Commit graph

28 commits

Author SHA1 Message Date
Daniel Kiper
878398c1a3 efi: Add EFI shim lock verifier
This module provides shim lock verification for various kernels
if UEFI secure boot is enabled on a machine.

It is recommended to put this module into GRUB2 standalone image
(avoid putting iorw and memrw modules into it; they are disallowed
if UEFI secure boot is enabled). However, it is also possible to use
it as a normal module. Though such configurations are more fragile
and less secure due to various limitations.

If the module is loaded and UEFI secure boot is enabled then:
  - module itself cannot be unloaded (persistent module),
  - the iorw and memrw modules cannot be loaded,
  - if the iorw and memrw modules are loaded then
    machine boot is disabled,
  - GRUB2 defers modules and ACPI tables verification to
    other verifiers.

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2018-11-09 13:25:31 +01:00
Vladimir Serbinenko
ca0a4f689a verifiers: File type for fine-grained signature-verification controlling
Let's provide file type info to the I/O layer. This way verifiers
framework and its users will be able to differentiate files and verify
only required ones.

This is preparatory patch.

Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2018-11-09 13:25:31 +01:00
Rob Clark
e8ab5a1a9e Fix a segfault in lsefi
when protocols_per_handle returns error, we can't use the pointers we
passed to it, and that includes trusting num_protocols.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-08-03 20:03:09 +02:00
Robert Elliott
c79c59f129 lsefimmap: support persistent memory and other UEFI 2.5 features
This should accompany
	76ce1de740 Translate UEFI persistent memory type

1. Add a string for the EfiPersistentMemory type 14 that was
added in UEFI 2.5.

2. Decode the memory attributes that were added in UEFI 2.5:
* NV (non-volatile)
* MORE_RELIABLE (higher reliable, e.g., mirrored memory in a system
  with partial memory mirroring)
* RO (read-only)

3. Use proper IEC binary units (KiB, MiB, etc.) for power-of-two
values rather than misusing SI power-of-ten units (KB, MB, etc.)

4. The lsmmap command only decodes memory ranges sizes up to GiB scale
units.  Persistent memory ranges will reach into the TiB scale.
Since 64-bit size field supports TiB, PiB, and EiB, decode all of
them for completeness.

5. In the lsefimmap command, rewrite the print statements to
* avoid rounding
* avoid a big nested if/else tree.

For example: In the sixth entry below, the value of 309MB implies
316416KB but is really reporting 316436KB.

Widen the size column to 6 digits to accommodate typical cases.
The worst case value would require 14 digits; if that happens,
let the columns get out of sync.

Old format:
Type      Physical start  - end             #Pages     Size Attributes
conv-mem  0000000000000000-0000000000092fff 00000093  588KB UC WC WT WB
reserved  0000000000093000-0000000000093fff 00000001    4KB UC WC WT WB
conv-mem  0000000000094000-000000000009ffff 0000000c   48KB UC WC WT WB
conv-mem  0000000000100000-000000000fffffff 0000ff00  255MB UC WC WT WB
BS-code   0000000010000000-0000000010048fff 00000049  292KB UC WC WT WB
conv-mem  0000000010049000-000000002354dfff 00013505  309MB UC WC WT WB
ldr-data  000000002354e000-000000003ecfffff 0001b7b2  439MB UC WC WT WB
BS-data   000000003ed00000-000000003ed7ffff 00000080  512KB UC WC WT WB
conv-mem  000000003ed80000-000000006af5ffff 0002c1e0  705MB UC WC WT WB
reserved  000000006af60000-000000006b55ffff 00000600    6MB UC WC WT WB
BS-data   000000006b560000-000000006b560fff 00000001    4KB UC WC WT WB
RT-data   000000006b561000-000000006b5e1fff 00000081  516KB RT UC WC WT WB
BS-data   000000006b5e2000-000000006ecfafff 00003719   55MB UC WC WT WB
BS-code   000000006ecfb000-000000006ecfbfff 00000001    4KB UC WC WT WB
conv-mem  000000006ecfc000-00000000711fafff 000024ff   36MB UC WC WT WB
BS-data   00000000711fb000-000000007128dfff 00000093  588KB UC WC WT WB
Unk 0d    0000000880000000-0000000e7fffffff 00600000   24GB UC WC WT WB NV
reserved  0000001680000000-0000001c7fffffff 00600000   24GB UC WC WT WB NV

New format:
Type      Physical start  - end             #Pages        Size Attributes
conv-mem  0000000000000000-0000000000092fff 00000093    588KiB UC WC WT WB
reserved  0000000000093000-0000000000093fff 00000001      4KiB UC WC WT WB
conv-mem  0000000000094000-000000000009ffff 0000000c     48KiB UC WC WT WB
conv-mem  0000000000100000-000000000fffffff 0000ff00    255MiB UC WC WT WB
BS-code   0000000010000000-0000000010048fff 00000049    292KiB UC WC WT WB
conv-mem  0000000010049000-000000002354dfff 00013505 316436KiB UC WC WT WB
ldr-data  000000002354e000-000000003ecfffff 0001b7b2 450248KiB UC WC WT WB
BS-data   000000003ed00000-000000003ed7ffff 00000080    512KiB UC WC WT WB
conv-mem  000000003ed80000-000000006af5ffff 0002c1e0 722816KiB UC WC WT WB
reserved  000000006af60000-000000006b55ffff 00000600      6MiB UC WC WT WB
BS-data   000000006b560000-000000006b560fff 00000001      4KiB UC WC WT WB
RT-data   000000006b561000-000000006b5e1fff 00000081    516KiB RT UC WC WT WB
BS-data   000000006b5e2000-000000006ecfafff 00003719  56420KiB UC WC WT WB
BS-code   000000006ecfb000-000000006ecfbfff 00000001      4KiB UC WC WT WB
conv-mem  000000006ecfc000-0000000071222fff 00002527  38044KiB UC WC WT WB
BS-data   0000000071223000-00000000712ddfff 000000bb    748KiB UC WC WT WB
persist   0000000880000000-0000000e7fffffff 00600000     24GiB UC WC WT WB NV
reserved  0000001680000000-0000001c7fffffff 00600000     24GiB UC WC WT WB NV
2015-12-17 21:00:44 +03:00
Vladimir Serbinenko
d43a5ee651 tsc: Use alternative delay sources whenever appropriate.
PIT isn't available on some of new hardware including Hyper-V. So
use pmtimer for calibration. Moreover pmtimer calibration is faster, so
use it on coreboor where booting time is important.

Based on patch by Michael Chang.
2015-11-27 11:39:55 +01:00
Andrei Borzenkov
50d6f38feb lsefisystab: add missing comma after 7994077 2015-11-17 06:27:17 +03:00
Pavel Bludov
7994077ab9 Add some UUIDs found in the hardware 2015-11-14 17:57:35 +03:00
Stephane Rochoy
3f3ec8ef44 * grub-core/commands/efi/lsefisystab.c (grub_cmd_lsefisystab): Show
EFI system table physical address.
2014-06-22 01:34:57 +02:00
Vladimir Serbinenko
d99af4f0e8 * grub-core/commands/efi/lsefisystab.c: Use %lld to show num_table_entries. 2013-12-15 14:42:19 +01:00
Vladimir Serbinenko
44bbfa33b8 Propagate the EFI commits to x86-efi specific parts. 2013-12-11 16:11:17 +01:00
Vladimir Serbinenko
3e3dff249f * grub-core/commands/efi/lssal.c: Fix terminating condition. 2013-12-11 15:59:12 +01:00
Vladimir Serbinenko
316dda716c Introduce grub_efi_packed_guid and use it where alignment is not
guaranteed.
2013-12-11 15:57:08 +01:00
Colin Watson
ca3a74469a Remove nested functions from PCI iterators.
* grub-core/bus/pci.c (grub_pci_iterate): Add hook_data argument,
passed to hook.  Update all callers to pass appropriate hook data.
* grub-core/bus/emu/pci.c (grub_pci_iterate): Likewise.
* include/grub/pci.h (grub_pci_iteratefunc_t): Add data argument.
Remove NESTED_FUNC_ATTR from here and from all users.
(grub_pci_iterate): Update prototype.
* grub-core/bus/cs5536.c (grub_cs5536_find: hook): Make static
instead of nested.  Rename to ...
(grub_cs5536_find_iter): ... this.
* grub-core/kern/efi/mm.c (stop_broadcom: find_card): Likewise.
* grub-core/kern/mips/loongson/init.c (init_pci: set_card):
Likewise.
* grub-core/kern/vga_init.c (grub_qemu_init_cirrus: find_card):
Likewise.
* grub-core/video/bochs.c (grub_video_bochs_setup: find_card):
Likewise.
* grub-core/video/cirrus.c (grub_video_cirrus_setup: find_card):
Likewise.
* grub-core/video/efi_uga.c (find_framebuf: find_card): Likewise.
* grub-core/video/radeon_fuloong2e.c
(grub_video_radeon_fuloong2e_setup: find_card): Likewise.
* grub-core/video/sis315pro.c (grub_video_sis315pro_setup:
find_card): Likewise.
* grub-core/video/sm712.c (grub_video_sm712_setup: find_card):
Likewise.
2013-01-13 01:10:41 +00:00
Peter Jones
c5052c81ab * grub-core/Makefile.core.def (efifwsetup): New module.
* grub-core/commands/efi/efifwsetup.c: New file.
	* grub-core/kern/efi/efi.c (grub_efi_set_variable): New function
	* include/grub/efi/api.h (GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI):
	New define.
	* include/grub/efi/efi.h (grub_efi_set_variable): New proto.
2012-09-08 09:40:24 +02:00
Vladimir 'phcoder' Serbinenko
7bd29c01f0 New command `lsefi'.
* grub-core/Makefile.core.def (lsefi): New module.
	* grub-core/commands/efi/lsefi.c: New file.
	* include/grub/efi/api.h: Add more GUIDs.
2012-07-22 19:59:06 +02:00
Vladimir 'phcoder' Serbinenko
584b2f8a22 Replace grub_target_addr with more appropriate types.
* grub-core/commands/efi/fixvideo.c (scan_card): Replace
	grub_target_addr with grub_addr.
	* grub-core/commands/iorw.c (grub_cmd_read): Replace
	grub_target_addr with grub_port.
	(grub_cmd_write): Likewise.
	* grub-core/commands/memrw.c (grub_cmd_read): Replace
	grub_target_addr with grub_addr.
	(grub_cmd_write): Likewise.
	* grub-core/video/efi_uga.c (find_line_len): Likewise.
2012-02-27 14:13:24 +01:00
Vladimir 'phcoder' Serbinenko
9c4b5c13e6 Improve gettext support. Stylistic fixes and error handling fixes while
on it.
2012-02-08 19:26:01 +01:00
Vladimir 'phcoder' Serbinenko
10f0117bf9 * grub-core/commands/efi/fixvideo.c: Gettextize.
* grub-core/commands/hashsum.c: Likewise.
	* grub-core/commands/i386/cmostest.c: Likewise.
	* grub-core/commands/i386/pc/drivemap.c: Likewise.
	* grub-core/commands/i386/pc/lsapm.c: Likewise.
	* grub-core/commands/i386/pc/sendkey.c: Likewise.
	* grub-core/commands/lsmmap.c: Likewise.
	* grub-core/commands/menuentry.c: Likewise.
	* grub-core/commands/mips/loongson/lsspd.c: Likewise.
	* grub-core/commands/setpci.c: Likewise.
	* grub-core/loader/i386/bsd.c: Likewise.
	* grub-core/loader/i386/linux.c: Likewise.
	* util/getroot.c: Likewise.
	* util/grub-editenv.c: Likewise.
	* util/grub-fstest.c: Likewise.
	* util/grub-mkfont.c: Likewise.
	* util/grub-mkimage.c: Likewise.
	* util/grub-mkpasswd-pbkdf2.c: Likewise.
	* util/grub-pe2elf.c: Likewise.
	* util/grub-probe.c: Likewise.
	* util/grub-setup.c: Likewise.
	* util/ieee1275/ofpath.c: Likewise.
	* util/misc.c: Likewise.
	* util/raid.c: Likewise.
2011-11-12 00:34:14 +01:00
Vladimir 'phcoder' Serbinenko
6e0632e28c * grub-core/commands/acpihalt.c: Gettextized.
* grub-core/commands/cacheinfo.c: Likewise.
	* grub-core/commands/cmp.c: Likewise.
	* grub-core/commands/efi/loadbios.c: Likewise.
	* grub-core/commands/gptsync.c: Likewise.
	* grub-core/commands/ieee1275/suspend.c: Likewise.
	* grub-core/commands/legacycfg.c: Likewise.
	* grub-core/commands/memrw.c: Likewise.
	* grub-core/commands/minicmd.c: Likewise.
	* grub-core/commands/parttool.c: Likewise.
	* grub-core/commands/time.c: Likewise.
	* grub-core/commands/videoinfo.c: Likewise.
	* grub-core/disk/geli.c: Likewise.
	* grub-core/disk/i386/pc/biosdisk.c: Likewise.
	* grub-core/disk/luks.c: Likewise.
	* grub-core/disk/lvm.c: Likewise.
	* grub-core/font/font_cmd.c: Likewise.
	* grub-core/fs/zfs/zfscrypt.c: Likewise.
	* grub-core/fs/zfs/zfsinfo.c: Likewise.
	* grub-core/gfxmenu/view.c: Likewise.
	* grub-core/kern/emu/hostdisk.c: Likewise.
	* grub-core/kern/emu/main.c: Likewise.
	* grub-core/kern/emu/misc.c: Likewise.
	* grub-core/kern/emu/mm.c: Likewise.
	* grub-core/kern/mips/arc/init.c: Likewise.
	* grub-core/kern/mips/loongson/init.c: Likewise.
	* grub-core/kern/partition.c: Likewise.
	* grub-core/lib/i386/halt.c: Likewise.
	* grub-core/lib/mips/arc/reboot.c: Likewise.
	* grub-core/lib/mips/loongson/reboot.c: Likewise.
	* grub-core/loader/i386/pc/chainloader.c: Likewise.
	* grub-core/loader/i386/xnu.c: Likewise.
	* grub-core/loader/multiboot.c: Likewise.
	* grub-core/net/bootp.c: Likewise.
	* grub-core/net/net.c: Likewise.
	* grub-core/normal/term.c: Likewise.
	* grub-core/partmap/bsdlabel.c: Likewise.
	* grub-core/parttool/msdospart.c: Likewise.
	* grub-core/term/gfxterm.c: Likewise.
	* grub-core/term/terminfo.c: Likewise.
	* grub-core/video/i386/pc/vbe.c: Likewise.
	* util/grub-menulst2cfg.c: Likewise.
	* util/grub-mkdevicemap.c: Likewise.
	* util/grub-mklayout.c: Likewise.
	* util/grub-mkrelpath.c: Likewise.
	* util/grub-script-check.c: Likewise.
	* util/ieee1275/grub-ofpathname.c: Likewise.
	* util/resolve.c: Likewise.
2011-11-11 21:44:56 +01:00
Vladimir 'phcoder' Serbinenko
e745cf0ca6 Implement automatic module license checking according to new GNU
guidelines.

	* grub-core/kern/dl.c (grub_dl_check_license): New function.
	(grub_dl_load_core): Use grub_dl_check_license.
	* include/grub/dl.h (GRUB_MOD_SECTION): New macro.
	(GRUB_MOD_LICENSE): Likewise.
	(GRUB_MOD_DUAL_LICENSE): Likewise.
	All modules updated.
2011-04-11 23:01:51 +02:00
Colin Watson
b031012d70 * grub-core/commands/efi/lsefimmap.c (grub_cmd_lsefimmap):
NumberOfPages is UINT64 according to the UEFI specification, not
UINTN.  Fix printf format.
2010-09-21 16:58:08 +01:00
Colin Watson
40901acd76 * grub-core/commands/efi/lsefimmap.c: Correct header.
* NEWS: Update.
2010-09-20 17:59:09 +01:00
Tristan Gingold
3dccbe4bbb * grub-core/commands/efi/lsefimmap.c: New file.
* grub-core/Makefile.core.def (lsefimmap): New module.
	* include/grub/efi/api.h (PRIxGRUB_EFI_UINTN_T): New definition.

	Also-By: Robert Millan <rmh.grub@aybabtu.com>

	Also-By: Vladimir Serbinenko <phcoder@gmail.com>
2010-09-20 17:59:25 +02:00
Colin Watson
6d3d698d13 * grub-core/commands/efi/lsefisystab.c: Correct header.
* grub-core/commands/efi/lssal.c: Likewise.
* grub-core/commands/testload.c: Likewise.
2010-09-20 13:18:41 +01:00
Tristan Gingold
41a331a8d3 * grub-core/commands/efi/lsefimmap.c: New file.
* grub-core/Makefile.core.def (lsefimmap): New module.
	* include/grub/efi/api.h (PRIxGRUB_EFI_UINTN_T): New definition.

	Also-By: Robert Millan <rmh.grub@aybabtu.com>

	Also-By: Vladimir Serbinenko <phcoder@gmail.com>
2010-09-01 10:12:41 +02:00
Vladimir 'phcoder' Serbinenko
48798b6a1e Fix memory leak 2010-09-01 09:34:09 +02:00
Tristan Gingold
105de6a758 * grub-core/commands/efi/lsefisystab.c: New file.
* grub-core/commands/efi/lssal.c: Likewise.
	* grub-core/Makefile.core.def (lsacpi): New module.
	(lsefisystab): Likewise.
	* include/grub/efi/api.h (GRUB_EFI_SAL_TABLE_GUID): New definition.
	(GRUB_EFI_HCDP_TABLE_GUID): Likewise.
	(grub_efi_sal_system_table): New struct.
	(grub_efi_sal_system_table_entrypoint_descriptor): Likewise.
	(grub_efi_sal_system_table_memory_descriptor): Likewise.
	(grub_efi_sal_system_table_platform_features): Likewise.
	(grub_efi_sal_system_table_translation_register_descriptor): Likewise.
	(grub_efi_sal_system_table_purge_translation_coherence): Likewise.
	(grub_efi_sal_system_table_ap_wakeup): Likewise.
	* include/grub/types.h (PRIuGRUB_UINT64_T): New definition.

	Also-By: Robert Millan <rmh.grub@aybabtu.com>

	Also-By: Vladimir Serbinenko <phcoder@gmail.com>
2010-09-01 02:37:17 +02:00
BVK Chaitanya
8c41176882 automake commit without merge history 2010-05-06 11:34:04 +05:30