Commit graph

37 commits

Author SHA1 Message Date
Matthew Garrett
f4f4e3c715 verifiers: Core TPM support
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI. In future we might
want to have some sort of mechanism for choosing which events get logged
to which PCRs, but this seems like a good default policy and we can wait
to see whether anyone  has a use case before adding more complexity.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 16:43:54 -04:00
Vladimir Serbinenko
0f20a51812 verifiers: Add possibility to verify kernel and modules command lines
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2020-09-21 13:46:34 -04:00
Vladimir Serbinenko
aebe31c375 verifiers: File type for fine-grained signature-verification controlling
Let's provide file type info to the I/O layer. This way verifiers
framework and its users will be able to differentiate files and verify
only required ones.

This is preparatory patch.

Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2020-09-21 13:29:05 -04:00
Cao jin
3cf4158e6c linux16: Code cleanup
1. move relocator related code more close to each other
2. use variable "len" since it has correct assignment, and keep coding
style with upper code

Signed-off-by: Cao jin <caoj.fnst@cn.fujitsu.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 13:29:05 -04:00
Leif Lindholm
103779a19e i386: make struct linux_kernel_header architecture specific
struct linux_kernel_header -> struct linux_i386_kernel_header

Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 12:16:25 -04:00
Leif Lindholm
1901a159bd make GRUB_LINUX_MAGIC_SIGNATURE architecture-specific
Rename GRUB_LINUX_MAGIC_SIGNATURE GRUB_LINUX_I386_MAGIC_SIGNATURE,
to be usable in code that supports more than one image type.

Signed-off-by: Leif Lindholm <leif.lindholm@linaro.org>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 12:16:25 -04:00
Matthew Garrett
bf25cda14e Make TPM errors less fatal
Handle TPM errors, and stop trying to use the TPM once we hit one.
2016-10-13 14:01:52 -07:00
Matthew Garrett
bb3473d7c8 Rework TPM measurements
Rework TPM measurements to use fewer PCRs. After discussion with upstream,
it's preferable to avoid using so many PCRs. Instead, measure into PCRs 8
and 9 but use a prefix in the event log to indicate which subsystem carried
out the measurements.
2016-03-23 17:03:43 -07:00
Matthew Garrett
20e355fd5a Measure kernel and initrd on BIOS systems
Measure the kernel and initrd when loaded on BIOS systems
2016-01-05 14:35:17 -08:00
Matthew Garrett
738f6f09b3 Rework linux16 command
We want a single buffer that contains the entire kernel image in order to
perform a TPM measurement. Allocate one and copy the entire kernel int it
before pulling out the individual blocks later on.
2016-01-05 14:35:17 -08:00
Vladimir Serbinenko
9ee5ae1fae Document intentional fallthroughs.
Found by: Coverity scan.
2015-01-27 17:17:58 +01:00
Andrei Borzenkov
9a67e1ac8e Use full initializer for initrd_ctx to avoid fatal warnings with older GCC
struct ... foo = { 0, } is valid initializer, but older GCC emits
warning which is fatal error due to -Werror=missing-field-initializer.
So simply use full initializer to avoid these errors. This was fixed
probably in GCC 4.7.

See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=36750
2014-10-14 20:12:15 +04:00
Andrey Borzenkov
954fe77163 cleanup: grub_cpu_to_XXX_compile_time for constants
This tries to catch all cases where grub_cpu_to_XXX was used for constant
expressions (including sizeof).
2014-09-22 20:47:10 +04:00
Peter Jones
631a820038 Initialized initrd_ctx so we don't free a random pointer from the stack.
Currently, if "linux" fails, the "goto fail;" in grub_cmd_initrd sends us
into grub_initrd_close() without grub_initrd_init() being called, and thus
it never clears initrd_ctx->components.  grub_initrd_close() then frees that
address, which is stale data from the stack.  If the stack happens to have a
stale *address* there that matches a recent allocation, then you'll get a
double free later.

So initialize the memory up front.

Signed-off-by: Peter Jones <pjones@redhat.com>
2014-09-21 10:36:42 +04:00
Vladimir 'phcoder' Serbinenko
92750e4c60 Add ability to generate newc additions on runtime. 2013-03-22 21:01:28 +01:00
Vladimir 'phcoder' Serbinenko
e230377407 * grub-core/loader/i386/pc/linux.c (grub_cmd_linux): Fix compilation
for 64-bit platforms.
2013-03-01 10:39:41 +01:00
Vladimir 'phcoder' Serbinenko
0789b67232 Enable linux16 on non-BIOS systems for i.a. memtest.
* grub-core/loader/i386/pc/linux.c (grub_cmd_linux): Handle hole at 0
	correctly.
	* grub-core/Makefile.core.def (linux16): Enable on all x86 flavours.
2013-02-28 22:48:41 +01:00
Vladimir 'phcoder' Serbinenko
1a2fd1e674 * include/grub/misc.h (ALIGN_UP_OVERHEAD): New define.
* grub-core/loader/i386/linux.c (grub_cmd_initrd): Align initrds at 4.
	* grub-core/loader/i386/pc/linux.c (grub_cmd_initrd): Likewise.
	* grub-core/loader/ia64/efi/linux.c (grub_cmd_initrd): Likewise.
	* grub-core/loader/mips/linux.c (grub_cmd_initrd): Likewise.
	* grub-core/loader/powerpc/ieee1275/linux.c (grub_cmd_initrd): Likewise.
	* grub-core/loader/sparc64/ieee1275/linux.c (grub_cmd_initrd): Likewise.
2012-03-05 01:17:55 +01:00
Vladimir 'phcoder' Serbinenko
9be4c45dbe boot services avoid code based on the patch by Matthew Garrett 2012-03-03 20:06:41 +01:00
Vladimir 'phcoder' Serbinenko
db5fc59616 * grub-core/loader/efi/appleloader.c (grub_cmd_appleloader): Move
diagnostic to dprintf.
	* grub-core/loader/i386/pc/linux.c (grub_cmd_linux): Likewise.
2012-02-12 19:03:14 +01:00
Vladimir 'phcoder' Serbinenko
9c4b5c13e6 Improve gettext support. Stylistic fixes and error handling fixes while
on it.
2012-02-08 19:26:01 +01:00
Vladimir 'phcoder' Serbinenko
3c76ea0c2c * util/grub.d/30_os-prober.in: Fix occurence of grub-probe instead of
grub_probe.
	Reported by: adamwill
2012-01-13 13:54:24 +01:00
Vladimir 'phcoder' Serbinenko
7a45a539db Don't override more informative errors.
* grub-core/commands/acpi.c (grub_cmd_acpi): Don't override errors.
	* grub-core/font/font.c (open_section): Likewise.
	* grub-core/loader/i386/bsd.c (grub_bsd_load_aout): New argument
	filename. Don't override errors.
	(grub_cmd_openbsd_ramdisk): Don't override errors.
	* grub-core/loader/i386/linux.c (grub_cmd_linux): Likewise.
	(grub_cmd_initrd): Likewise.
	* grub-core/loader/i386/pc/linux.c (grub_cmd_linux): Likewise.
	(grub_cmd_initrd): Likewise.
	* grub-core/loader/ia64/efi/linux.c (grub_load_elf64): Likewise.
	(grub_cmd_linux): Likewise.
	(grub_cmd_initrd): Likewise.
	(grub_cmd_payload): Likewise.
	* grub-core/loader/mips/linux.c (grub_cmd_initrd): Likewise.
	* grub-core/loader/multiboot.c (grub_cmd_multiboot): Likewise.
	(grub_cmd_module): Likewise.
	* grub-core/loader/powerpc/ieee1275/linux.c (grub_cmd_initrd): Likewise.
	* grub-core/loader/sparc64/ieee1275/linux.c (grub_cmd_initrd): Likewise.
	* grub-core/loader/xnu.c (grub_xnu_load_driver): Likewise.
	(grub_cmd_xnu_mkext): Likewise.
	(grub_cmd_xnu_ramdisk): Likewise.
	(grub_xnu_check_os_bundle_required): Likewise.
	(grub_xnu_load_kext_from_dir): Likewise.
	(grub_cmd_xnu_kextdir): Likewise.
	* grub-core/loader/xnu_resume.c (grub_xnu_resume): Likewise.
2011-12-26 12:58:08 +01:00
Vladimir 'phcoder' Serbinenko
db1326f5fb Move chainloader_real_boot out of the kernel 2011-10-21 00:16:59 +02:00
Vladimir 'phcoder' Serbinenko
05caa461e8 Long Linux command line support.
* grub-core/loader/i386/linux.c (GRUB_LINUX_CL_END_OFFSET): Removed.
	(maximal_cmdline_size): New variable.
	(allocate_pages): Use maximal_cmdline_size.
	(grub_cmd_linux): Set and use maximal_cmdline_size.
	* grub-core/loader/i386/pc/linux.c (GRUB_LINUX_CL_END_OFFSET): Removed.
	(allocate_pages): Use maximal_cmdline_size.
	(grub_cmd_linux): Set and use maximal_cmdline_size.
	* include/grub/i386/linux.h (GRUB_LINUX_SETUP_MOVE_SIZE): Removed.
	(linux_kernel_header): Add fields kernel_alignment, relocatable, pad
	and cmdline_size.
2011-05-18 09:56:33 +02:00
Vladimir 'phcoder' Serbinenko
e745cf0ca6 Implement automatic module license checking according to new GNU
guidelines.

	* grub-core/kern/dl.c (grub_dl_check_license): New function.
	(grub_dl_load_core): Use grub_dl_check_license.
	* include/grub/dl.h (GRUB_MOD_SECTION): New macro.
	(GRUB_MOD_LICENSE): Likewise.
	(GRUB_MOD_DUAL_LICENSE): Likewise.
	All modules updated.
2011-04-11 23:01:51 +02:00
Szymon Janc
25953e1055 Improve loaders' kernel command line handling.
* grub-core/lib/cmdline.c: New file.
	* include/grub/lib/cmdline.h: Likewise.
	* grub-core/loader/i386/linux.c (grub_cmd_linux): Use
	grub_create_loader_cmdline to create kernel command line.
	* grub-core/loader/i386/pc/linux.c (grub_cmd_linux): Likewise.
	* grub-core/loader/powerpc/ieee1275/linux.c (grub_cmd_linux): Likewise.
	* grub-core/loader/sparc64/ieee1275/linux.c (grub_cmd_linux): Likewise.
	* grub-core/Makefile.core.def (linux16): Add lib/cmdline.c on i386_pc.
	(linux): Add lib/cmdline.c on common.
2011-01-07 17:09:39 +01:00
Vladimir 'phcoder' Serbinenko
a06eb03ad0 Support long command lines as per 2.06 Linux boot protocol 2010-11-13 21:27:08 +01:00
Vladimir 'phcoder' Serbinenko
a1d84a5e5e Unify memory types.
* grub-core/Makefile.am (KERNEL_HEADER_FILES): Include memory.h.
	* grub-core/commands/lsmmap.c (grub_cmd_lsmmap): Output user-readable
	types.
	* grub-core/kern/i386/multiboot_mmap.c (grub_lower_mem): Removed.
	(grub_upper_mem): Likewise.
	* grub-core/kern/ieee1275/init.c (grub_upper_mem): Likewise.
	* include/grub/memory.h (grub_memory_type_t): New enum.
	All users updated.
2010-09-19 00:04:31 +02:00
Vladimir 'phcoder' Serbinenko
275433e642 Don't export grub_gate_a20.
* grub-core/kern/i386/pc/init.c: Remove leftovers.
	* grub-core/kern/i386/pc/startup.S (FUNCTION(grub_gate_a20)): Rename
	to ...
	(grub_gate_a20): ... this. All users updated.
	* include/grub/i386/pc/init.h: Removed. All users updated.
2010-09-14 01:08:24 +02:00
Vladimir 'phcoder' Serbinenko
fc2ef1172c * grub-core/io/gzio.c (grub_gzio_open): Removed "transparent" parameter.
Made static.
	(grub_gzfile_open): Removed. All users updated.
	(GRUB_MOD_INIT): New function.
	(GRUB_MOD_FINI): Likewise.
	* grub-core/kern/file.c (grub_file_filters_all): New variable.
	(grub_file_filters_enabled): Likewise.
	(grub_file_open): Handle filters.
	* grub-core/loader/i386/bsd.c (GRUB_MOD_INIT): Load gzio.
	* grub-core/normal/main.c (GRUB_MOD_INIT): Likewise.
	* include/grub/file.h (grub_file_filter_id_t): New type.
	(grub_file_filter_t): Likewise.
	(grub_file_filters_all): New extern variable.
	(grub_file_filters_enabled): Likewise.
	(grub_file_filter_register): New inline function.
	(grub_file_filter_unregister): Likewise.
	(grub_file_filter_disable): Likewise.
	(grub_file_filter_disable_compression): Likewise.
	* include/grub/gzio.h: Removed.
2010-09-05 13:05:36 +02:00
Vladimir 'phcoder' Serbinenko
df3df23d5c Reorganise memory map handling 2010-09-04 17:10:10 +02:00
Vladimir 'phcoder' Serbinenko
eefe8abd52 Dimplify tags and enable USB on more platforms 2010-08-30 15:13:38 +02:00
Vladimir 'phcoder' Serbinenko
069c9c5fda merge mainline into intwrap 2010-08-29 23:21:21 +02:00
Vladimir 'phcoder' Serbinenko
16bd6cfab2 Merge mainline into newreloc. For now without boot tests 2010-08-25 03:25:18 +02:00
BVK Chaitanya
297f0c2b6e merge with mainline 2010-07-13 00:43:28 +05:30
BVK Chaitanya
8c41176882 automake commit without merge history 2010-05-06 11:34:04 +05:30
Renamed from loader/i386/pc/linux.c (Browse further)