Re: [PATCH 1/2] Warn on small MBR gaps on complicated setups

On Tue, Nov 10, 2020 at 08:49:52PM +0100, Vladimir 'phcoder' Serbinenko wrote: > From: Vladimir Serbinenko > Date: Tue, 10 Nov 2020 20:42:12 +0100 > Subject: [PATCH 1/2] Warn on small MBR gaps on complicated setups > > Signed-off-by: Vladimir Serbinenko > --- > grub-core/partmap/gpt.c | 9

Re: [GRUB RFC PATCH 00/22] i386: Intel TXT and AMD SKINIT secure launcher

On Tue, Nov 10, 2020 at 03:44:38PM +0100, Krystian Hebel wrote: > Hi, > > This is an addition to the RFC patchset which introduced TrenchBoot support > for > Intel TXT. > > It includes all original patches sent by Daniel Kiper back in May, rebased on So .. if they are Daniel's should this.. > K

Re: [PATCH] Cryptomount support for key files and detached header

On Tue, 10 Nov 2020 01:09:20 +0300 Dmitry wrote: > вт, 10 нояб. 2020 г. в 00:34, Glenn Washburn > : > > > > On Mon, 9 Nov 2020 10:56:51 +0300 > > Dmitry wrote: > > > > > Thanks for feedback. First of all I think it's preferable to > > > introduce the master-key option at the beginning. Because I

[PATCH 1/2] Warn on small MBR gaps on complicated setups

From: Vladimir Serbinenko Date: Tue, 10 Nov 2020 20:42:12 +0100 Subject: [PATCH 1/2] Warn on small MBR gaps on complicated setups Signed-off-by: Vladimir Serbinenko --- grub-core/partmap/gpt.c | 9 - grub-core/partmap/msdos.c | 7 ++- include/grub/partition.h| 3 ++- in

[PATCH 2/2] Document new limitations on MBR gap support

From ee235437cd82fd179574cd1838712f7b91b38f2c Mon Sep 17 00:00:00 2001 From: Vladimir Serbinenko Date: Tue, 10 Nov 2020 20:23:56 +0100 Subject: [PATCH 2/2] Document new limitations on MBR gap support Signed-off-by: Vladimir Serbinenko --- docs/grub.texi | 43

[GRUB PATCH RFC 22/22] i386/slaunch: Add support for AMD SKINIT

Signed-off-by: Krystian Hebel --- grub-core/Makefile.core.def | 1 + grub-core/lib/i386/relocator32.S | 6 ++ grub-core/loader/i386/linux.c| 30 +- grub-core/loader/i386/slaunch.c | 21 - include/grub/i386/slaunch.h | 11 +++

[GRUB PATCH RFC 20/22] i386/skinit: Add AMD SKINIT definitions header file

Signed-off-by: Krystian Hebel --- include/grub/i386/skinit.h | 46 ++ 1 file changed, 46 insertions(+) create mode 100644 include/grub/i386/skinit.h diff --git a/include/grub/i386/skinit.h b/include/grub/i386/skinit.h new file mode 100644 index ..

[GRUB PATCH RFC 11/22] efi: Add a function to read EFI variables with attributes

From: Norbert Kaminski It will be used to properly detect and report UEFI Secure Boot status to the x86 Linux kernel. The functionality will be added by subsequent patches. Signed-off-by: Ignat Korchagin Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski --- grub-core/kern/efi/efi.c

[GRUB PATCH RFC 18/22] i386/slaunch: Add secure launch framework and commands

From: Norbert Kaminski Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski Signed-off-by: Krystian Hebel --- grub-core/Makefile.am| 3 + grub-core/Makefile.core.def | 15 +++ grub-core/lib/i386/relocator32.S | 8 ++ grub-core/loader

[GRUB PATCH RFC 16/22] i386/txt: Add Intel TXT ACM module support

From: Norbert Kaminski Signed-off-by: Ross Philipson Daniel Kiper Signed-off-by: Norbert Kaminski --- grub-core/loader/i386/txt/acmod.c | 575 ++ 1 file changed, 575 insertions(+) create mode 100644 grub-core/loader/i386/txt/acmod.c diff --git a/grub-core/loader/

[GRUB PATCH RFC 05/22] i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and make it global

From: Norbert Kaminski Subsequent patches will use that constant. Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski --- grub-core/loader/i386/xen.c | 35 +-- include/grub/i386/memory.h | 1 + 2 files changed, 18 insertions(+), 18 deletions(-) diff

[GRUB PATCH RFC 17/22] i386/txt: Add Intel TXT verification routines

From: Norbert Kaminski Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski --- grub-core/loader/i386/txt/verify.c | 297 + 1 file changed, 297 insertions(+) create mode 100644 grub-core/loader/i386/txt/verify.c diff --git a/g

[GRUB PATCH RFC 21/22] i386/skinit: Add AMD SKINIT core implementation

Signed-off-by: Krystian Hebel --- grub-core/loader/i386/skinit.c | 162 + 1 file changed, 162 insertions(+) create mode 100644 grub-core/loader/i386/skinit.c diff --git a/grub-core/loader/i386/skinit.c b/grub-core/loader/i386/skinit.c new file mode 100644 index 0

[GRUB PATCH RFC 14/22] i386/txt: Add Intel TXT definitions header file

From: Norbert Kaminski Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski --- include/grub/i386/txt.h | 690 1 file changed, 690 insertions(+) create mode 100644 include/grub/i386/txt.h diff --git a/include/grub

[GRUB PATCH RFC 03/22] i386/msr: Extract and improve MSR support detection code

From: Norbert Kaminski Currently rdmsr and wrmsr commands have own MSR support detection code. This code is the same. So, it is duplicated. Additionally, this code cannot be reused by others. Hence, extract this code to a function and make it public. By the way, improve a code a bit. Additionall

[GRUB PATCH RFC 19/22] i386/slaunch: Add code for searching for DRTM event log in ACPI

TCG D-RTM Architecture Specification defines DRTM ACPI table. Its fields include Event Log base and size. Note that not all of the firmware vendors fill that table, so leave the previous allocation as a fallback. Signed-off-by: Krystian Hebel --- grub-core/loader/i386/linux.c | 20 +++--- gr

[GRUB PATCH RFC 15/22] i386/txt: Add Intel TXT core implementation

From: Norbert Kaminski Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski --- grub-core/loader/i386/txt/txt.c | 886 include/grub/i386/memory.h | 5 + 2 files changed, 891 insertions(+) create mode 100644 grub-cor

[GRUB PATCH RFC 13/22] i386/slaunch: Add basic platform support for secure launch

From: Norbert Kaminski Signed-off-by: Ross Philipson Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski --- include/grub/i386/cpuid.h | 13 +++ include/grub/i386/crfr.h | 186 ++ include/grub/i386/mmio.h | 90 ++ include/grub/i3

[GRUB PATCH RFC 02/22] i386/msr: Rename grub_msr_read() and grub_msr_write()

From: Norbert Kaminski to grub_rdmsr() and grub_wrmsr() respectively. New names are more obvious than older ones. Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski --- grub-core/commands/i386/rdmsr.c | 2 +- grub-core/commands/i386/wrmsr.c | 2 +- include/grub/i386/msr.h | 4

[GRUB PATCH RFC 10/22] efi: Return grub_efi_status_t from grub_efi_get_variable()

From: Norbert Kaminski This is needed to properly detect and report UEFI Secure Boot status to the x86 Linux kernel. The functionality will be added by subsequent patches. Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski --- grub-core/commands/efi/efifwsetup.c | 8 grub-c

[GRUB PATCH RFC 12/22] i386/efi: Report UEFI Secure Boot status to the Linux kernel

From: Norbert Kaminski Otherwise the kernel does not know its state and cannot enable various security features depending on UEFI Secure Boot. Signed-off-by: Ignat Korchagin Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski --- grub-core/loader/i386/linux.c | 86 +++

[GRUB PATCH RFC 07/22] i386/tpm: Rename tpm module to tpm_verifier

From: Norbert Kaminski ..to avoid naming collision with TPM TIS and CRB driver introduced by subsequent patch. Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski --- docs/grub.texi | 15 --- grub-core/Makefile.core.def | 4 +

[GRUB PATCH RFC 09/22] efi: Make shim_lock GUID and protocol type public

From: Norbert Kaminski The GUID will be used to properly detect and report UEFI Secure Boot status to the x86 Linux kernel. The functionality will be added by subsequent patches. The shim_lock protocol type is made public for completeness. Additionally, fix formatting of four preceding GUIDs. S

[GRUB PATCH RFC 06/22] mmap: Add grub_mmap_get_lowest() and grub_mmap_get_highest()

From: Norbert Kaminski The functions calculate lowest and highest available RAM addresses respectively. Both functions are needed to calculate PMR boundaries for Intel TXT secure launcher introduced by subsequent patches. Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski --- grub-c

[GRUB PATCH RFC 08/22] i386/tpm: Add TPM TIS and CRB driver

From: Norbert Kaminski It will be used by Intel TXT secure launcher introduced by subsequent patches. Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski --- grub-core/commands/i386/tpm.c | 182 ++ include/grub/i386/tpm.h | 36 +++ 2 files ch

[GRUB PATCH RFC 04/22] i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT

From: Norbert Kaminski ..to avoid potential conflicts and confusion. Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski --- grub-core/lib/i386/xen/relocator.S | 6 +++--- grub-core/lib/x86_64/xen/relocator.S | 4 ++-- grub-core/loader/i386/xen.c | 28 ++--

[GRUB PATCH RFC 01/22] i386/msr: Merge rdmsr.h and wrmsr.h into msr.h

From: Norbert Kaminski It does not make sense to have separate headers for separate static functions. Additionally, we have to add some constants with MSR addresses in subsequent patches. So, make one common place to store them. Signed-off-by: Daniel Kiper Signed-off-by: Norbert Kaminski ---

[GRUB RFC PATCH 00/22] i386: Intel TXT and AMD SKINIT secure launcher

Hi, This is an addition to the RFC patchset which introduced TrenchBoot support for Intel TXT. It includes all original patches sent by Daniel Kiper back in May, rebased on the top of current master so the AMD-specific changes can be applied cleanly. Additionally, a small bug fix to patch 18 was

[ANNOUNCEMENT] GRUB mini-summit - 2nd virtual session Tue Nov 10 15:00 UTC

Hi, Next GRUB mini-summit session starts on Tue Nov 10 at 15:00 UTC. More you can find here: https://twitter.com/3mdeb_com/status/1325876700840943618 Daniel ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-de