diff --git a/INSTALL b/INSTALL index 342c158e9..991479b52 100644 --- a/INSTALL +++ b/INSTALL @@ -11,27 +11,9 @@ GRUB depends on some software packages installed into your system. If you don't have any of them, please obtain and install them before configuring the GRUB. -* GCC 4.1.3 or later - Note: older versions may work but support is limited - - Experimental support for clang 3.3 or later (results in much bigger binaries) +* GCC 5.1.0 or later + Experimental support for clang 3.8.0 or later (results in much bigger binaries) for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64 - Note: clang 3.2 or later works for i386 and x86_64 targets but results in - much bigger binaries. - earlier versions not tested - Note: clang 3.2 or later works for arm - earlier versions not tested - Note: clang on arm64 is not supported due to - https://llvm.org/bugs/show_bug.cgi?id=26030 - Note: clang 3.3 or later works for mips(el) - earlier versions fail to generate .reginfo and hence gprel relocations - fail. - Note: clang 3.2 or later works for powerpc - earlier versions not tested - Note: clang 3.5 or later works for sparc64 - earlier versions return "error: unable to interface with target machine" - Note: clang has no support for ia64 and hence you can't compile GRUB - for ia64 with clang * GNU Make * GNU Bison 2.3 or later * GNU gettext 0.17 or later diff --git a/Makefile.am b/Makefile.am index 1f4bb9b8c..e6a220711 100644 --- a/Makefile.am +++ b/Makefile.am @@ -473,6 +473,9 @@ ChangeLog: FORCE touch $@; \ fi +systemdsystemunit_DATA = \ + grub-initrd-fallback.service + EXTRA_DIST += ChangeLog ChangeLog-2015 syslinux_test: $(top_builddir)/config.status tests/syslinux/ubuntu10.04_grub.cfg diff --git a/Makefile.in b/Makefile.in index e6a185b1d..9fa39ea49 100644 --- a/Makefile.in +++ b/Makefile.in @@ -116,7 +116,7 @@ noinst_PROGRAMS = platform_PROGRAMS = TESTS = example_unit_test$(EXEEXT) printf_test$(EXEEXT) \ date_test$(EXEEXT) $(am__EXEEXT_5) cmp_test$(EXEEXT) \ - ext234_test squashfs_test iso9660_test hfsplus_test ntfs_test \ + ext234_test iso9660_test hfsplus_test ntfs_test \ reiserfs_test fat_test minixfs_test xfs_test f2fs_test \ nilfs2_test romfs_test exfat_test tar_test udf_test hfs_test \ jfs_test btrfs_test zfs_test cpio_test example_scripted_test \ @@ -2640,7 +2640,7 @@ pkgdata_DATA = $(am__append_93) grub-mkconfig_lib bin_SCRIPTS = grub-kbdcomp sbin_SCRIPTS = grub-mkconfig grub-set-default grub-reboot platform_DATA = -check_SCRIPTS = ext234_test squashfs_test iso9660_test hfsplus_test \ +check_SCRIPTS = ext234_test iso9660_test hfsplus_test \ ntfs_test reiserfs_test fat_test minixfs_test xfs_test \ f2fs_test nilfs2_test romfs_test exfat_test tar_test udf_test \ hfs_test jfs_test btrfs_test zfs_test cpio_test \ @@ -2872,7 +2872,7 @@ CLEANFILES = $(nodist_libgrubkern_a_SOURCES) \ $(am__append_89) grub-mkconfig $(am__append_90) \ grub-set-default $(am__append_91) grub-reboot \ grub-mkconfig_lib $(am__append_92) grub-kbdcomp grub-shell \ - grub-shell-tester grub-fs-tester ext234_test squashfs_test \ + grub-shell-tester grub-fs-tester ext234_test \ iso9660_test hfsplus_test ntfs_test reiserfs_test fat_test \ minixfs_test xfs_test f2fs_test nilfs2_test romfs_test \ exfat_test tar_test udf_test hfs_test jfs_test btrfs_test \ diff --git a/Makefile.util.am b/Makefile.util.am index ef9100495..83392bf07 100644 --- a/Makefile.util.am +++ b/Makefile.util.am @@ -832,16 +832,6 @@ ext234_test: $(top_builddir)/config.status tests/ext234_test.in CLEANFILES += ext234_test EXTRA_DIST += dist_noinst_DATA += tests/ext234_test.in -check_SCRIPTS += squashfs_test -TESTS += squashfs_test - -squashfs_test: $(top_builddir)/config.status tests/squashfs_test.in - (for x in tests/squashfs_test.in ; do cat $(srcdir)/"$$x"; done) | $(top_builddir)/config.status --file=$@:- - chmod a+x squashfs_test - -CLEANFILES += squashfs_test -EXTRA_DIST += -dist_noinst_DATA += tests/squashfs_test.in check_SCRIPTS += iso9660_test TESTS += iso9660_test diff --git a/Makefile.util.def b/Makefile.util.def index 59e41423b..bd71c185f 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -779,12 +779,6 @@ script = { common = tests/ext234_test.in; }; -script = { - testcase; - name = squashfs_test; - common = tests/squashfs_test.in; -}; - script = { testcase; name = iso9660_test; diff --git a/configure.ac b/configure.ac index 883245553..6a88b9b0c 100644 --- a/configure.ac +++ b/configure.ac @@ -305,6 +305,16 @@ AC_SUBST(grubdirname) AC_DEFINE_UNQUOTED(GRUB_DIR_NAME, "$grubdirname", [Default grub directory name]) +##### systemd unit files +AC_ARG_WITH([systemdsystemunitdir], + AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]), + [], + [with_systemdsystemunitdir=/usr/lib/systemd/system], + [with_systemdsystemunitdir=no]) +if test "x$with_systemdsystemunitdir" != xno; then + AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir]) +fi + # # Checks for build programs. # @@ -410,7 +420,7 @@ else fi # Check for functions and headers. -AC_CHECK_FUNCS(posix_memalign memalign getextmntent) +AC_CHECK_FUNCS(posix_memalign memalign getextmntent on_exit) AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h limits.h) # glibc 2.25 still includes sys/sysmacros.h in sys/types.h but emits deprecation diff --git a/debian/.git-dpm b/debian/.git-dpm deleted file mode 100644 index a87b37ef6..000000000 --- a/debian/.git-dpm +++ /dev/null @@ -1,9 +0,0 @@ -# see git-dpm(1) from git-dpm package -3d51b212987d47da2b8c65a911140bbbc2fd3153 -3d51b212987d47da2b8c65a911140bbbc2fd3153 -578bb115fbd47e1c464696f1f8d6183e5443975d -578bb115fbd47e1c464696f1f8d6183e5443975d -grub2_2.04.orig.tar.xz -3ed21de7be5970d7638b9f526bca3292af78e0fc -6393864 -signature:d6df202a9bfa89abe2d7f288c1d438197c6f371a:833:grub2_2.04.orig.tar.xz.asc diff --git a/debian/.gitignore b/debian/.gitignore deleted file mode 100644 index 92dd74842..000000000 --- a/debian/.gitignore +++ /dev/null @@ -1,110 +0,0 @@ -*.bash-completion -*.config -*.debhelper* -*.postinst -*.postrm -*.preinst -*.templates -files -grub-common -grub-common.maintscript -grub-coreboot -grub-coreboot*.dirs -grub-coreboot*.install -grub-coreboot*.links -grub-coreboot*.maintscript -grub-coreboot-bin -grub-coreboot-dbg -grub-efi -grub-efi-amd64 -grub-efi-amd64*.dirs -grub-efi-amd64*.install -grub-efi-amd64*.links -grub-efi-amd64*.maintscript -grub-efi-amd64-bin -grub-efi-amd64-dbg -grub-efi-amd64-signed-template -grub-efi-arm -grub-efi-arm*.dirs -grub-efi-arm*.install -grub-efi-arm*.links -grub-efi-arm*.maintscript -grub-efi-arm-bin -grub-efi-arm-dbg -grub-efi-arm64 -grub-efi-arm64*.dirs -grub-efi-arm64*.install -grub-efi-arm64*.links -grub-efi-arm64*.maintscript -grub-efi-arm64-bin -grub-efi-arm64-dbg -grub-efi-arm64-signed-template -grub-efi-ia32 -grub-efi-ia32*.dirs -grub-efi-ia32*.install -grub-efi-ia32*.links -grub-efi-ia32*.maintscript -grub-efi-ia32-bin -grub-efi-ia32-dbg -grub-efi-ia32-signed-template -grub-efi-ia64 -grub-efi-ia64*.dirs -grub-efi-ia64*.install -grub-efi-ia64*.links -grub-efi-ia64*.maintscript -grub-efi-ia64-bin -grub-efi-ia64-dbg -grub-emu -grub-emu*.dirs -grub-emu*.install -grub-emu*.links -grub-emu*.maintscript -grub-emu-dbg -grub-extras-enabled -grub-extras/*/conf/*.mk -grub-firmware-qemu -grub-ieee1275 -grub-ieee1275*.dirs -grub-ieee1275*.install -grub-ieee1275*.links -grub-ieee1275*.maintscript -grub-ieee1275-bin -grub-ieee1275-dbg -grub-linuxbios -grub-mount-udeb -grub-pc -grub-pc*.dirs -grub-pc*.install -grub-pc*.links -grub-pc*.maintscript -grub-pc-bin -grub-pc-dbg -grub-rescue-pc -grub-theme-starfield -grub-uboot -grub-uboot*.dirs -grub-uboot*.install -grub-uboot*.links -grub-uboot*.maintscript -grub-uboot-bin -grub-uboot-dbg -grub-xen -grub-xen*.dirs -grub-xen*.install -grub-xen*.links -grub-xen*.maintscript -grub-xen-bin -grub-xen-dbg -grub-xen-host -grub-yeeloong -grub-yeeloong*.dirs -grub-yeeloong*.install -grub-yeeloong*.links -grub-yeeloong*.maintscript -grub-yeeloong-bin -grub-yeeloong-dbg -grub2 -grub2-common -prep-bootdev -stamps -tmp-* diff --git a/debian/README.source b/debian/README.source index b2884295d..e928a52b1 100644 --- a/debian/README.source +++ b/debian/README.source @@ -39,3 +39,6 @@ grub-team/grub uses git-dpm and contains the following branches: - pristine-tar: pritine-tar metadata based on upstream (not upstream). + +Ubuntu unapplies git-dpm patches, and instead uses gbp pq +import|export --no-patch-numbers. diff --git a/debian/build-efi-images b/debian/build-efi-images index dbff3e720..f789cf666 100755 --- a/debian/build-efi-images +++ b/debian/build-efi-images @@ -129,6 +129,7 @@ CD_MODULES=" search_fs_file search_label sleep + smbios squash4 test true @@ -189,6 +190,7 @@ GRUB_MODULES="$CD_MODULES raid6rec " NET_MODULES="$CD_MODULES + http tftp " @@ -212,9 +214,12 @@ NET_MODULES="$CD_MODULES # Special network boot image for d-i to use. Just the same as the # normal network boot image, but with a different value baked in for # the prefix setting -"$grub_mkimage" -O "$platform" -o "$outdir/grubnet$efi_name-installer.efi" \ - -d "$grub_core" -c "$workdir/grub-bootstrap.cfg" \ - -m "$workdir/memdisk-netboot.fat" \ - -p "${efi_vendor}-installer/$deb_arch/grub" $NET_MODULES +# +# but not on Ubuntu LP: #1863994 +# +#"$grub_mkimage" -O "$platform" -o "$outdir/grubnet$efi_name-installer.efi" \ +# -d "$grub_core" -c "$workdir/grub-bootstrap.cfg" \ +# -m "$workdir/memdisk-netboot.fat" \ +# -p "${efi_vendor}-installer/$deb_arch/grub" $NET_MODULES exit 0 diff --git a/debian/canonical-uefi-ca.crt b/debian/canonical-uefi-ca.crt new file mode 100644 index 000000000..55c06d582 --- /dev/null +++ b/debian/canonical-uefi-ca.crt @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIENDCCAxygAwIBAgIJALlBJKAYLJJnMA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD +VQQGEwJHQjEUMBIGA1UECAwLSXNsZSBvZiBNYW4xEDAOBgNVBAcMB0RvdWdsYXMx +FzAVBgNVBAoMDkNhbm9uaWNhbCBMdGQuMTQwMgYDVQQDDCtDYW5vbmljYWwgTHRk +LiBNYXN0ZXIgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTEyMDQxMjExMTI1MVoX +DTQyMDQxMTExMTI1MVowgYQxCzAJBgNVBAYTAkdCMRQwEgYDVQQIDAtJc2xlIG9m +IE1hbjEQMA4GA1UEBwwHRG91Z2xhczEXMBUGA1UECgwOQ2Fub25pY2FsIEx0ZC4x +NDAyBgNVBAMMK0Nhbm9uaWNhbCBMdGQuIE1hc3RlciBDZXJ0aWZpY2F0ZSBBdXRo +b3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/WzoWdO4hXa5h +7Z1WrL3e3nLz3X4tTGIPrMBtSAgRz42L+2EfJ8wRbtlVPTlU60A7sbvihTR5yvd7 +v7p6yBAtGX2tWc+m1OlOD9quUupMnpDOxpkNTmdleF350dU4Skp6j5OcfxqjhdvO ++ov3wqIhLZtUQTUQVxONbLwpBlBKfuqZqWinO8cHGzKeoBmHDnm7aJktfpNS5fbr +yZv5K+24aEm82ZVQQFvFsnGq61xX3nH5QArdW6wehC1QGlLW4fNrbpBkT1u06yDk +YRDaWvDq5ELXAcT+IR/ZucBUlUKBUnIfSWR6yGwk8QhwC02loDLRoBxXqE3jr6WO +BQU+EEOhAgMBAAGjgaYwgaMwHQYDVR0OBBYEFK2RmQvCKrH1FwSMI7ZlWiaONFpj +MB8GA1UdIwQYMBaAFK2RmQvCKrH1FwSMI7ZlWiaONFpjMA8GA1UdEwEB/wQFMAMB +Af8wCwYDVR0PBAQDAgGGMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly93d3cuY2Fu +b25pY2FsLmNvbS9zZWN1cmUtYm9vdC1tYXN0ZXItY2EuY3JsMA0GCSqGSIb3DQEB +CwUAA4IBAQA/ffZ2pbODtCt60G1SGgODxBKnUJxHkszAlHeC0q5Xs5kE9TI6xlUd +B9sSqVb62NR2IOvkw1Hbmlyckj8Yc9qUaqGZOIykiG3B/Dlx0HR2FgM+ViM11VVH +WxodQcLTEkzc/64KkpxiChcBnHPgXrH9vNa1GRF6fs0+A35m21uoyTlIUf9T4Zwx +U5EbOxB1Axe65oECgJRwTEa3lLA9Fc0fjgLgaAKP+/lHHX2iAcYHUcSazO3dz6Nd +7ZK7vtH95uwfM1FzBL48crB9CPgB/5h9y5zgaTl3JUdxiLGNJ6UuqPc/X4Bplz6p +9JkU284DDgtmxBxtvbgnd8FClL38agq8 +-----END CERTIFICATE----- diff --git a/debian/changelog b/debian/changelog index 4d9d19e67..01bbfd672 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,584 @@ +grub2 (2.04-1ubuntu26.17) focal; urgency=medium + + * linux_xen: Properly handle multiple initrd files (LP: #1987567) + - d/p/linux_xen-Properly-load-multiple-initrd-files.patch + - d/p/linux_xen-Properly-order-multiple-initrd-files.patch + + -- Mauricio Faria de Oliveira Sun, 18 Dec 2022 18:29:03 -0300 + +grub2 (2.04-1ubuntu26.16) focal; urgency=medium + + * grub-multi-install: Reset partition type between partitions (LP: #1997795) + + -- Julian Andres Klode Fri, 02 Dec 2022 16:20:54 +0100 + +grub2 (2.04-1ubuntu26.15) focal; urgency=medium + + [ Mauricio Faria de Oliveira ] + * Call hwmatch only on the grub-pc platform (LP: #1840560) + + -- Julian Andres Klode Tue, 11 Jan 2022 16:09:48 +0100 + +grub2 (2.04-1ubuntu26.14) focal; urgency=medium + + * grub-check-signatures: Support gzip compressed kernels (LP: #1954683) + + -- Julian Andres Klode Tue, 11 Jan 2022 15:58:12 +0100 + +grub2 (2.04-1ubuntu26.13) focal; urgency=medium + + [ Julian Andres Klode ] + * unapply all patches, use gbp pq instead of git-dpm + + [ Dimitri John Ledkov ] + * 10_linux: emit messages when initrdless boot is configured, attempted and + fails triggering fallback. LP: #1901553 + * grub-common.service: port init.d script to systemd unit. Add warning + message, when initrdless boot fails triggering fallback. LP: #1901553 + * debian/grub-common.service: change type to oneshot, add wantedby + sleep.target, after sleep.target. The service will now start after resume + from hybernation. (LP: #1929860) + * grub-initrd-fallback.service: add wantedby sleep.target, after + sleep.target. The service will now start after resume from hybernation. + LP: #1929860 + * grub-initrd-fallback.service, debian/grub-common.service: only start units + when booted with grub. Use presence of /boot/grub/grub.cfg as proxy. LP: + #1925507 + + -- Julian Andres Klode Thu, 12 Aug 2021 11:18:25 +0200 + +grub2 (2.04-1ubuntu26.12) focal; urgency=medium + + * Bump the version number in the replaces for grub-efi-* to account for + newer packages in bionic from grub2-unsigned shipping the kernel hook + conffiles. LP: #1928674. + + -- Steve Langasek Wed, 19 May 2021 22:50:50 -0700 + +grub2 (2.04-1ubuntu26.11) focal; urgency=medium + + [ Dimitri John Ledkov & Steve Langasek ] + * Relax dependencies to allow grub-efi be installed with later versions + of grub-efi-amd64. Stop building grub-efi-amd64|arm64{-bin,dbg} + packages, now provided by src:grub2-unsigned. LP: #1915536 + + -- Dimitri John Ledkov Wed, 24 Feb 2021 19:33:38 +0000 + +grub2 (2.04-1ubuntu26.9) focal; urgency=medium + + * Revert: rhboot-f34-tcp-add-window-scaling-support.patch, + rhboot-f34-support-non-ethernet.patch, + ubuntu-fixup-rhboot-f34-support-non-ethernet.patch, + ubuntu-fixup-rhboot-f34-support-non-ethernet-2.patch: these break MAAS + LXD KVM pod deployments. LP: #1915288 + * Cherrypick fix crash in http LP: #1915288 + * Fix grub-initrd-fallback.service thanks to JawnSmith LP: #1910815 + + -- Dimitri John Ledkov Fri, 12 Feb 2021 22:03:32 +0000 + +grub2 (2.04-1ubuntu26.8) focal; urgency=medium + + * debian/patches/grub-install-backup-and-restore.patch: Fix-up the patch + to correctly initialyze the names of the modules to restore. LP: + #1907085 + * rhboot-f34-make-exit-take-a-return-code.patch, + rhboot-f34-dont-use-int-for-efi-status.patch: allow grub to exit + non-zero under EFI, this should allow falling back to the next + BootOrder BootEntry. LP: #1865515 + * rhboot-f34-tcp-add-window-scaling-support.patch: speed up netboot + transfer speed. LP: #1911439 + * rhboot-f34-support-non-ethernet.patch, + ubuntu-fixup-rhboot-f34-support-non-ethernet.patch, + ubuntu-fixup-rhboot-f34-support-non-ethernet-2.patch: + add support for link layer addresses of up to 32-bytes. LP: #1911439 + * rhboot-f34-make-pmtimer-tsc-calibration-fast.patch: + speed up calibration time, especially when booting VMs. LP: #1911439 + * minilzo: built using the distribution's minilzo. LP: #1911440 + + -- Dimitri John Ledkov Wed, 13 Jan 2021 14:12:38 +0000 + +grub2 (2.04-1ubuntu26.7) focal; urgency=medium + + * Avoid "EFI stub: FIRMWARE BUG" message when booting >= 5.7 kernels + on arm64 by setting the image base address before jumping to the + PE/COFF entry point LP: #1900774 + * Fix tftp timeouts when fetching large files. LP: #1900773 + + -- dann frazier Thu, 12 Nov 2020 16:15:13 -0700 + +grub2 (2.04-1ubuntu26.6) focal; urgency=medium + + * postinst.in, grub-multi-install: fix logic of skipping installing onto + any device, if one chose to not install bootloader on any device. LP: + #1896608 + * Do not finalize params twice on arm64. LP: #1897819 + + -- Dimitri John Ledkov Thu, 01 Oct 2020 23:19:24 +0800 + +grub2 (2.04-1ubuntu26.5) focal; urgency=medium + + * ubuntu-linuxefi-arm64.patch: Fix build on armhf (LP: #1862279) + + -- Julian Andres Klode Wed, 16 Sep 2020 13:01:19 +0200 + +grub2 (2.04-1ubuntu26.4) focal; urgency=medium + + * grub-install: cherry-pick patch from grub-devel to make grub-install + fault tolerant. Create backup of files in /boot/grub, and restore them + on failure to complete grub-install. LP: #1891680 + * postinst.in: do not exit successfully when failing to show critical + grub-pc/install_devices_failed and grub-pc/install_devices_empty + prompts in non-interactive mode. This enables surfacing upgrade errors + to the users and/or automation. LP: #1891680 + * postinst.in: do not attempt to call grub-install upon fresh install of + grub-pc because it it a job of installers to do that after fresh + install. Fixup for the issue unmasked by above. LP: #1891680 + * grub-multi-install: fix non-interactive failures for grub-efi like it + was fixed in postinst for grub-pc. LP: #1891680 + * postinst.in: Fixup postinst.in, to attempt grub-install upon explicit + dpkg-reconfigure grub-pc. LP: #1892526 + + -- Dimitri John Ledkov Tue, 08 Sep 2020 11:24:35 +0100 + +grub2 (2.04-1ubuntu26.3) focal; urgency=medium + + * 2.04-1ubuntu27 and 2.04-1ubuntu28 folded together for focal + * debian/patches/ubuntu-flavour-order.patch: + - Add a (hidden) GRUB_FLAVOUR_ORDER setting that can mark certain kernel + flavours as preferred, and specify an order between those preferred + flavours (LP: #1882663) + * debian/patches/ubuntu-zfs-enhance-support.patch: + - Use version_find_latest for ordering kernels, so it also supports + the GRUB_FLAVOUR_ORDER setting. + * debian/patches/ubuntu-dont-verify-loopback-images.patch: + - disk/loopback: Don't verify loopback images (LP: #1878541), + Thanks to Chris Coulson for the patch + * debian/patches/ubuntu-recovery-dis_ucode_ldr.patch + - Pass dis_ucode_ldr to kernel for recovery mode (LP: #1831789) + * debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: + - Merge changes from xnox to fix multiple initrds support (LP: #1878705) + * debian/patches/ubuntu-clear-invalid-initrd-spacing.patch: + - Remove, no longer needed thanks to xnox's patch + * Ensure that grub-multi-install can always find templates (LP: #1879948) + + -- Julian Andres Klode Mon, 17 Aug 2020 16:04:31 +0200 + +grub2 (2.04-1ubuntu26.2) focal; urgency=medium + + * debian/postinst.in: Avoid calling grub-install on upgrade of the grub-pc + package, since we cannot be certain that it will install to the correct + disk and a grub-install failure will render the system unbootable. + LP: #1889556. + + -- Steve Langasek Thu, 30 Jul 2020 17:34:25 -0700 + +grub2 (2.04-1ubuntu26.1) focal; urgency=medium + + [ Julian Andres Klode ] + * Move gettext patches out of git-dpm's way, so it does not delete them + + [ Chris Coulson ] + * SECURITY UPDATE: Heap buffer overflow when encountering commands that + cannot be tokenized to less than 8192 characters. + - 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make + fatal lexer errors actually be fatal + - CVE-2020-10713 + * SECURITY UPDATE: Multiple integer overflow bugs that could result in + heap buffer allocations that were too small and subsequent heap buffer + overflows when handling certain filesystems, font files or PNG images. + - 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add + arithmetic primitives that allow for overflows to be detected + - 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch: + Make sure that there is always an overflow checking implementation + of calloc() available + - 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where + appropriate + - 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use + overflow-safe arithmetic primitives when performing allocations + based on the results of operations that might overflow + - 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in + hfsplus + - 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix + more potential integer overflows in lvm + - CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 + * SECURITY UPDATE: Use-after-free when executing a command that causes + a currently executing function to be redefined. + - 0092-script-Remove-unused-fields-from-grub_script_functio.patch: + Remove unused fields from grub_script_function + - 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch: + Avoid a use-after-free when redefining a function during execution + - CVE-2020-15706 + * SECURITY UPDATE: Integer overflows that could result in heap buffer + allocations that were too small and subsequent heap buffer overflows + during initrd loading. + - 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix + integer overflows in initrd size handling + - 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix + integer overflows in linuxefi grub_cmd_initrd + - CVE-2020-15707 + * Various fixes as a result of code review and static analysis: + - 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a + memory leak on realloc failures when processing symbolic links + - 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a + memory leak when processing font files with more than one NAME + section + - 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap + after it is freed in order to avoid a potential double free later on + - 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an + out-of-bounds read in LzmaEncode + - 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use + priority queues and fix a double free + - 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix + various arithmetic errors with malformed device paths + - 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix + a NULL deref in the chainloader command introduced by a previous + patch + - 0099-efi-Fix-use-after-free-in-halt-reboot-path.patch: Fix a + use-after-free in the halt and reboot commands by not freeing + allocated memory in these paths + - 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch: + Avoid a double free in the chainloader command when validation fails + - 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch: + Protect grub_relocator_alloc_chunk_addr input arguments against + integer overflow / underflow + - 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch: + Protect grub_relocator_alloc_chunk_align max_addr argument against + integer underflow + - 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix + grub_relocator_alloc_chunk_align top memory allocation + - 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch: + Avoid overflow on initrd size calculation + + [ Dimitri John Ledkov ] + * SECURITY UPDATE: Grub does not enforce kernel signature validation + when the shim protocol isn't present. + - 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch: + Fail kernel validation if the shim protocol isn't available + - CVE-2020-15705 + + -- Chris Coulson Mon, 20 Jul 2020 19:19:08 +0100 + +grub2 (2.04-1ubuntu26) focal; urgency=medium + + [ Julian Andres Klode ] + * Move /boot/efi -> debconf migration into wrapper, so it runs everywhere + (LP: #1872077) + * Display disk name and size in the ESP selection dialog, instead of ??? + + [ Sebastien Bacher ] + * debian/patches/gettext, + debian/patches/rules: + - backport upstream patches to fix the list of translated strings, + reported on the ubuntu-translators mailing list. The changes would + be overwritten by autoreconf so applying from a rules override. + + -- Julian Andres Klode Wed, 15 Apr 2020 13:31:27 +0200 + +grub2 (2.04-1ubuntu25) focal; urgency=medium + + [ Jean-Baptiste Lallement ] + [ Didier Roche ] + * debian/patches/ubuntu-zfs-enhance-support.patch: + - fix trailing } when no advanced menu is printed + - ensure we unmount all temporary snapshots path before zfs collect them + out. + * debian/patches/ubuntu-speed-zsys-history.patch: + - Speed up navigating zsys history by reducing greatly grub.cfg file size. + It used to take eg 80 seconds when loading 100 system snapshots. This is + now instantaneous by using a function with parameters that the users can + still easily edit. + + -- Didier Roche Mon, 13 Apr 2020 15:17:42 +0200 + +grub2 (2.04-1ubuntu24) focal; urgency=medium + + * Support installing to multiple ESPs (LP: #1871821) + + -- Julian Andres Klode Thu, 09 Apr 2020 12:51:07 +0200 + +grub2 (2.04-1ubuntu23) focal; urgency=medium + + [ Jean-Baptiste Lallement ] + [ Didier Roche ] + * Performance improvements for update-grub on ZFS systems (LP: #1869885) + + -- Didier Roche Tue, 31 Mar 2020 15:30:36 +0200 + +grub2 (2.04-1ubuntu22) focal; urgency=medium + + * smbios: Add a --linux argument to apply linux modalias-like filtering + * Make the linux command in EFI grub always try EFI handover; thanks + to Chris Coulson for the patches (LP: #1864533) + + -- Julian Andres Klode Wed, 11 Mar 2020 17:46:35 +0100 + +grub2 (2.04-1ubuntu21) focal; urgency=medium + + * Make ZFS menu generation depending on new zsysd binary instead of eoan + zsys compatibility symlink. + + -- Didier Roche Wed, 26 Feb 2020 09:59:49 +0100 + +grub2 (2.04-1ubuntu20) focal; urgency=medium + + * build-efi-images: do not produce -installer.efi.signed. LP: #1863994 + + -- Dimitri John Ledkov Tue, 25 Feb 2020 01:11:31 +0000 + +grub2 (2.04-1ubuntu19) focal; urgency=medium + + * uefi-firmware: rename fwsetup menuentry to UEFI Firmware Settings + (LP: #1864547) + * build-efi-images: add smbios module to the prebuilt signed EFI images + (LP: #1856424) + + -- Dimitri John Ledkov Mon, 24 Feb 2020 20:34:13 +0000 + +grub2 (2.04-1ubuntu18) focal; urgency=medium + + * Cherry-pick fix from Colin W. in debian to build with python3. + + -- Didier Roche Thu, 06 Feb 2020 18:37:44 +0100 + +grub2 (2.04-1ubuntu17) focal; urgency=medium + + * Fix ZFS menu generation with ZFS 0.8.x where mounted datasets can’t list + snapshots due to an upstream change. + https://github.com/zfsonlinux/zfs/issues/9958 + + -- Didier Roche Thu, 06 Feb 2020 18:20:16 +0100 + +grub2 (2.04-1ubuntu16) focal; urgency=medium + + * Revert "Add smbios module to build-efi-images script" from previous + upload, pending review see https://bugs.launchpad.net/bugs/1856424 + + -- Dimitri John Ledkov Sun, 15 Dec 2019 01:28:49 +0000 + +grub2 (2.04-1ubuntu15) focal; urgency=medium + + * ubuntu-efi-allow-loopmount-chainload.patch: + - Enable chainloading EFI apps from loopmounts + * cherrypick-lsefisystab-define-smbios3.patch: + * cherrypick-smbios-modules.patch: + - Cherrypick from 2.05 module for retrieving SMBIOS information + * cherrypick-lsefisystab-show-dtb.patch: + - If dtb is provided by the firmware / DtbLoader driver, display it in + human form, rather than just UUID + + -- Dimitri John Ledkov Fri, 13 Dec 2019 11:24:21 +0000 + +grub2 (2.04-1ubuntu14) focal; urgency=medium + + * debian/patches/ubuntu-zfs-enhance-support.patch: + - Handle the case where grub-probe returns several devices for a single + pool (LP: #1848856). Thanks jpb for the report and the proposed patch. + - Add savedefault to non-recovery entries (LP: #1850202). Thanks Deltik + for the patch. + - Do not crash on invalid fstab and report the invalid entry. + (LP: #1849347) Thanks Deltik for the patch. + - When a pool fails to import, catch and display the error message and + continue with other pools. Import all the pools in readonly mode so we + can import other pools with unsupported features (LP: #1848399) Thanks + satmandu for the investigation and the proposed patch + + -- Jean-Baptiste Lallement Mon, 18 Nov 2019 11:22:43 +0100 + +grub2 (2.04-1ubuntu13) focal; urgency=medium + + * debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch: treat "unknown" + TPM errors as non-fatal, but still write up the details as debug messages + so we can further track what happens with the systems throwing those up. + (LP: #1848892) + * debian/patches/ubuntu-linuxefi.patch: Drop extra check for Secure Boot + status in linuxefi_secure_validate(); it's unnecessary and blocking boot + in chainload (like chainloading Windows) when SB is disabled. + (LP: #1845289) + + -- Mathieu Trudel-Lapierre Thu, 31 Oct 2019 17:58:47 -0400 + +grub2 (2.04-1ubuntu12) eoan; urgency=medium + + * Move our identifier to com.ubuntu + As we are not going to own org.zsys, move our identifier under + com.ubuntu.zsys (LP: #1847711) + + -- Didier Roche Fri, 11 Oct 2019 15:57:47 +0200 + +grub2 (2.04-1ubuntu11) eoan; urgency=medium + + * Load all kernels (even those without .efi.signed) for secure boot mode + as those are signed kernels on ubuntu, loaded by the shim. (LP: #1847581) + + -- Didier Roche Thu, 10 Oct 2019 11:40:44 +0200 + +grub2 (2.04-1ubuntu10) eoan; urgency=medium + + * debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch: + skip /dev/disk/by-id/lvm-pvm-uuid entries from device iteration. + (LP: #1838525) + + -- Rafael David Tinoco Mon, 07 Oct 2019 23:23:54 -0300 + +grub2 (2.04-1ubuntu9) eoan; urgency=medium + + * debian/patches/ubuntu-zfs-enhance-support.patch: + - Handle case of pure zfs only snapshots giving additional "}", and as + such, creating invalid grub menu. + Spotted by grubzfs-testsuite autopkgtests. + + -- Didier Roche Wed, 02 Oct 2019 09:59:19 +0200 + +grub2 (2.04-1ubuntu8) eoan; urgency=medium + + * debian/patches/install-signed.patch -> ubuntu-install-signed.patch: + Really fix the installation of UEFI artefacts to the distributor path (we + only want shim, grub, and MokManager, and shim's boot.csv there), and to + the removable /EFI/BOOT path (where we want shim and fallback only). + Rename the patch to ubuntu- like others that are Ubuntu-specific or + otherwise modified to avoid such confusion at merge time in the future. + + -- Mathieu Trudel-Lapierre Tue, 01 Oct 2019 11:29:24 -0400 + +grub2 (2.04-1ubuntu7) eoan; urgency=medium + + * debian/patches/ubuntu-zfs-enhance-support.patch: + Disable history entry under some conditions: + - Don't show up if the system is a zsys one and zsys isn't installed + (LP: #1845333) + - Don't show for pure zfs systems: we identified multiple issues due + to the mount generator in upstream zfs which makes it incompatible. + Disable for now (LP: #1845913) + + -- Didier Roche Mon, 30 Sep 2019 09:35:03 +0200 + +grub2 (2.04-1ubuntu6) eoan; urgency=medium + + * debian/patches/install-signed.patch: fix paths for MokManager/fallback; + shim no longer ships these with a .signed suffix. (LP: #1845466) + + -- Mathieu Trudel-Lapierre Thu, 26 Sep 2019 09:48:07 -0400 + +grub2 (2.04-1ubuntu5) eoan; urgency=medium + + * d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: fix + mis-spelling of helper function in final computation of GRUB_DEVICE in + multipath case. + + -- Michael Hudson-Doyle Tue, 13 Aug 2019 08:56:16 +1200 + +grub2 (2.04-1ubuntu4) eoan; urgency=medium + + * d/patches/ubuntu-boot-from-multipath-dependent-symlink.patch: when / is + multipathed there will be multiple paths to the partition, so using + root=UUID= exposes the boot process to udev races. In addition + grub-probe --target device / in this case reports /dev/dm-1 or similar -- + better to use a symlink that depends on the multipath name. (LP: #1429327) + + -- Michael Hudson-Doyle Tue, 06 Aug 2019 12:37:18 +1200 + +grub2 (2.04-1ubuntu3) eoan; urgency=medium + + [ Mathieu Trudel-Lapierre ] + * debian/patches/ubuntu-add-devicetree-command-support.patch: import patch + into git-dpm: drop [PATCH] tag and add Patch-Name. + + [ Didier Roche ] + * debian/patches/ubuntu-zfs-enhance-support.patch + - Don't patch autoregenerated files. + - rewrite generate MenuMeta implementation in shell (LP: #1834095) + mawk doesn't support \s and other array features. + + Change \s by their space or tab equivalent. + + Rewrite the menumeta generation in pure shell, which is easier to + debug, keeping globally the same algorithm + + Support i18n in entry name generation. + Co-authored with Jean-Baptiste. + - Resplit all patches in debian/patches/*, so that we have upstreamable + and non upstreamable parts separate. Also, any change in 10_linux patch + will be reflected in 10_linux_zfs. + - Always import pools (using force), as we don't mount them. Ensure also + that we don't update the host cache, as we import all pools, and not + only those attached to that system. + + -- Didier Roche Mon, 29 Jul 2019 08:08:48 +0200 + +grub2 (2.04-1ubuntu2) eoan; urgency=medium + + * Add device-tree command support as installed by flash-kernel. + + -- Dimitri John Ledkov Wed, 17 Jul 2019 23:47:27 +0100 + +grub2 (2.04-1ubuntu1) eoan; urgency=medium + + * Merge against Debian; remaining changes: + - debian/control: Update Vcs fields for code location on Ubuntu. + - debian/control: Breaks shim (<< 13). + - debian/patches/linuxefi.patch: Secure Boot support: use newer patchset + from rhboot repo, flattened to a single patch. + - debian/patches/install_signed.patch, grub-install-extra-removable.patch: + - Make sure if we install shim; it should also be exported as the default + bootloader to install later to a removable path, if we do. + - Rework grub-install-extra-removable.patch to reverse its logic: in the + default case, install the bootloader to /EFI/BOOT, unless we're trying + to install on a removable device, or explicitly telling grub *not* to + do it. + - Install a BOOT.CSV for fallback to use. + - Make sure postinst and templates know about the replacement of + --force-extra-removable with --no-extra-removable. + - debian/patches/ubuntu-support-initrd-less-boot.patch: allow non-initrd + boot config. + - debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: If a kernel + fails to boot without initrd, we will fallback to trying to boot the + kernel with an initrd. + - debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch: make sure + grub-mkconfig leaves a trace of what files were sourced to help generate + the config we're building. + - debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch: in EFI + console, only set text-mode when we're actually going to need it. + - debian/patches/ubuntu-zfs-enhance-support.patch: Better ZFS grub support. + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the + number of entries/clutter from other OSes in Petitboot + - debian/patches/ubuntu-shorter-version-info.patch: Only show the upstream + version in menu and console, and hide the package one in a + package_version variable. + - Verify that the current and newer kernels are signed when grub is + updated, to make sure people do not accidentally shutdown without a + signed kernel. + - debian/default/grub: replace GRUB_HIDDEN_* variables with the less + confusing GRUB_TIMEOUT_STYLE=hidden. + - debian/rules: shuffle files around for now to keep build artefacts + for signing at the same location as they were expected by Launchpad. + - debian/rules, debian/control: enable dh-systemd. + - debian/grub-common.install.in: install the systemd unit that's part of + initrd fallback handling, missed when the feature landed. + - debian/build-efi-images: add http module to NET_MODULES. + * debian/patches/linuxefi*.patch: Flatten linuxefi patches into one. + * debian/patches: rename patches to use "-" as a separator rather than "_". + * debian/patches: rename Ubuntu-specific patches and commits to add "ubuntu" + so it's clearer which are new or changed when doing a merge. + * debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch: fix FTBFS due + to objcopy building an invalid binary padded with zeroes (LP: #1833234) + * debian/patches/ubuntu-clear-invalid-initrd-spacing.patch: clear up invalid + spacing for the initrd command when not using early initrds. + * debian/patches/ubuntu-add-initrd-less-boot-fallback.patch: move the initrd + boot success/failure service to start later at boot time. (LP: #1823391) + * debian/patches/fix-lockdown.patch: Drop lockdown patch from Debian, which + breaks with new linuxefi patchset. + * debian/patches/ubuntu-temp-keep-auto-nvram.patch: Temporarily keep the + --auto-nvram option we previously had as a supported option in grub-install + (with no effect now), to avoid breaking upgrades. "auto-nvram" is default + behavior now that we use libefivar instead of calling efibootmgr. + + -- Mathieu Trudel-Lapierre Tue, 16 Jul 2019 11:31:29 -0400 + +grub2 (2.04-2) UNRELEASED; urgency=medium + + [ James Clarke ] + * Only Build-Depend on libefiboot-dev and libefivar-dev on Linux + architectures, since they're Linux-only. + + -- Colin Watson Tue, 09 Jul 2019 15:04:41 +0100 + grub2 (2.04-1) unstable; urgency=medium * New upstream release. @@ -131,6 +712,112 @@ grub2 (2.02+dfsg1-13) unstable; urgency=medium -- Colin Watson Thu, 14 Mar 2019 10:33:24 +0000 +grub2 (2.02+dfsg1-12ubuntu3) eoan; urgency=medium + + * debian/patches/zfs_enhance_support.patch: + Enhance ZFS grub support: + - Support multiple zfs systems (grouped by machine-id) + - Group zfs snapshots and clones with latest dataset for a given + installation. + - Support "history" entry with one time boot, recovery mode and + consecutive reboots. + - Pin kernel to particular snapshot, trying to reboot with the exact + same kernel and initrd. + - Disable in 10_linux zfs support if 10_linux_zfs is installed so that + we don't end up with the same installation multiple times. + * debian/patches/*: + - Apply ubuntu/debian specific changes of 10_linux to 10_linux_zfs. + + Work done with Jean-Baptiste. + + -- Didier Roche Mon, 17 Jun 2019 11:28:48 +0200 + +grub2 (2.02+dfsg1-12ubuntu2) disco; urgency=medium + + * debian/patches/efi-console-set-text-mode-as-needed.patch: in EFI console, + only set text-mode when we're actually going to need it. + * debian/build-efi-images: add http module to NET_MODULES. (LP: #1787630) + + -- Mathieu Trudel-Lapierre Mon, 11 Mar 2019 17:48:49 -0400 + +grub2 (2.02+dfsg1-12ubuntu1) disco; urgency=medium + + * Merge against Debian unstable; remaining changes (LP: #564853): + - debian/control: Update Vcs fields for code location on Ubuntu. + - debian/control: Breaks shim (<< 13). + - Secure Boot support: use newer patchset from rhboot repo: + - many linuxefi_* patches added and modified + - dropped debian/patches/linuxefi_require_shim.patch + - renamed: debian/patches/no_insmod_on_sb.patch -> + debian/patches/linuxefi_no_insmod_on_sb.patch + - debian/patches/install_signed.patch, grub-install-extra-removable.patch: + - Make sure if we install shim; it should also be exported as the default + bootloader to install later to a removable path, if we do. + - Rework grub-install-extra-removable.patch to reverse its logic: in the + default case, install the bootloader to /EFI/BOOT, unless we're trying + to install on a removable device, or explicitly telling grub *not* to + do it. + - Install a BOOT.CSV for fallback to use. + - Make sure postinst and templates know about the replacement of + --force-extra-removable with --no-extra-removable. + - debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the + --auto-nvram option to grub-install for auto-detecting NVRAM availability + before attempting NVRAM updates. + - debian/build-efi-images: provide a new grub EFI image which enforces that + loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is + the same as grub$arch.efi minus the 'linux' module. Without fallback to + 'linux' for unsigned loading, this makes it effectively enforce having a + signed kernel. + - Verify that the current and newer kernels are signed when grub is + updated, to make sure people do not accidentally shutdown without a + signed kernel. + - debian/default/grub: replace GRUB_HIDDEN_* variables with the less + confusing GRUB_TIMEOUT_STYLE=hidden. + - debian/patches/support_initrd-less_boot.patch: Added knobs to allow + non-initrd boot config. + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the + number of entries/clutter from other OSes in Petitboot + - debian/patches/shorter_version_info.patch: Only show the upstream version + in menu and console, and hide the package one in a package_version + variable. + - debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the + 'text' payload if it's not supported but present in gfxpayload, such as + on EFI systems. + - debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file + fizes as block sizes in bufio: this avoids potentially seeking back in + the files unnecessarily, which may require re-open files that cannot be + seeked into, such as via TFTP. + - debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize + structs in bootpath parser. + - debian/rules: shuffle files around for now to keep build artefacts + for signing at the same location as they were expected by Launchpad. + - debian/rules, debian/control: enable dh-systemd. + - debian/grub-common.install.in: install the systemd unit that's part of + initrd fallback handling, missed when the feature landed. + - debian/patches/quick-boot-lvm.patch: If we don't have writable + grubenv and we're on EFI, always show the menu. + - debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig + leaves a trace of what files were sourced to help generate the config + we're building. + - debian/patches/linuxefi_truncate_overlong_reloc_section.patch: Windows + 7 bootloader has inconsistent headers; truncate to the smaller, correct + size to fix chainloading Windows 7. + - debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in + relocate_coff() causing issues with relocation of code in chainload. + - debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less + capabilities. If a kernel fails to boot without initrd, we will fallback + to trying to boot the kernel with an initrd. Patch by Chris Glass. + - debian/patches/grub-reboot-warn.patch: Warn when "for the next + boot only" promise cannot be kept. + * Refreshed patches and fixed up attribution to the right authors after + merge with Debian. + * debian/patches/linuxefi_missing_include.patch, + debian/patches/linuxefi_fixing_more_errors.patch: Apply some additional + small fixes to casts, format strings, includes and Makefile to make sure + the newer linuxefi patches apply and build properly. + + -- Mathieu Trudel-Lapierre Tue, 05 Mar 2019 17:05:09 -0500 + grub2 (2.02+dfsg1-12) unstable; urgency=medium [ Colin Watson ] @@ -275,6 +962,175 @@ grub2 (2.02+dfsg1-6) unstable; urgency=medium -- Colin Watson Tue, 28 Aug 2018 16:17:21 +0100 +grub2 (2.02+dfsg1-5ubuntu11) disco; urgency=medium + + [ Mathieu Trudel-Lapierre ] + * debian/grub-check-signatures: properly account for DB showing as empty on + some broken firmwares: Guard against mokutil --export --db failing, and do + a better job at finding the DER certs for conversion to PEM format. + (LP: #1814575) + + [ Steve Langasek ] + * debian/patches/quick-boot-lvm.patch: checking the return value of + 'lsefi' when the command doesn't exist does not do what's expected, so + instead check the value of $grub_platform which is simpler anyway. + LP: #1814403. + + -- Mathieu Trudel-Lapierre Mon, 04 Feb 2019 17:51:15 -0500 + +grub2 (2.02+dfsg1-5ubuntu10) disco; urgency=medium + + * debian/grub-check-signatures: check kernel signatures against keys known + in firmware, in case a kernel is signed but not using a key that will pass + validation, such as when using kernels coming from a PPA. (LP: #1789918) + + -- Mathieu Trudel-Lapierre Mon, 21 Jan 2019 09:34:36 -0500 + +grub2 (2.02+dfsg1-5ubuntu9) disco; urgency=medium + + [ Steve Langasek ] + * debian/patches/quick-boot-lvm.patch: If we don't have writable + grubenv and we're on EFI, always show the menu. Closes LP: #1800722. + + [ Mathieu Trudel-Lapierre ] + * debian/patches/mkconfig_leave_breadcrumbs.patch: make sure grub-mkconfig + leaves a trace of what files were sourced to help generate the config + we're building. + + -- Mathieu Trudel-Lapierre Mon, 07 Jan 2019 17:32:01 -0500 + +grub2 (2.02+dfsg1-5ubuntu8) cosmic; urgency=medium + + * debian/patches/grub-install-extra-removable.patch: install mmx64.efi to + the EFI removable path to avoid boot failures after install when certs + need to be enrolled and the system's firmware is confused. (LP: #1798171) + + -- Mathieu Trudel-Lapierre Wed, 17 Oct 2018 14:44:49 -0400 + +grub2 (2.02+dfsg1-5ubuntu7) cosmic; urgency=medium + + [ Steve Langasek ] + * debian/grub-common.install.in: install the systemd unit that's part of + initrd fallback handling, missed when the feature landed. + + [ Mathieu Trudel-Lapierre ] + * debian/rules: set DEFAULT_TIMEOUT to 0 if we've enabled FLICKER_FREE_BOOT, + to avoid unnecessary delay at boot time. (LP: #1784363) + + -- Mathieu Trudel-Lapierre Fri, 12 Oct 2018 11:10:10 -0400 + +grub2 (2.02+dfsg1-5ubuntu6) cosmic; urgency=medium + + [ Steve Langasek ] + * debian/grub-check-signatures: Handle the case where we have unsigned + vmlinuz and signed vmlinuz.efi.signed. (LP: #1788727) + + -- Mathieu Trudel-Lapierre Wed, 03 Oct 2018 14:59:05 -0400 + +grub2 (2.02+dfsg1-5ubuntu5) cosmic; urgency=medium + + [ Mathieu Trudel-Lapierre ] + * debian/patches/linuxefi_truncate_overlong_reloc_section.patch: The Windows + 7 bootloader has inconsistent headers; truncate to the smaller, correct + size to fix chainloading Windows 7. + + [ Steve Langasek ] + * debian/rules, debian/control: enable dh-systemd. + * debian/patches/add-initrd-less-boot-fallback.patch: add initrd-less + capabilities. If a kernel fails to boot without initrd, grub will fallback + to trying to boot the kernel with an initrd. Patch by Chris Glass. + + -- Mathieu Trudel-Lapierre Tue, 25 Sep 2018 16:05:13 -0400 + +grub2 (2.02+dfsg1-5ubuntu4) cosmic; urgency=medium + + * debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in + relocate_coff() causing issues with relocation of code in chainload. + (LP: #1792575) + + -- Mathieu Trudel-Lapierre Mon, 17 Sep 2018 07:45:49 -0400 + +grub2 (2.02+dfsg1-5ubuntu3) cosmic; urgency=medium + + * debian/patches/grub-reboot-warn.patch: Warn when "for the next + boot only" promise cannot be kept. (LP: #788298) + + -- dann frazier Thu, 13 Sep 2018 15:28:50 -0600 + +grub2 (2.02+dfsg1-5ubuntu2) cosmic; urgency=medium + + * debian/patches/add_ext_lfb_base_support.patch: i386/linux: Add support for + ext_lfb_base. (LP: #1785033) + + -- Mathieu Trudel-Lapierre Wed, 05 Sep 2018 14:29:04 -0400 + +grub2 (2.02+dfsg1-5ubuntu1) cosmic; urgency=medium + + [ Mathieu Trudel-Lapierre] + * Merge against Debian unstable; remaining changes: + - debian/control: Update Vcs fields for code location on Ubuntu. + - debian/control: Breaks shim (<< 13). + - Secure Boot support: use newer patchset from rhboot repo: + - many linuxefi_* patches added and modified + - dropped debian/patches/linuxefi_require_shim.patch + - renamed: debian/patches/no_insmod_on_sb.patch -> + debian/patches/linuxefi_no_insmod_on_sb.patch + - debian/patches/install_signed.patch, grub-install-extra-removable.patch: + - Make sure if we install shim; it should also be exported as the default + bootloader to install later to a removable path, if we do. + - Rework grub-install-extra-removable.patch to reverse its logic: in the + default case, install the bootloader to /EFI/BOOT, unless we're trying + to install on a removable device, or explicitly telling grub *not* to + do it. + - Move installing fb$arch.efi to --no-extra-removable; as we don't want + fallback to be installed unless we're also installing to /EFI/BOOT. + (LP: #1684341) + - Install a BOOT.CSV for fallback to use. + - Make sure postinst and templates know about the replacement of + --force-extra-removable with --no-extra-removable. + - debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the + --auto-nvram option to grub-install for auto-detecting NVRAM availability + before attempting NVRAM updates. + - debian/build-efi-images: provide a new grub EFI image which enforces that + loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is + the same as grub$arch.efi minus the 'linux' module. Without fallback to + 'linux' for unsigned loading, this makes it effectively enforce having a + signed kernel. (LP: #1401532) + - Verify that the current and newer kernels are signed when grub is + updated, to make sure people do not accidentally shutdown without a + signed kernel. + - debian/default/grub: replace GRUB_HIDDEN_* variables with the less + confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597) + - debian/patches/support_initrd-less_boot.patch: Added knobs to allow + non-initrd boot config. (LP: #1640878) + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the + number of entries/clutter from other OSes in Petitboot (LP: #1447500) + - debian/patches/shorter_version_info.patch: Only show the upstream version + in menu and console, and hide the package one in a package_version + variable. (LP: #1723434) + - debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the + 'text' payload if it's not supported but present in gfxpayload, such as + on EFI systems. (LP: #1711452) + - debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file + fizes as block sizes in bufio: this avoids potentially seeking back in + the files unnecessarily, which may require re-open files that cannot be + seeked into, such as via TFTP. (LP: #1743249) + * util/grub-install.c: Drop extra handling for x.efi.signed files for mok + and fallback binaries: shim now installs them without the .signed + extension. (LP: #1708245) + - debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and + the casting they do on some architectures: we don't want to fail build + because of some of the warnings that can show up since we otherwise build + with -Werror. + * debian/rules: shuffle files around for now to keep putting build artefacts + for signing at the same location as they were expected by Launchpad. + + [ Julian Andres Klode ] + * debian/patches/ofnet-init-structs-in-bootpath-parser.patch: initialize + structs in bootpath parser. Fixes netboot issues on ppc64el. (LP: #1785859) + + -- Mathieu Trudel-Lapierre Thu, 23 Aug 2018 15:00:14 -0400 + grub2 (2.02+dfsg1-5) unstable; urgency=medium [ Colin Watson ] @@ -371,6 +1227,171 @@ grub2 (2.02-3) unstable; urgency=medium -- Colin Watson Sat, 10 Feb 2018 03:00:30 +0000 +grub2 (2.02-2ubuntu13) cosmic; urgency=medium + + * debian/patches/tests_update_for_new_qemu.patch: update qemu options to + remove deprecated options that fail tests. + * debian/patches: fix up busted patches due to git-dpm: + - debian/patches/add-an-auto-nvram-option-to-grub-install.patch + - debian/patches/grub-shell-test-helper-disable-seabios-sercon.patch + * debian/patches/r_x86_64_plt32-is-like-r_x86_64_pc32.patch: For the purpose + of grub-mkimage, the R_X86_64_PLT32 relocation is basically the same as + R_X86_64_PC32. Make R_X86_64_PLT32 supported. + + -- Mathieu Trudel-Lapierre Thu, 19 Jul 2018 09:46:53 -0400 + +grub2 (2.02-2ubuntu12) cosmic; urgency=medium + + * debian/default/grub: replace GRUB_HIDDEN_* variables with the more concise + and less confusing GRUB_TIMEOUT_STYLE=hidden. (LP: #1258597) + + -- Mathieu Trudel-Lapierre Mon, 16 Jul 2018 14:18:46 -0400 + +grub2 (2.02-2ubuntu11) cosmic; urgency=medium + + * Verify that the current and newer kernels are signed when grub is updated, to + make sure people do not accidentally shutdown without a signed kernel. + + -- Julian Andres Klode Fri, 13 Jul 2018 15:21:48 +0200 + +grub2 (2.02-2ubuntu10) cosmic; urgency=medium + + * debian/patches/grub-shell-test-helper-disable-seabios-sercon.patch: In the + grub-shell test helper, disable seabios's serial console through fw_cfg + runtime configuration as its boot output interferes with testing. + (LP: #1775249) + + -- Łukasz 'sil2100' Zemczak Wed, 06 Jun 2018 01:03:26 +0200 + +grub2 (2.02-2ubuntu9) cosmic; urgency=medium + + * debian/patches/add-an-auto-nvram-option-to-grub-install.patch: Add the + --auto-nvram option to grub-install for auto-detecting NVRAM availability + before attempting NVRAM updates. + + -- Łukasz 'sil2100' Zemczak Tue, 05 Jun 2018 00:34:38 +0200 + +grub2 (2.02-2ubuntu8) bionic; urgency=medium + + * Drop debian/patches/mkconfig_keep_native_term_active.patch, which can + lead to flickering between graphical and text mode when traversing the + menu. (LP: #1752767) + * debian/patches/yylex-explicitly_cast_fprintf_to_void.patch: Fix FTBFS + with flex 2.6.4. + + -- dann frazier Sun, 04 Mar 2018 06:11:35 -0700 + +grub2 (2.02-2ubuntu7) bionic; urgency=medium + + [ Julian Andres Klode ] + * debian/patches/shorter_version_info.patch: Only show the upstream version + in menu and console, and hide the package one in a package_version + variable. (LP: #1723434) + + [ Mathieu Trudel-Lapierre ] + * debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the + 'text' payload if it's not supported but present in gfxpayload, such as + on EFI systems. (LP: #1711452) + + -- Mathieu Trudel-Lapierre Fri, 09 Feb 2018 16:30:45 -0500 + +grub2 (2.02-2ubuntu6) bionic; urgency=medium + + [ Steve Langasek ] + * debian/patches/bufio_sensible_block_sizes.patch: Don't use arbitrary file + fizes as block sizes in bufio: this avoids potentially seeking back in + the files unnecessarily, which may require re-open files that cannot be + seeked into, such as via TFTP. (LP: #1743249) + + -- Mathieu Trudel-Lapierre Mon, 05 Feb 2018 11:58:09 -0500 + +grub2 (2.02-2ubuntu5) bionic; urgency=medium + + * debian/patches/mkconfig_keep_native_term_active.patch: Keep the + default EFI console active while enabling gfxterm. (LP: #1743884) + + -- dann frazier Wed, 31 Jan 2018 10:51:11 -0700 + +grub2 (2.02-2ubuntu4) bionic; urgency=medium + + * debian/patches/vt_handoff.patch: modify the existing patch to set + vt.handoff=1 instead of vt.handoff=7 as we now start display managers on + vt1 anyway. This also fixes issues with netboot installed server systems + not displaying the login prompt on boot. (LP: #1675453) + + -- Łukasz 'sil2100' Zemczak Thu, 18 Jan 2018 18:32:31 +0100 + +grub2 (2.02-2ubuntu3) bionic; urgency=medium + + * util/grub-install.c: Drop extra handling for x.efi.signed files for mok + and fallback binaries: shim now installs them without the .signed + extension. (LP: #1708245) + * debian/control: Breaks shim (<< 13). + + -- Mathieu Trudel-Lapierre Wed, 17 Jan 2018 09:25:09 -0500 + +grub2 (2.02-2ubuntu2) bionic; urgency=medium + + * Cherry-pick upstream patch to change the default TSC calibration method + to pmtimer on EFI systems (LP: #1734278) + * debian/control: Update Vcs fields for code location on Ubuntu. + + -- Mathieu Trudel-Lapierre Tue, 05 Dec 2017 11:47:31 -0500 + +grub2 (2.02-2ubuntu1) bionic; urgency=medium + + * Merge with Debian; remaining changes: + - debian/patches/support_initrd-less_boot.patch: Added knobs to allow + non-initrd boot config. (LP: #1640878) + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the + number of entries/clutter from other OSes in Petitboot (LP: #1447500) + - debian/build-efi-images: provide a new grub EFI image which enforces that + loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is + the same as grub$arch.efi minus the 'linux' module. Without fallback to + 'linux' for unsigned loading, this makes it effectively enforce having a + signed kernel. (LP: #1401532) + - debian/patches/install_signed.patch, grub-install-extra-removable.patch: + - Make sure if we install shim; it should also be exported as the default + bootloader to install later to a removable path, if we do. + - Rework grub-install-extra-removable.patch to reverse its logic: in the + default case, install the bootloader to /EFI/BOOT, unless we're trying + to install on a removable device, or explicitly telling grub *not* to + do it. + - Move installing fb$arch.efi to --no-extra-removable; as we don't want + fallback to be installed unless we're also installing to /EFI/BOOT. + (LP: #1684341) + - Make sure postinst and templates know about the replacement of + --force-extra-removable with --no-extra-removable. + * Sync Secure Boot support patches with the upstream patch set from + rhboot/grub2:master-sb. Renamed some patches and updated descriptions for + the whole thing to make more sense, too: + - dropped debian/patches/linuxefi_require_shim.patch + - renamed: debian/patches/no_insmod_on_sb.patch -> + debian/patches/linuxefi_no_insmod_on_sb.patch + - debian/patches/linuxefi.patch + - debian/patches/linuxefi_debug.patch + - debian/patches/linuxefi_non_sb_fallback.patch + - debian/patches/linuxefi_add_sb_to_efi_chainload.patch + - debian/patches/linuxefi_cleanup_errors_in_loader.patch + - debian/patches/linuxefi_fix_efi_validation_race.patch + - debian/patches/linuxefi_handle_multiarch_boot.patch + - debian/patches/linuxefi_honor_sb_mode.patch + - debian/patches/linuxefi_move_fdt_helper.patch + - debian/patches/linuxefi_load_arm_with_sb.patch + - debian/patches/linuxefi_minor_cleanups.patch + - debian/patches/linuxefi_re-enable_linux_cmd.patch + - debian/patches/linuxefi_rework_linux16_cmd.patch + - debian/patches/linuxefi_rework_linux_cmd.patch + - debian/patches/linuxefi_rework_non-sb_efi_chainload.patch + - debian/patches/linuxefi_rework_pe_loading.patch + - debian/patches/linuxefi_use_dev_chainloader_target.patch + * debian/patches/dont-fail-efi-warnings.patch: handle linuxefi patches and + the casting they do on some architectures: we don't want to fail build + because of some of the warnings that can show up since we otherwise build + with -Werror. + + -- Mathieu Trudel-Lapierre Mon, 06 Nov 2017 15:37:12 -0500 + grub2 (2.02-2) unstable; urgency=medium * Comment out debian/watch lines for betas and pre-releases for now. @@ -407,6 +1428,92 @@ grub2 (2.02~beta3-5) unstable; urgency=medium -- Colin Watson Sat, 11 Feb 2017 15:09:19 +0000 +grub2 (2.02~beta3-4ubuntu7) artful; urgency=medium + + * debian/patches/headers_for_device_macros.patch, + debian/patches/fix_check_for_sys_macros.patch: make sure the right + device macro header is included and that the deprecation warning + is dealt with. LP: #1722955. + + -- Tiago Stürmer Daitx Thu, 12 Oct 2017 09:41:17 -0400 + +grub2 (2.02~beta3-4ubuntu6) artful; urgency=medium + + * debian/patches/mount-ext4-fs-with-crypto-enabled.patch: Allow grub to + mount an EXT4 partition that has the 'encrypt' feature enabled + (closes: 840204) + + -- Tyler Hicks Wed, 05 Jul 2017 22:23:03 +0000 + +grub2 (2.02~beta3-4ubuntu5) artful; urgency=medium + + * debian/patches/linuxefi.patch: fix double-free caused by an extra + grub_free() call in this patch (which the previous upload didn't change). + * debian/patches/linuxefi_rework_non-sb_cases.patch, + debian/patches/linuxefi_non_sb_fallback.patch: refreshed. + + -- Mathieu Trudel-Lapierre Mon, 29 May 2017 16:28:41 -0400 + +grub2 (2.02~beta3-4ubuntu4) artful; urgency=medium + + * debian/patches: Rework linuxefi/SecureBoot support and sync with upstream + SB patch set: + - linuxefi_arm_sb_support.patch: add Secure Boot support for arm for its + chainloader. + - linuxefi_fix_validation_race.patch: Fix a race in validating images. + - linuxefi_chainloader_path.patch: honor the starting path for grub, so + images do not need to be started from $root. + - linuxefi_chainloader_sb.patch: Fix some more issues in chainloader use + when Secure Boot is enabled. + - linuxefi_loaders_enforce_sb.patch: Enforce Secure Boot policy for all + loaders: don't load the commands when Secure Boot is enabled. + - linuxefi_re-enable_linux_cmd.patch: Since we rely on the linux and + initrd commands to automatically hand-off to linuxefi/initrdefi; re- + enable the linux loader. + - linuxefi_chainloader_pe_fixes.patch: PE parsing fixes for chainloading + "special" PE images, such as Windows'. + - linuxefi_rework_non-sb_cases.patch: rework cases where Secure Boot is + disabled or shim validation is disabled so loading works as EFI binaries + when it is supposed to. + - Removed linuxefi_require_shim.patch; superseded by the above. + + -- Mathieu Trudel-Lapierre Thu, 11 May 2017 17:05:04 -0400 + +grub2 (2.02~beta3-4ubuntu3) artful; urgency=medium + + * debian/patches/install_signed.patch, grub-install-extra-removable.patch: + - Make sure if we install shim; it should also be exported as the default + bootloader to install later to a removable path, if we do. + - Rework grub-install-extra-removable.patch to reverse its logic: in the + default case, install the bootloader to /EFI/BOOT, unless we're trying + to install on a removable device, or explicitly telling grub *not* to + do it. + - Move installing fb$arch.efi to --no-extra-removable; as we don't want + fallback to be installed unless we're also installing to /EFI/BOOT. + (LP: #1684341) + + -- Mathieu Trudel-Lapierre Wed, 26 Apr 2017 21:08:22 -0400 + +grub2 (2.02~beta3-4ubuntu2) zesty; urgency=medium + + * debian/build-efi-images: provide a new grub EFI image which enforces that + loaded kernels are signed for Secure Boot: build gsb$arch.efi; which is + the same as grub$arch.efi minus the 'linux' module. Without fallback to + 'linux' for unsigned loading, this makes it effectively enforce having a + signed kernel. (LP: #1401532) + + -- Mathieu Trudel-Lapierre Thu, 30 Mar 2017 17:45:23 -0400 + +grub2 (2.02~beta3-4ubuntu1) zesty; urgency=medium + + * Merge with Debian; remaining changes: + - debian/patches/support_initrd-less_boot.patch: Added knobs to allow + non-initrd boot config. (LP: #1640878) + - Disable os-prober for ppc64el on the PowerNV platform, to reduce the + number of entries/clutter from other OSes in Petitboot (LP: #1447500) + + -- dann frazier Thu, 09 Feb 2017 10:06:57 -0700 + grub2 (2.02~beta3-4) unstable; urgency=medium [ Colin Watson ] diff --git a/debian/control b/debian/control index 85d71e29d..1cf71058b 100644 --- a/debian/control +++ b/debian/control @@ -1,11 +1,15 @@ Source: grub2 Section: admin Priority: optional -Maintainer: GRUB Maintainers +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: GRUB Maintainers Uploaders: Felix Zielcke , Jordi Mallach , Colin Watson , Ian Campbell , Steve McIntyre <93sam@debian.org> Build-Depends: debhelper (>= 10~), patchutils, - python, + dh-autoreconf, + dh-systemd, + automake, + python3, flex, bison, po-debconf, @@ -26,19 +30,19 @@ Build-Depends: debhelper (>= 10~), libfuse-dev (>= 2.8.4-1.4) [linux-any kfreebsd-any], ttf-dejavu-core, liblzma-dev, + liblzo2-dev, dosfstools [any-i386 any-amd64 any-arm64], mtools [any-i386 any-amd64 any-arm64], wamerican, libparted-dev [any-powerpc any-ppc64 any-ppc64el], pkg-config, bash-completion, - libefiboot-dev [any-i386 any-amd64 any-ia64 any-arm any-arm64], - libefivar-dev [any-i386 any-amd64 any-ia64 any-arm any-arm64], -Build-Conflicts: autoconf2.13, libzfs-dev, libnvpair-dev + libefiboot-dev [any-linux-i386 any-linux-amd64 any-linux-ia64 any-linux-arm any-linux-arm64], + libefivar-dev [any-linux-i386 any-linux-amd64 any-linux-ia64 any-linux-arm any-linux-arm64], Standards-Version: 3.9.6 Homepage: https://www.gnu.org/software/grub/ -Vcs-Git: https://salsa.debian.org/grub-team/grub.git -Vcs-Browser: https://salsa.debian.org/grub-team/grub +Vcs-Git: https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu +Vcs-Browser: https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu Rules-Requires-Root: no Package: grub2 @@ -64,7 +68,7 @@ Package: grub-efi Section: oldlibs Architecture: any-i386 any-amd64 Pre-Depends: ${misc:Pre-Depends} -Depends: ${misc:Depends}, grub-efi-ia32 (= ${binary:Version}) [any-i386], grub-efi-amd64 (= ${binary:Version}) [any-amd64] +Depends: ${misc:Depends}, grub-efi-ia32 (= ${binary:Version}) [any-i386], grub-efi-amd64 (>= ${binary:Version}) [any-amd64] Multi-Arch: foreign Description: GRand Unified Bootloader, version 2 (dummy package) This is a dummy transitional package that depends on either grub-efi-ia32 or @@ -73,6 +77,7 @@ Description: GRand Unified Bootloader, version 2 (dummy package) Package: grub-common Architecture: any +Built-Using: ${Built-Using} Depends: ${shlibs:Depends}, ${misc:Depends}, gettext-base, ${lsb-base-depends} Replaces: grub-pc (<< 2.00-4), grub-ieee1275 (<< 2.00-4), grub-efi (<< 1.99-1), grub-coreboot (<< 2.00-4), grub-linuxbios (<< 1.96+20080831-1), grub-efi-ia32 (<< 2.00-4), grub-efi-amd64 (<< 2.00-4), grub-efi-ia64 (<< 2.00-4), grub-yeeloong (<< 2.00-4), init-select Recommends: os-prober (>= 1.33) @@ -92,9 +97,9 @@ Package: grub2-common # of the package is not very useful in a utilities-only build. Architecture: any-i386 any-amd64 any-powerpc any-ppc64 any-ppc64el any-sparc any-sparc64 any-mipsel any-ia64 any-arm any-arm64 Depends: grub-common (= ${binary:Version}), dpkg (>= 1.15.4) | install-info, ${shlibs:Depends}, ${misc:Depends} -Replaces: grub, grub-legacy, ${legacy-doc-br}, grub-common (<< 1.99-1), grub-pc (<< 2.02+dfsg1-7), grub-coreboot (<< 2.02+dfsg1-7), grub-efi-ia32 (<< 2.02+dfsg1-7), grub-efi-amd64 (<< 2.02+dfsg1-7), grub-efi-ia64 (<< 2.02+dfsg1-7), grub-efi-arm (<< 2.02+dfsg1-7), grub-efi-arm64 (<< 2.02+dfsg1-7), grub-ieee1275 (<< 2.02+dfsg1-7), grub-uboot (<< 2.02+dfsg1-7), grub-xen (<< 2.02+dfsg1-7), grub-yeeloong (<< 2.02+dfsg1-7), grub-cloud-amd64 (<< 0.0.4) +Replaces: grub, grub-legacy, ${legacy-doc-br}, grub-common (<< 1.99-1), grub-pc (<< 2.02+dfsg1-7), grub-coreboot (<< 2.02+dfsg1-7), grub-efi-ia32 (<< 2.02+dfsg1-7), grub-efi-amd64 (<< 2.04-1ubuntu44.2~), grub-efi-ia64 (<< 2.02+dfsg1-7), grub-efi-arm (<< 2.02+dfsg1-7), grub-efi-arm64 (<< 2.04-1ubuntu44.2~), grub-ieee1275 (<< 2.02+dfsg1-7), grub-uboot (<< 2.02+dfsg1-7), grub-xen (<< 2.02+dfsg1-7), grub-yeeloong (<< 2.02+dfsg1-7), grub-cloud-amd64 (<< 0.0.4) Conflicts: grub-legacy -Breaks: grub (<< 0.97-54), ${legacy-doc-br}, shim (<< 0.9+1474479173.6c180c6-0ubuntu1~), grub-pc (<< 2.02+dfsg1-7), grub-coreboot (<< 2.02+dfsg1-7), grub-efi-ia32 (<< 2.02+dfsg1-7), grub-efi-amd64 (<< 2.02+dfsg1-7), grub-efi-ia64 (<< 2.02+dfsg1-7), grub-efi-arm (<< 2.02+dfsg1-7), grub-efi-arm64 (<< 2.02+dfsg1-7), grub-ieee1275 (<< 2.02+dfsg1-7), grub-uboot (<< 2.02+dfsg1-7), grub-xen (<< 2.02+dfsg1-7), grub-yeeloong (<< 2.02+dfsg1-7), grub-cloud-amd64 (<< 0.0.4) +Breaks: grub (<< 0.97-54), ${legacy-doc-br}, shim (<< 13), grub-pc (<< 2.02+dfsg1-7), grub-coreboot (<< 2.02+dfsg1-7), grub-efi-ia32 (<< 2.02+dfsg1-7), grub-efi-amd64 (<< 2.04-1ubuntu44.2), grub-efi-ia64 (<< 2.02+dfsg1-7), grub-efi-arm (<< 2.02+dfsg1-7), grub-efi-arm64 (<< 2.04-1ubuntu44.2), grub-ieee1275 (<< 2.02+dfsg1-7), grub-uboot (<< 2.02+dfsg1-7), grub-xen (<< 2.02+dfsg1-7), grub-yeeloong (<< 2.02+dfsg1-7), grub-cloud-amd64 (<< 0.0.4) Multi-Arch: foreign Description: GRand Unified Bootloader (common files for version 2) This package contains common files shared by the distinct flavours of GRUB. diff --git a/debian/gettext-patches/0001-Support-POTFILES-shell.patch b/debian/gettext-patches/0001-Support-POTFILES-shell.patch new file mode 100644 index 000000000..5a5d1ec00 --- /dev/null +++ b/debian/gettext-patches/0001-Support-POTFILES-shell.patch @@ -0,0 +1,54 @@ +From d5bbd8f60aacb0f73ea5a0bde999152c467d0e78 Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Sun, 1 Mar 2020 11:57:58 +0000 +Subject: [PATCH 1/4] Support POTFILES-shell + +--- + gettext-runtime/po/Makefile.in.in | 24 ++++++++++++++++++++++-- + 1 file changed, 22 insertions(+), 2 deletions(-) + +diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in +index fabdc76c9..32e9323d3 100644 +--- a/gettext-runtime/po/Makefile.in.in ++++ b/gettext-runtime/po/Makefile.in.in +@@ -142,7 +142,7 @@ stamp-po: $(srcdir)/$(DOMAIN).pot + # The determination of whether the package xyz is a GNU one is based on the + # heuristic whether some file in the top level directory mentions "GNU xyz". + # If GNU 'find' is available, we avoid grepping through monster files. +-$(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in remove-potcdate.sed ++$(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in $(srcdir)/POTFILES-shell.in remove-potcdate.sed + if { if (LC_ALL=C find --version) 2>/dev/null | grep GNU >/dev/null; then \ + LC_ALL=C find -L $(top_srcdir) -maxdepth 1 -type f -size -10000000c -exec grep 'GNU @PACKAGE@' /dev/null '{}' ';' 2>/dev/null; \ + else \ +@@ -175,7 +175,27 @@ $(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in remove-potcdate.sed + --package-version='@VERSION@' \ + --msgid-bugs-address="$$msgid_bugs_address" \ + ;; \ +- esac ++ esac; \ ++ case `$(XGETTEXT) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \ ++ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-5] | 0.1[0-5].* | 0.16 | 0.16.[0-1]*) \ ++ $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \ ++ --add-comments=TRANSLATORS: @XGETTEXT_EXTRA_OPTIONS@ \ ++ --files-from=$(srcdir)/POTFILES-shell.in \ ++ --copyright-holder='$(COPYRIGHT_HOLDER)' \ ++ --msgid-bugs-address="$$msgid_bugs_address" \ ++ --join-existing --language=Shell --keyword=gettext_quoted \ ++ ;; \ ++ *) \ ++ $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \ ++ --add-comments=TRANSLATORS: @XGETTEXT_EXTRA_OPTIONS@ \ ++ --files-from=$(srcdir)/POTFILES-shell.in \ ++ --copyright-holder='$(COPYRIGHT_HOLDER)' \ ++ --package-name="$${package_gnu}@PACKAGE@" \ ++ --package-version='@VERSION@' \ ++ --msgid-bugs-address="$$msgid_bugs_address" \ ++ --join-existing --language=Shell --keyword=gettext_quoted \ ++ ;; \ ++ esac; \ + test ! -f $(DOMAIN).po || { \ + if test -f $(srcdir)/$(DOMAIN).pot; then \ + sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \ +-- +2.17.1 + diff --git a/debian/gettext-patches/0002-Handle-gettext_printf-shell-function.patch b/debian/gettext-patches/0002-Handle-gettext_printf-shell-function.patch new file mode 100644 index 000000000..2767ed65e --- /dev/null +++ b/debian/gettext-patches/0002-Handle-gettext_printf-shell-function.patch @@ -0,0 +1,46 @@ +From fd17c51f2e6c87427679fbdfb5f6224ff48795db Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Sun, 1 Mar 2020 12:00:41 +0000 +Subject: [PATCH 2/4] Handle gettext_printf shell function + +Extract gettext_printf arguments. + +Run grub.d.sed over strings extracted from util/grub.d/, in order to set +c-format flags (xgettext refuses to include these itself for strings it +extracted from a shell file, but these really are c-format). +--- + gettext-runtime/po/Makefile.in.in | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in +index 32e9323d3..32e0c99a2 100644 +--- a/gettext-runtime/po/Makefile.in.in ++++ b/gettext-runtime/po/Makefile.in.in +@@ -183,7 +183,8 @@ $(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in $(srcdir)/POTFILES-shell + --files-from=$(srcdir)/POTFILES-shell.in \ + --copyright-holder='$(COPYRIGHT_HOLDER)' \ + --msgid-bugs-address="$$msgid_bugs_address" \ +- --join-existing --language=Shell --keyword=gettext_quoted \ ++ --join-existing --language=Shell \ ++ --keyword=gettext_quoted --keyword=gettext_printf \ + ;; \ + *) \ + $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \ +@@ -193,10 +194,13 @@ $(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in $(srcdir)/POTFILES-shell + --package-name="$${package_gnu}@PACKAGE@" \ + --package-version='@VERSION@' \ + --msgid-bugs-address="$$msgid_bugs_address" \ +- --join-existing --language=Shell --keyword=gettext_quoted \ ++ --join-existing --language=Shell \ ++ --keyword=gettext_quoted --keyword=gettext_printf \ + ;; \ + esac; \ + test ! -f $(DOMAIN).po || { \ ++ sed -f grub.d.sed < $(DOMAIN).po > $(DOMAIN).1po && \ ++ mv $(DOMAIN).1po $(DOMAIN).po; \ + if test -f $(srcdir)/$(DOMAIN).pot; then \ + sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \ + sed -f remove-potcdate.sed < $(DOMAIN).po > $(DOMAIN).2po && \ +-- +2.17.1 + diff --git a/debian/gettext-patches/0003-Make-msgfmt-output-in-little-endian.patch b/debian/gettext-patches/0003-Make-msgfmt-output-in-little-endian.patch new file mode 100644 index 000000000..414161133 --- /dev/null +++ b/debian/gettext-patches/0003-Make-msgfmt-output-in-little-endian.patch @@ -0,0 +1,34 @@ +From 156c523e2945c9b43c5500fb93988b0dd2f08d75 Mon Sep 17 00:00:00 2001 +From: Vladimir Serbinenko +Date: Sun, 1 Mar 2020 12:09:25 +0000 +Subject: [PATCH 3/4] Make msgfmt output in little-endian + +GRUB expects this. +--- + gettext-runtime/po/Makefile.in.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in +index 32e0c99a2..f3ef54c39 100644 +--- a/gettext-runtime/po/Makefile.in.in ++++ b/gettext-runtime/po/Makefile.in.in +@@ -84,13 +84,13 @@ CATALOGS = @CATALOGS@ + + .po.mo: + @echo "$(MSGFMT) -c -o $@ $<"; \ +- $(MSGFMT) -c -o t-$@ $< && mv t-$@ $@ ++ $(MSGFMT) --endianness=little -c -o t-$@ $< && mv t-$@ $@ + + .po.gmo: + @lang=`echo $* | sed -e 's,.*/,,'`; \ + test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \ +- echo "$${cdcmd}rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics --verbose -o $${lang}.gmo $${lang}.po"; \ +- cd $(srcdir) && rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics --verbose -o t-$${lang}.gmo $${lang}.po && mv t-$${lang}.gmo $${lang}.gmo ++ echo "$${cdcmd}rm -f $${lang}.gmo && $(GMSGFMT) --endianness=little -c --statistics --verbose -o $${lang}.gmo $${lang}.po"; \ ++ cd $(srcdir) && rm -f $${lang}.gmo && $(GMSGFMT) --endianness=little -c --statistics --verbose -o t-$${lang}.gmo $${lang}.po && mv t-$${lang}.gmo $${lang}.gmo + + .sin.sed: + sed -e '/^#/d' $< > t-$@ +-- +2.17.1 + diff --git a/debian/gettext-patches/0004-Use-SHELL-rather-than-bin-sh.patch b/debian/gettext-patches/0004-Use-SHELL-rather-than-bin-sh.patch new file mode 100644 index 000000000..790521d3f --- /dev/null +++ b/debian/gettext-patches/0004-Use-SHELL-rather-than-bin-sh.patch @@ -0,0 +1,26 @@ +From f36f12e77798223ee7ee882c0d09e0e63db11454 Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Sun, 1 Mar 2020 12:14:07 +0000 +Subject: [PATCH 4/4] Use @SHELL rather than /bin/sh + +/bin/sh might not exist. +--- + gettext-runtime/po/Makefile.in.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gettext-runtime/po/Makefile.in.in b/gettext-runtime/po/Makefile.in.in +index f3ef54c39..285a55a9d 100644 +--- a/gettext-runtime/po/Makefile.in.in ++++ b/gettext-runtime/po/Makefile.in.in +@@ -16,7 +16,7 @@ VERSION = @VERSION@ + PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ + + SED = @SED@ +-SHELL = /bin/sh ++SHELL = @SHELL@ + @SET_MAKE@ + + srcdir = @srcdir@ +-- +2.17.1 + diff --git a/debian/grub-check-signatures b/debian/grub-check-signatures new file mode 100755 index 000000000..edc171e17 --- /dev/null +++ b/debian/grub-check-signatures @@ -0,0 +1,136 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule + +# Check if we are on an EFI system +efivars=/sys/firmware/efi/efivars +secureboot_var=SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c +moksbstatert_var=MokSBStateRT-605dab50-e046-4300-abb6-3dd810dd8b23 +tmpdir=$(mktemp -d) + +on_secure_boot() { + # Validate any queued actions before we go try to do them. + local moksbstatert=0 + + if ! [ -d $efivars ]; then + return 1 + fi + + if ! [ -f $efivars/$secureboot_var ] \ + || [ "$(od -An -t u1 $efivars/$secureboot_var | awk '{ print $NF }')" -ne 1 ] + then + return 1 + fi + + if [ -f /proc/sys/kernel/moksbstate_disabled ]; then + moksbstatert=$(cat /proc/sys/kernel/moksbstate_disabled 2>/dev/null || echo 0) + elif [ -f $efivars/$moksbstatert_var ]; then + # MokSBStateRT set to 1 means validation is disabled + moksbstatert=$(od -An -t u1 $efivars/$moksbstatert_var | \ + awk '{ print $NF; }') + fi + + if [ $moksbstatert -eq 1 ]; then + return 1 + fi + + return 0 +} + +# Retrieve the keys we do trust from PK, DB, KEK, and MokList. +extract_known_keys() { + # Make the Canonical CA cert available for validation too; in case + # MokListRT is empty due to a bug. + cp /usr/share/grub/canonical-uefi-ca.crt $tmpdir + + # Extract known UEFI certs from firmware variables + ( cd $tmpdir; \ + mokutil --export --db >/dev/null 2>/dev/null; \ + mokutil --export --mok >/dev/null 2>/dev/null; ) + find $tmpdir -name "*.der" -exec openssl x509 -inform der -in {} -outform pem -out {}.crt \; +} + +# Check if a given kernel image is signed +is_signed() { + kernel=$1 + tmp=$(mktemp) + kernel_tmp=$(mktemp) + if zcat $kernel > $kernel_tmp 2>/dev/null; then + kernel=$kernel_tmp + fi + sbattach --detach $tmp $kernel >/dev/null 2>/dev/null # that's ugly... + test "$(wc -c < $tmp)" -ge 16 # Just _some_ minimum size + result=$? + if [ $result -eq 0 ]; then + sig_subject=$(openssl pkcs7 -inform der -in $tmp -print_certs | openssl x509 -noout -text | grep Subject: ) + fi + rm $tmp + if [ $result -eq 0 ]; then + for crtfile in $tmpdir/*.crt; do + sbverify --cert $crtfile $kernel >/dev/null 2>/dev/null + result=$? + if [ $result -eq 0 ]; then + rm "$kernel_tmp" + return $result; + fi + done + echo "$1 is signed, but using an unknown key:" >&2 + echo "$sig_subject" >&2 + else + echo "$1 is unsigned." >&2 + fi + rm "$kernel_tmp" + return $result +} + +# Check that our current kernel and every newer one is signed +find_unsigned() { + uname_r="$(uname -r)" + for kernel in $(ls -1 /boot/vmlinuz-* | sort -V -r); do + # no kernels :( + if [ "$kernel" = "/boot/vmlinuz-*" ]; then + break + fi + this_uname_r="$(echo "$kernel" | sed -r 's#^/boot/vmlinuz-(.*)#\1#; s#\.efi\.signed$##')" + if dpkg --compare-versions "$this_uname_r" lt "$uname_r"; then + continue + fi + if [ -e "$kernel.efi.signed" ]; then + continue + fi + if ! is_signed $kernel; then + echo "$this_uname_r" + fi + done +} + +# Only reached from show_warning +error() { + echo "E: Your kernels are not signed with a key known to your firmware. This system will fail to boot in a Secure Boot environment." >&2 + exit 1 +} + +# Either shows a debconf note or prints an error with error() above if +# that fails +show_warning() { + # kernels should be an indented list of one version per line + escaped="$(printf "%s" "$unsigned" | sed "s#^# #" | debconf-escape -e )" + db_capb escape + db_settitle grub2/unsigned_kernels_title || error + db_fset grub2/unsigned_kernels seen 0 || error + db_subst grub2/unsigned_kernels unsigned_versions "$escaped" || error + db_input critical grub2/unsigned_kernels || error + db_go || error + error +} + +if on_secure_boot; then + extract_known_keys + unsigned="$(find_unsigned)" + if [ -n "$unsigned" ]; then + show_warning "$unsigned" + fi + rm -rf "$tmpdir" +fi diff --git a/debian/grub-common.dirs b/debian/grub-common.dirs index 3d70df437..832239c90 100644 --- a/debian/grub-common.dirs +++ b/debian/grub-common.dirs @@ -1,2 +1,3 @@ usr/sbin var/lib/grub/ucf +var/lib/grub/esp diff --git a/debian/grub-common.install.in b/debian/grub-common.install.in index 420a61e2e..6c5c9f008 100644 --- a/debian/grub-common.install.in +++ b/debian/grub-common.install.in @@ -1,6 +1,9 @@ ../../debian/apport/source_grub2.py usr/share/apport/package-hooks/ ../../debian/grub.d etc ../../debian/init-select.cfg etc/default/grub.d +../../debian/grub-check-signatures usr/share/grub/ +../../debian/grub-multi-install usr/lib/grub/ +../../debian/canonical-uefi-ca.crt usr/share/grub/ etc/grub.d usr/bin/grub-editenv @@ -20,6 +23,7 @@ usr/bin/grub-mkstandalone usr/bin/grub-render-label usr/bin/grub-script-check usr/bin/grub-syslinux2cfg +usr/lib/systemd/system/grub-initrd-fallback.service lib/systemd/system usr/sbin/grub-macbless usr/sbin/grub-mkconfig usr/sbin/grub-mkdevicemap diff --git a/debian/grub-common.service b/debian/grub-common.service new file mode 100644 index 000000000..fcf5474a0 --- /dev/null +++ b/debian/grub-common.service @@ -0,0 +1,15 @@ +[Unit] +Description=Record successful boot for GRUB +After=sleep.target +ConditionPathExists=/boot/grub/grub.cfg + +[Service] +Type=oneshot +Restart=no +ExecStartPre=/bin/sh -c '[ -s /boot/grub/grubenv ] || rm -f /boot/grub/grubenv; mkdir -p /boot/grub' +ExecStart=grub-editenv /boot/grub/grubenv unset recordfail +ExecStartPost=/bin/sh -c 'if grub-editenv /boot/grub/grubenv list | grep -q initrdless_boot_fallback_triggered=1; then echo "grub: GRUB_FORCE_PARTUUID set, initrdless boot paniced, fallback triggered."; fi' +StandardOutput=kmsg + +[Install] +WantedBy=multi-user.target sleep.target diff --git a/debian/grub-common.templates b/debian/grub-common.templates new file mode 100644 index 000000000..c75e5d312 --- /dev/null +++ b/debian/grub-common.templates @@ -0,0 +1,53 @@ +Template: grub-efi/install_devices +Type: multiselect +Choices-C: ${RAW_CHOICES} +Choices: ${CHOICES} +_Description: GRUB EFI system partitions: + The grub-efi package is being upgraded. This menu allows you to select which + EFI system partions you'd like grub-install to be automatically run for, if any. + . + Running grub-install automatically is recommended in most situations, to + prevent the installed GRUB core image from getting out of sync with GRUB + modules or grub.cfg. + +Template: grub-efi/install_devices_disks_changed +Type: multiselect +Choices-C: ${RAW_CHOICES} +Choices: ${CHOICES} +_Description: GRUB install devices: + The GRUB boot loader was previously installed to a disk that is no longer + present, or whose unique identifier has changed for some reason. It is + important to make sure that the installed GRUB core image stays in sync + with GRUB modules and grub.cfg. Please check again to make sure that GRUB + is written to the appropriate boot devices. + +Template: grub-efi/partition_description +Type: text +_Description: ${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL} + +Template: grub-efi/install_devices_failed +Type: boolean +Default: false +#flag:translate!:3 +_Description: Writing GRUB to boot device failed - continue? + GRUB failed to install to the following devices: + . + ${FAILED_DEVICES} + . + Do you want to continue anyway? If you do, your computer may not start up + properly. + +Template: grub-efi/install_devices_empty +Type: boolean +Default: false +_Description: Continue without installing GRUB? + You chose not to install GRUB to any devices. If you continue, the boot + loader may not be properly configured, and when this computer next starts + up it will use whatever was previously configured. If there is an + earlier version of GRUB 2 in the EFI system partition, it may be unable to load + modules or handle the current configuration file. + . + If you are already using a different boot loader and want to carry on + doing so, or if this is a special environment where you do not need a boot + loader, then you should continue anyway. Otherwise, you should install + GRUB somewhere. diff --git a/debian/grub-extras/915resolution/.bzrignore b/debian/grub-extras/915resolution/.bzrignore deleted file mode 100644 index 9419894ae..000000000 --- a/debian/grub-extras/915resolution/.bzrignore +++ /dev/null @@ -1,3 +0,0 @@ -**/.deps-core -**/.dirstamp -Makefile.core.am diff --git a/debian/grub-extras/disabled/gpxe/.bzrignore b/debian/grub-extras/disabled/gpxe/.bzrignore deleted file mode 100644 index 9419894ae..000000000 --- a/debian/grub-extras/disabled/gpxe/.bzrignore +++ /dev/null @@ -1,3 +0,0 @@ -**/.deps-core -**/.dirstamp -Makefile.core.am diff --git a/debian/grub-extras/disabled/zfs/.bzrignore b/debian/grub-extras/disabled/zfs/.bzrignore deleted file mode 100644 index f1d6c22e3..000000000 --- a/debian/grub-extras/disabled/zfs/.bzrignore +++ /dev/null @@ -1,5 +0,0 @@ -**/.deps-core -**/.deps-util -**/.dirstamp -Makefile.core.am -Makefile.util.am diff --git a/debian/grub-extras/lua/.bzrignore b/debian/grub-extras/lua/.bzrignore deleted file mode 100644 index 9419894ae..000000000 --- a/debian/grub-extras/lua/.bzrignore +++ /dev/null @@ -1,3 +0,0 @@ -**/.deps-core -**/.dirstamp -Makefile.core.am diff --git a/debian/grub-extras/ntldr-img/.bzrignore b/debian/grub-extras/ntldr-img/.bzrignore deleted file mode 100644 index 9419894ae..000000000 --- a/debian/grub-extras/ntldr-img/.bzrignore +++ /dev/null @@ -1,3 +0,0 @@ -**/.deps-core -**/.dirstamp -Makefile.core.am diff --git a/debian/grub-multi-install b/debian/grub-multi-install new file mode 100755 index 000000000..5c2ad09b0 --- /dev/null +++ b/debian/grub-multi-install @@ -0,0 +1,419 @@ +#!/bin/bash +# +# Install to multiple ESPs + +set -e + +# Most of this is copy-paste from grub postinst, sigh. + +. /usr/share/debconf/confmodule + +# shamelessly stolen from ucf: +# +# Load our templates, just in case our template has +# not been loaded or the Debconf DB lost or corrupted +# since then. +db_x_loadtemplatefile "$(dpkg-query --control-path grub-common templates)" grub-common + +############################################################################### +# COPY FROM POSTINST +############################################################################### +# This only works on a Linux system with udev running. This is probably the +# vast majority of systems where we need any of this, though, and we fall +# back reasonably gracefully if we don't have it. +cached_available_ids= +available_ids() +{ + local id path + + if [ "$cached_available_ids" ]; then + echo "$cached_available_ids" + return + fi + + [ -d /dev/disk/by-id ] || return + cached_available_ids="$( + for path in /dev/disk/by-id/*; do + [ -e "$path" ] || continue + printf '%s %s\n' "$path" "$(readlink -f "$path")" + done | sort -k2 -s -u | cut -d' ' -f1 + )" + echo "$cached_available_ids" +} + +# Returns non-zero and no output if no mapping can be found. +device_to_id() +{ + local id + for id in $(available_ids); do + if [ "$(readlink -f "$id")" = "$(readlink -f "$1")" ]; then + echo "$id" + return 0 + fi + done + # Fall back to the plain device name if there's no by-id link for it. + if [ -e "$1" ]; then + echo "$1" + return 0 + fi + return 1 +} + +# for Linux +sysfs_size() +{ + local num_sectors sector_size size + # Try to find out the size without relying on a partitioning tool being + # installed. This isn't too hard on Linux 2.6 with sysfs, but we have to + # try a couple of variants on detection of the sector size. + if [ -e "$1/size" ]; then + num_sectors="$(cat "$1/size")" + sector_size=512 + if [ -e "$1/queue/logical_block_size" ]; then + sector_size="$(cat "$1/queue/logical_block_size")" + elif [ -e "$1/queue/hw_sector_size" ]; then + sector_size="$(cat "$1/queue/hw_sector_size")" + fi + size="$(expr "$num_sectors" \* "$sector_size" / 1000 / 1000)" + fi + [ "$size" ] || size='???' + echo "$size" +} + +# for kFreeBSD +camcontrol_size() +{ + local num_sectors sector_size size= + + if num_sectors="$(camcontrol readcap "$1" -q -s -N)"; then + sector_size="$(camcontrol readcap "$1" -q -b)" + size="$(expr "$num_sectors" \* "$sector_size" / 1000 / 1000)" + fi + + [ "$size" ] || size='???' + echo "$size" +} + +maybe_udevadm() +{ + if which udevadm >/dev/null 2>&1; then + udevadm "$@" || true + fi +} + +# Parse /proc/mounts and find out the mount for the given device. +# The device must be a real device in /dev, not a symlink to one. +get_mounted_device() +{ + mountpoint="$1" + cat /proc/mounts | while read -r line; do + set -f + set -- $line + set +f + if [ "$2" = "$mountpoint" ]; then + echo "$1" + break + fi + done +} + +############################################################################### +# New or modified helpers +############################################################################### + +# Fixed: Return nothing if the argument is empty +get_mountpoint() +{ + local relpath boot_mountpoint + + if [ -z "$1" ]; then + return + fi + + relpath="$(grub-mkrelpath "$1")" + boot_mountpoint="${1#$relpath}" + echo "${boot_mountpoint:-/}" +} + + +# Returns value in $RET, like a debconf command. +# +# Merged version of describe_disk and describe_partition, as disks can't be +# valid ESPs on their own, so we can't render them as an entry. +describe_efi_system_partition() +{ + local disk part id path sysfs_path diskbase partbase size + local disk_basename disk_size model + disk="$1" + part="$2" + id="$3" + path="$4" + + # BEGIN: Stolen from describe_disk + model= + case $(uname -s) in + Linux) + sysfs_path="$(maybe_udevadm info -n "$disk" -q path)" + if [ -z "$sysfs_path" ]; then + sysfs_path="/block/$(printf %s "${disk#/dev/}" | sed 's,/,!,g')" + fi + disk_size="$(sysfs_size "/sys$sysfs_path")" + + model="$(maybe_udevadm info -n "$disk" -q property | sed -n 's/^ID_MODEL=//p')" + if [ -z "$model" ]; then + model="$(maybe_udevadm info -n "$disk" -q property | sed -n 's/^DM_NAME=//p')" + if [ -z "$model" ]; then + model="$(maybe_udevadm info -n "$disk" -q property | sed -n 's/^MD_NAME=//p')" + if [ -z "$model" ] && which dmsetup >/dev/null 2>&1; then + model="$(dmsetup info -c --noheadings -o name "$disk" 2>/dev/null || true)" + fi + fi + fi + ;; + GNU/kFreeBSD) + disk_basename=$(basename "$disk") + disk_size="$(camcontrol_size "$disk_basename")" + model="$(camcontrol inquiry "$disk_basename" | sed -ne "s/^pass0: <\([^>]*\)>.*/\1/p")" + ;; + esac + + [ "$model" ] || model='???' + + # END: Stolen from describe_disk + + sysfs_path="$(maybe_udevadm info -n "$part" -q path)" + if [ -z "$sysfs_path" ]; then + diskbase="${disk#/dev/}" + diskbase="$(printf %s "$diskbase" | sed 's,/,!,g')" + partbase="${part#/dev/}" + partbase="$(printf %s "$partbase" | sed 's,/,!,g')" + sysfs_path="/block/$diskbase/$partbase" + fi + size="$(sysfs_size "/sys$sysfs_path")" + + db_subst grub-efi/partition_description DEVICE "$part" + db_subst grub-efi/partition_description SIZE "$size" + db_subst grub-efi/partition_description PATH "$path" + db_subst grub-efi/partition_description DISK_MODEL "$model" + db_subst grub-efi/partition_description DISK_SIZE "$disk_size" + db_metaget grub-efi/partition_description description +} + + +# Parse /proc/mounts and find out the mount for the given device. +# The device must be a real device in /dev, not a symlink to one. +find_mount_point() +{ + real_device="$1" + cat /proc/mounts | while read -r line; do + set -f + set -- $line + set +f + if [ "$1" = "$real_device" -a "$3" = "vfat" ]; then + echo "$2" + break + fi + done +} + +# Return all devices that are a valid ESP +usable_efi_system_partitions() +{ + local last_partition path partition partition_id + local ID_PART_ENTRY_TYPE ID_PART_ENTRY_SCHEME + + last_partition= + ( + for partition in /dev/disk/by-id/*; do + ID_PART_ENTRY_TYPE="" + ID_PART_ENTRY_SCHEME="" + eval "$(udevadm info -q property -n "$partition" | grep -E '^ID_PART_ENTRY_(TYPE|SCHEME)=')" + if [ -z "$ID_PART_ENTRY_TYPE" -o -z "$ID_PART_ENTRY_SCHEME" -o \ + \( "$ID_PART_ENTRY_SCHEME" != gpt -a "$ID_PART_ENTRY_SCHEME" != dos \) -o \ + \( "$ID_PART_ENTRY_SCHEME" = gpt -a "$ID_PART_ENTRY_TYPE" != c12a7328-f81f-11d2-ba4b-00a0c93ec93b \) -o \ + \( "$ID_PART_ENTRY_SCHEME" = dos -a "$ID_PART_ENTRY_TYPE" != 0xef \) ]; then + continue + fi + # unify the partition id + partition_id="$(device_to_id "$partition" || true)" + real_device="$(readlink -f "$partition")" + path="$(find_mount_point $real_device)" + echo "$path:$partition_id" + done + ) | sort -t: -k2 -u +} + +############################################################################### +# MAGIC SCRIPT +############################################################################### +FALLBACK_MOUNTPOINT=/var/lib/grub/esp + +# Initial install/upgrade from /boot/efi? +db_fget grub-efi/install_devices seen +seen="$RET" + +# Get configured value +question=grub-efi/install_devices +priority=high +db_get grub-efi/install_devices +valid=1 + +# We either migrate /boot/efi over, or we check if we have invalid devices +if [ -z "$RET" ] && [ "$seen" != "true" ]; then + echo "Trying to migrate /boot/efi into esp config" + esp="$(get_mounted_device /boot/efi)" + if [ "$esp" ]; then + esp="$(device_to_id "$esp")" + fi + if [ "$esp" ]; then + db_set grub-efi/install_devices "$esp" + db_fset grub-efi/install_devices seen true + RET="$esp" + fi +else + for device in $RET; do + if [ ! -e "${device%,}" ]; then + valid=0 + break + fi + done +fi + +# If /boot/efi points to a device that's not in the list, trigger the +# install_devices_disks_changed prompt below, but add the device behind +# /boot/efi to the defaults. +boot_efi_device=$(get_mounted_device /boot/efi || true) +if [ "$boot_efi_device" ]; then + for device in $RET; do + device="${device%,}" + real_device="$(readlink -f "$device" || true)" + if [ "$real_device" = "$boot_efi_device" ]; then + boot_efi_device="" + break + fi + done + + if [ "$boot_efi_device" ]; then + boot_efi_device="$(device_to_id "$boot_efi_device" || true)" + if [ "$RET" ]; then + RET="$RET, $boot_efi_device" + else + RET="$boot_efi_device" + fi + valid=0 + fi +fi + + +if [ "$valid" = 0 ]; then + question=grub-efi/install_devices_disks_changed + priority=critical + db_set "$question" "$RET" + db_fset "$question" seen false + db_fset grub-efi/install_devices_empty seen false +fi + +while :; do + ids= + descriptions= + partitions="$(usable_efi_system_partitions)" + + for partition_pair in $partitions; do + partition_id="${partition_pair#*:}" + device="${partition_id%%-part*}" + ids="${ids:+$ids, }$partition_id" + describe_efi_system_partition "$(readlink -f "$device")" "$(readlink -f "$partition_id")" "$partition_id" "$(get_mountpoint "${partition_pair%%:*}")" + RET="$(printf %s "$RET" | sed 's/,/\\,/g')" + descriptions="${descriptions:+$descriptions, }$RET" + done + + db_subst "$question" RAW_CHOICES "$ids" + db_subst "$question" CHOICES "$descriptions" + db_input "$priority" "$question" || true + db_go + db_get "$question" + + + # Run the installer + failed_devices= + for i in `echo $RET | sed -e 's/, / /g'` ; do + real_device="$(readlink -f "$i")" + mntpoint=$(find_mount_point $real_device) + if [ -z "$mntpoint" ]; then + mntpoint=$FALLBACK_MOUNTPOINT + mount $real_device $mntpoint + fi + echo "Installing grub to $mntpoint." >&2 + if _UBUNTU_ALTERNATIVE_ESPS="$RET" grub-install --efi-directory=$mntpoint "$@" ; then + # We just installed GRUB 2; then also generate grub.cfg. + touch /boot/grub/grub.cfg + else + failed_devices="$failed_devices $real_device" + fi + + if [ "$mntpoint" = "$FALLBACK_MOUNTPOINT" ]; then + umount $mntpoint + fi + done + + if [ "$question" != grub-efi/install_devices ] && [ "$RET" ]; then + # XXX cjwatson 2019-02-26: The description of + # grub-efi/install_devices_disks_changed ought to explain that + # selecting no devices will leave the configuration unchanged + # so that you'll be prompted again next time, but it's a bit + # close to the Debian 10 release to be introducing new + # translatable text. For now, it should be sufficient to + # avoid losing configuration data. + db_set grub-efi/install_devices "$RET" + db_fset grub-efi/install_devices seen true + fi + + if [ "$failed_devices" ]; then + db_subst grub-efi/install_devices_failed FAILED_DEVICES "$failed_devices" + db_fset grub-efi/install_devices_failed seen false + if db_input critical grub-efi/install_devices_failed; then + db_go + db_get grub-efi/install_devices_failed + if [ "$RET" = true ]; then + break + else + db_fset "$question" seen false + db_fset grub-efi/install_devices_failed seen false + continue + fi + else + exit 1 # noninteractive + fi + fi + + db_get "$question" + if [ -z "$RET" ]; then + # Reset the seen flag if the current answer is false, since + # otherwise we'll loop with no indication of why. + db_get grub-efi/install_devices_empty + if [ "$RET" = false ]; then + db_fset grub-efi/install_devices_empty seen false + fi + if db_input critical grub-efi/install_devices_empty; then + db_go + db_get grub-efi/install_devices_empty + if [ "$RET" = true ]; then + break + else + db_fset "$question" seen false + db_fset grub-efi/install_devices_empty seen false + fi + else + # if question was seen we are done + # Otherwise, abort + db_fget grub-efi/install_devices_empty seen + if [ "$RET" = true ]; then + break + else + exit 1 + fi + fi + else + break + fi +done diff --git a/debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch b/debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch new file mode 100644 index 000000000..9858bed13 --- /dev/null +++ b/debian/patches/0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch @@ -0,0 +1,25 @@ +From: Dimitri John Ledkov +Date: Mon, 24 Feb 2020 20:29:53 +0000 +Subject: uefi-firmware: rename fwsetup menuentry to UEFI Firmware Settings + +LP: #1864547 +--- + util/grub.d/30_uefi-firmware.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in +index 3c9f533..b072d21 100644 +--- a/util/grub.d/30_uefi-firmware.in ++++ b/util/grub.d/30_uefi-firmware.in +@@ -32,9 +32,9 @@ OsIndications="$efi_vars_dir/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE/data" + + if [ -e "$OsIndications" ] && \ + [ "$(( $(printf 0x%x \'"$(cat $OsIndications | cut -b1)") & 1 ))" = 1 ]; then +- LABEL="System setup" ++ LABEL="UEFI Firmware Settings" + +- gettext_printf "Adding boot menu entry for EFI firmware configuration\n" >&2 ++ gettext_printf "Adding boot menu entry for UEFI Firmware Settings\n" >&2 + + onstr="$(gettext_printf "(on %s)" "${DEVICE}")" + diff --git a/debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch b/debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch new file mode 100644 index 000000000..bd09c708f --- /dev/null +++ b/debian/patches/0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch @@ -0,0 +1,86 @@ +From: Julian Andres Klode +Date: Tue, 3 Mar 2020 16:06:34 +0100 +Subject: smbios: Add a --linux argument to apply linux modalias-like + filtering + +Linux creates modalias strings by filtering out non-ASCII, space, +and colon characters. Provide an option that does the same filtering +so people can create a modalias string in GRUB, and then match their +modalias patterns against it. + +Signed-off-by: Julian Andres Klode +Reviewed-by: Daniel Kiper +Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=87049f9716fb095aecb595fb8f45497bbbb1b4a2 +--- + grub-core/commands/smbios.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/grub-core/commands/smbios.c b/grub-core/commands/smbios.c +index 7a6a391..1a9086d 100644 +--- a/grub-core/commands/smbios.c ++++ b/grub-core/commands/smbios.c +@@ -64,6 +64,21 @@ grub_smbios_get_eps3 (void) + return eps; + } + ++static char * ++linux_string (const char *value) ++{ ++ char *out = grub_malloc( grub_strlen (value) + 1); ++ const char *src = value; ++ char *dst = out; ++ ++ for (; *src; src++) ++ if (*src > ' ' && *src < 127 && *src != ':') ++ *dst++ = *src; ++ ++ *dst = 0; ++ return out; ++} ++ + /* + * These functions convert values from the various SMBIOS structure field types + * into a string formatted to be returned to the user. They expect that the +@@ -176,6 +191,7 @@ static const struct { + /* List command options, with structure field getters ordered as above. */ + #define FIRST_GETTER_OPT (3) + #define SETTER_OPT (FIRST_GETTER_OPT + ARRAY_SIZE(field_extractors)) ++#define LINUX_OPT (FIRST_GETTER_OPT + ARRAY_SIZE(field_extractors) + 1) + + static const struct grub_arg_option options[] = { + {"type", 't', 0, N_("Match structures with the given type."), +@@ -198,6 +214,8 @@ static const struct grub_arg_option options[] = { + N_("offset"), ARG_TYPE_INT}, + {"set", '\0', 0, N_("Store the value in the given variable name."), + N_("variable"), ARG_TYPE_STRING}, ++ {"linux", '\0', 0, N_("Filter the result like linux does."), ++ N_("variable"), ARG_TYPE_NONE}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -261,6 +279,7 @@ grub_cmd_smbios (grub_extcmd_context_t ctxt, + + const grub_uint8_t *structure; + const char *value; ++ char *modified_value = NULL; + grub_int32_t option; + grub_int8_t field_type = -1; + grub_uint8_t i; +@@ -334,12 +353,17 @@ grub_cmd_smbios (grub_extcmd_context_t ctxt, + return grub_error (GRUB_ERR_IO, + N_("failed to retrieve the structure field")); + ++ if (state[LINUX_OPT].set) ++ value = modified_value = linux_string (value); ++ + /* Store or print the formatted value. */ + if (state[SETTER_OPT].set) + grub_env_set (state[SETTER_OPT].arg, value); + else + grub_printf ("%s\n", value); + ++ grub_free(modified_value); ++ + return GRUB_ERR_NONE; + } + diff --git a/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch b/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch new file mode 100644 index 000000000..5a5c6c0f2 --- /dev/null +++ b/debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch @@ -0,0 +1,117 @@ +From: Chris Coulson +Date: Wed, 11 Mar 2020 16:46:00 +0100 +Subject: ubuntu: Make the linux command in EFI grub always try EFI handover + +The previous implementation only boots via the EFI handover protocol when +secure boot is enabled. This means that disabling secure boot breaks some +features that depend on the kernel being booted via the EFI handover entry +point, such as retrieval of the TCG event log. + +Update the linux command to always attempt to defer to linuxefi in EFI grub +builds, regardless of whether secure boot is enabled or not. This also allows +a fallback to the non-EFI handover path on kernels that don't support it, but +only if secure boot is disabled. +--- + grub-core/loader/i386/efi/linux.c | 14 +++++++----- + grub-core/loader/i386/linux.c | 47 ++++++++++++++++++++++----------------- + 2 files changed, 35 insertions(+), 26 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 6b6aef8..fe3ca2c 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -195,12 +196,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- rc = grub_linuxefi_secure_validate (kernel, filelen); +- if (rc < 0) ++ if (grub_efi_secure_boot ()) + { +- grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), +- argv[0]); +- goto fail; ++ rc = grub_linuxefi_secure_validate (kernel, filelen); ++ if (rc < 0) ++ { ++ grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), ++ argv[0]); ++ goto fail; ++ } + } + + params = grub_efi_allocate_pages_max (0x3fffffff, +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 4328bcb..991eb29 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -658,35 +658,40 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + #ifdef GRUB_MACHINE_EFI + using_linuxefi = 0; +- if (grub_efi_secure_boot ()) +- { +- /* linuxefi requires a successful signature check and then hand over +- to the kernel without calling ExitBootServices. */ +- grub_dl_t mod; +- grub_command_t linuxefi_cmd; + +- grub_dprintf ("linux", "Secure Boot enabled: trying linuxefi\n"); ++ grub_dl_t mod; ++ grub_command_t linuxefi_cmd; ++ ++ grub_dprintf ("linux", "Trying linuxefi\n"); + +- mod = grub_dl_load ("linuxefi"); +- if (mod) ++ mod = grub_dl_load ("linuxefi"); ++ if (mod) ++ { ++ grub_dl_ref (mod); ++ linuxefi_cmd = grub_command_find ("linuxefi"); ++ initrdefi_cmd = grub_command_find ("initrdefi"); ++ if (linuxefi_cmd && initrdefi_cmd) + { +- grub_dl_ref (mod); +- linuxefi_cmd = grub_command_find ("linuxefi"); +- initrdefi_cmd = grub_command_find ("initrdefi"); +- if (linuxefi_cmd && initrdefi_cmd) ++ (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); ++ if (grub_errno == GRUB_ERR_NONE) ++ { ++ grub_dprintf ("linux", "Handing off to linuxefi\n"); ++ using_linuxefi = 1; ++ return GRUB_ERR_NONE; ++ } ++ else if (grub_efi_secure_boot ()) + { +- (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); +- if (grub_errno == GRUB_ERR_NONE) +- { +- grub_dprintf ("linux", "Handing off to linuxefi\n"); +- using_linuxefi = 1; +- return GRUB_ERR_NONE; +- } +- grub_dprintf ("linux", "linuxefi failed (%d)\n", grub_errno); ++ grub_dprintf ("linux", "linuxefi failed and secure boot is enabled (%d)\n", grub_errno); + goto fail; + } + } + } ++ ++ if (grub_efi_secure_boot ()) ++ { ++ grub_dprintf("linux", "Unable to hand off to linuxefi and secure boot is enabled\n"); ++ goto fail; ++ } + #endif + + if (argc == 0) diff --git a/debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch b/debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch new file mode 100644 index 000000000..e2e240465 --- /dev/null +++ b/debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch @@ -0,0 +1,24 @@ +From: Chris Coulson +Date: Wed, 11 Mar 2020 16:46:41 +0100 +Subject: ubuntu: Update the linux boot protocol version check. + +The EFI implementation of grub_cmd_linux makes use of xloadflags which was +introduced in to version 2.12 of the kernel's boot protocol, so update the +check accordingly. +--- + grub-core/loader/i386/efi/linux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index fe3ca2c..2929da7 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -245,7 +245,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + + grub_dprintf ("linuxefi", "checking lh->version\n"); +- if (lh->version < grub_cpu_to_le16 (0x020b)) ++ if (lh->version < grub_cpu_to_le16 (0x020c)) + { + grub_error (GRUB_ERR_BAD_OS, N_("kernel too old")); + goto fail; diff --git a/debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch b/debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch new file mode 100644 index 000000000..595a60daa --- /dev/null +++ b/debian/patches/0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch @@ -0,0 +1,65 @@ +From: Peter Jones +Date: Wed, 15 Apr 2020 15:45:02 -0400 +Subject: yylex: Make lexer fatal errors actually be fatal + +When presented with a command that can't be tokenized to anything +smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg), +expecting that will stop further processing, as such: + + #define YY_DO_BEFORE_ACTION \ + yyg->yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yyg->yy_hold_char = *yy_cp; \ + *yy_cp = '\0'; \ + if ( yyleng >= YYLMAX ) \ + YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \ + yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \ + yyg->yy_c_buf_p = yy_cp; + +The code flex generates expects that YY_FATAL_ERROR() will either return +for it or do some form of longjmp(), or handle the error in some way at +least, and so the strncpy() call isn't in an "else" clause, and thus if +YY_FATAL_ERROR() is *not* actually fatal, it does the call with the +questionable limit, and predictable results ensue. + +Unfortunately, our implementation of YY_FATAL_ERROR() is: + + #define YY_FATAL_ERROR(msg) \ + do { \ + grub_printf (_("fatal error: %s\n"), _(msg)); \ + } while (0) + +The same pattern exists in yyless(), and similar problems exist in users +of YY_INPUT(), several places in the main parsing loop, +yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack, +yy_scan_buffer(), etc. + +All of these callers expect YY_FATAL_ERROR() to actually be fatal, and +the things they do if it returns after calling it are wildly unsafe. + +Fixes: CVE-2020-10713 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/script/yylex.l | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l +index 7b44c37..b7203c8 100644 +--- a/grub-core/script/yylex.l ++++ b/grub-core/script/yylex.l +@@ -37,11 +37,11 @@ + + /* + * As we don't have access to yyscanner, we cannot do much except to +- * print the fatal error. ++ * print the fatal error and exit. + */ + #define YY_FATAL_ERROR(msg) \ + do { \ +- grub_printf (_("fatal error: %s\n"), _(msg)); \ ++ grub_fatal (_("fatal error: %s\n"), _(msg));\ + } while (0) + + #define COPY(str, hint) \ diff --git a/debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch b/debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch new file mode 100644 index 000000000..0935040b9 --- /dev/null +++ b/debian/patches/0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch @@ -0,0 +1,119 @@ +From: Peter Jones +Date: Mon, 15 Jun 2020 10:58:42 -0400 +Subject: safemath: Add some arithmetic primitives that check for overflow + +This adds a new header, include/grub/safemath.h, that includes easy to +use wrappers for __builtin_{add,sub,mul}_overflow() declared like: + + bool OP(a, b, res) + +where OP is grub_add, grub_sub or grub_mul. OP() returns true in the +case where the operation would overflow and res is not modified. +Otherwise, false is returned and the operation is executed. + +These arithmetic primitives require newer compiler versions. So, bump +these requirements in the INSTALL file too. + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + INSTALL | 22 ++-------------------- + include/grub/compiler.h | 8 ++++++++ + include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++ + 3 files changed, 47 insertions(+), 20 deletions(-) + create mode 100644 include/grub/safemath.h + +diff --git a/INSTALL b/INSTALL +index 342c158..991479b 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -11,27 +11,9 @@ GRUB depends on some software packages installed into your system. If + you don't have any of them, please obtain and install them before + configuring the GRUB. + +-* GCC 4.1.3 or later +- Note: older versions may work but support is limited +- +- Experimental support for clang 3.3 or later (results in much bigger binaries) ++* GCC 5.1.0 or later ++ Experimental support for clang 3.8.0 or later (results in much bigger binaries) + for i386, x86_64, arm (including thumb), arm64, mips(el), powerpc, sparc64 +- Note: clang 3.2 or later works for i386 and x86_64 targets but results in +- much bigger binaries. +- earlier versions not tested +- Note: clang 3.2 or later works for arm +- earlier versions not tested +- Note: clang on arm64 is not supported due to +- https://llvm.org/bugs/show_bug.cgi?id=26030 +- Note: clang 3.3 or later works for mips(el) +- earlier versions fail to generate .reginfo and hence gprel relocations +- fail. +- Note: clang 3.2 or later works for powerpc +- earlier versions not tested +- Note: clang 3.5 or later works for sparc64 +- earlier versions return "error: unable to interface with target machine" +- Note: clang has no support for ia64 and hence you can't compile GRUB +- for ia64 with clang + * GNU Make + * GNU Bison 2.3 or later + * GNU gettext 0.17 or later +diff --git a/include/grub/compiler.h b/include/grub/compiler.h +index c9e1d7a..8f3be3a 100644 +--- a/include/grub/compiler.h ++++ b/include/grub/compiler.h +@@ -48,4 +48,12 @@ + # define WARN_UNUSED_RESULT + #endif + ++#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__) ++# define CLANG_PREREQ(maj,min) \ ++ ((__clang_major__ > (maj)) || \ ++ (__clang_major__ == (maj) && __clang_minor__ >= (min))) ++#else ++# define CLANG_PREREQ(maj,min) 0 ++#endif ++ + #endif /* ! GRUB_COMPILER_HEADER */ +diff --git a/include/grub/safemath.h b/include/grub/safemath.h +new file mode 100644 +index 0000000..c17b89b +--- /dev/null ++++ b/include/grub/safemath.h +@@ -0,0 +1,37 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ * ++ * Arithmetic operations that protect against overflow. ++ */ ++ ++#ifndef GRUB_SAFEMATH_H ++#define GRUB_SAFEMATH_H 1 ++ ++#include ++ ++/* These appear in gcc 5.1 and clang 3.8. */ ++#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8) ++ ++#define grub_add(a, b, res) __builtin_add_overflow(a, b, res) ++#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) ++#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) ++ ++#else ++#error gcc 5.1 or newer or clang 3.8 or newer is required ++#endif ++ ++#endif /* GRUB_SAFEMATH_H */ diff --git a/debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch b/debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch new file mode 100644 index 000000000..875686468 --- /dev/null +++ b/debian/patches/0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch @@ -0,0 +1,238 @@ +From: Peter Jones +Date: Mon, 15 Jun 2020 12:15:29 -0400 +Subject: calloc: Make sure we always have an overflow-checking calloc() + available + +This tries to make sure that everywhere in this source tree, we always have +an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.) +available, and that they all safely check for overflow and return NULL when +it would occur. + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/kern/emu/misc.c | 12 ++++++++++++ + grub-core/kern/emu/mm.c | 10 ++++++++++ + grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++++++++++ + grub-core/lib/libgcrypt_wrap/mem.c | 11 +++++++++-- + grub-core/lib/posix_wrap/stdlib.h | 8 +++++++- + include/grub/emu/misc.h | 1 + + include/grub/mm.h | 6 ++++++ + 7 files changed, 85 insertions(+), 3 deletions(-) + +diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c +index 65db79b..dfd8a8e 100644 +--- a/grub-core/kern/emu/misc.c ++++ b/grub-core/kern/emu/misc.c +@@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...) + exit (1); + } + ++void * ++xcalloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *p; ++ ++ p = calloc (nmemb, size); ++ if (!p) ++ grub_util_error ("%s", _("out of memory")); ++ ++ return p; ++} ++ + void * + xmalloc (grub_size_t size) + { +diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c +index f262e95..145b01d 100644 +--- a/grub-core/kern/emu/mm.c ++++ b/grub-core/kern/emu/mm.c +@@ -25,6 +25,16 @@ + #include + #include + ++void * ++grub_calloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *ret; ++ ret = calloc (nmemb, size); ++ if (!ret) ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ return ret; ++} ++ + void * + grub_malloc (grub_size_t size) + { +diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c +index ee88ff6..f2822a8 100644 +--- a/grub-core/kern/mm.c ++++ b/grub-core/kern/mm.c +@@ -67,8 +67,10 @@ + #include + #include + #include ++#include + + #ifdef MM_DEBUG ++# undef grub_calloc + # undef grub_malloc + # undef grub_zalloc + # undef grub_realloc +@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size) + return 0; + } + ++/* ++ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on ++ * integer overflow. ++ */ ++void * ++grub_calloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *ret; ++ grub_size_t sz = 0; ++ ++ if (grub_mul (nmemb, size, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ ret = grub_memalign (0, sz); ++ if (!ret) ++ return NULL; ++ ++ grub_memset (ret, 0, sz); ++ return ret; ++} ++ + /* Allocate SIZE bytes and return the pointer. */ + void * + grub_malloc (grub_size_t size) +@@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno) + grub_printf ("\n"); + } + ++void * ++grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size) ++{ ++ void *ptr; ++ ++ if (grub_mm_debug) ++ grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ", ++ file, line, size); ++ ptr = grub_calloc (nmemb, size); ++ if (grub_mm_debug) ++ grub_printf ("%p\n", ptr); ++ return ptr; ++} ++ + void * + grub_debug_malloc (const char *file, int line, grub_size_t size) + { +diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c +index beeb661..74c6eaf 100644 +--- a/grub-core/lib/libgcrypt_wrap/mem.c ++++ b/grub-core/lib/libgcrypt_wrap/mem.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -36,7 +37,10 @@ void * + gcry_xcalloc (size_t n, size_t m) + { + void *ret; +- ret = grub_zalloc (n * m); ++ size_t sz; ++ if (grub_mul (n, m, &sz)) ++ grub_fatal ("gcry_xcalloc would overflow"); ++ ret = grub_zalloc (sz); + if (!ret) + grub_fatal ("gcry_xcalloc failed"); + return ret; +@@ -56,7 +60,10 @@ void * + gcry_xcalloc_secure (size_t n, size_t m) + { + void *ret; +- ret = grub_zalloc (n * m); ++ size_t sz; ++ if (grub_mul (n, m, &sz)) ++ grub_fatal ("gcry_xcalloc would overflow"); ++ ret = grub_zalloc (sz); + if (!ret) + grub_fatal ("gcry_xcalloc failed"); + return ret; +diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h +index 3b46f47..7a8d385 100644 +--- a/grub-core/lib/posix_wrap/stdlib.h ++++ b/grub-core/lib/posix_wrap/stdlib.h +@@ -21,6 +21,7 @@ + + #include + #include ++#include + + static inline void + free (void *ptr) +@@ -37,7 +38,12 @@ malloc (grub_size_t size) + static inline void * + calloc (grub_size_t size, grub_size_t nelem) + { +- return grub_zalloc (size * nelem); ++ grub_size_t sz; ++ ++ if (grub_mul (size, nelem, &sz)) ++ return NULL; ++ ++ return grub_zalloc (sz); + } + + static inline void * +diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h +index ce464cf..ff9c48a 100644 +--- a/include/grub/emu/misc.h ++++ b/include/grub/emu/misc.h +@@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev); + #define GRUB_HOST_PRIuLONG_LONG "llu" + #define GRUB_HOST_PRIxLONG_LONG "llx" + ++void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT; + void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT; + void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT; + char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT; +diff --git a/include/grub/mm.h b/include/grub/mm.h +index 28e2e53..9c38dd3 100644 +--- a/include/grub/mm.h ++++ b/include/grub/mm.h +@@ -29,6 +29,7 @@ + #endif + + void grub_mm_init_region (void *addr, grub_size_t size); ++void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size); + void *EXPORT_FUNC(grub_malloc) (grub_size_t size); + void *EXPORT_FUNC(grub_zalloc) (grub_size_t size); + void EXPORT_FUNC(grub_free) (void *ptr); +@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug); + void grub_mm_dump_free (void); + void grub_mm_dump (unsigned lineno); + ++#define grub_calloc(nmemb, size) \ ++ grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size) ++ + #define grub_malloc(size) \ + grub_debug_malloc (GRUB_FILE, __LINE__, size) + +@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno); + #define grub_free(ptr) \ + grub_debug_free (GRUB_FILE, __LINE__, ptr) + ++void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line, ++ grub_size_t nmemb, grub_size_t size); + void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line, + grub_size_t size); + void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line, diff --git a/debian/patches/0084-calloc-Use-calloc-at-most-places.patch b/debian/patches/0084-calloc-Use-calloc-at-most-places.patch new file mode 100644 index 000000000..f8cecaa0e --- /dev/null +++ b/debian/patches/0084-calloc-Use-calloc-at-most-places.patch @@ -0,0 +1,1832 @@ +From: Peter Jones +Date: Mon, 15 Jun 2020 12:26:01 -0400 +Subject: calloc: Use calloc() at most places + +This modifies most of the places we do some form of: + + X = malloc(Y * Z); + +to use calloc(Y, Z) instead. + +Among other issues, this fixes: + - allocation of integer overflow in grub_png_decode_image_header() + reported by Chris Coulson, + - allocation of integer overflow in luks_recover_key() + reported by Chris Coulson, + - allocation of integer overflow in grub_lvm_detect() + reported by Chris Coulson. + +Fixes: CVE-2020-14308 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/bus/usb/usbhub.c | 8 ++++---- + grub-core/commands/efi/lsefisystab.c | 3 ++- + grub-core/commands/legacycfg.c | 6 +++--- + grub-core/commands/menuentry.c | 2 +- + grub-core/commands/nativedisk.c | 2 +- + grub-core/commands/parttool.c | 12 +++++++++--- + grub-core/commands/regexp.c | 2 +- + grub-core/commands/search_wrap.c | 2 +- + grub-core/disk/diskfilter.c | 4 ++-- + grub-core/disk/ieee1275/ofdisk.c | 2 +- + grub-core/disk/ldm.c | 14 +++++++------- + grub-core/disk/luks.c | 2 +- + grub-core/disk/lvm.c | 8 ++++---- + grub-core/disk/xen/xendisk.c | 2 +- + grub-core/efiemu/loadcore.c | 2 +- + grub-core/efiemu/mm.c | 6 +++--- + grub-core/font/font.c | 3 +-- + grub-core/fs/affs.c | 6 +++--- + grub-core/fs/btrfs.c | 6 +++--- + grub-core/fs/hfs.c | 2 +- + grub-core/fs/hfsplus.c | 6 +++--- + grub-core/fs/iso9660.c | 2 +- + grub-core/fs/ntfs.c | 4 ++-- + grub-core/fs/sfs.c | 2 +- + grub-core/fs/tar.c | 2 +- + grub-core/fs/udf.c | 4 ++-- + grub-core/fs/zfs/zfs.c | 4 ++-- + grub-core/gfxmenu/gui_string_util.c | 2 +- + grub-core/gfxmenu/widget-box.c | 4 ++-- + grub-core/io/gzio.c | 2 +- + grub-core/kern/efi/efi.c | 6 +++--- + grub-core/kern/emu/hostdisk.c | 2 +- + grub-core/kern/fs.c | 2 +- + grub-core/kern/misc.c | 2 +- + grub-core/kern/parser.c | 2 +- + grub-core/kern/uboot/uboot.c | 2 +- + grub-core/lib/libgcrypt/cipher/ac.c | 8 ++++---- + grub-core/lib/libgcrypt/cipher/primegen.c | 4 ++-- + grub-core/lib/libgcrypt/cipher/pubkey.c | 4 ++-- + grub-core/lib/priority_queue.c | 2 +- + grub-core/lib/reed_solomon.c | 7 +++---- + grub-core/lib/relocator.c | 10 +++++----- + grub-core/lib/zstd/fse_decompress.c | 2 +- + grub-core/loader/arm/linux.c | 2 +- + grub-core/loader/efi/chainloader.c | 2 +- + grub-core/loader/i386/bsdXX.c | 2 +- + grub-core/loader/i386/xnu.c | 4 ++-- + grub-core/loader/macho.c | 2 +- + grub-core/loader/multiboot_elfxx.c | 2 +- + grub-core/loader/xnu.c | 2 +- + grub-core/mmap/mmap.c | 4 ++-- + grub-core/net/bootp.c | 2 +- + grub-core/net/dns.c | 10 +++++----- + grub-core/net/net.c | 4 ++-- + grub-core/normal/charset.c | 10 +++++----- + grub-core/normal/cmdline.c | 14 +++++++------- + grub-core/normal/menu_entry.c | 14 +++++++------- + grub-core/normal/menu_text.c | 4 ++-- + grub-core/normal/term.c | 4 ++-- + grub-core/osdep/linux/getroot.c | 6 +++--- + grub-core/osdep/unix/config.c | 2 +- + grub-core/osdep/windows/getroot.c | 2 +- + grub-core/osdep/windows/hostdisk.c | 4 ++-- + grub-core/osdep/windows/init.c | 2 +- + grub-core/osdep/windows/platform.c | 4 ++-- + grub-core/osdep/windows/relpath.c | 2 +- + grub-core/partmap/gpt.c | 2 +- + grub-core/partmap/msdos.c | 2 +- + grub-core/script/execute.c | 2 +- + grub-core/tests/fake_input.c | 2 +- + grub-core/tests/video_checksum.c | 6 +++--- + grub-core/video/capture.c | 2 +- + grub-core/video/emu/sdl.c | 2 +- + grub-core/video/i386/pc/vga.c | 2 +- + grub-core/video/readers/png.c | 2 +- + include/grub/unicode.h | 4 ++-- + util/getroot.c | 2 +- + util/grub-file.c | 2 +- + util/grub-fstest.c | 4 ++-- + util/grub-install-common.c | 2 +- + util/grub-install.c | 4 ++-- + util/grub-mkimagexx.c | 6 ++---- + util/grub-mkrescue.c | 4 ++-- + util/grub-mkstandalone.c | 2 +- + util/grub-pe2elf.c | 12 +++++------- + util/grub-probe.c | 4 ++-- + 86 files changed, 176 insertions(+), 175 deletions(-) + +diff --git a/grub-core/bus/usb/usbhub.c b/grub-core/bus/usb/usbhub.c +index 34a7ff1..a06cce3 100644 +--- a/grub-core/bus/usb/usbhub.c ++++ b/grub-core/bus/usb/usbhub.c +@@ -149,8 +149,8 @@ grub_usb_add_hub (grub_usb_device_t dev) + grub_usb_set_configuration (dev, 1); + + dev->nports = hubdesc.portcnt; +- dev->children = grub_zalloc (hubdesc.portcnt * sizeof (dev->children[0])); +- dev->ports = grub_zalloc (dev->nports * sizeof (dev->ports[0])); ++ dev->children = grub_calloc (hubdesc.portcnt, sizeof (dev->children[0])); ++ dev->ports = grub_calloc (dev->nports, sizeof (dev->ports[0])); + if (!dev->children || !dev->ports) + { + grub_free (dev->children); +@@ -268,8 +268,8 @@ grub_usb_controller_dev_register_iter (grub_usb_controller_t controller, void *d + + /* Query the number of ports the root Hub has. */ + hub->nports = controller->dev->hubports (controller); +- hub->devices = grub_zalloc (sizeof (hub->devices[0]) * hub->nports); +- hub->ports = grub_zalloc (sizeof (hub->ports[0]) * hub->nports); ++ hub->devices = grub_calloc (hub->nports, sizeof (hub->devices[0])); ++ hub->ports = grub_calloc (hub->nports, sizeof (hub->ports[0])); + if (!hub->devices || !hub->ports) + { + grub_free (hub->devices); +diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c +index 9027882..d29188e 100644 +--- a/grub-core/commands/efi/lsefisystab.c ++++ b/grub-core/commands/efi/lsefisystab.c +@@ -73,7 +73,8 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)), + grub_printf ("Vendor: "); + + for (vendor_utf16 = st->firmware_vendor; *vendor_utf16; vendor_utf16++); +- vendor = grub_malloc (4 * (vendor_utf16 - st->firmware_vendor) + 1); ++ /* Allocate extra 3 bytes to simplify math. */ ++ vendor = grub_calloc (4, vendor_utf16 - st->firmware_vendor + 1); + if (!vendor) + return grub_errno; + *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor, +diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c +index db7a8f0..5e3ec0d 100644 +--- a/grub-core/commands/legacycfg.c ++++ b/grub-core/commands/legacycfg.c +@@ -314,7 +314,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), + if (argc < 2) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- cutargs = grub_malloc (sizeof (cutargs[0]) * (argc - 1)); ++ cutargs = grub_calloc (argc - 1, sizeof (cutargs[0])); + if (!cutargs) + return grub_errno; + cutargc = argc - 1; +@@ -436,7 +436,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), + { + char rbuf[3] = "-r"; + bsdargc = cutargc + 2; +- bsdargs = grub_malloc (sizeof (bsdargs[0]) * bsdargc); ++ bsdargs = grub_calloc (bsdargc, sizeof (bsdargs[0])); + if (!bsdargs) + { + err = grub_errno; +@@ -559,7 +559,7 @@ grub_cmd_legacy_initrdnounzip (struct grub_command *mycmd __attribute__ ((unused + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("can't find command `%s'"), + "module"); + +- newargs = grub_malloc ((argc + 1) * sizeof (newargs[0])); ++ newargs = grub_calloc (argc + 1, sizeof (newargs[0])); + if (!newargs) + return grub_errno; + grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0])); +diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c +index 2c5363d..9164df7 100644 +--- a/grub-core/commands/menuentry.c ++++ b/grub-core/commands/menuentry.c +@@ -154,7 +154,7 @@ grub_normal_add_menu_entry (int argc, const char **args, + goto fail; + + /* Save argc, args to pass as parameters to block arg later. */ +- menu_args = grub_malloc (sizeof (char*) * (argc + 1)); ++ menu_args = grub_calloc (argc + 1, sizeof (char *)); + if (! menu_args) + goto fail; + +diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c +index 699447d..7c8f97f 100644 +--- a/grub-core/commands/nativedisk.c ++++ b/grub-core/commands/nativedisk.c +@@ -195,7 +195,7 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)), + else + path_prefix = prefix; + +- mods = grub_malloc (argc * sizeof (mods[0])); ++ mods = grub_calloc (argc, sizeof (mods[0])); + if (!mods) + return grub_errno; + +diff --git a/grub-core/commands/parttool.c b/grub-core/commands/parttool.c +index 22b46b1..051e313 100644 +--- a/grub-core/commands/parttool.c ++++ b/grub-core/commands/parttool.c +@@ -59,7 +59,13 @@ grub_parttool_register(const char *part_name, + for (nargs = 0; args[nargs].name != 0; nargs++); + cur->nargs = nargs; + cur->args = (struct grub_parttool_argdesc *) +- grub_malloc ((nargs + 1) * sizeof (struct grub_parttool_argdesc)); ++ grub_calloc (nargs + 1, sizeof (struct grub_parttool_argdesc)); ++ if (!cur->args) ++ { ++ grub_free (cur); ++ curhandle--; ++ return -1; ++ } + grub_memcpy (cur->args, args, + (nargs + 1) * sizeof (struct grub_parttool_argdesc)); + +@@ -257,7 +263,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), + return err; + } + +- parsed = (int *) grub_zalloc (argc * sizeof (int)); ++ parsed = (int *) grub_calloc (argc, sizeof (int)); + + for (i = 1; i < argc; i++) + if (! parsed[i]) +@@ -290,7 +296,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), + } + ptool = cur; + pargs = (struct grub_parttool_args *) +- grub_zalloc (ptool->nargs * sizeof (struct grub_parttool_args)); ++ grub_calloc (ptool->nargs, sizeof (struct grub_parttool_args)); + for (j = i; j < argc; j++) + if (! parsed[j]) + { +diff --git a/grub-core/commands/regexp.c b/grub-core/commands/regexp.c +index f00b184..4019164 100644 +--- a/grub-core/commands/regexp.c ++++ b/grub-core/commands/regexp.c +@@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t ctxt, int argc, char **args) + if (ret) + goto fail; + +- matches = grub_zalloc (sizeof (*matches) * (regex.re_nsub + 1)); ++ matches = grub_calloc (regex.re_nsub + 1, sizeof (*matches)); + if (! matches) + goto fail; + +diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c +index d7fd26b..47fc8eb 100644 +--- a/grub-core/commands/search_wrap.c ++++ b/grub-core/commands/search_wrap.c +@@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args) + for (i = 0; state[SEARCH_HINT_BAREMETAL].args[i]; i++) + nhints++; + +- hints = grub_malloc (sizeof (hints[0]) * nhints); ++ hints = grub_calloc (nhints, sizeof (hints[0])); + if (!hints) + return grub_errno; + j = 0; +diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c +index c3b578a..68ca9e0 100644 +--- a/grub-core/disk/diskfilter.c ++++ b/grub-core/disk/diskfilter.c +@@ -1134,7 +1134,7 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb, + array->lvs->segments->node_count = nmemb; + array->lvs->segments->raid_member_size = disk_size; + array->lvs->segments->nodes +- = grub_zalloc (nmemb * sizeof (array->lvs->segments->nodes[0])); ++ = grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0])); + array->lvs->segments->stripe_size = stripe_size; + for (i = 0; i < nmemb; i++) + { +@@ -1226,7 +1226,7 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id, + grub_partition_t p; + for (p = disk->partition; p; p = p->parent) + s++; +- pv->partmaps = xmalloc (s * sizeof (pv->partmaps[0])); ++ pv->partmaps = xcalloc (s, sizeof (pv->partmaps[0])); + s = 0; + for (p = disk->partition; p; p = p->parent) + pv->partmaps[s++] = xstrdup (p->partmap->name); +diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c +index f73257e..03674cb 100644 +--- a/grub-core/disk/ieee1275/ofdisk.c ++++ b/grub-core/disk/ieee1275/ofdisk.c +@@ -297,7 +297,7 @@ dev_iterate (const struct grub_ieee1275_devalias *alias) + /* Power machines documentation specify 672 as maximum SAS disks in + one system. Using a slightly larger value to be safe. */ + table_size = 768; +- table = grub_malloc (table_size * sizeof (grub_uint64_t)); ++ table = grub_calloc (table_size, sizeof (grub_uint64_t)); + + if (!table) + { +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index 2a22d2d..e632370 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -323,8 +323,8 @@ make_vg (grub_disk_t disk, + lv->segments->type = GRUB_DISKFILTER_MIRROR; + lv->segments->node_count = 0; + lv->segments->node_alloc = 8; +- lv->segments->nodes = grub_zalloc (sizeof (*lv->segments->nodes) +- * lv->segments->node_alloc); ++ lv->segments->nodes = grub_calloc (lv->segments->node_alloc, ++ sizeof (*lv->segments->nodes)); + if (!lv->segments->nodes) + goto fail2; + ptr = vblk[i].dynamic; +@@ -543,8 +543,8 @@ make_vg (grub_disk_t disk, + { + comp->segment_alloc = 8; + comp->segment_count = 0; +- comp->segments = grub_malloc (sizeof (*comp->segments) +- * comp->segment_alloc); ++ comp->segments = grub_calloc (comp->segment_alloc, ++ sizeof (*comp->segments)); + if (!comp->segments) + goto fail2; + } +@@ -590,8 +590,8 @@ make_vg (grub_disk_t disk, + } + comp->segments->node_count = read_int (ptr + 1, *ptr); + comp->segments->node_alloc = comp->segments->node_count; +- comp->segments->nodes = grub_zalloc (sizeof (*comp->segments->nodes) +- * comp->segments->node_alloc); ++ comp->segments->nodes = grub_calloc (comp->segments->node_alloc, ++ sizeof (*comp->segments->nodes)); + if (!lv->segments->nodes) + goto fail2; + } +@@ -1017,7 +1017,7 @@ grub_util_ldm_embed (struct grub_disk *disk, unsigned int *nsectors, + *nsectors = lv->size; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c +index 86c50c6..18b3a8b 100644 +--- a/grub-core/disk/luks.c ++++ b/grub-core/disk/luks.c +@@ -336,7 +336,7 @@ luks_recover_key (grub_disk_t source, + && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes) + max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes); + +- split_key = grub_malloc (keysize * max_stripes); ++ split_key = grub_calloc (keysize, max_stripes); + if (!split_key) + return grub_errno; + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index 7b265c7..d1df640 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -173,7 +173,7 @@ grub_lvm_detect (grub_disk_t disk, + first one. */ + + /* Allocate buffer space for the circular worst-case scenario. */ +- metadatabuf = grub_malloc (2 * mda_size); ++ metadatabuf = grub_calloc (2, mda_size); + if (! metadatabuf) + goto fail; + +@@ -426,7 +426,7 @@ grub_lvm_detect (grub_disk_t disk, + #endif + goto lvs_fail; + } +- lv->segments = grub_zalloc (sizeof (*seg) * lv->segment_count); ++ lv->segments = grub_calloc (lv->segment_count, sizeof (*seg)); + seg = lv->segments; + + for (i = 0; i < lv->segment_count; i++) +@@ -483,8 +483,8 @@ grub_lvm_detect (grub_disk_t disk, + if (seg->node_count != 1) + seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); + +- seg->nodes = grub_zalloc (sizeof (*stripe) +- * seg->node_count); ++ seg->nodes = grub_calloc (seg->node_count, ++ sizeof (*stripe)); + stripe = seg->nodes; + + p = grub_strstr (p, "stripes = ["); +diff --git a/grub-core/disk/xen/xendisk.c b/grub-core/disk/xen/xendisk.c +index 48476cb..d6612ee 100644 +--- a/grub-core/disk/xen/xendisk.c ++++ b/grub-core/disk/xen/xendisk.c +@@ -426,7 +426,7 @@ grub_xendisk_init (void) + if (!ctr) + return; + +- virtdisks = grub_malloc (ctr * sizeof (virtdisks[0])); ++ virtdisks = grub_calloc (ctr, sizeof (virtdisks[0])); + if (!virtdisks) + return; + if (grub_xenstore_dir ("device/vbd", fill, &ctr)) +diff --git a/grub-core/efiemu/loadcore.c b/grub-core/efiemu/loadcore.c +index 44085ef..2b92462 100644 +--- a/grub-core/efiemu/loadcore.c ++++ b/grub-core/efiemu/loadcore.c +@@ -201,7 +201,7 @@ grub_efiemu_count_symbols (const Elf_Ehdr *e) + + grub_efiemu_nelfsyms = (unsigned) s->sh_size / (unsigned) s->sh_entsize; + grub_efiemu_elfsyms = (struct grub_efiemu_elf_sym *) +- grub_malloc (sizeof (struct grub_efiemu_elf_sym) * grub_efiemu_nelfsyms); ++ grub_calloc (grub_efiemu_nelfsyms, sizeof (struct grub_efiemu_elf_sym)); + + /* Relocators */ + for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); +diff --git a/grub-core/efiemu/mm.c b/grub-core/efiemu/mm.c +index 52a032f..9b8e0d0 100644 +--- a/grub-core/efiemu/mm.c ++++ b/grub-core/efiemu/mm.c +@@ -554,11 +554,11 @@ grub_efiemu_mmap_sort_and_uniq (void) + /* Initialize variables*/ + grub_memset (present, 0, sizeof (int) * GRUB_EFI_MAX_MEMORY_TYPE); + scanline_events = (struct grub_efiemu_mmap_scan *) +- grub_malloc (sizeof (struct grub_efiemu_mmap_scan) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (struct grub_efiemu_mmap_scan) * 2); + + /* Number of chunks can't increase more than by factor of 2 */ + result = (grub_efi_memory_descriptor_t *) +- grub_malloc (sizeof (grub_efi_memory_descriptor_t) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (grub_efi_memory_descriptor_t) * 2); + if (!result || !scanline_events) + { + grub_free (result); +@@ -660,7 +660,7 @@ grub_efiemu_mm_do_alloc (void) + + /* Preallocate mmap */ + efiemu_mmap = (grub_efi_memory_descriptor_t *) +- grub_malloc (mmap_reserved_size * sizeof (grub_efi_memory_descriptor_t)); ++ grub_calloc (mmap_reserved_size, sizeof (grub_efi_memory_descriptor_t)); + if (!efiemu_mmap) + { + grub_efiemu_unload (); +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 85a2925..8e118b3 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -293,8 +293,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct + font->num_chars = sect_length / FONT_CHAR_INDEX_ENTRY_SIZE; + + /* Allocate the character index array. */ +- font->char_index = grub_malloc (font->num_chars +- * sizeof (struct char_index_entry)); ++ font->char_index = grub_calloc (font->num_chars, sizeof (struct char_index_entry)); + if (!font->char_index) + return 1; + font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t)); +diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c +index 6b6a2bc..220b371 100644 +--- a/grub-core/fs/affs.c ++++ b/grub-core/fs/affs.c +@@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node_t node) + return 0; + } + latin1[symlink_size] = 0; +- utf8 = grub_malloc (symlink_size * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ utf8 = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, symlink_size); + if (!utf8) + { + grub_free (latin1); +@@ -422,7 +422,7 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, + return 1; + } + +- hashtable = grub_zalloc (data->htsize * sizeof (*hashtable)); ++ hashtable = grub_calloc (data->htsize, sizeof (*hashtable)); + if (!hashtable) + return 1; + +@@ -628,7 +628,7 @@ grub_affs_label (grub_device_t device, char **label) + len = file.namelen; + if (len > sizeof (file.name)) + len = sizeof (file.name); +- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ *label = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, len); + if (*label) + *grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0'; + } +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 48bd3d0..11272ef 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -413,7 +413,7 @@ lower_bound (struct grub_btrfs_data *data, + { + desc->allocated = 16; + desc->depth = 0; +- desc->data = grub_malloc (sizeof (desc->data[0]) * desc->allocated); ++ desc->data = grub_calloc (desc->allocated, sizeof (desc->data[0])); + if (!desc->data) + return grub_errno; + } +@@ -752,7 +752,7 @@ raid56_read_retry (struct grub_btrfs_data *data, + grub_err_t ret = GRUB_ERR_OUT_OF_MEMORY; + grub_uint64_t i, failed_devices; + +- buffers = grub_zalloc (sizeof(*buffers) * nstripes); ++ buffers = grub_calloc (nstripes, sizeof (*buffers)); + if (!buffers) + goto cleanup; + +@@ -2160,7 +2160,7 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)), + *nsectors = 64 * 2 - 1; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c +index ac0a409..3fe842b 100644 +--- a/grub-core/fs/hfs.c ++++ b/grub-core/fs/hfs.c +@@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, char **label) + grub_size_t len = data->sblock.volname[0]; + if (len > sizeof (data->sblock.volname) - 1) + len = sizeof (data->sblock.volname) - 1; +- *label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1); ++ *label = grub_calloc (MAX_UTF8_PER_MAC_ROMAN + 1, len); + if (*label) + macroman_to_utf8 (*label, data->sblock.volname + 1, + len + 1, 0); +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index 54786bb..dae43be 100644 +--- a/grub-core/fs/hfsplus.c ++++ b/grub-core/fs/hfsplus.c +@@ -720,7 +720,7 @@ list_nodes (void *record, void *hook_arg) + if (! filename) + return 0; + +- keyname = grub_malloc (grub_be_to_cpu16 (catkey->namelen) * sizeof (*keyname)); ++ keyname = grub_calloc (grub_be_to_cpu16 (catkey->namelen), sizeof (*keyname)); + if (!keyname) + { + grub_free (filename); +@@ -1007,7 +1007,7 @@ grub_hfsplus_label (grub_device_t device, char **label) + grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr); + + label_len = grub_be_to_cpu16 (catkey->namelen); +- label_name = grub_malloc (label_len * sizeof (*label_name)); ++ label_name = grub_calloc (label_len, sizeof (*label_name)); + if (!label_name) + { + grub_free (node); +@@ -1029,7 +1029,7 @@ grub_hfsplus_label (grub_device_t device, char **label) + } + } + +- *label = grub_malloc (label_len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ *label = grub_calloc (label_len, GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! *label) + { + grub_free (label_name); +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index 49c0c63..4f1b52a 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -331,7 +331,7 @@ grub_iso9660_convert_string (grub_uint8_t *us, int len) + int i; + grub_uint16_t t[MAX_NAMELEN / 2 + 1]; + +- p = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ p = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! p) + return NULL; + +diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c +index fc4e1f6..2f34f76 100644 +--- a/grub-core/fs/ntfs.c ++++ b/grub-core/fs/ntfs.c +@@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t len) + grub_uint16_t *tmp; + grub_size_t i; + +- buf = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); +- tmp = grub_malloc (len * sizeof (tmp[0])); ++ buf = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); ++ tmp = grub_calloc (len, sizeof (tmp[0])); + if (!buf || !tmp) + { + grub_free (buf); +diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c +index 50c1fe7..90f7fb3 100644 +--- a/grub-core/fs/sfs.c ++++ b/grub-core/fs/sfs.c +@@ -266,7 +266,7 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) + node->next_extent = node->block; + node->cache_size = 0; + +- node->cache = grub_malloc (sizeof (node->cache[0]) * cache_size); ++ node->cache = grub_calloc (cache_size, sizeof (node->cache[0])); + if (!node->cache) + { + grub_errno = 0; +diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c +index 7d63e0c..c551ed6 100644 +--- a/grub-core/fs/tar.c ++++ b/grub-core/fs/tar.c +@@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name, + if (data->linkname_alloc < linksize + 1) + { + char *n; +- n = grub_malloc (2 * (linksize + 1)); ++ n = grub_calloc (2, linksize + 1); + if (!n) + return grub_errno; + grub_free (data->linkname); +diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c +index dc8b6e2..a837616 100644 +--- a/grub-core/fs/udf.c ++++ b/grub-core/fs/udf.c +@@ -873,7 +873,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) + { + unsigned i; + utf16len = sz - 1; +- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); ++ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); + if (!utf16) + return NULL; + for (i = 0; i < utf16len; i++) +@@ -883,7 +883,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) + { + unsigned i; + utf16len = (sz - 1) / 2; +- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); ++ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); + if (!utf16) + return NULL; + for (i = 0; i < utf16len; i++) +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index 2f72e42..381dde5 100644 +--- a/grub-core/fs/zfs/zfs.c ++++ b/grub-core/fs/zfs/zfs.c +@@ -3325,7 +3325,7 @@ dnode_get_fullpath (const char *fullpath, struct subvolume *subvol, + } + subvol->nkeys = 0; + zap_iterate (&keychain_dn, 8, count_zap_keys, &ctx, data); +- subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0])); ++ subvol->keyring = grub_calloc (subvol->nkeys, sizeof (subvol->keyring[0])); + if (!subvol->keyring) + { + grub_free (fsname); +@@ -4336,7 +4336,7 @@ grub_zfs_embed (grub_device_t device __attribute__ ((unused)), + *nsectors = (VDEV_BOOT_SIZE >> GRUB_DISK_SECTOR_BITS); + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/gfxmenu/gui_string_util.c b/grub-core/gfxmenu/gui_string_util.c +index a9a415e..ba1e1ea 100644 +--- a/grub-core/gfxmenu/gui_string_util.c ++++ b/grub-core/gfxmenu/gui_string_util.c +@@ -55,7 +55,7 @@ canonicalize_path (const char *path) + if (*p == '/') + components++; + +- char **path_array = grub_malloc (components * sizeof (*path_array)); ++ char **path_array = grub_calloc (components, sizeof (*path_array)); + if (! path_array) + return 0; + +diff --git a/grub-core/gfxmenu/widget-box.c b/grub-core/gfxmenu/widget-box.c +index b606028..470597d 100644 +--- a/grub-core/gfxmenu/widget-box.c ++++ b/grub-core/gfxmenu/widget-box.c +@@ -303,10 +303,10 @@ grub_gfxmenu_create_box (const char *pixmaps_prefix, + box->content_height = 0; + box->raw_pixmaps = + (struct grub_video_bitmap **) +- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); ++ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); + box->scaled_pixmaps = + (struct grub_video_bitmap **) +- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); ++ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); + + /* Initialize all pixmap pointers to NULL so that proper destruction can + be performed if an error is encountered partway through construction. */ +diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c +index 6208a97..43d98a7 100644 +--- a/grub-core/io/gzio.c ++++ b/grub-core/io/gzio.c +@@ -554,7 +554,7 @@ huft_build (unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ + z = 1 << j; /* table entries for j-bit table */ + + /* allocate and link in new table */ +- q = (struct huft *) grub_zalloc ((z + 1) * sizeof (struct huft)); ++ q = (struct huft *) grub_calloc (z + 1, sizeof (struct huft)); + if (! q) + { + if (h) +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 6e1ceb9..dc31caa 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -202,7 +202,7 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, + + len = grub_strlen (var); + len16 = len * GRUB_MAX_UTF16_PER_UTF8; +- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); ++ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); + if (!var16) + return grub_errno; + len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); +@@ -237,7 +237,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, + + len = grub_strlen (var); + len16 = len * GRUB_MAX_UTF16_PER_UTF8; +- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); ++ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); + if (!var16) + return NULL; + len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); +@@ -383,7 +383,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + while (len > 0 && fp->path_name[len - 1] == 0) + len--; + +- dup_name = grub_malloc (len * sizeof (*dup_name)); ++ dup_name = grub_calloc (len, sizeof (*dup_name)); + if (!dup_name) + { + grub_free (name); +diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c +index 8ac5239..f90b6c9 100644 +--- a/grub-core/kern/emu/hostdisk.c ++++ b/grub-core/kern/emu/hostdisk.c +@@ -627,7 +627,7 @@ static char * + grub_util_path_concat_real (size_t n, int ext, va_list ap) + { + size_t totlen = 0; +- char **l = xmalloc ((n + ext) * sizeof (l[0])); ++ char **l = xcalloc (n + ext, sizeof (l[0])); + char *r, *p, *pi; + size_t i; + int first = 1; +diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c +index 2b85f49..f90be65 100644 +--- a/grub-core/kern/fs.c ++++ b/grub-core/kern/fs.c +@@ -151,7 +151,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name) + while (p); + + /* Allocate a block list. */ +- blocks = grub_zalloc (sizeof (struct grub_fs_block) * (num + 1)); ++ blocks = grub_calloc (num + 1, sizeof (struct grub_fs_block)); + if (! blocks) + return 0; + +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 18cad58..83c068d 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -691,7 +691,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args, + args->ptr = args->prealloc; + else + { +- args->ptr = grub_malloc (args->count * sizeof (args->ptr[0])); ++ args->ptr = grub_calloc (args->count, sizeof (args->ptr[0])); + if (!args->ptr) + { + grub_errno = GRUB_ERR_NONE; +diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c +index 78175aa..619db31 100644 +--- a/grub-core/kern/parser.c ++++ b/grub-core/kern/parser.c +@@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *cmdline, + return grub_errno; + grub_memcpy (args, buffer, bp - buffer); + +- *argv = grub_malloc (sizeof (char *) * (*argc + 1)); ++ *argv = grub_calloc (*argc + 1, sizeof (char *)); + if (!*argv) + { + grub_free (args); +diff --git a/grub-core/kern/uboot/uboot.c b/grub-core/kern/uboot/uboot.c +index be4816f..aac8f9a 100644 +--- a/grub-core/kern/uboot/uboot.c ++++ b/grub-core/kern/uboot/uboot.c +@@ -133,7 +133,7 @@ grub_uboot_dev_enum (void) + return num_devices; + + max_devices = 2; +- enum_devices = grub_malloc (sizeof(struct device_info) * max_devices); ++ enum_devices = grub_calloc (max_devices, sizeof(struct device_info)); + if (!enum_devices) + return 0; + +diff --git a/grub-core/lib/libgcrypt/cipher/ac.c b/grub-core/lib/libgcrypt/cipher/ac.c +index f5e946a..63f6fcd 100644 +--- a/grub-core/lib/libgcrypt/cipher/ac.c ++++ b/grub-core/lib/libgcrypt/cipher/ac.c +@@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n, + gcry_mpi_t mpi; + char *label; + +- data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n); ++ data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new)); + if (! data_mpis_new) + { + err = gcry_error_from_errno (errno); +@@ -572,7 +572,7 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp, + } + + /* Add MPI list. */ +- arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1)); ++ arg_list = gcry_calloc (data_n + 1, sizeof (*arg_list)); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +@@ -1283,7 +1283,7 @@ ac_data_construct (const char *identifier, int include_flags, + /* We build a list of arguments to pass to + gcry_sexp_build_array(). */ + data_length = _gcry_ac_data_length (data); +- arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2)); ++ arg_list = gcry_calloc (data_length, sizeof (*arg_list) * 2); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +@@ -1593,7 +1593,7 @@ _gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits, + arg_list_n += 2; + + /* Allocate list. */ +- arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n); ++ arg_list = gcry_calloc (arg_list_n, sizeof (*arg_list)); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +diff --git a/grub-core/lib/libgcrypt/cipher/primegen.c b/grub-core/lib/libgcrypt/cipher/primegen.c +index 2788e34..b12e79b 100644 +--- a/grub-core/lib/libgcrypt/cipher/primegen.c ++++ b/grub-core/lib/libgcrypt/cipher/primegen.c +@@ -383,7 +383,7 @@ prime_generate_internal (int need_q_factor, + } + + /* Allocate an array to track pool usage. */ +- pool_in_use = gcry_malloc (n * sizeof *pool_in_use); ++ pool_in_use = gcry_calloc (n, sizeof *pool_in_use); + if (!pool_in_use) + { + err = gpg_err_code_from_errno (errno); +@@ -765,7 +765,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel, + if (nbits < 16) + log_fatal ("can't generate a prime with less than %d bits\n", 16); + +- mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods ); ++ mods = gcry_xcalloc( no_of_small_prime_numbers, sizeof *mods); + /* Make nbits fit into gcry_mpi_t implementation. */ + val_2 = mpi_alloc_set_ui( 2 ); + val_3 = mpi_alloc_set_ui( 3); +diff --git a/grub-core/lib/libgcrypt/cipher/pubkey.c b/grub-core/lib/libgcrypt/cipher/pubkey.c +index 9109821..ca087ad 100644 +--- a/grub-core/lib/libgcrypt/cipher/pubkey.c ++++ b/grub-core/lib/libgcrypt/cipher/pubkey.c +@@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) + * array to a format string, so we have to do it this way :-(. */ + /* FIXME: There is now such a format specifier, so we can + change the code to be more clear. */ +- arg_list = malloc (nelem * sizeof *arg_list); ++ arg_list = calloc (nelem, sizeof *arg_list); + if (!arg_list) + { + rc = gpg_err_code_from_syserror (); +@@ -3233,7 +3233,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) + } + strcpy (p, "))"); + +- arg_list = malloc (nelem * sizeof *arg_list); ++ arg_list = calloc (nelem, sizeof *arg_list); + if (!arg_list) + { + rc = gpg_err_code_from_syserror (); +diff --git a/grub-core/lib/priority_queue.c b/grub-core/lib/priority_queue.c +index 659be0b..7d5e7c0 100644 +--- a/grub-core/lib/priority_queue.c ++++ b/grub-core/lib/priority_queue.c +@@ -92,7 +92,7 @@ grub_priority_queue_new (grub_size_t elsize, + { + struct grub_priority_queue *ret; + void *els; +- els = grub_malloc (elsize * 8); ++ els = grub_calloc (8, elsize); + if (!els) + return 0; + ret = (struct grub_priority_queue *) grub_malloc (sizeof (*ret)); +diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c +index ee9fa7b..467305b 100644 +--- a/grub-core/lib/reed_solomon.c ++++ b/grub-core/lib/reed_solomon.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#define xcalloc calloc + #define xmalloc malloc + #define grub_memset memset + #define grub_memcpy memcpy +@@ -158,11 +159,9 @@ rs_encode (gf_single_t *data, grub_size_t s, grub_size_t rs) + gf_single_t *rs_polynomial; + int i, j; + gf_single_t *m; +- m = xmalloc ((s + rs) * sizeof (gf_single_t)); ++ m = xcalloc (s + rs, sizeof (gf_single_t)); + grub_memcpy (m, data, s * sizeof (gf_single_t)); +- grub_memset (m + s, 0, rs * sizeof (gf_single_t)); +- rs_polynomial = xmalloc ((rs + 1) * sizeof (gf_single_t)); +- grub_memset (rs_polynomial, 0, (rs + 1) * sizeof (gf_single_t)); ++ rs_polynomial = xcalloc (rs + 1, sizeof (gf_single_t)); + rs_polynomial[rs] = 1; + /* Multiply with X - a^r */ + for (j = 0; j < rs; j++) +diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c +index ea3ebc7..5847aac 100644 +--- a/grub-core/lib/relocator.c ++++ b/grub-core/lib/relocator.c +@@ -495,9 +495,9 @@ malloc_in_range (struct grub_relocator *rel, + } + #endif + +- eventt = grub_malloc (maxevents * sizeof (events[0])); ++ eventt = grub_calloc (maxevents, sizeof (events[0])); + counter = grub_malloc ((DIGITSORT_MASK + 2) * sizeof (counter[0])); +- events = grub_malloc (maxevents * sizeof (events[0])); ++ events = grub_calloc (maxevents, sizeof (events[0])); + if (!events || !eventt || !counter) + { + grub_dprintf ("relocator", "events or counter allocation failed %d\n", +@@ -963,7 +963,7 @@ malloc_in_range (struct grub_relocator *rel, + #endif + unsigned cural = 0; + int oom = 0; +- res->subchunks = grub_malloc (sizeof (res->subchunks[0]) * nallocs); ++ res->subchunks = grub_calloc (nallocs, sizeof (res->subchunks[0])); + if (!res->subchunks) + oom = 1; + res->nsubchunks = nallocs; +@@ -1562,8 +1562,8 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr, + count[(chunk->src & 0xff) + 1]++; + } + } +- from = grub_malloc (nchunks * sizeof (sorted[0])); +- to = grub_malloc (nchunks * sizeof (sorted[0])); ++ from = grub_calloc (nchunks, sizeof (sorted[0])); ++ to = grub_calloc (nchunks, sizeof (sorted[0])); + if (!from || !to) + { + grub_free (from); +diff --git a/grub-core/lib/zstd/fse_decompress.c b/grub-core/lib/zstd/fse_decompress.c +index 72bbead..2227b84 100644 +--- a/grub-core/lib/zstd/fse_decompress.c ++++ b/grub-core/lib/zstd/fse_decompress.c +@@ -82,7 +82,7 @@ + FSE_DTable* FSE_createDTable (unsigned tableLog) + { + if (tableLog > FSE_TABLELOG_ABSOLUTE_MAX) tableLog = FSE_TABLELOG_ABSOLUTE_MAX; +- return (FSE_DTable*)malloc( FSE_DTABLE_SIZE_U32(tableLog) * sizeof (U32) ); ++ return (FSE_DTable*)calloc( FSE_DTABLE_SIZE_U32(tableLog), sizeof (U32) ); + } + + void FSE_freeDTable (FSE_DTable* dt) +diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c +index 092e8e3..979d425 100644 +--- a/grub-core/loader/arm/linux.c ++++ b/grub-core/loader/arm/linux.c +@@ -82,7 +82,7 @@ linux_prepare_atag (void *target_atag) + + /* some place for cmdline, initrd and terminator. */ + tmp_size = get_atag_size (atag_orig) + 20 + (arg_size) / 4; +- tmp_atag = grub_malloc (tmp_size * sizeof (grub_uint32_t)); ++ tmp_atag = grub_calloc (tmp_size, sizeof (grub_uint32_t)); + if (!tmp_atag) + return grub_errno; + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index 04e815c..b9a2df3 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -126,7 +126,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, + fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; + fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; + +- path_name = grub_malloc (len * GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); ++ path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); + if (!path_name) + return; + +diff --git a/grub-core/loader/i386/bsdXX.c b/grub-core/loader/i386/bsdXX.c +index af6741d..a8d8bf7 100644 +--- a/grub-core/loader/i386/bsdXX.c ++++ b/grub-core/loader/i386/bsdXX.c +@@ -48,7 +48,7 @@ read_headers (grub_file_t file, const char *filename, Elf_Ehdr *e, char **shdr) + if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS)) + return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic")); + +- *shdr = grub_malloc ((grub_uint32_t) e->e_shnum * e->e_shentsize); ++ *shdr = grub_calloc (e->e_shnum, e->e_shentsize); + if (! *shdr) + return grub_errno; + +diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c +index e64ed08..b7d176b 100644 +--- a/grub-core/loader/i386/xnu.c ++++ b/grub-core/loader/i386/xnu.c +@@ -295,7 +295,7 @@ grub_xnu_devprop_add_property_utf8 (struct grub_xnu_devprop_device_descriptor *d + return grub_errno; + + len = grub_strlen (name); +- utf16 = grub_malloc (sizeof (grub_uint16_t) * len); ++ utf16 = grub_calloc (len, sizeof (grub_uint16_t)); + if (!utf16) + { + grub_free (utf8); +@@ -331,7 +331,7 @@ grub_xnu_devprop_add_property_utf16 (struct grub_xnu_devprop_device_descriptor * + grub_uint16_t *utf16; + grub_err_t err; + +- utf16 = grub_malloc (sizeof (grub_uint16_t) * namelen); ++ utf16 = grub_calloc (namelen, sizeof (grub_uint16_t)); + if (!utf16) + return grub_errno; + grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen); +diff --git a/grub-core/loader/macho.c b/grub-core/loader/macho.c +index 085f9c6..05710c4 100644 +--- a/grub-core/loader/macho.c ++++ b/grub-core/loader/macho.c +@@ -97,7 +97,7 @@ grub_macho_file (grub_file_t file, const char *filename, int is_64bit) + if (grub_file_seek (macho->file, sizeof (struct grub_macho_fat_header)) + == (grub_off_t) -1) + goto fail; +- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); ++ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); + if (!archs) + goto fail; + if (grub_file_read (macho->file, archs, +diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c +index 70cd1db..cc68536 100644 +--- a/grub-core/loader/multiboot_elfxx.c ++++ b/grub-core/loader/multiboot_elfxx.c +@@ -217,7 +217,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + { + grub_uint8_t *shdr, *shdrptr; + +- shdr = grub_malloc ((grub_uint32_t) ehdr->e_shnum * ehdr->e_shentsize); ++ shdr = grub_calloc (ehdr->e_shnum, ehdr->e_shentsize); + if (!shdr) + return grub_errno; + +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index e0f47e7..2f0ebd0 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -801,7 +801,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd __attribute__ ((unused)), + if (grub_be_to_cpu32 (head.magic) == GRUB_MACHO_FAT_MAGIC) + { + narchs = grub_be_to_cpu32 (head.nfat_arch); +- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); ++ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); + if (! archs) + { + grub_file_close (file); +diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c +index 6a31cba..57b4e9a 100644 +--- a/grub-core/mmap/mmap.c ++++ b/grub-core/mmap/mmap.c +@@ -143,9 +143,9 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) + + /* Initialize variables. */ + ctx.scanline_events = (struct grub_mmap_scan *) +- grub_malloc (sizeof (struct grub_mmap_scan) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (struct grub_mmap_scan) * 2); + +- present = grub_zalloc (sizeof (present[0]) * current_priority); ++ present = grub_calloc (current_priority, sizeof (present[0])); + + if (! ctx.scanline_events || !present) + { +diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c +index 558d97b..dd0ffcd 100644 +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -1559,7 +1559,7 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), + if (ncards == 0) + return grub_error (GRUB_ERR_NET_NO_CARD, N_("no network card found")); + +- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); ++ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); + if (!ifaces) + return grub_errno; + +diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c +index 5d9afe0..e332d5e 100644 +--- a/grub-core/net/dns.c ++++ b/grub-core/net/dns.c +@@ -285,8 +285,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), + ptr++; + ptr += 4; + } +- *data->addresses = grub_malloc (sizeof ((*data->addresses)[0]) +- * grub_be_to_cpu16 (head->ancount)); ++ *data->addresses = grub_calloc (grub_be_to_cpu16 (head->ancount), ++ sizeof ((*data->addresses)[0])); + if (!*data->addresses) + { + grub_errno = GRUB_ERR_NONE; +@@ -406,8 +406,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), + dns_cache[h].addresses = 0; + dns_cache[h].name = grub_strdup (data->oname); + dns_cache[h].naddresses = *data->naddresses; +- dns_cache[h].addresses = grub_malloc (*data->naddresses +- * sizeof (dns_cache[h].addresses[0])); ++ dns_cache[h].addresses = grub_calloc (*data->naddresses, ++ sizeof (dns_cache[h].addresses[0])); + dns_cache[h].limit_time = grub_get_time_ms () + 1000 * ttl_all; + if (!dns_cache[h].addresses || !dns_cache[h].name) + { +@@ -479,7 +479,7 @@ grub_net_dns_lookup (const char *name, + } + } + +- sockets = grub_malloc (sizeof (sockets[0]) * n_servers); ++ sockets = grub_calloc (n_servers, sizeof (sockets[0])); + if (!sockets) + return grub_errno; + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index b917a75..fed7bc5 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -333,8 +333,8 @@ grub_cmd_ipv6_autoconf (struct grub_command *cmd __attribute__ ((unused)), + ncards++; + } + +- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); +- slaacs = grub_zalloc (ncards * sizeof (slaacs[0])); ++ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); ++ slaacs = grub_calloc (ncards, sizeof (slaacs[0])); + if (!ifaces || !slaacs) + { + grub_free (ifaces); +diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c +index b0ab47d..d57fb72 100644 +--- a/grub-core/normal/charset.c ++++ b/grub-core/normal/charset.c +@@ -203,7 +203,7 @@ grub_utf8_to_ucs4_alloc (const char *msg, grub_uint32_t **unicode_msg, + { + grub_size_t msg_len = grub_strlen (msg); + +- *unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ *unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + if (!*unicode_msg) + return -1; +@@ -488,7 +488,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + } + else + { +- n = grub_malloc (sizeof (n[0]) * (out->ncomb + 1)); ++ n = grub_calloc (out->ncomb + 1, sizeof (n[0])); + if (!n) + { + grub_errno = GRUB_ERR_NONE; +@@ -842,7 +842,7 @@ grub_bidi_line_logical_to_visual (const grub_uint32_t *logical, + } \ + } + +- visual = grub_malloc (sizeof (visual[0]) * logical_len); ++ visual = grub_calloc (logical_len, sizeof (visual[0])); + if (!visual) + return -1; + +@@ -1165,8 +1165,8 @@ grub_bidi_logical_to_visual (const grub_uint32_t *logical, + { + const grub_uint32_t *line_start = logical, *ptr; + struct grub_unicode_glyph *visual_ptr; +- *visual_out = visual_ptr = grub_malloc (3 * sizeof (visual_ptr[0]) +- * (logical_len + 2)); ++ *visual_out = visual_ptr = grub_calloc (logical_len + 2, ++ 3 * sizeof (visual_ptr[0])); + if (!visual_ptr) + return -1; + for (ptr = logical; ptr <= logical + logical_len; ptr++) +diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c +index c037d50..c57242e 100644 +--- a/grub-core/normal/cmdline.c ++++ b/grub-core/normal/cmdline.c +@@ -41,7 +41,7 @@ grub_err_t + grub_set_history (int newsize) + { + grub_uint32_t **old_hist_lines = hist_lines; +- hist_lines = grub_malloc (sizeof (grub_uint32_t *) * newsize); ++ hist_lines = grub_calloc (newsize, sizeof (grub_uint32_t *)); + + /* Copy the old lines into the new buffer. */ + if (old_hist_lines) +@@ -114,7 +114,7 @@ static void + grub_history_set (int pos, grub_uint32_t *s, grub_size_t len) + { + grub_free (hist_lines[pos]); +- hist_lines[pos] = grub_malloc ((len + 1) * sizeof (grub_uint32_t)); ++ hist_lines[pos] = grub_calloc (len + 1, sizeof (grub_uint32_t)); + if (!hist_lines[pos]) + { + grub_print_error (); +@@ -349,7 +349,7 @@ grub_cmdline_get (const char *prompt_translated) + char *ret; + unsigned nterms; + +- buf = grub_malloc (max_len * sizeof (grub_uint32_t)); ++ buf = grub_calloc (max_len, sizeof (grub_uint32_t)); + if (!buf) + return 0; + +@@ -377,7 +377,7 @@ grub_cmdline_get (const char *prompt_translated) + FOR_ACTIVE_TERM_OUTPUTS(cur) + nterms++; + +- cl_terms = grub_malloc (sizeof (cl_terms[0]) * nterms); ++ cl_terms = grub_calloc (nterms, sizeof (cl_terms[0])); + if (!cl_terms) + { + grub_free (buf); +@@ -385,7 +385,7 @@ grub_cmdline_get (const char *prompt_translated) + } + cl_term_cur = cl_terms; + +- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + if (!unicode_msg) + { + grub_free (buf); +@@ -495,7 +495,7 @@ grub_cmdline_get (const char *prompt_translated) + grub_uint32_t *insert; + + insertlen = grub_strlen (insertu8); +- insert = grub_malloc ((insertlen + 1) * sizeof (grub_uint32_t)); ++ insert = grub_calloc (insertlen + 1, sizeof (grub_uint32_t)); + if (!insert) + { + grub_free (insertu8); +@@ -602,7 +602,7 @@ grub_cmdline_get (const char *prompt_translated) + + grub_free (kill_buf); + +- kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t)); ++ kill_buf = grub_calloc (n + 1, sizeof (grub_uint32_t)); + if (grub_errno) + { + grub_print_error (); +diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c +index cdf3590..1993995 100644 +--- a/grub-core/normal/menu_entry.c ++++ b/grub-core/normal/menu_entry.c +@@ -95,8 +95,8 @@ init_line (struct screen *screen, struct line *linep) + { + linep->len = 0; + linep->max_len = 80; +- linep->buf = grub_malloc ((linep->max_len + 1) * sizeof (linep->buf[0])); +- linep->pos = grub_zalloc (screen->nterms * sizeof (linep->pos[0])); ++ linep->buf = grub_calloc (linep->max_len + 1, sizeof (linep->buf[0])); ++ linep->pos = grub_calloc (screen->nterms, sizeof (linep->pos[0])); + if (! linep->buf || !linep->pos) + { + grub_free (linep->buf); +@@ -287,7 +287,7 @@ update_screen (struct screen *screen, struct per_term_screen *term_screen, + pos = linep->pos + (term_screen - screen->terms); + + if (!*pos) +- *pos = grub_zalloc ((linep->len + 1) * sizeof (**pos)); ++ *pos = grub_calloc (linep->len + 1, sizeof (**pos)); + + if (i == region_start || linep == screen->lines + screen->line + || (i > region_start && mode == ALL_LINES)) +@@ -471,7 +471,7 @@ insert_string (struct screen *screen, const char *s, int update) + + /* Insert the string. */ + current_linep = screen->lines + screen->line; +- unicode_msg = grub_malloc ((p - s) * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (p - s, sizeof (grub_uint32_t)); + + if (!unicode_msg) + return 0; +@@ -1023,7 +1023,7 @@ complete (struct screen *screen, int continuous, int update) + if (completion_buffer.buf) + { + buflen = grub_strlen (completion_buffer.buf); +- ucs4 = grub_malloc (sizeof (grub_uint32_t) * (buflen + 1)); ++ ucs4 = grub_calloc (buflen + 1, sizeof (grub_uint32_t)); + + if (!ucs4) + { +@@ -1268,7 +1268,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) + for (i = 0; i < (unsigned) screen->num_lines; i++) + { + grub_free (screen->lines[i].pos); +- screen->lines[i].pos = grub_zalloc (screen->nterms * sizeof (screen->lines[i].pos[0])); ++ screen->lines[i].pos = grub_calloc (screen->nterms, sizeof (screen->lines[i].pos[0])); + if (! screen->lines[i].pos) + { + grub_print_error (); +@@ -1278,7 +1278,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) + } + } + +- screen->terms = grub_zalloc (screen->nterms * sizeof (screen->terms[0])); ++ screen->terms = grub_calloc (screen->nterms, sizeof (screen->terms[0])); + if (!screen->terms) + { + grub_print_error (); +diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c +index e22bb91..18240e7 100644 +--- a/grub-core/normal/menu_text.c ++++ b/grub-core/normal/menu_text.c +@@ -78,7 +78,7 @@ grub_print_message_indented_real (const char *msg, int margin_left, + grub_size_t msg_len = grub_strlen (msg) + 2; + int ret = 0; + +- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + if (!unicode_msg) + return 0; +@@ -211,7 +211,7 @@ print_entry (int y, int highlight, grub_menu_entry_t entry, + + title = entry ? entry->title : ""; + title_len = grub_strlen (title); +- unicode_title = grub_malloc (title_len * sizeof (*unicode_title)); ++ unicode_title = grub_calloc (title_len, sizeof (*unicode_title)); + if (! unicode_title) + /* XXX How to show this error? */ + return; +diff --git a/grub-core/normal/term.c b/grub-core/normal/term.c +index a1e5c5a..cc8c173 100644 +--- a/grub-core/normal/term.c ++++ b/grub-core/normal/term.c +@@ -264,7 +264,7 @@ grub_term_save_pos (void) + FOR_ACTIVE_TERM_OUTPUTS(cur) + cnt++; + +- ret = grub_malloc (cnt * sizeof (ret[0])); ++ ret = grub_calloc (cnt, sizeof (ret[0])); + if (!ret) + return NULL; + +@@ -1013,7 +1013,7 @@ grub_xnputs (const char *str, grub_size_t msg_len) + + grub_error_push (); + +- unicode_str = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_str = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + grub_error_pop (); + +diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c +index 7adc0f3..a5bd075 100644 +--- a/grub-core/osdep/linux/getroot.c ++++ b/grub-core/osdep/linux/getroot.c +@@ -168,7 +168,7 @@ grub_util_raid_getmembers (const char *name, int bootable) + if (ret != 0) + grub_util_error (_("ioctl GET_ARRAY_INFO error: %s"), strerror (errno)); + +- devicelist = xmalloc ((info.nr_disks + 1) * sizeof (char *)); ++ devicelist = xcalloc (info.nr_disks + 1, sizeof (char *)); + + for (i = 0, j = 0; j < info.nr_disks; i++) + { +@@ -241,7 +241,7 @@ grub_find_root_devices_from_btrfs (const char *dir) + return NULL; + } + +- ret = xmalloc ((fsi.num_devices + 1) * sizeof (ret[0])); ++ ret = xcalloc (fsi.num_devices + 1, sizeof (ret[0])); + + for (i = 1; i <= fsi.max_id && j < fsi.num_devices; i++) + { +@@ -396,7 +396,7 @@ grub_find_root_devices_from_mountinfo (const char *dir, char **relroot) + if (relroot) + *relroot = NULL; + +- entries = xmalloc (entry_max * sizeof (*entries)); ++ entries = xcalloc (entry_max, sizeof (*entries)); + + again: + fp = grub_util_fopen ("/proc/self/mountinfo", "r"); +diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c +index 5478030..89dc70d 100644 +--- a/grub-core/osdep/unix/config.c ++++ b/grub-core/osdep/unix/config.c +@@ -130,7 +130,7 @@ grub_util_load_config (struct grub_util_config *cfg) + if (num_cfgpaths == 0) + goto out; + +- sorted_cfgpaths = xmalloc (num_cfgpaths * sizeof (*sorted_cfgpaths)); ++ sorted_cfgpaths = xcalloc (num_cfgpaths, sizeof (*sorted_cfgpaths)); + i = 0; + if (grub_util_is_regular (cfgfile)) + sorted_cfgpaths[i++] = xstrdup (cfgfile); +diff --git a/grub-core/osdep/windows/getroot.c b/grub-core/osdep/windows/getroot.c +index 661d954..eada663 100644 +--- a/grub-core/osdep/windows/getroot.c ++++ b/grub-core/osdep/windows/getroot.c +@@ -59,7 +59,7 @@ grub_get_mount_point (const TCHAR *path) + + for (ptr = path; *ptr; ptr++); + allocsize = (ptr - path + 10) * 2; +- out = xmalloc (allocsize * sizeof (out[0])); ++ out = xcalloc (allocsize, sizeof (out[0])); + + /* When pointing to EFI system partition GetVolumePathName fails + for ESP root and returns abberant information for everything +diff --git a/grub-core/osdep/windows/hostdisk.c b/grub-core/osdep/windows/hostdisk.c +index 3551007..0be3273 100644 +--- a/grub-core/osdep/windows/hostdisk.c ++++ b/grub-core/osdep/windows/hostdisk.c +@@ -111,7 +111,7 @@ grub_util_get_windows_path_real (const char *path) + + while (1) + { +- fpa = xmalloc (alloc * sizeof (fpa[0])); ++ fpa = xcalloc (alloc, sizeof (fpa[0])); + + len = GetFullPathName (tpath, alloc, fpa, NULL); + if (len >= alloc) +@@ -399,7 +399,7 @@ grub_util_fd_opendir (const char *name) + for (l = 0; name_windows[l]; l++); + for (l--; l >= 0 && (name_windows[l] == '\\' || name_windows[l] == '/'); l--); + l++; +- pattern = xmalloc ((l + 3) * sizeof (pattern[0])); ++ pattern = xcalloc (l + 3, sizeof (pattern[0])); + memcpy (pattern, name_windows, l * sizeof (pattern[0])); + pattern[l] = '\\'; + pattern[l + 1] = '*'; +diff --git a/grub-core/osdep/windows/init.c b/grub-core/osdep/windows/init.c +index e8ffd62..6297de6 100644 +--- a/grub-core/osdep/windows/init.c ++++ b/grub-core/osdep/windows/init.c +@@ -161,7 +161,7 @@ grub_util_host_init (int *argc __attribute__ ((unused)), + LPWSTR *targv; + + targv = CommandLineToArgvW (tcmdline, argc); +- *argv = xmalloc ((*argc + 1) * sizeof (argv[0])); ++ *argv = xcalloc (*argc + 1, sizeof (argv[0])); + + for (i = 0; i < *argc; i++) + (*argv)[i] = grub_util_tchar_to_utf8 (targv[i]); +diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c +index a3f738f..b160949 100644 +--- a/grub-core/osdep/windows/platform.c ++++ b/grub-core/osdep/windows/platform.c +@@ -231,8 +231,8 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efidir, + grub_util_error ("%s", _("no EFI routines are available when running in BIOS mode")); + + distrib8_len = grub_strlen (efi_distributor); +- distributor16 = xmalloc ((distrib8_len + 1) * GRUB_MAX_UTF16_PER_UTF8 +- * sizeof (grub_uint16_t)); ++ distributor16 = xcalloc (distrib8_len + 1, ++ GRUB_MAX_UTF16_PER_UTF8 * sizeof (grub_uint16_t)); + distrib16_len = grub_utf8_to_utf16 (distributor16, distrib8_len * GRUB_MAX_UTF16_PER_UTF8, + (const grub_uint8_t *) efi_distributor, + distrib8_len, 0); +diff --git a/grub-core/osdep/windows/relpath.c b/grub-core/osdep/windows/relpath.c +index cb08617..478e8ef 100644 +--- a/grub-core/osdep/windows/relpath.c ++++ b/grub-core/osdep/windows/relpath.c +@@ -72,7 +72,7 @@ grub_make_system_path_relative_to_its_root (const char *path) + if (dirwindows[0] && dirwindows[1] == ':') + offset = 2; + } +- ret = xmalloc (sizeof (ret[0]) * (flen - offset + 2)); ++ ret = xcalloc (flen - offset + 2, sizeof (ret[0])); + if (dirwindows[offset] != '\\' + && dirwindows[offset] != '/' + && dirwindows[offset]) +diff --git a/grub-core/partmap/gpt.c b/grub-core/partmap/gpt.c +index 103f679..72a2e37 100644 +--- a/grub-core/partmap/gpt.c ++++ b/grub-core/partmap/gpt.c +@@ -199,7 +199,7 @@ gpt_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, + *nsectors = ctx.len; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/partmap/msdos.c b/grub-core/partmap/msdos.c +index 7b8e450..ee3f249 100644 +--- a/grub-core/partmap/msdos.c ++++ b/grub-core/partmap/msdos.c +@@ -337,7 +337,7 @@ pc_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, + avail_nsectors = *nsectors; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index ee299fd..c8d6806 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -553,7 +553,7 @@ gettext_append (struct grub_script_argv *result, const char *orig_str) + for (iptr = orig_str; *iptr; iptr++) + if (*iptr == '$') + dollar_cnt++; +- ctx.allowed_strings = grub_malloc (sizeof (ctx.allowed_strings[0]) * dollar_cnt); ++ ctx.allowed_strings = grub_calloc (dollar_cnt, sizeof (ctx.allowed_strings[0])); + + if (parse_string (orig_str, gettext_save_allow, &ctx, 0)) + goto fail; +diff --git a/grub-core/tests/fake_input.c b/grub-core/tests/fake_input.c +index 2d60852..b5eb516 100644 +--- a/grub-core/tests/fake_input.c ++++ b/grub-core/tests/fake_input.c +@@ -49,7 +49,7 @@ grub_terminal_input_fake_sequence (int *seq_in, int nseq_in) + saved = grub_term_inputs; + if (seq) + grub_free (seq); +- seq = grub_malloc (nseq_in * sizeof (seq[0])); ++ seq = grub_calloc (nseq_in, sizeof (seq[0])); + if (!seq) + return; + +diff --git a/grub-core/tests/video_checksum.c b/grub-core/tests/video_checksum.c +index 74d5b65..44d0810 100644 +--- a/grub-core/tests/video_checksum.c ++++ b/grub-core/tests/video_checksum.c +@@ -336,7 +336,7 @@ grub_video_capture_write_bmp (const char *fname, + { + case 4: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); +@@ -367,7 +367,7 @@ grub_video_capture_write_bmp (const char *fname, + } + case 3: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); +@@ -407,7 +407,7 @@ grub_video_capture_write_bmp (const char *fname, + } + case 2: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint16_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint16_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint16_t bmask = ((1 << mode_info->blue_mask_size) - 1); +diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c +index 4f83c74..4d3195e 100644 +--- a/grub-core/video/capture.c ++++ b/grub-core/video/capture.c +@@ -89,7 +89,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info, + framebuffer.mode_info = *mode_info; + framebuffer.mode_info.blit_format = grub_video_get_blit_format (&framebuffer.mode_info); + +- framebuffer.ptr = grub_malloc (framebuffer.mode_info.height * framebuffer.mode_info.pitch); ++ framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); + if (!framebuffer.ptr) + return grub_errno; + +diff --git a/grub-core/video/emu/sdl.c b/grub-core/video/emu/sdl.c +index a2f639f..0ebab6f 100644 +--- a/grub-core/video/emu/sdl.c ++++ b/grub-core/video/emu/sdl.c +@@ -172,7 +172,7 @@ grub_video_sdl_set_palette (unsigned int start, unsigned int count, + if (start + count > mode_info.number_of_colors) + count = mode_info.number_of_colors - start; + +- tmp = grub_malloc (count * sizeof (tmp[0])); ++ tmp = grub_calloc (count, sizeof (tmp[0])); + for (i = 0; i < count; i++) + { + tmp[i].r = palette_data[i].r; +diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c +index 01f4711..b2f776c 100644 +--- a/grub-core/video/i386/pc/vga.c ++++ b/grub-core/video/i386/pc/vga.c +@@ -127,7 +127,7 @@ grub_video_vga_setup (unsigned int width, unsigned int height, + + vga_height = height ? : 480; + +- framebuffer.temporary_buffer = grub_malloc (vga_height * VGA_WIDTH); ++ framebuffer.temporary_buffer = grub_calloc (vga_height, VGA_WIDTH); + framebuffer.front_page = 0; + framebuffer.back_page = 0; + if (!framebuffer.temporary_buffer) +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 777e713..61bd645 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -309,7 +309,7 @@ grub_png_decode_image_header (struct grub_png_data *data) + if (data->is_16bit || data->is_gray || data->is_palette) + #endif + { +- data->image_data = grub_malloc (data->image_height * data->row_bytes); ++ data->image_data = grub_calloc (data->image_height, data->row_bytes); + if (grub_errno) + return grub_errno; + +diff --git a/include/grub/unicode.h b/include/grub/unicode.h +index a0403e9..4de986a 100644 +--- a/include/grub/unicode.h ++++ b/include/grub/unicode.h +@@ -293,7 +293,7 @@ grub_unicode_glyph_dup (const struct grub_unicode_glyph *in) + grub_memcpy (out, in, sizeof (*in)); + if (in->ncomb > ARRAY_SIZE (out->combining_inline)) + { +- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); ++ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); + if (!out->combining_ptr) + { + grub_free (out); +@@ -315,7 +315,7 @@ grub_unicode_set_glyph (struct grub_unicode_glyph *out, + grub_memcpy (out, in, sizeof (*in)); + if (in->ncomb > ARRAY_SIZE (out->combining_inline)) + { +- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); ++ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); + if (!out->combining_ptr) + return; + grub_memcpy (out->combining_ptr, in->combining_ptr, +diff --git a/util/getroot.c b/util/getroot.c +index cdd4115..6ae35ec 100644 +--- a/util/getroot.c ++++ b/util/getroot.c +@@ -200,7 +200,7 @@ make_device_name (const char *drive) + char *ret, *ptr; + const char *iptr; + +- ret = xmalloc (strlen (drive) * 2); ++ ret = xcalloc (2, strlen (drive)); + ptr = ret; + for (iptr = drive; *iptr; iptr++) + { +diff --git a/util/grub-file.c b/util/grub-file.c +index 50c18b6..b2e7dd6 100644 +--- a/util/grub-file.c ++++ b/util/grub-file.c +@@ -54,7 +54,7 @@ main (int argc, char *argv[]) + + grub_util_host_init (&argc, &argv); + +- argv2 = xmalloc (argc * sizeof (argv2[0])); ++ argv2 = xcalloc (argc, sizeof (argv2[0])); + + if (argc == 2 && strcmp (argv[1], "--version") == 0) + { +diff --git a/util/grub-fstest.c b/util/grub-fstest.c +index f14e02d..57246af 100644 +--- a/util/grub-fstest.c ++++ b/util/grub-fstest.c +@@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct argp_state *state) + if (args_count < num_disks) + { + if (args_count == 0) +- images = xmalloc (num_disks * sizeof (images[0])); ++ images = xcalloc (num_disks, sizeof (images[0])); + images[args_count] = grub_canonicalize_file_name (arg); + args_count++; + return 0; +@@ -734,7 +734,7 @@ main (int argc, char *argv[]) + + grub_util_host_init (&argc, &argv); + +- args = xmalloc (argc * sizeof (args[0])); ++ args = xcalloc (argc, sizeof (args[0])); + + argp_parse (&argp, argc, argv, 0, 0, 0); + +diff --git a/util/grub-install-common.c b/util/grub-install-common.c +index fdfe2c7..447504d 100644 +--- a/util/grub-install-common.c ++++ b/util/grub-install-common.c +@@ -286,7 +286,7 @@ handle_install_list (struct install_list *il, const char *val, + il->n_entries++; + } + il->n_alloc = il->n_entries + 1; +- il->entries = xmalloc (il->n_alloc * sizeof (il->entries[0])); ++ il->entries = xcalloc (il->n_alloc, sizeof (il->entries[0])); + ptr = val; + for (ce = il->entries; ; ce++) + { +diff --git a/util/grub-install.c b/util/grub-install.c +index f408b19..843dfc7 100644 +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -658,7 +658,7 @@ device_map_check_duplicates (const char *dev_map) + if (! fp) + return; + +- d = xmalloc (alloced * sizeof (d[0])); ++ d = xcalloc (alloced, sizeof (d[0])); + + while (fgets (buf, sizeof (buf), fp)) + { +@@ -1405,7 +1405,7 @@ main (int argc, char *argv[]) + ndev++; + } + +- grub_drives = xmalloc (sizeof (grub_drives[0]) * (ndev + 1)); ++ grub_drives = xcalloc (ndev + 1, sizeof (grub_drives[0])); + + for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++, + curdrive++) +diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c +index bc087c2..d97d0e7 100644 +--- a/util/grub-mkimagexx.c ++++ b/util/grub-mkimagexx.c +@@ -2294,10 +2294,8 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, + + grub_host_to_target16 (e->e_shstrndx) * smd.section_entsize); + smd.strtab = (char *) e + grub_host_to_target_addr (s->sh_offset); + +- smd.addrs = xmalloc (sizeof (*smd.addrs) * smd.num_sections); +- memset (smd.addrs, 0, sizeof (*smd.addrs) * smd.num_sections); +- smd.vaddrs = xmalloc (sizeof (*smd.vaddrs) * smd.num_sections); +- memset (smd.vaddrs, 0, sizeof (*smd.vaddrs) * smd.num_sections); ++ smd.addrs = xcalloc (smd.num_sections, sizeof (*smd.addrs)); ++ smd.vaddrs = xcalloc (smd.num_sections, sizeof (*smd.vaddrs)); + + SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target); + +diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c +index 45d6140..cb972f1 100644 +--- a/util/grub-mkrescue.c ++++ b/util/grub-mkrescue.c +@@ -441,8 +441,8 @@ main (int argc, char *argv[]) + xorriso = xstrdup ("xorriso"); + label_font = grub_util_path_concat (2, pkgdatadir, "unicode.pf2"); + +- argp_argv = xmalloc (sizeof (argp_argv[0]) * argc); +- xorriso_tail_argv = xmalloc (sizeof (argp_argv[0]) * argc); ++ argp_argv = xcalloc (argc, sizeof (argp_argv[0])); ++ xorriso_tail_argv = xcalloc (argc, sizeof (argp_argv[0])); + + xorriso_tail_argc = 0; + /* Program name */ +diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c +index 4907d44..edf3097 100644 +--- a/util/grub-mkstandalone.c ++++ b/util/grub-mkstandalone.c +@@ -296,7 +296,7 @@ main (int argc, char *argv[]) + grub_util_host_init (&argc, &argv); + grub_util_disable_fd_syncs (); + +- files = xmalloc ((argc + 1) * sizeof (files[0])); ++ files = xcalloc (argc + 1, sizeof (files[0])); + + argp_parse (&argp, argc, argv, 0, 0, 0); + +diff --git a/util/grub-pe2elf.c b/util/grub-pe2elf.c +index 0d4084a..1133129 100644 +--- a/util/grub-pe2elf.c ++++ b/util/grub-pe2elf.c +@@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char *name, char *image, + char *pe_strtab = (image + pe_chdr->symtab_offset + + pe_chdr->num_symbols * sizeof (struct grub_pe32_symbol)); + +- section_map = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (int)); ++ section_map = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (int)); + section_map[0] = 0; +- shdr = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (shdr[0])); ++ shdr = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (shdr[0])); + idx = 1; + idx_reloc = pe_chdr->num_sections + 1; + +@@ -233,7 +233,7 @@ write_reloc_section (FILE* fp, const char *name, char *image, + + pe_sec = pe_shdr + shdr[i].sh_link; + pe_rel = (struct grub_pe32_reloc *) (image + pe_sec->relocations_offset); +- rel = (elf_reloc_t *) xmalloc (pe_sec->num_relocations * sizeof (elf_reloc_t)); ++ rel = (elf_reloc_t *) xcalloc (pe_sec->num_relocations, sizeof (elf_reloc_t)); + num_rels = 0; + modified = 0; + +@@ -365,12 +365,10 @@ write_symbol_table (FILE* fp, const char *name, char *image, + pe_symtab = (struct grub_pe32_symbol *) (image + pe_chdr->symtab_offset); + pe_strtab = (char *) (pe_symtab + pe_chdr->num_symbols); + +- symtab = (Elf_Sym *) xmalloc ((pe_chdr->num_symbols + 1) * +- sizeof (Elf_Sym)); +- memset (symtab, 0, (pe_chdr->num_symbols + 1) * sizeof (Elf_Sym)); ++ symtab = (Elf_Sym *) xcalloc (pe_chdr->num_symbols + 1, sizeof (Elf_Sym)); + num_syms = 1; + +- symtab_map = (int *) xmalloc (pe_chdr->num_symbols * sizeof (int)); ++ symtab_map = (int *) xcalloc (pe_chdr->num_symbols, sizeof (int)); + + for (i = 0; i < (int) pe_chdr->num_symbols; + i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1) +diff --git a/util/grub-probe.c b/util/grub-probe.c +index 81d27ee..cbe6ed9 100644 +--- a/util/grub-probe.c ++++ b/util/grub-probe.c +@@ -361,8 +361,8 @@ probe (const char *path, char **device_names, char delim) + grub_util_pull_device (*curdev); + ndev++; + } +- +- drives_names = xmalloc (sizeof (drives_names[0]) * (ndev + 1)); ++ ++ drives_names = xcalloc (ndev + 1, sizeof (drives_names[0])); + + for (curdev = device_names, curdrive = drives_names; *curdev; curdev++, + curdrive++) diff --git a/debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch b/debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch new file mode 100644 index 000000000..a05f30d09 --- /dev/null +++ b/debian/patches/0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch @@ -0,0 +1,1318 @@ +From: Peter Jones +Date: Mon, 15 Jun 2020 12:28:27 -0400 +Subject: malloc: Use overflow checking primitives where we do complex + allocations + +This attempts to fix the places where we do the following where +arithmetic_expr may include unvalidated data: + + X = grub_malloc(arithmetic_expr); + +It accomplishes this by doing the arithmetic ahead of time using grub_add(), +grub_sub(), grub_mul() and testing for overflow before proceeding. + +Among other issues, this fixes: + - allocation of integer overflow in grub_video_bitmap_create() + reported by Chris Coulson, + - allocation of integer overflow in grub_png_decode_image_header() + reported by Chris Coulson, + - allocation of integer overflow in grub_squash_read_symlink() + reported by Chris Coulson, + - allocation of integer overflow in grub_ext2_read_symlink() + reported by Chris Coulson, + - allocation of integer overflow in read_section_as_string() + reported by Chris Coulson. + +Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/commands/legacycfg.c | 29 +++++++++++++++++++----- + grub-core/commands/wildcard.c | 36 ++++++++++++++++++++++++----- + grub-core/disk/ldm.c | 32 ++++++++++++++++++-------- + grub-core/font/font.c | 7 +++++- + grub-core/fs/btrfs.c | 28 +++++++++++++++-------- + grub-core/fs/ext2.c | 10 ++++++++- + grub-core/fs/iso9660.c | 51 +++++++++++++++++++++++++++++------------- + grub-core/fs/sfs.c | 27 +++++++++++++++++----- + grub-core/fs/squash4.c | 45 ++++++++++++++++++++++++++++--------- + grub-core/fs/udf.c | 41 +++++++++++++++++++++------------ + grub-core/fs/xfs.c | 11 +++++---- + grub-core/fs/zfs/zfs.c | 22 ++++++++++++------ + grub-core/fs/zfs/zfscrypt.c | 7 +++++- + grub-core/lib/arg.c | 20 +++++++++++++++-- + grub-core/loader/i386/bsd.c | 8 ++++++- + grub-core/net/dns.c | 9 +++++++- + grub-core/normal/charset.c | 10 +++++++-- + grub-core/normal/cmdline.c | 14 ++++++++++-- + grub-core/normal/menu_entry.c | 13 +++++++++-- + grub-core/script/argv.c | 16 +++++++++++-- + grub-core/script/lexer.c | 21 ++++++++++++++--- + grub-core/video/bitmap.c | 25 +++++++++++++-------- + grub-core/video/readers/png.c | 13 +++++++++-- + 23 files changed, 382 insertions(+), 113 deletions(-) + +diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c +index 5e3ec0d..cc5971f 100644 +--- a/grub-core/commands/legacycfg.c ++++ b/grub-core/commands/legacycfg.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -104,13 +105,22 @@ legacy_file (const char *filename) + if (newsuffix) + { + char *t; +- ++ grub_size_t sz; ++ ++ if (grub_add (grub_strlen (suffix), grub_strlen (newsuffix), &sz) || ++ grub_add (sz, 1, &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail_0; ++ } ++ + t = suffix; +- suffix = grub_realloc (suffix, grub_strlen (suffix) +- + grub_strlen (newsuffix) + 1); ++ suffix = grub_realloc (suffix, sz); + if (!suffix) + { + grub_free (t); ++ ++ fail_0: + grub_free (entrysrc); + grub_free (parsed); + grub_free (newsuffix); +@@ -154,13 +164,22 @@ legacy_file (const char *filename) + else + { + char *t; ++ grub_size_t sz; ++ ++ if (grub_add (grub_strlen (entrysrc), grub_strlen (parsed), &sz) || ++ grub_add (sz, 1, &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail_1; ++ } + + t = entrysrc; +- entrysrc = grub_realloc (entrysrc, grub_strlen (entrysrc) +- + grub_strlen (parsed) + 1); ++ entrysrc = grub_realloc (entrysrc, sz); + if (!entrysrc) + { + grub_free (t); ++ ++ fail_1: + grub_free (parsed); + grub_free (suffix); + return grub_errno; +diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c +index 4a106ca..cc32903 100644 +--- a/grub-core/commands/wildcard.c ++++ b/grub-core/commands/wildcard.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + #include + +@@ -48,6 +49,7 @@ merge (char **dest, char **ps) + int i; + int j; + char **p; ++ grub_size_t sz; + + if (! dest) + return ps; +@@ -60,7 +62,12 @@ merge (char **dest, char **ps) + for (j = 0; ps[j]; j++) + ; + +- p = grub_realloc (dest, sizeof (char*) * (i + j + 1)); ++ if (grub_add (i, j, &sz) || ++ grub_add (sz, 1, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return dest; ++ ++ p = grub_realloc (dest, sz); + if (! p) + { + grub_free (dest); +@@ -115,8 +122,15 @@ make_regex (const char *start, const char *end, regex_t *regexp) + char ch; + int i = 0; + unsigned len = end - start; +- char *buffer = grub_malloc (len * 2 + 2 + 1); /* worst case size. */ ++ char *buffer; ++ grub_size_t sz; + ++ /* Worst case size is (len * 2 + 2 + 1). */ ++ if (grub_mul (len, 2, &sz) || ++ grub_add (sz, 3, &sz)) ++ return 1; ++ ++ buffer = grub_malloc (sz); + if (! buffer) + return 1; + +@@ -226,6 +240,7 @@ match_devices_iter (const char *name, void *data) + struct match_devices_ctx *ctx = data; + char **t; + char *buffer; ++ grub_size_t sz; + + /* skip partitions if asked to. */ + if (ctx->noparts && grub_strchr (name, ',')) +@@ -239,11 +254,16 @@ match_devices_iter (const char *name, void *data) + if (regexec (ctx->regexp, buffer, 0, 0, 0)) + { + grub_dprintf ("expand", "not matched\n"); ++ fail: + grub_free (buffer); + return 0; + } + +- t = grub_realloc (ctx->devs, sizeof (char*) * (ctx->ndev + 2)); ++ if (grub_add (ctx->ndev, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ goto fail; ++ ++ t = grub_realloc (ctx->devs, sz); + if (! t) + { + grub_free (buffer); +@@ -300,6 +320,7 @@ match_files_iter (const char *name, + struct match_files_ctx *ctx = data; + char **t; + char *buffer; ++ grub_size_t sz; + + /* skip . and .. names */ + if (grub_strcmp(".", name) == 0 || grub_strcmp("..", name) == 0) +@@ -315,9 +336,14 @@ match_files_iter (const char *name, + if (! buffer) + return 1; + +- t = grub_realloc (ctx->files, sizeof (char*) * (ctx->nfile + 2)); +- if (! t) ++ if (grub_add (ctx->nfile, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ goto fail; ++ ++ t = grub_realloc (ctx->files, sz); ++ if (!t) + { ++ fail: + grub_free (buffer); + return 1; + } +diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c +index e632370..58f8a53 100644 +--- a/grub-core/disk/ldm.c ++++ b/grub-core/disk/ldm.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + #ifdef GRUB_UTIL + #include +@@ -289,6 +290,7 @@ make_vg (grub_disk_t disk, + struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE + / sizeof (struct grub_ldm_vblk)]; + unsigned i; ++ grub_size_t sz; + err = grub_disk_read (disk, cursec, 0, + sizeof(vblk), &vblk); + if (err) +@@ -350,7 +352,13 @@ make_vg (grub_disk_t disk, + grub_free (lv); + goto fail2; + } +- lv->name = grub_malloc (*ptr + 1); ++ if (grub_add (*ptr, 1, &sz)) ++ { ++ grub_free (lv->internal_id); ++ grub_free (lv); ++ goto fail2; ++ } ++ lv->name = grub_malloc (sz); + if (!lv->name) + { + grub_free (lv->internal_id); +@@ -599,10 +607,13 @@ make_vg (grub_disk_t disk, + if (lv->segments->node_alloc == lv->segments->node_count) + { + void *t; +- lv->segments->node_alloc *= 2; +- t = grub_realloc (lv->segments->nodes, +- sizeof (*lv->segments->nodes) +- * lv->segments->node_alloc); ++ grub_size_t sz; ++ ++ if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) || ++ grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz)) ++ goto fail2; ++ ++ t = grub_realloc (lv->segments->nodes, sz); + if (!t) + goto fail2; + lv->segments->nodes = t; +@@ -723,10 +734,13 @@ make_vg (grub_disk_t disk, + if (comp->segment_alloc == comp->segment_count) + { + void *t; +- comp->segment_alloc *= 2; +- t = grub_realloc (comp->segments, +- comp->segment_alloc +- * sizeof (*comp->segments)); ++ grub_size_t sz; ++ ++ if (grub_mul (comp->segment_alloc, 2, &comp->segment_alloc) || ++ grub_mul (comp->segment_alloc, sizeof (*comp->segments), &sz)) ++ goto fail2; ++ ++ t = grub_realloc (comp->segments, sz); + if (!t) + goto fail2; + comp->segments = t; +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 8e118b3..5edb477 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -360,9 +361,13 @@ static char * + read_section_as_string (struct font_file_section *section) + { + char *str; ++ grub_size_t sz; + grub_ssize_t ret; + +- str = grub_malloc (section->length + 1); ++ if (grub_add (section->length, 1, &sz)) ++ return NULL; ++ ++ str = grub_malloc (sz); + if (!str) + return 0; + +diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c +index 11272ef..2b65bd5 100644 +--- a/grub-core/fs/btrfs.c ++++ b/grub-core/fs/btrfs.c +@@ -40,6 +40,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -329,9 +330,13 @@ save_ref (struct grub_btrfs_leaf_descriptor *desc, + if (desc->allocated < desc->depth) + { + void *newdata; +- desc->allocated *= 2; +- newdata = grub_realloc (desc->data, sizeof (desc->data[0]) +- * desc->allocated); ++ grub_size_t sz; ++ ++ if (grub_mul (desc->allocated, 2, &desc->allocated) || ++ grub_mul (desc->allocated, sizeof (desc->data[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ newdata = grub_realloc (desc->data, sz); + if (!newdata) + return grub_errno; + desc->data = newdata; +@@ -622,16 +627,21 @@ find_device (struct grub_btrfs_data *data, grub_uint64_t id) + if (data->n_devices_attached > data->n_devices_allocated) + { + void *tmp; +- data->n_devices_allocated = 2 * data->n_devices_attached + 1; +- data->devices_attached +- = grub_realloc (tmp = data->devices_attached, +- data->n_devices_allocated +- * sizeof (data->devices_attached[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || ++ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || ++ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) ++ goto fail; ++ ++ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); + if (!data->devices_attached) + { ++ data->devices_attached = tmp; ++ ++ fail: + if (ctx.dev_found) + grub_device_close (ctx.dev_found); +- data->devices_attached = tmp; + return NULL; + } + } +diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c +index 9b38980..ac33bcd 100644 +--- a/grub-core/fs/ext2.c ++++ b/grub-core/fs/ext2.c +@@ -46,6 +46,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -703,6 +704,7 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) + { + char *symlink; + struct grub_fshelp_node *diro = node; ++ grub_size_t sz; + + if (! diro->inode_read) + { +@@ -717,7 +719,13 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) + } + } + +- symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1); ++ if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ symlink = grub_malloc (sz); + if (! symlink) + return 0; + +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index 4f1b52a..7ba5b30 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -531,8 +532,13 @@ add_part (struct iterate_dir_ctx *ctx, + int len2) + { + int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; ++ grub_size_t sz; + +- ctx->symlink = grub_realloc (ctx->symlink, size + len2 + 1); ++ if (grub_add (size, len2, &sz) || ++ grub_add (sz, 1, &sz)) ++ return; ++ ++ ctx->symlink = grub_realloc (ctx->symlink, sz); + if (! ctx->symlink) + return; + +@@ -560,17 +566,24 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + { + grub_size_t off = 0, csize = 1; + char *old; ++ grub_size_t sz; ++ + csize = entry->len - 5; + old = ctx->filename; + if (ctx->filename_alloc) + { + off = grub_strlen (ctx->filename); +- ctx->filename = grub_realloc (ctx->filename, csize + off + 1); ++ if (grub_add (csize, off, &sz) || ++ grub_add (sz, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ctx->filename = grub_realloc (ctx->filename, sz); + } + else + { + off = 0; +- ctx->filename = grub_zalloc (csize + 1); ++ if (grub_add (csize, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ctx->filename = grub_zalloc (sz); + } + if (!ctx->filename) + { +@@ -776,14 +789,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, + if (node->have_dirents >= node->alloc_dirents) + { + struct grub_fshelp_node *new_node; +- node->alloc_dirents *= 2; +- new_node = grub_realloc (node, +- sizeof (struct grub_fshelp_node) +- + ((node->alloc_dirents +- - ARRAY_SIZE (node->dirents)) +- * sizeof (node->dirents[0]))); ++ grub_size_t sz; ++ ++ if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) || ++ grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || ++ grub_mul (sz, sizeof (node->dirents[0]), &sz) || ++ grub_add (sz, sizeof (struct grub_fshelp_node), &sz)) ++ goto fail_0; ++ ++ new_node = grub_realloc (node, sz); + if (!new_node) + { ++ fail_0: + if (ctx.filename_alloc) + grub_free (ctx.filename); + grub_free (node); +@@ -799,14 +816,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, + * sizeof (node->dirents[0]) < grub_strlen (ctx.symlink) + 1) + { + struct grub_fshelp_node *new_node; +- new_node = grub_realloc (node, +- sizeof (struct grub_fshelp_node) +- + ((node->alloc_dirents +- - ARRAY_SIZE (node->dirents)) +- * sizeof (node->dirents[0])) +- + grub_strlen (ctx.symlink) + 1); ++ grub_size_t sz; ++ ++ if (grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || ++ grub_mul (sz, sizeof (node->dirents[0]), &sz) || ++ grub_add (sz, sizeof (struct grub_fshelp_node) + 1, &sz) || ++ grub_add (sz, grub_strlen (ctx.symlink), &sz)) ++ goto fail_1; ++ ++ new_node = grub_realloc (node, sz); + if (!new_node) + { ++ fail_1: + if (ctx.filename_alloc) + grub_free (ctx.filename); + grub_free (node); +diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c +index 90f7fb3..de2b107 100644 +--- a/grub-core/fs/sfs.c ++++ b/grub-core/fs/sfs.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -307,10 +308,15 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) + if (node->cache && node->cache_size >= node->cache_allocated) + { + struct cache_entry *e = node->cache; +- e = grub_realloc (node->cache,node->cache_allocated * 2 +- * sizeof (e[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (node->cache_allocated, 2 * sizeof (e[0]), &sz)) ++ goto fail; ++ ++ e = grub_realloc (node->cache, sz); + if (!e) + { ++ fail: + grub_errno = 0; + grub_free (node->cache); + node->cache = 0; +@@ -477,10 +483,16 @@ grub_sfs_create_node (struct grub_fshelp_node **node, + grub_size_t len = grub_strlen (name); + grub_uint8_t *name_u8; + int ret; ++ grub_size_t sz; ++ ++ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || ++ grub_add (sz, 1, &sz)) ++ return 1; ++ + *node = grub_malloc (sizeof (**node)); + if (!*node) + return 1; +- name_u8 = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ name_u8 = grub_malloc (sz); + if (!name_u8) + { + grub_free (*node); +@@ -724,8 +736,13 @@ grub_sfs_label (grub_device_t device, char **label) + data = grub_sfs_mount (disk); + if (data) + { +- grub_size_t len = grub_strlen (data->label); +- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ grub_size_t sz, len = grub_strlen (data->label); ++ ++ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || ++ grub_add (sz, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ *label = grub_malloc (sz); + if (*label) + *grub_latin1_to_utf8 ((grub_uint8_t *) *label, + (const grub_uint8_t *) data->label, +diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c +index 95d5c1e..7851238 100644 +--- a/grub-core/fs/squash4.c ++++ b/grub-core/fs/squash4.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + #include + + #include "xz.h" +@@ -459,7 +460,17 @@ grub_squash_read_symlink (grub_fshelp_node_t node) + { + char *ret; + grub_err_t err; +- ret = grub_malloc (grub_le_to_cpu32 (node->ino.symlink.namelen) + 1); ++ grub_size_t sz; ++ ++ if (grub_add (grub_le_to_cpu32 (node->ino.symlink.namelen), 1, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ ret = grub_malloc (sz); ++ if (!ret) ++ return NULL; + + err = read_chunk (node->data, ret, + grub_le_to_cpu32 (node->ino.symlink.namelen), +@@ -506,11 +517,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + + { + grub_fshelp_node_t node; +- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (!node) + return 0; +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz); + if (hook (".", GRUB_FSHELP_DIR, node, hook_data)) + return 1; + +@@ -518,12 +534,15 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + { + grub_err_t err; + +- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (!node) + return 0; + +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz); + + node->stsize--; + err = read_chunk (dir->data, &node->ino, sizeof (node->ino), +@@ -557,6 +576,7 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + enum grub_fshelp_filetype filetype = GRUB_FSHELP_REG; + struct grub_squash_dirent di; + struct grub_squash_inode ino; ++ grub_size_t sz; + + err = read_chunk (dir->data, &di, sizeof (di), + grub_le_to_cpu64 (dir->data->sb.diroffset) +@@ -589,13 +609,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, + if (grub_le_to_cpu16 (di.type) == SQUASH_TYPE_SYMLINK) + filetype = GRUB_FSHELP_SYMLINK; + +- node = grub_malloc (sizeof (*node) +- + (dir->stsize + 1) * sizeof (dir->stack[0])); ++ if (grub_add (dir->stsize, 1, &sz) || ++ grub_mul (sz, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (! node) + return 0; + +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz - sizeof(dir->stack[0])); + + node->ino = ino; + node->stack[node->stsize].ino_chunk = grub_le_to_cpu32 (dh.ino_chunk); +diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c +index a837616..21ac7f4 100644 +--- a/grub-core/fs/udf.c ++++ b/grub-core/fs/udf.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -890,9 +891,19 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) + utf16[i] = (raw[2 * i + 1] << 8) | raw[2*i + 2]; + } + if (!outbuf) +- outbuf = grub_malloc (utf16len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ { ++ grub_size_t size; ++ ++ if (grub_mul (utf16len, GRUB_MAX_UTF8_PER_UTF16, &size) || ++ grub_add (size, 1, &size)) ++ goto fail; ++ ++ outbuf = grub_malloc (size); ++ } + if (outbuf) + *grub_utf16_to_utf8 ((grub_uint8_t *) outbuf, utf16, utf16len) = '\0'; ++ ++ fail: + grub_free (utf16); + return outbuf; + } +@@ -1005,7 +1016,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + grub_size_t sz = U64 (node->block.fe.file_size); + grub_uint8_t *raw; + const grub_uint8_t *ptr; +- char *out, *optr; ++ char *out = NULL, *optr; + + if (sz < 4) + return NULL; +@@ -1013,14 +1024,16 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + if (!raw) + return NULL; + if (grub_udf_read_file (node, NULL, NULL, 0, sz, (char *) raw) < 0) +- { +- grub_free (raw); +- return NULL; +- } ++ goto fail_1; + +- out = grub_malloc (sz * 2 + 1); ++ if (grub_mul (sz, 2, &sz) || ++ grub_add (sz, 1, &sz)) ++ goto fail_0; ++ ++ out = grub_malloc (sz); + if (!out) + { ++ fail_0: + grub_free (raw); + return NULL; + } +@@ -1031,17 +1044,17 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + { + grub_size_t s; + if ((grub_size_t) (ptr - raw + 4) > sz) +- goto fail; ++ goto fail_1; + if (!(ptr[2] == 0 && ptr[3] == 0)) +- goto fail; ++ goto fail_1; + s = 4 + ptr[1]; + if ((grub_size_t) (ptr - raw + s) > sz) +- goto fail; ++ goto fail_1; + switch (*ptr) + { + case 1: + if (ptr[1]) +- goto fail; ++ goto fail_1; + /* Fallthrough. */ + case 2: + /* in 4 bytes. out: 1 byte. */ +@@ -1066,11 +1079,11 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + if (optr != out) + *optr++ = '/'; + if (!read_string (ptr + 4, s - 4, optr)) +- goto fail; ++ goto fail_1; + optr += grub_strlen (optr); + break; + default: +- goto fail; ++ goto fail_1; + } + ptr += s; + } +@@ -1078,7 +1091,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node) + grub_free (raw); + return out; + +- fail: ++ fail_1: + grub_free (raw); + grub_free (out); + grub_error (GRUB_ERR_BAD_FS, "invalid symlink"); +diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c +index 96ffecb..ea65902 100644 +--- a/grub-core/fs/xfs.c ++++ b/grub-core/fs/xfs.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -899,6 +900,7 @@ static struct grub_xfs_data * + grub_xfs_mount (grub_disk_t disk) + { + struct grub_xfs_data *data = 0; ++ grub_size_t sz; + + data = grub_zalloc (sizeof (struct grub_xfs_data)); + if (!data) +@@ -913,10 +915,11 @@ grub_xfs_mount (grub_disk_t disk) + if (!grub_xfs_sb_valid(data)) + goto fail; + +- data = grub_realloc (data, +- sizeof (struct grub_xfs_data) +- - sizeof (struct grub_xfs_inode) +- + grub_xfs_inode_size(data) + 1); ++ if (grub_add (grub_xfs_inode_size (data), ++ sizeof (struct grub_xfs_data) - sizeof (struct grub_xfs_inode) + 1, &sz)) ++ goto fail; ++ ++ data = grub_realloc (data, sz); + + if (! data) + goto fail; +diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c +index 381dde5..36d0373 100644 +--- a/grub-core/fs/zfs/zfs.c ++++ b/grub-core/fs/zfs/zfs.c +@@ -55,6 +55,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -773,11 +774,14 @@ fill_vdev_info (struct grub_zfs_data *data, + if (data->n_devices_attached > data->n_devices_allocated) + { + void *tmp; +- data->n_devices_allocated = 2 * data->n_devices_attached + 1; +- data->devices_attached +- = grub_realloc (tmp = data->devices_attached, +- data->n_devices_allocated +- * sizeof (data->devices_attached[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || ++ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || ++ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); + if (!data->devices_attached) + { + data->devices_attached = tmp; +@@ -3468,14 +3472,18 @@ grub_zfs_nvlist_lookup_nvlist (const char *nvlist, const char *name) + { + char *nvpair; + char *ret; +- grub_size_t size; ++ grub_size_t size, sz; + int found; + + found = nvlist_find_value (nvlist, name, DATA_TYPE_NVLIST, &nvpair, + &size, 0); + if (!found) + return 0; +- ret = grub_zalloc (size + 3 * sizeof (grub_uint32_t)); ++ ++ if (grub_add (size, 3 * sizeof (grub_uint32_t), &sz)) ++ return 0; ++ ++ ret = grub_zalloc (sz); + if (!ret) + return 0; + grub_memcpy (ret, nvlist, sizeof (grub_uint32_t)); +diff --git a/grub-core/fs/zfs/zfscrypt.c b/grub-core/fs/zfs/zfscrypt.c +index 1402e0b..de3b015 100644 +--- a/grub-core/fs/zfs/zfscrypt.c ++++ b/grub-core/fs/zfs/zfscrypt.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -82,9 +83,13 @@ grub_zfs_add_key (grub_uint8_t *key_in, + int passphrase) + { + struct grub_zfs_wrap_key *key; ++ grub_size_t sz; ++ + if (!passphrase && keylen > 32) + keylen = 32; +- key = grub_malloc (sizeof (*key) + keylen); ++ if (grub_add (sizeof (*key), keylen, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ key = grub_malloc (sz); + if (!key) + return grub_errno; + key->is_passphrase = passphrase; +diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c +index fd7744a..3288609 100644 +--- a/grub-core/lib/arg.c ++++ b/grub-core/lib/arg.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + /* Built-in parser for default options. */ + static const struct grub_arg_option help_options[] = +@@ -216,7 +217,13 @@ static inline grub_err_t + add_arg (char ***argl, int *num, char *s) + { + char **p = *argl; +- *argl = grub_realloc (*argl, (++(*num) + 1) * sizeof (char *)); ++ grub_size_t sz; ++ ++ if (grub_add (++(*num), 1, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ ++ *argl = grub_realloc (*argl, sz); + if (! *argl) + { + grub_free (p); +@@ -431,6 +438,7 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc, + grub_size_t argcnt; + struct grub_arg_list *list; + const struct grub_arg_option *options; ++ grub_size_t sz0, sz1; + + options = extcmd->options; + if (! options) +@@ -443,7 +451,15 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc, + argcnt += ((grub_size_t) argc + 1) / 2 + 1; /* max possible for any option */ + } + +- list = grub_zalloc (sizeof (*list) * i + sizeof (char*) * argcnt); ++ if (grub_mul (sizeof (*list), i, &sz0) || ++ grub_mul (sizeof (char *), argcnt, &sz1) || ++ grub_add (sz0, sz1, &sz0)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return 0; ++ } ++ ++ list = grub_zalloc (sz0); + if (! list) + return 0; + +diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c +index 5b9b92d..ef0d63a 100644 +--- a/grub-core/loader/i386/bsd.c ++++ b/grub-core/loader/i386/bsd.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + #include + #ifdef GRUB_MACHINE_PCBIOS + #include +@@ -1013,11 +1014,16 @@ grub_netbsd_add_modules (void) + struct grub_netbsd_btinfo_modules *mods; + unsigned i; + grub_err_t err; ++ grub_size_t sz; + + for (mod = netbsd_mods; mod; mod = mod->next) + modcnt++; + +- mods = grub_malloc (sizeof (*mods) + sizeof (mods->mods[0]) * modcnt); ++ if (grub_mul (modcnt, sizeof (mods->mods[0]), &sz) || ++ grub_add (sz, sizeof (*mods), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ mods = grub_malloc (sz); + if (!mods) + return grub_errno; + +diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c +index e332d5e..906ec7d 100644 +--- a/grub-core/net/dns.c ++++ b/grub-core/net/dns.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + + struct dns_cache_element + { +@@ -51,9 +52,15 @@ grub_net_add_dns_server (const struct grub_net_network_level_address *s) + { + int na = dns_servers_alloc * 2; + struct grub_net_network_level_address *ns; ++ grub_size_t sz; ++ + if (na < 8) + na = 8; +- ns = grub_realloc (dns_servers, na * sizeof (ns[0])); ++ ++ if (grub_mul (na, sizeof (ns[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ ns = grub_realloc (dns_servers, sz); + if (!ns) + return grub_errno; + dns_servers_alloc = na; +diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c +index d57fb72..4dfcc31 100644 +--- a/grub-core/normal/charset.c ++++ b/grub-core/normal/charset.c +@@ -48,6 +48,7 @@ + #include + #include + #include ++#include + + #if HAVE_FONT_SOURCE + #include "widthspec.h" +@@ -464,6 +465,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + { + struct grub_unicode_combining *n; + unsigned j; ++ grub_size_t sz; + + if (!haveout) + continue; +@@ -477,10 +479,14 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, + n = out->combining_inline; + else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline)) + { +- n = grub_realloc (out->combining_ptr, +- sizeof (n[0]) * (out->ncomb + 1)); ++ if (grub_add (out->ncomb, 1, &sz) || ++ grub_mul (sz, sizeof (n[0]), &sz)) ++ goto fail; ++ ++ n = grub_realloc (out->combining_ptr, sz); + if (!n) + { ++ fail: + grub_errno = GRUB_ERR_NONE; + continue; + } +diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c +index c57242e..de03fe6 100644 +--- a/grub-core/normal/cmdline.c ++++ b/grub-core/normal/cmdline.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + static grub_uint32_t *kill_buf; + +@@ -307,12 +308,21 @@ cl_insert (struct cmdline_term *cl_terms, unsigned nterms, + if (len + (*llen) >= (*max_len)) + { + grub_uint32_t *nbuf; +- (*max_len) *= 2; +- nbuf = grub_realloc ((*buf), sizeof (grub_uint32_t) * (*max_len)); ++ grub_size_t sz; ++ ++ if (grub_mul (*max_len, 2, max_len) || ++ grub_mul (*max_len, sizeof (grub_uint32_t), &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail; ++ } ++ ++ nbuf = grub_realloc ((*buf), sz); + if (nbuf) + (*buf) = nbuf; + else + { ++ fail: + grub_print_error (); + grub_errno = GRUB_ERR_NONE; + (*max_len) /= 2; +diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c +index 1993995..50eef91 100644 +--- a/grub-core/normal/menu_entry.c ++++ b/grub-core/normal/menu_entry.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + enum update_mode + { +@@ -113,10 +114,18 @@ ensure_space (struct line *linep, int extra) + { + if (linep->max_len < linep->len + extra) + { +- linep->max_len = 2 * (linep->len + extra); +- linep->buf = grub_realloc (linep->buf, (linep->max_len + 1) * sizeof (linep->buf[0])); ++ grub_size_t sz0, sz1; ++ ++ if (grub_add (linep->len, extra, &sz0) || ++ grub_mul (sz0, 2, &sz0) || ++ grub_add (sz0, 1, &sz1) || ++ grub_mul (sz1, sizeof (linep->buf[0]), &sz1)) ++ return 0; ++ ++ linep->buf = grub_realloc (linep->buf, sz1); + if (! linep->buf) + return 0; ++ linep->max_len = sz0; + } + + return 1; +diff --git a/grub-core/script/argv.c b/grub-core/script/argv.c +index 217ec5d..5751fdd 100644 +--- a/grub-core/script/argv.c ++++ b/grub-core/script/argv.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + + /* Return nearest power of two that is >= v. */ + static unsigned +@@ -81,11 +82,16 @@ int + grub_script_argv_next (struct grub_script_argv *argv) + { + char **p = argv->args; ++ grub_size_t sz; + + if (argv->args && argv->argc && argv->args[argv->argc - 1] == 0) + return 0; + +- p = grub_realloc (p, round_up_exp ((argv->argc + 2) * sizeof (char *))); ++ if (grub_add (argv->argc, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return 1; ++ ++ p = grub_realloc (p, round_up_exp (sz)); + if (! p) + return 1; + +@@ -105,13 +111,19 @@ grub_script_argv_append (struct grub_script_argv *argv, const char *s, + { + grub_size_t a; + char *p = argv->args[argv->argc - 1]; ++ grub_size_t sz; + + if (! s) + return 0; + + a = p ? grub_strlen (p) : 0; + +- p = grub_realloc (p, round_up_exp ((a + slen + 1) * sizeof (char))); ++ if (grub_add (a, slen, &sz) || ++ grub_add (sz, 1, &sz) || ++ grub_mul (sz, sizeof (char), &sz)) ++ return 1; ++ ++ p = grub_realloc (p, round_up_exp (sz)); + if (! p) + return 1; + +diff --git a/grub-core/script/lexer.c b/grub-core/script/lexer.c +index c6bd317..5fb0cbd 100644 +--- a/grub-core/script/lexer.c ++++ b/grub-core/script/lexer.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + + #define yytext_ptr char * + #include "grub_script.tab.h" +@@ -110,10 +111,14 @@ grub_script_lexer_record (struct grub_parser_param *parser, char *str) + old = lexer->recording; + if (lexer->recordlen < len) + lexer->recordlen = len; +- lexer->recordlen *= 2; ++ ++ if (grub_mul (lexer->recordlen, 2, &lexer->recordlen)) ++ goto fail; ++ + lexer->recording = grub_realloc (lexer->recording, lexer->recordlen); + if (!lexer->recording) + { ++ fail: + grub_free (old); + lexer->recordpos = 0; + lexer->recordlen = 0; +@@ -130,7 +135,7 @@ int + grub_script_lexer_yywrap (struct grub_parser_param *parserstate, + const char *input) + { +- grub_size_t len = 0; ++ grub_size_t len = 0, sz; + char *p = 0; + char *line = 0; + YY_BUFFER_STATE buffer; +@@ -168,12 +173,22 @@ grub_script_lexer_yywrap (struct grub_parser_param *parserstate, + } + else if (len && line[len - 1] != '\n') + { +- p = grub_realloc (line, len + 2); ++ if (grub_add (len, 2, &sz)) ++ { ++ grub_free (line); ++ grub_script_yyerror (parserstate, N_("overflow is detected")); ++ return 1; ++ } ++ ++ p = grub_realloc (line, sz); + if (p) + { + p[len++] = '\n'; + p[len] = '\0'; + } ++ else ++ grub_free (line); ++ + line = p; + } + +diff --git a/grub-core/video/bitmap.c b/grub-core/video/bitmap.c +index b2e0315..6256e20 100644 +--- a/grub-core/video/bitmap.c ++++ b/grub-core/video/bitmap.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -58,7 +59,7 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap, + enum grub_video_blit_format blit_format) + { + struct grub_video_mode_info *mode_info; +- unsigned int size; ++ grub_size_t size; + + if (!bitmap) + return grub_error (GRUB_ERR_BUG, "invalid argument"); +@@ -137,19 +138,25 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap, + + mode_info->pitch = width * mode_info->bytes_per_pixel; + +- /* Calculate size needed for the data. */ +- size = (width * mode_info->bytes_per_pixel) * height; ++ /* Calculate size needed for the data. */ ++ if (grub_mul (width, mode_info->bytes_per_pixel, &size) || ++ grub_mul (size, height, &size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + + (*bitmap)->data = grub_zalloc (size); + if (! (*bitmap)->data) +- { +- grub_free (*bitmap); +- *bitmap = 0; +- +- return grub_errno; +- } ++ goto fail; + + return GRUB_ERR_NONE; ++ ++ fail: ++ grub_free (*bitmap); ++ *bitmap = NULL; ++ ++ return grub_errno; + } + + /* Frees all resources allocated by bitmap. */ +diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c +index 61bd645..0157ff7 100644 +--- a/grub-core/video/readers/png.c ++++ b/grub-core/video/readers/png.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -301,9 +302,17 @@ grub_png_decode_image_header (struct grub_png_data *data) + data->bpp <<= 1; + + data->color_bits = color_bits; +- data->row_bytes = data->image_width * data->bpp; ++ ++ if (grub_mul (data->image_width, data->bpp, &data->row_bytes)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ + if (data->color_bits <= 4) +- data->row_bytes = (data->image_width * data->color_bits + 7) / 8; ++ { ++ if (grub_mul (data->image_width, data->color_bits + 7, &data->row_bytes)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ ++ data->row_bytes >>= 3; ++ } + + #ifndef GRUB_CPU_WORDS_BIGENDIAN + if (data->is_16bit || data->is_gray || data->is_palette) diff --git a/debian/patches/0086-iso9660-Don-t-leak-memory-on-realloc-failures.patch b/debian/patches/0086-iso9660-Don-t-leak-memory-on-realloc-failures.patch new file mode 100644 index 000000000..60bfd6c5b --- /dev/null +++ b/debian/patches/0086-iso9660-Don-t-leak-memory-on-realloc-failures.patch @@ -0,0 +1,64 @@ +From: Peter Jones +Date: Sat, 4 Jul 2020 12:25:09 -0400 +Subject: iso9660: Don't leak memory on realloc() failures + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/fs/iso9660.c | 24 ++++++++++++++++++++---- + 1 file changed, 20 insertions(+), 4 deletions(-) + +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index 7ba5b30..5ec4433 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -533,14 +533,20 @@ add_part (struct iterate_dir_ctx *ctx, + { + int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; + grub_size_t sz; ++ char *new; + + if (grub_add (size, len2, &sz) || + grub_add (sz, 1, &sz)) + return; + +- ctx->symlink = grub_realloc (ctx->symlink, sz); +- if (! ctx->symlink) +- return; ++ new = grub_realloc (ctx->symlink, sz); ++ if (!new) ++ { ++ grub_free (ctx->symlink); ++ ctx->symlink = NULL; ++ return; ++ } ++ ctx->symlink = new; + + grub_memcpy (ctx->symlink + size, part, len2); + ctx->symlink[size + len2] = 0; +@@ -634,7 +640,12 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + is the length. Both are part of the `Component + Record'. */ + if (ctx->symlink && !ctx->was_continue) +- add_part (ctx, "/", 1); ++ { ++ add_part (ctx, "/", 1); ++ if (grub_errno) ++ return grub_errno; ++ } ++ + add_part (ctx, (char *) &entry->data[pos + 2], + entry->data[pos + 1]); + ctx->was_continue = (entry->data[pos] & 1); +@@ -653,6 +664,11 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + add_part (ctx, "/", 1); + break; + } ++ ++ /* Check if grub_realloc() failed in add_part(). */ ++ if (grub_errno) ++ return grub_errno; ++ + /* In pos + 1 the length of the `Component Record' is + stored. */ + pos += entry->data[pos + 1] + 2; diff --git a/debian/patches/0087-font-Do-not-load-more-than-one-NAME-section.patch b/debian/patches/0087-font-Do-not-load-more-than-one-NAME-section.patch new file mode 100644 index 000000000..2ed729b9e --- /dev/null +++ b/debian/patches/0087-font-Do-not-load-more-than-one-NAME-section.patch @@ -0,0 +1,33 @@ +From: Daniel Kiper +Date: Tue, 7 Jul 2020 15:36:26 +0200 +Subject: font: Do not load more than one NAME section + +The GRUB font file can have one NAME section only. Though if somebody +crafts a broken font file with many NAME sections and loads it then the +GRUB leaks memory. So, prevent against that by loading first NAME +section and failing in controlled way on following one. + +Reported-by: Chris Coulson +Signed-off-by: Daniel Kiper +Reviewed-by: Jan Setje-Eilers +--- + grub-core/font/font.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 5edb477..d09bb38 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -532,6 +532,12 @@ grub_font_load (const char *filename) + if (grub_memcmp (section.name, FONT_FORMAT_SECTION_NAMES_FONT_NAME, + sizeof (FONT_FORMAT_SECTION_NAMES_FONT_NAME) - 1) == 0) + { ++ if (font->name != NULL) ++ { ++ grub_error (GRUB_ERR_BAD_FONT, "invalid font file: too many NAME sections"); ++ goto fail; ++ } ++ + font->name = read_section_as_string (§ion); + if (!font->name) + goto fail; diff --git a/debian/patches/0088-gfxmenu-Fix-double-free-in-load_image.patch b/debian/patches/0088-gfxmenu-Fix-double-free-in-load_image.patch new file mode 100644 index 000000000..4657e7239 --- /dev/null +++ b/debian/patches/0088-gfxmenu-Fix-double-free-in-load_image.patch @@ -0,0 +1,31 @@ +From: Alexey Makhalov +Date: Wed, 8 Jul 2020 20:41:56 +0000 +Subject: gfxmenu: Fix double free in load_image() + +self->bitmap should be zeroed after free. Otherwise, there is a chance +to double free (USE_AFTER_FREE) it later in rescale_image(). + +Fixes: CID 292472 + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/gfxmenu/gui_image.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/grub-core/gfxmenu/gui_image.c b/grub-core/gfxmenu/gui_image.c +index 29784ed..6b2e976 100644 +--- a/grub-core/gfxmenu/gui_image.c ++++ b/grub-core/gfxmenu/gui_image.c +@@ -195,7 +195,10 @@ load_image (grub_gui_image_t self, const char *path) + return grub_errno; + + if (self->bitmap && (self->bitmap != self->raw_bitmap)) +- grub_video_bitmap_destroy (self->bitmap); ++ { ++ grub_video_bitmap_destroy (self->bitmap); ++ self->bitmap = 0; ++ } + if (self->raw_bitmap) + grub_video_bitmap_destroy (self->raw_bitmap); + diff --git a/debian/patches/0089-lzma-Make-sure-we-don-t-dereference-past-array.patch b/debian/patches/0089-lzma-Make-sure-we-don-t-dereference-past-array.patch new file mode 100644 index 000000000..25abb3a33 --- /dev/null +++ b/debian/patches/0089-lzma-Make-sure-we-don-t-dereference-past-array.patch @@ -0,0 +1,47 @@ +From: Konrad Rzeszutek Wilk +Date: Thu, 9 Jul 2020 03:05:23 +0000 +Subject: lzma: Make sure we don't dereference past array + +The two dimensional array p->posSlotEncoder[4][64] is being dereferenced +using the GetLenToPosState() macro which checks if len is less than 5, +and if so subtracts 2 from it. If len = 0, that is 0 - 2 = 4294967294. +Obviously we don't want to dereference that far out so we check if the +position found is greater or equal kNumLenToPosStates (4) and bail out. + +N.B.: Upstream LZMA 18.05 and later has this function completely rewritten +without any history. + +Fixes: CID 51526 + +Signed-off-by: Konrad Rzeszutek Wilk +Reviewed-by: Daniel Kiper +--- + grub-core/lib/LzmaEnc.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/LzmaEnc.c b/grub-core/lib/LzmaEnc.c +index f2ec04a..753e56a 100644 +--- a/grub-core/lib/LzmaEnc.c ++++ b/grub-core/lib/LzmaEnc.c +@@ -1877,13 +1877,19 @@ static SRes LzmaEnc_CodeOneBlock(CLzmaEnc *p, Bool useLimits, UInt32 maxPackSize + } + else + { +- UInt32 posSlot; ++ UInt32 posSlot, lenToPosState; + RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 0); + p->state = kMatchNextStates[p->state]; + LenEnc_Encode2(&p->lenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN, posState, !p->fastMode, p->ProbPrices); + pos -= LZMA_NUM_REPS; + GetPosSlot(pos, posSlot); +- RcTree_Encode(&p->rc, p->posSlotEncoder[GetLenToPosState(len)], kNumPosSlotBits, posSlot); ++ lenToPosState = GetLenToPosState(len); ++ if (lenToPosState >= kNumLenToPosStates) ++ { ++ p->result = SZ_ERROR_DATA; ++ return CheckErrors(p); ++ } ++ RcTree_Encode(&p->rc, p->posSlotEncoder[lenToPosState], kNumPosSlotBits, posSlot); + + if (posSlot >= kStartPosModelIndex) + { diff --git a/debian/patches/0090-tftp-Do-not-use-priority-queue.patch b/debian/patches/0090-tftp-Do-not-use-priority-queue.patch new file mode 100644 index 000000000..3cea7b137 --- /dev/null +++ b/debian/patches/0090-tftp-Do-not-use-priority-queue.patch @@ -0,0 +1,278 @@ +From: Alexey Makhalov +Date: Thu, 9 Jul 2020 08:10:40 +0000 +Subject: tftp: Do not use priority queue + +There is not need to reassemble the order of blocks. Per RFC 1350, +server must wait for the ACK, before sending next block. Data packets +can be served immediately without putting them to priority queue. + +Logic to handle incoming packet is this: + - if packet block id equal to expected block id, then + process the packet, + - if packet block id is less than expected - this is retransmit + of old packet, then ACK it and drop the packet, + - if packet block id is more than expected - that shouldn't + happen, just drop the packet. + +It makes the tftp receive path code simpler, smaller and faster. +As a benefit, this change fixes CID# 73624 and CID# 96690, caused +by following while loop: + + while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0) + +where tftph pointer is not moving from one iteration to another, causing +to serve same packet again. Luckily, double serving didn't happen due to +data->block++ during the first iteration. + +Fixes: CID 73624, CID 96690 + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/net/tftp.c | 171 ++++++++++++++++----------------------------------- + 1 file changed, 53 insertions(+), 118 deletions(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index a0817a0..e6566fa 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -25,7 +25,6 @@ + #include + #include + #include +-#include + #include + + GRUB_MOD_LICENSE ("GPLv3+"); +@@ -106,31 +105,8 @@ typedef struct tftp_data + int have_oack; + struct grub_error_saved save_err; + grub_net_udp_socket_t sock; +- grub_priority_queue_t pq; + } *tftp_data_t; + +-static int +-cmp_block (grub_uint16_t a, grub_uint16_t b) +-{ +- grub_int16_t i = (grub_int16_t) (a - b); +- if (i > 0) +- return +1; +- if (i < 0) +- return -1; +- return 0; +-} +- +-static int +-cmp (const void *a__, const void *b__) +-{ +- struct grub_net_buff *a_ = *(struct grub_net_buff **) a__; +- struct grub_net_buff *b_ = *(struct grub_net_buff **) b__; +- struct tftphdr *a = (struct tftphdr *) a_->data; +- struct tftphdr *b = (struct tftphdr *) b_->data; +- /* We want the first elements to be on top. */ +- return -cmp_block (grub_be_to_cpu16 (a->u.data.block), grub_be_to_cpu16 (b->u.data.block)); +-} +- + static grub_err_t + ack (tftp_data_t data, grub_uint64_t block) + { +@@ -207,73 +183,60 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + return GRUB_ERR_NONE; + } + +- err = grub_priority_queue_push (data->pq, &nb); +- if (err) +- return err; +- +- { +- struct grub_net_buff **nb_top_p, *nb_top; +- while (1) +- { +- nb_top_p = grub_priority_queue_top (data->pq); +- if (!nb_top_p) +- return GRUB_ERR_NONE; +- nb_top = *nb_top_p; +- tftph = (struct tftphdr *) nb_top->data; +- if (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) >= 0) +- break; +- ack (data, grub_be_to_cpu16 (tftph->u.data.block)); +- grub_netbuff_free (nb_top); +- grub_priority_queue_pop (data->pq); +- } +- while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0) +- { +- unsigned size; +- +- grub_priority_queue_pop (data->pq); +- +- if (file->device->net->packs.count < 50) ++ /* Ack old/retransmitted block. */ ++ if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1) ++ ack (data, grub_be_to_cpu16 (tftph->u.data.block)); ++ /* Ignore unexpected block. */ ++ else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1) ++ grub_dprintf ("tftp", "TFTP unexpected block # %d\n", tftph->u.data.block); ++ else ++ { ++ unsigned size; ++ ++ if (file->device->net->packs.count < 50) ++ { + err = ack (data, data->block + 1); +- else +- { +- file->device->net->stall = 1; +- err = 0; +- } +- if (err) +- return err; +- +- err = grub_netbuff_pull (nb_top, sizeof (tftph->opcode) + +- sizeof (tftph->u.data.block)); +- if (err) +- return err; +- size = nb_top->tail - nb_top->data; +- +- data->block++; +- if (size < data->block_size) +- { +- if (data->ack_sent < data->block) +- ack (data, data->block); +- file->device->net->eof = 1; +- file->device->net->stall = 1; +- grub_net_udp_close (data->sock); +- data->sock = NULL; +- } +- /* Prevent garbage in broken cards. Is it still necessary +- given that IP implementation has been fixed? +- */ +- if (size > data->block_size) +- { +- err = grub_netbuff_unput (nb_top, size - data->block_size); +- if (err) +- return err; +- } +- /* If there is data, puts packet in socket list. */ +- if ((nb_top->tail - nb_top->data) > 0) +- grub_net_put_packet (&file->device->net->packs, nb_top); +- else +- grub_netbuff_free (nb_top); +- } +- } ++ if (err) ++ return err; ++ } ++ else ++ file->device->net->stall = 1; ++ ++ err = grub_netbuff_pull (nb, sizeof (tftph->opcode) + ++ sizeof (tftph->u.data.block)); ++ if (err) ++ return err; ++ size = nb->tail - nb->data; ++ ++ data->block++; ++ if (size < data->block_size) ++ { ++ if (data->ack_sent < data->block) ++ ack (data, data->block); ++ file->device->net->eof = 1; ++ file->device->net->stall = 1; ++ grub_net_udp_close (data->sock); ++ data->sock = NULL; ++ } ++ /* ++ * Prevent garbage in broken cards. Is it still necessary ++ * given that IP implementation has been fixed? ++ */ ++ if (size > data->block_size) ++ { ++ err = grub_netbuff_unput (nb, size - data->block_size); ++ if (err) ++ return err; ++ } ++ /* If there is data, puts packet in socket list. */ ++ if ((nb->tail - nb->data) > 0) ++ { ++ grub_net_put_packet (&file->device->net->packs, nb); ++ /* Do not free nb. */ ++ return GRUB_ERR_NONE; ++ } ++ } ++ grub_netbuff_free (nb); + return GRUB_ERR_NONE; + case TFTP_ERROR: + data->have_oack = 1; +@@ -287,19 +250,6 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + } + } + +-static void +-destroy_pq (tftp_data_t data) +-{ +- struct grub_net_buff **nb_p; +- while ((nb_p = grub_priority_queue_top (data->pq))) +- { +- grub_netbuff_free (*nb_p); +- grub_priority_queue_pop (data->pq); +- } +- +- grub_priority_queue_destroy (data->pq); +-} +- + static grub_err_t + tftp_open (struct grub_file *file, const char *filename) + { +@@ -373,20 +323,9 @@ tftp_open (struct grub_file *file, const char *filename) + file->not_easily_seekable = 1; + file->data = data; + +- data->pq = grub_priority_queue_new (sizeof (struct grub_net_buff *), cmp); +- if (!data->pq) +- { +- grub_free (data); +- return grub_errno; +- } +- + err = grub_net_resolve_address (file->device->net->server, &addr); + if (err) + { +- grub_dprintf ("tftp", "file_size is %llu, block_size is %llu\n", +- (unsigned long long)data->file_size, +- (unsigned long long)data->block_size); +- destroy_pq (data); + grub_free (data); + return err; + } +@@ -396,7 +335,6 @@ tftp_open (struct grub_file *file, const char *filename) + file); + if (!data->sock) + { +- destroy_pq (data); + grub_free (data); + return grub_errno; + } +@@ -410,7 +348,6 @@ tftp_open (struct grub_file *file, const char *filename) + if (err) + { + grub_net_udp_close (data->sock); +- destroy_pq (data); + grub_free (data); + return err; + } +@@ -427,7 +364,6 @@ tftp_open (struct grub_file *file, const char *filename) + if (grub_errno) + { + grub_net_udp_close (data->sock); +- destroy_pq (data); + grub_free (data); + return grub_errno; + } +@@ -470,7 +406,6 @@ tftp_close (struct grub_file *file) + grub_print_error (); + grub_net_udp_close (data->sock); + } +- destroy_pq (data); + grub_free (data); + return GRUB_ERR_NONE; + } diff --git a/debian/patches/0091-script-Remove-unused-fields-from-grub_script_functio.patch b/debian/patches/0091-script-Remove-unused-fields-from-grub_script_functio.patch new file mode 100644 index 000000000..de90cf168 --- /dev/null +++ b/debian/patches/0091-script-Remove-unused-fields-from-grub_script_functio.patch @@ -0,0 +1,28 @@ +From: Chris Coulson +Date: Fri, 10 Jul 2020 11:21:14 +0100 +Subject: script: Remove unused fields from grub_script_function struct + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +--- + include/grub/script_sh.h | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h +index 360c2be..b382bcf 100644 +--- a/include/grub/script_sh.h ++++ b/include/grub/script_sh.h +@@ -359,13 +359,8 @@ struct grub_script_function + /* The script function. */ + struct grub_script *func; + +- /* The flags. */ +- unsigned flags; +- + /* The next element. */ + struct grub_script_function *next; +- +- int references; + }; + typedef struct grub_script_function *grub_script_function_t; + diff --git a/debian/patches/0092-script-Avoid-a-use-after-free-when-redefining-a-func.patch b/debian/patches/0092-script-Avoid-a-use-after-free-when-redefining-a-func.patch new file mode 100644 index 000000000..b869fafb7 --- /dev/null +++ b/debian/patches/0092-script-Avoid-a-use-after-free-when-redefining-a-func.patch @@ -0,0 +1,103 @@ +From: Chris Coulson +Date: Fri, 10 Jul 2020 14:41:45 +0100 +Subject: script: Avoid a use-after-free when redefining a function during + execution + +Defining a new function with the same name as a previously defined +function causes the grub_script and associated resources for the +previous function to be freed. If the previous function is currently +executing when a function with the same name is defined, this results +in use-after-frees when processing subsequent commands in the original +function. + +Instead, reject a new function definition if it has the same name as +a previously defined function, and that function is currently being +executed. Although a behavioural change, this should be backwards +compatible with existing configurations because they can't be +dependent on the current behaviour without being broken. + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +--- + grub-core/script/execute.c | 2 ++ + grub-core/script/function.c | 16 +++++++++++++--- + grub-core/script/parser.y | 3 ++- + include/grub/script_sh.h | 2 ++ + 4 files changed, 19 insertions(+), 4 deletions(-) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index c8d6806..7e028e1 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -838,7 +838,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args) + old_scope = scope; + scope = &new_scope; + ++ func->executing++; + ret = grub_script_execute (func->func); ++ func->executing--; + + function_return = 0; + active_loops = loops; +diff --git a/grub-core/script/function.c b/grub-core/script/function.c +index d36655e..3aad04b 100644 +--- a/grub-core/script/function.c ++++ b/grub-core/script/function.c +@@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, + func = (grub_script_function_t) grub_malloc (sizeof (*func)); + if (! func) + return 0; ++ func->executing = 0; + + func->name = grub_strdup (functionname_arg->str); + if (! func->name) +@@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, + grub_script_function_t q; + + q = *p; +- grub_script_free (q->func); +- q->func = cmd; + grub_free (func); +- func = q; ++ if (q->executing > 0) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("attempt to redefine a function being executed")); ++ func = NULL; ++ } ++ else ++ { ++ grub_script_free (q->func); ++ q->func = cmd; ++ func = q; ++ } + } + else + { +diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y +index 4f0ab83..f80b86b 100644 +--- a/grub-core/script/parser.y ++++ b/grub-core/script/parser.y +@@ -289,7 +289,8 @@ function: "function" "name" + grub_script_mem_free (state->func_mem); + else { + script->children = state->scripts; +- grub_script_function_create ($2, script); ++ if (!grub_script_function_create ($2, script)) ++ grub_script_free (script); + } + + state->scripts = $3; +diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h +index b382bcf..6c48e07 100644 +--- a/include/grub/script_sh.h ++++ b/include/grub/script_sh.h +@@ -361,6 +361,8 @@ struct grub_script_function + + /* The next element. */ + struct grub_script_function *next; ++ ++ unsigned executing; + }; + typedef struct grub_script_function *grub_script_function_t; + diff --git a/debian/patches/0093-hfsplus-fix-two-more-overflows.patch b/debian/patches/0093-hfsplus-fix-two-more-overflows.patch new file mode 100644 index 000000000..3e4d26179 --- /dev/null +++ b/debian/patches/0093-hfsplus-fix-two-more-overflows.patch @@ -0,0 +1,52 @@ +From: Peter Jones +Date: Sun, 19 Jul 2020 14:43:31 -0400 +Subject: hfsplus: fix two more overflows + +Both node->size and node->namelen come from the supplied filesystem, +which may be user-supplied. We can't trust them for the math unless we +know they don't overflow; making sure they go through calloc() first +will give us that. + +Signed-off-by: Peter Jones +Reviewed-by: Darren Kenny +--- + grub-core/fs/hfsplus.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c +index dae43be..9c4e4c8 100644 +--- a/grub-core/fs/hfsplus.c ++++ b/grub-core/fs/hfsplus.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -475,8 +476,12 @@ grub_hfsplus_read_symlink (grub_fshelp_node_t node) + { + char *symlink; + grub_ssize_t numread; ++ grub_size_t sz = node->size; + +- symlink = grub_malloc (node->size + 1); ++ if (grub_add (sz, 1, &sz)) ++ return NULL; ++ ++ symlink = grub_malloc (sz); + if (!symlink) + return 0; + +@@ -715,8 +720,8 @@ list_nodes (void *record, void *hook_arg) + if (type == GRUB_FSHELP_UNKNOWN) + return 0; + +- filename = grub_malloc (grub_be_to_cpu16 (catkey->namelen) +- * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ filename = grub_calloc (grub_be_to_cpu16 (catkey->namelen), ++ GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! filename) + return 0; + diff --git a/debian/patches/0094-lvm-fix-two-more-potential-data-dependent-alloc-over.patch b/debian/patches/0094-lvm-fix-two-more-potential-data-dependent-alloc-over.patch new file mode 100644 index 000000000..52f594536 --- /dev/null +++ b/debian/patches/0094-lvm-fix-two-more-potential-data-dependent-alloc-over.patch @@ -0,0 +1,97 @@ +From: Peter Jones +Date: Sun, 19 Jul 2020 15:48:20 -0400 +Subject: lvm: fix two more potential data-dependent alloc overflows + +It appears to be possible to make a (possibly invalid) lvm PV with a +metadata size field that overflows our type when adding it to the +address we've allocated. Even if it doesn't, it may be possible to do +so with the math using the outcome of that as an operand. Check them +both. + +Signed-off-by: Peter Jones +--- + grub-core/disk/lvm.c | 39 +++++++++++++++++++++++++++++++-------- + 1 file changed, 31 insertions(+), 8 deletions(-) + +diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c +index d1df640..d154f7c 100644 +--- a/grub-core/disk/lvm.c ++++ b/grub-core/disk/lvm.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + #ifdef GRUB_UTIL + #include +@@ -102,10 +103,11 @@ grub_lvm_detect (grub_disk_t disk, + { + grub_err_t err; + grub_uint64_t mda_offset, mda_size; ++ grub_size_t ptr; + char buf[GRUB_LVM_LABEL_SIZE]; + char vg_id[GRUB_LVM_ID_STRLEN+1]; + char pv_id[GRUB_LVM_ID_STRLEN+1]; +- char *metadatabuf, *p, *q, *vgname; ++ char *metadatabuf, *mda_end, *p, *q, *vgname; + struct grub_lvm_label_header *lh = (struct grub_lvm_label_header *) buf; + struct grub_lvm_pv_header *pvh; + struct grub_lvm_disk_locn *dlocn; +@@ -205,19 +207,31 @@ grub_lvm_detect (grub_disk_t disk, + grub_le_to_cpu64 (rlocn->size) - + grub_le_to_cpu64 (mdah->size)); + } +- p = q = metadatabuf + grub_le_to_cpu64 (rlocn->offset); + +- while (*q != ' ' && q < metadatabuf + mda_size) +- q++; +- +- if (q == metadatabuf + mda_size) ++ if (grub_add ((grub_size_t)metadatabuf, ++ (grub_size_t)grub_le_to_cpu64 (rlocn->offset), ++ &ptr)) + { ++error_parsing_metadata: + #ifdef GRUB_UTIL + grub_util_info ("error parsing metadata"); + #endif + goto fail2; + } + ++ p = q = (char *)ptr; ++ ++ if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr)) ++ goto error_parsing_metadata; ++ ++ mda_end = (char *)ptr; ++ ++ while (*q != ' ' && q < mda_end) ++ q++; ++ ++ if (q == mda_end) ++ goto error_parsing_metadata; ++ + vgname_len = q - p; + vgname = grub_malloc (vgname_len + 1); + if (!vgname) +@@ -367,8 +381,17 @@ grub_lvm_detect (grub_disk_t disk, + { + const char *iptr; + char *optr; +- lv->fullname = grub_malloc (sizeof ("lvm/") - 1 + 2 * vgname_len +- + 1 + 2 * s + 1); ++ grub_size_t sz0 = vgname_len, sz1 = s; ++ ++ if (grub_mul (sz0, 2, &sz0) || ++ grub_add (sz0, 1, &sz0) || ++ grub_mul (sz1, 2, &sz1) || ++ grub_add (sz1, 1, &sz1) || ++ grub_add (sz0, sz1, &sz0) || ++ grub_add (sz0, sizeof ("lvm/") - 1, &sz0)) ++ goto lvs_fail; ++ ++ lv->fullname = grub_malloc (sz0); + if (!lv->fullname) + goto lvs_fail; + diff --git a/debian/patches/0095-efi-fix-some-malformed-device-path-arithmetic-errors.patch b/debian/patches/0095-efi-fix-some-malformed-device-path-arithmetic-errors.patch new file mode 100644 index 000000000..722f74d63 --- /dev/null +++ b/debian/patches/0095-efi-fix-some-malformed-device-path-arithmetic-errors.patch @@ -0,0 +1,246 @@ +From: Peter Jones +Date: Sun, 19 Jul 2020 16:53:27 -0400 +Subject: efi: fix some malformed device path arithmetic errors. + +Several places we take the length of a device path and subtract 4 from +it, without ever checking that it's >= 4. There are also cases where +this kind of malformation will result in unpredictable iteration, +including treating the length from one dp node as the type in the next +node. These are all errors, no matter where the data comes from. + +This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which +can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH() +return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when +the length is too small. Additionally, it makes several places in the +code check for and return errors in these cases. + +Signed-off-by: Peter Jones +--- + grub-core/kern/efi/efi.c | 67 ++++++++++++++++++++++++++++++++------ + grub-core/loader/efi/chainloader.c | 19 +++++++++-- + grub-core/loader/i386/xnu.c | 9 ++--- + include/grub/efi/api.h | 14 +++++--- + 4 files changed, 88 insertions(+), 21 deletions(-) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index dc31caa..b1a8b39 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -332,7 +332,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + + dp = dp0; + +- while (1) ++ while (dp) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -342,9 +342,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE + && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) + { +- grub_efi_uint16_t len; +- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) +- / sizeof (grub_efi_char16_t)); ++ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ len = (len - 4) / sizeof (grub_efi_char16_t); + filesize += GRUB_MAX_UTF8_PER_UTF16 * len + 2; + } + +@@ -360,7 +366,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + if (!name) + return NULL; + +- while (1) ++ while (dp) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -376,8 +382,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) + + *p++ = '/'; + +- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) +- / sizeof (grub_efi_char16_t)); ++ len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ len = (len - 4) / sizeof (grub_efi_char16_t); + fp = (grub_efi_file_path_device_path_t *) dp; + /* According to EFI spec Path Name is NULL terminated */ + while (len > 0 && fp->path_name[len - 1] == 0) +@@ -452,7 +465,26 @@ grub_efi_duplicate_device_path (const grub_efi_device_path_t *dp) + ; + p = GRUB_EFI_NEXT_DEVICE_PATH (p)) + { +- total_size += GRUB_EFI_DEVICE_PATH_LENGTH (p); ++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (p); ++ ++ /* ++ * In the event that we find a node that's completely garbage, for ++ * example if we get to 0x7f 0x01 0x02 0x00 ... (EndInstance with a size ++ * of 2), GRUB_EFI_END_ENTIRE_DEVICE_PATH() will be true and ++ * GRUB_EFI_NEXT_DEVICE_PATH() will return NULL, so we won't continue, ++ * and neither should our consumers, but there won't be any error raised ++ * even though the device path is junk. ++ * ++ * This keeps us from passing junk down back to our caller. ++ */ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ total_size += len; + if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (p)) + break; + } +@@ -497,7 +529,7 @@ dump_vendor_path (const char *type, grub_efi_vendor_device_path_t *vendor) + void + grub_efi_print_device_path (grub_efi_device_path_t *dp) + { +- while (1) ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp)) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -909,7 +941,11 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, + /* Return non-zero. */ + return 1; + +- while (1) ++ if (dp1 == dp2) ++ return 0; ++ ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp1) ++ && GRUB_EFI_DEVICE_PATH_VALID (dp2)) + { + grub_efi_uint8_t type1, type2; + grub_efi_uint8_t subtype1, subtype2; +@@ -945,5 +981,16 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, + dp2 = (grub_efi_device_path_t *) ((char *) dp2 + len2); + } + ++ /* ++ * There's no "right" answer here, but we probably don't want to call a valid ++ * dp and an invalid dp equal, so pick one way or the other. ++ */ ++ if (GRUB_EFI_DEVICE_PATH_VALID (dp1) && ++ !GRUB_EFI_DEVICE_PATH_VALID (dp2)) ++ return 1; ++ else if (!GRUB_EFI_DEVICE_PATH_VALID (dp1) && ++ GRUB_EFI_DEVICE_PATH_VALID (dp2)) ++ return -1; ++ + return 0; + } +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index b9a2df3..f8a34cd 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -126,6 +126,12 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, + fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; + fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; + ++ if (!GRUB_EFI_DEVICE_PATH_VALID ((grub_efi_device_path_t *)fp)) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "EFI Device Path is invalid"); ++ return; ++ } ++ + path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); + if (!path_name) + return; +@@ -166,9 +172,18 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + + size = 0; + d = dp; +- while (1) ++ while (d) + { +- size += GRUB_EFI_DEVICE_PATH_LENGTH (d); ++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (d); ++ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ size += len; + if ((GRUB_EFI_END_ENTIRE_DEVICE_PATH (d))) + break; + d = GRUB_EFI_NEXT_DEVICE_PATH (d); +diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c +index b7d176b..c50cb54 100644 +--- a/grub-core/loader/i386/xnu.c ++++ b/grub-core/loader/i386/xnu.c +@@ -516,14 +516,15 @@ grub_cmd_devprop_load (grub_command_t cmd __attribute__ ((unused)), + + devhead = buf; + buf = devhead + 1; +- dpstart = buf; ++ dp = dpstart = buf; + +- do ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp) && buf < bufend) + { +- dp = buf; + buf = (char *) buf + GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) ++ break; ++ dp = buf; + } +- while (!GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp) && buf < bufend); + + dev = grub_xnu_devprop_add_device (dpstart, (char *) buf + - (char *) dpstart); +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index 9824fbc..08bff60 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -640,6 +640,7 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t; + #define GRUB_EFI_DEVICE_PATH_TYPE(dp) ((dp)->type & 0x7f) + #define GRUB_EFI_DEVICE_PATH_SUBTYPE(dp) ((dp)->subtype) + #define GRUB_EFI_DEVICE_PATH_LENGTH(dp) ((dp)->length) ++#define GRUB_EFI_DEVICE_PATH_VALID(dp) ((dp) != NULL && GRUB_EFI_DEVICE_PATH_LENGTH (dp) >= 4) + + /* The End of Device Path nodes. */ + #define GRUB_EFI_END_DEVICE_PATH_TYPE (0xff & 0x7f) +@@ -648,13 +649,16 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t; + #define GRUB_EFI_END_THIS_DEVICE_PATH_SUBTYPE 0x01 + + #define GRUB_EFI_END_ENTIRE_DEVICE_PATH(dp) \ +- (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \ +- && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \ +- == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE)) ++ (!GRUB_EFI_DEVICE_PATH_VALID (dp) || \ ++ (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \ ++ && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \ ++ == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE))) + + #define GRUB_EFI_NEXT_DEVICE_PATH(dp) \ +- ((grub_efi_device_path_t *) ((char *) (dp) \ +- + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) ++ (GRUB_EFI_DEVICE_PATH_VALID (dp) \ ++ ? ((grub_efi_device_path_t *) \ ++ ((char *) (dp) + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) \ ++ : NULL) + + /* Hardware Device Path. */ + #define GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE 1 diff --git a/debian/patches/0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch b/debian/patches/0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch new file mode 100644 index 000000000..a5f2d0500 --- /dev/null +++ b/debian/patches/0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch @@ -0,0 +1,89 @@ +From: Dimitri John Ledkov +Date: Wed, 22 Jul 2020 11:31:43 +0100 +Subject: linuxefi: fail kernel validation without shim protocol. + +If certificates that signed grub are installed into db, grub can be +booted directly. It will then boot any kernel without signature +validation. The booted kernel will think it was booted in secureboot +mode and will implement lockdown, yet it could have been tampered. + +CVE-2020-15705 + +Reported-by: Mathieu Trudel-Lapierre +Signed-off-by: Dimitri John Ledkov +--- + grub-core/loader/arm64/linux.c | 13 +++++++++---- + grub-core/loader/efi/chainloader.c | 1 + + grub-core/loader/efi/linux.c | 1 + + grub-core/loader/i386/efi/linux.c | 2 +- + 4 files changed, 12 insertions(+), 5 deletions(-) + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index 1a5296a..3f5496f 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -342,11 +343,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); + +- rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); +- if (rc < 0) ++ if (grub_efi_secure_boot ()) + { +- grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); +- goto fail; ++ rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); ++ if (rc <= 0) ++ { ++ grub_error (GRUB_ERR_INVALID_COMMAND, ++ N_("%s has invalid signature"), argv[0]); ++ goto fail; ++ } + } + + cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE); +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index f8a34cd..cf89ced 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -1096,6 +1096,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + + return 0; + } ++ // -1 fall-through to fail + + grub_file_close (file); + grub_device_close (dev); +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index e372b26..f6d30bc 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -34,6 +34,7 @@ struct grub_efi_shim_lock + }; + typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; + ++// Returns 1 on success, -1 on error, 0 when not available + int + grub_linuxefi_secure_validate (void *data, grub_uint32_t size) + { +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index 2929da7..e357bf6 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -199,7 +199,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + if (grub_efi_secure_boot ()) + { + rc = grub_linuxefi_secure_validate (kernel, filelen); +- if (rc < 0) ++ if (rc <= 0) + { + grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), + argv[0]); diff --git a/debian/patches/0097-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch b/debian/patches/0097-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch new file mode 100644 index 000000000..4f39e43f7 --- /dev/null +++ b/debian/patches/0097-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch @@ -0,0 +1,83 @@ +From: Chris Coulson +Date: Wed, 22 Jul 2020 17:06:04 +0100 +Subject: Fix a regression caused by "efi: fix some malformed device path + arithmetic errors" + +This commit introduced a bogus check inside copy_file_path to +determine whether the destination grub_efi_file_path_device_path_t +was valid before anything was copied to it. Depending on the +contents of the heap buffer, this check could fail which would +result in copy_file_path returning early. + +Without any error propagated to the caller, make_file_path would +then try to advance the invalid device path node with +GRUB_EFI_NEXT_DEVICE_PATH, which would also fail, returning a NULL +pointer that would subsequently be dereferenced. + +Remove the bogus check, and also propagate errors from copy_file_path. +--- + grub-core/loader/efi/chainloader.c | 25 +++++++++++++------------ + 1 file changed, 13 insertions(+), 12 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index cf89ced..d0c5307 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -116,7 +116,7 @@ grub_chainloader_boot (void) + return grub_errno; + } + +-static void ++static grub_err_t + copy_file_path (grub_efi_file_path_device_path_t *fp, + const char *str, grub_efi_uint16_t len) + { +@@ -126,15 +126,9 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, + fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; + fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; + +- if (!GRUB_EFI_DEVICE_PATH_VALID ((grub_efi_device_path_t *)fp)) +- { +- grub_error (GRUB_ERR_BAD_ARGUMENT, "EFI Device Path is invalid"); +- return; +- } +- + path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); + if (!path_name) +- return; ++ return grub_error (GRUB_ERR_OUT_OF_MEMORY, "failed to allocate path buffer"); + + size = grub_utf8_to_utf16 (path_name, len * GRUB_MAX_UTF16_PER_UTF8, + (const grub_uint8_t *) str, len, 0); +@@ -147,6 +141,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, + fp->path_name[size++] = '\0'; + fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp); + grub_free (path_name); ++ return GRUB_ERR_NONE; + } + + static grub_efi_device_path_t * +@@ -204,13 +199,19 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + /* Fill the file path for the directory. */ + d = (grub_efi_device_path_t *) ((char *) file_path + + ((char *) d - (char *) dp)); +- copy_file_path ((grub_efi_file_path_device_path_t *) d, +- dir_start, dir_end - dir_start); ++ if (copy_file_path ((grub_efi_file_path_device_path_t *) d, ++ dir_start, dir_end - dir_start) != GRUB_ERR_NONE) ++ { ++ fail: ++ grub_free (file_path); ++ return 0; ++ } + + /* Fill the file path for the file. */ + d = GRUB_EFI_NEXT_DEVICE_PATH (d); +- copy_file_path ((grub_efi_file_path_device_path_t *) d, +- dir_end + 1, grub_strlen (dir_end + 1)); ++ if (copy_file_path ((grub_efi_file_path_device_path_t *) d, ++ dir_end + 1, grub_strlen (dir_end + 1)) != GRUB_ERR_NONE) ++ goto fail; + + /* Fill the end of device path nodes. */ + d = GRUB_EFI_NEXT_DEVICE_PATH (d); diff --git a/debian/patches/0098-efi-Fix-use-after-free-in-halt-reboot-path.patch b/debian/patches/0098-efi-Fix-use-after-free-in-halt-reboot-path.patch new file mode 100644 index 000000000..d87eb3e15 --- /dev/null +++ b/debian/patches/0098-efi-Fix-use-after-free-in-halt-reboot-path.patch @@ -0,0 +1,174 @@ +From: Alexey Makhalov +Date: Mon, 20 Jul 2020 23:03:05 +0000 +Subject: efi: Fix use-after-free in halt/reboot path + +commit 92bfc33db984 ("efi: Free malloc regions on exit") +introduced memory freeing in grub_efi_fini(), which is +used not only by exit path but by halt/reboot one as well. +As result of memory freeing, code and data regions used by +modules, such as halt, reboot, acpi (used by halt) also got +freed. After return to module code, CPU executes, filled +by UEFI firmware (tested with edk2), 0xAFAFAFAF pattern as +a code. Which leads to #UD exception later. + +grub> halt +!!!! X64 Exception Type - 06(#UD - Invalid Opcode) CPU Apic ID - 00000000 !!!! +RIP - 0000000003F4EC28, CS - 0000000000000038, RFLAGS - 0000000000200246 +RAX - 0000000000000000, RCX - 00000000061DA188, RDX - 0A74C0854DC35D41 +RBX - 0000000003E10E08, RSP - 0000000007F0F860, RBP - 0000000000000000 +RSI - 00000000064DB768, RDI - 000000000832C5C3 +R8 - 0000000000000002, R9 - 0000000000000000, R10 - 00000000061E2E52 +R11 - 0000000000000020, R12 - 0000000003EE5C1F, R13 - 00000000061E0FF4 +R14 - 0000000003E10D80, R15 - 00000000061E2F60 +DS - 0000000000000030, ES - 0000000000000030, FS - 0000000000000030 +GS - 0000000000000030, SS - 0000000000000030 +CR0 - 0000000080010033, CR2 - 0000000000000000, CR3 - 0000000007C01000 +CR4 - 0000000000000668, CR8 - 0000000000000000 +DR0 - 0000000000000000, DR1 - 0000000000000000, DR2 - 0000000000000000 +DR3 - 0000000000000000, DR6 - 00000000FFFF0FF0, DR7 - 0000000000000400 +GDTR - 00000000079EEA98 0000000000000047, LDTR - 0000000000000000 +IDTR - 0000000007598018 0000000000000FFF, TR - 0000000000000000 +FXSAVE_STATE - 0000000007F0F4C0 + +Proposal here is to continue to free allocated memory for +exit boot services path but keep it for halt/reboot path +as it won't be much security concern here. +Introduced GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY +loader flag to be used by efi halt/reboot path. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Darren Kenny +--- + grub-core/kern/arm/efi/init.c | 3 +++ + grub-core/kern/arm64/efi/init.c | 3 +++ + grub-core/kern/efi/efi.c | 3 ++- + grub-core/kern/efi/init.c | 1 - + grub-core/kern/i386/efi/init.c | 9 +++++++-- + grub-core/kern/ia64/efi/init.c | 9 +++++++-- + grub-core/kern/riscv/efi/init.c | 3 +++ + grub-core/lib/efi/halt.c | 3 ++- + include/grub/loader.h | 1 + + 9 files changed, 28 insertions(+), 7 deletions(-) + +diff --git a/grub-core/kern/arm/efi/init.c b/grub-core/kern/arm/efi/init.c +index 06df60e..40c3b46 100644 +--- a/grub-core/kern/arm/efi/init.c ++++ b/grub-core/kern/arm/efi/init.c +@@ -71,4 +71,7 @@ grub_machine_fini (int flags) + efi_call_1 (b->close_event, tmr_evt); + + grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/arm64/efi/init.c b/grub-core/kern/arm64/efi/init.c +index 6224999..5010cae 100644 +--- a/grub-core/kern/arm64/efi/init.c ++++ b/grub-core/kern/arm64/efi/init.c +@@ -57,4 +57,7 @@ grub_machine_fini (int flags) + return; + + grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index b1a8b39..88bbd34 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -157,7 +157,8 @@ grub_efi_get_loaded_image (grub_efi_handle_t image_handle) + void + grub_reboot (void) + { +- grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); ++ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN | ++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY); + efi_call_4 (grub_efi_system_table->runtime_services->reset_system, + GRUB_EFI_RESET_COLD, GRUB_EFI_SUCCESS, 0, NULL); + for (;;) ; +diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c +index 3dfdf2d..2c31847 100644 +--- a/grub-core/kern/efi/init.c ++++ b/grub-core/kern/efi/init.c +@@ -80,5 +80,4 @@ grub_efi_fini (void) + { + grub_efidisk_fini (); + grub_console_fini (); +- grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/i386/efi/init.c b/grub-core/kern/i386/efi/init.c +index da499ab..deb2eac 100644 +--- a/grub-core/kern/i386/efi/init.c ++++ b/grub-core/kern/i386/efi/init.c +@@ -39,6 +39,11 @@ grub_machine_init (void) + void + grub_machine_fini (int flags) + { +- if (flags & GRUB_LOADER_FLAG_NORETURN) +- grub_efi_fini (); ++ if (!(flags & GRUB_LOADER_FLAG_NORETURN)) ++ return; ++ ++ grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/ia64/efi/init.c b/grub-core/kern/ia64/efi/init.c +index b5ecbd0..f196557 100644 +--- a/grub-core/kern/ia64/efi/init.c ++++ b/grub-core/kern/ia64/efi/init.c +@@ -70,6 +70,11 @@ grub_machine_init (void) + void + grub_machine_fini (int flags) + { +- if (flags & GRUB_LOADER_FLAG_NORETURN) +- grub_efi_fini (); ++ if (!(flags & GRUB_LOADER_FLAG_NORETURN)) ++ return; ++ ++ grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/kern/riscv/efi/init.c b/grub-core/kern/riscv/efi/init.c +index 7eb1969..38795fe 100644 +--- a/grub-core/kern/riscv/efi/init.c ++++ b/grub-core/kern/riscv/efi/init.c +@@ -73,4 +73,7 @@ grub_machine_fini (int flags) + return; + + grub_efi_fini (); ++ ++ if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) ++ grub_efi_memory_fini (); + } +diff --git a/grub-core/lib/efi/halt.c b/grub-core/lib/efi/halt.c +index 5859f04..29d4136 100644 +--- a/grub-core/lib/efi/halt.c ++++ b/grub-core/lib/efi/halt.c +@@ -28,7 +28,8 @@ + void + grub_halt (void) + { +- grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); ++ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN | ++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY); + #if !defined(__ia64__) && !defined(__arm__) && !defined(__aarch64__) && \ + !defined(__riscv) + grub_acpi_halt (); +diff --git a/include/grub/loader.h b/include/grub/loader.h +index 7f82a49..b208642 100644 +--- a/include/grub/loader.h ++++ b/include/grub/loader.h +@@ -33,6 +33,7 @@ enum + { + GRUB_LOADER_FLAG_NORETURN = 1, + GRUB_LOADER_FLAG_PXE_NOT_UNLOAD = 2, ++ GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY = 4, + }; + + void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), diff --git a/debian/patches/0099-chainloader-Avoid-a-double-free-when-validation-fail.patch b/debian/patches/0099-chainloader-Avoid-a-double-free-when-validation-fail.patch new file mode 100644 index 000000000..3ac8daafc --- /dev/null +++ b/debian/patches/0099-chainloader-Avoid-a-double-free-when-validation-fail.patch @@ -0,0 +1,41 @@ +From: Chris Coulson +Date: Thu, 23 Jul 2020 14:02:17 +0100 +Subject: chainloader: Avoid a double free when validation fails + +--- + grub-core/loader/efi/chainloader.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index d0c5307..144a654 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -1085,6 +1085,9 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + if (rc > 0) + { + grub_file_close (file); ++ if (orig_dev) ++ dev = orig_dev; ++ grub_device_close (dev); + grub_loader_set (grub_secureboot_chainloader_boot, + grub_secureboot_chainloader_unload, 0); + return 0; +@@ -1093,15 +1096,15 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + { + grub_load_and_start_image(boot_image); + grub_file_close (file); ++ if (orig_dev) ++ dev = orig_dev; ++ grub_device_close (dev); + grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); + + return 0; + } + // -1 fall-through to fail + +- grub_file_close (file); +- grub_device_close (dev); +- + fail: + if (orig_dev) + { diff --git a/debian/patches/0100-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch b/debian/patches/0100-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch new file mode 100644 index 000000000..89fa52e5b --- /dev/null +++ b/debian/patches/0100-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch @@ -0,0 +1,145 @@ +From: Alexey Makhalov +Date: Wed, 15 Jul 2020 06:42:37 +0000 +Subject: relocator: Protect grub_relocator_alloc_chunk_addr() input args + against integer underflow/overflow + +Use arithmetic macros from safemath.h to accomplish it. In this commit, +I didn't want to be too paranoid to check every possible math equation +for overflow/underflow. Only obvious places (with non zero chance of +overflow/underflow) were refactored. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/loader/i386/linux.c | 9 +++++++-- + grub-core/loader/i386/pc/linux.c | 9 +++++++-- + grub-core/loader/i386/xen.c | 12 ++++++++++-- + grub-core/loader/xnu.c | 11 +++++++---- + 4 files changed, 31 insertions(+), 10 deletions(-) + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 991eb29..4e14eb1 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -550,9 +551,13 @@ grub_linux_boot (void) + + { + grub_relocator_chunk_t ch; ++ grub_size_t sz; ++ ++ if (grub_add (ctx.real_size, efi_mmap_size, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ + err = grub_relocator_alloc_chunk_addr (relocator, &ch, +- ctx.real_mode_target, +- (ctx.real_size + efi_mmap_size)); ++ ctx.real_mode_target, sz); + if (err) + return err; + real_mode_mem = get_virtual_current_address (ch); +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index 3866f04..81ab3c0 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -231,8 +232,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + setup_sects = GRUB_LINUX_DEFAULT_SETUP_SECTS; + + real_size = setup_sects << GRUB_DISK_SECTOR_BITS; +- grub_linux16_prot_size = grub_file_size (file) +- - real_size - GRUB_DISK_SECTOR_SIZE; ++ if (grub_sub (grub_file_size (file), real_size, &grub_linux16_prot_size) || ++ grub_sub (grub_linux16_prot_size, GRUB_DISK_SECTOR_SIZE, &grub_linux16_prot_size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + + if (! grub_linux_is_bzimage + && GRUB_LINUX_ZIMAGE_ADDR + grub_linux16_prot_size +diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c +index 8f662c8..cd24874 100644 +--- a/grub-core/loader/i386/xen.c ++++ b/grub-core/loader/i386/xen.c +@@ -41,6 +41,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -636,6 +637,7 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)), + grub_relocator_chunk_t ch; + grub_addr_t kern_start; + grub_addr_t kern_end; ++ grub_size_t sz; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -703,8 +705,14 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)), + + xen_state.max_addr = ALIGN_UP (kern_end, PAGE_SIZE); + +- err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start, +- kern_end - kern_start); ++ ++ if (grub_sub (kern_end, kern_start, &sz)) ++ { ++ err = GRUB_ERR_OUT_OF_RANGE; ++ goto fail; ++ } ++ ++ err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start, sz); + if (err) + goto fail; + kern_chunk_src = get_virtual_current_address (ch); +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index 2f0ebd0..3fd6539 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -60,15 +61,17 @@ grub_xnu_heap_malloc (int size, void **src, grub_addr_t *target) + { + grub_err_t err; + grub_relocator_chunk_t ch; ++ grub_addr_t tgt; ++ ++ if (grub_add (grub_xnu_heap_target_start, grub_xnu_heap_size, &tgt)) ++ return GRUB_ERR_OUT_OF_RANGE; + +- err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, +- grub_xnu_heap_target_start +- + grub_xnu_heap_size, size); ++ err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, tgt, size); + if (err) + return err; + + *src = get_virtual_current_address (ch); +- *target = grub_xnu_heap_target_start + grub_xnu_heap_size; ++ *target = tgt; + grub_xnu_heap_size += size; + grub_dprintf ("xnu", "val=%p\n", *src); + return GRUB_ERR_NONE; diff --git a/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch b/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch new file mode 100644 index 000000000..fa8e2001f --- /dev/null +++ b/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch @@ -0,0 +1,333 @@ +From: Alexey Makhalov +Date: Wed, 8 Jul 2020 01:44:38 +0000 +Subject: relocator: Protect grub_relocator_alloc_chunk_align() max_addr + against integer underflow + +This commit introduces integer underflow mitigation in max_addr calculation +in grub_relocator_alloc_chunk_align() invocation. + +It consists of 2 fixes: + 1. Introduced grub_relocator_alloc_chunk_align_safe() wrapper function to perform + sanity check for min/max and size values, and to make safe invocation of + grub_relocator_alloc_chunk_align() with validated max_addr value. Replace all + invocations such as grub_relocator_alloc_chunk_align(..., min_addr, max_addr - size, size, ...) + by grub_relocator_alloc_chunk_align_safe(..., min_addr, max_addr, size, ...). + 2. Introduced UP_TO_TOP32(s) macro for the cases where max_addr is 32-bit top + address (0xffffffff - size + 1) or similar. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/lib/i386/relocator.c | 28 +++++++++++----------------- + grub-core/lib/mips/relocator.c | 6 ++---- + grub-core/lib/powerpc/relocator.c | 6 ++---- + grub-core/lib/x86_64/efi/relocator.c | 7 +++---- + grub-core/loader/i386/linux.c | 5 ++--- + grub-core/loader/i386/multiboot_mbi.c | 7 +++---- + grub-core/loader/i386/pc/linux.c | 6 ++---- + grub-core/loader/mips/linux.c | 9 +++------ + grub-core/loader/multiboot.c | 2 +- + grub-core/loader/multiboot_elfxx.c | 10 +++++----- + grub-core/loader/multiboot_mbi2.c | 10 +++++----- + grub-core/loader/xnu_resume.c | 2 +- + include/grub/relocator.h | 29 +++++++++++++++++++++++++++++ + 13 files changed, 69 insertions(+), 58 deletions(-) + +diff --git a/grub-core/lib/i386/relocator.c b/grub-core/lib/i386/relocator.c +index 71dd4f0..34cbe83 100644 +--- a/grub-core/lib/i386/relocator.c ++++ b/grub-core/lib/i386/relocator.c +@@ -83,11 +83,10 @@ grub_relocator32_boot (struct grub_relocator *rel, + /* Specific memory range due to Global Descriptor Table for use by payload + that we will store in returned chunk. The address range and preference + are based on "THE LINUX/x86 BOOT PROTOCOL" specification. */ +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x1000, +- 0x9a000 - RELOCATOR_SIZEOF (32), +- RELOCATOR_SIZEOF (32), 16, +- GRUB_RELOCATOR_PREFERENCE_LOW, +- avoid_efi_bootservices); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x1000, 0x9a000, ++ RELOCATOR_SIZEOF (32), 16, ++ GRUB_RELOCATOR_PREFERENCE_LOW, ++ avoid_efi_bootservices); + if (err) + return err; + +@@ -125,13 +124,10 @@ grub_relocator16_boot (struct grub_relocator *rel, + grub_relocator_chunk_t ch; + + /* Put it higher than the byte it checks for A20 check. */ +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x8010, +- 0xa0000 - RELOCATOR_SIZEOF (16) +- - GRUB_RELOCATOR16_STACK_SIZE, +- RELOCATOR_SIZEOF (16) +- + GRUB_RELOCATOR16_STACK_SIZE, 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, +- 0); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x8010, 0xa0000, ++ RELOCATOR_SIZEOF (16) + ++ GRUB_RELOCATOR16_STACK_SIZE, 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + +@@ -183,11 +179,9 @@ grub_relocator64_boot (struct grub_relocator *rel, + void *relst; + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, min_addr, +- max_addr - RELOCATOR_SIZEOF (64), +- RELOCATOR_SIZEOF (64), 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, +- 0); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, min_addr, max_addr, ++ RELOCATOR_SIZEOF (64), 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + +diff --git a/grub-core/lib/mips/relocator.c b/grub-core/lib/mips/relocator.c +index 9d5f49c..743b213 100644 +--- a/grub-core/lib/mips/relocator.c ++++ b/grub-core/lib/mips/relocator.c +@@ -120,10 +120,8 @@ grub_relocator32_boot (struct grub_relocator *rel, + unsigned i; + grub_addr_t vtarget; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- (0xffffffff - stateset_size) +- + 1, stateset_size, +- sizeof (grub_uint32_t), ++ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size), ++ stateset_size, sizeof (grub_uint32_t), + GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; +diff --git a/grub-core/lib/powerpc/relocator.c b/grub-core/lib/powerpc/relocator.c +index bdf2b11..8ffb8b6 100644 +--- a/grub-core/lib/powerpc/relocator.c ++++ b/grub-core/lib/powerpc/relocator.c +@@ -115,10 +115,8 @@ grub_relocator32_boot (struct grub_relocator *rel, + unsigned i; + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- (0xffffffff - stateset_size) +- + 1, stateset_size, +- sizeof (grub_uint32_t), ++ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size), ++ stateset_size, sizeof (grub_uint32_t), + GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; +diff --git a/grub-core/lib/x86_64/efi/relocator.c b/grub-core/lib/x86_64/efi/relocator.c +index 3caef7a..7d200a1 100644 +--- a/grub-core/lib/x86_64/efi/relocator.c ++++ b/grub-core/lib/x86_64/efi/relocator.c +@@ -50,10 +50,9 @@ grub_relocator64_efi_boot (struct grub_relocator *rel, + * 64-bit relocator code may live above 4 GiB quite well. + * However, I do not want ask for problems. Just in case. + */ +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- 0x100000000 - RELOCATOR_SIZEOF (64_efi), +- RELOCATOR_SIZEOF (64_efi), 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, 1); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0, 0x100000000, ++ RELOCATOR_SIZEOF (64_efi), 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) + return err; + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 4e14eb1..04bd78a 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -184,9 +184,8 @@ allocate_pages (grub_size_t prot_size, grub_size_t *align, + for (; err && *align + 1 > min_align; (*align)--) + { + grub_errno = GRUB_ERR_NONE; +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- 0x1000000, +- 0xffffffff & ~prot_size, ++ err = grub_relocator_alloc_chunk_align (relocator, &ch, 0x1000000, ++ UP_TO_TOP32 (prot_size), + prot_size, 1 << *align, + GRUB_RELOCATOR_PREFERENCE_LOW, + 1); +diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c +index ad3cc29..a67d9d0 100644 +--- a/grub-core/loader/i386/multiboot_mbi.c ++++ b/grub-core/loader/i386/multiboot_mbi.c +@@ -466,10 +466,9 @@ grub_multiboot_make_mbi (grub_uint32_t *target) + + bufsize = grub_multiboot_get_mbi_size (); + +- err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch, +- 0x10000, 0xa0000 - bufsize, +- bufsize, 4, +- GRUB_RELOCATOR_PREFERENCE_NONE, 0); ++ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot_relocator, &ch, ++ 0x10000, 0xa0000, bufsize, 4, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + ptrorig = get_virtual_current_address (ch); +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index 81ab3c0..6400a5b 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -463,10 +463,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + + { + grub_relocator_chunk_t ch; +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- addr_min, addr_max - size, +- size, 0x1000, +- GRUB_RELOCATOR_PREFERENCE_HIGH, 0); ++ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, addr_min, addr_max, size, ++ 0x1000, GRUB_RELOCATOR_PREFERENCE_HIGH, 0); + if (err) + return err; + initrd_chunk = get_virtual_current_address (ch); +diff --git a/grub-core/loader/mips/linux.c b/grub-core/loader/mips/linux.c +index 7b723bf..e4ed959 100644 +--- a/grub-core/loader/mips/linux.c ++++ b/grub-core/loader/mips/linux.c +@@ -442,12 +442,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + { + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- (target_addr & 0x1fffffff) +- + linux_size + 0x10000, +- (0x10000000 - size), +- size, 0x10000, +- GRUB_RELOCATOR_PREFERENCE_NONE, 0); ++ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, (target_addr & 0x1fffffff) + ++ linux_size + 0x10000, 0x10000000, size, ++ 0x10000, GRUB_RELOCATOR_PREFERENCE_NONE, 0); + + if (err) + goto fail; +diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c +index 3e6ad16..3e28690 100644 +--- a/grub-core/loader/multiboot.c ++++ b/grub-core/loader/multiboot.c +@@ -404,7 +404,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), + { + grub_relocator_chunk_t ch; + err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, +- lowest_addr, (0xffffffff - size) + 1, ++ lowest_addr, UP_TO_TOP32 (size), + size, MULTIBOOT_MOD_ALIGN, + GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) +diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c +index cc68536..f2318e0 100644 +--- a/grub-core/loader/multiboot_elfxx.c ++++ b/grub-core/loader/multiboot_elfxx.c +@@ -109,10 +109,10 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + if (load_size > mld->max_addr || mld->min_addr > mld->max_addr - load_size) + return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size"); + +- err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, +- mld->min_addr, mld->max_addr - load_size, +- load_size, mld->align ? mld->align : 1, +- mld->preference, mld->avoid_efi_boot_services); ++ err = grub_relocator_alloc_chunk_align_safe (GRUB_MULTIBOOT (relocator), &ch, ++ mld->min_addr, mld->max_addr, ++ load_size, mld->align ? mld->align : 1, ++ mld->preference, mld->avoid_efi_boot_services); + + if (err) + { +@@ -256,7 +256,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) + continue; + + err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, 0, +- (0xffffffff - sh->sh_size) + 1, ++ UP_TO_TOP32 (sh->sh_size), + sh->sh_size, sh->sh_addralign, + GRUB_RELOCATOR_PREFERENCE_NONE, + mld->avoid_efi_boot_services); +diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c +index 53da786..3ec2092 100644 +--- a/grub-core/loader/multiboot_mbi2.c ++++ b/grub-core/loader/multiboot_mbi2.c +@@ -295,10 +295,10 @@ grub_multiboot2_load (grub_file_t file, const char *filename) + return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size"); + } + +- err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch, +- mld.min_addr, mld.max_addr - code_size, +- code_size, mld.align ? mld.align : 1, +- mld.preference, keep_bs); ++ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot2_relocator, &ch, ++ mld.min_addr, mld.max_addr, ++ code_size, mld.align ? mld.align : 1, ++ mld.preference, keep_bs); + } + else + err = grub_relocator_alloc_chunk_addr (grub_multiboot2_relocator, +@@ -708,7 +708,7 @@ grub_multiboot2_make_mbi (grub_uint32_t *target) + COMPILE_TIME_ASSERT (MULTIBOOT_TAG_ALIGN % sizeof (grub_properly_aligned_t) == 0); + + err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch, +- 0, 0xffffffff - bufsize, ++ 0, UP_TO_TOP32 (bufsize), + bufsize, MULTIBOOT_TAG_ALIGN, + GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) +diff --git a/grub-core/loader/xnu_resume.c b/grub-core/loader/xnu_resume.c +index 8089804..d648ef0 100644 +--- a/grub-core/loader/xnu_resume.c ++++ b/grub-core/loader/xnu_resume.c +@@ -129,7 +129,7 @@ grub_xnu_resume (char *imagename) + { + grub_relocator_chunk_t ch; + err = grub_relocator_alloc_chunk_align (grub_xnu_relocator, &ch, 0, +- (0xffffffff - hibhead.image_size) + 1, ++ UP_TO_TOP32 (hibhead.image_size), + hibhead.image_size, + GRUB_XNU_PAGESIZE, + GRUB_RELOCATOR_PREFERENCE_NONE, 0); +diff --git a/include/grub/relocator.h b/include/grub/relocator.h +index 24d8672..1b3bdd9 100644 +--- a/include/grub/relocator.h ++++ b/include/grub/relocator.h +@@ -49,6 +49,35 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel, + int preference, + int avoid_efi_boot_services); + ++/* ++ * Wrapper for grub_relocator_alloc_chunk_align() with purpose of ++ * protecting against integer underflow. ++ * ++ * Compare to its callee, max_addr has different meaning here. ++ * It covers entire chunk and not just start address of the chunk. ++ */ ++static inline grub_err_t ++grub_relocator_alloc_chunk_align_safe (struct grub_relocator *rel, ++ grub_relocator_chunk_t *out, ++ grub_phys_addr_t min_addr, ++ grub_phys_addr_t max_addr, ++ grub_size_t size, grub_size_t align, ++ int preference, ++ int avoid_efi_boot_services) ++{ ++ /* Sanity check and ensure following equation (max_addr - size) is safe. */ ++ if (max_addr < size || (max_addr - size) < min_addr) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ return grub_relocator_alloc_chunk_align (rel, out, min_addr, ++ max_addr - size, ++ size, align, preference, ++ avoid_efi_boot_services); ++} ++ ++/* Top 32-bit address minus s bytes and plus 1 byte. */ ++#define UP_TO_TOP32(s) ((~(s) & 0xffffffff) + 1) ++ + #define GRUB_RELOCATOR_PREFERENCE_NONE 0 + #define GRUB_RELOCATOR_PREFERENCE_LOW 1 + #define GRUB_RELOCATOR_PREFERENCE_HIGH 2 diff --git a/debian/patches/0102-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch b/debian/patches/0102-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch new file mode 100644 index 000000000..d686ec815 --- /dev/null +++ b/debian/patches/0102-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch @@ -0,0 +1,41 @@ +From: Alexey Makhalov +Date: Fri, 17 Jul 2020 05:17:26 +0000 +Subject: relocator: Fix grub_relocator_alloc_chunk_align() top memory + allocation + +Current implementation of grub_relocator_alloc_chunk_align() +does not allow allocation of the top byte. + +Assuming input args are: + max_addr = 0xfffff000; + size = 0x1000; + +And this is valid. But following overflow protection will +unnecessarily move max_addr one byte down (to 0xffffefff): + if (max_addr > ~size) + max_addr = ~size; + +~size + 1 will fix the situation. In addition, check size +for non zero to do not zero max_addr. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/lib/relocator.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c +index 5847aac..f2c1944 100644 +--- a/grub-core/lib/relocator.c ++++ b/grub-core/lib/relocator.c +@@ -1386,8 +1386,8 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel, + }; + grub_addr_t min_addr2 = 0, max_addr2; + +- if (max_addr > ~size) +- max_addr = ~size; ++ if (size && (max_addr > ~size)) ++ max_addr = ~size + 1; + + #ifdef GRUB_MACHINE_PCBIOS + if (min_addr < 0x1000) diff --git a/debian/patches/0103-linux-loader-avoid-overflow-on-initrd-size-calculati.patch b/debian/patches/0103-linux-loader-avoid-overflow-on-initrd-size-calculati.patch new file mode 100644 index 000000000..46f21836e --- /dev/null +++ b/debian/patches/0103-linux-loader-avoid-overflow-on-initrd-size-calculati.patch @@ -0,0 +1,24 @@ +From: Peter Jones +Date: Fri, 24 Jul 2020 13:57:27 -0400 +Subject: linux loader: avoid overflow on initrd size calculation + +Signed-off-by: Peter Jones +--- + grub-core/loader/linux.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c +index 471b214..25624eb 100644 +--- a/grub-core/loader/linux.c ++++ b/grub-core/loader/linux.c +@@ -151,8 +151,8 @@ grub_initrd_init (int argc, char *argv[], + initrd_ctx->nfiles = 0; + initrd_ctx->components = 0; + +- initrd_ctx->components = grub_zalloc (argc +- * sizeof (initrd_ctx->components[0])); ++ initrd_ctx->components = grub_calloc (argc, ++ sizeof (initrd_ctx->components[0])); + if (!initrd_ctx->components) + return grub_errno; + diff --git a/debian/patches/0104-linux-Fix-integer-overflows-in-initrd-size-handling.patch b/debian/patches/0104-linux-Fix-integer-overflows-in-initrd-size-handling.patch new file mode 100644 index 000000000..0fb1a543c --- /dev/null +++ b/debian/patches/0104-linux-Fix-integer-overflows-in-initrd-size-handling.patch @@ -0,0 +1,164 @@ +From: Colin Watson +Date: Sat, 25 Jul 2020 12:15:37 +0100 +Subject: linux: Fix integer overflows in initrd size handling + +These could be triggered by a crafted filesystem with very large files. + +Fixes: CVE-2020-15707 + +Signed-off-by: Colin Watson +Reviewed-by: Jan Setje-Eilers +--- + grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++++++++------------- + 1 file changed, 54 insertions(+), 20 deletions(-) + +diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c +index 25624eb..e9f819e 100644 +--- a/grub-core/loader/linux.c ++++ b/grub-core/loader/linux.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + + struct newc_head + { +@@ -98,13 +99,13 @@ free_dir (struct dir *root) + grub_free (root); + } + +-static grub_size_t ++static grub_err_t + insert_dir (const char *name, struct dir **root, +- grub_uint8_t *ptr) ++ grub_uint8_t *ptr, grub_size_t *size) + { + struct dir *cur, **head = root; + const char *cb, *ce = name; +- grub_size_t size = 0; ++ *size = 0; + while (1) + { + for (cb = ce; *cb == '/'; cb++); +@@ -130,14 +131,22 @@ insert_dir (const char *name, struct dir **root, + ptr = make_header (ptr, name, ce - name, + 040777, 0); + } +- size += ALIGN_UP ((ce - (char *) name) +- + sizeof (struct newc_head), 4); ++ if (grub_add (*size, ++ ALIGN_UP ((ce - (char *) name) ++ + sizeof (struct newc_head), 4), ++ size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ grub_free (n->name); ++ grub_free (n); ++ return grub_errno; ++ } + *head = n; + cur = n; + } + root = &cur->next; + } +- return size; ++ return GRUB_ERR_NONE; + } + + grub_err_t +@@ -173,26 +182,33 @@ grub_initrd_init (int argc, char *argv[], + eptr = grub_strchr (ptr, ':'); + if (eptr) + { ++ grub_size_t dir_size, name_len; ++ + initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr); +- if (!initrd_ctx->components[i].newc_name) ++ if (!initrd_ctx->components[i].newc_name || ++ insert_dir (initrd_ctx->components[i].newc_name, &root, 0, ++ &dir_size)) + { + grub_initrd_close (initrd_ctx); + return grub_errno; + } +- initrd_ctx->size +- += ALIGN_UP (sizeof (struct newc_head) +- + grub_strlen (initrd_ctx->components[i].newc_name), +- 4); +- initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name, +- &root, 0); ++ name_len = grub_strlen (initrd_ctx->components[i].newc_name); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) + name_len, 4), ++ &initrd_ctx->size) || ++ grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size)) ++ goto overflow; + newc = 1; + fname = eptr + 1; + } + } + else if (newc) + { +- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) +- + sizeof ("TRAILER!!!") - 1, 4); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) ++ + sizeof ("TRAILER!!!") - 1, 4), ++ &initrd_ctx->size)) ++ goto overflow; + free_dir (root); + root = 0; + newc = 0; +@@ -208,19 +224,29 @@ grub_initrd_init (int argc, char *argv[], + initrd_ctx->nfiles++; + initrd_ctx->components[i].size + = grub_file_size (initrd_ctx->components[i].file); +- initrd_ctx->size += initrd_ctx->components[i].size; ++ if (grub_add (initrd_ctx->size, initrd_ctx->components[i].size, ++ &initrd_ctx->size)) ++ goto overflow; + } + + if (newc) + { + initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4); +- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) +- + sizeof ("TRAILER!!!") - 1, 4); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) ++ + sizeof ("TRAILER!!!") - 1, 4), ++ &initrd_ctx->size)) ++ goto overflow; + free_dir (root); + root = 0; + } + + return GRUB_ERR_NONE; ++ ++overflow: ++ free_dir (root); ++ grub_initrd_close (initrd_ctx); ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + } + + grub_size_t +@@ -261,8 +287,16 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, + + if (initrd_ctx->components[i].newc_name) + { +- ptr += insert_dir (initrd_ctx->components[i].newc_name, +- &root, ptr); ++ grub_size_t dir_size; ++ ++ if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr, ++ &dir_size)) ++ { ++ free_dir (root); ++ grub_initrd_close (initrd_ctx); ++ return grub_errno; ++ } ++ ptr += dir_size; + ptr = make_header (ptr, initrd_ctx->components[i].newc_name, + grub_strlen (initrd_ctx->components[i].newc_name), + 0100777, diff --git a/debian/patches/0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch b/debian/patches/0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch new file mode 100644 index 000000000..329dc2ee5 --- /dev/null +++ b/debian/patches/0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch @@ -0,0 +1,49 @@ +From: Colin Watson +Date: Mon, 27 Jul 2020 14:22:12 +0100 +Subject: efilinux: Fix integer overflows in grub_cmd_initrd + +These could be triggered by an extremely large number of arguments to +the initrd command on 32-bit architectures, or a crafted filesystem with +very large files on any architecture. + +Fixes: CVE-2020-15707 + +Signed-off-by: Colin Watson +--- + grub-core/loader/i386/efi/linux.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index e357bf6..381459c 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -94,7 +95,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- files = grub_zalloc (argc * sizeof (files[0])); ++ files = grub_calloc (argc, sizeof (files[0])); + if (!files) + goto fail; + +@@ -104,7 +105,11 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + if (! files[i]) + goto fail; + nfiles++; +- size += ALIGN_UP (grub_file_size (files[i]), 4); ++ if (grub_add (size, ALIGN_UP (grub_file_size (files[i]), 4), &size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + } + + initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); diff --git a/debian/patches/0241-Call-hwmatch-only-on-the-grub-pc-platform.patch b/debian/patches/0241-Call-hwmatch-only-on-the-grub-pc-platform.patch new file mode 100644 index 000000000..9ae2fdfa8 --- /dev/null +++ b/debian/patches/0241-Call-hwmatch-only-on-the-grub-pc-platform.patch @@ -0,0 +1,47 @@ +From: Mauricio Faria de Oliveira +Date: Fri, 20 Aug 2021 10:15:06 -0300 +Subject: Call hwmatch only on the grub-pc platform + +Call hwmatch only on i386/pc as it is only available there. +This avoids "error: can't find command `hwmatch'." on e.g., x86_64/efi. + +The equivalent behavior is linux_gfx_mode=keep because grub is special: +the `if hwmatch` clause is true on that error and `$match = 0` is true +too, as it is undefined (confirmed in grub shell.) A quick fix for now. + +Before and After: + + grub> hwmatch + error: can't find command `hwmatch'. + + grub> echo $grub_platform + efi + + grub> echo $linux_gfx_mode + keep + +Signed-off-by: Mauricio Faria de Oliveira + +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1840560 +Bug-Debian: https://bugs.debian.org/990836 +Forwarded: no +Last-Update: 2020-08-20 +--- + util/grub.d/10_linux.in | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 47daf51..6aad5ba 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -378,7 +378,9 @@ else + cat << EOF + if [ "\${recordfail}" != 1 ]; then + if [ -e \${prefix}/gfxblacklist.txt ]; then +- if hwmatch \${prefix}/gfxblacklist.txt 3; then ++ if [ \${grub_platform} != pc ]; then ++ set linux_gfx_mode=keep ++ elif hwmatch \${prefix}/gfxblacklist.txt 3; then + if [ \${match} = 0 ]; then + set linux_gfx_mode=keep + else diff --git a/debian/patches/at_keyboard-module-init.patch b/debian/patches/at_keyboard-module-init.patch index e385168b5..605471406 100644 --- a/debian/patches/at_keyboard-module-init.patch +++ b/debian/patches/at_keyboard-module-init.patch @@ -1,4 +1,3 @@ -From 030f7c065c91bdfa93fbe666b7bc284af3bb5167 Mon Sep 17 00:00:00 2001 From: Jeroen Dekkers Date: Sat, 12 Jan 2019 21:02:18 +0100 Subject: at_keyboard: initialize keyboard in module init if keyboard is ready @@ -16,7 +15,7 @@ Patch-Name: at_keyboard-module-init.patch 1 file changed, 9 insertions(+) diff --git a/grub-core/term/at_keyboard.c b/grub-core/term/at_keyboard.c -index f0a986eb1..d4395c201 100644 +index f0a986e..d4395c2 100644 --- a/grub-core/term/at_keyboard.c +++ b/grub-core/term/at_keyboard.c @@ -244,6 +244,14 @@ grub_at_keyboard_getkey (struct grub_term_input *term __attribute__ ((unused))) diff --git a/debian/patches/bash-completion-drop-have-checks.patch b/debian/patches/bash-completion-drop-have-checks.patch index dd2896464..3d27e4230 100644 --- a/debian/patches/bash-completion-drop-have-checks.patch +++ b/debian/patches/bash-completion-drop-have-checks.patch @@ -1,4 +1,3 @@ -From c4f631afd9d93fcfdf4a8a41e72c37818220b31a Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Fri, 16 Nov 2018 16:37:02 +0000 Subject: bash-completion: Drop "have" checks @@ -12,11 +11,11 @@ Last-Update: 2018-11-16 Patch-Name: bash-completion-drop-have-checks.patch --- - .../bash-completion.d/grub-completion.bash.in | 39 +++++++------------ + util/bash-completion.d/grub-completion.bash.in | 39 +++++++++----------------- 1 file changed, 13 insertions(+), 26 deletions(-) diff --git a/util/bash-completion.d/grub-completion.bash.in b/util/bash-completion.d/grub-completion.bash.in -index 44bf135b9..d4235e7ef 100644 +index 44bf135..d4235e7 100644 --- a/util/bash-completion.d/grub-completion.bash.in +++ b/util/bash-completion.d/grub-completion.bash.in @@ -166,13 +166,11 @@ _grub_set_entry () { diff --git a/debian/patches/blacklist-1440x900x32.patch b/debian/patches/blacklist-1440x900x32.patch index 927df3ec9..5a6fb8d50 100644 --- a/debian/patches/blacklist-1440x900x32.patch +++ b/debian/patches/blacklist-1440x900x32.patch @@ -1,4 +1,3 @@ -From 49e89abd1779d3b755d3fbc56a7d4859f39f7792 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:11 +0000 Subject: Blacklist 1440x900x32 from VBE preferred mode handling @@ -13,7 +12,7 @@ Patch-Name: blacklist-1440x900x32.patch 1 file changed, 9 insertions(+) diff --git a/grub-core/video/i386/pc/vbe.c b/grub-core/video/i386/pc/vbe.c -index b7f911926..4b1bd7d5e 100644 +index b7f9119..4b1bd7d 100644 --- a/grub-core/video/i386/pc/vbe.c +++ b/grub-core/video/i386/pc/vbe.c @@ -1054,6 +1054,15 @@ grub_video_vbe_setup (unsigned int width, unsigned int height, diff --git a/debian/patches/bootp-new-net_bootp6-command.patch b/debian/patches/bootp-new-net_bootp6-command.patch index 82964a84c..7bd97d455 100644 --- a/debian/patches/bootp-new-net_bootp6-command.patch +++ b/debian/patches/bootp-new-net_bootp6-command.patch @@ -1,4 +1,3 @@ -From ed6f9313a2965716f779f23826e9f74f3074bc8b Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:41:04 -0400 Subject: bootp: New net_bootp6 command @@ -11,13 +10,13 @@ Signed-off-by: Ken Lin Patch-Name: bootp-new-net_bootp6-command.patch --- - grub-core/net/bootp.c | 908 +++++++++++++++++++++++++++++++++++++++++- - grub-core/net/ip.c | 39 ++ + grub-core/net/bootp.c | 908 +++++++++++++++++++++++++++++++++++++++++++++++++- + grub-core/net/ip.c | 39 +++ include/grub/net.h | 72 ++++ 3 files changed, 1018 insertions(+), 1 deletion(-) diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 04cfbb045..21c1824ef 100644 +index 04cfbb0..21c1824 100644 --- a/grub-core/net/bootp.c +++ b/grub-core/net/bootp.c @@ -24,6 +24,98 @@ @@ -969,7 +968,7 @@ index 04cfbb045..21c1824ef 100644 + grub_unregister_command (cmd_bootp6); } diff --git a/grub-core/net/ip.c b/grub-core/net/ip.c -index ea5edf8f1..01410798b 100644 +index ea5edf8..0141079 100644 --- a/grub-core/net/ip.c +++ b/grub-core/net/ip.c @@ -239,6 +239,45 @@ handle_dgram (struct grub_net_buff *nb, @@ -1019,7 +1018,7 @@ index ea5edf8f1..01410798b 100644 { const struct grub_net_bootp_packet *bootp; diff --git a/include/grub/net.h b/include/grub/net.h -index cc114286e..58cff96d2 100644 +index cc11428..58cff96 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -448,6 +448,66 @@ struct grub_net_bootp_packet diff --git a/debian/patches/bootp-process-dhcpack-http-boot.patch b/debian/patches/bootp-process-dhcpack-http-boot.patch index 6372a32bb..5bf8d4e20 100644 --- a/debian/patches/bootp-process-dhcpack-http-boot.patch +++ b/debian/patches/bootp-process-dhcpack-http-boot.patch @@ -1,4 +1,3 @@ -From cddbc2be5f993322a43b2660da588129c19b510a Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:42:19 -0400 Subject: bootp: Add processing DHCPACK packet from HTTP Boot @@ -19,12 +18,12 @@ Signed-off-by: Ken Lin Patch-Name: bootp-process-dhcpack-http-boot.patch --- - grub-core/net/bootp.c | 60 ++++++++++++++++++++++++++++++++++++++++++- + grub-core/net/bootp.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++- include/grub/net.h | 1 + 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c -index 21c1824ef..558d97ba1 100644 +index 21c1824..558d97b 100644 --- a/grub-core/net/bootp.c +++ b/grub-core/net/bootp.c @@ -154,7 +154,7 @@ struct grub_dhcp_request_options @@ -109,7 +108,7 @@ index 21c1824ef..558d97ba1 100644 }, GRUB_NET_BOOTP_END, diff --git a/include/grub/net.h b/include/grub/net.h -index 58cff96d2..b5f9e617e 100644 +index 58cff96..b5f9e61 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -523,6 +523,7 @@ enum diff --git a/debian/patches/cherry-fix-crash-on-http.patch b/debian/patches/cherry-fix-crash-on-http.patch new file mode 100644 index 000000000..99faa9ef5 --- /dev/null +++ b/debian/patches/cherry-fix-crash-on-http.patch @@ -0,0 +1,32 @@ +From: Gustavo Luiz Duarte +Date: Tue, 17 Sep 2019 17:44:58 +0200 +Subject: net: Fix crash on http + +Don't free file->data on receiving FIN flag since it is used all over +without checking. http_close() will be called later to free that memory. + +Fixes bug: https://bugzilla.redhat.com/show_bug.cgi?id=860834 + +Signed-off-by: Gustavo Luiz Duarte +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper +(cherry picked from commit fc085f7f1860cb864aa61bb3f248a970565a9055) + +Patch-Name: cherry-fix-crash-on-http.patch +--- + grub-core/net/http.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/net/http.c b/grub-core/net/http.c +index f182d7b..dfa849e 100644 +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -405,7 +405,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) + data->filename, server, port ? port : HTTP_PORT); + data->sock = grub_net_tcp_open (server, + port ? port : HTTP_PORT, http_receive, +- http_err, http_err, ++ http_err, NULL, + file); + if (!data->sock) + { diff --git a/debian/patches/cherrypick-lsefisystab-define-smbios3.patch b/debian/patches/cherrypick-lsefisystab-define-smbios3.patch new file mode 100644 index 000000000..2662b6075 --- /dev/null +++ b/debian/patches/cherrypick-lsefisystab-define-smbios3.patch @@ -0,0 +1,44 @@ +From: David Michael +Date: Fri, 5 Jul 2019 08:47:02 -0400 +Subject: lsefisystab: Define SMBIOS3 entry point structures for EFI + +This adds the GUID and includes it in lsefisystab output. + +Signed-off-by: David Michael +Reviewed-by: Leif Lindholm +Reviewed-by: Daniel Kiper +(cherry picked from commit 261df54f170c6d87258eb37ef17d62690720696b) +Patch-Name: cherrypick-lsefisystab-define-smbios3.patch +--- + grub-core/commands/efi/lsefisystab.c | 1 + + include/grub/efi/api.h | 5 +++++ + 2 files changed, 6 insertions(+) + +diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c +index df10302..7c039c5 100644 +--- a/grub-core/commands/efi/lsefisystab.c ++++ b/grub-core/commands/efi/lsefisystab.c +@@ -48,6 +48,7 @@ static const struct guid_mapping guid_mappings[] = + { GRUB_EFI_MPS_TABLE_GUID, "MPS"}, + { GRUB_EFI_SAL_TABLE_GUID, "SAL"}, + { GRUB_EFI_SMBIOS_TABLE_GUID, "SMBIOS"}, ++ { GRUB_EFI_SMBIOS3_TABLE_GUID, "SMBIOS3"}, + { GRUB_EFI_SYSTEM_RESOURCE_TABLE_GUID, "SYSTEM RESOURCE TABLE"}, + { GRUB_EFI_TIANO_CUSTOM_DECOMPRESS_GUID, "TIANO CUSTOM DECOMPRESS"}, + { GRUB_EFI_TSC_FREQUENCY_GUID, "TSC FREQUENCY"}, +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index 75befd1..9824fbc 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -314,6 +314,11 @@ + { 0x9a, 0x16, 0x0, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \ + } + ++#define GRUB_EFI_SMBIOS3_TABLE_GUID \ ++ { 0xf2fd1544, 0x9794, 0x4a2c, \ ++ { 0x99, 0x2e, 0xe5, 0xbb, 0xcf, 0x20, 0xe3, 0x94 } \ ++ } ++ + #define GRUB_EFI_SAL_TABLE_GUID \ + { 0xeb9d2d32, 0x2d88, 0x11d3, \ + { 0x9a, 0x16, 0x0, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \ diff --git a/debian/patches/cherrypick-lsefisystab-show-dtb.patch b/debian/patches/cherrypick-lsefisystab-show-dtb.patch new file mode 100644 index 000000000..0fb56022b --- /dev/null +++ b/debian/patches/cherrypick-lsefisystab-show-dtb.patch @@ -0,0 +1,39 @@ +From: Heinrich Schuchardt +Date: Sat, 6 Jul 2019 11:11:02 +0200 +Subject: lsefisystab: Add support for device tree table + +The device tree may passed by the firmware as UEFI configuration +table. Let lsefisystab display a short text and not only the GUID +for the device tree. + +Here is an example output: + + grub> lsefisystab + Address: 0xbff694d8 + Signature: 5453595320494249 revision: 00020046 + Vendor: Das U-Boot, Version=20190700 + 2 tables: + 0xbe741000 eb9d2d31-2d88-11d3-9a160090273fc14d SMBIOS + 0x87f00000 b1b621d5-f19c-41a5-830bd9152c69aae0 DEVICE TREE + +Signed-off-by: Heinrich Schuchardt +Reviewed-by: Leif Lindholm +Reviewed-by: Daniel Kiper +(cherry picked from commit 15cfd02b74e862bda20626a6e4e2f8a1d201733a) +Patch-Name: cherrypick-lsefisystab-show-dtb.patch +--- + grub-core/commands/efi/lsefisystab.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c +index 7c039c5..9027882 100644 +--- a/grub-core/commands/efi/lsefisystab.c ++++ b/grub-core/commands/efi/lsefisystab.c +@@ -40,6 +40,7 @@ static const struct guid_mapping guid_mappings[] = + { GRUB_EFI_CRC32_GUIDED_SECTION_EXTRACTION_GUID, + "CRC32 GUIDED SECTION EXTRACTION"}, + { GRUB_EFI_DEBUG_IMAGE_INFO_TABLE_GUID, "DEBUG IMAGE INFO"}, ++ { GRUB_EFI_DEVICE_TREE_GUID, "DEVICE TREE"}, + { GRUB_EFI_DXE_SERVICES_TABLE_GUID, "DXE SERVICES"}, + { GRUB_EFI_HCDP_TABLE_GUID, "HCDP"}, + { GRUB_EFI_HOB_LIST_GUID, "HOB LIST"}, diff --git a/debian/patches/cherrypick-smbios-module.patch b/debian/patches/cherrypick-smbios-module.patch new file mode 100644 index 000000000..eb1dd63fa --- /dev/null +++ b/debian/patches/cherrypick-smbios-module.patch @@ -0,0 +1,770 @@ +From: David Michael +Date: Fri, 5 Jul 2019 08:47:09 -0400 +Subject: smbios: Add a module for retrieving SMBIOS information + +The following are two use cases from Rajat Jain : + + 1) We have a board that boots Linux and this board itself can be plugged + into one of different chassis types. We need to pass different + parameters to the kernel based on the "CHASSIS_TYPE" information + that is passed by the bios in the DMI/SMBIOS tables. + + 2) We may have a USB stick that can go into multiple boards, and the + exact kernel to be loaded depends on the machine information + (PRODUCT_NAME etc) passed via the DMI. + +Signed-off-by: David Michael +Reviewed-by: Daniel Kiper +(cherry picked from commit 688023cd0ac4c985fd0e2ec477fcf1ec33a0e49c) +Patch-Name: cherrypick-smbios-module.patch +--- + docs/grub.texi | 75 +++++++ + grub-core/Makefile.core.def | 15 ++ + grub-core/commands/efi/smbios.c | 61 ++++++ + grub-core/commands/i386/pc/smbios.c | 52 +++++ + grub-core/commands/smbios.c | 374 +++++++++++++++++++++++++++++++++++ + grub-core/efiemu/i386/pc/cfgtables.c | 15 +- + include/grub/smbios.h | 69 +++++++ + 7 files changed, 650 insertions(+), 11 deletions(-) + create mode 100644 grub-core/commands/efi/smbios.c + create mode 100644 grub-core/commands/i386/pc/smbios.c + create mode 100644 grub-core/commands/smbios.c + create mode 100644 include/grub/smbios.h + +diff --git a/docs/grub.texi b/docs/grub.texi +index 1baa0fa..d573f32 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -3976,6 +3976,7 @@ you forget a command, you can run the command @command{help} + * sha256sum:: Compute or check SHA256 hash + * sha512sum:: Compute or check SHA512 hash + * sleep:: Wait for a specified number of seconds ++* smbios:: Retrieve SMBIOS information + * source:: Read a configuration file in same context + * test:: Check file types and compare values + * true:: Do nothing, successfully +@@ -5115,6 +5116,80 @@ if timeout was interrupted by @key{ESC}. + @end deffn + + ++@node smbios ++@subsection smbios ++ ++@deffn Command smbios @ ++ [@option{--type} @var{type}] @ ++ [@option{--handle} @var{handle}] @ ++ [@option{--match} @var{match}] @ ++ (@option{--get-byte} | @option{--get-word} | @option{--get-dword} | @ ++ @option{--get-qword} | @option{--get-string} | @option{--get-uuid}) @ ++ @var{offset} @ ++ [@option{--set} @var{variable}] ++Retrieve SMBIOS information. ++ ++The @command{smbios} command returns the value of a field in an SMBIOS ++structure. The following options determine which structure to select. ++ ++@itemize @bullet ++@item ++Specifying @option{--type} will select structures with a matching ++@var{type}. The type can be any integer from 0 to 255. ++@item ++Specifying @option{--handle} will select structures with a matching ++@var{handle}. The handle can be any integer from 0 to 65535. ++@item ++Specifying @option{--match} will select structure number @var{match} in the ++filtered list of structures; e.g. @code{smbios --type 4 --match 2} will select ++the second Process Information (Type 4) structure. The list is always ordered ++the same as the hardware's SMBIOS table. The match number must be a positive ++integer. If unspecified, the first matching structure will be selected. ++@end itemize ++ ++The remaining options determine which field in the selected SMBIOS structure to ++return. Only one of these options may be specified at a time. ++ ++@itemize @bullet ++@item ++When given @option{--get-byte}, return the value of the byte ++at @var{offset} bytes into the selected SMBIOS structure. ++It will be formatted as an unsigned decimal integer. ++@item ++When given @option{--get-word}, return the value of the word (two bytes) ++at @var{offset} bytes into the selected SMBIOS structure. ++It will be formatted as an unsigned decimal integer. ++@item ++When given @option{--get-dword}, return the value of the dword (four bytes) ++at @var{offset} bytes into the selected SMBIOS structure. ++It will be formatted as an unsigned decimal integer. ++@item ++When given @option{--get-qword}, return the value of the qword (eight bytes) ++at @var{offset} bytes into the selected SMBIOS structure. ++It will be formatted as an unsigned decimal integer. ++@item ++When given @option{--get-string}, return the string with its index found ++at @var{offset} bytes into the selected SMBIOS structure. ++@item ++When given @option{--get-uuid}, return the value of the UUID (sixteen bytes) ++at @var{offset} bytes into the selected SMBIOS structure. ++It will be formatted as lower-case hyphenated hexadecimal digits, with the ++first three fields as little-endian, and the rest printed byte-by-byte. ++@end itemize ++ ++The default action is to print the value of the requested field to the console, ++but a variable name can be specified with @option{--set} to store the value ++instead of printing it. ++ ++For example, this will store and then display the system manufacturer's name. ++ ++@example ++smbios --type 1 --get-string 4 --set system_manufacturer ++echo $system_manufacturer ++@end example ++@end deffn ++ ++ + @node source + @subsection source + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 33e7502..9b20f33 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1106,6 +1106,21 @@ module = { + common = commands/sleep.c; + }; + ++module = { ++ name = smbios; ++ ++ common = commands/smbios.c; ++ efi = commands/efi/smbios.c; ++ i386_pc = commands/i386/pc/smbios.c; ++ i386_coreboot = commands/i386/pc/smbios.c; ++ i386_multiboot = commands/i386/pc/smbios.c; ++ ++ enable = efi; ++ enable = i386_pc; ++ enable = i386_coreboot; ++ enable = i386_multiboot; ++}; ++ + module = { + name = suspend; + ieee1275 = commands/ieee1275/suspend.c; +diff --git a/grub-core/commands/efi/smbios.c b/grub-core/commands/efi/smbios.c +new file mode 100644 +index 0000000..75202d5 +--- /dev/null ++++ b/grub-core/commands/efi/smbios.c +@@ -0,0 +1,61 @@ ++/* smbios.c - get smbios tables. */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2019 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++ ++struct grub_smbios_eps * ++grub_machine_smbios_get_eps (void) ++{ ++ unsigned i; ++ static grub_efi_packed_guid_t smbios_guid = GRUB_EFI_SMBIOS_TABLE_GUID; ++ ++ for (i = 0; i < grub_efi_system_table->num_table_entries; i++) ++ { ++ grub_efi_packed_guid_t *guid = ++ &grub_efi_system_table->configuration_table[i].vendor_guid; ++ ++ if (! grub_memcmp (guid, &smbios_guid, sizeof (grub_efi_packed_guid_t))) ++ return (struct grub_smbios_eps *) ++ grub_efi_system_table->configuration_table[i].vendor_table; ++ } ++ ++ return 0; ++} ++ ++struct grub_smbios_eps3 * ++grub_machine_smbios_get_eps3 (void) ++{ ++ unsigned i; ++ static grub_efi_packed_guid_t smbios3_guid = GRUB_EFI_SMBIOS3_TABLE_GUID; ++ ++ for (i = 0; i < grub_efi_system_table->num_table_entries; i++) ++ { ++ grub_efi_packed_guid_t *guid = ++ &grub_efi_system_table->configuration_table[i].vendor_guid; ++ ++ if (! grub_memcmp (guid, &smbios3_guid, sizeof (grub_efi_packed_guid_t))) ++ return (struct grub_smbios_eps3 *) ++ grub_efi_system_table->configuration_table[i].vendor_table; ++ } ++ ++ return 0; ++} +diff --git a/grub-core/commands/i386/pc/smbios.c b/grub-core/commands/i386/pc/smbios.c +new file mode 100644 +index 0000000..069d663 +--- /dev/null ++++ b/grub-core/commands/i386/pc/smbios.c +@@ -0,0 +1,52 @@ ++/* smbios.c - get smbios tables. */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2019 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++ ++struct grub_smbios_eps * ++grub_machine_smbios_get_eps (void) ++{ ++ grub_uint8_t *ptr; ++ ++ grub_dprintf ("smbios", "Looking for SMBIOS EPS. Scanning BIOS\n"); ++ ++ for (ptr = (grub_uint8_t *) 0xf0000; ptr < (grub_uint8_t *) 0x100000; ptr += 16) ++ if (grub_memcmp (ptr, "_SM_", 4) == 0 ++ && grub_byte_checksum (ptr, sizeof (struct grub_smbios_eps)) == 0) ++ return (struct grub_smbios_eps *) ptr; ++ ++ return 0; ++} ++ ++struct grub_smbios_eps3 * ++grub_machine_smbios_get_eps3 (void) ++{ ++ grub_uint8_t *ptr; ++ ++ grub_dprintf ("smbios", "Looking for SMBIOS3 EPS. Scanning BIOS\n"); ++ ++ for (ptr = (grub_uint8_t *) 0xf0000; ptr < (grub_uint8_t *) 0x100000; ptr += 16) ++ if (grub_memcmp (ptr, "_SM3_", 5) == 0 ++ && grub_byte_checksum (ptr, sizeof (struct grub_smbios_eps3)) == 0) ++ return (struct grub_smbios_eps3 *) ptr; ++ ++ return 0; ++} +diff --git a/grub-core/commands/smbios.c b/grub-core/commands/smbios.c +new file mode 100644 +index 0000000..7a6a391 +--- /dev/null ++++ b/grub-core/commands/smbios.c +@@ -0,0 +1,374 @@ ++/* smbios.c - retrieve smbios information. */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2019 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++/* Abstract useful values found in either the SMBIOS3 or SMBIOS EPS. */ ++static struct { ++ grub_addr_t start; ++ grub_addr_t end; ++ grub_uint16_t structures; ++} table_desc; ++ ++static grub_extcmd_t cmd; ++ ++/* Locate the SMBIOS entry point structure depending on the hardware. */ ++struct grub_smbios_eps * ++grub_smbios_get_eps (void) ++{ ++ static struct grub_smbios_eps *eps = NULL; ++ ++ if (eps != NULL) ++ return eps; ++ ++ eps = grub_machine_smbios_get_eps (); ++ ++ return eps; ++} ++ ++/* Locate the SMBIOS3 entry point structure depending on the hardware. */ ++static struct grub_smbios_eps3 * ++grub_smbios_get_eps3 (void) ++{ ++ static struct grub_smbios_eps3 *eps = NULL; ++ ++ if (eps != NULL) ++ return eps; ++ ++ eps = grub_machine_smbios_get_eps3 (); ++ ++ return eps; ++} ++ ++/* ++ * These functions convert values from the various SMBIOS structure field types ++ * into a string formatted to be returned to the user. They expect that the ++ * structure and offset were already validated. When the requested data is ++ * successfully retrieved and formatted, the pointer to the string is returned; ++ * otherwise, NULL is returned on failure. Don't free the result. ++ */ ++ ++static const char * ++grub_smbios_format_byte (const grub_uint8_t *structure, grub_uint8_t offset) ++{ ++ static char buffer[sizeof ("255")]; ++ ++ grub_snprintf (buffer, sizeof (buffer), "%u", structure[offset]); ++ ++ return (const char *)buffer; ++} ++ ++static const char * ++grub_smbios_format_word (const grub_uint8_t *structure, grub_uint8_t offset) ++{ ++ static char buffer[sizeof ("65535")]; ++ ++ grub_uint16_t value = grub_get_unaligned16 (structure + offset); ++ grub_snprintf (buffer, sizeof (buffer), "%u", value); ++ ++ return (const char *)buffer; ++} ++ ++static const char * ++grub_smbios_format_dword (const grub_uint8_t *structure, grub_uint8_t offset) ++{ ++ static char buffer[sizeof ("4294967295")]; ++ ++ grub_uint32_t value = grub_get_unaligned32 (structure + offset); ++ grub_snprintf (buffer, sizeof (buffer), "%" PRIuGRUB_UINT32_T, value); ++ ++ return (const char *)buffer; ++} ++ ++static const char * ++grub_smbios_format_qword (const grub_uint8_t *structure, grub_uint8_t offset) ++{ ++ static char buffer[sizeof ("18446744073709551615")]; ++ ++ grub_uint64_t value = grub_get_unaligned64 (structure + offset); ++ grub_snprintf (buffer, sizeof (buffer), "%" PRIuGRUB_UINT64_T, value); ++ ++ return (const char *)buffer; ++} ++ ++static const char * ++grub_smbios_get_string (const grub_uint8_t *structure, grub_uint8_t offset) ++{ ++ const grub_uint8_t *ptr = structure + structure[1]; ++ const grub_uint8_t *table_end = (const grub_uint8_t *)table_desc.end; ++ const grub_uint8_t referenced_string_number = structure[offset]; ++ grub_uint8_t i; ++ ++ /* A string referenced with zero is interpreted as unset. */ ++ if (referenced_string_number == 0) ++ return NULL; ++ ++ /* Search the string set. */ ++ for (i = 1; *ptr != 0 && ptr < table_end; i++) ++ if (i == referenced_string_number) ++ { ++ const char *str = (const char *)ptr; ++ while (*ptr++ != 0) ++ if (ptr >= table_end) ++ return NULL; /* The string isn't terminated. */ ++ return str; ++ } ++ else ++ while (*ptr++ != 0 && ptr < table_end); ++ ++ /* The string number is greater than the number of strings in the set. */ ++ return NULL; ++} ++ ++static const char * ++grub_smbios_format_uuid (const grub_uint8_t *structure, grub_uint8_t offset) ++{ ++ static char buffer[sizeof ("ffffffff-ffff-ffff-ffff-ffffffffffff")]; ++ const grub_uint8_t *f = structure + offset; /* little-endian fields */ ++ const grub_uint8_t *g = f + 8; /* byte-by-byte fields */ ++ ++ grub_snprintf (buffer, sizeof (buffer), ++ "%02x%02x%02x%02x-%02x%02x-%02x%02x-" ++ "%02x%02x-%02x%02x%02x%02x%02x%02x", ++ f[3], f[2], f[1], f[0], f[5], f[4], f[7], f[6], ++ g[0], g[1], g[2], g[3], g[4], g[5], g[6], g[7]); ++ ++ return (const char *)buffer; ++} ++ ++/* List the field formatting functions and the number of bytes they need. */ ++static const struct { ++ const char *(*format) (const grub_uint8_t *structure, grub_uint8_t offset); ++ grub_uint8_t field_length; ++} field_extractors[] = { ++ {grub_smbios_format_byte, 1}, ++ {grub_smbios_format_word, 2}, ++ {grub_smbios_format_dword, 4}, ++ {grub_smbios_format_qword, 8}, ++ {grub_smbios_get_string, 1}, ++ {grub_smbios_format_uuid, 16} ++}; ++ ++/* List command options, with structure field getters ordered as above. */ ++#define FIRST_GETTER_OPT (3) ++#define SETTER_OPT (FIRST_GETTER_OPT + ARRAY_SIZE(field_extractors)) ++ ++static const struct grub_arg_option options[] = { ++ {"type", 't', 0, N_("Match structures with the given type."), ++ N_("type"), ARG_TYPE_INT}, ++ {"handle", 'h', 0, N_("Match structures with the given handle."), ++ N_("handle"), ARG_TYPE_INT}, ++ {"match", 'm', 0, N_("Select a structure when several match."), ++ N_("match"), ARG_TYPE_INT}, ++ {"get-byte", 'b', 0, N_("Get the byte's value at the given offset."), ++ N_("offset"), ARG_TYPE_INT}, ++ {"get-word", 'w', 0, N_("Get two bytes' value at the given offset."), ++ N_("offset"), ARG_TYPE_INT}, ++ {"get-dword", 'd', 0, N_("Get four bytes' value at the given offset."), ++ N_("offset"), ARG_TYPE_INT}, ++ {"get-qword", 'q', 0, N_("Get eight bytes' value at the given offset."), ++ N_("offset"), ARG_TYPE_INT}, ++ {"get-string", 's', 0, N_("Get the string specified at the given offset."), ++ N_("offset"), ARG_TYPE_INT}, ++ {"get-uuid", 'u', 0, N_("Get the UUID's value at the given offset."), ++ N_("offset"), ARG_TYPE_INT}, ++ {"set", '\0', 0, N_("Store the value in the given variable name."), ++ N_("variable"), ARG_TYPE_STRING}, ++ {0, 0, 0, 0, 0, 0} ++}; ++ ++/* ++ * Return a matching SMBIOS structure. ++ * ++ * This method can use up to three criteria for selecting a structure: ++ * - The "type" field (use -1 to ignore) ++ * - The "handle" field (use -1 to ignore) ++ * - Which to return if several match (use 0 to ignore) ++ * ++ * The return value is a pointer to the first matching structure. If no ++ * structures match the given parameters, NULL is returned. ++ */ ++static const grub_uint8_t * ++grub_smbios_match_structure (const grub_int16_t type, ++ const grub_int32_t handle, ++ const grub_uint16_t match) ++{ ++ const grub_uint8_t *ptr = (const grub_uint8_t *)table_desc.start; ++ const grub_uint8_t *table_end = (const grub_uint8_t *)table_desc.end; ++ grub_uint16_t structures = table_desc.structures; ++ grub_uint16_t structure_count = 0; ++ grub_uint16_t matches = 0; ++ ++ while (ptr < table_end ++ && ptr[1] >= 4 /* Valid structures include the 4-byte header. */ ++ && (structure_count++ < structures || structures == 0)) ++ { ++ grub_uint16_t structure_handle = grub_get_unaligned16 (ptr + 2); ++ grub_uint8_t structure_type = ptr[0]; ++ ++ if ((handle < 0 || handle == structure_handle) ++ && (type < 0 || type == structure_type) ++ && (match == 0 || match == ++matches)) ++ return ptr; ++ else ++ { ++ ptr += ptr[1]; ++ while ((*ptr++ != 0 || *ptr++ != 0) && ptr < table_end); ++ } ++ ++ if (structure_type == GRUB_SMBIOS_TYPE_END_OF_TABLE) ++ break; ++ } ++ ++ return NULL; ++} ++ ++static grub_err_t ++grub_cmd_smbios (grub_extcmd_context_t ctxt, ++ int argc __attribute__ ((unused)), ++ char **argv __attribute__ ((unused))) ++{ ++ struct grub_arg_list *state = ctxt->state; ++ ++ grub_int16_t type = -1; ++ grub_int32_t handle = -1; ++ grub_uint16_t match = 0; ++ grub_uint8_t offset = 0; ++ ++ const grub_uint8_t *structure; ++ const char *value; ++ grub_int32_t option; ++ grub_int8_t field_type = -1; ++ grub_uint8_t i; ++ ++ if (table_desc.start == 0) ++ return grub_error (GRUB_ERR_IO, ++ N_("the SMBIOS entry point structure was not found")); ++ ++ /* Read the given filtering options. */ ++ if (state[0].set) ++ { ++ option = grub_strtol (state[0].arg, NULL, 0); ++ if (option < 0 || option > 255) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("the type must be between 0 and 255")); ++ type = (grub_int16_t)option; ++ } ++ if (state[1].set) ++ { ++ option = grub_strtol (state[1].arg, NULL, 0); ++ if (option < 0 || option > 65535) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("the handle must be between 0 and 65535")); ++ handle = (grub_int32_t)option; ++ } ++ if (state[2].set) ++ { ++ option = grub_strtol (state[2].arg, NULL, 0); ++ if (option <= 0 || option > 65535) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("the match must be a positive integer")); ++ match = (grub_uint16_t)option; ++ } ++ ++ /* Determine the data type of the structure field to retrieve. */ ++ for (i = 0; i < ARRAY_SIZE(field_extractors); i++) ++ if (state[FIRST_GETTER_OPT + i].set) ++ { ++ if (field_type >= 0) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("only one --get option is usable at a time")); ++ field_type = i; ++ } ++ ++ /* Require a choice of a structure field to return. */ ++ if (field_type < 0) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("one of the --get options is required")); ++ ++ /* Locate a matching SMBIOS structure. */ ++ structure = grub_smbios_match_structure (type, handle, match); ++ if (structure == NULL) ++ return grub_error (GRUB_ERR_IO, ++ N_("no structure matched the given options")); ++ ++ /* Ensure the requested byte offset is inside the structure. */ ++ option = grub_strtol (state[FIRST_GETTER_OPT + field_type].arg, NULL, 0); ++ if (option < 0 || option >= structure[1]) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, ++ N_("the given offset is outside the structure")); ++ ++ /* Ensure the requested data type at the offset is inside the structure. */ ++ offset = (grub_uint8_t)option; ++ if (offset + field_extractors[field_type].field_length > structure[1]) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, ++ N_("the field ends outside the structure")); ++ ++ /* Format the requested structure field into a readable string. */ ++ value = field_extractors[field_type].format (structure, offset); ++ if (value == NULL) ++ return grub_error (GRUB_ERR_IO, ++ N_("failed to retrieve the structure field")); ++ ++ /* Store or print the formatted value. */ ++ if (state[SETTER_OPT].set) ++ grub_env_set (state[SETTER_OPT].arg, value); ++ else ++ grub_printf ("%s\n", value); ++ ++ return GRUB_ERR_NONE; ++} ++ ++GRUB_MOD_INIT(smbios) ++{ ++ struct grub_smbios_eps3 *eps3; ++ struct grub_smbios_eps *eps; ++ ++ if ((eps3 = grub_smbios_get_eps3 ())) ++ { ++ table_desc.start = (grub_addr_t)eps3->table_address; ++ table_desc.end = table_desc.start + eps3->maximum_table_length; ++ table_desc.structures = 0; /* SMBIOS3 drops the structure count. */ ++ } ++ else if ((eps = grub_smbios_get_eps ())) ++ { ++ table_desc.start = (grub_addr_t)eps->intermediate.table_address; ++ table_desc.end = table_desc.start + eps->intermediate.table_length; ++ table_desc.structures = eps->intermediate.structures; ++ } ++ ++ cmd = grub_register_extcmd ("smbios", grub_cmd_smbios, 0, ++ N_("[-t type] [-h handle] [-m match] " ++ "(-b|-w|-d|-q|-s|-u) offset " ++ "[--set variable]"), ++ N_("Retrieve SMBIOS information."), options); ++} ++ ++GRUB_MOD_FINI(smbios) ++{ ++ grub_unregister_extcmd (cmd); ++} +diff --git a/grub-core/efiemu/i386/pc/cfgtables.c b/grub-core/efiemu/i386/pc/cfgtables.c +index 492c07c..e5fffb7 100644 +--- a/grub-core/efiemu/i386/pc/cfgtables.c ++++ b/grub-core/efiemu/i386/pc/cfgtables.c +@@ -22,11 +22,11 @@ + #include + #include + #include ++#include + + grub_err_t + grub_machine_efiemu_init_tables (void) + { +- grub_uint8_t *ptr; + void *table; + grub_err_t err; + grub_efi_guid_t smbios = GRUB_EFI_SMBIOS_TABLE_GUID; +@@ -57,17 +57,10 @@ grub_machine_efiemu_init_tables (void) + if (err) + return err; + } +- +- for (ptr = (grub_uint8_t *) 0xf0000; ptr < (grub_uint8_t *) 0x100000; +- ptr += 16) +- if (grub_memcmp (ptr, "_SM_", 4) == 0 +- && grub_byte_checksum (ptr, *(ptr + 5)) == 0) +- break; +- +- if (ptr < (grub_uint8_t *) 0x100000) ++ table = grub_smbios_get_eps (); ++ if (table) + { +- grub_dprintf ("efiemu", "Registering SMBIOS\n"); +- err = grub_efiemu_register_configuration_table (smbios, 0, 0, ptr); ++ err = grub_efiemu_register_configuration_table (smbios, 0, 0, table); + if (err) + return err; + } +diff --git a/include/grub/smbios.h b/include/grub/smbios.h +new file mode 100644 +index 0000000..15ec260 +--- /dev/null ++++ b/include/grub/smbios.h +@@ -0,0 +1,69 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2019 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_SMBIOS_HEADER ++#define GRUB_SMBIOS_HEADER 1 ++ ++#include ++#include ++ ++#define GRUB_SMBIOS_TYPE_END_OF_TABLE ((grub_uint8_t)127) ++ ++struct grub_smbios_ieps ++{ ++ grub_uint8_t anchor[5]; /* "_DMI_" */ ++ grub_uint8_t checksum; ++ grub_uint16_t table_length; ++ grub_uint32_t table_address; ++ grub_uint16_t structures; ++ grub_uint8_t revision; ++} GRUB_PACKED; ++ ++struct grub_smbios_eps ++{ ++ grub_uint8_t anchor[4]; /* "_SM_" */ ++ grub_uint8_t checksum; ++ grub_uint8_t length; /* 0x1f */ ++ grub_uint8_t version_major; ++ grub_uint8_t version_minor; ++ grub_uint16_t maximum_structure_size; ++ grub_uint8_t revision; ++ grub_uint8_t formatted[5]; ++ struct grub_smbios_ieps intermediate; ++} GRUB_PACKED; ++ ++struct grub_smbios_eps3 ++{ ++ grub_uint8_t anchor[5]; /* "_SM3_" */ ++ grub_uint8_t checksum; ++ grub_uint8_t length; /* 0x18 */ ++ grub_uint8_t version_major; ++ grub_uint8_t version_minor; ++ grub_uint8_t docrev; ++ grub_uint8_t revision; ++ grub_uint8_t reserved; ++ grub_uint32_t maximum_table_length; ++ grub_uint64_t table_address; ++} GRUB_PACKED; ++ ++extern struct grub_smbios_eps *grub_machine_smbios_get_eps (void); ++extern struct grub_smbios_eps3 *grub_machine_smbios_get_eps3 (void); ++ ++extern struct grub_smbios_eps *EXPORT_FUNC (grub_smbios_get_eps) (void); ++ ++#endif /* ! GRUB_SMBIOS_HEADER */ diff --git a/debian/patches/core-in-fs.patch b/debian/patches/core-in-fs.patch index 1ba3b4b81..a36a93eb9 100644 --- a/debian/patches/core-in-fs.patch +++ b/debian/patches/core-in-fs.patch @@ -1,4 +1,3 @@ -From d7e4bea95adfdbc80f574e154a62a383bbbeb5d6 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:12:51 +0000 Subject: Write marker if core.img was written to filesystem @@ -11,7 +10,7 @@ Patch-Name: core-in-fs.patch 1 file changed, 8 insertions(+) diff --git a/util/setup.c b/util/setup.c -index 6f88f3cc4..fbdf2fcc5 100644 +index 6f88f3c..fbdf2fc 100644 --- a/util/setup.c +++ b/util/setup.c @@ -58,6 +58,8 @@ diff --git a/debian/patches/default-grub-d.patch b/debian/patches/default-grub-d.patch index cb95f70e3..0baba4f1d 100644 --- a/debian/patches/default-grub-d.patch +++ b/debian/patches/default-grub-d.patch @@ -1,4 +1,3 @@ -From 413121ddac2aa1484b0dc6fd3a32aad0d417aa80 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:10 +0000 Subject: Read /etc/default/grub.d/*.cfg after /etc/default/grub @@ -9,12 +8,12 @@ Last-Update: 2014-01-28 Patch-Name: default-grub-d.patch --- - grub-core/osdep/unix/config.c | 114 +++++++++++++++++++++++++++------- + grub-core/osdep/unix/config.c | 114 ++++++++++++++++++++++++++++++++++-------- util/grub-mkconfig.in | 5 ++ 2 files changed, 98 insertions(+), 21 deletions(-) diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c -index 65effa9f3..5478030fd 100644 +index 65effa9..5478030 100644 --- a/grub-core/osdep/unix/config.c +++ b/grub-core/osdep/unix/config.c @@ -24,6 +24,8 @@ @@ -178,7 +177,7 @@ index 65effa9f3..5478030fd 100644 + free (cfgdir); } diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index b506d63bf..d18bf972f 100644 +index b506d63..d18bf97 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -164,6 +164,11 @@ fi diff --git a/debian/patches/disable-floppies.patch b/debian/patches/disable-floppies.patch index 7d4835e13..539374e69 100644 --- a/debian/patches/disable-floppies.patch +++ b/debian/patches/disable-floppies.patch @@ -1,4 +1,3 @@ -From 42e4cfb46a2a617eb7dc1526700ab6015710222e Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:12:54 +0000 Subject: Disable use of floppy devices @@ -13,7 +12,7 @@ Patch-Name: disable-floppies.patch 1 file changed, 12 insertions(+) diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c -index e9ec680cd..8ac523953 100644 +index e9ec680..8ac5239 100644 --- a/grub-core/kern/emu/hostdisk.c +++ b/grub-core/kern/emu/hostdisk.c @@ -532,6 +532,18 @@ read_device_map (const char *dev_map) diff --git a/debian/patches/dpkg-version-comparison.patch b/debian/patches/dpkg-version-comparison.patch index 86e5c7ea6..71eef634a 100644 --- a/debian/patches/dpkg-version-comparison.patch +++ b/debian/patches/dpkg-version-comparison.patch @@ -1,4 +1,3 @@ -From 89a5bb08600e06c33e44a14b1997af3efc98782b Mon Sep 17 00:00:00 2001 From: Robert Millan Date: Mon, 13 Jan 2014 12:12:52 +0000 Subject: Improve handling of Debian kernel version numbers @@ -12,7 +11,7 @@ Patch-Name: dpkg-version-comparison.patch 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index 0f801cab3..b6606c16e 100644 +index 0f801ca..b6606c1 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -239,8 +239,9 @@ version_test_numeric () diff --git a/debian/patches/efi-variable-storage-minimise-writes.patch b/debian/patches/efi-variable-storage-minimise-writes.patch index 1a757096a..a14c1435f 100644 --- a/debian/patches/efi-variable-storage-minimise-writes.patch +++ b/debian/patches/efi-variable-storage-minimise-writes.patch @@ -1,4 +1,3 @@ -From 4746efb5deb68fb95ea5b172fef043a03c0532b7 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 11 Mar 2019 11:17:43 +0000 Subject: Minimise writes to EFI variable storage @@ -51,8 +50,8 @@ Patch-Name: efi-variable-storage-minimise-writes.patch Makefile.util.def | 20 ++ configure.ac | 12 + grub-core/osdep/efivar.c | 3 + - grub-core/osdep/unix/efivar.c | 508 ++++++++++++++++++++++++++++++++ - grub-core/osdep/unix/platform.c | 100 +------ + grub-core/osdep/unix/efivar.c | 508 ++++++++++++++++++++++++++++++++++++++++ + grub-core/osdep/unix/platform.c | 100 +------- include/grub/util/install.h | 5 + util/grub-install.c | 4 +- 8 files changed, 562 insertions(+), 95 deletions(-) @@ -60,7 +59,7 @@ Patch-Name: efi-variable-storage-minimise-writes.patch create mode 100644 grub-core/osdep/unix/efivar.c diff --git a/INSTALL b/INSTALL -index 8acb40902..342c158e9 100644 +index 8acb409..342c158 100644 --- a/INSTALL +++ b/INSTALL @@ -41,6 +41,11 @@ configuring the GRUB. @@ -76,10 +75,10 @@ index 8acb40902..342c158e9 100644 * libdevmapper 1.02.34 or later (recommended) diff --git a/Makefile.util.def b/Makefile.util.def -index 8a24b23f0..59e41423b 100644 +index ce133e6..504d1c0 100644 --- a/Makefile.util.def +++ b/Makefile.util.def -@@ -558,6 +558,8 @@ program = { +@@ -565,6 +565,8 @@ program = { common = grub-core/osdep/compress.c; extra_dist = grub-core/osdep/unix/compress.c; extra_dist = grub-core/osdep/basic/compress.c; @@ -88,7 +87,7 @@ index 8a24b23f0..59e41423b 100644 common = util/editenv.c; common = grub-core/osdep/blocklist.c; common = grub-core/osdep/config.c; -@@ -571,12 +573,15 @@ program = { +@@ -578,12 +580,15 @@ program = { common = grub-core/kern/emu/argp_common.c; common = grub-core/osdep/init.c; @@ -104,7 +103,7 @@ index 8a24b23f0..59e41423b 100644 condition = COND_HAVE_EXEC; }; -@@ -605,6 +610,8 @@ program = { +@@ -612,6 +617,8 @@ program = { extra_dist = grub-core/osdep/basic/no_platform.c; extra_dist = grub-core/osdep/unix/platform.c; common = grub-core/osdep/compress.c; @@ -113,7 +112,7 @@ index 8a24b23f0..59e41423b 100644 common = util/editenv.c; common = grub-core/osdep/blocklist.c; common = grub-core/osdep/config.c; -@@ -618,12 +625,15 @@ program = { +@@ -625,12 +632,15 @@ program = { common = grub-core/kern/emu/argp_common.c; common = grub-core/osdep/init.c; @@ -129,7 +128,7 @@ index 8a24b23f0..59e41423b 100644 }; program = { -@@ -645,6 +655,8 @@ program = { +@@ -652,6 +662,8 @@ program = { common = grub-core/osdep/platform.c; common = grub-core/osdep/platform_unix.c; common = grub-core/osdep/compress.c; @@ -138,7 +137,7 @@ index 8a24b23f0..59e41423b 100644 common = util/editenv.c; common = grub-core/osdep/blocklist.c; common = grub-core/osdep/config.c; -@@ -657,12 +669,15 @@ program = { +@@ -664,12 +676,15 @@ program = { common = grub-core/kern/emu/argp_common.c; common = grub-core/osdep/init.c; @@ -154,7 +153,7 @@ index 8a24b23f0..59e41423b 100644 }; program = { -@@ -684,6 +699,8 @@ program = { +@@ -691,6 +706,8 @@ program = { common = grub-core/osdep/platform.c; common = grub-core/osdep/platform_unix.c; common = grub-core/osdep/compress.c; @@ -163,7 +162,7 @@ index 8a24b23f0..59e41423b 100644 common = util/editenv.c; common = grub-core/osdep/blocklist.c; common = grub-core/osdep/config.c; -@@ -693,12 +710,15 @@ program = { +@@ -700,12 +717,15 @@ program = { common = grub-core/kern/emu/argp_common.c; common = grub-core/osdep/init.c; @@ -180,7 +179,7 @@ index 8a24b23f0..59e41423b 100644 script = { diff --git a/configure.ac b/configure.ac -index e382c7480..883245553 100644 +index e382c74..8832455 100644 --- a/configure.ac +++ b/configure.ac @@ -443,6 +443,18 @@ AC_CHECK_HEADER([util.h], [ @@ -204,7 +203,7 @@ index e382c7480..883245553 100644 CFLAGS="$HOST_CFLAGS -Wtrampolines -Werror" diff --git a/grub-core/osdep/efivar.c b/grub-core/osdep/efivar.c new file mode 100644 -index 000000000..d2750e252 +index 0000000..d2750e2 --- /dev/null +++ b/grub-core/osdep/efivar.c @@ -0,0 +1,3 @@ @@ -213,7 +212,7 @@ index 000000000..d2750e252 +#endif diff --git a/grub-core/osdep/unix/efivar.c b/grub-core/osdep/unix/efivar.c new file mode 100644 -index 000000000..4a58328b4 +index 0000000..4a58328 --- /dev/null +++ b/grub-core/osdep/unix/efivar.c @@ -0,0 +1,508 @@ @@ -726,7 +725,7 @@ index 000000000..4a58328b4 + +#endif /* HAVE_EFIVAR */ diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index 9c439326a..b561174ea 100644 +index 9c43932..b561174 100644 --- a/grub-core/osdep/unix/platform.c +++ b/grub-core/osdep/unix/platform.c @@ -19,15 +19,12 @@ @@ -856,7 +855,7 @@ index 9c439326a..b561174ea 100644 void diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 8aeb5c4f2..a521f1663 100644 +index 8aeb5c4..a521f16 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -219,6 +219,11 @@ grub_install_get_default_x86_platform (void); @@ -872,10 +871,10 @@ index 8aeb5c4f2..a521f1663 100644 grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efifile_path, diff --git a/util/grub-install.c b/util/grub-install.c -index 6462d3c70..d66de7f8e 100644 +index 4bad8de..63462e4 100644 --- a/util/grub-install.c +++ b/util/grub-install.c -@@ -2059,7 +2059,7 @@ main (int argc, char *argv[]) +@@ -2084,7 +2084,7 @@ main (int argc, char *argv[]) "\\System\\Library\\CoreServices", efi_distributor); if (ret) @@ -884,7 +883,7 @@ index 6462d3c70..d66de7f8e 100644 strerror (ret)); } -@@ -2173,7 +2173,7 @@ main (int argc, char *argv[]) +@@ -2201,7 +2201,7 @@ main (int argc, char *argv[]) ret = grub_install_register_efi (efidir_grub_dev, efifile_path, efi_distributor); if (ret) diff --git a/debian/patches/efinet-set-dns-from-uefi-proto.patch b/debian/patches/efinet-set-dns-from-uefi-proto.patch index 016ff5b4d..7ec95aba2 100644 --- a/debian/patches/efinet-set-dns-from-uefi-proto.patch +++ b/debian/patches/efinet-set-dns-from-uefi-proto.patch @@ -1,4 +1,3 @@ -From 2a8c1fc36074fe7ac673839c5434e7e2f1498cd3 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:43:21 -0400 Subject: efinet: Setting DNS server from UEFI protocol @@ -30,12 +29,12 @@ Signed-off-by: Ken Lin Patch-Name: efinet-set-dns-from-uefi-proto.patch --- - grub-core/net/drivers/efi/efinet.c | 163 +++++++++++++++++++++++++++++ - include/grub/efi/api.h | 76 ++++++++++++++ + grub-core/net/drivers/efi/efinet.c | 163 +++++++++++++++++++++++++++++++++++++ + include/grub/efi/api.h | 76 +++++++++++++++++ 2 files changed, 239 insertions(+) diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 2d3b00f0e..82a28fb6e 100644 +index 2d3b00f..82a28fb 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -30,6 +30,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); @@ -244,7 +243,7 @@ index 2d3b00f0e..82a28fb6e 100644 } diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index 664cea37b..75befd10e 100644 +index 664cea3..75befd1 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -334,6 +334,16 @@ diff --git a/debian/patches/efinet-set-network-from-uefi-devpath.patch b/debian/patches/efinet-set-network-from-uefi-devpath.patch index 0af7fed27..4e0f6a8e8 100644 --- a/debian/patches/efinet-set-network-from-uefi-devpath.patch +++ b/debian/patches/efinet-set-network-from-uefi-devpath.patch @@ -1,4 +1,3 @@ -From 9ac73ba5acca6446e278cdff274ef679783d9919 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:43:05 -0400 Subject: efinet: Setting network from UEFI device path @@ -29,12 +28,12 @@ Signed-off-by: Ken Lin Patch-Name: efinet-set-network-from-uefi-devpath.patch --- - grub-core/net/drivers/efi/efinet.c | 268 ++++++++++++++++++++++++++++- + grub-core/net/drivers/efi/efinet.c | 268 +++++++++++++++++++++++++++++++++++-- include/grub/efi/api.h | 11 ++ 2 files changed, 270 insertions(+), 9 deletions(-) diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index fc90415f2..2d3b00f0e 100644 +index fc90415..2d3b00f 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -23,6 +23,7 @@ @@ -358,7 +357,7 @@ index fc90415f2..2d3b00f0e 100644 } } diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index ca6cdc159..664cea37b 100644 +index ca6cdc1..664cea3 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -825,6 +825,8 @@ struct grub_efi_ipv4_device_path diff --git a/debian/patches/efinet-uefi-ipv6-pxe-support.patch b/debian/patches/efinet-uefi-ipv6-pxe-support.patch index 6c2b4fba1..96b9d9dc2 100644 --- a/debian/patches/efinet-uefi-ipv6-pxe-support.patch +++ b/debian/patches/efinet-uefi-ipv6-pxe-support.patch @@ -1,4 +1,3 @@ -From 36a71e2c21b5cdfb93617dc4faff628672e9a2b7 Mon Sep 17 00:00:00 2001 From: Michael Chang Date: Thu, 27 Oct 2016 17:41:21 -0400 Subject: efinet: UEFI IPv6 PXE support @@ -12,12 +11,12 @@ Signed-off-by: Ken Lin Patch-Name: efinet-uefi-ipv6-pxe-support.patch --- - grub-core/net/drivers/efi/efinet.c | 24 ++++++++++--- - include/grub/efi/api.h | 55 +++++++++++++++++++++++++++++- + grub-core/net/drivers/efi/efinet.c | 24 +++++++++++++---- + include/grub/efi/api.h | 55 +++++++++++++++++++++++++++++++++++++- 2 files changed, 73 insertions(+), 6 deletions(-) diff --git a/grub-core/net/drivers/efi/efinet.c b/grub-core/net/drivers/efi/efinet.c -index 5388f952b..fc90415f2 100644 +index 5388f95..fc90415 100644 --- a/grub-core/net/drivers/efi/efinet.c +++ b/grub-core/net/drivers/efi/efinet.c @@ -378,11 +378,25 @@ grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, @@ -52,7 +51,7 @@ index 5388f952b..fc90415f2 100644 } } diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h -index addcbfa8f..ca6cdc159 100644 +index addcbfa..ca6cdc1 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -1452,14 +1452,67 @@ typedef struct grub_efi_simple_text_output_interface grub_efi_simple_text_output diff --git a/debian/patches/fix-lockdown.patch b/debian/patches/fix-lockdown.patch deleted file mode 100644 index 2c4e20be3..000000000 --- a/debian/patches/fix-lockdown.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 5f17e85530102bc92cb09796d878d6e399a4986d Mon Sep 17 00:00:00 2001 -From: Luca Boccassi -Date: Tue, 15 May 2018 11:36:46 +0100 -Subject: Do not overwrite sentinel byte in boot_params, breaks lockdown - -grub currently copies the entire boot_params, which includes setting -sentinel byte to 0xff, which triggers sanitize_boot_params in the kernel -which in turn clears various boot_params variables, including the -indication that the bootloader chain is verified and thus the kernel -disables lockdown mode. According to the information on the Fedora bug -tracker, only the information from byte 0x1f1 is necessary, so start -copying from there instead. - -Author: Luca Boccassi -Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1418360 -Forwarded: no - -Patch-Name: fix-lockdown.patch ---- - grub-core/loader/i386/efi/linux.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 16372a0c8..34605dfed 100644 ---- a/grub-core/loader/i386/efi/linux.c -+++ b/grub-core/loader/i386/efi/linux.c -@@ -28,6 +28,7 @@ - #include - #include - #include -+#include - - GRUB_MOD_LICENSE ("GPLv3+"); - -@@ -334,7 +335,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - lh.code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; - } - -- grub_memcpy (params, &lh, 2 * 512); -+ /* do not overwrite below boot_params->hdr to avoid setting the sentinel byte */ -+ start = offsetof (struct linux_kernel_params, setup_sects); -+ grub_memcpy ((grub_uint8_t *)params + start, (grub_uint8_t *)&lh + start, 2 * 512 - start); - - params->type_of_loader = 0x21; - diff --git a/debian/patches/gettext-quiet.patch b/debian/patches/gettext-quiet.patch index 09977de4b..5461f1971 100644 --- a/debian/patches/gettext-quiet.patch +++ b/debian/patches/gettext-quiet.patch @@ -1,4 +1,3 @@ -From 5264381cd94fc29aea05e50654df364e131e777f Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:02 +0000 Subject: Silence error messages when translations are unavailable @@ -13,7 +12,7 @@ Patch-Name: gettext-quiet.patch 1 file changed, 5 insertions(+) diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c -index 4d02e62c1..2a19389f2 100644 +index 4d02e62..2a19389 100644 --- a/grub-core/gettext/gettext.c +++ b/grub-core/gettext/gettext.c @@ -427,6 +427,11 @@ grub_gettext_init_ext (struct grub_gettext_context *ctx, diff --git a/debian/patches/gfxpayload-dynamic.patch b/debian/patches/gfxpayload-dynamic.patch index fc222d2ce..e48d6e859 100644 --- a/debian/patches/gfxpayload-dynamic.patch +++ b/debian/patches/gfxpayload-dynamic.patch @@ -1,4 +1,3 @@ -From bff220e7e6189f09678b9a25e9e92fc65b327268 Mon Sep 17 00:00:00 2001 From: Evan Broder Date: Mon, 13 Jan 2014 12:13:29 +0000 Subject: Add configure option to enable gfxpayload=keep dynamically @@ -13,16 +12,17 @@ Last-Update: 2019-05-25 Patch-Name: gfxpayload-dynamic.patch --- - configure.ac | 11 ++ + configure.ac | 11 +++ grub-core/Makefile.core.def | 8 ++ - grub-core/commands/i386/pc/hwmatch.c | 146 +++++++++++++++++++++++++++ + grub-core/commands/i386/pc/hwmatch.c | 146 +++++++++++++++++++++++++++++++++++ include/grub/file.h | 1 + - util/grub.d/10_linux.in | 37 ++++++- - 5 files changed, 200 insertions(+), 3 deletions(-) + util/grub.d/10_linux.in | 37 ++++++++- + util/grub.d/10_linux_zfs.in | 46 ++++++++++- + 6 files changed, 243 insertions(+), 6 deletions(-) create mode 100644 grub-core/commands/i386/pc/hwmatch.c diff --git a/configure.ac b/configure.ac -index 7dda5bb32..dbc429ce0 100644 +index 7dda5bb..dbc429c 100644 --- a/configure.ac +++ b/configure.ac @@ -1879,6 +1879,17 @@ else @@ -44,7 +44,7 @@ index 7dda5bb32..dbc429ce0 100644 AC_SUBST([FONT_SOURCE]) diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 67a98abbb..836bf0a59 100644 +index 474a63e..aadb4cd 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -971,6 +971,14 @@ module = { @@ -64,7 +64,7 @@ index 67a98abbb..836bf0a59 100644 common = commands/keystatus.c; diff --git a/grub-core/commands/i386/pc/hwmatch.c b/grub-core/commands/i386/pc/hwmatch.c new file mode 100644 -index 000000000..6de07cecc +index 0000000..6de07ce --- /dev/null +++ b/grub-core/commands/i386/pc/hwmatch.c @@ -0,0 +1,146 @@ @@ -215,7 +215,7 @@ index 000000000..6de07cecc + grub_unregister_command (cmd); +} diff --git a/include/grub/file.h b/include/grub/file.h -index 31567483c..e3c4cae2b 100644 +index 3156748..e3c4cae 100644 --- a/include/grub/file.h +++ b/include/grub/file.h @@ -122,6 +122,7 @@ enum grub_file_type @@ -227,7 +227,7 @@ index 31567483c..e3c4cae2b 100644 GRUB_FILE_TYPE_LOADENV, GRUB_FILE_TYPE_SAVEENV, diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 51cdb5e1d..2f5217358 100644 +index 2be66c7..09393c2 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -23,6 +23,7 @@ datarootdir="@datarootdir@" @@ -238,7 +238,7 @@ index 51cdb5e1d..2f5217358 100644 . "$pkgdatadir/grub-mkconfig_lib" -@@ -145,9 +146,10 @@ linux_entry () +@@ -149,9 +150,10 @@ linux_entry () if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then echo " load_video" | sed "s/^/$submenu_indentation/" fi @@ -252,7 +252,7 @@ index 51cdb5e1d..2f5217358 100644 fi echo " insmod gzio" | sed "s/^/$submenu_indentation/" -@@ -226,6 +228,35 @@ prepare_root_cache= +@@ -230,6 +232,35 @@ prepare_root_cache= boot_device_id= title_correction_code= @@ -288,3 +288,81 @@ index 51cdb5e1d..2f5217358 100644 # Extra indentation to add to menu entries in a submenu. We're not in a submenu # yet, so it's empty. In a submenu it will be equal to '\t' (one tab). submenu_indentation="" +diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in +index ec4b49d..8cd7d12 100755 +--- a/util/grub.d/10_linux_zfs.in ++++ b/util/grub.d/10_linux_zfs.in +@@ -22,6 +22,7 @@ datarootdir="@datarootdir@" + ubuntu_recovery="@UBUNTU_RECOVERY@" + quiet_boot="@QUIET_BOOT@" + quick_boot="@QUICK_BOOT@" ++gfxpayload_dynamic="@GFXPAYLOAD_DYNAMIC@" + + . "${pkgdatadir}/grub-mkconfig_lib" + +@@ -716,6 +717,41 @@ generate_grub_menu_metadata() { + done + } + ++# Print the configuration part common to all sections ++# Note: ++# If 10_linux runs these part will be defined twice in grub configuration ++print_menu_prologue() { ++ # Use ELILO's generic "efifb" when it's known to be available. ++ # FIXME: We need an interface to select vesafb in case efifb can't be used. ++ GRUB_GFXPAYLOAD_LINUX="${GRUB_GFXPAYLOAD_LINUX:-}" ++ if [ "${GRUB_GFXPAYLOAD_LINUX}" != "" ] || [ "${gfxpayload_dynamic}" = 0 ]; then ++ echo "set linux_gfx_mode=${GRUB_GFXPAYLOAD_LINUX}" ++ else ++ cat << EOF ++if [ "\${recordfail}" != 1 ]; then ++ if [ -e \${prefix}/gfxblacklist.txt ]; then ++ if hwmatch \${prefix}/gfxblacklist.txt 3; then ++ if [ \${match} = 0 ]; then ++ set linux_gfx_mode=keep ++ else ++ set linux_gfx_mode=text ++ fi ++ else ++ set linux_gfx_mode=text ++ fi ++ else ++ set linux_gfx_mode=keep ++ fi ++else ++ set linux_gfx_mode=text ++fi ++EOF ++ fi ++ cat << EOF ++export linux_gfx_mode ++EOF ++} ++ + # Cache for prepare_grub_to_access_device call + # $1: boot_device + # $2: submenu_level +@@ -776,9 +812,11 @@ zfs_linux_entry () { + if [ "${GRUB_GFXPAYLOAD_LINUX}" != "text" ]; then + echo "${submenu_indentation} load_video" + fi +- if [ "${ubuntu_recovery}" = 0 ] || [ "${type}" != "recovery" ]; then +- echo "${submenu_indentation} set gfxpayload=\${linux_gfx_mode}" +- fi ++ fi ++ ++ if ([ "${ubuntu_recovery}" = 0 ] || [ "${type}" != "recovery" ]) && \ ++ ([ "${GRUB_GFXPAYLOAD_LINUX}" != "" ] || [ "${gfxpayload_dynamic}" = 1 ]); then ++ echo "${submenu_indentation} set gfxpayload=\${linux_gfx_mode}" + fi + + echo "${submenu_indentation} insmod gzio" +@@ -841,6 +879,8 @@ generate_grub_menu() { + GRUB_CMDLINE_LINUX_RECOVERY="${GRUB_CMDLINE_LINUX_RECOVERY} nomodeset" + fi + ++ print_menu_prologue ++ + # IFS is set to TAB (ASCII 0x09) + echo "${menu_metadata}" | + { diff --git a/debian/patches/gfxpayload-keep-default.patch b/debian/patches/gfxpayload-keep-default.patch index 4ef95cfd8..d350a60a2 100644 --- a/debian/patches/gfxpayload-keep-default.patch +++ b/debian/patches/gfxpayload-keep-default.patch @@ -1,6 +1,5 @@ -From d768f3c486db716fe662b32afc1327f27fad012b Mon Sep 17 00:00:00 2001 -From: Colin Watson -Date: Mon, 13 Jan 2014 12:12:57 +0000 +From: Didier Roche +Date: Tue, 31 Mar 2020 15:09:45 +0200 Subject: Disable gfxpayload=keep by default Setting gfxpayload=keep has been known to cause efifb to be @@ -19,14 +18,15 @@ Last-Update: 2013-12-25 Patch-Name: gfxpayload-keep-default.patch --- - util/grub.d/10_linux.in | 4 ---- - 1 file changed, 4 deletions(-) + util/grub.d/10_linux.in | 4 ---- + util/grub.d/10_linux_zfs.in | 4 ---- + 2 files changed, 8 deletions(-) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 4532266be..dd5a60c71 100644 +index a750966..f839b3b 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in -@@ -114,10 +114,6 @@ linux_entry () +@@ -118,10 +118,6 @@ linux_entry () # FIXME: We need an interface to select vesafb in case efifb can't be used. if [ "x$GRUB_GFXPAYLOAD_LINUX" = x ]; then echo " load_video" | sed "s/^/$submenu_indentation/" @@ -37,3 +37,18 @@ index 4532266be..dd5a60c71 100644 else if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then echo " load_video" | sed "s/^/$submenu_indentation/" +diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in +index 5ec65fa..b24587f 100755 +--- a/util/grub.d/10_linux_zfs.in ++++ b/util/grub.d/10_linux_zfs.in +@@ -744,10 +744,6 @@ zfs_linux_entry () { + # FIXME: We need an interface to select vesafb in case efifb can't be used. + if [ "${GRUB_GFXPAYLOAD_LINUX}" = "" ]; then + echo "${submenu_indentation} load_video" +- if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \ +- && grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2> /dev/null; then +- echo "${submenu_indentation} set gfxpayload=keep" +- fi + else + if [ "${GRUB_GFXPAYLOAD_LINUX}" != "text" ]; then + echo "${submenu_indentation} load_video" diff --git a/debian/patches/grub-install-backup-and-restore.patch b/debian/patches/grub-install-backup-and-restore.patch new file mode 100644 index 000000000..79e893090 --- /dev/null +++ b/debian/patches/grub-install-backup-and-restore.patch @@ -0,0 +1,174 @@ +From: Dimitri John Ledkov +Date: Wed, 19 Aug 2020 01:49:09 +0100 +Subject: grub-install: Add backup and restore + +Refactor clean_grub_dir to create a backup of all the files, instead +of just irrevocably removing them as the first action. If available, +register on_exit handle to restore the backup if any errors occur, or +remove the backup if everything was successful. If on_exit is not +available, the backup remains on disk for manual recovery. + +This allows safer upgrades of MBR & modules, such that +modules/images/fonts/translations are consistent with MBR in case of +errors. For example accidental grub-install /dev/non-existent-disk +currently clobbers and upgrades modules in /boot/grub, despite not +actually updating any MBR. This increases peak disk-usage slightly, by +requiring temporarily twice the disk space to complete grub-install. + +Also add modinfo.sh to the cleanup/backup/restore codepath, to ensure +it is also cleaned / backed up / restored. + +Signed-off-by: Dimitri John Ledkov + +Patch-Name: grub-install-backup-and-restore.patch +--- + configure.ac | 2 +- + util/grub-install-common.c | 105 ++++++++++++++++++++++++++++++++++++++------- + 2 files changed, 91 insertions(+), 16 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 1819188..6a88b9b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -420,7 +420,7 @@ else + fi + + # Check for functions and headers. +-AC_CHECK_FUNCS(posix_memalign memalign getextmntent) ++AC_CHECK_FUNCS(posix_memalign memalign getextmntent on_exit) + AC_CHECK_HEADERS(sys/param.h sys/mount.h sys/mnttab.h limits.h) + + # glibc 2.25 still includes sys/sysmacros.h in sys/types.h but emits deprecation +diff --git a/util/grub-install-common.c b/util/grub-install-common.c +index 447504d..61f9075 100644 +--- a/util/grub-install-common.c ++++ b/util/grub-install-common.c +@@ -185,38 +185,113 @@ grub_install_mkdir_p (const char *dst) + free (t); + } + ++static int ++strcmp_ext (const char *a, const char *b, const char *ext) ++{ ++ char *bsuffix = grub_util_path_concat_ext (1, b, ext); ++ int r = strcmp (a, bsuffix); ++ free (bsuffix); ++ return r; ++} ++ ++enum clean_grub_dir_mode ++{ ++ CLEAN = 0, ++ CLEAN_BACKUP = 1, ++ CREATE_BACKUP = 2, ++ RESTORE_BACKUP = 3, ++}; ++ + static void +-clean_grub_dir (const char *di) ++clean_grub_dir_real (const char *di, enum clean_grub_dir_mode mode) + { + grub_util_fd_dir_t d; + grub_util_fd_dirent_t de; ++ char suffix[2] = ""; ++ ++ if ((mode == CLEAN_BACKUP) || (mode == RESTORE_BACKUP)) ++ { ++ strcpy (suffix, "-"); ++ } + + d = grub_util_fd_opendir (di); + if (!d) +- grub_util_error (_("cannot open directory `%s': %s"), +- di, grub_util_fd_strerror ()); ++ { ++ if (mode == CLEAN_BACKUP) ++ return; ++ grub_util_error (_("cannot open directory `%s': %s"), ++ di, grub_util_fd_strerror ()); ++ } + + while ((de = grub_util_fd_readdir (d))) + { + const char *ext = strrchr (de->d_name, '.'); +- if ((ext && (strcmp (ext, ".mod") == 0 +- || strcmp (ext, ".lst") == 0 +- || strcmp (ext, ".img") == 0 +- || strcmp (ext, ".mo") == 0) +- && strcmp (de->d_name, "menu.lst") != 0) +- || strcmp (de->d_name, "efiemu32.o") == 0 +- || strcmp (de->d_name, "efiemu64.o") == 0) ++ if ((ext && (strcmp_ext (ext, ".mod", suffix) == 0 ++ || strcmp_ext (ext, ".lst", suffix) == 0 ++ || strcmp_ext (ext, ".img", suffix) == 0 ++ || strcmp_ext (ext, ".mo", suffix) == 0) ++ && strcmp_ext (de->d_name, "menu.lst", suffix) != 0) ++ || strcmp_ext (de->d_name, "modinfo.sh", suffix) == 0 ++ || strcmp_ext (de->d_name, "efiemu32.o", suffix) == 0 ++ || strcmp_ext (de->d_name, "efiemu64.o", suffix) == 0) + { +- char *x = grub_util_path_concat (2, di, de->d_name); +- if (grub_util_unlink (x) < 0) +- grub_util_error (_("cannot delete `%s': %s"), x, +- grub_util_fd_strerror ()); +- free (x); ++ char *srcf = grub_util_path_concat (2, di, de->d_name); ++ ++ if (mode == CREATE_BACKUP) ++ { ++ char *dstf = grub_util_path_concat_ext (2, di, de->d_name, "-"); ++ if (grub_util_rename (srcf, dstf) < 0) ++ grub_util_error (_("cannot backup `%s': %s"), srcf, ++ grub_util_fd_strerror ()); ++ free (dstf); ++ } ++ else if (mode == RESTORE_BACKUP) ++ { ++ char *dstf = grub_util_path_concat (2, di, de->d_name); ++ dstf[strlen (dstf) - 1] = 0; ++ if (grub_util_rename (srcf, dstf) < 0) ++ grub_util_error (_("cannot restore `%s': %s"), dstf, ++ grub_util_fd_strerror ()); ++ free (dstf); ++ } ++ else ++ { ++ if (grub_util_unlink (srcf) < 0) ++ grub_util_error (_("cannot delete `%s': %s"), srcf, ++ grub_util_fd_strerror ()); ++ } ++ free (srcf); + } + } + grub_util_fd_closedir (d); + } + ++static void ++restore_backup_on_exit (int status, void *arg) ++{ ++ if (status == 0) ++ { ++ clean_grub_dir_real ((char *) arg, CLEAN_BACKUP); ++ } ++ else ++ { ++ clean_grub_dir_real ((char *) arg, CLEAN); ++ clean_grub_dir_real ((char *) arg, RESTORE_BACKUP); ++ } ++ free (arg); ++ arg = NULL; ++} ++ ++static void ++clean_grub_dir (const char *di) ++{ ++ clean_grub_dir_real (di, CLEAN_BACKUP); ++ clean_grub_dir_real (di, CREATE_BACKUP); ++#if defined(HAVE_ON_EXIT) ++ on_exit (restore_backup_on_exit, strdup (di)); ++#endif ++} ++ + struct install_list + { + int is_default; diff --git a/debian/patches/grub-install-pvxen-paths.patch b/debian/patches/grub-install-pvxen-paths.patch index ab6d95b6b..43d8e0894 100644 --- a/debian/patches/grub-install-pvxen-paths.patch +++ b/debian/patches/grub-install-pvxen-paths.patch @@ -1,4 +1,3 @@ -From 8e6b05dbc0a21e8d2a6e8ef2bb831f0bf8ff3a6d Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Sat, 6 Sep 2014 12:20:12 +0100 Subject: grub-install: Install PV Xen binaries into the upstream specified @@ -20,18 +19,15 @@ Forwarded: http://lists.gnu.org/archive/html/grub-devel/2014-10/msg00041.html Last-Update: 2014-10-24 Patch-Name: grub-install-pvxen-paths.patch - ---- -v2: Respect bootdir, create /boot/xen as needed. --- util/grub-install.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/util/grub-install.c b/util/grub-install.c -index 73c623107..f511cfc72 100644 +index 70d6700..64c2923 100644 --- a/util/grub-install.c +++ b/util/grub-install.c -@@ -2055,6 +2055,28 @@ main (int argc, char *argv[]) +@@ -2058,6 +2058,28 @@ main (int argc, char *argv[]) } break; @@ -60,7 +56,7 @@ index 73c623107..f511cfc72 100644 case GRUB_INSTALL_PLATFORM_MIPSEL_LOONGSON: case GRUB_INSTALL_PLATFORM_MIPSEL_QEMU_MIPS: case GRUB_INSTALL_PLATFORM_MIPS_QEMU_MIPS: -@@ -2064,8 +2086,6 @@ main (int argc, char *argv[]) +@@ -2067,8 +2089,6 @@ main (int argc, char *argv[]) case GRUB_INSTALL_PLATFORM_MIPSEL_ARC: case GRUB_INSTALL_PLATFORM_ARM_UBOOT: case GRUB_INSTALL_PLATFORM_I386_QEMU: diff --git a/debian/patches/grub-install-removable-shim.patch b/debian/patches/grub-install-removable-shim.patch deleted file mode 100644 index eed719a18..000000000 --- a/debian/patches/grub-install-removable-shim.patch +++ /dev/null @@ -1,193 +0,0 @@ -From 3d51b212987d47da2b8c65a911140bbbc2fd3153 Mon Sep 17 00:00:00 2001 -From: Steve McIntyre <93sam@debian.org> -Date: Fri, 14 Jun 2019 16:37:11 +0100 -Subject: Deal with --force-extra-removable with signed shim too - -In this case, we need both the signed shim as /EFI/BOOT/BOOTXXX.EFI -and signed Grub as /EFI/BOOT/grubXXX.efi. - -Also install the BOOTXXX.CSV into /EFI/debian, and FBXXX.EFI into -/EFI/BOOT/ so that it can work when needed (*iff* we're updating the -NVRAM). - -[cjwatson: Refactored also_install_removable somewhat for brevity and so -that we're using consistent case-insensitive logic.] - -Bug-Debian: https://bugs.debian.org/930531 -Last-Update: 2019-06-14 - -Patch-Name: grub-install-removable-shim.patch ---- - util/grub-install.c | 84 ++++++++++++++++++++++++++++++++++++--------- - 1 file changed, 67 insertions(+), 17 deletions(-) - -diff --git a/util/grub-install.c b/util/grub-install.c -index d66de7f8e..35d150c33 100644 ---- a/util/grub-install.c -+++ b/util/grub-install.c -@@ -883,17 +883,13 @@ check_component_exists(const char *dir, - static void - also_install_removable(const char *src, - const char *base_efidir, -- const char *efi_suffix_upper) -+ const char *efi_file, -+ int is_needed) - { -- char *efi_file = NULL; - char *dst = NULL; - char *cur = NULL; - char *found = NULL; - -- if (!efi_suffix_upper) -- grub_util_error ("%s", _("efi_suffix_upper not set")); -- efi_file = xasprintf ("BOOT%s.EFI", efi_suffix_upper); -- - /* We need to install in $base_efidir/EFI/BOOT/$efi_file, but we - * need to cope with case-insensitive stuff here. Build the path one - * component at a time, checking for existing matches each time. */ -@@ -927,10 +923,9 @@ also_install_removable(const char *src, - cur = xstrdup (dst); - free (dst); - free (found); -- grub_install_copy_file (src, cur, 1); -+ grub_install_copy_file (src, cur, is_needed); - - free (cur); -- free (efi_file); - } - - int -@@ -2076,11 +2071,14 @@ main (int argc, char *argv[]) - case GRUB_INSTALL_PLATFORM_IA64_EFI: - { - char *dst = grub_util_path_concat (2, efidir, efi_file); -+ char *removable_file = xasprintf ("BOOT%s.EFI", efi_suffix_upper); -+ - if (uefi_secure_boot) - { - char *shim_signed = NULL; - char *mok_signed = NULL, *mok_file = NULL; - char *fb_signed = NULL, *fb_file = NULL; -+ char *csv_file = NULL; - char *config_dst; - FILE *config_dst_f; - -@@ -2089,11 +2087,15 @@ main (int argc, char *argv[]) - mok_file = xasprintf ("mm%s.efi", efi_suffix); - fb_signed = xasprintf ("fb%s.efi.signed", efi_suffix); - fb_file = xasprintf ("fb%s.efi", efi_suffix); -+ csv_file = xasprintf ("BOOT%s.CSV", efi_suffix_upper); -+ -+ /* If we have a signed shim binary, install that and all -+ its helpers in the normal vendor path */ - - if (grub_util_is_regular (shim_signed)) - { - char *chained_base, *chained_dst; -- char *mok_src, *mok_dst, *fb_src, *fb_dst; -+ char *mok_src, *mok_dst, *fb_src, *fb_dst, *csv_src, *csv_dst; - if (!removable) - { - free (efi_file); -@@ -2105,8 +2107,6 @@ main (int argc, char *argv[]) - chained_base = xasprintf ("grub%s.efi", efi_suffix); - chained_dst = grub_util_path_concat (2, efidir, chained_base); - grub_install_copy_file (efi_signed, chained_dst, 1); -- free (chained_dst); -- free (chained_base); - - /* Not critical, so not an error if they are not present (as it - won't be for older releases); but if we have them, make -@@ -2117,8 +2117,6 @@ main (int argc, char *argv[]) - mok_file); - grub_install_copy_file (mok_src, - mok_dst, 0); -- free (mok_src); -- free (mok_dst); - - fb_src = grub_util_path_concat (2, "/usr/lib/shim/", - fb_signed); -@@ -2126,27 +2124,79 @@ main (int argc, char *argv[]) - fb_file); - grub_install_copy_file (fb_src, - fb_dst, 0); -+ -+ csv_src = grub_util_path_concat (2, "/usr/lib/shim/", -+ csv_file); -+ csv_dst = grub_util_path_concat (2, efidir, -+ csv_file); -+ grub_install_copy_file (csv_src, -+ csv_dst, 0); -+ -+ /* Install binaries into .../EFI/BOOT too: -+ the shim binary -+ the grub binary -+ the shim fallback binary (not fatal on failure) */ -+ if (force_extra_removable) -+ { -+ grub_util_info ("Secure boot: installing shim and image into rm path"); -+ also_install_removable (shim_signed, base_efidir, removable_file, 1); -+ -+ also_install_removable (efi_signed, base_efidir, chained_base, 1); -+ -+ /* If we're updating the NVRAM, add fallback too - it -+ will re-update the NVRAM later if things break */ -+ if (update_nvram) -+ also_install_removable (fb_src, base_efidir, fb_file, 0); -+ } -+ -+ free (chained_dst); -+ free (chained_base); -+ free (mok_src); -+ free (mok_dst); - free (fb_src); - free (fb_dst); -+ free (csv_src); -+ free (csv_dst); - } - else -- grub_install_copy_file (efi_signed, dst, 1); -+ { -+ /* Tried to install for secure boot, but no signed -+ shim found. Fall back to just installing the signed -+ grub binary */ -+ grub_util_info ("Secure boot (no shim): installing signed grub binary"); -+ grub_install_copy_file (efi_signed, dst, 1); -+ if (force_extra_removable) -+ { -+ grub_util_info ("Secure boot (no shim): installing signed grub binary into rm path"); -+ also_install_removable (efi_signed, base_efidir, removable_file, 1); -+ } -+ } - -+ /* In either case, install our grub.cfg */ - config_dst = grub_util_path_concat (2, efidir, "grub.cfg"); - grub_install_copy_file (load_cfg, config_dst, 1); - config_dst_f = grub_util_fopen (config_dst, "ab"); - fprintf (config_dst_f, "configfile $prefix/grub.cfg\n"); - fclose (config_dst_f); - free (config_dst); -- if (force_extra_removable) -- also_install_removable(efi_signed, base_efidir, efi_suffix_upper); -+ -+ free (csv_file); -+ free (fb_file); -+ free (fb_signed); -+ free (mok_file); -+ free (mok_signed); -+ free (shim_signed); - } - else - { -+ /* No secure boot - just install our newly-generated image */ -+ grub_util_info ("No Secure Boot: installing core image"); - grub_install_copy_file (imgfile, dst, 1); - if (force_extra_removable) -- also_install_removable(imgfile, base_efidir, efi_suffix_upper); -+ also_install_removable (imgfile, base_efidir, removable_file, 1); - } -+ -+ free (removable_file); - free (dst); - } - if (!removable && update_nvram) diff --git a/debian/patches/grub-legacy-0-based-partitions.patch b/debian/patches/grub-legacy-0-based-partitions.patch index 2039c3f9c..fc6e3efb3 100644 --- a/debian/patches/grub-legacy-0-based-partitions.patch +++ b/debian/patches/grub-legacy-0-based-partitions.patch @@ -1,4 +1,3 @@ -From fbb34837e1b3185dd2a55d8aeb9b23a8fcc50d54 Mon Sep 17 00:00:00 2001 From: Robert Millan Date: Mon, 13 Jan 2014 12:12:53 +0000 Subject: Support running grub-probe in grub-legacy's update-grub @@ -13,7 +12,7 @@ Patch-Name: grub-legacy-0-based-partitions.patch 1 file changed, 14 insertions(+) diff --git a/util/getroot.c b/util/getroot.c -index 847406fba..cdd41153c 100644 +index 847406f..cdd4115 100644 --- a/util/getroot.c +++ b/util/getroot.c @@ -245,6 +245,20 @@ find_partition (grub_disk_t dsk __attribute__ ((unused)), diff --git a/debian/patches/grub.cfg-400.patch b/debian/patches/grub.cfg-400.patch index 1fee91ac0..1c01f4d79 100644 --- a/debian/patches/grub.cfg-400.patch +++ b/debian/patches/grub.cfg-400.patch @@ -1,4 +1,3 @@ -From e0ceb93ec1feab2b084f58d98f8c865847354254 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:12:55 +0000 Subject: Make grub.cfg world-readable if it contains no passwords @@ -9,7 +8,7 @@ Patch-Name: grub.cfg-400.patch 1 file changed, 4 insertions(+) diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 9f477ff05..45cd4cc54 100644 +index 9f477ff..45cd4cc 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -276,6 +276,10 @@ for i in "${grub_mkconfig_dir}"/* ; do diff --git a/debian/patches/ieee1275-clear-reset.patch b/debian/patches/ieee1275-clear-reset.patch index df20adae7..09c77121d 100644 --- a/debian/patches/ieee1275-clear-reset.patch +++ b/debian/patches/ieee1275-clear-reset.patch @@ -1,4 +1,3 @@ -From e1ceeb130e1dc5b4206107fb41488eff08316820 Mon Sep 17 00:00:00 2001 From: Paulo Flabiano Smorigo Date: Thu, 25 Sep 2014 18:41:29 -0300 Subject: Include a text attribute reset in the clear command for ppc @@ -18,7 +17,7 @@ Patch-Name: ieee1275-clear-reset.patch 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/term/terminfo.c b/grub-core/term/terminfo.c -index d317efa36..63892ad42 100644 +index d317efa..63892ad 100644 --- a/grub-core/term/terminfo.c +++ b/grub-core/term/terminfo.c @@ -151,7 +151,7 @@ grub_terminfo_set_current (struct grub_term_output *term, diff --git a/debian/patches/ignore-grub_func_test-failures.patch b/debian/patches/ignore-grub_func_test-failures.patch index 7efd11252..30ef060cd 100644 --- a/debian/patches/ignore-grub_func_test-failures.patch +++ b/debian/patches/ignore-grub_func_test-failures.patch @@ -1,4 +1,3 @@ -From 2efd14b497f45150a23c7977e5c45285d258d42c Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:32 +0000 Subject: Ignore functional test failures for now as they are broken @@ -14,7 +13,7 @@ Patch-Name: ignore-grub_func_test-failures.patch 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/grub_func_test.in b/tests/grub_func_test.in -index c67f9e422..728cd6e06 100644 +index c67f9e4..728cd6e 100644 --- a/tests/grub_func_test.in +++ b/tests/grub_func_test.in @@ -16,6 +16,8 @@ out=`echo all_functional_test | @builddir@/grub-shell --timeout=3600 --files="/b diff --git a/debian/patches/insmod-xzio-and-lzopio-on-xen.patch b/debian/patches/insmod-xzio-and-lzopio-on-xen.patch index 1a82d7f8e..b4552a5a3 100644 --- a/debian/patches/insmod-xzio-and-lzopio-on-xen.patch +++ b/debian/patches/insmod-xzio-and-lzopio-on-xen.patch @@ -1,4 +1,3 @@ -From 7b5ed0cc355424e434744162d03cc43a483ac0f4 Mon Sep 17 00:00:00 2001 From: Ian Campbell Date: Sun, 30 Nov 2014 12:12:52 +0000 Subject: Arrange to insmod xzio and lzopio when booting a kernel as a Xen @@ -16,14 +15,15 @@ Last-Update: 2014-11-30 Patch-Name: insmod-xzio-and-lzopio-on-xen.patch --- - util/grub.d/10_linux.in | 1 + - 1 file changed, 1 insertion(+) + util/grub.d/10_linux.in | 1 + + util/grub.d/10_linux_zfs.in | 1 + + 2 files changed, 2 insertions(+) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index ba945582e..8a74c677b 100644 +index 2c418c5..85b3008 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in -@@ -162,6 +162,7 @@ linux_entry () +@@ -166,6 +166,7 @@ linux_entry () fi echo " insmod gzio" | sed "s/^/$submenu_indentation/" @@ -31,3 +31,15 @@ index ba945582e..8a74c677b 100644 if [ x$dirname = x/ ]; then if [ -z "${prepare_root_cache}" ]; then +diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in +index 4477fa6..4c48abe 100755 +--- a/util/grub.d/10_linux_zfs.in ++++ b/util/grub.d/10_linux_zfs.in +@@ -838,6 +838,7 @@ zfs_linux_entry () { + fi + + echo "${submenu_indentation} insmod gzio" ++ echo "${submenu_indentation} if [ \"\${grub_platform}\" = xen ]; then insmod xzio; insmod lzopio; fi" + + echo "$(prepare_grub_to_access_device_cached "${boot_device}" "${submenu_level}")" + diff --git a/debian/patches/install-efi-fallback.patch b/debian/patches/install-efi-fallback.patch index 4913c36f4..0fb365a17 100644 --- a/debian/patches/install-efi-fallback.patch +++ b/debian/patches/install-efi-fallback.patch @@ -1,4 +1,3 @@ -From 4b5ab05a5428e6acae087a819b5daeb17b36e5f5 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:05 +0000 Subject: Fall back to non-EFI if booted using EFI but -efi is missing @@ -15,11 +14,11 @@ Last-Update: 2019-05-24 Patch-Name: install-efi-fallback.patch --- - grub-core/osdep/linux/platform.c | 40 ++++++++++++++++++++++++++++---- + grub-core/osdep/linux/platform.c | 40 +++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/grub-core/osdep/linux/platform.c b/grub-core/osdep/linux/platform.c -index e28a79dab..2e7f72086 100644 +index e28a79d..2e7f720 100644 --- a/grub-core/osdep/linux/platform.c +++ b/grub-core/osdep/linux/platform.c @@ -19,10 +19,12 @@ diff --git a/debian/patches/install-efi-ubuntu-flavours.patch b/debian/patches/install-efi-ubuntu-flavours.patch index 5d8aad94e..73bafe6d9 100644 --- a/debian/patches/install-efi-ubuntu-flavours.patch +++ b/debian/patches/install-efi-ubuntu-flavours.patch @@ -1,4 +1,3 @@ -From 8054cd148e7a9e3cfa546d60c06b436fb73cf803 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:27 +0000 Subject: Cope with Kubuntu setting GRUB_DISTRIBUTOR @@ -17,7 +16,7 @@ Patch-Name: install-efi-ubuntu-flavours.patch 1 file changed, 2 insertions(+) diff --git a/util/grub-install.c b/util/grub-install.c -index b0c7c7c37..e5e9e439d 100644 +index e1e40cf..f0d59c1 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -1115,6 +1115,8 @@ main (int argc, char *argv[]) diff --git a/debian/patches/install-locale-langpack.patch b/debian/patches/install-locale-langpack.patch index 34c017689..960472c77 100644 --- a/debian/patches/install-locale-langpack.patch +++ b/debian/patches/install-locale-langpack.patch @@ -1,4 +1,3 @@ -From b7350821785e3c924f70720532c19a3a91966115 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:07 +0000 Subject: Prefer translations from Ubuntu language packs if available @@ -13,7 +12,7 @@ Patch-Name: install-locale-langpack.patch 1 file changed, 30 insertions(+), 7 deletions(-) diff --git a/util/grub-install-common.c b/util/grub-install-common.c -index ca0ac612a..fdfe2c7ea 100644 +index ca0ac61..fdfe2c7 100644 --- a/util/grub-install-common.c +++ b/util/grub-install-common.c @@ -609,17 +609,25 @@ get_localedir (void) diff --git a/debian/patches/install-powerpc-machtypes.patch b/debian/patches/install-powerpc-machtypes.patch index 21d91af29..4c50632f3 100644 --- a/debian/patches/install-powerpc-machtypes.patch +++ b/debian/patches/install-powerpc-machtypes.patch @@ -1,4 +1,3 @@ -From 786580f06e6f715d6cb9a778926959b33134bb32 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Tue, 28 Jan 2014 14:40:02 +0000 Subject: Port yaboot logic for various powerpc machine types @@ -17,15 +16,15 @@ Last-Update: 2014-10-15 Patch-Name: install-powerpc-machtypes.patch --- grub-core/osdep/basic/platform.c | 5 +++ - grub-core/osdep/linux/platform.c | 72 ++++++++++++++++++++++++++++++ - grub-core/osdep/unix/platform.c | 28 +++++++++--- - grub-core/osdep/windows/platform.c | 6 +++ + grub-core/osdep/linux/platform.c | 72 ++++++++++++++++++++++++++++++++++++++ + grub-core/osdep/unix/platform.c | 28 +++++++++++---- + grub-core/osdep/windows/platform.c | 6 ++++ include/grub/util/install.h | 3 ++ - util/grub-install.c | 11 +++++ + util/grub-install.c | 11 ++++++ 6 files changed, 119 insertions(+), 6 deletions(-) diff --git a/grub-core/osdep/basic/platform.c b/grub-core/osdep/basic/platform.c -index a7dafd85a..6c293ed2d 100644 +index a7dafd8..6c293ed 100644 --- a/grub-core/osdep/basic/platform.c +++ b/grub-core/osdep/basic/platform.c @@ -30,3 +30,8 @@ grub_install_get_default_x86_platform (void) @@ -38,7 +37,7 @@ index a7dafd85a..6c293ed2d 100644 + return "generic"; +} diff --git a/grub-core/osdep/linux/platform.c b/grub-core/osdep/linux/platform.c -index 2e7f72086..5b37366d4 100644 +index 2e7f720..5b37366 100644 --- a/grub-core/osdep/linux/platform.c +++ b/grub-core/osdep/linux/platform.c @@ -24,6 +24,7 @@ @@ -125,7 +124,7 @@ index 2e7f72086..5b37366d4 100644 + return machtype; +} diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c -index 55b8f4016..9c439326a 100644 +index 55b8f40..9c43932 100644 --- a/grub-core/osdep/unix/platform.c +++ b/grub-core/osdep/unix/platform.c @@ -218,13 +218,29 @@ grub_install_register_ieee1275 (int is_prep, const char *install_device, @@ -165,7 +164,7 @@ index 55b8f4016..9c439326a 100644 free (boot_device); diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c -index 7eb53fe01..e19a3d9a8 100644 +index 7eb53fe..e19a3d9 100644 --- a/grub-core/osdep/windows/platform.c +++ b/grub-core/osdep/windows/platform.c @@ -128,6 +128,12 @@ grub_install_get_default_x86_platform (void) @@ -182,7 +181,7 @@ index 7eb53fe01..e19a3d9a8 100644 get_efi_variable (const wchar_t *varname, ssize_t *len) { diff --git a/include/grub/util/install.h b/include/grub/util/install.h -index 2631b1074..8aeb5c4f2 100644 +index 2631b10..8aeb5c4 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -216,6 +216,9 @@ grub_install_get_default_arm_platform (void); @@ -196,7 +195,7 @@ index 2631b1074..8aeb5c4f2 100644 grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efifile_path, diff --git a/util/grub-install.c b/util/grub-install.c -index e5e9e439d..73c623107 100644 +index f0d59c1..70d6700 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -1177,7 +1177,18 @@ main (int argc, char *argv[]) diff --git a/debian/patches/install-stage2-confusion.patch b/debian/patches/install-stage2-confusion.patch index 214a7f6da..ec768e7a8 100644 --- a/debian/patches/install-stage2-confusion.patch +++ b/debian/patches/install-stage2-confusion.patch @@ -1,4 +1,3 @@ -From 81cb5ffcbdc273cb57ccc355342d81cf34d8a7b7 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:12:58 +0000 Subject: If GRUB Legacy is still around, tell packaging to ignore it @@ -13,7 +12,7 @@ Patch-Name: install-stage2-confusion.patch 1 file changed, 14 insertions(+) diff --git a/util/grub-install.c b/util/grub-install.c -index 8a55ad4b8..3b4606eef 100644 +index 8a55ad4..3b4606e 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -42,6 +42,7 @@ diff --git a/debian/patches/linux_xen-Properly-load-multiple-initrd-files.patch b/debian/patches/linux_xen-Properly-load-multiple-initrd-files.patch new file mode 100644 index 000000000..d9493a142 --- /dev/null +++ b/debian/patches/linux_xen-Properly-load-multiple-initrd-files.patch @@ -0,0 +1,123 @@ +From: Mauricio Faria de Oliveira +Date: Sat, 6 Aug 2022 20:46:48 -0300 +Subject: templates/linux_xen: Properly load multiple initrd files +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +The linux_xen template can put multiple initrd files in the +same multiboot[2] module[2] command, which is against specs. + +This causes ONLY the _first_ initrd file to be loaded; other +files just have filenames in a "cmdline" string of the first +initrd file and are NOT loaded. + +Fix this by inserting a module[2] command per initrd file. + +Before: + + # touch /boot/xen /boot/microcode.cpio + # grub-mkconfig 2>/dev/null | grep -P '^\t(multiboot|module)' + multiboot /boot/xen ... + module /boot/vmlinuz-5.4.0-122-generic ... + module --nounzip /boot/microcode.cpio /boot/initrd.img-5.4.0-122-generic + +After: + + # touch /boot/xen /boot/microcode.cpio + # grub-mkconfig 2>/dev/null | grep -P '^\t(multiboot|module)' + multiboot /boot/xen ... + module /boot/vmlinuz-5.4.0-122-generic ... + module --nounzip /boot/microcode.cpio + module --nounzip /boot/initrd.img-5.4.0-122-generic + +Cause: + +The code was copied from the linux template, which is *apparently* +equivalent.. but its backing command grub_cmd_initrd() *supports* +multiple files (see grub_initrd_init()), while grub_cmd_module() +*does not* (see grub_multiboot[2]_add_module()). + +See commit e86f6aafb8de ("grub-mkconfig/20_linux_xen: Support multiple early initrd images"): + 'This is basically a copy of a698240d "grub-mkconfig/10_linux: + Support multiple early initrd images" ...' + +Specs: + +Both multiboot and multiboot2 specifications mention support for +'multiple boot modules' (struct/tag used for kernel/initrd files): + + "Boot loaders don’t have to support multiple boot modules, + but they are strongly encouraged to" [1,2] + +However, there is a 1:1 relationship between boot modules and files, +more or less clearly; note the usage of singular/plural "module(s)". +(Multiboot2, clearly: "One tag appears per module".) + + Multiboot [1]: + + "the ‘mods’ fields indicate ... what boot modules + were loaded ..., and where they can be found. + ‘mods_count’ contains the number of modules loaded" + + "The first two fields contain the start and end addresses + of the boot module itself." + + Multiboot2 [2]: + + "This tag indicates ... what boot module was loaded ..., + and where it can be found." + + "The ‘mod_start’ and ‘mod_end’ contain the start and end + physical addresses of the boot module itself." + + "One tag appears per module. + This tag type may appear multiple times." + +And both clearly mention the 'string' field of a boot module, +which is to be used by the operating system, not boot loader: + + "The ‘string’ field provides an arbitrary string to be + associated with that particular boot module ... + its exact use is specific to the operating system." + +Links: + +[1] https://www.gnu.org/software/grub/manual/multiboot/multiboot.html + 3.3 Boot information format + +[2] https://www.gnu.org/software/grub/manual/multiboot2/multiboot.html + 3.6.6 Modules + +Fixes: e86f6aafb8de ("grub-mkconfig/20_linux_xen: Support multiple early initrd images") + +Signed-off-by: Mauricio Faria de Oliveira + +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1987567 +Origin: backport, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=b4b4acaf4ec7af1a78d122c10baed4e85187e2a5 +[mfo: backport: refresh lower context lines.] +LP: #1987567 +--- + util/grub.d/20_linux_xen.in | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in +index a12780e..6f38c5d 100644 +--- a/util/grub.d/20_linux_xen.in ++++ b/util/grub.d/20_linux_xen.in +@@ -166,12 +166,12 @@ EOF + message="$(gettext_printf "Loading initial ramdisk ...")" + initrd_path= + for i in ${initrd}; do +- initrd_path="${initrd_path} ${rel_dirname}/${i}" +- done +- sed "s/^/$submenu_indentation/" << EOF ++ initrd_path="${rel_dirname}/${i}" ++ sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' + ${module_loader} --nounzip $(echo $initrd_path) + EOF ++ done + fi + sed "s/^/$submenu_indentation/" << EOF + } diff --git a/debian/patches/linux_xen-Properly-order-multiple-initrd-files.patch b/debian/patches/linux_xen-Properly-order-multiple-initrd-files.patch new file mode 100644 index 000000000..2e38f3ba3 --- /dev/null +++ b/debian/patches/linux_xen-Properly-order-multiple-initrd-files.patch @@ -0,0 +1,79 @@ +From: Mauricio Faria de Oliveira +Date: Sat, 6 Aug 2022 22:07:58 -0300 +Subject: templates/linux_xen: Properly order the multiple initrd files + +The linux_xen template orders the "early" initrd file(s) _first_ +(i.e., before the "real" initrd files) and that seems reasonable, +as microcode updates usually come first. + +However, this usually breaks Linux boot with initrd under Xen +because Xen assumes the real initrd is the first multiboot[2] +module after the kernel, passing its address over to Linux. + +So, if a microcode-only initrd (i.e., without init/userspace) +is found by grub-mkconfig, it ends up considered as a normal +initrd by the Linux kernel, which cannot do anything with it +(as it has no other files) and panic()s unable to mount root +if it depends on a initrd to do that (e.g., root=UUID=...). + +... + +Well, since Xen doesn't actually use the provided microcode +by default / unless the 'ucode=' option +is enabled, this isn't used in the general case (and breaks). + +Additionally, if an user enables the 'ucode=' option, that +either specifies which module is to be used for microcode, +or scans all modules (regardless of being first) for that. + +Thus, for Xen: +- it is *not required* to have microcode first, +- but it is *required* to have real initrd first + +So, fix it by ordering the real initrd before early initrd(s). + +... + +Corner case specific to Xen implementation details: + +It is actually _possible_ to have a microcode initrd first, +but that requires a non-default option (so can't rely on it), +and it turns out to be inconsistent with its counterpart +(really shouldn't rely on it, as it may get confusing; below). + +'ucode=1' does manually specify the first module is microcode +_AND_ clears its bit in the module bitmap. The next module is +now the 'new first', and gets passed to Linux as initrd. Good. + +'ucode=scan' checks all modules for microcode, but does _NOT_ +clear a bit if it finds one (reasonable, as it can find that +prepended in a "real" initrd anyway, which needs to be used). +The first module still gets passed to Linux as initrd. Bad. + +Fixes: e86f6aafb8de ("grub-mkconfig/20_linux_xen: Support multiple early initrd images") + +Signed-off-by: Mauricio Faria de Oliveira + +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1987567 +Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=18d8eafdea2322dc80c37e826a75e4d62094fecc +LP: #1987567 +--- + util/grub.d/20_linux_xen.in | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in +index 6f38c5d..0629890 100644 +--- a/util/grub.d/20_linux_xen.in ++++ b/util/grub.d/20_linux_xen.in +@@ -304,7 +304,10 @@ while [ "x${xen_list}" != "x" ] ; do + + initrd= + if test -n "${initrd_early}" || test -n "${initrd_real}"; then +- initrd="${initrd_early} ${initrd_real}" ++ # Xen assumes the real initrd is the first module after the kernel. ++ # Additional (later) initrds can also be used for microcode update, ++ # with Xen option 'ucode= (non-default anyway). ++ initrd="${initrd_real} ${initrd_early}" + + initrd_display= + for i in ${initrd}; do diff --git a/debian/patches/linuxefi.patch b/debian/patches/linuxefi.patch deleted file mode 100644 index a9339a6f8..000000000 --- a/debian/patches/linuxefi.patch +++ /dev/null @@ -1,550 +0,0 @@ -From ef8f04c26dcbcc449bc03c1a304e1a4398e7b5ca Mon Sep 17 00:00:00 2001 -From: Matthew Garrett -Date: Mon, 13 Jan 2014 12:13:15 +0000 -Subject: Add "linuxefi" loader which avoids ExitBootServices - -Origin: vendor, http://pkgs.fedoraproject.org/cgit/grub2.git/tree/grub2-linuxefi.patch -Author: Colin Watson -Author: Steve Langasek -Author: Linn Crosetto -Forwarded: no -Last-Update: 2019-06-26 - -Patch-Name: linuxefi.patch ---- - grub-core/Makefile.core.def | 7 + - grub-core/kern/efi/mm.c | 32 +++ - grub-core/loader/i386/efi/linux.c | 381 ++++++++++++++++++++++++++++++ - grub-core/loader/i386/linux.c | 41 ++++ - include/grub/efi/efi.h | 3 + - 5 files changed, 464 insertions(+) - create mode 100644 grub-core/loader/i386/efi/linux.c - -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index 474a63e68..67a98abbb 100644 ---- a/grub-core/Makefile.core.def -+++ b/grub-core/Makefile.core.def -@@ -1849,6 +1849,13 @@ module = { - enable = x86_64_efi; - }; - -+module = { -+ name = linuxefi; -+ efi = loader/i386/efi/linux.c; -+ enable = i386_efi; -+ enable = x86_64_efi; -+}; -+ - module = { - name = chain; - efi = loader/efi/chainloader.c; -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index b02fab1b1..a9e37108c 100644 ---- a/grub-core/kern/efi/mm.c -+++ b/grub-core/kern/efi/mm.c -@@ -113,6 +113,38 @@ grub_efi_drop_alloc (grub_efi_physical_address_t address, - } - } - -+/* Allocate pages below a specified address */ -+void * -+grub_efi_allocate_pages_max (grub_efi_physical_address_t max, -+ grub_efi_uintn_t pages) -+{ -+ grub_efi_status_t status; -+ grub_efi_boot_services_t *b; -+ grub_efi_physical_address_t address = max; -+ -+ if (max > 0xffffffff) -+ return 0; -+ -+ b = grub_efi_system_table->boot_services; -+ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address); -+ -+ if (status != GRUB_EFI_SUCCESS) -+ return 0; -+ -+ if (address == 0) -+ { -+ /* Uggh, the address 0 was allocated... This is too annoying, -+ so reallocate another one. */ -+ address = max; -+ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address); -+ grub_efi_free_pages (0, pages); -+ if (status != GRUB_EFI_SUCCESS) -+ return 0; -+ } -+ -+ return (void *) ((grub_addr_t) address); -+} -+ - /* Allocate pages. Return the pointer to the first of allocated pages. */ - void * - grub_efi_allocate_pages_real (grub_efi_physical_address_t address, -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -new file mode 100644 -index 000000000..16372a0c8 ---- /dev/null -+++ b/grub-core/loader/i386/efi/linux.c -@@ -0,0 +1,381 @@ -+/* -+ * GRUB -- GRand Unified Bootloader -+ * Copyright (C) 2012 Free Software Foundation, Inc. -+ * -+ * GRUB is free software: you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation, either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * GRUB is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with GRUB. If not, see . -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+GRUB_MOD_LICENSE ("GPLv3+"); -+ -+static grub_dl_t my_mod; -+static int loaded; -+static void *kernel_mem; -+static grub_uint64_t kernel_size; -+static grub_uint8_t *initrd_mem; -+static grub_uint32_t handover_offset; -+struct linux_kernel_params *params; -+static char *linux_cmdline; -+ -+#define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) -+ -+#define SHIM_LOCK_GUID \ -+ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } -+ -+struct grub_efi_shim_lock -+{ -+ grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size); -+}; -+typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; -+ -+static grub_efi_boolean_t -+grub_linuxefi_secure_validate (void *data, grub_uint32_t size) -+{ -+ grub_efi_guid_t guid = SHIM_LOCK_GUID; -+ grub_efi_shim_lock_t *shim_lock; -+ grub_efi_status_t status; -+ -+ if (! grub_efi_secure_boot()) -+ { -+ grub_dprintf ("linuxefi", "secure boot not enabled, not validating"); -+ return 1; -+ } -+ -+ grub_dprintf ("linuxefi", "Locating shim protocol\n"); -+ shim_lock = grub_efi_locate_protocol(&guid, NULL); -+ -+ if (!shim_lock) -+ { -+ grub_dprintf ("linuxefi", "shim not available\n"); -+ return 0; -+ } -+ -+ grub_dprintf ("linuxefi", "Asking shim to verify kernel signature\n"); -+ status = shim_lock->verify(data, size); -+ if (status == GRUB_EFI_SUCCESS) -+ { -+ grub_dprintf ("linuxefi", "Kernel signature verification passed\n"); -+ return 1; -+ } -+ -+ grub_dprintf ("linuxefi", "Kernel signature verification failed (0x%lx)\n", -+ (unsigned long) status); -+ return 0; -+} -+ -+typedef void(*handover_func)(void *, grub_efi_system_table_t *, struct linux_kernel_params *); -+ -+static grub_err_t -+grub_linuxefi_boot (void) -+{ -+ handover_func hf; -+ int offset = 0; -+ -+#ifdef __x86_64__ -+ offset = 512; -+#endif -+ -+ hf = (handover_func)((char *)kernel_mem + handover_offset + offset); -+ -+ asm volatile ("cli"); -+ -+ hf (grub_efi_image_handle, grub_efi_system_table, params); -+ -+ /* Not reached */ -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_linuxefi_unload (void) -+{ -+ grub_dl_unref (my_mod); -+ loaded = 0; -+ if (initrd_mem) -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, BYTES_TO_PAGES(params->ramdisk_size)); -+ if (linux_cmdline) -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)linux_cmdline, BYTES_TO_PAGES(params->cmdline_size + 1)); -+ if (kernel_mem) -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, BYTES_TO_PAGES(kernel_size)); -+ if (params) -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)params, BYTES_TO_PAGES(16384)); -+ return GRUB_ERR_NONE; -+} -+ -+static grub_err_t -+grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), -+ int argc, char *argv[]) -+{ -+ grub_size_t size = 0; -+ struct grub_linux_initrd_context initrd_ctx; -+ -+ if (argc == 0) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -+ goto fail; -+ } -+ -+ if (!loaded) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("you need to load the kernel first")); -+ goto fail; -+ } -+ -+ if (grub_initrd_init (argc, argv, &initrd_ctx)) -+ goto fail; -+ -+ size = grub_get_initrd_size (&initrd_ctx); -+ -+ initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); -+ -+ if (!initrd_mem) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate initrd")); -+ goto fail; -+ } -+ -+ grub_dprintf ("linuxefi", "initrd_mem = %lx\n", (unsigned long) initrd_mem); -+ -+ params->ramdisk_size = size; -+ params->ramdisk_image = (grub_uint32_t)(grub_addr_t) initrd_mem; -+ -+ if (grub_initrd_load (&initrd_ctx, argv, initrd_mem)) -+ goto fail; -+ -+ params->ramdisk_size = size; -+ -+ fail: -+ grub_initrd_close (&initrd_ctx); -+ -+ if (initrd_mem && grub_errno) -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, BYTES_TO_PAGES(size)); -+ -+ return grub_errno; -+} -+ -+static grub_err_t -+grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), -+ int argc, char *argv[]) -+{ -+ grub_file_t file = 0; -+ struct linux_i386_kernel_header lh; -+ grub_ssize_t len, start, filelen; -+ void *kernel; -+ -+ grub_dl_ref (my_mod); -+ -+ if (argc == 0) -+ { -+ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -+ goto fail; -+ } -+ -+ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); -+ if (! file) -+ goto fail; -+ -+ filelen = grub_file_size (file); -+ -+ kernel = grub_malloc(filelen); -+ -+ if (!kernel) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); -+ goto fail; -+ } -+ -+ if (grub_file_read (file, kernel, filelen) != filelen) -+ { -+ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), argv[0]); -+ goto fail; -+ } -+ -+ if (! grub_linuxefi_secure_validate (kernel, filelen)) -+ { -+ grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), argv[0]); -+ grub_free (kernel); -+ goto fail; -+ } -+ -+ grub_file_seek (file, 0); -+ -+ grub_free(kernel); -+ -+ params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384)); -+ -+ if (! params) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); -+ goto fail; -+ } -+ -+ grub_dprintf ("linuxefi", "params = %lx\n", (unsigned long) params); -+ -+ grub_memset (params, 0, 16384); -+ -+ if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) -+ { -+ if (!grub_errno) -+ grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), -+ argv[0]); -+ goto fail; -+ } -+ -+ if (lh.boot_flag != grub_cpu_to_le16 (0xaa55)) -+ { -+ grub_error (GRUB_ERR_BAD_OS, N_("invalid magic number")); -+ goto fail; -+ } -+ -+ if (lh.setup_sects > GRUB_LINUX_MAX_SETUP_SECTS) -+ { -+ grub_error (GRUB_ERR_BAD_OS, N_("too many setup sectors")); -+ goto fail; -+ } -+ -+ if (lh.version < grub_cpu_to_le16 (0x020b)) -+ { -+ grub_error (GRUB_ERR_BAD_OS, N_("kernel too old")); -+ goto fail; -+ } -+ -+ if (!lh.handover_offset) -+ { -+ grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support EFI handover")); -+ goto fail; -+ } -+ -+ linux_cmdline = grub_efi_allocate_pages_max(0x3fffffff, -+ BYTES_TO_PAGES(lh.cmdline_size + 1)); -+ -+ if (!linux_cmdline) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); -+ goto fail; -+ } -+ -+ grub_dprintf ("linuxefi", "linux_cmdline = %lx\n", -+ (unsigned long) linux_cmdline); -+ -+ grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); -+ { -+ grub_err_t err; -+ err = grub_create_loader_cmdline (argc, argv, -+ linux_cmdline -+ + sizeof (LINUX_IMAGE) - 1, -+ lh.cmdline_size -+ - (sizeof (LINUX_IMAGE) - 1), -+ GRUB_VERIFY_KERNEL_CMDLINE); -+ if (err) -+ goto fail; -+ } -+ -+ lh.cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; -+ -+ handover_offset = lh.handover_offset; -+ -+ start = (lh.setup_sects + 1) * 512; -+ len = grub_file_size(file) - start; -+ -+ kernel_mem = grub_efi_allocate_fixed(lh.pref_address, -+ BYTES_TO_PAGES(lh.init_size)); -+ -+ if (!kernel_mem) -+ kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, -+ BYTES_TO_PAGES(lh.init_size)); -+ -+ if (!kernel_mem) -+ { -+ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel")); -+ goto fail; -+ } -+ -+ grub_dprintf ("linuxefi", "kernel_mem = %lx\n", (unsigned long) kernel_mem); -+ -+ if (grub_file_seek (file, start) == (grub_off_t) -1) -+ { -+ grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), -+ argv[0]); -+ goto fail; -+ } -+ -+ if (grub_file_read (file, kernel_mem, len) != len && !grub_errno) -+ { -+ grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), -+ argv[0]); -+ } -+ -+ if (grub_errno == GRUB_ERR_NONE) -+ { -+ grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); -+ loaded = 1; -+ lh.code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; -+ } -+ -+ grub_memcpy (params, &lh, 2 * 512); -+ -+ params->type_of_loader = 0x21; -+ -+ fail: -+ -+ if (file) -+ grub_file_close (file); -+ -+ if (grub_errno != GRUB_ERR_NONE) -+ { -+ grub_dl_unref (my_mod); -+ loaded = 0; -+ } -+ -+ if (linux_cmdline && !loaded) -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)linux_cmdline, BYTES_TO_PAGES(lh.cmdline_size + 1)); -+ -+ if (kernel_mem && !loaded) -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, BYTES_TO_PAGES(kernel_size)); -+ -+ if (params && !loaded) -+ grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)params, BYTES_TO_PAGES(16384)); -+ -+ return grub_errno; -+} -+ -+static grub_command_t cmd_linux, cmd_initrd; -+ -+GRUB_MOD_INIT(linuxefi) -+{ -+ cmd_linux = -+ grub_register_command ("linuxefi", grub_cmd_linux, -+ 0, N_("Load Linux.")); -+ cmd_initrd = -+ grub_register_command ("initrdefi", grub_cmd_initrd, -+ 0, N_("Load initrd.")); -+ my_mod = mod; -+} -+ -+GRUB_MOD_FINI(linuxefi) -+{ -+ grub_unregister_command (cmd_linux); -+ grub_unregister_command (cmd_initrd); -+} -diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c -index d0501e229..2eab9bb10 100644 ---- a/grub-core/loader/i386/linux.c -+++ b/grub-core/loader/i386/linux.c -@@ -76,6 +76,8 @@ static grub_size_t maximal_cmdline_size; - static struct linux_kernel_params linux_params; - static char *linux_cmdline; - #ifdef GRUB_MACHINE_EFI -+static int using_linuxefi; -+static grub_command_t initrdefi_cmd; - static grub_efi_uintn_t efi_mmap_size; - #else - static const grub_size_t efi_mmap_size = 0; -@@ -651,6 +653,39 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - grub_dl_ref (my_mod); - -+#ifdef GRUB_MACHINE_EFI -+ using_linuxefi = 0; -+ if (grub_efi_secure_boot ()) -+ { -+ /* linuxefi requires a successful signature check and then hand over -+ to the kernel without calling ExitBootServices. */ -+ grub_dl_t mod; -+ grub_command_t linuxefi_cmd; -+ -+ grub_dprintf ("linux", "Secure Boot enabled: trying linuxefi\n"); -+ -+ mod = grub_dl_load ("linuxefi"); -+ if (mod) -+ { -+ grub_dl_ref (mod); -+ linuxefi_cmd = grub_command_find ("linuxefi"); -+ initrdefi_cmd = grub_command_find ("initrdefi"); -+ if (linuxefi_cmd && initrdefi_cmd) -+ { -+ (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); -+ if (grub_errno == GRUB_ERR_NONE) -+ { -+ grub_dprintf ("linux", "Handing off to linuxefi\n"); -+ using_linuxefi = 1; -+ return GRUB_ERR_NONE; -+ } -+ grub_dprintf ("linux", "linuxefi failed (%d)\n", grub_errno); -+ goto fail; -+ } -+ } -+ } -+#endif -+ - if (argc == 0) - { - grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -1036,6 +1071,12 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), - grub_err_t err; - struct grub_linux_initrd_context initrd_ctx = { 0, 0, 0 }; - -+#ifdef GRUB_MACHINE_EFI -+ /* If we're using linuxefi, just forward to initrdefi. */ -+ if (using_linuxefi && initrdefi_cmd) -+ return (initrdefi_cmd->func) (initrdefi_cmd, argc, argv); -+#endif -+ - if (argc == 0) - { - grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index a237952b3..085ee0524 100644 ---- a/include/grub/efi/efi.h -+++ b/include/grub/efi/efi.h -@@ -47,6 +47,9 @@ EXPORT_FUNC(grub_efi_allocate_fixed) (grub_efi_physical_address_t address, - grub_efi_uintn_t pages); - void * - EXPORT_FUNC(grub_efi_allocate_any_pages) (grub_efi_uintn_t pages); -+void * -+EXPORT_FUNC(grub_efi_allocate_pages_max) (grub_efi_physical_address_t max, -+ grub_efi_uintn_t pages); - void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address, - grub_efi_uintn_t pages); - grub_efi_uintn_t EXPORT_FUNC(grub_efi_find_mmap_size) (void); diff --git a/debian/patches/maybe-quiet.patch b/debian/patches/maybe-quiet.patch index cf987a6d0..063ab287f 100644 --- a/debian/patches/maybe-quiet.patch +++ b/debian/patches/maybe-quiet.patch @@ -1,6 +1,5 @@ -From 2904de3e9a1f2789442813696c3fbbd59b993443 Mon Sep 17 00:00:00 2001 -From: Colin Watson -Date: Mon, 13 Jan 2014 12:13:26 +0000 +From: Didier Roche +Date: Tue, 31 Mar 2020 15:20:15 +0200 Subject: Add configure option to reduce visual clutter at boot time If this option is enabled, then do all of the following: @@ -43,10 +42,11 @@ Patch-Name: maybe-quiet.patch grub-core/normal/main.c | 11 +++++++++++ grub-core/normal/menu.c | 17 +++++++++++++++-- util/grub.d/10_linux.in | 15 +++++++++++---- - 9 files changed, 111 insertions(+), 6 deletions(-) + util/grub.d/10_linux_zfs.in | 9 +++++++-- + 10 files changed, 118 insertions(+), 8 deletions(-) diff --git a/config.h.in b/config.h.in -index 9e8f9911b..d2c4ce8e5 100644 +index 9e8f991..d2c4ce8 100644 --- a/config.h.in +++ b/config.h.in @@ -12,6 +12,8 @@ @@ -59,7 +59,7 @@ index 9e8f9911b..d2c4ce8e5 100644 /* We don't need those. */ #define MINILZO_CFG_SKIP_LZO_PTR 1 diff --git a/configure.ac b/configure.ac -index 1e5abc67d..ea00ccd69 100644 +index 1e5abc6..ea00ccd 100644 --- a/configure.ac +++ b/configure.ac @@ -1857,6 +1857,17 @@ else @@ -92,7 +92,7 @@ index 1e5abc67d..ea00ccd69 100644 echo "*******************************************************" ] diff --git a/grub-core/boot/i386/pc/boot.S b/grub-core/boot/i386/pc/boot.S -index 2bd0b2d28..b0c0f2225 100644 +index 2bd0b2d..b0c0f22 100644 --- a/grub-core/boot/i386/pc/boot.S +++ b/grub-core/boot/i386/pc/boot.S @@ -19,6 +19,9 @@ @@ -124,7 +124,7 @@ index 2bd0b2d28..b0c0f2225 100644 movw $disk_address_packet, %si diff --git a/grub-core/boot/i386/pc/diskboot.S b/grub-core/boot/i386/pc/diskboot.S -index c1addc0df..9b6d7a7ed 100644 +index c1addc0..9b6d7a7 100644 --- a/grub-core/boot/i386/pc/diskboot.S +++ b/grub-core/boot/i386/pc/diskboot.S @@ -18,6 +18,9 @@ @@ -204,7 +204,7 @@ index c1addc0df..9b6d7a7ed 100644 notification_step: .asciz "." diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c -index 9cad0c448..714b63d67 100644 +index 9cad0c4..714b63d 100644 --- a/grub-core/kern/main.c +++ b/grub-core/kern/main.c @@ -264,15 +264,25 @@ reclaim_module_space (void) @@ -247,7 +247,7 @@ index 9cad0c448..714b63d67 100644 grub_rescue_run (); } diff --git a/grub-core/kern/rescue_reader.c b/grub-core/kern/rescue_reader.c -index dcd7d4439..a93524eab 100644 +index dcd7d44..a93524e 100644 --- a/grub-core/kern/rescue_reader.c +++ b/grub-core/kern/rescue_reader.c @@ -78,7 +78,9 @@ grub_rescue_read_line (char **line, int cont, @@ -261,7 +261,7 @@ index dcd7d4439..a93524eab 100644 while (1) { diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c -index 1b03dfd57..0aa389fa1 100644 +index 1b03dfd..0aa389f 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -389,6 +389,15 @@ static grub_err_t @@ -291,7 +291,7 @@ index 1b03dfd57..0aa389fa1 100644 while (1) { diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index 3611ee9ea..ebf5a0f10 100644 +index 3611ee9..ebf5a0f 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -827,12 +827,18 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) @@ -338,7 +338,7 @@ index 3611ee9ea..ebf5a0f10 100644 if (auto_boot) grub_menu_execute_with_fallback (menu, e, autobooted, diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 61335e908..2e4dff9fb 100644 +index cb1cc20..479a8bf 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -21,6 +21,7 @@ prefix="@prefix@" @@ -349,7 +349,7 @@ index 61335e908..2e4dff9fb 100644 . "$pkgdatadir/grub-mkconfig_lib" -@@ -158,10 +159,12 @@ linux_entry () +@@ -162,10 +163,12 @@ linux_entry () fi printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/" fi @@ -364,7 +364,7 @@ index 61335e908..2e4dff9fb 100644 if test -d /sys/firmware/efi && test -e "${linux}.efi.signed"; then sed "s/^/$submenu_indentation/" << EOF linux ${rel_dirname}/${basename}.efi.signed root=${linux_root_device_thisversion} ro ${args} -@@ -173,13 +176,17 @@ EOF +@@ -177,13 +180,17 @@ EOF fi if test -n "${initrd}" ; then # TRANSLATORS: ramdisk isn't identifier. Should be translated. @@ -384,3 +384,37 @@ index 61335e908..2e4dff9fb 100644 initrd $(echo $initrd_path) EOF fi +diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in +index bd4f1a2..3a0e6d1 100755 +--- a/util/grub.d/10_linux_zfs.in ++++ b/util/grub.d/10_linux_zfs.in +@@ -20,6 +20,7 @@ set -e + prefix="@prefix@" + datarootdir="@datarootdir@" + ubuntu_recovery="@UBUNTU_RECOVERY@" ++quiet_boot="@QUIET_BOOT@" + + . "${pkgdatadir}/grub-mkconfig_lib" + +@@ -779,7 +780,9 @@ zfs_linux_entry () { + + echo "$(prepare_grub_to_access_device_cached "${boot_device}" "${submenu_level}")" + +- echo "${submenu_indentation} echo $(gettext_printf "Loading Linux %s ..." ${kernel_version} | grub_quote)" ++ if [ "${quiet_boot}" = 0 ] || [ "${type}" != simple ]; then ++ echo "${submenu_indentation} echo $(gettext_printf "Loading Linux %s ..." ${kernel_version} | grub_quote)" ++ fi + + linux_default_args="${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" + if [ ${type} = "recovery" ]; then +@@ -788,7 +791,9 @@ zfs_linux_entry () { + + echo "${submenu_indentation} linux ${kernel} root=ZFS=${dataset} ro ${linux_default_args} ${kernel_additional_args}" + +- echo "${submenu_indentation} echo '$(gettext_printf "Loading initial ramdisk ..." | grub_quote)'" ++ if [ "${quiet_boot}" = 0 ] || [ "${type}" != simple ]; then ++ echo "${submenu_indentation} echo '$(gettext_printf "Loading initial ramdisk ..." | grub_quote)'" ++ fi + echo "${submenu_indentation} initrd ${initrd}" + echo "${submenu_indentation}}" + } diff --git a/debian/patches/mkconfig-loopback.patch b/debian/patches/mkconfig-loopback.patch index 28054e018..635259066 100644 --- a/debian/patches/mkconfig-loopback.patch +++ b/debian/patches/mkconfig-loopback.patch @@ -1,4 +1,3 @@ -From eac8d3f2f35c3478673698c800b21d425faf6326 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:00 +0000 Subject: Handle filesystems loop-mounted on file images @@ -21,7 +20,7 @@ Patch-Name: mkconfig-loopback.patch 3 files changed, 34 insertions(+) diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index b6606c16e..b05df554d 100644 +index b6606c1..b05df55 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -133,6 +133,22 @@ prepare_grub_to_access_device () @@ -63,7 +62,7 @@ index b6606c16e..b05df554d 100644 grub_get_device_id () diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index dd5a60c71..8c22c79f6 100644 +index f839b3b..d927b60 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -40,6 +40,11 @@ fi @@ -79,7 +78,7 @@ index dd5a60c71..8c22c79f6 100644 esac diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index 96179ea61..9a8d42fb5 100644 +index 96179ea..9a8d42f 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in @@ -40,6 +40,11 @@ fi diff --git a/debian/patches/mkconfig-mid-upgrade.patch b/debian/patches/mkconfig-mid-upgrade.patch index 182d7fec5..53356b2e8 100644 --- a/debian/patches/mkconfig-mid-upgrade.patch +++ b/debian/patches/mkconfig-mid-upgrade.patch @@ -1,4 +1,3 @@ -From d9aea1d0f76bb3e284531a0076c08665fb98b591 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:03 +0000 Subject: Bail out if trying to run grub-mkconfig during upgrade to 2.00 @@ -20,7 +19,7 @@ Patch-Name: mkconfig-mid-upgrade.patch 1 file changed, 7 insertions(+) diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 45cd4cc54..b506d63bf 100644 +index 45cd4cc..b506d63 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -102,6 +102,13 @@ do diff --git a/debian/patches/mkconfig-nonexistent-loopback.patch b/debian/patches/mkconfig-nonexistent-loopback.patch index 4c7e0100b..fb0f830ed 100644 --- a/debian/patches/mkconfig-nonexistent-loopback.patch +++ b/debian/patches/mkconfig-nonexistent-loopback.patch @@ -1,4 +1,3 @@ -From 0207e6937271a475ec2f89fc9f751e138254579d Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:08 +0000 Subject: Avoid getting confused by inaccessible loop device backing paths @@ -14,7 +13,7 @@ Patch-Name: mkconfig-nonexistent-loopback.patch 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in -index b05df554d..fe6319abe 100644 +index b05df55..fe6319a 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -143,7 +143,7 @@ prepare_grub_to_access_device () @@ -27,7 +26,7 @@ index b05df554d..fe6319abe 100644 esac ;; diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 775ceb2e0..b7e1147c4 100644 +index 775ceb2..b7e1147 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -219,6 +219,11 @@ EOF diff --git a/debian/patches/mkconfig-other-inits.patch b/debian/patches/mkconfig-other-inits.patch index 563680b66..455276d02 100644 --- a/debian/patches/mkconfig-other-inits.patch +++ b/debian/patches/mkconfig-other-inits.patch @@ -1,4 +1,3 @@ -From 025817840e1674f9159bb602dde699deec035181 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sat, 3 Jan 2015 12:04:59 +0000 Subject: Generate alternative init entries in advanced menu @@ -18,7 +17,7 @@ Patch-Name: mkconfig-other-inits.patch 2 files changed, 21 insertions(+) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 8a74c677b..0cd4cf5c0 100644 +index 85b3008..dff84ed 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -32,6 +32,7 @@ export TEXTDOMAIN=@PACKAGE@ @@ -29,7 +28,7 @@ index 8a74c677b..0cd4cf5c0 100644 if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then OS=GNU/Linux -@@ -127,6 +128,8 @@ linux_entry () +@@ -131,6 +132,8 @@ linux_entry () case $type in recovery) title="$(gettext_printf "%s, with Linux %s (%s)" "${os}" "${version}" "$(gettext "${GRUB_RECOVERY_TITLE}")")" ;; @@ -38,7 +37,7 @@ index 8a74c677b..0cd4cf5c0 100644 *) title="$(gettext_printf "%s, with Linux %s" "${os}" "${version}")" ;; esac -@@ -381,6 +384,13 @@ while [ "x$list" != "x" ] ; do +@@ -385,6 +388,13 @@ while [ "x$list" != "x" ] ; do linux_entry "${OS}" "${version}" advanced \ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" @@ -53,7 +52,7 @@ index 8a74c677b..0cd4cf5c0 100644 linux_entry "${OS}" "${version}" recovery \ "${GRUB_CMDLINE_LINUX_RECOVERY} ${GRUB_CMDLINE_LINUX}" diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index f2ee0532b..81e5f0d7e 100644 +index f2ee053..81e5f0d 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in @@ -27,6 +27,7 @@ export TEXTDOMAIN=@PACKAGE@ diff --git a/debian/patches/mkconfig-recovery-title.patch b/debian/patches/mkconfig-recovery-title.patch index d4e079d92..1a0bf466e 100644 --- a/debian/patches/mkconfig-recovery-title.patch +++ b/debian/patches/mkconfig-recovery-title.patch @@ -1,4 +1,3 @@ -From 1ff07175f797154b36c322acaf33ec7e562c7502 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:33 +0000 Subject: Add GRUB_RECOVERY_TITLE option @@ -16,12 +15,13 @@ Patch-Name: mkconfig-recovery-title.patch util/grub.d/10_hurd.in | 4 ++-- util/grub.d/10_kfreebsd.in | 2 +- util/grub.d/10_linux.in | 2 +- + util/grub.d/10_linux_zfs.in | 8 ++++---- util/grub.d/10_netbsd.in | 2 +- util/grub.d/20_linux_xen.in | 2 +- - 7 files changed, 17 insertions(+), 7 deletions(-) + 8 files changed, 21 insertions(+), 11 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi -index a835d0ae4..3ec35d315 100644 +index a835d0a..3ec35d3 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -1536,6 +1536,11 @@ a console is restricted or limited. @@ -37,7 +37,7 @@ index a835d0ae4..3ec35d315 100644 The following options are still accepted for compatibility with existing diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index 307214310..9c1da6477 100644 +index 3072143..9c1da64 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -196,6 +196,10 @@ GRUB_ACTUAL_DEFAULT="$GRUB_DEFAULT" @@ -62,7 +62,7 @@ index 307214310..9c1da6477 100644 if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" diff --git a/util/grub.d/10_hurd.in b/util/grub.d/10_hurd.in -index 59a9a48a2..7fa3a3fbd 100644 +index 59a9a48..7fa3a3f 100644 --- a/util/grub.d/10_hurd.in +++ b/util/grub.d/10_hurd.in @@ -88,8 +88,8 @@ hurd_entry () { @@ -77,7 +77,7 @@ index 59a9a48a2..7fa3a3fbd 100644 title="$(gettext_printf "%s, with Hurd %s" "${OS}" "${kernel_base}")" oldtitle="$OS using $kernel_base" diff --git a/util/grub.d/10_kfreebsd.in b/util/grub.d/10_kfreebsd.in -index 9d8e8fd85..8301d361a 100644 +index 9d8e8fd..8301d36 100644 --- a/util/grub.d/10_kfreebsd.in +++ b/util/grub.d/10_kfreebsd.in @@ -76,7 +76,7 @@ kfreebsd_entry () @@ -90,10 +90,10 @@ index 9d8e8fd85..8301d361a 100644 title="$(gettext_printf "%s, with kFreeBSD %s" "${os}" "${version}")" fi diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 174d547bb..ba945582e 100644 +index cc2dd85..2c418c5 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in -@@ -126,7 +126,7 @@ linux_entry () +@@ -130,7 +130,7 @@ linux_entry () if [ x$type != xsimple ] ; then case $type in recovery) @@ -102,8 +102,42 @@ index 174d547bb..ba945582e 100644 *) title="$(gettext_printf "%s, with Linux %s" "${os}" "${version}")" ;; esac +diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in +index 48a4e68..4477fa6 100755 +--- a/util/grub.d/10_linux_zfs.in ++++ b/util/grub.d/10_linux_zfs.in +@@ -957,7 +957,7 @@ generate_grub_menu() { + + GRUB_DISABLE_RECOVERY=${GRUB_DISABLE_RECOVERY:-} + if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then +- title="$(gettext_printf "%s%s, with Linux %s (recovery mode)" "${last_booted_kernel_marker}" "${name}" "${kernel_version}")" ++ title="$(gettext_printf "%s%s, with Linux %s (%s)" "${last_booted_kernel_marker}" "${name}" "${kernel_version}" "$(gettext "${GRUB_RECOVERY_TITLE}")")" + zfs_linux_entry 1 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" + fi + at_least_one_entry=1 +@@ -985,9 +985,9 @@ generate_grub_menu() { + + GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}" + if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then +- title="$(gettext_printf "Revert system only (recovery mode)")" ++ title="$(gettext_printf "Revert system only (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")" + zfs_linux_entry 2 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" +- title="$(gettext_printf "Revert system and user data (recovery mode)")" ++ title="$(gettext_printf "Revert system and user data (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")" + zfs_linux_entry 2 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" "zsys-revert=userdata" + fi + # Non-zsys: boot temporarly on snapshots or rollback (destroying intermediate snapshots) +@@ -997,7 +997,7 @@ generate_grub_menu() { + + GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}" + if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then +- title="$(gettext_printf "One time boot (recovery mode)")" ++ title="$(gettext_printf "One time boot (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")" + zfs_linux_entry 2 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" + fi + diff --git a/util/grub.d/10_netbsd.in b/util/grub.d/10_netbsd.in -index 874f59969..bb29cc046 100644 +index 874f599..bb29cc0 100644 --- a/util/grub.d/10_netbsd.in +++ b/util/grub.d/10_netbsd.in @@ -102,7 +102,7 @@ netbsd_entry () @@ -116,7 +150,7 @@ index 874f59969..bb29cc046 100644 title="$(gettext_printf "%s, with kernel %s (via %s)" "${OS}" "$(echo ${kernel} | sed -e 's,^.*/,,')" "${loader}")" fi diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in -index 9a8d42fb5..f2ee0532b 100644 +index 9a8d42f..f2ee053 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in @@ -105,7 +105,7 @@ linux_entry () diff --git a/debian/patches/mkconfig-signed-kernel.patch b/debian/patches/mkconfig-signed-kernel.patch index d8d9782cc..20d16cc86 100644 --- a/debian/patches/mkconfig-signed-kernel.patch +++ b/debian/patches/mkconfig-signed-kernel.patch @@ -1,6 +1,5 @@ -From 912c4e7152065635c44e433aeee86131e869d54b Mon Sep 17 00:00:00 2001 -From: Colin Watson -Date: Mon, 13 Jan 2014 12:13:21 +0000 +From: Didier Roche +Date: Tue, 31 Mar 2020 15:17:45 +0200 Subject: Generate configuration for signed UEFI kernels if available Forwarded: no @@ -8,14 +7,15 @@ Last-Update: 2013-12-25 Patch-Name: mkconfig-signed-kernel.patch --- - util/grub.d/10_linux.in | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) + util/grub.d/10_linux.in | 15 +++++++++++++++ + util/grub.d/10_linux_zfs.in | 21 +++++++++++++++++++++ + 2 files changed, 36 insertions(+) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index fd87a124d..61335e908 100644 +index 19e4df4..cb1cc20 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in -@@ -161,8 +161,16 @@ linux_entry () +@@ -165,8 +165,16 @@ linux_entry () message="$(gettext_printf "Loading Linux %s ..." ${version})" sed "s/^/$submenu_indentation/" << EOF echo '$(echo "$message" | grub_quote)' @@ -32,7 +32,7 @@ index fd87a124d..61335e908 100644 if test -n "${initrd}" ; then # TRANSLATORS: ramdisk isn't identifier. Should be translated. message="$(gettext_printf "Loading initial ramdisk ...")" -@@ -214,6 +222,13 @@ submenu_indentation="" +@@ -218,6 +226,13 @@ submenu_indentation="" is_top_level=true while [ "x$list" != "x" ] ; do linux=`version_find_latest $list` @@ -46,3 +46,42 @@ index fd87a124d..61335e908 100644 gettext_printf "Found linux image: %s\n" "$linux" >&2 basename=`basename $linux` dirname=`dirname $linux` +diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in +index 7f88e77..bd4f1a2 100755 +--- a/util/grub.d/10_linux_zfs.in ++++ b/util/grub.d/10_linux_zfs.in +@@ -339,6 +339,16 @@ try_default_layout_bpool() { + validate_system_dataset "${candidate_dataset}" "boot" "${mntdir}" "${snapshot_name}" + } + ++# Return if secure boot is enabled on that system ++is_secure_boot_enabled() { ++ if LANG=C mokutil --sb-state 2>/dev/null | grep -qi enabled; then ++ echo "true" ++ return ++ fi ++ echo "false" ++ return ++} ++ + # Given a filesystem or snapshot dataset, returns dataset|machine id|pretty name|last used + # $1 is dataset we want information from + # $2 is the temporary mount directory to use +@@ -412,6 +422,17 @@ get_dataset_info() { + continue + fi + ++ # Filters entry if efi/non efi. ++ # Note that for now we allow kernel without .efi.signed as those are signed kernel ++ # on ubuntu, loaded by the shim. ++ case "${linux}" in ++ *.efi.signed) ++ if [ "$(is_secure_boot_enabled)" = "false" ]; then ++ continue ++ fi ++ ;; ++ esac ++ + linux_basename=$(basename "${linux}") + linux_dirname=$(dirname "${linux}") + version=$(echo "${linux_basename}" | sed -e "s,^[^0-9]*-,,g") diff --git a/debian/patches/mkconfig-ubuntu-distributor.patch b/debian/patches/mkconfig-ubuntu-distributor.patch index 39d3e9e22..078238a70 100644 --- a/debian/patches/mkconfig-ubuntu-distributor.patch +++ b/debian/patches/mkconfig-ubuntu-distributor.patch @@ -1,4 +1,3 @@ -From b81e9404d10f1af1715c0c5f8783d712bf5af660 Mon Sep 17 00:00:00 2001 From: Mario Limonciello Date: Mon, 13 Jan 2014 12:13:14 +0000 Subject: Remove GNU/Linux from default distributor string for Ubuntu @@ -12,11 +11,12 @@ Last-Update: 2013-12-25 Patch-Name: mkconfig-ubuntu-distributor.patch --- - util/grub.d/10_linux.in | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) + util/grub.d/10_linux.in | 9 ++++++++- + util/grub.d/10_linux_zfs.in | 9 ++++++++- + 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 0509ac680..fd87a124d 100644 +index fcd3033..19e4df4 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -32,7 +32,14 @@ CLASS="--class gnu-linux --class gnu --class os" @@ -35,3 +35,23 @@ index 0509ac680..fd87a124d 100644 CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" fi +diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in +index de4d215..7f88e77 100755 +--- a/util/grub.d/10_linux_zfs.in ++++ b/util/grub.d/10_linux_zfs.in +@@ -790,7 +790,14 @@ generate_grub_menu() { + if [ "${GRUB_DISTRIBUTOR}" = "" ] ; then + OS=GNU/Linux + else +- OS="${GRUB_DISTRIBUTOR} GNU/Linux" ++ case ${GRUB_DISTRIBUTOR} in ++ Ubuntu|Kubuntu) ++ OS="${GRUB_DISTRIBUTOR}" ++ ;; ++ *) ++ OS="${GRUB_DISTRIBUTOR} GNU/Linux" ++ ;; ++ esac + CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1 | LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" + fi + diff --git a/debian/patches/mkconfig-ubuntu-recovery.patch b/debian/patches/mkconfig-ubuntu-recovery.patch index a94311883..f65271cd1 100644 --- a/debian/patches/mkconfig-ubuntu-recovery.patch +++ b/debian/patches/mkconfig-ubuntu-recovery.patch @@ -1,9 +1,8 @@ -From 8d20c29dbd3dfb7a475ade30d33b9d9b80069107 Mon Sep 17 00:00:00 2001 -From: Colin Watson -Date: Mon, 13 Jan 2014 12:13:06 +0000 +From: Didier Roche +Date: Tue, 31 Mar 2020 15:16:36 +0200 Subject: "single" -> "recovery" when friendly-recovery is installed MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 +Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit If configured with --enable-ubuntu-recovery, also set nomodeset for @@ -19,11 +18,12 @@ Patch-Name: mkconfig-ubuntu-recovery.patch --- configure.ac | 11 +++++++++++ util/grub.d/10_linux.in | 16 ++++++++++++++-- + util/grub.d/10_linux_zfs.in | 15 +++++++++++++-- util/grub.d/30_os-prober.in | 2 +- - 3 files changed, 26 insertions(+), 3 deletions(-) + 4 files changed, 39 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac -index 7656f2434..1e5abc67d 100644 +index 7656f24..1e5abc6 100644 --- a/configure.ac +++ b/configure.ac @@ -1846,6 +1846,17 @@ fi @@ -45,7 +45,7 @@ index 7656f2434..1e5abc67d 100644 AC_SUBST([FONT_SOURCE]) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 8c22c79f6..0509ac680 100644 +index d927b60..fcd3033 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -20,6 +20,7 @@ set -e @@ -56,7 +56,7 @@ index 8c22c79f6..0509ac680 100644 . "$pkgdatadir/grub-mkconfig_lib" -@@ -84,6 +85,15 @@ esac +@@ -88,6 +89,15 @@ esac title_correction_code= @@ -72,7 +72,7 @@ index 8c22c79f6..0509ac680 100644 linux_entry () { os="$1" -@@ -123,7 +133,9 @@ linux_entry () +@@ -127,7 +137,9 @@ linux_entry () if [ "x$GRUB_GFXPAYLOAD_LINUX" != xtext ]; then echo " load_video" | sed "s/^/$submenu_indentation/" fi @@ -83,7 +83,7 @@ index 8c22c79f6..0509ac680 100644 fi echo " insmod gzio" | sed "s/^/$submenu_indentation/" -@@ -280,7 +292,7 @@ while [ "x$list" != "x" ] ; do +@@ -284,7 +296,7 @@ while [ "x$list" != "x" ] ; do "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then linux_entry "${OS}" "${version}" recovery \ @@ -92,8 +92,55 @@ index 8c22c79f6..0509ac680 100644 fi list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` +diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in +index b24587f..de4d215 100755 +--- a/util/grub.d/10_linux_zfs.in ++++ b/util/grub.d/10_linux_zfs.in +@@ -19,6 +19,7 @@ set -e + + prefix="@prefix@" + datarootdir="@datarootdir@" ++ubuntu_recovery="@UBUNTU_RECOVERY@" + + . "${pkgdatadir}/grub-mkconfig_lib" + +@@ -748,7 +749,9 @@ zfs_linux_entry () { + if [ "${GRUB_GFXPAYLOAD_LINUX}" != "text" ]; then + echo "${submenu_indentation} load_video" + fi +- echo "${submenu_indentation} set gfxpayload=\${linux_gfx_mode}" ++ if [ "${ubuntu_recovery}" = 0 ] || [ "${type}" != "recovery" ]; then ++ echo "${submenu_indentation} set gfxpayload=\${linux_gfx_mode}" ++ fi + fi + + echo "${submenu_indentation} insmod gzio" +@@ -759,7 +762,7 @@ zfs_linux_entry () { + + linux_default_args="${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" + if [ ${type} = "recovery" ]; then +- linux_default_args="single ${GRUB_CMDLINE_LINUX}" ++ linux_default_args="${GRUB_CMDLINE_LINUX_RECOVERY} ${GRUB_CMDLINE_LINUX}" + fi + + echo "${submenu_indentation} linux ${kernel} root=ZFS=${dataset} ro ${linux_default_args} ${kernel_additional_args}" +@@ -791,6 +794,14 @@ generate_grub_menu() { + CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1 | LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" + fi + ++ if [ -x /lib/recovery-mode/recovery-menu ]; then ++ GRUB_CMDLINE_LINUX_RECOVERY=recovery ++ else ++ GRUB_CMDLINE_LINUX_RECOVERY=single ++ fi ++ if [ "${ubuntu_recovery}" = 1 ]; then ++ GRUB_CMDLINE_LINUX_RECOVERY="${GRUB_CMDLINE_LINUX_RECOVERY} nomodeset" ++ fi + + # IFS is set to TAB (ASCII 0x09) + echo "${menu_metadata}" | diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 515a68c7a..775ceb2e0 100644 +index 515a68c..775ceb2 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -220,7 +220,7 @@ EOF diff --git a/debian/patches/mkrescue-efi-modules.patch b/debian/patches/mkrescue-efi-modules.patch index db44eea4a..9bbe782e9 100644 --- a/debian/patches/mkrescue-efi-modules.patch +++ b/debian/patches/mkrescue-efi-modules.patch @@ -1,4 +1,3 @@ -From b1e5197cab859b271d539c8e4a9f2928b23b66b2 Mon Sep 17 00:00:00 2001 From: Mario Limonciello Date: Mon, 13 Jan 2014 12:12:59 +0000 Subject: Build vfat into EFI boot images @@ -14,7 +13,7 @@ Patch-Name: mkrescue-efi-modules.patch 1 file changed, 2 insertions(+) diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c -index ce2cbc4f1..45d6140d3 100644 +index ce2cbc4..45d6140 100644 --- a/util/grub-mkrescue.c +++ b/util/grub-mkrescue.c @@ -750,6 +750,7 @@ main (int argc, char *argv[]) diff --git a/debian/patches/net-read-bracketed-ipv6-addr.patch b/debian/patches/net-read-bracketed-ipv6-addr.patch index 335718d30..7273691c4 100644 --- a/debian/patches/net-read-bracketed-ipv6-addr.patch +++ b/debian/patches/net-read-bracketed-ipv6-addr.patch @@ -1,4 +1,3 @@ -From 9d6491949d9e80faa4ef9f699db08a68b6f0d9ba Mon Sep 17 00:00:00 2001 From: Aaron Miller Date: Thu, 27 Oct 2016 17:39:49 -0400 Subject: net: read bracketed ipv6 addrs and port numbers @@ -9,14 +8,14 @@ number Patch-Name: net-read-bracketed-ipv6-addr.patch --- - grub-core/net/http.c | 21 ++++++++-- - grub-core/net/net.c | 93 +++++++++++++++++++++++++++++++++++++++++--- - grub-core/net/tftp.c | 6 ++- + grub-core/net/http.c | 21 +++++++++--- + grub-core/net/net.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++---- + grub-core/net/tftp.c | 6 +++- include/grub/net.h | 1 + 4 files changed, 110 insertions(+), 11 deletions(-) diff --git a/grub-core/net/http.c b/grub-core/net/http.c -index 5aa4ad3be..f182d7b87 100644 +index 5aa4ad3..f182d7b 100644 --- a/grub-core/net/http.c +++ b/grub-core/net/http.c @@ -312,12 +312,14 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) @@ -74,7 +73,7 @@ index 5aa4ad3be..f182d7b87 100644 file); if (!data->sock) diff --git a/grub-core/net/net.c b/grub-core/net/net.c -index d5d726a31..b917a75d5 100644 +index d5d726a..b917a75 100644 --- a/grub-core/net/net.c +++ b/grub-core/net/net.c @@ -437,6 +437,12 @@ parse_ip6 (const char *val, grub_uint64_t *ip, const char **rest) @@ -211,7 +210,7 @@ index d5d726a31..b917a75d5 100644 } } diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c -index 7d90bf66e..a0817a075 100644 +index 7d90bf6..a0817a0 100644 --- a/grub-core/net/tftp.c +++ b/grub-core/net/tftp.c @@ -314,6 +314,7 @@ tftp_open (struct grub_file *file, const char *filename) @@ -241,7 +240,7 @@ index 7d90bf66e..a0817a075 100644 if (!data->sock) { diff --git a/include/grub/net.h b/include/grub/net.h -index 4a9069a14..cc114286e 100644 +index 4a9069a..cc11428 100644 --- a/include/grub/net.h +++ b/include/grub/net.h @@ -270,6 +270,7 @@ typedef struct grub_net diff --git a/debian/patches/no-devicetree-if-secure-boot.patch b/debian/patches/no-devicetree-if-secure-boot.patch index b8b7bdf50..7471b6276 100644 --- a/debian/patches/no-devicetree-if-secure-boot.patch +++ b/debian/patches/no-devicetree-if-secure-boot.patch @@ -1,4 +1,3 @@ -From 68414261f692279b987ecccb9cb80e4e84d3c1dc Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 24 Apr 2019 10:03:04 -0400 Subject: Forbid the "devicetree" command when Secure Boot is enabled. @@ -17,7 +16,7 @@ Patch-Name: no-devicetree-if-secure-boot.patch 2 files changed, 20 insertions(+) diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c -index 51684914c..092e8e307 100644 +index 5168491..092e8e3 100644 --- a/grub-core/loader/arm/linux.c +++ b/grub-core/loader/arm/linux.c @@ -30,6 +30,10 @@ @@ -47,7 +46,7 @@ index 51684914c..092e8e307 100644 if (!dtb) return grub_errno; diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c -index ee9c5592c..f0c2d91be 100644 +index ee9c559..f0c2d91 100644 --- a/grub-core/loader/efi/fdt.c +++ b/grub-core/loader/efi/fdt.c @@ -123,6 +123,14 @@ grub_cmd_devicetree (grub_command_t cmd __attribute__ ((unused)), diff --git a/debian/patches/no-insmod-on-sb.patch b/debian/patches/no-insmod-on-sb.patch index 28cbe7dcc..efdb784ef 100644 --- a/debian/patches/no-insmod-on-sb.patch +++ b/debian/patches/no-insmod-on-sb.patch @@ -1,4 +1,3 @@ -From 46b1bebed9ab58e5e769a6239dec7a295d9212aa Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Mon, 13 Jan 2014 12:13:09 +0000 Subject: Don't permit loading modules on UEFI secure boot @@ -16,7 +15,7 @@ Patch-Name: no-insmod-on-sb.patch 3 files changed, 42 insertions(+) diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c -index 48eb5e7b6..074dfc3c6 100644 +index 48eb5e7..074dfc3 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c @@ -38,6 +38,10 @@ @@ -47,7 +46,7 @@ index 48eb5e7b6..074dfc3c6 100644 file = grub_file_open (filename, GRUB_FILE_TYPE_GRUB_MODULE); diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c -index 6e1ceb905..96204e39b 100644 +index 6e1ceb9..96204e3 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -273,6 +273,34 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, @@ -86,7 +85,7 @@ index 6e1ceb905..96204e39b 100644 /* Search the mods section from the PE32/PE32+ image. This code uses diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index e90e00dc4..a237952b3 100644 +index e90e00d..a237952 100644 --- a/include/grub/efi/efi.h +++ b/include/grub/efi/efi.h @@ -82,6 +82,7 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var, diff --git a/debian/patches/olpc-prefix-hack.patch b/debian/patches/olpc-prefix-hack.patch index b14c333a2..8755ebd66 100644 --- a/debian/patches/olpc-prefix-hack.patch +++ b/debian/patches/olpc-prefix-hack.patch @@ -1,4 +1,3 @@ -From f268916868b7b2a6b0012a23fb6f434eb208b834 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:12:50 +0000 Subject: Hack prefix for OLPC @@ -11,7 +10,7 @@ Patch-Name: olpc-prefix-hack.patch 1 file changed, 11 insertions(+) diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c -index d483e35ee..8b089b48d 100644 +index d483e35..8b089b4 100644 --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c @@ -76,6 +76,7 @@ grub_exit (void) diff --git a/debian/patches/ppc64el-disable-vsx.patch b/debian/patches/ppc64el-disable-vsx.patch index 83872fc30..ff26d754b 100644 --- a/debian/patches/ppc64el-disable-vsx.patch +++ b/debian/patches/ppc64el-disable-vsx.patch @@ -1,4 +1,3 @@ -From ed02b830bb2ecc1cce75a75f6985fd92e9332365 Mon Sep 17 00:00:00 2001 From: Paulo Flabiano Smorigo Date: Thu, 25 Sep 2014 19:33:39 -0300 Subject: Disable VSX instruction @@ -21,7 +20,7 @@ Patch-Name: ppc64el-disable-vsx.patch 1 file changed, 12 insertions(+) diff --git a/grub-core/kern/powerpc/ieee1275/startup.S b/grub-core/kern/powerpc/ieee1275/startup.S -index 21c884b43..de9a9601a 100644 +index 21c884b..de9a960 100644 --- a/grub-core/kern/powerpc/ieee1275/startup.S +++ b/grub-core/kern/powerpc/ieee1275/startup.S @@ -20,6 +20,8 @@ diff --git a/debian/patches/probe-fusionio.patch b/debian/patches/probe-fusionio.patch index 087384120..c0c634088 100644 --- a/debian/patches/probe-fusionio.patch +++ b/debian/patches/probe-fusionio.patch @@ -1,4 +1,3 @@ -From d13c402298bbee39239f4378e312c128e5fb0a88 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:31 +0000 Subject: Probe FusionIO devices @@ -14,7 +13,7 @@ Patch-Name: probe-fusionio.patch 2 files changed, 32 insertions(+) diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c -index 90d92d3ad..7adc0f30e 100644 +index 90d92d3..7adc0f3 100644 --- a/grub-core/osdep/linux/getroot.c +++ b/grub-core/osdep/linux/getroot.c @@ -950,6 +950,19 @@ grub_util_part_to_disk (const char *os_dev, struct stat *st, @@ -38,7 +37,7 @@ index 90d92d3ad..7adc0f30e 100644 return path; diff --git a/util/deviceiter.c b/util/deviceiter.c -index a4971ef42..dddc50da7 100644 +index a4971ef..dddc50d 100644 --- a/util/deviceiter.c +++ b/util/deviceiter.c @@ -383,6 +383,12 @@ get_nvme_disk_name (char *name, int controller, int namespace) diff --git a/debian/patches/quick-boot-lvm.patch b/debian/patches/quick-boot-lvm.patch index 1679a67da..d9ca7720c 100644 --- a/debian/patches/quick-boot-lvm.patch +++ b/debian/patches/quick-boot-lvm.patch @@ -1,8 +1,7 @@ -From 23e25d42b55a01146a4683c4bc30e821f0366101 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Tue, 30 Oct 2018 15:04:16 -0700 -Subject: If we don't have writable grubenv and we're on EFI, always show the - menu +Subject: If we don't have writable grubenv and we're on EFI, + always show the menu If we don't have writable grubenv, recordfail doesn't work, which means our quickboot behavior - with a timeout of 0 - leaves the user without a @@ -26,7 +25,7 @@ Patch-Name: quick-boot-lvm.patch 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index 674a76140..b7135b655 100644 +index 674a761..b7135b6 100644 --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in @@ -115,7 +115,7 @@ EOF diff --git a/debian/patches/quick-boot.patch b/debian/patches/quick-boot.patch index 9a0b95d83..8c85dd7c2 100644 --- a/debian/patches/quick-boot.patch +++ b/debian/patches/quick-boot.patch @@ -1,4 +1,3 @@ -From 20154f1a5e0606fc488df60ac28a4d186cda22bd Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:28 +0000 Subject: Add configure option to bypass boot menu if possible @@ -23,17 +22,18 @@ Last-Update: 2015-09-04 Patch-Name: quick-boot.patch --- - configure.ac | 11 ++++++ - docs/grub.texi | 14 +++++++ - grub-core/normal/menu.c | 24 ++++++++++++ + configure.ac | 11 +++++++ + docs/grub.texi | 14 +++++++++ + grub-core/normal/menu.c | 24 ++++++++++++++ util/grub-mkconfig.in | 3 +- - util/grub.d/00_header.in | 77 +++++++++++++++++++++++++++++++------ - util/grub.d/10_linux.in | 4 ++ - util/grub.d/30_os-prober.in | 21 ++++++++++ - 7 files changed, 141 insertions(+), 13 deletions(-) + util/grub.d/00_header.in | 77 ++++++++++++++++++++++++++++++++++++++------- + util/grub.d/10_linux.in | 4 +++ + util/grub.d/10_linux_zfs.in | 5 +++ + util/grub.d/30_os-prober.in | 21 +++++++++++++ + 8 files changed, 146 insertions(+), 13 deletions(-) diff --git a/configure.ac b/configure.ac -index ea00ccd69..7dda5bb32 100644 +index ea00ccd..7dda5bb 100644 --- a/configure.ac +++ b/configure.ac @@ -1868,6 +1868,17 @@ else @@ -55,7 +55,7 @@ index ea00ccd69..7dda5bb32 100644 AC_SUBST([FONT_SOURCE]) diff --git a/docs/grub.texi b/docs/grub.texi -index 87795075a..a835d0ae4 100644 +index 8779507..a835d0a 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -1522,6 +1522,20 @@ This option may be set to a list of GRUB module names separated by spaces. @@ -80,7 +80,7 @@ index 87795075a..a835d0ae4 100644 The following options are still accepted for compatibility with existing diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index ebf5a0f10..42c82290d 100644 +index ebf5a0f..42c8229 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -604,6 +604,30 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) @@ -115,7 +115,7 @@ index ebf5a0f10..42c82290d 100644 { pos = grub_term_save_pos (); diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in -index d18bf972f..307214310 100644 +index d18bf97..3072143 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -250,7 +250,8 @@ export GRUB_DEFAULT \ @@ -129,7 +129,7 @@ index d18bf972f..307214310 100644 if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in -index 93a90233e..674a76140 100644 +index 93a9023..674a761 100644 --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in @@ -21,6 +21,8 @@ prefix="@prefix@" @@ -258,7 +258,7 @@ index 93a90233e..674a76140 100644 EOF } diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 2e4dff9fb..51cdb5e1d 100644 +index 479a8bf..2be66c7 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -22,6 +22,7 @@ exec_prefix="@exec_prefix@" @@ -269,7 +269,7 @@ index 2e4dff9fb..51cdb5e1d 100644 . "$pkgdatadir/grub-mkconfig_lib" -@@ -129,6 +130,9 @@ linux_entry () +@@ -133,6 +134,9 @@ linux_entry () else echo "menuentry '$(echo "$os" | grub_quote)' ${CLASS} \$menuentry_id_option 'gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" fi @@ -279,8 +279,31 @@ index 2e4dff9fb..51cdb5e1d 100644 if [ x$type != xrecovery ] ; then save_default_entry | grub_add_tab fi +diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in +index 3a0e6d1..ec4b49d 100755 +--- a/util/grub.d/10_linux_zfs.in ++++ b/util/grub.d/10_linux_zfs.in +@@ -21,6 +21,7 @@ prefix="@prefix@" + datarootdir="@datarootdir@" + ubuntu_recovery="@UBUNTU_RECOVERY@" + quiet_boot="@QUIET_BOOT@" ++quick_boot="@QUICK_BOOT@" + + . "${pkgdatadir}/grub-mkconfig_lib" + +@@ -755,6 +756,10 @@ zfs_linux_entry () { + + echo "${submenu_indentation}menuentry '$(echo "${title}" | grub_quote)' ${CLASS} \${menuentry_id_option} 'gnulinux-${dataset}-${kernel_version}' {" + ++ if [ "${quick_boot}" = 1 ]; then ++ echo "${submenu_indentation} recordfail" ++ fi ++ + if [ "${type}" != "recovery" ] ; then + GRUB_SAVEDEFAULT=${GRUB_SAVEDEFAULT:-} + default_entry="$(save_default_entry)" diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index 271044f59..da5f28876 100644 +index 271044f..da5f288 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -20,12 +20,26 @@ set -e diff --git a/debian/patches/restore-mkdevicemap.patch b/debian/patches/restore-mkdevicemap.patch index f459634ff..b2920db05 100644 --- a/debian/patches/restore-mkdevicemap.patch +++ b/debian/patches/restore-mkdevicemap.patch @@ -1,4 +1,3 @@ -From 2ecd079ed1078da6a26223333d0645dd53ef181a Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:01 +0000 Subject: Restore grub-mkdevicemap @@ -17,9 +16,9 @@ Patch-Name: restore-mkdevicemap.patch Makefile.util.def | 17 + docs/man/grub-mkdevicemap.h2m | 4 + include/grub/util/deviceiter.h | 14 + - util/deviceiter.c | 1021 ++++++++++++++++++++++++++++++++ + util/deviceiter.c | 1021 ++++++++++++++++++++++++++++++++++++++++ util/devicemap.c | 13 + - util/grub-mkdevicemap.c | 181 ++++++ + util/grub-mkdevicemap.c | 181 +++++++ 6 files changed, 1250 insertions(+) create mode 100644 docs/man/grub-mkdevicemap.h2m create mode 100644 include/grub/util/deviceiter.h @@ -28,7 +27,7 @@ Patch-Name: restore-mkdevicemap.patch create mode 100644 util/grub-mkdevicemap.c diff --git a/Makefile.util.def b/Makefile.util.def -index 969d32f00..0029b9000 100644 +index bac85e2..eec1924 100644 --- a/Makefile.util.def +++ b/Makefile.util.def @@ -324,6 +324,23 @@ program = { @@ -57,7 +56,7 @@ index 969d32f00..0029b9000 100644 installdir = sbin; diff --git a/docs/man/grub-mkdevicemap.h2m b/docs/man/grub-mkdevicemap.h2m new file mode 100644 -index 000000000..96cd6ee72 +index 0000000..96cd6ee --- /dev/null +++ b/docs/man/grub-mkdevicemap.h2m @@ -0,0 +1,4 @@ @@ -67,7 +66,7 @@ index 000000000..96cd6ee72 +.BR grub-probe (8) diff --git a/include/grub/util/deviceiter.h b/include/grub/util/deviceiter.h new file mode 100644 -index 000000000..85374978c +index 0000000..8537497 --- /dev/null +++ b/include/grub/util/deviceiter.h @@ -0,0 +1,14 @@ @@ -87,7 +86,7 @@ index 000000000..85374978c +#endif /* ! GRUB_DEVICEITER_MACHINE_UTIL_HEADER */ diff --git a/util/deviceiter.c b/util/deviceiter.c new file mode 100644 -index 000000000..a4971ef42 +index 0000000..a4971ef --- /dev/null +++ b/util/deviceiter.c @@ -0,0 +1,1021 @@ @@ -1114,7 +1113,7 @@ index 000000000..a4971ef42 +} diff --git a/util/devicemap.c b/util/devicemap.c new file mode 100644 -index 000000000..c61864420 +index 0000000..c618644 --- /dev/null +++ b/util/devicemap.c @@ -0,0 +1,13 @@ @@ -1133,7 +1132,7 @@ index 000000000..c61864420 +} diff --git a/util/grub-mkdevicemap.c b/util/grub-mkdevicemap.c new file mode 100644 -index 000000000..c4bbdbf69 +index 0000000..c4bbdbf --- /dev/null +++ b/util/grub-mkdevicemap.c @@ -0,0 +1,181 @@ diff --git a/debian/patches/rhboot-f34-dont-use-int-for-efi-status.patch b/debian/patches/rhboot-f34-dont-use-int-for-efi-status.patch new file mode 100644 index 000000000..cbaabfebb --- /dev/null +++ b/debian/patches/rhboot-f34-dont-use-int-for-efi-status.patch @@ -0,0 +1,24 @@ +From: Peter Jones +Date: Mon, 26 Jun 2017 12:44:59 -0400 +Subject: don't use int for efi status + +(cherry picked from commit eee6d2db7e3a392b8fe134fa75a7e28c9ae8cda5) +Patch-Name: rhboot-f34-dont-use-int-for-efi-status.patch +(cherry picked from commit 3a80091a585e71363cd4f62f93fd48e5631362d2) +--- + grub-core/kern/efi/efi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index d4a4be5..7cf003f 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -167,7 +167,7 @@ grub_reboot (void) + void + grub_exit (int retval) + { +- int rc = GRUB_EFI_LOAD_ERROR; ++ grub_efi_status_t rc = GRUB_EFI_LOAD_ERROR; + + if (retval == 0) + rc = GRUB_EFI_SUCCESS; diff --git a/debian/patches/rhboot-f34-make-exit-take-a-return-code.patch b/debian/patches/rhboot-f34-make-exit-take-a-return-code.patch new file mode 100644 index 000000000..e96246a3f --- /dev/null +++ b/debian/patches/rhboot-f34-make-exit-take-a-return-code.patch @@ -0,0 +1,269 @@ +From: Peter Jones +Date: Wed, 26 Feb 2014 21:49:12 -0500 +Subject: Make "exit" take a return code. + +This adds "exit" with a return code. With this patch, any "exit" +command /may/ include a return code, and on platforms that support +returning with an exit status, we will do so. By default we return the +same exit status we did before this patch. + +Signed-off-by: Peter Jones +(cherry picked from commit ccce3d69ae3eacc7bdc70217304586bd7e74fe1e) +Patch-Name: rhboot-f34-make-exit-take-a-return-code.patch +(cherry picked from commit f58cd1f3cf1cf8bf3ee5f57ae035a14888840448) +--- + grub-core/commands/minicmd.c | 20 ++++++++++++++++---- + grub-core/kern/efi/efi.c | 9 +++++++-- + grub-core/kern/emu/main.c | 2 +- + grub-core/kern/emu/misc.c | 5 +++-- + grub-core/kern/i386/coreboot/init.c | 2 +- + grub-core/kern/i386/qemu/init.c | 2 +- + grub-core/kern/ieee1275/init.c | 2 +- + grub-core/kern/mips/arc/init.c | 2 +- + grub-core/kern/mips/loongson/init.c | 2 +- + grub-core/kern/mips/qemu_mips/init.c | 2 +- + grub-core/kern/misc.c | 11 ++++++++++- + grub-core/kern/uboot/init.c | 6 +++--- + grub-core/kern/xen/init.c | 2 +- + include/grub/misc.h | 2 +- + 14 files changed, 48 insertions(+), 21 deletions(-) + +diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c +index 6bbce31..6d66b7c 100644 +--- a/grub-core/commands/minicmd.c ++++ b/grub-core/commands/minicmd.c +@@ -179,12 +179,24 @@ grub_mini_cmd_lsmod (struct grub_command *cmd __attribute__ ((unused)), + } + + /* exit */ +-static grub_err_t __attribute__ ((noreturn)) ++static grub_err_t + grub_mini_cmd_exit (struct grub_command *cmd __attribute__ ((unused)), +- int argc __attribute__ ((unused)), +- char *argv[] __attribute__ ((unused))) ++ int argc, char *argv[]) + { +- grub_exit (); ++ int retval = -1; ++ unsigned long n; ++ ++ if (argc < 0 || argc > 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); ++ ++ if (argc == 1) ++ { ++ n = grub_strtoul (argv[0], 0, 10); ++ if (n != ~0UL) ++ retval = n; ++ } ++ ++ grub_exit (retval); + /* Not reached. */ + } + +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 88bbd34..d4a4be5 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -165,11 +165,16 @@ grub_reboot (void) + } + + void +-grub_exit (void) ++grub_exit (int retval) + { ++ int rc = GRUB_EFI_LOAD_ERROR; ++ ++ if (retval == 0) ++ rc = GRUB_EFI_SUCCESS; ++ + grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); + efi_call_4 (grub_efi_system_table->boot_services->exit, +- grub_efi_image_handle, GRUB_EFI_SUCCESS, 0, 0); ++ grub_efi_image_handle, rc, 0, 0); + for (;;) ; + } + +diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c +index 425bb96..55ea5a1 100644 +--- a/grub-core/kern/emu/main.c ++++ b/grub-core/kern/emu/main.c +@@ -67,7 +67,7 @@ grub_reboot (void) + } + + void +-grub_exit (void) ++grub_exit (int retval __attribute__((unused))) + { + grub_reboot (); + } +diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c +index dfd8a8e..0ff13bc 100644 +--- a/grub-core/kern/emu/misc.c ++++ b/grub-core/kern/emu/misc.c +@@ -151,9 +151,10 @@ xasprintf (const char *fmt, ...) + + #if !defined (GRUB_MACHINE_EMU) || defined (GRUB_UTIL) + void +-grub_exit (void) ++__attribute__ ((noreturn)) ++grub_exit (int rc) + { +- exit (1); ++ exit (rc < 0 ? 1 : rc); + } + #endif + +diff --git a/grub-core/kern/i386/coreboot/init.c b/grub-core/kern/i386/coreboot/init.c +index 3314f02..36f9134 100644 +--- a/grub-core/kern/i386/coreboot/init.c ++++ b/grub-core/kern/i386/coreboot/init.c +@@ -41,7 +41,7 @@ extern grub_uint8_t _end[]; + extern grub_uint8_t _edata[]; + + void __attribute__ ((noreturn)) +-grub_exit (void) ++grub_exit (int rc __attribute__((unused))) + { + /* We can't use grub_fatal() in this function. This would create an infinite + loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ +diff --git a/grub-core/kern/i386/qemu/init.c b/grub-core/kern/i386/qemu/init.c +index 271b6fb..9fafe98 100644 +--- a/grub-core/kern/i386/qemu/init.c ++++ b/grub-core/kern/i386/qemu/init.c +@@ -42,7 +42,7 @@ extern grub_uint8_t _end[]; + extern grub_uint8_t _edata[]; + + void __attribute__ ((noreturn)) +-grub_exit (void) ++grub_exit (int rc __attribute__((unused))) + { + /* We can't use grub_fatal() in this function. This would create an infinite + loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ +diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c +index 8b089b4..085a6a3 100644 +--- a/grub-core/kern/ieee1275/init.c ++++ b/grub-core/kern/ieee1275/init.c +@@ -71,7 +71,7 @@ grub_addr_t grub_ieee1275_original_stack; + #endif + + void +-grub_exit (void) ++grub_exit (int rc __attribute__((unused))) + { + grub_ieee1275_exit (); + } +diff --git a/grub-core/kern/mips/arc/init.c b/grub-core/kern/mips/arc/init.c +index 3834a14..86b3a25 100644 +--- a/grub-core/kern/mips/arc/init.c ++++ b/grub-core/kern/mips/arc/init.c +@@ -276,7 +276,7 @@ grub_halt (void) + } + + void +-grub_exit (void) ++grub_exit (int rc __attribute__((unused))) + { + GRUB_ARC_FIRMWARE_VECTOR->exit (); + +diff --git a/grub-core/kern/mips/loongson/init.c b/grub-core/kern/mips/loongson/init.c +index 7b96531..dff598c 100644 +--- a/grub-core/kern/mips/loongson/init.c ++++ b/grub-core/kern/mips/loongson/init.c +@@ -304,7 +304,7 @@ grub_halt (void) + } + + void +-grub_exit (void) ++grub_exit (int rc __attribute__((unused))) + { + grub_halt (); + } +diff --git a/grub-core/kern/mips/qemu_mips/init.c b/grub-core/kern/mips/qemu_mips/init.c +index be88b77..8b6c55f 100644 +--- a/grub-core/kern/mips/qemu_mips/init.c ++++ b/grub-core/kern/mips/qemu_mips/init.c +@@ -75,7 +75,7 @@ grub_machine_fini (int flags __attribute__ ((unused))) + } + + void +-grub_exit (void) ++grub_exit (int rc __attribute__((unused))) + { + grub_halt (); + } +diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c +index 83c068d..e742f56 100644 +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -1098,9 +1098,18 @@ grub_abort (void) + grub_getkey (); + } + +- grub_exit (); ++ grub_exit (1); + } + ++#if defined (__clang__) && !defined (GRUB_UTIL) ++/* clang emits references to abort(). */ ++void __attribute__ ((noreturn)) ++abort (void) ++{ ++ grub_abort (); ++} ++#endif ++ + void + grub_fatal (const char *fmt, ...) + { +diff --git a/grub-core/kern/uboot/init.c b/grub-core/kern/uboot/init.c +index 3e33864..be2a5be 100644 +--- a/grub-core/kern/uboot/init.c ++++ b/grub-core/kern/uboot/init.c +@@ -39,9 +39,9 @@ extern grub_size_t grub_total_module_size; + static unsigned long timer_start; + + void +-grub_exit (void) ++grub_exit (int rc) + { +- grub_uboot_return (0); ++ grub_uboot_return (rc < 0 ? 1 : rc); + } + + static grub_uint64_t +@@ -78,7 +78,7 @@ grub_machine_init (void) + if (!ver) + { + /* Don't even have a console to log errors to... */ +- grub_exit (); ++ grub_exit (-1); + } + else if (ver > API_SIG_VERSION) + { +diff --git a/grub-core/kern/xen/init.c b/grub-core/kern/xen/init.c +index 782ca72..708b060 100644 +--- a/grub-core/kern/xen/init.c ++++ b/grub-core/kern/xen/init.c +@@ -584,7 +584,7 @@ grub_machine_init (void) + } + + void +-grub_exit (void) ++grub_exit (int rc __attribute__((unused))) + { + struct sched_shutdown arg; + +diff --git a/include/grub/misc.h b/include/grub/misc.h +index ee48eb7..f9135b6 100644 +--- a/include/grub/misc.h ++++ b/include/grub/misc.h +@@ -334,7 +334,7 @@ int EXPORT_FUNC(grub_vsnprintf) (char *str, grub_size_t n, const char *fmt, + char *EXPORT_FUNC(grub_xasprintf) (const char *fmt, ...) + __attribute__ ((format (GNU_PRINTF, 1, 2))) WARN_UNUSED_RESULT; + char *EXPORT_FUNC(grub_xvasprintf) (const char *fmt, va_list args) WARN_UNUSED_RESULT; +-void EXPORT_FUNC(grub_exit) (void) __attribute__ ((noreturn)); ++void EXPORT_FUNC(grub_exit) (int rc) __attribute__ ((noreturn)); + grub_uint64_t EXPORT_FUNC(grub_divmod64) (grub_uint64_t n, + grub_uint64_t d, + grub_uint64_t *r); diff --git a/debian/patches/rhboot-f34-make-pmtimer-tsc-calibration-fast.patch b/debian/patches/rhboot-f34-make-pmtimer-tsc-calibration-fast.patch new file mode 100644 index 000000000..2b9351952 --- /dev/null +++ b/debian/patches/rhboot-f34-make-pmtimer-tsc-calibration-fast.patch @@ -0,0 +1,214 @@ +From: Peter Jones +Date: Tue, 7 Nov 2017 17:12:17 -0500 +Subject: Make pmtimer tsc calibration not take 51 seconds to fail. + +On my laptop running at 2.4GHz, if I run a VM where tsc calibration +using pmtimer will fail presuming a broken pmtimer, it takes ~51 seconds +to do so (as measured with the stopwatch on my phone), with a tsc delta +of 0x1cd1c85300, or around 125 billion cycles. + +If instead of trying to wait for 5-200ms to show up on the pmtimer, we try +to wait for 5-200us, it decides it's broken in ~0x2626aa0 TSCs, aka ~2.4 +million cycles, or more or less instantly. + +Additionally, this reading the pmtimer was returning 0xffffffff anyway, +and that's obviously an invalid return. I've added a check for that and +0 so we don't bother waiting for the test if what we're seeing is dead +pins with no response at all. + +If "debug" is includes "pmtimer", you will see one of the following +three outcomes. If pmtimer gives all 0 or all 1 bits, you will see: + +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 1 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 2 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 3 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 4 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 5 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 6 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 7 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 8 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 9 +kern/i386/tsc_pmtimer.c:77: pmtimer: 0xffffff bad_reads: 10 +kern/i386/tsc_pmtimer.c:78: timer is broken; giving up. + +This outcome was tested using qemu+kvm with UEFI (OVMF) firmware and +these options: -machine pc-q35-2.10 -cpu Broadwell-noTSX + +If pmtimer gives any other bit patterns but is not actually marching +forward fast enough to use for clock calibration, you will see: + +kern/i386/tsc_pmtimer.c:121: pmtimer delta is 0x0 (1904 iterations) +kern/i386/tsc_pmtimer.c:124: tsc delta is implausible: 0x2626aa0 + +This outcome was tested using grub compiled with GRUB_PMTIMER_IGNORE_BAD_READS +defined (so as not to trip the bad read test) using qemu+kvm with UEFI +(OVMF) firmware, and these options: -machine pc-q35-2.10 -cpu Broadwell-noTSX + +If pmtimer actually works, you'll see something like: + +kern/i386/tsc_pmtimer.c:121: pmtimer delta is 0x0 (1904 iterations) +kern/i386/tsc_pmtimer.c:124: tsc delta is implausible: 0x2626aa0 + +This outcome was tested using qemu+kvm with UEFI (OVMF) firmware, and +these options: -machine pc-i440fx-2.4 -cpu Broadwell-noTSX + +I've also tested this outcome on a real Intel Xeon E3-1275v3 on an Intel +Server Board S1200V3RPS using the SDV.RP.B8 "Release" build here: +https://firmware.intel.com/sites/default/files/UEFIDevKit_S1200RP_vB8.zip + +Signed-off-by: Peter Jones +(cherry picked from commit cf0448d61e00acb548f8f22d57ba6e4f3b37f394) + +Patch-Name: rhboot-f34-make-pmtimer-tsc-calibration-fast.patch +(cherry picked from commit ecea6495041ee81331d245cf25ac53d66f07561c) +--- + grub-core/kern/i386/tsc_pmtimer.c | 109 +++++++++++++++++++++++++++++++------- + 1 file changed, 89 insertions(+), 20 deletions(-) + +diff --git a/grub-core/kern/i386/tsc_pmtimer.c b/grub-core/kern/i386/tsc_pmtimer.c +index c9c3616..ca15c3a 100644 +--- a/grub-core/kern/i386/tsc_pmtimer.c ++++ b/grub-core/kern/i386/tsc_pmtimer.c +@@ -28,40 +28,101 @@ + #include + #include + ++/* ++ * Define GRUB_PMTIMER_IGNORE_BAD_READS if you're trying to test a timer that's ++ * present but doesn't keep time well. ++ */ ++// #define GRUB_PMTIMER_IGNORE_BAD_READS ++ + grub_uint64_t + grub_pmtimer_wait_count_tsc (grub_port_t pmtimer, + grub_uint16_t num_pm_ticks) + { + grub_uint32_t start; +- grub_uint32_t last; +- grub_uint32_t cur, end; ++ grub_uint64_t cur, end; + grub_uint64_t start_tsc; + grub_uint64_t end_tsc; +- int num_iter = 0; ++ unsigned int num_iter = 0; ++#ifndef GRUB_PMTIMER_IGNORE_BAD_READS ++ int bad_reads = 0; ++#endif + +- start = grub_inl (pmtimer) & 0xffffff; +- last = start; ++ /* ++ * Some timers are 24-bit and some are 32-bit, but it doesn't make much ++ * difference to us. Caring which one we have isn't really worth it since ++ * the low-order digits will give us enough data to calibrate TSC. So just ++ * mask the top-order byte off. ++ */ ++ cur = start = grub_inl (pmtimer) & 0xffffffUL; + end = start + num_pm_ticks; + start_tsc = grub_get_tsc (); + while (1) + { +- cur = grub_inl (pmtimer) & 0xffffff; +- if (cur < last) +- cur |= 0x1000000; +- num_iter++; ++ cur &= 0xffffffffff000000ULL; ++ cur |= grub_inl (pmtimer) & 0xffffffUL; ++ ++ end_tsc = grub_get_tsc(); ++ ++#ifndef GRUB_PMTIMER_IGNORE_BAD_READS ++ /* ++ * If we get 10 reads in a row that are obviously dead pins, there's no ++ * reason to do this thousands of times. ++ */ ++ if (cur == 0xffffffUL || cur == 0) ++ { ++ bad_reads++; ++ grub_dprintf ("pmtimer", ++ "pmtimer: 0x%"PRIxGRUB_UINT64_T" bad_reads: %d\n", ++ cur, bad_reads); ++ grub_dprintf ("pmtimer", "timer is broken; giving up.\n"); ++ ++ if (bad_reads == 10) ++ return 0; ++ } ++#endif ++ ++ if (cur < start) ++ cur += 0x1000000; ++ + if (cur >= end) + { +- end_tsc = grub_get_tsc (); ++ grub_dprintf ("pmtimer", "pmtimer delta is 0x%"PRIxGRUB_UINT64_T"\n", ++ cur - start); ++ grub_dprintf ("pmtimer", "tsc delta is 0x%"PRIxGRUB_UINT64_T"\n", ++ end_tsc - start_tsc); + return end_tsc - start_tsc; + } +- /* Check for broken PM timer. +- 50000000 TSCs is between 5 ms (10GHz) and 200 ms (250 MHz) +- if after this time we still don't have 1 ms on pmtimer, then +- pmtimer is broken. ++ ++ /* ++ * Check for broken PM timer. 1ms at 10GHz should be 1E+7 TSCs; at ++ * 250MHz it should be 2.5E6. So if after 4E+7 TSCs on a 10GHz machine, ++ * we should have seen pmtimer show 4ms of change (i.e. cur =~ ++ * start+14320); on a 250MHz machine that should be 16ms (start+57280). ++ * If after this a time we still don't have 1ms on pmtimer, then pmtimer ++ * is broken. ++ * ++ * Likewise, if our code is perfectly efficient and introduces no delays ++ * whatsoever, on a 10GHz system we should see a TSC delta of 3580 in ++ * ~3580 iterations. On a 250MHz machine that should be ~900 iterations. ++ * ++ * With those factors in mind, there are two limits here. There's a hard ++ * limit here at 8x our desired pm timer delta, picked as an arbitrarily ++ * large value that's still not a lot of time to humans, because if we ++ * get that far this is either an implausibly fast machine or the pmtimer ++ * is not running. And there's another limit on 4x our 10GHz tsc delta ++ * without seeing cur converge on our target value. + */ +- if ((num_iter & 0xffffff) == 0 && grub_get_tsc () - start_tsc > 5000000) { +- return 0; +- } ++ if ((++num_iter > (grub_uint32_t)num_pm_ticks << 3UL) || ++ end_tsc - start_tsc > 40000000) ++ { ++ grub_dprintf ("pmtimer", ++ "pmtimer delta is 0x%"PRIxGRUB_UINT64_T" (%u iterations)\n", ++ cur - start, num_iter); ++ grub_dprintf ("pmtimer", ++ "tsc delta is implausible: 0x%"PRIxGRUB_UINT64_T"\n", ++ end_tsc - start_tsc); ++ return 0; ++ } + } + } + +@@ -74,12 +135,20 @@ grub_tsc_calibrate_from_pmtimer (void) + + fadt = grub_acpi_find_fadt (); + if (!fadt) +- return 0; ++ { ++ grub_dprintf ("pmtimer", "No FADT found; not using pmtimer.\n"); ++ return 0; ++ } + pmtimer = fadt->pmtimer; + if (!pmtimer) +- return 0; ++ { ++ grub_dprintf ("pmtimer", "FADT does not specify pmtimer; skipping.\n"); ++ return 0; ++ } + +- /* It's 3.579545 MHz clock. Wait 1 ms. */ ++ /* ++ * It's 3.579545 MHz clock. Wait 1 ms. ++ */ + tsc_diff = grub_pmtimer_wait_count_tsc (pmtimer, 3580); + if (tsc_diff == 0) + return 0; diff --git a/debian/patches/series b/debian/patches/series index 9a09d2796..85cc35c47 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -4,6 +4,7 @@ dpkg-version-comparison.patch grub-legacy-0-based-partitions.patch disable-floppies.patch grub.cfg-400.patch +ubuntu-zfs-enhance-support.patch gfxpayload-keep-default.patch install-stage2-confusion.patch mkrescue-efi-modules.patch @@ -20,9 +21,8 @@ default-grub-d.patch blacklist-1440x900x32.patch uefi-firmware-setup.patch mkconfig-ubuntu-distributor.patch -linuxefi.patch mkconfig-signed-kernel.patch -install-signed.patch +ubuntu-install-signed.patch sleep-shift.patch wubi-no-windows.patch maybe-quiet.patch @@ -39,7 +39,7 @@ ieee1275-clear-reset.patch ppc64el-disable-vsx.patch grub-install-pvxen-paths.patch insmod-xzio-and-lzopio-on-xen.patch -grub-install-extra-removable.patch +ubuntu-grub-install-extra-removable.patch mkconfig-other-inits.patch zpool-full-device-name.patch net-read-bracketed-ipv6-addr.patch @@ -48,7 +48,6 @@ efinet-uefi-ipv6-pxe-support.patch bootp-process-dhcpack-http-boot.patch efinet-set-network-from-uefi-devpath.patch efinet-set-dns-from-uefi-proto.patch -fix-lockdown.patch skip-grub_cmd_set_date.patch bash-completion-drop-have-checks.patch at_keyboard-module-init.patch @@ -56,4 +55,66 @@ uefi-secure-boot-cryptomount.patch vsnprintf-upper-case-hex.patch efi-variable-storage-minimise-writes.patch no-devicetree-if-secure-boot.patch -grub-install-removable-shim.patch +ubuntu-linuxefi.patch +ubuntu-efi-console-set-text-mode-as-needed.patch +ubuntu-support-initrd-less-boot.patch +ubuntu-shorter-version-info.patch +ubuntu-add-initrd-less-boot-fallback.patch +ubuntu-mkconfig-leave-breadcrumbs.patch +ubuntu-fix-lzma-decompressor-objcopy.patch +ubuntu-temp-keep-auto-nvram.patch +ubuntu-add-devicetree-command-support.patch +ubuntu-boot-from-multipath-dependent-symlink.patch +ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch +ubuntu-tpm-unknown-error-non-fatal.patch +ubuntu-efi-allow-loopmount-chainload.patch +cherrypick-lsefisystab-define-smbios3.patch +cherrypick-smbios-module.patch +cherrypick-lsefisystab-show-dtb.patch +0074-uefi-firmware-rename-fwsetup-menuentry-to-UEFI-Firmw.patch +0075-smbios-Add-a-linux-argument-to-apply-linux-modalias-.patch +0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch +0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch +ubuntu-resilient-boot-ignore-alternative-esps.patch +ubuntu-resilient-boot-boot-order.patch +ubuntu-speed-zsys-history.patch +0081-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch +0082-safemath-Add-some-arithmetic-primitives-that-check-f.patch +0083-calloc-Make-sure-we-always-have-an-overflow-checking.patch +0084-calloc-Use-calloc-at-most-places.patch +0085-malloc-Use-overflow-checking-primitives-where-we-do-.patch +0086-iso9660-Don-t-leak-memory-on-realloc-failures.patch +0087-font-Do-not-load-more-than-one-NAME-section.patch +0088-gfxmenu-Fix-double-free-in-load_image.patch +0089-lzma-Make-sure-we-don-t-dereference-past-array.patch +0090-tftp-Do-not-use-priority-queue.patch +0091-script-Remove-unused-fields-from-grub_script_functio.patch +0092-script-Avoid-a-use-after-free-when-redefining-a-func.patch +0093-hfsplus-fix-two-more-overflows.patch +0094-lvm-fix-two-more-potential-data-dependent-alloc-over.patch +0095-efi-fix-some-malformed-device-path-arithmetic-errors.patch +0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch +0097-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch +0098-efi-Fix-use-after-free-in-halt-reboot-path.patch +0099-chainloader-Avoid-a-double-free-when-validation-fail.patch +0100-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch +0101-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch +0102-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch +0103-linux-loader-avoid-overflow-on-initrd-size-calculati.patch +0104-linux-Fix-integer-overflows-in-initrd-size-handling.patch +0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch +ubuntu-flavour-order.patch +ubuntu-dont-verify-loopback-images.patch +ubuntu-recovery-dis_ucode_ldr.patch +grub-install-backup-and-restore.patch +ubuntu-linuxefi-arm64.patch +ubuntu-linuxefi-arm64-set-base-addr.patch +tftp-rollover-block-counter.patch +rhboot-f34-make-exit-take-a-return-code.patch +rhboot-f34-dont-use-int-for-efi-status.patch +rhboot-f34-make-pmtimer-tsc-calibration-fast.patch +cherry-fix-crash-on-http.patch +ubuntu-add-initrd-less-boot-messages.patch +0241-Call-hwmatch-only-on-the-grub-pc-platform.patch +linux_xen-Properly-load-multiple-initrd-files.patch +linux_xen-Properly-order-multiple-initrd-files.patch diff --git a/debian/patches/skip-grub_cmd_set_date.patch b/debian/patches/skip-grub_cmd_set_date.patch index 6d17b4257..8f7aa113d 100644 --- a/debian/patches/skip-grub_cmd_set_date.patch +++ b/debian/patches/skip-grub_cmd_set_date.patch @@ -1,4 +1,3 @@ -From badf90fb559ecdb1beca8a994995816b00ccbfbb Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 28 Oct 2018 19:45:56 +0000 Subject: Skip flaky grub_cmd_set_date test @@ -12,7 +11,7 @@ Patch-Name: skip-grub_cmd_set_date.patch 1 file changed, 3 insertions(+) diff --git a/tests/grub_cmd_set_date.in b/tests/grub_cmd_set_date.in -index aac120a6c..1bb5be4ca 100644 +index aac120a..1bb5be4 100644 --- a/tests/grub_cmd_set_date.in +++ b/tests/grub_cmd_set_date.in @@ -1,6 +1,9 @@ diff --git a/debian/patches/sleep-shift.patch b/debian/patches/sleep-shift.patch index b6065a93a..5338d9fa7 100644 --- a/debian/patches/sleep-shift.patch +++ b/debian/patches/sleep-shift.patch @@ -1,4 +1,3 @@ -From 44bedf4e397054ada7cb7f5855f8a73ba5c3ebcb Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:23 +0000 Subject: Allow Shift to interrupt 'sleep --interruptible' @@ -17,7 +16,7 @@ Patch-Name: sleep-shift.patch 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/grub-core/commands/sleep.c b/grub-core/commands/sleep.c -index e77e7900f..3906b1410 100644 +index e77e790..3906b14 100644 --- a/grub-core/commands/sleep.c +++ b/grub-core/commands/sleep.c @@ -46,6 +46,31 @@ do_print (int n) @@ -62,7 +61,7 @@ index e77e7900f..3906b1410 100644 return 0; diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c -index d5e0c79a7..3611ee9ea 100644 +index d5e0c79..3611ee9 100644 --- a/grub-core/normal/menu.c +++ b/grub-core/normal/menu.c @@ -615,8 +615,27 @@ run_menu (grub_menu_t menu, int nested, int *auto_boot) diff --git a/debian/patches/tftp-rollover-block-counter.patch b/debian/patches/tftp-rollover-block-counter.patch new file mode 100644 index 000000000..9deac6888 --- /dev/null +++ b/debian/patches/tftp-rollover-block-counter.patch @@ -0,0 +1,79 @@ +From: Javier Martinez Canillas +Date: Thu, 10 Sep 2020 17:17:57 +0200 +Subject: tftp: Roll-over block counter to prevent data packets timeouts + +Commit 781b3e5efc3 (tftp: Do not use priority queue) caused a regression +when fetching files over TFTP whose size is bigger than 65535 * block size. + + grub> linux /images/pxeboot/vmlinuz + grub> echo $? + 0 + grub> initrd /images/pxeboot/initrd.img + error: timeout reading '/images/pxeboot/initrd.img'. + grub> echo $? + 28 + +It is caused by the block number counter being a 16-bit field, which leads +to a maximum file size of ((1 << 16) - 1) * block size. Because GRUB sets +the block size to 1024 octets (by using the TFTP Blocksize Option from RFC +2348 [0]), the maximum file size that can be transferred is 67107840 bytes. + +The TFTP PROTOCOL (REVISION 2) RFC 1350 [1] does not mention what a client +should do when a file size is bigger than the maximum, but most TFTP hosts +support the block number counter to be rolled over. That is, acking a data +packet with a block number of 0 is taken as if the 65356th block was acked. + +It was working before because the block counter roll-over was happening due +an overflow. But that got fixed by the mentioned commit, which led to the +regression when attempting to fetch files larger than the maximum size. + +To allow TFTP file transfers of unlimited size again, re-introduce a block +counter roll-over so the data packets are acked preventing the timeouts. + +[0]: https://tools.ietf.org/html/rfc2348 +[1]: https://tools.ietf.org/html/rfc1350 + +Fixes: 781b3e5efc3 (tftp: Do not use priority queue) + +Suggested-by: Peter Jones +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper + +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1900773 +Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a6838bbc6726ad624bd2b94991f690b8e9d23c69 +Last-Updated: 2020-11-09 +Patch-Name: tftp-rollover-block-counter.patch +--- + grub-core/net/tftp.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index e6566fa..33c0b82 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -183,11 +183,22 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + return GRUB_ERR_NONE; + } + +- /* Ack old/retransmitted block. */ +- if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1) ++ /* ++ * Ack old/retransmitted block. ++ * ++ * The block number is a 16-bit counter, thus the maximum file size that ++ * could be transfered is 65535 * block size. Most TFTP hosts support to ++ * roll-over the block counter to allow unlimited transfer file size. ++ * ++ * This behavior is not defined in the RFC 1350 [0] but is implemented by ++ * most TFTP clients and hosts. ++ * ++ * [0]: https://tools.ietf.org/html/rfc1350 ++ */ ++ if (grub_be_to_cpu16 (tftph->u.data.block) < ((grub_uint16_t) (data->block + 1))) + ack (data, grub_be_to_cpu16 (tftph->u.data.block)); + /* Ignore unexpected block. */ +- else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1) ++ else if (grub_be_to_cpu16 (tftph->u.data.block) > ((grub_uint16_t) (data->block + 1))) + grub_dprintf ("tftp", "TFTP unexpected block # %d\n", tftph->u.data.block); + else + { diff --git a/debian/patches/ubuntu-add-devicetree-command-support.patch b/debian/patches/ubuntu-add-devicetree-command-support.patch new file mode 100644 index 000000000..92ed3f7fd --- /dev/null +++ b/debian/patches/ubuntu-add-devicetree-command-support.patch @@ -0,0 +1,51 @@ +From: Dimitri John Ledkov +Date: Wed, 22 May 2019 19:57:29 +0100 +Subject: Add devicetree command, if a dtb is present. + +Specically support dtb paths as installed by flash-kernel. + +Signed-off-by: Dimitri John Ledkov +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929427 +Bug-Upstream: https://lists.gnu.org/archive/html/grub-devel/2019-05/msg00121.html +Patch-Name: ubuntu-add-devicetree-command-support.patch +--- + util/grub.d/10_linux.in | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index af1e096..bbf5d73 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -254,6 +254,17 @@ EOF + EOF + fi + fi ++ if test -n "${dtb}" ; then ++ if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then ++ message="$(gettext_printf "Loading device tree blob...")" ++ sed "s/^/$submenu_indentation/" << EOF ++ echo '$(echo "$message" | grub_quote)' ++EOF ++ fi ++ sed "s/^/$submenu_indentation/" << EOF ++ devicetree ${rel_dirname}/${dtb} ++EOF ++ fi + fi + sed "s/^/$submenu_indentation/" << EOF + } +@@ -389,6 +400,14 @@ while [ "x$list" != "x" ] ; do + gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 + fi + ++ dtb= ++ for i in "dtb-${version}" "dtb-${alt_version}" "dtb"; do ++ if test -e "${dirname}/${i}" ; then ++ dtb="$i" ++ break ++ fi ++ done ++ + config= + for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do + if test -e "${i}" ; then diff --git a/debian/patches/ubuntu-add-initrd-less-boot-fallback.patch b/debian/patches/ubuntu-add-initrd-less-boot-fallback.patch new file mode 100644 index 000000000..270a20fc2 --- /dev/null +++ b/debian/patches/ubuntu-add-initrd-less-boot-fallback.patch @@ -0,0 +1,214 @@ +From: Chris Glass +Date: Fri, 9 Mar 2018 13:47:07 +0100 +Subject: UBUNTU: Added initrd-less boot capabilities. + +In case the kernel fails to boot without an initrd, grub will fallback +to trying to boot the kernel with an initrd. + +Signed-off-by: Steve Langasek + +Patch-Name: ubuntu-add-initrd-less-boot-fallback.patch +--- + Makefile.am | 3 ++ + configure.ac | 10 +++++++ + grub-initrd-fallback.service | 14 +++++++++ + util/grub.d/00_header.in | 27 ++++++++++++++++++ + util/grub.d/10_linux.in | 68 +++++++++++++++++++++++++++++++++----------- + 5 files changed, 106 insertions(+), 16 deletions(-) + create mode 100644 grub-initrd-fallback.service + +diff --git a/Makefile.am b/Makefile.am +index 1f4bb9b..e6a2207 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -473,6 +473,9 @@ ChangeLog: FORCE + touch $@; \ + fi + ++systemdsystemunit_DATA = \ ++ grub-initrd-fallback.service ++ + EXTRA_DIST += ChangeLog ChangeLog-2015 + + syslinux_test: $(top_builddir)/config.status tests/syslinux/ubuntu10.04_grub.cfg +diff --git a/configure.ac b/configure.ac +index 8832455..1819188 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -305,6 +305,16 @@ AC_SUBST(grubdirname) + AC_DEFINE_UNQUOTED(GRUB_DIR_NAME, "$grubdirname", + [Default grub directory name]) + ++##### systemd unit files ++AC_ARG_WITH([systemdsystemunitdir], ++ AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]), ++ [], ++ [with_systemdsystemunitdir=/usr/lib/systemd/system], ++ [with_systemdsystemunitdir=no]) ++if test "x$with_systemdsystemunitdir" != xno; then ++ AC_SUBST([systemdsystemunitdir], [$with_systemdsystemunitdir]) ++fi ++ + # + # Checks for build programs. + # +diff --git a/grub-initrd-fallback.service b/grub-initrd-fallback.service +new file mode 100644 +index 0000000..1a0a4e5 +--- /dev/null ++++ b/grub-initrd-fallback.service +@@ -0,0 +1,14 @@ ++[Unit] ++Description=GRUB failed boot detection ++After=local-fs.target ++After=grub-common.service ++After=sleep.target ++ ++[Service] ++Type=oneshot ++ExecStart=/usr/bin/grub-editenv /boot/grub/grubenv unset initrdfail ++ExecStart=/usr/bin/grub-editenv /boot/grub/grubenv unset prev_entry ++TimeoutSec=0 ++ ++[Install] ++WantedBy=multi-user.target rescue.target emergency.target sleep.target +diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in +index b7135b6..2642f66 100644 +--- a/util/grub.d/00_header.in ++++ b/util/grub.d/00_header.in +@@ -50,6 +50,18 @@ if [ -s \$prefix/grubenv ]; then + load_env + fi + EOF ++cat < +Date: Mon, 26 Oct 2020 11:38:34 +0000 +Subject: Ubuntu: add initrd-less-boot informational messages + +Add additional messages when initrd-less boot is attempted or +fails. As otherwise it is not obvious why boot seems to panic and +reboot by default. +--- + grub-initrd-fallback.service | 1 + + util/grub.d/10_linux.in | 10 ++++++++++ + 2 files changed, 11 insertions(+) + +diff --git a/grub-initrd-fallback.service b/grub-initrd-fallback.service +index 1a0a4e5..59d1a62 100644 +--- a/grub-initrd-fallback.service ++++ b/grub-initrd-fallback.service +@@ -3,6 +3,7 @@ Description=GRUB failed boot detection + After=local-fs.target + After=grub-common.service + After=sleep.target ++ConditionPathExists=/boot/grub/grub.cfg + + [Service] + Type=oneshot +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 49e6272..47daf51 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -160,6 +160,12 @@ if [ "$vt_handoff" = 1 ]; then + fi + + if [ x"$GRUB_FORCE_PARTUUID" != x ]; then ++ gettext_printf "GRUB_FORCE_PARTUUID is set, will attempt initrdless boot\n" >&2 ++ cat << EOF ++# ++# GRUB_FORCE_PARTUUID is set, will attempt initrdless boot ++# Upon panic fallback to booting with initrd ++EOF + echo "set partuuid=${GRUB_FORCE_PARTUUID}" + fi + +@@ -245,6 +251,8 @@ EOF + linux_root_device_thisversion="PARTUUID=${GRUB_FORCE_PARTUUID}" + fi + message="$(gettext_printf "Loading initial ramdisk ...")" ++ initrdlessfail_msg="$(gettext_printf "GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.")" ++ initrdlesstry_msg="$(gettext_printf "GRUB_FORCE_PARTUUID set, attempting initrdless boot.")" + initrd_path= + for i in ${initrd}; do + initrd_path="${initrd_path} ${rel_dirname}/${i}" +@@ -256,6 +264,7 @@ EOF + if test -n "${initrd}" && [ x"$GRUB_FORCE_PARTUUID" != x ]; then + sed "s/^/$submenu_indentation/" << EOF + if [ "\${initrdfail}" = 1 ]; then ++ echo '$(echo "$initrdlessfail_msg" | grub_quote)' + linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} + EOF + if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then +@@ -266,6 +275,7 @@ EOF + sed "s/^/$submenu_indentation/" << EOF + initrd $(echo $initrd_path) + else ++ echo '$(echo "$initrdlesstry_msg" | grub_quote)' + linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} panic=-1 + EOF + if [ -n "$initrd_path_only_early" ]; then diff --git a/debian/patches/ubuntu-boot-from-multipath-dependent-symlink.patch b/debian/patches/ubuntu-boot-from-multipath-dependent-symlink.patch new file mode 100644 index 000000000..5a5f88c10 --- /dev/null +++ b/debian/patches/ubuntu-boot-from-multipath-dependent-symlink.patch @@ -0,0 +1,68 @@ +From: Michael Hudson-Doyle +Date: Tue, 6 Aug 2019 12:31:47 +1200 +Subject: UBUNTU: Boot from multipath-dependent symlink when / is multipathed. + +If / is multipathed, there will be multiple paths to the partition, so +using root=UUID= exposes the boot process to udev races. In addition +grub-probe --target device / in this case reports /dev/dm-1 or similar +-- better to use a symlink that depends on the multipath name. + +Signed-off-by: Michael Hudson-Doyle +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1429327 +Patch-Name: ubuntu-boot-from-multipath-dependent-symlink.patch +--- + util/grub.d/10_linux.in | 41 +++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 41 insertions(+) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index bbf5d73..14a89ba 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -65,6 +65,47 @@ esac + # older kernels. + GRUB_DISABLE_LINUX_PARTUUID=${GRUB_DISABLE_LINUX_PARTUUID-true} + ++# get_dm_field_for_dev /dev/dm-0 uuid -> get the device mapper UUID for /dev/dm-0 ++# get_dm_field_for_dev /dev/dm-1 name -> get the device mapper name for /dev/dm-1 ++# etc ++get_dm_field_for_dev () { ++ dmsetup info -c --noheadings -o $2 $1 2>/dev/null ++} ++ ++# Is $1 a multipath device? ++is_multipath () { ++ local dmuuid dmtype ++ dmuuid="$(get_dm_field_for_dev $1 uuid)" ++ if [ $? -ne 0 ]; then ++ # Not a device mapper device -- or dmsetup not installed, and as ++ # multipath depends on kpartx which depends on dmsetup, if there is no ++ # dmsetup then there are not going to be any multipath devices. ++ return 1 ++ fi ++ # A device mapper "uuid" is always -. If is of the form ++ # part[0-9] then is the device the partition is on and we want to ++ # look at that instead. A multipath node always has of mpath. ++ dmtype="${dmuuid%%-*}" ++ if [ "${dmtype#part}" != "$dmtype" ]; then ++ dmuuid="${dmuuid#*-}" ++ dmtype="${dmuuid%%-*}" ++ fi ++ if [ "$dmtype" = "mpath" ]; then ++ return 0 ++ else ++ return 1 ++ fi ++} ++ ++if test -e "${GRUB_DEVICE}" && is_multipath "${GRUB_DEVICE}"; then ++ # If / is multipathed, there will be multiple paths to the partition, so ++ # using root=UUID= exposes the boot process to udev races. In addition ++ # GRUB_DEVICE in this case will be /dev/dm-0 or similar -- better to use a ++ # symlink that depends on the multipath name. ++ GRUB_DEVICE=/dev/mapper/"$(get_dm_field_for_dev $GRUB_DEVICE name)" ++ GRUB_DISABLE_LINUX_UUID=true ++fi ++ + # btrfs may reside on multiple devices. We cannot pass them as value of root= parameter + # and mounting btrfs requires user space scanning, so force UUID in this case. + if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \ diff --git a/debian/patches/ubuntu-dont-verify-loopback-images.patch b/debian/patches/ubuntu-dont-verify-loopback-images.patch new file mode 100644 index 000000000..b4ffb4df0 --- /dev/null +++ b/debian/patches/ubuntu-dont-verify-loopback-images.patch @@ -0,0 +1,36 @@ +From: Chris Coulson +Date: Mon, 1 Jun 2020 14:03:37 +0100 +Subject: UBUNTU: disk/loopback: Don't verify loopback images + +When a file is verified, the entire contents of the verified file are +loaded in to memory and retained until the file handle is closed. A +consequence of this is that opening a loopback image can incur a +significant memory cost. + +As loopback devices are just another disk implementation, don't treat +loopback images any differently to physical disk images, and skip +verification of them. Files opened from the filesystem within a loopback +image will still be passed to verifier modules where required. + +Signed-off-by: Chris Coulson +LP: #1878541 +Forwarded: yes, https://lists.gnu.org/archive/html/grub-devel/2020-06/msg00002.html +Patch-Name: ubuntu-dont-verify-loopback-images.patch +--- + grub-core/disk/loopback.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c +index ccb4b16..210201d 100644 +--- a/grub-core/disk/loopback.c ++++ b/grub-core/disk/loopback.c +@@ -86,7 +86,8 @@ grub_cmd_loopback (grub_extcmd_context_t ctxt, int argc, char **args) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + + file = grub_file_open (args[1], GRUB_FILE_TYPE_LOOPBACK +- | GRUB_FILE_TYPE_NO_DECOMPRESS); ++ | GRUB_FILE_TYPE_NO_DECOMPRESS | ++ GRUB_FILE_TYPE_SKIP_SIGNATURE); + if (! file) + return grub_errno; + diff --git a/debian/patches/ubuntu-efi-allow-loopmount-chainload.patch b/debian/patches/ubuntu-efi-allow-loopmount-chainload.patch new file mode 100644 index 000000000..a4330bd5b --- /dev/null +++ b/debian/patches/ubuntu-efi-allow-loopmount-chainload.patch @@ -0,0 +1,126 @@ +From: Dimitri John Ledkov +Date: Wed, 27 Nov 2019 23:12:35 +0000 +Subject: UBUNTU: Allow chainloading EFI apps from loop mounts. + +Proposed at https://github.com/rhboot/grub2/pull/65.patch + +Signed-off-by: Dimitri John Ledkov +Patch-Name: ubuntu-efi-allow-loopmount-chainload.patch +--- + grub-core/disk/loopback.c | 9 +-------- + grub-core/loader/efi/chainloader.c | 17 +++++++++++++++++ + include/grub/loopback.h | 30 ++++++++++++++++++++++++++++++ + 3 files changed, 48 insertions(+), 8 deletions(-) + create mode 100644 include/grub/loopback.h + +diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c +index cdf9123..ccb4b16 100644 +--- a/grub-core/disk/loopback.c ++++ b/grub-core/disk/loopback.c +@@ -21,20 +21,13 @@ + #include + #include + #include ++#include + #include + #include + #include + + GRUB_MOD_LICENSE ("GPLv3+"); + +-struct grub_loopback +-{ +- char *devname; +- grub_file_t file; +- struct grub_loopback *next; +- unsigned long id; +-}; +- + static struct grub_loopback *loopback_list; + static unsigned long last_id = 0; + +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index ec80f41..04e815c 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -889,6 +890,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_efi_status_t status; + grub_efi_boot_services_t *b; + grub_device_t dev = 0; ++ grub_device_t orig_dev = 0; + grub_efi_device_path_t *dp = 0; + char *filename; + void *boot_image = 0; +@@ -946,6 +948,15 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + if (! dev) + goto fail; + ++ /* if device is loopback, use underlying dev */ ++ if (dev->disk->dev->id == GRUB_DISK_DEVICE_LOOPBACK_ID) ++ { ++ struct grub_loopback *d; ++ orig_dev = dev; ++ d = dev->disk->data; ++ dev = d->file->device; ++ } ++ + if (dev->disk) + dev_handle = grub_efidisk_get_device_handle (dev->disk); + else if (dev->net && dev->net->server) +@@ -1075,6 +1086,12 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_device_close (dev); + + fail: ++ if (orig_dev) ++ { ++ dev = orig_dev; ++ orig_dev = 0; ++ } ++ + if (dev) + grub_device_close (dev); + +diff --git a/include/grub/loopback.h b/include/grub/loopback.h +new file mode 100644 +index 0000000..3b9a9e3 +--- /dev/null ++++ b/include/grub/loopback.h +@@ -0,0 +1,30 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2019 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_LOOPBACK_HEADER ++#define GRUB_LOOPBACK_HEADER 1 ++ ++struct grub_loopback ++{ ++ char *devname; ++ grub_file_t file; ++ struct grub_loopback *next; ++ unsigned long id; ++}; ++ ++#endif /* ! GRUB_LOOPBACK_HEADER */ diff --git a/debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch b/debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch new file mode 100644 index 000000000..d8270443f --- /dev/null +++ b/debian/patches/ubuntu-efi-console-set-text-mode-as-needed.patch @@ -0,0 +1,196 @@ +From: Hans de Goede +Date: Tue, 6 Mar 2018 17:11:15 +0100 +Subject: UBUNTU: EFI: Do not set text-mode until we actually need it + +If we're running with a hidden menu we may never need text mode, so do not +change the video-mode to text until we actually need it. + +Signed-off-by: Hans de Goede + +Last-Update: 2019-03-06 +Patch-Name: ubuntu-efi-console-set-text-mode-as-needed.patch +--- + grub-core/term/efi/console.c | 68 +++++++++++++++++++++++++++++--------------- + 1 file changed, 45 insertions(+), 23 deletions(-) + +diff --git a/grub-core/term/efi/console.c b/grub-core/term/efi/console.c +index 4840cc5..b61da7d 100644 +--- a/grub-core/term/efi/console.c ++++ b/grub-core/term/efi/console.c +@@ -24,6 +24,11 @@ + #include + #include + ++static grub_err_t grub_prepare_for_text_output(struct grub_term_output *term); ++ ++static int text_mode_available = -1; ++static int text_colorstate = -1; ++ + static grub_uint32_t + map_char (grub_uint32_t c) + { +@@ -66,14 +71,14 @@ map_char (grub_uint32_t c) + } + + static void +-grub_console_putchar (struct grub_term_output *term __attribute__ ((unused)), ++grub_console_putchar (struct grub_term_output *term, + const struct grub_unicode_glyph *c) + { + grub_efi_char16_t str[2 + 30]; + grub_efi_simple_text_output_interface_t *o; + unsigned i, j; + +- if (grub_efi_is_finished) ++ if (grub_prepare_for_text_output (term)) + return; + + o = grub_efi_system_table->con_out; +@@ -223,14 +228,15 @@ grub_console_getkey (struct grub_term_input *term) + } + + static struct grub_term_coordinate +-grub_console_getwh (struct grub_term_output *term __attribute__ ((unused))) ++grub_console_getwh (struct grub_term_output *term) + { + grub_efi_simple_text_output_interface_t *o; + grub_efi_uintn_t columns, rows; + + o = grub_efi_system_table->con_out; +- if (grub_efi_is_finished || efi_call_4 (o->query_mode, o, o->mode->mode, +- &columns, &rows) != GRUB_EFI_SUCCESS) ++ if (grub_prepare_for_text_output (term) != GRUB_ERR_NONE || ++ efi_call_4 (o->query_mode, o, o->mode->mode, ++ &columns, &rows) != GRUB_EFI_SUCCESS) + { + /* Why does this fail? */ + columns = 80; +@@ -245,7 +251,7 @@ grub_console_getxy (struct grub_term_output *term __attribute__ ((unused))) + { + grub_efi_simple_text_output_interface_t *o; + +- if (grub_efi_is_finished) ++ if (grub_efi_is_finished || text_mode_available != 1) + return (struct grub_term_coordinate) { 0, 0 }; + + o = grub_efi_system_table->con_out; +@@ -253,12 +259,12 @@ grub_console_getxy (struct grub_term_output *term __attribute__ ((unused))) + } + + static void +-grub_console_gotoxy (struct grub_term_output *term __attribute__ ((unused)), ++grub_console_gotoxy (struct grub_term_output *term, + struct grub_term_coordinate pos) + { + grub_efi_simple_text_output_interface_t *o; + +- if (grub_efi_is_finished) ++ if (grub_prepare_for_text_output (term)) + return; + + o = grub_efi_system_table->con_out; +@@ -271,7 +277,7 @@ grub_console_cls (struct grub_term_output *term __attribute__ ((unused))) + grub_efi_simple_text_output_interface_t *o; + grub_efi_int32_t orig_attr; + +- if (grub_efi_is_finished) ++ if (grub_efi_is_finished || text_mode_available != 1) + return; + + o = grub_efi_system_table->con_out; +@@ -282,8 +288,7 @@ grub_console_cls (struct grub_term_output *term __attribute__ ((unused))) + } + + static void +-grub_console_setcolorstate (struct grub_term_output *term +- __attribute__ ((unused)), ++grub_console_setcolorstate (struct grub_term_output *term __attribute__ ((unused)), + grub_term_color_state state) + { + grub_efi_simple_text_output_interface_t *o; +@@ -291,6 +296,12 @@ grub_console_setcolorstate (struct grub_term_output *term + if (grub_efi_is_finished) + return; + ++ if (text_mode_available != 1) { ++ /* Avoid "color_normal" environment writes causing a switch to textmode */ ++ text_colorstate = state; ++ return; ++ } ++ + o = grub_efi_system_table->con_out; + + switch (state) { +@@ -315,7 +326,7 @@ grub_console_setcursor (struct grub_term_output *term __attribute__ ((unused)), + { + grub_efi_simple_text_output_interface_t *o; + +- if (grub_efi_is_finished) ++ if (grub_efi_is_finished || text_mode_available != 1) + return; + + o = grub_efi_system_table->con_out; +@@ -323,18 +334,38 @@ grub_console_setcursor (struct grub_term_output *term __attribute__ ((unused)), + } + + static grub_err_t +-grub_efi_console_output_init (struct grub_term_output *term) ++grub_prepare_for_text_output(struct grub_term_output *term) + { +- grub_efi_set_text_mode (1); ++ if (grub_efi_is_finished) ++ return GRUB_ERR_BAD_DEVICE; ++ ++ if (text_mode_available != -1) ++ return text_mode_available ? 0 : GRUB_ERR_BAD_DEVICE; ++ ++ if (! grub_efi_set_text_mode (1)) ++ { ++ /* This really should never happen */ ++ grub_error (GRUB_ERR_BAD_DEVICE, "cannot set text mode"); ++ text_mode_available = 0; ++ return GRUB_ERR_BAD_DEVICE; ++ } ++ + grub_console_setcursor (term, 1); ++ if (text_colorstate != -1) ++ grub_console_setcolorstate (term, text_colorstate); ++ text_mode_available = 1; + return 0; + } + + static grub_err_t + grub_efi_console_output_fini (struct grub_term_output *term) + { ++ if (text_mode_available != 1) ++ return 0; ++ + grub_console_setcursor (term, 0); + grub_efi_set_text_mode (0); ++ text_mode_available = -1; + return 0; + } + +@@ -348,7 +379,6 @@ static struct grub_term_input grub_console_term_input = + static struct grub_term_output grub_console_term_output = + { + .name = "console", +- .init = grub_efi_console_output_init, + .fini = grub_efi_console_output_fini, + .putchar = grub_console_putchar, + .getwh = grub_console_getwh, +@@ -364,14 +394,6 @@ static struct grub_term_output grub_console_term_output = + void + grub_console_init (void) + { +- /* FIXME: it is necessary to consider the case where no console control +- is present but the default is already in text mode. */ +- if (! grub_efi_set_text_mode (1)) +- { +- grub_error (GRUB_ERR_BAD_DEVICE, "cannot set text mode"); +- return; +- } +- + grub_term_register_output ("console", &grub_console_term_output); + grub_term_register_input ("console", &grub_console_term_input); + } diff --git a/debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch b/debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch new file mode 100644 index 000000000..c8b8cd123 --- /dev/null +++ b/debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch @@ -0,0 +1,29 @@ +From: Mathieu Trudel-Lapierre +Date: Wed, 3 Jul 2019 15:21:16 -0400 +Subject: UBUNTU: Have the lzma decompressor image only contain the .text + section + +Previously binutils/objcopy did that correctly, now it seems to be padding to +an arbitrary size with zeros. Work around this broken by being explicit about +what we want. + +Patch-Name: ubuntu-fix-lzma-decompressor-objcopy.patch + +Signed-off-by: Mathieu Trudel-Lapierre +--- + grub-core/Makefile.core.def | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index 1731c53..33e7502 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -547,7 +547,7 @@ image = { + i386_pc = boot/i386/pc/startup_raw.S; + i386_pc_nodist = rs_decoder.h; + +- objcopyflags = '-O binary'; ++ objcopyflags = '-O binary -j .text'; + ldflags = '$(TARGET_IMG_LDFLAGS) $(TARGET_IMG_BASE_LDOPT),0x8200'; + enable = i386_pc; + }; diff --git a/debian/patches/ubuntu-flavour-order.patch b/debian/patches/ubuntu-flavour-order.patch new file mode 100644 index 000000000..43b0b7664 --- /dev/null +++ b/debian/patches/ubuntu-flavour-order.patch @@ -0,0 +1,60 @@ +From: Julian Andres Klode +Date: Tue, 9 Jun 2020 11:50:23 +0200 +Subject: UBUNTU: Add GRUB_FLAVOUR_ORDER configuration item + +This allows you to specify flavours that will be preferred +over other ones, and the order in which they are preferred +- items in the list win over items not in the list, and items +earlier in the list win over later ones. + +We still have to sort out storage of this, as we need to +inject that from packages or the UA client and similar, +and we can't just modify /etc/default/grub for that. + +LP: #1882663 +Patch-Name: ubuntu-flavour-order.patch +--- + util/grub-mkconfig.in | 3 ++- + util/grub-mkconfig_lib.in | 15 +++++++++++++++ + 2 files changed, 17 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index 72f1e25..6c8988f 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -260,7 +260,8 @@ export GRUB_DEFAULT \ + GRUB_RECORDFAIL_TIMEOUT \ + GRUB_RECOVERY_TITLE \ + GRUB_FORCE_PARTUUID \ +- GRUB_DISABLE_INITRD ++ GRUB_DISABLE_INITRD \ ++ GRUB_FLAVOUR_ORDER + + if test "x${grub_cfg}" != "x"; then + rm -f "${grub_cfg}.new" +diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in +index fe6319a..7e2d1bc 100644 +--- a/util/grub-mkconfig_lib.in ++++ b/util/grub-mkconfig_lib.in +@@ -270,6 +270,21 @@ version_test_gt () + if [ "x$version_test_gt_b" = "x" ] ; then + return 0 + fi ++ ++ # GRUB_FLAVOUR_ORDER is an ordered list of kernels, in decreasing ++ # priority. Any items in the list take precedence over other kernels, ++ # and earlier flavours are preferred over later ones. ++ for flavour in ${GRUB_FLAVOUR_ORDER:-}; do ++ version_test_gt_a_preferred=$(echo "$version_test_gt_a" | grep -- "-[0-9]*-$flavour\$") ++ version_test_gt_b_preferred=$(echo "$version_test_gt_b" | grep -- "-[0-9]*-$flavour\$") ++ ++ if [ -n "$version_test_gt_a_preferred" -a -z "$version_test_gt_b_preferred" ] ; then ++ return 0 ++ elif [ -z "$version_test_gt_a_preferred" -a -n "$version_test_gt_b_preferred" ] ; then ++ return 1 ++ fi ++ done ++ + case "$version_test_gt_a:$version_test_gt_b" in + *.old:*.old) ;; + *.old:*) version_test_gt_a="`echo "$version_test_gt_a" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=gt ;; diff --git a/debian/patches/grub-install-extra-removable.patch b/debian/patches/ubuntu-grub-install-extra-removable.patch similarity index 63% rename from debian/patches/grub-install-extra-removable.patch rename to debian/patches/ubuntu-grub-install-extra-removable.patch index ff713cd29..202664830 100644 --- a/debian/patches/grub-install-extra-removable.patch +++ b/debian/patches/ubuntu-grub-install-extra-removable.patch @@ -1,35 +1,35 @@ -From 904799066563906ca3650c234b3b0a590b52b1ab Mon Sep 17 00:00:00 2001 From: Steve McIntyre <93sam@debian.org> Date: Wed, 3 Dec 2014 01:25:12 +0000 -Subject: Add support for forcing EFI installation to the removable media path +Subject: UBUNTU: Add support for forcing EFI installation to the removable + media path -Add an extra option to grub-install "--force-extra-removable". On EFI -platforms, this will cause an extra copy of the grub-efi image to be -written to the appropriate removable media patch -/boot/efi/EFI/BOOT/BOOT$ARCH.EFI as well. This will help with broken -UEFI implementations where the firmware does not work when configured -with new boot paths. +Add an extra option to grub-install "--no-extra-removable". On EFI +platforms, this will cause the copy of the grub-efi image to not be +written to the removable media path /boot/efi/EFI/BOOT/BOOT$ARCH.EFI. +This will help with broken UEFI implementations where you can't install +to the removable path as a fallback option if Boot Entries get corrupt. Signed-off-by: Steve McIntyre <93sam@debian.org> +Signed-off-by: Mathieu Trudel-Lapierre Bug-Debian: https://bugs.debian.org/767037 https://bugs.debian.org/773092 Forwarded: Not yet Last-Update: 2014-12-20 -Patch-Name: grub-install-extra-removable.patch +Patch-Name: ubuntu-grub-install-extra-removable.patch --- - util/grub-install.c | 110 +++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 108 insertions(+), 2 deletions(-) + util/grub-install.c | 135 +++++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 133 insertions(+), 2 deletions(-) diff --git a/util/grub-install.c b/util/grub-install.c -index f511cfc72..5f3217ae4 100644 +index 64c2923..0304646 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -56,6 +56,7 @@ static char *target; static int removable = 0; -+static int force_extra_removable = 0; ++static int no_extra_removable = 0; static int recheck = 0; static int update_nvram = 1; static char *install_device = NULL; @@ -39,7 +39,7 @@ index f511cfc72..5f3217ae4 100644 OPTION_UEFI_SECURE_BOOT, - OPTION_NO_UEFI_SECURE_BOOT + OPTION_NO_UEFI_SECURE_BOOT, -+ OPTION_FORCE_EXTRA_REMOVABLE ++ OPTION_NO_EXTRA_REMOVABLE }; static int fs_probe = 1; @@ -47,8 +47,8 @@ index f511cfc72..5f3217ae4 100644 removable = 1; return 0; -+ case OPTION_FORCE_EXTRA_REMOVABLE: -+ force_extra_removable = 1; ++ case OPTION_NO_EXTRA_REMOVABLE: ++ no_extra_removable = 1; + return 0; + case OPTION_ALLOW_FLOPPY: @@ -58,13 +58,13 @@ index f511cfc72..5f3217ae4 100644 N_("do not install an image usable with UEFI Secure Boot, even if the " "system was currently started using it. " "This option is only available on EFI."), 2}, -+ {"force-extra-removable", OPTION_FORCE_EXTRA_REMOVABLE, 0, 0, -+ N_("force installation to the removable media path also. " ++ {"no-extra-removable", OPTION_NO_EXTRA_REMOVABLE, 0, 0, ++ N_("Do not install bootloader code to the removable media path. " + "This option is only available on EFI."), 2}, {0, 0, 0, 0, 0, 0} }; -@@ -839,6 +848,91 @@ fill_core_services (const char *core_services) +@@ -839,6 +848,116 @@ fill_core_services (const char *core_services) free (sysv_plist); } @@ -103,16 +103,25 @@ index f511cfc72..5f3217ae4 100644 +static void +also_install_removable(const char *src, + const char *base_efidir, ++ const char *efi_suffix, + const char *efi_suffix_upper) +{ + char *efi_file = NULL; + char *dst = NULL; + char *cur = NULL; + char *found = NULL; ++ char *fb_file = NULL; ++ char *mm_file = NULL; ++ char *generic_efidir = NULL; + ++ if (!efi_suffix) ++ grub_util_error ("%s", _("efi_suffix not set")); + if (!efi_suffix_upper) + grub_util_error ("%s", _("efi_suffix_upper not set")); ++ + efi_file = xasprintf ("BOOT%s.EFI", efi_suffix_upper); ++ fb_file = xasprintf ("fb%s.efi", efi_suffix); ++ mm_file = xasprintf ("mm%s.efi", efi_suffix); + + /* We need to install in $base_efidir/EFI/BOOT/$efi_file, but we + * need to cope with case-insensitive stuff here. Build the path one @@ -134,29 +143,45 @@ index f511cfc72..5f3217ae4 100644 + if (found == NULL) + found = xstrdup("BOOT"); + dst = grub_util_path_concat (2, cur, found); -+ cur = xstrdup (dst); -+ free (dst); ++ free (cur); + free (found); -+ grub_install_mkdir_p (cur); ++ grub_install_mkdir_p (dst); ++ generic_efidir = xstrdup (dst); ++ free (dst); + + /* Now $efi_file */ -+ found = check_component_exists(cur, efi_file); ++ found = check_component_exists(generic_efidir, efi_file); + if (found == NULL) + found = xstrdup(efi_file); -+ dst = grub_util_path_concat (2, cur, found); -+ cur = xstrdup (dst); -+ free (dst); ++ dst = grub_util_path_concat (2, generic_efidir, found); + free (found); -+ grub_install_copy_file (src, cur, 1); ++ grub_install_copy_file (src, dst, 1); ++ free (efi_file); ++ free (dst); + -+ free (cur); ++ /* Now try to also install fallback */ ++ efi_file = grub_util_path_concat (2, "/usr/lib/shim/", fb_file); ++ dst = grub_util_path_concat (2, generic_efidir, fb_file); ++ grub_install_copy_file (efi_file, dst, 0); ++ free (efi_file); ++ free (dst); ++ ++ /* Also install MokManager to the removable path */ ++ efi_file = grub_util_path_concat (2, "/usr/lib/shim/", mm_file); ++ dst = grub_util_path_concat (2, generic_efidir, mm_file); ++ grub_install_copy_file (efi_file, dst, 0); + free (efi_file); ++ free (dst); ++ ++ free (generic_efidir); ++ free (fb_file); ++ free (mm_file); +} + int main (int argc, char *argv[]) { -@@ -856,6 +950,7 @@ main (int argc, char *argv[]) +@@ -856,6 +975,7 @@ main (int argc, char *argv[]) char *relative_grubdir; char **efidir_device_names = NULL; grub_device_t efidir_grub_dev = NULL; @@ -164,17 +189,17 @@ index f511cfc72..5f3217ae4 100644 char *efidir_grub_devname; int efidir_is_mac = 0; int is_prep = 0; -@@ -888,6 +983,9 @@ main (int argc, char *argv[]) +@@ -888,6 +1008,9 @@ main (int argc, char *argv[]) bootloader_id = xstrdup ("grub"); } -+ if (removable && force_extra_removable) -+ grub_util_error (_("Invalid to use both --removable and --force_extra_removable")); ++ if (removable && no_extra_removable) ++ grub_util_error (_("Invalid to use both --removable and --no_extra_removable")); + if (!grub_install_source_directory) { if (!target) -@@ -1107,6 +1205,8 @@ main (int argc, char *argv[]) +@@ -1107,6 +1230,8 @@ main (int argc, char *argv[]) if (!efidir_is_mac && grub_strcmp (fs->name, "fat") != 0) grub_util_error (_("%s doesn't look like an EFI partition"), efidir); @@ -183,19 +208,19 @@ index f511cfc72..5f3217ae4 100644 /* The EFI specification requires that an EFI System Partition must contain an "EFI" subdirectory, and that OS loaders are stored in subdirectories below EFI. Vendors are expected to pick names that do -@@ -2021,9 +2121,15 @@ main (int argc, char *argv[]) +@@ -2024,9 +2149,15 @@ main (int argc, char *argv[]) fprintf (config_dst_f, "configfile $prefix/grub.cfg\n"); fclose (config_dst_f); free (config_dst); -+ if (force_extra_removable) -+ also_install_removable(efi_signed, base_efidir, efi_suffix_upper); ++ if (!removable && !no_extra_removable) ++ also_install_removable(efi_signed, base_efidir, efi_suffix, efi_suffix_upper); } else - grub_install_copy_file (imgfile, dst, 1); + { + grub_install_copy_file (imgfile, dst, 1); -+ if (force_extra_removable) -+ also_install_removable(imgfile, base_efidir, efi_suffix_upper); ++ if (!removable && !no_extra_removable) ++ also_install_removable(imgfile, base_efidir, efi_suffix, efi_suffix_upper); + } free (dst); } diff --git a/debian/patches/install-signed.patch b/debian/patches/ubuntu-install-signed.patch similarity index 87% rename from debian/patches/install-signed.patch rename to debian/patches/ubuntu-install-signed.patch index 2b4b9ca0f..ab0f6b9ec 100644 --- a/debian/patches/install-signed.patch +++ b/debian/patches/ubuntu-install-signed.patch @@ -1,9 +1,8 @@ -From 299b465b171215484818bd98dea6db0913cc062d Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:22 +0000 -Subject: Install signed images if UEFI Secure Boot is enabled +Subject: UBUNTU: Install signed images if UEFI Secure Boot is enabled MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 +Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Author: Stéphane Graber @@ -13,13 +12,13 @@ Author: Mathieu Trudel-Lapierre Forwarded: no Last-Update: 2016-11-01 -Patch-Name: install-signed.patch +Patch-Name: ubuntu-install-signed.patch --- - util/grub-install.c | 212 ++++++++++++++++++++++++++++++++------------ - 1 file changed, 153 insertions(+), 59 deletions(-) + util/grub-install.c | 215 ++++++++++++++++++++++++++++++++++++++-------------- + 1 file changed, 156 insertions(+), 59 deletions(-) diff --git a/util/grub-install.c b/util/grub-install.c -index 3b4606eef..b0c7c7c37 100644 +index 3b4606e..e1e40cf 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -80,6 +80,7 @@ static char *label_color; @@ -236,7 +235,7 @@ index 3b4606eef..b0c7c7c37 100644 { char *uuid = NULL; /* generic method (used on coreboot and ata mod). */ -@@ -1916,7 +1946,71 @@ main (int argc, char *argv[]) +@@ -1916,7 +1946,74 @@ main (int argc, char *argv[]) case GRUB_INSTALL_PLATFORM_IA64_EFI: { char *dst = grub_util_path_concat (2, efidir, efi_file); @@ -244,21 +243,28 @@ index 3b4606eef..b0c7c7c37 100644 + if (uefi_secure_boot) + { + char *shim_signed = NULL; -+ char *mok_signed = NULL, *mok_file = NULL; -+ char *fb_signed = NULL, *fb_file = NULL; ++ char *mok_file = NULL; ++ char *bootcsv = NULL; + char *config_dst; + FILE *config_dst_f; + + shim_signed = xasprintf ("/usr/lib/shim/shim%s.efi.signed", efi_suffix); -+ mok_signed = xasprintf ("mm%s.efi.signed", efi_suffix); + mok_file = xasprintf ("mm%s.efi", efi_suffix); -+ fb_signed = xasprintf ("fb%s.efi.signed", efi_suffix); -+ fb_file = xasprintf ("fb%s.efi", efi_suffix); ++ bootcsv = xasprintf ("BOOT%s.CSV", efi_suffix_upper); + + if (grub_util_is_regular (shim_signed)) + { + char *chained_base, *chained_dst; -+ char *mok_src, *mok_dst, *fb_src, *fb_dst; ++ char *mok_src, *mok_dst, *bootcsv_src, *bootcsv_dst; ++ ++ /* Install grub as our chained bootloader */ ++ chained_base = xasprintf ("grub%s.efi", efi_suffix); ++ chained_dst = grub_util_path_concat (2, efidir, chained_base); ++ grub_install_copy_file (efi_signed, chained_dst, 1); ++ free (chained_dst); ++ free (chained_base); ++ ++ /* Now handle shim, and make this our new "default" loader. */ + if (!removable) + { + free (efi_file); @@ -267,17 +273,14 @@ index 3b4606eef..b0c7c7c37 100644 + dst = grub_util_path_concat (2, efidir, efi_file); + } + grub_install_copy_file (shim_signed, dst, 1); -+ chained_base = xasprintf ("grub%s.efi", efi_suffix); -+ chained_dst = grub_util_path_concat (2, efidir, chained_base); -+ grub_install_copy_file (efi_signed, chained_dst, 1); -+ free (chained_dst); -+ free (chained_base); ++ free (efi_signed); ++ efi_signed = xstrdup (shim_signed); + -+ /* Not critical, so not an error if they are not present (as it -+ won't be for older releases); but if we have them, make -+ sure they are installed. */ ++ /* Not critical, so not an error if it is not present (as it ++ won't be for older releases); but if we have MokManager, ++ make sure it gets installed. */ + mok_src = grub_util_path_concat (2, "/usr/lib/shim/", -+ mok_signed); ++ mok_file); + mok_dst = grub_util_path_concat (2, efidir, + mok_file); + grub_install_copy_file (mok_src, @@ -285,14 +288,13 @@ index 3b4606eef..b0c7c7c37 100644 + free (mok_src); + free (mok_dst); + -+ fb_src = grub_util_path_concat (2, "/usr/lib/shim/", -+ fb_signed); -+ fb_dst = grub_util_path_concat (2, efidir, -+ fb_file); -+ grub_install_copy_file (fb_src, -+ fb_dst, 0); -+ free (fb_src); -+ free (fb_dst); ++ /* Also try to install boot.csv for fallback */ ++ bootcsv_src = grub_util_path_concat (2, "/usr/lib/shim/", ++ bootcsv); ++ bootcsv_dst = grub_util_path_concat (2, efidir, bootcsv); ++ grub_install_copy_file (bootcsv_src, bootcsv_dst, 0); ++ free (bootcsv_src); ++ free (bootcsv_dst); + } + else + grub_install_copy_file (efi_signed, dst, 1); diff --git a/debian/patches/ubuntu-linuxefi-arm64-set-base-addr.patch b/debian/patches/ubuntu-linuxefi-arm64-set-base-addr.patch new file mode 100644 index 000000000..85beccb4f --- /dev/null +++ b/debian/patches/ubuntu-linuxefi-arm64-set-base-addr.patch @@ -0,0 +1,68 @@ +From: Javier Martinez Canillas +Date: Thu, 23 Apr 2020 15:06:46 +0200 +Subject: efi: Set image base address before jumping to the PE/COFF entry + point + +Upstream GRUB uses the EFI LoadImage() and StartImage() to boot the Linux +kernel. But our custom EFI loader that supports Secure Boot instead uses +the EFI handover protocol (for x86) or jumping directly to the PE/COFF +entry point (for aarch64). + +This is done to allow the bootloader to verify the images using the shim +lock protocol to avoid booting untrusted binaries. + +Since the bootloader loads the kernel from the boot media instead of using +LoadImage(), it is responsible to set the Loaded Image base address before +booting the kernel. + +Otherwise the kernel EFI stub will complain that it was not set correctly +and print the following warning message: + +EFI stub: ERROR: FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value + +Resolves: rhbz#1825411 + +Signed-off-by: Javier Martinez Canillas +[ dannf: Offset adjustment to apply to Ubuntu's GRUB ] + +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1900774 +Origin: https://github.com/rhboot/grub2/commit/1d5ef08216edec4d31d0e10cfdb30b5ebfef7a45 +Last-Updated: 2020-11-09 +Patch-Name: ubuntu-linuxefi-arm64-set-base-addr.patch +--- + grub-core/loader/efi/linux.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +index f6d30bc..a09479c 100644 +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -72,6 +72,7 @@ grub_err_t + grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, + void *kernel_params) + { ++ grub_efi_loaded_image_t *loaded_image = NULL; + handover_func hf; + int offset = 0; + +@@ -80,6 +81,20 @@ grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, + offset = 512; + #endif + ++ /* ++ * Since the EFI loader is not calling the LoadImage() and StartImage() ++ * services for loading the kernel and booting respectively, it has to ++ * set the Loaded Image base address. ++ */ ++ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (loaded_image) ++ loaded_image->image_base = kernel_addr; ++ else ++ grub_dprintf ("linux", "Loaded Image base address could not be set\n"); ++ ++ grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", ++ kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params); ++ + hf = (handover_func)((char *)kernel_addr + handover_offset + offset); + hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); + diff --git a/debian/patches/ubuntu-linuxefi-arm64.patch b/debian/patches/ubuntu-linuxefi-arm64.patch new file mode 100644 index 000000000..2feabe396 --- /dev/null +++ b/debian/patches/ubuntu-linuxefi-arm64.patch @@ -0,0 +1,184 @@ +From: Julian Andres Klode +Date: Fri, 11 Sep 2020 11:28:08 +0200 +Subject: Cherry-pick back parts of "Load arm with SB enabled." + +These parts got lost in our 2.04 rebase, let's add them back. + +Pick (grub_efi_physical_address_t)(grub_efi_uintn_t) cast from +fedora-34 instead, it seems to cause compilation error on armhf +to not do the (grub_efi_uintn_t) cast first. + +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1862279 +Origin: vendor, https://github.com/rhboot/grub2/commit/2786ab864cf00c15123320671f653e9a36ba12b4 +Patch-Name: ubuntu-linuxefi-arm64.patch +--- + grub-core/loader/arm64/linux.c | 106 ++++++++++++++++++++++------------------- + 1 file changed, 56 insertions(+), 50 deletions(-) + +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index 3f5496f..130e9c0 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -43,6 +43,8 @@ static int loaded; + + static void *kernel_addr; + static grub_uint64_t kernel_size; ++static grub_uint32_t handover_offset; ++ + + static char *linux_args; + static grub_uint32_t cmdline_size; +@@ -76,7 +78,8 @@ grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh) + static grub_err_t + finalize_params_linux (void) + { +- int node, retval; ++ grub_efi_loaded_image_t *loaded_image = NULL; ++ int node, retval, len; + + void *fdt; + +@@ -111,6 +114,27 @@ finalize_params_linux (void) + if (grub_fdt_install() != GRUB_ERR_NONE) + goto failure; + ++ ++ grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n", ++ fdt); ++ ++ /* Convert command line to UCS-2 */ ++ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (!loaded_image) ++ goto failure; ++ ++ loaded_image->load_options_size = len = ++ (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t); ++ loaded_image->load_options = ++ grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); ++ if (!loaded_image->load_options) ++ return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters"); ++ ++ loaded_image->load_options_size = ++ 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, ++ (grub_uint8_t *) linux_args, len, NULL); ++ ++ + return GRUB_ERR_NONE; + + failure: +@@ -118,70 +142,48 @@ failure: + return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT"); + } + ++static void ++free_params (void) ++{ ++ grub_efi_loaded_image_t *loaded_image = NULL; ++ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (loaded_image) ++ { ++ if (loaded_image->load_options) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_efi_uintn_t) ++ loaded_image->load_options, ++ GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); ++ loaded_image->load_options = NULL; ++ loaded_image->load_options_size = 0; ++ } ++} ++ + grub_err_t + grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args) + { +- grub_efi_memory_mapped_device_path_t *mempath; +- grub_efi_handle_t image_handle; +- grub_efi_boot_services_t *b; +- grub_efi_status_t status; +- grub_efi_loaded_image_t *loaded_image; +- int len; +- +- mempath = grub_malloc (2 * sizeof (grub_efi_memory_mapped_device_path_t)); +- if (!mempath) +- return grub_errno; +- +- mempath[0].header.type = GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE; +- mempath[0].header.subtype = GRUB_EFI_MEMORY_MAPPED_DEVICE_PATH_SUBTYPE; +- mempath[0].header.length = grub_cpu_to_le16_compile_time (sizeof (*mempath)); +- mempath[0].memory_type = GRUB_EFI_LOADER_DATA; +- mempath[0].start_address = addr; +- mempath[0].end_address = addr + size; ++ grub_err_t retval; + +- mempath[1].header.type = GRUB_EFI_END_DEVICE_PATH_TYPE; +- mempath[1].header.subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; +- mempath[1].header.length = sizeof (grub_efi_device_path_t); +- +- b = grub_efi_system_table->boot_services; +- status = b->load_image (0, grub_efi_image_handle, +- (grub_efi_device_path_t *) mempath, +- (void *) addr, size, &image_handle); +- if (status != GRUB_EFI_SUCCESS) +- return grub_error (GRUB_ERR_BAD_OS, "cannot load image"); ++ retval = finalize_params_linux (); ++ if (retval != GRUB_ERR_NONE) ++ return grub_errno; + + grub_dprintf ("linux", "linux command line: '%s'\n", args); + +- /* Convert command line to UCS-2 */ +- loaded_image = grub_efi_get_loaded_image (image_handle); +- loaded_image->load_options_size = len = +- (grub_strlen (args) + 1) * sizeof (grub_efi_char16_t); +- loaded_image->load_options = +- grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); +- if (!loaded_image->load_options) +- return grub_errno; +- +- loaded_image->load_options_size = +- 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, +- (grub_uint8_t *) args, len, NULL); ++ (void) addr; ++ (void) size; + +- grub_dprintf ("linux", "starting image %p\n", image_handle); +- status = b->start_image (image_handle, 0, NULL); + +- /* When successful, not reached */ +- b->unload_image (image_handle); +- grub_efi_free_pages ((grub_addr_t) loaded_image->load_options, +- GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); ++ retval = grub_efi_linux_boot ((char *)kernel_addr, handover_offset, ++ kernel_addr); + +- return grub_errno; ++ /* Never reached... */ ++ free_params(); ++ return retval; + } + + static grub_err_t + grub_linux_boot (void) + { +- if (finalize_params_linux () != GRUB_ERR_NONE) +- return grub_errno; +- + return (grub_arch_efi_linux_boot_image((grub_addr_t)kernel_addr, + kernel_size, linux_args)); + } +@@ -297,6 +299,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + { + grub_file_t file = 0; + struct linux_arch_kernel_header lh; ++ struct grub_arm64_linux_pe_header *pe; + grub_err_t err; + int rc; + +@@ -354,6 +357,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + } + ++ pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); ++ handover_offset = pe->opt.entry_addr; ++ + cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE); + linux_args = grub_malloc (cmdline_size); + if (!linux_args) diff --git a/debian/patches/ubuntu-linuxefi.patch b/debian/patches/ubuntu-linuxefi.patch new file mode 100644 index 000000000..ff89ff4c2 --- /dev/null +++ b/debian/patches/ubuntu-linuxefi.patch @@ -0,0 +1,2794 @@ +From: Matthew Garrett +Date: Wed, 27 Feb 2019 12:20:48 -0500 +Subject: UBUNTU: Add support for linuxefi + +Last-Update: 2019-02-27 +Patch-Name: ubuntu-linuxefi.patch +Origin: vendor, https://github.com/rhboot/grub2/commit/c81a5cc77110c919da5bce565854fc38ab49303b +Forwarded: no + +Load arm with SB enabled. + +Make sure we actually try to validate secure boot on this platform (even +though we're not shipping it enabled by default.) + +This means giving the kernel grub's loaded image as the vehicle for the +kernel command line, because we can't call systab->bs->LoadImage() if SB +is enabled. + +Origin: vendor, https://github.com/rhboot/grub2/commit/2786ab864cf00c15123320671f653e9a36ba12b4 +Forwarded: no +Last-Update: 2019-02-27 + +Fix race in EFI validation + +Origin: vendor, https://github.com/rhboot/grub2/commit/57414c73c4e80baedcb96ff35be9306fb0599a09 +Forwarded: no +Last-Update: 2019-02-27 + +Use device part of chainloader target, if present. + +Otherwise chainloading is restricted to '$root', which might not even +be readable by EFI! + +v1. use grub_file_get_device_name() to get device name + +Signed-off-by: Michael Chang +Signed-off-by: Peter Jones + +Origin: vendor, https://github.com/rhboot/grub2/commit/f8e5b67d99449b8cb9cc45237adb839406f2db97 +Forwarded: no +Last-Update: 2019-02-27 + +Add secureboot support on efi chainloader + +Expand the chainloader to be able to verify the image by means of shim +lock protocol. The PE/COFF image is loaded and relocated by the +chainloader instead of calling LoadImage and StartImage UEFI boot +Service as they require positive verification result from keys enrolled +in KEK or DB. The shim will use MOK in addition to firmware enrolled +keys to verify the image. + +The chainloader module could be used to load other UEFI bootloaders, +such as xen.efi, and could be signed by any of MOK, KEK or DB. + +Based on https://build.opensuse.org/package/view_file/openSUSE:Factory/grub2/grub2-secureboot-chainloader.patch + +Signed-off-by: Peter Jones + +Origin: vendor, https://github.com/rhboot/grub2/commit/a00fc9f578d2c310438ced8d4be07f5fa4005873 +Forwarded: no +Last-Update: 2019-02-27 + +Make any of the loaders that link in efi mode honor secure boot. + +And in this case "honor" means "even if somebody does link this in, they +won't register commands if SB is enabled." + +Signed-off-by: Peter Jones + +Origin: vendor, https://github.com/rhboot/grub2/commit/3056bfc5044e976fa97f76b81b6a680731005095 +Forwarded: no +Last-Update: 2019-02-27 + +Rework linux command + +We want a single buffer that contains the entire kernel image in order to +perform a TPM measurement. Allocate one and copy the entire kernel into it +before pulling out the individual blocks later on. + +Origin: vendor, https://github.com/rhboot/grub2/commit/97c97a2e9a95a29c42569952c8be7be1fdb5b4cf +Forwarded: no +Last-Update: 2019-02-27 + +Rework linux16 command + +We want a single buffer that contains the entire kernel image in order to +perform a TPM measurement. Allocate one and copy the entire kernel int it +before pulling out the individual blocks later on. + +Origin: vendor, https://github.com/rhboot/grub2/commit/78d85625026497d96a06e5b7880a1d4785af9d1f +Forwarded: no +Last-Update: 2019-02-27 + +Re-work some intricacies of PE loading. + +The PE spec is not a well written document, and awesomely every place +where there's an ambiguous way to read something, Windows' bootmgfw.efi +takes a different read than either of them. + +Origin: vendor, https://github.com/rhboot/grub2/commit/3f023d25a1ceb6d23c1bb17b754fbc1f8321427d +Forwarded: no +Last-Update: 2019-02-27 + +Rework even more of efi chainload so non-sb cases work right. + +This ensures that if shim protocol is not loaded, or is loaded but shim +is disabled, we will fall back to a correct load method for the efi +chain loader. + +Here's what I tested with this version: + +results expected actual +------------------------------------------------------------ +sb + enabled + shim + fedora success success +sb + enabled + shim + win success success +sb + enabled + grub + fedora fail fail +sb + enabled + grub + win fail fail + +sb + mokdisabled + shim + fedora success success +sb + mokdisabled + shim + win success success +sb + mokdisabled + grub + fedora fail fail +sb + mokdisabled + grub + win fail fail + +sb disabled + shim + fedora success success* +sb disabled + shim + win success success* +sb disabled + grub + fedora success success +sb disabled + grub + win success success + +nosb + shim + fedora success success* +nosb + shim + win success success* +nosb + grub + fedora success success +nosb + grub + win success success + +* for some reason shim protocol is being installed in these cases, and I + can't see why, but I think it may be this firmware build returning an + erroneous value. But this effectively falls back to the mokdisabled + behavior, which works correctly, and the presence of the "grub" (i.e. + no shim) tests effectively tests the desired behavior here. + +Resolves: rhbz#1344512 + +Signed-off-by: Peter Jones + +Origin: vendor, https://github.com/rhboot/grub2/commit/149cdec4f9e5fd039a698ef20530bad588b6aeeb +Forwarded: no +Last-Update: 2019-02-27 + +Add some grub_dprintf() in the linuxefi path. + +Signed-off-by: Peter Jones + +Origin: vendor, https://github.com/rhboot/grub2/commit/527a427a8edf05d8994f679a16d0dc98106563f4 +Forwarded: no +Last-Update: 2019-02-27 + +linuxefi: minor cleanups + +Signed-off-by: Peter Jones + +Origin: vendor, https://github.com/rhboot/grub2/commit/2c9a6edf8abbc7397174ec2696fce28822996a12 +Forwarded: no +Last-Update: 2019-02-27 + +Handle multi-arch (64-on-32) boot in linuxefi loader. + +Allow booting 64-bit kernels on 32-bit EFI on x86. + +Signed-off-by: Peter Jones + +Origin: vendor, https://github.com/rhboot/grub2/commit/1c88c700148acf02863a350055a43eb87e16bbe5 +Forwarded: no +Last-Update: 2019-02-27 + +Clean up some errors in the linuxefi loader + +Signed-off-by: Peter Jones + +Origin: vendor, https://github.com/rhboot/grub2/commit/df0d3873162dd7e9352e1d4fbd589aa60e722f2e +Forwarded: no +Last-Update: 2019-02-27 + +efi/chainloader: fix wrong sanity check in relocate_coff() + +In relocate_coff(), the relocation entries are parsed from the original +image (not the section-wise copied image). The original image is +pointed-to by the "orig" pointer. The current check + + (void *)reloc_end < data + +compares the addresses of independent memory allocations. "data" is a typo +here, it should be "orig". + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1347291 +Signed-off-by: Laszlo Ersek +Tested-by: Bogdan Costescu +Tested-by: Juan Orti + +Last-Update: 2019-02-27 + +efi/chainloader: truncate overlong relocation section + +The UEFI Windows 7 boot loader ("EFI/Microsoft/Boot/bootmgfw.efi", SHA1 +31b410e029bba87d2068c65a80b88882f9f8ea25) has inconsistent headers. + +Compare: + +> The Data Directory +> ... +> Entry 5 00000000000d9000 00000574 Base Relocation Directory [.reloc] + +Versus: + +> Sections: +> Idx Name Size VMA LMA File off ... +> ... +> 10 .reloc 00000e22 00000000100d9000 00000000100d9000 000a1800 ... + +That is, the size reported by the RelocDir entry (0x574) is smaller than +the virtual size of the .reloc section (0xe22). + +Quoting the grub2 debug log for the same: + +> chainloader.c:595: reloc_dir: 0xd9000 reloc_size: 0x00000574 +> chainloader.c:603: reloc_base: 0x7d208000 reloc_base_end: 0x7d208573 +> ... +> chainloader.c:620: Section 10 ".reloc" at 0x7d208000..0x7d208e21 +> chainloader.c:661: section is not reloc section? +> chainloader.c:663: rds: 0x00001000, vs: 00000e22 +> chainloader.c:664: base: 0x7d208000 end: 0x7d208e21 +> chainloader.c:666: reloc_base: 0x7d208000 reloc_base_end: 0x7d208573 +> chainloader.c:671: Section characteristics are 42000040 +> chainloader.c:673: Section virtual size: 00000e22 +> chainloader.c:675: Section raw_data size: 00001000 +> chainloader.c:678: Discarding section + +After hexdumping "bootmgfw.efi" and manually walking its relocation blocks +(yes, really), I determined that the (smaller) RelocDir value is correct. +The remaining area that extends up to the .reloc section size (== 0xe22 - +0x574 == 0x8ae bytes) exists as zero padding in the file. + +This zero padding shouldn't be passed to relocate_coff() for parsing. In +order to cope with it, split the handling of .reloc sections into the +following branches: + +- original case (equal size): original behavior (--> relocation + attempted), + +- overlong .reloc section (longer than reported by RelocDir): truncate the + section to the RelocDir size for the purposes of relocate_coff(), and + attempt relocation, + +- .reloc section is too short, or other checks fail: original behavior + (--> relocation not attempted). + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1347291 +Signed-off-by: Laszlo Ersek +Last-Update: 2019-02-27 + +i386/efi: update loader to new interfaces + +This updates the non-upstream loader/i386/efi/linux.c to build +correctly with the patches in this branch appled. + +Signed-off-by: Leif Lindholm + +Bug-Debian: https://bugs.debian.org/907596 +Bug-Debian: https://bugs.debian.org/909420 +Bug-Debian: https://bugs.debian.org/915091 +Last-Update: 2018-12-06 + +If running under UEFI secure boot, attempt to use linuxefi loader + +Forwarded: no +Last-Update: 2019-02-27 + +Disallow unsigned kernels if UEFI Secure Boot is enabled + +If UEFI Secure Boot is enabled and kernel signature verification fails, do not +boot the kernel. Before this change, if kernel signature verification failed +then GRUB would fall back to calling ExitBootServices() and continuing the +boot. + +Signed-off-by: Linn Crosetto + +Move include for efi/sb.h in i386/linux loader + +It really should be EFI-specific. + +Signed-off-by: Mathieu Trudel-Lapierre +Last-Update: 2019-02-22 + +Fix various format/cast errors in Secure Boot code + +Signed-off-by: Mathieu Trudel-Lapierre +Last-Update: 2019-02-22 + +Temporarily re-enable the generic linux loader + +We're currently relying on it and an automatic hand-off to linuxefi for EFI +booting; so we need the linux command to start to be able to do the hand-off +correctly. + +This is a temporary measure until we switch to calling linuxefi directly. + +Forwarded: no +Last-Update: 2019-02-27 + +linuxefi: Don't enforce Shim signature validation if Secure Boot is disabled + +The linuxefi command fails if used on a system without shim, even if +Secure Boot is disabled. There's no need to do the validation if we're +not in Secure Boot mode (an attacker could just boot a modified grub), +so skip this to make it easier to use the Linux EFI entry point even on +non-Secure Boot systems. + +Last-Update: 2018-12-07 +--- + grub-core/Makefile.am | 1 + + grub-core/Makefile.core.def | 16 +- + grub-core/commands/iorw.c | 7 + + grub-core/commands/memrw.c | 7 + + grub-core/kern/arm/coreboot/coreboot.S | 6 + + grub-core/kern/dl.c | 1 + + grub-core/kern/efi/efi.c | 28 -- + grub-core/kern/efi/mm.c | 32 ++ + grub-core/kern/efi/sb.c | 66 +++ + grub-core/loader/arm64/linux.c | 16 + + grub-core/loader/efi/appleloader.c | 7 + + grub-core/loader/efi/chainloader.c | 817 ++++++++++++++++++++++++++++++--- + grub-core/loader/efi/fdt.c | 1 + + grub-core/loader/efi/linux.c | 86 ++++ + grub-core/loader/i386/bsd.c | 7 + + grub-core/loader/i386/efi/linux.c | 379 +++++++++++++++ + grub-core/loader/i386/linux.c | 78 +++- + grub-core/loader/i386/pc/linux.c | 40 +- + grub-core/loader/multiboot.c | 7 + + grub-core/loader/xnu.c | 7 + + include/grub/arm64/linux.h | 2 + + include/grub/efi/efi.h | 4 +- + include/grub/efi/linux.h | 31 ++ + include/grub/efi/pe32.h | 52 ++- + include/grub/efi/sb.h | 29 ++ + include/grub/i386/linux.h | 7 +- + include/grub/ia64/linux.h | 0 + include/grub/mips/linux.h | 0 + include/grub/powerpc/linux.h | 0 + include/grub/sparc64/linux.h | 0 + 30 files changed, 1605 insertions(+), 129 deletions(-) + create mode 100644 grub-core/kern/efi/sb.c + create mode 100644 grub-core/loader/efi/linux.c + create mode 100644 grub-core/loader/i386/efi/linux.c + create mode 100644 include/grub/efi/linux.h + create mode 100644 include/grub/efi/sb.h + create mode 100644 include/grub/ia64/linux.h + create mode 100644 include/grub/mips/linux.h + create mode 100644 include/grub/powerpc/linux.h + create mode 100644 include/grub/sparc64/linux.h + +diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am +index 3ea8e7f..c6ba5b2 100644 +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -71,6 +71,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/device.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/disk.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/dl.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h +diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def +index aadb4cd..1731c53 100644 +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -207,6 +207,7 @@ kernel = { + i386_multiboot = kern/i386/pc/acpi.c; + i386_coreboot = kern/acpi.c; + i386_multiboot = kern/acpi.c; ++ common = kern/efi/sb.c; + + x86 = kern/i386/tsc.c; + x86 = kern/i386/tsc_pit.c; +@@ -1790,10 +1791,13 @@ module = { + ia64_efi = loader/ia64/efi/linux.c; + arm_coreboot = loader/arm/linux.c; + arm_efi = loader/arm64/linux.c; ++ arm_efi = loader/efi/linux.c; + arm_uboot = loader/arm/linux.c; + arm64 = loader/arm64/linux.c; ++ arm64 = loader/efi/linux.c; + riscv32 = loader/riscv/linux.c; + riscv64 = loader/riscv/linux.c; ++ cflags = '-Wno-error=cast-align'; + common = loader/linux.c; + common = lib/cmdline.c; + enable = noemu; +@@ -1802,7 +1806,7 @@ module = { + module = { + name = fdt; + efi = loader/efi/fdt.c; +- common = lib/fdt.c; ++ fdt = lib/fdt.c; + enable = fdt; + }; + +@@ -1857,12 +1861,22 @@ module = { + enable = x86_64_efi; + }; + ++module = { ++ name = linuxefi; ++ efi = loader/i386/efi/linux.c; ++ efi = loader/efi/linux.c; ++ cflags = '-Wno-error=cast-align'; ++ enable = i386_efi; ++ enable = x86_64_efi; ++}; ++ + module = { + name = chain; + efi = loader/efi/chainloader.c; + i386_pc = loader/i386/pc/chainloader.c; + i386_coreboot = loader/i386/coreboot/chainloader.c; + i386_coreboot = lib/LzmaDec.c; ++ cflags = '-Wno-error=cast-align'; + enable = i386_pc; + enable = i386_coreboot; + enable = efi; +diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c +index a0c164e..41a7f3f 100644 +--- a/grub-core/commands/iorw.c ++++ b/grub-core/commands/iorw.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -118,6 +119,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv) + + GRUB_MOD_INIT(memrw) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_read_byte = + grub_register_extcmd ("inb", grub_cmd_read, 0, + N_("PORT"), N_("Read 8-bit value from PORT."), +@@ -146,6 +150,9 @@ GRUB_MOD_INIT(memrw) + + GRUB_MOD_FINI(memrw) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_extcmd (cmd_read_byte); + grub_unregister_extcmd (cmd_read_word); + grub_unregister_extcmd (cmd_read_dword); +diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c +index 98769ea..088cbe9 100644 +--- a/grub-core/commands/memrw.c ++++ b/grub-core/commands/memrw.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -120,6 +121,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv) + + GRUB_MOD_INIT(memrw) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_read_byte = + grub_register_extcmd ("read_byte", grub_cmd_read, 0, + N_("ADDR"), N_("Read 8-bit value from ADDR."), +@@ -148,6 +152,9 @@ GRUB_MOD_INIT(memrw) + + GRUB_MOD_FINI(memrw) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_extcmd (cmd_read_byte); + grub_unregister_extcmd (cmd_read_word); + grub_unregister_extcmd (cmd_read_dword); +diff --git a/grub-core/kern/arm/coreboot/coreboot.S b/grub-core/kern/arm/coreboot/coreboot.S +index a110452..70998c0 100644 +--- a/grub-core/kern/arm/coreboot/coreboot.S ++++ b/grub-core/kern/arm/coreboot/coreboot.S +@@ -42,3 +42,9 @@ FUNCTION(grub_armv7_get_timer_frequency) + mrc p15, 0, r0, c14, c0, 0 + bx lr + ++int ++EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size); ++grub_err_t ++EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, ++ void *kernel_param); ++ +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index 074dfc3..d665c10 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + + /* Platforms where modules are in a readonly area of memory. */ + #if defined(GRUB_MACHINE_QEMU) +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 96204e3..6e1ceb9 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -273,34 +273,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, + return NULL; + } + +-grub_efi_boolean_t +-grub_efi_secure_boot (void) +-{ +- grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; +- grub_size_t datasize; +- char *secure_boot = NULL; +- char *setup_mode = NULL; +- grub_efi_boolean_t ret = 0; +- +- secure_boot = grub_efi_get_variable ("SecureBoot", &efi_var_guid, &datasize); +- +- if (datasize != 1 || !secure_boot) +- goto out; +- +- setup_mode = grub_efi_get_variable ("SetupMode", &efi_var_guid, &datasize); +- +- if (datasize != 1 || !setup_mode) +- goto out; +- +- if (*secure_boot && !*setup_mode) +- ret = 1; +- +- out: +- grub_free (secure_boot); +- grub_free (setup_mode); +- return ret; +-} +- + #pragma GCC diagnostic ignored "-Wcast-align" + + /* Search the mods section from the PE32/PE32+ image. This code uses +diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c +index b02fab1..a9e3710 100644 +--- a/grub-core/kern/efi/mm.c ++++ b/grub-core/kern/efi/mm.c +@@ -113,6 +113,38 @@ grub_efi_drop_alloc (grub_efi_physical_address_t address, + } + } + ++/* Allocate pages below a specified address */ ++void * ++grub_efi_allocate_pages_max (grub_efi_physical_address_t max, ++ grub_efi_uintn_t pages) ++{ ++ grub_efi_status_t status; ++ grub_efi_boot_services_t *b; ++ grub_efi_physical_address_t address = max; ++ ++ if (max > 0xffffffff) ++ return 0; ++ ++ b = grub_efi_system_table->boot_services; ++ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ return 0; ++ ++ if (address == 0) ++ { ++ /* Uggh, the address 0 was allocated... This is too annoying, ++ so reallocate another one. */ ++ address = max; ++ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address); ++ grub_efi_free_pages (0, pages); ++ if (status != GRUB_EFI_SUCCESS) ++ return 0; ++ } ++ ++ return (void *) ((grub_addr_t) address); ++} ++ + /* Allocate pages. Return the pointer to the first of allocated pages. */ + void * + grub_efi_allocate_pages_real (grub_efi_physical_address_t address, +diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c +new file mode 100644 +index 0000000..c14f401 +--- /dev/null ++++ b/grub-core/kern/efi/sb.c +@@ -0,0 +1,66 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2014 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#ifdef GRUB_MACHINE_EFI ++#include ++#endif ++#include ++#include ++#include ++#include ++ ++int ++grub_efi_secure_boot (void) ++{ ++#ifdef GRUB_MACHINE_EFI ++ grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; ++ grub_size_t datasize; ++ char *secure_boot = NULL; ++ char *setup_mode = NULL; ++ grub_efi_boolean_t ret = 0; ++ ++ secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize); ++ if (datasize != 1 || !secure_boot) ++ { ++ grub_dprintf ("secureboot", "No SecureBoot variable\n"); ++ goto out; ++ } ++ grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot); ++ ++ setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize); ++ if (datasize != 1 || !setup_mode) ++ { ++ grub_dprintf ("secureboot", "No SetupMode variable\n"); ++ goto out; ++ } ++ grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode); ++ ++ if (*secure_boot && !*setup_mode) ++ ret = 1; ++ ++ out: ++ grub_free (secure_boot); ++ grub_free (setup_mode); ++ return ret; ++#else ++ return 0; ++#endif ++} +diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c +index ef3e9f9..1a5296a 100644 +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -48,6 +49,13 @@ static grub_uint32_t cmdline_size; + static grub_addr_t initrd_start; + static grub_addr_t initrd_end; + ++struct grub_arm64_linux_pe_header ++{ ++ grub_uint32_t magic; ++ struct grub_pe32_coff_header coff; ++ struct grub_pe64_optional_header opt; ++}; ++ + grub_err_t + grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh) + { +@@ -289,6 +297,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_file_t file = 0; + struct linux_arch_kernel_header lh; + grub_err_t err; ++ int rc; + + grub_dl_ref (my_mod); + +@@ -333,6 +342,13 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); + ++ rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); ++ if (rc < 0) ++ { ++ grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); ++ goto fail; ++ } ++ + cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE); + linux_args = grub_malloc (cmdline_size); + if (!linux_args) +diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c +index 74888c4..69c2a10 100644 +--- a/grub-core/loader/efi/appleloader.c ++++ b/grub-core/loader/efi/appleloader.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -227,6 +228,9 @@ static grub_command_t cmd; + + GRUB_MOD_INIT(appleloader) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd = grub_register_command ("appleloader", grub_cmd_appleloader, + N_("[OPTS]"), + /* TRANSLATORS: This command is used on EFI to +@@ -238,5 +242,8 @@ GRUB_MOD_INIT(appleloader) + + GRUB_MOD_FINI(appleloader) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_command (cmd); + } +diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c +index cd92ea3..ec80f41 100644 +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -32,6 +32,9 @@ + #include + #include + #include ++#include ++#include ++#include + #include + #include + #include +@@ -46,9 +49,14 @@ static grub_dl_t my_mod; + + static grub_efi_physical_address_t address; + static grub_efi_uintn_t pages; ++static grub_ssize_t fsize; + static grub_efi_device_path_t *file_path; + static grub_efi_handle_t image_handle; + static grub_efi_char16_t *cmdline; ++static grub_ssize_t cmdline_len; ++static grub_efi_handle_t dev_handle; ++ ++static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); + + static grub_err_t + grub_chainloader_unload (void) +@@ -63,6 +71,7 @@ grub_chainloader_unload (void) + grub_free (cmdline); + cmdline = 0; + file_path = 0; ++ dev_handle = 0; + + grub_dl_unref (my_mod); + return GRUB_ERR_NONE; +@@ -179,7 +188,6 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + /* Fill the file path for the directory. */ + d = (grub_efi_device_path_t *) ((char *) file_path + + ((char *) d - (char *) dp)); +- grub_efi_print_device_path (d); + copy_file_path ((grub_efi_file_path_device_path_t *) d, + dir_start, dir_end - dir_start); + +@@ -197,20 +205,694 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) + return file_path; + } + ++#define SHIM_LOCK_GUID \ ++ { 0x605dab50, 0xe046, 0x4300, { 0xab,0xb6,0x3d,0xd8,0x10,0xdd,0x8b,0x23 } } ++ ++typedef union ++{ ++ struct grub_pe32_header_32 pe32; ++ struct grub_pe32_header_64 pe32plus; ++} grub_pe_header_t; ++ ++struct pe_coff_loader_image_context ++{ ++ grub_efi_uint64_t image_address; ++ grub_efi_uint64_t image_size; ++ grub_efi_uint64_t entry_point; ++ grub_efi_uintn_t size_of_headers; ++ grub_efi_uint16_t image_type; ++ grub_efi_uint16_t number_of_sections; ++ grub_efi_uint32_t section_alignment; ++ struct grub_pe32_section_table *first_section; ++ struct grub_pe32_data_directory *reloc_dir; ++ struct grub_pe32_data_directory *sec_dir; ++ grub_efi_uint64_t number_of_rva_and_sizes; ++ grub_pe_header_t *pe_hdr; ++}; ++ ++typedef struct pe_coff_loader_image_context pe_coff_loader_image_context_t; ++ ++struct grub_efi_shim_lock ++{ ++ grub_efi_status_t (*verify)(void *buffer, ++ grub_efi_uint32_t size); ++ grub_efi_status_t (*hash)(void *data, ++ grub_efi_int32_t datasize, ++ pe_coff_loader_image_context_t *context, ++ grub_efi_uint8_t *sha256hash, ++ grub_efi_uint8_t *sha1hash); ++ grub_efi_status_t (*context)(void *data, ++ grub_efi_uint32_t size, ++ pe_coff_loader_image_context_t *context); ++}; ++ ++typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; ++ ++static grub_efi_boolean_t ++read_header (void *data, grub_efi_uint32_t size, ++ pe_coff_loader_image_context_t *context) ++{ ++ grub_efi_guid_t guid = SHIM_LOCK_GUID; ++ grub_efi_shim_lock_t *shim_lock; ++ grub_efi_status_t status; ++ ++ shim_lock = grub_efi_locate_protocol (&guid, NULL); ++ if (!shim_lock) ++ { ++ grub_dprintf ("chain", "no shim lock protocol"); ++ return 0; ++ } ++ ++ status = shim_lock->context (data, size, context); ++ ++ if (status == GRUB_EFI_SUCCESS) ++ { ++ grub_dprintf ("chain", "context success\n"); ++ return 1; ++ } ++ ++ switch (status) ++ { ++ case GRUB_EFI_UNSUPPORTED: ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error unsupported"); ++ break; ++ case GRUB_EFI_INVALID_PARAMETER: ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error invalid parameter"); ++ break; ++ default: ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error code"); ++ break; ++ } ++ ++ return -1; ++} ++ ++static void* ++image_address (void *image, grub_efi_uint64_t sz, grub_efi_uint64_t adr) ++{ ++ if (adr > sz) ++ return NULL; ++ ++ return ((grub_uint8_t*)image + adr); ++} ++ ++static int ++image_is_64_bit (grub_pe_header_t *pe_hdr) ++{ ++ /* .Magic is the same offset in all cases */ ++ if (pe_hdr->pe32plus.optional_header.magic == GRUB_PE32_PE64_MAGIC) ++ return 1; ++ return 0; ++} ++ ++static const grub_uint16_t machine_type __attribute__((__unused__)) = ++#if defined(__x86_64__) ++ GRUB_PE32_MACHINE_X86_64; ++#elif defined(__aarch64__) ++ GRUB_PE32_MACHINE_ARM64; ++#elif defined(__arm__) ++ GRUB_PE32_MACHINE_ARMTHUMB_MIXED; ++#elif defined(__i386__) || defined(__i486__) || defined(__i686__) ++ GRUB_PE32_MACHINE_I386; ++#elif defined(__ia64__) ++ GRUB_PE32_MACHINE_IA64; ++#else ++#error this architecture is not supported by grub2 ++#endif ++ ++static grub_efi_status_t ++relocate_coff (pe_coff_loader_image_context_t *context, ++ struct grub_pe32_section_table *section, ++ void *orig, void *data) ++{ ++ struct grub_pe32_data_directory *reloc_base, *reloc_base_end; ++ grub_efi_uint64_t adjust; ++ struct grub_pe32_fixup_block *reloc, *reloc_end; ++ char *fixup, *fixup_base, *fixup_data = NULL; ++ grub_efi_uint16_t *fixup_16; ++ grub_efi_uint32_t *fixup_32; ++#if defined(__x86_64__) || defined(__aarch64__) ++ grub_efi_uint64_t *fixup_64; ++#endif /* defined(__x86_64__) || defined(__aarch64__) */ ++ grub_efi_uint64_t size = context->image_size; ++ void *image_end = (char *)orig + size; ++ int n = 0; ++ ++ if (image_is_64_bit (context->pe_hdr)) ++ context->pe_hdr->pe32plus.optional_header.image_base = ++ (grub_uint64_t)(unsigned long)data; ++ else ++ context->pe_hdr->pe32.optional_header.image_base = ++ (grub_uint32_t)(unsigned long)data; ++ ++ /* Alright, so here's how this works: ++ * ++ * context->reloc_dir gives us two things: ++ * - the VA the table of base relocation blocks are (maybe) to be ++ * mapped at (reloc_dir->rva) ++ * - the virtual size (reloc_dir->size) ++ * ++ * The .reloc section (section here) gives us some other things: ++ * - the name! kind of. (section->name) ++ * - the virtual size (section->virtual_size), which should be the same ++ * as RelocDir->Size ++ * - the virtual address (section->virtual_address) ++ * - the file section size (section->raw_data_size), which is ++ * a multiple of optional_header->file_alignment. Only useful for image ++ * validation, not really useful for iteration bounds. ++ * - the file address (section->raw_data_offset) ++ * - a bunch of stuff we don't use that's 0 in our binaries usually ++ * - Flags (section->characteristics) ++ * ++ * and then the thing that's actually at the file address is an array ++ * of struct grub_pe32_fixup_block structs with some values packed behind ++ * them. The block_size field of this structure includes the ++ * structure itself, and adding it to that structure's address will ++ * yield the next entry in the array. ++ */ ++ ++ reloc_base = image_address (orig, size, section->raw_data_offset); ++ reloc_base_end = image_address (orig, size, section->raw_data_offset ++ + section->virtual_size); ++ ++ grub_dprintf ("chain", "relocate_coff(): reloc_base %p reloc_base_end %p\n", ++ reloc_base, reloc_base_end); ++ ++ if (!reloc_base && !reloc_base_end) ++ return GRUB_EFI_SUCCESS; ++ ++ if (!reloc_base || !reloc_base_end) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc table overflows binary"); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ ++ adjust = (grub_uint64_t)(grub_addr_t)data - context->image_address; ++ if (adjust == 0) ++ return GRUB_EFI_SUCCESS; ++ ++ while (reloc_base < reloc_base_end) ++ { ++ grub_uint16_t *entry; ++ reloc = (struct grub_pe32_fixup_block *)reloc_base; ++ ++ if ((reloc_base->size == 0) || ++ (reloc_base->size > context->reloc_dir->size)) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Reloc %d block size %d is invalid\n", n, ++ reloc_base->size); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ ++ entry = &reloc->entries[0]; ++ reloc_end = (struct grub_pe32_fixup_block *) ++ ((char *)reloc_base + reloc_base->size); ++ ++ if ((void *)reloc_end < orig || (void *)reloc_end > image_end) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc entry %d overflows binary", ++ n); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ ++ fixup_base = image_address(data, size, reloc_base->rva); ++ ++ if (!fixup_base) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc %d Invalid fixupbase", n); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ ++ while ((void *)entry < (void *)reloc_end) ++ { ++ fixup = fixup_base + (*entry & 0xFFF); ++ switch ((*entry) >> 12) ++ { ++ case GRUB_PE32_REL_BASED_ABSOLUTE: ++ break; ++ case GRUB_PE32_REL_BASED_HIGH: ++ fixup_16 = (grub_uint16_t *)fixup; ++ *fixup_16 = (grub_uint16_t) ++ (*fixup_16 + ((grub_uint16_t)((grub_uint32_t)adjust >> 16))); ++ if (fixup_data != NULL) ++ { ++ *(grub_uint16_t *) fixup_data = *fixup_16; ++ fixup_data = fixup_data + sizeof (grub_uint16_t); ++ } ++ break; ++ case GRUB_PE32_REL_BASED_LOW: ++ fixup_16 = (grub_uint16_t *)fixup; ++ *fixup_16 = (grub_uint16_t) (*fixup_16 + (grub_uint16_t)adjust); ++ if (fixup_data != NULL) ++ { ++ *(grub_uint16_t *) fixup_data = *fixup_16; ++ fixup_data = fixup_data + sizeof (grub_uint16_t); ++ } ++ break; ++ case GRUB_PE32_REL_BASED_HIGHLOW: ++ fixup_32 = (grub_uint32_t *)fixup; ++ *fixup_32 = *fixup_32 + (grub_uint32_t)adjust; ++ if (fixup_data != NULL) ++ { ++ fixup_data = (char *)ALIGN_UP ((grub_addr_t)fixup_data, sizeof (grub_uint32_t)); ++ *(grub_uint32_t *) fixup_data = *fixup_32; ++ fixup_data += sizeof (grub_uint32_t); ++ } ++ break; ++#if defined(__x86_64__) || defined(__aarch64__) ++ case GRUB_PE32_REL_BASED_DIR64: ++ fixup_64 = (grub_uint64_t *)fixup; ++ *fixup_64 = *fixup_64 + (grub_uint64_t)adjust; ++ if (fixup_data != NULL) ++ { ++ fixup_data = (char *)ALIGN_UP ((grub_addr_t)fixup_data, sizeof (grub_uint64_t)); ++ *(grub_uint64_t *) fixup_data = *fixup_64; ++ fixup_data += sizeof (grub_uint64_t); ++ } ++ break; ++#endif /* defined(__x86_64__) || defined(__aarch64__) */ ++ default: ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Reloc %d unknown relocation type %d", ++ n, (*entry) >> 12); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ entry += 1; ++ } ++ reloc_base = (struct grub_pe32_data_directory *)reloc_end; ++ n++; ++ } ++ ++ return GRUB_EFI_SUCCESS; ++} ++ ++static grub_efi_device_path_t * ++grub_efi_get_media_file_path (grub_efi_device_path_t *dp) ++{ ++ while (1) ++ { ++ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); ++ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); ++ ++ if (type == GRUB_EFI_END_DEVICE_PATH_TYPE) ++ break; ++ else if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE ++ && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) ++ return dp; ++ ++ dp = GRUB_EFI_NEXT_DEVICE_PATH (dp); ++ } ++ ++ return NULL; ++} ++ ++static grub_efi_boolean_t ++handle_image (void *data, grub_efi_uint32_t datasize) ++{ ++ grub_efi_boot_services_t *b; ++ grub_efi_loaded_image_t *li, li_bak; ++ int efi_status; ++ char *buffer = NULL; ++ char *buffer_aligned = NULL; ++ grub_efi_uint32_t i; ++ struct grub_pe32_section_table *section; ++ char *base, *end; ++ pe_coff_loader_image_context_t context; ++ grub_uint32_t section_alignment; ++ grub_uint32_t buffer_size; ++ int found_entry_point = 0; ++ int rc; ++ ++ b = grub_efi_system_table->boot_services; ++ ++ rc = read_header (data, datasize, &context); ++ if (rc < 0) ++ { ++ grub_dprintf ("chain", "Failed to read header\n"); ++ goto error_exit; ++ } ++ else if (rc == 0) ++ { ++ grub_dprintf ("chain", "Secure Boot is not enabled\n"); ++ return 0; ++ } ++ else ++ { ++ grub_dprintf ("chain", "Header read without error\n"); ++ } ++ ++ /* ++ * The spec says, uselessly, of SectionAlignment: ++ * ===== ++ * The alignment (in bytes) of sections when they are loaded into ++ * memory. It must be greater than or equal to FileAlignment. The ++ * default is the page size for the architecture. ++ * ===== ++ * Which doesn't tell you whose responsibility it is to enforce the ++ * "default", or when. It implies that the value in the field must ++ * be > FileAlignment (also poorly defined), but it appears visual ++ * studio will happily write 512 for FileAlignment (its default) and ++ * 0 for SectionAlignment, intending to imply PAGE_SIZE. ++ * ++ * We only support one page size, so if it's zero, nerf it to 4096. ++ */ ++ section_alignment = context.section_alignment; ++ if (section_alignment == 0) ++ section_alignment = 4096; ++ ++ buffer_size = context.image_size + section_alignment; ++ grub_dprintf ("chain", "image size is %08" PRIuGRUB_UINT64_T ", datasize is %08x\n", ++ context.image_size, datasize); ++ ++ efi_status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA, ++ buffer_size, (void**)&buffer); ++ ++ if (efi_status != GRUB_EFI_SUCCESS) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ goto error_exit; ++ } ++ ++ buffer_aligned = (char *)ALIGN_UP ((grub_addr_t)buffer, section_alignment); ++ if (!buffer_aligned) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ goto error_exit; ++ } ++ ++ grub_memcpy (buffer_aligned, data, context.size_of_headers); ++ ++ entry_point = image_address (buffer_aligned, context.image_size, ++ context.entry_point); ++ ++ grub_dprintf ("chain", "entry_point: %p\n", entry_point); ++ if (!entry_point) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid entry point"); ++ goto error_exit; ++ } ++ ++ char *reloc_base, *reloc_base_end; ++ grub_dprintf ("chain", "reloc_dir: %p reloc_size: 0x%08x\n", ++ (void *) ((grub_addr_t)context.reloc_dir->rva), ++ context.reloc_dir->size); ++ reloc_base = image_address (buffer_aligned, context.image_size, ++ context.reloc_dir->rva); ++ /* RelocBaseEnd here is the address of the last byte of the table */ ++ reloc_base_end = image_address (buffer_aligned, context.image_size, ++ context.reloc_dir->rva ++ + context.reloc_dir->size - 1); ++ grub_dprintf ("chain", "reloc_base: %p reloc_base_end: %p\n", ++ reloc_base, reloc_base_end); ++ ++ struct grub_pe32_section_table *reloc_section = NULL, fake_reloc_section; ++ ++ section = context.first_section; ++ for (i = 0; i < context.number_of_sections; i++, section++) ++ { ++ char name[9]; ++ ++ base = image_address (buffer_aligned, context.image_size, ++ section->virtual_address); ++ end = image_address (buffer_aligned, context.image_size, ++ section->virtual_address + section->virtual_size -1); ++ ++ grub_strncpy(name, section->name, 9); ++ name[8] = '\0'; ++ grub_dprintf ("chain", "Section %d \"%s\" at %p..%p\n", i, ++ name, base, end); ++ ++ if (end < base) ++ { ++ grub_dprintf ("chain", " base is %p but end is %p... bad.\n", ++ base, end); ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Image has invalid negative size"); ++ goto error_exit; ++ } ++ ++ if (section->virtual_address <= context.entry_point && ++ (section->virtual_address + section->raw_data_size - 1) ++ > context.entry_point) ++ { ++ found_entry_point++; ++ grub_dprintf ("chain", " section contains entry point\n"); ++ } ++ ++ /* We do want to process .reloc, but it's often marked ++ * discardable, so we don't want to memcpy it. */ ++ if (grub_memcmp (section->name, ".reloc\0\0", 8) == 0) ++ { ++ if (reloc_section) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Image has multiple relocation sections"); ++ goto error_exit; ++ } ++ ++ /* If it has nonzero sizes, and our bounds check ++ * made sense, and the VA and size match RelocDir's ++ * versions, then we believe in this section table. */ ++ if (section->raw_data_size && section->virtual_size && ++ base && end && reloc_base == base) ++ { ++ if (reloc_base_end == end) ++ { ++ grub_dprintf ("chain", " section is relocation section\n"); ++ reloc_section = section; ++ } ++ else if (reloc_base_end && reloc_base_end < end) ++ { ++ /* Bogus virtual size in the reloc section -- RelocDir ++ * reported a smaller Base Relocation Directory. Decrease ++ * the section's virtual size so that it equal RelocDir's ++ * idea, but only for the purposes of relocate_coff(). */ ++ grub_dprintf ("chain", ++ " section is (overlong) relocation section\n"); ++ grub_memcpy (&fake_reloc_section, section, sizeof *section); ++ fake_reloc_section.virtual_size -= (end - reloc_base_end); ++ reloc_section = &fake_reloc_section; ++ } ++ } ++ ++ if (!reloc_section) ++ { ++ grub_dprintf ("chain", " section is not reloc section?\n"); ++ grub_dprintf ("chain", " rds: 0x%08x, vs: %08x\n", ++ section->raw_data_size, section->virtual_size); ++ grub_dprintf ("chain", " base: %p end: %p\n", base, end); ++ grub_dprintf ("chain", " reloc_base: %p reloc_base_end: %p\n", ++ reloc_base, reloc_base_end); ++ } ++ } ++ ++ grub_dprintf ("chain", " Section characteristics are %08x\n", ++ section->characteristics); ++ grub_dprintf ("chain", " Section virtual size: %08x\n", ++ section->virtual_size); ++ grub_dprintf ("chain", " Section raw_data size: %08x\n", ++ section->raw_data_size); ++ if (section->characteristics & GRUB_PE32_SCN_MEM_DISCARDABLE) ++ { ++ grub_dprintf ("chain", " Discarding section\n"); ++ continue; ++ } ++ ++ if (!base || !end) ++ { ++ grub_dprintf ("chain", " section is invalid\n"); ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid section size"); ++ goto error_exit; ++ } ++ ++ if (section->characteristics & GRUB_PE32_SCN_CNT_UNINITIALIZED_DATA) ++ { ++ if (section->raw_data_size != 0) ++ grub_dprintf ("chain", " UNINITIALIZED_DATA section has data?\n"); ++ } ++ else if (section->virtual_address < context.size_of_headers || ++ section->raw_data_offset < context.size_of_headers) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Section %d is inside image headers", i); ++ goto error_exit; ++ } ++ ++ if (section->raw_data_size > 0) ++ { ++ grub_dprintf ("chain", " copying 0x%08x bytes to %p\n", ++ section->raw_data_size, base); ++ grub_memcpy (base, ++ (grub_efi_uint8_t*)data + section->raw_data_offset, ++ section->raw_data_size); ++ } ++ ++ if (section->raw_data_size < section->virtual_size) ++ { ++ grub_dprintf ("chain", " padding with 0x%08x bytes at %p\n", ++ section->virtual_size - section->raw_data_size, ++ base + section->raw_data_size); ++ grub_memset (base + section->raw_data_size, 0, ++ section->virtual_size - section->raw_data_size); ++ } ++ ++ grub_dprintf ("chain", " finished section %s\n", name); ++ } ++ ++ /* 5 == EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC */ ++ if (context.number_of_rva_and_sizes <= 5) ++ { ++ grub_dprintf ("chain", "image has no relocation entry\n"); ++ goto error_exit; ++ } ++ ++ if (context.reloc_dir->size && reloc_section) ++ { ++ /* run the relocation fixups */ ++ efi_status = relocate_coff (&context, reloc_section, data, ++ buffer_aligned); ++ ++ if (efi_status != GRUB_EFI_SUCCESS) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "relocation failed"); ++ goto error_exit; ++ } ++ } ++ ++ if (!found_entry_point) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "entry point is not within sections"); ++ goto error_exit; ++ } ++ if (found_entry_point > 1) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "%d sections contain entry point", ++ found_entry_point); ++ goto error_exit; ++ } ++ ++ li = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (!li) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "no loaded image available"); ++ goto error_exit; ++ } ++ ++ grub_memcpy (&li_bak, li, sizeof (grub_efi_loaded_image_t)); ++ li->image_base = buffer_aligned; ++ li->image_size = context.image_size; ++ li->load_options = cmdline; ++ li->load_options_size = cmdline_len; ++ li->file_path = grub_efi_get_media_file_path (file_path); ++ li->device_handle = dev_handle; ++ if (!li->file_path) ++ { ++ grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found"); ++ goto error_exit; ++ } ++ ++ grub_dprintf ("chain", "booting via entry point\n"); ++ efi_status = efi_call_2 (entry_point, grub_efi_image_handle, ++ grub_efi_system_table); ++ ++ grub_dprintf ("chain", "entry_point returned %d\n", efi_status); ++ grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t)); ++ efi_status = efi_call_1 (b->free_pool, buffer); ++ ++ return 1; ++ ++error_exit: ++ grub_dprintf ("chain", "error_exit: grub_errno: %d\n", grub_errno); ++ if (buffer) ++ efi_call_1 (b->free_pool, buffer); ++ ++ return 0; ++} ++ ++static grub_err_t ++grub_secureboot_chainloader_unload (void) ++{ ++ grub_efi_boot_services_t *b; ++ ++ b = grub_efi_system_table->boot_services; ++ efi_call_2 (b->free_pages, address, pages); ++ grub_free (file_path); ++ grub_free (cmdline); ++ cmdline = 0; ++ file_path = 0; ++ dev_handle = 0; ++ ++ grub_dl_unref (my_mod); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_load_and_start_image(void *boot_image) ++{ ++ grub_efi_boot_services_t *b; ++ grub_efi_status_t status; ++ grub_efi_loaded_image_t *loaded_image; ++ ++ b = grub_efi_system_table->boot_services; ++ ++ status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, ++ boot_image, fsize, &image_handle); ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ if (status == GRUB_EFI_OUT_OF_RESOURCES) ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources"); ++ else ++ grub_error (GRUB_ERR_BAD_OS, "cannot load image"); ++ return -1; ++ } ++ ++ /* LoadImage does not set a device handler when the image is ++ loaded from memory, so it is necessary to set it explicitly here. ++ This is a mess. */ ++ loaded_image = grub_efi_get_loaded_image (image_handle); ++ if (! loaded_image) ++ { ++ grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); ++ return -1; ++ } ++ loaded_image->device_handle = dev_handle; ++ ++ if (cmdline) ++ { ++ loaded_image->load_options = cmdline; ++ loaded_image->load_options_size = cmdline_len; ++ } ++ ++ return 0; ++} ++ ++static grub_err_t ++grub_secureboot_chainloader_boot (void) ++{ ++ int rc; ++ rc = handle_image ((void *)((grub_addr_t) address), fsize); ++ if (rc == 0) ++ { ++ grub_load_and_start_image((void *)((grub_addr_t) address)); ++ } ++ ++ grub_loader_unset (); ++ return grub_errno; ++} ++ + static grub_err_t + grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + int argc, char *argv[]) + { + grub_file_t file = 0; +- grub_ssize_t size; + grub_efi_status_t status; + grub_efi_boot_services_t *b; + grub_device_t dev = 0; + grub_efi_device_path_t *dp = 0; +- grub_efi_loaded_image_t *loaded_image; + char *filename; + void *boot_image = 0; +- grub_efi_handle_t dev_handle = 0; ++ int rc; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -222,15 +904,45 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + address = 0; + image_handle = 0; + file_path = 0; ++ dev_handle = 0; + + b = grub_efi_system_table->boot_services; + ++ if (argc > 1) ++ { ++ int i; ++ grub_efi_char16_t *p16; ++ ++ for (i = 1, cmdline_len = 0; i < argc; i++) ++ cmdline_len += grub_strlen (argv[i]) + 1; ++ ++ cmdline_len *= sizeof (grub_efi_char16_t); ++ cmdline = p16 = grub_malloc (cmdline_len); ++ if (! cmdline) ++ goto fail; ++ ++ for (i = 1; i < argc; i++) ++ { ++ char *p8; ++ ++ p8 = argv[i]; ++ while (*p8) ++ *(p16++) = *(p8++); ++ ++ *(p16++) = ' '; ++ } ++ *(--p16) = 0; ++ } ++ + file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE); + if (! file) + goto fail; + +- /* Get the root device's device path. */ +- dev = grub_device_open (0); ++ /* Get the device path from filename. */ ++ char *devname = grub_file_get_device_name (filename); ++ dev = grub_device_open (devname); ++ if (devname) ++ grub_free (devname); + if (! dev) + goto fail; + +@@ -267,17 +979,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + if (! file_path) + goto fail; + +- grub_printf ("file path: "); +- grub_efi_print_device_path (file_path); +- +- size = grub_file_size (file); +- if (!size) ++ fsize = grub_file_size (file); ++ if (!fsize) + { + grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), + filename); + goto fail; + } +- pages = (((grub_efi_uintn_t) size + ((1 << 12) - 1)) >> 12); ++ pages = (((grub_efi_uintn_t) fsize + ((1 << 12) - 1)) >> 12); + + status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_ANY_PAGES, + GRUB_EFI_LOADER_CODE, +@@ -291,7 +1000,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + } + + boot_image = (void *) ((grub_addr_t) address); +- if (grub_file_read (file, boot_image, size) != size) ++ if (grub_file_read (file, boot_image, fsize) != fsize) + { + if (grub_errno == GRUB_ERR_NONE) + grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +@@ -301,7 +1010,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + } + + #if defined (__i386__) || defined (__x86_64__) +- if (size >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) ++ if (fsize >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) + { + struct grub_macho_fat_header *head = boot_image; + if (head->magic +@@ -310,6 +1019,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + grub_uint32_t i; + struct grub_macho_fat_arch *archs + = (struct grub_macho_fat_arch *) (head + 1); ++ ++ if (grub_efi_secure_boot()) ++ { ++ grub_error (GRUB_ERR_BAD_OS, ++ "MACHO binaries are forbidden with Secure Boot"); ++ goto fail; ++ } ++ + for (i = 0; i < grub_cpu_to_le32 (head->nfat_arch); i++) + { + if (GRUB_MACHO_CPUTYPE_IS_HOST_CURRENT (archs[i].cputype)) +@@ -324,79 +1041,40 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + > ~grub_cpu_to_le32 (archs[i].size) + || grub_cpu_to_le32 (archs[i].offset) + + grub_cpu_to_le32 (archs[i].size) +- > (grub_size_t) size) ++ > (grub_size_t) fsize) + { + grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), + filename); + goto fail; + } + boot_image = (char *) boot_image + grub_cpu_to_le32 (archs[i].offset); +- size = grub_cpu_to_le32 (archs[i].size); ++ fsize = grub_cpu_to_le32 (archs[i].size); + } + } + #endif + +- status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, +- boot_image, size, +- &image_handle); +- if (status != GRUB_EFI_SUCCESS) ++ rc = grub_linuxefi_secure_validate((void *)((grub_addr_t) address), fsize); ++ grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc); ++ if (rc > 0) + { +- if (status == GRUB_EFI_OUT_OF_RESOURCES) +- grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources"); +- else +- grub_error (GRUB_ERR_BAD_OS, "cannot load image"); +- +- goto fail; +- } +- +- /* LoadImage does not set a device handler when the image is +- loaded from memory, so it is necessary to set it explicitly here. +- This is a mess. */ +- loaded_image = grub_efi_get_loaded_image (image_handle); +- if (! loaded_image) +- { +- grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); +- goto fail; ++ grub_file_close (file); ++ grub_loader_set (grub_secureboot_chainloader_boot, ++ grub_secureboot_chainloader_unload, 0); ++ return 0; + } +- loaded_image->device_handle = dev_handle; +- +- if (argc > 1) ++ else if (rc == 0) + { +- int i, len; +- grub_efi_char16_t *p16; +- +- for (i = 1, len = 0; i < argc; i++) +- len += grub_strlen (argv[i]) + 1; +- +- len *= sizeof (grub_efi_char16_t); +- cmdline = p16 = grub_malloc (len); +- if (! cmdline) +- goto fail; ++ grub_load_and_start_image(boot_image); ++ grub_file_close (file); ++ grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); + +- for (i = 1; i < argc; i++) +- { +- char *p8; +- +- p8 = argv[i]; +- while (*p8) +- *(p16++) = *(p8++); +- +- *(p16++) = ' '; +- } +- *(--p16) = 0; +- +- loaded_image->load_options = cmdline; +- loaded_image->load_options_size = len; ++ return 0; + } + + grub_file_close (file); + grub_device_close (dev); + +- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); +- return 0; +- +- fail: +- ++fail: + if (dev) + grub_device_close (dev); + +@@ -408,6 +1086,9 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + if (address) + efi_call_2 (b->free_pages, address, pages); + ++ if (cmdline) ++ grub_free (cmdline); ++ + grub_dl_unref (my_mod); + + return grub_errno; +diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c +index f0c2d91..5360e6c 100644 +--- a/grub-core/loader/efi/fdt.c ++++ b/grub-core/loader/efi/fdt.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + static void *loaded_fdt; + static void *fdt; +diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c +new file mode 100644 +index 0000000..e372b26 +--- /dev/null ++++ b/grub-core/loader/efi/linux.c +@@ -0,0 +1,86 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2014 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define SHIM_LOCK_GUID \ ++ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } ++ ++struct grub_efi_shim_lock ++{ ++ grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size); ++}; ++typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; ++ ++int ++grub_linuxefi_secure_validate (void *data, grub_uint32_t size) ++{ ++ grub_efi_guid_t guid = SHIM_LOCK_GUID; ++ grub_efi_shim_lock_t *shim_lock; ++ int status; ++ ++ grub_dprintf ("linuxefi", "Locating shim protocol\n"); ++ shim_lock = grub_efi_locate_protocol(&guid, NULL); ++ grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock); ++ if (!shim_lock) ++ { ++ grub_dprintf ("secureboot", "shim not available\n"); ++ return 0; ++ } ++ ++ grub_dprintf ("secureboot", "Asking shim to verify kernel signature\n"); ++ status = shim_lock->verify (data, size); ++ grub_dprintf ("secureboot", "shim_lock->verify(): %d\n", status); ++ if (status == GRUB_EFI_SUCCESS) ++ { ++ grub_dprintf ("secureboot", "Kernel signature verification passed\n"); ++ return 1; ++ } ++ ++ grub_dprintf ("secureboot", "Kernel signature verification failed (0x%lx)\n", ++ (unsigned long) status); ++ ++ return -1; ++} ++ ++typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); ++ ++grub_err_t ++grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, ++ void *kernel_params) ++{ ++ handover_func hf; ++ int offset = 0; ++ ++#ifdef __x86_64__ ++ /* Offset to startup64 */ ++ offset = 512; ++#endif ++ ++ hf = (handover_func)((char *)kernel_addr + handover_offset + offset); ++ hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); ++ ++ return GRUB_ERR_BUG; ++} +diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c +index 3730ed3..5b9b92d 100644 +--- a/grub-core/loader/i386/bsd.c ++++ b/grub-core/loader/i386/bsd.c +@@ -39,6 +39,7 @@ + #ifdef GRUB_MACHINE_PCBIOS + #include + #endif ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -2130,6 +2131,9 @@ static grub_command_t cmd_netbsd_module_elf, cmd_openbsd_ramdisk; + + GRUB_MOD_INIT (bsd) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + /* Net and OpenBSD kernels are often compressed. */ + grub_dl_load ("gzio"); + +@@ -2169,6 +2173,9 @@ GRUB_MOD_INIT (bsd) + + GRUB_MOD_FINI (bsd) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_extcmd (cmd_freebsd); + grub_unregister_extcmd (cmd_openbsd); + grub_unregister_extcmd (cmd_netbsd); +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +new file mode 100644 +index 0000000..6b6aef8 +--- /dev/null ++++ b/grub-core/loader/i386/efi/linux.c +@@ -0,0 +1,379 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2012 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++static grub_dl_t my_mod; ++static int loaded; ++static void *kernel_mem; ++static grub_uint64_t kernel_size; ++static grub_uint8_t *initrd_mem; ++static grub_uint32_t handover_offset; ++struct linux_kernel_params *params; ++static char *linux_cmdline; ++ ++#define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) ++ ++static grub_err_t ++grub_linuxefi_boot (void) ++{ ++ asm volatile ("cli"); ++ ++ return grub_efi_linux_boot ((char *)kernel_mem, ++ handover_offset, ++ params); ++} ++ ++static grub_err_t ++grub_linuxefi_unload (void) ++{ ++ grub_dl_unref (my_mod); ++ loaded = 0; ++ if (initrd_mem) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, ++ BYTES_TO_PAGES(params->ramdisk_size)); ++ if (linux_cmdline) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) ++ linux_cmdline, ++ BYTES_TO_PAGES(params->cmdline_size + 1)); ++ if (kernel_mem) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, ++ BYTES_TO_PAGES(kernel_size)); ++ if (params) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)params, ++ BYTES_TO_PAGES(16384)); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), ++ int argc, char *argv[]) ++{ ++ grub_file_t *files = 0; ++ int i, nfiles = 0; ++ grub_size_t size = 0; ++ grub_uint8_t *ptr; ++ ++ if (argc == 0) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); ++ goto fail; ++ } ++ ++ if (!loaded) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("you need to load the kernel first")); ++ goto fail; ++ } ++ ++ files = grub_zalloc (argc * sizeof (files[0])); ++ if (!files) ++ goto fail; ++ ++ for (i = 0; i < argc; i++) ++ { ++ files[i] = grub_file_open (argv[i], GRUB_FILE_TYPE_LINUX_INITRD | GRUB_FILE_TYPE_NO_DECOMPRESS); ++ if (! files[i]) ++ goto fail; ++ nfiles++; ++ size += ALIGN_UP (grub_file_size (files[i]), 4); ++ } ++ ++ initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); ++ ++ if (!initrd_mem) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate initrd")); ++ goto fail; ++ } ++ ++ grub_dprintf ("linuxefi", "initrd_mem = %lx\n", (unsigned long) initrd_mem); ++ ++ params->ramdisk_size = size; ++ params->ramdisk_image = (grub_uint32_t)(grub_addr_t) initrd_mem; ++ ++ ptr = initrd_mem; ++ ++ for (i = 0; i < nfiles; i++) ++ { ++ grub_ssize_t cursize = grub_file_size (files[i]); ++ if (grub_file_read (files[i], ptr, cursize) != cursize) ++ { ++ if (!grub_errno) ++ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("premature end of file %s"), ++ argv[i]); ++ goto fail; ++ } ++ ptr += cursize; ++ grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4)); ++ ptr += ALIGN_UP_OVERHEAD (cursize, 4); ++ } ++ ++ params->ramdisk_size = size; ++ ++ fail: ++ for (i = 0; i < nfiles; i++) ++ grub_file_close (files[i]); ++ grub_free (files); ++ ++ if (initrd_mem && grub_errno) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, ++ BYTES_TO_PAGES(size)); ++ ++ return grub_errno; ++} ++ ++#define MIN(a, b) \ ++ ({ typeof (a) _a = (a); \ ++ typeof (b) _b = (b); \ ++ _a < _b ? _a : _b; }) ++ ++static grub_err_t ++grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), ++ int argc, char *argv[]) ++{ ++ grub_file_t file = 0; ++ struct linux_i386_kernel_header *lh = NULL; ++ grub_ssize_t start, filelen; ++ void *kernel = NULL; ++ int setup_header_end_offset; ++ int rc; ++ ++ grub_dl_ref (my_mod); ++ ++ if (argc == 0) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); ++ goto fail; ++ } ++ ++ file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL); ++ if (! file) ++ goto fail; ++ ++ filelen = grub_file_size (file); ++ ++ kernel = grub_malloc(filelen); ++ ++ if (!kernel) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); ++ goto fail; ++ } ++ ++ if (grub_file_read (file, kernel, filelen) != filelen) ++ { ++ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), ++ argv[0]); ++ goto fail; ++ } ++ ++ rc = grub_linuxefi_secure_validate (kernel, filelen); ++ if (rc < 0) ++ { ++ grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), ++ argv[0]); ++ goto fail; ++ } ++ ++ params = grub_efi_allocate_pages_max (0x3fffffff, ++ BYTES_TO_PAGES(sizeof(*params))); ++ if (! params) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); ++ goto fail; ++ } ++ ++ grub_dprintf ("linuxefi", "params = %p\n", params); ++ ++ grub_memset (params, 0, sizeof(*params)); ++ ++ setup_header_end_offset = *((grub_uint8_t *)kernel + 0x201); ++ grub_dprintf ("linuxefi", "copying %zu bytes from %p to %p\n", ++ MIN((grub_size_t)0x202+setup_header_end_offset, ++ sizeof (*params)) - 0x1f1, ++ (grub_uint8_t *)kernel + 0x1f1, ++ (grub_uint8_t *)params + 0x1f1); ++ grub_memcpy ((grub_uint8_t *)params + 0x1f1, ++ (grub_uint8_t *)kernel + 0x1f1, ++ MIN((grub_size_t)0x202+setup_header_end_offset,sizeof (*params)) - 0x1f1); ++ lh = (struct linux_i386_kernel_header *)params; ++ grub_dprintf ("linuxefi", "lh is at %p\n", lh); ++ grub_dprintf ("linuxefi", "checking lh->boot_flag\n"); ++ if (lh->boot_flag != grub_cpu_to_le16 (0xaa55)) ++ { ++ grub_error (GRUB_ERR_BAD_OS, N_("invalid magic number")); ++ goto fail; ++ } ++ ++ grub_dprintf ("linuxefi", "checking lh->setup_sects\n"); ++ if (lh->setup_sects > GRUB_LINUX_MAX_SETUP_SECTS) ++ { ++ grub_error (GRUB_ERR_BAD_OS, N_("too many setup sectors")); ++ goto fail; ++ } ++ ++ grub_dprintf ("linuxefi", "checking lh->version\n"); ++ if (lh->version < grub_cpu_to_le16 (0x020b)) ++ { ++ grub_error (GRUB_ERR_BAD_OS, N_("kernel too old")); ++ goto fail; ++ } ++ ++ grub_dprintf ("linuxefi", "checking lh->handover_offset\n"); ++ if (!lh->handover_offset) ++ { ++ grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support EFI handover")); ++ goto fail; ++ } ++ ++#if defined(__x86_64__) || defined(__aarch64__) ++ grub_dprintf ("linuxefi", "checking lh->xloadflags\n"); ++ if (!(lh->xloadflags & LINUX_XLF_KERNEL_64)) ++ { ++ grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support 64-bit CPUs")); ++ goto fail; ++ } ++#endif ++ ++#if defined(__i386__) ++ if ((lh->xloadflags & LINUX_XLF_KERNEL_64) && ++ !(lh->xloadflags & LINUX_XLF_EFI_HANDOVER_32)) ++ { ++ grub_error (GRUB_ERR_BAD_OS, ++ N_("kernel doesn't support 32-bit handover")); ++ goto fail; ++ } ++#endif ++ ++ grub_dprintf ("linuxefi", "setting up cmdline\n"); ++ linux_cmdline = grub_efi_allocate_pages_max(0x3fffffff, ++ BYTES_TO_PAGES(lh->cmdline_size + 1)); ++ if (!linux_cmdline) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); ++ goto fail; ++ } ++ ++ grub_dprintf ("linuxefi", "linux_cmdline = %lx\n", ++ (unsigned long)linux_cmdline); ++ ++ grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); ++ grub_create_loader_cmdline (argc, argv, ++ linux_cmdline + sizeof (LINUX_IMAGE) - 1, ++ lh->cmdline_size - (sizeof (LINUX_IMAGE) - 1), ++ GRUB_VERIFY_KERNEL_CMDLINE); ++ ++ grub_dprintf ("linuxefi", "setting lh->cmd_line_ptr\n"); ++ lh->cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; ++ ++ grub_dprintf ("linuxefi", "computing handover offset\n"); ++ handover_offset = lh->handover_offset; ++ ++ start = (lh->setup_sects + 1) * 512; ++ ++ kernel_mem = grub_efi_allocate_fixed(lh->pref_address, ++ BYTES_TO_PAGES(lh->init_size)); ++ ++ if (!kernel_mem) ++ kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, ++ BYTES_TO_PAGES(lh->init_size)); ++ ++ if (!kernel_mem) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel")); ++ goto fail; ++ } ++ ++ grub_dprintf ("linuxefi", "kernel_mem = %lx\n", (unsigned long) kernel_mem); ++ ++ grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); ++ loaded=1; ++ grub_dprintf ("linuxefi", "setting lh->code32_start to %p\n", kernel_mem); ++ lh->code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; ++ ++ grub_memcpy (kernel_mem, (char *)kernel + start, filelen - start); ++ ++ grub_dprintf ("linuxefi", "setting lh->type_of_loader\n"); ++ lh->type_of_loader = 0x6; ++ ++ grub_dprintf ("linuxefi", "setting lh->ext_loader_{type,ver}\n"); ++ params->ext_loader_type = 0; ++ params->ext_loader_ver = 2; ++ grub_dprintf("linuxefi", "kernel_mem: %p handover_offset: %08x\n", ++ kernel_mem, handover_offset); ++ ++ fail: ++ if (file) ++ grub_file_close (file); ++ ++ if (kernel) ++ grub_free (kernel); ++ ++ if (grub_errno != GRUB_ERR_NONE) ++ { ++ grub_dl_unref (my_mod); ++ loaded = 0; ++ } ++ ++ if (linux_cmdline && lh && !loaded) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) ++ linux_cmdline, ++ BYTES_TO_PAGES(lh->cmdline_size + 1)); ++ ++ if (kernel_mem && !loaded) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, ++ BYTES_TO_PAGES(kernel_size)); ++ ++ if (params && !loaded) ++ grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)params, ++ BYTES_TO_PAGES(16384)); ++ ++ return grub_errno; ++} ++ ++static grub_command_t cmd_linux, cmd_initrd; ++ ++GRUB_MOD_INIT(linuxefi) ++{ ++ cmd_linux = ++ grub_register_command ("linuxefi", grub_cmd_linux, ++ 0, N_("Load Linux.")); ++ cmd_initrd = ++ grub_register_command ("initrdefi", grub_cmd_initrd, ++ 0, N_("Load initrd.")); ++ my_mod = mod; ++} ++ ++GRUB_MOD_FINI(linuxefi) ++{ ++ grub_unregister_command (cmd_linux); ++ grub_unregister_command (cmd_initrd); ++} +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index d0501e2..4328bcb 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -45,6 +45,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + #ifdef GRUB_MACHINE_EFI + #include ++#include + #define HAS_VGA_TEXT 0 + #define DEFAULT_VIDEO_MODE "auto" + #define ACCEPTS_PURE_TEXT 0 +@@ -76,6 +77,8 @@ static grub_size_t maximal_cmdline_size; + static struct linux_kernel_params linux_params; + static char *linux_cmdline; + #ifdef GRUB_MACHINE_EFI ++static int using_linuxefi; ++static grub_command_t initrdefi_cmd; + static grub_efi_uintn_t efi_mmap_size; + #else + static const grub_size_t efi_mmap_size = 0; +@@ -641,16 +644,51 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + { + grub_file_t file = 0; + struct linux_i386_kernel_header lh; ++ grub_uint8_t *linux_params_ptr; + grub_uint8_t setup_sects; +- grub_size_t real_size, prot_size, prot_file_size; ++ grub_size_t real_size, prot_size, prot_file_size, kernel_offset; + grub_ssize_t len; + int i; + grub_size_t align, min_align; + int relocatable; + grub_uint64_t preferred_address = GRUB_LINUX_BZIMAGE_ADDR; ++ grub_uint8_t *kernel = NULL; + + grub_dl_ref (my_mod); + ++#ifdef GRUB_MACHINE_EFI ++ using_linuxefi = 0; ++ if (grub_efi_secure_boot ()) ++ { ++ /* linuxefi requires a successful signature check and then hand over ++ to the kernel without calling ExitBootServices. */ ++ grub_dl_t mod; ++ grub_command_t linuxefi_cmd; ++ ++ grub_dprintf ("linux", "Secure Boot enabled: trying linuxefi\n"); ++ ++ mod = grub_dl_load ("linuxefi"); ++ if (mod) ++ { ++ grub_dl_ref (mod); ++ linuxefi_cmd = grub_command_find ("linuxefi"); ++ initrdefi_cmd = grub_command_find ("initrdefi"); ++ if (linuxefi_cmd && initrdefi_cmd) ++ { ++ (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); ++ if (grub_errno == GRUB_ERR_NONE) ++ { ++ grub_dprintf ("linux", "Handing off to linuxefi\n"); ++ using_linuxefi = 1; ++ return GRUB_ERR_NONE; ++ } ++ grub_dprintf ("linux", "linuxefi failed (%d)\n", grub_errno); ++ goto fail; ++ } ++ } ++ } ++#endif ++ + if (argc == 0) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -661,7 +699,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + if (! file) + goto fail; + +- if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) ++ len = grub_file_size (file); ++ kernel = grub_malloc (len); ++ if (!kernel) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); ++ goto fail; ++ } ++ ++ if (grub_file_read (file, kernel, len) != len) + { + if (!grub_errno) + grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +@@ -669,6 +715,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + ++ grub_memcpy (&lh, kernel, sizeof (lh)); ++ kernel_offset = sizeof (lh); ++ + if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55)) + { + grub_error (GRUB_ERR_BAD_OS, "invalid magic number"); +@@ -760,6 +809,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + preferred_address)) + goto fail; + ++ + grub_memset (&linux_params, 0, sizeof (linux_params)); + grub_memcpy (&linux_params.setup_sects, &lh.setup_sects, sizeof (lh) - 0x1F1); + +@@ -782,13 +832,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + /* We've already read lh so there is no need to read it second time. */ + len -= sizeof(lh); + +- if (grub_file_read (file, (char *) &linux_params + sizeof (lh), len) != len) +- { +- if (!grub_errno) +- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +- argv[0]); +- goto fail; +- } ++ linux_params_ptr = (void *)&linux_params; ++ grub_memcpy (linux_params_ptr + sizeof (lh), kernel + kernel_offset, len); ++ kernel_offset += len; + + linux_params.type_of_loader = GRUB_LINUX_BOOT_LOADER_TYPE; + +@@ -847,7 +893,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + /* The other parameters are filled when booting. */ + +- grub_file_seek (file, real_size + GRUB_DISK_SECTOR_SIZE); ++ kernel_offset = real_size + GRUB_DISK_SECTOR_SIZE; + + grub_dprintf ("linux", "bzImage, setup=0x%x, size=0x%x\n", + (unsigned) real_size, (unsigned) prot_size); +@@ -1001,9 +1047,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + + len = prot_file_size; +- if (grub_file_read (file, prot_mode_mem, len) != len && !grub_errno) +- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +- argv[0]); ++ grub_memcpy (prot_mode_mem, kernel + kernel_offset, len); + + if (grub_errno == GRUB_ERR_NONE) + { +@@ -1014,6 +1058,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + fail: + ++ grub_free (kernel); ++ + if (file) + grub_file_close (file); + +@@ -1036,6 +1082,12 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + grub_err_t err; + struct grub_linux_initrd_context initrd_ctx = { 0, 0, 0 }; + ++#ifdef GRUB_MACHINE_EFI ++ /* If we're using linuxefi, just forward to initrdefi. */ ++ if (using_linuxefi && initrdefi_cmd) ++ return (initrdefi_cmd->func) (initrdefi_cmd, argc, argv); ++#endif ++ + if (argc == 0) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c +index 47ea294..3866f04 100644 +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -123,13 +124,14 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_file_t file = 0; + struct linux_i386_kernel_header lh; + grub_uint8_t setup_sects; +- grub_size_t real_size; ++ grub_size_t real_size, kernel_offset = 0; + grub_ssize_t len; + int i; + char *grub_linux_prot_chunk; + int grub_linux_is_bzimage; + grub_addr_t grub_linux_prot_target; + grub_err_t err; ++ grub_uint8_t *kernel = NULL; + + grub_dl_ref (my_mod); + +@@ -143,7 +145,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + if (! file) + goto fail; + +- if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) ++ len = grub_file_size (file); ++ kernel = grub_malloc (len); ++ if (!kernel) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); ++ goto fail; ++ } ++ ++ if (grub_file_read (file, kernel, len) != len) + { + if (!grub_errno) + grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +@@ -151,6 +161,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + ++ grub_memcpy (&lh, kernel, sizeof (lh)); ++ kernel_offset = sizeof (lh); ++ + if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55)) + { + grub_error (GRUB_ERR_BAD_OS, "invalid magic number"); +@@ -314,13 +327,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_memmove (grub_linux_real_chunk, &lh, sizeof (lh)); + + len = real_size + GRUB_DISK_SECTOR_SIZE - sizeof (lh); +- if (grub_file_read (file, grub_linux_real_chunk + sizeof (lh), len) != len) +- { +- if (!grub_errno) +- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +- argv[0]); +- goto fail; +- } ++ grub_memcpy (grub_linux_real_chunk + sizeof (lh), kernel + kernel_offset, ++ len); ++ kernel_offset += len; + + if (lh.header != grub_cpu_to_le32_compile_time (GRUB_LINUX_I386_MAGIC_SIGNATURE) + || grub_le_to_cpu16 (lh.version) < 0x0200) +@@ -358,9 +367,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + } + + len = grub_linux16_prot_size; +- if (grub_file_read (file, grub_linux_prot_chunk, len) != len && !grub_errno) +- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +- argv[0]); ++ grub_memcpy (grub_linux_prot_chunk, kernel + kernel_offset, len); ++ kernel_offset += len; + + if (grub_errno == GRUB_ERR_NONE) + { +@@ -370,6 +378,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + + fail: + ++ grub_free (kernel); ++ + if (file) + grub_file_close (file); + +@@ -474,6 +484,9 @@ static grub_command_t cmd_linux, cmd_initrd; + + GRUB_MOD_INIT(linux16) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_linux = + grub_register_command ("linux16", grub_cmd_linux, + 0, N_("Load Linux.")); +@@ -485,6 +498,9 @@ GRUB_MOD_INIT(linux16) + + GRUB_MOD_FINI(linux16) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_command (cmd_linux); + grub_unregister_command (cmd_initrd); + } +diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c +index 4a98d70..3e6ad16 100644 +--- a/grub-core/loader/multiboot.c ++++ b/grub-core/loader/multiboot.c +@@ -50,6 +50,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -444,6 +445,9 @@ static grub_command_t cmd_multiboot, cmd_module; + + GRUB_MOD_INIT(multiboot) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_multiboot = + #ifdef GRUB_USE_MULTIBOOT2 + grub_register_command ("multiboot2", grub_cmd_multiboot, +@@ -464,6 +468,9 @@ GRUB_MOD_INIT(multiboot) + + GRUB_MOD_FINI(multiboot) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_command (cmd_multiboot); + grub_unregister_command (cmd_module); + } +diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c +index 7f74d1d..e0f47e7 100644 +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -1478,6 +1479,9 @@ static grub_extcmd_t cmd_splash; + + GRUB_MOD_INIT(xnu) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_kernel = grub_register_command ("xnu_kernel", grub_cmd_xnu_kernel, 0, + N_("Load XNU image.")); + cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64, +@@ -1518,6 +1522,9 @@ GRUB_MOD_INIT(xnu) + + GRUB_MOD_FINI(xnu) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + #ifndef GRUB_MACHINE_EMU + grub_unregister_command (cmd_resume); + #endif +diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h +index 4269adc..cc8174c 100644 +--- a/include/grub/arm64/linux.h ++++ b/include/grub/arm64/linux.h +@@ -20,6 +20,8 @@ + #define GRUB_ARM64_LINUX_HEADER 1 + + #define GRUB_LINUX_ARM64_MAGIC_SIGNATURE 0x644d5241 /* 'ARM\x64' */ ++#define GRUB_ARM64_LINUX_MAGIC 0x644d5241 /* 'ARM\x64' */ ++#define GRUB_EFI_PE_MAGIC 0x5A4D + + /* From linux/Documentation/arm64/booting.txt */ + struct linux_arm64_kernel_header +diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h +index a237952..5b63875 100644 +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -47,6 +47,9 @@ EXPORT_FUNC(grub_efi_allocate_fixed) (grub_efi_physical_address_t address, + grub_efi_uintn_t pages); + void * + EXPORT_FUNC(grub_efi_allocate_any_pages) (grub_efi_uintn_t pages); ++void * ++EXPORT_FUNC(grub_efi_allocate_pages_max) (grub_efi_physical_address_t max, ++ grub_efi_uintn_t pages); + void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address, + grub_efi_uintn_t pages); + grub_efi_uintn_t EXPORT_FUNC(grub_efi_find_mmap_size) (void); +@@ -82,7 +85,6 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var, + const grub_efi_guid_t *guid, + void *data, + grub_size_t datasize); +-grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void); + int + EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1, + const grub_efi_device_path_t *dp2); +diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h +new file mode 100644 +index 0000000..0033d93 +--- /dev/null ++++ b/include/grub/efi/linux.h +@@ -0,0 +1,31 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2014 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++#ifndef GRUB_EFI_LINUX_HEADER ++#define GRUB_EFI_LINUX_HEADER 1 ++ ++#include ++#include ++#include ++ ++int ++EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size); ++grub_err_t ++EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, ++ void *kernel_param); ++ ++#endif /* ! GRUB_EFI_LINUX_HEADER */ +diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h +index 0ed8781..a43adf2 100644 +--- a/include/grub/efi/pe32.h ++++ b/include/grub/efi/pe32.h +@@ -223,7 +223,11 @@ struct grub_pe64_optional_header + struct grub_pe32_section_table + { + char name[8]; +- grub_uint32_t virtual_size; ++ union ++ { ++ grub_uint32_t physical_address; ++ grub_uint32_t virtual_size; ++ }; + grub_uint32_t virtual_address; + grub_uint32_t raw_data_size; + grub_uint32_t raw_data_offset; +@@ -234,12 +238,18 @@ struct grub_pe32_section_table + grub_uint32_t characteristics; + }; + ++#define GRUB_PE32_SCN_TYPE_NO_PAD 0x00000008 + #define GRUB_PE32_SCN_CNT_CODE 0x00000020 + #define GRUB_PE32_SCN_CNT_INITIALIZED_DATA 0x00000040 +-#define GRUB_PE32_SCN_MEM_DISCARDABLE 0x02000000 +-#define GRUB_PE32_SCN_MEM_EXECUTE 0x20000000 +-#define GRUB_PE32_SCN_MEM_READ 0x40000000 +-#define GRUB_PE32_SCN_MEM_WRITE 0x80000000 ++#define GRUB_PE32_SCN_CNT_UNINITIALIZED_DATA 0x00000080 ++#define GRUB_PE32_SCN_LNK_OTHER 0x00000100 ++#define GRUB_PE32_SCN_LNK_INFO 0x00000200 ++#define GRUB_PE32_SCN_LNK_REMOVE 0x00000800 ++#define GRUB_PE32_SCN_LNK_COMDAT 0x00001000 ++#define GRUB_PE32_SCN_GPREL 0x00008000 ++#define GRUB_PE32_SCN_MEM_16BIT 0x00020000 ++#define GRUB_PE32_SCN_MEM_LOCKED 0x00040000 ++#define GRUB_PE32_SCN_MEM_PRELOAD 0x00080000 + + #define GRUB_PE32_SCN_ALIGN_1BYTES 0x00100000 + #define GRUB_PE32_SCN_ALIGN_2BYTES 0x00200000 +@@ -248,10 +258,28 @@ struct grub_pe32_section_table + #define GRUB_PE32_SCN_ALIGN_16BYTES 0x00500000 + #define GRUB_PE32_SCN_ALIGN_32BYTES 0x00600000 + #define GRUB_PE32_SCN_ALIGN_64BYTES 0x00700000 ++#define GRUB_PE32_SCN_ALIGN_128BYTES 0x00800000 ++#define GRUB_PE32_SCN_ALIGN_256BYTES 0x00900000 ++#define GRUB_PE32_SCN_ALIGN_512BYTES 0x00A00000 ++#define GRUB_PE32_SCN_ALIGN_1024BYTES 0x00B00000 ++#define GRUB_PE32_SCN_ALIGN_2048BYTES 0x00C00000 ++#define GRUB_PE32_SCN_ALIGN_4096BYTES 0x00D00000 ++#define GRUB_PE32_SCN_ALIGN_8192BYTES 0x00E00000 + + #define GRUB_PE32_SCN_ALIGN_SHIFT 20 + #define GRUB_PE32_SCN_ALIGN_MASK 7 + ++#define GRUB_PE32_SCN_LNK_NRELOC_OVFL 0x01000000 ++#define GRUB_PE32_SCN_MEM_DISCARDABLE 0x02000000 ++#define GRUB_PE32_SCN_MEM_NOT_CACHED 0x04000000 ++#define GRUB_PE32_SCN_MEM_NOT_PAGED 0x08000000 ++#define GRUB_PE32_SCN_MEM_SHARED 0x10000000 ++#define GRUB_PE32_SCN_MEM_EXECUTE 0x20000000 ++#define GRUB_PE32_SCN_MEM_READ 0x40000000 ++#define GRUB_PE32_SCN_MEM_WRITE 0x80000000 ++ ++ ++ + #define GRUB_PE32_SIGNATURE_SIZE 4 + + struct grub_pe32_header +@@ -274,6 +302,20 @@ struct grub_pe32_header + #endif + }; + ++struct grub_pe32_header_32 ++{ ++ char signature[GRUB_PE32_SIGNATURE_SIZE]; ++ struct grub_pe32_coff_header coff_header; ++ struct grub_pe32_optional_header optional_header; ++}; ++ ++struct grub_pe32_header_64 ++{ ++ char signature[GRUB_PE32_SIGNATURE_SIZE]; ++ struct grub_pe32_coff_header coff_header; ++ struct grub_pe64_optional_header optional_header; ++}; ++ + struct grub_pe32_fixup_block + { + grub_uint32_t page_rva; +diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h +new file mode 100644 +index 0000000..9629fbb +--- /dev/null ++++ b/include/grub/efi/sb.h +@@ -0,0 +1,29 @@ ++/* sb.h - declare functions for EFI Secure Boot support */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2006,2007,2008,2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_EFI_SB_HEADER ++#define GRUB_EFI_SB_HEADER 1 ++ ++#include ++#include ++ ++/* Functions. */ ++int EXPORT_FUNC (grub_efi_secure_boot) (void); ++ ++#endif /* ! GRUB_EFI_SB_HEADER */ +diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h +index ce30e7f..a093679 100644 +--- a/include/grub/i386/linux.h ++++ b/include/grub/i386/linux.h +@@ -136,7 +136,12 @@ struct linux_i386_kernel_header + grub_uint32_t kernel_alignment; + grub_uint8_t relocatable; + grub_uint8_t min_alignment; +- grub_uint8_t pad[2]; ++#define LINUX_XLF_KERNEL_64 (1<<0) ++#define LINUX_XLF_CAN_BE_LOADED_ABOVE_4G (1<<1) ++#define LINUX_XLF_EFI_HANDOVER_32 (1<<2) ++#define LINUX_XLF_EFI_HANDOVER_64 (1<<3) ++#define LINUX_XLF_EFI_KEXEC (1<<4) ++ grub_uint16_t xloadflags; + grub_uint32_t cmdline_size; + grub_uint32_t hardware_subarch; + grub_uint64_t hardware_subarch_data; +diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h +new file mode 100644 +index 0000000..e69de29 +diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h +new file mode 100644 +index 0000000..e69de29 +diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h +new file mode 100644 +index 0000000..e69de29 +diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h +new file mode 100644 +index 0000000..e69de29 diff --git a/debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch b/debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch new file mode 100644 index 000000000..7e7160d9a --- /dev/null +++ b/debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch @@ -0,0 +1,28 @@ +From: Mathieu Trudel-Lapierre +Date: Fri, 14 Dec 2018 13:46:14 -0500 +Subject: UBUNTU: grub-mkconfig: leave a trace of what files were sourced to + generate the config + +Patch-Name: ubuntu-mkconfig-leave-breadcrumbs.patch +Signed-off-by: Mathieu Trudel-Lapierre +--- + util/grub-mkconfig.in | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index 29bdad0..72f1e25 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -162,10 +162,12 @@ if [ "x${GRUB_EARLY_INITRD_LINUX_STOCK}" = "x" ]; then + fi + + if test -f ${sysconfdir}/default/grub ; then ++ gettext_printf "Sourcing file \`%s'\n" "${sysconfdir}/default/grub" 1>&2 + . ${sysconfdir}/default/grub + fi + for x in ${sysconfdir}/default/grub.d/*.cfg ; do + if [ -e "${x}" ]; then ++ gettext_printf "Sourcing file \`%s'\n" "${x}" 1>&2 + . "${x}" + fi + done diff --git a/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch b/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch new file mode 100644 index 000000000..577a322ba --- /dev/null +++ b/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch @@ -0,0 +1,83 @@ +From: Julian Andres Klode +Date: Fri, 19 Jun 2020 12:57:19 +0200 +Subject: Pass dis_ucode_ldr to kernel for recovery mode + +In case of a botched microcode update, this allows people to +easily roll back. + +It will of course break in the more unlikely event that you are +missing a microcode update in your firmware that is needed to boot +the system, but editing the entry to remove an option is easier than +having to figure out the option and add it. + +LP: #1831789 +Patch-Name: ubuntu-recovery-dis_ucode_ldr.patch +--- + util/grub.d/10_linux.in | 4 ++++ + util/grub.d/10_linux_zfs.in | 24 +++++++++++++++--------- + 2 files changed, 19 insertions(+), 9 deletions(-) + +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 14a89ba..49e6272 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -334,6 +334,10 @@ case "$machine" in + *) GENKERNEL_ARCH="$machine" ;; + esac + ++case "$GENKERNEL_ARCH" in ++ x86*) GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY dis_ucode_ldr";; ++esac ++ + prepare_boot_cache= + prepare_root_cache= + boot_device_id= +diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in +index 712d832..d9b79e2 100755 +--- a/util/grub.d/10_linux_zfs.in ++++ b/util/grub.d/10_linux_zfs.in +@@ -41,6 +41,16 @@ imported_pools="" + MNTDIR="$(mktemp -d ${TMPDIR:-/tmp}/zfsmnt.XXXXXX)" + ZFSTMP="$(mktemp -d ${TMPDIR:-/tmp}/zfstmp.XXXXXX)" + ++ ++machine="$(uname -m)" ++case "${machine}" in ++ i?86) GENKERNEL_ARCH="x86" ;; ++ mips|mips64) GENKERNEL_ARCH="mips" ;; ++ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; ++ arm*) GENKERNEL_ARCH="arm" ;; ++ *) GENKERNEL_ARCH="${machine}" ;; ++esac ++ + RC=0 + on_exit() { + # Restore initial zpool import state +@@ -407,15 +417,6 @@ get_dataset_info() { + return + fi + +- machine="$(uname -m)" +- case "${machine}" in +- i?86) GENKERNEL_ARCH="x86" ;; +- mips|mips64) GENKERNEL_ARCH="mips" ;; +- mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; +- arm*) GENKERNEL_ARCH="arm" ;; +- *) GENKERNEL_ARCH="${machine}" ;; +- esac +- + initrd_list="" + kernel_list="" + list=$(find "${boot_dir}" -maxdepth 1 -type f -regex '.*/\(vmlinuz\|vmlinux\|kernel\)-.*') +@@ -907,6 +908,11 @@ generate_grub_menu() { + GRUB_CMDLINE_LINUX_RECOVERY="${GRUB_CMDLINE_LINUX_RECOVERY} nomodeset" + fi + ++ case "$GENKERNEL_ARCH" in ++ x86*) GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY dis_ucode_ldr";; ++ esac ++ ++ + if [ "${vt_handoff}" = 1 ]; then + for word in ${GRUB_CMDLINE_LINUX_DEFAULT}; do + if [ "${word}" = splash ]; then diff --git a/debian/patches/ubuntu-resilient-boot-boot-order.patch b/debian/patches/ubuntu-resilient-boot-boot-order.patch new file mode 100644 index 000000000..b935dabaf --- /dev/null +++ b/debian/patches/ubuntu-resilient-boot-boot-order.patch @@ -0,0 +1,230 @@ +From: Julian Andres Klode +Date: Wed, 8 Apr 2020 11:05:25 +0200 +Subject: UBUNTU: efivar: Correctly handle boot order of multiple ESPs + +Modify the code to insert the ESP mounted to /boot/efi (the *primary* +ESP) as the first item, but any other ESP after any other of _our_ +ESPs. + +So assume we have three ESPs A, B, C (_ours_), and three other +boot entries X, Y, Z. We configure A, B, and C in that order, +though some might already be in it, some examples: + + XYZ -> ABCXYZ (A is added to front, B after it, C after B) + BXCYZ -> ABXCYZ (A is added to front, B and C remain unchanged) + AXCYZ -> AXCBYZ (the previously unconfigured ESP B is added after last ESP C) + +Doing this requires us passing the path of the ESP directory down to +the code doing the install, so it can then check whether it was the +primary ESP - that is, mounted to /boot/efi - or not. + +Patch-Name: ubuntu-resilient-boot-boot-order.patch +--- + grub-core/osdep/basic/no_platform.c | 2 +- + grub-core/osdep/unix/efivar.c | 48 ++++++++++++++++++++++++++++++++----- + grub-core/osdep/unix/platform.c | 6 ++--- + grub-core/osdep/windows/platform.c | 2 +- + include/grub/util/install.h | 17 +++++++------ + util/grub-install.c | 8 +++---- + 6 files changed, 59 insertions(+), 24 deletions(-) + +diff --git a/grub-core/osdep/basic/no_platform.c b/grub-core/osdep/basic/no_platform.c +index d76c34c..152a328 100644 +--- a/grub-core/osdep/basic/no_platform.c ++++ b/grub-core/osdep/basic/no_platform.c +@@ -31,7 +31,7 @@ grub_install_register_ieee1275 (int is_prep, const char *install_device, + } + + void +-grub_install_register_efi (grub_device_t efidir_grub_dev, ++grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efidir, + const char *efifile_path, + const char *efi_distributor) + { +diff --git a/grub-core/osdep/unix/efivar.c b/grub-core/osdep/unix/efivar.c +index 41d39c4..d34df0f 100644 +--- a/grub-core/osdep/unix/efivar.c ++++ b/grub-core/osdep/unix/efivar.c +@@ -266,9 +266,10 @@ remove_from_boot_order (struct efi_variable *order, uint16_t num) + } + + static void +-add_to_boot_order (struct efi_variable *order, uint16_t num) ++add_to_boot_order (struct efi_variable *order, uint16_t num, ++ uint16_t *alt_nums, size_t n_alt_nums, bool is_boot_efi) + { +- int i; ++ int i, j, position = -1; + size_t new_data_size; + uint8_t *new_data; + +@@ -278,10 +279,36 @@ add_to_boot_order (struct efi_variable *order, uint16_t num) + if (GET_ORDER (order->data, i) == num) + return; + ++ if (!is_boot_efi) ++ { ++ for (i = 0; i < order->data_size / sizeof (uint16_t); ++i) ++ for (j = 0; j < n_alt_nums; j++) ++ if (GET_ORDER (order->data, i) == alt_nums[j]) ++ position = i; ++ } ++ + new_data_size = order->data_size + sizeof (uint16_t); + new_data = xmalloc (new_data_size); +- SET_ORDER (new_data, 0, num); +- memcpy (new_data + sizeof (uint16_t), order->data, order->data_size); ++ ++ if (position != -1) ++ { ++ /* So we should be inserting after something else, as we're not the ++ preferred ESP. Could write this as memcpy(), but this is far more ++ readable. */ ++ for (i = 0; i <= position; ++i) ++ SET_ORDER (new_data, i, GET_ORDER (order->data, i)); ++ ++ SET_ORDER (new_data, position + 1, num); ++ ++ for (i = position + 1; i < order->data_size / sizeof (uint16_t); ++i) ++ SET_ORDER (new_data, i + 1, GET_ORDER (order->data, i)); ++ } ++ else ++ { ++ SET_ORDER (new_data, 0, num); ++ memcpy (new_data + sizeof (uint16_t), order->data, order->data_size); ++ } ++ + free (order->data); + order->data = new_data; + order->data_size = new_data_size; +@@ -486,7 +513,7 @@ devices_equal (const_efidp a, const_efidp b) + + int + grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, +- const char *efifile_path, ++ const char *efidir, const char *efifile_path, + const char *efi_distributor) + { + const char *efidir_disk; +@@ -496,8 +523,12 @@ grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, + efidp *alternatives; + efidp this; + int entry_num = -1; ++ uint16_t *alt_nums = NULL; ++ size_t n_alt_nums = 0; + int rc; ++ bool is_boot_efi; + ++ is_boot_efi = strstr (efidir, "/boot/efi") != NULL; + efidir_disk = grub_util_biosdisk_get_osdev (efidir_grub_dev->disk); + efidir_part = efidir_grub_dev->disk->partition ? efidir_grub_dev->disk->partition->number + 1 : 1; + alternatives = get_alternative_esps (); +@@ -576,6 +607,10 @@ grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, + { + grub_util_info ("not deleting alternative EFI variable %s (%s)", + entry->name, label); ++ ++ alt_nums ++ = xrealloc (alt_nums, (++n_alt_nums) * sizeof (*alt_nums)); ++ alt_nums[n_alt_nums - 1] = entry->num; + continue; + } + } +@@ -611,7 +646,8 @@ grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, + if (rc < 0) + goto err; + +- add_to_boot_order (order, (uint16_t) entry_num); ++ add_to_boot_order (order, (uint16_t)entry_num, alt_nums, n_alt_nums, ++ is_boot_efi); + + grub_util_info ("setting EFI variable BootOrder"); + rc = set_efi_variable ("BootOrder", order); +diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c +index b561174..a5267db 100644 +--- a/grub-core/osdep/unix/platform.c ++++ b/grub-core/osdep/unix/platform.c +@@ -76,13 +76,13 @@ get_ofpathname (const char *dev) + } + + int +-grub_install_register_efi (grub_device_t efidir_grub_dev, ++grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efidir, + const char *efifile_path, + const char *efi_distributor) + { + #ifdef HAVE_EFIVAR +- return grub_install_efivar_register_efi (efidir_grub_dev, efifile_path, +- efi_distributor); ++ return grub_install_efivar_register_efi (efidir_grub_dev, efidir, ++ efifile_path, efi_distributor); + #else + grub_util_error ("%s", + _("GRUB was not built with efivar support; " +diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c +index e19a3d9..a3f738f 100644 +--- a/grub-core/osdep/windows/platform.c ++++ b/grub-core/osdep/windows/platform.c +@@ -208,7 +208,7 @@ set_efi_variable_bootn (grub_uint16_t n, void *in, grub_size_t len) + } + + int +-grub_install_register_efi (grub_device_t efidir_grub_dev, ++grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efidir, + const char *efifile_path, + const char *efi_distributor) + { +diff --git a/include/grub/util/install.h b/include/grub/util/install.h +index a521f16..b2ed88e 100644 +--- a/include/grub/util/install.h ++++ b/include/grub/util/install.h +@@ -219,15 +219,14 @@ grub_install_get_default_x86_platform (void); + const char * + grub_install_get_default_powerpc_machtype (void); + +-int +-grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, +- const char *efifile_path, +- const char *efi_distributor); +- +-int +-grub_install_register_efi (grub_device_t efidir_grub_dev, +- const char *efifile_path, +- const char *efi_distributor); ++int grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, ++ const char *efidir, ++ const char *efifile_path, ++ const char *efi_distributor); ++ ++int grub_install_register_efi (grub_device_t efidir_grub_dev, ++ const char *efidir, const char *efifile_path, ++ const char *efi_distributor); + + void + grub_install_register_ieee1275 (int is_prep, const char *install_device, +diff --git a/util/grub-install.c b/util/grub-install.c +index bf8eb65..f408b19 100644 +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -2083,9 +2083,9 @@ main (int argc, char *argv[]) + { + /* Try to make this image bootable using the EFI Boot Manager, if available. */ + int ret; +- ret = grub_install_register_efi (efidir_grub_dev, +- "\\System\\Library\\CoreServices", +- efi_distributor); ++ ret = grub_install_register_efi ( ++ efidir_grub_dev, efidir, "\\System\\Library\\CoreServices", ++ efi_distributor); + if (ret) + grub_util_error (_("failed to register the EFI boot entry: %s"), + strerror (ret)); +@@ -2201,7 +2201,7 @@ main (int argc, char *argv[]) + efidir_grub_dev->disk->name, + (part ? ",": ""), (part ? : "")); + grub_free (part); +- ret = grub_install_register_efi (efidir_grub_dev, ++ ret = grub_install_register_efi (efidir_grub_dev, efidir, + efifile_path, efi_distributor); + if (ret) + grub_util_error (_("failed to register the EFI boot entry: %s"), diff --git a/debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch b/debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch new file mode 100644 index 000000000..a916c1df1 --- /dev/null +++ b/debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch @@ -0,0 +1,207 @@ +From: Julian Andres Klode +Date: Fri, 3 Apr 2020 13:43:49 +0200 +Subject: UBUNTU: efivar: Ignore alternative ESPs + +This is an ugly hack to get resilient boot somewhat working: +We pass in a list of all ESPS in _UBUNTU_ALTERNATIVE_ESPS, and +then we ignore those when looking for entries to change/remove. + +Patch-Name: ubuntu-resilient-boot-ignore-alternative-esps.patch +--- + grub-core/osdep/unix/efivar.c | 130 ++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 125 insertions(+), 5 deletions(-) + +diff --git a/grub-core/osdep/unix/efivar.c b/grub-core/osdep/unix/efivar.c +index 4a58328..41d39c4 100644 +--- a/grub-core/osdep/unix/efivar.c ++++ b/grub-core/osdep/unix/efivar.c +@@ -37,9 +37,11 @@ + #include + #include + #include ++#include + #include + #include + #include ++#include + #include + #include + +@@ -336,14 +338,12 @@ get_edd_version (void) + return 1; + } + +-static struct efi_variable * +-make_boot_variable (int num, const char *disk, int part, const char *loader, +- const char *label) ++static ssize_t ++make_efidp (const char *disk, int part, const char *loader, efidp *out) + { +- struct efi_variable *entry = new_boot_variable (); + uint32_t options; + uint32_t edd10_devicenum; +- ssize_t dp_needed, loadopt_needed; ++ ssize_t dp_needed; + efidp dp = NULL; + + options = EFIBOOT_ABBREV_HD; +@@ -374,6 +374,27 @@ make_boot_variable (int num, const char *disk, int part, const char *loader, + if (dp_needed < 0) + goto err; + ++ *out = dp; ++ return dp_needed; ++ ++err: ++ free (dp); ++ *out = NULL; ++ return -1; ++} ++ ++static struct efi_variable * ++make_boot_variable (int num, const char *disk, int part, const char *loader, ++ const char *label) ++{ ++ struct efi_variable *entry = new_boot_variable (); ++ ssize_t dp_needed, loadopt_needed; ++ efidp dp = NULL; ++ ++ dp_needed = make_efidp (disk, part, loader, &dp); ++ if (dp_needed < 0) ++ goto err; ++ + loadopt_needed = efi_loadopt_create (NULL, 0, LOAD_OPTION_ACTIVE, + dp, dp_needed, (unsigned char *) label, + NULL, 0); +@@ -398,6 +419,71 @@ err: + return NULL; + } + ++// I hurt my grub today, to see what I can do. ++static efidp * ++get_alternative_esps (void) ++{ ++ size_t result_size = 0; ++ efidp *result = NULL; ++ char *alternatives = getenv ("_UBUNTU_ALTERNATIVE_ESPS"); ++ char *esp; ++ ++ if (!alternatives) ++ goto out; ++ ++ for (esp = strtok (alternatives, ", "); esp; esp = strtok (NULL, ", ")) ++ { ++ while (isspace (*esp)) ++ esp++; ++ if (!*esp) ++ continue; ++ ++ char *devname = grub_util_get_grub_dev (esp); ++ if (!devname) ++ continue; ++ grub_device_t dev = grub_device_open (devname); ++ free (devname); ++ if (!dev) ++ continue; ++ ++ const char *disk = grub_util_biosdisk_get_osdev (dev->disk); ++ int part = dev->disk->partition ? dev->disk->partition->number + 1 : 1; ++ ++ result = xrealloc (result, (++result_size) * sizeof (*result)); ++ if (make_efidp (disk, part, "", &result[result_size - 1]) < 0) ++ continue; ++ grub_device_close (dev); ++ } ++ ++out: ++ result = xrealloc (result, (++result_size) * sizeof (*result)); ++ result[result_size - 1] = NULL; ++ return result; ++} ++ ++/* Check if both efidp are on the same device. */ ++static bool ++devices_equal (const_efidp a, const_efidp b) ++{ ++ while (a && b) ++ { ++ // We reached a file, so we must be on the same device, woohoo ++ if (efidp_subtype (a) == EFIDP_MEDIA_FILE ++ && efidp_subtype (b) == EFIDP_MEDIA_FILE) ++ return true; ++ if (efidp_node_size (a) != efidp_node_size (b)) ++ break; ++ if (memcmp (a, b, efidp_node_size (a)) != 0) ++ break; ++ if (efidp_next_node (a, &a) < 0) ++ break; ++ if (efidp_next_node (b, &b) < 0) ++ break; ++ } ++ ++ return false; ++} ++ + int + grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, + const char *efifile_path, +@@ -407,11 +493,20 @@ grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, + int efidir_part; + struct efi_variable *entries = NULL, *entry; + struct efi_variable *order; ++ efidp *alternatives; ++ efidp this; + int entry_num = -1; + int rc; + + efidir_disk = grub_util_biosdisk_get_osdev (efidir_grub_dev->disk); + efidir_part = efidir_grub_dev->disk->partition ? efidir_grub_dev->disk->partition->number + 1 : 1; ++ alternatives = get_alternative_esps (); ++ ++ if (make_efidp (efidir_disk, efidir_part, "", &this) < 0) ++ { ++ grub_util_warn ("Internal error"); ++ return 1; ++ } + + #ifdef __linux__ + /* +@@ -453,6 +548,8 @@ grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, + { + efi_load_option *load_option = (efi_load_option *) entry->data; + const char *label; ++ efidp path; ++ efidp *alt; + + if (entry->num < 0) + continue; +@@ -460,6 +557,29 @@ grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, + if (strcasecmp (label, efi_distributor) != 0) + continue; + ++ path = efi_loadopt_path (load_option, entry->data_size); ++ if (!path) ++ continue; ++ ++ /* Do not remove this entry if it's an alternative ESP, but do reuse ++ * or remove this entry if it is for the current ESP or any unspecified ++ * ESP */ ++ if (!devices_equal (path, this)) ++ { ++ for (alt = alternatives; *alt; alt++) ++ { ++ if (devices_equal (path, *alt)) ++ break; ++ } ++ ++ if (*alt) ++ { ++ grub_util_info ("not deleting alternative EFI variable %s (%s)", ++ entry->name, label); ++ continue; ++ } ++ } ++ + /* To avoid problems with some firmware implementations, reuse the first + matching variable we find rather than deleting and recreating it. */ + if (entry_num == -1) diff --git a/debian/patches/ubuntu-shorter-version-info.patch b/debian/patches/ubuntu-shorter-version-info.patch new file mode 100644 index 000000000..5d366af6e --- /dev/null +++ b/debian/patches/ubuntu-shorter-version-info.patch @@ -0,0 +1,40 @@ +From: Julian Andres Klode +Date: Thu, 8 Feb 2018 10:48:37 +0100 +Subject: UBUNTU: Show only upstream version, + hide rest in package_version variable + +The complete package version can get a bit long, so only show the +upstream version in the menu and on the top of the console, and +hide the complete version in a package_version variable. + +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1723434 +Last-Updated: 2018-02-08 + +Patch-Name: ubuntu-shorter-version-info.patch +--- + grub-core/normal/main.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index 0aa389f..d25a821 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -208,7 +208,7 @@ grub_normal_init_page (struct grub_term_output *term, + + grub_term_cls (term); + +- msg_formatted = grub_xasprintf (_("GNU GRUB version %s"), PACKAGE_VERSION); ++ msg_formatted = grub_xasprintf (_("GNU GRUB version %s"), VERSION); + if (!msg_formatted) + return; + +@@ -561,6 +561,9 @@ GRUB_MOD_INIT(normal) + grub_env_set ("grub_platform", GRUB_PLATFORM); + grub_env_export ("grub_platform"); + ++ grub_env_set ("package_version", PACKAGE_VERSION); ++ grub_env_export ("package_version"); ++ + grub_boot_time ("Normal module prepared"); + } + diff --git a/debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch b/debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch new file mode 100644 index 000000000..39fdea6ca --- /dev/null +++ b/debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch @@ -0,0 +1,58 @@ +From: Rafael David Tinoco +Date: Mon, 7 Oct 2019 22:53:32 -0300 +Subject: Skip /dev/disk/by-id/lvm-pvm-uuid entries from device iteration + +The following LVM2 commit: + +commit 417e52c13a8156b11c25c411d44bda8b32bf87e4 +Author: Peter Rajnoha +Date: Tue Feb 18 07:27:21 2014 + + udev: create /dev/disk/by-id/lvm-pv-uuid- symlink for a PV + + We already have /dev/disk/by-id/dm-uuid-... (which encompasses the + VG UUID and LV UUID in case of LVs since the mapping's UUID is + VG+LV UUID together) and /dev/disk/by-id/dm-name-... (which encompasses + the VG and LV name in case of LVs). + + This patch addds /dev/disk/by-id/lvm-pv-uuid- that completes + this scheme and makes navigation a bit easier using PV UUIDs since + one can navigate using PV UUIDs only and there's no need to do extra + PV UUID <--> kernel name matching (the PV UUID is stable across reboots). + This may come in handy in various scripts. + + Since we already have the PV UUID stored in udev database (as a result + of blkid call - returned in ID_FS_UUID blkid's variable), this operation + is very cheap indeed, just creating the extra one symlink. + +creates a udev rule that populates /dev/disk/by-id with LVM PVs +according to discovered UUIDs. That will trigger a bad logic in +debian-installer as the installer depends on grub_util_iterate_devices() +logic to discover the disks that can have grub installed. + +This change only ignores those entries, so debian-installer bad +execution path is not triggered, just like grub_iterate_devices() +already does for other similar entries, like the partition ones. + +Author: Rafael David Tinoco +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1838525 +Last-Update: 2019-10-07 +Patch-Name: ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch +--- + util/deviceiter.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/util/deviceiter.c b/util/deviceiter.c +index dddc50d..ec9a6d0 100644 +--- a/util/deviceiter.c ++++ b/util/deviceiter.c +@@ -589,6 +589,9 @@ grub_util_iterate_devices (int (*hook) (const char *, int, void *), void *hook_d + /* Skip partition entries. */ + if (strstr (entry->d_name, "-part")) + continue; ++ /* LVM might create /dev/disk/by-id/lvm-pv-uuid- symlinks */ ++ if (strstr (entry->d_name, "lvm-pv-uuid")) ++ continue; + /* Skip device-mapper entries; we'll handle the ones we want + later. */ + if (strncmp (entry->d_name, "dm-", sizeof ("dm-") - 1) == 0) diff --git a/debian/patches/ubuntu-speed-zsys-history.patch b/debian/patches/ubuntu-speed-zsys-history.patch new file mode 100644 index 000000000..a337ffdc1 --- /dev/null +++ b/debian/patches/ubuntu-speed-zsys-history.patch @@ -0,0 +1,157 @@ +From: Didier Roche +Date: Mon, 13 Apr 2020 15:12:21 +0200 +Subject: UBUNTU: Improve performance in bootmenu for zsys + +In case there are a lot of zfs snapshots, we end up with a huge delay +when navigating grub (eg 80 seconds, displaying a black screen, for 100 +system snapshots). +Reduce the grub.cfg file size by moving the entries in a single +function with parameter instead of duplicating each entry. +Ensure the user can still easily edit them easily by naming the +parameters. + +Patch-Name: ubuntu-speed-zsys-history.patch +--- + util/grub.d/10_linux_zfs.in | 77 ++++++++++++++++++++++++++++++++------------- + 1 file changed, 56 insertions(+), 21 deletions(-) + +diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in +index 4c48abe..712d832 100755 +--- a/util/grub.d/10_linux_zfs.in ++++ b/util/grub.d/10_linux_zfs.in +@@ -803,9 +803,10 @@ zfs_linux_entry () { + boot_device="$5" + initrd="$6" + kernel="$7" +- kernel_additional_args="${8:-}" ++ kernel_version="$8" ++ kernel_additional_args="${9:-}" ++ boot_devices="${10:-}" + +- kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g") + submenu_indentation="$(printf %${submenu_level}s | tr " " "${grub_tab}")" + + echo "${submenu_indentation}menuentry '$(echo "${title}" | grub_quote)' ${CLASS} \${menuentry_id_option} 'gnulinux-${dataset}-${kernel_version}' {" +@@ -840,7 +841,15 @@ zfs_linux_entry () { + echo "${submenu_indentation} insmod gzio" + echo "${submenu_indentation} if [ \"\${grub_platform}\" = xen ]; then insmod xzio; insmod lzopio; fi" + +- echo "$(prepare_grub_to_access_device_cached "${boot_device}" "${submenu_level}")" ++ if [ -n "$boot_devices" ]; then ++ for device in ${boot_devices}; do ++ echo "${submenu_indentation} if [ "${boot_device}" = "${device}" ]; then" ++ echo "$(prepare_grub_to_access_device_cached "${device}" $(( submenu_level +1 )) )" ++ echo "${submenu_indentation} fi" ++ done ++ else ++ echo "$(prepare_grub_to_access_device_cached "${boot_device}" "${submenu_level}")" ++ fi + + if [ "${quiet_boot}" = 0 ] || [ "${type}" != simple ]; then + echo "${submenu_indentation} echo $(gettext_printf "Loading Linux %s ..." ${kernel_version} | grub_quote)" +@@ -908,6 +917,40 @@ generate_grub_menu() { + + print_menu_prologue + ++ cat<<'EOF' ++function zsyshistorymenu { ++ # $1: root dataset (eg rpool/ROOT/ubuntu_2zhm07@autozsys_k56fr6) ++ # $2: boot device id (eg 411f29ce1557bfed) ++ # $3: initrd (eg /BOOT/ubuntu_2zhm07@autozsys_k56fr6/initrd.img-5.4.0-21-generic) ++ # $4: kernel (eg /BOOT/ubuntu_2zhm07@autozsys_k56fr6/vmlinuz-5.4.0-21-generic) ++ # $5: kernel_version (eg 5.4.0-21-generic) ++ ++ set root_dataset="${1}" ++ set boot_device="${2}" ++ set initrd="${3}" ++ set kernel="${4}" ++ set kversion="${5}" ++ ++EOF ++ boot_devices=$(echo "${menu_metadata}" | cut -d"$(printf '\t')" -f6 | sort -u) ++ ++ title=$(gettext_printf "Revert system only") ++ zfs_linux_entry 1 "${title}" "simple" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' '' "${boot_devices}" ++ ++ title="$(gettext_printf "Revert system and user data")" ++ zfs_linux_entry 1 "${title}" "simple" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' 'zsys-revert=userdata' "${boot_devices}" ++ ++ GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}" ++ if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then ++ title="$(gettext_printf "Revert system only (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")" ++ zfs_linux_entry 1 "${title}" "recovery" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' '' "${boot_devices}" ++ ++ title="$(gettext_printf "Revert system and user data (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")" ++ zfs_linux_entry 1 "${title}" "recovery" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' 'zsys-revert=userdata' "${boot_devices}" ++ fi ++echo "}" ++echo ++ + # IFS is set to TAB (ASCII 0x09) + echo "${menu_metadata}" | + { +@@ -938,7 +981,8 @@ generate_grub_menu() { + main_dataset_name="${name}" + main_dataset="${dataset}" + +- zfs_linux_entry 0 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" ++ kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g") ++ zfs_linux_entry 0 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + at_least_one_entry=1 + ;; + advanced) +@@ -954,12 +998,12 @@ generate_grub_menu() { + + kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g") + title="$(gettext_printf "%s%s, with Linux %s" "${last_booted_kernel_marker}" "${name}" "${kernel_version}")" +- zfs_linux_entry 1 "${title}" "advanced" "${dataset}" "${device}" "${initrd}" "${kernel}" ++ zfs_linux_entry 1 "${title}" "advanced" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + + GRUB_DISABLE_RECOVERY=${GRUB_DISABLE_RECOVERY:-} + if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then + title="$(gettext_printf "%s%s, with Linux %s (%s)" "${last_booted_kernel_marker}" "${name}" "${kernel_version}" "$(gettext "${GRUB_RECOVERY_TITLE}")")" +- zfs_linux_entry 1 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" ++ zfs_linux_entry 1 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + fi + at_least_one_entry=1 + ;; +@@ -977,33 +1021,24 @@ generate_grub_menu() { + fi + echo " submenu '${title}' \${menuentry_id_option} 'gnulinux-history-${dataset}' {" + ++ kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g") ++ + # Zsys only: let revert system without destroying snapshots + if [ "${iszsys}" = "yes" ]; then +- title="$(gettext_printf "Revert system only")" +- zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" +- title="$(gettext_printf "Revert system and user data")" +- zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "zsys-revert=userdata" +- +- GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}" +- if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then +- title="$(gettext_printf "Revert system only (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")" +- zfs_linux_entry 2 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" +- title="$(gettext_printf "Revert system and user data (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")" +- zfs_linux_entry 2 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" "zsys-revert=userdata" +- fi ++ echo "${grub_tab}${grub_tab}zsyshistorymenu" \"${dataset}\" \"${device}\" \"${initrd}\" \"${kernel}\" \"${kernel_version}\" + # Non-zsys: boot temporarly on snapshots or rollback (destroying intermediate snapshots) + else + title="$(gettext_printf "One time boot")" +- zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" ++ zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + + GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}" + if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then + title="$(gettext_printf "One time boot (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")" +- zfs_linux_entry 2 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" ++ zfs_linux_entry 2 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + fi + + title="$(gettext_printf "Revert system (all intermediate snapshots will be destroyed)")" +- zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "rollback=yes" ++ zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" "rollback=yes" + fi + + echo " }" diff --git a/debian/patches/ubuntu-support-initrd-less-boot.patch b/debian/patches/ubuntu-support-initrd-less-boot.patch new file mode 100644 index 000000000..c15cfae22 --- /dev/null +++ b/debian/patches/ubuntu-support-initrd-less-boot.patch @@ -0,0 +1,106 @@ +From: Chris Glass +Date: Thu, 10 Nov 2016 13:44:25 -0500 +Subject: UBUNTU: Added knobs to allow non-initrd boot config + +Added GRUB_FORCE_PARTUUID and GRUB_DISABLE_INITRD configuration knobs to allow +users to generate grub menu entries that boot directly to the kernel, without +using an initramfs. + +Signed-off-by: Mathieu Trudel-Lapierre + +Patch-Name: ubuntu-support-initrd-less-boot.patch +--- + docs/grub.info | 13 +++++++++++++ + docs/grub.texi | 13 +++++++++++++ + util/grub-mkconfig.in | 4 +++- + util/grub.d/10_linux.in | 12 +++++++++--- + 4 files changed, 38 insertions(+), 4 deletions(-) + +diff --git a/docs/grub.info b/docs/grub.info +index 7cc7d92..f804b78 100644 +--- a/docs/grub.info ++++ b/docs/grub.info +@@ -1436,6 +1436,19 @@ it must be quoted. For example: + spaces. Each module will be loaded as early as possible, at the + start of 'grub.cfg'. + ++'GRUB_FORCE_PARTUUID' ++ This option forces the root disk entry to be the specified PARTUUID ++ instead of whatever would be used instead. This is useful when you ++ control the partitioning of the disk but cannot guarantee what the ++ actual hardware will be, for example in virtual machine images. ++ Setting this option to '12345678-01' will produce: ++ root=PARTUUID=12345678-01 ++ ++'GRUB_DISABLE_INITRD' ++ Then set to 'true', this option prevents an initrd to be used at ++ boot time, regardless of whether one is detected or not. ++ grub-mkconfig will therefore not generate any initrd lines. ++ + The following options are still accepted for compatibility with + existing configurations, but have better replacements: + +diff --git a/docs/grub.texi b/docs/grub.texi +index 3ec35d3..1baa0fa 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -1541,6 +1541,19 @@ This option sets the English text of the string that will be displayed in + parentheses to indicate that a boot option is provided to help users recover + a broken system. The default is "recovery mode". + ++@item GRUB_FORCE_PARTUUID ++This option forces the root disk entry to be the specified PARTUUID instead ++of whatever would be used instead. This is useful when you control the ++partitioning of the disk but cannot guarantee what the actual hardware ++will be, for example in virtual machine images. ++Setting this option to @samp{12345678-01} will produce: ++root=PARTUUID=12345678-01 ++ ++@item GRUB_DISABLE_INITRD ++Then set to @samp{true}, this option prevents an initrd to be used at boot ++time, regardless of whether one is detected or not. @command{grub-mkconfig} ++will therefore not generate any initrd lines. ++ + @end table + + The following options are still accepted for compatibility with existing +diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in +index 9c1da64..29bdad0 100644 +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -256,7 +256,9 @@ export GRUB_DEFAULT \ + GRUB_OS_PROBER_SKIP_LIST \ + GRUB_DISABLE_SUBMENU \ + GRUB_RECORDFAIL_TIMEOUT \ +- GRUB_RECOVERY_TITLE ++ GRUB_RECOVERY_TITLE \ ++ GRUB_FORCE_PARTUUID \ ++ GRUB_DISABLE_INITRD + + if test "x${grub_cfg}" != "x"; then + rm -f "${grub_cfg}.new" +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index dff84ed..aa9666e 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -193,11 +193,17 @@ EOF + linux ${rel_dirname}/${basename}.efi.signed root=${linux_root_device_thisversion} ro ${args} + EOF + else +- sed "s/^/$submenu_indentation/" << EOF +- linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} ++ if [ x"$GRUB_FORCE_PARTUUID" = x ]; then ++ sed "s/^/$submenu_indentation/" << EOF ++ linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} ++EOF ++ else ++ sed "s/^/$submenu_indentation/" << EOF ++ linux ${rel_dirname}/${basename} root=PARTUUID=${GRUB_FORCE_PARTUUID} ro ${args} + EOF ++ fi + fi +- if test -n "${initrd}" ; then ++ if test -n "${initrd}" && [ x"$GRUB_DISABLE_INITRD" != xtrue ]; then + # TRANSLATORS: ramdisk isn't identifier. Should be translated. + if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then + message="$(gettext_printf "Loading initial ramdisk ...")" diff --git a/debian/patches/ubuntu-temp-keep-auto-nvram.patch b/debian/patches/ubuntu-temp-keep-auto-nvram.patch new file mode 100644 index 000000000..e7f15ec0e --- /dev/null +++ b/debian/patches/ubuntu-temp-keep-auto-nvram.patch @@ -0,0 +1,38 @@ +From: Mathieu Trudel-Lapierre +Date: Tue, 16 Jul 2019 09:52:10 -0400 +Subject: UBUNTU: Temporarily keep grub-install's --auto-nvram. + +Signed-off-by: Mathieu Trudel-Lapierre +Patch-Name: ubuntu-temp-keep-auto-nvram.patch +--- + util/grub-install.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/util/grub-install.c b/util/grub-install.c +index 63462e4..bf8eb65 100644 +--- a/util/grub-install.c ++++ b/util/grub-install.c +@@ -98,6 +98,7 @@ enum + OPTION_FORCE, + OPTION_FORCE_FILE_ID, + OPTION_NO_NVRAM, ++ OPTION_AUTO_NVRAM, + OPTION_REMOVABLE, + OPTION_BOOTLOADER_ID, + OPTION_EFI_DIRECTORY, +@@ -165,6 +166,7 @@ argp_parser (int key, char *arg, struct argp_state *state) + case OPTION_EDITENV: + case OPTION_MKDEVICEMAP: + case OPTION_NO_FLOPPY: ++ case OPTION_AUTO_NVRAM: + return 0; + case OPTION_ROOT_DIRECTORY: + /* Accept for compatibility. */ +@@ -296,6 +298,7 @@ static struct argp_option options[] = { + {"no-nvram", OPTION_NO_NVRAM, 0, 0, + N_("don't update the `boot-device'/`Boot*' NVRAM variables. " + "This option is only available on EFI and IEEE1275 targets."), 2}, ++ {"auto-nvram", OPTION_AUTO_NVRAM, 0, OPTION_HIDDEN, 0, 2}, + {"skip-fs-probe",'s',0, 0, + N_("do not probe for filesystems in DEVICE"), 0}, + {"no-bootsector", OPTION_NO_BOOTSECTOR, 0, 0, diff --git a/debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch b/debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch new file mode 100644 index 000000000..b396029b8 --- /dev/null +++ b/debian/patches/ubuntu-tpm-unknown-error-non-fatal.patch @@ -0,0 +1,55 @@ +From: Mathieu Trudel-Lapierre +Date: Fri, 25 Oct 2019 10:25:04 -0400 +Subject: tpm: Pass unknown error as non-fatal, + but debug print the error we got + +Signed-off-by: Mathieu Trudel-Lapierre +Patch-Name: ubuntu-tpm-unknown-error-non-fatal.patch +--- + grub-core/commands/efi/tpm.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c +index 32909c1..fdbaaee 100644 +--- a/grub-core/commands/efi/tpm.c ++++ b/grub-core/commands/efi/tpm.c +@@ -155,7 +155,8 @@ grub_tpm1_execute (grub_efi_handle_t tpm_handle, + case GRUB_EFI_NOT_FOUND: + return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); + default: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); ++ grub_dprintf("tpm", "Unknown TPM error: %" PRIdGRUB_SSIZE, status); ++ return 0; + } + } + +@@ -195,7 +196,8 @@ grub_tpm2_execute (grub_efi_handle_t tpm_handle, + case GRUB_EFI_NOT_FOUND: + return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); + default: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); ++ grub_dprintf("tpm", "Unknown TPM error: %" PRIdGRUB_SSIZE, status); ++ return 0; + } + } + +@@ -262,7 +264,8 @@ grub_tpm1_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf, + case GRUB_EFI_NOT_FOUND: + return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); + default: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); ++ grub_dprintf("tpm", "Unknown TPM error: %" PRIdGRUB_SSIZE, status); ++ return 0; + } + } + +@@ -312,7 +315,8 @@ grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf, + case GRUB_EFI_NOT_FOUND: + return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); + default: +- return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); ++ grub_dprintf("tpm", "Unknown TPM error: %" PRIdGRUB_SSIZE, status); ++ return 0; + } + } + diff --git a/debian/patches/ubuntu-zfs-enhance-support.patch b/debian/patches/ubuntu-zfs-enhance-support.patch new file mode 100644 index 000000000..bedb876a0 --- /dev/null +++ b/debian/patches/ubuntu-zfs-enhance-support.patch @@ -0,0 +1,1030 @@ +From: Didier Roche +Date: Fri, 12 Jul 2019 11:06:06 -0400 +Subject: UBUNTU: Enhance ZFS grub support + +* Support multiple zfs systems (grouped by machine-id) +* Group zfs snapshots and clones with latest dataset for a given + installation. +* Support "history" entry with one time boot, recovery mode and + consecutive reboots. +* Pin kernel to particular snapshot, trying to reboot with the exact + same kernel and initrd. +* Disable in 10_linux zfs support if 10_linux_zfs is installed so that + we don't end up with the same installation multiple times. + +Author: Jean-Baptiste Lallement +Author: Didier Roche +Last-Update: 2020-08-06 +Patch-Name: ubuntu-zfs-enhance-support.patch + +Signed-off-by: Didier Roche +--- + Makefile.util.def | 7 + + util/grub.d/10_linux.in | 4 + + util/grub.d/10_linux_zfs.in | 964 ++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 975 insertions(+) + create mode 100755 util/grub.d/10_linux_zfs.in + +diff --git a/Makefile.util.def b/Makefile.util.def +index 969d32f..bac85e2 100644 +--- a/Makefile.util.def ++++ b/Makefile.util.def +@@ -482,6 +482,13 @@ script = { + condition = COND_HOST_LINUX; + }; + ++script = { ++ name = '10_linux_zfs'; ++ common = util/grub.d/10_linux_zfs.in; ++ installdir = grubconf; ++ condition = COND_HOST_LINUX; ++}; ++ + script = { + name = '10_xnu'; + common = util/grub.d/10_xnu.in; +diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in +index 4532266..a750966 100644 +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -71,6 +71,10 @@ case x"$GRUB_FS" in + GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" + fi;; + xzfs) ++ # We have a more specialized ZFS handler, with multiple system in 10_linux_zfs. ++ if [ -e "`dirname $(readlink -f $0)`/10_linux_zfs" ]; then ++ exit 0 ++ fi + rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` + bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`" + LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs%/}" +diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in +new file mode 100755 +index 0000000..5ec65fa +--- /dev/null ++++ b/util/grub.d/10_linux_zfs.in +@@ -0,0 +1,964 @@ ++#! /bin/sh ++set -e ++ ++# grub-mkconfig helper script. ++# Copyright (C) 2019 Canonical Ltd. ++# ++# GRUB is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# GRUB is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with GRUB. If not, see . ++ ++prefix="@prefix@" ++datarootdir="@datarootdir@" ++ ++. "${pkgdatadir}/grub-mkconfig_lib" ++ ++export TEXTDOMAIN=@PACKAGE@ ++export TEXTDOMAINDIR="@localedir@" ++ ++set -u ++ ++## Skip early if zfs utils isn't installed (instead of failing on first zpool list) ++if ! `which zfs >/dev/null 2>&1`; then ++ exit 0 ++fi ++ ++imported_pools="" ++MNTDIR="$(mktemp -d ${TMPDIR:-/tmp}/zfsmnt.XXXXXX)" ++ZFSTMP="$(mktemp -d ${TMPDIR:-/tmp}/zfstmp.XXXXXX)" ++ ++RC=0 ++on_exit() { ++ # Restore initial zpool import state ++ for pool in ${imported_pools}; do ++ zpool export "${pool}" ++ done ++ ++ mountpoint -q "${MNTDIR}" && umount "${MNTDIR}" || true ++ rmdir "${MNTDIR}" ++ rm -rf "${ZFSTMP}" ++ exit "${RC}" ++} ++trap on_exit EXIT INT QUIT ABRT PIPE TERM ++ ++# List ONLINE and DEGRADED pools ++import_pools() { ++ # We have to ignore zpool import output, as potentially multiple / will be available, ++ # and we need to autodetect all zpools this way with their real mountpoints. ++ local initial_pools="$(zpool list | awk '{if (NR>1) print $1}')" ++ local all_pools="" ++ local imported_pools="" ++ local err="" ++ ++ set +e ++ err="$(zpool import -f -a -o cachefile=none -o readonly=on -N 2>&1)" ++ # Only print stderr if the command returned an error ++ # (it can echo "No zpool to import" with success, which we don't want) ++ if [ $? -ne 0 ]; then ++ echo "Some pools couldn't be imported and will be ignored:\n${err}" >&2 ++ fi ++ set -e ++ ++ all_pools="$(zpool list | awk '{if (NR>1) print $1}')" ++ for pool in ${all_pools}; do ++ if echo "${initial_pools}" | grep -wq "${pool}"; then ++ continue ++ fi ++ imported_pools="${imported_pools} ${pool}" ++ done ++ ++ echo "${imported_pools}" ++} ++ ++# List all the dataset with a root mountpoint ++get_root_datasets() { ++ local pools="$(zpool list | awk '{if (NR>1) print $1}')" ++ ++ for p in ${pools}; do ++ local rel_pool_root=$(zpool get -H altroot ${p} | awk '{print $3}') ++ if [ "${rel_pool_root}" = "-" ]; then ++ rel_pool_root="/" ++ fi ++ ++ zfs list -H -o name,canmount,mountpoint -t filesystem | grep -E '^'"${p}"'(\s|/[[:print:]]*\s)(on|noauto)\s'"${rel_pool_root}"'$' | awk '{print $1}' ++ done ++} ++ ++# find if given datasets can be mounted for directory and return its path (snapshot or real path) ++# $1 is our current dataset name ++# $2 directory path we look for (cannot contains /) ++# $3 is the temporary mount directory to use ++# $4 is the optional snapshot name ++# return path for directory (which can be a mountpoint) ++validate_system_dataset() { ++ local dataset="$1" ++ local directory="$2" ++ local mntdir="$3" ++ local snapshot_name="$4" ++ ++ local mount_path="${mntdir}/${directory}" ++ ++ if ! zfs list "${dataset}" >/dev/null 2>&1; then ++ return ++ fi ++ ++ if ! mount -o noatime,zfsutil -t zfs "${dataset}" "${mount_path}"; then ++ grub_warn "Failed to find a valid directory '${directory}' for dataset '${dataset}@${snapshot_name}'. Ignoring" ++ return ++ fi ++ ++ local candidate_path="${mount_path}" ++ if [ -n "${snapshot_name}" ]; then ++ # WORKAROUND a bug https://github.com/zfsonlinux/zfs/issues/9958 ++ # Reading the content of a snapshot fails if it is not the first mount ++ # for a given dataset ++ first_mntdir=$(awk '{if ($1 == "'${dataset}'") {print $2; exit;}}' /proc/mounts) ++ if [ "${first_mntdir}" = "/" ]; then ++ # prevents // on candidate_path ++ first_mntdir="" ++ fi ++ candidate_path="${first_mntdir}/.zfs/snapshot/${snapshot_name}" ++ fi ++ ++ if [ -n "$(ls ${candidate_path} 2>/dev/null)" ]; then ++ echo "${candidate_path}" ++ return ++ else ++ mountpoint -q "${mount_path}" && umount "${mount_path}" || true ++ fi ++} ++ ++# Detect system directory relevant to the other, trying to find the ones associated on the current dataset or snapshot/ ++# System directory should be at most a direct child dataset of main datasets (no recursivity) ++# We can fallback trying other zfs pools if no match has been found. ++# $1 is our current dataset name (which can have @snapshot name) ++# $2 directory path we look for (cannot contains /) ++# $3 restrict_to_same_pool (true|false) force looking for dataset with the same basename in the current dataset pool only ++# $4 is the temporary mount directory to use ++# $5 is the optional etc directory (if not $2 is not etc itself) ++# return path for directory (which can be a mountpoint) ++get_system_directory() { ++ local dataset_path="$1" ++ local directory="$2" ++ local restrict_to_same_pool="$3" ++ local mntdir="$4" ++ local etc_dir="$5" ++ ++ if [ -z "${etc_dir}" ]; then ++ etc_dir="${mntdir}/etc" ++ fi ++ ++ local candidate_path="${mntdir}/${directory}" ++ ++ # 1. Look for /etc/fstab first (which will mount even on top of non empty $directory) ++ local mounted_fstab_entry="false" ++ if [ -f "${etc_dir}/fstab" ]; then ++ mount_args=$(awk '/^[^#].*[ \t]\/'"${directory}"'[ \t]/ {print "-t", $3, $1}' "${etc_dir}/fstab") ++ if [ -n "${mount_args}" ]; then ++ mounted_fstab_entry="true" ++ mount -o noatime ${mount_args} "${candidate_path}" || mounted_fstab_entry="false" ++ fi ++ fi ++ ++ # If directory isn't empty. Only count if coming from /etc/fstab. Will be ++ # handled below otherwise as we are interested in potential snapshots. ++ if [ "${mounted_fstab_entry}" = "true" -a -n "$(ls ${candidate_path} 2>/dev/null)" ]; then ++ echo "${candidate_path}" ++ return ++ fi ++ ++ # 2. Handle zfs case, which can be a snapshots. ++ ++ local base_dataset_path="${dataset_path}" ++ local snapshot_name="" ++ # For snapshots we extract the parent dataset ++ if echo "${dataset_path}" | grep -q '@'; then ++ base_dataset_path=$(echo "${dataset_path}" | cut -d '@' -f1) ++ snapshot_name=$(echo "${dataset_path}" | cut -d '@' -f2) ++ fi ++ base_dataset_name="${base_dataset_path##*/}" ++ base_pool="$(echo "${base_dataset_path}" | cut -d'/' -f1)" ++ ++ # 2.a) Look for child dataset included in base dataset, which needs to hold same snapshot if any ++ candidate_path=$(validate_system_dataset "${base_dataset_path}/${directory}" "${directory}" "${mntdir}" "${snapshot_name}") ++ if [ -n "${candidate_path}" ]; then ++ echo "${candidate_path}" ++ return ++ fi ++ ++ # 2.b) Look for current dataset (which is already mounted as /) ++ candidate_path="${mntdir}/${directory}" ++ if [ -n "${snapshot_name}" ]; then ++ # WORKAROUND a bug https://github.com/zfsonlinux/zfs/issues/9958 ++ # Reading the content of a snapshot fails if it is not the first mount ++ # for a given dataset ++ first_mntdir=$(awk '{if ($1 == "'${base_dataset_path}'") {print $2; exit;}}' /proc/mounts) ++ if [ "${first_mntdir}" = "/" ]; then ++ # prevents // on candidate_path ++ first_mntdir="" ++ fi ++ candidate_path="${first_mntdir}/.zfs/snapshot/${snapshot_name}/${directory}" ++ fi ++ if [ -n "$(ls ${candidate_path} 2>/dev/null)" ]; then ++ echo "${candidate_path}" ++ return ++ fi ++ ++ # 2.c) Look for every datasets in every pool which isn't the current dataset which holds: ++ # - the same dataset name (last section) than our base_dataset_name ++ # - mountpoint=directory ++ # - canmount!=off ++ all_same_base_dataset_name="$(zfs list -H -t filesystem -o name,canmount | awk '/^[^ ]+\/'"${base_dataset_name}"'[ \t](on|noauto)/ {print $1}') " ++ ++ # order by local pool datasets first ++ current_pool_same_base_datasets="" ++ other_pools_same_base_datasets="" ++ root_pool=$(echo "${dataset_path%%/*}") ++ for d in ${all_same_base_dataset_name}; do ++ cur_dataset_pool=$(echo "${d%%/*}") ++ if echo "${cur_dataset_pool}" | grep -wq "${root_pool}" 2>/dev/null ; then ++ current_pool_same_base_datasets="${current_pool_same_base_datasets} ${d}" ++ else ++ other_pools_same_base_datasets="${other_pools_same_base_datasets} ${d}" ++ fi ++ done ++ ordered_same_base_datasets="${current_pool_same_base_datasets} ${other_pools_same_base_datasets}" ++ if [ "${restrict_to_same_pool}" = "true" ]; then ++ ordered_same_base_datasets="${current_pool_same_base_datasets}" ++ fi ++ ++ # now, loop over them ++ for d in ${ordered_same_base_datasets}; do ++ cur_dataset_pool=$(echo "${d%%/*}") ++ ++ rel_pool_root=$(zpool get -H altroot ${cur_dataset_pool} | awk '{print $3}') ++ if [ "${rel_pool_root}" = "-" ]; then ++ rel_pool_root="" ++ fi ++ ++ # check mountpoint match ++ candidate_dataset=$(zfs get -H mountpoint ${d} | grep -E "mountpoint\s${rel_pool_root}/${directory}\s" | awk '{print $1}') ++ if [ -z "${candidate_dataset}" ]; then ++ continue ++ fi ++ ++ candidate_path=$(validate_system_dataset "${candidate_dataset}" "${directory}" "${mntdir}" "${snapshot_name}") ++ if [ -n "${candidate_path}" ]; then ++ echo "${candidate_path}" ++ return ++ fi ++ done ++ ++ # 2.d) If we didn't find anything yet: check for persistent datasets corresponding to our mountpoint, with canmount=on without any snapshot associated: ++ # Note: we go over previous datasets as well, but this is ok, as we didn't include them before. ++ all_mountable_datasets="$(zfs list -t filesystem -o name,canmount | awk '/^[^ ]+[ \t]+on/ {print $1}')" ++ ++ # order by local pool datasets first ++ current_pool_datasets="" ++ other_pools_datasets="" ++ root_pool=$(echo "${dataset_path%%/*}") ++ for d in ${all_mountable_datasets}; do ++ cur_dataset_pool=$(echo "${d%%/*}") ++ if echo "${cur_dataset_pool}" | grep -wq "${root_pool}" 2>/dev/null ; then ++ current_pool_datasets="${current_pool_datasets} ${d}" ++ else ++ other_pools_datasets="${other_pools_datasets} ${d}" ++ fi ++ done ++ ordered_datasets="${current_pool_datasets} ${other_pools_datasets}" ++ if [ "${restrict_to_same_pool}" = "true" ]; then ++ ordered_datasets="${current_pool_datasets}" ++ fi ++ ++ for d in ${ordered_datasets}; do ++ cur_dataset_pool=$(echo "${d%%/*}") ++ ++ rel_pool_root=$(zpool get -H altroot ${cur_dataset_pool} | awk '{print $3}') ++ if [ "${rel_pool_root}" = "-" ]; then ++ rel_pool_root="" ++ fi ++ ++ # check mountpoint match ++ candidate_dataset=$(zfs get -H mountpoint ${d} | grep -E "mountpoint\s${rel_pool_root}/${directory}\s" | awk '{print $1}') ++ if [ -z "${candidate_dataset}" ]; then ++ continue ++ fi ++ ++ candidate_path=$(validate_system_dataset "${d}" "${directory}" "${mntdir}" "") ++ if [ -n "${candidate_path}" ]; then ++ echo "${candidate_path}" ++ return ++ fi ++ done ++ ++ grub_warn "Failed to find a valid directory '${directory}' for dataset '${dataset_path}'. Ignoring" ++ return ++} ++ ++# Try our default layout bpool as a prefered layout (fast path) ++# This is get_system_directory for boot optimized for our default installation layout ++# $1 is our current dataset name (which can have @snapshot name) ++# $2 is the temporary mount directory to use ++# return path for directory (which can be a mountpoint) if found ++try_default_layout_bpool() { ++ local root_dataset_path="$1" ++ local mntdir="$2" ++ ++ dataset_basename="${root_dataset_path##*/}" ++ candidate_dataset="bpool/BOOT/${dataset_basename}" ++ dataset_properties="$(zfs get -H mountpoint,canmount ${candidate_dataset} | cut -f3 | paste -sd ' ')" ++ if [ -z "${dataset_properties}" ]; then ++ return ++ fi ++ ++ rel_pool_root=$(zpool get -H altroot bpool | awk '{print $3}') ++ if [ "${rel_pool_root}" = "-" ]; then ++ rel_pool_root="" ++ fi ++ ++ snapshot_name="${dataset_basename##*@}" ++ [ "${snapshot_name}" = "${dataset_basename}" ] && snapshot_name="" ++ if [ -z "${snapshot_name}" ]; then ++ if ! echo "${dataset_properties}" | grep -Eq "${rel_pool_root}/boot (on|noauto)"; then ++ return ++ fi ++ else ++ candidate_dataset=$(echo "${candidate_dataset}" | cut -d '@' -f1) ++ fi ++ ++ validate_system_dataset "${candidate_dataset}" "boot" "${mntdir}" "${snapshot_name}" ++} ++ ++# Given a filesystem or snapshot dataset, returns dataset|machine id|pretty name|last used ++# $1 is dataset we want information from ++# $2 is the temporary mount directory to use ++get_dataset_info() { ++ local dataset="$1" ++ local mntdir="$2" ++ ++ local base_dataset="${dataset}" ++ local etc_dir="${mntdir}/etc" ++ local is_snapshot="false" ++ # For snapshot we extract the parent dataset ++ if echo "${dataset}" | grep -q '@'; then ++ base_dataset=$(echo "${dataset}" | cut -d '@' -f1) ++ is_snapshot="true" ++ fi ++ ++ mount -o noatime,zfsutil -t zfs "${base_dataset}" "${mntdir}" ++ ++ # read machine-id/os-release from /etc ++ etc_dir=$(get_system_directory "${dataset}" "etc" "true" "${mntdir}" "") ++ if [ -z "${etc_dir}" ]; then ++ grub_warn "Ignoring ${dataset}" ++ mountpoint -q "${mntdir}/etc" && umount "${mntdir}/etc" || true ++ umount "${mntdir}" ++ return ++ fi ++ ++ machine_id="" ++ if [ -f "${etc_dir}/machine-id" ]; then ++ machine_id=$(cat "${etc_dir}/machine-id") ++ fi ++ # We have to use a random temporary id if we don't have any machine-id file or if this one is empty ++ # (mostly the case of new installations before first boot). ++ # Let's use the dataset name directly for this. ++ # Consequence is that all datasets are then separated. ++ if [ -z "${machine_id}" ]; then ++ machine_id="${dataset}" ++ fi ++ pretty_name=$(. "${etc_dir}/os-release" && echo "${PRETTY_NAME}") ++ mountpoint -q "${mntdir}/etc" && umount "${mntdir}/etc" || true ++ ++ # read available kernels from /boot ++ boot_dir="$(try_default_layout_bpool "${dataset}" "${mntdir}")" ++ if [ -z "${boot_dir}" ]; then ++ boot_dir=$(get_system_directory "${dataset}" "boot" "false" "${mntdir}" "${etc_dir}") ++ fi ++ ++ if [ -z "${boot_dir}" ]; then ++ grub_warn "Ignoring ${dataset}" ++ mountpoint -q "${mntdir}/boot" && umount "${mntdir}/boot" || true ++ umount "${mntdir}" ++ return ++ fi ++ ++ machine="$(uname -m)" ++ case "${machine}" in ++ i?86) GENKERNEL_ARCH="x86" ;; ++ mips|mips64) GENKERNEL_ARCH="mips" ;; ++ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; ++ arm*) GENKERNEL_ARCH="arm" ;; ++ *) GENKERNEL_ARCH="${machine}" ;; ++ esac ++ ++ initrd_list="" ++ kernel_list="" ++ list=$(find "${boot_dir}" -maxdepth 1 -type f -regex '.*/\(vmlinuz\|vmlinux\|kernel\)-.*') ++ while [ "x$list" != "x" ] ; do ++ linux=`version_find_latest $list` ++ list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` ++ if ! grub_file_is_not_garbage "${linux}" ; then ++ continue ++ fi ++ ++ linux_basename=$(basename "${linux}") ++ linux_dirname=$(dirname "${linux}") ++ version=$(echo "${linux_basename}" | sed -e "s,^[^0-9]*-,,g") ++ alt_version=$(echo "${version}" | sed -e "s,\.old$,,g") ++ ++ gettext_printf "Found linux image: %s in %s\n" "${linux_basename}" "${dataset}" >&2 ++ ++ initrd="" ++ for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ ++ "initrd-${version}" "initramfs-${version}.img" \ ++ "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ ++ "initrd-${alt_version}" "initramfs-${alt_version}.img" \ ++ "initramfs-genkernel-${version}" \ ++ "initramfs-genkernel-${alt_version}" \ ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do ++ if test -e "${linux_dirname}/${i}" ; then ++ initrd="$i" ++ break ++ fi ++ done ++ ++ if test -z "${initrd}" ; then ++ grub_warn "Couldn't find any valid initrd for dataset ${dataset}." ++ continue ++ fi ++ ++ gettext_printf "Found initrd image: %s in %s\n" "${initrd}" "${dataset}" >&2 ++ ++ rel_linux_dirname=$(make_system_path_relative_to_its_root "${linux_dirname}") ++ ++ initrd_list="${initrd_list}|${rel_linux_dirname}/${initrd}" ++ kernel_list="${kernel_list}|${rel_linux_dirname}/${linux_basename}" ++ done ++ ++ initrd_list="${initrd_list#|}" ++ kernel_list="${kernel_list#|}" ++ ++ initrd_device=$(${grub_probe} --target=device "${boot_dir}" | head -1) ++ ++ mountpoint -q "${mntdir}/boot" && umount "${mntdir}/boot" || true ++ # We needed to look in / for snapshots on root dataset, umount there before zfs lazily unmount it ++ case "${boot_dir}" in /boot/.zfs/snapshot/*) ++ umount "${boot_dir}" || true ++ ;; ++ esac ++ ++ # for zsys snapshots: we want to know which kernel we successful last booted with ++ last_booted_kernel=$(zfs get -H com.ubuntu.zsys:last-booted-kernel "${dataset}" | awk '{print $3}') ++ ++ # snapshot: last_used is dataset creation time ++ if [ "${is_snapshot}" = "true" ]; then ++ last_used="$(zfs get -pH creation "${dataset}" | awk -F '\t' '{print $3}')" ++ # otherwise, last_used is manually marked at boot/shutdown on a root dataset for zsys ++ else ++ # if current system, take current time ++ if zfs mount | awk '/[ \t]+\/$/ {print $1}' | grep -q ${dataset}; then ++ last_used=$(date +%s) ++ else ++ last_used=$(zfs get -H com.ubuntu.zsys:last-used "${dataset}" | awk '{print $3}') ++ # case of non zsys, or zsys without annotation, take /etc/machine-id stat (as we mounted with noatime). ++ # However, as systems can be relatime, if system is current mounted one, set current time (case of clone + reboot ++ # within the same d). ++ if [ "${last_used}" = "-" ]; then ++ last_used=$(stat --printf="%X" "${mntdir}/etc/os-release") ++ if [ -f "${mntdir}/etc/machine-id" ]; then ++ last_used=$(stat --printf="%X" "${mntdir}/etc/machine-id") ++ fi ++ fi ++ fi ++ fi ++ ++ is_zsys=$(zfs get -H com.ubuntu.zsys:bootfs "${base_dataset}" | awk '{print $3}') ++ ++ if [ -n "${initrd_list}" -a -n "${kernel_list}" ]; then ++ echo "${dataset}\t${is_zsys}\t${machine_id}\t${pretty_name}\t${last_used}\t${initrd_device}\t${initrd_list}\t${kernel_list}\t${last_booted_kernel}" ++ else ++ grub_warn "didn't find any valid initrd or kernel." ++ fi ++ ++ umount "${mntdir}" || true ++ # We needed to look in / for snapshots on root dataset, umount the snapshot for etc before zfs lazily unmount it ++ case "${etc_dir}" in /.zfs/snapshot/*/etc) ++ snapshot_path="$(findmnt -n -o TARGET -T ${etc_dir})" ++ umount "${snapshot_path}" || true ++ ;; ++ esac ++} ++ ++# Scan available boot options and returns in a formatted list ++# $1 is the temporary mount directory to use ++bootlist() { ++ local mntdir="$1" ++ local boot_list="" ++ ++ for dataset in $(get_root_datasets); do ++ # get information from current root dataset ++ boot_list="${boot_list}$(get_dataset_info ${dataset} ${mntdir})\n" ++ ++ # get information from snapshots of this root dataset ++ for snapshot_dataset in $(zfs list -H -o name -t snapshot "${dataset}"); do ++ boot_list="${boot_list}$(get_dataset_info ${snapshot_dataset} ${mntdir})\n" ++ done ++ done ++ echo "${boot_list}" ++} ++ ++ ++# Order machine ids by last_used from their main entry ++get_machines_sorted() { ++ local bootlist="$1" ++ ++ local machineids="$(echo "${bootlist}" | awk '{print $3}' | sort -u)" ++ for machineid in ${machineids}; do ++ echo "${bootlist}" | awk 'BEGIN{FS="\t"} $1 !~ /.*@.*/ {print $5, $3}' | sort -nr | grep -E "[^^]\b${machineid}\b" | head -1 ++ done | sort -nr | awk '{print $2}' ++} ++ ++# Sort entries by last_used for a given machineid ++sort_entries_for_machineid() { ++ local bootlist="$1" ++ local machineid="$2" ++ ++ tab="$(printf '\t')" ++ echo "${bootlist}" | grep -E "[^^]\b${machineid}\b" | sort -k5,5r -k1,1 -t "${tab}" ++} ++ ++# Return main entry index ++get_main_entry() { ++ local entries="$1" ++ ++ echo "${entries}" | awk 'BEGIN{FS="\t"} $1 !~ /.*@.*/ {print}' | head -1 ++} ++ ++# Return specific field at index from entry ++get_field_from_entry() { ++ local entry="$1" ++ local index="$2" ++ ++ echo "${entry}" | awk "BEGIN{FS=\"\t\"} {print \$$index}" ++} ++ ++# Get the main entry metadata ++main_entry_meta() { ++ local main_entry="$1" ++ ++ initrd=$(get_field_from_entry "${main_entry}" 7 | cut -d'|' -f1) ++ kernel=$(get_field_from_entry "${main_entry}" 8 | cut -d'|' -f1) ++ ++ # Take first element (most recent entry) which is not a snapshot ++ echo "${main_entry}" | awk "BEGIN{ FS=\"\t\"; OFS=\"\t\"} {print \$3, \$2, \"main\", \$4, \$1, \$6, \"$initrd\", \"$kernel\"}" ++} ++ ++# Get advanced entries metadata ++advanced_entries_meta() { ++ local main_entry="$1" ++ ++ last_used_kernel="$(get_field_from_entry "${main_entry}" 9 )" ++ ++ # We must align initrds with kernels. ++ # Adds initrds to the stack then pop them 1 by 1 as we process the kernels ++ set -- $(get_field_from_entry "${main_entry}" 7 | tr "|" " ") ++ for kernel in $(get_field_from_entry "${main_entry}" 8 | tr "|" " "); do ++ # get initrd and pop to the next one ++ initrd="$1"; shift ++ ++ was_last_used_kernel="false" ++ kernel_basename=$(basename "${kernel}") ++ if [ "${kernel_basename}" = "${last_used_kernel}" ]; then ++ was_last_used_kernel="true" ++ fi ++ ++ echo "${main_entry}" | awk "BEGIN{ FS=\"\t\"; OFS=\"\t\"} {print \$3, \$2, \"advanced\", \$4, \$1, \$6, \"$initrd\", \"$kernel\", \"$was_last_used_kernel\"}" ++ done ++} ++ ++# Get history metadata ++history_entries_meta() { ++ local entries="$1" ++ local main_dataset_name="$2" ++ local main_dataset_releasename="$3" ++ ++ if [ -z "${entries}" ]; then ++ return ++ fi ++ ++ # Traverse snapshots and clones ++ echo "${entries}" | while read entry; do ++ name="" ++ # Compute snapshot/filesystem dataset name ++ snap_dataset_name="$(get_field_from_entry "${entry}" 1)" ++ ++ snapname="${snap_dataset_name##*@}" ++ # If, this is a clone, take what is after main_dataset_name ++ if [ "${snapname}" = "${snap_dataset_name}" ]; then ++ snapname="${snap_dataset_name##${main_dataset_name}_}" ++ ++ # Handle manual user clone (not prefixed by "main_dataset_name") ++ snapname="${snapname##*/}" ++ fi ++ ++ # We keep the snapname only if it is not only a zsys auto snapshot ++ if echo "${snapname}" | grep -q "^autozsys_"; then ++ snapname="" ++ fi ++ ++ # We store the release only if it different from main dataset release (snapshot before a release upgrade) ++ releasename=$(get_field_from_entry "${entry}" 4) ++ if [ "${releasename}" = "${main_dataset_releasename}" ]; then ++ releasename="" ++ fi ++ ++ # Snapshot date ++ foo="$(get_field_from_entry "${entry}" 5)" ++ snapdate="$(date -d @$(get_field_from_entry "${entry}" 5) "+%x @ %H:%M")" ++ ++ # For snapshots/clones the name can have the following formats: ++ # : autozsys, same release ++ # on : autozsys, different release ++ # on : Manual snapshot, same release ++ # , on : Manual snapshot, different release ++ if [ "${snapname}" = "" -a "${releasename}" = "" ]; then ++ name="${snapdate}" ++ elif [ "${snapname}" = "" -a "${releasename}" != "" ]; then ++ name=$(gettext_printf "%s on %s" "${releasename}" "${snapdate}") ++ elif [ "${snapname}" != "" -a "${releasename}" = "" ]; then ++ name=$(gettext_printf "%s on %s" "${snapname}" "${snapdate}") ++ else # snapname != "" && releasename != "" ++ name=$(gettext_printf "%s, %s on %s" "${snapname}" "${releasename}" "${snapdate}") ++ fi ++ ++ # Choose kernel and initrd if the snapshot was booted successfully on a specific kernel before ++ # Take latest by default if no match ++ initrd=$(get_field_from_entry "${entry}" 7 | cut -d'|' -f1) ++ kernel=$(get_field_from_entry "${entry}" 8 | cut -d'|' -f1) ++ last_used_kernel="$(get_field_from_entry "${entry}" 9)" ++ ++ # We must align initrds with kernels. ++ # Adds initrds to the stack then pop them 1 by 1 as we process the kernels ++ set -- $(get_field_from_entry "${entry}" 7 | tr "|" " ") ++ for k in $(get_field_from_entry "${entry}" 8|tr "|" " "); do ++ # get initrd and pop to the next one ++ candidate_initrd="$1"; shift ++ ++ kernel_basename=$(basename "${k}") ++ if [ "${kernel_basename}" = "${last_used_kernel}" ]; then ++ kernel="${k}" ++ initrd="${candidate_initrd}" ++ break ++ fi ++ done ++ ++ echo "${entry}" | awk "BEGIN{ FS=\"\t\"; OFS=\"\t\"} {print \$3, \$2, \"history\", \"$name\", \$1, \$6, \"$initrd\", \"$kernel\"}" ++ done ++} ++ ++# Generate metadata from a BOOTLIST that will subsequently used to generate ++# the final grub menu entries ++generate_grub_menu_metadata() { ++ local bootlist="$1" ++ ++ # Sort machineids by last_used from their main entry ++ for machineid in $(get_machines_sorted "${bootlist}"); do ++ entries="$(sort_entries_for_machineid "${bootlist}" ${machineid})" ++ main_entry="$(get_main_entry "${entries}")" ++ ++ if [ -z "$main_entry" ]; then ++ continue ++ fi ++ ++ main_entry_meta "${main_entry}" ++ advanced_entries_meta "${main_entry}" ++ ++ main_dataset_name="$(get_field_from_entry "${main_entry}" 1)" ++ main_dataset_releasename="$(get_field_from_entry "${main_entry}" 4)" ++ # grep -v errcode != 0 if there is no match. || true to not fail with -e ++ other_entries="$(echo "${entries}" | grep -v "${main_entry}" || true)" ++ history_entries_meta "${other_entries}" "${main_dataset_name}" "${main_dataset_releasename}" ++ done ++} ++ ++# Cache for prepare_grub_to_access_device call ++# $1: boot_device ++# $2: submenu_level ++prepare_grub_to_access_device_cached() { ++ local boot_device="$1" ++ local submenu_level="$2" ++ ++ local boot_device_idx="$(echo ${boot_device} | tr '/' '_')" ++ ++ cache_file="${ZFSTMP}/$(echo boot_device${boot_device_idx})" ++ if [ ! -f "${cache_file}" ]; then ++ set +u ++ echo "$(prepare_grub_to_access_device "${boot_device}")" > "${cache_file}" ++ set -u ++ for i in 0 1 2; do ++ submenu_indentation="$(printf %${i}s | tr " " "${grub_tab}")" ++ sed "s/^/${submenu_indentation} /" "${cache_file}" > "${cache_file}--${i}" ++ done ++ fi ++ ++ cat "${cache_file}--${submenu_level}" ++} ++ ++ ++# Print a grub menu entry ++zfs_linux_entry () { ++ submenu_level="$1" ++ title="$2" ++ type="$3" ++ dataset="$4" ++ boot_device="$5" ++ initrd="$6" ++ kernel="$7" ++ kernel_additional_args="${8:-}" ++ ++ kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g") ++ submenu_indentation="$(printf %${submenu_level}s | tr " " "${grub_tab}")" ++ ++ echo "${submenu_indentation}menuentry '$(echo "${title}" | grub_quote)' ${CLASS} \${menuentry_id_option} 'gnulinux-${dataset}-${kernel_version}' {" ++ ++ if [ "${type}" != "recovery" ] ; then ++ GRUB_SAVEDEFAULT=${GRUB_SAVEDEFAULT:-} ++ default_entry="$(save_default_entry)" ++ if [ -n "${default_entry}" ]; then ++ echo "${submenu_indentation} ${default_entry}" ++ fi ++ fi ++ ++ # Use ELILO's generic "efifb" when it's known to be available. ++ # FIXME: We need an interface to select vesafb in case efifb can't be used. ++ if [ "${GRUB_GFXPAYLOAD_LINUX}" = "" ]; then ++ echo "${submenu_indentation} load_video" ++ if grep -qx "CONFIG_FB_EFI=y" "${config}" 2> /dev/null \ ++ && grep -qx "CONFIG_VT_HW_CONSOLE_BINDING=y" "${config}" 2> /dev/null; then ++ echo "${submenu_indentation} set gfxpayload=keep" ++ fi ++ else ++ if [ "${GRUB_GFXPAYLOAD_LINUX}" != "text" ]; then ++ echo "${submenu_indentation} load_video" ++ fi ++ echo "${submenu_indentation} set gfxpayload=\${linux_gfx_mode}" ++ fi ++ ++ echo "${submenu_indentation} insmod gzio" ++ ++ echo "$(prepare_grub_to_access_device_cached "${boot_device}" "${submenu_level}")" ++ ++ echo "${submenu_indentation} echo $(gettext_printf "Loading Linux %s ..." ${kernel_version} | grub_quote)" ++ ++ linux_default_args="${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" ++ if [ ${type} = "recovery" ]; then ++ linux_default_args="single ${GRUB_CMDLINE_LINUX}" ++ fi ++ ++ echo "${submenu_indentation} linux ${kernel} root=ZFS=${dataset} ro ${linux_default_args} ${kernel_additional_args}" ++ ++ echo "${submenu_indentation} echo '$(gettext_printf "Loading initial ramdisk ..." | grub_quote)'" ++ echo "${submenu_indentation} initrd ${initrd}" ++ echo "${submenu_indentation}}" ++} ++ ++# Generate a GRUB Menu from menu meta data ++# $1 menu metadata ++generate_grub_menu() { ++ local menu_metadata="$1" ++ local last_section="" ++ local main_dataset_name="" ++ local main_dataset="" ++ local have_zsys="" ++ ++ if [ -z "${menu_metadata}" ]; then ++ return ++ fi ++ ++ CLASS="--class gnu-linux --class gnu --class os" ++ ++ if [ "${GRUB_DISTRIBUTOR}" = "" ] ; then ++ OS=GNU/Linux ++ else ++ OS="${GRUB_DISTRIBUTOR} GNU/Linux" ++ CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1 | LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" ++ fi ++ ++ ++ # IFS is set to TAB (ASCII 0x09) ++ echo "${menu_metadata}" | ++ { ++ at_least_one_entry=0 ++ have_zsys="$(which zsysd || true)" ++ while IFS="$(printf '\t')" read -r machineid iszsys section name dataset device initrd kernel opt; do ++ ++ # Disable history for non zsys system or if systems is a zsys one and zsys isn't installed. ++ # In pure zfs systems, we identified multiple issues due to the mount generator ++ # in upstream zfs which makes it incompatible. Don't show history for now. ++ if [ "${section}" = "history" ]; then ++ if [ "${iszsys}" != "yes" ] || [ "${iszsys}" = "yes" -a -z "${have_zsys}" ]; then ++ continue ++ fi ++ fi ++ ++ if [ "${last_section}" != "${section}" -a -n "${last_section}" ]; then ++ # Close previous section wrapper ++ if [ "${last_section}" != "main" ]; then ++ echo "}" # Add grub_tabs ++ at_least_one_entry=0 ++ fi ++ fi ++ ++ case "${section}" in ++ main) ++ title="${name}" ++ main_dataset_name="${name}" ++ main_dataset="${dataset}" ++ ++ zfs_linux_entry 0 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" ++ at_least_one_entry=1 ++ ;; ++ advanced) ++ # normal and recovery entries for a given kernel ++ if [ "${last_section}" != "${section}" ]; then ++ echo "submenu '$(gettext_printf "Advanced options for %s" "${main_dataset_name}" | grub_quote)' \${menuentry_id_option} 'gnulinux-advanced-${main_dataset}' {" ++ fi ++ ++ last_booted_kernel_marker="" ++ if [ "${opt}" = "true" ]; then ++ last_booted_kernel_marker="* " ++ fi ++ ++ kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g") ++ title="$(gettext_printf "%s%s, with Linux %s" "${last_booted_kernel_marker}" "${name}" "${kernel_version}")" ++ zfs_linux_entry 1 "${title}" "advanced" "${dataset}" "${device}" "${initrd}" "${kernel}" ++ ++ GRUB_DISABLE_RECOVERY=${GRUB_DISABLE_RECOVERY:-} ++ if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then ++ title="$(gettext_printf "%s%s, with Linux %s (recovery mode)" "${last_booted_kernel_marker}" "${name}" "${kernel_version}")" ++ zfs_linux_entry 1 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" ++ fi ++ at_least_one_entry=1 ++ ;; ++ history) ++ # Revert to a snapshot ++ # revert system, revert system and user data and associated recovery entries ++ if [ "${last_section}" != "${section}" ]; then ++ echo "submenu '$(gettext_printf "History for %s" "${main_dataset_name}" | grub_quote)' \${menuentry_id_option} 'gnulinux-history-${main_dataset}' {" ++ fi ++ ++ if [ "${iszsys}" = "yes" ]; then ++ title="$(gettext_printf "Revert to %s" "${name}" | grub_quote)" ++ else ++ title="$(gettext_printf "Boot on %s" "${name}" | grub_quote)" ++ fi ++ echo " submenu '${title}' \${menuentry_id_option} 'gnulinux-history-${dataset}' {" ++ ++ # Zsys only: let revert system without destroying snapshots ++ if [ "${iszsys}" = "yes" ]; then ++ title="$(gettext_printf "Revert system only")" ++ zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" ++ title="$(gettext_printf "Revert system and user data")" ++ zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "zsys-revert=userdata" ++ ++ GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}" ++ if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then ++ title="$(gettext_printf "Revert system only (recovery mode)")" ++ zfs_linux_entry 2 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" ++ title="$(gettext_printf "Revert system and user data (recovery mode)")" ++ zfs_linux_entry 2 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" "zsys-revert=userdata" ++ fi ++ # Non-zsys: boot temporarly on snapshots or rollback (destroying intermediate snapshots) ++ else ++ title="$(gettext_printf "One time boot")" ++ zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" ++ ++ GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}" ++ if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then ++ title="$(gettext_printf "One time boot (recovery mode)")" ++ zfs_linux_entry 2 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" ++ fi ++ ++ title="$(gettext_printf "Revert system (all intermediate snapshots will be destroyed)")" ++ zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "rollback=yes" ++ fi ++ ++ echo " }" ++ at_least_one_entry=1 ++ ;; ++ *) ++ grub_warn "unknown section: ${section}. Ignoring entry ${name} for ${dataset}" ++ ;; ++ esac ++ last_section="${section}" ++ done ++ ++ if [ "${at_least_one_entry}" -eq 1 ]; then ++ echo "}" ++ fi ++ } ++} ++ ++# don't add trailing newline of variable is empty ++# $1: content to write ++# $2: destination file ++trailing_newline_if_not_empty() { ++ content="$1" ++ dest="$2" ++ ++ if [ -z "${content}" ]; then ++ rm -f "${dest}" ++ touch "${dest}" ++ return ++ fi ++ echo "${content}" > "${dest}" ++} ++ ++ ++GRUB_LINUX_ZFS_TEST="${GRUB_LINUX_ZFS_TEST:-}" ++case "${GRUB_LINUX_ZFS_TEST}" in ++ bootlist) ++ # Import all available pools on the system and return imported list ++ imported_pools=$(import_pools) ++ boot_list="$(bootlist ${MNTDIR})" ++ trailing_newline_if_not_empty "${boot_list}" "${GRUB_LINUX_ZFS_TEST_OUTPUT}" ++ break ++ ;; ++ metamenu) ++ boot_list="$(cat ${GRUB_LINUX_ZFS_TEST_INPUT})" ++ menu_metadata="$(generate_grub_menu_metadata "${boot_list}")" ++ trailing_newline_if_not_empty "${menu_metadata}" "${GRUB_LINUX_ZFS_TEST_OUTPUT}" ++ break ++ ;; ++ grubmenu) ++ menu_metadata="$(cat ${GRUB_LINUX_ZFS_TEST_INPUT})" ++ grub_menu=$(generate_grub_menu "${menu_metadata}") ++ trailing_newline_if_not_empty "${grub_menu}" "${GRUB_LINUX_ZFS_TEST_OUTPUT}" ++ break ++ ;; ++ *) ++ # Import all available pools on the system and return imported list ++ imported_pools=$(import_pools) ++ # Generate the complete list of boot entries ++ boot_list="$(bootlist ${MNTDIR})" ++ # Create boot menu meta data from the list of boot entries ++ menu_metadata="$(generate_grub_menu_metadata "${boot_list}")" ++ # Create boot menu meta data from the list of boot entries ++ grub_menu="$(generate_grub_menu "${menu_metadata}")" ++ if [ -n "${grub_menu}" ]; then ++ # We want the trailing newline as a marker will be added ++ echo "${grub_menu}" ++ fi ++ ;; ++esac diff --git a/debian/patches/uefi-firmware-setup.patch b/debian/patches/uefi-firmware-setup.patch index 7e3d3a269..13d8bb6bd 100644 --- a/debian/patches/uefi-firmware-setup.patch +++ b/debian/patches/uefi-firmware-setup.patch @@ -1,4 +1,3 @@ -From ab578af70201055343085da1934f376357f67f92 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Mon, 13 Jan 2014 12:13:12 +0000 Subject: Output a menu entry for firmware setup on UEFI FastBoot systems @@ -8,16 +7,16 @@ Last-Update: 2015-09-04 Patch-Name: uefi-firmware-setup.patch --- - Makefile.util.def | 6 +++++ - util/grub.d/30_uefi-firmware.in | 46 +++++++++++++++++++++++++++++++++ + Makefile.util.def | 6 ++++++ + util/grub.d/30_uefi-firmware.in | 46 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 util/grub.d/30_uefi-firmware.in diff --git a/Makefile.util.def b/Makefile.util.def -index 0029b9000..8a24b23f0 100644 +index eec1924..ce133e6 100644 --- a/Makefile.util.def +++ b/Makefile.util.def -@@ -519,6 +519,12 @@ script = { +@@ -526,6 +526,12 @@ script = { installdir = grubconf; }; @@ -32,7 +31,7 @@ index 0029b9000..8a24b23f0 100644 common = util/grub.d/40_custom.in; diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in new file mode 100644 -index 000000000..3c9f533d8 +index 0000000..3c9f533 --- /dev/null +++ b/util/grub.d/30_uefi-firmware.in @@ -0,0 +1,46 @@ diff --git a/debian/patches/uefi-secure-boot-cryptomount.patch b/debian/patches/uefi-secure-boot-cryptomount.patch index e9b7c1090..0529b15ce 100644 --- a/debian/patches/uefi-secure-boot-cryptomount.patch +++ b/debian/patches/uefi-secure-boot-cryptomount.patch @@ -1,5 +1,4 @@ -From 3a717fc40702f20869d1b3bc49885bbaab7769dd Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Herv=C3=A9=20Werner?= +From: =?utf-8?q?Herv=C3=A9_Werner?= Date: Mon, 28 Jan 2019 17:24:23 +0100 Subject: Fix setup on Secure Boot systems where cryptodisk is in use @@ -19,10 +18,10 @@ Patch-Name: uefi-secure-boot-cryptomount.patch 1 file changed, 17 insertions(+) diff --git a/util/grub-install.c b/util/grub-install.c -index 5f3217ae4..6462d3c70 100644 +index 0304646..4bad8de 100644 --- a/util/grub-install.c +++ b/util/grub-install.c -@@ -1521,6 +1521,23 @@ main (int argc, char *argv[]) +@@ -1546,6 +1546,23 @@ main (int argc, char *argv[]) || uefi_secure_boot) { char *uuid = NULL; diff --git a/debian/patches/vsnprintf-upper-case-hex.patch b/debian/patches/vsnprintf-upper-case-hex.patch index 110a33b7f..b220601eb 100644 --- a/debian/patches/vsnprintf-upper-case-hex.patch +++ b/debian/patches/vsnprintf-upper-case-hex.patch @@ -1,4 +1,3 @@ -From 05693dd0f57cbe73bc5c05e87425804f24a94c3c Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 11 Mar 2019 11:15:12 +0000 Subject: Add %X to grub_vsnprintf_real and friends @@ -18,7 +17,7 @@ Patch-Name: vsnprintf-upper-case-hex.patch 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c -index 3b633d51f..18cad5803 100644 +index 3b633d5..18cad58 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -588,7 +588,7 @@ grub_divmod64 (grub_uint64_t n, grub_uint64_t d, grub_uint64_t *r) diff --git a/debian/patches/vt-handoff.patch b/debian/patches/vt-handoff.patch index 261355c0d..3975c9100 100644 --- a/debian/patches/vt-handoff.patch +++ b/debian/patches/vt-handoff.patch @@ -1,4 +1,3 @@ -From 251da10a71401aeafb6878918129dafaa430c877 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:30 +0000 Subject: Add configure option to use vt.handoff=7 @@ -13,12 +12,13 @@ Last-Update: 2013-12-25 Patch-Name: vt-handoff.patch --- - configure.ac | 11 +++++++++++ - util/grub.d/10_linux.in | 28 +++++++++++++++++++++++++++- - 2 files changed, 38 insertions(+), 1 deletion(-) + configure.ac | 11 +++++++++++ + util/grub.d/10_linux.in | 28 +++++++++++++++++++++++++++- + util/grub.d/10_linux_zfs.in | 28 +++++++++++++++++++++++++++- + 3 files changed, 65 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac -index dbc429ce0..e382c7480 100644 +index dbc429c..e382c74 100644 --- a/configure.ac +++ b/configure.ac @@ -1890,6 +1890,17 @@ else @@ -40,7 +40,7 @@ index dbc429ce0..e382c7480 100644 AC_SUBST([FONT_SOURCE]) diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in -index 2f5217358..174d547bb 100644 +index 09393c2..cc2dd85 100644 --- a/util/grub.d/10_linux.in +++ b/util/grub.d/10_linux.in @@ -24,6 +24,7 @@ ubuntu_recovery="@UBUNTU_RECOVERY@" @@ -51,7 +51,7 @@ index 2f5217358..174d547bb 100644 . "$pkgdatadir/grub-mkconfig_lib" -@@ -104,6 +105,14 @@ if [ "$ubuntu_recovery" = 1 ]; then +@@ -108,6 +109,14 @@ if [ "$ubuntu_recovery" = 1 ]; then GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY nomodeset" fi @@ -66,7 +66,7 @@ index 2f5217358..174d547bb 100644 linux_entry () { os="$1" -@@ -149,7 +158,7 @@ linux_entry () +@@ -153,7 +162,7 @@ linux_entry () fi if ([ "$ubuntu_recovery" = 0 ] || [ x$type != xrecovery ]) && \ ([ "x$GRUB_GFXPAYLOAD_LINUX" != x ] || [ "$gfxpayload_dynamic" = 1 ]); then @@ -75,7 +75,7 @@ index 2f5217358..174d547bb 100644 fi echo " insmod gzio" | sed "s/^/$submenu_indentation/" -@@ -228,6 +237,23 @@ prepare_root_cache= +@@ -232,6 +241,23 @@ prepare_root_cache= boot_device_id= title_correction_code= @@ -99,3 +99,63 @@ index 2f5217358..174d547bb 100644 # Use ELILO's generic "efifb" when it's known to be available. # FIXME: We need an interface to select vesafb in case efifb can't be used. if [ "x$GRUB_GFXPAYLOAD_LINUX" != x ] || [ "$gfxpayload_dynamic" = 0 ]; then +diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in +index 8cd7d12..48a4e68 100755 +--- a/util/grub.d/10_linux_zfs.in ++++ b/util/grub.d/10_linux_zfs.in +@@ -23,6 +23,7 @@ ubuntu_recovery="@UBUNTU_RECOVERY@" + quiet_boot="@QUIET_BOOT@" + quick_boot="@QUICK_BOOT@" + gfxpayload_dynamic="@GFXPAYLOAD_DYNAMIC@" ++vt_handoff="@VT_HANDOFF@" + + . "${pkgdatadir}/grub-mkconfig_lib" + +@@ -721,6 +722,23 @@ generate_grub_menu_metadata() { + # Note: + # If 10_linux runs these part will be defined twice in grub configuration + print_menu_prologue() { ++ cat << 'EOF' ++function gfxmode { ++ set gfxpayload="${1}" ++EOF ++ if [ "${vt_handoff}" = 1 ]; then ++ cat << 'EOF' ++ if [ "${1}" = "keep" ]; then ++ set vt_handoff=vt.handoff=1 ++ else ++ set vt_handoff= ++ fi ++EOF ++ fi ++ cat << EOF ++} ++EOF ++ + # Use ELILO's generic "efifb" when it's known to be available. + # FIXME: We need an interface to select vesafb in case efifb can't be used. + GRUB_GFXPAYLOAD_LINUX="${GRUB_GFXPAYLOAD_LINUX:-}" +@@ -816,7 +834,7 @@ zfs_linux_entry () { + + if ([ "${ubuntu_recovery}" = 0 ] || [ "${type}" != "recovery" ]) && \ + ([ "${GRUB_GFXPAYLOAD_LINUX}" != "" ] || [ "${gfxpayload_dynamic}" = 1 ]); then +- echo "${submenu_indentation} set gfxpayload=\${linux_gfx_mode}" ++ echo "${submenu_indentation} gfxmode \${linux_gfx_mode}" + fi + + echo "${submenu_indentation} insmod gzio" +@@ -879,6 +897,14 @@ generate_grub_menu() { + GRUB_CMDLINE_LINUX_RECOVERY="${GRUB_CMDLINE_LINUX_RECOVERY} nomodeset" + fi + ++ if [ "${vt_handoff}" = 1 ]; then ++ for word in ${GRUB_CMDLINE_LINUX_DEFAULT}; do ++ if [ "${word}" = splash ]; then ++ GRUB_CMDLINE_LINUX_DEFAULT="${GRUB_CMDLINE_LINUX_DEFAULT} \${vt_handoff}" ++ fi ++ done ++ fi ++ + print_menu_prologue + + # IFS is set to TAB (ASCII 0x09) diff --git a/debian/patches/wubi-no-windows.patch b/debian/patches/wubi-no-windows.patch index 4dac30406..04e106977 100644 --- a/debian/patches/wubi-no-windows.patch +++ b/debian/patches/wubi-no-windows.patch @@ -1,4 +1,3 @@ -From 0f891b4202c126eb09f5e282e5fa0a7baddb5920 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:24 +0000 Subject: Skip Windows os-prober entries on Wubi systems @@ -19,7 +18,7 @@ Patch-Name: wubi-no-windows.patch 1 file changed, 19 insertions(+) diff --git a/util/grub.d/30_os-prober.in b/util/grub.d/30_os-prober.in -index b7e1147c4..271044f59 100644 +index b7e1147..271044f 100644 --- a/util/grub.d/30_os-prober.in +++ b/util/grub.d/30_os-prober.in @@ -110,6 +110,8 @@ EOF diff --git a/debian/patches/zpool-full-device-name.patch b/debian/patches/zpool-full-device-name.patch index 252e4af11..d4889afb6 100644 --- a/debian/patches/zpool-full-device-name.patch +++ b/debian/patches/zpool-full-device-name.patch @@ -1,4 +1,3 @@ -From fa417ef7d1ce02d15b36a435708f5dff8fdfd557 Mon Sep 17 00:00:00 2001 From: Chad MILLER Date: Thu, 27 Oct 2016 17:15:07 -0400 Subject: Tell zpool to emit full device names @@ -20,7 +19,7 @@ Patch-Name: zpool-full-device-name.patch 1 file changed, 1 insertion(+) diff --git a/grub-core/osdep/unix/getroot.c b/grub-core/osdep/unix/getroot.c -index 46d7116c6..da102918d 100644 +index 46d7116..da10291 100644 --- a/grub-core/osdep/unix/getroot.c +++ b/grub-core/osdep/unix/getroot.c @@ -243,6 +243,7 @@ grub_util_find_root_devices_from_poolname (char *poolname) diff --git a/debian/po/ar.po b/debian/po/ar.po index c18f2783b..4e88f4fac 100644 --- a/debian/po/ar.po +++ b/debian/po/ar.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: grub.ar\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2010-07-16 02:38+0300\n" "Last-Translator: Ossama M. Khayat \n" "Language-Team: Arabic \n" @@ -80,6 +80,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 #, fuzzy #| msgid "GRUB failed to install to the following devices:" msgid "GRUB install devices:" @@ -95,7 +96,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -126,7 +127,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -155,7 +156,7 @@ msgstr "${DEVICE} (${SIZE} م.ب.، ${MODEL})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "" @@ -164,12 +165,13 @@ msgstr "" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "تعذر تثبيت GRUB على الأجهزة التالية:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -199,7 +201,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "تريد الاستمرار دون تثبيت GRUB؟" @@ -227,7 +229,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 #, fuzzy #| msgid "" #| "If you are already running a different boot loader and want to carry on " @@ -346,7 +348,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -354,12 +356,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -379,15 +381,59 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect #. Description #: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} م.ب.، ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when your computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"اخترت عدم تثبيت GRUB على أية جهاز. إن استمريت، فقد لا يتم تهيئة محمّل الإقلاع " +"بشكل صحيح، كما يستخدم حاسبك أي نظام موجود على قطاع الإقلاع مسبقاً. إن كان " +"هناك نسخة سابقة من GRUB 2 في قطاع الإقلاع، فقد لا يستطيع تحميل الوحدات أو " +"قراءة ملف التهيئة الحالي بشكل صحيح." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "سطر أوامر KFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 #, fuzzy #| msgid "" #| "The following kFreeBSD command line was extracted from /etc/default/grub " @@ -404,13 +450,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "سطر أوامر KFreeBSD الافتراضي:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -418,6 +464,41 @@ msgstr "" "سيتم استخدام النص التالي كمُعطى KFreeBSD لمُدخل القائمة\n" "الافتراضي ولكن ليس لوضع الإنقاذ." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "تم إعادة إنشاء /boot/grub/device.map" diff --git a/debian/po/ast.po b/debian/po/ast.po index a81989c5b..6917c4926 100644 --- a/debian/po/ast.po +++ b/debian/po/ast.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2012-01-27 11:10+0100\n" "Last-Translator: Mikel González \n" "Language-Team: Asturian \n" @@ -71,6 +71,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB falló al instalar nos siguientes preseos:" @@ -86,7 +87,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -126,7 +127,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -157,7 +158,7 @@ msgstr "${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Fallu al escribir GRUB al preséu d'arranque - ¿siguir?" @@ -166,12 +167,13 @@ msgstr "Fallu al escribir GRUB al preséu d'arranque - ¿siguir?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Falló GRUB al instalar nos siguientes preseos:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -198,7 +200,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "¿Siguir ensin instalar GRUB?" @@ -220,7 +222,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -333,7 +335,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -341,12 +343,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -366,15 +368,67 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Anovóse'l paquete grup-pc. Esti menú val pa esbillar en que preseos quie " +"que'l grub-install s'execute automáticamente, si hai dalgún." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Escoyistes nun instalar GRUB en dengún preséu. De siguir, el xestor " +"d'arranque podría nun tar configuráu dafechu, y nel siguiente aniciu del " +"ordenador usarás lo que teníes previamente nel sector d'arranque. Si hai un " +"versión anterior de GRUB 2 nel sector d'arranque, podría ser capaz de cargar " +"módulos o remanar el ficheru de configuración actual." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Linia comandos kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -386,13 +440,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Llínia comandos por defeutu kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -400,6 +454,41 @@ msgstr "" "La siguiente cadena será usada cómo parametros kFreeBSD pa la entrada del " "menú por defeutu, pero non pal mou recuperación." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map foi xeneráu" diff --git a/debian/po/be.po b/debian/po/be.po index 2de12b53b..6d97c20b5 100644 --- a/debian/po/be.po +++ b/debian/po/be.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: be\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-23 11:22+0300\n" "Last-Translator: Viktar Siarheichyk \n" "Language-Team: Debian l10n team for Belarusian \n" "Language-Team: Български \n" @@ -70,6 +70,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Инсталиране на GRUB на следните устройства:" @@ -85,7 +86,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -125,7 +126,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -156,7 +157,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "" "Записването на GRUB върху устройството за начално зареждане не успя. " @@ -167,12 +168,13 @@ msgstr "" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Опитът за инсталиране на GRUB на следните устройства беше неуспешен:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -202,7 +204,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Продължаване без инсталиране на GRUB?" @@ -225,7 +227,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -337,21 +339,32 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" "Допълнително инсталиране в резервния път на EFI за преносими устройства?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Някои базирани на EFI системи съдържат грешки и не работят добре с добавени " "програми за начално зареждане (като GRUB). Допълнителното инсталиране на " @@ -382,15 +395,68 @@ msgstr "" "например връзка с PXE сървър при начално зареждане може да предпочетете да " "не се правят промени." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Пакетът grub-pc се обновява. Това меню позволява избиране за кои устройства " +"(и дали изобщо) да се изпълни командата grub-install." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Избрано е GRUB да не се инсталира на никакви устройства. Ако продължите, " +"програмата за начално зареждане може да не е настроена правилно и при " +"следващото стартиране на компютъра ще се използва предишното съдържание на " +"сектора за начално зареждане. Ако в него има предишна инсталация на GRUB 2 е " +"възможно тя да не успее да използва обновените модули или конфигурационния " +"файл." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Команден ред за kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -402,13 +468,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Параметри на Линукс по подразбиране:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -416,6 +482,41 @@ msgstr "" "Следните параметри ще бъдат използвани по подразбиране при зареждане на " "kFreeBSD, освен в авариен режим." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map е създаден наново" diff --git a/debian/po/ca.po b/debian/po/ca.po index 5b6f0b086..a2a091583 100644 --- a/debian/po/ca.po +++ b/debian/po/ca.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2 2.02~beta3-4\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-23 17:31+0100\n" "Last-Translator: Innocent De Marchi \n" "Language-Team: Catalan \n" @@ -74,6 +74,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Dispositius d'instaŀlació del GRUB:" @@ -90,7 +91,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -131,7 +132,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -162,7 +163,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Ha fallat l'escriptura del GRUB al dispositiu. Voleu continuar?" @@ -171,12 +172,13 @@ msgstr "Ha fallat l'escriptura del GRUB al dispositiu. Voleu continuar?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "El GRUB no s'ha pogut instaŀlar als dispositius següents:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -205,7 +207,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Voleu continuar sense instaŀlar el GRUB?" @@ -228,7 +230,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -341,21 +343,32 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" "Forçar la instal·lació addicional de EFI per la ruta a mitjans extraïbles?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Alguns sistemes basats en EFI tenen errors i no gestionen correctament els " "nous carregadors d'arrencada. Si forçau la instal·lació del GRUB en mitjans " @@ -388,15 +401,69 @@ msgstr "" "manera que el vostre sistema connecta amb un servidor PXE cada vegada que " "arranca, això hauria de conservar aquest comportament." -#. Type: string +#. Type: multiselect #. Description #: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"S'està actualitzant el paquet grub-pc. Aquest menú us permet seleccionar " +"sobre quins dispositius voleu que s'execute el grub-install automàticament, " +"en cas de voler-ho." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Heu triat no instaŀlar el GRUB en cap dispositiu. Si continueu, és possible " +"que el carregador no estiga configurat correctament, i quan s'arrenque " +"l'ordinador la pròxima vegada, emprarà allò que estigués al sector " +"d'arrencada. Si hi ha una versió anterior del GRUB2 al sector d'arrencada, " +"és possible que no puga carregar mòduls o gestionar el fitxer de " +"configuració actual." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Línia d'ordres de kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -409,13 +476,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Línia d'ordres de kFreeBSD per defecte:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -423,6 +490,41 @@ msgstr "" "La cadena següent serà emprada com a paràmetres del kFreeBSD per al menú " "d'entrada per defecte però no per al mode de recuperació." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "S'ha regenerat el fitxer «/boot/grub/device.map»" diff --git a/debian/po/cs.po b/debian/po/cs.po index 1c4d6036a..c00a22791 100644 --- a/debian/po/cs.po +++ b/debian/po/cs.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-22 11:18+0100\n" "Last-Translator: Miroslav Kure \n" "Language-Team: Czech \n" @@ -70,6 +70,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Zařízení pro instalaci GRUBu:" @@ -85,7 +86,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -124,7 +125,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -155,7 +156,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Zápis GRUBu na zaváděcí zařízení selhal - pokračovat?" @@ -164,12 +165,13 @@ msgstr "Zápis GRUBu na zaváděcí zařízení selhal - pokračovat?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB se nepodařilo nainstalovat na následující zařízení:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -197,7 +199,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Pokračovat bez instalace GRUBu?" @@ -219,7 +221,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -330,20 +332,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Vynutit další instalaci do EFI cesty pro výměnná média?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Některé systémy používající EFI obsahují chyby a neumí správně pracovat s " "novými zavaděči. Vynutíte-li další instalaci GRUBu do EFI cesty pro výměnná, " @@ -375,15 +388,67 @@ msgstr "" "máte NVRAM proměnné nastavené tak, aby při každém zavádění kontaktovaly PXE " "server." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Balík grub-pc se právě aktualizuje. Tato nabídka vám umožňuje zvolit " +"zařízení, na kterých se má automaticky spouštět grub-install." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Rozhodli jste se neinstalovat GRUB na žádné zařízení. Budete-li pokračovat, " +"zavaděč nemusí být nastaven správně a při příštím spuštění počítače se " +"použije cokoliv, co bylo dříve v zaváděcím sektoru. Pokud tam je dřívější " +"verze GRUBu 2, nemusí se jí podařit načíst moduly, nebo zpracovat současný " +"konfigurační soubor." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Parametry pro kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -396,13 +461,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Výchozí parametry pro kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -410,6 +475,41 @@ msgstr "" "Následující parametry pro kFreeBSD se použijí pro výchozí položku menu, ale " "ne pro záchranný režim." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map byl aktualizován" diff --git a/debian/po/cy.po b/debian/po/cy.po index 722679ba2..544639a1c 100644 --- a/debian/po/cy.po +++ b/debian/po/cy.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2012-06-16 22:25-0000\n" "Last-Translator: Dafydd Tomos \n" "Language-Team: Welsh\n" @@ -74,6 +74,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Dyfeisiau sefydlu GRUB:" @@ -90,7 +91,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -130,7 +131,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -161,7 +162,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Methwyd ysgrifennu GRUB i'r ddyfais ymgychwyn - parhau?" @@ -170,12 +171,13 @@ msgstr "Methwyd ysgrifennu GRUB i'r ddyfais ymgychwyn - parhau?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Methwyd sefydlu GRUB i'r dyfeisiau canlynol:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -203,7 +205,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Parhau heb sefydlu GRUB?" @@ -226,7 +228,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -340,7 +342,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -348,12 +350,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -373,15 +375,69 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect #. Description #: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Mae'r pecyn grub-bc yn cael ei uwchraddio. Mae'r fwydlen yma yn eich " +"caniatáu i ddewis pa ddyfeisiau yr hoffech redeg grub-install arno, os o " +"gwbl." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Fe ddewisoch i beidio sefydlu GRUB i unrhyw ddyfeisiau. Os ydych yn parhau, " +"mae'n bosib na fydd y llwythwr ymgychwyn wedi ei gyflunio'n gywir, a'r tro " +"nesa fydd y cyfrifiadur hwn yn dechrau mi fydd yn defnyddio beth bynnag oedd " +"yn y sector ymgychwyn o'r blaen. Os oes fersiwn cynharach o GRUB 2 yn y " +"sector ymgychwyn, mae'n bosib na fydd yn gallu llwytho modiwlau na deall y " +"ffeil gyfluniad presennol." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Llinell orchymyn kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -393,13 +449,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Llinell orchymyn ddiofyn kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -407,6 +463,41 @@ msgstr "" "Defnyddir y llinyn canlynol fel paramedrau kFreeBSD ar gyfer y cofnod " "bwydlen diofyn ond ddim ar gyfer y modd achub." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "Mae'r ffeil /boot/grub/device.map wedi ei ail-greu" diff --git a/debian/po/da.po b/debian/po/da.po index 871b4a16b..ddc3c299b 100644 --- a/debian/po/da.po +++ b/debian/po/da.po @@ -20,7 +20,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-23 11:30+01:00\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" @@ -83,6 +83,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUBs installationsenheder:" @@ -98,7 +99,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -138,7 +139,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -169,7 +170,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Skrivning af GRUB til opstartsenhed fejlede - vil du fortsætte?" @@ -178,12 +179,13 @@ msgstr "Skrivning af GRUB til opstartsenhed fejlede - vil du fortsætte?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Kunne ikke installere GRUB på de følgende enheder:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -211,7 +213,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Fortsæt uden at installere GRUB?" @@ -234,7 +236,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -347,20 +349,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Fremtving ekstra installation til den flytbare mediesti for EFI?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Nogle EFI-baserede systemer er fejlramte og håndterer ikke nye " "opstartsindlæsere korrekt. Hvis du fremtvinger en ekstra installation af " @@ -393,15 +406,68 @@ msgstr "" "variabler er blevet sat sådan op, at dit system kontakter en PXE-server ved " "hver opstart, vil dette bevare denne opførsel." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Pakken grub-pc bliver opgraderet. Denne menu tillader dig at vælge, hvilke " +"enheder om nogen, du vil have at grub-install automatisk skal køres for." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Du har valgt ikke at installere GRUB på nogen enhed. Hvis du fortsætter, vil " +"opstarteren (boot loader) måske ikke være korrekt konfigureret, og når din " +"computer starter op næste gang, vil den bruge det tidligere indhold i din " +"opstartssektor (boot sector). Hvis der er en tidligere version af GRUB 2 i " +"opstartsektoren, vil den måske ikke være i stand til at indlæse moduler " +"eller håndtere den aktuelle konfigurationsfil." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Kommandolinje for kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -413,13 +479,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Standardkommandolinje i kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -427,6 +493,41 @@ msgstr "" "Den følgende streng vil blive brugt som kFreeBSD-parametre for " "standardmenupunktet men ikke for gendannelsestilstanden." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map er blevet gendannet" diff --git a/debian/po/de.po b/debian/po/de.po index 6ab3ce889..cd83bb47e 100644 --- a/debian/po/de.po +++ b/debian/po/de.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: 2.02~beta3-4\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2019-01-31 18:13+0100\n" "Last-Translator: Helge Kreutzmann \n" "Language-Team: German \n" @@ -73,6 +73,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Geräte für die GRUB-Installation:" @@ -89,7 +90,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -129,7 +130,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -161,7 +162,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "GRUB konnte nicht auf das Boot-Gerät geschrieben werden - fortfahren?" @@ -170,12 +171,13 @@ msgstr "GRUB konnte nicht auf das Boot-Gerät geschrieben werden - fortfahren?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB konnte nicht auf den folgenden Geräten installiert werden:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -205,7 +207,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Fortsetzen, ohne Grub zu installieren?" @@ -230,7 +232,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -346,20 +348,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Zusätzliche Installation in den Pfad für EFI-Wechselmedien erzwingen?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Einige EFI-basierte Systeme haben einen Fehler und handhaben neue Bootloader " "nicht korrekt. Falls Sie eine zusätzliche Installation von GRUB in den Pfad " @@ -394,15 +407,71 @@ msgstr "" "einem PXE-Server Kontakt aufnimmt, dann würde dies dieses Verhalten " "beibehalten." -#. Type: string +#. Type: multiselect #. Description #: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Für das Paket grub-pc wird gerade ein Upgrade durchgeführt. In diesem Menü " +"können Sie auswählen, ob und für welche Geräte grub-install automatisch " +"ausgeführt werden soll." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +# (mes) Seht Ihr einen Unterschied zwischen der alten und der neuen Version? +# Ich habe jetzt nur das fuzzy rausgenommen. +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Sie haben sich entschieden, GRUB auf kein Gerät zu installieren. Wenn Sie " +"fortfahren, könnte der Boot-Loader nicht richtig konfiguriert sein. Beim " +"nächsten Hochfahren dieses Computers wird der Boot-Loader benutzen, was " +"immer sich vorher im Boot-Sektor befand. Wenn sich schon eine ältere Version " +"von GRUB 2 im Boot-Sektor befindet, kann sie möglicherweise keine Module " +"laden oder nicht mehr mit der aktuellen Konfigurationsdatei umgehen." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Befehlszeile für kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -415,13 +484,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Standard-Befehlszeile für kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -429,6 +498,41 @@ msgstr "" "Die folgende Zeichenkette wird als kFreeBSD-Parameter für den " "Standardmenüeintrag, nicht aber für den Rettungsmodus verwandt." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map wurde neu erstellt." diff --git a/debian/po/dz.po b/debian/po/dz.po index 2db7cc9e5..afedbe96e 100644 --- a/debian/po/dz.po +++ b/debian/po/dz.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2001-12-31 19:57-0500\n" "Last-Translator: Dawa \n" "Language-Team: Dzongkha \n" @@ -70,6 +70,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB གཞི་བཙུགས་ ཐབས་འཕྲུལ་ཚུ :" @@ -85,7 +86,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -123,7 +124,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -154,7 +155,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr " GRUB བུཊི་ ཐབས་འཕྲུལ་ལུ་འབྲི་ནི་ འཐུས་ཤོར་འབྱུང་ཡོདཔ - འཕྲོ་མཐུད་དེ་འབད་ནི་ཨིན་ན?" @@ -163,12 +164,13 @@ msgstr " GRUB བུཊི་ ཐབས་འཕྲུལ་ལུ་འབྲ #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB འདི་ འོག་གི་ཐབས་འཕྲུལ་ཚུ་ནང་གཞི་བཙུགས་འབད་མ་ཚུགས་པས:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -196,7 +198,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "GRUB གཞི་བཙུགས་མ་འབད་བར་འཕྲོ་མཐུད་ནི་ཨིན་ན?" @@ -218,7 +220,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -327,7 +329,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -335,12 +337,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -360,15 +362,67 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"grub-pc ཐུམ་སྒྲིལ་འདི་ ཡར་བསྐྱེད་འབད་ཡོདཔ། དཀར་ཆག་འདི་གིས་ རང་བཞིན་ གཡོག་བཀོལ་ grub-གཞི་" +"བཙུགས་ གང་རུང་ཡོད་པ་ཅིན་ ཐབས་འཕྲུལ་ སེལ་འཐུ་འབད་བཅུགཔ་ཨིན།" + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"ཁྱོད་ཀྱིས་ ཐབས་འཕྲུལ་གང་རུང་ནང་ GRUB གཞི་བཙུགས་མ་འབད་ནི་སྦེ་གདམ་ཁ་བརྐྱབས་ནུག འཕྲོ་མཐུད་དེ་འབད་བ་" +"ཅིན་ བུཊི་མངོན་གསལ་པ་འདི་ ལེགས་ཤོམ་སྦེ་རིམ་སྒྲིག་མི་འབདཝ་་འོང་། དེ་ལས་ ཁྱོད་ཀྱི་གློག་རིག་འདི་ཤུལ་ལས་" +"འགོ་བཙུགསཔ་ད་ ཧེ་མ་ལས་བུཊི་ས་ཁོངས་ག་ཅི་ཡོད་རུང་ ལག་ལེན་འཐབ་འོང་། གལ་སྲིད་ བུཊི་ས་ཁོངས་ ནང་ ཧེ་" +"མའི་ཐོན་རིམ་ GRUB ༢ འདི་ཡོད་པ་ཅིན་ མོ་ཌུལ་འདི་མངོན་གསལའབད་མི་ཚུགས་ནི་ ཡང་ན་ ད་ལྟོའི་རིམ་སྒྲིག་ཡིག་" +"སྣོད་འདི་ལེགས་སྐྱོང་འཐབ་མི་ཚུགསཔ་འོང་།" + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD བརྡ་བཀོད་གྲལ་ཐིག་:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -380,13 +434,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD སྔོན་སྒྲིག་བརྡ་བཀོད་གྲལ་ཐིག་:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -394,6 +448,41 @@ msgstr "" "འོག་གི་ཡིག་རྒྱུན་ཚུ་ སྔོན་སྒྲིག་དཀར་ཆག་ཐོ་བཀོད་ཀྱི་དོན་ལུ་ kFreeBSD སྦེ་ལག་ལེན་འཐབ་འོང་ དེ་འབདཝད་ " "སླར་གསོ་ཐབས་ལམ་གྱི་དོན་ལུ་ལག་ལེན་མི་འཐབ།" +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map འདི་ ལོག་བཟོ་ཡོདཔ།" diff --git a/debian/po/el.po b/debian/po/el.po index 73182c99f..15d0d7862 100644 --- a/debian/po/el.po +++ b/debian/po/el.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2012-08-17 14:44+0300\n" "Last-Translator: pankgeorg\n" "Language-Team: Greek \n" @@ -75,6 +75,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Συσκευές εγκατάστασης του GRUB:" @@ -91,7 +92,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -133,7 +134,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -165,7 +166,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Η εγκατάσταση του GRUB στην συσκευή εκκίνησης απέτυχε - Συνέχεια;" @@ -174,12 +175,13 @@ msgstr "Η εγκατάσταση του GRUB στην συσκευή εκκίν #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Η εγκατάσταση του GRUB απέτυχε στις ακόλουθες συσκευές:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -208,7 +210,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Συνέχεια χωρίς εγκατάσταση του GRUB;" @@ -231,7 +233,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -349,20 +351,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Να γίνει εξαναγκασμένη εγκατάσταση στην αποσπώμενη EFI συσκευή;" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Μερικά συστήματα που βασίζουνται στο EFI είναι ελλειπώς ανεπτυγμένα και δεν " "διαχειρίζονται τα νέα προγράμματα εκκίνησης σωστά. Αν εξαναγκάσετε το " @@ -390,15 +403,69 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect #. Description #: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Γίνεται αναβάθμιση του πακέτου grub-pc. Αυτό το μενού σας επιτρέπει να " +"επιλέξετε τις συσκευές, αν θέλετε κάποιες, για τις οποίες θα εκτελεστεί " +"αυτόματα το grub-install." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Επιλέξατε να μην εγκαταστήσετε το GRUB σε οποιαδήποτε συσκευή. Αν " +"συνεχίσετε, το πρόγραμμα εκκίνησης πιθανόν να μην έχει ρυθμιστεί σωστά και " +"στην επανεκκίνηση του υπολογιστή σας θα χρησιμοποιήσει οτιδήποτε υπήρχε από " +"πριν στον τομέα εκκίνησης. Αν υπάρχει μια προηγούμενη έκδοση του GRUB 2 στον " +"τομέα εκκίνησης, πιθανόν να μην μπορεί να φορτώσει κάποιες ενότητες αλλά " +"ούτενα χειριστεί το τρέχον αρχείο ρυθμίσεων." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Γραμμή εντολών kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -411,13 +478,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Προκαθορισμένη γραμμή εντολών kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -426,6 +493,41 @@ msgstr "" "προκαθορισμένη είσοδο του μενού εκκίνησης αλλά όχι για την κατάσταση " "διάσωσης (recovery mode)." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "Το αρχείο /boot/grub/device.map έχει αναδημιουργηθεί" diff --git a/debian/po/eo.po b/debian/po/eo.po index 30d0e05d3..5e19611b7 100644 --- a/debian/po/eo.po +++ b/debian/po/eo.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2 2.02-18\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-23 10:57-0300\n" "Last-Translator: Felipe Castro \n" "Language-Team: Esperanto \n" @@ -72,6 +72,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Aparatoj instalataj de GRUB:" @@ -87,7 +88,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -126,7 +127,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -156,7 +157,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Skribado de GRUB al ekŝarga aparato malsukcesis - ĉu daŭrigi?" @@ -165,12 +166,13 @@ msgstr "Skribado de GRUB al ekŝarga aparato malsukcesis - ĉu daŭrigi?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB malsukcesis instali al la jenaj aparatoj:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -197,7 +199,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Ĉu daŭrigi sen instali GRUB?" @@ -219,7 +221,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -331,20 +333,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Ĉu perforti kroma instalo al la vojo de demetebla datumportilo EFI?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Kelkaj sistemoj surbazitaj je EFI estas problemplenaj kaj ne traktas ĝuste " "novajn ekŝargilojn. Se vi perfortos kroman instalon de GRUB al la vojo de " @@ -376,15 +389,67 @@ msgstr "" "NVRAM estis agordita por ke via sistemo kontaktu servilon PXE ĉe ĉiu " "ekŝargo, ne ŝanĝu ilin por teni la konduton. " -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"La pako grub-pc estas ĝisdatigata. Tiu ĉi menuo ebligas al vi elekti iujn " +"ajn aparatojn por esti aŭtomate instalotaj de grub-install." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Vi elektis ne instali GRUB al iu ajn aparato. Se vi daŭrigas, la ekŝargilo " +"eble ne estos ĝuste agordita, kaj kiam tiu ĉi komputilo sekve ekŝaltos, ĝi " +"uzos kion ajn estu antaŭe en la ekŝarga sektoro. Se ekzistas pli frua versio " +"de GRUB 2 en la ekŝarga sektoro, ĝi eble ne povos ŝargi je moduloj aŭ trakti " +"la nunan agordo-dosieron." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Ordon-linio de kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -397,13 +462,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Implicita komand-linio de kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -411,6 +476,41 @@ msgstr "" "La jena ĉeno estos uzata kiel parametrojn de kFreeBSD por la ordinara " "menuero sed ne por la restariga reĝimo." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map estas regenerita" diff --git a/debian/po/es.po b/debian/po/es.po index 27fd8b5af..3b5bcc73b 100644 --- a/debian/po/es.po +++ b/debian/po/es.po @@ -36,7 +36,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2 1.99-5\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-28 17:07+0100\n" "Last-Translator: Manuel \"Venturi\" Porras Peralta \n" @@ -104,6 +104,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Dispositivos donde puede instalar GRUB:" @@ -119,7 +120,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -159,7 +160,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -190,7 +191,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "" "La instalación de GRUB en el dispositivo de inicio ha fallado, ¿desea " @@ -201,12 +202,13 @@ msgstr "" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "No se pudo instalar GRUB en los siguientes dispositivos:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -236,7 +238,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "¿Desea continuar sin instalar GRUB?" @@ -259,7 +261,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -373,20 +375,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "¿Desea forzar la instalación extra a la ruta del medio extraíble EFI?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Algunos sistemas basados en EFI son defectuosos y no manejan los nuevos " "cargadores de inicio correctamente. Si fuerza la instalación extra de GRUB " @@ -422,15 +435,68 @@ msgstr "" "configurado de forma que su sistema contacta con un servidor PXE en cada " "arranque, esto conservaría ese comportamiento." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Se está actualizando el paquete grub-pc. Si lo desea, este menú le permite " +"escoger en qué dispositivos quiere ejecutar automáticamente grub-install." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Ha escogido no instalar GRUB en ningún dispositivo. Si continúa, puede que " +"el cargador de inicio no se configure correctamente, y cuando este equipo se " +"vuelva a iniciar se utilizará lo que hubiera anteriormente en el sector de " +"inicio. Si hay una versión previa de GRUB 2 en el sector de inicio, puede " +"que sea imposible cargar los módulos o manejar el fichero de configuración " +"actual." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Línea de órdenes de kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -443,13 +509,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Línea de órdenes predeterminada de kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -457,6 +523,41 @@ msgstr "" "La siguiente cadena se utilizará como parámetros de kFreeBSD para la entrada " "predeterminada del menú pero no para el modo de recuperación." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "Se ha regenerado el fichero «/boot/grub/device.map»" diff --git a/debian/po/eu.po b/debian/po/eu.po index faaac0dda..04fe4d72e 100644 --- a/debian/po/eu.po +++ b/debian/po/eu.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2_2.02~beta2-18\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-20 15:48+0100\n" "Last-Translator: Iñaki Larrañaga Murgoitio \n" "Language-Team: Basque \n" @@ -74,6 +74,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB instalatzeko gailuak:" @@ -89,7 +90,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -129,7 +130,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -160,7 +161,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Huts egin du GRUB abioko gailuan idaztean - jarraitu?" @@ -169,12 +170,13 @@ msgstr "Huts egin du GRUB abioko gailuan idaztean - jarraitu?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUBek huts egin du honako gailuetan instalatzean:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -202,7 +204,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Jarraitu GRUB instalatu gabe?" @@ -224,7 +226,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -338,20 +340,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Behartu instalazio gehigarria EFI euskarri aldagarriaren bide-izenean?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "EFIn oinarritutako sistema batzuk akastunak dira, eta ez dituzte abioko " "kargatzaile berriak ongi kudeatzen. EFI euskarri aldagarriaren bide-izenean " @@ -383,15 +396,67 @@ msgstr "" "eko aldagaiak konfiguratu egin badira abio bakoitzean sistemak PXE " "zerbitzari batekin konektatzeko, honek portaera hori mantenduko luke." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"grub-pc paketea eguneratzen ari da. Menu honek zer gailuentzako automatikoki " +"grub-install exekutatzea nahi duzun hautatzea (hautatzen baduzu) uzten dizu." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"GRUB inolako gailuetan ez instalatzea aukeratu duzu. Jarraitzen baduzu, " +"baliteke abioko kargatzailea ongi konfiguratuta ez egotea, eta abioko " +"sektorean aurretik zegoena erabiliko da ordenagailua hurrengo batean " +"abiatzean. Abioko sektorean GRUB 2ren aurreko bertsio bat egonez gero, agian " +"ezin izango du moduluak kargatu edo uneko konfigurazioko fitxategia kudeatu." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "KFreeBSD-ko komando-lerroa:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -403,13 +468,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "KFreeBSD-ko komando-lerro lehenetsia:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -417,6 +482,41 @@ msgstr "" "Honako katea menuko sarrera lehenetsiaren KFreeBSD-ko parametro gisa " "erabiliko da, baina ez berreskuratzeko moduan." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map berriro sortu da" diff --git a/debian/po/fa.po b/debian/po/fa.po index 0e8174673..cdc1b6d8e 100644 --- a/debian/po/fa.po +++ b/debian/po/fa.po @@ -2,7 +2,7 @@ msgid "" msgstr "" "Project-Id-Version: fa\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: \n" "Last-Translator: Behrad Eslamifar \n" "Language-Team: debian-l10n-persian \n" @@ -67,6 +67,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "دستگاه‌های نصب گراب:" @@ -83,7 +84,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -122,7 +123,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -153,7 +154,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "نصب GRUB روی ابزار بوت با شکست مواجه شد - ادامه می‌دهید؟" @@ -162,12 +163,13 @@ msgstr "نصب GRUB روی ابزار بوت با شکست مواجه شد - ا #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB نتوانست که تجهیزات مورد نظر را نصب کند." #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -195,7 +197,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "آیا بدون نصب کردن GRUB ، ادامه می دهید ؟" @@ -217,7 +219,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -328,7 +330,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -336,12 +338,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -361,15 +363,68 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"بستهٔ grub-pc در حال ارتقاء است. این منو به شما اجازه می‌دهد که هر یک از " +"دستگاه‌ها را، در صورت وجود، که مایلید grub-install به صورت خودکار برایش اجرا " +"گردد را انتخاب کنید." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"شما نصب GRUB را برای هیچ ابزاری انتخاب نکرده‌اید. اگر ادامه دهید، ممکن است که " +"راه‌انداز به درستی تنظیم نشده باشد، و هنگام بالا آمدن بعدی این کامپیوتر، از " +"آن چه که قبلاً بر روی بوت سکتور بوده است استفاده می‌کند. اگر نسخهٔ قدیمی‌تری از " +"گراب۲ بر روی بوت سکتور وجود دارد، ممکن است که قادر نباشد ماژول‌ها را بارگذاری " +"کند و یا پیکربندی کنونی فایل را به کار بندد." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "خط فرمان kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -381,13 +436,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "خط فرمان پیش فرض kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -395,6 +450,41 @@ msgstr "" "این رشته به عنوان یکی از پارامتر های kFreeBSD برای منوی پیش فرض استفاده " "خواهد شد و نه برای حالت بازیابی." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map بازسازی شده است." diff --git a/debian/po/fi.po b/debian/po/fi.po index fd0df290e..248050783 100644 --- a/debian/po/fi.po +++ b/debian/po/fi.po @@ -4,7 +4,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2014-12-27 18:53+0200\n" "Last-Translator: Timo Jyrinki \n" "Language-Team: Finnish \n" @@ -71,6 +71,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Laitteet joille GRUB asennetaan:" @@ -86,7 +87,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -126,7 +127,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -157,7 +158,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "GRUBin kirjoittaminen käynnistyslaitteelle epäonnistui. Jatketaanko?" @@ -166,12 +167,13 @@ msgstr "GRUBin kirjoittaminen käynnistyslaitteelle epäonnistui. Jatketaanko?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUBia ei voitu asentaa seuraaville laitteille:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -201,7 +203,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Jatketaanko asentamatta GRUBia?" @@ -223,7 +225,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -336,20 +338,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Pakotetaanko lisäasennus irrotettavissa olevan median EFI-polkuun?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Jotkin EFI-järjestelmät sisältävät ohjelmavirheitä joidenka takia ne eivät " "käsittele alkulatausohjelmia oikein. Jos pakotat GRUB:n lisäasentamisen " @@ -377,15 +390,67 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"grub-pc-pakettia päivitetään. Tästä valikosta voit valita, mille laitteille " +"grub-install suoritetaan automaattisesti." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Päätit olla asentamatta GRUBia millekään laitteelle. Jos jatkat, " +"alkulatausohjelman asetukset saattavat olla väärät ja kun kone käynnistetään " +"uudelleen seuraavan kerran, se käyttää käynnistyslohkon aiempia asetuksia. " +"Jos käynnistyslohkossa on GRUB 2:n aiempi versio, se ei välttämättä pysty " +"lataamaan moduuleja tai käsittelemään nykyistä asetustiedostoa." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD:n komentorivi:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -398,13 +463,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD:n oletuskomentorivi:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -412,6 +477,41 @@ msgstr "" "Seuraavaa merkkijonoa käytetään kFreeBSD:n käynnistysvalikon oletusvalinnan " "parametreina, mutta ei toipumistilassa." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map on luotu uudelleen" diff --git a/debian/po/fr.po b/debian/po/fr.po index 2c59363fe..752ca87cb 100644 --- a/debian/po/fr.po +++ b/debian/po/fr.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: fr\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-22 15:53+0100\n" "Last-Translator: Baptiste Jammet \n" "Language-Team: French \n" @@ -74,6 +74,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Périphériques où installer GRUB :" @@ -90,7 +91,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -132,7 +133,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -164,7 +165,7 @@ msgstr "- ${DEVICE} (${SIZE} Mo; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "" "Échec de l'installation de GRUB sur le périphérique d'amorçage. Continuer ?" @@ -174,12 +175,13 @@ msgstr "" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB n'a pas pu être installé sur les périphériques suivants :" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -209,7 +211,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Faut-il poursuivre sans installer GRUB ?" @@ -232,7 +234,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -350,7 +352,9 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" "Faut-il forcer une installation supplémentaire sur le chemin des supports " "amovibles EFI ?" @@ -358,14 +362,23 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Certains systèmes EFI ne gèrent pas correctement les nouveaux chargeurs " "d'amorçage. Si vous forcez l'installation de GRUB sur le chemin des supports " @@ -400,15 +413,69 @@ msgstr "" "ont été configurées pour que le système se connecte à un serveur PXE à " "chaque démarrage, cela conserverait ce comportement." -#. Type: string +#. Type: multiselect #. Description #: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Le paquet grub-pc est en cours de mise à jour. Ce menu permet de choisir " +"pour quels périphériques vous souhaitez exécuter la commande grub-install " +"automatiquement." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} Mo; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Vous avez choisi de n'installer GRUB sur aucun périphérique. Si vous " +"poursuivez, il est possible que le programme de démarrage ne soit pas " +"configuré correctement et que la machine démarre avec ce qui était " +"précédemment installé sur le secteur d'amorçage. Si une ancienne version de " +"GRUB 2 s'y trouve, il est possible qu'elle ne puisse pas charger certains " +"modules ou lire le fichier de configuration actuel." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Ligne de commande de kFreeBSD :" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -421,13 +488,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Ligne de commande par défaut de kFreeBSD :" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -435,6 +502,41 @@ msgstr "" "Les paramètres indiqués seront utilisés pour le noyau kFreeBSD de l'entrée " "de menu par défaut mais pas pour le mode de secours." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "Recréation de /boot/grub/device.map" diff --git a/debian/po/gl.po b/debian/po/gl.po index 4f7ff77a2..dd7589082 100644 --- a/debian/po/gl.po +++ b/debian/po/gl.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2_1.98+20100804-2_gl\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2012-06-13 16:13+0200\n" "Last-Translator: Jorge Barreiro \n" "Language-Team: Galician \n" @@ -74,6 +74,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Dispositivos onde instalar GRUB:" @@ -90,7 +91,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -130,7 +131,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -161,7 +162,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "" "Produciuse un erro ao escribir GRUB no dispositivo de arranque. Quere " @@ -172,12 +173,13 @@ msgstr "" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Non se puido instalar GRUB nos seguintes dispositivos:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -207,7 +209,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Quere continuar sen instalar GRUB?" @@ -229,7 +231,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -343,7 +345,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -351,12 +353,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -376,15 +378,68 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"O paquete «grub-pc» estase actualizando. Este menú permítelle escoller os " +"dispositivos onde queira que se execute «grub-install» automaticamente, se " +"quere facelo en algún." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Escolleu non instalar GRUB en ningún dispositivo. De continuar,pode que o " +"cargador de arranque non quede adecuadamente configurado, e a próxima vez " +"que arranque o sistema usarase o que houbese antes no sector de arranque. Se " +"nel hai unha versión antiga de GRUB 2 pode que esta sexa incapaz de cargar " +"os módulos ou de manexar o ficheiro de configuración actual." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Liña de comando de kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -397,13 +452,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Liña de comando por defecto para kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -411,6 +466,41 @@ msgstr "" "A seguinte cadea usarase como parámetros para kFreeBSD para a entrada por " "defecto do menú, pero non para o modo de recuperación." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map foi rexenerado." diff --git a/debian/po/gu.po b/debian/po/gu.po index 6978d630f..036e84b4b 100644 --- a/debian/po/gu.po +++ b/debian/po/gu.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: grub-gu\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2012-03-04 09:56+0530\n" "Last-Translator: Kartik Mistry \n" "Language-Team: Gujarati \n" @@ -67,6 +67,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB સ્થાપન ઉપકરણો:" @@ -82,7 +83,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -120,7 +121,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -150,7 +151,7 @@ msgstr "- ${DEVICE} (${SIZE} એમબી; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "GRUB ને બૂટ ઉપકરણમાં લખવાનું નિષ્ફળ ગયું - ચાલુ રાખશો?" @@ -159,12 +160,13 @@ msgstr "GRUB ને બૂટ ઉપકરણમાં લખવાનું ન #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB નીચેના ઉપકરણોમાં સ્થાપિત થવામાં નિષ્ફળ ગયું:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -191,7 +193,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "GRUB સ્થાપન કર્યા વગર આગળ વધશો?" @@ -212,7 +214,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -320,7 +322,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -328,12 +330,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -353,15 +355,66 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"grub-pc પેકેજ સુધારાઈ રહ્યું છે. આ મેનુ તમને કયા ઉપકરણોમાં તમે grub-install આપમેળે સ્થાપિત " +"કરવા માટે ચલાવવા માંગો છો તે પસંદગી કરવા દે છે, જો કોઈ હોય તો." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} એમબી; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"તમે GRUB ને કોઈપણ ઉપકરણમાં સ્થાપિત કરવાનું પસંદ કરેલ નથી, જો તમે ચાલુ રાખશો તો, બૂટ " +"લોડર કદાચ યોગ્ય રીતે ગોઠવાયેલ નહી હોય, અને આ કોમ્પ્યુટર હવે ફરી શરુ થાય ત્યારે તે પહેલાંનું " +"જે હોય તે બૂટ વિભાગ ઉપયોગ કરશે. જો તેમાં પહેલાની GRUB 2 આવૃત્તિ બૂટ સેક્ટર પર હશે તો, " +"કદાચ તે મોડ્યુલ લાવવા અથવા હાલનાં રુપરેખાંકન ફાઈલને સંભાળવામાં અસમર્થ બનશે." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD આદેશ:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -373,13 +426,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD મૂળભૂત આદેશ:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -387,6 +440,41 @@ msgstr "" "નીચેનું વાક્ય મૂળભૂત મેનુ રીત માટે kFreeBSD પરિમાણો માટે વાપરવામાં આવશે પણ રીકવરી સ્થિતિ " "માટે નહી." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map ફરી બનાવવામાં આવી છે" diff --git a/debian/po/he.po b/debian/po/he.po index 75e8e9641..db8af79be 100644 --- a/debian/po/he.po +++ b/debian/po/he.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: grub_debian_po_he\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2014-12-17 18:35+0200\n" "Last-Translator: Omer Zak\n" "Language-Team: Hebrew \n" @@ -71,6 +71,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "התקנים להתקנת GRUB:" @@ -86,7 +87,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -124,7 +125,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -153,7 +154,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "כשלון בכתיבת GRUB להתקן האתחול - להמשיך?" @@ -162,12 +163,13 @@ msgstr "כשלון בכתיבת GRUB להתקן האתחול - להמשיך?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "כשלון בהתקנת GRUB בהתקנים הבאים:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -192,7 +194,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "להמשיך בלי להתקין GRUB?" @@ -213,7 +215,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -321,20 +323,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "לאלץ התקנה נוספת לנתיב מדיה EFI הניתן להסרה?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "כמה מערכות מבוססות EFI מכילות בגים ואינן מתמודדות נכונות עם מאתחלים חדשים. " "אם הינך מאלץ התקנה נוספת של GRUB לנתיב מדיה EFI הניתן להסרה, הדבר אמור " @@ -359,15 +372,66 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"חבילת grub-pc משתדרגת כעת. תפריט זה מאפשר לך לבחור בהתקנים שברצונך ש-grub-" +"install ירוץ עליהם אוטומטית, באם יש כאלה." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"בחרת לא להתקין GRUB באף התקן. אם תמשיך, ייתכן שמנהל האתחול לא יהיה מוגדר " +"כיאות, ובפעם הבאה שמחשבך יאותחל, הוא יאותחל ממה שהיה קודם ב-boot sector. אם " +"יש גירסא מוקדמת יותר של GRUB 2 ב-boot sector, ייתכן שלא יהיה ביכולתה להטעין " +"מודולים או להתמודד עם קובץ ההגדרות הנוכחי." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "שורת הפקודה של kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -379,13 +443,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "ברירת מחדל לשורת הפקודה של kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -393,6 +457,41 @@ msgstr "" "המחרוזת הבאה תשמש כפרמטרי kFreeBSD עבור ברירת המחדל בתפריט אבל לא עבור מצב " "recovery." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "הקובץ ‎/boot/grub/device.map נוצר מחדש" diff --git a/debian/po/hr.po b/debian/po/hr.po index 52e767ee1..7016f9723 100644 --- a/debian/po/hr.po +++ b/debian/po/hr.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2 1.97-2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-23 17:16+0100\n" "Last-Translator: Tomislav Krznar \n" "Language-Team: hrvatski \n" @@ -73,6 +73,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB uređaji za instalaciju:" @@ -88,7 +89,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -128,7 +129,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -159,7 +160,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Instalacija GRUB-a nije uspjela - želite li nastaviti?" @@ -168,12 +169,13 @@ msgstr "Instalacija GRUB-a nije uspjela - želite li nastaviti?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB nije uspio instalaciju na sljedeće uređaje:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -201,7 +203,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Nastaviti bez instalacije GRUB-a?" @@ -223,7 +225,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -335,20 +337,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Prisilno dodatno instalirati u EFI direktorij prijenosnog medija?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Neki EFI sustavi imaju bugove i ne rade ispravno s novim boot učitavačima. " "Ako prisilno dodatno instalirate GRUB u EFI direktorij prijenosnog medija, " @@ -380,15 +393,67 @@ msgstr "" "NVRAM varijable postavljene tako da se vaš sustav povezuje s PXE " "poslužiteljem pri svakom učitavanju, ovo će očuvati takvo ponašanje." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Paket grub-pc se nadograđuje. Ovaj izbornik omogućava biranje uređaja za " +"koje želite automatski pokrenuti grub-install, ako postoje." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Odabrali ste da ne instalirate GRUB ni na jedan uređaj. Ako nastavite, boot " +"učitavač neće biti ispravno podešen, a kada se vaše računalo idući put " +"upali, koristit će što god je prethodno bilo u boot sektoru. Ako se tamo " +"nalazi ranija verzija GRUB 2, možda će doći do problema s učitavanjem modula " +"ili čitanjem trenutne datoteke postavki." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD naredbeni redak:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -400,13 +465,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Pretpostavljeni kFreeBSD naredbeni redak:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -414,6 +479,41 @@ msgstr "" "Sljedeći izraz će biti korišten kao parametar za kFreeBSD stavke u " "izborniku, osim za spasonosni način rada." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map je regeneriran" diff --git a/debian/po/hu.po b/debian/po/hu.po index 859fc8eeb..4aabeb259 100644 --- a/debian/po/hu.po +++ b/debian/po/hu.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2013-05-18 15:44+0200\n" "Last-Translator: Dr. Nagy Elemér Károly \n" "Language-Team: Hungarian \n" @@ -72,6 +72,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB telepítési eszközök:" @@ -88,7 +89,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -128,7 +129,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -159,7 +160,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Nem sikerül a GRUB-ot a rendszerlemezre írni - folytassuk?" @@ -168,12 +169,13 @@ msgstr "Nem sikerül a GRUB-ot a rendszerlemezre írni - folytassuk?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Nem sikerült a GRUB-ot a következő eszközökre telepíteni:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -201,7 +203,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "GRUB telepítése nélkül folytassuk:" @@ -224,7 +226,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -336,7 +338,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -344,12 +346,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -369,15 +371,69 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect #. Description #: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"A grub-pc csomagot frissítjük. Ebben a menüben kiválaszthatod, hogy melyik " +"egységekre szeretnéd automatikusan futtatni a grub-install parancsot, ha van " +"ilyen." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Úgy döntöttél, hogy ne telepítsük a GRUB-ot egyetlen eszközre sem. Ha " +"folytatod, lehet, hogy nem lesz jól beállítva a rendszerbetöltőd és a " +"számítógéped következő indulásakor az fog elindulni, ami korábban a " +"rendszerbetöltő szektorban volt. Ha ebben a GRUB 2 egy régebbi verziója van, " +"lehet, hogy nem tudja majd betölteni a moduljait vagy nem lesz képes " +"értelmezni a jelenlegi konfigurációs fájlt." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD parancssor:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -389,13 +445,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Az alapértelmezett kFreeBSD parancssor:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -403,6 +459,41 @@ msgstr "" "A következő sort fogjuk kFreeBSD paraméternek használni az alapértelmezett " "(default) menüben, de a rendszervisszaállító (recovery) módban nem." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "A /boot/grub/device.map fájlt újraépítettem." diff --git a/debian/po/id.po b/debian/po/id.po index 27201c432..48a1223d9 100644 --- a/debian/po/id.po +++ b/debian/po/id.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2012-01-20 12:28+0700\n" "Last-Translator: Mahyuddin Susanto \n" "Language-Team: Debian Indonesian Translation Team \n" "Language-Team: Icelandic \n" @@ -73,6 +73,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB uppsetningartæki:" @@ -88,7 +89,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -128,7 +129,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -159,7 +160,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Uppsetning GRUB á ræsitæki mistókst. Halda áfram?" @@ -168,12 +169,13 @@ msgstr "Uppsetning GRUB á ræsitæki mistókst. Halda áfram?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Uppsetning GRUB mistókst á eftirfarandi tækjum:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -201,7 +203,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Halda áfram án þess að setja upp GRUB?" @@ -224,7 +226,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -335,20 +337,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Þvinga aukauppsetningu inn á EFI-slóðina fyrir útskiptanlega miðla?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Sum EFI-kerfi eru ekki villulaus og meðhöndla nýja ræsistjóra (bootloaders) " "ekki rétt. Ef þú þvingar aukauppsetningu af GRUB inn á EFI-slóðina fyrir " @@ -375,15 +388,68 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Verið er að uppfæra grub-pc pakkann. Þessi valmynd gerir þér kleift að velja " +"af hvaða tækjum hægt er að keyra grub-install sjálfvirkt, ef þá nokkrum." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Þú valdir að setja GRUB ekki upp á neitt tæki. Ef þú heldur áfram verður " +"ræsistjórinn ekki rétt stilltur, og þegar tölvan þín ræsist næst mun hún " +"nota hvað það sem fyrir er núna á ræsigeiranum. Ef á ræsigeiranum er til " +"dæmis eldri útgáfa af GRUB 2, er möguleiki á að hún ráði ekki við að hlaða " +"inn ákveðnum kjarnaeiningum eða nái ekki að lesa stillingaskrána fyrir þetta " +"stýrikerfi." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD skipanalína:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -395,13 +461,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Sjálfgefin kFreeBSD skipanalína:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -409,6 +475,41 @@ msgstr "" "Eftirfarandi strengur verður notaður sem kFreeBSD viðfang í sjálfgefnu " "valmyndarfærslunni en ekki í viðgerðarham." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map var endurskrifað" diff --git a/debian/po/it.po b/debian/po/it.po index 118e4d7b6..160d129ee 100644 --- a/debian/po/it.po +++ b/debian/po/it.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2 2.02~beta3-4 italian debconf templates\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-21 11:39+0100\n" "Last-Translator: Luca Monducci \n" "Language-Team: Italian \n" @@ -70,6 +70,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Installare GRUB sui device:" @@ -86,7 +87,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -126,7 +127,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -157,7 +158,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Scrittura di GRUB sul device di avvio non riuscita. Continuare?" @@ -166,12 +167,13 @@ msgstr "Scrittura di GRUB sul device di avvio non riuscita. Continuare?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "L'installazione di GRUB sui seguenti device non è riuscita:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -199,7 +201,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Continuare senza installare GRUB?" @@ -222,7 +224,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -335,20 +337,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Forzare l'installazione sul percorso dei supporti removibili EFI?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Alcuni sistemi EFI hanno degli errori e non gestiscono correttamente i nuovi " "bootloader. Forzando un'installazione aggiuntiva di GRUB sul percorso dei " @@ -381,15 +394,69 @@ msgstr "" "il sistema contatti un server PXE a ogni avvio, è possibile preservare tale " "impostazione." -#. Type: string +#. Type: multiselect #. Description #: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"È in corso l'aggiornamento del pacchetto grub-pc. Questo menu permette di " +"scegliere su quali device, se specificati, si vuole eseguire automaticamente " +"grub-install." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Si è scelto di non installare GRUB su alcun device. Continuando, il boot " +"loader potrebbe non essere configurato correttamente e al prossimo avvio del " +"computer verrà usato il vecchio contenuto del settore di boot. Se nel " +"settore di boot è presente una versione precedente di GRUB 2, questa " +"potrebbe non essere in grado di caricare i moduli o di gestire l'attuale " +"file di configurazione." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Riga di comando kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -402,13 +469,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Riga di comando kFreeBSD predefinita:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -416,6 +483,41 @@ msgstr "" "Questa stringa verrà usata come parametri per kFreeBSD nella voce di menu " "predefinita, ma non nella modalità di ripristino." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map è stato rigenerato" diff --git a/debian/po/ja.po b/debian/po/ja.po index 5dedb76a2..e60799dfe 100644 --- a/debian/po/ja.po +++ b/debian/po/ja.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2 1.99-5\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2016-03-03 09:57+0900\n" "Last-Translator: Takuma Yamada \n" "Language-Team: Japanese \n" @@ -72,6 +72,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB をインストールするデバイス:" @@ -87,7 +88,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -127,7 +128,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -158,7 +159,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "起動デバイスへの GRUB の書き込みが失敗しました - 続行しますか?" @@ -167,12 +168,13 @@ msgstr "起動デバイスへの GRUB の書き込みが失敗しました - 続 #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB は以下のデバイスへのインストールに失敗しました:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -201,7 +203,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "GRUB をインストールせずにパッケージのインストールを続行しますか?" @@ -224,7 +226,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -335,20 +337,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "EFI リムーバブルメディアパスに特別インストールを強制しますか?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "一部の EFI ベースのシステムにはバグがあり、正しく新しいブートローダーを扱うこ" "とができません。EFI リムーバブルメディアパスに GRUB の特別インストールを強制" @@ -374,15 +387,68 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"grub-pc パッケージのアップグレード中です。このメニューでは、もしデバイスがあ" +"れば、どのデバイスに自動的に grub-install を実行するかを選べます。" + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"どのデバイスに対しても GRUB をインストールしないことが選択されました。ブート" +"ローダーが正しく設定されていない可能性があり、このまま続行するとこのコン" +"ピュータの次回起動時には、以前に起動セクタにインストールされていたものを何で" +"あろうとも利用しようとします。以前のバージョンの GRUB 2 が起動セクタにある場" +"合は、モジュールの読み込みや現在の設定ファイルの取り扱いができなくなる可能性" +"があります。" + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD コマンドライン:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -394,13 +460,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD デフォルトコマンドライン:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -408,6 +474,41 @@ msgstr "" "以下の文字列はリカバリーモードではない通常のメニューエントリでの kFreeBSD パ" "ラメータとして使われます。" +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map が再生成されました" diff --git a/debian/po/ka.po b/debian/po/ka.po index aca6607bf..a3a80818c 100644 --- a/debian/po/ka.po +++ b/debian/po/ka.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2009-08-30 18:05+0400\n" "Last-Translator: Aiet Kolkhi \n" "Language-Team: Georgian \n" @@ -83,6 +83,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "" @@ -96,7 +97,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -127,7 +128,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -153,7 +154,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "" @@ -162,12 +163,13 @@ msgstr "" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -190,7 +192,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "" @@ -207,7 +209,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -309,7 +311,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -317,12 +319,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -342,15 +344,47 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect #. Description #: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" + +#. Type: text +#. Description +#: ../templates.in:7001 +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD ბრძანების სტრიქონი:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 #, fuzzy #| msgid "" #| "The following kFreeBSD command line was extracted from /etc/default/grub " @@ -367,13 +401,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD-ის სტანდარტული ბრძანების სტრიქონი:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -381,6 +415,41 @@ msgstr "" "შემდეგი სტრიქონი გამოყენებულ იქნება როგორც kFreeBSD-ს პარამეტრები მენიუს " "სტანდარტული შენატანისათვის, მაგრამ არა აღდგენის რეჟიმისათვის." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "" #~ "In either case, whenever you want GRUB 2 to be loaded directly from MBR, " #~ "you can do so by issuing (as root) the following command:" diff --git a/debian/po/kk.po b/debian/po/kk.po index 9094f6344..9fa71e7d7 100644 --- a/debian/po/kk.po +++ b/debian/po/kk.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: master\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-20 08:44+0500\n" "Last-Translator: Baurzhan Muftakhidinov \n" "Language-Team: Kazakh \n" @@ -70,6 +70,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB орнатылатын құрылғылар:" @@ -86,7 +87,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -125,7 +126,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -155,7 +156,7 @@ msgstr "- ${DEVICE} (${SIZE} МБ; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "GRUB-ты жүктелу құрылғысына жазу сәтсіз - жалғастыру керек пе?" @@ -164,12 +165,13 @@ msgstr "GRUB-ты жүктелу құрылғысына жазу сәтсіз - #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB келесі құрылғыларға орнату сәтсіз аяқталды:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -197,7 +199,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "GRUB орнатпай-ақ жалғастыру керек пе?" @@ -219,7 +221,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -328,20 +330,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "EFI ауыстырмалы тасушыға қосымша орнатуды мәжбүрлету керек пе?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Кейбір EFI негізіндегі жүйелер толығымен дұрыс жасамайды және жаңа " "жүктеушілерді дұрыс өңдемейді. Егер сіз қосымша түрде GRUB-ты EFI " @@ -373,15 +386,68 @@ msgstr "" "жүйеңіз әр жүктелген кезде PXE серверімен байланысатындай бапталған болса, " "онда осындай әрекет сақталады." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"grub-pc дестесі жаңартылуда. Бұл мәзір сізге қай құрылғылар үшін grub-" +"install автожөнелту қалайтыныңызды көрсетуге мүмкін қылады, егер ондай " +"құрылғылар бар болса." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} МБ; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Сіз GRUB-ты ешбір құрылғыға орнатпауды қалағансыз. Жалғастырсаңыз, жүктеуші " +"дұрыс бапталмауы мүмкін, және компьютеріңіз келесі рет жүктелген кезде, " +"жүктелу жазбасында оған дейін болған нәрсені қолданады. Егер ол жүктелу " +"жазбасында GRUB 2 ертерек шыққан нұсқасы болса, ол модульдерді жүктей алмай, " +"не ағымдағы баптаулар файлын талдай алмайтын болуы әдбен мүмкін." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD командалық жолы:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -393,13 +459,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD бастапқы командалық жолы:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -407,6 +473,41 @@ msgstr "" "Келесі жол kFreeBSD параметрлері бастапқы мәзірі үшін, бірақ қалпына келтіру " "үшін емес, қолданылатын болады." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map қайта құрылды" diff --git a/debian/po/km.po b/debian/po/km.po index 1672981b2..33e806826 100644 --- a/debian/po/km.po +++ b/debian/po/km.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: grub_debian_po\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2012-04-05 15:38+0700\n" "Last-Translator: Khoem Sokhem \n" "Language-Team: Khmer \n" @@ -68,6 +68,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB ដំឡើង​ឧបករណ៍ ៖" @@ -83,7 +84,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -121,7 +122,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -151,7 +152,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "បាន​បរាជ័យ​ក្នុង​ការ​សរសេរ​ GRUB ទៅ​​ឧបករណ៍​ចាប់ផ្ដើម បន្ត ?" @@ -160,12 +161,13 @@ msgstr "បាន​បរាជ័យ​ក្នុង​ការ​សរស #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB បាន​បរាជ័យ​ក្នុង​ការ​ដំឡើង​ឧបករណ៍​ដូ​ចខាង​ក្រោម ៖" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -191,7 +193,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "បន្ត​ដោយ​មិន​ដំឡើង GRUB?" @@ -212,7 +214,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -320,7 +322,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -328,12 +330,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -353,15 +355,66 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"កញ្ចប់ grub-pc កំពុង​ត្រូវ​បាន​ធ្វើ​ឲ្យ​ប្រសើរឡើង ។ ម៉ឺនុយ​នេះ​អនុញ្ញាត​ឲ្យ​អ្នក​ជ្រើស​ឧបករណ៍​ណាមួយ​ ដែល​អ្នក​" +"ចង់​ grub-install ដំណើរការ​ដោយ​ស្វ័យ​ប្រវត្តិ ប្រសិនបើ​មាន ។" + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"អ្នក​បាន​ជ្រើសរើស​ថា​មិន​ដំឡើង​ GRUB ក្នុង​ឧបករណ៍​ណាមួយ​ទេ ។ ប្រសិនបើ​អ្នក​បន្ត ​កម្មវិធី​ចាប់ផ្ដើម​ប្រព័ន្ធ​អាច​" +"មិន​​ត្រូវ​បាន​កំណត់​រចនាសម្ព័ន្ធ​ត្រឹមត្រូវ​ទេ ហើយ​នៅ​ពេល​កុំព្យូទ័រ​នេះ​ចាប់ផ្ដើម​ពេល​ក្រោយ វា​នឹង​ប្រើ​អ្វី​ដែល​មាន​" +"ពីមុន​នៅ​ក្នុង​ផ្នែក​ចាប់ផ្ដើម ។ ប្រសិន​បើ​គ្មាន​កំណែ GRUB 2 ពី​មុន​នៅ​ក្នុង​ផ្នែក​ចាប់ផ្ដើម​ទេ វា​​មិន​អាច​ផ្ទុក​" +"ម៉ូឌុល ឬ​ដោះស្រាយ​ឯកសារ​កំណត់​រចនាសម្ព័ន្ធ​បច្ចុប្បន្ន​បាន​ទេ ។" + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "ពាក្យ​បញ្ជា kFreeBSD ៖" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -372,13 +425,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "ពាក្យ​បញ្ជា​លំនាំដើម​របស់ kFreeBSD ៖" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -386,6 +439,41 @@ msgstr "" "ឃ្លា​ដូច​ខាង​ក្រោម​នឹង​ត្រូវ​បាន​ប្រើ​ជា​ប៉ារ៉ាម៉ែត្រ kFreeBSD សម្រាប់​ធាតុ​ម៉ឺនុយ​លំនាំដើម ប៉ុន្តែ​មិន​សម្រាប់​របៀប​" "សង្គ្រោះ​ទេ ។" +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map ត្រូវ​បាន​បង្កើត​ឡើង​វិញ" diff --git a/debian/po/ko.po b/debian/po/ko.po index e794536e0..11c26a7d6 100644 --- a/debian/po/ko.po +++ b/debian/po/ko.po @@ -4,7 +4,7 @@ msgid "" msgstr "" "Project-Id-Version: grub_debian\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-21 17:41+0900\n" "Last-Translator: Changwoo Ryu \n" "Language-Team: Korean \n" @@ -67,6 +67,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB 설치 장치:" @@ -82,7 +83,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -120,7 +121,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -150,7 +151,7 @@ msgstr "- ${DEVICE} (${SIZE} MB, ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "GRUB을 부팅 장치에 쓰는데 실패했습니다. 계속 하시겠습니까?" @@ -159,12 +160,13 @@ msgstr "GRUB을 부팅 장치에 쓰는데 실패했습니다. 계속 하시겠 #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "다음 장치에 대해 GRUB 설치가 실패했습니다:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -191,7 +193,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "GRUB을 설치하지 않고 계속하시겠습니까?" @@ -213,7 +215,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -322,20 +324,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "EFI 이동식 미디어 경로에 추가로 강제 설치하시겠습니까?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "일부 EFI 기반 시스템에는 버그 때문에 새로운 부트로더를 제대로 처리하지 못합니" "다. GRUB을 EFI 이동식 미디어 경로에 추가로 강제 설치하면, 이러한 버그가 있더" @@ -364,15 +377,67 @@ msgstr "" "지 않을 수도 있습니다. 예를 들어 부팅할 때마다 PXE 서버에 연결하도록 NVRAM 변" "수가 설정되어 있고, 이 기능을 사용하지 않으면 계속 그렇게 동작할 것입니다." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"grub-pc 패키지를 업그레이드하는 중입니다. 이 메뉴에서 (실행할 장치가 있다면) " +"어떤 장치에 대해 grub-install을 자동으로 실행할지 설정합니다." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB, ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"GRUB을 어떤 장치에도 설치하지 않도록 선택하셨습니다. 계속 하시면 부트로더가 " +"제대로 설정되지 않을 수도 있고, 다음번에 컴퓨터가 시작할 때 예전에 부트 섹터" +"에 들어 있는 부트로더를 사용합니다. GRUB 2의 예전 버전이 부트섹터에 들어 있으" +"면 그 예전 버전은 GRUB 모듈을 읽어들이거나 현재 설정 파일을 처리하지 못할 수" +"도 있습니다." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD 명령어:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -384,13 +449,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD 기본 명령어:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -398,6 +463,41 @@ msgstr "" "다음 문자열을 기본 메뉴 항목의 kFreeBSD 파라미터로 사용합니다. 복구 모드에서" "는 사용하지 않습니다." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map 파일을 다시 만들었습니다" diff --git a/debian/po/lt.po b/debian/po/lt.po index 938c5d541..f49176879 100644 --- a/debian/po/lt.po +++ b/debian/po/lt.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-20 09:03+0300\n" "Last-Translator: Rimas Kudelis \n" "Language-Team: Lithuanian \n" @@ -73,6 +73,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Įrenginiai „GRUB“ diegimui:" @@ -88,7 +89,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -128,7 +129,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -159,7 +160,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "„GRUB“ įrašyti į paleidimo įrenginį nepavyko. Ar tęsti?" @@ -168,12 +169,13 @@ msgstr "„GRUB“ įrašyti į paleidimo įrenginį nepavyko. Ar tęsti?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Nepavyko „GRUB“ įdiegti į šiuos įrenginius:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -201,7 +203,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Ar tęsti neįdiegus „GRUB“?" @@ -223,7 +225,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -335,20 +337,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Papildomai priverstinai įdiegti į EFI keičiamųjų laikmenų kelią?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Kai kurios EFI veiksena veikiančios sistemos turi klaidų ir negeba " "korektiškai dirbti su naujomis paleidyklėmis. „GRUB“ paleidyklę papildomai " @@ -383,15 +396,67 @@ msgstr "" "taip, kad kaskart pasileisdama, ji susisiektų su PXE serveriu, ir jūs " "nenorite šio scenarijaus keisti." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Atnaujinamas „grub-pc“ paketas. Šiame meniu galite pasirinkti, ar kuriems " +"nors įrenginiams komanda „grub-install“ turėtų būti paleidžiama automatiškai." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Galima „GRUB“ paleidyklės ir nediegti į jokį įrenginį. Tokiu atveju ji nebus " +"tinkamai sukonfigūruota ir kitąkart paleidus šį kompiuterį, bus bandoma " +"įvykdyti tai, kas paleidimo sektoriuje buvo iki šiol. Jeigu jame įrašyta " +"ankstesnė „GRUB 2“ versija, tikėtina, jog jai nepavyks įkelti reikiamų " +"modulių ar tinkamai interpretuoti konfigūracinio failo." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "„kFreeBSD“ komandos eilutė:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -404,13 +469,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Numatytoji „kFreeBSD“ komandos eilutė:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -418,6 +483,41 @@ msgstr "" "Ši eilutė bus naudojama kaip įprastiniai „kFreeBSD“ branduolio parametrai, " "bet ne pasirinkus atkūrimo veikseną." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "Failas „boot/grub/device.map“ pergeneruotas" diff --git a/debian/po/lv.po b/debian/po/lv.po index 85ac97df4..6e321d15e 100644 --- a/debian/po/lv.po +++ b/debian/po/lv.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2015-02-10 21:14+0200\n" "Last-Translator: Rūdolfs Mazurs \n" "Language-Team: Latvian \n" @@ -72,6 +72,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB instalēšanas ierīces:" @@ -87,7 +88,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -127,7 +128,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -158,7 +159,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Neizdevās ierakstīt GRUB uz palaišanas ierīces — turpināt?" @@ -167,12 +168,13 @@ msgstr "Neizdevās ierakstīt GRUB uz palaišanas ierīces — turpināt?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Neizdevās uzinstalēt GRUB uz šīm ierīcēm:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -199,7 +201,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Turpināt bez GRUB instalēšanas?" @@ -221,7 +223,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -332,20 +334,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Forsēt papildu instalāciju uz EFI noņemamā datu nesēja ceļa?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Dažas EFI sistēmas ir satur kļūdas un nespēj pareizi apstrādāt jaunus " "sistēmas ielādētājus. Ja forsēsiet GRUB instalēšanu uz EFI noņemamā datu " @@ -372,15 +385,67 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Tiek uzlabota grub-pc pakotne. Šī izvēlne ļauj jums izvēlēties ierīces, " +"kuras grub-install vajadzētu palaists (ja vajag)." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Jūs varat izvēlēties neinstalēt GRUB uz nevienas ierīces. Ja turpināsiet, " +"palaidējs varētu nebūt pareizi konfigurēts, un kad dators tiks palaists, tas " +"izmantos to konfigurāciju, kas jau atrodas palaišanas sektorā. Ja palaišanas " +"sektorā jau ir vecāka GRUB 2 versija, tā varētu nespēt ielādēt moduļus vai " +"apstrādāt esošo konfigurācijas datni." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD komandrinda:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -392,13 +457,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD noklusējuma komandrinda:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -406,6 +471,41 @@ msgstr "" "Sekojošā virkne tiks izmantota kā kFreeBSD parametri izvēlnes noklusējuma " "ierakstam, bet ne sistēmas atgūšanas režīmā." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map tika reģistrēts" diff --git a/debian/po/mr.po b/debian/po/mr.po index 18311847a..93b58e41c 100644 --- a/debian/po/mr.po +++ b/debian/po/mr.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2014-12-24 20:56+0530\n" "Last-Translator: localuser \n" "Language-Team: C-DAC/Sampada\n" @@ -69,6 +69,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "ग्रब अधिष्ठापना उपकरणे:" @@ -84,7 +85,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -122,7 +123,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -152,7 +153,7 @@ msgstr "- ${DEVICE} (${SIZE} एमबी; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "आरंभ उपकरणावर ग्रब लिहिणे फसले - सुरू ठेवायचे?" @@ -161,12 +162,13 @@ msgstr "आरंभ उपकरणावर ग्रब लिहिणे #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "खालील उपकरणांवर ग्रब अधिष्ठापित करणे असफल झाले:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -193,7 +195,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "ग्रब अधिष्ठापित न करता पुढे जायचे?" @@ -214,7 +216,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -322,20 +324,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "ईएफआय काढण्याजोग्या मिडीया मार्गात अतिरिक्त अधिष्ठापना जबरदस्ती करायची?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "काही ईएफआय-आधारित प्रणाली दोषपूर्ण असतात व नवीन आरंभसूचकांना योग्य रीतीने हाताळत " "नाहीत. तुम्ही ईएफआय काढण्याजोग्या मिडीया मार्गात ग्रबची अतिरिक्त अधिष्ठापना जबरदस्ती " @@ -361,15 +374,66 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"ग्रब-पीसी पॅकेज श्रेणिवर्धित केले जात आहे. कोणत्या उपकरणांसाठी ग्रब-इन्स्टाल स्वयंचलितपणे " +"चालवले जावे ते या मेन्यूद्वारे तुम्ही निवडू शकता." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} एमबी; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"कोणत्याही उपकरणांवर ग्रब अधिष्ठापित न करण्याचे तुम्ही निवडले आहे. तुम्ही पुढे चालू ठेवल्यास, " +"हा आरंभ सूचक योग्यरित्या संरचित झालेला नसू शकतो, व हा संगणक पुन्हा सुरू होईल तेव्हा बूट " +"सेक्टरमध्ये आधी जे काही होते ते वापरेल. बूट सेक्टरमध्ये ग्रब 2 ची आधीची आवृत्ती असेल, तर " +"कदाचित तो मोड्युल्स लोड करू शकणार नाही वा सद्य संरचना फाईल हाताळू शकणार नाही." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "केफ्रीबीएसडी आदेश ओळ:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -381,13 +445,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "केफ्रीबीएसडी मूलनिर्धारीत आदेश ओळ:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -395,6 +459,41 @@ msgstr "" "मुलनिर्धारित मेन्यू नोंदीकरिता केफ्रीबीएसडी घटकमूल्ये म्हणून खालील श्रुंखला वापरली जाईल, पण " "रिकव्हरी मोडसाठी नाही." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map पुनर्निर्मिला गेला आहे" diff --git a/debian/po/nb.po b/debian/po/nb.po index 5906d5103..710d4583e 100644 --- a/debian/po/nb.po +++ b/debian/po/nb.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2019-03-11 17:35+0100\n" "Last-Translator: Petter Reinholdtsen \n" "Language-Team: NorwegianBokmal \n" @@ -72,6 +72,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB installasjonsenheter:" @@ -87,7 +88,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -127,7 +128,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -158,7 +159,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Klarte ikke skrive GRUB til oppstartsenhet - fortsette?" @@ -167,12 +168,13 @@ msgstr "Klarte ikke skrive GRUB til oppstartsenhet - fortsette?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Klarte ikke installere GRUB på følgende enheter:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -200,7 +202,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Fortsett uten å installere GRUB?" @@ -223,7 +225,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -337,20 +339,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Tving ekstra installasjon til EFI-stien for flyttbare media? " #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Noen EFI-baserte systemer har feil og feilhåndterer nye oppstartlastere. " "Hvis du tvinger en ekstra installasjon av GRUB til EFI-stien for flyttbare " @@ -383,15 +396,68 @@ msgstr "" "en PXE-tjener ved hver oppstart, så kan du slik beholde opprinnelig " "oppførsel." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Pakken grub-pc blir oppgradert. Denne menyen lar deg velge hvilke enheter " +"hvilke enheter du vil at grub-install skal kjøres automatisk for, hvis noen." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Du har valgt å ikke installere GRUB på noen enhet. Hvis du fortsetter, vil " +"oppstartslasteren kanskje ikke være skikkelig satt opp, og når denne " +"datamaskinen starter opp neste gang vil den bruke det tidligere innholdet i " +"oppstartssektoren. Hvis det er en tidligere versjon av GRUB 2 i " +"oppstartsektoren, vil den kanskje ikke være i stand til å laste inn moduler " +"eller håndtere den aktuelle konfigurasjonsfilen." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Kommandolinje i kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -403,13 +469,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Standardkommandolinje i kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -417,6 +483,41 @@ msgstr "" "Den følgende teksten vil bli brukt som kFreeBSD-parametre for " "standardmenupunktet men ikke for gjenopprettelsesmodus." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map er regenerert" diff --git a/debian/po/nl.po b/debian/po/nl.po index 054b18258..c293bb67b 100644 --- a/debian/po/nl.po +++ b/debian/po/nl.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2 2.02~beta3-4\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-20 17:35+0100\n" "Last-Translator: Frans Spiesschaert \n" "Language-Team: Debian Dutch l10n Team \n" @@ -75,6 +75,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Apparaten waarop GRUB moet komen:" @@ -91,7 +92,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -132,7 +133,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -164,7 +165,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Schrijven van GRUB naar opstartapparaat mislukt. Doorgaan?" @@ -173,12 +174,13 @@ msgstr "Schrijven van GRUB naar opstartapparaat mislukt. Doorgaan?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Het installeren van GRUB op de volgende apparaten is mislukt: " #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -207,7 +209,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Verder gaan zonder GRUB te installeren?" @@ -230,7 +232,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -346,21 +348,32 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" "Een extra installatie verplichten in het EFI-pad voor verwijderbare media?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Sommige op EFI gebaseerde systemen bevatten fouten en gaan niet correct om " "met de nieuwe opstartprogramma's. Indien u een extra installatie van GRUB in " @@ -395,15 +408,69 @@ msgstr "" "variabelen zo ingesteld werden dat uw systeem, telkens het opgestart wordt, " "een PXE-server contacteert, dan blijft op die manier dit gedrag gehandhaafd." -#. Type: string +#. Type: multiselect #. Description #: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Het pakket grub-pc wordt bijgewerkt. Dit menu stelt u in staat om desgewenst " +"de apparaten te selecteren waarvoor u wilt dat grub-install automatisch " +"wordt uitgevoerd." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"U heeft ervoor gekozen om GRUB op geen enkele schijf te installeren. Als u " +"nu doorgaat zou het kunnen dat het opstartprogramma niet correct " +"geconfigureerd is en dat de computer bij de volgende start de informatie " +"gebruikt die vroeger in de opstartsector stond. Indien daar een eerdere " +"versie van GRUB 2 staat, kan het zijn dat modules niet geladen kunnen worden " +"of dat het huidige configuratiebestand niet verwerkt kan worden." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD-commandoregel:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -416,13 +483,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Standaard kFreeBSD-commandoregel:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -430,6 +497,41 @@ msgstr "" "De volgende regel zal, behalve in de herstelmodus, gebruikt worden voor de " "kFreeBSD parameters in de standaard menuoptie." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map is opnieuw aangemaakt" diff --git a/debian/po/pl.po b/debian/po/pl.po index 938709e55..029d926f2 100644 --- a/debian/po/pl.po +++ b/debian/po/pl.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-20 14:11+0100\n" "Last-Translator: Łukasz Dulny \n" "Language-Team: Polish \n" @@ -74,6 +74,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Urządzenia do instalacji GRUB-a:" @@ -90,7 +91,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -131,7 +132,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -162,7 +163,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "" "Zapisywanie GRUB-a na urządzenia rozruchowe nie powiodło się - kontynuować?" @@ -172,12 +173,13 @@ msgstr "" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Nie powiodło się zainstalowanie GRUB-a na następujących urządzeniach:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -207,7 +209,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Kontynuować bez instalowania GRUB-a?" @@ -230,7 +232,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -343,20 +345,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Wymusić dodatkową instalację do ścieżki nośników wymiennych EFI?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Niektóre oparte na EFI systemy mają błędy i nie obsługują poprawnie nowych " "programów rozruchowych. Jeśli wymusisz dodatkową instalację GRUB-a do " @@ -388,15 +401,69 @@ msgstr "" "zmiennych NVRAM takie, że system kontaktuje się z serwerem PXE przy każdym " "uruchomieniu." -#. Type: string +#. Type: multiselect #. Description #: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Pakiet grub-pc został zaktualizowany. To menu pozwala na wybranie urządzeń, " +"dla których powinno zostać uruchomione automatycznie polecenie grub-install, " +"jeśli to konieczne." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Wybrano nieinstalowanie GRUB-a na żadnym urządzeniu. W przypadku " +"kontynuowania, program rozruchowy może nie być poprawnie skonfigurowany, a " +"kiedy komputer zostanie uruchomiony ponownie, będzie używał tego, co " +"znajdowało się poprzednio w sektorze rozruchowym. Jeśli jest tam " +"wcześniejsza wersja GRUB-a 2, załadowanie modułów lub obsłużenie aktualnego " +"pliku konfiguracyjnego może być niemożliwe." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Wiersz poleceń do kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -409,13 +476,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Domyślny wiersz poleceń do kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -423,6 +490,41 @@ msgstr "" "Następujący ciąg będzie użyty jako parametry przekazywane do jądra kFreeBSD " "w domyślnym wpisie menu (ale nie w trybie ratunkowym)." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map został odtworzony" diff --git a/debian/po/pt.po b/debian/po/pt.po index ee8bdb1d3..5e949b132 100644 --- a/debian/po/pt.po +++ b/debian/po/pt.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2 2.02-beta3-5\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-06-04 12:30+0000\n" "Last-Translator: Rui Branco - DebianPT \n" "Language-Team: Portuguese \n" @@ -75,6 +75,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "dispositivos de instalação GRUB:" @@ -91,7 +92,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -130,7 +131,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -161,7 +162,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "A escrita do GRUB para o dispositivo de arranque falhou - continuar?" @@ -170,12 +171,13 @@ msgstr "A escrita do GRUB para o dispositivo de arranque falhou - continuar?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "A instalação do GRUB falhou nos seguintes dispositivos:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -204,7 +206,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Continuar sem instalar o GRUB?" @@ -227,7 +229,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -342,20 +344,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Forçar a instalação extra para o caminho de media removível EFI? " #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Alguns sistemas baseados em EFI possuem bugs e não irão gerir os novos " "bootloaders correctamente. Se forçar uma instalação extra do GRUB para o " @@ -389,15 +402,69 @@ msgstr "" "definidas de modo a que o seu sistema contacte um servidor PXE em cada " "arranque, isto preservará esse comportamento. " -#. Type: string +#. Type: multiselect #. Description #: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"O pacote grub-pc está a ser actualizado. Este menu permite-lhe seleccionar " +"quais os dispositivos onde gostaria que o grub-install corresse " +"automaticamente, se algum." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Escolheu não instalar o GRUB em qualquer dispositivo. Se continuar, o gestor " +"de arranque pode não ficar correctamente configurado, e quando o computador " +"arrancar da próxima vez irá usar o que estiver anteriormente no sector de " +"arranque. Se existir uma versão anterior do GRUB 2 no sector de arranque, " +"poderá não ser capaz de carregar os módulos e gerir o ficheiro de " +"configuração actual." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "linha de comandos kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -410,13 +477,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Linha de comandos padrão do kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -424,6 +491,41 @@ msgstr "" "A seguinte linha será utilizada como parâmetros para o kFreeBSD para a " "entrada por omissão do menu, mas não para o modo de recuperação." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "O /boot/grub/device.map foi recriado" diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po index 2d6b31f2d..6c31bc2ec 100644 --- a/debian/po/pt_BR.po +++ b/debian/po/pt_BR.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2 2.02~beta3-4\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-20 21:56-0200\n" "Last-Translator: Adriano Rafael Gomes \n" "Language-Team: Brazilian Portuguese \n" "Language-Team: Romanian \n" @@ -76,6 +76,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Dispozitive pentru a instala GRUB:" @@ -91,7 +92,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -131,7 +132,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -162,7 +163,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Scrierea GRUB pe dispozitivul boot a eșuat. Se continuă?" @@ -171,12 +172,13 @@ msgstr "Scrierea GRUB pe dispozitivul boot a eșuat. Se continuă?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Instalarea GRUB pe următoarele dispozitive a eșuat:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -204,7 +206,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Continuați fără să instalați GRUB?" @@ -227,7 +229,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -341,20 +343,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Forțează o instalare suplimentară în calea EFI pentru medii externe" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Anumite sisteme EFI au probleme și nu funcționează corect cu încărcători de " "sistem noi. Forțând o instalare GRUB suplimentară în calea EFI pentru medii " @@ -386,15 +399,68 @@ msgstr "" "configurat sistemul astfel încât să contacteze un server PXE la pornire " "această opțiune va păstra această configurație." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Pachetul grub-pc este în curs de înnoire. Acest meniu vă permite să alegeți " +"pentru ce dispozitive doriți să ruleze automat grub-install, dacă este cazul." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Ați ales să nu instalați GRUB pe niciun dispozitiv. Dacă veți continua, este " +"posibil ca încărcătorul de sistem să nu fie configurat corespunzător, iar la " +"pornirea calculatorului acesta va folosi ce se afla deja în sectorul de " +"pornire. Dacă există o versiune mai veche de GRUB 2 în sectorul de pornire " +"este posibil ca aceasta să nu poată încărca modulele sau să proceseze " +"fișierul de configurare curent." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Linia de comandă kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -407,13 +473,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Linia de comandă implicită kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -421,6 +487,41 @@ msgstr "" "Următorul șir va fi folosit ca parametru pentru kFreeBSD pentru poziția " "implicită din meniu, dar nu și pentru cea de recuperare." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map a fost regenerat" diff --git a/debian/po/ru.po b/debian/po/ru.po index 8224afd30..2e50448b8 100644 --- a/debian/po/ru.po +++ b/debian/po/ru.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2 2.02~beta3-4\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-21 12:06+0300\n" "Last-Translator: Yuri Kozlov \n" "Language-Team: Russian \n" @@ -76,6 +76,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Устройства, на которые устанавливается GRUB:" @@ -91,7 +92,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -131,7 +132,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -162,7 +163,7 @@ msgstr "- ${DEVICE} (${SIZE} МБ; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Не удалось записать GRUB на загрузочное устройство -- продолжить?" @@ -171,12 +172,13 @@ msgstr "Не удалось записать GRUB на загрузочное у #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Не удалось установить GRUB на следующие устройства:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -204,7 +206,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Продолжить без установки GRUB?" @@ -226,7 +228,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -338,20 +340,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Выполнить принудительную установку в путь съёмных носителей EFI?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Некоторые системы на основе EFI содержат ошибки и неправильно работают с " "новыми системными загрузчиками. Если выполнить принудительную установку GRUB " @@ -381,15 +394,67 @@ msgstr "" "нежелательно. Например, если в переменных NVRAM указаны настройки для " "подключению к серверу PXE при каждом запуске, то лучше ничего не менять." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Выполняется обновление пакета grub-pc. Это меню позволяет вам выбрать " +"устройства, для которых нужно автоматически запустить grub-install." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} МБ; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Вы отказались от установки GRUB. Если продолжите, то системный загрузчик " +"может быть неправильно настроен, и когда компьютер будет включён в следующий " +"раз, будет использоваться то, что было раньше в загрузочном секторе. Если " +"там была предыдущая версия GRUB 2, то она не сможет загрузить модули или " +"обработать текущий файл настройки." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Командная строка kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -402,13 +467,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Командная строка kFreeBSD по умолчанию:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -416,6 +481,41 @@ msgstr "" "Данная строка будет использоваться в качестве параметров kFreeBSD в пункте " "меню по умолчанию, кроме режима восстановления." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "Пересоздан файл /boot/grub/device.map" diff --git a/debian/po/si.po b/debian/po/si.po index 71d517b9e..3339cc45f 100644 --- a/debian/po/si.po +++ b/debian/po/si.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2011-09-29 08:35+0530\n" "Last-Translator: Danishka Navin \n" "Language-Team: Sinhala \n" @@ -68,6 +68,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB ස්ථාපන උපකරණ:" @@ -83,7 +84,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -121,7 +122,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -151,7 +152,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "GRUB ආරම්භක උපකරණය ලිවීම අසාර්ථකයි - ඉදිරියට?" @@ -160,12 +161,13 @@ msgstr "GRUB ආරම්භක උපකරණය ලිවීම අසාර #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB පහත උපකරණ ස්ථාපනයෙහි අසාර්ථක විය:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -190,7 +192,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "GRUB ස්ථාපනයෙන් තොරව ඉදිරියට යන්නද?" @@ -211,7 +213,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -318,7 +320,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -326,12 +328,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -351,15 +353,66 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"grub-pc පැකේජය යාවත් වෙමින්. මෙම මෙනුව ඔබට grub-install ස්වයංක්‍රීයව ධාවනය විය යුත්තේ " +"කුමන උපකරණ මත දැයි තේරීමට ඉඩදෙයි." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"ඔබ කිසිඳු උපකරණයකට GRUB ස්ථාපනය නොකිරීමට තෝරා ඇත. ඔබ ඉදිරියට යයි නම් ආරම්භක පූරකය නිසිලෙස " +"නොසැකසෙනු ඇත. ඊලඟ වතාවේ පරිගණකය ආරම්භ වන විට එය ආරම්භක කොටසේ පැවති ඕනෑම දෙයක් භාවිත " +"කරයි. ආරම්භක කොටසේ GRUB 2 පැරණි සංස්කරණයක් පවතී නම්. එය මොඩියුල හැසිරවීමේ හා වත්මන් සැකසුම් " +"ගොනුව භාවිතයේ අසමත් විය හැක." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD විධාන රේඛාව:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -371,13 +424,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD පෙරනිමි විධාන රේඛාව:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -385,6 +438,41 @@ msgstr "" "පහත යෙදුම පෙරනිමි මෙනු ඇතුළත් කිරීම් සඳහා kFreeBSD පරාමිතියක් ලෙස භාවිත වන නමුත් ගැලවීම් ප්‍" "රකාරයට නොවේ." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map නැවත ජනනය වී ඇත" diff --git a/debian/po/sk.po b/debian/po/sk.po index edca84e32..d053062d2 100644 --- a/debian/po/sk.po +++ b/debian/po/sk.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2 1.99-5\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2011-07-19 07:49+0200\n" "Last-Translator: Slavko \n" "Language-Team: Slovak \n" @@ -72,6 +72,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Zariadenia na inštaláciu GRUB:" @@ -87,7 +88,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -127,7 +128,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -158,7 +159,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Zápis GRUBu do zavádzacieho zariadenia zlyhal – pokračovať?" @@ -167,12 +168,13 @@ msgstr "Zápis GRUBu do zavádzacieho zariadenia zlyhal – pokračovať?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Inštalácia GRUB zlyhala na týchto zariadeniach:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -200,7 +202,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Pokračovať bez inštalácie GRUB?" @@ -222,7 +224,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -334,7 +336,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -342,12 +344,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -367,15 +369,67 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Balík grub-pc je aktualizovaný. Toto menu vám umožňuje vybrať si, pre ktoré " +"zariadenia bude automaticky spustený grub-install, ak nejaké vyberiete." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Zvolili ste si neinštalovať GRUB na žiadne zariadenie, ak budete pokračovať, " +"zavádzač nemusí byť správne nastavený a pri ďalšom štarte tohoto počítača " +"bude použité to, čo bolo v zavádzacom sektore predtým. Ak je v zavádzacom " +"sektore predchádzajúca verzia GRUB 2, nemusí sa jej podariť načítať moduly " +"alebo spracovať aktuálny konfiguračný súbor." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Príkazový riadok kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -387,13 +441,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Predvolený príkazový riadok kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -401,6 +455,41 @@ msgstr "" "Nasledujúci reťazec bude použitý ako kFreeBSD parametre predvolenej položky " "menu, ale nie pre záchranný režim." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map bol aktualizovaný" diff --git a/debian/po/sl.po b/debian/po/sl.po index 783b29e6c..f98e489c4 100644 --- a/debian/po/sl.po +++ b/debian/po/sl.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-20 08:53+0100\n" "Last-Translator: Vanja Cvelbar \n" "Language-Team: Slovenian \n" @@ -72,6 +72,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Namestitvene naprave za GRUB:" @@ -87,7 +88,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -125,7 +126,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -155,7 +156,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Napaka pri pisanju na zagonsko napravo za GRUB. Želite nadaljevati?" @@ -164,12 +165,13 @@ msgstr "Napaka pri pisanju na zagonsko napravo za GRUB. Želite nadaljevati?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Napaka pri nameščanju GRUBa na sledeče naprave:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -198,7 +200,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Želite nadaljevati, ne da bi namestili GRUB?" @@ -220,7 +222,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -334,20 +336,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Prisilna dodatna namestitev v pot EFI na odstranljivem mediju?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Nekateri sistemi na osnovi EFI imajo napake in ne morejo pravilno " "uporabljati novih zagonskih nalagalnikov. Če prisilno dodatno namestite GRUB " @@ -379,15 +392,67 @@ msgstr "" "če so spremenljivke NVRAM nastavljene tako, da vaš sistem ob vsakem zagonu " "komunicira s strežnikom PXE, bo ta nastavitev ohranjena." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Nadgrajevanje paketa grub-pc. Ta meni vam omogoči izbiro naprav za katere " +"želite samodejno zagnati grub-install." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Izbrali ste, da ne boste namestili GRUBa na nobeno napravo. V primeru, da " +"nadaljujete zagonski nalagalnik ne bo pravilno nastavljen. Računalnik bo ob " +"naslednjem zagonu uporabil karkoli je bilo prej nameščeno na zagonskem " +"sektorju. V primeru, da se tam nahaja starejša različica GRUB 2 mogoče ta ne " +"bo uspela naložiti modulov ali brati sedanje nastavitvene datoteke." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Ukazna vrstica kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -400,13 +465,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Privzeta ukazna vrstica kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -414,6 +479,41 @@ msgstr "" "Sledeča vrstica bo uporabljena kot parameter kFreeBSD za privzeti vnos v " "meniju, ne pa za reševalni način." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "ustvarjena je bila datoteka /boot/grub/device.map" diff --git a/debian/po/sq.po b/debian/po/sq.po index 0b2078d71..ba3218f4b 100644 --- a/debian/po/sq.po +++ b/debian/po/sq.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-09-04 18:50+0200\n" "Last-Translator: Silva Arapi \n" "Language-Team: Albanian \n" @@ -74,6 +74,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Paisjet GRUB install:" @@ -89,7 +90,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -129,7 +130,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -160,7 +161,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Shkrimi i GRUP për të ndezur paisjen dvshtoi - do të vazhdoni?" @@ -169,12 +170,13 @@ msgstr "Shkrimi i GRUP për të ndezur paisjen dvshtoi - do të vazhdoni?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB nuk arriti të instaloj paisjet në vijim:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -202,7 +204,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Do të vazhdosh pa e instaluar GRUB?" @@ -222,7 +224,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -337,7 +339,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -345,12 +347,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -370,15 +372,65 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Paketa po përmirësohet. Kjo menu të lejon të zgjedhësh se cilat paisje do të " +"doje që grub-install ti ekzekutoj automatikisht, nëse ka ndonjë të till." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Ti zgjodhe të mos e instalosh GRUB në asnjë paisje. Nëse vazhdon, ngarkuesi " +"i ndezjes mund të mos konfigurohet siç duhet dhe kur ky kompjuter të filloj " +"herën tjetër, do të përdor çfardo ishte më parë në sektorin e ndezjes." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Linja komanduese kFreeBSD" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -391,13 +443,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Linja komanduese fillestare kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -405,6 +457,41 @@ msgstr "" "Stringu në vijim do të përdoren si parametër kFreeBSD për menun fillaster " "hyrëse por jo për gjëndjen e rekuperimit." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr " /boot/grub/device.map është rigjeneruar" diff --git a/debian/po/sr.po b/debian/po/sr.po index 3c85b1226..763632b43 100644 --- a/debian/po/sr.po +++ b/debian/po/sr.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2 1.98+2010804-2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2012-10-23 23:33+0100\n" "Last-Translator: Karolina Kalic \n" "Language-Team: Serbian\n" @@ -73,6 +73,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Уређаји за инсталирање GRUB-а:" @@ -88,7 +89,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -127,7 +128,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -157,7 +158,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Инсталација GRUB-а није успела - наставити?" @@ -166,12 +167,13 @@ msgstr "Инсталација GRUB-а није успела - наставит #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Инсталација GRUB-а није успела на следећим уређајима:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -199,7 +201,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Наставити без инсталирања GRUB-а?" @@ -221,7 +223,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -333,7 +335,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -341,12 +343,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -366,15 +368,67 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Пакет grub-pc се апгрејдује. Овај мени вам дозвољава да изаберете за које " +"уређаје ће grub-install аутоматски да се покрене." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB, ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Одабрали сте да не инсталирате GRUB ни на један уређај. Ако наставите, бут " +"учитавач можда неће бити исправно подешен, акада се овај рачунар следећи пут " +"упали, користиће се шта год да је претходно било у бут сектору. Ако се тамо " +"налази ранијаверзија GRUB 2, можда ће доћи до проблема сa учитавањем модула " +"или читањем тренутне датотеке поставки." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD командна линија:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -386,13 +440,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD подразумевајућа командна линија:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -400,6 +454,41 @@ msgstr "" "Следећи стринг ће бити употребљен као kFreeBSD параметри за подреазумевано " "покретање, али не и за мод за поправку." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map је поново генерисан" diff --git a/debian/po/sr@latin.po b/debian/po/sr@latin.po index f81302675..064dcd2b2 100644 --- a/debian/po/sr@latin.po +++ b/debian/po/sr@latin.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2 1.98+2010804-2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2012-10-23 23:33+0100\n" "Last-Translator: Karolina Kalic \n" "Language-Team: Serbian\n" @@ -73,6 +73,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Uređaji za instaliranje GRUB-a:" @@ -88,7 +89,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -127,7 +128,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -157,7 +158,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Instalacija GRUB-a nije uspela - nastaviti?" @@ -166,12 +167,13 @@ msgstr "Instalacija GRUB-a nije uspela - nastaviti?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Instalacija GRUB-a nije uspela na sledećim uređajima:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -199,7 +201,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Nastaviti bez instaliranja GRUB-a?" @@ -221,7 +223,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -333,7 +335,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -341,12 +343,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -366,15 +368,67 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Paket grub-pc se apgrejduje. Ovaj meni vam dozvoljava da izaberete za koje " +"uređaje će grub-install automatski da se pokrene." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB, ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Odabrali ste da ne instalirate GRUB ni na jedan uređaj. Ako nastavite, but " +"učitavač možda neće biti ispravno podešen, akada se ovaj računar sledeći put " +"upali, koristiće se šta god da je prethodno bilo u but sektoru. Ako se tamo " +"nalazi ranijaverzija GRUB 2, možda će doći do problema sa učitavanjem modula " +"ili čitanjem trenutne datoteke postavki." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD komandna linija:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -386,13 +440,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD podrazumevajuća komandna linija:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -400,6 +454,41 @@ msgstr "" "Sledeći string će biti upotrebljen kao kFreeBSD parametri za podreazumevano " "pokretanje, ali ne i za mod za popravku." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map je ponovo generisan" diff --git a/debian/po/sv.po b/debian/po/sv.po index 604616c7b..67cad0a31 100644 --- a/debian/po/sv.po +++ b/debian/po/sv.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2_sv\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-21 15:16+0100\n" "Last-Translator: Martin Bagge / brother \n" "Language-Team: Swedish \n" @@ -75,6 +75,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB installationsenheter:" @@ -90,7 +91,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -130,7 +131,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -161,7 +162,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Skriva GRUB till uppstartsenhet misslyckades - fortsätta?" @@ -170,12 +171,13 @@ msgstr "Skriva GRUB till uppstartsenhet misslyckades - fortsätta?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB kunde inte installeras på följande enheter:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -203,7 +205,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Fortsätt utan att installera GRUB?" @@ -226,7 +228,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -338,20 +340,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Forcera installation till flyttbar EFI-media?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Vissa EFI-baserade system beter sig felaktigt och kan inte hantera nyare " "uppstartshanterare korrekt. Om Grub-installationen forceras in i en flyttbar " @@ -382,15 +395,68 @@ msgstr "" "undvika att ändra inställningarna för systemstart. Exempelvis om dina NVRAM-" "variabler är satta till att systemet kontaktar en PXE-server vid varje start." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Paketet grub-pc uppdateras. Denna meny ger dig möjlighet att välja vilka, om " +"några, enheter som grub-install ska köras automatiskt för." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Du valde att inte installera GRUB på några enheter. Om du fortsätter kommer " +"uppstartshanteraren kanske inte att få korrekta inställningar och när ditt " +"system startar nästa gång kommer det att använda vad som tidigare fanns i " +"boot-sektorn. Om en tidigare version av GRUB 2 används i boot-sektorn finns " +"risk att vissa moduler inte kan laddas och hantera de aktuella " +"inställningsfilerna." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Kommandorad för kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -402,13 +468,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Standardkommandorad för kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -416,6 +482,41 @@ msgstr "" "Följande sträng kommer användas som Linux-parametrar för standardmenyvalet " "men inte för återhämtningsläge (eng. recovery)." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map har skapats på nytt" diff --git a/debian/po/ta.po b/debian/po/ta.po index e2cde495b..abafdd5f0 100644 --- a/debian/po/ta.po +++ b/debian/po/ta.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: ta\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2012-02-16 10:15+0530\n" "Last-Translator: Dr.T.Vasudevan \n" "Language-Team: Tamil \n" @@ -70,6 +70,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "க்ரப் நிறுவல் சாதனங்கள்: " @@ -85,7 +86,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -125,7 +126,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -155,7 +156,7 @@ msgstr "- ${DEVICE} (${SIZE} எம்பி(MB); ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "பூட் சாதனத்துக்கு க்ரப் ஐ எழுதுவது தோவியடைந்தது - தொடரலாமா?" @@ -164,12 +165,13 @@ msgstr "பூட் சாதனத்துக்கு க்ரப் ஐ #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "பின் வரும் சாதனங்களில் க்ரப் நிறுவுதல் தோல்வியடைந்தது:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -196,7 +198,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "க்ரப் ஐ நிறுவாமல் தொடரலாமா?" @@ -217,7 +219,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -326,7 +328,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -334,12 +336,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -359,15 +361,66 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"க்ரப்-பிசி பொதி மேம்படுத்தப்படுகிறது. இந்த மெனு க்ரப் நிறுவல் தானியங்கியாக இயங்க " +"சாதனங்கள் ஏதும் இருந்தால் அதை தேர்ந்தெடுக்க இது அனுமதிக்கிறது." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} எம்பி (MB); ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"நீங்கள் எந்த சாதனத்திலும் க்ரப் ஐ நிறுவாமல் இருக்க தேர்ந்தெடுத்து உள்ளீர்கள். நீங்கள் தொடர்ந்தால் " +"பூட் ஏற்றி சரியாக வடிவமைக்கப்படாமல் போகலாம். அதனால் கணினி மீண்டும் துவங்கும்போது முன்பு " +"பூட் தொகுதியில் என்ன இருந்ததோ அதையே பயன்படுத்தும். அங்கே க்ரப் 2 இன் முந்தைய பதிப்பு " +"இருப்பின் மாட்யூல்களை ஏற்றுதலும் நடப்பு வடிவமைப்பு கோப்பை கையாளுவதும் இயலாமல் போகலாம்." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "கேப்ரீபிஎஸ்டி கட்டளை வரி:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -379,13 +432,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "கேப்ரீபிஎஸ்டி முன்னிருப்பு கட்டளை வரி:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -393,6 +446,41 @@ msgstr "" "பின் வரும் சரங்கள் முன்னிருப்பு மெனு உள்ளீட்டுக்கு கேப்ரீபிஎஸ்டி அளபுருக்களாக " "பயன்படுத்தப்படும்; ஆனால் மீட்டெடுப்பு பாங்குக்கு அல்ல" +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map மறு உருவாக்கப்பட்டது" diff --git a/debian/po/templates.pot b/debian/po/templates.pot index c28004bf4..c71c302b8 100644 --- a/debian/po/templates.pot +++ b/debian/po/templates.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -61,6 +61,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "" @@ -74,7 +75,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -105,7 +106,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -131,7 +132,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "" @@ -140,12 +141,13 @@ msgstr "" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -168,7 +170,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "" @@ -185,7 +187,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -277,7 +279,7 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -285,12 +287,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -310,15 +312,47 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect #. Description #: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" + +#. Type: text +#. Description +#: ../templates.in:7001 +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -327,14 +361,49 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." msgstr "" + +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" diff --git a/debian/po/th.po b/debian/po/th.po index 9d8833099..4a6ea0cfe 100644 --- a/debian/po/th.po +++ b/debian/po/th.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: grub\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-20 14:46+0700\n" "Last-Translator: Theppitak Karoonboonyanan \n" "Language-Team: Thai \n" @@ -67,6 +67,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "อุปกรณ์ที่จะติดตั้ง GRUB:" @@ -82,7 +83,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -120,7 +121,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -150,7 +151,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "เขียน GRUB ลงในอุปกรณ์บูตไม่สำเร็จ - ดำเนินการต่อไปหรือไม่?" @@ -159,12 +160,13 @@ msgstr "เขียน GRUB ลงในอุปกรณ์บูตไม่ #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "ติดตั้ง GRUB ลงในอุปกรณ์ต่อไปนี้ไม่สำเร็จ:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -190,7 +192,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "จะดำเนินการต่อไปโดยไม่ติดตั้ง GRUB หรือไม่?" @@ -211,7 +213,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -317,20 +319,31 @@ msgstr "พารามิเตอร์ต่อไปนี้จะใช้ #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "จะบังคับติดตั้งส่วนพิเศษเพิ่มเติมลงในพาธของสื่อถอดเสียบของ EFI หรือไม่?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "ระบบที่อิง EFI บางระบบมีข้อบกพร่อง และไม่ได้จัดการบูตโหลดเดอร์ตัวใหม่ๆ อย่างถูกต้อง " "ถ้าคุณบังคับติดตั้งส่วนพิเศษเพิ่มเติมของ GRUB ลงในพาธของสื่อถอดเสียบของ EFI " @@ -361,15 +374,66 @@ msgstr "" "ของคุณได้ถูกตั้งค่าไว้ให้ระบบติดต่อไปยังเซิร์ฟเวอร์ PXE ทุกครั้งที่บูต คุณก็อาจเลือกไม่ปรับตัวแปร " "NVRAM นี้ และระบบก็จะคงพฤติกรรมเดิมนั้นไว้" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"กำลังจะปรับรุ่นแพกเกจ grub-pc ขึ้น เมนูนี้จะช่วยคุณเลือกอุปกรณ์ที่คุณต้องการให้เรียก grub-" +"install โดยอัตโนมัติเพื่อติดตั้ง GRUB ถ้ามีอุปกรณ์ดังกล่าว" + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"คุณได้เลือกที่จะไม่ติดตั้ง GRUB ลงในอุปกรณ์ใดเลย ถ้าดำเนินการต่อไป " +"บูตโหลดเดอร์อาจอยู่ในสภาพที่ไม่ได้ตั้งค่าอย่างสมบูรณ์ และเมื่อเปิดเครื่องครั้งต่อไป " +"ก็จะใช้สิ่งที่อยู่ในบูตเซกเตอร์ก่อนหน้านี้ และถ้าในบูตเซกเตอร์มี GRUB 2 รุ่นเก่าอยู่ " +"ก็อาจจะไม่สามารถโหลดมอดูลหรือใช้แฟ้มค่าตั้งปัจจุบันได้" + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "พารามิเตอร์สำหรับบูต kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -381,18 +445,53 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "พารามิเตอร์สำหรับบูต kFreeBSD แบบปกติ:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." msgstr "พารามิเตอร์ต่อไปนี้จะใช้ในเมนูสำหรับบูต kFreeBSD แบบปกติ แต่จะไม่ใช้กับโหมดกู้ระบบ" +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "สร้าง /boot/grub/device.map ใหม่เรียบร้อยแล้ว" diff --git a/debian/po/tr.po b/debian/po/tr.po index 599b3cf41..996a74828 100644 --- a/debian/po/tr.po +++ b/debian/po/tr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: debian-installer\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-20 15:18+0300\n" "Last-Translator: Mert Dirik \n" "Language-Team: Debian L10n Turkish \n" @@ -72,6 +72,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB kurulum aygıtları:" @@ -87,7 +88,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -128,7 +129,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -159,7 +160,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "" "GRUB'u önyükleme aygıtına yazma işlemi başarısız oldu. Yine de devam edilsin " @@ -170,12 +171,13 @@ msgstr "" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Aşağıdaki aygıtlara GRUB kurulumu yapılamadı:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -204,7 +206,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "GRUB kurulmadan devam edilsin mi?" @@ -226,7 +228,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -339,20 +341,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "EFI taşınabilir ortam yoluna fazladan bir kurulum yapılsın mı?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Bazı EFI tabanlı sistemler hatalı olduklarından yeni önyükleyicileri olması " "gerektiği gibi yönetemeyebilirler. Buna rağmen GRUB'un fazladan bir " @@ -386,15 +399,67 @@ msgstr "" "açılışta PXE sunucuları ile iletişim kuracak şekilde ayarlanmışsa bu " "davranış aynı şekilde devam edecektir." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"grub-pc paketi yükseltiliyor. Bu menü, eğer varsa, grub-install komutunun " +"hangi aygıtlar için otomatik olarak çalıştırılacağını seçmenize olanak tanır." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"GRUB'u hiçbir aygıta kurmamayı seçtiniz. Devam ederseniz önyükleyici düzgün " +"yapılandırılmayabilir ve bu bilgisayar bir sonraki açılışında önyükleme " +"sektöründe daha önceden bulunan kayıtları kullanır. Eğer önyükleme " +"sektöründe GRUB 2'nin eski bir sürümü varsa, mevcut yapılandırma dosyasını " +"kullanamayabilir veya modülleri yükleyemeyebilir." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD komut satırı:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -406,13 +471,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Öntanımlı kFreeBSD komut satırı:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -420,6 +485,41 @@ msgstr "" "Aşağıdaki dizgi öntanımlı menü girişinin kFreeBSD parametreleri olarak " "kullanılacak; fakat kurtarma kipi için kullanılmayacaktır." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map dosyası yeniden oluşturuldu" diff --git a/debian/po/ug.po b/debian/po/ug.po index 691199242..24e29baf6 100644 --- a/debian/po/ug.po +++ b/debian/po/ug.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: grub_debian\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-26 21:24-0500\n" "Last-Translator: Abduqadir Abliz \n" "Language-Team: Uyghur Computer Science Association \n" @@ -72,6 +72,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB ئورنىتىش ئۈسكۈنىسى:" @@ -87,7 +88,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -128,7 +129,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -159,7 +160,7 @@ msgstr "- ${DEVICE} (${SIZE} MB, ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "GRUB نى قوزغىتىش ئۈسكۈنىسىگە يازالمىدى - داۋاملاشتۇرامدۇ؟" @@ -168,12 +169,13 @@ msgstr "GRUB نى قوزغىتىش ئۈسكۈنىسىگە يازالمىدى - #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB نى تۆۋەندىكى ئۈسكۈنىگە ئورنىتالمىدى:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -201,7 +203,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "GRUB نى ئورناتماي داۋاملاشتۇرامدۇ؟" @@ -224,7 +226,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -337,21 +339,32 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" "مەزكۇر EFI كۆچمە ۋاسىتە يولىنى مەجبۇرىي ھالدا نورمىدىن ئارتۇق ئورنىتامدۇ؟" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "بىر قىسىم EFI ئاساسىدىكى سىستېمىلاردا مەسىلە بار ئۇنىڭ ئۈستىگە يېڭى " "يېتەكلەشنى يۈكلەش پىروگراممىسىنى توغرا بىر تەرەپ قىلالمايدۇ. ئەگەر GRUB نى " @@ -386,15 +399,68 @@ msgstr "" "قوزغالغاندا PXE مۇلازىمېتىر بىلەن باغلىنىدىغان قىلىپ تەڭشەلگەن بولسا، بۇ " "قىلمىشنى ساقلاپ قالىدۇ." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"grub-pc بوغچىسى يېڭىلاندى. بۇ تىزىملىك سىزنىڭ قايسى ئۈسكۈنىدە grub-install " +"نى ئۆزلۈكىدىن ئىجرا قىلىشنى تاللىشىڭىزغا يول قويىدۇ، ئەگەر بار بولسا." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB, ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"سىز ھېچقانداق ئۈسكۈنىگە GRUB ئورنىتىشنى تاللىمىدىڭىز. ئەگەر " +"داۋاملاشتۇرسىڭىز، قوزغىتىش يېتەكلىگۈچنى توغرا سەپلىيەلمەسلىكىڭىز مۇمكىن، " +"كومپيۇتېرىڭىز كېيىنكى قېتىم قوزغالغاندا ئۇ يېتەكلەش سېكتورىدىكى ئىلگىرىكى " +"مەزمۇننى ئىشلىتىدۇ. ئەگەر يېتەكلەش سېكتورىدا ئىلگىرىكى نەشرىدىكى GRUB 2 " +"بولسا ئۇنىڭ بۆلەكلىرىنى ياكى نۆۋەتتىكى سەپلىمە ھۆججەتنى يۈكلىگىلى بولماسلىقى " +"مۇمكىن." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD بۇيرۇق قۇرى:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -406,13 +472,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD كۆڭۈلدىكى بۇيرۇق قۇرى:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -420,6 +486,41 @@ msgstr "" "تۆۋەندىكى ھەرپ تىزىقى كۆڭۈلدىكى تىزىملىك تۈرىنىڭ kFreeBSD پارامېتىرىغا " "ئىشلىتىلىدۇ ئەمما ئەسلىگە كەلتۈرۈش ھالىتىگە قوللىنىلمايدۇ." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map ھاسىل قىلىندى" diff --git a/debian/po/uk.po b/debian/po/uk.po index c661e7d34..d56dd6cd2 100644 --- a/debian/po/uk.po +++ b/debian/po/uk.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-23 16:36+0200\n" "Last-Translator: Yatsenko Alexandr \n" "Language-Team: Ukrainian \n" @@ -72,6 +72,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Дискові пристрої для встановлення GRUB:" @@ -87,7 +88,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -127,7 +128,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -158,7 +159,7 @@ msgstr "- ${DEVICE} (${SIZE} МБ; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Не вдалося записати GRUB до завантажувального пристрою. Продовжити?" @@ -167,12 +168,13 @@ msgstr "Не вдалося записати GRUB до завантажувал #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Не вдалося встановити GRUB до наступних дискових пристроїв:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -201,7 +203,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Продовжити без встановлення GRUB?" @@ -223,7 +225,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -335,21 +337,32 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" "Здійснити примусове встановлення до EFI, розташованого на змінному носії?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Деякі EFI-системи мають вади, що не дають їм коректно працювати із новими " "завантажувачами. Якщо ви виконаєте примусове встановлення GRUB на змінний " @@ -380,15 +393,67 @@ msgstr "" "прикладу, якщо ваші змінні NVRAM налаштовані на автоматичне з'єднання " "системи із PXE-сервером при кожному завантаженні, то ви збережете їх." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Пакунок grub-pc було оновлено. Це меню дозволить вам обрати дискові пристрої " +"з яких grub-install буде автоматично запускатися." + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} МБ; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Ви обрали не встановлювати GRUB на жоден пристрій. Якщо так продовжувати, " +"завантажувач може бути не до кінця налаштований і при наступному запуску " +"комп'ютера буде використано те, що є наразі у завантажувальному секторі. " +"Якщо там виявиться попередня версія GRUB 2, вона, можливо, не зможе " +"завантажити модулі чи опрацювати поточний конфігураційний файл." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Рядок параметрів ядра kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -401,13 +466,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Типовий рядок параметрів ядра kFreeBSD:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -415,6 +480,41 @@ msgstr "" "Даний рядок буде використано як параметри ядра kFreeBSD для типового пункту " "меню, проте не для режиму відновлення." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map було створено наново" diff --git a/debian/po/vi.po b/debian/po/vi.po index 6ece40462..9e622a6ad 100644 --- a/debian/po/vi.po +++ b/debian/po/vi.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2017-01-21 08:26+0700\n" "Last-Translator: Trần Ngọc Quân \n" "Language-Team: Vietnamese \n" @@ -73,6 +73,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "Những thiết bị cài đặt GRUB:" @@ -88,7 +89,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -128,7 +129,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -161,7 +162,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "Việc ghi GRUB vào thiết bị khởi động bị lỗi - tiếp tục không?" @@ -170,12 +171,13 @@ msgstr "Việc ghi GRUB vào thiết bị khởi động bị lỗi - tiếp t #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB gặp lỗi khi cài đặt vào những thiết bị sau đây:" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -202,7 +204,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "Tiếp tục lại mà không cài đặt GRUB?" @@ -224,7 +226,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -335,20 +337,31 @@ msgstr "" #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +#, fuzzy +#| msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "Buộc cài đặt thêm cho đường dẫn thiết bị di động đa phương tiện EFI?" #. Type: boolean #. Description #: ../templates.in:3001 +#, fuzzy +#| msgid "" +#| "Some EFI-based systems are buggy and do not handle new bootloaders " +#| "correctly. If you force an extra installation of GRUB to the EFI " +#| "removable media path, this should ensure that this system will boot " +#| "Debian correctly despite such a problem. However, it may remove the " +#| "ability to boot any other operating systems that also depend on this " +#| "path. If so, you will need to make sure that GRUB is configured " +#| "successfully to be able to boot any other OS installations correctly." msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" "Một số hệ thống dựa trên EFI có lỗi và không thể xử lý bootloader mới một " "cách chính xác. Nếu bạn buộc cài đặt GRUB thêm vào đường dẫn thiết bị di " @@ -380,15 +393,68 @@ msgstr "" "nếu biến NVRAM của bạn đã được cài đặt như thế hệ thống liên lạc với máy " "phục vụ PXE mỗi lần khởi động, điều này sẽ ngăn ngừa cách hành xử đó." -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"Gói grub-pc sắp được cập nhật. Trình đơn này cho bạn chọn thiết bị nào, nếu " +"có, mà bạn muốn grub-install tự động chạy trên đó." + +# Variable: don't translate; Biến: đừng dịch +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Bạn đã chọn không cài đặt GRUB vào thiết bị nào. Nếu tiếp tục thì bộ nạp " +"khởi động có thể bị cấu hình sai, và khi máy tính khởi động lại nó sẽ sử " +"dụng dữ liệu bất kỳ trước đây có trong rãnh ghi khởi động. Nếu rãnh ghi khởi " +"động chứa một phiên bản GRUB 2 cũ, nó có thể không nạp được mô-đun hoặc " +"không xử lý được tập tin cấu hình hiện thời." + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "Dòng lệnh kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -400,13 +466,13 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "Dòng lệnh kFreeBSD mặc định:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -414,6 +480,41 @@ msgstr "" "Chuỗi theo đây sẽ được sử dụng làm các tham số kFreeBSD cho mục nhập trình " "đơn mặc định, mà không phải cho chế độ phục hồi." +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "Tập tin /boot/grub/device.map đã được tạo lại." diff --git a/debian/po/zh_CN.po b/debian/po/zh_CN.po index 67f69f77c..77c66a9c7 100644 --- a/debian/po/zh_CN.po +++ b/debian/po/zh_CN.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2-po-debconf master\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2011-05-28 17:29+0800\n" "Last-Translator: YunQiang Su \n" "Language-Team: Chinese (simplified) \n" @@ -68,6 +68,7 @@ msgstr "" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +#: ../templates.in:6001 msgid "GRUB install devices:" msgstr "GRUB 安装设备:" @@ -83,7 +84,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 +#: ../grub-pc.templates.in:3001 ../templates.in:5001 msgid "" "Running grub-install automatically is recommended in most situations, to " "prevent the installed GRUB core image from getting out of sync with GRUB " @@ -120,7 +121,7 @@ msgstr "" #. Type: multiselect #. Description -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:4001 ../templates.in:6001 msgid "" "The GRUB boot loader was previously installed to a disk that is no longer " "present, or whose unique identifier has changed for some reason. It is " @@ -149,7 +150,7 @@ msgstr "- ${DEVICE} (${SIZE} MB; ${PATH})" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "Writing GRUB to boot device failed - continue?" msgstr "将 GRUB 写入引导设备失败 - 要继续吗?" @@ -158,12 +159,13 @@ msgstr "将 GRUB 写入引导设备失败 - 要继续吗?" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 +#: ../templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "GRUB 安装到如下设备时失败。" #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 +#: ../grub-pc.templates.in:7001 ../templates.in:8001 msgid "" "Do you want to continue anyway? If you do, your computer may not start up " "properly." @@ -188,7 +190,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "Continue without installing GRUB?" msgstr "不安装 GRUB 并且继续?" @@ -208,7 +210,7 @@ msgstr "" #. Type: boolean #. Description -#: ../grub-pc.templates.in:9001 +#: ../grub-pc.templates.in:9001 ../templates.in:9001 msgid "" "If you are already using a different boot loader and want to carry on doing " "so, or if this is a special environment where you do not need a boot loader, " @@ -311,7 +313,7 @@ msgstr "如下字符串将被用于默认菜单项的 Linux 参数,但是不 #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Force extra installation to the EFI removable media path?" +msgid "Skip extra installation to the EFI removable media path?" msgstr "" #. Type: boolean @@ -319,12 +321,12 @@ msgstr "" #: ../templates.in:3001 msgid "" "Some EFI-based systems are buggy and do not handle new bootloaders " -"correctly. If you force an extra installation of GRUB to the EFI removable " -"media path, this should ensure that this system will boot Debian correctly " -"despite such a problem. However, it may remove the ability to boot any other " -"operating systems that also depend on this path. If so, you will need to " -"make sure that GRUB is configured successfully to be able to boot any other " -"OS installations correctly." +"correctly. If you do not make an extra installation of GRUB to the EFI " +"removable media path, this may prevent your system from booting Debian " +"correctly in case it is affected by this problem. However, it may remove the " +"ability to boot any other operating systems that also depend on this path. " +"If so, you will need to make sure that GRUB is configured successfully to be " +"able to boot any other OS installations correctly." msgstr "" #. Type: boolean @@ -344,15 +346,65 @@ msgid "" "server on every boot, this would preserve that behavior." msgstr "" -#. Type: string +#. Type: multiselect +#. Description +#: ../templates.in:5001 +msgid "GRUB EFI system partitions:" +msgstr "" + +#. Type: multiselect #. Description #: ../templates.in:5001 +#, fuzzy +#| msgid "" +#| "The grub-pc package is being upgraded. This menu allows you to select " +#| "which devices you'd like grub-install to be automatically run for, if any." +msgid "" +"The grub-efi package is being upgraded. This menu allows you to select which " +"EFI system partions you'd like grub-install to be automatically run for, if " +"any." +msgstr "" +"grub-pc 包已经升级。此菜单允许您选择在哪个设备上自动运行 grub-install,如果有" +"的话。" + +#. Type: text +#. Description +#: ../templates.in:7001 +#, fuzzy +#| msgid "${DEVICE} (${SIZE} MB; ${MODEL})" +msgid "${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL}" +msgstr "${DEVICE} (${SIZE} MB; ${MODEL})" + +#. Type: boolean +#. Description +#: ../templates.in:9001 +#, fuzzy +#| msgid "" +#| "You chose not to install GRUB to any devices. If you continue, the boot " +#| "loader may not be properly configured, and when this computer next starts " +#| "up it will use whatever was previously in the boot sector. If there is an " +#| "earlier version of GRUB 2 in the boot sector, it may be unable to load " +#| "modules or handle the current configuration file." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously configured. If there is an earlier " +"version of GRUB 2 in the EFI system partition, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"您没有选择向任何设备安装 GRUB。如果继续,引导器可能不能正确配置,当您的计算机" +"下次启动时,它将使用引导扇区中先前的内容。如果引导扇区中有早期版本的 GRUB 2," +"其可能不能加载模块或者处理当前配置文件。" + +#. Type: string +#. Description +#: ../templates.in:10001 msgid "kFreeBSD command line:" msgstr "kFreeBSD 参数:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:10001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -364,18 +416,53 @@ msgstr "" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD 默认命令行:" #. Type: string #. Description -#: ../templates.in:6001 +#: ../templates.in:11001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." msgstr "如下字符串将用于默认菜单项的 kFreeBSD 参数,但不会用于恢复模式。" +#. Type: title +#. Description +#: ../templates.in:12001 +msgid "unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "Cannot upgrade Secure Boot enforcement policy due to unsigned kernels" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"Your system has UEFI Secure Boot enabled in firmware, and the following " +"kernels present on your system are unsigned:" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid " ${unsigned_versions}" +msgstr "" + +#. Type: note +#. Description +#: ../templates.in:13001 +msgid "" +"These kernels cannot be verified under Secure Boot. To ensure your system " +"remains bootable, GRUB will not be upgraded on your disk until these kernels " +"are removed or replaced with signed kernels." +msgstr "" + #~ msgid "/boot/grub/device.map has been regenerated" #~ msgstr "/boot/grub/device.map 已经生成" diff --git a/debian/po/zh_TW.po b/debian/po/zh_TW.po index 8db006f94..0370359fd 100644 --- a/debian/po/zh_TW.po +++ b/debian/po/zh_TW.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2019-02-26 09:54+0000\n" +"POT-Creation-Date: 2020-04-09 12:18+0200\n" "PO-Revision-Date: 2014-12-17 17:08-0800\n" "Last-Translator: Vincent Chen \n" "Language-Team: Debian-user in Chinese [Big5] &2 + echo "WARNING: Bootloader is not properly installed, system may not be bootable" >&2 + fi +} + case "$1" in configure) . /usr/share/debconf/confmodule devicemap_regenerated= + if [ @PACKAGE@ = "grub-efi-amd64" ] && dpkg --compare-versions "$2" lt-nl 2.02-2ubuntu11; then + /usr/share/grub/grub-check-signatures + fi + if egrep -q '^[[:space:]]*post(inst|rm)_hook[[:space:]]*=[[:space:]]*(/sbin/|/usr/sbin/)?update-grub' /etc/kernel-img.conf 2>/dev/null; then echo 'Removing update-grub hooks from /etc/kernel-img.conf in favour of' >&2 echo '/etc/kernel/ hooks.' >&2 @@ -402,6 +430,15 @@ case "$1" in apply_conf_tweaks "$conf_files" sed_conf 's/^GRUB_HIDDEN_TIMEOUT=/#&/' fi ;; + grub-ieee1275) + if grep ^platform /proc/cpuinfo | grep -q PowerNV; then + cat <<-EOF >>"$tmp_default_grub" + + # Disable os-prober for ppc64el on the PowerNV platform (for Petitboot) + GRUB_DISABLE_OS_PROBER=true + EOF + fi + ;; esac # If the template configuration file hasn't changed, then no conflict is @@ -501,7 +538,11 @@ case "$1" in elif running_in_container; then # Skip grub-install in containers. : - elif test -z "$2" || test -e /boot/grub/core.img || \ + elif dpkg --compare-versions "$2" ge 2.04-1ubuntu26 && [ -z "$DEBCONF_RECONFIGURE" ]; then + # Avoid the possibility of breaking grub on SRU update + # due to ABI change + : + elif test -e /boot/grub/core.img || \ test -e /boot/grub/@FIRST_CPU_PLATFORM@/core.img || \ test "$UPGRADE_FROM_GRUB_LEGACY" || test "$wubi_device"; then question=grub-pc/install_devices @@ -621,7 +662,7 @@ case "$1" in continue fi else - break # noninteractive + exit 1 # noninteractive fi fi fi @@ -644,7 +685,14 @@ case "$1" in db_fset grub-pc/install_devices_empty seen false fi else - break # noninteractive + # if question was seen we are done + # Otherwise, abort + db_fget grub-pc/install_devices_empty seen + if [ "$RET" = true ]; then + break + else + exit 1 + fi fi else break @@ -676,20 +724,38 @@ case "$1" in case $bootloader_id in kubuntu) bootloader_id=ubuntu ;; esac - if [ "$bootloader_id" ] && [ -d "/boot/efi/EFI/$bootloader_id" ]; then - case @PACKAGE@ in - grub-efi-ia32) target=i386-efi ;; - grub-efi-amd64) target=x86_64-efi ;; - grub-efi-ia64) target=ia64-efi ;; - grub-efi-arm) target=arm-efi ;; - grub-efi-arm64) target=arm64-efi ;; - esac - db_get grub2/force_efi_extra_removable + + if dpkg --compare-versions "$2" lt-nl 2.02-1~; then + # Try to not break people upgrading by suddenly installing things + # to /EFI/BOOT without knowing if it might break. + db_get grub2/force_efi_extra_removable || true + if [ "$RET" = false ]; then + db_set grub2/no_efi_extra_removable true + db_fset grub2/no_efi_extra_removable seen true + fi + db_reset grub2/force_efi_extra_removable || true + if [ -e "/boot/efi/EFI/${bootloader_id}/fbx64.efi" ]; then + rm -f "/boot/efi/EFI/${bootloader_id}/fbx64.efi"; + fi + fi + + case @PACKAGE@ in + grub-efi-ia32) target=i386-efi ;; + grub-efi-amd64) target=x86_64-efi ;; + grub-efi-ia64) target=ia64-efi ;; + grub-efi-arm) target=arm-efi ;; + grub-efi-arm64) target=arm64-efi ;; + esac + # Check /boot/grub to see if we previously installed to an ESP. We don't + # want to trigger the install code just by installing the package, + # normally the installer installs grub itself first. + if test -e /boot/grub/$target/core.efi; then + db_get grub2/no_efi_extra_removable if [ "$RET" = true ]; then - FORCE_EXTRA_REMOVABLE="--force-extra-removable" + NO_EXTRA_REMOVABLE="--no-extra-removable" fi NO_NVRAM="$(no_nvram_arg)" - run_grub_install --target="$target" "$FORCE_EXTRA_REMOVABLE" "$NO_NVRAM" + run_grub_multi_install --target="$target" "$NO_EXTRA_REMOVABLE" "$NO_NVRAM" fi # /boot/grub/ has more chances of being accessible by GRUB diff --git a/debian/rules b/debian/rules index 907f062fe..eca219a42 100755 --- a/debian/rules +++ b/debian/rules @@ -16,6 +16,9 @@ HOST_CPPFLAGS := $(shell dpkg-buildflags --get CPPFLAGS) HOST_CFLAGS := -Wall -Wno-error=unused-result $(shell dpkg-buildflags --get CFLAGS | perl -pe 's/-O3\b/-O2/') HOST_LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) +# to get new minilzo, with CVE fixes, patched to build with our compiler +BUILT_USING=$(shell dpkg-query -f '$${source:Package} (= $${source:Version}), \n' -W liblzo2-dev) + export DEB_HOST_ARCH export HOST_CPPFLAGS export HOST_CFLAGS @@ -95,7 +98,7 @@ FLICKER_FREE_BOOT := no endif ifeq ($(FLICKER_FREE_BOOT),yes) -DEFAULT_HIDDEN_TIMEOUT := 0 +DEFAULT_TIMEOUT := 0 DEFAULT_HIDDEN_TIMEOUT_BOOL := true confflags += \ --enable-quiet-boot \ @@ -106,7 +109,6 @@ substvars += \ -Vlsb-base-depends="lsb-base (>= 3.0-6)" \ -Vgfxpayload-depends="grub-gfxpayload-lists [any-i386 any-amd64]" else -DEFAULT_HIDDEN_TIMEOUT := DEFAULT_HIDDEN_TIMEOUT_BOOL := false endif @@ -118,7 +120,9 @@ debian/stamps/build-grub-efi-amd64 install/grub-efi-amd64: export SB_EFI_NAME := debian/stamps/build-grub-efi-arm64 install/grub-efi-arm64: export SB_PLATFORM := arm64-efi debian/stamps/build-grub-efi-arm64 install/grub-efi-arm64: export SB_EFI_NAME := aa64 SB_PACKAGE := +ONLY_BUILD := ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes)) +ONLY_BUILD := -Ngrub-efi-amd64 -Ngrub-efi-amd64-bin -Ngrub-efi-amd64-dbg -Ngrub-efi-arm64 -Ngrub-efi-arm64-bin -Ngrub-efi-arm64-dbg ifeq ($(DEB_HOST_ARCH),amd64) SB_PACKAGE := grub-efi-amd64 endif @@ -134,9 +138,10 @@ endif SB_EFI_VENDOR ?= $(shell dpkg-vendor --query vendor | tr '[:upper:]' '[:lower:]') %: - dh $@ --with=bash_completion + dh $@ --with=bash_completion,systemd override_dh_auto_configure: $(patsubst %,configure/%,$(BUILD_PACKAGES)) + dh_auto_configure -- --enable-mm-debug override_dh_auto_build: $(patsubst %,build/%,$(BUILD_PACKAGES)) @@ -166,7 +171,17 @@ override_dh_autoreconf: cp -a debian/grub-extras/$$extra debian/grub-extras-enabled/; \ done env -u DH_OPTIONS GRUB_CONTRIB=$(CURDIR)/debian/grub-extras-enabled \ + PYTHON=python3 \ dh_autoreconf -- ./autogen.sh + for patchname in \ + 0001-Support-POTFILES-shell \ + 0002-Handle-gettext_printf-shell-function \ + 0003-Make-msgfmt-output-in-little-endian \ + 0004-Use-SHELL-rather-than-bin-sh; do \ + patch -d po -p3 \ + < "debian/gettext-patches/$$patchname.patch"; \ + done + cp /usr/share/lzo/minilzo/*.c /usr/share/lzo/minilzo/*.h grub-core/lib/minilzo/ debian/stamps/configure-grub-common: debian/stamps/configure-grub-$(COMMON_PLATFORM) touch $@ @@ -513,8 +528,8 @@ ifneq (,$(filter grub2-common,$(BUILD_PACKAGES))) -e "s/@DEFAULT_CMDLINE@/$(DEFAULT_CMDLINE)/g" \ -e "s/@DEFAULT_TIMEOUT@/$(DEFAULT_TIMEOUT)/g" \ debian/grub2-common/usr/share/grub/default/grub -ifneq (,$(DEFAULT_HIDDEN_TIMEOUT)) - perl -pi -e 's/^GRUB_TIMEOUT=.*/GRUB_HIDDEN_TIMEOUT=0\nGRUB_HIDDEN_TIMEOUT_QUIET=true\n$$&/' \ +ifneq (false,$(DEFAULT_HIDDEN_TIMEOUT_BOOL)) + perl -pi -e 's/^GRUB_TIMEOUT=.*/GRUB_TIMEOUT_STYLE=hidden\n$$&/' \ debian/grub2-common/usr/share/grub/default/grub endif endif @@ -554,20 +569,28 @@ LEGACY_DOC_BR := grub-doc (<< 0.97-32), grub-legacy-doc (<< 0.97-59) endif override_dh_gencontrol: - dh_gencontrol -- -Vlegacy-doc-br="$(LEGACY_DOC_BR)" -V"efi:Vendor=$(SB_EFI_VENDOR)" $(substvars) + dh_gencontrol $(ONLY_BUILD) -- -Vlegacy-doc-br="$(LEGACY_DOC_BR)" -V"efi:Vendor=$(SB_EFI_VENDOR)" -VBuilt-Using="$(BUILT_USING)" $(substvars) TARNAME := grub2_$(deb_version)_$(DEB_HOST_ARCH).tar.gz override_dh_builddeb: - dh_builddeb + dh_builddeb $(ONLY_BUILD) ifneq (,$(SB_PACKAGE)) echo $(deb_version) > obj/monolithic/$(SB_PACKAGE)/version - tar -c -f ../$(TARNAME) -a -C obj/monolithic/$(SB_PACKAGE) -v . - dpkg-distaddfile $(TARNAME) raw-uefi - +ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes)) + if [ -d obj/monolithic/$(SB_PACKAGE)/$(deb_version) ]; then \ + rm -rf obj/monolithic/$(SB_PACKAGE)/$(deb_version); \ + fi + mkdir -v obj/monolithic/$(SB_PACKAGE)/$(deb_version) + ln -v obj/monolithic/$(SB_PACKAGE)/* obj/monolithic/$(SB_PACKAGE)/$(deb_version) || : +endif + tar -c -f ../$(TARNAME) -a -C obj/monolithic/$(SB_PACKAGE) -v $(deb_version) + # Disable submitting obsolete grub2 for signing + #dpkg-distaddfile $(TARNAME) raw-uefi - endif override_dh_auto_clean: - -rm -rf debian/grub-extras-enabled debian/stamps obj + -rm -rf debian/grub-extras-enabled debian/stamps obj grub-core/lib/minilzo/*.c grub-core/lib/minilzo/*.h -rm -f contrib grub-core/contrib override_dh_clean: diff --git a/debian/signing-template.json.in b/debian/signing-template.json.in index bd7239608..08587f718 100644 --- a/debian/signing-template.json.in +++ b/debian/signing-template.json.in @@ -6,7 +6,6 @@ "files": [ {"sig_type": "efi", "file": "usr/lib/grub/@efi_platform@/monolithic/gcd@efi@.efi"}, {"sig_type": "efi", "file": "usr/lib/grub/@efi_platform@/monolithic/grubnet@efi@.efi"}, - {"sig_type": "efi", "file": "usr/lib/grub/@efi_platform@/monolithic/grubnet@efi@-installer.efi"}, {"sig_type": "efi", "file": "usr/lib/grub/@efi_platform@/monolithic/grub@efi@.efi"} ] } diff --git a/debian/templates.in b/debian/templates.in index fb0481134..72d3c9d95 100644 --- a/debian/templates.in +++ b/debian/templates.in @@ -12,17 +12,17 @@ _Description: Linux default command line: The following string will be used as Linux parameters for the default menu entry but not for the recovery mode. -Template: grub2/force_efi_extra_removable +Template: grub2/no_efi_extra_removable Type: boolean Default: false -_Description: Force extra installation to the EFI removable media path? +_Description: Skip extra installation to the EFI removable media path? Some EFI-based systems are buggy and do not handle new bootloaders correctly. - If you force an extra installation of GRUB to the EFI removable media path, - this should ensure that this system will boot Debian correctly despite such a - problem. However, it may remove the ability to boot any other operating - systems that also depend on this path. If so, you will need to make sure that - GRUB is configured successfully to be able to boot any other OS installations - correctly. + If you do not make an extra installation of GRUB to the EFI removable media + path, this may prevent your system from booting Debian correctly in case it is + affected by this problem. However, it may remove the ability to boot any other + operating systems that also depend on this path. If so, you will need to make + sure that GRUB is configured successfully to be able to boot any other OS + installations correctly. Template: grub2/update_nvram Type: boolean @@ -34,6 +34,60 @@ _Description: Update NVRAM variables to automatically boot into Debian? if your NVRAM variables have been set up such that your system contacts a PXE server on every boot, this would preserve that behavior. +Template: grub-efi/install_devices +Type: multiselect +Choices-C: ${RAW_CHOICES} +Choices: ${CHOICES} +_Description: GRUB EFI system partitions: + The grub-efi package is being upgraded. This menu allows you to select which + EFI system partions you'd like grub-install to be automatically run for, if any. + . + Running grub-install automatically is recommended in most situations, to + prevent the installed GRUB core image from getting out of sync with GRUB + modules or grub.cfg. + +Template: grub-efi/install_devices_disks_changed +Type: multiselect +Choices-C: ${RAW_CHOICES} +Choices: ${CHOICES} +_Description: GRUB install devices: + The GRUB boot loader was previously installed to a disk that is no longer + present, or whose unique identifier has changed for some reason. It is + important to make sure that the installed GRUB core image stays in sync + with GRUB modules and grub.cfg. Please check again to make sure that GRUB + is written to the appropriate boot devices. + +Template: grub-efi/partition_description +Type: text +_Description: ${DEVICE} (${SIZE} MB; ${PATH}) on ${DISK_SIZE} MB ${DISK_MODEL} + +Template: grub-efi/install_devices_failed +Type: boolean +Default: false +#flag:translate!:3 +_Description: Writing GRUB to boot device failed - continue? + GRUB failed to install to the following devices: + . + ${FAILED_DEVICES} + . + Do you want to continue anyway? If you do, your computer may not start up + properly. + +Template: grub-efi/install_devices_empty +Type: boolean +Default: false +_Description: Continue without installing GRUB? + You chose not to install GRUB to any devices. If you continue, the boot + loader may not be properly configured, and when this computer next starts + up it will use whatever was previously configured. If there is an + earlier version of GRUB 2 in the EFI system partition, it may be unable to load + modules or handle the current configuration file. + . + If you are already using a different boot loader and want to carry on + doing so, or if this is a special environment where you do not need a boot + loader, then you should continue anyway. Otherwise, you should install + GRUB somewhere. + # still unused Template: grub2/kfreebsd_cmdline Type: string @@ -49,3 +103,19 @@ Default: @DEFAULT_CMDLINE@ _Description: kFreeBSD default command line: The following string will be used as kFreeBSD parameters for the default menu entry but not for the recovery mode. + +Template: grub2/unsigned_kernels_title +Type: title +_Description: unsigned kernels + +Template: grub2/unsigned_kernels +Type: note +_Description: Cannot upgrade Secure Boot enforcement policy due to unsigned kernels + Your system has UEFI Secure Boot enabled in firmware, and the following kernels + present on your system are unsigned: + . + ${unsigned_versions} + . + These kernels cannot be verified under Secure Boot. To ensure your system + remains bootable, GRUB will not be upgraded on your disk until these kernels are + removed or replaced with signed kernels. diff --git a/docs/grub.info b/docs/grub.info index 7cc7d9212..f804b7800 100644 --- a/docs/grub.info +++ b/docs/grub.info @@ -1436,6 +1436,19 @@ it must be quoted. For example: spaces. Each module will be loaded as early as possible, at the start of 'grub.cfg'. +'GRUB_FORCE_PARTUUID' + This option forces the root disk entry to be the specified PARTUUID + instead of whatever would be used instead. This is useful when you + control the partitioning of the disk but cannot guarantee what the + actual hardware will be, for example in virtual machine images. + Setting this option to '12345678-01' will produce: + root=PARTUUID=12345678-01 + +'GRUB_DISABLE_INITRD' + Then set to 'true', this option prevents an initrd to be used at + boot time, regardless of whether one is detected or not. + grub-mkconfig will therefore not generate any initrd lines. + The following options are still accepted for compatibility with existing configurations, but have better replacements: diff --git a/docs/grub.texi b/docs/grub.texi index 3ec35d315..d573f32cb 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -1541,6 +1541,19 @@ This option sets the English text of the string that will be displayed in parentheses to indicate that a boot option is provided to help users recover a broken system. The default is "recovery mode". +@item GRUB_FORCE_PARTUUID +This option forces the root disk entry to be the specified PARTUUID instead +of whatever would be used instead. This is useful when you control the +partitioning of the disk but cannot guarantee what the actual hardware +will be, for example in virtual machine images. +Setting this option to @samp{12345678-01} will produce: +root=PARTUUID=12345678-01 + +@item GRUB_DISABLE_INITRD +Then set to @samp{true}, this option prevents an initrd to be used at boot +time, regardless of whether one is detected or not. @command{grub-mkconfig} +will therefore not generate any initrd lines. + @end table The following options are still accepted for compatibility with existing @@ -3963,6 +3976,7 @@ you forget a command, you can run the command @command{help} * sha256sum:: Compute or check SHA256 hash * sha512sum:: Compute or check SHA512 hash * sleep:: Wait for a specified number of seconds +* smbios:: Retrieve SMBIOS information * source:: Read a configuration file in same context * test:: Check file types and compare values * true:: Do nothing, successfully @@ -5102,6 +5116,80 @@ if timeout was interrupted by @key{ESC}. @end deffn +@node smbios +@subsection smbios + +@deffn Command smbios @ + [@option{--type} @var{type}] @ + [@option{--handle} @var{handle}] @ + [@option{--match} @var{match}] @ + (@option{--get-byte} | @option{--get-word} | @option{--get-dword} | @ + @option{--get-qword} | @option{--get-string} | @option{--get-uuid}) @ + @var{offset} @ + [@option{--set} @var{variable}] +Retrieve SMBIOS information. + +The @command{smbios} command returns the value of a field in an SMBIOS +structure. The following options determine which structure to select. + +@itemize @bullet +@item +Specifying @option{--type} will select structures with a matching +@var{type}. The type can be any integer from 0 to 255. +@item +Specifying @option{--handle} will select structures with a matching +@var{handle}. The handle can be any integer from 0 to 65535. +@item +Specifying @option{--match} will select structure number @var{match} in the +filtered list of structures; e.g. @code{smbios --type 4 --match 2} will select +the second Process Information (Type 4) structure. The list is always ordered +the same as the hardware's SMBIOS table. The match number must be a positive +integer. If unspecified, the first matching structure will be selected. +@end itemize + +The remaining options determine which field in the selected SMBIOS structure to +return. Only one of these options may be specified at a time. + +@itemize @bullet +@item +When given @option{--get-byte}, return the value of the byte +at @var{offset} bytes into the selected SMBIOS structure. +It will be formatted as an unsigned decimal integer. +@item +When given @option{--get-word}, return the value of the word (two bytes) +at @var{offset} bytes into the selected SMBIOS structure. +It will be formatted as an unsigned decimal integer. +@item +When given @option{--get-dword}, return the value of the dword (four bytes) +at @var{offset} bytes into the selected SMBIOS structure. +It will be formatted as an unsigned decimal integer. +@item +When given @option{--get-qword}, return the value of the qword (eight bytes) +at @var{offset} bytes into the selected SMBIOS structure. +It will be formatted as an unsigned decimal integer. +@item +When given @option{--get-string}, return the string with its index found +at @var{offset} bytes into the selected SMBIOS structure. +@item +When given @option{--get-uuid}, return the value of the UUID (sixteen bytes) +at @var{offset} bytes into the selected SMBIOS structure. +It will be formatted as lower-case hyphenated hexadecimal digits, with the +first three fields as little-endian, and the rest printed byte-by-byte. +@end itemize + +The default action is to print the value of the requested field to the console, +but a variable name can be specified with @option{--set} to store the value +instead of printing it. + +For example, this will store and then display the system manufacturer's name. + +@example +smbios --type 1 --get-string 4 --set system_manufacturer +echo $system_manufacturer +@end example +@end deffn + + @node source @subsection source diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am index 3ea8e7ff4..c6ba5b2d7 100644 --- a/grub-core/Makefile.am +++ b/grub-core/Makefile.am @@ -71,6 +71,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/device.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/disk.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/dl.h +KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def index 836bf0a59..9b20f3335 100644 --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def @@ -207,6 +207,7 @@ kernel = { i386_multiboot = kern/i386/pc/acpi.c; i386_coreboot = kern/acpi.c; i386_multiboot = kern/acpi.c; + common = kern/efi/sb.c; x86 = kern/i386/tsc.c; x86 = kern/i386/tsc_pit.c; @@ -546,7 +547,7 @@ image = { i386_pc = boot/i386/pc/startup_raw.S; i386_pc_nodist = rs_decoder.h; - objcopyflags = '-O binary'; + objcopyflags = '-O binary -j .text'; ldflags = '$(TARGET_IMG_LDFLAGS) $(TARGET_IMG_BASE_LDOPT),0x8200'; enable = i386_pc; }; @@ -1105,6 +1106,21 @@ module = { common = commands/sleep.c; }; +module = { + name = smbios; + + common = commands/smbios.c; + efi = commands/efi/smbios.c; + i386_pc = commands/i386/pc/smbios.c; + i386_coreboot = commands/i386/pc/smbios.c; + i386_multiboot = commands/i386/pc/smbios.c; + + enable = efi; + enable = i386_pc; + enable = i386_coreboot; + enable = i386_multiboot; +}; + module = { name = suspend; ieee1275 = commands/ieee1275/suspend.c; @@ -1790,10 +1806,13 @@ module = { ia64_efi = loader/ia64/efi/linux.c; arm_coreboot = loader/arm/linux.c; arm_efi = loader/arm64/linux.c; + arm_efi = loader/efi/linux.c; arm_uboot = loader/arm/linux.c; arm64 = loader/arm64/linux.c; + arm64 = loader/efi/linux.c; riscv32 = loader/riscv/linux.c; riscv64 = loader/riscv/linux.c; + cflags = '-Wno-error=cast-align'; common = loader/linux.c; common = lib/cmdline.c; enable = noemu; @@ -1802,7 +1821,7 @@ module = { module = { name = fdt; efi = loader/efi/fdt.c; - common = lib/fdt.c; + fdt = lib/fdt.c; enable = fdt; }; @@ -1860,6 +1879,8 @@ module = { module = { name = linuxefi; efi = loader/i386/efi/linux.c; + efi = loader/efi/linux.c; + cflags = '-Wno-error=cast-align'; enable = i386_efi; enable = x86_64_efi; }; @@ -1870,6 +1891,7 @@ module = { i386_pc = loader/i386/pc/chainloader.c; i386_coreboot = loader/i386/coreboot/chainloader.c; i386_coreboot = lib/LzmaDec.c; + cflags = '-Wno-error=cast-align'; enable = i386_pc; enable = i386_coreboot; enable = efi; diff --git a/grub-core/bus/usb/usbhub.c b/grub-core/bus/usb/usbhub.c index 34a7ff1b5..a06cce302 100644 --- a/grub-core/bus/usb/usbhub.c +++ b/grub-core/bus/usb/usbhub.c @@ -149,8 +149,8 @@ grub_usb_add_hub (grub_usb_device_t dev) grub_usb_set_configuration (dev, 1); dev->nports = hubdesc.portcnt; - dev->children = grub_zalloc (hubdesc.portcnt * sizeof (dev->children[0])); - dev->ports = grub_zalloc (dev->nports * sizeof (dev->ports[0])); + dev->children = grub_calloc (hubdesc.portcnt, sizeof (dev->children[0])); + dev->ports = grub_calloc (dev->nports, sizeof (dev->ports[0])); if (!dev->children || !dev->ports) { grub_free (dev->children); @@ -268,8 +268,8 @@ grub_usb_controller_dev_register_iter (grub_usb_controller_t controller, void *d /* Query the number of ports the root Hub has. */ hub->nports = controller->dev->hubports (controller); - hub->devices = grub_zalloc (sizeof (hub->devices[0]) * hub->nports); - hub->ports = grub_zalloc (sizeof (hub->ports[0]) * hub->nports); + hub->devices = grub_calloc (hub->nports, sizeof (hub->devices[0])); + hub->ports = grub_calloc (hub->nports, sizeof (hub->ports[0])); if (!hub->devices || !hub->ports) { grub_free (hub->devices); diff --git a/grub-core/commands/efi/lsefisystab.c b/grub-core/commands/efi/lsefisystab.c index df1030221..d29188efa 100644 --- a/grub-core/commands/efi/lsefisystab.c +++ b/grub-core/commands/efi/lsefisystab.c @@ -40,6 +40,7 @@ static const struct guid_mapping guid_mappings[] = { GRUB_EFI_CRC32_GUIDED_SECTION_EXTRACTION_GUID, "CRC32 GUIDED SECTION EXTRACTION"}, { GRUB_EFI_DEBUG_IMAGE_INFO_TABLE_GUID, "DEBUG IMAGE INFO"}, + { GRUB_EFI_DEVICE_TREE_GUID, "DEVICE TREE"}, { GRUB_EFI_DXE_SERVICES_TABLE_GUID, "DXE SERVICES"}, { GRUB_EFI_HCDP_TABLE_GUID, "HCDP"}, { GRUB_EFI_HOB_LIST_GUID, "HOB LIST"}, @@ -48,6 +49,7 @@ static const struct guid_mapping guid_mappings[] = { GRUB_EFI_MPS_TABLE_GUID, "MPS"}, { GRUB_EFI_SAL_TABLE_GUID, "SAL"}, { GRUB_EFI_SMBIOS_TABLE_GUID, "SMBIOS"}, + { GRUB_EFI_SMBIOS3_TABLE_GUID, "SMBIOS3"}, { GRUB_EFI_SYSTEM_RESOURCE_TABLE_GUID, "SYSTEM RESOURCE TABLE"}, { GRUB_EFI_TIANO_CUSTOM_DECOMPRESS_GUID, "TIANO CUSTOM DECOMPRESS"}, { GRUB_EFI_TSC_FREQUENCY_GUID, "TSC FREQUENCY"}, @@ -71,7 +73,8 @@ grub_cmd_lsefisystab (struct grub_command *cmd __attribute__ ((unused)), grub_printf ("Vendor: "); for (vendor_utf16 = st->firmware_vendor; *vendor_utf16; vendor_utf16++); - vendor = grub_malloc (4 * (vendor_utf16 - st->firmware_vendor) + 1); + /* Allocate extra 3 bytes to simplify math. */ + vendor = grub_calloc (4, vendor_utf16 - st->firmware_vendor + 1); if (!vendor) return grub_errno; *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor, diff --git a/grub-core/commands/efi/smbios.c b/grub-core/commands/efi/smbios.c new file mode 100644 index 000000000..75202d5aa --- /dev/null +++ b/grub-core/commands/efi/smbios.c @@ -0,0 +1,61 @@ +/* smbios.c - get smbios tables. */ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2019 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include +#include +#include +#include + +struct grub_smbios_eps * +grub_machine_smbios_get_eps (void) +{ + unsigned i; + static grub_efi_packed_guid_t smbios_guid = GRUB_EFI_SMBIOS_TABLE_GUID; + + for (i = 0; i < grub_efi_system_table->num_table_entries; i++) + { + grub_efi_packed_guid_t *guid = + &grub_efi_system_table->configuration_table[i].vendor_guid; + + if (! grub_memcmp (guid, &smbios_guid, sizeof (grub_efi_packed_guid_t))) + return (struct grub_smbios_eps *) + grub_efi_system_table->configuration_table[i].vendor_table; + } + + return 0; +} + +struct grub_smbios_eps3 * +grub_machine_smbios_get_eps3 (void) +{ + unsigned i; + static grub_efi_packed_guid_t smbios3_guid = GRUB_EFI_SMBIOS3_TABLE_GUID; + + for (i = 0; i < grub_efi_system_table->num_table_entries; i++) + { + grub_efi_packed_guid_t *guid = + &grub_efi_system_table->configuration_table[i].vendor_guid; + + if (! grub_memcmp (guid, &smbios3_guid, sizeof (grub_efi_packed_guid_t))) + return (struct grub_smbios_eps3 *) + grub_efi_system_table->configuration_table[i].vendor_table; + } + + return 0; +} diff --git a/grub-core/commands/efi/tpm.c b/grub-core/commands/efi/tpm.c index 32909c192..fdbaaee19 100644 --- a/grub-core/commands/efi/tpm.c +++ b/grub-core/commands/efi/tpm.c @@ -155,7 +155,8 @@ grub_tpm1_execute (grub_efi_handle_t tpm_handle, case GRUB_EFI_NOT_FOUND: return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); default: - return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); + grub_dprintf("tpm", "Unknown TPM error: %" PRIdGRUB_SSIZE, status); + return 0; } } @@ -195,7 +196,8 @@ grub_tpm2_execute (grub_efi_handle_t tpm_handle, case GRUB_EFI_NOT_FOUND: return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); default: - return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); + grub_dprintf("tpm", "Unknown TPM error: %" PRIdGRUB_SSIZE, status); + return 0; } } @@ -262,7 +264,8 @@ grub_tpm1_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf, case GRUB_EFI_NOT_FOUND: return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); default: - return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); + grub_dprintf("tpm", "Unknown TPM error: %" PRIdGRUB_SSIZE, status); + return 0; } } @@ -312,7 +315,8 @@ grub_tpm2_log_event (grub_efi_handle_t tpm_handle, unsigned char *buf, case GRUB_EFI_NOT_FOUND: return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("TPM unavailable")); default: - return grub_error (GRUB_ERR_UNKNOWN_DEVICE, N_("Unknown TPM error")); + grub_dprintf("tpm", "Unknown TPM error: %" PRIdGRUB_SSIZE, status); + return 0; } } diff --git a/grub-core/commands/i386/pc/smbios.c b/grub-core/commands/i386/pc/smbios.c new file mode 100644 index 000000000..069d66367 --- /dev/null +++ b/grub-core/commands/i386/pc/smbios.c @@ -0,0 +1,52 @@ +/* smbios.c - get smbios tables. */ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2019 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include +#include +#include + +struct grub_smbios_eps * +grub_machine_smbios_get_eps (void) +{ + grub_uint8_t *ptr; + + grub_dprintf ("smbios", "Looking for SMBIOS EPS. Scanning BIOS\n"); + + for (ptr = (grub_uint8_t *) 0xf0000; ptr < (grub_uint8_t *) 0x100000; ptr += 16) + if (grub_memcmp (ptr, "_SM_", 4) == 0 + && grub_byte_checksum (ptr, sizeof (struct grub_smbios_eps)) == 0) + return (struct grub_smbios_eps *) ptr; + + return 0; +} + +struct grub_smbios_eps3 * +grub_machine_smbios_get_eps3 (void) +{ + grub_uint8_t *ptr; + + grub_dprintf ("smbios", "Looking for SMBIOS3 EPS. Scanning BIOS\n"); + + for (ptr = (grub_uint8_t *) 0xf0000; ptr < (grub_uint8_t *) 0x100000; ptr += 16) + if (grub_memcmp (ptr, "_SM3_", 5) == 0 + && grub_byte_checksum (ptr, sizeof (struct grub_smbios_eps3)) == 0) + return (struct grub_smbios_eps3 *) ptr; + + return 0; +} diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c index a0c164e54..41a7f3f04 100644 --- a/grub-core/commands/iorw.c +++ b/grub-core/commands/iorw.c @@ -23,6 +23,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -118,6 +119,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv) GRUB_MOD_INIT(memrw) { + if (grub_efi_secure_boot()) + return; + cmd_read_byte = grub_register_extcmd ("inb", grub_cmd_read, 0, N_("PORT"), N_("Read 8-bit value from PORT."), @@ -146,6 +150,9 @@ GRUB_MOD_INIT(memrw) GRUB_MOD_FINI(memrw) { + if (grub_efi_secure_boot()) + return; + grub_unregister_extcmd (cmd_read_byte); grub_unregister_extcmd (cmd_read_word); grub_unregister_extcmd (cmd_read_dword); diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c index db7a8f002..cc5971f4d 100644 --- a/grub-core/commands/legacycfg.c +++ b/grub-core/commands/legacycfg.c @@ -32,6 +32,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -104,13 +105,22 @@ legacy_file (const char *filename) if (newsuffix) { char *t; - + grub_size_t sz; + + if (grub_add (grub_strlen (suffix), grub_strlen (newsuffix), &sz) || + grub_add (sz, 1, &sz)) + { + grub_errno = GRUB_ERR_OUT_OF_RANGE; + goto fail_0; + } + t = suffix; - suffix = grub_realloc (suffix, grub_strlen (suffix) - + grub_strlen (newsuffix) + 1); + suffix = grub_realloc (suffix, sz); if (!suffix) { grub_free (t); + + fail_0: grub_free (entrysrc); grub_free (parsed); grub_free (newsuffix); @@ -154,13 +164,22 @@ legacy_file (const char *filename) else { char *t; + grub_size_t sz; + + if (grub_add (grub_strlen (entrysrc), grub_strlen (parsed), &sz) || + grub_add (sz, 1, &sz)) + { + grub_errno = GRUB_ERR_OUT_OF_RANGE; + goto fail_1; + } t = entrysrc; - entrysrc = grub_realloc (entrysrc, grub_strlen (entrysrc) - + grub_strlen (parsed) + 1); + entrysrc = grub_realloc (entrysrc, sz); if (!entrysrc) { grub_free (t); + + fail_1: grub_free (parsed); grub_free (suffix); return grub_errno; @@ -314,7 +333,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), if (argc < 2) return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); - cutargs = grub_malloc (sizeof (cutargs[0]) * (argc - 1)); + cutargs = grub_calloc (argc - 1, sizeof (cutargs[0])); if (!cutargs) return grub_errno; cutargc = argc - 1; @@ -436,7 +455,7 @@ grub_cmd_legacy_kernel (struct grub_command *mycmd __attribute__ ((unused)), { char rbuf[3] = "-r"; bsdargc = cutargc + 2; - bsdargs = grub_malloc (sizeof (bsdargs[0]) * bsdargc); + bsdargs = grub_calloc (bsdargc, sizeof (bsdargs[0])); if (!bsdargs) { err = grub_errno; @@ -559,7 +578,7 @@ grub_cmd_legacy_initrdnounzip (struct grub_command *mycmd __attribute__ ((unused return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("can't find command `%s'"), "module"); - newargs = grub_malloc ((argc + 1) * sizeof (newargs[0])); + newargs = grub_calloc (argc + 1, sizeof (newargs[0])); if (!newargs) return grub_errno; grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0])); diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c index 98769eadb..088cbe9e2 100644 --- a/grub-core/commands/memrw.c +++ b/grub-core/commands/memrw.c @@ -22,6 +22,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -120,6 +121,9 @@ grub_cmd_write (grub_command_t cmd, int argc, char **argv) GRUB_MOD_INIT(memrw) { + if (grub_efi_secure_boot()) + return; + cmd_read_byte = grub_register_extcmd ("read_byte", grub_cmd_read, 0, N_("ADDR"), N_("Read 8-bit value from ADDR."), @@ -148,6 +152,9 @@ GRUB_MOD_INIT(memrw) GRUB_MOD_FINI(memrw) { + if (grub_efi_secure_boot()) + return; + grub_unregister_extcmd (cmd_read_byte); grub_unregister_extcmd (cmd_read_word); grub_unregister_extcmd (cmd_read_dword); diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c index 2c5363da7..9164df744 100644 --- a/grub-core/commands/menuentry.c +++ b/grub-core/commands/menuentry.c @@ -154,7 +154,7 @@ grub_normal_add_menu_entry (int argc, const char **args, goto fail; /* Save argc, args to pass as parameters to block arg later. */ - menu_args = grub_malloc (sizeof (char*) * (argc + 1)); + menu_args = grub_calloc (argc + 1, sizeof (char *)); if (! menu_args) goto fail; diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c index 6bbce3128..6d66b7c45 100644 --- a/grub-core/commands/minicmd.c +++ b/grub-core/commands/minicmd.c @@ -179,12 +179,24 @@ grub_mini_cmd_lsmod (struct grub_command *cmd __attribute__ ((unused)), } /* exit */ -static grub_err_t __attribute__ ((noreturn)) +static grub_err_t grub_mini_cmd_exit (struct grub_command *cmd __attribute__ ((unused)), - int argc __attribute__ ((unused)), - char *argv[] __attribute__ ((unused))) + int argc, char *argv[]) { - grub_exit (); + int retval = -1; + unsigned long n; + + if (argc < 0 || argc > 1) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected")); + + if (argc == 1) + { + n = grub_strtoul (argv[0], 0, 10); + if (n != ~0UL) + retval = n; + } + + grub_exit (retval); /* Not reached. */ } diff --git a/grub-core/commands/nativedisk.c b/grub-core/commands/nativedisk.c index 699447d11..7c8f97f6a 100644 --- a/grub-core/commands/nativedisk.c +++ b/grub-core/commands/nativedisk.c @@ -195,7 +195,7 @@ grub_cmd_nativedisk (grub_command_t cmd __attribute__ ((unused)), else path_prefix = prefix; - mods = grub_malloc (argc * sizeof (mods[0])); + mods = grub_calloc (argc, sizeof (mods[0])); if (!mods) return grub_errno; diff --git a/grub-core/commands/parttool.c b/grub-core/commands/parttool.c index 22b46b187..051e31320 100644 --- a/grub-core/commands/parttool.c +++ b/grub-core/commands/parttool.c @@ -59,7 +59,13 @@ grub_parttool_register(const char *part_name, for (nargs = 0; args[nargs].name != 0; nargs++); cur->nargs = nargs; cur->args = (struct grub_parttool_argdesc *) - grub_malloc ((nargs + 1) * sizeof (struct grub_parttool_argdesc)); + grub_calloc (nargs + 1, sizeof (struct grub_parttool_argdesc)); + if (!cur->args) + { + grub_free (cur); + curhandle--; + return -1; + } grub_memcpy (cur->args, args, (nargs + 1) * sizeof (struct grub_parttool_argdesc)); @@ -257,7 +263,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), return err; } - parsed = (int *) grub_zalloc (argc * sizeof (int)); + parsed = (int *) grub_calloc (argc, sizeof (int)); for (i = 1; i < argc; i++) if (! parsed[i]) @@ -290,7 +296,7 @@ grub_cmd_parttool (grub_command_t cmd __attribute__ ((unused)), } ptool = cur; pargs = (struct grub_parttool_args *) - grub_zalloc (ptool->nargs * sizeof (struct grub_parttool_args)); + grub_calloc (ptool->nargs, sizeof (struct grub_parttool_args)); for (j = i; j < argc; j++) if (! parsed[j]) { diff --git a/grub-core/commands/regexp.c b/grub-core/commands/regexp.c index f00b184c8..4019164f3 100644 --- a/grub-core/commands/regexp.c +++ b/grub-core/commands/regexp.c @@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t ctxt, int argc, char **args) if (ret) goto fail; - matches = grub_zalloc (sizeof (*matches) * (regex.re_nsub + 1)); + matches = grub_calloc (regex.re_nsub + 1, sizeof (*matches)); if (! matches) goto fail; diff --git a/grub-core/commands/search_wrap.c b/grub-core/commands/search_wrap.c index d7fd26b94..47fc8eb99 100644 --- a/grub-core/commands/search_wrap.c +++ b/grub-core/commands/search_wrap.c @@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t ctxt, int argc, char **args) for (i = 0; state[SEARCH_HINT_BAREMETAL].args[i]; i++) nhints++; - hints = grub_malloc (sizeof (hints[0]) * nhints); + hints = grub_calloc (nhints, sizeof (hints[0])); if (!hints) return grub_errno; j = 0; diff --git a/grub-core/commands/smbios.c b/grub-core/commands/smbios.c new file mode 100644 index 000000000..1a9086ddd --- /dev/null +++ b/grub-core/commands/smbios.c @@ -0,0 +1,398 @@ +/* smbios.c - retrieve smbios information. */ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2019 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include +#include +#include +#include +#include +#include +#include + +GRUB_MOD_LICENSE ("GPLv3+"); + +/* Abstract useful values found in either the SMBIOS3 or SMBIOS EPS. */ +static struct { + grub_addr_t start; + grub_addr_t end; + grub_uint16_t structures; +} table_desc; + +static grub_extcmd_t cmd; + +/* Locate the SMBIOS entry point structure depending on the hardware. */ +struct grub_smbios_eps * +grub_smbios_get_eps (void) +{ + static struct grub_smbios_eps *eps = NULL; + + if (eps != NULL) + return eps; + + eps = grub_machine_smbios_get_eps (); + + return eps; +} + +/* Locate the SMBIOS3 entry point structure depending on the hardware. */ +static struct grub_smbios_eps3 * +grub_smbios_get_eps3 (void) +{ + static struct grub_smbios_eps3 *eps = NULL; + + if (eps != NULL) + return eps; + + eps = grub_machine_smbios_get_eps3 (); + + return eps; +} + +static char * +linux_string (const char *value) +{ + char *out = grub_malloc( grub_strlen (value) + 1); + const char *src = value; + char *dst = out; + + for (; *src; src++) + if (*src > ' ' && *src < 127 && *src != ':') + *dst++ = *src; + + *dst = 0; + return out; +} + +/* + * These functions convert values from the various SMBIOS structure field types + * into a string formatted to be returned to the user. They expect that the + * structure and offset were already validated. When the requested data is + * successfully retrieved and formatted, the pointer to the string is returned; + * otherwise, NULL is returned on failure. Don't free the result. + */ + +static const char * +grub_smbios_format_byte (const grub_uint8_t *structure, grub_uint8_t offset) +{ + static char buffer[sizeof ("255")]; + + grub_snprintf (buffer, sizeof (buffer), "%u", structure[offset]); + + return (const char *)buffer; +} + +static const char * +grub_smbios_format_word (const grub_uint8_t *structure, grub_uint8_t offset) +{ + static char buffer[sizeof ("65535")]; + + grub_uint16_t value = grub_get_unaligned16 (structure + offset); + grub_snprintf (buffer, sizeof (buffer), "%u", value); + + return (const char *)buffer; +} + +static const char * +grub_smbios_format_dword (const grub_uint8_t *structure, grub_uint8_t offset) +{ + static char buffer[sizeof ("4294967295")]; + + grub_uint32_t value = grub_get_unaligned32 (structure + offset); + grub_snprintf (buffer, sizeof (buffer), "%" PRIuGRUB_UINT32_T, value); + + return (const char *)buffer; +} + +static const char * +grub_smbios_format_qword (const grub_uint8_t *structure, grub_uint8_t offset) +{ + static char buffer[sizeof ("18446744073709551615")]; + + grub_uint64_t value = grub_get_unaligned64 (structure + offset); + grub_snprintf (buffer, sizeof (buffer), "%" PRIuGRUB_UINT64_T, value); + + return (const char *)buffer; +} + +static const char * +grub_smbios_get_string (const grub_uint8_t *structure, grub_uint8_t offset) +{ + const grub_uint8_t *ptr = structure + structure[1]; + const grub_uint8_t *table_end = (const grub_uint8_t *)table_desc.end; + const grub_uint8_t referenced_string_number = structure[offset]; + grub_uint8_t i; + + /* A string referenced with zero is interpreted as unset. */ + if (referenced_string_number == 0) + return NULL; + + /* Search the string set. */ + for (i = 1; *ptr != 0 && ptr < table_end; i++) + if (i == referenced_string_number) + { + const char *str = (const char *)ptr; + while (*ptr++ != 0) + if (ptr >= table_end) + return NULL; /* The string isn't terminated. */ + return str; + } + else + while (*ptr++ != 0 && ptr < table_end); + + /* The string number is greater than the number of strings in the set. */ + return NULL; +} + +static const char * +grub_smbios_format_uuid (const grub_uint8_t *structure, grub_uint8_t offset) +{ + static char buffer[sizeof ("ffffffff-ffff-ffff-ffff-ffffffffffff")]; + const grub_uint8_t *f = structure + offset; /* little-endian fields */ + const grub_uint8_t *g = f + 8; /* byte-by-byte fields */ + + grub_snprintf (buffer, sizeof (buffer), + "%02x%02x%02x%02x-%02x%02x-%02x%02x-" + "%02x%02x-%02x%02x%02x%02x%02x%02x", + f[3], f[2], f[1], f[0], f[5], f[4], f[7], f[6], + g[0], g[1], g[2], g[3], g[4], g[5], g[6], g[7]); + + return (const char *)buffer; +} + +/* List the field formatting functions and the number of bytes they need. */ +static const struct { + const char *(*format) (const grub_uint8_t *structure, grub_uint8_t offset); + grub_uint8_t field_length; +} field_extractors[] = { + {grub_smbios_format_byte, 1}, + {grub_smbios_format_word, 2}, + {grub_smbios_format_dword, 4}, + {grub_smbios_format_qword, 8}, + {grub_smbios_get_string, 1}, + {grub_smbios_format_uuid, 16} +}; + +/* List command options, with structure field getters ordered as above. */ +#define FIRST_GETTER_OPT (3) +#define SETTER_OPT (FIRST_GETTER_OPT + ARRAY_SIZE(field_extractors)) +#define LINUX_OPT (FIRST_GETTER_OPT + ARRAY_SIZE(field_extractors) + 1) + +static const struct grub_arg_option options[] = { + {"type", 't', 0, N_("Match structures with the given type."), + N_("type"), ARG_TYPE_INT}, + {"handle", 'h', 0, N_("Match structures with the given handle."), + N_("handle"), ARG_TYPE_INT}, + {"match", 'm', 0, N_("Select a structure when several match."), + N_("match"), ARG_TYPE_INT}, + {"get-byte", 'b', 0, N_("Get the byte's value at the given offset."), + N_("offset"), ARG_TYPE_INT}, + {"get-word", 'w', 0, N_("Get two bytes' value at the given offset."), + N_("offset"), ARG_TYPE_INT}, + {"get-dword", 'd', 0, N_("Get four bytes' value at the given offset."), + N_("offset"), ARG_TYPE_INT}, + {"get-qword", 'q', 0, N_("Get eight bytes' value at the given offset."), + N_("offset"), ARG_TYPE_INT}, + {"get-string", 's', 0, N_("Get the string specified at the given offset."), + N_("offset"), ARG_TYPE_INT}, + {"get-uuid", 'u', 0, N_("Get the UUID's value at the given offset."), + N_("offset"), ARG_TYPE_INT}, + {"set", '\0', 0, N_("Store the value in the given variable name."), + N_("variable"), ARG_TYPE_STRING}, + {"linux", '\0', 0, N_("Filter the result like linux does."), + N_("variable"), ARG_TYPE_NONE}, + {0, 0, 0, 0, 0, 0} +}; + +/* + * Return a matching SMBIOS structure. + * + * This method can use up to three criteria for selecting a structure: + * - The "type" field (use -1 to ignore) + * - The "handle" field (use -1 to ignore) + * - Which to return if several match (use 0 to ignore) + * + * The return value is a pointer to the first matching structure. If no + * structures match the given parameters, NULL is returned. + */ +static const grub_uint8_t * +grub_smbios_match_structure (const grub_int16_t type, + const grub_int32_t handle, + const grub_uint16_t match) +{ + const grub_uint8_t *ptr = (const grub_uint8_t *)table_desc.start; + const grub_uint8_t *table_end = (const grub_uint8_t *)table_desc.end; + grub_uint16_t structures = table_desc.structures; + grub_uint16_t structure_count = 0; + grub_uint16_t matches = 0; + + while (ptr < table_end + && ptr[1] >= 4 /* Valid structures include the 4-byte header. */ + && (structure_count++ < structures || structures == 0)) + { + grub_uint16_t structure_handle = grub_get_unaligned16 (ptr + 2); + grub_uint8_t structure_type = ptr[0]; + + if ((handle < 0 || handle == structure_handle) + && (type < 0 || type == structure_type) + && (match == 0 || match == ++matches)) + return ptr; + else + { + ptr += ptr[1]; + while ((*ptr++ != 0 || *ptr++ != 0) && ptr < table_end); + } + + if (structure_type == GRUB_SMBIOS_TYPE_END_OF_TABLE) + break; + } + + return NULL; +} + +static grub_err_t +grub_cmd_smbios (grub_extcmd_context_t ctxt, + int argc __attribute__ ((unused)), + char **argv __attribute__ ((unused))) +{ + struct grub_arg_list *state = ctxt->state; + + grub_int16_t type = -1; + grub_int32_t handle = -1; + grub_uint16_t match = 0; + grub_uint8_t offset = 0; + + const grub_uint8_t *structure; + const char *value; + char *modified_value = NULL; + grub_int32_t option; + grub_int8_t field_type = -1; + grub_uint8_t i; + + if (table_desc.start == 0) + return grub_error (GRUB_ERR_IO, + N_("the SMBIOS entry point structure was not found")); + + /* Read the given filtering options. */ + if (state[0].set) + { + option = grub_strtol (state[0].arg, NULL, 0); + if (option < 0 || option > 255) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + N_("the type must be between 0 and 255")); + type = (grub_int16_t)option; + } + if (state[1].set) + { + option = grub_strtol (state[1].arg, NULL, 0); + if (option < 0 || option > 65535) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + N_("the handle must be between 0 and 65535")); + handle = (grub_int32_t)option; + } + if (state[2].set) + { + option = grub_strtol (state[2].arg, NULL, 0); + if (option <= 0 || option > 65535) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + N_("the match must be a positive integer")); + match = (grub_uint16_t)option; + } + + /* Determine the data type of the structure field to retrieve. */ + for (i = 0; i < ARRAY_SIZE(field_extractors); i++) + if (state[FIRST_GETTER_OPT + i].set) + { + if (field_type >= 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + N_("only one --get option is usable at a time")); + field_type = i; + } + + /* Require a choice of a structure field to return. */ + if (field_type < 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, + N_("one of the --get options is required")); + + /* Locate a matching SMBIOS structure. */ + structure = grub_smbios_match_structure (type, handle, match); + if (structure == NULL) + return grub_error (GRUB_ERR_IO, + N_("no structure matched the given options")); + + /* Ensure the requested byte offset is inside the structure. */ + option = grub_strtol (state[FIRST_GETTER_OPT + field_type].arg, NULL, 0); + if (option < 0 || option >= structure[1]) + return grub_error (GRUB_ERR_OUT_OF_RANGE, + N_("the given offset is outside the structure")); + + /* Ensure the requested data type at the offset is inside the structure. */ + offset = (grub_uint8_t)option; + if (offset + field_extractors[field_type].field_length > structure[1]) + return grub_error (GRUB_ERR_OUT_OF_RANGE, + N_("the field ends outside the structure")); + + /* Format the requested structure field into a readable string. */ + value = field_extractors[field_type].format (structure, offset); + if (value == NULL) + return grub_error (GRUB_ERR_IO, + N_("failed to retrieve the structure field")); + + if (state[LINUX_OPT].set) + value = modified_value = linux_string (value); + + /* Store or print the formatted value. */ + if (state[SETTER_OPT].set) + grub_env_set (state[SETTER_OPT].arg, value); + else + grub_printf ("%s\n", value); + + grub_free(modified_value); + + return GRUB_ERR_NONE; +} + +GRUB_MOD_INIT(smbios) +{ + struct grub_smbios_eps3 *eps3; + struct grub_smbios_eps *eps; + + if ((eps3 = grub_smbios_get_eps3 ())) + { + table_desc.start = (grub_addr_t)eps3->table_address; + table_desc.end = table_desc.start + eps3->maximum_table_length; + table_desc.structures = 0; /* SMBIOS3 drops the structure count. */ + } + else if ((eps = grub_smbios_get_eps ())) + { + table_desc.start = (grub_addr_t)eps->intermediate.table_address; + table_desc.end = table_desc.start + eps->intermediate.table_length; + table_desc.structures = eps->intermediate.structures; + } + + cmd = grub_register_extcmd ("smbios", grub_cmd_smbios, 0, + N_("[-t type] [-h handle] [-m match] " + "(-b|-w|-d|-q|-s|-u) offset " + "[--set variable]"), + N_("Retrieve SMBIOS information."), options); +} + +GRUB_MOD_FINI(smbios) +{ + grub_unregister_extcmd (cmd); +} diff --git a/grub-core/commands/wildcard.c b/grub-core/commands/wildcard.c index 4a106ca04..cc3290311 100644 --- a/grub-core/commands/wildcard.c +++ b/grub-core/commands/wildcard.c @@ -23,6 +23,7 @@ #include #include #include +#include #include @@ -48,6 +49,7 @@ merge (char **dest, char **ps) int i; int j; char **p; + grub_size_t sz; if (! dest) return ps; @@ -60,7 +62,12 @@ merge (char **dest, char **ps) for (j = 0; ps[j]; j++) ; - p = grub_realloc (dest, sizeof (char*) * (i + j + 1)); + if (grub_add (i, j, &sz) || + grub_add (sz, 1, &sz) || + grub_mul (sz, sizeof (char *), &sz)) + return dest; + + p = grub_realloc (dest, sz); if (! p) { grub_free (dest); @@ -115,8 +122,15 @@ make_regex (const char *start, const char *end, regex_t *regexp) char ch; int i = 0; unsigned len = end - start; - char *buffer = grub_malloc (len * 2 + 2 + 1); /* worst case size. */ + char *buffer; + grub_size_t sz; + /* Worst case size is (len * 2 + 2 + 1). */ + if (grub_mul (len, 2, &sz) || + grub_add (sz, 3, &sz)) + return 1; + + buffer = grub_malloc (sz); if (! buffer) return 1; @@ -226,6 +240,7 @@ match_devices_iter (const char *name, void *data) struct match_devices_ctx *ctx = data; char **t; char *buffer; + grub_size_t sz; /* skip partitions if asked to. */ if (ctx->noparts && grub_strchr (name, ',')) @@ -239,11 +254,16 @@ match_devices_iter (const char *name, void *data) if (regexec (ctx->regexp, buffer, 0, 0, 0)) { grub_dprintf ("expand", "not matched\n"); + fail: grub_free (buffer); return 0; } - t = grub_realloc (ctx->devs, sizeof (char*) * (ctx->ndev + 2)); + if (grub_add (ctx->ndev, 2, &sz) || + grub_mul (sz, sizeof (char *), &sz)) + goto fail; + + t = grub_realloc (ctx->devs, sz); if (! t) { grub_free (buffer); @@ -300,6 +320,7 @@ match_files_iter (const char *name, struct match_files_ctx *ctx = data; char **t; char *buffer; + grub_size_t sz; /* skip . and .. names */ if (grub_strcmp(".", name) == 0 || grub_strcmp("..", name) == 0) @@ -315,9 +336,14 @@ match_files_iter (const char *name, if (! buffer) return 1; - t = grub_realloc (ctx->files, sizeof (char*) * (ctx->nfile + 2)); - if (! t) + if (grub_add (ctx->nfile, 2, &sz) || + grub_mul (sz, sizeof (char *), &sz)) + goto fail; + + t = grub_realloc (ctx->files, sz); + if (!t) { + fail: grub_free (buffer); return 1; } diff --git a/grub-core/disk/diskfilter.c b/grub-core/disk/diskfilter.c index c3b578acf..68ca9e0be 100644 --- a/grub-core/disk/diskfilter.c +++ b/grub-core/disk/diskfilter.c @@ -1134,7 +1134,7 @@ grub_diskfilter_make_raid (grub_size_t uuidlen, char *uuid, int nmemb, array->lvs->segments->node_count = nmemb; array->lvs->segments->raid_member_size = disk_size; array->lvs->segments->nodes - = grub_zalloc (nmemb * sizeof (array->lvs->segments->nodes[0])); + = grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0])); array->lvs->segments->stripe_size = stripe_size; for (i = 0; i < nmemb; i++) { @@ -1226,7 +1226,7 @@ insert_array (grub_disk_t disk, const struct grub_diskfilter_pv_id *id, grub_partition_t p; for (p = disk->partition; p; p = p->parent) s++; - pv->partmaps = xmalloc (s * sizeof (pv->partmaps[0])); + pv->partmaps = xcalloc (s, sizeof (pv->partmaps[0])); s = 0; for (p = disk->partition; p; p = p->parent) pv->partmaps[s++] = xstrdup (p->partmap->name); diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c index f73257e66..03674cb47 100644 --- a/grub-core/disk/ieee1275/ofdisk.c +++ b/grub-core/disk/ieee1275/ofdisk.c @@ -297,7 +297,7 @@ dev_iterate (const struct grub_ieee1275_devalias *alias) /* Power machines documentation specify 672 as maximum SAS disks in one system. Using a slightly larger value to be safe. */ table_size = 768; - table = grub_malloc (table_size * sizeof (grub_uint64_t)); + table = grub_calloc (table_size, sizeof (grub_uint64_t)); if (!table) { diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c index 2a22d2d6c..58f8a53e1 100644 --- a/grub-core/disk/ldm.c +++ b/grub-core/disk/ldm.c @@ -25,6 +25,7 @@ #include #include #include +#include #ifdef GRUB_UTIL #include @@ -289,6 +290,7 @@ make_vg (grub_disk_t disk, struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE / sizeof (struct grub_ldm_vblk)]; unsigned i; + grub_size_t sz; err = grub_disk_read (disk, cursec, 0, sizeof(vblk), &vblk); if (err) @@ -323,8 +325,8 @@ make_vg (grub_disk_t disk, lv->segments->type = GRUB_DISKFILTER_MIRROR; lv->segments->node_count = 0; lv->segments->node_alloc = 8; - lv->segments->nodes = grub_zalloc (sizeof (*lv->segments->nodes) - * lv->segments->node_alloc); + lv->segments->nodes = grub_calloc (lv->segments->node_alloc, + sizeof (*lv->segments->nodes)); if (!lv->segments->nodes) goto fail2; ptr = vblk[i].dynamic; @@ -350,7 +352,13 @@ make_vg (grub_disk_t disk, grub_free (lv); goto fail2; } - lv->name = grub_malloc (*ptr + 1); + if (grub_add (*ptr, 1, &sz)) + { + grub_free (lv->internal_id); + grub_free (lv); + goto fail2; + } + lv->name = grub_malloc (sz); if (!lv->name) { grub_free (lv->internal_id); @@ -543,8 +551,8 @@ make_vg (grub_disk_t disk, { comp->segment_alloc = 8; comp->segment_count = 0; - comp->segments = grub_malloc (sizeof (*comp->segments) - * comp->segment_alloc); + comp->segments = grub_calloc (comp->segment_alloc, + sizeof (*comp->segments)); if (!comp->segments) goto fail2; } @@ -590,8 +598,8 @@ make_vg (grub_disk_t disk, } comp->segments->node_count = read_int (ptr + 1, *ptr); comp->segments->node_alloc = comp->segments->node_count; - comp->segments->nodes = grub_zalloc (sizeof (*comp->segments->nodes) - * comp->segments->node_alloc); + comp->segments->nodes = grub_calloc (comp->segments->node_alloc, + sizeof (*comp->segments->nodes)); if (!lv->segments->nodes) goto fail2; } @@ -599,10 +607,13 @@ make_vg (grub_disk_t disk, if (lv->segments->node_alloc == lv->segments->node_count) { void *t; - lv->segments->node_alloc *= 2; - t = grub_realloc (lv->segments->nodes, - sizeof (*lv->segments->nodes) - * lv->segments->node_alloc); + grub_size_t sz; + + if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) || + grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz)) + goto fail2; + + t = grub_realloc (lv->segments->nodes, sz); if (!t) goto fail2; lv->segments->nodes = t; @@ -723,10 +734,13 @@ make_vg (grub_disk_t disk, if (comp->segment_alloc == comp->segment_count) { void *t; - comp->segment_alloc *= 2; - t = grub_realloc (comp->segments, - comp->segment_alloc - * sizeof (*comp->segments)); + grub_size_t sz; + + if (grub_mul (comp->segment_alloc, 2, &comp->segment_alloc) || + grub_mul (comp->segment_alloc, sizeof (*comp->segments), &sz)) + goto fail2; + + t = grub_realloc (comp->segments, sz); if (!t) goto fail2; comp->segments = t; @@ -1017,7 +1031,7 @@ grub_util_ldm_embed (struct grub_disk *disk, unsigned int *nsectors, *nsectors = lv->size; if (*nsectors > max_nsectors) *nsectors = max_nsectors; - *sectors = grub_malloc (*nsectors * sizeof (**sectors)); + *sectors = grub_calloc (*nsectors, sizeof (**sectors)); if (!*sectors) return grub_errno; for (i = 0; i < *nsectors; i++) diff --git a/grub-core/disk/loopback.c b/grub-core/disk/loopback.c index cdf9123fa..210201d22 100644 --- a/grub-core/disk/loopback.c +++ b/grub-core/disk/loopback.c @@ -21,20 +21,13 @@ #include #include #include +#include #include #include #include GRUB_MOD_LICENSE ("GPLv3+"); -struct grub_loopback -{ - char *devname; - grub_file_t file; - struct grub_loopback *next; - unsigned long id; -}; - static struct grub_loopback *loopback_list; static unsigned long last_id = 0; @@ -93,7 +86,8 @@ grub_cmd_loopback (grub_extcmd_context_t ctxt, int argc, char **args) return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); file = grub_file_open (args[1], GRUB_FILE_TYPE_LOOPBACK - | GRUB_FILE_TYPE_NO_DECOMPRESS); + | GRUB_FILE_TYPE_NO_DECOMPRESS | + GRUB_FILE_TYPE_SKIP_SIGNATURE); if (! file) return grub_errno; diff --git a/grub-core/disk/luks.c b/grub-core/disk/luks.c index 86c50c612..18b3a8bb1 100644 --- a/grub-core/disk/luks.c +++ b/grub-core/disk/luks.c @@ -336,7 +336,7 @@ luks_recover_key (grub_disk_t source, && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes) max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes); - split_key = grub_malloc (keysize * max_stripes); + split_key = grub_calloc (keysize, max_stripes); if (!split_key) return grub_errno; diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c index 7b265c780..d154f7c01 100644 --- a/grub-core/disk/lvm.c +++ b/grub-core/disk/lvm.c @@ -25,6 +25,7 @@ #include #include #include +#include #ifdef GRUB_UTIL #include @@ -102,10 +103,11 @@ grub_lvm_detect (grub_disk_t disk, { grub_err_t err; grub_uint64_t mda_offset, mda_size; + grub_size_t ptr; char buf[GRUB_LVM_LABEL_SIZE]; char vg_id[GRUB_LVM_ID_STRLEN+1]; char pv_id[GRUB_LVM_ID_STRLEN+1]; - char *metadatabuf, *p, *q, *vgname; + char *metadatabuf, *mda_end, *p, *q, *vgname; struct grub_lvm_label_header *lh = (struct grub_lvm_label_header *) buf; struct grub_lvm_pv_header *pvh; struct grub_lvm_disk_locn *dlocn; @@ -173,7 +175,7 @@ grub_lvm_detect (grub_disk_t disk, first one. */ /* Allocate buffer space for the circular worst-case scenario. */ - metadatabuf = grub_malloc (2 * mda_size); + metadatabuf = grub_calloc (2, mda_size); if (! metadatabuf) goto fail; @@ -205,19 +207,31 @@ grub_lvm_detect (grub_disk_t disk, grub_le_to_cpu64 (rlocn->size) - grub_le_to_cpu64 (mdah->size)); } - p = q = metadatabuf + grub_le_to_cpu64 (rlocn->offset); - while (*q != ' ' && q < metadatabuf + mda_size) - q++; - - if (q == metadatabuf + mda_size) + if (grub_add ((grub_size_t)metadatabuf, + (grub_size_t)grub_le_to_cpu64 (rlocn->offset), + &ptr)) { +error_parsing_metadata: #ifdef GRUB_UTIL grub_util_info ("error parsing metadata"); #endif goto fail2; } + p = q = (char *)ptr; + + if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr)) + goto error_parsing_metadata; + + mda_end = (char *)ptr; + + while (*q != ' ' && q < mda_end) + q++; + + if (q == mda_end) + goto error_parsing_metadata; + vgname_len = q - p; vgname = grub_malloc (vgname_len + 1); if (!vgname) @@ -367,8 +381,17 @@ grub_lvm_detect (grub_disk_t disk, { const char *iptr; char *optr; - lv->fullname = grub_malloc (sizeof ("lvm/") - 1 + 2 * vgname_len - + 1 + 2 * s + 1); + grub_size_t sz0 = vgname_len, sz1 = s; + + if (grub_mul (sz0, 2, &sz0) || + grub_add (sz0, 1, &sz0) || + grub_mul (sz1, 2, &sz1) || + grub_add (sz1, 1, &sz1) || + grub_add (sz0, sz1, &sz0) || + grub_add (sz0, sizeof ("lvm/") - 1, &sz0)) + goto lvs_fail; + + lv->fullname = grub_malloc (sz0); if (!lv->fullname) goto lvs_fail; @@ -426,7 +449,7 @@ grub_lvm_detect (grub_disk_t disk, #endif goto lvs_fail; } - lv->segments = grub_zalloc (sizeof (*seg) * lv->segment_count); + lv->segments = grub_calloc (lv->segment_count, sizeof (*seg)); seg = lv->segments; for (i = 0; i < lv->segment_count; i++) @@ -483,8 +506,8 @@ grub_lvm_detect (grub_disk_t disk, if (seg->node_count != 1) seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); - seg->nodes = grub_zalloc (sizeof (*stripe) - * seg->node_count); + seg->nodes = grub_calloc (seg->node_count, + sizeof (*stripe)); stripe = seg->nodes; p = grub_strstr (p, "stripes = ["); diff --git a/grub-core/disk/xen/xendisk.c b/grub-core/disk/xen/xendisk.c index 48476cbbf..d6612eebd 100644 --- a/grub-core/disk/xen/xendisk.c +++ b/grub-core/disk/xen/xendisk.c @@ -426,7 +426,7 @@ grub_xendisk_init (void) if (!ctr) return; - virtdisks = grub_malloc (ctr * sizeof (virtdisks[0])); + virtdisks = grub_calloc (ctr, sizeof (virtdisks[0])); if (!virtdisks) return; if (grub_xenstore_dir ("device/vbd", fill, &ctr)) diff --git a/grub-core/efiemu/i386/pc/cfgtables.c b/grub-core/efiemu/i386/pc/cfgtables.c index 492c07c46..e5fffb7d4 100644 --- a/grub-core/efiemu/i386/pc/cfgtables.c +++ b/grub-core/efiemu/i386/pc/cfgtables.c @@ -22,11 +22,11 @@ #include #include #include +#include grub_err_t grub_machine_efiemu_init_tables (void) { - grub_uint8_t *ptr; void *table; grub_err_t err; grub_efi_guid_t smbios = GRUB_EFI_SMBIOS_TABLE_GUID; @@ -57,17 +57,10 @@ grub_machine_efiemu_init_tables (void) if (err) return err; } - - for (ptr = (grub_uint8_t *) 0xf0000; ptr < (grub_uint8_t *) 0x100000; - ptr += 16) - if (grub_memcmp (ptr, "_SM_", 4) == 0 - && grub_byte_checksum (ptr, *(ptr + 5)) == 0) - break; - - if (ptr < (grub_uint8_t *) 0x100000) + table = grub_smbios_get_eps (); + if (table) { - grub_dprintf ("efiemu", "Registering SMBIOS\n"); - err = grub_efiemu_register_configuration_table (smbios, 0, 0, ptr); + err = grub_efiemu_register_configuration_table (smbios, 0, 0, table); if (err) return err; } diff --git a/grub-core/efiemu/loadcore.c b/grub-core/efiemu/loadcore.c index 44085ef81..2b924623f 100644 --- a/grub-core/efiemu/loadcore.c +++ b/grub-core/efiemu/loadcore.c @@ -201,7 +201,7 @@ grub_efiemu_count_symbols (const Elf_Ehdr *e) grub_efiemu_nelfsyms = (unsigned) s->sh_size / (unsigned) s->sh_entsize; grub_efiemu_elfsyms = (struct grub_efiemu_elf_sym *) - grub_malloc (sizeof (struct grub_efiemu_elf_sym) * grub_efiemu_nelfsyms); + grub_calloc (grub_efiemu_nelfsyms, sizeof (struct grub_efiemu_elf_sym)); /* Relocators */ for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); diff --git a/grub-core/efiemu/mm.c b/grub-core/efiemu/mm.c index 52a032f7b..9b8e0d0ad 100644 --- a/grub-core/efiemu/mm.c +++ b/grub-core/efiemu/mm.c @@ -554,11 +554,11 @@ grub_efiemu_mmap_sort_and_uniq (void) /* Initialize variables*/ grub_memset (present, 0, sizeof (int) * GRUB_EFI_MAX_MEMORY_TYPE); scanline_events = (struct grub_efiemu_mmap_scan *) - grub_malloc (sizeof (struct grub_efiemu_mmap_scan) * 2 * mmap_num); + grub_calloc (mmap_num, sizeof (struct grub_efiemu_mmap_scan) * 2); /* Number of chunks can't increase more than by factor of 2 */ result = (grub_efi_memory_descriptor_t *) - grub_malloc (sizeof (grub_efi_memory_descriptor_t) * 2 * mmap_num); + grub_calloc (mmap_num, sizeof (grub_efi_memory_descriptor_t) * 2); if (!result || !scanline_events) { grub_free (result); @@ -660,7 +660,7 @@ grub_efiemu_mm_do_alloc (void) /* Preallocate mmap */ efiemu_mmap = (grub_efi_memory_descriptor_t *) - grub_malloc (mmap_reserved_size * sizeof (grub_efi_memory_descriptor_t)); + grub_calloc (mmap_reserved_size, sizeof (grub_efi_memory_descriptor_t)); if (!efiemu_mmap) { grub_efiemu_unload (); diff --git a/grub-core/font/font.c b/grub-core/font/font.c index 85a292557..d09bb38d8 100644 --- a/grub-core/font/font.c +++ b/grub-core/font/font.c @@ -30,6 +30,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -293,8 +294,7 @@ load_font_index (grub_file_t file, grub_uint32_t sect_length, struct font->num_chars = sect_length / FONT_CHAR_INDEX_ENTRY_SIZE; /* Allocate the character index array. */ - font->char_index = grub_malloc (font->num_chars - * sizeof (struct char_index_entry)); + font->char_index = grub_calloc (font->num_chars, sizeof (struct char_index_entry)); if (!font->char_index) return 1; font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t)); @@ -361,9 +361,13 @@ static char * read_section_as_string (struct font_file_section *section) { char *str; + grub_size_t sz; grub_ssize_t ret; - str = grub_malloc (section->length + 1); + if (grub_add (section->length, 1, &sz)) + return NULL; + + str = grub_malloc (sz); if (!str) return 0; @@ -528,6 +532,12 @@ grub_font_load (const char *filename) if (grub_memcmp (section.name, FONT_FORMAT_SECTION_NAMES_FONT_NAME, sizeof (FONT_FORMAT_SECTION_NAMES_FONT_NAME) - 1) == 0) { + if (font->name != NULL) + { + grub_error (GRUB_ERR_BAD_FONT, "invalid font file: too many NAME sections"); + goto fail; + } + font->name = read_section_as_string (§ion); if (!font->name) goto fail; diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c index 6b6a2bc91..220b3712f 100644 --- a/grub-core/fs/affs.c +++ b/grub-core/fs/affs.c @@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node_t node) return 0; } latin1[symlink_size] = 0; - utf8 = grub_malloc (symlink_size * GRUB_MAX_UTF8_PER_LATIN1 + 1); + utf8 = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, symlink_size); if (!utf8) { grub_free (latin1); @@ -422,7 +422,7 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir, return 1; } - hashtable = grub_zalloc (data->htsize * sizeof (*hashtable)); + hashtable = grub_calloc (data->htsize, sizeof (*hashtable)); if (!hashtable) return 1; @@ -628,7 +628,7 @@ grub_affs_label (grub_device_t device, char **label) len = file.namelen; if (len > sizeof (file.name)) len = sizeof (file.name); - *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); + *label = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, len); if (*label) *grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0'; } diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c index 48bd3d04a..2b65bd56a 100644 --- a/grub-core/fs/btrfs.c +++ b/grub-core/fs/btrfs.c @@ -40,6 +40,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -329,9 +330,13 @@ save_ref (struct grub_btrfs_leaf_descriptor *desc, if (desc->allocated < desc->depth) { void *newdata; - desc->allocated *= 2; - newdata = grub_realloc (desc->data, sizeof (desc->data[0]) - * desc->allocated); + grub_size_t sz; + + if (grub_mul (desc->allocated, 2, &desc->allocated) || + grub_mul (desc->allocated, sizeof (desc->data[0]), &sz)) + return GRUB_ERR_OUT_OF_RANGE; + + newdata = grub_realloc (desc->data, sz); if (!newdata) return grub_errno; desc->data = newdata; @@ -413,7 +418,7 @@ lower_bound (struct grub_btrfs_data *data, { desc->allocated = 16; desc->depth = 0; - desc->data = grub_malloc (sizeof (desc->data[0]) * desc->allocated); + desc->data = grub_calloc (desc->allocated, sizeof (desc->data[0])); if (!desc->data) return grub_errno; } @@ -622,16 +627,21 @@ find_device (struct grub_btrfs_data *data, grub_uint64_t id) if (data->n_devices_attached > data->n_devices_allocated) { void *tmp; - data->n_devices_allocated = 2 * data->n_devices_attached + 1; - data->devices_attached - = grub_realloc (tmp = data->devices_attached, - data->n_devices_allocated - * sizeof (data->devices_attached[0])); + grub_size_t sz; + + if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || + grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || + grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) + goto fail; + + data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); if (!data->devices_attached) { + data->devices_attached = tmp; + + fail: if (ctx.dev_found) grub_device_close (ctx.dev_found); - data->devices_attached = tmp; return NULL; } } @@ -752,7 +762,7 @@ raid56_read_retry (struct grub_btrfs_data *data, grub_err_t ret = GRUB_ERR_OUT_OF_MEMORY; grub_uint64_t i, failed_devices; - buffers = grub_zalloc (sizeof(*buffers) * nstripes); + buffers = grub_calloc (nstripes, sizeof (*buffers)); if (!buffers) goto cleanup; @@ -2160,7 +2170,7 @@ grub_btrfs_embed (grub_device_t device __attribute__ ((unused)), *nsectors = 64 * 2 - 1; if (*nsectors > max_nsectors) *nsectors = max_nsectors; - *sectors = grub_malloc (*nsectors * sizeof (**sectors)); + *sectors = grub_calloc (*nsectors, sizeof (**sectors)); if (!*sectors) return grub_errno; for (i = 0; i < *nsectors; i++) diff --git a/grub-core/fs/ext2.c b/grub-core/fs/ext2.c index 9b389802a..ac33bcd68 100644 --- a/grub-core/fs/ext2.c +++ b/grub-core/fs/ext2.c @@ -46,6 +46,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -703,6 +704,7 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) { char *symlink; struct grub_fshelp_node *diro = node; + grub_size_t sz; if (! diro->inode_read) { @@ -717,7 +719,13 @@ grub_ext2_read_symlink (grub_fshelp_node_t node) } } - symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1); + if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz)) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + return NULL; + } + + symlink = grub_malloc (sz); if (! symlink) return 0; diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c index ac0a40990..3fe842b4d 100644 --- a/grub-core/fs/hfs.c +++ b/grub-core/fs/hfs.c @@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, char **label) grub_size_t len = data->sblock.volname[0]; if (len > sizeof (data->sblock.volname) - 1) len = sizeof (data->sblock.volname) - 1; - *label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1); + *label = grub_calloc (MAX_UTF8_PER_MAC_ROMAN + 1, len); if (*label) macroman_to_utf8 (*label, data->sblock.volname + 1, len + 1, 0); diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c index 54786bb1c..9c4e4c88c 100644 --- a/grub-core/fs/hfsplus.c +++ b/grub-core/fs/hfsplus.c @@ -31,6 +31,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -475,8 +476,12 @@ grub_hfsplus_read_symlink (grub_fshelp_node_t node) { char *symlink; grub_ssize_t numread; + grub_size_t sz = node->size; - symlink = grub_malloc (node->size + 1); + if (grub_add (sz, 1, &sz)) + return NULL; + + symlink = grub_malloc (sz); if (!symlink) return 0; @@ -715,12 +720,12 @@ list_nodes (void *record, void *hook_arg) if (type == GRUB_FSHELP_UNKNOWN) return 0; - filename = grub_malloc (grub_be_to_cpu16 (catkey->namelen) - * GRUB_MAX_UTF8_PER_UTF16 + 1); + filename = grub_calloc (grub_be_to_cpu16 (catkey->namelen), + GRUB_MAX_UTF8_PER_UTF16 + 1); if (! filename) return 0; - keyname = grub_malloc (grub_be_to_cpu16 (catkey->namelen) * sizeof (*keyname)); + keyname = grub_calloc (grub_be_to_cpu16 (catkey->namelen), sizeof (*keyname)); if (!keyname) { grub_free (filename); @@ -1007,7 +1012,7 @@ grub_hfsplus_label (grub_device_t device, char **label) grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr); label_len = grub_be_to_cpu16 (catkey->namelen); - label_name = grub_malloc (label_len * sizeof (*label_name)); + label_name = grub_calloc (label_len, sizeof (*label_name)); if (!label_name) { grub_free (node); @@ -1029,7 +1034,7 @@ grub_hfsplus_label (grub_device_t device, char **label) } } - *label = grub_malloc (label_len * GRUB_MAX_UTF8_PER_UTF16 + 1); + *label = grub_calloc (label_len, GRUB_MAX_UTF8_PER_UTF16 + 1); if (! *label) { grub_free (label_name); diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c index 49c0c632b..5ec4433b8 100644 --- a/grub-core/fs/iso9660.c +++ b/grub-core/fs/iso9660.c @@ -28,6 +28,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -331,7 +332,7 @@ grub_iso9660_convert_string (grub_uint8_t *us, int len) int i; grub_uint16_t t[MAX_NAMELEN / 2 + 1]; - p = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); + p = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); if (! p) return NULL; @@ -531,11 +532,22 @@ add_part (struct iterate_dir_ctx *ctx, int len2) { int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; + grub_size_t sz; + char *new; - ctx->symlink = grub_realloc (ctx->symlink, size + len2 + 1); - if (! ctx->symlink) + if (grub_add (size, len2, &sz) || + grub_add (sz, 1, &sz)) return; + new = grub_realloc (ctx->symlink, sz); + if (!new) + { + grub_free (ctx->symlink); + ctx->symlink = NULL; + return; + } + ctx->symlink = new; + grub_memcpy (ctx->symlink + size, part, len2); ctx->symlink[size + len2] = 0; } @@ -560,17 +572,24 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, { grub_size_t off = 0, csize = 1; char *old; + grub_size_t sz; + csize = entry->len - 5; old = ctx->filename; if (ctx->filename_alloc) { off = grub_strlen (ctx->filename); - ctx->filename = grub_realloc (ctx->filename, csize + off + 1); + if (grub_add (csize, off, &sz) || + grub_add (sz, 1, &sz)) + return GRUB_ERR_OUT_OF_RANGE; + ctx->filename = grub_realloc (ctx->filename, sz); } else { off = 0; - ctx->filename = grub_zalloc (csize + 1); + if (grub_add (csize, 1, &sz)) + return GRUB_ERR_OUT_OF_RANGE; + ctx->filename = grub_zalloc (sz); } if (!ctx->filename) { @@ -621,7 +640,12 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, is the length. Both are part of the `Component Record'. */ if (ctx->symlink && !ctx->was_continue) - add_part (ctx, "/", 1); + { + add_part (ctx, "/", 1); + if (grub_errno) + return grub_errno; + } + add_part (ctx, (char *) &entry->data[pos + 2], entry->data[pos + 1]); ctx->was_continue = (entry->data[pos] & 1); @@ -640,6 +664,11 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, add_part (ctx, "/", 1); break; } + + /* Check if grub_realloc() failed in add_part(). */ + if (grub_errno) + return grub_errno; + /* In pos + 1 the length of the `Component Record' is stored. */ pos += entry->data[pos + 1] + 2; @@ -776,14 +805,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, if (node->have_dirents >= node->alloc_dirents) { struct grub_fshelp_node *new_node; - node->alloc_dirents *= 2; - new_node = grub_realloc (node, - sizeof (struct grub_fshelp_node) - + ((node->alloc_dirents - - ARRAY_SIZE (node->dirents)) - * sizeof (node->dirents[0]))); + grub_size_t sz; + + if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) || + grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || + grub_mul (sz, sizeof (node->dirents[0]), &sz) || + grub_add (sz, sizeof (struct grub_fshelp_node), &sz)) + goto fail_0; + + new_node = grub_realloc (node, sz); if (!new_node) { + fail_0: if (ctx.filename_alloc) grub_free (ctx.filename); grub_free (node); @@ -799,14 +832,18 @@ grub_iso9660_iterate_dir (grub_fshelp_node_t dir, * sizeof (node->dirents[0]) < grub_strlen (ctx.symlink) + 1) { struct grub_fshelp_node *new_node; - new_node = grub_realloc (node, - sizeof (struct grub_fshelp_node) - + ((node->alloc_dirents - - ARRAY_SIZE (node->dirents)) - * sizeof (node->dirents[0])) - + grub_strlen (ctx.symlink) + 1); + grub_size_t sz; + + if (grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || + grub_mul (sz, sizeof (node->dirents[0]), &sz) || + grub_add (sz, sizeof (struct grub_fshelp_node) + 1, &sz) || + grub_add (sz, grub_strlen (ctx.symlink), &sz)) + goto fail_1; + + new_node = grub_realloc (node, sz); if (!new_node) { + fail_1: if (ctx.filename_alloc) grub_free (ctx.filename); grub_free (node); diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c index fc4e1f678..2f34f76da 100644 --- a/grub-core/fs/ntfs.c +++ b/grub-core/fs/ntfs.c @@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t len) grub_uint16_t *tmp; grub_size_t i; - buf = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); - tmp = grub_malloc (len * sizeof (tmp[0])); + buf = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); + tmp = grub_calloc (len, sizeof (tmp[0])); if (!buf || !tmp) { grub_free (buf); diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c index 50c1fe72f..de2b107a4 100644 --- a/grub-core/fs/sfs.c +++ b/grub-core/fs/sfs.c @@ -26,6 +26,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -266,7 +267,7 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) node->next_extent = node->block; node->cache_size = 0; - node->cache = grub_malloc (sizeof (node->cache[0]) * cache_size); + node->cache = grub_calloc (cache_size, sizeof (node->cache[0])); if (!node->cache) { grub_errno = 0; @@ -307,10 +308,15 @@ grub_sfs_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock) if (node->cache && node->cache_size >= node->cache_allocated) { struct cache_entry *e = node->cache; - e = grub_realloc (node->cache,node->cache_allocated * 2 - * sizeof (e[0])); + grub_size_t sz; + + if (grub_mul (node->cache_allocated, 2 * sizeof (e[0]), &sz)) + goto fail; + + e = grub_realloc (node->cache, sz); if (!e) { + fail: grub_errno = 0; grub_free (node->cache); node->cache = 0; @@ -477,10 +483,16 @@ grub_sfs_create_node (struct grub_fshelp_node **node, grub_size_t len = grub_strlen (name); grub_uint8_t *name_u8; int ret; + grub_size_t sz; + + if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || + grub_add (sz, 1, &sz)) + return 1; + *node = grub_malloc (sizeof (**node)); if (!*node) return 1; - name_u8 = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); + name_u8 = grub_malloc (sz); if (!name_u8) { grub_free (*node); @@ -724,8 +736,13 @@ grub_sfs_label (grub_device_t device, char **label) data = grub_sfs_mount (disk); if (data) { - grub_size_t len = grub_strlen (data->label); - *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); + grub_size_t sz, len = grub_strlen (data->label); + + if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || + grub_add (sz, 1, &sz)) + return GRUB_ERR_OUT_OF_RANGE; + + *label = grub_malloc (sz); if (*label) *grub_latin1_to_utf8 ((grub_uint8_t *) *label, (const grub_uint8_t *) data->label, diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c index 95d5c1e1f..785123894 100644 --- a/grub-core/fs/squash4.c +++ b/grub-core/fs/squash4.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include "xz.h" @@ -459,7 +460,17 @@ grub_squash_read_symlink (grub_fshelp_node_t node) { char *ret; grub_err_t err; - ret = grub_malloc (grub_le_to_cpu32 (node->ino.symlink.namelen) + 1); + grub_size_t sz; + + if (grub_add (grub_le_to_cpu32 (node->ino.symlink.namelen), 1, &sz)) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + return NULL; + } + + ret = grub_malloc (sz); + if (!ret) + return NULL; err = read_chunk (node->data, ret, grub_le_to_cpu32 (node->ino.symlink.namelen), @@ -506,11 +517,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, { grub_fshelp_node_t node; - node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); + grub_size_t sz; + + if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || + grub_add (sz, sizeof (*node), &sz)) + return 0; + + node = grub_malloc (sz); if (!node) return 0; - grub_memcpy (node, dir, - sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); + grub_memcpy (node, dir, sz); if (hook (".", GRUB_FSHELP_DIR, node, hook_data)) return 1; @@ -518,12 +534,15 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, { grub_err_t err; - node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); + if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || + grub_add (sz, sizeof (*node), &sz)) + return 0; + + node = grub_malloc (sz); if (!node) return 0; - grub_memcpy (node, dir, - sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); + grub_memcpy (node, dir, sz); node->stsize--; err = read_chunk (dir->data, &node->ino, sizeof (node->ino), @@ -557,6 +576,7 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, enum grub_fshelp_filetype filetype = GRUB_FSHELP_REG; struct grub_squash_dirent di; struct grub_squash_inode ino; + grub_size_t sz; err = read_chunk (dir->data, &di, sizeof (di), grub_le_to_cpu64 (dir->data->sb.diroffset) @@ -589,13 +609,16 @@ grub_squash_iterate_dir (grub_fshelp_node_t dir, if (grub_le_to_cpu16 (di.type) == SQUASH_TYPE_SYMLINK) filetype = GRUB_FSHELP_SYMLINK; - node = grub_malloc (sizeof (*node) - + (dir->stsize + 1) * sizeof (dir->stack[0])); + if (grub_add (dir->stsize, 1, &sz) || + grub_mul (sz, sizeof (dir->stack[0]), &sz) || + grub_add (sz, sizeof (*node), &sz)) + return 0; + + node = grub_malloc (sz); if (! node) return 0; - grub_memcpy (node, dir, - sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); + grub_memcpy (node, dir, sz - sizeof(dir->stack[0])); node->ino = ino; node->stack[node->stsize].ino_chunk = grub_le_to_cpu32 (dh.ino_chunk); diff --git a/grub-core/fs/tar.c b/grub-core/fs/tar.c index 7d63e0c99..c551ed6b5 100644 --- a/grub-core/fs/tar.c +++ b/grub-core/fs/tar.c @@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp_data *data, char **name, if (data->linkname_alloc < linksize + 1) { char *n; - n = grub_malloc (2 * (linksize + 1)); + n = grub_calloc (2, linksize + 1); if (!n) return grub_errno; grub_free (data->linkname); diff --git a/grub-core/fs/udf.c b/grub-core/fs/udf.c index dc8b6e2d1..21ac7f446 100644 --- a/grub-core/fs/udf.c +++ b/grub-core/fs/udf.c @@ -28,6 +28,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -873,7 +874,7 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) { unsigned i; utf16len = sz - 1; - utf16 = grub_malloc (utf16len * sizeof (utf16[0])); + utf16 = grub_calloc (utf16len, sizeof (utf16[0])); if (!utf16) return NULL; for (i = 0; i < utf16len; i++) @@ -883,16 +884,26 @@ read_string (const grub_uint8_t *raw, grub_size_t sz, char *outbuf) { unsigned i; utf16len = (sz - 1) / 2; - utf16 = grub_malloc (utf16len * sizeof (utf16[0])); + utf16 = grub_calloc (utf16len, sizeof (utf16[0])); if (!utf16) return NULL; for (i = 0; i < utf16len; i++) utf16[i] = (raw[2 * i + 1] << 8) | raw[2*i + 2]; } if (!outbuf) - outbuf = grub_malloc (utf16len * GRUB_MAX_UTF8_PER_UTF16 + 1); + { + grub_size_t size; + + if (grub_mul (utf16len, GRUB_MAX_UTF8_PER_UTF16, &size) || + grub_add (size, 1, &size)) + goto fail; + + outbuf = grub_malloc (size); + } if (outbuf) *grub_utf16_to_utf8 ((grub_uint8_t *) outbuf, utf16, utf16len) = '\0'; + + fail: grub_free (utf16); return outbuf; } @@ -1005,7 +1016,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node) grub_size_t sz = U64 (node->block.fe.file_size); grub_uint8_t *raw; const grub_uint8_t *ptr; - char *out, *optr; + char *out = NULL, *optr; if (sz < 4) return NULL; @@ -1013,14 +1024,16 @@ grub_udf_read_symlink (grub_fshelp_node_t node) if (!raw) return NULL; if (grub_udf_read_file (node, NULL, NULL, 0, sz, (char *) raw) < 0) - { - grub_free (raw); - return NULL; - } + goto fail_1; - out = grub_malloc (sz * 2 + 1); + if (grub_mul (sz, 2, &sz) || + grub_add (sz, 1, &sz)) + goto fail_0; + + out = grub_malloc (sz); if (!out) { + fail_0: grub_free (raw); return NULL; } @@ -1031,17 +1044,17 @@ grub_udf_read_symlink (grub_fshelp_node_t node) { grub_size_t s; if ((grub_size_t) (ptr - raw + 4) > sz) - goto fail; + goto fail_1; if (!(ptr[2] == 0 && ptr[3] == 0)) - goto fail; + goto fail_1; s = 4 + ptr[1]; if ((grub_size_t) (ptr - raw + s) > sz) - goto fail; + goto fail_1; switch (*ptr) { case 1: if (ptr[1]) - goto fail; + goto fail_1; /* Fallthrough. */ case 2: /* in 4 bytes. out: 1 byte. */ @@ -1066,11 +1079,11 @@ grub_udf_read_symlink (grub_fshelp_node_t node) if (optr != out) *optr++ = '/'; if (!read_string (ptr + 4, s - 4, optr)) - goto fail; + goto fail_1; optr += grub_strlen (optr); break; default: - goto fail; + goto fail_1; } ptr += s; } @@ -1078,7 +1091,7 @@ grub_udf_read_symlink (grub_fshelp_node_t node) grub_free (raw); return out; - fail: + fail_1: grub_free (raw); grub_free (out); grub_error (GRUB_ERR_BAD_FS, "invalid symlink"); diff --git a/grub-core/fs/xfs.c b/grub-core/fs/xfs.c index 96ffecbfc..ea6590290 100644 --- a/grub-core/fs/xfs.c +++ b/grub-core/fs/xfs.c @@ -25,6 +25,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -899,6 +900,7 @@ static struct grub_xfs_data * grub_xfs_mount (grub_disk_t disk) { struct grub_xfs_data *data = 0; + grub_size_t sz; data = grub_zalloc (sizeof (struct grub_xfs_data)); if (!data) @@ -913,10 +915,11 @@ grub_xfs_mount (grub_disk_t disk) if (!grub_xfs_sb_valid(data)) goto fail; - data = grub_realloc (data, - sizeof (struct grub_xfs_data) - - sizeof (struct grub_xfs_inode) - + grub_xfs_inode_size(data) + 1); + if (grub_add (grub_xfs_inode_size (data), + sizeof (struct grub_xfs_data) - sizeof (struct grub_xfs_inode) + 1, &sz)) + goto fail; + + data = grub_realloc (data, sz); if (! data) goto fail; diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c index 2f72e42bf..36d0373a6 100644 --- a/grub-core/fs/zfs/zfs.c +++ b/grub-core/fs/zfs/zfs.c @@ -55,6 +55,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -773,11 +774,14 @@ fill_vdev_info (struct grub_zfs_data *data, if (data->n_devices_attached > data->n_devices_allocated) { void *tmp; - data->n_devices_allocated = 2 * data->n_devices_attached + 1; - data->devices_attached - = grub_realloc (tmp = data->devices_attached, - data->n_devices_allocated - * sizeof (data->devices_attached[0])); + grub_size_t sz; + + if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || + grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || + grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) + return GRUB_ERR_OUT_OF_RANGE; + + data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); if (!data->devices_attached) { data->devices_attached = tmp; @@ -3325,7 +3329,7 @@ dnode_get_fullpath (const char *fullpath, struct subvolume *subvol, } subvol->nkeys = 0; zap_iterate (&keychain_dn, 8, count_zap_keys, &ctx, data); - subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0])); + subvol->keyring = grub_calloc (subvol->nkeys, sizeof (subvol->keyring[0])); if (!subvol->keyring) { grub_free (fsname); @@ -3468,14 +3472,18 @@ grub_zfs_nvlist_lookup_nvlist (const char *nvlist, const char *name) { char *nvpair; char *ret; - grub_size_t size; + grub_size_t size, sz; int found; found = nvlist_find_value (nvlist, name, DATA_TYPE_NVLIST, &nvpair, &size, 0); if (!found) return 0; - ret = grub_zalloc (size + 3 * sizeof (grub_uint32_t)); + + if (grub_add (size, 3 * sizeof (grub_uint32_t), &sz)) + return 0; + + ret = grub_zalloc (sz); if (!ret) return 0; grub_memcpy (ret, nvlist, sizeof (grub_uint32_t)); @@ -4336,7 +4344,7 @@ grub_zfs_embed (grub_device_t device __attribute__ ((unused)), *nsectors = (VDEV_BOOT_SIZE >> GRUB_DISK_SECTOR_BITS); if (*nsectors > max_nsectors) *nsectors = max_nsectors; - *sectors = grub_malloc (*nsectors * sizeof (**sectors)); + *sectors = grub_calloc (*nsectors, sizeof (**sectors)); if (!*sectors) return grub_errno; for (i = 0; i < *nsectors; i++) diff --git a/grub-core/fs/zfs/zfscrypt.c b/grub-core/fs/zfs/zfscrypt.c index 1402e0bc2..de3b015f5 100644 --- a/grub-core/fs/zfs/zfscrypt.c +++ b/grub-core/fs/zfs/zfscrypt.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -82,9 +83,13 @@ grub_zfs_add_key (grub_uint8_t *key_in, int passphrase) { struct grub_zfs_wrap_key *key; + grub_size_t sz; + if (!passphrase && keylen > 32) keylen = 32; - key = grub_malloc (sizeof (*key) + keylen); + if (grub_add (sizeof (*key), keylen, &sz)) + return GRUB_ERR_OUT_OF_RANGE; + key = grub_malloc (sz); if (!key) return grub_errno; key->is_passphrase = passphrase; diff --git a/grub-core/gfxmenu/gui_image.c b/grub-core/gfxmenu/gui_image.c index 29784ed2d..6b2e976f1 100644 --- a/grub-core/gfxmenu/gui_image.c +++ b/grub-core/gfxmenu/gui_image.c @@ -195,7 +195,10 @@ load_image (grub_gui_image_t self, const char *path) return grub_errno; if (self->bitmap && (self->bitmap != self->raw_bitmap)) - grub_video_bitmap_destroy (self->bitmap); + { + grub_video_bitmap_destroy (self->bitmap); + self->bitmap = 0; + } if (self->raw_bitmap) grub_video_bitmap_destroy (self->raw_bitmap); diff --git a/grub-core/gfxmenu/gui_string_util.c b/grub-core/gfxmenu/gui_string_util.c index a9a415e31..ba1e1eab3 100644 --- a/grub-core/gfxmenu/gui_string_util.c +++ b/grub-core/gfxmenu/gui_string_util.c @@ -55,7 +55,7 @@ canonicalize_path (const char *path) if (*p == '/') components++; - char **path_array = grub_malloc (components * sizeof (*path_array)); + char **path_array = grub_calloc (components, sizeof (*path_array)); if (! path_array) return 0; diff --git a/grub-core/gfxmenu/widget-box.c b/grub-core/gfxmenu/widget-box.c index b60602889..470597ded 100644 --- a/grub-core/gfxmenu/widget-box.c +++ b/grub-core/gfxmenu/widget-box.c @@ -303,10 +303,10 @@ grub_gfxmenu_create_box (const char *pixmaps_prefix, box->content_height = 0; box->raw_pixmaps = (struct grub_video_bitmap **) - grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); + grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); box->scaled_pixmaps = (struct grub_video_bitmap **) - grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); + grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); /* Initialize all pixmap pointers to NULL so that proper destruction can be performed if an error is encountered partway through construction. */ diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c index 6208a9763..43d98a7bd 100644 --- a/grub-core/io/gzio.c +++ b/grub-core/io/gzio.c @@ -554,7 +554,7 @@ huft_build (unsigned *b, /* code lengths in bits (all assumed <= BMAX) */ z = 1 << j; /* table entries for j-bit table */ /* allocate and link in new table */ - q = (struct huft *) grub_zalloc ((z + 1) * sizeof (struct huft)); + q = (struct huft *) grub_calloc (z + 1, sizeof (struct huft)); if (! q) { if (h) diff --git a/grub-core/kern/arm/coreboot/coreboot.S b/grub-core/kern/arm/coreboot/coreboot.S index a1104526c..70998c066 100644 --- a/grub-core/kern/arm/coreboot/coreboot.S +++ b/grub-core/kern/arm/coreboot/coreboot.S @@ -42,3 +42,9 @@ FUNCTION(grub_armv7_get_timer_frequency) mrc p15, 0, r0, c14, c0, 0 bx lr +int +EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size); +grub_err_t +EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, + void *kernel_param); + diff --git a/grub-core/kern/arm/efi/init.c b/grub-core/kern/arm/efi/init.c index 06df60e2f..40c3b467f 100644 --- a/grub-core/kern/arm/efi/init.c +++ b/grub-core/kern/arm/efi/init.c @@ -71,4 +71,7 @@ grub_machine_fini (int flags) efi_call_1 (b->close_event, tmr_evt); grub_efi_fini (); + + if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) + grub_efi_memory_fini (); } diff --git a/grub-core/kern/arm64/efi/init.c b/grub-core/kern/arm64/efi/init.c index 6224999ec..5010caefd 100644 --- a/grub-core/kern/arm64/efi/init.c +++ b/grub-core/kern/arm64/efi/init.c @@ -57,4 +57,7 @@ grub_machine_fini (int flags) return; grub_efi_fini (); + + if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) + grub_efi_memory_fini (); } diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c index 074dfc3c6..d665c10fc 100644 --- a/grub-core/kern/dl.c +++ b/grub-core/kern/dl.c @@ -32,6 +32,7 @@ #include #include #include +#include /* Platforms where modules are in a readonly area of memory. */ #if defined(GRUB_MACHINE_QEMU) diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c index 96204e39b..7cf003f71 100644 --- a/grub-core/kern/efi/efi.c +++ b/grub-core/kern/efi/efi.c @@ -157,18 +157,24 @@ grub_efi_get_loaded_image (grub_efi_handle_t image_handle) void grub_reboot (void) { - grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); + grub_machine_fini (GRUB_LOADER_FLAG_NORETURN | + GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY); efi_call_4 (grub_efi_system_table->runtime_services->reset_system, GRUB_EFI_RESET_COLD, GRUB_EFI_SUCCESS, 0, NULL); for (;;) ; } void -grub_exit (void) +grub_exit (int retval) { + grub_efi_status_t rc = GRUB_EFI_LOAD_ERROR; + + if (retval == 0) + rc = GRUB_EFI_SUCCESS; + grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); efi_call_4 (grub_efi_system_table->boot_services->exit, - grub_efi_image_handle, GRUB_EFI_SUCCESS, 0, 0); + grub_efi_image_handle, rc, 0, 0); for (;;) ; } @@ -202,7 +208,7 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid, len = grub_strlen (var); len16 = len * GRUB_MAX_UTF16_PER_UTF8; - var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); + var16 = grub_calloc (len16 + 1, sizeof (var16[0])); if (!var16) return grub_errno; len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); @@ -237,7 +243,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, len = grub_strlen (var); len16 = len * GRUB_MAX_UTF16_PER_UTF8; - var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); + var16 = grub_calloc (len16 + 1, sizeof (var16[0])); if (!var16) return NULL; len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); @@ -273,34 +279,6 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid, return NULL; } -grub_efi_boolean_t -grub_efi_secure_boot (void) -{ - grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; - grub_size_t datasize; - char *secure_boot = NULL; - char *setup_mode = NULL; - grub_efi_boolean_t ret = 0; - - secure_boot = grub_efi_get_variable ("SecureBoot", &efi_var_guid, &datasize); - - if (datasize != 1 || !secure_boot) - goto out; - - setup_mode = grub_efi_get_variable ("SetupMode", &efi_var_guid, &datasize); - - if (datasize != 1 || !setup_mode) - goto out; - - if (*secure_boot && !*setup_mode) - ret = 1; - - out: - grub_free (secure_boot); - grub_free (setup_mode); - return ret; -} - #pragma GCC diagnostic ignored "-Wcast-align" /* Search the mods section from the PE32/PE32+ image. This code uses @@ -360,7 +338,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) dp = dp0; - while (1) + while (dp) { grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); @@ -370,9 +348,15 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) { - grub_efi_uint16_t len; - len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) - / sizeof (grub_efi_char16_t)); + grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); + + if (len < 4) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, + "malformed EFI Device Path node has length=%d", len); + return NULL; + } + len = (len - 4) / sizeof (grub_efi_char16_t); filesize += GRUB_MAX_UTF8_PER_UTF16 * len + 2; } @@ -388,7 +372,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) if (!name) return NULL; - while (1) + while (dp) { grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); @@ -404,14 +388,21 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0) *p++ = '/'; - len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) - / sizeof (grub_efi_char16_t)); + len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); + if (len < 4) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, + "malformed EFI Device Path node has length=%d", len); + return NULL; + } + + len = (len - 4) / sizeof (grub_efi_char16_t); fp = (grub_efi_file_path_device_path_t *) dp; /* According to EFI spec Path Name is NULL terminated */ while (len > 0 && fp->path_name[len - 1] == 0) len--; - dup_name = grub_malloc (len * sizeof (*dup_name)); + dup_name = grub_calloc (len, sizeof (*dup_name)); if (!dup_name) { grub_free (name); @@ -480,7 +471,26 @@ grub_efi_duplicate_device_path (const grub_efi_device_path_t *dp) ; p = GRUB_EFI_NEXT_DEVICE_PATH (p)) { - total_size += GRUB_EFI_DEVICE_PATH_LENGTH (p); + grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (p); + + /* + * In the event that we find a node that's completely garbage, for + * example if we get to 0x7f 0x01 0x02 0x00 ... (EndInstance with a size + * of 2), GRUB_EFI_END_ENTIRE_DEVICE_PATH() will be true and + * GRUB_EFI_NEXT_DEVICE_PATH() will return NULL, so we won't continue, + * and neither should our consumers, but there won't be any error raised + * even though the device path is junk. + * + * This keeps us from passing junk down back to our caller. + */ + if (len < 4) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, + "malformed EFI Device Path node has length=%d", len); + return NULL; + } + + total_size += len; if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (p)) break; } @@ -525,7 +535,7 @@ dump_vendor_path (const char *type, grub_efi_vendor_device_path_t *vendor) void grub_efi_print_device_path (grub_efi_device_path_t *dp) { - while (1) + while (GRUB_EFI_DEVICE_PATH_VALID (dp)) { grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); @@ -937,7 +947,11 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, /* Return non-zero. */ return 1; - while (1) + if (dp1 == dp2) + return 0; + + while (GRUB_EFI_DEVICE_PATH_VALID (dp1) + && GRUB_EFI_DEVICE_PATH_VALID (dp2)) { grub_efi_uint8_t type1, type2; grub_efi_uint8_t subtype1, subtype2; @@ -973,5 +987,16 @@ grub_efi_compare_device_paths (const grub_efi_device_path_t *dp1, dp2 = (grub_efi_device_path_t *) ((char *) dp2 + len2); } + /* + * There's no "right" answer here, but we probably don't want to call a valid + * dp and an invalid dp equal, so pick one way or the other. + */ + if (GRUB_EFI_DEVICE_PATH_VALID (dp1) && + !GRUB_EFI_DEVICE_PATH_VALID (dp2)) + return 1; + else if (!GRUB_EFI_DEVICE_PATH_VALID (dp1) && + GRUB_EFI_DEVICE_PATH_VALID (dp2)) + return -1; + return 0; } diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c index 3dfdf2d22..2c31847bf 100644 --- a/grub-core/kern/efi/init.c +++ b/grub-core/kern/efi/init.c @@ -80,5 +80,4 @@ grub_efi_fini (void) { grub_efidisk_fini (); grub_console_fini (); - grub_efi_memory_fini (); } diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c new file mode 100644 index 000000000..c14f401d7 --- /dev/null +++ b/grub-core/kern/efi/sb.c @@ -0,0 +1,66 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2014 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include +#include +#include +#ifdef GRUB_MACHINE_EFI +#include +#endif +#include +#include +#include +#include + +int +grub_efi_secure_boot (void) +{ +#ifdef GRUB_MACHINE_EFI + grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; + grub_size_t datasize; + char *secure_boot = NULL; + char *setup_mode = NULL; + grub_efi_boolean_t ret = 0; + + secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize); + if (datasize != 1 || !secure_boot) + { + grub_dprintf ("secureboot", "No SecureBoot variable\n"); + goto out; + } + grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot); + + setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize); + if (datasize != 1 || !setup_mode) + { + grub_dprintf ("secureboot", "No SetupMode variable\n"); + goto out; + } + grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode); + + if (*secure_boot && !*setup_mode) + ret = 1; + + out: + grub_free (secure_boot); + grub_free (setup_mode); + return ret; +#else + return 0; +#endif +} diff --git a/grub-core/kern/emu/hostdisk.c b/grub-core/kern/emu/hostdisk.c index 8ac523953..f90b6c9ce 100644 --- a/grub-core/kern/emu/hostdisk.c +++ b/grub-core/kern/emu/hostdisk.c @@ -627,7 +627,7 @@ static char * grub_util_path_concat_real (size_t n, int ext, va_list ap) { size_t totlen = 0; - char **l = xmalloc ((n + ext) * sizeof (l[0])); + char **l = xcalloc (n + ext, sizeof (l[0])); char *r, *p, *pi; size_t i; int first = 1; diff --git a/grub-core/kern/emu/main.c b/grub-core/kern/emu/main.c index 425bb9603..55ea5a11c 100644 --- a/grub-core/kern/emu/main.c +++ b/grub-core/kern/emu/main.c @@ -67,7 +67,7 @@ grub_reboot (void) } void -grub_exit (void) +grub_exit (int retval __attribute__((unused))) { grub_reboot (); } diff --git a/grub-core/kern/emu/misc.c b/grub-core/kern/emu/misc.c index 65db79baa..0ff13bcaf 100644 --- a/grub-core/kern/emu/misc.c +++ b/grub-core/kern/emu/misc.c @@ -85,6 +85,18 @@ grub_util_error (const char *fmt, ...) exit (1); } +void * +xcalloc (grub_size_t nmemb, grub_size_t size) +{ + void *p; + + p = calloc (nmemb, size); + if (!p) + grub_util_error ("%s", _("out of memory")); + + return p; +} + void * xmalloc (grub_size_t size) { @@ -139,9 +151,10 @@ xasprintf (const char *fmt, ...) #if !defined (GRUB_MACHINE_EMU) || defined (GRUB_UTIL) void -grub_exit (void) +__attribute__ ((noreturn)) +grub_exit (int rc) { - exit (1); + exit (rc < 0 ? 1 : rc); } #endif diff --git a/grub-core/kern/emu/mm.c b/grub-core/kern/emu/mm.c index f262e95e3..145b01d37 100644 --- a/grub-core/kern/emu/mm.c +++ b/grub-core/kern/emu/mm.c @@ -25,6 +25,16 @@ #include #include +void * +grub_calloc (grub_size_t nmemb, grub_size_t size) +{ + void *ret; + ret = calloc (nmemb, size); + if (!ret) + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); + return ret; +} + void * grub_malloc (grub_size_t size) { diff --git a/grub-core/kern/fs.c b/grub-core/kern/fs.c index 2b85f4950..f90be6566 100644 --- a/grub-core/kern/fs.c +++ b/grub-core/kern/fs.c @@ -151,7 +151,7 @@ grub_fs_blocklist_open (grub_file_t file, const char *name) while (p); /* Allocate a block list. */ - blocks = grub_zalloc (sizeof (struct grub_fs_block) * (num + 1)); + blocks = grub_calloc (num + 1, sizeof (struct grub_fs_block)); if (! blocks) return 0; diff --git a/grub-core/kern/i386/coreboot/init.c b/grub-core/kern/i386/coreboot/init.c index 3314f027f..36f9134b7 100644 --- a/grub-core/kern/i386/coreboot/init.c +++ b/grub-core/kern/i386/coreboot/init.c @@ -41,7 +41,7 @@ extern grub_uint8_t _end[]; extern grub_uint8_t _edata[]; void __attribute__ ((noreturn)) -grub_exit (void) +grub_exit (int rc __attribute__((unused))) { /* We can't use grub_fatal() in this function. This would create an infinite loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ diff --git a/grub-core/kern/i386/efi/init.c b/grub-core/kern/i386/efi/init.c index da499aba0..deb2eacd8 100644 --- a/grub-core/kern/i386/efi/init.c +++ b/grub-core/kern/i386/efi/init.c @@ -39,6 +39,11 @@ grub_machine_init (void) void grub_machine_fini (int flags) { - if (flags & GRUB_LOADER_FLAG_NORETURN) - grub_efi_fini (); + if (!(flags & GRUB_LOADER_FLAG_NORETURN)) + return; + + grub_efi_fini (); + + if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) + grub_efi_memory_fini (); } diff --git a/grub-core/kern/i386/qemu/init.c b/grub-core/kern/i386/qemu/init.c index 271b6fbfa..9fafe98f0 100644 --- a/grub-core/kern/i386/qemu/init.c +++ b/grub-core/kern/i386/qemu/init.c @@ -42,7 +42,7 @@ extern grub_uint8_t _end[]; extern grub_uint8_t _edata[]; void __attribute__ ((noreturn)) -grub_exit (void) +grub_exit (int rc __attribute__((unused))) { /* We can't use grub_fatal() in this function. This would create an infinite loop, since grub_fatal() calls grub_abort() which in turn calls grub_exit(). */ diff --git a/grub-core/kern/i386/tsc_pmtimer.c b/grub-core/kern/i386/tsc_pmtimer.c index c9c361699..ca15c3aac 100644 --- a/grub-core/kern/i386/tsc_pmtimer.c +++ b/grub-core/kern/i386/tsc_pmtimer.c @@ -28,40 +28,101 @@ #include #include +/* + * Define GRUB_PMTIMER_IGNORE_BAD_READS if you're trying to test a timer that's + * present but doesn't keep time well. + */ +// #define GRUB_PMTIMER_IGNORE_BAD_READS + grub_uint64_t grub_pmtimer_wait_count_tsc (grub_port_t pmtimer, grub_uint16_t num_pm_ticks) { grub_uint32_t start; - grub_uint32_t last; - grub_uint32_t cur, end; + grub_uint64_t cur, end; grub_uint64_t start_tsc; grub_uint64_t end_tsc; - int num_iter = 0; + unsigned int num_iter = 0; +#ifndef GRUB_PMTIMER_IGNORE_BAD_READS + int bad_reads = 0; +#endif - start = grub_inl (pmtimer) & 0xffffff; - last = start; + /* + * Some timers are 24-bit and some are 32-bit, but it doesn't make much + * difference to us. Caring which one we have isn't really worth it since + * the low-order digits will give us enough data to calibrate TSC. So just + * mask the top-order byte off. + */ + cur = start = grub_inl (pmtimer) & 0xffffffUL; end = start + num_pm_ticks; start_tsc = grub_get_tsc (); while (1) { - cur = grub_inl (pmtimer) & 0xffffff; - if (cur < last) - cur |= 0x1000000; - num_iter++; + cur &= 0xffffffffff000000ULL; + cur |= grub_inl (pmtimer) & 0xffffffUL; + + end_tsc = grub_get_tsc(); + +#ifndef GRUB_PMTIMER_IGNORE_BAD_READS + /* + * If we get 10 reads in a row that are obviously dead pins, there's no + * reason to do this thousands of times. + */ + if (cur == 0xffffffUL || cur == 0) + { + bad_reads++; + grub_dprintf ("pmtimer", + "pmtimer: 0x%"PRIxGRUB_UINT64_T" bad_reads: %d\n", + cur, bad_reads); + grub_dprintf ("pmtimer", "timer is broken; giving up.\n"); + + if (bad_reads == 10) + return 0; + } +#endif + + if (cur < start) + cur += 0x1000000; + if (cur >= end) { - end_tsc = grub_get_tsc (); + grub_dprintf ("pmtimer", "pmtimer delta is 0x%"PRIxGRUB_UINT64_T"\n", + cur - start); + grub_dprintf ("pmtimer", "tsc delta is 0x%"PRIxGRUB_UINT64_T"\n", + end_tsc - start_tsc); return end_tsc - start_tsc; } - /* Check for broken PM timer. - 50000000 TSCs is between 5 ms (10GHz) and 200 ms (250 MHz) - if after this time we still don't have 1 ms on pmtimer, then - pmtimer is broken. + + /* + * Check for broken PM timer. 1ms at 10GHz should be 1E+7 TSCs; at + * 250MHz it should be 2.5E6. So if after 4E+7 TSCs on a 10GHz machine, + * we should have seen pmtimer show 4ms of change (i.e. cur =~ + * start+14320); on a 250MHz machine that should be 16ms (start+57280). + * If after this a time we still don't have 1ms on pmtimer, then pmtimer + * is broken. + * + * Likewise, if our code is perfectly efficient and introduces no delays + * whatsoever, on a 10GHz system we should see a TSC delta of 3580 in + * ~3580 iterations. On a 250MHz machine that should be ~900 iterations. + * + * With those factors in mind, there are two limits here. There's a hard + * limit here at 8x our desired pm timer delta, picked as an arbitrarily + * large value that's still not a lot of time to humans, because if we + * get that far this is either an implausibly fast machine or the pmtimer + * is not running. And there's another limit on 4x our 10GHz tsc delta + * without seeing cur converge on our target value. */ - if ((num_iter & 0xffffff) == 0 && grub_get_tsc () - start_tsc > 5000000) { - return 0; - } + if ((++num_iter > (grub_uint32_t)num_pm_ticks << 3UL) || + end_tsc - start_tsc > 40000000) + { + grub_dprintf ("pmtimer", + "pmtimer delta is 0x%"PRIxGRUB_UINT64_T" (%u iterations)\n", + cur - start, num_iter); + grub_dprintf ("pmtimer", + "tsc delta is implausible: 0x%"PRIxGRUB_UINT64_T"\n", + end_tsc - start_tsc); + return 0; + } } } @@ -74,12 +135,20 @@ grub_tsc_calibrate_from_pmtimer (void) fadt = grub_acpi_find_fadt (); if (!fadt) - return 0; + { + grub_dprintf ("pmtimer", "No FADT found; not using pmtimer.\n"); + return 0; + } pmtimer = fadt->pmtimer; if (!pmtimer) - return 0; + { + grub_dprintf ("pmtimer", "FADT does not specify pmtimer; skipping.\n"); + return 0; + } - /* It's 3.579545 MHz clock. Wait 1 ms. */ + /* + * It's 3.579545 MHz clock. Wait 1 ms. + */ tsc_diff = grub_pmtimer_wait_count_tsc (pmtimer, 3580); if (tsc_diff == 0) return 0; diff --git a/grub-core/kern/ia64/efi/init.c b/grub-core/kern/ia64/efi/init.c index b5ecbd091..f1965571b 100644 --- a/grub-core/kern/ia64/efi/init.c +++ b/grub-core/kern/ia64/efi/init.c @@ -70,6 +70,11 @@ grub_machine_init (void) void grub_machine_fini (int flags) { - if (flags & GRUB_LOADER_FLAG_NORETURN) - grub_efi_fini (); + if (!(flags & GRUB_LOADER_FLAG_NORETURN)) + return; + + grub_efi_fini (); + + if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) + grub_efi_memory_fini (); } diff --git a/grub-core/kern/ieee1275/init.c b/grub-core/kern/ieee1275/init.c index 8b089b48d..085a6a33f 100644 --- a/grub-core/kern/ieee1275/init.c +++ b/grub-core/kern/ieee1275/init.c @@ -71,7 +71,7 @@ grub_addr_t grub_ieee1275_original_stack; #endif void -grub_exit (void) +grub_exit (int rc __attribute__((unused))) { grub_ieee1275_exit (); } diff --git a/grub-core/kern/mips/arc/init.c b/grub-core/kern/mips/arc/init.c index 3834a1490..86b3a25ec 100644 --- a/grub-core/kern/mips/arc/init.c +++ b/grub-core/kern/mips/arc/init.c @@ -276,7 +276,7 @@ grub_halt (void) } void -grub_exit (void) +grub_exit (int rc __attribute__((unused))) { GRUB_ARC_FIRMWARE_VECTOR->exit (); diff --git a/grub-core/kern/mips/loongson/init.c b/grub-core/kern/mips/loongson/init.c index 7b96531b9..dff598ca7 100644 --- a/grub-core/kern/mips/loongson/init.c +++ b/grub-core/kern/mips/loongson/init.c @@ -304,7 +304,7 @@ grub_halt (void) } void -grub_exit (void) +grub_exit (int rc __attribute__((unused))) { grub_halt (); } diff --git a/grub-core/kern/mips/qemu_mips/init.c b/grub-core/kern/mips/qemu_mips/init.c index be88b77d2..8b6c55ffc 100644 --- a/grub-core/kern/mips/qemu_mips/init.c +++ b/grub-core/kern/mips/qemu_mips/init.c @@ -75,7 +75,7 @@ grub_machine_fini (int flags __attribute__ ((unused))) } void -grub_exit (void) +grub_exit (int rc __attribute__((unused))) { grub_halt (); } diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c index 18cad5803..e742f56d2 100644 --- a/grub-core/kern/misc.c +++ b/grub-core/kern/misc.c @@ -691,7 +691,7 @@ parse_printf_args (const char *fmt0, struct printf_args *args, args->ptr = args->prealloc; else { - args->ptr = grub_malloc (args->count * sizeof (args->ptr[0])); + args->ptr = grub_calloc (args->count, sizeof (args->ptr[0])); if (!args->ptr) { grub_errno = GRUB_ERR_NONE; @@ -1098,9 +1098,18 @@ grub_abort (void) grub_getkey (); } - grub_exit (); + grub_exit (1); } +#if defined (__clang__) && !defined (GRUB_UTIL) +/* clang emits references to abort(). */ +void __attribute__ ((noreturn)) +abort (void) +{ + grub_abort (); +} +#endif + void grub_fatal (const char *fmt, ...) { diff --git a/grub-core/kern/mm.c b/grub-core/kern/mm.c index ee88ff611..f2822a836 100644 --- a/grub-core/kern/mm.c +++ b/grub-core/kern/mm.c @@ -67,8 +67,10 @@ #include #include #include +#include #ifdef MM_DEBUG +# undef grub_calloc # undef grub_malloc # undef grub_zalloc # undef grub_realloc @@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_size_t size) return 0; } +/* + * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on + * integer overflow. + */ +void * +grub_calloc (grub_size_t nmemb, grub_size_t size) +{ + void *ret; + grub_size_t sz = 0; + + if (grub_mul (nmemb, size, &sz)) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + return NULL; + } + + ret = grub_memalign (0, sz); + if (!ret) + return NULL; + + grub_memset (ret, 0, sz); + return ret; +} + /* Allocate SIZE bytes and return the pointer. */ void * grub_malloc (grub_size_t size) @@ -561,6 +587,20 @@ grub_mm_dump (unsigned lineno) grub_printf ("\n"); } +void * +grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size) +{ + void *ptr; + + if (grub_mm_debug) + grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ", + file, line, size); + ptr = grub_calloc (nmemb, size); + if (grub_mm_debug) + grub_printf ("%p\n", ptr); + return ptr; +} + void * grub_debug_malloc (const char *file, int line, grub_size_t size) { diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c index 78175aac2..619db3122 100644 --- a/grub-core/kern/parser.c +++ b/grub-core/kern/parser.c @@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *cmdline, return grub_errno; grub_memcpy (args, buffer, bp - buffer); - *argv = grub_malloc (sizeof (char *) * (*argc + 1)); + *argv = grub_calloc (*argc + 1, sizeof (char *)); if (!*argv) { grub_free (args); diff --git a/grub-core/kern/riscv/efi/init.c b/grub-core/kern/riscv/efi/init.c index 7eb1969d0..38795fe67 100644 --- a/grub-core/kern/riscv/efi/init.c +++ b/grub-core/kern/riscv/efi/init.c @@ -73,4 +73,7 @@ grub_machine_fini (int flags) return; grub_efi_fini (); + + if (!(flags & GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY)) + grub_efi_memory_fini (); } diff --git a/grub-core/kern/uboot/init.c b/grub-core/kern/uboot/init.c index 3e338645c..be2a5be1d 100644 --- a/grub-core/kern/uboot/init.c +++ b/grub-core/kern/uboot/init.c @@ -39,9 +39,9 @@ extern grub_size_t grub_total_module_size; static unsigned long timer_start; void -grub_exit (void) +grub_exit (int rc) { - grub_uboot_return (0); + grub_uboot_return (rc < 0 ? 1 : rc); } static grub_uint64_t @@ -78,7 +78,7 @@ grub_machine_init (void) if (!ver) { /* Don't even have a console to log errors to... */ - grub_exit (); + grub_exit (-1); } else if (ver > API_SIG_VERSION) { diff --git a/grub-core/kern/uboot/uboot.c b/grub-core/kern/uboot/uboot.c index be4816fe6..aac8f9ae1 100644 --- a/grub-core/kern/uboot/uboot.c +++ b/grub-core/kern/uboot/uboot.c @@ -133,7 +133,7 @@ grub_uboot_dev_enum (void) return num_devices; max_devices = 2; - enum_devices = grub_malloc (sizeof(struct device_info) * max_devices); + enum_devices = grub_calloc (max_devices, sizeof(struct device_info)); if (!enum_devices) return 0; diff --git a/grub-core/kern/xen/init.c b/grub-core/kern/xen/init.c index 782ca7295..708b060f3 100644 --- a/grub-core/kern/xen/init.c +++ b/grub-core/kern/xen/init.c @@ -584,7 +584,7 @@ grub_machine_init (void) } void -grub_exit (void) +grub_exit (int rc __attribute__((unused))) { struct sched_shutdown arg; diff --git a/grub-core/lib/LzmaEnc.c b/grub-core/lib/LzmaEnc.c index f2ec04a8c..753e56a95 100644 --- a/grub-core/lib/LzmaEnc.c +++ b/grub-core/lib/LzmaEnc.c @@ -1877,13 +1877,19 @@ static SRes LzmaEnc_CodeOneBlock(CLzmaEnc *p, Bool useLimits, UInt32 maxPackSize } else { - UInt32 posSlot; + UInt32 posSlot, lenToPosState; RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 0); p->state = kMatchNextStates[p->state]; LenEnc_Encode2(&p->lenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN, posState, !p->fastMode, p->ProbPrices); pos -= LZMA_NUM_REPS; GetPosSlot(pos, posSlot); - RcTree_Encode(&p->rc, p->posSlotEncoder[GetLenToPosState(len)], kNumPosSlotBits, posSlot); + lenToPosState = GetLenToPosState(len); + if (lenToPosState >= kNumLenToPosStates) + { + p->result = SZ_ERROR_DATA; + return CheckErrors(p); + } + RcTree_Encode(&p->rc, p->posSlotEncoder[lenToPosState], kNumPosSlotBits, posSlot); if (posSlot >= kStartPosModelIndex) { diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c index fd7744a6f..3288609a5 100644 --- a/grub-core/lib/arg.c +++ b/grub-core/lib/arg.c @@ -23,6 +23,7 @@ #include #include #include +#include /* Built-in parser for default options. */ static const struct grub_arg_option help_options[] = @@ -216,7 +217,13 @@ static inline grub_err_t add_arg (char ***argl, int *num, char *s) { char **p = *argl; - *argl = grub_realloc (*argl, (++(*num) + 1) * sizeof (char *)); + grub_size_t sz; + + if (grub_add (++(*num), 1, &sz) || + grub_mul (sz, sizeof (char *), &sz)) + return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + + *argl = grub_realloc (*argl, sz); if (! *argl) { grub_free (p); @@ -431,6 +438,7 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc, grub_size_t argcnt; struct grub_arg_list *list; const struct grub_arg_option *options; + grub_size_t sz0, sz1; options = extcmd->options; if (! options) @@ -443,7 +451,15 @@ grub_arg_list_alloc(grub_extcmd_t extcmd, int argc, argcnt += ((grub_size_t) argc + 1) / 2 + 1; /* max possible for any option */ } - list = grub_zalloc (sizeof (*list) * i + sizeof (char*) * argcnt); + if (grub_mul (sizeof (*list), i, &sz0) || + grub_mul (sizeof (char *), argcnt, &sz1) || + grub_add (sz0, sz1, &sz0)) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + return 0; + } + + list = grub_zalloc (sz0); if (! list) return 0; diff --git a/grub-core/lib/efi/halt.c b/grub-core/lib/efi/halt.c index 5859f0498..29d413641 100644 --- a/grub-core/lib/efi/halt.c +++ b/grub-core/lib/efi/halt.c @@ -28,7 +28,8 @@ void grub_halt (void) { - grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); + grub_machine_fini (GRUB_LOADER_FLAG_NORETURN | + GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY); #if !defined(__ia64__) && !defined(__arm__) && !defined(__aarch64__) && \ !defined(__riscv) grub_acpi_halt (); diff --git a/grub-core/lib/i386/relocator.c b/grub-core/lib/i386/relocator.c index 71dd4f0ab..34cbe834f 100644 --- a/grub-core/lib/i386/relocator.c +++ b/grub-core/lib/i386/relocator.c @@ -83,11 +83,10 @@ grub_relocator32_boot (struct grub_relocator *rel, /* Specific memory range due to Global Descriptor Table for use by payload that we will store in returned chunk. The address range and preference are based on "THE LINUX/x86 BOOT PROTOCOL" specification. */ - err = grub_relocator_alloc_chunk_align (rel, &ch, 0x1000, - 0x9a000 - RELOCATOR_SIZEOF (32), - RELOCATOR_SIZEOF (32), 16, - GRUB_RELOCATOR_PREFERENCE_LOW, - avoid_efi_bootservices); + err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x1000, 0x9a000, + RELOCATOR_SIZEOF (32), 16, + GRUB_RELOCATOR_PREFERENCE_LOW, + avoid_efi_bootservices); if (err) return err; @@ -125,13 +124,10 @@ grub_relocator16_boot (struct grub_relocator *rel, grub_relocator_chunk_t ch; /* Put it higher than the byte it checks for A20 check. */ - err = grub_relocator_alloc_chunk_align (rel, &ch, 0x8010, - 0xa0000 - RELOCATOR_SIZEOF (16) - - GRUB_RELOCATOR16_STACK_SIZE, - RELOCATOR_SIZEOF (16) - + GRUB_RELOCATOR16_STACK_SIZE, 16, - GRUB_RELOCATOR_PREFERENCE_NONE, - 0); + err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x8010, 0xa0000, + RELOCATOR_SIZEOF (16) + + GRUB_RELOCATOR16_STACK_SIZE, 16, + GRUB_RELOCATOR_PREFERENCE_NONE, 0); if (err) return err; @@ -183,11 +179,9 @@ grub_relocator64_boot (struct grub_relocator *rel, void *relst; grub_relocator_chunk_t ch; - err = grub_relocator_alloc_chunk_align (rel, &ch, min_addr, - max_addr - RELOCATOR_SIZEOF (64), - RELOCATOR_SIZEOF (64), 16, - GRUB_RELOCATOR_PREFERENCE_NONE, - 0); + err = grub_relocator_alloc_chunk_align_safe (rel, &ch, min_addr, max_addr, + RELOCATOR_SIZEOF (64), 16, + GRUB_RELOCATOR_PREFERENCE_NONE, 0); if (err) return err; diff --git a/grub-core/lib/libgcrypt/cipher/ac.c b/grub-core/lib/libgcrypt/cipher/ac.c index f5e946a2d..63f6fcd11 100644 --- a/grub-core/lib/libgcrypt/cipher/ac.c +++ b/grub-core/lib/libgcrypt/cipher/ac.c @@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n, gcry_mpi_t mpi; char *label; - data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n); + data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new)); if (! data_mpis_new) { err = gcry_error_from_errno (errno); @@ -572,7 +572,7 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp, } /* Add MPI list. */ - arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1)); + arg_list = gcry_calloc (data_n + 1, sizeof (*arg_list)); if (! arg_list) { err = gcry_error_from_errno (errno); @@ -1283,7 +1283,7 @@ ac_data_construct (const char *identifier, int include_flags, /* We build a list of arguments to pass to gcry_sexp_build_array(). */ data_length = _gcry_ac_data_length (data); - arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2)); + arg_list = gcry_calloc (data_length, sizeof (*arg_list) * 2); if (! arg_list) { err = gcry_error_from_errno (errno); @@ -1593,7 +1593,7 @@ _gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits, arg_list_n += 2; /* Allocate list. */ - arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n); + arg_list = gcry_calloc (arg_list_n, sizeof (*arg_list)); if (! arg_list) { err = gcry_error_from_errno (errno); diff --git a/grub-core/lib/libgcrypt/cipher/primegen.c b/grub-core/lib/libgcrypt/cipher/primegen.c index 2788e349f..b12e79b19 100644 --- a/grub-core/lib/libgcrypt/cipher/primegen.c +++ b/grub-core/lib/libgcrypt/cipher/primegen.c @@ -383,7 +383,7 @@ prime_generate_internal (int need_q_factor, } /* Allocate an array to track pool usage. */ - pool_in_use = gcry_malloc (n * sizeof *pool_in_use); + pool_in_use = gcry_calloc (n, sizeof *pool_in_use); if (!pool_in_use) { err = gpg_err_code_from_errno (errno); @@ -765,7 +765,7 @@ gen_prime (unsigned int nbits, int secret, int randomlevel, if (nbits < 16) log_fatal ("can't generate a prime with less than %d bits\n", 16); - mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods ); + mods = gcry_xcalloc( no_of_small_prime_numbers, sizeof *mods); /* Make nbits fit into gcry_mpi_t implementation. */ val_2 = mpi_alloc_set_ui( 2 ); val_3 = mpi_alloc_set_ui( 3); diff --git a/grub-core/lib/libgcrypt/cipher/pubkey.c b/grub-core/lib/libgcrypt/cipher/pubkey.c index 910982141..ca087ad75 100644 --- a/grub-core/lib/libgcrypt/cipher/pubkey.c +++ b/grub-core/lib/libgcrypt/cipher/pubkey.c @@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey) * array to a format string, so we have to do it this way :-(. */ /* FIXME: There is now such a format specifier, so we can change the code to be more clear. */ - arg_list = malloc (nelem * sizeof *arg_list); + arg_list = calloc (nelem, sizeof *arg_list); if (!arg_list) { rc = gpg_err_code_from_syserror (); @@ -3233,7 +3233,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey) } strcpy (p, "))"); - arg_list = malloc (nelem * sizeof *arg_list); + arg_list = calloc (nelem, sizeof *arg_list); if (!arg_list) { rc = gpg_err_code_from_syserror (); diff --git a/grub-core/lib/libgcrypt_wrap/mem.c b/grub-core/lib/libgcrypt_wrap/mem.c index beeb661a3..74c6eafe5 100644 --- a/grub-core/lib/libgcrypt_wrap/mem.c +++ b/grub-core/lib/libgcrypt_wrap/mem.c @@ -4,6 +4,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -36,7 +37,10 @@ void * gcry_xcalloc (size_t n, size_t m) { void *ret; - ret = grub_zalloc (n * m); + size_t sz; + if (grub_mul (n, m, &sz)) + grub_fatal ("gcry_xcalloc would overflow"); + ret = grub_zalloc (sz); if (!ret) grub_fatal ("gcry_xcalloc failed"); return ret; @@ -56,7 +60,10 @@ void * gcry_xcalloc_secure (size_t n, size_t m) { void *ret; - ret = grub_zalloc (n * m); + size_t sz; + if (grub_mul (n, m, &sz)) + grub_fatal ("gcry_xcalloc would overflow"); + ret = grub_zalloc (sz); if (!ret) grub_fatal ("gcry_xcalloc failed"); return ret; diff --git a/grub-core/lib/mips/relocator.c b/grub-core/lib/mips/relocator.c index 9d5f49cb9..743b213e6 100644 --- a/grub-core/lib/mips/relocator.c +++ b/grub-core/lib/mips/relocator.c @@ -120,10 +120,8 @@ grub_relocator32_boot (struct grub_relocator *rel, unsigned i; grub_addr_t vtarget; - err = grub_relocator_alloc_chunk_align (rel, &ch, 0, - (0xffffffff - stateset_size) - + 1, stateset_size, - sizeof (grub_uint32_t), + err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size), + stateset_size, sizeof (grub_uint32_t), GRUB_RELOCATOR_PREFERENCE_NONE, 0); if (err) return err; diff --git a/grub-core/lib/posix_wrap/stdlib.h b/grub-core/lib/posix_wrap/stdlib.h index 3b46f47ff..7a8d385e9 100644 --- a/grub-core/lib/posix_wrap/stdlib.h +++ b/grub-core/lib/posix_wrap/stdlib.h @@ -21,6 +21,7 @@ #include #include +#include static inline void free (void *ptr) @@ -37,7 +38,12 @@ malloc (grub_size_t size) static inline void * calloc (grub_size_t size, grub_size_t nelem) { - return grub_zalloc (size * nelem); + grub_size_t sz; + + if (grub_mul (size, nelem, &sz)) + return NULL; + + return grub_zalloc (sz); } static inline void * diff --git a/grub-core/lib/powerpc/relocator.c b/grub-core/lib/powerpc/relocator.c index bdf2b111b..8ffb8b686 100644 --- a/grub-core/lib/powerpc/relocator.c +++ b/grub-core/lib/powerpc/relocator.c @@ -115,10 +115,8 @@ grub_relocator32_boot (struct grub_relocator *rel, unsigned i; grub_relocator_chunk_t ch; - err = grub_relocator_alloc_chunk_align (rel, &ch, 0, - (0xffffffff - stateset_size) - + 1, stateset_size, - sizeof (grub_uint32_t), + err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size), + stateset_size, sizeof (grub_uint32_t), GRUB_RELOCATOR_PREFERENCE_NONE, 0); if (err) return err; diff --git a/grub-core/lib/priority_queue.c b/grub-core/lib/priority_queue.c index 659be0b7f..7d5e7c05a 100644 --- a/grub-core/lib/priority_queue.c +++ b/grub-core/lib/priority_queue.c @@ -92,7 +92,7 @@ grub_priority_queue_new (grub_size_t elsize, { struct grub_priority_queue *ret; void *els; - els = grub_malloc (elsize * 8); + els = grub_calloc (8, elsize); if (!els) return 0; ret = (struct grub_priority_queue *) grub_malloc (sizeof (*ret)); diff --git a/grub-core/lib/reed_solomon.c b/grub-core/lib/reed_solomon.c index ee9fa7b4f..467305b46 100644 --- a/grub-core/lib/reed_solomon.c +++ b/grub-core/lib/reed_solomon.c @@ -20,6 +20,7 @@ #include #include #include +#define xcalloc calloc #define xmalloc malloc #define grub_memset memset #define grub_memcpy memcpy @@ -158,11 +159,9 @@ rs_encode (gf_single_t *data, grub_size_t s, grub_size_t rs) gf_single_t *rs_polynomial; int i, j; gf_single_t *m; - m = xmalloc ((s + rs) * sizeof (gf_single_t)); + m = xcalloc (s + rs, sizeof (gf_single_t)); grub_memcpy (m, data, s * sizeof (gf_single_t)); - grub_memset (m + s, 0, rs * sizeof (gf_single_t)); - rs_polynomial = xmalloc ((rs + 1) * sizeof (gf_single_t)); - grub_memset (rs_polynomial, 0, (rs + 1) * sizeof (gf_single_t)); + rs_polynomial = xcalloc (rs + 1, sizeof (gf_single_t)); rs_polynomial[rs] = 1; /* Multiply with X - a^r */ for (j = 0; j < rs; j++) diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c index ea3ebc719..f2c1944c2 100644 --- a/grub-core/lib/relocator.c +++ b/grub-core/lib/relocator.c @@ -495,9 +495,9 @@ malloc_in_range (struct grub_relocator *rel, } #endif - eventt = grub_malloc (maxevents * sizeof (events[0])); + eventt = grub_calloc (maxevents, sizeof (events[0])); counter = grub_malloc ((DIGITSORT_MASK + 2) * sizeof (counter[0])); - events = grub_malloc (maxevents * sizeof (events[0])); + events = grub_calloc (maxevents, sizeof (events[0])); if (!events || !eventt || !counter) { grub_dprintf ("relocator", "events or counter allocation failed %d\n", @@ -963,7 +963,7 @@ malloc_in_range (struct grub_relocator *rel, #endif unsigned cural = 0; int oom = 0; - res->subchunks = grub_malloc (sizeof (res->subchunks[0]) * nallocs); + res->subchunks = grub_calloc (nallocs, sizeof (res->subchunks[0])); if (!res->subchunks) oom = 1; res->nsubchunks = nallocs; @@ -1386,8 +1386,8 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel, }; grub_addr_t min_addr2 = 0, max_addr2; - if (max_addr > ~size) - max_addr = ~size; + if (size && (max_addr > ~size)) + max_addr = ~size + 1; #ifdef GRUB_MACHINE_PCBIOS if (min_addr < 0x1000) @@ -1562,8 +1562,8 @@ grub_relocator_prepare_relocs (struct grub_relocator *rel, grub_addr_t addr, count[(chunk->src & 0xff) + 1]++; } } - from = grub_malloc (nchunks * sizeof (sorted[0])); - to = grub_malloc (nchunks * sizeof (sorted[0])); + from = grub_calloc (nchunks, sizeof (sorted[0])); + to = grub_calloc (nchunks, sizeof (sorted[0])); if (!from || !to) { grub_free (from); diff --git a/grub-core/lib/x86_64/efi/relocator.c b/grub-core/lib/x86_64/efi/relocator.c index 3caef7a40..7d200a125 100644 --- a/grub-core/lib/x86_64/efi/relocator.c +++ b/grub-core/lib/x86_64/efi/relocator.c @@ -50,10 +50,9 @@ grub_relocator64_efi_boot (struct grub_relocator *rel, * 64-bit relocator code may live above 4 GiB quite well. * However, I do not want ask for problems. Just in case. */ - err = grub_relocator_alloc_chunk_align (rel, &ch, 0, - 0x100000000 - RELOCATOR_SIZEOF (64_efi), - RELOCATOR_SIZEOF (64_efi), 16, - GRUB_RELOCATOR_PREFERENCE_NONE, 1); + err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0, 0x100000000, + RELOCATOR_SIZEOF (64_efi), 16, + GRUB_RELOCATOR_PREFERENCE_NONE, 1); if (err) return err; diff --git a/grub-core/lib/zstd/fse_decompress.c b/grub-core/lib/zstd/fse_decompress.c index 72bbead5b..2227b84bc 100644 --- a/grub-core/lib/zstd/fse_decompress.c +++ b/grub-core/lib/zstd/fse_decompress.c @@ -82,7 +82,7 @@ FSE_DTable* FSE_createDTable (unsigned tableLog) { if (tableLog > FSE_TABLELOG_ABSOLUTE_MAX) tableLog = FSE_TABLELOG_ABSOLUTE_MAX; - return (FSE_DTable*)malloc( FSE_DTABLE_SIZE_U32(tableLog) * sizeof (U32) ); + return (FSE_DTable*)calloc( FSE_DTABLE_SIZE_U32(tableLog), sizeof (U32) ); } void FSE_freeDTable (FSE_DTable* dt) diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c index 092e8e307..979d425df 100644 --- a/grub-core/loader/arm/linux.c +++ b/grub-core/loader/arm/linux.c @@ -82,7 +82,7 @@ linux_prepare_atag (void *target_atag) /* some place for cmdline, initrd and terminator. */ tmp_size = get_atag_size (atag_orig) + 20 + (arg_size) / 4; - tmp_atag = grub_malloc (tmp_size * sizeof (grub_uint32_t)); + tmp_atag = grub_calloc (tmp_size, sizeof (grub_uint32_t)); if (!tmp_atag) return grub_errno; diff --git a/grub-core/loader/arm64/linux.c b/grub-core/loader/arm64/linux.c index ef3e9f944..130e9c09b 100644 --- a/grub-core/loader/arm64/linux.c +++ b/grub-core/loader/arm64/linux.c @@ -27,12 +27,14 @@ #include #include #include +#include #include #include #include #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -41,6 +43,8 @@ static int loaded; static void *kernel_addr; static grub_uint64_t kernel_size; +static grub_uint32_t handover_offset; + static char *linux_args; static grub_uint32_t cmdline_size; @@ -48,6 +52,13 @@ static grub_uint32_t cmdline_size; static grub_addr_t initrd_start; static grub_addr_t initrd_end; +struct grub_arm64_linux_pe_header +{ + grub_uint32_t magic; + struct grub_pe32_coff_header coff; + struct grub_pe64_optional_header opt; +}; + grub_err_t grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh) { @@ -67,7 +78,8 @@ grub_arch_efi_linux_check_image (struct linux_arch_kernel_header * lh) static grub_err_t finalize_params_linux (void) { - int node, retval; + grub_efi_loaded_image_t *loaded_image = NULL; + int node, retval, len; void *fdt; @@ -102,6 +114,27 @@ finalize_params_linux (void) if (grub_fdt_install() != GRUB_ERR_NONE) goto failure; + + grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n", + fdt); + + /* Convert command line to UCS-2 */ + loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); + if (!loaded_image) + goto failure; + + loaded_image->load_options_size = len = + (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t); + loaded_image->load_options = + grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); + if (!loaded_image->load_options) + return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters"); + + loaded_image->load_options_size = + 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, + (grub_uint8_t *) linux_args, len, NULL); + + return GRUB_ERR_NONE; failure: @@ -109,70 +142,48 @@ finalize_params_linux (void) return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT"); } +static void +free_params (void) +{ + grub_efi_loaded_image_t *loaded_image = NULL; + loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); + if (loaded_image) + { + if (loaded_image->load_options) + grub_efi_free_pages ((grub_efi_physical_address_t)(grub_efi_uintn_t) + loaded_image->load_options, + GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); + loaded_image->load_options = NULL; + loaded_image->load_options_size = 0; + } +} + grub_err_t grub_arch_efi_linux_boot_image (grub_addr_t addr, grub_size_t size, char *args) { - grub_efi_memory_mapped_device_path_t *mempath; - grub_efi_handle_t image_handle; - grub_efi_boot_services_t *b; - grub_efi_status_t status; - grub_efi_loaded_image_t *loaded_image; - int len; - - mempath = grub_malloc (2 * sizeof (grub_efi_memory_mapped_device_path_t)); - if (!mempath) - return grub_errno; - - mempath[0].header.type = GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE; - mempath[0].header.subtype = GRUB_EFI_MEMORY_MAPPED_DEVICE_PATH_SUBTYPE; - mempath[0].header.length = grub_cpu_to_le16_compile_time (sizeof (*mempath)); - mempath[0].memory_type = GRUB_EFI_LOADER_DATA; - mempath[0].start_address = addr; - mempath[0].end_address = addr + size; + grub_err_t retval; - mempath[1].header.type = GRUB_EFI_END_DEVICE_PATH_TYPE; - mempath[1].header.subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; - mempath[1].header.length = sizeof (grub_efi_device_path_t); - - b = grub_efi_system_table->boot_services; - status = b->load_image (0, grub_efi_image_handle, - (grub_efi_device_path_t *) mempath, - (void *) addr, size, &image_handle); - if (status != GRUB_EFI_SUCCESS) - return grub_error (GRUB_ERR_BAD_OS, "cannot load image"); + retval = finalize_params_linux (); + if (retval != GRUB_ERR_NONE) + return grub_errno; grub_dprintf ("linux", "linux command line: '%s'\n", args); - /* Convert command line to UCS-2 */ - loaded_image = grub_efi_get_loaded_image (image_handle); - loaded_image->load_options_size = len = - (grub_strlen (args) + 1) * sizeof (grub_efi_char16_t); - loaded_image->load_options = - grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); - if (!loaded_image->load_options) - return grub_errno; + (void) addr; + (void) size; - loaded_image->load_options_size = - 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, - (grub_uint8_t *) args, len, NULL); - - grub_dprintf ("linux", "starting image %p\n", image_handle); - status = b->start_image (image_handle, 0, NULL); - /* When successful, not reached */ - b->unload_image (image_handle); - grub_efi_free_pages ((grub_addr_t) loaded_image->load_options, - GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); + retval = grub_efi_linux_boot ((char *)kernel_addr, handover_offset, + kernel_addr); - return grub_errno; + /* Never reached... */ + free_params(); + return retval; } static grub_err_t grub_linux_boot (void) { - if (finalize_params_linux () != GRUB_ERR_NONE) - return grub_errno; - return (grub_arch_efi_linux_boot_image((grub_addr_t)kernel_addr, kernel_size, linux_args)); } @@ -288,7 +299,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), { grub_file_t file = 0; struct linux_arch_kernel_header lh; + struct grub_arm64_linux_pe_header *pe; grub_err_t err; + int rc; grub_dl_ref (my_mod); @@ -333,6 +346,20 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); + if (grub_efi_secure_boot ()) + { + rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); + if (rc <= 0) + { + grub_error (GRUB_ERR_INVALID_COMMAND, + N_("%s has invalid signature"), argv[0]); + goto fail; + } + } + + pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); + handover_offset = pe->opt.entry_addr; + cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE); linux_args = grub_malloc (cmdline_size); if (!linux_args) diff --git a/grub-core/loader/efi/appleloader.c b/grub-core/loader/efi/appleloader.c index 74888c463..69c2a10d3 100644 --- a/grub-core/loader/efi/appleloader.c +++ b/grub-core/loader/efi/appleloader.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include @@ -227,6 +228,9 @@ static grub_command_t cmd; GRUB_MOD_INIT(appleloader) { + if (grub_efi_secure_boot()) + return; + cmd = grub_register_command ("appleloader", grub_cmd_appleloader, N_("[OPTS]"), /* TRANSLATORS: This command is used on EFI to @@ -238,5 +242,8 @@ GRUB_MOD_INIT(appleloader) GRUB_MOD_FINI(appleloader) { + if (grub_efi_secure_boot()) + return; + grub_unregister_command (cmd); } diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c index cd92ea3f2..144a6549d 100644 --- a/grub-core/loader/efi/chainloader.c +++ b/grub-core/loader/efi/chainloader.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -32,6 +33,9 @@ #include #include #include +#include +#include +#include #include #include #include @@ -46,9 +50,14 @@ static grub_dl_t my_mod; static grub_efi_physical_address_t address; static grub_efi_uintn_t pages; +static grub_ssize_t fsize; static grub_efi_device_path_t *file_path; static grub_efi_handle_t image_handle; static grub_efi_char16_t *cmdline; +static grub_ssize_t cmdline_len; +static grub_efi_handle_t dev_handle; + +static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); static grub_err_t grub_chainloader_unload (void) @@ -63,6 +72,7 @@ grub_chainloader_unload (void) grub_free (cmdline); cmdline = 0; file_path = 0; + dev_handle = 0; grub_dl_unref (my_mod); return GRUB_ERR_NONE; @@ -106,7 +116,7 @@ grub_chainloader_boot (void) return grub_errno; } -static void +static grub_err_t copy_file_path (grub_efi_file_path_device_path_t *fp, const char *str, grub_efi_uint16_t len) { @@ -116,9 +126,9 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; - path_name = grub_malloc (len * GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); + path_name = grub_calloc (len, GRUB_MAX_UTF16_PER_UTF8 * sizeof (*path_name)); if (!path_name) - return; + return grub_error (GRUB_ERR_OUT_OF_MEMORY, "failed to allocate path buffer"); size = grub_utf8_to_utf16 (path_name, len * GRUB_MAX_UTF16_PER_UTF8, (const grub_uint8_t *) str, len, 0); @@ -131,6 +141,7 @@ copy_file_path (grub_efi_file_path_device_path_t *fp, fp->path_name[size++] = '\0'; fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp); grub_free (path_name); + return GRUB_ERR_NONE; } static grub_efi_device_path_t * @@ -156,9 +167,18 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) size = 0; d = dp; - while (1) + while (d) { - size += GRUB_EFI_DEVICE_PATH_LENGTH (d); + grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (d); + + if (len < 4) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, + "malformed EFI Device Path node has length=%d", len); + return NULL; + } + + size += len; if ((GRUB_EFI_END_ENTIRE_DEVICE_PATH (d))) break; d = GRUB_EFI_NEXT_DEVICE_PATH (d); @@ -179,14 +199,19 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) /* Fill the file path for the directory. */ d = (grub_efi_device_path_t *) ((char *) file_path + ((char *) d - (char *) dp)); - grub_efi_print_device_path (d); - copy_file_path ((grub_efi_file_path_device_path_t *) d, - dir_start, dir_end - dir_start); + if (copy_file_path ((grub_efi_file_path_device_path_t *) d, + dir_start, dir_end - dir_start) != GRUB_ERR_NONE) + { + fail: + grub_free (file_path); + return 0; + } /* Fill the file path for the file. */ d = GRUB_EFI_NEXT_DEVICE_PATH (d); - copy_file_path ((grub_efi_file_path_device_path_t *) d, - dir_end + 1, grub_strlen (dir_end + 1)); + if (copy_file_path ((grub_efi_file_path_device_path_t *) d, + dir_end + 1, grub_strlen (dir_end + 1)) != GRUB_ERR_NONE) + goto fail; /* Fill the end of device path nodes. */ d = GRUB_EFI_NEXT_DEVICE_PATH (d); @@ -197,20 +222,695 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename) return file_path; } +#define SHIM_LOCK_GUID \ + { 0x605dab50, 0xe046, 0x4300, { 0xab,0xb6,0x3d,0xd8,0x10,0xdd,0x8b,0x23 } } + +typedef union +{ + struct grub_pe32_header_32 pe32; + struct grub_pe32_header_64 pe32plus; +} grub_pe_header_t; + +struct pe_coff_loader_image_context +{ + grub_efi_uint64_t image_address; + grub_efi_uint64_t image_size; + grub_efi_uint64_t entry_point; + grub_efi_uintn_t size_of_headers; + grub_efi_uint16_t image_type; + grub_efi_uint16_t number_of_sections; + grub_efi_uint32_t section_alignment; + struct grub_pe32_section_table *first_section; + struct grub_pe32_data_directory *reloc_dir; + struct grub_pe32_data_directory *sec_dir; + grub_efi_uint64_t number_of_rva_and_sizes; + grub_pe_header_t *pe_hdr; +}; + +typedef struct pe_coff_loader_image_context pe_coff_loader_image_context_t; + +struct grub_efi_shim_lock +{ + grub_efi_status_t (*verify)(void *buffer, + grub_efi_uint32_t size); + grub_efi_status_t (*hash)(void *data, + grub_efi_int32_t datasize, + pe_coff_loader_image_context_t *context, + grub_efi_uint8_t *sha256hash, + grub_efi_uint8_t *sha1hash); + grub_efi_status_t (*context)(void *data, + grub_efi_uint32_t size, + pe_coff_loader_image_context_t *context); +}; + +typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; + +static grub_efi_boolean_t +read_header (void *data, grub_efi_uint32_t size, + pe_coff_loader_image_context_t *context) +{ + grub_efi_guid_t guid = SHIM_LOCK_GUID; + grub_efi_shim_lock_t *shim_lock; + grub_efi_status_t status; + + shim_lock = grub_efi_locate_protocol (&guid, NULL); + if (!shim_lock) + { + grub_dprintf ("chain", "no shim lock protocol"); + return 0; + } + + status = shim_lock->context (data, size, context); + + if (status == GRUB_EFI_SUCCESS) + { + grub_dprintf ("chain", "context success\n"); + return 1; + } + + switch (status) + { + case GRUB_EFI_UNSUPPORTED: + grub_error (GRUB_ERR_BAD_ARGUMENT, "context error unsupported"); + break; + case GRUB_EFI_INVALID_PARAMETER: + grub_error (GRUB_ERR_BAD_ARGUMENT, "context error invalid parameter"); + break; + default: + grub_error (GRUB_ERR_BAD_ARGUMENT, "context error code"); + break; + } + + return -1; +} + +static void* +image_address (void *image, grub_efi_uint64_t sz, grub_efi_uint64_t adr) +{ + if (adr > sz) + return NULL; + + return ((grub_uint8_t*)image + adr); +} + +static int +image_is_64_bit (grub_pe_header_t *pe_hdr) +{ + /* .Magic is the same offset in all cases */ + if (pe_hdr->pe32plus.optional_header.magic == GRUB_PE32_PE64_MAGIC) + return 1; + return 0; +} + +static const grub_uint16_t machine_type __attribute__((__unused__)) = +#if defined(__x86_64__) + GRUB_PE32_MACHINE_X86_64; +#elif defined(__aarch64__) + GRUB_PE32_MACHINE_ARM64; +#elif defined(__arm__) + GRUB_PE32_MACHINE_ARMTHUMB_MIXED; +#elif defined(__i386__) || defined(__i486__) || defined(__i686__) + GRUB_PE32_MACHINE_I386; +#elif defined(__ia64__) + GRUB_PE32_MACHINE_IA64; +#else +#error this architecture is not supported by grub2 +#endif + +static grub_efi_status_t +relocate_coff (pe_coff_loader_image_context_t *context, + struct grub_pe32_section_table *section, + void *orig, void *data) +{ + struct grub_pe32_data_directory *reloc_base, *reloc_base_end; + grub_efi_uint64_t adjust; + struct grub_pe32_fixup_block *reloc, *reloc_end; + char *fixup, *fixup_base, *fixup_data = NULL; + grub_efi_uint16_t *fixup_16; + grub_efi_uint32_t *fixup_32; +#if defined(__x86_64__) || defined(__aarch64__) + grub_efi_uint64_t *fixup_64; +#endif /* defined(__x86_64__) || defined(__aarch64__) */ + grub_efi_uint64_t size = context->image_size; + void *image_end = (char *)orig + size; + int n = 0; + + if (image_is_64_bit (context->pe_hdr)) + context->pe_hdr->pe32plus.optional_header.image_base = + (grub_uint64_t)(unsigned long)data; + else + context->pe_hdr->pe32.optional_header.image_base = + (grub_uint32_t)(unsigned long)data; + + /* Alright, so here's how this works: + * + * context->reloc_dir gives us two things: + * - the VA the table of base relocation blocks are (maybe) to be + * mapped at (reloc_dir->rva) + * - the virtual size (reloc_dir->size) + * + * The .reloc section (section here) gives us some other things: + * - the name! kind of. (section->name) + * - the virtual size (section->virtual_size), which should be the same + * as RelocDir->Size + * - the virtual address (section->virtual_address) + * - the file section size (section->raw_data_size), which is + * a multiple of optional_header->file_alignment. Only useful for image + * validation, not really useful for iteration bounds. + * - the file address (section->raw_data_offset) + * - a bunch of stuff we don't use that's 0 in our binaries usually + * - Flags (section->characteristics) + * + * and then the thing that's actually at the file address is an array + * of struct grub_pe32_fixup_block structs with some values packed behind + * them. The block_size field of this structure includes the + * structure itself, and adding it to that structure's address will + * yield the next entry in the array. + */ + + reloc_base = image_address (orig, size, section->raw_data_offset); + reloc_base_end = image_address (orig, size, section->raw_data_offset + + section->virtual_size); + + grub_dprintf ("chain", "relocate_coff(): reloc_base %p reloc_base_end %p\n", + reloc_base, reloc_base_end); + + if (!reloc_base && !reloc_base_end) + return GRUB_EFI_SUCCESS; + + if (!reloc_base || !reloc_base_end) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc table overflows binary"); + return GRUB_EFI_UNSUPPORTED; + } + + adjust = (grub_uint64_t)(grub_addr_t)data - context->image_address; + if (adjust == 0) + return GRUB_EFI_SUCCESS; + + while (reloc_base < reloc_base_end) + { + grub_uint16_t *entry; + reloc = (struct grub_pe32_fixup_block *)reloc_base; + + if ((reloc_base->size == 0) || + (reloc_base->size > context->reloc_dir->size)) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, + "Reloc %d block size %d is invalid\n", n, + reloc_base->size); + return GRUB_EFI_UNSUPPORTED; + } + + entry = &reloc->entries[0]; + reloc_end = (struct grub_pe32_fixup_block *) + ((char *)reloc_base + reloc_base->size); + + if ((void *)reloc_end < orig || (void *)reloc_end > image_end) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc entry %d overflows binary", + n); + return GRUB_EFI_UNSUPPORTED; + } + + fixup_base = image_address(data, size, reloc_base->rva); + + if (!fixup_base) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc %d Invalid fixupbase", n); + return GRUB_EFI_UNSUPPORTED; + } + + while ((void *)entry < (void *)reloc_end) + { + fixup = fixup_base + (*entry & 0xFFF); + switch ((*entry) >> 12) + { + case GRUB_PE32_REL_BASED_ABSOLUTE: + break; + case GRUB_PE32_REL_BASED_HIGH: + fixup_16 = (grub_uint16_t *)fixup; + *fixup_16 = (grub_uint16_t) + (*fixup_16 + ((grub_uint16_t)((grub_uint32_t)adjust >> 16))); + if (fixup_data != NULL) + { + *(grub_uint16_t *) fixup_data = *fixup_16; + fixup_data = fixup_data + sizeof (grub_uint16_t); + } + break; + case GRUB_PE32_REL_BASED_LOW: + fixup_16 = (grub_uint16_t *)fixup; + *fixup_16 = (grub_uint16_t) (*fixup_16 + (grub_uint16_t)adjust); + if (fixup_data != NULL) + { + *(grub_uint16_t *) fixup_data = *fixup_16; + fixup_data = fixup_data + sizeof (grub_uint16_t); + } + break; + case GRUB_PE32_REL_BASED_HIGHLOW: + fixup_32 = (grub_uint32_t *)fixup; + *fixup_32 = *fixup_32 + (grub_uint32_t)adjust; + if (fixup_data != NULL) + { + fixup_data = (char *)ALIGN_UP ((grub_addr_t)fixup_data, sizeof (grub_uint32_t)); + *(grub_uint32_t *) fixup_data = *fixup_32; + fixup_data += sizeof (grub_uint32_t); + } + break; +#if defined(__x86_64__) || defined(__aarch64__) + case GRUB_PE32_REL_BASED_DIR64: + fixup_64 = (grub_uint64_t *)fixup; + *fixup_64 = *fixup_64 + (grub_uint64_t)adjust; + if (fixup_data != NULL) + { + fixup_data = (char *)ALIGN_UP ((grub_addr_t)fixup_data, sizeof (grub_uint64_t)); + *(grub_uint64_t *) fixup_data = *fixup_64; + fixup_data += sizeof (grub_uint64_t); + } + break; +#endif /* defined(__x86_64__) || defined(__aarch64__) */ + default: + grub_error (GRUB_ERR_BAD_ARGUMENT, + "Reloc %d unknown relocation type %d", + n, (*entry) >> 12); + return GRUB_EFI_UNSUPPORTED; + } + entry += 1; + } + reloc_base = (struct grub_pe32_data_directory *)reloc_end; + n++; + } + + return GRUB_EFI_SUCCESS; +} + +static grub_efi_device_path_t * +grub_efi_get_media_file_path (grub_efi_device_path_t *dp) +{ + while (1) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); + + if (type == GRUB_EFI_END_DEVICE_PATH_TYPE) + break; + else if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE + && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) + return dp; + + dp = GRUB_EFI_NEXT_DEVICE_PATH (dp); + } + + return NULL; +} + +static grub_efi_boolean_t +handle_image (void *data, grub_efi_uint32_t datasize) +{ + grub_efi_boot_services_t *b; + grub_efi_loaded_image_t *li, li_bak; + int efi_status; + char *buffer = NULL; + char *buffer_aligned = NULL; + grub_efi_uint32_t i; + struct grub_pe32_section_table *section; + char *base, *end; + pe_coff_loader_image_context_t context; + grub_uint32_t section_alignment; + grub_uint32_t buffer_size; + int found_entry_point = 0; + int rc; + + b = grub_efi_system_table->boot_services; + + rc = read_header (data, datasize, &context); + if (rc < 0) + { + grub_dprintf ("chain", "Failed to read header\n"); + goto error_exit; + } + else if (rc == 0) + { + grub_dprintf ("chain", "Secure Boot is not enabled\n"); + return 0; + } + else + { + grub_dprintf ("chain", "Header read without error\n"); + } + + /* + * The spec says, uselessly, of SectionAlignment: + * ===== + * The alignment (in bytes) of sections when they are loaded into + * memory. It must be greater than or equal to FileAlignment. The + * default is the page size for the architecture. + * ===== + * Which doesn't tell you whose responsibility it is to enforce the + * "default", or when. It implies that the value in the field must + * be > FileAlignment (also poorly defined), but it appears visual + * studio will happily write 512 for FileAlignment (its default) and + * 0 for SectionAlignment, intending to imply PAGE_SIZE. + * + * We only support one page size, so if it's zero, nerf it to 4096. + */ + section_alignment = context.section_alignment; + if (section_alignment == 0) + section_alignment = 4096; + + buffer_size = context.image_size + section_alignment; + grub_dprintf ("chain", "image size is %08" PRIuGRUB_UINT64_T ", datasize is %08x\n", + context.image_size, datasize); + + efi_status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA, + buffer_size, (void**)&buffer); + + if (efi_status != GRUB_EFI_SUCCESS) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); + goto error_exit; + } + + buffer_aligned = (char *)ALIGN_UP ((grub_addr_t)buffer, section_alignment); + if (!buffer_aligned) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); + goto error_exit; + } + + grub_memcpy (buffer_aligned, data, context.size_of_headers); + + entry_point = image_address (buffer_aligned, context.image_size, + context.entry_point); + + grub_dprintf ("chain", "entry_point: %p\n", entry_point); + if (!entry_point) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid entry point"); + goto error_exit; + } + + char *reloc_base, *reloc_base_end; + grub_dprintf ("chain", "reloc_dir: %p reloc_size: 0x%08x\n", + (void *) ((grub_addr_t)context.reloc_dir->rva), + context.reloc_dir->size); + reloc_base = image_address (buffer_aligned, context.image_size, + context.reloc_dir->rva); + /* RelocBaseEnd here is the address of the last byte of the table */ + reloc_base_end = image_address (buffer_aligned, context.image_size, + context.reloc_dir->rva + + context.reloc_dir->size - 1); + grub_dprintf ("chain", "reloc_base: %p reloc_base_end: %p\n", + reloc_base, reloc_base_end); + + struct grub_pe32_section_table *reloc_section = NULL, fake_reloc_section; + + section = context.first_section; + for (i = 0; i < context.number_of_sections; i++, section++) + { + char name[9]; + + base = image_address (buffer_aligned, context.image_size, + section->virtual_address); + end = image_address (buffer_aligned, context.image_size, + section->virtual_address + section->virtual_size -1); + + grub_strncpy(name, section->name, 9); + name[8] = '\0'; + grub_dprintf ("chain", "Section %d \"%s\" at %p..%p\n", i, + name, base, end); + + if (end < base) + { + grub_dprintf ("chain", " base is %p but end is %p... bad.\n", + base, end); + grub_error (GRUB_ERR_BAD_ARGUMENT, + "Image has invalid negative size"); + goto error_exit; + } + + if (section->virtual_address <= context.entry_point && + (section->virtual_address + section->raw_data_size - 1) + > context.entry_point) + { + found_entry_point++; + grub_dprintf ("chain", " section contains entry point\n"); + } + + /* We do want to process .reloc, but it's often marked + * discardable, so we don't want to memcpy it. */ + if (grub_memcmp (section->name, ".reloc\0\0", 8) == 0) + { + if (reloc_section) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, + "Image has multiple relocation sections"); + goto error_exit; + } + + /* If it has nonzero sizes, and our bounds check + * made sense, and the VA and size match RelocDir's + * versions, then we believe in this section table. */ + if (section->raw_data_size && section->virtual_size && + base && end && reloc_base == base) + { + if (reloc_base_end == end) + { + grub_dprintf ("chain", " section is relocation section\n"); + reloc_section = section; + } + else if (reloc_base_end && reloc_base_end < end) + { + /* Bogus virtual size in the reloc section -- RelocDir + * reported a smaller Base Relocation Directory. Decrease + * the section's virtual size so that it equal RelocDir's + * idea, but only for the purposes of relocate_coff(). */ + grub_dprintf ("chain", + " section is (overlong) relocation section\n"); + grub_memcpy (&fake_reloc_section, section, sizeof *section); + fake_reloc_section.virtual_size -= (end - reloc_base_end); + reloc_section = &fake_reloc_section; + } + } + + if (!reloc_section) + { + grub_dprintf ("chain", " section is not reloc section?\n"); + grub_dprintf ("chain", " rds: 0x%08x, vs: %08x\n", + section->raw_data_size, section->virtual_size); + grub_dprintf ("chain", " base: %p end: %p\n", base, end); + grub_dprintf ("chain", " reloc_base: %p reloc_base_end: %p\n", + reloc_base, reloc_base_end); + } + } + + grub_dprintf ("chain", " Section characteristics are %08x\n", + section->characteristics); + grub_dprintf ("chain", " Section virtual size: %08x\n", + section->virtual_size); + grub_dprintf ("chain", " Section raw_data size: %08x\n", + section->raw_data_size); + if (section->characteristics & GRUB_PE32_SCN_MEM_DISCARDABLE) + { + grub_dprintf ("chain", " Discarding section\n"); + continue; + } + + if (!base || !end) + { + grub_dprintf ("chain", " section is invalid\n"); + grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid section size"); + goto error_exit; + } + + if (section->characteristics & GRUB_PE32_SCN_CNT_UNINITIALIZED_DATA) + { + if (section->raw_data_size != 0) + grub_dprintf ("chain", " UNINITIALIZED_DATA section has data?\n"); + } + else if (section->virtual_address < context.size_of_headers || + section->raw_data_offset < context.size_of_headers) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, + "Section %d is inside image headers", i); + goto error_exit; + } + + if (section->raw_data_size > 0) + { + grub_dprintf ("chain", " copying 0x%08x bytes to %p\n", + section->raw_data_size, base); + grub_memcpy (base, + (grub_efi_uint8_t*)data + section->raw_data_offset, + section->raw_data_size); + } + + if (section->raw_data_size < section->virtual_size) + { + grub_dprintf ("chain", " padding with 0x%08x bytes at %p\n", + section->virtual_size - section->raw_data_size, + base + section->raw_data_size); + grub_memset (base + section->raw_data_size, 0, + section->virtual_size - section->raw_data_size); + } + + grub_dprintf ("chain", " finished section %s\n", name); + } + + /* 5 == EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC */ + if (context.number_of_rva_and_sizes <= 5) + { + grub_dprintf ("chain", "image has no relocation entry\n"); + goto error_exit; + } + + if (context.reloc_dir->size && reloc_section) + { + /* run the relocation fixups */ + efi_status = relocate_coff (&context, reloc_section, data, + buffer_aligned); + + if (efi_status != GRUB_EFI_SUCCESS) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, "relocation failed"); + goto error_exit; + } + } + + if (!found_entry_point) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, "entry point is not within sections"); + goto error_exit; + } + if (found_entry_point > 1) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, "%d sections contain entry point", + found_entry_point); + goto error_exit; + } + + li = grub_efi_get_loaded_image (grub_efi_image_handle); + if (!li) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, "no loaded image available"); + goto error_exit; + } + + grub_memcpy (&li_bak, li, sizeof (grub_efi_loaded_image_t)); + li->image_base = buffer_aligned; + li->image_size = context.image_size; + li->load_options = cmdline; + li->load_options_size = cmdline_len; + li->file_path = grub_efi_get_media_file_path (file_path); + li->device_handle = dev_handle; + if (!li->file_path) + { + grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found"); + goto error_exit; + } + + grub_dprintf ("chain", "booting via entry point\n"); + efi_status = efi_call_2 (entry_point, grub_efi_image_handle, + grub_efi_system_table); + + grub_dprintf ("chain", "entry_point returned %d\n", efi_status); + grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t)); + efi_status = efi_call_1 (b->free_pool, buffer); + + return 1; + +error_exit: + grub_dprintf ("chain", "error_exit: grub_errno: %d\n", grub_errno); + if (buffer) + efi_call_1 (b->free_pool, buffer); + + return 0; +} + +static grub_err_t +grub_secureboot_chainloader_unload (void) +{ + grub_efi_boot_services_t *b; + + b = grub_efi_system_table->boot_services; + efi_call_2 (b->free_pages, address, pages); + grub_free (file_path); + grub_free (cmdline); + cmdline = 0; + file_path = 0; + dev_handle = 0; + + grub_dl_unref (my_mod); + return GRUB_ERR_NONE; +} + +static grub_err_t +grub_load_and_start_image(void *boot_image) +{ + grub_efi_boot_services_t *b; + grub_efi_status_t status; + grub_efi_loaded_image_t *loaded_image; + + b = grub_efi_system_table->boot_services; + + status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, + boot_image, fsize, &image_handle); + if (status != GRUB_EFI_SUCCESS) + { + if (status == GRUB_EFI_OUT_OF_RESOURCES) + grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources"); + else + grub_error (GRUB_ERR_BAD_OS, "cannot load image"); + return -1; + } + + /* LoadImage does not set a device handler when the image is + loaded from memory, so it is necessary to set it explicitly here. + This is a mess. */ + loaded_image = grub_efi_get_loaded_image (image_handle); + if (! loaded_image) + { + grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); + return -1; + } + loaded_image->device_handle = dev_handle; + + if (cmdline) + { + loaded_image->load_options = cmdline; + loaded_image->load_options_size = cmdline_len; + } + + return 0; +} + +static grub_err_t +grub_secureboot_chainloader_boot (void) +{ + int rc; + rc = handle_image ((void *)((grub_addr_t) address), fsize); + if (rc == 0) + { + grub_load_and_start_image((void *)((grub_addr_t) address)); + } + + grub_loader_unset (); + return grub_errno; +} + static grub_err_t grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), int argc, char *argv[]) { grub_file_t file = 0; - grub_ssize_t size; grub_efi_status_t status; grub_efi_boot_services_t *b; grub_device_t dev = 0; + grub_device_t orig_dev = 0; grub_efi_device_path_t *dp = 0; - grub_efi_loaded_image_t *loaded_image; char *filename; void *boot_image = 0; - grub_efi_handle_t dev_handle = 0; + int rc; if (argc == 0) return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); @@ -222,18 +922,57 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), address = 0; image_handle = 0; file_path = 0; + dev_handle = 0; b = grub_efi_system_table->boot_services; + if (argc > 1) + { + int i; + grub_efi_char16_t *p16; + + for (i = 1, cmdline_len = 0; i < argc; i++) + cmdline_len += grub_strlen (argv[i]) + 1; + + cmdline_len *= sizeof (grub_efi_char16_t); + cmdline = p16 = grub_malloc (cmdline_len); + if (! cmdline) + goto fail; + + for (i = 1; i < argc; i++) + { + char *p8; + + p8 = argv[i]; + while (*p8) + *(p16++) = *(p8++); + + *(p16++) = ' '; + } + *(--p16) = 0; + } + file = grub_file_open (filename, GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE); if (! file) goto fail; - /* Get the root device's device path. */ - dev = grub_device_open (0); + /* Get the device path from filename. */ + char *devname = grub_file_get_device_name (filename); + dev = grub_device_open (devname); + if (devname) + grub_free (devname); if (! dev) goto fail; + /* if device is loopback, use underlying dev */ + if (dev->disk->dev->id == GRUB_DISK_DEVICE_LOOPBACK_ID) + { + struct grub_loopback *d; + orig_dev = dev; + d = dev->disk->data; + dev = d->file->device; + } + if (dev->disk) dev_handle = grub_efidisk_get_device_handle (dev->disk); else if (dev->net && dev->net->server) @@ -267,17 +1006,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), if (! file_path) goto fail; - grub_printf ("file path: "); - grub_efi_print_device_path (file_path); - - size = grub_file_size (file); - if (!size) + fsize = grub_file_size (file); + if (!fsize) { grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), filename); goto fail; } - pages = (((grub_efi_uintn_t) size + ((1 << 12) - 1)) >> 12); + pages = (((grub_efi_uintn_t) fsize + ((1 << 12) - 1)) >> 12); status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_ANY_PAGES, GRUB_EFI_LOADER_CODE, @@ -291,7 +1027,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), } boot_image = (void *) ((grub_addr_t) address); - if (grub_file_read (file, boot_image, size) != size) + if (grub_file_read (file, boot_image, fsize) != fsize) { if (grub_errno == GRUB_ERR_NONE) grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), @@ -301,7 +1037,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), } #if defined (__i386__) || defined (__x86_64__) - if (size >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) + if (fsize >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) { struct grub_macho_fat_header *head = boot_image; if (head->magic @@ -310,6 +1046,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), grub_uint32_t i; struct grub_macho_fat_arch *archs = (struct grub_macho_fat_arch *) (head + 1); + + if (grub_efi_secure_boot()) + { + grub_error (GRUB_ERR_BAD_OS, + "MACHO binaries are forbidden with Secure Boot"); + goto fail; + } + for (i = 0; i < grub_cpu_to_le32 (head->nfat_arch); i++) { if (GRUB_MACHO_CPUTYPE_IS_HOST_CURRENT (archs[i].cputype)) @@ -324,79 +1068,50 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), > ~grub_cpu_to_le32 (archs[i].size) || grub_cpu_to_le32 (archs[i].offset) + grub_cpu_to_le32 (archs[i].size) - > (grub_size_t) size) + > (grub_size_t) fsize) { grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), filename); goto fail; } boot_image = (char *) boot_image + grub_cpu_to_le32 (archs[i].offset); - size = grub_cpu_to_le32 (archs[i].size); + fsize = grub_cpu_to_le32 (archs[i].size); } } #endif - status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, - boot_image, size, - &image_handle); - if (status != GRUB_EFI_SUCCESS) + rc = grub_linuxefi_secure_validate((void *)((grub_addr_t) address), fsize); + grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc); + if (rc > 0) { - if (status == GRUB_EFI_OUT_OF_RESOURCES) - grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources"); - else - grub_error (GRUB_ERR_BAD_OS, "cannot load image"); - - goto fail; + grub_file_close (file); + if (orig_dev) + dev = orig_dev; + grub_device_close (dev); + grub_loader_set (grub_secureboot_chainloader_boot, + grub_secureboot_chainloader_unload, 0); + return 0; } - - /* LoadImage does not set a device handler when the image is - loaded from memory, so it is necessary to set it explicitly here. - This is a mess. */ - loaded_image = grub_efi_get_loaded_image (image_handle); - if (! loaded_image) + else if (rc == 0) { - grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); - goto fail; + grub_load_and_start_image(boot_image); + grub_file_close (file); + if (orig_dev) + dev = orig_dev; + grub_device_close (dev); + grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); + + return 0; } - loaded_image->device_handle = dev_handle; + // -1 fall-through to fail - if (argc > 1) +fail: + if (orig_dev) { - int i, len; - grub_efi_char16_t *p16; - - for (i = 1, len = 0; i < argc; i++) - len += grub_strlen (argv[i]) + 1; - - len *= sizeof (grub_efi_char16_t); - cmdline = p16 = grub_malloc (len); - if (! cmdline) - goto fail; - - for (i = 1; i < argc; i++) - { - char *p8; - - p8 = argv[i]; - while (*p8) - *(p16++) = *(p8++); - - *(p16++) = ' '; - } - *(--p16) = 0; - - loaded_image->load_options = cmdline; - loaded_image->load_options_size = len; + dev = orig_dev; + orig_dev = 0; } - grub_file_close (file); - grub_device_close (dev); - - grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); - return 0; - - fail: - if (dev) grub_device_close (dev); @@ -408,6 +1123,9 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), if (address) efi_call_2 (b->free_pages, address, pages); + if (cmdline) + grub_free (cmdline); + grub_dl_unref (my_mod); return grub_errno; diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c index f0c2d91be..5360e6c1f 100644 --- a/grub-core/loader/efi/fdt.c +++ b/grub-core/loader/efi/fdt.c @@ -25,6 +25,7 @@ #include #include #include +#include static void *loaded_fdt; static void *fdt; diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c new file mode 100644 index 000000000..a09479cd6 --- /dev/null +++ b/grub-core/loader/efi/linux.c @@ -0,0 +1,102 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2014 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#define SHIM_LOCK_GUID \ + { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } + +struct grub_efi_shim_lock +{ + grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size); +}; +typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; + +// Returns 1 on success, -1 on error, 0 when not available +int +grub_linuxefi_secure_validate (void *data, grub_uint32_t size) +{ + grub_efi_guid_t guid = SHIM_LOCK_GUID; + grub_efi_shim_lock_t *shim_lock; + int status; + + grub_dprintf ("linuxefi", "Locating shim protocol\n"); + shim_lock = grub_efi_locate_protocol(&guid, NULL); + grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock); + if (!shim_lock) + { + grub_dprintf ("secureboot", "shim not available\n"); + return 0; + } + + grub_dprintf ("secureboot", "Asking shim to verify kernel signature\n"); + status = shim_lock->verify (data, size); + grub_dprintf ("secureboot", "shim_lock->verify(): %d\n", status); + if (status == GRUB_EFI_SUCCESS) + { + grub_dprintf ("secureboot", "Kernel signature verification passed\n"); + return 1; + } + + grub_dprintf ("secureboot", "Kernel signature verification failed (0x%lx)\n", + (unsigned long) status); + + return -1; +} + +typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); + +grub_err_t +grub_efi_linux_boot (void *kernel_addr, grub_off_t handover_offset, + void *kernel_params) +{ + grub_efi_loaded_image_t *loaded_image = NULL; + handover_func hf; + int offset = 0; + +#ifdef __x86_64__ + /* Offset to startup64 */ + offset = 512; +#endif + + /* + * Since the EFI loader is not calling the LoadImage() and StartImage() + * services for loading the kernel and booting respectively, it has to + * set the Loaded Image base address. + */ + loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); + if (loaded_image) + loaded_image->image_base = kernel_addr; + else + grub_dprintf ("linux", "Loaded Image base address could not be set\n"); + + grub_dprintf ("linux", "kernel_addr: %p handover_offset: %p params: %p\n", + kernel_addr, (void *)(grub_efi_uintn_t)handover_offset, kernel_params); + + hf = (handover_func)((char *)kernel_addr + handover_offset + offset); + hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); + + return GRUB_ERR_BUG; +} diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c index 3730ed382..ef0d63afc 100644 --- a/grub-core/loader/i386/bsd.c +++ b/grub-core/loader/i386/bsd.c @@ -35,10 +35,12 @@ #include #include #include +#include #include #ifdef GRUB_MACHINE_PCBIOS #include #endif +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -1012,11 +1014,16 @@ grub_netbsd_add_modules (void) struct grub_netbsd_btinfo_modules *mods; unsigned i; grub_err_t err; + grub_size_t sz; for (mod = netbsd_mods; mod; mod = mod->next) modcnt++; - mods = grub_malloc (sizeof (*mods) + sizeof (mods->mods[0]) * modcnt); + if (grub_mul (modcnt, sizeof (mods->mods[0]), &sz) || + grub_add (sz, sizeof (*mods), &sz)) + return GRUB_ERR_OUT_OF_RANGE; + + mods = grub_malloc (sz); if (!mods) return grub_errno; @@ -2130,6 +2137,9 @@ static grub_command_t cmd_netbsd_module_elf, cmd_openbsd_ramdisk; GRUB_MOD_INIT (bsd) { + if (grub_efi_secure_boot()) + return; + /* Net and OpenBSD kernels are often compressed. */ grub_dl_load ("gzio"); @@ -2169,6 +2179,9 @@ GRUB_MOD_INIT (bsd) GRUB_MOD_FINI (bsd) { + if (grub_efi_secure_boot()) + return; + grub_unregister_extcmd (cmd_freebsd); grub_unregister_extcmd (cmd_openbsd); grub_unregister_extcmd (cmd_netbsd); diff --git a/grub-core/loader/i386/bsdXX.c b/grub-core/loader/i386/bsdXX.c index af6741d15..a8d8bf7da 100644 --- a/grub-core/loader/i386/bsdXX.c +++ b/grub-core/loader/i386/bsdXX.c @@ -48,7 +48,7 @@ read_headers (grub_file_t file, const char *filename, Elf_Ehdr *e, char **shdr) if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS)) return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic")); - *shdr = grub_malloc ((grub_uint32_t) e->e_shnum * e->e_shentsize); + *shdr = grub_calloc (e->e_shnum, e->e_shentsize); if (! *shdr) return grub_errno; diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c index 34605dfed..381459ce0 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -19,16 +19,16 @@ #include #include #include -#include #include #include #include #include #include #include -#include #include -#include +#include +#include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -43,70 +43,14 @@ static char *linux_cmdline; #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) -#define SHIM_LOCK_GUID \ - { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } - -struct grub_efi_shim_lock -{ - grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size); -}; -typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; - -static grub_efi_boolean_t -grub_linuxefi_secure_validate (void *data, grub_uint32_t size) -{ - grub_efi_guid_t guid = SHIM_LOCK_GUID; - grub_efi_shim_lock_t *shim_lock; - grub_efi_status_t status; - - if (! grub_efi_secure_boot()) - { - grub_dprintf ("linuxefi", "secure boot not enabled, not validating"); - return 1; - } - - grub_dprintf ("linuxefi", "Locating shim protocol\n"); - shim_lock = grub_efi_locate_protocol(&guid, NULL); - - if (!shim_lock) - { - grub_dprintf ("linuxefi", "shim not available\n"); - return 0; - } - - grub_dprintf ("linuxefi", "Asking shim to verify kernel signature\n"); - status = shim_lock->verify(data, size); - if (status == GRUB_EFI_SUCCESS) - { - grub_dprintf ("linuxefi", "Kernel signature verification passed\n"); - return 1; - } - - grub_dprintf ("linuxefi", "Kernel signature verification failed (0x%lx)\n", - (unsigned long) status); - return 0; -} - -typedef void(*handover_func)(void *, grub_efi_system_table_t *, struct linux_kernel_params *); - static grub_err_t grub_linuxefi_boot (void) { - handover_func hf; - int offset = 0; - -#ifdef __x86_64__ - offset = 512; -#endif - - hf = (handover_func)((char *)kernel_mem + handover_offset + offset); - asm volatile ("cli"); - hf (grub_efi_image_handle, grub_efi_system_table, params); - - /* Not reached */ - return GRUB_ERR_NONE; + return grub_efi_linux_boot ((char *)kernel_mem, + handover_offset, + params); } static grub_err_t @@ -115,13 +59,18 @@ grub_linuxefi_unload (void) grub_dl_unref (my_mod); loaded = 0; if (initrd_mem) - grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, BYTES_TO_PAGES(params->ramdisk_size)); + grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, + BYTES_TO_PAGES(params->ramdisk_size)); if (linux_cmdline) - grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)linux_cmdline, BYTES_TO_PAGES(params->cmdline_size + 1)); + grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) + linux_cmdline, + BYTES_TO_PAGES(params->cmdline_size + 1)); if (kernel_mem) - grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, BYTES_TO_PAGES(kernel_size)); + grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, + BYTES_TO_PAGES(kernel_size)); if (params) - grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)params, BYTES_TO_PAGES(16384)); + grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)params, + BYTES_TO_PAGES(16384)); return GRUB_ERR_NONE; } @@ -129,8 +78,10 @@ static grub_err_t grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), int argc, char *argv[]) { + grub_file_t *files = 0; + int i, nfiles = 0; grub_size_t size = 0; - struct grub_linux_initrd_context initrd_ctx; + grub_uint8_t *ptr; if (argc == 0) { @@ -144,10 +95,22 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), goto fail; } - if (grub_initrd_init (argc, argv, &initrd_ctx)) + files = grub_calloc (argc, sizeof (files[0])); + if (!files) goto fail; - size = grub_get_initrd_size (&initrd_ctx); + for (i = 0; i < argc; i++) + { + files[i] = grub_file_open (argv[i], GRUB_FILE_TYPE_LINUX_INITRD | GRUB_FILE_TYPE_NO_DECOMPRESS); + if (! files[i]) + goto fail; + nfiles++; + if (grub_add (size, ALIGN_UP (grub_file_size (files[i]), 4), &size)) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + goto fail; + } + } initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); @@ -162,28 +125,52 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), params->ramdisk_size = size; params->ramdisk_image = (grub_uint32_t)(grub_addr_t) initrd_mem; - if (grub_initrd_load (&initrd_ctx, argv, initrd_mem)) - goto fail; + ptr = initrd_mem; + + for (i = 0; i < nfiles; i++) + { + grub_ssize_t cursize = grub_file_size (files[i]); + if (grub_file_read (files[i], ptr, cursize) != cursize) + { + if (!grub_errno) + grub_error (GRUB_ERR_FILE_READ_ERROR, N_("premature end of file %s"), + argv[i]); + goto fail; + } + ptr += cursize; + grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4)); + ptr += ALIGN_UP_OVERHEAD (cursize, 4); + } params->ramdisk_size = size; fail: - grub_initrd_close (&initrd_ctx); + for (i = 0; i < nfiles; i++) + grub_file_close (files[i]); + grub_free (files); if (initrd_mem && grub_errno) - grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, BYTES_TO_PAGES(size)); + grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)initrd_mem, + BYTES_TO_PAGES(size)); return grub_errno; } +#define MIN(a, b) \ + ({ typeof (a) _a = (a); \ + typeof (b) _b = (b); \ + _a < _b ? _a : _b; }) + static grub_err_t grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), int argc, char *argv[]) { grub_file_t file = 0; - struct linux_i386_kernel_header lh; - grub_ssize_t len, start, filelen; - void *kernel; + struct linux_i386_kernel_header *lh = NULL; + grub_ssize_t start, filelen; + void *kernel = NULL; + int setup_header_end_offset; + int rc; grub_dl_ref (my_mod); @@ -209,68 +196,95 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), if (grub_file_read (file, kernel, filelen) != filelen) { - grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), argv[0]); + grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), + argv[0]); goto fail; } - if (! grub_linuxefi_secure_validate (kernel, filelen)) + if (grub_efi_secure_boot ()) { - grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), argv[0]); - grub_free (kernel); - goto fail; + rc = grub_linuxefi_secure_validate (kernel, filelen); + if (rc <= 0) + { + grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), + argv[0]); + goto fail; + } } - grub_file_seek (file, 0); - - grub_free(kernel); - - params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384)); - + params = grub_efi_allocate_pages_max (0x3fffffff, + BYTES_TO_PAGES(sizeof(*params))); if (! params) { grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters"); goto fail; } - grub_dprintf ("linuxefi", "params = %lx\n", (unsigned long) params); - - grub_memset (params, 0, 16384); + grub_dprintf ("linuxefi", "params = %p\n", params); + + grub_memset (params, 0, sizeof(*params)); + + setup_header_end_offset = *((grub_uint8_t *)kernel + 0x201); + grub_dprintf ("linuxefi", "copying %zu bytes from %p to %p\n", + MIN((grub_size_t)0x202+setup_header_end_offset, + sizeof (*params)) - 0x1f1, + (grub_uint8_t *)kernel + 0x1f1, + (grub_uint8_t *)params + 0x1f1); + grub_memcpy ((grub_uint8_t *)params + 0x1f1, + (grub_uint8_t *)kernel + 0x1f1, + MIN((grub_size_t)0x202+setup_header_end_offset,sizeof (*params)) - 0x1f1); + lh = (struct linux_i386_kernel_header *)params; + grub_dprintf ("linuxefi", "lh is at %p\n", lh); + grub_dprintf ("linuxefi", "checking lh->boot_flag\n"); + if (lh->boot_flag != grub_cpu_to_le16 (0xaa55)) + { + grub_error (GRUB_ERR_BAD_OS, N_("invalid magic number")); + goto fail; + } - if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) + grub_dprintf ("linuxefi", "checking lh->setup_sects\n"); + if (lh->setup_sects > GRUB_LINUX_MAX_SETUP_SECTS) { - if (!grub_errno) - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), - argv[0]); + grub_error (GRUB_ERR_BAD_OS, N_("too many setup sectors")); goto fail; } - if (lh.boot_flag != grub_cpu_to_le16 (0xaa55)) + grub_dprintf ("linuxefi", "checking lh->version\n"); + if (lh->version < grub_cpu_to_le16 (0x020c)) { - grub_error (GRUB_ERR_BAD_OS, N_("invalid magic number")); + grub_error (GRUB_ERR_BAD_OS, N_("kernel too old")); goto fail; } - if (lh.setup_sects > GRUB_LINUX_MAX_SETUP_SECTS) + grub_dprintf ("linuxefi", "checking lh->handover_offset\n"); + if (!lh->handover_offset) { - grub_error (GRUB_ERR_BAD_OS, N_("too many setup sectors")); + grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support EFI handover")); goto fail; } - if (lh.version < grub_cpu_to_le16 (0x020b)) +#if defined(__x86_64__) || defined(__aarch64__) + grub_dprintf ("linuxefi", "checking lh->xloadflags\n"); + if (!(lh->xloadflags & LINUX_XLF_KERNEL_64)) { - grub_error (GRUB_ERR_BAD_OS, N_("kernel too old")); + grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support 64-bit CPUs")); goto fail; } +#endif - if (!lh.handover_offset) +#if defined(__i386__) + if ((lh->xloadflags & LINUX_XLF_KERNEL_64) && + !(lh->xloadflags & LINUX_XLF_EFI_HANDOVER_32)) { - grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support EFI handover")); + grub_error (GRUB_ERR_BAD_OS, + N_("kernel doesn't support 32-bit handover")); goto fail; } +#endif + grub_dprintf ("linuxefi", "setting up cmdline\n"); linux_cmdline = grub_efi_allocate_pages_max(0x3fffffff, - BYTES_TO_PAGES(lh.cmdline_size + 1)); - + BYTES_TO_PAGES(lh->cmdline_size + 1)); if (!linux_cmdline) { grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline")); @@ -278,34 +292,28 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), } grub_dprintf ("linuxefi", "linux_cmdline = %lx\n", - (unsigned long) linux_cmdline); + (unsigned long)linux_cmdline); grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); - { - grub_err_t err; - err = grub_create_loader_cmdline (argc, argv, - linux_cmdline - + sizeof (LINUX_IMAGE) - 1, - lh.cmdline_size - - (sizeof (LINUX_IMAGE) - 1), - GRUB_VERIFY_KERNEL_CMDLINE); - if (err) - goto fail; - } + grub_create_loader_cmdline (argc, argv, + linux_cmdline + sizeof (LINUX_IMAGE) - 1, + lh->cmdline_size - (sizeof (LINUX_IMAGE) - 1), + GRUB_VERIFY_KERNEL_CMDLINE); - lh.cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; + grub_dprintf ("linuxefi", "setting lh->cmd_line_ptr\n"); + lh->cmd_line_ptr = (grub_uint32_t)(grub_addr_t)linux_cmdline; - handover_offset = lh.handover_offset; + grub_dprintf ("linuxefi", "computing handover offset\n"); + handover_offset = lh->handover_offset; - start = (lh.setup_sects + 1) * 512; - len = grub_file_size(file) - start; + start = (lh->setup_sects + 1) * 512; - kernel_mem = grub_efi_allocate_fixed(lh.pref_address, - BYTES_TO_PAGES(lh.init_size)); + kernel_mem = grub_efi_allocate_fixed(lh->pref_address, + BYTES_TO_PAGES(lh->init_size)); if (!kernel_mem) kernel_mem = grub_efi_allocate_pages_max(0x3fffffff, - BYTES_TO_PAGES(lh.init_size)); + BYTES_TO_PAGES(lh->init_size)); if (!kernel_mem) { @@ -315,51 +323,47 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), grub_dprintf ("linuxefi", "kernel_mem = %lx\n", (unsigned long) kernel_mem); - if (grub_file_seek (file, start) == (grub_off_t) -1) - { - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), - argv[0]); - goto fail; - } - - if (grub_file_read (file, kernel_mem, len) != len && !grub_errno) - { - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), - argv[0]); - } + grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); + loaded=1; + grub_dprintf ("linuxefi", "setting lh->code32_start to %p\n", kernel_mem); + lh->code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; - if (grub_errno == GRUB_ERR_NONE) - { - grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); - loaded = 1; - lh.code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; - } + grub_memcpy (kernel_mem, (char *)kernel + start, filelen - start); - /* do not overwrite below boot_params->hdr to avoid setting the sentinel byte */ - start = offsetof (struct linux_kernel_params, setup_sects); - grub_memcpy ((grub_uint8_t *)params + start, (grub_uint8_t *)&lh + start, 2 * 512 - start); + grub_dprintf ("linuxefi", "setting lh->type_of_loader\n"); + lh->type_of_loader = 0x6; - params->type_of_loader = 0x21; + grub_dprintf ("linuxefi", "setting lh->ext_loader_{type,ver}\n"); + params->ext_loader_type = 0; + params->ext_loader_ver = 2; + grub_dprintf("linuxefi", "kernel_mem: %p handover_offset: %08x\n", + kernel_mem, handover_offset); fail: - if (file) grub_file_close (file); + if (kernel) + grub_free (kernel); + if (grub_errno != GRUB_ERR_NONE) { grub_dl_unref (my_mod); loaded = 0; } - if (linux_cmdline && !loaded) - grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)linux_cmdline, BYTES_TO_PAGES(lh.cmdline_size + 1)); + if (linux_cmdline && lh && !loaded) + grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t) + linux_cmdline, + BYTES_TO_PAGES(lh->cmdline_size + 1)); if (kernel_mem && !loaded) - grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, BYTES_TO_PAGES(kernel_size)); + grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)kernel_mem, + BYTES_TO_PAGES(kernel_size)); if (params && !loaded) - grub_efi_free_pages((grub_efi_physical_address_t)(grub_addr_t)params, BYTES_TO_PAGES(16384)); + grub_efi_free_pages ((grub_efi_physical_address_t)(grub_addr_t)params, + BYTES_TO_PAGES(16384)); return grub_errno; } diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c index 2eab9bb10..04bd78a1f 100644 --- a/grub-core/loader/i386/linux.c +++ b/grub-core/loader/i386/linux.c @@ -36,6 +36,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -45,6 +46,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); #ifdef GRUB_MACHINE_EFI #include +#include #define HAS_VGA_TEXT 0 #define DEFAULT_VIDEO_MODE "auto" #define ACCEPTS_PURE_TEXT 0 @@ -182,9 +184,8 @@ allocate_pages (grub_size_t prot_size, grub_size_t *align, for (; err && *align + 1 > min_align; (*align)--) { grub_errno = GRUB_ERR_NONE; - err = grub_relocator_alloc_chunk_align (relocator, &ch, - 0x1000000, - 0xffffffff & ~prot_size, + err = grub_relocator_alloc_chunk_align (relocator, &ch, 0x1000000, + UP_TO_TOP32 (prot_size), prot_size, 1 << *align, GRUB_RELOCATOR_PREFERENCE_LOW, 1); @@ -549,9 +550,13 @@ grub_linux_boot (void) { grub_relocator_chunk_t ch; + grub_size_t sz; + + if (grub_add (ctx.real_size, efi_mmap_size, &sz)) + return GRUB_ERR_OUT_OF_RANGE; + err = grub_relocator_alloc_chunk_addr (relocator, &ch, - ctx.real_mode_target, - (ctx.real_size + efi_mmap_size)); + ctx.real_mode_target, sz); if (err) return err; real_mode_mem = get_virtual_current_address (ch); @@ -643,47 +648,54 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), { grub_file_t file = 0; struct linux_i386_kernel_header lh; + grub_uint8_t *linux_params_ptr; grub_uint8_t setup_sects; - grub_size_t real_size, prot_size, prot_file_size; + grub_size_t real_size, prot_size, prot_file_size, kernel_offset; grub_ssize_t len; int i; grub_size_t align, min_align; int relocatable; grub_uint64_t preferred_address = GRUB_LINUX_BZIMAGE_ADDR; + grub_uint8_t *kernel = NULL; grub_dl_ref (my_mod); #ifdef GRUB_MACHINE_EFI using_linuxefi = 0; - if (grub_efi_secure_boot ()) - { - /* linuxefi requires a successful signature check and then hand over - to the kernel without calling ExitBootServices. */ - grub_dl_t mod; - grub_command_t linuxefi_cmd; - grub_dprintf ("linux", "Secure Boot enabled: trying linuxefi\n"); + grub_dl_t mod; + grub_command_t linuxefi_cmd; - mod = grub_dl_load ("linuxefi"); - if (mod) + grub_dprintf ("linux", "Trying linuxefi\n"); + + mod = grub_dl_load ("linuxefi"); + if (mod) + { + grub_dl_ref (mod); + linuxefi_cmd = grub_command_find ("linuxefi"); + initrdefi_cmd = grub_command_find ("initrdefi"); + if (linuxefi_cmd && initrdefi_cmd) { - grub_dl_ref (mod); - linuxefi_cmd = grub_command_find ("linuxefi"); - initrdefi_cmd = grub_command_find ("initrdefi"); - if (linuxefi_cmd && initrdefi_cmd) + (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); + if (grub_errno == GRUB_ERR_NONE) { - (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); - if (grub_errno == GRUB_ERR_NONE) - { - grub_dprintf ("linux", "Handing off to linuxefi\n"); - using_linuxefi = 1; - return GRUB_ERR_NONE; - } - grub_dprintf ("linux", "linuxefi failed (%d)\n", grub_errno); + grub_dprintf ("linux", "Handing off to linuxefi\n"); + using_linuxefi = 1; + return GRUB_ERR_NONE; + } + else if (grub_efi_secure_boot ()) + { + grub_dprintf ("linux", "linuxefi failed and secure boot is enabled (%d)\n", grub_errno); goto fail; } } } + + if (grub_efi_secure_boot ()) + { + grub_dprintf("linux", "Unable to hand off to linuxefi and secure boot is enabled\n"); + goto fail; + } #endif if (argc == 0) @@ -696,7 +708,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), if (! file) goto fail; - if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) + len = grub_file_size (file); + kernel = grub_malloc (len); + if (!kernel) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); + goto fail; + } + + if (grub_file_read (file, kernel, len) != len) { if (!grub_errno) grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), @@ -704,6 +724,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), goto fail; } + grub_memcpy (&lh, kernel, sizeof (lh)); + kernel_offset = sizeof (lh); + if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55)) { grub_error (GRUB_ERR_BAD_OS, "invalid magic number"); @@ -795,6 +818,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), preferred_address)) goto fail; + grub_memset (&linux_params, 0, sizeof (linux_params)); grub_memcpy (&linux_params.setup_sects, &lh.setup_sects, sizeof (lh) - 0x1F1); @@ -817,13 +841,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), /* We've already read lh so there is no need to read it second time. */ len -= sizeof(lh); - if (grub_file_read (file, (char *) &linux_params + sizeof (lh), len) != len) - { - if (!grub_errno) - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), - argv[0]); - goto fail; - } + linux_params_ptr = (void *)&linux_params; + grub_memcpy (linux_params_ptr + sizeof (lh), kernel + kernel_offset, len); + kernel_offset += len; linux_params.type_of_loader = GRUB_LINUX_BOOT_LOADER_TYPE; @@ -882,7 +902,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), /* The other parameters are filled when booting. */ - grub_file_seek (file, real_size + GRUB_DISK_SECTOR_SIZE); + kernel_offset = real_size + GRUB_DISK_SECTOR_SIZE; grub_dprintf ("linux", "bzImage, setup=0x%x, size=0x%x\n", (unsigned) real_size, (unsigned) prot_size); @@ -1036,9 +1056,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), } len = prot_file_size; - if (grub_file_read (file, prot_mode_mem, len) != len && !grub_errno) - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), - argv[0]); + grub_memcpy (prot_mode_mem, kernel + kernel_offset, len); if (grub_errno == GRUB_ERR_NONE) { @@ -1049,6 +1067,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), fail: + grub_free (kernel); + if (file) grub_file_close (file); diff --git a/grub-core/loader/i386/multiboot_mbi.c b/grub-core/loader/i386/multiboot_mbi.c index ad3cc292f..a67d9d0a8 100644 --- a/grub-core/loader/i386/multiboot_mbi.c +++ b/grub-core/loader/i386/multiboot_mbi.c @@ -466,10 +466,9 @@ grub_multiboot_make_mbi (grub_uint32_t *target) bufsize = grub_multiboot_get_mbi_size (); - err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch, - 0x10000, 0xa0000 - bufsize, - bufsize, 4, - GRUB_RELOCATOR_PREFERENCE_NONE, 0); + err = grub_relocator_alloc_chunk_align_safe (grub_multiboot_relocator, &ch, + 0x10000, 0xa0000, bufsize, 4, + GRUB_RELOCATOR_PREFERENCE_NONE, 0); if (err) return err; ptrorig = get_virtual_current_address (ch); diff --git a/grub-core/loader/i386/pc/linux.c b/grub-core/loader/i386/pc/linux.c index 47ea2945e..6400a5b91 100644 --- a/grub-core/loader/i386/pc/linux.c +++ b/grub-core/loader/i386/pc/linux.c @@ -35,6 +35,8 @@ #include #include #include +#include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -123,13 +125,14 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), grub_file_t file = 0; struct linux_i386_kernel_header lh; grub_uint8_t setup_sects; - grub_size_t real_size; + grub_size_t real_size, kernel_offset = 0; grub_ssize_t len; int i; char *grub_linux_prot_chunk; int grub_linux_is_bzimage; grub_addr_t grub_linux_prot_target; grub_err_t err; + grub_uint8_t *kernel = NULL; grub_dl_ref (my_mod); @@ -143,7 +146,15 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), if (! file) goto fail; - if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) + len = grub_file_size (file); + kernel = grub_malloc (len); + if (!kernel) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer")); + goto fail; + } + + if (grub_file_read (file, kernel, len) != len) { if (!grub_errno) grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), @@ -151,6 +162,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), goto fail; } + grub_memcpy (&lh, kernel, sizeof (lh)); + kernel_offset = sizeof (lh); + if (lh.boot_flag != grub_cpu_to_le16_compile_time (0xaa55)) { grub_error (GRUB_ERR_BAD_OS, "invalid magic number"); @@ -218,8 +232,12 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), setup_sects = GRUB_LINUX_DEFAULT_SETUP_SECTS; real_size = setup_sects << GRUB_DISK_SECTOR_BITS; - grub_linux16_prot_size = grub_file_size (file) - - real_size - GRUB_DISK_SECTOR_SIZE; + if (grub_sub (grub_file_size (file), real_size, &grub_linux16_prot_size) || + grub_sub (grub_linux16_prot_size, GRUB_DISK_SECTOR_SIZE, &grub_linux16_prot_size)) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + goto fail; + } if (! grub_linux_is_bzimage && GRUB_LINUX_ZIMAGE_ADDR + grub_linux16_prot_size @@ -314,13 +332,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), grub_memmove (grub_linux_real_chunk, &lh, sizeof (lh)); len = real_size + GRUB_DISK_SECTOR_SIZE - sizeof (lh); - if (grub_file_read (file, grub_linux_real_chunk + sizeof (lh), len) != len) - { - if (!grub_errno) - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), - argv[0]); - goto fail; - } + grub_memcpy (grub_linux_real_chunk + sizeof (lh), kernel + kernel_offset, + len); + kernel_offset += len; if (lh.header != grub_cpu_to_le32_compile_time (GRUB_LINUX_I386_MAGIC_SIGNATURE) || grub_le_to_cpu16 (lh.version) < 0x0200) @@ -358,9 +372,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), } len = grub_linux16_prot_size; - if (grub_file_read (file, grub_linux_prot_chunk, len) != len && !grub_errno) - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), - argv[0]); + grub_memcpy (grub_linux_prot_chunk, kernel + kernel_offset, len); + kernel_offset += len; if (grub_errno == GRUB_ERR_NONE) { @@ -370,6 +383,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), fail: + grub_free (kernel); + if (file) grub_file_close (file); @@ -448,10 +463,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), { grub_relocator_chunk_t ch; - err = grub_relocator_alloc_chunk_align (relocator, &ch, - addr_min, addr_max - size, - size, 0x1000, - GRUB_RELOCATOR_PREFERENCE_HIGH, 0); + err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, addr_min, addr_max, size, + 0x1000, GRUB_RELOCATOR_PREFERENCE_HIGH, 0); if (err) return err; initrd_chunk = get_virtual_current_address (ch); @@ -474,6 +487,9 @@ static grub_command_t cmd_linux, cmd_initrd; GRUB_MOD_INIT(linux16) { + if (grub_efi_secure_boot()) + return; + cmd_linux = grub_register_command ("linux16", grub_cmd_linux, 0, N_("Load Linux.")); @@ -485,6 +501,9 @@ GRUB_MOD_INIT(linux16) GRUB_MOD_FINI(linux16) { + if (grub_efi_secure_boot()) + return; + grub_unregister_command (cmd_linux); grub_unregister_command (cmd_initrd); } diff --git a/grub-core/loader/i386/xen.c b/grub-core/loader/i386/xen.c index 8f662c8ac..cd24874ca 100644 --- a/grub-core/loader/i386/xen.c +++ b/grub-core/loader/i386/xen.c @@ -41,6 +41,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -636,6 +637,7 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)), grub_relocator_chunk_t ch; grub_addr_t kern_start; grub_addr_t kern_end; + grub_size_t sz; if (argc == 0) return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); @@ -703,8 +705,14 @@ grub_cmd_xen (grub_command_t cmd __attribute__ ((unused)), xen_state.max_addr = ALIGN_UP (kern_end, PAGE_SIZE); - err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start, - kern_end - kern_start); + + if (grub_sub (kern_end, kern_start, &sz)) + { + err = GRUB_ERR_OUT_OF_RANGE; + goto fail; + } + + err = grub_relocator_alloc_chunk_addr (xen_state.relocator, &ch, kern_start, sz); if (err) goto fail; kern_chunk_src = get_virtual_current_address (ch); diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c index e64ed08f5..c50cb5410 100644 --- a/grub-core/loader/i386/xnu.c +++ b/grub-core/loader/i386/xnu.c @@ -295,7 +295,7 @@ grub_xnu_devprop_add_property_utf8 (struct grub_xnu_devprop_device_descriptor *d return grub_errno; len = grub_strlen (name); - utf16 = grub_malloc (sizeof (grub_uint16_t) * len); + utf16 = grub_calloc (len, sizeof (grub_uint16_t)); if (!utf16) { grub_free (utf8); @@ -331,7 +331,7 @@ grub_xnu_devprop_add_property_utf16 (struct grub_xnu_devprop_device_descriptor * grub_uint16_t *utf16; grub_err_t err; - utf16 = grub_malloc (sizeof (grub_uint16_t) * namelen); + utf16 = grub_calloc (namelen, sizeof (grub_uint16_t)); if (!utf16) return grub_errno; grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen); @@ -516,14 +516,15 @@ grub_cmd_devprop_load (grub_command_t cmd __attribute__ ((unused)), devhead = buf; buf = devhead + 1; - dpstart = buf; + dp = dpstart = buf; - do + while (GRUB_EFI_DEVICE_PATH_VALID (dp) && buf < bufend) { - dp = buf; buf = (char *) buf + GRUB_EFI_DEVICE_PATH_LENGTH (dp); + if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) + break; + dp = buf; } - while (!GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp) && buf < bufend); dev = grub_xnu_devprop_add_device (dpstart, (char *) buf - (char *) dpstart); diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c index 471b214d6..e9f819ee9 100644 --- a/grub-core/loader/linux.c +++ b/grub-core/loader/linux.c @@ -4,6 +4,7 @@ #include #include #include +#include struct newc_head { @@ -98,13 +99,13 @@ free_dir (struct dir *root) grub_free (root); } -static grub_size_t +static grub_err_t insert_dir (const char *name, struct dir **root, - grub_uint8_t *ptr) + grub_uint8_t *ptr, grub_size_t *size) { struct dir *cur, **head = root; const char *cb, *ce = name; - grub_size_t size = 0; + *size = 0; while (1) { for (cb = ce; *cb == '/'; cb++); @@ -130,14 +131,22 @@ insert_dir (const char *name, struct dir **root, ptr = make_header (ptr, name, ce - name, 040777, 0); } - size += ALIGN_UP ((ce - (char *) name) - + sizeof (struct newc_head), 4); + if (grub_add (*size, + ALIGN_UP ((ce - (char *) name) + + sizeof (struct newc_head), 4), + size)) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + grub_free (n->name); + grub_free (n); + return grub_errno; + } *head = n; cur = n; } root = &cur->next; } - return size; + return GRUB_ERR_NONE; } grub_err_t @@ -151,8 +160,8 @@ grub_initrd_init (int argc, char *argv[], initrd_ctx->nfiles = 0; initrd_ctx->components = 0; - initrd_ctx->components = grub_zalloc (argc - * sizeof (initrd_ctx->components[0])); + initrd_ctx->components = grub_calloc (argc, + sizeof (initrd_ctx->components[0])); if (!initrd_ctx->components) return grub_errno; @@ -173,26 +182,33 @@ grub_initrd_init (int argc, char *argv[], eptr = grub_strchr (ptr, ':'); if (eptr) { + grub_size_t dir_size, name_len; + initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr); - if (!initrd_ctx->components[i].newc_name) + if (!initrd_ctx->components[i].newc_name || + insert_dir (initrd_ctx->components[i].newc_name, &root, 0, + &dir_size)) { grub_initrd_close (initrd_ctx); return grub_errno; } - initrd_ctx->size - += ALIGN_UP (sizeof (struct newc_head) - + grub_strlen (initrd_ctx->components[i].newc_name), - 4); - initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name, - &root, 0); + name_len = grub_strlen (initrd_ctx->components[i].newc_name); + if (grub_add (initrd_ctx->size, + ALIGN_UP (sizeof (struct newc_head) + name_len, 4), + &initrd_ctx->size) || + grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size)) + goto overflow; newc = 1; fname = eptr + 1; } } else if (newc) { - initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) - + sizeof ("TRAILER!!!") - 1, 4); + if (grub_add (initrd_ctx->size, + ALIGN_UP (sizeof (struct newc_head) + + sizeof ("TRAILER!!!") - 1, 4), + &initrd_ctx->size)) + goto overflow; free_dir (root); root = 0; newc = 0; @@ -208,19 +224,29 @@ grub_initrd_init (int argc, char *argv[], initrd_ctx->nfiles++; initrd_ctx->components[i].size = grub_file_size (initrd_ctx->components[i].file); - initrd_ctx->size += initrd_ctx->components[i].size; + if (grub_add (initrd_ctx->size, initrd_ctx->components[i].size, + &initrd_ctx->size)) + goto overflow; } if (newc) { initrd_ctx->size = ALIGN_UP (initrd_ctx->size, 4); - initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) - + sizeof ("TRAILER!!!") - 1, 4); + if (grub_add (initrd_ctx->size, + ALIGN_UP (sizeof (struct newc_head) + + sizeof ("TRAILER!!!") - 1, 4), + &initrd_ctx->size)) + goto overflow; free_dir (root); root = 0; } return GRUB_ERR_NONE; + +overflow: + free_dir (root); + grub_initrd_close (initrd_ctx); + return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); } grub_size_t @@ -261,8 +287,16 @@ grub_initrd_load (struct grub_linux_initrd_context *initrd_ctx, if (initrd_ctx->components[i].newc_name) { - ptr += insert_dir (initrd_ctx->components[i].newc_name, - &root, ptr); + grub_size_t dir_size; + + if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr, + &dir_size)) + { + free_dir (root); + grub_initrd_close (initrd_ctx); + return grub_errno; + } + ptr += dir_size; ptr = make_header (ptr, initrd_ctx->components[i].newc_name, grub_strlen (initrd_ctx->components[i].newc_name), 0100777, diff --git a/grub-core/loader/macho.c b/grub-core/loader/macho.c index 085f9c689..05710c48e 100644 --- a/grub-core/loader/macho.c +++ b/grub-core/loader/macho.c @@ -97,7 +97,7 @@ grub_macho_file (grub_file_t file, const char *filename, int is_64bit) if (grub_file_seek (macho->file, sizeof (struct grub_macho_fat_header)) == (grub_off_t) -1) goto fail; - archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); + archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); if (!archs) goto fail; if (grub_file_read (macho->file, archs, diff --git a/grub-core/loader/mips/linux.c b/grub-core/loader/mips/linux.c index 7b723bf18..e4ed95921 100644 --- a/grub-core/loader/mips/linux.c +++ b/grub-core/loader/mips/linux.c @@ -442,12 +442,9 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), { grub_relocator_chunk_t ch; - err = grub_relocator_alloc_chunk_align (relocator, &ch, - (target_addr & 0x1fffffff) - + linux_size + 0x10000, - (0x10000000 - size), - size, 0x10000, - GRUB_RELOCATOR_PREFERENCE_NONE, 0); + err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, (target_addr & 0x1fffffff) + + linux_size + 0x10000, 0x10000000, size, + 0x10000, GRUB_RELOCATOR_PREFERENCE_NONE, 0); if (err) goto fail; diff --git a/grub-core/loader/multiboot.c b/grub-core/loader/multiboot.c index 4a98d7082..3e286908d 100644 --- a/grub-core/loader/multiboot.c +++ b/grub-core/loader/multiboot.c @@ -50,6 +50,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -403,7 +404,7 @@ grub_cmd_module (grub_command_t cmd __attribute__ ((unused)), { grub_relocator_chunk_t ch; err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, - lowest_addr, (0xffffffff - size) + 1, + lowest_addr, UP_TO_TOP32 (size), size, MULTIBOOT_MOD_ALIGN, GRUB_RELOCATOR_PREFERENCE_NONE, 1); if (err) @@ -444,6 +445,9 @@ static grub_command_t cmd_multiboot, cmd_module; GRUB_MOD_INIT(multiboot) { + if (grub_efi_secure_boot()) + return; + cmd_multiboot = #ifdef GRUB_USE_MULTIBOOT2 grub_register_command ("multiboot2", grub_cmd_multiboot, @@ -464,6 +468,9 @@ GRUB_MOD_INIT(multiboot) GRUB_MOD_FINI(multiboot) { + if (grub_efi_secure_boot()) + return; + grub_unregister_command (cmd_multiboot); grub_unregister_command (cmd_module); } diff --git a/grub-core/loader/multiboot_elfxx.c b/grub-core/loader/multiboot_elfxx.c index 70cd1db51..f2318e0d1 100644 --- a/grub-core/loader/multiboot_elfxx.c +++ b/grub-core/loader/multiboot_elfxx.c @@ -109,10 +109,10 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) if (load_size > mld->max_addr || mld->min_addr > mld->max_addr - load_size) return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size"); - err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, - mld->min_addr, mld->max_addr - load_size, - load_size, mld->align ? mld->align : 1, - mld->preference, mld->avoid_efi_boot_services); + err = grub_relocator_alloc_chunk_align_safe (GRUB_MULTIBOOT (relocator), &ch, + mld->min_addr, mld->max_addr, + load_size, mld->align ? mld->align : 1, + mld->preference, mld->avoid_efi_boot_services); if (err) { @@ -217,7 +217,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) { grub_uint8_t *shdr, *shdrptr; - shdr = grub_malloc ((grub_uint32_t) ehdr->e_shnum * ehdr->e_shentsize); + shdr = grub_calloc (ehdr->e_shnum, ehdr->e_shentsize); if (!shdr) return grub_errno; @@ -256,7 +256,7 @@ CONCAT(grub_multiboot_load_elf, XX) (mbi_load_data_t *mld) continue; err = grub_relocator_alloc_chunk_align (GRUB_MULTIBOOT (relocator), &ch, 0, - (0xffffffff - sh->sh_size) + 1, + UP_TO_TOP32 (sh->sh_size), sh->sh_size, sh->sh_addralign, GRUB_RELOCATOR_PREFERENCE_NONE, mld->avoid_efi_boot_services); diff --git a/grub-core/loader/multiboot_mbi2.c b/grub-core/loader/multiboot_mbi2.c index 53da78615..3ec209283 100644 --- a/grub-core/loader/multiboot_mbi2.c +++ b/grub-core/loader/multiboot_mbi2.c @@ -295,10 +295,10 @@ grub_multiboot2_load (grub_file_t file, const char *filename) return grub_error (GRUB_ERR_BAD_OS, "invalid min/max address and/or load size"); } - err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch, - mld.min_addr, mld.max_addr - code_size, - code_size, mld.align ? mld.align : 1, - mld.preference, keep_bs); + err = grub_relocator_alloc_chunk_align_safe (grub_multiboot2_relocator, &ch, + mld.min_addr, mld.max_addr, + code_size, mld.align ? mld.align : 1, + mld.preference, keep_bs); } else err = grub_relocator_alloc_chunk_addr (grub_multiboot2_relocator, @@ -708,7 +708,7 @@ grub_multiboot2_make_mbi (grub_uint32_t *target) COMPILE_TIME_ASSERT (MULTIBOOT_TAG_ALIGN % sizeof (grub_properly_aligned_t) == 0); err = grub_relocator_alloc_chunk_align (grub_multiboot2_relocator, &ch, - 0, 0xffffffff - bufsize, + 0, UP_TO_TOP32 (bufsize), bufsize, MULTIBOOT_TAG_ALIGN, GRUB_RELOCATOR_PREFERENCE_NONE, 1); if (err) diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c index 7f74d1d6f..3fd653993 100644 --- a/grub-core/loader/xnu.c +++ b/grub-core/loader/xnu.c @@ -34,6 +34,8 @@ #include #include #include +#include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -59,15 +61,17 @@ grub_xnu_heap_malloc (int size, void **src, grub_addr_t *target) { grub_err_t err; grub_relocator_chunk_t ch; + grub_addr_t tgt; + + if (grub_add (grub_xnu_heap_target_start, grub_xnu_heap_size, &tgt)) + return GRUB_ERR_OUT_OF_RANGE; - err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, - grub_xnu_heap_target_start - + grub_xnu_heap_size, size); + err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, tgt, size); if (err) return err; *src = get_virtual_current_address (ch); - *target = grub_xnu_heap_target_start + grub_xnu_heap_size; + *target = tgt; grub_xnu_heap_size += size; grub_dprintf ("xnu", "val=%p\n", *src); return GRUB_ERR_NONE; @@ -800,7 +804,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd __attribute__ ((unused)), if (grub_be_to_cpu32 (head.magic) == GRUB_MACHO_FAT_MAGIC) { narchs = grub_be_to_cpu32 (head.nfat_arch); - archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); + archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); if (! archs) { grub_file_close (file); @@ -1478,6 +1482,9 @@ static grub_extcmd_t cmd_splash; GRUB_MOD_INIT(xnu) { + if (grub_efi_secure_boot()) + return; + cmd_kernel = grub_register_command ("xnu_kernel", grub_cmd_xnu_kernel, 0, N_("Load XNU image.")); cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64, @@ -1518,6 +1525,9 @@ GRUB_MOD_INIT(xnu) GRUB_MOD_FINI(xnu) { + if (grub_efi_secure_boot()) + return; + #ifndef GRUB_MACHINE_EMU grub_unregister_command (cmd_resume); #endif diff --git a/grub-core/loader/xnu_resume.c b/grub-core/loader/xnu_resume.c index 8089804d4..d648ef0cd 100644 --- a/grub-core/loader/xnu_resume.c +++ b/grub-core/loader/xnu_resume.c @@ -129,7 +129,7 @@ grub_xnu_resume (char *imagename) { grub_relocator_chunk_t ch; err = grub_relocator_alloc_chunk_align (grub_xnu_relocator, &ch, 0, - (0xffffffff - hibhead.image_size) + 1, + UP_TO_TOP32 (hibhead.image_size), hibhead.image_size, GRUB_XNU_PAGESIZE, GRUB_RELOCATOR_PREFERENCE_NONE, 0); diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c index 6a31cbae3..57b4e9a72 100644 --- a/grub-core/mmap/mmap.c +++ b/grub-core/mmap/mmap.c @@ -143,9 +143,9 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data) /* Initialize variables. */ ctx.scanline_events = (struct grub_mmap_scan *) - grub_malloc (sizeof (struct grub_mmap_scan) * 2 * mmap_num); + grub_calloc (mmap_num, sizeof (struct grub_mmap_scan) * 2); - present = grub_zalloc (sizeof (present[0]) * current_priority); + present = grub_calloc (current_priority, sizeof (present[0])); if (! ctx.scanline_events || !present) { diff --git a/grub-core/net/bootp.c b/grub-core/net/bootp.c index 558d97ba1..dd0ffcdae 100644 --- a/grub-core/net/bootp.c +++ b/grub-core/net/bootp.c @@ -1559,7 +1559,7 @@ grub_cmd_bootp (struct grub_command *cmd __attribute__ ((unused)), if (ncards == 0) return grub_error (GRUB_ERR_NET_NO_CARD, N_("no network card found")); - ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); + ifaces = grub_calloc (ncards, sizeof (ifaces[0])); if (!ifaces) return grub_errno; diff --git a/grub-core/net/dns.c b/grub-core/net/dns.c index 5d9afe093..906ec7d67 100644 --- a/grub-core/net/dns.c +++ b/grub-core/net/dns.c @@ -22,6 +22,7 @@ #include #include #include +#include struct dns_cache_element { @@ -51,9 +52,15 @@ grub_net_add_dns_server (const struct grub_net_network_level_address *s) { int na = dns_servers_alloc * 2; struct grub_net_network_level_address *ns; + grub_size_t sz; + if (na < 8) na = 8; - ns = grub_realloc (dns_servers, na * sizeof (ns[0])); + + if (grub_mul (na, sizeof (ns[0]), &sz)) + return GRUB_ERR_OUT_OF_RANGE; + + ns = grub_realloc (dns_servers, sz); if (!ns) return grub_errno; dns_servers_alloc = na; @@ -285,8 +292,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), ptr++; ptr += 4; } - *data->addresses = grub_malloc (sizeof ((*data->addresses)[0]) - * grub_be_to_cpu16 (head->ancount)); + *data->addresses = grub_calloc (grub_be_to_cpu16 (head->ancount), + sizeof ((*data->addresses)[0])); if (!*data->addresses) { grub_errno = GRUB_ERR_NONE; @@ -406,8 +413,8 @@ recv_hook (grub_net_udp_socket_t sock __attribute__ ((unused)), dns_cache[h].addresses = 0; dns_cache[h].name = grub_strdup (data->oname); dns_cache[h].naddresses = *data->naddresses; - dns_cache[h].addresses = grub_malloc (*data->naddresses - * sizeof (dns_cache[h].addresses[0])); + dns_cache[h].addresses = grub_calloc (*data->naddresses, + sizeof (dns_cache[h].addresses[0])); dns_cache[h].limit_time = grub_get_time_ms () + 1000 * ttl_all; if (!dns_cache[h].addresses || !dns_cache[h].name) { @@ -479,7 +486,7 @@ grub_net_dns_lookup (const char *name, } } - sockets = grub_malloc (sizeof (sockets[0]) * n_servers); + sockets = grub_calloc (n_servers, sizeof (sockets[0])); if (!sockets) return grub_errno; diff --git a/grub-core/net/http.c b/grub-core/net/http.c index f182d7b87..dfa849e85 100644 --- a/grub-core/net/http.c +++ b/grub-core/net/http.c @@ -405,7 +405,7 @@ http_establish (struct grub_file *file, grub_off_t offset, int initial) data->filename, server, port ? port : HTTP_PORT); data->sock = grub_net_tcp_open (server, port ? port : HTTP_PORT, http_receive, - http_err, http_err, + http_err, NULL, file); if (!data->sock) { diff --git a/grub-core/net/net.c b/grub-core/net/net.c index b917a75d5..fed7bc57c 100644 --- a/grub-core/net/net.c +++ b/grub-core/net/net.c @@ -333,8 +333,8 @@ grub_cmd_ipv6_autoconf (struct grub_command *cmd __attribute__ ((unused)), ncards++; } - ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); - slaacs = grub_zalloc (ncards * sizeof (slaacs[0])); + ifaces = grub_calloc (ncards, sizeof (ifaces[0])); + slaacs = grub_calloc (ncards, sizeof (slaacs[0])); if (!ifaces || !slaacs) { grub_free (ifaces); diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c index a0817a075..33c0b8214 100644 --- a/grub-core/net/tftp.c +++ b/grub-core/net/tftp.c @@ -25,7 +25,6 @@ #include #include #include -#include #include GRUB_MOD_LICENSE ("GPLv3+"); @@ -106,31 +105,8 @@ typedef struct tftp_data int have_oack; struct grub_error_saved save_err; grub_net_udp_socket_t sock; - grub_priority_queue_t pq; } *tftp_data_t; -static int -cmp_block (grub_uint16_t a, grub_uint16_t b) -{ - grub_int16_t i = (grub_int16_t) (a - b); - if (i > 0) - return +1; - if (i < 0) - return -1; - return 0; -} - -static int -cmp (const void *a__, const void *b__) -{ - struct grub_net_buff *a_ = *(struct grub_net_buff **) a__; - struct grub_net_buff *b_ = *(struct grub_net_buff **) b__; - struct tftphdr *a = (struct tftphdr *) a_->data; - struct tftphdr *b = (struct tftphdr *) b_->data; - /* We want the first elements to be on top. */ - return -cmp_block (grub_be_to_cpu16 (a->u.data.block), grub_be_to_cpu16 (b->u.data.block)); -} - static grub_err_t ack (tftp_data_t data, grub_uint64_t block) { @@ -207,73 +183,71 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), return GRUB_ERR_NONE; } - err = grub_priority_queue_push (data->pq, &nb); - if (err) - return err; - - { - struct grub_net_buff **nb_top_p, *nb_top; - while (1) - { - nb_top_p = grub_priority_queue_top (data->pq); - if (!nb_top_p) - return GRUB_ERR_NONE; - nb_top = *nb_top_p; - tftph = (struct tftphdr *) nb_top->data; - if (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) >= 0) - break; - ack (data, grub_be_to_cpu16 (tftph->u.data.block)); - grub_netbuff_free (nb_top); - grub_priority_queue_pop (data->pq); - } - while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0) - { - unsigned size; - - grub_priority_queue_pop (data->pq); - - if (file->device->net->packs.count < 50) + /* + * Ack old/retransmitted block. + * + * The block number is a 16-bit counter, thus the maximum file size that + * could be transfered is 65535 * block size. Most TFTP hosts support to + * roll-over the block counter to allow unlimited transfer file size. + * + * This behavior is not defined in the RFC 1350 [0] but is implemented by + * most TFTP clients and hosts. + * + * [0]: https://tools.ietf.org/html/rfc1350 + */ + if (grub_be_to_cpu16 (tftph->u.data.block) < ((grub_uint16_t) (data->block + 1))) + ack (data, grub_be_to_cpu16 (tftph->u.data.block)); + /* Ignore unexpected block. */ + else if (grub_be_to_cpu16 (tftph->u.data.block) > ((grub_uint16_t) (data->block + 1))) + grub_dprintf ("tftp", "TFTP unexpected block # %d\n", tftph->u.data.block); + else + { + unsigned size; + + if (file->device->net->packs.count < 50) + { err = ack (data, data->block + 1); - else - { - file->device->net->stall = 1; - err = 0; - } - if (err) - return err; - - err = grub_netbuff_pull (nb_top, sizeof (tftph->opcode) + - sizeof (tftph->u.data.block)); - if (err) - return err; - size = nb_top->tail - nb_top->data; - - data->block++; - if (size < data->block_size) - { - if (data->ack_sent < data->block) - ack (data, data->block); - file->device->net->eof = 1; - file->device->net->stall = 1; - grub_net_udp_close (data->sock); - data->sock = NULL; - } - /* Prevent garbage in broken cards. Is it still necessary - given that IP implementation has been fixed? - */ - if (size > data->block_size) - { - err = grub_netbuff_unput (nb_top, size - data->block_size); - if (err) - return err; - } - /* If there is data, puts packet in socket list. */ - if ((nb_top->tail - nb_top->data) > 0) - grub_net_put_packet (&file->device->net->packs, nb_top); - else - grub_netbuff_free (nb_top); - } - } + if (err) + return err; + } + else + file->device->net->stall = 1; + + err = grub_netbuff_pull (nb, sizeof (tftph->opcode) + + sizeof (tftph->u.data.block)); + if (err) + return err; + size = nb->tail - nb->data; + + data->block++; + if (size < data->block_size) + { + if (data->ack_sent < data->block) + ack (data, data->block); + file->device->net->eof = 1; + file->device->net->stall = 1; + grub_net_udp_close (data->sock); + data->sock = NULL; + } + /* + * Prevent garbage in broken cards. Is it still necessary + * given that IP implementation has been fixed? + */ + if (size > data->block_size) + { + err = grub_netbuff_unput (nb, size - data->block_size); + if (err) + return err; + } + /* If there is data, puts packet in socket list. */ + if ((nb->tail - nb->data) > 0) + { + grub_net_put_packet (&file->device->net->packs, nb); + /* Do not free nb. */ + return GRUB_ERR_NONE; + } + } + grub_netbuff_free (nb); return GRUB_ERR_NONE; case TFTP_ERROR: data->have_oack = 1; @@ -287,19 +261,6 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), } } -static void -destroy_pq (tftp_data_t data) -{ - struct grub_net_buff **nb_p; - while ((nb_p = grub_priority_queue_top (data->pq))) - { - grub_netbuff_free (*nb_p); - grub_priority_queue_pop (data->pq); - } - - grub_priority_queue_destroy (data->pq); -} - static grub_err_t tftp_open (struct grub_file *file, const char *filename) { @@ -373,20 +334,9 @@ tftp_open (struct grub_file *file, const char *filename) file->not_easily_seekable = 1; file->data = data; - data->pq = grub_priority_queue_new (sizeof (struct grub_net_buff *), cmp); - if (!data->pq) - { - grub_free (data); - return grub_errno; - } - err = grub_net_resolve_address (file->device->net->server, &addr); if (err) { - grub_dprintf ("tftp", "file_size is %llu, block_size is %llu\n", - (unsigned long long)data->file_size, - (unsigned long long)data->block_size); - destroy_pq (data); grub_free (data); return err; } @@ -396,7 +346,6 @@ tftp_open (struct grub_file *file, const char *filename) file); if (!data->sock) { - destroy_pq (data); grub_free (data); return grub_errno; } @@ -410,7 +359,6 @@ tftp_open (struct grub_file *file, const char *filename) if (err) { grub_net_udp_close (data->sock); - destroy_pq (data); grub_free (data); return err; } @@ -427,7 +375,6 @@ tftp_open (struct grub_file *file, const char *filename) if (grub_errno) { grub_net_udp_close (data->sock); - destroy_pq (data); grub_free (data); return grub_errno; } @@ -470,7 +417,6 @@ tftp_close (struct grub_file *file) grub_print_error (); grub_net_udp_close (data->sock); } - destroy_pq (data); grub_free (data); return GRUB_ERR_NONE; } diff --git a/grub-core/normal/charset.c b/grub-core/normal/charset.c index b0ab47d73..4dfcc3107 100644 --- a/grub-core/normal/charset.c +++ b/grub-core/normal/charset.c @@ -48,6 +48,7 @@ #include #include #include +#include #if HAVE_FONT_SOURCE #include "widthspec.h" @@ -203,7 +204,7 @@ grub_utf8_to_ucs4_alloc (const char *msg, grub_uint32_t **unicode_msg, { grub_size_t msg_len = grub_strlen (msg); - *unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); + *unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); if (!*unicode_msg) return -1; @@ -464,6 +465,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, { struct grub_unicode_combining *n; unsigned j; + grub_size_t sz; if (!haveout) continue; @@ -477,10 +479,14 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, n = out->combining_inline; else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline)) { - n = grub_realloc (out->combining_ptr, - sizeof (n[0]) * (out->ncomb + 1)); + if (grub_add (out->ncomb, 1, &sz) || + grub_mul (sz, sizeof (n[0]), &sz)) + goto fail; + + n = grub_realloc (out->combining_ptr, sz); if (!n) { + fail: grub_errno = GRUB_ERR_NONE; continue; } @@ -488,7 +494,7 @@ grub_unicode_aglomerate_comb (const grub_uint32_t *in, grub_size_t inlen, } else { - n = grub_malloc (sizeof (n[0]) * (out->ncomb + 1)); + n = grub_calloc (out->ncomb + 1, sizeof (n[0])); if (!n) { grub_errno = GRUB_ERR_NONE; @@ -842,7 +848,7 @@ grub_bidi_line_logical_to_visual (const grub_uint32_t *logical, } \ } - visual = grub_malloc (sizeof (visual[0]) * logical_len); + visual = grub_calloc (logical_len, sizeof (visual[0])); if (!visual) return -1; @@ -1165,8 +1171,8 @@ grub_bidi_logical_to_visual (const grub_uint32_t *logical, { const grub_uint32_t *line_start = logical, *ptr; struct grub_unicode_glyph *visual_ptr; - *visual_out = visual_ptr = grub_malloc (3 * sizeof (visual_ptr[0]) - * (logical_len + 2)); + *visual_out = visual_ptr = grub_calloc (logical_len + 2, + 3 * sizeof (visual_ptr[0])); if (!visual_ptr) return -1; for (ptr = logical; ptr <= logical + logical_len; ptr++) diff --git a/grub-core/normal/cmdline.c b/grub-core/normal/cmdline.c index c037d5050..de03fe63b 100644 --- a/grub-core/normal/cmdline.c +++ b/grub-core/normal/cmdline.c @@ -28,6 +28,7 @@ #include #include #include +#include static grub_uint32_t *kill_buf; @@ -41,7 +42,7 @@ grub_err_t grub_set_history (int newsize) { grub_uint32_t **old_hist_lines = hist_lines; - hist_lines = grub_malloc (sizeof (grub_uint32_t *) * newsize); + hist_lines = grub_calloc (newsize, sizeof (grub_uint32_t *)); /* Copy the old lines into the new buffer. */ if (old_hist_lines) @@ -114,7 +115,7 @@ static void grub_history_set (int pos, grub_uint32_t *s, grub_size_t len) { grub_free (hist_lines[pos]); - hist_lines[pos] = grub_malloc ((len + 1) * sizeof (grub_uint32_t)); + hist_lines[pos] = grub_calloc (len + 1, sizeof (grub_uint32_t)); if (!hist_lines[pos]) { grub_print_error (); @@ -307,12 +308,21 @@ cl_insert (struct cmdline_term *cl_terms, unsigned nterms, if (len + (*llen) >= (*max_len)) { grub_uint32_t *nbuf; - (*max_len) *= 2; - nbuf = grub_realloc ((*buf), sizeof (grub_uint32_t) * (*max_len)); + grub_size_t sz; + + if (grub_mul (*max_len, 2, max_len) || + grub_mul (*max_len, sizeof (grub_uint32_t), &sz)) + { + grub_errno = GRUB_ERR_OUT_OF_RANGE; + goto fail; + } + + nbuf = grub_realloc ((*buf), sz); if (nbuf) (*buf) = nbuf; else { + fail: grub_print_error (); grub_errno = GRUB_ERR_NONE; (*max_len) /= 2; @@ -349,7 +359,7 @@ grub_cmdline_get (const char *prompt_translated) char *ret; unsigned nterms; - buf = grub_malloc (max_len * sizeof (grub_uint32_t)); + buf = grub_calloc (max_len, sizeof (grub_uint32_t)); if (!buf) return 0; @@ -377,7 +387,7 @@ grub_cmdline_get (const char *prompt_translated) FOR_ACTIVE_TERM_OUTPUTS(cur) nterms++; - cl_terms = grub_malloc (sizeof (cl_terms[0]) * nterms); + cl_terms = grub_calloc (nterms, sizeof (cl_terms[0])); if (!cl_terms) { grub_free (buf); @@ -385,7 +395,7 @@ grub_cmdline_get (const char *prompt_translated) } cl_term_cur = cl_terms; - unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); + unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); if (!unicode_msg) { grub_free (buf); @@ -495,7 +505,7 @@ grub_cmdline_get (const char *prompt_translated) grub_uint32_t *insert; insertlen = grub_strlen (insertu8); - insert = grub_malloc ((insertlen + 1) * sizeof (grub_uint32_t)); + insert = grub_calloc (insertlen + 1, sizeof (grub_uint32_t)); if (!insert) { grub_free (insertu8); @@ -602,7 +612,7 @@ grub_cmdline_get (const char *prompt_translated) grub_free (kill_buf); - kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t)); + kill_buf = grub_calloc (n + 1, sizeof (grub_uint32_t)); if (grub_errno) { grub_print_error (); diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c index 0aa389fa1..d25a8212c 100644 --- a/grub-core/normal/main.c +++ b/grub-core/normal/main.c @@ -208,7 +208,7 @@ grub_normal_init_page (struct grub_term_output *term, grub_term_cls (term); - msg_formatted = grub_xasprintf (_("GNU GRUB version %s"), PACKAGE_VERSION); + msg_formatted = grub_xasprintf (_("GNU GRUB version %s"), VERSION); if (!msg_formatted) return; @@ -561,6 +561,9 @@ GRUB_MOD_INIT(normal) grub_env_set ("grub_platform", GRUB_PLATFORM); grub_env_export ("grub_platform"); + grub_env_set ("package_version", PACKAGE_VERSION); + grub_env_export ("package_version"); + grub_boot_time ("Normal module prepared"); } diff --git a/grub-core/normal/menu_entry.c b/grub-core/normal/menu_entry.c index cdf3590a3..50eef918c 100644 --- a/grub-core/normal/menu_entry.c +++ b/grub-core/normal/menu_entry.c @@ -27,6 +27,7 @@ #include #include #include +#include enum update_mode { @@ -95,8 +96,8 @@ init_line (struct screen *screen, struct line *linep) { linep->len = 0; linep->max_len = 80; - linep->buf = grub_malloc ((linep->max_len + 1) * sizeof (linep->buf[0])); - linep->pos = grub_zalloc (screen->nterms * sizeof (linep->pos[0])); + linep->buf = grub_calloc (linep->max_len + 1, sizeof (linep->buf[0])); + linep->pos = grub_calloc (screen->nterms, sizeof (linep->pos[0])); if (! linep->buf || !linep->pos) { grub_free (linep->buf); @@ -113,10 +114,18 @@ ensure_space (struct line *linep, int extra) { if (linep->max_len < linep->len + extra) { - linep->max_len = 2 * (linep->len + extra); - linep->buf = grub_realloc (linep->buf, (linep->max_len + 1) * sizeof (linep->buf[0])); + grub_size_t sz0, sz1; + + if (grub_add (linep->len, extra, &sz0) || + grub_mul (sz0, 2, &sz0) || + grub_add (sz0, 1, &sz1) || + grub_mul (sz1, sizeof (linep->buf[0]), &sz1)) + return 0; + + linep->buf = grub_realloc (linep->buf, sz1); if (! linep->buf) return 0; + linep->max_len = sz0; } return 1; @@ -287,7 +296,7 @@ update_screen (struct screen *screen, struct per_term_screen *term_screen, pos = linep->pos + (term_screen - screen->terms); if (!*pos) - *pos = grub_zalloc ((linep->len + 1) * sizeof (**pos)); + *pos = grub_calloc (linep->len + 1, sizeof (**pos)); if (i == region_start || linep == screen->lines + screen->line || (i > region_start && mode == ALL_LINES)) @@ -471,7 +480,7 @@ insert_string (struct screen *screen, const char *s, int update) /* Insert the string. */ current_linep = screen->lines + screen->line; - unicode_msg = grub_malloc ((p - s) * sizeof (grub_uint32_t)); + unicode_msg = grub_calloc (p - s, sizeof (grub_uint32_t)); if (!unicode_msg) return 0; @@ -1023,7 +1032,7 @@ complete (struct screen *screen, int continuous, int update) if (completion_buffer.buf) { buflen = grub_strlen (completion_buffer.buf); - ucs4 = grub_malloc (sizeof (grub_uint32_t) * (buflen + 1)); + ucs4 = grub_calloc (buflen + 1, sizeof (grub_uint32_t)); if (!ucs4) { @@ -1268,7 +1277,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) for (i = 0; i < (unsigned) screen->num_lines; i++) { grub_free (screen->lines[i].pos); - screen->lines[i].pos = grub_zalloc (screen->nterms * sizeof (screen->lines[i].pos[0])); + screen->lines[i].pos = grub_calloc (screen->nterms, sizeof (screen->lines[i].pos[0])); if (! screen->lines[i].pos) { grub_print_error (); @@ -1278,7 +1287,7 @@ grub_menu_entry_run (grub_menu_entry_t entry) } } - screen->terms = grub_zalloc (screen->nterms * sizeof (screen->terms[0])); + screen->terms = grub_calloc (screen->nterms, sizeof (screen->terms[0])); if (!screen->terms) { grub_print_error (); diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c index e22bb91f6..18240e76c 100644 --- a/grub-core/normal/menu_text.c +++ b/grub-core/normal/menu_text.c @@ -78,7 +78,7 @@ grub_print_message_indented_real (const char *msg, int margin_left, grub_size_t msg_len = grub_strlen (msg) + 2; int ret = 0; - unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); + unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); if (!unicode_msg) return 0; @@ -211,7 +211,7 @@ print_entry (int y, int highlight, grub_menu_entry_t entry, title = entry ? entry->title : ""; title_len = grub_strlen (title); - unicode_title = grub_malloc (title_len * sizeof (*unicode_title)); + unicode_title = grub_calloc (title_len, sizeof (*unicode_title)); if (! unicode_title) /* XXX How to show this error? */ return; diff --git a/grub-core/normal/term.c b/grub-core/normal/term.c index a1e5c5a0d..cc8c173b6 100644 --- a/grub-core/normal/term.c +++ b/grub-core/normal/term.c @@ -264,7 +264,7 @@ grub_term_save_pos (void) FOR_ACTIVE_TERM_OUTPUTS(cur) cnt++; - ret = grub_malloc (cnt * sizeof (ret[0])); + ret = grub_calloc (cnt, sizeof (ret[0])); if (!ret) return NULL; @@ -1013,7 +1013,7 @@ grub_xnputs (const char *str, grub_size_t msg_len) grub_error_push (); - unicode_str = grub_malloc (msg_len * sizeof (grub_uint32_t)); + unicode_str = grub_calloc (msg_len, sizeof (grub_uint32_t)); grub_error_pop (); diff --git a/grub-core/osdep/basic/no_platform.c b/grub-core/osdep/basic/no_platform.c index d76c34c14..152a32873 100644 --- a/grub-core/osdep/basic/no_platform.c +++ b/grub-core/osdep/basic/no_platform.c @@ -31,7 +31,7 @@ grub_install_register_ieee1275 (int is_prep, const char *install_device, } void -grub_install_register_efi (grub_device_t efidir_grub_dev, +grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efidir, const char *efifile_path, const char *efi_distributor) { diff --git a/grub-core/osdep/linux/getroot.c b/grub-core/osdep/linux/getroot.c index 7adc0f30e..a5bd0752f 100644 --- a/grub-core/osdep/linux/getroot.c +++ b/grub-core/osdep/linux/getroot.c @@ -168,7 +168,7 @@ grub_util_raid_getmembers (const char *name, int bootable) if (ret != 0) grub_util_error (_("ioctl GET_ARRAY_INFO error: %s"), strerror (errno)); - devicelist = xmalloc ((info.nr_disks + 1) * sizeof (char *)); + devicelist = xcalloc (info.nr_disks + 1, sizeof (char *)); for (i = 0, j = 0; j < info.nr_disks; i++) { @@ -241,7 +241,7 @@ grub_find_root_devices_from_btrfs (const char *dir) return NULL; } - ret = xmalloc ((fsi.num_devices + 1) * sizeof (ret[0])); + ret = xcalloc (fsi.num_devices + 1, sizeof (ret[0])); for (i = 1; i <= fsi.max_id && j < fsi.num_devices; i++) { @@ -396,7 +396,7 @@ grub_find_root_devices_from_mountinfo (const char *dir, char **relroot) if (relroot) *relroot = NULL; - entries = xmalloc (entry_max * sizeof (*entries)); + entries = xcalloc (entry_max, sizeof (*entries)); again: fp = grub_util_fopen ("/proc/self/mountinfo", "r"); diff --git a/grub-core/osdep/unix/config.c b/grub-core/osdep/unix/config.c index 5478030fd..89dc70d93 100644 --- a/grub-core/osdep/unix/config.c +++ b/grub-core/osdep/unix/config.c @@ -130,7 +130,7 @@ grub_util_load_config (struct grub_util_config *cfg) if (num_cfgpaths == 0) goto out; - sorted_cfgpaths = xmalloc (num_cfgpaths * sizeof (*sorted_cfgpaths)); + sorted_cfgpaths = xcalloc (num_cfgpaths, sizeof (*sorted_cfgpaths)); i = 0; if (grub_util_is_regular (cfgfile)) sorted_cfgpaths[i++] = xstrdup (cfgfile); diff --git a/grub-core/osdep/unix/efivar.c b/grub-core/osdep/unix/efivar.c index 4a58328b4..d34df0f70 100644 --- a/grub-core/osdep/unix/efivar.c +++ b/grub-core/osdep/unix/efivar.c @@ -37,9 +37,11 @@ #include #include #include +#include #include #include #include +#include #include #include @@ -264,9 +266,10 @@ remove_from_boot_order (struct efi_variable *order, uint16_t num) } static void -add_to_boot_order (struct efi_variable *order, uint16_t num) +add_to_boot_order (struct efi_variable *order, uint16_t num, + uint16_t *alt_nums, size_t n_alt_nums, bool is_boot_efi) { - int i; + int i, j, position = -1; size_t new_data_size; uint8_t *new_data; @@ -276,10 +279,36 @@ add_to_boot_order (struct efi_variable *order, uint16_t num) if (GET_ORDER (order->data, i) == num) return; + if (!is_boot_efi) + { + for (i = 0; i < order->data_size / sizeof (uint16_t); ++i) + for (j = 0; j < n_alt_nums; j++) + if (GET_ORDER (order->data, i) == alt_nums[j]) + position = i; + } + new_data_size = order->data_size + sizeof (uint16_t); new_data = xmalloc (new_data_size); - SET_ORDER (new_data, 0, num); - memcpy (new_data + sizeof (uint16_t), order->data, order->data_size); + + if (position != -1) + { + /* So we should be inserting after something else, as we're not the + preferred ESP. Could write this as memcpy(), but this is far more + readable. */ + for (i = 0; i <= position; ++i) + SET_ORDER (new_data, i, GET_ORDER (order->data, i)); + + SET_ORDER (new_data, position + 1, num); + + for (i = position + 1; i < order->data_size / sizeof (uint16_t); ++i) + SET_ORDER (new_data, i + 1, GET_ORDER (order->data, i)); + } + else + { + SET_ORDER (new_data, 0, num); + memcpy (new_data + sizeof (uint16_t), order->data, order->data_size); + } + free (order->data); order->data = new_data; order->data_size = new_data_size; @@ -336,14 +365,12 @@ get_edd_version (void) return 1; } -static struct efi_variable * -make_boot_variable (int num, const char *disk, int part, const char *loader, - const char *label) +static ssize_t +make_efidp (const char *disk, int part, const char *loader, efidp *out) { - struct efi_variable *entry = new_boot_variable (); uint32_t options; uint32_t edd10_devicenum; - ssize_t dp_needed, loadopt_needed; + ssize_t dp_needed; efidp dp = NULL; options = EFIBOOT_ABBREV_HD; @@ -374,6 +401,27 @@ make_boot_variable (int num, const char *disk, int part, const char *loader, if (dp_needed < 0) goto err; + *out = dp; + return dp_needed; + +err: + free (dp); + *out = NULL; + return -1; +} + +static struct efi_variable * +make_boot_variable (int num, const char *disk, int part, const char *loader, + const char *label) +{ + struct efi_variable *entry = new_boot_variable (); + ssize_t dp_needed, loadopt_needed; + efidp dp = NULL; + + dp_needed = make_efidp (disk, part, loader, &dp); + if (dp_needed < 0) + goto err; + loadopt_needed = efi_loadopt_create (NULL, 0, LOAD_OPTION_ACTIVE, dp, dp_needed, (unsigned char *) label, NULL, 0); @@ -398,20 +446,98 @@ make_boot_variable (int num, const char *disk, int part, const char *loader, return NULL; } +// I hurt my grub today, to see what I can do. +static efidp * +get_alternative_esps (void) +{ + size_t result_size = 0; + efidp *result = NULL; + char *alternatives = getenv ("_UBUNTU_ALTERNATIVE_ESPS"); + char *esp; + + if (!alternatives) + goto out; + + for (esp = strtok (alternatives, ", "); esp; esp = strtok (NULL, ", ")) + { + while (isspace (*esp)) + esp++; + if (!*esp) + continue; + + char *devname = grub_util_get_grub_dev (esp); + if (!devname) + continue; + grub_device_t dev = grub_device_open (devname); + free (devname); + if (!dev) + continue; + + const char *disk = grub_util_biosdisk_get_osdev (dev->disk); + int part = dev->disk->partition ? dev->disk->partition->number + 1 : 1; + + result = xrealloc (result, (++result_size) * sizeof (*result)); + if (make_efidp (disk, part, "", &result[result_size - 1]) < 0) + continue; + grub_device_close (dev); + } + +out: + result = xrealloc (result, (++result_size) * sizeof (*result)); + result[result_size - 1] = NULL; + return result; +} + +/* Check if both efidp are on the same device. */ +static bool +devices_equal (const_efidp a, const_efidp b) +{ + while (a && b) + { + // We reached a file, so we must be on the same device, woohoo + if (efidp_subtype (a) == EFIDP_MEDIA_FILE + && efidp_subtype (b) == EFIDP_MEDIA_FILE) + return true; + if (efidp_node_size (a) != efidp_node_size (b)) + break; + if (memcmp (a, b, efidp_node_size (a)) != 0) + break; + if (efidp_next_node (a, &a) < 0) + break; + if (efidp_next_node (b, &b) < 0) + break; + } + + return false; +} + int grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, - const char *efifile_path, + const char *efidir, const char *efifile_path, const char *efi_distributor) { const char *efidir_disk; int efidir_part; struct efi_variable *entries = NULL, *entry; struct efi_variable *order; + efidp *alternatives; + efidp this; int entry_num = -1; + uint16_t *alt_nums = NULL; + size_t n_alt_nums = 0; int rc; + bool is_boot_efi; + is_boot_efi = strstr (efidir, "/boot/efi") != NULL; efidir_disk = grub_util_biosdisk_get_osdev (efidir_grub_dev->disk); efidir_part = efidir_grub_dev->disk->partition ? efidir_grub_dev->disk->partition->number + 1 : 1; + alternatives = get_alternative_esps (); + + if (make_efidp (efidir_disk, efidir_part, "", &this) < 0) + { + grub_util_warn ("Internal error"); + return 1; + } #ifdef __linux__ /* @@ -453,6 +579,8 @@ grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, { efi_load_option *load_option = (efi_load_option *) entry->data; const char *label; + efidp path; + efidp *alt; if (entry->num < 0) continue; @@ -460,6 +588,33 @@ grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, if (strcasecmp (label, efi_distributor) != 0) continue; + path = efi_loadopt_path (load_option, entry->data_size); + if (!path) + continue; + + /* Do not remove this entry if it's an alternative ESP, but do reuse + * or remove this entry if it is for the current ESP or any unspecified + * ESP */ + if (!devices_equal (path, this)) + { + for (alt = alternatives; *alt; alt++) + { + if (devices_equal (path, *alt)) + break; + } + + if (*alt) + { + grub_util_info ("not deleting alternative EFI variable %s (%s)", + entry->name, label); + + alt_nums + = xrealloc (alt_nums, (++n_alt_nums) * sizeof (*alt_nums)); + alt_nums[n_alt_nums - 1] = entry->num; + continue; + } + } + /* To avoid problems with some firmware implementations, reuse the first matching variable we find rather than deleting and recreating it. */ if (entry_num == -1) @@ -491,7 +646,8 @@ grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, if (rc < 0) goto err; - add_to_boot_order (order, (uint16_t) entry_num); + add_to_boot_order (order, (uint16_t)entry_num, alt_nums, n_alt_nums, + is_boot_efi); grub_util_info ("setting EFI variable BootOrder"); rc = set_efi_variable ("BootOrder", order); diff --git a/grub-core/osdep/unix/getroot.c b/grub-core/osdep/unix/getroot.c index da102918d..4537f8eb8 100644 --- a/grub-core/osdep/unix/getroot.c +++ b/grub-core/osdep/unix/getroot.c @@ -296,7 +296,7 @@ grub_util_find_root_devices_from_poolname (char *poolname) && !sscanf (name, "raidz1%u", &dummy) && !sscanf (name, "raidz2%u", &dummy) && !sscanf (name, "raidz3%u", &dummy) - && !strcmp (state, "ONLINE")) + && (!strcmp (state, "ONLINE") || !strcmp (state, "DEGRADED"))) { if (ndevices >= devices_allocated) { diff --git a/grub-core/osdep/unix/platform.c b/grub-core/osdep/unix/platform.c index b561174ea..a5267db68 100644 --- a/grub-core/osdep/unix/platform.c +++ b/grub-core/osdep/unix/platform.c @@ -76,13 +76,13 @@ get_ofpathname (const char *dev) } int -grub_install_register_efi (grub_device_t efidir_grub_dev, +grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efidir, const char *efifile_path, const char *efi_distributor) { #ifdef HAVE_EFIVAR - return grub_install_efivar_register_efi (efidir_grub_dev, efifile_path, - efi_distributor); + return grub_install_efivar_register_efi (efidir_grub_dev, efidir, + efifile_path, efi_distributor); #else grub_util_error ("%s", _("GRUB was not built with efivar support; " diff --git a/grub-core/osdep/windows/getroot.c b/grub-core/osdep/windows/getroot.c index 661d95461..eada663b2 100644 --- a/grub-core/osdep/windows/getroot.c +++ b/grub-core/osdep/windows/getroot.c @@ -59,7 +59,7 @@ grub_get_mount_point (const TCHAR *path) for (ptr = path; *ptr; ptr++); allocsize = (ptr - path + 10) * 2; - out = xmalloc (allocsize * sizeof (out[0])); + out = xcalloc (allocsize, sizeof (out[0])); /* When pointing to EFI system partition GetVolumePathName fails for ESP root and returns abberant information for everything diff --git a/grub-core/osdep/windows/hostdisk.c b/grub-core/osdep/windows/hostdisk.c index 355100789..0be327394 100644 --- a/grub-core/osdep/windows/hostdisk.c +++ b/grub-core/osdep/windows/hostdisk.c @@ -111,7 +111,7 @@ grub_util_get_windows_path_real (const char *path) while (1) { - fpa = xmalloc (alloc * sizeof (fpa[0])); + fpa = xcalloc (alloc, sizeof (fpa[0])); len = GetFullPathName (tpath, alloc, fpa, NULL); if (len >= alloc) @@ -399,7 +399,7 @@ grub_util_fd_opendir (const char *name) for (l = 0; name_windows[l]; l++); for (l--; l >= 0 && (name_windows[l] == '\\' || name_windows[l] == '/'); l--); l++; - pattern = xmalloc ((l + 3) * sizeof (pattern[0])); + pattern = xcalloc (l + 3, sizeof (pattern[0])); memcpy (pattern, name_windows, l * sizeof (pattern[0])); pattern[l] = '\\'; pattern[l + 1] = '*'; diff --git a/grub-core/osdep/windows/init.c b/grub-core/osdep/windows/init.c index e8ffd62c6..6297de632 100644 --- a/grub-core/osdep/windows/init.c +++ b/grub-core/osdep/windows/init.c @@ -161,7 +161,7 @@ grub_util_host_init (int *argc __attribute__ ((unused)), LPWSTR *targv; targv = CommandLineToArgvW (tcmdline, argc); - *argv = xmalloc ((*argc + 1) * sizeof (argv[0])); + *argv = xcalloc (*argc + 1, sizeof (argv[0])); for (i = 0; i < *argc; i++) (*argv)[i] = grub_util_tchar_to_utf8 (targv[i]); diff --git a/grub-core/osdep/windows/platform.c b/grub-core/osdep/windows/platform.c index e19a3d9a8..b160949d8 100644 --- a/grub-core/osdep/windows/platform.c +++ b/grub-core/osdep/windows/platform.c @@ -208,7 +208,7 @@ set_efi_variable_bootn (grub_uint16_t n, void *in, grub_size_t len) } int -grub_install_register_efi (grub_device_t efidir_grub_dev, +grub_install_register_efi (grub_device_t efidir_grub_dev, const char *efidir, const char *efifile_path, const char *efi_distributor) { @@ -231,8 +231,8 @@ grub_install_register_efi (grub_device_t efidir_grub_dev, grub_util_error ("%s", _("no EFI routines are available when running in BIOS mode")); distrib8_len = grub_strlen (efi_distributor); - distributor16 = xmalloc ((distrib8_len + 1) * GRUB_MAX_UTF16_PER_UTF8 - * sizeof (grub_uint16_t)); + distributor16 = xcalloc (distrib8_len + 1, + GRUB_MAX_UTF16_PER_UTF8 * sizeof (grub_uint16_t)); distrib16_len = grub_utf8_to_utf16 (distributor16, distrib8_len * GRUB_MAX_UTF16_PER_UTF8, (const grub_uint8_t *) efi_distributor, distrib8_len, 0); diff --git a/grub-core/osdep/windows/relpath.c b/grub-core/osdep/windows/relpath.c index cb0861744..478e8ef14 100644 --- a/grub-core/osdep/windows/relpath.c +++ b/grub-core/osdep/windows/relpath.c @@ -72,7 +72,7 @@ grub_make_system_path_relative_to_its_root (const char *path) if (dirwindows[0] && dirwindows[1] == ':') offset = 2; } - ret = xmalloc (sizeof (ret[0]) * (flen - offset + 2)); + ret = xcalloc (flen - offset + 2, sizeof (ret[0])); if (dirwindows[offset] != '\\' && dirwindows[offset] != '/' && dirwindows[offset]) diff --git a/grub-core/partmap/gpt.c b/grub-core/partmap/gpt.c index 103f6796f..72a2e37cd 100644 --- a/grub-core/partmap/gpt.c +++ b/grub-core/partmap/gpt.c @@ -199,7 +199,7 @@ gpt_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, *nsectors = ctx.len; if (*nsectors > max_nsectors) *nsectors = max_nsectors; - *sectors = grub_malloc (*nsectors * sizeof (**sectors)); + *sectors = grub_calloc (*nsectors, sizeof (**sectors)); if (!*sectors) return grub_errno; for (i = 0; i < *nsectors; i++) diff --git a/grub-core/partmap/msdos.c b/grub-core/partmap/msdos.c index 7b8e45076..ee3f24982 100644 --- a/grub-core/partmap/msdos.c +++ b/grub-core/partmap/msdos.c @@ -337,7 +337,7 @@ pc_partition_map_embed (struct grub_disk *disk, unsigned int *nsectors, avail_nsectors = *nsectors; if (*nsectors > max_nsectors) *nsectors = max_nsectors; - *sectors = grub_malloc (*nsectors * sizeof (**sectors)); + *sectors = grub_calloc (*nsectors, sizeof (**sectors)); if (!*sectors) return grub_errno; for (i = 0; i < *nsectors; i++) diff --git a/grub-core/script/argv.c b/grub-core/script/argv.c index 217ec5d1e..5751fdd57 100644 --- a/grub-core/script/argv.c +++ b/grub-core/script/argv.c @@ -20,6 +20,7 @@ #include #include #include +#include /* Return nearest power of two that is >= v. */ static unsigned @@ -81,11 +82,16 @@ int grub_script_argv_next (struct grub_script_argv *argv) { char **p = argv->args; + grub_size_t sz; if (argv->args && argv->argc && argv->args[argv->argc - 1] == 0) return 0; - p = grub_realloc (p, round_up_exp ((argv->argc + 2) * sizeof (char *))); + if (grub_add (argv->argc, 2, &sz) || + grub_mul (sz, sizeof (char *), &sz)) + return 1; + + p = grub_realloc (p, round_up_exp (sz)); if (! p) return 1; @@ -105,13 +111,19 @@ grub_script_argv_append (struct grub_script_argv *argv, const char *s, { grub_size_t a; char *p = argv->args[argv->argc - 1]; + grub_size_t sz; if (! s) return 0; a = p ? grub_strlen (p) : 0; - p = grub_realloc (p, round_up_exp ((a + slen + 1) * sizeof (char))); + if (grub_add (a, slen, &sz) || + grub_add (sz, 1, &sz) || + grub_mul (sz, sizeof (char), &sz)) + return 1; + + p = grub_realloc (p, round_up_exp (sz)); if (! p) return 1; diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c index ee299fd0e..7e028e135 100644 --- a/grub-core/script/execute.c +++ b/grub-core/script/execute.c @@ -553,7 +553,7 @@ gettext_append (struct grub_script_argv *result, const char *orig_str) for (iptr = orig_str; *iptr; iptr++) if (*iptr == '$') dollar_cnt++; - ctx.allowed_strings = grub_malloc (sizeof (ctx.allowed_strings[0]) * dollar_cnt); + ctx.allowed_strings = grub_calloc (dollar_cnt, sizeof (ctx.allowed_strings[0])); if (parse_string (orig_str, gettext_save_allow, &ctx, 0)) goto fail; @@ -838,7 +838,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args) old_scope = scope; scope = &new_scope; + func->executing++; ret = grub_script_execute (func->func); + func->executing--; function_return = 0; active_loops = loops; diff --git a/grub-core/script/function.c b/grub-core/script/function.c index d36655e51..3aad04bf9 100644 --- a/grub-core/script/function.c +++ b/grub-core/script/function.c @@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, func = (grub_script_function_t) grub_malloc (sizeof (*func)); if (! func) return 0; + func->executing = 0; func->name = grub_strdup (functionname_arg->str); if (! func->name) @@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, grub_script_function_t q; q = *p; - grub_script_free (q->func); - q->func = cmd; grub_free (func); - func = q; + if (q->executing > 0) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, + N_("attempt to redefine a function being executed")); + func = NULL; + } + else + { + grub_script_free (q->func); + q->func = cmd; + func = q; + } } else { diff --git a/grub-core/script/lexer.c b/grub-core/script/lexer.c index c6bd3172f..5fb0cbd0b 100644 --- a/grub-core/script/lexer.c +++ b/grub-core/script/lexer.c @@ -24,6 +24,7 @@ #include #include #include +#include #define yytext_ptr char * #include "grub_script.tab.h" @@ -110,10 +111,14 @@ grub_script_lexer_record (struct grub_parser_param *parser, char *str) old = lexer->recording; if (lexer->recordlen < len) lexer->recordlen = len; - lexer->recordlen *= 2; + + if (grub_mul (lexer->recordlen, 2, &lexer->recordlen)) + goto fail; + lexer->recording = grub_realloc (lexer->recording, lexer->recordlen); if (!lexer->recording) { + fail: grub_free (old); lexer->recordpos = 0; lexer->recordlen = 0; @@ -130,7 +135,7 @@ int grub_script_lexer_yywrap (struct grub_parser_param *parserstate, const char *input) { - grub_size_t len = 0; + grub_size_t len = 0, sz; char *p = 0; char *line = 0; YY_BUFFER_STATE buffer; @@ -168,12 +173,22 @@ grub_script_lexer_yywrap (struct grub_parser_param *parserstate, } else if (len && line[len - 1] != '\n') { - p = grub_realloc (line, len + 2); + if (grub_add (len, 2, &sz)) + { + grub_free (line); + grub_script_yyerror (parserstate, N_("overflow is detected")); + return 1; + } + + p = grub_realloc (line, sz); if (p) { p[len++] = '\n'; p[len] = '\0'; } + else + grub_free (line); + line = p; } diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y index 4f0ab8319..f80b86b6f 100644 --- a/grub-core/script/parser.y +++ b/grub-core/script/parser.y @@ -289,7 +289,8 @@ function: "function" "name" grub_script_mem_free (state->func_mem); else { script->children = state->scripts; - grub_script_function_create ($2, script); + if (!grub_script_function_create ($2, script)) + grub_script_free (script); } state->scripts = $3; diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l index 7b44c37b7..b7203c823 100644 --- a/grub-core/script/yylex.l +++ b/grub-core/script/yylex.l @@ -37,11 +37,11 @@ /* * As we don't have access to yyscanner, we cannot do much except to - * print the fatal error. + * print the fatal error and exit. */ #define YY_FATAL_ERROR(msg) \ do { \ - grub_printf (_("fatal error: %s\n"), _(msg)); \ + grub_fatal (_("fatal error: %s\n"), _(msg));\ } while (0) #define COPY(str, hint) \ diff --git a/grub-core/term/efi/console.c b/grub-core/term/efi/console.c index 4840cc59d..b61da7d0d 100644 --- a/grub-core/term/efi/console.c +++ b/grub-core/term/efi/console.c @@ -24,6 +24,11 @@ #include #include +static grub_err_t grub_prepare_for_text_output(struct grub_term_output *term); + +static int text_mode_available = -1; +static int text_colorstate = -1; + static grub_uint32_t map_char (grub_uint32_t c) { @@ -66,14 +71,14 @@ map_char (grub_uint32_t c) } static void -grub_console_putchar (struct grub_term_output *term __attribute__ ((unused)), +grub_console_putchar (struct grub_term_output *term, const struct grub_unicode_glyph *c) { grub_efi_char16_t str[2 + 30]; grub_efi_simple_text_output_interface_t *o; unsigned i, j; - if (grub_efi_is_finished) + if (grub_prepare_for_text_output (term)) return; o = grub_efi_system_table->con_out; @@ -223,14 +228,15 @@ grub_console_getkey (struct grub_term_input *term) } static struct grub_term_coordinate -grub_console_getwh (struct grub_term_output *term __attribute__ ((unused))) +grub_console_getwh (struct grub_term_output *term) { grub_efi_simple_text_output_interface_t *o; grub_efi_uintn_t columns, rows; o = grub_efi_system_table->con_out; - if (grub_efi_is_finished || efi_call_4 (o->query_mode, o, o->mode->mode, - &columns, &rows) != GRUB_EFI_SUCCESS) + if (grub_prepare_for_text_output (term) != GRUB_ERR_NONE || + efi_call_4 (o->query_mode, o, o->mode->mode, + &columns, &rows) != GRUB_EFI_SUCCESS) { /* Why does this fail? */ columns = 80; @@ -245,7 +251,7 @@ grub_console_getxy (struct grub_term_output *term __attribute__ ((unused))) { grub_efi_simple_text_output_interface_t *o; - if (grub_efi_is_finished) + if (grub_efi_is_finished || text_mode_available != 1) return (struct grub_term_coordinate) { 0, 0 }; o = grub_efi_system_table->con_out; @@ -253,12 +259,12 @@ grub_console_getxy (struct grub_term_output *term __attribute__ ((unused))) } static void -grub_console_gotoxy (struct grub_term_output *term __attribute__ ((unused)), +grub_console_gotoxy (struct grub_term_output *term, struct grub_term_coordinate pos) { grub_efi_simple_text_output_interface_t *o; - if (grub_efi_is_finished) + if (grub_prepare_for_text_output (term)) return; o = grub_efi_system_table->con_out; @@ -271,7 +277,7 @@ grub_console_cls (struct grub_term_output *term __attribute__ ((unused))) grub_efi_simple_text_output_interface_t *o; grub_efi_int32_t orig_attr; - if (grub_efi_is_finished) + if (grub_efi_is_finished || text_mode_available != 1) return; o = grub_efi_system_table->con_out; @@ -282,8 +288,7 @@ grub_console_cls (struct grub_term_output *term __attribute__ ((unused))) } static void -grub_console_setcolorstate (struct grub_term_output *term - __attribute__ ((unused)), +grub_console_setcolorstate (struct grub_term_output *term __attribute__ ((unused)), grub_term_color_state state) { grub_efi_simple_text_output_interface_t *o; @@ -291,6 +296,12 @@ grub_console_setcolorstate (struct grub_term_output *term if (grub_efi_is_finished) return; + if (text_mode_available != 1) { + /* Avoid "color_normal" environment writes causing a switch to textmode */ + text_colorstate = state; + return; + } + o = grub_efi_system_table->con_out; switch (state) { @@ -315,7 +326,7 @@ grub_console_setcursor (struct grub_term_output *term __attribute__ ((unused)), { grub_efi_simple_text_output_interface_t *o; - if (grub_efi_is_finished) + if (grub_efi_is_finished || text_mode_available != 1) return; o = grub_efi_system_table->con_out; @@ -323,18 +334,38 @@ grub_console_setcursor (struct grub_term_output *term __attribute__ ((unused)), } static grub_err_t -grub_efi_console_output_init (struct grub_term_output *term) +grub_prepare_for_text_output(struct grub_term_output *term) { - grub_efi_set_text_mode (1); + if (grub_efi_is_finished) + return GRUB_ERR_BAD_DEVICE; + + if (text_mode_available != -1) + return text_mode_available ? 0 : GRUB_ERR_BAD_DEVICE; + + if (! grub_efi_set_text_mode (1)) + { + /* This really should never happen */ + grub_error (GRUB_ERR_BAD_DEVICE, "cannot set text mode"); + text_mode_available = 0; + return GRUB_ERR_BAD_DEVICE; + } + grub_console_setcursor (term, 1); + if (text_colorstate != -1) + grub_console_setcolorstate (term, text_colorstate); + text_mode_available = 1; return 0; } static grub_err_t grub_efi_console_output_fini (struct grub_term_output *term) { + if (text_mode_available != 1) + return 0; + grub_console_setcursor (term, 0); grub_efi_set_text_mode (0); + text_mode_available = -1; return 0; } @@ -348,7 +379,6 @@ static struct grub_term_input grub_console_term_input = static struct grub_term_output grub_console_term_output = { .name = "console", - .init = grub_efi_console_output_init, .fini = grub_efi_console_output_fini, .putchar = grub_console_putchar, .getwh = grub_console_getwh, @@ -364,14 +394,6 @@ static struct grub_term_output grub_console_term_output = void grub_console_init (void) { - /* FIXME: it is necessary to consider the case where no console control - is present but the default is already in text mode. */ - if (! grub_efi_set_text_mode (1)) - { - grub_error (GRUB_ERR_BAD_DEVICE, "cannot set text mode"); - return; - } - grub_term_register_output ("console", &grub_console_term_output); grub_term_register_input ("console", &grub_console_term_input); } diff --git a/grub-core/tests/fake_input.c b/grub-core/tests/fake_input.c index 2d6085298..b5eb516be 100644 --- a/grub-core/tests/fake_input.c +++ b/grub-core/tests/fake_input.c @@ -49,7 +49,7 @@ grub_terminal_input_fake_sequence (int *seq_in, int nseq_in) saved = grub_term_inputs; if (seq) grub_free (seq); - seq = grub_malloc (nseq_in * sizeof (seq[0])); + seq = grub_calloc (nseq_in, sizeof (seq[0])); if (!seq) return; diff --git a/grub-core/tests/video_checksum.c b/grub-core/tests/video_checksum.c index 74d5b65e5..44d081069 100644 --- a/grub-core/tests/video_checksum.c +++ b/grub-core/tests/video_checksum.c @@ -336,7 +336,7 @@ grub_video_capture_write_bmp (const char *fname, { case 4: { - grub_uint8_t *buffer = xmalloc (mode_info->width * 3); + grub_uint8_t *buffer = xcalloc (3, mode_info->width); grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); @@ -367,7 +367,7 @@ grub_video_capture_write_bmp (const char *fname, } case 3: { - grub_uint8_t *buffer = xmalloc (mode_info->width * 3); + grub_uint8_t *buffer = xcalloc (3, mode_info->width); grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); @@ -407,7 +407,7 @@ grub_video_capture_write_bmp (const char *fname, } case 2: { - grub_uint8_t *buffer = xmalloc (mode_info->width * 3); + grub_uint8_t *buffer = xcalloc (3, mode_info->width); grub_uint16_t rmask = ((1 << mode_info->red_mask_size) - 1); grub_uint16_t gmask = ((1 << mode_info->green_mask_size) - 1); grub_uint16_t bmask = ((1 << mode_info->blue_mask_size) - 1); diff --git a/grub-core/video/bitmap.c b/grub-core/video/bitmap.c index b2e031566..6256e209a 100644 --- a/grub-core/video/bitmap.c +++ b/grub-core/video/bitmap.c @@ -23,6 +23,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -58,7 +59,7 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap, enum grub_video_blit_format blit_format) { struct grub_video_mode_info *mode_info; - unsigned int size; + grub_size_t size; if (!bitmap) return grub_error (GRUB_ERR_BUG, "invalid argument"); @@ -137,19 +138,25 @@ grub_video_bitmap_create (struct grub_video_bitmap **bitmap, mode_info->pitch = width * mode_info->bytes_per_pixel; - /* Calculate size needed for the data. */ - size = (width * mode_info->bytes_per_pixel) * height; + /* Calculate size needed for the data. */ + if (grub_mul (width, mode_info->bytes_per_pixel, &size) || + grub_mul (size, height, &size)) + { + grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + goto fail; + } (*bitmap)->data = grub_zalloc (size); if (! (*bitmap)->data) - { - grub_free (*bitmap); - *bitmap = 0; - - return grub_errno; - } + goto fail; return GRUB_ERR_NONE; + + fail: + grub_free (*bitmap); + *bitmap = NULL; + + return grub_errno; } /* Frees all resources allocated by bitmap. */ diff --git a/grub-core/video/capture.c b/grub-core/video/capture.c index 4f83c7441..4d3195e01 100644 --- a/grub-core/video/capture.c +++ b/grub-core/video/capture.c @@ -89,7 +89,7 @@ grub_video_capture_start (const struct grub_video_mode_info *mode_info, framebuffer.mode_info = *mode_info; framebuffer.mode_info.blit_format = grub_video_get_blit_format (&framebuffer.mode_info); - framebuffer.ptr = grub_malloc (framebuffer.mode_info.height * framebuffer.mode_info.pitch); + framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); if (!framebuffer.ptr) return grub_errno; diff --git a/grub-core/video/emu/sdl.c b/grub-core/video/emu/sdl.c index a2f639f66..0ebab6f57 100644 --- a/grub-core/video/emu/sdl.c +++ b/grub-core/video/emu/sdl.c @@ -172,7 +172,7 @@ grub_video_sdl_set_palette (unsigned int start, unsigned int count, if (start + count > mode_info.number_of_colors) count = mode_info.number_of_colors - start; - tmp = grub_malloc (count * sizeof (tmp[0])); + tmp = grub_calloc (count, sizeof (tmp[0])); for (i = 0; i < count; i++) { tmp[i].r = palette_data[i].r; diff --git a/grub-core/video/i386/pc/vga.c b/grub-core/video/i386/pc/vga.c index 01f47112d..b2f776c99 100644 --- a/grub-core/video/i386/pc/vga.c +++ b/grub-core/video/i386/pc/vga.c @@ -127,7 +127,7 @@ grub_video_vga_setup (unsigned int width, unsigned int height, vga_height = height ? : 480; - framebuffer.temporary_buffer = grub_malloc (vga_height * VGA_WIDTH); + framebuffer.temporary_buffer = grub_calloc (vga_height, VGA_WIDTH); framebuffer.front_page = 0; framebuffer.back_page = 0; if (!framebuffer.temporary_buffer) diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c index 777e71334..0157ff742 100644 --- a/grub-core/video/readers/png.c +++ b/grub-core/video/readers/png.c @@ -23,6 +23,7 @@ #include #include #include +#include GRUB_MOD_LICENSE ("GPLv3+"); @@ -301,15 +302,23 @@ grub_png_decode_image_header (struct grub_png_data *data) data->bpp <<= 1; data->color_bits = color_bits; - data->row_bytes = data->image_width * data->bpp; + + if (grub_mul (data->image_width, data->bpp, &data->row_bytes)) + return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + if (data->color_bits <= 4) - data->row_bytes = (data->image_width * data->color_bits + 7) / 8; + { + if (grub_mul (data->image_width, data->color_bits + 7, &data->row_bytes)) + return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + + data->row_bytes >>= 3; + } #ifndef GRUB_CPU_WORDS_BIGENDIAN if (data->is_16bit || data->is_gray || data->is_palette) #endif { - data->image_data = grub_malloc (data->image_height * data->row_bytes); + data->image_data = grub_calloc (data->image_height, data->row_bytes); if (grub_errno) return grub_errno; diff --git a/grub-initrd-fallback.service b/grub-initrd-fallback.service new file mode 100644 index 000000000..8447a3673 --- /dev/null +++ b/grub-initrd-fallback.service @@ -0,0 +1,12 @@ +[Unit] +Description=GRUB failed boot detection +After=local-fs.target +After=grub-common.service +After=sleep.target +ConditionPathExists=/boot/grub/grub.cfg + +[Service] +Type=oneshot +ExecStart=/usr/bin/grub-editenv /boot/grub/grubenv unset initrdfail +ExecStart=/usr/bin/grub-editenv /boot/grub/grubenv unset prev_entry +TimeoutSec=0 diff --git a/include/grub/arm64/linux.h b/include/grub/arm64/linux.h index 4269adc6d..cc8174ccd 100644 --- a/include/grub/arm64/linux.h +++ b/include/grub/arm64/linux.h @@ -20,6 +20,8 @@ #define GRUB_ARM64_LINUX_HEADER 1 #define GRUB_LINUX_ARM64_MAGIC_SIGNATURE 0x644d5241 /* 'ARM\x64' */ +#define GRUB_ARM64_LINUX_MAGIC 0x644d5241 /* 'ARM\x64' */ +#define GRUB_EFI_PE_MAGIC 0x5A4D /* From linux/Documentation/arm64/booting.txt */ struct linux_arm64_kernel_header diff --git a/include/grub/compiler.h b/include/grub/compiler.h index c9e1d7a73..8f3be3ae7 100644 --- a/include/grub/compiler.h +++ b/include/grub/compiler.h @@ -48,4 +48,12 @@ # define WARN_UNUSED_RESULT #endif +#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__) +# define CLANG_PREREQ(maj,min) \ + ((__clang_major__ > (maj)) || \ + (__clang_major__ == (maj) && __clang_minor__ >= (min))) +#else +# define CLANG_PREREQ(maj,min) 0 +#endif + #endif /* ! GRUB_COMPILER_HEADER */ diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h index 75befd10e..08bff60b5 100644 --- a/include/grub/efi/api.h +++ b/include/grub/efi/api.h @@ -314,6 +314,11 @@ { 0x9a, 0x16, 0x0, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \ } +#define GRUB_EFI_SMBIOS3_TABLE_GUID \ + { 0xf2fd1544, 0x9794, 0x4a2c, \ + { 0x99, 0x2e, 0xe5, 0xbb, 0xcf, 0x20, 0xe3, 0x94 } \ + } + #define GRUB_EFI_SAL_TABLE_GUID \ { 0xeb9d2d32, 0x2d88, 0x11d3, \ { 0x9a, 0x16, 0x0, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \ @@ -635,6 +640,7 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t; #define GRUB_EFI_DEVICE_PATH_TYPE(dp) ((dp)->type & 0x7f) #define GRUB_EFI_DEVICE_PATH_SUBTYPE(dp) ((dp)->subtype) #define GRUB_EFI_DEVICE_PATH_LENGTH(dp) ((dp)->length) +#define GRUB_EFI_DEVICE_PATH_VALID(dp) ((dp) != NULL && GRUB_EFI_DEVICE_PATH_LENGTH (dp) >= 4) /* The End of Device Path nodes. */ #define GRUB_EFI_END_DEVICE_PATH_TYPE (0xff & 0x7f) @@ -643,13 +649,16 @@ typedef struct grub_efi_device_path grub_efi_device_path_protocol_t; #define GRUB_EFI_END_THIS_DEVICE_PATH_SUBTYPE 0x01 #define GRUB_EFI_END_ENTIRE_DEVICE_PATH(dp) \ - (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \ - && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \ - == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE)) + (!GRUB_EFI_DEVICE_PATH_VALID (dp) || \ + (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \ + && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \ + == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE))) #define GRUB_EFI_NEXT_DEVICE_PATH(dp) \ - ((grub_efi_device_path_t *) ((char *) (dp) \ - + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) + (GRUB_EFI_DEVICE_PATH_VALID (dp) \ + ? ((grub_efi_device_path_t *) \ + ((char *) (dp) + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) \ + : NULL) /* Hardware Device Path. */ #define GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE 1 diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h index 085ee0524..5b6387581 100644 --- a/include/grub/efi/efi.h +++ b/include/grub/efi/efi.h @@ -85,7 +85,6 @@ EXPORT_FUNC (grub_efi_set_variable) (const char *var, const grub_efi_guid_t *guid, void *data, grub_size_t datasize); -grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void); int EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1, const grub_efi_device_path_t *dp2); diff --git a/include/grub/efi/linux.h b/include/grub/efi/linux.h new file mode 100644 index 000000000..0033d9305 --- /dev/null +++ b/include/grub/efi/linux.h @@ -0,0 +1,31 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2014 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ +#ifndef GRUB_EFI_LINUX_HEADER +#define GRUB_EFI_LINUX_HEADER 1 + +#include +#include +#include + +int +EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size); +grub_err_t +EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, + void *kernel_param); + +#endif /* ! GRUB_EFI_LINUX_HEADER */ diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h index 0ed8781f0..a43adf274 100644 --- a/include/grub/efi/pe32.h +++ b/include/grub/efi/pe32.h @@ -223,7 +223,11 @@ struct grub_pe64_optional_header struct grub_pe32_section_table { char name[8]; - grub_uint32_t virtual_size; + union + { + grub_uint32_t physical_address; + grub_uint32_t virtual_size; + }; grub_uint32_t virtual_address; grub_uint32_t raw_data_size; grub_uint32_t raw_data_offset; @@ -234,12 +238,18 @@ struct grub_pe32_section_table grub_uint32_t characteristics; }; +#define GRUB_PE32_SCN_TYPE_NO_PAD 0x00000008 #define GRUB_PE32_SCN_CNT_CODE 0x00000020 #define GRUB_PE32_SCN_CNT_INITIALIZED_DATA 0x00000040 -#define GRUB_PE32_SCN_MEM_DISCARDABLE 0x02000000 -#define GRUB_PE32_SCN_MEM_EXECUTE 0x20000000 -#define GRUB_PE32_SCN_MEM_READ 0x40000000 -#define GRUB_PE32_SCN_MEM_WRITE 0x80000000 +#define GRUB_PE32_SCN_CNT_UNINITIALIZED_DATA 0x00000080 +#define GRUB_PE32_SCN_LNK_OTHER 0x00000100 +#define GRUB_PE32_SCN_LNK_INFO 0x00000200 +#define GRUB_PE32_SCN_LNK_REMOVE 0x00000800 +#define GRUB_PE32_SCN_LNK_COMDAT 0x00001000 +#define GRUB_PE32_SCN_GPREL 0x00008000 +#define GRUB_PE32_SCN_MEM_16BIT 0x00020000 +#define GRUB_PE32_SCN_MEM_LOCKED 0x00040000 +#define GRUB_PE32_SCN_MEM_PRELOAD 0x00080000 #define GRUB_PE32_SCN_ALIGN_1BYTES 0x00100000 #define GRUB_PE32_SCN_ALIGN_2BYTES 0x00200000 @@ -248,10 +258,28 @@ struct grub_pe32_section_table #define GRUB_PE32_SCN_ALIGN_16BYTES 0x00500000 #define GRUB_PE32_SCN_ALIGN_32BYTES 0x00600000 #define GRUB_PE32_SCN_ALIGN_64BYTES 0x00700000 +#define GRUB_PE32_SCN_ALIGN_128BYTES 0x00800000 +#define GRUB_PE32_SCN_ALIGN_256BYTES 0x00900000 +#define GRUB_PE32_SCN_ALIGN_512BYTES 0x00A00000 +#define GRUB_PE32_SCN_ALIGN_1024BYTES 0x00B00000 +#define GRUB_PE32_SCN_ALIGN_2048BYTES 0x00C00000 +#define GRUB_PE32_SCN_ALIGN_4096BYTES 0x00D00000 +#define GRUB_PE32_SCN_ALIGN_8192BYTES 0x00E00000 #define GRUB_PE32_SCN_ALIGN_SHIFT 20 #define GRUB_PE32_SCN_ALIGN_MASK 7 +#define GRUB_PE32_SCN_LNK_NRELOC_OVFL 0x01000000 +#define GRUB_PE32_SCN_MEM_DISCARDABLE 0x02000000 +#define GRUB_PE32_SCN_MEM_NOT_CACHED 0x04000000 +#define GRUB_PE32_SCN_MEM_NOT_PAGED 0x08000000 +#define GRUB_PE32_SCN_MEM_SHARED 0x10000000 +#define GRUB_PE32_SCN_MEM_EXECUTE 0x20000000 +#define GRUB_PE32_SCN_MEM_READ 0x40000000 +#define GRUB_PE32_SCN_MEM_WRITE 0x80000000 + + + #define GRUB_PE32_SIGNATURE_SIZE 4 struct grub_pe32_header @@ -274,6 +302,20 @@ struct grub_pe32_header #endif }; +struct grub_pe32_header_32 +{ + char signature[GRUB_PE32_SIGNATURE_SIZE]; + struct grub_pe32_coff_header coff_header; + struct grub_pe32_optional_header optional_header; +}; + +struct grub_pe32_header_64 +{ + char signature[GRUB_PE32_SIGNATURE_SIZE]; + struct grub_pe32_coff_header coff_header; + struct grub_pe64_optional_header optional_header; +}; + struct grub_pe32_fixup_block { grub_uint32_t page_rva; diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h new file mode 100644 index 000000000..9629fbb0f --- /dev/null +++ b/include/grub/efi/sb.h @@ -0,0 +1,29 @@ +/* sb.h - declare functions for EFI Secure Boot support */ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2006,2007,2008,2009 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#ifndef GRUB_EFI_SB_HEADER +#define GRUB_EFI_SB_HEADER 1 + +#include +#include + +/* Functions. */ +int EXPORT_FUNC (grub_efi_secure_boot) (void); + +#endif /* ! GRUB_EFI_SB_HEADER */ diff --git a/include/grub/emu/misc.h b/include/grub/emu/misc.h index ce464cfd0..ff9c48a64 100644 --- a/include/grub/emu/misc.h +++ b/include/grub/emu/misc.h @@ -47,6 +47,7 @@ grub_util_device_is_mapped (const char *dev); #define GRUB_HOST_PRIuLONG_LONG "llu" #define GRUB_HOST_PRIxLONG_LONG "llx" +void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT; void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT; void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT; char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT; diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h index ce30e7fb0..a093679cb 100644 --- a/include/grub/i386/linux.h +++ b/include/grub/i386/linux.h @@ -136,7 +136,12 @@ struct linux_i386_kernel_header grub_uint32_t kernel_alignment; grub_uint8_t relocatable; grub_uint8_t min_alignment; - grub_uint8_t pad[2]; +#define LINUX_XLF_KERNEL_64 (1<<0) +#define LINUX_XLF_CAN_BE_LOADED_ABOVE_4G (1<<1) +#define LINUX_XLF_EFI_HANDOVER_32 (1<<2) +#define LINUX_XLF_EFI_HANDOVER_64 (1<<3) +#define LINUX_XLF_EFI_KEXEC (1<<4) + grub_uint16_t xloadflags; grub_uint32_t cmdline_size; grub_uint32_t hardware_subarch; grub_uint64_t hardware_subarch_data; diff --git a/include/grub/ia64/linux.h b/include/grub/ia64/linux.h new file mode 100644 index 000000000..e69de29bb diff --git a/include/grub/loader.h b/include/grub/loader.h index 7f82a499f..b20864282 100644 --- a/include/grub/loader.h +++ b/include/grub/loader.h @@ -33,6 +33,7 @@ enum { GRUB_LOADER_FLAG_NORETURN = 1, GRUB_LOADER_FLAG_PXE_NOT_UNLOAD = 2, + GRUB_LOADER_FLAG_EFI_KEEP_ALLOCATED_MEMORY = 4, }; void EXPORT_FUNC (grub_loader_set) (grub_err_t (*boot) (void), diff --git a/include/grub/loopback.h b/include/grub/loopback.h new file mode 100644 index 000000000..3b9a9e32e --- /dev/null +++ b/include/grub/loopback.h @@ -0,0 +1,30 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2019 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#ifndef GRUB_LOOPBACK_HEADER +#define GRUB_LOOPBACK_HEADER 1 + +struct grub_loopback +{ + char *devname; + grub_file_t file; + struct grub_loopback *next; + unsigned long id; +}; + +#endif /* ! GRUB_LOOPBACK_HEADER */ diff --git a/include/grub/mips/linux.h b/include/grub/mips/linux.h new file mode 100644 index 000000000..e69de29bb diff --git a/include/grub/misc.h b/include/grub/misc.h index ee48eb7a7..f9135b62e 100644 --- a/include/grub/misc.h +++ b/include/grub/misc.h @@ -334,7 +334,7 @@ int EXPORT_FUNC(grub_vsnprintf) (char *str, grub_size_t n, const char *fmt, char *EXPORT_FUNC(grub_xasprintf) (const char *fmt, ...) __attribute__ ((format (GNU_PRINTF, 1, 2))) WARN_UNUSED_RESULT; char *EXPORT_FUNC(grub_xvasprintf) (const char *fmt, va_list args) WARN_UNUSED_RESULT; -void EXPORT_FUNC(grub_exit) (void) __attribute__ ((noreturn)); +void EXPORT_FUNC(grub_exit) (int rc) __attribute__ ((noreturn)); grub_uint64_t EXPORT_FUNC(grub_divmod64) (grub_uint64_t n, grub_uint64_t d, grub_uint64_t *r); diff --git a/include/grub/mm.h b/include/grub/mm.h index 28e2e53eb..9c38dd3ca 100644 --- a/include/grub/mm.h +++ b/include/grub/mm.h @@ -29,6 +29,7 @@ #endif void grub_mm_init_region (void *addr, grub_size_t size); +void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size); void *EXPORT_FUNC(grub_malloc) (grub_size_t size); void *EXPORT_FUNC(grub_zalloc) (grub_size_t size); void EXPORT_FUNC(grub_free) (void *ptr); @@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug); void grub_mm_dump_free (void); void grub_mm_dump (unsigned lineno); +#define grub_calloc(nmemb, size) \ + grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size) + #define grub_malloc(size) \ grub_debug_malloc (GRUB_FILE, __LINE__, size) @@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno); #define grub_free(ptr) \ grub_debug_free (GRUB_FILE, __LINE__, ptr) +void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line, + grub_size_t nmemb, grub_size_t size); void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line, grub_size_t size); void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line, diff --git a/include/grub/powerpc/linux.h b/include/grub/powerpc/linux.h new file mode 100644 index 000000000..e69de29bb diff --git a/include/grub/relocator.h b/include/grub/relocator.h index 24d8672d2..1b3bdd92a 100644 --- a/include/grub/relocator.h +++ b/include/grub/relocator.h @@ -49,6 +49,35 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel, int preference, int avoid_efi_boot_services); +/* + * Wrapper for grub_relocator_alloc_chunk_align() with purpose of + * protecting against integer underflow. + * + * Compare to its callee, max_addr has different meaning here. + * It covers entire chunk and not just start address of the chunk. + */ +static inline grub_err_t +grub_relocator_alloc_chunk_align_safe (struct grub_relocator *rel, + grub_relocator_chunk_t *out, + grub_phys_addr_t min_addr, + grub_phys_addr_t max_addr, + grub_size_t size, grub_size_t align, + int preference, + int avoid_efi_boot_services) +{ + /* Sanity check and ensure following equation (max_addr - size) is safe. */ + if (max_addr < size || (max_addr - size) < min_addr) + return GRUB_ERR_OUT_OF_RANGE; + + return grub_relocator_alloc_chunk_align (rel, out, min_addr, + max_addr - size, + size, align, preference, + avoid_efi_boot_services); +} + +/* Top 32-bit address minus s bytes and plus 1 byte. */ +#define UP_TO_TOP32(s) ((~(s) & 0xffffffff) + 1) + #define GRUB_RELOCATOR_PREFERENCE_NONE 0 #define GRUB_RELOCATOR_PREFERENCE_LOW 1 #define GRUB_RELOCATOR_PREFERENCE_HIGH 2 diff --git a/include/grub/safemath.h b/include/grub/safemath.h new file mode 100644 index 000000000..c17b89bba --- /dev/null +++ b/include/grub/safemath.h @@ -0,0 +1,37 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2020 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + * + * Arithmetic operations that protect against overflow. + */ + +#ifndef GRUB_SAFEMATH_H +#define GRUB_SAFEMATH_H 1 + +#include + +/* These appear in gcc 5.1 and clang 3.8. */ +#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8) + +#define grub_add(a, b, res) __builtin_add_overflow(a, b, res) +#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) +#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) + +#else +#error gcc 5.1 or newer or clang 3.8 or newer is required +#endif + +#endif /* GRUB_SAFEMATH_H */ diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h index 360c2be1f..6c48e0751 100644 --- a/include/grub/script_sh.h +++ b/include/grub/script_sh.h @@ -359,13 +359,10 @@ struct grub_script_function /* The script function. */ struct grub_script *func; - /* The flags. */ - unsigned flags; - /* The next element. */ struct grub_script_function *next; - int references; + unsigned executing; }; typedef struct grub_script_function *grub_script_function_t; diff --git a/include/grub/smbios.h b/include/grub/smbios.h new file mode 100644 index 000000000..15ec260b3 --- /dev/null +++ b/include/grub/smbios.h @@ -0,0 +1,69 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2019 Free Software Foundation, Inc. + * + * GRUB is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GRUB is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with GRUB. If not, see . + */ + +#ifndef GRUB_SMBIOS_HEADER +#define GRUB_SMBIOS_HEADER 1 + +#include +#include + +#define GRUB_SMBIOS_TYPE_END_OF_TABLE ((grub_uint8_t)127) + +struct grub_smbios_ieps +{ + grub_uint8_t anchor[5]; /* "_DMI_" */ + grub_uint8_t checksum; + grub_uint16_t table_length; + grub_uint32_t table_address; + grub_uint16_t structures; + grub_uint8_t revision; +} GRUB_PACKED; + +struct grub_smbios_eps +{ + grub_uint8_t anchor[4]; /* "_SM_" */ + grub_uint8_t checksum; + grub_uint8_t length; /* 0x1f */ + grub_uint8_t version_major; + grub_uint8_t version_minor; + grub_uint16_t maximum_structure_size; + grub_uint8_t revision; + grub_uint8_t formatted[5]; + struct grub_smbios_ieps intermediate; +} GRUB_PACKED; + +struct grub_smbios_eps3 +{ + grub_uint8_t anchor[5]; /* "_SM3_" */ + grub_uint8_t checksum; + grub_uint8_t length; /* 0x18 */ + grub_uint8_t version_major; + grub_uint8_t version_minor; + grub_uint8_t docrev; + grub_uint8_t revision; + grub_uint8_t reserved; + grub_uint32_t maximum_table_length; + grub_uint64_t table_address; +} GRUB_PACKED; + +extern struct grub_smbios_eps *grub_machine_smbios_get_eps (void); +extern struct grub_smbios_eps3 *grub_machine_smbios_get_eps3 (void); + +extern struct grub_smbios_eps *EXPORT_FUNC (grub_smbios_get_eps) (void); + +#endif /* ! GRUB_SMBIOS_HEADER */ diff --git a/include/grub/sparc64/linux.h b/include/grub/sparc64/linux.h new file mode 100644 index 000000000..e69de29bb diff --git a/include/grub/unicode.h b/include/grub/unicode.h index a0403e91f..4de986a85 100644 --- a/include/grub/unicode.h +++ b/include/grub/unicode.h @@ -293,7 +293,7 @@ grub_unicode_glyph_dup (const struct grub_unicode_glyph *in) grub_memcpy (out, in, sizeof (*in)); if (in->ncomb > ARRAY_SIZE (out->combining_inline)) { - out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); + out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); if (!out->combining_ptr) { grub_free (out); @@ -315,7 +315,7 @@ grub_unicode_set_glyph (struct grub_unicode_glyph *out, grub_memcpy (out, in, sizeof (*in)); if (in->ncomb > ARRAY_SIZE (out->combining_inline)) { - out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); + out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); if (!out->combining_ptr) return; grub_memcpy (out->combining_ptr, in->combining_ptr, diff --git a/include/grub/util/install.h b/include/grub/util/install.h index a521f1663..b2ed88e38 100644 --- a/include/grub/util/install.h +++ b/include/grub/util/install.h @@ -219,15 +219,14 @@ grub_install_get_default_x86_platform (void); const char * grub_install_get_default_powerpc_machtype (void); -int -grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, - const char *efifile_path, - const char *efi_distributor); - -int -grub_install_register_efi (grub_device_t efidir_grub_dev, - const char *efifile_path, - const char *efi_distributor); +int grub_install_efivar_register_efi (grub_device_t efidir_grub_dev, + const char *efidir, + const char *efifile_path, + const char *efi_distributor); + +int grub_install_register_efi (grub_device_t efidir_grub_dev, + const char *efidir, const char *efifile_path, + const char *efi_distributor); void grub_install_register_ieee1275 (int is_prep, const char *install_device, diff --git a/util/deviceiter.c b/util/deviceiter.c index dddc50da7..ec9a6d0ab 100644 --- a/util/deviceiter.c +++ b/util/deviceiter.c @@ -589,6 +589,9 @@ grub_util_iterate_devices (int (*hook) (const char *, int, void *), void *hook_d /* Skip partition entries. */ if (strstr (entry->d_name, "-part")) continue; + /* LVM might create /dev/disk/by-id/lvm-pv-uuid- symlinks */ + if (strstr (entry->d_name, "lvm-pv-uuid")) + continue; /* Skip device-mapper entries; we'll handle the ones we want later. */ if (strncmp (entry->d_name, "dm-", sizeof ("dm-") - 1) == 0) diff --git a/util/getroot.c b/util/getroot.c index cdd41153c..6ae35ecaa 100644 --- a/util/getroot.c +++ b/util/getroot.c @@ -200,7 +200,7 @@ make_device_name (const char *drive) char *ret, *ptr; const char *iptr; - ret = xmalloc (strlen (drive) * 2); + ret = xcalloc (2, strlen (drive)); ptr = ret; for (iptr = drive; *iptr; iptr++) { diff --git a/util/grub-file.c b/util/grub-file.c index 50c18b683..b2e7dd69f 100644 --- a/util/grub-file.c +++ b/util/grub-file.c @@ -54,7 +54,7 @@ main (int argc, char *argv[]) grub_util_host_init (&argc, &argv); - argv2 = xmalloc (argc * sizeof (argv2[0])); + argv2 = xcalloc (argc, sizeof (argv2[0])); if (argc == 2 && strcmp (argv[1], "--version") == 0) { diff --git a/util/grub-fstest.c b/util/grub-fstest.c index f14e02d97..57246af7c 100644 --- a/util/grub-fstest.c +++ b/util/grub-fstest.c @@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct argp_state *state) if (args_count < num_disks) { if (args_count == 0) - images = xmalloc (num_disks * sizeof (images[0])); + images = xcalloc (num_disks, sizeof (images[0])); images[args_count] = grub_canonicalize_file_name (arg); args_count++; return 0; @@ -734,7 +734,7 @@ main (int argc, char *argv[]) grub_util_host_init (&argc, &argv); - args = xmalloc (argc * sizeof (args[0])); + args = xcalloc (argc, sizeof (args[0])); argp_parse (&argp, argc, argv, 0, 0, 0); diff --git a/util/grub-install-common.c b/util/grub-install-common.c index fdfe2c7ea..61f9075bc 100644 --- a/util/grub-install-common.c +++ b/util/grub-install-common.c @@ -185,38 +185,113 @@ grub_install_mkdir_p (const char *dst) free (t); } +static int +strcmp_ext (const char *a, const char *b, const char *ext) +{ + char *bsuffix = grub_util_path_concat_ext (1, b, ext); + int r = strcmp (a, bsuffix); + free (bsuffix); + return r; +} + +enum clean_grub_dir_mode +{ + CLEAN = 0, + CLEAN_BACKUP = 1, + CREATE_BACKUP = 2, + RESTORE_BACKUP = 3, +}; + static void -clean_grub_dir (const char *di) +clean_grub_dir_real (const char *di, enum clean_grub_dir_mode mode) { grub_util_fd_dir_t d; grub_util_fd_dirent_t de; + char suffix[2] = ""; + + if ((mode == CLEAN_BACKUP) || (mode == RESTORE_BACKUP)) + { + strcpy (suffix, "-"); + } d = grub_util_fd_opendir (di); if (!d) - grub_util_error (_("cannot open directory `%s': %s"), - di, grub_util_fd_strerror ()); + { + if (mode == CLEAN_BACKUP) + return; + grub_util_error (_("cannot open directory `%s': %s"), + di, grub_util_fd_strerror ()); + } while ((de = grub_util_fd_readdir (d))) { const char *ext = strrchr (de->d_name, '.'); - if ((ext && (strcmp (ext, ".mod") == 0 - || strcmp (ext, ".lst") == 0 - || strcmp (ext, ".img") == 0 - || strcmp (ext, ".mo") == 0) - && strcmp (de->d_name, "menu.lst") != 0) - || strcmp (de->d_name, "efiemu32.o") == 0 - || strcmp (de->d_name, "efiemu64.o") == 0) + if ((ext && (strcmp_ext (ext, ".mod", suffix) == 0 + || strcmp_ext (ext, ".lst", suffix) == 0 + || strcmp_ext (ext, ".img", suffix) == 0 + || strcmp_ext (ext, ".mo", suffix) == 0) + && strcmp_ext (de->d_name, "menu.lst", suffix) != 0) + || strcmp_ext (de->d_name, "modinfo.sh", suffix) == 0 + || strcmp_ext (de->d_name, "efiemu32.o", suffix) == 0 + || strcmp_ext (de->d_name, "efiemu64.o", suffix) == 0) { - char *x = grub_util_path_concat (2, di, de->d_name); - if (grub_util_unlink (x) < 0) - grub_util_error (_("cannot delete `%s': %s"), x, - grub_util_fd_strerror ()); - free (x); + char *srcf = grub_util_path_concat (2, di, de->d_name); + + if (mode == CREATE_BACKUP) + { + char *dstf = grub_util_path_concat_ext (2, di, de->d_name, "-"); + if (grub_util_rename (srcf, dstf) < 0) + grub_util_error (_("cannot backup `%s': %s"), srcf, + grub_util_fd_strerror ()); + free (dstf); + } + else if (mode == RESTORE_BACKUP) + { + char *dstf = grub_util_path_concat (2, di, de->d_name); + dstf[strlen (dstf) - 1] = 0; + if (grub_util_rename (srcf, dstf) < 0) + grub_util_error (_("cannot restore `%s': %s"), dstf, + grub_util_fd_strerror ()); + free (dstf); + } + else + { + if (grub_util_unlink (srcf) < 0) + grub_util_error (_("cannot delete `%s': %s"), srcf, + grub_util_fd_strerror ()); + } + free (srcf); } } grub_util_fd_closedir (d); } +static void +restore_backup_on_exit (int status, void *arg) +{ + if (status == 0) + { + clean_grub_dir_real ((char *) arg, CLEAN_BACKUP); + } + else + { + clean_grub_dir_real ((char *) arg, CLEAN); + clean_grub_dir_real ((char *) arg, RESTORE_BACKUP); + } + free (arg); + arg = NULL; +} + +static void +clean_grub_dir (const char *di) +{ + clean_grub_dir_real (di, CLEAN_BACKUP); + clean_grub_dir_real (di, CREATE_BACKUP); +#if defined(HAVE_ON_EXIT) + on_exit (restore_backup_on_exit, strdup (di)); +#endif +} + struct install_list { int is_default; @@ -286,7 +361,7 @@ handle_install_list (struct install_list *il, const char *val, il->n_entries++; } il->n_alloc = il->n_entries + 1; - il->entries = xmalloc (il->n_alloc * sizeof (il->entries[0])); + il->entries = xcalloc (il->n_alloc, sizeof (il->entries[0])); ptr = val; for (ce = il->entries; ; ce++) { diff --git a/util/grub-install.c b/util/grub-install.c index 35d150c33..843dfc7c8 100644 --- a/util/grub-install.c +++ b/util/grub-install.c @@ -56,7 +56,7 @@ static char *target; static int removable = 0; -static int force_extra_removable = 0; +static int no_extra_removable = 0; static int recheck = 0; static int update_nvram = 1; static char *install_device = NULL; @@ -98,6 +98,7 @@ enum OPTION_FORCE, OPTION_FORCE_FILE_ID, OPTION_NO_NVRAM, + OPTION_AUTO_NVRAM, OPTION_REMOVABLE, OPTION_BOOTLOADER_ID, OPTION_EFI_DIRECTORY, @@ -115,7 +116,7 @@ enum OPTION_PRODUCT_VERSION, OPTION_UEFI_SECURE_BOOT, OPTION_NO_UEFI_SECURE_BOOT, - OPTION_FORCE_EXTRA_REMOVABLE + OPTION_NO_EXTRA_REMOVABLE }; static int fs_probe = 1; @@ -165,6 +166,7 @@ argp_parser (int key, char *arg, struct argp_state *state) case OPTION_EDITENV: case OPTION_MKDEVICEMAP: case OPTION_NO_FLOPPY: + case OPTION_AUTO_NVRAM: return 0; case OPTION_ROOT_DIRECTORY: /* Accept for compatibility. */ @@ -218,8 +220,8 @@ argp_parser (int key, char *arg, struct argp_state *state) removable = 1; return 0; - case OPTION_FORCE_EXTRA_REMOVABLE: - force_extra_removable = 1; + case OPTION_NO_EXTRA_REMOVABLE: + no_extra_removable = 1; return 0; case OPTION_ALLOW_FLOPPY: @@ -296,6 +298,7 @@ static struct argp_option options[] = { {"no-nvram", OPTION_NO_NVRAM, 0, 0, N_("don't update the `boot-device'/`Boot*' NVRAM variables. " "This option is only available on EFI and IEEE1275 targets."), 2}, + {"auto-nvram", OPTION_AUTO_NVRAM, 0, OPTION_HIDDEN, 0, 2}, {"skip-fs-probe",'s',0, 0, N_("do not probe for filesystems in DEVICE"), 0}, {"no-bootsector", OPTION_NO_BOOTSECTOR, 0, 0, @@ -328,8 +331,8 @@ static struct argp_option options[] = { N_("do not install an image usable with UEFI Secure Boot, even if the " "system was currently started using it. " "This option is only available on EFI."), 2}, - {"force-extra-removable", OPTION_FORCE_EXTRA_REMOVABLE, 0, 0, - N_("force installation to the removable media path also. " + {"no-extra-removable", OPTION_NO_EXTRA_REMOVABLE, 0, 0, + N_("Do not install bootloader code to the removable media path. " "This option is only available on EFI."), 2}, {0, 0, 0, 0, 0, 0} }; @@ -655,7 +658,7 @@ device_map_check_duplicates (const char *dev_map) if (! fp) return; - d = xmalloc (alloced * sizeof (d[0])); + d = xcalloc (alloced, sizeof (d[0])); while (fgets (buf, sizeof (buf), fp)) { @@ -883,12 +886,25 @@ check_component_exists(const char *dir, static void also_install_removable(const char *src, const char *base_efidir, - const char *efi_file, - int is_needed) + const char *efi_suffix, + const char *efi_suffix_upper) { + char *efi_file = NULL; char *dst = NULL; char *cur = NULL; char *found = NULL; + char *fb_file = NULL; + char *mm_file = NULL; + char *generic_efidir = NULL; + + if (!efi_suffix) + grub_util_error ("%s", _("efi_suffix not set")); + if (!efi_suffix_upper) + grub_util_error ("%s", _("efi_suffix_upper not set")); + + efi_file = xasprintf ("BOOT%s.EFI", efi_suffix_upper); + fb_file = xasprintf ("fb%s.efi", efi_suffix); + mm_file = xasprintf ("mm%s.efi", efi_suffix); /* We need to install in $base_efidir/EFI/BOOT/$efi_file, but we * need to cope with case-insensitive stuff here. Build the path one @@ -910,22 +926,39 @@ also_install_removable(const char *src, if (found == NULL) found = xstrdup("BOOT"); dst = grub_util_path_concat (2, cur, found); - cur = xstrdup (dst); - free (dst); + free (cur); free (found); - grub_install_mkdir_p (cur); + grub_install_mkdir_p (dst); + generic_efidir = xstrdup (dst); + free (dst); /* Now $efi_file */ - found = check_component_exists(cur, efi_file); + found = check_component_exists(generic_efidir, efi_file); if (found == NULL) found = xstrdup(efi_file); - dst = grub_util_path_concat (2, cur, found); - cur = xstrdup (dst); - free (dst); + dst = grub_util_path_concat (2, generic_efidir, found); free (found); - grub_install_copy_file (src, cur, is_needed); + grub_install_copy_file (src, dst, 1); + free (efi_file); + free (dst); - free (cur); + /* Now try to also install fallback */ + efi_file = grub_util_path_concat (2, "/usr/lib/shim/", fb_file); + dst = grub_util_path_concat (2, generic_efidir, fb_file); + grub_install_copy_file (efi_file, dst, 0); + free (efi_file); + free (dst); + + /* Also install MokManager to the removable path */ + efi_file = grub_util_path_concat (2, "/usr/lib/shim/", mm_file); + dst = grub_util_path_concat (2, generic_efidir, mm_file); + grub_install_copy_file (efi_file, dst, 0); + free (efi_file); + free (dst); + + free (generic_efidir); + free (fb_file); + free (mm_file); } int @@ -978,8 +1011,8 @@ main (int argc, char *argv[]) bootloader_id = xstrdup ("grub"); } - if (removable && force_extra_removable) - grub_util_error (_("Invalid to use both --removable and --force_extra_removable")); + if (removable && no_extra_removable) + grub_util_error (_("Invalid to use both --removable and --no_extra_removable")); if (!grub_install_source_directory) { @@ -1372,7 +1405,7 @@ main (int argc, char *argv[]) ndev++; } - grub_drives = xmalloc (sizeof (grub_drives[0]) * (ndev + 1)); + grub_drives = xcalloc (ndev + 1, sizeof (grub_drives[0])); for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++, curdrive++) @@ -2050,9 +2083,9 @@ main (int argc, char *argv[]) { /* Try to make this image bootable using the EFI Boot Manager, if available. */ int ret; - ret = grub_install_register_efi (efidir_grub_dev, - "\\System\\Library\\CoreServices", - efi_distributor); + ret = grub_install_register_efi ( + efidir_grub_dev, efidir, "\\System\\Library\\CoreServices", + efi_distributor); if (ret) grub_util_error (_("failed to register the EFI boot entry: %s"), strerror (ret)); @@ -2071,31 +2104,31 @@ main (int argc, char *argv[]) case GRUB_INSTALL_PLATFORM_IA64_EFI: { char *dst = grub_util_path_concat (2, efidir, efi_file); - char *removable_file = xasprintf ("BOOT%s.EFI", efi_suffix_upper); - if (uefi_secure_boot) { char *shim_signed = NULL; - char *mok_signed = NULL, *mok_file = NULL; - char *fb_signed = NULL, *fb_file = NULL; - char *csv_file = NULL; + char *mok_file = NULL; + char *bootcsv = NULL; char *config_dst; FILE *config_dst_f; shim_signed = xasprintf ("/usr/lib/shim/shim%s.efi.signed", efi_suffix); - mok_signed = xasprintf ("mm%s.efi.signed", efi_suffix); mok_file = xasprintf ("mm%s.efi", efi_suffix); - fb_signed = xasprintf ("fb%s.efi.signed", efi_suffix); - fb_file = xasprintf ("fb%s.efi", efi_suffix); - csv_file = xasprintf ("BOOT%s.CSV", efi_suffix_upper); - - /* If we have a signed shim binary, install that and all - its helpers in the normal vendor path */ + bootcsv = xasprintf ("BOOT%s.CSV", efi_suffix_upper); if (grub_util_is_regular (shim_signed)) { char *chained_base, *chained_dst; - char *mok_src, *mok_dst, *fb_src, *fb_dst, *csv_src, *csv_dst; + char *mok_src, *mok_dst, *bootcsv_src, *bootcsv_dst; + + /* Install grub as our chained bootloader */ + chained_base = xasprintf ("grub%s.efi", efi_suffix); + chained_dst = grub_util_path_concat (2, efidir, chained_base); + grub_install_copy_file (efi_signed, chained_dst, 1); + free (chained_dst); + free (chained_base); + + /* Now handle shim, and make this our new "default" loader. */ if (!removable) { free (efi_file); @@ -2104,99 +2137,47 @@ main (int argc, char *argv[]) dst = grub_util_path_concat (2, efidir, efi_file); } grub_install_copy_file (shim_signed, dst, 1); - chained_base = xasprintf ("grub%s.efi", efi_suffix); - chained_dst = grub_util_path_concat (2, efidir, chained_base); - grub_install_copy_file (efi_signed, chained_dst, 1); + free (efi_signed); + efi_signed = xstrdup (shim_signed); - /* Not critical, so not an error if they are not present (as it - won't be for older releases); but if we have them, make - sure they are installed. */ + /* Not critical, so not an error if it is not present (as it + won't be for older releases); but if we have MokManager, + make sure it gets installed. */ mok_src = grub_util_path_concat (2, "/usr/lib/shim/", - mok_signed); + mok_file); mok_dst = grub_util_path_concat (2, efidir, mok_file); grub_install_copy_file (mok_src, mok_dst, 0); - - fb_src = grub_util_path_concat (2, "/usr/lib/shim/", - fb_signed); - fb_dst = grub_util_path_concat (2, efidir, - fb_file); - grub_install_copy_file (fb_src, - fb_dst, 0); - - csv_src = grub_util_path_concat (2, "/usr/lib/shim/", - csv_file); - csv_dst = grub_util_path_concat (2, efidir, - csv_file); - grub_install_copy_file (csv_src, - csv_dst, 0); - - /* Install binaries into .../EFI/BOOT too: - the shim binary - the grub binary - the shim fallback binary (not fatal on failure) */ - if (force_extra_removable) - { - grub_util_info ("Secure boot: installing shim and image into rm path"); - also_install_removable (shim_signed, base_efidir, removable_file, 1); - - also_install_removable (efi_signed, base_efidir, chained_base, 1); - - /* If we're updating the NVRAM, add fallback too - it - will re-update the NVRAM later if things break */ - if (update_nvram) - also_install_removable (fb_src, base_efidir, fb_file, 0); - } - - free (chained_dst); - free (chained_base); free (mok_src); free (mok_dst); - free (fb_src); - free (fb_dst); - free (csv_src); - free (csv_dst); + + /* Also try to install boot.csv for fallback */ + bootcsv_src = grub_util_path_concat (2, "/usr/lib/shim/", + bootcsv); + bootcsv_dst = grub_util_path_concat (2, efidir, bootcsv); + grub_install_copy_file (bootcsv_src, bootcsv_dst, 0); + free (bootcsv_src); + free (bootcsv_dst); } else - { - /* Tried to install for secure boot, but no signed - shim found. Fall back to just installing the signed - grub binary */ - grub_util_info ("Secure boot (no shim): installing signed grub binary"); - grub_install_copy_file (efi_signed, dst, 1); - if (force_extra_removable) - { - grub_util_info ("Secure boot (no shim): installing signed grub binary into rm path"); - also_install_removable (efi_signed, base_efidir, removable_file, 1); - } - } + grub_install_copy_file (efi_signed, dst, 1); - /* In either case, install our grub.cfg */ config_dst = grub_util_path_concat (2, efidir, "grub.cfg"); grub_install_copy_file (load_cfg, config_dst, 1); config_dst_f = grub_util_fopen (config_dst, "ab"); fprintf (config_dst_f, "configfile $prefix/grub.cfg\n"); fclose (config_dst_f); free (config_dst); - - free (csv_file); - free (fb_file); - free (fb_signed); - free (mok_file); - free (mok_signed); - free (shim_signed); + if (!removable && !no_extra_removable) + also_install_removable(efi_signed, base_efidir, efi_suffix, efi_suffix_upper); } else { - /* No secure boot - just install our newly-generated image */ - grub_util_info ("No Secure Boot: installing core image"); grub_install_copy_file (imgfile, dst, 1); - if (force_extra_removable) - also_install_removable (imgfile, base_efidir, removable_file, 1); + if (!removable && !no_extra_removable) + also_install_removable(imgfile, base_efidir, efi_suffix, efi_suffix_upper); } - - free (removable_file); free (dst); } if (!removable && update_nvram) @@ -2220,7 +2201,7 @@ main (int argc, char *argv[]) efidir_grub_dev->disk->name, (part ? ",": ""), (part ? : "")); grub_free (part); - ret = grub_install_register_efi (efidir_grub_dev, + ret = grub_install_register_efi (efidir_grub_dev, efidir, efifile_path, efi_distributor); if (ret) grub_util_error (_("failed to register the EFI boot entry: %s"), diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in index 9c1da6477..6c8988fd6 100644 --- a/util/grub-mkconfig.in +++ b/util/grub-mkconfig.in @@ -162,10 +162,12 @@ if [ "x${GRUB_EARLY_INITRD_LINUX_STOCK}" = "x" ]; then fi if test -f ${sysconfdir}/default/grub ; then + gettext_printf "Sourcing file \`%s'\n" "${sysconfdir}/default/grub" 1>&2 . ${sysconfdir}/default/grub fi for x in ${sysconfdir}/default/grub.d/*.cfg ; do if [ -e "${x}" ]; then + gettext_printf "Sourcing file \`%s'\n" "${x}" 1>&2 . "${x}" fi done @@ -256,7 +258,10 @@ export GRUB_DEFAULT \ GRUB_OS_PROBER_SKIP_LIST \ GRUB_DISABLE_SUBMENU \ GRUB_RECORDFAIL_TIMEOUT \ - GRUB_RECOVERY_TITLE + GRUB_RECOVERY_TITLE \ + GRUB_FORCE_PARTUUID \ + GRUB_DISABLE_INITRD \ + GRUB_FLAVOUR_ORDER if test "x${grub_cfg}" != "x"; then rm -f "${grub_cfg}.new" diff --git a/util/grub-mkconfig_lib.in b/util/grub-mkconfig_lib.in index fe6319abe..cda16aa3c 100644 --- a/util/grub-mkconfig_lib.in +++ b/util/grub-mkconfig_lib.in @@ -270,6 +270,21 @@ version_test_gt () if [ "x$version_test_gt_b" = "x" ] ; then return 0 fi + + # GRUB_FLAVOUR_ORDER is an ordered list of kernels, in decreasing + # priority. Any items in the list take precedence over other kernels, + # and earlier flavours are preferred over later ones. + for flavour in ${GRUB_FLAVOUR_ORDER:-}; do + version_test_gt_a_preferred=$(echo "$version_test_gt_a" | grep -- "-[0-9]*-$flavour\$") + version_test_gt_b_preferred=$(echo "$version_test_gt_b" | grep -- "-[0-9]*-$flavour\$") + + if [ -n "$version_test_gt_a_preferred" -a -z "$version_test_gt_b_preferred" ] ; then + return 0 + elif [ -z "$version_test_gt_a_preferred" -a -n "$version_test_gt_b_preferred" ] ; then + return 1 + fi + done + case "$version_test_gt_a:$version_test_gt_b" in *.old:*.old) ;; *.old:*) version_test_gt_a="`echo "$version_test_gt_a" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=gt ;; @@ -281,8 +296,38 @@ version_test_gt () version_find_latest () { + # + # Delphix: we define the latest kernel version as the one listed in the + # package-list file of the delphix-entire package. + # Note that during initial image creation, we install the delphix-entire + # package at the end. If this command is invoked before that it would fail + # to query the package-list file. As a workaround, when there's only one + # kernel available, which would be the case during initial image creation, we + # return it directly. + # + if [ "$#" -lt 2 ]; then + echo "$1" + return + fi + + appliance_platform=$(cat /var/lib/delphix-appliance/platform) + if [ "x$appliance_platform" = "x" ]; then + echo "Error: file /var/lib/delphix-appliance/platform empty or missing" >&2 + return 1 + fi + delphix_pkgs_list="/usr/share/doc/delphix-entire-${appliance_platform}/packages.list.gz" + delphix_latest=$(zcat "$delphix_pkgs_list" | grep '^delphix-kernel-' | cut -d= -f1 | sed 's/delphix-kernel-//') + if [ "x$delphix_latest" = "x" ]; then + echo "Error: Failed to retrieve latest delphix-kernel version from '$delphix_pkgs_list'" >&2 + return 1 + fi + version_find_latest_a="" for i in "$@" ; do + if echo "$i" | grep -q "$delphix_latest\$" ; then + echo "$i" + return + fi if version_test_gt "$i" "$version_find_latest_a" ; then version_find_latest_a="$i" fi diff --git a/util/grub-mkimagexx.c b/util/grub-mkimagexx.c index bc087c2b5..d97d0e7be 100644 --- a/util/grub-mkimagexx.c +++ b/util/grub-mkimagexx.c @@ -2294,10 +2294,8 @@ SUFFIX (grub_mkimage_load_image) (const char *kernel_path, + grub_host_to_target16 (e->e_shstrndx) * smd.section_entsize); smd.strtab = (char *) e + grub_host_to_target_addr (s->sh_offset); - smd.addrs = xmalloc (sizeof (*smd.addrs) * smd.num_sections); - memset (smd.addrs, 0, sizeof (*smd.addrs) * smd.num_sections); - smd.vaddrs = xmalloc (sizeof (*smd.vaddrs) * smd.num_sections); - memset (smd.vaddrs, 0, sizeof (*smd.vaddrs) * smd.num_sections); + smd.addrs = xcalloc (smd.num_sections, sizeof (*smd.addrs)); + smd.vaddrs = xcalloc (smd.num_sections, sizeof (*smd.vaddrs)); SUFFIX (locate_sections) (e, kernel_path, &smd, layout, image_target); diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c index 45d6140d3..cb972f120 100644 --- a/util/grub-mkrescue.c +++ b/util/grub-mkrescue.c @@ -441,8 +441,8 @@ main (int argc, char *argv[]) xorriso = xstrdup ("xorriso"); label_font = grub_util_path_concat (2, pkgdatadir, "unicode.pf2"); - argp_argv = xmalloc (sizeof (argp_argv[0]) * argc); - xorriso_tail_argv = xmalloc (sizeof (argp_argv[0]) * argc); + argp_argv = xcalloc (argc, sizeof (argp_argv[0])); + xorriso_tail_argv = xcalloc (argc, sizeof (argp_argv[0])); xorriso_tail_argc = 0; /* Program name */ diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c index 4907d44c0..edf309717 100644 --- a/util/grub-mkstandalone.c +++ b/util/grub-mkstandalone.c @@ -296,7 +296,7 @@ main (int argc, char *argv[]) grub_util_host_init (&argc, &argv); grub_util_disable_fd_syncs (); - files = xmalloc ((argc + 1) * sizeof (files[0])); + files = xcalloc (argc + 1, sizeof (files[0])); argp_parse (&argp, argc, argv, 0, 0, 0); diff --git a/util/grub-pe2elf.c b/util/grub-pe2elf.c index 0d4084a10..11331294f 100644 --- a/util/grub-pe2elf.c +++ b/util/grub-pe2elf.c @@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char *name, char *image, char *pe_strtab = (image + pe_chdr->symtab_offset + pe_chdr->num_symbols * sizeof (struct grub_pe32_symbol)); - section_map = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (int)); + section_map = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (int)); section_map[0] = 0; - shdr = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (shdr[0])); + shdr = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (shdr[0])); idx = 1; idx_reloc = pe_chdr->num_sections + 1; @@ -233,7 +233,7 @@ write_reloc_section (FILE* fp, const char *name, char *image, pe_sec = pe_shdr + shdr[i].sh_link; pe_rel = (struct grub_pe32_reloc *) (image + pe_sec->relocations_offset); - rel = (elf_reloc_t *) xmalloc (pe_sec->num_relocations * sizeof (elf_reloc_t)); + rel = (elf_reloc_t *) xcalloc (pe_sec->num_relocations, sizeof (elf_reloc_t)); num_rels = 0; modified = 0; @@ -365,12 +365,10 @@ write_symbol_table (FILE* fp, const char *name, char *image, pe_symtab = (struct grub_pe32_symbol *) (image + pe_chdr->symtab_offset); pe_strtab = (char *) (pe_symtab + pe_chdr->num_symbols); - symtab = (Elf_Sym *) xmalloc ((pe_chdr->num_symbols + 1) * - sizeof (Elf_Sym)); - memset (symtab, 0, (pe_chdr->num_symbols + 1) * sizeof (Elf_Sym)); + symtab = (Elf_Sym *) xcalloc (pe_chdr->num_symbols + 1, sizeof (Elf_Sym)); num_syms = 1; - symtab_map = (int *) xmalloc (pe_chdr->num_symbols * sizeof (int)); + symtab_map = (int *) xcalloc (pe_chdr->num_symbols, sizeof (int)); for (i = 0; i < (int) pe_chdr->num_symbols; i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1) diff --git a/util/grub-probe.c b/util/grub-probe.c index 81d27eead..cbe6ed94c 100644 --- a/util/grub-probe.c +++ b/util/grub-probe.c @@ -361,8 +361,8 @@ probe (const char *path, char **device_names, char delim) grub_util_pull_device (*curdev); ndev++; } - - drives_names = xmalloc (sizeof (drives_names[0]) * (ndev + 1)); + + drives_names = xcalloc (ndev + 1, sizeof (drives_names[0])); for (curdev = device_names, curdrive = drives_names; *curdev; curdev++, curdrive++) diff --git a/util/grub.d/00_header.in b/util/grub.d/00_header.in index b7135b655..2642f66c5 100644 --- a/util/grub.d/00_header.in +++ b/util/grub.d/00_header.in @@ -50,6 +50,18 @@ if [ -s \$prefix/grubenv ]; then load_env fi EOF +cat < get the device mapper UUID for /dev/dm-0 +# get_dm_field_for_dev /dev/dm-1 name -> get the device mapper name for /dev/dm-1 +# etc +get_dm_field_for_dev () { + dmsetup info -c --noheadings -o $2 $1 2>/dev/null +} + +# Is $1 a multipath device? +is_multipath () { + local dmuuid dmtype + dmuuid="$(get_dm_field_for_dev $1 uuid)" + if [ $? -ne 0 ]; then + # Not a device mapper device -- or dmsetup not installed, and as + # multipath depends on kpartx which depends on dmsetup, if there is no + # dmsetup then there are not going to be any multipath devices. + return 1 + fi + # A device mapper "uuid" is always -. If is of the form + # part[0-9] then is the device the partition is on and we want to + # look at that instead. A multipath node always has of mpath. + dmtype="${dmuuid%%-*}" + if [ "${dmtype#part}" != "$dmtype" ]; then + dmuuid="${dmuuid#*-}" + dmtype="${dmuuid%%-*}" + fi + if [ "$dmtype" = "mpath" ]; then + return 0 + else + return 1 + fi +} + +if test -e "${GRUB_DEVICE}" && is_multipath "${GRUB_DEVICE}"; then + # If / is multipathed, there will be multiple paths to the partition, so + # using root=UUID= exposes the boot process to udev races. In addition + # GRUB_DEVICE in this case will be /dev/dm-0 or similar -- better to use a + # symlink that depends on the multipath name. + GRUB_DEVICE=/dev/mapper/"$(get_dm_field_for_dev $GRUB_DEVICE name)" + GRUB_DISABLE_LINUX_UUID=true +fi + # btrfs may reside on multiple devices. We cannot pass them as value of root= parameter # and mounting btrfs requires user space scanning, so force UUID in this case. if ( [ "x${GRUB_DEVICE_UUID}" = "x" ] && [ "x${GRUB_DEVICE_PARTUUID}" = "x" ] ) \ @@ -89,6 +130,10 @@ case x"$GRUB_FS" in GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" fi;; xzfs) + # We have a more specialized ZFS handler, with multiple system in 10_linux_zfs. + if [ -e "`dirname $(readlink -f $0)`/10_linux_zfs" ]; then + exit 0 + fi rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`" LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs%/}" @@ -114,6 +159,16 @@ if [ "$vt_handoff" = 1 ]; then done fi +if [ x"$GRUB_FORCE_PARTUUID" != x ]; then + gettext_printf "GRUB_FORCE_PARTUUID is set, will attempt initrdless boot\n" >&2 + cat << EOF +# +# GRUB_FORCE_PARTUUID is set, will attempt initrdless boot +# Upon panic fallback to booting with initrd +EOF + echo "set partuuid=${GRUB_FORCE_PARTUUID}" +fi + linux_entry () { os="$1" @@ -189,25 +244,78 @@ EOF linux ${rel_dirname}/${basename}.efi.signed root=${linux_root_device_thisversion} ro ${args} EOF else - sed "s/^/$submenu_indentation/" << EOF - linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} -EOF - fi - if test -n "${initrd}" ; then - # TRANSLATORS: ramdisk isn't identifier. Should be translated. - if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then - message="$(gettext_printf "Loading initial ramdisk ...")" - sed "s/^/$submenu_indentation/" << EOF - echo '$(echo "$message" | grub_quote)' -EOF + # We have initrd and PARTUUID is set - we try to boot without initrd, and fallback to using it + # if it fails. + # "panic=-1" means "on panic reboot immediately". "panic=0" disables the reboot behavior. + if [ x"$GRUB_FORCE_PARTUUID" != x ]; then + linux_root_device_thisversion="PARTUUID=${GRUB_FORCE_PARTUUID}" fi + message="$(gettext_printf "Loading initial ramdisk ...")" + initrdlessfail_msg="$(gettext_printf "GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.")" + initrdlesstry_msg="$(gettext_printf "GRUB_FORCE_PARTUUID set, attempting initrdless boot.")" initrd_path= for i in ${initrd}; do - initrd_path="${initrd_path} ${rel_dirname}/${i}" + initrd_path="${initrd_path} ${rel_dirname}/${i}" done - sed "s/^/$submenu_indentation/" << EOF + initrd_path_only_early= + for i in ${initrd_early}; do + initrd_path_only_early="${initrd_path_only_early} ${rel_dirname}/${i}" + done + if test -n "${initrd}" && [ x"$GRUB_FORCE_PARTUUID" != x ]; then + sed "s/^/$submenu_indentation/" << EOF + if [ "\${initrdfail}" = 1 ]; then + echo '$(echo "$initrdlessfail_msg" | grub_quote)' + linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} +EOF + if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' +EOF + fi + sed "s/^/$submenu_indentation/" << EOF + initrd $(echo $initrd_path) + else + echo '$(echo "$initrdlesstry_msg" | grub_quote)' + linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} panic=-1 +EOF + if [ -n "$initrd_path_only_early" ]; then + sed "s/^/$submenu_indentation/" << EOF + initrd $(echo $initrd_path_only_early) +EOF + fi + sed "s/^/$submenu_indentation/" << EOF + fi + initrdfail +EOF + else + # We don't have initrd or we don't want to set PARTUUID. Don't try initrd-less boot with fallback. + sed "s/^/$submenu_indentation/" << EOF + linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} +EOF + if test -n "${initrd}"; then + # We do have initrd - let's use it at boot. + # TRANSLATORS: ramdisk isn't identifier. Should be translated. + if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' +EOF + fi + sed "s/^/$submenu_indentation/" << EOF initrd $(echo $initrd_path) EOF + fi + fi + if test -n "${dtb}" ; then + if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then + message="$(gettext_printf "Loading device tree blob...")" + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' +EOF + fi + sed "s/^/$submenu_indentation/" << EOF + devicetree ${rel_dirname}/${dtb} +EOF + fi fi sed "s/^/$submenu_indentation/" << EOF } @@ -236,6 +344,10 @@ case "$machine" in *) GENKERNEL_ARCH="$machine" ;; esac +case "$GENKERNEL_ARCH" in + x86*) GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY dis_ucode_ldr";; +esac + prepare_boot_cache= prepare_root_cache= boot_device_id= @@ -266,7 +378,9 @@ else cat << EOF if [ "\${recordfail}" != 1 ]; then if [ -e \${prefix}/gfxblacklist.txt ]; then - if hwmatch \${prefix}/gfxblacklist.txt 3; then + if [ \${grub_platform} != pc ]; then + set linux_gfx_mode=keep + elif hwmatch \${prefix}/gfxblacklist.txt 3; then if [ \${match} = 0 ]; then set linux_gfx_mode=keep else @@ -343,6 +457,14 @@ while [ "x$list" != "x" ] ; do gettext_printf "Found initrd image: %s\n" "$(echo $initrd_display)" >&2 fi + dtb= + for i in "dtb-${version}" "dtb-${alt_version}" "dtb"; do + if test -e "${dirname}/${i}" ; then + dtb="$i" + break + fi + done + config= for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do if test -e "${i}" ; then diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in new file mode 100755 index 000000000..d9b79e29a --- /dev/null +++ b/util/grub.d/10_linux_zfs.in @@ -0,0 +1,1117 @@ +#! /bin/sh +set -e + +# grub-mkconfig helper script. +# Copyright (C) 2019 Canonical Ltd. +# +# GRUB is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# GRUB is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GRUB. If not, see . + +prefix="@prefix@" +datarootdir="@datarootdir@" +ubuntu_recovery="@UBUNTU_RECOVERY@" +quiet_boot="@QUIET_BOOT@" +quick_boot="@QUICK_BOOT@" +gfxpayload_dynamic="@GFXPAYLOAD_DYNAMIC@" +vt_handoff="@VT_HANDOFF@" + +. "${pkgdatadir}/grub-mkconfig_lib" + +export TEXTDOMAIN=@PACKAGE@ +export TEXTDOMAINDIR="@localedir@" + +set -u + +## Skip early if zfs utils isn't installed (instead of failing on first zpool list) +if ! `which zfs >/dev/null 2>&1`; then + exit 0 +fi + +imported_pools="" +MNTDIR="$(mktemp -d ${TMPDIR:-/tmp}/zfsmnt.XXXXXX)" +ZFSTMP="$(mktemp -d ${TMPDIR:-/tmp}/zfstmp.XXXXXX)" + + +machine="$(uname -m)" +case "${machine}" in + i?86) GENKERNEL_ARCH="x86" ;; + mips|mips64) GENKERNEL_ARCH="mips" ;; + mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; + arm*) GENKERNEL_ARCH="arm" ;; + *) GENKERNEL_ARCH="${machine}" ;; +esac + +RC=0 +on_exit() { + # Restore initial zpool import state + for pool in ${imported_pools}; do + zpool export "${pool}" + done + + mountpoint -q "${MNTDIR}" && umount "${MNTDIR}" || true + rmdir "${MNTDIR}" + rm -rf "${ZFSTMP}" + exit "${RC}" +} +trap on_exit EXIT INT QUIT ABRT PIPE TERM + +# List ONLINE and DEGRADED pools +import_pools() { + # We have to ignore zpool import output, as potentially multiple / will be available, + # and we need to autodetect all zpools this way with their real mountpoints. + local initial_pools="$(zpool list | awk '{if (NR>1) print $1}')" + local all_pools="" + local imported_pools="" + local err="" + + set +e + err="$(zpool import -f -a -o cachefile=none -o readonly=on -N 2>&1)" + # Only print stderr if the command returned an error + # (it can echo "No zpool to import" with success, which we don't want) + if [ $? -ne 0 ]; then + echo "Some pools couldn't be imported and will be ignored:\n${err}" >&2 + fi + set -e + + all_pools="$(zpool list | awk '{if (NR>1) print $1}')" + for pool in ${all_pools}; do + if echo "${initial_pools}" | grep -wq "${pool}"; then + continue + fi + imported_pools="${imported_pools} ${pool}" + done + + echo "${imported_pools}" +} + +# List all the dataset with a root mountpoint +get_root_datasets() { + local pools="$(zpool list | awk '{if (NR>1) print $1}')" + + for p in ${pools}; do + local rel_pool_root=$(zpool get -H altroot ${p} | awk '{print $3}') + if [ "${rel_pool_root}" = "-" ]; then + rel_pool_root="/" + fi + + zfs list -H -o name,canmount,mountpoint -t filesystem | grep -E '^'"${p}"'(\s|/[[:print:]]*\s)(on|noauto)\s'"${rel_pool_root}"'$' | awk '{print $1}' + done +} + +# find if given datasets can be mounted for directory and return its path (snapshot or real path) +# $1 is our current dataset name +# $2 directory path we look for (cannot contains /) +# $3 is the temporary mount directory to use +# $4 is the optional snapshot name +# return path for directory (which can be a mountpoint) +validate_system_dataset() { + local dataset="$1" + local directory="$2" + local mntdir="$3" + local snapshot_name="$4" + + local mount_path="${mntdir}/${directory}" + + if ! zfs list "${dataset}" >/dev/null 2>&1; then + return + fi + + if ! mount -o noatime,zfsutil -t zfs "${dataset}" "${mount_path}"; then + grub_warn "Failed to find a valid directory '${directory}' for dataset '${dataset}@${snapshot_name}'. Ignoring" + return + fi + + local candidate_path="${mount_path}" + if [ -n "${snapshot_name}" ]; then + # WORKAROUND a bug https://github.com/zfsonlinux/zfs/issues/9958 + # Reading the content of a snapshot fails if it is not the first mount + # for a given dataset + first_mntdir=$(awk '{if ($1 == "'${dataset}'") {print $2; exit;}}' /proc/mounts) + if [ "${first_mntdir}" = "/" ]; then + # prevents // on candidate_path + first_mntdir="" + fi + candidate_path="${first_mntdir}/.zfs/snapshot/${snapshot_name}" + fi + + if [ -n "$(ls ${candidate_path} 2>/dev/null)" ]; then + echo "${candidate_path}" + return + else + mountpoint -q "${mount_path}" && umount "${mount_path}" || true + fi +} + +# Detect system directory relevant to the other, trying to find the ones associated on the current dataset or snapshot/ +# System directory should be at most a direct child dataset of main datasets (no recursivity) +# We can fallback trying other zfs pools if no match has been found. +# $1 is our current dataset name (which can have @snapshot name) +# $2 directory path we look for (cannot contains /) +# $3 restrict_to_same_pool (true|false) force looking for dataset with the same basename in the current dataset pool only +# $4 is the temporary mount directory to use +# $5 is the optional etc directory (if not $2 is not etc itself) +# return path for directory (which can be a mountpoint) +get_system_directory() { + local dataset_path="$1" + local directory="$2" + local restrict_to_same_pool="$3" + local mntdir="$4" + local etc_dir="$5" + + if [ -z "${etc_dir}" ]; then + etc_dir="${mntdir}/etc" + fi + + local candidate_path="${mntdir}/${directory}" + + # 1. Look for /etc/fstab first (which will mount even on top of non empty $directory) + local mounted_fstab_entry="false" + if [ -f "${etc_dir}/fstab" ]; then + mount_args=$(awk '/^[^#].*[ \t]\/'"${directory}"'[ \t]/ {print "-t", $3, $1}' "${etc_dir}/fstab") + if [ -n "${mount_args}" ]; then + mounted_fstab_entry="true" + mount -o noatime ${mount_args} "${candidate_path}" || mounted_fstab_entry="false" + fi + fi + + # If directory isn't empty. Only count if coming from /etc/fstab. Will be + # handled below otherwise as we are interested in potential snapshots. + if [ "${mounted_fstab_entry}" = "true" -a -n "$(ls ${candidate_path} 2>/dev/null)" ]; then + echo "${candidate_path}" + return + fi + + # 2. Handle zfs case, which can be a snapshots. + + local base_dataset_path="${dataset_path}" + local snapshot_name="" + # For snapshots we extract the parent dataset + if echo "${dataset_path}" | grep -q '@'; then + base_dataset_path=$(echo "${dataset_path}" | cut -d '@' -f1) + snapshot_name=$(echo "${dataset_path}" | cut -d '@' -f2) + fi + base_dataset_name="${base_dataset_path##*/}" + base_pool="$(echo "${base_dataset_path}" | cut -d'/' -f1)" + + # 2.a) Look for child dataset included in base dataset, which needs to hold same snapshot if any + candidate_path=$(validate_system_dataset "${base_dataset_path}/${directory}" "${directory}" "${mntdir}" "${snapshot_name}") + if [ -n "${candidate_path}" ]; then + echo "${candidate_path}" + return + fi + + # 2.b) Look for current dataset (which is already mounted as /) + candidate_path="${mntdir}/${directory}" + if [ -n "${snapshot_name}" ]; then + # WORKAROUND a bug https://github.com/zfsonlinux/zfs/issues/9958 + # Reading the content of a snapshot fails if it is not the first mount + # for a given dataset + first_mntdir=$(awk '{if ($1 == "'${base_dataset_path}'") {print $2; exit;}}' /proc/mounts) + if [ "${first_mntdir}" = "/" ]; then + # prevents // on candidate_path + first_mntdir="" + fi + candidate_path="${first_mntdir}/.zfs/snapshot/${snapshot_name}/${directory}" + fi + if [ -n "$(ls ${candidate_path} 2>/dev/null)" ]; then + echo "${candidate_path}" + return + fi + + # 2.c) Look for every datasets in every pool which isn't the current dataset which holds: + # - the same dataset name (last section) than our base_dataset_name + # - mountpoint=directory + # - canmount!=off + all_same_base_dataset_name="$(zfs list -H -t filesystem -o name,canmount | awk '/^[^ ]+\/'"${base_dataset_name}"'[ \t](on|noauto)/ {print $1}') " + + # order by local pool datasets first + current_pool_same_base_datasets="" + other_pools_same_base_datasets="" + root_pool=$(echo "${dataset_path%%/*}") + for d in ${all_same_base_dataset_name}; do + cur_dataset_pool=$(echo "${d%%/*}") + if echo "${cur_dataset_pool}" | grep -wq "${root_pool}" 2>/dev/null ; then + current_pool_same_base_datasets="${current_pool_same_base_datasets} ${d}" + else + other_pools_same_base_datasets="${other_pools_same_base_datasets} ${d}" + fi + done + ordered_same_base_datasets="${current_pool_same_base_datasets} ${other_pools_same_base_datasets}" + if [ "${restrict_to_same_pool}" = "true" ]; then + ordered_same_base_datasets="${current_pool_same_base_datasets}" + fi + + # now, loop over them + for d in ${ordered_same_base_datasets}; do + cur_dataset_pool=$(echo "${d%%/*}") + + rel_pool_root=$(zpool get -H altroot ${cur_dataset_pool} | awk '{print $3}') + if [ "${rel_pool_root}" = "-" ]; then + rel_pool_root="" + fi + + # check mountpoint match + candidate_dataset=$(zfs get -H mountpoint ${d} | grep -E "mountpoint\s${rel_pool_root}/${directory}\s" | awk '{print $1}') + if [ -z "${candidate_dataset}" ]; then + continue + fi + + candidate_path=$(validate_system_dataset "${candidate_dataset}" "${directory}" "${mntdir}" "${snapshot_name}") + if [ -n "${candidate_path}" ]; then + echo "${candidate_path}" + return + fi + done + + # 2.d) If we didn't find anything yet: check for persistent datasets corresponding to our mountpoint, with canmount=on without any snapshot associated: + # Note: we go over previous datasets as well, but this is ok, as we didn't include them before. + all_mountable_datasets="$(zfs list -t filesystem -o name,canmount | awk '/^[^ ]+[ \t]+on/ {print $1}')" + + # order by local pool datasets first + current_pool_datasets="" + other_pools_datasets="" + root_pool=$(echo "${dataset_path%%/*}") + for d in ${all_mountable_datasets}; do + cur_dataset_pool=$(echo "${d%%/*}") + if echo "${cur_dataset_pool}" | grep -wq "${root_pool}" 2>/dev/null ; then + current_pool_datasets="${current_pool_datasets} ${d}" + else + other_pools_datasets="${other_pools_datasets} ${d}" + fi + done + ordered_datasets="${current_pool_datasets} ${other_pools_datasets}" + if [ "${restrict_to_same_pool}" = "true" ]; then + ordered_datasets="${current_pool_datasets}" + fi + + for d in ${ordered_datasets}; do + cur_dataset_pool=$(echo "${d%%/*}") + + rel_pool_root=$(zpool get -H altroot ${cur_dataset_pool} | awk '{print $3}') + if [ "${rel_pool_root}" = "-" ]; then + rel_pool_root="" + fi + + # check mountpoint match + candidate_dataset=$(zfs get -H mountpoint ${d} | grep -E "mountpoint\s${rel_pool_root}/${directory}\s" | awk '{print $1}') + if [ -z "${candidate_dataset}" ]; then + continue + fi + + candidate_path=$(validate_system_dataset "${d}" "${directory}" "${mntdir}" "") + if [ -n "${candidate_path}" ]; then + echo "${candidate_path}" + return + fi + done + + grub_warn "Failed to find a valid directory '${directory}' for dataset '${dataset_path}'. Ignoring" + return +} + +# Try our default layout bpool as a prefered layout (fast path) +# This is get_system_directory for boot optimized for our default installation layout +# $1 is our current dataset name (which can have @snapshot name) +# $2 is the temporary mount directory to use +# return path for directory (which can be a mountpoint) if found +try_default_layout_bpool() { + local root_dataset_path="$1" + local mntdir="$2" + + dataset_basename="${root_dataset_path##*/}" + candidate_dataset="bpool/BOOT/${dataset_basename}" + dataset_properties="$(zfs get -H mountpoint,canmount ${candidate_dataset} | cut -f3 | paste -sd ' ')" + if [ -z "${dataset_properties}" ]; then + return + fi + + rel_pool_root=$(zpool get -H altroot bpool | awk '{print $3}') + if [ "${rel_pool_root}" = "-" ]; then + rel_pool_root="" + fi + + snapshot_name="${dataset_basename##*@}" + [ "${snapshot_name}" = "${dataset_basename}" ] && snapshot_name="" + if [ -z "${snapshot_name}" ]; then + if ! echo "${dataset_properties}" | grep -Eq "${rel_pool_root}/boot (on|noauto)"; then + return + fi + else + candidate_dataset=$(echo "${candidate_dataset}" | cut -d '@' -f1) + fi + + validate_system_dataset "${candidate_dataset}" "boot" "${mntdir}" "${snapshot_name}" +} + +# Return if secure boot is enabled on that system +is_secure_boot_enabled() { + if LANG=C mokutil --sb-state 2>/dev/null | grep -qi enabled; then + echo "true" + return + fi + echo "false" + return +} + +# Given a filesystem or snapshot dataset, returns dataset|machine id|pretty name|last used +# $1 is dataset we want information from +# $2 is the temporary mount directory to use +get_dataset_info() { + local dataset="$1" + local mntdir="$2" + + local base_dataset="${dataset}" + local etc_dir="${mntdir}/etc" + local is_snapshot="false" + # For snapshot we extract the parent dataset + if echo "${dataset}" | grep -q '@'; then + base_dataset=$(echo "${dataset}" | cut -d '@' -f1) + is_snapshot="true" + fi + + mount -o noatime,zfsutil -t zfs "${base_dataset}" "${mntdir}" + + # read machine-id/os-release from /etc + etc_dir=$(get_system_directory "${dataset}" "etc" "true" "${mntdir}" "") + if [ -z "${etc_dir}" ]; then + grub_warn "Ignoring ${dataset}" + mountpoint -q "${mntdir}/etc" && umount "${mntdir}/etc" || true + umount "${mntdir}" + return + fi + + machine_id="" + if [ -f "${etc_dir}/machine-id" ]; then + machine_id=$(cat "${etc_dir}/machine-id") + fi + # We have to use a random temporary id if we don't have any machine-id file or if this one is empty + # (mostly the case of new installations before first boot). + # Let's use the dataset name directly for this. + # Consequence is that all datasets are then separated. + if [ -z "${machine_id}" ]; then + machine_id="${dataset}" + fi + pretty_name=$(. "${etc_dir}/os-release" && echo "${PRETTY_NAME}") + mountpoint -q "${mntdir}/etc" && umount "${mntdir}/etc" || true + + # read available kernels from /boot + boot_dir="$(try_default_layout_bpool "${dataset}" "${mntdir}")" + if [ -z "${boot_dir}" ]; then + boot_dir=$(get_system_directory "${dataset}" "boot" "false" "${mntdir}" "${etc_dir}") + fi + + if [ -z "${boot_dir}" ]; then + grub_warn "Ignoring ${dataset}" + mountpoint -q "${mntdir}/boot" && umount "${mntdir}/boot" || true + umount "${mntdir}" + return + fi + + initrd_list="" + kernel_list="" + list=$(find "${boot_dir}" -maxdepth 1 -type f -regex '.*/\(vmlinuz\|vmlinux\|kernel\)-.*') + while [ "x$list" != "x" ] ; do + linux=`version_find_latest $list` + list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` + if ! grub_file_is_not_garbage "${linux}" ; then + continue + fi + + # Filters entry if efi/non efi. + # Note that for now we allow kernel without .efi.signed as those are signed kernel + # on ubuntu, loaded by the shim. + case "${linux}" in + *.efi.signed) + if [ "$(is_secure_boot_enabled)" = "false" ]; then + continue + fi + ;; + esac + + linux_basename=$(basename "${linux}") + linux_dirname=$(dirname "${linux}") + version=$(echo "${linux_basename}" | sed -e "s,^[^0-9]*-,,g") + alt_version=$(echo "${version}" | sed -e "s,\.old$,,g") + + gettext_printf "Found linux image: %s in %s\n" "${linux_basename}" "${dataset}" >&2 + + initrd="" + for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \ + "initrd-${version}" "initramfs-${version}.img" \ + "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ + "initrd-${alt_version}" "initramfs-${alt_version}.img" \ + "initramfs-genkernel-${version}" \ + "initramfs-genkernel-${alt_version}" \ + "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ + "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do + if test -e "${linux_dirname}/${i}" ; then + initrd="$i" + break + fi + done + + if test -z "${initrd}" ; then + grub_warn "Couldn't find any valid initrd for dataset ${dataset}." + continue + fi + + gettext_printf "Found initrd image: %s in %s\n" "${initrd}" "${dataset}" >&2 + + rel_linux_dirname=$(make_system_path_relative_to_its_root "${linux_dirname}") + + initrd_list="${initrd_list}|${rel_linux_dirname}/${initrd}" + kernel_list="${kernel_list}|${rel_linux_dirname}/${linux_basename}" + done + + initrd_list="${initrd_list#|}" + kernel_list="${kernel_list#|}" + + initrd_device=$(${grub_probe} --target=device "${boot_dir}" | head -1) + + mountpoint -q "${mntdir}/boot" && umount "${mntdir}/boot" || true + # We needed to look in / for snapshots on root dataset, umount there before zfs lazily unmount it + case "${boot_dir}" in /boot/.zfs/snapshot/*) + umount "${boot_dir}" || true + ;; + esac + + # for zsys snapshots: we want to know which kernel we successful last booted with + last_booted_kernel=$(zfs get -H com.ubuntu.zsys:last-booted-kernel "${dataset}" | awk '{print $3}') + + # snapshot: last_used is dataset creation time + if [ "${is_snapshot}" = "true" ]; then + last_used="$(zfs get -pH creation "${dataset}" | awk -F '\t' '{print $3}')" + # otherwise, last_used is manually marked at boot/shutdown on a root dataset for zsys + else + # if current system, take current time + if zfs mount | awk '/[ \t]+\/$/ {print $1}' | grep -q ${dataset}; then + last_used=$(date +%s) + else + last_used=$(zfs get -H com.ubuntu.zsys:last-used "${dataset}" | awk '{print $3}') + # case of non zsys, or zsys without annotation, take /etc/machine-id stat (as we mounted with noatime). + # However, as systems can be relatime, if system is current mounted one, set current time (case of clone + reboot + # within the same d). + if [ "${last_used}" = "-" ]; then + last_used=$(stat --printf="%X" "${mntdir}/etc/os-release") + if [ -f "${mntdir}/etc/machine-id" ]; then + last_used=$(stat --printf="%X" "${mntdir}/etc/machine-id") + fi + fi + fi + fi + + is_zsys=$(zfs get -H com.ubuntu.zsys:bootfs "${base_dataset}" | awk '{print $3}') + + if [ -n "${initrd_list}" -a -n "${kernel_list}" ]; then + echo "${dataset}\t${is_zsys}\t${machine_id}\t${pretty_name}\t${last_used}\t${initrd_device}\t${initrd_list}\t${kernel_list}\t${last_booted_kernel}" + else + grub_warn "didn't find any valid initrd or kernel." + fi + + umount "${mntdir}" || true + # We needed to look in / for snapshots on root dataset, umount the snapshot for etc before zfs lazily unmount it + case "${etc_dir}" in /.zfs/snapshot/*/etc) + snapshot_path="$(findmnt -n -o TARGET -T ${etc_dir})" + umount "${snapshot_path}" || true + ;; + esac +} + +# Scan available boot options and returns in a formatted list +# $1 is the temporary mount directory to use +bootlist() { + local mntdir="$1" + local boot_list="" + + for dataset in $(get_root_datasets); do + # get information from current root dataset + boot_list="${boot_list}$(get_dataset_info ${dataset} ${mntdir})\n" + + # get information from snapshots of this root dataset + for snapshot_dataset in $(zfs list -H -o name -t snapshot "${dataset}"); do + boot_list="${boot_list}$(get_dataset_info ${snapshot_dataset} ${mntdir})\n" + done + done + echo "${boot_list}" +} + + +# Order machine ids by last_used from their main entry +get_machines_sorted() { + local bootlist="$1" + + local machineids="$(echo "${bootlist}" | awk '{print $3}' | sort -u)" + for machineid in ${machineids}; do + echo "${bootlist}" | awk 'BEGIN{FS="\t"} $1 !~ /.*@.*/ {print $5, $3}' | sort -nr | grep -E "[^^]\b${machineid}\b" | head -1 + done | sort -nr | awk '{print $2}' +} + +# Sort entries by last_used for a given machineid +sort_entries_for_machineid() { + local bootlist="$1" + local machineid="$2" + + tab="$(printf '\t')" + echo "${bootlist}" | grep -E "[^^]\b${machineid}\b" | sort -k5,5r -k1,1 -t "${tab}" +} + +# Return main entry index +get_main_entry() { + local entries="$1" + + echo "${entries}" | awk 'BEGIN{FS="\t"} $1 !~ /.*@.*/ {print}' | head -1 +} + +# Return specific field at index from entry +get_field_from_entry() { + local entry="$1" + local index="$2" + + echo "${entry}" | awk "BEGIN{FS=\"\t\"} {print \$$index}" +} + +# Get the main entry metadata +main_entry_meta() { + local main_entry="$1" + + initrd=$(get_field_from_entry "${main_entry}" 7 | cut -d'|' -f1) + kernel=$(get_field_from_entry "${main_entry}" 8 | cut -d'|' -f1) + + # Take first element (most recent entry) which is not a snapshot + echo "${main_entry}" | awk "BEGIN{ FS=\"\t\"; OFS=\"\t\"} {print \$3, \$2, \"main\", \$4, \$1, \$6, \"$initrd\", \"$kernel\"}" +} + +# Get advanced entries metadata +advanced_entries_meta() { + local main_entry="$1" + + last_used_kernel="$(get_field_from_entry "${main_entry}" 9 )" + + # We must align initrds with kernels. + # Adds initrds to the stack then pop them 1 by 1 as we process the kernels + set -- $(get_field_from_entry "${main_entry}" 7 | tr "|" " ") + for kernel in $(get_field_from_entry "${main_entry}" 8 | tr "|" " "); do + # get initrd and pop to the next one + initrd="$1"; shift + + was_last_used_kernel="false" + kernel_basename=$(basename "${kernel}") + if [ "${kernel_basename}" = "${last_used_kernel}" ]; then + was_last_used_kernel="true" + fi + + echo "${main_entry}" | awk "BEGIN{ FS=\"\t\"; OFS=\"\t\"} {print \$3, \$2, \"advanced\", \$4, \$1, \$6, \"$initrd\", \"$kernel\", \"$was_last_used_kernel\"}" + done +} + +# Get history metadata +history_entries_meta() { + local entries="$1" + local main_dataset_name="$2" + local main_dataset_releasename="$3" + + if [ -z "${entries}" ]; then + return + fi + + # Traverse snapshots and clones + echo "${entries}" | while read entry; do + name="" + # Compute snapshot/filesystem dataset name + snap_dataset_name="$(get_field_from_entry "${entry}" 1)" + + snapname="${snap_dataset_name##*@}" + # If, this is a clone, take what is after main_dataset_name + if [ "${snapname}" = "${snap_dataset_name}" ]; then + snapname="${snap_dataset_name##${main_dataset_name}_}" + + # Handle manual user clone (not prefixed by "main_dataset_name") + snapname="${snapname##*/}" + fi + + # We keep the snapname only if it is not only a zsys auto snapshot + if echo "${snapname}" | grep -q "^autozsys_"; then + snapname="" + fi + + # We store the release only if it different from main dataset release (snapshot before a release upgrade) + releasename=$(get_field_from_entry "${entry}" 4) + if [ "${releasename}" = "${main_dataset_releasename}" ]; then + releasename="" + fi + + # Snapshot date + foo="$(get_field_from_entry "${entry}" 5)" + snapdate="$(date -d @$(get_field_from_entry "${entry}" 5) "+%x @ %H:%M")" + + # For snapshots/clones the name can have the following formats: + # : autozsys, same release + # on : autozsys, different release + # on : Manual snapshot, same release + # , on : Manual snapshot, different release + if [ "${snapname}" = "" -a "${releasename}" = "" ]; then + name="${snapdate}" + elif [ "${snapname}" = "" -a "${releasename}" != "" ]; then + name=$(gettext_printf "%s on %s" "${releasename}" "${snapdate}") + elif [ "${snapname}" != "" -a "${releasename}" = "" ]; then + name=$(gettext_printf "%s on %s" "${snapname}" "${snapdate}") + else # snapname != "" && releasename != "" + name=$(gettext_printf "%s, %s on %s" "${snapname}" "${releasename}" "${snapdate}") + fi + + # Choose kernel and initrd if the snapshot was booted successfully on a specific kernel before + # Take latest by default if no match + initrd=$(get_field_from_entry "${entry}" 7 | cut -d'|' -f1) + kernel=$(get_field_from_entry "${entry}" 8 | cut -d'|' -f1) + last_used_kernel="$(get_field_from_entry "${entry}" 9)" + + # We must align initrds with kernels. + # Adds initrds to the stack then pop them 1 by 1 as we process the kernels + set -- $(get_field_from_entry "${entry}" 7 | tr "|" " ") + for k in $(get_field_from_entry "${entry}" 8|tr "|" " "); do + # get initrd and pop to the next one + candidate_initrd="$1"; shift + + kernel_basename=$(basename "${k}") + if [ "${kernel_basename}" = "${last_used_kernel}" ]; then + kernel="${k}" + initrd="${candidate_initrd}" + break + fi + done + + echo "${entry}" | awk "BEGIN{ FS=\"\t\"; OFS=\"\t\"} {print \$3, \$2, \"history\", \"$name\", \$1, \$6, \"$initrd\", \"$kernel\"}" + done +} + +# Generate metadata from a BOOTLIST that will subsequently used to generate +# the final grub menu entries +generate_grub_menu_metadata() { + local bootlist="$1" + + # Sort machineids by last_used from their main entry + for machineid in $(get_machines_sorted "${bootlist}"); do + entries="$(sort_entries_for_machineid "${bootlist}" ${machineid})" + main_entry="$(get_main_entry "${entries}")" + + if [ -z "$main_entry" ]; then + continue + fi + + main_entry_meta "${main_entry}" + advanced_entries_meta "${main_entry}" + + main_dataset_name="$(get_field_from_entry "${main_entry}" 1)" + main_dataset_releasename="$(get_field_from_entry "${main_entry}" 4)" + # grep -v errcode != 0 if there is no match. || true to not fail with -e + other_entries="$(echo "${entries}" | grep -v "${main_entry}" || true)" + history_entries_meta "${other_entries}" "${main_dataset_name}" "${main_dataset_releasename}" + done +} + +# Print the configuration part common to all sections +# Note: +# If 10_linux runs these part will be defined twice in grub configuration +print_menu_prologue() { + cat << 'EOF' +function gfxmode { + set gfxpayload="${1}" +EOF + if [ "${vt_handoff}" = 1 ]; then + cat << 'EOF' + if [ "${1}" = "keep" ]; then + set vt_handoff=vt.handoff=1 + else + set vt_handoff= + fi +EOF + fi + cat << EOF +} +EOF + + # Use ELILO's generic "efifb" when it's known to be available. + # FIXME: We need an interface to select vesafb in case efifb can't be used. + GRUB_GFXPAYLOAD_LINUX="${GRUB_GFXPAYLOAD_LINUX:-}" + if [ "${GRUB_GFXPAYLOAD_LINUX}" != "" ] || [ "${gfxpayload_dynamic}" = 0 ]; then + echo "set linux_gfx_mode=${GRUB_GFXPAYLOAD_LINUX}" + else + cat << EOF +if [ "\${recordfail}" != 1 ]; then + if [ -e \${prefix}/gfxblacklist.txt ]; then + if hwmatch \${prefix}/gfxblacklist.txt 3; then + if [ \${match} = 0 ]; then + set linux_gfx_mode=keep + else + set linux_gfx_mode=text + fi + else + set linux_gfx_mode=text + fi + else + set linux_gfx_mode=keep + fi +else + set linux_gfx_mode=text +fi +EOF + fi + cat << EOF +export linux_gfx_mode +EOF +} + +# Cache for prepare_grub_to_access_device call +# $1: boot_device +# $2: submenu_level +prepare_grub_to_access_device_cached() { + local boot_device="$1" + local submenu_level="$2" + + local boot_device_idx="$(echo ${boot_device} | tr '/' '_')" + + cache_file="${ZFSTMP}/$(echo boot_device${boot_device_idx})" + if [ ! -f "${cache_file}" ]; then + set +u + echo "$(prepare_grub_to_access_device "${boot_device}")" > "${cache_file}" + set -u + for i in 0 1 2; do + submenu_indentation="$(printf %${i}s | tr " " "${grub_tab}")" + sed "s/^/${submenu_indentation} /" "${cache_file}" > "${cache_file}--${i}" + done + fi + + cat "${cache_file}--${submenu_level}" +} + + +# Print a grub menu entry +zfs_linux_entry () { + submenu_level="$1" + title="$2" + type="$3" + dataset="$4" + boot_device="$5" + initrd="$6" + kernel="$7" + kernel_version="$8" + kernel_additional_args="${9:-}" + boot_devices="${10:-}" + + submenu_indentation="$(printf %${submenu_level}s | tr " " "${grub_tab}")" + + echo "${submenu_indentation}menuentry '$(echo "${title}" | grub_quote)' ${CLASS} \${menuentry_id_option} 'gnulinux-${dataset}-${kernel_version}' {" + + if [ "${quick_boot}" = 1 ]; then + echo "${submenu_indentation} recordfail" + fi + + if [ "${type}" != "recovery" ] ; then + GRUB_SAVEDEFAULT=${GRUB_SAVEDEFAULT:-} + default_entry="$(save_default_entry)" + if [ -n "${default_entry}" ]; then + echo "${submenu_indentation} ${default_entry}" + fi + fi + + # Use ELILO's generic "efifb" when it's known to be available. + # FIXME: We need an interface to select vesafb in case efifb can't be used. + if [ "${GRUB_GFXPAYLOAD_LINUX}" = "" ]; then + echo "${submenu_indentation} load_video" + else + if [ "${GRUB_GFXPAYLOAD_LINUX}" != "text" ]; then + echo "${submenu_indentation} load_video" + fi + fi + + if ([ "${ubuntu_recovery}" = 0 ] || [ "${type}" != "recovery" ]) && \ + ([ "${GRUB_GFXPAYLOAD_LINUX}" != "" ] || [ "${gfxpayload_dynamic}" = 1 ]); then + echo "${submenu_indentation} gfxmode \${linux_gfx_mode}" + fi + + echo "${submenu_indentation} insmod gzio" + echo "${submenu_indentation} if [ \"\${grub_platform}\" = xen ]; then insmod xzio; insmod lzopio; fi" + + if [ -n "$boot_devices" ]; then + for device in ${boot_devices}; do + echo "${submenu_indentation} if [ "${boot_device}" = "${device}" ]; then" + echo "$(prepare_grub_to_access_device_cached "${device}" $(( submenu_level +1 )) )" + echo "${submenu_indentation} fi" + done + else + echo "$(prepare_grub_to_access_device_cached "${boot_device}" "${submenu_level}")" + fi + + if [ "${quiet_boot}" = 0 ] || [ "${type}" != simple ]; then + echo "${submenu_indentation} echo $(gettext_printf "Loading Linux %s ..." ${kernel_version} | grub_quote)" + fi + + linux_default_args="${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" + if [ ${type} = "recovery" ]; then + linux_default_args="${GRUB_CMDLINE_LINUX_RECOVERY} ${GRUB_CMDLINE_LINUX}" + fi + + echo "${submenu_indentation} linux ${kernel} root=ZFS=${dataset} ro ${linux_default_args} ${kernel_additional_args}" + + if [ "${quiet_boot}" = 0 ] || [ "${type}" != simple ]; then + echo "${submenu_indentation} echo '$(gettext_printf "Loading initial ramdisk ..." | grub_quote)'" + fi + echo "${submenu_indentation} initrd ${initrd}" + echo "${submenu_indentation}}" +} + +# Generate a GRUB Menu from menu meta data +# $1 menu metadata +generate_grub_menu() { + local menu_metadata="$1" + local last_section="" + local main_dataset_name="" + local main_dataset="" + local have_zsys="" + + if [ -z "${menu_metadata}" ]; then + return + fi + + CLASS="--class gnu-linux --class gnu --class os" + + if [ "${GRUB_DISTRIBUTOR}" = "" ] ; then + OS=GNU/Linux + else + case ${GRUB_DISTRIBUTOR} in + Ubuntu|Kubuntu) + OS="${GRUB_DISTRIBUTOR}" + ;; + *) + OS="${GRUB_DISTRIBUTOR} GNU/Linux" + ;; + esac + CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1 | LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" + fi + + if [ -x /lib/recovery-mode/recovery-menu ]; then + GRUB_CMDLINE_LINUX_RECOVERY=recovery + else + GRUB_CMDLINE_LINUX_RECOVERY=single + fi + if [ "${ubuntu_recovery}" = 1 ]; then + GRUB_CMDLINE_LINUX_RECOVERY="${GRUB_CMDLINE_LINUX_RECOVERY} nomodeset" + fi + + case "$GENKERNEL_ARCH" in + x86*) GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY dis_ucode_ldr";; + esac + + + if [ "${vt_handoff}" = 1 ]; then + for word in ${GRUB_CMDLINE_LINUX_DEFAULT}; do + if [ "${word}" = splash ]; then + GRUB_CMDLINE_LINUX_DEFAULT="${GRUB_CMDLINE_LINUX_DEFAULT} \${vt_handoff}" + fi + done + fi + + print_menu_prologue + + cat<<'EOF' +function zsyshistorymenu { + # $1: root dataset (eg rpool/ROOT/ubuntu_2zhm07@autozsys_k56fr6) + # $2: boot device id (eg 411f29ce1557bfed) + # $3: initrd (eg /BOOT/ubuntu_2zhm07@autozsys_k56fr6/initrd.img-5.4.0-21-generic) + # $4: kernel (eg /BOOT/ubuntu_2zhm07@autozsys_k56fr6/vmlinuz-5.4.0-21-generic) + # $5: kernel_version (eg 5.4.0-21-generic) + + set root_dataset="${1}" + set boot_device="${2}" + set initrd="${3}" + set kernel="${4}" + set kversion="${5}" + +EOF + boot_devices=$(echo "${menu_metadata}" | cut -d"$(printf '\t')" -f6 | sort -u) + + title=$(gettext_printf "Revert system only") + zfs_linux_entry 1 "${title}" "simple" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' '' "${boot_devices}" + + title="$(gettext_printf "Revert system and user data")" + zfs_linux_entry 1 "${title}" "simple" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' 'zsys-revert=userdata' "${boot_devices}" + + GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}" + if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then + title="$(gettext_printf "Revert system only (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")" + zfs_linux_entry 1 "${title}" "recovery" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' '' "${boot_devices}" + + title="$(gettext_printf "Revert system and user data (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")" + zfs_linux_entry 1 "${title}" "recovery" '${root_dataset}' '${boot_device}' '${initrd}' '${kernel}' '${kversion}' 'zsys-revert=userdata' "${boot_devices}" + fi +echo "}" +echo + + # IFS is set to TAB (ASCII 0x09) + echo "${menu_metadata}" | + { + at_least_one_entry=0 + have_zsys="$(which zsysd || true)" + while IFS="$(printf '\t')" read -r machineid iszsys section name dataset device initrd kernel opt; do + + # Disable history for non zsys system or if systems is a zsys one and zsys isn't installed. + # In pure zfs systems, we identified multiple issues due to the mount generator + # in upstream zfs which makes it incompatible. Don't show history for now. + if [ "${section}" = "history" ]; then + if [ "${iszsys}" != "yes" ] || [ "${iszsys}" = "yes" -a -z "${have_zsys}" ]; then + continue + fi + fi + + if [ "${last_section}" != "${section}" -a -n "${last_section}" ]; then + # Close previous section wrapper + if [ "${last_section}" != "main" ]; then + echo "}" # Add grub_tabs + at_least_one_entry=0 + fi + fi + + case "${section}" in + main) + title="${name}" + main_dataset_name="${name}" + main_dataset="${dataset}" + + kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g") + zfs_linux_entry 0 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + at_least_one_entry=1 + ;; + advanced) + # normal and recovery entries for a given kernel + if [ "${last_section}" != "${section}" ]; then + echo "submenu '$(gettext_printf "Advanced options for %s" "${main_dataset_name}" | grub_quote)' \${menuentry_id_option} 'gnulinux-advanced-${main_dataset}' {" + fi + + last_booted_kernel_marker="" + if [ "${opt}" = "true" ]; then + last_booted_kernel_marker="* " + fi + + kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g") + title="$(gettext_printf "%s%s, with Linux %s" "${last_booted_kernel_marker}" "${name}" "${kernel_version}")" + zfs_linux_entry 1 "${title}" "advanced" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + + GRUB_DISABLE_RECOVERY=${GRUB_DISABLE_RECOVERY:-} + if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then + title="$(gettext_printf "%s%s, with Linux %s (%s)" "${last_booted_kernel_marker}" "${name}" "${kernel_version}" "$(gettext "${GRUB_RECOVERY_TITLE}")")" + zfs_linux_entry 1 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + fi + at_least_one_entry=1 + ;; + history) + # Revert to a snapshot + # revert system, revert system and user data and associated recovery entries + if [ "${last_section}" != "${section}" ]; then + echo "submenu '$(gettext_printf "History for %s" "${main_dataset_name}" | grub_quote)' \${menuentry_id_option} 'gnulinux-history-${main_dataset}' {" + fi + + if [ "${iszsys}" = "yes" ]; then + title="$(gettext_printf "Revert to %s" "${name}" | grub_quote)" + else + title="$(gettext_printf "Boot on %s" "${name}" | grub_quote)" + fi + echo " submenu '${title}' \${menuentry_id_option} 'gnulinux-history-${dataset}' {" + + kernel_version=$(basename "${kernel}" | sed -e "s,^[^0-9]*-,,g") + + # Zsys only: let revert system without destroying snapshots + if [ "${iszsys}" = "yes" ]; then + echo "${grub_tab}${grub_tab}zsyshistorymenu" \"${dataset}\" \"${device}\" \"${initrd}\" \"${kernel}\" \"${kernel_version}\" + # Non-zsys: boot temporarly on snapshots or rollback (destroying intermediate snapshots) + else + title="$(gettext_printf "One time boot")" + zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + + GRUB_DISABLE_RECOVERY="${GRUB_DISABLE_RECOVERY:-}" + if [ "${GRUB_DISABLE_RECOVERY}" != "true" ]; then + title="$(gettext_printf "One time boot (%s)" "$(gettext "${GRUB_RECOVERY_TITLE}")")" + zfs_linux_entry 2 "${title}" "recovery" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" + fi + + title="$(gettext_printf "Revert system (all intermediate snapshots will be destroyed)")" + zfs_linux_entry 2 "${title}" "simple" "${dataset}" "${device}" "${initrd}" "${kernel}" "${kernel_version}" "rollback=yes" + fi + + echo " }" + at_least_one_entry=1 + ;; + *) + grub_warn "unknown section: ${section}. Ignoring entry ${name} for ${dataset}" + ;; + esac + last_section="${section}" + done + + if [ "${at_least_one_entry}" -eq 1 ]; then + echo "}" + fi + } +} + +# don't add trailing newline of variable is empty +# $1: content to write +# $2: destination file +trailing_newline_if_not_empty() { + content="$1" + dest="$2" + + if [ -z "${content}" ]; then + rm -f "${dest}" + touch "${dest}" + return + fi + echo "${content}" > "${dest}" +} + + +GRUB_LINUX_ZFS_TEST="${GRUB_LINUX_ZFS_TEST:-}" +case "${GRUB_LINUX_ZFS_TEST}" in + bootlist) + # Import all available pools on the system and return imported list + imported_pools=$(import_pools) + boot_list="$(bootlist ${MNTDIR})" + trailing_newline_if_not_empty "${boot_list}" "${GRUB_LINUX_ZFS_TEST_OUTPUT}" + break + ;; + metamenu) + boot_list="$(cat ${GRUB_LINUX_ZFS_TEST_INPUT})" + menu_metadata="$(generate_grub_menu_metadata "${boot_list}")" + trailing_newline_if_not_empty "${menu_metadata}" "${GRUB_LINUX_ZFS_TEST_OUTPUT}" + break + ;; + grubmenu) + menu_metadata="$(cat ${GRUB_LINUX_ZFS_TEST_INPUT})" + grub_menu=$(generate_grub_menu "${menu_metadata}") + trailing_newline_if_not_empty "${grub_menu}" "${GRUB_LINUX_ZFS_TEST_OUTPUT}" + break + ;; + *) + # Import all available pools on the system and return imported list + imported_pools=$(import_pools) + # Generate the complete list of boot entries + boot_list="$(bootlist ${MNTDIR})" + # Create boot menu meta data from the list of boot entries + menu_metadata="$(generate_grub_menu_metadata "${boot_list}")" + # Create boot menu meta data from the list of boot entries + grub_menu="$(generate_grub_menu "${menu_metadata}")" + if [ -n "${grub_menu}" ]; then + # We want the trailing newline as a marker will be added + echo "${grub_menu}" + fi + ;; +esac diff --git a/util/grub.d/20_linux_xen.in b/util/grub.d/20_linux_xen.in index 81e5f0d7e..310ff1d5f 100644 --- a/util/grub.d/20_linux_xen.in +++ b/util/grub.d/20_linux_xen.in @@ -149,12 +149,12 @@ EOF message="$(gettext_printf "Loading initial ramdisk ...")" initrd_path= for i in ${initrd}; do - initrd_path="${initrd_path} ${rel_dirname}/${i}" - done - sed "s/^/$submenu_indentation/" << EOF + initrd_path="${rel_dirname}/${i}" + sed "s/^/$submenu_indentation/" << EOF echo '$(echo "$message" | grub_quote)' ${module_loader} --nounzip $(echo $initrd_path) EOF + done fi sed "s/^/$submenu_indentation/" << EOF } @@ -276,7 +276,10 @@ while [ "x${xen_list}" != "x" ] ; do initrd= if test -n "${initrd_early}" || test -n "${initrd_real}"; then - initrd="${initrd_early} ${initrd_real}" + # Xen assumes the real initrd is the first module after the kernel. + # Additional (later) initrds can also be used for microcode update, + # with Xen option 'ucode= (non-default anyway). + initrd="${initrd_real} ${initrd_early}" initrd_display= for i in ${initrd}; do diff --git a/util/grub.d/30_uefi-firmware.in b/util/grub.d/30_uefi-firmware.in index 3c9f533d8..b072d219f 100644 --- a/util/grub.d/30_uefi-firmware.in +++ b/util/grub.d/30_uefi-firmware.in @@ -32,9 +32,9 @@ OsIndications="$efi_vars_dir/OsIndicationsSupported-$EFI_GLOBAL_VARIABLE/data" if [ -e "$OsIndications" ] && \ [ "$(( $(printf 0x%x \'"$(cat $OsIndications | cut -b1)") & 1 ))" = 1 ]; then - LABEL="System setup" + LABEL="UEFI Firmware Settings" - gettext_printf "Adding boot menu entry for EFI firmware configuration\n" >&2 + gettext_printf "Adding boot menu entry for UEFI Firmware Settings\n" >&2 onstr="$(gettext_printf "(on %s)" "${DEVICE}")"