Re: [PATCH v19 09/33] asn1_test: include asn1_test.h only

On Fri, Sep 06, 2024 at 05:11:01PM +0800, Gary Lin via Grub-devel wrote: > This commit removes all the headers and only uses asn1_test.h. > To avoid including int.h from grub-core/lib/libtasn1-grub/lib/, > CONST_DOWN is defined in reproducers.c. > > Signed-off-by: Daniel Axtens > Signed-off-by: Ga

Re: [PATCH v19 10/33] asn1_test: rename the main functions to the test names

On Fri, Sep 06, 2024 at 05:11:02PM +0800, Gary Lin via Grub-devel wrote: > This commit changes the main functions in the testcases to the test > names so that the real 'main' test function can invokes them. > > Signed-off-by: Daniel Axtens > Signed-off-by: Gary Lin Reviewed-by: Daniel Kiper Da

[PATCH v7 10/10] efi: Disallow fallback to legacy Linux loader when shim says NX is required.

Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 28 grub-core/loader/efi/linux.c | 12 +++- include/grub/efi/api.h | 2 ++ include/grub/efi/sb.h| 2 ++ 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/grub-core/kern/

[PATCH v7 06/10] nx: set page permissions for loaded modules.

For NX, we need to set write and executable permissions on the sections of GRUB modules when we load them. All allocatable sections are marked readable. In addition, - SHF_WRITE sections are marked as writable, - and SHF_EXECINSTR sections are marked as executable. Where relevant for the plaform,

[PATCH v7 05/10] nx: add memory attribute get/set API

For NX, we need to set the page access permission attributes for write and execute permissions. This patch adds two new primitives, grub_set_mem_attrs() and grub_clear_mem_attrs(), and associated constant definitions, to be used for that purpose. For most platforms, it adds a dummy implementation

[PATCH v7 02/10] modules: strip .llvm_addrsig sections and similar.

From: Peter Jones Currently grub modules built with clang or gcc have several sections which we don't actually need or support. We already have a list of section to skip in genmod.sh, and this patch adds the following sections to that list (as well as a few newlines): .note.gnu.property .llvm*

[PATCH v7 04/10] modules: load module sections at page-aligned addresses

Currently we load module sections at whatever alignment gcc+ld happened to dump into the ELF section header, which is often less then the page size. Since NX protections are page based, this alignment must be rounded up to page size on platforms supporting NX protections. This patch switches EFI p

[PATCH v7 03/10] modules: Don't allocate space for non-allocable sections.

From: Peter Jones Currently when loading grub modules, we allocate space for all sections, including those without SHF_ALLOC set. We then copy the sections that /do/ have SHF_ALLOC set into the allocated memory, leaving some of our allocation untouched forever. Additionally, on platforms with G

[PATCH v7 07/10] nx: set the nx compatible flag in EFI GRUB images

For NX, we need the GRUB binary to announce that it is compatible with the NX feature. This implies that when loading the executable GRUB image, several attributes are true: - the binary doesn't need an executable stack - the binary doesn't need sections to be both executable and writable - the b

[PATCH v7 00/10] UEFI NX support and NX Linux loader using shim loader protocol

This consists of: - Derivative of Fedora NX patches to make GRUB itself work under NX. - Julian Andres Klode's loader framework patch (used in Debian and Ubuntu for the downstream loader). - Shim loader protocol integration using the above loader framework. - Check to disallow using the legacy Lin

[PATCH v7 08/10] efi: Provide wrappers for load_image, start_image, unload_image

From: Julian Andres Klode These can be used to register a different implementation later, for example, when shim provides a protocol with those functions. Signed-off-by: Mate Kukri --- grub-core/kern/efi/efi.c | 57 ++ grub-core/loader/efi/chainloader.c |

[PATCH v7 01/10] modules: make .module_license read-only

From: Peter Jones Currently .module_license is set writable (that is, the section has the SHF_WRITE flag set) in the module's ELF headers. This probably never actually matters, but it can't possibly be correct. This patch sets that data as "const", which causes that flag not to be set. Signed-

[PATCH v7 09/10] efi: Use shim's loader protocol for EFI image verification and loading

Signed-off-by: Mate Kukri --- grub-core/kern/efi/sb.c | 39 +--- grub-core/loader/efi/linux.c | 16 --- include/grub/efi/api.h | 5 + include/grub/efi/efi.h | 19 +++--- include/grub/efi/sb.h| 3 --- 5 files ch

Re: [PATCH v19 11/33] asn1_test: remove 'verbose' and the unnecessary printf()

On Fri, Sep 06, 2024 at 05:11:03PM +0800, Gary Lin via Grub-devel wrote: > This commit removes the 'verbose' variables and the unnecessary printf() > to simplify the output. > > Signed-off-by: Daniel Axtens > Signed-off-by: Gary Lin Reviewed-by: Daniel Kiper Daniel ___

Re: [PATCH v19 12/33] asn1_test: print the error messages with grub_printf()

On Fri, Sep 06, 2024 at 05:11:04PM +0800, Gary Lin via Grub-devel wrote: > This commit replaces printf() and fprintf() with grub_printf() to print > the error messages for the testcases. Besides, asn1_strerror() is used > to convert the result code to strings instead of asn1_perror(). > > Signed-of

Re: [PATCH v19 13/33] asn1_test: return either 0 or 1 to reflect the results

On Fri, Sep 06, 2024 at 05:11:05PM +0800, Gary Lin via Grub-devel wrote: > Some testcases use exit() to end the test. Since all the asn1 testcases > are invoked as functions, this commit replaces exit() with return to > reflect the test results, so that the main test function can check the > result

Re: [PATCH v19 14/33] asn1_test: use the grub-specific functions and types

On Fri, Sep 06, 2024 at 05:11:06PM +0800, Gary Lin via Grub-devel wrote: > This commit converts functions and types to the grub-specific ones: > > LONG_MAX -> GRUB_LONG_MAX > INT_MAX -> GRUB_INT_MAX > UINT_MAX -> GRUB_UINT_MAX > size_t -> grub_size_t > memcmp() -> grub_memcmp() > memcpy() -> grub_m