT disk.
T5 and above now supports GPT as well as VTOC.
This patch has been tested on T5-2 and newer SPARC systems.
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
grub-mkconfig will set GRUB_TERMINAL_OUTPUT to "gfxterm" unless the user
has overridden it. On EFI systems, this will stop output from going to the
default "console" terminal. When the EFI fw console is configured to output to
both serial and video, this will cause GRUB to only display on video - while
continuing to accept input from both video and serial.
Instead of switching from "console" to "gfxterm", let's output to both.
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
grub-mkconfig detects detached RSA signatures for kernel images used for
signature checking as valid images and adds them to grub.cfg as separate
menu entries. This patch adds .sig extension to common blacklist.
Signed-off-by: Jordan Glover <Golden_Miller83@protonmail.ch>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The multiboot2 is much more preferable than multiboot. Especiall
if booting under EFI where multiboot does not have the functionality
to pass ImageHandler.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Commit d33045ce7f introduced
the support for this, but it does not work under x86 (as it stops
20_linux_xen from running).
The 20_linux_xen is run under a shell and any exits from within it:
(For example on x86):
+ /usr/bin/grub2-file --is-arm64-efi /boot/xen-4.9.0.gz
[root@tst063 grub]# echo $?
1
will result in 20_linux_xen exiting without continuing
and also causing grub2-mkconfig to stop processing.
As in:
[root@tst063 grub]# ./grub-mkconfig | tail
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.13.0-0.rc5.git1.1.fc27.x86_64
Found initrd image: /boot/initramfs-4.13.0-0.rc5.git1.1.fc27.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-ec082ee24aea41b9b16aca52a6d10cc2
Found initrd image: /boot/initramfs-0-rescue-ec082ee24aea41b9b16aca52a6d10cc2.img
echo 'Loading Linux 0-rescue-ec082ee24aea41b9b16aca52a6d10cc2 ...'
linux /vmlinuz-0-rescue-ec082ee24aea41b9b16aca52a6d10cc2 root=/dev/mapper/fedora_tst063-root ro single
echo 'Loading initial ramdisk ...'
initrd /initramfs-0-rescue-ec082ee24aea41b9b16aca52a6d10cc2.img
}
}
### END /usr/local/etc/grub.d/10_linux ###
### BEGIN /usr/local/etc/grub.d/20_linux_xen ###
root@tst063 grub]#
And no more.
This patch wraps the invocation of grub-file to be a in subshell
and to process the return value in a conditional. That fixes
the issue.
RH-BZ 1486002: grub2-mkconfig does not work if xen.gz is installed.
CC: Fu Wei <fu.wei@linaro.org>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This patch adds the support of xen_boot command for aarch64:
xen_hypervisor
xen_module
These two commands are only for aarch64, since it has its own protocol and
commands to boot xen hypervisor and Dom0, but not multiboot.
For other architectures, they are still using multiboot and module
commands.
Signed-off-by: Fu Wei <fu.wei@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
In util/getroot and efidisk slightly modify exitsing comment to mostly
retain it but still make GCC7 compliant with respect to fall through
annotation.
In grub-core/lib/xzembed/xz_dec_lzma2.c it adds same comments as
upstream.
In grub-core/tests/setjmp_tets.c declare functions as "noreturn" to
suppress GCC7 warning.
In grub-core/gnulib/regexec.c use new __attribute__, because existing
annotation is not recognized by GCC7 parser (which requires that comment
immediately precedes case statement).
Otherwise add FALLTHROUGH comment.
Closes: 50598
According to EABI only STT_FUNC has convention of lowest bit indicating
execution mode. R_THM_{JUMP,CALL}* relocations are assumed to be pointing
to thumb mode unless they use STT_FUNC.