Matthew Garrett
d6ca0a90ca
verifiers: Core TPM support
...
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI. In future we might
want to have some sort of mechanism for choosing which events get logged
to which PCRs, but this seems like a good default policy and we can wait
to see whether anyone has a use case before adding more complexity.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2018-12-12 14:51:26 +01:00
Daniel Kiper
878398c1a3
efi: Add EFI shim lock verifier
...
This module provides shim lock verification for various kernels
if UEFI secure boot is enabled on a machine.
It is recommended to put this module into GRUB2 standalone image
(avoid putting iorw and memrw modules into it; they are disallowed
if UEFI secure boot is enabled). However, it is also possible to use
it as a normal module. Though such configurations are more fragile
and less secure due to various limitations.
If the module is loaded and UEFI secure boot is enabled then:
- module itself cannot be unloaded (persistent module),
- the iorw and memrw modules cannot be loaded,
- if the iorw and memrw modules are loaded then
machine boot is disabled,
- GRUB2 defers modules and ACPI tables verification to
other verifiers.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2018-11-09 13:25:31 +01:00
Vladimir Serbinenko
ca0a4f689a
verifiers: File type for fine-grained signature-verification controlling
...
Let's provide file type info to the I/O layer. This way verifiers
framework and its users will be able to differentiate files and verify
only required ones.
This is preparatory patch.
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
2018-11-09 13:25:31 +01:00
Rob Clark
e8ab5a1a9e
Fix a segfault in lsefi
...
when protocols_per_handle returns error, we can't use the pointers we
passed to it, and that includes trusting num_protocols.
Signed-off-by: Peter Jones <pjones@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2017-08-03 20:03:09 +02:00
Robert Elliott
c79c59f129
lsefimmap: support persistent memory and other UEFI 2.5 features
...
This should accompany
76ce1de740
Translate UEFI persistent memory type
1. Add a string for the EfiPersistentMemory type 14 that was
added in UEFI 2.5.
2. Decode the memory attributes that were added in UEFI 2.5:
* NV (non-volatile)
* MORE_RELIABLE (higher reliable, e.g., mirrored memory in a system
with partial memory mirroring)
* RO (read-only)
3. Use proper IEC binary units (KiB, MiB, etc.) for power-of-two
values rather than misusing SI power-of-ten units (KB, MB, etc.)
4. The lsmmap command only decodes memory ranges sizes up to GiB scale
units. Persistent memory ranges will reach into the TiB scale.
Since 64-bit size field supports TiB, PiB, and EiB, decode all of
them for completeness.
5. In the lsefimmap command, rewrite the print statements to
* avoid rounding
* avoid a big nested if/else tree.
For example: In the sixth entry below, the value of 309MB implies
316416KB but is really reporting 316436KB.
Widen the size column to 6 digits to accommodate typical cases.
The worst case value would require 14 digits; if that happens,
let the columns get out of sync.
Old format:
Type Physical start - end #Pages Size Attributes
conv-mem 0000000000000000-0000000000092fff 00000093 588KB UC WC WT WB
reserved 0000000000093000-0000000000093fff 00000001 4KB UC WC WT WB
conv-mem 0000000000094000-000000000009ffff 0000000c 48KB UC WC WT WB
conv-mem 0000000000100000-000000000fffffff 0000ff00 255MB UC WC WT WB
BS-code 0000000010000000-0000000010048fff 00000049 292KB UC WC WT WB
conv-mem 0000000010049000-000000002354dfff 00013505 309MB UC WC WT WB
ldr-data 000000002354e000-000000003ecfffff 0001b7b2 439MB UC WC WT WB
BS-data 000000003ed00000-000000003ed7ffff 00000080 512KB UC WC WT WB
conv-mem 000000003ed80000-000000006af5ffff 0002c1e0 705MB UC WC WT WB
reserved 000000006af60000-000000006b55ffff 00000600 6MB UC WC WT WB
BS-data 000000006b560000-000000006b560fff 00000001 4KB UC WC WT WB
RT-data 000000006b561000-000000006b5e1fff 00000081 516KB RT UC WC WT WB
BS-data 000000006b5e2000-000000006ecfafff 00003719 55MB UC WC WT WB
BS-code 000000006ecfb000-000000006ecfbfff 00000001 4KB UC WC WT WB
conv-mem 000000006ecfc000-00000000711fafff 000024ff 36MB UC WC WT WB
BS-data 00000000711fb000-000000007128dfff 00000093 588KB UC WC WT WB
Unk 0d 0000000880000000-0000000e7fffffff 00600000 24GB UC WC WT WB NV
reserved 0000001680000000-0000001c7fffffff 00600000 24GB UC WC WT WB NV
New format:
Type Physical start - end #Pages Size Attributes
conv-mem 0000000000000000-0000000000092fff 00000093 588KiB UC WC WT WB
reserved 0000000000093000-0000000000093fff 00000001 4KiB UC WC WT WB
conv-mem 0000000000094000-000000000009ffff 0000000c 48KiB UC WC WT WB
conv-mem 0000000000100000-000000000fffffff 0000ff00 255MiB UC WC WT WB
BS-code 0000000010000000-0000000010048fff 00000049 292KiB UC WC WT WB
conv-mem 0000000010049000-000000002354dfff 00013505 316436KiB UC WC WT WB
ldr-data 000000002354e000-000000003ecfffff 0001b7b2 450248KiB UC WC WT WB
BS-data 000000003ed00000-000000003ed7ffff 00000080 512KiB UC WC WT WB
conv-mem 000000003ed80000-000000006af5ffff 0002c1e0 722816KiB UC WC WT WB
reserved 000000006af60000-000000006b55ffff 00000600 6MiB UC WC WT WB
BS-data 000000006b560000-000000006b560fff 00000001 4KiB UC WC WT WB
RT-data 000000006b561000-000000006b5e1fff 00000081 516KiB RT UC WC WT WB
BS-data 000000006b5e2000-000000006ecfafff 00003719 56420KiB UC WC WT WB
BS-code 000000006ecfb000-000000006ecfbfff 00000001 4KiB UC WC WT WB
conv-mem 000000006ecfc000-0000000071222fff 00002527 38044KiB UC WC WT WB
BS-data 0000000071223000-00000000712ddfff 000000bb 748KiB UC WC WT WB
persist 0000000880000000-0000000e7fffffff 00600000 24GiB UC WC WT WB NV
reserved 0000001680000000-0000001c7fffffff 00600000 24GiB UC WC WT WB NV
2015-12-17 21:00:44 +03:00
Vladimir Serbinenko
d43a5ee651
tsc: Use alternative delay sources whenever appropriate.
...
PIT isn't available on some of new hardware including Hyper-V. So
use pmtimer for calibration. Moreover pmtimer calibration is faster, so
use it on coreboor where booting time is important.
Based on patch by Michael Chang.
2015-11-27 11:39:55 +01:00
Andrei Borzenkov
50d6f38feb
lsefisystab: add missing comma after 7994077
2015-11-17 06:27:17 +03:00
Pavel Bludov
7994077ab9
Add some UUIDs found in the hardware
2015-11-14 17:57:35 +03:00
Stephane Rochoy
3f3ec8ef44
* grub-core/commands/efi/lsefisystab.c (grub_cmd_lsefisystab): Show
...
EFI system table physical address.
2014-06-22 01:34:57 +02:00
Vladimir Serbinenko
d99af4f0e8
* grub-core/commands/efi/lsefisystab.c: Use %lld to show num_table_entries.
2013-12-15 14:42:19 +01:00
Vladimir Serbinenko
44bbfa33b8
Propagate the EFI commits to x86-efi specific parts.
2013-12-11 16:11:17 +01:00
Vladimir Serbinenko
3e3dff249f
* grub-core/commands/efi/lssal.c: Fix terminating condition.
2013-12-11 15:59:12 +01:00
Vladimir Serbinenko
316dda716c
Introduce grub_efi_packed_guid and use it where alignment is not
...
guaranteed.
2013-12-11 15:57:08 +01:00
Colin Watson
ca3a74469a
Remove nested functions from PCI iterators.
...
* grub-core/bus/pci.c (grub_pci_iterate): Add hook_data argument,
passed to hook. Update all callers to pass appropriate hook data.
* grub-core/bus/emu/pci.c (grub_pci_iterate): Likewise.
* include/grub/pci.h (grub_pci_iteratefunc_t): Add data argument.
Remove NESTED_FUNC_ATTR from here and from all users.
(grub_pci_iterate): Update prototype.
* grub-core/bus/cs5536.c (grub_cs5536_find: hook): Make static
instead of nested. Rename to ...
(grub_cs5536_find_iter): ... this.
* grub-core/kern/efi/mm.c (stop_broadcom: find_card): Likewise.
* grub-core/kern/mips/loongson/init.c (init_pci: set_card):
Likewise.
* grub-core/kern/vga_init.c (grub_qemu_init_cirrus: find_card):
Likewise.
* grub-core/video/bochs.c (grub_video_bochs_setup: find_card):
Likewise.
* grub-core/video/cirrus.c (grub_video_cirrus_setup: find_card):
Likewise.
* grub-core/video/efi_uga.c (find_framebuf: find_card): Likewise.
* grub-core/video/radeon_fuloong2e.c
(grub_video_radeon_fuloong2e_setup: find_card): Likewise.
* grub-core/video/sis315pro.c (grub_video_sis315pro_setup:
find_card): Likewise.
* grub-core/video/sm712.c (grub_video_sm712_setup: find_card):
Likewise.
2013-01-13 01:10:41 +00:00
Peter Jones
c5052c81ab
* grub-core/Makefile.core.def (efifwsetup): New module.
...
* grub-core/commands/efi/efifwsetup.c: New file.
* grub-core/kern/efi/efi.c (grub_efi_set_variable): New function
* include/grub/efi/api.h (GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI):
New define.
* include/grub/efi/efi.h (grub_efi_set_variable): New proto.
2012-09-08 09:40:24 +02:00
Vladimir 'phcoder' Serbinenko
7bd29c01f0
New command `lsefi'.
...
* grub-core/Makefile.core.def (lsefi): New module.
* grub-core/commands/efi/lsefi.c: New file.
* include/grub/efi/api.h: Add more GUIDs.
2012-07-22 19:59:06 +02:00
Vladimir 'phcoder' Serbinenko
584b2f8a22
Replace grub_target_addr with more appropriate types.
...
* grub-core/commands/efi/fixvideo.c (scan_card): Replace
grub_target_addr with grub_addr.
* grub-core/commands/iorw.c (grub_cmd_read): Replace
grub_target_addr with grub_port.
(grub_cmd_write): Likewise.
* grub-core/commands/memrw.c (grub_cmd_read): Replace
grub_target_addr with grub_addr.
(grub_cmd_write): Likewise.
* grub-core/video/efi_uga.c (find_line_len): Likewise.
2012-02-27 14:13:24 +01:00
Vladimir 'phcoder' Serbinenko
9c4b5c13e6
Improve gettext support. Stylistic fixes and error handling fixes while
...
on it.
2012-02-08 19:26:01 +01:00
Vladimir 'phcoder' Serbinenko
10f0117bf9
* grub-core/commands/efi/fixvideo.c: Gettextize.
...
* grub-core/commands/hashsum.c: Likewise.
* grub-core/commands/i386/cmostest.c: Likewise.
* grub-core/commands/i386/pc/drivemap.c: Likewise.
* grub-core/commands/i386/pc/lsapm.c: Likewise.
* grub-core/commands/i386/pc/sendkey.c: Likewise.
* grub-core/commands/lsmmap.c: Likewise.
* grub-core/commands/menuentry.c: Likewise.
* grub-core/commands/mips/loongson/lsspd.c: Likewise.
* grub-core/commands/setpci.c: Likewise.
* grub-core/loader/i386/bsd.c: Likewise.
* grub-core/loader/i386/linux.c: Likewise.
* util/getroot.c: Likewise.
* util/grub-editenv.c: Likewise.
* util/grub-fstest.c: Likewise.
* util/grub-mkfont.c: Likewise.
* util/grub-mkimage.c: Likewise.
* util/grub-mkpasswd-pbkdf2.c: Likewise.
* util/grub-pe2elf.c: Likewise.
* util/grub-probe.c: Likewise.
* util/grub-setup.c: Likewise.
* util/ieee1275/ofpath.c: Likewise.
* util/misc.c: Likewise.
* util/raid.c: Likewise.
2011-11-12 00:34:14 +01:00
Vladimir 'phcoder' Serbinenko
6e0632e28c
* grub-core/commands/acpihalt.c: Gettextized.
...
* grub-core/commands/cacheinfo.c: Likewise.
* grub-core/commands/cmp.c: Likewise.
* grub-core/commands/efi/loadbios.c: Likewise.
* grub-core/commands/gptsync.c: Likewise.
* grub-core/commands/ieee1275/suspend.c: Likewise.
* grub-core/commands/legacycfg.c: Likewise.
* grub-core/commands/memrw.c: Likewise.
* grub-core/commands/minicmd.c: Likewise.
* grub-core/commands/parttool.c: Likewise.
* grub-core/commands/time.c: Likewise.
* grub-core/commands/videoinfo.c: Likewise.
* grub-core/disk/geli.c: Likewise.
* grub-core/disk/i386/pc/biosdisk.c: Likewise.
* grub-core/disk/luks.c: Likewise.
* grub-core/disk/lvm.c: Likewise.
* grub-core/font/font_cmd.c: Likewise.
* grub-core/fs/zfs/zfscrypt.c: Likewise.
* grub-core/fs/zfs/zfsinfo.c: Likewise.
* grub-core/gfxmenu/view.c: Likewise.
* grub-core/kern/emu/hostdisk.c: Likewise.
* grub-core/kern/emu/main.c: Likewise.
* grub-core/kern/emu/misc.c: Likewise.
* grub-core/kern/emu/mm.c: Likewise.
* grub-core/kern/mips/arc/init.c: Likewise.
* grub-core/kern/mips/loongson/init.c: Likewise.
* grub-core/kern/partition.c: Likewise.
* grub-core/lib/i386/halt.c: Likewise.
* grub-core/lib/mips/arc/reboot.c: Likewise.
* grub-core/lib/mips/loongson/reboot.c: Likewise.
* grub-core/loader/i386/pc/chainloader.c: Likewise.
* grub-core/loader/i386/xnu.c: Likewise.
* grub-core/loader/multiboot.c: Likewise.
* grub-core/net/bootp.c: Likewise.
* grub-core/net/net.c: Likewise.
* grub-core/normal/term.c: Likewise.
* grub-core/partmap/bsdlabel.c: Likewise.
* grub-core/parttool/msdospart.c: Likewise.
* grub-core/term/gfxterm.c: Likewise.
* grub-core/term/terminfo.c: Likewise.
* grub-core/video/i386/pc/vbe.c: Likewise.
* util/grub-menulst2cfg.c: Likewise.
* util/grub-mkdevicemap.c: Likewise.
* util/grub-mklayout.c: Likewise.
* util/grub-mkrelpath.c: Likewise.
* util/grub-script-check.c: Likewise.
* util/ieee1275/grub-ofpathname.c: Likewise.
* util/resolve.c: Likewise.
2011-11-11 21:44:56 +01:00
Vladimir 'phcoder' Serbinenko
e745cf0ca6
Implement automatic module license checking according to new GNU
...
guidelines.
* grub-core/kern/dl.c (grub_dl_check_license): New function.
(grub_dl_load_core): Use grub_dl_check_license.
* include/grub/dl.h (GRUB_MOD_SECTION): New macro.
(GRUB_MOD_LICENSE): Likewise.
(GRUB_MOD_DUAL_LICENSE): Likewise.
All modules updated.
2011-04-11 23:01:51 +02:00
Colin Watson
b031012d70
* grub-core/commands/efi/lsefimmap.c (grub_cmd_lsefimmap):
...
NumberOfPages is UINT64 according to the UEFI specification, not
UINTN. Fix printf format.
2010-09-21 16:58:08 +01:00
Colin Watson
40901acd76
* grub-core/commands/efi/lsefimmap.c: Correct header.
...
* NEWS: Update.
2010-09-20 17:59:09 +01:00
Tristan Gingold
3dccbe4bbb
* grub-core/commands/efi/lsefimmap.c: New file.
...
* grub-core/Makefile.core.def (lsefimmap): New module.
* include/grub/efi/api.h (PRIxGRUB_EFI_UINTN_T): New definition.
Also-By: Robert Millan <rmh.grub@aybabtu.com>
Also-By: Vladimir Serbinenko <phcoder@gmail.com>
2010-09-20 17:59:25 +02:00
Colin Watson
6d3d698d13
* grub-core/commands/efi/lsefisystab.c: Correct header.
...
* grub-core/commands/efi/lssal.c: Likewise.
* grub-core/commands/testload.c: Likewise.
2010-09-20 13:18:41 +01:00
Tristan Gingold
41a331a8d3
* grub-core/commands/efi/lsefimmap.c: New file.
...
* grub-core/Makefile.core.def (lsefimmap): New module.
* include/grub/efi/api.h (PRIxGRUB_EFI_UINTN_T): New definition.
Also-By: Robert Millan <rmh.grub@aybabtu.com>
Also-By: Vladimir Serbinenko <phcoder@gmail.com>
2010-09-01 10:12:41 +02:00
Vladimir 'phcoder' Serbinenko
48798b6a1e
Fix memory leak
2010-09-01 09:34:09 +02:00
Tristan Gingold
105de6a758
* grub-core/commands/efi/lsefisystab.c: New file.
...
* grub-core/commands/efi/lssal.c: Likewise.
* grub-core/Makefile.core.def (lsacpi): New module.
(lsefisystab): Likewise.
* include/grub/efi/api.h (GRUB_EFI_SAL_TABLE_GUID): New definition.
(GRUB_EFI_HCDP_TABLE_GUID): Likewise.
(grub_efi_sal_system_table): New struct.
(grub_efi_sal_system_table_entrypoint_descriptor): Likewise.
(grub_efi_sal_system_table_memory_descriptor): Likewise.
(grub_efi_sal_system_table_platform_features): Likewise.
(grub_efi_sal_system_table_translation_register_descriptor): Likewise.
(grub_efi_sal_system_table_purge_translation_coherence): Likewise.
(grub_efi_sal_system_table_ap_wakeup): Likewise.
* include/grub/types.h (PRIuGRUB_UINT64_T): New definition.
Also-By: Robert Millan <rmh.grub@aybabtu.com>
Also-By: Vladimir Serbinenko <phcoder@gmail.com>
2010-09-01 02:37:17 +02:00
BVK Chaitanya
8c41176882
automake commit without merge history
2010-05-06 11:34:04 +05:30