vbatts/grub
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
9743 commits 7 branches 16 tags 72 MiB
Commit graph

415 commits

Author SHA1 Message Date
Michael Chang
15aee573d2 xen_file: Fix invalid payload size 2016-03-11 10:26:51 +01:00
Vladimir Serbinenko
2ebef43cf6 bsd: Ensure that kernel is loaded before loading module. 
kernel_type may be set to the type of failed kernel. This patching-up is
easier than to reflow kernel loading routines.
 2016-02-27 13:35:36 +01:00
Andrei Borzenkov
15dfea842c multiboot2: zero reserved field in memory map 
Documentation says, bootloader should set reserved field to zero.

Reported by Wink Saville <wink@saville.com>
 2016-02-23 09:12:14 +03:00
Eric Snowberg
080a20861c OBP available region contains grub. Start at grub_phys_end. 
This prevents a problem where grub was being overwritten since
grub_phys_start does not start at a zero offset within the memory
map.
 2016-02-12 23:16:03 +01:00
Vladimir Serbinenko
22aa31bcc3 xnu: Supply random seed. 
Now we're able to load kernels up to El Capitan.
 2016-02-12 12:40:10 +01:00
Vladimir Serbinenko
df4df4d887 xnu: Include relocated EFI in heap size. 2016-02-11 12:30:45 +01:00
Vladimir Serbinenko
2d425ffdd5 xnu: supply ramsize to the kernel. 
Without this info recent kernels crash as they allocate no heap.
 2016-02-11 11:58:28 +01:00
Vladimir Serbinenko
0edd750e50 xen_boot: Remove obsolete module type distinctions. 2016-01-22 10:18:47 +01:00
Colin Watson
92bbf25714 loader/bsd: Fix signed/unsigned comparison 2016-01-16 20:40:55 +00:00
Andrei Borzenkov
4f8fe948b9 loader: Unintended sign extension 
CID: 96707, 96699, 96693, 96691, 96711, 96709, 96708, 96703, 96702,
96700, 96698, 96696, 96695, 96692, 96710, 96705
 2016-01-15 19:18:05 +03:00
Andrei Borzenkov
29862fdc3a xnu: fix memory leak 
Found by: Coverity scan.
CID: 96663
 2016-01-12 21:52:51 +03:00
Andrei Borzenkov
9daf7aae8b truecrypt: fix memory leak 
Found by: Coverity scan.
CID: 156611
 2016-01-12 21:52:51 +03:00
Andrei Borzenkov
31f6506c57 loader/multiboot: fix unintended sign extension 
Found by: Coveruty scan.
CID: 73700, 73763
 2016-01-09 19:58:51 +03:00
Matthew Garrett
a0e69405e2 Measure multiboot images and modules 2016-01-05 14:35:17 -08:00
Matthew Garrett
20e355fd5a Measure kernel and initrd on BIOS systems 
Measure the kernel and initrd when loaded on BIOS systems
 2016-01-05 14:35:17 -08:00
Matthew Garrett
738f6f09b3 Rework linux16 command 
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel int it
before pulling out the individual blocks later on.
 2016-01-05 14:35:17 -08:00
Matthew Garrett
a2599ab047 Rework linux command 
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel into it
before pulling out the individual blocks later on.
 2016-01-05 14:35:17 -08:00
Matthew Garrett
f22ee4487c Measure kernel + initrd 
Measure the kernel and initrd when loaded on UEFI systems
 2016-01-05 14:35:17 -08:00
Matthew Garrett
76fb8e4341 Fix race in EFI validation 
The Secure Boot code currently reads the kernel from disk, validates the
signature and then reads it from disk again. A sufficiently exciting storage
device could modify the kernel between these two events and trigger the
execution of an untrusted kernel. Avoid re-reading it in order to ensure
this isn't a problem, and in the process speed up boot by not reading the
kernel twice.
 2016-01-05 14:14:54 -08:00
Vladimir Serbinenko
5919626c90 sparc64: Fix assembly to let compiler to fill in memory references. 
This fixes the use of not fully relocatable (they assume that variables are
under 4G limit in virtual memory) references.
 2015-12-31 13:07:16 +01:00
Michael Marineau
286f1b63df Merge branch 'master' of git://git.savannah.gnu.org/grub 2015-12-17 12:01:00 -08:00
Andrei Borzenkov
f4c143789a Replace numbers with grub_memory_type_t enums 2015-11-27 19:52:16 +03:00
Vladimir Serbinenko
e0bd66c314 multiboot: Don't rely on particular ordering of options. 2015-11-12 11:54:38 +01:00
Vladimir Serbinenko
95ba04606f multiboot_mbi: Fix handling of --quirk-bad-kludge. 2015-11-12 11:54:13 +01:00
Fu Wei
a771a7b9f6 xen_boot: Remove useless file_name_index variable. 2015-11-12 11:33:55 +01:00
Vladimir Serbinenko
25a9b8f208 fdt.mod: Move license tag to the right file. 2015-11-09 16:15:30 +01:00
Fu Wei
372400b419 fdt.mod: Add missing license tag. 2015-11-09 15:27:59 +01:00
Fu Wei
83cb45e982 arm64: Add support for xen boot protocol. 2015-10-29 15:24:20 +01:00
Vladimir Serbinenko
4d0cb75538 arm64: Move FDT functions to separate module 2015-10-29 14:06:45 +01:00
Michael Marineau
91391dc52b Merge pull request #14 from coreos/gnu 
Merge upstream GRUB changes
 2015-08-13 13:32:56 -07:00
Michael Marineau
c7c750ecc2 Merge upstream changes as of April 29th 2015-07-31 15:41:48 -07:00
Bernhard Übelacker
61c778f640 loader/linux: Make trailer initrd entry aligned again. 
Regression from commit:
  loader/linux: do not pad initrd with zeroes at the end
  a8c473288d

Wimboot fails since the change above because it expects the "trailer"
initrd element on an aligned address.
This issue shows only when newc_name is used and the last initrd
entry has a not aligned size.
 2015-07-20 19:07:20 +03:00
Andrei Borzenkov
c058e85615 chainloader: fix resoource leak 
Found by: Coverity scan.
CID: 96651
 2015-06-26 09:25:30 +03:00
Andrei Borzenkov
806bb7999d loader/bsd: fix memory leak 
Found by: Coverity scan.
CID: 96662, 96665
 2015-06-26 09:25:30 +03:00
Matthew Garrett
e5ee3e8fa5 Add verity hash passthrough 
Read the verity hash from the kernel binary and pass it to the running
system via the kernel command line
 2015-06-23 13:15:53 -07:00
Andrei Borzenkov
867c9b7bec loader/bsd: free memory leaks 
Found by: Coverity scan.
CID: 96671, 96658, 96653
 2015-06-20 23:38:19 +03:00
Andrei Borzenkov
4a857e63c1 loader/bsd: free memory leaks 
Found by: Coverity scan.
CID: 96682
 2015-06-20 23:38:18 +03:00
Andrei Borzenkov
eb33e61b31 multiboot: fix memory leak 
Found by: Coverity scan.
CID: 96684
 2015-06-20 23:38:18 +03:00
Andrei Borzenkov
20211c0077 loader/bsd: fix memory leak 
Found by: Coverity scan.
CID: 96686
 2015-06-20 23:38:18 +03:00
Andrei Borzenkov
e261fcf4c6 xnu: fix use after free 
Found by: Coverity scan.
CID: 96706
 2015-06-20 23:38:18 +03:00
Andrei Borzenkov
c069460259 efi/chainloader: fix use after free 
Found by: Coverity scan.
CID: 96714
 2015-06-20 23:38:17 +03:00
Vladimir Serbinenko
c856be6bca multiboot1: never place modules in low memory. 
While in theory permitted by the spec, modules rarely fit in low memory
anyway and not every kernel is able to handle modules in low memory anyway.
At least VMWare is known not to be able to handle modules at arbitrary
locations.
 2015-05-27 08:41:39 +02:00
Andrei Borzenkov
a8c473288d loader/linux: do not pad initrd with zeroes at the end 
Syslinux memdisk is using initrd image and needs to know uncompressed
size in advance. For gzip uncompressed size is at the end of compressed
stream. Grub padded each input file to 4 bytes at the end, which means
syslinux got wrong size.

Linux initramfs loader apparently does not care about trailing alignment.
So change code to align beginning of each file instead which atomatically
gives us the correct size for single file.

Reported-By: David Shaw <dshaw@jabberwocky.com>
 2015-05-07 20:24:24 +03:00
Vladimir Serbinenko
e5b4ba8c2b linux.c: Ensure that initrd is page-aligned. 2015-05-07 16:23:39 +02:00
Vladimir Serbinenko
9f731abc7f Revert parts accidentally committed 2 commits ago. 2015-05-07 16:21:34 +02:00
Fu Wei
f8451af825 arm64: Export useful functions from linux.c 
Signed-off-by: Fu Wei <fu.wei@linaro.org>
 2015-05-07 15:11:04 +02:00
Matthew Garrett
9b669efb38 Fail validation if we can't find shim and Secure Boot is enabled 
If grub is signed with a key that's in the trusted EFI keyring, an attacker
can point a boot entry at grub rather than at shim and grub will fail to
locate the shim verification protocol. This would then allow booting an
arbitrary kernel image. Fail validation if Secure Boot is enabled and we
can't find the shim protocol in order to prevent this.
 2015-04-22 12:47:49 -07:00
Sarah Newman
7d39938474 grub-core/loader/i386/xen.c: Initialized initrd_ctx so we don't free a random pointer from the stack. 
Signed-off-by: Sarah Newman <srn@prgmr.com>
 2015-03-28 07:14:17 +03:00
Vladimir Serbinenko
7ea452a142 Add missing grub_ prefix in memcpy invocation 2015-02-23 22:29:33 +01:00
Daniel Kiper
8e5bc2f4d3 multiboot2: Fix information request tag size calculation 
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
 2015-02-14 19:26:04 +03:00