Commit graph

2036 commits

Author SHA1 Message Date
Matthew S. Turnbull
a698240df0 grub-mkconfig/10_linux: Support multiple early initrd images
Add support for multiple, shared, early initrd images. These early
images will be loaded in the order declared, and all will be loaded
before the initrd image.

While many classes of data can be provided by early images, the
immediate use case would be for distributions to provide CPU
microcode to mitigate the Meltdown and Spectre vulnerabilities.

There are two environment variables provided for declaring the early
images.

* GRUB_EARLY_INITRD_LINUX_STOCK is for the distribution declare
  images that are provided by the distribution or installed packages.
  If undeclared, this will default to a set of common microcode image
  names.

* GRUB_EARLY_INITRD_LINUX_CUSTOM is for user created images. User
  images will be loaded after the stock images.

These separate configurations allow the distribution and user to
declare different image sets without clobbering each other.

This also makes a minor update to ensure that UUID partition labels
stay disabled when no initrd image is found, even if early images are
present.

This is a continuation of a previous patch published by Christian
Hesse in 2016:
http://lists.gnu.org/archive/html/grub-devel/2016-02/msg00025.html

Down stream Gentoo bug:
https://bugs.gentoo.org/645088

Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Signed-off-by: Matthew S. Turnbull <sparky@bluefang-logic.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-14 13:23:27 +01:00
Eric Snowberg
28b0d19061 mkimage: fix build regression in grub_mkimage_load_image
The grub_mkimage_load_image function (commit 7542af6, mkimage: refactor a bunch
of section data into a struct.) introduces a build regression on SPARC:

  cc1: warnings being treated as errors
  In file included from util/grub-mkimage32.c:23:
  util/grub-mkimagexx.c: In function 'grub_mkimage_load_image32':
  util/grub-mkimagexx.c:1968: error: missing initializer
  util/grub-mkimagexx.c:1968: error: (near initialization for 'smd.sections')
  make[2]: *** [util/grub_mkimage-grub-mkimage32.o] Error 1

Initialize the entire section_metadata structure.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-07 22:05:48 +01:00
dann frazier
d73badfd0a Revert "Keep the native terminal active when enabling gfxterm"
This can cause an issue where GRUB is trying to display both a text and
graphical menu on the display at the same time, resulting in a flickering
effect when e.g. scrolling quickly through a menu (LP: #1752767).

Revert for now while we look for a better solution for the original issue.

This reverts commit 52ef7b23f5.

Signed-off-by: dann frazier <dann.frazier@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-05 15:26:42 +01:00
Peter Jones
ebc825b549 mkimage: avoid copying relocations for sections that won't be copied.
Some versions of gcc include a plugin called "annobin", and in some
build systems this is enabled by default.  This plugin creates special
ELF note sections to track which ABI-breaking features are used by a
binary, as well as a series of relocations to annotate where.

If grub is compiled with this feature, then when grub-mkimage translates
the binary to another file format which does not strongly associate
relocation data with sections (i.e. when platform is *-efi), these
relocations appear to be against the .text section rather than the
original note section.  When the binary is loaded by the PE runtime
loader, hilarity ensues.

This issue is not necessarily limited to the annobin, but could arise
any time there are relocations in sections that are not represented in
grub-mkimage's output.

This patch seeks to avoid this issue by only including relocations that
refer to sections which will be included in the final binary.

As an aside, this should also obviate the need to avoid -funwind-tables,
-fasynchronous-unwind-tables, and any sections similar to .eh_frame in
the future.  I've tested it on x86-64-efi with the following gcc command
line options (as recorded by -grecord-gcc-flags), but I still need to
test the result on some other platforms that have been problematic in
the past (especially ARM Aarch64) before I feel comfortable making
changes to the configure.ac bits:

GNU C11 7.2.1 20180116 (Red Hat 7.2.1-7) -mno-mmx -mno-sse -mno-sse2 -mno-sse3 -mno-3dnow -msoft-float -mno-stack-arg-probe -mcmodel=large -mno-red-zone -m64 -mtune=generic -march=x86-64 -g3 -Os -freg-struct-return -fno-stack-protector -ffreestanding -funwind-tables -fasynchronous-unwind-tables -fno-strict-aliasing -fstack-clash-protection -fno-ident -fplugin=annobin

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-05 14:08:09 +01:00
Peter Jones
7542af695f mkimage: refactor a bunch of section data into a struct.
This basically moves a bunch of the section information we pass around a
lot into a struct, and passes a pointer to a single one of those
instead.

This shouldn't change the binary file output or the "grub-mkimage -v"
output in any way.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-05 14:05:35 +01:00
Peter Jones
e30de94926 mkimage: make locate_sections() set up vaddresses as well.
This puts both kinds of address initialization at the same place, and also lets
us iterate through the section list one time fewer.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-05 13:44:55 +01:00
Peter Jones
594ac31571 mkimage: rename a couple of things to be less confusing later.
This renames some things:

- the "strtab" and "strtab_section" in relocate_symbols are changed to "symtab"
  instead, so as to be less confusing when "strtab" is moved to a struct in a
  later patch.

- The places where we pass section_vaddresses to functions are changed to also
  be called section_vaddresses"inside those functions, so I get less confused
  when I put addresses and vaddresses in a struct in a later patch.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-05 13:44:55 +01:00
Peter Jones
352868d123 mkimage: make it easier to run syntax checkers on grub-mkimagexx.c
This makes it so you can treat grub-mkimagexx.c as a file you can build
directly, so syntax checkers like vim's "syntastic" plugin, which uses
"gcc -x c -fsyntax-only" to build it, will work.

One still has to do whatever setup is required to make it pick the right
include dirs, which -W options we use, etc., but this makes it so you
can do the checking on the file you're editing, rather than on a
different file.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-03-05 13:44:55 +01:00
H.J. Lu
842c390469 x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32
Starting from binutils commit bd7ab16b4537788ad53521c45469a1bdae84ad4a:

https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd7ab16b4537788ad53521c45469a1bdae84ad4a

x86-64 assembler generates R_X86_64_PLT32, instead of R_X86_64_PC32, for
32-bit PC-relative branches.  Grub2 should treat R_X86_64_PLT32 as
R_X86_64_PC32.

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-02-23 22:25:30 +01:00
Steve McIntyre
6400613ad0 Make grub-install check for errors from efibootmgr
Code is currently ignoring errors from efibootmgr, giving users
clearly bogus output like:

        Setting up grub-efi-amd64 (2.02~beta3-4) ...
        Installing for x86_64-efi platform.
        Could not delete variable: No space left on device
        Could not prepare Boot variable: No space left on device
        Installation finished. No error reported.

and then potentially unbootable systems. If efibootmgr fails, grub-install
should know that and report it!

We've been using similar patch in Debian now for some time, with no ill effects.

Signed-off-by: Steve McIntyre <93sam@debian.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-02-14 18:02:01 +01:00
Eric Snowberg
69e0a67bfb sparc64: Add blocklist GPT support for SPARC
Add block-list GPT support for SPARC.  The OBP "load" and "boot" methods
are partition aware and neither command can see the partition table. Also
neither command can address the entire physical disk. When the install
happens, grub generates the block-list entries based on the beginning of the
physical disk, not the beginning of the partition. This patch fixes the
block-list entries so they match what OBP expects during boot for a GPT disk.

T5 and above now supports GPT as well as VTOC.

This patch has been tested on T5-2 and newer SPARC systems.

Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-02-14 17:42:56 +01:00
dann frazier
52ef7b23f5 Keep the native terminal active when enabling gfxterm
grub-mkconfig will set GRUB_TERMINAL_OUTPUT to "gfxterm" unless the user
has overridden it. On EFI systems, this will stop output from going to the
default "console" terminal. When the EFI fw console is configured to output to
both serial and video, this will cause GRUB to only display on video - while
continuing to accept input from both video and serial.

Instead of switching from "console" to "gfxterm", let's output to both.

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-01-29 12:51:03 +01:00
Jordan Glover
5033080eb6 grub-mkconfig: Fix detecting .sig files as system images
grub-mkconfig detects detached RSA signatures for kernel images used for
signature checking as valid images and adds them to grub.cfg as separate
menu entries. This patch adds .sig extension to common blacklist.

Signed-off-by: Jordan Glover <Golden_Miller83@protonmail.ch>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-12-06 12:58:54 +01:00
Eric Snowberg
2dc163bf69 ieee1275: Fix segfault in grub-ofpathname
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-12-06 12:55:55 +01:00
Eric Snowberg
2a88564017 grub-install: Fix memory leak
Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-11-28 20:33:06 +01:00
Konrad Rzeszutek Wilk
b4d709b6ee Use grub-file to figure out whether multiboot2 should be used for Xen.gz
The multiboot2 is much more preferable than multiboot. Especiall
if booting under EFI where multiboot does not have the functionality
to pass ImageHandler.

Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-09-07 23:25:29 +02:00
Konrad Rzeszutek Wilk
a8e0f1adf7 Fix util/grub.d/20_linux_xen.in: Add xen_boot command support for aarch64
Commit d33045ce7f introduced
the support for this, but it does not work under x86 (as it stops
20_linux_xen from running).

The 20_linux_xen is run under a shell and any exits from within it:

(For example on x86):
+ /usr/bin/grub2-file --is-arm64-efi /boot/xen-4.9.0.gz
[root@tst063 grub]# echo $?
1

will result in 20_linux_xen exiting without continuing
and also causing grub2-mkconfig to stop processing.

As in:

 [root@tst063 grub]# ./grub-mkconfig | tail
 Generating grub configuration file ...
 Found linux image: /boot/vmlinuz-4.13.0-0.rc5.git1.1.fc27.x86_64
 Found initrd image: /boot/initramfs-4.13.0-0.rc5.git1.1.fc27.x86_64.img
 Found linux image: /boot/vmlinuz-0-rescue-ec082ee24aea41b9b16aca52a6d10cc2
 Found initrd image: /boot/initramfs-0-rescue-ec082ee24aea41b9b16aca52a6d10cc2.img
 		echo	'Loading Linux 0-rescue-ec082ee24aea41b9b16aca52a6d10cc2 ...'
 		linux	/vmlinuz-0-rescue-ec082ee24aea41b9b16aca52a6d10cc2 root=/dev/mapper/fedora_tst063-root ro single
 		echo	'Loading initial ramdisk ...'
 		initrd	/initramfs-0-rescue-ec082ee24aea41b9b16aca52a6d10cc2.img
 	}
 }

 ### END /usr/local/etc/grub.d/10_linux ###

 ### BEGIN /usr/local/etc/grub.d/20_linux_xen ###

 root@tst063 grub]#

And no more.

This patch wraps the invocation of grub-file to be a in subshell
and to process the return value in a conditional. That fixes
the issue.

RH-BZ 1486002: grub2-mkconfig does not work if xen.gz is installed.

CC: Fu Wei <fu.wei@linaro.org>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-09-07 23:25:29 +02:00
Vladimir Serbinenko
e66dc5d71e Fail if xorriso failed.
If xorriso failed most likely we didn't generate a meaningful image.
2017-08-07 18:08:39 +02:00
Vladimir Serbinenko
9e962fd3c4 mkrescue: Check xorriso presence before doing anything else.
mkrescue can't do anything useful without xorriso, so abort early if it's
not available.
2017-08-07 18:05:17 +02:00
Fu Wei
d33045ce7f util/grub.d/20_linux_xen.in: Add xen_boot command support for aarch64
This patch adds the support of xen_boot command for aarch64:
    xen_hypervisor
    xen_module
These two commands are only for aarch64, since it has its own protocol and
commands to boot xen hypervisor and Dom0, but not multiboot.

For other architectures, they are still using multiboot and module
commands.

Signed-off-by: Fu Wei <fu.wei@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-05-18 22:30:35 +02:00
Vladimir Serbinenko
3edabad8fe arm_coreboot: Support grub-mkstandalone. 2017-05-08 21:59:48 +02:00
Vladimir Serbinenko
fcbb723d4b Add support for device-tree-based drivers. 2017-05-08 21:19:59 +02:00
Vladimir Serbinenko
24e37a8852 arm-coreboot: Start new port. 2017-05-08 20:53:28 +02:00
Vladimir Serbinenko
a35ac85430 mkimage: Pass layout to mkimage_generate_elfXX rather than some fields.
This allows easier extension of this function without having too long of
arguments list.
2017-05-08 17:32:15 +02:00
Andrei Borzenkov
4bd4a88725 i386, x86_64, ppc: fix switch fallthrough cases with GCC7
In util/getroot and efidisk slightly modify exitsing comment to mostly
retain it but still make GCC7 compliant with respect to fall through
annotation.

In grub-core/lib/xzembed/xz_dec_lzma2.c it adds same comments as
upstream.

In grub-core/tests/setjmp_tets.c declare functions as "noreturn" to
suppress GCC7 warning.

In grub-core/gnulib/regexec.c use new __attribute__, because existing
annotation is not recognized by GCC7 parser (which requires that comment
immediately precedes case statement).

Otherwise add FALLTHROUGH comment.

Closes: 50598
2017-04-04 19:23:55 +03:00
Vladimir Serbinenko
512bb31cbc Whitelist sparc64-ieee1275 as having no video modules.
ieee1275_fb is not built on sparc64 due to virtual address issues.
2017-02-22 09:55:51 +01:00
Vladimir Serbinenko
42e24b6006 Fix thumb compilation with clang.
According to EABI only STT_FUNC has convention of lowest bit indicating
execution mode. R_THM_{JUMP,CALL}* relocations are assumed to be pointing
to thumb mode unless they use STT_FUNC.
2017-02-02 00:59:49 +01:00
Vladimir Serbinenko
34fe0b5901 arm64: Add support for GOT and PCREL32 relocations. 2017-02-01 21:46:19 +01:00
Vladimir Serbinenko
377c121170 mkimage: Fix memory leak. 2017-02-01 21:21:17 +01:00
Vladimir Serbinenko
43b444e593 arm/arm64: Fix improper use of start address.
It was used instead of loading address of current section or of entire buffer.
2017-02-01 20:12:07 +01:00
Vladimir Serbinenko
f14c77f501 grub-mkfont: Remove leftover debug statement. 2017-01-31 22:32:21 +01:00
Vladimir Serbinenko
a134ef1ab9 ia64: Add support for R_IA64_GPREL64I.
Recent GCC generates those relocations, so we need to support them.
2017-01-31 12:39:01 +01:00
Vladimir Serbinenko
255b9e0bea grub-module-verifier: Add mips to all_video whitelist.
On MIPS video is compiled-in. So all_video is empty. Whitelist it.
2017-01-30 19:52:58 +01:00
Vladimir Serbinenko
6371e9c104 grub-module-verifier: Ignore all_video emptiness on xen.
It's intentional that it's empty when no video modules
are available.
2017-01-30 00:13:41 +00:00
Dirk Mueller
0d663b50b9 grub-mknetdir: Add support for ARM64 EFI 2016-11-14 19:27:13 +03:00
Robert Marshall
3c3e96d044 Failed config now returns exit code (#1252311)
Grub would notify the user if the new config was invalid, however, it
did not exit properly with exit code 1. Added the proper exit code.

Resolves: rhbz#1252311
2016-03-11 17:24:56 +01:00
Andrei Borzenkov
9545a8fd04 20_linux_xen: fix test for GRUB_DEVICE
Same fix as in 082bc9f.
2016-03-06 08:54:19 +03:00
Mike Gilbert
082bc9f77b 10_linux: Fix grouping of tests for GRUB_DEVICE
Commit 7290bb562 causes GRUB_DISABLE_LINUX_UUID to be ignored due to
mixing of || and && operators. Add some parens to help with that.
2016-03-06 08:51:07 +03:00
Vladimir Serbinenko
86ef66d977 arm-uboot: Make self-relocatable to allow loading at any address 2016-02-27 13:40:52 +01:00
Vladimir Serbinenko
5bcb7d394c Allow _start == 0 with relocatable images 2016-02-27 13:35:36 +01:00
Vladimir Serbinenko
df21fff504 Provide __bss_start and _end symbols in grub-mkimage.
For this ensure that all bss sections are merged.

We need this to correctly prelink non-PE relocatable images.
2016-02-27 13:35:36 +01:00
Vladimir Serbinenko
73a9c742fe Encapsulate image layout into a separate structure.
Currently we pass around a lot of pointer. Instead put all relevant data
into one structure.
2016-02-27 13:35:36 +01:00
Vladimir Serbinenko
dd3969e7ec mkimagexx: Split PE and generic part for relocations.
As a preparation for U-Boot relocations, split emitting PE-relocations
from parsing source ELF-relocations.
2016-02-27 13:35:36 +01:00
Vladimir Serbinenko
36212460d3 mkimage.c: Split into separate files.
util/grub-mkimagexx.c is included in a special way into mkimage.c.
Interoperation between defines makes this very tricky. Instead
just have a clean interface and compile util/grub-mkimage*.c separately
from mkimage.c
2016-02-27 13:35:36 +01:00
Vladimir Serbinenko
6e1ace590a Change -v to -V for version of shell utils. 2016-02-12 15:46:05 +01:00
Vladimir Serbinenko
7c35f65aac xnu: Add new kernel path to autoconfig. 2016-02-12 15:42:26 +01:00
Andrei Borzenkov
67dba97e45 support modules without symbol table
all_video module does not have any code or data and exists solely for
.moddeps section to pull in dependencies. This makes all symbols unneeded.

While in current binutils (last released version as of this commit is 2.26)
``strip --strip-unneeded'' unintentionally adds section symbols for each
existing section, this behavior was considered a bug and changed in commit
14f2c699ddca1e2f706342dffc59a6c7e23e844c to completely strip symbol table
in this case.

Older binutils (verified with 2.17) and some other toolchains (at least
elftoolchain r3223M), both used in FreeBSD, remove symbol table in all_video
as well.

Relax run-time check and do not return error for modules without symbol table.
Add additional checks to module verifier to make sure such modules

a) have non-empty .moddeps section. Without either externally visible symbols
or .moddeps modules are completely useless and should not be built.

b) do not have any relocations.

Closes: 46986

v2: add run-time check for empty symbol table if relocations are present as
    suggested by Vladimir.
2016-02-03 20:34:55 +03:00
Andrei Borzenkov
7290bb5623 10_linux: avoid multi-device root= kernel argument
If root filesystem is multidev btrfs, do not attempt to pass all devices as
kernel root= argument. This results in splitting command line in GRUB due to
embedded newline and even if we managed to quote it, kernel does not know how
to interpret it anyway. Multidev btrfs requires user space device scanning,
so passing single device would not work too.

This still respects user settings GRUB_DISABLE_LINUX_UUID. Not sure what we
should do in this case.

Closes: 45709
2016-02-01 20:13:48 +03:00
Vladimir Serbinenko
ff84a9b868 Error out if mtools invocation fails. 2016-01-22 19:28:08 +01:00
Vladimir Serbinenko
605eecc985 arm64: Add support for relocations needed for linaro gcc 2016-01-22 19:09:37 +01:00