mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-10 06:26:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

sys-boot/grub: Sync with Gentoo

Browse Source 
It's from Gentoo commit e6dcbcd25a2e4c2df04f6d4023f8675abc82ba06.
This commit is contained in:
Krzesimir Nowak 2023-10-12 13:08:18 +02:00
parent b54e9a6733
commit 28577a2a22
11 changed files with 3 additions and 3686 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/Manifest vendored
View File

@ -1,8 +1,5 @@
DIST dejavu-sans-ttf-2.37.zip 417746 BLAKE2B c8904f3cd5a49370a7dc10e456684c88aeae998a99090bf4d0a5baa4f36cc8fb8f70586cf6d610a5ffeee97261d28c80f55bbe9dcfc3ed796d5c2d60e79adb58 SHA512 ede5899daa1984c5aa8cacb1c850eb53f189dddef3d9bb78bf9774d8976b7c0d6eb0bcf86237cd7d11f5b36cf5b5058d42cd94d3bd76f2bd0931c7ceb1271fae
DIST grub-2.06-backports-r2.tar.xz 40416 BLAKE2B d9b4a8274a24aa35023eef7450bc4311045d0872250b1d11b1714b9daa32f7862fe1444b5b86db8b885a9f7b3af2459a5b2f87f0beaf4326a982fd96ec51d602 SHA512 99cf40b3d3d10cf6ba928ccc571c3a8baab217f650267fa7de4ba4ce807a895ff9414156647cc4dcb34bfbe48747a0c486bf60fee1c188a2dc89f26c2db3840f
DIST grub-2.06-backports-r3.tar.xz 47612 BLAKE2B 235610e826c7a76d05872fb51e74564fb3861590f95377d5dcb9a5a4b0f5037d0b71c9f334bfe0bbe399f65036088d808f7af8e43090007ab7394002d05f7b4a SHA512 561f031dca2cdc13fc1b3f3cfdbdccd7decd67ef18ddcc588327f141b026eadcda5d64d729929859cad54959b3855ff86c1f62e3ff1d8ae5f6f5ac5761fa6ba4
DIST grub-2.06.tar.xz 6581924 BLAKE2B 2a40b9b03d7bb3b9e7b1309ab274d686f01b3c42e7035ebc6e5a0e59a59c3b7362ba518341664b314cb0dbc8222bb10ea05ce09f08ce9d58a293207cb909e417 SHA512 4f11c648f3078567e53fc0c74d5026fdc6da4be27d188975e79d9a4df817ade0fe5ad2ddd694238a07edc45adfa02943d83c57767dd51548102b375e529e8efe
DIST grub-2.06.tar.xz.sig 566 BLAKE2B 2ff18fb40d9cce36cac110ba9996f88236dbaa261d19e777a6d23a0e9754a9fc8bc45a01896f4838c88bb44edff0172a97611202cb3ffd5653a3cbdfc102ae16 SHA512 797683dafade76b5981bd02f079d7dcecb36f5d07eca652181fd69f3df821931f84cc0d8771bfb80506ef41fbd96edfb202b6698af1fec3c8228dd320a05fa84
DIST grub-2.12~rc1.tar.xz 6589460 BLAKE2B edfad62a01970026ca4ad088056da6225ef1319a08e8a95418b24cc8102be7fe45bb1412797aab13f8c1f4f690cf2fa9e5b4725f6769013ce76aa81c43952557 SHA512 6f1fbce004b6dccf58e203bf6a6eeb771bac5ecc54b503265e56a97e9adce0221677bb3e64328144ec921f327a099f0345e7a9952be41cd8808f7635cded52cb
DIST grub-2.12~rc1.tar.xz.sig 566 BLAKE2B 4b0563623498d06f512d29d9a84a4f8386e7d5adf257d0f2ea8f3301e5112b7ad669741d78519dfa35d16e7f1695b0c74740d679f07e41774ecc8910c3f6bc5c SHA512 b8b3c818679b50810e2d9e597a01c34b05fbc1218a88bdf35aaec798ce29b376c7aa696c50233d416306a480f6ee602dfcbe7eaf481c503f3c203a7b8e8db7a2
DIST unifont-12.1.02.pcf.gz 1335424 BLAKE2B 97080312468e3f3c8aa6f49cef08f5622641e8c9c035f3ede1e09d8d98de4e78d3b23c8aba2e8070eb46cbebd2d55e8568e467d7f15f35aa8fc8db792b7e5f14 SHA512 b280b2db7cf5f480b0668c331130dede2c0cc87d5e02e44566b77787113d0f6604d0105522858288f2ac6b8e77df7a2d9878725013a6c778dc5bfb183156e2f0
DIST unifont-15.0.06.pcf.gz 1358322 BLAKE2B 81811e3de390ca35d1a2dc1f1dee73464e97f44907ba522c218ba9c5e39ca3c9d767552780a257a97c156eb623c17786d9c0d2b67786d61df5ca33a1e10db7ca SHA512 0a28a406629c604f5cbf51f501528239a7ed50d19f93ea505bc5bdc72639e4b926b03f4b8782a5733041f7cdb4aebb9948ac7cfd5a8ad9a0fe309944e595517b

460
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/README.md vendored
View File

@ -1,460 +0,0 @@
Flatcar uses a patched version of the GRUB, which implements the functionality to
read the [Flatcar Container Linux partition table](https://www.flatcar.org/docs/latest/reference/developer-guides/sdk-disk-partitions/#partition-table)
## History
CoreOS Container Linux maintained a fork of the [grub](https://github.com/coreos/grub) and then was referenced
in the coreos-overlay. Any changes were made through [PRs](https://github.com/coreos/grub/pulls?q=is%3Apr+is%3Aclosed) to the grub repository.
When Flatcar was born, a `grub` repo under the flatcar-linux org was created
and referenced in the Flatcar's coreos-overlay. Except for a few, now many changes
where brought into the system.
The repo was maintained at 2.02 version. During the 2.06 migration, the philosophy
to use a separate repo was scraped, and a single patch file was created. The patch
files migrated only the essential commits, and dropped all the other commits, which
were either half-baked, or redundant at the point of migration. The two patches are applied
on top of the grub sources, and emerge is done.
Given below are the list of commits that were referenced to create the two patches.
## Summary of the patches
The patch starts with adding a new implementation of reading the GPT instead
of using the traditional module. It provides essential functionality to interact
with GPT structures on disk, and checking/validating data integrity & GPT specification.
The commits goes on to add the following modules gptprio, gptrepair, and search
commands by label and partition.
The `gptprio` command which provides a mechanism to prioritize and select the
next bootable partition based on the GPT attributes and results in flexible
partition booting. The `gptrepair` command implements the repair functions for
GPT information on a specified device. Few other functions include searching
devices by partition label or partition UUID.
## Commits
Below are the commits that are picked to create the two patches for the grub. One is
descriptive, and other is comprehensive.
<details>
<summary>(click to expand) The descriptive log for all the commits picked </summary>
```
commit f69a9e0fdcf63ac33906e2753e14152bab2fcd05
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sun Sep 28 21:26:21 2014 -0700
gpt: start new GPT module
This module is a new implementation for reading GUID Partition Tables
which is much stricter than the existing part_gpt module and exports GPT
data directly instead of the generic grub_partition structure. It will
be the basis for modules that need to read/write/update GPT data.
The current code does nothing more than read and verify the table.
commit c26743a145c918958b862d580c4261735d1c1a6e
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sat Oct 18 15:39:13 2014 -0700
gpt: rename misnamed header location fields
The header location fields refer to 'this header' and 'alternate header'
respectively, not 'primary header' and 'backup header'. The previous
field names are backwards for the backup header.
commit 94f04a532d2b0e2b81e47a92488ebb1613bda1a0
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sat Oct 18 16:46:17 2014 -0700
gpt: record size of of the entries table
The size of the entries table will be needed later when writing it back
to disk. Restructure the entries reading code to flow a little better.
commit 3d066264ac13198e45dc151b863a9aac4c095225
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sat Oct 18 18:18:17 2014 -0700
gpt: consolidate crc32 computation code
The gcrypt API is overly verbose, wrap it up in a helper function to
keep this rather common operation easy to use.
commit dab6fac705bdad7e6ec130b24085189bcb15a5c9
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sat Oct 18 18:21:07 2014 -0700
gpt: add new repair function to sync up primary and backup tables.
commit 5e1829d4141343617b5e13e84298d118eac15bdf
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sun Oct 19 14:21:29 2014 -0700
gpt: add write function and gptrepair command
The first hint of something practical, a command that can restore any of
the GPT structures from the alternate location. New test case must run
under QEMU because the loopback device used by the other unit tests does
not support writing.
commit 2cd009dffe98c19672394608661767e4c3c84764
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Oct 30 20:55:21 2014 -0700
gpt: add a new generic GUID type
In order to do anything with partition GUIDs they need to be stored in a
proper structure like the partition type GUIDs. Additionally add an
initializer macro to simplify defining both GUID types.
commit 508b02fc8a1fe58413ec8938ed1a7b149b5855fe
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Mon Nov 3 17:14:37 2014 -0800
gpt: new gptprio.next command for selecting priority based partitions
Basic usage would look something like this:
gptprio.next -d usr_dev -u usr_uuid
linuxefi ($usr_dev)/boot/vmlinuz mount.usr=PARTUUID=$usr_uuid
After booting the system should set the 'successful' bit on the
partition that was used.
commit f8f6f790aa7448a35c2e3aae2d1a35d9d323a1b2
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sat Nov 15 13:27:13 2014 -0800
gpt: split out checksum recomputation
For basic data modifications the full repair function is overkill.
commit d9bdbc10485a5c6f610569077631294683da4e34
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Nov 27 12:55:53 2014 -0800
gpt: move gpt guid printing function to common library
commit ffb13159f1e88d8c66954c3dfbeb027f943b3b1d
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Nov 27 14:54:27 2014 -0800
gpt: switch partition names to a 16 bit type
In UEFI/GPT strings are UTF-16 so use a uint16 to make dealing with the
string practical.
commit febf4666fbabc3ab4eaab32f4972b45b5c64c06d
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Nov 27 15:49:57 2014 -0800
tests: add some partitions to the gpt unit test data
commit 67475f53e0ac4a844f793296ba2e4af707d5b20e
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Nov 27 16:34:21 2014 -0800
gpt: add search by partition label and uuid commands
Builds on the existing filesystem search code. Only for GPT right now.
commit d1270a2ba31cc3dd747d410a907f272ff03a6d68
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Fri Jul 31 15:03:11 2015 -0700
gpt: clean up little-endian crc32 computation
- Remove problematic cast from *uint8_t to *uint32_t (alignment issue).
- Remove dynamic allocation and associated error handling paths.
- Match parameter ordering to existing grub_crypto_hash function.
commit bacbed2c07f4b4e21c70310814a75fa9a1c3a155
Author: Alex Crawford <alex.crawford@coreos.com>
Date: Mon Aug 31 15:23:39 2015 -0700
gpt: minor cleanup
commit 1545295ad49d2aff2b75c6c0e7db58214351768e
Author: Alex Crawford <alex.crawford@coreos.com>
Date: Mon Aug 31 15:15:48 2015 -0700
gpt: add search by disk uuid command
commit 6d4ea47541db4e0a1eab81de8843a491973e6b40
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Mon Jul 25 14:59:29 2016 -0700
gpt: do not use disk sizes GRUB will reject as invalid later on
GRUB assumes that no disk is ever larger than 1EiB and rejects
reads/writes to such locations. Unfortunately this is not conveyed in
the usual way with the special GRUB_DISK_SIZE_UNKNOWN value.
commit 99959fa2fb8bfafadc1fa5aec773a8d605a1df4e
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Aug 10 18:26:03 2016 -0700
gpt: add verbose debug logging
commit f6b89ec3156a549999a13b3d15e9a67b4a9bf824
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Aug 10 18:26:03 2016 -0700
gpt: improve validation of GPT headers
Adds basic validation of all the disk locations in the headers, reducing
the chance of corrupting weird locations on disk.
commit fa18d3a292bdcd61012d549c61e25d557481a05e
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Aug 11 15:02:21 2016 -0700
gpt: refuse to write to sector 0
commit b1ef48849c8dc12756793567520dfd3654539a27
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Sat Aug 20 17:42:12 2016 -0700
gpt: properly detect and repair invalid tables
GPT_BOTH_VALID is 4 bits so simple a boolean check is not sufficient.
This broken condition allowed gptprio to trust bogus disk locations in
headers that were marked invalid causing arbitrary disk corruption.
commit 9af98c2bfd31a73b899268e67f01bca785681d52
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Mon Aug 22 16:44:30 2016 -0700
gptrepair_test: fix typo in cleanup trap
commit d457364d1d811ad262519cf6dde3d098caf7c778
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Mon Aug 22 16:45:10 2016 -0700
gptprio_test: check GPT is repaired when appropriate
commit 3a3e45823dd677b428ceb40d8963676aff63f8d2
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Mon Aug 22 18:30:56 2016 -0700
fix checking alternate_lba
commit 72b178950d313d567dfdf11f403199370d81a9f3
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Aug 24 16:14:20 2016 -0700
gpt: fix partition table indexing and validation
Portions of the code attempted to handle the fact that GPT entries on
disk may be larger than the currently defined struct while others
assumed the data could be indexed by the struct size directly. This
never came up because no utility uses a size larger than 128 bytes but
for the sake of safety we need to do this by the spec.
commit 1d358a2061f40ad89567754f4787d0c76001d48a
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Tue Aug 23 13:09:14 2016 -0700
gpt: prefer disk size from header over firmware
The firmware and the OS may disagree on the disk configuration and size.
Although such a setup should be avoided users are unlikely to know about
the problem, assuming everything behaves like the OS. Tolerate this as
best we can and trust the reported on-disk location over the firmware
when looking for the backup GPT. If the location is inaccessible report
the error as best we can and move on.
commit 2ed905dc03c757c92064486b380f59166cc704e8
Author: Vito Caputo <vito.caputo@coreos.com>
Date: Thu Aug 25 17:21:18 2016 -0700
gpt: add helper for picking a valid header
Eliminate some repetition in primary vs. backup header acquisition.
commit 4af1d7a8b7d0cefa41a1ea4df050b161ea6cdf50
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Tue Sep 20 13:06:05 2016 -0700
gptrepair: fix status checking
None of these status bit checks were correct. Fix and simplify.
commit a794435ae9f5b1a2e0281d36b10545c6e643fd8d
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Tue Sep 20 12:43:01 2016 -0700
gpt: use inline functions for checking status bits
This should prevent bugs like 6078f836 and 4268f3da.
commit 38cc185319b74d7d33ad380fe4d519fb0b0c85a6
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Tue Sep 20 13:40:11 2016 -0700
gpt: allow repair function to noop
Simplifies usage a little.
commit 2aeadda52929bb47089ef99c2bad0f928eadeffa
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 13:22:06 2016 -0700
gpt: do not use an enum for status bit values
commit 34652e500d64dc747ca17091b4490f9adf93ff82
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 13:44:11 2016 -0700
gpt: check header and entries status bits together
Use the new status function which checks *_HEADER_VALID and
*_ENTRIES_VALID bits together. It doesn't make sense for the header and
entries bits to mismatch so don't allow for it.
commit 753dd9201306e8cd7092a1231ceb194524397b04
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 13:52:52 2016 -0700
gpt: be more careful about relocating backup header
The header was being relocated without checking the new location is
actually safe. If the BIOS thinks the disk is smaller than the OS then
repair may relocate the header into allocated space, failing the final
validation check. So only move it if the disk has grown.
Additionally, if the backup is valid then we can assume its current
location is good enough and leave it as-is.
commit f1f618740d1379000b04130a632f4d53bc2392b8
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 14:33:48 2016 -0700
gpt: selectively update fields during repair
Just a little cleanup/refactor to skip touching data we don't need to.
commit 285368e3753b1dbd631c1f5a4a127b7321a6941f
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 14:55:19 2016 -0700
gpt: always revalidate when recomputing checksums
This ensures all code modifying GPT data include the same sanity check
that repair does. If revalidation fails the status flags are left in the
appropriate state.
commit f19f5cc49dc00752f6b267c2d580a25c31697afb
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 15:01:09 2016 -0700
gpt: include backup-in-sync check in revalidation
commit 7b25acebc343895adf942975bba5a52ef3408437
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 15:29:55 2016 -0700
gpt: read entries table at the same time as the header
I personally think this reads easier. Also has the side effect of
directly comparing the primary and backup tables instead of presuming
they are equal if the crc32 matches.
commit edd01f055a8a8f922491ba7077bf26fcaf015516
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Wed Sep 21 16:02:53 2016 -0700
gpt: report all revalidation errors
Before returning an error that the primary or backup GPT is invalid push
the existing error onto the stack so the user will be told what is bad.
commit 176fe49cf03ffdd72b8bd174a149032c3867ddde
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Sep 22 10:00:27 2016 -0700
gpt: rename and update documentation for grub_gpt_update
The function now does more than just recompute checksums so give it a
more general name to reflect that.
commit eb28d32081be2d224874c430345e7ef97bfbba07
Author: Michael Marineau <michael.marineau@coreos.com>
Date: Thu Sep 22 11:18:42 2016 -0700
gpt: write backup GPT first, skip if inaccessible.
Writing the primary GPT before the backup may lead to a confusing
situation: booting a freshly updated system could consistently fail and
next boot will fall back to the old system if writing the primary works
but writing the backup fails. If the backup is written first and fails
the primary is left in the old state so the next boot will re-try and
possibly fail in the exact same way. Making that repeatable should make
it easier for users to identify the error.
Additionally if the firmware and OS disagree on the disk size, making
the backup inaccessible to GRUB, then just skip writing the backup.
When this happens the automatic call to `coreos-setgoodroot` after boot
will take care of repairing the backup.
commit 03b547c21ec3475980a54b71e909034ed5ed5254
Author: Matthew Garrett <mjg59@coreos.com>
Date: Thu May 28 11:15:30 2015 -0700
Add verity hash passthrough
Read the verity hash from the kernel binary and pass it to the running
system via the kernel command line
```
</details>
<details>
<summary> (click to expand) Comprehensive log of the commits</summary>
```
f69a9e0fd gpt: start new GPT module
c26743a14 gpt: rename misnamed header location fields
94f04a532 gpt: record size of of the entries table
3d066264a gpt: consolidate crc32 computation code
dab6fac70 gpt: add new repair function to sync up primary and backup tables.
5e1829d41 gpt: add write function and gptrepair command
2cd009dff gpt: add a new generic GUID type
508b02fc8 gpt: new gptprio.next command for selecting priority based partitions
f8f6f790a gpt: split out checksum recomputation
d9bdbc104 gpt: move gpt guid printing function to common library
ffb13159f gpt: switch partition names to a 16 bit type
febf4666f tests: add some partitions to the gpt unit test data
67475f53e gpt: add search by partition label and uuid commands
d1270a2ba gpt: clean up little-endian crc32 computation
bacbed2c0 gpt: minor cleanup
1545295ad gpt: add search by disk uuid command
6d4ea4754 gpt: do not use disk sizes GRUB will reject as invalid later on
99959fa2f gpt: add verbose debug logging
f6b89ec31 gpt: improve validation of GPT headers
fa18d3a29 gpt: refuse to write to sector 0
b1ef48849 gpt: properly detect and repair invalid tables
9af98c2bf gptrepair_test: fix typo in cleanup trap
d457364d1 gptprio_test: check GPT is repaired when appropriate
3a3e45823 fix checking alternate_lba
72b178950 gpt: fix partition table indexing and validation
1d358a206 gpt: prefer disk size from header over firmware
2ed905dc0 gpt: add helper for picking a valid header
4af1d7a8b gptrepair: fix status checking
a794435ae gpt: use inline functions for checking status bits
38cc18531 gpt: allow repair function to noop
2aeadda52 gpt: do not use an enum for status bit values
34652e500 gpt: check header and entries status bits together
753dd9201 gpt: be more careful about relocating backup header
f1f618740 gpt: selectively update fields during repair
285368e37 gpt: always revalidate when recomputing checksums
f19f5cc49 gpt: include backup-in-sync check in revalidation
7b25acebc gpt: read entries table at the same time as the header
edd01f055 gpt: report all revalidation errors
176fe49cf gpt: rename and update documentation for grub_gpt_update
eb28d3208 gpt: write backup GPT first, skip if inaccessible.
03b547c21 Add verity hash passthrough
```
</details>

2792
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/files/grub-2.06-add-gpt-partition-scheme.patch vendored
View File

File diff suppressed because it is too large Load Diff

134
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/files/grub-2.06-add-verity-hash.patch vendored
View File

@ -1,134 +0,0 @@
From 14d4760aacb8896f99422c06d100e5231e09e797 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Thu, 24 Aug 2023 00:00:00 +0530
Subject: Add verity hash passthrough
Read the verity hash from the kernel binary and pass it to the running
system via the kernel command line
The patch is prepared using the coreos/grub PRs, picking the only
required ones, and dropping the others. The README.md file in the
coreos-overlay/sys-boot/grub/ contains more contexual information
along with the commits used to create the patch.
Authored-by: Matthew Garrett <mjg59@coreos.com>
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
---
grub-core/loader/arm64/linux.c | 6 +++-
grub-core/loader/i386/linux.c | 3 ++
include/grub/verity-hash.h | 51 ++++++++++++++++++++++++++++++++++
3 files changed, 59 insertions(+), 1 deletion(-)
create mode 100644 include/grub/verity-hash.h
diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c
index ef3e9f944..17bed4e15 100644
--- a/grub-core/loader/arm64/linux.c
+++ b/grub-core/loader/arm64/linux.c
@@ -34,6 +34,8 @@
#include <grub/lib/cmdline.h>
#include <grub/verify.h>
+#include <grub/verity-hash.h>
+
GRUB_MOD_LICENSE ("GPLv3+");
static grub_dl_t my_mod;
@@ -333,7 +335,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
grub_dprintf ("linux", "kernel @ %p\n", kernel_addr);
- cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE);
+ cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE)
+ + VERITY_CMDLINE_LENGTH;
linux_args = grub_malloc (cmdline_size);
if (!linux_args)
{
@@ -350,6 +353,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
if (grub_errno == GRUB_ERR_NONE)
{
+ grub_pass_verity_hash (kernel_addr, linux_args, cmdline_size);
grub_loader_set (grub_linux_boot, grub_linux_unload, 0);
loaded = 1;
}
diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
index 9f74a96b1..1c76ac5bf 100644
--- a/grub-core/loader/i386/linux.c
+++ b/grub-core/loader/i386/linux.c
@@ -38,6 +38,8 @@
#include <grub/machine/kernel.h>
#include <grub/safemath.h>
+#include <grub/verity-hash.h>
+
GRUB_MOD_LICENSE ("GPLv3+");
#ifdef GRUB_MACHINE_PCBIOS
@@ -1006,6 +1008,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
goto fail;
}
+ grub_pass_verity_hash(&lh, linux_cmdline, maximal_cmdline_size);
len = prot_file_size;
if (grub_file_read (file, prot_mode_mem, len) != len && !grub_errno)
grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
diff --git a/include/grub/verity-hash.h b/include/grub/verity-hash.h
new file mode 100644
index 000000000..448d9aff0
--- /dev/null
+++ b/include/grub/verity-hash.h
@@ -0,0 +1,51 @@
+/* CoreOS verity hash */
+
+#define VERITY_ARG " verity.usrhash="
+#define VERITY_ARG_LENGTH (sizeof (VERITY_ARG) - 1)
+#define VERITY_HASH_LENGTH 64
+#define VERITY_CMDLINE_LENGTH ((VERITY_ARG_LENGTH)+(VERITY_HASH_LENGTH))
+
+#if defined(__aarch64__)
+# define VERITY_HASH_OFFSET 512
+#elif defined(__i386__) || defined(__amd64__)
+# define VERITY_HASH_OFFSET 0x40
+#else
+# error Unsupported arch
+#endif
+
+
+/**
+ * grub_pass_verity_hash - Reads the CoreOS verity hash value from a well known
+ * kernel image offset and adds a kernel command line argument for it.
+ *
+ * @pImage: Kernel image buffer.
+ * @cmdline: Kernel command line buffer.
+ * @cmdline_max_len: Kernel command line buffer length.
+ */
+
+static inline void grub_pass_verity_hash(const void *pImage,
+ char *cmdline,
+ grub_size_t cmdline_max_len)
+{
+ const char *buf = pImage;
+ grub_size_t cmdline_len;
+ int i;
+
+ for (i=VERITY_HASH_OFFSET; i<VERITY_HASH_OFFSET + VERITY_HASH_LENGTH; i++)
+ {
+ if (buf[i] < '0' || buf[i] > '9') // Not a number
+ if (buf[i] < 'a' || buf[i] > 'f') // Not a hex letter
+ return;
+ }
+
+ cmdline_len = grub_strlen(cmdline);
+ if (cmdline_len + VERITY_CMDLINE_LENGTH > cmdline_max_len)
+ return;
+
+ grub_memcpy (cmdline + cmdline_len, VERITY_ARG, VERITY_ARG_LENGTH);
+ cmdline_len += VERITY_ARG_LENGTH;
+ grub_memcpy (cmdline + cmdline_len, buf + VERITY_HASH_OFFSET,
+ VERITY_HASH_LENGTH);
+ cmdline_len += VERITY_HASH_LENGTH;
+ cmdline[cmdline_len] = '\0';
+}
--
2.34.1

62
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/files/grub-2.06-fs-ext2-ignore-checksum-seed.patch vendored
View File

@ -1,62 +0,0 @@
https://bugs.gentoo.org/894200
https://git.savannah.gnu.org/cgit/grub.git/patch/?id=7fd5feff97c4b1f446f8fcf6d37aca0c64e7c763
From 7fd5feff97c4b1f446f8fcf6d37aca0c64e7c763 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Fri, 11 Jun 2021 21:36:16 +0200
Subject: fs/ext2: Ignore checksum seed incompat feature
This incompat feature is used to denote that the filesystem stored its
metadata checksum seed in the superblock. This is used to allow tune2fs
changing the UUID on a mounted metdata_csum filesystem without having
to rewrite all the disk metadata. However, the GRUB doesn't use the
metadata checksum at all. So, it can just ignore this feature if it
is enabled. This is consistent with the GRUB filesystem code in general
which just does a best effort to access the filesystem's data.
The checksum seed incompat feature has to be removed from the ignore
list if the support for metadata checksum verification is added to the
GRUB ext2 driver later.
Suggested-by: Eric Sandeen <esandeen@redhat.com>
Suggested-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/fs/ext2.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
index e7dd78e..4953a15 100644
--- a/grub-core/fs/ext2.c
+++ b/grub-core/fs/ext2.c
@@ -103,6 +103,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
#define EXT4_FEATURE_INCOMPAT_64BIT 0x0080
#define EXT4_FEATURE_INCOMPAT_MMP 0x0100
#define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200
+#define EXT4_FEATURE_INCOMPAT_CSUM_SEED 0x2000
#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000
/* The set of back-incompatible features this driver DOES support. Add (OR)
@@ -123,10 +124,15 @@ GRUB_MOD_LICENSE ("GPLv3+");
* mmp: Not really back-incompatible - was added as such to
* avoid multiple read-write mounts. Safe to ignore for this
* RO driver.
+ * checksum seed: Not really back-incompatible - was added to allow tools
+ * such as tune2fs to change the UUID on a mounted metadata
+ * checksummed filesystem. Safe to ignore for now since the
+ * driver doesn't support checksum verification. However, it
+ * has to be removed from this list if the support is added later.
*/
#define EXT2_DRIVER_IGNORED_INCOMPAT ( EXT3_FEATURE_INCOMPAT_RECOVER \
- | EXT4_FEATURE_INCOMPAT_MMP)
-
+ | EXT4_FEATURE_INCOMPAT_MMP \
+ | EXT4_FEATURE_INCOMPAT_CSUM_SEED)
#define EXT3_JOURNAL_MAGIC_NUMBER 0xc03b3998U
--
cgit v1.1

31
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/files/grub-2.06-gentpl.py-Remove-.interp-section-from-.img-files.patch vendored
View File

@ -1,31 +0,0 @@
From 28ad1f9b95799afc94fa178ec935e297da94cced Mon Sep 17 00:00:00 2001
From: Nicholas Vinson <nvinson234@gmail.com>
Date: Fri, 13 Jan 2023 02:56:35 -0500
Subject: [PATCH] gentpl.py: Remove .interp section from .img files.
Whn building .img files, a .interp section from the .image files will
sometimes be copied into the .img file. This additional section pushes
the .img file beyond the 512-byte limit and causes grub-install to fail
to run for i386-pc platforms.
Signed-off-by: Nicholas Vinson <nvinson234@gmail.com>
---
gentpl.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gentpl.py b/gentpl.py
index c86550d4f..823a8b5f8 100644
--- a/gentpl.py
+++ b/gentpl.py
@@ -766,7 +766,7 @@ def image(defn, platform):
if test x$(TARGET_APPLE_LINKER) = x1; then \
$(MACHO2IMG) $< $@; \
else \
- $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx $< $@; \
+ $(TARGET_OBJCOPY) $(""" + cname(defn) + """_OBJCOPYFLAGS) --strip-unneeded -R .note -R .comment -R .note.gnu.build-id -R .MIPS.abiflags -R .reginfo -R .rel.dyn -R .note.gnu.gold-version -R .note.gnu.property -R .ARM.exidx -R .interp $< $@; \
fi
""")
--
2.39.0

41
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/files/grub-2.06-grub-mkconfig-restore-umask.patch vendored
View File

@ -1,41 +0,0 @@
From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Fri, 3 Dec 2021 16:13:28 +0800
Subject: grub-mkconfig: Restore umask for the grub.cfg
The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating
configuration by grub-mkconfig) has inadvertently discarded umask for
creating grub.cfg in the process of running grub-mkconfig. The resulting
wrong permission (0644) would allow unprivileged users to read GRUB
configuration file content. This presents a low confidentiality risk
as grub.cfg may contain non-secured plain-text passwords.
This patch restores the missing umask and sets the creation file mode
to 0600 preventing unprivileged access.
Fixes: CVE-2021-3981
Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
util/grub-mkconfig.in | 3 +++
1 file changed, 3 insertions(+)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index c3ea761..62335d0 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report with
exit 1
else
# none of the children aborted with error, install the new grub.cfg
+ oldumask=$(umask)
+ umask 077
cat ${grub_cfg}.new > ${grub_cfg}
+ umask $oldumask
rm -f ${grub_cfg}.new
fi
fi
--
cgit v1.1

68
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/files/grub-2.06-locale.patch vendored
View File

@ -1,68 +0,0 @@
From 5983c2c6adf1c1bbb3ecd751253d1e898bdfd8a3 Mon Sep 17 00:00:00 2001
From: Michael Chang <mchang@suse.com>
Date: Tue, 26 Oct 2021 15:11:00 +0800
Subject: templates: Filter out POSIX locale for translation
The POSIX locale is default or native operating system's locale
identical to the C locale, so no translation to human speaking languages
are provided. For this reason we should filter out LANG=POSIX as well as
LANG=C upon generating grub.cfg to avoid looking up for it's gettext's
message catalogs that will consequently result in an unpleasant message:
error: file `/boot/grub/locale/POSIX.gmo' not found
Signed-off-by: Michael Chang <mchang@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
util/grub.d/00_header.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in
index 93a9023..f74c2a4 100644
--- a/util/grub.d/00_header.in
+++ b/util/grub.d/00_header.in
@@ -191,7 +191,7 @@ EOF
EOF
# Gettext variables and module
-if [ "x${LANG}" != "xC" ] && [ "x${LANG}" != "x" ]; then
+if [ "x${LANG}" != "xC" ] && [ "x${LANG}" != "xPOSIX" ] && [ "x${LANG}" != "x" ]; then
cat << EOF
set locale_dir=\$prefix/locale
set lang=${grub_lang}
--
cgit v1.1
From f42266a8a2a4215e4ffe419b8092bdf9ced33e8e Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Mon, 19 Sep 2022 15:31:28 +0200
Subject: templates: Filter C.UTF-8 locale for translation
In addition to C locale there is also C.UTF-8 locale now. Filter that as
well, by using ${grub_lang}, which contains a stripped value.
This fixes the following message and resulting boot failure:
error: file `/boot/grub/locale/C.gmo' not found.
Signed-off-by: Christian Hesse <mail@eworm.de>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
util/grub.d/00_header.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in
index f74c2a4..6a316a5 100644
--- a/util/grub.d/00_header.in
+++ b/util/grub.d/00_header.in
@@ -191,7 +191,7 @@ EOF
EOF
# Gettext variables and module
-if [ "x${LANG}" != "xC" ] && [ "x${LANG}" != "xPOSIX" ] && [ "x${LANG}" != "x" ]; then
+if [ "x${grub_lang}" != "xC" ] && [ "x${LANG}" != "xPOSIX" ] && [ "x${LANG}" != "x" ]; then
cat << EOF
set locale_dir=\$prefix/locale
set lang=${grub_lang}
--
cgit v1.1

49
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/files/grub-2.06-riscv.patch vendored
View File

@ -1,49 +0,0 @@
https://bugs.gentoo.org/905785
From 049efdd72eb7baa7b2bf8884391ee7fe650da5a0 Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Date: Sat, 29 Jan 2022 13:36:55 +0100
Subject: RISC-V: Adjust -march flags for binutils 2.38
As of version 2.38 binutils defaults to ISA specification version
2019-12-13. This version of the specification has has separated the
the csr read/write (csrr*/csrw*) instructions and the fence.i from
the I extension and put them into separate Zicsr and Zifencei
extensions.
This implies that we have to adjust the -march flag passed to the
compiler accordingly.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
configure.ac | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/configure.ac b/configure.ac
index 4f649ed..5c01af0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -870,11 +870,19 @@ if test x"$platform" != xemu ; then
CFLAGS="$TARGET_CFLAGS -march=rv32imac -mabi=ilp32 -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
[grub_cv_target_cc_soft_float="-march=rv32imac -mabi=ilp32"], [])
+ # ISA spec version 20191213 factored out extensions Zicsr and Zifencei
+ CFLAGS="$TARGET_CFLAGS -march=rv32imac_zicsr_zifencei -mabi=ilp32 -Werror"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
+ [grub_cv_target_cc_soft_float="-march=rv32imac_zicsr_zifencei -mabi=ilp32"], [])
fi
if test "x$target_cpu" = xriscv64; then
CFLAGS="$TARGET_CFLAGS -march=rv64imac -mabi=lp64 -Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
[grub_cv_target_cc_soft_float="-march=rv64imac -mabi=lp64"], [])
+ # ISA spec version 20191213 factored out extensions Zicsr and Zifencei
+ CFLAGS="$TARGET_CFLAGS -march=rv64imac_zicsr_zifencei -mabi=lp64 -Werror"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],
+ [grub_cv_target_cc_soft_float="-march=rv64imac_zicsr_zifencei -mabi=lp64"], [])
fi
if test "x$target_cpu" = xia64; then
CFLAGS="$TARGET_CFLAGS -mno-inline-float-divide -mno-inline-sqrt -Werror"
--
cgit v1.1

31
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/files/grub-2.12_rc1-util-grub.d-25_bli.in-fix-shebang-on-unmerged-usr.patch vendored
View File

@ -1,31 +0,0 @@
From f827aac60d760a026db642b9d5c1ecbf587cfefc Mon Sep 17 00:00:00 2001
From: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
Date: Mon, 10 Jul 2023 23:55:43 -0500
Subject: [PATCH] util/grub.d/25_bli.in: fix shebang on unmerged-usr
On an unmerged-usr system, grub-mkconfig errors out with the following
error due to /usr/bin/sh not existing:
/usr/sbin/grub-mkconfig: /etc/grub.d/25_bli: /usr/bin/sh: bad interpreter: No such file or directory
Use a /bin/sh shebang to fix the error as well as match the other
existing files.
Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
---
util/grub.d/25_bli.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/grub.d/25_bli.in b/util/grub.d/25_bli.in
index 6e4538716..26e27a019 100644
--- a/util/grub.d/25_bli.in
+++ b/util/grub.d/25_bli.in
@@ -1,4 +1,4 @@
-#!/usr/bin/sh
+#! /bin/sh
set -e
# grub-mkconfig helper script.
--
2.41.0

16
sdk_container/src/third_party/coreos-overlay/sys-boot/grub/grub-2.06-r7.ebuild → sdk_container/src/third_party/coreos-overlay/sys-boot/grub/grub-2.06-r9.ebuild vendored
View File

@ -54,26 +54,19 @@ if [[ ${PV} != 9999 ]]; then
"
S=${WORKDIR}/${P%_*}
fi
KEYWORDS="amd64 arm arm64 ~ia64 ppc ppc64 ~riscv sparc x86"
KEYWORDS="amd64 ~arm ~arm64 ~ia64 ~ppc ~ppc64 ~riscv ~sparc x86"
else
inherit git-r3
EGIT_REPO_URI="https://git.savannah.gnu.org/git/grub.git"
fi
SRC_URI+=" https://dev.gentoo.org/~floppym/dist/${P}-backports-r2.tar.xz"
SRC_URI+=" https://dev.gentoo.org/~floppym/dist/${P}-backports-r3.tar.xz"
PATCHES=(
"${WORKDIR}/${P}-backports"
"${FILESDIR}"/gfxpayload.patch
"${FILESDIR}"/grub-2.02_beta2-KERNEL_GLOBS.patch
"${FILESDIR}"/grub-2.06-test-words.patch
"${FILESDIR}"/grub-2.06-grub-mkconfig-restore-umask.patch
"${FILESDIR}"/grub-2.06-gentpl.py-Remove-.interp-section-from-.img-files.patch
"${FILESDIR}"/grub-2.06-fs-ext2-ignore-checksum-seed.patch
"${FILESDIR}"/grub-2.06-riscv.patch
"${FILESDIR}"/grub-2.06-locale.patch
"${FILESDIR}"/grub-2.06-add-verity-hash.patch
"${FILESDIR}"/grub-2.06-add-gpt-partition-scheme.patch
)
DEJAVU=dejavu-sans-ttf-2.37
@ -91,9 +84,6 @@ IUSE="device-mapper doc efiemu +fonts mount nls sdl test +themes truetype libzfs
GRUB_ALL_PLATFORMS=( coreboot efi-32 efi-64 emu ieee1275 loongson multiboot
qemu qemu-mips pc uboot xen xen-32 xen-pvh )
# Flatcar: Add arm64 to the list of platforms
GRUB_ALL_PLATFORMS+=( arm64 )
IUSE+=" ${GRUB_ALL_PLATFORMS[@]/#/grub_platforms_}"
REQUIRED_USE="
@ -109,7 +99,6 @@ BDEPEND="
sys-devel/bison
sys-apps/help2man
sys-apps/texinfo
grub_platforms_arm64? ( cross-aarch64-cros-linux-gnu/gcc )
fonts? (
media-libs/freetype:2
virtual/pkgconfig
@ -216,7 +205,6 @@ grub_configure() {
efi*) platform=efi ;;
xen-pvh) platform=xen_pvh ;;
xen*) platform=xen ;;
arm64*) platform=efi ;;
guessed) ;;
*) platform=${MULTIBUILD_VARIANT} ;;
esac