On Thu, Sep 19, 2024 at 05:31:59PM +0100, Mate Kukri wrote:
> For NX, we need to set the page access permission attributes for write
> and execute permissions.
>
> This patch adds two new primitives, grub_set_mem_attrs() and
> grub_clear_mem_attrs(), and associated constant definitions, to be used
On Wed, 11 Sep 2024 12:34:18 +0300
Vladimir Serbinenko wrote:
> Signed-off-by: Vladimir Serbinenko
> ---
> autogen.sh| 5 +
> conf/Makefile.common | 4 +-
> grub-core/Makefile.core.def | 36 ++-
> grub-core/comm
On Thu, Sep 19, 2024 at 05:31:58PM +0100, Mate Kukri wrote:
> Currently we load module sections at whatever alignment gcc+ld happened
> to dump into the ELF section header, which is often less then the page
> size. Since NX protections are page based, this alignment must be
> rounded up to page siz
Oops, I meant grub-mkrescue, not grub-mkimage, in this mail.
On Fri, 27 Sep 2024 20:10:30 +0400 Askar Safin wrote ---
> So, what about my patch? I will repeat: my patch doesn't remove any existing
> use cases and adds new use cases. It enables distros to implement secure
> boot in g
Hi,
Glenn Washburn wrote:
> [...] grub-shell-luks-tester cleans up after
> itself, if it returns success. grub_cmd_cryptomount has a test that
> expects failure. But grub-shell-luks-tester doesn't know that this is
> an expected failure and should cleanup and grub_cmd_cryptomount doesn't
> ever cl
So, what about my patch? I will repeat: my patch doesn't remove any existing
use cases and adds new use cases. It enables distros to implement secure boot
in grub-mkimage. As I already told with examples in my first letter, Linux
distros already converged to "EFI", not "efi". Current solution by
On Thu, Sep 19, 2024 at 05:32:00PM +0100, Mate Kukri wrote:
> For NX, we need to set write and executable permissions on the sections
> of grub modules when we load them.
>
> On sections with SHF_ALLOC set, which is typically everything except
> .modname and the symbol and string tables, this patch
