Commit graph

29 commits

Author SHA1 Message Date
Matthew Garrett
d6ca0a90ca verifiers: Core TPM support
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI. In future we might
want to have some sort of mechanism for choosing which events get logged
to which PCRs, but this seems like a good default policy and we can wait
to see whether anyone  has a use case before adding more complexity.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-12-12 14:51:26 +01:00
Daniel Kiper
878398c1a3 efi: Add EFI shim lock verifier
This module provides shim lock verification for various kernels
if UEFI secure boot is enabled on a machine.

It is recommended to put this module into GRUB2 standalone image
(avoid putting iorw and memrw modules into it; they are disallowed
if UEFI secure boot is enabled). However, it is also possible to use
it as a normal module. Though such configurations are more fragile
and less secure due to various limitations.

If the module is loaded and UEFI secure boot is enabled then:
  - module itself cannot be unloaded (persistent module),
  - the iorw and memrw modules cannot be loaded,
  - if the iorw and memrw modules are loaded then
    machine boot is disabled,
  - GRUB2 defers modules and ACPI tables verification to
    other verifiers.

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2018-11-09 13:25:31 +01:00
Vladimir Serbinenko
ca0a4f689a verifiers: File type for fine-grained signature-verification controlling
Let's provide file type info to the I/O layer. This way verifiers
framework and its users will be able to differentiate files and verify
only required ones.

This is preparatory patch.

Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2018-11-09 13:25:31 +01:00
Rob Clark
e8ab5a1a9e Fix a segfault in lsefi
when protocols_per_handle returns error, we can't use the pointers we
passed to it, and that includes trusting num_protocols.

Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-08-03 20:03:09 +02:00
Robert Elliott
c79c59f129 lsefimmap: support persistent memory and other UEFI 2.5 features
This should accompany
	76ce1de740 Translate UEFI persistent memory type

1. Add a string for the EfiPersistentMemory type 14 that was
added in UEFI 2.5.

2. Decode the memory attributes that were added in UEFI 2.5:
* NV (non-volatile)
* MORE_RELIABLE (higher reliable, e.g., mirrored memory in a system
  with partial memory mirroring)
* RO (read-only)

3. Use proper IEC binary units (KiB, MiB, etc.) for power-of-two
values rather than misusing SI power-of-ten units (KB, MB, etc.)

4. The lsmmap command only decodes memory ranges sizes up to GiB scale
units.  Persistent memory ranges will reach into the TiB scale.
Since 64-bit size field supports TiB, PiB, and EiB, decode all of
them for completeness.

5. In the lsefimmap command, rewrite the print statements to
* avoid rounding
* avoid a big nested if/else tree.

For example: In the sixth entry below, the value of 309MB implies
316416KB but is really reporting 316436KB.

Widen the size column to 6 digits to accommodate typical cases.
The worst case value would require 14 digits; if that happens,
let the columns get out of sync.

Old format:
Type      Physical start  - end             #Pages     Size Attributes
conv-mem  0000000000000000-0000000000092fff 00000093  588KB UC WC WT WB
reserved  0000000000093000-0000000000093fff 00000001    4KB UC WC WT WB
conv-mem  0000000000094000-000000000009ffff 0000000c   48KB UC WC WT WB
conv-mem  0000000000100000-000000000fffffff 0000ff00  255MB UC WC WT WB
BS-code   0000000010000000-0000000010048fff 00000049  292KB UC WC WT WB
conv-mem  0000000010049000-000000002354dfff 00013505  309MB UC WC WT WB
ldr-data  000000002354e000-000000003ecfffff 0001b7b2  439MB UC WC WT WB
BS-data   000000003ed00000-000000003ed7ffff 00000080  512KB UC WC WT WB
conv-mem  000000003ed80000-000000006af5ffff 0002c1e0  705MB UC WC WT WB
reserved  000000006af60000-000000006b55ffff 00000600    6MB UC WC WT WB
BS-data   000000006b560000-000000006b560fff 00000001    4KB UC WC WT WB
RT-data   000000006b561000-000000006b5e1fff 00000081  516KB RT UC WC WT WB
BS-data   000000006b5e2000-000000006ecfafff 00003719   55MB UC WC WT WB
BS-code   000000006ecfb000-000000006ecfbfff 00000001    4KB UC WC WT WB
conv-mem  000000006ecfc000-00000000711fafff 000024ff   36MB UC WC WT WB
BS-data   00000000711fb000-000000007128dfff 00000093  588KB UC WC WT WB
Unk 0d    0000000880000000-0000000e7fffffff 00600000   24GB UC WC WT WB NV
reserved  0000001680000000-0000001c7fffffff 00600000   24GB UC WC WT WB NV

New format:
Type      Physical start  - end             #Pages        Size Attributes
conv-mem  0000000000000000-0000000000092fff 00000093    588KiB UC WC WT WB
reserved  0000000000093000-0000000000093fff 00000001      4KiB UC WC WT WB
conv-mem  0000000000094000-000000000009ffff 0000000c     48KiB UC WC WT WB
conv-mem  0000000000100000-000000000fffffff 0000ff00    255MiB UC WC WT WB
BS-code   0000000010000000-0000000010048fff 00000049    292KiB UC WC WT WB
conv-mem  0000000010049000-000000002354dfff 00013505 316436KiB UC WC WT WB
ldr-data  000000002354e000-000000003ecfffff 0001b7b2 450248KiB UC WC WT WB
BS-data   000000003ed00000-000000003ed7ffff 00000080    512KiB UC WC WT WB
conv-mem  000000003ed80000-000000006af5ffff 0002c1e0 722816KiB UC WC WT WB
reserved  000000006af60000-000000006b55ffff 00000600      6MiB UC WC WT WB
BS-data   000000006b560000-000000006b560fff 00000001      4KiB UC WC WT WB
RT-data   000000006b561000-000000006b5e1fff 00000081    516KiB RT UC WC WT WB
BS-data   000000006b5e2000-000000006ecfafff 00003719  56420KiB UC WC WT WB
BS-code   000000006ecfb000-000000006ecfbfff 00000001      4KiB UC WC WT WB
conv-mem  000000006ecfc000-0000000071222fff 00002527  38044KiB UC WC WT WB
BS-data   0000000071223000-00000000712ddfff 000000bb    748KiB UC WC WT WB
persist   0000000880000000-0000000e7fffffff 00600000     24GiB UC WC WT WB NV
reserved  0000001680000000-0000001c7fffffff 00600000     24GiB UC WC WT WB NV
2015-12-17 21:00:44 +03:00
Vladimir Serbinenko
d43a5ee651 tsc: Use alternative delay sources whenever appropriate.
PIT isn't available on some of new hardware including Hyper-V. So
use pmtimer for calibration. Moreover pmtimer calibration is faster, so
use it on coreboor where booting time is important.

Based on patch by Michael Chang.
2015-11-27 11:39:55 +01:00
Andrei Borzenkov
50d6f38feb lsefisystab: add missing comma after 7994077 2015-11-17 06:27:17 +03:00
Pavel Bludov
7994077ab9 Add some UUIDs found in the hardware 2015-11-14 17:57:35 +03:00
Stephane Rochoy
3f3ec8ef44 * grub-core/commands/efi/lsefisystab.c (grub_cmd_lsefisystab): Show
EFI system table physical address.
2014-06-22 01:34:57 +02:00
Vladimir Serbinenko
d99af4f0e8 * grub-core/commands/efi/lsefisystab.c: Use %lld to show num_table_entries. 2013-12-15 14:42:19 +01:00
Vladimir Serbinenko
44bbfa33b8 Propagate the EFI commits to x86-efi specific parts. 2013-12-11 16:11:17 +01:00
Vladimir Serbinenko
3e3dff249f * grub-core/commands/efi/lssal.c: Fix terminating condition. 2013-12-11 15:59:12 +01:00
Vladimir Serbinenko
316dda716c Introduce grub_efi_packed_guid and use it where alignment is not
guaranteed.
2013-12-11 15:57:08 +01:00
Colin Watson
ca3a74469a Remove nested functions from PCI iterators.
* grub-core/bus/pci.c (grub_pci_iterate): Add hook_data argument,
passed to hook.  Update all callers to pass appropriate hook data.
* grub-core/bus/emu/pci.c (grub_pci_iterate): Likewise.
* include/grub/pci.h (grub_pci_iteratefunc_t): Add data argument.
Remove NESTED_FUNC_ATTR from here and from all users.
(grub_pci_iterate): Update prototype.
* grub-core/bus/cs5536.c (grub_cs5536_find: hook): Make static
instead of nested.  Rename to ...
(grub_cs5536_find_iter): ... this.
* grub-core/kern/efi/mm.c (stop_broadcom: find_card): Likewise.
* grub-core/kern/mips/loongson/init.c (init_pci: set_card):
Likewise.
* grub-core/kern/vga_init.c (grub_qemu_init_cirrus: find_card):
Likewise.
* grub-core/video/bochs.c (grub_video_bochs_setup: find_card):
Likewise.
* grub-core/video/cirrus.c (grub_video_cirrus_setup: find_card):
Likewise.
* grub-core/video/efi_uga.c (find_framebuf: find_card): Likewise.
* grub-core/video/radeon_fuloong2e.c
(grub_video_radeon_fuloong2e_setup: find_card): Likewise.
* grub-core/video/sis315pro.c (grub_video_sis315pro_setup:
find_card): Likewise.
* grub-core/video/sm712.c (grub_video_sm712_setup: find_card):
Likewise.
2013-01-13 01:10:41 +00:00
Peter Jones
c5052c81ab * grub-core/Makefile.core.def (efifwsetup): New module.
* grub-core/commands/efi/efifwsetup.c: New file.
	* grub-core/kern/efi/efi.c (grub_efi_set_variable): New function
	* include/grub/efi/api.h (GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI):
	New define.
	* include/grub/efi/efi.h (grub_efi_set_variable): New proto.
2012-09-08 09:40:24 +02:00
Vladimir 'phcoder' Serbinenko
7bd29c01f0 New command `lsefi'.
* grub-core/Makefile.core.def (lsefi): New module.
	* grub-core/commands/efi/lsefi.c: New file.
	* include/grub/efi/api.h: Add more GUIDs.
2012-07-22 19:59:06 +02:00
Vladimir 'phcoder' Serbinenko
584b2f8a22 Replace grub_target_addr with more appropriate types.
* grub-core/commands/efi/fixvideo.c (scan_card): Replace
	grub_target_addr with grub_addr.
	* grub-core/commands/iorw.c (grub_cmd_read): Replace
	grub_target_addr with grub_port.
	(grub_cmd_write): Likewise.
	* grub-core/commands/memrw.c (grub_cmd_read): Replace
	grub_target_addr with grub_addr.
	(grub_cmd_write): Likewise.
	* grub-core/video/efi_uga.c (find_line_len): Likewise.
2012-02-27 14:13:24 +01:00
Vladimir 'phcoder' Serbinenko
9c4b5c13e6 Improve gettext support. Stylistic fixes and error handling fixes while
on it.
2012-02-08 19:26:01 +01:00
Vladimir 'phcoder' Serbinenko
10f0117bf9 * grub-core/commands/efi/fixvideo.c: Gettextize.
* grub-core/commands/hashsum.c: Likewise.
	* grub-core/commands/i386/cmostest.c: Likewise.
	* grub-core/commands/i386/pc/drivemap.c: Likewise.
	* grub-core/commands/i386/pc/lsapm.c: Likewise.
	* grub-core/commands/i386/pc/sendkey.c: Likewise.
	* grub-core/commands/lsmmap.c: Likewise.
	* grub-core/commands/menuentry.c: Likewise.
	* grub-core/commands/mips/loongson/lsspd.c: Likewise.
	* grub-core/commands/setpci.c: Likewise.
	* grub-core/loader/i386/bsd.c: Likewise.
	* grub-core/loader/i386/linux.c: Likewise.
	* util/getroot.c: Likewise.
	* util/grub-editenv.c: Likewise.
	* util/grub-fstest.c: Likewise.
	* util/grub-mkfont.c: Likewise.
	* util/grub-mkimage.c: Likewise.
	* util/grub-mkpasswd-pbkdf2.c: Likewise.
	* util/grub-pe2elf.c: Likewise.
	* util/grub-probe.c: Likewise.
	* util/grub-setup.c: Likewise.
	* util/ieee1275/ofpath.c: Likewise.
	* util/misc.c: Likewise.
	* util/raid.c: Likewise.
2011-11-12 00:34:14 +01:00
Vladimir 'phcoder' Serbinenko
6e0632e28c * grub-core/commands/acpihalt.c: Gettextized.
* grub-core/commands/cacheinfo.c: Likewise.
	* grub-core/commands/cmp.c: Likewise.
	* grub-core/commands/efi/loadbios.c: Likewise.
	* grub-core/commands/gptsync.c: Likewise.
	* grub-core/commands/ieee1275/suspend.c: Likewise.
	* grub-core/commands/legacycfg.c: Likewise.
	* grub-core/commands/memrw.c: Likewise.
	* grub-core/commands/minicmd.c: Likewise.
	* grub-core/commands/parttool.c: Likewise.
	* grub-core/commands/time.c: Likewise.
	* grub-core/commands/videoinfo.c: Likewise.
	* grub-core/disk/geli.c: Likewise.
	* grub-core/disk/i386/pc/biosdisk.c: Likewise.
	* grub-core/disk/luks.c: Likewise.
	* grub-core/disk/lvm.c: Likewise.
	* grub-core/font/font_cmd.c: Likewise.
	* grub-core/fs/zfs/zfscrypt.c: Likewise.
	* grub-core/fs/zfs/zfsinfo.c: Likewise.
	* grub-core/gfxmenu/view.c: Likewise.
	* grub-core/kern/emu/hostdisk.c: Likewise.
	* grub-core/kern/emu/main.c: Likewise.
	* grub-core/kern/emu/misc.c: Likewise.
	* grub-core/kern/emu/mm.c: Likewise.
	* grub-core/kern/mips/arc/init.c: Likewise.
	* grub-core/kern/mips/loongson/init.c: Likewise.
	* grub-core/kern/partition.c: Likewise.
	* grub-core/lib/i386/halt.c: Likewise.
	* grub-core/lib/mips/arc/reboot.c: Likewise.
	* grub-core/lib/mips/loongson/reboot.c: Likewise.
	* grub-core/loader/i386/pc/chainloader.c: Likewise.
	* grub-core/loader/i386/xnu.c: Likewise.
	* grub-core/loader/multiboot.c: Likewise.
	* grub-core/net/bootp.c: Likewise.
	* grub-core/net/net.c: Likewise.
	* grub-core/normal/term.c: Likewise.
	* grub-core/partmap/bsdlabel.c: Likewise.
	* grub-core/parttool/msdospart.c: Likewise.
	* grub-core/term/gfxterm.c: Likewise.
	* grub-core/term/terminfo.c: Likewise.
	* grub-core/video/i386/pc/vbe.c: Likewise.
	* util/grub-menulst2cfg.c: Likewise.
	* util/grub-mkdevicemap.c: Likewise.
	* util/grub-mklayout.c: Likewise.
	* util/grub-mkrelpath.c: Likewise.
	* util/grub-script-check.c: Likewise.
	* util/ieee1275/grub-ofpathname.c: Likewise.
	* util/resolve.c: Likewise.
2011-11-11 21:44:56 +01:00
Vladimir 'phcoder' Serbinenko
e745cf0ca6 Implement automatic module license checking according to new GNU
guidelines.

	* grub-core/kern/dl.c (grub_dl_check_license): New function.
	(grub_dl_load_core): Use grub_dl_check_license.
	* include/grub/dl.h (GRUB_MOD_SECTION): New macro.
	(GRUB_MOD_LICENSE): Likewise.
	(GRUB_MOD_DUAL_LICENSE): Likewise.
	All modules updated.
2011-04-11 23:01:51 +02:00
Colin Watson
b031012d70 * grub-core/commands/efi/lsefimmap.c (grub_cmd_lsefimmap):
NumberOfPages is UINT64 according to the UEFI specification, not
UINTN.  Fix printf format.
2010-09-21 16:58:08 +01:00
Colin Watson
40901acd76 * grub-core/commands/efi/lsefimmap.c: Correct header.
* NEWS: Update.
2010-09-20 17:59:09 +01:00
Tristan Gingold
3dccbe4bbb * grub-core/commands/efi/lsefimmap.c: New file.
* grub-core/Makefile.core.def (lsefimmap): New module.
	* include/grub/efi/api.h (PRIxGRUB_EFI_UINTN_T): New definition.

	Also-By: Robert Millan <rmh.grub@aybabtu.com>

	Also-By: Vladimir Serbinenko <phcoder@gmail.com>
2010-09-20 17:59:25 +02:00
Colin Watson
6d3d698d13 * grub-core/commands/efi/lsefisystab.c: Correct header.
* grub-core/commands/efi/lssal.c: Likewise.
* grub-core/commands/testload.c: Likewise.
2010-09-20 13:18:41 +01:00
Tristan Gingold
41a331a8d3 * grub-core/commands/efi/lsefimmap.c: New file.
* grub-core/Makefile.core.def (lsefimmap): New module.
	* include/grub/efi/api.h (PRIxGRUB_EFI_UINTN_T): New definition.

	Also-By: Robert Millan <rmh.grub@aybabtu.com>

	Also-By: Vladimir Serbinenko <phcoder@gmail.com>
2010-09-01 10:12:41 +02:00
Vladimir 'phcoder' Serbinenko
48798b6a1e Fix memory leak 2010-09-01 09:34:09 +02:00
Tristan Gingold
105de6a758 * grub-core/commands/efi/lsefisystab.c: New file.
* grub-core/commands/efi/lssal.c: Likewise.
	* grub-core/Makefile.core.def (lsacpi): New module.
	(lsefisystab): Likewise.
	* include/grub/efi/api.h (GRUB_EFI_SAL_TABLE_GUID): New definition.
	(GRUB_EFI_HCDP_TABLE_GUID): Likewise.
	(grub_efi_sal_system_table): New struct.
	(grub_efi_sal_system_table_entrypoint_descriptor): Likewise.
	(grub_efi_sal_system_table_memory_descriptor): Likewise.
	(grub_efi_sal_system_table_platform_features): Likewise.
	(grub_efi_sal_system_table_translation_register_descriptor): Likewise.
	(grub_efi_sal_system_table_purge_translation_coherence): Likewise.
	(grub_efi_sal_system_table_ap_wakeup): Likewise.
	* include/grub/types.h (PRIuGRUB_UINT64_T): New definition.

	Also-By: Robert Millan <rmh.grub@aybabtu.com>

	Also-By: Vladimir Serbinenko <phcoder@gmail.com>
2010-09-01 02:37:17 +02:00
BVK Chaitanya
8c41176882 automake commit without merge history 2010-05-06 11:34:04 +05:30