[PATCH v3 01/10] modules: make .module_license read-only
From: Peter Jones Currently .module_license is set writable (that is, the section has the SHF_WRITE flag set) in the module's ELF headers. This probably never actually matters, but it can't possibly be correct. This patch sets that data as "const", which causes that flag not to be set. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko --- include/grub/dl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/grub/dl.h b/include/grub/dl.h index cd1f46c8b..750fc8d3d 100644 --- a/include/grub/dl.h +++ b/include/grub/dl.h @@ -119,7 +119,7 @@ grub_mod_fini (void) #define ATTRIBUTE_USED __unused__ #endif #define GRUB_MOD_LICENSE(license) \ - static char grub_module_license[] __attribute__ ((section (GRUB_MOD_SECTION (module_license)), ATTRIBUTE_USED)) = "LICENSE=" license; + static const char grub_module_license[] __attribute__ ((section (GRUB_MOD_SECTION (module_license)), ATTRIBUTE_USED)) = "LICENSE=" license; #define GRUB_MOD_DEP(name) \ static const char grub_module_depend_##name[] \ __attribute__((section(GRUB_MOD_SECTION(moddeps)), ATTRIBUTE_USED)) = #name -- 2.39.2 ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH v3 00/10] UEFI NX support and NX Linux loader using shim loader protocol
Currently the patchset consists of: - Reworked Fedora NX patches to make GRUB itself work under NX. - Julian Andres Klode's loader framework patch (used in Debian and Ubuntu for the downstream loader). - Implemented shim loader protocol support using the above loader framework. - Added patch to disallow using the legacy Linux loader when NX is required. Future work: - Implement NX in non-Linux loaders where applicable. (Note that this is non-crtitical for security, as non-UEFI/Linux loaders are disabled by SB lockdown, but would be nice to avoid crashes for unsuspecting users on future hardware). Julian Andres Klode (1): efi: Provide wrappers for load_image, start_image, unload_image Mate Kukri (6): modules: load module sections at page-aligned addresses nx: add memory attribute get/set API nx: set page permissions for loaded modules. nx: set the nx compatible flag in EFI grub images efi: Use shim's loader protocol for EFI image verification and loading efi: Disallow fallback to legacy Linux loader when shim says NX is required. Peter Jones (3): modules: make .module_license read-only modules: strip .llvm_addrsig sections and similar. modules: Don't allocate space for non-allocable sections. docs/grub-dev.texi | 6 +- grub-core/genmod.sh.in | 5 +- grub-core/kern/arm/dl.c| 13 +++ grub-core/kern/arm64/dl.c | 13 +++ grub-core/kern/dl.c| 160 +++-- grub-core/kern/efi/efi.c | 57 ++ grub-core/kern/efi/mm.c| 127 +++ grub-core/kern/efi/sb.c| 60 +++ grub-core/kern/emu/full.c | 13 +++ grub-core/kern/i386/dl.c | 13 +++ grub-core/kern/ia64/dl.c | 9 ++ grub-core/kern/mips/dl.c | 8 ++ grub-core/kern/powerpc/dl.c| 9 ++ grub-core/kern/riscv/dl.c | 13 +++ grub-core/kern/sparc64/dl.c| 9 ++ grub-core/kern/x86_64/dl.c | 13 +++ grub-core/loader/efi/chainloader.c | 13 +-- grub-core/loader/efi/linux.c | 40 +++- include/grub/dl.h | 50 - include/grub/efi/api.h | 32 ++ include/grub/efi/efi.h | 42 include/grub/efi/pe32.h| 2 + include/grub/efi/sb.h | 5 +- include/grub/mm.h | 33 ++ util/mkimage.c | 1 + 25 files changed, 651 insertions(+), 95 deletions(-) -- 2.39.2 ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH v3 03/10] modules: Don't allocate space for non-allocable sections.
From: Peter Jones
Currently when loading grub modules, we allocate space for all sections,
including those without SHF_ALLOC set. We then copy the sections that
/do/ have SHF_ALLOC set into the allocated memory, leaving some of our
allocation untouched forever. Additionally, on platforms with GOT
fixups and trampolines, we currently compute alignment round-ups for the
sections and sections with sh_size = 0.
This patch removes the extra space from the allocation computation, and
makes the allocation computation loop skip empty sections as the loading
loop does.
Signed-off-by: Peter Jones
Signed-off-by: Jan Setje-Eilers
Signed-off-by: Mate Kukri
Reviewed-By: Vladimir Serbinenko
---
grub-core/kern/dl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 0bf40caa6..37db9fab0 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -237,6 +237,9 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
i < e->e_shnum;
i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize))
{
+ if (s->sh_size == 0 || !(s->sh_flags & SHF_ALLOC))
+ continue;
+
tsize = ALIGN_UP (tsize, s->sh_addralign) + s->sh_size;
if (talign < s->sh_addralign)
talign = s->sh_addralign;
--
2.39.2
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH v3 08/10] efi: Provide wrappers for load_image, start_image, unload_image
From: Julian Andres Klode
These can be used to register a different implementation later,
for example, when shim provides a protocol with those functions.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/efi.c | 57 ++
grub-core/loader/efi/chainloader.c | 13 +++
grub-core/loader/efi/linux.c | 12 +++
include/grub/efi/efi.h | 37 +++
4 files changed, 104 insertions(+), 15 deletions(-)
diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
index b93ae3aba..77456835e 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
@@ -1049,3 +1049,60 @@ grub_efi_find_configuration_table (const grub_guid_t
*target_guid)
return 0;
}
+
+static const grub_efi_loader_t *override_loader = NULL;
+
+grub_err_t
+grub_efi_register_loader (const grub_efi_loader_t *loader)
+{
+ if (override_loader != NULL)
+return grub_error (GRUB_ERR_BUG, "trying to register different loader");
+ override_loader = loader;
+ return GRUB_ERR_NONE;
+}
+
+grub_err_t
+grub_efi_unregister_loader (const grub_efi_loader_t *loader)
+{
+ if (loader != override_loader)
+return grub_error (GRUB_ERR_BUG, "trying to unregister different loader");
+
+ override_loader = NULL;
+ return GRUB_ERR_NONE;
+}
+
+grub_efi_status_t
+grub_efi_load_image (grub_efi_boolean_t boot_policy,
+grub_efi_handle_t parent_image_handle,
+grub_efi_device_path_t *file_path, void *source_buffer,
+grub_efi_uintn_t source_size,
+grub_efi_handle_t *image_handle)
+{
+ if (override_loader != NULL)
+return override_loader->load_image (boot_policy, parent_image_handle,
+ file_path, source_buffer, source_size,
+ image_handle);
+ return grub_efi_system_table->boot_services->load_image (
+ boot_policy, parent_image_handle, file_path, source_buffer, source_size,
+ image_handle);
+}
+
+grub_efi_status_t
+grub_efi_start_image (grub_efi_handle_t image_handle,
+ grub_efi_uintn_t *exit_data_size,
+ grub_efi_char16_t **exit_data)
+{
+ if (override_loader != NULL)
+return override_loader->start_image (image_handle, exit_data_size,
+exit_data);
+ return grub_efi_system_table->boot_services->start_image (
+ image_handle, exit_data_size, exit_data);
+}
+
+grub_efi_status_t
+grub_efi_unload_image (grub_efi_handle_t image_handle)
+{
+ if (override_loader != NULL)
+return override_loader->unload_image (image_handle);
+ return grub_efi_system_table->boot_services->unload_image (image_handle);
+}
diff --git a/grub-core/loader/efi/chainloader.c
b/grub-core/loader/efi/chainloader.c
index 1de98f783..eb833b678 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -50,14 +50,12 @@ grub_chainloader_unload (void *context)
{
grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
grub_efi_loaded_image_t *loaded_image;
- grub_efi_boot_services_t *b;
loaded_image = grub_efi_get_loaded_image (image_handle);
if (loaded_image != NULL)
grub_free (loaded_image->load_options);
- b = grub_efi_system_table->boot_services;
- b->unload_image (image_handle);
+ grub_efi_unload_image (image_handle);
grub_dl_unref (my_mod);
return GRUB_ERR_NONE;
@@ -73,7 +71,7 @@ grub_chainloader_boot (void *context)
grub_efi_char16_t *exit_data = NULL;
b = grub_efi_system_table->boot_services;
- status = b->start_image (image_handle, &exit_data_size, &exit_data);
+ status = grub_efi_start_image (image_handle, &exit_data_size, &exit_data);
if (status != GRUB_EFI_SUCCESS)
{
if (exit_data)
@@ -343,9 +341,8 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__
((unused)),
}
#endif
- status = b->load_image (0, grub_efi_image_handle, file_path,
- boot_image, size,
- &image_handle);
+ status = grub_efi_load_image (0, grub_efi_image_handle, file_path,
+ boot_image, size, &image_handle);
if (status != GRUB_EFI_SUCCESS)
{
if (status == GRUB_EFI_OUT_OF_RESOURCES)
@@ -422,7 +419,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__
((unused)),
b->free_pages (address, pages);
if (image_handle != NULL)
-b->unload_image (image_handle);
+grub_efi_unload_image (image_handle);
grub_dl_unref (my_mod);
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index bfbd95aee..58be3c9f8 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -187,7 +187,6 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr,
grub_size_t size, char *args)
{
grub_efi_memory_mapped_device_path_t *mempath;
grub_efi_handle_t image_handle;
- grub_efi_boot_services_t *b;
grub_efi_status_t status;
grub_efi_loade
[PATCH v3 05/10] nx: add memory attribute get/set API
For NX, we need to set the page access permission attributes for write
and execute permissions.
This patch adds two new primitives, grub_set_mem_attrs() and
grub_clear_mem_attrs(), and associated constant definitions, to be used
for that purpose.
For most platforms, it adds a dummy implementation that returns
GRUB_ERR_NONE.
On EFI platforms, it implements the primitives using the EFI
Memory Attribute Protocol (defined in UEFI 2.10 specification).
Original-Author: Peter Jones
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/mm.c | 127
include/grub/efi/api.h | 25
include/grub/mm.h | 33 +++
3 files changed, 185 insertions(+)
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
index 6a6fba891..9af851e8f 100644
--- a/grub-core/kern/efi/mm.c
+++ b/grub-core/kern/efi/mm.c
@@ -687,3 +687,130 @@ grub_efi_get_ram_base(grub_addr_t *base_addr)
return GRUB_ERR_NONE;
}
#endif
+
+static inline grub_uint64_t
+grub_mem_attrs_to_uefi_mem_attrs (grub_uint64_t attrs)
+{
+ grub_uint64_t ret = GRUB_EFI_MEMORY_RP |
+ GRUB_EFI_MEMORY_RO |
+ GRUB_EFI_MEMORY_XP;
+
+ if (attrs & GRUB_MEM_ATTR_R)
+ret &= ~GRUB_EFI_MEMORY_RP;
+
+ if (attrs & GRUB_MEM_ATTR_W)
+ret &= ~GRUB_EFI_MEMORY_RO;
+
+ if (attrs & GRUB_MEM_ATTR_X)
+ret &= ~GRUB_EFI_MEMORY_XP;
+
+ return ret;
+}
+
+static inline grub_uint64_t
+uefi_mem_attrs_to_grub_mem_attrs (grub_uint64_t attrs)
+{
+ grub_uint64_t ret = GRUB_MEM_ATTR_R |
+ GRUB_MEM_ATTR_W |
+ GRUB_MEM_ATTR_X;
+
+ if (attrs & GRUB_EFI_MEMORY_RP)
+ret &= ~GRUB_MEM_ATTR_R;
+
+ if (attrs & GRUB_EFI_MEMORY_RO)
+ret &= ~GRUB_MEM_ATTR_W;
+
+ if (attrs & GRUB_EFI_MEMORY_XP)
+ret &= ~GRUB_MEM_ATTR_X;
+
+ return ret;
+}
+
+grub_err_t
+grub_get_mem_attrs (grub_addr_t addr, grub_size_t size, grub_uint64_t *attrs)
+{
+ grub_efi_memory_attribute_protocol_t *proto;
+ grub_efi_physical_address_t physaddr = addr;
+ grub_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID;
+ grub_efi_status_t efi_status;
+
+ if (physaddr & 0xfff || size & 0xfff || size == 0 || attrs == NULL)
+{
+ return grub_error (GRUB_ERR_BAD_ARGUMENT,
+N_("grub_get_mem_attrs() called with invalid
arguments"));
+}
+
+ proto = grub_efi_locate_protocol (&protocol_guid, 0);
+ if (!proto)
+{
+ /* No protocol -> do nothing, all memory is RWX in boot services */
+ *attrs = GRUB_MEM_ATTR_R | GRUB_MEM_ATTR_W | GRUB_MEM_ATTR_X;
+ return GRUB_ERR_NONE;
+}
+
+ efi_status = proto->get_memory_attributes(proto, physaddr, size, attrs);
+ if (efi_status != GRUB_EFI_SUCCESS)
+{
+ return grub_error (GRUB_ERR_BAD_ARGUMENT,
+N_("grub_get_mem_attrs() called with invalid
arguments"));
+}
+
+ *attrs = uefi_mem_attrs_to_grub_mem_attrs (*attrs);
+
+ grub_dprintf ("nx", "get 0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR":%c%c%c\n",
+ addr, addr + size - 1,
+ (*attrs & GRUB_MEM_ATTR_R) ? 'r' : '-',
+ (*attrs & GRUB_MEM_ATTR_W) ? 'w' : '-',
+ (*attrs & GRUB_MEM_ATTR_X) ? 'x' : '-');
+
+ return GRUB_ERR_NONE;
+}
+
+grub_err_t
+grub_update_mem_attrs (grub_addr_t addr, grub_size_t size,
+ grub_uint64_t set_attrs, grub_uint64_t clear_attrs)
+{
+ grub_efi_memory_attribute_protocol_t *proto;
+ grub_efi_physical_address_t physaddr = addr;
+ grub_guid_t protocol_guid = GRUB_EFI_MEMORY_ATTRIBUTE_PROTOCOL_GUID;
+ grub_efi_status_t efi_status = GRUB_EFI_SUCCESS;
+ grub_uint64_t uefi_set_attrs, uefi_clear_attrs;
+
+
+ if (physaddr & 0xfff || size & 0xfff || size == 0)
+{
+ return grub_error (GRUB_ERR_BAD_ARGUMENT,
+N_("grub_update_mem_attrs() called with invalid
arguments"));
+}
+
+ proto = grub_efi_locate_protocol (&protocol_guid, 0);
+ if (!proto)
+{
+ /* No protocol -> do nothing, all memory is RWX in boot services */
+ return GRUB_ERR_NONE;
+}
+
+ uefi_set_attrs = grub_mem_attrs_to_uefi_mem_attrs (set_attrs);
+ uefi_clear_attrs = grub_mem_attrs_to_uefi_mem_attrs (clear_attrs);
+ if (uefi_set_attrs)
+efi_status = proto->set_memory_attributes(proto, physaddr, size,
uefi_set_attrs);
+ if (efi_status == GRUB_EFI_SUCCESS && uefi_clear_attrs)
+efi_status = proto->clear_memory_attributes(proto, physaddr, size,
uefi_clear_attrs);
+
+ if (efi_status != GRUB_EFI_SUCCESS)
+{
+ return grub_error (GRUB_ERR_BAD_ARGUMENT,
+N_("grub_update_mem_attrs() called with invalid
arguments"));
+}
+
+ grub_dprintf ("nx", "set +%s%s%s -%s%s%s on
0x%"PRIxGRUB_ADDR"-0x%"PRIxGRUB_ADDR"\n",
+ (set_attrs & GRUB_MEM_ATTR_R) ? "r" : "",
+ (set_attrs & GRUB_MEM_ATTR_W) ? "w" : "",
+ (set_attrs & GRUB_MEM_ATTR_X) ? "x" : "",
+ (clear_attrs & GRUB_MEM_ATTR_R) ? "r" : "",
[PATCH v3 09/10] efi: Use shim's loader protocol for EFI image verification and loading
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 39 +---
grub-core/loader/efi/linux.c | 16 ---
include/grub/efi/api.h | 5 +
include/grub/efi/efi.h | 19 +++---
include/grub/efi/sb.h| 3 ---
5 files changed, 31 insertions(+), 51 deletions(-)
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
index 8d3e41360..d3de39599 100644
--- a/grub-core/kern/efi/sb.c
+++ b/grub-core/kern/efi/sb.c
@@ -31,8 +31,9 @@
#include
static grub_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID;
+static grub_guid_t shim_loader_guid = GRUB_EFI_SHIM_IMAGE_LOADER_GUID;
-static bool shim_lock_enabled = false;
+static grub_efi_loader_t *shim_loader = NULL;
/*
* Determine whether we're in secure boot mode.
@@ -95,14 +96,6 @@ grub_efi_get_secureboot (void)
if (!(attr & GRUB_EFI_VARIABLE_RUNTIME_ACCESS) && *moksbstate == 1)
{
secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED;
- /*
- * TODO: Replace this all with shim's LoadImage protocol, delegating
policy to it.
- *
- * We need to set shim_lock_enabled here because we disabled secure boot
- * validation *inside* shim but not in the firmware, so we set this
variable
- * here to trigger that code path, whereas the actual verifier is not
enabled.
- */
- shim_lock_enabled = true;
goto out;
}
@@ -183,14 +176,16 @@ shim_lock_verifier_init (grub_file_t io __attribute__
((unused)),
static grub_err_t
shim_lock_verifier_write (void *context __attribute__ ((unused)), void *buf,
grub_size_t size)
{
- grub_efi_shim_lock_protocol_t *sl = grub_efi_locate_protocol
(&shim_lock_guid, 0);
+ grub_efi_handle_t image_handle;
- if (!sl)
-return grub_error (GRUB_ERR_ACCESS_DENIED, N_("shim_lock protocol not
found"));
+ if (!shim_loader)
+return grub_error (GRUB_ERR_ACCESS_DENIED, N_("shim loader protocol not
found"));
- if (sl->verify (buf, size) != GRUB_EFI_SUCCESS)
+ if (shim_loader->load_image (false, grub_efi_image_handle, NULL, buf, size,
&image_handle) != GRUB_EFI_SUCCESS)
return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim signature"));
+ shim_loader->unload_image(image_handle);
+
return GRUB_ERR_NONE;
}
@@ -205,11 +200,10 @@ void
grub_shim_lock_verifier_setup (void)
{
struct grub_module_header *header;
- grub_efi_shim_lock_protocol_t *sl =
-grub_efi_locate_protocol (&shim_lock_guid, 0);
+ shim_loader = grub_efi_locate_protocol (&shim_loader_guid, 0);
- /* shim_lock is missing, check if GRUB image is built with
--disable-shim-lock. */
- if (!sl)
+ /* shim loader protocol is missing, check if GRUB image is built with
--disable-shim-lock. */
+ if (!shim_loader)
{
FOR_MODULES (header)
{
@@ -222,17 +216,12 @@ grub_shim_lock_verifier_setup (void)
if (grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED)
return;
+ /* register loader */
+ grub_efi_register_loader(shim_loader);
+
/* Enforce shim_lock_verifier. */
grub_verifier_register (&shim_lock_verifier);
- shim_lock_enabled = true;
-
grub_env_set ("shim_lock", "y");
grub_env_export ("shim_lock");
}
-
-bool
-grub_is_shim_lock_enabled (void)
-{
- return shim_lock_enabled;
-}
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 58be3c9f8..99365536a 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -460,22 +460,6 @@ grub_cmd_linux (grub_command_t cmd __attribute__
((unused)),
grub_dl_ref (my_mod);
- if (grub_is_shim_lock_enabled () == true)
-{
-#if defined(__i386__) || defined(__x86_64__)
- grub_dprintf ("linux", "shim_lock enabled, falling back to legacy Linux
kernel loader\n");
-
- err = grub_cmd_linux_x86_legacy (cmd, argc, argv);
-
- if (err == GRUB_ERR_NONE)
- return GRUB_ERR_NONE;
- else
- goto fail;
-#else
- grub_dprintf ("linux", "shim_lock enabled, trying Linux kernel EFI stub
loader\n");
-#endif
-}
-
if (argc == 0)
{
grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
index b686e8afe..9ae908729 100644
--- a/include/grub/efi/api.h
+++ b/include/grub/efi/api.h
@@ -364,6 +364,11 @@
{ 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } \
}
+#define GRUB_EFI_SHIM_IMAGE_LOADER_GUID \
+ { 0x1f492041, 0xfadb, 0x4e59, \
+{0x9e, 0x57, 0x7c, 0xaf, 0xe7, 0x3a, 0x55, 0xab } \
+ }
+
#define GRUB_EFI_RNG_PROTOCOL_GUID \
{ 0x3152bca5, 0xeade, 0x433d, \
{ 0x86, 0x2e, 0xc0, 0x1c, 0xdc, 0x29, 0x1f, 0x44 } \
diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
index 7a98474a1..b79bf0962 100644
--- a/include/grub/efi/efi.h
+++ b/include/grub/efi/efi.h
@@ -150,15 +150,20 @@ EXPORT_FUNC (grub_efi_unload_image) (grub_efi_handle_t
image_handle);
typedef struct grub_efi_loader
{
grub_efi_status_t (__grub_efi_api *load_image) (grub_efi_
[PATCH v3 10/10] efi: Disallow fallback to legacy Linux loader when shim says NX is required.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 27 +++
grub-core/loader/efi/linux.c | 12 +++-
include/grub/efi/api.h | 2 ++
include/grub/efi/sb.h| 2 ++
4 files changed, 38 insertions(+), 5 deletions(-)
diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
index d3de39599..2eae7c4f8 100644
--- a/grub-core/kern/efi/sb.c
+++ b/grub-core/kern/efi/sb.c
@@ -225,3 +225,30 @@ grub_shim_lock_verifier_setup (void)
grub_env_set ("shim_lock", "y");
grub_env_export ("shim_lock");
}
+
+int
+grub_efi_check_nx_required (void)
+{
+ grub_efi_status_t status;
+ grub_guid_t guid = GRUB_EFI_SHIM_LOCK_GUID;
+ grub_size_t mok_policy_sz = 0;
+ char *mok_policy = NULL;
+ grub_uint32_t mok_policy_attrs = 0;
+
+ status = grub_efi_get_variable_with_attributes ("MokPolicy", &guid,
+ &mok_policy_sz,
+ (void **)&mok_policy,
+ &mok_policy_attrs);
+ if (status == GRUB_EFI_NOT_FOUND ||
+ mok_policy_sz == 0 ||
+ mok_policy == NULL)
+return 1;
+
+ if (mok_policy_sz != 1 ||
+ (mok_policy[0] & GRUB_MOK_POLICY_NX_REQUIRED) ||
+ (mok_policy_attrs != (GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS |
+ GRUB_EFI_VARIABLE_RUNTIME_ACCESS)))
+return 1;
+
+ return 0;
+}
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 99365536a..c30dffb58 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -472,21 +472,23 @@ grub_cmd_linux (grub_command_t cmd __attribute__
((unused)),
kernel_size = grub_file_size (file);
- if (grub_arch_efi_linux_load_image_header (file, &lh) != GRUB_ERR_NONE)
#if !defined(__i386__) && !defined(__x86_64__)
+ if (grub_arch_efi_linux_load_image_header (file, &lh) != GRUB_ERR_NONE)
goto fail;
#else
-goto fallback;
-
- if (!initrd_use_loadfile2)
+ if (grub_arch_efi_linux_load_image_header (file, &lh) != GRUB_ERR_NONE ||
+ !initrd_use_loadfile2)
{
+ /* We cannot use the legacy loader when NX is required */
+ if (grub_efi_check_nx_required())
+goto fail;
+
/*
* This is a EFI stub image but it is too old to implement the LoadFile2
* based initrd loading scheme, and Linux/x86 does not support the DT
* based method either. So fall back to the x86-specific loader that
* enters Linux in EFI mode but without going through its EFI stub.
*/
-fallback:
grub_file_close (file);
return grub_cmd_linux_x86_legacy (cmd, argc, argv);
}
diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
index 9ae908729..5771d96f2 100644
--- a/include/grub/efi/api.h
+++ b/include/grub/efi/api.h
@@ -1785,6 +1785,8 @@ struct grub_efi_block_io
};
typedef struct grub_efi_block_io grub_efi_block_io_t;
+#define GRUB_MOK_POLICY_NX_REQUIRED0x1
+
struct grub_efi_shim_lock_protocol
{
/*
diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h
index bf8d2db5f..7f6fc4c8d 100644
--- a/include/grub/efi/sb.h
+++ b/include/grub/efi/sb.h
@@ -33,6 +33,8 @@ EXPORT_FUNC (grub_efi_get_secureboot) (void);
extern void
grub_shim_lock_verifier_setup (void);
+extern int
+EXPORT_FUNC (grub_efi_check_nx_required) (void);
#else
static inline grub_uint8_t
grub_efi_get_secureboot (void)
--
2.39.2
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH v3 02/10] modules: strip .llvm_addrsig sections and similar.
From: Peter Jones Currently grub modules built with clang or gcc have several sections which we don't actually need or support. We already have a list of section to skip in genmod.sh, and this patch adds the following sections to that list (as well as a few newlines): .note.gnu.property .llvm* Note that the glob there won't work without a new enough linker, but the failure is just reversion to the status quo, so that's not a big problem. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko --- grub-core/genmod.sh.in | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/grub-core/genmod.sh.in b/grub-core/genmod.sh.in index e57c4d920..337753c57 100644 --- a/grub-core/genmod.sh.in +++ b/grub-core/genmod.sh.in @@ -57,8 +57,11 @@ if test x@TARGET_APPLE_LINKER@ != x1; then @TARGET_STRIP@ --strip-unneeded \ -K grub_mod_init -K grub_mod_fini \ -K _grub_mod_init -K _grub_mod_fini \ - -R .note.gnu.gold-version -R .note.GNU-stack \ + -R .note.GNU-stack \ + -R .note.gnu.gold-version \ + -R .note.gnu.property \ -R .gnu.build.attributes \ + -R '.llvm*' \ -R .rel.gnu.build.attributes \ -R .rela.gnu.build.attributes \ -R .eh_frame -R .rela.eh_frame -R .rel.eh_frame \ -- 2.39.2 ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH v3 07/10] nx: set the nx compatible flag in EFI grub images
For NX, we need the grub binary to announce that it is compatible with the NX feature. This implies that when loading the executable grub image, several attributes are true: - the binary doesn't need an executable stack - the binary doesn't need sections to be both executable and writable - the binary knows how to use the EFI Memory Attributes protocol on code it is loading. This patch - adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT - changes grub-mkimage to set that flag. Original-Author: Peter Jones Signed-off-by: Mate Kukri --- include/grub/efi/pe32.h | 2 ++ util/mkimage.c | 1 + 2 files changed, 3 insertions(+) diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h index 4e6e9d254..9887e14b2 100644 --- a/include/grub/efi/pe32.h +++ b/include/grub/efi/pe32.h @@ -231,6 +231,8 @@ struct grub_pe64_optional_header #define GRUB_PE32_SUBSYSTEM_EFI_APPLICATION10 +#define GRUB_PE32_NX_COMPAT0x0100 + #define GRUB_PE32_NUM_DATA_DIRECTORIES 16 struct grub_pe32_section_table diff --git a/util/mkimage.c b/util/mkimage.c index 4237383ac..9b4720e21 100644 --- a/util/mkimage.c +++ b/util/mkimage.c @@ -1403,6 +1403,7 @@ grub_install_generate_image (const char *dir, const char *prefix, #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wdangling-pointer" #endif + PE_OHDR (o32, o64, dll_characteristics) = grub_host_to_target16 (GRUB_PE32_NX_COMPAT); PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); PE_OHDR (o32, o64, entry_addr) = grub_host_to_target32 (layout.start_address); PE_OHDR (o32, o64, image_base) = 0; -- 2.39.2 ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH v3 06/10] nx: set page permissions for loaded modules.
For NX, we need to set write and executable permissions on the sections
of grub modules when we load them.
On sections with SHF_ALLOC set, which is typically everything except
.modname and the symbol and string tables, this patch clears the Read
Only flag on sections that have the ELF flag SHF_WRITE set, and clears
the No eXecute flag on sections with SHF_EXECINSTR set. In all other
cases it sets both flags.
Original-Author: Peter Jones
Original-Author: Robbie Harwood
Original-Author: Laszlo Ersek
Signed-off-by: Mate Kukri
---
grub-core/kern/dl.c | 104 ++--
include/grub/dl.h | 46
2 files changed, 137 insertions(+), 13 deletions(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 8338f7436..3341d78d6 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -616,25 +616,97 @@ grub_dl_relocate_symbols (grub_dl_t mod, void *ehdr)
grub_dl_segment_t seg;
grub_err_t err;
- /* Find the target segment. */
- for (seg = mod->segment; seg; seg = seg->next)
- if (seg->section == s->sh_info)
- break;
+ seg = grub_dl_find_segment(mod, s->sh_info);
+if (!seg)
+ continue;
- if (seg)
- {
- if (!mod->symtab)
- return grub_error (GRUB_ERR_BAD_MODULE, "relocation without
symbol table");
+ if (!mod->symtab)
+ return grub_error (GRUB_ERR_BAD_MODULE, "relocation without symbol
table");
- err = grub_arch_dl_relocate_symbols (mod, ehdr, s, seg);
- if (err)
- return err;
- }
+ err = grub_arch_dl_relocate_symbols (mod, ehdr, s, seg);
+ if (err)
+ return err;
}
return GRUB_ERR_NONE;
}
+/* Only define this on EFI to save space in core */
+#ifdef GRUB_MACHINE_EFI
+static grub_err_t
+grub_dl_set_mem_attrs (grub_dl_t mod, void *ehdr)
+{
+ unsigned i;
+ const Elf_Shdr *s;
+ const Elf_Ehdr *e = ehdr;
+ grub_err_t err;
+#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv)
+ grub_size_t arch_addralign = grub_arch_dl_min_alignment ();
+ grub_addr_t tgaddr;
+ grub_size_t tgsz;
+#endif
+
+ for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff);
+ i < e->e_shnum;
+ i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize))
+{
+ grub_dl_segment_t seg;
+ grub_uint64_t set_attrs = GRUB_MEM_ATTR_R;
+ grub_uint64_t clear_attrs = GRUB_MEM_ATTR_W|GRUB_MEM_ATTR_X;
+
+ seg = grub_dl_find_segment(mod, i);
+ if (!seg)
+ continue;
+
+ if (seg->size == 0 || !(s->sh_flags & SHF_ALLOC))
+ continue;
+
+ if (s->sh_flags & SHF_WRITE)
+ {
+ set_attrs |= GRUB_MEM_ATTR_W;
+ clear_attrs &= ~GRUB_MEM_ATTR_W;
+ }
+
+ if (s->sh_flags & SHF_EXECINSTR)
+ {
+ set_attrs |= GRUB_MEM_ATTR_X;
+ clear_attrs &= ~GRUB_MEM_ATTR_X;
+ }
+
+ err = grub_update_mem_attrs ((grub_addr_t)(seg->addr), seg->size,
+ set_attrs, clear_attrs);
+ if (err != GRUB_ERR_NONE)
+ return err;
+}
+
+#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv)
+ tgaddr = grub_min((grub_addr_t)mod->tramp, (grub_addr_t)mod->got);
+ tgsz = grub_max((grub_addr_t)mod->trampptr, (grub_addr_t)mod->gotptr) -
tgaddr;
+
+ if (tgsz)
+{
+ tgsz = ALIGN_UP(tgsz, arch_addralign);
+
+ if (tgaddr < (grub_addr_t)mod->base ||
+ tgsz > (grub_addr_t)-1 - tgaddr ||
+ tgaddr + tgsz > (grub_addr_t)mod->base + mod->sz)
+ return grub_error (GRUB_ERR_BUG,
+ "BUG: trying to protect pages outside of module "
+ "allocation (\"%s\"): module base %p, size 0x%"
+ PRIxGRUB_SIZE "; tramp/GOT base 0x%" PRIxGRUB_ADDR
+ ", size 0x%" PRIxGRUB_SIZE,
+ mod->name, mod->base, mod->sz, tgaddr, tgsz);
+ err = grub_update_mem_attrs (tgaddr, tgsz,
GRUB_MEM_ATTR_R|GRUB_MEM_ATTR_X,
+ GRUB_MEM_ATTR_W);
+ if (err != GRUB_ERR_NONE)
+ return err;
+}
+#endif
+
+ return GRUB_ERR_NONE;
+}
+#endif
+
/* Load a module from core memory. */
grub_dl_t
grub_dl_load_core_noinit (void *addr, grub_size_t size)
@@ -668,6 +740,7 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size)
mod->ref_count = 1;
grub_dprintf ("modules", "relocating to %p\n", mod);
+
/* Me, Vladimir Serbinenko, hereby I add this module check as per new
GNU module policy. Note that this license check is informative only.
Modules have to be licensed under GPLv3 or GPLv3+ (optionally
@@ -681,7 +754,12 @@ grub_dl_load_core_noinit (void *addr, grub_size_t size)
|| grub_dl_resolve_dependencies (mod, e)
|| grub_dl_load_segments (mod, e)
|| grub_dl_resolve_symbols (mod, e)
- || grub_dl_relocate_symbols (mod, e))
+ || g
[PATCH v3 04/10] modules: load module sections at page-aligned addresses
Currently we load module sections at whatever alignment gcc+ld happened
to dump into the ELF section header, which is often less then the page
size. Since NX protections are page based, this alignment must be
rounded up to page size on platforms supporting NX protections.
This patch switches most EFI platforms to load module sections at 4kB
page-aligned addresses. To do so, it adds an new per-arch function,
grub_arch_dl_min_alignment(), which returns the alignment needed for
dynamically loaded sections (in bytes). Currently it sets it to 4096
when GRUB_MACHINE_EFI is true on x86_64, i386, arm, arm64, and emu, and
1-byte alignment on everything else.
It then changes the allocation size computation and the loader code in
grub_dl_load_segments() to align the locations and sizes up to these
boundaries, and fills any added padding with zeros.
All of this happens before relocations are applied, so the relocations
factor that in with no change.
Original-Author: Peter Jones
Original-Author: Laszlo Ersek
Signed-off-by: Mate Kukri
---
docs/grub-dev.texi | 6 ++---
grub-core/kern/arm/dl.c | 13 +
grub-core/kern/arm64/dl.c | 13 +
grub-core/kern/dl.c | 53 ++---
grub-core/kern/emu/full.c | 13 +
grub-core/kern/i386/dl.c| 13 +
grub-core/kern/ia64/dl.c| 9 +++
grub-core/kern/mips/dl.c| 8 ++
grub-core/kern/powerpc/dl.c | 9 +++
grub-core/kern/riscv/dl.c | 13 +
grub-core/kern/sparc64/dl.c | 9 +++
grub-core/kern/x86_64/dl.c | 13 +
include/grub/dl.h | 2 ++
13 files changed, 155 insertions(+), 19 deletions(-)
diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi
index 1276c5930..2f782cda5 100644
--- a/docs/grub-dev.texi
+++ b/docs/grub-dev.texi
@@ -996,9 +996,9 @@ declare startup asm file ($cpu_$platform_startup) as well
as any other files
(e.g. init.c and callwrap.S) (e.g. $cpu_$platform =
kern/$cpu/$platform/init.c).
At this stage you will also need to add dummy dl.c and cache.S with functions
grub_err_t grub_arch_dl_check_header (void *ehdr), grub_err_t
-grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr) (dl.c) and
-void grub_arch_sync_caches (void *address, grub_size_t len) (cache.S). They
-won't be used for now.
+grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr) (dl.c), grub_uint32_t
+grub_arch_dl_min_alignment (void), and void grub_arch_sync_caches (void
+*address, grub_size_t len) (cache.S). They won't be used for now.
You will need to create directory include/$cpu/$platform and a file
include/$cpu/types.h. The latter following this template:
diff --git a/grub-core/kern/arm/dl.c b/grub-core/kern/arm/dl.c
index eab9d17ff..926073793 100644
--- a/grub-core/kern/arm/dl.c
+++ b/grub-core/kern/arm/dl.c
@@ -278,3 +278,16 @@ grub_arch_dl_check_header (void *ehdr)
return GRUB_ERR_NONE;
}
+
+/*
+ * Tell the loader what our minimum section alignment is.
+ */
+grub_size_t
+grub_arch_dl_min_alignment (void)
+{
+#ifdef GRUB_MACHINE_EFI
+ return 4096;
+#else
+ return 1;
+#endif
+}
diff --git a/grub-core/kern/arm64/dl.c b/grub-core/kern/arm64/dl.c
index a2b5789a9..95c6d5bf4 100644
--- a/grub-core/kern/arm64/dl.c
+++ b/grub-core/kern/arm64/dl.c
@@ -196,3 +196,16 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
return GRUB_ERR_NONE;
}
+
+/*
+ * Tell the loader what our minimum section alignment is.
+ */
+grub_size_t
+grub_arch_dl_min_alignment (void)
+{
+#ifdef GRUB_MACHINE_EFI
+ return 4096;
+#else
+ return 1;
+#endif
+}
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 37db9fab0..8338f7436 100644
--- a/grub-core/kern/dl.c
+++ b/grub-core/kern/dl.c
@@ -224,25 +224,35 @@ grub_dl_load_segments (grub_dl_t mod, const Elf_Ehdr *e)
{
unsigned i;
const Elf_Shdr *s;
- grub_size_t tsize = 0, talign = 1;
+ grub_size_t tsize = 0, talign = 1, arch_addralign = 1;
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) && \
!defined (__loongarch__)
grub_size_t tramp;
+ grub_size_t tramp_align;
grub_size_t got;
+ grub_size_t got_align;
grub_err_t err;
#endif
char *ptr;
+ arch_addralign = grub_arch_dl_min_alignment ();
+
for (i = 0, s = (const Elf_Shdr *)((const char *) e + e->e_shoff);
i < e->e_shnum;
i++, s = (const Elf_Shdr *)((const char *) s + e->e_shentsize))
{
+ grub_size_t sh_addralign;
+ grub_size_t sh_size;
+
if (s->sh_size == 0 || !(s->sh_flags & SHF_ALLOC))
continue;
- tsize = ALIGN_UP (tsize, s->sh_addralign) + s->sh_size;
- if (talign < s->sh_addralign)
- talign = s->sh_addralign;
+ sh_addralign = ALIGN_UP(s->sh_addralign, arch_addralign);
+ sh_size = ALIGN_UP(s->sh_size, sh_addralign);
+
+ tsize = ALIGN_UP (tsize, sh_addralign) + sh_size;
+ if (talign < sh_addralign)
+ talign = sh_addralign;
}
#if !defined (__i386__) && !defined (__x86_64__) && !defined(__riscv) &&
Re: [PATCH] Fix missing measurements on confidential computing enabled platform
On Fri, May 31, 2024 at 02:42:38PM +0200, Hector Cao wrote:
> The measurements for confidential computing has been introduced in the commit
> 4c76565b6 (efi/tpm: Add EFI_CC_MEASUREMENT_PROTOCOL support). Recently
> this patch 30708dfe3 (tpm: Disable the tpm verifier if the TPM device
> is not present) has been introduced to optimize the memory usage when
> TPM device is not available on the platform. This patch will prevent the
> tpm module to be loaded on confidential computing platform (for example
> Intel TDX) where no TPM device is available.
>
> In this patch, we propose to load the tpm module for this use case
> by generalizing the tpm feature detection in order to cover CC platforms.
> Basically, do we it by detecting the availability of the EFI protocol
> EFI_CC_MEASUREMENT_PROTOCOL.
>
> Fixes bug : https://savannah.gnu.org/bugs/?65821
Missing SOB...
> ---
> grub-core/commands/efi/tpm.c | 7 +++
> 1 file changed, 7 insertions(+)
>
> diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
> index f250c30db..386ea3d66 100644
> --- a/grub-core/commands/efi/tpm.c
> +++ b/grub-core/commands/efi/tpm.c
> @@ -292,6 +292,13 @@ grub_tpm_present (void)
> {
>grub_efi_handle_t tpm_handle;
>grub_efi_uint8_t protocol_version;
> + grub_efi_cc_protocol_t *cc;
> +
> + // if confidential computing measurement protocol is enabled
> + // we consider TPM is present
Please be in line with the GRUB coding style [1].
Otherwise patch LGTM.
> + cc = grub_efi_locate_protocol (&cc_measurement_guid, NULL);
> + if (cc != NULL)
> +return 1;
Daniel
[1] https://www.gnu.org/software/grub/manual/grub-dev/grub-dev.html#Comments
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH] grub-mkpasswd-pbkdf2: Simplify the main function implementation
On Mon, May 27, 2024 at 08:42:04PM +0800, Tianjia Zhang wrote: > Allocate memory if needed, while saving the corresponding release > operation, reducing the amount of code and code complexity. > > Signed-off-by: Tianjia Zhang Reviewed-by: Daniel Kiper Daniel ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH] bfs: Fix improper free() on non-existing files
On Thu, May 16, 2024 at 09:37:49PM +0300, Vladimir Serbinenko wrote: > Signed-off-by: Vladimir Serbinenko Reviewed-by: Daniel Kiper Daniel ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH] Add Fedora-specific font paths
On Thu, May 16, 2024 at 10:03:29PM +0300, Vladimir Serbinenko wrote: > Signed-off-by: Vladimir Serbinenko Reviewed-by: Daniel Kiper Daniel ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH] Add convenience TARGET_CROSS
On Thu, May 16, 2024 at 10:07:12PM +0300, Vladimir Serbinenko wrote: > This allows to set up cross environment with just 3 parameters: target, > platform and TARGET_CROSS May I ask you to document this in the INSTALL file? Daniel ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH] Add missing cast in compile-time byteswaps
On Thu, May 16, 2024 at 10:22:58PM +0300, Vladimir Serbinenko wrote: > Without them 0x80LL is 32-bit byte-swapped to 0x8000 instead > of correct 0x8000 > > Signed-off-by: Vladimir Serbinenko Reviewed-by: Daniel Kiper Daniel ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH] Mark vdev_zaps_v2 and head_errlog as supported
On Thu, May 16, 2024 at 10:27:41PM +0300, Vladimir Serbinenko wrote: > We don't need any actual adjustments as we don't use the affected > structures > > Signed-off-by: Vladimir Serbinenko Reviewed-by: Daniel Kiper Daniel ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH] Add missing cast in compile-time byteswaps
On Mon, Jun 03, 2024 at 06:33:04PM +0200, Daniel Kiper wrote: > On Thu, May 16, 2024 at 10:22:58PM +0300, Vladimir Serbinenko wrote: > > Without them 0x80LL is 32-bit byte-swapped to 0x8000 instead > > of correct 0x8000 I think it should be added "on 64-bit target"... Right? > > Signed-off-by: Vladimir Serbinenko > > Reviewed-by: Daniel Kiper Daniel ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH vRESEND] MULTIBOOT: Fix handling of errors in broken aout-kludge
On Fri, May 17, 2024 at 10:53:27AM +0300, Vladimir Serbinenko wrote: > Current code in some codepaths neither discards nor reports > errors. Properly surface the error > > While on it split 2 cases of unrelated variables both named err. > > Signed-off-by: Vladimir Serbinenko Reviewed-by: Daniel Kiper Daniel ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH v1 0/1] Fix missing measurements on confidential computing enabled platform
Changes from v0: - Add SOB line - Compliant with grub coding style Hector Cao (1): Fix missing measurements on confidential computing enabled platform grub-core/commands/efi/tpm.c | 7 +++ 1 file changed, 7 insertions(+) -- 2.39.2 ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
[PATCH v1 1/1] Fix missing measurements on confidential computing enabled platform
The measurements for confidential computing has been introduced in the commit
4c76565b6 (efi/tpm: Add EFI_CC_MEASUREMENT_PROTOCOL support). Recently
this patch 30708dfe3 (tpm: Disable the tpm verifier if the TPM device
is not present) has been introduced to optimize the memory usage when
TPM device is not available on the platform. This patch will prevent the
tpm module to be loaded on confidential computing platform (for example
Intel TDX) where no TPM device is available.
In this patch, we propose to load the tpm module for this use case
by generalizing the tpm feature detection in order to cover CC platforms.
Basically, do we it by detecting the availability of the EFI protocol
EFI_CC_MEASUREMENT_PROTOCOL.
Fixes bug : https://savannah.gnu.org/bugs/?65821
Signed-off-by: Hector Cao
---
grub-core/commands/efi/tpm.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c
index f250c30db..40845af7a 100644
--- a/grub-core/commands/efi/tpm.c
+++ b/grub-core/commands/efi/tpm.c
@@ -292,6 +292,13 @@ grub_tpm_present (void)
{
grub_efi_handle_t tpm_handle;
grub_efi_uint8_t protocol_version;
+ grub_efi_cc_protocol_t *cc;
+
+ /* if confidential computing measurement protocol is enabled
+ we consider TPM is present */
+ cc = grub_efi_locate_protocol (&cc_measurement_guid, NULL);
+ if (cc != NULL)
+return 1;
if (!grub_tpm_handle_find (&tpm_handle, &protocol_version))
return 0;
--
2.39.2
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
