From a98b0609e618e0530507ee07e1cfecf7fa5bac52 Mon Sep 17 00:00:00 2001 From: Mate Kukri Date: Tue, 12 Aug 2025 11:51:55 +0100 Subject: [PATCH] Import grub2_2.14~git20250718.0e36779.orig.tar.xz [dgit import orig grub2_2.14~git20250718.0e36779.orig.tar.xz] --- ABOUT-NLS | 1282 + AUTHORS | 23 + BUGS | 7 + COPYING | 674 + ChangeLog | 27892 ++++++++ INSTALL | 356 + Makefile.am | 494 + Makefile.in | 15702 +++++ Makefile.util.am | 1626 + Makefile.util.def | 1470 + Makefile.utilgcry.def | 43 + NEWS | 755 + README | 26 + THANKS | 38 + TODO | 9 + acinclude.m4 | 511 + aclocal.m4 | 2055 + asm-tests/arm.S | 20 + asm-tests/i386-pc.S | 18 + asm-tests/i386.S | 4 + asm-tests/mips.S | 11 + asm-tests/powerpc.S | 8 + asm-tests/sparc64.S | 9 + autogen.sh | 154 + build-aux/compile | 348 + build-aux/config.guess | 1754 + build-aux/config.rpath | 690 + build-aux/config.sub | 1890 + build-aux/depcomp | 790 + build-aux/gitlog-to-changelog | 516 + build-aux/install-sh | 541 + build-aux/mdate-sh | 228 + build-aux/missing | 215 + build-aux/test-driver | 153 + build-aux/texinfo.tex | 11592 ++++ conf/Makefile.common | 152 + conf/Makefile.extra-dist | 159 + conf/i386-cygwin-img-ld.sc | 57 + config-util.h.in | 2135 + config.h.in | 149 + configure | 45275 +++++++++++++ configure.ac | 2402 + coreboot.cfg | 3 + docs/Makefile.am | 9 + docs/Makefile.in | 1937 + docs/autoiso.cfg | 244 + docs/fdl.texi | 452 + docs/font_char_metrics.png | Bin 0 -> 16443 bytes docs/font_char_metrics.txt | 1 + docs/grub-dev.info | 3069 + docs/grub-dev.texi | 2486 + docs/grub.cfg | 76 + docs/grub.info | 616 + docs/grub.info-1 | 8383 +++ docs/grub.info-2 | 4049 ++ docs/grub.texi | 10596 +++ docs/man/grub-bios-setup.h2m | 6 + docs/man/grub-editenv.h2m | 5 + docs/man/grub-emu.h2m | 6 + docs/man/grub-file.h2m | 2 + docs/man/grub-fstest.h2m | 4 + docs/man/grub-glue-efi.h2m | 4 + docs/man/grub-install.h2m | 6 + docs/man/grub-kbdcomp.h2m | 10 + docs/man/grub-macbless.h2m | 4 + docs/man/grub-macho2img.h2m | 4 + docs/man/grub-menulst2cfg.h2m | 4 + docs/man/grub-mkconfig.h2m | 4 + docs/man/grub-mkfont.h2m | 4 + docs/man/grub-mkimage.h2m | 6 + docs/man/grub-mklayout.h2m | 10 + docs/man/grub-mknetdir.h2m | 4 + docs/man/grub-mkpasswd-pbkdf2.h2m | 4 + docs/man/grub-mkrelpath.h2m | 4 + docs/man/grub-mkrescue.h2m | 4 + docs/man/grub-mkstandalone.h2m | 4 + docs/man/grub-mount.h2m | 2 + docs/man/grub-ofpathname.h2m | 4 + docs/man/grub-pe2elf.h2m | 4 + docs/man/grub-probe.h2m | 4 + docs/man/grub-protect.h2m | 4 + docs/man/grub-reboot.h2m | 5 + docs/man/grub-render-label.h2m | 3 + docs/man/grub-script-check.h2m | 4 + docs/man/grub-set-default.h2m | 5 + docs/man/grub-sparc64-setup.h2m | 6 + docs/man/grub-syslinux2cfg.h2m | 4 + docs/mdate-sh | 205 + docs/osdetect.cfg | 331 + docs/stamp-1 | 4 + docs/stamp-vti | 4 + docs/texinfo.tex | 8959 +++ docs/version-dev.texi | 4 + docs/version.texi | 4 + geninit.sh | 69 + gentpl.py | 915 + grub-core/Makefile.am | 522 + grub-core/Makefile.core.am | 25781 ++++++++ grub-core/Makefile.core.def | 2708 + grub-core/Makefile.gcry.def | 221 + grub-core/Makefile.in | 53540 ++++++++++++++++ grub-core/boot/decompressor/minilib.c | 93 + grub-core/boot/decompressor/none.c | 42 + grub-core/boot/decompressor/xz.c | 60 + grub-core/boot/i386/pc/boot.S | 542 + grub-core/boot/i386/pc/cdboot.S | 173 + grub-core/boot/i386/pc/diskboot.S | 378 + grub-core/boot/i386/pc/lnxboot.S | 295 + grub-core/boot/i386/pc/lzma_decode.S | 614 + grub-core/boot/i386/pc/pxeboot.S | 42 + grub-core/boot/i386/pc/startup_raw.S | 369 + grub-core/boot/i386/qemu/boot.S | 74 + grub-core/boot/mips/loongson/fuloong2f.S | 2 + grub-core/boot/mips/loongson/fwstart.S | 756 + grub-core/boot/mips/startup_raw.S | 300 + grub-core/boot/powerpc/bootinfo.txt.in | 73 + grub-core/boot/powerpc/grub.chrp.in | 172 + grub-core/boot/sparc64/ieee1275/boot.S | 262 + grub-core/boot/sparc64/ieee1275/diskboot.S | 145 + grub-core/bus/bonito.c | 176 + grub-core/bus/cs5536.c | 382 + grub-core/bus/emu/pci.c | 78 + grub-core/bus/fdt.c | 256 + grub-core/bus/i386/ieee1275/pci.c | 42 + grub-core/bus/pci.c | 173 + grub-core/bus/spi/rk3288_spi.c | 103 + grub-core/bus/usb/ehci-fdt.c | 45 + grub-core/bus/usb/ehci-pci.c | 208 + grub-core/bus/usb/ehci.c | 1839 + grub-core/bus/usb/ohci.c | 1468 + grub-core/bus/usb/serial/common.c | 139 + grub-core/bus/usb/serial/ftdi.c | 218 + grub-core/bus/usb/serial/pl2303.c | 231 + grub-core/bus/usb/serial/usbdebug_late.c | 93 + grub-core/bus/usb/uhci.c | 871 + grub-core/bus/usb/usb.c | 346 + grub-core/bus/usb/usbhub.c | 756 + grub-core/bus/usb/usbtrans.c | 462 + grub-core/commands/acpi.c | 820 + grub-core/commands/acpihalt.c | 454 + grub-core/commands/arc/lsdev.c | 57 + grub-core/commands/bli.c | 138 + grub-core/commands/blocklist.c | 162 + grub-core/commands/boot.c | 245 + grub-core/commands/boottime.c | 65 + grub-core/commands/cacheinfo.c | 62 + grub-core/commands/cat.c | 170 + grub-core/commands/cmp.c | 131 + grub-core/commands/configfile.c | 98 + grub-core/commands/date.c | 149 + grub-core/commands/echo.c | 141 + grub-core/commands/efi/efifwsetup.c | 102 + grub-core/commands/efi/efitextmode.c | 153 + grub-core/commands/efi/fixvideo.c | 114 + grub-core/commands/efi/loadbios.c | 204 + grub-core/commands/efi/lsefi.c | 146 + grub-core/commands/efi/lsefimmap.c | 160 + grub-core/commands/efi/lsefisystab.c | 129 + grub-core/commands/efi/lssal.c | 163 + grub-core/commands/efi/smbios.c | 37 + grub-core/commands/efi/tpm.c | 334 + grub-core/commands/eval.c | 71 + grub-core/commands/extcmd.c | 144 + grub-core/commands/file.c | 707 + grub-core/commands/file32.c | 5 + grub-core/commands/file64.c | 5 + grub-core/commands/fileXX.c | 74 + grub-core/commands/gptsync.c | 266 + grub-core/commands/halt.c | 47 + grub-core/commands/hashsum.c | 334 + grub-core/commands/hdparm.c | 447 + grub-core/commands/help.c | 155 + grub-core/commands/hexdump.c | 138 + grub-core/commands/i386/cmosdump.c | 64 + grub-core/commands/i386/cmostest.c | 124 + .../commands/i386/coreboot/cb_timestamps.c | 126 + grub-core/commands/i386/coreboot/cbls.c | 143 + grub-core/commands/i386/cpuid.c | 125 + grub-core/commands/i386/pc/drivemap.c | 430 + grub-core/commands/i386/pc/drivemap_int13h.S | 124 + grub-core/commands/i386/pc/halt.c | 126 + grub-core/commands/i386/pc/lsapm.c | 115 + grub-core/commands/i386/pc/play.c | 197 + grub-core/commands/i386/pc/sendkey.c | 387 + grub-core/commands/i386/pc/smbios.c | 52 + grub-core/commands/i386/rdmsr.c | 91 + grub-core/commands/i386/wrmsr.c | 83 + grub-core/commands/ieee1275/ibmvtpm.c | 117 + grub-core/commands/ieee1275/suspend.c | 51 + grub-core/commands/iorw.c | 156 + grub-core/commands/keylayouts.c | 307 + grub-core/commands/keystatus.c | 95 + grub-core/commands/legacycfg.c | 911 + grub-core/commands/loadenv.c | 472 + grub-core/commands/ls.c | 311 + grub-core/commands/lsacpi.c | 314 + grub-core/commands/lsmmap.c | 85 + grub-core/commands/lspci.c | 238 + grub-core/commands/macbless.c | 233 + grub-core/commands/memrw.c | 161 + grub-core/commands/memtools.c | 152 + grub-core/commands/menuentry.c | 337 + grub-core/commands/minicmd.c | 238 + grub-core/commands/mips/loongson/lsspd.c | 103 + grub-core/commands/nativedisk.c | 332 + grub-core/commands/parttool.c | 357 + grub-core/commands/password.c | 93 + grub-core/commands/password_pbkdf2.c | 209 + grub-core/commands/pcidump.c | 174 + grub-core/commands/pgp.c | 972 + grub-core/commands/probe.c | 250 + grub-core/commands/read.c | 114 + grub-core/commands/reboot.c | 46 + grub-core/commands/regexp.c | 168 + grub-core/commands/search.c | 412 + grub-core/commands/search_file.c | 5 + grub-core/commands/search_label.c | 5 + grub-core/commands/search_uuid.c | 5 + grub-core/commands/search_wrap.c | 231 + grub-core/commands/setpci.c | 339 + grub-core/commands/sleep.c | 117 + grub-core/commands/smbios.c | 398 + grub-core/commands/syslinuxcfg.c | 217 + grub-core/commands/terminal.c | 285 + grub-core/commands/test.c | 470 + grub-core/commands/testload.c | 172 + grub-core/commands/testspeed.c | 115 + grub-core/commands/time.c | 68 + grub-core/commands/tpm.c | 125 + grub-core/commands/tpm2_key_protector/args.c | 127 + .../commands/tpm2_key_protector/module.c | 1496 + grub-core/commands/tpm2_key_protector/tpm2.h | 36 + .../commands/tpm2_key_protector/tpm2_args.h | 49 + .../commands/tpm2_key_protector/tpm2key.c | 499 + .../commands/tpm2_key_protector/tpm2key.h | 87 + .../tpm2_key_protector/tpm2key_asn1_tab.c | 63 + grub-core/commands/tr.c | 126 + grub-core/commands/true.c | 61 + grub-core/commands/usbtest.c | 227 + grub-core/commands/videoinfo.c | 267 + grub-core/commands/videotest.c | 241 + grub-core/commands/wildcard.c | 652 + grub-core/commands/xen/lsxen.c | 90 + grub-core/commands/xnu_uuid.c | 119 + grub-core/disk/AFSplitter.c | 95 + grub-core/disk/ahci.c | 1161 + grub-core/disk/arc/arcdisk.c | 325 + grub-core/disk/ata.c | 682 + grub-core/disk/cryptodisk.c | 1916 + grub-core/disk/diskfilter.c | 1494 + grub-core/disk/dmraid_nvidia.c | 196 + grub-core/disk/efi/efidisk.c | 912 + grub-core/disk/geli.c | 584 + grub-core/disk/host.c | 103 + grub-core/disk/i386/pc/biosdisk.c | 687 + grub-core/disk/ieee1275/nand.c | 242 + grub-core/disk/ieee1275/obdisk.c | 1109 + grub-core/disk/ieee1275/ofdisk.c | 783 + grub-core/disk/key_protector.c | 73 + grub-core/disk/ldm.c | 1123 + grub-core/disk/loopback.c | 262 + grub-core/disk/luks.c | 301 + grub-core/disk/luks2.c | 810 + grub-core/disk/lvm.c | 1098 + grub-core/disk/mdraid1x_linux.c | 311 + grub-core/disk/mdraid_linux.c | 298 + grub-core/disk/mdraid_linux_be.c | 2 + grub-core/disk/memdisk.c | 123 + grub-core/disk/pata.c | 556 + grub-core/disk/plainmount.c | 463 + grub-core/disk/raid5_recover.c | 76 + grub-core/disk/raid6_recover.c | 218 + grub-core/disk/scsi.c | 764 + grub-core/disk/uboot/ubootdisk.c | 305 + grub-core/disk/usbms.c | 660 + grub-core/disk/xen/xendisk.c | 483 + grub-core/efiemu/i386/coredetect.c | 27 + grub-core/efiemu/i386/loadcore32.c | 121 + grub-core/efiemu/i386/loadcore64.c | 138 + grub-core/efiemu/i386/nocfgtables.c | 30 + grub-core/efiemu/i386/pc/cfgtables.c | 69 + grub-core/efiemu/loadcore.c | 387 + grub-core/efiemu/loadcore32.c | 22 + grub-core/efiemu/loadcore64.c | 22 + grub-core/efiemu/loadcore_common.c | 196 + grub-core/efiemu/main.c | 328 + grub-core/efiemu/mm.c | 677 + grub-core/efiemu/pnvram.c | 269 + grub-core/efiemu/prepare.c | 169 + grub-core/efiemu/prepare32.c | 22 + grub-core/efiemu/prepare64.c | 22 + grub-core/efiemu/runtime/config.h | 36 + grub-core/efiemu/runtime/efiemu.S | 159 + grub-core/efiemu/runtime/efiemu.c | 657 + grub-core/efiemu/symbols.c | 272 + grub-core/font/font.c | 1660 + grub-core/font/font_cmd.c | 92 + grub-core/fs/affs.c | 719 + grub-core/fs/afs.c | 3 + grub-core/fs/archelp.c | 316 + grub-core/fs/bfs.c | 1125 + grub-core/fs/btrfs.c | 2449 + grub-core/fs/cbfs.c | 408 + grub-core/fs/cpio.c | 62 + grub-core/fs/cpio_be.c | 62 + grub-core/fs/cpio_common.c | 275 + grub-core/fs/erofs.c | 1006 + grub-core/fs/exfat.c | 2 + grub-core/fs/ext2.c | 1155 + grub-core/fs/f2fs.c | 1377 + grub-core/fs/fat.c | 1327 + grub-core/fs/fshelp.c | 444 + grub-core/fs/hfs.c | 1447 + grub-core/fs/hfsplus.c | 1187 + grub-core/fs/hfspluscomp.c | 322 + grub-core/fs/iso9660.c | 1271 + grub-core/fs/jfs.c | 1020 + grub-core/fs/minix.c | 766 + grub-core/fs/minix2.c | 2 + grub-core/fs/minix2_be.c | 3 + grub-core/fs/minix3.c | 2 + grub-core/fs/minix3_be.c | 3 + grub-core/fs/minix_be.c | 2 + grub-core/fs/newc.c | 74 + grub-core/fs/nilfs2.c | 1247 + grub-core/fs/ntfs.c | 1666 + grub-core/fs/ntfscomp.c | 450 + grub-core/fs/odc.c | 62 + grub-core/fs/proc.c | 204 + grub-core/fs/reiserfs.c | 1433 + grub-core/fs/romfs.c | 490 + grub-core/fs/sfs.c | 798 + grub-core/fs/squash4.c | 1061 + grub-core/fs/tar.c | 373 + grub-core/fs/udf.c | 1471 + grub-core/fs/ufs.c | 924 + grub-core/fs/ufs2.c | 3 + grub-core/fs/ufs_be.c | 2 + grub-core/fs/xfs.c | 1350 + grub-core/fs/zfs/zfs.c | 4581 ++ grub-core/fs/zfs/zfs_fletcher.c | 84 + grub-core/fs/zfs/zfs_lz4.c | 285 + grub-core/fs/zfs/zfs_lzjb.c | 93 + grub-core/fs/zfs/zfs_sha256.c | 143 + grub-core/fs/zfs/zfscrypt.c | 491 + grub-core/fs/zfs/zfsinfo.c | 444 + grub-core/gdb/cstub.c | 366 + grub-core/gdb/gdb.c | 105 + grub-core/gdb/i386/idt.c | 78 + grub-core/gdb/i386/machdep.S | 245 + grub-core/gdb/i386/signal.c | 53 + grub-core/gdb_grub.in | 136 + grub-core/gdb_helper.py.in | 173 + grub-core/genemuinit.sh | 72 + grub-core/genemuinitheader.sh | 52 + grub-core/genmod.sh.in | 106 + grub-core/genmoddep.awk | 108 + grub-core/gensyminfo.sh.in | 37 + grub-core/gensymlist.sh | 74 + grub-core/gentrigtables.c | 57 + grub-core/gettext/gettext.c | 551 + grub-core/gfxmenu/font.c | 116 + grub-core/gfxmenu/gfxmenu.c | 150 + grub-core/gfxmenu/gui_box.c | 428 + grub-core/gfxmenu/gui_canvas.c | 278 + grub-core/gfxmenu/gui_circular_progress.c | 331 + grub-core/gfxmenu/gui_image.c | 273 + grub-core/gfxmenu/gui_label.c | 277 + grub-core/gfxmenu/gui_list.c | 953 + grub-core/gfxmenu/gui_progress_bar.c | 457 + grub-core/gfxmenu/gui_string_util.c | 206 + grub-core/gfxmenu/gui_util.c | 101 + grub-core/gfxmenu/icon_manager.c | 257 + grub-core/gfxmenu/theme_loader.c | 828 + grub-core/gfxmenu/view.c | 655 + grub-core/gfxmenu/widget-box.c | 360 + grub-core/hello/hello.c | 51 + grub-core/hook/datehook.c | 110 + grub-core/io/bufio.c | 214 + grub-core/io/gzio.c | 1462 + grub-core/io/lzopio.c | 546 + grub-core/io/offset.c | 112 + grub-core/io/xzio.c | 346 + grub-core/kern/acpi.c | 135 + grub-core/kern/arm/cache.S | 123 + grub-core/kern/arm/cache.c | 311 + grub-core/kern/arm/cache_armv6.S | 72 + grub-core/kern/arm/cache_armv7.S | 138 + grub-core/kern/arm/compiler-rt.S | 86 + grub-core/kern/arm/coreboot/cbtable.c | 40 + grub-core/kern/arm/coreboot/coreboot.S | 44 + grub-core/kern/arm/coreboot/dma.c | 59 + grub-core/kern/arm/coreboot/init.c | 151 + grub-core/kern/arm/coreboot/timer.c | 101 + grub-core/kern/arm/dl.c | 280 + grub-core/kern/arm/dl_helper.c | 245 + grub-core/kern/arm/efi/init.c | 77 + grub-core/kern/arm/efi/startup.S | 36 + grub-core/kern/arm/startup.S | 177 + grub-core/kern/arm/uboot/init.c | 70 + grub-core/kern/arm/uboot/uboot.S | 73 + grub-core/kern/arm64/cache.c | 63 + grub-core/kern/arm64/cache_flush.S | 55 + grub-core/kern/arm64/dl.c | 198 + grub-core/kern/arm64/dl_helper.c | 134 + grub-core/kern/arm64/efi/init.c | 63 + grub-core/kern/arm64/efi/startup.S | 39 + grub-core/kern/buffer.c | 120 + grub-core/kern/command.c | 111 + grub-core/kern/compiler-rt.c | 454 + grub-core/kern/coreboot/cbtable.c | 72 + grub-core/kern/coreboot/mmap.c | 100 + grub-core/kern/corecmd.c | 192 + grub-core/kern/device.c | 194 + grub-core/kern/disk.c | 561 + grub-core/kern/disk_common.c | 60 + grub-core/kern/dl.c | 939 + grub-core/kern/efi/acpi.c | 37 + grub-core/kern/efi/debug.c | 38 + grub-core/kern/efi/efi.c | 1108 + grub-core/kern/efi/fdt.c | 35 + grub-core/kern/efi/init.c | 160 + grub-core/kern/efi/mm.c | 806 + grub-core/kern/efi/sb.c | 275 + grub-core/kern/elf.c | 230 + grub-core/kern/elfXX.c | 308 + grub-core/kern/emu/argp_common.c | 41 + grub-core/kern/emu/cache.c | 35 + grub-core/kern/emu/cache_s.S | 20 + grub-core/kern/emu/full.c | 69 + grub-core/kern/emu/hostdisk.c | 686 + grub-core/kern/emu/hostfs.c | 200 + grub-core/kern/emu/lite.c | 47 + grub-core/kern/emu/main.c | 299 + grub-core/kern/emu/misc.c | 283 + grub-core/kern/emu/mm.c | 75 + grub-core/kern/emu/time.c | 46 + grub-core/kern/env.c | 251 + grub-core/kern/err.c | 122 + grub-core/kern/file.c | 233 + grub-core/kern/fs.c | 267 + grub-core/kern/generic/millisleep.c | 39 + grub-core/kern/generic/rtc_get_time_ms.c | 38 + grub-core/kern/i386/coreboot/cbtable.c | 44 + grub-core/kern/i386/coreboot/init.c | 143 + grub-core/kern/i386/coreboot/startup.S | 62 + grub-core/kern/i386/dl.c | 81 + grub-core/kern/i386/efi/init.c | 48 + grub-core/kern/i386/efi/startup.S | 36 + grub-core/kern/i386/efi/tsc.c | 40 + grub-core/kern/i386/ieee1275/startup.S | 40 + grub-core/kern/i386/int.S | 134 + grub-core/kern/i386/multiboot_mmap.c | 73 + grub-core/kern/i386/pc/acpi.c | 83 + grub-core/kern/i386/pc/init.c | 280 + grub-core/kern/i386/pc/mmap.c | 193 + grub-core/kern/i386/pc/startup.S | 217 + grub-core/kern/i386/qemu/init.c | 276 + grub-core/kern/i386/qemu/mmap.c | 107 + grub-core/kern/i386/qemu/startup.S | 75 + grub-core/kern/i386/realmode.S | 281 + grub-core/kern/i386/tsc.c | 78 + grub-core/kern/i386/tsc_pit.c | 84 + grub-core/kern/i386/tsc_pmtimer.c | 157 + grub-core/kern/i386/xen/hypercall.S | 43 + grub-core/kern/i386/xen/pvh.c | 369 + grub-core/kern/i386/xen/startup.S | 38 + grub-core/kern/i386/xen/startup_pvh.S | 81 + grub-core/kern/i386/xen/tsc.c | 40 + grub-core/kern/ia64/cache.c | 35 + grub-core/kern/ia64/dl.c | 150 + grub-core/kern/ia64/dl_helper.c | 241 + grub-core/kern/ia64/efi/init.c | 80 + grub-core/kern/ia64/efi/startup.S | 44 + grub-core/kern/ieee1275/cmain.c | 215 + grub-core/kern/ieee1275/ieee1275.c | 809 + grub-core/kern/ieee1275/init.c | 1047 + grub-core/kern/ieee1275/mmap.c | 83 + grub-core/kern/ieee1275/openfw.c | 593 + grub-core/kern/list.c | 55 + grub-core/kern/lockdown.c | 85 + grub-core/kern/loongarch64/cache.c | 39 + grub-core/kern/loongarch64/cache_flush.S | 33 + grub-core/kern/loongarch64/dl.c | 150 + grub-core/kern/loongarch64/dl_helper.c | 285 + grub-core/kern/loongarch64/efi/init.c | 77 + grub-core/kern/loongarch64/efi/startup.S | 34 + grub-core/kern/main.c | 370 + grub-core/kern/mips/arc/init.c | 463 + grub-core/kern/mips/cache.S | 70 + grub-core/kern/mips/cache_flush.S | 54 + grub-core/kern/mips/dl.c | 274 + grub-core/kern/mips/init.c | 38 + grub-core/kern/mips/loongson/init.c | 320 + grub-core/kern/mips/qemu_mips/init.c | 105 + grub-core/kern/mips/startup.S | 126 + grub-core/kern/misc.c | 1405 + grub-core/kern/mm.c | 863 + grub-core/kern/parser.c | 344 + grub-core/kern/partition.c | 295 + grub-core/kern/powerpc/cache.S | 26 + grub-core/kern/powerpc/cache_flush.S | 43 + grub-core/kern/powerpc/compiler-rt.S | 130 + grub-core/kern/powerpc/dl.c | 169 + grub-core/kern/powerpc/ieee1275/startup.S | 67 + grub-core/kern/rescue_parser.c | 90 + grub-core/kern/rescue_reader.c | 111 + grub-core/kern/riscv/cache.c | 63 + grub-core/kern/riscv/cache_flush.S | 44 + grub-core/kern/riscv/dl.c | 346 + grub-core/kern/riscv/efi/init.c | 78 + grub-core/kern/riscv/efi/startup.S | 48 + grub-core/kern/sparc64/cache.S | 41 + grub-core/kern/sparc64/dl.c | 191 + grub-core/kern/sparc64/ieee1275/crt0.S | 104 + grub-core/kern/sparc64/ieee1275/ieee1275.c | 147 + grub-core/kern/term.c | 169 + grub-core/kern/time.c | 37 + grub-core/kern/uboot/hw.c | 112 + grub-core/kern/uboot/init.c | 172 + grub-core/kern/uboot/uboot.c | 307 + grub-core/kern/verifiers.c | 228 + grub-core/kern/vga_init.c | 128 + grub-core/kern/x86_64/dl.c | 121 + grub-core/kern/x86_64/efi/startup.S | 35 + grub-core/kern/x86_64/xen/hypercall.S | 53 + grub-core/kern/x86_64/xen/startup.S | 39 + grub-core/kern/xen/init.c | 601 + grub-core/lib/LzFind.c | 777 + grub-core/lib/LzmaDec.c | 1037 + grub-core/lib/LzmaEnc.c | 2249 + grub-core/lib/adler32.c | 113 + grub-core/lib/arc/datetime.c | 48 + grub-core/lib/arg.c | 492 + grub-core/lib/arm/setjmp.S | 53 + grub-core/lib/arm64/setjmp.S | 56 + grub-core/lib/b64dec.c | 279 + grub-core/lib/backtrace.c | 70 + grub-core/lib/cmdline.c | 109 + grub-core/lib/cmos_datetime.c | 194 + grub-core/lib/crc.c | 76 + grub-core/lib/crc64.c | 128 + grub-core/lib/crypto.c | 716 + grub-core/lib/datetime.c | 122 + grub-core/lib/disk.c | 161 + grub-core/lib/division.c | 74 + grub-core/lib/dummy/datetime.c | 40 + grub-core/lib/dummy/halt.c | 32 + grub-core/lib/dummy/reboot.c | 32 + grub-core/lib/efi/datetime.c | 79 + grub-core/lib/efi/halt.c | 41 + grub-core/lib/efi/relocator.c | 119 + grub-core/lib/efi/tcg2.c | 143 + grub-core/lib/emu/halt.c | 25 + grub-core/lib/envblk.c | 297 + grub-core/lib/fake_module.c | 4 + grub-core/lib/fdt.c | 531 + grub-core/lib/getline.c | 92 + .../gnulib-patches/fix-gcc-15-compile.patch | 11 + .../fix-regcomp-resource-leak.patch | 110 + .../fix-regexec-resource-leak.patch | 11 + .../lib/gnulib-patches/fix-unused-value.patch | 14 + grub-core/lib/gnulib-patches/fix-width.patch | 217 + grub-core/lib/gnulib/Makefile.am | 2580 + grub-core/lib/gnulib/Makefile.in | 5741 ++ grub-core/lib/gnulib/_Noreturn.h | 45 + grub-core/lib/gnulib/alloca.c | 202 + grub-core/lib/gnulib/alloca.h | 73 + grub-core/lib/gnulib/alloca.in.h | 72 + grub-core/lib/gnulib/arg-nonnull.h | 26 + grub-core/lib/gnulib/argp-ba.c | 34 + grub-core/lib/gnulib/argp-eexst.c | 30 + grub-core/lib/gnulib/argp-fmtstream.c | 488 + grub-core/lib/gnulib/argp-fmtstream.h | 300 + grub-core/lib/gnulib/argp-fs-xinl.c | 46 + grub-core/lib/gnulib/argp-help.c | 2026 + grub-core/lib/gnulib/argp-namefrob.h | 170 + grub-core/lib/gnulib/argp-parse.c | 957 + grub-core/lib/gnulib/argp-pin.c | 33 + grub-core/lib/gnulib/argp-pv.c | 33 + grub-core/lib/gnulib/argp-pvh.c | 30 + grub-core/lib/gnulib/argp-xinl.c | 46 + grub-core/lib/gnulib/argp.h | 643 + grub-core/lib/gnulib/asnprintf.c | 34 + grub-core/lib/gnulib/assure.h | 57 + grub-core/lib/gnulib/attribute.h | 226 + grub-core/lib/gnulib/base64.c | 598 + grub-core/lib/gnulib/base64.h | 68 + grub-core/lib/gnulib/basename-lgpl.c | 71 + grub-core/lib/gnulib/basename-lgpl.h | 78 + grub-core/lib/gnulib/btowc.c | 39 + grub-core/lib/gnulib/c++defs.h | 331 + grub-core/lib/gnulib/calloc.c | 55 + grub-core/lib/gnulib/cdefs.h | 705 + grub-core/lib/gnulib/chdir-long.c | 264 + grub-core/lib/gnulib/chdir-long.h | 30 + grub-core/lib/gnulib/cloexec.c | 83 + grub-core/lib/gnulib/cloexec.h | 36 + grub-core/lib/gnulib/close.c | 75 + grub-core/lib/gnulib/ctype.h | 538 + grub-core/lib/gnulib/ctype.in.h | 57 + grub-core/lib/gnulib/dirent.h | 828 + grub-core/lib/gnulib/dirent.in.h | 321 + grub-core/lib/gnulib/dirfd.c | 98 + grub-core/lib/gnulib/dup-safer-flag.c | 38 + grub-core/lib/gnulib/dup-safer.c | 34 + grub-core/lib/gnulib/dup2.c | 189 + grub-core/lib/gnulib/dynarray.h | 284 + grub-core/lib/gnulib/errno.in.h | 279 + grub-core/lib/gnulib/error.c | 411 + grub-core/lib/gnulib/error.h | 66 + grub-core/lib/gnulib/exitfail.c | 24 + grub-core/lib/gnulib/exitfail.h | 18 + grub-core/lib/gnulib/fchdir.c | 206 + grub-core/lib/gnulib/fcntl.c | 629 + grub-core/lib/gnulib/fcntl.h | 948 + grub-core/lib/gnulib/fcntl.in.h | 441 + grub-core/lib/gnulib/fd-hook.c | 116 + grub-core/lib/gnulib/fd-hook.h | 119 + grub-core/lib/gnulib/fd-safer-flag.c | 52 + grub-core/lib/gnulib/fd-safer.c | 49 + grub-core/lib/gnulib/filename.h | 112 + grub-core/lib/gnulib/filenamecat-lgpl.c | 90 + grub-core/lib/gnulib/filenamecat.h | 32 + grub-core/lib/gnulib/flexmember.h | 60 + grub-core/lib/gnulib/float+.h | 147 + grub-core/lib/gnulib/float.c | 33 + grub-core/lib/gnulib/float.in.h | 194 + grub-core/lib/gnulib/fnmatch.c | 361 + grub-core/lib/gnulib/fnmatch.in.h | 110 + grub-core/lib/gnulib/fnmatch_loop.c | 1211 + grub-core/lib/gnulib/free.c | 53 + grub-core/lib/gnulib/fstat.c | 94 + grub-core/lib/gnulib/getcwd-lgpl.c | 127 + grub-core/lib/gnulib/getdelim.c | 147 + grub-core/lib/gnulib/getdtablesize.c | 124 + grub-core/lib/gnulib/getline.c | 27 + grub-core/lib/gnulib/getopt-cdefs.h | 67 + grub-core/lib/gnulib/getopt-cdefs.in.h | 66 + grub-core/lib/gnulib/getopt-core.h | 96 + grub-core/lib/gnulib/getopt-ext.h | 77 + grub-core/lib/gnulib/getopt-pfx-core.h | 66 + grub-core/lib/gnulib/getopt-pfx-ext.h | 70 + grub-core/lib/gnulib/getopt.c | 811 + grub-core/lib/gnulib/getopt.h | 88 + grub-core/lib/gnulib/getopt.in.h | 61 + grub-core/lib/gnulib/getopt1.c | 159 + grub-core/lib/gnulib/getopt_int.h | 118 + grub-core/lib/gnulib/getprogname.c | 302 + grub-core/lib/gnulib/getprogname.h | 40 + grub-core/lib/gnulib/gettext.h | 300 + grub-core/lib/gnulib/glthread/lock.c | 749 + grub-core/lib/gnulib/glthread/lock.h | 791 + grub-core/lib/gnulib/glthread/threadlib.c | 108 + grub-core/lib/gnulib/hard-locale.c | 35 + grub-core/lib/gnulib/hard-locale.h | 28 + grub-core/lib/gnulib/ialloc.c | 21 + grub-core/lib/gnulib/ialloc.h | 100 + grub-core/lib/gnulib/idx.h | 134 + grub-core/lib/gnulib/intprops.h | 642 + grub-core/lib/gnulib/inttypes.h | 1509 + grub-core/lib/gnulib/inttypes.in.h | 1002 + grub-core/lib/gnulib/isblank.c | 33 + grub-core/lib/gnulib/itold.c | 28 + grub-core/lib/gnulib/langinfo.h | 703 + grub-core/lib/gnulib/langinfo.in.h | 222 + grub-core/lib/gnulib/lc-charset-dispatch.c | 82 + grub-core/lib/gnulib/lc-charset-dispatch.h | 40 + grub-core/lib/gnulib/libc-config.h | 191 + grub-core/lib/gnulib/limits.h | 132 + grub-core/lib/gnulib/limits.in.h | 131 + grub-core/lib/gnulib/localcharset.c | 1159 + grub-core/lib/gnulib/localcharset.h | 137 + grub-core/lib/gnulib/locale.h | 812 + grub-core/lib/gnulib/locale.in.h | 305 + grub-core/lib/gnulib/localeconv.c | 103 + grub-core/lib/gnulib/malloc.c | 51 + .../lib/gnulib/malloc/dynarray-skeleton.c | 528 + .../lib/gnulib/malloc/dynarray-skeleton.gl.h | 529 + grub-core/lib/gnulib/malloc/dynarray.gl.h | 174 + grub-core/lib/gnulib/malloc/dynarray.h | 178 + .../lib/gnulib/malloc/dynarray_at_failure.c | 40 + .../gnulib/malloc/dynarray_emplace_enlarge.c | 77 + .../lib/gnulib/malloc/dynarray_finalize.c | 66 + grub-core/lib/gnulib/malloc/dynarray_resize.c | 68 + .../lib/gnulib/malloc/dynarray_resize_clear.c | 39 + grub-core/lib/gnulib/malloca.c | 113 + grub-core/lib/gnulib/malloca.h | 126 + grub-core/lib/gnulib/mbrtowc-impl-utf8.h | 138 + grub-core/lib/gnulib/mbrtowc-impl.h | 262 + grub-core/lib/gnulib/mbrtowc.c | 158 + grub-core/lib/gnulib/mbsinit.c | 70 + grub-core/lib/gnulib/mbsrtowcs-impl.h | 122 + grub-core/lib/gnulib/mbsrtowcs-state.c | 37 + grub-core/lib/gnulib/mbsrtowcs.c | 36 + grub-core/lib/gnulib/mbswidth.c | 208 + grub-core/lib/gnulib/mbswidth.h | 59 + grub-core/lib/gnulib/mbtowc-impl.h | 44 + grub-core/lib/gnulib/mbtowc-lock.c | 150 + grub-core/lib/gnulib/mbtowc-lock.h | 125 + grub-core/lib/gnulib/mbtowc.c | 26 + grub-core/lib/gnulib/memchr.c | 172 + grub-core/lib/gnulib/memchr.valgrind | 30 + grub-core/lib/gnulib/mempcpy.c | 33 + grub-core/lib/gnulib/memrchr.c | 161 + grub-core/lib/gnulib/msvc-inval.c | 129 + grub-core/lib/gnulib/msvc-inval.h | 222 + grub-core/lib/gnulib/msvc-nothrow.c | 51 + grub-core/lib/gnulib/msvc-nothrow.h | 43 + grub-core/lib/gnulib/nl_langinfo-lock.c | 150 + grub-core/lib/gnulib/nl_langinfo.c | 572 + grub-core/lib/gnulib/open.c | 209 + grub-core/lib/gnulib/openat-die.c | 62 + grub-core/lib/gnulib/openat-priv.h | 64 + grub-core/lib/gnulib/openat-proc.c | 135 + grub-core/lib/gnulib/openat.c | 312 + grub-core/lib/gnulib/openat.h | 123 + grub-core/lib/gnulib/pathmax.h | 83 + grub-core/lib/gnulib/pipe-safer.c | 52 + grub-core/lib/gnulib/pipe.c | 50 + grub-core/lib/gnulib/printf-args.c | 183 + grub-core/lib/gnulib/printf-args.h | 150 + grub-core/lib/gnulib/printf-parse.c | 623 + grub-core/lib/gnulib/printf-parse.h | 193 + grub-core/lib/gnulib/progname.c | 92 + grub-core/lib/gnulib/progname.h | 62 + grub-core/lib/gnulib/rawmemchr.c | 125 + grub-core/lib/gnulib/rawmemchr.valgrind | 28 + grub-core/lib/gnulib/realloc.c | 63 + grub-core/lib/gnulib/reallocarray.c | 39 + grub-core/lib/gnulib/regcomp.c | 3783 ++ grub-core/lib/gnulib/regex.c | 84 + grub-core/lib/gnulib/regex.h | 699 + grub-core/lib/gnulib/regex_internal.c | 1713 + grub-core/lib/gnulib/regex_internal.h | 835 + grub-core/lib/gnulib/regexec.c | 4224 ++ grub-core/lib/gnulib/save-cwd.c | 97 + grub-core/lib/gnulib/save-cwd.h | 34 + grub-core/lib/gnulib/setlocale-lock.c | 150 + grub-core/lib/gnulib/setlocale_null.c | 411 + grub-core/lib/gnulib/setlocale_null.h | 82 + grub-core/lib/gnulib/size_max.h | 30 + grub-core/lib/gnulib/sleep.c | 76 + grub-core/lib/gnulib/stat-time.c | 21 + grub-core/lib/gnulib/stat-time.h | 252 + grub-core/lib/gnulib/stat-w32.c | 461 + grub-core/lib/gnulib/stat-w32.h | 37 + grub-core/lib/gnulib/stat.c | 440 + grub-core/lib/gnulib/stdalign.in.h | 127 + grub-core/lib/gnulib/stdbool.in.h | 132 + grub-core/lib/gnulib/stddef.in.h | 147 + grub-core/lib/gnulib/stdint.in.h | 740 + grub-core/lib/gnulib/stdio-read.c | 168 + grub-core/lib/gnulib/stdio-write.c | 206 + grub-core/lib/gnulib/stdio.h | 2218 + grub-core/lib/gnulib/stdio.in.h | 1711 + grub-core/lib/gnulib/stdlib.h | 2107 + grub-core/lib/gnulib/stdlib.in.h | 1555 + grub-core/lib/gnulib/strcasecmp.c | 62 + grub-core/lib/gnulib/strchrnul.c | 142 + grub-core/lib/gnulib/strchrnul.valgrind | 28 + grub-core/lib/gnulib/strdup.c | 54 + grub-core/lib/gnulib/streq.h | 176 + grub-core/lib/gnulib/strerror-override.c | 306 + grub-core/lib/gnulib/strerror-override.h | 57 + grub-core/lib/gnulib/strerror.c | 71 + grub-core/lib/gnulib/string.h | 1776 + grub-core/lib/gnulib/string.in.h | 1269 + grub-core/lib/gnulib/strings.h | 629 + grub-core/lib/gnulib/strings.in.h | 122 + grub-core/lib/gnulib/strncasecmp.c | 62 + grub-core/lib/gnulib/strndup.c | 36 + grub-core/lib/gnulib/strnlen.c | 30 + grub-core/lib/gnulib/strnlen1.c | 35 + grub-core/lib/gnulib/strnlen1.h | 40 + grub-core/lib/gnulib/sys/stat.h | 1435 + grub-core/lib/gnulib/sys/types.h | 107 + grub-core/lib/gnulib/sys_stat.in.h | 928 + grub-core/lib/gnulib/sys_types.in.h | 106 + grub-core/lib/gnulib/sysexits.in.h | 72 + grub-core/lib/gnulib/time.h | 959 + grub-core/lib/gnulib/time.in.h | 452 + grub-core/lib/gnulib/unictype/bitmap.h | 48 + grub-core/lib/gnulib/unistd--.h | 32 + grub-core/lib/gnulib/unistd-safer.h | 31 + grub-core/lib/gnulib/unistd.c | 22 + grub-core/lib/gnulib/unistd.h | 2834 + grub-core/lib/gnulib/unistd.in.h | 2327 + grub-core/lib/gnulib/unitypes.h | 62 + grub-core/lib/gnulib/unitypes.in.h | 61 + grub-core/lib/gnulib/uniwidth.h | 73 + grub-core/lib/gnulib/uniwidth.in.h | 72 + grub-core/lib/gnulib/uniwidth/cjk.h | 37 + grub-core/lib/gnulib/uniwidth/width.c | 95 + grub-core/lib/gnulib/uniwidth/width0.h | 485 + grub-core/lib/gnulib/uniwidth/width2.h | 549 + grub-core/lib/gnulib/vasnprintf.c | 5872 ++ grub-core/lib/gnulib/vasnprintf.h | 72 + grub-core/lib/gnulib/verify.h | 315 + grub-core/lib/gnulib/vsnprintf.c | 70 + grub-core/lib/gnulib/warn-on-use.h | 149 + grub-core/lib/gnulib/wchar.h | 1829 + grub-core/lib/gnulib/wchar.in.h | 1322 + grub-core/lib/gnulib/wcrtomb.c | 80 + grub-core/lib/gnulib/wctype-h.c | 23 + grub-core/lib/gnulib/wctype.h | 1213 + grub-core/lib/gnulib/wctype.in.h | 732 + grub-core/lib/gnulib/wcwidth.c | 73 + grub-core/lib/gnulib/windows-initguard.h | 35 + grub-core/lib/gnulib/windows-mutex.c | 95 + grub-core/lib/gnulib/windows-mutex.h | 51 + grub-core/lib/gnulib/windows-once.c | 62 + grub-core/lib/gnulib/windows-once.h | 47 + grub-core/lib/gnulib/windows-recmutex.c | 127 + grub-core/lib/gnulib/windows-recmutex.h | 57 + grub-core/lib/gnulib/windows-rwlock.c | 377 + grub-core/lib/gnulib/windows-rwlock.h | 68 + grub-core/lib/gnulib/wmemchr-impl.h | 27 + grub-core/lib/gnulib/wmemchr.c | 23 + grub-core/lib/gnulib/wmempcpy.c | 28 + grub-core/lib/gnulib/xalloc-oversized.h | 65 + grub-core/lib/gnulib/xsize.c | 21 + grub-core/lib/gnulib/xsize.h | 108 + grub-core/lib/gpgrt-int.h | 24 + grub-core/lib/hexdump.c | 85 + grub-core/lib/i386/backtrace.c | 66 + grub-core/lib/i386/halt.c | 82 + grub-core/lib/i386/pc/biosnum.c | 47 + grub-core/lib/i386/pc/vesa_modes_table.c | 127 + grub-core/lib/i386/random.c | 103 + grub-core/lib/i386/reboot.c | 64 + grub-core/lib/i386/reboot_trampoline.S | 34 + grub-core/lib/i386/relocator.c | 210 + grub-core/lib/i386/relocator16.S | 341 + grub-core/lib/i386/relocator32.S | 134 + grub-core/lib/i386/relocator64.S | 210 + grub-core/lib/i386/relocator_asm.S | 80 + grub-core/lib/i386/relocator_common.S | 111 + grub-core/lib/i386/relocator_common_c.c | 109 + grub-core/lib/i386/setjmp.S | 59 + grub-core/lib/i386/xen/relocator.S | 165 + grub-core/lib/ia64/longjmp.S | 162 + grub-core/lib/ia64/setjmp.S | 177 + grub-core/lib/ieee1275/cmos.c | 77 + grub-core/lib/ieee1275/datetime.c | 156 + grub-core/lib/ieee1275/halt.c | 33 + grub-core/lib/ieee1275/reboot.c | 27 + grub-core/lib/ieee1275/relocator.c | 110 + grub-core/lib/ieee1275/tcg2.c | 157 + grub-core/lib/json/jsmn.h | 471 + grub-core/lib/json/json.c | 382 + grub-core/lib/json/json.h | 140 + grub-core/lib/legacy_parse.c | 875 + grub-core/lib/libgcrypt-grub/cipher/ChangeLog | 645 + grub-core/lib/libgcrypt-grub/cipher/arcfour.c | 202 + grub-core/lib/libgcrypt-grub/cipher/aria.c | 1792 + .../cipher/asm-common-aarch64.h | 133 + .../libgcrypt-grub/cipher/asm-common-amd64.h | 214 + .../libgcrypt-grub/cipher/asm-common-i386.h | 162 + .../libgcrypt-grub/cipher/asm-common-s390x.h | 91 + .../libgcrypt-grub/cipher/asm-inline-s390x.h | 206 + .../cipher/asm-poly1305-aarch64.h | 247 + .../cipher/asm-poly1305-amd64.h | 173 + .../cipher/asm-poly1305-s390x.h | 142 + grub-core/lib/libgcrypt-grub/cipher/bithelp.h | 125 + grub-core/lib/libgcrypt-grub/cipher/blake2.c | 916 + .../lib/libgcrypt-grub/cipher/blowfish.c | 1068 + grub-core/lib/libgcrypt-grub/cipher/bufhelp.h | 374 + .../lib/libgcrypt-grub/cipher/bulkhelp.h | 495 + .../cipher/camellia-aesni-avx2-amd64.h | 2329 + .../lib/libgcrypt-grub/cipher/camellia-glue.c | 1794 + .../libgcrypt-grub/cipher/camellia-simd128.h | 2233 + .../lib/libgcrypt-grub/cipher/camellia.c | 1412 + .../lib/libgcrypt-grub/cipher/camellia.h | 109 + grub-core/lib/libgcrypt-grub/cipher/cast5.c | 1148 + .../libgcrypt-grub/cipher/cipher-internal.h | 977 + grub-core/lib/libgcrypt-grub/cipher/cipher.h | 2 + grub-core/lib/libgcrypt-grub/cipher/crc.c | 979 + .../lib/libgcrypt-grub/cipher/crypto.lst | 70 + grub-core/lib/libgcrypt-grub/cipher/des.c | 1165 + .../lib/libgcrypt-grub/cipher/dsa-common.c | 230 + grub-core/lib/libgcrypt-grub/cipher/dsa.c | 416 + .../lib/libgcrypt-grub/cipher/ecc-common.h | 145 + grub-core/lib/libgcrypt-grub/cipher/g10lib.h | 1 + grub-core/lib/libgcrypt-grub/cipher/gost-sb.h | 2130 + grub-core/lib/libgcrypt-grub/cipher/gost.h | 36 + .../lib/libgcrypt-grub/cipher/gost28147.c | 571 + .../lib/libgcrypt-grub/cipher/gostr3411-94.c | 402 + .../lib/libgcrypt-grub/cipher/hash-common.c | 123 + .../lib/libgcrypt-grub/cipher/hash-common.h | 64 + grub-core/lib/libgcrypt-grub/cipher/idea.c | 326 + grub-core/lib/libgcrypt-grub/cipher/init.c | 127 + .../lib/libgcrypt-grub/cipher/kdf-internal.h | 41 + grub-core/lib/libgcrypt-grub/cipher/keccak.c | 1673 + .../libgcrypt-grub/cipher/keccak_permute_32.h | 538 + .../libgcrypt-grub/cipher/keccak_permute_64.h | 387 + grub-core/lib/libgcrypt-grub/cipher/kem-ecc.h | 42 + grub-core/lib/libgcrypt-grub/cipher/kyber.h | 132 + .../lib/libgcrypt-grub/cipher/mac-internal.h | 291 + .../libgcrypt-grub/cipher/mceliece6688128f.h | 63 + grub-core/lib/libgcrypt-grub/cipher/md.c | 932 + grub-core/lib/libgcrypt-grub/cipher/md4.c | 310 + grub-core/lib/libgcrypt-grub/cipher/md5.c | 336 + grub-core/lib/libgcrypt-grub/cipher/memory.h | 1 + .../libgcrypt-grub/cipher/poly1305-internal.h | 90 + .../libgcrypt-grub/cipher/pubkey-internal.h | 109 + .../lib/libgcrypt-grub/cipher/pubkey-util.c | 1363 + grub-core/lib/libgcrypt-grub/cipher/rfc2268.c | 324 + .../libgcrypt-grub/cipher/rijndael-internal.h | 218 + .../cipher/rijndael-ppc-common.h | 329 + .../cipher/rijndael-ppc-functions.h | 2546 + .../libgcrypt-grub/cipher/rijndael-tables.h | 222 + .../lib/libgcrypt-grub/cipher/rijndael.c | 1670 + grub-core/lib/libgcrypt-grub/cipher/rmd160.c | 519 + .../lib/libgcrypt-grub/cipher/rsa-common.c | 1153 + grub-core/lib/libgcrypt-grub/cipher/rsa.c | 589 + grub-core/lib/libgcrypt-grub/cipher/salsa20.c | 560 + grub-core/lib/libgcrypt-grub/cipher/seed.c | 459 + grub-core/lib/libgcrypt-grub/cipher/serpent.c | 1964 + grub-core/lib/libgcrypt-grub/cipher/sha1.c | 694 + grub-core/lib/libgcrypt-grub/cipher/sha1.h | 49 + grub-core/lib/libgcrypt-grub/cipher/sha256.c | 718 + grub-core/lib/libgcrypt-grub/cipher/sha512.c | 1107 + grub-core/lib/libgcrypt-grub/cipher/sm3.c | 490 + grub-core/lib/libgcrypt-grub/cipher/sm4.c | 2029 + .../lib/libgcrypt-grub/cipher/sntrup761.h | 73 + grub-core/lib/libgcrypt-grub/cipher/stribog.c | 1381 + grub-core/lib/libgcrypt-grub/cipher/tiger.c | 884 + grub-core/lib/libgcrypt-grub/cipher/twofish.c | 1806 + grub-core/lib/libgcrypt-grub/cipher/types.h | 2 + .../lib/libgcrypt-grub/cipher/whirlpool.c | 1549 + .../libgcrypt-grub/mpi/asm-common-aarch64.h | 28 + .../lib/libgcrypt-grub/mpi/asm-common-amd64.h | 28 + .../lib/libgcrypt-grub/mpi/asm-common-i386.h | 28 + grub-core/lib/libgcrypt-grub/mpi/ec-inline.h | 1238 + .../lib/libgcrypt-grub/mpi/ec-internal.h | 51 + .../lib/libgcrypt-grub/mpi/generic/distfiles | 10 + .../libgcrypt-grub/mpi/generic/mpi-asm-defs.h | 8 + .../libgcrypt-grub/mpi/generic/mpih-add1.c | 65 + .../libgcrypt-grub/mpi/generic/mpih-lshift.c | 68 + .../libgcrypt-grub/mpi/generic/mpih-mul1.c | 62 + .../libgcrypt-grub/mpi/generic/mpih-mul2.c | 68 + .../libgcrypt-grub/mpi/generic/mpih-mul3.c | 68 + .../libgcrypt-grub/mpi/generic/mpih-rshift.c | 67 + .../libgcrypt-grub/mpi/generic/mpih-sub1.c | 66 + .../libgcrypt-grub/mpi/generic/udiv-w-sdiv.c | 133 + grub-core/lib/libgcrypt-grub/mpi/longlong.h | 1812 + grub-core/lib/libgcrypt-grub/mpi/mpi-add.c | 263 + .../lib/libgcrypt-grub/mpi/mpi-asm-defs.h | 8 + grub-core/lib/libgcrypt-grub/mpi/mpi-bit.c | 377 + grub-core/lib/libgcrypt-grub/mpi/mpi-cmp.c | 132 + grub-core/lib/libgcrypt-grub/mpi/mpi-div.c | 362 + grub-core/lib/libgcrypt-grub/mpi/mpi-gcd.c | 54 + grub-core/lib/libgcrypt-grub/mpi/mpi-inline.c | 37 + grub-core/lib/libgcrypt-grub/mpi/mpi-inline.h | 163 + .../lib/libgcrypt-grub/mpi/mpi-internal.h | 329 + grub-core/lib/libgcrypt-grub/mpi/mpi-inv.c | 567 + grub-core/lib/libgcrypt-grub/mpi/mpi-mod.c | 190 + grub-core/lib/libgcrypt-grub/mpi/mpi-mpow.c | 225 + grub-core/lib/libgcrypt-grub/mpi/mpi-mul.c | 225 + grub-core/lib/libgcrypt-grub/mpi/mpi-pow.c | 774 + grub-core/lib/libgcrypt-grub/mpi/mpi-scan.c | 132 + grub-core/lib/libgcrypt-grub/mpi/mpicoder.c | 1056 + grub-core/lib/libgcrypt-grub/mpi/mpih-add1.c | 65 + .../lib/libgcrypt-grub/mpi/mpih-const-time.c | 243 + grub-core/lib/libgcrypt-grub/mpi/mpih-div.c | 534 + .../lib/libgcrypt-grub/mpi/mpih-lshift.c | 68 + grub-core/lib/libgcrypt-grub/mpi/mpih-mul.c | 531 + grub-core/lib/libgcrypt-grub/mpi/mpih-mul1.c | 62 + grub-core/lib/libgcrypt-grub/mpi/mpih-mul2.c | 68 + grub-core/lib/libgcrypt-grub/mpi/mpih-mul3.c | 68 + .../lib/libgcrypt-grub/mpi/mpih-rshift.c | 67 + grub-core/lib/libgcrypt-grub/mpi/mpih-sub1.c | 66 + grub-core/lib/libgcrypt-grub/mpi/mpiutil.c | 765 + .../lib/libgcrypt-grub/src/cipher-proto.h | 2 + grub-core/lib/libgcrypt-grub/src/cipher.h | 231 + grub-core/lib/libgcrypt-grub/src/const-time.c | 88 + grub-core/lib/libgcrypt-grub/src/const-time.h | 167 + grub-core/lib/libgcrypt-grub/src/context.h | 33 + grub-core/lib/libgcrypt-grub/src/ec-context.h | 107 + grub-core/lib/libgcrypt-grub/src/g10lib.h | 501 + grub-core/lib/libgcrypt-grub/src/gcrypt-int.h | 544 + .../lib/libgcrypt-grub/src/gcrypt-testapi.h | 70 + grub-core/lib/libgcrypt-grub/src/hmac256.h | 36 + grub-core/lib/libgcrypt-grub/src/hwf-common.h | 28 + grub-core/lib/libgcrypt-grub/src/mpi.h | 325 + grub-core/lib/libgcrypt-grub/src/secmem.h | 42 + grub-core/lib/libgcrypt-grub/src/sexp.c | 2736 + grub-core/lib/libgcrypt-grub/src/stdmem.h | 29 + grub-core/lib/libgcrypt-grub/src/types.h | 136 + grub-core/lib/libgcrypt-grub/src/visibility.h | 1 + grub-core/lib/libgcrypt/AUTHORS | 274 + grub-core/lib/libgcrypt/COPYING | 339 + grub-core/lib/libgcrypt/COPYING.LIB | 502 + grub-core/lib/libgcrypt/LICENSES | 319 + grub-core/lib/libgcrypt/README | 278 + grub-core/lib/libgcrypt/README.GIT | 49 + grub-core/lib/libgcrypt/THANKS | 168 + grub-core/lib/libgcrypt/VERSION | 1 + grub-core/lib/libgcrypt/cipher/ChangeLog-2011 | 4279 ++ grub-core/lib/libgcrypt/cipher/Makefile.am | 335 + .../lib/libgcrypt/cipher/arcfour-amd64.S | 108 + grub-core/lib/libgcrypt/cipher/arcfour.c | 216 + .../libgcrypt/cipher/aria-aesni-avx-amd64.S | 1440 + .../libgcrypt/cipher/aria-aesni-avx2-amd64.S | 1830 + .../libgcrypt/cipher/aria-gfni-avx512-amd64.S | 1010 + grub-core/lib/libgcrypt/cipher/aria.c | 1768 + .../lib/libgcrypt/cipher/asm-common-aarch64.h | 132 + .../lib/libgcrypt/cipher/asm-common-amd64.h | 213 + .../lib/libgcrypt/cipher/asm-common-i386.h | 161 + .../lib/libgcrypt/cipher/asm-common-s390x.h | 90 + .../lib/libgcrypt/cipher/asm-inline-s390x.h | 205 + .../libgcrypt/cipher/asm-poly1305-aarch64.h | 245 + .../lib/libgcrypt/cipher/asm-poly1305-amd64.h | 171 + .../lib/libgcrypt/cipher/asm-poly1305-s390x.h | 140 + grub-core/lib/libgcrypt/cipher/bithelp.h | 123 + grub-core/lib/libgcrypt/cipher/blake2.c | 1086 + .../lib/libgcrypt/cipher/blake2b-amd64-avx2.S | 301 + .../libgcrypt/cipher/blake2b-amd64-avx512.S | 429 + .../lib/libgcrypt/cipher/blake2s-amd64-avx.S | 281 + .../libgcrypt/cipher/blake2s-amd64-avx512.S | 397 + .../lib/libgcrypt/cipher/blowfish-amd64.S | 601 + grub-core/lib/libgcrypt/cipher/blowfish-arm.S | 743 + grub-core/lib/libgcrypt/cipher/blowfish.c | 1089 + grub-core/lib/libgcrypt/cipher/bufhelp.h | 372 + grub-core/lib/libgcrypt/cipher/bulkhelp.h | 493 + .../libgcrypt/cipher/camellia-aarch64-ce.c | 42 + .../lib/libgcrypt/cipher/camellia-aarch64.S | 585 + .../cipher/camellia-aesni-avx-amd64.S | 2802 + .../cipher/camellia-aesni-avx2-amd64.S | 34 + .../cipher/camellia-aesni-avx2-amd64.h | 2327 + grub-core/lib/libgcrypt/cipher/camellia-arm.S | 626 + .../cipher/camellia-gfni-avx2-amd64.S | 34 + .../cipher/camellia-gfni-avx512-amd64.S | 1634 + .../lib/libgcrypt/cipher/camellia-glue.c | 1843 + .../lib/libgcrypt/cipher/camellia-ppc8le.c | 47 + .../lib/libgcrypt/cipher/camellia-ppc9le.c | 47 + .../lib/libgcrypt/cipher/camellia-simd128.h | 2235 + .../cipher/camellia-vaes-avx2-amd64.S | 35 + grub-core/lib/libgcrypt/cipher/camellia.c | 1413 + grub-core/lib/libgcrypt/cipher/camellia.h | 97 + grub-core/lib/libgcrypt/cipher/cast5-amd64.S | 663 + grub-core/lib/libgcrypt/cipher/cast5-arm.S | 728 + grub-core/lib/libgcrypt/cipher/cast5.c | 1185 + .../lib/libgcrypt/cipher/chacha20-aarch64.S | 650 + .../libgcrypt/cipher/chacha20-amd64-avx2.S | 604 + .../libgcrypt/cipher/chacha20-amd64-avx512.S | 736 + .../libgcrypt/cipher/chacha20-amd64-ssse3.S | 1015 + .../libgcrypt/cipher/chacha20-armv7-neon.S | 393 + .../lib/libgcrypt/cipher/chacha20-p10le-8x.s | 864 + grub-core/lib/libgcrypt/cipher/chacha20-ppc.c | 750 + .../lib/libgcrypt/cipher/chacha20-s390x.S | 1566 + grub-core/lib/libgcrypt/cipher/chacha20.c | 1450 + .../lib/libgcrypt/cipher/cipher-aeswrap.c | 380 + grub-core/lib/libgcrypt/cipher/cipher-cbc.c | 292 + grub-core/lib/libgcrypt/cipher/cipher-ccm.c | 419 + grub-core/lib/libgcrypt/cipher/cipher-cfb.c | 317 + grub-core/lib/libgcrypt/cipher/cipher-cmac.c | 292 + grub-core/lib/libgcrypt/cipher/cipher-ctr.c | 131 + grub-core/lib/libgcrypt/cipher/cipher-eax.c | 293 + .../libgcrypt/cipher/cipher-gcm-armv7-neon.S | 341 + .../cipher/cipher-gcm-armv8-aarch32-ce.S | 588 + .../cipher/cipher-gcm-armv8-aarch64-ce.S | 633 + .../cipher/cipher-gcm-intel-pclmul.c | 2025 + .../lib/libgcrypt/cipher/cipher-gcm-ppc.c | 548 + .../lib/libgcrypt/cipher/cipher-gcm-siv.c | 664 + grub-core/lib/libgcrypt/cipher/cipher-gcm.c | 1260 + .../lib/libgcrypt/cipher/cipher-internal.h | 975 + grub-core/lib/libgcrypt/cipher/cipher-ocb.c | 763 + grub-core/lib/libgcrypt/cipher/cipher-ofb.c | 108 + .../lib/libgcrypt/cipher/cipher-poly1305.c | 383 + grub-core/lib/libgcrypt/cipher/cipher-siv.c | 375 + grub-core/lib/libgcrypt/cipher/cipher-xts.c | 189 + grub-core/lib/libgcrypt/cipher/cipher.c | 2035 + .../libgcrypt/cipher/crc-armv8-aarch64-ce.S | 500 + grub-core/lib/libgcrypt/cipher/crc-armv8-ce.c | 229 + .../lib/libgcrypt/cipher/crc-intel-pclmul.c | 939 + grub-core/lib/libgcrypt/cipher/crc-ppc.c | 656 + grub-core/lib/libgcrypt/cipher/crc.c | 955 + grub-core/lib/libgcrypt/cipher/des-amd64.S | 1116 + grub-core/lib/libgcrypt/cipher/des.c | 1435 + grub-core/lib/libgcrypt/cipher/dsa-common.c | 473 + grub-core/lib/libgcrypt/cipher/dsa.c | 1456 + grub-core/lib/libgcrypt/cipher/ecc-common.h | 143 + grub-core/lib/libgcrypt/cipher/ecc-curves.c | 1587 + grub-core/lib/libgcrypt/cipher/ecc-ecdh.c | 357 + grub-core/lib/libgcrypt/cipher/ecc-ecdsa.c | 305 + grub-core/lib/libgcrypt/cipher/ecc-eddsa.c | 1079 + grub-core/lib/libgcrypt/cipher/ecc-gost.c | 218 + grub-core/lib/libgcrypt/cipher/ecc-misc.c | 469 + grub-core/lib/libgcrypt/cipher/ecc-sm2.c | 569 + grub-core/lib/libgcrypt/cipher/ecc.c | 2381 + grub-core/lib/libgcrypt/cipher/elgamal.c | 1164 + grub-core/lib/libgcrypt/cipher/gost-s-box.c | 266 + grub-core/lib/libgcrypt/cipher/gost-sb.h | 2128 + grub-core/lib/libgcrypt/cipher/gost.h | 34 + grub-core/lib/libgcrypt/cipher/gost28147.c | 553 + grub-core/lib/libgcrypt/cipher/gostr3411-94.c | 383 + grub-core/lib/libgcrypt/cipher/hash-common.c | 191 + grub-core/lib/libgcrypt/cipher/hash-common.h | 62 + grub-core/lib/libgcrypt/cipher/idea.c | 384 + grub-core/lib/libgcrypt/cipher/kdf-internal.h | 39 + grub-core/lib/libgcrypt/cipher/kdf.c | 2395 + .../libgcrypt/cipher/keccak-amd64-avx512.S | 587 + .../lib/libgcrypt/cipher/keccak-armv7-neon.S | 945 + grub-core/lib/libgcrypt/cipher/keccak.c | 1904 + .../lib/libgcrypt/cipher/keccak_permute_32.h | 536 + .../lib/libgcrypt/cipher/keccak_permute_64.h | 385 + grub-core/lib/libgcrypt/cipher/kem-ecc.c | 332 + grub-core/lib/libgcrypt/cipher/kem-ecc.h | 40 + grub-core/lib/libgcrypt/cipher/kem.c | 435 + grub-core/lib/libgcrypt/cipher/kyber-common.c | 766 + grub-core/lib/libgcrypt/cipher/kyber-kdep.c | 825 + grub-core/lib/libgcrypt/cipher/kyber.c | 530 + grub-core/lib/libgcrypt/cipher/kyber.h | 130 + grub-core/lib/libgcrypt/cipher/mac-cmac.c | 532 + grub-core/lib/libgcrypt/cipher/mac-gmac.c | 203 + grub-core/lib/libgcrypt/cipher/mac-hmac.c | 1471 + grub-core/lib/libgcrypt/cipher/mac-internal.h | 290 + grub-core/lib/libgcrypt/cipher/mac-poly1305.c | 382 + grub-core/lib/libgcrypt/cipher/mac.c | 834 + .../lib/libgcrypt/cipher/mceliece6688128f.c | 3673 ++ .../lib/libgcrypt/cipher/mceliece6688128f.h | 63 + grub-core/lib/libgcrypt/cipher/md.c | 1699 + grub-core/lib/libgcrypt/cipher/md4.c | 296 + grub-core/lib/libgcrypt/cipher/md5.c | 322 + .../libgcrypt/cipher/poly1305-amd64-avx512.S | 1626 + .../lib/libgcrypt/cipher/poly1305-internal.h | 92 + .../lib/libgcrypt/cipher/poly1305-p10le.s | 841 + .../lib/libgcrypt/cipher/poly1305-s390x.S | 87 + grub-core/lib/libgcrypt/cipher/poly1305.c | 846 + grub-core/lib/libgcrypt/cipher/primegen.c | 1880 + .../lib/libgcrypt/cipher/pubkey-internal.h | 107 + grub-core/lib/libgcrypt/cipher/pubkey-util.c | 1363 + grub-core/lib/libgcrypt/cipher/pubkey.c | 1259 + grub-core/lib/libgcrypt/cipher/rfc2268.c | 381 + .../lib/libgcrypt/cipher/rijndael-aarch64.S | 512 + .../lib/libgcrypt/cipher/rijndael-aesni.c | 5033 ++ .../lib/libgcrypt/cipher/rijndael-amd64.S | 477 + grub-core/lib/libgcrypt/cipher/rijndael-arm.S | 581 + .../cipher/rijndael-armv8-aarch32-ce.S | 2134 + .../cipher/rijndael-armv8-aarch64-ce.S | 2038 + .../lib/libgcrypt/cipher/rijndael-armv8-ce.c | 396 + .../lib/libgcrypt/cipher/rijndael-gcm-p10le.s | 1401 + .../lib/libgcrypt/cipher/rijndael-internal.h | 216 + .../lib/libgcrypt/cipher/rijndael-p10le.c | 119 + .../lib/libgcrypt/cipher/rijndael-padlock.c | 109 + .../libgcrypt/cipher/rijndael-ppc-common.h | 328 + .../libgcrypt/cipher/rijndael-ppc-functions.h | 2544 + grub-core/lib/libgcrypt/cipher/rijndael-ppc.c | 230 + .../lib/libgcrypt/cipher/rijndael-ppc9le.c | 119 + .../lib/libgcrypt/cipher/rijndael-s390x.c | 1166 + .../cipher/rijndael-ssse3-amd64-asm.S | 879 + .../libgcrypt/cipher/rijndael-ssse3-amd64.c | 742 + .../lib/libgcrypt/cipher/rijndael-tables.h | 220 + .../cipher/rijndael-vaes-avx2-amd64.S | 3688 ++ .../cipher/rijndael-vaes-avx2-i386.S | 2804 + .../lib/libgcrypt/cipher/rijndael-vaes-i386.c | 231 + .../lib/libgcrypt/cipher/rijndael-vaes.c | 240 + grub-core/lib/libgcrypt/cipher/rijndael.c | 2036 + grub-core/lib/libgcrypt/cipher/rmd160.c | 520 + grub-core/lib/libgcrypt/cipher/rsa-common.c | 1151 + grub-core/lib/libgcrypt/cipher/rsa.c | 2246 + .../lib/libgcrypt/cipher/salsa20-amd64.S | 940 + .../lib/libgcrypt/cipher/salsa20-armv7-neon.S | 899 + grub-core/lib/libgcrypt/cipher/salsa20.c | 600 + grub-core/lib/libgcrypt/cipher/scrypt.c | 322 + grub-core/lib/libgcrypt/cipher/seed.c | 478 + .../lib/libgcrypt/cipher/serpent-armv7-neon.S | 1180 + .../lib/libgcrypt/cipher/serpent-avx2-amd64.S | 1214 + .../lib/libgcrypt/cipher/serpent-avx512-x86.c | 994 + .../lib/libgcrypt/cipher/serpent-sse2-amd64.S | 1276 + grub-core/lib/libgcrypt/cipher/serpent.c | 2020 + .../lib/libgcrypt/cipher/sha1-armv7-neon.S | 526 + .../libgcrypt/cipher/sha1-armv8-aarch32-ce.S | 220 + .../libgcrypt/cipher/sha1-armv8-aarch64-ce.S | 204 + .../lib/libgcrypt/cipher/sha1-avx-amd64.S | 433 + .../libgcrypt/cipher/sha1-avx-bmi2-amd64.S | 446 + .../libgcrypt/cipher/sha1-avx2-bmi2-amd64.S | 578 + .../lib/libgcrypt/cipher/sha1-intel-shaext.c | 292 + .../lib/libgcrypt/cipher/sha1-ssse3-amd64.S | 442 + grub-core/lib/libgcrypt/cipher/sha1.c | 768 + grub-core/lib/libgcrypt/cipher/sha1.h | 47 + .../cipher/sha256-armv8-aarch32-ce.S | 231 + .../cipher/sha256-armv8-aarch64-ce.S | 218 + .../lib/libgcrypt/cipher/sha256-avx-amd64.S | 511 + .../libgcrypt/cipher/sha256-avx2-bmi2-amd64.S | 533 + .../libgcrypt/cipher/sha256-intel-shaext.c | 363 + grub-core/lib/libgcrypt/cipher/sha256-ppc.c | 610 + .../lib/libgcrypt/cipher/sha256-ssse3-amd64.S | 533 + grub-core/lib/libgcrypt/cipher/sha256.c | 841 + grub-core/lib/libgcrypt/cipher/sha512-arm.S | 464 + .../lib/libgcrypt/cipher/sha512-armv7-neon.S | 452 + .../cipher/sha512-armv8-aarch64-ce.S | 383 + .../lib/libgcrypt/cipher/sha512-avx-amd64.S | 466 + .../libgcrypt/cipher/sha512-avx2-bmi2-amd64.S | 507 + .../libgcrypt/cipher/sha512-avx512-amd64.S | 465 + grub-core/lib/libgcrypt/cipher/sha512-ppc.c | 725 + .../lib/libgcrypt/cipher/sha512-ssse3-amd64.S | 472 + .../lib/libgcrypt/cipher/sha512-ssse3-i386.c | 404 + grub-core/lib/libgcrypt/cipher/sha512.c | 1365 + grub-core/lib/libgcrypt/cipher/sm3-aarch64.S | 660 + .../libgcrypt/cipher/sm3-armv8-aarch64-ce.S | 221 + .../lib/libgcrypt/cipher/sm3-avx-bmi2-amd64.S | 555 + grub-core/lib/libgcrypt/cipher/sm3.c | 565 + grub-core/lib/libgcrypt/cipher/sm4-aarch64.S | 644 + .../libgcrypt/cipher/sm4-aesni-avx-amd64.S | 1058 + .../libgcrypt/cipher/sm4-aesni-avx2-amd64.S | 973 + .../libgcrypt/cipher/sm4-armv8-aarch64-ce.S | 731 + .../cipher/sm4-armv9-aarch64-sve-ce.S | 967 + .../libgcrypt/cipher/sm4-gfni-avx2-amd64.S | 1260 + .../libgcrypt/cipher/sm4-gfni-avx512-amd64.S | 1861 + grub-core/lib/libgcrypt/cipher/sm4-ppc.c | 342 + grub-core/lib/libgcrypt/cipher/sm4.c | 2070 + grub-core/lib/libgcrypt/cipher/sntrup761.c | 1062 + grub-core/lib/libgcrypt/cipher/sntrup761.h | 73 + grub-core/lib/libgcrypt/cipher/stribog.c | 1362 + grub-core/lib/libgcrypt/cipher/tiger.c | 860 + .../lib/libgcrypt/cipher/twofish-aarch64.S | 322 + .../lib/libgcrypt/cipher/twofish-amd64.S | 1258 + grub-core/lib/libgcrypt/cipher/twofish-arm.S | 363 + .../lib/libgcrypt/cipher/twofish-avx2-amd64.S | 1136 + grub-core/lib/libgcrypt/cipher/twofish.c | 1850 + .../libgcrypt/cipher/whirlpool-sse2-amd64.S | 348 + grub-core/lib/libgcrypt/cipher/whirlpool.c | 1535 + grub-core/lib/libgcrypt/compat/Makefile.am | 48 + grub-core/lib/libgcrypt/compat/clock.c | 36 + grub-core/lib/libgcrypt/compat/compat.c | 40 + grub-core/lib/libgcrypt/compat/getpid.c | 29 + grub-core/lib/libgcrypt/compat/libcompat.h | 37 + grub-core/lib/libgcrypt/config.h.in | 873 + grub-core/lib/libgcrypt/configure | 25763 ++++++++ grub-core/lib/libgcrypt/configure.ac | 3883 ++ grub-core/lib/libgcrypt/mkinstalldirs | 161 + grub-core/lib/libgcrypt/mpi/ChangeLog-2011 | 831 + grub-core/lib/libgcrypt/mpi/Makefile.am | 183 + grub-core/lib/libgcrypt/mpi/aarch64/distfiles | 6 + .../lib/libgcrypt/mpi/aarch64/mpi-asm-defs.h | 4 + .../lib/libgcrypt/mpi/aarch64/mpih-add1.S | 75 + .../lib/libgcrypt/mpi/aarch64/mpih-mul1.S | 100 + .../lib/libgcrypt/mpi/aarch64/mpih-mul2.S | 112 + .../lib/libgcrypt/mpi/aarch64/mpih-mul3.S | 125 + .../lib/libgcrypt/mpi/aarch64/mpih-sub1.S | 75 + grub-core/lib/libgcrypt/mpi/alpha/README | 53 + grub-core/lib/libgcrypt/mpi/alpha/distfiles | 11 + grub-core/lib/libgcrypt/mpi/alpha/mpih-add1.S | 124 + .../lib/libgcrypt/mpi/alpha/mpih-lshift.S | 122 + grub-core/lib/libgcrypt/mpi/alpha/mpih-mul1.S | 90 + grub-core/lib/libgcrypt/mpi/alpha/mpih-mul2.S | 97 + grub-core/lib/libgcrypt/mpi/alpha/mpih-mul3.S | 95 + .../lib/libgcrypt/mpi/alpha/mpih-rshift.S | 118 + grub-core/lib/libgcrypt/mpi/alpha/mpih-sub1.S | 124 + .../lib/libgcrypt/mpi/alpha/udiv-qrnnd.S | 159 + grub-core/lib/libgcrypt/mpi/amd64/distfiles | 9 + grub-core/lib/libgcrypt/mpi/amd64/func_abi.h | 34 + .../lib/libgcrypt/mpi/amd64/mpi-asm-defs.h | 4 + grub-core/lib/libgcrypt/mpi/amd64/mpih-add1.S | 119 + .../lib/libgcrypt/mpi/amd64/mpih-lshift.S | 79 + grub-core/lib/libgcrypt/mpi/amd64/mpih-mul1.S | 66 + grub-core/lib/libgcrypt/mpi/amd64/mpih-mul2.S | 66 + grub-core/lib/libgcrypt/mpi/amd64/mpih-mul3.S | 67 + .../lib/libgcrypt/mpi/amd64/mpih-rshift.S | 82 + grub-core/lib/libgcrypt/mpi/amd64/mpih-sub1.S | 119 + grub-core/lib/libgcrypt/mpi/arm/distfiles | 6 + .../lib/libgcrypt/mpi/arm/mpi-asm-defs.h | 4 + grub-core/lib/libgcrypt/mpi/arm/mpih-add1.S | 76 + grub-core/lib/libgcrypt/mpi/arm/mpih-mul1.S | 80 + grub-core/lib/libgcrypt/mpi/arm/mpih-mul2.S | 94 + grub-core/lib/libgcrypt/mpi/arm/mpih-mul3.S | 100 + grub-core/lib/libgcrypt/mpi/arm/mpih-sub1.S | 77 + .../lib/libgcrypt/mpi/asm-common-aarch64.h | 26 + .../lib/libgcrypt/mpi/asm-common-amd64.h | 26 + grub-core/lib/libgcrypt/mpi/asm-common-i386.h | 26 + grub-core/lib/libgcrypt/mpi/config.links | 436 + grub-core/lib/libgcrypt/mpi/ec-ed25519.c | 37 + grub-core/lib/libgcrypt/mpi/ec-hw-s390x.c | 412 + grub-core/lib/libgcrypt/mpi/ec-inline.h | 1236 + grub-core/lib/libgcrypt/mpi/ec-internal.h | 49 + grub-core/lib/libgcrypt/mpi/ec-nist.c | 826 + grub-core/lib/libgcrypt/mpi/ec.c | 2170 + grub-core/lib/libgcrypt/mpi/generic/distfiles | 10 + .../lib/libgcrypt/mpi/generic/mpi-asm-defs.h | 8 + .../lib/libgcrypt/mpi/generic/mpih-add1.c | 65 + .../lib/libgcrypt/mpi/generic/mpih-lshift.c | 68 + .../lib/libgcrypt/mpi/generic/mpih-mul1.c | 62 + .../lib/libgcrypt/mpi/generic/mpih-mul2.c | 68 + .../lib/libgcrypt/mpi/generic/mpih-mul3.c | 68 + .../lib/libgcrypt/mpi/generic/mpih-rshift.c | 67 + .../lib/libgcrypt/mpi/generic/mpih-sub1.c | 66 + .../lib/libgcrypt/mpi/generic/udiv-w-sdiv.c | 133 + grub-core/lib/libgcrypt/mpi/hppa/README | 84 + grub-core/lib/libgcrypt/mpi/hppa/distfiles | 7 + grub-core/lib/libgcrypt/mpi/hppa/mpih-add1.S | 70 + .../lib/libgcrypt/mpi/hppa/mpih-lshift.S | 77 + .../lib/libgcrypt/mpi/hppa/mpih-rshift.S | 73 + grub-core/lib/libgcrypt/mpi/hppa/mpih-sub1.S | 78 + grub-core/lib/libgcrypt/mpi/hppa/udiv-qrnnd.S | 297 + grub-core/lib/libgcrypt/mpi/i386/distfiles | 9 + grub-core/lib/libgcrypt/mpi/i386/mpih-add1.S | 161 + .../lib/libgcrypt/mpi/i386/mpih-lshift.S | 102 + grub-core/lib/libgcrypt/mpi/i386/mpih-mul1.S | 94 + grub-core/lib/libgcrypt/mpi/i386/mpih-mul2.S | 96 + grub-core/lib/libgcrypt/mpi/i386/mpih-mul3.S | 96 + .../lib/libgcrypt/mpi/i386/mpih-rshift.S | 105 + grub-core/lib/libgcrypt/mpi/i386/mpih-sub1.S | 162 + grub-core/lib/libgcrypt/mpi/i386/syntax.h | 78 + grub-core/lib/libgcrypt/mpi/longlong.h | 1810 + grub-core/lib/libgcrypt/mpi/m68k/distfiles | 8 + .../lib/libgcrypt/mpi/m68k/mc68020/distfiles | 3 + .../libgcrypt/mpi/m68k/mc68020/mpih-mul1.S | 104 + .../libgcrypt/mpi/m68k/mc68020/mpih-mul2.S | 94 + .../libgcrypt/mpi/m68k/mc68020/mpih-mul3.S | 97 + grub-core/lib/libgcrypt/mpi/m68k/mpih-add1.S | 92 + .../lib/libgcrypt/mpi/m68k/mpih-lshift.S | 164 + .../lib/libgcrypt/mpi/m68k/mpih-rshift.S | 162 + grub-core/lib/libgcrypt/mpi/m68k/mpih-sub1.S | 91 + grub-core/lib/libgcrypt/mpi/m68k/syntax.h | 185 + grub-core/lib/libgcrypt/mpi/mips3/README | 23 + grub-core/lib/libgcrypt/mpi/mips3/distfiles | 10 + .../lib/libgcrypt/mpi/mips3/mpi-asm-defs.h | 10 + grub-core/lib/libgcrypt/mpi/mips3/mpih-add1.S | 124 + .../lib/libgcrypt/mpi/mips3/mpih-lshift.S | 97 + grub-core/lib/libgcrypt/mpi/mips3/mpih-mul1.S | 89 + grub-core/lib/libgcrypt/mpi/mips3/mpih-mul2.S | 101 + grub-core/lib/libgcrypt/mpi/mips3/mpih-mul3.S | 101 + .../lib/libgcrypt/mpi/mips3/mpih-rshift.S | 95 + grub-core/lib/libgcrypt/mpi/mips3/mpih-sub1.S | 125 + grub-core/lib/libgcrypt/mpi/mpi-add.c | 261 + grub-core/lib/libgcrypt/mpi/mpi-bit.c | 375 + grub-core/lib/libgcrypt/mpi/mpi-cmp.c | 130 + grub-core/lib/libgcrypt/mpi/mpi-div.c | 360 + grub-core/lib/libgcrypt/mpi/mpi-gcd.c | 52 + grub-core/lib/libgcrypt/mpi/mpi-inline.c | 35 + grub-core/lib/libgcrypt/mpi/mpi-inline.h | 161 + grub-core/lib/libgcrypt/mpi/mpi-internal.h | 327 + grub-core/lib/libgcrypt/mpi/mpi-inv.c | 565 + grub-core/lib/libgcrypt/mpi/mpi-mod.c | 188 + grub-core/lib/libgcrypt/mpi/mpi-mpow.c | 223 + grub-core/lib/libgcrypt/mpi/mpi-mul.c | 223 + grub-core/lib/libgcrypt/mpi/mpi-pow.c | 772 + grub-core/lib/libgcrypt/mpi/mpi-scan.c | 130 + grub-core/lib/libgcrypt/mpi/mpicoder.c | 1054 + grub-core/lib/libgcrypt/mpi/mpih-const-time.c | 241 + grub-core/lib/libgcrypt/mpi/mpih-div.c | 532 + grub-core/lib/libgcrypt/mpi/mpih-mul.c | 529 + grub-core/lib/libgcrypt/mpi/mpiutil.c | 792 + grub-core/lib/libgcrypt/mpi/pa7100/distfiles | 3 + .../lib/libgcrypt/mpi/pa7100/mpih-lshift.S | 96 + .../lib/libgcrypt/mpi/pa7100/mpih-rshift.S | 92 + grub-core/lib/libgcrypt/mpi/power/distfiles | 7 + grub-core/lib/libgcrypt/mpi/power/mpih-add1.S | 87 + .../lib/libgcrypt/mpi/power/mpih-lshift.S | 64 + grub-core/lib/libgcrypt/mpi/power/mpih-mul1.S | 115 + grub-core/lib/libgcrypt/mpi/power/mpih-mul2.S | 130 + grub-core/lib/libgcrypt/mpi/power/mpih-mul3.S | 135 + .../lib/libgcrypt/mpi/power/mpih-rshift.S | 64 + grub-core/lib/libgcrypt/mpi/power/mpih-sub1.S | 88 + .../lib/libgcrypt/mpi/powerpc32/distfiles | 9 + .../lib/libgcrypt/mpi/powerpc32/mpih-add1.S | 137 + .../lib/libgcrypt/mpi/powerpc32/mpih-lshift.S | 198 + .../lib/libgcrypt/mpi/powerpc32/mpih-mul1.S | 120 + .../lib/libgcrypt/mpi/powerpc32/mpih-mul2.S | 127 + .../lib/libgcrypt/mpi/powerpc32/mpih-mul3.S | 131 + .../lib/libgcrypt/mpi/powerpc32/mpih-rshift.S | 131 + .../lib/libgcrypt/mpi/powerpc32/mpih-sub1.S | 134 + .../lib/libgcrypt/mpi/powerpc32/syntax.h | 76 + .../lib/libgcrypt/mpi/powerpc64/distfiles | 0 grub-core/lib/libgcrypt/mpi/sparc32/distfiles | 5 + .../lib/libgcrypt/mpi/sparc32/mpih-add1.S | 239 + .../lib/libgcrypt/mpi/sparc32/mpih-lshift.S | 97 + .../lib/libgcrypt/mpi/sparc32/mpih-rshift.S | 93 + grub-core/lib/libgcrypt/mpi/sparc32/udiv.S | 195 + .../lib/libgcrypt/mpi/sparc32v8/distfiles | 4 + .../lib/libgcrypt/mpi/sparc32v8/mpih-mul1.S | 109 + .../lib/libgcrypt/mpi/sparc32v8/mpih-mul2.S | 132 + .../lib/libgcrypt/mpi/sparc32v8/mpih-mul3.S | 67 + .../lib/libgcrypt/mpi/supersparc/distfiles | 2 + grub-core/lib/libgcrypt/mpi/supersparc/udiv.S | 118 + grub-core/lib/libgcrypt/src/ChangeLog-2011 | 2398 + grub-core/lib/libgcrypt/src/Makefile.am | 166 + grub-core/lib/libgcrypt/src/cipher-proto.h | 274 + grub-core/lib/libgcrypt/src/cipher.h | 231 + grub-core/lib/libgcrypt/src/const-time.c | 88 + grub-core/lib/libgcrypt/src/const-time.h | 167 + grub-core/lib/libgcrypt/src/context.c | 154 + grub-core/lib/libgcrypt/src/context.h | 33 + grub-core/lib/libgcrypt/src/dumpsexp.c | 769 + grub-core/lib/libgcrypt/src/ec-context.h | 107 + grub-core/lib/libgcrypt/src/fips.c | 1174 + grub-core/lib/libgcrypt/src/g10lib.h | 498 + grub-core/lib/libgcrypt/src/gcrypt-int.h | 544 + grub-core/lib/libgcrypt/src/gcrypt-testapi.h | 70 + grub-core/lib/libgcrypt/src/gcrypt.h.in | 2092 + .../lib/libgcrypt/src/gen-note-integrity.sh | 123 + grub-core/lib/libgcrypt/src/global.c | 1422 + grub-core/lib/libgcrypt/src/hmac256.c | 810 + grub-core/lib/libgcrypt/src/hmac256.h | 36 + grub-core/lib/libgcrypt/src/hwf-arm.c | 564 + grub-core/lib/libgcrypt/src/hwf-common.h | 28 + grub-core/lib/libgcrypt/src/hwf-ppc.c | 247 + grub-core/lib/libgcrypt/src/hwf-s390x.c | 231 + grub-core/lib/libgcrypt/src/hwf-x86.c | 512 + grub-core/lib/libgcrypt/src/hwfeatures.c | 250 + .../lib/libgcrypt/src/libgcrypt-config.in | 201 + grub-core/lib/libgcrypt/src/libgcrypt.def | 310 + grub-core/lib/libgcrypt/src/libgcrypt.m4 | 254 + grub-core/lib/libgcrypt/src/libgcrypt.pc.in | 18 + grub-core/lib/libgcrypt/src/libgcrypt.vers | 138 + grub-core/lib/libgcrypt/src/misc.c | 612 + grub-core/lib/libgcrypt/src/missing-string.c | 54 + grub-core/lib/libgcrypt/src/mpi.h | 325 + grub-core/lib/libgcrypt/src/mpicalc.c | 627 + grub-core/lib/libgcrypt/src/secmem.c | 901 + grub-core/lib/libgcrypt/src/secmem.h | 42 + grub-core/lib/libgcrypt/src/sexp.c | 2723 + grub-core/lib/libgcrypt/src/stdmem.c | 135 + grub-core/lib/libgcrypt/src/stdmem.h | 29 + grub-core/lib/libgcrypt/src/types.h | 136 + grub-core/lib/libgcrypt/src/versioninfo.rc.in | 51 + grub-core/lib/libgcrypt/src/visibility.c | 1766 + grub-core/lib/libgcrypt/src/visibility.h | 549 + grub-core/lib/libgcrypt_wrap/cipher_wrap.h | 94 + grub-core/lib/libgcrypt_wrap/mem.c | 213 + grub-core/lib/libtasn1-grub/lib/coding.c | 1433 + grub-core/lib/libtasn1-grub/lib/decoding.c | 2503 + grub-core/lib/libtasn1-grub/lib/element.c | 1109 + grub-core/lib/libtasn1-grub/lib/element.h | 42 + grub-core/lib/libtasn1-grub/lib/errors.c | 103 + grub-core/lib/libtasn1-grub/lib/gstr.c | 74 + grub-core/lib/libtasn1-grub/lib/gstr.h | 50 + grub-core/lib/libtasn1-grub/lib/int.h | 220 + grub-core/lib/libtasn1-grub/lib/parser_aux.c | 1178 + grub-core/lib/libtasn1-grub/lib/parser_aux.h | 172 + grub-core/lib/libtasn1-grub/lib/structure.c | 1227 + grub-core/lib/libtasn1-grub/lib/structure.h | 46 + grub-core/lib/libtasn1-grub/libtasn1.h | 657 + grub-core/lib/libtasn1/lib/element.h | 42 + grub-core/lib/libtasn1/lib/gstr.h | 50 + grub-core/lib/libtasn1/lib/int.h | 221 + grub-core/lib/libtasn1/lib/parser_aux.h | 172 + grub-core/lib/libtasn1/lib/structure.h | 46 + grub-core/lib/libtasn1/libtasn1.h | 643 + .../tests/CVE-2018-1000654-1_asn1_tab.h | 32 + .../tests/CVE-2018-1000654-2_asn1_tab.h | 36 + grub-core/lib/libtasn1_wrap/wrap.c | 27 + grub-core/lib/loongarch64/setjmp.S | 69 + grub-core/lib/minilzo/lzoconf.h | 453 + grub-core/lib/minilzo/lzodefs.h | 3268 + grub-core/lib/minilzo/minilzo.c | 6365 ++ grub-core/lib/minilzo/minilzo.h | 106 + grub-core/lib/mips/arc/reboot.c | 35 + grub-core/lib/mips/loongson/reboot.c | 64 + grub-core/lib/mips/qemu_mips/reboot.c | 27 + grub-core/lib/mips/relocator.c | 147 + grub-core/lib/mips/relocator_asm.S | 61 + grub-core/lib/mips/setjmp.S | 71 + grub-core/lib/pbkdf2.c | 109 + grub-core/lib/posix_wrap/assert.h | 33 + grub-core/lib/posix_wrap/c-ctype.h | 114 + grub-core/lib/posix_wrap/ctype.h | 108 + grub-core/lib/posix_wrap/errno.h | 33 + grub-core/lib/posix_wrap/inttypes.h | 1 + grub-core/lib/posix_wrap/langinfo.h | 38 + grub-core/lib/posix_wrap/limits.h | 46 + grub-core/lib/posix_wrap/localcharset.h | 28 + grub-core/lib/posix_wrap/locale.h | 3 + grub-core/lib/posix_wrap/stdint.h | 1 + grub-core/lib/posix_wrap/stdio.h | 43 + grub-core/lib/posix_wrap/stdlib.h | 75 + grub-core/lib/posix_wrap/string.h | 113 + grub-core/lib/posix_wrap/sys/types.h | 69 + grub-core/lib/posix_wrap/unistd.h | 1 + grub-core/lib/posix_wrap/wchar.h | 119 + grub-core/lib/posix_wrap/wctype.h | 110 + grub-core/lib/powerpc/relocator.c | 140 + grub-core/lib/powerpc/relocator_asm.S | 60 + grub-core/lib/powerpc/setjmp.S | 89 + grub-core/lib/priority_queue.c | 163 + grub-core/lib/progress.c | 148 + grub-core/lib/random.c | 120 + grub-core/lib/reed_solomon.c | 502 + grub-core/lib/relocator.c | 1665 + grub-core/lib/riscv/setjmp.S | 84 + grub-core/lib/setjmp.S | 28 + grub-core/lib/sparc64/setjmp.S | 54 + grub-core/lib/syslinux_parse.c | 1555 + grub-core/lib/tss2/buffer.c | 147 + grub-core/lib/tss2/tcg2.h | 35 + grub-core/lib/tss2/tcg2_emu.c | 49 + grub-core/lib/tss2/tpm2_cmd.c | 1248 + grub-core/lib/tss2/tpm2_cmd.h | 189 + grub-core/lib/tss2/tss2.c | 21 + grub-core/lib/tss2/tss2_buffer.h | 64 + grub-core/lib/tss2/tss2_mu.c | 1213 + grub-core/lib/tss2/tss2_mu.h | 409 + grub-core/lib/tss2/tss2_structs.h | 833 + grub-core/lib/tss2/tss2_types.h | 410 + grub-core/lib/uboot/reboot.c | 31 + grub-core/lib/x86_64/efi/relocator.c | 79 + grub-core/lib/x86_64/relocator_asm.S | 85 + grub-core/lib/x86_64/setjmp.S | 68 + grub-core/lib/x86_64/xen/relocator.S | 133 + grub-core/lib/xen/datetime.c | 40 + grub-core/lib/xen/halt.c | 32 + grub-core/lib/xen/reboot.c | 32 + grub-core/lib/xen/relocator.c | 137 + grub-core/lib/xzembed/xz.h | 185 + grub-core/lib/xzembed/xz_config.h | 152 + grub-core/lib/xzembed/xz_dec_bcj.c | 578 + grub-core/lib/xzembed/xz_dec_lzma2.c | 1188 + grub-core/lib/xzembed/xz_dec_stream.c | 1042 + grub-core/lib/xzembed/xz_lzma2.h | 236 + grub-core/lib/xzembed/xz_private.h | 96 + grub-core/lib/xzembed/xz_stream.h | 53 + grub-core/lib/zstd/bitstream.h | 458 + grub-core/lib/zstd/compiler.h | 133 + grub-core/lib/zstd/cpu.h | 215 + grub-core/lib/zstd/debug.c | 44 + grub-core/lib/zstd/debug.h | 123 + grub-core/lib/zstd/entropy_common.c | 236 + grub-core/lib/zstd/error_private.c | 48 + grub-core/lib/zstd/error_private.h | 76 + grub-core/lib/zstd/fse.h | 708 + grub-core/lib/zstd/fse_decompress.c | 309 + grub-core/lib/zstd/huf.h | 334 + grub-core/lib/zstd/huf_decompress.c | 1096 + grub-core/lib/zstd/mem.h | 374 + grub-core/lib/zstd/module.c | 21 + grub-core/lib/zstd/xxhash.c | 876 + grub-core/lib/zstd/xxhash.h | 305 + grub-core/lib/zstd/zstd.h | 1516 + grub-core/lib/zstd/zstd_common.c | 81 + grub-core/lib/zstd/zstd_decompress.c | 3108 + grub-core/lib/zstd/zstd_errors.h | 92 + grub-core/lib/zstd/zstd_internal.h | 257 + grub-core/loader/aout.c | 62 + grub-core/loader/arm/linux.c | 510 + grub-core/loader/arm64/xen_boot.c | 515 + grub-core/loader/efi/appleloader.c | 242 + grub-core/loader/efi/chainloader.c | 442 + grub-core/loader/efi/fdt.c | 228 + grub-core/loader/efi/linux.c | 604 + grub-core/loader/emu/linux.c | 182 + grub-core/loader/i386/bsd.c | 2195 + grub-core/loader/i386/bsd32.c | 6 + grub-core/loader/i386/bsd64.c | 6 + grub-core/loader/i386/bsdXX.c | 711 + grub-core/loader/i386/bsd_pagetable.c | 92 + grub-core/loader/i386/coreboot/chainloader.c | 517 + grub-core/loader/i386/linux.c | 1175 + grub-core/loader/i386/multiboot_mbi.c | 759 + grub-core/loader/i386/pc/chainloader.c | 310 + grub-core/loader/i386/pc/freedos.c | 190 + grub-core/loader/i386/pc/linux.c | 494 + grub-core/loader/i386/pc/ntldr.c | 162 + grub-core/loader/i386/pc/plan9.c | 607 + grub-core/loader/i386/pc/pxechainloader.c | 168 + grub-core/loader/i386/pc/truecrypt.c | 233 + grub-core/loader/i386/xen.c | 984 + grub-core/loader/i386/xen_file.c | 117 + grub-core/loader/i386/xen_file32.c | 7 + grub-core/loader/i386/xen_file64.c | 7 + grub-core/loader/i386/xen_fileXX.c | 395 + grub-core/loader/i386/xnu.c | 1161 + grub-core/loader/ia64/efi/linux.c | 608 + grub-core/loader/linux.c | 348 + grub-core/loader/lzss.c | 56 + grub-core/loader/macho.c | 205 + grub-core/loader/macho32.c | 22 + grub-core/loader/macho64.c | 22 + grub-core/loader/machoXX.c | 384 + grub-core/loader/mips/linux.c | 508 + grub-core/loader/multiboot.c | 463 + grub-core/loader/multiboot_elfxx.c | 344 + grub-core/loader/multiboot_mbi2.c | 1128 + grub-core/loader/powerpc/ieee1275/linux.c | 416 + grub-core/loader/sparc64/ieee1275/linux.c | 521 + grub-core/loader/xnu.c | 1556 + grub-core/loader/xnu_resume.c | 188 + grub-core/mmap/efi/mmap.c | 318 + grub-core/mmap/i386/mmap.c | 113 + grub-core/mmap/i386/pc/mmap.c | 211 + grub-core/mmap/i386/pc/mmap_helper.S | 163 + grub-core/mmap/i386/uppermem.c | 98 + grub-core/mmap/mips/uppermem.c | 72 + grub-core/mmap/mmap.c | 554 + grub-core/modinfo.sh.in | 40 + grub-core/net/arp.c | 191 + grub-core/net/bootp.c | 940 + grub-core/net/dns.c | 786 + grub-core/net/drivers/efi/efinet.c | 459 + grub-core/net/drivers/emu/emunet.c | 116 + grub-core/net/drivers/i386/pc/pxe.c | 419 + grub-core/net/drivers/ieee1275/ofnet.c | 567 + grub-core/net/drivers/uboot/ubootnet.c | 161 + grub-core/net/ethernet.c | 172 + grub-core/net/http.c | 575 + grub-core/net/icmp.c | 112 + grub-core/net/icmp6.c | 679 + grub-core/net/ip.c | 747 + grub-core/net/net.c | 2158 + grub-core/net/netbuff.c | 146 + grub-core/net/tcp.c | 1025 + grub-core/net/tftp.c | 494 + grub-core/net/udp.c | 211 + grub-core/normal/auth.c | 311 + grub-core/normal/autofs.c | 148 + grub-core/normal/charset.c | 1317 + grub-core/normal/cmdline.c | 696 + grub-core/normal/color.c | 145 + grub-core/normal/completion.c | 526 + grub-core/normal/context.c | 214 + grub-core/normal/crypto.c | 163 + grub-core/normal/dyncmd.c | 210 + grub-core/normal/main.c | 595 + grub-core/normal/menu.c | 924 + grub-core/normal/menu_entry.c | 1464 + grub-core/normal/menu_text.c | 605 + grub-core/normal/misc.c | 194 + grub-core/normal/term.c | 1098 + grub-core/osdep/apple/getroot.c | 109 + grub-core/osdep/apple/hostdisk.c | 93 + grub-core/osdep/aros/config.c | 94 + grub-core/osdep/aros/getroot.c | 228 + grub-core/osdep/aros/hostdisk.c | 615 + grub-core/osdep/aros/relpath.c | 75 + grub-core/osdep/basic/compress.c | 21 + grub-core/osdep/basic/emunet.c | 50 + grub-core/osdep/basic/getroot.c | 82 + grub-core/osdep/basic/hostdisk.c | 58 + grub-core/osdep/basic/init.c | 38 + grub-core/osdep/basic/no_platform.c | 46 + grub-core/osdep/basic/ofpath.c | 29 + grub-core/osdep/basic/platform.c | 32 + grub-core/osdep/basic/random.c | 43 + grub-core/osdep/blocklist.c | 7 + grub-core/osdep/bsd/getroot.c | 204 + grub-core/osdep/bsd/hostdisk.c | 132 + grub-core/osdep/compress.c | 5 + grub-core/osdep/config.c | 7 + grub-core/osdep/cputime.c | 5 + grub-core/osdep/devmapper/getroot.c | 450 + grub-core/osdep/devmapper/hostdisk.c | 225 + grub-core/osdep/dl.c | 5 + grub-core/osdep/emuconsole.c | 5 + grub-core/osdep/emunet.c | 5 + grub-core/osdep/exec.c | 3 + grub-core/osdep/freebsd/getroot.c | 364 + grub-core/osdep/freebsd/hostdisk.c | 126 + grub-core/osdep/generic/blocklist.c | 156 + grub-core/osdep/getroot.c | 22 + grub-core/osdep/haiku/getroot.c | 105 + grub-core/osdep/haiku/hostdisk.c | 69 + grub-core/osdep/hostdisk.c | 22 + grub-core/osdep/hurd/getroot.c | 269 + grub-core/osdep/hurd/hostdisk.c | 161 + grub-core/osdep/init.c | 5 + grub-core/osdep/linux/blocklist.c | 136 + grub-core/osdep/linux/emunet.c | 74 + grub-core/osdep/linux/getroot.c | 1171 + grub-core/osdep/linux/hostdisk.c | 424 + grub-core/osdep/linux/ofpath.c | 769 + grub-core/osdep/linux/platform.c | 156 + grub-core/osdep/ofpath.c | 5 + grub-core/osdep/password.c | 5 + grub-core/osdep/platform.c | 9 + grub-core/osdep/platform_unix.c | 3 + grub-core/osdep/random.c | 10 + grub-core/osdep/relpath.c | 7 + grub-core/osdep/sleep.c | 5 + grub-core/osdep/sun/getroot.c | 126 + grub-core/osdep/sun/hostdisk.c | 71 + grub-core/osdep/unix/compress.c | 41 + grub-core/osdep/unix/config.c | 139 + grub-core/osdep/unix/cputime.c | 22 + grub-core/osdep/unix/dl.c | 61 + grub-core/osdep/unix/emuconsole.c | 184 + grub-core/osdep/unix/exec.c | 245 + grub-core/osdep/unix/getroot.c | 782 + grub-core/osdep/unix/hostdisk.c | 325 + grub-core/osdep/unix/password.c | 75 + grub-core/osdep/unix/platform.c | 241 + grub-core/osdep/unix/random.c | 48 + grub-core/osdep/unix/relpath.c | 151 + grub-core/osdep/unix/sleep.c | 30 + grub-core/osdep/windows/blocklist.c | 118 + grub-core/osdep/windows/config.c | 57 + grub-core/osdep/windows/cputime.c | 19 + grub-core/osdep/windows/dl.c | 59 + grub-core/osdep/windows/emuconsole.c | 308 + grub-core/osdep/windows/getroot.c | 355 + grub-core/osdep/windows/hostdisk.c | 687 + grub-core/osdep/windows/init.c | 190 + grub-core/osdep/windows/password.c | 51 + grub-core/osdep/windows/platform.c | 436 + grub-core/osdep/windows/random.c | 55 + grub-core/osdep/windows/relpath.c | 96 + grub-core/osdep/windows/sleep.c | 31 + grub-core/partmap/acorn.c | 154 + grub-core/partmap/amiga.c | 183 + grub-core/partmap/apple.c | 199 + grub-core/partmap/bsdlabel.c | 271 + grub-core/partmap/dfly.c | 132 + grub-core/partmap/dvh.c | 127 + grub-core/partmap/gpt.c | 241 + grub-core/partmap/msdos.c | 435 + grub-core/partmap/plan.c | 120 + grub-core/partmap/sun.c | 154 + grub-core/partmap/sunpc.c | 151 + grub-core/parttool/msdospart.c | 161 + grub-core/script/argv.c | 165 + grub-core/script/execute.c | 1212 + grub-core/script/function.c | 123 + grub-core/script/lexer.c | 356 + grub-core/script/main.c | 98 + grub-core/script/parser.y | 356 + grub-core/script/script.c | 396 + grub-core/script/yylex.l | 393 + grub-core/term/arc/console.c | 209 + grub-core/term/arc/serial.c | 151 + grub-core/term/arm/cros.c | 125 + grub-core/term/arm/cros_ec.c | 238 + grub-core/term/arm/pl050.c | 189 + grub-core/term/at_keyboard.c | 342 + grub-core/term/efi/console.c | 492 + grub-core/term/efi/serial.c | 195 + grub-core/term/gfxterm.c | 1160 + grub-core/term/gfxterm_background.c | 190 + grub-core/term/i386/coreboot/cbmemc.c | 147 + grub-core/term/i386/pc/console.c | 309 + grub-core/term/i386/pc/mda_text.c | 13 + grub-core/term/i386/pc/vga_text.c | 289 + grub-core/term/ieee1275/console.c | 262 + grub-core/term/ieee1275/escc.c | 319 + grub-core/term/ieee1275/serial.c | 289 + grub-core/term/morse.c | 133 + grub-core/term/ns8250-spcr.c | 96 + grub-core/term/ns8250.c | 446 + grub-core/term/pci/serial.c | 91 + grub-core/term/ps2.c | 387 + grub-core/term/serial.c | 527 + grub-core/term/spkmodem.c | 141 + grub-core/term/terminfo.c | 796 + grub-core/term/tparm.c | 767 + grub-core/term/uboot/console.c | 132 + grub-core/term/usb_keyboard.c | 471 + grub-core/term/xen/console.c | 122 + grub-core/tests/asn1/asn1_test.c | 50 + grub-core/tests/asn1/asn1_test.h | 45 + .../asn1/tests/CVE-2018-1000654-1_asn1_tab.h | 32 + .../asn1/tests/CVE-2018-1000654-2_asn1_tab.h | 36 + grub-core/tests/asn1/tests/CVE-2018-1000654.c | 61 + grub-core/tests/asn1/tests/Test_overflow.c | 130 + grub-core/tests/asn1/tests/Test_simple.c | 221 + grub-core/tests/asn1/tests/Test_strings.c | 143 + .../tests/asn1/tests/object-id-decoding.c | 113 + .../tests/asn1/tests/object-id-encoding.c | 125 + grub-core/tests/asn1/tests/octet-string.c | 218 + grub-core/tests/asn1/tests/reproducers.c | 78 + grub-core/tests/boot/kbsd.init-i386.S | 107 + grub-core/tests/boot/kbsd.init-x86_64.S | 94 + grub-core/tests/boot/kbsd.spec.txt | 3 + grub-core/tests/boot/kernel-8086.S | 50 + grub-core/tests/boot/kernel-i386.S | 72 + grub-core/tests/boot/kfreebsd-aout.cfg | 4 + grub-core/tests/boot/kfreebsd.cfg | 8 + grub-core/tests/boot/kfreebsd.init-i386.S | 109 + grub-core/tests/boot/kfreebsd.init-x86_64.S | 90 + grub-core/tests/boot/knetbsd.cfg | 5 + grub-core/tests/boot/kopenbsd.cfg | 5 + grub-core/tests/boot/kopenbsdlabel.txt | 3 + grub-core/tests/boot/linux-ppc.cfg | 5 + grub-core/tests/boot/linux.cfg | 5 + grub-core/tests/boot/linux.init-i386.S | 61 + grub-core/tests/boot/linux.init-mips.S | 61 + grub-core/tests/boot/linux.init-ppc.S | 61 + grub-core/tests/boot/linux.init-x86_64.S | 60 + grub-core/tests/boot/linux16.cfg | 5 + grub-core/tests/boot/multiboot.cfg | 4 + grub-core/tests/boot/multiboot2.cfg | 4 + grub-core/tests/boot/ntldr.cfg | 4 + grub-core/tests/boot/pc-chainloader.cfg | 4 + grub-core/tests/boot/qemu-shutdown-x86.S | 17 + grub-core/tests/bswap_test.c | 121 + grub-core/tests/checksums.h | 129 + grub-core/tests/cmp_test.c | 190 + grub-core/tests/ctz_test.c | 111 + grub-core/tests/div_test.c | 189 + grub-core/tests/dsa_sexp_test.c | 127 + grub-core/tests/example_functional_test.c | 38 + grub-core/tests/fake_input.c | 75 + grub-core/tests/legacy_password_test.c | 68 + grub-core/tests/lib/functional_test.c | 106 + grub-core/tests/lib/test.c | 239 + grub-core/tests/mul_test.c | 73 + grub-core/tests/pbkdf2_test.c | 97 + grub-core/tests/rsa_sexp_test.c | 101 + grub-core/tests/setjmp_test.c | 80 + grub-core/tests/shift_test.c | 157 + grub-core/tests/signature_test.c | 170 + grub-core/tests/signatures.h | 211 + grub-core/tests/sleep_test.c | 51 + grub-core/tests/strtoull_test.c | 63 + grub-core/tests/test_blockarg.c | 55 + grub-core/tests/video_checksum.c | 813 + grub-core/tests/videotest_checksum.c | 80 + grub-core/tests/xnu_uuid_test.c | 58 + grub-core/unidata.c | 1538 + grub-core/video/bitmap.c | 238 + grub-core/video/bitmap_scale.c | 515 + grub-core/video/bochs.c | 439 + grub-core/video/capture.c | 140 + grub-core/video/cirrus.c | 520 + grub-core/video/colors.c | 333 + grub-core/video/coreboot/cbfb.c | 190 + grub-core/video/efi_gop.c | 625 + grub-core/video/efi_uga.c | 369 + grub-core/video/emu/sdl.c | 320 + grub-core/video/fb/fbblit.c | 2227 + grub-core/video/fb/fbfill.c | 212 + grub-core/video/fb/fbutil.c | 151 + grub-core/video/fb/video_fb.c | 1709 + grub-core/video/i386/pc/vbe.c | 1250 + grub-core/video/i386/pc/vga.c | 404 + grub-core/video/ieee1275.c | 369 + grub-core/video/radeon_fuloong2e.c | 239 + grub-core/video/radeon_yeeloong3a.c | 237 + grub-core/video/readers/jpeg.c | 961 + grub-core/video/readers/png.c | 1152 + grub-core/video/readers/tga.c | 518 + grub-core/video/sis315_init.c | 158 + grub-core/video/sis315pro.c | 459 + grub-core/video/sm712.c | 818 + grub-core/video/sm712_init.c | 14 + grub-core/video/video.c | 763 + include/grub/acorn_filecore.h | 53 + include/grub/acpi.h | 303 + include/grub/aout.h | 129 + include/grub/arc/arc.h | 284 + include/grub/arc/console.h | 31 + include/grub/archelp.h | 63 + include/grub/arm/coreboot/console.h | 29 + include/grub/arm/coreboot/kernel.h | 44 + include/grub/arm/cros_ec.h | 21 + include/grub/arm/efi/memory.h | 6 + include/grub/arm/linux.h | 52 + include/grub/arm/reloc.h | 51 + include/grub/arm/setjmp.h | 27 + include/grub/arm/startup.h | 16 + include/grub/arm/system.h | 19 + include/grub/arm/time.h | 29 + include/grub/arm/types.h | 34 + include/grub/arm/uboot/kernel.h | 32 + include/grub/arm64/efi/memory.h | 6 + include/grub/arm64/reloc.h | 41 + include/grub/arm64/setjmp.h | 27 + include/grub/arm64/time.h | 29 + include/grub/arm64/types.h | 34 + include/grub/at_keyboard.h | 40 + include/grub/ata.h | 225 + include/grub/auth.h | 38 + include/grub/autoefi.h | 64 + include/grub/backtrace.h | 26 + include/grub/bitmap.h | 107 + include/grub/bitmap_scale.h | 85 + include/grub/boottime.h | 0 include/grub/bsdlabel.h | 106 + include/grub/btrfs.h | 71 + include/grub/buffer.h | 144 + include/grub/bufio.h | 30 + include/grub/cache.h | 56 + include/grub/cbfs_core.h | 178 + include/grub/charset.h | 324 + include/grub/cmos.h | 128 + include/grub/color.h | 30 + include/grub/command.h | 134 + include/grub/compiler-rt-emu.h | 265 + include/grub/compiler-rt.h | 213 + include/grub/compiler.h | 59 + include/grub/coreboot/lbio.h | 114 + include/grub/crypto.h | 607 + include/grub/cryptodisk.h | 210 + include/grub/cs5536.h | 198 + include/grub/datetime.h | 133 + include/grub/decompressor.h | 34 + include/grub/deflate.h | 30 + include/grub/device.h | 43 + include/grub/disk.h | 317 + include/grub/diskfilter.h | 218 + include/grub/dl.h | 331 + include/grub/dma.h | 44 + include/grub/efi/api.h | 1848 + include/grub/efi/cc.h | 151 + include/grub/efi/console.h | 31 + include/grub/efi/console_control.h | 59 + include/grub/efi/debug.h | 41 + include/grub/efi/disk.h | 33 + include/grub/efi/edid.h | 54 + include/grub/efi/efi.h | 196 + include/grub/efi/fdtload.h | 32 + include/grub/efi/graphics_output.h | 115 + include/grub/efi/memory.h | 38 + include/grub/efi/pci.h | 319 + include/grub/efi/pe32.h | 354 + include/grub/efi/sb.h | 50 + include/grub/efi/tpm.h | 195 + include/grub/efi/uga_draw.h | 76 + include/grub/efiemu/efiemu.h | 286 + include/grub/efiemu/runtime.h | 37 + include/grub/elf.h | 2640 + include/grub/elfload.h | 82 + include/grub/emu/config.h | 48 + include/grub/emu/console.h | 28 + include/grub/emu/exec.h | 44 + include/grub/emu/getroot.h | 104 + include/grub/emu/hostdisk.h | 98 + include/grub/emu/hostfile.h | 69 + include/grub/emu/misc.h | 83 + include/grub/emu/net.h | 37 + include/grub/env.h | 73 + include/grub/env_private.h | 46 + include/grub/err.h | 101 + include/grub/exfat.h | 53 + include/grub/extcmd.h | 86 + include/grub/fat.h | 77 + include/grub/fbblit.h | 36 + include/grub/fbfill.h | 59 + include/grub/fbutil.h | 64 + include/grub/fdt.h | 147 + include/grub/fdtbus.h | 89 + include/grub/file.h | 246 + include/grub/fileid.h | 29 + include/grub/font.h | 153 + include/grub/fontformat.h | 38 + include/grub/fs.h | 135 + include/grub/fshelp.h | 91 + include/grub/gcry/types.h | 37 + include/grub/gcrypt/g10lib.h | 501 + include/grub/gcrypt/gcrypt.h | 2628 + include/grub/gcrypt/gpg-error.h | 41 + include/grub/gdb.h | 39 + include/grub/gfxmenu_model.h | 1 + include/grub/gfxmenu_view.h | 124 + include/grub/gfxterm.h | 51 + include/grub/gfxwidgets.h | 50 + include/grub/gpt_partition.h | 78 + include/grub/gui.h | 282 + include/grub/gui_string_util.h | 33 + include/grub/hfs.h | 72 + include/grub/hfsplus.h | 259 + include/grub/i18n.h | 68 + include/grub/i386/at_keyboard.h | 25 + include/grub/i386/bsd.h | 128 + include/grub/i386/cmos.h | 30 + include/grub/i386/coreboot/boot.h | 1 + include/grub/i386/coreboot/console.h | 32 + include/grub/i386/coreboot/kernel.h | 0 include/grub/i386/coreboot/memory.h | 54 + include/grub/i386/coreboot/serial.h | 24 + include/grub/i386/coreboot/time.h | 1 + include/grub/i386/cpuid.h | 85 + include/grub/i386/efi/kernel.h | 0 include/grub/i386/efi/memory.h | 6 + include/grub/i386/efi/serial.h | 1 + include/grub/i386/efiemu.h | 33 + include/grub/i386/floppy.h | 36 + include/grub/i386/freebsd_linker.h | 74 + include/grub/i386/freebsd_reboot.h | 77 + include/grub/i386/gdb.h | 78 + include/grub/i386/ieee1275/ieee1275.h | 1 + include/grub/i386/ieee1275/kernel.h | 0 include/grub/i386/ieee1275/memory.h | 1 + include/grub/i386/ieee1275/serial.h | 1 + include/grub/i386/io.h | 72 + include/grub/i386/linux.h | 507 + include/grub/i386/macho.h | 32 + include/grub/i386/memory.h | 81 + include/grub/i386/memory_raw.h | 58 + include/grub/i386/msr.h | 74 + include/grub/i386/multiboot.h | 58 + include/grub/i386/multiboot/boot.h | 1 + include/grub/i386/multiboot/console.h | 1 + include/grub/i386/multiboot/kernel.h | 1 + include/grub/i386/multiboot/memory.h | 1 + include/grub/i386/multiboot/serial.h | 1 + include/grub/i386/multiboot/time.h | 1 + include/grub/i386/netbsd_bootinfo.h | 156 + include/grub/i386/netbsd_reboot.h | 81 + include/grub/i386/openbsd_bootarg.h | 93 + include/grub/i386/openbsd_reboot.h | 79 + include/grub/i386/pc/apm.h | 48 + include/grub/i386/pc/biosdisk.h | 109 + include/grub/i386/pc/biosnum.h | 6 + include/grub/i386/pc/boot.h | 73 + include/grub/i386/pc/chainloader.h | 27 + include/grub/i386/pc/console.h | 36 + include/grub/i386/pc/int.h | 33 + include/grub/i386/pc/int_types.h | 59 + include/grub/i386/pc/kernel.h | 41 + include/grub/i386/pc/memory.h | 63 + include/grub/i386/pc/pxe.h | 292 + include/grub/i386/pc/time.h | 24 + include/grub/i386/pc/vbe.h | 232 + include/grub/i386/pc/vesa_modes_table.h | 19 + include/grub/i386/pci.h | 105 + include/grub/i386/pit.h | 103 + include/grub/i386/pmtimer.h | 37 + include/grub/i386/qemu/boot.h | 25 + include/grub/i386/qemu/console.h | 1 + include/grub/i386/qemu/kernel.h | 35 + include/grub/i386/qemu/memory.h | 1 + include/grub/i386/qemu/serial.h | 1 + include/grub/i386/qemu/time.h | 1 + include/grub/i386/reboot.h | 28 + include/grub/i386/relocator.h | 100 + include/grub/i386/relocator_private.h | 1 + include/grub/i386/setjmp.h | 29 + include/grub/i386/time.h | 29 + include/grub/i386/tsc.h | 75 + include/grub/i386/types.h | 33 + include/grub/i386/xen/hypercall.h | 88 + include/grub/i386/xen/kernel.h | 0 include/grub/i386/xen/memory.h | 0 include/grub/i386/xen_pvh/boot.h | 1 + include/grub/i386/xen_pvh/console.h | 1 + include/grub/i386/xen_pvh/int.h | 1 + include/grub/i386/xen_pvh/kernel.h | 30 + include/grub/i386/xen_pvh/memory.h | 1 + include/grub/i386/xen_pvh/time.h | 1 + include/grub/i386/xnu.h | 149 + include/grub/ia64/efi/memory.h | 6 + include/grub/ia64/efi/time.h | 23 + include/grub/ia64/kernel.h | 25 + include/grub/ia64/reloc.h | 44 + include/grub/ia64/setjmp.h | 28 + include/grub/ia64/time.h | 28 + include/grub/ia64/types.h | 32 + include/grub/icon_manager.h | 41 + include/grub/ieee1275/alloc.h | 39 + include/grub/ieee1275/console.h | 34 + include/grub/ieee1275/ieee1275.h | 264 + include/grub/ieee1275/obdisk.h | 25 + include/grub/ieee1275/ofdisk.h | 25 + include/grub/ieee1275/tpm.h | 30 + include/grub/kernel.h | 133 + include/grub/key_protector.h | 47 + include/grub/keyboard_layouts.h | 150 + include/grub/legacy_parse.h | 32 + include/grub/lib/LzFind.h | 130 + include/grub/lib/LzHash.h | 77 + include/grub/lib/LzmaDec.h | 246 + include/grub/lib/LzmaEnc.h | 95 + include/grub/lib/LzmaTypes.h | 151 + include/grub/lib/arg.h | 79 + include/grub/lib/cmdline.h | 32 + include/grub/lib/crc.h | 25 + include/grub/lib/envblk.h | 56 + include/grub/lib/hexdump.h | 25 + include/grub/libpciaccess.h | 26 + include/grub/linux.h | 24 + include/grub/list.h | 88 + include/grub/loader.h | 84 + include/grub/lockdown.h | 44 + include/grub/loongarch64/efi/memory.h | 24 + include/grub/loongarch64/reloc.h | 113 + include/grub/loongarch64/setjmp.h | 27 + include/grub/loongarch64/time.h | 28 + include/grub/loongarch64/types.h | 34 + include/grub/lvm.h | 90 + include/grub/macho.h | 166 + include/grub/machoload.h | 89 + include/grub/memory.h | 87 + include/grub/menu.h | 106 + include/grub/menu_viewer.h | 48 + include/grub/mips/arc/kernel.h | 2 + include/grub/mips/arc/memory.h | 46 + include/grub/mips/arc/time.h | 0 include/grub/mips/asm.h | 18 + include/grub/mips/at_keyboard.h | 1 + include/grub/mips/cmos.h | 1 + include/grub/mips/io.h | 62 + include/grub/mips/kernel.h | 24 + include/grub/mips/loongson.h | 86 + include/grub/mips/loongson/at_keyboard.h | 27 + include/grub/mips/loongson/cmos.h | 30 + include/grub/mips/loongson/ec.h | 45 + include/grub/mips/loongson/kernel.h | 36 + include/grub/mips/loongson/memory.h | 51 + include/grub/mips/loongson/pci.h | 110 + include/grub/mips/loongson/serial.h | 33 + include/grub/mips/loongson/time.h | 27 + include/grub/mips/memory.h | 60 + include/grub/mips/mips.h | 30 + include/grub/mips/multiboot.h | 31 + include/grub/mips/pci.h | 1 + include/grub/mips/qemu_mips/at_keyboard.h | 25 + include/grub/mips/qemu_mips/cmos.h | 30 + include/grub/mips/qemu_mips/console.h | 25 + include/grub/mips/qemu_mips/kernel.h | 30 + include/grub/mips/qemu_mips/loader.h | 0 include/grub/mips/qemu_mips/memory.h | 50 + include/grub/mips/qemu_mips/serial.h | 24 + include/grub/mips/qemu_mips/time.h | 25 + include/grub/mips/relocator.h | 38 + include/grub/mips/setjmp.h | 27 + include/grub/mips/time.h | 37 + include/grub/mips/types.h | 38 + include/grub/misc.h | 578 + include/grub/mm.h | 135 + include/grub/mm_private.h | 115 + include/grub/module_verifier.h | 20 + include/grub/msdos_partition.h | 127 + include/grub/multiboot.h | 112 + include/grub/multiboot2.h | 104 + include/grub/multiboot_loader.h | 28 + include/grub/net.h | 583 + include/grub/net/arp.h | 32 + include/grub/net/ethernet.h | 41 + include/grub/net/ip.h | 98 + include/grub/net/netbuff.h | 31 + include/grub/net/tcp.h | 85 + include/grub/net/udp.h | 51 + include/grub/normal.h | 177 + include/grub/ns8250.h | 93 + include/grub/ntfs.h | 223 + include/grub/offsets.h | 168 + include/grub/osdep/hostfile.h | 7 + include/grub/osdep/hostfile_aros.h | 119 + include/grub/osdep/hostfile_unix.h | 118 + include/grub/osdep/hostfile_windows.h | 85 + include/grub/osdep/major.h | 33 + include/grub/parser.h | 96 + include/grub/partition.h | 141 + include/grub/parttool.h | 58 + include/grub/pci.h | 157 + include/grub/pciutils.h | 103 + include/grub/powerpc/ieee1275/ieee1275.h | 31 + include/grub/powerpc/kernel.h | 22 + include/grub/powerpc/memory.h | 47 + include/grub/powerpc/relocator.h | 37 + include/grub/powerpc/setjmp.h | 27 + include/grub/powerpc/time.h | 28 + include/grub/powerpc/types.h | 32 + include/grub/priority_queue.h | 44 + include/grub/procfs.h | 51 + include/grub/ps2.h | 43 + include/grub/pubkey.h | 38 + include/grub/random.h | 33 + include/grub/reader.h | 29 + include/grub/reed_solomon.h | 30 + include/grub/relocator.h | 88 + include/grub/relocator_private.h | 113 + include/grub/riscv32/efi/memory.h | 6 + include/grub/riscv32/setjmp.h | 27 + include/grub/riscv32/time.h | 28 + include/grub/riscv32/types.h | 34 + include/grub/riscv64/efi/memory.h | 6 + include/grub/riscv64/setjmp.h | 27 + include/grub/riscv64/time.h | 28 + include/grub/riscv64/types.h | 34 + include/grub/safemath.h | 54 + include/grub/script_sh.h | 410 + include/grub/scsi.h | 111 + include/grub/scsicmd.h | 206 + include/grub/sdl.h | 38 + include/grub/search.h | 40 + include/grub/serial.h | 229 + include/grub/setjmp.h | 42 + include/grub/smbios.h | 69 + include/grub/smbus.h | 70 + include/grub/sparc64/ieee1275/boot.h | 62 + include/grub/sparc64/ieee1275/ieee1275.h | 53 + include/grub/sparc64/ieee1275/kernel.h | 31 + include/grub/sparc64/setjmp.h | 29 + include/grub/sparc64/time.h | 28 + include/grub/sparc64/types.h | 32 + include/grub/speaker.h | 47 + include/grub/stack_protector.h | 46 + include/grub/symbol.h | 72 + include/grub/syslinux_parse.h | 37 + include/grub/term.h | 469 + include/grub/terminfo.h | 87 + include/grub/test.h | 125 + include/grub/time.h | 48 + include/grub/tparm.h | 26 + include/grub/tpm.h | 49 + include/grub/trig.h | 44 + include/grub/types.h | 391 + include/grub/uboot/api_public.h | 181 + include/grub/uboot/console.h | 29 + include/grub/uboot/disk.h | 43 + include/grub/uboot/image.h | 175 + include/grub/uboot/uboot.h | 87 + include/grub/udf.h | 30 + include/grub/unicode.h | 362 + include/grub/usb.h | 333 + include/grub/usbdesc.h | 134 + include/grub/usbserial.h | 39 + include/grub/usbtrans.h | 155 + include/grub/util/install.h | 304 + include/grub/util/libnvpair.h | 44 + include/grub/util/libzfs.h | 47 + include/grub/util/misc.h | 52 + include/grub/util/mkimage.h | 187 + include/grub/util/ofpath.h | 6 + include/grub/util/resolve.h | 36 + include/grub/util/windows.h | 33 + include/grub/verify.h | 88 + include/grub/vga.h | 129 + include/grub/vgaregs.h | 307 + include/grub/video.h | 704 + include/grub/video_fb.h | 151 + include/grub/x86_64/at_keyboard.h | 1 + include/grub/x86_64/cmos.h | 1 + include/grub/x86_64/efi/boot.h | 0 include/grub/x86_64/efi/kernel.h | 0 include/grub/x86_64/efi/loader.h | 26 + include/grub/x86_64/efi/memory.h | 10 + include/grub/x86_64/efi/serial.h | 1 + include/grub/x86_64/io.h | 19 + include/grub/x86_64/linux.h | 19 + include/grub/x86_64/macho.h | 1 + include/grub/x86_64/memory.h | 1 + include/grub/x86_64/multiboot.h | 1 + include/grub/x86_64/pci.h | 19 + include/grub/x86_64/relocator.h | 1 + include/grub/x86_64/setjmp.h | 27 + include/grub/x86_64/time.h | 29 + include/grub/x86_64/types.h | 41 + include/grub/x86_64/xen/hypercall.h | 36 + include/grub/x86_64/xnu.h | 1 + include/grub/xen.h | 105 + include/grub/xen/relocator.h | 46 + include/grub/xen_file.h | 57 + include/grub/xnu.h | 119 + include/grub/zfs/dmu.h | 164 + include/grub/zfs/dmu_objset.h | 43 + include/grub/zfs/dnode.h | 74 + include/grub/zfs/dsl_dataset.h | 52 + include/grub/zfs/dsl_dir.h | 50 + include/grub/zfs/sa_impl.h | 37 + include/grub/zfs/spa.h | 328 + include/grub/zfs/uberblock_impl.h | 60 + include/grub/zfs/vdev_impl.h | 69 + include/grub/zfs/zap_impl.h | 109 + include/grub/zfs/zap_leaf.h | 103 + include/grub/zfs/zfs.h | 158 + include/grub/zfs/zfs_acl.h | 59 + include/grub/zfs/zfs_znode.h | 70 + include/grub/zfs/zil.h | 56 + include/grub/zfs/zio.h | 96 + include/grub/zfs/zio_checksum.h | 33 + include/multiboot.h | 274 + include/multiboot2.h | 416 + include/xen/arch-x86/xen-x86_32.h | 169 + include/xen/arch-x86/xen-x86_64.h | 202 + include/xen/arch-x86/xen.h | 280 + include/xen/elfnote.h | 281 + include/xen/event_channel.h | 381 + include/xen/grant_table.h | 662 + include/xen/hvm/hvm_op.h | 296 + include/xen/hvm/params.h | 284 + include/xen/hvm/start_info.h | 98 + include/xen/io/blkif.h | 608 + include/xen/io/console.h | 51 + include/xen/io/protocols.h | 40 + include/xen/io/ring.h | 312 + include/xen/io/xenbus.h | 80 + include/xen/io/xs_wire.h | 138 + include/xen/memory.h | 665 + include/xen/physdev.h | 387 + include/xen/sched.h | 174 + include/xen/trace.h | 339 + include/xen/xen-compat.h | 44 + include/xen/xen.h | 998 + linguas.sh | 20 + m4/00gnulib.m4 | 85 + m4/__inline.m4 | 22 + m4/absolute-header.m4 | 100 + m4/alloca.m4 | 106 + m4/argp.m4 | 70 + m4/base64.m4 | 15 + m4/btowc.m4 | 105 + m4/builtin-expect.m4 | 49 + m4/calloc.m4 | 83 + m4/chdir-long.m4 | 30 + m4/close.m4 | 35 + m4/codeset.m4 | 24 + m4/ctype_h.m4 | 47 + m4/dirent_h.m4 | 79 + m4/dirfd.m4 | 86 + m4/double-slash-root.m4 | 38 + m4/dup2.m4 | 105 + m4/eealloc.m4 | 31 + m4/errno_h.m4 | 131 + m4/error.m4 | 31 + m4/exponentd.m4 | 116 + m4/extensions.m4 | 227 + m4/extern-inline.m4 | 130 + m4/fchdir.m4 | 66 + m4/fcntl-o.m4 | 140 + m4/fcntl.m4 | 151 + m4/fcntl_h.m4 | 70 + m4/filenamecat.m4 | 16 + m4/flexmember.m4 | 44 + m4/float_h.m4 | 106 + m4/fnmatch.m4 | 153 + m4/fnmatch_h.m4 | 87 + m4/free.m4 | 52 + m4/fstat.m4 | 40 + m4/getcwd.m4 | 166 + m4/getdelim.m4 | 99 + m4/getdtablesize.m4 | 63 + m4/getline.m4 | 109 + m4/getopt.m4 | 381 + m4/getprogname.m4 | 43 + m4/gettext.m4 | 401 + m4/glibc2.m4 | 31 + m4/gnulib-cache.m4 | 85 + m4/gnulib-common.m4 | 1069 + m4/gnulib-comp.m4 | 1295 + m4/gnulib-tool.m4 | 63 + m4/iconv.m4 | 268 + m4/include_next.m4 | 224 + m4/intdiv0.m4 | 87 + m4/intl.m4 | 272 + m4/intldir.m4 | 19 + m4/intlmacosx.m4 | 56 + m4/intmax.m4 | 36 + m4/intmax_t.m4 | 59 + m4/inttypes-pri.m4 | 42 + m4/inttypes.m4 | 180 + m4/inttypes_h.m4 | 29 + m4/isblank.m4 | 17 + m4/langinfo_h.m4 | 137 + m4/largefile.m4 | 180 + m4/lcmessage.m4 | 35 + m4/lib-ld.m4 | 119 + m4/lib-link.m4 | 777 + m4/lib-prefix.m4 | 224 + m4/libunistring-base.m4 | 145 + m4/limits-h.m4 | 41 + m4/localcharset.m4 | 11 + m4/locale-fr.m4 | 253 + m4/locale-ja.m4 | 143 + m4/locale-zh.m4 | 137 + m4/locale_h.m4 | 174 + m4/localeconv.m4 | 22 + m4/lock.m4 | 47 + m4/lstat.m4 | 79 + m4/malloc.m4 | 175 + m4/malloca.m4 | 14 + m4/math_h.m4 | 391 + m4/mbrtowc.m4 | 790 + m4/mbsinit.m4 | 44 + m4/mbsrtowcs.m4 | 141 + m4/mbstate_t.m4 | 34 + m4/mbswidth.m4 | 37 + m4/mbtowc.m4 | 24 + m4/memchr.m4 | 106 + m4/mempcpy.m4 | 26 + m4/memrchr.m4 | 23 + m4/mmap-anon.m4 | 55 + m4/mode_t.m4 | 26 + m4/msvc-inval.m4 | 19 + m4/msvc-nothrow.m4 | 10 + m4/multiarch.m4 | 65 + m4/nl_langinfo.m4 | 77 + m4/nls.m4 | 32 + m4/nocrash.m4 | 131 + m4/off_t.m4 | 18 + m4/open-cloexec.m4 | 21 + m4/open-slash.m4 | 60 + m4/open.m4 | 56 + m4/openat.m4 | 38 + m4/pathmax.m4 | 42 + m4/pipe.m4 | 15 + m4/po.m4 | 453 + m4/printf-posix.m4 | 48 + m4/printf.m4 | 1728 + m4/progtest.m4 | 91 + m4/pthread_rwlock_rdlock.m4 | 185 + m4/rawmemchr.m4 | 20 + m4/realloc.m4 | 63 + m4/reallocarray.m4 | 23 + m4/regex.m4 | 396 + m4/save-cwd.m4 | 11 + m4/setlocale_null.m4 | 98 + m4/size_max.m4 | 75 + m4/sleep.m4 | 66 + m4/ssize_t.m4 | 23 + m4/stat-time.m4 | 83 + m4/stat.m4 | 85 + m4/stdalign.m4 | 56 + m4/stdbool.m4 | 117 + m4/stddef_h.m4 | 97 + m4/stdint.m4 | 531 + m4/stdint_h.m4 | 27 + m4/stdio_h.m4 | 225 + m4/stdlib_h.m4 | 200 + m4/strcase.m4 | 45 + m4/strchrnul.m4 | 50 + m4/strdup.m4 | 32 + m4/strerror.m4 | 102 + m4/string_h.m4 | 145 + m4/strings_h.m4 | 62 + m4/strndup.m4 | 58 + m4/strnlen.m4 | 30 + m4/sys_socket_h.m4 | 206 + m4/sys_stat_h.m4 | 127 + m4/sys_types_h.m4 | 70 + m4/sysexits.m4 | 42 + m4/threadlib.m4 | 664 + m4/time_h.m4 | 177 + m4/uintmax_t.m4 | 30 + m4/unistd-safer.m4 | 10 + m4/unistd_h.m4 | 270 + m4/vasnprintf.m4 | 298 + m4/visibility.m4 | 82 + m4/vsnprintf.m4 | 62 + m4/warn-on-use.m4 | 49 + m4/wchar_h.m4 | 257 + m4/wchar_t.m4 | 24 + m4/wcrtomb.m4 | 146 + m4/wctype_h.m4 | 200 + m4/wcwidth.m4 | 115 + m4/wint_t.m4 | 57 + m4/wmemchr.m4 | 25 + m4/wmempcpy.m4 | 21 + m4/xsize.m4 | 12 + m4/year2038.m4 | 124 + m4/zzgnulib.m4 | 23 + po/Makefile.in.in | 478 + po/Makevars | 60 + po/POTFILES-shell.in | 33 + po/POTFILES.in | 1532 + po/README | 24 + po/Rules-piglatin | 41 + po/Rules-quot | 47 + po/Rules-swiss | 7 + po/Rules-translit | 16 + po/Rules-windowsdir | 11 + po/arabic.sed | 83 + po/boldquot.sed | 10 + po/cyrillic.sed | 106 + po/en@boldquot.header | 25 + po/en@piglatin.header | 4 + po/en@quot.header | 22 + po/exclude.pot | 7497 +++ .../0001-Support-POTFILES-shell.patch | 54 + ...Handle-gettext_printf-shell-function.patch | 46 + ...-Make-msgfmt-output-in-little-endian.patch | 34 + .../0004-Use-SHELL-rather-than-bin-sh.patch | 26 + po/greek.sed | 108 + po/grub.d.sed | 2 + po/grub.pot | 8312 +++ po/hebrew.sed | 91 + po/insert-header.sin | 23 + po/piglatin.sed | 21 + po/quot.sed | 6 + po/remove-potcdate.sin | 19 + po/stamp-po | 1 + po/swiss.sed | 7 + stamp-h.in | 1 + tests/ahci_test.in | 58 + tests/asn1_test.in | 11 + tests/btrfs_test.in | 25 + tests/cdboot_test.in | 40 + tests/cmp_unit_test.c | 226 + tests/core_compress_test.in | 38 + tests/cpio_test.in | 16 + tests/date_unit_test.c | 76 + tests/dfly-mbr-mbexample.dfly.img.gz | Bin 0 -> 124 bytes tests/dfly-mbr-mbexample.mbr.img.gz | Bin 0 -> 41 bytes tests/ehci_test.in | 56 + tests/erofs_test.in | 20 + tests/example_grub_script_test.in | 3 + tests/example_scripted_test.in | 4 + tests/example_unit_test.c | 38 + tests/exfat_test.in | 18 + tests/ext234_test.in | 33 + tests/f2fs_test.in | 19 + tests/fat_test.in | 22 + tests/fddboot_test.in | 52 + tests/file_filter/file | 1 + tests/file_filter/file.gz | Bin 0 -> 33 bytes tests/file_filter/file.gz.sig | Bin 0 -> 96 bytes tests/file_filter/file.lzop | Bin 0 -> 67 bytes tests/file_filter/file.lzop.sig | Bin 0 -> 96 bytes tests/file_filter/file.xz | Bin 0 -> 72 bytes tests/file_filter/file.xz.sig | Bin 0 -> 96 bytes tests/file_filter/keys | Bin 0 -> 994 bytes tests/file_filter/keys.pub | Bin 0 -> 990 bytes tests/file_filter/test.cfg | 6 + tests/file_filter_test.in | 76 + tests/gettext_strings_test.in | 20 + tests/grub_cmd_cryptomount.in | 199 + tests/grub_cmd_date.in | 30 + tests/grub_cmd_echo.in | 41 + tests/grub_cmd_regexp.in | 42 + tests/grub_cmd_set_date.in | 35 + tests/grub_cmd_sleep.in | 25 + tests/grub_cmd_test.in | 68 + tests/grub_cmd_tr.in | 62 + tests/grub_func_test.in | 28 + tests/grub_script_blanklines.in | 15 + tests/grub_script_blockarg.in | 42 + tests/grub_script_break.in | 86 + tests/grub_script_comments.in | 28 + tests/grub_script_continue.in | 86 + tests/grub_script_dollar.in | 6 + tests/grub_script_echo1.in | 183 + tests/grub_script_echo_keywords.in | 3 + tests/grub_script_escape_comma.in | 18 + tests/grub_script_eval.in | 14 + tests/grub_script_expansion.in | 44 + tests/grub_script_final_semicolon.in | 11 + tests/grub_script_for1.in | 27 + tests/grub_script_functions.in | 147 + tests/grub_script_gettext.in | 69 + tests/grub_script_if.in | 31 + tests/grub_script_leading_whitespace.in | 4 + tests/grub_script_no_commands.in | 21 + tests/grub_script_not.in | 62 + tests/grub_script_return.in | 134 + tests/grub_script_setparams.in | 59 + tests/grub_script_shift.in | 85 + tests/grub_script_strcmp.in | 22 + tests/grub_script_test.in | 15 + tests/grub_script_vars1.in | 34 + tests/grub_script_while1.in | 32 + tests/gzcompress_test.in | 30 + tests/hddboot_test.in | 38 + tests/help_test.in | 19 + tests/hfs_test.in | 23 + tests/hfsplus_test.in | 20 + tests/iso9660_test.in | 53 + tests/jfs_test.in | 18 + tests/lib/unit_test.c | 42 + tests/luks1_test.in | 23 + tests/luks2_test.in | 23 + tests/lzocompress_test.in | 30 + tests/minixfs_test.in | 30 + tests/netboot_test.in | 46 + tests/nilfs2_test.in | 18 + tests/ntfs_test.in | 24 + tests/ohci_test.in | 56 + tests/partmap_test.in | 491 + tests/pata_test.in | 58 + tests/printf_unit_test.c | 78 + tests/priority_queue_unit_test.cc | 105 + tests/pseries_test.in | 37 + tests/reiserfs_test.in | 21 + tests/romfs_test.in | 10 + tests/serial_test.in | 55 + tests/squashfs_test.in | 12 + tests/syslinux/ubuntu10.04/isolinux/adtxt.cfg | 0 .../syslinux/ubuntu10.04/isolinux/dtmenu.cfg | 52 + .../ubuntu10.04/isolinux/exithelp.cfg | 3 + .../syslinux/ubuntu10.04/isolinux/gfxboot.cfg | 12 + .../ubuntu10.04/isolinux/isolinux.cfg | 6 + tests/syslinux/ubuntu10.04/isolinux/menu.cfg | 23 + tests/syslinux/ubuntu10.04/isolinux/po4a.cfg | 3 + .../syslinux/ubuntu10.04/isolinux/prompt.cfg | 16 + tests/syslinux/ubuntu10.04/isolinux/rqtxt.cfg | 4 + .../syslinux/ubuntu10.04/isolinux/stdmenu.cfg | 15 + tests/syslinux/ubuntu10.04/isolinux/txt.cfg | 19 + tests/syslinux/ubuntu10.04_grub.cfg.in | 236 + tests/syslinux_test.in | 16 + tests/tar_test.in | 10 + tests/test_sha512sum.in | 37 + tests/test_unset.in | 10 + tests/tpm2_key_protector_test.in | 360 + tests/udf_test.in | 19 + tests/uhci_test.in | 56 + tests/util/grub-fs-tester.in | 1716 + tests/util/grub-shell-luks-tester.in | 378 + tests/util/grub-shell-tester.in | 106 + tests/util/grub-shell.in | 725 + tests/xfs_test.in | 20 + tests/xzcompress_test.in | 30 + tests/zfs_test.in | 28 + themes/starfield/COPYING.CC-BY-SA-3.0 | 65 + themes/starfield/README | 36 + themes/starfield/blob_w.png | Bin 0 -> 836 bytes themes/starfield/boot_menu_c.png | Bin 0 -> 178 bytes themes/starfield/boot_menu_e.png | Bin 0 -> 193 bytes themes/starfield/boot_menu_n.png | Bin 0 -> 103 bytes themes/starfield/boot_menu_ne.png | Bin 0 -> 193 bytes themes/starfield/boot_menu_nw.png | Bin 0 -> 184 bytes themes/starfield/boot_menu_s.png | Bin 0 -> 102 bytes themes/starfield/boot_menu_se.png | Bin 0 -> 198 bytes themes/starfield/boot_menu_sw.png | Bin 0 -> 196 bytes themes/starfield/boot_menu_w.png | Bin 0 -> 96 bytes themes/starfield/slider_c.png | Bin 0 -> 197 bytes themes/starfield/slider_n.png | Bin 0 -> 265 bytes themes/starfield/slider_s.png | Bin 0 -> 269 bytes themes/starfield/src/blob_nw.xcf | Bin 0 -> 2666 bytes themes/starfield/src/bootmenu/center.xcf | Bin 0 -> 649 bytes themes/starfield/src/bootmenu/corner.xcf | Bin 0 -> 783 bytes themes/starfield/src/bootmenu/side.xcf | Bin 0 -> 659 bytes themes/starfield/src/slider_c.xcf | Bin 0 -> 693 bytes themes/starfield/src/slider_n.xcf | Bin 0 -> 845 bytes themes/starfield/src/slider_s.xcf | Bin 0 -> 863 bytes themes/starfield/src/terminalbox/center.xcf | Bin 0 -> 649 bytes themes/starfield/src/terminalbox/corner.xcf | Bin 0 -> 725 bytes themes/starfield/src/terminalbox/side.xcf | Bin 0 -> 824 bytes themes/starfield/starfield.png | Bin 0 -> 1897028 bytes themes/starfield/terminal_box_c.png | Bin 0 -> 178 bytes themes/starfield/terminal_box_e.png | Bin 0 -> 94 bytes themes/starfield/terminal_box_n.png | Bin 0 -> 194 bytes themes/starfield/terminal_box_ne.png | Bin 0 -> 128 bytes themes/starfield/terminal_box_nw.png | Bin 0 -> 210 bytes themes/starfield/terminal_box_s.png | Bin 0 -> 101 bytes themes/starfield/terminal_box_se.png | Bin 0 -> 126 bytes themes/starfield/terminal_box_sw.png | Bin 0 -> 123 bytes themes/starfield/terminal_box_w.png | Bin 0 -> 97 bytes themes/starfield/theme.txt | 79 + unicode/ArabicShaping.txt | 378 + unicode/BidiMirroring.txt | 597 + unicode/COPYING | 9 + unicode/UnicodeData.txt | 23697 +++++++ util/bash-completion.d/Makefile.am | 117 + util/bash-completion.d/Makefile.in | 1738 + .../bash-completion.d/grub-bios-setup.bash.in | 30 + .../bash-completion.d/grub-completion.bash.in | 422 + util/bash-completion.d/grub-editenv.bash.in | 30 + util/bash-completion.d/grub-install.bash.in | 30 + util/bash-completion.d/grub-mkconfig.bash.in | 30 + util/bash-completion.d/grub-mkfont.bash.in | 30 + util/bash-completion.d/grub-mkimage.bash.in | 30 + .../grub-mkpasswd-pbkdf2.bash.in | 30 + util/bash-completion.d/grub-mkrescue.bash.in | 30 + util/bash-completion.d/grub-probe.bash.in | 30 + util/bash-completion.d/grub-reboot.bash.in | 30 + .../grub-script-check.bash.in | 30 + .../grub-set-default.bash.in | 30 + .../grub-sparc64-setup.bash.in | 30 + util/bin2h.c | 64 + util/config.c | 121 + util/editenv.c | 135 + util/garbage-gen.c | 67 + util/getroot.c | 482 + util/glue-efi.c | 153 + util/grub-editenv.c | 305 + util/grub-file.c | 106 + util/grub-fstest.c | 792 + util/grub-gen-asciih.c | 256 + util/grub-gen-widthspec.c | 153 + util/grub-glue-efi.c | 125 + util/grub-install-common.c | 1191 + util/grub-install.c | 2051 + util/grub-kbdcomp.in | 77 + util/grub-macbless.c | 205 + util/grub-macho2img.c | 120 + util/grub-menulst2cfg.c | 135 + util/grub-mkconfig.in | 316 + util/grub-mkconfig_lib.in | 350 + util/grub-mkfont.c | 1337 + util/grub-mkimage.c | 358 + util/grub-mkimage32.c | 26 + util/grub-mkimage64.c | 26 + util/grub-mkimagexx.c | 2643 + util/grub-mklayout.c | 529 + util/grub-mknetdir.c | 228 + util/grub-mkpasswd-pbkdf2.c | 200 + util/grub-mkrelpath.c | 105 + util/grub-mkrescue.c | 1043 + util/grub-mkstandalone.c | 384 + util/grub-module-verifier.c | 267 + util/grub-module-verifier32.c | 4 + util/grub-module-verifier64.c | 4 + util/grub-module-verifierXX.c | 521 + util/grub-mount.c | 642 + util/grub-pe2elf.c | 573 + util/grub-probe.c | 932 + util/grub-protect.c | 1638 + util/grub-reboot.in | 160 + util/grub-render-label.c | 193 + util/grub-script-check.c | 218 + util/grub-set-default.in | 137 + util/grub-setup.c | 333 + util/grub-syslinux2cfg.c | 246 + util/grub.d/00_header.in | 356 + util/grub.d/10_hurd.in | 273 + util/grub.d/10_illumos.in | 53 + util/grub.d/10_kfreebsd.in | 260 + util/grub.d/10_linux.in | 314 + util/grub.d/10_netbsd.in | 200 + util/grub.d/10_windows.in | 100 + util/grub.d/10_xnu.in | 98 + util/grub.d/20_linux_xen.in | 380 + util/grub.d/25_bli.in | 24 + util/grub.d/30_os-prober.in | 363 + util/grub.d/30_uefi-firmware.in | 42 + util/grub.d/40_custom.in | 5 + util/grub.d/41_custom.in | 9 + util/grub.d/README | 11 + util/i386/efi/grub-dumpdevtree | 22 + util/ieee1275/grub-ofpathname.c | 56 + util/import_gcry.py | 726 + util/import_gcrypth.sed | 16 + util/import_unicode.py | 193 + util/misc.c | 225 + util/mkimage.c | 1851 + util/probe.c | 170 + util/render-label.c | 215 + util/resolve.c | 290 + util/setup.c | 877 + util/setup_bios.c | 2 + util/setup_sparc.c | 2 + util/spkmodem-recv.c | 115 + 2712 files changed, 1099893 insertions(+) create mode 100644 ABOUT-NLS create mode 100644 AUTHORS create mode 100644 BUGS create mode 100644 COPYING create mode 100644 ChangeLog create mode 100644 INSTALL create mode 100644 Makefile.am create mode 100644 Makefile.in create mode 100644 Makefile.util.am create mode 100644 Makefile.util.def create mode 100644 Makefile.utilgcry.def create mode 100644 NEWS create mode 100644 README create mode 100644 THANKS create mode 100644 TODO create mode 100644 acinclude.m4 create mode 100644 aclocal.m4 create mode 100644 asm-tests/arm.S create mode 100644 asm-tests/i386-pc.S create mode 100644 asm-tests/i386.S create mode 100644 asm-tests/mips.S create mode 100644 asm-tests/powerpc.S create mode 100644 asm-tests/sparc64.S create mode 100755 autogen.sh create mode 100755 build-aux/compile create mode 100755 build-aux/config.guess create mode 100755 build-aux/config.rpath create mode 100755 build-aux/config.sub create mode 100755 build-aux/depcomp create mode 100755 build-aux/gitlog-to-changelog create mode 100755 build-aux/install-sh create mode 100755 build-aux/mdate-sh create mode 100755 build-aux/missing create mode 100755 build-aux/test-driver create mode 100644 build-aux/texinfo.tex create mode 100644 conf/Makefile.common create mode 100644 conf/Makefile.extra-dist create mode 100644 conf/i386-cygwin-img-ld.sc create mode 100644 config-util.h.in create mode 100644 config.h.in create mode 100755 configure create mode 100644 configure.ac create mode 100644 coreboot.cfg create mode 100644 docs/Makefile.am create mode 100644 docs/Makefile.in create mode 100644 docs/autoiso.cfg create mode 100644 docs/fdl.texi create mode 100644 docs/font_char_metrics.png create mode 100644 docs/font_char_metrics.txt create mode 100644 docs/grub-dev.info create mode 100644 docs/grub-dev.texi create mode 100644 docs/grub.cfg create mode 100644 docs/grub.info create mode 100644 docs/grub.info-1 create mode 100644 docs/grub.info-2 create mode 100644 docs/grub.texi create mode 100644 docs/man/grub-bios-setup.h2m create mode 100644 docs/man/grub-editenv.h2m create mode 100644 docs/man/grub-emu.h2m create mode 100644 docs/man/grub-file.h2m create mode 100644 docs/man/grub-fstest.h2m create mode 100644 docs/man/grub-glue-efi.h2m create mode 100644 docs/man/grub-install.h2m create mode 100644 docs/man/grub-kbdcomp.h2m create mode 100644 docs/man/grub-macbless.h2m create mode 100644 docs/man/grub-macho2img.h2m create mode 100644 docs/man/grub-menulst2cfg.h2m create mode 100644 docs/man/grub-mkconfig.h2m create mode 100644 docs/man/grub-mkfont.h2m create mode 100644 docs/man/grub-mkimage.h2m create mode 100644 docs/man/grub-mklayout.h2m create mode 100644 docs/man/grub-mknetdir.h2m create mode 100644 docs/man/grub-mkpasswd-pbkdf2.h2m create mode 100644 docs/man/grub-mkrelpath.h2m create mode 100644 docs/man/grub-mkrescue.h2m create mode 100644 docs/man/grub-mkstandalone.h2m create mode 100644 docs/man/grub-mount.h2m create mode 100644 docs/man/grub-ofpathname.h2m create mode 100644 docs/man/grub-pe2elf.h2m create mode 100644 docs/man/grub-probe.h2m create mode 100644 docs/man/grub-protect.h2m create mode 100644 docs/man/grub-reboot.h2m create mode 100644 docs/man/grub-render-label.h2m create mode 100644 docs/man/grub-script-check.h2m create mode 100644 docs/man/grub-set-default.h2m create mode 100644 docs/man/grub-sparc64-setup.h2m create mode 100644 docs/man/grub-syslinux2cfg.h2m create mode 100644 docs/mdate-sh create mode 100644 docs/osdetect.cfg create mode 100644 docs/stamp-1 create mode 100644 docs/stamp-vti create mode 100644 docs/texinfo.tex create mode 100644 docs/version-dev.texi create mode 100644 docs/version.texi create mode 100644 geninit.sh create mode 100644 gentpl.py create mode 100644 grub-core/Makefile.am create mode 100644 grub-core/Makefile.core.am create mode 100644 grub-core/Makefile.core.def create mode 100644 grub-core/Makefile.gcry.def create mode 100644 grub-core/Makefile.in create mode 100644 grub-core/boot/decompressor/minilib.c create mode 100644 grub-core/boot/decompressor/none.c create mode 100644 grub-core/boot/decompressor/xz.c create mode 100644 grub-core/boot/i386/pc/boot.S create mode 100644 grub-core/boot/i386/pc/cdboot.S create mode 100644 grub-core/boot/i386/pc/diskboot.S create mode 100644 grub-core/boot/i386/pc/lnxboot.S create mode 100644 grub-core/boot/i386/pc/lzma_decode.S create mode 100644 grub-core/boot/i386/pc/pxeboot.S create mode 100644 grub-core/boot/i386/pc/startup_raw.S create mode 100644 grub-core/boot/i386/qemu/boot.S create mode 100644 grub-core/boot/mips/loongson/fuloong2f.S create mode 100644 grub-core/boot/mips/loongson/fwstart.S create mode 100644 grub-core/boot/mips/startup_raw.S create mode 100644 grub-core/boot/powerpc/bootinfo.txt.in create mode 100644 grub-core/boot/powerpc/grub.chrp.in create mode 100644 grub-core/boot/sparc64/ieee1275/boot.S create mode 100644 grub-core/boot/sparc64/ieee1275/diskboot.S create mode 100644 grub-core/bus/bonito.c create mode 100644 grub-core/bus/cs5536.c create mode 100644 grub-core/bus/emu/pci.c create mode 100644 grub-core/bus/fdt.c create mode 100644 grub-core/bus/i386/ieee1275/pci.c create mode 100644 grub-core/bus/pci.c create mode 100644 grub-core/bus/spi/rk3288_spi.c create mode 100644 grub-core/bus/usb/ehci-fdt.c create mode 100644 grub-core/bus/usb/ehci-pci.c create mode 100644 grub-core/bus/usb/ehci.c create mode 100644 grub-core/bus/usb/ohci.c create mode 100644 grub-core/bus/usb/serial/common.c create mode 100644 grub-core/bus/usb/serial/ftdi.c create mode 100644 grub-core/bus/usb/serial/pl2303.c create mode 100644 grub-core/bus/usb/serial/usbdebug_late.c create mode 100644 grub-core/bus/usb/uhci.c create mode 100644 grub-core/bus/usb/usb.c create mode 100644 grub-core/bus/usb/usbhub.c create mode 100644 grub-core/bus/usb/usbtrans.c create mode 100644 grub-core/commands/acpi.c create mode 100644 grub-core/commands/acpihalt.c create mode 100644 grub-core/commands/arc/lsdev.c create mode 100644 grub-core/commands/bli.c create mode 100644 grub-core/commands/blocklist.c create mode 100644 grub-core/commands/boot.c create mode 100644 grub-core/commands/boottime.c create mode 100644 grub-core/commands/cacheinfo.c create mode 100644 grub-core/commands/cat.c create mode 100644 grub-core/commands/cmp.c create mode 100644 grub-core/commands/configfile.c create mode 100644 grub-core/commands/date.c create mode 100644 grub-core/commands/echo.c create mode 100644 grub-core/commands/efi/efifwsetup.c create mode 100644 grub-core/commands/efi/efitextmode.c create mode 100644 grub-core/commands/efi/fixvideo.c create mode 100644 grub-core/commands/efi/loadbios.c create mode 100644 grub-core/commands/efi/lsefi.c create mode 100644 grub-core/commands/efi/lsefimmap.c create mode 100644 grub-core/commands/efi/lsefisystab.c create mode 100644 grub-core/commands/efi/lssal.c create mode 100644 grub-core/commands/efi/smbios.c create mode 100644 grub-core/commands/efi/tpm.c create mode 100644 grub-core/commands/eval.c create mode 100644 grub-core/commands/extcmd.c create mode 100644 grub-core/commands/file.c create mode 100644 grub-core/commands/file32.c create mode 100644 grub-core/commands/file64.c create mode 100644 grub-core/commands/fileXX.c create mode 100644 grub-core/commands/gptsync.c create mode 100644 grub-core/commands/halt.c create mode 100644 grub-core/commands/hashsum.c create mode 100644 grub-core/commands/hdparm.c create mode 100644 grub-core/commands/help.c create mode 100644 grub-core/commands/hexdump.c create mode 100644 grub-core/commands/i386/cmosdump.c create mode 100644 grub-core/commands/i386/cmostest.c create mode 100644 grub-core/commands/i386/coreboot/cb_timestamps.c create mode 100644 grub-core/commands/i386/coreboot/cbls.c create mode 100644 grub-core/commands/i386/cpuid.c create mode 100644 grub-core/commands/i386/pc/drivemap.c create mode 100644 grub-core/commands/i386/pc/drivemap_int13h.S create mode 100644 grub-core/commands/i386/pc/halt.c create mode 100644 grub-core/commands/i386/pc/lsapm.c create mode 100644 grub-core/commands/i386/pc/play.c create mode 100644 grub-core/commands/i386/pc/sendkey.c create mode 100644 grub-core/commands/i386/pc/smbios.c create mode 100644 grub-core/commands/i386/rdmsr.c create mode 100644 grub-core/commands/i386/wrmsr.c create mode 100644 grub-core/commands/ieee1275/ibmvtpm.c create mode 100644 grub-core/commands/ieee1275/suspend.c create mode 100644 grub-core/commands/iorw.c create mode 100644 grub-core/commands/keylayouts.c create mode 100644 grub-core/commands/keystatus.c create mode 100644 grub-core/commands/legacycfg.c create mode 100644 grub-core/commands/loadenv.c create mode 100644 grub-core/commands/ls.c create mode 100644 grub-core/commands/lsacpi.c create mode 100644 grub-core/commands/lsmmap.c create mode 100644 grub-core/commands/lspci.c create mode 100644 grub-core/commands/macbless.c create mode 100644 grub-core/commands/memrw.c create mode 100644 grub-core/commands/memtools.c create mode 100644 grub-core/commands/menuentry.c create mode 100644 grub-core/commands/minicmd.c create mode 100644 grub-core/commands/mips/loongson/lsspd.c create mode 100644 grub-core/commands/nativedisk.c create mode 100644 grub-core/commands/parttool.c create mode 100644 grub-core/commands/password.c create mode 100644 grub-core/commands/password_pbkdf2.c create mode 100644 grub-core/commands/pcidump.c create mode 100644 grub-core/commands/pgp.c create mode 100644 grub-core/commands/probe.c create mode 100644 grub-core/commands/read.c create mode 100644 grub-core/commands/reboot.c create mode 100644 grub-core/commands/regexp.c create mode 100644 grub-core/commands/search.c create mode 100644 grub-core/commands/search_file.c create mode 100644 grub-core/commands/search_label.c create mode 100644 grub-core/commands/search_uuid.c create mode 100644 grub-core/commands/search_wrap.c create mode 100644 grub-core/commands/setpci.c create mode 100644 grub-core/commands/sleep.c create mode 100644 grub-core/commands/smbios.c create mode 100644 grub-core/commands/syslinuxcfg.c create mode 100644 grub-core/commands/terminal.c create mode 100644 grub-core/commands/test.c create mode 100644 grub-core/commands/testload.c create mode 100644 grub-core/commands/testspeed.c create mode 100644 grub-core/commands/time.c create mode 100644 grub-core/commands/tpm.c create mode 100644 grub-core/commands/tpm2_key_protector/args.c create mode 100644 grub-core/commands/tpm2_key_protector/module.c create mode 100644 grub-core/commands/tpm2_key_protector/tpm2.h create mode 100644 grub-core/commands/tpm2_key_protector/tpm2_args.h create mode 100644 grub-core/commands/tpm2_key_protector/tpm2key.c create mode 100644 grub-core/commands/tpm2_key_protector/tpm2key.h create mode 100644 grub-core/commands/tpm2_key_protector/tpm2key_asn1_tab.c create mode 100644 grub-core/commands/tr.c create mode 100644 grub-core/commands/true.c create mode 100644 grub-core/commands/usbtest.c create mode 100644 grub-core/commands/videoinfo.c create mode 100644 grub-core/commands/videotest.c create mode 100644 grub-core/commands/wildcard.c create mode 100644 grub-core/commands/xen/lsxen.c create mode 100644 grub-core/commands/xnu_uuid.c create mode 100644 grub-core/disk/AFSplitter.c create mode 100644 grub-core/disk/ahci.c create mode 100644 grub-core/disk/arc/arcdisk.c create mode 100644 grub-core/disk/ata.c create mode 100644 grub-core/disk/cryptodisk.c create mode 100644 grub-core/disk/diskfilter.c create mode 100644 grub-core/disk/dmraid_nvidia.c create mode 100644 grub-core/disk/efi/efidisk.c create mode 100644 grub-core/disk/geli.c create mode 100644 grub-core/disk/host.c create mode 100644 grub-core/disk/i386/pc/biosdisk.c create mode 100644 grub-core/disk/ieee1275/nand.c create mode 100644 grub-core/disk/ieee1275/obdisk.c create mode 100644 grub-core/disk/ieee1275/ofdisk.c create mode 100644 grub-core/disk/key_protector.c create mode 100644 grub-core/disk/ldm.c create mode 100644 grub-core/disk/loopback.c create mode 100644 grub-core/disk/luks.c create mode 100644 grub-core/disk/luks2.c create mode 100644 grub-core/disk/lvm.c create mode 100644 grub-core/disk/mdraid1x_linux.c create mode 100644 grub-core/disk/mdraid_linux.c create mode 100644 grub-core/disk/mdraid_linux_be.c create mode 100644 grub-core/disk/memdisk.c create mode 100644 grub-core/disk/pata.c create mode 100644 grub-core/disk/plainmount.c create mode 100644 grub-core/disk/raid5_recover.c create mode 100644 grub-core/disk/raid6_recover.c create mode 100644 grub-core/disk/scsi.c create mode 100644 grub-core/disk/uboot/ubootdisk.c create mode 100644 grub-core/disk/usbms.c create mode 100644 grub-core/disk/xen/xendisk.c create mode 100644 grub-core/efiemu/i386/coredetect.c create mode 100644 grub-core/efiemu/i386/loadcore32.c create mode 100644 grub-core/efiemu/i386/loadcore64.c create mode 100644 grub-core/efiemu/i386/nocfgtables.c create mode 100644 grub-core/efiemu/i386/pc/cfgtables.c create mode 100644 grub-core/efiemu/loadcore.c create mode 100644 grub-core/efiemu/loadcore32.c create mode 100644 grub-core/efiemu/loadcore64.c create mode 100644 grub-core/efiemu/loadcore_common.c create mode 100644 grub-core/efiemu/main.c create mode 100644 grub-core/efiemu/mm.c create mode 100644 grub-core/efiemu/pnvram.c create mode 100644 grub-core/efiemu/prepare.c create mode 100644 grub-core/efiemu/prepare32.c create mode 100644 grub-core/efiemu/prepare64.c create mode 100644 grub-core/efiemu/runtime/config.h create mode 100644 grub-core/efiemu/runtime/efiemu.S create mode 100644 grub-core/efiemu/runtime/efiemu.c create mode 100644 grub-core/efiemu/symbols.c create mode 100644 grub-core/font/font.c create mode 100644 grub-core/font/font_cmd.c create mode 100644 grub-core/fs/affs.c create mode 100644 grub-core/fs/afs.c create mode 100644 grub-core/fs/archelp.c create mode 100644 grub-core/fs/bfs.c create mode 100644 grub-core/fs/btrfs.c create mode 100644 grub-core/fs/cbfs.c create mode 100644 grub-core/fs/cpio.c create mode 100644 grub-core/fs/cpio_be.c create mode 100644 grub-core/fs/cpio_common.c create mode 100644 grub-core/fs/erofs.c create mode 100644 grub-core/fs/exfat.c create mode 100644 grub-core/fs/ext2.c create mode 100644 grub-core/fs/f2fs.c create mode 100644 grub-core/fs/fat.c create mode 100644 grub-core/fs/fshelp.c create mode 100644 grub-core/fs/hfs.c create mode 100644 grub-core/fs/hfsplus.c create mode 100644 grub-core/fs/hfspluscomp.c create mode 100644 grub-core/fs/iso9660.c create mode 100644 grub-core/fs/jfs.c create mode 100644 grub-core/fs/minix.c create mode 100644 grub-core/fs/minix2.c create mode 100644 grub-core/fs/minix2_be.c create mode 100644 grub-core/fs/minix3.c create mode 100644 grub-core/fs/minix3_be.c create mode 100644 grub-core/fs/minix_be.c create mode 100644 grub-core/fs/newc.c create mode 100644 grub-core/fs/nilfs2.c create mode 100644 grub-core/fs/ntfs.c create mode 100644 grub-core/fs/ntfscomp.c create mode 100644 grub-core/fs/odc.c create mode 100644 grub-core/fs/proc.c create mode 100644 grub-core/fs/reiserfs.c create mode 100644 grub-core/fs/romfs.c create mode 100644 grub-core/fs/sfs.c create mode 100644 grub-core/fs/squash4.c create mode 100644 grub-core/fs/tar.c create mode 100644 grub-core/fs/udf.c create mode 100644 grub-core/fs/ufs.c create mode 100644 grub-core/fs/ufs2.c create mode 100644 grub-core/fs/ufs_be.c create mode 100644 grub-core/fs/xfs.c create mode 100644 grub-core/fs/zfs/zfs.c create mode 100644 grub-core/fs/zfs/zfs_fletcher.c create mode 100644 grub-core/fs/zfs/zfs_lz4.c create mode 100644 grub-core/fs/zfs/zfs_lzjb.c create mode 100644 grub-core/fs/zfs/zfs_sha256.c create mode 100644 grub-core/fs/zfs/zfscrypt.c create mode 100644 grub-core/fs/zfs/zfsinfo.c create mode 100644 grub-core/gdb/cstub.c create mode 100644 grub-core/gdb/gdb.c create mode 100644 grub-core/gdb/i386/idt.c create mode 100644 grub-core/gdb/i386/machdep.S create mode 100644 grub-core/gdb/i386/signal.c create mode 100644 grub-core/gdb_grub.in create mode 100644 grub-core/gdb_helper.py.in create mode 100644 grub-core/genemuinit.sh create mode 100644 grub-core/genemuinitheader.sh create mode 100644 grub-core/genmod.sh.in create mode 100644 grub-core/genmoddep.awk create mode 100644 grub-core/gensyminfo.sh.in create mode 100644 grub-core/gensymlist.sh create mode 100644 grub-core/gentrigtables.c create mode 100644 grub-core/gettext/gettext.c create mode 100644 grub-core/gfxmenu/font.c create mode 100644 grub-core/gfxmenu/gfxmenu.c create mode 100644 grub-core/gfxmenu/gui_box.c create mode 100644 grub-core/gfxmenu/gui_canvas.c create mode 100644 grub-core/gfxmenu/gui_circular_progress.c create mode 100644 grub-core/gfxmenu/gui_image.c create mode 100644 grub-core/gfxmenu/gui_label.c create mode 100644 grub-core/gfxmenu/gui_list.c create mode 100644 grub-core/gfxmenu/gui_progress_bar.c create mode 100644 grub-core/gfxmenu/gui_string_util.c create mode 100644 grub-core/gfxmenu/gui_util.c create mode 100644 grub-core/gfxmenu/icon_manager.c create mode 100644 grub-core/gfxmenu/theme_loader.c create mode 100644 grub-core/gfxmenu/view.c create mode 100644 grub-core/gfxmenu/widget-box.c create mode 100644 grub-core/hello/hello.c create mode 100644 grub-core/hook/datehook.c create mode 100644 grub-core/io/bufio.c create mode 100644 grub-core/io/gzio.c create mode 100644 grub-core/io/lzopio.c create mode 100644 grub-core/io/offset.c create mode 100644 grub-core/io/xzio.c create mode 100644 grub-core/kern/acpi.c create mode 100644 grub-core/kern/arm/cache.S create mode 100644 grub-core/kern/arm/cache.c create mode 100644 grub-core/kern/arm/cache_armv6.S create mode 100644 grub-core/kern/arm/cache_armv7.S create mode 100644 grub-core/kern/arm/compiler-rt.S create mode 100644 grub-core/kern/arm/coreboot/cbtable.c create mode 100644 grub-core/kern/arm/coreboot/coreboot.S create mode 100644 grub-core/kern/arm/coreboot/dma.c create mode 100644 grub-core/kern/arm/coreboot/init.c create mode 100644 grub-core/kern/arm/coreboot/timer.c create mode 100644 grub-core/kern/arm/dl.c create mode 100644 grub-core/kern/arm/dl_helper.c create mode 100644 grub-core/kern/arm/efi/init.c create mode 100644 grub-core/kern/arm/efi/startup.S create mode 100644 grub-core/kern/arm/startup.S create mode 100644 grub-core/kern/arm/uboot/init.c create mode 100644 grub-core/kern/arm/uboot/uboot.S create mode 100644 grub-core/kern/arm64/cache.c create mode 100644 grub-core/kern/arm64/cache_flush.S create mode 100644 grub-core/kern/arm64/dl.c create mode 100644 grub-core/kern/arm64/dl_helper.c create mode 100644 grub-core/kern/arm64/efi/init.c create mode 100644 grub-core/kern/arm64/efi/startup.S create mode 100644 grub-core/kern/buffer.c create mode 100644 grub-core/kern/command.c create mode 100644 grub-core/kern/compiler-rt.c create mode 100644 grub-core/kern/coreboot/cbtable.c create mode 100644 grub-core/kern/coreboot/mmap.c create mode 100644 grub-core/kern/corecmd.c create mode 100644 grub-core/kern/device.c create mode 100644 grub-core/kern/disk.c create mode 100644 grub-core/kern/disk_common.c create mode 100644 grub-core/kern/dl.c create mode 100644 grub-core/kern/efi/acpi.c create mode 100644 grub-core/kern/efi/debug.c create mode 100644 grub-core/kern/efi/efi.c create mode 100644 grub-core/kern/efi/fdt.c create mode 100644 grub-core/kern/efi/init.c create mode 100644 grub-core/kern/efi/mm.c create mode 100644 grub-core/kern/efi/sb.c create mode 100644 grub-core/kern/elf.c create mode 100644 grub-core/kern/elfXX.c create mode 100644 grub-core/kern/emu/argp_common.c create mode 100644 grub-core/kern/emu/cache.c create mode 100644 grub-core/kern/emu/cache_s.S create mode 100644 grub-core/kern/emu/full.c create mode 100644 grub-core/kern/emu/hostdisk.c create mode 100644 grub-core/kern/emu/hostfs.c create mode 100644 grub-core/kern/emu/lite.c create mode 100644 grub-core/kern/emu/main.c create mode 100644 grub-core/kern/emu/misc.c create mode 100644 grub-core/kern/emu/mm.c create mode 100644 grub-core/kern/emu/time.c create mode 100644 grub-core/kern/env.c create mode 100644 grub-core/kern/err.c create mode 100644 grub-core/kern/file.c create mode 100644 grub-core/kern/fs.c create mode 100644 grub-core/kern/generic/millisleep.c create mode 100644 grub-core/kern/generic/rtc_get_time_ms.c create mode 100644 grub-core/kern/i386/coreboot/cbtable.c create mode 100644 grub-core/kern/i386/coreboot/init.c create mode 100644 grub-core/kern/i386/coreboot/startup.S create mode 100644 grub-core/kern/i386/dl.c create mode 100644 grub-core/kern/i386/efi/init.c create mode 100644 grub-core/kern/i386/efi/startup.S create mode 100644 grub-core/kern/i386/efi/tsc.c create mode 100644 grub-core/kern/i386/ieee1275/startup.S create mode 100644 grub-core/kern/i386/int.S create mode 100644 grub-core/kern/i386/multiboot_mmap.c create mode 100644 grub-core/kern/i386/pc/acpi.c create mode 100644 grub-core/kern/i386/pc/init.c create mode 100644 grub-core/kern/i386/pc/mmap.c create mode 100644 grub-core/kern/i386/pc/startup.S create mode 100644 grub-core/kern/i386/qemu/init.c create mode 100644 grub-core/kern/i386/qemu/mmap.c create mode 100644 grub-core/kern/i386/qemu/startup.S create mode 100644 grub-core/kern/i386/realmode.S create mode 100644 grub-core/kern/i386/tsc.c create mode 100644 grub-core/kern/i386/tsc_pit.c create mode 100644 grub-core/kern/i386/tsc_pmtimer.c create mode 100644 grub-core/kern/i386/xen/hypercall.S create mode 100644 grub-core/kern/i386/xen/pvh.c create mode 100644 grub-core/kern/i386/xen/startup.S create mode 100644 grub-core/kern/i386/xen/startup_pvh.S create mode 100644 grub-core/kern/i386/xen/tsc.c create mode 100644 grub-core/kern/ia64/cache.c create mode 100644 grub-core/kern/ia64/dl.c create mode 100644 grub-core/kern/ia64/dl_helper.c create mode 100644 grub-core/kern/ia64/efi/init.c create mode 100644 grub-core/kern/ia64/efi/startup.S create mode 100644 grub-core/kern/ieee1275/cmain.c create mode 100644 grub-core/kern/ieee1275/ieee1275.c create mode 100644 grub-core/kern/ieee1275/init.c create mode 100644 grub-core/kern/ieee1275/mmap.c create mode 100644 grub-core/kern/ieee1275/openfw.c create mode 100644 grub-core/kern/list.c create mode 100644 grub-core/kern/lockdown.c create mode 100644 grub-core/kern/loongarch64/cache.c create mode 100644 grub-core/kern/loongarch64/cache_flush.S create mode 100644 grub-core/kern/loongarch64/dl.c create mode 100644 grub-core/kern/loongarch64/dl_helper.c create mode 100644 grub-core/kern/loongarch64/efi/init.c create mode 100644 grub-core/kern/loongarch64/efi/startup.S create mode 100644 grub-core/kern/main.c create mode 100644 grub-core/kern/mips/arc/init.c create mode 100644 grub-core/kern/mips/cache.S create mode 100644 grub-core/kern/mips/cache_flush.S create mode 100644 grub-core/kern/mips/dl.c create mode 100644 grub-core/kern/mips/init.c create mode 100644 grub-core/kern/mips/loongson/init.c create mode 100644 grub-core/kern/mips/qemu_mips/init.c create mode 100644 grub-core/kern/mips/startup.S create mode 100644 grub-core/kern/misc.c create mode 100644 grub-core/kern/mm.c create mode 100644 grub-core/kern/parser.c create mode 100644 grub-core/kern/partition.c create mode 100644 grub-core/kern/powerpc/cache.S create mode 100644 grub-core/kern/powerpc/cache_flush.S create mode 100644 grub-core/kern/powerpc/compiler-rt.S create mode 100644 grub-core/kern/powerpc/dl.c create mode 100644 grub-core/kern/powerpc/ieee1275/startup.S create mode 100644 grub-core/kern/rescue_parser.c create mode 100644 grub-core/kern/rescue_reader.c create mode 100644 grub-core/kern/riscv/cache.c create mode 100644 grub-core/kern/riscv/cache_flush.S create mode 100644 grub-core/kern/riscv/dl.c create mode 100644 grub-core/kern/riscv/efi/init.c create mode 100644 grub-core/kern/riscv/efi/startup.S create mode 100644 grub-core/kern/sparc64/cache.S create mode 100644 grub-core/kern/sparc64/dl.c create mode 100644 grub-core/kern/sparc64/ieee1275/crt0.S create mode 100644 grub-core/kern/sparc64/ieee1275/ieee1275.c create mode 100644 grub-core/kern/term.c create mode 100644 grub-core/kern/time.c create mode 100644 grub-core/kern/uboot/hw.c create mode 100644 grub-core/kern/uboot/init.c create mode 100644 grub-core/kern/uboot/uboot.c create mode 100644 grub-core/kern/verifiers.c create mode 100644 grub-core/kern/vga_init.c create mode 100644 grub-core/kern/x86_64/dl.c create mode 100644 grub-core/kern/x86_64/efi/startup.S create mode 100644 grub-core/kern/x86_64/xen/hypercall.S create mode 100644 grub-core/kern/x86_64/xen/startup.S create mode 100644 grub-core/kern/xen/init.c create mode 100644 grub-core/lib/LzFind.c create mode 100644 grub-core/lib/LzmaDec.c create mode 100644 grub-core/lib/LzmaEnc.c create mode 100644 grub-core/lib/adler32.c create mode 100644 grub-core/lib/arc/datetime.c create mode 100644 grub-core/lib/arg.c create mode 100644 grub-core/lib/arm/setjmp.S create mode 100644 grub-core/lib/arm64/setjmp.S create mode 100644 grub-core/lib/b64dec.c create mode 100644 grub-core/lib/backtrace.c create mode 100644 grub-core/lib/cmdline.c create mode 100644 grub-core/lib/cmos_datetime.c create mode 100644 grub-core/lib/crc.c create mode 100644 grub-core/lib/crc64.c create mode 100644 grub-core/lib/crypto.c create mode 100644 grub-core/lib/datetime.c create mode 100644 grub-core/lib/disk.c create mode 100644 grub-core/lib/division.c create mode 100644 grub-core/lib/dummy/datetime.c create mode 100644 grub-core/lib/dummy/halt.c create mode 100644 grub-core/lib/dummy/reboot.c create mode 100644 grub-core/lib/efi/datetime.c create mode 100644 grub-core/lib/efi/halt.c create mode 100644 grub-core/lib/efi/relocator.c create mode 100644 grub-core/lib/efi/tcg2.c create mode 100644 grub-core/lib/emu/halt.c create mode 100644 grub-core/lib/envblk.c create mode 100644 grub-core/lib/fake_module.c create mode 100644 grub-core/lib/fdt.c create mode 100644 grub-core/lib/getline.c create mode 100644 grub-core/lib/gnulib-patches/fix-gcc-15-compile.patch create mode 100644 grub-core/lib/gnulib-patches/fix-regcomp-resource-leak.patch create mode 100644 grub-core/lib/gnulib-patches/fix-regexec-resource-leak.patch create mode 100644 grub-core/lib/gnulib-patches/fix-unused-value.patch create mode 100644 grub-core/lib/gnulib-patches/fix-width.patch create mode 100644 grub-core/lib/gnulib/Makefile.am create mode 100644 grub-core/lib/gnulib/Makefile.in create mode 100644 grub-core/lib/gnulib/_Noreturn.h create mode 100644 grub-core/lib/gnulib/alloca.c create mode 100644 grub-core/lib/gnulib/alloca.h create mode 100644 grub-core/lib/gnulib/alloca.in.h create mode 100644 grub-core/lib/gnulib/arg-nonnull.h create mode 100644 grub-core/lib/gnulib/argp-ba.c create mode 100644 grub-core/lib/gnulib/argp-eexst.c create mode 100644 grub-core/lib/gnulib/argp-fmtstream.c create mode 100644 grub-core/lib/gnulib/argp-fmtstream.h create mode 100644 grub-core/lib/gnulib/argp-fs-xinl.c create mode 100644 grub-core/lib/gnulib/argp-help.c create mode 100644 grub-core/lib/gnulib/argp-namefrob.h create mode 100644 grub-core/lib/gnulib/argp-parse.c create mode 100644 grub-core/lib/gnulib/argp-pin.c create mode 100644 grub-core/lib/gnulib/argp-pv.c create mode 100644 grub-core/lib/gnulib/argp-pvh.c create mode 100644 grub-core/lib/gnulib/argp-xinl.c create mode 100644 grub-core/lib/gnulib/argp.h create mode 100644 grub-core/lib/gnulib/asnprintf.c create mode 100644 grub-core/lib/gnulib/assure.h create mode 100644 grub-core/lib/gnulib/attribute.h create mode 100644 grub-core/lib/gnulib/base64.c create mode 100644 grub-core/lib/gnulib/base64.h create mode 100644 grub-core/lib/gnulib/basename-lgpl.c create mode 100644 grub-core/lib/gnulib/basename-lgpl.h create mode 100644 grub-core/lib/gnulib/btowc.c create mode 100644 grub-core/lib/gnulib/c++defs.h create mode 100644 grub-core/lib/gnulib/calloc.c create mode 100644 grub-core/lib/gnulib/cdefs.h create mode 100644 grub-core/lib/gnulib/chdir-long.c create mode 100644 grub-core/lib/gnulib/chdir-long.h create mode 100644 grub-core/lib/gnulib/cloexec.c create mode 100644 grub-core/lib/gnulib/cloexec.h create mode 100644 grub-core/lib/gnulib/close.c create mode 100644 grub-core/lib/gnulib/ctype.h create mode 100644 grub-core/lib/gnulib/ctype.in.h create mode 100644 grub-core/lib/gnulib/dirent.h create mode 100644 grub-core/lib/gnulib/dirent.in.h create mode 100644 grub-core/lib/gnulib/dirfd.c create mode 100644 grub-core/lib/gnulib/dup-safer-flag.c create mode 100644 grub-core/lib/gnulib/dup-safer.c create mode 100644 grub-core/lib/gnulib/dup2.c create mode 100644 grub-core/lib/gnulib/dynarray.h create mode 100644 grub-core/lib/gnulib/errno.in.h create mode 100644 grub-core/lib/gnulib/error.c create mode 100644 grub-core/lib/gnulib/error.h create mode 100644 grub-core/lib/gnulib/exitfail.c create mode 100644 grub-core/lib/gnulib/exitfail.h create mode 100644 grub-core/lib/gnulib/fchdir.c create mode 100644 grub-core/lib/gnulib/fcntl.c create mode 100644 grub-core/lib/gnulib/fcntl.h create mode 100644 grub-core/lib/gnulib/fcntl.in.h create mode 100644 grub-core/lib/gnulib/fd-hook.c create mode 100644 grub-core/lib/gnulib/fd-hook.h create mode 100644 grub-core/lib/gnulib/fd-safer-flag.c create mode 100644 grub-core/lib/gnulib/fd-safer.c create mode 100644 grub-core/lib/gnulib/filename.h create mode 100644 grub-core/lib/gnulib/filenamecat-lgpl.c create mode 100644 grub-core/lib/gnulib/filenamecat.h create mode 100644 grub-core/lib/gnulib/flexmember.h create mode 100644 grub-core/lib/gnulib/float+.h create mode 100644 grub-core/lib/gnulib/float.c create mode 100644 grub-core/lib/gnulib/float.in.h create mode 100644 grub-core/lib/gnulib/fnmatch.c create mode 100644 grub-core/lib/gnulib/fnmatch.in.h create mode 100644 grub-core/lib/gnulib/fnmatch_loop.c create mode 100644 grub-core/lib/gnulib/free.c create mode 100644 grub-core/lib/gnulib/fstat.c create mode 100644 grub-core/lib/gnulib/getcwd-lgpl.c create mode 100644 grub-core/lib/gnulib/getdelim.c create mode 100644 grub-core/lib/gnulib/getdtablesize.c create mode 100644 grub-core/lib/gnulib/getline.c create mode 100644 grub-core/lib/gnulib/getopt-cdefs.h create mode 100644 grub-core/lib/gnulib/getopt-cdefs.in.h create mode 100644 grub-core/lib/gnulib/getopt-core.h create mode 100644 grub-core/lib/gnulib/getopt-ext.h create mode 100644 grub-core/lib/gnulib/getopt-pfx-core.h create mode 100644 grub-core/lib/gnulib/getopt-pfx-ext.h create mode 100644 grub-core/lib/gnulib/getopt.c create mode 100644 grub-core/lib/gnulib/getopt.h create mode 100644 grub-core/lib/gnulib/getopt.in.h create mode 100644 grub-core/lib/gnulib/getopt1.c create mode 100644 grub-core/lib/gnulib/getopt_int.h create mode 100644 grub-core/lib/gnulib/getprogname.c create mode 100644 grub-core/lib/gnulib/getprogname.h create mode 100644 grub-core/lib/gnulib/gettext.h create mode 100644 grub-core/lib/gnulib/glthread/lock.c create mode 100644 grub-core/lib/gnulib/glthread/lock.h create mode 100644 grub-core/lib/gnulib/glthread/threadlib.c create mode 100644 grub-core/lib/gnulib/hard-locale.c create mode 100644 grub-core/lib/gnulib/hard-locale.h create mode 100644 grub-core/lib/gnulib/ialloc.c create mode 100644 grub-core/lib/gnulib/ialloc.h create mode 100644 grub-core/lib/gnulib/idx.h create mode 100644 grub-core/lib/gnulib/intprops.h create mode 100644 grub-core/lib/gnulib/inttypes.h create mode 100644 grub-core/lib/gnulib/inttypes.in.h create mode 100644 grub-core/lib/gnulib/isblank.c create mode 100644 grub-core/lib/gnulib/itold.c create mode 100644 grub-core/lib/gnulib/langinfo.h create mode 100644 grub-core/lib/gnulib/langinfo.in.h create mode 100644 grub-core/lib/gnulib/lc-charset-dispatch.c create mode 100644 grub-core/lib/gnulib/lc-charset-dispatch.h create mode 100644 grub-core/lib/gnulib/libc-config.h create mode 100644 grub-core/lib/gnulib/limits.h create mode 100644 grub-core/lib/gnulib/limits.in.h create mode 100644 grub-core/lib/gnulib/localcharset.c create mode 100644 grub-core/lib/gnulib/localcharset.h create mode 100644 grub-core/lib/gnulib/locale.h create mode 100644 grub-core/lib/gnulib/locale.in.h create mode 100644 grub-core/lib/gnulib/localeconv.c create mode 100644 grub-core/lib/gnulib/malloc.c create mode 100644 grub-core/lib/gnulib/malloc/dynarray-skeleton.c create mode 100644 grub-core/lib/gnulib/malloc/dynarray-skeleton.gl.h create mode 100644 grub-core/lib/gnulib/malloc/dynarray.gl.h create mode 100644 grub-core/lib/gnulib/malloc/dynarray.h create mode 100644 grub-core/lib/gnulib/malloc/dynarray_at_failure.c create mode 100644 grub-core/lib/gnulib/malloc/dynarray_emplace_enlarge.c create mode 100644 grub-core/lib/gnulib/malloc/dynarray_finalize.c create mode 100644 grub-core/lib/gnulib/malloc/dynarray_resize.c create mode 100644 grub-core/lib/gnulib/malloc/dynarray_resize_clear.c create mode 100644 grub-core/lib/gnulib/malloca.c create mode 100644 grub-core/lib/gnulib/malloca.h create mode 100644 grub-core/lib/gnulib/mbrtowc-impl-utf8.h create mode 100644 grub-core/lib/gnulib/mbrtowc-impl.h create mode 100644 grub-core/lib/gnulib/mbrtowc.c create mode 100644 grub-core/lib/gnulib/mbsinit.c create mode 100644 grub-core/lib/gnulib/mbsrtowcs-impl.h create mode 100644 grub-core/lib/gnulib/mbsrtowcs-state.c create mode 100644 grub-core/lib/gnulib/mbsrtowcs.c create mode 100644 grub-core/lib/gnulib/mbswidth.c create mode 100644 grub-core/lib/gnulib/mbswidth.h create mode 100644 grub-core/lib/gnulib/mbtowc-impl.h create mode 100644 grub-core/lib/gnulib/mbtowc-lock.c create mode 100644 grub-core/lib/gnulib/mbtowc-lock.h create mode 100644 grub-core/lib/gnulib/mbtowc.c create mode 100644 grub-core/lib/gnulib/memchr.c create mode 100644 grub-core/lib/gnulib/memchr.valgrind create mode 100644 grub-core/lib/gnulib/mempcpy.c create mode 100644 grub-core/lib/gnulib/memrchr.c create mode 100644 grub-core/lib/gnulib/msvc-inval.c create mode 100644 grub-core/lib/gnulib/msvc-inval.h create mode 100644 grub-core/lib/gnulib/msvc-nothrow.c create mode 100644 grub-core/lib/gnulib/msvc-nothrow.h create mode 100644 grub-core/lib/gnulib/nl_langinfo-lock.c create mode 100644 grub-core/lib/gnulib/nl_langinfo.c create mode 100644 grub-core/lib/gnulib/open.c create mode 100644 grub-core/lib/gnulib/openat-die.c create mode 100644 grub-core/lib/gnulib/openat-priv.h create mode 100644 grub-core/lib/gnulib/openat-proc.c create mode 100644 grub-core/lib/gnulib/openat.c create mode 100644 grub-core/lib/gnulib/openat.h create mode 100644 grub-core/lib/gnulib/pathmax.h create mode 100644 grub-core/lib/gnulib/pipe-safer.c create mode 100644 grub-core/lib/gnulib/pipe.c create mode 100644 grub-core/lib/gnulib/printf-args.c create mode 100644 grub-core/lib/gnulib/printf-args.h create mode 100644 grub-core/lib/gnulib/printf-parse.c create mode 100644 grub-core/lib/gnulib/printf-parse.h create mode 100644 grub-core/lib/gnulib/progname.c create mode 100644 grub-core/lib/gnulib/progname.h create mode 100644 grub-core/lib/gnulib/rawmemchr.c create mode 100644 grub-core/lib/gnulib/rawmemchr.valgrind create mode 100644 grub-core/lib/gnulib/realloc.c create mode 100644 grub-core/lib/gnulib/reallocarray.c create mode 100644 grub-core/lib/gnulib/regcomp.c create mode 100644 grub-core/lib/gnulib/regex.c create mode 100644 grub-core/lib/gnulib/regex.h create mode 100644 grub-core/lib/gnulib/regex_internal.c create mode 100644 grub-core/lib/gnulib/regex_internal.h create mode 100644 grub-core/lib/gnulib/regexec.c create mode 100644 grub-core/lib/gnulib/save-cwd.c create mode 100644 grub-core/lib/gnulib/save-cwd.h create mode 100644 grub-core/lib/gnulib/setlocale-lock.c create mode 100644 grub-core/lib/gnulib/setlocale_null.c create mode 100644 grub-core/lib/gnulib/setlocale_null.h create mode 100644 grub-core/lib/gnulib/size_max.h create mode 100644 grub-core/lib/gnulib/sleep.c create mode 100644 grub-core/lib/gnulib/stat-time.c create mode 100644 grub-core/lib/gnulib/stat-time.h create mode 100644 grub-core/lib/gnulib/stat-w32.c create mode 100644 grub-core/lib/gnulib/stat-w32.h create mode 100644 grub-core/lib/gnulib/stat.c create mode 100644 grub-core/lib/gnulib/stdalign.in.h create mode 100644 grub-core/lib/gnulib/stdbool.in.h create mode 100644 grub-core/lib/gnulib/stddef.in.h create mode 100644 grub-core/lib/gnulib/stdint.in.h create mode 100644 grub-core/lib/gnulib/stdio-read.c create mode 100644 grub-core/lib/gnulib/stdio-write.c create mode 100644 grub-core/lib/gnulib/stdio.h create mode 100644 grub-core/lib/gnulib/stdio.in.h create mode 100644 grub-core/lib/gnulib/stdlib.h create mode 100644 grub-core/lib/gnulib/stdlib.in.h create mode 100644 grub-core/lib/gnulib/strcasecmp.c create mode 100644 grub-core/lib/gnulib/strchrnul.c create mode 100644 grub-core/lib/gnulib/strchrnul.valgrind create mode 100644 grub-core/lib/gnulib/strdup.c create mode 100644 grub-core/lib/gnulib/streq.h create mode 100644 grub-core/lib/gnulib/strerror-override.c create mode 100644 grub-core/lib/gnulib/strerror-override.h create mode 100644 grub-core/lib/gnulib/strerror.c create mode 100644 grub-core/lib/gnulib/string.h create mode 100644 grub-core/lib/gnulib/string.in.h create mode 100644 grub-core/lib/gnulib/strings.h create mode 100644 grub-core/lib/gnulib/strings.in.h create mode 100644 grub-core/lib/gnulib/strncasecmp.c create mode 100644 grub-core/lib/gnulib/strndup.c create mode 100644 grub-core/lib/gnulib/strnlen.c create mode 100644 grub-core/lib/gnulib/strnlen1.c create mode 100644 grub-core/lib/gnulib/strnlen1.h create mode 100644 grub-core/lib/gnulib/sys/stat.h create mode 100644 grub-core/lib/gnulib/sys/types.h create mode 100644 grub-core/lib/gnulib/sys_stat.in.h create mode 100644 grub-core/lib/gnulib/sys_types.in.h create mode 100644 grub-core/lib/gnulib/sysexits.in.h create mode 100644 grub-core/lib/gnulib/time.h create mode 100644 grub-core/lib/gnulib/time.in.h create mode 100644 grub-core/lib/gnulib/unictype/bitmap.h create mode 100644 grub-core/lib/gnulib/unistd--.h create mode 100644 grub-core/lib/gnulib/unistd-safer.h create mode 100644 grub-core/lib/gnulib/unistd.c create mode 100644 grub-core/lib/gnulib/unistd.h create mode 100644 grub-core/lib/gnulib/unistd.in.h create mode 100644 grub-core/lib/gnulib/unitypes.h create mode 100644 grub-core/lib/gnulib/unitypes.in.h create mode 100644 grub-core/lib/gnulib/uniwidth.h create mode 100644 grub-core/lib/gnulib/uniwidth.in.h create mode 100644 grub-core/lib/gnulib/uniwidth/cjk.h create mode 100644 grub-core/lib/gnulib/uniwidth/width.c create mode 100644 grub-core/lib/gnulib/uniwidth/width0.h create mode 100644 grub-core/lib/gnulib/uniwidth/width2.h create mode 100644 grub-core/lib/gnulib/vasnprintf.c create mode 100644 grub-core/lib/gnulib/vasnprintf.h create mode 100644 grub-core/lib/gnulib/verify.h create mode 100644 grub-core/lib/gnulib/vsnprintf.c create mode 100644 grub-core/lib/gnulib/warn-on-use.h create mode 100644 grub-core/lib/gnulib/wchar.h create mode 100644 grub-core/lib/gnulib/wchar.in.h create mode 100644 grub-core/lib/gnulib/wcrtomb.c create mode 100644 grub-core/lib/gnulib/wctype-h.c create mode 100644 grub-core/lib/gnulib/wctype.h create mode 100644 grub-core/lib/gnulib/wctype.in.h create mode 100644 grub-core/lib/gnulib/wcwidth.c create mode 100644 grub-core/lib/gnulib/windows-initguard.h create mode 100644 grub-core/lib/gnulib/windows-mutex.c create mode 100644 grub-core/lib/gnulib/windows-mutex.h create mode 100644 grub-core/lib/gnulib/windows-once.c create mode 100644 grub-core/lib/gnulib/windows-once.h create mode 100644 grub-core/lib/gnulib/windows-recmutex.c create mode 100644 grub-core/lib/gnulib/windows-recmutex.h create mode 100644 grub-core/lib/gnulib/windows-rwlock.c create mode 100644 grub-core/lib/gnulib/windows-rwlock.h create mode 100644 grub-core/lib/gnulib/wmemchr-impl.h create mode 100644 grub-core/lib/gnulib/wmemchr.c create mode 100644 grub-core/lib/gnulib/wmempcpy.c create mode 100644 grub-core/lib/gnulib/xalloc-oversized.h create mode 100644 grub-core/lib/gnulib/xsize.c create mode 100644 grub-core/lib/gnulib/xsize.h create mode 100644 grub-core/lib/gpgrt-int.h create mode 100644 grub-core/lib/hexdump.c create mode 100644 grub-core/lib/i386/backtrace.c create mode 100644 grub-core/lib/i386/halt.c create mode 100644 grub-core/lib/i386/pc/biosnum.c create mode 100644 grub-core/lib/i386/pc/vesa_modes_table.c create mode 100644 grub-core/lib/i386/random.c create mode 100644 grub-core/lib/i386/reboot.c create mode 100644 grub-core/lib/i386/reboot_trampoline.S create mode 100644 grub-core/lib/i386/relocator.c create mode 100644 grub-core/lib/i386/relocator16.S create mode 100644 grub-core/lib/i386/relocator32.S create mode 100644 grub-core/lib/i386/relocator64.S create mode 100644 grub-core/lib/i386/relocator_asm.S create mode 100644 grub-core/lib/i386/relocator_common.S create mode 100644 grub-core/lib/i386/relocator_common_c.c create mode 100644 grub-core/lib/i386/setjmp.S create mode 100644 grub-core/lib/i386/xen/relocator.S create mode 100644 grub-core/lib/ia64/longjmp.S create mode 100644 grub-core/lib/ia64/setjmp.S create mode 100644 grub-core/lib/ieee1275/cmos.c create mode 100644 grub-core/lib/ieee1275/datetime.c create mode 100644 grub-core/lib/ieee1275/halt.c create mode 100644 grub-core/lib/ieee1275/reboot.c create mode 100644 grub-core/lib/ieee1275/relocator.c create mode 100644 grub-core/lib/ieee1275/tcg2.c create mode 100644 grub-core/lib/json/jsmn.h create mode 100644 grub-core/lib/json/json.c create mode 100644 grub-core/lib/json/json.h create mode 100644 grub-core/lib/legacy_parse.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/ChangeLog create mode 100644 grub-core/lib/libgcrypt-grub/cipher/arcfour.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/aria.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/asm-common-aarch64.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/asm-common-amd64.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/asm-common-i386.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/asm-common-s390x.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/asm-inline-s390x.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/asm-poly1305-aarch64.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/asm-poly1305-amd64.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/asm-poly1305-s390x.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/bithelp.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/blake2.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/blowfish.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/bufhelp.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/bulkhelp.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/camellia-aesni-avx2-amd64.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/camellia-glue.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/camellia-simd128.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/camellia.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/camellia.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/cast5.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/cipher-internal.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/cipher.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/crc.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/crypto.lst create mode 100644 grub-core/lib/libgcrypt-grub/cipher/des.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/dsa-common.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/dsa.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/ecc-common.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/g10lib.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/gost-sb.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/gost.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/gost28147.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/gostr3411-94.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/hash-common.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/hash-common.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/idea.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/init.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/kdf-internal.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/keccak.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/keccak_permute_32.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/keccak_permute_64.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/kem-ecc.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/kyber.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/mac-internal.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/mceliece6688128f.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/md.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/md4.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/md5.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/memory.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/poly1305-internal.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/pubkey-internal.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/pubkey-util.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/rfc2268.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/rijndael-internal.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/rijndael-ppc-common.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/rijndael-ppc-functions.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/rijndael-tables.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/rijndael.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/rmd160.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/rsa-common.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/rsa.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/salsa20.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/seed.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/serpent.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/sha1.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/sha1.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/sha256.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/sha512.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/sm3.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/sm4.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/sntrup761.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/stribog.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/tiger.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/twofish.c create mode 100644 grub-core/lib/libgcrypt-grub/cipher/types.h create mode 100644 grub-core/lib/libgcrypt-grub/cipher/whirlpool.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/asm-common-aarch64.h create mode 100644 grub-core/lib/libgcrypt-grub/mpi/asm-common-amd64.h create mode 100644 grub-core/lib/libgcrypt-grub/mpi/asm-common-i386.h create mode 100644 grub-core/lib/libgcrypt-grub/mpi/ec-inline.h create mode 100644 grub-core/lib/libgcrypt-grub/mpi/ec-internal.h create mode 100644 grub-core/lib/libgcrypt-grub/mpi/generic/distfiles create mode 100644 grub-core/lib/libgcrypt-grub/mpi/generic/mpi-asm-defs.h create mode 100644 grub-core/lib/libgcrypt-grub/mpi/generic/mpih-add1.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/generic/mpih-lshift.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/generic/mpih-mul1.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/generic/mpih-mul2.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/generic/mpih-mul3.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/generic/mpih-rshift.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/generic/mpih-sub1.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/generic/udiv-w-sdiv.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/longlong.h create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-add.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-asm-defs.h create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-bit.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-cmp.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-div.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-gcd.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-inline.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-inline.h create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-internal.h create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-inv.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-mod.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-mpow.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-mul.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-pow.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpi-scan.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpicoder.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpih-add1.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpih-const-time.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpih-div.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpih-lshift.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpih-mul.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpih-mul1.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpih-mul2.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpih-mul3.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpih-rshift.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpih-sub1.c create mode 100644 grub-core/lib/libgcrypt-grub/mpi/mpiutil.c create mode 100644 grub-core/lib/libgcrypt-grub/src/cipher-proto.h create mode 100644 grub-core/lib/libgcrypt-grub/src/cipher.h create mode 100644 grub-core/lib/libgcrypt-grub/src/const-time.c create mode 100644 grub-core/lib/libgcrypt-grub/src/const-time.h create mode 100644 grub-core/lib/libgcrypt-grub/src/context.h create mode 100644 grub-core/lib/libgcrypt-grub/src/ec-context.h create mode 100644 grub-core/lib/libgcrypt-grub/src/g10lib.h create mode 100644 grub-core/lib/libgcrypt-grub/src/gcrypt-int.h create mode 100644 grub-core/lib/libgcrypt-grub/src/gcrypt-testapi.h create mode 100644 grub-core/lib/libgcrypt-grub/src/hmac256.h create mode 100644 grub-core/lib/libgcrypt-grub/src/hwf-common.h create mode 100644 grub-core/lib/libgcrypt-grub/src/mpi.h create mode 100644 grub-core/lib/libgcrypt-grub/src/secmem.h create mode 100644 grub-core/lib/libgcrypt-grub/src/sexp.c create mode 100644 grub-core/lib/libgcrypt-grub/src/stdmem.h create mode 100644 grub-core/lib/libgcrypt-grub/src/types.h create mode 100644 grub-core/lib/libgcrypt-grub/src/visibility.h create mode 100644 grub-core/lib/libgcrypt/AUTHORS create mode 100644 grub-core/lib/libgcrypt/COPYING create mode 100644 grub-core/lib/libgcrypt/COPYING.LIB create mode 100644 grub-core/lib/libgcrypt/LICENSES create mode 100644 grub-core/lib/libgcrypt/README create mode 100644 grub-core/lib/libgcrypt/README.GIT create mode 100644 grub-core/lib/libgcrypt/THANKS create mode 100644 grub-core/lib/libgcrypt/VERSION create mode 100644 grub-core/lib/libgcrypt/cipher/ChangeLog-2011 create mode 100644 grub-core/lib/libgcrypt/cipher/Makefile.am create mode 100644 grub-core/lib/libgcrypt/cipher/arcfour-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/arcfour.c create mode 100644 grub-core/lib/libgcrypt/cipher/aria-aesni-avx-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/aria-aesni-avx2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/aria-gfni-avx512-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/aria.c create mode 100644 grub-core/lib/libgcrypt/cipher/asm-common-aarch64.h create mode 100644 grub-core/lib/libgcrypt/cipher/asm-common-amd64.h create mode 100644 grub-core/lib/libgcrypt/cipher/asm-common-i386.h create mode 100644 grub-core/lib/libgcrypt/cipher/asm-common-s390x.h create mode 100644 grub-core/lib/libgcrypt/cipher/asm-inline-s390x.h create mode 100644 grub-core/lib/libgcrypt/cipher/asm-poly1305-aarch64.h create mode 100644 grub-core/lib/libgcrypt/cipher/asm-poly1305-amd64.h create mode 100644 grub-core/lib/libgcrypt/cipher/asm-poly1305-s390x.h create mode 100644 grub-core/lib/libgcrypt/cipher/bithelp.h create mode 100644 grub-core/lib/libgcrypt/cipher/blake2.c create mode 100644 grub-core/lib/libgcrypt/cipher/blake2b-amd64-avx2.S create mode 100644 grub-core/lib/libgcrypt/cipher/blake2b-amd64-avx512.S create mode 100644 grub-core/lib/libgcrypt/cipher/blake2s-amd64-avx.S create mode 100644 grub-core/lib/libgcrypt/cipher/blake2s-amd64-avx512.S create mode 100644 grub-core/lib/libgcrypt/cipher/blowfish-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/blowfish-arm.S create mode 100644 grub-core/lib/libgcrypt/cipher/blowfish.c create mode 100644 grub-core/lib/libgcrypt/cipher/bufhelp.h create mode 100644 grub-core/lib/libgcrypt/cipher/bulkhelp.h create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-aarch64-ce.c create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-aarch64.S create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-aesni-avx-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-aesni-avx2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-aesni-avx2-amd64.h create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-arm.S create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-gfni-avx2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-gfni-avx512-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-glue.c create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-ppc8le.c create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-ppc9le.c create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-simd128.h create mode 100644 grub-core/lib/libgcrypt/cipher/camellia-vaes-avx2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/camellia.c create mode 100644 grub-core/lib/libgcrypt/cipher/camellia.h create mode 100644 grub-core/lib/libgcrypt/cipher/cast5-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/cast5-arm.S create mode 100644 grub-core/lib/libgcrypt/cipher/cast5.c create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-aarch64.S create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-amd64-avx2.S create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-amd64-avx512.S create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-amd64-ssse3.S create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-armv7-neon.S create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-p10le-8x.s create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-ppc.c create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20-s390x.S create mode 100644 grub-core/lib/libgcrypt/cipher/chacha20.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-aeswrap.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-cbc.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-ccm.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-cfb.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-cmac.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-ctr.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-eax.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-gcm-armv7-neon.S create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-gcm-armv8-aarch32-ce.S create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-gcm-armv8-aarch64-ce.S create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-gcm-intel-pclmul.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-gcm-ppc.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-gcm-siv.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-gcm.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-internal.h create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-ocb.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-ofb.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-poly1305.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-siv.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher-xts.c create mode 100644 grub-core/lib/libgcrypt/cipher/cipher.c create mode 100644 grub-core/lib/libgcrypt/cipher/crc-armv8-aarch64-ce.S create mode 100644 grub-core/lib/libgcrypt/cipher/crc-armv8-ce.c create mode 100644 grub-core/lib/libgcrypt/cipher/crc-intel-pclmul.c create mode 100644 grub-core/lib/libgcrypt/cipher/crc-ppc.c create mode 100644 grub-core/lib/libgcrypt/cipher/crc.c create mode 100644 grub-core/lib/libgcrypt/cipher/des-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/des.c create mode 100644 grub-core/lib/libgcrypt/cipher/dsa-common.c create mode 100644 grub-core/lib/libgcrypt/cipher/dsa.c create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-common.h create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-curves.c create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-ecdh.c create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-ecdsa.c create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-eddsa.c create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-gost.c create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-misc.c create mode 100644 grub-core/lib/libgcrypt/cipher/ecc-sm2.c create mode 100644 grub-core/lib/libgcrypt/cipher/ecc.c create mode 100644 grub-core/lib/libgcrypt/cipher/elgamal.c create mode 100644 grub-core/lib/libgcrypt/cipher/gost-s-box.c create mode 100644 grub-core/lib/libgcrypt/cipher/gost-sb.h create mode 100644 grub-core/lib/libgcrypt/cipher/gost.h create mode 100644 grub-core/lib/libgcrypt/cipher/gost28147.c create mode 100644 grub-core/lib/libgcrypt/cipher/gostr3411-94.c create mode 100644 grub-core/lib/libgcrypt/cipher/hash-common.c create mode 100644 grub-core/lib/libgcrypt/cipher/hash-common.h create mode 100644 grub-core/lib/libgcrypt/cipher/idea.c create mode 100644 grub-core/lib/libgcrypt/cipher/kdf-internal.h create mode 100644 grub-core/lib/libgcrypt/cipher/kdf.c create mode 100644 grub-core/lib/libgcrypt/cipher/keccak-amd64-avx512.S create mode 100644 grub-core/lib/libgcrypt/cipher/keccak-armv7-neon.S create mode 100644 grub-core/lib/libgcrypt/cipher/keccak.c create mode 100644 grub-core/lib/libgcrypt/cipher/keccak_permute_32.h create mode 100644 grub-core/lib/libgcrypt/cipher/keccak_permute_64.h create mode 100644 grub-core/lib/libgcrypt/cipher/kem-ecc.c create mode 100644 grub-core/lib/libgcrypt/cipher/kem-ecc.h create mode 100644 grub-core/lib/libgcrypt/cipher/kem.c create mode 100644 grub-core/lib/libgcrypt/cipher/kyber-common.c create mode 100644 grub-core/lib/libgcrypt/cipher/kyber-kdep.c create mode 100644 grub-core/lib/libgcrypt/cipher/kyber.c create mode 100644 grub-core/lib/libgcrypt/cipher/kyber.h create mode 100644 grub-core/lib/libgcrypt/cipher/mac-cmac.c create mode 100644 grub-core/lib/libgcrypt/cipher/mac-gmac.c create mode 100644 grub-core/lib/libgcrypt/cipher/mac-hmac.c create mode 100644 grub-core/lib/libgcrypt/cipher/mac-internal.h create mode 100644 grub-core/lib/libgcrypt/cipher/mac-poly1305.c create mode 100644 grub-core/lib/libgcrypt/cipher/mac.c create mode 100644 grub-core/lib/libgcrypt/cipher/mceliece6688128f.c create mode 100644 grub-core/lib/libgcrypt/cipher/mceliece6688128f.h create mode 100644 grub-core/lib/libgcrypt/cipher/md.c create mode 100644 grub-core/lib/libgcrypt/cipher/md4.c create mode 100644 grub-core/lib/libgcrypt/cipher/md5.c create mode 100644 grub-core/lib/libgcrypt/cipher/poly1305-amd64-avx512.S create mode 100644 grub-core/lib/libgcrypt/cipher/poly1305-internal.h create mode 100644 grub-core/lib/libgcrypt/cipher/poly1305-p10le.s create mode 100644 grub-core/lib/libgcrypt/cipher/poly1305-s390x.S create mode 100644 grub-core/lib/libgcrypt/cipher/poly1305.c create mode 100644 grub-core/lib/libgcrypt/cipher/primegen.c create mode 100644 grub-core/lib/libgcrypt/cipher/pubkey-internal.h create mode 100644 grub-core/lib/libgcrypt/cipher/pubkey-util.c create mode 100644 grub-core/lib/libgcrypt/cipher/pubkey.c create mode 100644 grub-core/lib/libgcrypt/cipher/rfc2268.c create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-aarch64.S create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-aesni.c create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-arm.S create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-armv8-aarch32-ce.S create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-armv8-aarch64-ce.S create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-armv8-ce.c create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-gcm-p10le.s create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-internal.h create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-p10le.c create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-padlock.c create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-ppc-common.h create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-ppc-functions.h create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-ppc.c create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-ppc9le.c create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-s390x.c create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-ssse3-amd64-asm.S create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-ssse3-amd64.c create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-tables.h create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-vaes-avx2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-vaes-avx2-i386.S create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-vaes-i386.c create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael-vaes.c create mode 100644 grub-core/lib/libgcrypt/cipher/rijndael.c create mode 100644 grub-core/lib/libgcrypt/cipher/rmd160.c create mode 100644 grub-core/lib/libgcrypt/cipher/rsa-common.c create mode 100644 grub-core/lib/libgcrypt/cipher/rsa.c create mode 100644 grub-core/lib/libgcrypt/cipher/salsa20-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/salsa20-armv7-neon.S create mode 100644 grub-core/lib/libgcrypt/cipher/salsa20.c create mode 100644 grub-core/lib/libgcrypt/cipher/scrypt.c create mode 100644 grub-core/lib/libgcrypt/cipher/seed.c create mode 100644 grub-core/lib/libgcrypt/cipher/serpent-armv7-neon.S create mode 100644 grub-core/lib/libgcrypt/cipher/serpent-avx2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/serpent-avx512-x86.c create mode 100644 grub-core/lib/libgcrypt/cipher/serpent-sse2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/serpent.c create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-armv7-neon.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-armv8-aarch32-ce.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-armv8-aarch64-ce.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-avx-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-avx-bmi2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-avx2-bmi2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-intel-shaext.c create mode 100644 grub-core/lib/libgcrypt/cipher/sha1-ssse3-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha1.c create mode 100644 grub-core/lib/libgcrypt/cipher/sha1.h create mode 100644 grub-core/lib/libgcrypt/cipher/sha256-armv8-aarch32-ce.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha256-armv8-aarch64-ce.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha256-avx-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha256-avx2-bmi2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha256-intel-shaext.c create mode 100644 grub-core/lib/libgcrypt/cipher/sha256-ppc.c create mode 100644 grub-core/lib/libgcrypt/cipher/sha256-ssse3-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha256.c create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-arm.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-armv7-neon.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-armv8-aarch64-ce.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-avx-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-avx2-bmi2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-avx512-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-ppc.c create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-ssse3-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sha512-ssse3-i386.c create mode 100644 grub-core/lib/libgcrypt/cipher/sha512.c create mode 100644 grub-core/lib/libgcrypt/cipher/sm3-aarch64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sm3-armv8-aarch64-ce.S create mode 100644 grub-core/lib/libgcrypt/cipher/sm3-avx-bmi2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sm3.c create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-aarch64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-aesni-avx-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-aesni-avx2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-armv8-aarch64-ce.S create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-armv9-aarch64-sve-ce.S create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-gfni-avx2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-gfni-avx512-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/sm4-ppc.c create mode 100644 grub-core/lib/libgcrypt/cipher/sm4.c create mode 100644 grub-core/lib/libgcrypt/cipher/sntrup761.c create mode 100644 grub-core/lib/libgcrypt/cipher/sntrup761.h create mode 100644 grub-core/lib/libgcrypt/cipher/stribog.c create mode 100644 grub-core/lib/libgcrypt/cipher/tiger.c create mode 100644 grub-core/lib/libgcrypt/cipher/twofish-aarch64.S create mode 100644 grub-core/lib/libgcrypt/cipher/twofish-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/twofish-arm.S create mode 100644 grub-core/lib/libgcrypt/cipher/twofish-avx2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/twofish.c create mode 100644 grub-core/lib/libgcrypt/cipher/whirlpool-sse2-amd64.S create mode 100644 grub-core/lib/libgcrypt/cipher/whirlpool.c create mode 100644 grub-core/lib/libgcrypt/compat/Makefile.am create mode 100644 grub-core/lib/libgcrypt/compat/clock.c create mode 100644 grub-core/lib/libgcrypt/compat/compat.c create mode 100644 grub-core/lib/libgcrypt/compat/getpid.c create mode 100644 grub-core/lib/libgcrypt/compat/libcompat.h create mode 100644 grub-core/lib/libgcrypt/config.h.in create mode 100755 grub-core/lib/libgcrypt/configure create mode 100644 grub-core/lib/libgcrypt/configure.ac create mode 100755 grub-core/lib/libgcrypt/mkinstalldirs create mode 100644 grub-core/lib/libgcrypt/mpi/ChangeLog-2011 create mode 100644 grub-core/lib/libgcrypt/mpi/Makefile.am create mode 100644 grub-core/lib/libgcrypt/mpi/aarch64/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/aarch64/mpi-asm-defs.h create mode 100644 grub-core/lib/libgcrypt/mpi/aarch64/mpih-add1.S create mode 100644 grub-core/lib/libgcrypt/mpi/aarch64/mpih-mul1.S create mode 100644 grub-core/lib/libgcrypt/mpi/aarch64/mpih-mul2.S create mode 100644 grub-core/lib/libgcrypt/mpi/aarch64/mpih-mul3.S create mode 100644 grub-core/lib/libgcrypt/mpi/aarch64/mpih-sub1.S create mode 100644 grub-core/lib/libgcrypt/mpi/alpha/README create mode 100644 grub-core/lib/libgcrypt/mpi/alpha/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/alpha/mpih-add1.S create mode 100644 grub-core/lib/libgcrypt/mpi/alpha/mpih-lshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/alpha/mpih-mul1.S create mode 100644 grub-core/lib/libgcrypt/mpi/alpha/mpih-mul2.S create mode 100644 grub-core/lib/libgcrypt/mpi/alpha/mpih-mul3.S create mode 100644 grub-core/lib/libgcrypt/mpi/alpha/mpih-rshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/alpha/mpih-sub1.S create mode 100644 grub-core/lib/libgcrypt/mpi/alpha/udiv-qrnnd.S create mode 100644 grub-core/lib/libgcrypt/mpi/amd64/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/amd64/func_abi.h create mode 100644 grub-core/lib/libgcrypt/mpi/amd64/mpi-asm-defs.h create mode 100644 grub-core/lib/libgcrypt/mpi/amd64/mpih-add1.S create mode 100644 grub-core/lib/libgcrypt/mpi/amd64/mpih-lshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/amd64/mpih-mul1.S create mode 100644 grub-core/lib/libgcrypt/mpi/amd64/mpih-mul2.S create mode 100644 grub-core/lib/libgcrypt/mpi/amd64/mpih-mul3.S create mode 100644 grub-core/lib/libgcrypt/mpi/amd64/mpih-rshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/amd64/mpih-sub1.S create mode 100644 grub-core/lib/libgcrypt/mpi/arm/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/arm/mpi-asm-defs.h create mode 100644 grub-core/lib/libgcrypt/mpi/arm/mpih-add1.S create mode 100644 grub-core/lib/libgcrypt/mpi/arm/mpih-mul1.S create mode 100644 grub-core/lib/libgcrypt/mpi/arm/mpih-mul2.S create mode 100644 grub-core/lib/libgcrypt/mpi/arm/mpih-mul3.S create mode 100644 grub-core/lib/libgcrypt/mpi/arm/mpih-sub1.S create mode 100644 grub-core/lib/libgcrypt/mpi/asm-common-aarch64.h create mode 100644 grub-core/lib/libgcrypt/mpi/asm-common-amd64.h create mode 100644 grub-core/lib/libgcrypt/mpi/asm-common-i386.h create mode 100644 grub-core/lib/libgcrypt/mpi/config.links create mode 100644 grub-core/lib/libgcrypt/mpi/ec-ed25519.c create mode 100644 grub-core/lib/libgcrypt/mpi/ec-hw-s390x.c create mode 100644 grub-core/lib/libgcrypt/mpi/ec-inline.h create mode 100644 grub-core/lib/libgcrypt/mpi/ec-internal.h create mode 100644 grub-core/lib/libgcrypt/mpi/ec-nist.c create mode 100644 grub-core/lib/libgcrypt/mpi/ec.c create mode 100644 grub-core/lib/libgcrypt/mpi/generic/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/generic/mpi-asm-defs.h create mode 100644 grub-core/lib/libgcrypt/mpi/generic/mpih-add1.c create mode 100644 grub-core/lib/libgcrypt/mpi/generic/mpih-lshift.c create mode 100644 grub-core/lib/libgcrypt/mpi/generic/mpih-mul1.c create mode 100644 grub-core/lib/libgcrypt/mpi/generic/mpih-mul2.c create mode 100644 grub-core/lib/libgcrypt/mpi/generic/mpih-mul3.c create mode 100644 grub-core/lib/libgcrypt/mpi/generic/mpih-rshift.c create mode 100644 grub-core/lib/libgcrypt/mpi/generic/mpih-sub1.c create mode 100644 grub-core/lib/libgcrypt/mpi/generic/udiv-w-sdiv.c create mode 100644 grub-core/lib/libgcrypt/mpi/hppa/README create mode 100644 grub-core/lib/libgcrypt/mpi/hppa/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/hppa/mpih-add1.S create mode 100644 grub-core/lib/libgcrypt/mpi/hppa/mpih-lshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/hppa/mpih-rshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/hppa/mpih-sub1.S create mode 100644 grub-core/lib/libgcrypt/mpi/hppa/udiv-qrnnd.S create mode 100644 grub-core/lib/libgcrypt/mpi/i386/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/i386/mpih-add1.S create mode 100644 grub-core/lib/libgcrypt/mpi/i386/mpih-lshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/i386/mpih-mul1.S create mode 100644 grub-core/lib/libgcrypt/mpi/i386/mpih-mul2.S create mode 100644 grub-core/lib/libgcrypt/mpi/i386/mpih-mul3.S create mode 100644 grub-core/lib/libgcrypt/mpi/i386/mpih-rshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/i386/mpih-sub1.S create mode 100644 grub-core/lib/libgcrypt/mpi/i386/syntax.h create mode 100644 grub-core/lib/libgcrypt/mpi/longlong.h create mode 100644 grub-core/lib/libgcrypt/mpi/m68k/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/m68k/mc68020/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/m68k/mc68020/mpih-mul1.S create mode 100644 grub-core/lib/libgcrypt/mpi/m68k/mc68020/mpih-mul2.S create mode 100644 grub-core/lib/libgcrypt/mpi/m68k/mc68020/mpih-mul3.S create mode 100644 grub-core/lib/libgcrypt/mpi/m68k/mpih-add1.S create mode 100644 grub-core/lib/libgcrypt/mpi/m68k/mpih-lshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/m68k/mpih-rshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/m68k/mpih-sub1.S create mode 100644 grub-core/lib/libgcrypt/mpi/m68k/syntax.h create mode 100644 grub-core/lib/libgcrypt/mpi/mips3/README create mode 100644 grub-core/lib/libgcrypt/mpi/mips3/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/mips3/mpi-asm-defs.h create mode 100644 grub-core/lib/libgcrypt/mpi/mips3/mpih-add1.S create mode 100644 grub-core/lib/libgcrypt/mpi/mips3/mpih-lshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/mips3/mpih-mul1.S create mode 100644 grub-core/lib/libgcrypt/mpi/mips3/mpih-mul2.S create mode 100644 grub-core/lib/libgcrypt/mpi/mips3/mpih-mul3.S create mode 100644 grub-core/lib/libgcrypt/mpi/mips3/mpih-rshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/mips3/mpih-sub1.S create mode 100644 grub-core/lib/libgcrypt/mpi/mpi-add.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpi-bit.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpi-cmp.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpi-div.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpi-gcd.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpi-inline.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpi-inline.h create mode 100644 grub-core/lib/libgcrypt/mpi/mpi-internal.h create mode 100644 grub-core/lib/libgcrypt/mpi/mpi-inv.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpi-mod.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpi-mpow.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpi-mul.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpi-pow.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpi-scan.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpicoder.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpih-const-time.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpih-div.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpih-mul.c create mode 100644 grub-core/lib/libgcrypt/mpi/mpiutil.c create mode 100644 grub-core/lib/libgcrypt/mpi/pa7100/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/pa7100/mpih-lshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/pa7100/mpih-rshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/power/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/power/mpih-add1.S create mode 100644 grub-core/lib/libgcrypt/mpi/power/mpih-lshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/power/mpih-mul1.S create mode 100644 grub-core/lib/libgcrypt/mpi/power/mpih-mul2.S create mode 100644 grub-core/lib/libgcrypt/mpi/power/mpih-mul3.S create mode 100644 grub-core/lib/libgcrypt/mpi/power/mpih-rshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/power/mpih-sub1.S create mode 100644 grub-core/lib/libgcrypt/mpi/powerpc32/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/powerpc32/mpih-add1.S create mode 100644 grub-core/lib/libgcrypt/mpi/powerpc32/mpih-lshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/powerpc32/mpih-mul1.S create mode 100644 grub-core/lib/libgcrypt/mpi/powerpc32/mpih-mul2.S create mode 100644 grub-core/lib/libgcrypt/mpi/powerpc32/mpih-mul3.S create mode 100644 grub-core/lib/libgcrypt/mpi/powerpc32/mpih-rshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/powerpc32/mpih-sub1.S create mode 100644 grub-core/lib/libgcrypt/mpi/powerpc32/syntax.h create mode 100644 grub-core/lib/libgcrypt/mpi/powerpc64/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/sparc32/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/sparc32/mpih-add1.S create mode 100644 grub-core/lib/libgcrypt/mpi/sparc32/mpih-lshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/sparc32/mpih-rshift.S create mode 100644 grub-core/lib/libgcrypt/mpi/sparc32/udiv.S create mode 100644 grub-core/lib/libgcrypt/mpi/sparc32v8/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/sparc32v8/mpih-mul1.S create mode 100644 grub-core/lib/libgcrypt/mpi/sparc32v8/mpih-mul2.S create mode 100644 grub-core/lib/libgcrypt/mpi/sparc32v8/mpih-mul3.S create mode 100644 grub-core/lib/libgcrypt/mpi/supersparc/distfiles create mode 100644 grub-core/lib/libgcrypt/mpi/supersparc/udiv.S create mode 100644 grub-core/lib/libgcrypt/src/ChangeLog-2011 create mode 100644 grub-core/lib/libgcrypt/src/Makefile.am create mode 100644 grub-core/lib/libgcrypt/src/cipher-proto.h create mode 100644 grub-core/lib/libgcrypt/src/cipher.h create mode 100644 grub-core/lib/libgcrypt/src/const-time.c create mode 100644 grub-core/lib/libgcrypt/src/const-time.h create mode 100644 grub-core/lib/libgcrypt/src/context.c create mode 100644 grub-core/lib/libgcrypt/src/context.h create mode 100644 grub-core/lib/libgcrypt/src/dumpsexp.c create mode 100644 grub-core/lib/libgcrypt/src/ec-context.h create mode 100644 grub-core/lib/libgcrypt/src/fips.c create mode 100644 grub-core/lib/libgcrypt/src/g10lib.h create mode 100644 grub-core/lib/libgcrypt/src/gcrypt-int.h create mode 100644 grub-core/lib/libgcrypt/src/gcrypt-testapi.h create mode 100644 grub-core/lib/libgcrypt/src/gcrypt.h.in create mode 100755 grub-core/lib/libgcrypt/src/gen-note-integrity.sh create mode 100644 grub-core/lib/libgcrypt/src/global.c create mode 100644 grub-core/lib/libgcrypt/src/hmac256.c create mode 100644 grub-core/lib/libgcrypt/src/hmac256.h create mode 100644 grub-core/lib/libgcrypt/src/hwf-arm.c create mode 100644 grub-core/lib/libgcrypt/src/hwf-common.h create mode 100644 grub-core/lib/libgcrypt/src/hwf-ppc.c create mode 100644 grub-core/lib/libgcrypt/src/hwf-s390x.c create mode 100644 grub-core/lib/libgcrypt/src/hwf-x86.c create mode 100644 grub-core/lib/libgcrypt/src/hwfeatures.c create mode 100644 grub-core/lib/libgcrypt/src/libgcrypt-config.in create mode 100644 grub-core/lib/libgcrypt/src/libgcrypt.def create mode 100644 grub-core/lib/libgcrypt/src/libgcrypt.m4 create mode 100644 grub-core/lib/libgcrypt/src/libgcrypt.pc.in create mode 100644 grub-core/lib/libgcrypt/src/libgcrypt.vers create mode 100644 grub-core/lib/libgcrypt/src/misc.c create mode 100644 grub-core/lib/libgcrypt/src/missing-string.c create mode 100644 grub-core/lib/libgcrypt/src/mpi.h create mode 100644 grub-core/lib/libgcrypt/src/mpicalc.c create mode 100644 grub-core/lib/libgcrypt/src/secmem.c create mode 100644 grub-core/lib/libgcrypt/src/secmem.h create mode 100644 grub-core/lib/libgcrypt/src/sexp.c create mode 100644 grub-core/lib/libgcrypt/src/stdmem.c create mode 100644 grub-core/lib/libgcrypt/src/stdmem.h create mode 100644 grub-core/lib/libgcrypt/src/types.h create mode 100644 grub-core/lib/libgcrypt/src/versioninfo.rc.in create mode 100644 grub-core/lib/libgcrypt/src/visibility.c create mode 100644 grub-core/lib/libgcrypt/src/visibility.h create mode 100644 grub-core/lib/libgcrypt_wrap/cipher_wrap.h create mode 100644 grub-core/lib/libgcrypt_wrap/mem.c create mode 100644 grub-core/lib/libtasn1-grub/lib/coding.c create mode 100644 grub-core/lib/libtasn1-grub/lib/decoding.c create mode 100644 grub-core/lib/libtasn1-grub/lib/element.c create mode 100644 grub-core/lib/libtasn1-grub/lib/element.h create mode 100644 grub-core/lib/libtasn1-grub/lib/errors.c create mode 100644 grub-core/lib/libtasn1-grub/lib/gstr.c create mode 100644 grub-core/lib/libtasn1-grub/lib/gstr.h create mode 100644 grub-core/lib/libtasn1-grub/lib/int.h create mode 100644 grub-core/lib/libtasn1-grub/lib/parser_aux.c create mode 100644 grub-core/lib/libtasn1-grub/lib/parser_aux.h create mode 100644 grub-core/lib/libtasn1-grub/lib/structure.c create mode 100644 grub-core/lib/libtasn1-grub/lib/structure.h create mode 100644 grub-core/lib/libtasn1-grub/libtasn1.h create mode 100644 grub-core/lib/libtasn1/lib/element.h create mode 100644 grub-core/lib/libtasn1/lib/gstr.h create mode 100644 grub-core/lib/libtasn1/lib/int.h create mode 100644 grub-core/lib/libtasn1/lib/parser_aux.h create mode 100644 grub-core/lib/libtasn1/lib/structure.h create mode 100644 grub-core/lib/libtasn1/libtasn1.h create mode 100644 grub-core/lib/libtasn1/tests/CVE-2018-1000654-1_asn1_tab.h create mode 100644 grub-core/lib/libtasn1/tests/CVE-2018-1000654-2_asn1_tab.h create mode 100644 grub-core/lib/libtasn1_wrap/wrap.c create mode 100644 grub-core/lib/loongarch64/setjmp.S create mode 100644 grub-core/lib/minilzo/lzoconf.h create mode 100644 grub-core/lib/minilzo/lzodefs.h create mode 100644 grub-core/lib/minilzo/minilzo.c create mode 100644 grub-core/lib/minilzo/minilzo.h create mode 100644 grub-core/lib/mips/arc/reboot.c create mode 100644 grub-core/lib/mips/loongson/reboot.c create mode 100644 grub-core/lib/mips/qemu_mips/reboot.c create mode 100644 grub-core/lib/mips/relocator.c create mode 100644 grub-core/lib/mips/relocator_asm.S create mode 100644 grub-core/lib/mips/setjmp.S create mode 100644 grub-core/lib/pbkdf2.c create mode 100644 grub-core/lib/posix_wrap/assert.h create mode 100644 grub-core/lib/posix_wrap/c-ctype.h create mode 100644 grub-core/lib/posix_wrap/ctype.h create mode 100644 grub-core/lib/posix_wrap/errno.h create mode 100644 grub-core/lib/posix_wrap/inttypes.h create mode 100644 grub-core/lib/posix_wrap/langinfo.h create mode 100644 grub-core/lib/posix_wrap/limits.h create mode 100644 grub-core/lib/posix_wrap/localcharset.h create mode 100644 grub-core/lib/posix_wrap/locale.h create mode 100644 grub-core/lib/posix_wrap/stdint.h create mode 100644 grub-core/lib/posix_wrap/stdio.h create mode 100644 grub-core/lib/posix_wrap/stdlib.h create mode 100644 grub-core/lib/posix_wrap/string.h create mode 100644 grub-core/lib/posix_wrap/sys/types.h create mode 100644 grub-core/lib/posix_wrap/unistd.h create mode 100644 grub-core/lib/posix_wrap/wchar.h create mode 100644 grub-core/lib/posix_wrap/wctype.h create mode 100644 grub-core/lib/powerpc/relocator.c create mode 100644 grub-core/lib/powerpc/relocator_asm.S create mode 100644 grub-core/lib/powerpc/setjmp.S create mode 100644 grub-core/lib/priority_queue.c create mode 100644 grub-core/lib/progress.c create mode 100644 grub-core/lib/random.c create mode 100644 grub-core/lib/reed_solomon.c create mode 100644 grub-core/lib/relocator.c create mode 100644 grub-core/lib/riscv/setjmp.S create mode 100644 grub-core/lib/setjmp.S create mode 100644 grub-core/lib/sparc64/setjmp.S create mode 100644 grub-core/lib/syslinux_parse.c create mode 100644 grub-core/lib/tss2/buffer.c create mode 100644 grub-core/lib/tss2/tcg2.h create mode 100644 grub-core/lib/tss2/tcg2_emu.c create mode 100644 grub-core/lib/tss2/tpm2_cmd.c create mode 100644 grub-core/lib/tss2/tpm2_cmd.h create mode 100644 grub-core/lib/tss2/tss2.c create mode 100644 grub-core/lib/tss2/tss2_buffer.h create mode 100644 grub-core/lib/tss2/tss2_mu.c create mode 100644 grub-core/lib/tss2/tss2_mu.h create mode 100644 grub-core/lib/tss2/tss2_structs.h create mode 100644 grub-core/lib/tss2/tss2_types.h create mode 100644 grub-core/lib/uboot/reboot.c create mode 100644 grub-core/lib/x86_64/efi/relocator.c create mode 100644 grub-core/lib/x86_64/relocator_asm.S create mode 100644 grub-core/lib/x86_64/setjmp.S create mode 100644 grub-core/lib/x86_64/xen/relocator.S create mode 100644 grub-core/lib/xen/datetime.c create mode 100644 grub-core/lib/xen/halt.c create mode 100644 grub-core/lib/xen/reboot.c create mode 100644 grub-core/lib/xen/relocator.c create mode 100644 grub-core/lib/xzembed/xz.h create mode 100644 grub-core/lib/xzembed/xz_config.h create mode 100644 grub-core/lib/xzembed/xz_dec_bcj.c create mode 100644 grub-core/lib/xzembed/xz_dec_lzma2.c create mode 100644 grub-core/lib/xzembed/xz_dec_stream.c create mode 100644 grub-core/lib/xzembed/xz_lzma2.h create mode 100644 grub-core/lib/xzembed/xz_private.h create mode 100644 grub-core/lib/xzembed/xz_stream.h create mode 100644 grub-core/lib/zstd/bitstream.h create mode 100644 grub-core/lib/zstd/compiler.h create mode 100644 grub-core/lib/zstd/cpu.h create mode 100644 grub-core/lib/zstd/debug.c create mode 100644 grub-core/lib/zstd/debug.h create mode 100644 grub-core/lib/zstd/entropy_common.c create mode 100644 grub-core/lib/zstd/error_private.c create mode 100644 grub-core/lib/zstd/error_private.h create mode 100644 grub-core/lib/zstd/fse.h create mode 100644 grub-core/lib/zstd/fse_decompress.c create mode 100644 grub-core/lib/zstd/huf.h create mode 100644 grub-core/lib/zstd/huf_decompress.c create mode 100644 grub-core/lib/zstd/mem.h create mode 100644 grub-core/lib/zstd/module.c create mode 100644 grub-core/lib/zstd/xxhash.c create mode 100644 grub-core/lib/zstd/xxhash.h create mode 100644 grub-core/lib/zstd/zstd.h create mode 100644 grub-core/lib/zstd/zstd_common.c create mode 100644 grub-core/lib/zstd/zstd_decompress.c create mode 100644 grub-core/lib/zstd/zstd_errors.h create mode 100644 grub-core/lib/zstd/zstd_internal.h create mode 100644 grub-core/loader/aout.c create mode 100644 grub-core/loader/arm/linux.c create mode 100644 grub-core/loader/arm64/xen_boot.c create mode 100644 grub-core/loader/efi/appleloader.c create mode 100644 grub-core/loader/efi/chainloader.c create mode 100644 grub-core/loader/efi/fdt.c create mode 100644 grub-core/loader/efi/linux.c create mode 100644 grub-core/loader/emu/linux.c create mode 100644 grub-core/loader/i386/bsd.c create mode 100644 grub-core/loader/i386/bsd32.c create mode 100644 grub-core/loader/i386/bsd64.c create mode 100644 grub-core/loader/i386/bsdXX.c create mode 100644 grub-core/loader/i386/bsd_pagetable.c create mode 100644 grub-core/loader/i386/coreboot/chainloader.c create mode 100644 grub-core/loader/i386/linux.c create mode 100644 grub-core/loader/i386/multiboot_mbi.c create mode 100644 grub-core/loader/i386/pc/chainloader.c create mode 100644 grub-core/loader/i386/pc/freedos.c create mode 100644 grub-core/loader/i386/pc/linux.c create mode 100644 grub-core/loader/i386/pc/ntldr.c create mode 100644 grub-core/loader/i386/pc/plan9.c create mode 100644 grub-core/loader/i386/pc/pxechainloader.c create mode 100644 grub-core/loader/i386/pc/truecrypt.c create mode 100644 grub-core/loader/i386/xen.c create mode 100644 grub-core/loader/i386/xen_file.c create mode 100644 grub-core/loader/i386/xen_file32.c create mode 100644 grub-core/loader/i386/xen_file64.c create mode 100644 grub-core/loader/i386/xen_fileXX.c create mode 100644 grub-core/loader/i386/xnu.c create mode 100644 grub-core/loader/ia64/efi/linux.c create mode 100644 grub-core/loader/linux.c create mode 100644 grub-core/loader/lzss.c create mode 100644 grub-core/loader/macho.c create mode 100644 grub-core/loader/macho32.c create mode 100644 grub-core/loader/macho64.c create mode 100644 grub-core/loader/machoXX.c create mode 100644 grub-core/loader/mips/linux.c create mode 100644 grub-core/loader/multiboot.c create mode 100644 grub-core/loader/multiboot_elfxx.c create mode 100644 grub-core/loader/multiboot_mbi2.c create mode 100644 grub-core/loader/powerpc/ieee1275/linux.c create mode 100644 grub-core/loader/sparc64/ieee1275/linux.c create mode 100644 grub-core/loader/xnu.c create mode 100644 grub-core/loader/xnu_resume.c create mode 100644 grub-core/mmap/efi/mmap.c create mode 100644 grub-core/mmap/i386/mmap.c create mode 100644 grub-core/mmap/i386/pc/mmap.c create mode 100644 grub-core/mmap/i386/pc/mmap_helper.S create mode 100644 grub-core/mmap/i386/uppermem.c create mode 100644 grub-core/mmap/mips/uppermem.c create mode 100644 grub-core/mmap/mmap.c create mode 100644 grub-core/modinfo.sh.in create mode 100644 grub-core/net/arp.c create mode 100644 grub-core/net/bootp.c create mode 100644 grub-core/net/dns.c create mode 100644 grub-core/net/drivers/efi/efinet.c create mode 100644 grub-core/net/drivers/emu/emunet.c create mode 100644 grub-core/net/drivers/i386/pc/pxe.c create mode 100644 grub-core/net/drivers/ieee1275/ofnet.c create mode 100644 grub-core/net/drivers/uboot/ubootnet.c create mode 100644 grub-core/net/ethernet.c create mode 100644 grub-core/net/http.c create mode 100644 grub-core/net/icmp.c create mode 100644 grub-core/net/icmp6.c create mode 100644 grub-core/net/ip.c create mode 100644 grub-core/net/net.c create mode 100644 grub-core/net/netbuff.c create mode 100644 grub-core/net/tcp.c create mode 100644 grub-core/net/tftp.c create mode 100644 grub-core/net/udp.c create mode 100644 grub-core/normal/auth.c create mode 100644 grub-core/normal/autofs.c create mode 100644 grub-core/normal/charset.c create mode 100644 grub-core/normal/cmdline.c create mode 100644 grub-core/normal/color.c create mode 100644 grub-core/normal/completion.c create mode 100644 grub-core/normal/context.c create mode 100644 grub-core/normal/crypto.c create mode 100644 grub-core/normal/dyncmd.c create mode 100644 grub-core/normal/main.c create mode 100644 grub-core/normal/menu.c create mode 100644 grub-core/normal/menu_entry.c create mode 100644 grub-core/normal/menu_text.c create mode 100644 grub-core/normal/misc.c create mode 100644 grub-core/normal/term.c create mode 100644 grub-core/osdep/apple/getroot.c create mode 100644 grub-core/osdep/apple/hostdisk.c create mode 100644 grub-core/osdep/aros/config.c create mode 100644 grub-core/osdep/aros/getroot.c create mode 100644 grub-core/osdep/aros/hostdisk.c create mode 100644 grub-core/osdep/aros/relpath.c create mode 100644 grub-core/osdep/basic/compress.c create mode 100644 grub-core/osdep/basic/emunet.c create mode 100644 grub-core/osdep/basic/getroot.c create mode 100644 grub-core/osdep/basic/hostdisk.c create mode 100644 grub-core/osdep/basic/init.c create mode 100644 grub-core/osdep/basic/no_platform.c create mode 100644 grub-core/osdep/basic/ofpath.c create mode 100644 grub-core/osdep/basic/platform.c create mode 100644 grub-core/osdep/basic/random.c create mode 100644 grub-core/osdep/blocklist.c create mode 100644 grub-core/osdep/bsd/getroot.c create mode 100644 grub-core/osdep/bsd/hostdisk.c create mode 100644 grub-core/osdep/compress.c create mode 100644 grub-core/osdep/config.c create mode 100644 grub-core/osdep/cputime.c create mode 100644 grub-core/osdep/devmapper/getroot.c create mode 100644 grub-core/osdep/devmapper/hostdisk.c create mode 100644 grub-core/osdep/dl.c create mode 100644 grub-core/osdep/emuconsole.c create mode 100644 grub-core/osdep/emunet.c create mode 100644 grub-core/osdep/exec.c create mode 100644 grub-core/osdep/freebsd/getroot.c create mode 100644 grub-core/osdep/freebsd/hostdisk.c create mode 100644 grub-core/osdep/generic/blocklist.c create mode 100644 grub-core/osdep/getroot.c create mode 100644 grub-core/osdep/haiku/getroot.c create mode 100644 grub-core/osdep/haiku/hostdisk.c create mode 100644 grub-core/osdep/hostdisk.c create mode 100644 grub-core/osdep/hurd/getroot.c create mode 100644 grub-core/osdep/hurd/hostdisk.c create mode 100644 grub-core/osdep/init.c create mode 100644 grub-core/osdep/linux/blocklist.c create mode 100644 grub-core/osdep/linux/emunet.c create mode 100644 grub-core/osdep/linux/getroot.c create mode 100644 grub-core/osdep/linux/hostdisk.c create mode 100644 grub-core/osdep/linux/ofpath.c create mode 100644 grub-core/osdep/linux/platform.c create mode 100644 grub-core/osdep/ofpath.c create mode 100644 grub-core/osdep/password.c create mode 100644 grub-core/osdep/platform.c create mode 100644 grub-core/osdep/platform_unix.c create mode 100644 grub-core/osdep/random.c create mode 100644 grub-core/osdep/relpath.c create mode 100644 grub-core/osdep/sleep.c create mode 100644 grub-core/osdep/sun/getroot.c create mode 100644 grub-core/osdep/sun/hostdisk.c create mode 100644 grub-core/osdep/unix/compress.c create mode 100644 grub-core/osdep/unix/config.c create mode 100644 grub-core/osdep/unix/cputime.c create mode 100644 grub-core/osdep/unix/dl.c create mode 100644 grub-core/osdep/unix/emuconsole.c create mode 100644 grub-core/osdep/unix/exec.c create mode 100644 grub-core/osdep/unix/getroot.c create mode 100644 grub-core/osdep/unix/hostdisk.c create mode 100644 grub-core/osdep/unix/password.c create mode 100644 grub-core/osdep/unix/platform.c create mode 100644 grub-core/osdep/unix/random.c create mode 100644 grub-core/osdep/unix/relpath.c create mode 100644 grub-core/osdep/unix/sleep.c create mode 100644 grub-core/osdep/windows/blocklist.c create mode 100644 grub-core/osdep/windows/config.c create mode 100644 grub-core/osdep/windows/cputime.c create mode 100644 grub-core/osdep/windows/dl.c create mode 100644 grub-core/osdep/windows/emuconsole.c create mode 100644 grub-core/osdep/windows/getroot.c create mode 100644 grub-core/osdep/windows/hostdisk.c create mode 100644 grub-core/osdep/windows/init.c create mode 100644 grub-core/osdep/windows/password.c create mode 100644 grub-core/osdep/windows/platform.c create mode 100644 grub-core/osdep/windows/random.c create mode 100644 grub-core/osdep/windows/relpath.c create mode 100644 grub-core/osdep/windows/sleep.c create mode 100644 grub-core/partmap/acorn.c create mode 100644 grub-core/partmap/amiga.c create mode 100644 grub-core/partmap/apple.c create mode 100644 grub-core/partmap/bsdlabel.c create mode 100644 grub-core/partmap/dfly.c create mode 100644 grub-core/partmap/dvh.c create mode 100644 grub-core/partmap/gpt.c create mode 100644 grub-core/partmap/msdos.c create mode 100644 grub-core/partmap/plan.c create mode 100644 grub-core/partmap/sun.c create mode 100644 grub-core/partmap/sunpc.c create mode 100644 grub-core/parttool/msdospart.c create mode 100644 grub-core/script/argv.c create mode 100644 grub-core/script/execute.c create mode 100644 grub-core/script/function.c create mode 100644 grub-core/script/lexer.c create mode 100644 grub-core/script/main.c create mode 100644 grub-core/script/parser.y create mode 100644 grub-core/script/script.c create mode 100644 grub-core/script/yylex.l create mode 100644 grub-core/term/arc/console.c create mode 100644 grub-core/term/arc/serial.c create mode 100644 grub-core/term/arm/cros.c create mode 100644 grub-core/term/arm/cros_ec.c create mode 100644 grub-core/term/arm/pl050.c create mode 100644 grub-core/term/at_keyboard.c create mode 100644 grub-core/term/efi/console.c create mode 100644 grub-core/term/efi/serial.c create mode 100644 grub-core/term/gfxterm.c create mode 100644 grub-core/term/gfxterm_background.c create mode 100644 grub-core/term/i386/coreboot/cbmemc.c create mode 100644 grub-core/term/i386/pc/console.c create mode 100644 grub-core/term/i386/pc/mda_text.c create mode 100644 grub-core/term/i386/pc/vga_text.c create mode 100644 grub-core/term/ieee1275/console.c create mode 100644 grub-core/term/ieee1275/escc.c create mode 100644 grub-core/term/ieee1275/serial.c create mode 100644 grub-core/term/morse.c create mode 100644 grub-core/term/ns8250-spcr.c create mode 100644 grub-core/term/ns8250.c create mode 100644 grub-core/term/pci/serial.c create mode 100644 grub-core/term/ps2.c create mode 100644 grub-core/term/serial.c create mode 100644 grub-core/term/spkmodem.c create mode 100644 grub-core/term/terminfo.c create mode 100644 grub-core/term/tparm.c create mode 100644 grub-core/term/uboot/console.c create mode 100644 grub-core/term/usb_keyboard.c create mode 100644 grub-core/term/xen/console.c create mode 100644 grub-core/tests/asn1/asn1_test.c create mode 100644 grub-core/tests/asn1/asn1_test.h create mode 100644 grub-core/tests/asn1/tests/CVE-2018-1000654-1_asn1_tab.h create mode 100644 grub-core/tests/asn1/tests/CVE-2018-1000654-2_asn1_tab.h create mode 100644 grub-core/tests/asn1/tests/CVE-2018-1000654.c create mode 100644 grub-core/tests/asn1/tests/Test_overflow.c create mode 100644 grub-core/tests/asn1/tests/Test_simple.c create mode 100644 grub-core/tests/asn1/tests/Test_strings.c create mode 100644 grub-core/tests/asn1/tests/object-id-decoding.c create mode 100644 grub-core/tests/asn1/tests/object-id-encoding.c create mode 100644 grub-core/tests/asn1/tests/octet-string.c create mode 100644 grub-core/tests/asn1/tests/reproducers.c create mode 100644 grub-core/tests/boot/kbsd.init-i386.S create mode 100644 grub-core/tests/boot/kbsd.init-x86_64.S create mode 100644 grub-core/tests/boot/kbsd.spec.txt create mode 100644 grub-core/tests/boot/kernel-8086.S create mode 100644 grub-core/tests/boot/kernel-i386.S create mode 100644 grub-core/tests/boot/kfreebsd-aout.cfg create mode 100644 grub-core/tests/boot/kfreebsd.cfg create mode 100644 grub-core/tests/boot/kfreebsd.init-i386.S create mode 100644 grub-core/tests/boot/kfreebsd.init-x86_64.S create mode 100644 grub-core/tests/boot/knetbsd.cfg create mode 100644 grub-core/tests/boot/kopenbsd.cfg create mode 100644 grub-core/tests/boot/kopenbsdlabel.txt create mode 100644 grub-core/tests/boot/linux-ppc.cfg create mode 100644 grub-core/tests/boot/linux.cfg create mode 100644 grub-core/tests/boot/linux.init-i386.S create mode 100644 grub-core/tests/boot/linux.init-mips.S create mode 100644 grub-core/tests/boot/linux.init-ppc.S create mode 100644 grub-core/tests/boot/linux.init-x86_64.S create mode 100644 grub-core/tests/boot/linux16.cfg create mode 100644 grub-core/tests/boot/multiboot.cfg create mode 100644 grub-core/tests/boot/multiboot2.cfg create mode 100644 grub-core/tests/boot/ntldr.cfg create mode 100644 grub-core/tests/boot/pc-chainloader.cfg create mode 100644 grub-core/tests/boot/qemu-shutdown-x86.S create mode 100644 grub-core/tests/bswap_test.c create mode 100644 grub-core/tests/checksums.h create mode 100644 grub-core/tests/cmp_test.c create mode 100644 grub-core/tests/ctz_test.c create mode 100644 grub-core/tests/div_test.c create mode 100644 grub-core/tests/dsa_sexp_test.c create mode 100644 grub-core/tests/example_functional_test.c create mode 100644 grub-core/tests/fake_input.c create mode 100644 grub-core/tests/legacy_password_test.c create mode 100644 grub-core/tests/lib/functional_test.c create mode 100644 grub-core/tests/lib/test.c create mode 100644 grub-core/tests/mul_test.c create mode 100644 grub-core/tests/pbkdf2_test.c create mode 100644 grub-core/tests/rsa_sexp_test.c create mode 100644 grub-core/tests/setjmp_test.c create mode 100644 grub-core/tests/shift_test.c create mode 100644 grub-core/tests/signature_test.c create mode 100644 grub-core/tests/signatures.h create mode 100644 grub-core/tests/sleep_test.c create mode 100644 grub-core/tests/strtoull_test.c create mode 100644 grub-core/tests/test_blockarg.c create mode 100644 grub-core/tests/video_checksum.c create mode 100644 grub-core/tests/videotest_checksum.c create mode 100644 grub-core/tests/xnu_uuid_test.c create mode 100644 grub-core/unidata.c create mode 100644 grub-core/video/bitmap.c create mode 100644 grub-core/video/bitmap_scale.c create mode 100644 grub-core/video/bochs.c create mode 100644 grub-core/video/capture.c create mode 100644 grub-core/video/cirrus.c create mode 100644 grub-core/video/colors.c create mode 100644 grub-core/video/coreboot/cbfb.c create mode 100644 grub-core/video/efi_gop.c create mode 100644 grub-core/video/efi_uga.c create mode 100644 grub-core/video/emu/sdl.c create mode 100644 grub-core/video/fb/fbblit.c create mode 100644 grub-core/video/fb/fbfill.c create mode 100644 grub-core/video/fb/fbutil.c create mode 100644 grub-core/video/fb/video_fb.c create mode 100644 grub-core/video/i386/pc/vbe.c create mode 100644 grub-core/video/i386/pc/vga.c create mode 100644 grub-core/video/ieee1275.c create mode 100644 grub-core/video/radeon_fuloong2e.c create mode 100644 grub-core/video/radeon_yeeloong3a.c create mode 100644 grub-core/video/readers/jpeg.c create mode 100644 grub-core/video/readers/png.c create mode 100644 grub-core/video/readers/tga.c create mode 100644 grub-core/video/sis315_init.c create mode 100644 grub-core/video/sis315pro.c create mode 100644 grub-core/video/sm712.c create mode 100644 grub-core/video/sm712_init.c create mode 100644 grub-core/video/video.c create mode 100644 include/grub/acorn_filecore.h create mode 100644 include/grub/acpi.h create mode 100644 include/grub/aout.h create mode 100644 include/grub/arc/arc.h create mode 100644 include/grub/arc/console.h create mode 100644 include/grub/archelp.h create mode 100644 include/grub/arm/coreboot/console.h create mode 100644 include/grub/arm/coreboot/kernel.h create mode 100644 include/grub/arm/cros_ec.h create mode 100644 include/grub/arm/efi/memory.h create mode 100644 include/grub/arm/linux.h create mode 100644 include/grub/arm/reloc.h create mode 100644 include/grub/arm/setjmp.h create mode 100644 include/grub/arm/startup.h create mode 100644 include/grub/arm/system.h create mode 100644 include/grub/arm/time.h create mode 100644 include/grub/arm/types.h create mode 100644 include/grub/arm/uboot/kernel.h create mode 100644 include/grub/arm64/efi/memory.h create mode 100644 include/grub/arm64/reloc.h create mode 100644 include/grub/arm64/setjmp.h create mode 100644 include/grub/arm64/time.h create mode 100644 include/grub/arm64/types.h create mode 100644 include/grub/at_keyboard.h create mode 100644 include/grub/ata.h create mode 100644 include/grub/auth.h create mode 100644 include/grub/autoefi.h create mode 100644 include/grub/backtrace.h create mode 100644 include/grub/bitmap.h create mode 100644 include/grub/bitmap_scale.h create mode 100644 include/grub/boottime.h create mode 100644 include/grub/bsdlabel.h create mode 100644 include/grub/btrfs.h create mode 100644 include/grub/buffer.h create mode 100644 include/grub/bufio.h create mode 100644 include/grub/cache.h create mode 100644 include/grub/cbfs_core.h create mode 100644 include/grub/charset.h create mode 100644 include/grub/cmos.h create mode 100644 include/grub/color.h create mode 100644 include/grub/command.h create mode 100644 include/grub/compiler-rt-emu.h create mode 100644 include/grub/compiler-rt.h create mode 100644 include/grub/compiler.h create mode 100644 include/grub/coreboot/lbio.h create mode 100644 include/grub/crypto.h create mode 100644 include/grub/cryptodisk.h create mode 100644 include/grub/cs5536.h create mode 100644 include/grub/datetime.h create mode 100644 include/grub/decompressor.h create mode 100644 include/grub/deflate.h create mode 100644 include/grub/device.h create mode 100644 include/grub/disk.h create mode 100644 include/grub/diskfilter.h create mode 100644 include/grub/dl.h create mode 100644 include/grub/dma.h create mode 100644 include/grub/efi/api.h create mode 100644 include/grub/efi/cc.h create mode 100644 include/grub/efi/console.h create mode 100644 include/grub/efi/console_control.h create mode 100644 include/grub/efi/debug.h create mode 100644 include/grub/efi/disk.h create mode 100644 include/grub/efi/edid.h create mode 100644 include/grub/efi/efi.h create mode 100644 include/grub/efi/fdtload.h create mode 100644 include/grub/efi/graphics_output.h create mode 100644 include/grub/efi/memory.h create mode 100644 include/grub/efi/pci.h create mode 100644 include/grub/efi/pe32.h create mode 100644 include/grub/efi/sb.h create mode 100644 include/grub/efi/tpm.h create mode 100644 include/grub/efi/uga_draw.h create mode 100644 include/grub/efiemu/efiemu.h create mode 100644 include/grub/efiemu/runtime.h create mode 100644 include/grub/elf.h create mode 100644 include/grub/elfload.h create mode 100644 include/grub/emu/config.h create mode 100644 include/grub/emu/console.h create mode 100644 include/grub/emu/exec.h create mode 100644 include/grub/emu/getroot.h create mode 100644 include/grub/emu/hostdisk.h create mode 100644 include/grub/emu/hostfile.h create mode 100644 include/grub/emu/misc.h create mode 100644 include/grub/emu/net.h create mode 100644 include/grub/env.h create mode 100644 include/grub/env_private.h create mode 100644 include/grub/err.h create mode 100644 include/grub/exfat.h create mode 100644 include/grub/extcmd.h create mode 100644 include/grub/fat.h create mode 100644 include/grub/fbblit.h create mode 100644 include/grub/fbfill.h create mode 100644 include/grub/fbutil.h create mode 100644 include/grub/fdt.h create mode 100644 include/grub/fdtbus.h create mode 100644 include/grub/file.h create mode 100644 include/grub/fileid.h create mode 100644 include/grub/font.h create mode 100644 include/grub/fontformat.h create mode 100644 include/grub/fs.h create mode 100644 include/grub/fshelp.h create mode 100644 include/grub/gcry/types.h create mode 100644 include/grub/gcrypt/g10lib.h create mode 100644 include/grub/gcrypt/gcrypt.h create mode 100644 include/grub/gcrypt/gpg-error.h create mode 100644 include/grub/gdb.h create mode 100644 include/grub/gfxmenu_model.h create mode 100644 include/grub/gfxmenu_view.h create mode 100644 include/grub/gfxterm.h create mode 100644 include/grub/gfxwidgets.h create mode 100644 include/grub/gpt_partition.h create mode 100644 include/grub/gui.h create mode 100644 include/grub/gui_string_util.h create mode 100644 include/grub/hfs.h create mode 100644 include/grub/hfsplus.h create mode 100644 include/grub/i18n.h create mode 100644 include/grub/i386/at_keyboard.h create mode 100644 include/grub/i386/bsd.h create mode 100644 include/grub/i386/cmos.h create mode 100644 include/grub/i386/coreboot/boot.h create mode 100644 include/grub/i386/coreboot/console.h create mode 100644 include/grub/i386/coreboot/kernel.h create mode 100644 include/grub/i386/coreboot/memory.h create mode 100644 include/grub/i386/coreboot/serial.h create mode 100644 include/grub/i386/coreboot/time.h create mode 100644 include/grub/i386/cpuid.h create mode 100644 include/grub/i386/efi/kernel.h create mode 100644 include/grub/i386/efi/memory.h create mode 100644 include/grub/i386/efi/serial.h create mode 100644 include/grub/i386/efiemu.h create mode 100644 include/grub/i386/floppy.h create mode 100644 include/grub/i386/freebsd_linker.h create mode 100644 include/grub/i386/freebsd_reboot.h create mode 100644 include/grub/i386/gdb.h create mode 100644 include/grub/i386/ieee1275/ieee1275.h create mode 100644 include/grub/i386/ieee1275/kernel.h create mode 100644 include/grub/i386/ieee1275/memory.h create mode 100644 include/grub/i386/ieee1275/serial.h create mode 100644 include/grub/i386/io.h create mode 100644 include/grub/i386/linux.h create mode 100644 include/grub/i386/macho.h create mode 100644 include/grub/i386/memory.h create mode 100644 include/grub/i386/memory_raw.h create mode 100644 include/grub/i386/msr.h create mode 100644 include/grub/i386/multiboot.h create mode 100644 include/grub/i386/multiboot/boot.h create mode 100644 include/grub/i386/multiboot/console.h create mode 100644 include/grub/i386/multiboot/kernel.h create mode 100644 include/grub/i386/multiboot/memory.h create mode 100644 include/grub/i386/multiboot/serial.h create mode 100644 include/grub/i386/multiboot/time.h create mode 100644 include/grub/i386/netbsd_bootinfo.h create mode 100644 include/grub/i386/netbsd_reboot.h create mode 100644 include/grub/i386/openbsd_bootarg.h create mode 100644 include/grub/i386/openbsd_reboot.h create mode 100644 include/grub/i386/pc/apm.h create mode 100644 include/grub/i386/pc/biosdisk.h create mode 100644 include/grub/i386/pc/biosnum.h create mode 100644 include/grub/i386/pc/boot.h create mode 100644 include/grub/i386/pc/chainloader.h create mode 100644 include/grub/i386/pc/console.h create mode 100644 include/grub/i386/pc/int.h create mode 100644 include/grub/i386/pc/int_types.h create mode 100644 include/grub/i386/pc/kernel.h create mode 100644 include/grub/i386/pc/memory.h create mode 100644 include/grub/i386/pc/pxe.h create mode 100644 include/grub/i386/pc/time.h create mode 100644 include/grub/i386/pc/vbe.h create mode 100644 include/grub/i386/pc/vesa_modes_table.h create mode 100644 include/grub/i386/pci.h create mode 100644 include/grub/i386/pit.h create mode 100644 include/grub/i386/pmtimer.h create mode 100644 include/grub/i386/qemu/boot.h create mode 100644 include/grub/i386/qemu/console.h create mode 100644 include/grub/i386/qemu/kernel.h create mode 100644 include/grub/i386/qemu/memory.h create mode 100644 include/grub/i386/qemu/serial.h create mode 100644 include/grub/i386/qemu/time.h create mode 100644 include/grub/i386/reboot.h create mode 100644 include/grub/i386/relocator.h create mode 100644 include/grub/i386/relocator_private.h create mode 100644 include/grub/i386/setjmp.h create mode 100644 include/grub/i386/time.h create mode 100644 include/grub/i386/tsc.h create mode 100644 include/grub/i386/types.h create mode 100644 include/grub/i386/xen/hypercall.h create mode 100644 include/grub/i386/xen/kernel.h create mode 100644 include/grub/i386/xen/memory.h create mode 100644 include/grub/i386/xen_pvh/boot.h create mode 100644 include/grub/i386/xen_pvh/console.h create mode 100644 include/grub/i386/xen_pvh/int.h create mode 100644 include/grub/i386/xen_pvh/kernel.h create mode 100644 include/grub/i386/xen_pvh/memory.h create mode 100644 include/grub/i386/xen_pvh/time.h create mode 100644 include/grub/i386/xnu.h create mode 100644 include/grub/ia64/efi/memory.h create mode 100644 include/grub/ia64/efi/time.h create mode 100644 include/grub/ia64/kernel.h create mode 100644 include/grub/ia64/reloc.h create mode 100644 include/grub/ia64/setjmp.h create mode 100644 include/grub/ia64/time.h create mode 100644 include/grub/ia64/types.h create mode 100644 include/grub/icon_manager.h create mode 100644 include/grub/ieee1275/alloc.h create mode 100644 include/grub/ieee1275/console.h create mode 100644 include/grub/ieee1275/ieee1275.h create mode 100644 include/grub/ieee1275/obdisk.h create mode 100644 include/grub/ieee1275/ofdisk.h create mode 100644 include/grub/ieee1275/tpm.h create mode 100644 include/grub/kernel.h create mode 100644 include/grub/key_protector.h create mode 100644 include/grub/keyboard_layouts.h create mode 100644 include/grub/legacy_parse.h create mode 100644 include/grub/lib/LzFind.h create mode 100644 include/grub/lib/LzHash.h create mode 100644 include/grub/lib/LzmaDec.h create mode 100644 include/grub/lib/LzmaEnc.h create mode 100644 include/grub/lib/LzmaTypes.h create mode 100644 include/grub/lib/arg.h create mode 100644 include/grub/lib/cmdline.h create mode 100644 include/grub/lib/crc.h create mode 100644 include/grub/lib/envblk.h create mode 100644 include/grub/lib/hexdump.h create mode 100644 include/grub/libpciaccess.h create mode 100644 include/grub/linux.h create mode 100644 include/grub/list.h create mode 100644 include/grub/loader.h create mode 100644 include/grub/lockdown.h create mode 100644 include/grub/loongarch64/efi/memory.h create mode 100644 include/grub/loongarch64/reloc.h create mode 100644 include/grub/loongarch64/setjmp.h create mode 100644 include/grub/loongarch64/time.h create mode 100644 include/grub/loongarch64/types.h create mode 100644 include/grub/lvm.h create mode 100644 include/grub/macho.h create mode 100644 include/grub/machoload.h create mode 100644 include/grub/memory.h create mode 100644 include/grub/menu.h create mode 100644 include/grub/menu_viewer.h create mode 100644 include/grub/mips/arc/kernel.h create mode 100644 include/grub/mips/arc/memory.h create mode 100644 include/grub/mips/arc/time.h create mode 100644 include/grub/mips/asm.h create mode 100644 include/grub/mips/at_keyboard.h create mode 100644 include/grub/mips/cmos.h create mode 100644 include/grub/mips/io.h create mode 100644 include/grub/mips/kernel.h create mode 100644 include/grub/mips/loongson.h create mode 100644 include/grub/mips/loongson/at_keyboard.h create mode 100644 include/grub/mips/loongson/cmos.h create mode 100644 include/grub/mips/loongson/ec.h create mode 100644 include/grub/mips/loongson/kernel.h create mode 100644 include/grub/mips/loongson/memory.h create mode 100644 include/grub/mips/loongson/pci.h create mode 100644 include/grub/mips/loongson/serial.h create mode 100644 include/grub/mips/loongson/time.h create mode 100644 include/grub/mips/memory.h create mode 100644 include/grub/mips/mips.h create mode 100644 include/grub/mips/multiboot.h create mode 100644 include/grub/mips/pci.h create mode 100644 include/grub/mips/qemu_mips/at_keyboard.h create mode 100644 include/grub/mips/qemu_mips/cmos.h create mode 100644 include/grub/mips/qemu_mips/console.h create mode 100644 include/grub/mips/qemu_mips/kernel.h create mode 100644 include/grub/mips/qemu_mips/loader.h create mode 100644 include/grub/mips/qemu_mips/memory.h create mode 100644 include/grub/mips/qemu_mips/serial.h create mode 100644 include/grub/mips/qemu_mips/time.h create mode 100644 include/grub/mips/relocator.h create mode 100644 include/grub/mips/setjmp.h create mode 100644 include/grub/mips/time.h create mode 100644 include/grub/mips/types.h create mode 100644 include/grub/misc.h create mode 100644 include/grub/mm.h create mode 100644 include/grub/mm_private.h create mode 100644 include/grub/module_verifier.h create mode 100644 include/grub/msdos_partition.h create mode 100644 include/grub/multiboot.h create mode 100644 include/grub/multiboot2.h create mode 100644 include/grub/multiboot_loader.h create mode 100644 include/grub/net.h create mode 100644 include/grub/net/arp.h create mode 100644 include/grub/net/ethernet.h create mode 100644 include/grub/net/ip.h create mode 100644 include/grub/net/netbuff.h create mode 100644 include/grub/net/tcp.h create mode 100644 include/grub/net/udp.h create mode 100644 include/grub/normal.h create mode 100644 include/grub/ns8250.h create mode 100644 include/grub/ntfs.h create mode 100644 include/grub/offsets.h create mode 100644 include/grub/osdep/hostfile.h create mode 100644 include/grub/osdep/hostfile_aros.h create mode 100644 include/grub/osdep/hostfile_unix.h create mode 100644 include/grub/osdep/hostfile_windows.h create mode 100644 include/grub/osdep/major.h create mode 100644 include/grub/parser.h create mode 100644 include/grub/partition.h create mode 100644 include/grub/parttool.h create mode 100644 include/grub/pci.h create mode 100644 include/grub/pciutils.h create mode 100644 include/grub/powerpc/ieee1275/ieee1275.h create mode 100644 include/grub/powerpc/kernel.h create mode 100644 include/grub/powerpc/memory.h create mode 100644 include/grub/powerpc/relocator.h create mode 100644 include/grub/powerpc/setjmp.h create mode 100644 include/grub/powerpc/time.h create mode 100644 include/grub/powerpc/types.h create mode 100644 include/grub/priority_queue.h create mode 100644 include/grub/procfs.h create mode 100644 include/grub/ps2.h create mode 100644 include/grub/pubkey.h create mode 100644 include/grub/random.h create mode 100644 include/grub/reader.h create mode 100644 include/grub/reed_solomon.h create mode 100644 include/grub/relocator.h create mode 100644 include/grub/relocator_private.h create mode 100644 include/grub/riscv32/efi/memory.h create mode 100644 include/grub/riscv32/setjmp.h create mode 100644 include/grub/riscv32/time.h create mode 100644 include/grub/riscv32/types.h create mode 100644 include/grub/riscv64/efi/memory.h create mode 100644 include/grub/riscv64/setjmp.h create mode 100644 include/grub/riscv64/time.h create mode 100644 include/grub/riscv64/types.h create mode 100644 include/grub/safemath.h create mode 100644 include/grub/script_sh.h create mode 100644 include/grub/scsi.h create mode 100644 include/grub/scsicmd.h create mode 100644 include/grub/sdl.h create mode 100644 include/grub/search.h create mode 100644 include/grub/serial.h create mode 100644 include/grub/setjmp.h create mode 100644 include/grub/smbios.h create mode 100644 include/grub/smbus.h create mode 100644 include/grub/sparc64/ieee1275/boot.h create mode 100644 include/grub/sparc64/ieee1275/ieee1275.h create mode 100644 include/grub/sparc64/ieee1275/kernel.h create mode 100644 include/grub/sparc64/setjmp.h create mode 100644 include/grub/sparc64/time.h create mode 100644 include/grub/sparc64/types.h create mode 100644 include/grub/speaker.h create mode 100644 include/grub/stack_protector.h create mode 100644 include/grub/symbol.h create mode 100644 include/grub/syslinux_parse.h create mode 100644 include/grub/term.h create mode 100644 include/grub/terminfo.h create mode 100644 include/grub/test.h create mode 100644 include/grub/time.h create mode 100644 include/grub/tparm.h create mode 100644 include/grub/tpm.h create mode 100644 include/grub/trig.h create mode 100644 include/grub/types.h create mode 100644 include/grub/uboot/api_public.h create mode 100644 include/grub/uboot/console.h create mode 100644 include/grub/uboot/disk.h create mode 100644 include/grub/uboot/image.h create mode 100644 include/grub/uboot/uboot.h create mode 100644 include/grub/udf.h create mode 100644 include/grub/unicode.h create mode 100644 include/grub/usb.h create mode 100644 include/grub/usbdesc.h create mode 100644 include/grub/usbserial.h create mode 100644 include/grub/usbtrans.h create mode 100644 include/grub/util/install.h create mode 100644 include/grub/util/libnvpair.h create mode 100644 include/grub/util/libzfs.h create mode 100644 include/grub/util/misc.h create mode 100644 include/grub/util/mkimage.h create mode 100644 include/grub/util/ofpath.h create mode 100644 include/grub/util/resolve.h create mode 100644 include/grub/util/windows.h create mode 100644 include/grub/verify.h create mode 100644 include/grub/vga.h create mode 100644 include/grub/vgaregs.h create mode 100644 include/grub/video.h create mode 100644 include/grub/video_fb.h create mode 100644 include/grub/x86_64/at_keyboard.h create mode 100644 include/grub/x86_64/cmos.h create mode 100644 include/grub/x86_64/efi/boot.h create mode 100644 include/grub/x86_64/efi/kernel.h create mode 100644 include/grub/x86_64/efi/loader.h create mode 100644 include/grub/x86_64/efi/memory.h create mode 100644 include/grub/x86_64/efi/serial.h create mode 100644 include/grub/x86_64/io.h create mode 100644 include/grub/x86_64/linux.h create mode 100644 include/grub/x86_64/macho.h create mode 100644 include/grub/x86_64/memory.h create mode 100644 include/grub/x86_64/multiboot.h create mode 100644 include/grub/x86_64/pci.h create mode 100644 include/grub/x86_64/relocator.h create mode 100644 include/grub/x86_64/setjmp.h create mode 100644 include/grub/x86_64/time.h create mode 100644 include/grub/x86_64/types.h create mode 100644 include/grub/x86_64/xen/hypercall.h create mode 100644 include/grub/x86_64/xnu.h create mode 100644 include/grub/xen.h create mode 100644 include/grub/xen/relocator.h create mode 100644 include/grub/xen_file.h create mode 100644 include/grub/xnu.h create mode 100644 include/grub/zfs/dmu.h create mode 100644 include/grub/zfs/dmu_objset.h create mode 100644 include/grub/zfs/dnode.h create mode 100644 include/grub/zfs/dsl_dataset.h create mode 100644 include/grub/zfs/dsl_dir.h create mode 100644 include/grub/zfs/sa_impl.h create mode 100644 include/grub/zfs/spa.h create mode 100644 include/grub/zfs/uberblock_impl.h create mode 100644 include/grub/zfs/vdev_impl.h create mode 100644 include/grub/zfs/zap_impl.h create mode 100644 include/grub/zfs/zap_leaf.h create mode 100644 include/grub/zfs/zfs.h create mode 100644 include/grub/zfs/zfs_acl.h create mode 100644 include/grub/zfs/zfs_znode.h create mode 100644 include/grub/zfs/zil.h create mode 100644 include/grub/zfs/zio.h create mode 100644 include/grub/zfs/zio_checksum.h create mode 100644 include/multiboot.h create mode 100644 include/multiboot2.h create mode 100644 include/xen/arch-x86/xen-x86_32.h create mode 100644 include/xen/arch-x86/xen-x86_64.h create mode 100644 include/xen/arch-x86/xen.h create mode 100644 include/xen/elfnote.h create mode 100644 include/xen/event_channel.h create mode 100644 include/xen/grant_table.h create mode 100644 include/xen/hvm/hvm_op.h create mode 100644 include/xen/hvm/params.h create mode 100644 include/xen/hvm/start_info.h create mode 100644 include/xen/io/blkif.h create mode 100644 include/xen/io/console.h create mode 100644 include/xen/io/protocols.h create mode 100644 include/xen/io/ring.h create mode 100644 include/xen/io/xenbus.h create mode 100644 include/xen/io/xs_wire.h create mode 100644 include/xen/memory.h create mode 100644 include/xen/physdev.h create mode 100644 include/xen/sched.h create mode 100644 include/xen/trace.h create mode 100644 include/xen/xen-compat.h create mode 100644 include/xen/xen.h create mode 100755 linguas.sh create mode 100644 m4/00gnulib.m4 create mode 100644 m4/__inline.m4 create mode 100644 m4/absolute-header.m4 create mode 100644 m4/alloca.m4 create mode 100644 m4/argp.m4 create mode 100644 m4/base64.m4 create mode 100644 m4/btowc.m4 create mode 100644 m4/builtin-expect.m4 create mode 100644 m4/calloc.m4 create mode 100644 m4/chdir-long.m4 create mode 100644 m4/close.m4 create mode 100644 m4/codeset.m4 create mode 100644 m4/ctype_h.m4 create mode 100644 m4/dirent_h.m4 create mode 100644 m4/dirfd.m4 create mode 100644 m4/double-slash-root.m4 create mode 100644 m4/dup2.m4 create mode 100644 m4/eealloc.m4 create mode 100644 m4/errno_h.m4 create mode 100644 m4/error.m4 create mode 100644 m4/exponentd.m4 create mode 100644 m4/extensions.m4 create mode 100644 m4/extern-inline.m4 create mode 100644 m4/fchdir.m4 create mode 100644 m4/fcntl-o.m4 create mode 100644 m4/fcntl.m4 create mode 100644 m4/fcntl_h.m4 create mode 100644 m4/filenamecat.m4 create mode 100644 m4/flexmember.m4 create mode 100644 m4/float_h.m4 create mode 100644 m4/fnmatch.m4 create mode 100644 m4/fnmatch_h.m4 create mode 100644 m4/free.m4 create mode 100644 m4/fstat.m4 create mode 100644 m4/getcwd.m4 create mode 100644 m4/getdelim.m4 create mode 100644 m4/getdtablesize.m4 create mode 100644 m4/getline.m4 create mode 100644 m4/getopt.m4 create mode 100644 m4/getprogname.m4 create mode 100644 m4/gettext.m4 create mode 100644 m4/glibc2.m4 create mode 100644 m4/gnulib-cache.m4 create mode 100644 m4/gnulib-common.m4 create mode 100644 m4/gnulib-comp.m4 create mode 100644 m4/gnulib-tool.m4 create mode 100644 m4/iconv.m4 create mode 100644 m4/include_next.m4 create mode 100644 m4/intdiv0.m4 create mode 100644 m4/intl.m4 create mode 100644 m4/intldir.m4 create mode 100644 m4/intlmacosx.m4 create mode 100644 m4/intmax.m4 create mode 100644 m4/intmax_t.m4 create mode 100644 m4/inttypes-pri.m4 create mode 100644 m4/inttypes.m4 create mode 100644 m4/inttypes_h.m4 create mode 100644 m4/isblank.m4 create mode 100644 m4/langinfo_h.m4 create mode 100644 m4/largefile.m4 create mode 100644 m4/lcmessage.m4 create mode 100644 m4/lib-ld.m4 create mode 100644 m4/lib-link.m4 create mode 100644 m4/lib-prefix.m4 create mode 100644 m4/libunistring-base.m4 create mode 100644 m4/limits-h.m4 create mode 100644 m4/localcharset.m4 create mode 100644 m4/locale-fr.m4 create mode 100644 m4/locale-ja.m4 create mode 100644 m4/locale-zh.m4 create mode 100644 m4/locale_h.m4 create mode 100644 m4/localeconv.m4 create mode 100644 m4/lock.m4 create mode 100644 m4/lstat.m4 create mode 100644 m4/malloc.m4 create mode 100644 m4/malloca.m4 create mode 100644 m4/math_h.m4 create mode 100644 m4/mbrtowc.m4 create mode 100644 m4/mbsinit.m4 create mode 100644 m4/mbsrtowcs.m4 create mode 100644 m4/mbstate_t.m4 create mode 100644 m4/mbswidth.m4 create mode 100644 m4/mbtowc.m4 create mode 100644 m4/memchr.m4 create mode 100644 m4/mempcpy.m4 create mode 100644 m4/memrchr.m4 create mode 100644 m4/mmap-anon.m4 create mode 100644 m4/mode_t.m4 create mode 100644 m4/msvc-inval.m4 create mode 100644 m4/msvc-nothrow.m4 create mode 100644 m4/multiarch.m4 create mode 100644 m4/nl_langinfo.m4 create mode 100644 m4/nls.m4 create mode 100644 m4/nocrash.m4 create mode 100644 m4/off_t.m4 create mode 100644 m4/open-cloexec.m4 create mode 100644 m4/open-slash.m4 create mode 100644 m4/open.m4 create mode 100644 m4/openat.m4 create mode 100644 m4/pathmax.m4 create mode 100644 m4/pipe.m4 create mode 100644 m4/po.m4 create mode 100644 m4/printf-posix.m4 create mode 100644 m4/printf.m4 create mode 100644 m4/progtest.m4 create mode 100644 m4/pthread_rwlock_rdlock.m4 create mode 100644 m4/rawmemchr.m4 create mode 100644 m4/realloc.m4 create mode 100644 m4/reallocarray.m4 create mode 100644 m4/regex.m4 create mode 100644 m4/save-cwd.m4 create mode 100644 m4/setlocale_null.m4 create mode 100644 m4/size_max.m4 create mode 100644 m4/sleep.m4 create mode 100644 m4/ssize_t.m4 create mode 100644 m4/stat-time.m4 create mode 100644 m4/stat.m4 create mode 100644 m4/stdalign.m4 create mode 100644 m4/stdbool.m4 create mode 100644 m4/stddef_h.m4 create mode 100644 m4/stdint.m4 create mode 100644 m4/stdint_h.m4 create mode 100644 m4/stdio_h.m4 create mode 100644 m4/stdlib_h.m4 create mode 100644 m4/strcase.m4 create mode 100644 m4/strchrnul.m4 create mode 100644 m4/strdup.m4 create mode 100644 m4/strerror.m4 create mode 100644 m4/string_h.m4 create mode 100644 m4/strings_h.m4 create mode 100644 m4/strndup.m4 create mode 100644 m4/strnlen.m4 create mode 100644 m4/sys_socket_h.m4 create mode 100644 m4/sys_stat_h.m4 create mode 100644 m4/sys_types_h.m4 create mode 100644 m4/sysexits.m4 create mode 100644 m4/threadlib.m4 create mode 100644 m4/time_h.m4 create mode 100644 m4/uintmax_t.m4 create mode 100644 m4/unistd-safer.m4 create mode 100644 m4/unistd_h.m4 create mode 100644 m4/vasnprintf.m4 create mode 100644 m4/visibility.m4 create mode 100644 m4/vsnprintf.m4 create mode 100644 m4/warn-on-use.m4 create mode 100644 m4/wchar_h.m4 create mode 100644 m4/wchar_t.m4 create mode 100644 m4/wcrtomb.m4 create mode 100644 m4/wctype_h.m4 create mode 100644 m4/wcwidth.m4 create mode 100644 m4/wint_t.m4 create mode 100644 m4/wmemchr.m4 create mode 100644 m4/wmempcpy.m4 create mode 100644 m4/xsize.m4 create mode 100644 m4/year2038.m4 create mode 100644 m4/zzgnulib.m4 create mode 100644 po/Makefile.in.in create mode 100644 po/Makevars create mode 100644 po/POTFILES-shell.in create mode 100644 po/POTFILES.in create mode 100644 po/README create mode 100644 po/Rules-piglatin create mode 100644 po/Rules-quot create mode 100644 po/Rules-swiss create mode 100644 po/Rules-translit create mode 100644 po/Rules-windowsdir create mode 100644 po/arabic.sed create mode 100644 po/boldquot.sed create mode 100644 po/cyrillic.sed create mode 100644 po/en@boldquot.header create mode 100644 po/en@piglatin.header create mode 100644 po/en@quot.header create mode 100644 po/exclude.pot create mode 100644 po/gettext-patches/0001-Support-POTFILES-shell.patch create mode 100644 po/gettext-patches/0002-Handle-gettext_printf-shell-function.patch create mode 100644 po/gettext-patches/0003-Make-msgfmt-output-in-little-endian.patch create mode 100644 po/gettext-patches/0004-Use-SHELL-rather-than-bin-sh.patch create mode 100644 po/greek.sed create mode 100644 po/grub.d.sed create mode 100644 po/grub.pot create mode 100644 po/hebrew.sed create mode 100644 po/insert-header.sin create mode 100644 po/piglatin.sed create mode 100644 po/quot.sed create mode 100644 po/remove-potcdate.sin create mode 100644 po/stamp-po create mode 100644 po/swiss.sed create mode 100644 stamp-h.in create mode 100644 tests/ahci_test.in create mode 100644 tests/asn1_test.in create mode 100644 tests/btrfs_test.in create mode 100644 tests/cdboot_test.in create mode 100644 tests/cmp_unit_test.c create mode 100644 tests/core_compress_test.in create mode 100644 tests/cpio_test.in create mode 100644 tests/date_unit_test.c create mode 100644 tests/dfly-mbr-mbexample.dfly.img.gz create mode 100644 tests/dfly-mbr-mbexample.mbr.img.gz create mode 100644 tests/ehci_test.in create mode 100644 tests/erofs_test.in create mode 100644 tests/example_grub_script_test.in create mode 100644 tests/example_scripted_test.in create mode 100644 tests/example_unit_test.c create mode 100644 tests/exfat_test.in create mode 100644 tests/ext234_test.in create mode 100644 tests/f2fs_test.in create mode 100644 tests/fat_test.in create mode 100644 tests/fddboot_test.in create mode 100644 tests/file_filter/file create mode 100644 tests/file_filter/file.gz create mode 100644 tests/file_filter/file.gz.sig create mode 100644 tests/file_filter/file.lzop create mode 100644 tests/file_filter/file.lzop.sig create mode 100644 tests/file_filter/file.xz create mode 100644 tests/file_filter/file.xz.sig create mode 100644 tests/file_filter/keys create mode 100644 tests/file_filter/keys.pub create mode 100644 tests/file_filter/test.cfg create mode 100644 tests/file_filter_test.in create mode 100644 tests/gettext_strings_test.in create mode 100644 tests/grub_cmd_cryptomount.in create mode 100644 tests/grub_cmd_date.in create mode 100644 tests/grub_cmd_echo.in create mode 100644 tests/grub_cmd_regexp.in create mode 100644 tests/grub_cmd_set_date.in create mode 100644 tests/grub_cmd_sleep.in create mode 100644 tests/grub_cmd_test.in create mode 100644 tests/grub_cmd_tr.in create mode 100644 tests/grub_func_test.in create mode 100644 tests/grub_script_blanklines.in create mode 100644 tests/grub_script_blockarg.in create mode 100644 tests/grub_script_break.in create mode 100644 tests/grub_script_comments.in create mode 100644 tests/grub_script_continue.in create mode 100644 tests/grub_script_dollar.in create mode 100644 tests/grub_script_echo1.in create mode 100644 tests/grub_script_echo_keywords.in create mode 100644 tests/grub_script_escape_comma.in create mode 100644 tests/grub_script_eval.in create mode 100644 tests/grub_script_expansion.in create mode 100644 tests/grub_script_final_semicolon.in create mode 100644 tests/grub_script_for1.in create mode 100644 tests/grub_script_functions.in create mode 100644 tests/grub_script_gettext.in create mode 100644 tests/grub_script_if.in create mode 100644 tests/grub_script_leading_whitespace.in create mode 100644 tests/grub_script_no_commands.in create mode 100644 tests/grub_script_not.in create mode 100644 tests/grub_script_return.in create mode 100644 tests/grub_script_setparams.in create mode 100644 tests/grub_script_shift.in create mode 100644 tests/grub_script_strcmp.in create mode 100644 tests/grub_script_test.in create mode 100644 tests/grub_script_vars1.in create mode 100644 tests/grub_script_while1.in create mode 100644 tests/gzcompress_test.in create mode 100644 tests/hddboot_test.in create mode 100644 tests/help_test.in create mode 100644 tests/hfs_test.in create mode 100644 tests/hfsplus_test.in create mode 100644 tests/iso9660_test.in create mode 100644 tests/jfs_test.in create mode 100644 tests/lib/unit_test.c create mode 100644 tests/luks1_test.in create mode 100644 tests/luks2_test.in create mode 100644 tests/lzocompress_test.in create mode 100644 tests/minixfs_test.in create mode 100644 tests/netboot_test.in create mode 100644 tests/nilfs2_test.in create mode 100644 tests/ntfs_test.in create mode 100644 tests/ohci_test.in create mode 100644 tests/partmap_test.in create mode 100644 tests/pata_test.in create mode 100644 tests/printf_unit_test.c create mode 100644 tests/priority_queue_unit_test.cc create mode 100644 tests/pseries_test.in create mode 100644 tests/reiserfs_test.in create mode 100644 tests/romfs_test.in create mode 100644 tests/serial_test.in create mode 100644 tests/squashfs_test.in create mode 100644 tests/syslinux/ubuntu10.04/isolinux/adtxt.cfg create mode 100644 tests/syslinux/ubuntu10.04/isolinux/dtmenu.cfg create mode 100644 tests/syslinux/ubuntu10.04/isolinux/exithelp.cfg create mode 100644 tests/syslinux/ubuntu10.04/isolinux/gfxboot.cfg create mode 100644 tests/syslinux/ubuntu10.04/isolinux/isolinux.cfg create mode 100644 tests/syslinux/ubuntu10.04/isolinux/menu.cfg create mode 100644 tests/syslinux/ubuntu10.04/isolinux/po4a.cfg create mode 100644 tests/syslinux/ubuntu10.04/isolinux/prompt.cfg create mode 100644 tests/syslinux/ubuntu10.04/isolinux/rqtxt.cfg create mode 100644 tests/syslinux/ubuntu10.04/isolinux/stdmenu.cfg create mode 100644 tests/syslinux/ubuntu10.04/isolinux/txt.cfg create mode 100644 tests/syslinux/ubuntu10.04_grub.cfg.in create mode 100644 tests/syslinux_test.in create mode 100644 tests/tar_test.in create mode 100644 tests/test_sha512sum.in create mode 100644 tests/test_unset.in create mode 100644 tests/tpm2_key_protector_test.in create mode 100644 tests/udf_test.in create mode 100644 tests/uhci_test.in create mode 100644 tests/util/grub-fs-tester.in create mode 100644 tests/util/grub-shell-luks-tester.in create mode 100644 tests/util/grub-shell-tester.in create mode 100644 tests/util/grub-shell.in create mode 100644 tests/xfs_test.in create mode 100644 tests/xzcompress_test.in create mode 100644 tests/zfs_test.in create mode 100644 themes/starfield/COPYING.CC-BY-SA-3.0 create mode 100644 themes/starfield/README create mode 100644 themes/starfield/blob_w.png create mode 100644 themes/starfield/boot_menu_c.png create mode 100644 themes/starfield/boot_menu_e.png create mode 100644 themes/starfield/boot_menu_n.png create mode 100644 themes/starfield/boot_menu_ne.png create mode 100644 themes/starfield/boot_menu_nw.png create mode 100644 themes/starfield/boot_menu_s.png create mode 100644 themes/starfield/boot_menu_se.png create mode 100644 themes/starfield/boot_menu_sw.png create mode 100644 themes/starfield/boot_menu_w.png create mode 100644 themes/starfield/slider_c.png create mode 100644 themes/starfield/slider_n.png create mode 100644 themes/starfield/slider_s.png create mode 100644 themes/starfield/src/blob_nw.xcf create mode 100644 themes/starfield/src/bootmenu/center.xcf create mode 100644 themes/starfield/src/bootmenu/corner.xcf create mode 100644 themes/starfield/src/bootmenu/side.xcf create mode 100644 themes/starfield/src/slider_c.xcf create mode 100644 themes/starfield/src/slider_n.xcf create mode 100644 themes/starfield/src/slider_s.xcf create mode 100644 themes/starfield/src/terminalbox/center.xcf create mode 100644 themes/starfield/src/terminalbox/corner.xcf create mode 100644 themes/starfield/src/terminalbox/side.xcf create mode 100644 themes/starfield/starfield.png create mode 100644 themes/starfield/terminal_box_c.png create mode 100644 themes/starfield/terminal_box_e.png create mode 100644 themes/starfield/terminal_box_n.png create mode 100644 themes/starfield/terminal_box_ne.png create mode 100644 themes/starfield/terminal_box_nw.png create mode 100644 themes/starfield/terminal_box_s.png create mode 100644 themes/starfield/terminal_box_se.png create mode 100644 themes/starfield/terminal_box_sw.png create mode 100644 themes/starfield/terminal_box_w.png create mode 100644 themes/starfield/theme.txt create mode 100644 unicode/ArabicShaping.txt create mode 100644 unicode/BidiMirroring.txt create mode 100644 unicode/COPYING create mode 100644 unicode/UnicodeData.txt create mode 100644 util/bash-completion.d/Makefile.am create mode 100644 util/bash-completion.d/Makefile.in create mode 100644 util/bash-completion.d/grub-bios-setup.bash.in create mode 100644 util/bash-completion.d/grub-completion.bash.in create mode 100644 util/bash-completion.d/grub-editenv.bash.in create mode 100644 util/bash-completion.d/grub-install.bash.in create mode 100644 util/bash-completion.d/grub-mkconfig.bash.in create mode 100644 util/bash-completion.d/grub-mkfont.bash.in create mode 100644 util/bash-completion.d/grub-mkimage.bash.in create mode 100644 util/bash-completion.d/grub-mkpasswd-pbkdf2.bash.in create mode 100644 util/bash-completion.d/grub-mkrescue.bash.in create mode 100644 util/bash-completion.d/grub-probe.bash.in create mode 100644 util/bash-completion.d/grub-reboot.bash.in create mode 100644 util/bash-completion.d/grub-script-check.bash.in create mode 100644 util/bash-completion.d/grub-set-default.bash.in create mode 100644 util/bash-completion.d/grub-sparc64-setup.bash.in create mode 100644 util/bin2h.c create mode 100644 util/config.c create mode 100644 util/editenv.c create mode 100644 util/garbage-gen.c create mode 100644 util/getroot.c create mode 100644 util/glue-efi.c create mode 100644 util/grub-editenv.c create mode 100644 util/grub-file.c create mode 100644 util/grub-fstest.c create mode 100644 util/grub-gen-asciih.c create mode 100644 util/grub-gen-widthspec.c create mode 100644 util/grub-glue-efi.c create mode 100644 util/grub-install-common.c create mode 100644 util/grub-install.c create mode 100644 util/grub-kbdcomp.in create mode 100644 util/grub-macbless.c create mode 100644 util/grub-macho2img.c create mode 100644 util/grub-menulst2cfg.c create mode 100644 util/grub-mkconfig.in create mode 100644 util/grub-mkconfig_lib.in create mode 100644 util/grub-mkfont.c create mode 100644 util/grub-mkimage.c create mode 100644 util/grub-mkimage32.c create mode 100644 util/grub-mkimage64.c create mode 100644 util/grub-mkimagexx.c create mode 100644 util/grub-mklayout.c create mode 100644 util/grub-mknetdir.c create mode 100644 util/grub-mkpasswd-pbkdf2.c create mode 100644 util/grub-mkrelpath.c create mode 100644 util/grub-mkrescue.c create mode 100644 util/grub-mkstandalone.c create mode 100644 util/grub-module-verifier.c create mode 100644 util/grub-module-verifier32.c create mode 100644 util/grub-module-verifier64.c create mode 100644 util/grub-module-verifierXX.c create mode 100644 util/grub-mount.c create mode 100644 util/grub-pe2elf.c create mode 100644 util/grub-probe.c create mode 100644 util/grub-protect.c create mode 100644 util/grub-reboot.in create mode 100644 util/grub-render-label.c create mode 100644 util/grub-script-check.c create mode 100644 util/grub-set-default.in create mode 100644 util/grub-setup.c create mode 100644 util/grub-syslinux2cfg.c create mode 100644 util/grub.d/00_header.in create mode 100644 util/grub.d/10_hurd.in create mode 100644 util/grub.d/10_illumos.in create mode 100644 util/grub.d/10_kfreebsd.in create mode 100644 util/grub.d/10_linux.in create mode 100644 util/grub.d/10_netbsd.in create mode 100644 util/grub.d/10_windows.in create mode 100644 util/grub.d/10_xnu.in create mode 100644 util/grub.d/20_linux_xen.in create mode 100644 util/grub.d/25_bli.in create mode 100644 util/grub.d/30_os-prober.in create mode 100644 util/grub.d/30_uefi-firmware.in create mode 100644 util/grub.d/40_custom.in create mode 100644 util/grub.d/41_custom.in create mode 100644 util/grub.d/README create mode 100644 util/i386/efi/grub-dumpdevtree create mode 100644 util/ieee1275/grub-ofpathname.c create mode 100644 util/import_gcry.py create mode 100644 util/import_gcrypth.sed create mode 100644 util/import_unicode.py create mode 100644 util/misc.c create mode 100644 util/mkimage.c create mode 100644 util/probe.c create mode 100644 util/render-label.c create mode 100644 util/resolve.c create mode 100644 util/setup.c create mode 100644 util/setup_bios.c create mode 100644 util/setup_sparc.c create mode 100644 util/spkmodem-recv.c diff --git a/ABOUT-NLS b/ABOUT-NLS new file mode 100644 index 0000000..b1de1b6 --- /dev/null +++ b/ABOUT-NLS @@ -0,0 +1,1282 @@ +1 Notes on the Free Translation Project +*************************************** + +Free software is going international! The Free Translation Project is +a way to get maintainers of free software, translators, and users all +together, so that free software will gradually become able to speak many +languages. A few packages already provide translations for their +messages. + + If you found this `ABOUT-NLS' file inside a distribution, you may +assume that the distributed package does use GNU `gettext' internally, +itself available at your nearest GNU archive site. But you do _not_ +need to install GNU `gettext' prior to configuring, installing or using +this package with messages translated. + + Installers will find here some useful hints. These notes also +explain how users should proceed for getting the programs to use the +available translations. They tell how people wanting to contribute and +work on translations can contact the appropriate team. + +1.1 INSTALL Matters +=================== + +Some packages are "localizable" when properly installed; the programs +they contain can be made to speak your own native language. Most such +packages use GNU `gettext'. Other packages have their own ways to +internationalization, predating GNU `gettext'. + + By default, this package will be installed to allow translation of +messages. It will automatically detect whether the system already +provides the GNU `gettext' functions. Installers may use special +options at configuration time for changing the default behaviour. The +command: + + ./configure --disable-nls + +will _totally_ disable translation of messages. + + When you already have GNU `gettext' installed on your system and run +configure without an option for your new package, `configure' will +probably detect the previously built and installed `libintl' library +and will decide to use it. If not, you may have to to use the +`--with-libintl-prefix' option to tell `configure' where to look for it. + + Internationalized packages usually have many `po/LL.po' files, where +LL gives an ISO 639 two-letter code identifying the language. Unless +translations have been forbidden at `configure' time by using the +`--disable-nls' switch, all available translations are installed +together with the package. However, the environment variable `LINGUAS' +may be set, prior to configuration, to limit the installed set. +`LINGUAS' should then contain a space separated list of two-letter +codes, stating which languages are allowed. + +1.2 Using This Package +====================== + +As a user, if your language has been installed for this package, you +only have to set the `LANG' environment variable to the appropriate +`LL_CC' combination. If you happen to have the `LC_ALL' or some other +`LC_xxx' environment variables set, you should unset them before +setting `LANG', otherwise the setting of `LANG' will not have the +desired effect. Here `LL' is an ISO 639 two-letter language code, and +`CC' is an ISO 3166 two-letter country code. For example, let's +suppose that you speak German and live in Germany. At the shell +prompt, merely execute `setenv LANG de_DE' (in `csh'), +`export LANG; LANG=de_DE' (in `sh') or `export LANG=de_DE' (in `bash'). +This can be done from your `.login' or `.profile' file, once and for +all. + + You might think that the country code specification is redundant. +But in fact, some languages have dialects in different countries. For +example, `de_AT' is used for Austria, and `pt_BR' for Brazil. The +country code serves to distinguish the dialects. + + The locale naming convention of `LL_CC', with `LL' denoting the +language and `CC' denoting the country, is the one use on systems based +on GNU libc. On other systems, some variations of this scheme are +used, such as `LL' or `LL_CC.ENCODING'. You can get the list of +locales supported by your system for your language by running the +command `locale -a | grep '^LL''. + + Not all programs have translations for all languages. By default, an +English message is shown in place of a nonexistent translation. If you +understand other languages, you can set up a priority list of languages. +This is done through a different environment variable, called +`LANGUAGE'. GNU `gettext' gives preference to `LANGUAGE' over `LANG' +for the purpose of message handling, but you still need to have `LANG' +set to the primary language; this is required by other parts of the +system libraries. For example, some Swedish users who would rather +read translations in German than English for when Swedish is not +available, set `LANGUAGE' to `sv:de' while leaving `LANG' to `sv_SE'. + + Special advice for Norwegian users: The language code for Norwegian +bokma*l changed from `no' to `nb' recently (in 2003). During the +transition period, while some message catalogs for this language are +installed under `nb' and some older ones under `no', it's recommended +for Norwegian users to set `LANGUAGE' to `nb:no' so that both newer and +older translations are used. + + In the `LANGUAGE' environment variable, but not in the `LANG' +environment variable, `LL_CC' combinations can be abbreviated as `LL' +to denote the language's main dialect. For example, `de' is equivalent +to `de_DE' (German as spoken in Germany), and `pt' to `pt_PT' +(Portuguese as spoken in Portugal) in this context. + +1.3 Translating Teams +===================== + +For the Free Translation Project to be a success, we need interested +people who like their own language and write it well, and who are also +able to synergize with other translators speaking the same language. +Each translation team has its own mailing list. The up-to-date list of +teams can be found at the Free Translation Project's homepage, +`http://translationproject.org/', in the "Teams" area. + + If you'd like to volunteer to _work_ at translating messages, you +should become a member of the translating team for your own language. +The subscribing address is _not_ the same as the list itself, it has +`-request' appended. For example, speakers of Swedish can send a +message to `sv-request@li.org', having this message body: + + subscribe + + Keep in mind that team members are expected to participate +_actively_ in translations, or at solving translational difficulties, +rather than merely lurking around. If your team does not exist yet and +you want to start one, or if you are unsure about what to do or how to +get started, please write to `coordinator@translationproject.org' to +reach the coordinator for all translator teams. + + The English team is special. It works at improving and uniformizing +the terminology in use. Proven linguistic skills are praised more than +programming skills, here. + +1.4 Available Packages +====================== + +Languages are not equally supported in all packages. The following +matrix shows the current state of internationalization, as of June +2010. The matrix shows, in regard of each package, for which languages +PO files have been submitted to translation coordination, with a +translation percentage of at least 50%. + + Ready PO files af am an ar as ast az be be@latin bg bn_IN bs ca + +--------------------------------------------------+ + a2ps | [] [] | + aegis | | + ant-phone | | + anubis | | + aspell | [] [] | + bash | | + bfd | | + bibshelf | [] | + binutils | | + bison | | + bison-runtime | [] | + bluez-pin | [] [] | + bombono-dvd | | + buzztard | | + cflow | | + clisp | | + coreutils | [] [] | + cpio | | + cppi | | + cpplib | [] | + cryptsetup | | + dfarc | | + dialog | [] [] | + dico | | + diffutils | [] | + dink | | + doodle | | + e2fsprogs | [] | + enscript | [] | + exif | | + fetchmail | [] | + findutils | [] | + flex | [] | + freedink | | + gas | | + gawk | [] [] | + gcal | [] | + gcc | | + gettext-examples | [] [] [] [] | + gettext-runtime | [] [] | + gettext-tools | [] [] | + gip | [] | + gjay | | + gliv | [] | + glunarclock | [] [] | + gnubiff | | + gnucash | [] | + gnuedu | | + gnulib | | + gnunet | | + gnunet-gtk | | + gnutls | | + gold | | + gpe-aerial | | + gpe-beam | | + gpe-bluetooth | | + gpe-calendar | | + gpe-clock | [] | + gpe-conf | | + gpe-contacts | | + gpe-edit | | + gpe-filemanager | | + gpe-go | | + gpe-login | | + gpe-ownerinfo | [] | + gpe-package | | + gpe-sketchbook | | + gpe-su | [] | + gpe-taskmanager | [] | + gpe-timesheet | [] | + gpe-today | [] | + gpe-todo | | + gphoto2 | | + gprof | [] | + gpsdrive | | + gramadoir | | + grep | | + grub | [] [] | + gsasl | | + gss | | + gst-plugins-bad | [] | + gst-plugins-base | [] | + gst-plugins-good | [] | + gst-plugins-ugly | [] | + gstreamer | [] [] [] | + gtick | | + gtkam | [] | + gtkorphan | [] | + gtkspell | [] [] [] | + gutenprint | | + hello | [] | + help2man | | + hylafax | | + idutils | | + indent | [] [] | + iso_15924 | | + iso_3166 | [] [] [] [] [] [] [] | + iso_3166_2 | | + iso_4217 | | + iso_639 | [] [] [] [] | + iso_639_3 | | + jwhois | | + kbd | | + keytouch | [] | + keytouch-editor | | + keytouch-keyboa... | [] | + klavaro | [] | + latrine | | + ld | [] | + leafpad | [] [] | + libc | [] [] | + libexif | () | + libextractor | | + libgnutls | | + libgpewidget | | + libgpg-error | | + libgphoto2 | | + libgphoto2_port | | + libgsasl | | + libiconv | [] | + libidn | | + lifelines | | + liferea | [] [] | + lilypond | | + linkdr | [] | + lordsawar | | + lprng | | + lynx | [] | + m4 | | + mailfromd | | + mailutils | | + make | | + man-db | | + man-db-manpages | | + minicom | | + mkisofs | | + myserver | | + nano | [] [] | + opcodes | | + parted | | + pies | | + popt | | + psmisc | | + pspp | [] | + pwdutils | | + radius | [] | + recode | [] [] | + rosegarden | | + rpm | | + rush | | + sarg | | + screem | | + scrollkeeper | [] [] [] | + sed | [] [] | + sharutils | [] [] | + shishi | | + skencil | | + solfege | | + solfege-manual | | + soundtracker | | + sp | | + sysstat | | + tar | [] | + texinfo | | + tin | | + unicode-han-tra... | | + unicode-transla... | | + util-linux-ng | [] | + vice | | + vmm | | + vorbis-tools | | + wastesedge | | + wdiff | | + wget | [] [] | + wyslij-po | | + xchat | [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] | + +--------------------------------------------------+ + af am an ar as ast az be be@latin bg bn_IN bs ca + 6 0 1 2 3 19 1 10 3 28 3 1 38 + + crh cs da de el en en_GB en_ZA eo es et eu fa + +-------------------------------------------------+ + a2ps | [] [] [] [] [] [] [] | + aegis | [] [] [] | + ant-phone | [] () | + anubis | [] [] | + aspell | [] [] [] [] [] | + bash | [] [] [] | + bfd | [] | + bibshelf | [] [] [] | + binutils | [] | + bison | [] [] | + bison-runtime | [] [] [] [] | + bluez-pin | [] [] [] [] [] [] | + bombono-dvd | [] | + buzztard | [] [] [] | + cflow | [] [] | + clisp | [] [] [] [] | + coreutils | [] [] [] [] | + cpio | | + cppi | | + cpplib | [] [] [] | + cryptsetup | [] | + dfarc | [] [] [] | + dialog | [] [] [] [] [] | + dico | | + diffutils | [] [] [] [] [] [] | + dink | [] [] [] | + doodle | [] | + e2fsprogs | [] [] [] | + enscript | [] [] [] | + exif | () [] [] | + fetchmail | [] [] () [] [] [] | + findutils | [] [] [] | + flex | [] [] | + freedink | [] [] [] | + gas | [] | + gawk | [] [] [] | + gcal | [] | + gcc | [] [] | + gettext-examples | [] [] [] [] | + gettext-runtime | [] [] [] [] | + gettext-tools | [] [] [] | + gip | [] [] [] [] | + gjay | [] | + gliv | [] [] [] | + glunarclock | [] [] | + gnubiff | () | + gnucash | [] () () () () | + gnuedu | [] [] | + gnulib | [] [] | + gnunet | | + gnunet-gtk | [] | + gnutls | [] [] | + gold | [] | + gpe-aerial | [] [] [] [] | + gpe-beam | [] [] [] [] | + gpe-bluetooth | [] [] | + gpe-calendar | [] | + gpe-clock | [] [] [] [] | + gpe-conf | [] [] [] | + gpe-contacts | [] [] [] | + gpe-edit | [] [] | + gpe-filemanager | [] [] [] | + gpe-go | [] [] [] [] | + gpe-login | [] [] | + gpe-ownerinfo | [] [] [] [] | + gpe-package | [] [] [] | + gpe-sketchbook | [] [] [] [] | + gpe-su | [] [] [] [] | + gpe-taskmanager | [] [] [] [] | + gpe-timesheet | [] [] [] [] | + gpe-today | [] [] [] [] | + gpe-todo | [] [] [] | + gphoto2 | [] [] () [] [] [] | + gprof | [] [] [] | + gpsdrive | [] [] [] | + gramadoir | [] [] [] | + grep | [] | + grub | [] [] | + gsasl | [] | + gss | | + gst-plugins-bad | [] [] [] [] [] | + gst-plugins-base | [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] | + gtick | [] () [] | + gtkam | [] [] () [] [] | + gtkorphan | [] [] [] [] | + gtkspell | [] [] [] [] [] [] [] | + gutenprint | [] [] [] | + hello | [] [] [] [] | + help2man | [] | + hylafax | [] [] | + idutils | [] [] | + indent | [] [] [] [] [] [] [] | + iso_15924 | [] () [] [] | + iso_3166 | [] [] [] [] () [] [] [] () | + iso_3166_2 | () | + iso_4217 | [] [] [] () [] [] | + iso_639 | [] [] [] [] () [] [] | + iso_639_3 | [] | + jwhois | [] | + kbd | [] [] [] [] [] | + keytouch | [] [] | + keytouch-editor | [] [] | + keytouch-keyboa... | [] | + klavaro | [] [] [] [] | + latrine | [] () | + ld | [] [] | + leafpad | [] [] [] [] [] [] | + libc | [] [] [] [] | + libexif | [] [] () | + libextractor | | + libgnutls | [] | + libgpewidget | [] [] | + libgpg-error | [] [] | + libgphoto2 | [] () | + libgphoto2_port | [] () [] | + libgsasl | | + libiconv | [] [] [] [] [] | + libidn | [] [] [] | + lifelines | [] () | + liferea | [] [] [] [] [] | + lilypond | [] [] [] | + linkdr | [] [] [] | + lordsawar | [] | + lprng | | + lynx | [] [] [] [] | + m4 | [] [] [] [] | + mailfromd | | + mailutils | [] | + make | [] [] [] | + man-db | | + man-db-manpages | | + minicom | [] [] [] [] | + mkisofs | | + myserver | | + nano | [] [] [] | + opcodes | [] [] | + parted | [] [] | + pies | | + popt | [] [] [] [] [] | + psmisc | [] [] [] | + pspp | [] | + pwdutils | [] | + radius | [] | + recode | [] [] [] [] [] [] | + rosegarden | () () () | + rpm | [] [] [] | + rush | | + sarg | | + screem | | + scrollkeeper | [] [] [] [] [] | + sed | [] [] [] [] [] [] | + sharutils | [] [] [] [] | + shishi | | + skencil | [] () [] | + solfege | [] [] [] | + solfege-manual | [] [] | + soundtracker | [] [] [] | + sp | [] | + sysstat | [] [] [] | + tar | [] [] [] [] | + texinfo | [] [] [] | + tin | [] [] | + unicode-han-tra... | | + unicode-transla... | | + util-linux-ng | [] [] [] [] | + vice | () () | + vmm | [] | + vorbis-tools | [] [] | + wastesedge | [] | + wdiff | [] [] | + wget | [] [] [] | + wyslij-po | | + xchat | [] [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] [] [] [] | + +-------------------------------------------------+ + crh cs da de el en en_GB en_ZA eo es et eu fa + 5 64 105 117 18 1 8 0 28 89 18 19 0 + + fi fr ga gl gu he hi hr hu hy id is it ja ka kn + +----------------------------------------------------+ + a2ps | [] [] [] [] | + aegis | [] [] | + ant-phone | [] [] | + anubis | [] [] [] [] | + aspell | [] [] [] [] | + bash | [] [] [] [] | + bfd | [] [] [] | + bibshelf | [] [] [] [] [] | + binutils | [] [] [] | + bison | [] [] [] [] | + bison-runtime | [] [] [] [] [] [] | + bluez-pin | [] [] [] [] [] [] [] [] | + bombono-dvd | [] | + buzztard | [] | + cflow | [] [] [] | + clisp | [] | + coreutils | [] [] [] [] [] | + cpio | [] [] [] [] | + cppi | [] [] | + cpplib | [] [] [] | + cryptsetup | [] [] [] | + dfarc | [] [] [] | + dialog | [] [] [] [] [] [] [] | + dico | | + diffutils | [] [] [] [] [] [] [] [] [] | + dink | [] | + doodle | [] [] | + e2fsprogs | [] [] | + enscript | [] [] [] [] | + exif | [] [] [] [] [] [] | + fetchmail | [] [] [] [] | + findutils | [] [] [] [] [] [] | + flex | [] [] [] | + freedink | [] [] [] | + gas | [] [] | + gawk | [] [] [] [] () [] | + gcal | [] | + gcc | [] | + gettext-examples | [] [] [] [] [] [] [] | + gettext-runtime | [] [] [] [] [] [] | + gettext-tools | [] [] [] [] | + gip | [] [] [] [] [] [] | + gjay | [] | + gliv | [] () | + glunarclock | [] [] [] [] | + gnubiff | () [] () | + gnucash | () () () () () [] | + gnuedu | [] [] | + gnulib | [] [] [] [] [] [] | + gnunet | | + gnunet-gtk | [] | + gnutls | [] [] | + gold | [] [] | + gpe-aerial | [] [] [] | + gpe-beam | [] [] [] [] | + gpe-bluetooth | [] [] [] [] | + gpe-calendar | [] [] | + gpe-clock | [] [] [] [] [] | + gpe-conf | [] [] [] [] | + gpe-contacts | [] [] [] [] | + gpe-edit | [] [] [] | + gpe-filemanager | [] [] [] [] | + gpe-go | [] [] [] [] [] | + gpe-login | [] [] [] | + gpe-ownerinfo | [] [] [] [] [] | + gpe-package | [] [] [] | + gpe-sketchbook | [] [] [] [] | + gpe-su | [] [] [] [] [] [] | + gpe-taskmanager | [] [] [] [] [] | + gpe-timesheet | [] [] [] [] [] | + gpe-today | [] [] [] [] [] [] [] | + gpe-todo | [] [] [] | + gphoto2 | [] [] [] [] [] [] | + gprof | [] [] [] [] | + gpsdrive | [] [] [] | + gramadoir | [] [] [] | + grep | [] [] | + grub | [] [] [] [] | + gsasl | [] [] [] [] [] | + gss | [] [] [] [] [] | + gst-plugins-bad | [] [] [] [] [] [] | + gst-plugins-base | [] [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] | + gtick | [] [] [] [] [] | + gtkam | [] [] [] [] [] | + gtkorphan | [] [] [] | + gtkspell | [] [] [] [] [] [] [] [] [] | + gutenprint | [] [] [] [] | + hello | [] [] [] | + help2man | [] [] | + hylafax | [] | + idutils | [] [] [] [] [] [] | + indent | [] [] [] [] [] [] [] [] | + iso_15924 | [] () [] [] | + iso_3166 | [] () [] [] [] [] [] [] [] [] [] [] | + iso_3166_2 | () [] [] [] | + iso_4217 | [] () [] [] [] [] | + iso_639 | [] () [] [] [] [] [] [] [] | + iso_639_3 | () [] [] | + jwhois | [] [] [] [] [] | + kbd | [] [] | + keytouch | [] [] [] [] [] [] | + keytouch-editor | [] [] [] [] [] | + keytouch-keyboa... | [] [] [] [] [] | + klavaro | [] [] | + latrine | [] [] [] | + ld | [] [] [] [] | + leafpad | [] [] [] [] [] [] [] () | + libc | [] [] [] [] [] | + libexif | [] | + libextractor | | + libgnutls | [] [] | + libgpewidget | [] [] [] [] | + libgpg-error | [] [] | + libgphoto2 | [] [] [] | + libgphoto2_port | [] [] [] | + libgsasl | [] [] [] [] [] | + libiconv | [] [] [] [] [] [] | + libidn | [] [] [] [] | + lifelines | () | + liferea | [] [] [] [] | + lilypond | [] [] | + linkdr | [] [] [] [] [] | + lordsawar | | + lprng | [] | + lynx | [] [] [] [] [] | + m4 | [] [] [] [] [] [] | + mailfromd | | + mailutils | [] [] | + make | [] [] [] [] [] [] [] [] [] | + man-db | [] [] | + man-db-manpages | [] | + minicom | [] [] [] [] [] | + mkisofs | [] [] [] [] | + myserver | | + nano | [] [] [] [] [] [] | + opcodes | [] [] [] [] | + parted | [] [] [] [] | + pies | | + popt | [] [] [] [] [] [] [] [] [] | + psmisc | [] [] [] | + pspp | | + pwdutils | [] [] | + radius | [] [] | + recode | [] [] [] [] [] [] [] [] | + rosegarden | () () () () () | + rpm | [] [] | + rush | | + sarg | [] | + screem | [] [] | + scrollkeeper | [] [] [] [] | + sed | [] [] [] [] [] [] [] [] | + sharutils | [] [] [] [] [] [] [] | + shishi | [] | + skencil | [] | + solfege | [] [] [] [] | + solfege-manual | [] [] | + soundtracker | [] [] | + sp | [] () | + sysstat | [] [] [] [] [] | + tar | [] [] [] [] [] [] [] | + texinfo | [] [] [] [] | + tin | [] | + unicode-han-tra... | | + unicode-transla... | [] [] | + util-linux-ng | [] [] [] [] [] [] | + vice | () () () | + vmm | [] | + vorbis-tools | [] | + wastesedge | () () | + wdiff | [] | + wget | [] [] [] [] [] [] [] [] | + wyslij-po | [] [] [] | + xchat | [] [] [] [] [] [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] [] [] | + +----------------------------------------------------+ + fi fr ga gl gu he hi hr hu hy id is it ja ka kn + 105 121 53 20 4 8 3 5 53 2 120 5 84 67 0 4 + + ko ku ky lg lt lv mk ml mn mr ms mt nb nds ne + +-----------------------------------------------+ + a2ps | [] | + aegis | | + ant-phone | | + anubis | [] [] | + aspell | [] | + bash | | + bfd | | + bibshelf | [] [] | + binutils | | + bison | [] | + bison-runtime | [] [] [] [] [] | + bluez-pin | [] [] [] [] [] | + bombono-dvd | | + buzztard | | + cflow | | + clisp | | + coreutils | [] | + cpio | | + cppi | | + cpplib | | + cryptsetup | | + dfarc | [] | + dialog | [] [] [] [] [] | + dico | | + diffutils | [] [] | + dink | | + doodle | | + e2fsprogs | | + enscript | | + exif | [] | + fetchmail | | + findutils | | + flex | | + freedink | [] | + gas | | + gawk | | + gcal | | + gcc | | + gettext-examples | [] [] [] [] | + gettext-runtime | [] | + gettext-tools | [] | + gip | [] [] | + gjay | | + gliv | | + glunarclock | [] | + gnubiff | | + gnucash | () () () () | + gnuedu | | + gnulib | | + gnunet | | + gnunet-gtk | | + gnutls | [] | + gold | | + gpe-aerial | [] | + gpe-beam | [] | + gpe-bluetooth | [] [] | + gpe-calendar | [] | + gpe-clock | [] [] [] [] [] | + gpe-conf | [] [] | + gpe-contacts | [] [] | + gpe-edit | [] | + gpe-filemanager | [] [] | + gpe-go | [] [] [] | + gpe-login | [] | + gpe-ownerinfo | [] [] | + gpe-package | [] [] | + gpe-sketchbook | [] [] | + gpe-su | [] [] [] [] [] [] | + gpe-taskmanager | [] [] [] [] [] [] | + gpe-timesheet | [] [] | + gpe-today | [] [] [] [] | + gpe-todo | [] [] | + gphoto2 | | + gprof | [] | + gpsdrive | | + gramadoir | | + grep | | + grub | | + gsasl | | + gss | | + gst-plugins-bad | [] [] [] [] | + gst-plugins-base | [] [] | + gst-plugins-good | [] [] | + gst-plugins-ugly | [] [] [] [] [] | + gstreamer | | + gtick | | + gtkam | [] | + gtkorphan | [] [] | + gtkspell | [] [] [] [] [] [] [] | + gutenprint | | + hello | [] [] [] | + help2man | | + hylafax | | + idutils | | + indent | | + iso_15924 | [] [] | + iso_3166 | [] [] () [] [] [] [] [] | + iso_3166_2 | | + iso_4217 | [] [] | + iso_639 | [] [] | + iso_639_3 | [] | + jwhois | [] | + kbd | | + keytouch | [] | + keytouch-editor | [] | + keytouch-keyboa... | [] | + klavaro | [] | + latrine | [] | + ld | | + leafpad | [] [] [] | + libc | [] | + libexif | | + libextractor | | + libgnutls | [] | + libgpewidget | [] [] | + libgpg-error | | + libgphoto2 | | + libgphoto2_port | | + libgsasl | | + libiconv | | + libidn | | + lifelines | | + liferea | | + lilypond | | + linkdr | | + lordsawar | | + lprng | | + lynx | | + m4 | | + mailfromd | | + mailutils | | + make | [] | + man-db | | + man-db-manpages | | + minicom | [] | + mkisofs | | + myserver | | + nano | [] [] | + opcodes | | + parted | | + pies | | + popt | [] [] [] | + psmisc | | + pspp | | + pwdutils | | + radius | | + recode | | + rosegarden | | + rpm | | + rush | | + sarg | | + screem | | + scrollkeeper | [] [] | + sed | | + sharutils | | + shishi | | + skencil | | + solfege | [] | + solfege-manual | | + soundtracker | | + sp | | + sysstat | [] | + tar | [] | + texinfo | [] | + tin | | + unicode-han-tra... | | + unicode-transla... | | + util-linux-ng | | + vice | | + vmm | | + vorbis-tools | | + wastesedge | | + wdiff | | + wget | [] | + wyslij-po | | + xchat | [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] | + +-----------------------------------------------+ + ko ku ky lg lt lv mk ml mn mr ms mt nb nds ne + 20 5 10 1 13 48 4 2 2 4 24 10 20 3 1 + + nl nn or pa pl ps pt pt_BR ro ru rw sk sl sq sr + +---------------------------------------------------+ + a2ps | [] [] [] [] [] [] [] [] | + aegis | [] [] [] | + ant-phone | [] [] | + anubis | [] [] [] | + aspell | [] [] [] [] [] | + bash | [] [] | + bfd | [] | + bibshelf | [] [] | + binutils | [] [] | + bison | [] [] [] | + bison-runtime | [] [] [] [] [] [] [] | + bluez-pin | [] [] [] [] [] [] [] [] | + bombono-dvd | [] () | + buzztard | [] [] | + cflow | [] | + clisp | [] [] | + coreutils | [] [] [] [] [] [] | + cpio | [] [] [] | + cppi | [] | + cpplib | [] | + cryptsetup | [] | + dfarc | [] | + dialog | [] [] [] [] | + dico | [] | + diffutils | [] [] [] [] [] [] | + dink | () | + doodle | [] [] | + e2fsprogs | [] [] | + enscript | [] [] [] [] [] | + exif | [] [] [] () [] | + fetchmail | [] [] [] [] | + findutils | [] [] [] [] [] | + flex | [] [] [] [] [] | + freedink | [] [] | + gas | | + gawk | [] [] [] [] | + gcal | | + gcc | [] | + gettext-examples | [] [] [] [] [] [] [] [] | + gettext-runtime | [] [] [] [] [] [] [] [] [] | + gettext-tools | [] [] [] [] [] [] | + gip | [] [] [] [] [] | + gjay | | + gliv | [] [] [] [] [] [] | + glunarclock | [] [] [] [] [] | + gnubiff | [] () | + gnucash | [] () () () | + gnuedu | [] | + gnulib | [] [] [] [] | + gnunet | | + gnunet-gtk | | + gnutls | [] [] | + gold | | + gpe-aerial | [] [] [] [] [] [] [] | + gpe-beam | [] [] [] [] [] [] [] | + gpe-bluetooth | [] [] | + gpe-calendar | [] [] [] [] | + gpe-clock | [] [] [] [] [] [] [] [] | + gpe-conf | [] [] [] [] [] [] [] | + gpe-contacts | [] [] [] [] [] | + gpe-edit | [] [] [] | + gpe-filemanager | [] [] [] | + gpe-go | [] [] [] [] [] [] [] [] | + gpe-login | [] [] | + gpe-ownerinfo | [] [] [] [] [] [] [] [] | + gpe-package | [] [] | + gpe-sketchbook | [] [] [] [] [] [] [] | + gpe-su | [] [] [] [] [] [] [] [] | + gpe-taskmanager | [] [] [] [] [] [] [] [] | + gpe-timesheet | [] [] [] [] [] [] [] [] | + gpe-today | [] [] [] [] [] [] [] [] | + gpe-todo | [] [] [] [] [] | + gphoto2 | [] [] [] [] [] [] [] [] | + gprof | [] [] [] | + gpsdrive | [] [] | + gramadoir | [] [] | + grep | [] [] [] [] | + grub | [] [] [] | + gsasl | [] [] [] [] | + gss | [] [] [] | + gst-plugins-bad | [] [] [] [] [] [] | + gst-plugins-base | [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] | + gtick | [] [] [] | + gtkam | [] [] [] [] [] [] | + gtkorphan | [] | + gtkspell | [] [] [] [] [] [] [] [] [] [] | + gutenprint | [] [] | + hello | [] [] [] [] | + help2man | [] [] | + hylafax | [] | + idutils | [] [] [] [] [] | + indent | [] [] [] [] [] [] [] | + iso_15924 | [] [] [] [] | + iso_3166 | [] [] [] [] [] () [] [] [] [] [] [] [] [] | + iso_3166_2 | [] [] [] | + iso_4217 | [] [] [] [] [] [] [] [] | + iso_639 | [] [] [] [] [] [] [] [] [] | + iso_639_3 | [] [] | + jwhois | [] [] [] [] | + kbd | [] [] [] | + keytouch | [] [] [] | + keytouch-editor | [] [] [] | + keytouch-keyboa... | [] [] [] | + klavaro | [] [] | + latrine | [] [] | + ld | | + leafpad | [] [] [] [] [] [] [] [] [] | + libc | [] [] [] [] | + libexif | [] [] () [] | + libextractor | | + libgnutls | [] [] | + libgpewidget | [] [] [] | + libgpg-error | [] [] | + libgphoto2 | [] [] | + libgphoto2_port | [] [] [] [] [] | + libgsasl | [] [] [] [] [] | + libiconv | [] [] [] [] [] | + libidn | [] [] | + lifelines | [] [] | + liferea | [] [] [] [] [] () () [] | + lilypond | [] | + linkdr | [] [] [] | + lordsawar | | + lprng | [] | + lynx | [] [] [] | + m4 | [] [] [] [] [] | + mailfromd | [] | + mailutils | [] | + make | [] [] [] [] | + man-db | [] [] [] | + man-db-manpages | [] [] [] | + minicom | [] [] [] [] | + mkisofs | [] [] [] | + myserver | | + nano | [] [] [] [] | + opcodes | [] [] | + parted | [] [] [] [] | + pies | [] | + popt | [] [] [] [] | + psmisc | [] [] [] | + pspp | [] [] | + pwdutils | [] | + radius | [] [] [] | + recode | [] [] [] [] [] [] [] [] | + rosegarden | () () | + rpm | [] [] [] | + rush | [] [] | + sarg | | + screem | | + scrollkeeper | [] [] [] [] [] [] [] [] | + sed | [] [] [] [] [] [] [] [] [] | + sharutils | [] [] [] [] | + shishi | [] | + skencil | [] [] | + solfege | [] [] [] [] | + solfege-manual | [] [] [] | + soundtracker | [] | + sp | | + sysstat | [] [] [] [] | + tar | [] [] [] [] | + texinfo | [] [] [] [] | + tin | [] | + unicode-han-tra... | | + unicode-transla... | | + util-linux-ng | [] [] [] [] [] | + vice | [] | + vmm | [] | + vorbis-tools | [] [] | + wastesedge | [] | + wdiff | [] [] | + wget | [] [] [] [] [] [] [] | + wyslij-po | [] [] [] | + xchat | [] [] [] [] [] [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] | + +---------------------------------------------------+ + nl nn or pa pl ps pt pt_BR ro ru rw sk sl sq sr + 135 10 4 7 105 1 29 62 47 91 3 54 46 9 37 + + sv sw ta te tg th tr uk vi wa zh_CN zh_HK zh_TW + +---------------------------------------------------+ + a2ps | [] [] [] [] [] | 27 + aegis | [] | 9 + ant-phone | [] [] [] [] | 9 + anubis | [] [] [] [] | 15 + aspell | [] [] [] | 20 + bash | [] [] [] | 12 + bfd | [] | 6 + bibshelf | [] [] [] | 16 + binutils | [] [] | 8 + bison | [] [] | 12 + bison-runtime | [] [] [] [] [] [] | 29 + bluez-pin | [] [] [] [] [] [] [] [] | 37 + bombono-dvd | [] | 4 + buzztard | [] | 7 + cflow | [] [] [] | 9 + clisp | | 10 + coreutils | [] [] [] [] | 22 + cpio | [] [] [] [] [] [] | 13 + cppi | [] [] | 5 + cpplib | [] [] [] [] [] [] | 14 + cryptsetup | [] [] | 7 + dfarc | [] | 9 + dialog | [] [] [] [] [] [] [] | 30 + dico | [] | 2 + diffutils | [] [] [] [] [] [] | 30 + dink | | 4 + doodle | [] [] | 7 + e2fsprogs | [] [] [] | 11 + enscript | [] [] [] [] | 17 + exif | [] [] [] | 16 + fetchmail | [] [] [] | 17 + findutils | [] [] [] [] [] | 20 + flex | [] [] [] [] | 15 + freedink | [] | 10 + gas | [] | 4 + gawk | [] [] [] [] | 18 + gcal | [] [] | 5 + gcc | [] [] [] | 7 + gettext-examples | [] [] [] [] [] [] [] | 34 + gettext-runtime | [] [] [] [] [] [] [] | 29 + gettext-tools | [] [] [] [] [] [] | 22 + gip | [] [] [] [] | 22 + gjay | [] | 3 + gliv | [] [] [] | 14 + glunarclock | [] [] [] [] [] | 19 + gnubiff | [] [] | 4 + gnucash | () [] () [] () | 10 + gnuedu | [] [] | 7 + gnulib | [] [] [] [] | 16 + gnunet | [] | 1 + gnunet-gtk | [] [] [] | 5 + gnutls | [] [] [] | 10 + gold | [] | 4 + gpe-aerial | [] [] [] | 18 + gpe-beam | [] [] [] | 19 + gpe-bluetooth | [] [] [] | 13 + gpe-calendar | [] [] [] [] | 12 + gpe-clock | [] [] [] [] [] | 28 + gpe-conf | [] [] [] [] | 20 + gpe-contacts | [] [] [] | 17 + gpe-edit | [] [] [] | 12 + gpe-filemanager | [] [] [] [] | 16 + gpe-go | [] [] [] [] [] | 25 + gpe-login | [] [] [] | 11 + gpe-ownerinfo | [] [] [] [] [] | 25 + gpe-package | [] [] [] | 13 + gpe-sketchbook | [] [] [] | 20 + gpe-su | [] [] [] [] [] | 30 + gpe-taskmanager | [] [] [] [] [] | 29 + gpe-timesheet | [] [] [] [] [] | 25 + gpe-today | [] [] [] [] [] [] | 30 + gpe-todo | [] [] [] [] | 17 + gphoto2 | [] [] [] [] [] | 24 + gprof | [] [] [] | 15 + gpsdrive | [] [] [] | 11 + gramadoir | [] [] [] | 11 + grep | [] [] [] | 10 + grub | [] [] [] | 14 + gsasl | [] [] [] [] | 14 + gss | [] [] [] | 11 + gst-plugins-bad | [] [] [] [] | 26 + gst-plugins-base | [] [] [] [] [] | 24 + gst-plugins-good | [] [] [] [] | 24 + gst-plugins-ugly | [] [] [] [] [] | 29 + gstreamer | [] [] [] [] | 22 + gtick | [] [] [] | 13 + gtkam | [] [] [] | 20 + gtkorphan | [] [] [] | 14 + gtkspell | [] [] [] [] [] [] [] [] [] | 45 + gutenprint | [] | 10 + hello | [] [] [] [] [] [] | 21 + help2man | [] [] | 7 + hylafax | [] | 5 + idutils | [] [] [] [] | 17 + indent | [] [] [] [] [] [] | 30 + iso_15924 | () [] () [] [] | 16 + iso_3166 | [] [] () [] [] () [] [] [] () | 53 + iso_3166_2 | () [] () [] | 9 + iso_4217 | [] () [] [] () [] [] | 26 + iso_639 | [] [] [] () [] () [] [] [] [] | 38 + iso_639_3 | [] () | 8 + jwhois | [] [] [] [] [] | 16 + kbd | [] [] [] [] [] | 15 + keytouch | [] [] [] | 16 + keytouch-editor | [] [] [] | 14 + keytouch-keyboa... | [] [] [] | 14 + klavaro | [] | 11 + latrine | [] [] [] | 10 + ld | [] [] [] [] | 11 + leafpad | [] [] [] [] [] [] | 33 + libc | [] [] [] [] [] | 21 + libexif | [] () | 7 + libextractor | [] | 1 + libgnutls | [] [] [] | 9 + libgpewidget | [] [] [] | 14 + libgpg-error | [] [] [] | 9 + libgphoto2 | [] [] | 8 + libgphoto2_port | [] [] [] [] | 14 + libgsasl | [] [] [] | 13 + libiconv | [] [] [] [] | 21 + libidn | () [] [] | 11 + lifelines | [] | 4 + liferea | [] [] [] | 21 + lilypond | [] | 7 + linkdr | [] [] [] [] [] | 17 + lordsawar | | 1 + lprng | [] | 3 + lynx | [] [] [] [] | 17 + m4 | [] [] [] [] | 19 + mailfromd | [] [] | 3 + mailutils | [] | 5 + make | [] [] [] [] | 21 + man-db | [] [] [] | 8 + man-db-manpages | | 4 + minicom | [] [] | 16 + mkisofs | [] [] | 9 + myserver | | 0 + nano | [] [] [] [] | 21 + opcodes | [] [] [] | 11 + parted | [] [] [] [] [] | 15 + pies | [] [] | 3 + popt | [] [] [] [] [] [] | 27 + psmisc | [] [] | 11 + pspp | | 4 + pwdutils | [] [] | 6 + radius | [] [] | 9 + recode | [] [] [] [] | 28 + rosegarden | () | 0 + rpm | [] [] [] | 11 + rush | [] [] | 4 + sarg | | 1 + screem | [] | 3 + scrollkeeper | [] [] [] [] [] | 27 + sed | [] [] [] [] [] | 30 + sharutils | [] [] [] [] [] | 22 + shishi | [] | 3 + skencil | [] [] | 7 + solfege | [] [] [] [] | 16 + solfege-manual | [] | 8 + soundtracker | [] [] [] | 9 + sp | [] | 3 + sysstat | [] [] | 15 + tar | [] [] [] [] [] [] | 23 + texinfo | [] [] [] [] [] | 17 + tin | | 4 + unicode-han-tra... | | 0 + unicode-transla... | | 2 + util-linux-ng | [] [] [] [] | 20 + vice | () () | 1 + vmm | [] | 4 + vorbis-tools | [] | 6 + wastesedge | | 2 + wdiff | [] [] | 7 + wget | [] [] [] [] [] | 26 + wyslij-po | [] [] | 8 + xchat | [] [] [] [] [] [] | 36 + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] | 63 + xkeyboard-config | [] [] [] | 22 + +---------------------------------------------------+ + 85 teams sv sw ta te tg th tr uk vi wa zh_CN zh_HK zh_TW + 178 domains 119 1 3 3 0 10 65 51 155 17 98 7 41 2618 + + Some counters in the preceding matrix are higher than the number of +visible blocks let us expect. This is because a few extra PO files are +used for implementing regional variants of languages, or language +dialects. + + For a PO file in the matrix above to be effective, the package to +which it applies should also have been internationalized and +distributed as such by its maintainer. There might be an observable +lag between the mere existence a PO file and its wide availability in a +distribution. + + If June 2010 seems to be old, you may fetch a more recent copy of +this `ABOUT-NLS' file on most GNU archive sites. The most up-to-date +matrix with full percentage details can be found at +`http://translationproject.org/extra/matrix.html'. + +1.5 Using `gettext' in new packages +=================================== + +If you are writing a freely available program and want to +internationalize it you are welcome to use GNU `gettext' in your +package. Of course you have to respect the GNU Library General Public +License which covers the use of the GNU `gettext' library. This means +in particular that even non-free programs can use `libintl' as a shared +library, whereas only free software can use `libintl' as a static +library or use modified versions of `libintl'. + + Once the sources are changed appropriately and the setup can handle +the use of `gettext' the only thing missing are the translations. The +Free Translation Project is also available for packages which are not +developed inside the GNU project. Therefore the information given above +applies also for every other Free Software Project. Contact +`coordinator@translationproject.org' to make the `.pot' files available +to the translation teams. + diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..8de5c4d --- /dev/null +++ b/AUTHORS @@ -0,0 +1,23 @@ +The following authors assigned copyright on their work to the Free +Software Foundation: + +Yoshinori K. Okuji designed and implemented the initial version. + +Jeroen Dekkers added initrd support, Multiboot support, and fixed bugs +in ext2fs. + +Marco Gerards added ext2fs support, grub-emu, a new command-line +engine, and fixed many bugs. + +Omniflux added terminfo and serial support. + +Vincent Pelletier added Sparc64 support. + +Hollis Blanchard implemented many parts of PowerPC support. + +Tomas Ebenlendr added the command chainloader into the normal mode, +fixed some bugs. + +Guillem Jover merged architecture-independent ELF support code. + +Vesa Jaaskelainen added VBE support. diff --git a/BUGS b/BUGS new file mode 100644 index 0000000..46faa64 --- /dev/null +++ b/BUGS @@ -0,0 +1,7 @@ +GRUB team is aware of following problems: + - Currently search and assembling multidevice abstractions scans + all the devices which can be slow. + - Cache isn't used correctly for video which results in slowness. + +While these are bugs their solution has a potential of breaking more and more +seriously. So it was decided for 1.99 that they aren't fixed. diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..94a9ed0 --- /dev/null +++ b/COPYING @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..7795d66 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,27892 @@ +2025-07-11 Vladimir Serbinenko + + docs: Write how to import new libgcrypt + Reviewed-by: Daniel Kiper + +2025-07-11 Vladimir Serbinenko + + libgcrypt: Fix a memory leak + Fixes: CID 468917 + + Reviewed-by: Daniel Kiper + +2025-07-11 Vladimir Serbinenko + + libgcrypt: Don't use 64-bit division on platforms where it's slow + Reviewed-by: Daniel Kiper + + util/import_gcry: Fix pylint warnings + Reviewed-by: Daniel Kiper + + util/import_gcry: Make compatible with Python 3.4 + Reviewed-by: Daniel Kiper + + libgcrypt: Import blake family of hashes + Reviewed-by: Daniel Kiper + +2025-07-11 Vladimir Serbinenko + + libgcrypt: Ignore sign-compare warnings + libgcrypt itself is compiled with -Wno-sign-compare. Do the same for consistency. + + Reviewed-by: Daniel Kiper + +2025-07-11 Vladimir Serbinenko + + libgcrypt: Remove now unneeded compilation flag + HAVE_STRTOUL is now defined in stdlib.h. Include it in g10lib.h rather + than defining on command line. + + Reviewed-by: Daniel Kiper + +2025-07-11 Vladimir Serbinenko + + libgcrypt: Fix Coverity warnings + Reviewed-by: Daniel Kiper + +2025-07-11 Vladimir Serbinenko + + keccak: Disable acceleration with SSE asm + Libgcrypt code assumes that on x64 all SSE registers are fair game. + While it's true that CPUs in question support it, we disable it in + our compilation options. Disable the offending optimization. + + Reviewed-by: Daniel Kiper + +2025-07-11 Vladimir Serbinenko + + tests: Add DSA and RSA SEXP tests + This allows us to test purely the integration of the implementation of + DSA and RSA from libgcrypt without concerning with additional code. + + Reviewed-by: Daniel Kiper + +2025-07-11 Vladimir Serbinenko + + libgcrypt: Adjust import script, definitions and API users for libgcrypt 1.11 + This patches modifies the GRUB-libgcrypt API to match new libgcrypt 1.11. + + Reviewed-by: Daniel Kiper + +2025-07-11 Vladimir Serbinenko + + b64dec: Add harness for compilation in GRUB environment + Reviewed-by: Daniel Kiper + +2025-07-11 Vladimir Serbinenko + + b64dec: Import b64dec from gpg-error + Imported from libgpg-error 1.51. + + Reviewed-by: Daniel Kiper + +2025-07-11 Vladimir Serbinenko + + libgcrypt: Import libgcrypt 1.11 + We currently use an old version of libgcrypt which results in us having + fewer ciphers and missing on many other improvements. + + Reviewed-by: Daniel Kiper + +2025-07-11 Mate Kukri + + loader/efi/linux: Use shim loader image handle where available + Not reusing these handles will result in image measurements showing up + twice in the event log. + + On the occasion add missing grub_free() call. + + Reviewed-by: Daniel Kiper + +2025-07-11 Mate Kukri + + loader/efi/chainloader: Use shim loader image handle where available + Not reusing these handles will result in image measurements showing up + twice in the event log. + + Reviewed-by: Daniel Kiper + +2025-07-11 Mate Kukri + + efi/sb: Add API for retrieving shim loader image handles + Not reusing these handles will result in image measurements showing up + twice in the event log. + + Reviewed-by: Daniel Kiper + +2025-07-11 Mate Kukri + + efi/sb: Add support for the shim loader protocol + Use loader protocol for image verification where available, otherwise + fall back to the old shim lock protocol. + + Reviewed-by: Daniel Kiper + +2025-07-11 Julian Andres Klode + + efi: Provide wrappers for load_image, start_image and unload_image + These can be used to register a different implementation later, + for example, when shim provides a protocol with those functions. + + Reviewed-by: Daniel Kiper + +2025-07-11 Frediano Ziglio + + loader/arm64/xen_boot: Consider alignment calling grub_arch_efi_linux_boot_image() + The Xen image is loaded with an alignment, not always at "start". + + Reviewed-by: Daniel Kiper + Reviewed-by: Sudhakar Kuppusamy + +2025-07-11 Frediano Ziglio + + loader/arm64/xen_boot: Use bool instead of int + More readable, could consume less space. + + Reviewed-by: Sudhakar Kuppusamy + Reviewed-by: Daniel Kiper + +2025-07-11 Frediano Ziglio + + loader/arm64/xen_boot: Remove correctly all modules loaded by xen_module command + We need to use FOR_LIST_ELEMENTS_SAFE() instead of FOR_LIST_ELEMENTS() + as single_binary_unload(), called during the loop, is changing the list + using grub_list_remove(). Given the environment probably the old code + simply removed only the first module on the list not freeing all the others. + + Reviewed-by: Daniel Kiper + Reviewed-by: Sudhakar Kuppusamy + +2025-07-11 Gary Lin + + dl: Fix grub_dl_is_persistent() for emu + When attempting to build grub-emu the compilation failed with the + following error message: + + include/grub/dl.h: In function ‘grub_dl_is_persistent’: + include/grub/dl.h:262:1: error: no return statement in function returning non-void [-Werror=return-type] + + To avoid the error make the function always return 0. + + Fixes: ba8eadde6be1 (dl: Provide a fake grub_dl_set_persistent() and grub_dl_is_persistent() for the emu target) + + Cc: Daniel Axtens + Cc: Sudhakar Kuppusamy + Reviewed-by: Sudhakar Kuppusamy + Reviewed-by: Daniel Kiper + +2025-06-26 Lidong Chen + + loader/i386/pc/linux: Fix resource leak + In grub_cmd_initrd(), memory is allocated for variable initrd_ctx + before calling grub_relocator_alloc_chunk_align_safe(). When the + function call fails, initrd_ctx should be freed before exiting + grub_cmd_initrd(). + + Fixes: CID 473852 + + Reviewed-by: Sudhakar Kuppusamy + Reviewed-by: Daniel Kiper + +2025-06-26 Adriano Cordova + + loader/efi/linux: Unload previous Linux kernel/initrd before updating kernel size + Unload previous Linux kernel/initrd before updating the global variable + kernel_size. Otherwise the previous Linux kernel gets deallocated with + the kernel_size of the Linux kernel that is being currently loaded. + + Reviewed-by: Daniel Kiper + +2025-06-26 Frediano Ziglio + + loader/efi/linux: Correctly terminate load_options member + If a simple string for arguments are passed it should be NUL terminated. + This is true for other code but not for "linux" command. + + Reviewed-by: Daniel Kiper + +2025-06-26 Frediano Ziglio + + loader/efi/linux: Use sizeof() instead of constant + This is more consistent with the above code using sizeof(grub_efi_char16_t). + + Reviewed-by: Daniel Kiper + +2025-06-26 Frediano Ziglio + + loader/efi/linux: Use proper type for len variable + Although the length should not exceed 2^31 grub_size_t is more + suitable for that variable. len is used to compute the size + of buffers which in C is a size_t, not a int. It is used + for GRUB_EFI_BYTES_TO_PAGES which expects unsigned values. + It is assigned to load_options_size which is unsigned, not signed. + + Reviewed-by: Daniel Kiper + +2025-06-26 Frediano Ziglio + + loader/efi/linux: Do not pass excessive size for source string + The size passed to grub_utf8_to_utf16() for the source string is + used as a limit for the string if NUL character is not encountered. + However, len, which is "strlen(src) * 2 + 2" is surely greater than + strlen(src). Pass the exact correct length. + + Reviewed-by: Daniel Kiper + +2025-06-26 Frediano Ziglio + + loader/efi/linux: Remove useless assignment + If the following allocation fails this would leave load_options NULL + while load_options_size not valid. If the allocation succeed + load_options_size is overwritten. + + Reviewed-by: Daniel Kiper + +2025-06-26 Frediano Ziglio + + include/grub/charset.h: Update documentation + (grub_size_t) -1 is never returned, the function always return + a not negative values. This is important for overflows considerations. + + Reviewed-by: Daniel Kiper + +2025-06-26 Lidong Chen + + Revert "lzma: Make sure we don't dereference past array" + Commit 40e261b89b71 (lib/LzmaEnc: Validate "len" before subtracting) + ensures that the variable len is at least 2. As a result, GetLenToPosState(len) + never returns a value greater than or equal to kNumLenToPosStates, + making the changes introduced in the commit 16c0dbf4bc6a (lzma: Make + sure we don't dereference past array) unreachable and no longer necessary. + + This reverts commit 16c0dbf4bc6a (lzma: Make sure we don't dereference past array). + + Fixes: CID 481982 + + Reviewed-by: Daniel Kiper + +2025-06-26 Andrew Hamilton + + tests/util/grub-shell: Correct netboot and file_filter test failure + Correct a test failure in netboot_test and file_filter_test caused by an + issue cleaning up the tmp directory created for netboot. Netboot creates + a subdirectory in the tmp folder that causes the rmdir to fail - so + cleanup the subdirectory first. + + Fixes: 1d59f39b5f1b (tests/util/grub-shell: Remove the work directory on successful run and debug is not on) + + Tested-by: Leo Sandoval + Reviewed-by: Daniel Kiper + +2025-06-26 Lidong Chen + + normal/charset: Fix underflow and overflow in loop init + In bidi_line_wrap(), "kk - 1" in the for loop init, "i = kk - 1", + underflows when "kk" (unsigned int) is 0. Assigning the result of + "kk - 1" to signed int "i" may cause overflow. To address both + issues, cast "kk" to a signed type before subtraction to ensure + safe arithmetic and assignment. + + Fixed: CID 473874 + + Reviewed-by: Daniel Kiper + Reviewed-by: Sudhakar Kuppusamy + +2025-06-26 Daniel Axtens + + dl: Provide a fake grub_dl_set_persistent() and grub_dl_is_persistent() for the emu target + Trying to start grub-emu with a module that calls grub_dl_set_persistent() + and grub_dl_is_persistent() will crash because grub-emu fakes modules and + passes NULL to the module init function. + + Provide an empty function for the emu case. + + Fixes: ee7808e2197c (dl: Add support for persistent modules) + + Reviewed-by: Stefan Berger + Reviewed-by: Avnish Chouhan + Reviewed-by: Daniel Kiper + +2025-06-26 Andrew Hamilton + + util/grub-protect: Correct uninit "err" variable + In function protect_tpm2_export_tpm2key(), the "err" variable + is uninitialized in the normal (error free) path, so ensure this + defaults to GRUB_ERR_NONE. + + This causes the GRUB build to fail with clang (observed with clang-14). + + Fixes: 5934bf51c (util/grub-protect: Support NV index mode) + + Reviewed-by: Sudhakar Kuppusamy + Reviewed-by: Daniel Kiper + +2025-06-26 Lidong Chen + + gnulib: Bring back the fix for resolving unused variable issue + This patch resolved a minor issue spotted by Coverity: + a983d36bd917 (gnulib/regexec: Resolve unused variable) + + But, it was removed by the Gnulib update: + 2b7902459803 (Update gnulib version and drop most gnulib patches) + + It caused Coverity to continue to flag the issue. Daniel Kiper + suggested to bring back the patch a983d36bd917 (gnulib/regexec: Resolve + unused variable). + + Fixes: CID 292459 + + Reviewed-by: Daniel Kiper + +2025-06-26 Andrew Hamilton + + gnulib: Add patch to allow GRUB w/GCC-15 compile + Pull in Gnulib fix to allow lib/base64.c to compile using GCC 15 or newer. + + Pulled from Gnulib commit 25df6dc425 (Silence some + -Wunterminated-string-initialization warnings.) + + GCC 15 adds a new compiler warning "-Wunterminated-string-initialization" + that will trigger what is considered a false-positive in lib/base64.c as + this array is not treated as a string but an array of characters so the + lack of NUL string terminator is expected. + + GCC team has added ability to flag such instances of arrays that the + compiler may think are strings as "nonstring" arrays to avoid this + warning: __attribute__((nonstring)). + + Fixes: https://savannah.gnu.org/bugs/?66470 + + Reviewed-by: Sudhakar Kuppusamy + Reviewed-by: Daniel Kiper + +2025-06-17 Alec Brown + + gnulib/regexec: Fix resource leak + In the function merge_state_with_log(), memory is allocated for the variable + next_nodes when creating a union of the variables table_nodes and log_nodes. + However, if next_state->entrance_nodes is NULL, then table_nodes becomes NULL + and we still allocate memory to copy the content of log_nodes. This can cause + a resource leak since we only free the memory for next_nodes if table_nodes + isn't NULL. To prevent this, we need to check that next_state->entrance_nodes + isn't NULL before allocating memory for the union. + + This issue has been fixed in the latest version of gnulib and I've backported + this change to maintain consistency. + + This issue was found by a Coverity scan of GRUB2 under the CID 473887. + + Fixes: CID 473887 + + Reviewed-by: Daniel Kiper + +2025-06-17 Alec Brown + + gnulib/regcomp: Fix resource leak + In the functions create_initial_state() and calc_eclosure_iter(), memory + is allocated for the elems member of a re_node_set structure but that + memory isn't freed on error. Before returning an error, a call to + re_node_set_free() should be made to prevent the resource leak. + + This issue has been fixed in the latest version of gnulib and I've + backported this change to maintain consistency. + + This issue was found by a Coverity scan of GRUB2 under the following + CIDs: 473869, 473888. + + Fixes: CID 473869 + Fixes: CID 473888 + + Reviewed-by: Daniel Kiper + +2025-06-17 Gary Lin + + tests/tpm2_key_protector_test: Add tests for SHA-384 PCR bank + Add a few more tests to seal and unseal the key with the SHA-384 PCR + bank instead of the default SHA-256 PCR bank. + + Reviewed-by: Sudhakar Kuppusamy + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + +2025-06-17 Gary Lin + + tpm2_key_protector: Dump the PCR bank for key unsealing + TPM 2.0 Key File format stores the PCR selection in the parameters + for TPM2_PolicyPCR and it already contains the selected PCR bank. + Currently, tpm2_key_protector dumped the PCR bank specified by the + --bank option, and it may not be the PCR bank for key unsealing. + + To dump the real PCR bank for key unsealing, this commit records the PCR + bank used by TPM2_PolicyPCR and dumps PCR values from that bank when + necessary. + + Reviewed-by: Stefan Berger + Reviewed-by: Sudhakar Kuppusamy + Reviewed-by: Daniel Kiper + +2025-06-17 Gary Lin + + util/grub-protect: Fix the hash algorithm of PCR digest + For tpm2_key_protector and grub-protect, SHA-256 is chosen as the hash + algorithm for the TPM session. However, grub-protect mistakenly used the + hash algorithm of the PCR bank to calculate PCR digest. If the user + chose a PCR bank other than SHA-256, grub-protect created a non-SHA-256 + PCR digest to seal the key. But, tpm2_key_protector expects a SHA-256 + PCR digest to the TPM unsealing session, so it would fail due to digest + mismatch. + + This commit fixes the hash algorithm of PCR digest in grub-protect to + avoid the potential unsealing failure. + + Fixes: https://github.com/lcp/grub2/issues/4 + + Reviewed-by: Stefan Berger + Reviewed-by: Sudhakar Kuppusamy + Reviewed-by: Daniel Kiper + +2025-06-17 Andrew Hamilton + + build: Add new header files to dist to allow building from tar + Several new header files have been added to GRUB which need + to be manually added to the dist archive. This allows building + from the tar archive created by "make dist". + + Reviewed-by: Daniel Kiper + +2025-06-17 Andrew Hamilton + + build: Remove extra_deps.lst from EXTRA_DIST + This file is auto-generated based on the selected platform and should + not be included in the source tarball. + + Fixes: 6744840b (build: Track explicit module dependencies in Makefile.core.def) + + Reviewed-by: Daniel Kiper + +2025-06-17 Lidong Chen + + lib/LzmaEnc: Validate "len" before subtracting + In LzmaEnc_CodeOneBlock(), both GetOptimumFast() and GetOptimum() + returns a value of greater or equal to 1, which is assigned to + "len". But since LZMA_MATCH_LEN_MIN == 2, "len" should be validated + before performing "len - LZMA_MATCH_LEN_MIN" to avoid underflow + when "len" equals to 1. + + Fixes: CID 51508 + + Reviewed-by: Daniel Kiper + Reviewed-by: Sudhakar Kuppusamy + +2025-06-12 Lidong Chen + + osdep/unix/hostdisk: Fix signed integer overflow + The potential overflow issue arises at "size += ret;" because "size" + is of type ssize_t (signed) while "len" is size_t (unsigned). Repeatedly + adding read sizes, "ret", to "size" can potentially exceed the maximum + value of ssize_t, causing it to overflow into a negative or incorrect value. + The fix is to ensure "len" is within the range of SSIZE_MAX. + + Fixes: CID 473850 + Fixes: CID 473863 + + Reviewed-by: Daniel Kiper + +2025-05-29 Egor Ignatov + + disk/luks2: Add attempting to decrypt message to align with luks and geli modules + Reviewed-by: Daniel Kiper + +2025-05-29 Renaud Métrich + + osdep/linux/getroot: Detect DDF container similar to IMSM + Similarly to Intel IMSM, there are BIOS and UEFI implementations that + support DDF containers natively. + + DDF and IMSM are very similar in handling, especially these should not + be considered as RAID abstraction. This fixes the requirement of having + a device map when probing DDF containers. + + Fixes: https://issues.redhat.com/browse/RHEL-44336 + + Reviewed-by: Daniel Kiper + +2025-05-29 Andrew Hamilton + + fs/fshelp: Avoid possible NULL pointer deference + Avoid attempting to defererence a NULL pointer to call read_symlink() when + the given filesystem does not provide a read_symlink() function. This could + be triggered if the calling filesystem had a file marked as a symlink. + This appears possible for HFS and was observed during fuzzing of NTFS. + + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2025-05-29 Andrew Hamilton + + fs/ntfs: Correct possible infinite loops/hangs + Correct several infinite loops/hangs found during fuzzing. The issues + fixed here could occur if certain specific malformed NTFS file systems + were presented to GRUB. Currently, GRUB does not allow NTFS file system + access when lockdown mode is enforced, so these should be of minimal + impact. + + The changes made in this commit generally correct issues such as attempting + to iterate through a buffer using a length read from the NTFS file system + without confirming the length is larger than 0. + + Reviewed-by: Daniel Kiper + +2025-05-29 Andrew Hamilton + + fs/ntfs: Correct possible access violations + Correct several memory access violations found during fuzzing. + The issues fixed here could occur if certain specific malformed NTFS + file systems were presented to GRUB. Currently, GRUB does not allow NTFS + file system access when lockdown mode is enforced, so these should be of + minimal impact. + + The changes made in this commit generally correct issues where pointers + into data buffers were being calculated using lengths read from the + NTFS file system without sufficient bounds/sanity checking; or + attempting to access elements of a structure to free them, when the + structure pointer is NULL. + + Reviewed-by: Daniel Kiper + +2025-05-29 Andrew Hamilton + + fs/ntfs: Correct attribute vs attribute list validation + Correct ntfs_test test failures around attempting to validate attribute + list entries as attributes. The NTFS code uses common logic in some + places to parse both attributes and attribute_lists which complicates + validation. Attribute lists contain different headers including a + different size of the length field (2 bytes) at offset 4 instead of the + 4 byte length field used in attributes at offset 4. There are other + differences as well, but attempting to validate attribute list types + using attribute header validation was causing failure of the NTFS test + suite. This change restores some of the validation logic which may be + shared between attributes and attribute lists to be closer to the + original logic prior to fixes for previous CVEs. A following commit will + address some of the implications of removing this validation logic by + correcting some fuzzer failures (some which are exposed by removing the + validation in some of the cases). + + Fixes: 067b6d225 (fs/ntfs: Implement attribute verification) + + Reviewed-by: Daniel Kiper + +2025-05-29 Andrew Hamilton + + fs/ntfs: Correct regression with run list calculation + Correct ntfs_test test failures around attempting to validate attribute + run list values. The calculation was incorrect for the "curr" variable. + With previous calculation, some file systems would fail validation + despite being well-formed and valid. This was caused by incrementing + "curr" by min_size which included both the (already accounted for) + min_size as well as the size of the run list. Correct by making a new + variable "run_size" to denote the current run list size to increment + both "curr" and "min_size" separately. + + Fixes: 067b6d225 (fs/ntfs: Implement attribute verification) + + Reviewed-by: Daniel Kiper + +2025-05-29 Shreenidhi Shedi + + lib/envblk: Ignore empty new lines while parsing env files + Environment files may contain empty lines, which should be ignored + during parsing. Currently, these lines are not skipped and resulting in + incorrect behavior. This patch adds a check to skip empty lines along + with those starting with "#". + + Reviewed-by: Alexey Makhalov + Reviewed-by: Daniel Kiper + +2025-05-29 Glenn Washburn + + fs/zfs: Fix another memory leak in ZFS code + Commit b66c6f918 (fs/zfs: Fix a number of memory leaks in ZFS code) + fixes many of the same leaks detected in bug #63846 except one, which + is fixed here. + + Fixes: https://savannah.gnu.org/bugs/?63846 + Fixes: b66c6f918 (fs/zfs: Fix a number of memory leaks in ZFS code) + + Reviewed-by: Daniel Kiper + +2025-05-29 Glenn Washburn + + tests: Disable gfxterm_menu and cmdline_cat tests + Those tests fail depending on the version of unifont. As we don't distribute + our own unifont it fails for most users. Disable them so that they don't mask + real failures. They can be reinstated once we solve unifont problem. + + Reviewed-by: Daniel Kiper + +2025-05-06 Michael Chang + + cryptocheck: Add --quiet option + The option can be used to suppress output if we only want to test the + return value of the command. + + Also, mention this option in the documentation. + + Reviewed-by: Daniel Kiper + +2025-05-06 Maxim Suhanov + + disk/cryptodisk: Wipe the passphrase from memory + Switching to another EFI boot application while there are secrets in + RAM is dangerous, because not all firmware is wiping memory on free. + + To reduce the attack surface, wipe the passphrase acquired when + unlocking an encrypted volume. + + Reviewed-by: Daniel Kiper + +2025-05-06 Maxim Suhanov + + disk/cryptodisk: Add the "erase secrets" function + This commit adds the grub_cryptodisk_erasesecrets() function to wipe + master keys from all cryptodisks. This function is EFI-only. + + Since there is no easy way to "force unmount" a given encrypted disk, + this function renders all mounted cryptodisks unusable. An attempt to + read them will return garbage. + + This is why this function must be used in "no way back" conditions. + + Currently, it is used when unloading the cryptodisk module and when + performing the "exit" command (it is often used to switch to the next + EFI application). This function is not called when performing the + "chainloader" command, because the callee may return to GRUB. For this + reason, users are encouraged to use "exit" instead of "chainloader" to + execute third-party boot applications. + + This function does not guarantee that all secrets are wiped from RAM. + Console output, chunks from disk read requests and other may remain. + + This function does not clear the IV prefix and rekey key for geli disks. + + Also, this commit adds the relevant documentation improvements. + + Reviewed-by: Daniel Kiper + +2025-05-06 Maxim Suhanov + + docs: Document available crypto disks checks + Document the --cryptodisk-only argument. Also, document the + "cryptocheck" command invoked when that argument is processed. + + Reviewed-by: Daniel Kiper + +2025-05-06 Maxim Suhanov + + commands/search: Add the diskfilter support + When the --cryptodisk-only argument is given, also check the target + device using the "cryptocheck" command, if available. + + This extends the checks to common layouts like LVM-on-LUKS, so the + --cryptodisk-only argument transparently handles such setups. + + Reviewed-by: Daniel Kiper + +2025-05-06 Maxim Suhanov + + disk/diskfilter: Introduce the "cryptocheck" command + This command examines a given diskfilter device, e.g., an LVM disk, + and checks if underlying disks, physical volumes, are cryptodisks, + e.g., LUKS disks, this layout is called "LVM-on-LUKS". + + The return value is 0 when all underlying disks (of a given device) + are cryptodisks (1 if at least one disk is unencrypted or in an + unknown state). + + Users are encouraged to include the relevant check before loading + anything from an LVM disk that is supposed to be encrypted. + + This further supports the CLI authentication, blocking bypass + attempts when booting from an encrypted LVM disk. + + Reviewed-by: Daniel Kiper + +2025-05-06 Maxim Suhanov + + commands/search: Introduce the --cryptodisk-only argument + This allows users to restrict the "search" command's scope to + encrypted disks only. + + Typically, this command is used to "rebase" $root and $prefix + before loading additional configuration files via "source" or + "configfile". Unfortunately, this leads to security problems, + like CVE-2023-4001, when an unexpected, attacker-controlled + device is chosen by the "search" command. + + The --cryptodisk-only argument allows users to ensure that the + file system picked is encrypted. + + This feature supports the CLI authentication, blocking bypass + attempts. + + Reviewed-by: Daniel Kiper + +2025-05-06 Maxim Suhanov + + kern/rescue_reader: Block the rescue mode until the CLI authentication + This further mitigates potential misuse of the CLI after the + root device has been successfully unlocked via TPM. + + Fixes: CVE-2025-4382 + + Reviewed-by: Daniel Kiper + +2025-04-23 Eric Sandeen + + fs/xfs: Fix large extent counters incompat feature support + When large extent counter / NREXT64 support was added to GRUB, it missed + a couple of direct reads of nextents which need to be changed to the new + NREXT64-aware helper as well. Without this, we'll have mis-reads of some + directories with this feature enabled. + + The large extent counter fix likely raced on merge with commit 07318ee7e + (fs/xfs: Fix XFS directory extent parsing) which added the new direct + nextents reads just prior, causing this issue. + + Fixes: aa7c1322671e (fs/xfs: Add large extent counters incompat feature support) + + Reviewed-by: Anthony Iliopoulos + Reviewed-by: Jon DeVree + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2025-04-10 Egor Ignatov + + util/grub-install: Include raid5rec module for RAID 4 as well + RAID 4 requires the same recovery module as RAID 5. Extend the condition to + cover both RAID levels. + + Reviewed-by: Daniel Kiper + +2025-04-10 Vladimir Serbinenko + + loader/ia64/efi/linux: Reset grub_errno on failure to allocate + The code goes on to allocate memory in another region on failure, hence + it should discard the error. + + Reviewed-by: Daniel Kiper + +2025-04-10 Vladimir Serbinenko + + lib/datetime: Specify license in emu module + Other platforms specify license in platform-specific files but corresponding + code for emu is in kernel, so datetime ends up without license section. + + Reviewed-by: Daniel Kiper + +2025-04-10 Vladimir Serbinenko + + configure: Add -mno-relax on riscv* + Without this option compiler sometimes emits R_RISCV_ALIGN relocs. + Unlike other relocs this one requires the linker to do NOP deletions + and we can't ignore them. Just instruct compiler not to emit them. + + Reviewed-by: Daniel Kiper + +2025-04-10 Gary Lin + + docs: Document the long options of tpm2_key_protect_init + Add the long options of tpm2_key_protect_init along with the short options. + + Reviewed-by: Daniel Kiper + +2025-04-10 Gary Lin + + INSTALL: Document the packages needed for TPM2 key protector tests + The TPM2 key protector tests require two external packages: swtpm-tools + and tpm2-tools. Add those two packages to the INSTALL file to inform + the user to install those packages before starting the TPM2 key protector + tests. + + Reviewed-by: Daniel Kiper + Reviewed-by: Stefan Berger + +2025-04-10 Gary Lin + + docs: Update NV index mode of TPM2 key protector + This commit updates the NV index mode section and the grub-protect + section to reflect the recent changes in TPM2 key protector and + grub-protect. + + Reviewed-by: Daniel Kiper + +2025-04-10 Gary Lin + + tests/tpm2_key_protector_test: Add more NV index mode tests + Two more NV index test cases are added to test key sealing and + unsealing with the NV index handle 0x1000000. + + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + +2025-04-10 Gary Lin + + tests/tpm2_key_protector_test: Reset "ret" on fail + Reset "ret" to 0 when a test case fails so that the other test cases + could continue. + + Also set the exit status to 1 when encountering a failure to reflect the + test result. + + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + +2025-04-10 Gary Lin + + tests/tpm2_key_protector_test: Simplify the NV index mode test + Since grub-protect already supports NV index mode, tpm2_seal_nv() is + replaced with one grub-protect command to simplify the test script. + + "tpm2_evictcontrol" is also replaced with "grub-protect --tpm2-evict". + + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + +2025-04-10 Gary Lin + + util/grub-protect: Support NV index mode + This commit implements the missing NV index mode support in grub-protect. + NV index mode stores the sealed key in the TPM non-volatile memory (NVRAM) + instead of a file. There are two supported types of TPM handles. + + 1. Persistent handle (0x81000000~0x81FFFFFF) + Only the raw format is supported due to the limitation of persistent + handles. This grub-protect command seals the key into the + persistent handle 0x81000000. + + # grub-protect \ + --protector=tpm2 \ + --action=add \ + --tpm2-bank=sha256 \ + --tpm2-pcrs=7,11 \ + --tpm2-keyfile=luks-key \ + --tpm2-nvindex=0x81000000 + + 2. NV index handle (0x1000000~0x1FFFFFF) + Both TPM 2.0 Key File format and the raw format are supported by NV + index handles. Here is the grub-protect command to seal the key in + TPM 2.0 Key File format into the NV index handle 0x1000000. + + # grub-protect \ + --protector=tpm2 \ + --action=add \ + --tpm2key \ + --tpm2-bank=sha256 \ + --tpm2-pcrs=7,11 \ + --tpm2-keyfile=luks-key \ + --tpm2-nvindex=0x1000000 + + Besides the "add" action, the corresponding "remove" action is also + introduced. To remove the data from a persistent or NV index handle, + just use "--tpm2-nvindex=HANDLE" combining with "--tpm2-evict". This + sample command removes the data from the NV index handle 0x1000000. + + # grub-protect \ + --protector=tpm2 \ + --action=remove \ + --tpm2-evict \ + --tpm2-nvindex=0x1000000 + + Also set and check the boolean variables with true/false instead of 1/0. + + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + +2025-04-10 Gary Lin + + tpm2_key_protector: Support NV index handles + Previously, NV index mode only supported persistent handles which are + only for TPM objects. + + On the other hand, the "NV index" handle allows the user-defined data, + so it can be an alternative to the key file and support TPM 2.0 Key + File format immediately. + + The following tpm2-tools commands store the given key file, sealed.tpm, + in either TPM 2.0 Key File format or the raw format into the NV index + handle 0x1000000. + + # tpm2_nvdefine -C o \ + -a "ownerread|ownerwrite" \ + -s $(stat -c %s sealed.tpm) \ + 0x1000000 + # tpm2_nvwrite -C o -i sealed.tpm 0x1000000 + + To unseal the key in GRUB, add the "tpm2_key_protector_init" command to + grub.cfg: + + tpm2_key_protector_init --mode=nv --nvindex=0x1000000 + cryptomount -u --protector tpm2 + + To remove the NV index handle: + + # tpm2_nvundefine -C o 0x1000000 + + Reviewed-by: Daniel Kiper + +2025-04-10 Gary Lin + + tpm2_key_protector: Unseal key from a buffer + Extract the logic to handle the file buffer from the SRK recover + function to prepare to load the sealed key from the NV index handle, + so the NV index mode can share the same code path in the later patch. + The SRK recover function now only reads the file and sends the file + buffer to the new function. + + Besides this, to avoid introducing more options for the NV index mode, + the file format is detected automatically before unmarshaling the data, + so there is no need to use the command option to specify the file format + anymore. In other words, "-T" and "-k" are the same now. + + Also update grub.text to address the change. + + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + +2025-04-10 Gary Lin + + tss2: Add TPM 2.0 NV index commands + The following TPM 2.0 commands are introduced to tss2 to access the + TPM non-volatile memory associated with the NV index handles: + - TPM2_NV_DefineSpace, + - TPM2_NV_UndefineSpace, + - TPM2_NV_ReadPublic, + - TPM2_NV_Read, + - TPM2_NV_Write. + + The related marshal/unmarshal functions are also introduced. + + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + +2025-04-10 Gary Lin + + tss2: Fix the missing authCommand + grub_tpm2_readpublic() and grub_tpm2_testparms() didn't check + authCommand when marshaling the input data buffer. Currently, there is + no caller using non-NULL authCommand. However, to avoid the potential + issue, the conditional check is added to insert authCommand into the + input buffer if necessary. + + Also fix a few pointer checks. + + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + +2025-04-10 Gary Lin + + tpm2_key_protector: Add tpm2_dump_pcr command + The user may need to inspect the TPM 2.0 PCR values with the GRUB shell, + so the new tpm2_dump_pcr command is added to print all PCRs of the + specified bank. + + Also update the document for the new command. + + Tested-by: Stefan Berger + Reviewed-by: Daniel Kiper + +2025-04-10 Gary Lin + + tpm2_key_protector: Dump PCRs on policy fail + PCR mismatch is one common cause of TPM key unsealing fail. Since the + system may be compromised, it is not safe to boot into OS to get the PCR + values and TPM eventlog for the further investigation. + + To provide some hints, GRUB now dumps PCRs on policy fail, so the user + can check the current PCR values. PCR 0~15 are chosen to cover the + firmware, bootloader, and OS. + + The sample output: + + PCR Mismatch! Check firmware and bootloader before typing passphrase! + TPM PCR [sha256]: + 00: 17401f37710984c1d8a03a81fff3ab567ae9291bac61e21715b890ee28879738 + 01: 7a114329ba388445a96e8db2a072785937c1b7a8803ed7cc682b87f3ff3dd7a8 + 02: 11c2776849e8e24b7d80c926cbc4257871bffa744dadfefd3ed049ce25143e05 + 03: 6c33b362073e28e30b47302bbdd3e6f9cee4debca3a304e646f8c68245724350 + 04: 62d38838483ecfd2484ee3a2e5450d8ca3b35fc72cda6a8c620f9f43521c37d1 + 05: d8a85cb37221ab7d1f2cc5f554dbe0463acb6784b5b8dc3164ccaa66d8fff0e1 + 06: 9262e37cbe71ed4daf815b4a4881fb7251c9d371092dde827557d5368121e10e + 07: 219d542233be492d62b079ffe46cf13396a8c27e520e88b08eaf2e6d3b7e70f5 + 08: de1f61c973b673e505adebe0d7e8fb65fde6c24dd4ab4fbaff9e28b18df6ecd3 + 09: c1de7274fa3e879a16d7e6e7629e3463d95f68adcfd17c477183846dccc41c89 + 10: 0000000000000000000000000000000000000000000000000000000000000000 + 11: 0000000000000000000000000000000000000000000000000000000000000000 + 12: 0000000000000000000000000000000000000000000000000000000000000000 + 13: 0000000000000000000000000000000000000000000000000000000000000000 + 14: 9ab9ebe4879a7f4dd00c04f37e79cfd69d0dd7a8bcc6b01135525b67676a3e40 + 15: 0000000000000000000000000000000000000000000000000000000000000000 + 16: 0000000000000000000000000000000000000000000000000000000000000000 + 17: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + 18: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + 19: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + 20: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + 21: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + 22: ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff + 23: 0000000000000000000000000000000000000000000000000000000000000000 + error: failed to unseal sealed key (TPM2_Unseal: 0x99d). + error: no key protector provided a usable key for luks (af16e48f-746b-4a12-aae1-c14dcee429e0). + + If the user happens to have the PCR values for key sealing, the PCR dump + can be used to identify the changed PCRs and narrow down the scope for + closer inspection. + + Please note that the PCR dump is trustworthy only if the GRUB binary is + authentic, so the user has to check the GRUB binary thoroughly before + using the PCR dump. + + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + +2025-04-04 Patrick Colp + + loader/i386/linux: Update linux_kernel_params to match upstream + Update linux_kernel_params to match the v6.13.7 upstream version of boot_params. + Refactor most things out into structs, as the Linux kernel does. + + edid_info should be a struct with "unsigned char dummy[128]" and efi_info should + be a struct as well, starting at 0x1c0. However, for backwards compatibility, + GRUB can have efi_systab at 0x1b8 and padding at 0x1bc (or padding at both spots). + This cuts into the end of edid_info. Make edid_info inline and only make it go + up to 0x1b8. + + Reviewed-by: Daniel Kiper + +2025-04-04 Lidong Chen + + loader/xnu: Fix memory leak + In grub_xnu_load_kext_from_dir(), when the call to grub_device_open() + failed, it simply cleaned up previously allocated memory and returned + GRUB_ERR_NONE. However, it neglected to free ctx->newdirname which is + allocated before the call to grub_device_open(). + + Fixes: CID 473859 + + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2025-04-04 Lidong Chen + + fs/btrfs: Fix memory leaks + Fix memory leaks in grub_btrfs_extent_read() and grub_btrfs_dir(). + + Fixes: CID 473842 + Fixes: CID 473871 + + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2025-04-04 Lidong Chen + + loader/i386/linux: Fix resource leak + In grub_cmd_initrd(), initrd_ctx is allocated before calling + grub_relocator_alloc_chunk_align(). When that function fails, + initrd_ctx should be freed before exiting grub_cmd_initrd(). + + Fixes: CID 473852 + + Reviewed-by: Daniel Kiper + +2025-04-04 Lidong Chen + + lib/reloacator: Fix memory leaks + Fix memory leaks in grub_relocator_alloc_chunk_align(). + + Fixes: CID 473844 + + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2025-04-04 Lidong Chen + + disk/ldm: Fix memory leaks + Fix memory leaks in make_vg() with new helper functions, free_pv() + and free_lv(). Additionally, correct a check after allocating + comp->segments->nodes that mistakenly checked lv->segments->nodes + instead, likely due to a copy-paste error. + + Fixes: CID 473878 + Fixes: CID 473884 + Fixes: CID 473889 + Fixes: CID 473890 + + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2025-03-26 Andrew Hamilton + + fs/ntfs: Fix NULL pointer dereference and possible infinite loop + A regression was introduced recently as a part of the series of + filesystem related patches to address some CVEs found in GRUB. + + This issue may cause either an infinite loop at startup when + accessing certain valid NTFS filesystems, or may cause a crash + due to a NULL pointer dereference on systems where NULL address + is invalid (such as may happen when calling grub-mount from + the operating system level). + + Correct this issue by checking that at->attr_cur is within bounds + inside find_attr(). + + Fixes: https://savannah.gnu.org/bugs/?66855 + Fixes: aff263187 (fs/ntfs: Fix out-of-bounds read) + + Reviewed-by: Daniel Kiper + +2025-03-26 Nicolas Frayer + + net/drivers/ieee1275/ofnet: Add missing grub_malloc() + The grub_malloc() has been inadvertently removed from the code after it + has been modified to use safe math functions. + + Fixes: 4beeff8a (net: Use safe math macros to prevent overflows) + + Tested-by: Marta Lewandowska + Reviewed-by: Daniel Kiper + +2025-03-26 Avnish Chouhan + + kern/ieee1275/init: Increase MIN_RMA size for CAS negotiation on PowerPC machines + Change RMA size from 512 MB to 768 MB which will result in more memory + at boot time for PowerPC. When vTPM, Secure Boot or FADump are enabled + on PowerPC the 512 MB RMA memory is not sufficient for boot. With this + 512 MB RMA, GRUB runs out of memory and fails to boot the machine. + Sometimes even usage of CDROM requires more memory for installation and + along with the options mentioned above exhausts the boot memory which + results in boot failures. Increasing the RMA size will resolves multiple + out of memory issues observed on PowerPC machines. + + Failure details (GRUB debug console dump): + + kern/ieee1275/init.c:550: mm requested region of size 8513000, flags 1 + kern/ieee1275/init.c:563: Cannot satisfy allocation and retain minimum runtime space + kern/ieee1275/init.c:550: mm requested region of size 8513000, flags 0 + kern/ieee1275/init.c:563: Cannot satisfy allocation and retain minimum runtime space + kern/file.c:215: Closing `/ppc/ppc64/initrd.img' ... + kern/disk.c:297: Closing `ieee1275//vdevice/v-scsi@30000067/disk@8300000000000000'... + kern/disk.c:311: Closing `ieee1275//vdevice/v-scsi@30000067/disk@8300000000000000' succeeded. + kern/file.c:225: Closing `/ppc/ppc64/initrd.img' failed with 3. + kern/file.c:148: Opening `/ppc/ppc64/initrd.img' succeeded. + error: ../../grub-core/kern/mm.c:552:out of memory. + + Reviewed-by: Daniel Kiper + +2025-03-26 Stuart Hayes + + fs/zfs: Fix a number of memory leaks in ZFS code + Without this fix the GRUB failed to boot linux with "out of memory" after + trying to run a "search --fs-uuid..." on a system that has 7 ZFS pools + across about 80 drives. + + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2025-03-26 Glenn Washburn + + tests/util/grub-shell: Remove the work directory on successful run and debug is not on + This removes a lot of empty grub-shell working directories in the TMPDIR directory. + + Tested-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2025-03-26 Thomas Schmitt + + tests/grub_cmd_cryptomount: Remove temporary directories if successful and debug is not on + grub_cmd_cryptomount creates a directory per subtest. If a subtest is + successful and debugging is not on, the directory should be empty. + So, it can be deleted. + + Tested-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2025-03-26 Glenn Washburn + + tests/grub_cmd_cryptomount: Default TMPDIR to /tmp + This fixes behavior where grub_cmd_cryptomount temporary files, which are + some times not cleaned up, are left in the / directory. Set TMPDIR if your + system does not have /tmp or it can not be used for some reason. + + Reported-by: Thomas Schmitt + Tested-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2025-03-26 Glenn Washburn + + tests/grub_cmd_cryptomount: Cleanup the cryptsetup script unless debug is enabled + This fixes an issue where the grub_cmd_cryptomount test leaves a file + with an ambiguous name in the / directory when TMPDIR is not set. + + Reported-by: Thomas Schmitt + Tested-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2025-03-26 Glenn Washburn + + tests: Cleanup generated files on expected failure in grub_cmd_cryptomount + grub-shell-luks-tester only cleans up generated files when the test it + runs returns success. Sometimes tests are run that should fail. Add + a --xfail argument to grub-shell-luks-tester and pass it from + grub_cmd_cryptomount when invoking a test that is expected to fail. + + Reported-by: Thomas Schmitt + Tested-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2025-03-26 Glenn Washburn + + tests/util/grub-shell-luks-tester: Add missing line to create RET variable in cleanup + Set the RET variable to the exit status of the script, as was assumed in + the cleanup() function. + + Reported-by: Thomas Schmitt + Tested-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2025-03-26 Glenn Washburn + + tests/util/grub-shell-luks-tester: Find cryptodisk by UUID + GRUB has the capability to search all the disks for a cryptodisk of a + given UUID. Use this instead of hardcoding which disk is the cryptodisk, + which can change when devices are added or removed, or potentially when + QEMU is upgraded. This can not be done for the detached header tests + because the header contains the UUID. + + Also, capitalize comment lines for consistency. + + Reviewed-by: Daniel Kiper + +2025-03-26 Glenn Washburn + + tests/util/grub-shell: Default qemuopts to envvar $GRUB_QEMU_OPTS + Fix a regression where qemuopts was mistakenly defaulted to the empty + string. This prevents the sending of arbitrary QEMU options to tests, + which may be desirable for overriding the machine type. There was a + concern that allowing the tester to accept arbitrary options would add + headaches for another developer trying to diagnose why a test failed on + the testers machine because he could not be sure if any additional + options were passed to make the test fail. However, all the options are + recorded in the run.sh generated script, so this concern is unwarranted. + + Fixes: 6d729ced70 (tests/util/grub-shell: Add $GRUB_QEMU_OPTS to run.sh to easily see unofficial QEMU arguments) + + Reviewed-by: Daniel Kiper + +2025-03-05 Patrick Plenefisch + + disk/lvm: Add informational messages in error cases of ignored features + Reviewed-by: Daniel Kiper + +2025-03-05 Patrick Plenefisch + + disk/lvm: Add support for cachevol LV + Mark cachevol LV's as ignored features, which is true only if they are + configured as "writethrough". This patch does not let GRUB boot from + "writeback" cache-enabled LV's. + + Reviewed-by: Daniel Kiper + +2025-03-05 Patrick Plenefisch + + disk/lvm: Add support for integrity LV + The LV matching must be done after processing the ignored feature + indirections, as integrity volumes & caches may have several levels + of indirection that the segments must be shifted through. + + Reviewed-by: Daniel Kiper + +2025-03-05 Patrick Plenefisch + + lvm: Match all LVM segments before validation + The PV matching must be completely finished before validating a volume, + otherwise referenced RAID stripes may not have PV data applied yet. + + This change is required for integrity & cachevol support. + + Reviewed-by: Daniel Kiper + +2025-03-05 Patrick Plenefisch + + disk/lvm: Remove unused cache_pool + The cache_pool is never read or used, remove it. + + Reviewed-by: Daniel Kiper + +2025-03-05 Patrick Plenefisch + + disk/lvm: Make cache_lv more generic as ignored_feature_lv + This patch isn't necessary by itself, but when combined with subsequent + patches it enhances readability as ignored_features_lv is then used for + multiple types of extra LV's, not just cache LV's. + + Reviewed-by: Daniel Kiper + +2025-03-05 Glenn Washburn + + commands/ls: Add directory header for dir args + Like the GNU ls, first print a line with the directory path before printing + files in the directory, which will not have a directory component, but only + if there is more than one argument. + + Reviewed-by: Daniel Kiper + +2025-03-05 Glenn Washburn + + commands/ls: Print full paths for file args + For arguments that are paths to files, print the full path of the file. + + Reviewed-by: Daniel Kiper + +2025-03-05 Glenn Washburn + + commands/ls: Output path for single file arguments given with path + Reviewed-by: Daniel Kiper + +2025-03-05 Glenn Washburn + + commands/ls: Show modification time for file paths + The modification time for paths to files was not being printed because + the grub_dirhook_info, which contains the mtime, was initialized to NULL. + Instead of calling print_file() directly, use fs->fs_dir() to call + print_file() with a properly filled in grub_dirhook_info. This has the + added benefit of reducing code complexity. + + Reviewed-by: Daniel Kiper + +2025-03-05 Glenn Washburn + + commands/ls: Merge print_files_long() and print_files() into print_file() + Simplify the code by removing logic around which file printer to call. + + Reviewed-by: Daniel Kiper + +2025-03-05 Glenn Washburn + + commands/ls: Return proper GRUB_ERR_* for functions returning type grub_err_t + Also, remove unused code. + + Reviewed-by: Daniel Kiper + +2025-03-05 Glenn Washburn + + commands/acpi: Use options enum to index command options + Reviewed-by: Daniel Kiper + +2025-03-05 Andrew Hamilton + + docs: Capture additional commands restricted by lockdown + Update documentation to capture that all memrw commands, the minicmd + dump command, and raw memory dumping via hexdump are restricted when + lockdown is enabled. This aligns to recent GRUB code updates. + + Reviewed-by: Daniel Kiper + +2025-03-05 Andrew Hamilton + + docs: Document restricted filesystems in lockdown + Document which filesystems are not allowed when lockdown + is enabled to align to recent GRUB changes. + + Reviewed-by: Daniel Kiper + +2025-03-05 Vladimir Serbinenko + + loader/i386/bsd: Fix type passed for the kernel + FreeBSD loader always passes "elf kernel". We currently pass "elf64 kernel" + when loading 64-bit kernel. The -CURRENT, HEAD, kernel accepts only + "elf kernel". Older kernel accepts either. + + Tested with FreeBSD and DragonFlyBSD. + + Reference: https://cgit.freebsd.org/src/commit/?id=b72ae900d4348118829fe04abdc11b620930c30f + + Reviewed-by: Daniel Kiper + +2025-03-05 Vladimir Serbinenko + + kern/partition: Unbreak support for nested partitions + When using syntax "hd0,gtp3,dfly1" then ptr points to trailing part, ",dfly1". + So, it's improper to consider it as an invalid partition. + + Reviewed-by: Daniel Kiper + +2025-03-05 Andrew Hamilton + + lib/tss2/tss2_structs.h: Fix clang build - remove duplicate typedef + grub-core/lib/tss2/tss2_structs.h contains a duplicate typedef as follows: + typedef TPMS_SCHEME_HASH_t TPMS_SCHEME_KDF2_t; + + This causes a build failure when compiling with clang. Remove the + duplicate typedef which allows successfully building GRUB with clang. + + Reviewed-by: Ross Philipson + Reviewed-by: Gary Lin + Reviewed-by: Daniel Kiper + +2025-03-05 Yuri Zaporozhets + + include/grub/mm.h: Remove duplicate inclusion of grub/err.h + The header is included twice. Fix that. + + Reviewed-by: Daniel Kiper + +2025-03-05 James Le Cuirot + + script/execute: Don't let trailing blank lines determine the return code + The grub_script_execute_sourcecode() parses and executes code one line + at a time, updating the return code each time because only the last line + determines the final status. However, trailing new lines were also + executed, masking any failure on the previous line. Fix this by only + trying to execute the command when there is actually one present. + + This has presumably never been noticed because this code is not used by + regular functions, only in special cases like eval and menu entries. The + latter generally don't return at all, having booted an OS. When failing + to boot, upstream GRUB triggers the fallback mechanism regardless of the + return code. + + We noticed the problem while using Red Hat's patches, which change this + behaviour to take account of the return code. In that case, a failure + takes you back to the menu rather than triggering a fallback. + + Reviewed-by: Daniel Kiper + +2025-03-05 Glenn Washburn + + gitignore: Ignore generated files from libtasn + The commit 504058e8 (libtasn1: Compile into asn1 module) generates files + into the grub-core/lib/libtasn1-grub directory and commit 99cda678 + (asn1_test: Test module for libtasn1) generates files into the + grub-core/tests/asn1/tests directory. Ignore these directories as they + are not under revision control. + + Reviewed-by: Daniel Kiper + +2025-03-05 Pascal Hambourg + + util/grub.d/30_os-prober.in: Conditionally show or hide chain and efi menu entries + On systems which support multiple boot platforms such as BIOS and + EFI, it makes no sense to show menu entries which are not supported + by the current boot platform. Menu entries generated from os-prober + "chain" boot type use boot sector chainloading which is supported + on PC BIOS platform only. + + Show "chain" menu entries only if boot platform is PC BIOS. + Show "efi" menu entries only if boot platform is EFI. + + This is aimed to allow os-prober to report both EFI and PC BIOS + boot loaders regardless of the current boot mode on x86 systems + which support both EFI and legacy BIOS boot, in order to generate + a config file which can be used with either BIOS or EFI boot. + + Reviewed-by: Daniel Kiper + +2025-02-26 Pascal Hambourg + + util/grub.d/30_os-prober.in: Fix GRUB_OS_PROBER_SKIP_LIST for non-EFI + GRUB documentation states: + + GRUB_OS_PROBER_SKIP_LIST + List of space-separated FS UUIDs of filesystems to be ignored from + os-prober output. For efi chainloaders it’s @ + + But the actual behaviour does not match this description. + + GRUB_OS_PROBER_SKIP_LIST="" + + does nothing. In order to skip non-EFI bootloaders, you must set + + GRUB_OS_PROBER_SKIP_LIST="@" + + which is both absurd, and are redundant, and wrong, + such as /dev/sd* may not be persistent across boots. + + Also, any non-word character is accepted as a separator, including "-" + and "@" which may be present in UUIDs. This can cause false positives + because of partial UUID match. + + This patch fixes these flaws while retaining some backward compatibility + with previous behaviour which may be expected by existing setups: + - also accept @/dev/* (with warning) for non-EFI bootloaders, + - also accept comma and semicolon as separator. + + Fixes: 55e706c9 (Add GRUB_OS_PROBER_SKIP_LIST to selectively skipping systems) + + Reviewed-by: Daniel Kiper + +2025-02-26 Glenn Washburn + + docs: Do not reference non-existent --dumb option + This appears to be a relic from GRUB legacy that used a --dumb option for + its terminal command. The proper way to do this in GRUB2 is to set the + terminal to "dumb" via the terminfo command. + + Fixes: https://savannah.gnu.org/bugs/?66302 + + Reported-by: Jernej Jakob + Reviewed-by: Daniel Kiper + +2025-02-26 Glenn Washburn + + docs: Replace @lbracechar{} and @rbracechar{} with @{ and @} + Support for @lbracechar{} and @rbracechar{} was added in GNU Texinfo 5.0 + but many older systems may have versions lower than this. Use @{ and @} + to support a wider range of GNU Texinfo versions. + + Reviewed-by: Daniel Kiper + +2025-02-26 Egor Ignatov + + fs/xfs: Fix grub_xfs_iterate_dir() return value in case of failure + Commit ef7850c757 (fs/xfs: Fix issues found while fuzzing the XFS + filesystem) introduced multiple boundary checks in grub_xfs_iterate_dir() + but handled the error incorrectly returning error code instead of 0. + Fix it. Also change the error message so that it doesn't match the + message in grub_xfs_read_inode(). + + Fixes: ef7850c757 (fs/xfs: Fix issues found while fuzzing the XFS filesystem) + + Reviewed-by: Daniel Kiper + +2025-02-26 Darrick J. Wong + + fs/xfs: Add new superblock features added in Linux 6.12/6.13 + The Linux port of XFS added a few new features in 2024. The existing + GRUB driver doesn't attempt to read or write any of the new metadata, + so, all three can be added to the incompat allowlist. + + On the occasion align XFS_SB_FEAT_INCOMPAT_NREXT64 value. + + Reviewed-by: Daniel Kiper + +2025-02-26 Michael Chang + + fs/ext2: Rework out-of-bounds read for inline and external extents + Previously, the number of extent entries was not properly capped based + on the actual available space. This could lead to insufficient reads for + external extents since the computation was based solely on the inline + extent layout. + + In this patch, when processing the extent header we determine whether + the header is stored inline, i.e. at inode->blocks.dir_blocks, or in an + external extent block. We then clamp the number of entries accordingly + (using max_inline_ext for inline extents and max_external_ext for + external extent blocks). + + This change ensures that only the valid number of extent entries is + processed preventing out-of-bound reads and potential filesystem + corruption. + + Fixes: 7e2f750f0a (fs/ext2: Fix out-of-bounds read for inline extents) + + Tested-by: Christian Hesse + Reviewed-by: Daniel Kiper + +2025-02-26 Leo Sandoval + + disk/ahci: Remove conditional operator for endtime + The conditional makes no sense when the two possible expressions have + the same value, so, remove it (perhaps the compiler does it for us but + better to remove it). This change makes spinup argument unused. So, drop + it as well. + + Reviewed-by: Daniel Kiper + +2025-02-26 Benjamin Herrenschmidt + + term/ns8250-spcr: Return if redirection is disabled + The Microsoft spec for SPCR says "The base address of the Serial Port + register set described using the ACPI Generic Address Structure, or + 0 if console redirection is disabled". So, return early if redirection + is disabled (base address = 0). If this check is not done we may get + invalid ports on machines with redirection disabled and boot may hang + when reading the grub.cfg file. + + Reviewed-by: Leo Sandoval + Reviewed-by: Daniel Kiper + +2025-02-26 Lukas Fink + + commands/file: Fix NULL dereference in the knetbsd tests + The pointer returned by grub_elf_file() is not checked to verify it is + not NULL before use. A NULL pointer may be returned when the given file + does not have a valid ELF header. + + Fixes: https://savannah.gnu.org/bugs/?61960 + + Reviewed-by: Ross Philipson + Reviewed-by: Daniel Kiper + +2025-02-26 Heinrich Schuchardt + + gdb_helper: Typo hueristic + %s/hueristic/heuristic/ + + Reviewed-by: Ross Philipson + Reviewed-by: Daniel Kiper + +2025-02-26 Ruihan Li + + kern/efi/mm: Reset grub_mm_add_region_fn after ExitBootServices() call + The EFI Boot Services can be used after ExitBootServices() call because + the GRUB code still may allocate memory. + + An example call stack is: + + grub_multiboot_boot + grub_multiboot2_make_mbi + grub_efi_finish_boot_services + b->exit_boot_services + normal_boot + grub_relocator32_boot + grub_relocator_alloc_chunk_align_safe + grub_relocator_alloc_chunk_align + grub_malloc + grub_memalign + grub_mm_add_region_fn + [= grub_efi_mm_add_regions] + grub_efi_allocate_any_pages + grub_efi_allocate_pages_real + b->allocate_pages + + This can lead to confusing errors. After ExitBootServices() call + b->allocate_pages may point to the NULL address resulting in something like: + + !!!! X64 Exception Type - 01(#DB - Debug) CPU Apic ID - 00000000 !!!! + RIP - 000000000000201F, CS - 0000000000000038, RFLAGS - 0000000000200002 + RAX - 000000007F9EE010, RCX - 0000000000000001, RDX - 0000000000000002 + RBX - 0000000000000006, RSP - 00000000001CFBEC, RBP - 0000000000000000 + RSI - 0000000000000000, RDI - 00000000FFFFFFFF + R8 - 0000000000000006, R9 - 000000007FEDFFB8, R10 - 0000000000000000 + R11 - 0000000000000475, R12 - 0000000000000001, R13 - 0000000000000002 + R14 - 00000000FFFFFFFF, R15 - 000000007E432C08 + DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030 + GS - 0000000000000030, SS - 0000000000000030 + CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 000000007FC01000 + CR4 - 0000000000000668, CR8 - 0000000000000000 + DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 + DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 + GDTR - 000000007F9DE000 0000000000000047, LDTR - 0000000000000000 + IDTR - 000000007F470018 0000000000000FFF, TR - 0000000000000000 + FXSAVE_STATE - 00000000001CF840 + + Ideally we would like to avoid all memory allocations after exiting EFI + Boot Services altogether but that requires significant code changes. This + patch adds a simple workaround that resets grub_mm_add_region_fn to NULL + after ExitBootServices() call, so: + + - Memory allocations have a better chance of succeeding because grub_memalign() + will try to reclaim the disk cache if it sees a NULL in grub_mm_add_region_fn. + + - At worst it will fail to allocate memory but it will explicitly tell users + that it's out of memory, which is still much better than the current + situation where it fails in a fairly random way and triggers a CPU fault. + + Reviewed-by: Daniel Kiper + +2025-02-26 Duan Yayong + + i386/tsc: The GRUB menu gets stuck due to unserialized rdtsc + This patch is used to fix GRUB menu gets stuck in server AC + poweron/poweroff stress test of x86_64, which is reproduced with + 1/200 ratio. The root cause analysis as below: + + Q: What's the code logic? + + A: The grub_tsc_init() function will init tsc by setting grub_tsc_rate, + which call stack is: + + grub_tsc_init() -> grub_tsc_calibrate_from_pmtimer() -> grub_divmod64() + + Among, grub_divmod64() function needs tsc_diff as the second parameter. + In grub_pmtimer_wait_count_tsc(), we will call grub_get_tsc() function + to get time stamp counter value to assign to start_tsc variable, and + get into while (1) loop space to get end_tsc variable value with same + function, after 3580 ticks, return "end_tsc - start_tsc". Actually, + rdtsc instruction will be called in grub_get_tsc, but rdtsc instruction + is not reliable (for the reason see the next question), which will cause + tsc_diff to be a very big number larger than (1UL << 32) or a negative + number, so that grub_tsc_rate will be zero. When run_menu() function is + startup, and calls grub_tsc_get_time_ms() function to get current time + to check if timeout time reach, at this time, grub_tsc_get_time_ms() + function will return zero due to zero grub_tsc_rate variable, then GRUB + menu gets stuck... + + Q: What's the difference between rdtsc and rdtscp instructions in x86_64 + architecture? Here is more explanations from Intel® 64 and IA-32 + Architectures Software Developer’s Manual Volume 2B (December 2024): + https://cdrdv2.intel.com/v1/dl/getContent/671241 + + A: In page 4-558 -> RDTSC—Read Time-Stamp Counter: + The RDTSC instruction is not a serializing instruction. It does not + necessarily wait until all previous instructions have been executed + before reading the counter. Similarly, subsequent instructions may + begin execution before the read operation is performed. The following + items may guide software seeking to order executions of RDTSC: + - If software requires RDTSC to be executed only after all previous + instructions have executed and all previous loads are globally + visible, it can execute LFENCE immediately before RDTSC. + - If software requires RDTSC to be executed only after all previous + instructions have executed and all previous loads and stores are + globally visible, it can execute the sequence MFENCE;LFENCE + immediately before RDTSC. + - If software requires RDTSC to be executed prior to execution of any + subsequent instruction (including any memory accesses), it can execute + the sequence LFENCE immediately after RDTSC. + + A: In page 4-560 -> RDTSCP—Read Time-Stamp Counter and Processor ID: + The RDTSCP instruction is not a serializing instruction, but it does wait + until all previous instructions have executed and all previous loads are + globally visible. But it does not wait for previous stores to be globally + visible, and subsequent instructions may begin execution before the read + operation is performed. The following items may guide software seeking to + order executions of RDTSCP: + - If software requires RDTSCP to be executed only after all previous + stores are globally visible, it can execute MFENCE immediately before + RDTSCP. + - If software requires RDTSCP to be executed prior to execution of any + subsequent instruction (including any memory accesses), it can execute + LFENCE immediately after RDTSCP. + + Q: Why there is a cpuid serializing instruction before rdtsc instruction, + but "grub_get_tsc" still cannot work as expect? + + A: From Intel® 64 and IA-32 Architectures Software Developer's Manual + Volume 2A: Instruction Set Reference, A-L (December 2024): + https://cdrdv2.intel.com/v1/dl/getContent/671199 + + In page 3-222 -> CPUID—CPU Identification: + CPUID can be executed at any privilege level to serialize instruction execution. + Serializing instruction execution guarantees that any modifications to flags, + registers, and memory for previous instructions are completed before + the next instruction is fetched and executed. + + So we only kept the instruction rdtsc and its previous instruction in order + currently. But it is still out-of-order possibility between rdtsc instruction + and its subsequent instruction. + + Q: Why do we do this fix? + + A: In the one hand, add cpuid instruction after rdtsc instruction to make sure + rdtsc instruction to be executed prior to execution of any subsequent instruction, + about serializing execution that all previous instructions have been executed + before rdtsc, there is a cpuid usage in original code. In the other hand, using + cpuid instruction rather than lfence can make sure a forward compatibility for + previous HW. + + Base this fix, we did 1500 cycles power on/off stress test, and did not reproduce + this issue again. + + Fixes: https://savannah.gnu.org/bugs/?66257 + + Reviewed-by: Daniel Kiper + +2025-02-26 Duan Yayong + + kern/i386/tsc_pmtimer: The GRUB menu gets stuck due to failed calibration + The grub_divmod64() may return 0 but grub_tsc_calibrate_from_pmtimer() + still returns 1 saying calibration succeeded. Of course it is not true. + So, return 0 when grub_divmod64() returns 0. This way other calibration + functions can be called subsequently. + + Reviewed-by: Daniel Kiper + +2025-02-26 Sergii Dmytruk + + loader/i386/linux: Fix cleanup if kernel doesn't support 64-bit addressing + Simply returning from grub_cmd_linux() doesn't free "file" resource nor + calls grub_dl_ref(my_mod). Jump to "fail" label for proper cleanup like + other error checks do. + + Reviewed-by: Daniel Kiper + +2025-02-13 Alec Brown + + loader/i386/bsd: Use safe math to avoid underflow + The operation kern_end - kern_start may underflow when we input it into + grub_relocator_alloc_chunk_addr() call. To avoid this we can use safe + math for this subtraction. + + Fixes: CID 73845 + + Reviewed-by: Daniel Kiper + +2025-02-13 Alec Brown + + loader/i386/linux: Cast left shift to grub_uint32_t + The Coverity complains that we might overflow into a negative value when + setting linux_params.kernel_alignment to (1 << align). We can remedy + this by casting it to grub_uint32_t. + + Fixes: CID 473876 + + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + kern/misc: Add sanity check after grub_strtoul() call + When the format string, fmt0, includes a positional argument + grub_strtoul() or grub_strtoull() is called to extract the argument + position. However, the returned argument position isn't fully validated. + If the format is something like "%0$x" then these functions return + 0 which leads to an underflow in the calculation of the args index, curn. + The fix is to add a check to ensure the extracted argument position is + greater than 0 before computing curn. Additionally, replace one + grub_strtoull() with grub_strtoul() and change curn type to make code + more correct. + + Fixes: CID 473841 + + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + kern/partition: Add sanity check after grub_strtoul() call + The current code incorrectly assumes that both the input and the values + returned by grub_strtoul() are always valid which can lead to potential + errors. This fix ensures proper validation to prevent any unintended issues. + + Fixes: CID 473843 + + Reviewed-by: Daniel Kiper + +2025-02-13 Alec Brown + + normal/menu: Use safe math to avoid an integer overflow + The Coverity indicates that the variable current_entry might overflow. + To prevent this use safe math when adding GRUB_MENU_PAGE_SIZE to current_entry. + + On the occasion fix limiting condition which was broken. + + Fixes: CID 473853 + + Reviewed-by: Daniel Kiper + +2025-02-13 Alec Brown + + bus/usb/ehci: Define GRUB_EHCI_TOGGLE as grub_uint32_t + The Coverity indicates that GRUB_EHCI_TOGGLE is an int that contains + a negative value and we are using it for the variable token which is + grub_uint32_t. To remedy this we can cast the definition to grub_uint32_t. + + Fixes: CID 473851 + + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + misc: Ensure consistent overflow error messages + Update the overflow error messages to make them consistent + across the GRUB code. + + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + osdep/unix/getroot: Fix potential underflow + The entry_len is initialized in grub_find_root_devices_from_mountinfo() + to 0 before the while loop iterates through /proc/self/mountinfo. If the + file is empty or contains only invalid entries entry_len remains + 0 causing entry_len - 1 in the subsequent for loop initialization + to underflow. To prevent this add a check to ensure entry_len > 0 before + entering the for loop. + + Fixes: CID 473877 + + Reviewed-by: Daniel Kiper + Reviewed-by: Ross Philipson + +2025-02-13 Lidong Chen + + script/execute: Fix potential underflow and NULL dereference + The result is initialized to 0 in grub_script_arglist_to_argv(). + If the for loop condition is not met both result.args and result.argc + remain 0 causing result.argc - 1 to underflow and/or result.args NULL + dereference. Fix the issues by adding relevant checks. + + Fixes: CID 473880 + + Reviewed-by: Daniel Kiper + +2025-02-13 Alec Brown + + fs/sfs: Check if allocated memory is NULL + When using grub_zalloc(), if we are out of memory, this function can fail. + After allocating memory, we should check if grub_zalloc() returns NULL. + If so, we should handle this error. + + Fixes: CID 473856 + + Reviewed-by: Ross Philipson + Reviewed-by: Daniel Kiper + +2025-02-13 Alec Brown + + net: Check if returned pointer for allocated memory is NULL + When using grub_malloc(), the function can fail if we are out of memory. + After allocating memory we should check if this function returned NULL + and handle this error if it did. + + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + net: Prevent overflows when allocating memory for arrays + Use grub_calloc() when allocating memory for arrays to ensure proper + overflow checks are in place. + + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + net: Use safe math macros to prevent overflows + Replace direct arithmetic operations with macros from include/grub/safemath.h + to prevent potential overflow issues when calculating the memory sizes. + + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + fs/zfs: Add missing NULL check after grub_strdup() call + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + fs/zfs: Check if returned pointer for allocated memory is NULL + When using grub_malloc() or grub_zalloc(), these functions can fail if + we are out of memory. After allocating memory we should check if these + functions returned NULL and handle this error if they did. + + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + fs/zfs: Prevent overflows when allocating memory for arrays + Use grub_calloc() when allocating memory for arrays to ensure proper + overflow checks are in place. + + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + fs/zfs: Use safe math macros to prevent overflows + Replace direct arithmetic operations with macros from include/grub/safemath.h + to prevent potential overflow issues when calculating the memory sizes. + + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + fs: Prevent overflows when assigning returned values from read_number() + The direct assignment of the unsigned long long value returned by + read_number() can potentially lead to an overflow on a 32-bit systems. + The fix replaces the direct assignments with calls to grub_cast() + which detects the overflows and safely assigns the values if no + overflow is detected. + + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + fs: Prevent overflows when allocating memory for arrays + Use grub_calloc() when allocating memory for arrays to ensure proper + overflow checks are in place. + + The HFS+ and squash4 security vulnerabilities were reported by + Jonathan Bar Or . + + Fixes: CVE-2025-0678 + Fixes: CVE-2025-1125 + + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + fs: Use safe math macros to prevent overflows + Replace direct arithmetic operations with macros from include/grub/safemath.h + to prevent potential overflow issues when calculating the memory sizes. + + Reviewed-by: Daniel Kiper + +2025-02-13 Alec Brown + + disk/ieee1275/ofdisk: Call grub_ieee1275_close() when grub_malloc() fails + In the dev_iterate() function a handle is opened but isn't closed when + grub_malloc() returns NULL. We should fix this by closing it on error. + + Reviewed-by: Daniel Kiper + +2025-02-13 Alec Brown + + disk: Check if returned pointer for allocated memory is NULL + When using grub_malloc(), grub_zalloc() or grub_calloc(), these functions can + fail if we are out of memory. After allocating memory we should check if these + functions returned NULL and handle this error if they did. + + On the occasion make a NULL check in ATA code more obvious. + + Reviewed-by: Daniel Kiper + +2025-02-13 Alec Brown + + disk: Prevent overflows when allocating memory for arrays + Use grub_calloc() when allocating memory for arrays to ensure proper + overflow checks are in place. + + Reviewed-by: Daniel Kiper + +2025-02-13 Alec Brown + + disk: Use safe math macros to prevent overflows + Replace direct arithmetic operations with macros from include/grub/safemath.h + to prevent potential overflow issues when calculating the memory sizes. + + Reviewed-by: Daniel Kiper + +2025-02-13 Daniel Axtens + + fs: Disable many filesystems under lockdown + The idea is to permit the following: btrfs, cpio, exfat, ext, f2fs, fat, + hfsplus, iso9660, squash4, tar, xfs and zfs. + + The JFS, ReiserFS, romfs, UDF and UFS security vulnerabilities were + reported by Jonathan Bar Or . + + Fixes: CVE-2025-0677 + Fixes: CVE-2025-0684 + Fixes: CVE-2025-0685 + Fixes: CVE-2025-0686 + Fixes: CVE-2025-0689 + + Suggested-by: Daniel Axtens + Reviewed-by: Daniel Kiper + +2025-02-13 Daniel Axtens + + fs/bfs: Disable under lockdown + The BFS is not fuzz-clean. Don't allow it to be loaded under lockdown. + This will also disable the AFS. + + Fixes: CVE-2024-45778 + Fixes: CVE-2024-45779 + + Reported-by: Nils Langius + Reviewed-by: Daniel Kiper + +2025-02-13 B Horn + + commands/hexdump: Disable memory reading in lockdown mode + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-02-13 B Horn + + commands/memrw: Disable memory reading in lockdown mode + With the rest of module being blocked in lockdown mode it does not make + a lot of sense to leave memory reading enabled. This also goes in par + with disabling the dump command. + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-02-13 B Horn + + commands/minicmd: Block the dump command in lockdown mode + The dump enables a user to read memory which should not be possible + in lockdown mode. + + Fixes: CVE-2025-1118 + + Reported-by: B Horn + Reported-by: Jonathan Bar Or + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + commands/test: Stack overflow due to unlimited recursion depth + The test_parse() evaluates test expression recursively. Due to lack of + recursion depth check a specially crafted expression may cause a stack + overflow. The recursion is only triggered by the parentheses usage and + it can be unlimited. However, sensible expressions are unlikely to + contain more than a few parentheses. So, this patch limits the recursion + depth to 100, which should be sufficient. + + Reported-by: Nils Langius + Reviewed-by: Daniel Kiper + +2025-02-13 Jonathan Bar Or + + commands/read: Fix an integer overflow when supplying more than 2^31 characters + The grub_getline() function currently has a signed integer variable "i" + that can be overflown when user supplies more than 2^31 characters. + It results in a memory corruption of the allocated line buffer as well + as supplying large negative values to grub_realloc(). + + Fixes: CVE-2025-0690 + + Reported-by: Jonathan Bar Or + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + gettext: Integer overflow leads to heap OOB write + The size calculation of the translation buffer in + grub_gettext_getstr_from_position() may overflow + to 0 leading to heap OOB write. This patch fixes + the issue by using grub_add() and checking for + an overflow. + + Fixes: CVE-2024-45777 + + Reported-by: Nils Langius + Reviewed-by: Daniel Kiper + Reviewed-by: Alec Brown + +2025-02-13 Lidong Chen + + gettext: Integer overflow leads to heap OOB write or read + Calculation of ctx->grub_gettext_msg_list size in grub_mofile_open() may + overflow leading to subsequent OOB write or read. This patch fixes the + issue by replacing grub_zalloc() and explicit multiplication with + grub_calloc() which does the same thing in safe manner. + + Fixes: CVE-2024-45776 + + Reported-by: Nils Langius + Reviewed-by: Daniel Kiper + Reviewed-by: Alec Brown + +2025-02-13 B Horn + + gettext: Remove variables hooks on module unload + The gettext module does not entirely cleanup after itself in + its GRUB_MOD_FINI() leaving a few variables hooks in place. + It is not possible to unload gettext module because normal + module depends on it. Though fix the issues for completeness. + + Fixes: CVE-2025-0622 + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-02-13 B Horn + + normal: Remove variables hooks on module unload + The normal module does not entirely cleanup after itself in + its GRUB_MOD_FINI() leaving a few variables hooks in place. + It is not possible to unload normal module now but fix the + issues for completeness. + + On the occasion replace 0s with NULLs for "pager" variable + hooks unregister. + + Fixes: CVE-2025-0622 + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-02-13 B Horn + + commands/pgp: Unregister the "check_signatures" hooks on module unload + If the hooks are not removed they can be called after the module has + been unloaded leading to an use-after-free. + + Fixes: CVE-2025-0622 + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-02-13 B Horn + + commands/ls: Fix NULL dereference + The grub_strrchr() may return NULL when the dirname do not contain "/". + This can happen on broken filesystems. + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-02-13 Lidong Chen + + commands/extcmd: Missing check for failed allocation + The grub_extcmd_dispatcher() calls grub_arg_list_alloc() to allocate + a grub_arg_list struct but it does not verify the allocation was successful. + In case of failed allocation the NULL state pointer can be accessed in + parse_option() through grub_arg_parse() which may lead to a security issue. + + Fixes: CVE-2024-45775 + + Reported-by: Nils Langius + Reviewed-by: Daniel Kiper + Reviewed-by: Alec Brown + +2025-02-13 B Horn + + kern/dl: Check for the SHF_INFO_LINK flag in grub_dl_relocate_symbols() + The grub_dl_relocate_symbols() iterates through the sections in + an ELF looking for relocation sections. According to the spec [1] + the SHF_INFO_LINK flag should be set if the sh_info field is meant + to be a section index. + + [1] https://refspecs.linuxbase.org/elf/gabi4+/ch4.sheader.html + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-02-13 B Horn + + kern/dl: Use correct segment in grub_dl_set_mem_attrs() + The previous code would never actually call grub_update_mem_attrs() + as sh_info will always be zero for the sections that exist in memory. + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-02-13 B Horn + + kern/dl: Fix for an integer overflow in grub_dl_ref() + It was possible to overflow the value of mod->ref_count, a signed + integer, by repeatedly invoking insmod on an already loaded module. + This led to a use-after-free. As once ref_count was overflowed it became + possible to unload the module while there was still references to it. + + This resolves the issue by using grub_add() to check if the ref_count + will overflow and then stops further increments. Further changes were + also made to grub_dl_unref() to check for the underflow condition and + the reference count was changed to an unsigned 64-bit integer. + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-02-13 Daniel Axtens + + video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG + Otherwise a subsequent header could change the height and width + allowing future OOB writes. + + Fixes: CVE-2024-45774 + + Reported-by: Nils Langius + Reviewed-by: Daniel Kiper + +2025-02-13 B Horn + + net/tftp: Fix stack buffer overflow in tftp_open() + An overly long filename can be passed to tftp_open() which would cause + grub_normalize_filename() to write out of bounds. + + Fixed by adding an extra argument to grub_normalize_filename() for the + space available, making it act closer to a strlcpy(). As several fixed + strings are strcpy()'d after into the same buffer, their total length is + checked to see if they exceed the remaining space in the buffer. If so, + return an error. + + On the occasion simplify code a bit by removing unneeded rrqlen zeroing. + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-02-13 B Horn + + net: Fix OOB write in grub_net_search_config_file() + The function included a call to grub_strcpy() which copied data from an + environment variable to a buffer allocated in grub_cmd_normal(). The + grub_cmd_normal() didn't consider the length of the environment variable. + So, the copy operation could exceed the allocation and lead to an OOB + write. Fix the issue by replacing grub_strcpy() with grub_strlcpy() and + pass the underlying buffers size to the grub_net_search_config_file(). + + Fixes: CVE-2025-0624 + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + net: Remove variables hooks when interface is unregisted + The grub_net_network_level_interface_unregister(), previously + implemented in a header, did not remove the variables hooks that + were registered in grub_net_network_level_interface_register(). + Fix this by implementing the same logic used to register the + variables and move the function into the grub-core/net/net.c. + + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + net: Unregister net_default_ip and net_default_mac variables hooks on unload + The net module is a dependency of normal. So, it shouldn't be possible + to unload the net. Though unregister variables hooks as a precaution. + It also gets in line with unregistering the other net module hooks. + + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + script/execute: Limit the recursion depth + If unbounded recursion is allowed it becomes possible to collide the + stack with the heap. As UEFI firmware often lacks guard pages this + becomes an exploitable issue as it is possible in some cases to do + a controlled overwrite of a section of this heap region with + arbitrary data. + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + kern/partition: Limit recursion in part_iterate() + The part_iterate() is used by grub_partition_iterate() as a callback in + the partition iterate functions. However, part_iterate() may also call + the partition iterate functions which may lead to recursion. Fix potential + issue by limiting the recursion depth. + + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + kern/disk: Limit recursion depth + The grub_disk_read() may trigger other disk reads, e.g. via loopbacks. + This may lead to very deep recursion which can corrupt the heap. So, fix + the issue by limiting reads depth. + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + disk/loopback: Reference tracking for the loopback + It was possible to delete a loopback while there were still references + to it. This led to an exploitable use-after-free. + + Fixed by implementing a reference counting in the grub_loopback struct. + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-01-23 Michael Chang + + disk/cryptodisk: Require authentication after TPM unlock for CLI access + The GRUB may use TPM to verify the integrity of boot components and the + result can determine whether a previously sealed key can be released. If + everything checks out, showing nothing has been tampered with, the key + is released and GRUB unlocks the encrypted root partition for the next + stage of booting. + + However, the liberal Command Line Interface (CLI) can be misused by + anyone in this case to access files in the encrypted partition one way + or another. Despite efforts to keep the CLI secure by preventing utility + command output from leaking file content, many techniques in the wild + could still be used to exploit the CLI, enabling attacks or learning + methods to attack. It's nearly impossible to account for all scenarios + where a hack could be applied. + + Therefore, to mitigate potential misuse of the CLI after the root device + has been successfully unlocked via TPM, the user should be required to + authenticate using the LUKS password. This added layer of security + ensures that only authorized users can access the CLI reducing the risk + of exploitation or unauthorized access to the encrypted partition. + + Fixes: CVE-2024-49504 + + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + kern/file: Implement filesystem reference counting + The grub_file_open() and grub_file_close() should be the only places + that allow a reference to a filesystem to stay open. So, add grub_dl_t + to grub_fs_t and set this in the GRUB_MOD_INIT() for each filesystem to + avoid issues when filesystems forget to do it themselves or do not track + their own references, e.g. squash4. + + The fs_label(), fs_uuid(), fs_mtime() and fs_read() should all ref and + unref in the same function but it is essentially redundant in GRUB + single threaded model. + + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + kern/file: Ensure file->data is set + This is to avoid a generic issue were some filesystems would not set + data and also not set a grub_errno. This meant it was possible for many + filesystems to grub_dl_unref() themselves multiple times resulting in + it being possible to unload the filesystems while there were still + references to them, e.g., via a loopback. + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + fs/xfs: Ensuring failing to mount sets a grub_errno + It was previously possible for grub_xfs_mount() to return NULL without + setting grub_errno if the XFS version was invalid. This resulted in it + being possible for grub_dl_unref() to be called twice allowing the XFS + module to be unloaded while there were still references to it. + + Fixing this problem in general by ensuring a grub_errno is set if the + fail label is reached. + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-01-23 Michael Chang + + fs/xfs: Fix out-of-bounds read + The number of records in the root key array read from disk was not being + validated against the size of the root node. This could lead to an + out-of-bounds read. + + This patch adds a check to ensure that the number of records in the root + key array does not exceed the expected size of a root node read from + disk. If this check detects an out-of-bounds condition the operation is + aborted to prevent random errors due to metadata corruption. + + Reported-by: Daniel Axtens + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + fs/ntfs: Implement attribute verification + It was possible to read OOB when an attribute had a size that exceeded + the allocated buffer. This resolves that by making sure all attributes + that get read are fully in the allocated space by implementing + a function to validate them. + + Defining the offsets in include/grub/ntfs.h but they are only used in + the validation function and not across the rest of the NTFS code. + + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + fs/ntfs: Use a helper function to access attributes + Right now to access the next attribute the code reads the length of the + current attribute and adds that to the current pointer. This is error + prone as bounds checking needs to be performed all over the place. So, + implement a helper and ensure its used across find_attr() and read_attr(). + + This commit does *not* implement full bounds checking. It is just the + preparation work for this to be added into the helper. + + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + fs/ntfs: Track the end of the MFT attribute buffer + The end of the attribute buffer should be stored alongside the rest of + the attribute struct as right now it is not possible to implement bounds + checking when accessing attributes sequentially. + + This is done via: + - updating init_attr() to set at->end and check is is not initially out of bounds, + - implementing checks as init_attr() had its type change in its callers, + - updating the value of at->end when needed. + + Reviewed-by: Daniel Kiper + +2025-01-23 Michael Chang + + fs/ntfs: Fix out-of-bounds read + When parsing NTFS file records the presence of the 0xFF marker indicates + the end of the attribute list. This value signifies that there are no + more attributes to process. + + However, when the end marker is missing due to corrupted metadata the + loop continues to read beyond the attribute list resulting in out-of-bounds + reads and potentially entering an infinite loop. + + This patch adds a check to provide a stop condition for the loop ensuring + it stops at the end of the attribute list or at the end of the Master File + Table. This guards against out-of-bounds reads and prevents infinite loops. + + Reported-by: Daniel Axtens + Reviewed-by: Daniel Kiper + +2025-01-23 Michael Chang + + fs/ext2: Fix out-of-bounds read for inline extents + When inline extents are used, i.e. the extent tree depth equals zero, + a maximum of four entries can fit into the inode's data block. If the + extent header states a number of entries greater than four the current + ext2 implementation causes an out-of-bounds read. Fix this issue by + capping the number of extents to four when reading inline extents. + + Reported-by: Daniel Axtens + Reviewed-by: Daniel Kiper + +2025-01-23 Lidong Chen + + fs/jfs: Inconsistent signed/unsigned types usage in return values + The getblk() returns a value of type grub_int64_t which is assigned to + iagblk and inoblk, both of type grub_uint64_t, in grub_jfs_read_inode() + via grub_jfs_blkno(). This patch fixes the type mismatch in the + functions. Additionally, the getblk() will return 0 instead of -1 on + failure cases. This change is safe because grub_errno is always set in + getblk() to indicate errors and it is later checked in the callers. + + Reviewed-by: Alec Brown + Reviewed-by: Ross Philipson + Reviewed-by: Daniel Kiper + +2025-01-23 Lidong Chen + + fs/jfs: Use full 40 bits offset and address for a data extent + An extent's logical offset and address are represented as a 40-bit value + split into two parts: the most significant 8 bits and the least + significant 32 bits. Currently the JFS code uses only the least + significant 32 bits value for offsets and addresses assuming the data + size will never exceed the 32-bit range. This approach ignores the most + significant 8 bits potentially leading to incorrect offsets and + addresses for larger values. The patch fixes it by incorporating the + most significant 8 bits into the calculation to get the full 40-bits + value for offsets and addresses. + + https://jfs.sourceforge.net/project/pub/jfslayout.pdf + + "off1,off2 is a 40-bit field, containing the logical offset of the first + block in the extent. + ... + addr1,addr2 is a 40-bit field, containing the address of the extent." + + Reviewed-by: Alec Brown + Reviewed-by: Ross Philipson + Reviewed-by: Daniel Kiper + +2025-01-23 Lidong Chen + + fs/jfs: Fix OOB read caused by invalid dir slot index + While fuzz testing JFS with ASAN enabled an OOB read was detected in + grub_jfs_opendir(). The issue occurred due to an invalid directory slot + index in the first entry of the sorted directory slot array in the inode + directory header. The fix ensures the slot index is validated before + accessing it. Given that an internal or a leaf node in a directory B+ + tree is a 4 KiB in size and each directory slot is always 32 bytes, the + max number of slots in a node is 128. The validation ensures that the + slot index doesn't exceed this limit. + + [1] https://jfs.sourceforge.net/project/pub/jfslayout.pdf + + JFS will allocate 4K of disk space for an internal node of the B+ tree. + An internal node looks the same as a leaf node. + - page 10 + + Fixed number of Directory Slots depending on the size of the node. These are + the slots to be used for storing the directory slot array and the directory + entries or router entries. A directory slot is always 32 bytes. + ... + A Directory Slot Array which is a sorted array of indices to the directory + slots that are currently in use. + ... + An internal or a leaf node in the directory B+ tree is a 4K page. + - page 25 + + Reviewed-by: Daniel Kiper + Reviewed-by: Alec Brown + +2025-01-23 Lidong Chen + + fs/jfs: Fix OOB read in jfs_getent() + The JFS fuzzing revealed an OOB read in grub_jfs_getent(). The crash + was caused by an invalid leaf nodes count, diro->dirpage->header.count, + which was larger than the maximum number of leaf nodes allowed in an + inode. This fix is to ensure that the leaf nodes count is validated in + grub_jfs_opendir() before calling grub_jfs_getent(). + + On the occasion replace existing raw numbers with newly defined constant. + + Reviewed-by: Daniel Kiper + Reviewed-by: Alec Brown + +2025-01-23 Michael Chang + + fs/iso9660: Fix invalid free + The ctx->filename can point to either a string literal or a dynamically + allocated string. The ctx->filename_alloc field is used to indicate the + type of allocation. + + An issue has been identified where ctx->filename is reassigned to + a string literal in susp_iterate_dir() but ctx->filename_alloc is not + correctly handled. This oversight causes a memory leak and an invalid + free operation later. + + The fix involves checking ctx->filename_alloc, freeing the allocated + string if necessary and clearing ctx->filename_alloc for string literals. + + Reported-by: Daniel Axtens + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + fs/iso9660: Set a grub_errno if mount fails + It was possible for a grub_errno to not be set if mount of an ISO 9660 + filesystem failed when set_rockridge() returned 0. + + This isn't known to be exploitable as the other filesystems due to + filesystem helper checking the requested file type. Though fixing + as a precaution. + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + fs/hfsplus: Set a grub_errno if mount fails + It was possible for mount to fail but not set grub_errno. This led to + a possible double decrement of the module reference count if the NULL + page was mapped. + + Fixing in general as a similar bug was fixed in commit 61b13c187 + (fs/hfsplus: Set grub_errno to prevent NULL pointer access) and there + are likely more variants around. + + Fixes: CVE-2024-45783 + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-01-23 B Horn + + fs/f2fs: Set a grub_errno if mount fails + It was previously possible for grub_errno to not be set when + grub_f2fs_mount() failed if nat_bitmap_ptr() returned NULL. + + This issue is solved by ensuring a grub_errno is set in the fail case. + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-01-23 Lidong Chen + + fs/tar: Integer overflow leads to heap OOB write + Both namesize and linksize are derived from hd.size, a 12-digit octal + number parsed by read_number(). Later direct arithmetic calculation like + "namesize + 1" and "linksize + 1" may exceed the maximum value of + grub_size_t leading to heap OOB write. This patch fixes the issue by + using grub_add() and checking for an overflow. + + Fixes: CVE-2024-45780 + + Reported-by: Nils Langius + Reviewed-by: Daniel Kiper + Reviewed-by: Alec Brown + +2025-01-16 B Horn + + fs/tar: Initialize name in grub_cpio_find_file() + It was possible to iterate through grub_cpio_find_file() without + allocating name and not setting mode to GRUB_ARCHELP_ATTR_END, which + would cause the uninitialized value for name to be used as an argument + for canonicalize() in grub_archelp_dir(). + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2025-01-16 B Horn + + fs/hfs: Fix stack OOB write with grub_strcpy() + Replaced with grub_strlcpy(). + + Fixes: CVE-2024-45782 + Fixes: CVE-2024-56737 + Fixes: https://savannah.gnu.org/bugs/?66599 + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2024-12-02 B Horn + + fs/ufs: Fix a heap OOB write + grub_strcpy() was used to copy a symlink name from the filesystem + image to a heap allocated buffer. This led to a OOB write to adjacent + heap allocations. Fix by using grub_strlcpy(). + + Fixes: CVE-2024-45781 + + Reported-by: B Horn + Reviewed-by: Daniel Kiper + +2024-12-02 B Horn + + misc: Implement grub_strlcpy() + grub_strlcpy() acts the same way as strlcpy() does on most *NIX, + returning the length of src and ensuring dest is always NUL + terminated except when size is 0. + + Reviewed-by: Daniel Kiper + +2024-11-28 Stefan Berger + + tpm2_key_protector: Enable build for powerpc_ieee1275 + Reviewed-by: Daniel Kiper + +2024-11-28 Stefan Berger + + ieee1275/tcg2: Add TCG2 driver for ieee1275 PowerPC firmware + Follow recent extensions of EFI support providing a TCG2 driver with + a public API for getting the maximum TPM command size and passing a TPM + command through to the TPM 2. Implement this functionality using ieee1275 + PowerPC firmware API calls. Move tcg2.c into the TCG2 driver. + + Reviewed-by: Daniel Kiper + +2024-11-28 Stefan Berger + + ieee1275/tcg2: Refactor grub_ieee1275_tpm_init() + Move tpm_get_tpm_version() into grub_ieee1275_tpm_init() and invalidate + grub_ieee1275_tpm_ihandle in case no TPM 2 could be detected. Try the + initialization only once so that grub_tpm_present() will always return + the same result. Use the grub_ieee1275_tpm_ihandle as indicator for an + available TPM instead of grub_ieee1275_tpm_version, which can now be + removed. + + Reviewed-by: Daniel Kiper + +2024-11-28 Stefan Berger + + ieee1275/ibmvpm: Move TPM initialization functions to own file + Move common initialization functions from the ibmvtpm driver module into + tcg2.c that will be moved into the new TCG2 driver in a subsequent patch. + Make the functions available to the ibmvtpm driver as public functions + and variables. + + Reviewed-by: Daniel Kiper + +2024-11-28 Stefan Berger + + ieee1275: Consolidate repeated definitions of IEEE1275_IHANDLE_INVALID + Consolidate repeated definitions of IEEE1275_IHANDLE_INVALID that are cast + to the type grub_ieee1275_ihandle_t. On the occasion add "GRUB_" prefix to + the constant name. + + Reviewed-by: Daniel Kiper + +2024-11-28 Stefan Berger + + term/ieee1275/serial: Cast 0 to proper type + Cast 0 to proper type grub_ieee1275_ihandle_t. This type is + used for struct grub_serial_port's handle that assigns or + compares with IEEE1275_IHANDLE_INVALID. + + Reviewed-by: Daniel Kiper + +2024-11-28 Stefan Berger + + tss2: Adjust bit fields for big endian targets + The TPM bit fields need to be in reverse order for big endian targets, + such as ieee1275 PowerPC platforms that run GRUB in big endian mode. + + Reviewed-by: Gary Lin + Reviewed-by: Daniel Kiper + +2024-11-28 Gary Lin + + docs: Document TPM2 key protector + Update the user manual to address TPM2 key protector including the two + related commands, tpm2_key_protector_init and tpm2_key_protector_clear, + and the user-space utility: grub-protect. + + Reviewed-by: Daniel Kiper + Reviewed-by: Stefan Berger + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + tests: Add tpm2_key_protector_test + For the tpm2_key_protector module, the TCG2 command submission function + is the only difference between a QEMU instance and grub-emu. To test + TPM2 key unsealing with a QEMU instance, it requires an extra OS image + to invoke grub-protect to seal the LUKS key, rather than a simple + grub-shell rescue CD image. On the other hand, grub-emu can share the + emulated TPM2 device with the host, so that we can seal the LUKS key on + host and test key unsealing with grub-emu. + + This test script firstly creates a simple LUKS image to be loaded as a + loopback device in grub-emu. Then an emulated TPM2 device is created by + "swtpm chardev" and PCR 0 and 1 are extended. + + There are several test cases in the script to test various settings. Each + test case uses grub-protect or tpm2-tools to seal the LUKS password + with PCR 0 and PCR 1. Then grub-emu is launched to load the LUKS image, + try to mount the image with tpm2_key_protector_init and cryptomount, and + verify the result. + + Based on the idea from Michael Chang. + + Cc: Michael Chang + Cc: Stefan Berger + Cc: Glenn Washburn + Reviewed-by: Daniel Kiper + Reviewed-by: Stefan Berger + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + tpm2_key_protector: Add grub-emu support + As a preparation to test tpm2_key_protector with grub-emu, the new + option, --tpm-device, is introduced to specify the TPM device for + grub-emu so that grub-emu can access an emulated TPM device from + the host. + + Since grub-emu can directly access the device on host, it's easy to + implement the essential TCG2 command submission function with the + read/write functions and enable tpm2_key_protector module for grub-emu, + so that we can further test TPM2 key unsealing with grub-emu. + + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + diskfilter: Look up cryptodisk devices first + When using disk auto-unlocking with TPM 2.0, the typical grub.cfg may + look like this: + + tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub/sealed.tpm + cryptomount -u -P tpm2 + search --fs-uuid --set=root + + Since the disk search order is based on the order of module loading, the + attacker could insert a malicious disk with the same FS-UUID root to + trick GRUB to boot into the malicious root and further dump memory to + steal the unsealed key. + + Do defend against such an attack, we can specify the hint provided by + "grub-probe" to search the encrypted partition first: + + search --fs-uuid --set=root --hint='cryptouuid/' + + However, for LVM on an encrypted partition, the search hint provided by + "grub-probe" is: + + --hint='lvmid//' + + It doesn't guarantee to look up the logical volume from the encrypted + partition, so the attacker may have the chance to fool GRUB to boot + into the malicious disk. + + To minimize the attack surface, this commit tweaks the disk device search + in diskfilter to look up cryptodisk devices first and then others, so + that the auto-unlocked disk will be found first, not the attacker's disk. + + Cc: Fabian Vogt + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + cryptodisk: Wipe out the cached keys from protectors + An attacker may insert a malicious disk with the same crypto UUID and + trick GRUB to mount the fake root. Even though the key from the key + protector fails to unlock the fake root, it's not wiped out cleanly so + the attacker could dump the memory to retrieve the secret key. To defend + such attack, wipe out the cached key when we don't need it. + + Cc: Fabian Vogt + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Patrick Colp + + cryptodisk: Fallback to passphrase + If a protector is specified, but it fails to unlock the disk, fall back + to asking for the passphrase. + + Before requesting the passphrase, the error from the key protector(s) + has to be cleared, or the later code, e.g., LUKS code, may stop as + grub_errno is set. This commit prints error from the key protector(s) + and sets grub_errno to GRUB_ERR_NONE to have a fresh start. + + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Patrick Colp + + tpm2_key_protector: Implement NV index + Currently with the TPM2 protector, only SRK mode is supported and + NV index support is just a stub. Implement the NV index option. + + Note: This only extends support on the unseal path. grub-protect + has not been updated. tpm2-tools can be used to insert a key into + the NV index. + + An example of inserting a key using tpm2-tools: + + # Get random key. + tpm2_getrandom 32 > key.dat + + # Create primary object. + tpm2_createprimary -C o -g sha256 -G ecc -c primary.ctx + + # Create policy object. `pcrs.dat` contains the PCR values to seal against. + tpm2_startauthsession -S session.dat + tpm2_policypcr -S session.dat -l sha256:7,11 -f pcrs.dat -L policy.dat + tpm2_flushcontext session.dat + + # Seal key into TPM. + cat key.dat | tpm2_create -C primary.ctx -u key.pub -r key.priv -L policy.dat -i- + tpm2_load -C primary.ctx -u key.pub -r key.priv -n sealing.name -c sealing.ctx + tpm2_evictcontrol -C o -c sealing.ctx 0x81000000 + + Then to unseal the key in GRUB, add this to grub.cfg: + + tpm2_key_protector_init --mode=nv --nvindex=0x81000000 --pcrs=7,11 + cryptomount -u --protector tpm2 + + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + tpm2_key_protector: Support authorized policy + This commit handles the TPM2_PolicyAuthorize command from the key file + in TPM 2.0 Key File format. + + TPM2_PolicyAuthorize is the essential command to support authorized + policy which allows the users to sign TPM policies with their own keys. + Per TPM 2.0 Key File [1], CommandPolicy for TPM2_PolicyAuthorize + comprises "TPM2B_PUBLIC pubkey", "TPM2B_DIGEST policy_ref", and + "TPMT_SIGNATURE signature". To verify the signature, the current policy + digest is hashed with the hash algorithm written in "signature", and then + "signature" is verified with the hashed policy digest and "pubkey". Once + TPM accepts "signature", TPM2_PolicyAuthorize is invoked to authorize the + signed policy. + + To create the key file with authorized policy, here are the pcr-oracle [2] + commands: + + # Generate the RSA key and create the authorized policy file + $ pcr-oracle \ + --rsa-generate-key \ + --private-key policy-key.pem \ + --auth authorized.policy \ + create-authorized-policy 0,2,4,7,9 + + # Seal the secret with the authorized policy + $ pcr-oracle \ + --key-format tpm2.0 \ + --auth authorized.policy \ + --input disk-secret.txt \ + --output sealed.key \ + seal-secret + + # Sign the predicted PCR policy + $ pcr-oracle \ + --key-format tpm2.0 \ + --private-key policy-key.pem \ + --from eventlog \ + --stop-event "grub-file=grub.cfg" \ + --after \ + --input sealed.key \ + --output /boot/efi/efi/grub/sealed.tpm \ + sign 0,2,4,7,9 + + Then specify the key file and the key protector to grub.cfg in the EFI + system partition: + + tpm2_key_protector_init -a RSA --tpm2key=(hd0,gpt1)/efi/grub/sealed.tpm + cryptomount -u -P tpm2 + + For any change in the boot components, just run the "sign" command again + to update the signature in sealed.tpm, and TPM can unseal the key file + with the updated PCR policy. + + [1] https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html + [2] https://github.com/okirch/pcr-oracle + + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Hernan Gatta + + util/grub-protect: Add new tool + To utilize the key protectors framework, there must be a way to protect + full-disk encryption keys in the first place. The grub-protect tool + includes support for the TPM2 key protector but other protectors that + require setup ahead of time can be supported in the future. + + For the TPM2 key protector, the intended flow is for a user to have + a LUKS 1 or LUKS 2-protected fully-encrypted disk. The user then creates + a new LUKS key file, say by reading /dev/urandom into a file, and creates + a new LUKS key slot for this key. Then, the user invokes the grub-protect + tool to seal this key file to a set of PCRs using the system's TPM 2.0. + The resulting sealed key file is stored in an unencrypted partition such + as the EFI System Partition (ESP) so that GRUB may read it. The user also + has to ensure the cryptomount command is included in GRUB's boot script + and that it carries the requisite key protector (-P) parameter. + + Sample usage: + + $ dd if=/dev/urandom of=luks-key bs=1 count=32 + $ sudo cryptsetup luksAddKey /dev/sdb1 luks-key --pbkdf=pbkdf2 --hash=sha512 + + To seal the key with TPM 2.0 Key File (recommended): + + $ sudo grub-protect --action=add \ + --protector=tpm2 \ + --tpm2-pcrs=0,2,4,7,9 \ + --tpm2key \ + --tpm2-keyfile=luks-key \ + --tpm2-outfile=/boot/efi/efi/grub/sealed.tpm + + Or, to seal the key with the raw sealed key: + + $ sudo grub-protect --action=add \ + --protector=tpm2 \ + --tpm2-pcrs=0,2,4,7,9 \ + --tpm2-keyfile=luks-key \ + --tpm2-outfile=/boot/efi/efi/grub/sealed.key + + Then, in the boot script, for TPM 2.0 Key File: + + tpm2_key_protector_init --tpm2key=(hd0,gpt1)/efi/grub/sealed.tpm + cryptomount -u -P tpm2 + + Or, for the raw sealed key: + + tpm2_key_protector_init --keyfile=(hd0,gpt1)/efi/grub/sealed.key --pcrs=0,2,4,7,9 + cryptomount -u -P tpm2 + + The benefit of using TPM 2.0 Key File is that the PCR set is already + written in the key file, so there is no need to specify PCRs when + invoking tpm2_key_protector_init. + + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Hernan Gatta + + cryptodisk: Support key protectors + Add a new parameter to cryptomount to support the key protectors framework: -P. + The parameter is used to automatically retrieve a key from specified key + protectors. The parameter may be repeated to specify any number of key + protectors. These are tried in order until one provides a usable key for any + given disk. + + Reviewed-by: Glenn Washburn + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Hernan Gatta + + key_protector: Add TPM2 Key Protector + The TPM2 key protector is a module that enables the automatic retrieval + of a fully-encrypted disk's unlocking key from a TPM 2.0. + + The theory of operation is such that the module accepts various + arguments, most of which are optional and therefore possess reasonable + defaults. One of these arguments is the keyfile/tpm2key parameter, which + is mandatory. There are two supported key formats: + + 1. Raw Sealed Key (--keyfile) + When sealing a key with TPM2_Create, the public portion of the sealed + key is stored in TPM2B_PUBLIC, and the private portion is in + TPM2B_PRIVATE. The raw sealed key glues the fully marshalled + TPM2B_PUBLIC and TPM2B_PRIVATE into one file. + + 2. TPM 2.0 Key (--tpm2key) + The following is the ASN.1 definition of TPM 2.0 Key File: + + TPMPolicy ::= SEQUENCE { + CommandCode [0] EXPLICIT INTEGER + CommandPolicy [1] EXPLICIT OCTET STRING + } + + TPMAuthPolicy ::= SEQUENCE { + Name [0] EXPLICIT UTF8STRING OPTIONAL + Policy [1] EXPLICIT SEQUENCE OF TPMPolicy + } + + TPMKey ::= SEQUENCE { + type OBJECT IDENTIFIER + emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL + policy [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL + secret [2] EXPLICIT OCTET STRING OPTIONAL + authPolicy [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL + description [4] EXPLICIT UTF8String OPTIONAL, + rsaParent [5] EXPLICIT BOOLEAN OPTIONAL, + parent INTEGER + pubkey OCTET STRING + privkey OCTET STRING + } + + The TPM2 key protector only expects a "sealed" key in DER encoding, + so "type" is always 2.23.133.10.1.5, "emptyAuth" is "TRUE", and + "secret" is empty. "policy" and "authPolicy" are the possible policy + command sequences to construct the policy digest to unseal the key. + Similar to the raw sealed key, the public portion (TPM2B_PUBLIC) of + the sealed key is stored in "pubkey", and the private portion + (TPM2B_PRIVATE) is in "privkey". + + For more details: https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html + + This sealed key file is created via the grub-protect tool. The tool + utilizes the TPM's sealing functionality to seal (i.e., encrypt) an + unlocking key using a Storage Root Key (SRK) to the values of various + Platform Configuration Registers (PCRs). These PCRs reflect the state + of the system as it boots. If the values are as expected, the system + may be considered trustworthy, at which point the TPM allows for a + caller to utilize the private component of the SRK to unseal (i.e., + decrypt) the sealed key file. The caller, in this case, is this key + protector. + + The TPM2 key protector registers two commands: + + - tpm2_key_protector_init: Initializes the state of the TPM2 key + protector for later usage, clearing any + previous state, too, if any. + + - tpm2_key_protector_clear: Clears any state set by tpm2_key_protector_init. + + The way this is expected to be used requires the user to, either + interactively or, normally, via a boot script, initialize/configure + the key protector and then specify that it be used by the "cryptomount" + command (modifications to this command are in a different patch). + + For instance, to unseal the raw sealed key file: + + tpm2_key_protector_init --keyfile=(hd0,gpt1)/efi/grub/sealed-1.key + cryptomount -u -P tpm2 + + tpm2_key_protector_init --keyfile=(hd0,gpt1)/efi/grub/sealed-2.key --pcrs=7,11 + cryptomount -u -P tpm2 + + Or, to unseal the TPM 2.0 Key file: + + tpm2_key_protector_init --tpm2key=(hd0,gpt1)/efi/grub/sealed-1.tpm + cryptomount -u -P tpm2 + + tpm2_key_protector_init --tpm2key=(hd0,gpt1)/efi/grub/sealed-2.tpm --pcrs=7,11 + cryptomount -u -P tpm2 + + If a user does not initialize the key protector and attempts to use it + anyway, the protector returns an error. + + Before unsealing the key, the TPM2 key protector follows the "TPMPolicy" + sequences to enforce the TPM policy commands to construct a valid policy + digest to unseal the key. + + For the TPM 2.0 Key files, "authPolicy" may contain multiple "TPMPolicy" + sequences, the TPM2 key protector iterates "authPolicy" to find a valid + sequence to unseal key. If "authPolicy" is empty or all sequences in + "authPolicy" fail, the protector tries the one from "policy". In case + "policy" is also empty, the protector creates a "TPMPolicy" sequence + based on the given PCR selection. + + For the raw sealed key, the TPM2 key protector treats the key file as a + TPM 2.0 Key file without "authPolicy" and "policy", so the "TPMPolicy" + sequence is always based on the PCR selection from the command + parameters. + + This commit only supports one policy command: TPM2_PolicyPCR. The + command set will be extended to support advanced features, such as + authorized policy, in the later commits. + + Cc: James Bottomley + Reviewed-by: Daniel Kiper + Reviewed-by: Stefan Berger + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + tss2: Add TPM2 Software Stack (TSS2) support + A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to + compose and submit TPM commands and parse responses. + + A limited number of TPM commands may be accessed via the EFI TCG2 + protocol. This protocol exposes functionality that is primarily geared + toward TPM usage within the context of Secure Boot. For all other TPM + commands, however, such as sealing and unsealing, this protocol does not + provide any help, with the exception of passthrough command submission. + + The SubmitCommand method allows a caller to send raw commands to the + system's TPM and to receive the corresponding response. These + command/response pairs are formatted using the TPM wire protocol. To + construct commands in this way, and to parse the TPM's response, it is + necessary to, first, possess knowledge of the various TPM structures, and, + second, of the TPM wire protocol itself. + + As such, this patch includes implementations of various grub_tpm2_* functions + (inventoried below), and logic to write and read command and response + buffers, respectively, using the TPM wire protocol. + + Functions: + - grub_tpm2_create(), + - grub_tpm2_createprimary(), + - grub_tpm2_evictcontrol(), + - grub_tpm2_flushcontext(), + - grub_tpm2_load(), + - grub_tpm2_pcr_read(), + - grub_tpm2_policygetdigest(), + - grub_tpm2_policypcr(), + - grub_tpm2_readpublic(), + - grub_tpm2_startauthsession(), + - grub_tpm2_unseal(), + - grub_tpm2_loadexternal(), + - grub_tpm2_hash(), + - grub_tpm2_verifysignature(), + - grub_tpm2_policyauthorize(), + - grub_tpm2_testparms(). + + Reviewed-by: Daniel Kiper + Reviewed-by: Stefan Berger + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + tss2: Add TPM2 types and Marshal/Unmarshal functions + This commit adds the necessary TPM2 types and structs as the preparation + for the TPM2 Software Stack (TSS2) support. The Marshal/Unmarshal + functions are also added to handle the data structure to be submitted to + TPM2 commands and to be received from the response. + + Reviewed-by: Daniel Kiper + Reviewed-by: Stefan Berger + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + tss2: Add TPM2 buffer handling functions + As the preparation to support TPM2 Software Stack (TSS2), this commit + implements the TPM2 buffer handling functions to pack data for the TPM2 + commands and unpack the data from the response. + + Cc: Stefan Berger + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Hernan Gatta + + key_protector: Add key protectors framework + A key protector encapsulates functionality to retrieve an unlocking key + for a fully-encrypted disk from a specific source. A key protector + module registers itself with the key protectors framework when it is + loaded and unregisters when unloaded. Additionally, a key protector may + accept parameters that describe how it should operate. + + The key protectors framework, besides offering registration and + unregistration functions, also offers a one-stop routine for finding and + invoking a key protector by name. If a key protector with the specified + name exists and if an unlocking key is successfully retrieved by it, the + function returns to the caller the retrieved key and its length. + + Cc: Vladimir Serbinenko + Reviewed-by: Stefan Berger + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + libtasn1: Add the documentation + Document libtasn1 in docs/grub-dev.texi and add the upgrade steps. + Also add the patches to make libtasn1 compatible with GRUB code. + + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Daniel Axtens + + asn1_test: Test module for libtasn1 + Import tests from libtasn1 that use functionality we import. + This test module is integrated into functional_test so that the + user can run the test in GRUB shell. + + This doesn't test the full decoder but that will be exercised in + test suites for coming patch sets. + + Add testcase target in accordance with commit 5e10be48e5 (tests: Add + check-native and check-nonnative make targets). + + Cc: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Daniel Axtens + + libtasn1: Compile into asn1 module + Create a wrapper file that specifies the module license. + Set up the makefile so it is built. + + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + asn1_test: Enable the testcase only when GRUB_LONG_MAX is larger than GRUB_INT_MAX + There is a testcase to test the values larger than "int" but smaller + than "long". However, for some architectures, "long" and "int" are the + same and the compiler may issue a warning like this: + + grub-core/tests/asn1/tests/Test_overflow.c:48:50: error: left shift of negative value [-Werror=shift-negative-value] + unsigned long num = ((long) GRUB_UINT_MAX) << 2; + ^~ + + To avoid unnecessary error the testcase is enabled only when + GRUB_LONG_MAX is larger than GRUB_INT_MAX. + + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + asn1_test: Use the grub-specific functions and types + This commit converts functions and types to the grub-specific ones: + - LONG_MAX -> GRUB_LONG_MAX, + - INT_MAX -> GRUB_INT_MAX, + - UINT_MAX -> GRUB_UINT_MAX, + - size_t -> grub_size_t, + - memcmp() -> grub_memcmp(), + - memcpy() -> grub_memcpy(), + - free() -> grub_free(), + - strcmp() -> grub_strcmp(). + + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + asn1_test: Print the error messages with grub_printf() + This commit replaces printf() and fprintf() with grub_printf() to print + the error messages for the testcases. Besides, asn1_strerror() is used + to convert the result code to strings instead of asn1_perror(). + + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + asn1_test: Remove "verbose" and the unnecessary printf() + This commit removes the "verbose" variables and the unnecessary printf() + to simplify the output. + + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + asn1_test: Return either 0 or 1 to reflect the results + Some testcases use exit() to end the test. Since all the asn1 testcases + are invoked as functions, this commit replaces exit() with return to + reflect the test results, so that the main test function can check the + results. + + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + asn1_test: Rename the main functions to the test names + This commit changes the main functions in the testcases to the test + names so that the real "main" test function can invokes them. + + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + asn1_test: Include asn1_test.h only + This commit removes all the headers and only uses asn1_test.h. + To avoid including int.h from grub-core/lib/libtasn1-grub/lib, + CONST_DOWN is defined in reproducers.c. + + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + libtasn1: Fix the potential buffer overrun + In _asn1_tag_der(), the first while loop for the long form may end up + with a "k" value with "ASN1_MAX_TAG_SIZE" and cause the buffer overrun + in the second while loop. This commit tweaks the conditional check to + avoid producing a too large "k". + + This is a quick fix and may differ from the official upstream fix. + + libtasn1 issue: https://gitlab.com/gnutls/libtasn1/-/issues/49 + + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + libtasn1: Use grub_divmod64() for division + Replace a 64-bit division with a call to grub_divmod64(), preventing + creation of __udivdi3() calls on 32-bit platforms. + + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + libtasn1: Adjust the header paths in libtasn1.h + Since libtasn1.h is the header to be included by users, including the + standard POSIX headers in libtasn1.h would force the user to add the + CFLAGS/CPPFLAGS for the POSIX headers. + + This commit adjusts the header paths to use the grub headers instead of + the standard POSIX headers, so that users only need to include + libtasn1.h to use libtasn1 functions. + + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + libtasn1: Replace strcat() with _asn1_str_cat() + strcat() is not available in GRUB. This commit replaces strcat() and + _asn1_strcat() with the bounds-checking _asn1_str_cat(). + + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + libtasn1: Replace strcat() with strcpy() in _asn1_str_cat() + strcat() is not available in GRUB. This commit replaces strcat() with + strcpy() in _asn1_str_cat() as the preparation to replace other strcat() + with the bounds-checking _asn1_str_cat(). + + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Gary Lin + + libtasn1: Disable code not needed in GRUB + We don't expect to be able to write ASN.1, only read it, + so we can disable some code. + + Do that with #if 0/#endif, rather than deletion. This means + that the difference between upstream and GRUB is smaller, + which should make updating libtasn1 easier in the future. + + With these exclusions we also avoid the need for minmax.h, + which is convenient because it means we don't have to + import it from gnulib. + + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Daniel Axtens + + libtasn1: Import libtasn1-4.19.0 + Import a very trimmed-down set of libtasn1 files: + + curl -L -O https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.19.0.tar.gz + tar xvzf libtasn1-4.19.0.tar.gz + rm -rf grub-core/lib/libtasn1 + mkdir -p grub-core/lib/libtasn1/lib + mkdir -p grub-core/lib/libtasn1/tests + cp libtasn1-4.19.0/{README.md,COPYING} grub-core/lib/libtasn1 + cp libtasn1-4.19.0/lib/{coding.c,decoding.c,element.c,element.h,errors.c,gstr.c,gstr.h,int.h,parser_aux.c,parser_aux.h,structure.c,structure.h} grub-core/libtasn1/lib + cp libtasn1-4.19.0/lib/includes/libtasn1.h grub-core/lib/libtasn1 + cp libtasn1-4.19.0/tests/{CVE-2018-1000654-1_asn1_tab.h,CVE-2018-1000654-2_asn1_tab.h,CVE-2018-1000654.c,object-id-decoding.c,object-id-encoding.c,octet-string.c,reproducers.c,Test_overflow.c,Test_simple.c,Test_strings.c} grub-core/lib/libtasn1/tests + rm -rf libtasn1-4.19.0* + + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Daniel Axtens + + posix_wrap: Tweaks in preparation for libtasn1 + Cc: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + Tested-by: Stefan Berger + +2024-11-28 Rasmus Villemoes + + kern/fs: Honour file->read_hook() in grub_fs_blocklist_read() + Unlike files accessed via a normal file system, the file->read_hook() is + not honoured when using blocklist notation. + + This means that when trying to use a dedicated, 1 KiB, raw partition + for the environment block and hence does something like + + save_env --file=(hd0,gpt9)0+2 X Y Z + + this fails with "sparse file not allowed", which is rather unexpected, + as I've explicitly said exactly which blocks should be used. Adding + a little debugging reveals that grub_file_size(file) is 1024 as expected, + but total_length is 0, simply because the callback was never invoked, so + blocklists is an empty list. + + Fix that by honouring the ->read_hook() set by the caller, also when + a "file" is specified with blocklist notation. + + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2024-11-28 Glenn Washburn + + docs: Fix incorrect and potentially confusing language and minor formatting + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2024-10-31 Andrew Hamilton + + docs: Correct GRUB config file name for network boot + Correct the documentation for the grub.cfg searching via network that + will be done based on ethernet type, -01, which was missing, and a given + MAC address. + + Fixes: https://savannah.gnu.org/bugs/?65152 + + Reviewed-by: Daniel Kiper + +2024-10-31 Andrew Hamilton + + docs: Correct chainloader UEFI secure boot info + Correct documentation for UEFI secure boot to remove statement that + chainloader does not work with secure boot. This was fixed by the commit + 6d05264 (kern/efi/sb: Add chainloaded image as shim's verifiable object). + + Fixes: https://savannah.gnu.org/bugs/?62004 + + Reviewed-by: Daniel Kiper + +2024-10-31 Andrew Hamilton + + docs: Correct PXE environment variables descriptions + Correct documentation for pxe_default_server, pxe_default_gatway and + pxe_blksize. Only pxe_default_server is actually used (alias for + net_default_server). So, capture this and remove the other two. + + Fixes: https://savannah.gnu.org/bugs/?54480 + + Reviewed-by: Daniel Kiper + +2024-10-31 Valentin Gehrke + + loader/multiboot: Do not add modules before successful download + Multiboot modules that could not be read successfully, e.g. via network, + should not be added to the list of modules to forward to the operating + system that is to be booted subsequently. + + This patch is necessary because even if a grub.cfg checks whether or not + a module was successfully downloaded, it is futile to retry a failed + download as the corrupted module will be forwarded either way. + + Reviewed-by: Daniel Kiper + +2024-10-31 Sudhakar Kuppusamy + + grub-mkimage: Add SBAT metadata into ELF note for PowerPC targets + The SBAT metadata is read from CSV file and transformed into an ELF note + with the -s option. + + Reviewed-by: Daniel Kiper + +2024-10-31 Sudhakar Kuppusamy + + grub-mkimage: Create new ELF note for SBAT + In order to store the SBAT data we create a new ELF note. The string + ".sbat", zero-padded to 4 byte alignment, shall be entered in the name + field. The string "SBAT"'s ASCII values, 0x53424154, should be entered + in the type field. + + Reviewed-by: Daniel Kiper + +2024-10-31 Leo Sandoval + + commands/legacycfg: Avoid closing file twice + An internal (at Red Hat) static soure code scan detected an + use-after-free scenario: + + Error: USE_AFTER_FREE (CWE-416): + grub-2.06/grub-core/commands/legacycfg.c:194: freed_arg: "grub_file_close" frees "file". + grub-2.06/grub-core/commands/legacycfg.c:201: deref_arg: Calling "grub_file_close" dereferences freed pointer "file". + # 199| if (!args) + # 200| { + # 201|-> grub_file_close (file); + # 202| grub_free (suffix); + # 203| grub_free (entrysrc); + + So, remove the extra file close call. + + Reviewed-by: Daniel Kiper + +2024-10-31 Daniel Kiper + + nx: Rename GRUB_DL_ALIGN to DL_ALIGN + Rename has been skipped by mistake in the original commit. + + Fixes: 94649c026 (nx: Set page permissions for loaded modules) + + Tested-by: Sudeep Holla + Reviewed-by: Ross Philipson + +2024-10-31 Benjamin Herrenschmidt + + kern/acpi: Fix out of bounds access in grub_acpi_xsdt_find_table() + The calculation of the size of the table was incorrect (copy/pasta from + grub_acpi_rsdt_find_table() I assume...). The entries are 64-bit long. + + This causes us to access beyond the end of the table which is causing + crashes during boot on some systems. Typically this is causing a crash + on VMWare when using UEFI and enabling serial autodetection, as + + grub_acpi_find_table (GRUB_ACPI_SPCR_SIGNATURE); + + will goes past the end of the table (the SPCR table doesn't exits). + + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + Reviewed-by: Ross Philipson + Tested-by: Renata Ravanelli + +2024-10-11 Mate Kukri + + nx: Set the NX compatible flag for the GRUB EFI images + For NX the GRUB binary has to announce that it is compatible with the + NX feature. This implies that when loading the executable GRUB image + several attributes are true: + - the binary doesn't need an executable stack, + - the binary doesn't need sections to be both executable and writable, + - the binary knows how to use the EFI Memory Attributes Protocol on code + it is loading. + + This patch: + - adds a definition for the PE DLL Characteristics flag GRUB_PE32_NX_COMPAT, + - changes grub-mkimage to set that flag. + + Reviewed-by: Daniel Kiper + +2024-10-11 Mate Kukri + + nx: Set page permissions for loaded modules + For NX we need to set write and executable permissions on the sections + of GRUB modules when we load them. All allocatable sections are marked + readable. In addition: + - SHF_WRITE sections are marked as writable, + - and SHF_EXECINSTR sections are marked as executable. + + Where relevant for the platform the tramp and GOT areas are marked non-writable. + + Reviewed-by: Daniel Kiper + +2024-10-11 Mate Kukri + + nx: Add memory attribute get/set API + For NX we need to set the page access permission attributes for write + and execute permissions. This patch adds two new primitives, grub_set_mem_attrs() + and grub_clear_mem_attrs(), and associated constants definitions used + for that purpose. For most platforms it adds a dummy implementation. + On EFI platforms it implements the primitives using the EFI Memory + Attribute Protocol, defined in UEFI 2.10 specification. + + Reviewed-by: Daniel Kiper + +2024-10-11 Mate Kukri + + modules: Load module sections at page-aligned addresses + Currently we load module sections at whatever alignment gcc+ld happened + to dump into the ELF section header which is often less then the page + size. Since NX protections are page based this alignment must be rounded + up to page size on platforms supporting NX protections. This patch + switches EFI platforms to load module sections at 4 KiB page-aligned + addresses. It then changes the allocation size computation and the + loader code in grub_dl_load_segments() to align the locations and sizes + up to these boundaries and fills any added padding with zeros. All of + this happens before relocations are applied, so the relocations factor + that in with no change. + + Reviewed-by: Daniel Kiper + +2024-10-10 Peter Jones + + modules: Don't allocate space for non-allocable sections + Currently when loading GRUB modules we allocate space for all sections + including those without SHF_ALLOC set. We then copy the sections that + /do/ have SHF_ALLOC set into the allocated memory leaving some of our + allocation untouched forever. Additionally, on platforms with GOT fixups + and trampolines we currently compute alignment round-ups for the + sections and sections with sh_size = 0. This patch removes the extra + space from the allocation computation and makes the allocation + computation loop skip empty sections as the loading loop does. + + Reviewed-By: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2024-10-10 Peter Jones + + modules: Strip .llvm_addrsig sections and similar + Currently GRUB modules built with Clang or GCC have several sections + which we don't actually need or support. We already have a list of + sections to skip in genmod.sh and this patch adds the following + sections to that list (as well as a few newlines): + - .note.gnu.property + - .llvm* + + Note that the glob there won't work without a new enough linker but the + failure is just reversion to the status quo. So, that's not a big problem. + + Reviewed-By: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2024-10-10 Peter Jones + + modules: Make .module_license read-only + Currently .module_license is set writable, that is, the section has the + SHF_WRITE flag set, in the module's ELF headers. This probably never + actually matters but it can't possibly be correct. The patch sets that + data as "const" which causes that flag not to be set. + + Reviewed-By: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2024-10-10 Daniel Kiper + + i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and make it global + This is an x86-specific thing and should be available globally. + + Reviewed-by: Ross Philipson + Reviewed-by: Daniel Kiper + +2024-10-10 Daniel Kiper + + i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT + This fixes naming inconsistency that goes against coding style as well + as helps to avoid potential conflicts and confusion as this constant is + used in multiple places. + + Reviewed-by: Ross Philipson + Reviewed-by: Daniel Kiper + +2024-10-10 Daniel Kiper + + i386/msr: Extract and improve MSR support detection code + Currently rdmsr and wrmsr commands have own MSR support detection code. + This code is the same. So, it is duplicated. Additionally, this code + cannot be reused by others. Hence, extract this code to a function and + make it public. By the way, improve a code a bit. + + Additionally, use GRUB_ERR_BAD_DEVICE instead of GRUB_ERR_BUG to signal + an error because errors encountered by this new routine are not bugs. + + Reviewed-by: Ross Philipson + Reviewed-by: Daniel Kiper + +2024-10-10 Daniel Kiper + + i386/msr: Rename grub_msr_read() and grub_msr_write() + Use more obvious names which match corresponding instructions: + * grub_msr_read() => grub_rdmsr(), + * grub_msr_write() => grub_wrmsr(). + + Reviewed-by: Ross Philipson + Reviewed-by: Daniel Kiper + +2024-10-10 Daniel Kiper + + i386/msr: Merge rdmsr.h and wrmsr.h into msr.h + It does not make sense to have separate headers for individual static + functions. So, make one common place to store them. + + Reviewed-by: Ross Philipson + Reviewed-by: Daniel Kiper + +2024-10-10 Michael Chang + + commands/tpm: Skip loopback image measurement + The loopback image is configured to function as a disk by being mapped + as a block device. Instead of measuring the entire block device we + should focus on tracking the individual files accessed from it. For + example, we do not directly measure block devices like hd0 disk but the + files opened from it. + + This method is important to avoid running out of memory since loopback + images can be very large. Trying to read and measure the whole image at + once could cause out of memory errors and disrupt the boot process. + + Reviewed-by: Daniel Kiper + +2024-10-10 Michael Chang + + net/drivers/efi/efinet: Skip virtual VLAN devices during card enumeration + Similarly to the issue described in commit c52ae4057 (efinet: skip + virtual IPv4 and IPv6 devices during card enumeration) the UEFI PXE + driver creates additional VLAN child devices when a VLAN ID is + configured on a network interface associated with a physical NIC. These + virtual VLAN devices must be skipped during card enumeration to ensure + that the subsequent SNP exclusive open operation targets the correct + physical card instances. Otherwise packet transfer would fail. + + A device path example with VLAN nodes: + + /MAC(123456789ABC,0x1)/Vlan(20)/IPv4(0.0.0.0,0x0,DHCP,0.0.0.0,0.0.0.0,0.0.0.0) + + Reviewed-by: Daniel Kiper + +2024-10-10 Michael Chang + + efi/console: Properly clear leftover artifacts from the screen + A regression in GRUB 2.12 causes the GRUB screen to become cluttered + with artifacts from the previous screen whether it's the UEFI post UI, + UEFI shell or any graphical UI running before GRUB. This issue occurs + in situations like booting GRUB from the UEFI shell and going straight + to the rescue or command shell causing visual discomfort. + + The regression was introduced by commit 2d7c3abd8 (efi/console: Do not + set text-mode until it is actually needed). To address the screen + flickering issue this commit suppresses the text-mode setting until the + first output is requested. Before text-mode is set any attempt to clear + the screen has no effect. This inactive period renders the clear screen + ineffective in early boot stages, potentially leaving leftover artifacts + that will clutter the GRUB console display, as there is no guarantee + there will always be a clear screen after the first output. + + The issue is fixed by ensuring grub_console_cls() to work through lazy + mode-setting, while also avoiding screen clearing for the hidden menu + which the flicker-free patch aims to improve. + + Fixes: 2d7c3abd8 (efi/console: Do not set text-mode until we actually need it) + + Reviewed-by: Daniel Kiper + +2024-10-10 Heinrich Schuchardt + + kern/riscv/efi/init: Use time register in grub_efi_get_time_ms() + The cycle register is not guaranteed to count at constant frequency. + If it is counting at all depends on the state the performance monitoring + unit. Use the time register to measure time. + + Reviewed-by: Daniel Kiper + +2024-09-05 Frediano Ziglio + + loader/efi/linux: Reset freed pointer + Avoid dangling pointer. Code should not be reached but better safe than sorry. + + Reviewed-by: Daniel Kiper + +2024-09-05 Frediano Ziglio + + loader/efi/linux: Reuse len variable + Reviewed-by: Daniel Kiper + +2024-09-05 Frediano Ziglio + + lib/x86_64/relocator_asm: Use .quad instead of .long + They are single 64-bit values. Used in other assembly files too. + + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2024-09-05 Frediano Ziglio + + lib/x86_64/relocator_asm: Fix comment in code + The instruction uses a 64-bit immediate. + + Reviewed-by: Daniel Kiper + +2024-09-05 Frediano Ziglio + + loader/efi/linux: Update comment + The function called is grub_utf8_to_utf16(). + + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2024-09-05 Vladimir Serbinenko + + util/grub-mkimagexx: Explicitly move modules to __bss_start for MIPS targets + Assembly code looks for modules at __bss_start. Make this position explicit + rather than matching BSS alignment and module alignment. + + Reviewed-by: Daniel Kiper + +2024-09-05 Vladimir Serbinenko + + include/grub/offsets.h: Set mod_align to 4 on MIPS + Module structure has natural alignment of 4. Respect it explicitly + rather than relying on the fact that _end is usually aligned. + + Reviewed-by: Daniel Kiper + +2024-09-05 Vladimir Serbinenko + + gentpl: Put boot/mips/startup_raw.S into beginning of the image + Otherwise it breaks the decompressors for MIPS targets. + + Reviewed-by: Daniel Kiper + +2024-09-05 Vladimir Serbinenko + + configure: Add -mno-gpopt option for mips and mipsel targets + Without it compiler generates GPREL16 references which do not work + with our memory layout. + + Reviewed-by: Daniel Kiper + +2024-09-05 Vladimir Serbinenko + + lib/xzembed/xz_dec_bcj: Silence warning when no BCJ is available + BCJ is not available for all platforms hence arguments may end up unused. + + Reviewed-by: Daniel Kiper + +2024-09-05 Vladimir Serbinenko + + fs/erofs: Replace 64-bit modulo with bitwise operations + Otherwise depending on compiler we end up with umoddi3 reference and + failed module dependency resolution. + + Reviewed-by: Daniel Kiper + +2024-09-05 Vladimir Serbinenko + + configure: Look for .otf fonts + Reviewed-by: Daniel Kiper + +2024-09-05 Mate Kukri + + loader/efi/chainloader: Do not print device path of chainloaded file + Users have no reason to see this and it can break graphical boot. + + Reviewed-by: Daniel Kiper + +2024-09-05 Andrew Hamilton + + docs: Document all GRUB modules + Add documentation for all GRUB modules contained in the source code tree. + When possible, cross-references to additional detail on commands was added + from their corresponding module documentation. In addition, documentation + for the file command was added. + + Reviewed-by: Daniel Kiper + +2024-09-05 Michael Chang + + commands/bli: Fix crash in get_part_uuid() + The get_part_uuid() function made an assumption that the target GRUB + device is a partition device and accessed device->disk->partition + without checking for NULL. There are four situations where this + assumption is problematic: + + 1. The device is a net device instead of a disk. + 2. The device is an abstraction device, like LVM, RAID, or CRYPTO, which + is mostly logical "disk" ((lvmid/) and so on). + 3. Firmware RAID may present the ESP to GRUB as an EFI disk (hd0) device + if it is contained within a Linux software RAID. + 4. When booting from a CD-ROM, the ESP is a VFAT image indexed by the El + Torito boot catalog. The boot device is set to (cd0), corresponding + to the CD-ROM image mounted as an ISO 9660 filesystem. + + As a result, get_part_uuid() could lead to a NULL pointer dereference + and trigger a synchronous exception during boot if the ESP falls into + one of these categories. This patch fixes the problem by adding the + necessary checks to handle cases where the ESP is not a partition device. + + Additionally, to avoid disrupting the boot process, this patch relaxes + the severity of the errors in this context to non-critical. Errors will + be logged, but they will not prevent the boot process from continuing. + + Fixes: e0fa7dc84 (bli: Add a module for the Boot Loader Interface) + + Reviewed-By: Oliver Steffen + Reviewed-by: Daniel Kiper + +2024-06-20 Thomas Schmitt + + util/grub-mkrescue: Check existence of option arguments + As reported by Victoriia Egorova in bug 65880, grub-mkrescue does not + verify that the expected argument of an option like -d or -k does really + exist in argv. So, check the loop counter before incrementing it inside + the loop which copies argv to argp_argv. Issue an error message similar + to what older versions of grub-mkrescue did with a missing argument, + e.g. 2.02. + + Fixes: https://savannah.gnu.org/bugs/index.php?65880 + + Reviewed-by: Daniel Kiper + +2024-06-20 Tobias Heider + + loader/efi/fdt: Add fdtdump command to access device tree + The fdtdump command allows dumping arbitrary device tree properties + and saving them to a variable similar to the smbios command. + + This is useful in scripts where further actions such as selecting + a kernel or loading another device tree depend on the compatible + or model values of the device tree provided by the firmware. + + For now only the root level properties of the dtb are exposed. + + Reviewed-by: Daniel Kiper + +2024-06-20 Vladimir Serbinenko + + osdep/devmapper/getroot: Unmark 2 strings for translation + First they're use macros so they can't be translated as-is. + Second there is no point in translating them as they're too technical. + + Reviewed-by: Daniel Kiper + +2024-06-20 Vladimir Serbinenko + + loader/emu/linux: Fix determination of program name + Current code works only if package matches binary name transformation rules. + It's often true but is not guaranteed. + + Fixes: https://savannah.gnu.org/bugs/?64410 + + Reviewed-by: Daniel Kiper + +2024-06-20 Vladimir Serbinenko + + disk/cryptodisk: Fix translatable message + Fixes: https://savannah.gnu.org/bugs/?64408 + + Reviewed-by: Daniel Kiper + +2024-06-20 Vladimir Serbinenko + + tests: Add test for ZFS zstd + Reviewed-by: Daniel Kiper + + fs/zfs/zfs: Add support for zstd compression + Reviewed-by: Daniel Kiper + +2024-06-20 Mate Kukri + + kern/efi/mm: Detect calls to grub_efi_drop_alloc() with wrong page counts + Silently keeping entries in the list if the address matches, but the + page count doesn't is a bad idea, and can lead to double frees. + + grub_efi_free_pages() have already freed parts of this block by this + point, and thus keeping the whole block in the list and freeing it again + at exit can lead to double frees. + + Reviewed-by: Daniel Kiper + +2024-06-20 Mate Kukri + + kern/efi/mm: Change grub_efi_allocate_pages_real() to call semantically correct free function + If the firmware happens to return 0 as an address of allocated pages, + grub_efi_allocate_pages_real() tries to allocate a new set of pages, + and then free the ones at address 0. + + However at that point grub_efi_store_alloc() wasn't yet called, so + freeing the pages at 0 using grub_efi_free_pages() which calls + grub_efi_drop_alloc() isn't necessary, so let's call b->free_pages() + instead. + + The call to grub_efi_drop_alloc() doesn't seem particularly harmful, + because it seems to do nothing if the allocation it is asked to drop + isn't on the list, but the call to it is obviously unnecessary here. + + Reviewed-by: Daniel Kiper + +2024-06-20 Mate Kukri + + kern/efi/mm: Change grub_efi_mm_add_regions() to keep track of map allocation size + If the map was too big for the initial allocation, it was freed and replaced + with a bigger one, but the free call still used the hard-coded size. + + Seems like this wasn't hit for a long time, because most firmware maps + fit into 12K. + + This bug was triggered on Project Mu firmware with a big memory map, and + results in the heap getting trashed and the firmware ASSERTING on + corrupted heap guard values when GRUB exits. + + Reviewed-by: Daniel Kiper + +2024-06-20 Yifan Zhao + + tests/util/grub-fs-tester: Fix EROFS label tests in grub-fs-tester + mkfs.erofs with version < 1.6 does not support the -L option. + Let's detect the version of mkfs.erofs and skip the label tests + if it is not supported. + + Suggested-by: Glenn Washburn + Reviewed-by: Daniel Kiper + +2024-06-20 Glenn Washburn + + tests: Switch to requiring exfatprogs from exfat-utils + The current Debian stable, now 12, has dropped the exfat-utils package + that the exfat filesystem test requires to run. There is an exfatprogs + package that replaces exfat-utils, though it is not a drop-in replacement + because mkfs.exfat has differing command line option names. Note, that + we're not yet switching to using the exfat kernel module because this + allows the testings on kernels that do not have the module. + + Update mkfs.exfat usage to adhere to the different exfatprogs usage. Also, + the exfatprogs mkfs.exfat, following the exfat specification more closely, + only allows a maximum of 22 bytes of UTF-16 characters in the volume label + compared to 30 bytes from exfat-utils. So the exfat label test is updated + accordingly. + + Update documentation to note that exfatprogs is now needed and also + exfat-fuse, which is needed do the fuse mount. + + Reviewed-by: Daniel Kiper + +2024-06-20 Glenn Washburn + + tests/util/grub-shell-luks-tester: Fix detached header test getting wrong header path + When $detached_header was set 1, $luksdiskfile was set to the LUKS header + file path with "${detached_header:-$luksfile}" appended, which evaluates + to "1". Fix this by using two statements to set $luksdiskfile. The first + sets it to the header file if $detached_header is set, otherwise leave it + unset. The second statement sets it to itself if it is already set, + otherwise it is set to $luksfile. + + Fixes: a7b540e6e (tests: Add cryptomount functional test) + + Reviewed-by: Daniel Kiper + +2024-06-20 Glenn Washburn + + tests/util/grub-shell: Add flexibility in QEMU firmware handling + First look for firmware files in the source directory and then, if not + found, look for them in locations where Debian installs them. Prefer to + use the unified firmware file and, if not found, use the pflash firmware + files split in to code and variables. By looking for files in the source + directory first, system firmware files can be overridden and it can be + ensured that the tests can be run regardless of the distro or where the + system firmware files are stored. If no firmware files are found, print + an error message and exit with error. + + If a firmware VARS file is found, use it with snapshot mode enabled, which + makes the VARS writable to the virtual machine, but does not write back + the changes to the file. This allows using the readonly system VARS file + without copying it or using it in readonly mode, which causes the ARM + machine to fail. This also gives tests effectively their own ephemeral VARS + file that can be written to without causing side-effects for other tests. + + Reviewed-by: Daniel Kiper + +2024-06-20 Glenn Washburn + + tests/util/grub-shell: Use pflash instead of -bios to load UEFI firmware + According to the OVMF whitepaper [1]: + + IMPORTANT: Never pass OVMF.fd to qemu with the -bios option. That option + maps the firmware image as ROM into the guest's address space, and forces + OVMF to emulate non-volatile variables with a fallback driver that is + bound to have insufficient and confusing semantics. + + Use the pflash interface instead. Currently the unified firmware file is + used, which contains both firmware code and variable sections. By enabling + snapshot on the pflash device, the firmware can be loaded in such a way + that variables can be written to without writing to the backing file. + + Since pflash does no searching for firmware paths that are not absolute, + unlike the -bios option, also make firmware paths absolute. Additionally, + update the previous firmware paths or file names that did not correspond to + ones installed by Debian. + + Use the q35 machine, instead of the default i440fx, for i386-efi because + the default machine type does not emulate a flash device, which is now + needed to load the firmware. + + [1] http://www.linux-kvm.org/downloads/lersek/ovmf-whitepaper-c770f8c.txt + + Reviewed-by: Daniel Kiper + +2024-06-20 Glenn Washburn + + tests/util/grub-shell: Print gdbinfo if on EFI platform + Allow using GDB to debug a failing QEMU test. This output does not cause + issues for tests because it happens before the trim line, and so will be + ignored. + + Reviewed-by: Daniel Kiper + +2024-06-20 Glenn Washburn + + configure: Add Debian/Ubuntu DejaVu font path + Reviewed-by: Daniel Kiper + +2024-06-20 Udo Steinberg + + term/ns8250-spcr: Add one more 16550 debug type + Type 0x01 was introduced with the ACPI DBGP table and type 0x12 was introduced + with the ACPI DBG2 table. Type 0x12 is used by the ACPI SPCR table on recent + AWS bare-metal instances (c6i/c7i). Also give each debug type a proper name. + + Reviewed-by: Glenn Washburn + Reviewed-by: Daniel Kiper + +2024-06-20 Vladimir Serbinenko + + loader/i386/multiboot_mbi: Fix handling of errors in broken aout-kludge + Current code in some codepaths neither discards nor reports errors. + Properly surface the error. + + While on it split 2 cases of unrelated variables both named err. + + Reviewed-by: Daniel Kiper + +2024-06-20 Michael Chang + + net/drivers/ieee1275/ofnet: Remove 200 ms timeout in get_card_packet() to reduce input latency + When GRUB image is netbooted on ppc64le, the keyboard input exhibits + significant latency, reports even say that characters are processed + about once per second. This issue makes interactively trying to debug + a ppc64le config very difficult. + + It seems that the latency is largely caused by a 200 ms timeout in the + idle event loop, during which the network card interface is consistently + polled for incoming packets. Often, no packets arrive during this + period, so the timeout nearly always expires, which blocks the response + to key inputs. + + Furthermore, this 200 ms timeout might not need to be enforced at this + basic layer, considering that GRUB performs synchronous reads and its + timeout management is actually handled by higher layers, not directly in + the card instance. Additionally, the idle polling, which reacts to + unsolicited packets like ICMP and SLAAC, would be fine at a less frequent + polling interval, rather than needing a timeout for receiving a response. + + For these reasons, we believe the timeout in get_card_packet() should be + effectively removed. According to test results, the delay has disappeared, + and it is now much easier to use interactively. + + Signed-Off-by: Michael Chang + Tested-by: Tony Jones + Reviewed-by: Daniel Kiper + +2024-06-06 Hector Cao + + commands/efi/tpm: Re-enable measurements on confidential computing platforms + The measurements for confidential computing has been introduced in the + commit 4c76565b6 (efi/tpm: Add EFI_CC_MEASUREMENT_PROTOCOL support). + Recently the patch 30708dfe3 (tpm: Disable the tpm verifier if the TPM + device is not present) has been introduced to optimize the memory usage + when a TPM device is not available on platforms. This fix prevents the + tpm module to be loaded on confidential computing platforms, e.g. Intel + machines with TDX enabled, where the TPM device is not available. + + In this patch, we propose to load the tpm module for this use case by + generalizing the tpm feature detection in order to cover CC platforms. + Basically, we do it by detecting the availability of the + EFI_CC_MEASUREMENT_PROTOCOL EFI protocol. + + Fixes: https://savannah.gnu.org/bugs/?65821 + Fixes: 30708dfe3 (tpm: Disable the tpm verifier if the TPM device is not present) + + Reviewed-by: Daniel Kiper + Reviewed-by: Kuppuswamy Sathyanarayanan + +2024-06-06 Tianjia Zhang + + util/grub-mkpasswd-pbkdf2: Simplify the main function implementation + Allocate memory if needed, while saving the corresponding release + operation, reducing the amount of code and code complexity. + + Reviewed-by: Daniel Kiper + +2024-06-06 Avnish Chouhan + + kern/ieee1275/init: Add IEEE 1275 Radix support for KVM on Power + This patch adds support for Radix, Xive and Radix_gtse in Options + vector5 which is required for KVM LPARs. KVM LPARs ONLY support + Radix and not the Hash. Not enabling Radix on any PowerVM KVM LPARs + will result in boot failure. + + Reviewed-by: Daniel Kiper + +2024-06-06 Vladimir Serbinenko + + fs/zfs/zfs: Mark vdev_zaps_v2 and head_errlog as supported + We don't need any actual adjustments as we don't use the affected structures. + + Reviewed-by: Daniel Kiper + +2024-06-06 Vladimir Serbinenko + + types: Add missing casts in compile-time byteswaps + Without them, e.g., 0x80LL on 64-bit target is 32-bit byte-swapped to + 0xffffffff80000000 instead of correct 0x80000000. + + Reviewed-by: Daniel Kiper + +2024-06-06 Vladimir Serbinenko + + font: Add Fedora-specific font paths + Reviewed-by: Daniel Kiper + + fs/bfs: Fix improper grub_free() on non-existing files + Reviewed-by: Daniel Kiper + +2024-06-06 Daniel Axtens + + io/gzio: Properly init a table + ARRAY_SIZE() is the count of elements, but the element size is 4 bytes, so + this was only initing the first 1/4th of the table. Detected with valgrind. + + This should only matter in error paths, and I've not been able to identify + any actual misbehaviour that results from reading in-bounds but uninited data. + + Reviewed-by: Daniel Kiper + +2024-06-06 Daniel Axtens + + io/gzio: Abort early when get_byte() reads nothing + This isn't intended to be a functional change, but it makes a lot of failures a lot + faster, which is extremely helpful for fuzzing. + + Without this change, we keep trying and trying to read more bytes into our buffer, + never being able to (read always returns 0) and so we just return old buffer contents + over and over until the decompression process fails some other way. + + Reviewed-by: Daniel Kiper + +2024-06-06 Alec Brown + + cli_lock: Add build option to block command line interface + Add functionality to disable command line interface access and editing of GRUB + menu entries if GRUB image is built with --disable-cli. + + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2024-05-23 Yifan Zhao + + fs/erofs: Add tests for EROFS in grub-fs-tester + This patch introduces three EROFS tests which cover compact, extended + and chunk-based inodes respectively. + + Reviewed-by: Glenn Washburn + Reviewed-by: Daniel Kiper + +2024-05-23 Yifan Zhao + + fs/erofs: Add support for the EROFS + The EROFS [1] is a lightweight read-only filesystem designed for performance + which has already been shipped in most Linux distributions as well as widely + used in several scenarios, such as Android system partitions, container + images and rootfs for embedded devices. + + This patch brings in the EROFS uncompressed support. Now, it's possible to + boot directly through GRUB with an EROFS rootfs. + + Support for the EROFS compressed files will be added later. + + [1] https://erofs.docs.kernel.org + + Tested-by: Daniel Axtens + Reviewed-by: Daniel Kiper + +2024-05-23 Gao Xiang + + safemath: Add ALIGN_UP_OVF() which checks for an overflow + The following EROFS patch will use this helper to handle + ALIGN_UP() overflow. + + Reviewed-by: Daniel Kiper + +2024-05-23 Jonathan Davies + + docs: Fix spelling mistakes + Reviewed-by: Daniel Kiper + +2024-05-23 Pascal Hambourg + + util/grub.d/00_header.in: Quote background image pathname in output + This is required if the pathname contains spaces or GRUB shell + metacharacters else the generated config file check will fail. + + Reviewed-by: Daniel Kiper + +2024-05-23 Rogier + + disk/lvm: GRUB fails to detect LVM volumes due to an incorrect computation of mda_end + When handling a regular LVM volume, GRUB can fail with the message: + + error: disk `lvmid/******-****-****-****-****-****-****/******-****-****-****-****-****-******' not found. + + If the condition which triggers this exists, grub-probe will report the + error mentioned above. Similarly, the GRUB boot code will fail to detect + LVM volumes, resulting in a failure to boot off of LVM disks/partitions. + The condition can be created on any LVM VG by an LVM configuration change, + so any system with /boot on LVM can become unbootable at "any" time (after + any LVM configuration change). + + The problem is caused by an incorrect computation of mda_end in disk/lvm.c, + when the metadata area wraps around. Apparently, this can start happening at + around 220 metadata changes to the VG. + + Fixes: 879c4a834 (lvm: Fix two more potential data-dependent alloc overflows) + Fixes: https://savannah.gnu.org/bugs/?61620 + + Reviewed-by: Daniel Kiper + Tested-By: Michael Chang + +2024-05-09 Forest + + disk/cryptodisk: Allow user to retry failed passphrase + Give the user a chance to re-enter their cryptodisk passphrase after a typo, + rather than immediately failing (and likely dumping them into a GRUB shell). + + By default, we allow 3 tries before giving up. A value in the + cryptodisk_passphrase_tries environment variable will override this default. + + The user can give up early by entering an empty passphrase, just as they + could before this patch. + + Reviewed-by: Daniel Kiper + +2024-05-09 Lidong Chen + + disk/mdraid1x_linux: Prevent infinite recursion + The test corpus for version-1 RAID generated an infinite recursion + in grub_partition_iterate() while attempting to read the superblock. + The reason for the issue was that the data region overlapped with + the superblock. + + The infinite call loop looks like this: + grub_partition_iterate() -> partmap->iterate() -> + -> grub_disk_read() -> grub_disk_read_small() -> + -> grub_disk_read_small_real() -> grub_diskfilter_read() -> + -> read_lv() -> read_segment() -> grub_diskfilter_read_node() -> + -> grub_disk_read() -> grub_disk_read_small() -> ... + + The fix adds checks for both the superblock region and the data + region when parsing the superblock metadata in grub_mdraid_detect(). + + Reviewed-by: Daniel Kiper + +2024-05-09 Ard Biesheuvel + + efi: Fix stack protector issues + The "ground truth" stack protector cookie value is kept in a global + variable, and loaded in every function prologue and epilogue to store + it into resp. compare it with the stack slot holding the cookie. + + If the comparison fails, the program aborts, and this might occur + spuriously when the global variable changes values between the entry and + exit of a function. This implies that assigning the global variable at + boot should not involve any instrumented function calls, unless special + care is taken to ensure that the live call stack is synchronized, which + is non-trivial. + + So avoid any function calls, including grub_memcpy(), which is + unnecessary given that the stack cookie is always a suitably aligned + variable of the native word size. + + While at it, leave the last byte 0x0 to avoid inadvertent unbounded + strings on the stack. + + Note that the use of __attribute__((optimize)) is described as + unsuitable for production use in the GCC documentation, so let's drop + this as well now that it is no longer needed. + + Reviewed-by: Daniel Kiper + +2024-05-09 Oliver Steffen + + build: Track explicit module dependencies in Makefile.core.def + Add a new keyword, "depends", to the module definition syntax + used in Makefile.core.def. This allows specifying explicit module + dependencies together with the module definition. + + Do not track the "extra_deps.lst" file in the repository anymore, + it is now auto-generated. + + Make use of this new keyword in the bli module definition. + + Reviewed-by: Daniel Kiper + +2024-04-11 Daniel Kiper + + windows: Add _stack_chk_guard/_stack_chk_fail symbols for Windows 64-bit target + Otherwise the GRUB cannot start due to missing symbols when stack + protector is enabled on EFI platforms. + + Reviewed-by: Vladimir Serbinenko + +2024-04-11 Gary Lin + + util/bash-completion: Fix for bash-completion 2.12 + _split_longopt() was the bash-completion private API and removed since + bash-completion 2.12. This commit initializes the bash-completion + general variables with _init_completion() to avoid the potential + "command not found" error. + + Although bash-completion 2.12 introduces _comp_initialize() to deprecate + _init_completion(), _init_completion() is still chosen for the better + backward compatibility. + + Reviewed-by: Daniel Kiper + +2024-04-11 Vladimir 'phcoder' Serbinenko + + util/grub-fstest: Add a new command zfs-bootfs + It is useful to check zfs-bootfs command. + + Reviewed-by: Daniel Kiper + +2024-04-11 Vladimir 'phcoder' Serbinenko + + efi: Enable CMOS on x86 EFI platforms + The CMOS actually exists on most EFI platforms and in some cases is used to + store useful data that makes it justifiable for GRUB to read/write it. + + As for date and time keep using EFI API and not CMOS one. + + Reviewed-by: Daniel Kiper + +2024-04-11 Vladimir 'phcoder' Serbinenko + + acpi: Mark MADT entries as packed + No alignment is guaranteed and in fact on my IA-64 SAPIC is aligned + to 4 bytes instead of 8 and causes a trap. It affects only rarely used + lsacpi command and so went unnoticed. + + Reviewed-by: Daniel Kiper + +2024-04-11 Michael Chang + + gfxmenu/view: Resolve false grub_errno disrupting boot process + When enabling gfxmenu and choosing to boot the Xen hypervisor from its + menu, an error occurred: + + error: ../../grub-core/video/bitmap_scale.c:42:null src bitmap in grub_video_create_scaled. + + The error is returned by grub_video_bitmap_create_scaled() when the + source pixmap is not there. The init_background() uses it to scale up + the background image so it can fully fit into the screen resolution. + + However not all backgrounds are set by a image, i.e. the "desktop-image" + property of the theme file. Instead a color code may be used, for + example OpenSUSE's green background uses "desktop-color" property: + + desktop-color: "#0D202F" + + So it is absolutely fine to call init_background() without a raw pixmap + if color code is used. A missing check has to be added to ensure the + grub_errno will not be erroneously set and gets in the way of ensuing + boot process. + + The reason it happens sporadically is due to grub_errno is reset to + GRUB_ERR_NONE in other places if a function's error return can be + ignored. In particular this hunk in grub_gfxmenu_create_box() does the + majority of the reset of grub_errno returned by init_background(), but + the path may not be always chosen. + + grub_video_bitmap_load (&box->raw_pixmaps[i], path); + grub_free (path); + + /* Ignore missing pixmaps. */ + grub_errno = GRUB_ERR_NONE; + + In any case, we cannot account on such random behavior and should only + return grub_errno if it is justified. + + On the occasion move the grub_video_bitmap struct definition to the + beginning of the function. + + Reviewed-by: Daniel Kiper + +2024-04-11 Jon DeVree + + fs/xfs: Handle non-continuous data blocks in directory extents + The directory extent list does not have to be a continuous list of data + blocks. When GRUB tries to read a non-existant member of the list, + grub_xfs_read_file() will return a block of zero'ed memory. Checking for + a zero'ed magic number is sufficient to skip this non-existant data block. + + Prior to commit 07318ee7e (fs/xfs: Fix XFS directory extent parsing) + this was handled as a subtle side effect of reading the (non-existant) + tail data structure. Since the block was zero'ed the computation of the + number of directory entries in the block would return 0 as well. + + Fixes: 07318ee7e (fs/xfs: Fix XFS directory extent parsing) + Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2254370 + + Reviewed-By: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2024-02-15 Julian Andres Klode + + Revert "templates: Reinstate unused version comparison functions with warning" + We reinstated these functions before the 2.12 release with a warning + such that users upgrading to 2.12 who had custom scripts using them + would not get broken in the upgrade and agreed to remove them after + the 2.12 release. This removes them accordingly. + + This reverts commit e7a831963 (templates: Reinstate unused version + comparison functions with warning). + + Cc: Mathieu Desnoyers + Cc: Daniel Kiper + Reviewed-by: Daniel Kiper + +2024-02-15 Gary Lin + + util/bash-completion: Load scripts on demand + There are two system directories for bash-completion scripts. One is + /usr/share/bash-completion/completions/ and the other is + /etc/bash_completion.d/. The "etc" scripts are loaded in advance and + for backward compatibility while the "usr" scripts are loaded on demand. + To load scripts on demand it requires a corresponding script for every + command. So, the main bash-completion script is split into several + subscripts for different "grub-*" commands. To share the code the real + completion functions are still implemented in "grub" and each + subscript sources "grub" and invokes the corresponding function. + + Reviewed-by: Daniel Kiper + +2024-01-25 Samuel Thibault + + util/grub.d/10_hurd.in: Find proper ld.so on 64-bit systems + The 64-bit ABI defines ld.so to be /lib/ld-x86-64.so.1. + + Reviewed-by: Daniel Kiper + +2024-01-25 Samuel Thibault + + osdep/hurd/getroot: Fix 64-bit build + The file_get_fs_options() takes a mach_msg_type_number_t, 32-bit, + not a size_t, 64-bit on 64-bit platforms. + + Reviewed-by: Vladimir Serbinenko + Reviewed-by: Daniel Kiper + +2024-01-25 Alec Brown + + loader/i386/multiboot_mbi: Clean up redundant code + In grub-core/loader/i386/multiboot_mbi.c, Coverity spotted redundant code where + the variable err was being set to GRUB_ERR_NONE and then being overwritten + later without being used. Since this is unnecessary, we can remove the code + that sets err to GRUB_ERR_NONE. + + Fixes: CID 428877 + + Reviewed-by: Daniel Kiper + +2024-01-25 Alec Brown + + osdep/unix/getroot: Clean up redundant code + In grub-core/osdep/unix/getroot.c, Coverity spotted redundant code where the + double pointer os_dev was being set to 0 and then being overwritten later + without being used. Since this is unnecessary, we can remove the code that + sets os_dev to 0. + + Fixes: CID 428875 + + Reviewed-by: Daniel Kiper + +2024-01-25 Alec Brown + + fs/jfs: Clean up redundant code + In grub-core/fs/jfs.c, Coverity spotted redundant code where the pointer diro + was being set to 0 and then being overwritten later without being used. Since + this is unnecessary, we can remove the code that sets diro to 0. + + Fixes: CID 428876 + + Reviewed-by: Daniel Kiper + +2024-01-25 Gary Lin + + tests: Switch password quality check off for luks2 test + When adding/changing the password for the luks2 partition, cryptsetup + may reject the command due to the weak password. Since this is only for + testing, add "--force-password" to switch password quality check off to + avoid the unexpected failure. + + Reviewed-by: Glenn Washburn + Reviewed-by: Daniel Kiper + +2023-12-22 Oskari Pirhonen + + build: Include grub-core/extra_deps.lst in dist + Fixes build failure due to the extra_deps.lst file not existing in the + tarball. Found while trying to package GRUB 2.12 for Gentoo. + + make[3]: *** No rule to make target '/var/tmp/portage/sys-boot/grub-2.12/work/grub-2.12/grub-core/extra_deps.lst', needed by 'syminfo.lst'. Stop. + + Fixes: 89fbe0cac (grub-core/Makefile.am: Make path to extra_deps.lst relative to $(top_srcdir)/grub-core) + Fixes: 154dcb1ae (build: Allow explicit module dependencies) + + Reviewed-by: Daniel Kiper + +2023-12-20 Daniel Kiper + + Bump version to 2.13 + + Release 2.12 + +2023-12-20 Glenn Washburn + + efi: Add support for reproducible builds + Having randomly generated bytes in the binary output breaks reproducible + builds. Since build timestamps are usually the source of irreproducibility + there is a standard which defines an environment variable SOURCE_DATE_EPOCH + to be used when set for build timestamps. According to the standard [1], the + value of SOURCE_DATE_EPOCH is a base-10 integer of the number of seconds + since the UNIX epoch. Currently, this is a 10 digit number that fits into + 32-bits, but will not shortly after the year 2100. So to be future-proof + only use the least significant 32-bits. On 64-bit architectures, where the + canary is also 64-bits, there is an extra 32-bits that can be filled to + provide more entropy. The first byte is NUL to filter out string buffer + overflow attacks and the remaining 24-bits are set to static random bytes. + + [1] https://reproducible-builds.org/specs/source-date-epoch + + Reviewed-by: Daniel Kiper + +2023-12-20 Glenn Washburn + + efi: Generate stack protector canary at build time if urandom is available + Generating the canary at build time allows the canary to be different for + every build which could limit the effectiveness of certain exploits. + Fallback to the statically generated random bytes if /dev/urandom is not + readable, e.g. Windows. + + On 32-bit architectures, which use a 32-bit canary, reduce the canary to + 4 bytes with one byte being NUL to filter out string buffer overflow attacks. + + Reviewed-by: Daniel Kiper + +2023-12-20 Glenn Washburn + + efi: Initialize canary to non-zero value + The canary, __stack_chk_guard, is in the BSS and so will get initialized to + zero if it is not explicitly initialized. If the UEFI firmware does not + support the RNG protocol, then the canary will not be randomized and will + be zero. This seems like a possibly easier value to write by an attacker. + Initialize canary to static random bytes, so that it is still random when + there is no RNG protocol. Set at least one byte to NUL to protect against + string buffer overflow attacks [1]. Code that writes NUL terminated strings + will terminate when a NUL is encountered in the input byte stream. So the + attacker will not be able to forge the canary by including it in the input + stream without terminating the string operation and thus limiting the + stack corruption. + + [1] https://www.sans.org/blog/stack-canaries-gingerly-sidestepping-the-cage/ + + Reviewed-by: Daniel Kiper + +2023-12-14 Alec Brown + + gfxmenu/gui_image: Fix double free of bitmap + In grub-core/gfxmenu/gui_image.c, Coverity detected a double free in the + function load_image(). The function checks if self->bitmap and self->raw_bitmap + aren't NULL and then frees them. In the case self->bitmap and self->raw_bitmap + are the same, only self->raw_bitmap is freed which would also free the memory + used by self->bitmap. However, in this case self->bitmap isn't being set to NULL + which could lead to a double free later in the code. After self->raw_bitmap is + freed, it gets set to the variable bitmap. If this variable is NULL, the code + could have a path that would free self->bitmap a second time in the function + rescale_image(). + + Fixes: CID 292472 + + Reviewed-by: Daniel Kiper + +2023-12-13 Qiumiao Zhang + + commands/acpi: Fix calculation of ACPI tables addresses when processing RSDT and XSDT + According to the ACPI specification the XSDT Entry field contains an array + of 64-bit physical addresses which points to other DESCRIPTION_HEADERs. However, + the entry_ptr iterator is defined as a 32-bit pointer. It means each 64-bit + entry in the XSDT table is treated as two separate 32-bit entries then. Fix the + issue by using correct addresses sizes when processing RSDT and XSDT tables. + + Reviewed-by: Daniel Kiper + +2023-12-13 Vladimir Serbinenko + + libnvpair: Support prefixed nvlist symbol names as found on NetBSD + NetBSD uses slightly different function names for the same functions. + + Reviewed-by: Daniel Kiper + +2023-12-13 Vladimir Serbinenko + + bootstrap: Don't check gettext version + NetBSD gettext is older than the check but we don't actually need 0.18.3, + older one works fine. This is needed to make bootstrap work on NetBSD. + + Reviewed-by: Daniel Kiper + +2023-12-13 Vladimir Serbinenko + + kern/mm: Use %x and cast for displaying sizeof() + There is some variance in how compiler treats sizeof() especially + on 32-bit platforms where it can be naturally either int or long. + Explicit cast solves the issue. + + Reviewed-by: Daniel Kiper + +2023-12-13 Vladimir Serbinenko + + configure: Add RPATH for freetype on NetBSD + Without this build-time mkfont fails dynamic linking. This is not ideal + but improves the situation until a better solution is available. + + Reviewed-by: Daniel Kiper + +2023-12-13 Vladimir Serbinenko + + configure: Add *BSD font paths + *BSD puts fonts in other places. Add them to the list. + + Reviewed-by: Daniel Kiper + +2023-12-13 Vladimir Serbinenko + + autogen: Accept python3.10 as a python alternative + NetBSD doesn't provide python or python3. + + Reviewed-by: Daniel Kiper + +2023-12-12 Vladimir Serbinenko + + build: Rename HAVE_LIBZFS to USE_LIBZFS + The HAVE_LIBZFS is defined by libzfs test and hence conflicts with + manual definition. On NetBSD it ends up detecting zfs but not detecting + nvpair and creates confusion. Split them. + + Reviewed-by: Daniel Kiper + +2023-12-12 Vladimir Serbinenko + + gnulib: Tolerate always_inline attribute being ignored + It's not critical, -Werror on it is inappropriate. We don't want to + modify gnulib too much. This warning is pretty much irrelevant. + + Reviewed-by: Daniel Kiper + +2023-12-12 Vladimir Serbinenko + + util/editenv: Don't use %m formatter + It's not available on NetBSD outside of syslog. Using strerror() is more + reliable as we retrieve errno immediately rather than down the stack. + + Reviewed-by: Daniel Kiper + +2023-12-12 Vladimir Serbinenko + + osdep/bsd/hostdisk: Fix NetBSD compilation + Wrong function and variable name cause a stupid compilation error on + NetBSD and OpenBSD. Only NetBSD and OpenBSD use this file. No other + platform is affected. + + Additionally, define RAW_FLOPPY_MAJOR constant if it is missing. + + Reviewed-by: Daniel Kiper + +2023-12-12 Vladimir Serbinenko + + osdep/generic/blocklist: Fix compilation + After recent change in blocklist types we have a type mismatch. Fixing it + requires a wrapper or large changes. I feel like wrapper makes more sense. + + Without this patch we end up with a compilation problem and without wrapping + callback data is not passed properly anymore. + + Reviewed-by: Daniel Kiper + +2023-12-12 Vladimir Serbinenko + + disk/diskfilter: Remove unused variable + Variable e is set but never used. We can just remove it now. + + Reviewed-by: Daniel Kiper + +2023-12-12 Vladimir Serbinenko + + build: Tolerate unused-but-set in generated lexer/bison files + We don't really control the small aspects of generated files and NetBSD + version has an unused variable that is then detected by gcc as warning + that is then promoted to error. + + Reviewed-by: Daniel Kiper + +2023-12-12 Vladimir Serbinenko + + loader/i386/bsdXX: Fix loading after unaligned module + Current code implicitly assumes that aligning chunk_size + *kern_end is + the same as aligning on curload which is not the case because + chunk_size starts at zero even if *kern_end is unaligned and ALIGN_PAGE + moved curload to an aligned position but not *kern_end + chunk_size. + + This fixes booting of FreeBSD with zfs module. + + Reviewed-by: Daniel Kiper + +2023-12-12 Mate Kukri + + grub-core/Makefile.am: Make path to extra_deps.lst relative to $(top_srcdir)/grub-core + The commit 154dcb1ae (build: Allow explicit module dependencies) broke + out of tree builds by introducing the extra_deps.lst file into the + source tree but referencing it just by name in grub-core/Makefile.am. + Fix it by adding $(top_srcdir)/grub-core to the path. + + Fixes: 154dcb1ae (build: Allow explicit module dependencies) + + Reviewed-by: Daniel Kiper + +2023-12-12 Mate Kukri + + util/grub-install: Move platdir path canonicalization after files were copied to grubdir + The commit 3f9eace2d (util/grub-install: Delay copying files to + {grubdir,platdir} after install_device was validated) delaying + copying of files caused a regression when installing without an + existing directory structure. + + This patch ensures that the platform directory actually exists by the + time the code tries to canonicalize its filename. + + Fixes: 3f9eace2d (util/grub-install: Delay copying files to {grubdir,platdir} after install_device was validated) + + Reviewed-by: Daniel Kiper + +2023-12-12 Michael Chang + + util/grub-mkstandalone: Ensure deterministic tar file creation by sorting contents + The add_tar_files() function currently iterates through a directory's + content using readdir(), which doesn't guarantee a specific order. This + lack of deterministic behavior impacts reproducibility in the build process. + + This commit resolves the issue by introducing sorting functionality. + The list retrieved by readdir() is now sorted alphabetically before + incorporation into the tar archive, ensuring consistent and predictable + file ordering within the archive. + + On the occasion fix tfp memory leak. + + Reviewed-by: Daniel Kiper + +2023-12-12 Michael Chang + + util/grub-mkstandalone: Ensure stable timestamps for generated images + This change mirrors a previous fix [1] but is specific to images + generated by grub-mkstandalone. + + The former fix, commit 85a7be241 (util/mkimage: Use stable timestamp + when generating binaries.), focused on utilizing a stable timestamp + during binary generation in the util/mkimage context. This commit + extends that approach to the images produced by grub-mkstandalone, + ensuring consistency and stability in timestamps across all generated + binaries. + + [1] 85a7be241 util/mkimage: Use stable timestamp when generating binaries. + + Reviewed-by: Daniel Kiper + +2023-12-05 Mate Kukri + + net/http: Fix gcc-13 errors relating to type signedness + Replace definition of HTTP_PORT with a pre-processor macro that converts + the constant to the correct grub_uint16_t type. + + Change "port" local variable definition in http_establish() to have the + same type. + + Reviewed-by: Daniel Kiper + + templates: Reinstate unused version comparison functions with warning + Revert the commit a79c567f6 (templates: Remove unused version comparison + functions) and add a warning to the functions that they are deprecated. + + Removing the functions directly caused a lot of upgrade issues + with custom user scripts that called the functions. In Debian and + Ubuntu, grub-mkconfig is invoked as a post-installation script + and would fail, causing upgrades to fail halfway through and + putting the package manager into an inconsistent state. + + FWIW, we get one bug per 2 weeks basically, for an interim Ubuntu + release which generally does not receive much usage, that is a high + number. + + The proposal is to pick this for 2.12 and directly after the release + remove it again. Then users will have time to fix their scripts without + systems breaking immediately. + + This reverts commit a79c567f6 (templates: Remove unused version + comparison functions). + + Cc: Mathieu Desnoyers + Cc: Daniel Kiper + Reviewed-by: Daniel Kiper + +2023-12-05 Mate Kukri + + util/grub-install: Delay copying files to {grubdir,platdir} after install_device was validated + Previously grub-install copied modules to grubdir before doing any + validation on the install_device. + + When grub-install was called with an invalid install_device, modules + were already copied to /boot before it found out and was forced to rely + on atexit() rollback. + + This patch delays copying the modules after at least some install_device + validation was done, and thus reduces reliance on successful rollback. + + Reviewed-by: Daniel Kiper + +2023-12-05 Julian Andres Klode + + efi: Set shim_lock_enabled even if validation is disabled + If validation has been disabled via MokSbState, secure boot on the + firmware is still enabled, and the kernel fails to boot. + + This is a bit hacky, because shim_lock is not *fully* enabled, but + it triggers the right code paths. + + Ultimately, all this will be resolved by shim gaining it's own image + loading and starting protocol, so this is more a temporary workaround. + + Fixes: 6425c12cd (efi: Fallback to legacy mode if shim is loaded on x86 archs) + + Cc: Peter Jones + Cc: Michael Chang + Reviewed-by: Daniel Kiper + +2023-12-05 Oliver Steffen + + docs: Improve bli module documentation + Improve the documentation of the bli module and explain in more detail what + it does. Make clear that GPT formatted drives are expected and other + partition formats are ignored. Also reorder and reword this section a bit. + + Reviewed-by: Daniel Kiper + +2023-12-05 Oliver Steffen + + bli: Add explicit dependency on the part_gpt module + The bli module has a "hidden" dependency on the part_gpt module, which + is not picked up automatically by the build system. One purpose of the + bli module is to communicate the GPT UUID of the partition GRUB was + launched from to Linux user-space (systemd-gpt-auto-generator). + Without the part_gpt module, bli is not able to obtain the UUID. Since + bli does its work in the module initialization function, the order in + which the modules are loaded is also important: part_gpt needs to be + loaded before the bli module. + + To solve this, track this dependency explicitly. + + Note that the Boot Loader Interface specification, which bli aims to + implement, requires GPT formatted drives. The bli module ignores all + other partition formats. + + Reviewed-by: Daniel Kiper + +2023-12-05 Oliver Steffen + + build: Allow explicit module dependencies + The build system deduces inter-module dependencies from the symbols + required and exported by the modules. This works well, except for some + rare cases where the dependency is indirect or hidden. A module might + not make use of any function of some other module, but still expect its + functionality to be available to GRUB. + + To solve this, introduce a new file, currently empty, called extra_deps.lst + to track these cases manually. This file gets processed in the same way + as the automatically generated syminfo.lst, making it possible to inject + data into the dependency resolver. + + Since *.lst files are set to be ignored by git, add an exception for + extra_deps.lst. + + Additionally, introduce a new keyword for the syminfo.lst syntax: + "depends" allows specifying a module dependency directly: + + depends ... + + Reviewed-by: Daniel Kiper + +2023-12-05 Stefan Berger + + kern/ieee1275/init/ppc64: Display upper_mem_limit when debugging + Display upper_mem_limit and its rounded-down value in MiB. + + Reviewed-by: Daniel Kiper + +2023-12-05 Stefan Berger + + kern/ieee1275/init/ppc64: Fix a comment + Reviewed-by: Daniel Kiper + +2023-12-05 Stefan Berger + + kern/ieee1275/ieee1275: Display successful memory claims when debugging + Display successful memory claims with exact address and rounded-down + MiB location and rounded-up size in MiB. + + Reviewed-by: Daniel Kiper + Cc: Eric Snowberg + Cc: Hari Bathini + Cc: Pavithra Prakash + Cc: Michael Ellerman + Cc: Carolyn Scherrer + Cc: Mahesh Salgaonkar + Cc: Sourabh Jain + +2023-12-05 Stefan Berger + + loader/powerpc/ieee1275: Use new allocation function for kernel and initrd + On PowerVM and KVM on Power use the new memory allocation function that + honors restrictions on which memory GRUB can actually use. In the request + structure indicate the request for a single memory block along with + address alignment restrictions. Request direct usage of the memory block + by setting init_region to false (prevent it from being added to GRUB's + heap). Initialize the found addr to -1, so that -1 will be returned + to the loader in case no memory could be allocated. + + Report an out-of-memory error in case the initrd could not be loaded. + + Reviewed-by: Daniel Kiper + Cc: Hari Bathini + Cc: Pavithra Prakash + Cc: Michael Ellerman + Cc: Carolyn Scherrer + Cc: Mahesh Salgaonkar + Cc: Sourabh Jain + +2023-12-05 Stefan Berger + + kern/ieee1275/cmain/ppc64: Introduce flags to identify KVM and PowerVM + Introduce flags to identify PowerVM and KVM on Power and set them where + each type of host has been detected. + + Reviewed-by: Daniel Kiper + Cc: Hari Bathini + Cc: Pavithra Prakash + Cc: Michael Ellerman + Cc: Carolyn Scherrer + Cc: Mahesh Salgaonkar + Cc: Sourabh Jain + +2023-12-05 Stefan Berger + + kern/ieee1275/init/ppc64: Rename regions_claim() to grub_regions_claim() + Rename regions_claim() to grub_regions_claim() to make it available for + memory allocation. The ieee1275 loader will use this function on PowerVM + and KVM on Power and thus avoid usage of memory that it is not allowed + to use. + + Reviewed-by: Daniel Kiper + Cc: Hari Bathini + Cc: Pavithra Prakash + Cc: Michael Ellerman + Cc: Carolyn Scherrer + Cc: Mahesh Salgaonkar + Cc: Sourabh Jain + +2023-12-05 Stefan Berger + + kern/ieee1275/init/ppc64: Add support for alignment requirements + Add support for memory alignment requirements and adjust a candidate + address to it before checking whether the block is large enough. This + must be done in this order since the alignment adjustment can make + a block smaller than what was requested. + + None of the current callers has memory alignment requirements but the + ieee1275 loader for kernel and initrd will use it to convey them. + + Reviewed-by: Daniel Kiper + Cc: Hari Bathini + Cc: Pavithra Prakash + Cc: Michael Ellerman + Cc: Carolyn Scherrer + Cc: Mahesh Salgaonkar + Cc: Sourabh Jain + +2023-12-05 Stefan Berger + + kern/ieee1275/init/ppc64: Return allocated address using context + Return the allocated address of the memory block in the request structure + if a memory allocation was actually done. Leave the address untouched + otherwise. This enables a caller who wants to use the allocated memory + directly, rather than adding the memory to the heap, to see where memory + was allocated. None of the current callers need this but the converted + ieee1275 loader will make use of it. + + Reviewed-by: Daniel Kiper + Cc: Hari Bathini + Cc: Pavithra Prakash + Cc: Michael Ellerman + Cc: Carolyn Scherrer + Cc: Mahesh Salgaonkar + Cc: Sourabh Jain + +2023-12-05 Stefan Berger + + kern/ieee1275/init/ppc64: Decide by request whether to initialize region + Let the regions_claim() request structure's init_region determine whether + to call grub_mm_init_region() on it. This allows for adding memory to + GRUB's memory heap if init_region is set to true, or direct usage of the + memory otherwise. Set all current callers' init_region to true since they + want to add memory regions to GRUB's heap. + + Reviewed-by: Daniel Kiper + Cc: Hari Bathini + Cc: Pavithra Prakash + Cc: Michael Ellerman + Cc: Carolyn Scherrer + Cc: Mahesh Salgaonkar + Cc: Sourabh Jain + +2023-12-05 Stefan Berger + + kern/ieee1275/init/ppc64: Introduce a request for regions_claim() + The regions_claim() function limits the allocation of memory regions + by excluding certain memory areas from being used by GRUB. This for + example includes a gap between 640MB and 768MB as well as an upper + limit beyond which no memory may be used when an fadump is present. + However, the ieee1275 loader for kernel and initrd currently does not + use regions_claim() for memory allocation on PowerVM and KVM on Power + and therefore may allocate memory in those areas that it should not use. + + To make the regions_claim() function more flexible and ultimately usable + for the ieee1275 loader, introduce a request structure to pass various + parameters to the regions_claim() function that describe the properties + of requested memory chunks. In a first step, move the total and flags + variables into this structure. + + Reviewed-by: Daniel Kiper + Cc: Hari Bathini + Cc: Pavithra Prakash + Cc: Michael Ellerman + Cc: Carolyn Scherrer + Cc: Mahesh Salgaonkar + Cc: Sourabh Jain + +2023-11-22 Anthony Iliopoulos + + fs/xfs: Add large extent counters incompat feature support + XFS introduced 64-bit extent counters for inodes via a series of + upstream commits and the feature was marked as stable in v6.5 via + commit 61d7e8274cd8 (xfs: drop EXPERIMENTAL tag for large extent + counts). + + Further, xfsprogs release v6.5.0 switched this feature on by default + in mkfs.xfs via commit e5b18d7d1d96 (mkfs: enable large extent counts + by default). + + Filesystems formatted with large extent count support, nrext64=1, are + thus currently not recognizable by GRUB, since this is an incompat + feature. Add the required support so that those filesystems and inodes + with large extent counters can be read by GRUB. + + Reviewed-by: Andrey Albershteyn + Reviewed-by: Daniel Kiper + Tested-by: Marta Lewandowska + Tested-by: Sebastian Andrzej Siewior + +2023-11-08 Vladimir Serbinenko + + gpt: Add compile time asserts for guid and gpt_partentry sizes + With new alignment specification it's easy to screw up. Fortunately if it + happens the size will be bigger than intended. Compile time assert will catch + this. + + Reviewed-by: Daniel Kiper + +2023-11-08 Vladimir Serbinenko + + types: Split aligned and packed guids + On ia64 alignment requirements are strict. When we pass a pointer to + UUID it needs to be at least 4-byte aligned or EFI will crash. + On the other hand in device path there is no padding for UUID, so we + need 2 types in one formor another. Make 4-byte aligned and unaligned types + + The code is structured in a way to accept unaligned inputs + in most cases and supply 4-byte aligned outputs. + + Efiemu case is a bit ugly because there inputs and outputs are + reversed and so we need careful casts to account for this + inversion. + + Reviewed-by: Daniel Kiper + +2023-11-06 Vladimir Serbinenko + + gpt_partition: Mark grub_gpt_partentry as having natural alignment + gpt_partition contains grub_guid. We need to decide whether the whole + structure is unaligned and then we need to use packed_guid. But we never + have unaligned part entries as we read them in an aligned buffer from disk. + Hence just make it all aligned. + +2023-11-06 Vladimir Serbinenko + + efi: Deduplicate configuration table search function + We do table search in many places doing exactly the same algorithm. + The only minor variance in users is which table is used if several entries + are present. As specification mandates uniqueness and even if it ever isn't, + first entry is good enough, unify this code and always use the first entry. + + Reviewed-by: Daniel Kiper + +2023-11-06 Vladimir Serbinenko + + lsefi: Add missing static qualifier + known_protocols isn't used anywhere else and even misses grub_ prefix, so + let's make it local (static). + + Reviewed-by: Daniel Kiper + +2023-11-06 Vladimir Serbinenko + + types: Fix typo + Just a small grammar mistake. + + Reviewed-by: Daniel Kiper + +2023-10-30 Qiumiao Zhang + + util/grub-mount: Check file path sanity + The function argp_parser() in util/grub-mount.c lacks a check on the + sanity of the file path when parsing parameters. This results in + a segmentation fault if a partition is mounted to a non-existent path. + + Reviewed-by: Daniel Kiper + +2023-10-30 Richard Marko + + configure: Make the DJVU_FONT_SOURCE configurable with --with-dejavufont=FILE + Font might be located in different location, the default font might + not be available on all systems or other font might be preferred. + + Reviewed-by: Daniel Kiper + +2023-10-30 Mads Kiilerich + + configure: Make the Unifont FONT_SOURCE configurable with --with-unifont=FILE + Font might be located in different location, the default font might + not be available on all systems or other font might be preferred. + + Reviewed-by: Daniel Kiper + +2023-10-30 Jon DeVree + + fs/xfs: Fix XFS directory extent parsing + The XFS directory entry parsing code has never been completely correct + for extent based directories. The parser correctly handles the case + where the directory is contained in a single extent, but then mistakenly + assumes the data blocks for the multiple extent case are each identical + to the single extent case. The difference in the format of the data + blocks between the two cases is tiny enough that its gone unnoticed for + a very long time. + + A recent change introduced some additional bounds checking into the XFS + parser. Like GRUB's existing parser, it is correct for the single extent + case but incorrect for the multiple extent case. When parsing a directory + with multiple extents, this new bounds checking is sometimes (but not + always) tripped and triggers an "invalid XFS directory entry" error. This + probably would have continued to go unnoticed but the /boot/grub/ + directory is large enough that it often has multiple extents. + + The difference between the two cases is that when there are multiple + extents, the data blocks do not contain a trailer nor do they contain + any leaf information. That information is stored in a separate set of + extents dedicated to just the leaf information. These extents come after + the directory entry extents and are not included in the inode size. So + the existing parser already ignores the leaf extents. + + The only reason to read the trailer/leaf information at all is so that + the parser can avoid misinterpreting that data as directory entries. So + this updates the parser as follows: + + For the single extent case the parser doesn't change much: + 1. Read the size of the leaf information from the trailer + 2. Set the end pointer for the parser to the start of the leaf + information. (The previous bounds checking set the end pointer to the + start of the trailer, so this is actually a small improvement.) + 3. Set the entries variable to the expected number of directory entries. + + For the multiple extent case: + 1. Set the end pointer to the end of the block. + 2. Do not set up the entries variable. Figuring out how many entries are + in each individual block is complex and does not seem worth it when + it appears to be safe to just iterate over the entire block. + + The bounds check itself was also dependent upon the faulty XFS parser + because it accidentally used "filename + length - 1". Presumably this + was able to pass the fuzzer because in the old parser there was always + 8 bytes of slack space between the tail pointer and the actual end of + the block. Since this is no longer the case the bounds check needs to be + updated to "filename + length + 1" in order to prevent a regression in + the handling of corrupt fliesystems. + + Notes: + * When there is only one extent there will only ever be one block. If + more than one block is required then XFS will always switch to holding + leaf information in a separate extent. + * B-tree based directories seems to be parsed properly by the same code + that handles multiple extents. This is unlikely to ever occur within + /boot though because its only used when there are an extremely large + number of directory entries. + + Fixes: ef7850c75 (fs/xfs: Fix issues found while fuzzing the XFS filesystem) + Fixes: b2499b29c (Adds support for the XFS filesystem.) + Fixes: https://savannah.gnu.org/bugs/?64376 + + Reviewed-by: Daniel Kiper + Tested-by: Sebastian Andrzej Siewior + Tested-by: Marta Lewandowska + +2023-10-30 Lidong Chen + + fs/xfs: Incorrect short form directory data boundary check + After parsing of the current entry, the entry pointer is advanced + to the next entry at the end of the "for" loop. In case where the + last entry is at the end of the data boundary, the advanced entry + pointer can point off the data boundary. The subsequent boundary + check for the advanced entry pointer can cause a failure. + + The fix is to include the boundary check into the "for" loop + condition. + + Reviewed-by: Daniel Kiper + Tested-by: Sebastian Andrzej Siewior + Tested-by: Marta Lewandowska + +2023-10-12 Vladimir 'phcoder' Serbinenko + + Revert "zfsinfo: Correct a check for error allocating memory" + Original commit is wrong because grub_file_get_device_name() may return NULL + if we use implicit $root. Additionally, the grub_errno is guaranteed to be + GRUB_ERR_NONE at the beginning of a command. So, everything should work as + expected and Coverity report, CID 73668, WRT to this code should be treated + as false positive. + + This reverts commit 7aab03418 (zfsinfo: Correct a check for error allocating memory). + + Fixes: 7aab03418 (zfsinfo: Correct a check for error allocating memory) + + Reviewed-by: Daniel Kiper + +2023-10-12 ValdikSS + + disk/i386/pc/biosdisk: Read up to 63 sectors in LBA mode + Current code imposes limitations on the amount of sectors read in + a single call according to CHS layout of the disk even in LBA + read mode. There's no need to obey CHS layout restrictions for + LBA reads on LBA disks. It only slows down booting process. + + See: https://lore.kernel.org/grub-devel/d42a11fa-2a59-b5e7-08b1-d2c60444bb99@valdikss.org.ru/ + + Reviewed-by: Daniel Kiper + +2023-10-12 ValdikSS + + kern/i386/pc/init: Flush cache only on VIA C3 and earlier + The code flushes the cache on VIA processors unconditionally which + is excessive. Check for cpuid family and execute wbinvd only on C3 + and earlier. + + Fixes: https://savannah.gnu.org/bugs/?45149 + Fixes: 25492a0f0 (Add wbinvd around bios call.) + + Reviewed-by: Daniel Kiper + +2023-10-12 Fabian Vogt + + fs/btrfs: Zero file data not backed by extents + Implicit holes in file data need to be zeroed explicitly, instead of + just leaving the data in the buffer uninitialized. + + This led to kernels randomly failing to boot in "fun" ways when loaded + from btrfs with the no_holes feature enabled, because large blocks of + zeros in the kernel file contained random data instead. + + Reviewed-by: Daniel Kiper + Reviewed-by: Qu Wenruo + +2023-10-12 Stefan Berger + + kern/ieee1275/init: Restrict high memory in presence of fadump on ppc64 + When a kernel dump is present then restrict the high memory regions to + avoid allocating memory where the kernel dump resides. Use the + ibm,kernel-dump node under /rtas to determine whether a kernel dump + exists and up to which limit GRUB can use available memory. Set the + upper_mem_limit to the size of the kernel dump section of type + REAL_MODE_REGION and therefore only allow GRUB's memory usage for high + addresses from RMO_ADDR_MAX to upper_mem_limit. This means that GRUB can + use high memory in the range of RMO_ADDR_MAX (768MB) to upper_mem_limit + and the kernel-dump memory regions above upper_mem_limit remain + untouched. This change has no effect on memory allocations below + linux_rmo_save (typically at 640MB). + + Also, fall back to allocating below rmo_linux_save in case the chunk of + memory there would be larger than the chunk of memory above RMO_ADDR_MAX. + This can for example occur if a free memory area is found starting at 300MB + extending up to 1GB but a kernel dump is located at 768MB and therefore + does not allow the allocation of the high memory area but requiring to use + the chunk starting at 300MB to avoid an unnecessary out-of-memory condition. + + Reviewed-by: Hari Bathini + Cc: Pavithra Prakash + Cc: Michael Ellerman + Cc: Carolyn Scherrer + Cc: Mahesh Salgaonkar + Cc: Sourabh Jain + Reviewed-by: Daniel Kiper + +2023-10-12 Glenn Washburn + + tests/util/grub-shell: Enable RNG device to better test stack smashing + In certain firmwares, e.g. OVMF, the RNG protocol is not enabled unless + there is an RNG device. When not enabled, GRUB fails to initialize the + stack guard with random bytes. For testing, this is not a big issue, but + there have been bugs found in the initialization. So turn this on for EFI + platforms to catch any regressions. + + Reviewed-by: Daniel Kiper + +2023-10-12 Glenn Washburn + + kern/efi/init: Disable stack smashing protection on grub_efi_init() + GCC is electing to instrument grub_efi_init() to give it stack smashing + protection when configuring with --enable-stack-protector on the x86_64-efi + target. In the function prologue, the canary at the top of the stack frame + is set to the value of the stack guard. And in the epilogue, the canary is + checked to verify if it is equal to the guard and if not to call the stack + check fail function. The issue is that grub_efi_init() sets up the guard + by initializing it with random bytes, if the firmware supports the RNG + protocol. So in its prologue the canary will be set with the value of the + uninitialized guard, likely NUL bytes. Then the guard is initialized, and + finally the epilogue checks the canary against the guard, which will almost + certainly be different. This causes the code path for a smashed stack to be + taken, causing the machine to print out a message that stack smashing was + detected, wait 5 seconds, and then reboot. Disable grub_efi_init() + instrumentation so there is no stack smashing false positive generated. + + Reviewed-by: Daniel Kiper + +2023-10-12 Glenn Washburn + + disk/cryptodisk: Add support for LUKS2 in (proc)/luks_script + The sector size in bytes is added to each line and it is allowed to be + 6 decimal digits long, which covers the most common cases of 512 and 4096 + byte sectors with space for two additional digits as future-proofing. The + size allocation is updated to reflect this additional field. Also make + clearer the size allocation calculation. + + Reviewed-by: Daniel Kiper + +2023-10-12 Glenn Washburn + + disk/cryptodisk: Optimize luks_script_get() + Use the return value of grub_snprintf() to move the string pointer forward, + instead of incrementing the string pointer iteratively until a NULL byte is + reached. Move the space out of the format string argument, a small + optimization, but also makes the spacing clearer. Also, use the new + PRIxGRUB_OFFSET instead of PRIuGRUB_UINT64_T to accurately reflect the + format string for this type. + + Reviewed-by: Daniel Kiper + +2023-10-12 Glenn Washburn + + term/serial: Ensure proper NULL termination after grub_strncpy() + A large enough argument to the --port option could cause a string buffer + to be not NULL terminated because grub_strncpy() does not guarantee NULL + termination if copied string is longer than max characters to copy. + + Fixes: 712309eaae04 (term/serial: Use grub_strncpy() instead of grub_snprintf() when only copying string) + + Reviewed-by: Daniel Kiper + +2023-10-12 Heinrich Schuchardt + + commands/efi/lsefisystab: Print the UEFI specification revision in human readable form + E.g. 2.10 instead of 00020064 and 2.3.1 instead of 0002001f. + + See UEFI 2.10 specification, chapter 4.2.1 EFI_TABLE_HEADER. + + Reviewed-by: Daniel Kiper + +2023-10-03 Maxim Suhanov + + fs/ntfs: Make code more readable + Move some calls used to access NTFS attribute header fields into + functions with human-readable names. + + Suggested-by: Daniel Kiper + Reviewed-by: Daniel Kiper + +2023-10-03 Maxim Suhanov + + fs/ntfs: Fix an OOB read when parsing a volume label + This fix introduces checks to ensure that an NTFS volume label is always + read from the corresponding file record segment. + + The current NTFS code allows the volume label string to be read from an + arbitrary, attacker-chosen memory location. However, the bytes read are + always treated as UTF-16LE. So, the final string displayed is mostly + unreadable and it can't be easily converted back to raw bytes. + + The lack of this check is a minor issue, likely not causing a significant + data leak. + + Reported-by: Maxim Suhanov + Reviewed-by: Daniel Kiper + +2023-10-03 Maxim Suhanov + + fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes + This fix introduces checks to ensure that bitmaps for directory indices + are never read beyond their actual sizes. + + The lack of this check is a minor issue, likely not exploitable in any way. + + Reported-by: Maxim Suhanov + Reviewed-by: Daniel Kiper + +2023-10-03 Maxim Suhanov + + fs/ntfs: Fix an OOB read when parsing directory entries from resident and non-resident index attributes + This fix introduces checks to ensure that index entries are never read + beyond the corresponding directory index. + + The lack of this check is a minor issue, likely not exploitable in any way. + + Reported-by: Maxim Suhanov + Reviewed-by: Daniel Kiper + +2023-10-03 Maxim Suhanov + + fs/ntfs: Fix an OOB read when reading data from the resident $DATA attribute + When reading a file containing resident data, i.e., the file data is stored in + the $DATA attribute within the NTFS file record, not in external clusters, + there are no checks that this resident data actually fits the corresponding + file record segment. + + When parsing a specially-crafted file system image, the current NTFS code will + read the file data from an arbitrary, attacker-chosen memory offset and of + arbitrary, attacker-chosen length. + + This allows an attacker to display arbitrary chunks of memory, which could + contain sensitive information like password hashes or even plain-text, + obfuscated passwords from BS EFI variables. + + This fix implements a check to ensure that resident data is read from the + corresponding file record segment only. + + Fixes: CVE-2023-4693 + + Reported-by: Maxim Suhanov + Reviewed-by: Daniel Kiper + +2023-10-03 Maxim Suhanov + + fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for the $MFT file + When parsing an extremely fragmented $MFT file, i.e., the file described + using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer + containing bytes read from the underlying drive to store sector numbers, + which are consumed later to read data from these sectors into another buffer. + + These sectors numbers, two 32-bit integers, are always stored at predefined + offsets, 0x10 and 0x14, relative to first byte of the selected entry within + the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem. + + However, when parsing a specially-crafted file system image, this may cause + the NTFS code to write these integers beyond the buffer boundary, likely + causing the GRUB memory allocator to misbehave or fail. These integers contain + values which are controlled by on-disk structures of the NTFS file system. + + Such modification and resulting misbehavior may touch a memory range not + assigned to the GRUB and owned by firmware or another EFI application/driver. + + This fix introduces checks to ensure that these sector numbers are never + written beyond the boundary. + + Fixes: CVE-2023-4692 + + Reported-by: Maxim Suhanov + Reviewed-by: Daniel Kiper + +2023-10-03 Michael Chang + + kern/acpi: Skip NULL entries in RSDT and XSDT + During attempts to configure a serial console, a Page Fault Exception + and system reset were encountered, specifically on release 2.12~rc1. + This issue was not present in prior versions and seemed to affect only + a specific machine, potentially pointing to hardware or firmware flaw. + + After investigation, it was discovered that the invalid page access + occurred during the discovery of serial MMIO ports as specified by + ACPI's SPCR table [1]. The recent change uncovered an issue in GRUB's + ACPI driver. + + In certain cases, the XSDT/RSDT root table might contain a NULL entry as + a terminator, depending on how the tables are assembled. GRUB cannot + blindly trust the address in the root table to be valid and should + perform a sanity check for NULL entries. This patch introduces this + simple check. + + This fix is also inspired by a related Linux kernel fix [2]. + + [1] 7b192ec4c term/ns8250: Use ACPI SPCR table when available to configure serial + [2] 0f929fbf0 ACPICA: Tables: Add new mechanism to skip NULL entries in RSDT and XSDT. + + Reviewed-by: Daniel Kiper + +2023-10-03 Glenn Washburn + + util/grub-install-common: Print usable grub-mkimage command + When grub-install is run with the verbose option, it will print a log + message indicating the grub-mkimage command and arguments used. + GRUB no longer calls the grub-mkimage binary internally, however the + command logged is a command that if run should effectively be what + grub-install used. However, as this has changed some of the newer + options have been incorrectly added so that the printed command fails + when run separately. This change makes the displayed command run as + intended. + + Reviewed-by: Daniel Kiper + +2023-10-03 Glenn Washburn + + util/grub-install-common: Minor improvements to printing of grub-mkimage command + This is a preparatory patch to make the following patch less cluttered. The + only visible change made here is to not print extra spaces when either or + both --note or --disable-shim-lock are not given and to not print an extra + space at the end of the command. The latter is done by constructing the + trailing argument string with spaces in front of each argument rather than + trailing. The allocation of the argument string is made precise, which has + the benefit of saving a few bytes, but more importantly self-documenting + what the needed allocated bytes are. Also, unneeded braces are removed from + an if block. + + Reviewed-by: Daniel Kiper + +2023-10-03 Vladimir 'phcoder' Serbinenko + + lib/i386/relocator64: Fix 64-bit FreeBSD boot on BIOS + The commit 80948f532d (lib/i386/relocator64: Build fixes for i386) has + broken 64-bit FreeBSD boot on BIOS. This patch fixes the issue. + + Fixes: 80948f532d (lib/i386/relocator64: Build fixes for i386) + + Reviewed-by: Daniel Kiper + +2023-09-22 Anthony PERARD + + templates/linux_xen: Fix XSM entries generation + It turns out that setting $xen_version in linux_entry_xsm() override + $xen_version in the loop over $reverse_sorted_xen_list. This means + that only one entry per Xen version is going to enable XSM, but all + further entries are going to have "(XSM enabled)" in their titles + without enabling XSM. + + When a "xenpolicy-$xen_version" file was found for the current + $xen_version, it would overwrite $xen_version to add "(XSM enabled)" to + the menu entry title. Once updated, the next call to linux_entry_xsm() + would also have this modified $xen_version and would look for the file + "xenpolicy-*(XSM enabled)" and fail. + + Reviewed-by: Daniel Kiper + +2023-09-22 Xiaotian Wu + + loongarch: Eliminate cmodel compilation warnings + In the configure phase, the "-mcmodel=large" CFLAGS passed the test, but + because it has not been implemented in gcc, the following warning will + appear when compiling: + + gcc: warning: 'large' is not supported, now cmodel is set to 'normal' + + Reviewed-by: Daniel Kiper + +2023-09-22 Glenn Washburn + + configure: Enable -fno-omit-frame-pointer for backtrace module + The backtrace module is written assuming that the frame pointer is in %ebp. + By default, -Os optimization level is used, which enables the gcc option + -fomit-frame-pointer. This breaks the backtrace functionality. Enabling + this may cause an unnoticeable performance cost and virtually no size increase. + + The backtrace command on x86_64 and probably i386 is broken due to the + above rationale. I've not verified, but presumably the backtrace that used + to be printed for an unhandled CPU exception is also broken. Do any distros + handle this? + + Considering that, to my knowledge, no one has complained about this in the + over 13 years that -Os has been used, has this code actually been useful? + Is it worth disabling -fomit-frame-pointer? Though, I don't see much downside + right now in disabling it. Alternatively, we could disable/remove the + backtrace code. I think it would be nice to keep it and have it working. + + Nowadays, presumably QEMU makes the GDB stub rarely used as I imagine most + are developing in a virtual machines. Also, the GDB stub does not work in UEFI. + So, if anyone is using it on real hardware, they are doing so on pretty old + machines. The lack of a GDB stub does not seem to be a pain point because + no one has got it working on UEFI. + + This patch gets the backtrace command working on x86_64-efi in QEMU for me. + However, it hangs when run on my laptop. Not sure what's going on there. + + Reviewed-by: Daniel Kiper + +2023-09-22 Ard Biesheuvel + + loader/efi/linux: Implement x86 mixed mode using legacy boot + Recent mixed-mode Linux kernels, i.e., v4.0 or newer, can access EFI + runtime services at OS runtime even when the OS was not entered via the + EFI stub. This is because, instead of reverting back to the firmware's + segment selectors, GDTs and IDTs, the 64-bit kernel simply calls 32-bit + runtime services using compatibility mode, i.e., the same mode used for + 32-bit user space, without taking down all interrupt handling, exception + handling, etc. + + This means that GRUB's legacy x86 boot mode is sufficient to make use of + this: 32-bit i686 builds of GRUB can already boot 64-bit kernels in EFI + enlightened mode, but without going via the EFI stub, and provide all + the metadata that the OS needs to map the EFI runtime regions and call + EFI runtime services successfully. + + It does mean that GRUB should not attempt to invoke the firmware's + LoadImage()/StartImage() methods on kernel builds that it knows cannot + be started natively. So, add a check for this in the native EFI boot + path and fall back to legacy x86 mode in such cases. + + Note that in the general case, booting non-native images of the same + native word size, e.g., x64 EFI apps on arm64 firmware, might be + supported by means of emulation. So, let's only disallow images that use + a non-native word size. This will also permit booting i686 kernels on + x86_64 builds, although without access to runtime services, as this is + not supported by Linux. + + This change on top of 2.12-rc1 is sufficient to boot ordinary Linux + mixed mode builds and get full access to the EFI runtime services. + + Cc: Daniel Kiper + Cc: Steve McIntyre + Cc: Julian Andres Klode + Acked-by: Dimitri John Ledkov + Reviewed-by: Daniel Kiper + +2023-09-22 Ard Biesheuvel + + loader/i386/linux: Prefer entry in long mode when booting via EFI + The x86_64 Linux kernel can be booted in 32-bit mode, in which case the + startup code creates a set of preliminary page tables that map the first + 4 GiB of physical memory 1:1 and enables paging. This is a prerequisite + for 64-bit execution and can therefore only be implemented in 32-bit code. + + The x86_64 Linux kernel can also be booted in 64-bit mode directly: this + implies that paging is already enabled and it is the responsibility of + the bootloader to ensure that the active page tables cover the entire + loaded image, including its BSS space, the size of which is described in + the image's setup header. + + Given that the EFI spec mandates execution in long mode for x86_64 and + stipulates that all system memory is mapped 1:1, the Linux/x86 + requirements for 64-bit entry can be met trivially when booting on + x86_64 via EFI. So, enter via the 64-bit entry point in this case. + + This involves inspecting the xloadflags field in the setup header to + check whether the 64-bit entry point is supported. This field was + introduced in Linux version v3.8 (early 2013). + + This change ensures that all EFI firmware tables and other assets passed + by the firmware or bootloader in memory remain mapped and accessible + throughout the early startup code. + + Avoiding the drop out of long mode will also be needed to support + upcoming CPU designs that no longer implement 32-bit mode at all + (as recently announced by Intel [0]). + + [0] https://www.intel.com/content/www/us/en/developer/articles/technical/envisioning-future-simplified-architecture.html + + Cc: Daniel Kiper + Cc: Julian Andres Klode + Reviewed-by: Daniel Kiper + +2023-09-18 Vladimir Serbinenko + + ZFS: Check bonustype in addition to dnode type + Some dnodes are shared with properties zap. This is used + e.g. for quotas. Then dnode type is 0xc4 and GRUB stumbles on + this. Check bonus type and if it's ok then ignore dnode type mismatch + + Reviewed-by: Daniel Kiper + +2023-09-18 Vladimir Serbinenko + + ZFS: Don't iterate over null objsets + Reading them is harmless but useless as they are empty by definition + + Reviewed-by: Daniel Kiper + +2023-09-18 Vladimir Serbinenko + + ZFS: Fix invalid memcmp + We ended up comparing over unset values as we had dnode_phys on one side + and dnode on another + + Reviewed-by: Daniel Kiper + +2023-09-18 Vladimir Serbinenko + + ZFS: support inode type embed into its ID + This is a speedup used in some ZFS version. This trips GRUB and makes it + unable to access directories. Just skip it for now and revisit + if we ever need this speedup. + + Reviewed-by: Daniel Kiper + +2023-08-31 Heinrich Schuchardt + + video/efi_gop: Require shadow if PixelBltOnly + If the EFI graphics pixel format is PixelBltOnly, we cannot write directly + to the frame buffer. We need the shadow frame buffer which we copy via + the BitBlt operation to the hardware. + + If the pixel format is PixelBltOnly and allocation of the shadow frame + buffer fails, we must raise an error to signal that the EFI GOP protocol + is not usable. + + Reviewed-by: Daniel Kiper + +2023-08-31 Glenn Washburn + + docs: Add menu to prevent older makeinfo versions from failing + It has been reported that makeinfo version 4.13a complains and returns + error when menus for chapter structuring commands are not present. It + is also known that newer makeinfos, such as version 6.7, will create + default menus when needed. Since the menu will be created regardless, + explicitly create it to support older makeinfo versions. This also + enables building to be successful when an older makeinfo is installed + because in that case info files are attempted to be generated with the + "all" target. + + Reported-by: Olaf Hering + Reviewed-by: Daniel Kiper + Tested-by: Olaf Hering + +2023-08-31 Glenn Washburn + + docs: Use @ref instead of @xref + The @xref command is meant to be used at the beginning of a sentence + because its expansion creates a "See " prefix on all output formats, and + on older makeinfo versions is strict about enforcing a "." or "," after + the command. The @ref command has no such restriction and is just the + link, which allows more control over output. This also fixes an issue + where there was a repeated "see" in the output. + + Reported-by: Olaf Hering + Reviewed-by: Daniel Kiper + Tested-by: Olaf Hering + +2023-08-31 Glenn Washburn + + tests/util/grub-shell-luks-tester: Allow setting timeout + Allow using the envvar GRUB_SHELL_LUKS_TIMEOUT to change the default + timeout. If not specified, use value of GRUB_SHELL_DEFAULT_TIMEOUT. And + if that is not specified, fallback to original 600s timeout. + + Reviewed-by: Daniel Kiper + +2023-08-31 Glenn Washburn + + disk/cryptodisk: Fix missing change when updating to use grub_uuidcasecmp() + This was causing the cryptomount command to return failure even though + the crypto device was successfully added. Of course, this meant that any + script using the return code would behave unexpectedly. + + Fixes: 3cf2e848bc03 (disk/cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner) + + Suggested-by: Olaf Hering + Reviewed-by: Patrich Steinhardt + Reviewed-by: Daniel Kiper + +2023-08-31 Glenn Washburn + + kern/misc: Make grub_vsnprintf() C99/POSIX conformant + To comply with C99 and POSIX standards, snprintf() should return the + number of bytes that would be written to the string (excluding the + terminating NUL byte) if the buffer size was big enough. Before this + change, the return value was the minimum of the standard return and the + length of the buffer. Rarely is the return value of grub_snprintf() or + grub_vsnprintf() used with current code, and the few places where it is + used do not need to be changed. + + Reviewed-by: Daniel Kiper + +2023-08-31 Glenn Washburn + + tests: Add serial_test + This test is meant to test output via various serial devices. Currently, + only the PCI serial device is tested. + + Reviewed-by: Daniel Kiper + +2023-08-31 Glenn Washburn + + tests/util/grub-shell: Allow explicitly using other serial ports for output + While here, move "-qemu=*" case to be next to the "--qemu-opts=*" case. + This causes no change in logic, but is more logically located. + + Reviewed-by: Daniel Kiper + +2023-08-31 Glenn Washburn + + tests/util/grub-shell-luks-tester: Do not remove generated files when test fails to allow debugging + Reviewed-by: Daniel Kiper + + tests/util/grub-shell: Convert spaces to TABs + Reviewed-by: Daniel Kiper + +2023-08-14 Glenn Washburn + + commands/ls: Print "????????????" if unable to get file size + In long list mode, if the file can not be opened, the file is not printed. + Instead, print the file but print the size as "????????????". + + Reviewed-by: Daniel Kiper + +2023-08-14 Glenn Washburn + + commands/ls: Send correct dirname to print functions + For each non-directory path argument to the ls command, the full path was + being sent to the print functions, instead of the dirname. The long output + print function expected dirname to be the directory containing the file + and so could not open the file to get the file size because the generated + path was incorrect. This caused the output to be a blank line. + + Reviewed-by: Daniel Kiper + +2023-08-14 Glenn Washburn + + fs/archelp: If path given to grub_archelp_dir() is not a directory return error + Specifically, return GRUB_ERR_BAD_FILE_TYPE because this is what is + expected by the ls command when it is given a path to a non-directory. + This fixes a bug where calling ls with a list of non-directory paths + outputs a blank line for each such argument. + + Reviewed-by: Daniel Kiper + +2023-08-14 Glenn Washburn + + commands/videoinfo: Prevent crash when run while video driver already active + The videoinfo command will initialize all non-active video adapters. Video + drivers tend to zero out the global framebuffer object on initialization. + This is not a problem when there is no active video adapter. However, when + there is, then outputting to the video adapter will cause a crash because + methods in the framebuffer object are reinitialized. For example, this + command sequence will cause a crash. + + terminal_output --append gfxterm; videoinfo + + When running in a QEMU headless with GRUB built for the x86_64-efi target, + the first command initializes the Bochs video adapter, which, among + other things, sets the set_page() member function. Then when videoinfo is + run, all non-Bochs video adapters will be initialized, each one wiping + the framebuffer and thus setting set_page to NULL. Soon after the videoinfo + command finishes there will be a call to grub_refresh(), which will + ultimately call the framebuffer's set_page which will be NULL and cause + a crash when called. + + Reviewed-by: Daniel Kiper + +2023-08-14 Glenn Washburn + + docs: Improve initrd documentation + A list of improvements: + * Remove reference to "initial ramdisk" and replace with "initrd". This + then covers the case of ramdisk and ramfs, which is the usual method + with kernels 2.6 and newer. + * Add sentence with URL to initrd documentation Linux kernel. + * Add a section documenting how to have the initrd command generate + a new-style initrd via a specially crafted argument and include an example. + * Update initrd16 to refer to the initrd section and make note that + initrd16 is only on the pc platform. + + Reviewed-by: Oskari Pirhonen + Reviewed-by: Paul Menzel + Reviewed-by: Daniel Kiper + +2023-08-14 Glenn Washburn + + term/ns8250-spcr: Continue processing SPCR table even if revision is < 2 + According to commit 0231d00082 (ACPI: SPCR: Make SPCR available to x86) + to the Linux kernel, "On x86, many systems have a valid SPCR table but the + table version is not 2 so the table version check must be a warning." + + Reviewed-by: Benjamin Herrenschmidt + Reviewed-by: Daniel Kiper + +2023-08-14 Glenn Washburn + + docs: A note to cat that hexdump should be used for binary data + The cat command should not be used to print binary data because it can + show bytes not in the binary data and not show bytes that are in the data, + which can lead to confusion. This happens because cat does some processing + of the data stream, namely trying to decode substrings as UTF-8. + + Reviewed-by: Oskari Pirhonen + Reviewed-by: Daniel Kiper + +2023-08-14 Glenn Washburn + + docs: Document hexdump command + Reviewed-by: Oskari Pirhonen + Reviewed-by: Daniel Kiper + + docs: Group usage of user-space utilities into single chapter + Reviewed-by: Oskari Pirhonen + Reviewed-by: Daniel Kiper + +2023-08-14 Qiumiao Zhang + + util/grub-mount: Fix memory leak in fuse_getattr() + Reviewed-by: Daniel Kiper + +2023-08-14 Michał Grzelak + + configure: Fix SDL2 typo by referencing value + During configuration of SDL2, variable enable_grub_emu_sdl2 is checked + whether to throw an error message. However, error could not happen + because two unequal strings were compared. Fix this by referencing + value of enable_grub_emu_sdl2, not name. + + Fixes: 17d6ac1a7 (emu: Add SDL2 support) + + Reviewed-by: Julian Andres Klode + Reviewed-by: Daniel Kiper + Reviewed-by: Paul Menzel + +2023-08-14 Glenn Washburn + + docs: Add missing assumption + Also reword a prior sentence to be more clear. + + Fixes: 5a3d2b4742df (docs: Add debugging chapter to development documentation) + + Reviewed-by: Oskari Pirhonen + Reviewed-by: Daniel Kiper + +2023-08-14 Oskari Pirhonen + + util/grub.d/25_bli.in: Fix shebang on unmerged-usr + On an unmerged-usr system, grub-mkconfig errors out with the following + error due to /usr/bin/sh not existing: + + /usr/sbin/grub-mkconfig: /etc/grub.d/25_bli: /usr/bin/sh: bad interpreter: No such file or directory + + Use a /bin/sh shebang to fix the error as well as match the other + existing files. + + Fixes: 158a6583e (util/grub.d/25_bli.in: Activate bli module on EFI) + + Reviewed-by: Glenn Washburn + Reviewed-by: Daniel Kiper + Reviewed-by: Oliver Steffen + +2023-08-14 Glenn Washburn + + tests/util/grub-shell-luks-tester: Allow GRUB_SHELL_LUKS_DEFAULT_DEBUG and GRUB_TEST_DEFAULT_DEBUG to specify the debug level to grub-shell + Reviewed-by: Daniel Kiper + +2023-08-14 Glenn Washburn + + tests/util/grub-shell: Allow setting the value of debug regardless of its previous state + This allows an invocation of grub-shell to set the value of debug regardless + of the global default environment variable GRUB_SHELL_DEFAULT_DEBUG. + + Reviewed-by: Daniel Kiper + +2023-08-14 Glenn Washburn + + tests/util/grub-shell: Allow setting default timeout via GRUB_SHELL_DEFAULT_TIMEOUT envvar + Reviewed-by: Daniel Kiper + +2023-08-14 Glenn Washburn + + tests/util/grub-shell: Add --verbose to grub-mkrescue when $debug is greater than 2 + Since this is fairly verbose output, do not enable first level of debug + is turned on. + + Reviewed-by: Daniel Kiper + +2023-07-10 Daniel Kiper + + Release 2.12~rc1 + +2023-07-03 Daniel Kiper + + efi: Fallback to legacy mode if shim is loaded on x86 archs + The LoadImage() provided by the shim does not consult MOK when loading + an image. So, simply signature verification fails when it should not. + This means we cannot use Linux EFI stub to start the kernel when the + shim is loaded. We have to fallback to legacy mode on x86 architectures. + This is not possible on other architectures due to lack of legacy mode. + + This is workaround which should disappear when the shim provides + LoadImage() which looks up MOK during signature verification. + + On the occasion align constants in include/grub/efi/sb.h. + + Reviewed-by: Ard Biesheuvel + +2023-07-03 Daniel Kiper + + efi: Drop __grub_efi_api attribute from shim_lock->verify() function + ... because (surprisingly) it does not use specific EFI calling convention... + + Fixes: 6a080b9cd (efi: Add calling convention annotation to all prototypes) + + Reviewed-by: Ard Biesheuvel + +2023-07-03 Samuel Thibault + + templates: Start pci-arbiter before acpi on Hurd + acpi actually needs to access PCI, while pci-arbiter will not be making + use of ACPI, so we need to start acpi first. + + Reviewed-by: Daniel Kiper + +2023-07-03 Michał Grzelak + + configure.ac: Fix typo by adding missing $ + During configuration of SDL, variable enable_grub_emu_sdl is checked + whether to throw an error message. However, error could not happen + because two unequal strings were compared. Fix this by referencing + value of enable_grub_emu_sdl, not name. + + Fixes: 17d6ac1a7 (emu: Add SDL2 support) + + Reviewed-by: Daniel Kiper + +2023-07-03 Glenn Washburn + + docs: Minor corrections + When referring to initrd16 the link for initrd16 should be used, not a link + for initrd. Also, correct the spelling of additionally and add a comma after + it to correct its grammatical usage. + + Reviewed-by: Daniel Kiper + +2023-07-03 Glenn Washburn + + kern/misc: Add space after comma in function argument list + Reviewed-by: Daniel Kiper + + commands/regexp: Fix typo + Reviewed-by: Daniel Kiper + +2023-07-03 Glenn Washburn + + term/serial: Use grub_strncpy() instead of grub_snprintf() when only copying string + Using grub_strncpy() instead of grub_snprintf() is less overhead and + indicates clearly that the dest should be the same string as the source. + + Also fix indentation. + + Reviewed-by: Daniel Kiper + +2023-07-03 Glenn Washburn + + loader/linux: Print debug message for each generated newc path generated + Reviewed-by: Daniel Kiper + +2023-07-03 Glenn Washburn + + include/grub/types.h: Add PRI*GRUB_OFFSET and PRI*GRUB_DISK_ADDR + These are currently always the same as PRI*GRUB_UINT64_T, but they may + not be in the future. + + Reviewed-by: Daniel Kiper + +2023-07-03 Glenn Washburn + + kern/misc: Support octal printf format code + Also add parenthesis to nested ternary operator to improve clarity. + + Reviewed-by: Daniel Kiper + +2023-07-03 Glenn Washburn + + gitignore: Ignore python bytecode files + Python bytecode files, which end in .pyc, may be generated by the build + system as needed and should not go into the git repository. + + Reviewed-by: Daniel Kiper + +2023-07-03 Glenn Washburn + + loader/linux: Only emit newc directory once + When creating at runtime a newc initrd via arguments to initrd with "newc:" + prefixes, only emit a directory path record once. The original code + intended to do that by bailing out of emitting the record when the record + to be created matches an existing record. However, this does not happen + because grub_memcmp() is improperly checked. + + Generating duplicate newc directory records does not cause any problems + because the Linux unpacker will skip it once it sees the directory already + exists. This fix saves a little processing and makes the generated newc + cpio archive a little smaller. + + Fixes: 92750e4c60 (Add ability to generate newc additions on runtime.) + + Reviewed-by: Daniel Kiper + +2023-07-03 Glenn Washburn + + loader/efi/linux: Fix formatting and remove unneeded parenthesis + Reviewed-by: Daniel Kiper + +2023-07-03 Glenn Washburn + + loader/efi/linux: Print EFI status as hex number instead of uint + EFI status codes are of different classes depending on the first byte and + all error status codes defined in appendix D of the main spec start from + 1 and have the high bit set. When printing as a uint, the decimal is a very + large number that needs have the high bit cleared get the spec error code. + This can be easily visually done by a human if the number is printed as hex. + + Reviewed-by: Daniel Kiper + +2023-07-03 Oskari Pirhonen + + docs: Minor edits to debugging chapter + Small set of wording and grammatical edits which did not make it in time + for the original review of the chapter. + + Reviewed-by: Glenn Washburn + Reviewed-by: Daniel Kiper + +2023-06-22 Daniel Kiper + + lib/relocator: Fix OOB write when initializing lo->freebytes[] + Fixes: CID 96636 + + Reviewed-by: Vladimir Serbinenko + +2023-06-22 Daniel Kiper + + lib/relocator: Enforce GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT divisibility by 8 + Most of leftover code blindly assumes GRUB_RELOCATOR_FIRMWARE_REQUESTS_QUANT + divisibility by 8. So, enforce this at compile time. + + Reviewed-by: Vladimir Serbinenko + +2023-06-22 Julian Andres Klode + + emu: Add SDL2 support + So all we did with the surface in SDL1 was split into window, + surface, renderer and texture. Instead of drawing into the + surface and then flipping, you build your pixels, then update + a texture and then copy the texture to the renderer. + + Here we use an empty RGB surface to hold our pixels, which enables + us to keep most of the code the same. The SDL1 code has been adjusted + to refer to "surface" instead of "window" when trying to access the + properties of the surface. + + This approaches the configuration by adding a new --enable-grub-emu-sdl2 + argument. If set to yes, or auto detected, it disables SDL1 support + automatically. + + This duplicates the sdl module block in Makefile.core.def which may + be something to be aware of, but we also don't want to build separate + module. + + Fixes: https://bugs.debian.org/1038035 + + Reviewed-by: Daniel Kiper + +2023-06-22 Julian Andres Klode + + emu: SDL style fixes + These should be quite obvious and will make the SDL2 patch easier + to read then doing it inline there. + + Reviewed-by: Daniel Kiper + +2023-06-22 Michał Grzelak + + tpm: Enable boot despite unknown firmware failure + Currently booting the system is prevented when call to EFI firmware + hash_log_extend_event() returns unknown error. Solve this by following + convention used in commit a4356538d (commands/tpm: Don't propagate + measurement failures to the verifiers layer). + + Let the system to be bootable by default when unknown TPM error is + encountered. Check environment variable tpm_fail_fatal to fallback to + previous behaviour. + + Reviewed-by: Daniel Kiper + +2023-06-22 Daniel Kiper + + bootstrap: Fix patching warnings + Currently bootstrap complains in the following way when + patching gnulib files: + + patching file argp-help.c + Hunk #1 succeeded at 52 (offset 1 line). + Hunk #2 succeeded at 1548 (offset 115 lines). + patching file mbswidth.c + patching file mbswidth.h + Hunk #1 succeeded at 40 (offset -5 lines). + + Let's fix it by amending line numbers in the patch. + + Reviewed-by: Alec Brown + +2023-06-22 Daniel Kiper + + efi: Add missing __grub_efi_api attributes + The commit bb4aa6e06 (efi: Drop all uses of efi_call_XX() wrappers) did + not add some __grub_efi_api attributes to the EFI calls. Lack of them + led to hangs on x86_64-efi target. So, let's add missing __grub_efi_api + attributes. + + Fixes: bb4aa6e06 (efi: Drop all uses of efi_call_XX() wrappers) + + Reported-by: Christian Hesse + Reported-by: Robin Candau + Tested-by: Robin Candau + Tested-by: Christian Hesse + Reviewed-by: Peter Jones + +2023-06-22 Julian Andres Klode + + disk: Generalize MD_MAX_DISKS to GRUB_MDRAID_MAX_DISKS + Move the constant from grub-core/osdep/linux/getroot.c to + include/grub/disk.h and then reuse it in place of the + hardcoded 1024 limit in diskfilter. + + Fixes: 2a5e3c1f2 (disk/diskfilter: Don't make a RAID array with more than 1024 disks) + + Cc: Daniel Axtens + Cc: Kees Cook + Reviewed-by: Kees Cook + Reviewed-by: Daniel Kiper + +2023-06-22 Xiaotian Wu + + loongarch: Disable relaxation relocations + A working GRUB cannot be built with upcoming binutils and GCC, because linker + relaxation was added [1] causing new unsupported relocations to appear in modules. + + So we pass -mno-relax to GCC if it is supported, to disable relaxation and make + GRUB forward-compatible with new toolchains. + + While similar code already exists for sparc64 in configure.ac, sparc64 sets + LDFLAGS while LoongArch requires CFLAGS to be set. If we only set LDFLAGS on + LoongArch, GCC will still generate relaxation relocations in the .o files, so + the sparc64 code cannot be reused. + + [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=56576f4a722b7398d35802ecf7d4185c27d6d69b + + Reviewed-by: Daniel Kiper + +2023-06-13 Xiaotian Wu + + loongarch: Add ELF relocation types documentation and comments + See https://github.com/loongson/la-abi-specs/blob/release/laelf.adoc#relocations + + Reviewed-by: Daniel Kiper + +2023-06-13 Xiaotian Wu + + loongarch: Rename function names + According to the relocation documentation, the following function names are + renamed to show their exact meaning: + - from grub_loongarch64_xxx64_hi12() to grub_loongarch64_abs64_hi12(), + - from grub_loongarch64_xxx64_hi12() to grub_loongarch64_abs64_lo20(). + + Reviewed-by: Daniel Kiper + +2023-06-13 Xiaotian Wu + + util/grub-mkimagexx: Optimize code using pc variable + We already have the pc variable, no need to calculate it again. + + Reviewed-by: Daniel Kiper + +2023-06-13 Xiaotian Wu + + kern/{arm64,loongarch64}/dl_helper: Use the correct format specifier for formatted output + Use PRIxGRUB_INT64_T format specifier for grub_int64_t type + and drop redundant casts. + + Reviewed-by: Daniel Kiper + +2023-06-13 Qiumiao Zhang + + kern/acpi: Use xsdt_addr if present + According to the ACPI specification, in ACPI 2.0 or later, an + ACPI-compatible OS must use the XSDT if present. So, we should + use xsdt_addr instead of rsdt_addr if xsdt_addr is valid. + + Reviewed-by: Daniel Kiper + +2023-06-13 Qiumiao Zhang + + commands/acpi: Use xsdt_addr if present + According to the ACPI specification, in ACPI 2.0 or later, an + ACPI-compatible OS must use the XSDT if present. So, we should + use xsdt_addr instead of rsdt_addr if xsdt_addr is valid. + + Reviewed-by: Daniel Kiper + +2023-06-13 Lidong Chen + + fs/udf: Fix out of bounds access + Implemented a boundary check before advancing the allocation + descriptors pointer. + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2023-06-13 Glenn Washburn + + docs: Add debugging chapter to development documentation + Debugging GRUB can be tricky and require arcane knowledge. This will + help those unfamiliar with the process to get started debugging GRUB + with less effort. + + Reviewed-by: Daniel Kiper + +2023-06-13 Darren Kenny + + fs/xfs: Fix issues found while fuzzing the XFS filesystem + While performing fuzz testing with XFS filesystem images with ASAN + enabled, several issues were found where the memory accesses are made + beyond the data that is allocated into the struct grub_xfs_data + structure's data field. + + The existing structure didn't store the size of the memory allocated into + the buffer in the data field and had no way to check it. To resolve these + issues, the data size is stored to enable checks into the data buffer. + + With these checks in place, the fuzzing corpus no longer cause any crashes. + + Reviewed-by: Daniel Kiper + +2023-06-13 Alexander Kanavin + + util/import_unicode.py: Ensure output is deterministic + Ensure the generated unidata.c file is deterministic by sorting the + keys of the dict. + + Reviewed-by: Daniel Kiper + +2023-06-13 Alexander Kanavin + + grub-core/genmoddep.awk: Ensure output is deterministic + The output in moddep.lst generated from syminfo.lst using genmoddep.awk + is not deterministic since the order of the dependencies on each line + can vary depending on how awk sorts the values in the array. + + Be deterministic in the output by sorting the dependencies on each line. + + Reviewed-by: Daniel Kiper + +2023-06-13 Alexander Kanavin + + gentpl.py: Ensure output is deterministic + The output of the SOURCES lines in grub-core/Makefile.core.am, generated + from grub-core/Makefile.core.def with gentpl.py is not deterministic due to + missing sorting of the list used to generate it. Add such a sort. + + Reviewed-by: Daniel Kiper + +2023-06-01 Glenn Washburn + + gdb: Add gdbinfo command for printing the load address of the EFI application + EFI firmware determines where to load the GRUB EFI at runtime, and so the + addresses of debug symbols are not known ahead of time. There is a command + defined in the gdb_grub script which will load the debug symbols at the + appropriate addresses, if given the application load address for GRUB. + So add a command named "gdbinfo" to allow the user to print this GDB command + string with the application load address on-demand. For the outputted GDB + command to have any effect when entered into a GDB session, GDB should have + been started with the script as an argument to the -x option or sourced into + an active GDB session before running the outputted command. + + Documentation for the gdbinfo command is also added. + + Co-developed-by: Peter Jones + Reviewed-by: Daniel Kiper + +2023-06-01 Glenn Washburn + + loader/efi/chainloader: Do not require a $root visible to EFI firmware when chainloading + The EFI chainloader checks that a device path can be created for the $root + device before allowing chainloading to a given file. This is probably to + ensure that the given file can be accessed and loaded by the firmware. + However, since GRUB is loading the image itself, the firmware need not + be able to access the file location of the image. So remove this check. + + Also, this fixes an issue where chainloading an image file on a location + that is accessible by the firmware, e.g. (hd0,1)/efi/boot.efi, would + fail when root is a location inaccessible by the firmware, e.g. memdisk. + + Use GRUB_EFI_BYTES_TO_PAGES() instead of doing the calculation explicitly. + + Add comment noting the section where the load options for the chainloaded + EFI application is constructed. + + Reviewed-by: Ard Biesheuvel + Reviewed-by: Daniel Kiper + +2023-06-01 Glenn Washburn + + docs: Document extra arguments to chainloader on EFI + Extra arguments given to chainloader on EFI platforms will be sent to + the chainloaded application. Also, minor edit in the chainloading section + to note that chainloading can be a jump via the firmware and not + necessarily in real mode (which does not exist on some architectures). + + Reviewed-by: Ard Biesheuvel + Reviewed-by: Daniel Kiper + +2023-06-01 Oliver Steffen + + util/grub.d/25_bli.in: Activate bli module on EFI + Add a new configuration drop-in file that loads the bli module and runs + the command if booting on the EFI platform. + + Reviewed-by: Daniel Kiper + +2023-06-01 Oliver Steffen + + bli: Add a module for the Boot Loader Interface + Add a new module named bli. It implements a small but quite useful part + of the Boot Loader Interface [0]. This interface uses EFI variables for + communication between the boot loader and the operating system. + + When loaded, this module sets two EFI variables under the vendor GUID + 4a67b082-0a4c-41cf-b6c7-440b29bb8c4f: + + - LoaderInfo: contains GRUB + . + This allows the running operating system to identify the boot loader + used during boot. + + - LoaderDevicePartUUID: contains the partition UUID of the EFI System + Partition (ESP). This is used by systemd-gpt-auto-generator [1] to + find the root partitions (and others too), via partition type IDs [2]. + + This module is available on EFI platforms only. The bli module relies on + the part_gpt module which has to be loaded beforehand to make the GPT + partitions discoverable. + + Update the documentation, add a new chapter "Modules" and describe the + bli module there. + + [0] https://systemd.io/BOOT_LOADER_INTERFACE/ + [1] https://www.freedesktop.org/software/systemd/man/systemd-gpt-auto-generator.html + [2] https://uapi-group.org/specifications/specs/discoverable_partitions_specification/ + + Reviewed-by: Daniel Kiper + +2023-06-01 Oliver Steffen + + kern: Check for NULL when closing devices and disks + Add checks for NULL pointers to grub_device_close() and + grub_disk_close() to make these functions more robust. + + Reviewed-by: Daniel Kiper + +2023-06-01 Oliver Steffen + + docs: Reword section headings + Reword some section headings, remove "The List of" from titles. While + grammatically correct, this phrase can be omitted to increase + readability, especially in the table of contents. + + Reviewed-by: Daniel Kiper + +2023-06-01 Oliver Steffen + + efi: Add grub_efi_set_variable_to_string() + Add a function that sets an EFI variable to a string value. + The string is converted from UTF-8 to UTF-16. + + Reviewed-by: Daniel Kiper + +2023-06-01 Oliver Steffen + + kern/misc, kern/efi: Extract UTF-8 to UTF-16 code + Create a new function for UTF-8 to UTF-16 conversion called + grub_utf8_to_utf16_alloc() in the grub-code/kern/misc.c and replace + charset conversion code used in some places in the EFI code. It is + modeled after the grub_utf8_to_ucs4_alloc() like functions in + include/grub/charset.h. It can't live in include/grub/charset.h, + because it needs to be reachable from the kern/efi code. + + Add a check for integer overflow and remove redundant NUL-termination. + + Reviewed-by: Daniel Kiper + +2023-06-01 Oliver Steffen + + include/grub/types.h: Add GRUB_SSIZE_MAX + In the same way as GRUB_SIZE_MAX, add GRUB_SSIZE_MAX. + + Reviewed-by: Daniel Kiper + +2023-06-01 Oliver Steffen + + guid: Make use of GUID printf format specifier + Use the new printf format specifier %pG. + + Fixes the text representation of GUIDs in the output of the lsefisystab + command (missing 4th dash). + + Reviewed-by: Daniel Kiper + +2023-06-01 Oliver Steffen + + kern/misc: Add a format specifier GUIDs + Extend the printf format specifier for pointers (%p) to accept a suffix + specifier G to print GUIDs: %pG can be used to print grub_guid structs. + This does not interfere with the -Wformat checking of gcc. Note that + the data type is not checked though (%p accepts void *). + + Reviewed-by: Daniel Kiper + +2023-06-01 Oliver Steffen + + guid: Unify GUID types + There are 3 implementations of a GUID in GRUB. Replace them with + a common one, placed in types.h. + + It uses the "packed" flavor of the GUID structs, the alignment attribute + is dropped, since it is not required. + + Reviewed-by: Daniel Kiper + +2023-06-01 Oliver Steffen + + efi: Add grub_efi_set_variable_with_attributes() + Add a function to the EFI module that allows setting EFI variables + with specific attributes. + + This is useful for marking variables as volatile, for example. + + Reviewed-by: Daniel Kiper + +2023-05-25 Alec Brown + + kern/efi/mm: Fix use-after-free in finish boot services + In grub-core/kern/efi/mm.c, grub_efi_finish_boot_services() has an instance + where the memory for the variable finish_mmap_buf is freed, but on the next + iteration of a while loop, grub_efi_get_memory_map() uses finish_mmap_buf. To + prevent this, we can set finish_mmap_buf to NULL after the free. + + Reviewed-by: Daniel Kiper + +2023-05-25 Ard Biesheuvel + + efi: Handle NULL return value when getting loaded image protocol + The EFI spec mandates that the handle produced by the LoadImage boot + service has a LoadedImage protocol instance installed on it, but for + robustness, we should still deal with a NULL return value from the + helper routine that obtains this protocol pointer. + + If this happens, don't try to start the image but unload it and return + an error. + + Reviewed-by: Daniel Kiper + +2023-05-25 Ard Biesheuvel + + efi: Use generic EFI loader for x86_64 and i386 + Switch the x86 based EFI platform builds to the generic EFI loader, + which exposes the initrd via the LoadFile2 protocol instead of the + x86-specific setup header. This will launch the Linux kernel via its EFI + stub, which performs its own initialization in the EFI boot services + context before calling ExitBootServices() and performing the bare metal + Linux boot. + + Given that only Linux kernel versions v5.8 and later support this initrd + loading method, the existing x86 loader is retained as a fallback, which + will also be used for Linux kernels built without the EFI stub. In this + case, GRUB calls ExitBootServices() before entering the Linux kernel, + and all EFI related information is provided to the kernel via struct + boot_params in the setup header, as before. + + Note that this means that booting EFI stub kernels older than v5.8 is + not supported even when not using an initrd at all. Also, the EFI + handover protocol, which has no basis in the UEFI specification, is not + implemented. + + Reviewed-by: Daniel Kiper + +2023-05-25 Ard Biesheuvel + + efi: Remove x86_64 call wrappers + The call wrappers are no longer needed now that GCC can generate + function calls using MS calling convention, so let's get rid of them. + + Reviewed-by: Daniel Kiper + +2023-05-25 Ard Biesheuvel + + efi: Drop all uses of efi_call_XX() wrappers + Now that GCC can generate function calls using the correct calling + convention for us, we can stop using the efi_call_XX() wrappers, and + just dereference the function pointers directly. + + This avoids the untyped variadic wrapper routines, which means better + type checking for the method calls. + + Reviewed-by: Daniel Kiper + +2023-05-25 Ard Biesheuvel + + efi: Add calling convention annotation to all prototypes + UEFI mandates MS calling convention on x86_64, which was not supported + on GCC when UEFI support was first introduced into GRUB. However, now we + can use the ms_abi function type attribute to annotate functions and + function pointers as adhering to the MS calling convention, and the + compiler will generate the correct instruction sequence for us. + + So let's add the appropriate annotation to all the function prototypes. + This will allow us to drop the special call wrappers in a subsequent patch. + + Reviewed-by: Daniel Kiper + +2023-05-25 Ard Biesheuvel + + efi: Make EFI PXE protocol methods non-callable + The grub_efi_pxe_t struct definition has placeholders for the various + protocol method pointers, given that they are never called in the code, + and the prototypes have been omitted, and therefore do not comply with + the UEFI spec. + + So let's convert them into void* pointers, so they cannot be called + inadvertently. + + Reviewed-by: Daniel Kiper + +2023-05-25 Alec Brown + + loader/multiboot_elfxx: Check program header offset doesn't exceed constraints + In grub-core/loader/multiboot_elfxx.c, we need to make sure that the program + header offset is less than the file size along with the MULTIBOOT_SEARCH + constant. We can do so by setting the variable phlimit to the minimum value of + the two limits and check it each time we change program header index to insure + that the program header offset isn't outside of the limits. + + Fixes: CID 314029 + Fixes: CID 314038 + + Reviewed-by: Daniel Kiper + +2023-05-25 Alec Brown + + loader/multiboot_elfxx: Check section header region before allocating memory + In grub-core/loader/multiboot_elfxx.c, space is being allocated for the section + header region, but isn't verifying if the region is within the file's size. + Before calling grub_calloc(), we can add a conditional to check if the section + header region is smaller than the file size. + + Fixes: CID 314029 + Fixes: CID 314038 + + Reviewed-by: Daniel Kiper + +2023-05-25 Alec Brown + + loader/multiboot_elfxx: Check program memory isn't larger than allocated memory size + In grub-core/loader/multiboot_elfxx.c, the code is filling an area of memory + with grub_memset() but doesn't check if there is space in the allocated memory + before doing so. To make sure we aren't zeroing memory past the allocated memory + region, we need to check that the offset into the allocated memory region plus + the memory size of the program is smaller than the allocated memory size. + + Fixes: CID 314029 + Fixes: CID 314038 + + Reviewed-by: Daniel Kiper + +2023-05-25 WANG Xuerui + + kern/loongarch64/dl_helper: Avoid undefined behavior when popping from an empty reloc stack + The return value of grub_loongarch64_stack_pop() is unsigned, so -1 should + not be used in the first place. Replacing with 0 is enough to avoid the + UB in this edge case. + + Technically though, proper error handling is needed throughout the + management of the reloc stack, so no unexpected behavior will happen + even in case of malformed object code input (right now, pushes become + no-ops when the stack is full, and garbage results if the stack does not + contain enough operands for an op). The refactor would touch some more + places so would be best done in a separate series. + + Fixes: CID 407777 + Fixes: CID 407778 + + Reviewed-by: Daniel Kiper + +2023-05-25 Peter Zijlstra (Intel) + + pci: Rename GRUB_PCI_CLASS_* + Glenn suggested to rename the existing PCI_CLASS defines to have + explicit class and subclass names. + + Suggested-by: Glenn Washburn + Reviewed-by: Daniel Kiper + +2023-05-25 Peter Zijlstra (Intel) + + term/serial: Add support for PCI serial devices + Loosely based on early_pci_serial_init() from Linux, allow GRUB to make + use of PCI serial devices. + + Specifically, my Alderlake NUC exposes the Intel AMT SoL UART as a PCI + enumerated device but doesn't include it in the EFI tables. + + Tested and confirmed working on a "Lenovo P360 Tiny" with Intel AMT + enabled. This specific machine has (from lspci -vv): + + 00:16.3 Serial controller: Intel Corporation Device 7aeb (rev 11) (prog-if 02 [16550]) + DeviceName: Onboard - Other + Subsystem: Lenovo Device 330e + Control: I/O+ Mem+ BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- + Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- SERR- + Reviewed-by: Daniel Kiper + +2023-05-17 Glenn Washburn + + tests/util/grub-fs-tester: Avoid failing some file system tests due to file system filling up + On some systems /usr/share/dict/american-english can be larger than the + available space on the filesystem being tested (e.g. vfat12a). This + causes a failure of the filesystem test and is not a real test failure. + Instead, use dd to copy at most 1 MiB of data to the filesystem, which is + enough for our purposes and will not fill any of the tested filesystems. + + Reviewed-by: Daniel Kiper + +2023-05-17 Glenn Washburn + + docs: Command-line and menu entry commands are now separated + The menu entry commands now have their own section. Change the wording in + the section that they were in to reflect this. + + Reviewed-by: Daniel Kiper + +2023-05-17 Roger Pau Monné + + lib/relocator: Always enforce the requested alignment in malloc_in_range() + On failure to allocate from grub_relocator_firmware_alloc_region() in + malloc_in_range() the function would stop enforcing the alignment, and + the following was returned: + + lib/relocator.c:431: trying to allocate in 0x200000-0xffbf9fff aligned 0x200000 size 0x406000 + lib/relocator.c:1197: allocated: 0x74de2000+0x406000 + lib/relocator.c:1407: allocated 0x74de2000/0x74de2000 + + Fix this by making sure that target always contains a suitably aligned + address. After the change the return from the function is: + + lib/relocator.c:431: trying to allocate in 0x200000-0xffb87fff aligned 0x200000 size 0x478000 + lib/relocator.c:1204: allocated: 0x74c00000+0x478000 + lib/relocator.c:1414: allocated 0x74c00000/0x74c00000 + + Fixes: 3a5768645c05 (First version of allocation from firmware) + + Reviewed-by: Daniel Kiper + +2023-05-17 Benjamin Herrenschmidt + + term/ns8250: Fix incorrect usage of access_size + The access_size is part of a union, so doesn't technically exist for + a PIO port (i.e., not MMIO), but we set it anyways. + + This doesn't cause a bug today because the other leg of the union + doesn't have anything overlapping with it now, but it's bad, I will + punish myself for writing it that way :-) In the meantime, fix this + and actually name the struct inside the union for clarity of intent + and to avoid such issue in the future. + + Reviewed-by: Daniel Kiper + +2023-05-17 Ákos Nagy + + util/grub-install-common: Fix the key of the --core-compress option + Commit f23bc6510 (Transform -C option to grub-mkstandalone to + --core-compress available in all grub-install flavours.) declared + a new long option for specifying the compression method to use for + the core image. + + However, the option key has not been replaced in the parser function, + it still expects the old one formerly used by grub-mkstandalone. + Because of this the option is not recognized by any of the utils for + which it is listed as supported. + + Reviewed-by: Daniel Kiper + +2023-05-17 Lidong Chen + + fs/hfsplus: Set grub_errno to prevent NULL pointer access + When an invalid node size is detected in grub_hfsplus_mount(), data + pointer is freed. Thus, file->data is not set. The code should also + set the grub_errno when that happens to indicate an error and to avoid + accessing the uninitialized file->data in grub_file_close(). + + Reviewed-by: Daniel Kiper + +2023-05-17 Lidong Chen + + fs/hfsplus: Prevent out of bound access in catalog file + A corrupted hfsplus can have a catalog key that is out of range. This + can lead to out of bound access when advancing the pointer to access + catalog file info. The valid range of a catalog key is specified in + HFS Plus Technical Note TN1150 [1]. + + [1] https://developer.apple.com/library/archive/technotes/tn/tn1150.html + + Reviewed-by: Daniel Kiper + +2023-05-17 Lidong Chen + + fs/hfsplus: Validate btree node size + The invalid btree node size can cause crashes when parsing the btree. + The fix is to ensure the btree node size is within the valid range + defined in the HFS Plus technical note, TN1150 [1]. + + [1] https://developer.apple.com/library/archive/technotes/tn/tn1150.html + + Reviewed-by: Daniel Kiper + +2023-05-17 Glenn Washburn + + INSTALL: Use exfat-utils package instead of exfatprogs + The exfat-utils package is an older package complementing exfat-fuse, and + was the only exfat tools for a long time. The exfat filesystem testing code + was written with these tools in mind. A newer project exfatprogs appears to + be of better quality and functionality and was written to complement the + somewhat new exfat kernel module. Ideally we should be using the newer + exfatprogs. However, the command line interface for mkfs.exfat is different + between the two. So we can't use the exfatprogs tools until the test scripts + have been updated to account for this. Recommend installing exfat-utils + instead of exfatprogs for now. + + Reviewed-by: Daniel Kiper + +2023-05-17 Glenn Washburn + + INSTALL: Document that building grub-mkfont requires xfonts-unifont + Reviewed-by: Daniel Kiper + +2023-05-17 Renaud Métrich + + net/dns: Fix lookup error when no IPv6 is returned + When trying to resolve DNS names into IP addresses, the DNS code fails + from time to time with the following error: + -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- + error: ../../grub-core/net/dns.c:688:no DNS record found. + -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- + + This happens when both IPv4 and IPv6 queries are performed against the + DNS server (e.g. 8.8.8.8) but there is no IP returned for IPv6 query, as + shown below: + -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- + grub> net_del_dns 192.168.122.1 + grub> net_add_dns 8.8.8.8 + grub> net_nslookup ipv4.test-ipv6.com + error: ../../grub-core/net/dns.c:688:no DNS record found. + grub> net_nslookup ipv4.test-ipv6.com + 216.218.228.115 + -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- + + The root cause is the code exiting prematurely when the data->addresses + buffer has been allocated in recv_hook(), even if there was no address + returned last time recv_hook() executed. + + Reviewed-by: Daniel Kiper + +2023-05-17 Renaud Métrich + + net/dns: Add debugging messages in recv_hook() function + Reviewed-by: Daniel Kiper + + net/dns: Simplify error handling of recv_hook() function + Reviewed-by: Daniel Kiper + +2023-05-17 Renaud Métrich + + net/dns: Fix removal of DNS server + When deleting the DNS server, we get the following error message: + -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- + grub> net_del_dns 192.168.122.1 + error: ../../grub-core/net/dns.c:646:no DNS reply received. + -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- + + This happens because the implementation is broken, it does a "add" + internally instead of a "delete". + + Reviewed-by: Daniel Kiper + +2023-05-17 Xiaotian Wu + + tests: Add LoongArch to various test cases + I ran the test suite on a 3A5000 desktop, a LoongArch architecture machine, + using Archlinux for LoongArch distro, see https://github.com/loongarchlinux. + + Some software versions are: + * linux 6.3.0-rc4 + * gcc 13.0.1 20230312 + * binutils 2.40 + * qemu 7.2.0 + + The test results of running "make check" with qemu 7.2 are as follows: + + ================================= + GRUB 2.11: ./test-suite.log + ================================= + + # TOTAL: 85 + # PASS: 73 + # SKIP: 8 + # XFAIL: 0 + # FAIL: 2 + # XPASS: 0 + # ERROR: 2 + + .. contents:: :depth: 2 + + ERROR: f2fs_test + ================ + + mount: /tmp/grub-fs-tester.20230418175640563815408.f2fs.UDs/f2fs_rw: unknown filesystem type 'f2fs'. + dmesg(1) may have more information after failed mount system call. + MOUNT FAILED. + ERROR f2fs_test (exit status: 99) + + FAIL: hfs_test + ============== + + recode: Request `utf8..macroman' is erroneous + mkfs.hfs: name required with -v option + FAIL hfs_test (exit status: 1) + + ERROR: zfs_test + =============== + + zpool not installed; cannot test zfs. + ERROR zfs_test (exit status: 99) + + SKIP: pata_test + =============== + + SKIP pata_test (exit status: 77) + + SKIP: ahci_test + =============== + + SKIP ahci_test (exit status: 77) + + SKIP: uhci_test + =============== + + SKIP uhci_test (exit status: 77) + + SKIP: ohci_test + =============== + + SKIP ohci_test (exit status: 77) + + SKIP: ehci_test + =============== + + SKIP ehci_test (exit status: 77) + + SKIP: fddboot_test + ================== + + SKIP fddboot_test (exit status: 77) + + SKIP: netboot_test + ================== + + SKIP netboot_test (exit status: 77) + + SKIP: pseries_test + ================== + + SKIP pseries_test (exit status: 77) + + FAIL: grub_func_test + ==================== + + WARNING: Image format was not specified for '/tmp/grub-shell.HeTAD8Ty3U/grub.iso' and probing guessed raw. + Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted. + Specify the 'raw' format explicitly to remove the restrictions. + Functional test failure: shift_test: + ... + gfxterm_menu_640x480xi16:3 failed: 0xce34981e vs 0xd9f04953 + tests/video_checksum.c:checksum:615: assert failed: 0 Checksum + gfxterm_menu_640x480xi16:2 failed: 0xa8fb749d vs 0xbf3fa5d0 + tests/video_checksum.c:checksum:615: assert failed: 0 Checksum + gfxterm_menu_640x480xi16:1 failed: 0xce34981e vs 0xd9f04953 + gfxterm_menu: FAIL + ... + videotest_checksum: + videotest_checksum: PASS + exfctest: + exfctest: PASS + TEST FAILURE + FAIL grub_func_test (exit status: 1) + + We got 2 errors: + + * f2fs_test + The kernel uses 16k pages, causing failures when loading the f2fs kernel module, + see https://github.com/torvalds/linux/blob/master/fs/f2fs/super.c#L4670 + This error can be ignored. + + * zfs_test + zfs does not support the LoongArch architecture and is not compatible with the + 6.3 kernel. + This error can be ignored. + + We got 2 failures: + + * hfs_test + I use recode 3.7.14-1 on Archlinux, running `recode -l` gives no output `MacRoman`, + so we get this error. + On Linux systems that support LoongArch, there is currently no need to use HFS, + so this failure can be ignored. + + * grub_func_test + I don't know the reason for this failure. I guess it may be related to qemu's edk2. + In the previous review, I was told that the failure here is the expected behavior. + So, we can ignore this failure. + + Reviewed-by: Daniel Kiper + +2023-05-17 Xiaotian Wu + + tests: Fix timezone inconsistency in squashfs_test + The image timestamp was not returned in UTC, but the following logic + expected and used UTC. + + This patch fixes the test failure like described below: + + unsquashfs -s /tmp/grub-fs-tester.20230407111703613257436.squash4_gzip.9R4/squash4_gzip_512_4096_1_0.img + grep '^Creation' + awk '{print $6 " " $7 " " $8 " " $9 " " $10; }' + FSTIME='Fri Apr 7 11:17:05 2023' + date -d 'Fri Apr 7 11:17:05 2023' -u '+%Y-%m-%d %H:%M:%S' + FSTIME='2023-04-07 11:17:05' + date -d '2023-04-07 11:17:05 UTC -1 second' -u '+%Y-%m-%d %H:%M:%S' + FSTIMEM1='2023-04-07 11:17:04' + date -d '2023-04-07 11:17:05 UTC -2 second' -u '+%Y-%m-%d %H:%M:%S' + FSTIMEM2='2023-04-07 11:17:03' + date -d '2023-04-07 11:17:05 UTC -3 second' -u '+%Y-%m-%d %H:%M:%S' + FSTIMEM3='2023-04-07 11:17:02' + grep -F 'Last modification time 2023-04-07 11:17:05' + echo 'Device loop0: Filesystem type squash4 - Last modification time 2023-04-07 03:17:05 Friday - Sector size 512B - Total size 10680KiB' + echo 'Device loop0: Filesystem type squash4 - Last modification time 2023-04-07 03:17:05 Friday - Sector size 512B - Total size 10680KiB' + grep -F 'Last modification time 2023-04-07 11:17:04' + echo 'Device loop0: Filesystem type squash4 - Last modification time 2023-04-07 03:17:05 Friday - Sector size 512B - Total size 10680KiB' + grep -F 'Last modification time 2023-04-07 11:17:03' + echo 'Device loop0: Filesystem type squash4 - Last modification time 2023-04-07 03:17:05 Friday - Sector size 512B - Total size 10680KiB' + grep -F 'Last modification time 2023-04-07 11:17:02' + echo FSTIME FAIL + + Reviewed-by: Glenn Washburn + Reviewed-by: Daniel Kiper + +2023-05-17 Xiaotian Wu + + loongarch: Add to build system + This patch adds LoongArch to the GRUB build system and various tools, + so GRUB can be built on LoongArch as a UEFI application. + + Reviewed-by: Daniel Kiper + +2023-05-17 Xiaotian Wu + + loongarch: Add auxiliary files + Add support for manipulating architectural cache and timers, and EFI + memory maps. + + Reviewed-by: Daniel Kiper + +2023-05-17 Xiaotian Wu + + loongarch: Add support for ELF psABI v2.00 relocations + A new set of relocation types was added in the LoongArch ELF psABI v2.00 + spec [1], [2] to replace the stack-based scheme in v1.00. Toolchain + support is available from binutils 2.40 and gcc 13 onwards. + + This patch adds support for the new relocation types, that are simpler + to handle (in particular, stack operations are gone). Support for the + v1.00 relocs are kept for now, for compatibility with older toolchains. + + [1] https://github.com/loongson/LoongArch-Documentation/pull/57 + [2] https://loongson.github.io/LoongArch-Documentation/LoongArch-ELF-ABI-EN.html#_appendix_revision_history + + Reviewed-by: Daniel Kiper + +2023-05-17 Xiaotian Wu + + loongarch: Add support for ELF psABI v1.00 relocations + This patch adds support of the stack-based LoongArch relocations + throughout GRUB, including tools, dynamic linkage, and support for + conversion of ELF relocations into PE ones. A stack machine is required + to handle these per the spec [1] (see the R_LARCH_SOP types), of which + a simple implementation is included. + + These relocations are produced by binutils 2.38 and 2.39, while the newer + v2.00 relocs require more recent toolchain (binutils 2.40+ & gcc 13+, or + LLVM 16+). GCC 13 has not been officially released as of early 2023, so + support for v1.00 relocs are expected to stay relevant for a while. + + [1] https://loongson.github.io/LoongArch-Documentation/LoongArch-ELF-ABI-EN.html#_relocations + + Reviewed-by: Daniel Kiper + +2023-05-17 Xiaotian Wu + + loongarch: Add early startup code + On entry, we need to save the system table pointer as well as our image + handle. Add an early startup file that saves them and then brings us + into our main function. + + Reviewed-by: Daniel Kiper + +2023-05-17 Xiaotian Wu + + loongarch: Add setjmp implementation + This patch adds a setjmp implementation for LoongArch. + + Reviewed-by: Daniel Kiper + +2023-05-17 Xiaotian Wu + + elf: Add LoongArch definitions + Add ELF e_machine ID [1] and relocations types [2] for LoongArch to + the current in-repo definitions. + + [1] https://loongson.github.io/LoongArch-Documentation/LoongArch-ELF-ABI-EN.html#_e_machine_identifies_the_machine + [2] https://loongson.github.io/LoongArch-Documentation/LoongArch-ELF-ABI-EN.html#_relocations + + Reviewed-by: Daniel Kiper + +2023-05-17 Xiaotian Wu + + pe: Add LoongArch definitions + Add PE machine types [1] and relocation types [2] for LoongArch to + the current in-repo definitions. + + [1] https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#machine-types + [2] https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#base-relocation-types + + Reviewed-by: Daniel Kiper + +2023-05-16 Chris Coulson + + font: Try opening fonts from the bundled memdisk + GRUB since 93a786a00 (kern/efi/sb: Enforce verification of font files) + has enforced verification of font files in secure boot mode. In order to + continue to be able to load some default fonts, vendors may bundle them + with their signed EFI image by adding them to the built-in memdisk. + + This change makes the font loader try loading fonts from the memdisk + before the prefix path when attempting to load a font file by specifying + its filename, which avoids having to make changes to GRUB configurations + in order to accommodate memdisk bundled fonts. It expects the directory + structure to be the same as fonts stored in the prefix path, + i.e. /fonts/.pf2. + + Reviewed-by: Steve McIntyre <93sam@debian.org> + Tested-by: Steve McIntyre <93sam@debian.org> + Reviewed-by: Robbie Harwood + Reviewed-by: Daniel Kiper + +2023-05-16 Robbie Harwood + Aaron Miller + Peter Jones + + net: Read bracketed IPv6 addrs and port numbers + Allow specifying port numbers for http and tftp paths and allow IPv6 + addresses to be recognized with brackets around them, which is required + to specify a port number. + + Reviewed-by: Daniel Kiper + +2023-05-16 Robbie Harwood + + Revert "net/http: Allow use of non-standard TCP/IP ports" + The notation introduced in ac8a37dda (net/http: Allow use of non-standard + TCP/IP ports) contradicts that used in downstream distributions including + Fedora, RHEL, Debian, Ubuntu, and others. Revert it and apply the downstream + notation which was originally proposed to the GRUB in 2016. + + This reverts commit ac8a37dda (net/http: Allow use of non-standard TCP/IP ports). + + Reviewed-by: Daniel Kiper + +2023-05-16 Riku Viitanen + + term/at_keyboard: Add timeout to fix hang on HP EliteBooks + This fixes the GRUB on Coreboot on HP EliteBooks by implementing + a 200 ms timeout. The GRUB used to hang. + + Fixes: https://ticket.coreboot.org/issues/141 + + Reviewed-by: Daniel Kiper + +2023-04-13 Glenn Washburn + + tests/util/grub-fs-tester: Add missing redirect to /dev/null + In filesystem timestamp test, a check is done to verify that the timestamp + for a file as reported in Linux by the filesystem is within a few seconds + of the timestamp as reported by GRUB. This is done by grepping the output + of GRUB's ls command for the timestamp as reported by the filesystem in + Linux and for each of 3 seconds past that timestamp. All of these checks + except one redirect the output of grep to /dev/null. Fix this exception + to behave as the other checks. + + Reviewed-by: Daniel Kiper + +2023-04-13 Mukesh Kumar Chaurasiya + + disk: Replace transform_sector() function with grub_disk_to_native_sector() + The transform_sector() function is not very clear in what it's doing + and confusing. The GRUB already has a function which is doing the same + thing in a very self explanatory way, i.e., grub_disk_to_native_sector(). + So, it's much better to use self explanatory one than transform_sector(). + + Reviewed-by: Daniel Kiper + +2023-04-13 Thomas Schmitt + + tests: Add test for iso9660 delayed CE hop + The ISO filesystem image iso9660_early_ce.iso exposes the unusual + situation that the Rock Ridge name entry of its only file is located + after a CE entry which points to the next continuation area. + + The correct behavior is to read the Rock Ridge name and to only then + load the next continuation area. If GRUB performs this correctly, then + the name "RockRidgeName:x" will be read and reported by grub-fstest. + If GRUB wrongly performs the CE hop immediately when encountering the CE + entry, then the dull ISO 9660 name "rockridg" will not be overridden and + be put out by grub-fstest. + + Tested-by: Lidong Chen + Reviewed-by: Daniel Kiper + +2023-04-13 Thomas Schmitt + + fs/iso9660: Delay CE hop until end of current SUSP area + The SUSP specs demand that the reading of the next SUSP area which is + depicted by a CE entry shall be delayed until reading of the current + SUSP area is completed. Up to now GRUB immediately ends reading of the + current area and loads the new one. So, buffer the parameters of a found + CE entry and perform checks and reading of new data only after the + reader loop has ended. + + Tested-by: Lidong Chen + Reviewed-by: Daniel Kiper + +2023-03-29 Avnish Chouhan + + kern/ieee1275/init: Extended support in Vec5 + This patch enables multiple options in Vec5 which are required and + solves the boot issues seen on some machines which are looking for + these specific options. + + 1. LPAR: Client program supports logical partitioning and + associated hcall()s. + 2. SPLPAR: Client program supports the Shared + Processor LPAR Option. + 3. DYN_RCON_MEM: Client program supports the + “ibm,dynamic-reconfiguration-memory” property and it may be + presented in the device tree. + 4. LARGE_PAGES: Client supports pages larger than 4 KB. + 5. DONATE_DCPU_CLS: Client supports donating dedicated processor cycles. + 6. PCI_EXP: Client supports PCI Express implementations + utilizing Message Signaled Interrupts (MSIs). + + 7. CMOC: Enables the Cooperative Memory Over-commitment Option. + 8. EXT_CMO: Enables the Extended Cooperative Memory Over-commit Option. + + 9. ASSOC_REF: Enables “ibm,associativity” and + “ibm,associativity-reference-points” properties. + 10. AFFINITY: Enables Platform Resource Reassignment Notification. + 11. NUMA: Supports NUMA Distance Lookup Table Option. + + 12. HOTPLUG_INTRPT: Supports Hotplug Interrupts. + 13. HPT_RESIZE: Enable Hash Page Table Resize Option. + + 14. MAX_CPU: Defines maximum number of CPUs supported. + + 15. PFO_HWRNG: Supports Random Number Generator. + 16. PFO_HW_COMP: Supports Compression Engine. + 17. PFO_ENCRYPT: Supports Encryption Engine. + + 18. SUB_PROCESSORS: Supports Sub-Processors. + + 19. DY_MEM_V2: Client program supports the “ibm,dynamic-memory-v2” property in the + “ibm,dynamic-reconfiguration-memory” node and it may be presented in the device tree. + 20. DRC_INFO: Client program supports the “ibm,drc-info” property definition and it may be + presented in the device tree. + + Reviewed-by: Daniel Kiper + +2023-03-29 Avnish Chouhan + + kern/ieee1275/init: Convert plain numbers to constants in Vec5 + This patch converts the plain numbers used in Vec5 properties to constants. + + 1. LPAR: Client program supports logical partitioning and + associated hcall()s. + 2. SPLPAR: Client program supports the Shared + Processor LPAR Option. + 3. CMO: Enables the Cooperative Memory Over-commitment Option. + 4. MAX_CPU: Defines maximum number of CPUs supported. + + Reviewed-by: Daniel Kiper + +2023-03-29 Robbie Harwood + + loader/emu/linux: Work around systemctl kexec returning + Per systemctl(1), it "is asynchronous; it will return after the reboot + operation is enqueued, without waiting for it to complete". This differs + from kexec(8), which calls reboot(2) and therefore does not return. + + When not using fallback, this confusingly results in: + + error trying to perform 'systemctl kexec': 0 + Aborted. Press any key to exit. + + on screen for a bit, followed by successful kexec. + + To reduce the likelihood of hitting this case, add a delay on successful + return. Ultimately, the systemd interface is racy: we can't avoid it + entirely unless we never fallback on success. + + Reviewed-by: Daniel Kiper + +2023-03-29 Michael Chang + + tpm: Disable the tpm verifier if the TPM device is not present + When the tpm module is loaded, the verifier reads entire file into + memory, measures it and uses verified content as a backing buffer for + file accesses. However, this process may result in high memory + utilization for file operations, sometimes causing a system to run out + of memory which may finally lead to boot failure. To address this issue, + among others, the commit 887f98f0d (mm: Allow dynamically requesting + additional memory regions) have optimized memory management by + dynamically allocating heap space to maximize memory usage and reduce + threat of memory exhaustion. But in some cases problems may still arise, + e.g., when large ISO images are mounted using loopback or when dealing + with embedded systems with limited memory resources. + + Unfortunately current implementation of the tpm module doesn't allow + elimination of the back buffer once it is loaded. Even if the TPM device + is not present or it has been explicitly disabled. This may unnecessary + allocate a lot memory. To solve this issue, a patch has been developed + to detect the TPM status at module load and skip verifier registration + if the device is missing or deactivated. This prevents allocation of + memory for the back buffer, avoiding wasting memory when no real measure + boot functionality is performed. Disabling the TPM device in the system + can reduce memory usage in the GRUB. It is useful in scenarios where + high memory utilization is a concern and measurements of loaded + artifacts are not necessary. + + Reviewed-by: Daniel Kiper + +2023-03-29 Glenn Washburn + + INSTALL: Document programs and packages needed for using gdb_grub script + Now that the gdb_grub script uses the Python API in GDB, a GDB with Python + support must be used. Note that this means a GDB with version greater than + 7.0 must be used. This should not be an issue since that was released over + a decade ago. Also, the minimum version of Python must be 3.5, which was + released around 8 years ago. + + Reviewed-by: Daniel Kiper + +2023-03-29 Atish Patra + + RISC-V: Use common linux loader + RISC-V doesn't have to do anything very different from other architectures + to loader EFI stub linux kernel. As a result, just use the common linux + loader instead of defining a RISC-V specific linux loader. + + Reviewed-by: Daniel Kiper + +2023-03-29 Atish Patra + + efi: Remove arch specific image headers for RISC-V, ARM64 and ARM + The arch specific image header details are not very useful as most of + the GRUB just looks at the PE/COFF spec parameters (PE32 magic and + header offset). + + Remove the arch specific images headers and define a generic arch + headers that provide enough PE/COFF fields for the GRUB to parse + kernel images correctly. + + Reviewed-by: Daniel Kiper + +2023-03-29 Atish Patra + + loader/efi: Move ARM64 linux loader to common code + ARM64 linux loader code is written in such a way that it can be reused + across different architectures without much change. Move it to common + code so that RISC-V doesn't have to define a separate loader. + + Reviewed-by: Daniel Kiper + +2023-03-14 Alec Brown + + util/grub-module-verifierXX: Add module_size parameter to functions for sanity checking + In grub-module-verifierXX.c, the function grub_module_verifyXX() performs an + initial check that the ELF section headers are within the module's size, but + doesn't check if the sections being accessed have contents that are within the + module's size. In particular, we need to check that sh_offset and sh_size are + less than the module's size. However, for some section header types we don't + need to make these checks. For the type SHT_NULL, the section header is marked + as inactive and the rest of the members within the section header have undefined + values, so we don't need to check for sh_offset or sh_size. In the case of the + type SHT_NOBITS, sh_offset has a conceptual offset which may be beyond the + module size. Also, this type's sh_size may have a non-zero size, but a section + of this type will take up no space in the module. This can all be checked in the + function get_shdr(), but in order to do so, the parameter module_size must be + added to functions so that the value of the module size can be used in + get_shdr() from grub_module_verifyXX(). + + Also, had to rework some for loops to ensure the index passed to get_shdr() is + within bounds. + + Reviewed-by: Daniel Kiper + +2023-03-14 Glenn Washburn + + gdb: Add extra early initialization symbols for i386-pc + Add symbols for boot.image, disk.image, and lzma_decompress.image if the + target is i386-pc. This is only done for i386-pc because that is the only + target that uses the images. By loading the symbols for these images, + these images can be more easily debugged by allowing the setting of break- + points in that code and to see easily get the value of data symbols. + + Reviewed-by: Daniel Kiper + +2023-03-14 Glenn Washburn + + gdb: Modify gdb prompt when running gdb_grub script + This will let users know that the GDB session is using the GRUB gdb scripts. + + Reviewed-by: Daniel Kiper + +2023-03-14 Glenn Washburn + + gdb: Allow running user-defined commands at GRUB start + A new command, run_on_start, for things to do before GRUB starts executing. + Currently, this is setting up the loading of module symbols as they are + loaded and allowing user-defined script to be run if a command named + "onstart" exists. + + On some platforms, notably x86, software breakpoints set in GDB before + the GRUB image is loaded will be cleared when the image is loaded. This + is because the breakpoints work by overwriting the memory of the break- + point location with a special instruction which when hit will cause the + debugger to stop execution. Just before execution is resumed by the + debugger, the original instruction bytes are put back. When a breakpoint + is set before the GRUB image is loaded, the special debugger instruction + will be written to memory and when the GRUB image is loaded by the + firmware, which has no knowledge of the debugger, the debugger instruction + is overwritten. To the GDB user, GDB will show the breakpoint as set, but + it will never be hit. Furthermore, GDB now becomes confused, such that + even deleting and re-setting the breakpoint after the GRUB image is loaded + will not allow for a working breakpoint. + + To work around this, in run_on_start, first a watchpoint is set on _start, + which will be triggered when the firmware starts loading the GRUB image. + When the _start watchpoint is hit, the current breakpoints are saved to a + file and then deleted by GDB before they can be overwritten by the firmware + and confuse GDB. Then a temporary software breakpoint is set on _start, + which will get triggered when the firmware hands off to GRUB to execute. In + that breakpoint load the previously saved and deleted breakpoints now that + there is no worry of them getting overwritten by the firmware. This is + needed for runtime_load_module to work when it is run before the GRUB image + is loaded. + + Note that watchpoints are generally types of hardware breakpoints on x86, so + its deleted as soon as it gets triggered so that a minimal set of hardware + breakpoints are used, allowing more for the user. + + Reviewed-by: Daniel Kiper + +2023-03-14 Glenn Washburn + + gdb: Add functions to make loading from dynamically positioned targets easier + Many targets, such as EFI, load GRUB at addresses that are determined at + runtime. So the load addresses in kernel.exec will almost certainly be + wrong. Given the address of the start of the text segment, these + functions will tell GDB to load the symbols at the proper locations. It + is left up to the user to determine how to get the text address of the + loaded GRUB image. + + Reviewed-by: Daniel Kiper + +2023-03-14 Glenn Washburn + + gdb: Replace module symbol loading implementation with Python one + Remove gmodule.pl and rewrite as a python in gdb_helper.py. This removes + Perl dependency for the GRUB GDB script, but adds Python as a dependency. + This is more desirable because Python is tightly integrated with GDB and + can do things not even available to GDB native scripting language. GDB must + be built with Python, however this is not a major limitation because every + major distro non-end-of-life versions build GDB with Python support. And GDB + has had support for Python since around 7.1-ish, which is about a decade. + + This re-implementation has an added feature. If there is a user defined + command named "onload_", then that command will be executed + after the symbols for the specified module are loaded. When debugging a + module it can be desirable to set break points on code in the module. + This is difficult in GRUB because, at GDB start, the module is not loaded + and on EFI platforms its not known ahead of time where the module will + be loaded. So allow users to create an "onload_" command which + will be run when the module with name "modname" is loaded. + + Another addition is a new convenience function is defined + $is_user_command(), which returns true if its string argument is + the name of a user-defined command. + + A secondary benefit of these changes is that the script does not write + temporary files and has better error handling capabilities. + + Reviewed-by: Daniel Kiper + +2023-03-14 Glenn Washburn + + gdb: Only connect to remote target once when first sourced + The gdb_grub script was originally meant to be run once when GDB first + starts up via the -x argument. So it runs commands unconditionally + assuming that the script has not been run before. Its nice to be able + to source the script again when developing the script to modify/add + commands. So only run the commands not defined in user-defined commands, + if a variable $runonce has already been set and when those commands have + been run to set $runonce. + + Reviewed-by: Daniel Kiper + +2023-03-14 Glenn Washburn + + gdb: Conditionally run GDB script logic for dynamically or statically positioned GRUB + There are broadly two classes of targets to consider when loading symbols + for GRUB, targets that determine where to load GRUB at runtime + (dynamically positioned) and those that do not (statically positioned). + For statically positioned targets, symbol loading is determined at link + time, so nothing more needs to be known to load the symbols. For + dynamically positioned targets, such as EFI targets, at runtime symbols + should be offset by an amount that depends on where the runtime chose to + load GRUB. + + It is important to not load symbols statically for dynamic targets + because then when subsequently loading the symbols correctly one must + take care to remove the existing static symbols, otherwise there will be + two sets of symbols and GDB seems to prefer the ones loaded first (i.e. + the static ones). + + Use autoconf variables to generate a gdb_grub for a particular target, + which conditionally run startup code depending on if the target uses + static or dynamic loading. + + Reviewed-by: Daniel Kiper + +2023-03-14 Glenn Washburn + + gdb: Move runtime module loading into runtime_load_module + By moving this code into a function, it can be run re-utilized while gdb is + running, not just when loading the script. This will also be useful in + some following changes which will make a separate script path for targets + which statically vs dynamically position GRUB code. + + Reviewed-by: Daniel Kiper + +2023-03-07 Michael Chang + + osdep/devmapper/getroot: Fix build error on 32-bit host + The gcc build has failed for 32-bit host (e.g. i386-emu and arm-emu) + due to mismatch between format specifier and data type. + + ../grub-core/osdep/devmapper/getroot.c: In function + 'grub_util_pull_devmapper': + + ../grub-core/osdep/devmapper/getroot.c:265:75: error: format '%lu' + expects argument of type 'long unsigned int', but argument 2 has type + 'int' [-Werror=format=] + + ../grub-core/osdep/devmapper/getroot.c:276:80: error: format '%lu' + expects argument of type 'long unsigned int', but argument 2 has type + 'int' [-Werror=format=] + + This patch fixes the problem by casting the type of calculated offset to + grub_size_t and use platform PRIuGRUB_SIZE as format specifier. + + Reviewed-by: Daniel Kiper + +2023-03-07 Stefan Berger + + commands/ieee1275/ibmvtpm: Add support for trusted boot using a vTPM 2.0 + Add support for trusted boot using a vTPM 2.0 on the IBM IEEE1275 + PowerPC platform. With this patch grub now measures text and binary data + into the TPM's PCRs 8 and 9 in the same way as the x86_64 platform + does. + + This patch requires Daniel Axtens's patches for claiming more memory. + + Note: The tpm_init() function cannot be called from GRUB_MOD_INIT() since + it does not find the device nodes upon module initialization and + therefore the call to tpm_init() must be deferred to grub_tpm_measure(). + + For vTPM support to work on PowerVM, system driver levels 1010.30 + or 1020.00 are required. + + Note: Previous versions of firmware levels with the 2hash-ext-log + API call have a bug that, once this API call is invoked, has the + effect of disabling the vTPM driver under Linux causing an error + message to be displayed in the Linux kernel log. Those users will + have to update their machines to the firmware levels mentioned + above. + + Cc: Eric Snowberg + Reviewed-by: Daniel Kiper + Tested-by: Nageswara R Sastry + Reviewed-by: Robbie Harwood + +2023-03-07 Daniel Axtens + + commands/memtools: Add memtool module with memory allocation stress-test + When working on memory, it's nice to be able to test your work. + + Add a memtest module. When compiled with --enable-mm-debug, it exposes + 3 commands: + + * lsmem - print all allocations and free space in all regions + * lsfreemem - print free space in all regions + + * stress_big_allocs - stress test large allocations: + - how much memory can we allocate in one chunk? + - how many 1MB chunks can we allocate? + - check that gap-filling works with a 1MB aligned 900kB alloc + a + 100kB alloc. + + Reviewed-by: Daniel Kiper + Tested-by: Nageswara R Sastry + Reviewed-by: Robbie Harwood + +2023-03-07 Diego Domingos + + ieee1275: Implement vec5 for cas negotiation + As a legacy support, if the vector 5 is not implemented, Power Hypervisor will + consider the max CPUs as 64 instead 256 currently supported during + client-architecture-support negotiation. + + This patch implements the vector 5 and set the MAX CPUs to 256 while setting the + others values to 0 (default). + + Acked-by: Daniel Axtens + Tested-by: Nageswara R Sastry + Reviewed-by: Robbie Harwood + Reviewed-by: Daniel Kiper + +2023-03-07 Daniel Axtens + + ieee1275: Support runtime memory claiming + On powerpc-ieee1275, we are running out of memory trying to verify + anything. This is because: + + - we have to load an entire file into memory to verify it. This is + difficult to change with appended signatures. + - We only have 32MB of heap. + - Distro kernels are now often around 30MB. + + So we want to be able to claim more memory from OpenFirmware for our heap + at runtime. + + There are some complications: + + - The grub mm code isn't the only thing that will make claims on + memory from OpenFirmware: + + * PFW/SLOF will have claimed some for their own use. + + * The ieee1275 loader will try to find other bits of memory that we + haven't claimed to place the kernel and initrd when we go to boot. + + * Once we load Linux, it will also try to claim memory. It claims + memory without any reference to /memory/available, it just starts + at min(top of RMO, 768MB) and works down. So we need to avoid this + area. See arch/powerpc/kernel/prom_init.c as of v5.11. + + - The smallest amount of memory a ppc64 KVM guest can have is 256MB. + It doesn't work with distro kernels but can work with custom kernels. + We should maintain support for that. (ppc32 can boot with even less, + and we shouldn't break that either.) + + - Even if a VM has more memory, the memory OpenFirmware makes available + as Real Memory Area can be restricted. Even with our CAS work, an LPAR + on a PowerVM box is likely to have only 512MB available to OpenFirmware + even if it has many gigabytes of memory allocated. + + What should we do? + + We don't know in advance how big the kernel and initrd are going to be, + which makes figuring out how much memory we can take a bit tricky. + + To figure out how much memory we should leave unused, I looked at: + + - an Ubuntu 20.04.1 ppc64le pseries KVM guest: + vmlinux: ~30MB + initrd: ~50MB + + - a RHEL8.2 ppc64le pseries KVM guest: + vmlinux: ~30MB + initrd: ~30MB + + So to give us a little wriggle room, I think we want to leave at least + 128MB for the loader to put vmlinux and initrd in memory and leave Linux + with space to satisfy its early allocations. + + Allow other space to be allocated at runtime. + + Tested-by: Stefan Berger + Tested-by: Nageswara R Sastry + Reviewed-by: Robbie Harwood + Reviewed-by: Daniel Kiper + +2023-03-07 Daniel Axtens + + ieee1275: Drop len -= 1 quirk in heap_init + This was apparently "required by some firmware": commit dc9468500919 + (2007-02-12 Hollis Blanchard ). + + It's not clear what firmware that was, and what platform from 14 years ago + which exhibited the bug then is still both in use and buggy now. + + It doesn't cause issues on qemu (mac99 or pseries) or under PFW for Power8. + + I don't have access to old Mac hardware, but if anyone feels especially + strongly we can put it under some feature flag. I really want to disable + it under pseries because it will mess with region merging. + + Reviewed-by: Daniel Kiper + Tested-by: Nageswara R Sastry + Reviewed-by: Robbie Harwood + +2023-03-07 Daniel Axtens + + ieee1275: Request memory with ibm, client-architecture-support + On PowerVM, the first time we boot a Linux partition, we may only get + 256MB of real memory area, even if the partition has more memory. + + This isn't enough to reliably verify a kernel. Fortunately, the Power + Architecture Platform Reference (PAPR) defines a method we can call to ask + for more memory: the broad and powerful ibm,client-architecture-support + (CAS) method. + + CAS can do an enormous amount of things on a PAPR platform: as well as + asking for memory, you can set the supported processor level, the interrupt + controller, hash vs radix mmu, and so on. + + If: + + - we are running under what we think is PowerVM (compatible property of / + begins with "IBM"), and + + - the full amount of RMA is less than 512MB (as determined by the reg + property of /memory) + + then call CAS as follows: (refer to the Linux on Power Architecture + Reference, LoPAR, which is public, at B.5.2.3): + + - Use the "any" PVR value and supply 2 option vectors. + + - Set option vector 1 (PowerPC Server Processor Architecture Level) + to "ignore". + + - Set option vector 2 with default or Linux-like options, including a + min-rma-size of 512MB. + + - Set option vector 3 to request Floating Point, VMX and Decimal Floating + point, but don't abort the boot if we can't get them. + + - Set option vector 4 to request a minimum VP percentage to 1%, which is + what Linux requests, and is below the default of 10%. Without this, + some systems with very large or very small configurations fail to boot. + + This will cause a CAS reboot and the partition will restart with 512MB + of RMA. Importantly, grub will notice the 512MB and not call CAS again. + + Notes about the choices of parameters: + + - A partition can be configured with only 256MB of memory, which would + mean this request couldn't be satisfied, but PFW refuses to load with + only 256MB of memory, so it's a bit moot. SLOF will run fine with 256MB, + but we will never call CAS under qemu/SLOF because /compatible won't + begin with "IBM".) + + - unspecified CAS vectors take on default values. Some of these values + might restrict the ability of certain hardware configurations to boot. + This is why we need to specify the VP percentage in vector 4, which is + in turn why we need to specify vector 3. + + Finally, we should have enough memory to verify a kernel, and we will + reach Linux. One of the first things Linux does while still running under + OpenFirmware is to call CAS with a much fuller set of options (including + asking for 512MB of memory). Linux includes a much more restrictive set of + PVR values and processor support levels, and this CAS invocation will likely + induce another reboot. On this reboot grub will again notice the higher RMA, + and not call CAS. We will get to Linux again, Linux will call CAS again, but + because the values are now set for Linux this will not induce another CAS + reboot and we will finally boot all the way to userspace. + + On all subsequent boots, everything will be configured with 512MB of RMA, + so there will be no further CAS reboots from grub. (phyp is super sticky + with the RMA size - it persists even on cold boots. So if you've ever booted + Linux in a partition, you'll probably never have grub call CAS. It'll only + ever fire the first time a partition loads grub, or if you deliberately lower + the amount of memory your partition has below 512MB.) + + Reviewed-by: Daniel Kiper + Tested-by: Nageswara R Sastry + Reviewed-by: Robbie Harwood + +2023-02-28 Khem Raj + + RISC-V: Handle R_RISCV_CALL_PLT reloc + GNU assembler starting 2.40 release always generates R_RISCV_CALL_PLT + reloc for call in assembler [1], similarly LLVM does not make + distinction between R_RISCV_CALL_PLT and R_RISCV_CALL [2]. + + Fixes "grub-mkimage: error: relocation 0x13 is not implemented yet.". + + [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=70f35d72ef04cd23771875c1661c9975044a749c + [2] https://reviews.llvm.org/D132530 + + Reviewed-by: Daniel Kiper + +2023-02-28 John Paul Adrian Glaubitz + + osdep/hurd/getroot: Remove unused variables in grub_util_find_hurd_root_device() + Found during a test build on Debian/hurd-i386 with --disable-werror enabled: + + In file included from grub-core/osdep/getroot.c:12: + grub-core/osdep/hurd/getroot.c: In function ‘grub_util_find_hurd_root_device’: + grub-core/osdep/hurd/getroot.c:126:13: error: unused variable ‘next’ [-Werror=unused-variable] + 126 | char *next; + | ^~~~ + grub-core/osdep/hurd/getroot.c:125:14: error: unused variable ‘size’ [-Werror=unused-variable] + 125 | size_t size; + | ^~~~ + + Fixes: e981b0a24 (osdep/hurd/getroot: Use "part:" qualifier) + + Reviewed-by: Samuel Thibault + Reviewed-by: Daniel Kiper + +2023-02-28 Glenn Washburn + + gdb: If no modules have been loaded, do not try to load module symbols + This prevents load_all_modules from failing when called before any + modules have been loaded. Failures in GDB user-defined functions cause + any function which called them to also fail. + + Reviewed-by: Daniel Kiper + +2023-02-28 Glenn Washburn + + gdb: Prevent wrapping when writing to .segments.tmp + GDB logging is redirected to write .segments.tmp, which means that GDB + will wrap lines longer than what it thinks is the screen width + (typically 80 characters). When wrapping does occur it causes gmodule.pl + to misbehave. So disable line wrapping by using GDB's "with" command so + that its guaranteed to return the width to the previous value upon + command completion. + + Also disable command tracing when dumping the module sections because that + output will go to .segments.tmp and thus cause gmodule.pl to misbehave. + + Reviewed-by: Daniel Kiper + +2023-02-28 Glenn Washburn + + gdb: Fix redirection issue in dump_module_sections + An error in any GDB command causes it to immediately abort with an error, + this includes any command that calls that command. This leads to an issue + in dump_module_sections where an error causes the command to exit without + turning off file redirection. The user then ends up with a GDB command + line where commands output nothing to the console. + + Instead do the work of dump_module_sections in the command + dump_module_sections_helper and run the command using GDB's pipe command + which does the redirection and undoes the redirection when it finishes + regardless of any errors in the command. + + Also, remove .segments.tmp file prior to loading modules in case one was + left from a previous run. + + Reviewed-by: Daniel Kiper + +2023-02-28 Glenn Washburn + + efi: Allow expression as func argument to efi_call_* macros on all platforms + On EFI platforms where EFI calls do not require a wrapper (notably i386-efi + and arm64-efi), the func argument needs to be wrapped in parenthesis to + allow valid syntax when func is an expression which evaluates to a function + pointer. On EFI platforms that do need a wrapper, this was never an issue + because func is passed to the C function wrapper as an argument and thus + does not need parenthesis to be evaluated. + + Reviewed-by: Daniel Kiper + +2023-02-28 Jeremy Szu + + loader/i386/linux: Correct wrong initrd address for debug + The "addr" is used to request the memory with specific ranges but the real + loadable address come from the relocator. Thus, print the final retrieved + addresses, virtual and physical, for initrd. + + On the occasion migrate to PRIxGRUB_ADDR and PRIxGRUB_SIZE format specifiers. + + Reviewed-by: Daniel Kiper + +2023-02-28 Glenn Washburn + + INSTALL: Document that the functional test requires the package xfonts-unifont + Reviewed-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2023-02-28 Glenn Washburn + + tests: Return hard error for functional test when unicode.pf2 does not exist + The functional test requires unicode.pf2 to run successfully, so + explicitly have the test return ERROR when its not found. + + Tested-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2023-02-28 Glenn Washburn + + tests: grub_cmd_cryptomount should hard error when pre-requisites are not met + Tests should be SKIP'd only when they do not apply to a particular target. + Hard errors are for when the test should run but can not be setup properly. + + Reviewed-by: Daniel Kiper + +2023-02-28 Glenn Washburn + + tests: Add pathological iso9660 filesystem tests + These are not added to grub-fs-tester because they are not generated and + none of the filesystem tests are run on these ISOs. The test is to run the + command "ls /" on the ISO, and a failure is determined if the command + times out, has non-zero return value or has any output. + + Tested-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2023-02-14 Mukesh Kumar Chaurasiya + + osdep/linux/hostdisk: Modify sector by sysfs as disk sector + The disk sector size provided by sysfs file system considers the sector + size of 512 irrespective of disk sector size, thus causing the read by + the GRUB to an incorrect offset from what was originally intended. + + Considering the 512 sector size of sysfs data the actual sector needs to + be modified corresponding to disk sector size. + + Reviewed-by: Daniel Kiper + +2023-02-14 Glenn Washburn + + tests/util/grub-fs-tester: Use shell variable instead of autoconf + By using a shell variable that is set once by the expansion of an autoconf + variable, the resulting script is more readable. + + Reviewed-by: Daniel Kiper + +2023-02-14 Glenn Washburn + + tests/util/grub-fs-tester: Remove unused variable + Reviewed-by: Daniel Kiper + +2023-02-14 Alec Brown + + net/bootp: Fix unchecked return value + In the function send_dhcp_packet(), added an error check for the return + value of grub_netbuff_push(). + + Fixes: CID 404614 + + Reviewed-by: Daniel Kiper + +2023-02-02 Zhang Boyang + + mm: Avoid complex heap growth math in hot path + We do a lot of math about heap growth in hot path of grub_memalign(). + However, the result is only used if out of memory is encountered, which + is seldom. + + This patch moves these calculations away from hot path. These + calculations are now only done if out of memory is encountered. This + change can also help compiler to optimize integer overflow checks away. + + Reviewed-by: Daniel Kiper + +2023-02-02 Zhang Boyang + + mm: Preallocate some space when adding new regions + When grub_memalign() encounters out-of-memory, it will try + grub_mm_add_region_fn() to request more memory from system firmware. + However, it doesn't preallocate memory space for future allocation + requests. In extreme cases, it requires one call to + grub_mm_add_region_fn() for each memory allocation request. This can + be very slow. + + This patch introduces GRUB_MM_HEAP_GROW_EXTRA, the minimal heap growth + granularity. The new region size is now set to the bigger one of its + original value and GRUB_MM_HEAP_GROW_EXTRA. Thus, it will result in some + memory space preallocated if current allocations request is small. + + The value of GRUB_MM_HEAP_GROW_EXTRA is set to 1MB. If this value is + smaller, the cost of small memory allocations will be higher. If this + value is larger, more memory will be wasted and it might cause + out-of-memory on machines with small amount of RAM. + + Reviewed-by: Daniel Kiper + +2023-02-02 Zhang Boyang + + mm: Adjust new region size to take management overhead into account + When grub_memalign() encounters out-of-memory, it will try + grub_mm_add_region_fn() to request more memory from system firmware. + However, the size passed to it doesn't take region management overhead + into account. Adding a memory area of "size" bytes may result in a heap + region of less than "size" bytes really available. Thus, the new region + may not be adequate for current allocation request, confusing + out-of-memory handling code. + + This patch introduces GRUB_MM_MGMT_OVERHEAD to address the region + management overhead (e.g. metadata, padding). The value of this new + constant must be large enough to make sure grub_memalign(align, size) + always succeeds after a successful call to + grub_mm_init_region(addr, size + align + GRUB_MM_MGMT_OVERHEAD), + for any given addr and size (assuming no integer overflow). + + The size passed to grub_mm_add_region_fn() is now correctly adjusted, + thus if grub_mm_add_region_fn() succeeded, current allocation request + can always succeed. + + Reviewed-by: Daniel Kiper + +2023-02-02 Glenn Washburn + + tests/util/grub-shell: Add $GRUB_QEMU_OPTS to run.sh to easily see unofficial QEMU arguments + When re-running a failed test, even the non-standard grub-shell QEMU + arguments should be preserved in the run.sh to more precisely replay + the failed test run. + + Reviewed-by: Daniel Kiper + +2023-02-02 Glenn Washburn + + tests/util/grub-shell: Create run.sh in working directory for easily running test again + Now it becomes trivial to re-run a test from the output in its working + directory. This also makes it easy to send a reproducible failing test to + the mailing list. This has allowed a refactor so that the duplicated code + to call QEMU has be condensed (e.g. the use of timeout and file descriptor + redirection). The run.sh script will pass any arguments given to QEMU. + This allows QEMU to be easily started in a state ready for GDB to be + attached. + + Reviewed-by: Daniel Kiper + +2023-02-02 Glenn Washburn + + tests: Allow turning on shell tracing from environment variables + This allows turning on shell tracing for grub-shell and grub-fs-tester + when its not practical or not possible to use command line arguments + (e.g. from "make check"). Turn on tracing when the envvar is an integer + greater than 1, since these can generate a lot of output. Since this + change uses the environment variables to set the default value for debug + in grub-shell, this allows enabling grub-shell's debug mode which will + preserve various generated output files that are helpful for debugging + tests. + + Reviewed-by: Daniel Kiper + +2023-02-02 Glenn Washburn + + misc: Move *printf function declarations to same location + Reviewed-by: Daniel Kiper + +2023-02-02 Thomas Schmitt + + fs/iso9660: Prevent skipping CE or ST at start of continuation area + If processing of a SUSP CE entry leads to a continuation area which + begins by entry CE or ST, then these entries were skipped without + interpretation. In case of CE this would lead to premature end of + processing the SUSP entries of the file. In case of ST this could + cause following non-SUSP bytes to be interpreted as SUSP entries. + + Tested-by: Lidong Chen + Reviewed-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2023-02-02 Lidong Chen + + fs/iso9660: Incorrect check for entry boundary + An SL entry consists of the entry info and the component area. + The entry info should take up 5 bytes instead of sizeof(*entry). + The area after the first 5 bytes is the component area. It is + incorrect to use the sizeof(*entry) to check the entry boundary. + + Reviewed-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2023-02-02 Lidong Chen + + fs/iso9660: Avoid reading past the entry boundary + Added a check for the SP entry data boundary before reading it. + + Reviewed-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2023-02-02 Lidong Chen + + fs/iso9660: Prevent read past the end of system use area + In the code, the for loop advanced the entry pointer to the next entry before + checking if the next entry is within the system use area boundary. Another + issue in the code was that there is no check for the size of system use area. + For a corrupted system, the size of system use area can be less than the size + of minimum SUSP entry size (4 bytes). These can cause buffer overrun. The fixes + added the checks to ensure the read is valid and within the boundary. + + Reviewed-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2023-02-02 Lidong Chen + + fs/iso9660: Add check to prevent infinite loop + There is no check for the end of block when reading + directory extents. It resulted in read_node() always + read from the same offset in the while loop, thus + caused infinite loop. The fix added a check for the + end of the block and ensure the read is within directory + boundary. + + Reviewed-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2023-02-01 Pierre-Louis Bonicoli + + grub-fs-tester: Add LUKS1 and LUKS2 support + The logical sector size used by LUKS1 is 512 bytes and LUKS2 uses 512 to + 4069 bytes. The default password used is "pass", but can be overridden + by setting the PASS environment variable. The device mapper name is set + to the name of the temp directory so that its easy to correlate device + mapper name with a particular test run. Also since this name is unique + per test run, multiple simultaneous test runs are allowed. + + Note that cryptsetup is passing the --disable-locks parameter to allow + cryptsetup run successfully when /run/lock/cryptsetup is not accessible. + Since the device mapper name is unique per test run, there is no need to + worry about locking the device to serialize access. + + Tested-by: Glenn Washburn + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2023-02-01 Josselin Poiret + + osdep/devmapper/getroot: Set up cheated LUKS2 cryptodisk mount from DM parameters + This lets a LUKS2 cryptodisk have its cipher and hash filled out, + otherwise they wouldn't be initialized if cheat mounted. + + Tested-by: Glenn Washburn + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2023-02-01 Josselin Poiret + + osdep/devmapper/getroot: Have devmapper recognize LUKS2 + Changes UUID comparisons so that LUKS1 and LUKS2 are both recognized + as being LUKS cryptodisks. + + Tested-by: Glenn Washburn + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2023-02-01 Fabian Vogt + + disk/cryptodisk: When cheatmounting, use the sector info of the cheat device + When using grub-probe with cryptodisk, the mapped block device from the host + is used directly instead of decrypting the source device in GRUB code. + In that case, the sector size and count of the host device needs to be used. + This is especially important when using LUKS2, which does not assign + total_sectors and log_sector_size when scanning, but only later when the + segments in the JSON area are evaluated. With an unset log_sector_size, + grub_device_open() complains. + + This fixes grub-probe failing with + "error: sector sizes of 1 bytes aren't supported yet.". + + Reviewed-by: Patrick Steinhardt + Tested-by: Glenn Washburn + Reviewed-by: Glenn Washburn + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2023-01-19 Daniel Axtens + + fs/f2fs: Fix off-by-one error in nat journal entries check + Oops. You're allowed to have up to n = NAT_JOURNAL_ENTRIES entries + _inclusive_, because the loop below uses i < n, not i <= n. D'oh. + + Fixes: 4bd9877f6216 (fs/f2fs: Do not read past the end of nat journal entries) + + Reported-by: программист нект + Tested-by: программист нект + Reviewed-by: Daniel Kiper + +2023-01-19 Nicholas Vinson + + gentpl.py: Remove .interp section from .img files + When building .img files, a .interp section from the .image files will + sometimes be copied into the .img file. This additional section pushes + the .img file beyond the 512-byte limit and causes grub-install to fail + to run for i386-pc platforms. + + Reviewed-by: Daniel Kiper + +2023-01-19 Glenn Washburn + + tests: Add cryptomount functional test + The grub_cmd_cryptomount make check test performs some functional testing + of cryptomount and by extension the underlying cryptodisk infrastructure. + + A utility test script named grub-shell-luks-tester is created to handle the + complexities of the testing, making it simpler to add new test cases in + grub_cmd_cryptomount. + + Reviewed-by: Daniel Kiper + +2023-01-19 Glenn Washburn + + tests/util/grub-shell: Add halt_cmd variable to testcase namespace + This allows test case scripts to use the appropriate halt command for + the built architecture to end execution early. Otherwise, test case + scripts have no way to know the appropriate mechanism for halting the + test case early. + + Reviewed-by: Daniel Kiper + +2023-01-19 Glenn Washburn + + tests/util/grub-shell: Trim line should always be matched from the beginning of the line + When turning on shell tracing the trim line will be output before we + actually want to start the trim. However, in this case the trim line never + starts from the beginning of the line. So start trimming from the correct + line by matching from the beginning of the line. + + Reviewed-by: Daniel Kiper + +2023-01-19 Glenn Washburn + + tests/util/grub-shell: Allow specifying non-default trim line contents + This will be useful for tests that have unwanted output from setup. This is + not documented because its only intended to be internal at the moment. Also, + --no-trim is allowed to explicitly turn off trim. + + Reviewed-by: Daniel Kiper + +2023-01-19 Glenn Washburn + + tests/util/grub-shell: Only cleanup working directory file if QEMU does not fail or timeout + This keeps the generated files to aid in diagnosing the source of the failure. + + Reviewed-by: Daniel Kiper + +2023-01-19 Glenn Washburn + + tests/util/grub-shell: Set exit status to QEMU exit status + This allows us to test if unexpected output in test scripts is because of + a bug in GRUB, because there was an error in QEMU, or QEMU was killed due + to a timeout. + + Reviewed-by: Daniel Kiper + +2023-01-19 Glenn Washburn + + io/gzio: Remove confusing, out-dated comment + The "transparent" parameter to grub_gzio_open() was removed in 2010, fc2ef1172c + (* grub-core/io/gzio.c (grub_gzio_open): Removed "transparent" parameter.) + + Reviewed-by: Daniel Kiper + +2023-01-19 Glenn Washburn + + efi: Fix spacing + Reviewed-by: Daniel Kiper + + misc: Fix spacing + Reviewed-by: Daniel Kiper + + misc: Spelling fixes + Reviewed-by: Daniel Kiper + + gdb: Unregister gdbstub_break command when unloading module + Reviewed-by: Daniel Kiper + +2023-01-19 Glenn Washburn + + tests: Fix help test to reflect updated help output + Commit f5759a878 (normal/help: Add paging instructions to normal and help + prompts) changed the output of the help command, which broke the help + test. This change allows the test to pass. + + On the occasion do s/outpu/output/. + + Reviewed-by: Daniel Kiper + +2023-01-19 Benjamin Herrenschmidt + + term/serial: Improve detection of duplicate serial ports + We currently rely on some pretty fragile comparison by name to + identify whether a serial port being configured is identical + + Reviewed-by: Daniel Kiper + +2023-01-19 Benjamin Herrenschmidt + + term/serial: Avoid double lookup of serial ports + The various functions to add a port used to return port->name, and + the callers would immediately iterate all registered ports to "find" + the one just created by comparing that return value with ... port->name. + + This is a waste of cycles and code. Instead, have those functions + return "port" directly. + + Reviewed-by: Daniel Kiper + +2023-01-19 Benjamin Herrenschmidt + + term/serial: Replace usage of memcmp() with strncmp() + We are comparing strings after all. + + Reviewed-by: Daniel Kiper + +2023-01-19 Benjamin Herrenschmidt + + term/serial: Add ability to specify MMIO ports via "serial" command + This adds the ability to explicitly add an MMIO based serial port + via the "serial" command. The syntax is: + + serial --port=mmio,{.b,.w,.l,.q} + + Reviewed-by: Daniel Kiper + +2023-01-19 Benjamin Herrenschmidt + + term/ns8250: Support more MMIO access sizes + It is common for PCI based UARTs to use larger than one byte access + sizes. This adds support for this and uses the information present + in SPCR accordingly. + + Reviewed-by: Daniel Kiper + +2023-01-19 Benjamin Herrenschmidt + + term/ns8250: Use ACPI SPCR table when available to configure serial + "serial auto" is now equivalent to just "serial" and will use the + SPCR to discover the port if present, otherwise defaults to "com0" + as before. + + This allows to support MMIO ports specified by ACPI which is needed + on AWS EC2 "metal" instances, and will enable GRUB to pickup the + port configuration specified by ACPI in other cases. + + Reviewed-by: Daniel Kiper + +2023-01-19 Benjamin Herrenschmidt + + term/ns8250: Add configuration parameter when adding ports + This will allow ports to be added with a pre-set configuration. + + Reviewed-by: Daniel Kiper + +2023-01-19 Benjamin Herrenschmidt + + term/ns8250: Move base clock definition to a header + And while at it, unify it as clock frequency in Hz, to match the value in + grub_serial_config struct and do the division by 16 in one common place. + + This will simplify adding SPCR support. + + Reviewed-by: Daniel Kiper + +2023-01-19 Benjamin Herrenschmidt + + term/ns8250: Add base support for MMIO UARTs + This adds the ability for the driver to access UARTs via MMIO instead + of PIO selectively at runtime, and exposes a new function to add an + MMIO port. + + In an ideal world, MMIO accessors would be generic and have architecture + specific memory barriers. However, existing drivers don't have them and + most of those "bare metal" drivers tend to be for x86 which doesn't need + them. If necessary, those can be added later. + + Reviewed-by: Daniel Kiper + +2023-01-18 Benjamin Herrenschmidt + + acpi: Add SPCR and generic address definitions + This adds the definition of the two ACPI tables according to the spec. + + Reviewed-by: Daniel Kiper + +2023-01-18 Benjamin Herrenschmidt + + kern/acpi: Export a generic grub_acpi_find_table() + And convert grub_acpi_find_fadt() to use it. + + Reviewed-by: Daniel Kiper + +2023-01-10 Maxim Fomin + + kern/fs: Fix possible integer overflow in i386-pc mode with large partitions + The i386-pc mode supports MBR partition scheme where maximum partition + size is 2 TiB. In case of large partitions left shift expression with + unsigned long int "length" object may cause integer overflow making + calculated partition size less than true value. This issue is fixed by + increasing the size of "length" integer type. + + Reviewed-by: Daniel Kiper + +2023-01-10 Glenn Washburn + + commands/cmp: Only return success when both files have the same contents + This allows the cmp command to be used in GRUB scripts to conditionally + run commands based on whether two files are the same. + + The command is now quiet by default and the -v switch can be given to enable + verbose mode, the previous behavior. + + Update documentation accordingly. + + Suggested-by: Li Gen + Reviewed-by: Daniel Kiper + +2023-01-10 Glenn Washburn + + docs: Remove text about cryptodisk UUIDs no being able to use dashes + This was fixed here: 3cf2e848bc (disk/cryptodisk: Allows UUIDs to be compared + in a dash-insensitive manner). + + Reviewed-by: Daniel Kiper + +2023-01-10 Glenn Washburn + + tests/util/grub-shell: Add GRUB output logfile with grub-shell --debug + This allows seeing full QEMU output of grub-shell, which can be invaluable + when debugging failing tests. + + Reviewed-by: Daniel Kiper + +2023-01-10 Marek Marczykowski-Górecki + + templates/linux_xen: Fix detecting XSM policy + The xenpolicy variable was left set from previous function call. This + resulted in all-but-first menu entries including XSM policy, even if it + did not exist. + + Fix this by initializing the xenpolicy variable. + + Reviewed-by: Daniel Kiper + +2023-01-10 Zhang Boyang + + font: Reject fonts with negative max_char_width or max_char_height + If max_char_width or max_char_height are negative wrong values can be propagated + by grub_font_get_max_char_width() or grub_font_get_max_char_height(). Prevent + this from happening. + + Reviewed-by: Daniel Kiper + +2023-01-10 Zhang Boyang + + font: Assign null_font to unknown_glyph + Like glyphs in ascii_font_glyph[], assign null_font to + unknown_glyph->font in order to prevent grub_font_get_*() from + dereferencing NULL pointer. + + Reviewed-by: Daniel Kiper + +2023-01-10 Zhang Boyang + + font: Check return value of grub_malloc() in ascii_glyph_lookup() + There is a problem in ascii_glyph_lookup(). It doesn't check the return + value of grub_malloc(). If memory can't be allocated, then NULL pointer + will be written to. + + This patch fixes the problem by fallbacking to unknown_glyph when + grub_malloc() returns NULL. + + Reviewed-by: Daniel Kiper + +2023-01-10 Maxim Fomin + + disk/plainmount: Support plain encryption mode + This patch adds support for plain encryption mode, plain dm-crypt, via + new module/command named "plainmount". + + Reviewed-by: Daniel Kiper + Reviewed-by: Glenn Washburn + +2023-01-10 Pete Batard + + util/grub-mkrescue: Search by file UUID rather than partition UUID for EFI boot + The final piece needed to add UEFI file system transposition support is to + ensure the boot media can be located regardless of how the boot partition + was instantiated. Especially, we do not want to be reliant on brittle + partition UUIDs, as these only work if a boot media is duplicated at the + block level and not at the file system level. + + To accomplish this for EFI boot, we now create a UUID file in a .disk/ + directory, that can then be searched for. + + Note: The switch from make_image_fwdisk_abs() to make_image_abs() is + needed in order to use the search functionality. + + Reviewed-by: Daniel Kiper + +2023-01-10 Pete Batard + + util/grub-mkrescue: Preserve a copy of the EFI bootloaders on the ISO 9660 file system + To enable file system transposition support for UEFI, we also must ensure that + there exists a copy of the EFI bootloaders, that are currently embedded in the + efi.img for xorriso, at their expected UEFI location on the ISO 9660 file system. + + This is accomplished by removing the use of a temporary directory to create the + efi/ content, to instead place it at the root of the ISO 9660 content. + + Reviewed-by: Daniel Kiper + +2023-01-10 Pete Batard + + util/grub-mkrescue: Add support for FAT and NTFS on EFI boot + In order to add file system transposition support for UEFI, i.e. the ability + to copy the content of an grub-mkrescue ISO 9660 image onto user-formatted + media, and have that boot on UEFI systems, the first thing we need to do is + add support for the file systems that are natively handled by UEFI. This + mandatorily includes FAT, but we also include NTFS as the latter is also + commonly supported on modern x64 platforms. + + Reviewed-by: Daniel Kiper + +2022-12-07 t.feng + + util/bash-completion: Disable SC2120 shellcheck warning + SC2120 (warning): function references arguments, but none are ever passed. + + In grub-completion.bash.in line 63: + __grub_get_options_from_help () { + ^-- SC2120 (warning) + local prog + + if [ $# -ge 1 ]; then + prog="$1" + + The arg of __grub_get_options_from_help() is optional. So, the current + code meets the exception and does not need to be modified. Ignoring the + warning then. + + More: https://github.com/koalaman/shellcheck/wiki/SC2120 + + Reviewed-by: Daniel Kiper + +2022-12-07 t.feng + + util/bash-completion: Fix SC2155 shellcheck warning + SC2155 (warning): Declare and assign separately to avoid masking return values. + + The exit status of the command is overridden by the exit status of the + creation of the local variable. + + In grub-completion.bash.in line 115: + local config_file=$(__grub_dir)/grub.cfg + ^---------^ SC2155 (warning) + + In grub-completion.bash.in line 126: + local grub_dir=$(__grub_dir) + ^------^ SC2155 (warning) + + More: https://github.com/koalaman/shellcheck/wiki/SC2155 + + Reviewed-by: Daniel Kiper + +2022-12-07 t.feng + + util/bash-completion: Fix SC2207 shellcheck warning + SC2207 (warning): Prefer mapfile or read -a to split + command output (or quote to avoid splitting). + + In grub-completion.bash.in line 56: + COMPREPLY=($(compgen -P "${2-}" -W "${1-}" -S "${4-}" -- "$cur")) + ^-- SC2207 (warning) + + In grub-completion.bash.in line 119: + COMPREPLY=( $(compgen \ + ^-- SC2207 (warning) + + In grub-completion.bash.in line 128: + COMPREPLY=( $( compgen -f -X '!*/*.mod' -- "${grub_dir}/$cur" | { + ^-- SC2207 (warning) + + COMPREPLY=($(command)) are doing unquoted command expansion in an array. + This will invoke the shell's sloppy word splitting and glob expansion. + + If we want to split the output into lines or words, use read -r and + loops will be better. This prevents the shell from doing unwanted + splitting and glob expansion, and therefore avoiding problems with + output containing spaces or special characters. + + More: https://github.com/koalaman/shellcheck/wiki/SC2207 + + Reviewed-by: Daniel Kiper + +2022-12-07 t.feng + + util/bash-completion: Fix SC2070 shellcheck error + SC2070 (error): -n doesn't work with unquoted arguments. + Quote or use [[ ]]. + In grub-completion.bash.in line 130: + [ -n $tmp ] && { + ^--^ SC2070 (error) + + More: https://github.com/koalaman/shellcheck/wiki/SC2070 + + Reviewed-by: Daniel Kiper + +2022-12-07 Steve McIntyre + + kern/file: Fix error handling in grub_file_open() + grub_file_open() calls grub_file_get_device_name(), but doesn't check + the return. Instead, it checks if grub_errno is set. + + However, nothing initialises grub_errno here when grub_file_open() + starts. This means that trying to open one file that doesn't exist and + then trying to open another file that does will (incorrectly) also + fail to open that second file. + + Let's fix that. + + Reviewed-by: Daniel Kiper + +2022-12-07 Jeremy Szu + + loader/i386/linux: Fix initrd maximum address overflow + The current i386 initrd is limited under 1 GiB memory and it works with + most compressed initrds (also initrd_addr_max case reported by kernel). + + addr = (addr_max - aligned_size) & ~0xFFF; + + Above line is used to calculate the reasonable address to store the initrd. + + However, if initrd size is greater than 1 GiB or initrd_addr_max, then it + will get overflow, especially on x86_64 arch. + + Therefore, add a check point to prevent it overflows as well as having + a debug log for complex story of initrd addresses. + + Reviewed-by: Daniel Kiper + +2022-12-07 Dimitri John Ledkov + + templates: Enable fwsetup on EFI platforms only + Only perform call to fwsetup if one is on EFI platform. On all other + platforms fwsetup command does not exists, and thus returns 0 and + a useless uefi-firmware menu entry gets generated. + + Reviewed-by: Daniel Kiper + +2022-12-07 t.feng + + fs/xfs: Fix memory leaks in XFS module + Reviewed-by: Daniel Kiper + +2022-12-07 t.feng + + fs/squash4: Fix memory leaks in grub_squash_iterate_dir() + Fixes: 20dd511c8 (Handle "." and ".." on squashfs) + + Reviewed-by: Daniel Kiper + +2022-12-07 t.feng + + fs/iso9660: Fix memory leaks in grub_iso9660_susp_iterate() + Fixes: 99373ce47 (* grub-core/fs/iso9660.c: Remove nested functions) + + Reviewed-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2022-12-07 t.feng + + fs/hfsplus: Fix memory leak in grub_hfsplus_btree_search() + Fixes: 58ea11d5b (fs/hfsplus: Don't fetch a key beyond the end of the node) + + Reviewed-by: Daniel Kiper + +2022-12-07 t.feng + + fs/bfs: Fix memory leak in read_bfs_file() + The l1_entries and l2_entries were not freed at the end of file read. + + Fixes: 5825b3794 (BFS implementation based on the specification) + + Reviewed-by: Daniel Kiper + +2022-12-07 t.feng + + fs/ntfs: Fix memory leaks in grub_ntfs_read_symlink() + Fixes: 5773fb641 (Support NTFS reparse points) + + Reviewed-by: Daniel Kiper + +2022-12-07 t.feng + + fs/minix: Fix memory leaks in grub_minix_lookup_symlink() + Fixes: a07e6ad01 (* grub-core/fs/minix.c: Remove variable length arrays) + + Reviewed-by: Daniel Kiper + +2022-12-07 t.feng + + fs/btrfs: Fix memory leak in find_path() + Fixes: 82591fa6e (Make / in btrfs refer to real root) + + Reviewed-by: Daniel Kiper + +2022-12-07 t.feng + + fs/affs: Fix memory leaks in grub_affs_create_node() + The hashtable is not freed if GRUB_AFFS_FILETYPE_HARDLINK and + grub_disk_read() failed. If grub_affs_create_node() returns non-zero + the hashtable should be freed too. + + By the way, the hashtable argument is unused in grub_affs_create_node(). + So, we can remove the argument and free it in grub_affs_iterate_dir(). + It allocates the memory and it should be responsible for releasing it. + + This is why commit ebf32bc4e9 (fs/affs: Fix resource leaks) missed + this memory leak. + + Fixes: ebf32bc4e9 (fs/affs: Fix resource leaks) + + Reviewed-by: Daniel Kiper + +2022-12-07 Ryan Cohen + + normal/cmdline: Fix two related integer underflows + An unchecked decrement operation in cl_print() would cause a few + integers to underflow. Where an output terminal's state is stored in + cl_term, the values cl_term->ystart and cl_term->pos.y both underflow. + + This can be replicated with the following steps: + + 1. Get to the GRUB command line + 2. Hold down the "d" key (or any key that enters a visible character) + until it fills the entire row + 3. Press "HOME" and then press "CTRL-k". This will clear every + character entered in step 2 + 4. Continuously press "CTRL-y" until the terminal scrolls the original + prompt ("grub> ") passed the terminal's top row. Now, no prompt + should be visible. This step causes cl_term->ystart to underflow + 5. Press "HOME" and then "d" (or any visible character). This can have + different visual effects for different systems, but it will always + cause cl_term->pos.y to underflow + + On BIOS systems, these underflows cause the output terminal to + completely stop displaying anything. Characters can still be + entered and commands can be run, but nothing will display on the + terminal. From here, you can only get the display working by running + a command to switch the current output terminal to a different type: + + terminal_output + + On UEFI systems, these replication steps do not break the output + terminal. Until you press "ENTER", the cursor stops responding to input, + but you can press "ENTER" after step 5 and the command line will + work properly again. This patch is mostly important for BIOS systems + where the output terminal is rendered unusable after the underflows + occur. + + This patch adds two checks, one for each variable. It ensures that + cl_term->ystart does not decrement passed 0. It also ensures that + cl_term->pos.y does not get set passed the terminal's bottom row. + + When the previously listed replication steps are followed with this + patch, the terminal's cursor will be set to the top row and the command + line is still usable, even on BIOS systems. + + Reviewed-by: Daniel Kiper + +2022-12-07 Ryan Cohen + + term/i386/pc/vga_text: Prevent out-of-bounds writes to VGA text buffer + Coordinates passed to screen_write_char() did not have any checks to + ensure they are not out-of-bounds. This adds an if statement to prevent + out-of-bounds writes to the VGA text buffer. + + Reviewed-by: Daniel Kiper + +2022-12-07 Gary Lin + + loader/linux: Ensure the newc pathname is NULL-terminated + Per "man 5 cpio", the namesize in the cpio header includes the trailing + NUL byte of the pathname and the pathname is followed by NUL bytes, but + the current implementation ignores the trailing NUL byte when making + the newc header. Although make_header() tries to pad the pathname string, + the padding won't happen when strlen(name) + sizeof(struct newc_head) + is a multiple of 4, and the non-NULL-terminated pathname may lead to + unexpected results. + + Assume that a file is created with 'echo -n aaaa > /boot/test12' and + loaded by grub2: + + linux /boot/vmlinuz + initrd newc:test12:/boot/test12 /boot/initrd + + The initrd command eventually invoked grub_initrd_load() and sent + 't''e''s''t''1''2' to make_header() to generate the header: + + 00000070 30 37 30 37 30 31 33 30 31 43 41 30 44 45 30 30 |070701301CA0DE00| + 00000080 30 30 38 31 41 34 30 30 30 30 30 33 45 38 30 30 |0081A4000003E800| + 00000090 30 30 30 30 36 34 30 30 30 30 30 30 30 31 36 33 |0000640000000163| + 000000a0 37 36 45 34 35 32 30 30 30 30 30 30 30 34 30 30 |76E4520000000400| + 000000b0 30 30 30 30 30 38 30 30 30 30 30 30 31 33 30 30 |0000080000001300| + 000000c0 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 |0000000000000000| + 000000d0 30 30 30 30 30 36 30 30 30 30 30 30 30 30 74 65 |00000600000000te| + ^namesize + 000000e0 73 74 31 32 61 61 61 61 30 37 30 37 30 31 30 30 |st12aaaa07070100| + ^^ end of the pathname + + Since strlen("test12") + sizeof(struct newc_head) is 116 = 29 * 4, + make_header() didn't pad the pathname, and the file content followed + "test12" immediately. This violates the cpio format and may trigger such + error during linux boot: + + Initramfs unpacking failed: ZSTD-compressed data is trunc + + To avoid the potential problems, this commit counts the trailing NUL byte + in when calling make_header() and adjusts the initrd size accordingly. + + Now the header becomes + + 00000070 30 37 30 37 30 31 33 30 31 43 41 30 44 45 30 30 |070701301CA0DE00| + 00000080 30 30 38 31 41 34 30 30 30 30 30 33 45 38 30 30 |0081A4000003E800| + 00000090 30 30 30 30 36 34 30 30 30 30 30 30 30 31 36 33 |0000640000000163| + 000000a0 37 36 45 34 35 32 30 30 30 30 30 30 30 34 30 30 |76E4520000000400| + 000000b0 30 30 30 30 30 38 30 30 30 30 30 30 31 33 30 30 |0000080000001300| + 000000c0 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 |0000000000000000| + 000000d0 30 30 30 30 30 37 30 30 30 30 30 30 30 30 74 65 |00000700000000te| + ^namesize + 000000e0 73 74 31 32 00 00 00 00 61 61 61 61 30 37 30 37 |st12....aaaa0707| + ^^ end of the pathname + + Besides the trailing NUL byte, make_header() pads 3 more NUL bytes, and + the user can safely read the pathname without a further check. + + To conform to the cpio format, the headers for "TRAILER!!!" are also + adjusted to include the trailing NUL byte, not ignore it. + + Reviewed-by: Daniel Kiper + +2022-12-07 Jagannathan Raman + + fs/udf: Validate length of AED in grub_udf_read_block() + Validate the length of Allocation Extent Descriptor in grub_udf_read_block(), + based on the details in UDF spec. v2.01 section 2.3.11. + + Fixes: CID 314037 + + Reviewed-by: Daniel Kiper + +2022-12-07 Ismael Luceno + + util/grub-install: Ensure a functional /dev/nvram + This enables an early failure; for i386-ieee1275 and powerpc-ieee1275 on + Linux, without /dev/nvram the system may be left in an unbootable state. + + Reviewed-by: Daniel Kiper + +2022-12-07 Ismael Luceno + + templates: Set defaults using var substitution + Reviewed-by: Daniel Kiper + +2022-12-07 Glenn Washburn + + tests: Put all generated files into working dir and use better file names + When running tests there are many invocations of grub-shell, and because + the output files are all random names in the same tmp directory, it + becomes more work to figure out which files went with which grub-shell + invocations. So all generated files from one invocation of grub-shell + are put into a randomly named directory, so as not to collide with other + grub-shell invocations. And now that the generated files can be put in + a location where they will not get stepped on, and they can be named + sensible names. + + Reviewed-by: Daniel Kiper + +2022-11-14 Zhang Boyang + + normal/charset: Fix an integer overflow in grub_unicode_aglomerate_comb() + The out->ncomb is a bit-field of 8 bits. So, the max possible value is 255. + However, code in grub_unicode_aglomerate_comb() doesn't check for an + overflow when incrementing out->ncomb. If out->ncomb is already 255, + after incrementing it will get 0 instead of 256, and cause illegal + memory access in subsequent processing. + + This patch introduces GRUB_UNICODE_NCOMB_MAX to represent the max + acceptable value of ncomb. The code now checks for this limit and + ignores additional combining characters when limit is reached. + + Reported-by: Daniel Axtens + Reviewed-by: Daniel Kiper + +2022-11-14 Zhang Boyang + + font: Assign null_font to glyphs in ascii_font_glyph[] + The calculations in blit_comb() need information from glyph's font, e.g. + grub_font_get_xheight(main_glyph->font). However, main_glyph->font is + NULL if main_glyph comes from ascii_font_glyph[]. Therefore + grub_font_get_*() crashes because of NULL pointer. + + There is already a solution, the null_font. So, assign it to those glyphs + in ascii_font_glyph[]. + + Reported-by: Daniel Axtens + Reviewed-by: Daniel Kiper + +2022-11-14 Zhang Boyang + + font: Harden grub_font_blit_glyph() and grub_font_blit_glyph_mirror() + As a mitigation and hardening measure add sanity checks to + grub_font_blit_glyph() and grub_font_blit_glyph_mirror(). This patch + makes these two functions do nothing if target blitting area isn't fully + contained in target bitmap. Therefore, if complex calculations in caller + overflows and malicious coordinates are given, we are still safe because + any coordinates which result in out-of-bound-write are rejected. However, + this patch only checks for invalid coordinates, and doesn't provide any + protection against invalid source glyph or destination glyph, e.g. + mismatch between glyph size and buffer size. + + This hardening measure is designed to mitigate possible overflows in + blit_comb(). If overflow occurs, it may return invalid bounding box + during dry run and call grub_font_blit_glyph() with malicious + coordinates during actual blitting. However, we are still safe because + the scratch glyph itself is valid, although its size makes no sense, and + any invalid coordinates are rejected. + + It would be better to call grub_fatal() if illegal parameter is detected. + However, doing this may end up in a dangerous recursion because grub_fatal() + would print messages to the screen and we are in the progress of drawing + characters on the screen. + + Reported-by: Daniel Axtens + Reviewed-by: Daniel Kiper + +2022-11-14 Zhang Boyang + + font: Fix an integer underflow in blit_comb() + The expression (ctx.bounds.height - combining_glyphs[i]->height) / 2 may + evaluate to a very big invalid value even if both ctx.bounds.height and + combining_glyphs[i]->height are small integers. For example, if + ctx.bounds.height is 10 and combining_glyphs[i]->height is 12, this + expression evaluates to 2147483647 (expected -1). This is because + coordinates are allowed to be negative but ctx.bounds.height is an + unsigned int. So, the subtraction operates on unsigned ints and + underflows to a very big value. The division makes things even worse. + The quotient is still an invalid value even if converted back to int. + + This patch fixes the problem by casting ctx.bounds.height to int. As + a result the subtraction will operate on int and grub_uint16_t which + will be promoted to an int. So, the underflow will no longer happen. Other + uses of ctx.bounds.height (and ctx.bounds.width) are also casted to int, + to ensure coordinates are always calculated on signed integers. + + Fixes: CVE-2022-3775 + + Reported-by: Daniel Axtens + Reviewed-by: Daniel Kiper + +2022-11-14 Zhang Boyang + + fbutil: Fix integer overflow + Expressions like u64 = u32 * u32 are unsafe because their products are + truncated to u32 even if left hand side is u64. This patch fixes all + problems like that one in fbutil. + + To get right result not only left hand side have to be u64 but it's also + necessary to cast at least one of the operands of all leaf operators of + right hand side to u64, e.g. u64 = u32 * u32 + u32 * u32 should be + u64 = (u64)u32 * u32 + (u64)u32 * u32. + + For 1-bit bitmaps grub_uint64_t have to be used. It's safe because any + combination of values in (grub_uint64_t)u32 * u32 + u32 expression will + not overflow grub_uint64_t. + + Other expressions like ptr + u32 * u32 + u32 * u32 are also vulnerable. + They should be ptr + (grub_addr_t)u32 * u32 + (grub_addr_t)u32 * u32. + + This patch also adds a comment to grub_video_fb_get_video_ptr() which + says it's arguments must be valid and no sanity check is performed + (like its siblings in grub-core/video/fb/fbutil.c). + + Reviewed-by: Daniel Kiper + +2022-11-14 Zhang Boyang + + kern/efi/sb: Enforce verification of font files + As a mitigation and hardening measure enforce verification of font + files. Then only trusted font files can be load. This will reduce the + attack surface at cost of losing the ability of end-users to customize + fonts if e.g. UEFI Secure Boot is enabled. Vendors can always customize + fonts because they have ability to pack fonts into their GRUB bundles. + + This goal is achieved by: + + * Removing GRUB_FILE_TYPE_FONT from shim lock verifier's + skip-verification list. + + * Adding GRUB_FILE_TYPE_FONT to lockdown verifier's defer-auth list, + so font files must be verified by a verifier before they can be loaded. + + Suggested-by: Daniel Kiper + Reviewed-by: Daniel Kiper + +2022-11-14 Zhang Boyang + + font: Fix integer underflow in binary search of char index + If search target is less than all entries in font->index then "hi" + variable is set to -1, which translates to SIZE_MAX and leads to errors. + + This patch fixes the problem by replacing the entire binary search code + with the libstdc++'s std::lower_bound() implementation. + + Reviewed-by: Daniel Kiper + +2022-11-14 Zhang Boyang + + font: Fix integer overflow in BMP index + The BMP index (font->bmp_idx) is designed as a reverse lookup table of + char entries (font->char_index), in order to speed up lookups for BMP + chars (i.e. code < 0x10000). The values in BMP index are the subscripts + of the corresponding char entries, stored in grub_uint16_t, while 0xffff + means not found. + + This patch fixes the problem of large subscript truncated to grub_uint16_t, + leading BMP index to return wrong char entry or report false miss. The + code now checks for bounds and uses BMP index as a hint, and fallbacks + to binary-search if necessary. + + On the occasion add a comment about BMP index is initialized to 0xffff. + + Reviewed-by: Daniel Kiper + +2022-11-14 Zhang Boyang + + font: Fix integer overflow in ensure_comb_space() + In fact it can't overflow at all because glyph_id->ncomb is only 8-bit + wide. But let's keep safe if somebody changes the width of glyph_id->ncomb + in the future. This patch also fixes the inconsistency between + render_max_comb_glyphs and render_combining_glyphs when grub_malloc() + returns NULL. + + Reviewed-by: Daniel Kiper + +2022-11-14 Zhang Boyang + + font: Remove grub_font_dup_glyph() + Remove grub_font_dup_glyph() since nobody is using it since 2013, and + I'm too lazy to fix the integer overflow problem in it. + + Reviewed-by: Daniel Kiper + +2022-11-14 Zhang Boyang + + font: Fix several integer overflows in grub_font_construct_glyph() + This patch fixes several integer overflows in grub_font_construct_glyph(). + Glyphs of invalid size, zero or leading to an overflow, are rejected. + The inconsistency between "glyph" and "max_glyph_size" when grub_malloc() + returns NULL is fixed too. + + Fixes: CVE-2022-2601 + + Reported-by: Zhang Boyang + Reviewed-by: Daniel Kiper + +2022-11-14 Zhang Boyang + + font: Fix size overflow in grub_font_get_glyph_internal() + The length of memory allocation and file read may overflow. This patch + fixes the problem by using safemath macros. + + There is a lot of code repetition like "(x * y + 7) / 8". It is unsafe + if overflow happens. This patch introduces grub_video_bitmap_calc_1bpp_bufsz(). + It is safe replacement for such code. It has safemath-like prototype. + + This patch also introduces grub_cast(value, pointer), it casts value to + typeof(*pointer) then store the value to *pointer. It returns true when + overflow occurs or false if there is no overflow. The semantics of arguments + and return value are designed to be consistent with other safemath macros. + + Reviewed-by: Daniel Kiper + +2022-11-14 Zhang Boyang + + font: Reject glyphs exceeds font->max_glyph_width or font->max_glyph_height + Check glyph's width and height against limits specified in font's + metadata. Reject the glyph (and font) if such limits are exceeded. + + Reviewed-by: Daniel Kiper + +2022-11-14 t.feng + + loader/multiboot_elfxx: Fix memory leak + The commit eb33e61b3 (multiboot: fix memory leak) did not fix all + issues. Fix all of them right now. + + Fixes: eb33e61b3 (multiboot: fix memory leak) + + Reviewed-by: Daniel Kiper + +2022-11-14 Damian Szuberski + + docs: Correct GRUB_DISABLE_LINUX_PARTUUID documentation + Reviewed-by: Daniel Kiper + +2022-11-14 Arsen Arsenović + + osdep/unix/getroot: Pass -P to zpool status + zpool status by default prints basenames of VDEVs, which means that GRUB + would have to go around guessing to see whether a VDEV exists. Instead, + it'd be more robust to simply tell zpool to give us full paths to VDEVs + via -P. + + Reviewed-by: Daniel Kiper + +2022-11-14 Robbie Harwood + + normal/help: Add paging instructions to normal and help prompts + This is not an ideal solution, as interactive users must always run + a command in order to get the behavior they want, but it avoids + problematic interactions between prompting and sourcing files. + + Reviewed-by: Daniel Kiper + +2022-11-14 Robbie Harwood + + commands/tpm: Don't propagate measurement failures to the verifiers layer + Currently if an EFI firmware fails to do a TPM measurement for a file, + the error will be propagated to the verifiers framework which will + prevent it to be opened. This mean that buggy firmwares will lead to + the system not booting because files won't be allowed to be loaded. But + a failure to do a TPM measurement isn't expected to be a fatal error + that causes the system to be unbootable. + + To avoid this, don't return errors from .write and .verify_string + callbacks and just print a debug message in the case of a TPM + measurement failure. Add an environment variable, tpm_fail_fatal, to + restore the previous behavior. + + Also-authored-by: Javier Martinez Canillas + Reviewed-by: Daniel Kiper + +2022-11-14 Robbie Harwood + + kern/env: Add function for retrieving variables as booleans + Reviewed-by: Daniel Kiper + +2022-11-14 Robbie Harwood + + types: Make bool generally available + Add an include on stdbool.h, making the bool type generally available + within the GRUB without needing to add a file-specific include every + time it would be used. + + Reviewed-by: Daniel Kiper + +2022-11-14 Raymund Will + + loader: Add support for grub-emu to kexec Linux menu entries + The GRUB emulator is used as a debugging utility but it could also be + used as a user-space bootloader if there is support to boot an operating + system. + + The Linux kernel is already able to (re)boot another kernel via the + kexec boot mechanism. So the grub-emu tool could rely on this feature + and have linux and initrd commands that are used to pass a kernel, + initramfs image and command line parameters to kexec for booting + a selected menu entry. + + By default the systemctl kexec option is used so systemd can shutdown + all of the running services before doing a reboot using kexec. But if + this is not present, it can fall back to executing the kexec user-space + tool directly. The ability to force a kexec-reboot when systemctl kexec + fails must only be used in controlled environments to avoid possible + filesystem corruption and data loss. + + Reviewed-by: Daniel Kiper + +2022-11-14 Denton Liu + + templates: Introduce GRUB_TOP_LEVEL_* vars + A user may wish to use an image that is not sorted as the "latest" + version as the top-level entry. For example, in Arch Linux, if a user + has the LTS and regular kernels installed, "/boot/vmlinuz-linux-lts" + gets sorted as the "latest" compared to "/boot/vmlinuz-linux", meaning + the LTS kernel becomes the top-level entry. However, a user may wish to + use the regular kernel as the top-level default with the LTS only + existing as a backup. + + This need can be seen in Arch Linux's AUR with two user-submitted + packages[0][1] providing an update hook which patches /etc/grub.d/10_linux + to move the desired kernel to the top-level. This patch serves to solve + this in a more generic way. + + Introduce the GRUB_TOP_LEVEL, GRUB_TOP_LEVEL_XEN and GRUB_TOP_LEVEL_OS_PROBER + variables to allow users to specify the top-level entry. + + Create grub_move_to_front() as a helper function which moves entries to + the front of a list. This function does the heavy lifting of moving + the menu entry to the front in each script. + + In 10_netbsd, since there isn't an explicit list variable, extract the + items that are being iterated through into a list so that we can + optionally apply grub_move_to_front() to the list before the loop. + + [0]: https://aur.archlinux.org/packages/grub-linux-default-hook + [1]: https://aur.archlinux.org/packages/grub-linux-rt-default-hook + + Reviewed-by: Oskari Pirhonen + Reviewed-by: Daniel Kiper + +2022-10-27 Alec Brown + + video/readers: Add artificial limit to image dimensions + In grub-core/video/readers/jpeg.c, the height and width of a JPEG image don't + have an upper limit for how big the JPEG image can be. In Coverity, this is + getting flagged as an untrusted loop bound. This issue can also seen in PNG and + TGA format images as well but Coverity isn't flagging it. To prevent this, the + constant IMAGE_HW_MAX_PX is being added to include/grub/bitmap.h, which has + a value of 16384, to act as an artificial limit and restrict the height and + width of images. This value was picked as it is double the current max + resolution size, which is 8K. + + Fixes: CID 292450 + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-10-27 Daniel Axtens + + disk/diskfilter: Don't make a RAID array with more than 1024 disks + This is "belt and braces" with commit 12e20a6a695f (disk/diskfilter: + Check calloc() result for NULL): we end up trying to use too much memory + in situations like corrupted Linux software RAID setups purporting to + use a huge number of disks. Simply refuse to permit such configurations. + + 1024 is a bit arbitrary, yes, and I feel a bit like I'm tempting fate + here, but I think 1024 disks in an array (that GRUB has to read to boot!) + should be enough for anyone. + + Reviewed-by: Daniel Kiper + +2022-10-27 Ard Biesheuvel + + arm64/efi/linux: Ignore FDT unless we need to modify it + Now that we implemented support for the LoadFile2 protocol for initrd + loading, there is no longer a need to pass the initrd parameters via + the device tree. This means that when the LoadFile2 protocol is being + used, there is no reason to update the device tree in the first place, + and so we can ignore it entirely. + + The only remaining reason to deal with the devicetree is if we are + using the "devicetree" command to load one from disk, so tweak the + logic in grub_fdt_install() to take that into account. + + Reviewed-by: Leif Lindholm + Reviewed-by: Daniel Kiper + +2022-10-27 Ard Biesheuvel + + arm64/efi/linux: Implement LoadFile2 initrd loading protocol for Linux + Recent Linux kernels will invoke the LoadFile2 protocol installed on + a well-known vendor media path to load the initrd if it is exposed by + the firmware. Using this method is preferred for two reasons: + - the Linux kernel is in charge of allocating the memory, and so it can + implement any placement policy it wants (given that these tend to + change between kernel versions), + - it is no longer necessary to modify the device tree provided by the + firmware. + + So let's install this protocol when handling the "initrd" command if + such a recent kernel was detected (based on the PE/COFF image version), + and defer loading the initrd contents until the point where the kernel + invokes the LoadFile2 protocol. + + Reviewed-by: Heinrich Schuchardt + Tested-by: Ilias Apalodimas + Reviewed-by: Ilias Apalodimas + Reviewed-by: Daniel Kiper + +2022-10-27 Ard Biesheuvel + + efi/efinet: Don't close connections at fini_hw() time + When GRUB runs on top of EFI firmware, it only has access to block and + network device abstractions exposed by the firmware, and it is up to the + firmware to quiesce the underlying hardware when exiting boot services + and handing over to the OS. + + This is especially important for network devices, to prevent incoming + packets from being DMA'd straight into memory after the OS has taken + over but before it has managed to reconfigure the network hardware. + + GRUB handles this by means of the grub_net_fini_hw() preboot hook, which + is executed before calling into the booted image. This means that all + network devices disappear or become inoperable before the EFI stub + executes on EFI targeted builds. This is problematic as it prevents the + EFI stub from calling back into GRUB provided protocols such as + LoadFile2 for the initrd, which we will provide in a subsequent patch. + + So add a flag that indicates to the network core that EFI network + devices should not be closed when grub_net_fini_hw() is called. + + Reviewed-by: Heinrich Schuchardt + Reviewed-by: Daniel Kiper + +2022-10-27 Ard Biesheuvel + + loader/arm64/linux: Account for COFF headers appearing at unexpected offsets + The way we load the Linux and PE/COFF image headers depends on a fixed + placement of the COFF header at offset 0x40 into the file. This is + a reasonable default, given that this is where Linux emits it today. + However, in order to comply with the PE/COFF spec, which allows this + header to appear anywhere in the file, let's ensure that we read the + header from where it actually appears in the file if it is not located + at offset 0x40. + + Reviewed-by: Daniel Kiper + +2022-10-27 Ard Biesheuvel + + arm/linux: Unify ARM/arm64 vs Xen PE/COFF header handling + Xen has its own version of the image header, to account for the + additional PE/COFF header fields. Since we are adding references to + those in the shared EFI loader code, update the common definitions + and drop the Xen specific one which no longer has a purpose. + + Since in both cases, the call to grub_arch_efi_linux_check_image() is + preceded by a load of the image header, let's move the load into that + function, and rename it to grub_arch_efi_linux_load_image_header(). + + Reviewed-by: Daniel Kiper + +2022-10-27 Ard Biesheuvel + + efi: Move MS-DOS stub out of generic PE header definition + The PE/COFF spec permits the COFF signature and file header to appear + anywhere in the file, and the actual offset is recorded in 4 byte + little endian field at offset 0x3c of the image. + + When GRUB is emitted as a PE/COFF binary, we reuse the 128 byte MS-DOS + stub (even for non-x86 architectures), putting the COFF signature and + file header at offset 0x80. However, other PE/COFF images may use + different values, and non-x86 Linux kernels use an offset of 0x40 + instead. + + So let's get rid of the grub_pe32_header struct from pe32.h, given that + it does not represent anything defined by the PE/COFF spec. Instead, + introduce a minimal struct grub_msdos_image_header type based on the + PE/COFF spec's description of the image header, and use the offset + recorded at file position 0x3c to discover the actual location of the PE + signature and the COFF image header. + + The remaining fields are moved into a struct grub_pe_image_header, + which we will use later to access COFF header fields of arbitrary + images (and which may therefore appear at different offsets) + + Reviewed-by: Daniel Kiper + +2022-10-27 Jagannathan Raman + + kern/buffer: Handle NULL input pointer in grub_buffer_free() + The grub_buffer_free() should handle NULL input pointer, similar to + grub_free(). If the pointer is not referencing any memory location, + grub_buffer_free() need not perform any function. + + Fixes: CID 396931 + + Reviewed-by: Ross Philipson + Reviewed-by: Daniel Kiper + +2022-10-27 Jagannathan Raman + + fs/zfs/zfs: Update dangling dn_new pointer in dnode_get_path() + The dnode_get_path() traverses dnode structures to locate the dnode leaf + of a given path. When the leaf is a symlink to another path, it restarts + the traversal either from root or from a different path. In such cases, + dn_new must be re-initialized + + Passes "make check". + + Fixes: CID 86750 + + Reviewed-by: Ross Philipson + Reviewed-by: Daniel Kiper + +2022-10-27 Darren Kenny + + build: Update to reflect minimum clang version 8.0 + After doing some validation with clang from versions 3.8 and up, the + builds prior to version 8.0.0 fail due to the use of safemath functions + at link time. + + Reviewed-by: Daniel Kiper + +2022-10-27 Darren Kenny + + configure: Fix building with clang + Building the current code with clang and the latest gnulib fails due to + the use of a variable-length-array (vla) warning, which turns in to an + error due to the presence of the -Werror during the build. + + The gnulib team stated that their code should not be built with -Werror. + + At present, the only way to do this is for the complete code-base, by + using the --disable-werror option to configure. + + Rather than doing this, and failing to gain any benefit that it provides, + instead, if building with clang, this patch makes it possible to specifically + not error on vlas, while retaining the -Werror functionality otherwise. + + Reviewed-by: Daniel Kiper + +2022-10-27 Darren Kenny + + gnulib: Provide abort() implementation for gnulib + The recent gnulib updates require an implementation of abort(), but the + current macro provided by changeset: + + cd37d3d3916c gnulib: Drop no-abort.patch + + to config.h.in does not work with the clang compiler since it doesn't + provide a __builtin_trap() implementation, so this element of the + changeset needs to be reverted, and replaced. + + After some discussion with Vladimir 'phcoder' Serbinenko and Daniel Kiper + it was suggested to bring back in the change from the changeset: + + db7337a3d353 * grub-core/gnulib/regcomp.c (regerror): ... + + Which implements abort() as an inline call to grub_abort(), but since + that was made static by changeset: + + a8f15bceeafe * grub-core/kern/misc.c (grub_abort): Make static + + it is also necessary to revert the specific part that makes it a static + function too. + + Another implementation of abort() was found in grub-core/kern/compiler-rt.c + which needs to also be removed to be consistent. + + Reviewed-by: Daniel Kiper + +2022-10-27 Alec Brown + + disk/cryptodisk: Fix unintentional integer overflow + In the function grub_cryptodisk_endecrypt(), a for loop is incrementing the + variable i by (1U << log_sector_size). The variable i is of type grub_size_t + which is a 64-bit unsigned integer on x86_64 architecture. On the other hand, 1U + is a 32-bit unsigned integer. By performing a left shift on a 32-bit value and + assigning it to a 64-bit variable, the 64-bit variable may have incorrect values + in the high 32-bits if the shift has an overflow. To avoid this, we replace 1U + with (grub_size_t)1. + + Fixes: CID 307788 + + Reviewed-by: Darren Kenny + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2022-10-27 Zhang Boyang + + mm: Try invalidate disk caches last when out of memory + Every heap grow will cause all disk caches invalidated which decreases + performance severely. This patch moves disk cache invalidation code to + the last of memory squeezing measures. So, disk caches are released only + when there are no other ways to get free memory. + + Reviewed-by: Daniel Kiper + Reviewed-by: Patrick Steinhardt + +2022-10-27 Qiumiao Zhang + + util/grub-mkfont: Use valid conversion specifiers in printf() and fprintf() + For printf()/fprintf() functions, unsigned integers should use %u as the + valid conversion specifier instead of %d. + + Reviewed-by: Daniel Kiper + +2022-10-27 Chris Coulson + + efi: Compile kernel.img with -fshort-wchar on all EFI targets + The stack check logs a console message on failure, and the EFI API expects + a NULL terminated UCS-2 string. In order to define a UCS-2 string literal, + kernel.img on amd64 and i386 EFI targets is built with -fshort-wchar. + + Also compile kernel.img on other EFI targets with -fshort-wchar. + + Fixes: 37ddd94 (kern/efi/init: Log a console error during a stack check failure) + + Reported-by: Glenn Washburn + Reviewed-by: Daniel Kiper + +2022-10-11 Benjamin Herrenschmidt + + normal/menu: Add Ctrl-L to refresh the menu + This is useful on cloud instances with remote serial ports as it can be + difficult to connect "fast enough" to get the initial menu display + + Reviewed-by: Daniel Kiper + +2022-10-11 Michael Chang + + util/grub-install: Set point of no return for powerpc-ieee1275 install + The point of no return is used to define a point where no change should + be reverted in a wake of fatal error that consequently aborts the + process. The powerpc-ieee1275 install apparently missed this point of no + return definition that newly installed modules could be inadvertently + reverted after successful image embedding so that boot failure is + incurred due to inconsistent state. + + Reviewed-by: Daniel Kiper + +2022-10-11 Daniel Axtens + + disk/diskfilter: Check calloc() result for NULL + With wildly corrupt inputs, we can end up trying to calloc a very + large amount of memory, which will fail and give us a NULL pointer. + We need to check that to avoid a crash. (And, even if we blocked + such inputs, it is good practice to check the results of allocations + anyway.) + + Reviewed-by: Daniel Kiper + +2022-10-11 Glenn Washburn + + disk/cryptodisk: Allows UUIDs to be compared in a dash-insensitive manner + A user can now specify UUID strings with dashes, instead of having to remove + dashes. This is backwards-compatibility preserving and also fixes a source + of user confusion over the inconsistency with how UUIDs are specified + between file system UUIDs and cryptomount UUIDs. Since cryptsetup, the + reference implementation for LUKS, displays and generates UUIDs with dashes + there has been additional confusion when using the UUID strings from + cryptsetup as exact input into GRUB does not find the expected cryptodisk. + + A new function grub_uuidcasecmp() is added that is general enough to be used + other places where UUIDs are being compared. + + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2022-10-11 Glenn Washburn + + kern/corecmd: Quote variable values when displayed by the set command + Variable values may contain spaces at the end or newlines. However, when + displayed without quotes this is not obvious and can lead to confusion as + to the actual contents of variables. Also for some variables grub_env_get() + returns a NULL pointer instead of a pointer to an empty string and + previously would be printed as "var=(null)". Now such variables will be + displayed as "var=''". + + Reviewed-by: Daniel Kiper + +2022-10-11 Samuel Thibault + + templates: Add support for acpi on Hurd + This adds acpi as bootstrap module whenever it is available. This opens the + path for proper IRQ routing for fully-userland disk drivers. + + Reviewed-by: Daniel Kiper + +2022-10-11 Peter Jones + + util/grub-module-verifierXX: Enable running standalone checkers + Allow treating util/grub-module-verifierXX.c as a file you can build + directly so syntax checkers like vim's "syntastic" plugin, which uses + "gcc -x c -fsyntax-only" to build it, will work. + + One still has to do whatever setup is required to make it pick the + right include dirs, which -I options we use, etc., but this makes + it so you can do the checking on the file you're editing, rather + than on a different file. + + Reviewed-by: Daniel Kiper + +2022-10-04 Tuan Phan + + kern/compiler-rt: Fix __clzsi2() logic + Fix the incorrect return value of __clzsi2() function. + + Fixes: e795b90 (RISC-V: Add libgcc helpers for clz) + + Reviewed-by: Daniel Kiper + +2022-10-04 Daniel Axtens + + efi: Increase default memory allocation to 32 MiB + We have multiple reports of things being slower with a 1 MiB initial static + allocation, and a report (more difficult to nail down) of a boot failure + as a result of the smaller initial allocation. + + Make the initial memory allocation 32 MiB. + + Reviewed-by: Daniel Kiper + +2022-10-04 Christian Hesse + + templates: Filter C.UTF-8 locale for translation + In addition to C locale there is also C.UTF-8 locale now. Filter that as + well, by using ${grub_lang}, which contains a stripped value. + This fixes the following message and resulting boot failure: + + error: file `/boot/grub/locale/C.gmo' not found. + + Reviewed-by: Daniel Kiper + +2022-10-04 Steve McIntyre + + tests: Explicitly unset SOURCE_DATE_EPOCH before running fs tests + In some filesystem utils like mksquashfs, they will silently change + behaviour and cause timestamps to unexpectedly change. Build + environments like Debian's set SOURCE_DATE_EPOCH in the environment, + so remove it. Reproducible builds are good and useful for shipped + artifacts, but this causes build-time tests to fail. + + Reviewed-by: Daniel Kiper + +2022-10-04 Heinrich Schuchardt + + commands/efi/lsefisystab: Short text for EFI_CONFORMANCE_PROFILES_TABLE + The EFI_CONFORMANCE_PROFILES_TABLE_GUID is used for a table of GUIDs for conformance + profiles (cf. UEFI specification 2.10, 4.6.5 EFI_CONFORMANCE_PROFILE_TABLE). + + The lsefisystab command is used to display installed EFI configuration tables. + Currently it only shows the GUID but not a short text for the table. + + Provide a short text for the EFI_CONFORMANCE_PROFILES_TABLE_GUID. + + Reviewed-by: Daniel Kiper + +2022-10-04 Theodore Ts'o + + fs/ext2: Ignore the large_dir incompat feature + Recently, ext4 added the large_dir feature, which adds support for + a 3 level htree directory support. + + The GRUB supports existing file systems with htree directories by + ignoring their existence, and since the index nodes for the hash tree + look like deleted directory entries (by design), the GRUB can simply do + a brute force O(n) linear search of directories. The same is true for + 3 level deep htrees indicated by large_dir feature flag. + + Hence, it is safe for the GRUB to ignore the large_dir incompat feature. + + Fixes: https://savannah.gnu.org/bugs/?61606 + + Reviewed-by: Daniel Kiper + +2022-10-04 Glenn Washburn + + disk/loopback: Support transparent decompression of backing file + A new option is added to the loopback command, -D or --decompress, which + when specified transparently decompresses the backing file. This allows + compressed images to be used as if they were uncompressed. + + Add documentation to support this change. + + Suggested-by: Li Gen + Reviewed-by: Daniel Kiper + +2022-10-04 Glenn Washburn + + configure: Add -DGRUB_HAS_PCI when compiling C/C++ files on targets that support PCI + The list of targets that support PCI is in gentpl.py. However, there is no + support for generating makefile script from a .def file that will apply + globally to the makefile, but on a per target basis. So instead, use + gentpl.py in configure to get the list of targets and check if the current + build target is one of them. If it is, set the automake conditional + COND_HAVE_PCI. Then in conf/Makefile.common add -DGRUB_HAS_PCI for the + platform if COND_HAVE_PCI is true. + + Reviewed-by: Daniel Kiper + +2022-10-04 Li Gen + + commands/read: Fix overflow in grub_getline() + Store returned value from grub_getkey() in int instead of char to + prevent throwing away the extended bits. This was a problem because, + for instance, the left arrow key press would return + (GRUB_TERM_EXTENDED | 0x4b), which would have the GRUB_TERM_EXTENDED + thrown away leaving 0x4b or 'K'. These extended keys should either + work as intended or do nothing. This change has them do nothing, + instead of inserting a key not pressed by the user. + + Reviewed-by: Daniel Kiper + +2022-10-04 Li Gen + + efi: Correct function prototype for register_key_notify() method of grub_efi_simple_text_input_ex_interface + The register_key_notify() method should have an output parameter which is + a pointer to the unique handle assigned to the registered notification. + + Reviewed-by: Daniel Kiper + +2022-10-04 Masahiro Matsuya + + net/drivers/ieee1275/ofnet: Fix incorrect netmask + The netmask configured in firmware is not respected on ppc64 (big endian). + When 255.255.252.0 is set as netmask in firmware, the following is the + value of bootpath string in grub_ieee1275_parse_bootpath(): + + /vdevice/l-lan@30000002:speed=auto,duplex=auto,192.168.88.10,,192.168.89.113,192.168.88.1,5,5,255.255.252.0,512 + + The netmask in this bootpath is not a problem, since it's a value specified + in firmware. But the value of subnet_mask.ipv4 was set with 0xfffffc00, and + __builtin_ctz(~grub_le_to_cpu32(subnet_mask.ipv4)) returned 16 (not 22). + As a result, 16 was used for netmask wrongly: + + 1111 1111 1111 1111 1111 1100 0000 0000 # subnet_mask.ipv4(=0xfffffc00) + 0000 0000 1111 1100 1111 1111 1111 1111 # grub_le_to_cpu32(subnet_mask.ipv4) + 1111 1111 0000 0011 0000 0000 0000 0000 # ~grub_le_to_cpu32(subnet_mask.ipv4) + + and the count of zero with __builtin_ctz() can be 16. This patch changes + it as below: + + 1111 1111 1111 1111 1111 1100 0000 0000 # subnet_mask.ipv4(=0xfffffc00) + 0000 0000 1111 1100 1111 1111 1111 1111 # grub_le_to_cpu32(subnet_mask.ipv4) + 1111 1111 1111 1111 1111 1100 0000 0000 # grub_be_to_cpu32(subnet_mask.ipv4) + 0000 0000 0000 0000 0000 0011 1111 1111 # ~grub_be_to_cpu32(subnet_mask.ipv4) + + The count of zero with __builtin_clz() can be 22 (clz counts the number + of one bits preceding the most significant zero bit). + + Reviewed-by: Daniel Kiper + +2022-10-04 Ross Philipson + + loader/i386/bsd: Initialize BSD relocator state variables + Numerous register fields in the relocator state are simply not + used depending on the relocator. This causes Coverity to flag + these fields but there is no real bug here. Simply initializing + the variable to {0} solves the issue. Fixed in the else case too + for consistency. + + Fixes: CID 396932 + + Reviewed-by: Daniel Kiper + +2022-08-20 Andrea G. Monaco + + docs: Add a link to environment variables + This is trivial, but it might save some time to beginners. + + Reviewed-by: Glenn Washburn + Reviewed-by: Daniel Kiper + +2022-08-20 Robbie Harwood + + docs: Fix mismatched brackets in halt command + Reviewed-by: Daniel Kiper + + docs: Document fwsetup command + Reviewed-by: Daniel Kiper + +2022-08-20 Robbie Harwood + + efi: Don't display a uefi-firmware entry if it's not supported + Add a new --is-supported option to commands/efi/efifwsetup and + conditionalize display on it. + + Reviewed-by: Daniel Kiper + +2022-08-19 Javier Martinez Canillas + + commands/efi/efifwsetup: Print an error if boot to firmware setup is not supported + The "fwsetup" command is only registered if the firmware supports booting + to the firmware setup UI. But it could be possible that the GRUB config + already contains a "fwsetup" entry, because it was generated in a machine + that has support for this feature. + + To prevent users getting an error like: + + error: ../../grub-core/script/function.c:109:can't find command `fwsetup'. + + if it is not supported by the firmware, let's just always register the + command but print a more accurate message if the firmware doesn't + support this option. + + Reviewed-by: Daniel Kiper + +2022-08-19 Javier Martinez Canillas + + templates: Check for EFI at runtime instead of config generation time + The 30_uefi-firmware template checks if an OsIndicationsSupported UEFI var + exists and EFI_OS_INDICATIONS_BOOT_TO_FW_UI bit is set, to decide whether + a "fwsetup" menu entry would be added or not to the GRUB menu. + + But this has the problem that it will only work if the configuration file + was created on an UEFI machine that supports booting to a firmware UI. + + This for example doesn't support creating GRUB config files when executing + on systems that support both UEFI and legacy BIOS booting. Since creating + the config file from legacy BIOS wouldn't allow to access the firmware UI. + + To prevent this, make the template to unconditionally create the grub.cfg + snippet but check at runtime if was booted through UEFI to decide if this + entry should be added. That way it won't be added when booting with BIOS. + + There's no need to check if EFI_OS_INDICATIONS_BOOT_TO_FW_UI bit is set, + since that's already done by the "fwsetup" command when is executed. + + Reviewed-by: Daniel Kiper + +2022-08-19 Robbie Harwood + + efi: Make all grub_efi_guid_t variables static + This is believed to result in smaller code. + + Reviewed-by: Daniel Kiper + +2022-08-19 Robbie Harwood + + commands/efi/efifwsetup: Add missing grub_free()s + Each call of grub_efi_get_variable() needs a grub_free(). + + Reviewed-by: Daniel Kiper + +2022-08-19 Jagannathan Raman + + fs/zfs/zfs: Pass pointer to dnode_end_t instead of value to fill_fs_info() + Coverity reports that dnode_end_t argument of fill_fs_info() is too + large to pass-by-value. Therefore, replace the argument with a pointer. + + Fixes: CID 73631 + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-08-19 Patrick Steinhardt + + disk/luks2: Fix decoding of digests and salts with escaped chars + It was reported in the #grub IRC channel on Libera that decryption of + LUKS2 partitions fails with errors about invalid digests and/or salts. + In all of these cases, what failed was decoding the Base64 + representation of these, where the encoded data contained invalid + characters. + + As it turns out, the root cause is that json-c, which is used by + cryptsetup to read and write the JSON header, will escape some + characters by prepending a backslash when writing JSON strings by + default. Most importantly, json-c also escapes the forward slash, which + is part of the Base64 alphabet. Because GRUB doesn't know to unescape + such characters, decoding this string will rightfully fail. + + Interestingly, this issue has until now only been reported by users of + Ubuntu 18.04. And a bit of digging in fact reveals that cryptsetup has + changed the logic in a054206d (Suppress useless slash escaping in json + lib, 2018-04-20), which has been released with cryptsetup v2.0.3. Ubuntu + 18.04 is still shipping with cryptsetup v2.0.2 though, which explains + why this is not a more frequent issue. + + Fix the issue by using our new grub_json_unescape() helper function + that handles unescaping for us. + + Reported-by: Afdal + Reviewed-by: Daniel Kiper + +2022-08-19 Patrick Steinhardt + + lib/json/json: Add function to unescape JSON-encoded strings + JSON strings require certain characters to be encoded, either by using + a single reverse solidus character "\" for a set of popular characters, + or by using a Unicode representation of "\uXXXXX". The jsmn library + doesn't handle unescaping for us, so we must implement this functionality + for ourselves. + + Add a new function grub_json_unescape() that takes a potentially + escaped JSON string as input and returns a new unescaped string. + + Reviewed-by: Daniel Kiper + +2022-08-19 Nikita Ermakov + + loader: Drop argv[] argument in grub_initrd_load() + In the case of an error grub_initrd_load() uses argv[] to print the + filename that caused the error. It is also possible to obtain the + filename from the file handles and there is no need to duplicate that + information in argv[], so let's drop it. + + Reviewed-by: Daniel Kiper + +2022-08-19 Alec Brown + + loader: Update error conditionals to use enums + In grub-core/loader/i386/bsdXX.c and grub-core/loader/multiboot_elfxx.c, error + conditionals are simplified to statements such as "if (err)". Even though the + assumption that non-zero values give errors is correct, it would be clearer and + more consistent to compare these conditionals to GRUB_ERR_NONE. + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-08-19 Alec Brown + + util/grub-module-verifierXX: Changed get_shnum() return type + In util/grub-module-verifierXX.c, the function get_shnum() returns the variable + shnum, which is of the type Elf_Word. In the function, shnum can be obtained by + the e_shnum member of an Elf_Ehdr or the sh_size member of an Elf_Shdr. The + sh_size member can either be grub_uint32_t or grub_uint64_t, depending on the + architecture, but Elf_Word is only grub_uint32_t. To account for when sh_size is + grub_uint64_t, we can set shnum to have type Elf_Shnum and have get_shnum() + return an Elf_Shnum. + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-08-19 Alec Brown + + elf: Validate number of elf program header table entries + In bsdXX.c and multiboot_elfxx.c, e_phnum is used to obtain the number of + program header table entries, but it wasn't being checked if the value was + there. + + According to the elf(5) manual page, + "If the number of entries in the program header table is larger than or equal to + PN_XNUM (0xffff), this member holds PN_XNUM (0xffff) and the real number of + entries in the program header table is held in the sh_info member of the + initial entry in section header table. Otherwise, the sh_info member of the + initial entry contains the value zero." + + Since this check wasn't being made, grub_elfXX_get_phnum() is being added to + elfXX.c to make this check and use e_phnum if it doesn't have PN_XNUM as a + value, else use sh_info. We also need to make sure e_phnum isn't greater than + PN_XNUM and sh_info isn't less than PN_XNUM. + + Note that even though elf.c and elfXX.c are located in grub-core/kern, they are + compiled as modules and don't need the EXPORT_FUNC() macro to define the functions + in elf.h. + + Also, changed casts of phnum to match variables being set as well as dropped + casts when unnecessary. + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-08-19 Alec Brown + + elf: Validate elf section header table index for section name string table + In multiboot_elfxx.c, e_shstrndx is used to obtain the section header table + index of the section name string table, but it wasn't being checked if the value + was there. + + According to the elf(5) manual page, + "If the index of section name string table section is larger than or equal to + SHN_LORESERVE (0xff00), this member holds SHN_XINDEX (0xffff) and the real + index of the section name string table section is held in the sh_link member of + the initial entry in section header table. Otherwise, the sh_link member of the + initial entry in section header table contains the value zero." + + Since this check wasn't being made, grub_elfXX_get_shstrndx() is being added to + elfXX.c to make this check and use e_shstrndx if it doesn't have SHN_XINDEX as a + value, else use sh_link. We also need to make sure e_shstrndx isn't greater than + or equal to SHN_LORESERVE and sh_link isn't less than SHN_LORESERVE. + + Note that even though elf.c and elfXX.c are located in grub-core/kern, they are + compiled as modules and don't need the EXPORT_FUNC() macro to define the functions + in elf.h. + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-08-19 Alec Brown + + elf: Validate number of elf section header table entries + In bsdXX.c and multiboot_elfxx.c, e_shnum is used to obtain the number of + section header table entries, but it wasn't being checked if the value was + there. + + According to the elf(5) manual page, + "If the number of entries in the section header table is larger than or equal to + SHN_LORESERVE (0xff00), e_shnum holds the value zero and the real number of + entries in the section header table is held in the sh_size member of the initial + entry in section header table. Otherwise, the sh_size member of the initial + entry in the section header table holds the value zero." + + Since this check wasn't being made, grub_elfXX_get_shnum() is being added to + elfXX.c to make this check and use whichever member doesn't have a value of + zero. If both are zero, then we must return an error. We also need to make sure + that e_shnum doesn't have a value greater than or equal to SHN_LORESERVE and + sh_size isn't less than SHN_LORESERVE. + + In order to get this function to work, the type ElfXX_Shnum is being added where + Elf32_Shnum defines Elf32_Word and Elf64_Shnum defines Elf64_Xword. This new + type is needed because if shnum obtains a value from sh_size, sh_size could be + of type El32_Word for Elf32_Shdr structures or Elf64_Xword for Elf64_Shdr + structures. + + Note that even though elf.c and elfXX.c are located in grub-core/kern, they are + compiled as modules and don't need the EXPORT_FUNC() macro to define the functions + in elf.h. + + For a few smaller changes, changed casts of shnum to match variables being set + as well as dropped casts when unnecessary and fixed spacing errors in bsdXX.c. + Also, shnum is an unsigned integer and is compared to int i in multiboot_elfxx.c, + it should be unsigned to match shnum. + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-08-19 Mauricio Faria de Oliveira + + templates/linux_xen: Properly order the multiple initrd files + The linux_xen template orders the "early" initrd file(s) _first_ + (i.e., before the "real" initrd files) and that seems reasonable, + as microcode updates usually come first. + + However, this usually breaks Linux boot with initrd under Xen + because Xen assumes the real initrd is the first multiboot[2] + module after the kernel, passing its address over to Linux in + Xen's start_info struct. + + So, if a microcode-only initrd (i.e., without init/userspace) + is found by grub-mkconfig, it ends up considered as a normal + initrd by the Linux kernel, which cannot do anything with it + (as it has no other files) and panic()s unable to mount root + if it depends on a initrd to do that (e.g., root=UUID=...). + + ... + + Well, since Xen doesn't actually use the provided microcode + by default / unless the 'ucode=' option + is enabled, this isn't used in the general case (and breaks). + + Additionally, if an user enables the 'ucode=' option, that + either specifies which module is to be used for microcode, + or scans all modules (regardless of being first) for that. + + Thus, for Xen: + - it is *not required* to have microcode first, + - but it is *required* to have real initrd first + + So, fix it by ordering the real initrd before early initrd(s). + + After: + + # touch /boot/xen /boot/microcode.cpio + # grub-mkconfig 2>/dev/null | grep -P '^\t(multiboot|module)' + multiboot /boot/xen ... + module /boot/vmlinuz-5.4.0-122-generic ... + module --nounzip /boot/initrd.img-5.4.0-122-generic + module --nounzip /boot/microcode.cpio + + ... + + Corner case specific to Xen implementation details: + + It is actually _possible_ to have a microcode initrd first, + but that requires a non-default option (so can't rely on it), + and it turns out to be inconsistent with its counterpart + (really shouldn't rely on it, as it may get confusing; below). + + 'ucode=1' does manually specify the first module is microcode + _AND_ clears its bit in the module bitmap. The next module is + now the 'new first', and gets passed to Linux as initrd. Good. + + 'ucode=scan' checks all modules for microcode, but does _NOT_ + clear a bit if it finds one (reasonable, as it can find that + prepended in a "real" initrd anyway, which needs to be used). + The first module still gets passed to Linux as initrd. Bad. + + Fixes: e86f6aafb8de (grub-mkconfig/20_linux_xen: Support multiple early initrd images) + + Acked-by: Juergen Gross + Reviewed-by: Daniel Kiper + +2022-08-19 Mauricio Faria de Oliveira + + templates/linux_xen: Properly load multiple initrd files + The linux_xen template can put multiple initrd files in the + same multiboot[2] module[2] command, which is against specs. + + This causes ONLY the _first_ initrd file to be loaded; other + files just have filenames in a "cmdline" string of the first + initrd file and are NOT loaded. + + Fix this by inserting a module[2] command per initrd file. + + Before: + + # touch /boot/xen /boot/microcode.cpio + # grub-mkconfig 2>/dev/null | grep -P '^\t(multiboot|module)' + multiboot /boot/xen ... + module /boot/vmlinuz-5.4.0-122-generic ... + module --nounzip /boot/microcode.cpio /boot/initrd.img-5.4.0-122-generic + + After: + + # touch /boot/xen /boot/microcode.cpio + # grub-mkconfig 2>/dev/null | grep -P '^\t(multiboot|module)' + multiboot /boot/xen ... + module /boot/vmlinuz-5.4.0-122-generic ... + module --nounzip /boot/microcode.cpio + module --nounzip /boot/initrd.img-5.4.0-122-generic + + Cause: + + The code was copied from the linux template, which is *apparently* + equivalent.. but its initrd command grub_cmd_initrd() *supports* + multiple files (see grub_initrd_init()), while module/module2 in + grub_cmd_module() *does not* (see grub_multiboot[2]_add_module()). + + See commit e86f6aafb8de (grub-mkconfig/20_linux_xen: Support multiple early initrd images): + 'This is basically a copy of a698240d "grub-mkconfig/10_linux: + Support multiple early initrd images" ...' + + Specs: + + Both multiboot and multiboot2 specifications mention support for + 'multiple boot modules' (struct/tag used for kernel/initrd files): + + "Boot loaders don’t have to support multiple boot modules, + but they are strongly encouraged to" [1,2] + + However, there is a 1:1 relationship between boot modules and files, + more or less clearly; note the usage of singular/plural "module(s)". + (Multiboot2, clearly: "One tag appears per module".) + + Multiboot [1]: + + "the ‘mods’ fields indicate ... what boot modules + were loaded ..., and where they can be found. + ‘mods_count’ contains the number of modules loaded" + + "The first two fields contain the start and end addresses + of the boot module itself." + + Multiboot2 [2]: + + "This tag indicates ... what boot module was loaded ..., + and where it can be found." + + "The ‘mod_start’ and ‘mod_end’ contain the start and end + physical addresses of the boot module itself." + + "One tag appears per module. + This tag type may appear multiple times." + + And both clearly mention the 'string' field of a boot module, + which is to be used by the operating system, not boot loader: + + "The ‘string’ field provides an arbitrary string to be + associated with that particular boot module ... + its exact use is specific to the operating system." + + Links: + + [1] https://www.gnu.org/software/grub/manual/multiboot/multiboot.html + 3.3 Boot information format + + [2] https://www.gnu.org/software/grub/manual/multiboot2/multiboot.html + 3.6.6 Modules + + Fixes: e86f6aafb8de (grub-mkconfig/20_linux_xen: Support multiple early initrd images) + + Acked-by: Juergen Gross + Reviewed-by: Daniel Kiper + +2022-08-19 Glenn Washburn + + misc: Add cast in grub_strncasecmp() to drop sign when calling grub_tolower() + Note this cast was fixed in grub_strcasecmp() in commit ce41ab7aab + (* grub-core/kern/misc.c (grub_strcmp): Use unsigned comparison as per + common usage and preffered in several parts of code.), but this commit + omitted fixing it in grub_strncasecmp(). + + Reviewed-by: Daniel Kiper + +2022-08-19 Glenn Washburn + + tests/util/grub-shell: Only show grub-mkrescue output if it returns an error + The previous behavior ignored an error and the output from grub-mkrescue. + This made it difficult to discover that grub-mkrescue was the reason that + tests which rely on grub-shell were failing. Even after discovering + grub-mkrescue was the culprit, there was no output to indicate why it was + failing. It turns out that grub-mkrescue is a thin wrapper around xorriso. + So if you do not have xorriso installed it will fail with an error message + about not being able to find xorriso. + + This change will allow grub-mkrescue output to be written to stderr, only + if grub-mkrescue fails. If grub-mkrescue succeeds, there will be no output + from grub-mkrescue so as not to interfere with the functioning of tests. + This change should have no effect on the running of tests or other uses of + grub-shell as it only modifies the error path. + + Also, if grub-mkrescue fails, the script exits early. Since grub-shell + needs the ISO image created by grub-mkresue to boot the QEMU instance, + a failure here should be considered fatal. + + Reviewed-by: Daniel Kiper + +2022-08-19 Ard Biesheuvel + + loader/arm64/linux: Remove magic number header field check + The "ARM\x64" magic number in the file header identifies an image as one + that implements the bare metal boot protocol, allowing the loader to + simply move the file to a suitably aligned address in memory, with + sufficient headroom for the trailing .bss segment (the required memory + size is described in the header as well). + + Note of this matters for GRUB, as it only supports EFI boot. EFI does + not care about this magic number, and nor should GRUB: this prevents us + from booting other PE linux images, such as the generic EFI zboot + decompressor, which is a pure PE/COFF image, and does not implement the + bare metal boot protocol. + + So drop the magic number check. + + Reviewed-by: Daniel Kiper + +2022-08-19 Darren Kenny + + util/grub-install-common: Confirm directory creation in grub_install_mkdir_p() + Because grub_util_mkdir() is implemented to not return a value on any + platform, grub_instal_mkdir_p() can test for success by confirming that + the directory requested exists after attempting to create it, otherwise + it should fail with an error and exit. + + While fixing this, a flaw in the logic was shown, where the first match + of the path separator, which almost always was the first character in + the path (e.g. /boot/grub2) would result in creating a directory with an + empty name (i.e. ""). To avoid that, it should skip the handling of the + path separator where p is pointing to the first character. + + Reviewed-by: Daniel Kiper + +2022-08-19 Darren Kenny + + util: Ignore return value for grub_util_mkdir() on all platforms + Coverity signaled 2 issues where the return value of grub_util_mkdir() + was not being tested. + + The Windows variant of this code defines the function as having no + return value (void), but the UNIX variants all are mapped using a macro + to the libc mkdir() function, which returns an int value. + + To be consistent, the mapping should cast to void to for these too. + + Fixes: CID 73583 + Fixes: CID 73617 + + Reviewed-by: Daniel Kiper + +2022-08-19 Glenn Washburn + + disk/cryptodisk: Support encrypted volumes using detached headers on a partition + Update the read hook to take into account encrypted volumes on a partition. + GRUB disk read hooks supply an absolute sector number at which the read is + started from. If the encrypted volume is in a partition, the sector number + given to the read hook will be offset by the number of the sector at the + start of the partition. The read hook then needs to subtract the partition + start from the supplied sector to get the correct start sector for the read + into the detached header file. + + Reported-by: brutser + Tested-by: brutser + Reviewed-by: Daniel Kiper + +2022-08-10 Glenn Washburn + + tests/util/grub-shell: Use shell variable instead of autoconf + By using shell variable that are set once by the expansion of an autoconf + variable, the resulting shell script is more easily moved and modified + from the build/install directory it was generated for. The resulting + script is more readable as well. + + Reviewed-by: Daniel Kiper + +2022-08-10 Stefan Agner + + Makefile: Make grub_fstest.pp depend on config-util.h + If you build with "make -j25", sometimes you see: + + /build/output_generic_x86_64/host/bin/x86_64-buildroot-linux-gnu-gcc -E -DHAVE_CONFIG_H -I. -I.. -Wall -W -DGRUB_UTIL=1 -D_FILE_OFFSET_BITS=64 -I./include -DGRUB_FILE=\"util/grub-fstest.c\" -I. -I.. -I. -I.. -I../include -I./include -I../grub-core/lib/libgcrypt-grub/src/ -I./grub-core/lib/gnulib -I../grub-core/lib/gnulib -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -fno-stack-protector -D_FILE_OFFSET_BITS=64 \ + -D'GRUB_MOD_INIT(x)=@MARKER@x@' ../util/grub-fstest.c ../grub-core/kern/emu/hostfs.c ../grub-core/disk/host.c ../grub-core/osdep/init.c > grub_fstest.pp || (rm -f grub_fstest.pp; exit 1) + config.status: creating config-util.h + ../grub-core/kern/emu/hostfs.c:20:10: fatal error: config-util.h: No such file or directory + 20 | #include + | ^~~~~~~~~~~~~~~ + compilation terminated. + + Reviewed-by: Daniel Kiper + +2022-08-10 Qiumiao Zhang + + util/grub-mkfont: Fix resource leaks + Reviewed-by: Daniel Kiper + +2022-08-10 Peter Jones + + kern/i386/tsc_pmtimer: Make pmtimer tsc calibration not take 51 seconds to fail + On my laptop running at 2.4GHz, if I run a VM where tsc calibration + using pmtimer will fail presuming a broken pmtimer, it takes ~51 seconds + to do so (as measured with the stopwatch on my phone), with a tsc delta + of 0x1cd1c85300, or around 125 billion cycles. + + If instead of trying to wait for 5-200ms to show up on the pmtimer, we + try to wait for 5-200us, it decides it's broken in ~0x2626aa0 TSCs, aka + ~2.4 million cycles, or more or less instantly. + + Additionally, this reading the pmtimer was returning 0xffffffff anyway, + and that's obviously an invalid return. I've added a check for that and + 0 so we don't bother waiting for the test if what we're seeing is dead + pins with no response at all. + + If "debug" includes "pmtimer", you will see one of the following three + outcomes. If pmtimer gives all 0 or all 1 bits, you will see: + + pmtimer: 0xffffff bad_reads: 1 + pmtimer: 0xffffff bad_reads: 2 + pmtimer: 0xffffff bad_reads: 3 + pmtimer: 0xffffff bad_reads: 4 + pmtimer: 0xffffff bad_reads: 5 + pmtimer: 0xffffff bad_reads: 6 + pmtimer: 0xffffff bad_reads: 7 + pmtimer: 0xffffff bad_reads: 8 + pmtimer: 0xffffff bad_reads: 9 + pmtimer: 0xffffff bad_reads: 10 + timer is broken; giving up. + + This outcome was tested using qemu+kvm with UEFI (OVMF) firmware and + these options: -machine pc-q35-2.10 -cpu Broadwell-noTSX + + If pmtimer gives any other bit patterns but is not actually marching + forward fast enough to use for clock calibration, you will see: + + pmtimer delta is 0x0 (1904 iterations) + tsc delta is implausible: 0x2626aa0 + + This outcome was tested using GRUB patched to not ignore bad reads using + qemu+kvm with UEFI (OVMF) firmware, and these options: + -machine pc-q35-2.10 -cpu Broadwell-noTSX + + If pmtimer actually works, you'll see something like: + + pmtimer delta is 0xdff + tsc delta is 0x278756 + + This outcome was tested using qemu+kvm with UEFI (OVMF) firmware, and + these options: -machine pc-i440fx-2.4 -cpu Broadwell-noTSX + + I've also tested this outcome on a real Intel Xeon E3-1275v3 on an Intel + Server Board S1200V3RPS using the SDV.RP.B8 "Release" build here: + https://www.intel.com/content/www/us/en/download/674448/firmware-update-for-the-intel-server-board-s1200rp-uefi-development-kit-release-vb8.html + + Reviewed-by: Daniel Kiper + +2022-08-10 Glenn Washburn + + disk/luks2: Continue trying all keyslots even if there are some failures + luks2_get_keyslot() can fail for a variety of reasons that do not necessarily + mean the next keyslot should not be tried (e.g. a new kdf type). So always + try the next slot. This will make GRUB more resilient to non-spec json data + that 3rd party systems may add. We do not care if some of the keyslots are + unusable, only if there is at least one that is. + + Reviewed-by: Daniel Kiper + +2022-08-10 Glenn Washburn + + efi: Add efitextmode command for getting/setting the text mode resolution + This command is meant to behave similarly to the "mode" command of the EFI + Shell application. In addition to allowing mode selection by giving the + number of columns and rows as arguments, the command allows specifying the + mode number to select the mode. Also supported are the arguments "min" and + "max", which set the mode to the minimum and maximum mode respectively as + calculated by the columns * rows of that mode. + + Reviewed-by: Daniel Kiper + +2022-07-27 Robbie Harwood + + fs/fat: Don't error when mtime is 0 + In the wild, we occasionally see valid ESPs where some file modification + times are 0. For instance: + + ├── [Dec 31 1979] EFI + │ ├── [Dec 31 1979] BOOT + │ │ ├── [Dec 31 1979] BOOTX64.EFI + │ │ └── [Dec 31 1979] fbx64.efi + │ └── [Jun 27 02:41] fedora + │ ├── [Dec 31 1979] BOOTX64.CSV + │ ├── [Dec 31 1979] fonts + │ ├── [Mar 14 03:35] fw + │ │ ├── [Mar 14 03:35] fwupd-359c1169-abd6-4a0d-8bce-e4d4713335c1.cap + │ │ ├── [Mar 14 03:34] fwupd-9d255c4b-2d88-4861-860d-7ee52ade9463.cap + │ │ └── [Mar 14 03:34] fwupd-b36438d8-9128-49d2-b280-487be02d948b.cap + │ ├── [Dec 31 1979] fwupdx64.efi + │ ├── [May 10 10:47] grub.cfg + │ ├── [Jun 3 12:38] grub.cfg.new.new + │ ├── [May 10 10:41] grub.cfg.old + │ ├── [Jun 27 02:41] grubenv + │ ├── [Dec 31 1979] grubx64.efi + │ ├── [Dec 31 1979] mmx64.efi + │ ├── [Dec 31 1979] shim.efi + │ ├── [Dec 31 1979] shimx64.efi + │ └── [Dec 31 1979] shimx64-fedora.efi + └── [Dec 31 1979] FSCK0000.REC + + 5 directories, 17 files + + This causes grub-probe failure, which in turn causes grub-mkconfig + failure. They are valid filesystems that appear intact, and the Linux + FAT stack is able to mount and manipulate them without complaint. + + The check for mtime of 0 has been present since + 20def1a3c3952982395cd7c3ea7e78638527962b (fat: support file + modification times). + + Reviewed-by: Daniel Kiper + +2022-07-27 Robbie Harwood + + kern/fs: The grub_fs_probe() should dprint errors from filesystems + When filesystem detection fails, all that's currently debug-logged is + a series of messages like: + + grub-core/kern/fs.c:56:fs: Detecting ntfs... + grub-core/kern/fs.c:76:fs: ntfs detection failed. + + repeated for each filesystem. Any messages provided to grub_error() by + the filesystem are lost, and one has to break out gdb to figure out what + went wrong. + + With this change, one instead sees: + + grub-core/kern/fs.c:56:fs: Detecting fat... + grub-core/osdep/hostdisk.c:357:hostdisk: reusing open device + `/path/to/device' + grub-core/kern/fs.c:77:fs: error: invalid modification timestamp for /. + grub-core/kern/fs.c:79:fs: fat detection failed. + + in the debug prints. + + Reviewed-by: Daniel Kiper + +2022-07-27 Robbie Harwood + + util/grub-probe: Document the behavior of multiple -v + Reviewed-by: Daniel Kiper + +2022-07-27 Ross Philipson + + lib/relocator: Initialize local relocator subchunk struct to all zeros + The way the code is written the tofree variable would never be passed to + the free_subchunk() function uninitialized. Coverity cannot determine + this and flags the situation as "Using uninitialized value...". The fix + is just to initialize the local struct. + + Fixes: CID 314016 + + Reviewed-by: Darren Kenny + Tested-by: Alec Brown + Reviewed-by: Daniel Kiper + +2022-07-27 Lu Ken + + efi/tpm: Add EFI_CC_MEASUREMENT_PROTOCOL support + The EFI_CC_MEASUREMENT_PROTOCOL abstracts the measurement for virtual firmware + in confidential computing environment. It is similar to the EFI_TCG2_PROTOCOL. + It was proposed by Intel and ARM and approved by UEFI organization. + + It is defined in Intel GHCI specification: https://cdrdv2.intel.com/v1/dl/getContent/726790 . + The EDKII header file is available at https://github.com/tianocore/edk2/blob/master/MdePkg/Include/Protocol/CcMeasurement.h . + + Reviewed-by: Daniel Kiper + +2022-07-27 Lu Ken + + commands/efi/tpm: Use grub_strcpy() instead of grub_memcpy() + The event description is a string, so using grub_strcpy() is cleaner than + using grub_memcpy(). + + Reviewed-by: Daniel Kiper + +2022-07-27 Lu Ken + + commands/efi/tpm: Refine the status of log event + 1. Use macro GRUB_ERR_NONE instead of hard code 0. + 2. Keep lowercase of the first char for the status string of log event. + + Reviewed-by: Daniel Kiper + +2022-07-12 Nicholas Vinson + + configure: Warn if stack protector is not allowed + Introduce ERROR_PLATFORM_NOT_SUPPORT_SSP environment variable to treat + the "--enable-stack-protector is only supported on EFI platforms" message + as a warning instead of an error. If ERROR_PLATFORM_NOT_SUPPORT_SSP is + set to "no" (case-insensitive), then the message will be printed as + a warning. Otherwise, it prints as an error. The default behavior is to + print the message as an error. + + For any wrapper build script that has some variation of: + + for p in SELECTED_GRUB_PLATFORMS; do \ + configure --enable-stack-protector \ + --with-platform${P} ... || die; \ + done + make + + The GRUB will fail to build if SELECTED_GRUB_PLATFORMS contains a platform + that does not support SSP. + + Such wrapper scripts need to work-around this issue by modifying the + above for-loop, so it conditionally passes --enable-stack-protector to + configure for the proper GRUB platform(s). + + However, if the above example is modified to have to conditionally pass + in --enable-stack-protector, its behavior is effectively the same as the + proposed change. Additionally, The list of SSP supported platforms is + now in 2 places. One in the configure script and one in the build wrapper + script. If the second list is not properly maintained it could mistakenly + disable SSP for a platform that later gained support for it. + + Reviewed-by: Daniel Kiper + +2022-07-12 Darren Kenny + + util/grub-mkfont: Fix tainted loop boundary issues with substitutions + With gsub substitutions the offsets should be validated against the + number of glyphs in a font face and the memory allocated for the gsub + substitution data. + + Both the number of glyphs and the last address in the allocated data are + passed in to process_cursive(), where the number of glyphs validates the end + of the range. + + Enabling memory allocation validation uses two macros, one to simply check the + address against the allocated space, and the other to check that the number of + items of a given size doesn't extend outside of the allocated space. + + Fixes: CID 73770 + Fixes: CID 314040 + + Reviewed-by: Daniel Kiper + +2022-07-12 Glenn Washburn + + efi: Add missing header from include/grub/efi/console_control.h + Reviewed-by: Daniel Kiper + +2022-07-04 Glenn Washburn + + disk: Replace code that calculates the log of sector size with grub_log2ull() + Reviewed-by: Daniel Kiper + +2022-07-04 Mathieu Desnoyers + + templates: Remove unused version comparison functions + There are no users left of version_find_latest(), version_test_gt(), and + version_test_numeric(). Remove those unused helper functions. Using + those helper functions is what caused the quadratic sorting performance + issues in the first place, so removing them is a net win. + + Reviewed-by: Robbie Harwood + Reviewed-by: Daniel Kiper + +2022-07-04 Mathieu Desnoyers + + templates/kfreebsd: Fix quadratic algorithm for sorting menu items + The current implementation of the 10_kfreebsd script implements its menu + items sorting in bash with a quadratic algorithm, calling "sed", "sort", + "head", and "grep" to compare versions between individual lines, which + is annoyingly slow for kernel developers who can easily end up with + 50-100 kernels in their boot partition. + + This fix is ported from the 10_linux script, which has a similar + quadratic code pattern. + + Cc: debian-bsd@lists.debian.org + Reviewed-by: Daniel Kiper + +2022-07-04 Mathieu Desnoyers + + templates/hurd: Fix quadratic algorithm for sorting menu items + The current implementation of the 10_hurd script implements its menu + items sorting in bash with a quadratic algorithm, calling "sed", "sort", + "head", and "grep" to compare versions between individual lines, which + is annoyingly slow for kernel developers who can easily end up with + 50-100 kernels in their boot partition. + + This fix is ported from the 10_linux script, which has a similar + quadratic code pattern. + + Cc: Samuel Thibault + Tested-by: Samuel Thibault + Reviewed-by: Daniel Kiper + +2022-07-04 Mathieu Desnoyers + + templates/linux_xen: Fix quadratic algorithm for sorting menu items + The current implementation of the 20_linux_xen script implements its + menu items sorting in bash with a quadratic algorithm, calling "sed", + "sort", "head", and "grep" to compare versions between individual lines, + which is annoyingly slow for kernel developers who can easily end up + with 50-100 kernels in their boot partition. + + This fix is ported from the 10_linux script, which has a similar + quadratic code pattern. + + Cc: xen-devel@lists.xenproject.org + Tested-by: Jason Andryuk + Reviewed-by: Daniel Kiper + +2022-07-04 Mathieu Desnoyers + + templates/linux: Fix quadratic algorithm for sorting menu items + The current implementation of the 10_linux script implements its menu + items sorting in bash with a quadratic algorithm, calling "sed", "sort", + "head", and "grep" to compare versions between individual lines, which + is annoyingly slow for kernel developers who can easily end up with + 50-100 kernels in /boot. + + As an example, on a Intel(R) Core(TM) i7-8650U CPU @ 1.90GHz, running: + + /usr/sbin/grub-mkconfig > /dev/null + + With 44 kernels in /boot, this command takes 10-15 seconds to complete. + After this fix, the same command runs in 5 seconds. + + With 116 kernels in /boot, this command takes 40 seconds to complete. + After this fix, the same command runs in 8 seconds. + + For reference, the quadratic algorithm here is: + + while [ "x$list" != "x" ] ; do <--- outer loop + linux=`version_find_latest $list` + version_find_latest() + for i in "$@" ; do <--- inner loop + version_test_gt() + fork+exec sed + version_test_numeric() + version_sort + fork+exec sort + fork+exec head -n 1 + fork+exec grep + list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` + tr + fgrep + tr + + So all commands executed under version_test_gt() are executed + O(n^2) times where n is the number of kernel images in /boot. + + Here is the improved algorithm proposed: + - Prepare a list with all the relevant information for ordering by a single + sort(1) execution. This is done by renaming ".old" suffixes by " 1" and + by suffixing all other files with " 2", thus making sure the ".old" entries + will follow the non-old entries in reverse-sorted-order. + - Call version_reverse_sort on the list (sort -r -V): A single execution of + sort(1). For instance, GNU coreutils' sort will reverse-sort the list in + O(n*log(n)) with a merge sort. + - Replace the " 1" suffixes by ".old", and remove the " 2" suffixes. + - Iterate on the reverse-sorted list to output each menu entry item. + + Therefore, the algorithm proposed has O(n*log(n)) complexity with GNU + coreutils' sort compared to the prior O(n^2) complexity. Moreover, the + constant time required for each list entry is much less because sorting + is done within a single execution of sort(1) rather than requiring + O(n^2) executions of sed(1), sort(1), head(1), and grep(1) in + sub-shells. + + Reviewed-by: Robbie Harwood + Reviewed-by: Daniel Kiper + +2022-07-04 Glenn Washburn + + docs: Add documentation on detached header option to cryptomount + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2022-07-04 Glenn Washburn + + cryptodisk: Add support for using detached header files + Using the disk read hook mechanism, setup a read hook on the source disk + which will read from the given header file during the scan and recovery + cryptodisk backend functions. Disk read hooks are executed after the data + has been read from the disk. This is okay, because the read hook is given + the read buffer before its sent back to the caller. In this case, the hook + can then overwrite the data read from the disk device with data from the + header file sent in as the read hook data. This is transparent to the + read caller. Since the callers of this function have just opened the + source disk, there are no current read hooks, so there's no need to + save/restore them nor consider if they should be called or not. + + This hook assumes that the header is at the start of the volume, which + is not the case for some formats (e.g. GELI). So GELI will return an + error if a detached header is specified. It also can only be used + with formats where the detached header file can be written to the + first blocks of the volume and the volume could still be unlocked. + So the header file can not be formatted differently from the on-disk + header. If these assumpts are not met, detached header file processing + must be specially handled in the cryptodisk backend module. + + The hook will be called potentially many times by a backend. This is fine + because of the assumptions mentioned and the read hook reads from absolute + offsets and is stateless. + + Also add a --header (short -H) option to cryptomount which takes a file + argument. + + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2022-07-04 Glenn Washburn + + disk: Allow read hook callback to take read buffer to potentially modify it + It will be desirable in the future to allow having the read hook modify the + data passed back from a read function call on a disk or file. This adds that + infrastructure and has no impact on code flow for existing uses of the read + hook. Also changed is that now when the read hook callback is called it can + also indicate what error code should be sent back to the read caller. + + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2022-07-04 Glenn Washburn + + docs: Document undocumented variables + Document the variables net__clientid, net__clientuuid, + lockdown, and shim_lock in the list of special environment variables. + + Reviewed-by: Daniel Kiper + +2022-07-04 Patrick Steinhardt + + kern/efi/mm: Implement runtime addition of pages + Adjust the interface of grub_efi_mm_add_regions() to take a set of + GRUB_MM_ADD_REGION_* flags, which most notably is currently only the + GRUB_MM_ADD_REGION_CONSECUTIVE flag. This allows us to set the function + up as callback for the memory subsystem and have it call out to us in + case there's not enough pages available in the current heap. + + Reviewed-by: Daniel Kiper + Tested-by: Patrick Steinhardt + +2022-07-04 Patrick Steinhardt + + kern/efi/mm: Pass up errors from add_memory_regions() + The function add_memory_regions() is currently only called on system + initialization to allocate a fixed amount of pages. As such, it didn't + need to return any errors: in case it failed, we cannot proceed anyway. + This will change with the upcoming support for requesting more memory + from the firmware at runtime, where it doesn't make sense anymore to + fail hard. + + Refactor the function to return an error to prepare for this. Note that + this does not change the behaviour when initializing the memory system + because grub_efi_mm_init() knows to call grub_fatal() in case + grub_efi_mm_add_regions() returns an error. + + Reviewed-by: Daniel Kiper + Tested-by: Patrick Steinhardt + +2022-07-04 Patrick Steinhardt + + kern/efi/mm: Extract function to add memory regions + In preparation of support for runtime-allocating additional memory + region, this patch extracts the function to retrieve the EFI memory + map and add a subset of it to GRUB's own memory regions. + + Reviewed-by: Daniel Kiper + Tested-by: Patrick Steinhardt + +2022-07-04 Patrick Steinhardt + + kern/efi/mm: Always request a fixed number of pages on init + When initializing the EFI memory subsystem, we will by default request + a quarter of the available memory, bounded by a minimum/maximum value. + Given that we're about to extend the EFI memory system to dynamically + request additional pages from the firmware as required, this scaling of + requested memory based on available memory will not make a lot of sense + anymore. + + Remove this logic as a preparatory patch such that we'll instead defer + to the runtime memory allocator. Note that ideally, we'd want to change + this after dynamic requesting of pages has been implemented for the EFI + platform. But because we'll need to split up initialization of the + memory subsystem and the request of pages from the firmware, we'd have + to duplicate quite some logic at first only to remove it afterwards + again. This seems quite pointless, so we instead have patches slightly + out of order. + + Reviewed-by: Daniel Kiper + Tested-by: Patrick Steinhardt + +2022-07-04 Patrick Steinhardt + + mm: Allow dynamically requesting additional memory regions + Currently, all platforms will set up their heap on initialization of the + platform code. While this works mostly fine, it poses some limitations + on memory management on us. Most notably, allocating big chunks of + memory in the gigabyte range would require us to pre-request this many + bytes from the firmware and add it to the heap from the beginning on + some platforms like EFI. As this isn't needed for most configurations, + it is inefficient and may even negatively impact some usecases when, + e.g., chainloading. Nonetheless, allocating big chunks of memory is + required sometimes, where one example is the upcoming support for the + Argon2 key derival function in LUKS2. + + In order to avoid pre-allocating big chunks of memory, this commit + implements a runtime mechanism to add more pages to the system. When + a given allocation cannot be currently satisfied, we'll call a given + callback set up by the platform's own memory management subsystem, + asking it to add a memory area with at least "n" bytes. If this + succeeds, we retry searching for a valid memory region, which should + now succeed. + + If this fails, we try asking for "n" bytes, possibly spread across + multiple regions, in hopes that region merging means that we end up + with enough memory for things to work out. + + Tested-by: Stefan Berger + Reviewed-by: Daniel Kiper + Tested-by: Patrick Steinhardt + +2022-07-04 Patrick Steinhardt + + mm: Drop unused unloading of modules on OOM + In grub_memalign(), there's a commented section which would allow for + unloading of unneeded modules in case where there is not enough free + memory available to satisfy a request. Given that this code is never + compiled in, let's remove it together with grub_dl_unload_unneeded(). + + Reviewed-by: Daniel Kiper + Tested-by: Patrick Steinhardt + +2022-07-04 Daniel Axtens + + mm: Debug support for region operations + This is handy for debugging. Enable with "set debug=regions". + + Reviewed-by: Daniel Kiper + Tested-by: Patrick Steinhardt + +2022-07-04 Daniel Axtens + + mm: When adding a region, merge with region after as well as before + On x86_64-efi (at least) regions seem to be added from top down. The mm + code will merge a new region with an existing region that comes + immediately before the new region. This allows larger allocations to be + satisfied that would otherwise be the case. + + On powerpc-ieee1275, however, regions are added from bottom up. So if + we add 3x 32MB regions, we can still only satisfy a 32MB allocation, + rather than the 96MB allocation we might otherwise be able to satisfy. + + * Define 'post_size' as being bytes lost to the end of an allocation + due to being given weird sizes from firmware that are not multiples + of GRUB_MM_ALIGN. + + * Allow merging of regions immediately _after_ existing regions, not + just before. As with the other approach, we create an allocated + block to represent the new space and the pass it to grub_free() to + get the metadata right. + + Tested-by: Stefan Berger + Reviewed-by: Daniel Kiper + Tested-by: Patrick Steinhardt + +2022-06-29 Daniel Axtens + + mm: Assert that we preserve header vs region alignment + grub_mm_region_init() does: + + h = (grub_mm_header_t) (r + 1); + + where h is a grub_mm_header_t and r is a grub_mm_region_t. + + Cells are supposed to be GRUB_MM_ALIGN aligned, but while grub_mm_dump + ensures this vs the region header, grub_mm_region_init() does not. + + It's better to be explicit than implicit here: rather than changing + grub_mm_region_init() to ALIGN_UP(), require that the struct is + explicitly a multiple of the header size. + + Reviewed-by: Daniel Kiper + Tested-by: Patrick Steinhardt + +2022-06-28 Daniel Axtens + + tests: Only pass SeaBIOS fw_opt for x86 non-EFI platforms + This breaks the tests on pseries - just restrict it to x86 platforms + that don't specify an EFI. + + Reviewed-by: Daniel Kiper + +2022-06-07 Darren Kenny + + fs/btrfs: Fix more fuzz issues related to chunks + The corpus was generating issues in grub_btrfs_read_logical() when + attempting to iterate over stripe entries in the superblock's + bootmapping. + + In most cases the reason for the failure was that the number of stripes + in chunk->nstripes exceeded the possible space statically allocated in + superblock bootmapping space. Each stripe entry in the bootmapping block + consists of a grub_btrfs_key followed by a grub_btrfs_chunk_stripe. + + Another issue that came up was that while calculating the chunk size, + in an earlier piece of code in that function, depending on the data + provided in the btrfs file system, it would end up calculating a size + that was too small to contain even 1 grub_btrfs_chunk_item, which is + obviously invalid too. + + Reviewed-by: Daniel Kiper + +2022-06-07 Darren Kenny + + fs/btrfs: Fix more ASAN and SEGV issues found with fuzzing + The fuzzer is generating btrfs file systems that have chunks with + invalid combinations of stripes and substripes for the given RAID + configurations. + + After examining the Linux kernel fs/btrfs/tree-checker.c code, it + appears that sub-stripes should only be applied to RAID10, and in that + case there should only ever be 2 of them. + + Similarly, RAID single should only have 1 stripe, and RAID1/1C3/1C4 + should have 2. 3 or 4 stripes respectively, which is what redundancy + corresponds. + + Some of the chunks ended up with a size of 0, which grub_malloc() still + returned memory for and in turn generated ASAN errors later when + accessed. + + While it would be possible to specifically limit the number of stripes, + a more correct test was on the combination of the chunk item, and the + number of stripes by the size of the chunk stripe structure in + comparison to the size of the chunk itself. + + Reviewed-by: Daniel Kiper + +2022-06-07 Darren Kenny + + fs/btrfs: Fix several fuzz issues with invalid dir item sizing + According to the btrfs code in Linux, the structure of a directory item + leaf should be of the form: + + |struct btrfs_dir_item|name|data| + + in GRUB the name len and data len are in the grub_btrfs_dir_item + structure's n and m fields respectively. + + The combined size of the structure, name and data should be less than + the allocated memory, a difference to the Linux kernel's struct + btrfs_dir_item is that the grub_btrfs_dir_item has an extra field for + where the name is stored, so we adjust for that too. + + Reviewed-by: Daniel Kiper + +2022-06-07 Sudhakar Kuppusamy + + fs/f2fs: Do not copy file names that are too long + A corrupt f2fs file system might specify a name length which is greater + than the maximum name length supported by the GRUB f2fs driver. + + We will allocate enough memory to store the overly long name, but there + are only F2FS_NAME_LEN bytes in the source, so we would read past the end + of the source. + + While checking directory entries, do not copy a file name with an invalid + length. + + Reviewed-by: Daniel Kiper + +2022-06-07 Sudhakar Kuppusamy + + fs/f2fs: Do not read past the end of nat bitmap + A corrupt f2fs filesystem could have a block offset or a bitmap + offset that would cause us to read beyond the bounds of the nat + bitmap. + + Introduce the nat_bitmap_size member in grub_f2fs_data which holds + the size of nat bitmap. + + Set the size when loading the nat bitmap in nat_bitmap_ptr(), and + catch when an invalid offset would create a pointer past the end of + the allocated space. + + Check against the bitmap size in grub_f2fs_test_bit() test bit to avoid + reading past the end of the nat bitmap. + + Reviewed-by: Daniel Kiper + +2022-06-07 Sudhakar Kuppusamy + + fs/f2fs: Do not read past the end of nat journal entries + A corrupt f2fs file system could specify a nat journal entry count + that is beyond the maximum NAT_JOURNAL_ENTRIES. + + Check if the specified nat journal entry count before accessing the + array, and throw an error if it is too large. + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + net/http: Error out on headers with LF without CR + In a similar vein to the previous patch, parse_line() would write + a NUL byte past the end of the buffer if there was an HTTP header + with a LF rather than a CRLF. + + RFC-2616 says: + + Many HTTP/1.1 header field values consist of words separated by LWS + or special characters. These special characters MUST be in a quoted + string to be used within a parameter value (as defined in section 3.6). + + We don't support quoted sections or continuation lines, etc. + + If we see an LF that's not part of a CRLF, bail out. + + Fixes: CVE-2022-28734 + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + net/http: Fix OOB write for split http headers + GRUB has special code for handling an http header that is split + across two packets. + + The code tracks the end of line by looking for a "\n" byte. The + code for split headers has always advanced the pointer just past the + end of the line, whereas the code that handles unsplit headers does + not advance the pointer. This extra advance causes the length to be + one greater, which breaks an assumption in parse_line(), leading to + it writing a NUL byte one byte past the end of the buffer where we + reconstruct the line from the two packets. + + It's conceivable that an attacker controlled set of packets could + cause this to zero out the first byte of the "next" pointer of the + grub_mm_region structure following the current_line buffer. + + Do not advance the pointer in the split header case. + + Fixes: CVE-2022-28734 + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + net/http: Do not tear down socket if it's already been torn down + It's possible for data->sock to get torn down in tcp error handling. + If we unconditionally tear it down again we will end up doing writes + to an offset of the NULL pointer when we go to tear it down again. + + Detect if it has been torn down and don't do it again. + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + net/tftp: Avoid a trivial UAF + Under tftp errors, we print a tftp error message from the tftp header. + However, the tftph pointer is a pointer inside nb, the netbuff. Previously, + we were freeing the nb and then dereferencing it. Don't do that, use it + and then free it later. + + This isn't really _bad_ per se, especially as we're single-threaded, but + it trips up fuzzers. + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + net/tftp: Prevent a UAF and double-free from a failed seek + A malicious tftp server can cause UAFs and a double free. + + An attempt to read from a network file is handled by grub_net_fs_read(). If + the read is at an offset other than the current offset, grub_net_seek_real() + is invoked. + + In grub_net_seek_real(), if a backwards seek cannot be satisfied from the + currently received packets, and the underlying transport does not provide + a seek method, then grub_net_seek_real() will close and reopen the network + protocol layer. + + For tftp, the ->close() call goes to tftp_close() and frees the tftp_data_t + file->data. The file->data pointer is not nulled out after the free. + + If the ->open() call fails, the file->data will not be reallocated and will + continue point to a freed memory block. This could happen from a server + refusing to send the requisite ack to the new tftp request, for example. + + The seek and the read will then fail, but the grub_file continues to exist: + the failed seek does not necessarily cause the entire file to be thrown + away (e.g. where the file is checked to see if it is gzipped/lzio/xz/etc., + a read failure is interpreted as a decompressor passing on the file, not as + an invalidation of the entire grub_file_t structure). + + This means subsequent attempts to read or seek the file will use the old + file->data after free. Eventually, the file will be close()d again and + file->data will be freed again. + + Mark a net_fs file that doesn't reopen as broken. Do not permit read() or + close() on a broken file (seek is not exposed directly to the file API - + it is only called as part of read, so this blocks seeks as well). + + As an additional defence, null out the ->data pointer if tftp_open() fails. + That would have lead to a simple null pointer dereference rather than + a mess of UAFs. + + This may affect other protocols, I haven't checked. + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + net/dns: Don't read past the end of the string we're checking against + I don't really understand what's going on here but fuzzing found + a bug where we read past the end of check_with. That's a C string, + so use grub_strlen() to make sure we don't overread it. + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + net/dns: Fix double-free addresses on corrupt DNS response + grub_net_dns_lookup() takes as inputs a pointer to an array of addresses + ("addresses") for the given name, and pointer to a number of addresses + ("naddresses"). grub_net_dns_lookup() is responsible for allocating + "addresses", and the caller is responsible for freeing it if + "naddresses" > 0. + + The DNS recv_hook will sometimes set and free the addresses array, + for example if the packet is too short: + + if (ptr + 10 >= nb->tail) + { + if (!*data->naddresses) + grub_free (*data->addresses); + grub_netbuff_free (nb); + return GRUB_ERR_NONE; + } + + Later on the nslookup command code unconditionally frees the "addresses" + array. Normally this is fine: the array is either populated with valid + data or is NULL. But in these sorts of error cases it is neither NULL + nor valid and we get a double-free. + + Only free "addresses" if "naddresses" > 0. + + It looks like the other use of grub_net_dns_lookup() is not affected. + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + net/netbuff: Block overly large netbuff allocs + A netbuff shouldn't be too huge. It's bounded by MTU and TCP segment + reassembly. If we are asked to create one that is unreasonably big, refuse. + + This is a hardening measure: if we hit this code, there's a bug somewhere + else that we should catch and fix. + + This commit: + - stops the bug propagating any further. + - provides a spot to instrument in e.g. fuzzing to try to catch these bugs. + + I have put instrumentation (e.g. __builtin_trap() to force a crash) here and + have not been able to find any more crashes. + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + net/ip: Do IP fragment maths safely + We can receive packets with invalid IP fragmentation information. This + can lead to rsm->total_len underflowing and becoming very large. + + Then, in grub_netbuff_alloc(), we add to this very large number, which can + cause it to overflow and wrap back around to a small positive number. + The allocation then succeeds, but the resulting buffer is too small and + subsequent operations can write past the end of the buffer. + + Catch the underflow here. + + Fixes: CVE-2022-28733 + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + normal/charset: Fix array out-of-bounds formatting unicode for display + In some cases attempting to display arbitrary binary strings leads + to ASAN splats reading the widthspec array out of bounds. + + Check the index. If it would be out of bounds, return a width of 1. + I don't know if that's strictly correct, but we're not really expecting + great display of arbitrary binary data, and it's certainly not worse than + an OOB read. + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + video/readers/jpeg: Block int underflow -> wild pointer write + Certain 1 px wide images caused a wild pointer write in + grub_jpeg_ycrcb_to_rgb(). This was caused because in grub_jpeg_decode_data(), + we have the following loop: + + for (; data->r1 < nr1 && (!data->dri || rst); + data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3) + + We did not check if vb * width >= hb * nc1. + + On a 64-bit platform, if that turns out to be negative, it will underflow, + be interpreted as unsigned 64-bit, then be added to the 64-bit pointer, so + we see data->bitmap_ptr jump, e.g.: + + 0x6180_0000_0480 to + 0x6181_0000_0498 + ^ + ~--- carry has occurred and this pointer is now far away from + any object. + + On a 32-bit platform, it will decrement the pointer, creating a pointer + that won't crash but will overwrite random data. + + Catch the underflow and error out. + + Fixes: CVE-2021-3697 + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + video/readers/jpeg: Refuse to handle multiple start of streams + An invalid file could contain multiple start of stream blocks, which + would cause us to reallocate and leak our bitmap. Refuse to handle + multiple start of streams. + + Additionally, fix a grub_error() call formatting. + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + video/readers/jpeg: Do not reallocate a given huff table + Fix a memory leak where an invalid file could cause us to reallocate + memory for a huffman table we had already allocated memory for. + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + video/readers/jpeg: Abort sooner if a read operation fails + Fuzzing revealed some inputs that were taking a long time, potentially + forever, because they did not bail quickly upon encountering an I/O error. + + Try to catch I/O errors sooner and bail out. + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + video/readers/png: Sanity check some huffman codes + ASAN picked up two OOB global reads: we weren't checking if some code + values fit within the cplens or cpdext arrays. Check and throw an error + if not. + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + video/readers/png: Avoid heap OOB R/W inserting huff table items + In fuzzing we observed crashes where a code would attempt to be inserted + into a huffman table before the start, leading to a set of heap OOB reads + and writes as table entries with negative indices were shifted around and + the new code written in. + + Catch the case where we would underflow the array and bail. + + Fixes: CVE-2021-3696 + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + video/readers/png: Drop greyscale support to fix heap out-of-bounds write + A 16-bit greyscale PNG without alpha is processed in the following loop: + + for (i = 0; i < (data->image_width * data->image_height); + i++, d1 += 4, d2 += 2) + { + d1[R3] = d2[1]; + d1[G3] = d2[1]; + d1[B3] = d2[1]; + } + + The increment of d1 is wrong. d1 is incremented by 4 bytes per iteration, + but there are only 3 bytes allocated for storage. This means that image + data will overwrite somewhat-attacker-controlled parts of memory - 3 bytes + out of every 4 following the end of the image. + + This has existed since greyscale support was added in 2013 in commit + 3ccf16dff98f (grub-core/video/readers/png.c: Support grayscale). + + Saving starfield.png as a 16-bit greyscale image without alpha in the gimp + and attempting to load it causes grub-emu to crash - I don't think this code + has ever worked. + + Delete all PNG greyscale support. + + Fixes: CVE-2021-3695 + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + video/readers/png: Refuse to handle multiple image headers + This causes the bitmap to be leaked. Do not permit multiple image headers. + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + video/readers/png: Abort sooner if a read operation fails + Fuzzing revealed some inputs that were taking a long time, potentially + forever, because they did not bail quickly upon encountering an I/O error. + + Try to catch I/O errors sooner and bail out. + + Reviewed-by: Daniel Kiper + +2022-06-07 Daniel Axtens + + kern/file: Do not leak device_name on error in grub_file_open() + If we have an error in grub_file_open() before we free device_name, we + will leak it. + + Free device_name in the error path and null out the pointer in the good + path once we free it there. + + Reviewed-by: Daniel Kiper + +2022-06-07 Julian Andres Klode + + kern/efi/sb: Reject non-kernel files in the shim_lock verifier + We must not allow other verifiers to pass things like the GRUB modules. + Instead of maintaining a blocklist, maintain an allowlist of things + that we do not care about. + + This allowlist really should be made reusable, and shared by the + lockdown verifier, but this is the minimal patch addressing + security concerns where the TPM verifier was able to mark modules + as verified (or the OpenPGP verifier for that matter), when it + should not do so on shim-powered secure boot systems. + + Fixes: CVE-2022-28735 + + Reviewed-by: Daniel Kiper + +2022-06-07 Chris Coulson + + loader/efi/chainloader: Use grub_loader_set_ex() + This ports the EFI chainloader to use grub_loader_set_ex() in order to fix + a use-after-free bug that occurs when grub_cmd_chainloader() is executed + more than once before a boot attempt is performed. + + Fixes: CVE-2022-28736 + + Reviewed-by: Daniel Kiper + +2022-06-07 Chris Coulson + + commands/boot: Add API to pass context to loader + Loaders rely on global variables for saving context which is consumed + in the boot hook and freed in the unload hook. In the case where a loader + command is executed twice, calling grub_loader_set() a second time executes + the unload hook, but in some cases this runs when the loader's global + context has already been updated, resulting in the updated context being + freed and potential use-after-free bugs when the boot hook is subsequently + called. + + This adds a new API, grub_loader_set_ex(), which allows a loader to specify + context that is passed to its boot and unload hooks. This is an alternative + to requiring that loaders call grub_loader_unset() before mutating their + global context. + + Reviewed-by: Daniel Kiper + +2022-06-07 Chris Coulson + + loader/efi/chainloader: Simplify the loader state + The chainloader command retains the source buffer and device path passed + to LoadImage(), requiring the unload hook passed to grub_loader_set() to + free them. It isn't required to retain this state though - they aren't + required by StartImage() or anything else in the boot hook, so clean them + up before grub_cmd_chainloader() finishes. + + Reviewed-by: Daniel Kiper + +2022-06-07 Jagannathan Raman + + fs/zfs/zfs: zfs_mount() - avoid pointer downcasting + Coverity reports that while loopis in the following functions uses + tainted data as boundary: + zfs_mount() -> check_mos_features() -> dnode_get() -> zfs_log2() + zfs_mount() -> grub_memmove() + + The defect type is "Untrusted loop bound" caused as a result of + "tainted_data_downcast". Coverity does not like the pointer downcast + here and we need to address it. + + We believe Coverity flags pointer downcast for the following two + reasons: + 1. External data: The pointer downcast could indicate that the source is + external data, which we need to further sanitize - such as verifying its + limits. In this case, the data is read from an external source, which is + a disk. But, zio_read(), which reads the data from the disk, sanitizes it + using a checksum. checksum is the best facility that ZFS offers to verify + external data, and we don't believe a better way exists. Therefore, no + further action is possible for this. + + 2. Corruption due to alignment: downcasting a pointer from a strict type + to less strict type could result in data corruption. For example, the + following cast would corrupt because uint32_t is 4-byte aligned, and + won't be able to point to 0x1003 which is not 4-byte aligned. + uint8_t *ptr = 0x1003; + uint32_t *word = ptr; (incorrect, alignment issues) + + This patch converts the "osp" pointer in zfs_mount() from a "void" type + to "objset_phys_t" type to address this issue. + + We are not sure if there are any other reasons why Coverity flags the + downcast. However, the fix for alignment issue masks/suppresses any + other issues from showing up. + + Fixes: CID 314023 + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-06-07 Jagannathan Raman + + fs/zfs/zfs: make_mdn() - avoid pointer downcasting + Coverity reports that the while loop in the following function uses + tainted data as boundary: + fill_fs_info() -> dnode_get() -> zfs_log2() + + The tainted originated from: + fill_fs_info() -> make_mdn() + + The defect type is "Untrusted loop bound" caused as a result of + "tainted_data_downcast". Coverity does not like the pointer downcast + here and we need to address it. + + We believe Coverity flags pointer downcast for the following two + reasons: + 1. External data: The pointer downcast could indicate that the source is + external data, which we need to further sanitize - such as verifying its + limits. In this case, the data is read from an external source, which is + a disk. But, zio_read(), which reads the data from the disk, sanitizes it + using a checksum. checksum is the best facility that ZFS offers to verify + external data, and we don't believe a better way exists. Therefore, no + further action is possible for this. + + 2. Corruption due to alignment: downcasting a pointer from a strict type + to less strict type could result in data corruption. For example, the + following cast would corrupt because uint32_t is 4-byte aligned, and + won't be able to point to 0x1003 which is not 4-byte aligned. + uint8_t *ptr = 0x1003; + uint32_t *word = ptr; (incorrect, alignment issues) + + This patch converts the "osp" pointer in make_mdn() from a "void" type + to "objset_phys_t" type to address the issue. + + We are not sure if there are any other reasons why Coverity flags the + downcast. However, the fix for alignment issue masks/suppresses any + other issues from showing up. + + Fixes: CID 314020 + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-06-07 Alec Brown + + util/grub-module-verifierXX: Add e_shoff check in get_shdr() + In util/grub-module-verifierXX.c, the function get_shdr() is used to obtain the + section header at a given index but isn't checking that there is an offset for + the section header table. To validate that there is, we can check that e_shoff + isn't 0. + + Reviewed-by: Daniel Kiper + Reviewed-by: Darren Kenny + +2022-06-07 Alec Brown + + grub-core/loader/i386/bsdXX: Avoid downcasting (char *) to (Elf_Shdr *) + In bsdXX.c, a couple of untrusted loop bound and untrusted allocation size bugs + were flagged by Coverity in the functions grub_openbsd_find_ramdisk() and + grub_freebsd_load_elfmodule(). These bugs were flagged by coverity because the + variable shdr was downcasting from a char pointer to an Elf_Shdr pointer + whenever it was used to set the base value in for loops. To avoid this, we need + to set shdr as an Elf_Shdr pointer where it is initialized. + + In the function read_headers(), the function is reading elf section header data + from a file and passing it to the variable shdr as data for a char pointer. If + we switch the type of shdr to an Elf_Shdr pointer in read_headers() as well as + other functions, then we won't need to downcast to an Elf_Shdr pointer. By doing + this, the issue becomes masked from Coverity's view. In the following patches, + we check limits to ensure the data isn't tainted. + + Also, switched use of (char *) to (grub_uint8_t *) to give a better indication + of pointer arithmetic and not suggest use of a C string. + + Fixes: CID 314018 + Fixes: CID 314030 + Fixes: CID 314031 + Fixes: CID 314039 + + Reviewed-by: Daniel Kiper + Reviewed-by: Darren Kenny + +2022-06-07 Stefan Agner + + disk/efi/efidisk: Pass buffers with higher alignment + Some devices report IoAlign values but seem to require buffers with + higher alignment. + + The UEFI specification is saying: "IoAlign values of 0 and 1 mean that + the buffer can be placed anywhere in memory. Otherwise, IoAlign must + be a power of 2, and the requirement is that the start address of + a buffer must be evenly divisible by IoAlign with no remainder." + + Some devices report IoAlign of 2, however seem to require 4 bytes + aligned buffers. It seems that this got misinterpreted by some vendors + assuming IoAlign is 2^IoAlign. There is also such a hint in an example + in earlier versions of the Driver Writer's Guide: + + ScsiPassThruMode.IoAlign = 2; // Data must be alligned on 4-byte boundary + + Some devices report no alignment requirements at all but seem to read + corrupted data or report read errors when passing unaligned buffers. + + Work around by using an alignment of at least BlockSize (typically 512 + bytes) in any case. If IoAlign (interpreted as per UEFI specification) + requests a higher alignment than BlockSize, follow IoAlign still. + + Note: The problem has only noticed with compressed squashfs. It seems + that ext4 (and presumably other file system drivers) pass buffers with + a higher alignment already. + + Acked-by: Heinrich Schuchardt + Reviewed-by: Daniel Kiper + +2022-06-07 Samuel Thibault + + osdep/hurd/getroot: Use "part:" qualifier + When using userland drivers such as rumpdisk, we'd rather make ext2fs use + parted-based libstore partitioning support. That can be used for kernelland + drivers as well, so we can just make GRUB always use the "part:" qualifier + to switch ext2fs to it. + + grub_util_find_hurd_root_device() then has to understand this syntax and + translate it into the /dev/ entry name. + + Reviewed-by: Daniel Kiper + +2022-06-07 Glenn Washburn + + docs: Add documentation on keyfile option to cryptomount + Reviewed-by: Daniel Kiper + + disk/cryptodisk: Use enum constants as indexes into cryptomount option array + Reviewed-by: Daniel Kiper + +2022-06-07 John Lane + + disk/cryptodisk: Add options to cryptomount to support keyfiles + Add the options --key-file, --keyfile-offset, and --keyfile-size to + cryptomount and code to put read the requested key file data and pass + via the cargs struct. Note, key file data is for all intents and purposes + equivalent to a password given to cryptomount. So there is no need to + enable support for key files in the various crypto backends (e.g. LUKS1) + because the key data is passed just as if it were a password. + + Reviewed-by: Daniel Kiper + +2022-06-07 Denis 'GNUtoo' Carikli + + disk/geli: Unify grub_cryptodisk_dev function names + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + + disk/luks: Unify grub_cryptodisk_dev function names + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2022-06-07 Glenn Washburn + + util/probe: Remove unused header includes + Reviewed-by: Daniel Kiper + + commands/macbless: Remove whitespace between N_ macro and open parenthesis + Reviewed-by: Daniel Kiper + +2022-06-07 Glenn Washburn + + tests: Add /sbin and /usr/sbin to path in partmap test + The partmap test requires no elevated privileges. However, it uses parted + which can be used as a normal user, but is usually located in /sbin or + /usr/bin (eg. on Debian systems). Whereas the normal user does not usually + have /sbin or /usr/sbin added to their path, thus parted will not be found + causing the test to abort. Add /sbin and /usr/sbin to the path for the + partmap test so that the test can run successfully as an unprivileged user. + + Reviewed-by: Daniel Kiper + +2022-06-07 Glenn Washburn + + tests: Show host determined fs UUID when hfs UUID test fails + On failure, the hfs test should show both the host and GRUB determined fs + UUID. Prior to this change, both outputs where generated by GRUB, which is + less helpful in determining the cause of failure. + + Reviewed-by: Daniel Kiper + +2022-05-24 Glenn Washburn + + docs: Add section for general undocumented commands + The section is an itemized list of commands that are not listed else where + in the command sections. + + Reviewed-by: Daniel Kiper + +2022-05-24 Glenn Washburn + + docs: Add under documented loader commands to beginning of loader section + Reviewed-by: Daniel Kiper + +2022-05-24 Glenn Washburn + + docs: Create command section for loader commands + Move loader commands documented in the general commands list into the + loader command section. + + Reviewed-by: Daniel Kiper + +2022-05-24 Glenn Washburn + + docs: Markup loader commands with @command tag + Also, add period to terminate sentence. + + Reviewed-by: Daniel Kiper + +2022-05-24 Glenn Washburn + + docs: Make note of i386-pc specific usage of halt command + The --no-apm option is only available on the i396-pc target. + + Reviewed-by: Daniel Kiper + +2022-05-24 Glenn Washburn + + docs: Make note that sendkey is only available on i386-pc + Reviewed-by: Daniel Kiper + + docs: Fix spelling typo and remove unnecessary spaces + Reviewed-by: Daniel Kiper + +2022-05-24 Glenn Washburn + + net/net: Fix incorrect condition for calling grub_net_tcp_retransmit() + The commit 848724273e4 (net/net: Avoid unnecessary calls to + grub_net_tcp_retransmit()) needs to have its condition inverted to avoid + unnecessary calls to grub_net_tcp_retransmit(). As it is, it creates many + unnecessary calls and does not call grub_net_tcp_retransmit() when needed. + The call to grub_net_tcp_retransmit() should only be made when + grub_net_cards does _not_ equal NULL, meaning that there are potentially + network cards that need TCP retransmission. + + Fixes: 848724273e4 (net/net: Avoid unnecessary calls to grub_net_tcp_retransmit()) + + Reviewed-by: Daniel Kiper + +2022-05-24 Oskari Pirhonen + + templates: Improve initramfs detection + Add detection for initramfs of the form *.img.old. For example, Gentoo's + sys-kernel/genkernel installs it as initramfs-*.img and moves any existing + one to initramfs-*.img.old. + + Apply the same scheme to initrd-*.img and initrd-*.gz files for consistency. + + Reviewed-by: Daniel Kiper + +2022-05-24 Samuel Thibault + + osdep/hurd: Support device entries with @/dev/disk: qualifier + Those are used with non-bootstrap disk drivers, for which libstore has to + open /dev/disk before calling device_open on it instead of on the device + master port. Normally in that case all /dev/ entries also have the @/dev/disk: + qualifier, so we can just drop it. + + Reviewed-by: Daniel Kiper + +2022-05-24 Darren Kenny + + grub-mkimage: Creating aarch64 images from x86 host is broken + A recent fix that made appears to have broken the ability to create an + aarch64 boot image on a x86-based host. + + This was due to an overzealous testing of the architecture when building + grub-mkimage and removing the code that build an ARM image when not built + on ARM. + + On the occasion remove redundant break. + + Fixes: 8541f319 (grub-mkimage: Only check aarch64 relocations when built for aarch64) + + Tested-by: Selva Ganesan + Reviewed-by: Daniel Kiper + +2022-05-24 Icenowy Zheng + + grub-install: Allow to install to non-EFI ESP when --force + Although the EFI specification enforces support for FAT ESP, it's free + for EFI implementations to implement support for ESPs with other formats + (e.g. ext4, ntfs, etc), and at least U-Boot EFI will support ext4 ESP if + U-Boot is built with ext4 support. In some situations a GRUB installation + on such a non-FAT ESP could be useful (e.g. a NTFS-based USB disk that + can dual boot a Windows installation media and a Linux LiveCD). + + As this is advanced and implementation-dependent behavior, let grub-install + allow this kind of installation, but only when --force is specified. + + Reviewed-by: Daniel Kiper + +2022-04-26 Qiumiao Zhang + + net: Fix NULL pointer dereference when parsing ICMP6_ROUTER_ADVERTISE messages + During UEFI PXE boot in IPv6 network, if the DHCP server adopts stateful + automatic configuration, then the client receives a ICMP6_ROUTER_ADVERTISE + multicast message from the server. This may be received without the interface + having a configured network address, so orig_inf will be NULL, which can lead + to a NULL dereference when creating the default route. Actually, in this case, + the client obtains the default route through DHCPv6 instead of RA messages. + So if orig_inf == NULL and route_inf == NULL, we should not set the + default route. + + Fixes: https://savannah.gnu.org/bugs/?62072 + + Reviewed-by: Daniel Kiper + +2022-04-26 Glenn Washburn + + tests: Ensure that loopback devices and zfs devices are cleaned up + ZFS file systems are not unmounted using umount, but instead by exporting + them. So export the ZFS file system that has the same label as the one that + was created during the test, if such one exists. This is required to delete + the loopback device that uses the ZFS image file. Otherwise the added code + to delete all loopback devices setup during the test run will never be able + to finish because the loopback device can not be deleted while in use. + + Reviewed-by: Daniel Kiper + +2022-04-26 Glenn Washburn + + tests: Ensure that mountpoints are unmounted before exiting + When all tests complete successfully, filesystems mounted by grub-fs-tester + will be unmounted before exiting. However, on certain test failures the + tester will exit with a failure code and not unmount previously mounted + filesystems. Now keep track of mounts and umounts and run an exit handler + on exit or process interruption that will umount all mounts that haven't + already been unmounted. + + Reviewed-by: Daniel Kiper + +2022-04-20 Glenn Washburn + + docs: Use correct list format + Using "*" to prefix list items leads to undesirable display output for + at least the generation of the html documentation. Use the @itemize and + @item directives to get itemized list output. + + Also fix some wording and punctuation issues. + + Reviewed-by: Daniel Kiper + +2022-04-20 Glenn Washburn + + docs: Clarify meaning of "list" and "cond" for "if" and "while" commands respectively + It is not clear from the documentation what a "list" is in the context + of the "if" command. Note that its a list of simple commands separated + by a ";" and that only the exit status of the last command matters. + The same is true for the "cond" parameter to the "while" command. + + Reviewed-by: Daniel Kiper + +2022-04-20 Glenn Washburn + + docs: Add note that drivemap is only available on i386-pc + Reviewed-by: Daniel Kiper + +2022-04-20 Glenn Washburn + + tests: Give grub-fs-tester temp directory a better name + Instead of "tmp" the name is prefixed by the name of the scripts (e.g. + grub-fs-tester). A timestamp is added in the name to allow for easily + seeing a chronological sorting of runs and the name of the filesystem + being tested. The random component is set to the minimal possible, + 3 characters, because the timestamp should provide enough uniqueness. + + Reviewed-by: Daniel Kiper + +2022-04-20 Glenn Washburn + + tests: Disable blkid cache usage + Using the blkid cache can cause issues when running many file system tests + in parallel. We do not need it, as its only there to improve performance, + and using the cache does not provide significant performance improvements. + + Reviewed-by: Daniel Kiper + +2022-04-20 Glenn Washburn + + configure: Fix default -O2 being added when CFLAGS not set + Autoconf will set a default CFLAGS of "-g -O2" if CFLAGS is not set. + CFLAGS was defaulted to "" early in configure to prevent this. A recent + commit ad9ccf660 (configure: Fix various new autotools warnings) added + AC_USE_SYSTEM_EXTENSIONS, which pulls in the autoconf CFLAGS check, + before we default CFLAGS and thus setting the autoconf default for + CFLAGS. Move the default setting of CFLAGS to before AC_USE_SYSTEM_EXTENSIONS + so that autoconf will see CFLAGS as set and not give it a default. + + CFLAGS is also moved above AC_CONFIG_AUX_DIR, because CFLAGS should be + defaulted to "" as soon as possible to catch any autoconf macros that try + to use some other default. Regardless, this currently has no effect as that + macro does not consider the CFLAGS variable. + + Reviewed-by: Robbie Harwood + Reviewed-by: Daniel Kiper + +2022-04-20 Darren Kenny + + video/readers/jpeg: Fix possible invalid loop boundary condition + The value of next_marker is adjusted based on the word sized value + read from data->file. + + The updated next_marker value should reference a location in the file + just beyond the huffman table, and as such should not have a value + larger than the size of the file. + + Fixes: CID 73657 + + Reviewed-by: Daniel Kiper + +2022-04-20 Michael Chang + + lib/reed_solomon: Fix array subscript 0 is outside array bounds + The grub_absolute_pointer() is a compound expression that can only work + within a function. We are out of luck here when the pointer variables + require global definition due to ATTRIBUTE_TEXT that have to use fully + initialized global definition because of the way linkers work. + + static gf_single_t * const gf_powx ATTRIBUTE_TEXT = (void *) 0x100000; + + For the reason given above, use GCC diagnostic pragmas to suppress the + array-bounds warning. + + Reviewed-by: Daniel Kiper + +2022-04-20 Michael Chang + + build: Fix -Werror=array-bounds array subscript 0 is outside array bounds + The GRUB is failing to build with GCC-12 in many places like this: + + In function 'init_cbfsdisk', + inlined from 'grub_mod_init' at ../../grub-core/fs/cbfs.c:391:3: + ../../grub-core/fs/cbfs.c:345:7: error: array subscript 0 is outside array bounds of 'grub_uint32_t[0]' {aka 'unsigned int[]'} [-Werror=array-bounds] + 345 | ptr = *(grub_uint32_t *) 0xfffffffc; + | ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + This is caused by GCC regression in 11/12 [1]. In a nut shell, the + warning is about detected invalid accesses at non-zero offsets to NULL + pointers. Since hardwired constant address is treated as NULL plus an + offset in the same underlying code, the warning is therefore triggered. + + Instead of inserting #pragma all over the places where literal pointers + are accessed to avoid diagnosing array-bounds, we can try to borrow the + idea from Linux kernel that the absolute_pointer() macro [2][3] is used + to disconnect a pointer using literal address from it's original object, + hence GCC won't be able to make assumptions on the boundary while doing + pointer arithmetic. With that we can greatly reduce the code we have to + cover up by making initial literal pointer assignment to use the new + wrapper but not having to track everywhere literal pointers are + accessed. This also makes code looks cleaner. + + Please note the grub_absolute_pointer() macro requires to be invoked in + a function as long as it is compound expression. Some global variables + with literal pointers has been changed to local ones in order to use + grub_absolute_pointer() to initialize it. The shuffling is basically done + in a selective and careful way that the variable's scope doesn't matter + being local or global, for example, the global variable must not get + modified at run time throughout. For the record, here's the list of + global variables got shuffled in this patch: + + grub-core/commands/i386/pc/drivemap.c:int13slot + grub-core/term/i386/pc/console.c:bios_data_area + grub-core/term/ns8250.c:serial_hw_io_addr + + [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578 + [2] https://elixir.bootlin.com/linux/v5.16.14/source/include/linux/compiler.h#L180 + [3] https://elixir.bootlin.com/linux/v5.16.14/source/include/linux/compiler-gcc.h#L31 + + Reviewed-by: Daniel Kiper + +2022-04-20 Michael Chang + + util/mkimage: Fix dangling pointer may be used error + The warning is real as long as dangling pointer to tmp_ may be used if + o32 and o64 are both NULL. However that is not going to happen and can + be ignored safely because the PE_OHDR is being used in a context that + either o32 or o64 must have been properly initialized. Sadly compiler + seems not to always optimize that unused tmp_ away so explicit + suppression remain needed here. + + ../util/mkimage.c: In function 'grub_install_generate_image': + ../util/mkimage.c:1422:41: error: dangling pointer to 'tmp_' may be used [-Werror=dangling-pointer=] + 1422 | PE_OHDR (o32, o64, header_size) = grub_host_to_target32 (header_size); + ../util/mkimage.c:857:28: note: 'tmp_' declared here + 857 | __typeof__((o64)->field) tmp_; \ + | ^~~~ + + Reviewed-by: Daniel Kiper + +2022-04-20 Chad Kimes + + net/drivers/efi/efinet: Configure VLAN from UEFI device used for PXE + This patch handles automatic configuration of VLAN when booting from PXE + on UEFI hardware. + + Reviewed-by: Daniel Kiper + +2022-04-20 Chad Kimes + + kern/efi/efi: Print VLAN info in EFI device path + Reviewed-by: Daniel Kiper + +2022-04-20 Chad Kimes + + net/net: Add net_set_vlan command + Previously there was no way to set the 802.1Q VLAN identifier, despite + support for vlantag in the net module. The only location vlantag was + being populated was from PXE boot and only for Open Firmware hardware. + This commit allows users to manually configure VLAN information for any + interface. + + Example usage: + grub> net_ls_addr + efinet1 00:11:22:33:44:55 192.0.2.100 + grub> net_set_vlan efinet1 100 + grub> net_ls_addr + efinet1 00:11:22:33:44:55 192.0.2.100 vlan100 + grub> net_set_vlan efinet1 0 + efinet1 00:11:22:33:44:55 192.0.2.100 + + Reviewed-by: Daniel Kiper + +2022-04-20 Chad Kimes + + net/net: Add vlan information to net_ls_addr output + Example output: + grub> net_ls_addr + efinet1 00:11:22:33:44:55 192.0.2.100 vlan100 + + Reviewed-by: Daniel Kiper + +2022-04-04 Chris Coulson + + kern/efi/init: Log a console error during a stack check failure + The initial implementation of the stack protector just busy looped + in __stack_chk_fail in order to reduce the amount of code being + executed after the stack has been compromised because of a lack of + firmware memory protections. With future firmware implementations + incorporating memory protections such as W^X, call in to boot services + when an error occurs in order to log a message to the console before + automatically rebooting the machine. + + Reviewed-by: Daniel Kiper + +2022-04-04 Alec Brown + + loader/i386/xnu: Fix uninitialized scalar variable + In the function grub_xnu_boot(), struct grub_relocator32_state state is called + but isn't being initialized. This results in the members grub_uint32_t ebx, + grub_uint32_t ecx, grub_uint32_t edx, grub_uint32_t edi, and grub_uint32_t esi + being filled with junk data from the stack since none of them are being set to + any values. We can prevent this by setting state to {0}. + + Fixes: CID 375035 + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-04-04 Alec Brown + + loader/i386/xnu: Fix uninitialized scalar variable + In the function grub_xnu_boot_resume(), struct grub_relocator32_state state is + called but isn't being initialized. This results in the members grub_uint32_t + ebx, grub_uint32_t ecx, grub_uint32_t edx, grub_uint32_t esi, and grub_uint32_t + edi being filled with junk data from the stack since none of them are being set + to any values. We can prevent this by setting state to {0}. + + Fixes: CID 375031 + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-04-04 Alec Brown + + loader/i386/pc/linux: Fix uninitialized scalar variable + In the function grub_linux16_boot(), struct grub_relocator16_state state is + called but isn't being initialized. This results in the members grub_uint32_t + ebx, grub_uint32_t edx, grub_uint32_t esi, and grub_uint32_t ebp being filled + with junk data from the stack since none of them are being set to any values. + We can prevent this by setting state to {0}. + + Fixes: CID 375028 + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-04-04 Alec Brown + + loader/i386/bsd: Fix uninitialized scalar variable + In the function grub_netbsd_setup_video(), struct grub_netbsd_btinfo_framebuf + params is called but isn't being initialized. The member grub_uint8_t + reserved[16] isn't set to any values and is instead filled with junk data from + the stack. We can prevent this by setting params to {0}. + + Fixes: CID 375026 + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-04-04 Alec Brown + + net/net: Fix uninitialized scalar variable + In the function grub_net_ipv6_get_link_local(), grub_net_network_level_address_t + addr is called but isn't being initialized. This results in the member + grub_dns_option_t option being filled with junk data from the stack. We can + prevent this by setting the option member in addr to 0. + + Fixes: CID 375033 + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-04-04 Alec Brown + + net/bootp: Fix uninitialized scalar variable + In the function grub_net_configure_by_dhcp_ack(), + grub_net_network_level_address_t addr is called but isn't being initialized. + This results in the member grub_dns_option_t option being filled with junk data + from the stack. To prevent this, we can set the option member in addr to 0. + + Fixes: CID 375036 + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-04-04 Alec Brown + + net/arp: Fix uninitialized scalar variable + In the function grub_net_arp_receive(), grub_net_network_level_address_t + sender_addr and target_addr are being called but aren't being initialized. + In both of these structs, each member is being set to a value except for + grub_dns_option_t option. This results in this member being filled with junk + data from the stack. To prevent this, we can set the option member in both + structs to 0. + + Fixes: CID 375030 + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-04-04 Glenn Washburn + + net/tcp: Only call grub_get_time_ms() when there are sockets to potentially retransmit for + If the machine has network cards found, but there are no tcp open sockets + (because the user doesn't use the network to boot), then grub_net_tcp_retransmit() + should be a noop. Thus GRUB doesn't need to call grub_get_time_ms(), which + does a call into firmware on powerpc-ieee1275, and probably other targets. + So only call grub_get_time_ms() if there are tcp sockets. + + Aside from improving performance, its also useful to stay out of the firmware + as much as possible when debugging via QEMU because its a pain to get back + in to GRUB execution. grub_net_tcp_retransmit() can get called very frequently + via grub_net_poll_cards_idle() when GRUB is waiting for a keypress + (grub_getkey_noblock() calls grub_net_poll_cards_idle()). This can be annoying + when debugging an issue in GRUB on PowerPC in QEMU with GDB when GRUB is waiting + for a keypress because interrupting via GDB nearly always lands in the OpenBIOS + firmware's milliseconds call. + + Reviewed-by: Daniel Kiper + +2022-04-04 Glenn Washburn + + net/net: Avoid unnecessary calls to grub_net_tcp_retransmit() + In grub_net_poll_cards_idle_real(), only call grub_net_tcp_retransmit() if there + are network cards found. If there are no network card found, there can be no + tcp sockets to transmit on. So no need to go through that logic. + + Reviewed-by: Daniel Kiper + +2022-04-04 Glenn Washburn + + net/net: Unset grub_net_poll_cards_idle when net module has been unloaded + This looks like it was a copy/paste error. If the net module is unloaded, + grub_net_poll_cards_idle should be NULL so that GRUB does not try to call + a function which now doesn't exist. + + Reviewed-by: Daniel Kiper + +2022-04-04 Glenn Washburn + + INSTALL: Add information on using --build when cross-compiling + The autoconf 2.65 manual [1] strongly recommends specifying the --build + option when the --host is used. Add this to the example and add a note + that this is recommended. + + [1] https://www.gnu.org/software/autoconf/manual/autoconf-2.65/html_node/Hosts-and-Cross_002dCompilation.html + + Reviewed-by: Daniel Kiper + +2022-04-04 Glenn Washburn + + configure: Whitespace changes to improve readability + Reviewed-by: Daniel Kiper + +2022-04-04 Glenn Washburn + + configure: Remove unused CFLAGS definitions + These CFLAGS definitions are reset below them before they have a change to + affect anything. The exception is the *-emu case, which is put in the next + if block, which is the only place its used before getting reset. + + Reviewed-by: Daniel Kiper + +2022-04-04 Glenn Washburn + + configure: Remove dead code + It appears as though the intent of this code is to define abort() and main() + symbols for some configure tests. However, it never gets used because the if + is only entered when not building for *-emu, but the next if block only runs + when building for *-emu. And the if block after that unconditionally resets + CFLAGS. So this code can have no effect. + + Additionally, s/aclocal.m4/acinclude.m4/ and move grub_ASM_USCORE to put + with other marcos defined in acinclude.m4. + + Reviewed-by: Daniel Kiper + +2022-04-04 Glenn Washburn + + configure: Sort AM_CONDITIONALs alphabetically + Reviewed-by: Daniel Kiper + +2022-04-04 Glenn Washburn + + configure: Allow HOST_CC to override CC + According to the INSTALL, "The HOST_* variables override not prefixed + variables". This change makes it so, instead of previous behavior, which + was to ignore the HOST_CC environment variable. + + Reviewed-by: Daniel Kiper + +2022-04-04 Glenn Washburn + + gdb: Add malloc and free symbols to kernel.exec to improve gdb functionality + Add linker flags when linking kernel.exec to have malloc and free point to + grub_malloc() and grub_free() respectively. Some gdb functionality depends on + gdb locating the symbols "malloc" and "free", such as dynamically creating + strings for arguments to injected function calls. A trivial example would + the gdb command 'p strlen("astring")'. Make sure not to do this on emu + platforms, or an infinite loop occurs because emu has a special + grub_malloc() that calls malloc(). + + Reviewed-by: Daniel Kiper + +2022-04-04 Renaud Métrich + + commands/search: Add new --efidisk-only option for EFI systems + When using "search" on EFI systems, we sometimes want to exclude devices + that are not EFI disks, e.g. md, lvm. This is typically used when + wanting to chainload when having a software raid (md) for EFI partition: + with no option, "search --file /EFI/redhat/shimx64.efi" sets root envvar + to "md/boot_efi" which cannot be used for chainloading since there is no + effective EFI device behind. + + Reviewed-by: Daniel Kiper + +2022-04-04 Renaud Métrich + + commands/search: Refactor --no-floppy option to have something generic + Reviewed-by: Daniel Kiper + +2022-04-04 Hans de Goede + + kern/main: Suppress the "Welcome to GRUB!" message in EFI builds + GRUB EFI builds are now often used in combination with flicker-free + boot, but this breaks with upstream GRUB because the "Welcome to GRUB!" + message will kick the EFI fb into text mode and show the msg, breaking + the flicker-free experience. + + EFI systems are so fast, that when the menu or the countdown are + enabled the message will be immediately overwritten, so in these cases + not printing the message does not matter. + + And in case when the timeout_style is set to TIMEOUT_STYLE_HIDDEN, + the user has asked GRUB to be quiet (for example to allow flickfree + boot) and thus the message should not be printed. + + Reviewed-by: Robbie Harwood + Reviewed-by: Daniel Kiper + +2022-04-04 Hans de Goede + + normal/menu: Don't show "Booting `%s'" msg when auto-booting with TIMEOUT_STYLE_HIDDEN + When the user has asked the menu code to be hidden/quiet and the current + entry is being autobooted because the timeout has expired don't show + the "Booting `%s'" msg. + + This is necessary to let flicker-free boots really be flicker free, + otherwise the "Booting `%s'" msg will kick the EFI fb into text mode + and show the msg, breaking the flicker-free experience. + + Reviewed-by: Robbie Harwood + Reviewed-by: Daniel Kiper + +2022-03-21 Hans de Goede + + term/efi/console: Do not set cursor until the first text output + To allow flickerfree boot the EFI console code does not call + grub_efi_set_text_mode(1) until some text is actually output. Depending + on if the output text is because of an error loading, e.g. the .cfg + file, or because of showing the menu the cursor needs to be on or off + when the first text is shown. So far the cursor was hardcoded to being + on, but this is causing drawing artifacts + slow drawing of the menu as + reported here: https://bugzilla.redhat.com/show_bug.cgi?id=1946969 + Handle the cursorstate in the same way as the colorstate to fix this, + when no text has been output yet, just cache the cursorstate and then + use the last set value when the first text is output. + + Fixes: 2d7c3abd871f (efi/console: Do not set text-mode until we actually need it) + Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1946969 + + Reviewed-by: Daniel Kiper + +2022-03-21 Hans de Goede + + term/efi/console: Do not set colorstate until the first text output + GRUB_MOD_INIT(normal) does an unconditional: + + grub_env_set ("color_normal", "light-gray/black"); + + which triggers a grub_term_setcolorstate() call. The original version + of the "efi/console: Do not set text-mode until we actually need it" patch, + https://lists.gnu.org/archive/html/grub-devel/2018-03/msg00125.html, + protected against this by caching the requested state in + grub_console_setcolorstate() and then only applying it when the first + text output actually happens. During refactoring to move the + grub_console_setcolorstate() up higher in the grub-core/term/efi/console.c + file the code to cache the color-state + bail early was accidentally dropped. + Restore the cache the color-state + bail early behavior from the original. + + Fixes: 2d7c3abd871f (efi/console: Do not set text-mode until we actually need it) + + Cc: Javier Martinez Canillas + Reviewed-by: Daniel Kiper + +2022-03-21 Darren Kenny + + kern/rescue_parser: Ensure that parser allocated memory is not leaked + While it would appear unlikely that the memory allocated in *argv in + grub_parser_split_cmdline() would be leaked, we should try ensure that + it doesn't leak by calling grub_free() before we return from + grub_rescue_parse_line(). + + To avoid a possible double-free, grub_parser_split_cmdline() is being + changed to assign *argv = NULL when we've called grub_free() in the fail + section. + + Fixes: CID 96680 + + Reviewed-by: Daniel Kiper + +2022-03-21 Darren Kenny + + grub-mkimage: Only check aarch64 relocations when built for aarch64 + Coverity flagged the switch checks for R_AARCH64_* as being logically + dead code, since it could never happen on x86 due to the masking of the + values earlier in the code. + + A check for building on __arm__ (which gcc and clang define) and for + MKIMAGE_ELF64 (which GRUB defines) has been added to avoid this dead + code being built in. + + Fixes: CID 158599 + + Reviewed-by: Daniel Kiper + +2022-03-21 Daniel Kiper + + lib/posix_wrap/errno.h: Add __set_errno() macro + $ ./configure --target=x86_64-w64-mingw32 --with-platform=efi --host=x86_64-w64-mingw32 + $ make + + [...] + + cat syminfo.lst | sort | gawk -f ./genmoddep.awk > moddep.lst || (rm -f moddep.lst; exit 1) + __imp__errno in regexp is not defined + + This happens because grub-core/lib/gnulib/malloc/dynarray_resize.c and + grub-core/lib/gnulib/malloc/dynarray_emplace_enlarge.c (both are used by + regexp module) from the latest Gnulib call __set_errno() which originally + sets errno variable (Windows builds add __imp__ prefix). Of course it is + not defined and grub_errno should be used instead. + + Reviewed-by: Daniel Kiper + +2022-03-21 Robbie Harwood + + configure: Fix various new autotools warnings + Reviewed-by: Daniel Kiper + +2022-03-21 Robbie Harwood + + gnulib: Handle warnings introduced by updated gnulib + - Fix type of size variable in luks2_verify_key() + - Avoid redefinition of SIZE_MAX and ATTRIBUTE_ERROR + - Work around gnulib's int types on older compilers + + Reviewed-by: Daniel Kiper + +2022-03-21 Robbie Harwood + + gnulib: Update gnulib version and drop most gnulib patches + In addition to the changes carried in our gnulib patches, several + Coverity and code hygiene fixes that were previously downstream are also + included in this 3-year gnulib increment. + + Unfortunately, fix-width.patch is retained. + + Bump minimum autoconf version from 2.63 to 2.64 and automake from 1.11 + to 1.14, as required by gnulib. + + Sync bootstrap script itself with gnulib. + + Update regexp module for new dynarray dependency. + + Reviewed-by: Daniel Kiper + +2022-03-21 Robbie Harwood + + gnulib: Drop no-abort.patch + Originally added in commit db7337a3d (grub-core/lib/posix_wrap/stdlib.h + (abort): Removed), this patched out all relevant invocations of abort() + in gnulib. While it was not documented why at the time, testing suggests + that there's no abort() implementation available for gnulib to use. + + gnulib's position is that the use of abort() is correct here, since it + happens when input violates a "shall" from POSIX. Additionally, the + code in question is probably not reachable. Since abort() is more + friendly to user-space, they prefer to make no change, so we can just + carry a define instead (suggested by Paul Eggert). + + Reviewed-by: Daniel Kiper + +2022-03-21 Robbie Harwood + + gnulib: Drop fix-base64.patch + Originally added in commit 9fbdec2f (bootstrap: Add gnulib's base64 + module) and subsequently modified in commit 552c9fd08 (gnulib: Fix build + of base64 when compiling with memory debugging), fix-base64.patch + handled two problems we have using gnulib, which are exercised by the + base64 module but not directly caused by it. + + First, GRUB defines its own bool type, while gnulib expects the + equivalent of stdbool.h to be present. Rather than patching gnulib, + instead use gnulib's stdbool module to provide a bool type if needed + (suggested by Simon Josefsson). + + Second, our config.h doesn't always inherit config-util.h, which is + where gnulib-related options like _GL_ATTRIBUTE_CONST end up. + fix-base64.h worked around this by defining the attribute away, but this + workaround is better placed in config.h itself, not a gnulib patch. + + Reviewed-by: Daniel Kiper + +2022-03-21 Robbie Harwood + + config: Where present, ensure config-util.h precedes config.h + gnulib defines go in config-util.h, and we need to know whether to + provide duplicates in config.h or not. + + Reviewed-by: Daniel Kiper + +2022-03-21 Robbie Harwood + + config.h.in: Use visual indentation + Reviewed-by: Daniel Kiper + +2022-03-14 Robbie Harwood + + INSTALL: Drop mention of libusb + The commit 9d25b0da9 (Remove emu libusb support.) dropped use of libusb, + but did not remove mention of it from INSTALL file. + + Reviewed-by: Daniel Kiper + +2022-03-14 Daniel Kiper + + INSTALL: Add more cross-compiling Debian packages + The mingw-w64-tools is especially important because with out it some + Windows builds may fail due to lack of proper pkg-config. + + Reviewed-by: Robbie Harwood + +2022-03-14 Daniel Kiper + + configure: Drop ${grub_coredir} unneeded references + These are probably stray references left after earlier removals. + + Reviewed-by: Robbie Harwood + +2022-03-14 Daniel Kiper + + conf/i386-cygwin-img-ld: Do not discard .data and .edata sections + $ ./configure --target=i686-w64-mingw32 --with-platform=efi --host=i686-w64-mingw32 + + [...] + + checking if __bss_start is defined by the compiler... no + checking if edata is defined by the compiler... no + checking if _edata is defined by the compiler... no + configure: error: none of __bss_start, edata or _edata is defined + + This happens on machines with quite recent ld due to an error: + + `edata' referenced in section `.text' of /tmp/cc72w9E4.o: defined in discarded section `.data' of conftest.exe + collect2: error: ld returned 1 exit status + + So, we have to tell linker to not discard .data and .edata sections. + The trick comes from ld documentation: + + 3.6.7 Output Section Discarding + + The linker will not normally create output sections with no contents. + This is for convenience when referring to input sections that may or may + not be present in any of the input files. For example: + + .foo : { *(.foo) } + + will only create a ‘.foo’ section in the output file if there is a + ‘.foo’ section in at least one input file, and if the input sections are + not all empty. Other link script directives that allocate space in an + output section will also create the output section. So too will + assignments to dot even if the assignment does not create space, except + for ‘. = 0’, ‘. = . + 0’, ‘. = sym’, ‘. = . + sym’ and ‘. = ALIGN (. != + 0, expr, 1)’ when ‘sym’ is an absolute symbol of value 0 defined in the + script. This allows you to force output of an empty section with ‘. = .’. + + This change does not impact generated binaries because the + conf/i386-cygwin-img-ld.sc linker script is used only when + you run configure. + + Reviewed-by: Robbie Harwood + +2022-03-14 Daniel Kiper + + commands/i386/pc/sendkey: Fix "writing 1 byte into a region of size 0" build error + Latest GCC may complain in that way: + + commands/i386/pc/sendkey.c: In function ‘grub_sendkey_postboot’: + commands/i386/pc/sendkey.c:223:21: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=] + 223 | *((char *) 0x41a) = 0x1e; + | ~~~~~~~~~~~~~~~~~~^~~~~~ + + The volatile keyword addition helps and additionally assures us the + compiler will not optimize out fixed assignments. + + Reviewed-by: Robbie Harwood + +2022-03-14 Daniel Kiper + + loader/i386/bsd: Initialize ptr variable in grub_bsd_add_meta() + Latest GCC may complain in that way: + + In file included from ../include/grub/disk.h:31, + from ../include/grub/file.h:26, + from ../include/grub/loader.h:23, + from loader/i386/bsd.c:19: + loader/i386/bsd.c: In function ‘grub_cmd_openbsd’: + ../include/grub/misc.h:71:10: error: ‘ptr’ may be used uninitialized in this function [-Werror=maybe-uninitialized] + 71 | return grub_memmove (dest, src, n); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ + loader/i386/bsd.c:266:9: note: ‘ptr’ was declared here + 266 | void *ptr; + | ^~~ + + So, let's fix it by assigning NULL to ptr in grub_bsd_add_meta(). + + Reviewed-by: Robbie Harwood + +2022-03-14 Daniel Kiper + + osdep/windows/platform: Disable gcc9 -Waddress-of-packed-member + $ ./configure --target=x86_64-w64-mingw32 --with-platform=efi --host=x86_64-w64-mingw32 + $ make + + [...] + + In file included from grub-core/osdep/platform.c:4: + grub-core/osdep/windows/platform.c: In function ‘grub_install_register_efi’: + grub-core/osdep/windows/platform.c:382:41: error: taking address of packed member of ‘struct grub_efi_file_path_device_path’ may result in an unaligned pointer value [-Werror=address-of-packed-member] + 382 | path16_len = grub_utf8_to_utf16 (filep->path_name, + | ~~~~~^~~~~~~~~~~ + + Disable the -Wadress-of-packaed-member diagnostic for grub_utf8_to_utf16() + call which contains filep->path_name reference. It seems safe because the + structure is defined according to the UEFI spec and we hope authors did not + make any mistake... :-) + + This fix is similar to the fix in the commit 8e8723a6b + (f2fs: Disable gcc9 -Waddress-of-packed-member). + + Reviewed-by: Robbie Harwood + +2022-03-14 Glenn Washburn + + po: Un-transliterate the %zu format code + Commit 45bffae13 (util/resolve: Bail with error if moddep.lst file line is + too long) uses the %zu format specifier which has not been used in + any translated strings yet. So the sed scripts used for transliterating + certain languages need to be updated otherwise creation of the message + indexes will fail on an unknown format code. This is essentially the same + issue fixed for the %m format code in commit 2e246b6f (po: Fix replacement + of %m in sed programs). + + Also reorder transliteration lines to be more lexicographically ordered. + + Reviewed-by: Daniel Kiper + +2022-03-14 Daniel Axtens + + net: Check against nb->tail in grub_netbuff_pull() + GRUB netbuff structure members track 2 different things: the extent of memory + allocated for the packet, and the extent of memory currently being worked on. + + This works out in the structure as follows: + + nb->head: beginning of the allocation + nb->data: beginning of the working data + nb->tail: end of the working data + nb->end: end of the allocation + + The head and end pointers are set in grub_netbuff_alloc() and do not change. + The data and tail pointers are initialised to point at start of the + allocation (that is, head == data == tail initially), and are then + manipulated by grub_netbuff_*() functions. Key functions are as follows: + + - grub_netbuff_put(): "put" more data into the packet - advance nb->tail + - grub_netbuff_unput(): trim the tail of the packet - retract nb->tail + - grub_netbuff_pull(): "consume" some packet data - advance nb->data + - grub_netbuff_reserve(): reserve space for future headers - advance nb->data and nb->tail + - grub_netbuff_push(): "un-consume" data to allow headers to be written - retract nb->data + + Each of those functions does some form of error checking. For example, + grub_netbuff_put() does not allow nb->tail to exceed nb->end, and + grub_netbuff_push() does not allow nb->data to be before nb->head. + + However, grub_netbuff_pull()'s error checking is a bit weird. It advances nb->data + and checks that it does not exceed nb->end. That allows you to get into the + situation where nb->data > nb->tail, which should not be. + + Make grub_netbuff_pull() check against both nb->tail and nb->end. In theory just + checking against ->tail should be sufficient but the extra check should be + cheap and seems like good defensive practice. + + Reviewed-by: Daniel Kiper + +2022-03-14 Fabian Vogt + + grub-mount: Add support for libfuse3 + The libfuse 3.0.0 got released in 2016, with some API changes compared to 2.x. + This commit introduces support for 3.x while keeping it compatible with 2.6 + as a fallback still. + + To detect fuse3, switch configure over to use pkg-config, which is simpler yet + more reliable than looking for library and header manually. Also set + FUSE_USE_VERSION that way, as it depends on the used libfuse version. + + Now that the CFLAGS are read from pkg-config, use just , which works + with 2.x as well as 3.x and is recommended by libfuse upstream. + + One behavior change of libfuse3 is that FUSE_ATOMIC_O_TRUNC is set by default, + which means that open with O_TRUNC is passed as-is instead of calling the + truncate operation. With libfuse2, truncate failed with -ENOSYS and that was + returned to the application. To make O_TRUNC fail with libfuse3, return -EROFS + explicitly if writing was requested. + + Reviewed-by: Daniel Kiper + +2022-03-14 Elyes Haouas + + include: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + util: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + video: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + tests: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + term: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + script: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + partmap: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + osdep: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + normal: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + net: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + loader: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + lib: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + kern: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + io: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + gfxmenu: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + gfxmenu: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + fs: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + font: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + disk: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + commands: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + + bus: Remove trailing whitespaces + Reviewed-by: Daniel Kiper + +2022-03-07 Chad Kimes + + net/ethernet: Fix VLAN networking on little-endian systems + VLAN configuration seems to have never worked on little-endian systems. + This is likely because VLANTAG_IDENTIFIER is not byte-swapped before + copying into the net buffer, nor is inf->vlantag. We can resolve this by + using grub_cpu_to_be16{_compile_time}() and its inverse when copying + VLAN info to/from the net buffer. + + Reviewed-by: Daniel Kiper + +2022-03-07 Heinrich Schuchardt + + commands/efi/lsefisystab: Short text EFI_IMAGE_SECURITY_DATABASE_GUID + The EFI_IMAGE_SECURITY_DATABASE_GUID is used for the image execution + information table (cf. UEFI specification 2.9, 32.5.3.1 Using The Image + Execution Information Table). + + The lsefisystab command is used to display installed EFI configuration + tables. Currently it only shows the GUID but not a short text for the + table. + + Provide a short text for the EFI_IMAGE_SECURITY_DATABASE_GUID. + + Reviewed-by: Daniel Kiper + +2022-03-07 Glenn Washburn + + tests: Fix whitespace formatting + Reviewed-by: Daniel Kiper + +2022-03-07 Peter Jones + + ChangeLog: Retire ChangeLog-2015 + ChangeLog-2015 has been untouched for over 7 years now, and any + information in it is purely for historical purposes. At the same time, + grepping for code winds up matching this file quite a bit, almost never + accomplishing anything other than cluttering up your grep results. We + don't need this in the main repo, and "git show" will find it if you're + looking at the old history of commits on some file. + + This patch deletes it and the Makefile.am rule to distribute it. + + Reviewed-by: Daniel Axtens + Reviewed-by: Robbie Harwood + Reviewed-by: Javier Martinez Canillas + Reviewed-by: Daniel Kiper + +2022-03-07 Peter Levine + + templates: Properly handle multiple initrd paths in 30_os-prober + os-prober now effectively handles multiple paths passed to initrd, but + grub-mkconfig still truncates off any subsequent space-delimited paths. + + Support proper parsing of space-delimited initrd paths passed from + os-prober for distributions, like Manjaro, that require it. + + Fixes: https://savannah.gnu.org/bugs/?47681 + + Reviewed-by: Daniel Kiper + +2022-03-07 Samuel Thibault + + templates: Add support for pci-arbiter and rumpdisk on Hurd + This adds pci-arbiter and rumpdisk as bootstrap modules whenever they are + available. This opens the path for fully-userland disk support. + + Reviewed-by: Daniel Kiper + +2022-03-07 Glenn Washburn + + mm: Temporarily disable grub_mm_debug while calling grub_vprintf() in grub_printf() + To prevent infinite recursion when grub_mm_debug is on, disable it when + calling grub_vprintf(). One such call loop is: + grub_vprintf() -> parse_printf_args() -> parse_printf_arg_fmt() -> + grub_debug_calloc() -> grub_printf() -> grub_vprintf(). + + Reviewed-by: Daniel Kiper + +2022-03-07 Glenn Washburn + + mm: Export grub_mm_dump() and grub_mm_dump_free() + These functions may be useful within modules as well. Export them so that + modules can use them. + + Reviewed-by: Daniel Kiper + +2022-03-07 Glenn Washburn + + configure: Properly handle MM_DEBUG + Define MM_DEBUG in config.h when --enable-mm-debug is passed to configure. + It was being defined in config-util.h which only gets used when building + GRUB utilities for the host side. The enabling of debugging for memory + management in include/grub/mm.h explicitly does not happen when compiling + for the GRUB utilities. So this debugging code effectively could never be + enabled. Note, that MM_DEBUG is defined in an #if directive because the + enabling of debugging checks if MM_DEBUG is defined, not what its value is. + So even if MM_DEBUG were defined to nothing, the debugging code would + still be enabled. + + Reviewed-by: Daniel Kiper + +2022-03-07 Fangrui Song + + configure: Replace -Wl,-r,-d with -Wl,-r and add -fno-common + In GNU ld and ld.lld, -d is used with -r to allocate space to COMMON symbols. + This behavior is presumably to work around legacy projects which inspect + relocatable output by themselves and do not handle COMMON symbols. The GRUB + does not do this. + + See https://github.com/llvm/llvm-project/issues/53660 + -d is quite useless and ld.lld 15.0.0 will make -d no-op. + + COMMON symbols have special symbol resolution semantics which can cause surprise + (see https://maskray.me/blog/2022-02-06-all-about-common-symbols). GCC<10 and + Clang<11 defaulted to -fcommon. Just use -fno-common to avoid COMMON symbols. + + Reviewed-by: Daniel Kiper + +2022-03-07 Glenn Washburn + + tests: Add check-native and check-nonnative make targets + This allows for testing only tests that run directly on the build machine or + only tests that run in a virtualized environment. When testing multiple + targets on the same build machine the native tests only need to be run once + for all targets. Whereas, the nonnative tests must be run for each target + because the test is potentially compiled differently for each target. + + Reviewed-by: Daniel Kiper + +2022-03-07 Renaud Métrich + + commands/search: Fix bug stopping iteration when --no-floppy is used + When using --no-floppy and a floppy was encountered, iterate_device() + was returning 1, causing the iteration to stop instead of continuing. + + Reviewed-by: Daniel Kiper + +2022-03-07 Glenn Washburn + + Revert "iee1275/datetime: Fix off-by-1 error." + This is causing the test grub_cmd_date() to fail because the returned + date is one day more than it should be. + + This reverts commit 607d66116 (iee1275/datetime: Fix off-by-1 error.). + + Tested-by: Daniel Axtens + Reviewed-by: Daniel Kiper + +2022-02-08 Glenn Washburn + + tests: Remove $((BASE#NUM)) bashism in grub-fs-tester + This bashism allows converting NUM in base BASE to decimal. Its not needed + because the only place its used is to convert from hexidecimal and this can + also be done with the more portable $((0xHEXNUM)) syntax. + + Reviewed-by: Daniel Kiper + +2022-02-08 Glenn Washburn + + tests: Skip pata_test on i386-efi + In comparison to other i386 targets, on i386-efi the Q35 QEMU machine type + is used to do the testing to be able to make use of the EFI firmware in + QEMU. On the Q35 machine type there is no way to use ATA to communicate with + an IDE, only AHCI. + + Reviewed-by: Daniel Kiper + +2022-02-08 Glenn Washburn + + tests: Do not remove image file on error in pata_test + The image file can be useful in debugging an issue when the test fails. + + Reviewed-by: Daniel Kiper + +2022-02-08 Alec Brown + + util/grub-module-verifierXX: Validate elf section header table index for section name string table + In grub-module-verifierXX.c, the function find_section() uses the value from + grub_target_to_host16 (e->e_shstrndx) to obtain the section header table index + of the section name string table, but it wasn't being checked if the value was + there. + + According to the elf(5) manual page, + "If the index of section name string table section is larger than or equal + to SHN_LORESERVE (0xff00), this member holds SHN_XINDEX (0xffff) and the real + index of the section name string table section is held in the sh_link member of + the initial entry in section header table. Otherwise, the sh_link member of the + initial entry in section header table contains the value zero." + + Since this check wasn't being made, the function get_shstrndx() is being added + to make this check and use e_shstrndx if it doesn't have SHN_XINDEX as a value, + else use sh_link. We also need to make sure e_shstrndx isn't greater than or + equal to SHN_LORESERVE and sh_link isn't less than SHN_LORESERVE. + + Note that it may look as though the argument *arch isn't being used, it's + actually required in order to use the macros grub_target_to_host*(x) which are + unwinded to grub_target_to_host*_real(arch, (x)) based on defines earlier in + the file. + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-02-08 Alec Brown + + util/grub-module-verifierXX: Validate number of elf section header table entries + In grub-module-verifierXX.c, grub_target_to_host16 (e->e_shnum) is used to + obtain the number of section header table entries, but it wasn't being + checked if the value was there. + + According to the elf(5) manual page, + "If the number of entries in the section header table is larger than or equal + to SHN_LORESERVE (0xff00), e_shnum holds the value zero and the real number of + entries in the section header table is held in the sh_size member of the intial + entry in section header table. Otherwise, the sh_size member of the initial + entry in the section header table holds the value zero." + + Since this check wasn't being made, the function get_shnum() is being added to + make this check and use whichever member doesn't have a value of zero. If both + are zero, then we must return an error. We also need to make sure that e_shnum + doesn't have a value greater than or equal to SHN_LORESERVE and sh_size isn't + less than SHN_LORESERVE. + + Note that it may look as though the argument *arch isn't being used, it's + actually required in order to use the macros grub_target_to_host*(x) which are + unwinded to grub_target_to_host*_real(arch, (x)) based on defines earlier in + the file. + + Fixes: CID 314021 + Fixes: CID 314027 + Fixes: CID 314033 + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-02-08 Alec Brown + + util/grub-module-verifierXX: Add function to calculate section headers + Added the function get_shdr() which returns the section header at a given index + parameter passed into this function. This helps traverse the section header + table and reduces repeated calls to lengthy equations used to obtain section + headers. + + Note that it may look as though the argument *arch isn't being used, it's + actually required in order to use the macros grub_target_to_host*(x) which are + unwinded to grub_target_to_host*_real(arch, (x)) based on defines earlier in the + file. + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-02-08 Alec Brown + + fs/affs: Fix resource leaks + In commit 178ac5107389 (affs: Fix memory leaks), fixes were made to + grub_affs_iterate_dir() to prevent memory leaks from occurring after it + returns without freeing node. However, there were still some instances + where node was causing a memory leak when the function returns after + calling grub_affs_create_node(). In this function, new memory is + allocated to node but doesn't get freed until the hook() function is + called near the end. Before hook() is called, node should be freed in + grub_affs_create_node() before returning out of it. + + Fixes: 178ac5107389 (affs: Fix memory leaks) + Fixes: CID 73759 + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2022-02-08 Heinrich Schuchardt + + RISC-V: Adjust -march flags for binutils 2.38 + As of version 2.38 binutils defaults to ISA specification version + 2019-12-13. This version of the specification has has separated the + the csr read/write (csrr*/csrw*) instructions and the fence.i from + the I extension and put them into separate Zicsr and Zifencei + extensions. + + This implies that we have to adjust the -march flag passed to the + compiler accordingly. + + Reviewed-by: Daniel Kiper + +2022-02-08 Heinrich Schuchardt + + efi: Correct struct grub_efi_boot_services + The UEFI specification defines that the EFI_BOOT_SERVICES.Exit(() service may return + EFI_SUCCESS or EFI_INVALID_PARAMETER. So it cannot be __attribute__((noreturn)). + + Reviewed-by: Daniel Kiper + +2022-02-08 Glenn Washburn + + conf/Makefile.common: Order alphabetically variables + Reviewed-by: Daniel Kiper + +2022-02-08 Stephen Balousek + + net/http: Allow use of non-standard TCP/IP ports + Allow the use of HTTP servers listening on ports other 80. This is done + with an extension to the http notation: + + (http[,server[,port]]) + + - or - + + (http[,server[:port]]) + + Reviewed-by: Daniel Kiper + +2022-02-08 Glenn Washburn + + Makefile: Only look for @MARKER@ at the start of a line when generating libgrub_a_init.lst + Under certain conditions libgrub.pp gets generated with a such that it + contains a bunch of CPP defines, at least one of which contains "@MARKER@". + This line should not be used when generating libgrub_a_init.lst, otherwise + we get compiler errors like: + + libgrub_a_init.c:22:18: error: stray ‘#’ in program + 22 | extern void grub_#define_init (void); + | ^ + libgrub_a_init.c:22:19: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘define_init’ + 22 | extern void grub_#define_init (void); + | ^~~~~~~~~~~ + libgrub_a_init.c:23:18: error: stray ‘#’ in program + 23 | extern void grub_#define_fini (void); + | ^ + libgrub_a_init.c:23:19: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘define_fini’ + 23 | extern void grub_#define_fini (void); + | ^~~~~~~~~~~ + ... + + When generating libgrub_a_init.lst only lines starting with "@MARKER@" + are desired. + + Reviewed-by: Daniel Kiper + +2022-02-08 Glenn Washburn + + gentpl.py: Fix issue where sometimes marker files have CPP defines + When generating video.lst, modules whose marker file contains the string + VIDEO_LIST_MARKER are selected. But when the marker file contains the CPP + defines, one of the defines is VIDEO_LIST_MARKER and is present in all + marker files, so they are all selected. By removing the defines, the correct + modules are selected. + + Reviewed-by: Daniel Kiper + +2022-02-08 Glenn Washburn + + util/resolve: Bail with error if moddep.lst file line is too long + The code reads each line into a buffer of size 1024 and does not check if + the line is longer. So a line longer than 1024 will be read as a valid line + followed by an invalid line. Then an error confusing to the user is sent + with the test "invalid line format". But the line format is perfectly fine, + the problem is in GRUB's parser. Check if we've hit a line longer than the + size of the buffer, and if so send a more correct and reasonable error. + + Reviewed-by: Daniel Kiper + +2022-02-08 Glenn Washburn + + util/resolve: Do not read past the end of the array in read_dep_list() + If the last non-NULL byte of "buf" is not a white-space character (such as + when a read line is longer than the size of "buf"), then "p" will eventually + point to the byte after the last byte in "buf". After which "p" will be + dereferenced in the while conditional leading to an out of bounds read. Make + sure that "p" is inside "buf" before dereferencing it. + + Reviewed-by: Daniel Kiper + +2022-02-07 Glenn Washburn + + kern/misc: Allow selective disabling of debug facility names + Sometimes you only know which debug logging facility names you want to + turn off, not necessarily all the ones you want enabled. This patch allows + the debug string to contain facility names in the $debug variable which are + prefixed with a "-" to disable debug log messages for that conditional. Say + you want all debug logging on except for btrfs and scripting, then do: + "set debug=all,-btrfs,-scripting" + + Note, that only the last occurrence of the facility name with or without a + leading "-" is considered. So simply appending ",-facilityname" to the + $debug variable will disable that conditional. To illustrate, the command + "set debug=all,-btrfs,-scripting,btrfs" will enable btrfs. + + Also, add documentation explaining this new behavior. + + Reviewed-by: Daniel Kiper + +2022-02-07 Glenn Washburn + + cryptodisk: Fix Coverity use after free bug + The Coverity output is: + + *** CID 366905: Memory - illegal accesses (USE_AFTER_FREE) + /grub-core/disk/cryptodisk.c: 1064 in grub_cryptodisk_scan_device_real() + 1058 cleanup: + 1059 if (askpass) + 1060 { + 1061 cargs->key_len = 0; + 1062 grub_free (cargs->key_data); + 1063 } + >>> CID 366905: Memory - illegal accesses (USE_AFTER_FREE) + >>> Using freed pointer "dev". + 1064 return dev; + 1065 } + 1066 + 1067 #ifdef GRUB_UTIL + 1068 #include + 1069 grub_err_t + + Here the "dev" variable can point to a freed cryptodisk device if the + function grub_cryptodisk_insert() fails. This can happen only on a OOM + condition, but when this happens grub_cryptodisk_insert() calls grub_free on + the passed device. Since grub_cryptodisk_scan_device_real() assumes that + grub_cryptodisk_insert() is always successful, it will return the device, + though the device was freed. + + Change grub_cryptodisk_insert() to not free the passed device on failure. + Then on grub_cryptodisk_insert() failure, free the device pointer. This is + done by going to the label "error", which will call cryptodisk_close() to + free the device and set the device pointer to NULL, so that a pointer to + freed memory is not returned. + + Fixes: CID 366905 + + Reviewed-by: Daniel Kiper + +2021-12-23 Daniel Axtens + + mm: Document grub_mm_init_region() + The grub_mm_init_region() does some things that seem magical, especially + around region merging. Make it a bit clearer. + + Reviewed-by: Daniel Kiper + +2021-12-23 Daniel Axtens + + mm: Document grub_free() + The grub_free() possesses a surprising number of quirks, and also + uses single-letter variable names confusingly to iterate through + the free list. + + Document what's going on. + + Use prev and cur to iterate over the free list. + + Reviewed-by: Daniel Kiper + +2021-12-23 Daniel Axtens + + mm: grub_real_malloc(): Make small allocs comment match code + Small allocations move the region's *first pointer. The comment + says that this happens for allocations under 64K. The code says + it's for allocations under 32K. Commit 45bf8b3a7549 changed the + code intentionally: make the comment match. + + Fixes: 45bf8b3a7549 (* grub-core/kern/mm.c (grub_real_malloc): Decrease cut-off of moving the) + + Reviewed-by: Daniel Kiper + +2021-12-23 Daniel Axtens + + mm: Clarify grub_real_malloc() + When iterating through the singly linked list of free blocks, + grub_real_malloc() uses p and q for the current and previous blocks + respectively. This isn't super clear, so swap to using prev and cur. + + This makes another quirk more obvious. The comment at the top of + grub_real_malloc() might lead you to believe that the function will + allocate from *first if there is space in that block. + + It actually doesn't do that, and it can't do that with the current + data structures. If we used up all of *first, we would need to change + the ->next of the previous block to point to *first->next, but we + can't do that because it's a singly linked list and we don't have + access to *first's previous block. + + What grub_real_malloc() actually does is set *first to the initial + previous block, and *first->next is the block we try to allocate + from. That allows us to keep all the data structures consistent. + + Document that. + + Reviewed-by: Daniel Kiper + +2021-12-23 Daniel Axtens + + mm: Document GRUB internal memory management structures + I spent more than a trivial quantity of time figuring out pre_size and + whether a memory region's size contains the header cell or not. + + Document the meanings of all the properties. Hopefully now no-one else + has to figure it out! + + Reviewed-by: Daniel Kiper + +2021-12-23 Michael Chang + + fs/btrfs: Use full btrfs bootloader area + Up to now GRUB can only embed to the first 64 KiB before primary + superblock of btrfs, effectively limiting the GRUB core size. That + could consequently pose restrictions to feature enablement like + advanced zstd compression. + + This patch attempts to utilize full unused area reserved by btrfs for + the bootloader outlined in the document [1]: + + The first 1MiB on each device is unused with the exception of primary + superblock that is on the offset 64KiB and spans 4KiB. + + Apart from that, adjacent sectors to superblock and first block group + are not used for embedding in case of overflow and logged access to + adjacent sectors could be useful for tracing it up. + + This patch has been tested to provide out of the box support for btrfs + zstd compression with which GRUB has been installed to the partition. + + [1] https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5)#BOOTLOADER_SUPPORT + + Reviewed-by: Daniel Kiper + +2021-12-23 Glenn Washburn + + tests: Refactor building xorriso command for iso9660 tests + The iso9660 tests test creating isos with different combinations of + Joliet, Rock Ridge, and ISO 9660 conformance level. Refactor xorriso + argument generation for more readability and extensibility. + + Reviewed-by: Thomas Schmitt + Reviewed-by: Daniel Kiper + +2021-12-23 Glenn Washburn + + cryptodisk: Improve handling of partition name in cryptomount password prompt + Call grub_partition_get_name() unconditionally to initialize the part + variable. Then part will only be NULL when grub_partition_get_name() errors. + Note that when source->partition is NULL, then grub_partition_get_name() + returns an allocated empty string. So no comma or partition will be printed, + as desired. + + Reviewed-by: Daniel Kiper + +2021-12-23 Glenn Washburn + + cryptodisk: Move global variables into grub_cryptomount_args struct + Note that cargs.search_uuid does not need to be initialized in various parts + of the cryptomount argument parsing, just once when cargs is declared with + a struct initializer. The previous code used a global variable which would + retain the value across cryptomount invocations. + + Reviewed-by: Daniel Kiper + +2021-12-23 Glenn Washburn + + cryptodisk: Refactor password input out of crypto dev modules into cryptodisk + The crypto device modules should only be setting up the crypto devices and + not getting user input. This has the added benefit of simplifying the code + such that three essentially duplicate pieces of code are merged into one. + + Add documentation of passphrase option for cryptomount as it is now usable. + + Reviewed-by: Daniel Kiper + +2021-12-23 Glenn Washburn + + cryptodisk: Add infrastructure to pass data from cryptomount to cryptodisk modules + Previously, the cryptomount arguments were passed by global variable and + function call argument, neither of which are ideal. This change passes data + via a grub_cryptomount_args struct, which can be added to over time as + opposed to continually adding arguments to the cryptodisk scan and + recover_key. + + As an example, passing a password as a cryptomount argument is implemented. + However, the backends are not implemented, so testing this will return a not + implemented error. + + Also, add comments to cryptomount argument parsing to make it more obvious + which argument states are being handled. + + Reviewed-by: Daniel Kiper + +2021-12-23 Glenn Washburn + + cryptodisk: Improve cryptomount -u error message + When a cryptmount is specified with a UUID, but no cryptodisk backends find + a disk with that UUID, return a more detailed message giving telling the + user that they might not have a needed cryptobackend module loaded. + + Reviewed-by: Daniel Kiper + +2021-12-23 Glenn Washburn + + cryptodisk: Improve error messaging in cryptomount invocations + Update such that "cryptomount -u UUID" will not print two error messages + when an invalid passphrase is given and the most relevant error message + will be displayed. + + Reviewed-by: Daniel Kiper + +2021-12-23 Glenn Washburn + + cryptodisk: Return failure in cryptomount when no cryptodisk modules are loaded + This displays an error notifying the user that they'll want to load + a backend module to make cryptomount useful. + + Reviewed-by: Daniel Kiper + +2021-12-23 Glenn Washburn + + cryptodisk: Refactor to discard have_it global + The global "have_it" was never used by the crypto-backends, but was used to + determine if a crypto-backend successfully mounted a cryptodisk with a given + UUID. This is not needed however, because grub_device_iterate() will return + 1 if and only if grub_cryptodisk_scan_device() returns 1. And + grub_cryptodisk_scan_device() will now only return 1 if a search_uuid has + been specified and a cryptodisk was successfully setup by a crypto-backend or + a cryptodisk of the requested UUID is already open. + + To implement this grub_cryptodisk_scan_device_real() is modified to return + a cryptodisk or NULL on failure and having the appropriate grub_errno set to + indicated failure. Note that grub_cryptodisk_scan_device_real() will fail now + with a new errno GRUB_ERR_BAD_MODULE when none of the cryptodisk backend + modules succeed in identifying the source disk. + + With this change grub_device_iterate() will return 1 when a crypto device is + successfully decrypted or when the source device has already been successfully + opened. Prior to this change, trying to mount an already successfully opened + device would trigger an error with the message "no such cryptodisk found", + which is at best misleading. The mount should silently succeed in this case, + which is what happens with this patch. + + Reviewed-by: Daniel Kiper + +2021-12-23 Glenn Washburn + + luks2: Add debug message to align with luks and geli modules + Reviewed-by: Daniel Kiper + + configure: Fix misspelled variable BUILD_LDFAGS -> BUILD_LDFLAGS + Reviewed-by: Daniel Kiper + +2021-12-23 Michael Chang + + grub-mkconfig: Restore umask for the grub.cfg + The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating + configuration by grub-mkconfig) has inadvertently discarded umask for + creating grub.cfg in the process of running grub-mkconfig. The resulting + wrong permission (0644) would allow unprivileged users to read GRUB + configuration file content. This presents a low confidentiality risk + as grub.cfg may contain non-secured plain-text passwords. + + This patch restores the missing umask and sets the creation file mode + to 0600 preventing unprivileged access. + + Fixes: CVE-2021-3981 + + Reviewed-by: Daniel Kiper + +2021-12-23 Heinrich Schuchardt + + efi: Create the grub_efi_close_protocol() library function + Create a library function for CloseProtocol() and use it for the SNP driver. + + Reviewed-by: Daniel Kiper + +2021-12-23 Heinrich Schuchardt + + efinet: Correct closing of SNP protocol + In the context of the implementation of the EFI_LOAD_FILE2_PROTOCOL for + the initial ramdisk it was observed that opening the SNP protocol failed. + https://lists.gnu.org/archive/html/grub-devel/2021-10/msg00020.html + This is due to an incorrect call to CloseProtocol(). + + The first parameter of CloseProtocol() is the handle, not the interface. + + We call OpenProtocol() with ControllerHandle == NULL. Hence we must also + call CloseProtcol() with ControllerHandel == NULL. + + Each call of OpenProtocol() for the same network card handle is expected to + return the same interface pointer. If we want to close the protocol which + we opened non-exclusively when searching for a card, we have to do this + before opening the protocol exclusively. + + As there is no guarantee that we successfully open the protocol add checks + in the transmit and receive functions. + + Reported-by: Andreas Schwab + Reviewed-by: Daniel Kiper + +2021-12-23 Colin Watson + + minilzo: Update to minilzo-2.10 + minilzo fails to build on a number of Debian release architectures + (armel, mips64el, mipsel, ppc64el) with errors such as: + + ../../grub-core/lib/minilzo/minilzo.c: In function 'lzo_memops_get_le16': + ../../grub-core/lib/minilzo/minilzo.c:3479:11: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing] + 3479 | * (lzo_memops_TU2p) (lzo_memops_TU0p) (dd) = * (const lzo_memops_TU2p) (const lzo_memops_TU0p) (ss); \ + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ../../grub-core/lib/minilzo/minilzo.c:3530:5: note: in expansion of macro 'LZO_MEMOPS_COPY2' + 3530 | LZO_MEMOPS_COPY2(&v, ss); + | ^~~~~~~~~~~~~~~~ + + The latest upstream version is 2.10, so updating to it seems like a good + idea on general principles, and it fixes builds on all the above + architectures. + + The update procedure documented in the GRUB Developers Manual worked; I + just updated the version numbers to make it clear that it's been + executed recently. + + Reviewed-by: Daniel Kiper + +2021-12-22 Glenn Washburn + + docs: Add documentation on packages for building documentation + Reviewed-by: Daniel Kiper + +2021-12-22 Glenn Washburn + + docs: Fix broken links in development docs + Use the Git Book as a reference for documentation on Git as no other link + was provided. Other links were broken because they used @url instead of + @uref and needed a comma separator between link and link text. + + Reviewed-by: Daniel Kiper + +2021-12-22 Glenn Washburn + + docs: Update development docs to include information on running test suite + Add a section with minimal description on setting up and running the test + suite with a link to the INSTALL documentation which is a little more + detailed in terms of package requirements. + + Reviewed-by: Daniel Kiper + +2021-12-22 Glenn Washburn + + docs: Add sentence on where Debian packages can be searched for online + Reviewed-by: Daniel Kiper + +2021-12-22 Qu Wenruo + + fs/btrfs: Make extent item iteration to handle gaps + The GRUB btrfs implementation can't handle two very basic btrfs + file layouts: + + 1. Mixed inline/regualr extents + # mkfs.btrfs -f test.img + # mount test.img /mnt/btrfs + # xfs_io -f -c "pwrite 0 1k" -c "sync" -c "falloc 0 4k" \ + -c "pwrite 4k 4k" /mnt/btrfs/file + # umount /mnt/btrfs + # ./grub-fstest ./grub-fstest --debug=btrfs ~/test.img hex "/file" + + Such mixed inline/regular extents case is not recommended layout, + but all existing tools and kernel can handle it without problem. + + 2. NO_HOLES feature + # mkfs.btrfs -f test.img -O no_holes + # mount test.img /mnt/btrfs + # xfs_io -f -c "pwrite 0 4k" -c "pwrite 8k 4k" /mnt/btrfs/file + # umount /mnt/btrfs + # ./grub-fstest ./grub-fstest --debug=btrfs ~/test.img hex "/file" + + NO_HOLES feature is going to be the default mkfs feature in the incoming + v5.15 release, and kernel has support for it since v4.0. + + The way GRUB btrfs code iterates through file extents relies on no gap + between extents. + + If any gap is hit, then GRUB btrfs will error out, without any proper + reason to help debug the bug. + + This is a bad assumption, since a long long time ago btrfs has a new + feature called NO_HOLES to allow btrfs to skip the padding hole extent + to reduce metadata usage. + + The NO_HOLES feature is already stable since kernel v4.0 and is going to + be the default mkfs feature in the incoming v5.15 btrfs-progs release. + + When there is a extent gap, instead of error out, just try next item. + + This is still not ideal, as kernel/progs/U-boot all do the iteration + item by item, not relying on the file offset continuity. + + But it will be way more time consuming to correct the whole behavior than + starting from scratch to build a proper designed btrfs module for GRUB. + + Reviewed-by: Daniel Kiper + +2021-11-22 Alec Brown + + disk/ldm: Fix resource leak + Commit 23e39f50ca7a (disk/ldm: Make sure comp data is freed before exiting from + make_vg()) fixed several spots in make_vg() where comp data was leaking memory + when an error was being handled but missed one. To avoid leaking memory, comp + should be freed when an error is being handled after comp has been successfully + allocated memory in the for loop. + + Fixes: 23e39f50ca7a (disk/ldm: Make sure comp data is freed before exiting from make_vg()) + Fixes: CID 73804 + + Reviewed-by: Daniel Kiper + +2021-11-22 Alec Brown + + commands/probe: Fix resource leaks + Commit 1fc860bb76bb (commands/probe: Fix a resource leak when probing disks), + missed other cases where grub_device_close() should be called before a return + statement is called. Also found that grub_disk_close() wasn't being called when + an error is being returned. To avoid conflict with grub_errno, grub_error_push() + should be called before either grub_device_close() or grub_disk_close() is + called and grub_error_pop() should be called before grub_errno is returned. + + Fixes: 1fc860bb76bb (commands/probe: Fix a resource leak when probing disks) + Fixes: CID 292443 + + Reviewed-by: Daniel Kiper + +2021-11-22 Michael Chang + + templates: Filter out POSIX locale for translation + The POSIX locale is default or native operating system's locale + identical to the C locale, so no translation to human speaking languages + are provided. For this reason we should filter out LANG=POSIX as well as + LANG=C upon generating grub.cfg to avoid looking up for it's gettext's + message catalogs that will consequently result in an unpleasant message: + + error: file `/boot/grub/locale/POSIX.gmo' not found + + Reviewed-by: Daniel Kiper + +2021-11-02 Darren Kenny + + io/gzio: Fix possible use of uninitialized variable in huft_build() + In huft_build() it is possible to reach the for loop where "r" is being + assigned to "q[j]" without "r.v" ever being initialized. + + Fixes: CID 314024 + + Reviewed-by: Daniel Kiper + +2021-11-02 Darren Kenny + + fs/zfs/zfs: Fix possible insecure use of chunk size in zap_leaf_array_get() + In zap_leaf_array_get() the chunk size passed in is considered tainted + by Coverity, and is being used before it is tested for validity. To fix + this the assignment of "la" is moved until after the test of the value + of "chunk". + + Fixes: CID 314014 + + Reviewed-by: Daniel Kiper + +2021-11-02 Darren Kenny + + util/grub-mkfont: Fix memory leak in write_font_pf2() + In the function write_font_pf2() memory is allocated for font_name to + construct a new name, but it is not released before returning from the + function, leaking the allocated memory. + + Fixes: CID 314015 + + Reviewed-by: Daniel Kiper + +2021-11-02 Darren Kenny + + util/grub-fstest: Fix resource leaks in cmd_cmp() + In the function cmd_cmp() within the while loop, srcnew and destnew are + being allocated but are never freed either before leaving scope or in + the recursive calls being made to cmd_cmp(). + + Fixes: CID 314032 + Fixes: CID 314045 + + Reviewed-by: Daniel Kiper + +2021-11-02 Darren Kenny + + util/grub-mkrescue: Fix memory leak in write_part() + In the function write_part(), the value of inname is not used beyond + the grub_util_fopen() call, so it should be freed to avoid leakage. + + Fixes: CID 314028 + + Reviewed-by: Daniel Kiper + +2021-11-02 Darren Kenny + + util/grub-install-common: Fix memory leak in copy_all() + The copy_all() function skips a section of code using continue, but + fails to free the memory in srcf first, leaking it. + + Fixes: CID 314026 + + Reviewed-by: Daniel Kiper + +2021-11-02 Robbie Harwood + + kern/dl: Print module name on license check failure + Prior to this change, the GRUB would only indicate that the check had + been failed, but not by what module. This made it difficult to track + down either the problem module, or debug the false positive further. + + Before performing the license check, resolve the module name so that + it can be printed if the license check fails. + + Reviewed-by: Daniel Kiper + +2021-10-25 Glenn Washburn + + kern/misc: Add debug log condition to log output + Adding the conditional to debug log messages allows the GRUB user to + construct the $debug variable without needing to consult the source to + find the conditional (especially useful for situations where the source + is not readily available). + + Reviewed-by: Daniel Kiper + +2021-10-25 Glenn Washburn + + tests: In partmap_test, use ${parted} variable when checking for binary + Reviewed-by: Daniel Kiper + +2021-10-25 Glenn Washburn + + tests: Test aborts due to missing requirements should be marked as error instead of skipped + Many tests abort due to not being root or missing tools, for instance mkfs + commands for file system tests. The tests are exited with code 77, which + means they were skipped. A skipped test is a test that should not be run, + e.g. a test specific to ARM64 should not be run on an x86 build. These aborts + are actually a hard error, code 99. That means that the test could not be + completed, but not because what was supposed to be tested failed, e.g. in + these cases where a missing tool prevents the running of a test. + + Reviewed-by: Daniel Kiper + +2021-10-25 Glenn Washburn + + tests: Boot PowerPC using PMU instead of CUDA for power management + A recent refactoring of CUDA command code has exposed a bug in OpenBIOS [1] + which was causing system powerdown and system reset to fail, thus causing + the QEMU instance to hang. This in turn caused the grub-shell command to + timeout causing it to return an error code when the test actually completed + successfully. + + Since it could be a while before the patch fixing this issue in OpenBIOS + filters down to the average distro, switch to PMU to allow powerdowns and + reboots to work as expected. + + [1] https://gitlab.com/qemu-project/qemu/-/issues/624 + + Reviewed-by: Daniel Kiper + +2021-10-14 Kees Cook + + osdep/linux: Fix md array device enumeration + GET_ARRAY_INFO's info.nr_disks does not map to GET_DISK_INFO's + disk.number, which is an internal kernel index. If an array has had drives + added, removed, etc., there may be gaps in GET_DISK_INFO's results. But + since the consumer of devicelist cannot tolerate gaps (it expects to walk + a NULL-terminated list of device name strings), the devicelist index (j) + must be tracked separately from the disk.number index (i). + + As part of this, since GRUB wants to only examine active (i.e. present + and non-failed) disks, the count of remaining disks (remaining) must be + tracked separately from the devicelist index (j). + + Additionally, drop a line with empty spaces only. + + Fixes: 49de079bbe1c (... (grub_util_raid_getmembers): Handle "removed" disks) + Fixes: 2b00217369ac (... Added support for RAID and LVM) + Fixes: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1912043 + Fixes: https://savannah.gnu.org/bugs/index.php?59887 + + Reviewed-by: Petr Vorel + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + docs: Add fuller accounting of "make check" prerequisites + Many of the prerequisites for exercising the full "make check" test suite + have not been documented. This adds them along with a note that some tests + require elevated privileges to run. + + Add an incomplete list of cross compiling toolchain packages for Debian + and trusted sources for other distros. + + Add statement at the start of the document to clarify that package names + are from Debian 11. + + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: Do not delete filesystem images on error + The filesystem images created for the filesystem test can be useful when + debugging why a filesystem test failed. So, keep them around and let the + user clean them up. + + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: Output list of devices when partmap fails + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: Skip HFS test only when mac_roman module is not loaded and not loadable + Allow the HFS tests to not be skipped if the mac_roman modules is loaded in + the kernel, but not accessible to modprobe. + + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: Change FAT volume label to be with in the valid character range + The ";", semi-colon, character is not a valid character for a FAT filesystem + label. This test used to succeed because prior to v4.2 of dosfstools + mkfs.vfat did not enforce the character restrictions for volume labels. So, + change the volume label string to be valid but contain symbol characters to + test odd volume labels. + + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: Only test MINIX3 volumes of 1 KiB block size + Apparently there used to be a -B option for mkfs.minix to create a volume + with a specified block size. This version is hard to come by and does not + appear to be available in Debian distributions. So, remove support for + testing a variety of blocks sizes for MINIX3. This allows the MINIX tests + to run because they were being skipped due to not finding a mkfs.minix with + the -B option. + + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: mkfs.btrfs now supports only 4 KiB sector sizes and above + Reviewed-by: Daniel Kiper + + tests: Disable ReiserFS tests for old format because newer kernels do not support them + Reviewed-by: Daniel Kiper + + tests: mkreiserfs only supports 4096 block size + Reviewed-by: Daniel Kiper + + tests: Rename variable filtime -> filetime as its meant to be + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: Use @BUILD_SHEBANG@ autoconf var instead of literal shell + This bring this test in line with the rest of the test scripts. + + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: Exit with skipped exit code when test not performed + These tests were not performed and therefore did not pass, nor fail. This + fixes misleading test exit code where, for instance, the pseries_test will + pass on i386-pc, which is not a pseries architecture. + + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: A failure of mktemp should cause the test script to exit with code 99 + A test exiting with code 99 means that there was an error in the test itself + and not a failure in the thing being tested (also known as a hard error). + + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: Make setup errors in grub-fs-tester hard errors + When a test program fails because it failed to setup the test properly, this + does not indicate a failure in what is attempting to be tested because the + test is never run. So exit with a hard error exit status to note this + difference. This will allow easier detection of tests that are not actually + being run and those that are really failing. + + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: Do not occlude grub-shell return code + The script grub-shell does the bulk of the testing. If it returns an error + code, that means that the test failed and the test should immediately exit + with that error code. When grub-shell is used as a non-terminating command + in a pipeline, e.g. when data needs to be extracted from its output, its + error code will be occluded by the last command in the pipeline. Refactor + tests so that the shell will error with the exit code of grub-shell by + breaking up pipelines such that grub-shell is always the last command in + the pipeline that it is used in. + + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: Do not occlude subshell error codes when used as input to the test command + When using the output of a subshell as input, its error code is ignored in + the context of "set -e". Many test scripts use grub-shell in a subshell with + output used as an argument to the test command to test for expected output. + Refactor these tests so that the subshell output goes to a shell variable, + so that if the subshell errors the script will immediately exit with an + error code. + + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: Add set -e to missing tests + This helps to ensure that error codes do not get ignored. + + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: When checking squashfs fstime, use superblock last modified time + Currently, the filesystem timestamp check in grub-fs-tester uses the + squashfs image file's last modified timestamp and checks to see if that + time stamp is within 3 seconds of the superblock timestamp as determined by + grub. The image file's timestamp could be more than 3 seconds off if + mksquashfs takes more than 3 seconds to generate the image, as is the case + on a virtual machine. Instead use squashfs tools to get the filesystem + timestamp directly. + + Reviewed-by: Daniel Kiper + +2021-10-14 Glenn Washburn + + tests: Fix partmap_test for arm*-efi, disk numbering has changed + Perhaps using a newer UEFI firmware is the reason for the created test disk + showing up as hd2 instead of hd3. + + Reviewed-by: Daniel Kiper + +2021-10-04 Nikolai Kostrigin + + docs/grub-dev: Fix typos + Reviewed-by: Daniel Kiper + +2021-10-04 Michael Chang + + build: Fix build error with binutils 2.36 + The following procedure to build xen/pvgrub is broken. + + git clone https://git.savannah.gnu.org/git/grub.git + cd grub + ./bootstrap + mkdir build-xen + cd build-xen + ../configure --with-platform=xen + make + + It fails with the message: + + /usr/lib64/gcc/x86_64-suse-linux/10/../../../../x86_64-suse-linux/bin/ld: + section .note.gnu.property VMA [0000000000400158,0000000000400187] + overlaps section .bss VMA [000000000000f000,000000000041e1af] + + The most significant factor is that new assembler (GNU as) generates the + .note.gnu.property section as default. This note section overlaps with + .bss because it doesn't reposition with -Wl,-Ttext,0 with which the base + address of .text section is set, rather the address of .note.gnu.property + is calculated for some reason from 0x400000 where the ELF executable + defaults to start. + + Using -Ttext-segment doesn't help either, though it is said to set the + address of the first byte of the text segment according to "man ld". + What it actually does is to override the default 0x400000, aka the image + base address, to something else. The entire process can be observed in + the default linker script used by gcc [1]. Therefore we can't expect it + to achieve the same thing as -Ttext given that the first segment where + .text resides is offset by SIZEOF_HEADERS plus some sections may be + preceding it within the first segment. The end result is .text always + has to start with non-zero address with -Wl,-Ttext-segment,0 if using + default linker script. + + It is also worth mentioning that binutils upstream apparently doesn't + seem to consider this as a bug [2] and proposed to use -Wl,-Ttext-segment,0 + which is not fruitful as what has been tested by Gentoo [3]. + + As long as GRUB didn't use ISA information encoded in .note.gnu.property, + we can safely drop it via -Wa,-mx86-used-note=no assembler option to + fix the linker error above. + + This is considered a better approach than using custom linker script to + drop the .note.gnu.property section because object file manipulation can + also be hampered one way or the other in that linker script may not be + helpful. See also this commit removing the section in the process of objcopy. + + 6643507ce build: Fix GRUB i386-pc build with Ubuntu gcc + + [1] In /usr/lib64/ldscripts/elf_x86_64.x or use 'gcc -Wl,--verbose ...' + PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x400000)); + . = SEGMENT_START("text-segment", 0x400000) + SIZEOF_HEADERS; + [2] https://sourceware.org/bugzilla/show_bug.cgi?id=27377 + [3] https://bugs.gentoo.org/787221 + + Reviewed-by: Daniel Kiper + +2021-10-04 Michael Chang + + disk/diskfilter: Use nodes in logical volume's segment as member device + Currently the grub_diskfilter_memberlist() function returns all physical + volumes added to a volume group to which a logical volume (LV) belongs. + However, this is suboptimal as it doesn't fit the intended behavior of + returning underlying devices that make up the LV. To give a clear + picture, the result should be identical to running commands below to + display the logical volumes with underlying physical volumes in use. + + localhost:~ # lvs -o lv_name,vg_name,devices /dev/system/root + LV VG Devices + root system /dev/vda2(512) + + localhost:~ # lvdisplay --maps /dev/system/root + --- Logical volume --- + ... + --- Segments --- + Logical extents 0 to 4604: + Type linear + Physical volume /dev/vda2 + Physical extents 512 to 5116 + + As shown above, we can know system-root LV uses only /dev/vda2 to + allocate it's extents, or we can say that /dev/vda2 is the member device + comprising the system-root LV. + + It is important to be precise on the member devices, because that helps + to avoid pulling in excessive dependency. Let's use an example to + demonstrate why it is needed. + + localhost:~ # findmnt / + TARGET SOURCE FSTYPE OPTIONS + / /dev/mapper/system-root ext4 rw,relatime + + localhost:~ # pvs + PV VG Fmt Attr PSize PFree + /dev/mapper/data system lvm2 a-- 1020.00m 0 + /dev/vda2 system lvm2 a-- 19.99g 0 + + localhost:~ # cryptsetup status /dev/mapper/data + /dev/mapper/data is active and is in use. + type: LUKS1 + cipher: aes-xts-plain64 + keysize: 512 bits + key location: dm-crypt + device: /dev/vdb + sector size: 512 + offset: 4096 sectors + size: 2093056 sectors + mode: read/write + + localhost:~ # vgs + VG #PV #LV #SN Attr VSize VFree + system 2 3 0 wz--n- 20.98g 0 + + localhost:~ # lvs -o lv_name,vg_name,devices + LV VG Devices + data system /dev/mapper/data(0) + root system /dev/vda2(512) + swap system /dev/vda2(0) + + We can learn from above that /dev/mapper/data is an encrypted volume and + also gets assigned to volume group "system" as one of it's physical + volumes. And also it is not used by root device, /dev/mapper/system-root, + for allocating extents, so it shouldn't be taking part in the process of + setting up GRUB to access root device. + + However, running grub-install reports error as volume group "system" + contains encrypted volume. + + error: attempt to install to encrypted disk without cryptodisk + enabled. Set `GRUB_ENABLE_CRYPTODISK=y' in file `/etc/default/grub'. + + Certainly we can enable GRUB_ENABLE_CRYPTODISK=y and move on, but that + is not always acceptable since the server may need to be booted unattended. + Additionally, typing passphrase for every system startup can be a big + hassle of which most users would like to avoid. + + This patch solves the problem by returning exact physical volume, /dev/vda2, + rightly used by system-root from the example above, thus grub-install will + not error out because the excessive encrypted device to boot the root device + is not configured. + + Tested-by: Olav Reinert + Reviewed-by: Daniel Kiper + +2021-10-04 Krzysztof Nowicki + + fs/ext2: Fix handling of missing sparse extent leafs + When a file on ext4 is stored as sparse the data belonging to + zero-filled blocks is not written to storage and the extent map is + missing entries for these blocks. Such case can happen both for depth + 0 extents (leafs) as well as higher-level tables. + + Consider a scenario of a file which has a zero-filled beginning (e.g. + ISO image). In such case real data starts at block 8. If such a file is + stored using 2-level extent structure the extent list in the inode will + be depth 1 and will have an entry to a depth 0 (leaf) extent header for + blocks 8-n. + + Unfortunately existing GRUB2 ext2 driver is only able to handle missing + entries in leaf extent tables, for which the grub_ext2_read_block() + function returns 0. In case the whole leaf extent list is missing for + a block the function fails with "invalid extent" error. + + The fix for this problem relies on the grub_ext4_find_leaf() helper + function to distinguish two error cases: missing extent and error + walking through the extent tree. The existing error message is raised + only for the latter case, while for the missing leaf extent zero is + returned from grub_ext2_read_block() indicating a sparse block. + + Reviewed-by: Daniel Kiper + +2021-10-04 Daniel Axtens + + powerpc: Drop Open Hack'Ware - remove GRUB_IEEE1275_FLAG_NO_ANSI + Open Hack'Ware was the only user. + + Reviewed-by: Daniel Kiper + +2021-10-04 Daniel Axtens + + powerpc: Drop Open Hack'Ware - remove GRUB_IEEE1275_FLAG_CANNOT_INTERPRET + Open Hack'Ware was the only user. + + Reviewed-by: Daniel Kiper + +2021-10-04 Daniel Axtens + + powerpc: Drop Open Hack'Ware - remove GRUB_IEEE1275_FLAG_CANNOT_SET_COLORS + Open Hack'Ware was the only user. + + Reviewed-by: Daniel Kiper + +2021-10-04 Daniel Axtens + + powerpc: Drop Open Hack'Ware - remove GRUB_IEEE1275_FLAG_FORCE_CLAIM + Open Hack'Ware was the only user. It added a lot of complexity. + + Reviewed-by: Daniel Kiper + +2021-10-04 Daniel Axtens + + powerpc: Drop Open Hack'Ware + Open Hack'Ware was an alternative firmware of powerpc under QEMU. + + The last commit to any Open Hack'Ware repo I can find is from 2014 [1]. + + Open Hack'Ware was used for the QEMU "prep" machine type, which was + deprecated in QEMU in commit 54c86f5a4844 (hw/ppc: deprecate the + machine type 'prep', replaced by '40p') in QEMU v3.1, and had reportedly + been broken for years before without anyone noticing. Support was removed + in February 2020 by commit b2ce76a0730e (hw/ppc/prep: Remove the + deprecated "prep" machine and the OpenHackware BIOS). + + Open Hack'Ware's limitations require some messy code in GRUB. This + complexity is not worth carrying any more. + + Remove detection of Open Hack'Ware. We will clean up the feature flags + in following commits. + + [1]: https://github.com/qemu/openhackware and + https://repo.or.cz/w/openhackware.git are QEMU submodules. They have + only small changes on top of OHW v0.4.1, which was imported into + QEMU SCM in 2010. I can't find anything resembling an official repo + any more. + + Reviewed-by: Daniel Kiper + +2021-09-20 Glenn Washburn + + docs/grub: Improve search documentation, by adding short options and section on hints + Reviewed-by: Daniel Kiper + +2021-09-20 Glenn Washburn + + fs/udf: Fix regression which is preventing symlink access + This code was broken by commit 3f05d693 (malloc: Use overflow checking + primitives where we do complex allocations), which added overflow + checking in many areas. The problem here is that the changes update the + local variable sz, which was already in use and which was not updated + before the change. So the code using sz was getting a different value of + than it would have previously for the same UDF image. This causes the + logic getting the destination of the symlink to not realize that its + gotten the full destination, but keeps trying to read past the end of + the destination. The bytes after the end are generally NULL padding + bytes, but that's not a valid component type (ECMA-167 14.16.1.1). So + grub_udf_read_symlink() branches to error logic, returning NULL, instead + of the symlink destination path. + + The result of this bug is that the UDF filesystem tests were failing in + the symlink test with the grub-fstest error message: + + grub-fstest: error: cannot open `(loop0)/sym': invalid symlink. + + This change stores the result of doubling sz in another local variable s, + so as not to modify sz. Also remove unnecessary grub_add(), which increased + the output by 1, presumably to account for a NULL byte. This isn't needed + because an output buffer of size twice sz is already guaranteed to be more + than enough to contain the path components converted to UTF-8. The value of + sz contains at least 4 bytes for the path component header (ECMA-167 14.16.1), + which means that 2 * 4 bytes are allocated but will not be used for UTF-8 + characters, so the NULL byte is accounted for. + + Reviewed-by: Daniel Kiper + +2021-09-20 Chris Vogel + + templates: Add GRUB_CMDLINE_LINUX_RECOVERY + When generating grub.cfg using grub-mkconfig and the scripts 10_linux and + 20_linux_xen there is no way to add kernel command line parameters _only_ to + the recovery entries generated. + + This is needed to e.g. start a debug shell in installations using systemd + using the kernel command line parameter "systemd.debug-shell" or to recover + in a system with encrypted root in situations where the decryption of the + root filesystem per crypttab in the intiramfs image is broken and the recovery + entry should contain information how to decrypt the rootfs (cryptopts=). + + This patch does not change the default behaviour of the GRUB if + GRUB_CMDLINE_LINUX_RECOVERY is not set. + + If GRUB_CMDLINE_LINUX_RECOVERY is set and the generated recovery entry should + include the kernel parameter "single" the parameter must be explicitly included + in GRUB_CMDLINE_LINUX_RECOVERY. + + As far as I know all credits for the idea and the initial implementation go to + Kyle Ranking of Purism. + + Reviewed-by: Daniel Kiper + +2021-09-20 Michael Chang + + emu: Fix executable stack marking + The gcc by default assumes executable stack is required if the source + object file doesn't have .note.GNU-stack section in place. If any of the + source objects doesn't incorporate the GNU-stack note, the resulting + program will have executable stack flag set in PT_GNU_STACK program + header to instruct program loader or kernel to set up the executable + stack when program loads to memory. + + Usually the .note.GNU-stack section will be generated by gcc + automatically if it finds that executable stack is not required. However + it doesn't take care of generating .note.GNU-stack section for those + object files built from assembler sources. This leads to unnecessary + risk of security of exploiting the executable stack because those + assembler sources don't actually require stack to be executable to work. + + The grub-emu and grub-emu-lite are found to flag stack as executable + revealed by execstack tool. + + $ mkdir -p build-emu && cd build-emu + $ ../configure --with-platform=emu && make + $ execstack -q grub-core/grub-emu grub-core/grub-emu-lite + X grub-core/grub-emu + X grub-core/grub-emu-lite + + This patch will add the missing GNU-stack note to the assembler source + used by both utilities, therefore the result doesn't count on gcc + default behavior and the executable stack is disabled. + + $ execstack -q grub-core/grub-emu grub-core/grub-emu-lite + - grub-core/grub-emu + - grub-core/grub-emu-lite + + Reviewed-by: Daniel Kiper + +2021-09-13 Thomas Schmitt + + tests: Keep grub-fs-tester ziso9660 from failing for wrong reasons + The test for the ability to decompress zisofs encoded files is supposed + to fail due to the lack of this ability in GRUB. But it fails early with + xorriso : FAILURE : -volid: Text too long (1650 > 32) + because "ziso9660" is not in the list of filesystems which accept at most + 32 bytes in their FSLABEL. If this is fixed, the test returns false + success because the xorriso run does not produce any zisofs compressed + files. The problem is in the sequence of native xorriso commands used. + The command -set_filter_r applies only to the files which are already + inserted into the emerging ISO filesystem. In the current sequence no + files have been inserted yet by command -add when the last of two + -set_filter_r commands is executed. After this is corrected, xorriso + refuses to work because the global settings of command -zisofs can be + made only before command -set_filter_r has attached zisofs filters to + the data files in the emerging ISO. Further: A bug in xorriso causes + a false warning about FSLABEL being too long for Joliet. Shortcomings + of Joliet cause warnings about symbolic links. Such warnings might + distract from the actual reason why the test is expected to fail. + + So, add "ziso9660" to the 32-byte FSLABEL list. + + Fix the xorriso run to produce compressed files which for now cause + righteous failure of the test. Do this by removing a surplus group of + -set_filter_r and -zisofs commands, by moving the other such group + behind -add, and by swapping -set_filter_r and -zisofs. + + Remove the -as mkisofs options which produce a Joliet filesystem tree. + + Reviewed-by: Daniel Kiper + +2021-09-13 Glenn Washburn + + commands/read: Add silent mode to read command to suppress input echo + This conforms to the behavior of the -s option of the Bash read command. + + docs/grub: Document the -s option for the read command. + + Reviewed-by: Daniel Kiper + +2021-09-13 Glenn Washburn + + kern/fs: Allow number of blocks in block list to be optional, defaulting length to device length + This is primarily useful to do something like "loopback newdev (dev)8+" to + create a device that skips the first 4 KiB, which may contain a container + header, e.g. a non-standard RAID1 header, that GRUB does not recognize. This + would allow that container data to be potentially accessed up to the end of + container, which may be necessary for some layouts that store data at the + end. There is currently not a good way to programmatically get the number + of sectors on a disk to set the appropriate length of the blocklist. + + Reviewed-by: Daniel Kiper + +2021-09-06 Petr Vorel + + autogen.sh: Detect python + It helps to avoid an error on distros which has only python3 binary: + ./autogen.sh: line 20: python: command not found + + Use python3 as the default as python2 is EOL since Jan 2020. However, + check also for python which is on most distros, if not all, python2 + because code still works on python2. + + Although it should not be needed keep the possibility to define PYTHON + variable. + + For detection use "command -v" which is POSIX and supported on all + common shells (bash, zsh, dash, busybox sh, mksh) instead requiring + "which" as an extra dependency (usable on containers). + + Update the INSTALL file too. + + Reviewed-by: Daniel Kiper + +2021-09-06 Petr Vorel + + bootstrap: Require GNU patch + The bootstrap.conf uses patch, let's require it. + + Better than multiple messages: + ./bootstrap.conf: line 84: patch: command not found + + Mention it also in the INSTALL file. + + Reviewed-by: Daniel Kiper + +2021-09-06 Thomas Schmitt + + tests: Let xorriso fixely assume UTF-8 as local character set + The iso9660_test fails if the effective locale is not UTF-8. This happens + because xorriso needs to convert file names and FSLABEL to UCS-2 when + preparing a Joliet tree. The grub-fs-tester obviously intends to use UTF-8 + as character set, but xorriso assumes by default the result of nl_langinfo(3) + with item CODESET. So, override the result of nl_langinfo(CODESET) by options + of xorriso -as mkisofs. + + Reviewed-by: Daniel Kiper + +2021-09-06 Fangrui Song via Grub-devel + + configure: Check for -falign-jumps=1 beside -falign-loops=1 + The Clang does not support -falign-jumps and only recently gained support + for -falign-loops. The -falign-jumps=1 should be tested beside + -fliang-loops=1 to avoid passing unrecognized options to the Clang: + + clang-14: error: optimization flag '-falign-jumps=1' is not supported [-Werror,-Wignored-optimization-argument] + + The -falign-functions=1 is supported by GCC 5.1.0/Clang 3.8.0. So, just + add the option unconditionally. + + Acked-by: Paul Menzel + Reviewed-by: Daniel Kiper + +2021-09-06 Fangrui Song via Grub-devel + + configure: Remove obsoleted -malign-{jumps, loops, functions} + The GCC warns "cc1: warning: ‘-malign-loops’ is obsolete, use ‘-falign-loops’". + The Clang silently ignores -malign-{jumps,loops,functions}. + + The preferred -falign-* forms have been supported since GCC 3.2. So, just + remove -malign-{jumps,loops,functions}. + + Acked-by: Paul Menzel + Reviewed-by: Daniel Kiper + +2021-09-06 Erwan Velu + + fs/xfs: Fix unreadable filesystem with v4 superblock + The commit 8b1e5d193 (fs/xfs: Add bigtime incompat feature support) + introduced the bigtime support by adding some features in v3 inodes. + This change extended grub_xfs_inode struct by 76 bytes but also changed + the computation of XFS_V2_INODE_SIZE and XFS_V3_INODE_SIZE. Prior this + commit, XFS_V2_INODE_SIZE was 100 bytes. After the commit it's 84 bytes + XFS_V2_INODE_SIZE becomes 16 bytes too small. + + As a result, the data structures aren't properly aligned and the GRUB + generates "attempt to read or write outside of partition" errors when + trying to read the XFS filesystem: + + GNU GRUB version 2.11 + .... + grub> set debug=efi,gpt,xfs + grub> insmod part_gpt + grub> ls (hd0,gpt1)/ + partmap/gpt.c:93: Read a valid GPT header + partmap/gpt.c:115: GPT entry 0: start=4096, length=1953125 + fs/xfs.c:931: Reading sb + fs/xfs.c:270: Validating superblock + fs/xfs.c:295: XFS v4 superblock detected + fs/xfs.c:962: Reading root ino 128 + fs/xfs.c:515: Reading inode (128) - 64, 0 + fs/xfs.c:515: Reading inode (739521961424144223) - 344365866970255880, 3840 + error: attempt to read or write outside of partition. + + This commit change the XFS_V2_INODE_SIZE computation by subtracting 76 + bytes instead of 92 bytes from the actual size of grub_xfs_inode struct. + This 76 bytes value comes from added members: + 20 grub_uint8_t unused5 + 1 grub_uint64_t flags2 + 48 grub_uint8_t unused6 + + This patch explicitly splits the v2 and v3 parts of the structure. + The unused4 is still ending of the v2 structures and the v3 starts + at unused5. Thanks to this we will avoid future corruptions of v2 + or v3 inodes. + + The XFS_V2_INODE_SIZE is returning to its expected size and the + filesystem is back to a readable state: + + GNU GRUB version 2.11 + .... + grub> set debug=efi,gpt,xfs + grub> insmod part_gpt + grub> ls (hd0,gpt1)/ + partmap/gpt.c:93: Read a valid GPT header + partmap/gpt.c:115: GPT entry 0: start=4096, length=1953125 + fs/xfs.c:931: Reading sb + fs/xfs.c:270: Validating superblock + fs/xfs.c:295: XFS v4 superblock detected + fs/xfs.c:962: Reading root ino 128 + fs/xfs.c:515: Reading inode (128) - 64, 0 + fs/xfs.c:515: Reading inode (128) - 64, 0 + fs/xfs.c:931: Reading sb + fs/xfs.c:270: Validating superblock + fs/xfs.c:295: XFS v4 superblock detected + fs/xfs.c:962: Reading root ino 128 + fs/xfs.c:515: Reading inode (128) - 64, 0 + fs/xfs.c:515: Reading inode (128) - 64, 0 + fs/xfs.c:515: Reading inode (128) - 64, 0 + fs/xfs.c:515: Reading inode (131) - 64, 768 + efi/ fs/xfs.c:515: Reading inode (3145856) - 1464904, 0 + grub2/ fs/xfs.c:515: Reading inode (132) - 64, 1024 + grub/ fs/xfs.c:515: Reading inode (139) - 64, 2816 + grub> + + Fixes: 8b1e5d193 (fs/xfs: Add bigtime incompat feature support) + + Tested-by: Carlos Maiolino + Reviewed-by: Daniel Kiper + +2021-09-06 Heinrich Schuchardt + + libgcrypt: Avoid -Wempty-body in rijndael do_setkey() + Avoid a warning + + lib/libgcrypt-grub/cipher/rijndael.c:229:9: + warning: suggest braces around empty body in an ‘if’ statement [-Wempty-body] + 229 | ; + | ^ + + Reviewed-by: Daniel Kiper + +2021-09-06 Heinrich Schuchardt + + libgcrypt: Avoid -Wsign-compare in rijndael do_setkey() + Avoid a warning + + lib/libgcrypt-grub/cipher/rijndael.c:352:21: warning: + comparison of integer expressions of different signedness: + ‘int’ and ‘unsigned int’ [-Wsign-compare] + 352 | for (i = 0; i < keylen; i++) + | + + Reviewed-by: Daniel Kiper + +2021-09-06 Wouter van Kesteren + + commands/setpci: Honor write mask argument + In the case that one passes a write mask with ":" the write_mask is + obtained from grub_strtoul() and then promptly overwritten by 0xffffffff + three lines later. + + This appears to have been so since the initial version of setpci in 2009. + I'm surprised no one else has hit this issue in the past 12 years... + + Reviewed-by: Daniel Kiper + +2021-07-22 Jeff Mahoney + + osdep/linux/hostdisk: Use stat() instead of udevadm for partition lookup + The sysfs_partition_path() calls udevadm to resolve the sysfs path for + a block device. That can be accomplished by stating the device node + and using the major/minor to follow the symlinks in /sys/dev/block/. + + This cuts the execution time of grub-mkconfig to somewhere near 55% on + system without LVM (which uses libdevmapper instead sysfs_partition_path()). + + Remove udevadm call as it does not help us more than calling stat() directly. + + Reviewed-by: Daniel Kiper + +2021-07-22 Petr Vorel + + osdep: Introduce include/grub/osdep/major.h and use it + ... to factor out fix for glibc 2.25 introduced in 7a5b301e3 (build: Use + AC_HEADER_MAJOR to find device macros). + + Note: Once glibc 2.25 is old enough and this fix is not needed also + AC_HEADER_MAJOR in configure.ac should be removed. + + Reviewed-by: Daniel Kiper + +2021-07-22 Daniel Axtens + + ieee1275: Drop HEAP_MAX_ADDR and HEAP_MIN_SIZE constants + The HEAP_MAX_ADDR is confusing. Currently it is set to 32MB, except on + ieee1275 on x86, where it is 64MB. + + There is a comment which purports to explain it: + + /* If possible, we will avoid claiming heap above this address, because it + seems to cause relocation problems with OSes that link at 4 MiB */ + + This doesn't make a lot of sense when the constants are well above 4MB + already. It was not always this way. Prior to commit 7b5d0fe4440c + (Increase heap limit) in 2010, HEAP_MAX_SIZE and HEAP_MAX_ADDR were + indeed 4MB. However, when the constants were increased the comment was + left unchanged. + + It's been over a decade. It doesn't seem like we have problems with + claims over 4MB on powerpc or x86 ieee1275. The SPARC does things + completely differently and never used the constant. + + Drop the constant and the check. + + The only use of HEAP_MIN_SIZE was to potentially override the + HEAP_MAX_ADDR check. It is now unused. Remove it too. + + Tested-by: Stefan Berger + Reviewed-by: Daniel Kiper + +2021-07-22 Marius Bakke + + tests/ahci: Change "ide-drive" deprecated QEMU device name to "ide-hd" + The "ide-drive" device was removed in QEMU 6.0. The "ide-hd" has been + available for more than 10 years now in QEMU. Thus there shouldn't be + any need for backwards compatible names. + + Reviewed-by: Daniel Kiper + +2021-07-22 Javier Martinez Canillas + + fs/ext2: Ignore checksum seed incompat feature + This incompat feature is used to denote that the filesystem stored its + metadata checksum seed in the superblock. This is used to allow tune2fs + changing the UUID on a mounted metdata_csum filesystem without having + to rewrite all the disk metadata. However, the GRUB doesn't use the + metadata checksum at all. So, it can just ignore this feature if it + is enabled. This is consistent with the GRUB filesystem code in general + which just does a best effort to access the filesystem's data. + + The checksum seed incompat feature has to be removed from the ignore + list if the support for metadata checksum verification is added to the + GRUB ext2 driver later. + + Suggested-by: Eric Sandeen + Suggested-by: Lukas Czerner + Reviewed-by: Lukas Czerner + Reviewed-by: Daniel Kiper + +2021-06-08 Glenn Washburn + + zfs: Use grub_uint64_t instead of 1ULL in BF64_*CODE() macros + The underlying type of 1ULL does not change across architectures but + grub_uint64_t does. This allows using the BF64_*CODE() macros as + arguments to format string functions that use the PRI* format string + macros that also vary with architecture. + + Change the grub_error() call, where this was previously an issue and + temporarily fixed by casting and using a format string literal code, + to now use PRI* macros and remove casting. + + Reviewed-by: Daniel Kiper + +2021-06-08 Daniel Kiper + + Bump version to 2.11 + Skip versions between 2.07 and 2.10 to avoid leading zeros in minor + version number. This way version parsing in scripts should be easier. + + Release 2.06 + +2021-06-08 Daniel Kiper + + SECURITY: Add SECURITY file + The SECURITY file describes the GRUB project security policy. + + It is based on https://github.com/wireapp/wire/blob/master/SECURITY.md + +2021-06-08 Daniel Kiper + + MAINTAINERS: Add MAINTAINERS file + The MAINTAINERS file provides basic information about the GRUB project + and its maintainers. + +2021-06-01 Dimitri John Ledkov + + grub-install: Add backup and restore + Refactor clean_grub_dir() to create a backup of all the files, instead + of just irrevocably removing them as the first action. If available, + register atexit() handler to restore the backup if errors occur before + point of no return, or remove the backup if everything was successful. + If atexit() is not available, the backup remains on disk for manual + recovery. + + Some platforms defined a point of no return, i.e. after modules & core + images were updated. Failures from any commands after that stage are + ignored, and backup is cleaned up. For example, on EFI platforms update + is not reverted when efibootmgr fails. + + Extra care is taken to ensure atexit() handler is only invoked by the + parent process and not any children forks. Some older GRUB codebases + can invoke parent atexit() hooks from forks, which can mess up the + backup. + + This allows safer upgrades of MBR & modules, such that + modules/images/fonts/translations are consistent with MBR in case of + errors. For example accidental grub-install /dev/non-existent-disk + currently clobbers and upgrades modules in /boot/grub, despite not + actually updating any MBR. + + This patch only handles backup and restore of files copied to /boot/grub. + This patch does not perform backup (or restoration) of MBR itself or + blocklists. Thus when installing i386-pc platform, corruption may still + occur with MBR and blocklists which will not be attempted to be + automatically recovered. + + Also add modinfo.sh and *.efi to the cleanup/backup/restore code path, + to ensure it is also cleaned, backed up and restored. + + Reviewed-by: Daniel Kiper + +2021-06-01 Dimitri John Ledkov + + osdep/unix/exec: Avoid atexit() handlers when child execvp() fails + The functions grub_util_exec_pipe() and grub_util_exec_pipe_stderr() + currently call execvp(). If the call fails for any reason, the child + currently calls exit(127). This in turn executes the parents + atexit() handlers from the forked child, and then the same handlers + are called again from parent. This is usually not desired, and can + lead to deadlocks, and undesired behavior. So, change the exit() calls + to _exit() calls to avoid calling atexit() handlers from child. + + Fixes: e75cf4a58 (unix exec: avoid atexit handlers when child exits) + + Reviewed-by: Daniel Kiper + +2021-06-01 Jan (janneke) Nieuwenhuizen + + lib/i386/relocator64: Build fixes for i386 + This fixes cross-compiling to x86 (e.g., the Hurd) from x86-linux of + + grub-core/lib/i386/relocator64.S + + This file has six sections that only build with a 64-bit assembler, + yet only the first two sections had support for a 32-bit assembler. + This patch completes this for the remaining sections. + + To reproduce, update the GRUB source description in your local Guix + archive and run + + ./pre-inst-env guix build --system=i686-linux --target=i586-pc-gnu grub + + or install an x86 cross-build environment on x86-linux (32-bit!) and + configure to cross build and make, e.g., do something like + + ./configure \ + CC_FOR_BUILD=gcc \ + --build=i686-unknown-linux-gnu \ + --host=i586-pc-gnu + make + + Additionally, remove a line with redundant spaces. + + Reviewed-by: Daniel Kiper + +2021-06-01 Javier Martinez Canillas + + fs/xfs: Add needsrepair incompat feature support + The XFS now has an incompat feature flag to indicate that a filesystem + needs to be repaired. The Linux kernel refuses to mount the filesystem + that has it set and only the xfs_repair tool is able to clear that flag. + + The GRUB doesn't have the concept of mounting filesystems and just + attempts to read the files. But it does some sanity checking before + attempting to read from the filesystem. Among the things which are tested, + is if the super block only has set of incompatible features flags that + are supported by GRUB. If it contains any flags that are not listed as + supported, reading the XFS filesystem fails. + + Since the GRUB doesn't attempt to detect if the filesystem is inconsistent + nor replays the journal, the filesystem access is a best effort. For this + reason, ignore if the filesystem needs to be repaired and just print a debug + message. That way, if reading or booting fails later, the user is able to + figure out that the failures can be related to broken XFS filesystem. + + Suggested-by: Eric Sandeen + Reviewed-by: Daniel Kiper + +2021-06-01 Carlos Maiolino + + fs/xfs: Add bigtime incompat feature support + The XFS filesystem supports a bigtime feature to overcome y2038 problem. + This patch makes the GRUB able to support the XFS filesystems with this + feature enabled. + + The XFS counter for the bigtime enabled timestamps starts at 0, which + translates to GRUB_INT32_MIN (Dec 31 20:45:52 UTC 1901) in the legacy + timestamps. The conversion to Unix timestamps is made before passing the + value to other GRUB functions. + + For this to work properly, GRUB requires an access to flags2 field in the + XFS ondisk inode. So, the grub_xfs_inode structure has been updated to + cover full ondisk inode. + + Reviewed-by: Daniel Kiper + +2021-06-01 Carlos Maiolino + + fs: Use 64-bit type for filesystem timestamp + Some filesystems nowadays use 64-bit types for timestamps. So, update + grub_dirhook_info struct to use an grub_int64_t type to store mtime. + This also updates the grub_unixtime2datetime() function to receive + a 64-bit timestamp argument and do 64-bit-safe divisions. + + All the remaining conversion from 32-bit to 64-bit should be safe, as + 32-bit to 64-bit attributions will be implicitly casted. The most + critical part in the 32-bit to 64-bit conversion is in the function + grub_unixtime2datetime() where it needs to deal with the 64-bit type. + So, for that, the grub_divmod64() helper has been used. + + These changes enables the GRUB to support dates beyond y2038. + + Reviewed-by: Daniel Kiper + +2021-05-28 Javier Martinez Canillas + + types: Define PRI{x,d}GRUB_INT{32,64}_T format specifiers + There are already PRI*_T constants defined for unsigned integers but not + for signed integers. Add format specifiers for the latter. + + Suggested-by: Daniel Kiper + Reviewed-by: Daniel Kiper + +2021-05-28 Tianjia Zhang + + kern/efi/sb: Remove duplicate efi_shim_lock_guid variable + The efi_shim_lock_guid local variable and shim_lock_guid global variable + have the same GUID value. Only the latter is retained. + + Reviewed-by: Daniel Kiper + +2021-05-10 Javier Martinez Canillas + + util/mkimage: Fix wrong PE32+ section sizes for some arches + The commit f60ba9e5945 (util/mkimage: Refactor section setup to use a helper) + added a helper function to setup PE sections. But it also changed how the + raw data offsets were calculated since all the section sizes are aligned. + However, for some platforms, i.e ia64-efi and arm64-efi, the kernel image + size is not aligned using the section alignment. This leads to the situation + in which the mods section offset in its PE section header does not match its + real placement in the PE file. So, finally the GRUB is not able to locate + and load built-in modules. + + The problem surfaces on ia64-efi and arm64-efi because both platforms + require additional relocation data which is added behind .bss section. + So, we have to add some padding behind this extra data to make the + beginning of mods section properly aligned in the PE file. Fix it by + aligning the kernel_size to the section alignment. That makes the sizes + and offsets in the PE section headers to match relevant sections in the + PE32+ binary file. + + Reported-by: John Paul Adrian Glaubitz + Tested-by: John Paul Adrian Glaubitz + Reviewed-by: Daniel Kiper + +2021-05-10 Daniel Kiper + + term/terminfo: Fix the terminfo command help and documentation + Additionally, fix the terminfo spelling mistake in + the GRUB development documentation. + + Reviewed-by: Javier Martinez Canillas + +2021-05-10 Daniel Kiper + + i18n: Align N_() formatting with the rest of GRUB code + Reviewed-by: Javier Martinez Canillas + +2021-05-10 Daniel Kiper + + i18n: Format large integers before the translation message - take 2 + This is an additional fix which has been missing from the commit 837fe48de + (i18n: Format large integers before the translation message). + + Reviewed-by: Javier Martinez Canillas + +2021-04-13 Miguel Ángel Arruga Vivas + + i18n: Format large integers before the translation message + The GNU gettext only supports the ISO C99 macros for integral + types. If there is a need to use unsupported formatting macros, + e.g. PRIuGRUB_UINT64_T, according to [1] the number to a string + conversion should be separated from the code printing message + requiring the internationalization. So, the function grub_snprintf() + is used to print the numeric values to an intermediate buffer and + the internationalized message contains a string format directive. + + [1] https://www.gnu.org/software/gettext/manual/html_node/Preparing-Strings.html#No-string-concatenation + + Reviewed-by: Daniel Kiper + +2021-04-12 Daniel Axtens + + video/fb/fbfill: Use unsigned integers for width/height + Since commit 7ce3259f67ac (video/fb/fbfill: Fix potential integer + overflow), clang builds of grub-emu have failed with messages like: + + /usr/bin/ld: libgrubmods.a(libgrubmods_a-fbfill.o): in function `grub_video_fbfill_direct24': + fbfill.c:(.text+0x28e): undefined reference to `__muloti4' + + This appears to be due to a weird quirk in how clang compiles + + grub_mul(dst->mode_info->bytes_per_pixel, width, &rowskip) + + which is grub_mul(unsigned int, int, &grub_size_t). + + It looks like clang somewhere promotes everything to 128-bit maths + before ultimately reducing down to 64 bit for grub_size_t. I think + this is because width is signed, and indeed converting width to an + unsigned int makes the problem go away. + + This conversion also makes more sense generally: + - the caller of all the fbfill_directN functions is + grub_video_fb_fill_dispatch() and it takes width and height as + unsigned ints already, + - it doesn't make sense to fill a negative width or height. + + Convert the width and height arguments and associated loop counters + to unsigned ints. + + Fixes: 7ce3259f67ac (video/fb/fbfill: Fix potential integer overflow) + + Reviewed-by: Daniel Kiper + +2021-04-12 Glenn Washburn + + docs: Conform badmem and cutmem description indentations with other commands + Reviewed-by: Daniel Kiper + + docs: Add note to cryptomount that UUIDs should be specified without dashes + Reviewed-by: Daniel Kiper + +2021-04-12 Aru Sahni + + templates: Fix user-facing typo with an incorrect use of "it's" + Since the possessive form of "it" is being used, the apostrophe must be omitted. + + Reviewed-by: Daniel Kiper + +2021-04-12 Colin Watson + + buffer: Sync up out-of-range error message + The messages associated with other similar GRUB_ERR_OUT_OF_RANGE errors + were lacking the trailing full stop. Syncing up the strings saves a small + amount of precious core image space on i386-pc. + + DOWN: obj/i386-pc/grub-core/kernel.img (31740 > 31708) - change: -32 + DOWN: i386-pc core image (biosdisk ext2 part_msdos) (27453 > 27452) - change: -1 + DOWN: i386-pc core image (biosdisk ext2 part_msdos diskfilter mdraid09) (32367 > 32359) - change: -8 + + Reviewed-by: Daniel Kiper + +2021-04-12 Glenn Washburn + + usb/usbhub: Use GRUB_USB_MAX_CONF macro instead of literal in hub for maximum configs + Reviewed-by: Daniel Kiper + +2021-04-12 Daniel Drake + + fs/minix: Avoid mistakenly probing ext2 filesystems + The ext2 (and ext3, ext4) filesystems write the number of free inodes to + location 0x410. + + On a MINIX filesystem, that same location is used for the MINIX superblock + magic number. + + If the number of free inodes on an ext2 filesystem is equal to any + of the four MINIX superblock magic values plus any multiple of 65536, + GRUB's MINIX filesystem code will probe it as a MINIX filesystem. + + In the case of an OS using ext2 as the root filesystem, since there will + ordinarily be some amount of file creation and deletion on every bootup, + it effectively means that this situation has a 1:16384 chance of being hit + on every reboot. + + This will cause GRUB's filesystem probing code to mistakenly identify an + ext2 filesystem as MINIX. This can be seen by e.g. "search --label" + incorrectly indicating that no such ext2 partition with matching label + exists, whereas in fact it does. + + After spotting the rough cause of the issue I was facing here, I borrowed + much of the diagnosis/explanation from meierfra who found and investigated + the same issue in util-linux in 2010: + + https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/518582 + + This was fixed in util-linux by having the MINIX code check for the + ext2 magic. Do the same here. + + Reviewed-by: Derek Foreman + Reviewed-by: Daniel Kiper + +2021-03-12 Daniel Kiper + + Release 2.06~rc1 + +2021-03-11 Ard Biesheuvel + + arm/linux: Fix ARM Linux header layout + The hdr_offset member of the ARM Linux image header appears at + offset 0x3c, matching the PE/COFF spec's placement of the COFF + header offset in the MS-DOS header. We're currently off by four, + so fix that. + + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + style: Format string macro should have a space between quotes + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + grub/err: Do compile-time format string checking on grub_error() + This should help prevent format string errors and thus improve the quality + of error reporting. + + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + fs/zfs/zfs: Use format code "%llu" for 64-bit uint bp->blk_prop in grub_error() + This is a temporary, less-intrusive change to get the build to success with + compiler format string checking turned on. There is a better fix which + addresses this issue, but it needs more testing. Use this change so that + format string checking on grub_error() can be turned on until the better + change is fully tested. + + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + fs/hfsplus: Use format code PRIuGRUB_UINT64_T for 64-bit typed fileblock in grub_error() + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + dl/elf: Use format code PRIxGRUB_UINT64_T for 64-bit arg in grub_error() + The macro ELF_R_TYPE does not change the underlying type. Here its argument + is a 64-bit Elf64_Xword. Make sure the format code matches. + + For the RISC-V architecture, rel->r_info could be either Elf32_Xword or + Elf64_Xword depending on if 32 or 64-bit RISC-V is being built. So cast + to 64-bit value regardless. + + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + disk/ata: Use format code PRIxGRUB_UINT64_T for 64-bit uint argument in grub_error() + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + loader/i386/pc/linux: Use PRI* macros to get correct format string code across architectures + Also remove casting of format string args so that the architecture dependent + type is preserved. + + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + kern/efi/mm: Format string error in grub_error() + The second format string argument, GRUB_EFI_MAX_USABLE_ADDRESS, is a macro + to a number literal. However, depending on what the target architecture, the + type can be 32 or 64 bits. Cast to a 64-bit integer. Also, change the + format string literals "%llx" to use PRIxGRUB_UINT64_T. + + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + commands/pgp: Format code for grub_error() is incorrect + The format code is for a 32-bit int, but the argument, keyid, is declared as + a 64 bit int. The comment above says keyid is 32-bit. I'm not sure if the + comment or declaration is wrong, so force the display of a 64-bit int for now. + + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + grub_error: Use format code PRIuGRUB_SIZE for variables of type grub_size_t + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + disk/dmraid_nvidia: Format string error in grub_error() + The grub_error() has a format string expecting two arguments, but only one + provided. According to the comments in the struct grub_nv_super definition, + the version field looks like a version number where major.minor is encoded + as each a byte in the two-byte short. + + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + video/bochs: grub_error() format string add missing format code + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + parttool/msdospart: grub_error() missing format string argument + Its obvious from the error message that the variable named "type" was + accidentally omitted. + + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + misc: Format string for grub_error() should be a literal + Reviewed-by: Daniel Kiper + +2021-03-10 Philip Müller + + templates: Properly disable the os-prober by default + This patch does the following: + - really disables os-prober by default in the util/grub-mkconfig.in + by setting GRUB_DISABLE_OS_PROBER to true, + - fixes the logic in the util/grub.d/30_os-prober.in, + - updates the grub_warn() lines. + + Reason for the code shuffling in the util/grub-mkconfig.in: + + The default was GRUB_DISABLE_OS_PROBER=false if you don't set + GRUB_DISABLE_OS_PROBER at all. To prevent os-prober from starting we + have to set it by default to true and shuffle GRUB_DISABLE_OS_PROBER to + code section, which is executed by the script. However we still give an + option to the user to overwrite it with false, if he wants to execute + os-prober after all. + + Fixes: e3464147 (templates: Disable the os-prober by default) + + Reported-by: Didier Spaier + Reported-by: Lennart Sorensen + Reported-by: John Paul Adrian Glaubitz + Reviewed-by: Daniel Kiper + +2021-03-10 Michael Chang + + kern/efi/sb: Add chainloaded image as shim's verifiable object + While attempting to dual boot Microsoft Windows with UEFI chainloader, + it failed with below error when UEFI Secure Boot was enabled: + + error ../../grub-core/kern/verifiers.c:119:verification requested but + nobody cares: /EFI/Microsoft/Boot/bootmgfw.efi. + + It is a regression, as previously it worked without any problem. + + It turns out chainloading PE image has been locked down by commit + 578c95298 (kern: Add lockdown support). However, we should consider it + as verifiable object by shim to allow booting in UEFI Secure Boot mode. + The chainloaded PE image could also have trusted signature created by + vendor with their pubkey cert in db. For that matters it's usage should + not be locked down under UEFI Secure Boot, and instead shim should be + allowed to validate a PE binary signature before running it. + + Fixes: 578c95298 (kern: Add lockdown support) + + Reviewed-by: Daniel Kiper + +2021-03-10 Glenn Washburn + + disk/pata: Suppress error message "no device connected" + This error message comes from the grub_print_error() in + grub_pata_device_initialize(), which does not pass on the error, and is + raised in check_device(). The function check_device() needs to return this + as an error because check_device() is also used in grub_pata_open(), which + does pass on this error to indicate that the device can not be used. + + This is actually not an error when displayed by grub_pata_device_initialize() + because it just indicates that there are no pata devices seen. This may be + confusing to end users who do not have pata devices yet are loading the + pata module (perhaps implicitly via nativedisk). This also causes unnecessary + output which may need to be accounted for in functional testing. + + Instead print to the debug log when check_device() raises this "error" and + pop the error from the error stack. If there is another error on the stack + then print the error stack as those should be real errors. + + Acked-by: Paul Menzel + Reviewed-by: Daniel Kiper + +2021-03-10 Yi Zhao + + fs/ext2: Fix a file not found error when a symlink filesize is equal to 60 + We encountered a file not found error when the symlink filesize is + equal to 60: + + $ ls -l initrd + lrwxrwxrwx 1 root root 60 Jan 6 16:37 initrd -> secure-core-image-initramfs-5.10.2-yoctodev-standard.cpio.gz + + When booting, we got the following error in the GRUB: + + error: file `/initrd' not found + + The root cause is that the size of diro->inode.symlink is equal to 60 + and a symlink name has to be terminated with NUL there. So, if the + symlink filesize is exactly 60 then it is also stored in a separate + block rather than in the inode itself. + + Reviewed-by: Daniel Kiper + +2021-03-02 Tianjia Zhang + + loader/i386/linux: Do not use grub_le_to_cpu32() for relocatable variable + The relocatable variable is defined as grub_uint8_t. Relevant + member in setup_header structure is also defined as one byte + in Linux boot protocol. By semantic definition it is a bool type. + It is not appropriate to treat it as a four bytes. This patch + fixes the issue. + + Reviewed-by: Daniel Kiper + +2021-03-02 Tianjia Zhang + + loader/i386/linux: Remove redundant code from in grub_cmd_linux() + The preferred_address has been assigned to GRUB_LINUX_BZIMAGE_ADDR + during initialization in grub_cmd_linux(). The assignment here + is redundant and should be removed. + + Reviewed-by: Daniel Kiper + +2021-03-02 Heinrich Schuchardt + + efi: The device-tree must be in EfiACPIReclaimMemory + According to the Embedded Base Boot Requirements (EBBR) specification the + device-tree passed to Linux as a configuration table must reside in + EfiACPIReclaimMemory. + + Reviewed-by: Daniel Kiper + +2021-03-02 Heinrich Schuchardt + + commands/efi/lsefisystab: Add short text for EFI_RT_PROPERTIES_TABLE_GUID + UEFI specification 2.8 errata B introduced the EFI_RT_PROPERTIES_TABLE + describing the services available at runtime. + + The lsefisystab command is used to display installed EFI configuration + tables. Currently it only shows the GUID but not a short text for the + new table. + + Provide a short text for the EFI_RT_PROPERTIES_TABLE_GUID. + + Reviewed-by: Daniel Kiper + +2021-03-02 Petr Vorel + + docs/luks2: Mention key derivation function support + To give users hint why Argon2, the default in cryptsetup for LUKS2, does + not work. + + Acked-by: Paul Menzel + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2021-03-02 Derek Foreman + + commands/file: Fix array/enum desync + The commit f1957dc8a (RISC-V: Add to build system) added two entries to + the options array, but only 1 entry to the enum. This resulted in + everything after the insertion point being off by one. + + This broke at least the "file --is-hibernated-hiberfil" command. + + Bring the two back in sync by splitting the IS_RISCV_EFI enum entry into + two, as is done for other architectures. + + Reviewed-by: Daniel Kiper + +2021-03-02 Marco A Benatto + + kern/mm: Fix grub_debug_calloc() compilation error + Fix compilation error due to missing parameter to + grub_printf() when MM_DEBUG is defined. + + Fixes: 64e26162e (calloc: Make sure we always have an overflow-checking calloc() available) + + Reviewed-by: Daniel Kiper + +2021-03-02 Alex Burmashev + + templates: Disable the os-prober by default + The os-prober is enabled by default what may lead to potentially + dangerous use cases and borderline opening attack vectors. This + patch disables the os-prober, adds warning messages and updates + GRUB_DISABLE_OS_PROBER configuration option documentation. This + way we make it clear that the os-prober usage is not recommended. + + Simplistic nature of this change allows downstream vendors, who + really want os-prober to be enabled out of the box in their + relevant products, easily revert to it's old behavior. + + Reported-by: NyankoSec (, https://twitter.com/NyankoSec), + working with SSD Secure Disclosure + Reviewed-by: Daniel Kiper + +2021-03-02 Thomas Frauendorfer | Miray Software + + gfxmenu/gui: Check printf() format in the gui_progress_bar and gui_label + The gui_progress_bar and gui_label components can display the timeout + value. The format string can be set through a theme file. This patch + adds a validation step to the format string. + + If a user loads a theme file into the GRUB without this patch then + a GUI label with the following settings + + + label { + ... + id = "__timeout__" + text = "%s" + } + + will interpret the current timeout value as string pointer and print the + memory at that position on the screen. It is not desired behavior. + + Reviewed-by: Daniel Kiper + +2021-03-02 Thomas Frauendorfer | Miray Software + + kern/misc: Add function to check printf() format against expected format + The grub_printf_fmt_check() function parses the arguments of an untrusted + printf() format and an expected printf() format and then compares the + arguments counts and arguments types. The arguments count in the untrusted + format string must be less or equal to the arguments count in the expected + format string and both arguments types must match. + + To do this the parse_printf_arg_fmt() helper function is extended in the + following way: + + 1. Add a return value to report errors to the grub_printf_fmt_check(). + + 2. Add the fmt_check argument to enable stricter format verification: + - the function expects that arguments definitions are always + terminated by a supported conversion specifier. + - positional parameters, "$", are not allowed, as they cannot be + validated correctly with the current implementation. For example + "%s%1$d" would assign the first args entry twice while leaving the + second one unchanged. + - Return an error if preallocated space in args is too small and + allocation fails for the needed size. The grub_printf_fmt_check() + should verify all arguments. So, if validation is not possible for + any reason it should return an error. + This also adds a case entry to handle "%%", which is the escape + sequence to print "%" character. + + 3. Add the max_args argument to check for the maximum allowed arguments + count in a printf() string. This should be set to the arguments count + of the expected format. Then the parse_printf_arg_fmt() function will + return an error if the arguments count is exceeded. + + The two additional arguments allow us to use parse_printf_arg_fmt() in + printf() and grub_printf_fmt_check() calls. + + When parse_printf_arg_fmt() is used by grub_printf_fmt_check() the + function parse user provided untrusted format string too. So, in + that case it is better to be too strict than too lenient. + + Reviewed-by: Daniel Kiper + +2021-03-02 Thomas Frauendorfer | Miray Software + + kern/misc: Add STRING type for internal printf() format handling + Set printf() argument type for "%s" to new type STRING. This is in + preparation for a follow up patch to compare a printf() format string + against an expected printf() format string. + + For "%s" the corresponding printf() argument is dereferenced as pointer + while all other argument types are defined as integer value. However, + when validating a printf() format it is necessary to differentiate "%s" + from "%p" and other integers. So, let's do that. + + Reviewed-by: Daniel Kiper + +2021-03-02 Thomas Frauendorfer | Miray Software + + kern/misc: Split parse_printf_args() into format parsing and va_list handling + This patch is preparing for a follow up patch which will use + the format parsing part to compare the arguments in a printf() + format from an external source against a printf() format with + expected arguments. + + Reviewed-by: Daniel Kiper + +2021-03-02 Dimitri John Ledkov + + shim_lock: Only skip loading shim_lock verifier with explicit consent + Commit 32ddc42c (efi: Only register shim_lock verifier if shim_lock + protocol is found and SB enabled) reintroduced CVE-2020-15705 which + previously only existed in the out-of-tree linuxefi patches and was + fixed as part of the BootHole patch series. + + Under Secure Boot enforce loading shim_lock verifier. Allow skipping + shim_lock verifier if SecureBoot/MokSBState EFI variables indicate + skipping validations, or if GRUB image is built with --disable-shim-lock. + + Fixes: 132ddc42c (efi: Only register shim_lock verifier if shim_lock + protocol is found and SB enabled) + Fixes: CVE-2020-15705 + Fixes: CVE-2021-3418 + + Reported-by: Dimitri John Ledkov + Reviewed-by: Daniel Kiper + +2021-03-02 Dimitri John Ledkov + + grub-install-common: Add --sbat option + Reviewed-by: Daniel Kiper + +2021-03-02 Peter Jones + + util/mkimage: Add an option to import SBAT metadata into a .sbat section + Add a --sbat option to the grub-mkimage tool which allows us to import + an SBAT metadata formatted as a CSV file into a .sbat section of the + EFI binary. + + Reviewed-by: Daniel Kiper + +2021-03-02 Peter Jones + + util/mkimage: Refactor section setup to use a helper + Add a init_pe_section() helper function to setup PE sections. This makes + the code simpler and easier to read. + + Reviewed-by: Daniel Kiper + +2021-03-02 Peter Jones + + util/mkimage: Improve data_size value calculation + According to "Microsoft Portable Executable and Common Object File Format + Specification", the Optional Header SizeOfInitializedData field contains: + + Size of the initialized data section, or the sum of all such sections if + there are multiple data sections. + + Make this explicit by adding the GRUB kernel data size to the sum of all + the modules sizes. The ALIGN_UP() is not required by the PE spec but do + it to avoid alignment issues. + + Reviewed-by: Daniel Kiper + +2021-03-02 Peter Jones + + util/mkimage: Reorder PE optional header fields set-up + This makes the PE32 and PE32+ header fields set-up easier to follow by + setting them closer to the initialization of their related sections. + + Reviewed-by: Daniel Kiper + +2021-03-02 Peter Jones + + util/mkimage: Unify more of the PE32 and PE32+ header set-up + There's quite a bit of code duplication in the code that sets the optional + header for PE32 and PE32+. The two are very similar with the exception of + a few fields that have type grub_uint64_t instead of grub_uint32_t. + + Factor out the common code and add a PE_OHDR() macro that simplifies the + set-up and make the code more readable. + + Reviewed-by: Daniel Kiper + +2021-03-02 Peter Jones + + util/mkimage: Always use grub_host_to_target32() to initialize PE stack and heap stuff + This change does not impact final result of initialization itself. + However, it eases PE code unification in subsequent patches. + + Reviewed-by: Daniel Kiper + +2021-03-02 Peter Jones + + util/mkimage: Use grub_host_to_target32() instead of grub_cpu_to_le32() + The latter doesn't take into account the target image endianness. There is + a grub_cpu_to_le32_compile_time() but no compile time variant for function + grub_host_to_target32(). So, let's keep using the other one for this case. + + Reviewed-by: Daniel Kiper + +2021-03-02 Javier Martinez Canillas + + util/mkimage: Remove unused code to add BSS section + The code is compiled out so there is no reason to keep it. + + Additionally, don't set bss_size field since we do not add a BSS section. + + Reviewed-by: Daniel Kiper + +2021-03-02 Chris Coulson + + kern/efi: Add initial stack protector implementation + It works only on UEFI platforms but can be quite easily extended to + others architectures and platforms if needed. + + Reviewed-by: Marco A Benatto + Reviewed-by: Javier Martinez Canillas + +2021-03-02 Chris Coulson + + kern/parser: Fix a stack buffer overflow + grub_parser_split_cmdline() expands variable names present in the supplied + command line in to their corresponding variable contents and uses a 1 kiB + stack buffer for temporary storage without sufficient bounds checking. If + the function is called with a command line that references a variable with + a sufficiently large payload, it is possible to overflow the stack + buffer via tab completion, corrupt the stack frame and potentially + control execution. + + Fixes: CVE-2020-27749 + + Reported-by: Chris Coulson + Reviewed-by: Daniel Kiper + +2021-03-02 Chris Coulson + + kern/buffer: Add variable sized heap buffer + Add a new variable sized heap buffer type (grub_buffer_t) with simple + operations for appending data, accessing the data and maintaining + a read cursor. + + Reviewed-by: Daniel Kiper + +2021-03-02 Chris Coulson + + kern/parser: Refactor grub_parser_split_cmdline() cleanup + Introduce a common function epilogue used for cleaning up on all + return paths, which will simplify additional error handling to be + introduced in a subsequent commit. + + Reviewed-by: Daniel Kiper + +2021-03-02 Chris Coulson + + kern/parser: Introduce terminate_arg() helper + process_char() and grub_parser_split_cmdline() use similar code for + terminating the most recent argument. Add a helper function for this. + + Reviewed-by: Daniel Kiper + +2021-03-02 Chris Coulson + + kern/parser: Introduce process_char() helper + grub_parser_split_cmdline() iterates over each command line character. + In order to add error checking and to simplify the subsequent error + handling, split the character processing in to a separate function. + + Reviewed-by: Daniel Kiper + +2021-03-02 Chris Coulson + + kern/parser: Fix a memory leak + The getline() function supplied to grub_parser_split_cmdline() returns + a newly allocated buffer and can be called multiple times, but the + returned buffer is never freed. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + fs/btrfs: Squash some uninitialized reads + We need to check errors before calling into a function that uses the result. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + fs/btrfs: Validate the number of stripes/parities in RAID5/6 + This prevents a divide by zero if nstripes == nparities, and + also prevents propagation of invalid values if nstripes ends up + less than nparities. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + disk/lvm: Do not allow a LV to be it's own segment's node's LV + This prevents infinite recursion in the diskfilter verification code. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + disk/lvm: Sanitize rlocn->offset to prevent wild read + rlocn->offset is read directly from disk and added to the metadatabuf + pointer to create a pointer to a block of metadata. It's a 64-bit + quantity so as long as you don't overflow you can set subsequent + pointers to point anywhere in memory. + + Require that rlocn->offset fits within the metadata buffer size. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + disk/lvm: Do not overread metadata + We could reach the end of valid metadata and not realize, leading to + some buffer overreads. Check if we have reached the end and bail. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + disk/lvm: Do not crash if an expected string is not found + Clean up a bunch of cases where we could have strstr() fail and lead to + us dereferencing NULL. + + We'll still leak memory in some cases (loops don't clean up allocations + from earlier iterations if a later iteration fails) but at least we're + not crashing. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + disk/lvm: Bail on missing PV list + There's an if block for the presence of "physical_volumes {", but if + that block is absent, then p remains NULL and a NULL-deref will result + when looking for logical volumes. + + It doesn't seem like LVM makes sense without physical volumes, so error + out rather than crashing. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + disk/lvm: Don't blast past the end of the circular metadata buffer + This catches at least some OOB reads, and it's possible I suppose that + if 2 * mda_size is less than GRUB_LVM_MDA_HEADER_SIZE it might catch some + OOB writes too (although that hasn't showed up as a crash in fuzzing yet). + + It's a bit ugly and I'd appreciate better suggestions. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + disk/lvm: Don't go beyond the end of the data we read from disk + We unconditionally trusted offset_xl from the LVM label header, even if + it told us that the PV header/disk locations were way off past the end + of the data we read from disk. + + Require that the offset be sane, fixing an OOB read and crash. + + Fixes: CID 314367, CID 314371 + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + io/gzio: Zero gzio->tl/td in init_dynamic_block() if huft_build() fails + If huft_build() fails, gzio->tl or gzio->td could contain pointers that + are no longer valid. Zero them out. + + This prevents a double free when grub_gzio_close() comes through and + attempts to free them again. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + io/gzio: Catch missing values in huft_build() and bail + In huft_build(), "v" is a table of values in order of bit length. + The code later (when setting up table entries in "r") assumes that all + elements of this array corresponding to a code are initialized and less + than N_MAX. However, it doesn't enforce this. + + With sufficiently manipulated inputs (e.g. from fuzzing), there can be + elements of "v" that are not filled. Therefore a lookup into "e" or "d" + will use an uninitialized value. This can lead to an invalid/OOB read on + those values, often leading to a crash. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + io/gzio: Add init_dynamic_block() clean up if unpacking codes fails + init_dynamic_block() didn't clean up gzio->tl and td in some error + paths. This left td pointing to part of tl. Then in grub_gzio_close(), + when tl was freed the storage for td would also be freed. The code then + attempts to free td explicitly, performing a UAF and then a double free. + + Explicitly clean up tl and td in the error paths. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + io/gzio: Bail if gzio->tl/td is NULL + This is an ugly fix that doesn't address why gzio->tl comes to be NULL. + However, it seems to be sufficient to patch up a bunch of NULL derefs. + + It would be good to revisit this in future and see if we can have + a cleaner solution that addresses some of the causes of the unexpected + NULL pointers. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + fs/nilfs2: Properly bail on errors in grub_nilfs2_btree_node_lookup() + We just introduced an error return in grub_nilfs2_btree_node_lookup(). + Make sure the callers catch it. + + At the same time, make sure that grub_nilfs2_btree_node_lookup() always + inits the index pointer passed to it. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + fs/nilfs2: Don't search children if provided number is too large + NILFS2 reads the number of children a node has from the node. Unfortunately, + that's not trustworthy. Check if it's beyond what the filesystem permits and + reject it if so. + + This blocks some OOB reads. I'm not sure how controllable the read is and what + could be done with invalidly read data later on. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + fs/nilfs2: Reject too-large keys + NILFS2 has up to 7 keys, per the data structure. Do not permit array + indices in excess of that. + + This catches some OOB reads. I don't know how controllable the invalidly + read data is or if that could be used later in the program. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + fs/jfs: Catch infinite recursion + It's possible with a fuzzed filesystem for JFS to keep getblk()-ing + the same data over and over again, leading to stack exhaustion. + + Check if we'd be calling the function with exactly the same data as + was passed in, and if so abort. + + I'm not sure what the performance impact of this is and am open to + better ideas. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + fs/jfs: Limit the extents that getblk() can consider + getblk() implicitly trusts that treehead->count is an accurate count of + the number of extents. However, that value is read from disk and is not + trustworthy, leading to OOB reads and crashes. I am not sure to what + extent the data read from OOB can influence subsequent program execution. + + Require callers to pass in the maximum number of extents for which + they have storage. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + fs/jfs: Do not move to leaf level if name length is negative + Fuzzing JFS revealed crashes where a negative number would be passed + to le_to_cpu16_copy(). There it would be cast to a large positive number + and the copy would read and write off the end of the respective buffers. + + Catch this at the top as well as the bottom of the loop. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + fs/sfs: Fix over-read of root object name + There's a read of the name of the root object that assumes that the name + is nul-terminated within the root block. This isn't guaranteed - it seems + SFS would require you to read multiple blocks to get a full name in general, + but maybe that doesn't apply to the root object. + + Either way, figure out how much space is left in the root block and don't + over-read it. This fixes some OOB reads. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + fs/hfs: Disable under lockdown + HFS has issues such as infinite mutual recursion that are simply too + complex to fix for such a legacy format. So simply do not permit + it to be loaded under lockdown. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + fs/hfsplus: Don't use uninitialized data on corrupt filesystems + Valgrind identified the following use of uninitialized data: + + ==2782220== Conditional jump or move depends on uninitialised value(s) + ==2782220== at 0x42B364: grub_hfsplus_btree_search (hfsplus.c:566) + ==2782220== by 0x42B21D: grub_hfsplus_read_block (hfsplus.c:185) + ==2782220== by 0x42A693: grub_fshelp_read_file (fshelp.c:386) + ==2782220== by 0x42C598: grub_hfsplus_read_file (hfsplus.c:219) + ==2782220== by 0x42C598: grub_hfsplus_mount (hfsplus.c:330) + ==2782220== by 0x42B8C5: grub_hfsplus_dir (hfsplus.c:958) + ==2782220== by 0x4C1AE6: grub_fs_probe (fs.c:73) + ==2782220== by 0x407C94: grub_ls_list_files (ls.c:186) + ==2782220== by 0x407C94: grub_cmd_ls (ls.c:284) + ==2782220== by 0x4D7130: grub_extcmd_dispatcher (extcmd.c:55) + ==2782220== by 0x4045A6: execute_command (grub-fstest.c:59) + ==2782220== by 0x4045A6: fstest (grub-fstest.c:433) + ==2782220== by 0x4045A6: main (grub-fstest.c:772) + ==2782220== Uninitialised value was created by a heap allocation + ==2782220== at 0x483C7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) + ==2782220== by 0x4C0305: grub_malloc (mm.c:42) + ==2782220== by 0x42C21D: grub_hfsplus_mount (hfsplus.c:239) + ==2782220== by 0x42B8C5: grub_hfsplus_dir (hfsplus.c:958) + ==2782220== by 0x4C1AE6: grub_fs_probe (fs.c:73) + ==2782220== by 0x407C94: grub_ls_list_files (ls.c:186) + ==2782220== by 0x407C94: grub_cmd_ls (ls.c:284) + ==2782220== by 0x4D7130: grub_extcmd_dispatcher (extcmd.c:55) + ==2782220== by 0x4045A6: execute_command (grub-fstest.c:59) + ==2782220== by 0x4045A6: fstest (grub-fstest.c:433) + ==2782220== by 0x4045A6: main (grub-fstest.c:772) + + This happens when the process of reading the catalog file goes sufficiently + wrong that there's an attempt to read the extent overflow file, which has + not yet been loaded. Keep track of when the extent overflow file is + fully loaded and refuse to use it before then. + + The load valgrind doesn't like is btree->nodesize, and that's then used + to allocate a data structure. It looks like there are subsequently a lot + of reads based on that pointer so OOB reads are likely, and indeed crashes + (albeit difficult-to-replicate ones) have been observed in fuzzing. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + fs/hfsplus: Don't fetch a key beyond the end of the node + Otherwise you get a wild pointer, leading to a bunch of invalid reads. + Check it falls inside the given node. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + fs/fshelp: Catch impermissibly large block sizes in read helper + A fuzzed HFS+ filesystem had log2blocksize = 22. This gave + log2blocksize + GRUB_DISK_SECTOR_BITS = 31. 1 << 31 = 0x80000000, + which is -1 as an int. This caused some wacky behavior later on in + the function, leading to out-of-bounds writes on the destination buffer. + + Catch log2blocksize + GRUB_DISK_SECTOR_BITS >= 31. We could be stricter, + but this is the minimum that will prevent integer size weirdness. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + term/gfxterm: Don't set up a font with glyphs that are too big + Catch the case where we have a font so big that it causes the number of + rows or columns to be 0. Currently we continue and allocate a + virtual_screen.text_buffer of size 0. We then try to use that for glpyhs + and things go badly. + + On the emu platform, malloc() may give us a valid pointer, in which case + we'll access heap memory which we shouldn't. Alternatively, it may give us + NULL, in which case we'll crash. For other platforms, if I understand + grub_memalign() correctly, we will receive a valid but small allocation + that we will very likely later overrun. + + Prevent the creation of a virtual screen that isn't at least 40 cols + by 12 rows. This is arbitrary, but it seems that if your width or height + is half a standard 80x24 terminal, you're probably going to struggle to + read anything anyway. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + video/readers/jpeg: Don't decode data before start of stream + When a start of stream marker is encountered, we call grub_jpeg_decode_sos() + which allocates space for a bitmap. + + When a restart marker is encountered, we call grub_jpeg_decode_data() which + then fills in that bitmap. + + If we get a restart marker before the start of stream marker, we will + attempt to write to a bitmap_ptr that hasn't been allocated. Catch this + and bail out. This fixes an attempt to write to NULL. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + video/readers/jpeg: Catch OOB reads/writes in grub_jpeg_decode_du() + The key line is: + + du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos]; + + jpeg_zigzag_order is grub_uint8_t[64]. + + I don't understand JPEG decoders quite well enough to explain what's + going on here. However, I observe sometimes pos=64, which leads to an + OOB read of the jpeg_zigzag_order global then an OOB write to du. + That leads to various unpleasant memory corruption conditions. + + Catch where pos >= ARRAY_SIZE(jpeg_zigzag_order) and bail. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + video/readers/jpeg: Catch files with unsupported quantization or Huffman tables + Our decoder only supports 2 quantization tables. If a file asks for + a quantization table with index > 1, reject it. + + Similarly, our decoder only supports 4 Huffman tables. If a file asks + for a Huffman table with index > 3, reject it. + + This fixes some out of bounds reads. It's not clear what degree of control + over subsequent execution could be gained by someone who can carefully + set up the contents of memory before loading an invalid JPEG file. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + kern/misc: Always set *end in grub_strtoull() + Currently, if there is an error in grub_strtoull(), *end is not set. + This differs from the usual behavior of strtoull(), and also means that + some callers may use an uninitialized value for *end. + + Set *end unconditionally. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + commands/menuentry: Fix quoting in setparams_prefix() + Commit 9acdcbf32542 (use single quotes in menuentry setparams command) + says that expressing a quoted single quote will require 3 characters. It + actually requires (and always did require!) 4 characters: + + str: a'b => a'\''b + len: 3 => 6 (2 for the letters + 4 for the quote) + + This leads to not allocating enough memory and thus out of bounds writes + that have been observed to cause heap corruption. + + Allocate 4 bytes for each single quote. + + Commit 22e7dbb2bb81 (Fix quoting in legacy parser.) does the same + quoting, but it adds 3 as extra overhead on top of the single byte that + the quote already needs. So it's correct. + + Fixes: 9acdcbf32542 (use single quotes in menuentry setparams command) + Fixes: CVE-2021-20233 + + Reported-by: Daniel Axtens + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + script/execute: Don't crash on a "for" loop with no items + The following crashes the parser: + + for x in; do + 0 + done + + This is because grub_script_arglist_to_argv() doesn't consider the + possibility that arglist is NULL. Catch that explicitly. + + This avoids a NULL pointer dereference. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + lib/arg: Block repeated short options that require an argument + Fuzzing found the following crash: + + search -hhhhhhhhhhhhhf + + We didn't allocate enough option space for 13 hints because the + allocation code counts the number of discrete arguments (i.e. argc). + However, the shortopt parsing code will happily keep processing + a combination of short options without checking if those short + options require an argument. This means you can easily end writing + past the allocated option space. + + This fixes a OOB write which can cause heap corruption. + + Fixes: CVE-2021-20225 + + Reported-by: Daniel Axtens + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + script/execute: Avoid crash when using "$#" outside a function scope + "$#" represents the number of arguments to a function. It is only + defined in a function scope, where "scope" is non-NULL. Currently, + if we attempt to evaluate "$#" outside a function scope, "scope" will + be NULL and we will crash with a NULL pointer dereference. + + Do not attempt to count arguments for "$#" if "scope" is NULL. This + will result in "$#" being interpreted as an empty string if evaluated + outside a function scope. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + commands/ls: Require device_name is not NULL before printing + This can be triggered with: + ls -l (0 0*) + and causes a NULL deref in grub_normal_print_device_info(). + + I'm not sure if there's any implication with the IEEE 1275 platform. + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Axtens + + script/execute: Fix NULL dereference in grub_script_execute_cmdline() + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + util/glue-efi: Fix incorrect use of a possibly negative value + It is possible for the ftell() function to return a negative value, + although it is fairly unlikely here, we should be checking for + a negative value before we assign it to an unsigned value. + + Fixes: CID 73744 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + util/grub-editenv: Fix incorrect casting of a signed value + The return value of ftell() may be negative (-1) on error. While it is + probably unlikely to occur, we should not blindly cast to an unsigned + value without first testing that it is not negative. + + Fixes: CID 73856 + + Reviewed-by: Daniel Kiper + +2021-03-02 Daniel Kiper + + util/grub-install: Fix NULL pointer dereferences + Two grub_device_open() calls does not have associated NULL checks + for returned values. Fix that and appease the Coverity. + + Fixes: CID 314583 + + Reviewed-by: Javier Martinez Canillas + +2021-03-02 Paulo Flabiano Smorigo + + loader/xnu: Check if pointer is NULL before using it + Fixes: CID 73654 + + Reviewed-by: Daniel Kiper + +2021-03-02 Marco A Benatto + + loader/xnu: Free driverkey data when an error is detected in grub_xnu_writetree_toheap() + ... to avoid memory leaks. + + Fixes: CID 96640 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + loader/xnu: Fix memory leak + The code here is finished with the memory stored in name, but it only + frees it if there curvalue is valid, while it could actually free it + regardless. + + The fix is a simple relocation of the grub_free() to before the test + of curvalue. + + Fixes: CID 96646 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + loader/bsd: Check for NULL arg up-front + The code in the next block suggests that it is possible for .set to be + true but .arg may still be NULL. + + This code assumes that it is never NULL, yet later is testing if it is + NULL - that is inconsistent. + + So we should check first if .arg is not NULL, and remove this check that + is being flagged by Coverity since it is no longer required. + + Fixes: CID 292471 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + gfxmenu/gui_list: Remove code that coverity is flagging as dead + The test of value for NULL before calling grub_strdup() is not required, + since the if condition prior to this has already tested for value being + NULL and cannot reach this code if it is. + + Fixes: CID 73659 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + video/readers/jpeg: Test for an invalid next marker reference from a jpeg file + While it may never happen, and potentially could be caught at the end of + the function, it is worth checking up front for a bad reference to the + next marker just in case of a maliciously crafted file being provided. + + Fixes: CID 73694 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + video/fb/video_fb: Fix possible integer overflow + It is minimal possibility that the values being used here will overflow. + So, change the code to use the safemath function grub_mul() to ensure + that doesn't happen. + + Fixes: CID 73761 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + video/fb/video_fb: Fix multiple integer overflows + The calculation of the unsigned 64-bit value is being generated by + multiplying 2, signed or unsigned, 32-bit integers which may overflow + before promotion to unsigned 64-bit. Fix all of them. + + Fixes: CID 73703, CID 73767, CID 73833 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + video/fb/fbfill: Fix potential integer overflow + The multiplication of 2 unsigned 32-bit integers may overflow before + promotion to unsigned 64-bit. We should ensure that the multiplication + is done with overflow detection. Additionally, use grub_sub() for + subtraction. + + Fixes: CID 73640, CID 73697, CID 73702, CID 73823 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + video/efi_gop: Remove unnecessary return value of grub_video_gop_fill_mode_info() + The return value of grub_video_gop_fill_mode_info() is never able to be + anything other than GRUB_ERR_NONE. So, rather than continue to return + a value and checking it each time, it is more correct to redefine the + function to not return anything and remove checks of its return value + altogether. + + Fixes: CID 96701 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + commands/probe: Fix a resource leak when probing disks + Every other return statement in this code is calling grub_device_close() + to clean up dev before returning. This one should do that too. + + Fixes: CID 292443 + + Reviewed-by: Daniel Kiper + +2021-03-02 Chris Coulson + + commands/hashsum: Fix a memory leak + check_list() uses grub_file_getline(), which allocates a buffer. + If the hash list file contains invalid lines, the function leaks + this buffer when it returns an error. + + Fixes: CID 176635 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + normal/completion: Fix leaking of memory when processing a completion + It is possible for the code to reach the end of the function without + freeing the memory allocated to argv and argc still to be 0. + + We should always call grub_free(argv). The grub_free() will handle + a NULL argument correctly if it reaches that code without the memory + being allocated. + + Fixes: CID 96672 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + syslinux: Fix memory leak while parsing + In syslinux_parse_real() the 2 points where return is being called + didn't release the memory stored in buf which is no longer required. + + Fixes: CID 176634 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + libgcrypt/mpi: Fix possible NULL dereference + The code in gcry_mpi_scan() assumes that buffer is not NULL, but there + is no explicit check for that, so we add one. + + Fixes: CID 73757 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + libgcrypt/mpi: Fix possible unintended sign extension + The array of unsigned char gets promoted to a signed 32-bit int before + it is finally promoted to a size_t. There is the possibility that this + may result in the signed-bit being set for the intermediate signed + 32-bit int. We should ensure that the promotion is to the correct type + before we bitwise-OR the values. + + Fixes: CID 96697 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + affs: Fix memory leaks + The node structure reference is being allocated but not freed if it + reaches the end of the function. If any of the hooks had returned + a non-zero value, then node would have been copied in to the context + reference, but otherwise node is not stored and should be freed. + + Similarly, the call to grub_affs_create_node() replaces the allocated + memory in node with a newly allocated structure, leaking the existing + memory pointed by node. + + Finally, when dir->parent is set, then we again replace node with newly + allocated memory, which seems unnecessary when we copy in the values + from dir->parent immediately after. + + Fixes: CID 73759 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + zfsinfo: Correct a check for error allocating memory + While arguably the check for grub_errno is correct, we should really be + checking the return value from the function since it is always possible + that grub_errno was set elsewhere, making this code behave incorrectly. + + Fixes: CID 73668 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + zfs: Fix possible integer overflows + In all cases the problem is that the value being acted upon by + a left-shift is a 32-bit number which is then being used in the + context of a 64-bit number. + + To avoid overflow we ensure that the number being shifted is 64-bit + before the shift is done. + + Fixes: CID 73684, CID 73695, CID 73764 + + Reviewed-by: Daniel Kiper + +2021-03-02 Paulo Flabiano Smorigo + + zfs: Fix resource leaks while constructing path + There are several exit points in dnode_get_path() that are causing possible + memory leaks. + + In the while(1) the correct exit mechanism should not be to do a direct return, + but to instead break out of the loop, setting err first if it is not already set. + + The reason behind this is that the dnode_path is a linked list, and while doing + through this loop, it is being allocated and built up - the only way to + correctly unravel it is to traverse it, which is what is being done at the end + of the function outside of the loop. + + Several of the existing exit points correctly did a break, but not all so this + change makes that more consistent and should resolve the leaking of memory as + found by Coverity. + + Fixes: CID 73741 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + zfs: Fix possible negative shift operation + While it is possible for the return value from zfs_log2() to be zero + (0), it is quite unlikely, given that the previous assignment to blksz + is shifted up by SPA_MINBLOCKSHIFT (9) before 9 is subtracted at the + assignment to epbs. + + But, while unlikely during a normal operation, it may be that a carefully + crafted ZFS filesystem could result in a zero (0) value to the + dn_datalbkszsec field, which means that the shift left does nothing + and assigns zero (0) to blksz, resulting in a negative epbs value. + + Fixes: CID 73608 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + hfsplus: Check that the volume name length is valid + HFS+ documentation suggests that the maximum filename and volume name is + 255 Unicode characters in length. + + So, when converting from big-endian to little-endian, we should ensure + that the name of the volume has a length that is between 0 and 255, + inclusive. + + Fixes: CID 73641 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + disk/cryptodisk: Fix potential integer overflow + The encrypt and decrypt functions expect a grub_size_t. So, we need to + ensure that the constant bit shift is using grub_size_t rather than + unsigned int when it is performing the shift. + + Fixes: CID 307788 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + disk/ldm: Fix memory leak on uninserted lv references + The problem here is that the memory allocated to the variable lv is not + yet inserted into the list that is being processed at the label fail2. + + As we can already see at line 342, which correctly frees lv before going + to fail2, we should also be doing that at these earlier jumps to fail2. + + Fixes: CID 73824 + + Reviewed-by: Daniel Kiper + +2021-03-02 Paulo Flabiano Smorigo + + disk/ldm: If failed then free vg variable too + Fixes: CID 73809 + + Reviewed-by: Daniel Kiper + +2021-03-02 Marco A Benatto + + disk/ldm: Make sure comp data is freed before exiting from make_vg() + Several error handling paths in make_vg() do not free comp data before + jumping to fail2 label and returning from the function. This will leak + memory. So, let's fix all issues of that kind. + + Fixes: CID 73804 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + kern/partition: Check for NULL before dereferencing input string + There is the possibility that the value of str comes from an external + source and continuing to use it before ever checking its validity is + wrong. So, needs fixing. + + Additionally, drop unneeded part initialization. + + Fixes: CID 292444 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + zstd: Initialize seq_t structure fully + While many compilers will initialize this to zero, not all will, so it + is better to be sure that fields not being explicitly set are at known + values, and there is code that checks this fields value elsewhere in the + code. + + Fixes: CID 292440 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + io/lzopio: Resolve unnecessary self-assignment errors + These 2 assignments are unnecessary since they are just assigning + to themselves. + + Fixes: CID 73643 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + gnulib/regcomp: Fix uninitialized re_token + This issue has been fixed in the latest version of gnulib, so to + maintain consistency, I've backported that change rather than doing + something different. + + Fixes: CID 73828 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + gnulib/regexec: Fix possible null-dereference + It appears to be possible that the mctx->state_log field may be NULL, + and the name of this function, clean_state_log_if_needed(), suggests + that it should be checking that it is valid to be cleaned before + assuming that it does. + + Fixes: CID 86720 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + gnulib/argp-help: Fix dereference of a possibly NULL state + All other instances of call to __argp_failure() where there is + a dgettext() call is first checking whether state is NULL before + attempting to dereference it to get the root_argp->argp_domain. + + Fixes: CID 292436 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + gnulib/regcomp: Fix uninitialized token structure + The code is assuming that the value of br_token.constraint was + initialized to zero when it wasn't. + + While some compilers will ensure that, not all do, so it is better to + fix this explicitly than leave it to chance. + + Fixes: CID 73749 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + gnulib/regexec: Resolve unused variable + This is a really minor issue where a variable is being assigned to but + not checked before it is overwritten again. + + The reason for this issue is that we are not building with DEBUG set and + this in turn means that the assert() that reads the value of the + variable match_last is being processed out. + + The solution, move the assignment to match_last in to an ifdef DEBUG too. + + Fixes: CID 292459 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + kern/efi/mm: Fix possible NULL pointer dereference + The model of grub_efi_get_memory_map() is that if memory_map is NULL, + then the purpose is to discover how much memory should be allocated to + it for the subsequent call. + + The problem here is that with grub_efi_is_finished set to 1, there is no + check at all that the function is being called with a non-NULL memory_map. + + While this MAY be true, we shouldn't assume it. + + The solution to this is to behave as expected, and if memory_map is NULL, + then don't try to use it and allow memory_map_size to be filled in, and + return 0 as is done later in the code if the buffer is too small (or NULL). + + Additionally, drop unneeded ret = 1. + + Fixes: CID 96632 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + kern/efi: Fix memory leak on failure + Free the memory allocated to name before returning on failure. + + Fixes: CID 296222 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + kern/parser: Fix resource leak if argc == 0 + After processing the command-line yet arriving at the point where we are + setting argv, we are allocating memory, even if argc == 0, which makes + no sense since we never put anything into the allocated argv. + + The solution is to simply return that we've successfully processed the + arguments but that argc == 0, and also ensure that argv is NULL when + we're not allocating anything in it. + + There are only 2 callers of this function, and both are handling a zero + value in argc assuming nothing is allocated in argv. + + Fixes: CID 96680 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + net/tftp: Fix dangling memory pointer + The static code analysis tool, Parfait, reported that the valid of + file->data was left referencing memory that was freed by the call to + grub_free(data) where data was initialized from file->data. + + To ensure that there is no unintentional access to this memory + referenced by file->data we should set the pointer to NULL. + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + net/net: Fix possible dereference to of a NULL pointer + It is always possible that grub_zalloc() could fail, so we should check for + a NULL return. Otherwise we run the risk of dereferencing a NULL pointer. + + Fixes: CID 296221 + + Reviewed-by: Daniel Kiper + +2021-03-02 Darren Kenny + + mmap: Fix memory leak when iterating over mapped memory + When returning from grub_mmap_iterate() the memory allocated to present + is not being released causing it to leak. + + Fixes: CID 96655 + + Reviewed-by: Daniel Kiper + +2021-03-02 Javier Martinez Canillas + + usb: Avoid possible out-of-bound accesses caused by malicious devices + The maximum number of configurations and interfaces are fixed but there is + no out-of-bound checking to prevent a malicious USB device to report large + values for these and cause accesses outside the arrays' memory. + + Fixes: CVE-2020-25647 + + Reported-by: Joseph Tartaro + Reported-by: Ilja Van Sprundel + Reviewed-by: Daniel Kiper + +2021-03-02 Javier Martinez Canillas + + dl: Only allow unloading modules that are not dependencies + When a module is attempted to be removed its reference counter is always + decremented. This means that repeated rmmod invocations will cause the + module to be unloaded even if another module depends on it. + + This may lead to a use-after-free scenario allowing an attacker to execute + arbitrary code and by-pass the UEFI Secure Boot protection. + + While being there, add the extern keyword to some function declarations in + that header file. + + Fixes: CVE-2020-25632 + + Reported-by: Chris Coulson + Reviewed-by: Daniel Kiper + +2021-03-02 Javier Martinez Canillas + + docs: Document the cutmem command + The command is not present in the docs/grub.texi user documentation. + + Reported-by: Daniel Kiper + Reviewed-by: Javier Martinez Canillas + +2021-03-02 Javier Martinez Canillas + + loader/xnu: Don't allow loading extension and packages when locked down + The shim_lock verifier validates the XNU kernels but no its extensions + and packages. Prevent these to be loaded when the GRUB is locked down. + + Reviewed-by: Daniel Kiper + +2021-03-02 Javier Martinez Canillas + + gdb: Restrict GDB access when locked down + The gdbstub* commands allow to start and control a GDB stub running on + local host that can be used to connect from a remote debugger. Restrict + this functionality when the GRUB is locked down. + + Reviewed-by: Daniel Kiper + +2021-03-02 Javier Martinez Canillas + + commands/hdparm: Restrict hdparm command when locked down + The command can be used to get/set ATA disk parameters. Some of these can + be dangerous since change the disk behavior. Restrict it when locked down. + + Reviewed-by: Daniel Kiper + +2021-03-02 Javier Martinez Canillas + + commands/setpci: Restrict setpci command when locked down + This command can set PCI devices register values, which makes it dangerous + in a locked down configuration. Restrict it so can't be used on this setup. + + Reviewed-by: Daniel Kiper + +2021-03-02 Javier Martinez Canillas + + commands: Restrict commands that can load BIOS or DT blobs when locked down + There are some more commands that should be restricted when the GRUB is + locked down. Following is the list of commands and reasons to restrict: + + * fakebios: creates BIOS-like structures for backward compatibility with + existing OSes. This should not be allowed when locked down. + + * loadbios: reads a BIOS dump from storage and loads it. This action + should not be allowed when locked down. + + * devicetree: loads a Device Tree blob and passes it to the OS. It replaces + any Device Tree provided by the firmware. This also should + not be allowed when locked down. + + Reviewed-by: Daniel Kiper + +2021-03-02 Javier Martinez Canillas + + mmap: Don't register cutmem and badram commands when lockdown is enforced + The cutmem and badram commands can be used to remove EFI memory regions + and potentially disable the UEFI Secure Boot. Prevent the commands to be + registered if the GRUB is locked down. + + Fixes: CVE-2020-27779 + + Reported-by: Teddy Reed + Reviewed-by: Daniel Kiper + +2021-03-02 Javier Martinez Canillas + + acpi: Don't register the acpi command when locked down + The command is not allowed when lockdown is enforced. Otherwise an + attacker can instruct the GRUB to load an SSDT table to overwrite + the kernel lockdown configuration and later load and execute + unsigned code. + + Fixes: CVE-2020-14372 + + Reported-by: Máté Kukri + Reviewed-by: Daniel Kiper + +2021-03-02 Javier Martinez Canillas + + efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list + Now the GRUB can check if it has been locked down and this can be used to + prevent executing commands that can be utilized to circumvent the UEFI + Secure Boot mechanisms. So, instead of hardcoding a list of modules that + have to be disabled, prevent the usage of commands that can be dangerous. + + This not only allows the commands to be disabled on other platforms, but + also properly separate the concerns. Since the shim_lock verifier logic + should be only about preventing to run untrusted binaries and not about + defining these kind of policies. + + Reviewed-by: Daniel Kiper + +2021-03-02 Javier Martinez Canillas + + efi: Lockdown the GRUB when the UEFI Secure Boot is enabled + If the UEFI Secure Boot is enabled then the GRUB must be locked down + to prevent executing code that can potentially be used to subvert its + verification mechanisms. + + Reviewed-by: Daniel Kiper + +2021-03-02 Javier Martinez Canillas + + kern/lockdown: Set a variable if the GRUB is locked down + It may be useful for scripts to determine whether the GRUB is locked + down or not. Add the lockdown variable which is set to "y" when the GRUB + is locked down. + + Suggested-by: Dimitri John Ledkov + Reviewed-by: Daniel Kiper + +2021-03-02 Javier Martinez Canillas + + kern: Add lockdown support + When the GRUB starts on a secure boot platform, some commands can be + used to subvert the protections provided by the verification mechanism and + could lead to booting untrusted system. + + To prevent that situation, allow GRUB to be locked down. That way the code + may check if GRUB has been locked down and further restrict the commands + that are registered or what subset of their functionality could be used. + + The lockdown support adds the following components: + + * The grub_lockdown() function which can be used to lockdown GRUB if, + e.g., UEFI Secure Boot is enabled. + + * The grub_is_lockdown() function which can be used to check if the GRUB + was locked down. + + * A verifier that flags OS kernels, the GRUB modules, Device Trees and ACPI + tables as GRUB_VERIFY_FLAGS_DEFER_AUTH to defer verification to other + verifiers. These files are only successfully verified if another registered + verifier returns success. Otherwise, the whole verification process fails. + + For example, PE/COFF binaries verification can be done by the shim_lock + verifier which validates the signatures using the shim_lock protocol. + However, the verification is not deferred directly to the shim_lock verifier. + The shim_lock verifier is hooked into the verification process instead. + + * A set of grub_{command,extcmd}_lockdown functions that can be used by + code registering command handlers, to only register unsafe commands if + the GRUB has not been locked down. + + Reviewed-by: Daniel Kiper + +2021-03-02 Marco A Benatto + + efi: Move the shim_lock verifier to the GRUB core + Move the shim_lock verifier from its own module into the core image. The + Secure Boot lockdown mechanism has the intent to prevent the load of any + unsigned code or binary when Secure Boot is enabled. + + The reason is that GRUB must be able to prevent executing untrusted code + if UEFI Secure Boot is enabled, without depending on external modules. + + Reviewed-by: Daniel Kiper + +2021-03-02 Marco A Benatto + + verifiers: Move verifiers API to kernel image + Move verifiers API from a module to the kernel image, so it can be + used there as well. There are no functional changes in this patch. + + Reviewed-by: Daniel Kiper + +2020-12-18 Glenn Washburn + + docs: Add documentation of disk size limitations + Document the artificially imposed 1 EiB disk size limit and size limitations + with LUKS volumes. + + Fix a few punctuation issues. + + Reviewed-by: Daniel Kiper + +2020-12-18 Glenn Washburn + + luks2: Use grub_log2ull() to calculate log_sector_size and improve readability + Reviewed-by: Daniel Kiper + + misc: Add grub_log2ull() macro for calculating log base 2 of 64-bit integers + Reviewed-by: Daniel Kiper + +2020-12-18 Glenn Washburn + + mips: Enable __clzdi2() + This patch is similar to commit 9dab2f51e (sparc: Enable __clzsi2() and + __clzdi2()) but for MIPS target and __clzdi2() only, __clzsi2() was + already enabled. + + Suggested-by: Daniel Kiper + Reviewed-by: Daniel Kiper + +2020-12-18 Glenn Washburn + + luks2: Better error handling when setting up the cryptodisk + Do some sanity checking on data coming from the LUKS2 header. If segment.size + is "dynamic", verify that the offset is not past the end of disk. Otherwise, + check for errors from grub_strtoull() when converting segment size from + string. If a GRUB_ERR_BAD_NUMBER error was returned, then the string was + not a valid parsable number, so skip the key. If GRUB_ERR_OUT_OF_RANGE was + returned, then there was an overflow in converting to a 64-bit unsigned + integer. So this could be a very large disk (perhaps large RAID array). + In this case skip the key too. Additionally, enforce some other limits + and fail if needed. + + Reviewed-by: Daniel Kiper + +2020-12-18 Glenn Washburn + + luks2: Do not handle disks of size GRUB_DISK_SIZE_UNKNOWN for now + Check to make sure that source disk has a known size. If not, print + a message and return error. There are 4 cases where GRUB_DISK_SIZE_UNKNOWN + is set (biosdisk, obdisk, ofdisk, and uboot), and in all those cases + processing continues. So this is probably a bit conservative. However, + 3 of the cases seem pathological, and the other, biosdisk, happens when + booting from a CD-ROM. Since I doubt booting from a LUKS2 volume on + a CD-ROM is a big use case, we'll error until someone complains. + + Reviewed-by: Daniel Kiper + +2020-12-18 Glenn Washburn + + luks2: Convert to crypt sectors from GRUB native sectors + The function grub_disk_native_sectors(source) returns the number of sectors + of source in GRUB native (512-byte) sectors, not source sized sectors. So + the conversion needs to use GRUB_DISK_SECTOR_BITS, the GRUB native sector + size. + + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + luks2: Error check segment.sector_size + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + cryptodisk: Properly handle non-512 byte sized sectors + By default, dm-crypt internally uses an IV that corresponds to 512-byte + sectors, even when a larger sector size is specified. What this means is + that when using a larger sector size, the IV is incremented every sector. + However, the amount the IV is incremented is the number of 512 byte blocks + in a sector (i.e. 8 for 4K sectors). Confusingly the IV does not correspond + to the number of, for example, 4K sectors. So each 512 byte cipher block in + a sector will be encrypted with the same IV and the IV will be incremented + afterwards by the number of 512 byte cipher blocks in the sector. + + There are some encryption utilities which do it the intuitive way and have + the IV equal to the sector number regardless of sector size (ie. the fifth + sector would have an IV of 4 for each cipher block). And this is supported + by dm-crypt with the iv_large_sectors option and also cryptsetup as of 2.3.3 + with the --iv-large-sectors, though not with LUKS headers (only with --type + plain). However, support for this has not been included as grub does not + support plain devices right now. + + One gotcha here is that the encrypted split keys are encrypted with a hard- + coded 512-byte sector size. So even if your data is encrypted with 4K sector + sizes, the split key encrypted area must be decrypted with a block size of + 512 (ie the IV increments every 512 bytes). This made these changes less + aesthetically pleasing than desired. + + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + luks2: grub_cryptodisk_t->total_sectors is the max number of device native sectors + We need to convert the sectors from the size of the underlying device to the + cryptodisk sector size; segment.size is in bytes which need to be converted + to cryptodisk sectors as well. + + Also, removed an empty statement. + + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + cryptodisk: Add macros GRUB_TYPE_U_MAX/MIN(type) to replace literals + Add GRUB_TYPE_U_MAX/MIN(type) macros to get the max/min values for an + unsigned number with size of type. + + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + cryptodisk: Add macro GRUB_TYPE_BITS() to replace some literals + The new macro GRUB_TYPE_BITS(type) returns the number of bits + allocated for type. + + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + luks2: Add string "index" to user strings using a json index + This allows error messages to be more easily distinguishable between indexes + and slot keys. The former include the string "index" in the error/debug + string, and the later are surrounded in quotes. + + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + luks2: Rename json index variables to names that they are obviously json indexes + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + luks2: Use more intuitive object name instead of json index in user messages + Use the object name in the json array rather than the 0 based index in the + json array for keyslots, segments, and digests. This is less confusing for + the end user. For example, say you have a LUKS2 device with a key in slot 1 + and slot 4. When using the password for slot 4 to unlock the device, the + messages using the index of the keyslot will mention keyslot 1 (its a + zero-based index). Furthermore, with this change the keyslot number will + align with the number used to reference the keyslot when using the + --key-slot argument to cryptsetup. + + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + luks2: Add idx member to struct grub_luks2_keyslot/segment/digest + This allows code using these structs to know the named key associated with + these json data structures. In the future we can use these to provide better + error messages to the user. + + Get rid of idx local variable in luks2_get_keyslot() which was overloaded to + be used for both keyslot and segment slot keys. + + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + luks2: Make sure all fields of output argument in luks2_parse_digest() are written to + We should assume that the output argument "out" is uninitialized and could + have random data. So, make sure to initialize the segments and keyslots bit + fields because potentially not all bits of those fields are written to. + Otherwise, the digest could say it belongs to keyslots and segments that it + does not. + + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + luks2: Remove unused argument in grub_error() call + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + + luks2: Convert 8 spaces to tabs + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + misc: Add parentheses around ALIGN_UP() and ALIGN_DOWN() arguments + This ensures that expected order of operations is preserved when arguments + are expressions. + + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + disk: Rename grub_disk_get_size() to grub_disk_native_sectors() + The function grub_disk_get_size() is confusingly named because it actually + returns a sector count where the sectors are sized in the GRUB native sector + size. Rename to something more appropriate. + + Suggested-by: Daniel Kiper + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + loopback: Do not automaticaly replace existing loopback dev, error instead + If there is a loopback device with the same name as the one to be created, + instead of closing the old one and replacing it with the new one, return an + error instead. If the loopback device was created, its probably being used + by something and just replacing it may cause GRUB to crash unexpectedly. + This fixes obvious problems like "loopback d (d)/somefile". Its not too + onerous to force the user to delete the loopback first with the "-d" switch. + + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + disk: Move hardcoded max disk size literal to a GRUB_DISK_MAX_SECTORS in disk.h + There is a hardcoded maximum disk size that can be read or written from, + currently set at 1 EiB in grub_disk_adjust_range(). Move the literal into a + macro in disk.h, so our assumptions are more visible. This hard coded limit + does not prevent using larger disks, just GRUB won't read/write past the + limit. The comment accompanying this restriction didn't quite make sense to + me, so its been modified too. + + Reviewed-by: Daniel Kiper + +2020-12-12 Glenn Washburn + + fs: Fix block lists not being able to address to end of disk sometimes + When checking if a block list goes past the end of the disk, make sure + the total size of the disk is in GRUB native sector sizes, otherwise there + will be blocks at the end of the disk inaccessible by block lists. + + Reviewed-by: Daniel Kiper + +2020-12-12 Vladimir Serbinenko + + mbr: Document new limitations on MBR gap support + Reviewed-by: Daniel Kiper + +2020-12-12 Vladimir Serbinenko + + mbr: Warn if MBR gap is small and user uses advanced modules + We don't want to support small MBR gap in pair with anything but the + simplest config of biosdisk + part_msdos + simple filesystem. In this + path "simple filesystems" are all current filesystems except ZFS and + Btrfs. + + Reviewed-by: Daniel Kiper + +2020-12-12 Tianjia Zhang + + efi/tpm: Extract duplicate code into independent functions + Part of the code logic for processing the return value of efi + log_extend_event is repetitive and complicated. Extract the + repetitive code into an independent function. + + Reviewed-by: Daniel Kiper + +2020-12-12 Tianjia Zhang + + efi/tpm: Add debug information for device protocol and eventlog + Add a number of debug logs to the tpm module. The condition tag + for opening debugging is "tpm". On TPM machines, this will bring + great convenience to diagnosis and debugging. + + Reviewed-by: Daniel Kiper + +2020-12-12 Daniel Kiper + + loader/linux: Report the UEFI Secure Boot status to the Linux kernel + Now that the GRUB has a grub_efi_get_secureboot() function to check the + UEFI Secure Boot status, use it to report that to the Linux kernel. + + Reviewed-by: Daniel Kiper + +2020-12-12 Javier Martinez Canillas + + efi: Only register shim_lock verifier if shim_lock protocol is found and SB enabled + The shim_lock module registers a verifier to call shim's verify, but the + handler is registered even when the shim_lock protocol was not installed. + + This doesn't cause a NULL pointer dereference in shim_lock_write() because + the shim_lock_init() function just returns GRUB_ERR_NONE if sl isn't set. + + But in that case there's no point to even register the shim_lock verifier + since won't do anything. Additionally, it is only useful when Secure Boot + is enabled. + + Finally, don't assume that the shim_lock protocol will always be present + when the shim_lock_write() function is called, and check for it on every + call to this function. + + Reported-by: Michael Chang + Reported-by: Peter Jones + Reviewed-by: Daniel Kiper + +2020-12-11 Daniel Kiper + + efi: Add secure boot detection + Introduce grub_efi_get_secureboot() function which returns whether + UEFI Secure Boot is enabled or not on UEFI systems. + + Reviewed-by: Daniel Kiper + +2020-12-11 Daniel Kiper + + efi: Add a function to read EFI variables with attributes + It will be used to properly detect and report UEFI Secure Boot status to + the x86 Linux kernel. The functionality will be added by subsequent patches. + + Reviewed-by: Daniel Kiper + +2020-12-11 Daniel Kiper + + efi: Return grub_efi_status_t from grub_efi_get_variable() + This is needed to properly detect and report UEFI Secure Boot status + to the x86 Linux kernel. The functionality will be added by subsequent + patches. + + Reviewed-by: Daniel Kiper + +2020-12-11 Daniel Kiper + + efi: Make shim_lock GUID and protocol type public + The GUID will be used to properly detect and report UEFI Secure Boot + status to the x86 Linux kernel. The functionality will be added by + subsequent patches. The shim_lock protocol type is made public for + completeness. + + Additionally, fix formatting of four preceding GUIDs. + + Reviewed-by: Daniel Kiper + +2020-12-11 Javier Martinez Canillas + + arm/term: Fix linking error due multiple ps2_state definitions + When building with --target=arm-linux-gnu --with-platform=coreboot + a linking error occurs caused by multiple definitions of the + ps2_state variable. + + Mark them as static since they aren't used outside their compilation unit. + + Reviewed-by: Daniel Kiper + +2020-12-11 Javier Martinez Canillas + + include/grub/i386/linux.h: Include missing header + This header uses types defined in but does not include it, + which leads to compile errors like the following: + + In file included from ../include/grub/cpu/linux.h:19, + from kern/efi/sb.c:21: + ../include/grub/i386/linux.h:80:3: error: unknown type name ‘grub_uint64_t’ + 80 | grub_uint64_t addr; + + Reviewed-by: Daniel Kiper + +2020-12-11 Javier Martinez Canillas + + i386: Don't include in coreboot and ieee1275 startup.S + Nothing defined in the header file is used in the assembly code but it + may lead to build errors if some headers are included through this and + contains definitions that are not recognized by the assembler, e.g.: + + ../include/grub/types.h: Assembler messages: + ../include/grub/types.h:76: Error: no such instruction: `typedef signed char grub_int8_t' + ../include/grub/types.h:77: Error: no such instruction: `typedef short grub_int16_t' + ../include/grub/types.h:78: Error: no such instruction: `typedef int grub_int32_t' + + Reviewed-by: Daniel Kiper + +2020-11-20 Glenn Washburn + + luks2: Rename index variable "j" to "i" in luks2_get_keyslot() + Looping variable "j" was named such because the variable name "i" was taken. + Since "i" has been renamed in the previous patch, we can rename "j" to "i". + + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2020-11-20 Glenn Washburn + + luks2: Rename variable "i" to "keyslot_idx" in luks2_get_keyslot() + Variables named "i" are usually looping variables. So, rename it to + "keyslot_idx" to ease luks2_get_keyslot() reading. + + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2020-11-20 Glenn Washburn + + luks2: Use correct index variable when looping in luks2_get_keyslot() + The loop variable "j" should be used to index the digests and segments json + array, instead of the variable "i", which is the keyslot index. + + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2020-11-20 Glenn Washburn + + luks2: Rename source disk variable named "disk" to "source" as in luks.c + This makes it more obvious to the reader that the disk referred to is the + source disk, as opposed to say the disk holding the cryptodisk. + + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2020-11-20 Glenn Washburn + + cryptodisk: Rename "offset" in grub_cryptodisk_t to "offset_sectors" + This makes it clear that the offset represents sectors, not bytes, in + order to improve readability. + + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2020-11-20 Glenn Washburn + + cryptodisk: Rename "total_length" field in grub_cryptodisk_t to "total_sectors" + This creates an alignment with grub_disk_t naming of the same field and is + more intuitive as to how it should be used. + + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2020-11-20 Glenn Washburn + + types: Define GRUB_CHAR_BIT based on compiler macro instead of using literal + Reviewed-by: Daniel Kiper + +2020-11-20 Javier Martinez Canillas + + include/grub/arm64/linux.h: Include missing header + This header uses types defined in but does not include it, + which leads to compile errors like the following: + + ../include/grub/cpu/linux.h:27:3: error: unknown type name ‘grub_uint32_t’ + 27 | grub_uint32_t code0; /* Executable code */ + | ^~~~~~~~~~~~~ + + Reviewed-by: Daniel Kiper + +2020-11-20 Javier Martinez Canillas + + include/grub/arm/system.h: Include missing header + The header uses the EXPORT_FUNC() macro defined in but + doesn't include it, which leads to the following compile error on arm: + + ../include/grub/cpu/system.h:12:13: error: ‘EXPORT_FUNC’ declared as function returning a function + 12 | extern void EXPORT_FUNC(grub_arm_disable_caches_mmu) (void); + | ^~~~~~~~~~~ + ../include/grub/cpu/system.h:12:1: warning: parameter names (without types) in function declaration + 12 | extern void EXPORT_FUNC(grub_arm_disable_caches_mmu) (void); + | ^~~~~~ + make[3]: *** [Makefile:36581: kern/efi/kernel_exec-sb.o] Error 1 + + Reviewed-by: Daniel Kiper + +2020-11-20 Daniel Axtens + + docs: grub-install --pubkey has been supported for some time + grub-install --pubkey is supported, so we can now document it. + + Reviewed-by: Daniel Kiper + +2020-11-20 Daniel Axtens + + docs: grub-install is no longer a shell script + Since commit cd46aa6cefab in 2013, grub-install hasn't been a shell + script. The para doesn't really add that much, especially since it's + the user manual, so just drop it. + + Reviewed-by: Daniel Kiper + +2020-10-30 Jacob Kroon + + Makefile: Remove unused GRUB_PKGLIBDIR definition + Reviewed-by: Daniel Kiper + +2020-10-30 Daniel Axtens + + lzma: Fix compilation error under clang 10 + Compiling under clang 10 gives: + + grub-core/lib/LzmaEnc.c:1362:9: error: misleading indentation; statement is not part of the previous 'if' [-Werror,-Wmisleading-indentation] + { + ^ + grub-core/lib/LzmaEnc.c:1358:7: note: previous statement is here + if (repIndex == 0) + ^ + 1 error generated. + + It's not really that unclear in context: there's a commented-out + if-statement. But tweak the alignment anyway so that clang is happy. + + Reviewed-by: Daniel Kiper + +2020-10-30 Cao jin + + kern/i386/realmode: Update comment + Commit b81d609e4c did not update it. + + Reviewed-by: Daniel Kiper + +2020-10-30 Glenn Washburn + + cryptodisk: Fix cipher IV mode "plain64" always being set as "plain" + When setting cipher IV mode, detection is done by prefix matching the + cipher IV mode part of the cipher mode string. Since "plain" matches + "plain64", we must check for "plain64" first. Otherwise, "plain64" will + be detected as "plain". + + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2020-09-18 Glenn Washburn + + crypto: Remove GPG_ERROR_CFLAGS from gpg_err_code_t enum + This was probably added by accident when originally creating the file. + + Reviewed-by: Daniel Kiper + +2020-09-18 Glenn Washburn + + script: Do not allow a delimiter between function name and block start + Currently the following is valid syntax but should be a syntax error: + + grub> function f; { echo HERE; } + grub> f + HERE + + This fix is not backward compatible, but current syntax is not documented + either and has no functional value. So any scripts with this unintended + syntax are technically syntactically incorrect and should not be relying + on this behavior. + + Reviewed-by: Daniel Kiper + +2020-09-18 Glenn Washburn + + docs: Support for loading and concatenating multiple initrds + This has been available since January of 2012 but has not been documented. + + Reviewed-by: Daniel Kiper + +2020-09-18 Glenn Washburn + + lexer: char const * should be const char * + Reviewed-by: Daniel Kiper + + cryptodisk: Use cipher name instead of object in error message + Reviewed-by: Daniel Kiper + +2020-09-18 Glenn Washburn + + tests: F2FS test should use MOUNTDEVICE like other tests + LODEVICES is not an array variable and should not be accessed as such. + This allows the f2fs test to pass as it was failing because a device + name had a space prepended to the path. + + Acked-by: Jaegeuk Kim + Tested-by: Paul Menzel + Reviewed-by: Daniel Kiper + +2020-09-18 Florian La Roche + + grub-mkconfig: If $hints is not set reduce the output into grub.cfg to just 1 line + Reviewed-by: Daniel Kiper + +2020-09-18 Petr Vorel + + travis: Run bootstrap to fix build + autogen.sh isn't enough: + + $ ./autogen.sh + Gnulib not yet bootstrapped; run ./bootstrap instead. + The command "./autogen.sh" exited with 1. + + Additionally, using bootstrap requires to install autopoint package. + + Reviewed-by: Daniel Kiper + +2020-09-18 Patrick Steinhardt + + luks2: Strip dashes off of the UUID + The UUID header for LUKS2 uses a format with dashes, same as for + LUKS(1). But while we strip these dashes for the latter, we don't for + the former. This isn't wrong per se, but it's definitely inconsistent + for users as they need to use the dashed format for LUKS2 and the + non-dashed format for LUKS when e.g. calling "cryptomount -u $UUID". + + Fix this inconsistency by stripping dashes off of the LUKS2 UUID. + + Reviewed-by: Daniel Kiper + +2020-09-18 Tianjia Zhang + + efi/tpm: Remove unused functions and structures + Although the tpm_execute() series of functions are defined they are not + used anywhere. Several structures in the include/grub/efi/tpm.h header + file are not used too. There is even nonexistent grub_tpm_init() + declaration in this header. Delete all that unneeded stuff. + + If somebody needs the functionality implemented in the dropped code then + he/she can re-add it later. Now it needlessly increases the GRUB + code/image size. + + Reviewed-by: Daniel Kiper + +2020-09-18 Tianjia Zhang + + shim_lock: Enable module for all EFI architectures + Like the tpm the shim_lock module is only enabled for x86_64 target. + However, there's nothing specific to x86_64 in the implementation and + it can be enabled for all EFI architectures. + + Reviewed-by: Daniel Kiper + +2020-09-18 Daniel Kiper + + efi/tpm: Fix typo in grub_efi_tpm2_protocol struct + Rename get_active_pcr_blanks() to get_active_pcr_banks(). + + Reviewed-by: Javier Martinez Canillas + +2020-09-18 Daniel Kiper + + i386/efi/init: Drop bogus include + Reviewed-by: Javier Martinez Canillas + +2020-09-18 Daniel Kiper + + docs: Fix devicetree command description + Specifically fix the subsection and drop bogus reference to the GNU/Linux. + + Reported-by: Patrick Higgins + Reviewed-by: Javier Martinez Canillas + +2020-09-18 Martin Whitaker + + grub-install: Fix inverted test for NLS enabled when copying locales + Commit 3d8439da8 (grub-install: Locale depends on nls) attempted to avoid + copying locale files to the target directory when NLS was disabled. + However the test is inverted, and it does the opposite. + + Reviewed-by: Javier Martinez Canillas + +2020-09-11 Javier Martinez Canillas + + tftp: Roll-over block counter to prevent data packets timeouts + Commit 781b3e5efc3 (tftp: Do not use priority queue) caused a regression + when fetching files over TFTP whose size is bigger than 65535 * block size. + + grub> linux /images/pxeboot/vmlinuz + grub> echo $? + 0 + grub> initrd /images/pxeboot/initrd.img + error: timeout reading '/images/pxeboot/initrd.img'. + grub> echo $? + 28 + + It is caused by the block number counter being a 16-bit field, which leads + to a maximum file size of ((1 << 16) - 1) * block size. Because GRUB sets + the block size to 1024 octets (by using the TFTP Blocksize Option from RFC + 2348 [0]), the maximum file size that can be transferred is 67107840 bytes. + + The TFTP PROTOCOL (REVISION 2) RFC 1350 [1] does not mention what a client + should do when a file size is bigger than the maximum, but most TFTP hosts + support the block number counter to be rolled over. That is, acking a data + packet with a block number of 0 is taken as if the 65356th block was acked. + + It was working before because the block counter roll-over was happening due + an overflow. But that got fixed by the mentioned commit, which led to the + regression when attempting to fetch files larger than the maximum size. + + To allow TFTP file transfers of unlimited size again, re-introduce a block + counter roll-over so the data packets are acked preventing the timeouts. + + [0]: https://tools.ietf.org/html/rfc2348 + [1]: https://tools.ietf.org/html/rfc1350 + + Fixes: 781b3e5efc3 (tftp: Do not use priority queue) + + Suggested-by: Peter Jones + Reviewed-by: Daniel Kiper + +2020-09-11 Florian La Roche + + templates: Remove unnecessary trailing semicolon + Reviewed-by: Daniel Kiper + +2020-09-11 Glenn Washburn + + cryptodisk: Fix incorrect calculation of start sector + Here dev is a grub_cryptodisk_t and dev->offset is offset in sectors of size + native to the cryptodisk device. The sector is correctly transformed into + native grub sector size, but then added to dev->offset which is not + transformed. It would be nice if the type system would help us with this. + + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2020-09-11 Glenn Washburn + + cryptodisk: Unregister cryptomount command when removing module + Reviewed-by: Patrick Steinhardt + Reviewed-by: Daniel Kiper + +2020-09-11 Patrick Steinhardt + + luks2: Improve error reporting when decrypting/verifying key + While we already set up error messages in both luks2_verify_key() and + luks2_decrypt_key(), we do not ever print them. This makes it really + hard to discover why a given key actually failed to decrypt a disk. + + Improve this by including the error message in the user-visible output. + + Reviewed-by: Daniel Kiper + +2020-09-11 Patrick Steinhardt + + luks: Fix out-of-bounds copy of UUID + When configuring a LUKS disk, we copy over the UUID from the LUKS header + into the new grub_cryptodisk_t structure via grub_memcpy(). As size + we mistakenly use the size of the grub_cryptodisk_t UUID field, which + is guaranteed to be strictly bigger than the LUKS UUID field we're + copying. As a result, the copy always goes out-of-bounds and copies some + garbage from other surrounding fields. During runtime, this isn't + noticed due to the fact that we always NUL-terminate the UUID and thus + never hit the trailing garbage. + + Fix the issue by using the size of the local stripped UUID field. + + Reviewed-by: Daniel Kiper + +2020-09-11 Patrick Steinhardt + + json: Remove invalid typedef redefinition + The C standard does not allow for typedef redefinitions, even if they + map to the same underlying type. In order to avoid including the + jsmn.h in json.h and thus exposing jsmn's internals, we have exactly + such a forward-declaring typedef in json.h. If enforcing the GNU99 C + standard, clang may generate a warning about this non-standard + construct. + + Fix the issue by using a simple "struct jsmntok" forward declaration + instead of using a typedef. + + Tested-by: Chuck Tuffli + Reviewed-by: Daniel Kiper + +2020-09-11 Cao jin + + i386/relocator_common: Drop empty #ifdef + Reviewed-by: Daniel Kiper + +2020-09-11 Ave Milia + + video/bochs: Fix typo + Reviewed-by: Daniel Kiper + +2020-07-29 Colin Watson + + linux: Fix integer overflows in initrd size handling + These could be triggered by a crafted filesystem with very large files. + + Fixes: CVE-2020-15707 + + Reviewed-by: Jan Setje-Eilers + Reviewed-by: Daniel Kiper + +2020-07-29 Peter Jones + + loader/linux: Avoid overflow on initrd size calculation + Reviewed-by: Daniel Kiper + +2020-07-29 Alexey Makhalov + + efi: Fix use-after-free in halt/reboot path + commit 92bfc33db984 ("efi: Free malloc regions on exit") + introduced memory freeing in grub_efi_fini(), which is + used not only by exit path but by halt/reboot one as well. + As result of memory freeing, code and data regions used by + modules, such as halt, reboot, acpi (used by halt) also got + freed. After return to module code, CPU executes, filled + by UEFI firmware (tested with edk2), 0xAFAFAFAF pattern as + a code. Which leads to #UD exception later. + + grub> halt + !!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!! + RIP - 0000000003F4EC28, CS - 0000000000000038, RFLAGS - 0000000000200246 + RAX - 0000000000000000, RCX - 00000000061DA188, RDX - 0A74C0854DC35D41 + RBX - 0000000003E10E08, RSP - 0000000007F0F860, RBP - 0000000000000000 + RSI - 00000000064DB768, RDI - 000000000832C5C3 + R8 - 0000000000000002, R9 - 0000000000000000, R10 - 00000000061E2E52 + R11 - 0000000000000020, R12 - 0000000003EE5C1F, R13 - 00000000061E0FF4 + R14 - 0000000003E10D80, R15 - 00000000061E2F60 + DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030 + GS - 0000000000000030, SS - 0000000000000030 + CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 0000000007C01000 + CR4 - 0000000000000668, CR8 - 0000000000000000 + DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 + DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 + GDTR - 00000000079EEA98 0000000000000047, LDTR - 0000000000000000 + IDTR - 0000000007598018 0000000000000FFF, TR - 0000000000000000 + FXSAVE_STATE - 0000000007F0F4C0 + + Proposal here is to continue to free allocated memory for + exit boot services path but keep it for halt/reboot path + as it won't be much security concern here. + Introduced GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY + loader flag to be used by efi halt/reboot path. + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2020-07-29 Daniel Kiper + + efi/chainloader: Propagate errors from copy_file_path() + Without any error propagated to the caller, make_file_path() + would then try to advance the invalid device path node with + GRUB_EFI_NEXT_DEVICE_PATH(), which would fail, returning a NULL + pointer that would subsequently be dereferenced. Hence, propagate + errors from copy_file_path(). + + Reviewed-by: Daniel Kiper + +2020-07-29 Peter Jones + + efi: Fix some malformed device path arithmetic errors + Several places we take the length of a device path and subtract 4 from + it, without ever checking that it's >= 4. There are also cases where + this kind of malformation will result in unpredictable iteration, + including treating the length from one dp node as the type in the next + node. These are all errors, no matter where the data comes from. + + This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which + can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH() + return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when + the length is too small. Additionally, it makes several places in the + code check for and return errors in these cases. + + Reviewed-by: Daniel Kiper + +2020-07-29 Peter Jones + + emu: Make grub_free(NULL) safe + The grub_free() implementation in grub-core/kern/mm.c safely handles + NULL pointers, and code at many places depends on this. We don't know + that the same is true on all host OSes, so we need to handle the same + behavior in grub-emu's implementation. + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2020-07-29 Peter Jones + + lvm: Fix two more potential data-dependent alloc overflows + It appears to be possible to make a (possibly invalid) lvm PV with + a metadata size field that overflows our type when adding it to the + address we've allocated. Even if it doesn't, it may be possible to do so + with the math using the outcome of that as an operand. Check them both. + + Reviewed-by: Daniel Kiper + +2020-07-29 Peter Jones + + hfsplus: Fix two more overflows + Both node->size and node->namelen come from the supplied filesystem, + which may be user-supplied. We can't trust them for the math unless we + know they don't overflow. Making sure they go through grub_add() or + grub_calloc() first will give us that. + + Reviewed-by: Darren Kenny + Reviewed-by: Daniel Kiper + +2020-07-29 Alexey Makhalov + + relocator: Fix grub_relocator_alloc_chunk_align() top memory allocation + Current implementation of grub_relocator_alloc_chunk_align() + does not allow allocation of the top byte. + + Assuming input args are: + max_addr = 0xfffff000; + size = 0x1000; + + And this is valid. But following overflow protection will + unnecessarily move max_addr one byte down (to 0xffffefff): + if (max_addr > ~size) + max_addr = ~size; + + ~size + 1 will fix the situation. In addition, check size + for non zero to do not zero max_addr. + + Reviewed-by: Daniel Kiper + +2020-07-29 Chris Coulson + + script: Avoid a use-after-free when redefining a function during execution + Defining a new function with the same name as a previously defined + function causes the grub_script and associated resources for the + previous function to be freed. If the previous function is currently + executing when a function with the same name is defined, this results + in use-after-frees when processing subsequent commands in the original + function. + + Instead, reject a new function definition if it has the same name as + a previously defined function, and that function is currently being + executed. Although a behavioural change, this should be backwards + compatible with existing configurations because they can't be + dependent on the current behaviour without being broken. + + Fixes: CVE-2020-15706 + + Reviewed-by: Daniel Kiper + +2020-07-29 Chris Coulson + + script: Remove unused fields from grub_script_function struct + Reviewed-by: Daniel Kiper + +2020-07-29 Alexey Makhalov + + relocator: Protect grub_relocator_alloc_chunk_align() max_addr against integer underflow + This commit introduces integer underflow mitigation in max_addr calculation + in grub_relocator_alloc_chunk_align() invocation. + + It consists of 2 fixes: + 1. Introduced grub_relocator_alloc_chunk_align_safe() wrapper function to perform + sanity check for min/max and size values, and to make safe invocation of + grub_relocator_alloc_chunk_align() with validated max_addr value. Replace all + invocations such as grub_relocator_alloc_chunk_align(..., min_addr, max_addr - size, size, ...) + by grub_relocator_alloc_chunk_align_safe(..., min_addr, max_addr, size, ...). + 2. Introduced UP_TO_TOP32(s) macro for the cases where max_addr is 32-bit top + address (0xffffffff - size + 1) or similar. + + Reviewed-by: Daniel Kiper + +2020-07-29 Alexey Makhalov + + relocator: Protect grub_relocator_alloc_chunk_addr() input args against integer underflow/overflow + Use arithmetic macros from safemath.h to accomplish it. In this commit, + I didn't want to be too paranoid to check every possible math equation + for overflow/underflow. Only obvious places (with non zero chance of + overflow/underflow) were refactored. + + Reviewed-by: Daniel Kiper + +2020-07-29 Alexey Makhalov + + tftp: Do not use priority queue + There is not need to reassemble the order of blocks. Per RFC 1350, + server must wait for the ACK, before sending next block. Data packets + can be served immediately without putting them to priority queue. + + Logic to handle incoming packet is this: + - if packet block id equal to expected block id, then + process the packet, + - if packet block id is less than expected - this is retransmit + of old packet, then ACK it and drop the packet, + - if packet block id is more than expected - that shouldn't + happen, just drop the packet. + + It makes the tftp receive path code simpler, smaller and faster. + As a benefit, this change fixes CID# 73624 and CID# 96690, caused + by following while loop: + + while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0) + + where tftph pointer is not moving from one iteration to another, causing + to serve same packet again. Luckily, double serving didn't happen due to + data->block++ during the first iteration. + + Fixes: CID 73624, CID 96690 + + Reviewed-by: Daniel Kiper + +2020-07-29 Konrad Rzeszutek Wilk + + multiboot2: Fix memory leak if grub_create_loader_cmdline() fails + Fixes: CID 292468 + + Reviewed-by: Daniel Kiper + +2020-07-29 Konrad Rzeszutek Wilk + + udf: Fix memory leak + Fixes: CID 73796 + + Reviewed-by: Daniel Kiper + Reviewed-by: Jan Setje-Eilers + +2020-07-29 Konrad Rzeszutek Wilk + + term: Fix overflow on user inputs + This requires a very weird input from the serial interface but can cause + an overflow in input_buf (keys) overwriting the next variable (npending) + with the user choice: + + (pahole output) + + struct grub_terminfo_input_state { + int input_buf[6]; /* 0 24 */ + int npending; /* 24 4 */ <- CORRUPT + ...snip... + + The magic string requires causing this is "ESC,O,],0,1,2,q" and we overflow + npending with "q" (aka increase npending to 161). The simplest fix is to + just to disallow overwrites input_buf, which exactly what this patch does. + + Fixes: CID 292449 + + Reviewed-by: Daniel Kiper + +2020-07-29 Konrad Rzeszutek Wilk + + lzma: Make sure we don't dereference past array + The two dimensional array p->posSlotEncoder[4][64] is being dereferenced + using the GetLenToPosState() macro which checks if len is less than 5, + and if so subtracts 2 from it. If len = 0, that is 0 - 2 = 4294967294. + Obviously we don't want to dereference that far out so we check if the + position found is greater or equal kNumLenToPosStates (4) and bail out. + + N.B.: Upstream LZMA 18.05 and later has this function completely rewritten + without any history. + + Fixes: CID 51526 + + Reviewed-by: Daniel Kiper + +2020-07-29 Chris Coulson + + json: Avoid a double-free when parsing fails. + When grub_json_parse() succeeds, it returns the root object which + contains a pointer to the provided JSON string. Callers are + responsible for ensuring that this string outlives the root + object and for freeing its memory when it's no longer needed. + + If grub_json_parse() fails to parse the provided JSON string, + it frees the string before returning an error. This results + in a double free in luks2_recover_key(), which also frees the + same string after grub_json_parse() returns an error. + + This changes grub_json_parse() to never free the JSON string + passed to it, and updates the documentation for it to make it + clear that callers are responsible for ensuring that the string + outlives the root JSON object. + + Fixes: CID 292465 + + Reviewed-by: Daniel Kiper + +2020-07-29 Alexey Makhalov + + xnu: Fix double free in grub_xnu_devprop_add_property() + grub_xnu_devprop_add_property() should not free utf8 and utf16 as it get + allocated and freed in the caller. + + Minor improvement: do prop fields initialization after memory allocations. + + Fixes: CID 292442, CID 292457, CID 292460, CID 292466 + + Reviewed-by: Daniel Kiper + +2020-07-29 Alexey Makhalov + + gfxmenu: Fix double free in load_image() + self->bitmap should be zeroed after free. Otherwise, there is a chance + to double free (USE_AFTER_FREE) it later in rescale_image(). + + Fixes: CID 292472 + + Reviewed-by: Daniel Kiper + +2020-07-29 Daniel Kiper + + font: Do not load more than one NAME section + The GRUB font file can have one NAME section only. Though if somebody + crafts a broken font file with many NAME sections and loads it then the + GRUB leaks memory. So, prevent against that by loading first NAME + section and failing in controlled way on following one. + + Reported-by: Chris Coulson + Reviewed-by: Jan Setje-Eilers + +2020-07-29 Peter Jones + + iso9660: Don't leak memory on realloc() failures + Reviewed-by: Daniel Kiper + +2020-07-29 Peter Jones + + malloc: Use overflow checking primitives where we do complex allocations + This attempts to fix the places where we do the following where + arithmetic_expr may include unvalidated data: + + X = grub_malloc(arithmetic_expr); + + It accomplishes this by doing the arithmetic ahead of time using grub_add(), + grub_sub(), grub_mul() and testing for overflow before proceeding. + + Among other issues, this fixes: + - allocation of integer overflow in grub_video_bitmap_create() + reported by Chris Coulson, + - allocation of integer overflow in grub_png_decode_image_header() + reported by Chris Coulson, + - allocation of integer overflow in grub_squash_read_symlink() + reported by Chris Coulson, + - allocation of integer overflow in grub_ext2_read_symlink() + reported by Chris Coulson, + - allocation of integer overflow in read_section_as_string() + reported by Chris Coulson. + + Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 + + Reviewed-by: Daniel Kiper + +2020-07-29 Peter Jones + + calloc: Use calloc() at most places + This modifies most of the places we do some form of: + + X = malloc(Y * Z); + + to use calloc(Y, Z) instead. + + Among other issues, this fixes: + - allocation of integer overflow in grub_png_decode_image_header() + reported by Chris Coulson, + - allocation of integer overflow in luks_recover_key() + reported by Chris Coulson, + - allocation of integer overflow in grub_lvm_detect() + reported by Chris Coulson. + + Fixes: CVE-2020-14308 + + Reviewed-by: Daniel Kiper + +2020-07-29 Peter Jones + + calloc: Make sure we always have an overflow-checking calloc() available + This tries to make sure that everywhere in this source tree, we always have + an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.) + available, and that they all safely check for overflow and return NULL when + it would occur. + + Reviewed-by: Daniel Kiper + +2020-07-29 Peter Jones + + safemath: Add some arithmetic primitives that check for overflow + This adds a new header, include/grub/safemath.h, that includes easy to + use wrappers for __builtin_{add,sub,mul}_overflow() declared like: + + bool OP(a, b, res) + + where OP is grub_add, grub_sub or grub_mul. OP() returns true in the + case where the operation would overflow and res is not modified. + Otherwise, false is returned and the operation is executed. + + These arithmetic primitives require newer compiler versions. So, bump + these requirements in the INSTALL file too. + + Reviewed-by: Daniel Kiper + +2020-07-29 Peter Jones + + yylex: Make lexer fatal errors actually be fatal + When presented with a command that can't be tokenized to anything + smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg), + expecting that will stop further processing, as such: + + #define YY_DO_BEFORE_ACTION \ + yyg->yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yyg->yy_hold_char = *yy_cp; \ + *yy_cp = '\0'; \ + if ( yyleng >= YYLMAX ) \ + YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \ + yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \ + yyg->yy_c_buf_p = yy_cp; + + The code flex generates expects that YY_FATAL_ERROR() will either return + for it or do some form of longjmp(), or handle the error in some way at + least, and so the strncpy() call isn't in an "else" clause, and thus if + YY_FATAL_ERROR() is *not* actually fatal, it does the call with the + questionable limit, and predictable results ensue. + + Unfortunately, our implementation of YY_FATAL_ERROR() is: + + #define YY_FATAL_ERROR(msg) \ + do { \ + grub_printf (_("fatal error: %s\n"), _(msg)); \ + } while (0) + + The same pattern exists in yyless(), and similar problems exist in users + of YY_INPUT(), several places in the main parsing loop, + yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack, + yy_scan_buffer(), etc. + + All of these callers expect YY_FATAL_ERROR() to actually be fatal, and + the things they do if it returns after calling it are wildly unsafe. + + Fixes: CVE-2020-10713 + + Reviewed-by: Daniel Kiper + +2020-05-25 Marc Zyngier + + arm: Fix 32-bit ARM handling of the CTR register + When booting on an ARMv8 core that implements either CTR.IDC or CTR.DIC + (indicating that some of the cache maintenance operations can be + removed when dealing with I/D-cache coherency, GRUB dies with a + "Unsupported cache type 0x........" message. + + This is pretty likely to happen when running in a virtual machine + hosted on an arm64 machine (I've triggered it on a system built around + a bunch of Cortex-A55 cores, which implements CTR.IDC). + + It turns out that the way GRUB deals with the CTR register is a bit + harsh for anything from ARMv7 onwards. The layout of the register is + backward compatible, meaning that nothing that gets added is allowed to + break earlier behaviour. In this case, ignoring IDC is completely fine, + and only results in unnecessary cache maintenance. + + We can thus avoid being paranoid, and align the 32bit behaviour with + its 64bit equivalent. + + This patch has the added benefit that it gets rid of a (gnu-specific) + case range too. + + Reviewed-by: Leif Lindholm + Reviewed-by: Daniel Kiper + +2020-05-25 Ian Jackson + + templates/20_linux_xen: Support Xen Security Modules (XSM/FLASK) + XSM is enabled by adding "flask=enforcing" as a Xen command line + argument, and providing the policy file as a grub module. + + We make entries for both with and without XSM. If XSM is not compiled + into Xen, then there are no policy files, so no change to the boot + options. + + Reviewed-by: Daniel Kiper + +2020-05-25 Ian Jackson + + templates/20_linux_xen: Ignore xenpolicy and config files too + file_is_not_sym() currently only checks for xen-syms. Extend it to + disregard xenpolicy (XSM policy files) and files ending .config (which + are built by the Xen upstream build system in some configurations and + can therefore end up in /boot). + + Rename the function accordingly, to file_is_not_xen_garbage(). + + Reviewed-by: Daniel Kiper + +2020-05-25 Javier Martinez Canillas + + net: Break out nested function + Nested functions are not supported in C, but are permitted as an extension + in the GNU C dialect. Commit cb2f15c5448 ("normal/main: Search for specific + config files for netboot") added a nested function which caused the build + to break when compiling with clang. + + Break that out into a static helper function to make the code portable again. + + Reported-by: Daniel Axtens + Tested-by: Daniel Axtens + Reviewed-by: Daniel Kiper + +2020-05-25 Javier Martinez Canillas + + tpm: Enable module for all EFI platforms + The module is only enabled for x86_64, but there's nothing specific to + x86_64 in the implementation and can be enabled for all EFI platforms. + + Reviewed-by: Daniel Kiper + +2020-05-25 Daniel Kiper + + INSTALL/configure: Update install doc and configure comment + ..to reflect the GRUB build reality in them. + + Additionally, fix text formatting a bit. + + Reviewed-by: Leif Lindholm + +2020-05-25 Daniel Kiper + + configure: Set gnu99 C language standard by default + Commit d5a32255d (misc: Make grub_strtol() "end" pointers have safer + const qualifiers) introduced "restrict" keyword into some functions + definitions. This keyword was introduced in C99 standard. However, some + compilers by default may use C89 or something different. This behavior + leads to the breakage during builds when c89 or gnu89 is in force. So, + let's set gnu99 C language standard for all compilers by default. This + way a bit random build issue will be fixed and the GRUB source will be + build consistently regardless of type and version of the compiler. + + It was decided to use gnu99 C language standard because it fixes the + issue mentioned above and also provides some useful extensions which are + used here and there in the GRUB source. Potentially we can use gnu11 + too. However, this may reduce pool of older compilers which can be used + to build the GRUB. So, let's live with gnu99 until we discover that we + strongly require a feature from newer C standard. + + The user is still able to override C language standard using relevant + *_CFLAGS variables. + + Reviewed-by: Leif Lindholm + +2020-05-15 Tianjia Zhang + + tpm: Rename function grub_tpm_log_event() to grub_tpm_measure() + grub_tpm_log_event() and grub_tpm_measure() are two functions that + have the same effect. So, keep grub_tpm_log_event() and rename it + to grub_tpm_measure(). This way we get also a more clear semantics. + + Reviewed-by: Daniel Kiper + +2020-05-15 Daniel Kiper + + autogen: Replace -iname with -ipath in find command + ..because -iname cannot be used to match paths. + + Reviewed-by: Javier Martinez Canillas + Reviewed-by: Leif Lindholm + Reviewed-by: Daniel Axtens + +2020-05-15 Daniel Kiper + + INSTALL: Update configure example + ..to make it more relevant. + + Reviewed-by: Leif Lindholm + +2020-05-15 Daniel Kiper + + configure: Drop unneeded TARGET_CFLAGS expansion + Reviewed-by: Javier Martinez Canillas + Reviewed-by: Leif Lindholm + +2020-05-15 Jacob Kroon + + docs/grub: Support for probing partition UUID on MSDOS disks + Support was implemented in commit c7cb11b21 (probe: Support probing for + msdos PARTUUID). + + Reviewed-by: Daniel Kiper + +2020-05-15 Tianjia Zhang + + verifiers: Add verify string debug message + Like grub_verifiers_open(), the grub_verify_string() should also + display this debug message, which is very helpful for debugging. + + Reviewed-by: Daniel Kiper + +2020-05-15 Javier Martinez Canillas + + envblk: Fix buffer overrun when attempting to shrink a variable value + If an existing variable is set with a value whose length is smaller than + the current value, a memory corruption can happen due copying padding '#' + characters outside of the environment block buffer. + + This is caused by a wrong calculation of the previous free space position + after moving backward the characters that followed the old variable value. + + That position is calculated to fill the remaining of the buffer with the + padding '#' characters. But since isn't calculated correctly, it can lead + to copies outside of the buffer. + + The issue can be reproduced by creating a variable with a large value and + then try to set a new value that is much smaller: + + $ grub2-editenv --version + grub2-editenv (GRUB) 2.04 + + $ grub2-editenv env create + + $ grub2-editenv env set a="$(for i in {1..500}; do var="b$var"; done; echo $var)" + + $ wc -c env + 1024 grubenv + + $ grub2-editenv env set a="$(for i in {1..50}; do var="b$var"; done; echo $var)" + malloc(): corrupted top size + Aborted (core dumped) + + $ wc -c env + 0 grubenv + + Reported-by: Renaud Métrich + Reviewed-by: Daniel Kiper + +2020-05-15 Hans Ulrich Niedermann + + docs: Remove docs for non-existing uppermem command + Remove all documentation of and mentions of the uppermem + command from the docs/grub.texi file. + + The uppermem command is not implemented in the GRUB source + at all and appears to never have been implemented despite + former plans to add an uppermem command. + + To reduce user confusion, this even removes the paragraph + describing how GRUB's uppermem command was supposed to + complement the Linux kernel's mem= parameter. + + Reviewed-by: Daniel Kiper + +2020-05-15 Hans Ulrich Niedermann + + docs: Remove docs for non-existing pxe_unload command + Remove the documentation of the pxe_unload command from the + docs/grub.texi file. + + The pxe_unload command is not implemented in the grub source + at this time at all. It appears to have been removed in commit + 671a78acb (cleanup pxe and efi network release). + + Reviewed-by: Daniel Kiper + +2020-05-15 Hans Ulrich Niedermann + + gitignore: Add a few forgotten file patterns + Add a few patterns to .gitignore to cover files which are generated + by building grub ("make", "make check", "make dist") but which have + been forgotten to add to .gitignore in the past. + + Reviewed-by: Daniel Kiper + +2020-05-15 Hans Ulrich Niedermann + + gitignore: Add leading slashes where appropriate + Going through the list of gitignore patterns without a leading slash, + this adds a leading slash where it appears to have been forgotten. + + Some gitignore patterns like ".deps/" or "Makefile" clearly should + match everywhere, so those definitively need no leading slash. + + For some patterns like "ascii.bitmaps", it is unclear where in the + source tree they should match. Those patterns are kept as they are, + matching the patterns in the whole tree of subdirectories. + + Reviewed-by: Daniel Kiper + +2020-05-15 Hans Ulrich Niedermann + + gitignore: Add trailing slashes for directories + Add trailing slashes for all patterns matching directories. + + Note that we do *not* add trailing slashes for *symlinks* + to directories. + + Reviewed-by: Daniel Kiper + +2020-05-15 Hans Ulrich Niedermann + + gitignore: Sort both pattern groups alphabetically + Alphabetically sort the two groups of gitignore patterns: + + * The group of patterns without slashes, matching anywhere + in the directory subtree. + + * The group of patterns with slashes, matching relative to the + .gitignore file's directory + + Reviewed-by: Daniel Kiper + +2020-05-15 Hans Ulrich Niedermann + + gitignore: Group patterns with and without slash + Group the .gitignore patterns into two groups: + + * Pattern not including a slash, i.e. matching files anywhere in + the .gitignore file's directory and all of its subdirectories. + + * Patterns including a slash, i.e. matching only relative to the + .gitignore file's directory. + + Reviewed-by: Daniel Kiper + +2020-05-15 Hans Ulrich Niedermann + + gitignore: Consistent leading slash is easier to read + As all gitignore patterns containing a left or middle slash match + only relative to the .gitignore file's directory, we write them + all in the same manner with a leading slash. + + This makes the file significantly easier to read. + + Reviewed-by: Daniel Kiper + +2020-05-15 Daniel Kiper + + mips/cache: Add missing nop's in delay slots + Lack of them causes random instructions to be executed before the + jump really happens. + + Reviewed-by: Daniel Kiper + +2020-04-21 Patrick Steinhardt + + luks2: Propagate error when reading area key fails + When decrypting a given keyslot, all error cases except for one set up + an error and return the error code. The only exception is when we try to + read the area key: instead of setting up an error message, we directly + print it via grub_dprintf(). + + Convert the outlier to use grub_error() to allow more uniform handling + of errors. + + Reviewed-by: Daniel Kiper + +2020-04-21 Patrick Steinhardt + + json: Get rid of casts for "jsmntok_t" + With the upstream change having landed that adds a name to the + previously anonymous "jsmntok" typedef, we can now add a forward + declaration for that struct in our code. As a result, we no longer have + to store the "tokens" member of "struct grub_json" as a void pointer but + can instead use the forward declaration, allowing us to get rid of casts + of that field. + + Reviewed-by: Daniel Kiper + +2020-04-21 Patrick Steinhardt + + json: Update jsmn library to upstream commit 053d3cd + Update our embedded version of the jsmn library to upstream commit + 053d3cd (Merge pull request #175 from pks-t/pks/struct-type, + 2020-04-02). + + Reviewed-by: Daniel Kiper + +2020-04-21 Steve Langasek + + templates: Output a menu entry for firmware setup on UEFI FastBoot systems + The fwsetup command allows to reboot into the EFI firmware setup menu, add + a template to include a menu entry on EFI systems that makes use of that + command to reboot into the EFI firmware settings. + + This is useful for users since the hotkey to enter into the EFI setup menu + may not be the same on all systems so users can use the menu entry without + needing to figure out what key needs to be pressed. + + Also, if fastboot is enabled in the BIOS then often it is not possible to + enter the firmware setup menu. So the entry is again useful for this case. + + Reviewed-by: Daniel Kiper + +2020-04-21 Hans de Goede + + kern/term: Accept ESC, F4 and holding SHIFT as user interrupt keys + On some devices the ESC key is the hotkey to enter the BIOS/EFI setup + screen, making it really hard to time pressing it right. Besides that + ESC is also pretty hard to discover for a user who does not know it + will unhide the menu. + + This commit makes F4, which was chosen because is not used as a hotkey + to enter the BIOS setup by any vendor, also interrupt sleeps / stop the + menu countdown. + + This solves the ESC gets into the BIOS setup and also somewhat solves + the discoverability issue, but leaves the timing issue unresolved. + + This commit fixes the timing issue by also adding support for keeping + SHIFT pressed during boot to stop the menu countdown. This matches + what Ubuntu is doing, which should also help with discoverability. + + Reviewed-by: Daniel Kiper + +2020-04-21 Hans de Goede + + efi/console: Do not set text-mode until we actually need it + If we're running with a hidden menu we may never need text mode, so do not + change the video-mode to text until we actually need it. + + This allows to boot a machine without unnecessary graphical transitions and + provide a seamless boot experience to users. + + Reviewed-by: Daniel Kiper + +2020-04-21 Hans de Goede + + efi/console: Implement getkeystatus() support + Implement getkeystatus() support in the EFI console driver. + + This is needed because the logic to determine if a key was pressed to make + the menu countdown stop will be changed by a later patch to also take into + account the SHIFT key being held down. + + For this reason the EFI console driver has to support getkeystatus() to + allow detecting that event. + + Note that if a non-modifier key gets pressed and repeated calls to + getkeystatus() are made then it will return the modifier status at the + time of the non-modifier key, until that key-press gets consumed by a + getkey() call. + + This is a side-effect of how the EFI simple-text-input protocol works + and cannot be avoided. + + Reviewed-by: Daniel Kiper + +2020-04-21 Hans de Goede + + efi/console: Add grub_console_read_key_stroke() helper function + This is a preparatory patch for adding getkeystatus() support to the + EFI console driver. + + We can get modifier status through the simple_text_input read_key_stroke() + method, but if a non-modifier key is (also) pressed the read_key_stroke() + call will consume that key from the firmware's queue. + + The new grub_console_read_key_stroke() helper buffers upto 1 key-stroke. + If it has a non-modifier key buffered, it will return that one, if its + buffer is empty, it will fills its buffer by getting a new key-stroke. + + If called with consume=1 it will empty its buffer after copying the + key-data to the callers buffer, this is how getkey() will use it. + + If called with consume=0 it will keep the last key-stroke buffered, this + is how getkeystatus() will call it. This means that if a non-modifier + key gets pressed, repeated getkeystatus() calls will return the modifiers + of that key-press until it is consumed by a getkey() call. + + Reviewed-by: Daniel Kiper + +2020-04-21 Hans de Goede + + kern/term: Make grub_getkeystatus() helper function available everywhere + Move grub_getkeystatushelper() function from grub-core/commands/keystatus.c + to grub-core/kern/term.c and export it so that it can be used outside of + the keystatus command code too. + + There's no logic change in this patch. The function definition is moved so + it can be called from grub-core/kern/term.c in a subsequent patch. It will + be used to determine if a SHIFT key has was held down and use that also to + interrupt the countdown, without the need to press a key at the right time. + + Reviewed-by: Daniel Kiper + +2020-04-21 Javier Martinez Canillas + + efi/console: Move grub_console_set{colorstate,cursor} higher in the file + This is just a preparatory patch to move the functions higher in the file, + since these will be called by the grub_prepare_for_text_output() function + that will be introduced in a later patch. + + The logic is unchanged by this patch. Functions definitions are just moved + to avoid a forward declaration in a later patch, keeping the code clean. + + Reviewed-by: Daniel Kiper + +2020-04-21 Paul Menzel + + docs/grub: Fix typo in *preferred* + Reviewed-by: Daniel Kiper + +2020-04-21 Daniel Axtens + + powerpc/mkimage: Fix CHRP note descsz + Currently, an image generated with 'grub-mkimage -n' causes an error when + read with 'readelf -a': + + Displaying notes found at file offset 0x000106f0 with length 0x0000002c: + Owner Data size Description + readelf: Warning: note with invalid namesz and/or descsz found at offset 0x0 + readelf: Warning: type: 0x1275, namesize: 0x00000008, descsize: 0x0000002c, alignment: 4 + + This is because the descsz of the CHRP note is set to + sizeof (struct grub_ieee1275_note) + which is the size of the entire note, including name and elf header. The + desczs should contain only the contents, not the name and header sizes. + + Set the descsz instead to 'sizeof (struct grub_ieee1275_note_desc)' + + Resultant readelf output: + + Displaying notes found at file offset 0x00010710 with length 0x0000002c: + Owner Data size Description + PowerPC 0x00000018 Unknown note type: (0x00001275) + description data: ff ff ff ff 00 c0 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 40 00 + + So far as I can tell this issue has existed for as long as the note + generation code has existed, but I guess nothing really checks descsz. + + Reviewed-by: Daniel Kiper + +2020-03-31 Flavio Suligoi + + efi: Add missed space in GRUB_EFI_GLOBAL_VARIABLE_GUID + Reviewed-by: Daniel Kiper + +2020-03-31 Michael Chang + + zfs: Fix gcc10 error -Werror=zero-length-bounds + We bumped into the build error while testing gcc-10 pre-release. + + In file included from ../../include/grub/file.h:22, + from ../../grub-core/fs/zfs/zfs.c:34: + ../../grub-core/fs/zfs/zfs.c: In function 'zap_leaf_lookup': + ../../grub-core/fs/zfs/zfs.c:2263:44: error: array subscript '' is outside the bounds of an interior zero-length array 'grub_uint16_t[0]' {aka 'short unsigned int[0]'} [-Werror=zero-length-bounds] + 2263 | for (chunk = grub_zfs_to_cpu16 (l->l_hash[LEAF_HASH (blksft, h, l)], endian); + ../../include/grub/types.h:241:48: note: in definition of macro 'grub_le_to_cpu16' + 241 | # define grub_le_to_cpu16(x) ((grub_uint16_t) (x)) + | ^ + ../../grub-core/fs/zfs/zfs.c:2263:16: note: in expansion of macro 'grub_zfs_to_cpu16' + 2263 | for (chunk = grub_zfs_to_cpu16 (l->l_hash[LEAF_HASH (blksft, h, l)], endian); + | ^~~~~~~~~~~~~~~~~ + In file included from ../../grub-core/fs/zfs/zfs.c:48: + ../../include/grub/zfs/zap_leaf.h:72:16: note: while referencing 'l_hash' + 72 | grub_uint16_t l_hash[0]; + | ^~~~~~ + + Here I'd like to quote from the gcc document [1] which seems best to + explain what is going on here. + + "Although the size of a zero-length array is zero, an array member of + this kind may increase the size of the enclosing type as a result of + tail padding. The offset of a zero-length array member from the + beginning of the enclosing structure is the same as the offset of an + array with one or more elements of the same type. The alignment of a + zero-length array is the same as the alignment of its elements. + + Declaring zero-length arrays in other contexts, including as interior + members of structure objects or as non-member objects, is discouraged. + Accessing elements of zero-length arrays declared in such contexts is + undefined and may be diagnosed." + + The l_hash[0] is apparnetly an interior member to the enclosed structure + while l_entries[0] is the trailing member. And the offending code tries + to access members in l_hash[0] array that triggers the diagnose. + + Given that the l_entries[0] is used to get proper alignment to access + leaf chunks, we can accomplish the same thing through the ALIGN_UP macro + thus eliminating l_entries[0] from the structure. In this way we can + pacify the warning as l_hash[0] now becomes the last member to the + enclosed structure. + + [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html + + Reviewed-by: Daniel Kiper + +2020-03-31 Michael Chang + + mdraid1x_linux: Fix gcc10 error -Werror=array-bounds + We bumped into the build error while testing gcc-10 pre-release. + + ../../grub-core/disk/mdraid1x_linux.c: In function 'grub_mdraid_detect': + ../../grub-core/disk/mdraid1x_linux.c:181:15: error: array subscript is outside array bounds of 'grub_uint16_t[0]' {aka 'short unsigned int[0]'} [-Werror=array-bounds] + 181 | (char *) &sb.dev_roles[grub_le_to_cpu32 (sb.dev_number)] + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ../../grub-core/disk/mdraid1x_linux.c:98:17: note: while referencing 'dev_roles' + 98 | grub_uint16_t dev_roles[0]; /* Role in array, or 0xffff for a spare, or 0xfffe for faulty. */ + | ^~~~~~~~~ + ../../grub-core/disk/mdraid1x_linux.c:127:33: note: defined here 'sb' + 127 | struct grub_raid_super_1x sb; + | ^~ + cc1: all warnings being treated as errors + + Apparently gcc issues the warning when trying to access sb.dev_roles + array's member, since it is a zero length array as the last element of + struct grub_raid_super_1x that is allocated sparsely without extra + chunks for the trailing bits, so the warning looks legitimate in this + regard. + + As the whole thing here is doing offset computation, it is undue to use + syntax that would imply array member access then take address from it + later. Instead we could accomplish the same thing through basic array + pointer arithmetic to pacify the warning. + + Reviewed-by: Daniel Kiper + +2020-03-31 Simon Hardy + + build: Fix GRUB i386-pc build with Ubuntu gcc + With recent versions of gcc on Ubuntu a very large lzma_decompress.img file is + output. (e.g. 134479600 bytes instead of 2864.) This causes grub-mkimage to + fail with: "error: Decompressor is too big." + + This seems to be caused by a section .note.gnu.property that is placed at an + offset such that objcopy needs to pad the img file with zeros. + + This issue is present on: + Ubuntu 19.10 with gcc (Ubuntu 8.3.0-26ubuntu1~19.10) 8.3.0 + Ubuntu 19.10 with gcc (Ubuntu 9.2.1-9ubuntu2) 9.2.1 20191008 + + This issue is not present on: + Ubuntu 19.10 with gcc (Ubuntu 7.5.0-3ubuntu1~19.10) 7.5.0 + RHEL 8.0 with gcc 8.3.1 20190507 (Red Hat 8.3.1-4) + + The issue can be fixed by removing the section using objcopy as shown in + this patch. + + Reviewed-by: Daniel Kiper + +2020-03-31 Tianjia Zhang + + efi/tpm: Fix memory leak in grub_tpm1/2_log_event() + The memory requested for the event is not released here, + causing memory leaks. This patch fixes this problem. + + Reviewed-by: Javier Martinez Canillas + Reviewed-by: Daniel Kiper + +2020-03-31 Michael Chang + + docs: Document notes on LVM cache booting + Add notes on LVM cache booting to the GRUB manual to help user understanding + the outstanding issue and status. + + Reviewed-by: Daniel Kiper + +2020-03-31 Michael Chang + + lvm: Add LVM cache logical volume handling + The LVM cache logical volume is the logical volume consisting of the original + and the cache pool logical volume. The original is usually on a larger and + slower storage device while the cache pool is on a smaller and faster one. The + performance of the original volume can be improved by storing the frequently + used data on the cache pool to utilize the greater performance of faster + device. + + The default cache mode "writethrough" ensures that any data written will be + stored both in the cache and on the origin LV, therefore grub can be straight + to read the original lv as no data loss is guarenteed. + + The second cache mode is "writeback", which delays writing from the cache pool + back to the origin LV to have increased performance. The drawback is potential + data loss if losing the associated cache device. + + During the boot time grub reads the LVM offline i.e. LVM volumes are not + activated and mounted, hence it should be fine to read directly from original + lv since all cached data should have been flushed back in the process of taking + it offline. + + It is also not much helpful to the situation by adding fsync calls to the + install code. The fsync did not force to write back dirty cache to the original + device and rather it would update associated cache metadata to complete the + write transaction with the cache device. IOW the writes to cached blocks still + go only to the cache device. + + To write back dirty cache, as LVM cache did not support dirty cache flush per + block range, there'no way to do it for file. On the other hand the "cleaner" + policy is implemented and can be used to write back "all" dirty blocks in a + cache, which effectively drain all dirty cache gradually to attain and last in + the "clean" state, which can be useful for shrinking or decommissioning a + cache. The result and effect is not what we are looking for here. + + In conclusion, as it seems no way to enforce file writes to the original + device, grub may suffer from power failure as it cannot assemble the cache + device and read the dirty data from it. However since the case is only + applicable to writeback mode which is sensitive to data lost in nature, I'd + still like to propose my (relatively simple) patch and treat reading dirty + cache as improvement. + + Reviewed-by: Daniel Kiper + +2020-03-10 Patrick Steinhardt + + gnulib: Fix build of base64 when compiling with memory debugging + When building GRUB with memory management debugging enabled, then the + build fails because of `grub_debug_malloc()` and `grub_debug_free()` + being undefined in the luks2 module. The cause is that we patch + "base64.h" to unconditionaly include "config-util.h", which shouldn't be + included for modules at all. As a result, `MM_DEBUG` is defined when + building the module, causing it to use the debug memory allocation + functions. As these are not built into modules, we end up with a linker + error. + + Fix the issue by removing the include altogether. The + sole reason it was included was for the `_GL_ATTRIBUTE_CONST` macro, + which we can simply define as empty in case it's not set. + + Reviewed-by: Daniel Kiper + +2020-03-10 Patrick Steinhardt + + build: Fix option to explicitly disable memory debugging + The memory management system supports a debug mode that can be enabled + at build time by passing "--enable-mm-debug" to the configure script. + Passing the option will cause us define MM_DEBUG as expected, but in + fact the reverse option "--disable-mm-debug" will do the exact same + thing and also set up the define. This currently causes the build of + "lib/gnulib/base64.c" to fail as it tries to use `grub_debug_malloc()` + and `grub_debug_free()` even though both symbols aren't defined. + + Seemingly, `AC_ARG_ENABLE()` will always execute the third argument if + either the positive or negative option was passed. Let's thus fix the + issue by moving the call to`AC_DEFINE()` into an explicit `if test + $xenable_mm_debug` block, similar to how other defines work. + + Reviewed-by: Daniel Kiper + Reviewed-by: Paul Menzel + +2020-03-10 David Michael + + fat: Support file modification times + This allows comparing file ages on EFI system partitions. + + Reviewed-by: Daniel Kiper + +2020-03-10 David Michael + + exfat: Save the matching directory entry struct when searching + This provides the node's attributes outside the iterator function + so the file modification time can be accessed and reported. + + Reviewed-by: Daniel Kiper + +2020-03-10 Mike Gilbert + + datetime: Enable the datetime module for the emu platform + Fixes a build failure: + + grub-core/commands/date.c:49: undefined reference to `grub_get_weekday_name' + grub-core/commands/ls.c:155: undefined reference to `grub_unixtime2datetime' + + Bug: https://bugs.gentoo.org/711512 + + Reviewed-by: Javier Martinez Canillas + Tested-by: Javier Martinez Canillas + Reviewed-by: Daniel Kiper + +2020-03-10 John Paul Adrian Glaubitz + + build: Add soft-float handling for SuperH (sh4) + While GRUB has no platform support for SuperH (sh4) yet, this change + adds the target-specific handling of soft-floats such that the GRUB + utilities can be built on this target. + + Reviewed-by: Daniel Kiper + +2020-03-10 Peter Jones + + efi: Fix the type of grub_efi_status_t + Currently, in some builds with some checkers, we see: + + 1. grub-core/disk/efi/efidisk.c:601: error[shiftTooManyBitsSigned]: Shifting signed 64-bit value by 63 bits is undefined behaviour + + This is because grub_efi_status_t is defined as grub_efi_intn_t, which is + signed, and shifting into the sign bit is not defined behavior. UEFI fixed + this in the spec in 2.3: + + 2.3 | Change the defined type of EFI_STATUS from INTN to UINTN | May 7, 2009 + + And the current EDK2 code has: + MdePkg/Include/Base.h-// + MdePkg/Include/Base.h-// Status codes common to all execution phases + MdePkg/Include/Base.h-// + MdePkg/Include/Base.h:typedef UINTN RETURN_STATUS; + MdePkg/Include/Base.h- + MdePkg/Include/Base.h-/** + MdePkg/Include/Base.h- Produces a RETURN_STATUS code with the highest bit set. + MdePkg/Include/Base.h- + MdePkg/Include/Base.h- @param StatusCode The status code value to convert into a warning code. + MdePkg/Include/Base.h- StatusCode must be in the range 0x00000000..0x7FFFFFFF. + MdePkg/Include/Base.h- + MdePkg/Include/Base.h- @return The value specified by StatusCode with the highest bit set. + MdePkg/Include/Base.h- + MdePkg/Include/Base.h-**/ + MdePkg/Include/Base.h-#define ENCODE_ERROR(StatusCode) ((RETURN_STATUS)(MAX_BIT | (StatusCode))) + MdePkg/Include/Base.h- + MdePkg/Include/Base.h-/** + MdePkg/Include/Base.h- Produces a RETURN_STATUS code with the highest bit clear. + MdePkg/Include/Base.h- + MdePkg/Include/Base.h- @param StatusCode The status code value to convert into a warning code. + MdePkg/Include/Base.h- StatusCode must be in the range 0x00000000..0x7FFFFFFF. + MdePkg/Include/Base.h- + MdePkg/Include/Base.h- @return The value specified by StatusCode with the highest bit clear. + MdePkg/Include/Base.h- + MdePkg/Include/Base.h-**/ + MdePkg/Include/Base.h-#define ENCODE_WARNING(StatusCode) ((RETURN_STATUS)(StatusCode)) + MdePkg/Include/Base.h- + MdePkg/Include/Base.h-/** + MdePkg/Include/Base.h- Returns TRUE if a specified RETURN_STATUS code is an error code. + MdePkg/Include/Base.h- + MdePkg/Include/Base.h- This function returns TRUE if StatusCode has the high bit set. Otherwise, FALSE is returned. + MdePkg/Include/Base.h- + MdePkg/Include/Base.h- @param StatusCode The status code value to evaluate. + MdePkg/Include/Base.h- + MdePkg/Include/Base.h- @retval TRUE The high bit of StatusCode is set. + MdePkg/Include/Base.h- @retval FALSE The high bit of StatusCode is clear. + MdePkg/Include/Base.h- + MdePkg/Include/Base.h-**/ + MdePkg/Include/Base.h-#define RETURN_ERROR(StatusCode) (((INTN)(RETURN_STATUS)(StatusCode)) < 0) + ... + Uefi/UefiBaseType.h:typedef RETURN_STATUS EFI_STATUS; + + This patch makes grub's implementation match the Edk2 declaration with regards + to the signedness of the type. + + Reviewed-by: Daniel Kiper + +2020-03-10 Peter Jones + + efi/gop: Add debug output on GOP probing + Add debug information to EFI GOP video driver probing function. + + Reviewed-by: Daniel Kiper + +2020-03-10 Peter Jones + + efi/uga: Use video instead of fb as debug condition + All other video drivers use "video" as the debug condition instead of "fb" + so change this in the efi/uga driver to make it consistent with the others. + + Reviewed-by: Daniel Kiper + +2020-03-10 Peter Jones + + efi: Print error messages to grub_efi_allocate_pages_real() + No messages were printed in this function, add some to ease debugging. + + Also, the function returns a void * pointer so return NULL instead of + 0 to make the code more readable. + + Reviewed-by: Daniel Kiper + +2020-03-10 Andrei Borzenkov + + efi/uga: Use 64 bit for fb_base + We get 64 bit from PCI BAR but then truncate by assigning to 32 bit. + Make sure to check that pointer does not overflow on 32 bit platform. + + Closes: 50931 + + Reviewed-by: Daniel Kiper + +2020-03-10 Alexander Graf + + efi/gop: Add support for BLT_ONLY adapters + EFI GOP has support for multiple different bitness types of frame buffers + and for a special "BLT only" type which is always defined to be RGBx. + + Because grub2 doesn't ever directly access the frame buffer but instead + only renders graphics via the BLT interface anyway, we can easily support + these adapters. + + The reason this has come up now is the emerging support for virtio-gpu + in OVMF. That adapter does not have the notion of a memory mapped frame + buffer and thus is BLT only. + + Reviewed-by: Daniel Kiper + +2020-03-10 Peter Jones + + normal/completion: Fix possible NULL pointer dereference + Coverity Scan reports that the grub_strrchr() function can return NULL if + the character is not found. Check if that's the case for dirfile pointer. + + Reviewed-by: Daniel Kiper + +2020-03-10 Peter Jones + + kern: Add grub_debug_enabled() + Add a grub_debug_enabled() helper function instead of open coding it. + + Reviewed-by: Daniel Kiper + +2020-03-10 Peter Jones + + Makefile: Make libgrub.pp depend on config-util.h + If you build with "make -j48" a lot, sometimes you see: + + gcc -E -DHAVE_CONFIG_H -I. -I.. -Wall -W -DGRUB_UTIL=1 -D_FILE_OFFSET_BITS=64 -I./include -DGRUB_FILE=\"grub_script.tab.h\" -I. -I.. -I. -I.. -I../include -I./include -I../grub-core/lib/libgcrypt-grub/src/ -I../grub-core/lib/minilzo -I../grub-core/lib/xzembed -DMINILZO_HAVE_CONFIG_H -Wall -W -DGRUB_UTIL=1 -D_FILE_OFFSET_BITS=64 -I./include -DGRUB_FILE=\"grub_script.tab.h\" -I. -I.. -I. -I.. -I../include -I./include -I../grub-core/lib/libgcrypt-grub/src/ -I./grub-core/gnulib -I../grub-core/gnulib -I/builddir/build/BUILD/grub-2.02/grub-aarch64-efi-2.02 -D_FILE_OFFSET_BITS=64 \ + -D'GRUB_MOD_INIT(x)=@MARKER@x@' grub_script.tab.h grub_script.yy.h ../grub-core/commands/blocklist.c ../grub-core/commands/macbless.c ../grub-core/commands/xnu_uuid.c ../grub-core/commands/testload.c ../grub-core/commands/ls.c ../grub-core/disk/dmraid_nvidia.c ../grub-core/disk/loopback.c ../grub-core/disk/lvm.c ../grub-core/disk/mdraid_linux.c ../grub-core/disk/mdraid_linux_be.c ../grub-core/disk/mdraid1x_linux.c ../grub-core/disk/raid5_recover.c ../grub-core/disk/raid6_recover.c ../grub-core/font/font.c ../grub-core/gfxmenu/font.c ../grub-core/normal/charset.c ../grub-core/video/fb/fbblit.c ../grub-core/video/fb/fbutil.c ../grub-core/video/fb/fbfill.c ../grub-core/video/fb/video_fb.c ../grub-core/video/video.c ../grub-core/video/capture.c ../grub-core/video/colors.c ../grub-core/unidata.c ../grub-core/io/bufio.c ../grub-core/fs/affs.c ../grub-core/fs/afs.c ../grub-core/fs/bfs.c ../grub-core/fs/btrfs.c ../grub-core/fs/cbfs.c ../grub-core/fs/cpio.c ../grub-core/fs/cpio_be.c ../grub-core/fs/odc.c ../grub-core/fs/newc.c ../grub-core/fs/ext2.c ../grub-core/fs/fat.c ../grub-core/fs/exfat.c ../grub-core/fs/fshelp.c ../grub-core/fs/hfs.c ../grub-core/fs/hfsplus.c ../grub-core/fs/hfspluscomp.c ../grub-core/fs/iso9660.c ../grub-core/fs/jfs.c ../grub-core/fs/minix.c ../grub-core/fs/minix2.c ../grub-core/fs/minix3.c ../grub-core/fs/minix_be.c ../grub-core/fs/minix2_be.c ../grub-core/fs/minix3_be.c ../grub-core/fs/nilfs2.c ../grub-core/fs/ntfs.c ../grub-core/fs/ntfscomp.c ../grub-core/fs/reiserfs.c ../grub-core/fs/romfs.c ../grub-core/fs/sfs.c ../grub-core/fs/squash4.c ../grub-core/fs/tar.c ../grub-core/fs/udf.c ../grub-core/fs/ufs2.c ../grub-core/fs/ufs.c ../grub-core/fs/ufs_be.c ../grub-core/fs/xfs.c ../grub-core/fs/zfs/zfscrypt.c ../grub-core/fs/zfs/zfs.c ../grub-core/fs/zfs/zfsinfo.c ../grub-core/fs/zfs/zfs_lzjb.c ../grub-core/fs/zfs/zfs_lz4.c ../grub-core/fs/zfs/zfs_sha256.c ../grub-core/fs/zfs/zfs_fletcher.c ../grub-core/lib/envblk.c ../grub-core/lib/hexdump.c ../grub-core/lib/LzFind.c ../grub-core/lib/LzmaEnc.c ../grub-core/lib/crc.c ../grub-core/lib/adler32.c ../grub-core/lib/crc64.c ../grub-core/normal/datetime.c ../grub-core/normal/misc.c ../grub-core/partmap/acorn.c ../grub-core/partmap/amiga.c ../grub-core/partmap/apple.c ../grub-core/partmap/sun.c ../grub-core/partmap/plan.c ../grub-core/partmap/dvh.c ../grub-core/partmap/sunpc.c ../grub-core/partmap/bsdlabel.c ../grub-core/partmap/dfly.c ../grub-core/script/function.c ../grub-core/script/lexer.c ../grub-core/script/main.c ../grub-core/script/script.c ../grub-core/script/argv.c ../grub-core/io/gzio.c ../grub-core/io/xzio.c ../grub-core/io/lzopio.c ../grub-core/kern/ia64/dl_helper.c ../grub-core/kern/arm/dl_helper.c ../grub-core/kern/arm64/dl_helper.c ../grub-core/lib/minilzo/minilzo.c ../grub-core/lib/xzembed/xz_dec_bcj.c ../grub-core/lib/xzembed/xz_dec_lzma2.c ../grub-core/lib/xzembed/xz_dec_stream.c ../util/misc.c ../grub-core/kern/command.c ../grub-core/kern/device.c ../grub-core/kern/disk.c ../grub-core/lib/disk.c ../util/getroot.c ../grub-core/osdep/unix/getroot.c ../grub-core/osdep/getroot.c ../grub-core/osdep/devmapper/getroot.c ../grub-core/osdep/relpath.c ../grub-core/kern/emu/hostdisk.c ../grub-core/osdep/devmapper/hostdisk.c ../grub-core/osdep/hostdisk.c ../grub-core/osdep/unix/hostdisk.c ../grub-core/osdep/exec.c ../grub-core/osdep/sleep.c ../grub-core/osdep/password.c ../grub-core/kern/emu/misc.c ../grub-core/kern/emu/mm.c ../grub-core/kern/env.c ../grub-core/kern/err.c ../grub-core/kern/file.c ../grub-core/kern/fs.c ../grub-core/kern/list.c ../grub-core/kern/misc.c ../grub-core/kern/partition.c ../grub-core/lib/crypto.c ../grub-core/disk/luks.c ../grub-core/disk/geli.c ../grub-core/disk/cryptodisk.c ../grub-core/disk/AFSplitter.c ../grub-core/lib/pbkdf2.c ../grub-core/commands/extcmd.c ../grub-core/lib/arg.c ../grub-core/disk/ldm.c ../grub-core/disk/diskfilter.c ../grub-core/partmap/gpt.c ../grub-core/partmap/msdos.c ../grub-core/fs/proc.c ../grub-core/fs/archelp.c > libgrub.pp || (rm -f libgrub.pp; exit 1) + rm -f stamp-h1 + touch ../config-util.h.in + cd . && /bin/sh ./config.status config-util.h + config.status: creating config-util.h + In file included from ../include/grub/mm.h:25:0, + from ../include/grub/disk.h:29, + from ../include/grub/file.h:26, + from ../grub-core/fs/btrfs.c:21: + ./config.h:38:10: fatal error: ./config-util.h: No such file or directory + #include + ^~~~~~~~~~~~~~~ + compilation terminated. + make: *** [Makefile:13098: libgrub.pp] Error 1 + + This is because libgrub.pp is built with -DGRUB_UTIL=1, which means + it'll try to include config-util.h, but a parallel make is actually + building that file. I think. + + Reviewed-by: Daniel Kiper + +2020-03-10 Peter Jones + + efi: Print more debug info in our module loader + The function that searches the mods section base address does not have + any debug information. Add some debugging outputs that could be useful. + + Reviewed-by: Daniel Kiper + +2020-03-10 Peter Jones + + linux/getroot: Handle rssd storage device names + The Micron PCIe SSDs Linux driver (mtip32xx) exposes block devices + as /dev/rssd[a-z]+[0-9]*. Add support for these rssd device names. + + Reviewed-by: Daniel Kiper + +2020-03-10 Julian Andres Klode + + smbios: Add a --linux argument to apply linux modalias-like filtering + Linux creates modalias strings by filtering out non-ASCII, space, + and colon characters. Provide an option that does the same filtering + so people can create a modalias string in GRUB, and then match their + modalias patterns against it. + + Reviewed-by: Daniel Kiper + +2020-03-10 Mike Gilbert + + po: Fix replacement of %m in sed programs + When running make dist, I hit this error: + + rm -f en@arabic.gmo && /usr/bin/gmsgfmt -c --statistics --verbose -o en@arabic.gmo en@arabic.po + en@arabic.po:5312: 'msgstr' is not a valid C format string, unlike 'msgid'. + Reason: The character that terminates the directive number 3 is not a valid conversion specifier. + /usr/bin/gmsgfmt: found 1 fatal error + + This was caused by "%m" being replaced with foreign Unicode characters. + For example: + + msgid "cannot rename the file %s to %s: %m" + msgstr "ﺹﺎﻨﻧﻮﺗ ﺮﻌﻧﺎﻤﻋ ﺖﻬﻋ ﻒִﻴﻠﻋ %s ﺕﻭ %s: %ﻡ" + + Mimic the workaround used for "%s" by reversing the replacement of "%m" at + the end of the sed programs. + + Reviewed-by: Daniel Kiper + +2020-03-10 Colin Watson + + gettext: Restore patches to po/Makefile.in.in + These were inadvertently lost during the conversion to Gnulib (gnulib: + Upgrade Gnulib and switch to bootstrap tool; commit 35b909062). The + files in po/gettext-patches/ can be imported using "git am" on top of + the gettext tag corresponding to AM_GNU_GETTEXT_VERSION in configure.ac + (currently 0.18.3). They handle translation of messages in shell files, + make msgfmt output in little-endian format, and arrange to use @SHELL@ + rather than /bin/sh. + + There were some changes solely for the purpose of distributing extra + files; for ease of maintenance, I've added these to + conf/Makefile.extra-dist instead. + + Fixes: https://savannah.gnu.org/bugs/?57298 + + Reviewed-by: Daniel Kiper + +2020-02-28 Peter Jones + + misc: Make grub_strtol() "end" pointers have safer const qualifiers + Currently the string functions grub_strtol(), grub_strtoul(), and + grub_strtoull() don't declare the "end" pointer in such a way as to + require the pointer itself or the character array to be immutable to the + implementation, nor does the C standard do so in its similar functions, + though it does require us not to change any of it. + + The typical declarations of these functions follow this pattern: + + long + strtol(const char * restrict nptr, char ** restrict endptr, int base); + + Much of the reason for this is historic, and a discussion of that + follows below, after the explanation of this change. (GRUB currently + does not include the "restrict" qualifiers, and we name the arguments a + bit differently.) + + The implementation is semantically required to treat the character array + as immutable, but such accidental modifications aren't stopped by the + compiler, and the semantics for both the callers and the implementation + of these functions are sometimes also helped by adding that requirement. + + This patch changes these declarations to follow this pattern instead: + + long + strtol(const char * restrict nptr, + const char ** const restrict endptr, + int base); + + This means that if any modification to these functions accidentally + introduces either an errant modification to the underlying character + array, or an accidental assignment to endptr rather than *endptr, the + compiler should generate an error. (The two uses of "restrict" in this + case basically mean strtol() isn't allowed to modify the character array + by going through *endptr, and endptr isn't allowed to point inside the + array.) + + It also means the typical use case changes to: + + char *s = ...; + const char *end; + long l; + + l = strtol(s, &end, 10); + + Or even: + + const char *p = str; + while (p && *p) { + long l = strtol(p, &p, 10); + ... + } + + This fixes 26 places where we discard our attempts at treating the data + safely by doing: + + const char *p = str; + long l; + + l = strtol(p, (char **)&ptr, 10); + + It also adds 5 places where we do: + + char *p = str; + while (p && *p) { + long l = strtol(p, (const char ** const)&p, 10); + ... + /* more calls that need p not to be pointer-to-const */ + } + + While moderately distasteful, this is a better problem to have. + + With one minor exception, I have tested that all of this compiles + without relevant warnings or errors, and that /much/ of it behaves + correctly, with gcc 9 using 'gcc -W -Wall -Wextra'. The one exception + is the changes in grub-core/osdep/aros/hostdisk.c , which I have no idea + how to build. + + Because the C standard defined type-qualifiers in a way that can be + confusing, in the past there's been a slow but fairly regular stream of + churn within our patches, which add and remove the const qualifier in many + of the users of these functions. This change should help avoid that in + the future, and in order to help ensure this, I've added an explanation + in misc.h so that when someone does get a compiler warning about a type + error, they have the fix at hand. + + The reason we don't have "const" in these calls in the standard is + purely anachronistic: C78 (de facto) did not have type qualifiers in the + syntax, and the "const" type qualifier was added for C89 (I think; it + may have been later). strtol() appears to date from 4.3BSD in 1986, + which means it could not be added to those functions in the standard + without breaking compatibility, which is usually avoided. + + The syntax chosen for type qualifiers is what has led to the churn + regarding usage of const, and is especially confusing on string + functions due to the lack of a string type. Quoting from C99, the + syntax is: + + declarator: + pointer[opt] direct-declarator + direct-declarator: + identifier + ( declarator ) + direct-declarator [ type-qualifier-list[opt] assignment-expression[opt] ] + ... + direct-declarator [ type-qualifier-list[opt] * ] + ... + pointer: + * type-qualifier-list[opt] + * type-qualifier-list[opt] pointer + type-qualifier-list: + type-qualifier + type-qualifier-list type-qualifier + ... + type-qualifier: + const + restrict + volatile + + So the examples go like: + + const char foo; // immutable object + const char *foo; // mutable pointer to object + char * const foo; // immutable pointer to mutable object + const char * const foo; // immutable pointer to immutable object + const char const * const foo; // XXX extra const keyword in the middle + const char * const * const foo; // immutable pointer to immutable + // pointer to immutable object + const char ** const foo; // immutable pointer to mutable pointer + // to immutable object + + Making const left-associative for * and right-associative for everything + else may not have been the best choice ever, but here we are, and the + inevitable result is people using trying to use const (as they should!), + putting it at the wrong place, fighting with the compiler for a bit, and + then either removing it or typecasting something in a bad way. I won't + go into describing restrict, but its syntax has exactly the same issue + as with const. + + Anyway, the last example above actually represents the *behavior* that's + required of strtol()-like functions, so that's our choice for the "end" + pointer. + + Reviewed-by: Daniel Kiper + +2020-02-28 Mike Gilbert + + build: Disable PIE in TARGET_CCASFLAGS if needed + PIE should be disabled in assembly sources as well, or else GRUB will + fail to boot. + + Bug: https://bugs.gentoo.org/667852 + + Reviewed-by: Daniel Kiper + Tested-by: John Paul Adrian Glaubitz + +2020-02-28 Mike Gilbert + + build: Move TARGET_* assignments earlier + On a 32-bit SPARC userland, configure fails to compile assembly and the + build fails: + + checking for options to compile assembly... configure: error: could not compile assembly + + config.log shows: + + asm-tests/sparc64.S: Assembler messages: + asm-tests/sparc64.S:5: Error: Architecture mismatch on "lduw [%o4+4],%o4". + asm-tests/sparc64.S:5: (Requires v9|v9a|v9b|v9c|v9d|v9e|v9v|v9m|m8; requested architecture is sparclite.) + asm-tests/sparc64.S:7: Error: Architecture mismatch on "stw %o5,[%o3]". + asm-tests/sparc64.S:7: (Requires v9|v9a|v9b|v9c|v9d|v9e|v9v|v9m|m8; requested architecture is sparclite.) + asm-tests/sparc64.S:8: Error: Architecture mismatch on "bne,pt %icc,1b ,pt %icc,1b". + asm-tests/sparc64.S:8: (Requires v9|v9a|v9b|v9c|v9d|v9e|v9v|v9m|m8; requested architecture is sparclite.) + + Simply moving these blocks earlier in configure.ac is sufficient to + ensure that the tests are executed with the appropriate flags + (specifically -m64 in this case). + + Bug: https://bugs.gentoo.org/667850 + + Reviewed-by: Daniel Kiper + Tested-by: John Paul Adrian Glaubitz + +2020-02-28 Patrick Steinhardt + + luks2: Add missing newline to debug message + The debug message printed when decryption with a keyslot fails is + missing its trailing newline. Add it to avoid mangling it with + subsequent output. + + Reviewed-by: Daniel Kiper + +2020-02-18 Michael Chang + + verifiers: Fix calling uninitialized function pointer + The necessary check for NULL before use of function ver->close is not + taking place in the failure path. This patch simply adds the missing + check and fixes the problem that GRUB hangs indefinitely after booting + rogue image without valid signature if secure boot is turned on. + + Now it displays like this for booting rogue UEFI image: + + error: bad shim signature + error: you need to load the kernel first + + Press any key to continue... + + and then you can go back to boot menu by pressing any key or after a few + seconds expired. + + Reviewed-by: Javier Martinez Canillas + Reviewed-by: Daniel Kiper + +2020-02-18 Peter Jones + + grub-editenv: Make grub-editenv chase symlinks including those across devices + The grub-editenv create command will wrongly overwrite /boot/grub2/grubenv + with a regular file if grubenv is a symbolic link. But instead, it should + create a new file in the path the symlink points to. + + This lets /boot/grub2/grubenv be a symlink to /boot/efi/EFI/fedora/grubenv + even when they're different mount points, which allows grub2-editenv to be + the same across platforms (i.e. UEFI vs BIOS). + + For example, in Fedora the GRUB EFI builds have prefix set to /EFI/fedora + (on the EFI System Partition), but for BIOS machine it'll be /boot/grub2 + (which may or may not be its own mountpoint). + + With this patch, on EFI machines we can make /boot/grub2/grubenv a symlink + to /boot/efi/EFI/fedora/grubenv, and the same copy of grub-set-default will + work on both kinds of systems. + + Windows doesn't implement a readlink primitive, so the current behaviour is + maintained for this operating system. + + Reviewed-by: Adam Jackson + Reviewed-by: Daniel Kiper + +2020-02-18 Peter Jones + + grub-editenv: Add grub_util_readlink() + Currently grub-editenv and related tools are not able to follow symbolic + links when finding their config file. For example the grub-editenv create + command will wrongly overwrite a symlink in /boot/grub2/grubenv with a new + regular file, instead of creating a file in the path the symlink points to. + + A following patch will change that and add support in grub-editenv to + follow symbolic links when finding the grub environment variables file. + + Add a grub_util_readlink() helper function that is just a wrapper around + the platform specific function to read the value of a symbolic link. This + helper function will be used by the following patch for grub-editenv. + + The helper function is not added for Windows, since this operating system + doesn't have a primitive to read the contents of a symbolic link. + + Reviewed-by: Adam Jackson + Reviewed-by: Daniel Kiper + +2020-02-18 Robert Marshall + + docs: Update info with grub.cfg netboot selection order + Add documentation to the GRUB manual that specifies the order netboot + clients use to select a GRUB configuration file. + + Also explain that the feature is enabled by default but can be disabled + by setting the "feature_net_search_cfg" environment variable to "n" in + an embedded configuration file. + + Reviewed-by: Daniel Kiper + +2020-02-18 Paulo Flabiano Smorigo + + normal/main: Search for specific config files for netboot + This patch implements a search for a specific configuration when the config + file is on a remoteserver. It uses the following order: + 1) DHCP client UUID option. + 2) MAC address (in lower case hexadecimal with dash separators); + 3) IP (in upper case hexadecimal) or IPv6; + 4) The original grub.cfg file. + + This procedure is similar to what is used by pxelinux and yaboot: + http://www.syslinux.org/wiki/index.php/PXELINUX#config + + It is enabled by default but can be disabled by setting the environment + variable "feature_net_search_cfg" to "n" in an embedded configuration. + + Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=873406 + + Reviewed-by: Daniel Kiper + +2020-02-18 Paulo Flabiano Smorigo + + net/dhcp: Set net__client{id, uuid} variables from DHCP options + This patch sets a net__clientid and net__clientuuid + GRUB environment variables, using the DHCP client ID and UUID options if + these are found. + + In the same way than net__