From: Daniel Axtens
- Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
SIZEOF_UNSIGNED_LONG.
- Define WORD_BIT, the size in bits of an int. This is a defined
in the Single Unix Specification and in gnulib's limits.h. gnulib
assumes it's 32 bits on all our platforms, including 64 bit
From: Daniel Axtens
Do a few things to make libtasn1 compile as part of grub:
- redefine _asn1_strcat. grub removed strcat so replace it with the
appropriate calls to memcpy and strlen. Use this internally where
strcat was used.
- replace c_isdigit with grub_isdigit (and don't import c-
Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
Also add the patches to make libtasn1 compatible with grub code.
Signed-off-by: Gary Lin
---
docs/grub-dev.texi| 27 ++
...asn1-disable-code-not-needed-in-grub.patch | 311 ++
...tasn1
From: Daniel Axtens
Create a wrapper file that specifies the module license.
Set up the makefile so it is built.
Signed-off-by: Daniel Axtens
Signed-off-by: Gary Lin
---
grub-core/Makefile.core.def| 15 +++
grub-core/lib/libtasn1_wrap/wrap.c | 26 ++
From: Hernan Gatta
The TPM2 key protector is a module that enables the automatic retrieval
of a fully-encrypted disk's unlocking key from a TPM 2.0.
The theory of operation is such that the module accepts various
arguments, most of which are optional and therefore possess reasonable
defaults. On
From: Hernan Gatta
Add a new parameter to cryptomount to support the key protectors framework: -P.
The parameter is used to automatically retrieve a key from specified key
protectors. The parameter may be repeated to specify any number of key
protectors. These are tried in order until one provide
From: Hernan Gatta
To utilize the key protectors framework, there must be a way to protect
full-disk encryption keys in the first place. The grub-protect tool
includes support for the TPM2 key protector but other protectors that
require setup ahead of time can be supported in the future.
For the
From: Daniel Axtens
We don't expect to be able to write ASN.1, only read it,
so we can disable some code.
Do that with #if 0/#endif, rather than deletion. This means
that the difference between upstream and grub is smaller,
which should make updating libtasn1 easier in the future.
With these ex
From: Hernan Gatta
A key protector encapsulates functionality to retrieve an unlocking key
for a fully-encrypted disk from a specific source. A key protector
module registers itself with the key protectors framework when it is
loaded and unregisters when unloaded. Additionally, a key protector ma
GIT repo for v4: https://github.com/lcp/grub2/tree/tpm2-unlock-v4
This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
Hernan Gatta to introduce the key protector framework and TPM2 stack
to GRUB2, and this could be a useful feature for the systems to
implement full disk encrypt
This set of patches adds checks to ensure the node
size is valid before accessing it. In addition, error
messages are marked for translation.
Lidong Chen (4):
fs/hfsplus: Validate btree node size
fs/hfsplus: Prevent out of bound access in catalog file
fs/hfsplus: Set grub errno to prevent NU
When an invalid node size is detected in grub_hfsplus_mount(), data pinter
is freed. Thus, file->data is not set. The code should also set the
grub error when that happens to indicate an error and to avoid accessing
the unintialized file->data in grub_file_close().
Signed-off-by: Lidong Chen
---
Signed-off-by: Lidong Chen
---
grub-core/fs/hfsplus.c | 30 +++---
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
index cf13e8a63..f91af1477 100644
--- a/grub-core/fs/hfsplus.c
+++ b/grub-core/fs/hfsplus.c
@@
The invalid btree node size can cause crashes when parsing
the btree. The fix is to ensure the btree node size is within
the valid range defined in the HFS Plus techical note, TN1150.
https://developer.apple.com/library/archive/technotes/tn/tn1150.html
Signed-off-by: Lidong Chen
---
grub-core/f
A corrupted hfsplus can have a catalog key that is out of range.
This can lead to out of bound access when advancing the pointer to
access catalog file info.
Signed-off-by: Lidong Chen
---
grub-core/fs/hfsplus.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/grub-core/fs/hfsplus
Is there any reason to translate those strings? They refer to deep
HFS+ structures and problems and to common people they are meaningless
even in their language. And someone in IT is likely to understand
those concepts in English. I wouldn't know a word for "extent" in my
native language. And those
On Thu, Apr 20, 2023 at 8:00 PM Lidong Chen wrote:
>
> When an invalid node size is detected in grub_hfsplus_mount(), data pinter
> is freed. Thus, file->data is not set. The code should also set the
> grub error when that happens to indicate an error and to avoid accessing
> the unintialized file
LGTM
On Thu, Apr 20, 2023 at 8:00 PM Lidong Chen wrote:
>
> The invalid btree node size can cause crashes when parsing
> the btree. The fix is to ensure the btree node size is within
> the valid range defined in the HFS Plus techical note, TN1150.
>
> https://developer.apple.com/library/archive/t
On Thu, Apr 20, 2023 at 8:00 PM Lidong Chen wrote:
>
> A corrupted hfsplus can have a catalog key that is out of range.
> This can lead to out of bound access when advancing the pointer to
> access catalog file info.
Can you explain where 6 and 516 come from?
>
> Signed-off-by: Lidong Chen
> ---
19 matches
Mail list logo
