From 3cdc7a6c2472d3628adf01c539195e68e64f4f08 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 6 Jan 2019 15:25:36 +0000 Subject: sys-boot/grub : various bugfixes, revision bump --- ...-xfs-accept-filesystem-with-sparse-inodes.patch | 63 ++++++++ .../02-support-multiple-early-initrd-images.patch | 180 +++++++++++++++++++++ sys-boot/grub/files/03-relocation.patch | 65 ++++++++ .../04-Fix-packed-not-aligned-error-on-GCC-8.patch | 72 +++++++++ sys-boot/grub/files/05-gfxpayload.patch | 29 ++++ sys-boot/grub/files/06-KERNEL_GLOBS.patch | 67 ++++++++ ...esystems_that_have_the_encryption_feature.patch | 140 ++++++++++++++++ sys-boot/grub/files/gfxpayload.patch | 29 ---- .../grub/files/grub-2.02_beta2-KERNEL_GLOBS.patch | 67 -------- 9 files changed, 616 insertions(+), 96 deletions(-) create mode 100644 sys-boot/grub/files/01-xfs-accept-filesystem-with-sparse-inodes.patch create mode 100644 sys-boot/grub/files/02-support-multiple-early-initrd-images.patch create mode 100644 sys-boot/grub/files/03-relocation.patch create mode 100644 sys-boot/grub/files/04-Fix-packed-not-aligned-error-on-GCC-8.patch create mode 100644 sys-boot/grub/files/05-gfxpayload.patch create mode 100644 sys-boot/grub/files/06-KERNEL_GLOBS.patch create mode 100644 sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch delete mode 100644 sys-boot/grub/files/gfxpayload.patch delete mode 100644 sys-boot/grub/files/grub-2.02_beta2-KERNEL_GLOBS.patch (limited to 'sys-boot/grub/files') diff --git a/sys-boot/grub/files/01-xfs-accept-filesystem-with-sparse-inodes.patch b/sys-boot/grub/files/01-xfs-accept-filesystem-with-sparse-inodes.patch new file mode 100644 index 00000000..f18553dc --- /dev/null +++ b/sys-boot/grub/files/01-xfs-accept-filesystem-with-sparse-inodes.patch @@ -0,0 +1,63 @@ +Source/Upstream: Yes, fixed in git master +Reason: xfs: Accept filesystem with sparse inodes + +From cda0a857dd7a27cd5d621747464bfe71e8727fff Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Tue, 29 May 2018 16:16:02 +0200 +Subject: xfs: Accept filesystem with sparse inodes + +The sparse inode metadata format became a mkfs.xfs default in +xfsprogs-4.16.0, and such filesystems are now rejected by grub as +containing an incompatible feature. + +In essence, this feature allows xfs to allocate inodes into fragmented +freespace. (Without this feature, if xfs could not allocate contiguous +space for 64 new inodes, inode creation would fail.) + +In practice, the disk format change is restricted to the inode btree, +which as far as I can tell is not used by grub. If all you're doing +today is parsing a directory, reading an inode number, and converting +that inode number to a disk location, then ignoring this feature +should be fine, so I've added it to XFS_SB_FEAT_INCOMPAT_SUPPORTED + +I did some brief testing of this patch by hacking up the regression +tests to completely fragment freespace on the test xfs filesystem, and +then write a large-ish number of inodes to consume any existing +contiguous 64-inode chunk. This way any files the grub tests add and +traverse would be in such a fragmented inode allocation. Tests passed, +but I'm not sure how to cleanly integrate that into the test harness. + +Signed-off-by: Eric Sandeen +Reviewed-by: Daniel Kiper +Tested-by: Chris Murphy +--- + grub-core/fs/xfs.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c +index c6031bd..3b00c74 100644 +--- a/grub-core/fs/xfs.c ++++ b/grub-core/fs/xfs.c +@@ -79,9 +79,18 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define XFS_SB_FEAT_INCOMPAT_SPINODES (1 << 1) /* sparse inode chunks */ + #define XFS_SB_FEAT_INCOMPAT_META_UUID (1 << 2) /* metadata UUID */ + +-/* We do not currently verify metadata UUID so it is safe to read such filesystem */ ++/* ++ * Directory entries with ftype are explicitly handled by GRUB code. ++ * ++ * We do not currently read the inode btrees, so it is safe to read filesystems ++ * with the XFS_SB_FEAT_INCOMPAT_SPINODES feature. ++ * ++ * We do not currently verify metadata UUID, so it is safe to read filesystems ++ * with the XFS_SB_FEAT_INCOMPAT_META_UUID feature. ++ */ + #define XFS_SB_FEAT_INCOMPAT_SUPPORTED \ + (XFS_SB_FEAT_INCOMPAT_FTYPE | \ ++ XFS_SB_FEAT_INCOMPAT_SPINODES | \ + XFS_SB_FEAT_INCOMPAT_META_UUID) + + struct grub_xfs_sblock +-- +cgit v1.0-41-gc330 + diff --git a/sys-boot/grub/files/02-support-multiple-early-initrd-images.patch b/sys-boot/grub/files/02-support-multiple-early-initrd-images.patch new file mode 100644 index 00000000..4e17549c --- /dev/null +++ b/sys-boot/grub/files/02-support-multiple-early-initrd-images.patch @@ -0,0 +1,180 @@ +Source/Upstream: Yes, fixed in git master +Reason: Support multiple early initrd images + +From a698240df0c43278b2d1d7259c8e7a6926c63112 Mon Sep 17 00:00:00 2001 +From: "Matthew S. Turnbull" +Date: Sat, 24 Feb 2018 17:44:58 -0500 +Subject: grub-mkconfig/10_linux: Support multiple early initrd images + +Add support for multiple, shared, early initrd images. These early +images will be loaded in the order declared, and all will be loaded +before the initrd image. + +While many classes of data can be provided by early images, the +immediate use case would be for distributions to provide CPU +microcode to mitigate the Meltdown and Spectre vulnerabilities. + +There are two environment variables provided for declaring the early +images. + +* GRUB_EARLY_INITRD_LINUX_STOCK is for the distribution declare + images that are provided by the distribution or installed packages. + If undeclared, this will default to a set of common microcode image + names. + +* GRUB_EARLY_INITRD_LINUX_CUSTOM is for user created images. User + images will be loaded after the stock images. + +These separate configurations allow the distribution and user to +declare different image sets without clobbering each other. + +This also makes a minor update to ensure that UUID partition labels +stay disabled when no initrd image is found, even if early images are +present. + +This is a continuation of a previous patch published by Christian +Hesse in 2016: +http://lists.gnu.org/archive/html/grub-devel/2016-02/msg00025.html + +Down stream Gentoo bug: +https://bugs.gentoo.org/645088 + +Signed-off-by: Robin H. Johnson +Signed-off-by: Matthew S. Turnbull +Reviewed-by: Daniel Kiper +--- + docs/grub.texi | 19 +++++++++++++++++++ + util/grub-mkconfig.in | 8 ++++++++ + util/grub.d/10_linux.in | 33 +++++++++++++++++++++++++++------ + 3 files changed, 54 insertions(+), 6 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 137b894..65b4bbe 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -1398,6 +1398,25 @@ for all respectively normal entries. + The values of these options replace the values of @samp{GRUB_CMDLINE_LINUX} + and @samp{GRUB_CMDLINE_LINUX_DEFAULT} for Linux and Xen menu entries. + ++@item GRUB_EARLY_INITRD_LINUX_CUSTOM ++@itemx GRUB_EARLY_INITRD_LINUX_STOCK ++List of space-separated early initrd images to be loaded from @samp{/boot}. ++This is for loading things like CPU microcode, firmware, ACPI tables, crypto ++keys, and so on. These early images will be loaded in the order declared, ++and all will be loaded before the actual functional initrd image. ++ ++@samp{GRUB_EARLY_INITRD_LINUX_STOCK} is for your distribution to declare ++images that are provided by the distribution. It should not be modified ++without understanding the consequences. They will be loaded first. ++ ++@samp{GRUB_EARLY_INITRD_LINUX_CUSTOM} is for your custom created images. ++ ++The default stock images are as follows, though they may be overridden by ++your distribution: ++@example ++intel-uc.img intel-ucode.img amd-uc.img amd-ucode.img early_ucode.cpio microcode.cpio ++@end example ++ + @item GRUB_DISABLE_LINUX_UUID + Normally, @command{grub-mkconfig} will generate menu entries that use + universally-unique identifiers (UUIDs) to identify the root filesystem to +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index f8496d2..35ef583 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -147,6 +147,12 @@ if [ x"$GRUB_FS" = xunknown ]; then + GRUB_FS="$(stat -f --printf=%T / || echo unknown)" + fi + ++# Provide a default set of stock linux early initrd images. ++# Define here so the list can be modified in the sourced config file. ++if [ "x${GRUB_EARLY_INITRD_LINUX_STOCK}" = "x" ]; then ++ GRUB_EARLY_INITRD_LINUX_STOCK="intel-uc.img intel-ucode.img amd-uc.img amd-ucode.img early_ucode.cpio microcode.cpio" ++fi ++ + if test -f ${sysconfdir}/default/grub ; then + . ${sysconfdir}/default/grub + fi +@@ -211,6 +217,8 @@ export GRUB_DEFAULT \ + GRUB_CMDLINE_NETBSD \ + GRUB_CMDLINE_NETBSD_DEFAULT \ + GRUB_CMDLINE_GNUMACH \ ++ GRUB_EARLY_INITRD_LINUX_CUSTOM \ ++ GRUB_EARLY_INITRD_LINUX_STOCK \ + GRUB_TERMINAL_INPUT \ + GRUB_TERMINAL_OUTPUT \ + GRUB_SERIAL_COMMAND \ +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index de9044c..faedf74 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -136,9 +136,13 @@ EOF + if test -n "${initrd}" ; then + # TRANSLATORS: ramdisk isn't identifier. Should be translated. + message="$(gettext_printf "Loading initial ramdisk ...")" ++ initrd_path= ++ for i in ${initrd}; do ++ initrd_path="${initrd_path} ${rel_dirname}/${i}" ++ done + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' +- initrd ${rel_dirname}/${initrd} ++ initrd $(echo $initrd_path) + EOF + fi + sed "s/^/$submenu_indentation/" << EOF +@@ -188,7 +192,15 @@ while [ "x$list" != "x" ] ; do + alt_version=`echo $version | sed -e "s,\.old$,,g"` + linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" + +- initrd= ++ initrd_early= ++ for i in ${GRUB_EARLY_INITRD_LINUX_STOCK} \ ++ ${GRUB_EARLY_INITRD_LINUX_CUSTOM}; do ++ if test -e "${dirname}/${i}" ; then ++ initrd_early="${initrd_early} ${i}" ++ fi ++ done ++ ++ initrd_real= + for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ + "initrd-${version}" "initramfs-${version}.img" \ + "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ +@@ -198,11 +210,22 @@ while [ "x$list" != "x" ] ; do + "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ + "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do + if test -e "${dirname}/${i}" ; then +- initrd="$i" ++ initrd_real="${i}" + break + fi + done + ++ initrd= ++ if test -n "${initrd_early}" || test -n "${initrd_real}"; then ++ initrd="${initrd_early} ${initrd_real}" ++ ++ initrd_display= ++ for i in ${initrd}; do ++ initrd_display="${initrd_display} ${dirname}/${i}" ++ done ++ gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 ++ fi ++ + config= + for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do + if test -e "${i}" ; then +@@ -216,9 +239,7 @@ while [ "x$list" != "x" ] ; do + initramfs=`grep CONFIG_INITRAMFS_SOURCE= "${config}" | cut -f2 -d= | tr -d \"` + fi + +- if test -n "${initrd}" ; then +- gettext_printf "Found initrd image: %s\n" "${dirname}/${initrd}" >&2 +- elif test -z "${initramfs}" ; then ++ if test -z "${initramfs}" && test -z "${initrd_real}" ; then + # "UUID=" and "ZFS=" magic is parsed by initrd or initramfs. Since there's + # no initrd or builtin initramfs, it can't work here. + linux_root_device_thisversion=${GRUB_DEVICE} +-- +cgit v1.0-41-gc330 + diff --git a/sys-boot/grub/files/03-relocation.patch b/sys-boot/grub/files/03-relocation.patch new file mode 100644 index 00000000..1aeae684 --- /dev/null +++ b/sys-boot/grub/files/03-relocation.patch @@ -0,0 +1,65 @@ +commit 842c390469e2c2e10b5aa36700324cd3bde25875 +Author: H.J. Lu +Date: Sat Feb 17 06:47:28 2018 -0800 + + x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32 + + Starting from binutils commit bd7ab16b4537788ad53521c45469a1bdae84ad4a: + + https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd7ab16b4537788ad53521c45469a1bdae84ad4a + + x86-64 assembler generates R_X86_64_PLT32, instead of R_X86_64_PC32, for + 32-bit PC-relative branches. Grub2 should treat R_X86_64_PLT32 as + R_X86_64_PC32. + + Signed-off-by: H.J. Lu + Reviewed-by: Daniel Kiper + +diff --git a/grub-core/efiemu/i386/loadcore64.c b/grub-core/efiemu/i386/loadcore64.c +index e49d0b6ff..18facf47f 100644 +--- a/grub-core/efiemu/i386/loadcore64.c ++++ b/grub-core/efiemu/i386/loadcore64.c +@@ -98,6 +98,7 @@ grub_arch_efiemu_relocate_symbols64 (grub_efiemu_segment_t segs, + break; + + case R_X86_64_PC32: ++ case R_X86_64_PLT32: + err = grub_efiemu_write_value (addr, + *addr32 + rel->r_addend + + sym.off +diff --git a/grub-core/kern/x86_64/dl.c b/grub-core/kern/x86_64/dl.c +index 440690673..3a73e6e6c 100644 +--- a/grub-core/kern/x86_64/dl.c ++++ b/grub-core/kern/x86_64/dl.c +@@ -70,6 +70,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t mod, void *ehdr, + break; + + case R_X86_64_PC32: ++ case R_X86_64_PLT32: + { + grub_int64_t value; + value = ((grub_int32_t) *addr32) + rel->r_addend + sym->st_value - +diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c +index a2bb05439..39d7efb91 100644 +--- a/util/grub-mkimagexx.c ++++ b/util/grub-mkimagexx.c +@@ -841,6 +841,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e, Elf_Shdr *sections, + break; + + case R_X86_64_PC32: ++ case R_X86_64_PLT32: + { + grub_uint32_t *t32 = (grub_uint32_t *) target; + *t32 = grub_host_to_target64 (grub_target_to_host32 (*t32) +diff --git a/util/grub-module-verifier.c b/util/grub-module-verifier.c +index 9179285a5..a79271f66 100644 +--- a/util/grub-module-verifier.c ++++ b/util/grub-module-verifier.c +@@ -19,6 +19,7 @@ struct grub_module_verifier_arch archs[] = { + -1 + }, (int[]){ + R_X86_64_PC32, ++ R_X86_64_PLT32, + -1 + } + }, diff --git a/sys-boot/grub/files/04-Fix-packed-not-aligned-error-on-GCC-8.patch b/sys-boot/grub/files/04-Fix-packed-not-aligned-error-on-GCC-8.patch new file mode 100644 index 00000000..2d09149f --- /dev/null +++ b/sys-boot/grub/files/04-Fix-packed-not-aligned-error-on-GCC-8.patch @@ -0,0 +1,72 @@ +From 563b1da6e6ae7af46cc8354cadb5dab416989f0a Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Mon, 26 Mar 2018 16:52:34 +0800 +Subject: Fix packed-not-aligned error on GCC 8 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When building with GCC 8, there are several errors regarding packed-not-aligned. + +./include/grub/gpt_partition.h:79:1: error: alignment 1 of ‘struct grub_gpt_partentry’ is less than 8 [-Werror=packed-not-aligned] + +This patch fixes the build error by cleaning up the ambiguity of placing +aligned structure in a packed one. In "struct grub_btrfs_time" and "struct +grub_gpt_part_type", the aligned attribute seems to be superfluous, and also +has to be packed, to ensure the structure is bit-to-bit mapped to the format +laid on disk. I think we could blame to copy and paste error here for the +mistake. In "struct efi_variable", we have to use grub_efi_packed_guid_t, as +the name suggests. :) + +Signed-off-by: Michael Chang +Tested-by: Michael Chang +Tested-by: Paul Menzel +Reviewed-by: Daniel Kiper +--- + grub-core/fs/btrfs.c | 2 +- + include/grub/efiemu/runtime.h | 2 +- + include/grub/gpt_partition.h | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 4849c1ceb..be195448d 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -175,7 +175,7 @@ struct grub_btrfs_time + { + grub_int64_t sec; + grub_uint32_t nanosec; +-} __attribute__ ((aligned (4))); ++} GRUB_PACKED; + + struct grub_btrfs_inode + { +diff --git a/include/grub/efiemu/runtime.h b/include/grub/efiemu/runtime.h +index 9b6b729f4..36d2dedf4 100644 +--- a/include/grub/efiemu/runtime.h ++++ b/include/grub/efiemu/runtime.h +@@ -29,7 +29,7 @@ struct grub_efiemu_ptv_rel + + struct efi_variable + { +- grub_efi_guid_t guid; ++ grub_efi_packed_guid_t guid; + grub_uint32_t namelen; + grub_uint32_t size; + grub_efi_uint32_t attributes; +diff --git a/include/grub/gpt_partition.h b/include/grub/gpt_partition.h +index 1b32f6725..9668a68c3 100644 +--- a/include/grub/gpt_partition.h ++++ b/include/grub/gpt_partition.h +@@ -28,7 +28,7 @@ struct grub_gpt_part_type + grub_uint16_t data2; + grub_uint16_t data3; + grub_uint8_t data4[8]; +-} __attribute__ ((aligned(8))); ++} GRUB_PACKED; + typedef struct grub_gpt_part_type grub_gpt_part_type_t; + + #define GRUB_GPT_PARTITION_TYPE_EMPTY \ +-- +cgit v1.1-33-g03f6 + diff --git a/sys-boot/grub/files/05-gfxpayload.patch b/sys-boot/grub/files/05-gfxpayload.patch new file mode 100644 index 00000000..6c63ef88 --- /dev/null +++ b/sys-boot/grub/files/05-gfxpayload.patch @@ -0,0 +1,29 @@ +From e2d5bf1bc6aaaabeba538c1ca94ea8601e4e1474 Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Thu, 16 Oct 2014 23:43:51 -0400 +Subject: [PATCH] 10_linux: Default gfxpayload=keep only when booting using efi + +vesafb seems to be unreliable when using BIOS compat mode. + +--- + util/grub.d/10_linux.in | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index d2e2a8f..a54b888 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -104,7 +104,9 @@ linux_entry () + echo " load_video" | sed "s/^/$submenu_indentation/" + if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \ + && grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2> /dev/null; then +- echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/" ++ echo ' if [ "x$grub_platform" = xefi ]; then' | sed "s/^/$submenu_indentation/" ++ echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/" ++ echo ' fi' | sed "s/^/$submenu_indentation/" + fi + else + if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then +-- +2.7.2 + diff --git a/sys-boot/grub/files/06-KERNEL_GLOBS.patch b/sys-boot/grub/files/06-KERNEL_GLOBS.patch new file mode 100644 index 00000000..c66ee68d --- /dev/null +++ b/sys-boot/grub/files/06-KERNEL_GLOBS.patch @@ -0,0 +1,67 @@ +From 43e3295aaad5278a1e53c5282e2660b72cd76d28 Mon Sep 17 00:00:00 2001 +From: "Robin H. Johnson" +Date: Tue, 29 Dec 2015 15:29:14 -0800 +Subject: [PATCH] GRUB_LINUX_KERNEL_GLOBS: configurable kernel selection + +* util/grub.d/10_linux.in: Implement GRUB_LINUX_KERNEL_GLOBS +* docs/grub.texi: Document GRUB_LINUX_KERNEL_GLOBS + +Signed-off-by: Robin H. Johnson +--- + docs/grub.texi | 5 +++++ + util/grub.d/10_linux.in | 21 +++++++++++---------- + 2 files changed, 16 insertions(+), 10 deletions(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index 9a25a0b..d1129ec 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -1490,6 +1490,11 @@ This option may be set to a list of GRUB module names separated by spaces. + Each module will be loaded as early as possible, at the start of + @file{grub.cfg}. + ++@item GRUB_LINUX_KERNEL_GLOBS ++This option may be set to override the list of path globs used to find Linux ++kernels. The defaults vary by architecture, and generally include both ++@file{/boot} and @file{/}. ++ + @end table + + The following options are still accepted for compatibility with existing +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 859b608..e5ac11d 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -145,18 +145,19 @@ EOF + } + + machine=`uname -m` +-case "x$machine" in ++globs="$GRUB_LINUX_KERNEL_GLOBS" ++[ -z "$globs" ] && case "x$machine" in + xi?86 | xx86_64) +- list= +- for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do +- if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi +- done ;; +- *) +- list= +- for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do +- if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi +- done ;; ++ globs="/boot/vmlinuz-* /vmlinuz-* /boot/kernel-*" ++ ;; ++ *) ++ globs="/boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-*" ++ ;; + esac ++list= ++for i in ${globs} ; do ++ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi ++done + + case "$machine" in + i?86) GENKERNEL_ARCH="x86" ;; +-- +2.3.0 + diff --git a/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch b/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch new file mode 100644 index 00000000..22d62926 --- /dev/null +++ b/sys-boot/grub/files/07-Allow_GRUB_to_mount_ext234_filesystems_that_have_the_encryption_feature.patch @@ -0,0 +1,140 @@ +From 734668238fcc0ef691a080839e04f33854fa133a Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 29 Jun 2017 13:27:49 +0000 +Subject: Allow GRUB to mount ext2/3/4 filesystems that have the encryption + feature. + +On such a filesystem, inodes may have EXT4_ENCRYPT_FLAG set. +For a regular file, this means its contents are encrypted; for a +directory, this means the filenames in its directory entries are +encrypted; and for a symlink, this means its target is encrypted. Since +GRUB cannot decrypt encrypted contents or filenames, just issue an error +if it would need to do so. This is sufficient to allow unencrypted boot +files to co-exist with encrypted files elsewhere on the filesystem. + +(Note that encrypted regular files and symlinks will not normally be +encountered outside an encrypted directory; however, it's possible via +hard links, so they still need to be handled.) + +Tested by booting from an ext4 /boot partition on which I had run +'tune2fs -O encrypt'. I also verified that the expected error messages +are printed when trying to access encrypted directories, files, and +symlinks from the GRUB command line. Also ran 'sudo ./grub-fs-tester +ext4_encrypt'; note that this requires e2fsprogs v1.43+ and Linux v4.1+. + +Signed-off-by: Eric Biggers +--- + grub-core/fs/ext2.c | 23 ++++++++++++++++++++++- + tests/ext234_test.in | 1 + + tests/util/grub-fs-tester.in | 10 ++++++++++ + 3 files changed, 33 insertions(+), 1 deletion(-) + +diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c +index cdce63b..b8ad75a 100644 +--- a/grub-core/fs/ext2.c ++++ b/grub-core/fs/ext2.c +@@ -102,6 +102,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define EXT4_FEATURE_INCOMPAT_64BIT 0x0080 + #define EXT4_FEATURE_INCOMPAT_MMP 0x0100 + #define EXT4_FEATURE_INCOMPAT_FLEX_BG 0x0200 ++#define EXT4_FEATURE_INCOMPAT_ENCRYPT 0x10000 + + /* The set of back-incompatible features this driver DOES support. Add (OR) + * flags here as the related features are implemented into the driver. */ +@@ -109,7 +110,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); + | EXT4_FEATURE_INCOMPAT_EXTENTS \ + | EXT4_FEATURE_INCOMPAT_FLEX_BG \ + | EXT2_FEATURE_INCOMPAT_META_BG \ +- | EXT4_FEATURE_INCOMPAT_64BIT) ++ | EXT4_FEATURE_INCOMPAT_64BIT \ ++ | EXT4_FEATURE_INCOMPAT_ENCRYPT) + /* List of rationales for the ignored "incompatible" features: + * needs_recovery: Not really back-incompatible - was added as such to forbid + * ext2 drivers from mounting an ext3 volume with a dirty +@@ -138,6 +140,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define EXT3_JOURNAL_FLAG_DELETED 4 + #define EXT3_JOURNAL_FLAG_LAST_TAG 8 + ++#define EXT4_ENCRYPT_FLAG 0x800 + #define EXT4_EXTENTS_FLAG 0x80000 + + /* The ext2 superblock. */ +@@ -706,6 +709,12 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) + grub_ext2_read_inode (diro->data, diro->ino, &diro->inode); + if (grub_errno) + return 0; ++ ++ if (diro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG)) ++ { ++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "symlink is encrypted"); ++ return 0; ++ } + } + + symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1); +@@ -749,6 +758,12 @@ grub_ext2_iterate_dir (grub_fshelp_node_t dir, + return 0; + } + ++ if (diro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG)) ++ { ++ grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "directory is encrypted"); ++ return 0; ++ } ++ + /* Search the file. */ + while (fpos < grub_le_to_cpu32 (diro->inode.size)) + { +@@ -859,6 +874,12 @@ grub_ext2_open (struct grub_file *file, const char *name) + goto fail; + } + ++ if (fdiro->inode.flags & grub_cpu_to_le32_compile_time (EXT4_ENCRYPT_FLAG)) ++ { ++ err = grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, "file is encrypted"); ++ goto fail; ++ } ++ + grub_memcpy (data->inode, &fdiro->inode, sizeof (struct grub_ext2_inode)); + grub_free (fdiro); + +diff --git a/tests/ext234_test.in b/tests/ext234_test.in +index 892b99c..4f1eb52 100644 +--- a/tests/ext234_test.in ++++ b/tests/ext234_test.in +@@ -30,3 +30,4 @@ fi + "@builddir@/grub-fs-tester" ext3 + "@builddir@/grub-fs-tester" ext4 + "@builddir@/grub-fs-tester" ext4_metabg ++"@builddir@/grub-fs-tester" ext4_encrypt +diff --git a/tests/util/grub-fs-tester.in b/tests/util/grub-fs-tester.in +index 88cbe73..fd7e0f1 100644 +--- a/tests/util/grub-fs-tester.in ++++ b/tests/util/grub-fs-tester.in +@@ -156,6 +156,12 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do + # Could go further but what's the point? + MAXBLKSIZE=$((65536*1024)) + ;; ++ xext4_encrypt) ++ # OS LIMITATION: Linux currently only allows the 'encrypt' feature ++ # in combination with block_size = PAGE_SIZE (4096 bytes on x86). ++ MINBLKSIZE=$(getconf PAGE_SIZE) ++ MAXBLKSIZE=$MINBLKSIZE ++ ;; + xext*) + MINBLKSIZE=1024 + if [ $MINBLKSIZE -lt $SECSIZE ]; then +@@ -796,6 +802,10 @@ for LOGSECSIZE in $(range "$MINLOGSECSIZE" "$MAXLOGSECSIZE" 1); do + MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.ext4" -O meta_bg,^resize_inode -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}" + MOUNTFS=ext4 + ;; ++ xext4_encrypt) ++ MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.ext4" -O encrypt -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}" ++ MOUNTFS=ext4 ++ ;; + xext*) + MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.$fs" -b $BLKSIZE -L "$FSLABEL" -q "${MOUNTDEVICE}" ;; + xxfs) +-- +cgit v1.0-41-gc330 + diff --git a/sys-boot/grub/files/gfxpayload.patch b/sys-boot/grub/files/gfxpayload.patch deleted file mode 100644 index 6c63ef88..00000000 --- a/sys-boot/grub/files/gfxpayload.patch +++ /dev/null @@ -1,29 +0,0 @@ -From e2d5bf1bc6aaaabeba538c1ca94ea8601e4e1474 Mon Sep 17 00:00:00 2001 -From: Mike Gilbert -Date: Thu, 16 Oct 2014 23:43:51 -0400 -Subject: [PATCH] 10_linux: Default gfxpayload=keep only when booting using efi - -vesafb seems to be unreliable when using BIOS compat mode. - ---- - util/grub.d/10_linux.in | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index d2e2a8f..a54b888 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -104,7 +104,9 @@ linux_entry () - echo " load_video" | sed "s/^/$submenu_indentation/" - if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \ - && grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2> /dev/null; then -- echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/" -+ echo ' if [ "x$grub_platform" = xefi ]; then' | sed "s/^/$submenu_indentation/" -+ echo " set gfxpayload=keep" | sed "s/^/$submenu_indentation/" -+ echo ' fi' | sed "s/^/$submenu_indentation/" - fi - else - if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then --- -2.7.2 - diff --git a/sys-boot/grub/files/grub-2.02_beta2-KERNEL_GLOBS.patch b/sys-boot/grub/files/grub-2.02_beta2-KERNEL_GLOBS.patch deleted file mode 100644 index c66ee68d..00000000 --- a/sys-boot/grub/files/grub-2.02_beta2-KERNEL_GLOBS.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 43e3295aaad5278a1e53c5282e2660b72cd76d28 Mon Sep 17 00:00:00 2001 -From: "Robin H. Johnson" -Date: Tue, 29 Dec 2015 15:29:14 -0800 -Subject: [PATCH] GRUB_LINUX_KERNEL_GLOBS: configurable kernel selection - -* util/grub.d/10_linux.in: Implement GRUB_LINUX_KERNEL_GLOBS -* docs/grub.texi: Document GRUB_LINUX_KERNEL_GLOBS - -Signed-off-by: Robin H. Johnson ---- - docs/grub.texi | 5 +++++ - util/grub.d/10_linux.in | 21 +++++++++++---------- - 2 files changed, 16 insertions(+), 10 deletions(-) - -diff --git a/docs/grub.texi b/docs/grub.texi -index 9a25a0b..d1129ec 100644 ---- a/docs/grub.texi -+++ b/docs/grub.texi -@@ -1490,6 +1490,11 @@ This option may be set to a list of GRUB module names separated by spaces. - Each module will be loaded as early as possible, at the start of - @file{grub.cfg}. - -+@item GRUB_LINUX_KERNEL_GLOBS -+This option may be set to override the list of path globs used to find Linux -+kernels. The defaults vary by architecture, and generally include both -+@file{/boot} and @file{/}. -+ - @end table - - The following options are still accepted for compatibility with existing -diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 859b608..e5ac11d 100644 ---- a/util/grub.d/10_linux.in -+++ b/util/grub.d/10_linux.in -@@ -145,18 +145,19 @@ EOF - } - - machine=`uname -m` --case "x$machine" in -+globs="$GRUB_LINUX_KERNEL_GLOBS" -+[ -z "$globs" ] && case "x$machine" in - xi?86 | xx86_64) -- list= -- for i in /boot/vmlinuz-* /vmlinuz-* /boot/kernel-* ; do -- if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi -- done ;; -- *) -- list= -- for i in /boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-* ; do -- if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi -- done ;; -+ globs="/boot/vmlinuz-* /vmlinuz-* /boot/kernel-*" -+ ;; -+ *) -+ globs="/boot/vmlinuz-* /boot/vmlinux-* /vmlinuz-* /vmlinux-* /boot/kernel-*" -+ ;; - esac -+list= -+for i in ${globs} ; do -+ if grub_file_is_not_garbage "$i" ; then list="$list $i" ; fi -+done - - case "$machine" in - i?86) GENKERNEL_ARCH="x86" ;; --- -2.3.0 - -- cgit v1.2.3