Colin Watson
25850cfd50
Don't allow insmod when secure boot is enabled.
...
Hi,
Fedora's patch to forbid insmod in UEFI Secure Boot environments is fine
as far as it goes. However, the insmod command is not the only way that
modules can be loaded. In particular, the 'normal' command, which
implements the usual GRUB menu and the fully-featured command prompt,
will implicitly load commands not currently loaded into memory. This
permits trivial Secure Boot violations by writing commands implementing
whatever you want to do and pointing $prefix at the malicious code.
I'm currently test-building this patch (replacing your current
grub-2.00-no-insmod-on-sb.patch), but this should be more correct. It
moves the check into grub_dl_load_file.
2015-04-22 12:47:49 -07:00
Vladimir Serbinenko
7e7293d745
* grub-core/kern/efi/efi.c: Ensure that the result starts with /
...
and has no //.
2014-01-18 16:41:47 +01:00
Vladimir Serbinenko
09c479006c
Fix buffer overflow in grub_efi_print_device_path.
2013-12-24 19:04:46 +01:00
Vladimir Serbinenko
4d6c69536e
Show SATA device path.
2013-12-24 18:10:28 +01:00
Vladimir Serbinenko
fba31b5f69
Dump type and vendor specific data when printing device path.
2013-12-24 14:05:48 +01:00
Vladimir Serbinenko
6dc3337774
Fix definition of grub_efi_hard_drive_device_path. Take care that
...
existing code would work even if by some reason bogus definition is
used by EFI implementations.
2013-12-14 22:04:02 +01:00
Vladimir Serbinenko
607a39f9f0
* include/grub/efi/api.h: Rename protocol and interface to avoid
...
conflict.
2013-12-14 21:48:46 +01:00
Vladimir Serbinenko
316dda716c
Introduce grub_efi_packed_guid and use it where alignment is not
...
guaranteed.
2013-12-11 15:57:08 +01:00
Vladimir Serbinenko
47f88cc94e
* grub-core/kern/efi/efi.c: Remove variable length arrays.
2013-12-04 08:39:22 +01:00
Vladimir Serbinenko
83e9c273e5
* grub-core/kern/efi/efi.c (grub_efi_get_filename): Reset the pointer
...
at the start of second iteration.
2013-11-14 15:50:43 +01:00
Vladimir Serbinenko
fa9b3dcae2
* grub-core/kern/efi/efi.c (grub_efi_get_filename): Avoid inefficient
...
realloc.
2013-11-01 16:06:51 +01:00
Peter Jones
c5052c81ab
* grub-core/Makefile.core.def (efifwsetup): New module.
...
* grub-core/commands/efi/efifwsetup.c: New file.
* grub-core/kern/efi/efi.c (grub_efi_set_variable): New function
* include/grub/efi/api.h (GRUB_EFI_OS_INDICATIONS_BOOT_TO_FW_UI):
New define.
* include/grub/efi/efi.h (grub_efi_set_variable): New proto.
2012-09-08 09:40:24 +02:00
Vladimir 'phcoder' Serbinenko
7da036bbcb
Remove non-functional EFI grub_get_rtc. Put a better fatal message
...
than current grub_get_rtc() not implemented when booted with
coreboot without TSC.
* grub-core/Makefile.am: Exclude efi/time.h from kernel headers.
Add machine/time.h to kernel headers on loongson.
* grub-core/Makefile.core.def (kernel): Remove
kern/generic/rtc_get_time_ms.c on qemu-multiboot-coreboot.
* grub-core/kern/efi/efi.c (grub_rtc_get_time_ms): Removed.
(grub_get_rtc): Likewise.
* grub-core/kern/generic/rtc_get_time_ms.c: Include grub/machine/time.h.
* grub-core/kern/i386/coreboot/init.c (grub_get_rtc): Removed.
* grub-core/kern/i386/pc/init.c: Include grub/machine/init.h.
* grub-core/kern/i386/tsc.c (grub_tsc_init)
[!GRUB_MACHINE_PCBIOS && !GRUB_MACHINE_IEEE1275]: Call grub_fatal
rather than installing known non-working time source.
* grub-core/kern/ieee1275/init.c (grub_get_rtc): Removed.
* grub-core/kern/mips/loongson/init.c: Include grub/machine/time.h.
* include/grub/time.h: Don't include machine/time.h.
* include/grub/efi/time.h: Removed.
* include/grub/i386/efi/time.h: Likewise.
* include/grub/i386/ieee1275/time.h: Likewise.
* include/grub/powerpc/ieee1275/time.h: Likewise.
* include/grub/sparc64/ieee1275/time.h: Likewise.
* include/grub/x86_64/efi/time.h: Likewise.
2012-06-11 20:44:38 +02:00
Vladimir 'phcoder' Serbinenko
9e5e66d15e
Use ITC on IA64 rather than broken routine based on daytime.
...
* grub-core/kern/efi/efi.c (grub_rtc_get_time_ms) [__ia64__]: Remove on
ia64.
(grub_get_rtc) [__ia64__]: Likewise.
* grub-core/kern/ia64/efi/init.c (divisor): New variable.
(get_itc): New function.
(grub_rtc_get_time_ms): Likewise.
(grub_machine_init): Calibrate ITC.
* include/grub/efi/time.h (grub_get_rtc), (GRUB_TICKS_PER_SECOND):
Keep only on non-ia64. Don't export since it's broken and used only
if TSC is unavailable.
2012-06-09 10:52:39 +02:00
Matthew Garrett
3935dde2f2
Use EDID on EFI.
...
* grub-core/kern/efi/efi.c (grub_efi_get_variable): New argument
datasize_out.
* grub-core/video/efi_gop.c (check_protocol): Check that GOP has usable
modes. Set gop_handle.
(grub_video_gop_get_edid): New function.
(grub_gop_get_preferred_mode): Likewise.
(grub_video_gop_setup): Use grub_gop_get_preferred_mode.
(grub_video_efi_gop_adapter): Set .get_edid.
* include/grub/efi/edid.h: New file.
* include/grub/efi/efi.h (grub_efi_get_variable): Update proto.
Also-By: Vladimir Serbinenko <phcoder@gmail.com>
2012-03-04 00:48:21 +01:00
Matthew Garrett
c598862958
* grub-core/kern/efi/efi.c (grub_efi_get_variable): Add new function.
...
* include/grub/efi/efi.h: Likewise.
* include/grub/efi/api.h: Add guid for EFI-specified variables.
* include/grub/charset.h (GRUB_MAX_UTF16_PER_UTF8): New definition.
* grub-core/normal/charset.c (grub_utf8_process): Move from here ...
* include/grub/charset.h (grub_utf8_process): ... to here. Inline.
* grub-core/normal/charset.c (grub_utf8_to_utf16): Move from here ...
* include/grub/charset.h (grub_utf8_to_utf16): ... to here. Inline.
2012-02-27 12:02:57 +01:00
Vladimir 'phcoder' Serbinenko
ebcecdf1c3
Increase warning level.
...
* conf/Makefile.common (CFLAGS_GNULIB): Add -Wno-redundant-decls
-Wno-unreachable-code -Wno-conversion -Wno-old-style-definition.
* configure.ac (HOST_CFLAGS): Add bunch of -W arguments.
(TARGET_CFLAGS): Likewise.
(HOST_CFLAGS): Add -Werror unless --disable-werror is activated.
* grub-core/Makefile.core.def (decompressor_xz): Add
-Wno-unreachable-code.
(normal): Add -Wno-redundant-decls.
(xzio): Add -Wno-unreachable-code.
(lzopio): Add -Wno-redundant-decls -Wno-error.
* grub-core/commands/acpi.c: Add exception to -Wcast-align.
* grub-core/commands/lsacpi.c: Add exception to -Wcast-align.
* grub-core/gensymlist.sh: Add exception to -Wmissing-format-attribute.
* grub-core/kern/dl.c: Add exception to -Wcast-align.
* grub-core/kern/efi/efi.c (grub_efi_modules_addr): Likewise.
* grub-core/kern/i386/coreboot/init.c: Add exception to
-Wsuggest-attribute=noreturn.
* grub-core/kern/ia64/dl.c: Add exception to -Wcast-align.
* grub-core/kern/ia64/dl_helper.c: Likewise.
* grub-core/kern/mips/dl.c: Likewise.
* grub-core/kern/sparc64/dl.c: Likewise.
* grub-core/lib/LzmaEnc.c: Add exception to -Wshadow.
* grub-core/lib/libgcrypt_wrap/cipher_wrap.h (memcpy): Likewise.
(memcmp): Likewise.
* grub-core/lib/pbkdf2.c: Add exception to -Wunreachable-code.
* grub-core/loader/ia64/efi/linux.c: Add exception to -Wcast-align.
* grub-core/loader/mips/linux.c: Likewise.
* grub-core/loader/multiboot_elfxx.c: Likewise.
* grub-core/script/parser.y: Add exception to -Wunreachable-code.
* grub-core/video/sm712.c: Add exception to -Wcast-align.
* util/import_gcry.py: Add -Wno-cast-align to modules checked by hand.
* grub-core/font/font.c (grub_font_loader_init): Add explicit cast and
fixme.
* grub-core/fs/iso9660.c (grub_iso9660_iterate_dir): Likewise.
* grub-core/kern/i386/multiboot_mmap.c (grub_machine_mmap_init):
Fix prototype.
2012-02-10 16:48:48 +01:00
Vladimir 'phcoder' Serbinenko
544c24876e
Move grub_reboot out of the kernel.
...
* grub-core/Makefile.core.def (reboot): Add platform-specific files.
* grub-core/kern/efi/efi.c (grub_reboot): Moved to ...
* grub-core/lib/efi/reboot.c: ... here.
* grub-core/kern/i386/efi/startup.S: Remove including of realmode.S.
* grub-core/kern/i386/ieee1275/startup.S: Likewise.
* grub-core/kern/i386/pc/startup.S (grub_exit): Inline cold_reboot.
* grub-core/kern/i386/realmode.S (grub_reboot): Moved to...
* grub-core/lib/i386/reboot_trampoline.S: ... here.
* grub-core/kern/ieee1275/openfw.c (grub_reboot): Moved to...
* grub-core/lib/ieee1275/reboot.c: ... here.
* grub-core/kern/mips/arc/init.c (grub_reboot): Moved to...
* grub-core/lib/mips/arc/reboot.c: ... here.
* grub-core/kern/mips/loongson/init.c (grub_reboot): Moved to...
* grub-core/lib/mips/loongson/reboot.c: ...here.
* grub-core/kern/mips/qemu_mips/init.c (grub_reboot): Moved to...
* grub-core/lib/mips/qemu_mips/reboot.c: ... here.
* include/grub/emu/misc.h (grub_reboot): New function declaration.
* include/grub/i386/reboot.h: New file.
* include/grub/mips/loongson/ec.h: Fix includes.
* include/grub/mips/qemu_mips/kernel.h (grub_reboot): Removed.
* include/grub/misc.h (grub_reboot): Don't mark as kernel function.
* grub-core/lib/i386/reboot.c: New file.
2011-10-19 16:53:18 +02:00
Vladimir 'phcoder' Serbinenko
39705fadd7
Replace grub_module_iterate with FOR_MODULES.
...
* grub-core/disk/memdisk.c (GRUB_MOD_INIT): Switched to new interface.
* grub-core/kern/efi/efi.c (grub_arch_modules_addr): Renamed to...
(grub_efi_modules_addr): ...this.
* grub-core/kern/efi/init.c (grub_modbase): New variable.
(grub_efi_init): Set grub_modbase.
* grub-core/kern/emu/main.c (grub_arch_modules_addr): Removed.
(grub_modbase): New variable.
* grub-core/kern/i386/coreboot/init.c (grub_arch_modules_addr): Removed.
(grub_modbase): New variable.
(grub_machine_init): Set grub_modbase.
* grub-core/kern/i386/pc/init.c (grub_arch_modules_addr): Removed.
(grub_modbase): New variable.
(grub_machine_init): Set grub_modbase.
* grub-core/kern/ieee1275/init.c (grub_arch_modules_addr): Removed.
(grub_modbase): New variable.
(grub_machine_init): Set grub_modbase.
* grub-core/kern/main.c (grub_module_iterate): Remove.
(grub_modules_get_end): Use grub_modbase.
(grub_load_modules): Use FOR_MODULES.
(grub_load_config): Likewise.
* grub-core/kern/mips/arc/init.c (grub_arch_modules_addr): Removed.
(grub_modbase): New variable.
(grub_machine_init): Set grub_modbase.
* grub-core/kern/mips/loongson/init.c (grub_arch_modules_addr): Removed.
(grub_modbase): New variable.
(grub_machine_init): Set grub_modbase.
* grub-core/kern/mips/qemu_mips/init.c (grub_arch_modules_addr):
Removed.
(grub_modbase): New variable.
(grub_machine_init): Set grub_modbase.
* include/grub/efi/efi.h (grub_efi_modules_addr): New declaration.
* include/grub/kernel.h (grub_arch_modules_addr): Removed.
(grub_module_iterate): Likewise.
(grub_modbase): New variable declaration.
(FOR_MODULES): New macro.
2011-10-16 15:23:29 +02:00
Vladimir 'phcoder' Serbinenko
cae730b452
Automatically determine prefix when netbooted on EFI
2011-07-02 16:56:35 +02:00
Vladimir 'phcoder' Serbinenko
7216a1bff3
Set EFI ticks to 1000Hz simplifying much of the code and avoiding cotsly division
2011-05-08 17:05:47 +02:00
Vladimir 'phcoder' Serbinenko
069c9c5fda
merge mainline into intwrap
2010-08-29 23:21:21 +02:00
Vladimir 'phcoder' Serbinenko
afba9f98ec
MErge mainline into intwrap
2010-08-25 23:39:42 +02:00
Vladimir 'phcoder' Serbinenko
16bd6cfab2
Merge mainline into newreloc. For now without boot tests
2010-08-25 03:25:18 +02:00
BVK Chaitanya
297f0c2b6e
merge with mainline
2010-07-13 00:43:28 +05:30
BVK Chaitanya
8c41176882
automake commit without merge history
2010-05-06 11:34:04 +05:30