Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 28
grub-core/loader/efi/linux.c | 12 +++-
include/grub/efi/api.h | 2 ++
include/grub/efi/sb.h| 2 ++
4 files changed, 39 insertions(+), 5 deletions(-)
diff --git a/grub-core/kern/
This consists of:
- Derivative of Fedora NX patches to make GRUB itself work under NX.
- Julian Andres Klode's loader framework patch (used in Debian and Ubuntu for
the downstream loader).
- Shim loader protocol integration using the above loader framework.
- Check to disallow using the legacy Lin
For NX, we need the GRUB binary to announce that it is compatible with
the NX feature. This implies that when loading the executable GRUB
image, several attributes are true:
- the binary doesn't need an executable stack
- the binary doesn't need sections to be both executable and writable
- the b
From: Peter Jones
Currently grub modules built with clang or gcc have several sections
which we don't actually need or support.
We already have a list of section to skip in genmod.sh, and this patch
adds the following sections to that list (as well as a few newlines):
.note.gnu.property
.llvm*
For NX, we need to set the page access permission attributes for write
and execute permissions.
This patch adds two new primitives, grub_set_mem_attrs() and
grub_clear_mem_attrs(), and associated constant definitions, to be used
for that purpose.
For most platforms, it adds a dummy implementation
From: Julian Andres Klode
These can be used to register a different implementation later,
for example, when shim provides a protocol with those functions.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/efi.c | 57 ++
grub-core/loader/efi/chainloader.c |
On Thu, Oct 03, 2024 at 09:05:46AM -0500, Andrew Hamilton wrote:
> Any feedback on this? If needed and can make a new version against current
> main
> branch.
Yes, please...
Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/m
From: Peter Jones
Currently .module_license is set writable (that is, the section has the
SHF_WRITE flag set) in the module's ELF headers. This probably never
actually matters, but it can't possibly be correct.
This patch sets that data as "const", which causes that flag not to be
set.
Signed-
For NX, we need to set write and executable permissions on the sections
of GRUB modules when we load them.
All allocatable sections are marked readable. In addition,
- SHF_WRITE sections are marked as writable,
- and SHF_EXECINSTR sections are marked as executable.
Where relevant for the plaform,
From: Peter Jones
Currently when loading grub modules, we allocate space for all sections,
including those without SHF_ALLOC set. We then copy the sections that
/do/ have SHF_ALLOC set into the allocated memory, leaving some of our
allocation untouched forever. Additionally, on platforms with G
Currently we load module sections at whatever alignment gcc+ld happened
to dump into the ELF section header, which is often less then the page
size. Since NX protections are page based, this alignment must be
rounded up to page size on platforms supporting NX protections.
This patch switches EFI p
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 39 +---
grub-core/loader/efi/linux.c | 16 ---
include/grub/efi/api.h | 5 +
include/grub/efi/efi.h | 19 +++---
include/grub/efi/sb.h| 3 ---
5 files ch
12 matches
Mail list logo
