[PATCH 4/7] Add DSA and RSA SEXP tests

2025-04-01 Thread Vladimir Serbinenko 
This allows us to test purely the integration of the implementation
of DSA and RSA from libgcrypt without concerning with additional
code.

Signed-off-by: Vladimir Serbinenko 
---
 grub-core/tests/dsa_sexp_test.c | 125 
 grub-core/tests/rsa_sexp_test.c |  99 +
 2 files changed, 224 insertions(+)
 create mode 100644 grub-core/tests/dsa_sexp_test.c
 create mode 100644 grub-core/tests/rsa_sexp_test.c

diff --git a/grub-core/tests/dsa_sexp_test.c b/grub-core/tests/dsa_sexp_test.c
new file mode 100644
index 0..5b7b7b143
--- /dev/null
+++ b/grub-core/tests/dsa_sexp_test.c
@@ -0,0 +1,125 @@
+/*
+ *  GRUB  --  GRand Unified Bootloader
+ *  Copyright (C) 2024 Free Software Foundation, Inc.
+ *
+ *  GRUB is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  GRUB is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with GRUB.  If not, see .
+ */
+
+#include 
+#include 
+#include 
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+static char pubkey_dump[] = {
+  0x28, 0x31, 0x30, 0x3a, 0x70, 0x75, 0x62, 0x6c,
+  0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x28, 0x33,
+  0x3a, 0x64, 0x73, 0x61, 0x28, 0x31, 0x3a, 0x70,
+  0x31, 0x32, 0x39, 0x3a, 0x00, 0xc0, 0x50, 0x14,
+  0x4c, 0x97, 0x10, 0x69, 0x07, 0xa7, 0xe9, 0x2b,
+  0xe5, 0xc6, 0x88, 0xe1, 0x6d, 0xd8, 0x38, 0x28,
+  0x09, 0x49, 0x5b, 0xe8, 0xa3, 0x04, 0xb8, 0xc4,
+  0x6e, 0x98, 0xc1, 0xc2, 0xb0, 0x2a, 0xe0, 0xe2,
+  0x1a, 0x30, 0xd2, 0xdb, 0x45, 0x1a, 0x88, 0x80,
+  0x28, 0x24, 0xb0, 0xbf, 0xc2, 0xbd, 0xe9, 0xf6,
+  0x9d, 0xa2, 0x01, 0x94, 0xe6, 0x7f, 0xa0, 0xb6,
+  0xe4, 0x39, 0xfc, 0x54, 0xba, 0x99, 0xb6, 0xbe,
+  0x39, 0xee, 0xa5, 0xd9, 0xa0, 0x35, 0x3c, 0x2d,
+  0x3e, 0x96, 0xc3, 0x96, 0xa5, 0x0d, 0x2b, 0xbf,
+  0x3b, 0xa3, 0xe2, 0xe8, 0x89, 0xed, 0x60, 0xe0,
+  0x43, 0x61, 0xb6, 0x73, 0xf6, 0xa7, 0xb4, 0x56,
+  0x76, 0x04, 0xf7, 0x8b, 0xf1, 0x84, 0xaa, 0x3e,
+  0xe0, 0x08, 0xad, 0xdd, 0xc2, 0x36, 0xfd, 0x3d,
+  0xd0, 0xad, 0xf4, 0x3a, 0x7e, 0x80, 0x8c, 0x52,
+  0x2b, 0x04, 0xa8, 0x03, 0x27, 0x29, 0x28, 0x31,
+  0x3a, 0x71, 0x32, 0x31, 0x3a, 0x00, 0xd5, 0x34,
+  0xd2, 0xc5, 0x1c, 0x26, 0xdf, 0xb0, 0xba, 0x78,
+  0x75, 0xe5, 0xe9, 0x36, 0x6b, 0x04, 0x03, 0xe2,
+  0x57, 0x3f, 0x29, 0x28, 0x31, 0x3a, 0x67, 0x31,
+  0x32, 0x38, 0x3a, 0x3b, 0xa0, 0xac, 0xa3, 0xa1,
+  0xd1, 0x04, 0x23, 0x5f, 0x9f, 0xbc, 0x6d, 0x9e,
+  0x88, 0x2a, 0x28, 0xc1, 0x48, 0xaf, 0xa5, 0x17,
+  0x59, 0x3a, 0x17, 0x33, 0x56, 0xaa, 0x8d, 0x27,
+  0x64, 0xfe, 0x8e, 0x8a, 0x2e, 0xba, 0xf2, 0x66,
+  0xcc, 0x66, 0xbd, 0xa4, 0xfe, 0xa9, 0x07, 0x0d,
+  0xae, 0x8c, 0x9f, 0x70, 0xf7, 0x87, 0xaa, 0x01,
+  0x47, 0x6b, 0xf9, 0x0f, 0x09, 0x18, 0x42, 0x76,
+  0xc4, 0xa3, 0xb9, 0x55, 0x11, 0x8d, 0xa3, 0xa5,
+  0x69, 0x30, 0x91, 0xb7, 0x03, 0xef, 0x7f, 0x12,
+  0xe6, 0xb9, 0x78, 0x73, 0xe0, 0xc0, 0x4f, 0xc6,
+  0xd9, 0x43, 0x99, 0x95, 0x0b, 0x4d, 0x58, 0xd3,
+  0x6b, 0x76, 0xb0, 0x6a, 0xcf, 0x68, 0x6d, 0xf0,
+  0xd9, 0xc1, 0x88, 0x43, 0x9d, 0xf9, 0x04, 0xcb,
+  0xc9, 0x82, 0x6c, 0xee, 0xd4, 0x9c, 0xbd, 0x1c,
+  0x4d, 0x54, 0x29, 0x83, 0xa9, 0x5e, 0xaa, 0x10,
+  0xa7, 0xc1, 0x04, 0x29, 0x28, 0x31, 0x3a, 0x79,
+  0x31, 0x32, 0x39, 0x3a, 0x00, 0x82, 0x33, 0xf1,
+  0x91, 0xe3, 0xf2, 0x12, 0x93, 0x5a, 0xed, 0x0c,
+  0x9d, 0xec, 0x67, 0xaa, 0xa7, 0x97, 0x7f, 0x9f,
+  0x5e, 0xef, 0x6a, 0x3e, 0xa4, 0x7f, 0x9b, 0xed,
+  0x65, 0xd7, 0xba, 0x40, 0x6d, 0xe1, 0xde, 0xc1,
+  0x14, 0x4c, 0x9b, 0x28, 0x5c, 0x03, 0x8e, 0x1a,
+  0xd4, 0x1b, 0x80, 0x1b, 0x07, 0xd6, 0x84, 0x04,
+  0x49, 0x6c, 0x1b, 0x08, 0x84, 0x15, 0x54, 0x62,
+  0xca, 0xd5, 0x75, 0xff, 0xc8, 0xb3, 0x81, 0x76,
+  0x82, 0x91, 0x35, 0x80, 0x20, 0x73, 0x2a, 0x21,
+  0xca, 0x22, 0x06, 0xa7, 0x73, 0x99, 0x75, 0x7e,
+  0x5e, 0xa6, 0x09, 0x59, 0x66, 0x2c, 0xcd, 0xb1,
+  0x8d, 0x3b, 0xc0, 0x68, 0xc5, 0x41, 0xa0, 0x9d,
+  0x82, 0x15, 0xc4, 0xdd, 0x47, 0x1c, 0x5b, 0xa9,
+  0x74, 0x18, 0xaf, 0x72, 0x63, 0x6b, 0x0a, 0x4e,
+  0x95, 0x09, 0x7a, 0xb5, 0x4b, 0x98, 0x85, 0xb9,
+  0x6d, 0x9d, 0x3b, 0x73, 0x8c, 0x29, 0x29, 0x29,
+};
+
+static char sig_dump[] = {
+  0x28, 0x37, 0x3a, 0x73, 0x69, 0x67, 0x2d, 0x76,
+  0x61, 0x6c, 0x28, 0x33, 0x3a, 0x64, 0x73, 0x61,
+  0x28, 0x31, 0x3a, 0x72, 0x32, 0x30, 0x3a, 0xb6,
+  0x60, 0x37, 0xef, 0x02, 0x7c, 0x7c, 0x6e, 0x4f,
+  0x66, 0x8c, 0x7c, 0x26, 0x77, 0xd9, 0x33, 0x90,
+  0xba, 0x7c, 0xfb, 0x29, 0x28, 0x31, 0x3a, 0x73,
+  0x32, 0x30, 0x3a, 0x83, 0xc0, 0x84, 0x72, 0xc6,
+  0x1c, 0x85, 0x6f, 0x8b, 0x9b, 0xb0, 0x38, 0x38,
+  0xb2, 0xb6, 0xdf, 0x1c, 0x52, 0x96, 0x1b, 0x29,
+  0x29, 0x29,
+};
+
+extern gcry_pk_spec

[PATCH 2/7] Import b64dec from gpg-error

2025-04-01 Thread Vladimir Serbinenko 
Base on libgpg-error 1.49 but with modifications to make it compile
in GRUB environment

Signed-off-by: Vladimir Serbinenko 
---
 grub-core/lib/b64dec.c | 293 +
 1 file changed, 293 insertions(+)
 create mode 100644 grub-core/lib/b64dec.c

diff --git a/grub-core/lib/b64dec.c b/grub-core/lib/b64dec.c
new file mode 100644
index 0..8aafa9700
--- /dev/null
+++ b/grub-core/lib/b64dec.c
@@ -0,0 +1,293 @@
+/* b64dec.c - Simple Base64 decoder.
+ * Copyright (C) 2008, 2011 Free Software Foundation, Inc.
+ * Copyright (C) 2008, 2011, 2016 g10 Code GmbH
+ *
+ * This file is part of Libgpg-error.
+ *
+ * This file is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This file is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, see .
+ * SPDX-License-Identifier: LGPL-2.1-or-later
+ *
+ * This file was originally a part of GnuPG.
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+struct _gpgrt_b64state
+{
+  int idx;
+  int quad_count;
+  char *title;
+  unsigned char radbuf[4];
+  unsigned int crc;
+  gpg_err_code_t lasterr;
+  unsigned int flags;
+  unsigned int stop_seen:1;
+  unsigned int invalid_encoding:1;
+  unsigned int using_decoder:1;
+};
+
+
+/* The reverse base-64 list used for base-64 decoding. */
+static unsigned char const asctobin[128] =
+  {
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
+0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
+0x3c, 0x3d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
+0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
+0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
+0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff
+  };
+
+enum decoder_states
+  {
+s_init, s_idle, s_lfseen, s_beginseen, s_waitheader, s_waitblank, s_begin,
+s_b64_0, s_b64_1, s_b64_2, s_b64_3,
+s_waitendtitle, s_waitend
+  };
+
+
+
+/* Allocate and initialize the context for the base64 decoder.  If
+   TITLE is NULL a plain base64 decoding is done.  If it is the empty
+   string the decoder will skip everything until a "-BEGIN " line
+   has been seen, decoding ends at a "END " line.  */
+gpgrt_b64state_t
+gpgrt_b64dec_start (const char *title)
+{
+  gpgrt_b64state_t state;
+  char *t = NULL;
+
+  if (title)
+{
+  t = grub_strdup (title);
+  if (!t)
+return NULL;
+}
+
+  state = grub_calloc (1, sizeof (struct _gpgrt_b64state));
+  if (!state)
+{
+  grub_free (t);
+  return NULL;
+}
+
+  if (t)
+{
+  state->title = t;
+  state->idx = s_init;
+}
+  else
+state->idx = s_b64_0;
+
+  state->using_decoder = 1;
+
+  return state;
+}
+
+
+/* Do in-place decoding of base-64 data of LENGTH in BUFFER.  Stores the
+   new length of the buffer at R_NBYTES. */
+gpg_err_code_t
+gpgrt_b64dec_proc (gpgrt_b64state_t state, void *buffer, size_t length,
+size_t *r_nbytes)
+{
+  enum decoder_states ds = state->idx;
+  unsigned char val = state->radbuf[0];
+  int pos = state->quad_count;
+  char *d, *s;
+
+  if (state->lasterr)
+return state->lasterr;
+
+  if (state->stop_seen)
+{
+  *r_nbytes = 0;
+  state->lasterr = GPG_ERR_EOF;
+  grub_free (state->title);
+  state->title = NULL;
+  return state->lasterr;
+}
+
+  for (s=d=buffer; length && !state->stop_seen; length--, s++)
+{
+again:
+  switch (ds)
+{
+case s_idle:
+  if (*s == '\n')
+{
+  ds = s_lfseen;
+  pos = 0;
+}
+  break;
+case s_init:
+  ds = s_lfseen;
+  /* Fall through */
+case s_lfseen:
+  if (*s != "-BEGIN "[pos])
+{
+  ds = s_idle;
+  goto again;
+}
+  else if (pos == 10)
+{
+  pos = 0;
+  ds = s_beginseen;
+}
+  else
+pos++;
+  break;
+case s_

[PATCH 7/7] Remove now unneeded gcrypt compilation flag

2025-04-01 Thread Vladimir Serbinenko 
Signed-off-by: Vladimir Serbinenko 
---
 conf/Makefile.common | 2 +-
 util/import_gcry.py  | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/conf/Makefile.common b/conf/Makefile.common
index 5cada4568..0df4d6e7a 100644
--- a/conf/Makefile.common
+++ b/conf/Makefile.common
@@ -82,7 +82,7 @@ CFLAGS_POSIX = -fno-builtin
 CPPFLAGS_POSIX = -I$(top_srcdir)/grub-core/lib/posix_wrap
 
 CFLAGS_GCRY = -Wno-error=sign-compare -Wno-missing-field-initializers 
-Wno-redundant-decls -Wno-undef $(CFLAGS_POSIX)
-CPPFLAGS_GCRY = -I$(top_srcdir)/grub-core/lib/libgcrypt_wrap $(CPPFLAGS_POSIX) 
-D_GCRYPT_IN_LIBGCRYPT=1 -D_GCRYPT_CONFIG_H_INCLUDED=1 -DHAVE_STRTOUL=1 
-I$(top_srcdir)/include/grub/gcrypt
+CPPFLAGS_GCRY = -I$(top_srcdir)/grub-core/lib/libgcrypt_wrap $(CPPFLAGS_POSIX) 
-D_GCRYPT_IN_LIBGCRYPT=1 -D_GCRYPT_CONFIG_H_INCLUDED=1 
-I$(top_srcdir)/include/grub/gcrypt
 
 CPPFLAGS_EFIEMU = -I$(top_srcdir)/grub-core/efiemu/runtime
 
diff --git a/util/import_gcry.py b/util/import_gcry.py
index 102c7d8ff..6b181655c 100644
--- a/util/import_gcry.py
+++ b/util/import_gcry.py
@@ -608,6 +608,7 @@ for src in sorted (os.listdir (os.path.join (indir, 
"src"))):
 if src == "g10lib.h":
 fw.write("#include \n")
 fw.write("#include \n")
+fw.write("#include \n")
 fw.write (f.read ().replace ("(printf,f,a)", 
"(__printf__,f,a)").replace ("#include \"../compat/libcompat.h\"", 
"").replace("#define N_(a) (a)", ""))
 f.close ()
 fw.close ()
-- 
2.49.0


___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[PATCH 5/7] keccak: Disable acceleration with SSE asm

2025-04-01 Thread Vladimir Serbinenko 
Libgcrypt code assumes that on x64 all SSE registers are fair game.
While it's true that CPUs in question support it, we disable it in
our compilation options. Disable the offending optimization.

Signed-off-by: Vladimir Serbinenko 
---
 .../lib/libgcrypt-patches/02_keccak_sse.patch | 23 +++
 1 file changed, 23 insertions(+)
 create mode 100644 grub-core/lib/libgcrypt-patches/02_keccak_sse.patch

diff --git a/grub-core/lib/libgcrypt-patches/02_keccak_sse.patch 
b/grub-core/lib/libgcrypt-patches/02_keccak_sse.patch
new file mode 100644
index 0..c153518da
--- /dev/null
+++ b/grub-core/lib/libgcrypt-patches/02_keccak_sse.patch
@@ -0,0 +1,23 @@
+commit b0cf06271da5fe20360953a53a47c69da89669cd
+Author: Vladimir Serbinenko 
+Date:   Sun Apr 7 06:33:11 2024 +0300
+
+keccak: Disable acceleration with SSE asm
+
+Libgcrypt code assumes that on x64 all SSE registers are fair game.
+While it's true that CPUs in question support it, we disable it in
+our compilation options. Disable the offending optimization.
+
+diff --git a/grub-core/lib/libgcrypt/cipher/keccak.c 
b/grub-core/lib/libgcrypt/cipher/keccak.c
+index 11e64b3e7..8b570263b 100644
+--- a/grub-core/lib/libgcrypt-grub/cipher/keccak.c
 b/grub-core/lib/libgcrypt-grub/cipher/keccak.c
+@@ -251,7 +251,7 @@ keccak_absorb_lane32bi(u32 *lane, u32 x0, u32 x1)
+ /* Construct generic 64-bit implementation. */
+ #ifdef USE_64BIT
+ 
+-#if __GNUC__ >= 4 && defined(__x86_64__)
++#if __GNUC__ >= 4 && defined(__x86_64__) && 0
+ 
+ static inline void absorb_lanes64_8(u64 *dst, const byte *in)
+ {
-- 
2.49.0


___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH GRUB] fs/xfs: fix large extent counters incompat feature support

2025-04-01 Thread Vladimir 'phcoder' Serbinenko 
Reviewed-By : Vladimir Serbinenko phco...@gmail.com

Le mer. 4 déc. 2024, 17:12, Eric Sandeen  a écrit :

> When large extent counter / NREXT64 support was added to grub, it missed
> a couple of direct reads of nextents which need to be changed to the new
> NREXT64-aware helper as well. Without this, we'll have mis-reads of some
> directories with this feature enabled.
>
> (The large extent counter fix likely raced on merge with
> 07318ee7e ("fs/xfs: Fix XFS directory extent parsing") which added the new
> direct nextents reads just prior, causing this issue.)
>
> Fixes: aa7c1322671e ("fs/xfs: Add large extent counters incompat feature
> support")
> Signed-off-by: Eric Sandeen 
> ---
>
> diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
> index 8e02ab4a3..92046f9bd 100644
> --- a/grub-core/fs/xfs.c
> +++ b/grub-core/fs/xfs.c
> @@ -926,7 +926,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
>  * Leaf and tail information are only in the data block if the
> number
>  * of extents is 1.
>  */
> -   if (dir->inode.nextents == grub_cpu_to_be32_compile_time (1))
> +   if (grub_xfs_get_inode_nextents(&dir->inode) == 1)
>   {
> struct grub_xfs_dirblock_tail *tail = grub_xfs_dir_tail
> (dir->data, dirblock);
>
> @@ -980,7 +980,7 @@ grub_xfs_iterate_dir (grub_fshelp_node_t dir,
>  * The expected number of directory entries is only
> tracked for the
>  * single extent case.
>  */
> -   if (dir->inode.nextents == grub_cpu_to_be32_compile_time
> (1))
> +   if (grub_xfs_get_inode_nextents(&dir->inode) == 1)
>   {
> /* Check if last direntry in this block is reached. */
> entries--;
>
>
> ___
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
>
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[PATCH v3 2/5] efi/sb: Add support for the shim loader protocol

2025-04-01 Thread Mate Kukri 
Use loader protocol for image verification where available, otherwise
fall back to the old shim lock protocol.

Signed-off-by: Mate Kukri 
---
 grub-core/kern/efi/sb.c  | 58 
 grub-core/loader/efi/linux.c |  6 ++--
 include/grub/efi/api.h   |  5 
 include/grub/efi/sb.h|  2 +-
 4 files changed, 41 insertions(+), 30 deletions(-)

diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
index 8d3e41360..34ba323ee 100644
--- a/grub-core/kern/efi/sb.c
+++ b/grub-core/kern/efi/sb.c
@@ -31,8 +31,10 @@
 #include 
 
 static grub_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID;
+static grub_guid_t shim_loader_guid = GRUB_EFI_SHIM_IMAGE_LOADER_GUID;
 
-static bool shim_lock_enabled = false;
+static grub_efi_loader_t *shim_loader = NULL;
+static grub_efi_shim_lock_protocol_t *shim_lock = NULL;
 
 /*
  * Determine whether we're in secure boot mode.
@@ -95,14 +97,6 @@ grub_efi_get_secureboot (void)
   if (!(attr & GRUB_EFI_VARIABLE_RUNTIME_ACCESS) && *moksbstate == 1)
 {
   secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED;
-  /*
-   * TODO: Replace this all with shim's LoadImage protocol, delegating 
policy to it.
-   *
-   * We need to set shim_lock_enabled here because we disabled secure boot
-   * validation *inside* shim but not in the firmware, so we set this 
variable
-   * here to trigger that code path, whereas the actual verifier is not 
enabled.
-   */
-  shim_lock_enabled = true;
   goto out;
 }
 
@@ -183,15 +177,24 @@ shim_lock_verifier_init (grub_file_t io __attribute__ 
((unused)),
 static grub_err_t
 shim_lock_verifier_write (void *context __attribute__ ((unused)), void *buf, 
grub_size_t size)
 {
-  grub_efi_shim_lock_protocol_t *sl = grub_efi_locate_protocol 
(&shim_lock_guid, 0);
+  grub_efi_handle_t image_handle;
 
-  if (!sl)
-return grub_error (GRUB_ERR_ACCESS_DENIED, N_("shim_lock protocol not 
found"));
+  if (shim_loader)
+{
+
+  if (shim_loader->load_image (false, grub_efi_image_handle, NULL, buf, 
size, &image_handle) != GRUB_EFI_SUCCESS)
+return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim signature"));
 
-  if (sl->verify (buf, size) != GRUB_EFI_SUCCESS)
-return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim signature"));
+  return GRUB_ERR_NONE;
+}
+  if (shim_lock)
+{
+  if (sl->verify (buf, size) != GRUB_EFI_SUCCESS)
+return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim signature"));
+  return GRUB_ERR_NONE;
+}
 
-  return GRUB_ERR_NONE;
+  return grub_error (GRUB_ERR_ACCESS_DENIED, N_("shim protocols not found"));
 }
 
 struct grub_file_verifier shim_lock_verifier =
@@ -205,11 +208,17 @@ void
 grub_shim_lock_verifier_setup (void)
 {
   struct grub_module_header *header;
-  grub_efi_shim_lock_protocol_t *sl =
-grub_efi_locate_protocol (&shim_lock_guid, 0);
 
-  /* shim_lock is missing, check if GRUB image is built with 
--disable-shim-lock. */
-  if (!sl)
+  /* Secure Boot is off. Ignore shim. */
+  if (grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED)
+return;
+
+  /* Find both shim protocols */
+  shim_loader = grub_efi_locate_protocol (&shim_loader_guid, 0);
+  shim_lock = grub_efi_locate_protocol (&shim_lock_guid, 0);
+
+  /* shim is missing, check if GRUB image is built with --disable-shim-lock. */
+  if (!shim_loader && !shim_lock)
 {
   FOR_MODULES (header)
{
@@ -218,21 +227,18 @@ grub_shim_lock_verifier_setup (void)
}
 }
 
-  /* Secure Boot is off. Do not load shim_lock. */
-  if (grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED)
-return;
-
   /* Enforce shim_lock_verifier. */
   grub_verifier_register (&shim_lock_verifier);
 
-  shim_lock_enabled = true;
+  /* Register shim loader if supported. */
+  grub_efi_register_loader (shim_loader);
 
   grub_env_set ("shim_lock", "y");
   grub_env_export ("shim_lock");
 }
 
 bool
-grub_is_shim_lock_enabled (void)
+grub_is_using_legacy_shim_lock_protocol (void)
 {
-  return shim_lock_enabled;
+  return !shim_loader && shim_lock;
 }
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 7342f3ee7..9cd84ab12 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -461,10 +461,10 @@ grub_cmd_linux (grub_command_t cmd __attribute__ 
((unused)),
 
   grub_dl_ref (my_mod);
 
-  if (grub_is_shim_lock_enabled () == true)
+  if (grub_is_using_legacy_shim_lock_protocol () == true)
 {
 #if defined(__i386__) || defined(__x86_64__)
-  grub_dprintf ("linux", "shim_lock enabled, falling back to legacy Linux 
kernel loader\n");
+  grub_dprintf ("linux", "using legacy shim_lock protocol, falling back to 
legacy Linux kernel loader\n");
 
   err = grub_cmd_linux_x86_legacy (cmd, argc, argv);
 
@@ -473,7 +473,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
   else
goto fail;
 #else
-  grub_dprintf ("linux", "shim_lock enabled,

[PATCH 6/7] libgcrypt: Fix coverity warnings

2025-04-01 Thread Vladimir Serbinenko 
Signed-off-by: Vladimir Serbinenko 
---
 .../lib/libgcrypt-patches/03_coverity.patch   | 45 +++
 1 file changed, 45 insertions(+)
 create mode 100644 grub-core/lib/libgcrypt-patches/03_coverity.patch

diff --git a/grub-core/lib/libgcrypt-patches/03_coverity.patch 
b/grub-core/lib/libgcrypt-patches/03_coverity.patch
new file mode 100644
index 0..5f1ecccac
--- /dev/null
+++ b/grub-core/lib/libgcrypt-patches/03_coverity.patch
@@ -0,0 +1,45 @@
+diff --git a/grub-core/lib/libgcrypt/mpi/mpiutil.c 
b/grub-core/lib/libgcrypt/mpi/mpiutil.c
+index 3a372374f..dc53db09d 100644
+--- a/grub-core/lib/libgcrypt-grub/mpi/mpiutil.c
 b/grub-core/lib/libgcrypt-grub/mpi/mpiutil.c
+@@ -443,6 +443,9 @@ _gcry_mpi_alloc_like( gcry_mpi_t a )
+   int n = (a->sign+7)/8;
+   void *p = _gcry_is_secure(a->d)? xtrymalloc_secure (n)
+: xtrymalloc (n);
++  if ( !p ) {
++_gcry_fatal_error (GPG_ERR_ENOMEM, NULL);
++  }
+   memcpy( p, a->d, n );
+   b = mpi_set_opaque( NULL, p, a->sign );
+ }
+diff --git a/grub-core/lib/libgcrypt/src/sexp.c 
b/grub-core/lib/libgcrypt/src/sexp.c
+index d15f1a790..250559f75 100644
+--- a/grub-core/lib/libgcrypt-grub/src/sexp.c
 b/grub-core/lib/libgcrypt-grub/src/sexp.c
+@@ -1157,6 +1157,17 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+   }\
+} while (0)
+ 
++#define MAKE_SPACE_EXTRA_CLEANUP(n, cleanup)  do {
\
++gpg_err_code_t _ms_err = make_space (&c, (n)); \
++if (_ms_err)   \
++  {\
++err = _ms_err; \
++*erroff = p - buffer;  \
++  cleanup;   \
++goto leave;\
++  }\
++   } while (0)
++
+   /* The STORE_LEN macro is used to store the length N at buffer P. */
+ #define STORE_LEN(p,n) do {  \
+   DATALEN ashort = (n);  \
+@@ -1368,7 +1379,7 @@ do_vsexp_sscan (gcry_sexp_t *retsexp, size_t *erroff,
+   goto leave;
+ }
+ 
+-  MAKE_SPACE (datalen);
++  MAKE_SPACE_EXTRA_CLEANUP (datalen, xfree (b64buf));
+   *c.pos++ = ST_DATA;
+   STORE_LEN (c.pos, datalen);
+   for (i = 0; i < datalen; i++)
-- 
2.49.0


___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[PATCH v3 4/5] loader/efi/chainloader: Use shim loader image handle where available

2025-04-01 Thread Mate Kukri 
Signed-off-by: Mate Kukri 
---
 grub-core/loader/efi/chainloader.c | 21 +
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/grub-core/loader/efi/chainloader.c 
b/grub-core/loader/efi/chainloader.c
index 11b64ac1b..e77bd863c 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -33,6 +33,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -337,16 +338,20 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ 
((unused)),
 }
 #endif
 
-  status = grub_efi_load_image (0, grub_efi_image_handle, file_path,
-   boot_image, size, &image_handle);
-  if (status != GRUB_EFI_SUCCESS)
+  image_handle = grub_efi_get_last_verified_image_handle ();
+  if (image_handle == NULL)
 {
-  if (status == GRUB_EFI_OUT_OF_RESOURCES)
-   grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources");
-  else
-   grub_error (GRUB_ERR_BAD_OS, "cannot load image");
+  status = grub_efi_load_image (0, grub_efi_image_handle, file_path,
+   boot_image, size, &image_handle);
+  if (status != GRUB_EFI_SUCCESS)
+   {
+ if (status == GRUB_EFI_OUT_OF_RESOURCES)
+   grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources");
+ else
+   grub_error (GRUB_ERR_BAD_OS, "cannot load image");
 
-  goto fail;
+ goto fail;
+   }
 }
 
   /* LoadImage does not set a device handler when the image is
-- 
2.39.5


___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[PATCH v3 1/5] efi: Provide wrappers for load_image, start_image, unload_image

2025-04-01 Thread Mate Kukri 
From: Julian Andres Klode 

These can be used to register a different implementation later,
for example, when shim provides a protocol with those functions.

Signed-off-by: Mate Kukri 
---
 grub-core/kern/efi/efi.c   | 57 ++
 grub-core/loader/efi/chainloader.c | 13 +++
 grub-core/loader/efi/linux.c   | 12 +++
 include/grub/efi/efi.h | 42 ++
 4 files changed, 109 insertions(+), 15 deletions(-)

diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
index b93ae3aba..77456835e 100644
--- a/grub-core/kern/efi/efi.c
+++ b/grub-core/kern/efi/efi.c
@@ -1049,3 +1049,60 @@ grub_efi_find_configuration_table (const grub_guid_t 
*target_guid)
 
   return 0;
 }
+
+static const grub_efi_loader_t *override_loader = NULL;
+
+grub_err_t
+grub_efi_register_loader (const grub_efi_loader_t *loader)
+{
+  if (override_loader != NULL)
+return grub_error (GRUB_ERR_BUG, "trying to register different loader");
+  override_loader = loader;
+  return GRUB_ERR_NONE;
+}
+
+grub_err_t
+grub_efi_unregister_loader (const grub_efi_loader_t *loader)
+{
+  if (loader != override_loader)
+return grub_error (GRUB_ERR_BUG, "trying to unregister different loader");
+
+  override_loader = NULL;
+  return GRUB_ERR_NONE;
+}
+
+grub_efi_status_t
+grub_efi_load_image (grub_efi_boolean_t boot_policy,
+grub_efi_handle_t parent_image_handle,
+grub_efi_device_path_t *file_path, void *source_buffer,
+grub_efi_uintn_t source_size,
+grub_efi_handle_t *image_handle)
+{
+  if (override_loader != NULL)
+return override_loader->load_image (boot_policy, parent_image_handle,
+   file_path, source_buffer, source_size,
+   image_handle);
+  return grub_efi_system_table->boot_services->load_image (
+  boot_policy, parent_image_handle, file_path, source_buffer, source_size,
+  image_handle);
+}
+
+grub_efi_status_t
+grub_efi_start_image (grub_efi_handle_t image_handle,
+ grub_efi_uintn_t *exit_data_size,
+ grub_efi_char16_t **exit_data)
+{
+  if (override_loader != NULL)
+return override_loader->start_image (image_handle, exit_data_size,
+exit_data);
+  return grub_efi_system_table->boot_services->start_image (
+  image_handle, exit_data_size, exit_data);
+}
+
+grub_efi_status_t
+grub_efi_unload_image (grub_efi_handle_t image_handle)
+{
+  if (override_loader != NULL)
+return override_loader->unload_image (image_handle);
+  return grub_efi_system_table->boot_services->unload_image (image_handle);
+}
diff --git a/grub-core/loader/efi/chainloader.c 
b/grub-core/loader/efi/chainloader.c
index 869307bf3..11b64ac1b 100644
--- a/grub-core/loader/efi/chainloader.c
+++ b/grub-core/loader/efi/chainloader.c
@@ -50,14 +50,12 @@ grub_chainloader_unload (void *context)
 {
   grub_efi_handle_t image_handle = (grub_efi_handle_t) context;
   grub_efi_loaded_image_t *loaded_image;
-  grub_efi_boot_services_t *b;
 
   loaded_image = grub_efi_get_loaded_image (image_handle);
   if (loaded_image != NULL)
 grub_free (loaded_image->load_options);
 
-  b = grub_efi_system_table->boot_services;
-  b->unload_image (image_handle);
+  grub_efi_unload_image (image_handle);
 
   grub_dl_unref (my_mod);
   return GRUB_ERR_NONE;
@@ -73,7 +71,7 @@ grub_chainloader_boot (void *context)
   grub_efi_char16_t *exit_data = NULL;
 
   b = grub_efi_system_table->boot_services;
-  status = b->start_image (image_handle, &exit_data_size, &exit_data);
+  status = grub_efi_start_image (image_handle, &exit_data_size, &exit_data);
   if (status != GRUB_EFI_SUCCESS)
 {
   if (exit_data)
@@ -339,9 +337,8 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ 
((unused)),
 }
 #endif
 
-  status = b->load_image (0, grub_efi_image_handle, file_path,
- boot_image, size,
- &image_handle);
+  status = grub_efi_load_image (0, grub_efi_image_handle, file_path,
+   boot_image, size, &image_handle);
   if (status != GRUB_EFI_SUCCESS)
 {
   if (status == GRUB_EFI_OUT_OF_RESOURCES)
@@ -418,7 +415,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ 
((unused)),
 b->free_pages (address, pages);
 
   if (image_handle != NULL)
-b->unload_image (image_handle);
+grub_efi_unload_image (image_handle);
 
   grub_dl_unref (my_mod);
 
diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 78ea07ca8..7342f3ee7 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -187,7 +187,6 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, 
grub_size_t size, char *args)
 {
   grub_efi_memory_mapped_device_path_t *mempath;
   grub_efi_handle_t image_handle;
-  grub_efi_boot_services_t *b;
   grub_efi_status_t status;
   grub_efi_lo

[PATCH v3 3/5] efi/sb: Add API for retrieving shim loader image handles

2025-04-01 Thread Mate Kukri 
Not reusing these handles will result in image measurements showing up
twice in the event log.

Signed-off-by: Mate Kukri 
---
 grub-core/kern/efi/sb.c | 16 
 include/grub/efi/sb.h   |  4 
 2 files changed, 20 insertions(+)

diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
index 34ba323ee..6c4dd5f85 100644
--- a/grub-core/kern/efi/sb.c
+++ b/grub-core/kern/efi/sb.c
@@ -36,6 +36,8 @@ static grub_guid_t shim_loader_guid = 
GRUB_EFI_SHIM_IMAGE_LOADER_GUID;
 static grub_efi_loader_t *shim_loader = NULL;
 static grub_efi_shim_lock_protocol_t *shim_lock = NULL;
 
+static grub_efi_handle_t last_verified_image_handle;
+
 /*
  * Determine whether we're in secure boot mode.
  *
@@ -181,10 +183,16 @@ shim_lock_verifier_write (void *context __attribute__ 
((unused)), void *buf, gru
 
   if (shim_loader)
 {
+  if (last_verified_image_handle)
+{
+  shim_loader->unload_image (last_verified_image_handle);
+  last_verified_image_handle = NULL;
+}
 
   if (shim_loader->load_image (false, grub_efi_image_handle, NULL, buf, 
size, &image_handle) != GRUB_EFI_SUCCESS)
 return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim signature"));
 
+  last_verified_image_handle = image_handle;
   return GRUB_ERR_NONE;
 }
   if (shim_lock)
@@ -242,3 +250,11 @@ grub_is_using_legacy_shim_lock_protocol (void)
 {
   return !shim_loader && shim_lock;
 }
+
+grub_efi_handle_t
+grub_efi_get_last_verified_image_handle (void)
+{
+  grub_efi_handle_t tmp = last_verified_image_handle;
+  last_verified_image_handle = NULL;
+  return tmp;
+}
diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h
index 4cae88376..149005ced 100644
--- a/include/grub/efi/sb.h
+++ b/include/grub/efi/sb.h
@@ -21,6 +21,7 @@
 
 #include 
 #include 
+#include 
 
 #define GRUB_EFI_SECUREBOOT_MODE_UNSET 0
 #define GRUB_EFI_SECUREBOOT_MODE_UNKNOWN   1
@@ -34,6 +35,9 @@ EXPORT_FUNC (grub_efi_get_secureboot) (void);
 extern bool
 EXPORT_FUNC (grub_is_using_legacy_shim_lock_protocol) (void);
 
+extern grub_efi_handle_t
+EXPORT_FUNC (grub_efi_get_last_verified_image_handle) (void);
+
 extern void
 grub_shim_lock_verifier_setup (void);
 #else
-- 
2.39.5


___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH v2 3/3] blsuki: Add uki command to load Unified Kernel Image entries

2025-04-01 Thread Vladimir 'phcoder' Serbinenko 
Le jeu. 27 mars 2025, 23:44, Alec Brown  a écrit :

> On Wed, Mar 26, 2025 at 5:43 AM, Vladimir 'phcoder' Serbinenko <
> phco...@gmail.com> wrote:
> >>
> >>
> >>
> >> +#ifdef GRUB_MACHINE_EFI
> >> +#include 
> >> +#include 
> >> +#include 
> >> +#endif
> >> +
> >>
> > Can UKI work without EFI? I think of scenario of putting e.g. EFI disk
> into
> > coreboot or BIOS machine.
>
> No UKI only works EFI systems.
>

Can GRUB parse image and get kernel and initrd out of it and load like
Linux? What prevents add doing so. This is not a problem for this patch per
se but I want to understand

>
> >>
> > What's the purpose of fallback? It's not what user/script has requested.
> It
> > needs to be at very least disableable
>
> The fallback code was from some of the old blscfg code I was working with
> and
> I added the UKI default directory. I'll add an option in case the user
> wants
> this behavior.
>
> >
> >>
> >>
> >> +   }
> >> +  else if (cmd_type == GRUB_UKI_CMD)
> >> +   {
> >> +#ifdef GRUB_MACHINE_EFI
> >> + grub_efi_loaded_image_t *image;
> >> + image = grub_efi_get_loaded_image (grub_efi_image_handle);
> >> + devid = grub_efidisk_get_device_name (image->device_handle);
> >> +#endif
> >>
> > This uses grub image location. What about a scenario when booted from
> > external drive and I want to boot into install on primary disk?
>
> Maybe I might not understand this scenario very well, but would it be
> better
> to load the UKI directory using the "--path" option? This bit of code is
> trying to locate the EFI system partition of the default directory. I'm not
> entirely sure the best way to find the default directory if it were to be
> on
> a different drive.
>
Does --path disable default path scanning?
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

Re: [PATCH v3 0/5] shim loader protocol changes

2025-04-01 Thread Mate Kukri 
NOTE that leaving in the shim lock fallback has a downside, which is
that the following contrived scenario will let all checks pass, and
create unavoidable crashes:
1. you are running a system with a real NX mode
2. you have signed an NX_COMPAT + NX_REQUIRE (no one should _ever_
sign NX_COMPAT without NX_REQUIRE) shim 15.8 (this will switch NX mode
on in the firmware)
3. you have signed an NX_COMPAT GRUB (shim will let the GRUB pass and
the GRUB will run)
4. you have signed a NX_COMPAT kernel (shim_lock->verify() will allow
the kernel, but GRUB will use the legacy loader due to the presence of
only shim 15.8)

The reasons I am calling said crashes unavoidable is due to:
- for 1. no api to query the firmware NX mode being on or not
- for 2., no api to query shim NX_COMPAT or NX_REQUIRE:
  NX_COMPAT is only available via gross hacks that parse the shim PE
header in memory,
  and the MokPolicy variable (and NX_REQUIRE) is only exposed via EFI
vars or config tables if
  using non-default value.
- so grub in 3. has no reliable way to tell if it can ever allow the
legacy loader fallback, hence why I initially removed it.

On Tue, Apr 1, 2025 at 11:26 AM Mate Kukri  wrote:
>
> Julian Andres Klode (1):
>   efi: Provide wrappers for load_image, start_image, unload_image
>
> Mate Kukri (4):
>   efi/sb: Add support for the shim loader protocol
>   efi/sb: Add API for retrieving shim loader image handles
>   loader/efi/chainloader: Use shim loader image handle where available
>   loader/efi/linux: Use shim loader image handle where available
>
>  grub-core/kern/efi/efi.c   | 57 +++
>  grub-core/kern/efi/sb.c| 74 +++---
>  grub-core/loader/efi/chainloader.c | 30 ++--
>  grub-core/loader/efi/linux.c   | 26 ++-
>  include/grub/efi/api.h |  5 ++
>  include/grub/efi/efi.h | 42 +
>  include/grub/efi/sb.h  |  6 ++-
>  7 files changed, 187 insertions(+), 53 deletions(-)
>
> --
> 2.39.5
>

___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[PATCH v3 5/5] loader/efi/linux: Use shim loader image handle where available

2025-04-01 Thread Mate Kukri 
Signed-off-by: Mate Kukri 
---
 grub-core/loader/efi/linux.c | 14 +-
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index 9cd84ab12..1829d5689 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -206,11 +206,15 @@ grub_arch_efi_linux_boot_image (grub_addr_t addr, 
grub_size_t size, char *args)
   mempath[1].header.subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE;
   mempath[1].header.length = sizeof (grub_efi_device_path_t);
 
-  status = grub_efi_load_image (0, grub_efi_image_handle,
-   (grub_efi_device_path_t *)mempath,
-   (void *)addr, size, &image_handle);
-  if (status != GRUB_EFI_SUCCESS)
-return grub_error (GRUB_ERR_BAD_OS, "cannot load image");
+  image_handle = grub_efi_get_last_verified_image_handle ();
+  if (image_handle == NULL)
+{
+  status = grub_efi_load_image (0, grub_efi_image_handle,
+   (grub_efi_device_path_t *)mempath,
+   (void *)addr, size, &image_handle);
+  if (status != GRUB_EFI_SUCCESS)
+   return grub_error (GRUB_ERR_BAD_OS, "cannot load image");
+}
 
   grub_dprintf ("linux", "linux command line: '%s'\n", args);
 
-- 
2.39.5


___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel