Commit graph

52 commits

Author SHA1 Message Date
Matthew Garrett
f4f4e3c715 verifiers: Core TPM support
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI. In future we might
want to have some sort of mechanism for choosing which events get logged
to which PCRs, but this seems like a good default policy and we can wait
to see whether anyone  has a use case before adding more complexity.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 16:43:54 -04:00
Matthew Garrett
8d6447d496 verifiers: Verify commands executed by grub
Pass all commands executed by GRUB to the verifiers layer. Most verifiers will
ignore this, but some (such as the TPM verifier) want to be able to measure and
log each command executed in order to ensure that the boot state is as expected.

Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 14:11:28 -04:00
David Michael
e576eb0cbc Merge remote-tracking branch 'upstream/master' 2017-01-23 14:02:45 -08:00
Matthew Garrett
bf25cda14e Make TPM errors less fatal
Handle TPM errors, and stop trying to use the TPM once we hit one.
2016-10-13 14:01:52 -07:00
Matthew Garrett
bb3473d7c8 Rework TPM measurements
Rework TPM measurements to use fewer PCRs. After discussion with upstream,
it's preferable to avoid using so many PCRs. Instead, measure into PCRs 8
and 9 but use a prefix in the event log to indicate which subsystem carried
out the measurements.
2016-03-23 17:03:43 -07:00
Andrei Borzenkov
b95e926788 script: fix memory leak
Found by: Coverity scan.
CID: 96637
2016-01-12 22:50:30 +03:00
Matthew Garrett
b47b5685b5 Measure commands
Measure each command executed by grub, which includes script execution.
2016-01-05 14:35:17 -08:00
Andrei Borzenkov
9883307a52 script/execute.c: fix memory leak.
Make sure to continue loop over array after failure to free
allocated strings.

Found by: Coverity scan.
2015-01-28 20:35:28 +03:00
Andrey Borzenkov
593e430cd6 * grub-core/script/execute.c (grub_script_execute_sourcecode): Split
off new function grub_script_execute_new_scope. Change callers to use
	either of them as appropriate.
	* grub-core/commands/eval.c: New command eval.
	* docs/grub.texi (Commands): Document it.
2013-06-07 18:36:42 +02:00
Vladimir 'phcoder' Serbinenko
bdc4add8ca * grub-core/script/execute.c (grub_script_arglist_to_argv): Fix
handling of variables containing backslash.
2013-04-29 12:02:26 +02:00
Vladimir 'phcoder' Serbinenko
73b5d90fe2 * grub-core/script/execute.c (grub_script_arglist_to_argv): Move
append out of its parent.
2013-03-03 15:26:29 +01:00
Vladimir 'phcoder' Serbinenko
396d4091e7 * grub-core/script/execute.c (gettext_append): Remove nested functions. 2013-03-02 12:17:52 +01:00
Colin Watson
09fd6d8293 Remove nested functions from script reading and parsing.
* grub-core/kern/parser.c (grub_parser_split_cmdline): Add
getline_data argument, passed to getline.
* grub-core/kern/rescue_parser.c (grub_rescue_parse_line): Add
getline_data argument, passed to grub_parser_split_cmdline.
* grub-core/script/lexer.c (grub_script_lexer_yywrap): Pass
lexerstate->getline_data to lexerstate->getline.
(grub_script_lexer_init): Add getline_data argument, saved in
lexerstate->getline_data.
* grub-core/script/main.c (grub_normal_parse_line): Add getline_data
argument, passed to grub_script_parse.
* grub-core/script/script.c (grub_script_parse): Add getline_data
argument, passed to grub_script_lexer_init.
* include/grub/parser.h (grub_parser_split_cmdline): Update
prototype.  Update all callers to pass appropriate getline data.
(struct grub_parser.parse_line): Likewise.
(grub_rescue_parse_line): Likewise.
* include/grub/reader.h (grub_reader_getline_t): Add void *
argument.
* include/grub/script_sh.h (struct grub_lexer_param): Add
getline_data member.
(grub_script_parse): Update prototype.  Update all callers to pass
appropriate getline data.
(grub_script_lexer_init): Likewise.
(grub_normal_parse_line): Likewise.

* grub-core/commands/legacycfg.c (legacy_file_getline): Add unused
data argument.
* grub-core/kern/parser.c (grub_parser_execute: getline): Make
static instead of nested.  Rename to ...
(grub_parser_execute_getline): ... this.
* grub-core/kern/rescue_reader.c (grub_rescue_read_line): Add unused
data argument.
* grub-core/normal/main.c (read_config_file: getline): Make static
instead of nested.  Rename to ...
(read_config_file_getline): ... this.
(grub_normal_read_line): Add unused data argument.
* grub-core/script/execute.c (grub_script_execute_sourcecode:
getline): Make static instead of nested.  Rename to ...
(grub_script_execute_sourcecode_getline): ... this.
* util/grub-script-check.c (main: get_config_line): Make static
instead of nested.
2013-01-15 12:03:25 +00:00
Vladimir 'phcoder' Serbinenko
cde393c9a3 * grub-core/script/execute.c (grub_script_arglist_to_argv): Escape
blocks.
2012-06-21 22:02:09 +02:00
Vladimir 'phcoder' Serbinenko
485568790c Fix wildcard regexp dot and other special characters handling.
Reported by: Robert Mabee.

	* grub-core/commands/wildcard.c (isregexop): Add "|+{}[]?".
	(make_regex): Escape "|+{}[]". Transform '?' to '.?'.
	(split_path): Trigger expansion on '?'.
	(unescape): New function.
	(wildcard_expand): Unescape parts copied without globbing.
	* grub-core/script/execute.c (wildcard_escape): Escape '?'.
	(grub_script_arglist_to_argv): Don't unescape expansions.
2012-06-19 14:13:19 +02:00
Vladimir 'phcoder' Serbinenko
5e619f408d Fix wildcard escaping.
* grub-core/commands/wildcard.c (wildcard_escape): Moved from here ...
	* grub-core/script/execute.c (wildcard_escape): .. to here.
	Don't escape dot.
	* grub-core/commands/wildcard.c (wildcard_unescape): Moved from here ...
	* grub-core/script/execute.c (wildcard_unescape): .. to here.
	Don't escape dot.
	* grub-core/script/execute.c (gettext_append): Always escape.
	(grub_script_arglist_to_argv): Always handle escaping/unescaping.
	* grub-core/script/yylex.l: Don't cut away the escaping.
	* tests/grub_script_echo1.in: Add tests with wildcard.
2012-06-08 22:54:21 +02:00
Vladimir 'phcoder' Serbinenko
0ae4f0bddb * grub-core/commands/i386/pc/play.c: Improve TRANSLATORS comments.
* grub-core/commands/regexp.c: Likewise.
	* grub-core/loader/i386/linux.c: Likewise.
	* grub-core/partmap/msdos.c: Likewise.
	* grub-core/script/execute.c: Likewise.
	* grub-core/term/gfxterm.c: Likewise.
2012-03-11 23:36:35 +01:00
Vladimir 'phcoder' Serbinenko
546fbe9b5a Add variable parsing in $"..." and fix several mismatches with bash.
* Makefile.util.def (grub_script_gettext): New test.
	* grub-core/script/execute.c (parse_string): New function.
	(gettext_append): Likewise.
	(grub_script_arglist_to_argv): Use gettext_append.
	* grub-core/script/yylex.l: Fix slash and newline handling in $"...".
	* tests/grub_script_gettext.in: New file.
2012-03-11 14:46:48 +01:00
Vladimir 'phcoder' Serbinenko
e8e0566b0c * grub-core/commands/videoinfo.c: Add TRANSLATORS comments.
* grub-core/commands/xnu_uuid.c: Likewise.
	* grub-core/loader/efi/appleloader.c: Likewise.
	* grub-core/script/execute.c: Likewise.
	* grub-core/script/main.c: Likewise.
	* util/grub-mkfont.c: Likewise.
2012-03-10 13:19:46 +01:00
Vladimir 'phcoder' Serbinenko
ef292a8775 * grub-core/net/http.c: Add TRANSLATORS comments.
* grub-core/normal/cmdline.c: Likewise.
	* grub-core/normal/misc.c: Likewise.
	* grub-core/partmap/msdos.c: Likewise.
	* grub-core/parttool/msdospart.c: Likewise.
	* grub-core/script/execute.c: Likewise.
	* grub-core/script/main.c: Likewise.
	* grub-core/term/terminfo.c: Likewise.
	* grub-core/video/bitmap.c: Likewise.
	* util/grub-install.in: Likewise.
	* util/grub-mkimage.c: Likewise.
	* util/grub-mklayout.c: Likewise.
	* util/grub-setup.c: Likewise.
2012-03-05 16:42:26 +01:00
Vladimir 'phcoder' Serbinenko
0d31b7df86 * grub-core/script/execute.c (grub_script_return): Replace ambiguous
"scope" with "body".
2012-03-04 12:14:33 +01:00
Vladimir 'phcoder' Serbinenko
7e8fac16ad $"..." support in scripts.
* grub-core/script/execute.c (grub_script_arglist_to_argv): Handle
	GRUB_SCRIPT_ARG_TYPE_GETTEXT.
	* grub-core/script/yylex.l: Likewise.
	* include/grub/script_sh.h (GRUB_SCRIPT_ARG_TYPE_GETTEXT): New enum
	value.
2012-02-26 19:02:46 +01:00
Vladimir 'phcoder' Serbinenko
67093bc0ed Another round of string clarification and adding TRANSLATORS comments. 2012-02-26 17:28:05 +01:00
Vladimir 'phcoder' Serbinenko
d9a62292e3 * grub-core/script/execute.c (grub_script_break): Clarify logic.
Better error handling.
	(grub_script_return): Likewise.
	* grub-core/script/lexer.c (grub_script_lexer_yywrap): Likewise.
2012-02-12 21:33:48 +01:00
Vladimir 'phcoder' Serbinenko
d61386e21d Improve string. Gettextize. 2012-02-12 15:25:25 +01:00
Vladimir 'phcoder' Serbinenko
1e5ec32f2d * grub-core/script/execute.c (grub_script_return): Fix warning. 2012-02-04 12:21:21 +01:00
Vladimir 'phcoder' Serbinenko
ac576cde1d * grub-core/script/execute.c (grub_script_return): Fix potential
NULL-dereference.
	Reported by: Jim Meyering.
2012-02-04 11:52:10 +01:00
Vladimir 'phcoder' Serbinenko
9c2710789f Eliminate grub_min/grub_max prone to overflow usage.
* grub-core/bus/usb/usbhub.c (grub_usb_add_hub): Eliminate grub_min.
	(poll_nonroot_hub): Likewise.
	* grub-core/fs/affs.c (grub_affs_iterate_dir): Likewise.
	(grub_affs_label): Likewise.
	* grub-core/fs/btrfs.c (grub_btrfs_lzo_decompress): Likewise.
	* grub-core/fs/hfs.c (grub_hfs_dir): Likewise.
	(grub_hfs_label): Likewise.
	* grub-core/fs/hfsplus.c (grub_hfsplus_cmp_catkey): Likewise.
	* grub-core/fs/zfs/zfs.c (MIN): Remove.
	(zap_leaf_array_equal): Use grub_size. Remove MIN.
	(zap_leaf_array_get): Likewise.
	(dnode_get_path): Likewise.
	* grub-core/io/lzopio.c (grub_lzopio_read): Eliminate grub_min.
	* grub-core/io/xzio.c (grub_xzio_read): Likewise.
	* grub-core/script/execute.c (grub_script_break): Likewise.
	* grub-core/script/lexer.c (grub_script_lexer_record): Eliminate
	grub_max.
	* grub-core/script/yylex.l (grub_lexer_yyrealloc): Likewise.
	* include/grub/misc.h (grub_min): Removed.
	(grub_max): Likewise.
2012-01-14 15:44:34 +01:00
Vladimir 'phcoder' Serbinenko
d35d0d3753 Add const keyword to grub_env_get and gettextize week days.
* grub-core/hook/datehook.c (grub_datetime_names): Make const.
	(grub_read_hook_datetime): Return const char *.
	* grub-core/kern/env.c (grub_env_get): Return const char *. All users
	updated.
	* grub-core/normal/datetime.c (grub_weekday_names): Make const.
	Mark for gettext.
	(grub_get_weekday_name): Return const char *. Call gettext.
	* grub-core/script/argv.c (grub_script_argv_append): Receive const
	char * and len as the argument. All users updated.
	(grub_script_argv_split_append): Receive const char *.
	* include/grub/datetime.h (grub_get_weekday_name): Update proto.
	* include/grub/env.h (grub_env_get): Likewise.
	(grub_env_read_hook_t): Return const char *.
	* include/grub/script_sh.h (grub_script_argv_append): Update proto.
	(grub_script_argv_split_append): Likewise.
2011-11-11 20:34:37 +01:00
BVK Chaitanya
a8152fedab suppress shell expansion inside quoted strings 2010-11-07 16:13:14 +05:30
Vladimir 'phcoder' Serbinenko
74ccb5b5e2 * grub-core/script/execute.c (grub_script_execute_sourcecode): Set
flags.
2010-09-30 20:59:20 +02:00
Vladimir 'phcoder' Serbinenko
a38b701cbf Rename jail to extractor 2010-09-20 23:01:34 +02:00
Vladimir 'phcoder' Serbinenko
7756d44436 Basic menuentry-retrieveing jail 2010-09-16 23:48:32 +02:00
bvk.groups@gmail.com
058e30ac09 Not command (!) support to GRUB script.
* tests/grub_script_not.in: New test.
	* Makefile.util.def: Rules for new test.

	* grub-core/script/execute.c (grub_script_execute_cmdline): Handle
	! command as a special case.
	* grub-core/script/yylex.l (GRUB_PARSER_TOKEN_NOT): Removed.
2010-09-08 09:21:02 +05:30
bvk.groups@gmail.com
a0b5f6bcb1 update grub_errno as per the return value 2010-09-07 21:46:04 +05:30
BVK Chaitanya
1bce65c7b1 not command (!) support 2010-09-05 14:57:28 +05:30
BVK Chaitanya
ee14ec9935 merge with mainline 2010-09-04 22:34:32 +05:30
BVK Chaitanya
ed8c6dec96 Support for options to appear multiple times on cmdline.
* include/grub/lib/arg.h (grub_arg_list_alloc): New prototype.
	* grub-core/commands/extcmd.c: Support for repeatable option.
	* grub-core/lib/arg.c (grub_arg_list_alloc): New function for
	repeatable option support.

	Refactor menuentry into a regular command.

	* grub-core/commands/menuentry.c: New file, menuentry command
	implementation.
	* grub-core/Makefile.core.def: Rule update for normal.mod.
	* grub-core/normal/main.c: Moved menuentry creation to
	grub-core/commands/menuentry.c.
	* grub-core/normal/menu.c (grub_menu_execute_entry): Removed.
	(grub_menu_execute_entry_real): Removed.
	* grub-core/script/execute.c (grub_script_execute_sourcecode): New
	function.
	(grub_script_execute_menuentry): Removed.
	* grub-core/script/parser.y (menuentry): Removed.
	* grub-core/script/script.c (grub_script_create_cmdmenu): Removed.
	* grub-core/script/yylex.l (menuentry): Removed.
	* include/grub/menu.h (grub_menu_init): New prototype.
	(grub_menu_fini): New prototype.
	* include/grub/normal.h (grub_normal_add_menu_entry): Removed.
	* include/grub/script_sh.h (grub_script_cmd_menuentry): Removed.
	(grub_script_execute_sourcecode): New prototype.
2010-09-04 21:43:54 +05:30
BVK Chaitanya
9fcd1ee541 merge with mainline 2010-09-04 21:02:48 +05:30
BVK Chaitanya
165bfce138 merge with mainline 2010-09-04 20:44:44 +05:30
BVK Chaitanya
cd652829a1 merge with mainline 2010-09-04 14:41:08 +05:30
BVK Chaitanya
49649ac85d review comments 2010-09-04 14:32:59 +05:30
BVK Chaitanya
6d7c073bc8 merge with mainline 2010-09-04 11:49:02 +05:30
BVK Chaitanya
227cab7c79 merge with mainline 2010-09-04 10:56:23 +05:30
BVK Chaitanya
cc7b1ab4d6 review comments 2010-09-03 20:35:23 +05:30
BVK Chaitanya
8fdefb9253 merge with mainline 2010-08-26 12:11:57 +05:30
BVK Chaitanya
47b4c2c3e8 pull-in block-arg branch 2010-08-26 11:32:35 +05:30
BVK Chaitanya
928bad4708 merge with mainline 2010-08-26 09:30:11 +05:30
BVK Chaitanya
aa5cd41af5 return command for functions 2010-08-25 19:35:52 +05:30
BVK Chaitanya
a9b85993ee merge with mainline 2010-08-25 14:45:56 +05:30