Do we use ZBOOT kernels anywhere in old releases where this is really necessary?
Is this something we really want in older GRUBs at all? Removing the magic number check is easy enough, but I am not sure of the ramifications of allowing random signed EFI binaries through the linux codepath with those old loaders. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2002226 Title: Add support for kernels compiled with CONFIG_EFI_ZBOOT Status in grub2 package in Ubuntu: Fix Released Status in grub2-unsigned package in Ubuntu: Fix Released Status in linux package in Ubuntu: Triaged Status in grub2 source package in Focal: New Status in grub2-unsigned source package in Focal: New Status in linux source package in Focal: New Status in grub2 source package in Jammy: New Status in grub2-unsigned source package in Jammy: New Status in linux source package in Jammy: New Status in grub2 source package in Lunar: New Status in grub2-unsigned source package in Lunar: New Status in linux source package in Lunar: New Bug description: [Impact] Arm64 kernels compiled with CONFIG_EFI_ZBOOT=y don't use the ARM64_IMAGE_MAGIC ('ARM\x64') but LINUX_PE_MAGIC (0x818223cd) in the PE Header. Our GRUB fails to boot such a kernel. We should eliminate the following check: grub-core/loader/efi/linux.c:75: if (lh->magic != GRUB_LINUX_ARCH_MAGIC_SIGNATURE) return grub_error(GRUB_ERR_BAD_OS, "invalid magic number"); This will allow any EFI binary to be run using the linux command. [Test plan] * check that grub and EFI based ARM64 machines boot * check that MAAS deployment works [Where problems could occur] * Non-EFI bootloaders want to boot with regular vmlinuz.gz. If one is using piboot, u-boot, abootimg likely one still wants to build Image.gz and have CONFIG_EFI_ZBOOT disabled. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2002226/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
