The reboot function calls machine_fini() and then reboots the system.
Currently it lives in lib/ which means it gets compiled into the
reboot module which lives on the heap.
In a following patch, I want to free the heap on machine_fini()
though, so we would free the memory that the code is running in. That
obviously breaks with smarter UEFI implementations.
So this patch moves it into the core. That way we ensure that all
code running after machine_fini() in the UEFI case is running from
memory that got allocated (and gets deallocated) by the UEFI core.
Signed-off-by: Alexander Graf <agraf@suse.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
UEFI 2.6 9.3.6.4 File Path Media Device Path says that Path Name is
"A NULL-terminated Path string including directory and file names".
Strip final NULL from Path Name in each File Path node when constructing
full path. To be on safe side, strip all of them.
Fixes failure chainloading grub from grub, when loaded grub truncates
image path and does not find its grub.cfg.
https://bugzilla.opensuse.org/show_bug.cgi?id=1026344
This was triggered by commit ce95549cc54b5d6f494608a7c390dba3aab4fba7;
before it we built Path Name without trailing NULL, and apparently all
other bootloaders use single File Path node, thus not exposing this bug.
The current code for EFI grub_exit() calls grub_efi_fini() before
returning to firmware. In the case of ARM, this leaves a timer
event running which could lead to a firmware crash. This patch
changes this so that grub_machine_fini() is called with a NORETURN
flag. This allows machine-specific shutdown to happen as well
as the shutdown done by grub_efi_fini().
Signed-off-by: Mark Salter <msalter@redhat.com>
Hi,
Fedora's patch to forbid insmod in UEFI Secure Boot environments is fine
as far as it goes. However, the insmod command is not the only way that
modules can be loaded. In particular, the 'normal' command, which
implements the usual GRUB menu and the fully-featured command prompt,
will implicitly load commands not currently loaded into memory. This
permits trivial Secure Boot violations by writing commands implementing
whatever you want to do and pointing $prefix at the malicious code.
I'm currently test-building this patch (replacing your current
grub-2.00-no-insmod-on-sb.patch), but this should be more correct. It
moves the check into grub_dl_load_file.
* grub-core/commands/efi/efifwsetup.c: New file.
* grub-core/kern/efi/efi.c (grub_efi_set_variable): New function
* include/grub/efi/api.h (GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI):
New define.
* include/grub/efi/efi.h (grub_efi_set_variable): New proto.
* grub-core/kern/efi/efi.c (grub_rtc_get_time_ms) [__ia64__]: Remove on
ia64.
(grub_get_rtc) [__ia64__]: Likewise.
* grub-core/kern/ia64/efi/init.c (divisor): New variable.
(get_itc): New function.
(grub_rtc_get_time_ms): Likewise.
(grub_machine_init): Calibrate ITC.
* include/grub/efi/time.h (grub_get_rtc), (GRUB_TICKS_PER_SECOND):
Keep only on non-ia64. Don't export since it's broken and used only
if TSC is unavailable.
* grub-core/kern/efi/efi.c (grub_efi_get_variable): New argument
datasize_out.
* grub-core/video/efi_gop.c (check_protocol): Check that GOP has usable
modes. Set gop_handle.
(grub_video_gop_get_edid): New function.
(grub_gop_get_preferred_mode): Likewise.
(grub_video_gop_setup): Use grub_gop_get_preferred_mode.
(grub_video_efi_gop_adapter): Set .get_edid.
* include/grub/efi/edid.h: New file.
* include/grub/efi/efi.h (grub_efi_get_variable): Update proto.
Also-By: Vladimir Serbinenko <phcoder@gmail.com>