Matthew Garrett
f4f4e3c715
verifiers: Core TPM support
...
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI. In future we might
want to have some sort of mechanism for choosing which events get logged
to which PCRs, but this seems like a good default policy and we can wait
to see whether anyone has a use case before adding more complexity.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 16:43:54 -04:00
Matthew Garrett
8d6447d496
verifiers: Verify commands executed by grub
...
Pass all commands executed by GRUB to the verifiers layer. Most verifiers will
ignore this, but some (such as the TPM verifier) want to be able to measure and
log each command executed in order to ensure that the boot state is as expected.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
2020-09-21 14:11:28 -04:00
David Michael
e576eb0cbc
Merge remote-tracking branch 'upstream/master'
2017-01-23 14:02:45 -08:00
Matthew Garrett
bf25cda14e
Make TPM errors less fatal
...
Handle TPM errors, and stop trying to use the TPM once we hit one.
2016-10-13 14:01:52 -07:00
Matthew Garrett
bb3473d7c8
Rework TPM measurements
...
Rework TPM measurements to use fewer PCRs. After discussion with upstream,
it's preferable to avoid using so many PCRs. Instead, measure into PCRs 8
and 9 but use a prefix in the event log to indicate which subsystem carried
out the measurements.
2016-03-23 17:03:43 -07:00
Andrei Borzenkov
b95e926788
script: fix memory leak
...
Found by: Coverity scan.
CID: 96637
2016-01-12 22:50:30 +03:00
Matthew Garrett
b47b5685b5
Measure commands
...
Measure each command executed by grub, which includes script execution.
2016-01-05 14:35:17 -08:00
Andrei Borzenkov
9883307a52
script/execute.c: fix memory leak.
...
Make sure to continue loop over array after failure to free
allocated strings.
Found by: Coverity scan.
2015-01-28 20:35:28 +03:00
Andrey Borzenkov
593e430cd6
* grub-core/script/execute.c (grub_script_execute_sourcecode): Split
...
off new function grub_script_execute_new_scope. Change callers to use
either of them as appropriate.
* grub-core/commands/eval.c: New command eval.
* docs/grub.texi (Commands): Document it.
2013-06-07 18:36:42 +02:00
Vladimir 'phcoder' Serbinenko
bdc4add8ca
* grub-core/script/execute.c (grub_script_arglist_to_argv): Fix
...
handling of variables containing backslash.
2013-04-29 12:02:26 +02:00
Vladimir 'phcoder' Serbinenko
73b5d90fe2
* grub-core/script/execute.c (grub_script_arglist_to_argv): Move
...
append out of its parent.
2013-03-03 15:26:29 +01:00
Vladimir 'phcoder' Serbinenko
396d4091e7
* grub-core/script/execute.c (gettext_append): Remove nested functions.
2013-03-02 12:17:52 +01:00
Colin Watson
09fd6d8293
Remove nested functions from script reading and parsing.
...
* grub-core/kern/parser.c (grub_parser_split_cmdline): Add
getline_data argument, passed to getline.
* grub-core/kern/rescue_parser.c (grub_rescue_parse_line): Add
getline_data argument, passed to grub_parser_split_cmdline.
* grub-core/script/lexer.c (grub_script_lexer_yywrap): Pass
lexerstate->getline_data to lexerstate->getline.
(grub_script_lexer_init): Add getline_data argument, saved in
lexerstate->getline_data.
* grub-core/script/main.c (grub_normal_parse_line): Add getline_data
argument, passed to grub_script_parse.
* grub-core/script/script.c (grub_script_parse): Add getline_data
argument, passed to grub_script_lexer_init.
* include/grub/parser.h (grub_parser_split_cmdline): Update
prototype. Update all callers to pass appropriate getline data.
(struct grub_parser.parse_line): Likewise.
(grub_rescue_parse_line): Likewise.
* include/grub/reader.h (grub_reader_getline_t): Add void *
argument.
* include/grub/script_sh.h (struct grub_lexer_param): Add
getline_data member.
(grub_script_parse): Update prototype. Update all callers to pass
appropriate getline data.
(grub_script_lexer_init): Likewise.
(grub_normal_parse_line): Likewise.
* grub-core/commands/legacycfg.c (legacy_file_getline): Add unused
data argument.
* grub-core/kern/parser.c (grub_parser_execute: getline): Make
static instead of nested. Rename to ...
(grub_parser_execute_getline): ... this.
* grub-core/kern/rescue_reader.c (grub_rescue_read_line): Add unused
data argument.
* grub-core/normal/main.c (read_config_file: getline): Make static
instead of nested. Rename to ...
(read_config_file_getline): ... this.
(grub_normal_read_line): Add unused data argument.
* grub-core/script/execute.c (grub_script_execute_sourcecode:
getline): Make static instead of nested. Rename to ...
(grub_script_execute_sourcecode_getline): ... this.
* util/grub-script-check.c (main: get_config_line): Make static
instead of nested.
2013-01-15 12:03:25 +00:00
Vladimir 'phcoder' Serbinenko
cde393c9a3
* grub-core/script/execute.c (grub_script_arglist_to_argv): Escape
...
blocks.
2012-06-21 22:02:09 +02:00
Vladimir 'phcoder' Serbinenko
485568790c
Fix wildcard regexp dot and other special characters handling.
...
Reported by: Robert Mabee.
* grub-core/commands/wildcard.c (isregexop): Add "|+{}[]?".
(make_regex): Escape "|+{}[]". Transform '?' to '.?'.
(split_path): Trigger expansion on '?'.
(unescape): New function.
(wildcard_expand): Unescape parts copied without globbing.
* grub-core/script/execute.c (wildcard_escape): Escape '?'.
(grub_script_arglist_to_argv): Don't unescape expansions.
2012-06-19 14:13:19 +02:00
Vladimir 'phcoder' Serbinenko
5e619f408d
Fix wildcard escaping.
...
* grub-core/commands/wildcard.c (wildcard_escape): Moved from here ...
* grub-core/script/execute.c (wildcard_escape): .. to here.
Don't escape dot.
* grub-core/commands/wildcard.c (wildcard_unescape): Moved from here ...
* grub-core/script/execute.c (wildcard_unescape): .. to here.
Don't escape dot.
* grub-core/script/execute.c (gettext_append): Always escape.
(grub_script_arglist_to_argv): Always handle escaping/unescaping.
* grub-core/script/yylex.l: Don't cut away the escaping.
* tests/grub_script_echo1.in: Add tests with wildcard.
2012-06-08 22:54:21 +02:00
Vladimir 'phcoder' Serbinenko
0ae4f0bddb
* grub-core/commands/i386/pc/play.c: Improve TRANSLATORS comments.
...
* grub-core/commands/regexp.c: Likewise.
* grub-core/loader/i386/linux.c: Likewise.
* grub-core/partmap/msdos.c: Likewise.
* grub-core/script/execute.c: Likewise.
* grub-core/term/gfxterm.c: Likewise.
2012-03-11 23:36:35 +01:00
Vladimir 'phcoder' Serbinenko
546fbe9b5a
Add variable parsing in $"..." and fix several mismatches with bash.
...
* Makefile.util.def (grub_script_gettext): New test.
* grub-core/script/execute.c (parse_string): New function.
(gettext_append): Likewise.
(grub_script_arglist_to_argv): Use gettext_append.
* grub-core/script/yylex.l: Fix slash and newline handling in $"...".
* tests/grub_script_gettext.in: New file.
2012-03-11 14:46:48 +01:00
Vladimir 'phcoder' Serbinenko
e8e0566b0c
* grub-core/commands/videoinfo.c: Add TRANSLATORS comments.
...
* grub-core/commands/xnu_uuid.c: Likewise.
* grub-core/loader/efi/appleloader.c: Likewise.
* grub-core/script/execute.c: Likewise.
* grub-core/script/main.c: Likewise.
* util/grub-mkfont.c: Likewise.
2012-03-10 13:19:46 +01:00
Vladimir 'phcoder' Serbinenko
ef292a8775
* grub-core/net/http.c: Add TRANSLATORS comments.
...
* grub-core/normal/cmdline.c: Likewise.
* grub-core/normal/misc.c: Likewise.
* grub-core/partmap/msdos.c: Likewise.
* grub-core/parttool/msdospart.c: Likewise.
* grub-core/script/execute.c: Likewise.
* grub-core/script/main.c: Likewise.
* grub-core/term/terminfo.c: Likewise.
* grub-core/video/bitmap.c: Likewise.
* util/grub-install.in: Likewise.
* util/grub-mkimage.c: Likewise.
* util/grub-mklayout.c: Likewise.
* util/grub-setup.c: Likewise.
2012-03-05 16:42:26 +01:00
Vladimir 'phcoder' Serbinenko
0d31b7df86
* grub-core/script/execute.c (grub_script_return): Replace ambiguous
...
"scope" with "body".
2012-03-04 12:14:33 +01:00
Vladimir 'phcoder' Serbinenko
7e8fac16ad
$"..." support in scripts.
...
* grub-core/script/execute.c (grub_script_arglist_to_argv): Handle
GRUB_SCRIPT_ARG_TYPE_GETTEXT.
* grub-core/script/yylex.l: Likewise.
* include/grub/script_sh.h (GRUB_SCRIPT_ARG_TYPE_GETTEXT): New enum
value.
2012-02-26 19:02:46 +01:00
Vladimir 'phcoder' Serbinenko
67093bc0ed
Another round of string clarification and adding TRANSLATORS comments.
2012-02-26 17:28:05 +01:00
Vladimir 'phcoder' Serbinenko
d9a62292e3
* grub-core/script/execute.c (grub_script_break): Clarify logic.
...
Better error handling.
(grub_script_return): Likewise.
* grub-core/script/lexer.c (grub_script_lexer_yywrap): Likewise.
2012-02-12 21:33:48 +01:00
Vladimir 'phcoder' Serbinenko
d61386e21d
Improve string. Gettextize.
2012-02-12 15:25:25 +01:00
Vladimir 'phcoder' Serbinenko
1e5ec32f2d
* grub-core/script/execute.c (grub_script_return): Fix warning.
2012-02-04 12:21:21 +01:00
Vladimir 'phcoder' Serbinenko
ac576cde1d
* grub-core/script/execute.c (grub_script_return): Fix potential
...
NULL-dereference.
Reported by: Jim Meyering.
2012-02-04 11:52:10 +01:00
Vladimir 'phcoder' Serbinenko
9c2710789f
Eliminate grub_min/grub_max prone to overflow usage.
...
* grub-core/bus/usb/usbhub.c (grub_usb_add_hub): Eliminate grub_min.
(poll_nonroot_hub): Likewise.
* grub-core/fs/affs.c (grub_affs_iterate_dir): Likewise.
(grub_affs_label): Likewise.
* grub-core/fs/btrfs.c (grub_btrfs_lzo_decompress): Likewise.
* grub-core/fs/hfs.c (grub_hfs_dir): Likewise.
(grub_hfs_label): Likewise.
* grub-core/fs/hfsplus.c (grub_hfsplus_cmp_catkey): Likewise.
* grub-core/fs/zfs/zfs.c (MIN): Remove.
(zap_leaf_array_equal): Use grub_size. Remove MIN.
(zap_leaf_array_get): Likewise.
(dnode_get_path): Likewise.
* grub-core/io/lzopio.c (grub_lzopio_read): Eliminate grub_min.
* grub-core/io/xzio.c (grub_xzio_read): Likewise.
* grub-core/script/execute.c (grub_script_break): Likewise.
* grub-core/script/lexer.c (grub_script_lexer_record): Eliminate
grub_max.
* grub-core/script/yylex.l (grub_lexer_yyrealloc): Likewise.
* include/grub/misc.h (grub_min): Removed.
(grub_max): Likewise.
2012-01-14 15:44:34 +01:00
Vladimir 'phcoder' Serbinenko
d35d0d3753
Add const keyword to grub_env_get and gettextize week days.
...
* grub-core/hook/datehook.c (grub_datetime_names): Make const.
(grub_read_hook_datetime): Return const char *.
* grub-core/kern/env.c (grub_env_get): Return const char *. All users
updated.
* grub-core/normal/datetime.c (grub_weekday_names): Make const.
Mark for gettext.
(grub_get_weekday_name): Return const char *. Call gettext.
* grub-core/script/argv.c (grub_script_argv_append): Receive const
char * and len as the argument. All users updated.
(grub_script_argv_split_append): Receive const char *.
* include/grub/datetime.h (grub_get_weekday_name): Update proto.
* include/grub/env.h (grub_env_get): Likewise.
(grub_env_read_hook_t): Return const char *.
* include/grub/script_sh.h (grub_script_argv_append): Update proto.
(grub_script_argv_split_append): Likewise.
2011-11-11 20:34:37 +01:00
BVK Chaitanya
a8152fedab
suppress shell expansion inside quoted strings
2010-11-07 16:13:14 +05:30
Vladimir 'phcoder' Serbinenko
74ccb5b5e2
* grub-core/script/execute.c (grub_script_execute_sourcecode): Set
...
flags.
2010-09-30 20:59:20 +02:00
Vladimir 'phcoder' Serbinenko
a38b701cbf
Rename jail to extractor
2010-09-20 23:01:34 +02:00
Vladimir 'phcoder' Serbinenko
7756d44436
Basic menuentry-retrieveing jail
2010-09-16 23:48:32 +02:00
bvk.groups@gmail.com
058e30ac09
Not command (!) support to GRUB script.
...
* tests/grub_script_not.in: New test.
* Makefile.util.def: Rules for new test.
* grub-core/script/execute.c (grub_script_execute_cmdline): Handle
! command as a special case.
* grub-core/script/yylex.l (GRUB_PARSER_TOKEN_NOT): Removed.
2010-09-08 09:21:02 +05:30
bvk.groups@gmail.com
a0b5f6bcb1
update grub_errno as per the return value
2010-09-07 21:46:04 +05:30
BVK Chaitanya
1bce65c7b1
not command (!) support
2010-09-05 14:57:28 +05:30
BVK Chaitanya
ee14ec9935
merge with mainline
2010-09-04 22:34:32 +05:30
BVK Chaitanya
ed8c6dec96
Support for options to appear multiple times on cmdline.
...
* include/grub/lib/arg.h (grub_arg_list_alloc): New prototype.
* grub-core/commands/extcmd.c: Support for repeatable option.
* grub-core/lib/arg.c (grub_arg_list_alloc): New function for
repeatable option support.
Refactor menuentry into a regular command.
* grub-core/commands/menuentry.c: New file, menuentry command
implementation.
* grub-core/Makefile.core.def: Rule update for normal.mod.
* grub-core/normal/main.c: Moved menuentry creation to
grub-core/commands/menuentry.c.
* grub-core/normal/menu.c (grub_menu_execute_entry): Removed.
(grub_menu_execute_entry_real): Removed.
* grub-core/script/execute.c (grub_script_execute_sourcecode): New
function.
(grub_script_execute_menuentry): Removed.
* grub-core/script/parser.y (menuentry): Removed.
* grub-core/script/script.c (grub_script_create_cmdmenu): Removed.
* grub-core/script/yylex.l (menuentry): Removed.
* include/grub/menu.h (grub_menu_init): New prototype.
(grub_menu_fini): New prototype.
* include/grub/normal.h (grub_normal_add_menu_entry): Removed.
* include/grub/script_sh.h (grub_script_cmd_menuentry): Removed.
(grub_script_execute_sourcecode): New prototype.
2010-09-04 21:43:54 +05:30
BVK Chaitanya
9fcd1ee541
merge with mainline
2010-09-04 21:02:48 +05:30
BVK Chaitanya
165bfce138
merge with mainline
2010-09-04 20:44:44 +05:30
BVK Chaitanya
cd652829a1
merge with mainline
2010-09-04 14:41:08 +05:30
BVK Chaitanya
49649ac85d
review comments
2010-09-04 14:32:59 +05:30
BVK Chaitanya
6d7c073bc8
merge with mainline
2010-09-04 11:49:02 +05:30
BVK Chaitanya
227cab7c79
merge with mainline
2010-09-04 10:56:23 +05:30
BVK Chaitanya
cc7b1ab4d6
review comments
2010-09-03 20:35:23 +05:30
BVK Chaitanya
8fdefb9253
merge with mainline
2010-08-26 12:11:57 +05:30
BVK Chaitanya
47b4c2c3e8
pull-in block-arg branch
2010-08-26 11:32:35 +05:30
BVK Chaitanya
928bad4708
merge with mainline
2010-08-26 09:30:11 +05:30
BVK Chaitanya
aa5cd41af5
return command for functions
2010-08-25 19:35:52 +05:30
BVK Chaitanya
a9b85993ee
merge with mainline
2010-08-25 14:45:56 +05:30