diff options
2 files changed, 32 insertions, 20 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/0001-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/0001-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch index 249f66a..5d26d66 100644 --- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/0001-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch +++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/0001-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch | |||
| @@ -13,18 +13,33 @@ verify the identity of the executable image when utilizing a shim | |||
| 13 | to boot LUV. | 13 | to boot LUV. |
| 14 | 14 | ||
| 15 | Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> | 15 | Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com> |
| 16 | |||
| 17 | Add definitions of macros IMAGE_FILE_MACHINE_* which is involved by | ||
| 18 | 0004-efi-chainloader-port-shim-to-grub.patch. | ||
| 19 | |||
| 20 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
| 16 | --- | 21 | --- |
| 17 | include/grub/efi/pe32.h | 36 ++++++++++++++++++++++++++++++++++++ | 22 | include/grub/efi/pe32.h | 46 ++++++++++++++++++++++++++++++++++++++++++++++ |
| 18 | 1 file changed, 36 insertions(+) | 23 | 1 file changed, 46 insertions(+) |
| 19 | 24 | ||
| 20 | diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h | 25 | diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h |
| 21 | index c3efa9b..c1c3483 100644 | 26 | index f79c36c..23afc68 100644 |
| 22 | --- a/include/grub/efi/pe32.h | 27 | --- a/include/grub/efi/pe32.h |
| 23 | +++ b/include/grub/efi/pe32.h | 28 | +++ b/include/grub/efi/pe32.h |
| 24 | @@ -313,4 +313,40 @@ struct grub_pe32_reloc | 29 | @@ -317,4 +317,50 @@ struct grub_pe32_reloc |
| 25 | #define GRUB_PE32_REL_I386_DIR32 0x6 | 30 | #define GRUB_PE32_REL_I386_DIR32 0x6 |
| 26 | #define GRUB_PE32_REL_I386_REL32 0x14 | 31 | #define GRUB_PE32_REL_I386_REL32 0x14 |
| 27 | 32 | ||
| 33 | +// | ||
| 34 | +// PE32+ Machine type for EFI images | ||
| 35 | +// | ||
| 36 | +#define IMAGE_FILE_MACHINE_I386 0x014c | ||
| 37 | +#define IMAGE_FILE_MACHINE_IA64 0x0200 | ||
| 38 | +#define IMAGE_FILE_MACHINE_EBC 0x0EBC | ||
| 39 | +#define IMAGE_FILE_MACHINE_X64 0x8664 | ||
| 40 | +#define IMAGE_FILE_MACHINE_ARMTHUMB_MIXED 0x01c2 | ||
| 41 | +#define IMAGE_FILE_MACHINE_ARM64 0xaa64 | ||
| 42 | + | ||
| 28 | +struct grub_te_header | 43 | +struct grub_te_header |
| 29 | +{ | 44 | +{ |
| 30 | + grub_uint16_t signature; | 45 | + grub_uint16_t signature; |
diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch index 4478899..f03e772 100644 --- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch +++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch | |||
| @@ -24,6 +24,12 @@ to prevent from tampering the kernel commandline or booting unsigned | |||
| 24 | kernel. | 24 | kernel. |
| 25 | 25 | ||
| 26 | Signed-off-by: Lans Zhang <jia.zhang@windriver.com> | 26 | Signed-off-by: Lans Zhang <jia.zhang@windriver.com> |
| 27 | |||
| 28 | Replace asm codes to halt system with function grub_halt() in | ||
| 29 | grub-core/normal/main.c. The asm codes are x86 specified but aarch64 is | ||
| 30 | supported by grub-efi now. | ||
| 31 | |||
| 32 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
| 27 | --- | 33 | --- |
| 28 | grub-core/Makefile.core.def | 6 ++ | 34 | grub-core/Makefile.core.def | 6 ++ |
| 29 | grub-core/commands/boot.c | 14 +++- | 35 | grub-core/commands/boot.c | 14 +++- |
| @@ -487,7 +493,7 @@ index be6fa0f..edc6d24 100644 | |||
| 487 | + return err; | 493 | + return err; |
| 488 | } | 494 | } |
| 489 | diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c | 495 | diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c |
| 490 | index 78a70a8..1058c97 100644 | 496 | index 78a70a8..b1340c7 100644 |
| 491 | --- a/grub-core/normal/main.c | 497 | --- a/grub-core/normal/main.c |
| 492 | +++ b/grub-core/normal/main.c | 498 | +++ b/grub-core/normal/main.c |
| 493 | @@ -33,6 +33,9 @@ | 499 | @@ -33,6 +33,9 @@ |
| @@ -544,7 +550,7 @@ index 78a70a8..1058c97 100644 | |||
| 544 | static void | 550 | static void |
| 545 | read_lists (const char *val) | 551 | read_lists (const char *val) |
| 546 | { | 552 | { |
| 547 | @@ -273,6 +291,24 @@ grub_normal_execute (const char *config, int nested, int batch) | 553 | @@ -273,6 +291,20 @@ grub_normal_execute (const char *config, int nested, int batch) |
| 548 | 554 | ||
| 549 | if (config) | 555 | if (config) |
| 550 | { | 556 | { |
| @@ -558,18 +564,14 @@ index 78a70a8..1058c97 100644 | |||
| 558 | + grub_print_error (); | 564 | + grub_print_error (); |
| 559 | + | 565 | + |
| 560 | + /* System halt. */ | 566 | + /* System halt. */ |
| 561 | + asm volatile ("cli"); | 567 | + grub_halt(); |
| 562 | + while (1) | ||
| 563 | + { | ||
| 564 | + asm volatile ("hlt"); | ||
| 565 | + } | ||
| 566 | + } | 568 | + } |
| 567 | +#endif | 569 | +#endif |
| 568 | + | 570 | + |
| 569 | menu = read_config_file (config); | 571 | menu = read_config_file (config); |
| 570 | 572 | ||
| 571 | /* Ignore any error. */ | 573 | /* Ignore any error. */ |
| 572 | @@ -302,7 +338,10 @@ grub_enter_normal_mode (const char *config) | 574 | @@ -302,7 +334,10 @@ grub_enter_normal_mode (const char *config) |
| 573 | nested_level++; | 575 | nested_level++; |
| 574 | grub_normal_execute (config, 0, 0); | 576 | grub_normal_execute (config, 0, 0); |
| 575 | grub_boot_time ("Entering shell"); | 577 | grub_boot_time ("Entering shell"); |
| @@ -581,7 +583,7 @@ index 78a70a8..1058c97 100644 | |||
| 581 | nested_level--; | 583 | nested_level--; |
| 582 | if (grub_normal_exit_level) | 584 | if (grub_normal_exit_level) |
| 583 | grub_normal_exit_level--; | 585 | grub_normal_exit_level--; |
| 584 | @@ -338,6 +377,18 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), | 586 | @@ -338,6 +373,13 @@ grub_cmd_normal (struct grub_command *cmd __attribute__ ((unused)), |
| 585 | grub_enter_normal_mode (argv[0]); | 587 | grub_enter_normal_mode (argv[0]); |
| 586 | 588 | ||
| 587 | quit: | 589 | quit: |
| @@ -589,18 +591,13 @@ index 78a70a8..1058c97 100644 | |||
| 589 | + if (grub_is_secured () == 1) | 591 | + if (grub_is_secured () == 1) |
| 590 | + { | 592 | + { |
| 591 | + /* Never return back to the rescue mode */ | 593 | + /* Never return back to the rescue mode */ |
| 592 | + asm volatile ("cli"); | 594 | + grub_halt(); |
| 593 | + | ||
| 594 | + while (1) | ||
| 595 | + { | ||
| 596 | + asm volatile ("hlt"); | ||
| 597 | + } | ||
| 598 | + } | 595 | + } |
| 599 | +#endif | 596 | +#endif |
| 600 | return 0; | 597 | return 0; |
| 601 | } | 598 | } |
| 602 | 599 | ||
| 603 | @@ -525,8 +576,11 @@ GRUB_MOD_INIT(normal) | 600 | @@ -525,8 +567,11 @@ GRUB_MOD_INIT(normal) |
| 604 | /* Register a command "normal" for the rescue mode. */ | 601 | /* Register a command "normal" for the rescue mode. */ |
| 605 | grub_register_command ("normal", grub_cmd_normal, | 602 | grub_register_command ("normal", grub_cmd_normal, |
| 606 | 0, N_("Enter normal mode.")); | 603 | 0, N_("Enter normal mode.")); |