Re: grub menu gets stuck issue report and fix patch merge request

[Glenn Washburn]

Hi 段亚勇,

I think you will get more of a response if you use git-send to send
this patch inline (not attached), and to CC Daniel (Daniel Kiper
). And do periodically check back in. I have the
feeling that Daniel is overwhelmed with some large patch sets and may
take some time to get to this.

Glenn

On Thu, 26 Sep 2024 03:11:04 -0500
段亚勇 via Grub-devel  wrote:

> Hi All,
> 
> *We are working on Debian 10 OS version and Intel Xeon-2775TE HW model
> platform. We found a grub issue that grub menu will be stuck with a 1/200
> ratio in AC power on/off stress test. After multiple validation and we
> co-worked with Intel, we found the root cause is unreliable "rdtsc"
> instruction usage. *
> 
> *And I already raised a bug with url:
> **https://savannah.gnu.org/bugs/index.php?66257
> ** and attached related fix
> patch both to bug ticket and this mail's attachment. In patch, I did a
> detailed explanation and some information from Intel's expert. We are eager
> to merge this fix with grub so that all GNU grub users will meet this issue
> any more.*
> *If there is any problem, please let us know by mail or bug ticket.*
> *We are all looking forward to your feedback!*
> 
> ---
> Best Regards,
> Will Duan
> Shanghai Yangpu District DouYin New Jiangwan Square T2B 3F
> ---

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH v2 0/3] More ls improvements

[Glenn Washburn]

Ping. Wondering if this is still in the queue to be looked at.

Glenn

On Sat,  8 Jun 2024 16:58:30 -0500
Glenn Washburn  wrote:

> Currently when given a path to a file, ls will open the file to determine
> if its is valid and then run the appropriate print function, in contrast to
> directory arguments that use the directory iterator and callback on each
> file. One issue with this is that opening a file does not allow access to
> its modification time information, whereas the info object from the callback
> called by the directory iterator does and the longlist print function will
> print the modification time if present. The result is that when longlisting
> ls arguments, directory arguments show moditication times but file arguments
> do not. Patch 1 rectifies this an in the process simplifies the code path
> by using the directory iterator for file arguments as well.
> 
> Patches 2 and 3 aim to make the output of GRUB's ls look more like GNU's
> ls output. And patch 3 also fixes an issue where there are blank lines
> between consecutive file arguments.
> 
> v2:
>  * Remove first patch of v1
>  * Reset grub_errno in grub_ls_list_files instead
> 
> Glenn Washburn (3):
>   commands/ls: Allow printing mtime for file arguments
>   commands/ls: Add directory header for dir args and print full paths
> for file args
>   commands/ls: Proper line breaks between arguments
> 
>  grub-core/commands/ls.c | 123 
>  1 file changed, 75 insertions(+), 48 deletions(-)
> 
> Range-diff against v1:
> 1:  c9066a31480c < -:   disk: Reset grub_errno upon entering 
> grub_disk_read()
> 2:  8947f5257962 ! 1:  187a173d6e8a commands/ls: Allow printing mtime for 
> file arguments
> @@ grub-core/commands/ls.c: grub_ls_list_files (char *dirname, int 
> longlist, int al
> if (grub_errno == GRUB_ERR_BAD_FILE_TYPE
> && path[grub_strlen (path) - 1] != '/')
>   {
> -   /* PATH might be a regular file.  */
> +-  /* PATH might be a regular file.  */
>  -  char *p;
>  -  grub_file_t file;
>  -  struct grub_dirhook_info info;
> @@ grub-core/commands/ls.c: grub_ls_list_files (char *dirname, int 
> longlist, int al
>  -goto fail;
>  -
>  -  grub_file_close (file);
> --
> ++  /*
> ++   * Reset errno as it is currently set, but will cause 
> subsequent code
> ++   * to think there is an error.
> ++   */
> ++  grub_errno = GRUB_ERR_NONE;
> + 
>  -  p = grub_strrchr (dirname, '/') + 1;
>  -  ctx.dirname = grub_strndup (dirname, p - dirname);
> ++  /* PATH might be a regular file.  */
>  +  ctx.filename = grub_strrchr (dirname, '/') + 1;
>  +  ctx.dirname = grub_strndup (dirname, ctx.filename - dirname);
> if (ctx.dirname == NULL)
> 3:  ce655165f508 ! 2:  cd02a1fa4512 commands/ls: Add directory header for dir 
> args and print full paths for file args
> @@ grub-core/commands/ls.c: grub_ls_list_files (char *dirname, int 
> longlist, int al
>   
> (fs->fs_dir) (dev, path, print_files, &ctx);
>  @@ grub-core/commands/ls.c: grub_ls_list_files (char *dirname, int 
> longlist, int all, int human)
> -   && path[grub_strlen (path) - 1] != '/')
> - {
> +   grub_errno = GRUB_ERR_NONE;
> + 
> /* PATH might be a regular file.  */
>  +  ctx.print_dirhdr = 0;
> ctx.filename = grub_strrchr (dirname, '/') + 1;
> 4:  1a14220825c2 = 3:  6988321447be commands/ls: Proper line breaks between 
> arguments

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH v8 10/10] efi: Disallow fallback to legacy Linux loader when shim says NX is required.

[Glenn Washburn]

Hi Daniel,

Looks like this and the two patches preceding this were not merged
into git, nor do I see discussion or hints that they would be dropped.
Is this intentional?

Glenn

On Wed,  9 Oct 2024 09:16:45 +0100
Mate Kukri  wrote:

> Signed-off-by: Mate Kukri 
> ---
>  grub-core/kern/efi/sb.c  | 28 
>  grub-core/loader/efi/linux.c | 12 +++-
>  include/grub/efi/api.h   |  2 ++
>  include/grub/efi/sb.h|  2 ++
>  4 files changed, 39 insertions(+), 5 deletions(-)
> 
> diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
> index d3de39599..cbdb29ae1 100644
> --- a/grub-core/kern/efi/sb.c
> +++ b/grub-core/kern/efi/sb.c
> @@ -225,3 +225,31 @@ grub_shim_lock_verifier_setup (void)
>grub_env_set ("shim_lock", "y");
>grub_env_export ("shim_lock");
>  }
> +
> +bool
> +grub_efi_check_nx_required (void)
> +{
> +  int nx_required = 1; /* assume required, unless we can prove otherwise */
> +  grub_efi_status_t status;
> +  grub_size_t mok_policy_sz = 0;
> +  char *mok_policy = NULL;
> +  grub_uint32_t mok_policy_attrs = 0;
> +
> +  status = grub_efi_get_variable_with_attributes ("MokPolicy",
> +   &(grub_guid_t) 
> GRUB_EFI_SHIM_LOCK_GUID,
> +   &mok_policy_sz,
> +   (void **)&mok_policy,
> +   &mok_policy_attrs);
> +  if (status != GRUB_EFI_SUCCESS ||
> +  mok_policy_sz != 1 ||
> +  mok_policy == NULL ||
> +  mok_policy_attrs != GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS)
> +goto out;
> +
> +  nx_required = !!(mok_policy[0] & GRUB_MOK_POLICY_NX_REQUIRED);
> +
> + out:
> +  grub_free (mok_policy);
> +
> +  return nx_required;
> +}
> diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
> index d6860fdba..8760f2da9 100644
> --- a/grub-core/loader/efi/linux.c
> +++ b/grub-core/loader/efi/linux.c
> @@ -473,21 +473,23 @@ grub_cmd_linux (grub_command_t cmd __attribute__ 
> ((unused)),
>  
>kernel_size = grub_file_size (file);
>  
> -  if (grub_arch_efi_linux_load_image_header (file, &lh) != GRUB_ERR_NONE)
>  #if !defined(__i386__) && !defined(__x86_64__)
> +  if (grub_arch_efi_linux_load_image_header (file, &lh) != GRUB_ERR_NONE)
>  goto fail;
>  #else
> -goto fallback;
> -
> -  if (!initrd_use_loadfile2)
> +  if (grub_arch_efi_linux_load_image_header (file, &lh) != GRUB_ERR_NONE ||
> +  !initrd_use_loadfile2)
>  {
> +  /* We cannot use the legacy loader when NX is required */
> +  if (grub_efi_check_nx_required ())
> +goto fail;
> +
>/*
> * This is a EFI stub image but it is too old to implement the 
> LoadFile2
> * based initrd loading scheme, and Linux/x86 does not support the DT
> * based method either. So fall back to the x86-specific loader that
> * enters Linux in EFI mode but without going through its EFI stub.
> */
> -fallback:
>grub_file_close (file);
>return grub_cmd_linux_x86_legacy (cmd, argc, argv);
>  }
> diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
> index 9ae908729..5771d96f2 100644
> --- a/include/grub/efi/api.h
> +++ b/include/grub/efi/api.h
> @@ -1785,6 +1785,8 @@ struct grub_efi_block_io
>  };
>  typedef struct grub_efi_block_io grub_efi_block_io_t;
>  
> +#define GRUB_MOK_POLICY_NX_REQUIRED  0x1
> +
>  struct grub_efi_shim_lock_protocol
>  {
>/*
> diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h
> index bf8d2db5f..be517b1dc 100644
> --- a/include/grub/efi/sb.h
> +++ b/include/grub/efi/sb.h
> @@ -33,6 +33,8 @@ EXPORT_FUNC (grub_efi_get_secureboot) (void);
>  
>  extern void
>  grub_shim_lock_verifier_setup (void);
> +extern bool
> +EXPORT_FUNC (grub_efi_check_nx_required) (void);
>  #else
>  static inline grub_uint8_t
>  grub_efi_get_secureboot (void)

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH v1 10/15] env: Add efi-export-env and efi-load-env commands

[Glenn Washburn]

On Thu, 31 Oct 2024 13:42:53 -0600
Leo Sandoval  wrote:

> From: Peter Jones 
> 
> This adds "efi-export-env VARIABLE" and "efi-load-env", which manipulate the
> environment block stored in the EFI variable
> GRUB_ENV-91376aff-cba6-42be-949d-06fde81128e8.

I would prefer that this patch and patch #2 be either dropped or pulled
from my patch series "[PATCH v2 0/4] EFI envblk"[1] (the original from
over a year ago). I fixed several bugs in the original patches, which I
have not checked to see if still exist in these patches. Another reason
my series is an improvement is that it adds a patch that adds testing of
this feature via QEMU. Please review my series instead of including
these patches, so we can get this functionality merged.

The one contention may be the last patch in my series that allow
debugging to be enabled as soon as possible (eg. before and config
files are read). If that is the case, I can split that patch off from
the series in order to get it merged more quickly.

Glenn

[1]
https://lore.kernel.org/grub-devel/cover.1727071157.git.developm...@efficientek.com/

> 
> Signed-off-by: Peter Jones 
> ---
>  grub-core/Makefile.core.def  |   6 ++
>  grub-core/commands/efi/env.c | 170 +++
>  grub-core/kern/efi/efi.c |   3 +
>  grub-core/kern/efi/init.c|   5 --
>  grub-core/lib/envblk.c   |  43 +
>  include/grub/efi/efi.h   |   5 ++
>  include/grub/lib/envblk.h|   3 +
>  7 files changed, 230 insertions(+), 5 deletions(-)
>  create mode 100644 grub-core/commands/efi/env.c
> 
> diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
> index 0bffbfea9..f23fd60d2 100644
> --- a/grub-core/Makefile.core.def
> +++ b/grub-core/Makefile.core.def
> @@ -825,6 +825,12 @@ module = {
>enable = efi;
>  };
>  
> +module = {
> +  name = efienv;
> +  common = commands/efi/env.c;
> +  enable = efi;
> +};
> +
>  module = {
>name = efifwsetup;
>efi = commands/efi/efifwsetup.c;
> diff --git a/grub-core/commands/efi/env.c b/grub-core/commands/efi/env.c
> new file mode 100644
> index 0..4080f24fd
> --- /dev/null
> +++ b/grub-core/commands/efi/env.c
> @@ -0,0 +1,170 @@
> +/*
> + *  GRUB  --  GRand Unified Bootloader
> + *  Copyright (C) 2012  Free Software Foundation, Inc.
> + *
> + *  GRUB is free software: you can redistribute it and/or modify
> + *  it under the terms of the GNU General Public License as published by
> + *  the Free Software Foundation, either version 3 of the License, or
> + *  (at your option) any later version.
> + *
> + *  GRUB is distributed in the hope that it will be useful,
> + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
> + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + *  GNU General Public License for more details.
> + *
> + *  You should have received a copy of the GNU General Public License
> + *  along with GRUB.  If not, see .
> + */
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +GRUB_MOD_LICENSE ("GPLv3+");
> +
> +static const grub_guid_t grub_env_guid = GRUB_EFI_GRUB_VARIABLE_GUID;
> +
> +static grub_err_t
> +grub_efi_export_env(grub_command_t cmd __attribute__ ((unused)),
> +int argc, char *argv[])
> +{
> +  const char *value;
> +  char *old_value;
> +  struct grub_envblk envblk_s = { NULL, 0 };
> +  grub_envblk_t envblk = &envblk_s;
> +  grub_err_t err;
> +  int changed = 1;
> +  grub_efi_status_t status;
> +
> +  grub_dprintf ("efienv", "argc:%d\n", argc);
> +  for (int i = 0; i < argc; i++)
> +grub_dprintf ("efienv", "argv[%d]: %s\n", i, argv[i]);
> +
> +  if (argc != 1)
> +return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("variable name expected"));
> +
> +  grub_efi_get_variable ("GRUB_ENV", &grub_env_guid, &envblk_s.size,
> + (void **) &envblk_s.buf);
> +  if (!envblk_s.buf || envblk_s.size < 1)
> +{
> +  char *buf = grub_malloc (1025);
> +  if (!buf)
> +return grub_errno;
> +
> +  grub_memcpy (buf, GRUB_ENVBLK_SIGNATURE, sizeof 
> (GRUB_ENVBLK_SIGNATURE) - 1);
> +  grub_memset (buf + sizeof (GRUB_ENVBLK_SIGNATURE) - 1, '#',
> +   DEFAULT_ENVBLK_SIZE - sizeof (GRUB_ENVBLK_SIGNATURE) + 1);
> +  buf[1024] = '\0';
> +
> +  envblk_s.buf = buf;
> +  envblk_s.size = 1024;
> +}
> +  else
> +{
> +  char *buf = grub_realloc (envblk_s.buf, envblk_s.size + 1);
> +  if (!buf)
> + return grub_errno;
> +
> +  envblk_s.buf = buf;
> +  envblk_s.buf[envblk_s.size] = '\0';
> +}
> +
> +  err = grub_envblk_get(envblk, argv[0], &old_value);
> +  if (err != GRUB_ERR_NONE)
> +{
> +  grub_dprintf ("efienv", "grub_envblk_get returned %d\n", err);
> +  return err;
> +}
> +
> +  value = grub_env_get(argv[0]);
> +  if ((!value && !old_value) ||
> +  (value && old_value && !grub_strcmp(old_value, va

Re: [PATCH] Mandatory install device check for PowerPC

[avnish]

Hi Vladimir,
Thank you so much for your response!

I have fine tuned the patch as per the last discussion (sorry, I missed 
the v2 tag). This latest patch will add install device check only to 
PowerPC machines. PowerMacs aren't affected by this change. The check is 
added when platform is detected as 
"GRUB_INSTALL_PLATFORM_POWERPC_IEEE1275" along with machine detected as 
non PowerMac. As per my Power platform analysis, currently in 
"grub_install.c", it detects PowerMacs based on the file system detected 
(HFS or HFS+) and set the "is_prep" as 0 based on this finding. This new 
check will only be applicable to PowerPC. And in case of PowerMacs, it 
will allow grub_install even without mentioning the install device.

Thank you!


Regards,
Avnish Chouhan

--

Message: 5
Date: Fri, 8 Nov 2024 15:07:29 +0300
From: "Vladimir 'phcoder' Serbinenko" 
To: The development of GNU GRUB 
Subject: Re: [PATCH] Mandatory install device check for PowerPC
Message-ID:

Content-Type: text/plain; charset="utf-8"

As discussed in another thread, this breaks installing from x86 onto
removable disk for PPC Mac which is a supported workflow

Le ven. 8 nov. 2024, 14:13, Avnish Chouhan  a 
écrit :



This patch adds a check on install_device while installing grub for
PowerPC.
If install_device is not mentioned in grub2-install and machine is 
detected

as PowerPC, the error will be thrown and it will terminates the
grub2-install
operation. Running grub2-install on PowerPC without the install_device 
may

result in bootlist corruption. When no install device is specified, it
attempts
to load images from the filesystem, which leads to nvram bootlist
corruption.
The idea is to fail the operation and avoid creating the invalid boot
entry.

Signed-off-by: Avnish Chouhan 
---
 grub-install.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/util/grub-install.c b/util/grub-install.c
index 7dc5657..a049f53 100644
--- a/util/grub-install.c
+++ b/util/grub-install.c
@@ -1289,6 +1289,17 @@ main (int argc, char *argv[])
  is_prep = 0;
}
}
+  else
+{
+ /*
+  * As the machine has been detected as PowerPC and not the
PowerMac. We need to check
+  * whether the install_device has been mentioned while
installing. If no device has been
+  * mentioned, we need to exit and mark it as an error as the
install_device is required for
+  * PowerPC installation. An installation with no device
mentioned may lead to corruptions.
+  */
+   if (!install_device)
+ grub_util_error ("%s", _("install device isn't specified
required for PowerPC"));
+}
 }

   size_t ndev = 0;
--
2.39.3


___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel


-- next part --
An HTML attachment was scrubbed...
URL:
<https://lists.gnu.org/archive/html/grub-devel/attachments/20241108/22e8b62a/attachment.htm>

--

Subject: Digest Footer

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel


--

End of Grub-devel Digest, Vol 249, Issue 30
***


___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH v8 10/10] efi: Disallow fallback to legacy Linux loader when shim says NX is required.

[Mate Kukri]

Hi Glenn,

8 and 9 were split as the shim loader situation isn't sorted upstream
yet. 10 should be dropped.

On Fri, Nov 8, 2024 at 6:49 PM Glenn Washburn
 wrote:
>
> Hi Daniel,
>
> Looks like this and the two patches preceding this were not merged
> into git, nor do I see discussion or hints that they would be dropped.
> Is this intentional?
>
> Glenn
>
> On Wed,  9 Oct 2024 09:16:45 +0100
> Mate Kukri  wrote:
>
> > Signed-off-by: Mate Kukri 
> > ---
> >  grub-core/kern/efi/sb.c  | 28 
> >  grub-core/loader/efi/linux.c | 12 +++-
> >  include/grub/efi/api.h   |  2 ++
> >  include/grub/efi/sb.h|  2 ++
> >  4 files changed, 39 insertions(+), 5 deletions(-)
> >
> > diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
> > index d3de39599..cbdb29ae1 100644
> > --- a/grub-core/kern/efi/sb.c
> > +++ b/grub-core/kern/efi/sb.c
> > @@ -225,3 +225,31 @@ grub_shim_lock_verifier_setup (void)
> >grub_env_set ("shim_lock", "y");
> >grub_env_export ("shim_lock");
> >  }
> > +
> > +bool
> > +grub_efi_check_nx_required (void)
> > +{
> > +  int nx_required = 1; /* assume required, unless we can prove otherwise */
> > +  grub_efi_status_t status;
> > +  grub_size_t mok_policy_sz = 0;
> > +  char *mok_policy = NULL;
> > +  grub_uint32_t mok_policy_attrs = 0;
> > +
> > +  status = grub_efi_get_variable_with_attributes ("MokPolicy",
> > +   &(grub_guid_t) 
> > GRUB_EFI_SHIM_LOCK_GUID,
> > +   &mok_policy_sz,
> > +   (void **)&mok_policy,
> > +   &mok_policy_attrs);
> > +  if (status != GRUB_EFI_SUCCESS ||
> > +  mok_policy_sz != 1 ||
> > +  mok_policy == NULL ||
> > +  mok_policy_attrs != GRUB_EFI_VARIABLE_BOOTSERVICE_ACCESS)
> > +goto out;
> > +
> > +  nx_required = !!(mok_policy[0] & GRUB_MOK_POLICY_NX_REQUIRED);
> > +
> > + out:
> > +  grub_free (mok_policy);
> > +
> > +  return nx_required;
> > +}
> > diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
> > index d6860fdba..8760f2da9 100644
> > --- a/grub-core/loader/efi/linux.c
> > +++ b/grub-core/loader/efi/linux.c
> > @@ -473,21 +473,23 @@ grub_cmd_linux (grub_command_t cmd __attribute__ 
> > ((unused)),
> >
> >kernel_size = grub_file_size (file);
> >
> > -  if (grub_arch_efi_linux_load_image_header (file, &lh) != GRUB_ERR_NONE)
> >  #if !defined(__i386__) && !defined(__x86_64__)
> > +  if (grub_arch_efi_linux_load_image_header (file, &lh) != GRUB_ERR_NONE)
> >  goto fail;
> >  #else
> > -goto fallback;
> > -
> > -  if (!initrd_use_loadfile2)
> > +  if (grub_arch_efi_linux_load_image_header (file, &lh) != GRUB_ERR_NONE ||
> > +  !initrd_use_loadfile2)
> >  {
> > +  /* We cannot use the legacy loader when NX is required */
> > +  if (grub_efi_check_nx_required ())
> > +goto fail;
> > +
> >/*
> > * This is a EFI stub image but it is too old to implement the 
> > LoadFile2
> > * based initrd loading scheme, and Linux/x86 does not support the DT
> > * based method either. So fall back to the x86-specific loader that
> > * enters Linux in EFI mode but without going through its EFI stub.
> > */
> > -fallback:
> >grub_file_close (file);
> >return grub_cmd_linux_x86_legacy (cmd, argc, argv);
> >  }
> > diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
> > index 9ae908729..5771d96f2 100644
> > --- a/include/grub/efi/api.h
> > +++ b/include/grub/efi/api.h
> > @@ -1785,6 +1785,8 @@ struct grub_efi_block_io
> >  };
> >  typedef struct grub_efi_block_io grub_efi_block_io_t;
> >
> > +#define GRUB_MOK_POLICY_NX_REQUIRED  0x1
> > +
> >  struct grub_efi_shim_lock_protocol
> >  {
> >/*
> > diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h
> > index bf8d2db5f..be517b1dc 100644
> > --- a/include/grub/efi/sb.h
> > +++ b/include/grub/efi/sb.h
> > @@ -33,6 +33,8 @@ EXPORT_FUNC (grub_efi_get_secureboot) (void);
> >
> >  extern void
> >  grub_shim_lock_verifier_setup (void);
> > +extern bool
> > +EXPORT_FUNC (grub_efi_check_nx_required) (void);
> >  #else
> >  static inline grub_uint8_t
> >  grub_efi_get_secureboot (void)

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH] docs: Fix incorrect and potentially confusing language and minor formatting

[Glenn Washburn]

Ping. Wondering what might be holding this up from being merged?

Glenn

On Thu,  5 Sep 2024 20:37:11 -0500
Glenn Washburn  wrote:

> Signed-off-by: Glenn Washburn 
> ---
>  docs/grub.texi | 15 +++
>  1 file changed, 7 insertions(+), 8 deletions(-)
> 
> diff --git a/docs/grub.texi b/docs/grub.texi
> index 63e796a3a738..e6e5efa05e6c 100644
> --- a/docs/grub.texi
> +++ b/docs/grub.texi
> @@ -4538,11 +4538,12 @@ files.
>  
>  @node emunet_module
>  @section emunet
> -This module provides support for an emulated network card in GRUB.
> +This module provides support for networking in GRUB on the emu platform.
>  
>  @node emupci_module
>  @section emupci
> -This module provides support for an emulated PCI bus in GRUB.
> +This module provides support for accessing the PCI bus in GRUB on the emu
> +platform.
>  
>  @node erofs_module
>  @section erofs
> @@ -4784,8 +4785,8 @@ image support, and icon support.
>  
>  @node gfxterm_module
>  @section gfxterm
> -This module provides support for displaying a graphical terminal interface 
> from
> -GRUB.
> +This module provides support for displaying a terminal and menu interface 
> from
> +GRUB using graphics mode.
>  
>  @node gfxterm_background_module
>  @section gfxterm_background
> @@ -5105,8 +5106,7 @@ at the time of writing.
>  @node memdisk_module
>  @section memdisk
>  This module provides support for a memdisk device. A memdisk is a memory 
> mapped
> -emulated disk likely only possible in legacy environment such as with a 
> legacy
> -BIOS operating in 16-bit mode.
> +emulated disk.
>  
>  @node memrw_module
>  @section memrw
> @@ -5475,8 +5475,7 @@ like interface to some GRUB internal data.
>  
>  @node progress_module
>  @section progress
> -This module provides support for showing file loading progress to the
> -terminal.
> +This module provides support for showing file loading progress to the 
> terminal.
>  
>  @node pxe_module
>  @section pxe

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[PATCH] Mandatory install device check for PowerPC

[Avnish Chouhan]

This patch adds a check on install_device while installing grub for PowerPC.
If install_device is not mentioned in grub2-install and machine is detected
as PowerPC, the error will be thrown and it will terminates the grub2-install 
operation. Running grub2-install on PowerPC without the install_device may 
result in bootlist corruption. When no install device is specified, it attempts 
to load images from the filesystem, which leads to nvram bootlist corruption. 
The idea is to fail the operation and avoid creating the invalid boot entry.

Signed-off-by: Avnish Chouhan 
---
 grub-install.c | 11 +++
 1 file changed, 11 insertions(+)

diff --git a/util/grub-install.c b/util/grub-install.c
index 7dc5657..a049f53 100644
--- a/util/grub-install.c
+++ b/util/grub-install.c
@@ -1289,6 +1289,17 @@ main (int argc, char *argv[])
  is_prep = 0;
}
}
+  else
+{
+ /*
+  * As the machine has been detected as PowerPC and not the PowerMac. 
We need to check
+  * whether the install_device has been mentioned while installing. If 
no device has been
+  * mentioned, we need to exit and mark it as an error as the 
install_device is required for
+  * PowerPC installation. An installation with no device mentioned may 
lead to corruptions.
+  */
+   if (!install_device)
+ grub_util_error ("%s", _("install device isn't specified required 
for PowerPC"));
+}
 }
 
   size_t ndev = 0;
-- 
2.39.3


___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH v3 03/16] ieee1275: Disable GRUB video support for IBM power machines

[avnish]

Message: 3
Date: Thu, 10 Oct 2024 15:43:21 -0600
From: Leo Sandoval 
To: grub-devel@gnu.org
Subject: [PATCH v3 03/16] ieee1275: Disable GRUB video support for IBM
power machines
Message-ID: <20241010214334.1749167-4-lsand...@redhat.com>
Content-Type: text/plain; charset="US-ASCII"; x-default=true

From: Paulo Flabiano Smorigo 

GRUB gets the display card node address from OpenFirmware, however this 
address
is truncated to 32-bits (OpenFirmware works on 32-bits, so GRUB) 
effectively
getting an invalid address. This change disables the video support on 
IBM power

machines. More details can be found at [1].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=973205

Signed-off-by: Paulo Flabiano Smorigo 
Signed-off-by: Robbie Harwood 
---
 grub-core/kern/ieee1275/cmain.c  | 5 -
 grub-core/video/ieee1275.c   | 9 ++---
 include/grub/ieee1275/ieee1275.h | 2 ++
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/grub-core/kern/ieee1275/cmain.c 
b/grub-core/kern/ieee1275/cmain.c

index e74de3248..810a089a9 100644
--- a/grub-core/kern/ieee1275/cmain.c
+++ b/grub-core/kern/ieee1275/cmain.c
@@ -89,7 +89,10 @@ grub_ieee1275_find_options (void)
   }

   if (rc >= 0 && grub_strncmp (tmp, "IBM", 3) == 0)
-grub_ieee1275_set_flag 
(GRUB_IEEE1275_FLAG_NO_TREE_SCANNING_FOR_DISKS);

+{
+  grub_ieee1275_set_flag 
(GRUB_IEEE1275_FLAG_NO_TREE_SCANNING_FOR_DISKS);
+  grub_ieee1275_set_flag 
(GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT);

+}

   /* Old Macs have no key repeat, newer ones have fully working one.
  The ones inbetween when repeated key generates an escaoe sequence
diff --git a/grub-core/video/ieee1275.c b/grub-core/video/ieee1275.c
index ca3d3c3b2..5592e4bb7 100644
--- a/grub-core/video/ieee1275.c
+++ b/grub-core/video/ieee1275.c
@@ -351,9 +351,12 @@ static struct grub_video_adapter
grub_video_ieee1275_adapter =

 GRUB_MOD_INIT(ieee1275_fb)
 {
-  find_display ();
-  if (display)
-grub_video_register (&grub_video_ieee1275_adapter);
+  if (! grub_ieee1275_test_flag 
(GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT))

+{
+  find_display ();
+  if (display)
+grub_video_register (&grub_video_ieee1275_adapter);
+}
 }

 GRUB_MOD_FINI(ieee1275_fb)
diff --git a/include/grub/ieee1275/ieee1275.h 
b/include/grub/ieee1275/ieee1275.h

index 4f6e6aaa0..db0ec5f4c 100644
--- a/include/grub/ieee1275/ieee1275.h
+++ b/include/grub/ieee1275/ieee1275.h
@@ -145,6 +145,8 @@ enum grub_ieee1275_flag
   GRUB_IEEE1275_FLAG_POWER_VM,

   GRUB_IEEE1275_FLAG_POWER_KVM,
+
+  GRUB_IEEE1275_FLAG_DISABLE_VIDEO_SUPPORT
 };

 extern int EXPORT_FUNC(grub_ieee1275_test_flag) (enum 
grub_ieee1275_flag flag);

--
2.46.2




--



Reviewed-by: Avnish Chouhan 

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH] Mandatory install device check for PowerPC

[Vladimir 'phcoder' Serbinenko]

As discussed in another thread, this breaks installing from x86 onto
removable disk for PPC Mac which is a supported workflow

Le ven. 8 nov. 2024, 14:13, Avnish Chouhan  a écrit :

> This patch adds a check on install_device while installing grub for
> PowerPC.
> If install_device is not mentioned in grub2-install and machine is detected
> as PowerPC, the error will be thrown and it will terminates the
> grub2-install
> operation. Running grub2-install on PowerPC without the install_device may
> result in bootlist corruption. When no install device is specified, it
> attempts
> to load images from the filesystem, which leads to nvram bootlist
> corruption.
> The idea is to fail the operation and avoid creating the invalid boot
> entry.
>
> Signed-off-by: Avnish Chouhan 
> ---
>  grub-install.c | 11 +++
>  1 file changed, 11 insertions(+)
>
> diff --git a/util/grub-install.c b/util/grub-install.c
> index 7dc5657..a049f53 100644
> --- a/util/grub-install.c
> +++ b/util/grub-install.c
> @@ -1289,6 +1289,17 @@ main (int argc, char *argv[])
>   is_prep = 0;
> }
> }
> +  else
> +{
> + /*
> +  * As the machine has been detected as PowerPC and not the
> PowerMac. We need to check
> +  * whether the install_device has been mentioned while
> installing. If no device has been
> +  * mentioned, we need to exit and mark it as an error as the
> install_device is required for
> +  * PowerPC installation. An installation with no device
> mentioned may lead to corruptions.
> +  */
> +   if (!install_device)
> + grub_util_error ("%s", _("install device isn't specified
> required for PowerPC"));
> +}
>  }
>
>size_t ndev = 0;
> --
> 2.39.3
>
>
> ___
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
>
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH v21 33/33] docs: Document TPM2 key protector

[Gary Lin via Grub-devel]

On Thu, Nov 07, 2024 at 12:11:15PM -0500, James Bottomley wrote:
> On Wed, 2024-11-06 at 18:48 -0500, Stefan Berger wrote:
> > 
> > 
> > On 11/4/24 2:32 AM, Gary Lin via Grub-devel wrote:
> > > Update the user manual to address TPM2 key protector including the
> > > two
> > > related commands, tpm2_key_protector_init and
> > > tpm2_key_protector_clear,
> > > and the user-space utility: grub-protect.
> > > 
> > > Signed-off-by: Gary Lin 
> > > ---
> > 
> > > +@example
> > > +# @kbd{dd if=/dev/urandom of=luks.key bs=1 count=128}
> > > +# @kbd{cryptsetup luksAddKey /dev/sda2 luks.key --pbkdf=pbkdf2 --
> > > hash=sha512}
> > > +@end example
> > > +
> > > +@subsection SRK mode
> > > +
> > > +To unlock the partition with SRK mode, assume that the sealed key
> > > is in
> > > +@file{(hd0,gpt1)/efi/grub/sealed.tpm}, the following GRUB commands
> > > +unseal the disk key with SRK mode and supply it to
> > > @command{cryptomount}.
> > > +
> > > +@example
> > > +grub> @kbd{tpm2_key_protector_init --
> > > keyfile=(hd0,gpt1)/efi/grub/sealed.tpm}
> > > +grub> @kbd{cryptomount -u  -P tpm2}
> > > +@end example
> > 
> > You may also want to give an example with --tpm2key= because it will
> > go 
> > along with the grub-protect --tpm2key option that you show. And you
> > may 
> > want to point that out to the user one when showing grub-protect with
> > --tpm2key, because otherwise the key created by grub-protect --
> > tpm2key 
> > cannot be read since the key formats (there are 2 key formats) do not
> > match and you'd need some sort of trouble shooting section...
> 
> I've said previously since nothing seems to use the non-standard keys,
> there's no real reason to code them in a release.
There are some running systems using the old '-k' options (raw format)
and some using '-T' (TPM 2.0 Key File), so I tend to keep both options.

> However, even if you
> have them, the standard TPM key format is designed to be completely
> recognizable, since they should always begin 0x30 have the hex string
> 06066781050a (that's OBJECT :2.23.133.10.1.5) embedded at offset 2 or 3
> (depending on how long the initial SEQUENCE is), so you should be able
> to scan the file and recognize that it's a standard TPM key.
> 
Thanks for the hint. This is certainly a nice improvement for the key file
options.

Gary Lin

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel