diff options
Diffstat (limited to 'sys-boot/grub/files')
| -rw-r--r-- | sys-boot/grub/files/01-gfxpayload.patch (renamed from sys-boot/grub/files/05-gfxpayload.patch) | 0 | ||||
| -rw-r--r-- | sys-boot/grub/files/01-xfs-accept-filesystem-with-sparse-inodes.patch | 63 | ||||
| -rw-r--r-- | sys-boot/grub/files/02-KERNEL_GLOBS.patch (renamed from sys-boot/grub/files/06-KERNEL_GLOBS.patch) | 0 | ||||
| -rw-r--r-- | sys-boot/grub/files/02-support-multiple-early-initrd-images.patch | 180 | ||||
| -rw-r--r-- | sys-boot/grub/files/03-relocation.patch | 65 | ||||
| -rw-r--r-- | sys-boot/grub/files/03-sparc64-bios-boot.patch | 50 | ||||
| -rw-r--r-- | sys-boot/grub/files/04-Fix-packed-not-aligned-error-on-GCC-8.patch | 72 | ||||
| -rw-r--r-- | sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch | 140 | ||||
| -rw-r--r-- | sys-boot/grub/files/08-find-freetype.patch | 114 |
9 files changed, 50 insertions, 634 deletions
diff --git a/sys-boot/grub/files/05-gfxpayload.patch b/sys-boot/grub/files/01-gfxpayload.patch index 6c63ef88..6c63ef88 100644 --- a/sys-boot/grub/files/05-gfxpayload.patch +++ b/sys-boot/grub/files/01-gfxpayload.patch diff --git a/sys-boot/grub/files/01-xfs-accept-filesystem-with-sparse-inodes.patch b/sys-boot/grub/files/01-xfs-accept-filesystem-with-sparse-inodes.patch deleted file mode 100644 index f18553dc..00000000 --- a/sys-boot/grub/files/01-xfs-accept-filesystem-with-sparse-inodes.patch +++ /dev/null @@ -1,63 +0,0 @@ -Source/Upstream: Yes, fixed in git master -Reason: xfs: Accept filesystem with sparse inodes - -From cda0a857dd7a27cd5d621747464bfe71e8727fff Mon Sep 17 00:00:00 2001 -From: Daniel Kiper <daniel.kiper@oracle.com> -Date: Tue, 29 May 2018 16:16:02 +0200 -Subject: xfs: Accept filesystem with sparse inodes - -The sparse inode metadata format became a mkfs.xfs default in -xfsprogs-4.16.0, and such filesystems are now rejected by grub as -containing an incompatible feature. - -In essence, this feature allows xfs to allocate inodes into fragmented -freespace. (Without this feature, if xfs could not allocate contiguous -space for 64 new inodes, inode creation would fail.) - -In practice, the disk format change is restricted to the inode btree, -which as far as I can tell is not used by grub. If all you're doing -today is parsing a directory, reading an inode number, and converting -that inode number to a disk location, then ignoring this feature -should be fine, so I've added it to XFS_SB_FEAT_INCOMPAT_SUPPORTED - -I did some brief testing of this patch by hacking up the regression -tests to completely fragment freespace on the test xfs filesystem, and -then write a large-ish number of inodes to consume any existing -contiguous 64-inode chunk. This way any files the grub tests add and -traverse would be in such a fragmented inode allocation. Tests passed, -but I'm not sure how to cleanly integrate that into the test harness. - -Signed-off-by: Eric Sandeen <sandeen@redhat.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> -Tested-by: Chris Murphy <lists@colorremedies.com> ---- - grub-core/fs/xfs.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c -index c6031bd..3b00c74 100644 ---- a/grub-core/fs/xfs.c -+++ b/grub-core/fs/xfs.c -@@ -79,9 +79,18 @@ GRUB_MOD_LICENSE ("GPLv3+"); - #define XFS_SB_FEAT_INCOMPAT_SPINODES (1 << 1) /* sparse inode chunks */ - #define XFS_SB_FEAT_INCOMPAT_META_UUID (1 << 2) /* metadata UUID */ - --/* We do not currently verify metadata UUID so it is safe to read such filesystem */ -+/* -+ * Directory entries with ftype are explicitly handled by GRUB code. -+ * -+ * We do not currently read the inode btrees, so it is safe to read filesystems -+ * with the XFS_SB_FEAT_INCOMPAT_SPINODES feature. -+ * -+ * We do not currently verify metadata UUID, so it is safe to read filesystems -+ * with the XFS_SB_FEAT_INCOMPAT_META_UUID feature. -+ */ - #define XFS_SB_FEAT_INCOMPAT_SUPPORTED \ - (XFS_SB_FEAT_INCOMPAT_FTYPE | \ -+ XFS_SB_FEAT_INCOMPAT_SPINODES | \ - XFS_SB_FEAT_INCOMPAT_META_UUID) - - struct grub_xfs_sblock --- -cgit v1.0-41-gc330 - diff --git a/sys-boot/grub/files/06-KERNEL_GLOBS.patch b/sys-boot/grub/files/02-KERNEL_GLOBS.patch index c66ee68d..c66ee68d 100644 --- a/sys-boot/grub/files/06-KERNEL_GLOBS.patch +++ b/sys-boot/grub/files/02-KERNEL_GLOBS.patch diff --git a/sys-boot/grub/files/02-support-multiple-early-initrd-images.patch b/sys-boot/grub/files/02-support-multiple-early-initrd-images.patch deleted file mode 100644 index 4e17549c..00000000 --- a/sys-boot/grub/files/02-support-multiple-early-initrd-images.patch +++ /dev/null @@ -1,180 +0,0 @@ -Source/Upstream: Yes, fixed in git master -Reason: Support multiple early initrd images - -From a698240df0c43278b2d1d7259c8e7a6926c63112 Mon Sep 17 00:00:00 2001 -From: "Matthew S. Turnbull" <sparky@bluefang-logic.com> -Date: Sat, 24 Feb 2018 17:44:58 -0500 -Subject: grub-mkconfig/10_linux: Support multiple early initrd images - -Add support for multiple, shared, early initrd images. These early -images will be loaded in the order declared, and all will be loaded -before the initrd image. - -While many classes of data can be provided by early images, the -immediate use case would be for distributions to provide CPU -microcode to mitigate the Meltdown and Spectre vulnerabilities. - -There are two environment variables provided for declaring the early -images. - -* GRUB_EARLY_INITRD_LINUX_STOCK is for the distribution declare - images that are provided by the distribution or installed packages. - If undeclared, this will default to a set of common microcode image - names. - -* GRUB_EARLY_INITRD_LINUX_CUSTOM is for user created images. User - images will be loaded after the stock images. - -These separate configurations allow the distribution and user to -declare different image sets without clobbering each other. - -This also makes a minor update to ensure that UUID partition labels -stay disabled when no initrd image is found, even if early images are -present. - -This is a continuation of a previous patch published by Christian -Hesse in 2016: -http://lists.gnu.org/archive/html/grub-devel/2016-02/msg00025.html - -Down stream Gentoo bug: -https://bugs.gentoo.org/645088 - -Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> -Signed-off-by: Matthew S. Turnbull <sparky@bluefang-logic.com> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> ---- - docs/grub.texi | 19 +++++++++++++++++++ - util/grub-mkconfig.in | 8 ++++++++ - util/grub.d/10_linux.in | 33 +++++++++++++++++++++++++++------ - 3 files changed, 54 insertions(+), 6 deletions(-) - -diff --git a/docs/grub.texi b/docs/grub.texi -index 137b894..65b4bbe 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -1398,6 +1398,25 @@ for all respectively normal entries. - The values of these options replace the values of @samp{GRUB_CMDLINE_LINUX} - and @samp{GRUB_CMDLINE_LINUX_DEFAULT} for Linux and Xen menu entries. - -+@item GRUB_EARLY_INITRD_LINUX_CUSTOM -+@itemx GRUB_EARLY_INITRD_LINUX_STOCK -+List of space-separated early initrd images to be loaded from @samp{/boot}. -+This is for loading things like CPU microcode, firmware, ACPI tables, crypto -+keys, and so on. These early images will be loaded in the order declared, -+and all will be loaded before the actual functional initrd image. -+ -+@samp{GRUB_EARLY_INITRD_LINUX_STOCK} is for your distribution to declare -+images that are provided by the distribution. It should not be modified -+without understanding the consequences. They will be loaded first. -+ -+@samp{GRUB_EARLY_INITRD_LINUX_CUSTOM} is for your custom created images. -+ -+The default stock images are as follows, though they may be overridden by -+your distribution: -+@example -+intel-uc.img intel-ucode.img amd-uc.img amd-ucode.img early_ucode.cpio microcode.cpio -+@end example -+ - @item GRUB_DISABLE_LINUX_UUID - Normally, @command{grub-mkconfig} will generate menu entries that use - universally-unique identifiers (UUIDs) to identify the root filesystem to -diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index f8496d2..35ef583 100644 ---- a/util/grub-mkconfig.in -+++ b/util/grub-mkconfig.in -@@ -147,6 +147,12 @@ if [ x"$GRUB_FS" = xunknown ]; then - GRUB_FS="$(stat -f --printf=%T / || echo unknown)" - fi - -+# Provide a default set of stock linux early initrd images. -+# Define here so the list can be modified in the sourced config file. -+if [ "x${GRUB_EARLY_INITRD_LINUX_STOCK}" = "x" ]; then -+ GRUB_EARLY_INITRD_LINUX_STOCK="intel-uc.img intel-ucode.img amd-uc.img amd-ucode.img early_ucode.cpio microcode.cpio" -+fi -+ - if test -f ${sysconfdir}/default/grub ; then - . ${sysconfdir}/default/grub - fi -@@ -211,6 +217,8 @@ export GRUB_DEFAULT \ - GRUB_CMDLINE_NETBSD \ - GRUB_CMDLINE_NETBSD_DEFAULT \ - GRUB_CMDLINE_GNUMACH \ -+ GRUB_EARLY_INITRD_LINUX_CUSTOM \ -+ GRUB_EARLY_INITRD_LINUX_STOCK \ - GRUB_TERMINAL_INPUT \ - GRUB_TERMINAL_OUTPUT \ - GRUB_SERIAL_COMMAND \ -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index de9044c..faedf74 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -136,9 +136,13 @@ EOF - if test -n "${initrd}" ; then - # TRANSLATORS: ramdisk isn't identifier. Should be translated. - message="$(gettext_printf "Loading initial ramdisk ...")" -+ initrd_path= -+ for i in ${initrd}; do -+ initrd_path="${initrd_path} ${rel_dirname}/${i}" -+ done - sed "s/^/$submenu_indentation/" << EOF - echo '$(echo "$message" | grub_quote)' -- initrd ${rel_dirname}/${initrd} -+ initrd $(echo $initrd_path) - EOF - fi - sed "s/^/$submenu_indentation/" << EOF -@@ -188,7 +192,15 @@ while [ "x$list" != "x" ] ; do - alt_version=`echo $version | sed -e "s,\.old$,,g"` - linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" - -- initrd= -+ initrd_early= -+ for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \ -+ ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do -+ if test -e "${dirname}/${i}" ; then -+ initrd_early="${initrd_early} ${i}" -+ fi -+ done -+ -+ initrd_real= - for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ - "initrd-${version}" "initramfs-${version}.img" \ - "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ -@@ -198,11 +210,22 @@ while [ "x$list" != "x" ] ; do - "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ - "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do - if test -e "${dirname}/${i}" ; then -- initrd="$i" -+ initrd_real="${i}" - break - fi - done - -+ initrd= -+ if test -n "${initrd_early}" || test -n "${initrd_real}"; then -+ initrd="${initrd_early} ${initrd_real}" -+ -+ initrd_display= -+ for i in ${initrd}; do -+ initrd_display="${initrd_display} ${dirname}/${i}" -+ done -+ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 -+ fi -+ - config= - for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do - if test -e "${i}" ; then -@@ -216,9 +239,7 @@ while [ "x$list" != "x" ] ; do - initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"` - fi - -- if test -n "${initrd}" ; then -- gettext_printf "Found initrd image: %s\n" "${dirname}/${initrd}" >&2 -- elif test -z "${initramfs}" ; then -+ if test -z "${initramfs}" && test -z "${initrd_real}" ; then - # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's - # no initrd or builtin initramfs, it can't work here. - linux_root_device_thisversion=${GRUB_DEVICE} --- -cgit v1.0-41-gc330 - diff --git a/sys-boot/grub/files/03-relocation.patch b/sys-boot/grub/files/03-relocation.patch deleted file mode 100644 index 1aeae684..00000000 --- a/sys-boot/grub/files/03-relocation.patch +++ /dev/null @@ -1,65 +0,0 @@ -commit 842c390469e2c2e10b5aa36700324cd3bde25875 -Author: H.J. Lu <hjl.tools@gmail.com> -Date: Sat Feb 17 06:47:28 2018 -0800 - - x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32 - - Starting from binutils commit bd7ab16b4537788ad53521c45469a1bdae84ad4a: - - https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd7ab16b4537788ad53521c45469a1bdae84ad4a - - x86-64 assembler generates R_X86_64_PLT32, instead of R_X86_64_PC32, for - 32-bit PC-relative branches. Grub2 should treat R_X86_64_PLT32 as - R_X86_64_PC32. - - Signed-off-by: H.J. Lu <hjl.tools@gmail.com> - Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> - -diff --git a/grub-core/efiemu/i386/loadcore64.c b/grub-core/efiemu/i386/loadcore64.c -index e49d0b6ff..18facf47f 100644 ---- a/grub-core/efiemu/i386/loadcore64.c -+++ b/grub-core/efiemu/i386/loadcore64.c -@@ -98,6 +98,7 @@ grub_arch_efiemu_relocate_symbols64 (grub_efiemu_segment_t segs, - break; - - case R_X86_64_PC32: -+ case R_X86_64_PLT32: - err = grub_efiemu_write_value (addr, - *addr32 + rel->r_addend - + sym.off -diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c -index 440690673..3a73e6e6c 100644 ---- a/grub-core/kern/x86_64/dl.c -+++ b/grub-core/kern/x86_64/dl.c -@@ -70,6 +70,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, - break; - - case R_X86_64_PC32: -+ case R_X86_64_PLT32: - { - grub_int64_t value; - value = ((grub_int32_t) *addr32) + rel->r_addend + sym->st_value - -diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c -index a2bb05439..39d7efb91 100644 ---- a/util/grub-mkimagexx.c -+++ b/util/grub-mkimagexx.c -@@ -841,6 +841,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections, - break; - - case R_X86_64_PC32: -+ case R_X86_64_PLT32: - { - grub_uint32_t *t32 = (grub_uint32_t *) target; - *t32 = grub_host_to_target64 (grub_target_to_host32 (*t32) -diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c -index 9179285a5..a79271f66 100644 ---- a/util/grub-module-verifier.c -+++ b/util/grub-module-verifier.c -@@ -19,6 +19,7 @@ struct grub_module_verifier_arch archs[] = { - -1 - }, (int[]){ - R_X86_64_PC32, -+ R_X86_64_PLT32, - -1 - } - }, diff --git a/sys-boot/grub/files/03-sparc64-bios-boot.patch b/sys-boot/grub/files/03-sparc64-bios-boot.patch new file mode 100644 index 00000000..8fd00d49 --- /dev/null +++ b/sys-boot/grub/files/03-sparc64-bios-boot.patch @@ -0,0 +1,50 @@ +From 4e75b2ae313b13b5bfb54cc5e5c53368d6eb2a08 Mon Sep 17 00:00:00 2001 +From: James Clarke <jrtc27@jrtc27.com> +Date: Thu, 18 Jul 2019 14:31:55 +0200 +Subject: [PATCH] sparc64: Fix BIOS Boot Partition support + +Currently, gpt_offset is uninitialised when using a BIOS Boot Partition +but is used unconditionally inside save_blocklists. Instead, ensure it +is always initialised to 0 (note that there is already separate code to +do the equivalent adjustment after we call save_blocklists on this code +path). + +This patch has been tested on a T5-2 LDOM. + +Signed-off-by: James Clarke <jrtc27@jrtc27.com> +Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> +Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com> +Reviewed-by: Eric Snowberg <eric.snowberg@oracle.com> + +--- + util/setup.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) +--- + util/setup.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/util/setup.c b/util/setup.c +index 6f88f3c..3be88aa 100644 +--- a/util/setup.c ++++ b/util/setup.c +@@ -271,6 +271,9 @@ SETUP (const char *dir, + bl.current_segment = + GRUB_BOOT_I386_PC_KERNEL_SEG + (GRUB_DISK_SECTOR_SIZE >> 4); + #endif ++#ifdef GRUB_SETUP_SPARC64 ++ bl.gpt_offset = 0; ++#endif + bl.last_length = 0; + + /* Read the boot image by the OS service. */ +@@ -730,7 +733,6 @@ unable_to_embed: + #ifdef GRUB_SETUP_SPARC64 + { + grub_partition_t container = root_dev->disk->partition; +- bl.gpt_offset = 0; + + if (grub_strstr (container->partmap->name, "gpt")) + bl.gpt_offset = grub_partition_get_start (container); +-- +cgit v1.0-41-gc330 + diff --git a/sys-boot/grub/files/04-Fix-packed-not-aligned-error-on-GCC-8.patch b/sys-boot/grub/files/04-Fix-packed-not-aligned-error-on-GCC-8.patch deleted file mode 100644 index 2d09149f..00000000 --- a/sys-boot/grub/files/04-Fix-packed-not-aligned-error-on-GCC-8.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 563b1da6e6ae7af46cc8354cadb5dab416989f0a Mon Sep 17 00:00:00 2001 -From: Michael Chang <mchang@suse.com> -Date: Mon, 26 Mar 2018 16:52:34 +0800 -Subject: Fix packed-not-aligned error on GCC 8 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -When building with GCC 8, there are several errors regarding packed-not-aligned. - -./include/grub/gpt_partition.h:79:1: error: alignment 1 of ‘struct grub_gpt_partentry’ is less than 8 [-Werror=packed-not-aligned] - -This patch fixes the build error by cleaning up the ambiguity of placing -aligned structure in a packed one. In "struct grub_btrfs_time" and "struct -grub_gpt_part_type", the aligned attribute seems to be superfluous, and also -has to be packed, to ensure the structure is bit-to-bit mapped to the format -laid on disk. I think we could blame to copy and paste error here for the -mistake. In "struct efi_variable", we have to use grub_efi_packed_guid_t, as -the name suggests. :) - -Signed-off-by: Michael Chang <mchang@suse.com> -Tested-by: Michael Chang <mchang@suse.com> -Tested-by: Paul Menzel <paulepanter@users.sourceforge.net> -Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> ---- - grub-core/fs/btrfs.c | 2 +- - include/grub/efiemu/runtime.h | 2 +- - include/grub/gpt_partition.h | 2 +- - 3 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c -index 4849c1ceb..be195448d 100644 ---- a/grub-core/fs/btrfs.c -+++ b/grub-core/fs/btrfs.c -@@ -175,7 +175,7 @@ struct grub_btrfs_time - { - grub_int64_t sec; - grub_uint32_t nanosec; --} __attribute__ ((aligned (4))); -+} GRUB_PACKED; - - struct grub_btrfs_inode - { -diff --git a/include/grub/efiemu/runtime.h b/include/grub/efiemu/runtime.h -index 9b6b729f4..36d2dedf4 100644 ---- a/include/grub/efiemu/runtime.h -+++ b/include/grub/efiemu/runtime.h -@@ -29,7 +29,7 @@ struct grub_efiemu_ptv_rel - - struct efi_variable - { -- grub_efi_guid_t guid; -+ grub_efi_packed_guid_t guid; - grub_uint32_t namelen; - grub_uint32_t size; - grub_efi_uint32_t attributes; -diff --git a/include/grub/gpt_partition.h b/include/grub/gpt_partition.h -index 1b32f6725..9668a68c3 100644 ---- a/include/grub/gpt_partition.h -+++ b/include/grub/gpt_partition.h -@@ -28,7 +28,7 @@ struct grub_gpt_part_type - grub_uint16_t data2; - grub_uint16_t data3; - grub_uint8_t data4[8]; --} __attribute__ ((aligned(8))); -+} GRUB_PACKED; - typedef struct grub_gpt_part_type grub_gpt_part_type_t; - - #define GRUB_GPT_PARTITION_TYPE_EMPTY \ --- -cgit v1.1-33-g03f6 - diff --git a/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch b/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch deleted file mode 100644 index 22d62926..00000000 --- a/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 734668238fcc0ef691a080839e04f33854fa133a Mon Sep 17 00:00:00 2001 -From: Eric Biggers <ebiggers@google.com> -Date: Thu, 29 Jun 2017 13:27:49 +0000 -Subject: Allow GRUB to mount ext2/3/4 filesystems that have the encryption - feature. - -On such a filesystem, inodes may have EXT4_ENCRYPT_FLAG set. -For a regular file, this means its contents are encrypted; for a -directory, this means the filenames in its directory entries are -encrypted; and for a symlink, this means its target is encrypted. Since -GRUB cannot decrypt encrypted contents or filenames, just issue an error -if it would need to do so. This is sufficient to allow unencrypted boot -files to co-exist with encrypted files elsewhere on the filesystem. - -(Note that encrypted regular files and symlinks will not normally be -encountered outside an encrypted directory; however, it's possible via -hard links, so they still need to be handled.) - -Tested by booting from an ext4 /boot partition on which I had run -'tune2fs -O encrypt'. I also verified that the expected error messages -are printed when trying to access encrypted directories, files, and -symlinks from the GRUB command line. Also ran 'sudo ./grub-fs-tester -ext4_encrypt'; note that this requires e2fsprogs v1.43+ and Linux v4.1+. - -Signed-off-by: Eric Biggers <ebiggers@google.com> ---- - grub-core/fs/ext2.c | 23 ++++++++++++++++++++++- - tests/ext234_test.in | 1 + - tests/util/grub-fs-tester.in | 10 ++++++++++ - 3 files changed, 33 insertions(+), 1 deletion(-) - -diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c -index cdce63b..b8ad75a 100644 ---- a/grub-core/fs/ext2.c -+++ b/grub-core/fs/ext2.c -@@ -102,6 +102,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - #define EXT4_FEATURE_INCOMPAT_64BIT 0x0080 - #define EXT4_FEATURE_INCOMPAT_MMP 0x0100 - #define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200 -+#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000 - - /* The set of back-incompatible features this driver DOES support. Add (OR) - * flags here as the related features are implemented into the driver. */ -@@ -109,7 +110,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); - | EXT4_FEATURE_INCOMPAT_EXTENTS \ - | EXT4_FEATURE_INCOMPAT_FLEX_BG \ - | EXT2_FEATURE_INCOMPAT_META_BG \ -- | EXT4_FEATURE_INCOMPAT_64BIT) -+ | EXT4_FEATURE_INCOMPAT_64BIT \ -+ | EXT4_FEATURE_INCOMPAT_ENCRYPT) - /* List of rationales for the ignored "incompatible" features: - * needs_recovery: Not really back-incompatible - was added as such to forbid - * ext2 drivers from mounting an ext3 volume with a dirty -@@ -138,6 +140,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); - #define EXT3_JOURNAL_FLAG_DELETED 4 - #define EXT3_JOURNAL_FLAG_LAST_TAG 8 - -+#define EXT4_ENCRYPT_FLAG 0x800 - #define EXT4_EXTENTS_FLAG 0x80000 - - /* The ext2 superblock. */ -@@ -706,6 +709,12 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) - grub_ext2_read_inode (diro->data, diro->ino, &diro->inode); - if (grub_errno) - return 0; -+ -+ if (diro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG)) -+ { -+ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "symlink is encrypted"); -+ return 0; -+ } - } - - symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1); -@@ -749,6 +758,12 @@ grub_ext2_iterate_dir (grub_fshelp_node_t dir, - return 0; - } - -+ if (diro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG)) -+ { -+ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "directory is encrypted"); -+ return 0; -+ } -+ - /* Search the file. */ - while (fpos < grub_le_to_cpu32 (diro->inode.size)) - { -@@ -859,6 +874,12 @@ grub_ext2_open (struct grub_file *file, const char *name) - goto fail; - } - -+ if (fdiro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG)) -+ { -+ err = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "file is encrypted"); -+ goto fail; -+ } -+ - grub_memcpy (data->inode, &fdiro->inode, sizeof (struct grub_ext2_inode)); - grub_free (fdiro); - -diff --git a/tests/ext234_test.in b/tests/ext234_test.in -index 892b99c..4f1eb52 100644 ---- a/tests/ext234_test.in -+++ b/tests/ext234_test.in -@@ -30,3 +30,4 @@ fi - "@builddir@/grub-fs-tester" ext3 - "@builddir@/grub-fs-tester" ext4 - "@builddir@/grub-fs-tester" ext4_metabg -+"@builddir@/grub-fs-tester" ext4_encrypt -diff --git a/tests/util/grub-fs-tester.in b/tests/util/grub-fs-tester.in -index 88cbe73..fd7e0f1 100644 ---- a/tests/util/grub-fs-tester.in -+++ b/tests/util/grub-fs-tester.in -@@ -156,6 +156,12 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do - # Could go further but what's the point? - MAXBLKSIZE=$((65536*1024)) - ;; -+ xext4_encrypt) -+ # OS LIMITATION: Linux currently only allows the 'encrypt' feature -+ # in combination with block_size = PAGE_SIZE (4096 bytes on x86). -+ MINBLKSIZE=$(getconf PAGE_SIZE) -+ MAXBLKSIZE=$MINBLKSIZE -+ ;; - xext*) - MINBLKSIZE=1024 - if [ $MINBLKSIZE -lt $SECSIZE ]; then -@@ -796,6 +802,10 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do - MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.ext4" -O meta_bg,^resize_inode -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}" - MOUNTFS=ext4 - ;; -+ xext4_encrypt) -+ MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.ext4" -O encrypt -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}" -+ MOUNTFS=ext4 -+ ;; - xext*) - MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.$fs" -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}" ;; - xxfs) --- -cgit v1.0-41-gc330 - diff --git a/sys-boot/grub/files/08-find-freetype.patch b/sys-boot/grub/files/08-find-freetype.patch deleted file mode 100644 index 83b55449..00000000 --- a/sys-boot/grub/files/08-find-freetype.patch +++ /dev/null @@ -1,114 +0,0 @@ -diff -Nur a/configure.ac b/configure.ac ---- a/configure.ac 2017-04-24 12:30:15.000000000 +0100 -+++ b/configure.ac 2019-11-17 10:48:41.595490019 +0000 -@@ -50,6 +50,8 @@ - AC_CONFIG_SRCDIR([include/grub/dl.h]) - AC_CONFIG_HEADER([config-util.h]) - -+PKG_PROG_PKG_CONFIG -+ - # Program name transformations - AC_ARG_PROGRAM - grub_TRANSFORM([grub-bios-setup]) -@@ -1493,29 +1495,22 @@ - grub_mkfont_excuse="explicitly disabled" - fi - --if test x"$grub_mkfont_excuse" = x ; then -- # Check for freetype libraries. -- AC_CHECK_TOOLS([FREETYPE], [freetype-config]) -- if test "x$FREETYPE" = x ; then -- grub_mkfont_excuse=["need freetype2 library"] -- fi --fi -- - unset ac_cv_header_ft2build_h - - if test x"$grub_mkfont_excuse" = x ; then - # Check for freetype libraries. -- freetype_cflags=`$FREETYPE --cflags` -- freetype_libs=`$FREETYPE --libs` -- SAVED_CPPFLAGS="$CPPFLAGS" -- SAVED_LIBS="$LIBS" -- CPPFLAGS="$CPPFLAGS $freetype_cflags" -- LIBS="$LIBS $freetype_libs" -- AC_CHECK_HEADERS([ft2build.h], [], -- [grub_mkfont_excuse=["need freetype2 headers"]]) -- AC_LINK_IFELSE([AC_LANG_CALL([], [FT_Load_Glyph])], [], [grub_mkfont_excuse=["freetype2 library unusable"]]) -- CPPFLAGS="$SAVED_CPPFLAGS" -- LIBS="$SAVED_LIBS" -+ PKG_CHECK_MODULES([FREETYPE], [freetype2], [ -+ SAVED_CPPFLAGS="$CPPFLAGS" -+ SAVED_LIBS="$LIBS" -+ CPPFLAGS="$CPPFLAGS $FREETYPE_CFLAGS" -+ LIBS="$LIBS $FREETYPE_LIBS" -+ AC_CHECK_HEADERS([ft2build.h], [], -+ [grub_mkfont_excuse=["need freetype2 headers"]]) -+ AC_LINK_IFELSE([AC_LANG_CALL([], [FT_Load_Glyph])], [], -+ [grub_mkfont_excuse=["freetype2 library unusable"]]) -+ CPPFLAGS="$SAVED_CPPFLAGS" -+ LIBS="$SAVED_LIBS" -+ ], [grub_mkfont_excuse=["need freetype2 library"]]) - fi - - if test x"$enable_grub_mkfont" = xyes && test x"$grub_mkfont_excuse" != x ; then -@@ -1527,8 +1522,6 @@ - enable_grub_mkfont=no - fi - AC_SUBST([enable_grub_mkfont]) --AC_SUBST([freetype_cflags]) --AC_SUBST([freetype_libs]) - - SAVED_CC="$CC" - SAVED_CPP="$CPP" -@@ -1558,25 +1551,21 @@ - - if test x"$grub_build_mkfont_excuse" = x ; then - # Check for freetype libraries. -- AC_CHECK_PROGS([BUILD_FREETYPE], [freetype-config]) -- if test "x$BUILD_FREETYPE" = x ; then -- grub_build_mkfont_excuse=["need freetype2 library"] -- fi --fi -- --if test x"$grub_build_mkfont_excuse" = x ; then -- # Check for freetype libraries. -- build_freetype_cflags=`$BUILD_FREETYPE --cflags` -- build_freetype_libs=`$BUILD_FREETYPE --libs` -- SAVED_CPPFLAGS_2="$CPPFLAGS" -- SAVED_LIBS="$LIBS" -- CPPFLAGS="$CPPFLAGS $build_freetype_cflags" -- LIBS="$LIBS $build_freetype_libs" -- AC_CHECK_HEADERS([ft2build.h], [], -- [grub_build_mkfont_excuse=["need freetype2 headers"]]) -- AC_LINK_IFELSE([AC_LANG_CALL([], [FT_Load_Glyph])], [], [grub_build_mkfont_excuse=["freetype2 library unusable"]]) -- LIBS="$SAVED_LIBS" -- CPPFLAGS="$SAVED_CPPFLAGS_2" -+ SAVED_PKG_CONFIG="$PKG_CONFIG" -+ test -z "$BUILD_PKG_CONFIG" || PKG_CONFIG="$BUILD_PKG_CONFIG" -+ PKG_CHECK_MODULES([BUILD_FREETYPE], [freetype2], [ -+ SAVED_CPPFLAGS_2="$CPPFLAGS" -+ SAVED_LIBS="$LIBS" -+ CPPFLAGS="$CPPFLAGS $BUILD_FREETYPE_CFLAGS" -+ LIBS="$LIBS $BUILD_FREETYPE_LIBS" -+ AC_CHECK_HEADERS([ft2build.h], [], -+ [grub_build_mkfont_excuse=["need freetype2 headers"]]) -+ AC_LINK_IFELSE([AC_LANG_CALL([], [FT_Load_Glyph])], [], -+ [grub_build_mkfont_excuse=["freetype2 library unusable"]]) -+ LIBS="$SAVED_LIBS" -+ CPPFLAGS="$SAVED_CPPFLAGS_2" -+ ], [grub_build_mkfont_excuse=["need freetype2 library"]]) -+ PKG_CONFIG="$SAVED_PKG_CONFIG" - fi - - if test x"$enable_build_grub_mkfont" = xyes && test x"$grub_build_mkfont_excuse" != x ; then -@@ -1595,9 +1584,6 @@ - fi - fi - --AC_SUBST([build_freetype_cflags]) --AC_SUBST([build_freetype_libs]) -- - CC="$SAVED_CC" - CPP="$SAVED_CPP" - CFLAGS="$SAVED_CFLAGS" |