| Age | Commit message (Collapse) | Author | 
|---|
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  |  | 
|  | See, coreboot bug report:
https://ticket.coreboot.org/issues/590
We hadn't noticed this for quite a while, since we always
just booted with iomem=relaxed when needing to run cbmem,
since in practise it was always combined with other tasks
that require access to lower memory.
GRUB currently matches coreboot's own mmap for cbmem, but
for example SeaBIOS marks cbmem as E820 reserved. Therefore,
this change replicates the SeaBIOS behaviour.
Without this patch, Linux needs to boot with iomem=relaxed
for cbmem access, for example when running ./cbmem -1
With this patch, cbmem is now accessible regardless. This
patch also prevents Linux from overwriting parts of CBMEM.
Thanks go to Paul Menzel, who wrote this GRUB patch.
Thanks also go to Nicholas Chin, who provided testing, all
the way from Coreboot 25.03 back to Coreboot 4.20. It seems
that this is just something the payloads have to handle.
This means that both SeaBIOS and GRUB no longer have this
bug, in Libreboot; now what remains is to replicate the
test with our U-Boot payload.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | A number of regressions were caused by the recent CVE fixes,
many of which have since been fixed upstream. This includes
several ext4 file system bugs, which caused some systems not
to boot properly, when dealing with very large initramfs files.
No additional patching has been made. This will be tested, and
then used to provide a revision update for Libreboot 20241206.
After this, there are several additional OOT patches that will
be merged, for the next *testing release* of Libreboot.
Update to this revision, for all GRUB trees:
a4da71dafeea519b034beb159dfe80c486c2107c
This brings in the following changes from upstream:
* a4da71daf util/grub-install: Include raid5rec module for RAID 4 as well
* 223fcf808 loader/ia64/efi/linux: Reset grub_errno on failure to allocate
* 6504a8d4b lib/datetime: Specify license in emu module
* 8fef533cf configure: Add -mno-relax on riscv*
* 1fe094855 docs: Document the long options of tpm2_key_protect_init
* 6252eb97c INSTALL: Document the packages needed for TPM2 key protector tests
* 9d4b382aa docs: Update NV index mode of TPM2 key protector
* 2043b6899 tests/tpm2_key_protector_test: Add more NV index mode tests
* 9f66a4719 tests/tpm2_key_protector_test: Reset "ret" on fail
* b7d89e667 tests/tpm2_key_protector_test: Simplify the NV index mode test
* 5934bf51c util/grub-protect: Support NV index mode
* cd9cb944d tpm2_key_protector: Support NV index handles
* fa69deac5 tpm2_key_protector: Unseal key from a buffer
* 75c480885 tss2: Add TPM 2.0 NV index commands
* 041164d00 tss2: Fix the missing authCommand
* 46c9f3a8d tpm2_key_protector: Add tpm2_dump_pcr command
* 617dab9e4 tpm2_key_protector: Dump PCRs on policy fail
* 204a6ddfb loader/i386/linux: Update linux_kernel_params to match upstream
* 6b64f297e loader/xnu: Fix memory leak
* f94d257e8 fs/btrfs: Fix memory leaks
* 81146fb62 loader/i386/linux: Fix resource leak
* 1d0059447 lib/reloacator: Fix memory leaks
* f3f1fcecd disk/ldm: Fix memory leaks
* aae2ea619 fs/ntfs: Fix NULL pointer dereference and possible infinite loop
* 3b25e494d net/drivers/ieee1275/ofnet: Add missing grub_malloc()
* fee6081ec kern/ieee1275/init: Increase MIN_RMA size for CAS negotiation on PowerPC machines
* b66c6f918 fs/zfs: Fix a number of memory leaks in ZFS code
* 1d59f39b5 tests/util/grub-shell: Remove the work directory on successful run and debug is not on
* e0116f3bd tests/grub_cmd_cryptomount: Remove temporary directories if successful and debug is not on
* e6e2b73db tests/grub_cmd_cryptomount: Default TMPDIR to /tmp
* 32b02bb92 tests/grub_cmd_cryptomount: Cleanup the cryptsetup script unless debug is enabled
* c188ca5d5 tests: Cleanup generated files on expected failure in grub_cmd_cryptomount
* 50320c093 tests/util/grub-shell-luks-tester: Add missing line to create RET variable in cleanup
* bb6d3199b tests/util/grub-shell-luks-tester: Find cryptodisk by UUID
* 3fd163e45 tests/util/grub-shell: Default qemuopts to envvar $GRUB_QEMU_OPTS
* ff7f55307 disk/lvm: Add informational messages in error cases of ignored features
* a16b4304a disk/lvm: Add support for cachevol LV
* 9a37d6114 disk/lvm: Add support for integrity LV
* 6c14b87d6 lvm: Match all LVM segments before validation
* d34b9120e disk/lvm: Remove unused cache_pool
* 90848a1f7 disk/lvm: Make cache_lv more generic as ignored_feature_lv
* 488ac8bda commands/ls: Add directory header for dir args
* 096bf59e4 commands/ls: Print full paths for file args
* 90288fc48 commands/ls: Output path for single file arguments given with path
* 6337d84af commands/ls: Show modification time for file paths
* cbfb031b1 commands/ls: Merge print_files_long() and print_files() into print_file()
* 112d2069c commands/ls: Return proper GRUB_ERR_* for functions returning type grub_err_t
* da9740cd5 commands/acpi: Use options enum to index command options
* 1acf11fe4 docs: Capture additional commands restricted by lockdown
* 6a168afd3 docs: Document restricted filesystems in lockdown
* be0ae9583 loader/i386/bsd: Fix type passed for the kernel
* ee27f07a6 kern/partition: Unbreak support for nested partitions
* cb639acea lib/tss2/tss2_structs.h: Fix clang build - remove duplicate typedef
* 696e35b7f include/grub/mm.h: Remove duplicate inclusion of grub/err.h
* 187338f1a script/execute: Don't let trailing blank lines determine the return code
* ff173a1c0 gitignore: Ignore generated files from libtasn
* fbcc38891 util/grub.d/30_os-prober.in: Conditionally show or hide chain and efi menu entries
* 56ccc5ed5 util/grub.d/30_os-prober.in: Fix GRUB_OS_PROBER_SKIP_LIST for non-EFI
* 01f064064 docs: Do not reference non-existent --dumb option
* 3f440b5a5 docs: Replace @lbracechar{} and @rbracechar{} with @{ and @}
* f20988738 fs/xfs: Fix grub_xfs_iterate_dir() return value in case of failure
* 1ed2628b5 fs/xfs: Add new superblock features added in Linux 6.12/6.13
* 348cd416a fs/ext2: Rework out-of-bounds read for inline and external extents
* c730eddd2 disk/ahci: Remove conditional operator for endtime
* f0a08324d term/ns8250-spcr: Return if redirection is disabled
* 7161e2437 commands/file: Fix NULL dereference in the knetbsd tests
* 11b9c2dd0 gdb_helper: Typo hueristic
* 224aefd05 kern/efi/mm: Reset grub_mm_add_region_fn after ExitBootServices() call
* 531750f7b i386/tsc: The GRUB menu gets stuck due to unserialized rdtsc
* f2a1f66e7 kern/i386/tsc_pmtimer: The GRUB menu gets stuck due to failed calibration
* 13f005ed8 loader/i386/linux: Fix cleanup if kernel doesn't support 64-bit addressing
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | I was importing a patch for the z790 boards, but
Libreboot doesn't support this board yet, and the
patch was a hack that may affect other boards.
When I do later merge that board, and I find that the
hack is needed, I'll simply make another grub tree
within lbmk.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | You can find information about these patches here:
https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
GRUB has been on a crusade as of late, to proactively audit
and fix many security vulnerabilities. This lbmk change brings
in a comprehensive series of patches that fix bugs ranging from
possible buffer overflows, use-after frees, null derefs and so on.
These changes are critical, so a revision release *will* be issued,
for the Libreboot 20241206 release series.
This change imports the following 73 patches which
are present on the upstream GRUB repository (commit IDs
matched to upstream):
* 4dc616657 loader/i386/bsd: Use safe math to avoid underflow
* 490a6ab71 loader/i386/linux: Cast left shift to grub_uint32_t
* a8d6b0633 kern/misc: Add sanity check after grub_strtoul() call
* 8e6e87e79 kern/partition: Add sanity check after grub_strtoul() call
* 5b36a5210 normal/menu: Use safe math to avoid an integer overflow
* 9907d9c27 bus/usb/ehci: Define GRUB_EHCI_TOGGLE as grub_uint32_t
* f8795cde2 misc: Ensure consistent overflow error messages
* 66733f7c7 osdep/unix/getroot: Fix potential underflow
* d13b6e8eb script/execute: Fix potential underflow and NULL dereference
* e3c578a56 fs/sfs: Check if allocated memory is NULL
* 1c06ec900 net: Check if returned pointer for allocated memory is NULL
* dee2c14fd net: Prevent overflows when allocating memory for arrays
* 4beeff8a3 net: Use safe math macros to prevent overflows
* dd6a4c8d1 fs/zfs: Add missing NULL check after grub_strdup() call
* 13065f69d fs/zfs: Check if returned pointer for allocated memory is NULL
* 7f38e32c7 fs/zfs: Prevent overflows when allocating memory for arrays
* 88e491a0f fs/zfs: Use safe math macros to prevent overflows
* cde9f7f33 fs: Prevent overflows when assigning returned values from read_number()
* 84bc0a9a6 fs: Prevent overflows when allocating memory for arrays
* 6608163b0 fs: Use safe math macros to prevent overflows
* fbaddcca5 disk/ieee1275/ofdisk: Call grub_ieee1275_close() when grub_malloc() fails
* 33bd6b5ac disk: Check if returned pointer for allocated memory is NULL
* d8151f983 disk: Prevent overflows when allocating memory for arrays
* c407724da disk: Use safe math macros to prevent overflows
* c4bc55da2 fs: Disable many filesystems under lockdown
* 26db66050 fs/bfs: Disable under lockdown
* 5f31164ae commands/hexdump: Disable memory reading in lockdown mode
* 340e4d058 commands/memrw: Disable memory reading in lockdown mode
* 34824806a commands/minicmd: Block the dump command in lockdown mode
* c68b7d236 commands/test: Stack overflow due to unlimited recursion depth
* dad8f5029 commands/read: Fix an integer overflow when supplying more than 2^31 characters
* b970a5ed9 gettext: Integer overflow leads to heap OOB write
* 09bd6eb58 gettext: Integer overflow leads to heap OOB write or read
* 7580addfc gettext: Remove variables hooks on module unload
* 9c1619773 normal: Remove variables hooks on module unload
* 2123c5bca commands/pgp: Unregister the "check_signatures" hooks on module unload
* 0bf56bce4 commands/ls: Fix NULL dereference
* 05be856a8 commands/extcmd: Missing check for failed allocation
* 98ad84328 kern/dl: Check for the SHF_INFO_LINK flag in grub_dl_relocate_symbols()
* d72208423 kern/dl: Use correct segment in grub_dl_set_mem_attrs()
* 500e5fdd8 kern/dl: Fix for an integer overflow in grub_dl_ref()
* 2c34af908 video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG
* 0707accab net/tftp: Fix stack buffer overflow in tftp_open()
* 5eef88152 net: Fix OOB write in grub_net_search_config_file()
* aa8b4d7fa net: Remove variables hooks when interface is unregisted
* a1dd8e59d net: Unregister net_default_ip and net_default_mac variables hooks on unload
* d8a937cca script/execute: Limit the recursion depth
* 8a7103fdd kern/partition: Limit recursion in part_iterate()
* 18212f064 kern/disk: Limit recursion depth
* 67f70f70a disk/loopback: Reference tracking for the loopback
* 13febd78d disk/cryptodisk: Require authentication after TPM unlock for CLI access
* 16f196874 kern/file: Implement filesystem reference counting
* a79106872 kern/file: Ensure file->data is set
* d1d6b7ea5 fs/xfs: Ensuring failing to mount sets a grub_errno
* 6ccc77b59 fs/xfs: Fix out-of-bounds read
* 067b6d225 fs/ntfs: Implement attribute verification
* 048777bc2 fs/ntfs: Use a helper function to access attributes
* 237a71184 fs/ntfs: Track the end of the MFT attribute buffer
* aff263187 fs/ntfs: Fix out-of-bounds read
* 7e2f750f0 fs/ext2: Fix out-of-bounds read for inline extents
* edd995a26 fs/jfs: Inconsistent signed/unsigned types usage in return values
* bd999310f fs/jfs: Use full 40 bits offset and address for a data extent
* ab09fd053 fs/jfs: Fix OOB read caused by invalid dir slot index
* 66175696f fs/jfs: Fix OOB read in jfs_getent()
* 1443833a9 fs/iso9660: Fix invalid free
* 965db5970 fs/iso9660: Set a grub_errno if mount fails
* f7c070a2e fs/hfsplus: Set a grub_errno if mount fails
* 563436258 fs/f2fs: Set a grub_errno if mount fails
* 0087bc690 fs/tar: Integer overflow leads to heap OOB write
* 2c8ac08c9 fs/tar: Initialize name in grub_cpio_find_file()
* 417547c10 fs/hfs: Fix stack OOB write with grub_strcpy()
* c1a291b01 fs/ufs: Fix a heap OOB write
* ea703528a misc: Implement grub_strlcpy()
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | See:
https://github.com/Nitrokey/nethsm-grub/commits/nethsm-z790?since=2025-01-13&until=2025-01-13
And more generally, see branch:
https://github.com/Nitrokey/nethsm-grub/commits/nethsm-z790
This brings in a few minor fixes, and also a not-so-minor fix:
Add TT (transaction translation) handling for non-SuperSpeed
devices in xhci.c
More generally, this patchset will improve non-root hub support
in the xHCI code. There is also a patch to work around a quirk
on the MSI Z790-P mainboard, which I'm planning to add to Libreboot
at a later date.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | the user might have boot their kernel inside luks
inside lvm for some dumb reason
it's theoretically possible that the user would be
so silly indeed
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | We were scanning a hardcoded set up LVM volumes, so in practise,
LVM boot didn't really work. We did this because scanning for
asterisk is slow on some machines. However, since LVM is the last
one, and since most users don't boot directly from LVM, it wasn't
that much of an issue in practise.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | i  forgot this when rebasing on the recent uprev
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Although this is for a stable release revision, namely
Libreboot 20241206 revision 8, I've carefully audited the
upstream changes and they all seem fine.
Several important bug fixes have been imported with this change.
Most interestly, GRUB has also added support for TPM2 Key
Protectors; we don't use this feature yet, and probably won't
for the time being, since TPM is largely security threatre for
our purposes anyway. There's no harm including all upstream
revisions, up to those ones, since those modules are not yet
added in lbmk.
Most notably, there are several file system fixes, and minor fixes
to the graphics terminal of GRUB. Minor fixes only, in terms of
what Libreboot actually uses at present.
The full list of imported changes are as follows, relative to the
previous GRUB revision, which was b53ec06a1 from 17 June 2024:
* 6811f6f09 tpm2_key_protector: Enable build for powerpc_ieee1275
* ff14b89bd ieee1275/tcg2: Add TCG2 driver for ieee1275 PowerPC firmware
* 72092a864 ieee1275/tcg2: Refactor grub_ieee1275_tpm_init()
* 8c0b5f200 ieee1275/ibmvpm: Move TPM initialization functions to own file
* 7344b3c7c ieee1275: Consolidate repeated definitions of IEEE1275_IHANDLE_INVALID
* 29d1bd2a9 term/ieee1275/serial: Cast 0 to proper type
* 99ee68a01 tss2: Adjust bit fields for big endian targets
* 3770a6905 docs: Document TPM2 key protector
* f898440cc tests: Add tpm2_key_protector_test
* 76a2bcb99 tpm2_key_protector: Add grub-emu support
* 135e0bc88 diskfilter: Look up cryptodisk devices first
* b35480b48 cryptodisk: Wipe out the cached keys from protectors
* 6abf8af3c cryptodisk: Fallback to passphrase
* fba3a474e tpm2_key_protector: Implement NV index
* 550ada7d6 tpm2_key_protector: Support authorized policy
* 5f6a2fd51 util/grub-protect: Add new tool
* ad0c52784 cryptodisk: Support key protectors
* 48e230c31 key_protector: Add TPM2 Key Protector
* 35c9904df tss2: Add TPM2 Software Stack (TSS2) support
* 63a78f4b4 tss2: Add TPM2 types and Marshal/Unmarshal functions
* 2ad159d9b tss2: Add TPM2 buffer handling functions
* 5d260302d key_protector: Add key protectors framework
* 3d60732f9 libtasn1: Add the documentation
* 99cda6788 asn1_test: Test module for libtasn1
* 504058e82 libtasn1: Compile into asn1 module
* 8a0fedef2 asn1_test: Enable the testcase only when GRUB_LONG_MAX is larger than GRUB_INT_MAX
* 66cf4cb14 asn1_test: Use the grub-specific functions and types
* 0d0913fc6 asn1_test: Print the error messages with grub_printf()
* 2e93a8e4b asn1_test: Remove "verbose" and the unnecessary printf()
* b7568e335 asn1_test: Return either 0 or 1 to reflect the results
* d60a04bae asn1_test: Rename the main functions to the test names
* 54e0e19a2 asn1_test: Include asn1_test.h only
* 0ad1d4ba8 libtasn1: Fix the potential buffer overrun
* 4160ca983 libtasn1: Use grub_divmod64() for division
* 8f56e5e5c libtasn1: Adjust the header paths in libtasn1.h
* d86df91cb libtasn1: Replace strcat() with _asn1_str_cat()
* 32fdfe600 libtasn1: Replace strcat() with strcpy() in _asn1_str_cat()
* fa498af7b libtasn1: Disable code not needed in GRUB
* 9a26abbc3 libtasn1: Import libtasn1-4.19.0
* c85c2b9f5 posix_wrap: Tweaks in preparation for libtasn1
* 4f6c46091 kern/fs: Honour file->read_hook() in grub_fs_blocklist_read()
* 792132c72 docs: Fix incorrect and potentially confusing language and minor formatting
* 1763d83f5 docs: Correct GRUB config file name for network boot
* 097fd9d9a docs: Correct chainloader UEFI secure boot info
* f48e6af11 docs: Correct PXE environment variables descriptions
* dd743ba42 loader/multiboot: Do not add modules before successful download
* 9a9082b50 grub-mkimage: Add SBAT metadata into ELF note for PowerPC targets
* f97d4618a grub-mkimage: Create new ELF note for SBAT
* f26b39860 commands/legacycfg: Avoid closing file twice
* 337cb2486 nx: Rename GRUB_DL_ALIGN to DL_ALIGN
* 31de991de kern/acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
* f5bb766e6 nx: Set the NX compatible flag for the GRUB EFI images
* 94649c026 nx: Set page permissions for loaded modules
* 09ca66673 nx: Add memory attribute get/set API
* 9fb80dd57 modules: Load module sections at page-aligned addresses
* 6e2fe134e modules: Don't allocate space for non-allocable sections
* 2b79d550f modules: Strip .llvm_addrsig sections and similar
* 246c82cda modules: Make .module_license read-only
* 616adeb80 i386/memory: Rename PAGE_SIZE to GRUB_PAGE_SIZE and make it global
* 95a7bfef5 i386/memory: Rename PAGE_SHIFT to GRUB_PAGE_SHIFT
* 1b1061409 i386/msr: Extract and improve MSR support detection code
* 929fafdf5 i386/msr: Rename grub_msr_read() and grub_msr_write()
* d96cfd7bf i386/msr: Merge rdmsr.h and wrmsr.h into msr.h
* 86ec48882 commands/tpm: Skip loopback image measurement
* 3808b1a9b net/drivers/efi/efinet: Skip virtual VLAN devices during card enumeration
* e5f047be0 efi/console: Properly clear leftover artifacts from the screen
* c5ae124e1 kern/riscv/efi/init: Use time register in grub_efi_get_time_ms()
* 9c34d56c2 loader/efi/linux: Reset freed pointer
* 92bed41bf loader/efi/linux: Reuse len variable
* 33cb8aecd lib/x86_64/relocator_asm: Use .quad instead of .long
* 77cd623de lib/x86_64/relocator_asm: Fix comment in code
* 95145eea5 loader/efi/linux: Update comment
* d333e8bb3 util/grub-mkimagexx: Explicitly move modules to __bss_start for MIPS targets
* 34b7f3721 include/grub/offsets.h: Set mod_align to 4 on MIPS
* ed0651673 gentpl: Put boot/mips/startup_raw.S into beginning of the image
* 648f2d16c configure: Add -mno-gpopt option for mips and mipsel targets
* f0710d2d8 lib/xzembed/xz_dec_bcj: Silence warning when no BCJ is available
* e61157bbd fs/erofs: Replace 64-bit modulo with bitwise operations
* 5313fa839 configure: Look for .otf fonts
* 33b94f2a9 loader/efi/chainloader: Do not print device path of chainloaded file
* ab1e6fc04 docs: Document all GRUB modules
* 9537f4403 commands/bli: Fix crash in get_part_uuid()
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | For some reason, 32-bit U-Boot only works when executed from
GRUB, but not SeaBIOS; 64-bit U-Boot only works from SeaBIOS!
This will have to be investigated. Standalone U-Boot, where
U-Boot is the primary payload, has not yet been tested in
Libreboot, and will not be provided for some time due to
stability concerns. More testing is needed!
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | it's u, not b, for the U-Boot hotkey
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | it's important that we maintain realistic expectations.
x86 u-boot is not yet fully stable, so mark it as such.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Currently seems to stall when booted from the GRUB
payload, but works when booted from the SeaBIOS menu.
I also tested it as a standalone payload and it seems
to boot. Will test on hardware next, and start adding
it to more mainboards.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | NOTE: Support added for xarch target x86_64-elf,
but U-Boot failed to build with this error:
OBJCOPY lib/efi_loader/helloworld.efi
x86_64-elf-objcopy: lib/efi_loader/helloworld_efi.so: invalid bfd target
make[2]: *** [scripts/Makefile.lib:476: lib/efi_loader/helloworld.efi] Error 1
Since I'm building U-Boot for x86_64 *on* an x86-64
host, and since that is currently the recommended type
of machine to use for lbmk development, and since the
other x86 payloads currently don't cross compile anyway,
this is an acceptable compromise for now. This is because
at present, I'm not making U-Boot the primary payload on x86,
instead preferring to chain it from GRUB and SeaBIOS.
The target.cfg file for x86 u-boot shows xarch/xtree commented.
Uncomment these to compile on crossgcc instead of hostcc.
I mention 64-bit because I initially did this first, but decided
to do 32-bit first. I'll work on the 64-bit one next (SPL).
It's only enabled in QEMU for now.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Of note: upstream has made several improvements to memory
management, and several fixes to file systems.
User-friendly change to LUKS: if the passphrase input failed,
the user is prompted again for the correct passphrase, instead
of GRUB just failing. Similar to cryptsetup luksOpen behaviour
under Linux.
This pulls in the following changes from upstream (gnu.org):
* b53ec06a1 util/grub-mkrescue: Check existence of option arguments
* ab9fe8030 loader/efi/fdt: Add fdtdump command to access device tree
* 0cfec355d osdep/devmapper/getroot: Unmark 2 strings for translation
* f171122f0 loader/emu/linux: Fix determination of program name
* 828717833 disk/cryptodisk: Fix translatable message
* 9a2134a70 tests: Add test for ZFS zstd
* f96df6fe9 fs/zfs/zfs: Add support for zstd compression
* 55d35d628 kern/efi/mm: Detect calls to grub_efi_drop_alloc() with wrong page counts
* 61f1d0a61 kern/efi/mm: Change grub_efi_allocate_pages_real() to call semantically correct free function
* dc0a3a27d kern/efi/mm: Change grub_efi_mm_add_regions() to keep track of map allocation size
* b990df0be tests/util/grub-fs-tester: Fix EROFS label tests in grub-fs-tester
* d41c64811 tests: Switch to requiring exfatprogs from exfat-utils
* c1ee4da6a tests/util/grub-shell-luks-tester: Fix detached header test getting wrong header path
* c22e052fe tests/util/grub-shell: Add flexibility in QEMU firmware handling
* d2fc9dfcd tests/util/grub-shell: Use pflash instead of -bios to load UEFI firmware
* 88a7e64c2 tests/util/grub-shell: Print gdbinfo if on EFI platform
* b8d29f114 configure: Add Debian/Ubuntu DejaVu font path
* 13b315c0a term/ns8250-spcr: Add one more 16550 debug type
* 8abec8e15 loader/i386/multiboot_mbi: Fix handling of errors in broken aout-kludge
* d35ff2251 net/drivers/ieee1275/ofnet: Remove 200 ms timeout in get_card_packet() to reduce input latency
* 86df79275 commands/efi/tpm: Re-enable measurements on confidential computing platforms
* 0b4d01794 util/grub-mkpasswd-pbkdf2: Simplify the main function implementation
* fa36f6376 kern/ieee1275/init: Add IEEE 1275 Radix support for KVM on Power
* c464f1ec3 fs/zfs/zfs: Mark vdev_zaps_v2 and head_errlog as supported
* 2ffc14ba9 types: Add missing casts in compile-time byteswaps
* c6ac49120 font: Add Fedora-specific font paths
* 5e8989e4e fs/bfs: Fix improper grub_free() on non-existing files
* c806e4dc8 io/gzio: Properly init a table
* 243682baa io/gzio: Abort early when get_byte() reads nothing
* bb65d81fe cli_lock: Add build option to block command line interface
* 56e58828c fs/erofs: Add tests for EROFS in grub-fs-tester
* 9d603061a fs/erofs: Add support for the EROFS
* 1ba39de62 safemath: Add ALIGN_UP_OVF() which checks for an overflow
* d291449ba docs: Fix spelling mistakes
* 6cc2e4481 util/grub.d/00_header.in: Quote background image pathname in output
* f456add5f disk/lvm: GRUB fails to detect LVM volumes due to an incorrect computation of mda_end
* 386b59ddb disk/cryptodisk: Allow user to retry failed passphrase
* 99b4c0c38 disk/mdraid1x_linux: Prevent infinite recursion
* b272ed230 efi: Fix stack protector issues
* 6744840b1 build: Track explicit module dependencies in Makefile.core.def
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | instead, make it a helper function, defined in target.cfg
this means that we can also do the same with other projects
in the future, and it is expected that we will have to.
these helper functions are used in cases where we want
additional actions to be performed.
actually, the helper could be anything. for example, you
could write:
mkhelper="./build foo bar"
and it would do that (at the point of execution, PWD
is the root directory of the build system)
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | don't hardcode the check based on whether the current
project is grub. instead, define "btype" in target.cfg
if unset, we assume kconfig and permit kconfig commands
e.g. make menuconfig, make silentoldconfig, etc
this is to avoid the deadliest of sins:
project-specific hacks
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | this is bloat, because it's something the user can already
do at runtime configuration anyway.
set it to a reasonable default of 8 seconds instead of 5,
and don't honour the timeout variable in target.cfg.
this will be documented in the next release.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | the background is only a few kb. the whole rationale
before was to limit the space used in memdisk, but this
decision was made when the background was much bigger;
it has since been optimised greatly, and the grub modules
were heavily reduce, so it should be safe.
grub's memdisk breaks when you add too much data to it.
as part of simplifying the rest of lbmk, this change removes
some more bloat from the rest of lbmk. handling this in the
memdisk is much simpler than handling it with cbfstool.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | remove nvme support from the "default" grub tree
now there are three trees:
* default: no xhci or nvme patches
* nvme: contains nvme support
* xhci: contains xhci and nvme support
this is in case a bug like lbmk issue #216 ever occurs
again, as referenced before during lbmk audit 5
there is no indication that the nvme patch causes any
issues, but after previous experience i want to be sure
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | certain code checks for build.list, to skip it, for
example in items()
we already use config/data/grub to store grub config data
that applied to all trees
create these directories too:
config/data/coreboot
config/data/u-boot
config/data/seabios
move the respective build.list files in here, and also
to config/data/grub
now multi-tree projects contain, per directory, just the
target.cfg file and the patches directory. this is much
cleaner, because some of the logic can be simplified more
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Re-add xHCI only on haswell and broadwell machines, where
they are needed. Otherwise, keep the same GRUB code.
The xHCI patches were removed because they caused issues
on Sandybridge-based Dell Latitude laptops. See:
https://codeberg.org/libreboot/lbmk/issues/216
The issue was not reported elsewhere, including on the
Haswell/Broadwell hardware where they are needed, but the
build system could only build one version of GRUB.
The older machines do not need xHCI patches, because they
either do not have xHCI patches, or work (in GRUB) because
they're in EHCI mode when running the payload.
So, the problem is that we need the xHCI patches for GRUB
on Haswell/Broadwell hardware, but the patches break
Sandybridge hardware, and we only had the one build of GRUB.
To mitigate this problem, the build system now supports
building multiple revisions of GRUB, with different patches,
and each given coreboot target can say which GRUB tree to use
by setting this in target.cfg:
grubtree="xhci"
In the above example, the "xhci" tree would be used. Some
generic GRUB config has been moved to config/data/grub/
and config/grub/ now looks like config/coreboot/ - also,
the grub.cfg file (named "payload" in each tree) is copied
to the GRUB source tree as ".config", then added to GRUB's
memdisk in the same way, as grub.cfg.
Several other design changes had to be made because of this:
* grub.cfg in memdisk no longer automatically jumps to one
  in CBFS, but now shows a menuentry for it if available
* Certain commands in script/trees are disabled for GRUB,
  such as *config make commands.
* gnulib is now defined in config/submodule/grub/, instead
  of config/git/grub - and this mitigates an existing bug
  where downloading gnulib first would make grub no longer
  possible to download in lbmk.
The coreboot option CONFIG_FINALIZE_USB_ROUTE_XHCI has been
re-enabled on: Dell OptiPlex 9020 MT, Dell OptiPlex 9020 SFF,
Lenovo ThinkPad T440p and Lenovo ThinkPad W541 - now USB should
work again in GRUB.
The GRUB payload has been re-enabled on HP EliteBook 820 G2.
This change will enable per-board GRUB optimisation in the
future. For example, we hardcode what partitions and LVMs
GRUB scans because * is slow on ICH7-based machines, due
to GRUB's design. On other machines, * is reasonably fast,
for automatically enumerating the list of devices for boot.
Use of * (and other wildcards) could enable our GRUB payload
to automatically boot more distros, with minimal fuss. This
can be done at a later date, in subsequent revisions.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | very unlikely to exist. in fact, should i remove it?
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | it's very unlikely that someone would use this
directory name nowadays, and i had half a mind
to remove it altogether
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | in practise, the machines we support don't have
the option of including so many disks; 8 seems like
the most reasonable default. additionally, it's
unreasonable to expect *20 partitions*
this hardcoding is done to avoid using *, which is
slow in grub on some machines (the grub kernel always
re-enumerates the devices during every operation,
without caching any of it)
yet, the hardcoding is also slow; balance it a bit
better by searching fewer permutations, but not so few
that it would likely break a lot of setups
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | we already supported syslinux but not grub
support grub by scanning for the most common paths,
based on the most popular distros
we don't hardcode this with * because it slows down
the boot, and in practise many distros still use the
same grub.cfg location as in BIOS systems (the EFI
one is often just a link to the BIOS one)
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | in the next revision, i will add ESP paths
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | this is a relic from the old days when we didn't
automated the grub.cfg logic as much. these days,
the grub.cfg logic is able to boot almost all distros
without any manual intervention or override.
removing these entries will speed up the boot in general
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | the path "/boot/EFI" is unnecessary because the ESP
is always a FAT32 partition, so we don't need to
scan it as a subdirectory within a subdirectory.
the ESP is always mounted as its own partition,
FAT32, and EFI/ is always at the root of it
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | the esp is always a fat32 partition so this makes no sensgrub.cfg: don't scan EFI on btrfs subvols
the esp is always a fat32 partition so this makes no sense
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | replace variables ahcidev/atadev/nvmedev with a single
one named bootdev
the for loop goes through grub_scan_disk, so now it is
effectively a bootorder configuration
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | it has always been gpl 3 or later, but it helps to have
the license declaration within the file
there's a copying file anyway. put spdx in the config
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Previously, grub_scan_disk could set ata, ahci or "both",
which would make both be tried (ahci first). This worked
when we only dealt with ata and ahci devices, but now we
support nvme devices so the logic is inherently flawed.
Instead, use grub_scan_disk to store the boot order, e.g.:
grub_scan_disk="ahci nvme ata"
grub_scan_disk="nvme ata"
In the first example, it would make GRUB scan ahci first,
then nvme and then ata.
In the secontd example, it would make GRUB scan nvme first,
and then ata.
If "both" is set, or anything other than ahci/ata/nvme,
grub_scan_disk is now changed to "nvme ahci ata".
Actual grub_scan_disk entries in target.cfg files will now
be modified, to match each machine.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | Fixes this bug:
https://codeberg.org/libreboot/lbmk/issues/216
Well, fix is the wrong word. We want xHCI ideally.
Mate is working on it as I write this. I've also:
* Disabled CONFIG_FINALIZE_USB_ROUTE_XHCI on Haswell
  boards (coreboot)
* Disabled the GRUB payload on HP 820 G2 for now
We will need to re-add the xHCI patches once fixed.
If Mate/we can't fix it, I'll contact Patrick
Rudolph who originally wrote the xHCI patches.
Signed-off-by: Leah Rowe <leah@libreboot.org> | 
|  | mkukri/lbmk:master into master
Reviewed-on: https://codeberg.org/libreboot/lbmk/pulls/213 | 
|  |  | 
|  | mkukri/lbmk:master into master
Reviewed-on: https://codeberg.org/libreboot/lbmk/pulls/212 | 
|  | Tested on OptiPlex 3050 (via injecting grub2.elf into WIP coreboot
port). | 
|  | Signed-off-by: samuraikid <samuraikid@noreply.codeberg.org> |