Reviewed-By: Vladimir Serbinenko phco...@gmail.com
Le mer. 16 oct. 2024, 08:22, Benjamin Herrenschmidt <
b...@kernel.crashing.org> a écrit :
> The calculation of the size of the table was incorrect (copy/pasta from
> grub_acpi_rsdt_find_table() I assume...). The entries are 64-bit long.
>
> This
On Fri, Sep 13, 2024 at 04:57:58PM +0530, Sudhakar Kuppusamy wrote:
> In order to store the SBAT data, we create a new ELF note. The string
> "Secure-Boot-Advanced-Targeting",
> zero-padded to 4 byte alignment, shall be entered in the name field. The
> string "sbat"'s ASCII values,
> 0x41536967,
On Fri, Sep 06, 2024 at 05:11:14PM +0800, Gary Lin via Grub-devel wrote:
> From: Hernan Gatta
>
> The TPM2 key protector is a module that enables the automatic retrieval
> of a fully-encrypted disk's unlocking key from a TPM 2.0.
>
> The theory of operation is such that the module accepts various
On Wed, Oct 16, 2024 at 11:38:38AM +0300, Vladimir 'phcoder' Serbinenko wrote:
> Reviewed-By: Vladimir Serbinenko phco...@gmail.com
Reviewed-by: Daniel Kiper
Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/
On Fri, Sep 13, 2024 at 04:57:59PM +0530, Sudhakar Kuppusamy wrote:
> The SBAT metadata, which is read from .csv file and transformed into an ELF
> note,
> is made into an image using the -s option.
>
> Signed-off-by: Sudhakar Kuppusamy
> Co-authored-by: Daniel Axtens
s/Co-authored-by/Signed-of
On Fri, Sep 06, 2024 at 05:11:21PM +0800, Gary Lin via Grub-devel wrote:
> When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
> look like this:
>
> tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm
s/grub2/grub/
> cryptomount -u -P tpm2
> search --fs-uui
On 10/15/24 10:20 PM, Benjamin Herrenschmidt wrote:
The calculation of the size of the table was incorrect (copy/pasta from
grub_acpi_rsdt_find_table() I assume...). The entries are 64-bit long.
Yup that is correct for XSDT entries, the are 64b each.
Reviewed-by: Ross Philipson
This causes
On 10/16/24 6:04 AM, Daniel Kiper wrote:
Rename has been skipped by mistake in the original commit.
Fixes: 94649c026 (nx: Set page permissions for loaded modules)
Signed-off-by: Daniel Kiper
Reviewed-by: Ross Philipson
---
grub-core/kern/dl.c | 2 +-
1 file changed, 1 insertion(+), 1 d
On Wed, Oct 16, 2024 at 03:04:17PM +0200, Daniel Kiper wrote:
> Rename has been skipped by mistake in the original commit.
>
> Fixes: 94649c026 (nx: Set page permissions for loaded modules)
Fixes the build on aarch64/arm64 for me.
Tested-by: Sudeep Holla
--
Regards,
Sudeep
__
We have reverted the SPCR table patches in Debian due to crashes, I
guess this might have been the reason.
On Wed, Oct 16, 2024 at 6:20 AM Benjamin Herrenschmidt
wrote:
>
> The calculation of the size of the table was incorrect (copy/pasta from
> grub_acpi_rsdt_find_table() I assume...). The entr
On Fri, Sep 06, 2024 at 05:11:16PM +0800, Gary Lin via Grub-devel wrote:
> From: Hernan Gatta
>
> To utilize the key protectors framework, there must be a way to protect
> full-disk encryption keys in the first place. The grub-protect tool
> includes support for the TPM2 key protector but other pr
On Fri, Sep 06, 2024 at 05:11:17PM +0800, Gary Lin via Grub-devel wrote:
> This commit handles the TPM2_PolicyAuthorize command from the key file
> in TPM 2.0 Key File format.
>
> TPM2_PolicyAuthorize is the essential command to support authorized
> policy which allows the users to sign TPM policie
On Fri, Sep 06, 2024 at 05:11:18PM +0800, Gary Lin via Grub-devel wrote:
> From: Patrick Colp
>
> Currently with the TPM2 protector, only SRK mode is supported and
> NV index support is just a stub. Implement the NV index option.
>
> Note: This only extends support on the unseal path. grub2_protec
On Fri, Sep 06, 2024 at 05:11:19PM +0800, Gary Lin via Grub-devel wrote:
> From: Patrick Colp
>
> If a protector is specified, but it fails to unlock the disk, fall back
> to asking for the passphrase.
>
> Before requesting the passphrase, the error from the key protector(s)
> has to be cleared, o
Rename has been skipped by mistake in the original commit.
Fixes: 94649c026 (nx: Set page permissions for loaded modules)
Signed-off-by: Daniel Kiper
---
grub-core/kern/dl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 5a66e
On Wed, Oct 16, 2024 at 06:04:43PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:11:16PM +0800, Gary Lin via Grub-devel wrote:
> > From: Hernan Gatta
> >
> > To utilize the key protectors framework, there must be a way to protect
> > full-disk encryption keys in the first place. The grub
On Wed, Oct 16, 2024 at 06:19:33PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:11:21PM +0800, Gary Lin via Grub-devel wrote:
> > When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may
> > look like this:
> >
> > tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/se
On Wed, Oct 16, 2024 at 06:11:49PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:11:18PM +0800, Gary Lin via Grub-devel wrote:
> > From: Patrick Colp
> >
> > Currently with the TPM2 protector, only SRK mode is supported and
> > NV index support is just a stub. Implement the NV index opti
On Wed, 2024-10-16 at 14:18 +0100, Mate Kukri wrote:
> We have reverted the SPCR table patches in Debian due to crashes, I
> guess this might have been the reason.
Quite likely !
The bug would be triggered by trying to search for a table that doesn't
exist, which I think in grub today mostly happ
On Wed, 2024-10-16 at 10:09 -0700, Adam Williamson wrote:
.../...
> To fix this, move the handling of "auto" up to happen first,
> before the ifdef around "port" handling kicks in. If we don't
> find an SPCR, change the name to "com0", so it will be handled
> by the existing "exact match by name
7b192ec4c rejigged the serial port detection code when no port
is explicitly specified. Before 7b192ec4c we did
grub_serial_find ("com0") in this case, which on *any* platform
would return a port called "com0" if one was found. 7b192ec4c
changed this so we do grub_serial_find ("auto"), and added a
An Internal (at Red Hat) static soure code scan detected the issue below,
pointing to an use-after-free scenario so remove the extra file close
call.
Error: USE_AFTER_FREE (CWE-416):
grub-2.06/grub-core/commands/legacycfg.c:194: freed_arg: "grub_file_close"
frees "file".
grub-2.06/gru
On Wed, 2024-10-16 at 16:20 +1100, Benjamin Herrenschmidt wrote:
> The calculation of the size of the table was incorrect (copy/pasta from
> grub_acpi_rsdt_find_table() I assume...). The entries are 64-bit long.
>
> This causes us to access beyond the end of the table which is causing
> crashes du
On Wed, Oct 16, 2024 at 05:44:29PM +0200, Daniel Kiper wrote:
> On Fri, Sep 06, 2024 at 05:11:14PM +0800, Gary Lin via Grub-devel wrote:
> > From: Hernan Gatta
> >
> > The TPM2 key protector is a module that enables the automatic retrieval
> > of a fully-encrypted disk's unlocking key from a TPM 2
24 matches
Mail list logo
