summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta-efi-secure-boot/recipes-bsp/grub/grub-efi/mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch50
-rw-r--r--meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.%.bbappend (renamed from meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend)0
2 files changed, 28 insertions, 22 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch
index 8a0588d..b4467c2 100644
--- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch
+++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch
@@ -1,4 +1,4 @@
1From 00fd7457c9d907800587e93f87fc5b6de68ba49e Mon Sep 17 00:00:00 2001 1From 69884cfde30dc876cda61714f1476a3d331bc2db Mon Sep 17 00:00:00 2001
2From: Lans Zhang <jia.zhang@windriver.com> 2From: Lans Zhang <jia.zhang@windriver.com>
3Date: Wed, 12 Jul 2017 16:02:13 +0800 3Date: Wed, 12 Jul 2017 16:02:13 +0800
4Subject: [PATCH] mok2verify: support to verify non-PE file with PKCS#7 4Subject: [PATCH] mok2verify: support to verify non-PE file with PKCS#7
@@ -30,6 +30,12 @@ grub-core/normal/main.c. The asm codes are x86 specified but aarch64 is
30supported by grub-efi now. 30supported by grub-efi now.
31 31
32Signed-off-by: Kai Kang <kai.kang@windriver.com> 32Signed-off-by: Kai Kang <kai.kang@windriver.com>
33
34Rebase patch for 2.0.4
35Add a parameter file type to grub_verify_linux function to adapt new
36grub_file_open function.
37
38Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
33--- 39---
34 grub-core/Makefile.core.def | 6 ++ 40 grub-core/Makefile.core.def | 6 ++
35 grub-core/commands/boot.c | 14 +++- 41 grub-core/commands/boot.c | 14 +++-
@@ -37,19 +43,19 @@ Signed-off-by: Kai Kang <kai.kang@windriver.com>
37 grub-core/lib/efi/mok2verify.c | 182 +++++++++++++++++++++++++++++++++++++++++ 43 grub-core/lib/efi/mok2verify.c | 182 +++++++++++++++++++++++++++++++++++++++++
38 grub-core/loader/i386/linux.c | 60 ++++++++++++++ 44 grub-core/loader/i386/linux.c | 60 ++++++++++++++
39 grub-core/loader/linux.c | 27 +++++- 45 grub-core/loader/linux.c | 27 +++++-
40 grub-core/normal/main.c | 62 +++++++++++++- 46 grub-core/normal/main.c | 53 +++++++++++-
41 grub-core/normal/menu.c | 31 +++++-- 47 grub-core/normal/menu.c | 31 +++++--
42 grub-core/normal/menu_text.c | 33 ++++++-- 48 grub-core/normal/menu_text.c | 33 ++++++--
43 include/grub/efi/mok2verify.h | 48 +++++++++++ 49 include/grub/efi/mok2verify.h | 48 +++++++++++
44 10 files changed, 472 insertions(+), 30 deletions(-) 50 10 files changed, 463 insertions(+), 30 deletions(-)
45 create mode 100644 grub-core/lib/efi/mok2verify.c 51 create mode 100644 grub-core/lib/efi/mok2verify.c
46 create mode 100644 include/grub/efi/mok2verify.h 52 create mode 100644 include/grub/efi/mok2verify.h
47 53
48diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def 54diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
49index a82c1f3..76b3c7d 100644 55index 18d2316..59a5cf1 100644
50--- a/grub-core/Makefile.core.def 56--- a/grub-core/Makefile.core.def
51+++ b/grub-core/Makefile.core.def 57+++ b/grub-core/Makefile.core.def
52@@ -1754,6 +1754,12 @@ module = { 58@@ -1870,6 +1870,12 @@ module = {
53 }; 59 };
54 60
55 module = { 61 module = {
@@ -155,7 +161,7 @@ index a4c8178..da49c9e 100644
155 self->text = grub_xasprintf (value, self->value); 161 self->text = grub_xasprintf (value, self->value);
156diff --git a/grub-core/lib/efi/mok2verify.c b/grub-core/lib/efi/mok2verify.c 162diff --git a/grub-core/lib/efi/mok2verify.c b/grub-core/lib/efi/mok2verify.c
157new file mode 100644 163new file mode 100644
158index 0000000..3865661 164index 0000000..790efa0
159--- /dev/null 165--- /dev/null
160+++ b/grub-core/lib/efi/mok2verify.c 166+++ b/grub-core/lib/efi/mok2verify.c
161@@ -0,0 +1,182 @@ 167@@ -0,0 +1,182 @@
@@ -342,26 +348,26 @@ index 0000000..3865661
342+ 348+
343+#pragma GCC diagnostic error "-Wvla" 349+#pragma GCC diagnostic error "-Wvla"
344diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c 350diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c
345index 083f941..486e420 100644 351index d0501e2..e684300 100644
346--- a/grub-core/loader/i386/linux.c 352--- a/grub-core/loader/i386/linux.c
347+++ b/grub-core/loader/i386/linux.c 353+++ b/grub-core/loader/i386/linux.c
348@@ -35,6 +35,9 @@ 354@@ -36,6 +36,9 @@
349 #include <grub/i18n.h>
350 #include <grub/lib/cmdline.h> 355 #include <grub/lib/cmdline.h>
351 #include <grub/linux.h> 356 #include <grub/linux.h>
357 #include <grub/machine/kernel.h>
352+#ifdef GRUB_MACHINE_EFI 358+#ifdef GRUB_MACHINE_EFI
353+#include <grub/efi/mok2verify.h> 359+#include <grub/efi/mok2verify.h>
354+#endif 360+#endif
355 361
356 GRUB_MOD_LICENSE ("GPLv3+"); 362 GRUB_MOD_LICENSE ("GPLv3+");
357 363
358@@ -673,6 +676,55 @@ grub_linux_unload (void) 364@@ -635,6 +638,55 @@ grub_linux_unload (void)
359 return GRUB_ERR_NONE; 365 return GRUB_ERR_NONE;
360 } 366 }
361 367
362+#ifdef GRUB_MACHINE_EFI 368+#ifdef GRUB_MACHINE_EFI
363+static grub_err_t 369+static grub_err_t
364+grub_verify_linux (const char *path) 370+grub_verify_linux (const char *path, enum grub_file_type type)
365+{ 371+{
366+ grub_file_t file; 372+ grub_file_t file;
367+ grub_ssize_t size; 373+ grub_ssize_t size;
@@ -369,7 +375,7 @@ index 083f941..486e420 100644
369+ 375+
370+ grub_dprintf ("linux", "Verifying kernel %s\n", path); 376+ grub_dprintf ("linux", "Verifying kernel %s\n", path);
371+ 377+
372+ file = grub_file_open (path); 378+ file = grub_file_open (path, type);
373+ if (!file) 379+ if (!file)
374+ return grub_errno; 380+ return grub_errno;
375+ 381+
@@ -402,7 +408,7 @@ index 083f941..486e420 100644
402+} 408+}
403+#else 409+#else
404+static grub_err_t 410+static grub_err_t
405+grub_verify_linux (const char *path) 411+grub_verify_linux (const char *path, enum grub_file_type type)
406+{ 412+{
407+ return GRUB_ERR_NONE; 413+ return GRUB_ERR_NONE;
408+} 414+}
@@ -411,17 +417,17 @@ index 083f941..486e420 100644
411 static grub_err_t 417 static grub_err_t
412 grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), 418 grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
413 int argc, char *argv[]) 419 int argc, char *argv[])
414@@ -695,6 +747,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), 420@@ -657,6 +709,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
415 goto fail; 421 goto fail;
416 } 422 }
417 423
418+ if (grub_verify_linux (argv[0])) 424+ if (grub_verify_linux (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL))
419+ goto fail; 425+ goto fail;
420+ 426+
421 file = grub_file_open (argv[0]); 427 file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL);
422 if (! file) 428 if (! file)
423 goto fail; 429 goto fail;
424@@ -1132,6 +1187,11 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), 430@@ -1114,6 +1169,11 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
425 fail: 431 fail:
426 grub_initrd_close (&initrd_ctx); 432 grub_initrd_close (&initrd_ctx);
427 433
@@ -434,7 +440,7 @@ index 083f941..486e420 100644
434 } 440 }
435 441
436diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c 442diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c
437index be6fa0f..edc6d24 100644 443index 471b214..bb312ac 100644
438--- a/grub-core/loader/linux.c 444--- a/grub-core/loader/linux.c
439+++ b/grub-core/loader/linux.c 445+++ b/grub-core/loader/linux.c
440@@ -4,6 +4,9 @@ 446@@ -4,6 +4,9 @@
@@ -493,7 +499,7 @@ index be6fa0f..edc6d24 100644
493+ return err; 499+ return err;
494 } 500 }
495diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c 501diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c
496index 78a70a8..b1340c7 100644 502index 1b03dfd..f48a549 100644
497--- a/grub-core/normal/main.c 503--- a/grub-core/normal/main.c
498+++ b/grub-core/normal/main.c 504+++ b/grub-core/normal/main.c
499@@ -33,6 +33,9 @@ 505@@ -33,6 +33,9 @@
@@ -612,7 +618,7 @@ index 78a70a8..b1340c7 100644
612 /* Reload terminal colors when these variables are written to. */ 618 /* Reload terminal colors when these variables are written to. */
613 grub_register_variable_hook ("color_normal", NULL, grub_env_write_color_normal); 619 grub_register_variable_hook ("color_normal", NULL, grub_env_write_color_normal);
614diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c 620diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
615index 719e2fb..0665abc 100644 621index d5e0c79..512f710 100644
616--- a/grub-core/normal/menu.c 622--- a/grub-core/normal/menu.c
617+++ b/grub-core/normal/menu.c 623+++ b/grub-core/normal/menu.c
618@@ -32,6 +32,9 @@ 624@@ -32,6 +32,9 @@
@@ -625,7 +631,7 @@ index 719e2fb..0665abc 100644
625 631
626 /* Time to delay after displaying an error message about a default/fallback 632 /* Time to delay after displaying an error message about a default/fallback
627 entry failing to boot. */ 633 entry failing to boot. */
628@@ -772,18 +775,30 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) 634@@ -773,18 +776,30 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot)
629 break; 635 break;
630 636
631 case 'c': 637 case 'c':
@@ -782,5 +788,5 @@ index 0000000..98ef2d4
782+ 788+
783+#endif /* ! GRUB_EFI_MOK2_VERIFY_HEADER */ 789+#endif /* ! GRUB_EFI_MOK2_VERIFY_HEADER */
784-- 790--
7852.7.5 7912.7.4
786 792
diff --git a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.%.bbappend
index da3fda9..da3fda9 100644
--- a/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.02.bbappend
+++ b/meta-efi-secure-boot/recipes-bsp/grub/grub-efi_2.%.bbappend
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-10-27 12:26:21 +0000