Commit graph

9295 commits

Author SHA1 Message Date
Michael Marineau
8278022a0b gpt: improve validation of GPT headers
Adds basic validation of all the disk locations in the headers, reducing
the chance of corrupting weird locations on disk.
2016-08-22 17:51:48 -07:00
Michael Marineau
1c205c2c4d Merge pull request #31 from marineam/verbose-debug
Add verbose debug logging to biosdisk and gpt
2016-08-22 17:22:34 -07:00
Michael Marineau
c2f5fde6ab gpt: add verbose debug logging 2016-08-22 13:02:29 -07:00
Michael Marineau
d38d2d0fb1 biosdisk: add verbose debug logging 2016-08-22 13:02:29 -07:00
Michael Marineau
3d1efb83ed Merge pull request #32 from marineam/tpm
tpm: fix warnings when compiling for platforms other than pc and efi
2016-08-22 12:53:07 -07:00
Michael Marineau
2de6ebf196 tpm: fix warnings when compiling for platforms other than pc and efi 2016-08-21 18:45:02 -07:00
Michael Marineau
a7b0b20c87 Merge pull request #30 from marineam/fwcfg
fwconfig: fix unused argument warning
2016-08-21 11:21:47 -07:00
Michael Marineau
9a8cd5a16a fwconfig: fix unused argument warning 2016-08-20 17:54:47 -07:00
Michael Marineau
2ff7bd91eb Merge pull request #29 from marineam/big-bad-disk
gpt: do not use disk sizes GRUB will reject as invalid later on
2016-07-25 16:05:48 -07:00
Nick Owens
d4602dd67f Merge pull request #28 from mischief/client-arch
net: add client arch and fix user class/terminator
2016-07-25 15:55:23 -07:00
Michael Marineau
a8ad608425 gpt: do not use disk sizes GRUB will reject as invalid later on
GRUB assumes that no disk is ever larger than 1EiB and rejects
reads/writes to such locations. Unfortunately this is not conveyed in
the usual way with the special GRUB_DISK_SIZE_UNKNOWN value.
2016-07-25 15:35:01 -07:00
Nick Owens
fbf65674a4 net: add client arch and fix user class/terminator
send client arch in bootp requests, for now BIOS and x64/aarch64 EFI is
supported.

fix a bug introduced in 4d5d7be005 where
user class was encoded improperly, although this didn't seem to have any
detrimental effects.

properly insert an option terminator.
2016-07-08 15:39:04 -07:00
Nick Owens
a1724dace5 Merge pull request #27 from mischief/cmddevice
set cmddevice when cmdpath is set
2016-06-01 14:08:23 -07:00
Nick Owens
5470929309 set cmddevice when cmdpath is set 2016-06-01 13:55:45 -07:00
Nick Owens
68ae3c416b Merge pull request #26 from mischief/getenv-efi
grub-core: enable getenv for all efi targets
2016-04-14 15:03:43 -07:00
Nick Owens
70b45a45b9 grub-core: enable getenv for all efi targets 2016-04-14 14:47:39 -07:00
mjg59
ad906495e1 Merge pull request #25 from mjg59/tpm
Fix event log prefix
2016-03-29 21:29:47 -07:00
Matthew Garrett
aab446306b Fix event log prefix
We're not passing the prefixed version of the description to the event log.
Fix that.
2016-03-29 15:36:49 -07:00
mjg59
a067b998e0 Merge pull request #24 from mjg59/coreos
Netboot updates
2016-03-24 15:12:06 -07:00
Matthew Garrett
954fd730ca Allow protocol to be separated from host with a semicolon
Some DHCP servers (such as dnsmasq) tokenise parameters with commas, making
it impossible to pass boot files with commas in them. Allow using a semicolon
to separate the protocol from host if a comma wasn't found.
2016-03-24 13:47:19 -07:00
Matthew Garrett
75b4826d15 Tag the bootp request as a DHCP discover 2016-03-24 13:46:54 -07:00
Matthew Garrett
ec0051a569 Don't allocate a new address buffer if we receive multiple responses
The current logic in the DNS resolution code allocates an address buffer
based on the number of addresses in the response packet. If we receive
multiple response packets in response to a single query packet, this means
that we will reallocate a new buffer large enough for only the addresses in
that specific packet, discarding any previous results in the process. Worse,
we still keep track of the *total* number of addresses resolved in response
to this query, not merely the number in the packet being currently processed.
Use realloc() rather than malloc() to avoid overwriting the existing data,
and allocate a buffer large enough for the total set of addresses rather
than merely the number in this specific response.
2016-03-24 13:46:42 -07:00
mjg59
e1b2b265af Merge pull request #23 from mjg59/coreos
TPM fixes
2016-03-24 10:26:40 -07:00
Matthew Garrett
bb3473d7c8 Rework TPM measurements
Rework TPM measurements to use fewer PCRs. After discussion with upstream,
it's preferable to avoid using so many PCRs. Instead, measure into PCRs 8
and 9 but use a prefix in the event log to indicate which subsystem carried
out the measurements.
2016-03-23 17:03:43 -07:00
Matthew Garrett
c2eee36ec0 Fix boot when there's no TPM
If the firmware has TPM support but has no TPM, we're jumping to core.img
without popping the registers back onto the stack. Fix that.
2016-03-23 17:02:52 -07:00
mjg59
4ccc609994 Merge pull request #22 from mjg59/netboot
Add various small patches to improve netboot support
2016-01-08 15:42:13 -08:00
mjg59
b29d1d3258 Merge pull request #21 from mjg59/smbios
Add smbios command
2016-01-08 15:41:17 -08:00
Matthew Garrett
4d5d7be005 Send a user class identifier in bootp requests
It's helpful to determine that a request was sent by grub in order to permit
the server to provide different information at different stages of the boot
process. Send GRUB2 as a type 77 DHCP option when sending bootp packets in
order to make this possible.
2016-01-08 14:25:52 -08:00
Matthew Garrett
78db6bcf33 Allow non-default ports for HTTP requests
Add support for passing ports in HTTP requests. This takes the form of:
(http,serverip:portnum)/file
2016-01-07 17:27:15 -08:00
Matthew Garrett
297e11980b Allow passing of trusted keys via variables
Add support for adding gpg keys to the trusted database with a new command
called "trust_var". This takes the contents of a variable (in ascii-encoded
hex) and interprets it as a gpg public key.
2016-01-07 15:33:36 -08:00
Matthew Garrett
73746f0367 Fix hex representation of binary variable contents
The getenv code was mishandling the conversion of binary to hex. Grub's
sprintf() doesn't seem to support the full set of format conversions, so
fix this in the nasty way.
2016-01-07 15:31:36 -08:00
Matthew Garrett
92e46cccf1 Add smbios command
Incorporate the smbios command from
https://raw.githubusercontent.com/dm0-/gnuxc/master/patches/grub-2.02~beta2-smbios-module.patch
so we can extract the machine UUID and serial number.
2016-01-06 12:46:22 -08:00
mjg59
d4bc2bf02f Merge pull request #20 from mjg59/master
Add TPM measurement support
2016-01-05 15:32:28 -08:00
Matthew Garrett
a0e69405e2 Measure multiboot images and modules 2016-01-05 14:35:17 -08:00
Matthew Garrett
b47b5685b5 Measure commands
Measure each command executed by grub, which includes script execution.
2016-01-05 14:35:17 -08:00
Matthew Garrett
2d410729e9 Measure the kernel commandline
Measure the kernel commandline to ensure that it hasn't been modified
2016-01-05 14:35:17 -08:00
Matthew Garrett
20e355fd5a Measure kernel and initrd on BIOS systems
Measure the kernel and initrd when loaded on BIOS systems
2016-01-05 14:35:17 -08:00
Matthew Garrett
738f6f09b3 Rework linux16 command
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel int it
before pulling out the individual blocks later on.
2016-01-05 14:35:17 -08:00
Matthew Garrett
a2599ab047 Rework linux command
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel into it
before pulling out the individual blocks later on.
2016-01-05 14:35:17 -08:00
Matthew Garrett
1e32d63145 Add BIOS boot measurement
Measure the on-disk grub core on BIOS systems - unlike UEFI, the firmware
can't do this stage for us.
2016-01-05 14:35:17 -08:00
Matthew Garrett
f22ee4487c Measure kernel + initrd
Measure the kernel and initrd when loaded on UEFI systems
2016-01-05 14:35:17 -08:00
Matthew Garrett
858f763466 Core TPM support
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI and BIOS systems, but
will measure all modules as they're loaded.
2016-01-05 14:35:05 -08:00
Matthew Garrett
76fb8e4341 Fix race in EFI validation
The Secure Boot code currently reads the kernel from disk, validates the
signature and then reads it from disk again. A sufficiently exciting storage
device could modify the kernel between these two events and trigger the
execution of an untrusted kernel. Avoid re-reading it in order to ensure
this isn't a problem, and in the process speed up boot by not reading the
kernel twice.
2016-01-05 14:14:54 -08:00
Michael Marineau
fcefc6bbc5 Merge pull request #19 from marineam/merge
Merge upstream GRUB changes
2015-12-22 17:30:18 -08:00
Michael Marineau
286f1b63df Merge branch 'master' of git://git.savannah.gnu.org/grub 2015-12-17 12:01:00 -08:00
Michael Marineau
c81cf64a40 Revert "linguas: use en_US as UTF-8 locale, C.UTF-8 is not a standard locale."
This reverts commit 28b0af948e.
Superseded by a39137aefe upstream.
2015-12-17 12:00:03 -08:00
Robert Elliott
c79c59f129 lsefimmap: support persistent memory and other UEFI 2.5 features
This should accompany
	76ce1de740 Translate UEFI persistent memory type

1. Add a string for the EfiPersistentMemory type 14 that was
added in UEFI 2.5.

2. Decode the memory attributes that were added in UEFI 2.5:
* NV (non-volatile)
* MORE_RELIABLE (higher reliable, e.g., mirrored memory in a system
  with partial memory mirroring)
* RO (read-only)

3. Use proper IEC binary units (KiB, MiB, etc.) for power-of-two
values rather than misusing SI power-of-ten units (KB, MB, etc.)

4. The lsmmap command only decodes memory ranges sizes up to GiB scale
units.  Persistent memory ranges will reach into the TiB scale.
Since 64-bit size field supports TiB, PiB, and EiB, decode all of
them for completeness.

5. In the lsefimmap command, rewrite the print statements to
* avoid rounding
* avoid a big nested if/else tree.

For example: In the sixth entry below, the value of 309MB implies
316416KB but is really reporting 316436KB.

Widen the size column to 6 digits to accommodate typical cases.
The worst case value would require 14 digits; if that happens,
let the columns get out of sync.

Old format:
Type      Physical start  - end             #Pages     Size Attributes
conv-mem  0000000000000000-0000000000092fff 00000093  588KB UC WC WT WB
reserved  0000000000093000-0000000000093fff 00000001    4KB UC WC WT WB
conv-mem  0000000000094000-000000000009ffff 0000000c   48KB UC WC WT WB
conv-mem  0000000000100000-000000000fffffff 0000ff00  255MB UC WC WT WB
BS-code   0000000010000000-0000000010048fff 00000049  292KB UC WC WT WB
conv-mem  0000000010049000-000000002354dfff 00013505  309MB UC WC WT WB
ldr-data  000000002354e000-000000003ecfffff 0001b7b2  439MB UC WC WT WB
BS-data   000000003ed00000-000000003ed7ffff 00000080  512KB UC WC WT WB
conv-mem  000000003ed80000-000000006af5ffff 0002c1e0  705MB UC WC WT WB
reserved  000000006af60000-000000006b55ffff 00000600    6MB UC WC WT WB
BS-data   000000006b560000-000000006b560fff 00000001    4KB UC WC WT WB
RT-data   000000006b561000-000000006b5e1fff 00000081  516KB RT UC WC WT WB
BS-data   000000006b5e2000-000000006ecfafff 00003719   55MB UC WC WT WB
BS-code   000000006ecfb000-000000006ecfbfff 00000001    4KB UC WC WT WB
conv-mem  000000006ecfc000-00000000711fafff 000024ff   36MB UC WC WT WB
BS-data   00000000711fb000-000000007128dfff 00000093  588KB UC WC WT WB
Unk 0d    0000000880000000-0000000e7fffffff 00600000   24GB UC WC WT WB NV
reserved  0000001680000000-0000001c7fffffff 00600000   24GB UC WC WT WB NV

New format:
Type      Physical start  - end             #Pages        Size Attributes
conv-mem  0000000000000000-0000000000092fff 00000093    588KiB UC WC WT WB
reserved  0000000000093000-0000000000093fff 00000001      4KiB UC WC WT WB
conv-mem  0000000000094000-000000000009ffff 0000000c     48KiB UC WC WT WB
conv-mem  0000000000100000-000000000fffffff 0000ff00    255MiB UC WC WT WB
BS-code   0000000010000000-0000000010048fff 00000049    292KiB UC WC WT WB
conv-mem  0000000010049000-000000002354dfff 00013505 316436KiB UC WC WT WB
ldr-data  000000002354e000-000000003ecfffff 0001b7b2 450248KiB UC WC WT WB
BS-data   000000003ed00000-000000003ed7ffff 00000080    512KiB UC WC WT WB
conv-mem  000000003ed80000-000000006af5ffff 0002c1e0 722816KiB UC WC WT WB
reserved  000000006af60000-000000006b55ffff 00000600      6MiB UC WC WT WB
BS-data   000000006b560000-000000006b560fff 00000001      4KiB UC WC WT WB
RT-data   000000006b561000-000000006b5e1fff 00000081    516KiB RT UC WC WT WB
BS-data   000000006b5e2000-000000006ecfafff 00003719  56420KiB UC WC WT WB
BS-code   000000006ecfb000-000000006ecfbfff 00000001      4KiB UC WC WT WB
conv-mem  000000006ecfc000-0000000071222fff 00002527  38044KiB UC WC WT WB
BS-data   0000000071223000-00000000712ddfff 000000bb    748KiB UC WC WT WB
persist   0000000880000000-0000000e7fffffff 00600000     24GiB UC WC WT WB NV
reserved  0000001680000000-0000001c7fffffff 00600000     24GiB UC WC WT WB NV
2015-12-17 21:00:44 +03:00
Andrei Borzenkov
609c049dcc kernel: print and reset grub_errno after each embedded config line
Otherwise it causes subsequent file open to fail, because grub_file_open
misinterprets set grub_errno for grub_file_get_device_name failure.

Closes: 46540
2015-12-16 21:20:30 +03:00
Andrei Borzenkov
7136b545c1 Erase backspaced character in grub_username_get
It probably does not work across linefeed, but hopefully user names are not
that long (and nobody is using terminal that small).
2015-12-16 19:20:10 +03:00
Hector Marco-Gisbert
451d80e52d Fix security issue when reading username and password
This patch fixes two integer underflows at:
  * grub-core/lib/crypto.c
  * grub-core/normal/auth.c

CVE-2015-8370

Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
2015-12-16 07:57:18 +03:00