[ANNOUNCEMENT] Linux Plumbers Conference - Systems Boot and Security Microconference

Hi all, I have great pleasure of informing you that the call for proposals is open for Systems Boot and Security Microconference [1] which is a part of Linux Plumbers Conference [2]. The conference will be held in Vienna, Austria between 18th and 20th of September. If you want to discuss with us

Re: [PATCH v4 01/10] modules: make .module_license read-only

On Wed, Jun 12, 2024 at 04:57:04PM +0100, Mate Kukri wrote: > From: Peter Jones > > Currently .module_license is set writable (that is, the section has the > SHF_WRITE flag set) in the module's ELF headers. This probably never > actually matters, but it can't possibly be correct. > > This patch s

Re: [PATCH v4 02/10] modules: strip .llvm_addrsig sections and similar.

On Wed, Jun 12, 2024 at 04:57:05PM +0100, Mate Kukri wrote: > From: Peter Jones > > Currently grub modules built with clang or gcc have several sections > which we don't actually need or support. > > We already have a list of section to skip in genmod.sh, and this patch > adds the following sectio

Re: [PATCH v4 03/10] modules: Don't allocate space for non-allocable sections.

On Wed, Jun 12, 2024 at 04:57:06PM +0100, Mate Kukri wrote: > From: Peter Jones > > Currently when loading grub modules, we allocate space for all sections, > including those without SHF_ALLOC set. We then copy the sections that > /do/ have SHF_ALLOC set into the allocated memory, leaving some of

Re: [PATCH v4 04/10] modules: load module sections at page-aligned addresses

On Wed, Jun 12, 2024 at 04:57:07PM +0100, Mate Kukri wrote: > Currently we load module sections at whatever alignment gcc+ld happened > to dump into the ELF section header, which is often less then the page > size. Since NX protections are page based, this alignment must be > rounded up to page siz

Re: [PATCH v4 05/10] nx: add memory attribute get/set API

On Wed, Jun 12, 2024 at 04:57:08PM +0100, Mate Kukri wrote: > For NX, we need to set the page access permission attributes for write > and execute permissions. > > This patch adds two new primitives, grub_set_mem_attrs() and > grub_clear_mem_attrs(), and associated constant definitions, to be used

Re: [PATCH v9 00/22] Automatic Disk Unlock with TPM2

On Thu, Mar 07, 2024 at 04:59:05PM +0800, Gary Lin via Grub-devel wrote: > On Thu, Feb 08, 2024 at 08:58:43PM +0100, Daniel Kiper wrote: > > Hey, > > > --8<-- > > > > And I have attached the Coverity report. All issues reported there have > > to be fixed. If you cannot fix an issue you have to expl

Re: [PATCH v3 2/6] ieee1275/powerpc: enables device mapper discovery

On Thu, Jun 20, 2024 at 03:14:59PM GMT, avnish wrote: > Hi Vladimir, > > We have implemented this code to enable the ieee1275 hint for grub. We had > scenarios (in SLES) like the disk had PReP partition followed by an LVM and, > inside this LVM , the boot partition. So, we implemented this code to

Re: [PATCH v9 00/22] Automatic Disk Unlock with TPM2

On Mon, Jun 24, 2024 at 07:28:14PM +0200, Daniel Kiper wrote: > On Thu, Mar 07, 2024 at 04:59:05PM +0800, Gary Lin via Grub-devel wrote: > > On Thu, Feb 08, 2024 at 08:58:43PM +0100, Daniel Kiper wrote: > > > Hey, > > > > > --8<-- > > > > > > And I have attached the Coverity report. All issues repo