Re: [PATCH v3 2/6] ieee1275/powerpc: enables device mapper discovery

On 2024-06-25 10:01, Michael Chang wrote: On Thu, Jun 20, 2024 at 03:14:59PM GMT, avnish wrote: Hi Vladimir, We have implemented this code to enable the ieee1275 hint for grub. We had scenarios (in SLES) like the disk had PReP partition followed by an LVM and, inside this LVM , the boot parti

Re: [PATCH v9 00/22] Automatic Disk Unlock with TPM2

On Tue, Jun 25, 2024 at 02:42:31PM +0800, Gary Lin wrote: > On Mon, Jun 24, 2024 at 07:28:14PM +0200, Daniel Kiper wrote: > > On Thu, Mar 07, 2024 at 04:59:05PM +0800, Gary Lin via Grub-devel wrote: > > > On Thu, Feb 08, 2024 at 08:58:43PM +0100, Daniel Kiper wrote: > > > > Hey, > > > > > > > --8<-

Re: [PATCH v4 06/10] nx: set page permissions for loaded modules.

On Wed, Jun 12, 2024 at 04:57:09PM +0100, Mate Kukri wrote: > For NX, we need to set write and executable permissions on the sections > of grub modules when we load them. > > On sections with SHF_ALLOC set, which is typically everything except > .modname and the symbol and string tables, this patch

Re: [PATCH v4 07/10] nx: set the nx compatible flag in EFI grub images

On Wed, Jun 12, 2024 at 04:57:10PM +0100, Mate Kukri wrote: > For NX, we need the grub binary to announce that it is compatible with s/grub/GRUB/ > the NX feature. This implies that when loading the executable grub Ditto. May I ask you to use correct project name? > image, several attributes a

Re: [PATCH v4 00/10] UEFI NX support and NX Linux loader using shim loader protocol

On Wed, Jun 12, 2024 at 04:57:03PM +0100, Mate Kukri wrote: > Currently the patchset consists of: > - Reworked Fedora NX patches to make GRUB itself work under NX. > - Julian Andres Klode's loader framework patch (used in Debian and Ubuntu for > the downstream loader). > - Implemented shim loader p

[PATCH v2 1/2] mkimage: create new ELF Note for SBAT

In order to store the SBAT data, we create a new ELF note. The string "Secure-Boot-Advanced-Targeting", zero-padded to 4 byte alignment, shall be entered in the name field. The string "sbat"'s ASCII values, 0x41536967, should be entered in the type field. Signed-off-by: Sudhakar Kuppusamy Co-au

[PATCH v2 0/2] Secure Boot Advanced Targeting (SBAT) support on powerpc

In powerpc, PE format Binary are not supported and can't use shim (https://github.com/rhboot/shim/blob/main/SBAT.md). However, ELF binary are supported. So, we created new ELF note for SBAT in ELF binary which store the SBAT data and SBAT verifier will be there in firmware to read SBAT data from

[PATCH v2 2/2] mkimage: adding sbat metadata into sbat ELF Note on powerpc

The SBAT metadata, which is read from .csv file and transformed into an ELF note, is made into an image using the -s option. Signed-off-by: Sudhakar Kuppusamy Co-authored-by: Daniel Axtens --- util/mkimage.c | 12 ++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/util