Commit graph

9324 commits

Author SHA1 Message Date
Matthew Garrett
bf25cda14e Make TPM errors less fatal
Handle TPM errors, and stop trying to use the TPM once we hit one.
2016-10-13 14:01:52 -07:00
Michael Marineau
5962f7d5e7 Merge pull request #39 from marineam/weird-disk-size
Tolerate systems that report different disk sizes in firmware and OS
2016-09-23 12:32:56 -07:00
Michael Marineau
44f54cbf43 gpt: write backup GPT first, skip if inaccessible.
Writing the primary GPT before the backup may lead to a confusing
situation: booting a freshly updated system could consistently fail and
next boot will fall back to the old system if writing the primary works
but writing the backup fails. If the backup is written first and fails
the primary is left in the old state so the next boot will re-try and
possibly fail in the exact same way. Making that repeatable should make
it easier for users to identify the error.

Additionally if the firmware and OS disagree on the disk size, making
the backup inaccessible to GRUB, then just skip writing the backup.
When this happens the automatic call to `coreos-setgoodroot` after boot
will take care of repairing the backup.
2016-09-23 12:25:53 -07:00
Michael Marineau
e4d25afd18 gpt: prefer disk size from header over firmware
The firmware and the OS may disagree on the disk configuration and size.
Although such a setup should be avoided users are unlikely to know about
the problem, assuming everything behaves like the OS. Tolerate this as
best we can and trust the reported on-disk location over the firmware
when looking for the backup GPT. If the location is inaccessible report
the error as best we can and move on.
2016-09-23 12:25:53 -07:00
Michael Marineau
d5ba259c89 Merge pull request #38 from marineam/cleanup
gpt: various cleanup and error handling improvements
2016-09-22 13:31:55 -07:00
Michael Marineau
8f7045ee19 gpt: rename and update documentation for grub_gpt_update
The function now does more than just recompute checksums so give it a
more general name to reflect that.
2016-09-22 11:58:44 -07:00
Michael Marineau
7cd866bd2d gpt: report all revalidation errors
Before returning an error that the primary or backup GPT is invalid push
the existing error onto the stack so the user will be told what is bad.
2016-09-22 11:57:29 -07:00
Michael Marineau
5342b880f4 gpt: read entries table at the same time as the header
I personally think this reads easier. Also has the side effect of
directly comparing the primary and backup tables instead of presuming
they are equal if the crc32 matches.
2016-09-21 16:34:36 -07:00
Michael Marineau
f24685b22e gpt: include backup-in-sync check in revalidation 2016-09-21 16:34:36 -07:00
Michael Marineau
d2f9096444 gpt: always revalidate when recomputing checksums
This ensures all code modifying GPT data include the same sanity check
that repair does. If revalidation fails the status flags are left in the
appropriate state.
2016-09-21 16:34:36 -07:00
Michael Marineau
427fdc58e1 gpt: selectively update fields during repair
Just a little cleanup/refactor to skip touching data we don't need to.
2016-09-21 16:34:36 -07:00
Michael Marineau
1f5d29420c gpt: be more careful about relocating backup header
The header was being relocated without checking the new location is
actually safe. If the BIOS thinks the disk is smaller than the OS then
repair may relocate the header into allocated space, failing the final
validation check. So only move it if the disk has grown.

Additionally, if the backup is valid then we can assume its current
location is good enough and leave it as-is.
2016-09-21 16:34:36 -07:00
Michael Marineau
de8d29ef89 gpt: check header and entries status bits together
Use the new status function which checks *_HEADER_VALID and
*_ENTRIES_VALID bits together. It doesn't make sense for the header and
entries bits to mismatch so don't allow for it.
2016-09-21 13:50:06 -07:00
Michael Marineau
d57c41e8f5 Merge pull request #37 from marineam/enum
gpt: do not use an enum for status bit values
2016-09-21 13:26:57 -07:00
Michael Marineau
962db6c639 gpt: do not use an enum for status bit values 2016-09-21 13:24:55 -07:00
Michael Marineau
34abfb37e7 Merge pull request #36 from marineam/repair
Fix gptrepair's status bit checking
2016-09-21 13:14:13 -07:00
Michael Marineau
f4e09602dc gpt: allow repair function to noop
Simplifies usage a little.
2016-09-21 13:12:31 -07:00
Michael Marineau
3dda6a863a gpt: use inline functions for checking status bits
This should prevent bugs like 6078f836 and 4268f3da.
2016-09-21 13:12:03 -07:00
Michael Marineau
4268f3da52 gptrepair: fix status checking
None of these status bit checks were correct. Fix and simplify.
2016-09-20 13:29:07 -07:00
Michael Marineau
40e2f6fd35 Merge pull request #35 from marineam/fix-table
gpt: fix partition table indexing and validation
2016-09-02 17:05:08 -07:00
Vito Caputo
92b5bd1ce3 gpt: add helper for picking a valid header
Eliminate some repetition in primary vs. backup header acquisition.
2016-09-02 17:04:13 -07:00
Michael Marineau
bf127238ee gpt: fix partition table indexing and validation
Portions of the code attempted to handle the fact that GPT entries on
disk may be larger than the currently defined struct while others
assumed the data could be indexed by the struct size directly. This
never came up because no utility uses a size larger than 128 bytes but
for the sake of safety we need to do this by the spec.
2016-09-02 17:04:13 -07:00
Michael Marineau
87dfbf34c4 Merge pull request #33 from marineam/repair-corruption
Fix gptprio to properly detect and repair corruption
2016-08-22 19:40:21 -07:00
Michael Marineau
f9fe0d781a Merge pull request #34 from marineam/extended-validation
Add stricter validation of GPT headers
2016-08-22 19:39:30 -07:00
Michael Marineau
b2ca30d335 fix checking alternate_lba 2016-08-22 18:30:56 -07:00
Michael Marineau
c68fcd3b1a gpt: refuse to write to sector 0 2016-08-22 17:51:48 -07:00
Michael Marineau
8278022a0b gpt: improve validation of GPT headers
Adds basic validation of all the disk locations in the headers, reducing
the chance of corrupting weird locations on disk.
2016-08-22 17:51:48 -07:00
Michael Marineau
6078f83638 gpt: properly detect and repair invalid tables
GPT_BOTH_VALID is 4 bits so simple a boolean check is not sufficient.
This broken condition allowed gptprio to trust bogus disk locations in
headers that were marked invalid causing arbitrary disk corruption.
2016-08-22 17:33:17 -07:00
Michael Marineau
4d91c78833 gptprio_test: check GPT is repaired when appropriate 2016-08-22 17:33:17 -07:00
Michael Marineau
6bc5c77bd5 gptrepair_test: fix typo in cleanup trap 2016-08-22 17:33:17 -07:00
Michael Marineau
1c205c2c4d Merge pull request #31 from marineam/verbose-debug
Add verbose debug logging to biosdisk and gpt
2016-08-22 17:22:34 -07:00
Michael Marineau
c2f5fde6ab gpt: add verbose debug logging 2016-08-22 13:02:29 -07:00
Michael Marineau
d38d2d0fb1 biosdisk: add verbose debug logging 2016-08-22 13:02:29 -07:00
Michael Marineau
3d1efb83ed Merge pull request #32 from marineam/tpm
tpm: fix warnings when compiling for platforms other than pc and efi
2016-08-22 12:53:07 -07:00
Michael Marineau
2de6ebf196 tpm: fix warnings when compiling for platforms other than pc and efi 2016-08-21 18:45:02 -07:00
Michael Marineau
a7b0b20c87 Merge pull request #30 from marineam/fwcfg
fwconfig: fix unused argument warning
2016-08-21 11:21:47 -07:00
Michael Marineau
9a8cd5a16a fwconfig: fix unused argument warning 2016-08-20 17:54:47 -07:00
Michael Marineau
2ff7bd91eb Merge pull request #29 from marineam/big-bad-disk
gpt: do not use disk sizes GRUB will reject as invalid later on
2016-07-25 16:05:48 -07:00
Nick Owens
d4602dd67f Merge pull request #28 from mischief/client-arch
net: add client arch and fix user class/terminator
2016-07-25 15:55:23 -07:00
Michael Marineau
a8ad608425 gpt: do not use disk sizes GRUB will reject as invalid later on
GRUB assumes that no disk is ever larger than 1EiB and rejects
reads/writes to such locations. Unfortunately this is not conveyed in
the usual way with the special GRUB_DISK_SIZE_UNKNOWN value.
2016-07-25 15:35:01 -07:00
Nick Owens
fbf65674a4 net: add client arch and fix user class/terminator
send client arch in bootp requests, for now BIOS and x64/aarch64 EFI is
supported.

fix a bug introduced in 4d5d7be005 where
user class was encoded improperly, although this didn't seem to have any
detrimental effects.

properly insert an option terminator.
2016-07-08 15:39:04 -07:00
Nick Owens
a1724dace5 Merge pull request #27 from mischief/cmddevice
set cmddevice when cmdpath is set
2016-06-01 14:08:23 -07:00
Nick Owens
5470929309 set cmddevice when cmdpath is set 2016-06-01 13:55:45 -07:00
Nick Owens
68ae3c416b Merge pull request #26 from mischief/getenv-efi
grub-core: enable getenv for all efi targets
2016-04-14 15:03:43 -07:00
Nick Owens
70b45a45b9 grub-core: enable getenv for all efi targets 2016-04-14 14:47:39 -07:00
mjg59
ad906495e1 Merge pull request #25 from mjg59/tpm
Fix event log prefix
2016-03-29 21:29:47 -07:00
Matthew Garrett
aab446306b Fix event log prefix
We're not passing the prefixed version of the description to the event log.
Fix that.
2016-03-29 15:36:49 -07:00
mjg59
a067b998e0 Merge pull request #24 from mjg59/coreos
Netboot updates
2016-03-24 15:12:06 -07:00
Matthew Garrett
954fd730ca Allow protocol to be separated from host with a semicolon
Some DHCP servers (such as dnsmasq) tokenise parameters with commas, making
it impossible to pass boot files with commas in them. Allow using a semicolon
to separate the protocol from host if a comma wasn't found.
2016-03-24 13:47:19 -07:00
Matthew Garrett
75b4826d15 Tag the bootp request as a DHCP discover 2016-03-24 13:46:54 -07:00