Re: [PATCH 0/1] loader/efi/chainloader: Enhance error message of chainloader command

I think it would be better if we had a table of strings with the textual representation of all UEFI status codes and have that printed instead of unreadable hex salad. Mate On Fri, Apr 25, 2025 at 1:18 PM khaliid caliy wrote: > > This patch addresses some undescriptive error messages that grub >

Re: [PATCH 0/3] Use -shared compilation instead of -Wl,-r

ia32-efi build breaks with these patches, grub-mkimage seems to be missing relocation type 8 On Tue, Apr 8, 2025 at 4:16 PM Vladimir Serbinenko wrote: > > -Wl,-r is a partial linking and this file is only intended as intermediate > result for linker, not really intended for any other use. To make

Re: [PATCH 0/2] kern/efi/mm.c: add range check on risc-v

I think the premise behind this allocator patch was that mcmodel=large does not work on risc-v, i think we are better of forcing mcmodel=large everywhere if that works. On Tue, Apr 22, 2025 at 9:01 AM Vladimir 'phcoder' Serbinenko wrote: > > > > Le mar. 22 avr. 2025, 07:26, Adriano Cordova Fedeli

[PATCH v3 0/5] shim loader protocol changes

Julian Andres Klode (1): efi: Provide wrappers for load_image, start_image, unload_image Mate Kukri (4): efi/sb: Add support for the shim loader protocol efi/sb: Add API for retrieving shim loader image handles loader/efi/chainloader: Use shim loader image handle where available loader

Re: [PATCH v3 2/5] efi/sb: Add support for the shim loader protocol

Yes, sorry... On Wed, Apr 2, 2025 at 9:39 AM Michael Chang wrote: > > On Tue, Apr 01, 2025 at 11:26:42AM +0100, Mate Kukri wrote: > > Use loader protocol for image verification where available, otherwise > > fall back to the old shim lock protocol. > > >

[PATCH v3 4/5] loader/efi/chainloader: Use shim loader image handle where available

Signed-off-by: Mate Kukri --- grub-core/loader/efi/chainloader.c | 21 + 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c index 11b64ac1b..e77bd863c 100644 --- a/grub-core/loader/efi

[PATCH v3 2/5] efi/sb: Add support for the shim loader protocol

Use loader protocol for image verification where available, otherwise fall back to the old shim lock protocol. Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 58 grub-core/loader/efi/linux.c | 6 ++-- include/grub/efi/api.h | 5

[PATCH v3 5/5] loader/efi/linux: Use shim loader image handle where available

Signed-off-by: Mate Kukri --- grub-core/loader/efi/linux.c | 14 +- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c index 9cd84ab12..1829d5689 100644 --- a/grub-core/loader/efi/linux.c +++ b/grub-core/loader

Re: [PATCH v3 0/5] shim loader protocol changes

the MokPolicy variable (and NX_REQUIRE) is only exposed via EFI vars or config tables if using non-default value. - so grub in 3. has no reliable way to tell if it can ever allow the legacy loader fallback, hence why I initially removed it. On Tue, Apr 1, 2025 at 11:26 AM Mate Kukri wrote: > &g

[PATCH v3 3/5] efi/sb: Add API for retrieving shim loader image handles

Not reusing these handles will result in image measurements showing up twice in the event log. Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 16 include/grub/efi/sb.h | 4 2 files changed, 20 insertions(+) diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern

[PATCH v3 1/5] efi: Provide wrappers for load_image, start_image, unload_image

From: Julian Andres Klode These can be used to register a different implementation later, for example, when shim provides a protocol with those functions. Signed-off-by: Mate Kukri --- grub-core/kern/efi/efi.c | 57 ++ grub-core/loader/efi/chainloader.c

Re: Bug#1100470: Segfault with NTFS CVE fixes

Hi Marta, We've blanket reverted all the latest fs/ntfs changes in Debian sid on Saturday due to both some critical boot regressions caused by GRUB being stuck in an infinite loop, and to a lesser extent the os-prober segfaults. There are supposed fixes on grub-devel, but since NTFS is newly gate

[PATCH v2 2/2] efi: Use shim's loader protocol for EFI image verification and loading

-by: Mate Kukri --- grub-core/kern/efi/sb.c| 45 -- grub-core/loader/efi/chainloader.c | 21 -- grub-core/loader/efi/linux.c | 30 ++-- include/grub/efi/api.h | 5 include/grub/efi/efi.h | 19

[PATCH v2 1/2] efi: Provide wrappers for load_image, start_image, unload_image

From: Julian Andres Klode These can be used to register a different implementation later, for example, when shim provides a protocol with those functions. Signed-off-by: Mate Kukri --- grub-core/kern/efi/efi.c | 57 ++ grub-core/loader/efi/chainloader.c

[PATCH v2 0/2] Support for shim loader protocol

This is supported by the latest shim release candidate. The bit where the verifier saves the image handle and then the loaders grab it via the sideband API is a bit hacky. Julian Andres Klode (1): efi: Provide wrappers for load_image, start_image, unload_image Mate Kukri (1): efi: Use

Re: [PATCH v8 10/10] efi: Disallow fallback to legacy Linux loader when shim says NX is required.

ussion or hints that they would be dropped. > Is this intentional? > > Glenn > > On Wed, 9 Oct 2024 09:16:45 +0100 > Mate Kukri wrote: > > > Signed-off-by: Mate Kukri > > --- > > grub-core/kern/efi/sb.c | 28 > > gru

Re: [PATCH v2] loader/efi/chainloader: Add efidriver command

I think this is not really compatible with shim signing, which is how UEFI GRUB is usually used in the Linux world. Are you trying to get an MS UEFI CA signed dtbloader and use that with GRUB? The planned shim loader protocol changes will break that when used with shim, because all LoadImage calls

Re: [PATCH] acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()

We have reverted the SPCR table patches in Debian due to crashes, I guess this might have been the reason. On Wed, Oct 16, 2024 at 6:20 AM Benjamin Herrenschmidt wrote: > > The calculation of the size of the table was incorrect (copy/pasta from > grub_acpi_rsdt_find_table() I assume...). The entr

[PATCH v1 0/2] Draft: Support for shim loader protocol

Julian Andres Klode (1): efi: Provide wrappers for load_image, start_image, unload_image Mate Kukri (1): efi: Use shim's loader protocol for EFI image verification and loading grub-core/kern/efi/efi.c | 57 ++ grub-core/kern/efi/sb.c

[PATCH v1 1/2] efi: Provide wrappers for load_image, start_image, unload_image

From: Julian Andres Klode These can be used to register a different implementation later, for example, when shim provides a protocol with those functions. Signed-off-by: Mate Kukri --- grub-core/kern/efi/efi.c | 57 ++ grub-core/loader/efi/chainloader.c

[PATCH v1 2/2] efi: Use shim's loader protocol for EFI image verification and loading

-by: Mate Kukri --- grub-core/kern/efi/sb.c| 45 -- grub-core/loader/efi/chainloader.c | 21 -- grub-core/loader/efi/linux.c | 30 ++-- include/grub/efi/api.h | 5 include/grub/efi/efi.h | 19

[PATCH v8 04/10] modules: load module sections at page-aligned addresses

are applied, so the relocations factor that in with no change. Signed-off-by: Peter Jones Signed-off-by: Laszlo Ersek Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri --- grub-core/kern/dl.c | 45 + include/grub/dl.h | 9 + 2 files

[PATCH v8 06/10] nx: set page permissions for loaded modules.

, the tramp and GOT areas are marked non-writable. Signed-off-by: Peter Jones Signed-off-by: Robbie Harwood Signed-off-by: Laszlo Ersek Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri --- grub-core/kern/dl.c | 91 - 1 file changed, 90

[PATCH v8 03/10] modules: Don't allocate space for non-allocable sections.

Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko Reviewed-by: Daniel Kiper --- grub-core/kern/dl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c index 0bf40caa6..37db9fab0 100644 --- a/grub-core/kern

[PATCH v8 01/10] modules: make .module_license read-only

t to be set. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko Reviewed-by: Daniel Kiper --- include/grub/dl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/grub/dl.h b/include/grub/dl.h index

[PATCH v8 09/10] efi: Use shim's loader protocol for EFI image verification and loading

Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 39 +--- grub-core/loader/efi/linux.c | 16 --- include/grub/efi/api.h | 5 + include/grub/efi/efi.h | 19 +++--- include/grub/efi/sb.h| 3 --- 5 files

[PATCH v8 10/10] efi: Disallow fallback to legacy Linux loader when shim says NX is required.

Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 28 grub-core/loader/efi/linux.c | 12 +++- include/grub/efi/api.h | 2 ++ include/grub/efi/sb.h| 2 ++ 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/grub-core/kern

[PATCH v8 08/10] efi: Provide wrappers for load_image, start_image, unload_image

From: Julian Andres Klode These can be used to register a different implementation later, for example, when shim provides a protocol with those functions. Signed-off-by: Mate Kukri --- grub-core/kern/efi/efi.c | 57 ++ grub-core/loader/efi/chainloader.c

[PATCH v8 05/10] nx: add memory attribute get/set API

implementation. On EFI platforms, it implements the primitives using the EFI Memory Attribute Protocol (defined in UEFI 2.10 specification). Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri --- grub-core/kern/efi/mm.c | 109

[PATCH v8 00/10] UEFI NX support and NX Linux loader using shim loader protocol

egacy Linux loader when NX is required. Julian Andres Klode (1): efi: Provide wrappers for load_image, start_image, unload_image Mate Kukri (6): modules: load module sections at page-aligned addresses nx: add memory attribute get/set API nx: set page permissions for loaded modules. nx: se

[PATCH v8 07/10] nx: set the nx compatible flag in EFI GRUB images

able - the binary knows how to use the EFI Memory Attributes protocol on code it is loading. This patch - adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT - changes grub-mkimage to set that flag. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by:

[PATCH v8 02/10] modules: strip .llvm_addrsig sections and similar.

.llvm* Note that the glob there won't work without a new enough linker, but the failure is just reversion to the status quo, so that's not a big problem. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko Reviewed-b

[PATCH v7 04/10] modules: load module sections at page-aligned addresses

are applied, so the relocations factor that in with no change. Signed-off-by: Peter Jones Signed-off-by: Laszlo Ersek Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri --- grub-core/kern/dl.c | 45 + include/grub/dl.h | 9 + 2 files

[PATCH v7 03/10] modules: Don't allocate space for non-allocable sections.

Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko Reviewed-by: Daniel Kiper --- grub-core/kern/dl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c index 0bf40caa6..37db9fab0 100644 --- a/grub-core/kern

[PATCH v7 09/10] efi: Use shim's loader protocol for EFI image verification and loading

Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 39 +--- grub-core/loader/efi/linux.c | 16 --- include/grub/efi/api.h | 5 + include/grub/efi/efi.h | 19 +++--- include/grub/efi/sb.h| 3 --- 5 files

[PATCH v7 01/10] modules: make .module_license read-only

t to be set. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko Reviewed-by: Daniel Kiper --- include/grub/dl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/grub/dl.h b/include/grub/dl.h index

[PATCH v7 08/10] efi: Provide wrappers for load_image, start_image, unload_image

From: Julian Andres Klode These can be used to register a different implementation later, for example, when shim provides a protocol with those functions. Signed-off-by: Mate Kukri --- grub-core/kern/efi/efi.c | 57 ++ grub-core/loader/efi/chainloader.c

[PATCH v7 07/10] nx: set the nx compatible flag in EFI GRUB images

able - the binary knows how to use the EFI Memory Attributes protocol on code it is loading. This patch - adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT - changes grub-mkimage to set that flag. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by:

[PATCH v7 00/10] UEFI NX support and NX Linux loader using shim loader protocol

egacy Linux loader when NX is required. Julian Andres Klode (1): efi: Provide wrappers for load_image, start_image, unload_image Mate Kukri (6): modules: load module sections at page-aligned addresses nx: add memory attribute get/set API nx: set page permissions for loaded modules. nx: se

[PATCH v7 05/10] nx: add memory attribute get/set API

implementation. On EFI platforms, it implements the primitives using the EFI Memory Attribute Protocol (defined in UEFI 2.10 specification). Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri --- grub-core/kern/efi/mm.c | 110

[PATCH v7 02/10] modules: strip .llvm_addrsig sections and similar.

.llvm* Note that the glob there won't work without a new enough linker, but the failure is just reversion to the status quo, so that's not a big problem. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko Reviewed-b

[PATCH v7 10/10] efi: Disallow fallback to legacy Linux loader when shim says NX is required.

Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 28 grub-core/loader/efi/linux.c | 12 +++- include/grub/efi/api.h | 2 ++ include/grub/efi/sb.h| 2 ++ 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/grub-core/kern

[PATCH v7 06/10] nx: set page permissions for loaded modules.

, the tramp and GOT areas are marked non-writable. Signed-off-by: Peter Jones Signed-off-by: Robbie Harwood Signed-off-by: Laszlo Ersek Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri --- grub-core/kern/dl.c | 89 - 1 file changed, 88

Re: [PATCH 14/20] 10_linux.in 20_linux_xen.in: Don't say "GNU/Linux" in generated menus.

I think we can argue whether 'Linux' or 'GNU/Linux' is the valid name for this category of OSes that contain GNU components in userland, but I don't see why the boot entry cannot be just the "given name" for each OS. For instance ours is called just "Ubuntu", it's neither "Ubuntu Linux" or "Ubuntu

Re: small mkconfig patch

The main GRUB2 config is still at /boot/grub/grub.cfg on Debian and its derivatives today. Mate On Wed, Sep 25, 2024 at 10:54 PM Ross Philipson via Grub-devel wrote: > > On 9/25/24 11:45 AM, gabriel.barros wrote: > > Hi. With most every project using .conf nowadays, i happened to waste > > some

[PATCH v6 09/10] efi: Use shim's loader protocol for EFI image verification and loading

Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 39 +--- grub-core/loader/efi/linux.c | 16 --- include/grub/efi/api.h | 5 + include/grub/efi/efi.h | 19 +++--- include/grub/efi/sb.h| 3 --- 5 files

[PATCH v6 08/10] efi: Provide wrappers for load_image, start_image, unload_image

From: Julian Andres Klode These can be used to register a different implementation later, for example, when shim provides a protocol with those functions. Signed-off-by: Mate Kukri --- grub-core/kern/efi/efi.c | 57 ++ grub-core/loader/efi/chainloader.c

[PATCH v6 07/10] nx: set the nx compatible flag in EFI GRUB images

able - the binary knows how to use the EFI Memory Attributes protocol on code it is loading. This patch - adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT - changes grub-mkimage to set that flag. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by:

[PATCH v6 01/10] modules: make .module_license read-only

t to be set. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko Reviewed-by: Daniel Kiper --- include/grub/dl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/grub/dl.h b/include/grub/dl.h index

[PATCH v6 10/10] efi: Disallow fallback to legacy Linux loader when shim says NX is required.

Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 28 grub-core/loader/efi/linux.c | 12 +++- include/grub/efi/api.h | 2 ++ include/grub/efi/sb.h| 2 ++ 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/grub-core/kern

[PATCH v6 00/10] UEFI NX support and NX Linux loader using shim loader protocol

egacy Linux loader when NX is required. Julian Andres Klode (1): efi: Provide wrappers for load_image, start_image, unload_image Mate Kukri (6): modules: load module sections at page-aligned addresses nx: add memory attribute get/set API nx: set page permissions for loaded modules. nx: se

[PATCH v6 05/10] nx: add memory attribute get/set API

implementation that returns GRUB_ERR_NONE. On EFI platforms, it implements the primitives using the EFI Memory Attribute Protocol (defined in UEFI 2.10 specification). Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri --- grub-core/kern/efi/mm.c | 114

[PATCH v6 03/10] modules: Don't allocate space for non-allocable sections.

Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko Reviewed-by: Daniel Kiper --- grub-core/kern/dl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c index 0bf40caa6..37db9fab0 100644 --- a/grub-core/kern

[PATCH v6 06/10] nx: set page permissions for loaded modules.

SHF_WRITE set, and clears the No eXecute flag on sections with SHF_EXECINSTR set. In all other cases it sets both flags. Signed-off-by: Peter Jones Signed-off-by: Robbie Harwood Signed-off-by: Laszlo Ersek Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri --- grub-core/kern/dl.c | 85

[PATCH v6 02/10] modules: strip .llvm_addrsig sections and similar.

.llvm* Note that the glob there won't work without a new enough linker, but the failure is just reversion to the status quo, so that's not a big problem. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko Reviewed-b

[PATCH v6 04/10] modules: load module sections at page-aligned addresses

applied, so the relocations factor that in with no change. Signed-off-by: Peter Jones Signed-off-by: Laszlo Ersek Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri --- grub-core/kern/dl.c | 52 +++-- include/grub/dl.h | 9 2 files

[PATCH v5 02/10] modules: strip .llvm_addrsig sections and similar.

.llvm* Note that the glob there won't work without a new enough linker, but the failure is just reversion to the status quo, so that's not a big problem. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko Reviewed-b

[PATCH v5 07/10] nx: set the nx compatible flag in EFI GRUB images

able - the binary knows how to use the EFI Memory Attributes protocol on code it is loading. This patch - adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT - changes grub-mkimage to set that flag. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by:

[PATCH v5 06/10] nx: set page permissions for loaded modules.

SHF_WRITE set, and clears the No eXecute flag on sections with SHF_EXECINSTR set. In all other cases it sets both flags. Signed-off-by: Peter Jones Signed-off-by: Robbie Harwood Signed-off-by: Laszlo Ersek Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri --- grub-core/kern/dl.c | 104

[PATCH] efi/chainloader: Do not print device path of chainloaded file

Users have no reason to see this, and it can break graphical boot. Signed-off-by: Mate Kukri --- grub-core/loader/efi/chainloader.c | 4 1 file changed, 4 deletions(-) diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c index eb833b678..11b64ac1b 100644

[PATCH v5 05/10] nx: add memory attribute get/set API

implementation that returns GRUB_ERR_NONE. On EFI platforms, it implements the primitives using the EFI Memory Attribute Protocol (defined in UEFI 2.10 specification). Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri --- grub-core/kern/efi/mm.c | 127

[PATCH v5 00/10] UEFI NX support and NX Linux loader using shim loader protocol

egacy Linux loader when NX is required. Julian Andres Klode (1): efi: Provide wrappers for load_image, start_image, unload_image Mate Kukri (6): modules: load module sections at page-aligned addresses nx: add memory attribute get/set API nx: set page permissions for loaded modules. nx: se

[PATCH v5 08/10] efi: Provide wrappers for load_image, start_image, unload_image

From: Julian Andres Klode These can be used to register a different implementation later, for example, when shim provides a protocol with those functions. Signed-off-by: Mate Kukri --- grub-core/kern/efi/efi.c | 57 ++ grub-core/loader/efi/chainloader.c

[PATCH v5 01/10] modules: make .module_license read-only

t to be set. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko Reviewed-by: Daniel Kiper --- include/grub/dl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/grub/dl.h b/include/grub/dl.h index

[PATCH v5 03/10] modules: Don't allocate space for non-allocable sections.

Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko Reviewed-by: Daniel Kiper --- grub-core/kern/dl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c index 0bf40caa6..37db9fab0 100644 --- a/grub-core/kern

[PATCH v5 10/10] efi: Disallow fallback to legacy Linux loader when shim says NX is required.

Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 28 grub-core/loader/efi/linux.c | 12 +++- include/grub/efi/api.h | 2 ++ include/grub/efi/sb.h| 2 ++ 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/grub-core/kern

[PATCH v5 04/10] modules: load module sections at page-aligned addresses

applied, so the relocations factor that in with no change. Signed-off-by: Peter Jones Signed-off-by: Laszlo Ersek Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri --- docs/grub-dev.texi | 6 ++--- grub-core/kern/arm/dl.c | 14 ++ grub-core/kern/arm64/dl.c | 14

[PATCH v5 09/10] efi: Use shim's loader protocol for EFI image verification and loading

Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 39 +--- grub-core/loader/efi/linux.c | 16 --- include/grub/efi/api.h | 5 + include/grub/efi/efi.h | 19 +++--- include/grub/efi/sb.h| 3 --- 5 files

Re: [PATCH] efi/chainloader: Do not print device path of chainloaded file

n the config (which admittedly isn't exactly the same thing as an UEFI device path). On Mon, Aug 12, 2024 at 11:54 PM Heinrich Schuchardt wrote: > > On 8/2/24 12:52, Mate Kukri wrote: > > Users have no reason to see this without explicitly asking for it, and > > it can bre

[PATCH] efi/chainloader: Do not print device path of chainloaded file

Users have no reason to see this without explictily asking for it, and it can break graphical boot. Signed-off-by: Mate Kukri --- grub-core/loader/efi/chainloader.c | 4 1 file changed, 4 deletions(-) diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c

Re: [REGRESSION] Re: [PATCH v4 5/5] efi: Use generic EFI loader for x86_64 and i386

This is likely an issue stemming from a bad interaction between the firmware's PE loader and the kernel's efi stub. The reason peimage can appear to fix this as it bypasses the firmware's PE loader for secure boot reasons. Hiding bugs in said PE loader is a coincidental side benefit and not an in

[PATCH v4 10/10] efi: Disallow fallback to legacy Linux loader when shim says NX is required.

Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 28 grub-core/loader/efi/linux.c | 12 +++- include/grub/efi/api.h | 2 ++ include/grub/efi/sb.h| 2 ++ 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/grub-core/kern

[PATCH v4 08/10] efi: Provide wrappers for load_image, start_image, unload_image

From: Julian Andres Klode These can be used to register a different implementation later, for example, when shim provides a protocol with those functions. Signed-off-by: Mate Kukri --- grub-core/kern/efi/efi.c | 57 ++ grub-core/loader/efi/chainloader.c

[PATCH v4 05/10] nx: add memory attribute get/set API

implementation that returns GRUB_ERR_NONE. On EFI platforms, it implements the primitives using the EFI Memory Attribute Protocol (defined in UEFI 2.10 specification). Original-Author: Peter Jones Signed-off-by: Mate Kukri --- grub-core/kern/efi/mm.c | 127 include

[PATCH v4 03/10] modules: Don't allocate space for non-allocable sections.

Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko --- grub-core/kern/dl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c index 0bf40caa6..37db9fab0 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern

[PATCH v4 09/10] efi: Use shim's loader protocol for EFI image verification and loading

Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 39 +--- grub-core/loader/efi/linux.c | 16 --- include/grub/efi/api.h | 5 + include/grub/efi/efi.h | 19 +++--- include/grub/efi/sb.h| 3 --- 5 files

[PATCH v4 01/10] modules: make .module_license read-only

t to be set. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko --- include/grub/dl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/grub/dl.h b/include/grub/dl.h index cd1f46c8b..750fc8d3d 10064

[PATCH v4 06/10] nx: set page permissions for loaded modules.

SHF_WRITE set, and clears the No eXecute flag on sections with SHF_EXECINSTR set. In all other cases it sets both flags. Original-Author: Peter Jones Original-Author: Robbie Harwood Original-Author: Laszlo Ersek Signed-off-by: Mate Kukri --- grub-core/kern/dl.c | 104

[PATCH v4 00/10] UEFI NX support and NX Linux loader using shim loader protocol

rs on future hardware). Julian Andres Klode (1): efi: Provide wrappers for load_image, start_image, unload_image Mate Kukri (6): modules: load module sections at page-aligned addresses nx: add memory attribute get/set API nx: set page permissions for loaded modules. nx: set the nx compa

[PATCH v4 02/10] modules: strip .llvm_addrsig sections and similar.

.llvm* Note that the glob there won't work without a new enough linker, but the failure is just reversion to the status quo, so that's not a big problem. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko --- grub-co

[PATCH v4 04/10] modules: load module sections at page-aligned addresses

applied, so the relocations factor that in with no change. Original-Author: Peter Jones Original-Author: Laszlo Ersek Signed-off-by: Mate Kukri --- docs/grub-dev.texi | 6 ++--- grub-core/kern/arm/dl.c | 13 + grub-core/kern/arm64/dl.c | 13 + grub-core/kern/dl.c

[PATCH v4 07/10] nx: set the nx compatible flag in EFI grub images

able - the binary knows how to use the EFI Memory Attributes protocol on code it is loading. This patch - adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT - changes grub-mkimage to set that flag. Original-Author: Peter Jones Signed-off-by: Mate Kukri --- include/grub/

[PATCH 3/3] kern/efi/mm: Detect calls to grub_efi_drop_alloc() with wrong page counts

ad to double frees. Signed-off-by: Mate Kukri --- grub-core/kern/efi/mm.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c index 661319194..d45d0e2ac 100644 --- a/grub-core/kern/efi/mm.c +++ b/grub-core/kern/efi/mm.c @@

[PATCH 2/3] kern/efi/mm: Change grub_efi_allocate_pages_real() to call semantically correct free function

s obviously unnecessary here. Signed-off-by: Mate Kukri --- grub-core/kern/efi/mm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c index 4fec188ae..661319194 100644 --- a/grub-core/kern/efi/mm.c +++ b/grub-core/ke

[PATCH 1/3] kern/efi/mm: Change grub_efi_mm_add_regions() to keep track of map allocation size

emory map, and results in the heap getting trashed and the firmware ASSERTING on corrupted heap guard values when GRUB exits. Signed-off-by: Mate Kukri --- grub-core/kern/efi/mm.c | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/grub-core/kern/efi/mm.c b/grub-core

[PATCH v3 04/10] modules: load module sections at page-aligned addresses

applied, so the relocations factor that in with no change. Original-Author: Peter Jones Original-Author: Laszlo Ersek Signed-off-by: Mate Kukri --- docs/grub-dev.texi | 6 ++--- grub-core/kern/arm/dl.c | 13 + grub-core/kern/arm64/dl.c | 13 + grub-core/kern/dl.c

[PATCH v3 06/10] nx: set page permissions for loaded modules.

SHF_WRITE set, and clears the No eXecute flag on sections with SHF_EXECINSTR set. In all other cases it sets both flags. Original-Author: Peter Jones Original-Author: Robbie Harwood Original-Author: Laszlo Ersek Signed-off-by: Mate Kukri --- grub-core/kern/dl.c | 104

[PATCH v3 07/10] nx: set the nx compatible flag in EFI grub images

able - the binary knows how to use the EFI Memory Attributes protocol on code it is loading. This patch - adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT - changes grub-mkimage to set that flag. Original-Author: Peter Jones Signed-off-by: Mate Kukri --- include/grub/

[PATCH v3 02/10] modules: strip .llvm_addrsig sections and similar.

.llvm* Note that the glob there won't work without a new enough linker, but the failure is just reversion to the status quo, so that's not a big problem. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko --- grub-co

[PATCH v3 10/10] efi: Disallow fallback to legacy Linux loader when shim says NX is required.

Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 27 +++ grub-core/loader/efi/linux.c | 12 +++- include/grub/efi/api.h | 2 ++ include/grub/efi/sb.h| 2 ++ 4 files changed, 38 insertions(+), 5 deletions(-) diff --git a/grub-core/kern

[PATCH v3 09/10] efi: Use shim's loader protocol for EFI image verification and loading

Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 39 +--- grub-core/loader/efi/linux.c | 16 --- include/grub/efi/api.h | 5 + include/grub/efi/efi.h | 19 +++--- include/grub/efi/sb.h| 3 --- 5 files

[PATCH v3 08/10] efi: Provide wrappers for load_image, start_image, unload_image

From: Julian Andres Klode These can be used to register a different implementation later, for example, when shim provides a protocol with those functions. Signed-off-by: Mate Kukri --- grub-core/kern/efi/efi.c | 57 ++ grub-core/loader/efi/chainloader.c

[PATCH v3 05/10] nx: add memory attribute get/set API

implementation that returns GRUB_ERR_NONE. On EFI platforms, it implements the primitives using the EFI Memory Attribute Protocol (defined in UEFI 2.10 specification). Original-Author: Peter Jones Signed-off-by: Mate Kukri --- grub-core/kern/efi/mm.c | 127 include

[PATCH v3 03/10] modules: Don't allocate space for non-allocable sections.

Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko --- grub-core/kern/dl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c index 0bf40caa6..37db9fab0 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern

[PATCH v3 01/10] modules: make .module_license read-only

t to be set. Signed-off-by: Peter Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko --- include/grub/dl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/grub/dl.h b/include/grub/dl.h index cd1f46c8b..750fc8d3d 10064

[PATCH v3 00/10] UEFI NX support and NX Linux loader using shim loader protocol

rs on future hardware). Julian Andres Klode (1): efi: Provide wrappers for load_image, start_image, unload_image Mate Kukri (6): modules: load module sections at page-aligned addresses nx: add memory attribute get/set API nx: set page permissions for loaded modules. nx: set the nx compa

[PATCH v2 04/10] modules: load module sections at page-aligned addresses

applied, so the relocations factor that in with no change. Original-Author: Peter Jones Original-Author: Laszlo Ersek Signed-off-by: Mate Kukri --- docs/grub-dev.texi | 6 ++--- grub-core/kern/arm/dl.c | 13 + grub-core/kern/arm64/dl.c | 13 + grub-core/kern/dl.c

[PATCH v2 03/10] modules: Don't allocate space for non-allocable sections.

Jones Signed-off-by: Jan Setje-Eilers Signed-off-by: Mate Kukri Reviewed-By: Vladimir Serbinenko --- grub-core/kern/dl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c index 0bf40caa6..37db9fab0 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern

[PATCH v2 05/10] nx: add memory attribute get/set API

implementation that returns GRUB_ERR_NONE. On EFI platforms, it implements the primitives using the EFI Memory Attribute Protocol (defined in UEFI 2.10 specification). Original-Author: Peter Jones Signed-off-by: Mate Kukri --- grub-core/kern/efi/mm.c | 127 include

[PATCH v2 10/10] efi: Disallow fallback to legacy Linux loader when shim says NX is required.

Signed-off-by: Mate Kukri --- grub-core/loader/efi/linux.c | 41 +++- 1 file changed, 36 insertions(+), 5 deletions(-) diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c index 99365536a..e44692c92 100644 --- a/grub-core/loader/efi/linux.c

  1   2   >