Otherwise the GRUB cannot start when stack protector is enabled on EFI
platforms.
Signed-off-by: Daniel Kiper
---
include/grub/stack_protector.h | 4
1 file changed, 4 insertions(+)
diff --git a/include/grub/stack_protector.h b/include/grub/stack_protector.h
index c88dc00b5..13d2657d9 100
On Sat, Apr 27, 2024 at 05:48:31PM -0700, Forest wrote:
> Give the user a chance to re-enter their cryptodisk passphrase after a typo,
> rather than immediately failing (and likely dumping them into a grub shell).
>
> By default, we allow 3 tries before giving up. A value in the
> cryptodisk_passph
On Mon, Apr 29, 2024 at 04:38:03PM +, Lidong Chen wrote:
> The test corpus for version-1 RAID generated an infinite recursion
> in grub_partition_iterate() while attempting to read the superblock.
> The reason for the issue was that the data region overlapped with
> the superblock.
>
> The infi
On Mon, May 06, 2024 at 05:07:30PM -0700, Forest wrote:
> Give the user a chance to re-enter their cryptodisk passphrase after a typo,
> rather than immediately failing (and likely dumping them into a grub shell).
>
> By default, we allow 3 tries before giving up. A value in the
> cryptodisk_passph
Adding Marta...
On Mon, May 06, 2024 at 03:18:45PM -0500, Glenn Washburn wrote:
> From: Rogier
>
> When handling a regular LVM volume, Grub can fail with the message:
> error: disk `lvmid/**------
> /**------**' not found.
>
> If the conditi
Your patch makes sens but the commit message is wrong. In general we
will be leaking memory for short time. Not big deal here but worth
fixing. The memory will not be freed twice as you say in the commit
message. May I ask you to fix the commit message?
On Tue, Apr 23, 2024 at 09:04:34AM +0800, Zh
On Fri, May 10, 2024 at 08:52:55AM +0800, Gao Xiang wrote:
> From: Yifan Zhao
>
> EROFS [1] is a lightweight read-only filesystem designed for performance
> which has already been shipped in most Linux distributions as well as widely
> used in several scenarios, such as Android system partitions,
On Fri, May 10, 2024 at 08:52:56AM +0800, Gao Xiang wrote:
> From: Yifan Zhao
>
> In this patch, three tests of EROFS are introduced and they cover
> compact, extended and chunk-based inodes, respectively.
>
> Signed-off-by: Yifan Zhao
> Reviewed-by: Glenn Washburn
> Signed-off-by: Gao Xiang
R
On Fri, May 17, 2024 at 12:40:53PM +0800, Gao Xiang wrote:
> From: Yifan Zhao
>
> EROFS [1] is a lightweight read-only filesystem designed for performance
> which has already been shipped in most Linux distributions as well as widely
> used in several scenarios, such as Android system partitions,
On Mon, May 20, 2024 at 08:58:24AM +0100, Jonathan Davies wrote:
> Signed-off-by: Jonathan Davies
Reviewed-by: Daniel Kiper
Thank you for fixing these mistakes.
Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/list
On Sun, May 19, 2024 at 11:48:24AM +0800, Gao Xiang wrote:
> The following EROFS patch will use this helper to handle overflow
> ALIGN_UP() cases.
>
> Signed-off-by: Gao Xiang
I think Vladimir is right.
Reviewed-by: Daniel Kiper
Please post v15 an I will merge it this week.
Thank you for addi
On Thu, May 23, 2024 at 06:43:14PM +0530, Avnish Chouhan wrote:
> This patch adds support for Radix, Xive and Radix_gtse in Options
> vector5 which is required for KVM LPARs. KVM LPARs ONLY support
> Radix and not the Hash. Not enabling Radix on any PowerVM KVM LPARs
> will result in boot failure.
On Wed, Jan 24, 2024 at 06:26:37AM +, Alec Brown wrote:
> Added functionality to disable command line interface access and editing of
> GRUB
> menu entries if GRUB image is built with --disable-cli.
>
> Signed-off-by: Alec Brown
Reviewed-by: Daniel Kiper
Daniel
___
On Wed, May 15, 2024 at 01:06:53PM +0800, Gary Lin wrote:
> From: Daniel Axtens
>
> - Define SIZEOF_UNSIGNED_LONG_INT, it's the same as
>SIZEOF_UNSIGNED_LONG.
>
> - Define WORD_BIT, the size in bits of an int. This is a defined
>in the Single Unix Specification and in gnulib's limits.h.
On Wed, May 15, 2024 at 01:06:54PM +0800, Gary Lin wrote:
> From: Daniel Axtens
>
> Import a very trimmed-down set of libtasn1 files:
I hope you merge the latest one...
> pushd /tmp
I would create tmp dir in the GRUB source code and extract libtasn1
there. Then I would remove the tmp dir.
> wg
On Wed, May 15, 2024 at 01:06:55PM +0800, Gary Lin wrote:
> From: Daniel Axtens
>
> We don't expect to be able to write ASN.1, only read it,
> so we can disable some code.
>
> Do that with #if 0/#endif, rather than deletion. This means
> that the difference between upstream and grub is smaller,
>
On Fri, Jun 07, 2024 at 11:07:31AM +0800, Gary Lin wrote:
> On Wed, Jun 05, 2024 at 05:18:32PM +0200, Daniel Kiper wrote:
> > On Wed, May 15, 2024 at 01:06:55PM +0800, Gary Lin wrote:
> > > From: Daniel Axtens
> > >
> > > We don't expect to be able to write ASN.1, only read it,
> > > so we can dis
On Fri, Jun 14, 2024 at 02:45:35PM +0800, Gary Lin wrote:
> From: Daniel Axtens
>
> Import a very trimmed-down set of libtasn1 files:
>
> curl -L -O https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.19.0.tar.gz
> tar xf libtasn1-4.19.0.tar.gz
> rm -rf grub-core/lib/libtasn1/
> mkdir -p grub-core/lib/lib
On Fri, Jun 14, 2024 at 02:45:36PM +0800, Gary Lin wrote:
> Based on the patch from "Daniel Axtens "
>
> We don't expect to be able to write ASN.1, only read it,
> so we can disable some code.
>
> Do that with #if 0/#endif, rather than deletion. This means
> that the difference between upstream and
On Fri, Jun 14, 2024 at 02:45:37PM +0800, Gary Lin wrote:
> Based on the patch from "Daniel Axtens "
>
> Do a few things to make libtasn1 compile as part of grub:
>
> - remove _asn1_strcat and replace strcat with the bound-checked
>_asn1_str_cat except the one inside _asn1_str_cat. That strcat
On Fri, Jun 14, 2024 at 02:45:38PM +0800, Gary Lin wrote:
> In _asn1_tag_der(), the first while loop for the long form may end up
> with a 'k' value with 'ASN1_MAX_TAG_SIZE' and cause the buffer overrun
> in the second while loop. This commit tweaks the conditional check to
> avoid producing a too
On Fri, Jun 14, 2024 at 02:45:39PM +0800, Gary Lin wrote:
> From: Daniel Axtens
>
> Create a wrapper file that specifies the module license.
> Set up the makefile so it is built.
>
> Signed-off-by: Daniel Axtens
> Signed-off-by: Gary Lin
> Reviewed-by: Vladimir Serbinenko
Due to amount of chan
On Fri, Jun 14, 2024 at 02:45:40PM +0800, Gary Lin wrote:
> From: Daniel Axtens
>
> Import tests from libtasn1 that don't use functionality we don't
> import. This test module is integrated into functional_test so that the
> user can run the test in grub shell.
>
> This doesn't test the full decod
On Fri, Jun 14, 2024 at 02:45:41PM +0800, Gary Lin wrote:
> Document libtasn1 in docs/grub-dev.texi and add the upgrade steps.
> Also add the patches to make libtasn1 compatible with grub code.
>
> Signed-off-by: Gary Lin
> Reviewed-by: Vladimir Serbinenko
> ---
> docs/grub-dev.texi | 33 +++
On Fri, Jun 14, 2024 at 02:45:42PM +0800, Gary Lin wrote:
> From: Hernan Gatta
>
> A key protector encapsulates functionality to retrieve an unlocking key
> for a fully-encrypted disk from a specific source. A key protector
> module registers itself with the key protectors framework when it is
> l
On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote:
> From: Hernan Gatta
>
> A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> compose and submit TPM commands and parse reponses.
>
> A limited number of TPM commands may be accessed via the EFI TCG2
> protocol. This pro
On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote:
> From: Hernan Gatta
>
> A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> compose and submit TPM commands and parse reponses.
>
> A limited number of TPM commands may be accessed via the EFI TCG2
> protocol. This pro
On Wed, Jun 19, 2024 at 02:43:08PM +0800, Gary Lin wrote:
> On Tue, Jun 18, 2024 at 05:41:13PM +0200, Daniel Kiper wrote:
> > On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote:
> > > From: Hernan Gatta
> > >
> > > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > >
On Wed, Jun 19, 2024 at 02:41:13PM +0800, Gary Lin wrote:
> On Tue, Jun 18, 2024 at 03:30:03PM +0200, Daniel Kiper wrote:
> > On Fri, Jun 14, 2024 at 02:45:43PM +0800, Gary Lin wrote:
> > > From: Hernan Gatta
> > >
> > > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > >
On Fri, Jun 14, 2024 at 02:45:44PM +0800, Gary Lin wrote:
> From: Hernan Gatta
>
> The TPM2 key protector is a module that enables the automatic retrieval
> of a fully-encrypted disk's unlocking key from a TPM 2.0.
>
> The theory of operation is such that the module accepts various
> arguments, mo
On Thu, Jun 20, 2024 at 02:13:02PM +0800, Gary Lin wrote:
> On Wed, Jun 19, 2024 at 04:04:47PM +0200, Daniel Kiper wrote:
> > On Wed, Jun 19, 2024 at 02:41:13PM +0800, Gary Lin wrote:
> > > On Tue, Jun 18, 2024 at 03:30:03PM +0200, Daniel Kiper wrote:
> > > > On Fri, Jun 14, 2024 at 02:45:43PM +080
On Thu, Jun 20, 2024 at 03:35:32PM +0800, Gary Lin wrote:
> On Wed, Jun 19, 2024 at 06:34:13PM +0200, Daniel Kiper wrote:
> > On Fri, Jun 14, 2024 at 02:45:44PM +0800, Gary Lin wrote:
> > > From: Hernan Gatta
> > >
> > > The TPM2 key protector is a module that enables the automatic retrieval
> > >
Hi all,
I have great pleasure of informing you that the call for proposals is open for
Systems Boot and Security Microconference [1] which is a part of Linux Plumbers
Conference [2]. The conference will be held in Vienna, Austria between 18th and
20th of September.
If you want to discuss with us
On Mon, Aug 12, 2024 at 04:13:18PM +0200, Heinrich Schuchardt wrote:
> The cycle register is not guaranteed to count at constant frequency.
> If it is counting at all depends on the state the performance monitoring
> unit.
>
> Use the time register to measure time.
>
> Signed-off-by: Heinrich Schuc
On Tue, Sep 10, 2024 at 11:54:20AM +0200, Heinrich Schuchardt wrote:
> On 13.08.24 15:52, Daniel Kiper wrote:
> > On Mon, Aug 12, 2024 at 04:13:18PM +0200, Heinrich Schuchardt wrote:
> > > The cycle register is not guaranteed to count at constant frequency.
> > > If it is counting at all depends on
Rename has been skipped by mistake in the original commit.
Fixes: 94649c026 (nx: Set page permissions for loaded modules)
Signed-off-by: Daniel Kiper
---
grub-core/kern/dl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
index 5a66e
On Fri, Oct 18, 2024 at 07:48:24PM +0800, Michael Chang wrote:
> On Fri, Oct 18, 2024 at 08:08:28AM GMT, zhangqiumiao wrote:
> > > On Thu, Oct 03, 2024 at 03:23:15PM +0800, Michael Chang via Grub-devel
> > > wrote:
> > >> Similar to the fix in commit "c52ae4057 efinet: skip virtual IPv4 and
> > >>
On Mon, Nov 04, 2024 at 03:32:06PM +0800, Gary Lin wrote:
> Update the user manual to address TPM2 key protector including the two
> related commands, tpm2_key_protector_init and tpm2_key_protector_clear,
> and the user-space utility: grub-protect.
>
> Signed-off-by: Gary Lin
> ---
> docs/grub.te
On Mon, Nov 04, 2024 at 03:31:58PM +0800, Gary Lin wrote:
> From: Hernan Gatta
>
> To utilize the key protectors framework, there must be a way to protect
> full-disk encryption keys in the first place. The grub-protect tool
> includes support for the TPM2 key protector but other protectors that
>
On Mon, Oct 21, 2024 at 04:06:38PM +0800, Gary Lin wrote:
> GIT repo for v20: https://github.com/lcp/grub2/tree/tpm2-unlock-v20
>
> This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
> Hernan Gatta to introduce the key protector framework and TPM2 stack
> to GRUB, and this coul
On Mon, Oct 21, 2024 at 04:06:53PM +0800, Gary Lin wrote:
> There is a testcase to test the values larger than 'int' but smaller
> than 'long'. However, for some architectures, 'long' and 'int' are the
> same, and the compiler may issue a warning like this:
>
> grub-core/tests/asn1/tests/Test_overf
On Mon, Oct 21, 2024 at 04:07:01PM +0800, Gary Lin wrote:
> From: Hernan Gatta
>
> The TPM2 key protector is a module that enables the automatic retrieval
> of a fully-encrypted disk's unlocking key from a TPM 2.0.
>
> The theory of operation is such that the module accepts various
> arguments, mo
On Mon, Oct 21, 2024 at 04:07:11PM +0800, Gary Lin wrote:
> Update the user manual to address TPM2 key protector including the two
> related commands, tpm2_key_protector_init and tpm2_key_protector_clear,
> and the user-space utility: grub-protect.
>
> Signed-off-by: Gary Lin
> ---
> docs/grub.te
On Mon, Oct 21, 2024 at 04:07:03PM +0800, Gary Lin wrote:
> From: Hernan Gatta
>
> To utilize the key protectors framework, there must be a way to protect
> full-disk encryption keys in the first place. The grub-protect tool
> includes support for the TPM2 key protector but other protectors that
>
On Sun, Sep 22, 2024 at 08:17:47PM +0300, Sergii Dmytruk wrote:
> From: Daniel Kiper
>
> It does not make sense to have separate headers for individual static
> functions. Additionally, we have to add some constants with MSR
> addresses in subsequent patches. So, make one common place to store
Th
On Sun, Sep 22, 2024 at 08:17:48PM +0300, Sergii Dmytruk wrote:
> From: Daniel Kiper
>
> Use more obvious names which match corresponding instructions:
> * grub_msr_read() => grub_rdmsr()
> * grub_msr_write() => grub_wrmsr()
>
> Signed-off-by: Daniel Kiper
> Signed-off-by: Sergii Dmytruk
> Re
On Sun, Sep 22, 2024 at 08:17:49PM +0300, Sergii Dmytruk wrote:
> From: Daniel Kiper
>
> Currently rdmsr and wrmsr commands have own MSR support detection code.
> This code is the same. So, it is duplicated. Additionally, this code
> cannot be reused by others. Hence, extract this code to a functi
On Mon, Sep 23, 2024 at 09:56:22AM -0700, ross.philipson via trenchboot-devel
wrote:
> On 9/22/24 10:17 AM, Sergii Dmytruk wrote:
> > From: Daniel Kiper
> >
> > This fixes naming inconsistency that goes against coding style as well
> > as helps to avoid potential conflicts and confusion.
> >
> >
On Mon, Sep 23, 2024 at 10:04:04AM -0700, ross.philipson via trenchboot-devel
wrote:
> On 9/22/24 10:17 AM, Sergii Dmytruk wrote:
> > From: Daniel Kiper
> >
> > Subsequent patches will use that constant.
This sentence is not true due to lack of DRTM patches. I think we should
replace it with som
On Sun, Sep 22, 2024 at 08:17:53PM +0300, Sergii Dmytruk wrote:
> From: Daniel Kiper
>
> The functions find the lowest and highest values with regard to the
> passed in limit. Passing a low limit of 0 or a high limit of ~0
> calculates lowest and highest available RAM addresses respectively.
>
>
On Thu, Oct 24, 2024 at 10:18:10AM +0800, Qiumiao Zhang wrote:
> On Tue, Oct 22, 2024 at 10:04:25PM +0800, Daniel Kiper wrote:
> > On Fri, Oct 18, 2024 at 07:48:24PM +0800, Michael Chang wrote:
> > > On Fri, Oct 18, 2024 at 08:08:28AM GMT, zhangqiumiao wrote:
> > > > > On Thu, Oct 03, 2024 at 03:23
Hey,
On Tue, Nov 19, 2024 at 10:15:24AM -0500, Stefan Berger wrote:
> On 11/15/24 2:34 AM, Gary Lin wrote:
> > GIT repo for v23: https://github.com/lcp/grub2/tree/tpm2-unlock-v23
> >
> > This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by
> > Hernan Gatta to introduce the key p
On Mon, Dec 16, 2024 at 12:26:58PM +0800, Ruihan Li wrote:
> Currently, EFI services can be used after they are exited because we
> allocate memory after exiting EFI services.
>
> An example call stack is:
>
> grub_multiboot_boot
> grub_multiboot2_make_mbi
> grub_efi_finish_boot_service
On Thu, Dec 12, 2024 at 02:11:24PM +0800, Gary Lin wrote:
> PCR mismatching is one common cause of TPM key unsealing fail. Since the
> system may be compromised, it is not safe to boot into OS to get the PCR
> values and TPM eventlog for the further investigation.
>
> To provide some hints, GRUB no
On Tue, Dec 17, 2024 at 11:45:32AM +0800, Gary Lin wrote:
> On Tue, Dec 17, 2024 at 09:35:34AM +0800, Gary Lin wrote:
> > On Mon, Dec 16, 2024 at 05:28:34PM +0100, Daniel Kiper wrote:
> > > On Thu, Dec 12, 2024 at 02:11:24PM +0800, Gary Lin wrote:
> > > > PCR mismatching is one common cause of TPM
On Thu, Dec 19, 2024 at 11:32:59AM -0600, Andrew Hamilton wrote:
> Any interest in this patch set?
Yes, but due to holiday season and other things I will not be able to
take a look at it for a few weeks. There is a chance I will have more
time at turn of January and February. Sorry about that...
On Tue, Dec 17, 2024 at 09:20:22AM +0800, Ruihan Li wrote:
> On Mon, Dec 16, 2024 at 05:10:04PM +0100, Daniel Kiper wrote:
> > Reviewed-by: Daniel Kiper
>
> Thanks for your review!
>
> > However, should not we go further and extend the heap with additional
> > memory before EBS? 1 MiB?
>
> Yeah, I
Hi,
The 3mdeb and Oracle are organizing Open Source Firmware, BMC and Bootloader
devroom at FOSDEM'25 [1]. Every year we are seeing increased attendance and
interest in the topics presented at our track. So, if you want to present
something in our lively devroom at FOSDEM'25 please take a look at
On Fri, Mar 21, 2025 at 03:59:03PM +0800, Gary Lin wrote:
> This commit implements the missing NV index mode support in
> 'grub-protect'. NV index mode stores the sealed key in the TPM
> non-volatile memory (NVRAM) instead of a file. There are two supported
> types of TPM handles.
>
> 1. Persistent
On Fri, Mar 21, 2025 at 03:59:04PM +0800, Gary Lin wrote:
> Since 'grub-protect' already supports NV index mode, tpm2_seal_nv() is
> replaced with one 'grub-protect' command to simplify the test script.
>
> 'tpm2_evictcontrol' is also replaced with 'grub-protect --tpm2-evict'.
>
> Signed-off-by: Ga
On Fri, Mar 21, 2025 at 03:59:08PM +0800, Gary Lin wrote:
> The TPM2 key protector tests require two external packages: swtpm-tools
> and tpm2-tools. Add those two packages to the INSTALL file to inform
> the user to install those packages before starting the TPM2 key protector
> tests.
>
> Signed-
On Thu, Mar 27, 2025 at 09:19:03PM +0300, Vladimir 'phcoder' Serbinenko wrote:
>
> + {
> + grub_errno = err;
> + goto fail;
> + }
> grub_errno is already set. No need to set it again
I proposed that assignment to make it explicit but I am not going to ins
On Mon, Apr 07, 2025 at 04:29:25PM +0800, Gary Lin wrote:
> This commit updates the NV index mode section and the grub-protect
> section to reflect the recent changes in TPM2 key protector and
> grub-protect.
>
> Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
Daniel
On Mon, Apr 07, 2025 at 04:29:19PM +0800, Gary Lin wrote:
> Extract the logic to handle the file buffer from the SRK recover
> function to prepare to load the sealed key from the NV index handle,
> so the NV index mode can share the same code path in the later patch.
> The SRK recover function now
On Mon, Apr 07, 2025 at 09:26:00AM -0400, Stefan Berger wrote:
> On 4/7/25 4:29 AM, Gary Lin wrote:
> > Reset 'ret' to 0 when a test case fails so that the other test cases
> > could continue.
> >
> > Also set the exit status to 1 when encountering a failure to reflect the
> > test result.
> >
> >
On Mon, Apr 07, 2025 at 04:29:24PM +0800, Gary Lin wrote:
> Two more NV index test cases are added to test key sealing and
> unsealing with the NV index handle 0x100.
>
> Signed-off-by: Gary Lin
> Reviewed-by: Stefan Berger
Reviewed-by: Daniel Kiper
Daniel
On Mon, Apr 07, 2025 at 04:29:27PM +0800, Gary Lin wrote:
> Add the long options of tpm2_key_protect_init along with the short
> options.
>
> Signed-off-by: Gary Lin
Reviewed-by: Daniel Kiper
Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
http
On Thu, Mar 13, 2025 at 07:45:50PM +0530, Avnish Chouhan wrote:
> Change RMA size from 512 MB to 768 MB which will result
> in more memory at boot time for PowerPC. When vTPM, Secure Boot or
> FADump are enabled on PowerPC, the 512 MB RMA memory is not sufficient for
> booting. With this 512 MB RMA
On Thu, Apr 17, 2025 at 07:37:13AM -0400, Neal Gompa wrote:
> On Fri, Apr 11, 2025 at 11:55 PM Alec Brown via Grub-devel
> wrote:
> >
> > v3:
> > - Added --enable-fallback option to check the default directory if the
> > --path
> >option isn't able to find entries.
> > - Added the function
On Sat, Apr 12, 2025 at 03:53:10AM +, Alec Brown wrote:
> Irritatingly, BLS defines paths relatives to the mountpoint of the
> filesystem which contains its snippets, not / or any other fixed
> location. So grub2-emu needs to know whether /boot is a separate
> filesystem from / and conditionall
On Sat, Apr 12, 2025 at 03:53:11AM +, Alec Brown wrote:
> A Unified Kernel Image is a single UEFI PE file that combines a UEFI boot
> stub,
> a Linux kernel image, an initrd, and further resources. The uki command will
> locate where the uki file is and create a GRUB menu entry to load it.
Li
On Fri, Apr 18, 2025 at 07:54:01PM +0300, Vladimir 'phcoder' Serbinenko wrote:
> > +module = {
> > + name = blsuki;
> > + common = commands/blsuki.c;
> > + common = lib/vercmp.c;
>
> Probably this should be a part of the kernel.
>
> > + enable = powerpc_ieee1275;
>
Missing From:...
On Sat, Apr 12, 2025 at 03:53:09AM +, Alec Brown wrote:
> The BootLoaderSpec (BLS) defines a scheme where different bootloaders can
> share a format for boot items and a configuration directory that accepts
> these common configurations as drop-in files.
Please add links to t
From: Alec Brown
The Coverity complains that we might overflow into a negative value when
setting linux_params.kernel_alignment to (1 << align). We can remedy
this by casting it to grub_uint32_t.
Fixes: CID 473876
Signed-off-by: Alec Brown
Reviewed-by: Daniel Kiper
---
grub-core/loader/i386/
Hi all,
This patch set contains a bundle of fixes for various security flaws
discovered, as part of a pro-active hardening effort, in the GRUB2 code
recently. The most severe ones, i.e. potentially exploitable, have CVEs
assigned and are listed at the end of this email.
Details of exactly what ne
From: B Horn
grub_strcpy() was used to copy a symlink name from the filesystem
image to a heap allocated buffer. This led to a OOB write to adjacent
heap allocations. Fix by using grub_strlcpy().
Fixes: CVE-2024-45781
Reported-by: B Horn
Signed-off-by: B Horn
Reviewed-by: Daniel Kiper
---
g
From: B Horn
grub_strlcpy() acts the same way as strlcpy() does on most *NIX,
returning the length of src and ensuring dest is always NUL
terminated except when size is 0.
Signed-off-by: B Horn
Reviewed-by: Daniel Kiper
---
include/grub/misc.h | 39 +++
1 f
From: B Horn
Replaced with grub_strlcpy().
Fixes: CVE-2024-45782
Fixes: CVE-2024-56737
Fixes: https://savannah.gnu.org/bugs/?66599
Reported-by: B Horn
Signed-off-by: B Horn
Reviewed-by: Daniel Kiper
---
grub-core/fs/hfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/g
From: Lidong Chen
While fuzz testing JFS with ASAN enabled an OOB read was detected in
grub_jfs_opendir(). The issue occurred due to an invalid directory slot
index in the first entry of the sorted directory slot array in the inode
directory header. The fix ensures the slot index is validated bef
From: Lidong Chen
Both namesize and linksize are derived from hd.size, a 12-digit octal
number parsed by read_number(). Later direct arithmetic calculation like
"namesize + 1" and "linksize + 1" may exceed the maximum value of
grub_size_t leading to heap OOB write. This patch fixes the issue by
u
From: B Horn
It was previously possible for grub_errno to not be set when
grub_f2fs_mount() failed if nat_bitmap_ptr() returned NULL.
This issue is solved by ensuring a grub_errno is set in the fail case.
Reported-by: B Horn
Signed-off-by: B Horn
Reviewed-by: Daniel Kiper
---
grub-core/fs/f
From: B Horn
It was possible for mount to fail but not set grub_errno. This led to
a possible double decrement of the module reference count if the NULL
page was mapped.
Fixing in general as a similar bug was fixed in commit 61b13c187
(fs/hfsplus: Set grub_errno to prevent NULL pointer access) a
From: Lidong Chen
An extent's logical offset and address are represented as a 40-bit value
split into two parts: the most significant 8 bits and the least
significant 32 bits. Currently the JFS code uses only the least
significant 32 bits value for offsets and addresses assuming the data
size wil
From: B Horn
It was possible to iterate through grub_cpio_find_file() without
allocating name and not setting mode to GRUB_ARCHELP_ATTR_END, which
would cause the uninitialized value for name to be used as an argument
for canonicalize() in grub_archelp_dir().
Reported-by: B Horn
Signed-off-by:
From: Michael Chang
When parsing NTFS file records the presence of the 0xFF marker indicates
the end of the attribute list. This value signifies that there are no
more attributes to process.
However, when the end marker is missing due to corrupted metadata the
loop continues to read beyond the a
From: B Horn
It was possible to delete a loopback while there were still references
to it. This led to an exploitable use-after-free.
Fixed by implementing a reference counting in the grub_loopback struct.
Reported-by: B Horn
Signed-off-by: B Horn
Reviewed-by: Daniel Kiper
---
grub-core/dis
From: Michael Chang
The GRUB may use TPM to verify the integrity of boot components and the
result can determine whether a previously sealed key can be released. If
everything checks out, showing nothing has been tampered with, the key
is released and GRUB unlocks the encrypted root partition for
From: Lidong Chen
The JFS fuzzing revealed an OOB read in grub_jfs_getent(). The crash
was caused by an invalid leaf nodes count, diro->dirpage->header.count,
which was larger than the maximum number of leaf nodes allowed in an
inode. This fix is to ensure that the leaf nodes count is validated i
From: B Horn
Right now to access the next attribute the code reads the length of the
current attribute and adds that to the current pointer. This is error
prone as bounds checking needs to be performed all over the place. So,
implement a helper and ensure its used across find_attr() and read_attr
From: Michael Chang
The number of records in the root key array read from disk was not being
validated against the size of the root node. This could lead to an
out-of-bounds read.
This patch adds a check to ensure that the number of records in the root
key array does not exceed the expected size
From: B Horn
The end of the attribute buffer should be stored alongside the rest of
the attribute struct as right now it is not possible to implement bounds
checking when accessing attributes sequentially.
This is done via:
- updating init_attr() to set at->end and check is is not initially ou
From: B Horn
An overly long filename can be passed to tftp_open() which would cause
grub_normalize_filename() to write out of bounds.
Fixed by adding an extra argument to grub_normalize_filename() for the
space available, making it act closer to a strlcpy(). As several fixed
strings are strcpy()
From: B Horn
The grub_net_network_level_interface_unregister(), previously
implemented in a header, did not remove the variables hooks that
were registered in grub_net_network_level_interface_register().
Fix this by implementing the same logic used to register the
variables and move the function
From: B Horn
If unbounded recursion is allowed it becomes possible to collide the
stack with the heap. As UEFI firmware often lacks guard pages this
becomes an exploitable issue as it is possible in some cases to do
a controlled overwrite of a section of this heap region with
arbitrary data.
Rep
From: Michael Chang
When inline extents are used, i.e. the extent tree depth equals zero,
a maximum of four entries can fit into the inode's data block. If the
extent header states a number of entries greater than four the current
ext2 implementation causes an out-of-bounds read. Fix this issue b
From: Lidong Chen
The grub_extcmd_dispatcher() calls grub_arg_list_alloc() to allocate
a grub_arg_list struct but it does not verify the allocation was successful.
In case of failed allocation the NULL state pointer can be accessed in
parse_option() through grub_arg_parse() which may lead to a se
From: B Horn
The grub_dl_relocate_symbols() iterates through the sections in
an ELF looking for relocation sections. According to the spec [1]
the SHF_INFO_LINK flag should be set if the sh_info field is meant
to be a section index.
[1] https://refspecs.linuxbase.org/elf/gabi4+/ch4.sheader.html
From: B Horn
The grub_file_open() and grub_file_close() should be the only places
that allow a reference to a filesystem to stay open. So, add grub_dl_t
to grub_fs_t and set this in the GRUB_MOD_INIT() for each filesystem to
avoid issues when filesystems forget to do it themselves or do not track
From: Alec Brown
Replace direct arithmetic operations with macros from include/grub/safemath.h
to prevent potential overflow issues when calculating the memory sizes.
Signed-off-by: Alec Brown
Reviewed-by: Daniel Kiper
---
grub-core/disk/cryptodisk.c | 36 ++--
grub-c
From: B Horn
The function included a call to grub_strcpy() which copied data from an
environment variable to a buffer allocated in grub_cmd_normal(). The
grub_cmd_normal() didn't consider the length of the environment variable.
So, the copy operation could exceed the allocation and lead to an OOB
1 - 100 of 180 matches
Mail list logo
