Commit graph

227 commits

Author SHA1 Message Date
Matthew Garrett
bb3473d7c8 Rework TPM measurements
Rework TPM measurements to use fewer PCRs. After discussion with upstream,
it's preferable to avoid using so many PCRs. Instead, measure into PCRs 8
and 9 but use a prefix in the event log to indicate which subsystem carried
out the measurements.
2016-03-23 17:03:43 -07:00
Matthew Garrett
a0e69405e2 Measure multiboot images and modules 2016-01-05 14:35:17 -08:00
Matthew Garrett
20e355fd5a Measure kernel and initrd on BIOS systems
Measure the kernel and initrd when loaded on BIOS systems
2016-01-05 14:35:17 -08:00
Matthew Garrett
738f6f09b3 Rework linux16 command
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel int it
before pulling out the individual blocks later on.
2016-01-05 14:35:17 -08:00
Matthew Garrett
a2599ab047 Rework linux command
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel into it
before pulling out the individual blocks later on.
2016-01-05 14:35:17 -08:00
Matthew Garrett
f22ee4487c Measure kernel + initrd
Measure the kernel and initrd when loaded on UEFI systems
2016-01-05 14:35:17 -08:00
Matthew Garrett
76fb8e4341 Fix race in EFI validation
The Secure Boot code currently reads the kernel from disk, validates the
signature and then reads it from disk again. A sufficiently exciting storage
device could modify the kernel between these two events and trigger the
execution of an untrusted kernel. Avoid re-reading it in order to ensure
this isn't a problem, and in the process speed up boot by not reading the
kernel twice.
2016-01-05 14:14:54 -08:00
Michael Marineau
286f1b63df Merge branch 'master' of git://git.savannah.gnu.org/grub 2015-12-17 12:01:00 -08:00
Vladimir Serbinenko
95ba04606f multiboot_mbi: Fix handling of --quirk-bad-kludge. 2015-11-12 11:54:13 +01:00
Michael Marineau
91391dc52b Merge pull request #14 from coreos/gnu
Merge upstream GRUB changes
2015-08-13 13:32:56 -07:00
Michael Marineau
c7c750ecc2 Merge upstream changes as of April 29th 2015-07-31 15:41:48 -07:00
Andrei Borzenkov
806bb7999d loader/bsd: fix memory leak
Found by: Coverity scan.
CID: 96662, 96665
2015-06-26 09:25:30 +03:00
Matthew Garrett
e5ee3e8fa5 Add verity hash passthrough
Read the verity hash from the kernel binary and pass it to the running
system via the kernel command line
2015-06-23 13:15:53 -07:00
Andrei Borzenkov
867c9b7bec loader/bsd: free memory leaks
Found by: Coverity scan.
CID: 96671, 96658, 96653
2015-06-20 23:38:19 +03:00
Andrei Borzenkov
4a857e63c1 loader/bsd: free memory leaks
Found by: Coverity scan.
CID: 96682
2015-06-20 23:38:18 +03:00
Andrei Borzenkov
20211c0077 loader/bsd: fix memory leak
Found by: Coverity scan.
CID: 96686
2015-06-20 23:38:18 +03:00
Andrei Borzenkov
e261fcf4c6 xnu: fix use after free
Found by: Coverity scan.
CID: 96706
2015-06-20 23:38:18 +03:00
Vladimir Serbinenko
e5b4ba8c2b linux.c: Ensure that initrd is page-aligned. 2015-05-07 16:23:39 +02:00
Vladimir Serbinenko
9f731abc7f Revert parts accidentally committed 2 commits ago. 2015-05-07 16:21:34 +02:00
Fu Wei
f8451af825 arm64: Export useful functions from linux.c
Signed-off-by: Fu Wei <fu.wei@linaro.org>
2015-05-07 15:11:04 +02:00
Matthew Garrett
9b669efb38 Fail validation if we can't find shim and Secure Boot is enabled
If grub is signed with a key that's in the trusted EFI keyring, an attacker
can point a boot entry at grub rather than at shim and grub will fail to
locate the shim verification protocol. This would then allow booting an
arbitrary kernel image. Fail validation if Secure Boot is enabled and we
can't find the shim protocol in order to prevent this.
2015-04-22 12:47:49 -07:00
Sarah Newman
7d39938474 grub-core/loader/i386/xen.c: Initialized initrd_ctx so we don't free a random pointer from the stack.
Signed-off-by: Sarah Newman <srn@prgmr.com>
2015-03-28 07:14:17 +03:00
Vladimir Serbinenko
9ee5ae1fae Document intentional fallthroughs.
Found by: Coverity scan.
2015-01-27 17:17:58 +01:00
Vladimir Serbinenko
e12c3bed90 plan9: Add missing grub_device_close.
Found by: Coverity scan.
2015-01-26 09:45:37 +01:00
Vladimir Serbinenko
ef02b4ca93 multiboot: Simplify to avoid confusing assignment.
Found by: Coverity scan.
2015-01-26 09:43:52 +01:00
Vladimir Serbinenko
1e0d718371 bsd: Add missing null-pointer check.
Found by: Coverity scan.
2015-01-26 09:42:42 +01:00
Vladimir Serbinenko
b666e01b9c * grub-core/loader/i386/xnu.c (guessfsb): Avoid division by 0. 2015-01-21 17:42:14 +01:00
Vladimir Serbinenko
59d4036594 Replace explicit sizeof divisions by ARRAY_SIZE. 2015-01-21 17:37:31 +01:00
Andrei Borzenkov
3173c7501c grub-core/loader/i386/xen_fileXX.c: memory leak in grub_xen_get_infoXX
CID: 73645, 73782
2014-12-01 21:23:54 +03:00
Matthew Garrett
0de7775230 Add support for linuxefi 2014-11-05 20:40:53 -08:00
Andrei Borzenkov
9a67e1ac8e Use full initializer for initrd_ctx to avoid fatal warnings with older GCC
struct ... foo = { 0, } is valid initializer, but older GCC emits
warning which is fatal error due to -Werror=missing-field-initializer.
So simply use full initializer to avoid these errors. This was fixed
probably in GCC 4.7.

See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=36750
2014-10-14 20:12:15 +04:00
Andrey Borzenkov
954fe77163 cleanup: grub_cpu_to_XXX_compile_time for constants
This tries to catch all cases where grub_cpu_to_XXX was used for constant
expressions (including sizeof).
2014-09-22 20:47:10 +04:00
Peter Jones
631a820038 Initialized initrd_ctx so we don't free a random pointer from the stack.
Currently, if "linux" fails, the "goto fail;" in grub_cmd_initrd sends us
into grub_initrd_close() without grub_initrd_init() being called, and thus
it never clears initrd_ctx->components.  grub_initrd_close() then frees that
address, which is stale data from the stack.  If the stack happens to have a
stale *address* there that matches a recent allocation, then you'll get a
double free later.

So initialize the memory up front.

Signed-off-by: Peter Jones <pjones@redhat.com>
2014-09-21 10:36:42 +04:00
Stephane Rochoy
15bd333e10 * grub-core/loader/i386/bsd.c (grub_netbsd_boot): Pass pointer to
EFI system table.
2014-06-22 01:35:52 +02:00
Vladimir Serbinenko
8063ce197f Replace few instances of memcmp/memcpy in the code that should be grub_memcmp/grub_memcpy. 2014-04-04 07:58:42 +02:00
Vladimir Serbinenko
86402b4e0f * include/grub/i386/openbsd_bootarg.h: Add addr and frequency fields.
* grub-core/loader/i386/bsd.c (grub_cmd_openbsd): Fill addr field.

	Suggested by: Markus Müller.
2014-02-28 10:50:05 +01:00
Vladimir Serbinenko
4a70fed815 * grub-core/loader/i386/multiboot_mbi.c (grub_multiboot_make_mbi): Limit
location to 640K.
2014-02-28 09:48:57 +01:00
Andrey Borzenkov
f371dd5da8 fix include loop on MinGW due to libintl.h pulling stdio.h
In file included from ./include/grub/dl.h:23:0,
                 from grub-core/lib/libgcrypt-grub/cipher/rfc2268.c:3:
./include/grub/list.h:34:18: warning: conflicting types for 'grub_list_push' [en
abled by default]
 void EXPORT_FUNC(grub_list_push) (grub_list_t *head, grub_list_t item);
                  ^
./include/grub/symbol.h:68:25: note: in definition of macro 'EXPORT_FUNC'
 # define EXPORT_FUNC(x) x
                         ^
In file included from ./include/grub/fs.h:30:0,
                 from ./include/grub/file.h:25,
                 from ./grub-core/lib/posix_wrap/stdio.h:23,
                 from c:\mingw\include\libintl.h:314,
                 from ./include/grub/i18n.h:33,
                 from ./include/grub/misc.h:27,
                 from ./include/grub/list.h:25,
                 from ./include/grub/dl.h:28,
                 from grub-core/lib/libgcrypt-grub/cipher/rfc2268.c:3:
./include/grub/partition.h:106:3: note: previous implicit declaration of 'grub_l
ist_push' was here
   grub_list_push (GRUB_AS_LIST_P (&grub_partition_map_list),
   ^
list.h needs just ATTRIBUTE_ERROR from misc.h; split compiler features
into separate file grub/compiler.h and include it instead.
2014-01-18 21:22:57 +04:00
Vladimir Serbinenko
72c9a50773 Remove xen VFB.
Due to XEN bug it prevents Linux boot. Remove it at least, until
	workaround is found.
2013-12-18 18:43:09 +01:00
Vladimir Serbinenko
9246d5c8a4 * grub-core/commands/fileXX.c: Silence cast-align.
* grub-core/loader/i386/xen_fileXX.c: Likewise.
2013-12-18 07:40:43 +01:00
Vladimir Serbinenko
57a691b7e7 Decrease number of strings to translate. 2013-12-18 07:26:13 +01:00
Vladimir Serbinenko
184c61ddce Add Radeon Yeeloong 3A support. 2013-12-17 22:52:04 +01:00
Vladimir Serbinenko
1123bed944 * grub-core/loader/i386/xen_fileXX.c: Silence cast-align. 2013-12-17 20:47:31 +01:00
Vladimir Serbinenko
3086175489 Implement Truecrypt ISO loader. 2013-12-17 14:45:46 +01:00
Vladimir Serbinenko
ec824e0f2a Implement grub_file tool and use it to implement generating of config
in separate root.
2013-12-17 14:39:48 +01:00
Vladimir Serbinenko
71669c3b76 Implement XEN VFB support. 2013-12-17 13:07:26 +01:00
Vladimir Serbinenko
111bf5db8b * grub-core/loader/i386/linux.c: Use grub_addr_t rather than long when
appropriate.
2013-12-15 14:37:12 +01:00
Vladimir Serbinenko
24ca71c93b * grub-core/loader/i386/linux.c: Use %p rather than %lx for pointers. 2013-12-15 14:35:18 +01:00
Vladimir Serbinenko
7e47e27bd8 Add gcc_struct to all packed structures when compiling with mingw.
Just "packed" doesn't always pack the way we expect.
2013-12-15 14:14:30 +01:00
Vladimir Serbinenko
44bbfa33b8 Propagate the EFI commits to x86-efi specific parts. 2013-12-11 16:11:17 +01:00