Daniel Kiper
878398c1a3
efi: Add EFI shim lock verifier
...
This module provides shim lock verification for various kernels
if UEFI secure boot is enabled on a machine.
It is recommended to put this module into GRUB2 standalone image
(avoid putting iorw and memrw modules into it; they are disallowed
if UEFI secure boot is enabled). However, it is also possible to use
it as a normal module. Though such configurations are more fragile
and less secure due to various limitations.
If the module is loaded and UEFI secure boot is enabled then:
- module itself cannot be unloaded (persistent module),
- the iorw and memrw modules cannot be loaded,
- if the iorw and memrw modules are loaded then
machine boot is disabled,
- GRUB2 defers modules and ACPI tables verification to
other verifiers.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2018-11-09 13:25:31 +01:00
Vladimir Serbinenko
ca0a4f689a
verifiers: File type for fine-grained signature-verification controlling
...
Let's provide file type info to the I/O layer. This way verifiers
framework and its users will be able to differentiate files and verify
only required ones.
This is preparatory patch.
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2018-11-09 13:25:31 +01:00
Rob Clark
e8ab5a1a9e
Fix a segfault in lsefi
...
when protocols_per_handle returns error, we can't use the pointers we
passed to it, and that includes trusting num_protocols.
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-08-03 20:03:09 +02:00
Robert Elliott
c79c59f129
lsefimmap: support persistent memory and other UEFI 2.5 features
...
This should accompany
76ce1de740
Translate UEFI persistent memory type
1. Add a string for the EfiPersistentMemory type 14 that was
added in UEFI 2.5.
2. Decode the memory attributes that were added in UEFI 2.5:
* NV (non-volatile)
* MORE_RELIABLE (higher reliable, e.g., mirrored memory in a system
with partial memory mirroring)
* RO (read-only)
3. Use proper IEC binary units (KiB, MiB, etc.) for power-of-two
values rather than misusing SI power-of-ten units (KB, MB, etc.)
4. The lsmmap command only decodes memory ranges sizes up to GiB scale
units. Persistent memory ranges will reach into the TiB scale.
Since 64-bit size field supports TiB, PiB, and EiB, decode all of
them for completeness.
5. In the lsefimmap command, rewrite the print statements to
* avoid rounding
* avoid a big nested if/else tree.
For example: In the sixth entry below, the value of 309MB implies
316416KB but is really reporting 316436KB.
Widen the size column to 6 digits to accommodate typical cases.
The worst case value would require 14 digits; if that happens,
let the columns get out of sync.
Old format:
Type Physical start - end #Pages Size Attributes
conv-mem 0000000000000000-0000000000092fff 00000093 588KB UC WC WT WB
reserved 0000000000093000-0000000000093fff 00000001 4KB UC WC WT WB
conv-mem 0000000000094000-000000000009ffff 0000000c 48KB UC WC WT WB
conv-mem 0000000000100000-000000000fffffff 0000ff00 255MB UC WC WT WB
BS-code 0000000010000000-0000000010048fff 00000049 292KB UC WC WT WB
conv-mem 0000000010049000-000000002354dfff 00013505 309MB UC WC WT WB
ldr-data 000000002354e000-000000003ecfffff 0001b7b2 439MB UC WC WT WB
BS-data 000000003ed00000-000000003ed7ffff 00000080 512KB UC WC WT WB
conv-mem 000000003ed80000-000000006af5ffff 0002c1e0 705MB UC WC WT WB
reserved 000000006af60000-000000006b55ffff 00000600 6MB UC WC WT WB
BS-data 000000006b560000-000000006b560fff 00000001 4KB UC WC WT WB
RT-data 000000006b561000-000000006b5e1fff 00000081 516KB RT UC WC WT WB
BS-data 000000006b5e2000-000000006ecfafff 00003719 55MB UC WC WT WB
BS-code 000000006ecfb000-000000006ecfbfff 00000001 4KB UC WC WT WB
conv-mem 000000006ecfc000-00000000711fafff 000024ff 36MB UC WC WT WB
BS-data 00000000711fb000-000000007128dfff 00000093 588KB UC WC WT WB
Unk 0d 0000000880000000-0000000e7fffffff 00600000 24GB UC WC WT WB NV
reserved 0000001680000000-0000001c7fffffff 00600000 24GB UC WC WT WB NV
New format:
Type Physical start - end #Pages Size Attributes
conv-mem 0000000000000000-0000000000092fff 00000093 588KiB UC WC WT WB
reserved 0000000000093000-0000000000093fff 00000001 4KiB UC WC WT WB
conv-mem 0000000000094000-000000000009ffff 0000000c 48KiB UC WC WT WB
conv-mem 0000000000100000-000000000fffffff 0000ff00 255MiB UC WC WT WB
BS-code 0000000010000000-0000000010048fff 00000049 292KiB UC WC WT WB
conv-mem 0000000010049000-000000002354dfff 00013505 316436KiB UC WC WT WB
ldr-data 000000002354e000-000000003ecfffff 0001b7b2 450248KiB UC WC WT WB
BS-data 000000003ed00000-000000003ed7ffff 00000080 512KiB UC WC WT WB
conv-mem 000000003ed80000-000000006af5ffff 0002c1e0 722816KiB UC WC WT WB
reserved 000000006af60000-000000006b55ffff 00000600 6MiB UC WC WT WB
BS-data 000000006b560000-000000006b560fff 00000001 4KiB UC WC WT WB
RT-data 000000006b561000-000000006b5e1fff 00000081 516KiB RT UC WC WT WB
BS-data 000000006b5e2000-000000006ecfafff 00003719 56420KiB UC WC WT WB
BS-code 000000006ecfb000-000000006ecfbfff 00000001 4KiB UC WC WT WB
conv-mem 000000006ecfc000-0000000071222fff 00002527 38044KiB UC WC WT WB
BS-data 0000000071223000-00000000712ddfff 000000bb 748KiB UC WC WT WB
persist 0000000880000000-0000000e7fffffff 00600000 24GiB UC WC WT WB NV
reserved 0000001680000000-0000001c7fffffff 00600000 24GiB UC WC WT WB NV
2015-12-17 21:00:44 +03:00
Vladimir Serbinenko
d43a5ee651
tsc: Use alternative delay sources whenever appropriate.
...
PIT isn't available on some of new hardware including Hyper-V. So
use pmtimer for calibration. Moreover pmtimer calibration is faster, so
use it on coreboor where booting time is important.
Based on patch by Michael Chang.
2015-11-27 11:39:55 +01:00
Andrei Borzenkov
50d6f38feb
lsefisystab: add missing comma after 7994077
2015-11-17 06:27:17 +03:00
Pavel Bludov
7994077ab9
Add some UUIDs found in the hardware
2015-11-14 17:57:35 +03:00
Stephane Rochoy
3f3ec8ef44
* grub-core/commands/efi/lsefisystab.c (grub_cmd_lsefisystab): Show
...
EFI system table physical address.
2014-06-22 01:34:57 +02:00
Vladimir Serbinenko
d99af4f0e8
* grub-core/commands/efi/lsefisystab.c: Use %lld to show num_table_entries.
2013-12-15 14:42:19 +01:00
Vladimir Serbinenko
44bbfa33b8
Propagate the EFI commits to x86-efi specific parts.
2013-12-11 16:11:17 +01:00
Vladimir Serbinenko
3e3dff249f
* grub-core/commands/efi/lssal.c: Fix terminating condition.
2013-12-11 15:59:12 +01:00
Vladimir Serbinenko
316dda716c
Introduce grub_efi_packed_guid and use it where alignment is not
...
guaranteed.
2013-12-11 15:57:08 +01:00
Colin Watson
ca3a74469a
Remove nested functions from PCI iterators.
...
* grub-core/bus/pci.c (grub_pci_iterate): Add hook_data argument,
passed to hook. Update all callers to pass appropriate hook data.
* grub-core/bus/emu/pci.c (grub_pci_iterate): Likewise.
* include/grub/pci.h (grub_pci_iteratefunc_t): Add data argument.
Remove NESTED_FUNC_ATTR from here and from all users.
(grub_pci_iterate): Update prototype.
* grub-core/bus/cs5536.c (grub_cs5536_find: hook): Make static
instead of nested. Rename to ...
(grub_cs5536_find_iter): ... this.
* grub-core/kern/efi/mm.c (stop_broadcom: find_card): Likewise.
* grub-core/kern/mips/loongson/init.c (init_pci: set_card):
Likewise.
* grub-core/kern/vga_init.c (grub_qemu_init_cirrus: find_card):
Likewise.
* grub-core/video/bochs.c (grub_video_bochs_setup: find_card):
Likewise.
* grub-core/video/cirrus.c (grub_video_cirrus_setup: find_card):
Likewise.
* grub-core/video/efi_uga.c (find_framebuf: find_card): Likewise.
* grub-core/video/radeon_fuloong2e.c
(grub_video_radeon_fuloong2e_setup: find_card): Likewise.
* grub-core/video/sis315pro.c (grub_video_sis315pro_setup:
find_card): Likewise.
* grub-core/video/sm712.c (grub_video_sm712_setup: find_card):
Likewise.
2013-01-13 01:10:41 +00:00
Peter Jones
c5052c81ab
* grub-core/Makefile.core.def (efifwsetup): New module.
...
* grub-core/commands/efi/efifwsetup.c: New file.
* grub-core/kern/efi/efi.c (grub_efi_set_variable): New function
* include/grub/efi/api.h (GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI):
New define.
* include/grub/efi/efi.h (grub_efi_set_variable): New proto.
2012-09-08 09:40:24 +02:00
Vladimir 'phcoder' Serbinenko
7bd29c01f0
New command `lsefi'.
...
* grub-core/Makefile.core.def (lsefi): New module.
* grub-core/commands/efi/lsefi.c: New file.
* include/grub/efi/api.h: Add more GUIDs.
2012-07-22 19:59:06 +02:00
Vladimir 'phcoder' Serbinenko
584b2f8a22
Replace grub_target_addr with more appropriate types.
...
* grub-core/commands/efi/fixvideo.c (scan_card): Replace
grub_target_addr with grub_addr.
* grub-core/commands/iorw.c (grub_cmd_read): Replace
grub_target_addr with grub_port.
(grub_cmd_write): Likewise.
* grub-core/commands/memrw.c (grub_cmd_read): Replace
grub_target_addr with grub_addr.
(grub_cmd_write): Likewise.
* grub-core/video/efi_uga.c (find_line_len): Likewise.
2012-02-27 14:13:24 +01:00
Vladimir 'phcoder' Serbinenko
9c4b5c13e6
Improve gettext support. Stylistic fixes and error handling fixes while
...
on it.
2012-02-08 19:26:01 +01:00
Vladimir 'phcoder' Serbinenko
10f0117bf9
* grub-core/commands/efi/fixvideo.c: Gettextize.
...
* grub-core/commands/hashsum.c: Likewise.
* grub-core/commands/i386/cmostest.c: Likewise.
* grub-core/commands/i386/pc/drivemap.c: Likewise.
* grub-core/commands/i386/pc/lsapm.c: Likewise.
* grub-core/commands/i386/pc/sendkey.c: Likewise.
* grub-core/commands/lsmmap.c: Likewise.
* grub-core/commands/menuentry.c: Likewise.
* grub-core/commands/mips/loongson/lsspd.c: Likewise.
* grub-core/commands/setpci.c: Likewise.
* grub-core/loader/i386/bsd.c: Likewise.
* grub-core/loader/i386/linux.c: Likewise.
* util/getroot.c: Likewise.
* util/grub-editenv.c: Likewise.
* util/grub-fstest.c: Likewise.
* util/grub-mkfont.c: Likewise.
* util/grub-mkimage.c: Likewise.
* util/grub-mkpasswd-pbkdf2.c: Likewise.
* util/grub-pe2elf.c: Likewise.
* util/grub-probe.c: Likewise.
* util/grub-setup.c: Likewise.
* util/ieee1275/ofpath.c: Likewise.
* util/misc.c: Likewise.
* util/raid.c: Likewise.
2011-11-12 00:34:14 +01:00
Vladimir 'phcoder' Serbinenko
6e0632e28c
* grub-core/commands/acpihalt.c: Gettextized.
...
* grub-core/commands/cacheinfo.c: Likewise.
* grub-core/commands/cmp.c: Likewise.
* grub-core/commands/efi/loadbios.c: Likewise.
* grub-core/commands/gptsync.c: Likewise.
* grub-core/commands/ieee1275/suspend.c: Likewise.
* grub-core/commands/legacycfg.c: Likewise.
* grub-core/commands/memrw.c: Likewise.
* grub-core/commands/minicmd.c: Likewise.
* grub-core/commands/parttool.c: Likewise.
* grub-core/commands/time.c: Likewise.
* grub-core/commands/videoinfo.c: Likewise.
* grub-core/disk/geli.c: Likewise.
* grub-core/disk/i386/pc/biosdisk.c: Likewise.
* grub-core/disk/luks.c: Likewise.
* grub-core/disk/lvm.c: Likewise.
* grub-core/font/font_cmd.c: Likewise.
* grub-core/fs/zfs/zfscrypt.c: Likewise.
* grub-core/fs/zfs/zfsinfo.c: Likewise.
* grub-core/gfxmenu/view.c: Likewise.
* grub-core/kern/emu/hostdisk.c: Likewise.
* grub-core/kern/emu/main.c: Likewise.
* grub-core/kern/emu/misc.c: Likewise.
* grub-core/kern/emu/mm.c: Likewise.
* grub-core/kern/mips/arc/init.c: Likewise.
* grub-core/kern/mips/loongson/init.c: Likewise.
* grub-core/kern/partition.c: Likewise.
* grub-core/lib/i386/halt.c: Likewise.
* grub-core/lib/mips/arc/reboot.c: Likewise.
* grub-core/lib/mips/loongson/reboot.c: Likewise.
* grub-core/loader/i386/pc/chainloader.c: Likewise.
* grub-core/loader/i386/xnu.c: Likewise.
* grub-core/loader/multiboot.c: Likewise.
* grub-core/net/bootp.c: Likewise.
* grub-core/net/net.c: Likewise.
* grub-core/normal/term.c: Likewise.
* grub-core/partmap/bsdlabel.c: Likewise.
* grub-core/parttool/msdospart.c: Likewise.
* grub-core/term/gfxterm.c: Likewise.
* grub-core/term/terminfo.c: Likewise.
* grub-core/video/i386/pc/vbe.c: Likewise.
* util/grub-menulst2cfg.c: Likewise.
* util/grub-mkdevicemap.c: Likewise.
* util/grub-mklayout.c: Likewise.
* util/grub-mkrelpath.c: Likewise.
* util/grub-script-check.c: Likewise.
* util/ieee1275/grub-ofpathname.c: Likewise.
* util/resolve.c: Likewise.
2011-11-11 21:44:56 +01:00
Vladimir 'phcoder' Serbinenko
e745cf0ca6
Implement automatic module license checking according to new GNU
...
guidelines.
* grub-core/kern/dl.c (grub_dl_check_license): New function.
(grub_dl_load_core): Use grub_dl_check_license.
* include/grub/dl.h (GRUB_MOD_SECTION): New macro.
(GRUB_MOD_LICENSE): Likewise.
(GRUB_MOD_DUAL_LICENSE): Likewise.
All modules updated.
2011-04-11 23:01:51 +02:00
Colin Watson
b031012d70
* grub-core/commands/efi/lsefimmap.c (grub_cmd_lsefimmap):
...
NumberOfPages is UINT64 according to the UEFI specification, not
UINTN. Fix printf format.
2010-09-21 16:58:08 +01:00
Colin Watson
40901acd76
* grub-core/commands/efi/lsefimmap.c: Correct header.
...
* NEWS: Update.
2010-09-20 17:59:09 +01:00
Tristan Gingold
3dccbe4bbb
* grub-core/commands/efi/lsefimmap.c: New file.
...
* grub-core/Makefile.core.def (lsefimmap): New module.
* include/grub/efi/api.h (PRIxGRUB_EFI_UINTN_T): New definition.
Also-By: Robert Millan <rmh.grub@aybabtu.com>
Also-By: Vladimir Serbinenko <phcoder@gmail.com>
2010-09-20 17:59:25 +02:00
Colin Watson
6d3d698d13
* grub-core/commands/efi/lsefisystab.c: Correct header.
...
* grub-core/commands/efi/lssal.c: Likewise.
* grub-core/commands/testload.c: Likewise.
2010-09-20 13:18:41 +01:00
Tristan Gingold
41a331a8d3
* grub-core/commands/efi/lsefimmap.c: New file.
...
* grub-core/Makefile.core.def (lsefimmap): New module.
* include/grub/efi/api.h (PRIxGRUB_EFI_UINTN_T): New definition.
Also-By: Robert Millan <rmh.grub@aybabtu.com>
Also-By: Vladimir Serbinenko <phcoder@gmail.com>
2010-09-01 10:12:41 +02:00
Vladimir 'phcoder' Serbinenko
48798b6a1e
Fix memory leak
2010-09-01 09:34:09 +02:00
Tristan Gingold
105de6a758
* grub-core/commands/efi/lsefisystab.c: New file.
...
* grub-core/commands/efi/lssal.c: Likewise.
* grub-core/Makefile.core.def (lsacpi): New module.
(lsefisystab): Likewise.
* include/grub/efi/api.h (GRUB_EFI_SAL_TABLE_GUID): New definition.
(GRUB_EFI_HCDP_TABLE_GUID): Likewise.
(grub_efi_sal_system_table): New struct.
(grub_efi_sal_system_table_entrypoint_descriptor): Likewise.
(grub_efi_sal_system_table_memory_descriptor): Likewise.
(grub_efi_sal_system_table_platform_features): Likewise.
(grub_efi_sal_system_table_translation_register_descriptor): Likewise.
(grub_efi_sal_system_table_purge_translation_coherence): Likewise.
(grub_efi_sal_system_table_ap_wakeup): Likewise.
* include/grub/types.h (PRIuGRUB_UINT64_T): New definition.
Also-By: Robert Millan <rmh.grub@aybabtu.com>
Also-By: Vladimir Serbinenko <phcoder@gmail.com>
2010-09-01 02:37:17 +02:00
BVK Chaitanya
8c41176882
automake commit without merge history
2010-05-06 11:34:04 +05:30