summaryrefslogtreecommitdiff
path: root/sys-boot/grub
diff options
context:
space:
mode:
Diffstat (limited to 'sys-boot/grub')
-rw-r--r--sys-boot/grub/files/01-xfs-accept-filesystem-with-sparse-inodes.patch63
-rw-r--r--sys-boot/grub/files/02-support-multiple-early-initrd-images.patch180
-rw-r--r--sys-boot/grub/files/03-relocation.patch65
-rw-r--r--sys-boot/grub/files/04-Fix-packed-not-aligned-error-on-GCC-8.patch72
-rw-r--r--sys-boot/grub/files/05-gfxpayload.patch (renamed from sys-boot/grub/files/gfxpayload.patch)0
-rw-r--r--sys-boot/grub/files/06-KERNEL_GLOBS.patch (renamed from sys-boot/grub/files/grub-2.02_beta2-KERNEL_GLOBS.patch)0
-rw-r--r--sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch140
-rw-r--r--sys-boot/grub/grub-2.02-r1337.ebuild (renamed from sys-boot/grub/grub-2.02-r1.ebuild)9
8 files changed, 527 insertions, 2 deletions
diff --git a/sys-boot/grub/files/01-xfs-accept-filesystem-with-sparse-inodes.patch b/sys-boot/grub/files/01-xfs-accept-filesystem-with-sparse-inodes.patch
new file mode 100644
index 00000000..f18553dc
--- /dev/null
+++ b/sys-boot/grub/files/01-xfs-accept-filesystem-with-sparse-inodes.patch
@@ -0,0 +1,63 @@
+Source/Upstream: Yes, fixed in git master
+Reason: xfs: Accept filesystem with sparse inodes
+
+From cda0a857dd7a27cd5d621747464bfe71e8727fff Mon Sep 17 00:00:00 2001
+From: Daniel Kiper <daniel.kiper@oracle.com>
+Date: Tue, 29 May 2018 16:16:02 +0200
+Subject: xfs: Accept filesystem with sparse inodes
+
+The sparse inode metadata format became a mkfs.xfs default in
+xfsprogs-4.16.0, and such filesystems are now rejected by grub as
+containing an incompatible feature.
+
+In essence, this feature allows xfs to allocate inodes into fragmented
+freespace. (Without this feature, if xfs could not allocate contiguous
+space for 64 new inodes, inode creation would fail.)
+
+In practice, the disk format change is restricted to the inode btree,
+which as far as I can tell is not used by grub. If all you're doing
+today is parsing a directory, reading an inode number, and converting
+that inode number to a disk location, then ignoring this feature
+should be fine, so I've added it to XFS_SB_FEAT_INCOMPAT_SUPPORTED
+
+I did some brief testing of this patch by hacking up the regression
+tests to completely fragment freespace on the test xfs filesystem, and
+then write a large-ish number of inodes to consume any existing
+contiguous 64-inode chunk. This way any files the grub tests add and
+traverse would be in such a fragmented inode allocation. Tests passed,
+but I'm not sure how to cleanly integrate that into the test harness.
+
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Tested-by: Chris Murphy <lists@colorremedies.com>
+---
+ grub-core/fs/xfs.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c
+index c6031bd..3b00c74 100644
+--- a/grub-core/fs/xfs.c
++++ b/grub-core/fs/xfs.c
+@@ -79,9 +79,18 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ #define XFS_SB_FEAT_INCOMPAT_SPINODES (1 << 1) /* sparse inode chunks */
+ #define XFS_SB_FEAT_INCOMPAT_META_UUID (1 << 2) /* metadata UUID */
+
+-/* We do not currently verify metadata UUID so it is safe to read such filesystem */
++/*
++ * Directory entries with ftype are explicitly handled by GRUB code.
++ *
++ * We do not currently read the inode btrees, so it is safe to read filesystems
++ * with the XFS_SB_FEAT_INCOMPAT_SPINODES feature.
++ *
++ * We do not currently verify metadata UUID, so it is safe to read filesystems
++ * with the XFS_SB_FEAT_INCOMPAT_META_UUID feature.
++ */
+ #define XFS_SB_FEAT_INCOMPAT_SUPPORTED \
+ (XFS_SB_FEAT_INCOMPAT_FTYPE | \
++ XFS_SB_FEAT_INCOMPAT_SPINODES | \
+ XFS_SB_FEAT_INCOMPAT_META_UUID)
+
+ struct grub_xfs_sblock
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-boot/grub/files/02-support-multiple-early-initrd-images.patch b/sys-boot/grub/files/02-support-multiple-early-initrd-images.patch
new file mode 100644
index 00000000..4e17549c
--- /dev/null
+++ b/sys-boot/grub/files/02-support-multiple-early-initrd-images.patch
@@ -0,0 +1,180 @@
+Source/Upstream: Yes, fixed in git master
+Reason: Support multiple early initrd images
+
+From a698240df0c43278b2d1d7259c8e7a6926c63112 Mon Sep 17 00:00:00 2001
+From: "Matthew S. Turnbull" <sparky@bluefang-logic.com>
+Date: Sat, 24 Feb 2018 17:44:58 -0500
+Subject: grub-mkconfig/10_linux: Support multiple early initrd images
+
+Add support for multiple, shared, early initrd images. These early
+images will be loaded in the order declared, and all will be loaded
+before the initrd image.
+
+While many classes of data can be provided by early images, the
+immediate use case would be for distributions to provide CPU
+microcode to mitigate the Meltdown and Spectre vulnerabilities.
+
+There are two environment variables provided for declaring the early
+images.
+
+* GRUB_EARLY_INITRD_LINUX_STOCK is for the distribution declare
+ images that are provided by the distribution or installed packages.
+ If undeclared, this will default to a set of common microcode image
+ names.
+
+* GRUB_EARLY_INITRD_LINUX_CUSTOM is for user created images. User
+ images will be loaded after the stock images.
+
+These separate configurations allow the distribution and user to
+declare different image sets without clobbering each other.
+
+This also makes a minor update to ensure that UUID partition labels
+stay disabled when no initrd image is found, even if early images are
+present.
+
+This is a continuation of a previous patch published by Christian
+Hesse in 2016:
+http://lists.gnu.org/archive/html/grub-devel/2016-02/msg00025.html
+
+Down stream Gentoo bug:
+https://bugs.gentoo.org/645088
+
+Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+Signed-off-by: Matthew S. Turnbull <sparky@bluefang-logic.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ docs/grub.texi | 19 +++++++++++++++++++
+ util/grub-mkconfig.in | 8 ++++++++
+ util/grub.d/10_linux.in | 33 +++++++++++++++++++++++++++------
+ 3 files changed, 54 insertions(+), 6 deletions(-)
+
+diff --git a/docs/grub.texi b/docs/grub.texi
+index 137b894..65b4bbe 100644
+--- a/docs/grub.texi
++++ b/docs/grub.texi
+@@ -1398,6 +1398,25 @@ for all respectively normal entries.
+ The values of these options replace the values of @samp{GRUB_CMDLINE_LINUX}
+ and @samp{GRUB_CMDLINE_LINUX_DEFAULT} for Linux and Xen menu entries.
+
++@item GRUB_EARLY_INITRD_LINUX_CUSTOM
++@itemx GRUB_EARLY_INITRD_LINUX_STOCK
++List of space-separated early initrd images to be loaded from @samp{/boot}.
++This is for loading things like CPU microcode, firmware, ACPI tables, crypto
++keys, and so on. These early images will be loaded in the order declared,
++and all will be loaded before the actual functional initrd image.
++
++@samp{GRUB_EARLY_INITRD_LINUX_STOCK} is for your distribution to declare
++images that are provided by the distribution. It should not be modified
++without understanding the consequences. They will be loaded first.
++
++@samp{GRUB_EARLY_INITRD_LINUX_CUSTOM} is for your custom created images.
++
++The default stock images are as follows, though they may be overridden by
++your distribution:
++@example
++intel-uc.img intel-ucode.img amd-uc.img amd-ucode.img early_ucode.cpio microcode.cpio
++@end example
++
+ @item GRUB_DISABLE_LINUX_UUID
+ Normally, @command{grub-mkconfig} will generate menu entries that use
+ universally-unique identifiers (UUIDs) to identify the root filesystem to
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index f8496d2..35ef583 100644
+--- a/util/grub-mkconfig.in
++++ b/util/grub-mkconfig.in
+@@ -147,6 +147,12 @@ if [ x"$GRUB_FS" = xunknown ]; then
+ GRUB_FS="$(stat -f --printf=%T / || echo unknown)"
+ fi
+
++# Provide a default set of stock linux early initrd images.
++# Define here so the list can be modified in the sourced config file.
++if [ "x${GRUB_EARLY_INITRD_LINUX_STOCK}" = "x" ]; then
++ GRUB_EARLY_INITRD_LINUX_STOCK="intel-uc.img intel-ucode.img amd-uc.img amd-ucode.img early_ucode.cpio microcode.cpio"
++fi
++
+ if test -f ${sysconfdir}/default/grub ; then
+ . ${sysconfdir}/default/grub
+ fi
+@@ -211,6 +217,8 @@ export GRUB_DEFAULT \
+ GRUB_CMDLINE_NETBSD \
+ GRUB_CMDLINE_NETBSD_DEFAULT \
+ GRUB_CMDLINE_GNUMACH \
++ GRUB_EARLY_INITRD_LINUX_CUSTOM \
++ GRUB_EARLY_INITRD_LINUX_STOCK \
+ GRUB_TERMINAL_INPUT \
+ GRUB_TERMINAL_OUTPUT \
+ GRUB_SERIAL_COMMAND \
+diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
+index de9044c..faedf74 100644
+--- a/util/grub.d/10_linux.in
++++ b/util/grub.d/10_linux.in
+@@ -136,9 +136,13 @@ EOF
+ if test -n "${initrd}" ; then
+ # TRANSLATORS: ramdisk isn't identifier. Should be translated.
+ message="$(gettext_printf "Loading initial ramdisk ...")"
++ initrd_path=
++ for i in ${initrd}; do
++ initrd_path="${initrd_path} ${rel_dirname}/${i}"
++ done
+ sed "s/^/$submenu_indentation/" << EOF
+ echo '$(echo "$message" | grub_quote)'
+- initrd ${rel_dirname}/${initrd}
++ initrd $(echo $initrd_path)
+ EOF
+ fi
+ sed "s/^/$submenu_indentation/" << EOF
+@@ -188,7 +192,15 @@ while [ "x$list" != "x" ] ; do
+ alt_version=`echo $version | sed -e "s,\.old$,,g"`
+ linux_root_device_thisversion="${LINUX_ROOT_DEVICE}"
+
+- initrd=
++ initrd_early=
++ for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \
++ ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do
++ if test -e "${dirname}/${i}" ; then
++ initrd_early="${initrd_early} ${i}"
++ fi
++ done
++
++ initrd_real=
+ for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \
+ "initrd-${version}" "initramfs-${version}.img" \
+ "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
+@@ -198,11 +210,22 @@ while [ "x$list" != "x" ] ; do
+ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
+ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do
+ if test -e "${dirname}/${i}" ; then
+- initrd="$i"
++ initrd_real="${i}"
+ break
+ fi
+ done
+
++ initrd=
++ if test -n "${initrd_early}" || test -n "${initrd_real}"; then
++ initrd="${initrd_early} ${initrd_real}"
++
++ initrd_display=
++ for i in ${initrd}; do
++ initrd_display="${initrd_display} ${dirname}/${i}"
++ done
++ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2
++ fi
++
+ config=
+ for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do
+ if test -e "${i}" ; then
+@@ -216,9 +239,7 @@ while [ "x$list" != "x" ] ; do
+ initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"`
+ fi
+
+- if test -n "${initrd}" ; then
+- gettext_printf "Found initrd image: %s\n" "${dirname}/${initrd}" >&2
+- elif test -z "${initramfs}" ; then
++ if test -z "${initramfs}" && test -z "${initrd_real}" ; then
+ # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's
+ # no initrd or builtin initramfs, it can't work here.
+ linux_root_device_thisversion=${GRUB_DEVICE}
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-boot/grub/files/03-relocation.patch b/sys-boot/grub/files/03-relocation.patch
new file mode 100644
index 00000000..1aeae684
--- /dev/null
+++ b/sys-boot/grub/files/03-relocation.patch
@@ -0,0 +1,65 @@
+commit 842c390469e2c2e10b5aa36700324cd3bde25875
+Author: H.J. Lu <hjl.tools@gmail.com>
+Date: Sat Feb 17 06:47:28 2018 -0800
+
+ x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32
+
+ Starting from binutils commit bd7ab16b4537788ad53521c45469a1bdae84ad4a:
+
+ https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd7ab16b4537788ad53521c45469a1bdae84ad4a
+
+ x86-64 assembler generates R_X86_64_PLT32, instead of R_X86_64_PC32, for
+ 32-bit PC-relative branches. Grub2 should treat R_X86_64_PLT32 as
+ R_X86_64_PC32.
+
+ Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+ Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+diff --git a/grub-core/efiemu/i386/loadcore64.c b/grub-core/efiemu/i386/loadcore64.c
+index e49d0b6ff..18facf47f 100644
+--- a/grub-core/efiemu/i386/loadcore64.c
++++ b/grub-core/efiemu/i386/loadcore64.c
+@@ -98,6 +98,7 @@ grub_arch_efiemu_relocate_symbols64 (grub_efiemu_segment_t segs,
+ break;
+
+ case R_X86_64_PC32:
++ case R_X86_64_PLT32:
+ err = grub_efiemu_write_value (addr,
+ *addr32 + rel->r_addend
+ + sym.off
+diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c
+index 440690673..3a73e6e6c 100644
+--- a/grub-core/kern/x86_64/dl.c
++++ b/grub-core/kern/x86_64/dl.c
+@@ -70,6 +70,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr,
+ break;
+
+ case R_X86_64_PC32:
++ case R_X86_64_PLT32:
+ {
+ grub_int64_t value;
+ value = ((grub_int32_t) *addr32) + rel->r_addend + sym->st_value -
+diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c
+index a2bb05439..39d7efb91 100644
+--- a/util/grub-mkimagexx.c
++++ b/util/grub-mkimagexx.c
+@@ -841,6 +841,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections,
+ break;
+
+ case R_X86_64_PC32:
++ case R_X86_64_PLT32:
+ {
+ grub_uint32_t *t32 = (grub_uint32_t *) target;
+ *t32 = grub_host_to_target64 (grub_target_to_host32 (*t32)
+diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c
+index 9179285a5..a79271f66 100644
+--- a/util/grub-module-verifier.c
++++ b/util/grub-module-verifier.c
+@@ -19,6 +19,7 @@ struct grub_module_verifier_arch archs[] = {
+ -1
+ }, (int[]){
+ R_X86_64_PC32,
++ R_X86_64_PLT32,
+ -1
+ }
+ },
diff --git a/sys-boot/grub/files/04-Fix-packed-not-aligned-error-on-GCC-8.patch b/sys-boot/grub/files/04-Fix-packed-not-aligned-error-on-GCC-8.patch
new file mode 100644
index 00000000..2d09149f
--- /dev/null
+++ b/sys-boot/grub/files/04-Fix-packed-not-aligned-error-on-GCC-8.patch
@@ -0,0 +1,72 @@
+From 563b1da6e6ae7af46cc8354cadb5dab416989f0a Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Mon, 26 Mar 2018 16:52:34 +0800
+Subject: Fix packed-not-aligned error on GCC 8
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When building with GCC 8, there are several errors regarding packed-not-aligned.
+
+./include/grub/gpt_partition.h:79:1: error: alignment 1 of ‘struct grub_gpt_partentry’ is less than 8 [-Werror=packed-not-aligned]
+
+This patch fixes the build error by cleaning up the ambiguity of placing
+aligned structure in a packed one. In "struct grub_btrfs_time" and "struct
+grub_gpt_part_type", the aligned attribute seems to be superfluous, and also
+has to be packed, to ensure the structure is bit-to-bit mapped to the format
+laid on disk. I think we could blame to copy and paste error here for the
+mistake. In "struct efi_variable", we have to use grub_efi_packed_guid_t, as
+the name suggests. :)
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+Tested-by: Michael Chang <mchang@suse.com>
+Tested-by: Paul Menzel <paulepanter@users.sourceforge.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/fs/btrfs.c | 2 +-
+ include/grub/efiemu/runtime.h | 2 +-
+ include/grub/gpt_partition.h | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index 4849c1ceb..be195448d 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -175,7 +175,7 @@ struct grub_btrfs_time
+ {
+ grub_int64_t sec;
+ grub_uint32_t nanosec;
+-} __attribute__ ((aligned (4)));
++} GRUB_PACKED;
+
+ struct grub_btrfs_inode
+ {
+diff --git a/include/grub/efiemu/runtime.h b/include/grub/efiemu/runtime.h
+index 9b6b729f4..36d2dedf4 100644
+--- a/include/grub/efiemu/runtime.h
++++ b/include/grub/efiemu/runtime.h
+@@ -29,7 +29,7 @@ struct grub_efiemu_ptv_rel
+
+ struct efi_variable
+ {
+- grub_efi_guid_t guid;
++ grub_efi_packed_guid_t guid;
+ grub_uint32_t namelen;
+ grub_uint32_t size;
+ grub_efi_uint32_t attributes;
+diff --git a/include/grub/gpt_partition.h b/include/grub/gpt_partition.h
+index 1b32f6725..9668a68c3 100644
+--- a/include/grub/gpt_partition.h
++++ b/include/grub/gpt_partition.h
+@@ -28,7 +28,7 @@ struct grub_gpt_part_type
+ grub_uint16_t data2;
+ grub_uint16_t data3;
+ grub_uint8_t data4[8];
+-} __attribute__ ((aligned(8)));
++} GRUB_PACKED;
+ typedef struct grub_gpt_part_type grub_gpt_part_type_t;
+
+ #define GRUB_GPT_PARTITION_TYPE_EMPTY \
+--
+cgit v1.1-33-g03f6
+
diff --git a/sys-boot/grub/files/gfxpayload.patch b/sys-boot/grub/files/05-gfxpayload.patch
index 6c63ef88..6c63ef88 100644
--- a/sys-boot/grub/files/gfxpayload.patch
+++ b/sys-boot/grub/files/05-gfxpayload.patch
diff --git a/sys-boot/grub/files/grub-2.02_beta2-KERNEL_GLOBS.patch b/sys-boot/grub/files/06-KERNEL_GLOBS.patch
index c66ee68d..c66ee68d 100644
--- a/sys-boot/grub/files/grub-2.02_beta2-KERNEL_GLOBS.patch
+++ b/sys-boot/grub/files/06-KERNEL_GLOBS.patch
diff --git a/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch b/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch
new file mode 100644
index 00000000..22d62926
--- /dev/null
+++ b/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch
@@ -0,0 +1,140 @@
+From 734668238fcc0ef691a080839e04f33854fa133a Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 29 Jun 2017 13:27:49 +0000
+Subject: Allow GRUB to mount ext2/3/4 filesystems that have the encryption
+ feature.
+
+On such a filesystem, inodes may have EXT4_ENCRYPT_FLAG set.
+For a regular file, this means its contents are encrypted; for a
+directory, this means the filenames in its directory entries are
+encrypted; and for a symlink, this means its target is encrypted. Since
+GRUB cannot decrypt encrypted contents or filenames, just issue an error
+if it would need to do so. This is sufficient to allow unencrypted boot
+files to co-exist with encrypted files elsewhere on the filesystem.
+
+(Note that encrypted regular files and symlinks will not normally be
+encountered outside an encrypted directory; however, it's possible via
+hard links, so they still need to be handled.)
+
+Tested by booting from an ext4 /boot partition on which I had run
+'tune2fs -O encrypt'. I also verified that the expected error messages
+are printed when trying to access encrypted directories, files, and
+symlinks from the GRUB command line. Also ran 'sudo ./grub-fs-tester
+ext4_encrypt'; note that this requires e2fsprogs v1.43+ and Linux v4.1+.
+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+---
+ grub-core/fs/ext2.c | 23 ++++++++++++++++++++++-
+ tests/ext234_test.in | 1 +
+ tests/util/grub-fs-tester.in | 10 ++++++++++
+ 3 files changed, 33 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c
+index cdce63b..b8ad75a 100644
+--- a/grub-core/fs/ext2.c
++++ b/grub-core/fs/ext2.c
+@@ -102,6 +102,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ #define EXT4_FEATURE_INCOMPAT_64BIT 0x0080
+ #define EXT4_FEATURE_INCOMPAT_MMP 0x0100
+ #define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200
++#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000
+
+ /* The set of back-incompatible features this driver DOES support. Add (OR)
+ * flags here as the related features are implemented into the driver. */
+@@ -109,7 +110,8 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ | EXT4_FEATURE_INCOMPAT_EXTENTS \
+ | EXT4_FEATURE_INCOMPAT_FLEX_BG \
+ | EXT2_FEATURE_INCOMPAT_META_BG \
+- | EXT4_FEATURE_INCOMPAT_64BIT)
++ | EXT4_FEATURE_INCOMPAT_64BIT \
++ | EXT4_FEATURE_INCOMPAT_ENCRYPT)
+ /* List of rationales for the ignored "incompatible" features:
+ * needs_recovery: Not really back-incompatible - was added as such to forbid
+ * ext2 drivers from mounting an ext3 volume with a dirty
+@@ -138,6 +140,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ #define EXT3_JOURNAL_FLAG_DELETED 4
+ #define EXT3_JOURNAL_FLAG_LAST_TAG 8
+
++#define EXT4_ENCRYPT_FLAG 0x800
+ #define EXT4_EXTENTS_FLAG 0x80000
+
+ /* The ext2 superblock. */
+@@ -706,6 +709,12 @@ grub_ext2_read_symlink (grub_fshelp_node_t node)
+ grub_ext2_read_inode (diro->data, diro->ino, &diro->inode);
+ if (grub_errno)
+ return 0;
++
++ if (diro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG))
++ {
++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "symlink is encrypted");
++ return 0;
++ }
+ }
+
+ symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1);
+@@ -749,6 +758,12 @@ grub_ext2_iterate_dir (grub_fshelp_node_t dir,
+ return 0;
+ }
+
++ if (diro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG))
++ {
++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "directory is encrypted");
++ return 0;
++ }
++
+ /* Search the file. */
+ while (fpos < grub_le_to_cpu32 (diro->inode.size))
+ {
+@@ -859,6 +874,12 @@ grub_ext2_open (struct grub_file *file, const char *name)
+ goto fail;
+ }
+
++ if (fdiro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG))
++ {
++ err = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "file is encrypted");
++ goto fail;
++ }
++
+ grub_memcpy (data->inode, &fdiro->inode, sizeof (struct grub_ext2_inode));
+ grub_free (fdiro);
+
+diff --git a/tests/ext234_test.in b/tests/ext234_test.in
+index 892b99c..4f1eb52 100644
+--- a/tests/ext234_test.in
++++ b/tests/ext234_test.in
+@@ -30,3 +30,4 @@ fi
+ "@builddir@/grub-fs-tester" ext3
+ "@builddir@/grub-fs-tester" ext4
+ "@builddir@/grub-fs-tester" ext4_metabg
++"@builddir@/grub-fs-tester" ext4_encrypt
+diff --git a/tests/util/grub-fs-tester.in b/tests/util/grub-fs-tester.in
+index 88cbe73..fd7e0f1 100644
+--- a/tests/util/grub-fs-tester.in
++++ b/tests/util/grub-fs-tester.in
+@@ -156,6 +156,12 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
+ # Could go further but what's the point?
+ MAXBLKSIZE=$((65536*1024))
+ ;;
++ xext4_encrypt)
++ # OS LIMITATION: Linux currently only allows the 'encrypt' feature
++ # in combination with block_size = PAGE_SIZE (4096 bytes on x86).
++ MINBLKSIZE=$(getconf PAGE_SIZE)
++ MAXBLKSIZE=$MINBLKSIZE
++ ;;
+ xext*)
+ MINBLKSIZE=1024
+ if [ $MINBLKSIZE -lt $SECSIZE ]; then
+@@ -796,6 +802,10 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do
+ MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.ext4" -O meta_bg,^resize_inode -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}"
+ MOUNTFS=ext4
+ ;;
++ xext4_encrypt)
++ MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.ext4" -O encrypt -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}"
++ MOUNTFS=ext4
++ ;;
+ xext*)
+ MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.$fs" -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}" ;;
+ xxfs)
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-boot/grub/grub-2.02-r1.ebuild b/sys-boot/grub/grub-2.02-r1337.ebuild
index dacfc3d5..7752a693 100644
--- a/sys-boot/grub/grub-2.02-r1.ebuild
+++ b/sys-boot/grub/grub-2.02-r1337.ebuild
@@ -33,8 +33,13 @@ else
fi
PATCHES=(
- "${FILESDIR}"/gfxpayload.patch
- "${FILESDIR}"/grub-2.02_beta2-KERNEL_GLOBS.patch
+ "${FILESDIR}"/01-xfs-accept-filesystem-with-sparse-inodes.patch
+ "${FILESDIR}"/02-support-multiple-early-initrd-images.patch
+ "${FILESDIR}"/03-relocation.patch
+ "${FILESDIR}"/04-Fix-packed-not-aligned-error-on-GCC-8.patch
+ "${FILESDIR}"/05-gfxpayload.patch
+ "${FILESDIR}"/06-KERNEL_GLOBS.patch
+ "${FILESDIR}"/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch
)
DEJAVU=dejavu-sans-ttf-2.37