diff -Nru grub2-2.02~beta2/debian/build-efi-images grub2-2.02~beta2/debian/build-efi-images --- grub2-2.02~beta2/debian/build-efi-images 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/build-efi-images 2020-08-24 08:54:59.000000000 +0000 @@ -100,6 +100,7 @@ jpeg keystatus loadenv + loopback linux lsefi lsefimmap @@ -119,6 +120,7 @@ search_fs_file search_label sleep + squash4 test true video diff -Nru grub2-2.02~beta2/debian/changelog grub2-2.02~beta2/debian/changelog --- grub2-2.02~beta2/debian/changelog 2016-04-15 21:21:19.000000000 +0000 +++ grub2-2.02~beta2/debian/changelog 2021-04-30 12:33:21.000000000 +0000 @@ -1,3 +1,364 @@ +grub2 (2.02~beta2-36ubuntu3.32) xenial; urgency=medium + + * Cherrypick upstream commit to add support for + R_AARCH64_ADR_PREL_PG_HI21, R_AARCH64_ADD_ABS_LO12_NC, + R_AARCH64_LDST64_ABS_LO12_NC relocations in grub-install / mkimage to + allow generating and installing grub.efi from one-grub modules. LP: + #1926748 + + -- Dimitri John Ledkov Fri, 30 Apr 2021 13:33:21 +0100 + +grub2 (2.02~beta2-36ubuntu3.31) xenial; urgency=medium + + [ Dimitri John Ledkov & Steve Langasek ] + * Relax dependencies to allow grub-efi be installed with later versions + of grub-efi-amd64. Stop building grub-efi-amd64|arm64{-bin,dbg} + packages, now provided by src:grub2-unsigned. LP: #1915536 + + [ Dimitri John Ledkov ] + * Cherrypick 2.02+dfsg1-5 patch for x86-64: Treat R_X86_64_PLT32 as + R_X86_64_PC32 to allow processing 2.04 grub modules built with newer + binutils. + + -- Dimitri John Ledkov Wed, 24 Feb 2021 19:59:33 +0000 + +grub2 (2.02~beta2-36ubuntu3.29) xenial; urgency=medium + + * Avoid "EFI stub: FIRMWARE BUG" message when booting >= 5.7 kernels + on arm64 by setting the image base address before jumping to the + PE/COFF entry point LP: #1900774 + * Fix tftp timeouts when fetching large files. LP: #1900773 + + -- dann frazier Fri, 13 Nov 2020 18:03:44 -0700 + +grub2 (2.02~beta2-36ubuntu3.28) xenial; urgency=medium + + * debian/patches/ubuntu-flavour-order.patch: + - Add a (hidden) GRUB_FLAVOUR_ORDER setting that can mark certain kernel + flavours as preferred, and specify an order between those preferred + flavours (LP: #1882663) + * debian/patches/ubuntu-recovery-dis_ucode_ldr.patch: + - Pass dis_ucode_ldr to kernel for recovery mode (LP: #1831789) + + -- Julian Andres Klode Mon, 24 Aug 2020 10:54:59 +0200 + +grub2 (2.02~beta2-36ubuntu3.27) xenial; urgency=medium + + * debian/postinst.in: Avoid calling grub-install on upgrade of the grub-pc + package, since we cannot be certain that it will install to the correct + disk and a grub-install failure will render the system unbootable. + LP: #1889556. + + -- Steve Langasek Thu, 30 Jul 2020 21:27:00 -0700 + +grub2 (2.02~beta2-36ubuntu3.26) xenial; urgency=medium + + [ Chris Coulson ] + * SECURITY UPDATE: Heap buffer overflow when encountering commands that + cannot be tokenized to less than 8192 characters. + - 0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch: Make + fatal lexer errors actually be fatal + - CVE-2020-10713 + * SECURITY UPDATE: Multiple integer overflow bugs that could result in + heap buffer allocations that were too small and subsequent heap buffer + overflows when handling certain filesystems, font files or PNG images. + - 0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch: Add + arithmetic primitives that allow for overflows to be detected + - 0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch: + Make sure that there is always an overflow checking implementation + of calloc() available + - 0085-calloc-Use-calloc-at-most-places.patch: Use calloc where + appropriate + - 0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch: Use + overflow-safe arithmetic primitives when performing allocations + based on the results of operations that might overflow + - 0094-hfsplus-fix-two-more-overflows.patch: Fix integer overflows in + hfsplus + - 0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch: Fix + more potential integer overflows in lvm + - CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 + * SECURITY UPDATE: Use-after-free when executing a command that causes + a currently executing function to be redefined. + - 0092-script-Remove-unused-fields-from-grub_script_functio.patch: + Remove unused fields from grub_script_function + - 0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch: + Avoid a use-after-free when redefining a function during execution + - CVE-2020-15706 + * SECURITY UPDATE: Integer overflows that could result in heap buffer + allocations that were too small and subsequent heap buffer overflows + during initrd loading. + - 0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch: Fix + integer overflows in initrd size handling + - 0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch: Fix + integer overflows in linuxefi grub_cmd_initrd + - CVE-2020-15707 + * Various fixes as a result of code review and static analysis: + - 0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch: Fix a + memory leak on realloc failures when processing symbolic links + - 0088-font-Do-not-load-more-than-one-NAME-section.patch: Fix a + memory leak when processing font files with more than one NAME + section + - 0089-gfxmenu-Fix-double-free-in-load_image.patch: Zero self->bitmap + after it is freed in order to avoid a potential double free later on + - 0090-lzma-Make-sure-we-don-t-dereference-past-array.patch: Fix an + out-of-bounds read in LzmaEncode + - 0091-tftp-Do-not-use-priority-queue.patch: Refactor tftp to not use + priority queues and fix a double free + - 0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch: Fix + various arithmetic errors with malformed device paths + - 0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch: Fix + a NULL deref in the chainloader command introduced by a previous + patch + - 0100-chainloader-Avoid-a-double-free-when-validation-fail.patch: + Avoid a double free in the chainloader command when validation fails + - 0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch: + Protect grub_relocator_alloc_chunk_addr input arguments against + integer overflow / underflow + - 0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch: + Protect grub_relocator_alloc_chunk_align max_addr argument against + integer underflow + - 0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch: Fix + grub_relocator_alloc_chunk_align top memory allocation + - 0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch: + Avoid overflow on initrd size calculation + * debian/patches/linuxefi_disable_sb_fallback.patch: Disallow unsigned + kernels if UEFI Secure Boot is enabled. If UEFI Secure Boot is enabled + and kernel signature verification fails, do not boot the kernel. Patch + from Linn Crosetto. (LP: #1401532) + * ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch: + - Make the linux command in EFI grub always try EFI handover + + [ Dimitri John Ledkov ] + * SECURITY UPDATE: Grub does not enforce kernel signature validation + when the shim protocol isn't present. + - 0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch: + Fail kernel validation if the shim protocol isn't available + - CVE-2020-15705 + + -- Chris Coulson Mon, 20 Jul 2020 21:28:33 +0100 + +grub2 (2.02~beta2-36ubuntu3.23) xenial; urgency=medium + + * d/p/fix_booting_for_large_root_volumes.patch: Cherry pick upstream + fix for booting on systems with large root volumes, either by default + or from resizing. (LP: #1840686) + + -- Matthew Ruffell Sat, 19 Oct 2019 17:47:16 +1300 + +grub2 (2.02~beta2-36ubuntu3.22) xenial; urgency=medium + + * debian/patches/skip_text_gfxpayload_where_not_supported.patch: Skip the + 'text' payload if it's not supported but present in gfxpayload, such as + on EFI systems. (LP: #1826453) + + -- Mathieu Trudel-Lapierre Mon, 29 Apr 2019 10:04:24 -0400 + +grub2 (2.02~beta2-36ubuntu3.21) xenial; urgency=medium + + * debian/patches/squash4-fix-fragments-and-sparse-files.patch: Cherry-pick + upstream patch to fix handling of fragments and sparse files in squashfs + filesystems (LP: #1820898). + + -- Colin Watson Wed, 20 Mar 2019 00:31:55 +0000 + +grub2 (2.02~beta2-36ubuntu3.20) xenial; urgency=medium + + * debian/patches/linuxefi_fix_relocate_coff.patch: fix typo in + relocate_coff() causing issues with relocation of code in chainload. + (LP: #1792575) + * debian/patches/linuxefi_truncate_overlong_reloc_section.patch: The Windows + 7 bootloader has inconsistent headers; truncate to the smaller, correct + size to fix chainloading Windows 7. (LP: #1792575) + + -- Mathieu Trudel-Lapierre Fri, 02 Nov 2018 13:08:47 -0400 + +grub2 (2.02~beta2-36ubuntu3.19) xenial; urgency=medium + + * debian/patches/0001-i386-linux-Add-support-for-ext_lfb_base.patch: + Add support for ext_lfb_base. (LP: #1785033) + + -- Ivan Hu Wed, 05 Sep 2018 14:17:32 +0800 + +grub2 (2.02~beta2-36ubuntu3.18) xenial; urgency=medium + + * debian/patches/efinet_check_imm_completion.patch: check for immediate + completion when sending data to the net device buffer. This is a required + commit for the patch below. + * debian/patches/efinet_handle_buggy_get_status.patch: correctly handle the + output of get_status() for EFI net devices on buggy firmware. + (LP: #1437353) + + -- Mathieu Trudel-Lapierre Mon, 19 Mar 2018 16:11:06 -0400 + +grub2 (2.02~beta2-36ubuntu3.17) xenial; urgency=medium + + * Signal to zpool that it should emit full names of constituent devices. + (LP: #1527727) + + -- Scott Moser Wed, 24 Jan 2018 16:21:35 -0500 + +grub2 (2.02~beta2-36ubuntu3.16) xenial; urgency=medium + + [ dann frazier ] + * Use EFI_SIMPLE_TEXT_INPUT_EX to support key combinations. + (LP: #722950) + + [ Mathieu Trudel-Lapierre ] + * util/grub-install.c: Use MokManager EFI binary name without + the .signed extension now that shim handles signing via sbsigntool + natively. (LP: #1708245) + - debian/patches/install_signed.patch + * debian/control: Breaks shim << 13 due to the renamed MokManager binary. + + -- dann frazier Wed, 10 Jan 2018 17:04:34 -0700 + +grub2 (2.02~beta2-36ubuntu3.15) xenial; urgency=medium + + [ Ike Panhc ] + * Fix grub crash when exit on arm64-platform. (LP: #1731241) + + [ Mathieu Trudel-Lapierre ] + * Cherry-pick upstream patch to change the default TSC calibration method + to pmtimer on EFI systems (LP: #1734278) + + -- Mathieu Trudel-Lapierre Mon, 11 Dec 2017 10:25:22 -0500 + +grub2 (2.02~beta2-36ubuntu3.14) xenial; urgency=medium + + * Add grub2/update_nvram template to allow users to disable NVRAM + updates during package upgrades (LP: #1642298). + + -- dann frazier Thu, 14 Sep 2017 16:13:39 -0600 + +grub2 (2.02~beta2-36ubuntu3.13) xenial; urgency=medium + + * Fix EFIPersistentMemory (PMEM) support; incorrectly handled as "standard" + reserved memory without really marking it reserved: (LP: #1716424) + - debian/patches/git_pmem_really_mark_mem_reserved_3d2c8048.patch + - debian/patches/git_pmem_translate_persistent_type_76ce1de7.patch + - debian/patches/git_pmem_mmap_handle_pmem_c79c59f1.patch + - debian/patches/git_pmem_efiemu_handle_pmem_ae3b83a4.patch + + -- Mathieu Trudel-Lapierre Sun, 10 Sep 2017 20:08:16 -0400 + +grub2 (2.02~beta2-36ubuntu3.12) xenial; urgency=medium + + * debian/patches: Rework linuxefi/SecureBoot support and sync with upstream + SB patch set: (LP: #1696599) + - linuxefi_backport_arm64.patch: backport basic arm64 chainload/linux + command support from 17.04. + - linuxefi_arm_sb_support.patch: add Secure Boot support for arm for its + chainloader. + - linuxefi_fix_validation_race.patch: Fix a race in validating images. + - linuxefi_chainloader_path.patch: honor the starting path for grub, so + images do not need to be started from $root. + - linuxefi_chainloader_sb.patch: Fix some more issues in chainloader use + when Secure Boot is enabled. + - linuxefi_loaders_enforce_sb.patch: Enforce Secure Boot policy for all + loaders: don't load the commands when Secure Boot is enabled. + - linuxefi_re-enable_linux_cmd.patch: Since we rely on the linux and + initrd commands to automatically hand-off to linuxefi/initrdefi; re- + enable the linux loader. + - linuxefi_chainloader_pe_fixes.patch: PE parsing fixes for chainloading + "special" PE images, such as Windows'. + - linuxefi_rework_non-sb_cases.patch: rework cases where Secure Boot is + disabled or shim validation is disabled so loading works as EFI binaries + when it is supposed to. + - Removed linuxefi_require_shim.patch; superseded by the above. + (LP: #1689687) + * debian/patches/git_tsc_use_alt_delay_sources_d43a5ee6.patch: refreshed. + * debian/patches/arm64-set-correct-length-of-device-path-end-entry.patch: + dropped; included in linuxefi_backport_arm64.patch. + + -- Mathieu Trudel-Lapierre Thu, 08 Jun 2017 10:16:17 -0700 + +grub2 (2.02~beta2-36ubuntu3.11) xenial; urgency=medium + + * Fix syntax error in debian/postinst.in. (LP #1692181) + + -- Steve Langasek Sat, 20 May 2017 12:59:17 -0700 + +grub2 (2.02~beta2-36ubuntu3.10) xenial; urgency=medium + + * debian/patches/install_signed.patch: don't install fb$arch.efi; it breaks + "removable" installs where files are all installed to /EFI/BOOT; and it + also doesn't belong in the /EFI/ubuntu path for the default case. Fallback + install simply needs more work and isn't ready for SRU. (LP: #1684341) + * debian/postinst.in: clean up fb$arch.efi. + + -- Mathieu Trudel-Lapierre Fri, 19 May 2017 16:54:14 -0400 + +grub2 (2.02~beta2-36ubuntu3.9) xenial; urgency=medium + + * debian/patches/install_signed.patch: update to use the new names for the + shim binary (shim$arch), MokManager (mm$arch) and add fallback (fb$arch). + (LP: #1637290) + * debian/control: Breaks shim (<< 0.9+1474479173.6c180c6-0ubuntu1~) for the + renamed EFI binaries. + + -- Mathieu Trudel-Lapierre Tue, 08 Nov 2016 14:42:24 -0500 + +grub2 (2.02~beta2-36ubuntu3.8) xenial; urgency=medium + + * debian/patches/support_initrd-less_boot.patch: Added knobs to allow + non-initrd boot config. Thanks Chris Glass! (LP: #1640878) + + -- Mathieu Trudel-Lapierre Wed, 01 Mar 2017 12:36:16 -0500 + +grub2 (2.02~beta2-36ubuntu3.7) xenial; urgency=medium + + [ Mauricio Faria de Oliveira ] + * Disable os-prober for ppc64el on the PowerNV platform, to reduce the + number of entries/clutter from other OSes in Petitboot (LP: #1447500) + + -- Mathieu Trudel-Lapierre Wed, 11 Jan 2017 19:07:05 -0500 + +grub2 (2.02~beta2-36ubuntu3.6) xenial; urgency=medium + + * Fix support for IPv6 PXE booting under UEFI: (LP: #1229458) + - grub_add_grub_env_set_net_property.patch: add grub_env_set_net_property. + - misc-fix-invalid-char-strtol.patch: fix strto*l methods invalid chars. + - net_read_bracketed_ipv6_addr.patch: read bracketed IPv6 addresses. + - bootp_new_net_bootp6_command.patch: add new bootp6 commands. + - efinet_uefi_ipv6_pxe_support.patch: teach efinet to allow bootp6. + - bootp_process_dhcpack_http_boot.patch: process DHCPACK, support HTTP. + - efinet_set_network_from_uefi_devpath.patch: configure network from the + devpath provided by the UEFI firmware. + - efinet_set_dns_from_uefi_proto.patch: set DNS nameservers and search + domains from the UEFI protocol. + * Fix booting on Hyper-V gen 2 VMs due to the lack of PIT there; we can deal + with this by using other timers when PIT aren't available. (LP: #1519836) + - debian/patches/git_tsc_use_alt_delay_sources_d43a5ee6.patch + - debian/patches/git_split_pmtimer_wait_tsc_d9a3bfea.patch + - debian/patches/git_fix_tsc_calibration_pit_a03c1034.patch + + -- Mathieu Trudel-Lapierre Thu, 15 Sep 2016 13:56:55 -0400 + +grub2 (2.02~beta2-36ubuntu3.3) xenial; urgency=medium + + * debian/patches/ip6_send_router_solicitation_7c4b6b7b.patch: handle long + RA intervals by explicitly sending a SOLICIT. + * debian/patches/ip6_fix_routing_eb9f401f.patch: fix IPv6 routing; we should + be able to talk to things outside of link-local addresses; to do this, + allow specifying a gateway and interface. (LP: #1229458) + + -- Mathieu Trudel-Lapierre Wed, 03 Aug 2016 16:46:41 -0400 + +grub2 (2.02~beta2-36ubuntu3.2) xenial; urgency=medium + + * Add loopback and squash4 modules to the signed EFI images. LP: #1604499. + + -- Steve Langasek Fri, 22 Jul 2016 15:29:24 -0700 + +grub2 (2.02~beta2-36ubuntu3.1) xenial; urgency=medium + + * debian/postinst.in: replace setup_mok_validation with a call to + update-secureboot-policy, a script shipped by shim-signed. + (LP: #1574727) + * debian/control: drop Depends on mokutil, we're not calling it directly. + + -- Mathieu Trudel-Lapierre Fri, 20 May 2016 15:04:00 -0400 + grub2 (2.02~beta2-36ubuntu3) xenial; urgency=medium * No-change rebuild to correctly build our unicode font against libfreetype6. diff -Nru grub2-2.02~beta2/debian/config.in grub2-2.02~beta2/debian/config.in --- grub2-2.02~beta2/debian/config.in 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/config.in 2020-08-24 08:54:59.000000000 +0000 @@ -78,4 +78,9 @@ db_input low grub2/force_efi_extra_removable || true ;; esac +case @PACKAGE@ in + grub-*efi*|grub-ieee1275) + db_input low grub2/update_nvram || true + ;; +esac db_go diff -Nru grub2-2.02~beta2/debian/control grub2-2.02~beta2/debian/control --- grub2-2.02~beta2/debian/control 2016-04-15 16:46:50.000000000 +0000 +++ grub2-2.02~beta2/debian/control 2021-02-24 19:59:33.000000000 +0000 @@ -63,7 +63,7 @@ Section: oldlibs Architecture: any-i386 any-amd64 Pre-Depends: ${misc:Pre-Depends} -Depends: ${misc:Depends}, grub-efi-ia32 (= ${binary:Version}) [any-i386], grub-efi-amd64 (= ${binary:Version}) [any-amd64] +Depends: ${misc:Depends}, grub-efi-ia32 (= ${binary:Version}) [any-i386], grub-efi-amd64 (>= ${binary:Version}) [any-amd64] Multi-Arch: foreign Description: GRand Unified Bootloader, version 2 (dummy package) This is a dummy transitional package that depends on either grub-efi-ia32 or @@ -94,7 +94,7 @@ Depends: grub-common (= ${binary:Version}), dpkg (>= 1.15.4) | install-info, ${shlibs:Depends}, ${misc:Depends} Replaces: grub, grub-legacy, ${legacy-doc-br}, grub-common (<< 1.99-1), grub-pc (<< 2.00-4), grub-ieee1275 (<< 2.00-4), grub-efi (<< 1.99-1), grub-coreboot (<< 2.00-4), grub-linuxbios (<< 1.99-1), grub-efi-ia32 (<< 2.00-4), grub-efi-amd64 (<< 2.00-4), grub-efi-ia64 (<< 2.00-4), grub-yeeloong (<< 2.00-4) Conflicts: grub-legacy -Breaks: grub (<< 0.97-54), ${legacy-doc-br} +Breaks: grub (<< 0.97-54), ${legacy-doc-br}, shim (<< 13) Multi-Arch: foreign Description: GRand Unified Bootloader (common files for version 2) This package contains common files shared by the distinct flavours of GRUB. @@ -275,7 +275,7 @@ Package: grub-efi-ia32 Architecture: any-i386 any-amd64 Pre-Depends: ${misc:Pre-Depends} -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-ia32-bin (= ${binary:Version}), ucf, mokutil +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-ia32-bin (= ${binary:Version}), ucf Replaces: grub, grub-legacy, grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1), grub-efi, grub-efi-amd64, grub-pc, grub-coreboot, grub-ieee1275 Conflicts: grub (<< 0.97-54), grub-legacy, grub-efi-amd64, grub-pc, grub-coreboot, grub-ieee1275, grub-xen, elilo Multi-Arch: foreign @@ -326,7 +326,7 @@ Package: grub-efi-amd64 Architecture: i386 kopensolaris-i386 any-amd64 Pre-Depends: ${misc:Pre-Depends} -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-amd64-bin (= ${binary:Version}), ucf, mokutil +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-amd64-bin (= ${binary:Version}), ucf Replaces: grub, grub-legacy, grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1), grub-pc, grub-efi-ia32, grub-coreboot, grub-ieee1275 Conflicts: grub, grub-legacy, grub-efi-ia32, grub-pc, grub-coreboot, grub-ieee1275, grub-xen, elilo Multi-Arch: foreign @@ -375,7 +375,7 @@ Package: grub-efi-ia64 Architecture: any-ia64 Pre-Depends: ${misc:Pre-Depends} -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-ia64-bin (= ${binary:Version}), ucf, mokutil +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-ia64-bin (= ${binary:Version}), ucf Conflicts: elilo Multi-Arch: foreign Description: GRand Unified Bootloader, version 2 (IA64 version) @@ -422,7 +422,7 @@ Package: grub-efi-arm Architecture: any-arm Pre-Depends: ${misc:Pre-Depends} -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-arm-bin (= ${binary:Version}), ucf, mokutil +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-arm-bin (= ${binary:Version}), ucf Conflicts: grub-uboot Multi-Arch: foreign Description: GRand Unified Bootloader, version 2 (ARM UEFI version) @@ -469,7 +469,7 @@ Package: grub-efi-arm64 Architecture: any-arm64 Pre-Depends: ${misc:Pre-Depends} -Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-arm64-bin (= ${binary:Version}), ucf, mokutil +Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-arm64-bin (= ${binary:Version}), ucf Multi-Arch: foreign Description: GRand Unified Bootloader, version 2 (ARM64 UEFI version) GRUB is a portable, powerful bootloader. This version of GRUB is based on a diff -Nru grub2-2.02~beta2/debian/patches/0001-i386-linux-Add-support-for-ext_lfb_base.patch grub2-2.02~beta2/debian/patches/0001-i386-linux-Add-support-for-ext_lfb_base.patch --- grub2-2.02~beta2/debian/patches/0001-i386-linux-Add-support-for-ext_lfb_base.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0001-i386-linux-Add-support-for-ext_lfb_base.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,73 @@ +From 886edba8770ccbc3def0af2a7d6b346d00d0af2f Mon Sep 17 00:00:00 2001 +From: Arindam Nath +Date: Thu, 12 Jul 2018 19:02:49 +0530 +Subject: [PATCH] i386/linux: Add support for ext_lfb_base + +The EFI Graphics Output Protocol can return a 64-bit +linear frame buffer address in some firmware/BIOS +implementations. We currently only store the lower +32-bits in the lfb_base. This will eventually be +passed to Linux kernel and the efifb driver will +incorrectly interpret the framebuffer address as +32-bit address. + +The Linux kernel has already added support to handle +64-bit linear framebuffer address in the efifb driver +since quite some time now. + +This patch adds the support for 64-bit linear frame +buffer address in GRUB to address the above mentioned +scenario. + +Signed-off-by: Arindam Nath +Reviewed-by: Daniel Kiper +--- + grub-core/loader/i386/linux.c | 6 ++++++ + include/grub/i386/linux.h | 6 +++++- + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c +index 44301e1..9b53d31 100644 +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -306,6 +306,12 @@ grub_linux_setup_video (struct linux_kernel_params *params) + params->lfb_line_len = mode_info.pitch; + + params->lfb_base = (grub_size_t) framebuffer; ++ ++#if defined (GRUB_MACHINE_EFI) && defined (__x86_64__) ++ params->ext_lfb_base = (grub_size_t) (((grub_uint64_t)(grub_size_t) framebuffer) >> 32); ++ params->capabilities |= VIDEO_CAPABILITY_64BIT_BASE; ++#endif ++ + params->lfb_size = ALIGN_UP (params->lfb_line_len * params->lfb_height, 65536); + + params->red_mask_size = mode_info.red_mask_size; +diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h +index 0bd7588..60c7c3b 100644 +--- a/include/grub/i386/linux.h ++++ b/include/grub/i386/linux.h +@@ -43,6 +43,9 @@ + + #define GRUB_LINUX_CL_MAGIC 0xA33F + ++#define VIDEO_CAPABILITY_SKIP_QUIRKS (1 << 0) ++#define VIDEO_CAPABILITY_64BIT_BASE (1 << 1) /* Frame buffer base is 64-bit. */ ++ + #ifdef __x86_64__ + + #define GRUB_LINUX_EFI_SIGNATURE \ +@@ -188,8 +191,9 @@ struct linux_kernel_params + grub_uint16_t lfb_pages; /* 32 */ + grub_uint16_t vesa_attrib; /* 34 */ + grub_uint32_t capabilities; /* 36 */ ++ grub_uint32_t ext_lfb_base; /* 3a */ + +- grub_uint8_t padding3[0x40 - 0x3a]; ++ grub_uint8_t padding3[0x40 - 0x3e]; + + grub_uint16_t apm_version; /* 40 */ + grub_uint16_t apm_code_segment; /* 42 */ +-- +2.7.4 + diff -Nru grub2-2.02~beta2/debian/patches/0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch grub2-2.02~beta2/debian/patches/0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch --- grub2-2.02~beta2/debian/patches/0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,66 @@ +From 6d5cd112c65caf7c46518a79a27fe7930ec4714e Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Wed, 15 Apr 2020 15:45:02 -0400 +Subject: yylex: Make lexer fatal errors actually be fatal + +When presented with a command that can't be tokenized to anything +smaller than YYLMAX characters, the parser calls YY_FATAL_ERROR(errmsg), +expecting that will stop further processing, as such: + + #define YY_DO_BEFORE_ACTION \ + yyg->yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yyg->yy_hold_char = *yy_cp; \ + *yy_cp = '\0'; \ + if ( yyleng >= YYLMAX ) \ + YY_FATAL_ERROR( "token too large, exceeds YYLMAX" ); \ + yy_flex_strncpy( yytext, yyg->yytext_ptr, yyleng + 1 , yyscanner); \ + yyg->yy_c_buf_p = yy_cp; + +The code flex generates expects that YY_FATAL_ERROR() will either return +for it or do some form of longjmp(), or handle the error in some way at +least, and so the strncpy() call isn't in an "else" clause, and thus if +YY_FATAL_ERROR() is *not* actually fatal, it does the call with the +questionable limit, and predictable results ensue. + +Unfortunately, our implementation of YY_FATAL_ERROR() is: + + #define YY_FATAL_ERROR(msg) \ + do { \ + grub_printf (_("fatal error: %s\n"), _(msg)); \ + } while (0) + +The same pattern exists in yyless(), and similar problems exist in users +of YY_INPUT(), several places in the main parsing loop, +yy_get_next_buffer(), yy_load_buffer_state(), yyensure_buffer_stack, +yy_scan_buffer(), etc. + +All of these callers expect YY_FATAL_ERROR() to actually be fatal, and +the things they do if it returns after calling it are wildly unsafe. + +Fixes: CVE-2020-10713 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/script/yylex.l | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/script/yylex.l b/grub-core/script/yylex.l +index 7b44c37b7..b7203c823 100644 +--- a/grub-core/script/yylex.l ++++ b/grub-core/script/yylex.l +@@ -37,11 +37,11 @@ + + /* + * As we don't have access to yyscanner, we cannot do much except to +- * print the fatal error. ++ * print the fatal error and exit. + */ + #define YY_FATAL_ERROR(msg) \ + do { \ +- grub_printf (_("fatal error: %s\n"), _(msg)); \ ++ grub_fatal (_("fatal error: %s\n"), _(msg));\ + } while (0) + + #define COPY(str, hint) \ diff -Nru grub2-2.02~beta2/debian/patches/0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch grub2-2.02~beta2/debian/patches/0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch --- grub2-2.02~beta2/debian/patches/0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,142 @@ +From 79fe92c7e4ae4b6fd13a3db8f1a2ae7729e0e265 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 10:58:42 -0400 +Subject: safemath: Add some arithmetic primitives that check for overflow + +This adds a new header, include/grub/safemath.h, that includes easy to +use wrappers for __builtin_{add,sub,mul}_overflow() declared like: + + bool OP(a, b, res) + +where OP is grub_add, grub_sub or grub_mul. OP() returns true in the +case where the operation would overflow and res is not modified. +Otherwise, false is returned and the operation is executed. + +These arithmetic primitives require newer compiler versions. So, bump +these requirements in the INSTALL file too. + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + INSTALL | 22 ++-------------------- + include/grub/compiler.h | 8 ++++++++ + include/grub/safemath.h | 37 +++++++++++++++++++++++++++++++++++++ + 3 files changed, 47 insertions(+), 20 deletions(-) + create mode 100644 include/grub/safemath.h + +Index: grub2-2.02~beta2/include/grub/safemath.h +=================================================================== +--- /dev/null ++++ grub2-2.02~beta2/include/grub/safemath.h +@@ -0,0 +1,37 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2020 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ * ++ * Arithmetic operations that protect against overflow. ++ */ ++ ++#ifndef GRUB_SAFEMATH_H ++#define GRUB_SAFEMATH_H 1 ++ ++#include ++ ++/* These appear in gcc 5.1 and clang 3.8. */ ++#if GNUC_PREREQ(5, 1) || CLANG_PREREQ(3, 8) ++ ++#define grub_add(a, b, res) __builtin_add_overflow(a, b, res) ++#define grub_sub(a, b, res) __builtin_sub_overflow(a, b, res) ++#define grub_mul(a, b, res) __builtin_mul_overflow(a, b, res) ++ ++#else ++#error gcc 5.1 or newer or clang 3.8 or newer is required ++#endif ++ ++#endif /* GRUB_SAFEMATH_H */ +Index: grub2-2.02~beta2/INSTALL +=================================================================== +--- grub2-2.02~beta2.orig/INSTALL ++++ grub2-2.02~beta2/INSTALL +@@ -11,24 +11,7 @@ GRUB depends on some software packages i + you don't have any of them, please obtain and install them before + configuring the GRUB. + +-* GCC 4.1.3 or later +- Note: older versions may work but support is limited +- Note: clang 3.2 or later works for i386 and x86_64 targets but results in +- much bigger binaries. +- earlier versions not tested +- Note: clang 3.2 or later works for arm +- None of tested clang versions generated usable thumb code +- earlier versions not tested +- Note: clang 3.3 or later works for arm64 +- earlier versions have no arm64 support +- Note: clang 3.3 or later works for mips(el) +- earlier versions fail to generate .reginfo and hence gprel relocations +- fail. +- Note: clang 3.2 or later works for powerpc +- earlier versions not tested +- Note: clang doesn't support -mno-app-regs and so can't be used for sparc64 +- Note: clang has no support for ia64 and hence you can't compile GRUB +- for ia64 with clang ++* GCC 5.1.0 or later + * GNU Make + * GNU Bison 2.3 or later + * GNU gettext 0.17 or later +Index: grub2-2.02~beta2/include/grub/compiler.h +=================================================================== +--- /dev/null ++++ grub2-2.02~beta2/include/grub/compiler.h +@@ -0,0 +1,39 @@ ++/* compiler.h - macros for various compiler features */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2002,2003,2005,2006,2007,2008,2009,2010,2014 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_COMPILER_HEADER ++#define GRUB_COMPILER_HEADER 1 ++ ++/* GCC version checking borrowed from glibc. */ ++#if defined(__GNUC__) && defined(__GNUC_MINOR__) ++# define GNUC_PREREQ(maj,min) \ ++ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) ++#else ++# define GNUC_PREREQ(maj,min) 0 ++#endif ++ ++#if defined(__clang__) && defined(__clang_major__) && defined(__clang_minor__) ++# define CLANG_PREREQ(maj,min) \ ++ ((__clang_major__ > (maj)) || \ ++ (__clang_major__ == (maj) && __clang_minor__ >= (min))) ++#else ++# define CLANG_PREREQ(maj,min) 0 ++#endif ++ ++#endif /* ! GRUB_COMPILER_HEADER */ diff -Nru grub2-2.02~beta2/debian/patches/0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch grub2-2.02~beta2/debian/patches/0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch --- grub2-2.02~beta2/debian/patches/0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,239 @@ +From 9e7a74bc530afaad40667b397218615fde3e44ef Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 12:15:29 -0400 +Subject: calloc: Make sure we always have an overflow-checking calloc() + available + +This tries to make sure that everywhere in this source tree, we always have +an appropriate version of calloc() (i.e. grub_calloc(), xcalloc(), etc.) +available, and that they all safely check for overflow and return NULL when +it would occur. + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/kern/emu/misc.c | 12 +++++++++ + grub-core/kern/emu/mm.c | 10 ++++++++ + grub-core/kern/mm.c | 40 ++++++++++++++++++++++++++++++ + grub-core/lib/libgcrypt_wrap/mem.c | 11 ++++++-- + grub-core/lib/posix_wrap/stdlib.h | 8 +++++- + include/grub/emu/misc.h | 1 + + include/grub/mm.h | 6 +++++ + 7 files changed, 85 insertions(+), 3 deletions(-) + +Index: bionic-security/grub-core/kern/emu/misc.c +=================================================================== +--- bionic-security.orig/grub-core/kern/emu/misc.c ++++ bionic-security/grub-core/kern/emu/misc.c +@@ -84,6 +84,18 @@ grub_util_error (const char *fmt, ...) + } + + void * ++xcalloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *p; ++ ++ p = calloc (nmemb, size); ++ if (!p) ++ grub_util_error ("%s", _("out of memory")); ++ ++ return p; ++} ++ ++void * + xmalloc (grub_size_t size) + { + void *p; +Index: bionic-security/grub-core/kern/emu/mm.c +=================================================================== +--- bionic-security.orig/grub-core/kern/emu/mm.c ++++ bionic-security/grub-core/kern/emu/mm.c +@@ -26,6 +26,16 @@ + #include + + void * ++grub_calloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *ret; ++ ret = calloc (nmemb, size); ++ if (!ret) ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ return ret; ++} ++ ++void * + grub_malloc (grub_size_t size) + { + void *ret; +Index: bionic-security/grub-core/kern/mm.c +=================================================================== +--- bionic-security.orig/grub-core/kern/mm.c ++++ bionic-security/grub-core/kern/mm.c +@@ -67,8 +67,10 @@ + #include + #include + #include ++#include + + #ifdef MM_DEBUG ++# undef grub_calloc + # undef grub_malloc + # undef grub_zalloc + # undef grub_realloc +@@ -375,6 +377,30 @@ grub_memalign (grub_size_t align, grub_s + return 0; + } + ++/* ++ * Allocate NMEMB instances of SIZE bytes and return the pointer, or error on ++ * integer overflow. ++ */ ++void * ++grub_calloc (grub_size_t nmemb, grub_size_t size) ++{ ++ void *ret; ++ grub_size_t sz = 0; ++ ++ if (grub_mul (nmemb, size, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ ret = grub_memalign (0, sz); ++ if (!ret) ++ return NULL; ++ ++ grub_memset (ret, 0, sz); ++ return ret; ++} ++ + /* Allocate SIZE bytes and return the pointer. */ + void * + grub_malloc (grub_size_t size) +@@ -562,6 +588,20 @@ grub_mm_dump (unsigned lineno) + } + + void * ++grub_debug_calloc (const char *file, int line, grub_size_t nmemb, grub_size_t size) ++{ ++ void *ptr; ++ ++ if (grub_mm_debug) ++ grub_printf ("%s:%d: calloc (0x%" PRIxGRUB_SIZE ", 0x%" PRIxGRUB_SIZE ") = ", ++ file, line, size); ++ ptr = grub_calloc (nmemb, size); ++ if (grub_mm_debug) ++ grub_printf ("%p\n", ptr); ++ return ptr; ++} ++ ++void * + grub_debug_malloc (const char *file, int line, grub_size_t size) + { + void *ptr; +Index: bionic-security/grub-core/lib/libgcrypt_wrap/mem.c +=================================================================== +--- bionic-security.orig/grub-core/lib/libgcrypt_wrap/mem.c ++++ bionic-security/grub-core/lib/libgcrypt_wrap/mem.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -36,7 +37,10 @@ void * + gcry_xcalloc (size_t n, size_t m) + { + void *ret; +- ret = grub_zalloc (n * m); ++ size_t sz; ++ if (grub_mul (n, m, &sz)) ++ grub_fatal ("gcry_xcalloc would overflow"); ++ ret = grub_zalloc (sz); + if (!ret) + grub_fatal ("gcry_xcalloc failed"); + return ret; +@@ -56,7 +60,10 @@ void * + gcry_xcalloc_secure (size_t n, size_t m) + { + void *ret; +- ret = grub_zalloc (n * m); ++ size_t sz; ++ if (grub_mul (n, m, &sz)) ++ grub_fatal ("gcry_xcalloc would overflow"); ++ ret = grub_zalloc (sz); + if (!ret) + grub_fatal ("gcry_xcalloc failed"); + return ret; +Index: bionic-security/grub-core/lib/posix_wrap/stdlib.h +=================================================================== +--- bionic-security.orig/grub-core/lib/posix_wrap/stdlib.h ++++ bionic-security/grub-core/lib/posix_wrap/stdlib.h +@@ -21,6 +21,7 @@ + + #include + #include ++#include + + static inline void + free (void *ptr) +@@ -37,7 +38,12 @@ malloc (grub_size_t size) + static inline void * + calloc (grub_size_t size, grub_size_t nelem) + { +- return grub_zalloc (size * nelem); ++ grub_size_t sz; ++ ++ if (grub_mul (size, nelem, &sz)) ++ return NULL; ++ ++ return grub_zalloc (sz); + } + + static inline void * +Index: bionic-security/include/grub/emu/misc.h +=================================================================== +--- bionic-security.orig/include/grub/emu/misc.h ++++ bionic-security/include/grub/emu/misc.h +@@ -51,6 +51,7 @@ grub_util_device_is_mapped (const char * + #define GRUB_HOST_PRIxLONG_LONG "llx" + #endif + ++void * EXPORT_FUNC(xcalloc) (grub_size_t nmemb, grub_size_t size) WARN_UNUSED_RESULT; + void * EXPORT_FUNC(xmalloc) (grub_size_t size) WARN_UNUSED_RESULT; + void * EXPORT_FUNC(xrealloc) (void *ptr, grub_size_t size) WARN_UNUSED_RESULT; + char * EXPORT_FUNC(xstrdup) (const char *str) WARN_UNUSED_RESULT; +Index: bionic-security/include/grub/mm.h +=================================================================== +--- bionic-security.orig/include/grub/mm.h ++++ bionic-security/include/grub/mm.h +@@ -29,6 +29,7 @@ + #endif + + void grub_mm_init_region (void *addr, grub_size_t size); ++void *EXPORT_FUNC(grub_calloc) (grub_size_t nmemb, grub_size_t size); + void *EXPORT_FUNC(grub_malloc) (grub_size_t size); + void *EXPORT_FUNC(grub_zalloc) (grub_size_t size); + void EXPORT_FUNC(grub_free) (void *ptr); +@@ -48,6 +49,9 @@ extern int EXPORT_VAR(grub_mm_debug); + void grub_mm_dump_free (void); + void grub_mm_dump (unsigned lineno); + ++#define grub_calloc(nmemb, size) \ ++ grub_debug_calloc (GRUB_FILE, __LINE__, nmemb, size) ++ + #define grub_malloc(size) \ + grub_debug_malloc (GRUB_FILE, __LINE__, size) + +@@ -63,6 +67,8 @@ void grub_mm_dump (unsigned lineno); + #define grub_free(ptr) \ + grub_debug_free (GRUB_FILE, __LINE__, ptr) + ++void *EXPORT_FUNC(grub_debug_calloc) (const char *file, int line, ++ grub_size_t nmemb, grub_size_t size); + void *EXPORT_FUNC(grub_debug_malloc) (const char *file, int line, + grub_size_t size); + void *EXPORT_FUNC(grub_debug_zalloc) (const char *file, int line, diff -Nru grub2-2.02~beta2/debian/patches/0085-calloc-Use-calloc-at-most-places.patch grub2-2.02~beta2/debian/patches/0085-calloc-Use-calloc-at-most-places.patch --- grub2-2.02~beta2/debian/patches/0085-calloc-Use-calloc-at-most-places.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0085-calloc-Use-calloc-at-most-places.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,1761 @@ +From 06f4fe53388df99fff7fd23620705901903de8a0 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 12:26:01 -0400 +Subject: calloc: Use calloc() at most places + +This modifies most of the places we do some form of: + + X = malloc(Y * Z); + +to use calloc(Y, Z) instead. + +Among other issues, this fixes: + - allocation of integer overflow in grub_png_decode_image_header() + reported by Chris Coulson, + - allocation of integer overflow in luks_recover_key() + reported by Chris Coulson, + - allocation of integer overflow in grub_lvm_detect() + reported by Chris Coulson. + +Fixes: CVE-2020-14308 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/bus/usb/usbhub.c | 8 ++++---- + grub-core/commands/efi/lsefisystab.c | 3 ++- + grub-core/commands/legacycfg.c | 6 +++--- + grub-core/commands/menuentry.c | 2 +- + grub-core/commands/nativedisk.c | 2 +- + grub-core/commands/parttool.c | 12 +++++++++--- + grub-core/commands/regexp.c | 2 +- + grub-core/commands/search_wrap.c | 2 +- + grub-core/disk/diskfilter.c | 4 ++-- + grub-core/disk/ieee1275/ofdisk.c | 2 +- + grub-core/disk/ldm.c | 14 +++++++------- + grub-core/disk/luks.c | 2 +- + grub-core/disk/lvm.c | 8 ++++---- + grub-core/disk/xen/xendisk.c | 2 +- + grub-core/efiemu/loadcore.c | 2 +- + grub-core/efiemu/mm.c | 6 +++--- + grub-core/font/font.c | 3 +-- + grub-core/fs/affs.c | 6 +++--- + grub-core/fs/btrfs.c | 6 +++--- + grub-core/fs/hfs.c | 2 +- + grub-core/fs/hfsplus.c | 6 +++--- + grub-core/fs/iso9660.c | 2 +- + grub-core/fs/ntfs.c | 4 ++-- + grub-core/fs/sfs.c | 2 +- + grub-core/fs/tar.c | 2 +- + grub-core/fs/udf.c | 4 ++-- + grub-core/fs/zfs/zfs.c | 4 ++-- + grub-core/gfxmenu/gui_string_util.c | 2 +- + grub-core/gfxmenu/widget-box.c | 4 ++-- + grub-core/io/gzio.c | 2 +- + grub-core/kern/efi/efi.c | 6 +++--- + grub-core/kern/emu/hostdisk.c | 2 +- + grub-core/kern/fs.c | 2 +- + grub-core/kern/misc.c | 2 +- + grub-core/kern/parser.c | 2 +- + grub-core/kern/uboot/uboot.c | 2 +- + grub-core/lib/libgcrypt/cipher/ac.c | 8 ++++---- + grub-core/lib/libgcrypt/cipher/primegen.c | 4 ++-- + grub-core/lib/libgcrypt/cipher/pubkey.c | 4 ++-- + grub-core/lib/priority_queue.c | 2 +- + grub-core/lib/reed_solomon.c | 7 +++---- + grub-core/lib/relocator.c | 10 +++++----- + grub-core/lib/zstd/fse_decompress.c | 2 +- + grub-core/loader/arm/linux.c | 2 +- + grub-core/loader/efi/chainloader.c | 2 +- + grub-core/loader/i386/bsdXX.c | 2 +- + grub-core/loader/i386/xnu.c | 4 ++-- + grub-core/loader/macho.c | 2 +- + grub-core/loader/multiboot_elfxx.c | 2 +- + grub-core/loader/xnu.c | 2 +- + grub-core/mmap/mmap.c | 4 ++-- + grub-core/net/bootp.c | 2 +- + grub-core/net/dns.c | 10 +++++----- + grub-core/net/net.c | 4 ++-- + grub-core/normal/charset.c | 10 +++++----- + grub-core/normal/cmdline.c | 14 +++++++------- + grub-core/normal/menu_entry.c | 14 +++++++------- + grub-core/normal/menu_text.c | 4 ++-- + grub-core/normal/term.c | 4 ++-- + grub-core/osdep/linux/getroot.c | 6 +++--- + grub-core/osdep/unix/config.c | 2 +- + grub-core/osdep/windows/getroot.c | 2 +- + grub-core/osdep/windows/hostdisk.c | 4 ++-- + grub-core/osdep/windows/init.c | 2 +- + grub-core/osdep/windows/platform.c | 4 ++-- + grub-core/osdep/windows/relpath.c | 2 +- + grub-core/partmap/gpt.c | 2 +- + grub-core/partmap/msdos.c | 2 +- + grub-core/script/execute.c | 2 +- + grub-core/tests/fake_input.c | 2 +- + grub-core/tests/video_checksum.c | 6 +++--- + grub-core/video/capture.c | 2 +- + grub-core/video/emu/sdl.c | 2 +- + grub-core/video/i386/pc/vga.c | 2 +- + grub-core/video/readers/png.c | 2 +- + include/grub/unicode.h | 4 ++-- + util/getroot.c | 2 +- + util/grub-file.c | 2 +- + util/grub-fstest.c | 4 ++-- + util/grub-install-common.c | 2 +- + util/grub-install.c | 4 ++-- + util/grub-mkimagexx.c | 6 ++---- + util/grub-mkrescue.c | 4 ++-- + util/grub-mkstandalone.c | 2 +- + util/grub-pe2elf.c | 12 +++++------- + util/grub-probe.c | 4 ++-- + 86 files changed, 176 insertions(+), 175 deletions(-) + +Index: grub2-2.02~beta2/grub-core/bus/usb/usbhub.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/bus/usb/usbhub.c ++++ grub2-2.02~beta2/grub-core/bus/usb/usbhub.c +@@ -149,8 +149,8 @@ grub_usb_add_hub (grub_usb_device_t dev) + grub_usb_set_configuration (dev, 1); + + dev->nports = hubdesc.portcnt; +- dev->children = grub_zalloc (hubdesc.portcnt * sizeof (dev->children[0])); +- dev->ports = grub_zalloc (dev->nports * sizeof (dev->ports[0])); ++ dev->children = grub_calloc (hubdesc.portcnt, sizeof (dev->children[0])); ++ dev->ports = grub_calloc (dev->nports, sizeof (dev->ports[0])); + if (!dev->children || !dev->ports) + { + grub_free (dev->children); +@@ -268,8 +268,8 @@ grub_usb_controller_dev_register_iter (g + + /* Query the number of ports the root Hub has. */ + hub->nports = controller->dev->hubports (controller); +- hub->devices = grub_zalloc (sizeof (hub->devices[0]) * hub->nports); +- hub->ports = grub_zalloc (sizeof (hub->ports[0]) * hub->nports); ++ hub->devices = grub_calloc (hub->nports, sizeof (hub->devices[0])); ++ hub->ports = grub_calloc (hub->nports, sizeof (hub->ports[0])); + if (!hub->devices || !hub->ports) + { + grub_free (hub->devices); +Index: grub2-2.02~beta2/grub-core/commands/efi/lsefisystab.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/commands/efi/lsefisystab.c ++++ grub2-2.02~beta2/grub-core/commands/efi/lsefisystab.c +@@ -60,7 +60,8 @@ grub_cmd_lsefisystab (struct grub_comman + grub_printf ("Vendor: "); + + for (vendor_utf16 = st->firmware_vendor; *vendor_utf16; vendor_utf16++); +- vendor = grub_malloc (4 * (vendor_utf16 - st->firmware_vendor) + 1); ++ /* Allocate extra 3 bytes to simplify math. */ ++ vendor = grub_calloc (4, vendor_utf16 - st->firmware_vendor + 1); + if (!vendor) + return grub_errno; + *grub_utf16_to_utf8 ((grub_uint8_t *) vendor, st->firmware_vendor, +Index: grub2-2.02~beta2/grub-core/commands/menuentry.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/commands/menuentry.c ++++ grub2-2.02~beta2/grub-core/commands/menuentry.c +@@ -154,7 +154,7 @@ grub_normal_add_menu_entry (int argc, co + goto fail; + + /* Save argc, args to pass as parameters to block arg later. */ +- menu_args = grub_malloc (sizeof (char*) * (argc + 1)); ++ menu_args = grub_calloc (argc + 1, sizeof (char *)); + if (! menu_args) + goto fail; + +Index: grub2-2.02~beta2/grub-core/commands/nativedisk.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/commands/nativedisk.c ++++ grub2-2.02~beta2/grub-core/commands/nativedisk.c +@@ -191,7 +191,7 @@ grub_cmd_nativedisk (grub_command_t cmd + else + path_prefix = prefix; + +- mods = grub_malloc (argc * sizeof (mods[0])); ++ mods = grub_calloc (argc, sizeof (mods[0])); + if (!mods) + return grub_errno; + +Index: grub2-2.02~beta2/grub-core/commands/parttool.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/commands/parttool.c ++++ grub2-2.02~beta2/grub-core/commands/parttool.c +@@ -59,7 +59,13 @@ grub_parttool_register(const char *part_ + for (nargs = 0; args[nargs].name != 0; nargs++); + cur->nargs = nargs; + cur->args = (struct grub_parttool_argdesc *) +- grub_malloc ((nargs + 1) * sizeof (struct grub_parttool_argdesc)); ++ grub_calloc (nargs + 1, sizeof (struct grub_parttool_argdesc)); ++ if (!cur->args) ++ { ++ grub_free (cur); ++ curhandle--; ++ return -1; ++ } + grub_memcpy (cur->args, args, + (nargs + 1) * sizeof (struct grub_parttool_argdesc)); + +@@ -249,7 +255,7 @@ grub_cmd_parttool (grub_command_t cmd __ + if (grub_strcmp (args[i], "help") == 0) + return show_help (dev); + +- parsed = (int *) grub_zalloc (argc * sizeof (int)); ++ parsed = (int *) grub_calloc (argc, sizeof (int)); + + for (i = 1; i < argc; i++) + if (! parsed[i]) +@@ -278,7 +284,7 @@ grub_cmd_parttool (grub_command_t cmd __ + args[i]); + ptool = cur; + pargs = (struct grub_parttool_args *) +- grub_zalloc (ptool->nargs * sizeof (struct grub_parttool_args)); ++ grub_calloc (ptool->nargs, sizeof (struct grub_parttool_args)); + for (j = i; j < argc; j++) + if (! parsed[j]) + { +Index: grub2-2.02~beta2/grub-core/commands/regexp.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/commands/regexp.c ++++ grub2-2.02~beta2/grub-core/commands/regexp.c +@@ -116,7 +116,7 @@ grub_cmd_regexp (grub_extcmd_context_t c + if (ret) + goto fail; + +- matches = grub_zalloc (sizeof (*matches) * (regex.re_nsub + 1)); ++ matches = grub_calloc (regex.re_nsub + 1, sizeof (*matches)); + if (! matches) + goto fail; + +Index: grub2-2.02~beta2/grub-core/commands/search_wrap.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/commands/search_wrap.c ++++ grub2-2.02~beta2/grub-core/commands/search_wrap.c +@@ -122,7 +122,7 @@ grub_cmd_search (grub_extcmd_context_t c + for (i = 0; state[SEARCH_HINT_BAREMETAL].args[i]; i++) + nhints++; + +- hints = grub_malloc (sizeof (hints[0]) * nhints); ++ hints = grub_calloc (nhints, sizeof (hints[0])); + if (!hints) + return grub_errno; + j = 0; +Index: grub2-2.02~beta2/grub-core/disk/diskfilter.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/disk/diskfilter.c ++++ grub2-2.02~beta2/grub-core/disk/diskfilter.c +@@ -1021,7 +1021,7 @@ grub_diskfilter_make_raid (grub_size_t u + array->lvs->segments->node_count = nmemb; + array->lvs->segments->raid_member_size = disk_size; + array->lvs->segments->nodes +- = grub_zalloc (nmemb * sizeof (array->lvs->segments->nodes[0])); ++ = grub_calloc (nmemb, sizeof (array->lvs->segments->nodes[0])); + array->lvs->segments->stripe_size = stripe_size; + for (i = 0; i < nmemb; i++) + { +@@ -1111,7 +1111,7 @@ insert_array (grub_disk_t disk, const st + grub_partition_t p; + for (p = disk->partition; p; p = p->parent) + s++; +- pv->partmaps = xmalloc (s * sizeof (pv->partmaps[0])); ++ pv->partmaps = xcalloc (s, sizeof (pv->partmaps[0])); + s = 0; + for (p = disk->partition; p; p = p->parent) + pv->partmaps[s++] = xstrdup (p->partmap->name); +Index: grub2-2.02~beta2/grub-core/disk/ieee1275/ofdisk.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/disk/ieee1275/ofdisk.c ++++ grub2-2.02~beta2/grub-core/disk/ieee1275/ofdisk.c +@@ -289,7 +289,7 @@ dev_iterate (const struct grub_ieee1275_ + /* Power machines documentation specify 672 as maximum SAS disks in + one system. Using a slightly larger value to be safe. */ + table_size = 768; +- table = grub_malloc (table_size * sizeof (grub_uint64_t)); ++ table = grub_calloc (table_size, sizeof (grub_uint64_t)); + + if (!table) + { +Index: grub2-2.02~beta2/grub-core/disk/ldm.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/disk/ldm.c ++++ grub2-2.02~beta2/grub-core/disk/ldm.c +@@ -323,8 +323,8 @@ make_vg (grub_disk_t disk, + lv->segments->type = GRUB_DISKFILTER_MIRROR; + lv->segments->node_count = 0; + lv->segments->node_alloc = 8; +- lv->segments->nodes = grub_zalloc (sizeof (*lv->segments->nodes) +- * lv->segments->node_alloc); ++ lv->segments->nodes = grub_calloc (lv->segments->node_alloc, ++ sizeof (*lv->segments->nodes)); + if (!lv->segments->nodes) + goto fail2; + ptr = vblk[i].dynamic; +@@ -543,8 +543,8 @@ make_vg (grub_disk_t disk, + { + comp->segment_alloc = 8; + comp->segment_count = 0; +- comp->segments = grub_malloc (sizeof (*comp->segments) +- * comp->segment_alloc); ++ comp->segments = grub_calloc (comp->segment_alloc, ++ sizeof (*comp->segments)); + if (!comp->segments) + goto fail2; + } +@@ -590,8 +590,8 @@ make_vg (grub_disk_t disk, + } + comp->segments->node_count = read_int (ptr + 1, *ptr); + comp->segments->node_alloc = comp->segments->node_count; +- comp->segments->nodes = grub_zalloc (sizeof (*comp->segments->nodes) +- * comp->segments->node_alloc); ++ comp->segments->nodes = grub_calloc (comp->segments->node_alloc, ++ sizeof (*comp->segments->nodes)); + if (!lv->segments->nodes) + goto fail2; + } +@@ -1017,7 +1017,7 @@ grub_util_ldm_embed (struct grub_disk *d + *nsectors = lv->size; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +Index: grub2-2.02~beta2/grub-core/disk/luks.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/disk/luks.c ++++ grub2-2.02~beta2/grub-core/disk/luks.c +@@ -324,7 +324,7 @@ luks_recover_key (grub_disk_t source, + && grub_be_to_cpu32 (header.keyblock[i].stripes) > max_stripes) + max_stripes = grub_be_to_cpu32 (header.keyblock[i].stripes); + +- split_key = grub_malloc (keysize * max_stripes); ++ split_key = grub_calloc (keysize, max_stripes); + if (!split_key) + return grub_errno; + +Index: grub2-2.02~beta2/grub-core/disk/lvm.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/disk/lvm.c ++++ grub2-2.02~beta2/grub-core/disk/lvm.c +@@ -173,7 +173,7 @@ grub_lvm_detect (grub_disk_t disk, + first one. */ + + /* Allocate buffer space for the circular worst-case scenario. */ +- metadatabuf = grub_malloc (2 * mda_size); ++ metadatabuf = grub_calloc (2, mda_size); + if (! metadatabuf) + goto fail; + +@@ -426,7 +426,7 @@ grub_lvm_detect (grub_disk_t disk, + #endif + goto lvs_fail; + } +- lv->segments = grub_malloc (sizeof (*seg) * lv->segment_count); ++ lv->segments = grub_calloc (lv->segment_count, sizeof (*seg)); + seg = lv->segments; + + for (i = 0; i < lv->segment_count; i++) +@@ -483,8 +483,8 @@ grub_lvm_detect (grub_disk_t disk, + if (seg->node_count != 1) + seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = "); + +- seg->nodes = grub_zalloc (sizeof (*stripe) +- * seg->node_count); ++ seg->nodes = grub_calloc (seg->node_count, ++ sizeof (*stripe)); + stripe = seg->nodes; + + p = grub_strstr (p, "stripes = ["); +Index: grub2-2.02~beta2/grub-core/disk/xen/xendisk.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/disk/xen/xendisk.c ++++ grub2-2.02~beta2/grub-core/disk/xen/xendisk.c +@@ -399,7 +399,7 @@ grub_xendisk_init (void) + if (!ctr) + return; + +- virtdisks = grub_malloc (ctr * sizeof (virtdisks[0])); ++ virtdisks = grub_calloc (ctr, sizeof (virtdisks[0])); + if (!virtdisks) + return; + if (grub_xenstore_dir ("device/vbd", fill, &ctr)) +Index: grub2-2.02~beta2/grub-core/efiemu/loadcore.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/efiemu/loadcore.c ++++ grub2-2.02~beta2/grub-core/efiemu/loadcore.c +@@ -198,7 +198,7 @@ grub_efiemu_count_symbols (const Elf_Ehd + + grub_efiemu_nelfsyms = (unsigned) s->sh_size / (unsigned) s->sh_entsize; + grub_efiemu_elfsyms = (struct grub_efiemu_elf_sym *) +- grub_malloc (sizeof (struct grub_efiemu_elf_sym) * grub_efiemu_nelfsyms); ++ grub_calloc (grub_efiemu_nelfsyms, sizeof (struct grub_efiemu_elf_sym)); + + /* Relocators */ + for (i = 0, s = (Elf_Shdr *) ((char *) e + e->e_shoff); +Index: grub2-2.02~beta2/grub-core/efiemu/mm.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/efiemu/mm.c ++++ grub2-2.02~beta2/grub-core/efiemu/mm.c +@@ -553,11 +553,11 @@ grub_efiemu_mmap_sort_and_uniq (void) + /* Initialize variables*/ + grub_memset (present, 0, sizeof (int) * GRUB_EFI_MAX_MEMORY_TYPE); + scanline_events = (struct grub_efiemu_mmap_scan *) +- grub_malloc (sizeof (struct grub_efiemu_mmap_scan) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (struct grub_efiemu_mmap_scan) * 2); + + /* Number of chunks can't increase more than by factor of 2 */ + result = (grub_efi_memory_descriptor_t *) +- grub_malloc (sizeof (grub_efi_memory_descriptor_t) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (grub_efi_memory_descriptor_t) * 2); + if (!result || !scanline_events) + { + grub_free (result); +@@ -659,7 +659,7 @@ grub_efiemu_mm_do_alloc (void) + + /* Preallocate mmap */ + efiemu_mmap = (grub_efi_memory_descriptor_t *) +- grub_malloc (mmap_reserved_size * sizeof (grub_efi_memory_descriptor_t)); ++ grub_calloc (mmap_reserved_size, sizeof (grub_efi_memory_descriptor_t)); + if (!efiemu_mmap) + { + grub_efiemu_unload (); +Index: grub2-2.02~beta2/grub-core/font/font.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/font/font.c ++++ grub2-2.02~beta2/grub-core/font/font.c +@@ -293,8 +293,7 @@ load_font_index (grub_file_t file, grub_ + font->num_chars = sect_length / FONT_CHAR_INDEX_ENTRY_SIZE; + + /* Allocate the character index array. */ +- font->char_index = grub_malloc (font->num_chars +- * sizeof (struct char_index_entry)); ++ font->char_index = grub_calloc (font->num_chars, sizeof (struct char_index_entry)); + if (!font->char_index) + return 1; + font->bmp_idx = grub_malloc (0x10000 * sizeof (grub_uint16_t)); +Index: grub2-2.02~beta2/grub-core/fs/affs.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/affs.c ++++ grub2-2.02~beta2/grub-core/fs/affs.c +@@ -301,7 +301,7 @@ grub_affs_read_symlink (grub_fshelp_node + return 0; + } + latin1[symlink_size] = 0; +- utf8 = grub_malloc (symlink_size * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ utf8 = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, symlink_size); + if (!utf8) + { + grub_free (latin1); +@@ -422,7 +422,7 @@ grub_affs_iterate_dir (grub_fshelp_node_ + return 1; + } + +- hashtable = grub_zalloc (data->htsize * sizeof (*hashtable)); ++ hashtable = grub_calloc (data->htsize, sizeof (*hashtable)); + if (!hashtable) + return 1; + +@@ -628,7 +628,7 @@ grub_affs_label (grub_device_t device, c + len = file.namelen; + if (len > sizeof (file.name)) + len = sizeof (file.name); +- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ *label = grub_calloc (GRUB_MAX_UTF8_PER_LATIN1 + 1, len); + if (*label) + *grub_latin1_to_utf8 ((grub_uint8_t *) *label, file.name, len) = '\0'; + } +Index: grub2-2.02~beta2/grub-core/fs/btrfs.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/btrfs.c ++++ grub2-2.02~beta2/grub-core/fs/btrfs.c +@@ -375,7 +375,7 @@ lower_bound (struct grub_btrfs_data *dat + { + desc->allocated = 16; + desc->depth = 0; +- desc->data = grub_malloc (sizeof (desc->data[0]) * desc->allocated); ++ desc->data = grub_calloc (desc->allocated, sizeof (desc->data[0])); + if (!desc->data) + return grub_errno; + } +@@ -1732,7 +1732,7 @@ grub_btrfs_embed (grub_device_t device _ + *nsectors = 64 * 2 - 1; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +Index: grub2-2.02~beta2/grub-core/fs/hfs.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/hfs.c ++++ grub2-2.02~beta2/grub-core/fs/hfs.c +@@ -1360,7 +1360,7 @@ grub_hfs_label (grub_device_t device, ch + grub_size_t len = data->sblock.volname[0]; + if (len > sizeof (data->sblock.volname) - 1) + len = sizeof (data->sblock.volname) - 1; +- *label = grub_malloc (len * MAX_UTF8_PER_MAC_ROMAN + 1); ++ *label = grub_calloc (MAX_UTF8_PER_MAC_ROMAN + 1, len); + if (*label) + macroman_to_utf8 (*label, data->sblock.volname + 1, + len + 1, 0); +Index: grub2-2.02~beta2/grub-core/fs/hfsplus.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/hfsplus.c ++++ grub2-2.02~beta2/grub-core/fs/hfsplus.c +@@ -1000,7 +1000,7 @@ grub_hfsplus_label (grub_device_t device + return 0; + } + +- *label = grub_malloc (label_len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ *label = grub_calloc (label_len, GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! *label) + return grub_errno; + +Index: grub2-2.02~beta2/grub-core/fs/iso9660.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/iso9660.c ++++ grub2-2.02~beta2/grub-core/fs/iso9660.c +@@ -331,7 +331,7 @@ grub_iso9660_convert_string (grub_uint8_ + int i; + grub_uint16_t t[MAX_NAMELEN / 2 + 1]; + +- p = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ p = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! p) + return NULL; + +Index: grub2-2.02~beta2/grub-core/fs/ntfs.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/ntfs.c ++++ grub2-2.02~beta2/grub-core/fs/ntfs.c +@@ -556,8 +556,8 @@ get_utf8 (grub_uint8_t *in, grub_size_t + grub_uint16_t *tmp; + grub_size_t i; + +- buf = grub_malloc (len * GRUB_MAX_UTF8_PER_UTF16 + 1); +- tmp = grub_malloc (len * sizeof (tmp[0])); ++ buf = grub_calloc (len, GRUB_MAX_UTF8_PER_UTF16 + 1); ++ tmp = grub_calloc (len, sizeof (tmp[0])); + if (!buf || !tmp) + { + grub_free (buf); +Index: grub2-2.02~beta2/grub-core/fs/sfs.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/sfs.c ++++ grub2-2.02~beta2/grub-core/fs/sfs.c +@@ -261,7 +261,7 @@ grub_sfs_read_block (grub_fshelp_node_t + node->next_extent = node->block; + node->cache_size = 0; + +- node->cache = grub_malloc (sizeof (node->cache[0]) * cache_size); ++ node->cache = grub_calloc (cache_size, sizeof (node->cache[0])); + if (!node->cache) + { + grub_errno = 0; +Index: grub2-2.02~beta2/grub-core/fs/tar.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/tar.c ++++ grub2-2.02~beta2/grub-core/fs/tar.c +@@ -120,7 +120,7 @@ grub_cpio_find_file (struct grub_archelp + if (data->linkname_alloc < linksize + 1) + { + char *n; +- n = grub_malloc (2 * (linksize + 1)); ++ n = grub_calloc (2, linksize + 1); + if (!n) + return grub_errno; + grub_free (data->linkname); +Index: grub2-2.02~beta2/grub-core/fs/udf.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/udf.c ++++ grub2-2.02~beta2/grub-core/fs/udf.c +@@ -836,7 +836,7 @@ read_string (const grub_uint8_t *raw, gr + { + unsigned i; + utf16len = sz - 1; +- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); ++ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); + if (!utf16) + return NULL; + for (i = 0; i < utf16len; i++) +@@ -846,7 +846,7 @@ read_string (const grub_uint8_t *raw, gr + { + unsigned i; + utf16len = (sz - 1) / 2; +- utf16 = grub_malloc (utf16len * sizeof (utf16[0])); ++ utf16 = grub_calloc (utf16len, sizeof (utf16[0])); + if (!utf16) + return NULL; + for (i = 0; i < utf16len; i++) +Index: grub2-2.02~beta2/grub-core/fs/zfs/zfs.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/zfs/zfs.c ++++ grub2-2.02~beta2/grub-core/fs/zfs/zfs.c +@@ -3314,7 +3314,7 @@ dnode_get_fullpath (const char *fullpath + } + subvol->nkeys = 0; + zap_iterate (&keychain_dn, 8, count_zap_keys, &ctx, data); +- subvol->keyring = grub_zalloc (subvol->nkeys * sizeof (subvol->keyring[0])); ++ subvol->keyring = grub_calloc (subvol->nkeys, sizeof (subvol->keyring[0])); + if (!subvol->keyring) + { + grub_free (fsname); +@@ -4312,7 +4312,7 @@ grub_zfs_embed (grub_device_t device __a + *nsectors = (VDEV_BOOT_SIZE >> GRUB_DISK_SECTOR_BITS); + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +Index: grub2-2.02~beta2/grub-core/gfxmenu/gui_string_util.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/gfxmenu/gui_string_util.c ++++ grub2-2.02~beta2/grub-core/gfxmenu/gui_string_util.c +@@ -55,7 +55,7 @@ canonicalize_path (const char *path) + if (*p == '/') + components++; + +- char **path_array = grub_malloc (components * sizeof (*path_array)); ++ char **path_array = grub_calloc (components, sizeof (*path_array)); + if (! path_array) + return 0; + +Index: grub2-2.02~beta2/grub-core/gfxmenu/widget-box.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/gfxmenu/widget-box.c ++++ grub2-2.02~beta2/grub-core/gfxmenu/widget-box.c +@@ -303,10 +303,10 @@ grub_gfxmenu_create_box (const char *pix + box->content_height = 0; + box->raw_pixmaps = + (struct grub_video_bitmap **) +- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); ++ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); + box->scaled_pixmaps = + (struct grub_video_bitmap **) +- grub_malloc (BOX_NUM_PIXMAPS * sizeof (struct grub_video_bitmap *)); ++ grub_calloc (BOX_NUM_PIXMAPS, sizeof (struct grub_video_bitmap *)); + + /* Initialize all pixmap pointers to NULL so that proper destruction can + be performed if an error is encountered partway through construction. */ +Index: grub2-2.02~beta2/grub-core/io/gzio.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/io/gzio.c ++++ grub2-2.02~beta2/grub-core/io/gzio.c +@@ -542,7 +542,7 @@ huft_build (unsigned *b, /* code lengths + z = 1 << j; /* table entries for j-bit table */ + + /* allocate and link in new table */ +- q = (struct huft *) grub_zalloc ((z + 1) * sizeof (struct huft)); ++ q = (struct huft *) grub_calloc (z + 1, sizeof (struct huft)); + if (! q) + { + if (h) +Index: grub2-2.02~beta2/grub-core/kern/efi/efi.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/kern/efi/efi.c ++++ grub2-2.02~beta2/grub-core/kern/efi/efi.c +@@ -193,7 +193,7 @@ grub_efi_set_variable(const char *var, c + + len = grub_strlen (var); + len16 = len * GRUB_MAX_UTF16_PER_UTF8; +- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); ++ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); + if (!var16) + return grub_errno; + len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); +@@ -227,7 +227,7 @@ grub_efi_get_variable (const char *var, + + len = grub_strlen (var); + len16 = len * GRUB_MAX_UTF16_PER_UTF8; +- var16 = grub_malloc ((len16 + 1) * sizeof (var16[0])); ++ var16 = grub_calloc (len16 + 1, sizeof (var16[0])); + if (!var16) + return NULL; + len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL); +Index: grub2-2.02~beta2/grub-core/kern/emu/hostdisk.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/kern/emu/hostdisk.c ++++ grub2-2.02~beta2/grub-core/kern/emu/hostdisk.c +@@ -627,7 +627,7 @@ static char * + grub_util_path_concat_real (size_t n, int ext, va_list ap) + { + size_t totlen = 0; +- char **l = xmalloc ((n + ext) * sizeof (l[0])); ++ char **l = xcalloc (n + ext, sizeof (l[0])); + char *r, *p, *pi; + size_t i; + int first = 1; +Index: grub2-2.02~beta2/grub-core/kern/fs.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/kern/fs.c ++++ grub2-2.02~beta2/grub-core/kern/fs.c +@@ -151,7 +151,7 @@ grub_fs_blocklist_open (grub_file_t file + while (p); + + /* Allocate a block list. */ +- blocks = grub_zalloc (sizeof (struct grub_fs_block) * (num + 1)); ++ blocks = grub_calloc (num + 1, sizeof (struct grub_fs_block)); + if (! blocks) + return 0; + +Index: grub2-2.02~beta2/grub-core/kern/misc.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/kern/misc.c ++++ grub2-2.02~beta2/grub-core/kern/misc.c +@@ -865,7 +865,7 @@ parse_printf_args (const char *fmt0, str + args->ptr = args->prealloc; + else + { +- args->ptr = grub_malloc (args->count * sizeof (args->ptr[0])); ++ args->ptr = grub_calloc (args->count, sizeof (args->ptr[0])); + if (!args->ptr) + { + grub_errno = GRUB_ERR_NONE; +Index: grub2-2.02~beta2/grub-core/kern/parser.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/kern/parser.c ++++ grub2-2.02~beta2/grub-core/kern/parser.c +@@ -213,7 +213,7 @@ grub_parser_split_cmdline (const char *c + return grub_errno; + grub_memcpy (args, buffer, bp - buffer); + +- *argv = grub_malloc (sizeof (char *) * (*argc + 1)); ++ *argv = grub_calloc (*argc + 1, sizeof (char *)); + if (!*argv) + { + grub_free (args); +Index: grub2-2.02~beta2/grub-core/kern/uboot/uboot.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/kern/uboot/uboot.c ++++ grub2-2.02~beta2/grub-core/kern/uboot/uboot.c +@@ -168,7 +168,7 @@ grub_uboot_dev_enum (void) + return num_devices; + + max_devices = 2; +- enum_devices = grub_malloc (sizeof(struct device_info) * max_devices); ++ enum_devices = grub_calloc (max_devices, sizeof(struct device_info)); + if (!enum_devices) + return 0; + +Index: grub2-2.02~beta2/grub-core/lib/libgcrypt/cipher/ac.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/lib/libgcrypt/cipher/ac.c ++++ grub2-2.02~beta2/grub-core/lib/libgcrypt/cipher/ac.c +@@ -185,7 +185,7 @@ ac_data_mpi_copy (gcry_ac_mpi_t *data_mp + gcry_mpi_t mpi; + char *label; + +- data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n); ++ data_mpis_new = gcry_calloc (data_mpis_n, sizeof (*data_mpis_new)); + if (! data_mpis_new) + { + err = gcry_error_from_errno (errno); +@@ -572,7 +572,7 @@ _gcry_ac_data_to_sexp (gcry_ac_data_t da + } + + /* Add MPI list. */ +- arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1)); ++ arg_list = gcry_calloc (data_n + 1, sizeof (*arg_list)); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +@@ -1283,7 +1283,7 @@ ac_data_construct (const char *identifie + /* We build a list of arguments to pass to + gcry_sexp_build_array(). */ + data_length = _gcry_ac_data_length (data); +- arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2)); ++ arg_list = gcry_calloc (data_length, sizeof (*arg_list) * 2); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +@@ -1593,7 +1593,7 @@ _gcry_ac_key_pair_generate (gcry_ac_hand + arg_list_n += 2; + + /* Allocate list. */ +- arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n); ++ arg_list = gcry_calloc (arg_list_n, sizeof (*arg_list)); + if (! arg_list) + { + err = gcry_error_from_errno (errno); +Index: grub2-2.02~beta2/grub-core/lib/libgcrypt/cipher/primegen.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/lib/libgcrypt/cipher/primegen.c ++++ grub2-2.02~beta2/grub-core/lib/libgcrypt/cipher/primegen.c +@@ -383,7 +383,7 @@ prime_generate_internal (int need_q_fact + } + + /* Allocate an array to track pool usage. */ +- pool_in_use = gcry_malloc (n * sizeof *pool_in_use); ++ pool_in_use = gcry_calloc (n, sizeof *pool_in_use); + if (!pool_in_use) + { + err = gpg_err_code_from_errno (errno); +@@ -765,7 +765,7 @@ gen_prime (unsigned int nbits, int secre + if (nbits < 16) + log_fatal ("can't generate a prime with less than %d bits\n", 16); + +- mods = gcry_xmalloc( no_of_small_prime_numbers * sizeof *mods ); ++ mods = gcry_xcalloc( no_of_small_prime_numbers, sizeof *mods); + /* Make nbits fit into gcry_mpi_t implementation. */ + val_2 = mpi_alloc_set_ui( 2 ); + val_3 = mpi_alloc_set_ui( 3); +Index: grub2-2.02~beta2/grub-core/lib/libgcrypt/cipher/pubkey.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/lib/libgcrypt/cipher/pubkey.c ++++ grub2-2.02~beta2/grub-core/lib/libgcrypt/cipher/pubkey.c +@@ -2941,7 +2941,7 @@ gcry_pk_encrypt (gcry_sexp_t *r_ciph, gc + * array to a format string, so we have to do it this way :-(. */ + /* FIXME: There is now such a format specifier, so we can + change the code to be more clear. */ +- arg_list = malloc (nelem * sizeof *arg_list); ++ arg_list = calloc (nelem, sizeof *arg_list); + if (!arg_list) + { + rc = gpg_err_code_from_syserror (); +@@ -3233,7 +3233,7 @@ gcry_pk_sign (gcry_sexp_t *r_sig, gcry_s + } + strcpy (p, "))"); + +- arg_list = malloc (nelem * sizeof *arg_list); ++ arg_list = calloc (nelem, sizeof *arg_list); + if (!arg_list) + { + rc = gpg_err_code_from_syserror (); +Index: grub2-2.02~beta2/grub-core/lib/priority_queue.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/lib/priority_queue.c ++++ grub2-2.02~beta2/grub-core/lib/priority_queue.c +@@ -92,7 +92,7 @@ grub_priority_queue_new (grub_size_t els + { + struct grub_priority_queue *ret; + void *els; +- els = grub_malloc (elsize * 8); ++ els = grub_calloc (8, elsize); + if (!els) + return 0; + ret = (struct grub_priority_queue *) grub_malloc (sizeof (*ret)); +Index: grub2-2.02~beta2/grub-core/lib/reed_solomon.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/lib/reed_solomon.c ++++ grub2-2.02~beta2/grub-core/lib/reed_solomon.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#define xcalloc calloc + #define xmalloc malloc + #define grub_memset memset + #define grub_memcpy memcpy +@@ -158,11 +159,9 @@ rs_encode (gf_single_t *data, grub_size_ + gf_single_t *rs_polynomial; + int i, j; + gf_single_t *m; +- m = xmalloc ((s + rs) * sizeof (gf_single_t)); ++ m = xcalloc (s + rs, sizeof (gf_single_t)); + grub_memcpy (m, data, s * sizeof (gf_single_t)); +- grub_memset (m + s, 0, rs * sizeof (gf_single_t)); +- rs_polynomial = xmalloc ((rs + 1) * sizeof (gf_single_t)); +- grub_memset (rs_polynomial, 0, (rs + 1) * sizeof (gf_single_t)); ++ rs_polynomial = xcalloc (rs + 1, sizeof (gf_single_t)); + rs_polynomial[rs] = 1; + /* Multiply with X - a^r */ + for (j = 0; j < rs; j++) +Index: grub2-2.02~beta2/grub-core/lib/relocator.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/lib/relocator.c ++++ grub2-2.02~beta2/grub-core/lib/relocator.c +@@ -495,9 +495,9 @@ malloc_in_range (struct grub_relocator * + } + #endif + +- eventt = grub_malloc (maxevents * sizeof (events[0])); ++ eventt = grub_calloc (maxevents, sizeof (events[0])); + counter = grub_malloc ((DIGITSORT_MASK + 2) * sizeof (counter[0])); +- events = grub_malloc (maxevents * sizeof (events[0])); ++ events = grub_calloc (maxevents, sizeof (events[0])); + if (!events || !eventt || !counter) + { + grub_dprintf ("relocator", "events or counter allocation failed %d\n", +@@ -951,7 +951,7 @@ malloc_in_range (struct grub_relocator * + #endif + unsigned cural = 0; + int oom = 0; +- res->subchunks = grub_malloc (sizeof (res->subchunks[0]) * nallocs); ++ res->subchunks = grub_calloc (nallocs, sizeof (res->subchunks[0])); + if (!res->subchunks) + oom = 1; + res->nsubchunks = nallocs; +@@ -1550,8 +1550,8 @@ grub_relocator_prepare_relocs (struct gr + count[(chunk->src & 0xff) + 1]++; + } + } +- from = grub_malloc (nchunks * sizeof (sorted[0])); +- to = grub_malloc (nchunks * sizeof (sorted[0])); ++ from = grub_calloc (nchunks, sizeof (sorted[0])); ++ to = grub_calloc (nchunks, sizeof (sorted[0])); + if (!from || !to) + { + grub_free (from); +Index: grub2-2.02~beta2/grub-core/loader/arm/linux.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/arm/linux.c ++++ grub2-2.02~beta2/grub-core/loader/arm/linux.c +@@ -80,7 +80,7 @@ linux_prepare_atag (void) + + /* some place for cmdline, initrd and terminator. */ + tmp_size = get_atag_size (atag_orig) + 20 + (arg_size) / 4; +- tmp_atag = grub_malloc (tmp_size * sizeof (grub_uint32_t)); ++ tmp_atag = grub_calloc (tmp_size, sizeof (grub_uint32_t)); + if (!tmp_atag) + return grub_errno; + +Index: grub2-2.02~beta2/grub-core/loader/i386/xnu.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/i386/xnu.c ++++ grub2-2.02~beta2/grub-core/loader/i386/xnu.c +@@ -292,7 +292,7 @@ grub_xnu_devprop_add_property_utf8 (stru + return grub_errno; + + len = grub_strlen (name); +- utf16 = grub_malloc (sizeof (grub_uint16_t) * len); ++ utf16 = grub_calloc (len, sizeof (grub_uint16_t)); + if (!utf16) + { + grub_free (utf8); +@@ -328,7 +328,7 @@ grub_xnu_devprop_add_property_utf16 (str + grub_uint16_t *utf16; + grub_err_t err; + +- utf16 = grub_malloc (sizeof (grub_uint16_t) * namelen); ++ utf16 = grub_calloc (namelen, sizeof (grub_uint16_t)); + if (!utf16) + return grub_errno; + grub_memcpy (utf16, name, sizeof (grub_uint16_t) * namelen); +Index: grub2-2.02~beta2/grub-core/loader/macho.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/macho.c ++++ grub2-2.02~beta2/grub-core/loader/macho.c +@@ -97,7 +97,7 @@ grub_macho_file (grub_file_t file, const + if (grub_file_seek (macho->file, sizeof (struct grub_macho_fat_header)) + == (grub_off_t) -1) + goto fail; +- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); ++ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); + if (!archs) + goto fail; + if (grub_file_read (macho->file, archs, +Index: grub2-2.02~beta2/grub-core/loader/xnu.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/xnu.c ++++ grub2-2.02~beta2/grub-core/loader/xnu.c +@@ -791,7 +791,7 @@ grub_cmd_xnu_mkext (grub_command_t cmd _ + if (grub_be_to_cpu32 (head.magic) == GRUB_MACHO_FAT_MAGIC) + { + narchs = grub_be_to_cpu32 (head.nfat_arch); +- archs = grub_malloc (sizeof (struct grub_macho_fat_arch) * narchs); ++ archs = grub_calloc (narchs, sizeof (struct grub_macho_fat_arch)); + if (! archs) + { + grub_file_close (file); +Index: grub2-2.02~beta2/grub-core/mmap/mmap.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/mmap/mmap.c ++++ grub2-2.02~beta2/grub-core/mmap/mmap.c +@@ -143,9 +143,9 @@ grub_mmap_iterate (grub_memory_hook_t ho + + /* Initialize variables. */ + ctx.scanline_events = (struct grub_mmap_scan *) +- grub_malloc (sizeof (struct grub_mmap_scan) * 2 * mmap_num); ++ grub_calloc (mmap_num, sizeof (struct grub_mmap_scan) * 2); + +- present = grub_zalloc (sizeof (present[0]) * current_priority); ++ present = grub_calloc (current_priority, sizeof (present[0])); + + if (! ctx.scanline_events || !present) + { +Index: grub2-2.02~beta2/grub-core/net/bootp.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/net/bootp.c ++++ grub2-2.02~beta2/grub-core/net/bootp.c +@@ -1234,7 +1234,7 @@ grub_cmd_bootp (struct grub_command *cmd + if (ncards == 0) + return grub_error (GRUB_ERR_NET_NO_CARD, N_("no network card found")); + +- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); ++ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); + if (!ifaces) + return grub_errno; + +Index: grub2-2.02~beta2/grub-core/net/dns.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/net/dns.c ++++ grub2-2.02~beta2/grub-core/net/dns.c +@@ -276,8 +276,8 @@ recv_hook (grub_net_udp_socket_t sock __ + ptr++; + ptr += 4; + } +- *data->addresses = grub_malloc (sizeof ((*data->addresses)[0]) +- * grub_cpu_to_be16 (head->ancount)); ++ *data->addresses = grub_calloc (grub_cpu_to_be16 (head->ancount), ++ sizeof ((*data->addresses)[0])); + if (!*data->addresses) + { + grub_errno = GRUB_ERR_NONE; +@@ -397,8 +397,8 @@ recv_hook (grub_net_udp_socket_t sock __ + dns_cache[h].addresses = 0; + dns_cache[h].name = grub_strdup (data->oname); + dns_cache[h].naddresses = *data->naddresses; +- dns_cache[h].addresses = grub_malloc (*data->naddresses +- * sizeof (dns_cache[h].addresses[0])); ++ dns_cache[h].addresses = grub_calloc (*data->naddresses, ++ sizeof (dns_cache[h].addresses[0])); + dns_cache[h].limit_time = grub_get_time_ms () + 1000 * ttl_all; + if (!dns_cache[h].addresses || !dns_cache[h].name) + { +@@ -470,7 +470,7 @@ grub_net_dns_lookup (const char *name, + } + } + +- sockets = grub_malloc (sizeof (sockets[0]) * n_servers); ++ sockets = grub_calloc (n_servers, sizeof (sockets[0])); + if (!sockets) + return grub_errno; + +Index: grub2-2.02~beta2/grub-core/net/net.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/net/net.c ++++ grub2-2.02~beta2/grub-core/net/net.c +@@ -333,8 +333,8 @@ grub_cmd_ipv6_autoconf (struct grub_comm + ncards++; + } + +- ifaces = grub_zalloc (ncards * sizeof (ifaces[0])); +- slaacs = grub_zalloc (ncards * sizeof (slaacs[0])); ++ ifaces = grub_calloc (ncards, sizeof (ifaces[0])); ++ slaacs = grub_calloc (ncards, sizeof (slaacs[0])); + if (!ifaces || !slaacs) + { + grub_free (ifaces); +Index: grub2-2.02~beta2/grub-core/normal/charset.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/normal/charset.c ++++ grub2-2.02~beta2/grub-core/normal/charset.c +@@ -203,7 +203,7 @@ grub_utf8_to_ucs4_alloc (const char *msg + { + grub_size_t msg_len = grub_strlen (msg); + +- *unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ *unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + if (!*unicode_msg) + return -1; +@@ -488,7 +488,7 @@ grub_unicode_aglomerate_comb (const grub + } + else + { +- n = grub_malloc (sizeof (n[0]) * (out->ncomb + 1)); ++ n = grub_calloc (out->ncomb + 1, sizeof (n[0])); + if (!n) + { + grub_errno = GRUB_ERR_NONE; +@@ -842,7 +842,7 @@ grub_bidi_line_logical_to_visual (const + } \ + } + +- visual = grub_malloc (sizeof (visual[0]) * logical_len); ++ visual = grub_calloc (logical_len, sizeof (visual[0])); + if (!visual) + return -1; + +@@ -1154,8 +1154,8 @@ grub_bidi_logical_to_visual (const grub_ + { + const grub_uint32_t *line_start = logical, *ptr; + struct grub_unicode_glyph *visual_ptr; +- *visual_out = visual_ptr = grub_malloc (3 * sizeof (visual_ptr[0]) +- * (logical_len + 2)); ++ *visual_out = visual_ptr = grub_calloc (logical_len + 2, ++ 3 * sizeof (visual_ptr[0])); + if (!visual_ptr) + return -1; + for (ptr = logical; ptr <= logical + logical_len; ptr++) +Index: grub2-2.02~beta2/grub-core/normal/cmdline.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/normal/cmdline.c ++++ grub2-2.02~beta2/grub-core/normal/cmdline.c +@@ -41,7 +41,7 @@ grub_err_t + grub_set_history (int newsize) + { + grub_uint32_t **old_hist_lines = hist_lines; +- hist_lines = grub_malloc (sizeof (grub_uint32_t *) * newsize); ++ hist_lines = grub_calloc (newsize, sizeof (grub_uint32_t *)); + + /* Copy the old lines into the new buffer. */ + if (old_hist_lines) +@@ -114,7 +114,7 @@ static void + grub_history_set (int pos, grub_uint32_t *s, grub_size_t len) + { + grub_free (hist_lines[pos]); +- hist_lines[pos] = grub_malloc ((len + 1) * sizeof (grub_uint32_t)); ++ hist_lines[pos] = grub_calloc (len + 1, sizeof (grub_uint32_t)); + if (!hist_lines[pos]) + { + grub_print_error (); +@@ -349,7 +349,7 @@ grub_cmdline_get (const char *prompt_tra + char *ret; + unsigned nterms; + +- buf = grub_malloc (max_len * sizeof (grub_uint32_t)); ++ buf = grub_calloc (max_len, sizeof (grub_uint32_t)); + if (!buf) + return 0; + +@@ -377,7 +377,7 @@ grub_cmdline_get (const char *prompt_tra + FOR_ACTIVE_TERM_OUTPUTS(cur) + nterms++; + +- cl_terms = grub_malloc (sizeof (cl_terms[0]) * nterms); ++ cl_terms = grub_calloc (nterms, sizeof (cl_terms[0])); + if (!cl_terms) + { + grub_free (buf); +@@ -385,7 +385,7 @@ grub_cmdline_get (const char *prompt_tra + } + cl_term_cur = cl_terms; + +- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + if (!unicode_msg) + { + grub_free (buf); +@@ -494,7 +494,7 @@ grub_cmdline_get (const char *prompt_tra + grub_uint32_t *insert; + + insertlen = grub_strlen (insertu8); +- insert = grub_malloc ((insertlen + 1) * sizeof (grub_uint32_t)); ++ insert = grub_calloc (insertlen + 1, sizeof (grub_uint32_t)); + if (!insert) + { + grub_free (insertu8); +@@ -601,7 +601,7 @@ grub_cmdline_get (const char *prompt_tra + + grub_free (kill_buf); + +- kill_buf = grub_malloc ((n + 1) * sizeof(grub_uint32_t)); ++ kill_buf = grub_calloc (n + 1, sizeof (grub_uint32_t)); + if (grub_errno) + { + grub_print_error (); +Index: grub2-2.02~beta2/grub-core/normal/menu_entry.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/normal/menu_entry.c ++++ grub2-2.02~beta2/grub-core/normal/menu_entry.c +@@ -95,8 +95,8 @@ init_line (struct screen *screen, struct + { + linep->len = 0; + linep->max_len = 80; +- linep->buf = grub_malloc ((linep->max_len + 1) * sizeof (linep->buf[0])); +- linep->pos = grub_zalloc (screen->nterms * sizeof (linep->pos[0])); ++ linep->buf = grub_calloc (linep->max_len + 1, sizeof (linep->buf[0])); ++ linep->pos = grub_calloc (screen->nterms, sizeof (linep->pos[0])); + if (! linep->buf || !linep->pos) + { + grub_free (linep->buf); +@@ -281,7 +281,7 @@ update_screen (struct screen *screen, st + pos = linep->pos + (term_screen - screen->terms); + + if (!*pos) +- *pos = grub_zalloc ((linep->len + 1) * sizeof (**pos)); ++ *pos = grub_calloc (linep->len + 1, sizeof (**pos)); + + if (i == region_start || linep == screen->lines + screen->line + || (i > region_start && mode == ALL_LINES)) +@@ -463,7 +463,7 @@ insert_string (struct screen *screen, co + + /* Insert the string. */ + current_linep = screen->lines + screen->line; +- unicode_msg = grub_malloc ((p - s) * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (p - s, sizeof (grub_uint32_t)); + + if (!unicode_msg) + return 0; +@@ -1012,7 +1012,7 @@ complete (struct screen *screen, int con + if (completion_buffer.buf) + { + buflen = grub_strlen (completion_buffer.buf); +- ucs4 = grub_malloc (sizeof (grub_uint32_t) * (buflen + 1)); ++ ucs4 = grub_calloc (buflen + 1, sizeof (grub_uint32_t)); + + if (!ucs4) + { +@@ -1257,7 +1257,7 @@ grub_menu_entry_run (grub_menu_entry_t e + for (i = 0; i < (unsigned) screen->num_lines; i++) + { + grub_free (screen->lines[i].pos); +- screen->lines[i].pos = grub_zalloc (screen->nterms * sizeof (screen->lines[i].pos[0])); ++ screen->lines[i].pos = grub_calloc (screen->nterms, sizeof (screen->lines[i].pos[0])); + if (! screen->lines[i].pos) + { + grub_print_error (); +@@ -1266,7 +1266,7 @@ grub_menu_entry_run (grub_menu_entry_t e + } + } + +- screen->terms = grub_zalloc (screen->nterms * sizeof (screen->terms[0])); ++ screen->terms = grub_calloc (screen->nterms, sizeof (screen->terms[0])); + if (!screen->terms) + { + grub_print_error (); +Index: grub2-2.02~beta2/grub-core/normal/menu_text.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/normal/menu_text.c ++++ grub2-2.02~beta2/grub-core/normal/menu_text.c +@@ -78,7 +78,7 @@ grub_print_message_indented_real (const + grub_size_t msg_len = grub_strlen (msg) + 2; + int ret = 0; + +- unicode_msg = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_msg = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + if (!unicode_msg) + return 0; +@@ -211,7 +211,7 @@ print_entry (int y, int highlight, grub_ + + title = entry ? entry->title : ""; + title_len = grub_strlen (title); +- unicode_title = grub_malloc (title_len * sizeof (*unicode_title)); ++ unicode_title = grub_calloc (title_len, sizeof (*unicode_title)); + if (! unicode_title) + /* XXX How to show this error? */ + return; +Index: grub2-2.02~beta2/grub-core/normal/term.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/normal/term.c ++++ grub2-2.02~beta2/grub-core/normal/term.c +@@ -264,7 +264,7 @@ grub_term_save_pos (void) + FOR_ACTIVE_TERM_OUTPUTS(cur) + cnt++; + +- ret = grub_malloc (cnt * sizeof (ret[0])); ++ ret = grub_calloc (cnt, sizeof (ret[0])); + if (!ret) + return NULL; + +@@ -1013,7 +1013,7 @@ grub_xnputs (const char *str, grub_size_ + + grub_error_push (); + +- unicode_str = grub_malloc (msg_len * sizeof (grub_uint32_t)); ++ unicode_str = grub_calloc (msg_len, sizeof (grub_uint32_t)); + + grub_error_pop (); + +Index: grub2-2.02~beta2/grub-core/osdep/linux/getroot.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/osdep/linux/getroot.c ++++ grub2-2.02~beta2/grub-core/osdep/linux/getroot.c +@@ -162,7 +162,7 @@ grub_util_raid_getmembers (const char *n + if (ret != 0) + grub_util_error (_("ioctl GET_ARRAY_INFO error: %s"), strerror (errno)); + +- devicelist = xmalloc ((info.nr_disks + 1) * sizeof (char *)); ++ devicelist = xcalloc (info.nr_disks + 1, sizeof (char *)); + + for (i = 0, j = 0; j < info.nr_disks; i++) + { +@@ -235,7 +235,7 @@ grub_find_root_devices_from_btrfs (const + return NULL; + } + +- ret = xmalloc ((fsi.num_devices + 1) * sizeof (ret[0])); ++ ret = xcalloc (fsi.num_devices + 1, sizeof (ret[0])); + + for (i = 1; i <= fsi.max_id && j < fsi.num_devices; i++) + { +@@ -385,7 +385,7 @@ grub_find_root_devices_from_mountinfo (c + if (! fp) + return NULL; /* fall through to other methods */ + +- entries = xmalloc (entry_max * sizeof (*entries)); ++ entries = xcalloc (entry_max, sizeof (*entries)); + + /* First, build a list of relevant visible mounts. */ + while (getline (&buf, &len, fp) > 0) +Index: grub2-2.02~beta2/grub-core/osdep/unix/config.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/osdep/unix/config.c ++++ grub2-2.02~beta2/grub-core/osdep/unix/config.c +@@ -130,7 +130,7 @@ grub_util_load_config (struct grub_util_ + if (num_cfgpaths == 0) + goto out; + +- sorted_cfgpaths = xmalloc (num_cfgpaths * sizeof (*sorted_cfgpaths)); ++ sorted_cfgpaths = xcalloc (num_cfgpaths, sizeof (*sorted_cfgpaths)); + i = 0; + if (grub_util_is_regular (cfgfile)) + sorted_cfgpaths[i++] = xstrdup (cfgfile); +Index: grub2-2.02~beta2/grub-core/osdep/windows/getroot.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/osdep/windows/getroot.c ++++ grub2-2.02~beta2/grub-core/osdep/windows/getroot.c +@@ -59,7 +59,7 @@ grub_get_mount_point (const TCHAR *path) + + for (ptr = path; *ptr; ptr++); + allocsize = (ptr - path + 10) * 2; +- out = xmalloc (allocsize * sizeof (out[0])); ++ out = xcalloc (allocsize, sizeof (out[0])); + + /* When pointing to EFI system partition GetVolumePathName fails + for ESP root and returns abberant information for everything +Index: grub2-2.02~beta2/grub-core/osdep/windows/hostdisk.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/osdep/windows/hostdisk.c ++++ grub2-2.02~beta2/grub-core/osdep/windows/hostdisk.c +@@ -111,7 +111,7 @@ grub_util_get_windows_path_real (const c + + while (1) + { +- fpa = xmalloc (alloc * sizeof (fpa[0])); ++ fpa = xcalloc (alloc, sizeof (fpa[0])); + + len = GetFullPathName (tpath, alloc, fpa, NULL); + if (len >= alloc) +@@ -387,7 +387,7 @@ grub_util_fd_opendir (const char *name) + for (l = 0; name_windows[l]; l++); + for (l--; l >= 0 && (name_windows[l] == '\\' || name_windows[l] == '/'); l--); + l++; +- pattern = xmalloc ((l + 3) * sizeof (pattern[0])); ++ pattern = xcalloc (l + 3, sizeof (pattern[0])); + memcpy (pattern, name_windows, l * sizeof (pattern[0])); + pattern[l] = '\\'; + pattern[l + 1] = '*'; +Index: grub2-2.02~beta2/grub-core/osdep/windows/init.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/osdep/windows/init.c ++++ grub2-2.02~beta2/grub-core/osdep/windows/init.c +@@ -161,7 +161,7 @@ grub_util_host_init (int *argc __attribu + LPWSTR *targv; + + targv = CommandLineToArgvW (tcmdline, argc); +- *argv = xmalloc ((*argc + 1) * sizeof (argv[0])); ++ *argv = xcalloc (*argc + 1, sizeof (argv[0])); + + for (i = 0; i < *argc; i++) + (*argv)[i] = grub_util_tchar_to_utf8 (targv[i]); +Index: grub2-2.02~beta2/grub-core/osdep/windows/platform.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/osdep/windows/platform.c ++++ grub2-2.02~beta2/grub-core/osdep/windows/platform.c +@@ -231,8 +231,8 @@ grub_install_register_efi (grub_device_t + grub_util_error ("%s", _("no EFI routines are available when running in BIOS mode")); + + distrib8_len = grub_strlen (efi_distributor); +- distributor16 = xmalloc ((distrib8_len + 1) * GRUB_MAX_UTF16_PER_UTF8 +- * sizeof (grub_uint16_t)); ++ distributor16 = xcalloc (distrib8_len + 1, ++ GRUB_MAX_UTF16_PER_UTF8 * sizeof (grub_uint16_t)); + distrib16_len = grub_utf8_to_utf16 (distributor16, distrib8_len * GRUB_MAX_UTF16_PER_UTF8, + (const grub_uint8_t *) efi_distributor, + distrib8_len, 0); +Index: grub2-2.02~beta2/grub-core/osdep/windows/relpath.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/osdep/windows/relpath.c ++++ grub2-2.02~beta2/grub-core/osdep/windows/relpath.c +@@ -72,7 +72,7 @@ grub_make_system_path_relative_to_its_ro + if (dirwindows[0] && dirwindows[1] == ':') + offset = 2; + } +- ret = xmalloc (sizeof (ret[0]) * (flen - offset + 2)); ++ ret = xcalloc (flen - offset + 2, sizeof (ret[0])); + if (dirwindows[offset] != '\\' + && dirwindows[offset] != '/' + && dirwindows[offset]) +Index: grub2-2.02~beta2/grub-core/partmap/gpt.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/partmap/gpt.c ++++ grub2-2.02~beta2/grub-core/partmap/gpt.c +@@ -199,7 +199,7 @@ gpt_partition_map_embed (struct grub_dis + *nsectors = ctx.len; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +Index: grub2-2.02~beta2/grub-core/partmap/msdos.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/partmap/msdos.c ++++ grub2-2.02~beta2/grub-core/partmap/msdos.c +@@ -337,7 +337,7 @@ pc_partition_map_embed (struct grub_disk + avail_nsectors = *nsectors; + if (*nsectors > max_nsectors) + *nsectors = max_nsectors; +- *sectors = grub_malloc (*nsectors * sizeof (**sectors)); ++ *sectors = grub_calloc (*nsectors, sizeof (**sectors)); + if (!*sectors) + return grub_errno; + for (i = 0; i < *nsectors; i++) +Index: grub2-2.02~beta2/grub-core/script/execute.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/script/execute.c ++++ grub2-2.02~beta2/grub-core/script/execute.c +@@ -552,7 +552,7 @@ gettext_append (struct grub_script_argv + for (iptr = orig_str; *iptr; iptr++) + if (*iptr == '$') + dollar_cnt++; +- ctx.allowed_strings = grub_malloc (sizeof (ctx.allowed_strings[0]) * dollar_cnt); ++ ctx.allowed_strings = grub_calloc (dollar_cnt, sizeof (ctx.allowed_strings[0])); + + if (parse_string (orig_str, gettext_save_allow, &ctx, 0)) + goto fail; +Index: grub2-2.02~beta2/grub-core/tests/fake_input.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/tests/fake_input.c ++++ grub2-2.02~beta2/grub-core/tests/fake_input.c +@@ -49,7 +49,7 @@ grub_terminal_input_fake_sequence (int * + saved = grub_term_inputs; + if (seq) + grub_free (seq); +- seq = grub_malloc (nseq_in * sizeof (seq[0])); ++ seq = grub_calloc (nseq_in, sizeof (seq[0])); + if (!seq) + return; + +Index: grub2-2.02~beta2/grub-core/tests/video_checksum.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/tests/video_checksum.c ++++ grub2-2.02~beta2/grub-core/tests/video_checksum.c +@@ -336,7 +336,7 @@ grub_video_capture_write_bmp (const char + { + case 4: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); +@@ -367,7 +367,7 @@ grub_video_capture_write_bmp (const char + } + case 3: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint32_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint32_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint32_t bmask = ((1 << mode_info->blue_mask_size) - 1); +@@ -407,7 +407,7 @@ grub_video_capture_write_bmp (const char + } + case 2: + { +- grub_uint8_t *buffer = xmalloc (mode_info->width * 3); ++ grub_uint8_t *buffer = xcalloc (3, mode_info->width); + grub_uint16_t rmask = ((1 << mode_info->red_mask_size) - 1); + grub_uint16_t gmask = ((1 << mode_info->green_mask_size) - 1); + grub_uint16_t bmask = ((1 << mode_info->blue_mask_size) - 1); +Index: grub2-2.02~beta2/grub-core/video/capture.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/video/capture.c ++++ grub2-2.02~beta2/grub-core/video/capture.c +@@ -88,7 +88,7 @@ grub_video_capture_start (const struct g + framebuffer.mode_info = *mode_info; + framebuffer.mode_info.blit_format = grub_video_get_blit_format (&framebuffer.mode_info); + +- framebuffer.ptr = grub_malloc (framebuffer.mode_info.height * framebuffer.mode_info.pitch); ++ framebuffer.ptr = grub_calloc (framebuffer.mode_info.height, framebuffer.mode_info.pitch); + if (!framebuffer.ptr) + return grub_errno; + +Index: grub2-2.02~beta2/grub-core/video/emu/sdl.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/video/emu/sdl.c ++++ grub2-2.02~beta2/grub-core/video/emu/sdl.c +@@ -172,7 +172,7 @@ grub_video_sdl_set_palette (unsigned int + if (start + count > mode_info.number_of_colors) + count = mode_info.number_of_colors - start; + +- tmp = grub_malloc (count * sizeof (tmp[0])); ++ tmp = grub_calloc (count, sizeof (tmp[0])); + for (i = 0; i < count; i++) + { + tmp[i].r = palette_data[i].r; +Index: grub2-2.02~beta2/grub-core/video/i386/pc/vga.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/video/i386/pc/vga.c ++++ grub2-2.02~beta2/grub-core/video/i386/pc/vga.c +@@ -127,7 +127,7 @@ grub_video_vga_setup (unsigned int width + + vga_height = height ? : 480; + +- framebuffer.temporary_buffer = grub_malloc (vga_height * VGA_WIDTH); ++ framebuffer.temporary_buffer = grub_calloc (vga_height, VGA_WIDTH); + framebuffer.front_page = 0; + framebuffer.back_page = 0; + if (!framebuffer.temporary_buffer) +Index: grub2-2.02~beta2/grub-core/video/readers/png.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/video/readers/png.c ++++ grub2-2.02~beta2/grub-core/video/readers/png.c +@@ -309,7 +309,7 @@ grub_png_decode_image_header (struct gru + if (data->is_16bit || data->is_gray || data->is_palette) + #endif + { +- data->image_data = grub_malloc (data->image_height * data->row_bytes); ++ data->image_data = grub_calloc (data->image_height, data->row_bytes); + if (grub_errno) + return grub_errno; + +Index: grub2-2.02~beta2/include/grub/unicode.h +=================================================================== +--- grub2-2.02~beta2.orig/include/grub/unicode.h ++++ grub2-2.02~beta2/include/grub/unicode.h +@@ -293,7 +293,7 @@ grub_unicode_glyph_dup (const struct gru + grub_memcpy (out, in, sizeof (*in)); + if (in->ncomb > ARRAY_SIZE (out->combining_inline)) + { +- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); ++ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); + if (!out->combining_ptr) + { + grub_free (out); +@@ -315,7 +315,7 @@ grub_unicode_set_glyph (struct grub_unic + grub_memcpy (out, in, sizeof (*in)); + if (in->ncomb > ARRAY_SIZE (out->combining_inline)) + { +- out->combining_ptr = grub_malloc (in->ncomb * sizeof (out->combining_ptr[0])); ++ out->combining_ptr = grub_calloc (in->ncomb, sizeof (out->combining_ptr[0])); + if (!out->combining_ptr) + return; + grub_memcpy (out->combining_ptr, in->combining_ptr, +Index: grub2-2.02~beta2/util/getroot.c +=================================================================== +--- grub2-2.02~beta2.orig/util/getroot.c ++++ grub2-2.02~beta2/util/getroot.c +@@ -199,7 +199,7 @@ make_device_name (const char *drive) + char *ret, *ptr; + const char *iptr; + +- ret = xmalloc (strlen (drive) * 2); ++ ret = xcalloc (2, strlen (drive)); + ptr = ret; + for (iptr = drive; *iptr; iptr++) + { +Index: grub2-2.02~beta2/util/grub-file.c +=================================================================== +--- grub2-2.02~beta2.orig/util/grub-file.c ++++ grub2-2.02~beta2/util/grub-file.c +@@ -54,7 +54,7 @@ main (int argc, char *argv[]) + + grub_util_host_init (&argc, &argv); + +- argv2 = xmalloc (argc * sizeof (argv2[0])); ++ argv2 = xcalloc (argc, sizeof (argv2[0])); + + if (argc == 2 && strcmp (argv[1], "--version") == 0) + { +Index: grub2-2.02~beta2/util/grub-fstest.c +=================================================================== +--- grub2-2.02~beta2.orig/util/grub-fstest.c ++++ grub2-2.02~beta2/util/grub-fstest.c +@@ -650,7 +650,7 @@ argp_parser (int key, char *arg, struct + if (args_count < num_disks) + { + if (args_count == 0) +- images = xmalloc (num_disks * sizeof (images[0])); ++ images = xcalloc (num_disks, sizeof (images[0])); + images[args_count] = canonicalize_file_name (arg); + args_count++; + return 0; +@@ -734,7 +734,7 @@ main (int argc, char *argv[]) + + grub_util_host_init (&argc, &argv); + +- args = xmalloc (argc * sizeof (args[0])); ++ args = xcalloc (argc, sizeof (args[0])); + + argp_parse (&argp, argc, argv, 0, 0, 0); + +Index: grub2-2.02~beta2/util/grub-install-common.c +=================================================================== +--- grub2-2.02~beta2.orig/util/grub-install-common.c ++++ grub2-2.02~beta2/util/grub-install-common.c +@@ -280,7 +280,7 @@ handle_install_list (struct install_list + il->n_entries++; + } + il->n_alloc = il->n_entries + 1; +- il->entries = xmalloc (il->n_alloc * sizeof (il->entries[0])); ++ il->entries = xcalloc (il->n_alloc, sizeof (il->entries[0])); + ptr = val; + for (ce = il->entries; ; ce++) + { +Index: grub2-2.02~beta2/util/grub-install.c +=================================================================== +--- grub2-2.02~beta2.orig/util/grub-install.c ++++ grub2-2.02~beta2/util/grub-install.c +@@ -638,7 +638,7 @@ device_map_check_duplicates (const char + char **d; + size_t i; + +- d = xmalloc (alloced * sizeof (d[0])); ++ d = xcalloc (alloced, sizeof (d[0])); + + if (dev_map[0] == '\0') + return; +@@ -1348,7 +1348,7 @@ main (int argc, char *argv[]) + ndev++; + } + +- grub_drives = xmalloc (sizeof (grub_drives[0]) * (ndev + 1)); ++ grub_drives = xcalloc (ndev + 1, sizeof (grub_drives[0])); + + for (curdev = grub_devices, curdrive = grub_drives; *curdev; curdev++, + curdrive++) +Index: grub2-2.02~beta2/util/grub-mkstandalone.c +=================================================================== +--- grub2-2.02~beta2.orig/util/grub-mkstandalone.c ++++ grub2-2.02~beta2/util/grub-mkstandalone.c +@@ -295,7 +295,7 @@ main (int argc, char *argv[]) + grub_util_host_init (&argc, &argv); + grub_util_disable_fd_syncs (); + +- files = xmalloc ((argc + 1) * sizeof (files[0])); ++ files = xcalloc (argc + 1, sizeof (files[0])); + + argp_parse (&argp, argc, argv, 0, 0, 0); + +Index: grub2-2.02~beta2/util/grub-pe2elf.c +=================================================================== +--- grub2-2.02~beta2.orig/util/grub-pe2elf.c ++++ grub2-2.02~beta2/util/grub-pe2elf.c +@@ -100,9 +100,9 @@ write_section_data (FILE* fp, const char + char *pe_strtab = (image + pe_chdr->symtab_offset + + pe_chdr->num_symbols * sizeof (struct grub_pe32_symbol)); + +- section_map = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (int)); ++ section_map = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (int)); + section_map[0] = 0; +- shdr = xmalloc ((2 * pe_chdr->num_sections + 5) * sizeof (shdr[0])); ++ shdr = xcalloc (2 * pe_chdr->num_sections + 5, sizeof (shdr[0])); + idx = 1; + idx_reloc = pe_chdr->num_sections + 1; + +@@ -233,7 +233,7 @@ write_reloc_section (FILE* fp, const cha + + pe_sec = pe_shdr + shdr[i].sh_link; + pe_rel = (struct grub_pe32_reloc *) (image + pe_sec->relocations_offset); +- rel = (elf_reloc_t *) xmalloc (pe_sec->num_relocations * sizeof (elf_reloc_t)); ++ rel = (elf_reloc_t *) xcalloc (pe_sec->num_relocations, sizeof (elf_reloc_t)); + num_rels = 0; + modified = 0; + +@@ -365,12 +365,10 @@ write_symbol_table (FILE* fp, const char + pe_symtab = (struct grub_pe32_symbol *) (image + pe_chdr->symtab_offset); + pe_strtab = (char *) (pe_symtab + pe_chdr->num_symbols); + +- symtab = (Elf_Sym *) xmalloc ((pe_chdr->num_symbols + 1) * +- sizeof (Elf_Sym)); +- memset (symtab, 0, (pe_chdr->num_symbols + 1) * sizeof (Elf_Sym)); ++ symtab = (Elf_Sym *) xcalloc (pe_chdr->num_symbols + 1, sizeof (Elf_Sym)); + num_syms = 1; + +- symtab_map = (int *) xmalloc (pe_chdr->num_symbols * sizeof (int)); ++ symtab_map = (int *) xcalloc (pe_chdr->num_symbols, sizeof (int)); + + for (i = 0; i < (int) pe_chdr->num_symbols; + i += pe_symtab->num_aux + 1, pe_symtab += pe_symtab->num_aux + 1) +Index: grub2-2.02~beta2/util/grub-probe.c +=================================================================== +--- grub2-2.02~beta2.orig/util/grub-probe.c ++++ grub2-2.02~beta2/util/grub-probe.c +@@ -304,8 +304,8 @@ probe (const char *path, char **device_n + grub_util_pull_device (*curdev); + ndev++; + } +- +- drives_names = xmalloc (sizeof (drives_names[0]) * (ndev + 1)); ++ ++ drives_names = xcalloc (ndev + 1, sizeof (drives_names[0])); + + for (curdev = device_names, curdrive = drives_names; *curdev; curdev++, + curdrive++) +Index: grub2-2.02~beta2/util/grub-mkimagexx.c +=================================================================== +--- grub2-2.02~beta2.orig/util/grub-mkimagexx.c ++++ grub2-2.02~beta2/util/grub-mkimagexx.c +@@ -1344,7 +1344,7 @@ SUFFIX (locate_sections) (const char *ke + + *all_align = 1; + +- section_addresses = xmalloc (sizeof (*section_addresses) * num_sections); ++ section_addresses = xcalloc (num_sections, sizeof (*section_addresses)); + memset (section_addresses, 0, sizeof (*section_addresses) * num_sections); + + current_address = 0; +@@ -1481,7 +1481,7 @@ SUFFIX (load_image) (const char *kernel_ + exec_size, kernel_sz, align, + image_target); + +- section_vaddresses = xmalloc (sizeof (*section_addresses) * num_sections); ++ section_vaddresses = xcalloc (num_sections, sizeof (*section_addresses)); + + for (i = 0; i < num_sections; i++) + section_vaddresses[i] = section_addresses[i] + image_target->vaddr_offset; +Index: grub2-2.02~beta2/grub-core/commands/legacycfg.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/commands/legacycfg.c ++++ grub2-2.02~beta2/grub-core/commands/legacycfg.c +@@ -304,7 +304,7 @@ grub_cmd_legacy_kernel (struct grub_comm + if (argc < 2) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); + +- cutargs = grub_malloc (sizeof (cutargs[0]) * (argc - 1)); ++ cutargs = grub_calloc (argc - 1, sizeof (cutargs[0])); + cutargc = argc - 1; + grub_memcpy (cutargs + 1, args + 2, sizeof (cutargs[0]) * (argc - 2)); + cutargs[0] = args[0]; +@@ -420,7 +420,7 @@ grub_cmd_legacy_kernel (struct grub_comm + { + char rbuf[3] = "-r"; + bsdargc = cutargc + 2; +- bsdargs = grub_malloc (sizeof (bsdargs[0]) * bsdargc); ++ bsdargs = grub_calloc (bsdargc, sizeof (bsdargs[0])); + grub_memcpy (bsdargs, args, argc * sizeof (bsdargs[0])); + bsdargs[argc] = rbuf; + bsdargs[argc + 1] = bsddevname; +@@ -523,7 +523,7 @@ grub_cmd_legacy_initrdnounzip (struct gr + char **newargs; + grub_err_t err; + char nounzipbuf[10] = "--nounzip"; +- newargs = grub_malloc ((argc + 1) * sizeof (newargs[0])); ++ newargs = grub_calloc (argc + 1, sizeof (newargs[0])); + if (!newargs) + return grub_errno; + grub_memcpy (newargs + 1, args, argc * sizeof (newargs[0])); +Index: grub2-2.02~beta2/grub-core/loader/i386/bsdXX.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/i386/bsdXX.c ++++ grub2-2.02~beta2/grub-core/loader/i386/bsdXX.c +@@ -48,7 +48,7 @@ read_headers (grub_file_t file, const ch + if (e->e_ident[EI_CLASS] != SUFFIX (ELFCLASS)) + return grub_error (GRUB_ERR_BAD_OS, N_("invalid arch-dependent ELF magic")); + +- *shdr = grub_malloc (e->e_shnum * e->e_shentsize); ++ *shdr = grub_calloc (e->e_shnum, e->e_shentsize); + if (! *shdr) + return grub_errno; + +Index: grub2-2.02~beta2/grub-core/loader/multiboot_elfxx.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/multiboot_elfxx.c ++++ grub2-2.02~beta2/grub-core/loader/multiboot_elfxx.c +@@ -164,7 +164,7 @@ CONCAT(grub_multiboot_load_elf, XX) (gru + { + grub_uint8_t *shdr, *shdrptr; + +- shdr = grub_malloc (ehdr->e_shnum * ehdr->e_shentsize); ++ shdr = grub_calloc (ehdr->e_shnum, ehdr->e_shentsize); + if (!shdr) + return grub_errno; + diff -Nru grub2-2.02~beta2/debian/patches/0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch grub2-2.02~beta2/debian/patches/0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch --- grub2-2.02~beta2/debian/patches/0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,1318 @@ +From 012c6974aaafae101681100dbe7abd5ef55d825d Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Mon, 15 Jun 2020 12:28:27 -0400 +Subject: malloc: Use overflow checking primitives where we do complex + allocations + +This attempts to fix the places where we do the following where +arithmetic_expr may include unvalidated data: + + X = grub_malloc(arithmetic_expr); + +It accomplishes this by doing the arithmetic ahead of time using grub_add(), +grub_sub(), grub_mul() and testing for overflow before proceeding. + +Among other issues, this fixes: + - allocation of integer overflow in grub_video_bitmap_create() + reported by Chris Coulson, + - allocation of integer overflow in grub_png_decode_image_header() + reported by Chris Coulson, + - allocation of integer overflow in grub_squash_read_symlink() + reported by Chris Coulson, + - allocation of integer overflow in grub_ext2_read_symlink() + reported by Chris Coulson, + - allocation of integer overflow in read_section_as_string() + reported by Chris Coulson. + +Fixes: CVE-2020-14309, CVE-2020-14310, CVE-2020-14311 + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/commands/legacycfg.c | 29 +++++++++++++++---- + grub-core/commands/wildcard.c | 36 ++++++++++++++++++++---- + grub-core/disk/ldm.c | 32 +++++++++++++++------ + grub-core/font/font.c | 7 ++++- + grub-core/fs/btrfs.c | 28 +++++++++++++------ + grub-core/fs/ext2.c | 10 ++++++- + grub-core/fs/iso9660.c | 51 ++++++++++++++++++++++++---------- + grub-core/fs/sfs.c | 27 ++++++++++++++---- + grub-core/fs/squash4.c | 45 ++++++++++++++++++++++-------- + grub-core/fs/udf.c | 41 +++++++++++++++++---------- + grub-core/fs/xfs.c | 11 +++++--- + grub-core/fs/zfs/zfs.c | 22 ++++++++++----- + grub-core/fs/zfs/zfscrypt.c | 7 ++++- + grub-core/lib/arg.c | 20 +++++++++++-- + grub-core/loader/i386/bsd.c | 8 +++++- + grub-core/net/dns.c | 9 +++++- + grub-core/normal/charset.c | 10 +++++-- + grub-core/normal/cmdline.c | 14 ++++++++-- + grub-core/normal/menu_entry.c | 13 +++++++-- + grub-core/script/argv.c | 16 +++++++++-- + grub-core/script/lexer.c | 21 ++++++++++++-- + grub-core/video/bitmap.c | 25 +++++++++++------ + grub-core/video/readers/png.c | 13 +++++++-- + 23 files changed, 382 insertions(+), 113 deletions(-) + +Index: grub2-2.02~beta2/grub-core/commands/legacycfg.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/commands/legacycfg.c ++++ grub2-2.02~beta2/grub-core/commands/legacycfg.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -97,13 +98,22 @@ legacy_file (const char *filename) + if (newsuffix) + { + char *t; +- ++ grub_size_t sz; ++ ++ if (grub_add (grub_strlen (suffix), grub_strlen (newsuffix), &sz) || ++ grub_add (sz, 1, &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail_0; ++ } ++ + t = suffix; +- suffix = grub_realloc (suffix, grub_strlen (suffix) +- + grub_strlen (newsuffix) + 1); ++ suffix = grub_realloc (suffix, sz); + if (!suffix) + { + grub_free (t); ++ ++ fail_0: + grub_free (entrysrc); + grub_free (parsed); + grub_free (newsuffix); +@@ -147,13 +157,22 @@ legacy_file (const char *filename) + else + { + char *t; ++ grub_size_t sz; ++ ++ if (grub_add (grub_strlen (entrysrc), grub_strlen (parsed), &sz) || ++ grub_add (sz, 1, &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail_1; ++ } + + t = entrysrc; +- entrysrc = grub_realloc (entrysrc, grub_strlen (entrysrc) +- + grub_strlen (parsed) + 1); ++ entrysrc = grub_realloc (entrysrc, sz); + if (!entrysrc) + { + grub_free (t); ++ ++ fail_1: + grub_free (parsed); + grub_free (suffix); + return grub_errno; +Index: grub2-2.02~beta2/grub-core/commands/wildcard.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/commands/wildcard.c ++++ grub2-2.02~beta2/grub-core/commands/wildcard.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + #include + +@@ -48,6 +49,7 @@ merge (char **dest, char **ps) + int i; + int j; + char **p; ++ grub_size_t sz; + + if (! dest) + return ps; +@@ -60,7 +62,12 @@ merge (char **dest, char **ps) + for (j = 0; ps[j]; j++) + ; + +- p = grub_realloc (dest, sizeof (char*) * (i + j + 1)); ++ if (grub_add (i, j, &sz) || ++ grub_add (sz, 1, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return dest; ++ ++ p = grub_realloc (dest, sz); + if (! p) + { + grub_free (dest); +@@ -115,8 +122,15 @@ make_regex (const char *start, const cha + char ch; + int i = 0; + unsigned len = end - start; +- char *buffer = grub_malloc (len * 2 + 2 + 1); /* worst case size. */ ++ char *buffer; ++ grub_size_t sz; + ++ /* Worst case size is (len * 2 + 2 + 1). */ ++ if (grub_mul (len, 2, &sz) || ++ grub_add (sz, 3, &sz)) ++ return 1; ++ ++ buffer = grub_malloc (sz); + if (! buffer) + return 1; + +@@ -226,6 +240,7 @@ match_devices_iter (const char *name, vo + struct match_devices_ctx *ctx = data; + char **t; + char *buffer; ++ grub_size_t sz; + + /* skip partitions if asked to. */ + if (ctx->noparts && grub_strchr (name, ',')) +@@ -239,11 +254,16 @@ match_devices_iter (const char *name, vo + if (regexec (ctx->regexp, buffer, 0, 0, 0)) + { + grub_dprintf ("expand", "not matched\n"); ++ fail: + grub_free (buffer); + return 0; + } + +- t = grub_realloc (ctx->devs, sizeof (char*) * (ctx->ndev + 2)); ++ if (grub_add (ctx->ndev, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ goto fail; ++ ++ t = grub_realloc (ctx->devs, sz); + if (! t) + return 1; + +@@ -296,6 +316,7 @@ match_files_iter (const char *name, cons + struct match_files_ctx *ctx = data; + char **t; + char *buffer; ++ grub_size_t sz; + + /* skip . and .. names */ + if (grub_strcmp(".", name) == 0 || grub_strcmp("..", name) == 0) +@@ -311,9 +332,14 @@ match_files_iter (const char *name, cons + if (! buffer) + return 1; + +- t = grub_realloc (ctx->files, sizeof (char*) * (ctx->nfile + 2)); +- if (! t) ++ if (grub_add (ctx->nfile, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ goto fail; ++ ++ t = grub_realloc (ctx->files, sz); ++ if (!t) + { ++ fail: + grub_free (buffer); + return 1; + } +Index: grub2-2.02~beta2/grub-core/disk/ldm.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/disk/ldm.c ++++ grub2-2.02~beta2/grub-core/disk/ldm.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + #ifdef GRUB_UTIL + #include +@@ -289,6 +290,7 @@ make_vg (grub_disk_t disk, + struct grub_ldm_vblk vblk[GRUB_DISK_SECTOR_SIZE + / sizeof (struct grub_ldm_vblk)]; + unsigned i; ++ grub_size_t sz; + err = grub_disk_read (disk, cursec, 0, + sizeof(vblk), &vblk); + if (err) +@@ -350,7 +352,13 @@ make_vg (grub_disk_t disk, + grub_free (lv); + goto fail2; + } +- lv->name = grub_malloc (*ptr + 1); ++ if (grub_add (*ptr, 1, &sz)) ++ { ++ grub_free (lv->internal_id); ++ grub_free (lv); ++ goto fail2; ++ } ++ lv->name = grub_malloc (sz); + if (!lv->name) + { + grub_free (lv->internal_id); +@@ -599,10 +607,13 @@ make_vg (grub_disk_t disk, + if (lv->segments->node_alloc == lv->segments->node_count) + { + void *t; +- lv->segments->node_alloc *= 2; +- t = grub_realloc (lv->segments->nodes, +- sizeof (*lv->segments->nodes) +- * lv->segments->node_alloc); ++ grub_size_t sz; ++ ++ if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) || ++ grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz)) ++ goto fail2; ++ ++ t = grub_realloc (lv->segments->nodes, sz); + if (!t) + goto fail2; + lv->segments->nodes = t; +@@ -723,10 +734,13 @@ make_vg (grub_disk_t disk, + if (comp->segment_alloc == comp->segment_count) + { + void *t; +- comp->segment_alloc *= 2; +- t = grub_realloc (comp->segments, +- comp->segment_alloc +- * sizeof (*comp->segments)); ++ grub_size_t sz; ++ ++ if (grub_mul (comp->segment_alloc, 2, &comp->segment_alloc) || ++ grub_mul (comp->segment_alloc, sizeof (*comp->segments), &sz)) ++ goto fail2; ++ ++ t = grub_realloc (comp->segments, sz); + if (!t) + goto fail2; + comp->segments = t; +Index: grub2-2.02~beta2/grub-core/font/font.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/font/font.c ++++ grub2-2.02~beta2/grub-core/font/font.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -360,9 +361,13 @@ static char * + read_section_as_string (struct font_file_section *section) + { + char *str; ++ grub_size_t sz; + grub_ssize_t ret; + +- str = grub_malloc (section->length + 1); ++ if (grub_add (section->length, 1, &sz)) ++ return NULL; ++ ++ str = grub_malloc (sz); + if (!str) + return 0; + +Index: grub2-2.02~beta2/grub-core/fs/btrfs.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/btrfs.c ++++ grub2-2.02~beta2/grub-core/fs/btrfs.c +@@ -29,6 +29,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -292,9 +293,13 @@ save_ref (struct grub_btrfs_leaf_descrip + if (desc->allocated < desc->depth) + { + void *newdata; +- desc->allocated *= 2; +- newdata = grub_realloc (desc->data, sizeof (desc->data[0]) +- * desc->allocated); ++ grub_size_t sz; ++ ++ if (grub_mul (desc->allocated, 2, &desc->allocated) || ++ grub_mul (desc->allocated, sizeof (desc->data[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ newdata = grub_realloc (desc->data, sz); + if (!newdata) + return grub_errno; + desc->data = newdata; +@@ -589,15 +594,20 @@ find_device (struct grub_btrfs_data *dat + if (data->n_devices_attached > data->n_devices_allocated) + { + void *tmp; +- data->n_devices_allocated = 2 * data->n_devices_attached + 1; +- data->devices_attached +- = grub_realloc (tmp = data->devices_attached, +- data->n_devices_allocated +- * sizeof (data->devices_attached[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || ++ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || ++ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) ++ goto fail; ++ ++ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); + if (!data->devices_attached) + { +- grub_device_close (ctx.dev_found); + data->devices_attached = tmp; ++ ++fail: ++ grub_device_close (ctx.dev_found); + return NULL; + } + } +Index: grub2-2.02~beta2/grub-core/fs/ext2.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/ext2.c ++++ grub2-2.02~beta2/grub-core/fs/ext2.c +@@ -46,6 +46,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -684,6 +685,7 @@ grub_ext2_read_symlink (grub_fshelp_node + { + char *symlink; + struct grub_fshelp_node *diro = node; ++ grub_size_t sz; + + if (! diro->inode_read) + { +@@ -692,7 +694,13 @@ grub_ext2_read_symlink (grub_fshelp_node + return 0; + } + +- symlink = grub_malloc (grub_le_to_cpu32 (diro->inode.size) + 1); ++ if (grub_add (grub_le_to_cpu32 (diro->inode.size), 1, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ symlink = grub_malloc (sz); + if (! symlink) + return 0; + +Index: grub2-2.02~beta2/grub-core/fs/iso9660.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/iso9660.c ++++ grub2-2.02~beta2/grub-core/fs/iso9660.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -531,8 +532,13 @@ add_part (struct iterate_dir_ctx *ctx, + int len2) + { + int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; ++ grub_size_t sz; + +- ctx->symlink = grub_realloc (ctx->symlink, size + len2 + 1); ++ if (grub_add (size, len2, &sz) || ++ grub_add (sz, 1, &sz)) ++ return; ++ ++ ctx->symlink = grub_realloc (ctx->symlink, sz); + if (! ctx->symlink) + return; + +@@ -560,17 +566,24 @@ susp_iterate_dir (struct grub_iso9660_su + { + grub_size_t off = 0, csize = 1; + char *old; ++ grub_size_t sz; ++ + csize = entry->len - 5; + old = ctx->filename; + if (ctx->filename_alloc) + { + off = grub_strlen (ctx->filename); +- ctx->filename = grub_realloc (ctx->filename, csize + off + 1); ++ if (grub_add (csize, off, &sz) || ++ grub_add (sz, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ctx->filename = grub_realloc (ctx->filename, sz); + } + else + { + off = 0; +- ctx->filename = grub_zalloc (csize + 1); ++ if (grub_add (csize, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ctx->filename = grub_zalloc (sz); + } + if (!ctx->filename) + { +@@ -780,14 +793,18 @@ grub_iso9660_iterate_dir (grub_fshelp_no + if (node->have_dirents >= node->alloc_dirents) + { + struct grub_fshelp_node *new_node; +- node->alloc_dirents *= 2; +- new_node = grub_realloc (node, +- sizeof (struct grub_fshelp_node) +- + ((node->alloc_dirents +- - ARRAY_SIZE (node->dirents)) +- * sizeof (node->dirents[0]))); ++ grub_size_t sz; ++ ++ if (grub_mul (node->alloc_dirents, 2, &node->alloc_dirents) || ++ grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || ++ grub_mul (sz, sizeof (node->dirents[0]), &sz) || ++ grub_add (sz, sizeof (struct grub_fshelp_node), &sz)) ++ goto fail_0; ++ ++ new_node = grub_realloc (node, sz); + if (!new_node) + { ++ fail_0: + if (ctx.filename_alloc) + grub_free (ctx.filename); + grub_free (node); +@@ -803,14 +820,18 @@ grub_iso9660_iterate_dir (grub_fshelp_no + * sizeof (node->dirents[0]) < grub_strlen (ctx.symlink) + 1) + { + struct grub_fshelp_node *new_node; +- new_node = grub_realloc (node, +- sizeof (struct grub_fshelp_node) +- + ((node->alloc_dirents +- - ARRAY_SIZE (node->dirents)) +- * sizeof (node->dirents[0])) +- + grub_strlen (ctx.symlink) + 1); ++ grub_size_t sz; ++ ++ if (grub_sub (node->alloc_dirents, ARRAY_SIZE (node->dirents), &sz) || ++ grub_mul (sz, sizeof (node->dirents[0]), &sz) || ++ grub_add (sz, sizeof (struct grub_fshelp_node) + 1, &sz) || ++ grub_add (sz, grub_strlen (ctx.symlink), &sz)) ++ goto fail_1; ++ ++ new_node = grub_realloc (node, sz); + if (!new_node) + { ++ fail_1: + if (ctx.filename_alloc) + grub_free (ctx.filename); + grub_free (node); +Index: grub2-2.02~beta2/grub-core/fs/sfs.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/sfs.c ++++ grub2-2.02~beta2/grub-core/fs/sfs.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -302,10 +303,15 @@ grub_sfs_read_block (grub_fshelp_node_t + if (node->cache && node->cache_size >= node->cache_allocated) + { + struct cache_entry *e = node->cache; +- e = grub_realloc (node->cache,node->cache_allocated * 2 +- * sizeof (e[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (node->cache_allocated, 2 * sizeof (e[0]), &sz)) ++ goto fail; ++ ++ e = grub_realloc (node->cache, sz); + if (!e) + { ++ fail: + grub_errno = 0; + grub_free (node->cache); + node->cache = 0; +@@ -472,10 +478,16 @@ grub_sfs_create_node (struct grub_fshelp + grub_size_t len = grub_strlen (name); + grub_uint8_t *name_u8; + int ret; ++ grub_size_t sz; ++ ++ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || ++ grub_add (sz, 1, &sz)) ++ return 1; ++ + *node = grub_malloc (sizeof (**node)); + if (!*node) + return 1; +- name_u8 = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ name_u8 = grub_malloc (sz); + if (!name_u8) + { + grub_free (*node); +@@ -719,8 +731,13 @@ grub_sfs_label (grub_device_t device, ch + data = grub_sfs_mount (disk); + if (data) + { +- grub_size_t len = grub_strlen (data->label); +- *label = grub_malloc (len * GRUB_MAX_UTF8_PER_LATIN1 + 1); ++ grub_size_t sz, len = grub_strlen (data->label); ++ ++ if (grub_mul (len, GRUB_MAX_UTF8_PER_LATIN1, &sz) || ++ grub_add (sz, 1, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ *label = grub_malloc (sz); + if (*label) + *grub_latin1_to_utf8 ((grub_uint8_t *) *label, + (const grub_uint8_t *) data->label, +Index: grub2-2.02~beta2/grub-core/fs/squash4.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/squash4.c ++++ grub2-2.02~beta2/grub-core/fs/squash4.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + #include + + #include "xz.h" +@@ -459,7 +460,17 @@ grub_squash_read_symlink (grub_fshelp_no + { + char *ret; + grub_err_t err; +- ret = grub_malloc (grub_le_to_cpu32 (node->ino.symlink.namelen) + 1); ++ grub_size_t sz; ++ ++ if (grub_add (grub_le_to_cpu32 (node->ino.symlink.namelen), 1, &sz)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return NULL; ++ } ++ ++ ret = grub_malloc (sz); ++ if (!ret) ++ return NULL; + + err = read_chunk (node->data, ret, + grub_le_to_cpu32 (node->ino.symlink.namelen), +@@ -506,11 +517,16 @@ grub_squash_iterate_dir (grub_fshelp_nod + + { + grub_fshelp_node_t node; +- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (!node) + return 0; +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz); + if (hook (".", GRUB_FSHELP_DIR, node, hook_data)) + return 1; + +@@ -518,12 +534,15 @@ grub_squash_iterate_dir (grub_fshelp_nod + { + grub_err_t err; + +- node = grub_malloc (sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ if (grub_mul (dir->stsize, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (!node) + return 0; + +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz); + + node->stsize--; + err = read_chunk (dir->data, &node->ino, sizeof (node->ino), +@@ -557,6 +576,7 @@ grub_squash_iterate_dir (grub_fshelp_nod + enum grub_fshelp_filetype filetype = GRUB_FSHELP_REG; + struct grub_squash_dirent di; + struct grub_squash_inode ino; ++ grub_size_t sz; + + err = read_chunk (dir->data, &di, sizeof (di), + grub_le_to_cpu64 (dir->data->sb.diroffset) +@@ -589,13 +609,16 @@ grub_squash_iterate_dir (grub_fshelp_nod + if (grub_le_to_cpu16 (di.type) == SQUASH_TYPE_SYMLINK) + filetype = GRUB_FSHELP_SYMLINK; + +- node = grub_malloc (sizeof (*node) +- + (dir->stsize + 1) * sizeof (dir->stack[0])); ++ if (grub_add (dir->stsize, 1, &sz) || ++ grub_mul (sz, sizeof (dir->stack[0]), &sz) || ++ grub_add (sz, sizeof (*node), &sz)) ++ return 0; ++ ++ node = grub_malloc (sz); + if (! node) + return 0; + +- grub_memcpy (node, dir, +- sizeof (*node) + dir->stsize * sizeof (dir->stack[0])); ++ grub_memcpy (node, dir, sz - sizeof(dir->stack[0])); + + node->ino = ino; + node->stack[node->stsize].ino_chunk = grub_le_to_cpu32 (dh.ino_chunk); +Index: grub2-2.02~beta2/grub-core/fs/udf.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/udf.c ++++ grub2-2.02~beta2/grub-core/fs/udf.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -853,9 +854,19 @@ read_string (const grub_uint8_t *raw, gr + utf16[i] = (raw[2 * i + 1] << 8) | raw[2*i + 2]; + } + if (!outbuf) +- outbuf = grub_malloc (utf16len * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ { ++ grub_size_t size; ++ ++ if (grub_mul (utf16len, GRUB_MAX_UTF8_PER_UTF16, &size) || ++ grub_add (size, 1, &size)) ++ goto fail; ++ ++ outbuf = grub_malloc (size); ++ } + if (outbuf) + *grub_utf16_to_utf8 ((grub_uint8_t *) outbuf, utf16, utf16len) = '\0'; ++ ++ fail: + grub_free (utf16); + return outbuf; + } +@@ -949,7 +960,7 @@ grub_udf_read_symlink (grub_fshelp_node_ + grub_size_t sz = U64 (node->block.fe.file_size); + grub_uint8_t *raw; + const grub_uint8_t *ptr; +- char *out, *optr; ++ char *out = NULL, *optr; + + if (sz < 4) + return NULL; +@@ -957,14 +968,16 @@ grub_udf_read_symlink (grub_fshelp_node_ + if (!raw) + return NULL; + if (grub_udf_read_file (node, NULL, NULL, 0, sz, (char *) raw) < 0) +- { +- grub_free (raw); +- return NULL; +- } ++ goto fail_1; + +- out = grub_malloc (sz * 2 + 1); ++ if (grub_mul (sz, 2, &sz) || ++ grub_add (sz, 1, &sz)) ++ goto fail_0; ++ ++ out = grub_malloc (sz); + if (!out) + { ++ fail_0: + grub_free (raw); + return NULL; + } +@@ -975,17 +988,17 @@ grub_udf_read_symlink (grub_fshelp_node_ + { + grub_size_t s; + if ((grub_size_t) (ptr - raw + 4) > sz) +- goto fail; ++ goto fail_1; + if (!(ptr[2] == 0 && ptr[3] == 0)) +- goto fail; ++ goto fail_1; + s = 4 + ptr[1]; + if ((grub_size_t) (ptr - raw + s) > sz) +- goto fail; ++ goto fail_1; + switch (*ptr) + { + case 1: + if (ptr[1]) +- goto fail; ++ goto fail_1; + case 2: + /* in 4 bytes. out: 1 byte. */ + optr = out; +@@ -1009,11 +1022,11 @@ grub_udf_read_symlink (grub_fshelp_node_ + if (optr != out) + *optr++ = '/'; + if (!read_string (ptr + 4, s - 4, optr)) +- goto fail; ++ goto fail_1; + optr += grub_strlen (optr); + break; + default: +- goto fail; ++ goto fail_1; + } + ptr += s; + } +@@ -1021,7 +1034,7 @@ grub_udf_read_symlink (grub_fshelp_node_ + grub_free (raw); + return out; + +- fail: ++ fail_1: + grub_free (raw); + grub_free (out); + grub_error (GRUB_ERR_BAD_FS, "invalid symlink"); +Index: grub2-2.02~beta2/grub-core/fs/xfs.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/xfs.c ++++ grub2-2.02~beta2/grub-core/fs/xfs.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -879,6 +880,7 @@ static struct grub_xfs_data * + grub_xfs_mount (grub_disk_t disk) + { + struct grub_xfs_data *data = 0; ++ grub_size_t sz; + + data = grub_zalloc (sizeof (struct grub_xfs_data)); + if (!data) +@@ -893,10 +895,11 @@ grub_xfs_mount (grub_disk_t disk) + if (!grub_xfs_sb_valid(data)) + goto fail; + +- data = grub_realloc (data, +- sizeof (struct grub_xfs_data) +- - sizeof (struct grub_xfs_inode) +- + grub_xfs_inode_size(data) + 1); ++ if (grub_add (grub_xfs_inode_size (data), ++ sizeof (struct grub_xfs_data) - sizeof (struct grub_xfs_inode) + 1, &sz)) ++ goto fail; ++ ++ data = grub_realloc (data, sz); + + if (! data) + goto fail; +Index: grub2-2.02~beta2/grub-core/fs/zfs/zfs.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/zfs/zfs.c ++++ grub2-2.02~beta2/grub-core/fs/zfs/zfs.c +@@ -55,6 +55,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -773,11 +774,14 @@ fill_vdev_info (struct grub_zfs_data *da + if (data->n_devices_attached > data->n_devices_allocated) + { + void *tmp; +- data->n_devices_allocated = 2 * data->n_devices_attached + 1; +- data->devices_attached +- = grub_realloc (tmp = data->devices_attached, +- data->n_devices_allocated +- * sizeof (data->devices_attached[0])); ++ grub_size_t sz; ++ ++ if (grub_mul (data->n_devices_attached, 2, &data->n_devices_allocated) || ++ grub_add (data->n_devices_allocated, 1, &data->n_devices_allocated) || ++ grub_mul (data->n_devices_allocated, sizeof (data->devices_attached[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ data->devices_attached = grub_realloc (tmp = data->devices_attached, sz); + if (!data->devices_attached) + { + data->devices_attached = tmp; +@@ -3457,14 +3461,18 @@ grub_zfs_nvlist_lookup_nvlist (const cha + { + char *nvpair; + char *ret; +- grub_size_t size; ++ grub_size_t size, sz; + int found; + + found = nvlist_find_value (nvlist, name, DATA_TYPE_NVLIST, &nvpair, + &size, 0); + if (!found) + return 0; +- ret = grub_zalloc (size + 3 * sizeof (grub_uint32_t)); ++ ++ if (grub_add (size, 3 * sizeof (grub_uint32_t), &sz)) ++ return 0; ++ ++ ret = grub_zalloc (sz); + if (!ret) + return 0; + grub_memcpy (ret, nvlist, sizeof (grub_uint32_t)); +Index: grub2-2.02~beta2/grub-core/fs/zfs/zfscrypt.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/zfs/zfscrypt.c ++++ grub2-2.02~beta2/grub-core/fs/zfs/zfscrypt.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -82,9 +83,13 @@ grub_zfs_add_key (grub_uint8_t *key_in, + int passphrase) + { + struct grub_zfs_wrap_key *key; ++ grub_size_t sz; ++ + if (!passphrase && keylen > 32) + keylen = 32; +- key = grub_malloc (sizeof (*key) + keylen); ++ if (grub_add (sizeof (*key), keylen, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ key = grub_malloc (sz); + if (!key) + return grub_errno; + key->is_passphrase = passphrase; +Index: grub2-2.02~beta2/grub-core/lib/arg.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/lib/arg.c ++++ grub2-2.02~beta2/grub-core/lib/arg.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + /* Built-in parser for default options. */ + static const struct grub_arg_option help_options[] = +@@ -216,7 +217,13 @@ static inline grub_err_t + add_arg (char ***argl, int *num, char *s) + { + char **p = *argl; +- *argl = grub_realloc (*argl, (++(*num) + 1) * sizeof (char *)); ++ grub_size_t sz; ++ ++ if (grub_add (++(*num), 1, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ ++ *argl = grub_realloc (*argl, sz); + if (! *argl) + { + grub_free (p); +@@ -431,6 +438,7 @@ grub_arg_list_alloc(grub_extcmd_t extcmd + grub_size_t argcnt; + struct grub_arg_list *list; + const struct grub_arg_option *options; ++ grub_size_t sz0, sz1; + + options = extcmd->options; + if (! options) +@@ -443,7 +451,15 @@ grub_arg_list_alloc(grub_extcmd_t extcmd + argcnt += ((grub_size_t) argc + 1) / 2 + 1; /* max possible for any option */ + } + +- list = grub_zalloc (sizeof (*list) * i + sizeof (char*) * argcnt); ++ if (grub_mul (sizeof (*list), i, &sz0) || ++ grub_mul (sizeof (char *), argcnt, &sz1) || ++ grub_add (sz0, sz1, &sz0)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ return 0; ++ } ++ ++ list = grub_zalloc (sz0); + if (! list) + return 0; + +Index: grub2-2.02~beta2/grub-core/loader/i386/bsd.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/i386/bsd.c ++++ grub2-2.02~beta2/grub-core/loader/i386/bsd.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + #ifdef GRUB_MACHINE_PCBIOS + #include + #endif +@@ -1006,11 +1007,16 @@ grub_netbsd_add_modules (void) + struct grub_netbsd_btinfo_modules *mods; + unsigned i; + grub_err_t err; ++ grub_size_t sz; + + for (mod = netbsd_mods; mod; mod = mod->next) + modcnt++; + +- mods = grub_malloc (sizeof (*mods) + sizeof (mods->mods[0]) * modcnt); ++ if (grub_mul (modcnt, sizeof (mods->mods[0]), &sz) || ++ grub_add (sz, sizeof (*mods), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ mods = grub_malloc (sz); + if (!mods) + return grub_errno; + +Index: grub2-2.02~beta2/grub-core/net/dns.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/net/dns.c ++++ grub2-2.02~beta2/grub-core/net/dns.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + + struct dns_cache_element + { +@@ -51,9 +52,15 @@ grub_net_add_dns_server (const struct gr + { + int na = dns_servers_alloc * 2; + struct grub_net_network_level_address *ns; ++ grub_size_t sz; ++ + if (na < 8) + na = 8; +- ns = grub_realloc (dns_servers, na * sizeof (ns[0])); ++ ++ if (grub_mul (na, sizeof (ns[0]), &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ ns = grub_realloc (dns_servers, sz); + if (!ns) + return grub_errno; + dns_servers_alloc = na; +Index: grub2-2.02~beta2/grub-core/normal/charset.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/normal/charset.c ++++ grub2-2.02~beta2/grub-core/normal/charset.c +@@ -48,6 +48,7 @@ + #include + #include + #include ++#include + + #if HAVE_FONT_SOURCE + #include "widthspec.h" +@@ -464,6 +465,7 @@ grub_unicode_aglomerate_comb (const grub + { + struct grub_unicode_combining *n; + unsigned j; ++ grub_size_t sz; + + if (!haveout) + continue; +@@ -477,10 +479,14 @@ grub_unicode_aglomerate_comb (const grub + n = out->combining_inline; + else if (out->ncomb > (int) ARRAY_SIZE (out->combining_inline)) + { +- n = grub_realloc (out->combining_ptr, +- sizeof (n[0]) * (out->ncomb + 1)); ++ if (grub_add (out->ncomb, 1, &sz) || ++ grub_mul (sz, sizeof (n[0]), &sz)) ++ goto fail; ++ ++ n = grub_realloc (out->combining_ptr, sz); + if (!n) + { ++ fail: + grub_errno = GRUB_ERR_NONE; + continue; + } +Index: grub2-2.02~beta2/grub-core/normal/cmdline.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/normal/cmdline.c ++++ grub2-2.02~beta2/grub-core/normal/cmdline.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + static grub_uint32_t *kill_buf; + +@@ -307,12 +308,21 @@ cl_insert (struct cmdline_term *cl_terms + if (len + (*llen) >= (*max_len)) + { + grub_uint32_t *nbuf; +- (*max_len) *= 2; +- nbuf = grub_realloc ((*buf), sizeof (grub_uint32_t) * (*max_len)); ++ grub_size_t sz; ++ ++ if (grub_mul (*max_len, 2, max_len) || ++ grub_mul (*max_len, sizeof (grub_uint32_t), &sz)) ++ { ++ grub_errno = GRUB_ERR_OUT_OF_RANGE; ++ goto fail; ++ } ++ ++ nbuf = grub_realloc ((*buf), sz); + if (nbuf) + (*buf) = nbuf; + else + { ++ fail: + grub_print_error (); + grub_errno = GRUB_ERR_NONE; + (*max_len) /= 2; +Index: grub2-2.02~beta2/grub-core/normal/menu_entry.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/normal/menu_entry.c ++++ grub2-2.02~beta2/grub-core/normal/menu_entry.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + enum update_mode + { +@@ -113,10 +114,18 @@ ensure_space (struct line *linep, int ex + { + if (linep->max_len < linep->len + extra) + { +- linep->max_len = 2 * (linep->len + extra); +- linep->buf = grub_realloc (linep->buf, (linep->max_len + 1) * sizeof (linep->buf[0])); ++ grub_size_t sz0, sz1; ++ ++ if (grub_add (linep->len, extra, &sz0) || ++ grub_mul (sz0, 2, &sz0) || ++ grub_add (sz0, 1, &sz1) || ++ grub_mul (sz1, sizeof (linep->buf[0]), &sz1)) ++ return 0; ++ ++ linep->buf = grub_realloc (linep->buf, sz1); + if (! linep->buf) + return 0; ++ linep->max_len = sz0; + } + + return 1; +Index: grub2-2.02~beta2/grub-core/script/argv.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/script/argv.c ++++ grub2-2.02~beta2/grub-core/script/argv.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + + /* Return nearest power of two that is >= v. */ + static unsigned +@@ -81,11 +82,16 @@ int + grub_script_argv_next (struct grub_script_argv *argv) + { + char **p = argv->args; ++ grub_size_t sz; + + if (argv->args && argv->argc && argv->args[argv->argc - 1] == 0) + return 0; + +- p = grub_realloc (p, round_up_exp ((argv->argc + 2) * sizeof (char *))); ++ if (grub_add (argv->argc, 2, &sz) || ++ grub_mul (sz, sizeof (char *), &sz)) ++ return 1; ++ ++ p = grub_realloc (p, round_up_exp (sz)); + if (! p) + return 1; + +@@ -105,13 +111,19 @@ grub_script_argv_append (struct grub_scr + { + grub_size_t a; + char *p = argv->args[argv->argc - 1]; ++ grub_size_t sz; + + if (! s) + return 0; + + a = p ? grub_strlen (p) : 0; + +- p = grub_realloc (p, round_up_exp ((a + slen + 1) * sizeof (char))); ++ if (grub_add (a, slen, &sz) || ++ grub_add (sz, 1, &sz) || ++ grub_mul (sz, sizeof (char), &sz)) ++ return 1; ++ ++ p = grub_realloc (p, round_up_exp (sz)); + if (! p) + return 1; + +Index: grub2-2.02~beta2/grub-core/script/lexer.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/script/lexer.c ++++ grub2-2.02~beta2/grub-core/script/lexer.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + + #define yytext_ptr char * + #include "grub_script.tab.h" +@@ -110,10 +111,14 @@ grub_script_lexer_record (struct grub_pa + old = lexer->recording; + if (lexer->recordlen < len) + lexer->recordlen = len; +- lexer->recordlen *= 2; ++ ++ if (grub_mul (lexer->recordlen, 2, &lexer->recordlen)) ++ goto fail; ++ + lexer->recording = grub_realloc (lexer->recording, lexer->recordlen); + if (!lexer->recording) + { ++ fail: + grub_free (old); + lexer->recordpos = 0; + lexer->recordlen = 0; +@@ -130,7 +135,7 @@ int + grub_script_lexer_yywrap (struct grub_parser_param *parserstate, + const char *input) + { +- grub_size_t len = 0; ++ grub_size_t len = 0, sz; + char *p = 0; + char *line = 0; + YY_BUFFER_STATE buffer; +@@ -167,12 +172,22 @@ grub_script_lexer_yywrap (struct grub_pa + } + else if (len && line[len - 1] != '\n') + { +- p = grub_realloc (line, len + 2); ++ if (grub_add (len, 2, &sz)) ++ { ++ grub_free (line); ++ grub_script_yyerror (parserstate, N_("overflow is detected")); ++ return 1; ++ } ++ ++ p = grub_realloc (line, sz); + if (p) + { + p[len++] = '\n'; + p[len] = '\0'; + } ++ else ++ grub_free (line); ++ + line = p; + } + +Index: grub2-2.02~beta2/grub-core/video/bitmap.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/video/bitmap.c ++++ grub2-2.02~beta2/grub-core/video/bitmap.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -58,7 +59,7 @@ grub_video_bitmap_create (struct grub_vi + enum grub_video_blit_format blit_format) + { + struct grub_video_mode_info *mode_info; +- unsigned int size; ++ grub_size_t size; + + if (!bitmap) + return grub_error (GRUB_ERR_BUG, "invalid argument"); +@@ -137,19 +138,25 @@ grub_video_bitmap_create (struct grub_vi + + mode_info->pitch = width * mode_info->bytes_per_pixel; + +- /* Calculate size needed for the data. */ +- size = (width * mode_info->bytes_per_pixel) * height; ++ /* Calculate size needed for the data. */ ++ if (grub_mul (width, mode_info->bytes_per_pixel, &size) || ++ grub_mul (size, height, &size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + + (*bitmap)->data = grub_zalloc (size); + if (! (*bitmap)->data) +- { +- grub_free (*bitmap); +- *bitmap = 0; +- +- return grub_errno; +- } ++ goto fail; + + return GRUB_ERR_NONE; ++ ++ fail: ++ grub_free (*bitmap); ++ *bitmap = NULL; ++ ++ return grub_errno; + } + + /* Frees all resources allocated by bitmap. */ +Index: grub2-2.02~beta2/grub-core/video/readers/png.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/video/readers/png.c ++++ grub2-2.02~beta2/grub-core/video/readers/png.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -301,9 +302,17 @@ grub_png_decode_image_header (struct gru + data->bpp <<= 1; + + data->color_bits = color_bits; +- data->row_bytes = data->image_width * data->bpp; ++ ++ if (grub_mul (data->image_width, data->bpp, &data->row_bytes)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ + if (data->color_bits <= 4) +- data->row_bytes = (data->image_width * data->color_bits + 7) / 8; ++ { ++ if (grub_mul (data->image_width, data->color_bits + 7, &data->row_bytes)) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ ++ data->row_bytes >>= 3; ++ } + + #ifndef GRUB_CPU_WORDS_BIGENDIAN + if (data->is_16bit || data->is_gray || data->is_palette) diff -Nru grub2-2.02~beta2/debian/patches/0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch grub2-2.02~beta2/debian/patches/0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch --- grub2-2.02~beta2/debian/patches/0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,65 @@ +From ae8703a3dd74ec31c8f37135fc32315f926812b2 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sat, 4 Jul 2020 12:25:09 -0400 +Subject: iso9660: Don't leak memory on realloc() failures + +Signed-off-by: Peter Jones +Reviewed-by: Daniel Kiper +--- + grub-core/fs/iso9660.c | 24 ++++++++++++++++++++---- + 1 file changed, 20 insertions(+), 4 deletions(-) + +diff --git a/grub-core/fs/iso9660.c b/grub-core/fs/iso9660.c +index 7ba5b300b..5ec4433b8 100644 +--- a/grub-core/fs/iso9660.c ++++ b/grub-core/fs/iso9660.c +@@ -533,14 +533,20 @@ add_part (struct iterate_dir_ctx *ctx, + { + int size = ctx->symlink ? grub_strlen (ctx->symlink) : 0; + grub_size_t sz; ++ char *new; + + if (grub_add (size, len2, &sz) || + grub_add (sz, 1, &sz)) + return; + +- ctx->symlink = grub_realloc (ctx->symlink, sz); +- if (! ctx->symlink) +- return; ++ new = grub_realloc (ctx->symlink, sz); ++ if (!new) ++ { ++ grub_free (ctx->symlink); ++ ctx->symlink = NULL; ++ return; ++ } ++ ctx->symlink = new; + + grub_memcpy (ctx->symlink + size, part, len2); + ctx->symlink[size + len2] = 0; +@@ -634,7 +640,12 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + is the length. Both are part of the `Component + Record'. */ + if (ctx->symlink && !ctx->was_continue) +- add_part (ctx, "/", 1); ++ { ++ add_part (ctx, "/", 1); ++ if (grub_errno) ++ return grub_errno; ++ } ++ + add_part (ctx, (char *) &entry->data[pos + 2], + entry->data[pos + 1]); + ctx->was_continue = (entry->data[pos] & 1); +@@ -653,6 +664,11 @@ susp_iterate_dir (struct grub_iso9660_susp_entry *entry, + add_part (ctx, "/", 1); + break; + } ++ ++ /* Check if grub_realloc() failed in add_part(). */ ++ if (grub_errno) ++ return grub_errno; ++ + /* In pos + 1 the length of the `Component Record' is + stored. */ + pos += entry->data[pos + 1] + 2; diff -Nru grub2-2.02~beta2/debian/patches/0088-font-Do-not-load-more-than-one-NAME-section.patch grub2-2.02~beta2/debian/patches/0088-font-Do-not-load-more-than-one-NAME-section.patch --- grub2-2.02~beta2/debian/patches/0088-font-Do-not-load-more-than-one-NAME-section.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0088-font-Do-not-load-more-than-one-NAME-section.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,34 @@ +From aa83281cfdc2b7a508b8fa21018a3b31e6f0440d Mon Sep 17 00:00:00 2001 +From: Daniel Kiper +Date: Tue, 7 Jul 2020 15:36:26 +0200 +Subject: font: Do not load more than one NAME section + +The GRUB font file can have one NAME section only. Though if somebody +crafts a broken font file with many NAME sections and loads it then the +GRUB leaks memory. So, prevent against that by loading first NAME +section and failing in controlled way on following one. + +Reported-by: Chris Coulson +Signed-off-by: Daniel Kiper +Reviewed-by: Jan Setje-Eilers +--- + grub-core/font/font.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/grub-core/font/font.c b/grub-core/font/font.c +index 5edb477ac..d09bb38d8 100644 +--- a/grub-core/font/font.c ++++ b/grub-core/font/font.c +@@ -532,6 +532,12 @@ grub_font_load (const char *filename) + if (grub_memcmp (section.name, FONT_FORMAT_SECTION_NAMES_FONT_NAME, + sizeof (FONT_FORMAT_SECTION_NAMES_FONT_NAME) - 1) == 0) + { ++ if (font->name != NULL) ++ { ++ grub_error (GRUB_ERR_BAD_FONT, "invalid font file: too many NAME sections"); ++ goto fail; ++ } ++ + font->name = read_section_as_string (§ion); + if (!font->name) + goto fail; diff -Nru grub2-2.02~beta2/debian/patches/0089-gfxmenu-Fix-double-free-in-load_image.patch grub2-2.02~beta2/debian/patches/0089-gfxmenu-Fix-double-free-in-load_image.patch --- grub2-2.02~beta2/debian/patches/0089-gfxmenu-Fix-double-free-in-load_image.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0089-gfxmenu-Fix-double-free-in-load_image.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,32 @@ +From 72c7f2afab0e9ea5d17b35ea4ff74221e1bcfbfc Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Wed, 8 Jul 2020 20:41:56 +0000 +Subject: gfxmenu: Fix double free in load_image() + +self->bitmap should be zeroed after free. Otherwise, there is a chance +to double free (USE_AFTER_FREE) it later in rescale_image(). + +Fixes: CID 292472 + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/gfxmenu/gui_image.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/grub-core/gfxmenu/gui_image.c b/grub-core/gfxmenu/gui_image.c +index 29784ed2d..6b2e976f1 100644 +--- a/grub-core/gfxmenu/gui_image.c ++++ b/grub-core/gfxmenu/gui_image.c +@@ -195,7 +195,10 @@ load_image (grub_gui_image_t self, const char *path) + return grub_errno; + + if (self->bitmap && (self->bitmap != self->raw_bitmap)) +- grub_video_bitmap_destroy (self->bitmap); ++ { ++ grub_video_bitmap_destroy (self->bitmap); ++ self->bitmap = 0; ++ } + if (self->raw_bitmap) + grub_video_bitmap_destroy (self->raw_bitmap); + diff -Nru grub2-2.02~beta2/debian/patches/0090-lzma-Make-sure-we-don-t-dereference-past-array.patch grub2-2.02~beta2/debian/patches/0090-lzma-Make-sure-we-don-t-dereference-past-array.patch --- grub2-2.02~beta2/debian/patches/0090-lzma-Make-sure-we-don-t-dereference-past-array.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0090-lzma-Make-sure-we-don-t-dereference-past-array.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,48 @@ +From c8aef3a92c63add6c4c4b65bbf17c2121d97a688 Mon Sep 17 00:00:00 2001 +From: Konrad Rzeszutek Wilk +Date: Thu, 9 Jul 2020 03:05:23 +0000 +Subject: lzma: Make sure we don't dereference past array + +The two dimensional array p->posSlotEncoder[4][64] is being dereferenced +using the GetLenToPosState() macro which checks if len is less than 5, +and if so subtracts 2 from it. If len = 0, that is 0 - 2 = 4294967294. +Obviously we don't want to dereference that far out so we check if the +position found is greater or equal kNumLenToPosStates (4) and bail out. + +N.B.: Upstream LZMA 18.05 and later has this function completely rewritten +without any history. + +Fixes: CID 51526 + +Signed-off-by: Konrad Rzeszutek Wilk +Reviewed-by: Daniel Kiper +--- + grub-core/lib/LzmaEnc.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/LzmaEnc.c b/grub-core/lib/LzmaEnc.c +index f2ec04a8c..753e56a95 100644 +--- a/grub-core/lib/LzmaEnc.c ++++ b/grub-core/lib/LzmaEnc.c +@@ -1877,13 +1877,19 @@ static SRes LzmaEnc_CodeOneBlock(CLzmaEnc *p, Bool useLimits, UInt32 maxPackSize + } + else + { +- UInt32 posSlot; ++ UInt32 posSlot, lenToPosState; + RangeEnc_EncodeBit(&p->rc, &p->isRep[p->state], 0); + p->state = kMatchNextStates[p->state]; + LenEnc_Encode2(&p->lenEnc, &p->rc, len - LZMA_MATCH_LEN_MIN, posState, !p->fastMode, p->ProbPrices); + pos -= LZMA_NUM_REPS; + GetPosSlot(pos, posSlot); +- RcTree_Encode(&p->rc, p->posSlotEncoder[GetLenToPosState(len)], kNumPosSlotBits, posSlot); ++ lenToPosState = GetLenToPosState(len); ++ if (lenToPosState >= kNumLenToPosStates) ++ { ++ p->result = SZ_ERROR_DATA; ++ return CheckErrors(p); ++ } ++ RcTree_Encode(&p->rc, p->posSlotEncoder[lenToPosState], kNumPosSlotBits, posSlot); + + if (posSlot >= kStartPosModelIndex) + { diff -Nru grub2-2.02~beta2/debian/patches/0091-tftp-Do-not-use-priority-queue.patch grub2-2.02~beta2/debian/patches/0091-tftp-Do-not-use-priority-queue.patch --- grub2-2.02~beta2/debian/patches/0091-tftp-Do-not-use-priority-queue.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0091-tftp-Do-not-use-priority-queue.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,280 @@ +From 80e584d2d9a255c7626bac198fb7e335a63a1f51 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Thu, 9 Jul 2020 08:10:40 +0000 +Subject: tftp: Do not use priority queue + +There is not need to reassemble the order of blocks. Per RFC 1350, +server must wait for the ACK, before sending next block. Data packets +can be served immediately without putting them to priority queue. + +Logic to handle incoming packet is this: + - if packet block id equal to expected block id, then + process the packet, + - if packet block id is less than expected - this is retransmit + of old packet, then ACK it and drop the packet, + - if packet block id is more than expected - that shouldn't + happen, just drop the packet. + +It makes the tftp receive path code simpler, smaller and faster. +As a benefit, this change fixes CID# 73624 and CID# 96690, caused +by following while loop: + + while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0) + +where tftph pointer is not moving from one iteration to another, causing +to serve same packet again. Luckily, double serving didn't happen due to +data->block++ during the first iteration. + +Fixes: CID 73624, CID 96690 + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/net/tftp.c | 171 ++++++++++++++----------------------------- + 1 file changed, 53 insertions(+), 118 deletions(-) + +Index: grub2-2.02~beta2/grub-core/net/tftp.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/net/tftp.c ++++ grub2-2.02~beta2/grub-core/net/tftp.c +@@ -25,7 +25,6 @@ + #include + #include + #include +-#include + #include + + GRUB_MOD_LICENSE ("GPLv3+"); +@@ -106,31 +105,8 @@ typedef struct tftp_data + int have_oack; + struct grub_error_saved save_err; + grub_net_udp_socket_t sock; +- grub_priority_queue_t pq; + } *tftp_data_t; + +-static int +-cmp_block (grub_uint16_t a, grub_uint16_t b) +-{ +- grub_int16_t i = (grub_int16_t) (a - b); +- if (i > 0) +- return +1; +- if (i < 0) +- return -1; +- return 0; +-} +- +-static int +-cmp (const void *a__, const void *b__) +-{ +- struct grub_net_buff *a_ = *(struct grub_net_buff **) a__; +- struct grub_net_buff *b_ = *(struct grub_net_buff **) b__; +- struct tftphdr *a = (struct tftphdr *) a_->data; +- struct tftphdr *b = (struct tftphdr *) b_->data; +- /* We want the first elements to be on top. */ +- return -cmp_block (grub_be_to_cpu16 (a->u.data.block), grub_be_to_cpu16 (b->u.data.block)); +-} +- + static grub_err_t + ack (tftp_data_t data, grub_uint64_t block) + { +@@ -207,73 +183,60 @@ tftp_receive (grub_net_udp_socket_t sock + return GRUB_ERR_NONE; + } + +- err = grub_priority_queue_push (data->pq, &nb); +- if (err) +- return err; +- +- { +- struct grub_net_buff **nb_top_p, *nb_top; +- while (1) +- { +- nb_top_p = grub_priority_queue_top (data->pq); +- if (!nb_top_p) +- return GRUB_ERR_NONE; +- nb_top = *nb_top_p; +- tftph = (struct tftphdr *) nb_top->data; +- if (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) >= 0) +- break; +- ack (data, grub_be_to_cpu16 (tftph->u.data.block)); +- grub_netbuff_free (nb_top); +- grub_priority_queue_pop (data->pq); +- } +- while (cmp_block (grub_be_to_cpu16 (tftph->u.data.block), data->block + 1) == 0) +- { +- unsigned size; +- +- grub_priority_queue_pop (data->pq); ++ /* Ack old/retransmitted block. */ ++ if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1) ++ ack (data, grub_be_to_cpu16 (tftph->u.data.block)); ++ /* Ignore unexpected block. */ ++ else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1) ++ grub_dprintf ("tftp", "TFTP unexpected block # %d\n", tftph->u.data.block); ++ else ++ { ++ unsigned size; + +- if (file->device->net->packs.count < 50) ++ if (file->device->net->packs.count < 50) ++ { + err = ack (data, data->block + 1); +- else +- { +- file->device->net->stall = 1; +- err = 0; +- } +- if (err) +- return err; +- +- err = grub_netbuff_pull (nb_top, sizeof (tftph->opcode) + +- sizeof (tftph->u.data.block)); +- if (err) +- return err; +- size = nb_top->tail - nb_top->data; +- +- data->block++; +- if (size < data->block_size) +- { +- if (data->ack_sent < data->block) +- ack (data, data->block); +- file->device->net->eof = 1; +- file->device->net->stall = 1; +- grub_net_udp_close (data->sock); +- data->sock = NULL; +- } +- /* Prevent garbage in broken cards. Is it still necessary +- given that IP implementation has been fixed? +- */ +- if (size > data->block_size) +- { +- err = grub_netbuff_unput (nb_top, size - data->block_size); +- if (err) +- return err; +- } +- /* If there is data, puts packet in socket list. */ +- if ((nb_top->tail - nb_top->data) > 0) +- grub_net_put_packet (&file->device->net->packs, nb_top); +- else +- grub_netbuff_free (nb_top); +- } +- } ++ if (err) ++ return err; ++ } ++ else ++ file->device->net->stall = 1; ++ ++ err = grub_netbuff_pull (nb, sizeof (tftph->opcode) + ++ sizeof (tftph->u.data.block)); ++ if (err) ++ return err; ++ size = nb->tail - nb->data; ++ ++ data->block++; ++ if (size < data->block_size) ++ { ++ if (data->ack_sent < data->block) ++ ack (data, data->block); ++ file->device->net->eof = 1; ++ file->device->net->stall = 1; ++ grub_net_udp_close (data->sock); ++ data->sock = NULL; ++ } ++ /* ++ * Prevent garbage in broken cards. Is it still necessary ++ * given that IP implementation has been fixed? ++ */ ++ if (size > data->block_size) ++ { ++ err = grub_netbuff_unput (nb, size - data->block_size); ++ if (err) ++ return err; ++ } ++ /* If there is data, puts packet in socket list. */ ++ if ((nb->tail - nb->data) > 0) ++ { ++ grub_net_put_packet (&file->device->net->packs, nb); ++ /* Do not free nb. */ ++ return GRUB_ERR_NONE; ++ } ++ } ++ grub_netbuff_free (nb); + return GRUB_ERR_NONE; + case TFTP_ERROR: + data->have_oack = 1; +@@ -287,19 +250,6 @@ tftp_receive (grub_net_udp_socket_t sock + } + } + +-static void +-destroy_pq (tftp_data_t data) +-{ +- struct grub_net_buff **nb_p; +- while ((nb_p = grub_priority_queue_top (data->pq))) +- { +- grub_netbuff_free (*nb_p); +- grub_priority_queue_pop (data->pq); +- } +- +- grub_priority_queue_destroy (data->pq); +-} +- + static grub_err_t + tftp_open (struct grub_file *file, const char *filename) + { +@@ -367,28 +317,15 @@ tftp_open (struct grub_file *file, const + file->not_easily_seekable = 1; + file->data = data; + +- data->pq = grub_priority_queue_new (sizeof (struct grub_net_buff *), cmp); +- if (!data->pq) +- return grub_errno; +- + err = grub_net_resolve_address (file->device->net->server, &addr); + if (err) +- { +- grub_dprintf ("tftp", "file_size is %llu, block_size is %llu\n", +- (unsigned long long)data->file_size, +- (unsigned long long)data->block_size); +- destroy_pq (data); +- return err; +- } ++ return err; + + data->sock = grub_net_udp_open (addr, + port ? port : TFTP_SERVER_PORT, tftp_receive, + file); + if (!data->sock) +- { +- destroy_pq (data); +- return grub_errno; +- } ++ return grub_errno; + + /* Receive OACK packet. */ + nbd = nb.data; +@@ -399,7 +336,6 @@ tftp_open (struct grub_file *file, const + if (err) + { + grub_net_udp_close (data->sock); +- destroy_pq (data); + return err; + } + grub_net_poll_cards (GRUB_NET_INTERVAL + (i * GRUB_NET_INTERVAL_ADDITION), +@@ -415,7 +351,6 @@ tftp_open (struct grub_file *file, const + if (grub_errno) + { + grub_net_udp_close (data->sock); +- destroy_pq (data); + return grub_errno; + } + +@@ -457,7 +392,6 @@ tftp_close (struct grub_file *file) + grub_print_error (); + grub_net_udp_close (data->sock); + } +- destroy_pq (data); + grub_free (data); + return GRUB_ERR_NONE; + } diff -Nru grub2-2.02~beta2/debian/patches/0092-script-Remove-unused-fields-from-grub_script_functio.patch grub2-2.02~beta2/debian/patches/0092-script-Remove-unused-fields-from-grub_script_functio.patch --- grub2-2.02~beta2/debian/patches/0092-script-Remove-unused-fields-from-grub_script_functio.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0092-script-Remove-unused-fields-from-grub_script_functio.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,29 @@ +From d4235881fe9807432c0054149ca07caace83e7cb Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 10 Jul 2020 11:21:14 +0100 +Subject: script: Remove unused fields from grub_script_function struct + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +--- + include/grub/script_sh.h | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h +index 360c2be1f..b382bcf09 100644 +--- a/include/grub/script_sh.h ++++ b/include/grub/script_sh.h +@@ -359,13 +359,8 @@ struct grub_script_function + /* The script function. */ + struct grub_script *func; + +- /* The flags. */ +- unsigned flags; +- + /* The next element. */ + struct grub_script_function *next; +- +- int references; + }; + typedef struct grub_script_function *grub_script_function_t; + diff -Nru grub2-2.02~beta2/debian/patches/0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch grub2-2.02~beta2/debian/patches/0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch --- grub2-2.02~beta2/debian/patches/0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,104 @@ +From f7aff9effc6d11719db1cfeef7d3419d635c92f5 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Fri, 10 Jul 2020 14:41:45 +0100 +Subject: script: Avoid a use-after-free when redefining a function during + execution + +Defining a new function with the same name as a previously defined +function causes the grub_script and associated resources for the +previous function to be freed. If the previous function is currently +executing when a function with the same name is defined, this results +in use-after-frees when processing subsequent commands in the original +function. + +Instead, reject a new function definition if it has the same name as +a previously defined function, and that function is currently being +executed. Although a behavioural change, this should be backwards +compatible with existing configurations because they can't be +dependent on the current behaviour without being broken. + +Signed-off-by: Chris Coulson +Reviewed-by: Daniel Kiper +--- + grub-core/script/execute.c | 2 ++ + grub-core/script/function.c | 16 +++++++++++++--- + grub-core/script/parser.y | 3 ++- + include/grub/script_sh.h | 2 ++ + 4 files changed, 19 insertions(+), 4 deletions(-) + +diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c +index c8d6806fe..7e028e135 100644 +--- a/grub-core/script/execute.c ++++ b/grub-core/script/execute.c +@@ -838,7 +838,9 @@ grub_script_function_call (grub_script_function_t func, int argc, char **args) + old_scope = scope; + scope = &new_scope; + ++ func->executing++; + ret = grub_script_execute (func->func); ++ func->executing--; + + function_return = 0; + active_loops = loops; +diff --git a/grub-core/script/function.c b/grub-core/script/function.c +index d36655e51..3aad04bf9 100644 +--- a/grub-core/script/function.c ++++ b/grub-core/script/function.c +@@ -34,6 +34,7 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, + func = (grub_script_function_t) grub_malloc (sizeof (*func)); + if (! func) + return 0; ++ func->executing = 0; + + func->name = grub_strdup (functionname_arg->str); + if (! func->name) +@@ -60,10 +61,19 @@ grub_script_function_create (struct grub_script_arg *functionname_arg, + grub_script_function_t q; + + q = *p; +- grub_script_free (q->func); +- q->func = cmd; + grub_free (func); +- func = q; ++ if (q->executing > 0) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("attempt to redefine a function being executed")); ++ func = NULL; ++ } ++ else ++ { ++ grub_script_free (q->func); ++ q->func = cmd; ++ func = q; ++ } + } + else + { +diff --git a/grub-core/script/parser.y b/grub-core/script/parser.y +index 4f0ab8319..f80b86b6f 100644 +--- a/grub-core/script/parser.y ++++ b/grub-core/script/parser.y +@@ -289,7 +289,8 @@ function: "function" "name" + grub_script_mem_free (state->func_mem); + else { + script->children = state->scripts; +- grub_script_function_create ($2, script); ++ if (!grub_script_function_create ($2, script)) ++ grub_script_free (script); + } + + state->scripts = $3; +diff --git a/include/grub/script_sh.h b/include/grub/script_sh.h +index b382bcf09..6c48e0751 100644 +--- a/include/grub/script_sh.h ++++ b/include/grub/script_sh.h +@@ -361,6 +361,8 @@ struct grub_script_function + + /* The next element. */ + struct grub_script_function *next; ++ ++ unsigned executing; + }; + typedef struct grub_script_function *grub_script_function_t; + diff -Nru grub2-2.02~beta2/debian/patches/0094-hfsplus-fix-two-more-overflows.patch grub2-2.02~beta2/debian/patches/0094-hfsplus-fix-two-more-overflows.patch --- grub2-2.02~beta2/debian/patches/0094-hfsplus-fix-two-more-overflows.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0094-hfsplus-fix-two-more-overflows.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,53 @@ +From f77bef9531eaf93f1f967fda2c7e9c0a16435fa8 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 14:43:31 -0400 +Subject: hfsplus: fix two more overflows + +Both node->size and node->namelen come from the supplied filesystem, +which may be user-supplied. We can't trust them for the math unless we +know they don't overflow; making sure they go through calloc() first +will give us that. + +Signed-off-by: Peter Jones +Reviewed-by: Darren Kenny +--- + grub-core/fs/hfsplus.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +Index: bionic-security/grub-core/fs/hfsplus.c +=================================================================== +--- bionic-security.orig/grub-core/fs/hfsplus.c ++++ bionic-security/grub-core/fs/hfsplus.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -475,8 +476,12 @@ grub_hfsplus_read_symlink (grub_fshelp_n + { + char *symlink; + grub_ssize_t numread; ++ grub_size_t sz = node->size; + +- symlink = grub_malloc (node->size + 1); ++ if (grub_add (sz, 1, &sz)) ++ return NULL; ++ ++ symlink = grub_malloc (sz); + if (!symlink) + return 0; + +@@ -714,8 +714,8 @@ list_nodes (void *record, void *hook_arg + if (type == GRUB_FSHELP_UNKNOWN) + return 0; + +- filename = grub_malloc (grub_be_to_cpu16 (catkey->namelen) +- * GRUB_MAX_UTF8_PER_UTF16 + 1); ++ filename = grub_calloc (grub_be_to_cpu16 (catkey->namelen), ++ GRUB_MAX_UTF8_PER_UTF16 + 1); + if (! filename) + return 0; + diff -Nru grub2-2.02~beta2/debian/patches/0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch grub2-2.02~beta2/debian/patches/0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch --- grub2-2.02~beta2/debian/patches/0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,98 @@ +From 9fc5ac5172d7ceae3625258059d9e4b7c8baef76 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 15:48:20 -0400 +Subject: lvm: fix two more potential data-dependent alloc overflows + +It appears to be possible to make a (possibly invalid) lvm PV with a +metadata size field that overflows our type when adding it to the +address we've allocated. Even if it doesn't, it may be possible to do +so with the math using the outcome of that as an operand. Check them +both. + +Signed-off-by: Peter Jones +--- + grub-core/disk/lvm.c | 39 +++++++++++++++++++++++++++++++-------- + 1 file changed, 31 insertions(+), 8 deletions(-) + +Index: grub2-2.02~beta2/grub-core/disk/lvm.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/disk/lvm.c ++++ grub2-2.02~beta2/grub-core/disk/lvm.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + #ifdef GRUB_UTIL + #include +@@ -102,10 +103,11 @@ grub_lvm_detect (grub_disk_t disk, + { + grub_err_t err; + grub_uint64_t mda_offset, mda_size; ++ grub_size_t ptr; + char buf[GRUB_LVM_LABEL_SIZE]; + char vg_id[GRUB_LVM_ID_STRLEN+1]; + char pv_id[GRUB_LVM_ID_STRLEN+1]; +- char *metadatabuf, *p, *q, *vgname; ++ char *metadatabuf, *mda_end, *p, *q, *vgname; + struct grub_lvm_label_header *lh = (struct grub_lvm_label_header *) buf; + struct grub_lvm_pv_header *pvh; + struct grub_lvm_disk_locn *dlocn; +@@ -205,19 +207,30 @@ grub_lvm_detect (grub_disk_t disk, + grub_le_to_cpu64 (rlocn->size) - + grub_le_to_cpu64 (mdah->size)); + } +- p = q = metadatabuf + grub_le_to_cpu64 (rlocn->offset); +- +- while (*q != ' ' && q < metadatabuf + mda_size) +- q++; +- +- if (q == metadatabuf + mda_size) ++ if (grub_add ((grub_size_t)metadatabuf, ++ (grub_size_t)grub_le_to_cpu64 (rlocn->offset), ++ &ptr)) + { ++error_parsing_metadata: + #ifdef GRUB_UTIL + grub_util_info ("error parsing metadata\n"); + #endif + goto fail2; + } + ++ p = q = (char *)ptr; ++ ++ if (grub_add ((grub_size_t)metadatabuf, (grub_size_t)mda_size, &ptr)) ++ goto error_parsing_metadata; ++ ++ mda_end = (char *)ptr; ++ ++ while (*q != ' ' && q < mda_end) ++ q++; ++ ++ if (q == mda_end) ++ goto error_parsing_metadata; ++ + vgname_len = q - p; + vgname = grub_malloc (vgname_len + 1); + if (!vgname) +@@ -367,8 +380,17 @@ grub_lvm_detect (grub_disk_t disk, + { + const char *iptr; + char *optr; +- lv->fullname = grub_malloc (sizeof ("lvm/") - 1 + 2 * vgname_len +- + 1 + 2 * s + 1); ++ grub_size_t sz0 = vgname_len, sz1 = s; ++ ++ if (grub_mul (sz0, 2, &sz0) || ++ grub_add (sz0, 1, &sz0) || ++ grub_mul (sz1, 2, &sz1) || ++ grub_add (sz1, 1, &sz1) || ++ grub_add (sz0, sz1, &sz0) || ++ grub_add (sz0, sizeof ("lvm/") - 1, &sz0)) ++ goto lvs_fail; ++ ++ lv->fullname = grub_malloc (sz0); + if (!lv->fullname) + goto lvs_fail; + diff -Nru grub2-2.02~beta2/debian/patches/0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch grub2-2.02~beta2/debian/patches/0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch --- grub2-2.02~beta2/debian/patches/0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,247 @@ +From 3be69af50aa08c128d570ddf4acd8767115bbb7e Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 19 Jul 2020 16:53:27 -0400 +Subject: efi: fix some malformed device path arithmetic errors. + +Several places we take the length of a device path and subtract 4 from +it, without ever checking that it's >= 4. There are also cases where +this kind of malformation will result in unpredictable iteration, +including treating the length from one dp node as the type in the next +node. These are all errors, no matter where the data comes from. + +This patch adds a checking macro, GRUB_EFI_DEVICE_PATH_VALID(), which +can be used in several places, and makes GRUB_EFI_NEXT_DEVICE_PATH() +return NULL and GRUB_EFI_END_ENTIRE_DEVICE_PATH() evaluate as true when +the length is too small. Additionally, it makes several places in the +code check for and return errors in these cases. + +Signed-off-by: Peter Jones +--- + grub-core/kern/efi/efi.c | 67 +++++++++++++++++++++++++----- + grub-core/loader/efi/chainloader.c | 19 ++++++++- + grub-core/loader/i386/xnu.c | 9 ++-- + include/grub/efi/api.h | 14 ++++--- + 4 files changed, 88 insertions(+), 21 deletions(-) + +Index: grub2-2.02~beta2/grub-core/kern/efi/efi.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/kern/efi/efi.c ++++ grub2-2.02~beta2/grub-core/kern/efi/efi.c +@@ -316,7 +316,7 @@ grub_efi_get_filename (grub_efi_device_p + + dp = dp0; + +- while (1) ++ while (dp) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -326,9 +326,15 @@ grub_efi_get_filename (grub_efi_device_p + if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE + && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) + { +- grub_efi_uint16_t len; +- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) +- / sizeof (grub_efi_char16_t)); ++ grub_efi_uint16_t len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ len = (len - 4) / sizeof (grub_efi_char16_t); + filesize += GRUB_MAX_UTF8_PER_UTF16 * len + 2; + } + +@@ -344,7 +350,7 @@ grub_efi_get_filename (grub_efi_device_p + if (!name) + return NULL; + +- while (1) ++ while (dp) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -359,8 +365,15 @@ grub_efi_get_filename (grub_efi_device_p + + *p++ = '/'; + +- len = ((GRUB_EFI_DEVICE_PATH_LENGTH (dp) - 4) +- / sizeof (grub_efi_char16_t)); ++ len = GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ len = (len - 4) / sizeof (grub_efi_char16_t); + fp = (grub_efi_file_path_device_path_t *) dp; + + p = (char *) grub_utf16_to_utf8 ((unsigned char *) p, fp->path_name, len); +@@ -423,7 +436,26 @@ grub_efi_duplicate_device_path (const gr + ; + p = GRUB_EFI_NEXT_DEVICE_PATH (p)) + { +- total_size += GRUB_EFI_DEVICE_PATH_LENGTH (p); ++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (p); ++ ++ /* ++ * In the event that we find a node that's completely garbage, for ++ * example if we get to 0x7f 0x01 0x02 0x00 ... (EndInstance with a size ++ * of 2), GRUB_EFI_END_ENTIRE_DEVICE_PATH() will be true and ++ * GRUB_EFI_NEXT_DEVICE_PATH() will return NULL, so we won't continue, ++ * and neither should our consumers, but there won't be any error raised ++ * even though the device path is junk. ++ * ++ * This keeps us from passing junk down back to our caller. ++ */ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ total_size += len; + if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (p)) + break; + } +@@ -468,7 +500,7 @@ dump_vendor_path (const char *type, grub + void + grub_efi_print_device_path (grub_efi_device_path_t *dp) + { +- while (1) ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp)) + { + grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); + grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); +@@ -869,7 +901,11 @@ grub_efi_compare_device_paths (const gru + /* Return non-zero. */ + return 1; + +- while (1) ++ if (dp1 == dp2) ++ return 0; ++ ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp1) ++ && GRUB_EFI_DEVICE_PATH_VALID (dp2)) + { + grub_efi_uint8_t type1, type2; + grub_efi_uint8_t subtype1, subtype2; +@@ -905,5 +941,16 @@ grub_efi_compare_device_paths (const gru + dp2 = (grub_efi_device_path_t *) ((char *) dp2 + len2); + } + ++ /* ++ * There's no "right" answer here, but we probably don't want to call a valid ++ * dp and an invalid dp equal, so pick one way or the other. ++ */ ++ if (GRUB_EFI_DEVICE_PATH_VALID (dp1) && ++ !GRUB_EFI_DEVICE_PATH_VALID (dp2)) ++ return 1; ++ else if (!GRUB_EFI_DEVICE_PATH_VALID (dp1) && ++ GRUB_EFI_DEVICE_PATH_VALID (dp2)) ++ return -1; ++ + return 0; + } +Index: grub2-2.02~beta2/grub-core/loader/efi/chainloader.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/efi/chainloader.c ++++ grub2-2.02~beta2/grub-core/loader/efi/chainloader.c +@@ -125,6 +125,12 @@ copy_file_path (grub_efi_file_path_devic + fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; + fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; + ++ if (!GRUB_EFI_DEVICE_PATH_VALID ((grub_efi_device_path_t *)fp)) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "EFI Device Path is invalid"); ++ return; ++ } ++ + size = grub_utf8_to_utf16 (fp->path_name, len * GRUB_MAX_UTF16_PER_UTF8, + (const grub_uint8_t *) str, len, 0); + for (p = fp->path_name; p < fp->path_name + size; p++) +@@ -157,9 +163,18 @@ make_file_path (grub_efi_device_path_t * + + size = 0; + d = dp; +- while (1) ++ while (d) + { +- size += GRUB_EFI_DEVICE_PATH_LENGTH (d); ++ grub_size_t len = GRUB_EFI_DEVICE_PATH_LENGTH (d); ++ ++ if (len < 4) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, ++ "malformed EFI Device Path node has length=%d", len); ++ return NULL; ++ } ++ ++ size += len; + if ((GRUB_EFI_END_ENTIRE_DEVICE_PATH (d))) + break; + d = GRUB_EFI_NEXT_DEVICE_PATH (d); +Index: grub2-2.02~beta2/grub-core/loader/i386/xnu.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/i386/xnu.c ++++ grub2-2.02~beta2/grub-core/loader/i386/xnu.c +@@ -513,14 +513,15 @@ grub_cmd_devprop_load (grub_command_t cm + + devhead = buf; + buf = devhead + 1; +- dpstart = buf; ++ dp = dpstart = buf; + +- do ++ while (GRUB_EFI_DEVICE_PATH_VALID (dp) && buf < bufend) + { +- dp = buf; + buf = (char *) buf + GRUB_EFI_DEVICE_PATH_LENGTH (dp); ++ if (GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp)) ++ break; ++ dp = buf; + } +- while (!GRUB_EFI_END_ENTIRE_DEVICE_PATH (dp) && buf < bufend); + + dev = grub_xnu_devprop_add_device (dpstart, (char *) buf + - (char *) dpstart); +Index: grub2-2.02~beta2/include/grub/efi/api.h +=================================================================== +--- grub2-2.02~beta2.orig/include/grub/efi/api.h ++++ grub2-2.02~beta2/include/grub/efi/api.h +@@ -590,6 +590,7 @@ typedef struct grub_efi_device_path grub + #define GRUB_EFI_DEVICE_PATH_TYPE(dp) ((dp)->type & 0x7f) + #define GRUB_EFI_DEVICE_PATH_SUBTYPE(dp) ((dp)->subtype) + #define GRUB_EFI_DEVICE_PATH_LENGTH(dp) ((dp)->length) ++#define GRUB_EFI_DEVICE_PATH_VALID(dp) ((dp) != NULL && GRUB_EFI_DEVICE_PATH_LENGTH (dp) >= 4) + + /* The End of Device Path nodes. */ + #define GRUB_EFI_END_DEVICE_PATH_TYPE (0xff & 0x7f) +@@ -598,13 +599,16 @@ typedef struct grub_efi_device_path grub + #define GRUB_EFI_END_THIS_DEVICE_PATH_SUBTYPE 0x01 + + #define GRUB_EFI_END_ENTIRE_DEVICE_PATH(dp) \ +- (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \ +- && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \ +- == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE)) ++ (!GRUB_EFI_DEVICE_PATH_VALID (dp) || \ ++ (GRUB_EFI_DEVICE_PATH_TYPE (dp) == GRUB_EFI_END_DEVICE_PATH_TYPE \ ++ && (GRUB_EFI_DEVICE_PATH_SUBTYPE (dp) \ ++ == GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE))) + + #define GRUB_EFI_NEXT_DEVICE_PATH(dp) \ +- ((grub_efi_device_path_t *) ((char *) (dp) \ +- + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) ++ (GRUB_EFI_DEVICE_PATH_VALID (dp) \ ++ ? ((grub_efi_device_path_t *) \ ++ ((char *) (dp) + GRUB_EFI_DEVICE_PATH_LENGTH (dp))) \ ++ : NULL) + + /* Hardware Device Path. */ + #define GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE 1 diff -Nru grub2-2.02~beta2/debian/patches/0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch grub2-2.02~beta2/debian/patches/0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch --- grub2-2.02~beta2/debian/patches/0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,90 @@ +From 02fdac962effd9278bef85644072f91853f6ef9f Mon Sep 17 00:00:00 2001 +From: Dimitri John Ledkov +Date: Wed, 22 Jul 2020 11:31:43 +0100 +Subject: linuxefi: fail kernel validation without shim protocol. + +If certificates that signed grub are installed into db, grub can be +booted directly. It will then boot any kernel without signature +validation. The booted kernel will think it was booted in secureboot +mode and will implement lockdown, yet it could have been tampered. + +CVE-2020-15705 + +Reported-by: Mathieu Trudel-Lapierre +Signed-off-by: Dimitri John Ledkov +--- + grub-core/loader/arm64/linux.c | 12 ++++++++---- + grub-core/loader/efi/chainloader.c | 1 + + grub-core/loader/efi/linux.c | 1 + + grub-core/loader/i386/efi/linux.c | 2 +- + 4 files changed, 11 insertions(+), 5 deletions(-) + +Index: grub2-2.02~beta2/grub-core/loader/arm64/linux.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/arm64/linux.c ++++ grub2-2.02~beta2/grub-core/loader/arm64/linux.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -298,11 +299,15 @@ grub_cmd_linux (grub_command_t cmd __att + + grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); + +- rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); +- if (rc < 0) ++ if (grub_efi_secure_boot ()) + { +- grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); +- goto fail; ++ rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); ++ if (rc <= 0) ++ { ++ grub_error (GRUB_ERR_INVALID_COMMAND, ++ N_("%s has invalid signature"), argv[0]); ++ goto fail; ++ } + } + + pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); +Index: grub2-2.02~beta2/grub-core/loader/efi/chainloader.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/efi/chainloader.c ++++ grub2-2.02~beta2/grub-core/loader/efi/chainloader.c +@@ -1070,6 +1070,7 @@ grub_cmd_chainloader (grub_command_t cmd + grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); + return 0; + } ++ // -1 fall-through to fail + + grub_file_close (file); + grub_device_close (dev); +Index: grub2-2.02~beta2/grub-core/loader/efi/linux.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/efi/linux.c ++++ grub2-2.02~beta2/grub-core/loader/efi/linux.c +@@ -33,6 +33,7 @@ struct grub_efi_shim_lock + }; + typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; + ++// Returns 1 on success, -1 on error, 0 when not available + int + grub_linuxefi_secure_validate (void *data, grub_uint32_t size) + { +Index: grub2-2.02~beta2/grub-core/loader/i386/efi/linux.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/i386/efi/linux.c ++++ grub2-2.02~beta2/grub-core/loader/i386/efi/linux.c +@@ -193,7 +193,7 @@ grub_cmd_linux (grub_command_t cmd __att + if (grub_efi_secure_boot ()) + { + rc = grub_linuxefi_secure_validate (kernel, filelen); +- if (rc < 0) ++ if (rc <= 0) + { + grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), argv[0]); + goto fail; diff -Nru grub2-2.02~beta2/debian/patches/0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch grub2-2.02~beta2/debian/patches/0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch --- grub2-2.02~beta2/debian/patches/0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,80 @@ +From 2009149faada143b6cdecacb12b06313c97b5926 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Wed, 22 Jul 2020 17:06:04 +0100 +Subject: Fix a regression caused by "efi: fix some malformed device path + arithmetic errors" + +This commit introduced a bogus check inside copy_file_path to +determine whether the destination grub_efi_file_path_device_path_t +was valid before anything was copied to it. Depending on the +contents of the heap buffer, this check could fail which would +result in copy_file_path returning early. + +Without any error propagated to the caller, make_file_path would +then try to advance the invalid device path node with +GRUB_EFI_NEXT_DEVICE_PATH, which would also fail, returning a NULL +pointer that would subsequently be dereferenced. + +Remove the bogus check, and also propagate errors from copy_file_path. +--- + grub-core/loader/efi/chainloader.c | 25 +++++++++++++------------ + 1 file changed, 13 insertions(+), 12 deletions(-) + +Index: grub2-2.02~beta2/grub-core/loader/efi/chainloader.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/efi/chainloader.c ++++ grub2-2.02~beta2/grub-core/loader/efi/chainloader.c +@@ -115,7 +115,7 @@ grub_chainloader_boot (void) + return grub_errno; + } + +-static void ++static grub_err_t + copy_file_path (grub_efi_file_path_device_path_t *fp, + const char *str, grub_efi_uint16_t len) + { +@@ -125,12 +125,6 @@ copy_file_path (grub_efi_file_path_devic + fp->header.type = GRUB_EFI_MEDIA_DEVICE_PATH_TYPE; + fp->header.subtype = GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE; + +- if (!GRUB_EFI_DEVICE_PATH_VALID ((grub_efi_device_path_t *)fp)) +- { +- grub_error (GRUB_ERR_BAD_ARGUMENT, "EFI Device Path is invalid"); +- return; +- } +- + size = grub_utf8_to_utf16 (fp->path_name, len * GRUB_MAX_UTF16_PER_UTF8, + (const grub_uint8_t *) str, len, 0); + for (p = fp->path_name; p < fp->path_name + size; p++) +@@ -138,6 +132,7 @@ copy_file_path (grub_efi_file_path_devic + *p = '\\'; + + fp->header.length = size * sizeof (grub_efi_char16_t) + sizeof (*fp); ++ return GRUB_ERR_NONE; + } + + static grub_efi_device_path_t * +@@ -193,13 +188,19 @@ make_file_path (grub_efi_device_path_t * + /* Fill the file path for the directory. */ + d = (grub_efi_device_path_t *) ((char *) file_path + + ((char *) d - (char *) dp)); +- copy_file_path ((grub_efi_file_path_device_path_t *) d, +- dir_start, dir_end - dir_start); ++ if (copy_file_path ((grub_efi_file_path_device_path_t *) d, ++ dir_start, dir_end - dir_start) != GRUB_ERR_NONE) ++ { ++ fail: ++ grub_free (file_path); ++ return 0; ++ } + + /* Fill the file path for the file. */ + d = GRUB_EFI_NEXT_DEVICE_PATH (d); +- copy_file_path ((grub_efi_file_path_device_path_t *) d, +- dir_end + 1, grub_strlen (dir_end + 1)); ++ if (copy_file_path ((grub_efi_file_path_device_path_t *) d, ++ dir_end + 1, grub_strlen (dir_end + 1)) != GRUB_ERR_NONE) ++ goto fail; + + /* Fill the end of device path nodes. */ + d = GRUB_EFI_NEXT_DEVICE_PATH (d); diff -Nru grub2-2.02~beta2/debian/patches/0100-chainloader-Avoid-a-double-free-when-validation-fail.patch grub2-2.02~beta2/debian/patches/0100-chainloader-Avoid-a-double-free-when-validation-fail.patch --- grub2-2.02~beta2/debian/patches/0100-chainloader-Avoid-a-double-free-when-validation-fail.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0100-chainloader-Avoid-a-double-free-when-validation-fail.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,37 @@ +From 6ef40cdb663d37cfd9aa28fe2cfdcfa09058cc56 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Thu, 23 Jul 2020 14:02:17 +0100 +Subject: chainloader: Avoid a double free when validation fails + +--- + grub-core/loader/efi/chainloader.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +Index: grub2-2.02~beta2/grub-core/loader/efi/chainloader.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/efi/chainloader.c ++++ grub2-2.02~beta2/grub-core/loader/efi/chainloader.c +@@ -1060,6 +1060,7 @@ grub_cmd_chainloader (grub_command_t cmd + if (rc > 0) + { + grub_file_close (file); ++ grub_device_close (dev); + grub_loader_set (grub_secureboot_chainloader_boot, + grub_secureboot_chainloader_unload, 0); + return 0; +@@ -1068,14 +1069,12 @@ grub_cmd_chainloader (grub_command_t cmd + { + grub_load_and_start_image(boot_image); + grub_file_close (file); ++ grub_device_close (dev); + grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); + return 0; + } + // -1 fall-through to fail + +- grub_file_close (file); +- grub_device_close (dev); +- + fail: + if (dev) + grub_device_close (dev); diff -Nru grub2-2.02~beta2/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch grub2-2.02~beta2/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch --- grub2-2.02~beta2/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,145 @@ +From f664dd35931496975f890ac99f5a550d0023622a Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Wed, 15 Jul 2020 06:42:37 +0000 +Subject: relocator: Protect grub_relocator_alloc_chunk_addr() input args + against integer underflow/overflow + +Use arithmetic macros from safemath.h to accomplish it. In this commit, +I didn't want to be too paranoid to check every possible math equation +for overflow/underflow. Only obvious places (with non zero chance of +overflow/underflow) were refactored. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/loader/i386/linux.c | 9 +++++++-- + grub-core/loader/i386/pc/linux.c | 9 +++++++-- + grub-core/loader/i386/xen.c | 12 ++++++++++-- + grub-core/loader/xnu.c | 11 +++++++---- + 4 files changed, 31 insertions(+), 10 deletions(-) + +Index: grub2-2.02~beta2/grub-core/loader/i386/linux.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/i386/linux.c ++++ grub2-2.02~beta2/grub-core/loader/i386/linux.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -595,9 +596,13 @@ grub_linux_boot (void) + + { + grub_relocator_chunk_t ch; ++ grub_size_t sz; ++ ++ if (grub_add (ctx.real_size, efi_mmap_size, &sz)) ++ return GRUB_ERR_OUT_OF_RANGE; ++ + err = grub_relocator_alloc_chunk_addr (relocator, &ch, +- ctx.real_mode_target, +- (ctx.real_size + efi_mmap_size)); ++ ctx.real_mode_target, sz); + if (err) + return err; + real_mode_mem = get_virtual_current_address (ch); +Index: grub2-2.02~beta2/grub-core/loader/i386/pc/linux.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/i386/pc/linux.c ++++ grub2-2.02~beta2/grub-core/loader/i386/pc/linux.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -219,8 +220,12 @@ grub_cmd_linux (grub_command_t cmd __att + setup_sects = GRUB_LINUX_DEFAULT_SETUP_SECTS; + + real_size = setup_sects << GRUB_DISK_SECTOR_BITS; +- grub_linux16_prot_size = grub_file_size (file) +- - real_size - GRUB_DISK_SECTOR_SIZE; ++ if (grub_sub (grub_file_size (file), real_size, &grub_linux16_prot_size) || ++ grub_sub (grub_linux16_prot_size, GRUB_DISK_SECTOR_SIZE, &grub_linux16_prot_size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + + if (! grub_linux_is_bzimage + && GRUB_LINUX_ZIMAGE_ADDR + grub_linux16_prot_size +Index: grub2-2.02~beta2/grub-core/loader/i386/xen.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/i386/xen.c ++++ grub2-2.02~beta2/grub-core/loader/i386/xen.c +@@ -39,6 +39,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -397,6 +398,7 @@ grub_cmd_xen (grub_command_t cmd __attri + grub_file_t file; + grub_elf_t elf; + grub_err_t err; ++ grub_size_t sz; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -465,8 +467,13 @@ grub_cmd_xen (grub_command_t cmd __attri + + max_addr = ALIGN_UP (kern_end, PAGE_SIZE); + +- err = grub_relocator_alloc_chunk_addr (relocator, &ch, kern_start, +- kern_end - kern_start); ++ if (grub_sub (kern_end, kern_start, &sz)) ++ { ++ err = GRUB_ERR_OUT_OF_RANGE; ++ goto fail; ++ } ++ ++ err = grub_relocator_alloc_chunk_addr (relocator, &ch, kern_start, sz); + if (err) + goto fail; + kern_chunk_src = get_virtual_current_address (ch); +Index: grub2-2.02~beta2/grub-core/loader/xnu.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/xnu.c ++++ grub2-2.02~beta2/grub-core/loader/xnu.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -59,15 +60,17 @@ grub_xnu_heap_malloc (int size, void **s + { + grub_err_t err; + grub_relocator_chunk_t ch; ++ grub_addr_t tgt; ++ ++ if (grub_add (grub_xnu_heap_target_start, grub_xnu_heap_size, &tgt)) ++ return GRUB_ERR_OUT_OF_RANGE; + +- err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, +- grub_xnu_heap_target_start +- + grub_xnu_heap_size, size); ++ err = grub_relocator_alloc_chunk_addr (grub_xnu_relocator, &ch, tgt, size); + if (err) + return err; + + *src = get_virtual_current_address (ch); +- *target = grub_xnu_heap_target_start + grub_xnu_heap_size; ++ *target = tgt; + grub_xnu_heap_size += size; + grub_dprintf ("xnu", "val=%p\n", *src); + return GRUB_ERR_NONE; diff -Nru grub2-2.02~beta2/debian/patches/0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch grub2-2.02~beta2/debian/patches/0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch --- grub2-2.02~beta2/debian/patches/0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,287 @@ +From b05589230726250444b4aad0e46dd79365454ed4 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Wed, 8 Jul 2020 01:44:38 +0000 +Subject: relocator: Protect grub_relocator_alloc_chunk_align() max_addr + against integer underflow + +This commit introduces integer underflow mitigation in max_addr calculation +in grub_relocator_alloc_chunk_align() invocation. + +It consists of 2 fixes: + 1. Introduced grub_relocator_alloc_chunk_align_safe() wrapper function to perform + sanity check for min/max and size values, and to make safe invocation of + grub_relocator_alloc_chunk_align() with validated max_addr value. Replace all + invocations such as grub_relocator_alloc_chunk_align(..., min_addr, max_addr - size, size, ...) + by grub_relocator_alloc_chunk_align_safe(..., min_addr, max_addr, size, ...). + 2. Introduced UP_TO_TOP32(s) macro for the cases where max_addr is 32-bit top + address (0xffffffff - size + 1) or similar. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/lib/i386/relocator.c | 28 ++++++++++---------------- + grub-core/lib/mips/relocator.c | 6 ++---- + grub-core/lib/powerpc/relocator.c | 6 ++---- + grub-core/lib/x86_64/efi/relocator.c | 7 +++---- + grub-core/loader/i386/linux.c | 5 ++--- + grub-core/loader/i386/multiboot_mbi.c | 7 +++---- + grub-core/loader/i386/pc/linux.c | 6 ++---- + grub-core/loader/mips/linux.c | 9 +++------ + grub-core/loader/multiboot.c | 2 +- + grub-core/loader/multiboot_elfxx.c | 10 ++++----- + grub-core/loader/multiboot_mbi2.c | 10 ++++----- + grub-core/loader/xnu_resume.c | 2 +- + include/grub/relocator.h | 29 +++++++++++++++++++++++++++ + 13 files changed, 69 insertions(+), 58 deletions(-) + +Index: grub2-2.02~beta2/grub-core/lib/i386/relocator.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/lib/i386/relocator.c ++++ grub2-2.02~beta2/grub-core/lib/i386/relocator.c +@@ -82,10 +82,10 @@ grub_relocator32_boot (struct grub_reloc + grub_relocator_chunk_t ch; + + err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- (0xffffffff - RELOCATOR_SIZEOF (32)) +- + 1, RELOCATOR_SIZEOF (32), 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, +- avoid_efi_bootservices); ++ UP_TO_TOP32 (RELOCATOR_SIZEOF (32)), ++ RELOCATOR_SIZEOF (32), 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, ++ avoid_efi_bootservices); + if (err) + return err; + +@@ -123,13 +123,10 @@ grub_relocator16_boot (struct grub_reloc + grub_relocator_chunk_t ch; + + /* Put it higher than the byte it checks for A20 check. */ +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0x8010, +- 0xa0000 - RELOCATOR_SIZEOF (16) +- - GRUB_RELOCATOR16_STACK_SIZE, +- RELOCATOR_SIZEOF (16) +- + GRUB_RELOCATOR16_STACK_SIZE, 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, +- 0); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, 0x8010, 0xa0000, ++ RELOCATOR_SIZEOF (16) + ++ GRUB_RELOCATOR16_STACK_SIZE, 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + +@@ -181,11 +178,9 @@ grub_relocator64_boot (struct grub_reloc + void *relst; + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, min_addr, +- max_addr - RELOCATOR_SIZEOF (64), +- RELOCATOR_SIZEOF (64), 16, +- GRUB_RELOCATOR_PREFERENCE_NONE, +- 0); ++ err = grub_relocator_alloc_chunk_align_safe (rel, &ch, min_addr, max_addr, ++ RELOCATOR_SIZEOF (64), 16, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + +Index: grub2-2.02~beta2/grub-core/lib/mips/relocator.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/lib/mips/relocator.c ++++ grub2-2.02~beta2/grub-core/lib/mips/relocator.c +@@ -120,10 +120,8 @@ grub_relocator32_boot (struct grub_reloc + unsigned i; + grub_addr_t vtarget; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- (0xffffffff - stateset_size) +- + 1, stateset_size, +- sizeof (grub_uint32_t), ++ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size), ++ stateset_size, sizeof (grub_uint32_t), + GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; +Index: grub2-2.02~beta2/grub-core/lib/powerpc/relocator.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/lib/powerpc/relocator.c ++++ grub2-2.02~beta2/grub-core/lib/powerpc/relocator.c +@@ -115,10 +115,8 @@ grub_relocator32_boot (struct grub_reloc + unsigned i; + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (rel, &ch, 0, +- (0xffffffff - stateset_size) +- + 1, stateset_size, +- sizeof (grub_uint32_t), ++ err = grub_relocator_alloc_chunk_align (rel, &ch, 0, UP_TO_TOP32 (stateset_size), ++ stateset_size, sizeof (grub_uint32_t), + GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; +Index: grub2-2.02~beta2/grub-core/loader/i386/linux.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/i386/linux.c ++++ grub2-2.02~beta2/grub-core/loader/i386/linux.c +@@ -233,9 +233,8 @@ allocate_pages (grub_size_t prot_size, g + for (; err && *align + 1 > min_align; (*align)--) + { + grub_errno = GRUB_ERR_NONE; +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- 0x1000000, +- 0xffffffff & ~prot_size, ++ err = grub_relocator_alloc_chunk_align (relocator, &ch, 0x1000000, ++ UP_TO_TOP32 (prot_size), + prot_size, 1 << *align, + GRUB_RELOCATOR_PREFERENCE_LOW, + 1); +Index: grub2-2.02~beta2/grub-core/loader/i386/pc/linux.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/i386/pc/linux.c ++++ grub2-2.02~beta2/grub-core/loader/i386/pc/linux.c +@@ -449,10 +449,8 @@ grub_cmd_initrd (grub_command_t cmd __at + + { + grub_relocator_chunk_t ch; +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- addr_min, addr_max - size, +- size, 0x1000, +- GRUB_RELOCATOR_PREFERENCE_HIGH, 0); ++ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, addr_min, addr_max, size, ++ 0x1000, GRUB_RELOCATOR_PREFERENCE_HIGH, 0); + if (err) + return err; + initrd_chunk = get_virtual_current_address (ch); +Index: grub2-2.02~beta2/grub-core/loader/mips/linux.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/mips/linux.c ++++ grub2-2.02~beta2/grub-core/loader/mips/linux.c +@@ -434,12 +434,9 @@ grub_cmd_initrd (grub_command_t cmd __at + { + grub_relocator_chunk_t ch; + +- err = grub_relocator_alloc_chunk_align (relocator, &ch, +- (target_addr & 0x1fffffff) +- + linux_size + 0x10000, +- (0x10000000 - size), +- size, 0x10000, +- GRUB_RELOCATOR_PREFERENCE_NONE, 0); ++ err = grub_relocator_alloc_chunk_align_safe (relocator, &ch, (target_addr & 0x1fffffff) + ++ linux_size + 0x10000, 0x10000000, size, ++ 0x10000, GRUB_RELOCATOR_PREFERENCE_NONE, 0); + + if (err) + goto fail; +Index: grub2-2.02~beta2/grub-core/loader/multiboot.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/multiboot.c ++++ grub2-2.02~beta2/grub-core/loader/multiboot.c +@@ -343,7 +343,7 @@ grub_cmd_module (grub_command_t cmd __at + { + grub_relocator_chunk_t ch; + err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch, +- lowest_addr, (0xffffffff - size) + 1, ++ lowest_addr, UP_TO_TOP32 (size), + size, MULTIBOOT_MOD_ALIGN, + GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) +Index: grub2-2.02~beta2/grub-core/loader/xnu_resume.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/xnu_resume.c ++++ grub2-2.02~beta2/grub-core/loader/xnu_resume.c +@@ -129,7 +129,7 @@ grub_xnu_resume (char *imagename) + { + grub_relocator_chunk_t ch; + err = grub_relocator_alloc_chunk_align (grub_xnu_relocator, &ch, 0, +- (0xffffffff - hibhead.image_size) + 1, ++ UP_TO_TOP32 (hibhead.image_size), + hibhead.image_size, + GRUB_XNU_PAGESIZE, + GRUB_RELOCATOR_PREFERENCE_NONE, 0); +Index: grub2-2.02~beta2/include/grub/relocator.h +=================================================================== +--- grub2-2.02~beta2.orig/include/grub/relocator.h ++++ grub2-2.02~beta2/include/grub/relocator.h +@@ -49,6 +49,35 @@ grub_relocator_alloc_chunk_align (struct + int preference, + int avoid_efi_boot_services); + ++/* ++ * Wrapper for grub_relocator_alloc_chunk_align() with purpose of ++ * protecting against integer underflow. ++ * ++ * Compare to its callee, max_addr has different meaning here. ++ * It covers entire chunk and not just start address of the chunk. ++ */ ++static inline grub_err_t ++grub_relocator_alloc_chunk_align_safe (struct grub_relocator *rel, ++ grub_relocator_chunk_t *out, ++ grub_phys_addr_t min_addr, ++ grub_phys_addr_t max_addr, ++ grub_size_t size, grub_size_t align, ++ int preference, ++ int avoid_efi_boot_services) ++{ ++ /* Sanity check and ensure following equation (max_addr - size) is safe. */ ++ if (max_addr < size || (max_addr - size) < min_addr) ++ return GRUB_ERR_OUT_OF_RANGE; ++ ++ return grub_relocator_alloc_chunk_align (rel, out, min_addr, ++ max_addr - size, ++ size, align, preference, ++ avoid_efi_boot_services); ++} ++ ++/* Top 32-bit address minus s bytes and plus 1 byte. */ ++#define UP_TO_TOP32(s) ((~(s) & 0xffffffff) + 1) ++ + #define GRUB_RELOCATOR_PREFERENCE_NONE 0 + #define GRUB_RELOCATOR_PREFERENCE_LOW 1 + #define GRUB_RELOCATOR_PREFERENCE_HIGH 2 +Index: grub2-2.02~beta2/grub-core/loader/multiboot_mbi2.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/multiboot_mbi2.c ++++ grub2-2.02~beta2/grub-core/loader/multiboot_mbi2.c +@@ -647,7 +647,7 @@ grub_multiboot_make_mbi (grub_uint32_t * + COMPILE_TIME_ASSERT (MULTIBOOT_TAG_ALIGN % sizeof (grub_properly_aligned_t) == 0); + + err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch, +- 0, 0xffffffff - bufsize, ++ 0, UP_TO_TOP32 (bufsize), + bufsize, MULTIBOOT_TAG_ALIGN, + GRUB_RELOCATOR_PREFERENCE_NONE, 1); + if (err) +Index: grub2-2.02~beta2/grub-core/loader/i386/multiboot_mbi.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/i386/multiboot_mbi.c ++++ grub2-2.02~beta2/grub-core/loader/i386/multiboot_mbi.c +@@ -445,10 +445,9 @@ grub_multiboot_make_mbi (grub_uint32_t * + + bufsize = grub_multiboot_get_mbi_size (); + +- err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, &ch, +- 0x10000, 0x100000 - bufsize, +- bufsize, 4, +- GRUB_RELOCATOR_PREFERENCE_NONE, 0); ++ err = grub_relocator_alloc_chunk_align_safe (grub_multiboot_relocator, &ch, ++ 0x10000, 0x100000, bufsize, 4, ++ GRUB_RELOCATOR_PREFERENCE_NONE, 0); + if (err) + return err; + ptrorig = get_virtual_current_address (ch); +Index: grub2-2.02~beta2/grub-core/loader/multiboot_elfxx.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/multiboot_elfxx.c ++++ grub2-2.02~beta2/grub-core/loader/multiboot_elfxx.c +@@ -201,8 +201,8 @@ CONCAT(grub_multiboot_load_elf, XX) (gru + grub_relocator_chunk_t ch; + err = grub_relocator_alloc_chunk_align (grub_multiboot_relocator, + &ch, 0, +- (0xffffffff - sh->sh_size) +- + 1, sh->sh_size, ++ UP_TO_TOP32 (sh->sh_size), ++ sh->sh_size, + sh->sh_addralign, + GRUB_RELOCATOR_PREFERENCE_NONE, + 0); diff -Nru grub2-2.02~beta2/debian/patches/0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch grub2-2.02~beta2/debian/patches/0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch --- grub2-2.02~beta2/debian/patches/0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,42 @@ +From 845260829f3de44b93f5dc02c13946b7517acbe0 Mon Sep 17 00:00:00 2001 +From: Alexey Makhalov +Date: Fri, 17 Jul 2020 05:17:26 +0000 +Subject: relocator: Fix grub_relocator_alloc_chunk_align() top memory + allocation + +Current implementation of grub_relocator_alloc_chunk_align() +does not allow allocation of the top byte. + +Assuming input args are: + max_addr = 0xfffff000; + size = 0x1000; + +And this is valid. But following overflow protection will +unnecessarily move max_addr one byte down (to 0xffffefff): + if (max_addr > ~size) + max_addr = ~size; + +~size + 1 will fix the situation. In addition, check size +for non zero to do not zero max_addr. + +Signed-off-by: Alexey Makhalov +Reviewed-by: Daniel Kiper +--- + grub-core/lib/relocator.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/lib/relocator.c b/grub-core/lib/relocator.c +index 5847aac36..f2c1944c2 100644 +--- a/grub-core/lib/relocator.c ++++ b/grub-core/lib/relocator.c +@@ -1386,8 +1386,8 @@ grub_relocator_alloc_chunk_align (struct grub_relocator *rel, + }; + grub_addr_t min_addr2 = 0, max_addr2; + +- if (max_addr > ~size) +- max_addr = ~size; ++ if (size && (max_addr > ~size)) ++ max_addr = ~size + 1; + + #ifdef GRUB_MACHINE_PCBIOS + if (min_addr < 0x1000) diff -Nru grub2-2.02~beta2/debian/patches/0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch grub2-2.02~beta2/debian/patches/0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch --- grub2-2.02~beta2/debian/patches/0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,25 @@ +From 30fb91b6b774e71d1f4e9dbc0fdda61ca6267bd4 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 24 Jul 2020 13:57:27 -0400 +Subject: linux loader: avoid overflow on initrd size calculation + +Signed-off-by: Peter Jones +--- + grub-core/loader/linux.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/linux.c b/grub-core/loader/linux.c +index 471b214d6..25624ebc1 100644 +--- a/grub-core/loader/linux.c ++++ b/grub-core/loader/linux.c +@@ -151,8 +151,8 @@ grub_initrd_init (int argc, char *argv[], + initrd_ctx->nfiles = 0; + initrd_ctx->components = 0; + +- initrd_ctx->components = grub_zalloc (argc +- * sizeof (initrd_ctx->components[0])); ++ initrd_ctx->components = grub_calloc (argc, ++ sizeof (initrd_ctx->components[0])); + if (!initrd_ctx->components) + return grub_errno; + diff -Nru grub2-2.02~beta2/debian/patches/0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch grub2-2.02~beta2/debian/patches/0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch --- grub2-2.02~beta2/debian/patches/0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,165 @@ +From 61c38b585d431e862de2aac5a989272e9c9d1ed1 Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Sat, 25 Jul 2020 12:15:37 +0100 +Subject: linux: Fix integer overflows in initrd size handling + +These could be triggered by a crafted filesystem with very large files. + +Fixes: CVE-2020-15707 + +Signed-off-by: Colin Watson +Reviewed-by: Jan Setje-Eilers +--- + grub-core/loader/linux.c | 74 +++++++++++++++++++++++++++++----------- + 1 file changed, 54 insertions(+), 20 deletions(-) + +Index: grub2-2.02~beta2/grub-core/loader/linux.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/linux.c ++++ grub2-2.02~beta2/grub-core/loader/linux.c +@@ -4,6 +4,7 @@ + #include + #include + #include ++#include + + struct newc_head + { +@@ -98,13 +99,13 @@ free_dir (struct dir *root) + grub_free (root); + } + +-static grub_size_t ++static grub_err_t + insert_dir (const char *name, struct dir **root, +- grub_uint8_t *ptr) ++ grub_uint8_t *ptr, grub_size_t *size) + { + struct dir *cur, **head = root; + const char *cb, *ce = name; +- grub_size_t size = 0; ++ *size = 0; + while (1) + { + for (cb = ce; *cb == '/'; cb++); +@@ -130,14 +131,22 @@ insert_dir (const char *name, struct dir + ptr = make_header (ptr, name, ce - name, + 040777, 0); + } +- size += ALIGN_UP ((ce - (char *) name) +- + sizeof (struct newc_head), 4); ++ if (grub_add (*size, ++ ALIGN_UP ((ce - (char *) name) ++ + sizeof (struct newc_head), 4), ++ size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ grub_free (n->name); ++ grub_free (n); ++ return grub_errno; ++ } + *head = n; + cur = n; + } + root = &cur->next; + } +- return size; ++ return GRUB_ERR_NONE; + } + + grub_err_t +@@ -170,27 +179,34 @@ grub_initrd_init (int argc, char *argv[] + eptr = grub_strchr (ptr, ':'); + if (eptr) + { ++ grub_size_t dir_size, name_len; ++ + grub_file_filter_disable_compression (); + initrd_ctx->components[i].newc_name = grub_strndup (ptr, eptr - ptr); +- if (!initrd_ctx->components[i].newc_name) ++ if (!initrd_ctx->components[i].newc_name || ++ insert_dir (initrd_ctx->components[i].newc_name, &root, 0, ++ &dir_size)) + { + grub_initrd_close (initrd_ctx); + return grub_errno; + } +- initrd_ctx->size +- += ALIGN_UP (sizeof (struct newc_head) +- + grub_strlen (initrd_ctx->components[i].newc_name), +- 4); +- initrd_ctx->size += insert_dir (initrd_ctx->components[i].newc_name, +- &root, 0); ++ name_len = grub_strlen (initrd_ctx->components[i].newc_name); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) + name_len, 4), ++ &initrd_ctx->size) || ++ grub_add (initrd_ctx->size, dir_size, &initrd_ctx->size)) ++ goto overflow; + newc = 1; + fname = eptr + 1; + } + } + else if (newc) + { +- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) +- + sizeof ("TRAILER!!!") - 1, 4); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) ++ + sizeof ("TRAILER!!!") - 1, 4), ++ &initrd_ctx->size)) ++ goto overflow; + free_dir (root); + root = 0; + newc = 0; +@@ -205,18 +221,28 @@ grub_initrd_init (int argc, char *argv[] + initrd_ctx->nfiles++; + initrd_ctx->components[i].size + = grub_file_size (initrd_ctx->components[i].file); +- initrd_ctx->size += ALIGN_UP (initrd_ctx->components[i].size, 4); ++ if (grub_add (initrd_ctx->size, ALIGN_UP (initrd_ctx->components[i].size, 4), ++ &initrd_ctx->size)) ++ goto overflow; + } + + if (newc) + { +- initrd_ctx->size += ALIGN_UP (sizeof (struct newc_head) +- + sizeof ("TRAILER!!!") - 1, 4); ++ if (grub_add (initrd_ctx->size, ++ ALIGN_UP (sizeof (struct newc_head) ++ + sizeof ("TRAILER!!!") - 1, 4), ++ &initrd_ctx->size)) ++ goto overflow; + free_dir (root); + root = 0; + } + + return GRUB_ERR_NONE; ++ ++overflow: ++ free_dir (root); ++ grub_initrd_close (initrd_ctx); ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); + } + + grub_size_t +@@ -255,8 +281,16 @@ grub_initrd_load (struct grub_linux_init + + if (initrd_ctx->components[i].newc_name) + { +- ptr += insert_dir (initrd_ctx->components[i].newc_name, +- &root, ptr); ++ grub_size_t dir_size; ++ ++ if (insert_dir (initrd_ctx->components[i].newc_name, &root, ptr, ++ &dir_size)) ++ { ++ free_dir (root); ++ grub_initrd_close (initrd_ctx); ++ return grub_errno; ++ } ++ ptr += dir_size; + ptr = make_header (ptr, initrd_ctx->components[i].newc_name, + grub_strlen (initrd_ctx->components[i].newc_name), + 0100777, diff -Nru grub2-2.02~beta2/debian/patches/0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch grub2-2.02~beta2/debian/patches/0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch --- grub2-2.02~beta2/debian/patches/0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,50 @@ +From 7cad64594740991e88ae69f0576c4c639f56b67b Mon Sep 17 00:00:00 2001 +From: Colin Watson +Date: Mon, 27 Jul 2020 14:22:12 +0100 +Subject: efilinux: Fix integer overflows in grub_cmd_initrd + +These could be triggered by an extremely large number of arguments to +the initrd command on 32-bit architectures, or a crafted filesystem with +very large files on any architecture. + +Fixes: CVE-2020-15707 + +Signed-off-by: Colin Watson +--- + grub-core/loader/i386/efi/linux.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c +index e357bf67c..381459ce0 100644 +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -94,7 +95,7 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + goto fail; + } + +- files = grub_zalloc (argc * sizeof (files[0])); ++ files = grub_calloc (argc, sizeof (files[0])); + if (!files) + goto fail; + +@@ -104,7 +105,11 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + if (! files[i]) + goto fail; + nfiles++; +- size += ALIGN_UP (grub_file_size (files[i]), 4); ++ if (grub_add (size, ALIGN_UP (grub_file_size (files[i]), 4), &size)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("overflow is detected")); ++ goto fail; ++ } + } + + initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size)); diff -Nru grub2-2.02~beta2/debian/patches/arm64-Add-support-for-relocations-needed-for-linaro-gcc.patch grub2-2.02~beta2/debian/patches/arm64-Add-support-for-relocations-needed-for-linaro-gcc.patch --- grub2-2.02~beta2/debian/patches/arm64-Add-support-for-relocations-needed-for-linaro-gcc.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/arm64-Add-support-for-relocations-needed-for-linaro-gcc.patch 2021-04-30 12:33:17.000000000 +0000 @@ -0,0 +1,193 @@ +From 605eecc985b677d196b558d4d8cec6592a68e462 Mon Sep 17 00:00:00 2001 +From: Vladimir Serbinenko +Date: Fri, 22 Jan 2016 19:09:37 +0100 +Subject: [PATCH] arm64: Add support for relocations needed for linaro gcc + +--- + grub-core/kern/arm64/dl.c | 18 ++++++++++++++ + grub-core/kern/arm64/dl_helper.c | 40 ++++++++++++++++++++++++++++++++ + include/grub/arm64/reloc.h | 8 +++++++ + include/grub/elf.h | 3 +++ + util/grub-mkimagexx.c | 31 +++++++++++++++++++++++++ + util/grub-module-verifier.c | 8 ++++++- + 6 files changed, 107 insertions(+), 1 deletion(-) + +Index: grub2-2.02~beta2/grub-core/kern/arm64/dl.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/kern/arm64/dl.c ++++ grub2-2.02~beta2/grub-core/kern/arm64/dl.c +@@ -132,6 +132,12 @@ grub_arch_dl_relocate_symbols (grub_dl_t + *abs_place = (grub_uint64_t) sym_addr; + } + break; ++ case R_AARCH64_ADD_ABS_LO12_NC: ++ grub_arm64_set_abs_lo12 (place, sym_addr); ++ break; ++ case R_AARCH64_LDST64_ABS_LO12_NC: ++ grub_arm64_set_abs_lo12_ldst64 (place, sym_addr); ++ break; + case R_AARCH64_CALL26: + case R_AARCH64_JUMP26: + { +@@ -154,6 +160,18 @@ grub_arch_dl_relocate_symbols (grub_dl_t + grub_arm64_set_xxxx26_offset (place, offset); + } + break; ++ case R_AARCH64_ADR_PREL_PG_HI21: ++ { ++ grub_int64_t offset = (sym_addr & ~0xfffULL) - (((grub_uint64_t) place) & ~0xfffULL); ++ ++ if (!grub_arm64_check_hi21_signed (offset)) ++ return grub_error (GRUB_ERR_BAD_MODULE, ++ "HI21 out of range"); ++ ++ grub_arm64_set_hi21 (place, offset); ++ } ++ break; ++ + default: + return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, + N_("relocation 0x%x is not implemented yet"), +Index: grub2-2.02~beta2/grub-core/kern/arm64/dl_helper.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/kern/arm64/dl_helper.c ++++ grub2-2.02~beta2/grub-core/kern/arm64/dl_helper.c +@@ -53,3 +53,43 @@ grub_arm64_set_xxxx26_offset (grub_uint3 + *place &= insmask; + *place |= grub_cpu_to_le32 (offset >> 2) & ~insmask; + } ++ ++int ++grub_arm64_check_hi21_signed (grub_int64_t offset) ++{ ++ if (offset != (grub_int64_t)(grub_int32_t)offset) ++ return 0; ++ return 1; ++} ++ ++void ++grub_arm64_set_hi21 (grub_uint32_t *place, grub_int64_t offset) ++{ ++ const grub_uint32_t insmask = grub_cpu_to_le32_compile_time (0x9f00001f); ++ grub_uint32_t val; ++ ++ offset >>= 12; ++ ++ val = ((offset & 3) << 29) | (((offset >> 2) & 0x7ffff) << 5); ++ ++ *place &= insmask; ++ *place |= grub_cpu_to_le32 (val) & ~insmask; ++} ++ ++void ++grub_arm64_set_abs_lo12 (grub_uint32_t *place, grub_int64_t target) ++{ ++ const grub_uint32_t insmask = grub_cpu_to_le32_compile_time (0xffc003ff); ++ ++ *place &= insmask; ++ *place |= grub_cpu_to_le32 (target << 10) & ~insmask; ++} ++ ++void ++grub_arm64_set_abs_lo12_ldst64 (grub_uint32_t *place, grub_int64_t target) ++{ ++ const grub_uint32_t insmask = grub_cpu_to_le32_compile_time (0xfff803ff); ++ ++ *place &= insmask; ++ *place |= grub_cpu_to_le32 (target << 7) & ~insmask; ++} +Index: grub2-2.02~beta2/include/grub/arm64/reloc.h +=================================================================== +--- grub2-2.02~beta2.orig/include/grub/arm64/reloc.h ++++ grub2-2.02~beta2/include/grub/arm64/reloc.h +@@ -22,5 +22,13 @@ + int grub_arm_64_check_xxxx26_offset (grub_int64_t offset); + void + grub_arm64_set_xxxx26_offset (grub_uint32_t *place, grub_int64_t offset); ++int ++grub_arm64_check_hi21_signed (grub_int64_t offset); ++void ++grub_arm64_set_hi21 (grub_uint32_t *place, grub_int64_t offset); ++void ++grub_arm64_set_abs_lo12 (grub_uint32_t *place, grub_int64_t target); ++void ++grub_arm64_set_abs_lo12_ldst64 (grub_uint32_t *place, grub_int64_t target); + + #endif +Index: grub2-2.02~beta2/include/grub/elf.h +=================================================================== +--- grub2-2.02~beta2.orig/include/grub/elf.h ++++ grub2-2.02~beta2/include/grub/elf.h +@@ -2075,6 +2075,9 @@ typedef Elf32_Addr Elf32_Conflict; + #define R_AARCH64_NONE 0 /* No relocation. */ + #define R_AARCH64_ABS64 257 /* Direct 64 bit. */ + #define R_AARCH64_ABS32 258 /* Direct 32 bit. */ ++#define R_AARCH64_ADR_PREL_PG_HI21 275 ++#define R_AARCH64_ADD_ABS_LO12_NC 277 ++#define R_AARCH64_LDST64_ABS_LO12_NC 286 + #define R_AARCH64_JUMP26 282 /* 26-bit relative. */ + #define R_AARCH64_CALL26 283 /* 26-bit relative. */ + #define R_AARCH64_COPY 1024 /* Copy symbol at runtime. */ +Index: grub2-2.02~beta2/util/grub-mkimagexx.c +=================================================================== +--- grub2-2.02~beta2.orig/util/grub-mkimagexx.c ++++ grub2-2.02~beta2/util/grub-mkimagexx.c +@@ -837,6 +837,14 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e + *target = grub_host_to_target64 (grub_target_to_host64 (*target) + sym_addr); + } + break; ++ case R_AARCH64_ADD_ABS_LO12_NC: ++ grub_arm64_set_abs_lo12 ((grub_uint32_t *) target, ++ sym_addr); ++ break; ++ case R_AARCH64_LDST64_ABS_LO12_NC: ++ grub_arm64_set_abs_lo12_ldst64 ((grub_uint32_t *) target, ++ sym_addr); ++ break; + case R_AARCH64_JUMP26: + case R_AARCH64_CALL26: + { +@@ -849,6 +857,17 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e + sym_addr); + } + break; ++ case R_AARCH64_ADR_PREL_PG_HI21: ++ { ++ sym_addr &= ~0xfffULL; ++ sym_addr -= (offset + SUFFIX (entry_point)) & ~0xfffULL; ++ if (!grub_arm64_check_hi21_signed (sym_addr)) ++ grub_util_error ("%s", "CALL26 Relocation out of range"); ++ ++ grub_arm64_set_hi21((grub_uint32_t *)target, ++ sym_addr); ++ } ++ break; + default: + grub_util_error (_("relocation 0x%x is not implemented yet"), + (unsigned int) ELF_R_TYPE (info)); +@@ -1201,6 +1220,15 @@ SUFFIX (make_reloc_section) (Elf_Ehdr *e + case R_AARCH64_CALL26: + case R_AARCH64_JUMP26: + break; ++ /* Page-relative relocations do not require fixup entries. */ ++ case R_AARCH64_ADR_PREL_PG_HI21: ++ /* We page-align the whole kernel, so no need ++ for fixup entries. ++ */ ++ case R_AARCH64_ADD_ABS_LO12_NC: ++ case R_AARCH64_LDST64_ABS_LO12_NC: ++ break; ++ + default: + grub_util_error (_("relocation 0x%x is not implemented yet"), + (unsigned int) ELF_R_TYPE (info)); +@@ -1344,6 +1372,9 @@ SUFFIX (locate_sections) (const char *ke + Elf_Shdr *s; + + *all_align = 1; ++ /* Page-aligning simplifies relocation handling. */ ++ if (image_target->elf_target == EM_AARCH64) ++ *all_align = 4096; + + section_addresses = xcalloc (num_sections, sizeof (*section_addresses)); + memset (section_addresses, 0, sizeof (*section_addresses) * num_sections); diff -Nru grub2-2.02~beta2/debian/patches/bootp_new_net_bootp6_command.patch grub2-2.02~beta2/debian/patches/bootp_new_net_bootp6_command.patch --- grub2-2.02~beta2/debian/patches/bootp_new_net_bootp6_command.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/bootp_new_net_bootp6_command.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,1113 @@ +From: Michael Chang +Subject: [PATCH 3/8] bootp: New net_bootp6 command + +Implement new net_bootp6 command for IPv6 network auto configuration via the +DHCPv6 protocol (RFC3315). + +Signed-off-by: Michael Chang +Signed-off-by: Ken Lin +--- + grub-core/net/bootp.c | 908 +++++++++++++++++++++++++++++++++++++++++++++++++- + grub-core/net/ip.c | 39 ++ + include/grub/net.h | 72 +++ + 3 files changed, 1018 insertions(+), 1 deletion(-) + +Index: b/grub-core/net/bootp.c +=================================================================== +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -24,6 +24,98 @@ + #include + #include + #include ++#include ++#include ++ ++static int ++dissect_url (const char *url, char **proto, char **host, char **path) ++{ ++ const char *p, *ps; ++ grub_size_t l; ++ ++ *proto = *host = *path = NULL; ++ ps = p = url; ++ ++ while ((p = grub_strchr (p, ':'))) ++ { ++ if (grub_strlen (p) < sizeof ("://") - 1) ++ break; ++ if (grub_memcmp (p, "://", sizeof ("://") - 1) == 0) ++ { ++ l = p - ps; ++ *proto = grub_malloc (l + 1); ++ if (!*proto) ++ { ++ grub_print_error (); ++ return 0; ++ } ++ ++ grub_memcpy (*proto, ps, l); ++ (*proto)[l] = '\0'; ++ p += sizeof ("://") - 1; ++ break; ++ } ++ ++p; ++ } ++ ++ if (!*proto) ++ { ++ grub_dprintf ("bootp", "url: %s is not valid, protocol not found\n", url); ++ return 0; ++ } ++ ++ ps = p; ++ p = grub_strchr (p, '/'); ++ ++ if (!p) ++ { ++ grub_dprintf ("bootp", "url: %s is not valid, host/path not found\n", url); ++ grub_free (*proto); ++ *proto = NULL; ++ return 0; ++ } ++ ++ l = p - ps; ++ ++ if (l > 2 && ps[0] == '[' && ps[l - 1] == ']') ++ { ++ *host = grub_malloc (l - 1); ++ if (!*host) ++ { ++ grub_print_error (); ++ grub_free (*proto); ++ *proto = NULL; ++ return 0; ++ } ++ grub_memcpy (*host, ps + 1, l - 2); ++ (*host)[l - 2] = 0; ++ } ++ else ++ { ++ *host = grub_malloc (l + 1); ++ if (!*host) ++ { ++ grub_print_error (); ++ grub_free (*proto); ++ *proto = NULL; ++ return 0; ++ } ++ grub_memcpy (*host, ps, l); ++ (*host)[l] = 0; ++ } ++ ++ *path = grub_strdup (p); ++ if (!*path) ++ { ++ grub_print_error (); ++ grub_free (*host); ++ grub_free (*proto); ++ *host = NULL; ++ *proto = NULL; ++ return 0; ++ } ++ return 1; ++} + + static void + parse_dhcp_vendor (const char *name, const void *vend, int limit, int *mask) +@@ -256,6 +348,578 @@ grub_net_configure_by_dhcp_ack (const ch + return inter; + } + ++/* The default netbuff size for sending DHCPv6 packets which should be ++ large enough to hold the information */ ++#define GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE 512 ++ ++struct grub_dhcp6_options ++{ ++ grub_uint8_t *client_duid; ++ grub_uint16_t client_duid_len; ++ grub_uint8_t *server_duid; ++ grub_uint16_t server_duid_len; ++ grub_uint32_t iaid; ++ grub_uint32_t t1; ++ grub_uint32_t t2; ++ grub_net_network_level_address_t *ia_addr; ++ grub_uint32_t preferred_lifetime; ++ grub_uint32_t valid_lifetime; ++ grub_net_network_level_address_t *dns_server_addrs; ++ grub_uint16_t num_dns_server; ++ char *boot_file_proto; ++ char *boot_file_server_ip; ++ char *boot_file_path; ++}; ++ ++typedef struct grub_dhcp6_options *grub_dhcp6_options_t; ++ ++struct grub_dhcp6_session ++{ ++ struct grub_dhcp6_session *next; ++ struct grub_dhcp6_session **prev; ++ grub_uint32_t iaid; ++ grub_uint32_t transaction_id:24; ++ grub_uint64_t start_time; ++ struct grub_net_dhcp6_option_duid_ll duid; ++ struct grub_net_network_level_interface *iface; ++ ++ /* The associated dhcpv6 options */ ++ grub_dhcp6_options_t adv; ++ grub_dhcp6_options_t reply; ++}; ++ ++typedef struct grub_dhcp6_session *grub_dhcp6_session_t; ++ ++typedef void (*dhcp6_option_hook_fn) (const struct grub_net_dhcp6_option *opt, void *data); ++ ++static void ++foreach_dhcp6_option (const struct grub_net_dhcp6_option *opt, grub_size_t size, ++ dhcp6_option_hook_fn hook, void *hook_data); ++ ++static void ++parse_dhcp6_iaaddr (const struct grub_net_dhcp6_option *opt, void *data) ++{ ++ grub_dhcp6_options_t dhcp6 = (grub_dhcp6_options_t )data; ++ ++ grub_uint16_t code = grub_be_to_cpu16 (opt->code); ++ grub_uint16_t len = grub_be_to_cpu16 (opt->len); ++ ++ if (code == GRUB_NET_DHCP6_OPTION_IAADDR) ++ { ++ const struct grub_net_dhcp6_option_iaaddr *iaaddr; ++ iaaddr = (const struct grub_net_dhcp6_option_iaaddr *)opt->data; ++ ++ if (len < sizeof (*iaaddr)) ++ { ++ grub_dprintf ("bootp", "DHCPv6: code %u with insufficient length %u\n", code, len); ++ return; ++ } ++ if (!dhcp6->ia_addr) ++ { ++ dhcp6->ia_addr = grub_malloc (sizeof(*dhcp6->ia_addr)); ++ dhcp6->ia_addr->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ dhcp6->ia_addr->ipv6[0] = grub_get_unaligned64 (iaaddr->addr); ++ dhcp6->ia_addr->ipv6[1] = grub_get_unaligned64 (iaaddr->addr + 8); ++ dhcp6->preferred_lifetime = grub_be_to_cpu32 (iaaddr->preferred_lifetime); ++ dhcp6->valid_lifetime = grub_be_to_cpu32 (iaaddr->valid_lifetime); ++ } ++ } ++} ++ ++static void ++parse_dhcp6_option (const struct grub_net_dhcp6_option *opt, void *data) ++{ ++ grub_dhcp6_options_t dhcp6 = (grub_dhcp6_options_t)data; ++ grub_uint16_t code = grub_be_to_cpu16 (opt->code); ++ grub_uint16_t len = grub_be_to_cpu16 (opt->len); ++ ++ switch (code) ++ { ++ case GRUB_NET_DHCP6_OPTION_CLIENTID: ++ ++ if (dhcp6->client_duid || !len) ++ { ++ grub_dprintf ("bootp", "Skipped DHCPv6 CLIENTID with length %u\n", len); ++ break; ++ } ++ dhcp6->client_duid = grub_malloc (len); ++ grub_memcpy (dhcp6->client_duid, opt->data, len); ++ dhcp6->client_duid_len = len; ++ break; ++ ++ case GRUB_NET_DHCP6_OPTION_SERVERID: ++ ++ if (dhcp6->server_duid || !len) ++ { ++ grub_dprintf ("bootp", "Skipped DHCPv6 SERVERID with length %u\n", len); ++ break; ++ } ++ dhcp6->server_duid = grub_malloc (len); ++ grub_memcpy (dhcp6->server_duid, opt->data, len); ++ dhcp6->server_duid_len = len; ++ break; ++ ++ case GRUB_NET_DHCP6_OPTION_IA_NA: ++ { ++ const struct grub_net_dhcp6_option_iana *ia_na; ++ grub_uint16_t data_len; ++ ++ if (dhcp6->iaid || len < sizeof (*ia_na)) ++ { ++ grub_dprintf ("bootp", "Skipped DHCPv6 IA_NA with length %u\n", len); ++ break; ++ } ++ ia_na = (const struct grub_net_dhcp6_option_iana *)opt->data; ++ dhcp6->iaid = grub_be_to_cpu32 (ia_na->iaid); ++ dhcp6->t1 = grub_be_to_cpu32 (ia_na->t1); ++ dhcp6->t2 = grub_be_to_cpu32 (ia_na->t2); ++ ++ data_len = len - sizeof (*ia_na); ++ if (data_len) ++ foreach_dhcp6_option ((const struct grub_net_dhcp6_option *)ia_na->data, data_len, parse_dhcp6_iaaddr, dhcp6); ++ } ++ break; ++ ++ case GRUB_NET_DHCP6_OPTION_DNS_SERVERS: ++ { ++ const grub_uint8_t *po; ++ grub_uint16_t ln; ++ grub_net_network_level_address_t *la; ++ ++ if (!len || len & 0xf) ++ { ++ grub_dprintf ("bootp", "Skip invalid length DHCPv6 DNS_SERVERS \n"); ++ break; ++ } ++ dhcp6->num_dns_server = ln = len >> 4; ++ dhcp6->dns_server_addrs = la = grub_zalloc (ln * sizeof (*la)); ++ ++ for (po = opt->data; ln > 0; po += 0x10, la++, ln--) ++ { ++ la->type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ la->ipv6[0] = grub_get_unaligned64 (po); ++ la->ipv6[1] = grub_get_unaligned64 (po + 8); ++ la->option = DNS_OPTION_PREFER_IPV6; ++ } ++ } ++ break; ++ ++ case GRUB_NET_DHCP6_OPTION_BOOTFILE_URL: ++ dissect_url ((const char *)opt->data, ++ &dhcp6->boot_file_proto, ++ &dhcp6->boot_file_server_ip, ++ &dhcp6->boot_file_path); ++ break; ++ ++ default: ++ break; ++ } ++} ++ ++static void ++foreach_dhcp6_option (const struct grub_net_dhcp6_option *opt, grub_size_t size, dhcp6_option_hook_fn hook, void *hook_data) ++{ ++ while (size) ++ { ++ grub_uint16_t code, len; ++ ++ if (size < sizeof (*opt)) ++ { ++ grub_dprintf ("bootp", "DHCPv6: Options stopped with remaining size %" PRIxGRUB_SIZE "\n", size); ++ break; ++ } ++ size -= sizeof (*opt); ++ len = grub_be_to_cpu16 (opt->len); ++ code = grub_be_to_cpu16 (opt->code); ++ if (size < len) ++ { ++ grub_dprintf ("bootp", "DHCPv6: Options stopped at out of bound length %u for option %u\n", len, code); ++ break; ++ } ++ if (!len) ++ { ++ grub_dprintf ("bootp", "DHCPv6: Options stopped at zero length option %u\n", code); ++ break; ++ } ++ else ++ { ++ if (hook) ++ hook (opt, hook_data); ++ size -= len; ++ opt = (const struct grub_net_dhcp6_option *)((grub_uint8_t *)opt + len + sizeof (*opt)); ++ } ++ } ++} ++ ++static grub_dhcp6_options_t ++grub_dhcp6_options_get (const struct grub_net_dhcp6_packet *v6h, ++ grub_size_t size) ++{ ++ grub_dhcp6_options_t options; ++ ++ if (size < sizeof (*v6h)) ++ { ++ grub_error (GRUB_ERR_OUT_OF_RANGE, N_("DHCPv6 packet size too small")); ++ return NULL; ++ } ++ ++ options = grub_zalloc (sizeof(*options)); ++ if (!options) ++ return NULL; ++ ++ foreach_dhcp6_option ((const struct grub_net_dhcp6_option *)v6h->dhcp_options, ++ size - sizeof (*v6h), parse_dhcp6_option, options); ++ ++ return options; ++} ++ ++static void ++grub_dhcp6_options_free (grub_dhcp6_options_t options) ++{ ++ if (options->client_duid) ++ grub_free (options->client_duid); ++ if (options->server_duid) ++ grub_free (options->server_duid); ++ if (options->ia_addr) ++ grub_free (options->ia_addr); ++ if (options->dns_server_addrs) ++ grub_free (options->dns_server_addrs); ++ if (options->boot_file_proto) ++ grub_free (options->boot_file_proto); ++ if (options->boot_file_server_ip) ++ grub_free (options->boot_file_server_ip); ++ if (options->boot_file_path) ++ grub_free (options->boot_file_path); ++ ++ grub_free (options); ++} ++ ++static grub_dhcp6_session_t grub_dhcp6_sessions; ++#define FOR_DHCP6_SESSIONS(var) FOR_LIST_ELEMENTS (var, grub_dhcp6_sessions) ++ ++static void ++grub_net_configure_by_dhcp6_info (const char *name, ++ struct grub_net_card *card, ++ grub_dhcp6_options_t dhcp6, ++ int is_def, ++ int flags, ++ struct grub_net_network_level_interface **ret_inf) ++{ ++ grub_net_network_level_netaddress_t netaddr; ++ struct grub_net_network_level_interface *inf; ++ ++ if (dhcp6->ia_addr) ++ { ++ inf = grub_net_add_addr (name, card, dhcp6->ia_addr, &card->default_address, flags); ++ ++ netaddr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ netaddr.ipv6.base[0] = dhcp6->ia_addr->ipv6[0]; ++ netaddr.ipv6.base[1] = 0; ++ netaddr.ipv6.masksize = 64; ++ grub_net_add_route (name, netaddr, inf); ++ ++ if (ret_inf) ++ *ret_inf = inf; ++ } ++ ++ if (dhcp6->dns_server_addrs) ++ { ++ grub_uint16_t i; ++ ++ for (i = 0; i < dhcp6->num_dns_server; ++i) ++ grub_net_add_dns_server (dhcp6->dns_server_addrs + i); ++ } ++ ++ if (dhcp6->boot_file_path) ++ grub_env_set_net_property (name, "boot_file", dhcp6->boot_file_path, ++ grub_strlen (dhcp6->boot_file_path)); ++ ++ if (is_def && dhcp6->boot_file_server_ip) ++ { ++ grub_net_default_server = grub_strdup (dhcp6->boot_file_server_ip); ++ grub_env_set ("net_default_interface", name); ++ grub_env_export ("net_default_interface"); ++ } ++} ++ ++static void ++grub_dhcp6_session_add (struct grub_net_network_level_interface *iface, ++ grub_uint32_t iaid) ++{ ++ grub_dhcp6_session_t se; ++ struct grub_datetime date; ++ grub_err_t err; ++ grub_int32_t t = 0; ++ ++ se = grub_malloc (sizeof (*se)); ++ ++ err = grub_get_datetime (&date); ++ if (err || !grub_datetime2unixtime (&date, &t)) ++ { ++ grub_errno = GRUB_ERR_NONE; ++ t = 0; ++ } ++ ++ se->iface = iface; ++ se->iaid = iaid; ++ se->transaction_id = t; ++ se->start_time = grub_get_time_ms (); ++ se->duid.type = grub_cpu_to_be16_compile_time (3) ; ++ se->duid.hw_type = grub_cpu_to_be16_compile_time (1); ++ grub_memcpy (&se->duid.hwaddr, &iface->hwaddress.mac, sizeof (se->duid.hwaddr)); ++ se->adv = NULL; ++ se->reply = NULL; ++ grub_list_push (GRUB_AS_LIST_P (&grub_dhcp6_sessions), GRUB_AS_LIST (se)); ++} ++ ++static void ++grub_dhcp6_session_remove (grub_dhcp6_session_t se) ++{ ++ grub_list_remove (GRUB_AS_LIST (se)); ++ if (se->adv) ++ grub_dhcp6_options_free (se->adv); ++ if (se->reply) ++ grub_dhcp6_options_free (se->reply); ++ grub_free (se); ++} ++ ++static void ++grub_dhcp6_session_remove_all (void) ++{ ++ grub_dhcp6_session_t se; ++ ++ FOR_DHCP6_SESSIONS (se) ++ { ++ grub_dhcp6_session_remove (se); ++ se = grub_dhcp6_sessions; ++ } ++} ++ ++static grub_err_t ++grub_dhcp6_session_configure_network (grub_dhcp6_session_t se) ++{ ++ char *name; ++ ++ name = grub_xasprintf ("%s:dhcp6", se->iface->card->name); ++ if (!name) ++ return grub_errno; ++ ++ grub_net_configure_by_dhcp6_info (name, se->iface->card, se->reply, 1, 0, 0); ++ grub_free (name); ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_dhcp6_session_send_request (grub_dhcp6_session_t se) ++{ ++ struct grub_net_buff *nb; ++ struct grub_net_dhcp6_option *opt; ++ struct grub_net_dhcp6_packet *v6h; ++ struct grub_net_dhcp6_option_iana *ia_na; ++ struct grub_net_dhcp6_option_iaaddr *iaaddr; ++ struct udphdr *udph; ++ grub_net_network_level_address_t multicast; ++ grub_net_link_level_address_t ll_multicast; ++ grub_uint64_t elapsed; ++ struct grub_net_network_level_interface *inf = se->iface; ++ grub_dhcp6_options_t dhcp6 = se->adv; ++ grub_err_t err = GRUB_ERR_NONE; ++ ++ multicast.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ multicast.ipv6[0] = grub_cpu_to_be64_compile_time (0xff02ULL << 48); ++ multicast.ipv6[1] = grub_cpu_to_be64_compile_time (0x10002ULL); ++ ++ err = grub_net_link_layer_resolve (inf, &multicast, &ll_multicast); ++ if (err) ++ return err; ++ ++ nb = grub_netbuff_alloc (GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE); ++ ++ if (!nb) ++ return grub_errno; ++ ++ err = grub_netbuff_reserve (nb, GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ err = grub_netbuff_push (nb, dhcp6->client_duid_len + sizeof (*opt)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ opt = (struct grub_net_dhcp6_option *)nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_CLIENTID); ++ opt->len = grub_cpu_to_be16 (dhcp6->client_duid_len); ++ grub_memcpy (opt->data, dhcp6->client_duid , dhcp6->client_duid_len); ++ ++ err = grub_netbuff_push (nb, dhcp6->server_duid_len + sizeof (*opt)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ opt = (struct grub_net_dhcp6_option *)nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_SERVERID); ++ opt->len = grub_cpu_to_be16 (dhcp6->server_duid_len); ++ grub_memcpy (opt->data, dhcp6->server_duid , dhcp6->server_duid_len); ++ ++ err = grub_netbuff_push (nb, sizeof (*ia_na) + sizeof (*opt)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ if (dhcp6->ia_addr) ++ { ++ err = grub_netbuff_push (nb, sizeof(*iaaddr) + sizeof (*opt)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ } ++ opt = (struct grub_net_dhcp6_option *)nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IA_NA); ++ opt->len = grub_cpu_to_be16 (sizeof (*ia_na)); ++ if (dhcp6->ia_addr) ++ opt->len += grub_cpu_to_be16 (sizeof(*iaaddr) + sizeof (*opt)); ++ ++ ia_na = (struct grub_net_dhcp6_option_iana *)opt->data; ++ ia_na->iaid = grub_cpu_to_be32 (dhcp6->iaid); ++ ++ ia_na->t1 = grub_cpu_to_be32 (dhcp6->t1); ++ ia_na->t2 = grub_cpu_to_be32 (dhcp6->t2); ++ ++ if (dhcp6->ia_addr) ++ { ++ opt = (struct grub_net_dhcp6_option *)ia_na->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IAADDR); ++ opt->len = grub_cpu_to_be16 (sizeof (*iaaddr)); ++ iaaddr = (struct grub_net_dhcp6_option_iaaddr *)opt->data; ++ grub_set_unaligned64 (iaaddr->addr, dhcp6->ia_addr->ipv6[0]); ++ grub_set_unaligned64 (iaaddr->addr + 8, dhcp6->ia_addr->ipv6[1]); ++ ++ iaaddr->preferred_lifetime = grub_cpu_to_be32 (dhcp6->preferred_lifetime); ++ iaaddr->valid_lifetime = grub_cpu_to_be32 (dhcp6->valid_lifetime); ++ } ++ ++ err = grub_netbuff_push (nb, sizeof (*opt) + 2 * sizeof (grub_uint16_t)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ opt = (struct grub_net_dhcp6_option*) nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_ORO); ++ opt->len = grub_cpu_to_be16_compile_time (2 * sizeof (grub_uint16_t)); ++ grub_set_unaligned16 (opt->data, grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_BOOTFILE_URL)); ++ grub_set_unaligned16 (opt->data + 2, grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_DNS_SERVERS)); ++ ++ err = grub_netbuff_push (nb, sizeof (*opt) + sizeof (grub_uint16_t)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ opt = (struct grub_net_dhcp6_option*) nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_ELAPSED_TIME); ++ opt->len = grub_cpu_to_be16_compile_time (sizeof (grub_uint16_t)); ++ ++ /* the time is expressed in hundredths of a second */ ++ elapsed = grub_divmod64 (grub_get_time_ms () - se->start_time, 10, 0); ++ ++ if (elapsed > 0xffff) ++ elapsed = 0xffff; ++ ++ grub_set_unaligned16 (opt->data, grub_cpu_to_be16 ((grub_uint16_t)elapsed)); ++ ++ err = grub_netbuff_push (nb, sizeof (*v6h)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ v6h = (struct grub_net_dhcp6_packet *) nb->data; ++ v6h->message_type = GRUB_NET_DHCP6_REQUEST; ++ v6h->transaction_id = se->transaction_id; ++ ++ err = grub_netbuff_push (nb, sizeof (*udph)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ udph = (struct udphdr *) nb->data; ++ udph->src = grub_cpu_to_be16_compile_time (DHCP6_CLIENT_PORT); ++ udph->dst = grub_cpu_to_be16_compile_time (DHCP6_SERVER_PORT); ++ udph->chksum = 0; ++ udph->len = grub_cpu_to_be16 (nb->tail - nb->data); ++ ++ udph->chksum = grub_net_ip_transport_checksum (nb, GRUB_NET_IP_UDP, ++ &inf->address, ++ &multicast); ++ err = grub_net_send_ip_packet (inf, &multicast, &ll_multicast, nb, ++ GRUB_NET_IP_UDP); ++ ++ grub_netbuff_free (nb); ++ ++ return err; ++} ++ ++struct grub_net_network_level_interface * ++grub_net_configure_by_dhcpv6_reply (const char *name, ++ struct grub_net_card *card, ++ grub_net_interface_flags_t flags, ++ const struct grub_net_dhcp6_packet *v6h, ++ grub_size_t size, ++ int is_def, ++ char **device, char **path) ++{ ++ struct grub_net_network_level_interface *inf; ++ grub_dhcp6_options_t dhcp6; ++ ++ dhcp6 = grub_dhcp6_options_get (v6h, size); ++ if (!dhcp6) ++ { ++ grub_print_error (); ++ return NULL; ++ } ++ ++ grub_net_configure_by_dhcp6_info (name, card, dhcp6, is_def, flags, &inf); ++ ++ if (device && dhcp6->boot_file_proto && dhcp6->boot_file_server_ip) ++ { ++ *device = grub_xasprintf ("%s,%s", dhcp6->boot_file_proto, dhcp6->boot_file_server_ip); ++ grub_print_error (); ++ } ++ if (path && dhcp6->boot_file_path) ++ { ++ *path = grub_strdup (dhcp6->boot_file_path); ++ grub_print_error (); ++ if (*path) ++ { ++ char *slash; ++ slash = grub_strrchr (*path, '/'); ++ if (slash) ++ *slash = 0; ++ else ++ **path = 0; ++ } ++ } ++ ++ grub_dhcp6_options_free (dhcp6); ++ return inf; ++} ++ + void + grub_net_process_dhcp (struct grub_net_buff *nb, + struct grub_net_card *card) +@@ -288,6 +952,77 @@ grub_net_process_dhcp (struct grub_net_b + } + } + ++grub_err_t ++grub_net_process_dhcp6 (struct grub_net_buff *nb, ++ struct grub_net_card *card __attribute__ ((unused))) ++{ ++ const struct grub_net_dhcp6_packet *v6h; ++ grub_dhcp6_session_t se; ++ grub_size_t size; ++ grub_dhcp6_options_t options; ++ ++ v6h = (const struct grub_net_dhcp6_packet *) nb->data; ++ size = nb->tail - nb->data; ++ ++ options = grub_dhcp6_options_get (v6h, size); ++ if (!options) ++ return grub_errno; ++ ++ if (!options->client_duid || !options->server_duid || !options->ia_addr) ++ { ++ grub_dhcp6_options_free (options); ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "Bad DHCPv6 Packet"); ++ } ++ ++ FOR_DHCP6_SESSIONS (se) ++ { ++ if (se->transaction_id == v6h->transaction_id && ++ grub_memcmp (options->client_duid, &se->duid, sizeof (se->duid)) == 0 && ++ se->iaid == options->iaid) ++ break; ++ } ++ ++ if (!se) ++ { ++ grub_dprintf ("bootp", "DHCPv6 session not found\n"); ++ grub_dhcp6_options_free (options); ++ return GRUB_ERR_NONE; ++ } ++ ++ if (v6h->message_type == GRUB_NET_DHCP6_ADVERTISE) ++ { ++ if (se->adv) ++ { ++ grub_dprintf ("bootp", "Skipped DHCPv6 Advertised .. \n"); ++ grub_dhcp6_options_free (options); ++ return GRUB_ERR_NONE; ++ } ++ ++ se->adv = options; ++ return grub_dhcp6_session_send_request (se); ++ } ++ else if (v6h->message_type == GRUB_NET_DHCP6_REPLY) ++ { ++ if (!se->adv) ++ { ++ grub_dprintf ("bootp", "Skipped DHCPv6 Reply .. \n"); ++ grub_dhcp6_options_free (options); ++ return GRUB_ERR_NONE; ++ } ++ ++ se->reply = options; ++ grub_dhcp6_session_configure_network (se); ++ grub_dhcp6_session_remove (se); ++ return GRUB_ERR_NONE; ++ } ++ else ++ { ++ grub_dhcp6_options_free (options); ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ + static char + hexdigit (grub_uint8_t val) + { +@@ -564,7 +1299,174 @@ grub_cmd_bootp (struct grub_command *cmd + return err; + } + +-static grub_command_t cmd_getdhcp, cmd_bootp; ++static grub_err_t ++grub_cmd_bootp6 (struct grub_command *cmd __attribute__ ((unused)), ++ int argc, char **args) ++{ ++ struct grub_net_card *card; ++ grub_uint32_t iaid = 0; ++ int interval; ++ grub_err_t err; ++ grub_dhcp6_session_t se; ++ ++ err = GRUB_ERR_NONE; ++ ++ FOR_NET_CARDS (card) ++ { ++ struct grub_net_network_level_interface *iface; ++ ++ if (argc > 0 && grub_strcmp (card->name, args[0]) != 0) ++ continue; ++ ++ iface = grub_net_ipv6_get_link_local (card, &card->default_address); ++ if (!iface) ++ { ++ grub_dhcp6_session_remove_all (); ++ return grub_errno; ++ } ++ ++ grub_dhcp6_session_add (iface, iaid++); ++ } ++ ++ for (interval = 200; interval < 10000; interval *= 2) ++ { ++ int done = 1; ++ ++ FOR_DHCP6_SESSIONS (se) ++ { ++ struct grub_net_buff *nb; ++ struct grub_net_dhcp6_option *opt; ++ struct grub_net_dhcp6_packet *v6h; ++ struct grub_net_dhcp6_option_duid_ll *duid; ++ struct grub_net_dhcp6_option_iana *ia_na; ++ grub_net_network_level_address_t multicast; ++ grub_net_link_level_address_t ll_multicast; ++ struct udphdr *udph; ++ ++ multicast.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ multicast.ipv6[0] = grub_cpu_to_be64_compile_time (0xff02ULL << 48); ++ multicast.ipv6[1] = grub_cpu_to_be64_compile_time (0x10002ULL); ++ ++ err = grub_net_link_layer_resolve (se->iface, ++ &multicast, &ll_multicast); ++ if (err) ++ { ++ grub_dhcp6_session_remove_all (); ++ return err; ++ } ++ ++ nb = grub_netbuff_alloc (GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE); ++ ++ if (!nb) ++ { ++ grub_dhcp6_session_remove_all (); ++ return grub_errno; ++ } ++ ++ err = grub_netbuff_reserve (nb, GRUB_DHCP6_DEFAULT_NETBUFF_ALLOC_SIZE); ++ if (err) ++ { ++ grub_dhcp6_session_remove_all (); ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ err = grub_netbuff_push (nb, sizeof (*opt) + sizeof (grub_uint16_t)); ++ if (err) ++ { ++ grub_dhcp6_session_remove_all (); ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ opt = (struct grub_net_dhcp6_option *)nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_ELAPSED_TIME); ++ opt->len = grub_cpu_to_be16_compile_time (sizeof (grub_uint16_t)); ++ grub_set_unaligned16 (opt->data, 0); ++ ++ err = grub_netbuff_push (nb, sizeof (*opt) + sizeof (*duid)); ++ if (err) ++ { ++ grub_dhcp6_session_remove_all (); ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ opt = (struct grub_net_dhcp6_option *)nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_CLIENTID); ++ opt->len = grub_cpu_to_be16 (sizeof (*duid)); ++ ++ duid = (struct grub_net_dhcp6_option_duid_ll *) opt->data; ++ grub_memcpy (duid, &se->duid, sizeof (*duid)); ++ ++ err = grub_netbuff_push (nb, sizeof (*opt) + sizeof (*ia_na)); ++ if (err) ++ { ++ grub_dhcp6_session_remove_all (); ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ opt = (struct grub_net_dhcp6_option *)nb->data; ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IA_NA); ++ opt->len = grub_cpu_to_be16 (sizeof (*ia_na)); ++ ia_na = (struct grub_net_dhcp6_option_iana *)opt->data; ++ ia_na->iaid = grub_cpu_to_be32 (se->iaid); ++ ia_na->t1 = 0; ++ ia_na->t2 = 0; ++ ++ err = grub_netbuff_push (nb, sizeof (*v6h)); ++ if (err) ++ { ++ grub_dhcp6_session_remove_all (); ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ v6h = (struct grub_net_dhcp6_packet *)nb->data; ++ v6h->message_type = GRUB_NET_DHCP6_SOLICIT; ++ v6h->transaction_id = se->transaction_id; ++ ++ grub_netbuff_push (nb, sizeof (*udph)); ++ ++ udph = (struct udphdr *) nb->data; ++ udph->src = grub_cpu_to_be16_compile_time (DHCP6_CLIENT_PORT); ++ udph->dst = grub_cpu_to_be16_compile_time (DHCP6_SERVER_PORT); ++ udph->chksum = 0; ++ udph->len = grub_cpu_to_be16 (nb->tail - nb->data); ++ ++ udph->chksum = grub_net_ip_transport_checksum (nb, GRUB_NET_IP_UDP, ++ &se->iface->address, &multicast); ++ ++ err = grub_net_send_ip_packet (se->iface, &multicast, ++ &ll_multicast, nb, GRUB_NET_IP_UDP); ++ done = 0; ++ grub_netbuff_free (nb); ++ ++ if (err) ++ { ++ grub_dhcp6_session_remove_all (); ++ return err; ++ } ++ } ++ if (!done) ++ grub_net_poll_cards (interval, 0); ++ } ++ ++ FOR_DHCP6_SESSIONS (se) ++ { ++ grub_error_push (); ++ err = grub_error (GRUB_ERR_FILE_NOT_FOUND, ++ N_("couldn't autoconfigure %s"), ++ se->iface->card->name); ++ } ++ ++ grub_dhcp6_session_remove_all (); ++ ++ return err; ++} ++ ++static grub_command_t cmd_getdhcp, cmd_bootp, cmd_bootp6; + + void + grub_bootp_init (void) +@@ -575,6 +1477,9 @@ grub_bootp_init (void) + cmd_getdhcp = grub_register_command ("net_get_dhcp_option", grub_cmd_dhcpopt, + N_("VAR INTERFACE NUMBER DESCRIPTION"), + N_("retrieve DHCP option and save it into VAR. If VAR is - then print the value.")); ++ cmd_bootp6 = grub_register_command ("net_bootp6", grub_cmd_bootp6, ++ N_("[CARD]"), ++ N_("perform a DHCPv6 autoconfiguration")); + } + + void +@@ -582,4 +1487,5 @@ grub_bootp_fini (void) + { + grub_unregister_command (cmd_getdhcp); + grub_unregister_command (cmd_bootp); ++ grub_unregister_command (cmd_bootp6); + } +Index: b/grub-core/net/ip.c +=================================================================== +--- a/grub-core/net/ip.c ++++ b/grub-core/net/ip.c +@@ -235,6 +235,45 @@ handle_dgram (struct grub_net_buff *nb, + { + struct udphdr *udph; + udph = (struct udphdr *) nb->data; ++ ++ if (proto == GRUB_NET_IP_UDP && udph->dst == grub_cpu_to_be16_compile_time (DHCP6_CLIENT_PORT)) ++ { ++ if (udph->chksum) ++ { ++ grub_uint16_t chk, expected; ++ chk = udph->chksum; ++ udph->chksum = 0; ++ expected = grub_net_ip_transport_checksum (nb, ++ GRUB_NET_IP_UDP, ++ source, ++ dest); ++ if (expected != chk) ++ { ++ grub_dprintf ("net", "Invalid UDP checksum. " ++ "Expected %x, got %x\n", ++ grub_be_to_cpu16 (expected), ++ grub_be_to_cpu16 (chk)); ++ grub_netbuff_free (nb); ++ return GRUB_ERR_NONE; ++ } ++ udph->chksum = chk; ++ } ++ ++ err = grub_netbuff_pull (nb, sizeof (*udph)); ++ if (err) ++ { ++ grub_netbuff_free (nb); ++ return err; ++ } ++ ++ err = grub_net_process_dhcp6 (nb, card); ++ if (err) ++ grub_print_error (); ++ ++ grub_netbuff_free (nb); ++ return GRUB_ERR_NONE; ++ } ++ + if (proto == GRUB_NET_IP_UDP && grub_be_to_cpu16 (udph->dst) == 68) + { + const struct grub_net_bootp_packet *bootp; +Index: b/include/grub/net.h +=================================================================== +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -442,6 +442,66 @@ struct grub_net_bootp_packet + grub_uint8_t vendor[0]; + } GRUB_PACKED; + ++struct grub_net_dhcp6_packet ++{ ++ grub_uint32_t message_type:8; ++ grub_uint32_t transaction_id:24; ++ grub_uint8_t dhcp_options[0]; ++} GRUB_PACKED; ++ ++struct grub_net_dhcp6_option { ++ grub_uint16_t code; ++ grub_uint16_t len; ++ grub_uint8_t data[0]; ++} GRUB_PACKED; ++ ++struct grub_net_dhcp6_option_iana { ++ grub_uint32_t iaid; ++ grub_uint32_t t1; ++ grub_uint32_t t2; ++ grub_uint8_t data[0]; ++} GRUB_PACKED; ++ ++struct grub_net_dhcp6_option_iaaddr { ++ grub_uint8_t addr[16]; ++ grub_uint32_t preferred_lifetime; ++ grub_uint32_t valid_lifetime; ++ grub_uint8_t data[0]; ++} GRUB_PACKED; ++ ++struct grub_net_dhcp6_option_duid_ll ++{ ++ grub_uint16_t type; ++ grub_uint16_t hw_type; ++ grub_uint8_t hwaddr[6]; ++} GRUB_PACKED; ++ ++enum ++ { ++ GRUB_NET_DHCP6_SOLICIT = 1, ++ GRUB_NET_DHCP6_ADVERTISE = 2, ++ GRUB_NET_DHCP6_REQUEST = 3, ++ GRUB_NET_DHCP6_REPLY = 7 ++ }; ++ ++enum ++ { ++ DHCP6_CLIENT_PORT = 546, ++ DHCP6_SERVER_PORT = 547 ++ }; ++ ++enum ++ { ++ GRUB_NET_DHCP6_OPTION_CLIENTID = 1, ++ GRUB_NET_DHCP6_OPTION_SERVERID = 2, ++ GRUB_NET_DHCP6_OPTION_IA_NA = 3, ++ GRUB_NET_DHCP6_OPTION_IAADDR = 5, ++ GRUB_NET_DHCP6_OPTION_ORO = 6, ++ GRUB_NET_DHCP6_OPTION_ELAPSED_TIME = 8, ++ GRUB_NET_DHCP6_OPTION_DNS_SERVERS = 23, ++ GRUB_NET_DHCP6_OPTION_BOOTFILE_URL = 59 ++ }; ++ + #define GRUB_NET_BOOTP_RFC1048_MAGIC_0 0x63 + #define GRUB_NET_BOOTP_RFC1048_MAGIC_1 0x82 + #define GRUB_NET_BOOTP_RFC1048_MAGIC_2 0x53 +@@ -468,6 +528,14 @@ grub_net_configure_by_dhcp_ack (const ch + grub_size_t size, + int is_def, char **device, char **path); + ++struct grub_net_network_level_interface * ++grub_net_configure_by_dhcpv6_reply (const char *name, ++ struct grub_net_card *card, ++ grub_net_interface_flags_t flags, ++ const struct grub_net_dhcp6_packet *v6, ++ grub_size_t size, ++ int is_def, char **device, char **path); ++ + grub_err_t + grub_net_add_ipv4_local (struct grub_net_network_level_interface *inf, + int mask); +@@ -476,6 +544,10 @@ void + grub_net_process_dhcp (struct grub_net_buff *nb, + struct grub_net_card *card); + ++grub_err_t ++grub_net_process_dhcp6 (struct grub_net_buff *nb, ++ struct grub_net_card *card); ++ + int + grub_net_hwaddr_cmp (const grub_net_link_level_address_t *a, + const grub_net_link_level_address_t *b); diff -Nru grub2-2.02~beta2/debian/patches/bootp_process_dhcpack_http_boot.patch grub2-2.02~beta2/debian/patches/bootp_process_dhcpack_http_boot.patch --- grub2-2.02~beta2/debian/patches/bootp_process_dhcpack_http_boot.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/bootp_process_dhcpack_http_boot.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,125 @@ +From: Michael Chang +Subject: [PATCH 6/8] bootp: Add processing DHCPACK packet from HTTP Boot + +The vendor class identifier with the string "HTTPClient" is used to denote the +packet as responding to HTTP boot request. In DHCP4 config, the filename for +HTTP boot is the URL of the boot file while for PXE boot it is the path to the +boot file. As a consequence, the next-server becomes obseleted because the HTTP +URL already contains the server address for the boot file. For DHCP6 config, +there's no difference definition in existing config as dhcp6.bootfile-url can +be used to specify URL for both HTTP and PXE boot file. + +This patch adds processing for "HTTPClient" vendor class identifier in DHCPACK +packet by treating it as HTTP format, not as the PXE format. + +Signed-off-by: Michael Chang +Signed-off-by: Ken Lin +--- + grub-core/net/bootp.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++++-- + include/grub/net.h | 1 + 2 files changed, 66 insertions(+), 2 deletions(-) + +Index: b/grub-core/net/bootp.c +=================================================================== +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -207,6 +207,11 @@ parse_dhcp_vendor (const char *name, con + taglength); + break; + ++ case GRUB_NET_BOOTP_VENDOR_CLASS_IDENTIFIER: ++ grub_env_set_net_property (name, "vendor_class_identifier", (const char *) ptr, ++ taglength); ++ break; ++ + case GRUB_NET_BOOTP_EXTENSIONS_PATH: + grub_env_set_net_property (name, "extensionspath", (const char *) ptr, + taglength); +@@ -271,6 +276,66 @@ grub_net_configure_by_dhcp_ack (const ch + grub_net_add_route (name, target, inter); + } + ++ if (size > OFFSET_OF (vendor, bp)) ++ { ++ char *cidvar; ++ const char *cid; ++ ++ parse_dhcp_vendor (name, &bp->vendor, size - OFFSET_OF (vendor, bp), &mask); ++ cidvar = grub_xasprintf ("net_%s_%s", name, "vendor_class_identifier"); ++ cid = grub_env_get (cidvar); ++ grub_free (cidvar); ++ ++ if (cid && grub_strcmp (cid, "HTTPClient") == 0) ++ { ++ char *proto, *ip, *pa; ++ ++ if (!dissect_url (bp->boot_file, &proto, &ip, &pa)) ++ return inter; ++ ++ grub_env_set_net_property (name, "boot_file", pa, grub_strlen (pa)); ++ if (is_def) ++ { ++ grub_net_default_server = grub_strdup (ip); ++ grub_env_set ("net_default_interface", name); ++ grub_env_export ("net_default_interface"); ++ } ++ if (device && !*device) ++ { ++ *device = grub_xasprintf ("%s,%s", proto, ip); ++ grub_print_error (); ++ } ++ if (path) ++ { ++ *path = grub_strdup (pa); ++ grub_print_error (); ++ if (*path) ++ { ++ char *slash; ++ slash = grub_strrchr (*path, '/'); ++ if (slash) ++ *slash = 0; ++ else ++ **path = 0; ++ } ++ } ++ grub_net_add_ipv4_local (inter, mask); ++ inter->dhcp_ack = grub_malloc (size); ++ if (inter->dhcp_ack) ++ { ++ grub_memcpy (inter->dhcp_ack, bp, size); ++ inter->dhcp_acklen = size; ++ } ++ else ++ grub_errno = GRUB_ERR_NONE; ++ ++ grub_free (proto); ++ grub_free (ip); ++ grub_free (pa); ++ return inter; ++ } ++ } ++ + if (size > OFFSET_OF (boot_file, bp)) + grub_env_set_net_property (name, "boot_file", bp->boot_file, + sizeof (bp->boot_file)); +@@ -332,8 +397,6 @@ grub_net_configure_by_dhcp_ack (const ch + **path = 0; + } + } +- if (size > OFFSET_OF (vendor, bp)) +- parse_dhcp_vendor (name, &bp->vendor, size - OFFSET_OF (vendor, bp), &mask); + grub_net_add_ipv4_local (inter, mask); + + inter->dhcp_ack = grub_malloc (size); +Index: b/include/grub/net.h +=================================================================== +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -517,6 +517,7 @@ enum + GRUB_NET_BOOTP_DOMAIN = 0x0f, + GRUB_NET_BOOTP_ROOT_PATH = 0x11, + GRUB_NET_BOOTP_EXTENSIONS_PATH = 0x12, ++ GRUB_NET_BOOTP_VENDOR_CLASS_IDENTIFIER = 0x3C, + GRUB_NET_BOOTP_END = 0xff + }; + diff -Nru grub2-2.02~beta2/debian/patches/efi-fix-warnings-with-recent-GCC.patch grub2-2.02~beta2/debian/patches/efi-fix-warnings-with-recent-GCC.patch --- grub2-2.02~beta2/debian/patches/efi-fix-warnings-with-recent-GCC.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/efi-fix-warnings-with-recent-GCC.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,27 @@ +From 5fcde03bf1e8cf74c186bcef6d705734f2d002c5 Mon Sep 17 00:00:00 2001 +From: Andrei Borzenkov +Date: Tue, 27 Oct 2015 23:30:54 +0300 +Subject: [PATCH] efi: fix warnings with recent GCC + +../../grub-core/term/efi/console.c:128:32: error: suggest parentheses around '&&' within '||' [-Werror=parentheses] + if (key.unicode_char >= 0x20 && key.unicode_char <= 0x7f +--- + grub-core/term/efi/console.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/term/efi/console.c b/grub-core/term/efi/console.c +index 8b2096f..7d31095 100644 +--- a/grub-core/term/efi/console.c ++++ b/grub-core/term/efi/console.c +@@ -125,7 +125,7 @@ grub_efi_translate_key (grub_efi_input_key_t key) + else if (key.scan_code < ARRAY_SIZE (efi_codes)) + return efi_codes[key.scan_code]; + +- if (key.unicode_char >= 0x20 && key.unicode_char <= 0x7f ++ if ((key.unicode_char >= 0x20 && key.unicode_char <= 0x7f) + || key.unicode_char == '\t' || key.unicode_char == '\b' + || key.unicode_char == '\n' || key.unicode_char == '\r') + return key.unicode_char; +-- +2.7.4 + diff -Nru grub2-2.02~beta2/debian/patches/efinet_check_imm_completion.patch grub2-2.02~beta2/debian/patches/efinet_check_imm_completion.patch --- grub2-2.02~beta2/debian/patches/efinet_check_imm_completion.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/efinet_check_imm_completion.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,53 @@ +From cf2b4a36c408084852c44dea045331f039b895d2 Mon Sep 17 00:00:00 2001 +From: Martin Wilck +Date: Fri, 27 Mar 2015 14:27:56 +0100 +Subject: efinet: Check for immediate completition. + +This both speeds GRUB up and workarounds unexpected EFI behaviour. + +Patch-Name: efinet_check_imm_completion.patch +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1437353 +Last-Update: 2018-03-19 + +--- + grub-core/net/drivers/efi/efinet.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +Index: b/grub-core/net/drivers/efi/efinet.c +=================================================================== +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -40,11 +40,12 @@ send_card_buffer (struct grub_net_card * + grub_efi_status_t st; + grub_efi_simple_network_t *net = dev->efi_net; + grub_uint64_t limit_time = grub_get_time_ms () + 4000; ++ void *txbuf; + + if (dev->txbusy) + while (1) + { +- void *txbuf = NULL; ++ txbuf = NULL; + st = efi_call_3 (net->get_status, net, 0, &txbuf); + if (st != GRUB_EFI_SUCCESS) + return grub_error (GRUB_ERR_IO, +@@ -77,7 +78,18 @@ send_card_buffer (struct grub_net_card * + dev->txbuf, NULL, NULL, NULL); + if (st != GRUB_EFI_SUCCESS) + return grub_error (GRUB_ERR_IO, N_("couldn't send network packet")); +- dev->txbusy = 1; ++ ++ /* ++ The card may have sent out the packet immediately - set txbusy ++ to 0 in this case. ++ Cases were observed where checking txbuf at the next call ++ of send_card_buffer() is too late: 0 is returned in txbuf and ++ we run in the GRUB_ERR_TIMEOUT case above. ++ Perhaps a timeout in the FW has discarded the recycle buffer. ++ */ ++ st = efi_call_3 (net->get_status, net, 0, &txbuf); ++ dev->txbusy = !(st == GRUB_EFI_SUCCESS && txbuf == dev->txbuf); ++ + return GRUB_ERR_NONE; + } + diff -Nru grub2-2.02~beta2/debian/patches/efinet_handle_buggy_get_status.patch grub2-2.02~beta2/debian/patches/efinet_handle_buggy_get_status.patch --- grub2-2.02~beta2/debian/patches/efinet_handle_buggy_get_status.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/efinet_handle_buggy_get_status.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,67 @@ +From 4fe8e6d4a1279b1840171d8e797d911cd8443333 Mon Sep 17 00:00:00 2001 +From: Josef Bacik +Date: Thu, 6 Aug 2015 10:49:46 -0700 +Subject: efinet: handle get_status() on buggy firmware properly + +The EFI spec indicates that get_status() should return the address of the buffer +we passed into transmit to indicate the the buffer was transmitted. However we +have boxes where the firmware returns some arbitrary address instead, which +makes grub think that we've not sent anything. So since we have the SNP stuff +opened in exclusive mode just assume any non-NULL txbuf means that our transmit +occurred properly. This makes grub able to do its networking stuff properly on +our broken firmware. Thanks, + +cc: Peter Jones +Signed-off-by: Josef Bacik +Patch-Name: efinet_handle_buggy_get_status.patch +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1437353 +Last-Update: 2018-03-19 + +--- + grub-core/net/drivers/efi/efinet.c | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +Index: b/grub-core/net/drivers/efi/efinet.c +=================================================================== +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -50,19 +50,19 @@ send_card_buffer (struct grub_net_card * + if (st != GRUB_EFI_SUCCESS) + return grub_error (GRUB_ERR_IO, + N_("couldn't send network packet")); +- if (txbuf == dev->txbuf) ++ /* ++ Some buggy firmware could return an arbitrary address instead of the ++ txbuf address we trasmitted, so just check that txbuf is non NULL ++ for success. This is ok because we open the SNP protocol in ++ exclusive mode so we know we're the only ones transmitting on this ++ box and since we only transmit one packet at a time we know our ++ transmit was successfull. ++ */ ++ if (txbuf) + { + dev->txbusy = 0; + break; + } +- if (txbuf) +- { +- st = efi_call_7 (net->transmit, net, 0, dev->last_pkt_size, +- dev->txbuf, NULL, NULL, NULL); +- if (st != GRUB_EFI_SUCCESS) +- return grub_error (GRUB_ERR_IO, +- N_("couldn't send network packet")); +- } + if (limit_time < grub_get_time_ms ()) + return grub_error (GRUB_ERR_TIMEOUT, + N_("couldn't send network packet")); +@@ -87,8 +87,9 @@ send_card_buffer (struct grub_net_card * + we run in the GRUB_ERR_TIMEOUT case above. + Perhaps a timeout in the FW has discarded the recycle buffer. + */ ++ txbuf = NULL; + st = efi_call_3 (net->get_status, net, 0, &txbuf); +- dev->txbusy = !(st == GRUB_EFI_SUCCESS && txbuf == dev->txbuf); ++ dev->txbusy = !(st == GRUB_EFI_SUCCESS && txbuf); + + return GRUB_ERR_NONE; + } diff -Nru grub2-2.02~beta2/debian/patches/efinet_set_dns_from_uefi_proto.patch grub2-2.02~beta2/debian/patches/efinet_set_dns_from_uefi_proto.patch --- grub2-2.02~beta2/debian/patches/efinet_set_dns_from_uefi_proto.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/efinet_set_dns_from_uefi_proto.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,335 @@ +From: Michael Chang +Subject: [PATCH 8/8] efinet: Setting DNS server from UEFI protocol + +In the URI device path node, any name rahter than address can be used for +looking up the resources so that DNS service become needed to get answer of the +name's address. Unfortunately the DNS is not defined in any of the device path +nodes so that we use the EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL +to obtain it. + +These two protcols are defined the sections of UEFI specification. + + 27.5 EFI IPv4 Configuration II Protocol + 27.7 EFI IPv6 Configuration Protocol + +include/grub/efi/api.h: +Add new structure and protocol UUID of EFI_IP4_CONFIG2_PROTOCOL and +EFI_IP6_CONFIG_PROTOCOL. + +grub-core/net/drivers/efi/efinet.c: +Use the EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL to obtain the list +of DNS server address for IPv4 and IPv6 respectively. The address of DNS +servers is structured into DHCPACK packet and feed into the same DHCP packet +processing functions to ensure the network interface is setting up the same way +it used to be. + +Signed-off-by: Michael Chang +Signed-off-by: Ken Lin +--- + grub-core/net/drivers/efi/efinet.c | 163 +++++++++++++++++++++++++++++++++++++ + include/grub/efi/api.h | 76 +++++++++++++++++ + 2 files changed, 239 insertions(+) + +Index: b/grub-core/net/drivers/efi/efinet.c +=================================================================== +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -30,6 +30,8 @@ GRUB_MOD_LICENSE ("GPLv3+"); + /* GUID. */ + static grub_efi_guid_t net_io_guid = GRUB_EFI_SIMPLE_NETWORK_GUID; + static grub_efi_guid_t pxe_io_guid = GRUB_EFI_PXE_GUID; ++static grub_efi_guid_t ip4_config_guid = GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID; ++static grub_efi_guid_t ip6_config_guid = GRUB_EFI_IP6_CONFIG_PROTOCOL_GUID; + + static grub_err_t + send_card_buffer (struct grub_net_card *dev, +@@ -312,6 +314,125 @@ grub_efinet_findcards (void) + grub_free (handles); + } + ++static grub_efi_handle_t ++grub_efi_locate_device_path (grub_efi_guid_t *protocol, grub_efi_device_path_t *device_path, ++ grub_efi_device_path_t **r_device_path) ++{ ++ grub_efi_handle_t handle; ++ grub_efi_status_t status; ++ ++ status = efi_call_3 (grub_efi_system_table->boot_services->locate_device_path, ++ protocol, &device_path, &handle); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ return 0; ++ ++ if (r_device_path) ++ *r_device_path = device_path; ++ ++ return handle; ++} ++ ++static grub_efi_ipv4_address_t * ++grub_dns_server_ip4_address (grub_efi_device_path_t *dp, grub_efi_uintn_t *num_dns) ++{ ++ grub_efi_handle_t hnd; ++ grub_efi_status_t status; ++ grub_efi_ip4_config2_protocol_t *conf; ++ grub_efi_ipv4_address_t *addrs; ++ grub_efi_uintn_t data_size = 1 * sizeof (grub_efi_ipv4_address_t); ++ ++ hnd = grub_efi_locate_device_path (&ip4_config_guid, dp, NULL); ++ ++ if (!hnd) ++ return 0; ++ ++ conf = grub_efi_open_protocol (hnd, &ip4_config_guid, ++ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); ++ ++ if (!conf) ++ return 0; ++ ++ addrs = grub_malloc (data_size); ++ if (!addrs) ++ return 0; ++ ++ status = efi_call_4 (conf->get_data, conf, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_DNSSERVER, ++ &data_size, addrs); ++ ++ if (status == GRUB_EFI_BUFFER_TOO_SMALL) ++ { ++ grub_free (addrs); ++ addrs = grub_malloc (data_size); ++ if (!addrs) ++ return 0; ++ ++ status = efi_call_4 (conf->get_data, conf, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_DNSSERVER, ++ &data_size, addrs); ++ } ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_free (addrs); ++ return 0; ++ } ++ ++ *num_dns = data_size / sizeof (grub_efi_ipv4_address_t); ++ return addrs; ++} ++ ++static grub_efi_ipv6_address_t * ++grub_dns_server_ip6_address (grub_efi_device_path_t *dp, grub_efi_uintn_t *num_dns) ++{ ++ grub_efi_handle_t hnd; ++ grub_efi_status_t status; ++ grub_efi_ip6_config_protocol_t *conf; ++ grub_efi_ipv6_address_t *addrs; ++ grub_efi_uintn_t data_size = 1 * sizeof (grub_efi_ipv6_address_t); ++ ++ hnd = grub_efi_locate_device_path (&ip6_config_guid, dp, NULL); ++ ++ if (!hnd) ++ return 0; ++ ++ conf = grub_efi_open_protocol (hnd, &ip6_config_guid, ++ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); ++ ++ if (!conf) ++ return 0; ++ ++ addrs = grub_malloc (data_size); ++ if (!addrs) ++ return 0; ++ ++ status = efi_call_4 (conf->get_data, conf, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_DNSSERVER, ++ &data_size, addrs); ++ ++ if (status == GRUB_EFI_BUFFER_TOO_SMALL) ++ { ++ grub_free (addrs); ++ addrs = grub_malloc (data_size); ++ if (!addrs) ++ return 0; ++ ++ status = efi_call_4 (conf->get_data, conf, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_DNSSERVER, ++ &data_size, addrs); ++ } ++ ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ grub_free (addrs); ++ return 0; ++ } ++ ++ *num_dns = data_size / sizeof (grub_efi_ipv6_address_t); ++ return addrs; ++} ++ + static struct grub_net_buff * + grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *use_ipv6) + { +@@ -364,6 +485,8 @@ grub_efinet_create_dhcp_ack_from_device_ + grub_efi_ipv4_device_path_t *ipv4 = (grub_efi_ipv4_device_path_t *) ldp; + struct grub_net_bootp_packet *bp; + grub_uint8_t *ptr; ++ grub_efi_ipv4_address_t *dns; ++ grub_efi_uintn_t num_dns; + + bp = (struct grub_net_bootp_packet *) nb->tail; + err = grub_netbuff_put (nb, sizeof (*bp) + 4); +@@ -425,6 +548,25 @@ grub_efinet_create_dhcp_ack_from_device_ + *ptr++ = sizeof ("HTTPClient") - 1; + grub_memcpy (ptr, "HTTPClient", sizeof ("HTTPClient") - 1); + ++ dns = grub_dns_server_ip4_address (dp, &num_dns); ++ if (dns) ++ { ++ grub_efi_uintn_t size_dns = sizeof (*dns) * num_dns; ++ ++ ptr = nb->tail; ++ err = grub_netbuff_put (nb, size_dns + 2); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ *ptr++ = GRUB_NET_BOOTP_DNS; ++ *ptr++ = size_dns; ++ grub_memcpy (ptr, dns, size_dns); ++ grub_free (dns); ++ } ++ + ptr = nb->tail; + err = grub_netbuff_put (nb, 1); + if (err) +@@ -457,6 +599,8 @@ grub_efinet_create_dhcp_ack_from_device_ + struct grub_net_dhcp6_option *opt; + struct grub_net_dhcp6_option_iana *iana; + struct grub_net_dhcp6_option_iaaddr *iaaddr; ++ grub_efi_ipv6_address_t *dns; ++ grub_efi_uintn_t num_dns; + + d6p = (struct grub_net_dhcp6_packet *)nb->tail; + err = grub_netbuff_put (nb, sizeof(*d6p)); +@@ -520,6 +664,25 @@ grub_efinet_create_dhcp_ack_from_device_ + opt->len = grub_cpu_to_be16 (uri_len); + grub_memcpy (opt->data, uri_dp->uri, uri_len); + ++ dns = grub_dns_server_ip6_address (dp, &num_dns); ++ if (dns) ++ { ++ grub_efi_uintn_t size_dns = sizeof (*dns) * num_dns; ++ ++ opt = (struct grub_net_dhcp6_option *)nb->tail; ++ err = grub_netbuff_put (nb, sizeof(*opt) + size_dns); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_DNS_SERVERS); ++ opt->len = grub_cpu_to_be16 (size_dns); ++ grub_memcpy (opt->data, dns, size_dns); ++ grub_free (dns); ++ } ++ + *use_ipv6 = 1; + } + +Index: b/include/grub/efi/api.h +=================================================================== +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -286,6 +286,16 @@ + { 0x8B, 0x8C, 0xE2, 0x1B, 0x01, 0xAE, 0xF2, 0xB7 } \ + } + ++#define GRUB_EFI_IP4_CONFIG2_PROTOCOL_GUID \ ++ { 0x5b446ed1, 0xe30b, 0x4faa, \ ++ { 0x87, 0x1a, 0x36, 0x54, 0xec, 0xa3, 0x60, 0x80 } \ ++ } ++ ++#define GRUB_EFI_IP6_CONFIG_PROTOCOL_GUID \ ++ { 0x937fe521, 0x95ae, 0x4d1a, \ ++ { 0x89, 0x29, 0x48, 0xbc, 0xd9, 0x0a, 0xd3, 0x1a } \ ++ } ++ + struct grub_efi_sal_system_table + { + grub_uint32_t signature; +@@ -1637,6 +1647,72 @@ struct grub_efi_block_io + }; + typedef struct grub_efi_block_io grub_efi_block_io_t; + ++enum grub_efi_ip4_config2_data_type { ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_INTERFACEINFO, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_POLICY, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MANUAL_ADDRESS, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_GATEWAY, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_DNSSERVER, ++ GRUB_EFI_IP4_CONFIG2_DATA_TYPE_MAXIMUM ++}; ++typedef enum grub_efi_ip4_config2_data_type grub_efi_ip4_config2_data_type_t; ++ ++struct grub_efi_ip4_config2_protocol ++{ ++ grub_efi_status_t (*set_data) (struct grub_efi_ip4_config2_protocol *this, ++ grub_efi_ip4_config2_data_type_t data_type, ++ grub_efi_uintn_t data_size, ++ void *data); ++ ++ grub_efi_status_t (*get_data) (struct grub_efi_ip4_config2_protocol *this, ++ grub_efi_ip4_config2_data_type_t data_type, ++ grub_efi_uintn_t *data_size, ++ void *data); ++ ++ grub_efi_status_t (*register_data_notify) (struct grub_efi_ip4_config2_protocol *this, ++ grub_efi_ip4_config2_data_type_t data_type, ++ grub_efi_event_t event); ++ ++ grub_efi_status_t (*unregister_datanotify) (struct grub_efi_ip4_config2_protocol *this, ++ grub_efi_ip4_config2_data_type_t data_type, ++ grub_efi_event_t event); ++}; ++typedef struct grub_efi_ip4_config2_protocol grub_efi_ip4_config2_protocol_t; ++ ++enum grub_efi_ip6_config_data_type { ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_INTERFACEINFO, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_ALT_INTERFACEID, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_POLICY, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_DUP_ADDR_DETECT_TRANSMITS, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_MANUAL_ADDRESS, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_GATEWAY, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_DNSSERVER, ++ GRUB_EFI_IP6_CONFIG_DATA_TYPE_MAXIMUM ++}; ++typedef enum grub_efi_ip6_config_data_type grub_efi_ip6_config_data_type_t; ++ ++struct grub_efi_ip6_config_protocol ++{ ++ grub_efi_status_t (*set_data) (struct grub_efi_ip6_config_protocol *this, ++ grub_efi_ip6_config_data_type_t data_type, ++ grub_efi_uintn_t data_size, ++ void *data); ++ ++ grub_efi_status_t (*get_data) (struct grub_efi_ip6_config_protocol *this, ++ grub_efi_ip6_config_data_type_t data_type, ++ grub_efi_uintn_t *data_size, ++ void *data); ++ ++ grub_efi_status_t (*register_data_notify) (struct grub_efi_ip6_config_protocol *this, ++ grub_efi_ip6_config_data_type_t data_type, ++ grub_efi_event_t event); ++ ++ grub_efi_status_t (*unregister_datanotify) (struct grub_efi_ip6_config_protocol *this, ++ grub_efi_ip6_config_data_type_t data_type, ++ grub_efi_event_t event); ++}; ++typedef struct grub_efi_ip6_config_protocol grub_efi_ip6_config_protocol_t; ++ + #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \ + || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) + diff -Nru grub2-2.02~beta2/debian/patches/efinet_set_network_from_uefi_devpath.patch grub2-2.02~beta2/debian/patches/efinet_set_network_from_uefi_devpath.patch --- grub2-2.02~beta2/debian/patches/efinet_set_network_from_uefi_devpath.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/efinet_set_network_from_uefi_devpath.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,384 @@ +From: Michael Chang +Subject: [PATCH 7/8] efinet: Setting network from UEFI device path + +The PXE Base Code protocol used to obtain cached PXE DHCPACK packet is no +longer provided for HTTP Boot. Instead, we have to get the HTTP boot +information from the device path nodes defined in following UEFI Specification +sections. + + 9.3.5.12 IPv4 Device Path + 9.3.5.13 IPv6 Device Path + 9.3.5.23 Uniform Resource Identifiers (URI) Device Path + +This patch basically does: + +include/grub/efi/api.h: +Add new structure of Uniform Resource Identifiers (URI) Device Path + +grub-core/net/drivers/efi/efinet.c: +Check if PXE Base Code is available, if not it will try to obtain the netboot +information from the device path where the image booted from. The DHCPACK +packet is recoverd from the information in device patch and feed into the same +DHCP packet processing functions to ensure the network interface is setting up +the same way it used to be. + +Signed-off-by: Michael Chang +Signed-off-by: Ken Lin +--- + grub-core/net/drivers/efi/efinet.c | 268 +++++++++++++++++++++++++++++++++++-- + include/grub/efi/api.h | 11 + + 2 files changed, 270 insertions(+), 9 deletions(-) + +Index: b/grub-core/net/drivers/efi/efinet.c +=================================================================== +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -311,6 +312,221 @@ grub_efinet_findcards (void) + grub_free (handles); + } + ++static struct grub_net_buff * ++grub_efinet_create_dhcp_ack_from_device_path (grub_efi_device_path_t *dp, int *use_ipv6) ++{ ++ grub_efi_uint16_t uri_len; ++ grub_efi_device_path_t *ldp, *ddp; ++ grub_efi_uri_device_path_t *uri_dp; ++ struct grub_net_buff *nb; ++ grub_err_t err; ++ ++ ddp = grub_efi_duplicate_device_path (dp); ++ ldp = grub_efi_find_last_device_path (ddp); ++ ++ if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE ++ || GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_URI_DEVICE_PATH_SUBTYPE) ++ { ++ grub_free (ddp); ++ return NULL; ++ } ++ ++ uri_len = GRUB_EFI_DEVICE_PATH_LENGTH (ldp) > 4 ? GRUB_EFI_DEVICE_PATH_LENGTH (ldp) - 4 : 0; ++ ++ if (!uri_len) ++ { ++ grub_free (ddp); ++ return NULL; ++ } ++ ++ uri_dp = (grub_efi_uri_device_path_t *) ldp; ++ ++ ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; ++ ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; ++ ldp->length = sizeof (*ldp); ++ ++ ldp = grub_efi_find_last_device_path (ddp); ++ ++ if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE ++ || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE ++ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE)) ++ { ++ grub_free (ddp); ++ return NULL; ++ } ++ ++ nb = grub_netbuff_alloc (512); ++ if (!nb) ++ return NULL; ++ ++ if (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) == GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE) ++ { ++ grub_efi_ipv4_device_path_t *ipv4 = (grub_efi_ipv4_device_path_t *) ldp; ++ struct grub_net_bootp_packet *bp; ++ grub_uint8_t *ptr; ++ ++ bp = (struct grub_net_bootp_packet *) nb->tail; ++ err = grub_netbuff_put (nb, sizeof (*bp) + 4); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ ++ if (sizeof(bp->boot_file) < uri_len) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ grub_memcpy (bp->boot_file, uri_dp->uri, uri_len); ++ grub_memcpy (&bp->your_ip, ipv4->local_ip_address, sizeof (bp->your_ip)); ++ grub_memcpy (&bp->server_ip, ipv4->remote_ip_address, sizeof (bp->server_ip)); ++ ++ bp->vendor[0] = GRUB_NET_BOOTP_RFC1048_MAGIC_0; ++ bp->vendor[1] = GRUB_NET_BOOTP_RFC1048_MAGIC_1; ++ bp->vendor[2] = GRUB_NET_BOOTP_RFC1048_MAGIC_2; ++ bp->vendor[3] = GRUB_NET_BOOTP_RFC1048_MAGIC_3; ++ ++ ptr = nb->tail; ++ err = grub_netbuff_put (nb, sizeof (ipv4->subnet_mask) + 2); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ *ptr++ = GRUB_NET_BOOTP_NETMASK; ++ *ptr++ = sizeof (ipv4->subnet_mask); ++ grub_memcpy (ptr, ipv4->subnet_mask, sizeof (ipv4->subnet_mask)); ++ ++ ptr = nb->tail; ++ err = grub_netbuff_put (nb, sizeof (ipv4->gateway_ip_address) + 2); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ *ptr++ = GRUB_NET_BOOTP_ROUTER; ++ *ptr++ = sizeof (ipv4->gateway_ip_address); ++ grub_memcpy (ptr, ipv4->gateway_ip_address, sizeof (ipv4->gateway_ip_address)); ++ ++ ptr = nb->tail; ++ err = grub_netbuff_put (nb, sizeof ("HTTPClient") + 1); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ *ptr++ = GRUB_NET_BOOTP_VENDOR_CLASS_IDENTIFIER; ++ *ptr++ = sizeof ("HTTPClient") - 1; ++ grub_memcpy (ptr, "HTTPClient", sizeof ("HTTPClient") - 1); ++ ++ ptr = nb->tail; ++ err = grub_netbuff_put (nb, 1); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ *ptr = GRUB_NET_BOOTP_END; ++ *use_ipv6 = 0; ++ ++ ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; ++ ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; ++ ldp->length = sizeof (*ldp); ++ ldp = grub_efi_find_last_device_path (ddp); ++ ++ if (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) == GRUB_EFI_MAC_ADDRESS_DEVICE_PATH_SUBTYPE) ++ { ++ grub_efi_mac_address_device_path_t *mac = (grub_efi_mac_address_device_path_t *) ldp; ++ bp->hw_type = mac->if_type; ++ bp->hw_len = sizeof (bp->mac_addr); ++ grub_memcpy (bp->mac_addr, mac->mac_address, bp->hw_len); ++ } ++ } ++ else ++ { ++ grub_efi_ipv6_device_path_t *ipv6 = (grub_efi_ipv6_device_path_t *) ldp; ++ ++ struct grub_net_dhcp6_packet *d6p; ++ struct grub_net_dhcp6_option *opt; ++ struct grub_net_dhcp6_option_iana *iana; ++ struct grub_net_dhcp6_option_iaaddr *iaaddr; ++ ++ d6p = (struct grub_net_dhcp6_packet *)nb->tail; ++ err = grub_netbuff_put (nb, sizeof(*d6p)); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ d6p->message_type = GRUB_NET_DHCP6_REPLY; ++ ++ opt = (struct grub_net_dhcp6_option *)nb->tail; ++ err = grub_netbuff_put (nb, sizeof(*opt)); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IA_NA); ++ opt->len = grub_cpu_to_be16_compile_time (sizeof(*iana) + sizeof(*opt) + sizeof(*iaaddr)); ++ ++ err = grub_netbuff_put (nb, sizeof(*iana)); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ ++ opt = (struct grub_net_dhcp6_option *)nb->tail; ++ err = grub_netbuff_put (nb, sizeof(*opt)); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_IAADDR); ++ opt->len = grub_cpu_to_be16_compile_time (sizeof (*iaaddr)); ++ ++ iaaddr = (struct grub_net_dhcp6_option_iaaddr *)nb->tail; ++ err = grub_netbuff_put (nb, sizeof(*iaaddr)); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ grub_memcpy (iaaddr->addr, ipv6->local_ip_address, sizeof(ipv6->local_ip_address)); ++ ++ opt = (struct grub_net_dhcp6_option *)nb->tail; ++ err = grub_netbuff_put (nb, sizeof(*opt) + uri_len); ++ if (err) ++ { ++ grub_free (ddp); ++ grub_netbuff_free (nb); ++ return NULL; ++ } ++ opt->code = grub_cpu_to_be16_compile_time (GRUB_NET_DHCP6_OPTION_BOOTFILE_URL); ++ opt->len = grub_cpu_to_be16 (uri_len); ++ grub_memcpy (opt->data, uri_dp->uri, uri_len); ++ ++ *use_ipv6 = 1; ++ } ++ ++ grub_free (ddp); ++ return nb; ++} ++ + static void + grub_efi_net_config_real (grub_efi_handle_t hnd, char **device, + char **path) +@@ -327,6 +543,11 @@ grub_efi_net_config_real (grub_efi_handl + grub_efi_device_path_t *cdp; + struct grub_efi_pxe *pxe; + struct grub_efi_pxe_mode *pxe_mode; ++ grub_uint8_t *packet_buf; ++ grub_size_t packet_bufsz ; ++ int ipv6; ++ struct grub_net_buff *nb = NULL; ++ + if (card->driver != &efidriver) + continue; + cdp = grub_efi_get_device_path (card->efi_handle); +@@ -346,11 +567,21 @@ grub_efi_net_config_real (grub_efi_handl + ldp = grub_efi_find_last_device_path (dp); + if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) != GRUB_EFI_MESSAGING_DEVICE_PATH_TYPE + || (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV4_DEVICE_PATH_SUBTYPE +- && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE)) ++ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_IPV6_DEVICE_PATH_SUBTYPE ++ && GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) != GRUB_EFI_URI_DEVICE_PATH_SUBTYPE)) + continue; + dup_dp = grub_efi_duplicate_device_path (dp); + if (!dup_dp) + continue; ++ ++ if (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) == GRUB_EFI_URI_DEVICE_PATH_SUBTYPE) ++ { ++ dup_ldp = grub_efi_find_last_device_path (dup_dp); ++ dup_ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; ++ dup_ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; ++ dup_ldp->length = sizeof (*dup_ldp); ++ } ++ + dup_ldp = grub_efi_find_last_device_path (dup_dp); + dup_ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE; + dup_ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; +@@ -362,16 +593,31 @@ grub_efi_net_config_real (grub_efi_handl + } + pxe = grub_efi_open_protocol (hnd, &pxe_io_guid, + GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); +- if (! pxe) +- continue; +- pxe_mode = pxe->mode; ++ if (!pxe) ++ { ++ nb = grub_efinet_create_dhcp_ack_from_device_path (dp, &ipv6); ++ if (!nb) ++ { ++ grub_print_error (); ++ continue; ++ } ++ packet_buf = nb->head; ++ packet_bufsz = nb->tail - nb->head; ++ } ++ else ++ { ++ pxe_mode = pxe->mode; ++ packet_buf = (grub_uint8_t *) &pxe_mode->dhcp_ack; ++ packet_bufsz = sizeof (pxe_mode->dhcp_ack); ++ ipv6 = pxe_mode->using_ipv6; ++ } + +- if (pxe_mode->using_ipv6) ++ if (ipv6) + { + grub_net_configure_by_dhcpv6_reply (card->name, card, 0, + (struct grub_net_dhcp6_packet *) +- &pxe_mode->dhcp_ack, +- sizeof (pxe_mode->dhcp_ack), ++ packet_buf, ++ packet_bufsz, + 1, device, path); + if (grub_errno) + grub_print_error (); +@@ -380,10 +626,14 @@ grub_efi_net_config_real (grub_efi_handl + { + grub_net_configure_by_dhcp_ack (card->name, card, 0, + (struct grub_net_bootp_packet *) +- &pxe_mode->dhcp_ack, +- sizeof (pxe_mode->dhcp_ack), ++ packet_buf, ++ packet_bufsz, + 1, device, path); + } ++ ++ if (nb) ++ grub_netbuff_free (nb); ++ + return; + } + } +Index: b/include/grub/efi/api.h +=================================================================== +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -776,6 +776,8 @@ struct grub_efi_ipv4_device_path + grub_efi_uint16_t remote_port; + grub_efi_uint16_t protocol; + grub_efi_uint8_t static_ip_address; ++ grub_efi_ipv4_address_t gateway_ip_address; ++ grub_efi_ipv4_address_t subnet_mask; + } GRUB_PACKED; + typedef struct grub_efi_ipv4_device_path grub_efi_ipv4_device_path_t; + +@@ -830,6 +832,15 @@ struct grub_efi_sata_device_path + } GRUB_PACKED; + typedef struct grub_efi_sata_device_path grub_efi_sata_device_path_t; + ++#define GRUB_EFI_URI_DEVICE_PATH_SUBTYPE 24 ++ ++struct grub_efi_uri_device_path ++{ ++ grub_efi_device_path_t header; ++ grub_efi_uint8_t uri[0]; ++} GRUB_PACKED; ++typedef struct grub_efi_uri_device_path grub_efi_uri_device_path_t; ++ + #define GRUB_EFI_VENDOR_MESSAGING_DEVICE_PATH_SUBTYPE 10 + + /* Media Device Path. */ diff -Nru grub2-2.02~beta2/debian/patches/efinet_uefi_ipv6_pxe_support.patch grub2-2.02~beta2/debian/patches/efinet_uefi_ipv6_pxe_support.patch --- grub2-2.02~beta2/debian/patches/efinet_uefi_ipv6_pxe_support.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/efinet_uefi_ipv6_pxe_support.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,122 @@ +From: Michael Chang +Subject: [PATCH 4/8] efinet: UEFI IPv6 PXE support + +When grub2 image is booted from UEFI IPv6 PXE, the DHCPv6 Reply packet is +cached in firmware buffer which can be obtained by PXE Base Code protocol. The +network interface can be setup through the parameters in that obtained packet. + +Signed-off-by: Michael Chang +Signed-off-by: Ken Lin +--- + grub-core/net/drivers/efi/efinet.c | 24 ++++++++++++---- + include/grub/efi/api.h | 55 ++++++++++++++++++++++++++++++++++++- + 2 files changed, 73 insertions(+), 6 deletions(-) + +Index: b/grub-core/net/drivers/efi/efinet.c +=================================================================== +--- a/grub-core/net/drivers/efi/efinet.c ++++ b/grub-core/net/drivers/efi/efinet.c +@@ -365,11 +365,25 @@ grub_efi_net_config_real (grub_efi_handl + if (! pxe) + continue; + pxe_mode = pxe->mode; +- grub_net_configure_by_dhcp_ack (card->name, card, 0, +- (struct grub_net_bootp_packet *) +- &pxe_mode->dhcp_ack, +- sizeof (pxe_mode->dhcp_ack), +- 1, device, path); ++ ++ if (pxe_mode->using_ipv6) ++ { ++ grub_net_configure_by_dhcpv6_reply (card->name, card, 0, ++ (struct grub_net_dhcp6_packet *) ++ &pxe_mode->dhcp_ack, ++ sizeof (pxe_mode->dhcp_ack), ++ 1, device, path); ++ if (grub_errno) ++ grub_print_error (); ++ } ++ else ++ { ++ grub_net_configure_by_dhcp_ack (card->name, card, 0, ++ (struct grub_net_bootp_packet *) ++ &pxe_mode->dhcp_ack, ++ sizeof (pxe_mode->dhcp_ack), ++ 1, device, path); ++ } + return; + } + } +Index: b/include/grub/efi/api.h +=================================================================== +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -1340,14 +1340,67 @@ typedef struct grub_efi_simple_text_outp + + typedef grub_uint8_t grub_efi_pxe_packet_t[1472]; + ++typedef struct { ++ grub_uint8_t addr[4]; ++} grub_efi_pxe_ipv4_address_t; ++ ++typedef struct { ++ grub_uint8_t addr[16]; ++} grub_efi_pxe_ipv6_address_t; ++ ++typedef struct { ++ grub_uint8_t addr[32]; ++} grub_efi_pxe_mac_address_t; ++ ++typedef union { ++ grub_uint32_t addr[4]; ++ grub_efi_pxe_ipv4_address_t v4; ++ grub_efi_pxe_ipv6_address_t v6; ++} grub_efi_pxe_ip_address_t; ++ ++#define GRUB_EFI_PXE_BASE_CODE_MAX_IPCNT 8 ++typedef struct { ++ grub_uint8_t filters; ++ grub_uint8_t ip_cnt; ++ grub_uint16_t reserved; ++ grub_efi_pxe_ip_address_t ip_list[GRUB_EFI_PXE_BASE_CODE_MAX_IPCNT]; ++} grub_efi_pxe_ip_filter_t; ++ ++typedef struct { ++ grub_efi_pxe_ip_address_t ip_addr; ++ grub_efi_pxe_mac_address_t mac_addr; ++} grub_efi_pxe_arp_entry_t; ++ ++typedef struct { ++ grub_efi_pxe_ip_address_t ip_addr; ++ grub_efi_pxe_ip_address_t subnet_mask; ++ grub_efi_pxe_ip_address_t gw_addr; ++} grub_efi_pxe_route_entry_t; ++ ++ ++#define GRUB_EFI_PXE_BASE_CODE_MAX_ARP_ENTRIES 8 ++#define GRUB_EFI_PXE_BASE_CODE_MAX_ROUTE_ENTRIES 8 ++ + typedef struct grub_efi_pxe_mode + { +- grub_uint8_t unused[52]; ++ grub_uint8_t started; ++ grub_uint8_t ipv6_available; ++ grub_uint8_t ipv6_supported; ++ grub_uint8_t using_ipv6; ++ grub_uint8_t unused[16]; ++ grub_efi_pxe_ip_address_t station_ip; ++ grub_efi_pxe_ip_address_t subnet_mask; + grub_efi_pxe_packet_t dhcp_discover; + grub_efi_pxe_packet_t dhcp_ack; + grub_efi_pxe_packet_t proxy_offer; + grub_efi_pxe_packet_t pxe_discover; + grub_efi_pxe_packet_t pxe_reply; ++ grub_efi_pxe_packet_t pxe_bis_reply; ++ grub_efi_pxe_ip_filter_t ip_filter; ++ grub_uint32_t arp_cache_entries; ++ grub_efi_pxe_arp_entry_t arp_cache[GRUB_EFI_PXE_BASE_CODE_MAX_ARP_ENTRIES]; ++ grub_uint32_t route_table_entries; ++ grub_efi_pxe_route_entry_t route_table[GRUB_EFI_PXE_BASE_CODE_MAX_ROUTE_ENTRIES]; + } grub_efi_pxe_mode_t; + + typedef struct grub_efi_pxe diff -Nru grub2-2.02~beta2/debian/patches/fix_booting_for_large_root_volumes.patch grub2-2.02~beta2/debian/patches/fix_booting_for_large_root_volumes.patch --- grub2-2.02~beta2/debian/patches/fix_booting_for_large_root_volumes.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/fix_booting_for_large_root_volumes.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,124 @@ +Description: Fix for unbootable systems with large (> 2TB) root disks. +Author: Vladimir Serbinenko +From: Matthew Ruffell +Origin: https://git.savannah.gnu.org/cgit/grub.git/commit/?id=e20aa39ea4298011ba716087713cff26c6c52006 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1840686 + +Index: grub2-2.02~beta2/grub-core/fs/ext2.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/fs/ext2.c ++++ grub2-2.02~beta2/grub-core/fs/ext2.c +@@ -107,6 +107,7 @@ GRUB_MOD_LICENSE ("GPLv3+"); + #define EXT2_DRIVER_SUPPORTED_INCOMPAT ( EXT2_FEATURE_INCOMPAT_FILETYPE \ + | EXT4_FEATURE_INCOMPAT_EXTENTS \ + | EXT4_FEATURE_INCOMPAT_FLEX_BG \ ++ | EXT2_FEATURE_INCOMPAT_META_BG \ + | EXT4_FEATURE_INCOMPAT_64BIT) + /* List of rationales for the ignored "incompatible" features: + * needs_recovery: Not really back-incompatible - was added as such to forbid +@@ -331,16 +332,68 @@ static grub_dl_t my_mod; + + + ++/* Check is a = b^x for some x. */ ++static inline int ++is_power_of (grub_uint64_t a, grub_uint32_t b) ++{ ++ grub_uint64_t c; ++ /* Prevent overflow assuming b < 8. */ ++ if (a >= (1LL << 60)) ++ return 0; ++ for (c = 1; c <= a; c *= b); ++ return (c == a); ++} ++ ++ ++static inline int ++group_has_super_block (struct grub_ext2_data *data, grub_uint64_t group) ++{ ++ if (!(data->sblock.feature_ro_compat ++ & grub_cpu_to_le32_compile_time(EXT2_FEATURE_RO_COMPAT_SPARSE_SUPER))) ++ return 1; ++ /* Algorithm looked up in Linux source. */ ++ if (group <= 1) ++ return 1; ++ /* Even number is never a power of odd number. */ ++ if (!(group & 1)) ++ return 0; ++ return (is_power_of(group, 7) || is_power_of(group, 5) || ++ is_power_of(group, 3)); ++} ++ + /* Read into BLKGRP the blockgroup descriptor of blockgroup GROUP of + the mounted filesystem DATA. */ + inline static grub_err_t +-grub_ext2_blockgroup (struct grub_ext2_data *data, int group, ++grub_ext2_blockgroup (struct grub_ext2_data *data, grub_uint64_t group, + struct grub_ext2_block_group *blkgrp) + { ++ grub_uint64_t full_offset = (group << data->log_group_desc_size); ++ grub_uint64_t block, offset; ++ block = (full_offset >> LOG2_BLOCK_SIZE (data)); ++ offset = (full_offset & ((1 << LOG2_BLOCK_SIZE (data)) - 1)); ++ if ((data->sblock.feature_incompat ++ & grub_cpu_to_le32_compile_time (EXT2_FEATURE_INCOMPAT_META_BG)) ++ && block >= grub_le_to_cpu32(data->sblock.first_meta_bg)) ++ { ++ grub_uint64_t first_block_group; ++ /* Find the first block group for which a descriptor ++ is stored in given block. */ ++ first_block_group = (block << (LOG2_BLOCK_SIZE (data) ++ - data->log_group_desc_size)); ++ ++ block = (first_block_group ++ * grub_le_to_cpu32(data->sblock.blocks_per_group)); ++ ++ if (group_has_super_block (data, first_block_group)) ++ block++; ++ } ++ else ++ /* Superblock. */ ++ block++; + return grub_disk_read (data->disk, +- ((grub_le_to_cpu32 (data->sblock.first_data_block) + 1) +- << LOG2_EXT2_BLOCK_SIZE (data)), +- group << data->log_group_desc_size, ++ ((grub_le_to_cpu32 (data->sblock.first_data_block) ++ + block) ++ << LOG2_EXT2_BLOCK_SIZE (data)), offset, + sizeof (struct grub_ext2_block_group), blkgrp); + } + +Index: grub2-2.02~beta2/tests/ext234_test.in +=================================================================== +--- grub2-2.02~beta2.orig/tests/ext234_test.in ++++ grub2-2.02~beta2/tests/ext234_test.in +@@ -29,3 +29,4 @@ fi + "@builddir@/grub-fs-tester" ext2 + "@builddir@/grub-fs-tester" ext3 + "@builddir@/grub-fs-tester" ext4 ++"@builddir@/grub-fs-tester" ext4_metabg +Index: grub2-2.02~beta2/tests/util/grub-fs-tester.in +=================================================================== +--- grub2-2.02~beta2.orig/tests/util/grub-fs-tester.in ++++ grub2-2.02~beta2/tests/util/grub-fs-tester.in +@@ -281,7 +281,7 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZ + #FSLABEL="g;/_é莭莽😁кит u" + ;; + # FS LIMITATION: reiserfs, extN and jfs label is at most 16 UTF-8 characters +- x"reiserfs_old" | x"reiserfs" | x"ext2" | xext2_old | x"ext3" | x"ext4" | x"lvm"* | x"mdraid"* | x"jfs" | x"jfs_caseins") ++ x"reiserfs_old" | x"reiserfs" | x"ext"* | x"lvm"* | x"mdraid"* | x"jfs" | x"jfs_caseins") + FSLABEL="g;/éт 莭😁";; + # FS LIMITATION: No underscore, space, semicolon, slash or international characters in UFS* in label. Limited to 32 UTF-8 characters + x"ufs1" | x"ufs1_sun" | x"ufs2") +@@ -746,6 +746,10 @@ for ((LOGSECSIZE=MINLOGSECSIZE;LOGSECSIZ + MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.ext2" -r 0 -b $BLKSIZE -L "$FSLABEL" -q "${LODEVICES[0]}" + MOUNTFS=ext2 + ;; ++ xext4_metabg) ++ MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.ext4" -O meta_bg,^resize_inode -b $BLKSIZE -L "$FSLABEL" -q "${LODEVICES[0]}" ++ MOUNTFS=ext4 ++ ;; + xext*) + MKE2FS_DEVICE_SECTSIZE=$SECSIZE "mkfs.$fs" -b $BLKSIZE -L "$FSLABEL" -q "${LODEVICES[0]}" ;; + xxfs) diff -Nru grub2-2.02~beta2/debian/patches/Fix-exit-to-EFI-firmware.patch grub2-2.02~beta2/debian/patches/Fix-exit-to-EFI-firmware.patch --- grub2-2.02~beta2/debian/patches/Fix-exit-to-EFI-firmware.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/Fix-exit-to-EFI-firmware.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,55 @@ +From c945ca75c3b2b900040b905323b1226cb60a1166 Mon Sep 17 00:00:00 2001 +From: Mark Salter +Date: Fri, 15 Aug 2014 12:22:43 -0400 +Subject: [PATCH] Fix exit to EFI firmware + +The current code for EFI grub_exit() calls grub_efi_fini() before +returning to firmware. In the case of ARM, this leaves a timer +event running which could lead to a firmware crash. This patch +changes this so that grub_machine_fini() is called with a NORETURN +flag. This allows machine-specific shutdown to happen as well +as the shutdown done by grub_efi_fini(). + +Signed-off-by: Mark Salter +--- + grub-core/kern/arm/efi/init.c | 2 +- + grub-core/kern/efi/efi.c | 3 ++- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/grub-core/kern/arm/efi/init.c b/grub-core/kern/arm/efi/init.c +index a6ae034..2572ca8 100644 +--- a/grub-core/kern/arm/efi/init.c ++++ b/grub-core/kern/arm/efi/init.c +@@ -67,7 +67,7 @@ grub_machine_fini (int flags) + + b = grub_efi_system_table->boot_services; + +- efi_call_3 (b->set_timer, tmr_evt, GRUB_EFI_TIMER_PERIODIC, 0); ++ efi_call_3 (b->set_timer, tmr_evt, GRUB_EFI_TIMER_CANCEL, 0); + efi_call_1 (b->close_event, tmr_evt); + + grub_efi_fini (); +diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c +index 49a1501..2e77834 100644 +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -27,6 +27,7 @@ + #include + #include + #include ++#include + + /* The handle of GRUB itself. Filled in by the startup code. */ + grub_efi_handle_t grub_efi_image_handle; +@@ -156,7 +157,7 @@ grub_efi_get_loaded_image (grub_efi_handle_t image_handle) + void + grub_exit (void) + { +- grub_efi_fini (); ++ grub_machine_fini (GRUB_LOADER_FLAG_NORETURN); + efi_call_4 (grub_efi_system_table->boot_services->exit, + grub_efi_image_handle, GRUB_EFI_SUCCESS, 0, 0); + for (;;) ; +-- +2.7.4 + diff -Nru grub2-2.02~beta2/debian/patches/git_fix_tsc_calibration_pit_a03c1034.patch grub2-2.02~beta2/debian/patches/git_fix_tsc_calibration_pit_a03c1034.patch --- grub2-2.02~beta2/debian/patches/git_fix_tsc_calibration_pit_a03c1034.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/git_fix_tsc_calibration_pit_a03c1034.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,28 @@ +From a03c1034f6062e69075056c8f31b90e159ce5244 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Tue, 01 Dec 2015 15:49:38 +0000 +Subject: i386: fix TSC calibration using PIT + +Condition was accidentally reversed, so PIT calibration always failed +when PIT was present and always succeeded when PIT was missing, but in +the latter case resulted in absurdly fast clock. + +Reported and tested by Vitaly Kuznetsov +--- +--- + grub-core/kern/i386/tsc_pit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: b/grub-core/kern/i386/tsc_pit.c +=================================================================== +--- a/grub-core/kern/i386/tsc_pit.c ++++ b/grub-core/kern/i386/tsc_pit.c +@@ -49,7 +49,7 @@ grub_pit_wait (void) + | GRUB_PIT_SPK_TMR2, + GRUB_PIT_SPEAKER_PORT); + +- if ((grub_inb (GRUB_PIT_SPEAKER_PORT) & GRUB_PIT_SPK_TMR2_LATCH)) { ++ if ((grub_inb (GRUB_PIT_SPEAKER_PORT) & GRUB_PIT_SPK_TMR2_LATCH) == 0x00) { + ret = 1; + /* Wait. */ + while ((grub_inb (GRUB_PIT_SPEAKER_PORT) & GRUB_PIT_SPK_TMR2_LATCH) == 0x00); diff -Nru grub2-2.02~beta2/debian/patches/git_pmem_efiemu_handle_pmem_ae3b83a4.patch grub2-2.02~beta2/debian/patches/git_pmem_efiemu_handle_pmem_ae3b83a4.patch --- grub2-2.02~beta2/debian/patches/git_pmem_efiemu_handle_pmem_ae3b83a4.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/git_pmem_efiemu_handle_pmem_ae3b83a4.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,80 @@ +From ae3b83a4d4df75a01198a2fed7542391e7c449e0 Mon Sep 17 00:00:00 2001 +From: Robert Elliott +Date: Fri, 22 Jan 2016 13:32:30 +0100 +Subject: efiemu: Handle persistent RAM and unknown possible future additions. + +--- + grub-core/efiemu/mm.c | 25 ++++++++++++++++++++++--- + 1 file changed, 22 insertions(+), 3 deletions(-) + +Index: b/grub-core/efiemu/mm.c +=================================================================== +--- a/grub-core/efiemu/mm.c ++++ b/grub-core/efiemu/mm.c +@@ -99,7 +99,8 @@ grub_efiemu_request_memalign (grub_size_ + grub_size_t align_overhead; + struct grub_efiemu_memrequest *ret, *cur, *prev; + /* Check that the request is correct */ +- if (type >= GRUB_EFI_MAX_MEMORY_TYPE || type <= GRUB_EFI_LOADER_CODE) ++ if (type <= GRUB_EFI_LOADER_CODE || type == GRUB_EFI_PERSISTENT_MEMORY || ++ type >= GRUB_EFI_MAX_MEMORY_TYPE) + return -2; + + /* Add new size to requested size */ +@@ -166,6 +167,13 @@ efiemu_alloc_requests (void) + GRUB_EFI_MEMORY_MAPPED_IO, + GRUB_EFI_MEMORY_MAPPED_IO_PORT_SPACE, + GRUB_EFI_PAL_CODE ++ ++ /* ++ * These are not allocatable: ++ * GRUB_EFI_RESERVED_MEMORY_TYPE ++ * GRUB_EFI_PERSISTENT_MEMORY ++ * >= GRUB_EFI_MAX_MEMORY_TYPE ++ */ + }; + + /* Compute total memory needed */ +@@ -402,6 +410,10 @@ fill_hook (grub_uint64_t addr, grub_uint + return grub_efiemu_add_to_mmap (addr, size, + GRUB_EFI_ACPI_MEMORY_NVS); + ++ case GRUB_MEMORY_PERSISTENT: ++ case GRUB_MEMORY_PERSISTENT_LEGACY: ++ return grub_efiemu_add_to_mmap (addr, size, ++ GRUB_EFI_PERSISTENT_MEMORY); + default: + grub_dprintf ("efiemu", + "Unknown memory type %d. Assuming unusable\n", type); +@@ -445,7 +457,7 @@ grub_efiemu_mmap_iterate (grub_memory_ho + case GRUB_EFI_MEMORY_MAPPED_IO: + case GRUB_EFI_MEMORY_MAPPED_IO_PORT_SPACE: + case GRUB_EFI_PAL_CODE: +- case GRUB_EFI_MAX_MEMORY_TYPE: ++ default: + hook (efiemu_mmap[i].physical_start, efiemu_mmap[i].num_pages * 4096, + GRUB_MEMORY_RESERVED, hook_data); + break; +@@ -468,6 +480,12 @@ grub_efiemu_mmap_iterate (grub_memory_ho + hook (efiemu_mmap[i].physical_start, efiemu_mmap[i].num_pages * 4096, + GRUB_MEMORY_NVS, hook_data); + break; ++ ++ case GRUB_EFI_PERSISTENT_MEMORY: ++ hook (efiemu_mmap[i].physical_start, efiemu_mmap[i].num_pages * 4096, ++ GRUB_MEMORY_PERSISTENT, hook_data); ++ break; ++ + } + + return 0; +@@ -503,7 +521,8 @@ grub_efiemu_mmap_sort_and_uniq (void) + [GRUB_EFI_ACPI_MEMORY_NVS] = 3, + [GRUB_EFI_MEMORY_MAPPED_IO] = 4, + [GRUB_EFI_MEMORY_MAPPED_IO_PORT_SPACE] = 4, +- [GRUB_EFI_PAL_CODE] = 4 ++ [GRUB_EFI_PAL_CODE] = 4, ++ [GRUB_EFI_PERSISTENT_MEMORY] = 4 + }; + + int i, j, k, done; diff -Nru grub2-2.02~beta2/debian/patches/git_pmem_mmap_handle_pmem_c79c59f1.patch grub2-2.02~beta2/debian/patches/git_pmem_mmap_handle_pmem_c79c59f1.patch --- grub2-2.02~beta2/debian/patches/git_pmem_mmap_handle_pmem_c79c59f1.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/git_pmem_mmap_handle_pmem_c79c59f1.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,179 @@ +From c79c59f1295df8ea660f8a858f9532d76a5f67b7 Mon Sep 17 00:00:00 2001 +From: Robert Elliott +Date: Thu, 17 Dec 2015 10:53:32 -0600 +Subject: lsefimmap: support persistent memory and other UEFI 2.5 features + +This should accompany + 76ce1de740 Translate UEFI persistent memory type + +1. Add a string for the EfiPersistentMemory type 14 that was +added in UEFI 2.5. + +2. Decode the memory attributes that were added in UEFI 2.5: +* NV (non-volatile) +* MORE_RELIABLE (higher reliable, e.g., mirrored memory in a system + with partial memory mirroring) +* RO (read-only) + +3. Use proper IEC binary units (KiB, MiB, etc.) for power-of-two +values rather than misusing SI power-of-ten units (KB, MB, etc.) + +4. The lsmmap command only decodes memory ranges sizes up to GiB scale +units. Persistent memory ranges will reach into the TiB scale. +Since 64-bit size field supports TiB, PiB, and EiB, decode all of +them for completeness. + +5. In the lsefimmap command, rewrite the print statements to +* avoid rounding +* avoid a big nested if/else tree. + +For example: In the sixth entry below, the value of 309MB implies +316416KB but is really reporting 316436KB. + +Widen the size column to 6 digits to accommodate typical cases. +The worst case value would require 14 digits; if that happens, +let the columns get out of sync. + +Old format: +Type Physical start - end #Pages Size Attributes +conv-mem 0000000000000000-0000000000092fff 00000093 588KB UC WC WT WB +reserved 0000000000093000-0000000000093fff 00000001 4KB UC WC WT WB +conv-mem 0000000000094000-000000000009ffff 0000000c 48KB UC WC WT WB +conv-mem 0000000000100000-000000000fffffff 0000ff00 255MB UC WC WT WB +BS-code 0000000010000000-0000000010048fff 00000049 292KB UC WC WT WB +conv-mem 0000000010049000-000000002354dfff 00013505 309MB UC WC WT WB +ldr-data 000000002354e000-000000003ecfffff 0001b7b2 439MB UC WC WT WB +BS-data 000000003ed00000-000000003ed7ffff 00000080 512KB UC WC WT WB +conv-mem 000000003ed80000-000000006af5ffff 0002c1e0 705MB UC WC WT WB +reserved 000000006af60000-000000006b55ffff 00000600 6MB UC WC WT WB +BS-data 000000006b560000-000000006b560fff 00000001 4KB UC WC WT WB +RT-data 000000006b561000-000000006b5e1fff 00000081 516KB RT UC WC WT WB +BS-data 000000006b5e2000-000000006ecfafff 00003719 55MB UC WC WT WB +BS-code 000000006ecfb000-000000006ecfbfff 00000001 4KB UC WC WT WB +conv-mem 000000006ecfc000-00000000711fafff 000024ff 36MB UC WC WT WB +BS-data 00000000711fb000-000000007128dfff 00000093 588KB UC WC WT WB +Unk 0d 0000000880000000-0000000e7fffffff 00600000 24GB UC WC WT WB NV +reserved 0000001680000000-0000001c7fffffff 00600000 24GB UC WC WT WB NV + +New format: +Type Physical start - end #Pages Size Attributes +conv-mem 0000000000000000-0000000000092fff 00000093 588KiB UC WC WT WB +reserved 0000000000093000-0000000000093fff 00000001 4KiB UC WC WT WB +conv-mem 0000000000094000-000000000009ffff 0000000c 48KiB UC WC WT WB +conv-mem 0000000000100000-000000000fffffff 0000ff00 255MiB UC WC WT WB +BS-code 0000000010000000-0000000010048fff 00000049 292KiB UC WC WT WB +conv-mem 0000000010049000-000000002354dfff 00013505 316436KiB UC WC WT WB +ldr-data 000000002354e000-000000003ecfffff 0001b7b2 450248KiB UC WC WT WB +BS-data 000000003ed00000-000000003ed7ffff 00000080 512KiB UC WC WT WB +conv-mem 000000003ed80000-000000006af5ffff 0002c1e0 722816KiB UC WC WT WB +reserved 000000006af60000-000000006b55ffff 00000600 6MiB UC WC WT WB +BS-data 000000006b560000-000000006b560fff 00000001 4KiB UC WC WT WB +RT-data 000000006b561000-000000006b5e1fff 00000081 516KiB RT UC WC WT WB +BS-data 000000006b5e2000-000000006ecfafff 00003719 56420KiB UC WC WT WB +BS-code 000000006ecfb000-000000006ecfbfff 00000001 4KiB UC WC WT WB +conv-mem 000000006ecfc000-0000000071222fff 00002527 38044KiB UC WC WT WB +BS-data 0000000071223000-00000000712ddfff 000000bb 748KiB UC WC WT WB +persist 0000000880000000-0000000e7fffffff 00600000 24GiB UC WC WT WB NV +reserved 0000001680000000-0000001c7fffffff 00600000 24GiB UC WC WT WB NV +--- + grub-core/commands/efi/lsefimmap.c | 47 +++++++++++++++++++++++++------------- + include/grub/efi/api.h | 3 +++ + 2 files changed, 34 insertions(+), 16 deletions(-) + +diff --git a/grub-core/commands/efi/lsefimmap.c b/grub-core/commands/efi/lsefimmap.c +index 215b45b..c85ff7f 100644 +--- a/grub-core/commands/efi/lsefimmap.c ++++ b/grub-core/commands/efi/lsefimmap.c +@@ -51,7 +51,7 @@ grub_cmd_lsefimmap (grub_command_t cmd __attribute__ ((unused)), + + grub_printf + ("Type Physical start - end #Pages " +- " Size Attributes\n"); ++ " Size Attributes\n"); + memory_map_end = ADD_MEMORY_DESCRIPTOR (memory_map, map_size); + for (desc = memory_map; + desc < memory_map_end; +@@ -74,7 +74,8 @@ grub_cmd_lsefimmap (grub_command_t cmd __attribute__ ((unused)), + "ACPI-nvs", + "MMIO ", + "IO-ports", +- "PAL-code" ++ "PAL-code", ++ "persist ", + }; + if (desc->type < ARRAY_SIZE (types_str)) + grub_printf ("%s ", types_str[desc->type]); +@@ -87,21 +88,29 @@ grub_cmd_lsefimmap (grub_command_t cmd __attribute__ ((unused)), + desc->physical_start + (desc->num_pages << 12) - 1, + desc->num_pages); + +- size = desc->num_pages; +- size <<= (12 - 10); +- if (size < 1024) +- grub_printf (" %4" PRIuGRUB_UINT64_T "KB", size); ++ size = desc->num_pages << 12; /* 4 KiB page size */ ++ /* ++ * Since size is a multiple of 4 KiB, no need to handle units ++ * of just Bytes (which would use a mask of 0x3ff). ++ * ++ * 14 characters would support the largest possible number of 4 KiB ++ * pages that are not a multiple of larger units (e.g., MiB): ++ * 17592186044415 (0xffffff_fffff000), but that uses a lot of ++ * whitespace for a rare case. 6 characters usually suffices; ++ * columns will be off if not, but this is preferable to rounding. ++ */ ++ if (size & 0xfffff) ++ grub_printf (" %6" PRIuGRUB_UINT64_T "KiB", size >> 10); ++ else if (size & 0x3fffffff) ++ grub_printf (" %6" PRIuGRUB_UINT64_T "MiB", size >> 20); ++ else if (size & 0xffffffffff) ++ grub_printf (" %6" PRIuGRUB_UINT64_T "GiB", size >> 30); ++ else if (size & 0x3ffffffffffff) ++ grub_printf (" %6" PRIuGRUB_UINT64_T "TiB", size >> 40); ++ else if (size & 0xfffffffffffffff) ++ grub_printf (" %6" PRIuGRUB_UINT64_T "PiB", size >> 50); + else +- { +- size /= 1024; +- if (size < 1024) +- grub_printf (" %4" PRIuGRUB_UINT64_T "MB", size); +- else +- { +- size /= 1024; +- grub_printf (" %4" PRIuGRUB_UINT64_T "GB", size); +- } +- } ++ grub_printf (" %6" PRIuGRUB_UINT64_T "EiB", size >> 60); + + attr = desc->attribute; + if (attr & GRUB_EFI_MEMORY_RUNTIME) +@@ -122,6 +131,12 @@ grub_cmd_lsefimmap (grub_command_t cmd __attribute__ ((unused)), + grub_printf (" RP"); + if (attr & GRUB_EFI_MEMORY_XP) + grub_printf (" XP"); ++ if (attr & GRUB_EFI_MEMORY_NV) ++ grub_printf (" NV"); ++ if (attr & GRUB_EFI_MEMORY_MORE_RELIABLE) ++ grub_printf (" MR"); ++ if (attr & GRUB_EFI_MEMORY_RO) ++ grub_printf (" RO"); + + grub_printf ("\n"); + } +diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h +index 2bbfe34..c7c9f0e 100644 +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -49,6 +49,9 @@ + #define GRUB_EFI_MEMORY_WP 0x0000000000001000LL + #define GRUB_EFI_MEMORY_RP 0x0000000000002000LL + #define GRUB_EFI_MEMORY_XP 0x0000000000004000LL ++#define GRUB_EFI_MEMORY_NV 0x0000000000008000LL ++#define GRUB_EFI_MEMORY_MORE_RELIABLE 0x0000000000010000LL ++#define GRUB_EFI_MEMORY_RO 0x0000000000020000LL + #define GRUB_EFI_MEMORY_RUNTIME 0x8000000000000000LL + + #define GRUB_EFI_OPEN_PROTOCOL_BY_HANDLE_PROTOCOL 0x00000001 +-- +cgit v1.0-41-gc330 + diff -Nru grub2-2.02~beta2/debian/patches/git_pmem_really_mark_mem_reserved_3d2c8048.patch grub2-2.02~beta2/debian/patches/git_pmem_really_mark_mem_reserved_3d2c8048.patch --- grub2-2.02~beta2/debian/patches/git_pmem_really_mark_mem_reserved_3d2c8048.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/git_pmem_really_mark_mem_reserved_3d2c8048.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,65 @@ +From 3d2c8048da7db334fd6d57b27304ac765fd4cd67 Mon Sep 17 00:00:00 2001 +From: Andrei Borzenkov +Date: Thu, 26 Nov 2015 19:50:42 +0300 +Subject: efi: really mark memory of unknown type as reserved + +9be4c45dbe3c877d1f4856e99ee15133c6cd2261 added switch case between +fall through cases, causing all memory regions of unknown type to be +marked as available. + +Move default case into its own block and add explicit FALLTHROUGH +annotation. + +Reported by Elliott, Robert (Persistent Memory) +--- + grub-core/mmap/efi/mmap.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/grub-core/mmap/efi/mmap.c b/grub-core/mmap/efi/mmap.c +index a77efe8..900a4d6 100644 +--- a/grub-core/mmap/efi/mmap.c ++++ b/grub-core/mmap/efi/mmap.c +@@ -73,6 +73,7 @@ grub_efi_mmap_iterate (grub_memory_hook_t hook, void *hook_data, + GRUB_MEMORY_AVAILABLE, hook_data); + break; + } ++ /* FALLTHROUGH */ + case GRUB_EFI_RUNTIME_SERVICES_CODE: + hook (desc->physical_start, desc->num_pages * 4096, + GRUB_MEMORY_CODE, hook_data); +@@ -83,10 +84,6 @@ grub_efi_mmap_iterate (grub_memory_hook_t hook, void *hook_data, + GRUB_MEMORY_BADRAM, hook_data); + break; + +- default: +- grub_printf ("Unknown memory type %d, considering reserved\n", +- desc->type); +- + case GRUB_EFI_BOOT_SERVICES_DATA: + if (!avoid_efi_boot_services) + { +@@ -94,6 +91,7 @@ grub_efi_mmap_iterate (grub_memory_hook_t hook, void *hook_data, + GRUB_MEMORY_AVAILABLE, hook_data); + break; + } ++ /* FALLTHROUGH */ + case GRUB_EFI_RESERVED_MEMORY_TYPE: + case GRUB_EFI_RUNTIME_SERVICES_DATA: + case GRUB_EFI_MEMORY_MAPPED_IO: +@@ -119,6 +117,13 @@ grub_efi_mmap_iterate (grub_memory_hook_t hook, void *hook_data, + hook (desc->physical_start, desc->num_pages * 4096, + GRUB_MEMORY_NVS, hook_data); + break; ++ ++ default: ++ grub_printf ("Unknown memory type %d, considering reserved\n", ++ desc->type); ++ hook (desc->physical_start, desc->num_pages * 4096, ++ GRUB_MEMORY_RESERVED, hook_data); ++ break; + } + } + +-- +cgit v1.0-41-gc330 + diff -Nru grub2-2.02~beta2/debian/patches/git_pmem_translate_persistent_type_76ce1de7.patch grub2-2.02~beta2/debian/patches/git_pmem_translate_persistent_type_76ce1de7.patch --- grub2-2.02~beta2/debian/patches/git_pmem_translate_persistent_type_76ce1de7.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/git_pmem_translate_persistent_type_76ce1de7.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,97 @@ +From 76ce1de740f202985ffd7b2e980cf34c75a2dac3 Mon Sep 17 00:00:00 2001 +From: Robert Elliott +Date: Thu, 3 Dec 2015 11:38:36 -0600 +Subject: Translate UEFI persistent memory type +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Define +* GRUB_EFI_PERSISTENT_MEMORY (UEFI memory map type 14) per UEFI 2.5 +* GRUB_MEMORY_PERSISTENT (E820 type 7) per ACPI 3.0 +* GRUB_MEMORY_PERSISTENT_LEGACY (E820 unofficial type 12) per ACPI 3.0 + +and translate GRUB_EFI_PERSISTENT_MEMORY to GRUB_MEMORY_PERSISTENT in +grub_efi_mmap_iterate(). + +Includes +* adding the E820 names to lsmmap +* handling the E820 types in make_efi_memtype() + +Suggested-by: Vladimir 'φ-coder/phcoder' Serbinenko +Suggested-by: Andrei Borzenkov +--- + grub-core/commands/lsmmap.c | 2 ++ + grub-core/mmap/efi/mmap.c | 12 ++++++++++++ + include/grub/efi/api.h | 1 + + include/grub/memory.h | 2 ++ + 4 files changed, 17 insertions(+) + +Index: b/grub-core/commands/lsmmap.c +=================================================================== +--- a/grub-core/commands/lsmmap.c ++++ b/grub-core/commands/lsmmap.c +@@ -37,6 +37,8 @@ static const char *names[] = + is required to save accross hibernations. */ + [GRUB_MEMORY_NVS] = N_("ACPI non-volatile storage RAM"), + [GRUB_MEMORY_BADRAM] = N_("faulty RAM (BadRAM)"), ++ [GRUB_MEMORY_PERSISTENT] = N_("persistent RAM"), ++ [GRUB_MEMORY_PERSISTENT_LEGACY] = N_("persistent RAM (legacy)"), + [GRUB_MEMORY_COREBOOT_TABLES] = N_("RAM holding coreboot tables"), + [GRUB_MEMORY_CODE] = N_("RAM holding firmware code") + }; +Index: b/grub-core/mmap/efi/mmap.c +=================================================================== +--- a/grub-core/mmap/efi/mmap.c ++++ b/grub-core/mmap/efi/mmap.c +@@ -118,6 +118,11 @@ grub_efi_mmap_iterate (grub_memory_hook_ + GRUB_MEMORY_NVS, hook_data); + break; + ++ case GRUB_EFI_PERSISTENT_MEMORY: ++ hook (desc->physical_start, desc->num_pages * 4096, ++ GRUB_MEMORY_PERSISTENT, hook_data); ++ break; ++ + default: + grub_printf ("Unknown memory type %d, considering reserved\n", + desc->type); +@@ -147,6 +152,13 @@ make_efi_memtype (int type) + /* No way to remove a chunk of memory from EFI mmap. + So mark it as unusable. */ + case GRUB_MEMORY_HOLE: ++ /* ++ * AllocatePages() does not support GRUB_EFI_PERSISTENT_MEMORY, ++ * so no translation for GRUB_MEMORY_PERSISTENT or ++ * GRUB_MEMORY_PERSISTENT_LEGACY. ++ */ ++ case GRUB_MEMORY_PERSISTENT: ++ case GRUB_MEMORY_PERSISTENT_LEGACY: + case GRUB_MEMORY_RESERVED: + return GRUB_EFI_UNUSABLE_MEMORY; + +Index: b/include/grub/efi/api.h +=================================================================== +--- a/include/grub/efi/api.h ++++ b/include/grub/efi/api.h +@@ -441,6 +441,7 @@ enum grub_efi_memory_type + GRUB_EFI_MEMORY_MAPPED_IO, + GRUB_EFI_MEMORY_MAPPED_IO_PORT_SPACE, + GRUB_EFI_PAL_CODE, ++ GRUB_EFI_PERSISTENT_MEMORY, + GRUB_EFI_MAX_MEMORY_TYPE + }; + typedef enum grub_efi_memory_type grub_efi_memory_type_t; +Index: b/include/grub/memory.h +=================================================================== +--- a/include/grub/memory.h ++++ b/include/grub/memory.h +@@ -30,6 +30,8 @@ typedef enum grub_memory_type + GRUB_MEMORY_ACPI = 3, + GRUB_MEMORY_NVS = 4, + GRUB_MEMORY_BADRAM = 5, ++ GRUB_MEMORY_PERSISTENT = 7, ++ GRUB_MEMORY_PERSISTENT_LEGACY = 12, + GRUB_MEMORY_COREBOOT_TABLES = 16, + GRUB_MEMORY_CODE = 20, + /* This one is special: it's used internally but is never reported diff -Nru grub2-2.02~beta2/debian/patches/git_split_pmtimer_wait_tsc_d9a3bfea.patch grub2-2.02~beta2/debian/patches/git_split_pmtimer_wait_tsc_d9a3bfea.patch --- grub2-2.02~beta2/debian/patches/git_split_pmtimer_wait_tsc_d9a3bfea.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/git_split_pmtimer_wait_tsc_d9a3bfea.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,161 @@ +From d9a3bfead8236377c2f46eb75c4fd7fef93696ea Mon Sep 17 00:00:00 2001 +From: Vladimir Serbinenko +Date: Fri, 12 Feb 2016 10:40:51 +0000 +Subject: Split pmtimer wait and tsc measurement from pmtimer tsc calibration. + +--- +--- + grub-core/Makefile.am | 2 + + grub-core/kern/i386/tsc_pmtimer.c | 47 ++++++++++++++++++++++++-------------- + include/grub/i386/pmtimer.h | 37 +++++++++++++++++++++++++++++ + 3 files changed, 69 insertions(+), 17 deletions(-) + +Index: b/grub-core/Makefile.am +=================================================================== +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -100,6 +100,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/inc + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i386/tsc.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/pci.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i386/pmtimer.h + endif + + if COND_i386_coreboot +@@ -155,6 +156,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/inc + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i386/tsc.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/pci.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i386/pmtimer.h + endif + + if COND_ia64_efi +Index: b/grub-core/kern/i386/tsc_pmtimer.c +=================================================================== +--- a/grub-core/kern/i386/tsc_pmtimer.c ++++ b/grub-core/kern/i386/tsc_pmtimer.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -112,41 +113,31 @@ grub_acpi_find_fadt (void) + return 0; + } + +-int +-grub_tsc_calibrate_from_pmtimer (void) ++grub_uint64_t ++grub_pmtimer_wait_count_tsc (grub_port_t pmtimer, ++ grub_uint16_t num_pm_ticks) + { + grub_uint32_t start; + grub_uint32_t last; + grub_uint32_t cur, end; +- struct grub_acpi_fadt *fadt; +- grub_port_t p; + grub_uint64_t start_tsc; + grub_uint64_t end_tsc; + int num_iter = 0; + +- fadt = grub_acpi_find_fadt (); +- if (!fadt) +- return 0; +- p = fadt->pmtimer; +- if (!p) +- return 0; +- +- start = grub_inl (p) & 0xffffff; ++ start = grub_inl (pmtimer) & 0xffffff; + last = start; +- /* It's 3.579545 MHz clock. Wait 1 ms. */ +- end = start + 3580; ++ end = start + num_pm_ticks; + start_tsc = grub_get_tsc (); + while (1) + { +- cur = grub_inl (p) & 0xffffff; ++ cur = grub_inl (pmtimer) & 0xffffff; + if (cur < last) + cur |= 0x1000000; + num_iter++; + if (cur >= end) + { + end_tsc = grub_get_tsc (); +- grub_tsc_rate = grub_divmod64 ((1ULL << 32), end_tsc - start_tsc, 0); +- return 1; ++ return end_tsc - start_tsc; + } + /* Check for broken PM timer. + 50000000 TSCs is between 5 ms (10GHz) and 200 ms (250 MHz) +@@ -158,3 +149,25 @@ grub_tsc_calibrate_from_pmtimer (void) + } + } + } ++ ++int ++grub_tsc_calibrate_from_pmtimer (void) ++{ ++ struct grub_acpi_fadt *fadt; ++ grub_port_t pmtimer; ++ grub_uint64_t tsc_diff; ++ ++ fadt = grub_acpi_find_fadt (); ++ if (!fadt) ++ return 0; ++ pmtimer = fadt->pmtimer; ++ if (!pmtimer) ++ return 0; ++ ++ /* It's 3.579545 MHz clock. Wait 1 ms. */ ++ tsc_diff = grub_pmtimer_wait_count_tsc (pmtimer, 3580); ++ if (tsc_diff == 0) ++ return 0; ++ grub_tsc_rate = grub_divmod64 ((1ULL << 32), tsc_diff, 0); ++ return 1; ++} +Index: b/include/grub/i386/pmtimer.h +=================================================================== +--- /dev/null ++++ b/include/grub/i386/pmtimer.h +@@ -0,0 +1,37 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2008,2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef KERNEL_CPU_PMTIMER_HEADER ++#define KERNEL_CPU_PMTIMER_HEADER 1 ++ ++#include ++#include ++ ++/* ++ Preconditions: ++ * Caller has ensured that both pmtimer and tsc are supported ++ * 1 <= num_pm_ticks <= 3580 ++ Return: ++ * Number of TSC ticks elapsed ++ * 0 on failure. ++*/ ++grub_uint64_t ++EXPORT_FUNC(grub_pmtimer_wait_count_tsc) (grub_port_t pmtimer, ++ grub_uint16_t num_pm_ticks); ++ ++#endif diff -Nru grub2-2.02~beta2/debian/patches/git_tsc_use_alt_delay_sources_d43a5ee6.patch grub2-2.02~beta2/debian/patches/git_tsc_use_alt_delay_sources_d43a5ee6.patch --- grub2-2.02~beta2/debian/patches/git_tsc_use_alt_delay_sources_d43a5ee6.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/git_tsc_use_alt_delay_sources_d43a5ee6.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,940 @@ +From d43a5ee65143f384357fbfdcace4258e3537c214 Mon Sep 17 00:00:00 2001 +From: Vladimir Serbinenko +Date: Fri, 13 Nov 2015 15:14:53 +0000 +Subject: tsc: Use alternative delay sources whenever appropriate. + +PIT isn't available on some of new hardware including Hyper-V. So +use pmtimer for calibration. Moreover pmtimer calibration is faster, so +use it on coreboor where booting time is important. + +Based on patch by Michael Chang. +--- +--- + grub-core/Makefile.am | 7 + + grub-core/Makefile.core.def | 19 +++- + grub-core/commands/acpi.c | 12 -- + grub-core/kern/acpi.c | 34 ++++++++ + grub-core/kern/efi/acpi.c | 59 ++++++++++++++ + grub-core/kern/i386/efi/tsc.c | 40 +++++++++ + grub-core/kern/i386/pc/acpi.c | 83 +++++++++++++++++++ + grub-core/kern/i386/tsc.c | 121 ++++++---------------------- + grub-core/kern/i386/tsc_pit.c | 84 +++++++++++++++++++ + grub-core/kern/i386/tsc_pmtimer.c | 160 ++++++++++++++++++++++++++++++++++++++ + grub-core/kern/i386/xen/tsc.c | 40 +++++++++ + include/grub/acpi.h | 17 ++-- + include/grub/i386/tsc.h | 26 ++++++ + 13 files changed, 589 insertions(+), 113 deletions(-) + +Index: b/grub-core/Makefile.am +=================================================================== +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -99,6 +99,7 @@ if COND_i386_efi + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/efi.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/disk.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i386/tsc.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/pci.h + endif + +@@ -110,10 +111,12 @@ KERNEL_HEADER_FILES += $(top_srcdir)/inc + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/gfxterm.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/font.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/bufio.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h + endif + + if COND_i386_multiboot + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i386/tsc.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h + endif + + if COND_i386_qemu +@@ -152,11 +155,13 @@ KERNEL_HEADER_FILES += $(top_srcdir)/inc + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/disk.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i386/tsc.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/pci.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h + endif + + if COND_ia64_efi + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/efi.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/disk.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h + endif + + if COND_mips +@@ -231,11 +236,13 @@ KERNEL_HEADER_FILES += $(top_srcdir)/inc + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/efi.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/disk.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/arm/system.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h + endif + + if COND_arm64_efi + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/efi.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/disk.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/acpi.h + endif + + if COND_emu +Index: b/grub-core/Makefile.core.def +=================================================================== +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -174,9 +174,21 @@ kernel = { + efi = kern/efi/init.c; + efi = kern/efi/mm.c; + efi = term/efi/console.c; ++ efi = kern/acpi.c; ++ efi = kern/efi/acpi.c; ++ i386_coreboot = kern/i386/pc/acpi.c; ++ i386_multiboot = kern/i386/pc/acpi.c; ++ i386_coreboot = kern/acpi.c; ++ i386_multiboot = kern/acpi.c; + common = kern/efi/sb.c; + + x86 = kern/i386/tsc.c; ++ x86 = kern/i386/tsc_pit.c; ++ i386_efi = kern/i386/efi/tsc.c; ++ x86_64_efi = kern/i386/efi/tsc.c; ++ i386_efi = kern/i386/tsc_pmtimer.c; ++ i386_coreboot = kern/i386/tsc_pmtimer.c; ++ x86_64_efi = kern/i386/tsc_pmtimer.c; + + i386_efi = kern/i386/efi/init.c; + i386_efi = bus/pci.c; +@@ -188,6 +200,7 @@ kernel = { + x86_64_efi = bus/pci.c; + + xen = kern/i386/tsc.c; ++ xen = kern/i386/xen/tsc.c; + x86_64_xen = kern/x86_64/xen/hypercall.S; + i386_xen = kern/i386/xen/hypercall.S; + xen = kern/xen/init.c; +@@ -686,10 +699,8 @@ module = { + name = acpi; + + common = commands/acpi.c; +- efi = commands/efi/acpi.c; +- i386_pc = commands/i386/pc/acpi.c; +- i386_coreboot = commands/i386/pc/acpi.c; +- i386_multiboot = commands/i386/pc/acpi.c; ++ i386_pc = kern/acpi.c; ++ i386_pc = kern/i386/pc/acpi.c; + + enable = efi; + enable = i386_pc; +Index: b/grub-core/commands/acpi.c +=================================================================== +--- a/grub-core/commands/acpi.c ++++ b/grub-core/commands/acpi.c +@@ -61,18 +61,6 @@ static const struct grub_arg_option opti + {0, 0, 0, 0, 0, 0} + }; + +-/* Simple checksum by summing all bytes. Used by ACPI and SMBIOS. */ +-grub_uint8_t +-grub_byte_checksum (void *base, grub_size_t size) +-{ +- grub_uint8_t *ptr; +- grub_uint8_t ret = 0; +- for (ptr = (grub_uint8_t *) base; ptr < ((grub_uint8_t *) base) + size; +- ptr++) +- ret += *ptr; +- return ret; +-} +- + /* rev1 is 1 if ACPIv1 is to be generated, 0 otherwise. + rev2 contains the revision of ACPIv2+ to generate or 0 if none. */ + static int rev1, rev2; +Index: b/grub-core/kern/acpi.c +=================================================================== +--- /dev/null ++++ b/grub-core/kern/acpi.c +@@ -0,0 +1,34 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2012 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++ ++/* Simple checksum by summing all bytes. Used by ACPI and SMBIOS. */ ++grub_uint8_t ++grub_byte_checksum (void *base, grub_size_t size) ++{ ++ grub_uint8_t *ptr; ++ grub_uint8_t ret = 0; ++ for (ptr = (grub_uint8_t *) base; ptr < ((grub_uint8_t *) base) + size; ++ ptr++) ++ ret += *ptr; ++ return ret; ++} +Index: b/grub-core/kern/efi/acpi.c +=================================================================== +--- /dev/null ++++ b/grub-core/kern/efi/acpi.c +@@ -0,0 +1,59 @@ ++/* acpi.c - get acpi tables. */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++ ++struct grub_acpi_rsdp_v10 * ++grub_machine_acpi_get_rsdpv1 (void) ++{ ++ unsigned i; ++ static grub_efi_packed_guid_t acpi_guid = GRUB_EFI_ACPI_TABLE_GUID; ++ ++ for (i = 0; i < grub_efi_system_table->num_table_entries; i++) ++ { ++ grub_efi_packed_guid_t *guid = ++ &grub_efi_system_table->configuration_table[i].vendor_guid; ++ ++ if (! grub_memcmp (guid, &acpi_guid, sizeof (grub_efi_packed_guid_t))) ++ return (struct grub_acpi_rsdp_v10 *) ++ grub_efi_system_table->configuration_table[i].vendor_table; ++ } ++ return 0; ++} ++ ++struct grub_acpi_rsdp_v20 * ++grub_machine_acpi_get_rsdpv2 (void) ++{ ++ unsigned i; ++ static grub_efi_packed_guid_t acpi20_guid = GRUB_EFI_ACPI_20_TABLE_GUID; ++ ++ for (i = 0; i < grub_efi_system_table->num_table_entries; i++) ++ { ++ grub_efi_packed_guid_t *guid = ++ &grub_efi_system_table->configuration_table[i].vendor_guid; ++ ++ if (! grub_memcmp (guid, &acpi20_guid, sizeof (grub_efi_packed_guid_t))) ++ return (struct grub_acpi_rsdp_v20 *) ++ grub_efi_system_table->configuration_table[i].vendor_table; ++ } ++ return 0; ++} +Index: b/grub-core/kern/i386/efi/tsc.c +=================================================================== +--- /dev/null ++++ b/grub-core/kern/i386/efi/tsc.c +@@ -0,0 +1,40 @@ ++/* kern/i386/tsc.c - x86 TSC time source implementation ++ * Requires Pentium or better x86 CPU that supports the RDTSC instruction. ++ * This module uses the PIT to calibrate the TSC to ++ * real time. ++ * ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2008 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++int ++grub_tsc_calibrate_from_efi (void) ++{ ++ grub_uint64_t start_tsc, end_tsc; ++ /* Use EFI Time Service to calibrate TSC */ ++ start_tsc = grub_get_tsc (); ++ efi_call_1 (grub_efi_system_table->boot_services->stall, 1000); ++ end_tsc = grub_get_tsc (); ++ grub_tsc_rate = grub_divmod64 ((1ULL << 32), end_tsc - start_tsc, 0); ++ return 1; ++} +Index: b/grub-core/kern/i386/pc/acpi.c +=================================================================== +--- /dev/null ++++ b/grub-core/kern/i386/pc/acpi.c +@@ -0,0 +1,83 @@ ++/* acpi.c - get acpi tables. */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++ ++struct grub_acpi_rsdp_v10 * ++grub_machine_acpi_get_rsdpv1 (void) ++{ ++ int ebda_len; ++ grub_uint8_t *ebda, *ptr; ++ ++ grub_dprintf ("acpi", "Looking for RSDP. Scanning EBDA\n"); ++ ebda = (grub_uint8_t *) ((* ((grub_uint16_t *) 0x40e)) << 4); ++ ebda_len = * (grub_uint16_t *) ebda; ++ if (! ebda_len) /* FIXME do we really need this check? */ ++ goto scan_bios; ++ for (ptr = ebda; ptr < ebda + 0x400; ptr += 16) ++ if (grub_memcmp (ptr, GRUB_RSDP_SIGNATURE, GRUB_RSDP_SIGNATURE_SIZE) == 0 ++ && grub_byte_checksum (ptr, sizeof (struct grub_acpi_rsdp_v10)) == 0 ++ && ((struct grub_acpi_rsdp_v10 *) ptr)->revision == 0) ++ return (struct grub_acpi_rsdp_v10 *) ptr; ++ ++scan_bios: ++ grub_dprintf ("acpi", "Looking for RSDP. Scanning BIOS\n"); ++ for (ptr = (grub_uint8_t *) 0xe0000; ptr < (grub_uint8_t *) 0x100000; ++ ptr += 16) ++ if (grub_memcmp (ptr, GRUB_RSDP_SIGNATURE, GRUB_RSDP_SIGNATURE_SIZE) == 0 ++ && grub_byte_checksum (ptr, sizeof (struct grub_acpi_rsdp_v10)) == 0 ++ && ((struct grub_acpi_rsdp_v10 *) ptr)->revision == 0) ++ return (struct grub_acpi_rsdp_v10 *) ptr; ++ return 0; ++} ++ ++struct grub_acpi_rsdp_v20 * ++grub_machine_acpi_get_rsdpv2 (void) ++{ ++ int ebda_len; ++ grub_uint8_t *ebda, *ptr; ++ ++ grub_dprintf ("acpi", "Looking for RSDP. Scanning EBDA\n"); ++ ebda = (grub_uint8_t *) ((* ((grub_uint16_t *) 0x40e)) << 4); ++ ebda_len = * (grub_uint16_t *) ebda; ++ if (! ebda_len) /* FIXME do we really need this check? */ ++ goto scan_bios; ++ for (ptr = ebda; ptr < ebda + 0x400; ptr += 16) ++ if (grub_memcmp (ptr, GRUB_RSDP_SIGNATURE, GRUB_RSDP_SIGNATURE_SIZE) == 0 ++ && grub_byte_checksum (ptr, sizeof (struct grub_acpi_rsdp_v10)) == 0 ++ && ((struct grub_acpi_rsdp_v10 *) ptr)->revision != 0 ++ && ((struct grub_acpi_rsdp_v20 *) ptr)->length < 1024 ++ && grub_byte_checksum (ptr, ((struct grub_acpi_rsdp_v20 *) ptr)->length) ++ == 0) ++ return (struct grub_acpi_rsdp_v20 *) ptr; ++ ++scan_bios: ++ grub_dprintf ("acpi", "Looking for RSDP. Scanning BIOS\n"); ++ for (ptr = (grub_uint8_t *) 0xe0000; ptr < (grub_uint8_t *) 0x100000; ++ ptr += 16) ++ if (grub_memcmp (ptr, GRUB_RSDP_SIGNATURE, GRUB_RSDP_SIGNATURE_SIZE) == 0 ++ && grub_byte_checksum (ptr, sizeof (struct grub_acpi_rsdp_v10)) == 0 ++ && ((struct grub_acpi_rsdp_v10 *) ptr)->revision != 0 ++ && ((struct grub_acpi_rsdp_v20 *) ptr)->length < 1024 ++ && grub_byte_checksum (ptr, ((struct grub_acpi_rsdp_v20 *) ptr)->length) ++ == 0) ++ return (struct grub_acpi_rsdp_v20 *) ptr; ++ return 0; ++} +Index: b/grub-core/kern/i386/tsc_pit.c +=================================================================== +--- /dev/null ++++ b/grub-core/kern/i386/tsc_pit.c +@@ -0,0 +1,84 @@ ++/* kern/i386/tsc.c - x86 TSC time source implementation ++ * Requires Pentium or better x86 CPU that supports the RDTSC instruction. ++ * This module uses the PIT to calibrate the TSC to ++ * real time. ++ * ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2008 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static int ++grub_pit_wait (void) ++{ ++ int ret = 0; ++ ++ /* Disable timer2 gate and speaker. */ ++ grub_outb (grub_inb (GRUB_PIT_SPEAKER_PORT) ++ & ~ (GRUB_PIT_SPK_DATA | GRUB_PIT_SPK_TMR2), ++ GRUB_PIT_SPEAKER_PORT); ++ ++ /* Set tics. */ ++ grub_outb (GRUB_PIT_CTRL_SELECT_2 | GRUB_PIT_CTRL_READLOAD_WORD, ++ GRUB_PIT_CTRL); ++ /* 0xffff ticks: 55ms. */ ++ grub_outb (0xff, GRUB_PIT_COUNTER_2); ++ grub_outb (0xff, GRUB_PIT_COUNTER_2); ++ ++ /* Enable timer2 gate, keep speaker disabled. */ ++ grub_outb ((grub_inb (GRUB_PIT_SPEAKER_PORT) & ~ GRUB_PIT_SPK_DATA) ++ | GRUB_PIT_SPK_TMR2, ++ GRUB_PIT_SPEAKER_PORT); ++ ++ if ((grub_inb (GRUB_PIT_SPEAKER_PORT) & GRUB_PIT_SPK_TMR2_LATCH)) { ++ ret = 1; ++ /* Wait. */ ++ while ((grub_inb (GRUB_PIT_SPEAKER_PORT) & GRUB_PIT_SPK_TMR2_LATCH) == 0x00); ++ } ++ ++ /* Disable timer2 gate and speaker. */ ++ grub_outb (grub_inb (GRUB_PIT_SPEAKER_PORT) ++ & ~ (GRUB_PIT_SPK_DATA | GRUB_PIT_SPK_TMR2), ++ GRUB_PIT_SPEAKER_PORT); ++ ++ return ret; ++} ++ ++/* Calibrate the TSC based on the RTC. */ ++int ++grub_tsc_calibrate_from_pit (void) ++{ ++ /* First calibrate the TSC rate (relative, not absolute time). */ ++ grub_uint64_t start_tsc, end_tsc; ++ ++ start_tsc = grub_get_tsc (); ++ if (!grub_pit_wait ()) ++ return 0; ++ end_tsc = grub_get_tsc (); ++ ++ grub_tsc_rate = 0; ++ if (end_tsc > start_tsc) ++ grub_tsc_rate = grub_divmod64 ((55ULL << 32), end_tsc - start_tsc, 0); ++ if (grub_tsc_rate == 0) ++ return 0; ++ return 1; ++} +Index: b/grub-core/kern/i386/tsc_pmtimer.c +=================================================================== +--- /dev/null ++++ b/grub-core/kern/i386/tsc_pmtimer.c +@@ -0,0 +1,160 @@ ++/* kern/i386/tsc.c - x86 TSC time source implementation ++ * Requires Pentium or better x86 CPU that supports the RDTSC instruction. ++ * This module uses the PIT to calibrate the TSC to ++ * real time. ++ * ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2008 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static void * ++grub_acpi_rsdt_find_table (struct grub_acpi_table_header *rsdt, const char *sig) ++{ ++ grub_size_t s; ++ grub_uint32_t *ptr; ++ ++ if (!rsdt) ++ return 0; ++ ++ if (grub_memcmp (rsdt->signature, "RSDT", 4) != 0) ++ return 0; ++ ++ ptr = (grub_uint32_t *) (rsdt + 1); ++ s = (rsdt->length - sizeof (*rsdt)) / sizeof (grub_uint32_t); ++ for (; s; s--, ptr++) ++ { ++ struct grub_acpi_table_header *tbl; ++ tbl = (struct grub_acpi_table_header *) (grub_addr_t) *ptr; ++ if (grub_memcmp (tbl->signature, sig, 4) == 0) ++ return tbl; ++ } ++ return 0; ++} ++ ++static void * ++grub_acpi_xsdt_find_table (struct grub_acpi_table_header *xsdt, const char *sig) ++{ ++ grub_size_t s; ++ grub_uint64_t *ptr; ++ ++ if (!xsdt) ++ return 0; ++ ++ if (grub_memcmp (xsdt->signature, "XSDT", 4) != 0) ++ return 0; ++ ++ ptr = (grub_uint64_t *) (xsdt + 1); ++ s = (xsdt->length - sizeof (*xsdt)) / sizeof (grub_uint32_t); ++ for (; s; s--, ptr++) ++ { ++ struct grub_acpi_table_header *tbl; ++#if GRUB_CPU_SIZEOF_VOID_P != 8 ++ if (*ptr >> 32) ++ continue; ++#endif ++ tbl = (struct grub_acpi_table_header *) (grub_addr_t) *ptr; ++ if (grub_memcmp (tbl->signature, sig, 4) == 0) ++ return tbl; ++ } ++ return 0; ++} ++ ++struct grub_acpi_fadt * ++grub_acpi_find_fadt (void) ++{ ++ struct grub_acpi_fadt *fadt = 0; ++ struct grub_acpi_rsdp_v10 *rsdpv1; ++ struct grub_acpi_rsdp_v20 *rsdpv2; ++ rsdpv1 = grub_machine_acpi_get_rsdpv1 (); ++ if (rsdpv1) ++ fadt = grub_acpi_rsdt_find_table ((struct grub_acpi_table_header *) ++ (grub_addr_t) rsdpv1->rsdt_addr, ++ GRUB_ACPI_FADT_SIGNATURE); ++ if (fadt) ++ return fadt; ++ rsdpv2 = grub_machine_acpi_get_rsdpv2 (); ++ if (rsdpv2) ++ fadt = grub_acpi_rsdt_find_table ((struct grub_acpi_table_header *) ++ (grub_addr_t) rsdpv2->rsdpv1.rsdt_addr, ++ GRUB_ACPI_FADT_SIGNATURE); ++ if (fadt) ++ return fadt; ++ if (rsdpv2 ++#if GRUB_CPU_SIZEOF_VOID_P != 8 ++ && !(rsdpv2->xsdt_addr >> 32) ++#endif ++ ) ++ fadt = grub_acpi_xsdt_find_table ((struct grub_acpi_table_header *) ++ (grub_addr_t) rsdpv2->xsdt_addr, ++ GRUB_ACPI_FADT_SIGNATURE); ++ if (fadt) ++ return fadt; ++ return 0; ++} ++ ++int ++grub_tsc_calibrate_from_pmtimer (void) ++{ ++ grub_uint32_t start; ++ grub_uint32_t last; ++ grub_uint32_t cur, end; ++ struct grub_acpi_fadt *fadt; ++ grub_port_t p; ++ grub_uint64_t start_tsc; ++ grub_uint64_t end_tsc; ++ int num_iter = 0; ++ ++ fadt = grub_acpi_find_fadt (); ++ if (!fadt) ++ return 0; ++ p = fadt->pmtimer; ++ if (!p) ++ return 0; ++ ++ start = grub_inl (p) & 0xffffff; ++ last = start; ++ /* It's 3.579545 MHz clock. Wait 1 ms. */ ++ end = start + 3580; ++ start_tsc = grub_get_tsc (); ++ while (1) ++ { ++ cur = grub_inl (p) & 0xffffff; ++ if (cur < last) ++ cur |= 0x1000000; ++ num_iter++; ++ if (cur >= end) ++ { ++ end_tsc = grub_get_tsc (); ++ grub_tsc_rate = grub_divmod64 ((1ULL << 32), end_tsc - start_tsc, 0); ++ return 1; ++ } ++ /* Check for broken PM timer. ++ 50000000 TSCs is between 5 ms (10GHz) and 200 ms (250 MHz) ++ if after this time we still don't have 1 ms on pmtimer, then ++ pmtimer is broken. ++ */ ++ if ((num_iter & 0xffffff) == 0 && grub_get_tsc () - start_tsc > 5000000) { ++ return 0; ++ } ++ } ++} +Index: b/grub-core/kern/i386/xen/tsc.c +=================================================================== +--- /dev/null ++++ b/grub-core/kern/i386/xen/tsc.c +@@ -0,0 +1,40 @@ ++/* kern/i386/tsc.c - x86 TSC time source implementation ++ * Requires Pentium or better x86 CPU that supports the RDTSC instruction. ++ * This module uses the PIT to calibrate the TSC to ++ * real time. ++ * ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2008 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++int ++grub_tsc_calibrate_from_xen (void) ++{ ++ grub_uint64_t t; ++ t = grub_xen_shared_info->vcpu_info[0].time.tsc_to_system_mul; ++ if (grub_xen_shared_info->vcpu_info[0].time.tsc_shift > 0) ++ t <<= grub_xen_shared_info->vcpu_info[0].time.tsc_shift; ++ else ++ t >>= -grub_xen_shared_info->vcpu_info[0].time.tsc_shift; ++ grub_tsc_rate = grub_divmod64 (t, 1000000, 0); ++ return 1; ++} +Index: b/include/grub/acpi.h +=================================================================== +--- a/include/grub/acpi.h ++++ b/include/grub/acpi.h +@@ -67,10 +67,14 @@ struct grub_acpi_fadt + grub_uint32_t dsdt_addr; + grub_uint8_t somefields1[20]; + grub_uint32_t pm1a; +- grub_uint8_t somefields2[64]; ++ grub_uint8_t somefields2[8]; ++ grub_uint32_t pmtimer; ++ grub_uint8_t somefields3[32]; ++ grub_uint32_t flags; ++ grub_uint8_t somefields4[16]; + grub_uint64_t facs_xaddr; + grub_uint64_t dsdt_xaddr; +- grub_uint8_t somefields3[96]; ++ grub_uint8_t somefields5[96]; + } GRUB_PACKED; + + #define GRUB_ACPI_MADT_SIGNATURE "APIC" +@@ -176,9 +180,9 @@ enum + #ifndef GRUB_DSDT_TEST + struct grub_acpi_rsdp_v10 *grub_acpi_get_rsdpv1 (void); + struct grub_acpi_rsdp_v20 *grub_acpi_get_rsdpv2 (void); +-struct grub_acpi_rsdp_v10 *grub_machine_acpi_get_rsdpv1 (void); +-struct grub_acpi_rsdp_v20 *grub_machine_acpi_get_rsdpv2 (void); +-grub_uint8_t grub_byte_checksum (void *base, grub_size_t size); ++struct grub_acpi_rsdp_v10 *EXPORT_FUNC(grub_machine_acpi_get_rsdpv1) (void); ++struct grub_acpi_rsdp_v20 *EXPORT_FUNC(grub_machine_acpi_get_rsdpv2) (void); ++grub_uint8_t EXPORT_FUNC(grub_byte_checksum) (void *base, grub_size_t size); + + grub_err_t grub_acpi_create_ebda (void); + +@@ -235,4 +239,7 @@ enum + GRUB_ACPI_EXTOPCODE_BANK_FIELD_OP = 0x87, + }; + ++struct grub_acpi_fadt * ++grub_acpi_find_fadt (void); ++ + #endif /* ! GRUB_ACPI_HEADER */ +Index: b/include/grub/i386/tsc.h +=================================================================== +--- a/include/grub/i386/tsc.h ++++ b/include/grub/i386/tsc.h +@@ -20,9 +20,35 @@ + #define KERNEL_CPU_TSC_HEADER 1 + + #include ++#include + + void grub_tsc_init (void); + /* In ms per 2^32 ticks. */ + extern grub_uint32_t EXPORT_VAR(grub_tsc_rate); ++int ++grub_tsc_calibrate_from_xen (void); ++int ++grub_tsc_calibrate_from_efi (void); ++int ++grub_tsc_calibrate_from_pmtimer (void); ++int ++grub_tsc_calibrate_from_pit (void); ++ ++/* Read the TSC value, which increments with each CPU clock cycle. */ ++static __inline grub_uint64_t ++grub_get_tsc (void) ++{ ++ grub_uint32_t lo, hi; ++ grub_uint32_t a,b,c,d; ++ ++ /* The CPUID instruction is a 'serializing' instruction, and ++ avoids out-of-order execution of the RDTSC instruction. */ ++ grub_cpuid (0,a,b,c,d); ++ /* Read TSC value. We cannot use "=A", since this would use ++ %rax on x86_64. */ ++ __asm__ __volatile__ ("rdtsc":"=a" (lo), "=d" (hi)); ++ ++ return (((grub_uint64_t) hi) << 32) | lo; ++} + + #endif /* ! KERNEL_CPU_TSC_HEADER */ +Index: b/grub-core/kern/i386/tsc.c +=================================================================== +--- a/grub-core/kern/i386/tsc.c ++++ b/grub-core/kern/i386/tsc.c +@@ -1,7 +1,6 @@ + /* kern/i386/tsc.c - x86 TSC time source implementation + * Requires Pentium or better x86 CPU that supports the RDTSC instruction. +- * This module uses the RTC (via grub_get_rtc()) to calibrate the TSC to +- * real time. ++ * This module calibrates the TSC to real time. + * + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2008 Free Software Foundation, Inc. +@@ -25,12 +24,6 @@ + #include + #include + #include +-#ifdef GRUB_MACHINE_XEN +-#include +-#else +-#include +-#endif +-#include + + /* This defines the value TSC had at the epoch (that is, when we calibrated it). */ + static grub_uint64_t tsc_boot_time; +@@ -40,26 +33,20 @@ static grub_uint64_t tsc_boot_time; + in 32-bit. */ + grub_uint32_t grub_tsc_rate; + +-/* Read the TSC value, which increments with each CPU clock cycle. */ +-static __inline grub_uint64_t +-grub_get_tsc (void) ++static grub_uint64_t ++grub_tsc_get_time_ms (void) + { +- grub_uint32_t lo, hi; +- grub_uint32_t a,b,c,d; +- +- /* The CPUID instruction is a 'serializing' instruction, and +- avoids out-of-order execution of the RDTSC instruction. */ +- grub_cpuid (0,a,b,c,d); +- /* Read TSC value. We cannot use "=A", since this would use +- %rax on x86_64. */ +- __asm__ __volatile__ ("rdtsc":"=a" (lo), "=d" (hi)); +- +- return (((grub_uint64_t) hi) << 32) | lo; ++ grub_uint64_t a = grub_get_tsc () - tsc_boot_time; ++ grub_uint64_t ah = a >> 32; ++ grub_uint64_t al = a & 0xffffffff; ++ ++ return ((al * grub_tsc_rate) >> 32) + ah * grub_tsc_rate; + } + + static __inline int + grub_cpu_is_tsc_supported (void) + { ++#ifndef GRUB_MACHINE_XEN + grub_uint32_t a,b,c,d; + if (! grub_cpu_is_cpuid_supported ()) + return 0; +@@ -67,91 +54,41 @@ grub_cpu_is_tsc_supported (void) + grub_cpuid(1,a,b,c,d); + + return (d & (1 << 4)) != 0; +-} +- +-#ifndef GRUB_MACHINE_XEN +- +-static void +-grub_pit_wait (grub_uint16_t tics) +-{ +- /* Disable timer2 gate and speaker. */ +- grub_outb (grub_inb (GRUB_PIT_SPEAKER_PORT) +- & ~ (GRUB_PIT_SPK_DATA | GRUB_PIT_SPK_TMR2), +- GRUB_PIT_SPEAKER_PORT); +- +- /* Set tics. */ +- grub_outb (GRUB_PIT_CTRL_SELECT_2 | GRUB_PIT_CTRL_READLOAD_WORD, +- GRUB_PIT_CTRL); +- grub_outb (tics & 0xff, GRUB_PIT_COUNTER_2); +- grub_outb (tics >> 8, GRUB_PIT_COUNTER_2); +- +- /* Enable timer2 gate, keep speaker disabled. */ +- grub_outb ((grub_inb (GRUB_PIT_SPEAKER_PORT) & ~ GRUB_PIT_SPK_DATA) +- | GRUB_PIT_SPK_TMR2, +- GRUB_PIT_SPEAKER_PORT); +- +- /* Wait. */ +- while ((grub_inb (GRUB_PIT_SPEAKER_PORT) & GRUB_PIT_SPK_TMR2_LATCH) == 0x00); +- +- /* Disable timer2 gate and speaker. */ +- grub_outb (grub_inb (GRUB_PIT_SPEAKER_PORT) +- & ~ (GRUB_PIT_SPK_DATA | GRUB_PIT_SPK_TMR2), +- GRUB_PIT_SPEAKER_PORT); +-} ++#else ++ return 1; + #endif +- +-static grub_uint64_t +-grub_tsc_get_time_ms (void) +-{ +- grub_uint64_t a = grub_get_tsc () - tsc_boot_time; +- grub_uint64_t ah = a >> 32; +- grub_uint64_t al = a & 0xffffffff; +- +- return ((al * grub_tsc_rate) >> 32) + ah * grub_tsc_rate; + } + +-#ifndef GRUB_MACHINE_XEN +-/* Calibrate the TSC based on the RTC. */ +-static void +-calibrate_tsc (void) ++static int ++calibrate_tsc_hardcode (void) + { +- /* First calibrate the TSC rate (relative, not absolute time). */ +- grub_uint64_t end_tsc; +- +- tsc_boot_time = grub_get_tsc (); +- grub_pit_wait (0xffff); +- end_tsc = grub_get_tsc (); +- +- grub_tsc_rate = grub_divmod64 ((55ULL << 32), end_tsc - tsc_boot_time, 0); ++ grub_tsc_rate = 5368;/* 800 MHz */ ++ return 1; + } +-#endif + + void + grub_tsc_init (void) + { +-#ifdef GRUB_MACHINE_XEN +- grub_uint64_t t; +- tsc_boot_time = grub_get_tsc (); +- t = grub_xen_shared_info->vcpu_info[0].time.tsc_to_system_mul; +- if (grub_xen_shared_info->vcpu_info[0].time.tsc_shift > 0) +- t <<= grub_xen_shared_info->vcpu_info[0].time.tsc_shift; +- else +- t >>= -grub_xen_shared_info->vcpu_info[0].time.tsc_shift; +- grub_tsc_rate = grub_divmod64 (t, 1000000, 0); +- grub_install_get_time_ms (grub_tsc_get_time_ms); +-#else +- if (grub_cpu_is_tsc_supported ()) +- { +- calibrate_tsc (); +- grub_install_get_time_ms (grub_tsc_get_time_ms); +- } +- else ++ if (!grub_cpu_is_tsc_supported ()) + { + #if defined (GRUB_MACHINE_PCBIOS) || defined (GRUB_MACHINE_IEEE1275) + grub_install_get_time_ms (grub_rtc_get_time_ms); + #else + grub_fatal ("no TSC found"); + #endif ++ return; + } ++ ++ tsc_boot_time = grub_get_tsc (); ++ ++#ifdef GRUB_MACHINE_XEN ++ (void) (grub_tsc_calibrate_from_xen () || calibrate_tsc_hardcode()); ++#elif defined (GRUB_MACHINE_EFI) ++ (void) (grub_tsc_calibrate_from_pit () || grub_tsc_calibrate_from_pmtimer () || grub_tsc_calibrate_from_efi() || calibrate_tsc_hardcode()); ++#elif defined (GRUB_MACHINE_COREBOOT) ++ (void) (grub_tsc_calibrate_from_pmtimer () || grub_tsc_calibrate_from_pit () || calibrate_tsc_hardcode()); ++#else ++ (void) (grub_tsc_calibrate_from_pit () || calibrate_tsc_hardcode()); + #endif ++ grub_install_get_time_ms (grub_tsc_get_time_ms); + } diff -Nru grub2-2.02~beta2/debian/patches/install_signed.patch grub2-2.02~beta2/debian/patches/install_signed.patch --- grub2-2.02~beta2/debian/patches/install_signed.patch 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/install_signed.patch 2020-08-24 08:54:59.000000000 +0000 @@ -14,11 +14,11 @@ Patch-Name: install_signed.patch --- - util/grub-install.c | 170 +++++++++++++++++++++++++++++++++++++--------------- - 1 file changed, 123 insertions(+), 47 deletions(-) + util/grub-install.c | 180 ++++++++++++++++++++++++++++++++++++++-------------- + 1 file changed, 133 insertions(+), 47 deletions(-) -diff --git a/util/grub-install.c b/util/grub-install.c -index 3275209..c15aa8c 100644 +Index: b/util/grub-install.c +=================================================================== --- a/util/grub-install.c +++ b/util/grub-install.c @@ -80,6 +80,7 @@ static char *label_color; @@ -40,7 +40,7 @@ }; static int fs_probe = 1; -@@ -235,6 +238,14 @@ argp_parser (int key, char *arg, struct argp_state *state) +@@ -235,6 +238,14 @@ argp_parser (int key, char *arg, struct bootloader_id = xstrdup (arg); return 0; @@ -215,20 +215,25 @@ { char *uuid = NULL; /* generic method (used on coreboot and ata mod). */ -@@ -1857,7 +1891,49 @@ main (int argc, char *argv[]) +@@ -1857,7 +1891,59 @@ main (int argc, char *argv[]) case GRUB_INSTALL_PLATFORM_IA64_EFI: { char *dst = grub_util_path_concat (2, efidir, efi_file); - grub_install_copy_file (imgfile, dst, 1); + if (uefi_secure_boot) + { -+ const char *shim_signed = "/usr/lib/shim/shim.efi.signed"; ++ char *shim_signed = NULL; ++ char *mok_file = NULL; + char *config_dst; + FILE *config_dst_f; + ++ shim_signed = xasprintf ("/usr/lib/shim/shim%s.efi.signed", efi_suffix); ++ mok_file = xasprintf ("mm%s.efi", efi_suffix); ++ + if (grub_util_is_regular (shim_signed)) + { -+ char *chained_base, *chained_dst, *mok_signed; ++ char *chained_base, *chained_dst; ++ char *mok_src, *mok_dst; + if (!removable) + { + free (efi_file); @@ -240,16 +245,21 @@ + chained_base = xasprintf ("grub%s.efi", efi_suffix); + chained_dst = grub_util_path_concat (2, efidir, chained_base); + grub_install_copy_file (efi_signed, chained_dst, 1); -+ /* Not critical, so not an error if it's not present (as it -+ won't be for older releases); but if we have it, make -+ sure it's installed. */ -+ mok_signed = grub_util_path_concat (2, efidir, -+ "MokManager.efi"); -+ grub_install_copy_file ("/usr/lib/shim/MokManager.efi.signed", -+ mok_signed, 0); -+ free (mok_signed); + free (chained_dst); + free (chained_base); ++ ++ /* Not critical, so not an error if they are not present (as it ++ won't be for older releases); but if we have them, make ++ sure they are installed. */ ++ mok_src = grub_util_path_concat (2, "/usr/lib/shim/", ++ mok_file); ++ mok_dst = grub_util_path_concat (2, efidir, ++ mok_file); ++ grub_install_copy_file (mok_src, ++ mok_dst, 0); ++ free (mok_src); ++ free (mok_dst); ++ + } + else + grub_install_copy_file (efi_signed, dst, 1); diff -Nru grub2-2.02~beta2/debian/patches/ip6_fix_routing_eb9f401f.patch grub2-2.02~beta2/debian/patches/ip6_fix_routing_eb9f401f.patch --- grub2-2.02~beta2/debian/patches/ip6_fix_routing_eb9f401f.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/ip6_fix_routing_eb9f401f.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,314 @@ +From eb9f401fc1e919fa29602d4d7b9b4378338e16e9 Mon Sep 17 00:00:00 2001 +From: Josef Bacik +Date: Wed, 10 Feb 2016 21:21:00 +0000 +Subject: net: fix ipv6 routing + +ipv6 routing in grub2 is broken, we cannot talk to anything outside our local +network or anything that doesn't route in our global namespace. This patch +fixes this by doing a couple of things + +1) Read the router information off of the router advertisement. If we have a +router lifetime we need to take the source address and create a route from it. + +2) Changes the routing stuff slightly to allow you to specify a gateway _and_ an +interface. Since the router advertisements come in on the link local address we +need to associate it with the global address on the card. So when we are +processing the router advertisement, either use the SLAAC interface we create +and add the route to that interface, or loop through the global addresses we +currently have on our interface and associate it with one of those addresses. +We need to have a special case here for the default route so that it gets used, +we do this by setting the masksize to 0 to mean it encompasses all networks. +The routing code will automatically select the best route so if there is a +closer match we will use that. + +With this patch I can now talk to ipv6 addresses outside of my local network. +Thanks, + + +Modified to drop changes for ieee1275; which can't be applied due to missing +ieee1275 network code. ~cyphermox + + +Signed-off-by: Josef Bacik +--- +--- + grub-core/net/bootp.c | 4 +-- + grub-core/net/icmp6.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++++- + grub-core/net/net.c | 40 +++++++++++-------------------- + include/grub/net.h | 25 +++++++++++++++++++ + 4 files changed, 102 insertions(+), 30 deletions(-) + +Index: b/grub-core/net/bootp.c +=================================================================== +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -117,7 +117,7 @@ parse_dhcp_vendor (const char *name, con + grub_memcpy (&gw.ipv4, ptr, sizeof (gw.ipv4)); + rname = grub_xasprintf ("%s:default", name); + if (rname) +- grub_net_add_route_gw (rname, target, gw); ++ grub_net_add_route_gw (rname, target, gw, NULL); + grub_free (rname); + } + break; +@@ -201,7 +201,7 @@ grub_net_configure_by_dhcp_ack (const ch + gw.ipv4 = bp->gateway_ip; + rname = grub_xasprintf ("%s:gw", name); + if (rname) +- grub_net_add_route_gw (rname, target, gw); ++ grub_net_add_route_gw (rname, target, gw, inter); + grub_free (rname); + + target.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV4; +Index: b/grub-core/net/icmp6.c +=================================================================== +--- a/grub-core/net/icmp6.c ++++ b/grub-core/net/icmp6.c +@@ -115,6 +115,7 @@ grub_net_recv_icmp6_packet (struct grub_ + grub_uint8_t ttl) + { + struct icmp_header *icmph; ++ struct grub_net_network_level_interface *orig_inf = inf; + grub_err_t err; + grub_uint16_t checksum; + +@@ -345,14 +346,31 @@ grub_net_recv_icmp6_packet (struct grub_ + { + grub_uint8_t *ptr; + struct option_header *ohdr; ++ struct router_adv *radv; ++ struct grub_net_network_level_interface *route_inf = NULL; ++ int default_route = 0; + if (icmph->code) + break; ++ radv = (struct router_adv *)nb->data; + err = grub_netbuff_pull (nb, sizeof (struct router_adv)); + if (err) + { + grub_netbuff_free (nb); + return err; + } ++ if (grub_be_to_cpu16 (radv->router_lifetime) > 0) ++ { ++ struct grub_net_route *route; ++ ++ FOR_NET_ROUTES (route) ++ { ++ if (!grub_memcmp (&route->gw, source, sizeof (route->gw))) ++ break; ++ } ++ if (route == NULL) ++ default_route = 1; ++ } ++ + for (ptr = (grub_uint8_t *) nb->data; ptr < nb->tail; + ptr += ohdr->len * 8) + { +@@ -413,7 +431,11 @@ grub_net_recv_icmp6_packet (struct grub_ + /* Update lease time if needed here once we have + lease times. */ + if (inf) +- continue; ++ { ++ if (!route_inf) ++ route_inf = inf; ++ continue; ++ } + + grub_dprintf ("net", "creating slaac\n"); + +@@ -429,12 +451,51 @@ grub_net_recv_icmp6_packet (struct grub_ + inf = grub_net_add_addr (name, + card, &addr, + &slaac->address, 0); ++ if (!route_inf) ++ route_inf = inf; + grub_net_add_route (name, netaddr, inf); + grub_free (name); + } + } + } + } ++ if (default_route) ++ { ++ char *name; ++ grub_net_network_level_netaddress_t netaddr; ++ name = grub_xasprintf ("%s:ra:default6", card->name); ++ if (!name) ++ { ++ grub_errno = GRUB_ERR_NONE; ++ goto next; ++ } ++ /* Default routes take alll of the traffic, so make the mask huge */ ++ netaddr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ netaddr.ipv6.masksize = 0; ++ netaddr.ipv6.base[0] = 0; ++ netaddr.ipv6.base[1] = 0; ++ ++ /* May not have gotten slaac info, find a global address on this ++ card. */ ++ if (route_inf == NULL) ++ { ++ FOR_NET_NETWORK_LEVEL_INTERFACES (inf) ++ { ++ if (inf->card == card && inf != orig_inf ++ && inf->address.type == GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6 ++ && grub_net_hwaddr_cmp(&inf->hwaddress, ++ &orig_inf->hwaddress) == 0) ++ { ++ route_inf = inf; ++ break; ++ } ++ } ++ } ++ if (route_inf != NULL) ++ grub_net_add_route_gw (name, netaddr, *source, route_inf); ++ grub_free (name); ++ } ++next: + if (ptr != nb->tail) + break; + } +Index: b/grub-core/net/net.c +=================================================================== +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -37,21 +37,6 @@ GRUB_MOD_LICENSE ("GPLv3+"); + + char *grub_net_default_server; + +-struct grub_net_route +-{ +- struct grub_net_route *next; +- struct grub_net_route **prev; +- grub_net_network_level_netaddress_t target; +- char *name; +- struct grub_net_network_level_protocol *prot; +- int is_gateway; +- union +- { +- struct grub_net_network_level_interface *interface; +- grub_net_network_level_address_t gw; +- }; +-}; +- + struct grub_net_route *grub_net_routes = NULL; + struct grub_net_network_level_interface *grub_net_network_level_interfaces = NULL; + struct grub_net_card *grub_net_cards = NULL; +@@ -410,14 +395,6 @@ grub_cmd_ipv6_autoconf (struct grub_comm + return err; + } + +-static inline void +-grub_net_route_register (struct grub_net_route *route) +-{ +- grub_list_push (GRUB_AS_LIST_P (&grub_net_routes), +- GRUB_AS_LIST (route)); +-} +- +-#define FOR_NET_ROUTES(var) for (var = grub_net_routes; var; var = var->next) + + static int + parse_ip (const char *val, grub_uint32_t *ip, const char **rest) +@@ -524,6 +501,8 @@ match_net (const grub_net_network_level_ + case GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6: + { + grub_uint64_t mask[2]; ++ if (net->ipv6.masksize == 0) ++ return 1; + if (net->ipv6.masksize <= 64) + { + mask[0] = 0xffffffffffffffffULL << (64 - net->ipv6.masksize); +@@ -687,7 +666,14 @@ grub_net_route_address (grub_net_network + return GRUB_ERR_NONE; + } + if (depth == 0) +- *gateway = bestroute->gw; ++ { ++ *gateway = bestroute->gw; ++ if (bestroute->interface != NULL) ++ { ++ *interf = bestroute->interface; ++ return GRUB_ERR_NONE; ++ } ++ } + curtarget = bestroute->gw; + } + +@@ -1109,7 +1095,8 @@ grub_net_add_route (const char *name, + grub_err_t + grub_net_add_route_gw (const char *name, + grub_net_network_level_netaddress_t target, +- grub_net_network_level_address_t gw) ++ grub_net_network_level_address_t gw, ++ struct grub_net_network_level_interface *inter) + { + struct grub_net_route *route; + +@@ -1127,6 +1114,7 @@ grub_net_add_route_gw (const char *name, + route->target = target; + route->is_gateway = 1; + route->gw = gw; ++ route->interface = inter; + + grub_net_route_register (route); + +@@ -1152,7 +1140,7 @@ grub_cmd_addroute (struct grub_command * + err = grub_net_resolve_address (args[3], &gw); + if (err) + return err; +- return grub_net_add_route_gw (args[0], target, gw); ++ return grub_net_add_route_gw (args[0], target, gw, NULL); + } + else + { +Index: b/include/grub/net.h +=================================================================== +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -191,6 +191,18 @@ typedef struct grub_net_network_level_ne + }; + } grub_net_network_level_netaddress_t; + ++struct grub_net_route ++{ ++ struct grub_net_route *next; ++ struct grub_net_route **prev; ++ grub_net_network_level_netaddress_t target; ++ char *name; ++ struct grub_net_network_level_protocol *prot; ++ int is_gateway; ++ struct grub_net_network_level_interface *interface; ++ grub_net_network_level_address_t gw; ++}; ++ + #define FOR_PACKETS(cont,var) for (var = (cont).first; var; var = var->next) + + static inline grub_err_t +@@ -367,6 +379,16 @@ grub_net_card_unregister (struct grub_ne + #define FOR_NET_CARDS_SAFE(var, next) for (var = grub_net_cards, next = (var ? var->next : 0); var; var = next, next = (var ? var->next : 0)) + + ++extern struct grub_net_route *grub_net_routes; ++ ++static inline void ++grub_net_route_register (struct grub_net_route *route) ++{ ++ grub_list_push (GRUB_AS_LIST_P (&grub_net_routes), ++ GRUB_AS_LIST (route)); ++} ++ ++#define FOR_NET_ROUTES(var) for (var = grub_net_routes; var; var = var->next) + struct grub_net_session * + grub_net_open_tcp (char *address, grub_uint16_t port); + +@@ -392,7 +414,8 @@ grub_net_add_route (const char *name, + grub_err_t + grub_net_add_route_gw (const char *name, + grub_net_network_level_netaddress_t target, +- grub_net_network_level_address_t gw); ++ grub_net_network_level_address_t gw, ++ struct grub_net_network_level_interface *inter); + + + #define GRUB_NET_BOOTP_MAC_ADDR_LEN 16 diff -Nru grub2-2.02~beta2/debian/patches/ip6_send_router_solicitation_7c4b6b7b.patch grub2-2.02~beta2/debian/patches/ip6_send_router_solicitation_7c4b6b7b.patch --- grub2-2.02~beta2/debian/patches/ip6_send_router_solicitation_7c4b6b7b.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/ip6_send_router_solicitation_7c4b6b7b.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,157 @@ +From 7c4b6b7bb476963ca7e86f79d32036e7f80d27f6 Mon Sep 17 00:00:00 2001 +From: Michael Chang +Date: Tue, 18 Nov 2014 08:03:08 +0000 +Subject: send router solicitation for ipv6 address autoconf v2 + +Many routers have long router advertisment interval configured by +default. The Neighbor Discovery protocol (RFC4861) has defined default +MaxRtrAdvInterval value as 600 seconds and +MinRtrAdvInterval as 0.33*MaxRtrAdvInterval. This makes +net_ipv6_autoconf fails more often than not as currently it passively +listens the RA message to perfom address autoconfiguration. + +This patch tries to send router solicitation to overcome the problem of +long RA interval. + +v2: +use cpu_to_be macro for network byte order conversion +add missing error handling +--- +diff --git a/grub-core/net/icmp6.c b/grub-core/net/icmp6.c +index 796d549..7822394 100644 +--- a/grub-core/net/icmp6.c ++++ b/grub-core/net/icmp6.c +@@ -72,6 +72,11 @@ struct neighbour_advertise + grub_uint64_t target[2]; + } GRUB_PACKED; + ++struct router_solicit ++{ ++ grub_uint32_t reserved; ++} GRUB_PACKED; ++ + enum + { + FLAG_SLAAC = 0x40 +@@ -81,6 +86,7 @@ enum + { + ICMP6_ECHO = 128, + ICMP6_ECHO_REPLY = 129, ++ ICMP6_ROUTER_SOLICIT = 133, + ICMP6_ROUTER_ADVERTISE = 134, + ICMP6_NEIGHBOUR_SOLICIT = 135, + ICMP6_NEIGHBOUR_ADVERTISE = 136, +@@ -533,3 +539,80 @@ grub_net_icmp6_send_request (struct grub_net_network_level_interface *inf, + grub_netbuff_free (nb); + return err; + } ++ ++grub_err_t ++grub_net_icmp6_send_router_solicit (struct grub_net_network_level_interface *inf) ++{ ++ struct grub_net_buff *nb; ++ grub_err_t err = GRUB_ERR_NONE; ++ grub_net_network_level_address_t multicast; ++ grub_net_link_level_address_t ll_multicast; ++ struct option_header *ohdr; ++ struct router_solicit *sol; ++ struct icmp_header *icmphr; ++ ++ multicast.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; ++ multicast.ipv6[0] = grub_cpu_to_be64 (0xff02ULL << 48); ++ multicast.ipv6[1] = grub_cpu_to_be64 (0x02ULL); ++ ++ err = grub_net_link_layer_resolve (inf, &multicast, &ll_multicast); ++ if (err) ++ return err; ++ ++ nb = grub_netbuff_alloc (sizeof (struct router_solicit) ++ + sizeof (struct option_header) ++ + 6 ++ + sizeof (struct icmp_header) ++ + GRUB_NET_OUR_IPV6_HEADER_SIZE ++ + GRUB_NET_MAX_LINK_HEADER_SIZE); ++ if (!nb) ++ return grub_errno; ++ err = grub_netbuff_reserve (nb, ++ sizeof (struct router_solicit) ++ + sizeof (struct option_header) ++ + 6 ++ + sizeof (struct icmp_header) ++ + GRUB_NET_OUR_IPV6_HEADER_SIZE ++ + GRUB_NET_MAX_LINK_HEADER_SIZE); ++ if (err) ++ goto fail; ++ ++ err = grub_netbuff_push (nb, 6); ++ if (err) ++ goto fail; ++ ++ grub_memcpy (nb->data, inf->hwaddress.mac, 6); ++ ++ err = grub_netbuff_push (nb, sizeof (*ohdr)); ++ if (err) ++ goto fail; ++ ++ ohdr = (struct option_header *) nb->data; ++ ohdr->type = OPTION_SOURCE_LINK_LAYER_ADDRESS; ++ ohdr->len = 1; ++ ++ err = grub_netbuff_push (nb, sizeof (*sol)); ++ if (err) ++ goto fail; ++ ++ sol = (struct router_solicit *) nb->data; ++ sol->reserved = 0; ++ ++ err = grub_netbuff_push (nb, sizeof (*icmphr)); ++ if (err) ++ goto fail; ++ ++ icmphr = (struct icmp_header *) nb->data; ++ icmphr->type = ICMP6_ROUTER_SOLICIT; ++ icmphr->code = 0; ++ icmphr->checksum = 0; ++ icmphr->checksum = grub_net_ip_transport_checksum (nb, ++ GRUB_NET_IP_ICMPV6, ++ &inf->address, ++ &multicast); ++ err = grub_net_send_ip_packet (inf, &multicast, &ll_multicast, nb, ++ GRUB_NET_IP_ICMPV6); ++ fail: ++ grub_netbuff_free (nb); ++ return err; ++} +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 82af3a0..21a4e94 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -380,12 +380,14 @@ grub_cmd_ipv6_autoconf (struct grub_command *cmd __attribute__ ((unused)), + + for (interval = 200; interval < 10000; interval *= 2) + { +- /* FIXME: send router solicitation. */ + int done = 1; + for (j = 0; j < ncards; j++) + { + if (slaacs[j]->slaac_counter) + continue; ++ err = grub_net_icmp6_send_router_solicit (ifaces[j]); ++ if (err) ++ err = GRUB_ERR_NONE; + done = 0; + } + if (done) +diff --git a/include/grub/net/ip.h b/include/grub/net/ip.h +index 7a8e614..dcceaa5 100644 +--- a/include/grub/net/ip.h ++++ b/include/grub/net/ip.h +@@ -92,4 +92,6 @@ grub_err_t + grub_net_icmp6_send_request (struct grub_net_network_level_interface *inf, + const grub_net_network_level_address_t *proto_addr); + ++grub_err_t ++grub_net_icmp6_send_router_solicit (struct grub_net_network_level_interface *inf); + #endif +-- +cgit v0.9.0.2 diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_arm_sb_support.patch grub2-2.02~beta2/debian/patches/linuxefi_arm_sb_support.patch --- grub2-2.02~beta2/debian/patches/linuxefi_arm_sb_support.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_arm_sb_support.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,438 @@ +From 69cfd0fbd4838c43f0cc34324372bbc23b68b418 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 18 Sep 2014 11:26:14 -0400 +Subject: [PATCH] Load arm with SB enabled. + +Make sure we actually try to validate secure boot on this platform (even +though we're not shipping it enabled by default.) + +This means giving the kernel grub's loaded image as the vehicle for the +kernel command line, because we can't call systab->bs->LoadImage() if SB +is enabled. +--- + grub-core/Makefile.core.def | 3 + grub-core/loader/arm/linux.c | 1 + grub-core/loader/arm64/linux.c | 117 ++++++++++++++++++++------------------ + grub-core/loader/efi/linux.c | 66 +++++++++++++++++++++ + grub-core/loader/i386/efi/linux.c | 39 ------------ + include/grub/arm64/linux.h | 8 ++ + include/grub/efi/linux.h | 31 ++++++++++ + 7 files changed, 175 insertions(+), 90 deletions(-) + create mode 100644 grub-core/loader/efi/linux.c + create mode 100644 include/grub/efi/linux.h + +Index: b/grub-core/Makefile.core.def +=================================================================== +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1673,6 +1673,8 @@ module = { + ia64_efi = loader/ia64/efi/linux.c; + arm = loader/arm/linux.c; + arm64 = loader/arm64/linux.c; ++ arm64 = loader/efi/linux.c; ++ fdt = lib/fdt.c; + common = loader/linux.c; + common = lib/cmdline.c; + enable = noemu; +@@ -1715,6 +1717,7 @@ module = { + name = linuxefi; + efi = loader/i386/efi/linux.c; + efi = lib/cmdline.c; ++ efi = loader/efi/linux.c; + enable = i386_efi; + enable = x86_64_efi; + }; +Index: b/grub-core/loader/arm64/linux.c +=================================================================== +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -39,6 +40,7 @@ static int loaded; + + static void *kernel_addr; + static grub_uint64_t kernel_size; ++static grub_uint32_t handover_offset; + + static char *linux_args; + static grub_uint32_t cmdline_size; +@@ -67,7 +69,8 @@ grub_arm64_uefi_check_image (struct grub + static grub_err_t + finalize_params_linux (void) + { +- int node, retval; ++ grub_efi_loaded_image_t *loaded_image = NULL; ++ int node, retval, len; + + void *fdt; + +@@ -102,6 +105,26 @@ finalize_params_linux (void) + if (grub_fdt_install() != GRUB_ERR_NONE) + goto failure; + ++ grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n", ++ fdt); ++ ++ /* Convert command line to UCS-2 */ ++ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (!loaded_image) ++ goto failure; ++ ++ loaded_image->load_options_size = len = ++ (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t); ++ loaded_image->load_options = ++ grub_efi_allocate_pages (0, ++ GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); ++ if (!loaded_image->load_options) ++ return grub_error(GRUB_ERR_BAD_OS, "failed to create kernel parameters"); ++ ++ loaded_image->load_options_size = ++ 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, ++ (grub_uint8_t *) linux_args, len, NULL); ++ + return GRUB_ERR_NONE; + + failure: +@@ -109,73 +132,49 @@ failure: + return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT"); + } + ++static void ++free_params (void) ++{ ++ grub_efi_loaded_image_t *loaded_image = NULL; ++ ++ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (loaded_image) ++ { ++ if (loaded_image->load_options) ++ grub_efi_free_pages ((grub_efi_physical_address_t) ++ loaded_image->load_options, ++ GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); ++ loaded_image->load_options = NULL; ++ loaded_image->load_options_size = 0; ++ } ++} ++ + grub_err_t + grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size, char *args) + { +- grub_efi_memory_mapped_device_path_t *mempath; +- grub_efi_handle_t image_handle; +- grub_efi_boot_services_t *b; +- grub_efi_status_t status; +- grub_efi_loaded_image_t *loaded_image; +- int len; ++ grub_err_t retval; + +- mempath = grub_malloc (2 * sizeof (grub_efi_memory_mapped_device_path_t)); +- if (!mempath) ++ retval = finalize_params_linux (); ++ if (retval != GRUB_ERR_NONE) + return grub_errno; + +- mempath[0].header.type = GRUB_EFI_HARDWARE_DEVICE_PATH_TYPE; +- mempath[0].header.subtype = GRUB_EFI_MEMORY_MAPPED_DEVICE_PATH_SUBTYPE; +- mempath[0].header.length = grub_cpu_to_le16_compile_time (sizeof (*mempath)); +- mempath[0].memory_type = GRUB_EFI_LOADER_DATA; +- mempath[0].start_address = addr; +- mempath[0].end_address = addr + size; +- +- mempath[1].header.type = GRUB_EFI_END_DEVICE_PATH_TYPE; +- mempath[1].header.subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; +- mempath[1].header.length = sizeof (grub_efi_device_path_t); +- +- b = grub_efi_system_table->boot_services; +- status = b->load_image (0, grub_efi_image_handle, +- (grub_efi_device_path_t *) mempath, +- (void *) addr, size, &image_handle); +- if (status != GRUB_EFI_SUCCESS) +- return grub_error (GRUB_ERR_BAD_OS, "cannot load image"); +- + grub_dprintf ("linux", "linux command line: '%s'\n", args); ++ grub_dprintf ("linux", "using kernel addr %p (was 0x%08lx); offset 0x%08x (size %zd)", ++ kernel_addr, addr, handover_offset, size); + +- /* Convert command line to UCS-2 */ +- loaded_image = grub_efi_get_loaded_image (image_handle); +- loaded_image->load_options_size = len = +- (grub_strlen (args) + 1) * sizeof (grub_efi_char16_t); +- loaded_image->load_options = +- grub_efi_allocate_pages (0, +- GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); +- if (!loaded_image->load_options) +- return grub_errno; +- +- loaded_image->load_options_size = +- 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, +- (grub_uint8_t *) args, len, NULL); ++ retval = grub_efi_linux_boot ((char *)kernel_addr, handover_offset, ++ kernel_addr); + +- grub_dprintf ("linux", "starting image %p\n", image_handle); +- status = b->start_image (image_handle, 0, NULL); +- +- /* When successful, not reached */ +- b->unload_image (image_handle); +- grub_efi_free_pages ((grub_efi_physical_address_t) loaded_image->load_options, +- GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); +- +- return grub_errno; ++ /* Never reached... */ ++ free_params(); ++ return retval; + } + + static grub_err_t + grub_linux_boot (void) + { +- if (finalize_params_linux () != GRUB_ERR_NONE) +- return grub_errno; +- +- return (grub_arm64_uefi_boot_image((grub_addr_t)kernel_addr, +- kernel_size, linux_args)); ++ return grub_arm64_uefi_boot_image ((grub_addr_t)kernel_addr, ++ kernel_size, linux_args); + } + + static grub_err_t +@@ -253,6 +252,7 @@ grub_cmd_linux (grub_command_t cmd __att + { + grub_file_t file = 0; + struct grub_arm64_linux_kernel_header lh; ++ struct grub_arm64_linux_pe_header *pe; + + grub_dl_ref (my_mod); + +@@ -297,6 +297,15 @@ grub_cmd_linux (grub_command_t cmd __att + + grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); + ++ if (!grub_linuxefi_secure_validate (kernel_addr, kernel_size)) ++ { ++ grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); ++ goto fail; ++ } ++ ++ pe = (void *)((unsigned long)kernel_addr + lh.hdr_offset); ++ handover_offset = pe->opt.entry_addr; ++ + cmdline_size = grub_loader_cmdline_size (argc, argv) + sizeof (LINUX_IMAGE); + linux_args = grub_malloc (cmdline_size); + if (!linux_args) +Index: b/grub-core/loader/efi/linux.c +=================================================================== +--- /dev/null ++++ b/grub-core/loader/efi/linux.c +@@ -0,0 +1,66 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2014 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#define SHIM_LOCK_GUID \ ++ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } ++ ++struct grub_efi_shim_lock ++{ ++ grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size); ++}; ++typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; ++ ++grub_efi_boolean_t ++grub_linuxefi_secure_validate (void *data, grub_uint32_t size) ++{ ++ grub_efi_guid_t guid = SHIM_LOCK_GUID; ++ grub_efi_shim_lock_t *shim_lock; ++ ++ shim_lock = grub_efi_locate_protocol(&guid, NULL); ++ ++ if (!shim_lock) ++ return 1; ++ ++ if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS) ++ return 1; ++ ++ return 0; ++} ++ ++typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); ++ ++grub_err_t ++grub_efi_linux_boot (void *kernel_addr, grub_off_t offset, ++ void *kernel_params) ++{ ++ handover_func hf; ++ ++ hf = (handover_func)((char *)kernel_addr + offset); ++ hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); ++ ++ return GRUB_ERR_BUG; ++} ++ +Index: b/grub-core/loader/i386/efi/linux.c +=================================================================== +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -40,52 +41,18 @@ static char *linux_cmdline; + + #define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12) + +-#define SHIM_LOCK_GUID \ +- { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} } +- +-struct grub_efi_shim_lock +-{ +- grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size); +-}; +-typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; +- +-static grub_efi_boolean_t +-grub_linuxefi_secure_validate (void *data, grub_uint32_t size) +-{ +- grub_efi_guid_t guid = SHIM_LOCK_GUID; +- grub_efi_shim_lock_t *shim_lock; +- +- shim_lock = grub_efi_locate_protocol(&guid, NULL); +- +- if (!shim_lock) +- return 1; +- +- if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS) +- return 1; +- +- return 0; +-} +- +-typedef void(*handover_func)(void *, grub_efi_system_table_t *, struct linux_kernel_params *); +- + static grub_err_t + grub_linuxefi_boot (void) + { +- handover_func hf; + int offset = 0; + + #ifdef __x86_64__ + offset = 512; + #endif +- +- hf = (handover_func)((char *)kernel_mem + handover_offset + offset); +- + asm volatile ("cli"); + +- hf (grub_efi_image_handle, grub_efi_system_table, params); +- +- /* Not reached */ +- return GRUB_ERR_NONE; ++ return grub_efi_linux_boot ((char *)kernel_mem, handover_offset + offset, ++ params); + } + + static grub_err_t +Index: b/include/grub/arm64/linux.h +=================================================================== +--- a/include/grub/arm64/linux.h ++++ b/include/grub/arm64/linux.h +@@ -20,6 +20,7 @@ + #define GRUB_LINUX_CPU_HEADER 1 + + #include ++#include + + #define GRUB_ARM64_LINUX_MAGIC 0x644d5241 /* 'ARM\x64' */ + +@@ -45,4 +46,11 @@ grub_err_t grub_arm64_uefi_check_image ( + grub_err_t grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size, + char *args); + ++struct grub_arm64_linux_pe_header ++{ ++ grub_uint32_t magic; ++ struct grub_pe32_coff_header coff; ++ struct grub_pe64_optional_header opt; ++}; ++ + #endif /* ! GRUB_LINUX_CPU_HEADER */ +Index: b/include/grub/efi/linux.h +=================================================================== +--- /dev/null ++++ b/include/grub/efi/linux.h +@@ -0,0 +1,31 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2014 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++#ifndef GRUB_EFI_LINUX_HEADER ++#define GRUB_EFI_LINUX_HEADER 1 ++ ++#include ++#include ++#include ++ ++grub_efi_boolean_t ++EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size); ++grub_err_t ++EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, ++ void *kernel_param); ++ ++#endif /* ! GRUB_EFI_LINUX_HEADER */ +Index: b/grub-core/loader/arm/linux.c +=================================================================== +--- a/grub-core/loader/arm/linux.c ++++ b/grub-core/loader/arm/linux.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_backport_arm64.patch grub2-2.02~beta2/debian/patches/linuxefi_backport_arm64.patch --- grub2-2.02~beta2/debian/patches/linuxefi_backport_arm64.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_backport_arm64.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,1189 @@ +--- + grub-core/Makefile.core.def | 8 + grub-core/lib/fdt.c | 3 + grub-core/loader/arm64/fdt.c | 185 ++++++++++++++ + grub-core/loader/arm64/linux.c | 219 +++------------- + grub-core/loader/arm64/xen_boot.c | 499 ++++++++++++++++++++++++++++++++++++++ + include/grub/arm64/fdtload.h | 35 ++ + include/grub/arm64/linux.h | 7 + 7 files changed, 779 insertions(+), 177 deletions(-) + +Index: b/grub-core/loader/arm64/linux.c +=================================================================== +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -33,12 +34,6 @@ + + GRUB_MOD_LICENSE ("GPLv3+"); + +-#define GRUB_EFI_PAGE_SHIFT 12 +-#define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> GRUB_EFI_PAGE_SHIFT) +-#define GRUB_EFI_PE_MAGIC 0x5A4D +- +-static grub_efi_guid_t fdt_guid = GRUB_EFI_DEVICE_TREE_GUID; +- + static grub_dl_t my_mod; + static int loaded; + +@@ -51,76 +46,15 @@ static grub_uint32_t cmdline_size; + static grub_addr_t initrd_start; + static grub_addr_t initrd_end; + +-static void *loaded_fdt; +-static void *fdt; +- +-static void * +-get_firmware_fdt (void) +-{ +- grub_efi_configuration_table_t *tables; +- void *firmware_fdt = NULL; +- unsigned int i; +- +- /* Look for FDT in UEFI config tables. */ +- tables = grub_efi_system_table->configuration_table; +- +- for (i = 0; i < grub_efi_system_table->num_table_entries; i++) +- if (grub_memcmp (&tables[i].vendor_guid, &fdt_guid, sizeof (fdt_guid)) == 0) +- { +- firmware_fdt = tables[i].vendor_table; +- grub_dprintf ("linux", "found registered FDT @ 0x%p\n", firmware_fdt); +- break; +- } +- +- return firmware_fdt; +-} +- +-static void +-get_fdt (void) +-{ +- void *raw_fdt; +- grub_size_t size; +- +- if (fdt) +- { +- size = BYTES_TO_PAGES (grub_fdt_get_totalsize (fdt)); +- grub_efi_free_pages ((grub_efi_physical_address_t) fdt, size); +- } +- +- if (loaded_fdt) +- raw_fdt = loaded_fdt; +- else +- raw_fdt = get_firmware_fdt(); +- +- size = +- raw_fdt ? grub_fdt_get_totalsize (raw_fdt) : GRUB_FDT_EMPTY_TREE_SZ; +- size += 0x400; +- +- grub_dprintf ("linux", "allocating %ld bytes for fdt\n", size); +- fdt = grub_efi_allocate_pages (0, BYTES_TO_PAGES (size)); +- if (!fdt) +- return; +- +- if (raw_fdt) +- { +- grub_memmove (fdt, raw_fdt, size); +- grub_fdt_set_totalsize (fdt, size); +- } +- else +- { +- grub_fdt_create_empty_tree (fdt, size); +- } +-} +- +-static grub_err_t +-check_kernel (struct grub_arm64_linux_kernel_header *lh) ++grub_err_t ++grub_arm64_uefi_check_image (struct grub_arm64_linux_kernel_header * lh) + { + if (lh->magic != GRUB_ARM64_LINUX_MAGIC) + return grub_error(GRUB_ERR_BAD_OS, "invalid magic number"); + + if ((lh->code0 & 0xffff) != GRUB_EFI_PE_MAGIC) + return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET, +- N_("plain Image kernel not supported - rebuild with CONFIG_(U)EFI_STUB enabled")); ++ N_("plain image kernel not supported - rebuild with CONFIG_(U)EFI_STUB enabled")); + + grub_dprintf ("linux", "UEFI stub kernel:\n"); + grub_dprintf ("linux", "text_offset = 0x%012llx\n", +@@ -131,13 +65,14 @@ check_kernel (struct grub_arm64_linux_ke + } + + static grub_err_t +-finalize_params (void) ++finalize_params_linux (void) + { +- grub_efi_boot_services_t *b; +- grub_efi_status_t status; + int node, retval; + +- get_fdt (); ++ void *fdt; ++ ++ fdt = grub_fdt_load (0x400); ++ + if (!fdt) + goto failure; + +@@ -164,97 +99,26 @@ finalize_params (void) + goto failure; + } + +- b = grub_efi_system_table->boot_services; +- status = b->install_configuration_table (&fdt_guid, fdt); +- if (status != GRUB_EFI_SUCCESS) ++ if (grub_fdt_install() != GRUB_ERR_NONE) + goto failure; + +- grub_dprintf ("linux", "Installed/updated FDT configuration table @ %p\n", +- fdt); +- + return GRUB_ERR_NONE; + + failure: +- grub_efi_free_pages ((grub_efi_physical_address_t) fdt, +- BYTES_TO_PAGES (grub_fdt_get_totalsize (fdt))); +- fdt = NULL; ++ grub_fdt_unload(); + return grub_error(GRUB_ERR_BAD_OS, "failed to install/update FDT"); + } + +-static grub_err_t +-grub_cmd_devicetree (grub_command_t cmd __attribute__ ((unused)), +- int argc, char *argv[]) +-{ +- grub_file_t dtb; +- void *blob = NULL; +- int size; +- +- if (!loaded) +- { +- grub_error (GRUB_ERR_BAD_ARGUMENT, +- N_("you need to load the kernel first")); +- return GRUB_ERR_BAD_OS; +- } +- +- if (argc != 1) +- return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +- +- if (loaded_fdt) +- grub_free (loaded_fdt); +- loaded_fdt = NULL; +- +- dtb = grub_file_open (argv[0]); +- if (!dtb) +- goto out; +- +- size = grub_file_size (dtb); +- blob = grub_malloc (size); +- if (!blob) +- goto out; +- +- if (grub_file_read (dtb, blob, size) < size) +- { +- if (!grub_errno) +- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), argv[0]); +- goto out; +- } +- +- if (grub_fdt_check_header (blob, size) != 0) +- { +- grub_error (GRUB_ERR_BAD_OS, N_("invalid device tree")); +- goto out; +- } +- +-out: +- if (dtb) +- grub_file_close (dtb); +- +- if (blob) +- { +- if (grub_errno == GRUB_ERR_NONE) +- loaded_fdt = blob; +- else +- grub_free (blob); +- } +- +- return grub_errno; +-} +- +-static grub_err_t +-grub_linux_boot (void) ++grub_err_t ++grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size, char *args) + { + grub_efi_memory_mapped_device_path_t *mempath; + grub_efi_handle_t image_handle; + grub_efi_boot_services_t *b; + grub_efi_status_t status; +- grub_err_t retval; + grub_efi_loaded_image_t *loaded_image; + int len; + +- retval = finalize_params(); +- if (retval != GRUB_ERR_NONE) +- return retval; +- + mempath = grub_malloc (2 * sizeof (grub_efi_memory_mapped_device_path_t)); + if (!mempath) + return grub_errno; +@@ -263,64 +127,71 @@ grub_linux_boot (void) + mempath[0].header.subtype = GRUB_EFI_MEMORY_MAPPED_DEVICE_PATH_SUBTYPE; + mempath[0].header.length = grub_cpu_to_le16_compile_time (sizeof (*mempath)); + mempath[0].memory_type = GRUB_EFI_LOADER_DATA; +- mempath[0].start_address = (grub_addr_t) kernel_addr; +- mempath[0].end_address = (grub_addr_t) kernel_addr + kernel_size; ++ mempath[0].start_address = addr; ++ mempath[0].end_address = addr + size; + + mempath[1].header.type = GRUB_EFI_END_DEVICE_PATH_TYPE; + mempath[1].header.subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE; +- mempath[1].header.length = 0; ++ mempath[1].header.length = sizeof (grub_efi_device_path_t); + + b = grub_efi_system_table->boot_services; + status = b->load_image (0, grub_efi_image_handle, + (grub_efi_device_path_t *) mempath, +- kernel_addr, kernel_size, &image_handle); ++ (void *) addr, size, &image_handle); + if (status != GRUB_EFI_SUCCESS) + return grub_error (GRUB_ERR_BAD_OS, "cannot load image"); + +- grub_dprintf ("linux", "linux command line: '%s'\n", linux_args); ++ grub_dprintf ("linux", "linux command line: '%s'\n", args); + + /* Convert command line to UCS-2 */ + loaded_image = grub_efi_get_loaded_image (image_handle); + loaded_image->load_options_size = len = +- (grub_strlen (linux_args) + 1) * sizeof (grub_efi_char16_t); ++ (grub_strlen (args) + 1) * sizeof (grub_efi_char16_t); + loaded_image->load_options = + grub_efi_allocate_pages (0, +- BYTES_TO_PAGES (loaded_image->load_options_size)); ++ GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); + if (!loaded_image->load_options) + return grub_errno; + + loaded_image->load_options_size = + 2 * grub_utf8_to_utf16 (loaded_image->load_options, len, +- (grub_uint8_t *) linux_args, len, NULL); ++ (grub_uint8_t *) args, len, NULL); + +- grub_dprintf("linux", "starting image %p\n", image_handle); ++ grub_dprintf ("linux", "starting image %p\n", image_handle); + status = b->start_image (image_handle, 0, NULL); + + /* When successful, not reached */ + b->unload_image (image_handle); + grub_efi_free_pages ((grub_efi_physical_address_t) loaded_image->load_options, +- BYTES_TO_PAGES (loaded_image->load_options_size)); ++ GRUB_EFI_BYTES_TO_PAGES (loaded_image->load_options_size)); + + return grub_errno; + } + + static grub_err_t ++grub_linux_boot (void) ++{ ++ if (finalize_params_linux () != GRUB_ERR_NONE) ++ return grub_errno; ++ ++ return (grub_arm64_uefi_boot_image((grub_addr_t)kernel_addr, ++ kernel_size, linux_args)); ++} ++ ++static grub_err_t + grub_linux_unload (void) + { + grub_dl_unref (my_mod); + loaded = 0; + if (initrd_start) + grub_efi_free_pages ((grub_efi_physical_address_t) initrd_start, +- BYTES_TO_PAGES (initrd_end - initrd_start)); ++ GRUB_EFI_BYTES_TO_PAGES (initrd_end - initrd_start)); + initrd_start = initrd_end = 0; + grub_free (linux_args); + if (kernel_addr) + grub_efi_free_pages ((grub_efi_physical_address_t) kernel_addr, +- BYTES_TO_PAGES (kernel_size)); +- if (fdt) +- grub_efi_free_pages ((grub_efi_physical_address_t) fdt, +- BYTES_TO_PAGES (grub_fdt_get_totalsize (fdt))); +- ++ GRUB_EFI_BYTES_TO_PAGES (kernel_size)); ++ grub_fdt_unload (); + return GRUB_ERR_NONE; + } + +@@ -328,7 +199,7 @@ static grub_err_t + grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), + int argc, char *argv[]) + { +- struct grub_linux_initrd_context initrd_ctx; ++ struct grub_linux_initrd_context initrd_ctx = { 0, 0, 0 }; + int initrd_size, initrd_pages; + void *initrd_mem = NULL; + +@@ -351,7 +222,7 @@ grub_cmd_initrd (grub_command_t cmd __at + initrd_size = grub_get_initrd_size (&initrd_ctx); + grub_dprintf ("linux", "Loading initrd\n"); + +- initrd_pages = (BYTES_TO_PAGES (initrd_size)); ++ initrd_pages = (GRUB_EFI_BYTES_TO_PAGES (initrd_size)); + initrd_mem = grub_efi_allocate_pages (0, initrd_pages); + if (!initrd_mem) + { +@@ -400,15 +271,15 @@ grub_cmd_linux (grub_command_t cmd __att + if (grub_file_read (file, &lh, sizeof (lh)) < (long) sizeof (lh)) + return grub_errno; + +- if (check_kernel (&lh) != GRUB_ERR_NONE) ++ if (grub_arm64_uefi_check_image (&lh) != GRUB_ERR_NONE) + goto fail; + + grub_loader_unset(); + + grub_dprintf ("linux", "kernel file size: %lld\n", (long long) kernel_size); +- kernel_addr = grub_efi_allocate_pages (0, BYTES_TO_PAGES (kernel_size)); ++ kernel_addr = grub_efi_allocate_pages (0, GRUB_EFI_BYTES_TO_PAGES (kernel_size)); + grub_dprintf ("linux", "kernel numpages: %lld\n", +- (long long) BYTES_TO_PAGES (kernel_size)); ++ (long long) GRUB_EFI_BYTES_TO_PAGES (kernel_size)); + if (!kernel_addr) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); +@@ -459,13 +330,13 @@ fail: + + if (kernel_addr && !loaded) + grub_efi_free_pages ((grub_efi_physical_address_t) kernel_addr, +- BYTES_TO_PAGES (kernel_size)); ++ GRUB_EFI_BYTES_TO_PAGES (kernel_size)); + + return grub_errno; + } + + +-static grub_command_t cmd_linux, cmd_initrd, cmd_devicetree; ++static grub_command_t cmd_linux, cmd_initrd; + + GRUB_MOD_INIT (linux) + { +@@ -473,9 +344,6 @@ GRUB_MOD_INIT (linux) + N_("Load Linux.")); + cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd, 0, + N_("Load initrd.")); +- cmd_devicetree = +- grub_register_command ("devicetree", grub_cmd_devicetree, 0, +- N_("Load DTB file.")); + my_mod = mod; + } + +@@ -483,5 +351,4 @@ GRUB_MOD_FINI (linux) + { + grub_unregister_command (cmd_linux); + grub_unregister_command (cmd_initrd); +- grub_unregister_command (cmd_devicetree); + } +Index: b/include/grub/arm64/linux.h +=================================================================== +--- a/include/grub/arm64/linux.h ++++ b/include/grub/arm64/linux.h +@@ -23,6 +23,8 @@ + + #define GRUB_ARM64_LINUX_MAGIC 0x644d5241 /* 'ARM\x64' */ + ++#define GRUB_EFI_PE_MAGIC 0x5A4D ++ + /* From linux/Documentation/arm64/booting.txt */ + struct grub_arm64_linux_kernel_header + { +@@ -38,4 +40,9 @@ struct grub_arm64_linux_kernel_header + grub_uint32_t hdr_offset; /* Offset of PE/COFF header */ + }; + ++grub_err_t grub_arm64_uefi_check_image (struct grub_arm64_linux_kernel_header ++ *lh); ++grub_err_t grub_arm64_uefi_boot_image (grub_addr_t addr, grub_size_t size, ++ char *args); ++ + #endif /* ! GRUB_LINUX_CPU_HEADER */ +Index: b/grub-core/loader/arm64/fdt.c +=================================================================== +--- /dev/null ++++ b/grub-core/loader/arm64/fdt.c +@@ -0,0 +1,185 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2013-2015 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static void *loaded_fdt; ++static void *fdt; ++ ++static void * ++get_firmware_fdt (void) ++{ ++ grub_efi_configuration_table_t *tables; ++ grub_efi_guid_t fdt_guid = GRUB_EFI_DEVICE_TREE_GUID; ++ void *firmware_fdt = NULL; ++ unsigned int i; ++ ++ /* Look for FDT in UEFI config tables. */ ++ tables = grub_efi_system_table->configuration_table; ++ ++ for (i = 0; i < grub_efi_system_table->num_table_entries; i++) ++ if (grub_memcmp (&tables[i].vendor_guid, &fdt_guid, sizeof (fdt_guid)) == 0) ++ { ++ firmware_fdt = tables[i].vendor_table; ++ grub_dprintf ("linux", "found registered FDT @ %p\n", firmware_fdt); ++ break; ++ } ++ ++ return firmware_fdt; ++} ++ ++void * ++grub_fdt_load (grub_size_t additional_size) ++{ ++ void *raw_fdt; ++ grub_size_t size; ++ ++ if (fdt) ++ { ++ size = GRUB_EFI_BYTES_TO_PAGES (grub_fdt_get_totalsize (fdt)); ++ grub_efi_free_pages ((grub_efi_physical_address_t) fdt, size); ++ } ++ ++ if (loaded_fdt) ++ raw_fdt = loaded_fdt; ++ else ++ raw_fdt = get_firmware_fdt(); ++ ++ size = ++ raw_fdt ? grub_fdt_get_totalsize (raw_fdt) : GRUB_FDT_EMPTY_TREE_SZ; ++ size += additional_size; ++ ++ grub_dprintf ("linux", "allocating %ld bytes for fdt\n", size); ++ fdt = grub_efi_allocate_pages (0, GRUB_EFI_BYTES_TO_PAGES (size)); ++ if (!fdt) ++ return NULL; ++ ++ if (raw_fdt) ++ { ++ grub_memmove (fdt, raw_fdt, size); ++ grub_fdt_set_totalsize (fdt, size); ++ } ++ else ++ { ++ grub_fdt_create_empty_tree (fdt, size); ++ } ++ return fdt; ++} ++ ++grub_err_t ++grub_fdt_install (void) ++{ ++ grub_efi_boot_services_t *b; ++ grub_efi_guid_t fdt_guid = GRUB_EFI_DEVICE_TREE_GUID; ++ grub_efi_status_t status; ++ ++ b = grub_efi_system_table->boot_services; ++ status = b->install_configuration_table (&fdt_guid, fdt); ++ if (status != GRUB_EFI_SUCCESS) ++ return grub_error (GRUB_ERR_IO, "failed to install FDT"); ++ ++ grub_dprintf ("fdt", "Installed/updated FDT configuration table @ %p\n", ++ fdt); ++ return GRUB_ERR_NONE; ++} ++ ++void ++grub_fdt_unload (void) { ++ if (!fdt) { ++ return; ++ } ++ grub_efi_free_pages ((grub_efi_physical_address_t) fdt, ++ GRUB_EFI_BYTES_TO_PAGES (grub_fdt_get_totalsize (fdt))); ++ fdt = NULL; ++} ++ ++static grub_err_t ++grub_cmd_devicetree (grub_command_t cmd __attribute__ ((unused)), ++ int argc, char *argv[]) ++{ ++ grub_file_t dtb; ++ void *blob = NULL; ++ int size; ++ ++ if (loaded_fdt) ++ grub_free (loaded_fdt); ++ loaded_fdt = NULL; ++ ++ /* No arguments means "use firmware FDT". */ ++ if (argc == 0) ++ { ++ return GRUB_ERR_NONE; ++ } ++ ++ dtb = grub_file_open (argv[0]); ++ if (!dtb) ++ goto out; ++ ++ size = grub_file_size (dtb); ++ blob = grub_malloc (size); ++ if (!blob) ++ goto out; ++ ++ if (grub_file_read (dtb, blob, size) < size) ++ { ++ if (!grub_errno) ++ grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), argv[0]); ++ goto out; ++ } ++ ++ if (grub_fdt_check_header (blob, size) != 0) ++ { ++ grub_error (GRUB_ERR_BAD_OS, N_("invalid device tree")); ++ goto out; ++ } ++ ++out: ++ if (dtb) ++ grub_file_close (dtb); ++ ++ if (blob) ++ { ++ if (grub_errno == GRUB_ERR_NONE) ++ loaded_fdt = blob; ++ else ++ grub_free (blob); ++ } ++ ++ return grub_errno; ++} ++ ++static grub_command_t cmd_devicetree; ++ ++GRUB_MOD_INIT (fdt) ++{ ++ cmd_devicetree = ++ grub_register_command ("devicetree", grub_cmd_devicetree, 0, ++ N_("Load DTB file.")); ++} ++ ++GRUB_MOD_FINI (fdt) ++{ ++ grub_unregister_command (cmd_devicetree); ++} +Index: b/grub-core/loader/arm64/xen_boot.c +=================================================================== +--- /dev/null ++++ b/grub-core/loader/arm64/xen_boot.c +@@ -0,0 +1,499 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2014 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include /* required by struct xen_hypervisor_header */ ++#include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); ++ ++#define XEN_HYPERVISOR_NAME "xen_hypervisor" ++#define MODULE_CUSTOM_COMPATIBLE "multiboot,module" ++ ++/* This maximum size is defined in Power.org ePAPR V1.1 ++ * https://www.power.org/documentation/epapr-version-1-1/ ++ * 2.2.1.1 Node Name Requirements ++ * node-name@unit-address ++ * 31 + 1(@) + 16(64bit address in hex format) + 1(\0) = 49 ++ */ ++#define FDT_NODE_NAME_MAX_SIZE (49) ++ ++struct compat_string_struct ++{ ++ grub_size_t size; ++ const char *compat_string; ++}; ++typedef struct compat_string_struct compat_string_struct_t; ++#define FDT_COMPATIBLE(x) {.size = sizeof(x), .compat_string = (x)} ++ ++enum module_type ++{ ++ MODULE_IMAGE, ++ MODULE_INITRD, ++ MODULE_XSM, ++ MODULE_CUSTOM ++}; ++typedef enum module_type module_type_t; ++ ++struct xen_hypervisor_header ++{ ++ struct grub_arm64_linux_kernel_header efi_head; ++ ++ /* This is always PE\0\0. */ ++ grub_uint8_t signature[GRUB_PE32_SIGNATURE_SIZE]; ++ /* The COFF file header. */ ++ struct grub_pe32_coff_header coff_header; ++ /* The Optional header. */ ++ struct grub_pe64_optional_header optional_header; ++}; ++ ++struct xen_boot_binary ++{ ++ struct xen_boot_binary *next; ++ struct xen_boot_binary **prev; ++ int is_hypervisor; ++ ++ grub_addr_t start; ++ grub_size_t size; ++ grub_size_t align; ++ ++ char *cmdline; ++ int cmdline_size; ++}; ++ ++static grub_dl_t my_mod; ++ ++static int loaded; ++ ++static struct xen_boot_binary *xen_hypervisor; ++static struct xen_boot_binary *module_head; ++ ++static __inline grub_addr_t ++xen_boot_address_align (grub_addr_t start, grub_size_t align) ++{ ++ return (align ? (ALIGN_UP (start, align)) : start); ++} ++ ++static grub_err_t ++prepare_xen_hypervisor_params (void *xen_boot_fdt) ++{ ++ int chosen_node = 0; ++ int retval; ++ ++ chosen_node = grub_fdt_find_subnode (xen_boot_fdt, 0, "chosen"); ++ if (chosen_node < 0) ++ chosen_node = grub_fdt_add_subnode (xen_boot_fdt, 0, "chosen"); ++ if (chosen_node < 1) ++ return grub_error (GRUB_ERR_IO, "failed to get chosen node in FDT"); ++ ++ grub_dprintf ("xen_loader", ++ "Xen Hypervisor cmdline : %s @ %p size:%d\n", ++ xen_hypervisor->cmdline, xen_hypervisor->cmdline, ++ xen_hypervisor->cmdline_size); ++ ++ retval = grub_fdt_set_prop (xen_boot_fdt, chosen_node, "bootargs", ++ xen_hypervisor->cmdline, ++ xen_hypervisor->cmdline_size); ++ if (retval) ++ return grub_error (GRUB_ERR_IO, "failed to install/update FDT"); ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++prepare_xen_module_params (struct xen_boot_binary *module, void *xen_boot_fdt) ++{ ++ int retval, chosen_node = 0, module_node = 0; ++ char module_name[FDT_NODE_NAME_MAX_SIZE]; ++ ++ retval = grub_snprintf (module_name, FDT_NODE_NAME_MAX_SIZE, "module@%lx", ++ xen_boot_address_align (module->start, ++ module->align)); ++ grub_dprintf ("xen_loader", "Module node name %s \n", module_name); ++ ++ if (retval < (int) sizeof ("module@")) ++ return grub_error (GRUB_ERR_IO, N_("failed to get FDT")); ++ ++ chosen_node = grub_fdt_find_subnode (xen_boot_fdt, 0, "chosen"); ++ if (chosen_node < 0) ++ chosen_node = grub_fdt_add_subnode (xen_boot_fdt, 0, "chosen"); ++ if (chosen_node < 1) ++ return grub_error (GRUB_ERR_IO, "failed to get chosen node in FDT"); ++ ++ module_node = ++ grub_fdt_find_subnode (xen_boot_fdt, chosen_node, module_name); ++ if (module_node < 0) ++ module_node = ++ grub_fdt_add_subnode (xen_boot_fdt, chosen_node, module_name); ++ ++ retval = grub_fdt_set_prop (xen_boot_fdt, module_node, "compatible", ++ MODULE_CUSTOM_COMPATIBLE, sizeof(MODULE_CUSTOM_COMPATIBLE) - 1); ++ if (retval) ++ return grub_error (GRUB_ERR_IO, "failed to update FDT"); ++ ++ grub_dprintf ("xen_loader", "Module\n"); ++ ++ retval = grub_fdt_set_reg64 (xen_boot_fdt, module_node, ++ xen_boot_address_align (module->start, ++ module->align), ++ module->size); ++ if (retval) ++ return grub_error (GRUB_ERR_IO, "failed to update FDT"); ++ ++ if (module->cmdline && module->cmdline_size > 0) ++ { ++ grub_dprintf ("xen_loader", ++ "Module cmdline : %s @ %p size:%d\n", ++ module->cmdline, module->cmdline, module->cmdline_size); ++ ++ retval = grub_fdt_set_prop (xen_boot_fdt, module_node, "bootargs", ++ module->cmdline, module->cmdline_size + 1); ++ if (retval) ++ return grub_error (GRUB_ERR_IO, "failed to update FDT"); ++ } ++ else ++ { ++ grub_dprintf ("xen_loader", "Module has no bootargs!\n"); ++ } ++ ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++finalize_params_xen_boot (void) ++{ ++ struct xen_boot_binary *module; ++ void *xen_boot_fdt; ++ grub_size_t additional_size = 0x1000; ++ ++ /* Hypervisor. */ ++ additional_size += FDT_NODE_NAME_MAX_SIZE + xen_hypervisor->cmdline_size; ++ FOR_LIST_ELEMENTS (module, module_head) ++ { ++ additional_size += 6 * FDT_NODE_NAME_MAX_SIZE + sizeof(MODULE_CUSTOM_COMPATIBLE) - 1 ++ + module->cmdline_size; ++ } ++ ++ xen_boot_fdt = grub_fdt_load (additional_size); ++ if (!xen_boot_fdt) ++ return grub_error (GRUB_ERR_IO, "failed to get FDT"); ++ ++ if (xen_hypervisor) ++ { ++ if (prepare_xen_hypervisor_params (xen_boot_fdt) != GRUB_ERR_NONE) ++ goto fail; ++ } ++ else ++ { ++ grub_dprintf ("xen_loader", "Failed to get Xen Hypervisor info!\n"); ++ goto fail; ++ } ++ ++ /* Set module params info */ ++ FOR_LIST_ELEMENTS (module, module_head) ++ { ++ if (module->start && module->size > 0) ++ { ++ grub_dprintf ("xen_loader", "Module @ 0x%lx size:0x%lx\n", ++ xen_boot_address_align (module->start, module->align), ++ module->size); ++ if (prepare_xen_module_params (module, xen_boot_fdt) != GRUB_ERR_NONE) ++ goto fail; ++ } ++ else ++ { ++ grub_dprintf ("xen_loader", "Module info error!\n"); ++ goto fail; ++ } ++ } ++ ++ if (grub_fdt_install() == GRUB_ERR_NONE) ++ return GRUB_ERR_NONE; ++ ++fail: ++ grub_fdt_unload (); ++ ++ return grub_error (GRUB_ERR_IO, "failed to install/update FDT"); ++} ++ ++ ++static grub_err_t ++xen_boot (void) ++{ ++ grub_err_t err = finalize_params_xen_boot (); ++ if (err) ++ return err; ++ ++ return grub_arm64_uefi_boot_image (xen_hypervisor->start, ++ xen_hypervisor->size, ++ xen_hypervisor->cmdline); ++} ++ ++static void ++single_binary_unload (struct xen_boot_binary *binary) ++{ ++ if (!binary) ++ return; ++ ++ if (binary->start && binary->size > 0) ++ { ++ grub_efi_free_pages ((grub_efi_physical_address_t) binary->start, ++ GRUB_EFI_BYTES_TO_PAGES (binary->size + binary->align)); ++ } ++ ++ if (binary->cmdline && binary->cmdline_size > 0) ++ { ++ grub_free (binary->cmdline); ++ grub_dprintf ("xen_loader", ++ "Module cmdline memory free @ %p size: %d\n", ++ binary->cmdline, binary->cmdline_size); ++ } ++ ++ if (!binary->is_hypervisor) ++ grub_list_remove (GRUB_AS_LIST (binary)); ++ ++ grub_dprintf ("xen_loader", ++ "Module struct memory free @ %p size: 0x%lx\n", ++ binary, sizeof (binary)); ++ grub_free (binary); ++ ++ return; ++} ++ ++static void ++all_binaries_unload (void) ++{ ++ struct xen_boot_binary *binary; ++ ++ FOR_LIST_ELEMENTS (binary, module_head) ++ { ++ single_binary_unload (binary); ++ } ++ ++ if (xen_hypervisor) ++ single_binary_unload (xen_hypervisor); ++ ++ return; ++} ++ ++static grub_err_t ++xen_unload (void) ++{ ++ loaded = 0; ++ all_binaries_unload (); ++ grub_fdt_unload (); ++ grub_dl_unref (my_mod); ++ ++ return GRUB_ERR_NONE; ++} ++ ++static void ++xen_boot_binary_load (struct xen_boot_binary *binary, grub_file_t file, ++ int argc, char *argv[]) ++{ ++ binary->size = grub_file_size (file); ++ grub_dprintf ("xen_loader", "Xen_boot file size: 0x%lx\n", binary->size); ++ ++ binary->start ++ = (grub_addr_t) grub_efi_allocate_pages (0, ++ GRUB_EFI_BYTES_TO_PAGES ++ (binary->size + ++ binary->align)); ++ if (!binary->start) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ return; ++ } ++ ++ grub_dprintf ("xen_loader", "Xen_boot numpages: 0x%lx\n", ++ GRUB_EFI_BYTES_TO_PAGES (binary->size + binary->align)); ++ ++ if (grub_file_read (file, (void *) xen_boot_address_align (binary->start, ++ binary->align), ++ binary->size) != (grub_ssize_t) binary->size) ++ { ++ single_binary_unload (binary); ++ grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), argv[0]); ++ return; ++ } ++ ++ if (argc > 1) ++ { ++ binary->cmdline_size = grub_loader_cmdline_size (argc - 1, argv + 1); ++ binary->cmdline = grub_zalloc (binary->cmdline_size); ++ if (!binary->cmdline) ++ { ++ single_binary_unload (binary); ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ return; ++ } ++ grub_create_loader_cmdline (argc - 1, argv + 1, binary->cmdline, ++ binary->cmdline_size); ++ grub_dprintf ("xen_loader", ++ "Xen_boot cmdline @ %p %s, size: %d\n", ++ binary->cmdline, binary->cmdline, binary->cmdline_size); ++ } ++ else ++ { ++ binary->cmdline_size = 0; ++ binary->cmdline = NULL; ++ } ++ ++ grub_errno = GRUB_ERR_NONE; ++ return; ++} ++ ++static grub_err_t ++grub_cmd_xen_module (grub_command_t cmd __attribute__((unused)), ++ int argc, char *argv[]) ++{ ++ ++ struct xen_boot_binary *module = NULL; ++ grub_file_t file = 0; ++ ++ if (!argc) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); ++ goto fail; ++ } ++ ++ if (!loaded) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("you need to load the Xen Hypervisor first")); ++ goto fail; ++ } ++ ++ module = ++ (struct xen_boot_binary *) grub_zalloc (sizeof (struct xen_boot_binary)); ++ if (!module) ++ return grub_errno; ++ ++ module->is_hypervisor = 0; ++ module->align = 4096; ++ ++ grub_dprintf ("xen_loader", "Init module and node info\n"); ++ ++ file = grub_file_open (argv[0]); ++ if (!file) ++ goto fail; ++ ++ xen_boot_binary_load (module, file, argc, argv); ++ if (grub_errno == GRUB_ERR_NONE) ++ grub_list_push (GRUB_AS_LIST_P (&module_head), GRUB_AS_LIST (module)); ++ ++ fail: ++ if (file) ++ grub_file_close (file); ++ if (grub_errno != GRUB_ERR_NONE) ++ single_binary_unload (module); ++ ++ return grub_errno; ++} ++ ++static grub_err_t ++grub_cmd_xen_hypervisor (grub_command_t cmd __attribute__ ((unused)), ++ int argc, char *argv[]) ++{ ++ struct xen_hypervisor_header sh; ++ grub_file_t file = NULL; ++ ++ grub_dl_ref (my_mod); ++ ++ if (!argc) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); ++ goto fail; ++ } ++ ++ file = grub_file_open (argv[0]); ++ if (!file) ++ goto fail; ++ ++ if (grub_file_read (file, &sh, sizeof (sh)) != (long) sizeof (sh)) ++ goto fail; ++ if (grub_arm64_uefi_check_image ++ ((struct grub_arm64_linux_kernel_header *) &sh) != GRUB_ERR_NONE) ++ goto fail; ++ grub_file_seek (file, 0); ++ ++ /* if another module has called grub_loader_set, ++ we need to make sure that another module is unloaded properly */ ++ grub_loader_unset (); ++ ++ xen_hypervisor = ++ (struct xen_boot_binary *) grub_zalloc (sizeof (struct xen_boot_binary)); ++ if (!xen_hypervisor) ++ return grub_errno; ++ ++ xen_hypervisor->is_hypervisor = 1; ++ xen_hypervisor->align = (grub_size_t) sh.optional_header.section_alignment; ++ ++ xen_boot_binary_load (xen_hypervisor, file, argc, argv); ++ if (grub_errno == GRUB_ERR_NONE) ++ { ++ grub_loader_set (xen_boot, xen_unload, 0); ++ loaded = 1; ++ } ++ ++fail: ++ if (file) ++ grub_file_close (file); ++ if (grub_errno != GRUB_ERR_NONE) ++ { ++ loaded = 0; ++ all_binaries_unload (); ++ grub_dl_unref (my_mod); ++ } ++ ++ return grub_errno; ++} ++ ++static grub_command_t cmd_xen_hypervisor; ++static grub_command_t cmd_xen_module; ++ ++GRUB_MOD_INIT (xen_boot) ++{ ++ cmd_xen_hypervisor = ++ grub_register_command ("xen_hypervisor", grub_cmd_xen_hypervisor, 0, ++ N_("Load a xen hypervisor.")); ++ cmd_xen_module = ++ grub_register_command ("xen_module", grub_cmd_xen_module, 0, ++ N_("Load a xen module.")); ++ my_mod = mod; ++} ++ ++GRUB_MOD_FINI (xen_boot) ++{ ++ grub_unregister_command (cmd_xen_hypervisor); ++ grub_unregister_command (cmd_xen_module); ++} +Index: b/include/grub/arm64/fdtload.h +=================================================================== +--- /dev/null ++++ b/include/grub/arm64/fdtload.h +@@ -0,0 +1,35 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2013-2015 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_FDTLOAD_CPU_HEADER ++#define GRUB_FDTLOAD_CPU_HEADER 1 ++ ++#include ++#include ++ ++void * ++grub_fdt_load (grub_size_t additional_size); ++void ++grub_fdt_unload (void); ++grub_err_t ++grub_fdt_install (void); ++ ++#define GRUB_EFI_PAGE_SHIFT 12 ++#define GRUB_EFI_BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> GRUB_EFI_PAGE_SHIFT) ++ ++#endif +Index: b/grub-core/Makefile.core.def +=================================================================== +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1673,13 +1673,19 @@ module = { + ia64_efi = loader/ia64/efi/linux.c; + arm = loader/arm/linux.c; + arm64 = loader/arm64/linux.c; +- fdt = lib/fdt.c; + common = loader/linux.c; + common = lib/cmdline.c; + enable = noemu; + }; + + module = { ++ name = fdt; ++ arm64 = loader/arm64/fdt.c; ++ common = lib/fdt.c; ++ enable = fdt; ++}; ++ ++module = { + name = xnu; + x86 = loader/xnu_resume.c; + x86 = loader/i386/xnu.c; +Index: b/grub-core/lib/fdt.c +=================================================================== +--- a/grub-core/lib/fdt.c ++++ b/grub-core/lib/fdt.c +@@ -19,6 +19,9 @@ + #include + #include + #include ++#include ++ ++GRUB_MOD_LICENSE ("GPLv3+"); + + #define FDT_SUPPORTED_VERSION 17 + diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_chainloader_path.patch grub2-2.02~beta2/debian/patches/linuxefi_chainloader_path.patch --- grub2-2.02~beta2/debian/patches/linuxefi_chainloader_path.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_chainloader_path.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,34 @@ +From 4b30b1a7b7eac0981b91fd76b21e8bd674b4d7fc Mon Sep 17 00:00:00 2001 +From: Raymund Will +Date: Fri, 10 Apr 2015 01:45:02 -0400 +Subject: [PATCH] Use device part of chainloader target, if present. + +Otherwise chainloading is restricted to '$root', which might not even +be readable by EFI! + +v1. use grub_file_get_device_name() to get device name + +Signed-off-by: Michael Chang +Signed-off-by: Peter Jones +--- + grub-core/loader/efi/chainloader.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +Index: b/grub-core/loader/efi/chainloader.c +=================================================================== +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -219,8 +219,11 @@ grub_cmd_chainloader (grub_command_t cmd + if (! file) + goto fail; + +- /* Get the root device's device path. */ +- dev = grub_device_open (0); ++ /* Get the device path from filename. */ ++ char *devname = grub_file_get_device_name (filename); ++ dev = grub_device_open (devname); ++ if (devname) ++ grub_free (devname); + if (! dev) + goto fail; + diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_chainloader_pe_fixes.patch grub2-2.02~beta2/debian/patches/linuxefi_chainloader_pe_fixes.patch --- grub2-2.02~beta2/debian/patches/linuxefi_chainloader_pe_fixes.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_chainloader_pe_fixes.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,350 @@ +From 8170e902e9c48cee1dc727445656a1c4b802b70e Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Thu, 9 Jun 2016 12:22:29 -0400 +Subject: [PATCH] Re-work some intricacies of PE loading. + +The PE spec is not a well written document, and awesomely every place +where there's an ambiguous way to read something, Windows' bootmgfw.efi +takes a different read than either of them. +--- + grub-core/loader/efi/chainloader.c | 156 +++++++++++++++++++++++++++++-------- + include/grub/efi/pe32.h | 32 ++++++- + 2 files changed, 152 insertions(+), 36 deletions(-) + +Index: b/grub-core/loader/efi/chainloader.c +=================================================================== +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -297,7 +297,7 @@ image_is_64_bit (grub_pe_header_t *pe_hd + return 0; + } + +-static const grub_uint16_t machine_type = ++static const grub_uint16_t machine_type __attribute__((__unused__)) = + #if defined(__x86_64__) + GRUB_PE32_MACHINE_X86_64; + #elif defined(__aarch64__) +@@ -363,10 +363,10 @@ relocate_coff (pe_coff_loader_image_cont + + reloc_base = image_address (orig, size, section->raw_data_offset); + reloc_base_end = image_address (orig, size, section->raw_data_offset +- + section->virtual_size - 1); ++ + section->virtual_size); + +- grub_dprintf ("chain", "reloc_base %p reloc_base_end %p\n", reloc_base, +- reloc_base_end); ++ grub_dprintf ("chain", "relocate_coff(): reloc_base %p reloc_base_end %p\n", ++ reloc_base, reloc_base_end); + + if (!reloc_base && !reloc_base_end) + return GRUB_EFI_SUCCESS; +@@ -503,12 +503,13 @@ handle_image (void *data, grub_efi_uint3 + grub_efi_status_t efi_status; + char *buffer = NULL; + char *buffer_aligned = NULL; +- grub_efi_uint32_t i, size; ++ grub_efi_uint32_t i; + struct grub_pe32_section_table *section; + char *base, *end; + pe_coff_loader_image_context_t context; + grub_uint32_t section_alignment; + grub_uint32_t buffer_size; ++ int found_entry_point = 0; + + b = grub_efi_system_table->boot_services; + +@@ -522,8 +523,28 @@ handle_image (void *data, grub_efi_uint3 + goto error_exit; + } + ++ /* ++ * The spec says, uselessly, of SectionAlignment: ++ * ===== ++ * The alignment (in bytes) of sections when they are loaded into ++ * memory. It must be greater than or equal to FileAlignment. The ++ * default is the page size for the architecture. ++ * ===== ++ * Which doesn't tell you whose responsibility it is to enforce the ++ * "default", or when. It implies that the value in the field must ++ * be > FileAlignment (also poorly defined), but it appears visual ++ * studio will happily write 512 for FileAlignment (its default) and ++ * 0 for SectionAlignment, intending to imply PAGE_SIZE. ++ * ++ * We only support one page size, so if it's zero, nerf it to 4096. ++ */ + section_alignment = context.section_alignment; ++ if (section_alignment == 0) ++ section_alignment = 4096; ++ + buffer_size = context.image_size + section_alignment; ++ grub_dprintf ("chain", "image size is %08lx, datasize is %08x\n", ++ context.image_size, datasize); + + efi_status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA, + buffer_size, (void **) &buffer); +@@ -535,7 +556,6 @@ handle_image (void *data, grub_efi_uint3 + } + + buffer_aligned = (char *)ALIGN_UP ((grub_addr_t)buffer, section_alignment); +- + if (!buffer_aligned) + { + grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); +@@ -544,27 +564,62 @@ handle_image (void *data, grub_efi_uint3 + + grub_memcpy (buffer_aligned, data, context.size_of_headers); + ++ entry_point = image_address (buffer_aligned, context.image_size, ++ context.entry_point); ++ ++ grub_dprintf ("chain", "entry_point: %p\n", entry_point); ++ if (!entry_point) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid entry point"); ++ goto error_exit; ++ } ++ + char *reloc_base, *reloc_base_end; +- reloc_base = image_address (buffer_aligned, datasize, ++ grub_dprintf ("chain", "reloc_dir: %p reloc_size: 0x%08x\n", ++ context.reloc_dir->rva, ++ context.reloc_dir->size); ++ reloc_base = image_address (buffer_aligned, context.image_size, + context.reloc_dir->rva); + /* RelocBaseEnd here is the address of the last byte of the table */ +- reloc_base_end = image_address (buffer_aligned, datasize, ++ reloc_base_end = image_address (buffer_aligned, context.image_size, + context.reloc_dir->rva + + context.reloc_dir->size - 1); ++ grub_dprintf ("chain", "reloc_base: %p reloc_base_end: %p\n", ++ reloc_base, reloc_base_end); ++ + struct grub_pe32_section_table *reloc_section = NULL; + + section = context.first_section; + for (i = 0; i < context.number_of_sections; i++, section++) + { +- size = section->virtual_size; +- if (size > section->raw_data_size) +- size = section->raw_data_size; ++ char name[9]; + + base = image_address (buffer_aligned, context.image_size, + section->virtual_address); + end = image_address (buffer_aligned, context.image_size, +- section->virtual_address + size - 1); ++ section->virtual_address + section->virtual_size -1); + ++ grub_strncpy(name, section->name, 9); ++ name[8] = '\0'; ++ grub_dprintf ("chain", "Section %d \"%s\" at %p..%p\n", i, ++ name, base, end); ++ ++ if (end < base) ++ { ++ grub_dprintf ("chain", " base is %p but end is %p... bad.\n", ++ base, end); ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Image has invalid negative size"); ++ goto error_exit; ++ } ++ ++ if (section->virtual_address <= context.entry_point && ++ (section->virtual_address + section->raw_data_size - 1) ++ > context.entry_point) ++ { ++ found_entry_point++; ++ grub_dprintf ("chain", " section contains entry point\n"); ++ } + + /* We do want to process .reloc, but it's often marked + * discardable, so we don't want to memcpy it. */ +@@ -583,21 +638,46 @@ handle_image (void *data, grub_efi_uint3 + if (section->raw_data_size && section->virtual_size && + base && end && reloc_base == base && reloc_base_end == end) + { ++ grub_dprintf ("chain", " section is relocation section\n"); + reloc_section = section; + } ++ else ++ { ++ grub_dprintf ("chain", " section is not reloc section?\n"); ++ grub_dprintf ("chain", " rds: 0x%08x, vs: %08x\n", ++ section->raw_data_size, section->virtual_size); ++ grub_dprintf ("chain", " base: %p end: %p\n", base, end); ++ grub_dprintf ("chain", " reloc_base: %p reloc_base_end: %p\n", ++ reloc_base, reloc_base_end); ++ } + } + +- if (section->characteristics && GRUB_PE32_SCN_MEM_DISCARDABLE) +- continue; ++ grub_dprintf ("chain", " Section characteristics are %08x\n", ++ section->characteristics); ++ grub_dprintf ("chain", " Section virtual size: %08x\n", ++ section->virtual_size); ++ grub_dprintf ("chain", " Section raw_data size: %08x\n", ++ section->raw_data_size); ++ if (section->characteristics & GRUB_PE32_SCN_MEM_DISCARDABLE) ++ { ++ grub_dprintf ("chain", " Discarding section\n"); ++ continue; ++ } + + if (!base || !end) + { ++ grub_dprintf ("chain", " section is invalid\n"); + grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid section size"); + goto error_exit; + } + +- if (section->virtual_address < context.size_of_headers || +- section->raw_data_offset < context.size_of_headers) ++ if (section->characteristics & GRUB_PE32_SCN_CNT_UNINITIALIZED_DATA) ++ { ++ if (section->raw_data_size != 0) ++ grub_dprintf ("chain", " UNINITIALIZED_DATA section has data?\n"); ++ } ++ else if (section->virtual_address < context.size_of_headers || ++ section->raw_data_offset < context.size_of_headers) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, + "Section %d is inside image headers", i); +@@ -605,13 +685,24 @@ handle_image (void *data, grub_efi_uint3 + } + + if (section->raw_data_size > 0) +- grub_memcpy (base, (grub_efi_uint8_t*)data + section->raw_data_offset, +- size); ++ { ++ grub_dprintf ("chain", " copying 0x%08x bytes to %p\n", ++ section->raw_data_size, base); ++ grub_memcpy (base, ++ (grub_efi_uint8_t*)data + section->raw_data_offset, ++ section->raw_data_size); ++ } + +- if (size < section->virtual_size) +- grub_memset (base + size, 0, section->virtual_size - size); ++ if (section->raw_data_size < section->virtual_size) ++ { ++ grub_dprintf ("chain", " padding with 0x%08x bytes at %p\n", ++ section->virtual_size - section->raw_data_size, ++ base + section->raw_data_size); ++ grub_memset (base + section->raw_data_size, 0, ++ section->virtual_size - section->raw_data_size); ++ } + +- grub_dprintf ("chain", "copied section %s\n", section->name); ++ grub_dprintf ("chain", " finished section %s\n", name); + } + + /* 5 == EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC */ +@@ -634,12 +725,15 @@ handle_image (void *data, grub_efi_uint3 + } + } + +- entry_point = image_address (buffer_aligned, context.image_size, +- context.entry_point); +- +- if (!entry_point) ++ if (!found_entry_point) + { +- grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid entry point"); ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "entry point is not within sections"); ++ goto error_exit; ++ } ++ if (found_entry_point > 1) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "%d sections contain entry point", ++ found_entry_point); + goto error_exit; + } + +@@ -657,26 +751,24 @@ handle_image (void *data, grub_efi_uint3 + li->load_options_size = cmdline_len; + li->file_path = grub_efi_get_media_file_path (file_path); + li->device_handle = dev_handle; +- if (li->file_path) +- { +- grub_printf ("file path: "); +- grub_efi_print_device_path (li->file_path); +- } +- else ++ if (!li->file_path) + { + grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found"); + goto error_exit; + } + ++ grub_dprintf ("chain", "booting via entry point\n"); + efi_status = efi_call_2 (entry_point, grub_efi_image_handle, + grub_efi_system_table); + ++ grub_dprintf ("chain", "entry_point returned %ld\n", efi_status); + grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t)); + efi_status = efi_call_1 (b->free_pool, buffer); + + return 1; + + error_exit: ++ grub_dprintf ("chain", "error_exit: grub_errno: %d\n", grub_errno); + if (buffer) + efi_call_1 (b->free_pool, buffer); + +Index: b/include/grub/efi/pe32.h +=================================================================== +--- a/include/grub/efi/pe32.h ++++ b/include/grub/efi/pe32.h +@@ -227,12 +227,18 @@ struct grub_pe32_section_table + grub_uint32_t characteristics; + }; + ++#define GRUB_PE32_SCN_TYPE_NO_PAD 0x00000008 + #define GRUB_PE32_SCN_CNT_CODE 0x00000020 + #define GRUB_PE32_SCN_CNT_INITIALIZED_DATA 0x00000040 +-#define GRUB_PE32_SCN_MEM_DISCARDABLE 0x02000000 +-#define GRUB_PE32_SCN_MEM_EXECUTE 0x20000000 +-#define GRUB_PE32_SCN_MEM_READ 0x40000000 +-#define GRUB_PE32_SCN_MEM_WRITE 0x80000000 ++#define GRUB_PE32_SCN_CNT_UNINITIALIZED_DATA 0x00000080 ++#define GRUB_PE32_SCN_LNK_OTHER 0x00000100 ++#define GRUB_PE32_SCN_LNK_INFO 0x00000200 ++#define GRUB_PE32_SCN_LNK_REMOVE 0x00000800 ++#define GRUB_PE32_SCN_LNK_COMDAT 0x00001000 ++#define GRUB_PE32_SCN_GPREL 0x00008000 ++#define GRUB_PE32_SCN_MEM_16BIT 0x00020000 ++#define GRUB_PE32_SCN_MEM_LOCKED 0x00040000 ++#define GRUB_PE32_SCN_MEM_PRELOAD 0x00080000 + + #define GRUB_PE32_SCN_ALIGN_1BYTES 0x00100000 + #define GRUB_PE32_SCN_ALIGN_2BYTES 0x00200000 +@@ -241,10 +247,28 @@ struct grub_pe32_section_table + #define GRUB_PE32_SCN_ALIGN_16BYTES 0x00500000 + #define GRUB_PE32_SCN_ALIGN_32BYTES 0x00600000 + #define GRUB_PE32_SCN_ALIGN_64BYTES 0x00700000 ++#define GRUB_PE32_SCN_ALIGN_128BYTES 0x00800000 ++#define GRUB_PE32_SCN_ALIGN_256BYTES 0x00900000 ++#define GRUB_PE32_SCN_ALIGN_512BYTES 0x00A00000 ++#define GRUB_PE32_SCN_ALIGN_1024BYTES 0x00B00000 ++#define GRUB_PE32_SCN_ALIGN_2048BYTES 0x00C00000 ++#define GRUB_PE32_SCN_ALIGN_4096BYTES 0x00D00000 ++#define GRUB_PE32_SCN_ALIGN_8192BYTES 0x00E00000 + + #define GRUB_PE32_SCN_ALIGN_SHIFT 20 + #define GRUB_PE32_SCN_ALIGN_MASK 7 + ++#define GRUB_PE32_SCN_LNK_NRELOC_OVFL 0x01000000 ++#define GRUB_PE32_SCN_MEM_DISCARDABLE 0x02000000 ++#define GRUB_PE32_SCN_MEM_NOT_CACHED 0x04000000 ++#define GRUB_PE32_SCN_MEM_NOT_PAGED 0x08000000 ++#define GRUB_PE32_SCN_MEM_SHARED 0x10000000 ++#define GRUB_PE32_SCN_MEM_EXECUTE 0x20000000 ++#define GRUB_PE32_SCN_MEM_READ 0x40000000 ++#define GRUB_PE32_SCN_MEM_WRITE 0x80000000 ++ ++ ++ + #define GRUB_PE32_SIGNATURE_SIZE 4 + + struct grub_pe32_header diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_chainloader_sb.patch grub2-2.02~beta2/debian/patches/linuxefi_chainloader_sb.patch --- grub2-2.02~beta2/debian/patches/linuxefi_chainloader_sb.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_chainloader_sb.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,820 @@ +From 6cb5703868e185c60b3cb5e78bd84288dd41f275 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 6 Oct 2015 13:04:37 -0400 +Subject: [PATCH] Add secureboot support on efi chainloader + +Expand the chainloader to be able to verify the image by means of shim +lock protocol. The PE/COFF image is loaded and relocated by the +chainloader instead of calling LoadImage and StartImage UEFI boot +Service as they require positive verification result from keys enrolled +in KEK or DB. The shim will use MOK in addition to firmware enrolled +keys to verify the image. + +The chainloader module could be used to load other UEFI bootloaders, +such as xen.efi, and could be signed by any of MOK, KEK or DB. + +Based on https://build.opensuse.org/package/view_file/openSUSE:Factory/grub2/grub2-secureboot-chainloader.patch + +Signed-off-by: Peter Jones +--- + grub-core/Makefile.core.def | 3 + grub-core/loader/efi/chainloader.c | 612 ++++++++++++++++++++++++++++++++++--- + include/grub/efi/pe32.h | 20 + + 3 files changed, 598 insertions(+), 37 deletions(-) + +Index: b/grub-core/loader/efi/chainloader.c +=================================================================== +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -32,6 +32,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include +@@ -46,9 +48,14 @@ static grub_dl_t my_mod; + + static grub_efi_physical_address_t address; + static grub_efi_uintn_t pages; ++static grub_ssize_t fsize; + static grub_efi_device_path_t *file_path; + static grub_efi_handle_t image_handle; + static grub_efi_char16_t *cmdline; ++static grub_ssize_t cmdline_len; ++static grub_efi_handle_t dev_handle; ++ ++static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table); + + static grub_err_t + grub_chainloader_unload (void) +@@ -63,6 +70,7 @@ grub_chainloader_unload (void) + grub_free (cmdline); + cmdline = 0; + file_path = 0; ++ dev_handle = 0; + + grub_dl_unref (my_mod); + return GRUB_ERR_NONE; +@@ -187,12 +195,523 @@ make_file_path (grub_efi_device_path_t * + return file_path; + } + ++#define SHIM_LOCK_GUID \ ++ { 0x605dab50, 0xe046, 0x4300, { 0xab,0xb6,0x3d,0xd8,0x10,0xdd,0x8b,0x23 } } ++ ++typedef union ++{ ++ struct grub_pe32_header_32 pe32; ++ struct grub_pe32_header_64 pe32plus; ++} grub_pe_header_t; ++ ++struct pe_coff_loader_image_context ++{ ++ grub_efi_uint64_t image_address; ++ grub_efi_uint64_t image_size; ++ grub_efi_uint64_t entry_point; ++ grub_efi_uintn_t size_of_headers; ++ grub_efi_uint16_t image_type; ++ grub_efi_uint16_t number_of_sections; ++ grub_efi_uint32_t section_alignment; ++ struct grub_pe32_section_table *first_section; ++ struct grub_pe32_data_directory *reloc_dir; ++ struct grub_pe32_data_directory *sec_dir; ++ grub_efi_uint64_t number_of_rva_and_sizes; ++ grub_pe_header_t *pe_hdr; ++}; ++ ++typedef struct pe_coff_loader_image_context pe_coff_loader_image_context_t; ++ ++struct grub_efi_shim_lock ++{ ++ grub_efi_status_t (*verify)(void *buffer, ++ grub_efi_uint32_t size); ++ grub_efi_status_t (*hash)(void *data, ++ grub_efi_int32_t datasize, ++ pe_coff_loader_image_context_t *context, ++ grub_efi_uint8_t *sha256hash, ++ grub_efi_uint8_t *sha1hash); ++ grub_efi_status_t (*context)(void *data, ++ grub_efi_uint32_t size, ++ pe_coff_loader_image_context_t *context); ++}; ++ ++typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; ++ ++static grub_efi_boolean_t ++read_header (void *data, grub_efi_uint32_t size, ++ pe_coff_loader_image_context_t *context) ++{ ++ grub_efi_guid_t guid = SHIM_LOCK_GUID; ++ grub_efi_shim_lock_t *shim_lock; ++ grub_efi_status_t status; ++ ++ shim_lock = grub_efi_locate_protocol (&guid, NULL); ++ ++ if (!shim_lock) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "no shim lock protocol"); ++ return 0; ++ } ++ ++ status = shim_lock->context (data, size, context); ++ ++ if (status == GRUB_EFI_SUCCESS) ++ { ++ grub_dprintf ("chain", "context success\n"); ++ return 1; ++ } ++ ++ switch (status) ++ { ++ case GRUB_EFI_UNSUPPORTED: ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error unsupported"); ++ break; ++ case GRUB_EFI_INVALID_PARAMETER: ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error invalid parameter"); ++ break; ++ default: ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "context error code"); ++ break; ++ } ++ ++ return 0; ++} ++ ++static void* ++image_address (void *image, grub_efi_uint64_t sz, grub_efi_uint64_t adr) ++{ ++ if (adr > sz) ++ return NULL; ++ ++ return ((grub_uint8_t*)image + adr); ++} ++ ++static int ++image_is_64_bit (grub_pe_header_t *pe_hdr) ++{ ++ /* .Magic is the same offset in all cases */ ++ if (pe_hdr->pe32plus.optional_header.magic == GRUB_PE32_PE64_MAGIC) ++ return 1; ++ return 0; ++} ++ ++static const grub_uint16_t machine_type = ++#if defined(__x86_64__) ++ GRUB_PE32_MACHINE_X86_64; ++#elif defined(__aarch64__) ++ GRUB_PE32_MACHINE_ARM64; ++#elif defined(__arm__) ++ GRUB_PE32_MACHINE_ARMTHUMB_MIXED; ++#elif defined(__i386__) || defined(__i486__) || defined(__i686__) ++ GRUB_PE32_MACHINE_I386; ++#elif defined(__ia64__) ++ GRUB_PE32_MACHINE_IA64; ++#else ++#error this architecture is not supported by grub2 ++#endif ++ ++static grub_efi_status_t ++relocate_coff (pe_coff_loader_image_context_t *context, ++ struct grub_pe32_section_table *section, ++ void *orig, void *data) ++{ ++ struct grub_pe32_data_directory *reloc_base, *reloc_base_end; ++ grub_efi_uint64_t adjust; ++ struct grub_pe32_fixup_block *reloc, *reloc_end; ++ char *fixup, *fixup_base, *fixup_data = NULL; ++ grub_efi_uint16_t *fixup_16; ++ grub_efi_uint32_t *fixup_32; ++ grub_efi_uint64_t *fixup_64; ++ grub_efi_uint64_t size = context->image_size; ++ void *image_end = (char *)orig + size; ++ int n = 0; ++ ++ if (image_is_64_bit (context->pe_hdr)) ++ context->pe_hdr->pe32plus.optional_header.image_base = ++ (grub_uint64_t)(unsigned long)data; ++ else ++ context->pe_hdr->pe32.optional_header.image_base = ++ (grub_uint32_t)(unsigned long)data; ++ ++ /* Alright, so here's how this works: ++ * ++ * context->reloc_dir gives us two things: ++ * - the VA the table of base relocation blocks are (maybe) to be ++ * mapped at (reloc_dir->rva) ++ * - the virtual size (reloc_dir->size) ++ * ++ * The .reloc section (section here) gives us some other things: ++ * - the name! kind of. (section->name) ++ * - the virtual size (section->virtual_size), which should be the same ++ * as RelocDir->Size ++ * - the virtual address (section->virtual_address) ++ * - the file section size (section->raw_data_size), which is ++ * a multiple of optional_header->file_alignment. Only useful for image ++ * validation, not really useful for iteration bounds. ++ * - the file address (section->raw_data_offset) ++ * - a bunch of stuff we don't use that's 0 in our binaries usually ++ * - Flags (section->characteristics) ++ * ++ * and then the thing that's actually at the file address is an array ++ * of struct grub_pe32_fixup_block structs with some values packed behind ++ * them. The block_size field of this structure includes the ++ * structure itself, and adding it to that structure's address will ++ * yield the next entry in the array. ++ */ ++ ++ reloc_base = image_address (orig, size, section->raw_data_offset); ++ reloc_base_end = image_address (orig, size, section->raw_data_offset ++ + section->virtual_size - 1); ++ ++ grub_dprintf ("chain", "reloc_base %p reloc_base_end %p\n", reloc_base, ++ reloc_base_end); ++ ++ if (!reloc_base && !reloc_base_end) ++ return GRUB_EFI_SUCCESS; ++ ++ if (!reloc_base || !reloc_base_end) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc table overflows binary"); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ ++ adjust = (grub_uint64_t)(unsigned long)data - context->image_address; ++ if (adjust == 0) ++ return GRUB_EFI_SUCCESS; ++ ++ while (reloc_base < reloc_base_end) ++ { ++ grub_uint16_t *entry; ++ reloc = (struct grub_pe32_fixup_block *)((char*)reloc_base); ++ ++ if ((reloc_base->size == 0) || ++ (reloc_base->size > context->reloc_dir->size)) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Reloc %d block size %d is invalid\n", n, ++ reloc_base->size); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ ++ entry = &reloc->entries[0]; ++ reloc_end = (struct grub_pe32_fixup_block *) ++ ((char *)reloc_base + reloc_base->size); ++ ++ if ((void *)reloc_end < data || (void *)reloc_end > image_end) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc entry %d overflows binary", ++ n); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ ++ fixup_base = image_address(data, size, reloc_base->rva); ++ ++ if (!fixup_base) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc %d Invalid fixupbase", n); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ ++ while ((void *)entry < (void *)reloc_end) ++ { ++ fixup = fixup_base + (*entry & 0xFFF); ++ switch ((*entry) >> 12) ++ { ++ case GRUB_PE32_REL_BASED_ABSOLUTE: ++ break; ++ case GRUB_PE32_REL_BASED_HIGH: ++ fixup_16 = (grub_uint16_t *)fixup; ++ *fixup_16 = (grub_uint16_t) ++ (*fixup_16 + ((grub_uint16_t)((grub_uint32_t)adjust >> 16))); ++ if (fixup_data != NULL) ++ { ++ *(grub_uint16_t *) fixup_data = *fixup_16; ++ fixup_data = fixup_data + sizeof (grub_uint16_t); ++ } ++ break; ++ case GRUB_PE32_REL_BASED_LOW: ++ fixup_16 = (grub_uint16_t *)fixup; ++ *fixup_16 = (grub_uint16_t) (*fixup_16 + (grub_uint16_t)adjust); ++ if (fixup_data != NULL) ++ { ++ *(grub_uint16_t *) fixup_data = *fixup_16; ++ fixup_data = fixup_data + sizeof (grub_uint16_t); ++ } ++ break; ++ case GRUB_PE32_REL_BASED_HIGHLOW: ++ fixup_32 = (grub_uint32_t *)fixup; ++ *fixup_32 = *fixup_32 + (grub_uint32_t)adjust; ++ if (fixup_data != NULL) ++ { ++ fixup_data = (char *)ALIGN_UP ((grub_addr_t)fixup_data, sizeof (grub_uint32_t)); ++ *(grub_uint32_t *) fixup_data = *fixup_32; ++ fixup_data += sizeof (grub_uint32_t); ++ } ++ break; ++ case GRUB_PE32_REL_BASED_DIR64: ++ fixup_64 = (grub_uint64_t *)fixup; ++ *fixup_64 = *fixup_64 + (grub_uint64_t)adjust; ++ if (fixup_data != NULL) ++ { ++ fixup_data = (char *)ALIGN_UP ((grub_addr_t)fixup_data, sizeof (grub_uint64_t)); ++ *(grub_uint64_t *) fixup_data = *fixup_64; ++ fixup_data += sizeof (grub_uint64_t); ++ } ++ break; ++ default: ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Reloc %d unknown relocation type %d", ++ n, (*entry) >> 12); ++ return GRUB_EFI_UNSUPPORTED; ++ } ++ entry += 1; ++ } ++ reloc_base = (struct grub_pe32_data_directory *)reloc_end; ++ n++; ++ } ++ ++ return GRUB_EFI_SUCCESS; ++} ++ ++static grub_efi_device_path_t * ++grub_efi_get_media_file_path (grub_efi_device_path_t *dp) ++{ ++ while (1) ++ { ++ grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp); ++ grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp); ++ ++ if (type == GRUB_EFI_END_DEVICE_PATH_TYPE) ++ break; ++ else if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE ++ && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE) ++ return dp; ++ ++ dp = GRUB_EFI_NEXT_DEVICE_PATH (dp); ++ } ++ ++ return NULL; ++} ++ ++static grub_efi_boolean_t ++handle_image (void *data, grub_efi_uint32_t datasize) ++{ ++ grub_efi_boot_services_t *b; ++ grub_efi_loaded_image_t *li, li_bak; ++ grub_efi_status_t efi_status; ++ char *buffer = NULL; ++ char *buffer_aligned = NULL; ++ grub_efi_uint32_t i, size; ++ struct grub_pe32_section_table *section; ++ char *base, *end; ++ pe_coff_loader_image_context_t context; ++ grub_uint32_t section_alignment; ++ grub_uint32_t buffer_size; ++ ++ b = grub_efi_system_table->boot_services; ++ ++ if (read_header (data, datasize, &context)) ++ { ++ grub_dprintf ("chain", "Succeed to read header\n"); ++ } ++ else ++ { ++ grub_dprintf ("chain", "Failed to read header\n"); ++ goto error_exit; ++ } ++ ++ section_alignment = context.section_alignment; ++ buffer_size = context.image_size + section_alignment; ++ ++ efi_status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA, ++ buffer_size, (void **) &buffer); ++ ++ if (efi_status != GRUB_EFI_SUCCESS) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ goto error_exit; ++ } ++ ++ buffer_aligned = (char *)ALIGN_UP ((grub_addr_t)buffer, section_alignment); ++ ++ if (!buffer_aligned) ++ { ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory")); ++ goto error_exit; ++ } ++ ++ grub_memcpy (buffer_aligned, data, context.size_of_headers); ++ ++ char *reloc_base, *reloc_base_end; ++ reloc_base = image_address (buffer_aligned, datasize, ++ context.reloc_dir->rva); ++ /* RelocBaseEnd here is the address of the last byte of the table */ ++ reloc_base_end = image_address (buffer_aligned, datasize, ++ context.reloc_dir->rva ++ + context.reloc_dir->size - 1); ++ struct grub_pe32_section_table *reloc_section = NULL; ++ ++ section = context.first_section; ++ for (i = 0; i < context.number_of_sections; i++, section++) ++ { ++ size = section->virtual_size; ++ if (size > section->raw_data_size) ++ size = section->raw_data_size; ++ ++ base = image_address (buffer_aligned, context.image_size, ++ section->virtual_address); ++ end = image_address (buffer_aligned, context.image_size, ++ section->virtual_address + size - 1); ++ ++ ++ /* We do want to process .reloc, but it's often marked ++ * discardable, so we don't want to memcpy it. */ ++ if (grub_memcmp (section->name, ".reloc\0\0", 8) == 0) ++ { ++ if (reloc_section) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Image has multiple relocation sections"); ++ goto error_exit; ++ } ++ ++ /* If it has nonzero sizes, and our bounds check ++ * made sense, and the VA and size match RelocDir's ++ * versions, then we believe in this section table. */ ++ if (section->raw_data_size && section->virtual_size && ++ base && end && reloc_base == base && reloc_base_end == end) ++ { ++ reloc_section = section; ++ } ++ } ++ ++ if (section->characteristics && GRUB_PE32_SCN_MEM_DISCARDABLE) ++ continue; ++ ++ if (!base || !end) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid section size"); ++ goto error_exit; ++ } ++ ++ if (section->virtual_address < context.size_of_headers || ++ section->raw_data_offset < context.size_of_headers) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, ++ "Section %d is inside image headers", i); ++ goto error_exit; ++ } ++ ++ if (section->raw_data_size > 0) ++ grub_memcpy (base, (grub_efi_uint8_t*)data + section->raw_data_offset, ++ size); ++ ++ if (size < section->virtual_size) ++ grub_memset (base + size, 0, section->virtual_size - size); ++ ++ grub_dprintf ("chain", "copied section %s\n", section->name); ++ } ++ ++ /* 5 == EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC */ ++ if (context.number_of_rva_and_sizes <= 5) ++ { ++ grub_dprintf ("chain", "image has no relocation entry\n"); ++ goto error_exit; ++ } ++ ++ if (context.reloc_dir->size && reloc_section) ++ { ++ /* run the relocation fixups */ ++ efi_status = relocate_coff (&context, reloc_section, data, ++ buffer_aligned); ++ ++ if (efi_status != GRUB_EFI_SUCCESS) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "relocation failed"); ++ goto error_exit; ++ } ++ } ++ ++ entry_point = image_address (buffer_aligned, context.image_size, ++ context.entry_point); ++ ++ if (!entry_point) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid entry point"); ++ goto error_exit; ++ } ++ ++ li = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (!li) ++ { ++ grub_error (GRUB_ERR_BAD_ARGUMENT, "no loaded image available"); ++ goto error_exit; ++ } ++ ++ grub_memcpy (&li_bak, li, sizeof (grub_efi_loaded_image_t)); ++ li->image_base = buffer_aligned; ++ li->image_size = context.image_size; ++ li->load_options = cmdline; ++ li->load_options_size = cmdline_len; ++ li->file_path = grub_efi_get_media_file_path (file_path); ++ li->device_handle = dev_handle; ++ if (li->file_path) ++ { ++ grub_printf ("file path: "); ++ grub_efi_print_device_path (li->file_path); ++ } ++ else ++ { ++ grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found"); ++ goto error_exit; ++ } ++ ++ efi_status = efi_call_2 (entry_point, grub_efi_image_handle, ++ grub_efi_system_table); ++ ++ grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t)); ++ efi_status = efi_call_1 (b->free_pool, buffer); ++ ++ return 1; ++ ++error_exit: ++ if (buffer) ++ efi_call_1 (b->free_pool, buffer); ++ ++ return 0; ++} ++ ++static grub_err_t ++grub_secureboot_chainloader_unload (void) ++{ ++ grub_efi_boot_services_t *b; ++ ++ b = grub_efi_system_table->boot_services; ++ efi_call_2 (b->free_pages, address, pages); ++ grub_free (file_path); ++ grub_free (cmdline); ++ cmdline = 0; ++ file_path = 0; ++ dev_handle = 0; ++ ++ grub_dl_unref (my_mod); ++ return GRUB_ERR_NONE; ++} ++ ++static grub_err_t ++grub_secureboot_chainloader_boot (void) ++{ ++ handle_image ((void *)address, fsize); ++ grub_loader_unset (); ++ return grub_errno; ++} ++ + static grub_err_t + grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)), + int argc, char *argv[]) + { + grub_file_t file = 0; +- grub_ssize_t size; + grub_efi_status_t status; + grub_efi_boot_services_t *b; + grub_device_t dev = 0; +@@ -200,7 +719,6 @@ grub_cmd_chainloader (grub_command_t cmd + grub_efi_loaded_image_t *loaded_image; + char *filename; + void *boot_image = 0; +- grub_efi_handle_t dev_handle = 0; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -212,9 +730,36 @@ grub_cmd_chainloader (grub_command_t cmd + address = 0; + image_handle = 0; + file_path = 0; ++ dev_handle = 0; + + b = grub_efi_system_table->boot_services; + ++ if (argc > 1) ++ { ++ int i; ++ grub_efi_char16_t *p16; ++ ++ for (i = 1, cmdline_len = 0; i < argc; i++) ++ cmdline_len += grub_strlen (argv[i]) + 1; ++ ++ cmdline_len *= sizeof (grub_efi_char16_t); ++ cmdline = p16 = grub_malloc (cmdline_len); ++ if (! cmdline) ++ goto fail; ++ ++ for (i = 1; i < argc; i++) ++ { ++ char *p8; ++ ++ p8 = argv[i]; ++ while (*p8) ++ *(p16++) = *(p8++); ++ ++ *(p16++) = ' '; ++ } ++ *(--p16) = 0; ++ } ++ + file = grub_file_open (filename); + if (! file) + goto fail; +@@ -263,14 +808,14 @@ grub_cmd_chainloader (grub_command_t cmd + grub_printf ("file path: "); + grub_efi_print_device_path (file_path); + +- size = grub_file_size (file); +- if (!size) ++ fsize = grub_file_size (file); ++ if (!fsize) + { + grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), + filename); + goto fail; + } +- pages = (((grub_efi_uintn_t) size + ((1 << 12) - 1)) >> 12); ++ pages = (((grub_efi_uintn_t) fsize + ((1 << 12) - 1)) >> 12); + + status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_ANY_PAGES, + GRUB_EFI_LOADER_CODE, +@@ -284,7 +829,7 @@ grub_cmd_chainloader (grub_command_t cmd + } + + boot_image = (void *) ((grub_addr_t) address); +- if (grub_file_read (file, boot_image, size) != size) ++ if (grub_file_read (file, boot_image, fsize) != fsize) + { + if (grub_errno == GRUB_ERR_NONE) + grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +@@ -294,7 +839,7 @@ grub_cmd_chainloader (grub_command_t cmd + } + + #if defined (__i386__) || defined (__x86_64__) +- if (size >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) ++ if (fsize >= (grub_ssize_t) sizeof (struct grub_macho_fat_header)) + { + struct grub_macho_fat_header *head = boot_image; + if (head->magic +@@ -303,6 +848,14 @@ grub_cmd_chainloader (grub_command_t cmd + grub_uint32_t i; + struct grub_macho_fat_arch *archs + = (struct grub_macho_fat_arch *) (head + 1); ++ ++ if (grub_efi_secure_boot()) ++ { ++ grub_error (GRUB_ERR_BAD_OS, ++ "MACHO binaries are forbidden with Secure Boot"); ++ goto fail; ++ } ++ + for (i = 0; i < grub_cpu_to_le32 (head->nfat_arch); i++) + { + if (GRUB_MACHO_CPUTYPE_IS_HOST_CURRENT (archs[i].cputype)) +@@ -317,21 +870,28 @@ grub_cmd_chainloader (grub_command_t cmd + > ~grub_cpu_to_le32 (archs[i].size) + || grub_cpu_to_le32 (archs[i].offset) + + grub_cpu_to_le32 (archs[i].size) +- > (grub_size_t) size) ++ > (grub_size_t) fsize) + { + grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), + filename); + goto fail; + } + boot_image = (char *) boot_image + grub_cpu_to_le32 (archs[i].offset); +- size = grub_cpu_to_le32 (archs[i].size); ++ fsize = grub_cpu_to_le32 (archs[i].size); + } + } + #endif + ++ if (grub_linuxefi_secure_validate((void *)address, fsize)) ++ { ++ grub_file_close (file); ++ grub_loader_set (grub_secureboot_chainloader_boot, ++ grub_secureboot_chainloader_unload, 0); ++ return 0; ++ } ++ + status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, +- boot_image, size, +- &image_handle); ++ boot_image, fsize, &image_handle); + if (status != GRUB_EFI_SUCCESS) + { + if (status == GRUB_EFI_OUT_OF_RESOURCES) +@@ -355,33 +915,10 @@ grub_cmd_chainloader (grub_command_t cmd + + grub_file_close (file); + +- if (argc > 1) ++ if (cmdline) + { +- int i, len; +- grub_efi_char16_t *p16; +- +- for (i = 1, len = 0; i < argc; i++) +- len += grub_strlen (argv[i]) + 1; +- +- len *= sizeof (grub_efi_char16_t); +- cmdline = p16 = grub_malloc (len); +- if (! cmdline) +- goto fail; +- +- for (i = 1; i < argc; i++) +- { +- char *p8; +- +- p8 = argv[i]; +- while (*p8) +- *(p16++) = *(p8++); +- +- *(p16++) = ' '; +- } +- *(--p16) = 0; +- + loaded_image->load_options = cmdline; +- loaded_image->load_options_size = len; ++ loaded_image->load_options_size = cmdline_len; + } + + grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); +@@ -400,6 +937,9 @@ grub_cmd_chainloader (grub_command_t cmd + if (address) + efi_call_2 (b->free_pages, address, pages); + ++ if (cmdline) ++ grub_free (cmdline); ++ + grub_dl_unref (my_mod); + + return grub_errno; +Index: b/include/grub/efi/pe32.h +=================================================================== +--- a/include/grub/efi/pe32.h ++++ b/include/grub/efi/pe32.h +@@ -212,7 +212,11 @@ struct grub_pe64_optional_header + struct grub_pe32_section_table + { + char name[8]; +- grub_uint32_t virtual_size; ++ union ++ { ++ grub_uint32_t physical_address; ++ grub_uint32_t virtual_size; ++ }; + grub_uint32_t virtual_address; + grub_uint32_t raw_data_size; + grub_uint32_t raw_data_offset; +@@ -263,6 +267,20 @@ struct grub_pe32_header + #endif + }; + ++struct grub_pe32_header_32 ++{ ++ char signature[GRUB_PE32_SIGNATURE_SIZE]; ++ struct grub_pe32_coff_header coff_header; ++ struct grub_pe32_optional_header optional_header; ++}; ++ ++struct grub_pe32_header_64 ++{ ++ char signature[GRUB_PE32_SIGNATURE_SIZE]; ++ struct grub_pe32_coff_header coff_header; ++ struct grub_pe64_optional_header optional_header; ++}; ++ + struct grub_pe32_fixup_block + { + grub_uint32_t page_rva; +Index: b/grub-core/Makefile.core.def +=================================================================== +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -1708,6 +1708,7 @@ module = { + + module = { + name = linuxefi; ++ cflags = '-Wno-error=format= -Wno-error=cast-align -Wno-error=int-to-pointer-cast -Wno-error=pointer-to-int-cast -Wno-error=unused-parameter'; + efi = loader/i386/efi/linux.c; + efi = lib/cmdline.c; + efi = loader/efi/linux.c; +@@ -1717,7 +1718,9 @@ module = { + + module = { + name = chain; ++ cflags = '-Wno-error=format= -Wno-error=cast-align -Wno-error=int-to-pointer-cast -Wno-error=pointer-to-int-cast -Wno-error=unused-parameter'; + efi = loader/efi/chainloader.c; ++ efi = loader/efi/linux.c; + i386_pc = loader/i386/pc/chainloader.c; + i386_coreboot = loader/i386/coreboot/chainloader.c; + i386_coreboot = lib/LzmaDec.c; diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_debug.patch grub2-2.02~beta2/debian/patches/linuxefi_debug.patch --- grub2-2.02~beta2/debian/patches/linuxefi_debug.patch 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_debug.patch 2020-08-24 08:54:59.000000000 +0000 @@ -1,18 +1,19 @@ -From a8f1ec0423c5dc99485e2a2db538b2c89f9f415d Mon Sep 17 00:00:00 2001 +From 519c28e1053a5d5e398120a577384d5162b48c77 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:18 +0000 Subject: Add more debugging to linuxefi Forwarded: no -Last-Update: 2013-01-29 +Last-Update: 2016-09-19 Patch-Name: linuxefi_debug.patch --- - grub-core/loader/i386/efi/linux.c | 28 +++++++++++++++++++++++++--- - 1 file changed, 25 insertions(+), 3 deletions(-) + grub-core/loader/efi/linux.c | 15 +++++++++++++-- + grub-core/loader/i386/efi/linux.c | 8 ++++++++ + 2 files changed, 21 insertions(+), 2 deletions(-) -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index ebaf1db..2bf38fa 100644 +Index: b/grub-core/loader/i386/efi/linux.c +=================================================================== --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -19,6 +19,7 @@ @@ -23,38 +24,7 @@ #include #include #include -@@ -54,15 +55,27 @@ grub_linuxefi_secure_validate (void *data, grub_uint32_t size) - { - grub_efi_guid_t guid = SHIM_LOCK_GUID; - grub_efi_shim_lock_t *shim_lock; -+ grub_efi_status_t status; - -+ grub_dprintf ("linuxefi", "Locating shim protocol\n"); - shim_lock = grub_efi_locate_protocol(&guid, NULL); - - if (!shim_lock) -- return 1; -+ { -+ grub_dprintf ("linuxefi", "shim not available\n"); -+ return 1; -+ } - -- if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS) -- return 1; -+ grub_dprintf ("linuxefi", "Asking shim to verify kernel signature\n"); -+ status = shim_lock->verify(data, size); -+ if (status == GRUB_EFI_SUCCESS) -+ { -+ grub_dprintf ("linuxefi", "Kernel signature verification passed\n"); -+ return 1; -+ } - -+ grub_dprintf ("linuxefi", "Kernel signature verification failed (0x%lx)\n", -+ (unsigned long) status); - return 0; - } - -@@ -147,6 +160,8 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), +@@ -114,6 +115,8 @@ grub_cmd_initrd (grub_command_t cmd __at goto fail; } @@ -63,16 +33,16 @@ params->ramdisk_size = size; params->ramdisk_image = (grub_uint32_t)(grub_addr_t) initrd_mem; -@@ -236,6 +251,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -201,6 +204,8 @@ grub_cmd_linux (grub_command_t cmd __att goto fail; } + grub_dprintf ("linuxefi", "params = %lx\n", (unsigned long) params); + - memset (params, 0, 16384); + grub_memset (params, 0, 16384); - if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) -@@ -279,6 +296,9 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), + grub_memcpy (&lh, kernel, sizeof (lh)); +@@ -238,6 +243,9 @@ grub_cmd_linux (grub_command_t cmd __att goto fail; } @@ -82,12 +52,36 @@ grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE)); grub_create_loader_cmdline (argc, argv, linux_cmdline + sizeof (LINUX_IMAGE) - 1, -@@ -304,6 +324,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - goto fail; - } +Index: b/grub-core/loader/efi/linux.c +=================================================================== +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -40,15 +40,26 @@ grub_linuxefi_secure_validate (void *dat + grub_efi_shim_lock_t *shim_lock; + grub_efi_status_t status; + ++ grub_dprintf ("linuxefi", "Locating shim protocol\n"); + shim_lock = grub_efi_locate_protocol(&guid, NULL); + grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock); + if (!shim_lock) +- return 0; ++ { ++ grub_dprintf ("linuxefi", "shim not available\n"); ++ return 0; ++ } -+ grub_dprintf ("linuxefi", "kernel_mem = %lx\n", (unsigned long) kernel_mem); ++ grub_dprintf ("linuxefi", "Asking shim to verify kernel signature\n"); + status = shim_lock->verify(data, size); + grub_dprintf ("secureboot", "shim_lock->verify(): %ld\n", status); + if (status == GRUB_EFI_SUCCESS) +- return 1; ++ { ++ grub_dprintf ("linuxefi", "Kernel signature verification passed\n"); ++ return 1; ++ } + - if (grub_file_seek (file, start) == (grub_off_t) -1) - { - grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), ++ grub_dprintf ("linuxefi", "Kernel signature verification failed (0x%lx)\n", ++ (unsigned long) status); + + return -1; + } diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_disable_sb_fallback.patch grub2-2.02~beta2/debian/patches/linuxefi_disable_sb_fallback.patch --- grub2-2.02~beta2/debian/patches/linuxefi_disable_sb_fallback.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_disable_sb_fallback.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,43 @@ +From 10a7a5a6402467899a4b733d948eb94b643a5e4e Mon Sep 17 00:00:00 2001 +From: Linn Crosetto +Date: Tue, 5 Apr 2016 11:49:05 -0600 +Subject: Disallow unsigned kernels if UEFI Secure Boot is enabled + +If UEFI Secure Boot is enabled and kernel signature verification fails, do not +boot the kernel. Before this change, if kernel signature verification failed +then GRUB would fall back to calling ExitBootServices() and continuing the +boot. + +Patch-Name: linuxefi_disable_sb_fallback.patch + +Signed-off-by: Linn Crosetto +--- + grub-core/loader/i386/linux.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +Index: bionic/grub-core/loader/i386/linux.c +=================================================================== +--- bionic.orig/grub-core/loader/i386/linux.c ++++ bionic/grub-core/loader/i386/linux.c +@@ -704,10 +704,8 @@ grub_cmd_linux (grub_command_t cmd __att + using_linuxefi = 0; + if (grub_efi_secure_boot ()) + { +- /* Try linuxefi first, which will require a successful signature check +- and then hand over to the kernel without calling ExitBootServices. +- If that fails, however, fall back to calling ExitBootServices +- ourselves and then booting an unsigned kernel. */ ++ /* linuxefi requires a successful signature check and then hand over ++ to the kernel without calling ExitBootServices. */ + grub_dl_t mod; + grub_command_t linuxefi_cmd; + +@@ -729,7 +727,7 @@ grub_cmd_linux (grub_command_t cmd __att + return GRUB_ERR_NONE; + } + grub_dprintf ("linux", "linuxefi failed (%d)\n", grub_errno); +- grub_errno = GRUB_ERR_NONE; ++ goto fail; + } + } + } diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_fix_relocate_coff.patch grub2-2.02~beta2/debian/patches/linuxefi_fix_relocate_coff.patch --- grub2-2.02~beta2/debian/patches/linuxefi_fix_relocate_coff.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_fix_relocate_coff.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,36 @@ +From bfe7c890db05f79d34752498991b5e40bc11e263 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Mon, 21 Nov 2016 15:34:00 +0100 +Subject: efi/chainloader: fix wrong sanity check in relocate_coff() + +In relocate_coff(), the relocation entries are parsed from the original +image (not the section-wise copied image). The original image is +pointed-to by the "orig" pointer. The current check + + (void *)reloc_end < data + +compares the addresses of independent memory allocations. "data" is a typo +here, it should be "orig". + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1347291 +Signed-off-by: Laszlo Ersek +Tested-by: Bogdan Costescu +Tested-by: Juan Orti +Patch-Name: linuxefi_fix_relocate_coff.patch +--- + grub-core/loader/efi/chainloader.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: grub2-2.02~beta2/grub-core/loader/efi/chainloader.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/efi/chainloader.c ++++ grub2-2.02~beta2/grub-core/loader/efi/chainloader.c +@@ -397,7 +397,7 @@ relocate_coff (pe_coff_loader_image_cont + reloc_end = (struct grub_pe32_fixup_block *) + ((char *)reloc_base + reloc_base->size); + +- if ((void *)reloc_end < data || (void *)reloc_end > image_end) ++ if ((void *)reloc_end < orig || (void *)reloc_end > image_end) + { + grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc entry %d overflows binary", + n); diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_fix_validation_race.patch grub2-2.02~beta2/debian/patches/linuxefi_fix_validation_race.patch --- grub2-2.02~beta2/debian/patches/linuxefi_fix_validation_race.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_fix_validation_race.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,89 @@ +From 93ff3333a3fbd26e07cd425166b7d7fb243f033f Mon Sep 17 00:00:00 2001 +From: Matthew Garrett +Date: Tue, 14 Jul 2015 16:58:51 -0700 +Subject: [PATCH] Fix race in EFI validation + +--- + grub-core/loader/i386/efi/linux.c | 40 ++++++++------------------------------ + 1 file changed, 9 insertions(+), 31 deletions(-) + +Index: b/grub-core/loader/i386/efi/linux.c +=================================================================== +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -154,7 +154,7 @@ grub_cmd_linux (grub_command_t cmd __att + grub_file_t file = 0; + struct linux_kernel_header lh; + grub_ssize_t len, start, filelen; +- void *kernel; ++ void *kernel = NULL; + + grub_dl_ref (my_mod); + +@@ -190,10 +190,6 @@ grub_cmd_linux (grub_command_t cmd __att + goto fail; + } + +- grub_file_seek (file, 0); +- +- grub_free(kernel); +- + params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384)); + + if (! params) +@@ -204,13 +200,7 @@ grub_cmd_linux (grub_command_t cmd __att + + grub_memset (params, 0, 16384); + +- if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) +- { +- if (!grub_errno) +- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +- argv[0]); +- goto fail; +- } ++ grub_memcpy (&lh, kernel, sizeof (lh)); + + if (lh.boot_flag != grub_cpu_to_le16 (0xaa55)) + { +@@ -270,26 +260,11 @@ grub_cmd_linux (grub_command_t cmd __att + goto fail; + } + +- if (grub_file_seek (file, start) == (grub_off_t) -1) +- { +- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +- argv[0]); +- goto fail; +- } +- +- if (grub_file_read (file, kernel_mem, len) != len && !grub_errno) +- { +- grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"), +- argv[0]); +- } +- +- if (grub_errno == GRUB_ERR_NONE) +- { +- grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); +- loaded = 1; +- lh.code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; +- } ++ grub_memcpy (kernel_mem, (char *)kernel + start, len); ++ grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0); ++ loaded=1; + ++ lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem; + grub_memcpy (params, &lh, 2 * 512); + + params->type_of_loader = 0x21; +@@ -299,6 +274,9 @@ grub_cmd_linux (grub_command_t cmd __att + if (file) + grub_file_close (file); + ++ if (kernel) ++ grub_free (kernel); ++ + if (grub_errno != GRUB_ERR_NONE) + { + grub_dl_unref (my_mod); diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_loaders_enforce_sb.patch grub2-2.02~beta2/debian/patches/linuxefi_loaders_enforce_sb.patch --- grub2-2.02~beta2/debian/patches/linuxefi_loaders_enforce_sb.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_loaders_enforce_sb.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,531 @@ +From e9ed48bb0a655886f26dfa5f4b8aa318513b7a51 Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Tue, 6 Oct 2015 16:09:25 -0400 +Subject: [PATCH] Make any of the loaders that link in efi mode honor secure + boot. + +And in this case "honor" means "even if somebody does link this in, they +won't register commands if SB is enabled." + +Signed-off-by: Peter Jones +--- + grub-core/Makefile.am | 1 + + grub-core/Makefile.core.def | 1 + + grub-core/commands/iorw.c | 7 +++++ + grub-core/commands/memrw.c | 7 +++++ + grub-core/kern/dl.c | 1 + + grub-core/kern/efi/efi.c | 28 ------------------ + grub-core/kern/efi/sb.c | 58 ++++++++++++++++++++++++++++++++++++++ + grub-core/loader/efi/appleloader.c | 7 +++++ + grub-core/loader/efi/chainloader.c | 1 + + grub-core/loader/i386/bsd.c | 7 +++++ + grub-core/loader/i386/linux.c | 7 +++++ + grub-core/loader/i386/pc/linux.c | 7 +++++ + grub-core/loader/multiboot.c | 7 +++++ + grub-core/loader/xnu.c | 7 +++++ + include/grub/efi/efi.h | 1 - + include/grub/efi/sb.h | 29 +++++++++++++++++++ + include/grub/ia64/linux.h | 0 + include/grub/mips/linux.h | 0 + include/grub/powerpc/linux.h | 0 + include/grub/sparc64/linux.h | 0 + grub-core/Makefile.am | 1 + grub-core/Makefile.core.def | 1 + grub-core/commands/iorw.c | 7 ++++ + grub-core/commands/memrw.c | 7 ++++ + grub-core/kern/dl.c | 1 + grub-core/kern/efi/efi.c | 28 ----------------- + grub-core/kern/efi/sb.c | 58 +++++++++++++++++++++++++++++++++++++ + grub-core/loader/efi/appleloader.c | 7 ++++ + grub-core/loader/efi/chainloader.c | 1 + grub-core/loader/i386/bsd.c | 7 ++++ + grub-core/loader/i386/linux.c | 7 ++++ + grub-core/loader/i386/pc/linux.c | 7 ++++ + grub-core/loader/multiboot.c | 7 ++++ + grub-core/loader/xnu.c | 7 ++++ + include/grub/efi/efi.h | 1 + include/grub/efi/sb.h | 29 ++++++++++++++++++ + include/grub/powerpc/linux.h | 19 ++++++++++++ + 17 files changed, 166 insertions(+), 29 deletions(-) + create mode 100644 grub-core/kern/efi/sb.c + create mode 100644 include/grub/efi/sb.h + create mode 100644 include/grub/ia64/linux.h + create mode 100644 include/grub/mips/linux.h + create mode 100644 include/grub/powerpc/linux.h + create mode 100644 include/grub/sparc64/linux.h + +Index: b/grub-core/Makefile.am +=================================================================== +--- a/grub-core/Makefile.am ++++ b/grub-core/Makefile.am +@@ -65,6 +65,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/inc + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/device.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/disk.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/dl.h ++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h + KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h +Index: b/grub-core/Makefile.core.def +=================================================================== +--- a/grub-core/Makefile.core.def ++++ b/grub-core/Makefile.core.def +@@ -173,6 +173,7 @@ kernel = { + efi = kern/efi/init.c; + efi = kern/efi/mm.c; + efi = term/efi/console.c; ++ common = kern/efi/sb.c; + + x86 = kern/i386/tsc.c; + +Index: b/grub-core/commands/iorw.c +=================================================================== +--- a/grub-core/commands/iorw.c ++++ b/grub-core/commands/iorw.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -118,6 +119,9 @@ grub_cmd_write (grub_command_t cmd, int + + GRUB_MOD_INIT(memrw) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_read_byte = + grub_register_extcmd ("inb", grub_cmd_read, 0, + N_("PORT"), N_("Read 8-bit value from PORT."), +@@ -146,6 +150,9 @@ GRUB_MOD_INIT(memrw) + + GRUB_MOD_FINI(memrw) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_extcmd (cmd_read_byte); + grub_unregister_extcmd (cmd_read_word); + grub_unregister_extcmd (cmd_read_dword); +Index: b/grub-core/commands/memrw.c +=================================================================== +--- a/grub-core/commands/memrw.c ++++ b/grub-core/commands/memrw.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -120,6 +121,9 @@ grub_cmd_write (grub_command_t cmd, int + + GRUB_MOD_INIT(memrw) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_read_byte = + grub_register_extcmd ("read_byte", grub_cmd_read, 0, + N_("ADDR"), N_("Read 8-bit value from ADDR."), +@@ -148,6 +152,9 @@ GRUB_MOD_INIT(memrw) + + GRUB_MOD_FINI(memrw) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_extcmd (cmd_read_byte); + grub_unregister_extcmd (cmd_read_word); + grub_unregister_extcmd (cmd_read_dword); +Index: b/grub-core/kern/dl.c +=================================================================== +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -32,6 +32,7 @@ + #include + #include + #include ++#include + + /* Platforms where modules are in a readonly area of memory. */ + #if defined(GRUB_MACHINE_QEMU) +Index: b/grub-core/kern/efi/sb.c +=================================================================== +--- /dev/null ++++ b/grub-core/kern/efi/sb.c +@@ -0,0 +1,58 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2014 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++int ++grub_efi_secure_boot (void) ++{ ++#ifdef GRUB_MACHINE_EFI ++ grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; ++ grub_size_t datasize; ++ char *secure_boot = NULL; ++ char *setup_mode = NULL; ++ grub_efi_boolean_t ret = 0; ++ ++ secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize); ++ ++ if (datasize != 1 || !secure_boot) ++ goto out; ++ ++ setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize); ++ ++ if (datasize != 1 || !setup_mode) ++ goto out; ++ ++ if (*secure_boot && !*setup_mode) ++ ret = 1; ++ ++ out: ++ grub_free (secure_boot); ++ grub_free (setup_mode); ++ return ret; ++#else ++ return 0; ++#endif ++} +Index: b/grub-core/loader/efi/appleloader.c +=================================================================== +--- a/grub-core/loader/efi/appleloader.c ++++ b/grub-core/loader/efi/appleloader.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -227,6 +228,9 @@ static grub_command_t cmd; + + GRUB_MOD_INIT(appleloader) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd = grub_register_command ("appleloader", grub_cmd_appleloader, + N_("[OPTS]"), + /* TRANSLATORS: This command is used on EFI to +@@ -238,5 +242,8 @@ GRUB_MOD_INIT(appleloader) + + GRUB_MOD_FINI(appleloader) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_command (cmd); + } +Index: b/grub-core/loader/efi/chainloader.c +=================================================================== +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + #include + #include + #include +Index: b/grub-core/loader/i386/bsd.c +=================================================================== +--- a/grub-core/loader/i386/bsd.c ++++ b/grub-core/loader/i386/bsd.c +@@ -38,6 +38,7 @@ + #ifdef GRUB_MACHINE_PCBIOS + #include + #endif ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -2101,6 +2102,9 @@ static grub_command_t cmd_netbsd_module_ + + GRUB_MOD_INIT (bsd) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + /* Net and OpenBSD kernels are often compressed. */ + grub_dl_load ("gzio"); + +@@ -2140,6 +2144,9 @@ GRUB_MOD_INIT (bsd) + + GRUB_MOD_FINI (bsd) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_extcmd (cmd_freebsd); + grub_unregister_extcmd (cmd_openbsd); + grub_unregister_extcmd (cmd_netbsd); +Index: b/grub-core/loader/i386/linux.c +=================================================================== +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -1137,6 +1138,9 @@ static grub_command_t cmd_linux, cmd_ini + + GRUB_MOD_INIT(linux) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_linux = grub_register_command ("linux", grub_cmd_linux, + 0, N_("Load Linux.")); + cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd, +@@ -1146,6 +1150,9 @@ GRUB_MOD_INIT(linux) + + GRUB_MOD_FINI(linux) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_command (cmd_linux); + grub_unregister_command (cmd_initrd); + } +Index: b/grub-core/loader/i386/pc/linux.c +=================================================================== +--- a/grub-core/loader/i386/pc/linux.c ++++ b/grub-core/loader/i386/pc/linux.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -469,6 +470,9 @@ static grub_command_t cmd_linux, cmd_ini + + GRUB_MOD_INIT(linux16) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_linux = + grub_register_command ("linux16", grub_cmd_linux, + 0, N_("Load Linux.")); +@@ -480,6 +484,9 @@ GRUB_MOD_INIT(linux16) + + GRUB_MOD_FINI(linux16) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_command (cmd_linux); + grub_unregister_command (cmd_initrd); + } +Index: b/grub-core/loader/multiboot.c +=================================================================== +--- a/grub-core/loader/multiboot.c ++++ b/grub-core/loader/multiboot.c +@@ -42,6 +42,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -383,6 +384,9 @@ static grub_command_t cmd_multiboot, cmd + + GRUB_MOD_INIT(multiboot) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_multiboot = + #ifdef GRUB_USE_MULTIBOOT2 + grub_register_command ("multiboot2", grub_cmd_multiboot, +@@ -403,6 +407,9 @@ GRUB_MOD_INIT(multiboot) + + GRUB_MOD_FINI(multiboot) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + grub_unregister_command (cmd_multiboot); + grub_unregister_command (cmd_module); + } +Index: b/grub-core/loader/xnu.c +=================================================================== +--- a/grub-core/loader/xnu.c ++++ b/grub-core/loader/xnu.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -1466,6 +1467,9 @@ static grub_extcmd_t cmd_splash; + + GRUB_MOD_INIT(xnu) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + cmd_kernel = grub_register_command ("xnu_kernel", grub_cmd_xnu_kernel, 0, + N_("Load XNU image.")); + cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64, +@@ -1506,6 +1510,9 @@ GRUB_MOD_INIT(xnu) + + GRUB_MOD_FINI(xnu) + { ++ if (grub_efi_secure_boot()) ++ return; ++ + #ifndef GRUB_MACHINE_EMU + grub_unregister_command (cmd_resume); + #endif +Index: b/include/grub/efi/efi.h +=================================================================== +--- a/include/grub/efi/efi.h ++++ b/include/grub/efi/efi.h +@@ -72,7 +72,6 @@ EXPORT_FUNC (grub_efi_set_variable) (con + const grub_efi_guid_t *guid, + void *data, + grub_size_t datasize); +-grub_efi_boolean_t EXPORT_FUNC (grub_efi_secure_boot) (void); + int + EXPORT_FUNC (grub_efi_compare_device_paths) (const grub_efi_device_path_t *dp1, + const grub_efi_device_path_t *dp2); +Index: b/include/grub/efi/sb.h +=================================================================== +--- /dev/null ++++ b/include/grub/efi/sb.h +@@ -0,0 +1,29 @@ ++/* sb.h - declare functions for EFI Secure Boot support */ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2006,2007,2008,2009 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++#ifndef GRUB_EFI_SB_HEADER ++#define GRUB_EFI_SB_HEADER 1 ++ ++#include ++#include ++ ++/* Functions. */ ++int EXPORT_FUNC (grub_efi_secure_boot) (void); ++ ++#endif /* ! GRUB_EFI_SB_HEADER */ +Index: b/include/grub/powerpc/linux.h +=================================================================== +--- /dev/null ++++ b/include/grub/powerpc/linux.h +@@ -0,0 +1,19 @@ ++/* ++ * GRUB -- GRand Unified Bootloader ++ * Copyright (C) 2008 Free Software Foundation, Inc. ++ * ++ * GRUB is free software: you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation, either version 3 of the License, or ++ * (at your option) any later version. ++ * ++ * GRUB is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with GRUB. If not, see . ++ */ ++ ++/* sb.c (via dl.c) requires grub/cpu/linux.h */ +Index: b/grub-core/kern/efi/efi.c +=================================================================== +--- a/grub-core/kern/efi/efi.c ++++ b/grub-core/kern/efi/efi.c +@@ -259,34 +259,6 @@ grub_efi_get_variable (const char *var, + return NULL; + } + +-grub_efi_boolean_t +-grub_efi_secure_boot (void) +-{ +- grub_efi_guid_t efi_var_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID; +- grub_size_t datasize; +- char *secure_boot = NULL; +- char *setup_mode = NULL; +- grub_efi_boolean_t ret = 0; +- +- secure_boot = grub_efi_get_variable ("SecureBoot", &efi_var_guid, &datasize); +- +- if (datasize != 1 || !secure_boot) +- goto out; +- +- setup_mode = grub_efi_get_variable ("SetupMode", &efi_var_guid, &datasize); +- +- if (datasize != 1 || !setup_mode) +- goto out; +- +- if (*secure_boot && !*setup_mode) +- ret = 1; +- +- out: +- grub_free (secure_boot); +- grub_free (setup_mode); +- return ret; +-} +- + #pragma GCC diagnostic ignored "-Wcast-align" + + /* Search the mods section from the PE32/PE32+ image. This code uses diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_non_sb_fallback.patch grub2-2.02~beta2/debian/patches/linuxefi_non_sb_fallback.patch --- grub2-2.02~beta2/debian/patches/linuxefi_non_sb_fallback.patch 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_non_sb_fallback.patch 2020-08-24 08:54:59.000000000 +0000 @@ -1,4 +1,4 @@ -From bbee35754c088eca0ffada3ed7457a2fe674de69 Mon Sep 17 00:00:00 2001 +From e022bb4a1aef299debfbb9dbe85413303d71e77f Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:20 +0000 Subject: If running under UEFI secure boot, attempt to use linuxefi loader @@ -9,28 +9,28 @@ Patch-Name: linuxefi_non_sb_fallback.patch --- - grub-core/loader/i386/efi/linux.c | 2 +- - grub-core/loader/i386/linux.c | 43 +++++++++++++++++++++++++++++++++++++++ + grub-core/loader/i386/efi/linux.c | 2 - + grub-core/loader/i386/linux.c | 43 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 1 deletion(-) -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index f764f49..88e2d34 100644 +Index: b/grub-core/loader/i386/efi/linux.c +=================================================================== --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c -@@ -234,7 +234,7 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), - - if (! grub_linuxefi_secure_validate (kernel, filelen)) +@@ -192,7 +192,7 @@ grub_cmd_linux (grub_command_t cmd __att + rc = grub_linuxefi_secure_validate (kernel, filelen); + if (rc < 0) { - grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); + grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), argv[0]); - grub_free (kernel); goto fail; } -diff --git a/grub-core/loader/i386/linux.c b/grub-core/loader/i386/linux.c -index 31fb91e..2380642 100644 + +Index: b/grub-core/loader/i386/linux.c +=================================================================== --- a/grub-core/loader/i386/linux.c +++ b/grub-core/loader/i386/linux.c -@@ -76,6 +76,8 @@ static grub_size_t maximal_cmdline_size; +@@ -77,6 +77,8 @@ static grub_size_t maximal_cmdline_size; static struct linux_kernel_params linux_params; static char *linux_cmdline; #ifdef GRUB_MACHINE_EFI @@ -39,7 +39,7 @@ static grub_efi_uintn_t efi_mmap_size; #else static const grub_size_t efi_mmap_size = 0; -@@ -690,6 +692,41 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)), +@@ -691,6 +693,41 @@ grub_cmd_linux (grub_command_t cmd __att grub_dl_ref (my_mod); @@ -81,7 +81,7 @@ if (argc == 0) { grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); -@@ -1052,6 +1089,12 @@ grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)), +@@ -1053,6 +1090,12 @@ grub_cmd_initrd (grub_command_t cmd __at grub_err_t err; struct grub_linux_initrd_context initrd_ctx; diff -Nru grub2-2.02~beta2/debian/patches/linuxefi.patch grub2-2.02~beta2/debian/patches/linuxefi.patch --- grub2-2.02~beta2/debian/patches/linuxefi.patch 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi.patch 2020-08-24 08:54:59.000000000 +0000 @@ -1,27 +1,27 @@ -From 275e1976bb46405ac6fc7e1da7d769dfebba9576 Mon Sep 17 00:00:00 2001 +From 5cd20151112bfde11cf3ed8b9920797d7cabe325 Mon Sep 17 00:00:00 2001 From: Matthew Garrett Date: Mon, 13 Jan 2014 12:13:15 +0000 Subject: Add "linuxefi" loader which avoids ExitBootServices Origin: vendor, http://pkgs.fedoraproject.org/cgit/grub2.git/tree/grub2-linuxefi.patch Forwarded: no -Last-Update: 2014-11-18 +Last-Update: 2016-09-19 Patch-Name: linuxefi.patch --- - grub-core/Makefile.core.def | 8 + - grub-core/kern/efi/mm.c | 32 ++++ - grub-core/loader/i386/efi/linux.c | 371 ++++++++++++++++++++++++++++++++++++++ - include/grub/efi/efi.h | 3 + - include/grub/i386/linux.h | 1 + - 5 files changed, 415 insertions(+) + grub-core/Makefile.core.def | 8 + grub-core/kern/efi/mm.c | 32 +++ + grub-core/loader/i386/efi/linux.c | 370 ++++++++++++++++++++++++++++++++++++++ + include/grub/efi/efi.h | 3 + include/grub/i386/linux.h | 1 + 5 files changed, 414 insertions(+) create mode 100644 grub-core/loader/i386/efi/linux.c -diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def -index c916246..8c246c6 100644 +Index: b/grub-core/Makefile.core.def +=================================================================== --- a/grub-core/Makefile.core.def +++ b/grub-core/Makefile.core.def -@@ -1706,6 +1706,14 @@ module = { +@@ -1731,6 +1731,14 @@ module = { }; module = { @@ -36,11 +36,11 @@ name = chain; efi = loader/efi/chainloader.c; i386_pc = loader/i386/pc/chainloader.c; -diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c -index be37afd..ddeca60 100644 +Index: b/grub-core/kern/efi/mm.c +=================================================================== --- a/grub-core/kern/efi/mm.c +++ b/grub-core/kern/efi/mm.c -@@ -49,6 +49,38 @@ static grub_efi_uintn_t finish_desc_size; +@@ -49,6 +49,38 @@ static grub_efi_uintn_t finish_desc_size static grub_efi_uint32_t finish_desc_version; int grub_efi_is_finished = 0; @@ -79,12 +79,11 @@ /* Allocate pages. Return the pointer to the first of allocated pages. */ void * grub_efi_allocate_pages (grub_efi_physical_address_t address, -diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -new file mode 100644 -index 0000000..ebaf1db +Index: b/grub-core/loader/i386/efi/linux.c +=================================================================== --- /dev/null +++ b/grub-core/loader/i386/efi/linux.c -@@ -0,0 +1,371 @@ +@@ -0,0 +1,370 @@ +/* + * GRUB -- GRand Unified Bootloader + * Copyright (C) 2012 Free Software Foundation, Inc. @@ -307,7 +306,6 @@ + if (! grub_linuxefi_secure_validate (kernel, filelen)) + { + grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); -+ grub_free (kernel); + goto fail; + } + @@ -323,7 +321,7 @@ + goto fail; + } + -+ memset (params, 0, 16384); ++ grub_memset (params, 0, 16384); + + if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh)) + { @@ -411,7 +409,7 @@ + lh.code32_start = (grub_uint32_t)(grub_addr_t) kernel_mem; + } + -+ memcpy(params, &lh, 2 * 512); ++ grub_memcpy (params, &lh, 2 * 512); + + params->type_of_loader = 0x21; + @@ -456,11 +454,11 @@ + grub_unregister_command (cmd_linux); + grub_unregister_command (cmd_initrd); +} -diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h -index db2169e..a000c38 100644 +Index: b/include/grub/efi/efi.h +=================================================================== --- a/include/grub/efi/efi.h +++ b/include/grub/efi/efi.h -@@ -40,6 +40,9 @@ void EXPORT_FUNC(grub_efi_stall) (grub_efi_uintn_t microseconds); +@@ -40,6 +40,9 @@ void EXPORT_FUNC(grub_efi_stall) (grub_e void * EXPORT_FUNC(grub_efi_allocate_pages) (grub_efi_physical_address_t address, grub_efi_uintn_t pages); @@ -470,8 +468,8 @@ void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address, grub_efi_uintn_t pages); int -diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h -index da0ca3b..fc36bda 100644 +Index: b/include/grub/i386/linux.h +=================================================================== --- a/include/grub/i386/linux.h +++ b/include/grub/i386/linux.h @@ -139,6 +139,7 @@ struct linux_kernel_header diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_re-enable_linux_cmd.patch grub2-2.02~beta2/debian/patches/linuxefi_re-enable_linux_cmd.patch --- grub2-2.02~beta2/debian/patches/linuxefi_re-enable_linux_cmd.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_re-enable_linux_cmd.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,37 @@ +From: Mathieu Trudel-Lapierre +Subject: Temporarily re-enable the generic linux loader + +We're currently relying on it and an automatic hand-off to linuxefi for EFI +booting; so we need the linux command to start to be able to do the hand-off +correctly. + +This is a temporary measure until we switch to calling linuxefi directly. + +--- + grub-core/loader/i386/linux.c | 6 ------ + 1 file changed, 6 deletions(-) + +Index: b/grub-core/loader/i386/linux.c +=================================================================== +--- a/grub-core/loader/i386/linux.c ++++ b/grub-core/loader/i386/linux.c +@@ -1138,9 +1138,6 @@ static grub_command_t cmd_linux, cmd_ini + + GRUB_MOD_INIT(linux) + { +- if (grub_efi_secure_boot()) +- return; +- + cmd_linux = grub_register_command ("linux", grub_cmd_linux, + 0, N_("Load Linux.")); + cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd, +@@ -1150,9 +1147,6 @@ GRUB_MOD_INIT(linux) + + GRUB_MOD_FINI(linux) + { +- if (grub_efi_secure_boot()) +- return; +- + grub_unregister_command (cmd_linux); + grub_unregister_command (cmd_initrd); + } diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_require_shim.patch grub2-2.02~beta2/debian/patches/linuxefi_require_shim.patch --- grub2-2.02~beta2/debian/patches/linuxefi_require_shim.patch 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_require_shim.patch 2020-08-24 08:54:59.000000000 +0000 @@ -1,4 +1,4 @@ -From f393f2edf39bc9fc12cd6e6dab6cd1e40b149ac2 Mon Sep 17 00:00:00 2001 +From 4224acc6c0fb2fdd86018b736fda19a7a21f3952 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 13 Jan 2014 12:13:19 +0000 Subject: Make linuxefi refuse to boot without shim @@ -14,7 +14,7 @@ 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c -index 2bf38fa..f764f49 100644 +index 1995a50..ff29316 100644 --- a/grub-core/loader/i386/efi/linux.c +++ b/grub-core/loader/i386/efi/linux.c @@ -63,7 +63,7 @@ grub_linuxefi_secure_validate (void *data, grub_uint32_t size) diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_rework_non-sb_cases.patch grub2-2.02~beta2/debian/patches/linuxefi_rework_non-sb_cases.patch --- grub2-2.02~beta2/debian/patches/linuxefi_rework_non-sb_cases.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_rework_non-sb_cases.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,378 @@ +From a741a53e352513787aadb6c933bf1e3bc1dbe83c Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Fri, 10 Jun 2016 14:06:15 -0400 +Subject: [PATCH] Rework even more of efi chainload so non-sb cases work right. + +This ensures that if shim protocol is not loaded, or is loaded but shim +is disabled, we will fall back to a correct load method for the efi +chain loader. + +Here's what I tested with this version: + +results expected actual +------------------------------------------------------------ +sb + enabled + shim + fedora success success +sb + enabled + shim + win success success +sb + enabled + grub + fedora fail fail +sb + enabled + grub + win fail fail + +sb + mokdisabled + shim + fedora success success +sb + mokdisabled + shim + win success success +sb + mokdisabled + grub + fedora fail fail +sb + mokdisabled + grub + win fail fail + +sb disabled + shim + fedora success success* +sb disabled + shim + win success success* +sb disabled + grub + fedora success success +sb disabled + grub + win success success + +nosb + shim + fedora success success* +nosb + shim + win success success* +nosb + grub + fedora success success +nosb + grub + win success success + +* for some reason shim protocol is being installed in these cases, and I + can't see why, but I think it may be this firmware build returning an + erroneous value. But this effectively falls back to the mokdisabled + behavior, which works correctly, and the presence of the "grub" (i.e. + no shim) tests effectively tests the desired behavior here. + +Resolves: rhbz#1344512 + +Signed-off-by: Peter Jones +--- + grub-core/kern/efi/sb.c | 14 +++- + grub-core/loader/arm64/linux.c | 4 - + grub-core/loader/efi/chainloader.c | 117 ++++++++++++++++++++++--------------- + grub-core/loader/efi/linux.c | 13 ++-- + grub-core/loader/i386/efi/linux.c | 7 +- + include/grub/efi/linux.h | 2 + 6 files changed, 98 insertions(+), 59 deletions(-) + +Index: b/grub-core/kern/efi/sb.c +=================================================================== +--- a/grub-core/kern/efi/sb.c ++++ b/grub-core/kern/efi/sb.c +@@ -36,14 +36,20 @@ grub_efi_secure_boot (void) + grub_efi_boolean_t ret = 0; + + secure_boot = grub_efi_get_variable("SecureBoot", &efi_var_guid, &datasize); +- + if (datasize != 1 || !secure_boot) +- goto out; ++ { ++ grub_dprintf ("secureboot", "No SecureBoot variable\n"); ++ goto out; ++ } ++ grub_dprintf ("secureboot", "SecureBoot: %d\n", *secure_boot); + + setup_mode = grub_efi_get_variable("SetupMode", &efi_var_guid, &datasize); +- + if (datasize != 1 || !setup_mode) +- goto out; ++ { ++ grub_dprintf ("secureboot", "No SetupMode variable\n"); ++ goto out; ++ } ++ grub_dprintf ("secureboot", "SetupMode: %d\n", *setup_mode); + + if (*secure_boot && !*setup_mode) + ret = 1; +Index: b/grub-core/loader/arm64/linux.c +=================================================================== +--- a/grub-core/loader/arm64/linux.c ++++ b/grub-core/loader/arm64/linux.c +@@ -253,6 +253,7 @@ grub_cmd_linux (grub_command_t cmd __att + grub_file_t file = 0; + struct grub_arm64_linux_kernel_header lh; + struct grub_arm64_linux_pe_header *pe; ++ int rc; + + grub_dl_ref (my_mod); + +@@ -297,7 +298,8 @@ grub_cmd_linux (grub_command_t cmd __att + + grub_dprintf ("linux", "kernel @ %p\n", kernel_addr); + +- if (!grub_linuxefi_secure_validate (kernel_addr, kernel_size)) ++ rc = grub_linuxefi_secure_validate (kernel_addr, kernel_size); ++ if (rc < 0) + { + grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); + goto fail; +Index: b/grub-core/loader/efi/chainloader.c +=================================================================== +--- a/grub-core/loader/efi/chainloader.c ++++ b/grub-core/loader/efi/chainloader.c +@@ -178,7 +178,6 @@ make_file_path (grub_efi_device_path_t * + /* Fill the file path for the directory. */ + d = (grub_efi_device_path_t *) ((char *) file_path + + ((char *) d - (char *) dp)); +- grub_efi_print_device_path (d); + copy_file_path ((grub_efi_file_path_device_path_t *) d, + dir_start, dir_end - dir_start); + +@@ -248,10 +247,9 @@ read_header (void *data, grub_efi_uint32 + grub_efi_status_t status; + + shim_lock = grub_efi_locate_protocol (&guid, NULL); +- + if (!shim_lock) + { +- grub_error (GRUB_ERR_BAD_ARGUMENT, "no shim lock protocol"); ++ grub_dprintf ("chain", "no shim lock protocol"); + return 0; + } + +@@ -276,7 +274,7 @@ read_header (void *data, grub_efi_uint32 + break; + } + +- return 0; ++ return -1; + } + + static void* +@@ -510,17 +508,24 @@ handle_image (void *data, grub_efi_uint3 + grub_uint32_t section_alignment; + grub_uint32_t buffer_size; + int found_entry_point = 0; ++ int rc; + + b = grub_efi_system_table->boot_services; + +- if (read_header (data, datasize, &context)) ++ rc = read_header (data, datasize, &context); ++ if (rc < 0) + { +- grub_dprintf ("chain", "Succeed to read header\n"); ++ grub_dprintf ("chain", "Failed to read header\n"); ++ goto error_exit; ++ } ++ else if (rc == 0) ++ { ++ grub_dprintf ("chain", "Secure Boot is not enabled\n"); ++ return 0; + } + else + { +- grub_dprintf ("chain", "Failed to read header\n"); +- goto error_exit; ++ grub_dprintf ("chain", "Header read without error\n"); + } + + /* +@@ -793,9 +798,55 @@ grub_secureboot_chainloader_unload (void + } + + static grub_err_t ++grub_load_and_start_image(void *boot_image) ++{ ++ grub_efi_boot_services_t *b; ++ grub_efi_status_t status; ++ grub_efi_loaded_image_t *loaded_image; ++ ++ b = grub_efi_system_table->boot_services; ++ ++ status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, ++ boot_image, fsize, &image_handle); ++ if (status != GRUB_EFI_SUCCESS) ++ { ++ if (status == GRUB_EFI_OUT_OF_RESOURCES) ++ grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources"); ++ else ++ grub_error (GRUB_ERR_BAD_OS, "cannot load image"); ++ return -1; ++ } ++ ++ /* LoadImage does not set a device handler when the image is ++ loaded from memory, so it is necessary to set it explicitly here. ++ This is a mess. */ ++ loaded_image = grub_efi_get_loaded_image (image_handle); ++ if (! loaded_image) ++ { ++ grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); ++ return -1; ++ } ++ loaded_image->device_handle = dev_handle; ++ ++ if (cmdline) ++ { ++ loaded_image->load_options = cmdline; ++ loaded_image->load_options_size = cmdline_len; ++ } ++ ++ return 0; ++} ++ ++static grub_err_t + grub_secureboot_chainloader_boot (void) + { +- handle_image ((void *)address, fsize); ++ int rc; ++ rc = handle_image ((void *)address, fsize); ++ if (rc == 0) ++ { ++ grub_load_and_start_image((void *)address); ++ } ++ + grub_loader_unset (); + return grub_errno; + } +@@ -809,9 +860,9 @@ grub_cmd_chainloader (grub_command_t cmd + grub_efi_boot_services_t *b; + grub_device_t dev = 0; + grub_efi_device_path_t *dp = 0; +- grub_efi_loaded_image_t *loaded_image; + char *filename; + void *boot_image = 0; ++ int rc; + + if (argc == 0) + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected")); +@@ -898,9 +949,6 @@ grub_cmd_chainloader (grub_command_t cmd + if (! file_path) + goto fail; + +- grub_printf ("file path: "); +- grub_efi_print_device_path (file_path); +- + fsize = grub_file_size (file); + if (!fsize) + { +@@ -975,50 +1023,27 @@ grub_cmd_chainloader (grub_command_t cmd + } + #endif + +- if (grub_linuxefi_secure_validate((void *)address, fsize)) ++ rc = grub_linuxefi_secure_validate((void *)(grub_addr_t)address, fsize); ++ grub_dprintf ("chain", "linuxefi_secure_validate: %d\n", rc); ++ if (rc > 0) + { + grub_file_close (file); + grub_loader_set (grub_secureboot_chainloader_boot, + grub_secureboot_chainloader_unload, 0); + return 0; + } +- +- status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path, +- boot_image, fsize, &image_handle); +- if (status != GRUB_EFI_SUCCESS) ++ else if (rc == 0) + { +- if (status == GRUB_EFI_OUT_OF_RESOURCES) +- grub_error (GRUB_ERR_OUT_OF_MEMORY, "out of resources"); +- else +- grub_error (GRUB_ERR_BAD_OS, "cannot load image"); +- +- goto fail; +- } +- +- /* LoadImage does not set a device handler when the image is +- loaded from memory, so it is necessary to set it explicitly here. +- This is a mess. */ +- loaded_image = grub_efi_get_loaded_image (image_handle); +- if (! loaded_image) +- { +- grub_error (GRUB_ERR_BAD_OS, "no loaded image available"); +- goto fail; ++ grub_load_and_start_image(boot_image); ++ grub_file_close (file); ++ grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); ++ return 0; + } +- loaded_image->device_handle = dev_handle; + + grub_file_close (file); ++ grub_device_close (dev); + +- if (cmdline) +- { +- loaded_image->load_options = cmdline; +- loaded_image->load_options_size = cmdline_len; +- } +- +- grub_loader_set (grub_chainloader_boot, grub_chainloader_unload, 0); +- return 0; +- +- fail: +- ++fail: + if (dev) + grub_device_close (dev); + +Index: b/grub-core/loader/efi/linux.c +=================================================================== +--- a/grub-core/loader/efi/linux.c ++++ b/grub-core/loader/efi/linux.c +@@ -33,21 +33,24 @@ struct grub_efi_shim_lock + }; + typedef struct grub_efi_shim_lock grub_efi_shim_lock_t; + +-grub_efi_boolean_t ++int + grub_linuxefi_secure_validate (void *data, grub_uint32_t size) + { + grub_efi_guid_t guid = SHIM_LOCK_GUID; + grub_efi_shim_lock_t *shim_lock; ++ grub_efi_status_t status; + + shim_lock = grub_efi_locate_protocol(&guid, NULL); +- ++ grub_dprintf ("secureboot", "shim_lock: %p\n", shim_lock); + if (!shim_lock) +- return 1; ++ return 0; + +- if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS) ++ status = shim_lock->verify(data, size); ++ grub_dprintf ("secureboot", "shim_lock->verify(): %ld\n", status); ++ if (status == GRUB_EFI_SUCCESS) + return 1; + +- return 0; ++ return -1; + } + + typedef void (*handover_func) (void *, grub_efi_system_table_t *, void *); +Index: b/grub-core/loader/i386/efi/linux.c +=================================================================== +--- a/grub-core/loader/i386/efi/linux.c ++++ b/grub-core/loader/i386/efi/linux.c +@@ -155,6 +155,7 @@ grub_cmd_linux (grub_command_t cmd __att + struct linux_kernel_header lh; + grub_ssize_t len, start, filelen; + void *kernel = NULL; ++ int rc; + + grub_dl_ref (my_mod); + +@@ -180,11 +181,13 @@ grub_cmd_linux (grub_command_t cmd __att + + if (grub_file_read (file, kernel, filelen) != filelen) + { +- grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), argv[0]); ++ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), ++ argv[0]); + goto fail; + } + +- if (! grub_linuxefi_secure_validate (kernel, filelen)) ++ rc = grub_linuxefi_secure_validate (kernel, filelen); ++ if (rc < 0) + { + grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]); + goto fail; +Index: b/include/grub/efi/linux.h +=================================================================== +--- a/include/grub/efi/linux.h ++++ b/include/grub/efi/linux.h +@@ -22,7 +22,7 @@ + #include + #include + +-grub_efi_boolean_t ++int + EXPORT_FUNC(grub_linuxefi_secure_validate) (void *data, grub_uint32_t size); + grub_err_t + EXPORT_FUNC(grub_efi_linux_boot) (void *kernel_address, grub_off_t offset, diff -Nru grub2-2.02~beta2/debian/patches/linuxefi_truncate_overlong_relocs.patch grub2-2.02~beta2/debian/patches/linuxefi_truncate_overlong_relocs.patch --- grub2-2.02~beta2/debian/patches/linuxefi_truncate_overlong_relocs.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/linuxefi_truncate_overlong_relocs.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,112 @@ +From 0785df0598ba00c074a087299cad1848396f7650 Mon Sep 17 00:00:00 2001 +From: Laszlo Ersek +Date: Wed, 23 Nov 2016 06:27:09 +0100 +Subject: efi/chainloader: truncate overlong relocation section + +The UEFI Windows 7 boot loader ("EFI/Microsoft/Boot/bootmgfw.efi", SHA1 +31b410e029bba87d2068c65a80b88882f9f8ea25) has inconsistent headers. + +Compare: + +> The Data Directory +> ... +> Entry 5 00000000000d9000 00000574 Base Relocation Directory [.reloc] + +Versus: + +> Sections: +> Idx Name Size VMA LMA File off ... +> ... +> 10 .reloc 00000e22 00000000100d9000 00000000100d9000 000a1800 ... + +That is, the size reported by the RelocDir entry (0x574) is smaller than +the virtual size of the .reloc section (0xe22). + +Quoting the grub2 debug log for the same: + +> chainloader.c:595: reloc_dir: 0xd9000 reloc_size: 0x00000574 +> chainloader.c:603: reloc_base: 0x7d208000 reloc_base_end: 0x7d208573 +> ... +> chainloader.c:620: Section 10 ".reloc" at 0x7d208000..0x7d208e21 +> chainloader.c:661: section is not reloc section? +> chainloader.c:663: rds: 0x00001000, vs: 00000e22 +> chainloader.c:664: base: 0x7d208000 end: 0x7d208e21 +> chainloader.c:666: reloc_base: 0x7d208000 reloc_base_end: 0x7d208573 +> chainloader.c:671: Section characteristics are 42000040 +> chainloader.c:673: Section virtual size: 00000e22 +> chainloader.c:675: Section raw_data size: 00001000 +> chainloader.c:678: Discarding section + +After hexdumping "bootmgfw.efi" and manually walking its relocation blocks +(yes, really), I determined that the (smaller) RelocDir value is correct. +The remaining area that extends up to the .reloc section size (== 0xe22 - +0x574 == 0x8ae bytes) exists as zero padding in the file. + +This zero padding shouldn't be passed to relocate_coff() for parsing. In +order to cope with it, split the handling of .reloc sections into the +following branches: + +- original case (equal size): original behavior (--> relocation + attempted), + +- overlong .reloc section (longer than reported by RelocDir): truncate the + section to the RelocDir size for the purposes of relocate_coff(), and + attempt relocation, + +- .reloc section is too short, or other checks fail: original behavior + (--> relocation not attempted). + +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1347291 +Signed-off-by: Laszlo Ersek +Patch-Name: linuxefi_truncate_overlong_relocs.patch +Last-Update: 2018-09-25 +--- + grub-core/loader/efi/chainloader.c | 26 +++++++++++++++++++++----- + 1 file changed, 21 insertions(+), 5 deletions(-) + +Index: grub2-2.02~beta2/grub-core/loader/efi/chainloader.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/efi/chainloader.c ++++ grub2-2.02~beta2/grub-core/loader/efi/chainloader.c +@@ -592,7 +592,7 @@ handle_image (void *data, grub_efi_uint3 + grub_dprintf ("chain", "reloc_base: %p reloc_base_end: %p\n", + reloc_base, reloc_base_end); + +- struct grub_pe32_section_table *reloc_section = NULL; ++ struct grub_pe32_section_table *reloc_section = NULL, fake_reloc_section; + + section = context.first_section; + for (i = 0; i < context.number_of_sections; i++, section++) +@@ -641,12 +641,28 @@ handle_image (void *data, grub_efi_uint3 + * made sense, and the VA and size match RelocDir's + * versions, then we believe in this section table. */ + if (section->raw_data_size && section->virtual_size && +- base && end && reloc_base == base && reloc_base_end == end) ++ base && end && reloc_base == base) + { +- grub_dprintf ("chain", " section is relocation section\n"); +- reloc_section = section; ++ if (reloc_base_end == end) ++ { ++ grub_dprintf ("chain", " section is relocation section\n"); ++ reloc_section = section; ++ } ++ else if (reloc_base_end && reloc_base_end < end) ++ { ++ /* Bogus virtual size in the reloc section -- RelocDir ++ * reported a smaller Base Relocation Directory. Decrease ++ * the section's virtual size so that it equal RelocDir's ++ * idea, but only for the purposes of relocate_coff(). */ ++ grub_dprintf ("chain", ++ " section is (overlong) relocation section\n"); ++ grub_memcpy (&fake_reloc_section, section, sizeof *section); ++ fake_reloc_section.virtual_size -= (end - reloc_base_end); ++ reloc_section = &fake_reloc_section; ++ } + } +- else ++ ++ if (!reloc_section) + { + grub_dprintf ("chain", " section is not reloc section?\n"); + grub_dprintf ("chain", " rds: 0x%08x, vs: %08x\n", diff -Nru grub2-2.02~beta2/debian/patches/misc-fix-invalid-char-strtol.patch grub2-2.02~beta2/debian/patches/misc-fix-invalid-char-strtol.patch --- grub2-2.02~beta2/debian/patches/misc-fix-invalid-char-strtol.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/misc-fix-invalid-char-strtol.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,31 @@ +From: Michael Chang +From: Aaron Miller +Subject: [PATCH 1/8] misc: fix invalid character recongition in strto*l + +Would previously allow digits larger than the base and didn't check that +subtracting the difference from 0-9 to lowercase letters for characters +larger than 9 didn't result in a value lower than 9, which allowed the +parses: ` = 9, _ = 8, ^ = 7, ] = 6, \ = 5, and [ = 4 +--- + grub-core/kern/misc.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +Index: b/grub-core/kern/misc.c +=================================================================== +--- a/grub-core/kern/misc.c ++++ b/grub-core/kern/misc.c +@@ -423,9 +423,13 @@ grub_strtoull (const char *str, char **e + if (digit > 9) + { + digit += '0' - 'a' + 10; +- if (digit >= (unsigned long) base) ++ /* digit <= 9 check is needed to keep chars larger than ++ '9' but less than 'a' from being read as numbers */ ++ if (digit >= (unsigned long) base || digit <= 9) + break; + } ++ if (digit >= (unsigned long) base) ++ break; + + found = 1; + diff -Nru grub2-2.02~beta2/debian/patches/net_add_grub_env_set_net_property.patch grub2-2.02~beta2/debian/patches/net_add_grub_env_set_net_property.patch --- grub2-2.02~beta2/debian/patches/net_add_grub_env_set_net_property.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/net_add_grub_env_set_net_property.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,179 @@ +From e4dbf247b656eb9577020af653ff37159fc340f2 Mon Sep 17 00:00:00 2001 +From: Paulo Flabiano Smorigo +Date: Tue, 4 Feb 2014 18:41:38 -0200 +Subject: add grub_env_set_net_property function + +* grub-core/net/bootp.c: Remove set_env_limn_ro. +* grub-core/net/net.c: Add grub_env_set_net_property. +* include/grub/net.h: Likewise. +--- + grub-core/net/bootp.c | 63 ++++++++++++-------------------------------------- + grub-core/net/net.c | 38 ++++++++++++++++++++++++++++++ + include/grub/net.h | 4 +++ + 3 files changed, 58 insertions(+), 47 deletions(-) + +Index: b/grub-core/net/bootp.c +=================================================================== +--- a/grub-core/net/bootp.c ++++ b/grub-core/net/bootp.c +@@ -25,41 +25,6 @@ + #include + #include + +-static char * +-grub_env_write_readonly (struct grub_env_var *var __attribute__ ((unused)), +- const char *val __attribute__ ((unused))) +-{ +- return NULL; +-} +- +-static void +-set_env_limn_ro (const char *intername, const char *suffix, +- const char *value, grub_size_t len) +-{ +- char *varname, *varvalue; +- char *ptr; +- varname = grub_xasprintf ("net_%s_%s", intername, suffix); +- if (!varname) +- return; +- for (ptr = varname; *ptr; ptr++) +- if (*ptr == ':') +- *ptr = '_'; +- varvalue = grub_malloc (len + 1); +- if (!varvalue) +- { +- grub_free (varname); +- return; +- } +- +- grub_memcpy (varvalue, value, len); +- varvalue[len] = 0; +- grub_env_set (varname, varvalue); +- grub_register_variable_hook (varname, 0, grub_env_write_readonly); +- grub_env_export (varname); +- grub_free (varname); +- grub_free (varvalue); +-} +- + static void + parse_dhcp_vendor (const char *name, const void *vend, int limit, int *mask) + { +@@ -136,20 +101,24 @@ parse_dhcp_vendor (const char *name, con + } + continue; + case GRUB_NET_BOOTP_HOSTNAME: +- set_env_limn_ro (name, "hostname", (const char *) ptr, taglength); +- break; ++ grub_env_set_net_property (name, "hostname", (const char *) ptr, ++ taglength); ++ break; + + case GRUB_NET_BOOTP_DOMAIN: +- set_env_limn_ro (name, "domain", (const char *) ptr, taglength); +- break; ++ grub_env_set_net_property (name, "domain", (const char *) ptr, ++ taglength); ++ break; + + case GRUB_NET_BOOTP_ROOT_PATH: +- set_env_limn_ro (name, "rootpath", (const char *) ptr, taglength); +- break; ++ grub_env_set_net_property (name, "rootpath", (const char *) ptr, ++ taglength); ++ break; + + case GRUB_NET_BOOTP_EXTENSIONS_PATH: +- set_env_limn_ro (name, "extensionspath", (const char *) ptr, taglength); +- break; ++ grub_env_set_net_property (name, "extensionspath", (const char *) ptr, ++ taglength); ++ break; + + /* If you need any other options please contact GRUB + development team. */ +@@ -211,8 +180,8 @@ grub_net_configure_by_dhcp_ack (const ch + } + + if (size > OFFSET_OF (boot_file, bp)) +- set_env_limn_ro (name, "boot_file", (char *) bp->boot_file, +- sizeof (bp->boot_file)); ++ grub_env_set_net_property (name, "boot_file", bp->boot_file, ++ sizeof (bp->boot_file)); + if (is_def) + grub_net_default_server = 0; + if (is_def && !grub_net_default_server && bp->server_ip) +@@ -243,8 +212,8 @@ grub_net_configure_by_dhcp_ack (const ch + if (size > OFFSET_OF (server_name, bp) + && bp->server_name[0]) + { +- set_env_limn_ro (name, "dhcp_server_name", (char *) bp->server_name, +- sizeof (bp->server_name)); ++ grub_env_set_net_property (name, "dhcp_server_name", bp->server_name, ++ sizeof (bp->server_name)); + if (is_def && !grub_net_default_server) + { + grub_net_default_server = grub_strdup (bp->server_name); +Index: b/grub-core/net/net.c +=================================================================== +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -1470,6 +1470,44 @@ receive_packets (struct grub_net_card *c + grub_print_error (); + } + ++static char * ++grub_env_write_readonly (struct grub_env_var *var __attribute__ ((unused)), ++ const char *val __attribute__ ((unused))) ++{ ++ return NULL; ++} ++ ++grub_err_t ++grub_env_set_net_property (const char *intername, const char *suffix, ++ const char *value, grub_size_t len) ++{ ++ char *varname, *varvalue; ++ char *ptr; ++ ++ varname = grub_xasprintf ("net_%s_%s", intername, suffix); ++ if (!varname) ++ return grub_errno; ++ for (ptr = varname; *ptr; ptr++) ++ if (*ptr == ':') ++ *ptr = '_'; ++ varvalue = grub_malloc (len + 1); ++ if (!varvalue) ++ { ++ grub_free (varname); ++ return grub_errno; ++ } ++ ++ grub_memcpy (varvalue, value, len); ++ varvalue[len] = 0; ++ grub_err_t ret = grub_env_set (varname, varvalue); ++ grub_register_variable_hook (varname, 0, grub_env_write_readonly); ++ grub_env_export (varname); ++ grub_free (varname); ++ grub_free (varvalue); ++ ++ return ret; ++} ++ + void + grub_net_poll_cards (unsigned time, int *stop_condition) + { +Index: b/include/grub/net.h +=================================================================== +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -503,6 +503,10 @@ grub_net_addr_to_str (const grub_net_net + void + grub_net_hwaddr_to_str (const grub_net_link_level_address_t *addr, char *str); + ++grub_err_t ++grub_env_set_net_property (const char *intername, const char *suffix, ++ const char *value, grub_size_t len); ++ + void + grub_net_poll_cards (unsigned time, int *stop_condition); + diff -Nru grub2-2.02~beta2/debian/patches/net_read_bracketed_ipv6_addr.patch grub2-2.02~beta2/debian/patches/net_read_bracketed_ipv6_addr.patch --- grub2-2.02~beta2/debian/patches/net_read_bracketed_ipv6_addr.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/net_read_bracketed_ipv6_addr.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,248 @@ +From: Michael Chang +From: Aaron Miller +Subject: [PATCH 2/8] net: read bracketed ipv6 addrs and port numbers + +Allow specifying port numbers for http and tftp paths, and allow ipv6 addresses +to be recognized with brackets around them, which is required to specify a port +number +--- + grub-core/net/http.c | 21 ++++++++++-- + grub-core/net/net.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++--- + grub-core/net/tftp.c | 6 ++- + include/grub/net.h | 1 + 4 files changed, 105 insertions(+), 9 deletions(-) + +Index: b/grub-core/net/http.c +=================================================================== +--- a/grub-core/net/http.c ++++ b/grub-core/net/http.c +@@ -312,12 +312,14 @@ http_establish (struct grub_file *file, + int i; + struct grub_net_buff *nb; + grub_err_t err; ++ char* server = file->device->net->server; ++ int port = file->device->net->port; + + nb = grub_netbuff_alloc (GRUB_NET_TCP_RESERVE_SIZE + + sizeof ("GET ") - 1 + + grub_strlen (data->filename) + + sizeof (" HTTP/1.1\r\nHost: ") - 1 +- + grub_strlen (file->device->net->server) ++ + grub_strlen (server) + sizeof (":XXXXXXXXXX") + + sizeof ("\r\nUser-Agent: " PACKAGE_STRING + "\r\n") - 1 + + sizeof ("Range: bytes=XXXXXXXXXXXXXXXXXXXX" +@@ -356,7 +358,7 @@ http_establish (struct grub_file *file, + sizeof (" HTTP/1.1\r\nHost: ") - 1); + + ptr = nb->tail; +- err = grub_netbuff_put (nb, grub_strlen (file->device->net->server)); ++ err = grub_netbuff_put (nb, grub_strlen (server)); + if (err) + { + grub_netbuff_free (nb); +@@ -365,6 +367,15 @@ http_establish (struct grub_file *file, + grub_memcpy (ptr, file->device->net->server, + grub_strlen (file->device->net->server)); + ++ if (port) ++ { ++ ptr = nb->tail; ++ grub_snprintf ((char *) ptr, ++ sizeof (":XXXXXXXXXX"), ++ ":%d", ++ port); ++ } ++ + ptr = nb->tail; + err = grub_netbuff_put (nb, + sizeof ("\r\nUser-Agent: " PACKAGE_STRING "\r\n") +@@ -391,8 +402,10 @@ http_establish (struct grub_file *file, + grub_netbuff_put (nb, 2); + grub_memcpy (ptr, "\r\n", 2); + +- data->sock = grub_net_tcp_open (file->device->net->server, +- HTTP_PORT, http_receive, ++ grub_dprintf ("http", "opening path %s on host %s TCP port %d\n", ++ data->filename, server, port ? port : HTTP_PORT); ++ data->sock = grub_net_tcp_open (server, ++ port ? port : HTTP_PORT, http_receive, + http_err, http_err, + file); + if (!data->sock) +Index: b/grub-core/net/net.c +=================================================================== +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -437,6 +437,12 @@ parse_ip6 (const char *val, grub_uint64_ + grub_uint16_t newip[8]; + const char *ptr = val; + int word, quaddot = -1; ++ int bracketed = 0; ++ ++ if (ptr[0] == '[') { ++ bracketed = 1; ++ ptr++; ++ } + + if (ptr[0] == ':' && ptr[1] != ':') + return 0; +@@ -475,6 +481,9 @@ parse_ip6 (const char *val, grub_uint64_ + grub_memset (&newip[quaddot], 0, (7 - word) * sizeof (newip[0])); + } + grub_memcpy (ip, newip, 16); ++ if (bracketed && *ptr == ']') { ++ ptr++; ++ } + if (rest) + *rest = ptr; + return 1; +@@ -1260,8 +1269,10 @@ grub_net_open_real (const char *name) + { + grub_net_app_level_t proto; + const char *protname, *server; ++ char *host; + grub_size_t protnamelen; + int try; ++ int port = 0; + + if (grub_strncmp (name, "pxe:", sizeof ("pxe:") - 1) == 0) + { +@@ -1299,6 +1310,72 @@ grub_net_open_real (const char *name) + return NULL; + } + ++ char* port_start; ++ /* ipv6 or port specified? */ ++ if ((port_start = grub_strchr (server, ':'))) ++ { ++ char* ipv6_begin; ++ if((ipv6_begin = grub_strchr (server, '['))) ++ { ++ char* ipv6_end = grub_strchr (server, ']'); ++ if(!ipv6_end) ++ { ++ grub_error (GRUB_ERR_NET_BAD_ADDRESS, ++ N_("mismatched [ in address")); ++ return NULL; ++ } ++ /* port number after bracketed ipv6 addr */ ++ if(ipv6_end[1] == ':') ++ { ++ port = grub_strtoul (ipv6_end + 2, NULL, 10); ++ if(port > 65535) ++ { ++ grub_error (GRUB_ERR_NET_BAD_ADDRESS, ++ N_("bad port number")); ++ return NULL; ++ } ++ } ++ host = grub_strndup (ipv6_begin, (ipv6_end - ipv6_begin) + 1); ++ } ++ else ++ { ++ if (grub_strchr (port_start + 1, ':')) ++ { ++ int iplen = grub_strlen (server); ++ /* bracket bare ipv6 addrs */ ++ host = grub_malloc (iplen + 3); ++ if(!host) ++ { ++ return NULL; ++ } ++ host[0] = '['; ++ grub_memcpy (host + 1, server, iplen); ++ host[iplen + 1] = ']'; ++ host[iplen + 2] = '\0'; ++ } ++ else ++ { ++ /* hostname:port or ipv4:port */ ++ port = grub_strtol (port_start + 1, NULL, 10); ++ if(port > 65535) ++ { ++ grub_error (GRUB_ERR_NET_BAD_ADDRESS, ++ N_("bad port number")); ++ return NULL; ++ } ++ host = grub_strndup (server, port_start - server); ++ } ++ } ++ } ++ else ++ { ++ host = grub_strdup (server); ++ } ++ if (!host) ++ { ++ return NULL; ++ } ++ + for (try = 0; try < 2; try++) + { + FOR_NET_APP_LEVEL (proto) +@@ -1308,11 +1385,10 @@ grub_net_open_real (const char *name) + { + grub_net_t ret = grub_zalloc (sizeof (*ret)); + if (!ret) +- return NULL; +- ret->protocol = proto; +- if (server) ++ grub_free (host); ++ if (host) + { +- ret->server = grub_strdup (server); ++ ret->server = grub_strdup (host); + if (!ret->server) + { + grub_free (ret); +@@ -1321,6 +1397,8 @@ grub_net_open_real (const char *name) + } + else + ret->server = NULL; ++ ret->protocol = proto; ++ ret->port = port; + ret->fs = &grub_net_fs; + ret->offset = 0; + ret->eof = 0; +Index: b/grub-core/net/tftp.c +=================================================================== +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -314,6 +314,7 @@ tftp_open (struct grub_file *file, const + grub_err_t err; + grub_uint8_t *nbd; + grub_net_network_level_address_t addr; ++ int port = file->device->net->port; + + data = grub_zalloc (sizeof (*data)); + if (!data) +@@ -373,12 +374,15 @@ tftp_open (struct grub_file *file, const + err = grub_net_resolve_address (file->device->net->server, &addr); + if (err) + { ++ grub_dprintf ("tftp", "file_size is %llu, block_size is %llu\n", ++ (unsigned long long)data->file_size, ++ (unsigned long long)data->block_size); + destroy_pq (data); + return err; + } + + data->sock = grub_net_udp_open (addr, +- TFTP_SERVER_PORT, tftp_receive, ++ port ? port : TFTP_SERVER_PORT, tftp_receive, + file); + if (!data->sock) + { +Index: b/include/grub/net.h +=================================================================== +--- a/include/grub/net.h ++++ b/include/grub/net.h +@@ -270,6 +270,7 @@ typedef struct grub_net + { + char *server; + char *name; ++ int port; + grub_net_app_level_t protocol; + grub_net_packets_t packs; + grub_off_t offset; diff -Nru grub2-2.02~beta2/debian/patches/R_X86_64_PLT32.patch grub2-2.02~beta2/debian/patches/R_X86_64_PLT32.patch --- grub2-2.02~beta2/debian/patches/R_X86_64_PLT32.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/R_X86_64_PLT32.patch 2021-02-24 19:59:33.000000000 +0000 @@ -0,0 +1,63 @@ +From 02702bdfe14d8a04643a45b03715f734ae34dbac Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Sat, 17 Feb 2018 06:47:28 -0800 +Subject: x86-64: Treat R_X86_64_PLT32 as R_X86_64_PC32 + +Starting from binutils commit bd7ab16b4537788ad53521c45469a1bdae84ad4a: + +https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd7ab16b4537788ad53521c45469a1bdae84ad4a + +x86-64 assembler generates R_X86_64_PLT32, instead of R_X86_64_PC32, for +32-bit PC-relative branches. Grub2 should treat R_X86_64_PLT32 as +R_X86_64_PC32. + +Signed-off-by: H.J. Lu +Reviewed-by: Daniel Kiper + +Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=842c390469e2c2e10b5aa36700324cd3bde25875 +Last-Update: 2018-07-30 + +Patch-Name: R_X86_64_PLT32.patch +--- + grub-core/efiemu/i386/loadcore64.c | 1 + + grub-core/kern/x86_64/dl.c | 1 + + util/grub-mkimagexx.c | 1 + + util/grub-module-verifier.c | 1 + + 4 files changed, 4 insertions(+) + +Index: grub2-2.02~beta2/grub-core/efiemu/i386/loadcore64.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/efiemu/i386/loadcore64.c ++++ grub2-2.02~beta2/grub-core/efiemu/i386/loadcore64.c +@@ -98,6 +98,7 @@ grub_arch_efiemu_relocate_symbols64 (gru + break; + + case R_X86_64_PC32: ++ case R_X86_64_PLT32: + err = grub_efiemu_write_value (addr, + *addr32 + rel->r_addend + + sym.off +Index: grub2-2.02~beta2/grub-core/kern/x86_64/dl.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/kern/x86_64/dl.c ++++ grub2-2.02~beta2/grub-core/kern/x86_64/dl.c +@@ -70,6 +70,7 @@ grub_arch_dl_relocate_symbols (grub_dl_t + break; + + case R_X86_64_PC32: ++ case R_X86_64_PLT32: + { + grub_int64_t value; + value = ((grub_int32_t) *addr32) + rel->r_addend + sym->st_value - +Index: grub2-2.02~beta2/util/grub-mkimagexx.c +=================================================================== +--- grub2-2.02~beta2.orig/util/grub-mkimagexx.c ++++ grub2-2.02~beta2/util/grub-mkimagexx.c +@@ -706,6 +706,7 @@ SUFFIX (relocate_addresses) (Elf_Ehdr *e + break; + + case R_X86_64_PC32: ++ case R_X86_64_PLT32: + { + grub_uint32_t *t32 = (grub_uint32_t *) target; + *t32 = grub_host_to_target64 (grub_target_to_host32 (*t32) diff -Nru grub2-2.02~beta2/debian/patches/series grub2-2.02~beta2/debian/patches/series --- grub2-2.02~beta2/debian/patches/series 2016-03-15 18:14:40.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/series 2021-04-30 12:33:17.000000000 +0000 @@ -21,8 +21,16 @@ uefi_firmware_setup.patch mkconfig_ubuntu_distributor.patch linuxefi.patch +linuxefi_backport_arm64.patch +linuxefi_arm_sb_support.patch +linuxefi_fix_validation_race.patch +linuxefi_chainloader_path.patch +linuxefi_chainloader_sb.patch +linuxefi_loaders_enforce_sb.patch +linuxefi_re-enable_linux_cmd.patch +linuxefi_chainloader_pe_fixes.patch +linuxefi_rework_non-sb_cases.patch linuxefi_debug.patch -linuxefi_require_shim.patch linuxefi_non_sb_fallback.patch mkconfig_signed_kernel.patch install_signed.patch @@ -72,7 +80,6 @@ fix_diskfilter_lv_name_dblfree.patch fix_disk-module_option_handling.patch ppc64el-avoid_unnecessary_optimizations.patch -arm64-set-correct-length-of-device-path-end-entry.patch progress_avoid_null_deref.patch arm64-setjmp-Add-missing-license-macro.patch xfs-fix-directory-iteration.patch @@ -98,3 +105,67 @@ zfs-extensible-dataset-large-blocks.patch 0099-Work-around-unsupported-relocations-on-arm64.patch arm-efi-Reduce-timer-event-frequency-by-10.patch +ip6_send_router_solicitation_7c4b6b7b.patch +ip6_fix_routing_eb9f401f.patch +misc-fix-invalid-char-strtol.patch +net_add_grub_env_set_net_property.patch +net_read_bracketed_ipv6_addr.patch +bootp_new_net_bootp6_command.patch +efinet_uefi_ipv6_pxe_support.patch +bootp_process_dhcpack_http_boot.patch +efinet_set_network_from_uefi_devpath.patch +efinet_set_dns_from_uefi_proto.patch +git_tsc_use_alt_delay_sources_d43a5ee6.patch +git_split_pmtimer_wait_tsc_d9a3bfea.patch +git_fix_tsc_calibration_pit_a03c1034.patch +support_initrd-less_boot.patch +git_pmem_really_mark_mem_reserved_3d2c8048.patch +git_pmem_translate_persistent_type_76ce1de7.patch +git_pmem_mmap_handle_pmem_c79c59f1.patch +git_pmem_efiemu_handle_pmem_ae3b83a4.patch +Fix-exit-to-EFI-firmware.patch +tsc_efi_default_to_pmtimer.patch +Use-EFI_SIMPLE_TEXT_INPUT_EX-to-support-key-combinat.patch +efi-fix-warnings-with-recent-GCC.patch +zpool_full_device_name.patch +efinet_check_imm_completion.patch +efinet_handle_buggy_get_status.patch +0001-i386-linux-Add-support-for-ext_lfb_base.patch +linuxefi_fix_relocate_coff.patch +linuxefi_truncate_overlong_relocs.patch +squash4-fix-fragments-and-sparse-files.patch +skip_text_gfxpayload_where_not_supported.patch +fix_booting_for_large_root_volumes.patch +0082-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch +0083-safemath-Add-some-arithmetic-primitives-that-check-f.patch +0084-calloc-Make-sure-we-always-have-an-overflow-checking.patch +0085-calloc-Use-calloc-at-most-places.patch +0086-malloc-Use-overflow-checking-primitives-where-we-do-.patch +0087-iso9660-Don-t-leak-memory-on-realloc-failures.patch +0088-font-Do-not-load-more-than-one-NAME-section.patch +0089-gfxmenu-Fix-double-free-in-load_image.patch +0090-lzma-Make-sure-we-don-t-dereference-past-array.patch +0091-tftp-Do-not-use-priority-queue.patch +0092-script-Remove-unused-fields-from-grub_script_functio.patch +0093-script-Avoid-a-use-after-free-when-redefining-a-func.patch +0094-hfsplus-fix-two-more-overflows.patch +0095-lvm-fix-two-more-potential-data-dependent-alloc-over.patch +0096-efi-fix-some-malformed-device-path-arithmetic-errors.patch +linuxefi_disable_sb_fallback.patch +ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch +ubuntu-Update-the-linux-boot-protocol-version-check.patch +0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch +0098-Fix-a-regression-caused-by-efi-fix-some-malformed-de.patch +0100-chainloader-Avoid-a-double-free-when-validation-fail.patch +0101-relocator-Protect-grub_relocator_alloc_chunk_addr-in.patch +0102-relocator-Protect-grub_relocator_alloc_chunk_align-m.patch +0103-relocator-Fix-grub_relocator_alloc_chunk_align-top-m.patch +0104-linux-loader-avoid-overflow-on-initrd-size-calculati.patch +0105-linux-Fix-integer-overflows-in-initrd-size-handling.patch +0106-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch +ubuntu-flavour-order.patch +ubuntu-recovery-dis_ucode_ldr.patch +ubuntu-linuxefi-arm64-set-base-addr.patch +tftp-rollover-block-counter.patch +R_X86_64_PLT32.patch +arm64-Add-support-for-relocations-needed-for-linaro-gcc.patch diff -Nru grub2-2.02~beta2/debian/patches/skip_text_gfxpayload_where_not_supported.patch grub2-2.02~beta2/debian/patches/skip_text_gfxpayload_where_not_supported.patch --- grub2-2.02~beta2/debian/patches/skip_text_gfxpayload_where_not_supported.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/skip_text_gfxpayload_where_not_supported.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,35 @@ +From 93befb2195838a727bc76d364d8da7c671520098 Mon Sep 17 00:00:00 2001 +From: Mathieu Trudel-Lapierre +Date: Fri, 9 Feb 2018 11:14:35 -0500 +Subject: video: skip 'text' gfxpayload if not supported, to fallback to + default + +On UEFI, 'text' gfxpayload is not supported, but we still reach parse_modespec +with it, which will obviously fail. Fortunately, whatever gfxpayload is set, +we still still have the 'auto' default to fall back to. Allow getting to this +fallback by not trying to parse 'text' as a modespec. + +This is because 'text' correctly doesn't parse as a modespec, and ought to have +been ignored before we got to that point, just like it is immediately picked if +we're running on a system where 'text' is a supported video mode. + +Signed-off-by: Mathieu Trudel-Lapierre + +Patch-Name: skip_text_gfxpayload_where_not_supported.patch +--- + grub-core/video/video.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/grub-core/video/video.c b/grub-core/video/video.c +index f252663c1..983424107 100644 +--- a/grub-core/video/video.c ++++ b/grub-core/video/video.c +@@ -663,6 +663,8 @@ grub_video_set_mode (const char *modestring, + + return GRUB_ERR_NONE; + } ++ else ++ continue; + } + + err = parse_modespec (current_mode, &width, &height, &depth); diff -Nru grub2-2.02~beta2/debian/patches/squash4-fix-fragments-and-sparse-files.patch grub2-2.02~beta2/debian/patches/squash4-fix-fragments-and-sparse-files.patch --- grub2-2.02~beta2/debian/patches/squash4-fix-fragments-and-sparse-files.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/squash4-fix-fragments-and-sparse-files.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,127 @@ +From 951306c5094d2bfb46d5baedfde84a2015c4a3fa Mon Sep 17 00:00:00 2001 +From: Andrei Borzenkov +Date: Fri, 24 Feb 2017 19:10:43 +0300 +Subject: squash4: fix handling of fragments and sparse files + +1. Do not assume block list and fragment are mutually exclusive. Squash +can pack file tail as fragment (unless -no-fragments is specified); so +check read offset and read either from block list or from fragments as +appropriate. + +2. Support sparse files with zero blocks. + +3. Fix fragment read - frag.offset is absolute fragment position, +not offset relative to ino.chunk. + +Reported and tested by Carlo Caione + +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1820898 +Patch-Name: squash4-fix-fragments-and-sparse-files.patch +Last-Update: 2019-03-20 +--- + grub-core/fs/squash4.c | 57 +++++++++++++++++++++++++++--------------- + 1 file changed, 37 insertions(+), 20 deletions(-) + +diff --git a/grub-core/fs/squash4.c b/grub-core/fs/squash4.c +index b97b34440..2c967c65a 100644 +--- a/grub-core/fs/squash4.c ++++ b/grub-core/fs/squash4.c +@@ -823,7 +823,12 @@ + curread = data->blksz - boff; + if (curread > len) + curread = len; +- if (!(ino->block_sizes[i] ++ if (!ino->block_sizes[i]) ++ { ++ /* Sparse block */ ++ grub_memset (buf, '\0', curread); ++ } ++ else if (!(ino->block_sizes[i] + & grub_cpu_to_le32_compile_time (SQUASH_BLOCK_UNCOMPRESSED))) + { + char *block; +@@ -873,36 +878,57 @@ + + + static grub_ssize_t +-grub_squash_read_data (struct grub_squash_data *data, +- struct grub_squash_cache_inode *ino, +- grub_off_t off, char *buf, grub_size_t len) ++grub_squash_read (grub_file_t file, char *buf, grub_size_t len) + { ++ struct grub_squash_data *data = file->data; ++ struct grub_squash_cache_inode *ino = &data->ino; ++ grub_off_t off = file->offset; + grub_err_t err; +- grub_uint64_t a = 0, b; ++ grub_uint64_t a, b; + grub_uint32_t fragment = 0; + int compressed = 0; + struct grub_squash_frag_desc frag; ++ grub_off_t direct_len; ++ grub_uint64_t mask = grub_le_to_cpu32 (data->sb.block_size) - 1; ++ grub_size_t orig_len = len; + + switch (ino->ino.type) + { + case grub_cpu_to_le16_compile_time (SQUASH_TYPE_LONG_REGULAR): +- a = grub_le_to_cpu64 (ino->ino.long_file.chunk); + fragment = grub_le_to_cpu32 (ino->ino.long_file.fragment); + break; + case grub_cpu_to_le16_compile_time (SQUASH_TYPE_REGULAR): +- a = grub_le_to_cpu32 (ino->ino.file.chunk); + fragment = grub_le_to_cpu32 (ino->ino.file.fragment); + break; + } + +- if (fragment == 0xffffffff) +- return direct_read (data, ino, off, buf, len); ++ /* Squash may pack file tail as fragment. So read initial part directly and ++ get tail from fragments */ ++ direct_len = fragment == 0xffffffff ? file->size : file->size & ~mask; ++ if (off < direct_len) ++ { ++ grub_size_t read_len = direct_len - off; ++ grub_ssize_t res; ++ ++ if (read_len > len) ++ read_len = len; ++ res = direct_read (data, ino, off, buf, read_len); ++ if ((grub_size_t) res != read_len) ++ return -1; /* FIXME: is short read possible here? */ ++ len -= read_len; ++ if (!len) ++ return read_len; ++ buf += read_len; ++ off = 0; ++ } ++ else ++ off -= direct_len; + + err = read_chunk (data, &frag, sizeof (frag), + data->fragments, sizeof (frag) * fragment); + if (err) + return -1; +- a += grub_le_to_cpu64 (frag.offset); ++ a = grub_le_to_cpu64 (frag.offset); + compressed = !(frag.size & grub_cpu_to_le32_compile_time (SQUASH_BLOCK_UNCOMPRESSED)); + if (ino->ino.type == grub_cpu_to_le16_compile_time (SQUASH_TYPE_LONG_REGULAR)) + b = grub_le_to_cpu32 (ino->ino.long_file.offset) + off; +@@ -943,16 +969,7 @@ + if (err) + return -1; + } +- return len; +-} +- +-static grub_ssize_t +-grub_squash_read (grub_file_t file, char *buf, grub_size_t len) +-{ +- struct grub_squash_data *data = file->data; +- +- return grub_squash_read_data (data, &data->ino, +- file->offset, buf, len); ++ return orig_len; + } + + static grub_err_t diff -Nru grub2-2.02~beta2/debian/patches/support_initrd-less_boot.patch grub2-2.02~beta2/debian/patches/support_initrd-less_boot.patch --- grub2-2.02~beta2/debian/patches/support_initrd-less_boot.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/support_initrd-less_boot.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,82 @@ +From 2ab7163936ead20f940be9bd7a9ad3280b8367d9 Mon Sep 17 00:00:00 2001 +From: Chris Glass +Date: Thu, 10 Nov 2016 13:44:25 -0500 +Subject: Added knobs to allow non-initrd boot config + +Added GRUB_FORCE_PARTUUID and GRUB_DISABLE_INITRD configuration knobs to allow +users to generate grub menu entries that boot directly to the kernel, without +using an initramfs. + +Signed-off-by: Mathieu Trudel-Lapierre + +Patch-Name: support_initrd-less_boot.patch +--- + docs/grub.texi | 13 +++++++++++++ + util/grub-mkconfig.in | 4 +++- + util/grub.d/10_linux.in | 12 +++++++++--- + 3 files changed, 25 insertions(+), 4 deletions(-) + +Index: b/docs/grub.texi +=================================================================== +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -1509,6 +1509,19 @@ This option sets the English text of the + parentheses to indicate that a boot option is provided to help users recover + a broken system. The default is "recovery mode". + ++@item GRUB_FORCE_PARTUUID ++This option forces the root disk entry to be the specified PARTUUID instead ++of whatever would be used instead. This is useful when you control the ++partitioning of the disk but cannot guarantee what the actual hardware ++will be, for example in virtual machine images. ++Setting this option to @samp{12345678-01} will produce: ++root=PARTUUID=12345678-01 ++ ++@item GRUB_DISABLE_INITRD ++Then set to @samp{true}, this option prevents an initrd to be used at boot ++time, regardless of whether one is detected or not. @command{grub-mkconfig} ++will therefore not generate any initrd lines. ++ + @end table + + The following options are still accepted for compatibility with existing +Index: b/util/grub-mkconfig.in +=================================================================== +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -242,7 +242,9 @@ export GRUB_DEFAULT \ + GRUB_OS_PROBER_SKIP_LIST \ + GRUB_DISABLE_SUBMENU \ + GRUB_RECORDFAIL_TIMEOUT \ +- GRUB_RECOVERY_TITLE ++ GRUB_RECOVERY_TITLE \ ++ GRUB_FORCE_PARTUUID \ ++ GRUB_DISABLE_INITRD + + if test "x${grub_cfg}" != "x"; then + rm -f "${grub_cfg}.new" +Index: b/util/grub.d/10_linux.in +=================================================================== +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -177,11 +177,17 @@ EOF + linux ${rel_dirname}/${basename}.efi.signed root=${linux_root_device_thisversion} ro ${args} + EOF + else +- sed "s/^/$submenu_indentation/" << EOF +- linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} ++ if [ x"$GRUB_FORCE_PARTUUID" = x ]; then ++ sed "s/^/$submenu_indentation/" << EOF ++ linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args} + EOF ++ else ++ sed "s/^/$submenu_indentation/" << EOF ++ linux ${rel_dirname}/${basename} root=PARTUUID=${GRUB_FORCE_PARTUUID} ro ${args} ++EOF ++ fi + fi +- if test -n "${initrd}" ; then ++ if test -n "${initrd}" && [ x"$GRUB_DISABLE_INITRD" != xtrue ]; then + # TRANSLATORS: ramdisk isn't identifier. Should be translated. + if [ x"$quiet_boot" = x0 ] || [ x"$type" != xsimple ]; then + message="$(gettext_printf "Loading initial ramdisk ...")" diff -Nru grub2-2.02~beta2/debian/patches/tftp-rollover-block-counter.patch grub2-2.02~beta2/debian/patches/tftp-rollover-block-counter.patch --- grub2-2.02~beta2/debian/patches/tftp-rollover-block-counter.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/tftp-rollover-block-counter.patch 2020-11-14 01:00:39.000000000 +0000 @@ -0,0 +1,80 @@ +From b2bd086d143301c2d70529b2858d55de91fdbb31 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 10 Sep 2020 17:17:57 +0200 +Subject: tftp: Roll-over block counter to prevent data packets timeouts + +Commit 781b3e5efc3 (tftp: Do not use priority queue) caused a regression +when fetching files over TFTP whose size is bigger than 65535 * block size. + + grub> linux /images/pxeboot/vmlinuz + grub> echo $? + 0 + grub> initrd /images/pxeboot/initrd.img + error: timeout reading '/images/pxeboot/initrd.img'. + grub> echo $? + 28 + +It is caused by the block number counter being a 16-bit field, which leads +to a maximum file size of ((1 << 16) - 1) * block size. Because GRUB sets +the block size to 1024 octets (by using the TFTP Blocksize Option from RFC +2348 [0]), the maximum file size that can be transferred is 67107840 bytes. + +The TFTP PROTOCOL (REVISION 2) RFC 1350 [1] does not mention what a client +should do when a file size is bigger than the maximum, but most TFTP hosts +support the block number counter to be rolled over. That is, acking a data +packet with a block number of 0 is taken as if the 65356th block was acked. + +It was working before because the block counter roll-over was happening due +an overflow. But that got fixed by the mentioned commit, which led to the +regression when attempting to fetch files larger than the maximum size. + +To allow TFTP file transfers of unlimited size again, re-introduce a block +counter roll-over so the data packets are acked preventing the timeouts. + +[0]: https://tools.ietf.org/html/rfc2348 +[1]: https://tools.ietf.org/html/rfc1350 + +Fixes: 781b3e5efc3 (tftp: Do not use priority queue) + +Suggested-by: Peter Jones +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper + +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1900773 +Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=a6838bbc6726ad624bd2b94991f690b8e9d23c69 +Last-Updated: 2020-11-09 +Patch-Name: tftp-rollover-block-counter.patch +--- + grub-core/net/tftp.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c +index e6566fa17..33c0b8214 100644 +--- a/grub-core/net/tftp.c ++++ b/grub-core/net/tftp.c +@@ -183,11 +183,22 @@ tftp_receive (grub_net_udp_socket_t sock __attribute__ ((unused)), + return GRUB_ERR_NONE; + } + +- /* Ack old/retransmitted block. */ +- if (grub_be_to_cpu16 (tftph->u.data.block) < data->block + 1) ++ /* ++ * Ack old/retransmitted block. ++ * ++ * The block number is a 16-bit counter, thus the maximum file size that ++ * could be transfered is 65535 * block size. Most TFTP hosts support to ++ * roll-over the block counter to allow unlimited transfer file size. ++ * ++ * This behavior is not defined in the RFC 1350 [0] but is implemented by ++ * most TFTP clients and hosts. ++ * ++ * [0]: https://tools.ietf.org/html/rfc1350 ++ */ ++ if (grub_be_to_cpu16 (tftph->u.data.block) < ((grub_uint16_t) (data->block + 1))) + ack (data, grub_be_to_cpu16 (tftph->u.data.block)); + /* Ignore unexpected block. */ +- else if (grub_be_to_cpu16 (tftph->u.data.block) > data->block + 1) ++ else if (grub_be_to_cpu16 (tftph->u.data.block) > ((grub_uint16_t) (data->block + 1))) + grub_dprintf ("tftp", "TFTP unexpected block # %d\n", tftph->u.data.block); + else + { diff -Nru grub2-2.02~beta2/debian/patches/tsc_efi_default_to_pmtimer.patch grub2-2.02~beta2/debian/patches/tsc_efi_default_to_pmtimer.patch --- grub2-2.02~beta2/debian/patches/tsc_efi_default_to_pmtimer.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/tsc_efi_default_to_pmtimer.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,34 @@ +From 70cd87708379d65593dfa1dd976479a9ea64791f Mon Sep 17 00:00:00 2001 +From: "David E. Box" +Date: Fri, 15 Sep 2017 15:37:05 -0700 +Subject: tsc: Change default tsc calibration method to pmtimer on EFI systems + +On efi systems, make pmtimer based tsc calibration the default over the +pit. This prevents Grub from hanging on Intel SoC systems that power gate +the pit. + +Signed-off-by: David E. Box +Reviewed-by: Daniel Kiper + +Origin: upstream, https://git.savannah.gnu.org/cgit/grub.git/commit/?id=446794de8da4329ea532cbee4ca877bcafd0e534 +Bug-Debian: https://bugs.debian.org/883193 +Last-Update: 2017-12-01 + +Patch-Name: tsc_efi_default_to_pmtimer.patch +--- + grub-core/kern/i386/tsc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: b/grub-core/kern/i386/tsc.c +=================================================================== +--- a/grub-core/kern/i386/tsc.c ++++ b/grub-core/kern/i386/tsc.c +@@ -84,7 +84,7 @@ grub_tsc_init (void) + #ifdef GRUB_MACHINE_XEN + (void) (grub_tsc_calibrate_from_xen () || calibrate_tsc_hardcode()); + #elif defined (GRUB_MACHINE_EFI) +- (void) (grub_tsc_calibrate_from_pit () || grub_tsc_calibrate_from_pmtimer () || grub_tsc_calibrate_from_efi() || calibrate_tsc_hardcode()); ++ (void) (grub_tsc_calibrate_from_pmtimer () || grub_tsc_calibrate_from_pit () || grub_tsc_calibrate_from_efi() || calibrate_tsc_hardcode()); + #elif defined (GRUB_MACHINE_COREBOOT) + (void) (grub_tsc_calibrate_from_pmtimer () || grub_tsc_calibrate_from_pit () || calibrate_tsc_hardcode()); + #else diff -Nru grub2-2.02~beta2/debian/patches/ubuntu-flavour-order.patch grub2-2.02~beta2/debian/patches/ubuntu-flavour-order.patch --- grub2-2.02~beta2/debian/patches/ubuntu-flavour-order.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/ubuntu-flavour-order.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,57 @@ +From 2d236733ca4d74521cefab7fbf5e0f00967a028b Mon Sep 17 00:00:00 2001 +From: Julian Andres Klode +Date: Tue, 9 Jun 2020 11:50:23 +0200 +Subject: UBUNTU: Add GRUB_FLAVOUR_ORDER configuration item + +This allows you to specify flavours that will be preferred +over other ones, and the order in which they are preferred +- items in the list win over items not in the list, and items +earlier in the list win over later ones. + +We still have to sort out storage of this, as we need to +inject that from packages or the UA client and similar, +and we can't just modify /etc/default/grub for that. + +LP: #1882663 +Patch-Name: ubuntu-flavour-order.patch +--- + util/grub-mkconfig.in | 3 ++- + util/grub-mkconfig_lib.in | 15 +++++++++++++++ + 2 files changed, 17 insertions(+), 1 deletion(-) + +--- a/util/grub-mkconfig.in ++++ b/util/grub-mkconfig.in +@@ -244,7 +244,8 @@ export GRUB_DEFAULT \ + GRUB_RECORDFAIL_TIMEOUT \ + GRUB_RECOVERY_TITLE \ + GRUB_FORCE_PARTUUID \ +- GRUB_DISABLE_INITRD ++ GRUB_DISABLE_INITRD \ ++ GRUB_FLAVOUR_ORDER + + if test "x${grub_cfg}" != "x"; then + rm -f "${grub_cfg}.new" +--- a/util/grub-mkconfig_lib.in ++++ b/util/grub-mkconfig_lib.in +@@ -269,6 +269,21 @@ version_test_gt () + if [ "x$version_test_gt_b" = "x" ] ; then + return 0 + fi ++ ++ # GRUB_FLAVOUR_ORDER is an ordered list of kernels, in decreasing ++ # priority. Any items in the list take precedence over other kernels, ++ # and earlier flavours are preferred over later ones. ++ for flavour in ${GRUB_FLAVOUR_ORDER:-}; do ++ version_test_gt_a_preferred=$(echo "$version_test_gt_a" | grep -- "-[0-9]*-$flavour\$") ++ version_test_gt_b_preferred=$(echo "$version_test_gt_b" | grep -- "-[0-9]*-$flavour\$") ++ ++ if [ -n "$version_test_gt_a_preferred" -a -z "$version_test_gt_b_preferred" ] ; then ++ return 0 ++ elif [ -z "$version_test_gt_a_preferred" -a -n "$version_test_gt_b_preferred" ] ; then ++ return 1 ++ fi ++ done ++ + case "$version_test_gt_a:$version_test_gt_b" in + *.old:*.old) ;; + *.old:*) version_test_gt_a="`echo -n "$version_test_gt_a" | sed -e 's/\.old$//'`" ; version_test_gt_cmp=gt ;; diff -Nru grub2-2.02~beta2/debian/patches/ubuntu-linuxefi-arm64-set-base-addr.patch grub2-2.02~beta2/debian/patches/ubuntu-linuxefi-arm64-set-base-addr.patch --- grub2-2.02~beta2/debian/patches/ubuntu-linuxefi-arm64-set-base-addr.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/ubuntu-linuxefi-arm64-set-base-addr.patch 2020-11-14 01:03:44.000000000 +0000 @@ -0,0 +1,64 @@ +From 3c882239552fa5b95e767403b0fd229967ff5263 Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Thu, 23 Apr 2020 15:06:46 +0200 +Subject: efi: Set image base address before jumping to the PE/COFF entry point + +Upstream GRUB uses the EFI LoadImage() and StartImage() to boot the Linux +kernel. But our custom EFI loader that supports Secure Boot instead uses +the EFI handover protocol (for x86) or jumping directly to the PE/COFF +entry point (for aarch64). + +This is done to allow the bootloader to verify the images using the shim +lock protocol to avoid booting untrusted binaries. + +Since the bootloader loads the kernel from the boot media instead of using +LoadImage(), it is responsible to set the Loaded Image base address before +booting the kernel. + +Otherwise the kernel EFI stub will complain that it was not set correctly +and print the following warning message: + +EFI stub: ERROR: FIRMWARE BUG: efi_loaded_image_t::image_base has bogus value + +Resolves: rhbz#1825411 + +Signed-off-by: Javier Martinez Canillas +[ dannf: Backport to use parameter offset (later renamed to kernel_offset); + Offset adjustment to apply to Ubuntu's GRUB ] + +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1900774 +Origin: https://github.com/rhboot/grub2/commit/1d5ef08216edec4d31d0e10cfdb30b5ebfef7a45 +Last-Updated: 2020-11-14 +Patch-Name: ubuntu-linuxefi-arm64-set-base-addr.patch +--- + grub-core/loader/efi/linux.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +Index: grub2-2.02~beta2/grub-core/loader/efi/linux.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/efi/linux.c ++++ grub2-2.02~beta2/grub-core/loader/efi/linux.c +@@ -71,8 +71,23 @@ grub_err_t + grub_efi_linux_boot (void *kernel_addr, grub_off_t offset, + void *kernel_params) + { ++ grub_efi_loaded_image_t *loaded_image = NULL; + handover_func hf; + ++ /* ++ * Since the EFI loader is not calling the LoadImage() and StartImage() ++ * services for loading the kernel and booting respectively, it has to ++ * set the Loaded Image base address. ++ */ ++ loaded_image = grub_efi_get_loaded_image (grub_efi_image_handle); ++ if (loaded_image) ++ loaded_image->image_base = kernel_addr; ++ else ++ grub_dprintf ("linux", "Loaded Image base address could not be set\n"); ++ ++ grub_dprintf ("linux", "kernel_addr: %p offset: %p params: %p\n", ++ kernel_addr, (void *)(grub_efi_uintn_t)offset, kernel_params); ++ + hf = (handover_func)((char *)kernel_addr + offset); + hf (grub_efi_image_handle, grub_efi_system_table, kernel_params); + diff -Nru grub2-2.02~beta2/debian/patches/ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch grub2-2.02~beta2/debian/patches/ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch --- grub2-2.02~beta2/debian/patches/ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,116 @@ +From a9ec17dcc442a6a0b09e480ca864746438cc3fad Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Wed, 11 Mar 2020 16:46:00 +0100 +Subject: ubuntu: Make the linux command in EFI grub always try EFI handover + +The previous implementation only boots via the EFI handover protocol when +secure boot is enabled. This means that disabling secure boot breaks some +features that depend on the kernel being booted via the EFI handover entry +point, such as retrieval of the TCG event log. + +Update the linux command to always attempt to defer to linuxefi in EFI grub +builds, regardless of whether secure boot is enabled or not. This also allows +a fallback to the non-EFI handover path on kernels that don't support it, but +only if secure boot is disabled. +--- + grub-core/loader/i386/efi/linux.c | 14 +++++---- + grub-core/loader/i386/linux.c | 47 +++++++++++++++++-------------- + 2 files changed, 35 insertions(+), 26 deletions(-) + +Index: grub2-2.02~beta2/grub-core/loader/i386/efi/linux.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/i386/efi/linux.c ++++ grub2-2.02~beta2/grub-core/loader/i386/efi/linux.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + GRUB_MOD_LICENSE ("GPLv3+"); + +@@ -189,11 +190,14 @@ grub_cmd_linux (grub_command_t cmd __att + goto fail; + } + +- rc = grub_linuxefi_secure_validate (kernel, filelen); +- if (rc < 0) ++ if (grub_efi_secure_boot ()) + { +- grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), argv[0]); +- goto fail; ++ rc = grub_linuxefi_secure_validate (kernel, filelen); ++ if (rc < 0) ++ { ++ grub_error (GRUB_ERR_ACCESS_DENIED, N_("%s has invalid signature"), argv[0]); ++ goto fail; ++ } + } + + params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384)); +Index: grub2-2.02~beta2/grub-core/loader/i386/linux.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/i386/linux.c ++++ grub2-2.02~beta2/grub-core/loader/i386/linux.c +@@ -701,35 +701,40 @@ grub_cmd_linux (grub_command_t cmd __att + + #ifdef GRUB_MACHINE_EFI + using_linuxefi = 0; +- if (grub_efi_secure_boot ()) +- { +- /* linuxefi requires a successful signature check and then hand over +- to the kernel without calling ExitBootServices. */ +- grub_dl_t mod; +- grub_command_t linuxefi_cmd; + +- grub_dprintf ("linux", "Secure Boot enabled: trying linuxefi\n"); ++ grub_dl_t mod; ++ grub_command_t linuxefi_cmd; ++ ++ grub_dprintf ("linux", "Trying linuxefi\n"); + +- mod = grub_dl_load ("linuxefi"); +- if (mod) ++ mod = grub_dl_load ("linuxefi"); ++ if (mod) ++ { ++ grub_dl_ref (mod); ++ linuxefi_cmd = grub_command_find ("linuxefi"); ++ initrdefi_cmd = grub_command_find ("initrdefi"); ++ if (linuxefi_cmd && initrdefi_cmd) + { +- grub_dl_ref (mod); +- linuxefi_cmd = grub_command_find ("linuxefi"); +- initrdefi_cmd = grub_command_find ("initrdefi"); +- if (linuxefi_cmd && initrdefi_cmd) ++ (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); ++ if (grub_errno == GRUB_ERR_NONE) ++ { ++ grub_dprintf ("linux", "Handing off to linuxefi\n"); ++ using_linuxefi = 1; ++ return GRUB_ERR_NONE; ++ } ++ else if (grub_efi_secure_boot ()) + { +- (linuxefi_cmd->func) (linuxefi_cmd, argc, argv); +- if (grub_errno == GRUB_ERR_NONE) +- { +- grub_dprintf ("linux", "Handing off to linuxefi\n"); +- using_linuxefi = 1; +- return GRUB_ERR_NONE; +- } +- grub_dprintf ("linux", "linuxefi failed (%d)\n", grub_errno); ++ grub_dprintf ("linux", "linuxefi failed and secure boot is enabled (%d)\n", grub_errno); + goto fail; + } + } + } ++ ++ if (grub_efi_secure_boot ()) ++ { ++ grub_dprintf("linux", "Unable to hand off to linuxefi and secure boot is enabled\n"); ++ goto fail; ++ } + #endif + + if (argc == 0) diff -Nru grub2-2.02~beta2/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch grub2-2.02~beta2/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch --- grub2-2.02~beta2/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/ubuntu-recovery-dis_ucode_ldr.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,33 @@ +From 8052bb59dd6b89c8937afcf9000c4c13a82acc8f Mon Sep 17 00:00:00 2001 +From: Julian Andres Klode +Date: Fri, 19 Jun 2020 12:57:19 +0200 +Subject: Pass dis_ucode_ldr to kernel for recovery mode + +In case of a botched microcode update, this allows people to +easily roll back. + +It will of course break in the more unlikely event that you are +missing a microcode update in your firmware that is needed to boot +the system, but editing the entry to remove an option is easier than +having to figure out the option and add it. + +LP: #1831789 +Patch-Name: ubuntu-recovery-dis_ucode_ldr.patch +--- + util/grub.d/10_linux.in | 4 ++++ + util/grub.d/10_linux_zfs.in | 24 +++++++++++++++--------- + 2 files changed, 19 insertions(+), 9 deletions(-) + +--- a/util/grub.d/10_linux.in ++++ b/util/grub.d/10_linux.in +@@ -228,6 +228,10 @@ case "$machine" in + *) GENKERNEL_ARCH="$machine" ;; + esac + ++case "$GENKERNEL_ARCH" in ++ x86*) GRUB_CMDLINE_LINUX_RECOVERY="$GRUB_CMDLINE_LINUX_RECOVERY dis_ucode_ldr";; ++esac ++ + prepare_boot_cache= + prepare_root_cache= + boot_device_id= diff -Nru grub2-2.02~beta2/debian/patches/ubuntu-Update-the-linux-boot-protocol-version-check.patch grub2-2.02~beta2/debian/patches/ubuntu-Update-the-linux-boot-protocol-version-check.patch --- grub2-2.02~beta2/debian/patches/ubuntu-Update-the-linux-boot-protocol-version-check.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/ubuntu-Update-the-linux-boot-protocol-version-check.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,25 @@ +From e13f71514b0b6ca3b3e15cb8013a8db1e47d3ea9 Mon Sep 17 00:00:00 2001 +From: Chris Coulson +Date: Wed, 11 Mar 2020 16:46:41 +0100 +Subject: ubuntu: Update the linux boot protocol version check. + +The EFI implementation of grub_cmd_linux makes use of xloadflags which was +introduced in to version 2.12 of the kernel's boot protocol, so update the +check accordingly. +--- + grub-core/loader/i386/efi/linux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: grub2-2.02~beta2/grub-core/loader/i386/efi/linux.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/loader/i386/efi/linux.c ++++ grub2-2.02~beta2/grub-core/loader/i386/efi/linux.c +@@ -226,7 +226,7 @@ grub_cmd_linux (grub_command_t cmd __att + goto fail; + } + +- if (lh.version < grub_cpu_to_le16 (0x020b)) ++ if (lh.version < grub_cpu_to_le16 (0x020c)) + { + grub_error (GRUB_ERR_BAD_OS, N_("kernel too old")); + goto fail; diff -Nru grub2-2.02~beta2/debian/patches/Use-EFI_SIMPLE_TEXT_INPUT_EX-to-support-key-combinat.patch grub2-2.02~beta2/debian/patches/Use-EFI_SIMPLE_TEXT_INPUT_EX-to-support-key-combinat.patch --- grub2-2.02~beta2/debian/patches/Use-EFI_SIMPLE_TEXT_INPUT_EX-to-support-key-combinat.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/Use-EFI_SIMPLE_TEXT_INPUT_EX-to-support-key-combinat.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,279 @@ +From 9e5f70174ec960a0077f20bb74cb9f4da9b57e7b Mon Sep 17 00:00:00 2001 +From: Peter Jones +Date: Sun, 25 Oct 2015 16:36:28 +0100 +Subject: [PATCH] Use EFI_SIMPLE_TEXT_INPUT_EX to support key combinations. + +--- + grub-core/term/efi/console.c | 120 +++++++++++++++++++++++++++++++++++-------- + include/grub/efi/api.h | 65 ++++++++++++++++++++++- + 2 files changed, 163 insertions(+), 22 deletions(-) + +Index: grub2-2.02~beta2/grub-core/term/efi/console.c +=================================================================== +--- grub2-2.02~beta2.orig/grub-core/term/efi/console.c ++++ grub2-2.02~beta2/grub-core/term/efi/console.c +@@ -104,26 +104,12 @@ const unsigned efi_codes[] = + GRUB_TERM_KEY_DC, GRUB_TERM_KEY_PPAGE, GRUB_TERM_KEY_NPAGE, GRUB_TERM_KEY_F1, + GRUB_TERM_KEY_F2, GRUB_TERM_KEY_F3, GRUB_TERM_KEY_F4, GRUB_TERM_KEY_F5, + GRUB_TERM_KEY_F6, GRUB_TERM_KEY_F7, GRUB_TERM_KEY_F8, GRUB_TERM_KEY_F9, +- GRUB_TERM_KEY_F10, 0, 0, '\e' ++ GRUB_TERM_KEY_F10, GRUB_TERM_KEY_F11, GRUB_TERM_KEY_F12, '\e' + }; + +- + static int +-grub_console_getkey (struct grub_term_input *term __attribute__ ((unused))) ++grub_efi_translate_key (grub_efi_input_key_t key) + { +- grub_efi_simple_input_interface_t *i; +- grub_efi_input_key_t key; +- grub_efi_status_t status; +- +- if (grub_efi_is_finished) +- return 0; +- +- i = grub_efi_system_table->con_in; +- status = efi_call_2 (i->read_key_stroke, i, &key); +- +- if (status != GRUB_EFI_SUCCESS) +- return GRUB_TERM_NO_KEY; +- + if (key.scan_code == 0) + { + /* Some firmware implementations use VT100-style codes against the spec. +@@ -139,9 +125,100 @@ grub_console_getkey (struct grub_term_in + else if (key.scan_code < ARRAY_SIZE (efi_codes)) + return efi_codes[key.scan_code]; + ++ if (key.unicode_char >= 0x20 && key.unicode_char <= 0x7f ++ || key.unicode_char == '\t' || key.unicode_char == '\b' ++ || key.unicode_char == '\n' || key.unicode_char == '\r') ++ return key.unicode_char; ++ + return GRUB_TERM_NO_KEY; + } + ++static int ++grub_console_getkey_con (struct grub_term_input *term __attribute__ ((unused))) ++{ ++ grub_efi_simple_input_interface_t *i; ++ grub_efi_input_key_t key; ++ grub_efi_status_t status; ++ ++ i = grub_efi_system_table->con_in; ++ status = efi_call_2 (i->read_key_stroke, i, &key); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ return GRUB_TERM_NO_KEY; ++ ++ return grub_efi_translate_key(key); ++} ++ ++static int ++grub_console_getkey_ex(struct grub_term_input *term) ++{ ++ grub_efi_key_data_t key_data; ++ grub_efi_status_t status; ++ grub_efi_uint32_t kss; ++ int key = -1; ++ ++ grub_efi_simple_text_input_ex_interface_t *text_input = term->data; ++ ++ status = efi_call_2 (text_input->read_key_stroke, text_input, &key_data); ++ ++ if (status != GRUB_EFI_SUCCESS) ++ return GRUB_TERM_NO_KEY; ++ ++ kss = key_data.key_state.key_shift_state; ++ key = grub_efi_translate_key(key_data.key); ++ ++ if (key == GRUB_TERM_NO_KEY) ++ return GRUB_TERM_NO_KEY; ++ ++ if (kss & GRUB_EFI_SHIFT_STATE_VALID) ++ { ++ if ((kss & GRUB_EFI_LEFT_SHIFT_PRESSED ++ || kss & GRUB_EFI_RIGHT_SHIFT_PRESSED) ++ && (key & GRUB_TERM_EXTENDED)) ++ key |= GRUB_TERM_SHIFT; ++ if (kss & GRUB_EFI_LEFT_ALT_PRESSED || kss & GRUB_EFI_RIGHT_ALT_PRESSED) ++ key |= GRUB_TERM_ALT; ++ if (kss & GRUB_EFI_LEFT_CONTROL_PRESSED ++ || kss & GRUB_EFI_RIGHT_CONTROL_PRESSED) ++ key |= GRUB_TERM_CTRL; ++ } ++ ++ return key; ++} ++ ++static grub_err_t ++grub_efi_console_input_init (struct grub_term_input *term) ++{ ++ grub_efi_guid_t text_input_ex_guid = ++ GRUB_EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL_GUID; ++ ++ if (grub_efi_is_finished) ++ return 0; ++ ++ grub_efi_simple_text_input_ex_interface_t *text_input = term->data; ++ if (text_input) ++ return 0; ++ ++ text_input = grub_efi_open_protocol(grub_efi_system_table->console_in_handler, ++ &text_input_ex_guid, ++ GRUB_EFI_OPEN_PROTOCOL_GET_PROTOCOL); ++ term->data = (void *)text_input; ++ ++ return 0; ++} ++ ++static int ++grub_console_getkey (struct grub_term_input *term) ++{ ++ if (grub_efi_is_finished) ++ return 0; ++ ++ if (term->data) ++ return grub_console_getkey_ex(term); ++ else ++ return grub_console_getkey_con(term); ++} ++ + static struct grub_term_coordinate + grub_console_getwh (struct grub_term_output *term __attribute__ ((unused))) + { +@@ -243,7 +320,7 @@ grub_console_setcursor (struct grub_term + } + + static grub_err_t +-grub_efi_console_init (struct grub_term_output *term) ++grub_efi_console_output_init (struct grub_term_output *term) + { + grub_efi_set_text_mode (1); + grub_console_setcursor (term, 1); +@@ -251,7 +328,7 @@ grub_efi_console_init (struct grub_term_ + } + + static grub_err_t +-grub_efi_console_fini (struct grub_term_output *term) ++grub_efi_console_output_fini (struct grub_term_output *term) + { + grub_console_setcursor (term, 0); + grub_efi_set_text_mode (0); +@@ -262,13 +339,14 @@ static struct grub_term_input grub_conso + { + .name = "console", + .getkey = grub_console_getkey, ++ .init = grub_efi_console_input_init, + }; + + static struct grub_term_output grub_console_term_output = + { + .name = "console", +- .init = grub_efi_console_init, +- .fini = grub_efi_console_fini, ++ .init = grub_efi_console_output_init, ++ .fini = grub_efi_console_output_fini, + .putchar = grub_console_putchar, + .getwh = grub_console_getwh, + .getxy = grub_console_getxy, +@@ -291,8 +369,8 @@ grub_console_init (void) + return; + } + +- grub_term_register_input ("console", &grub_console_term_input); + grub_term_register_output ("console", &grub_console_term_output); ++ grub_term_register_input ("console", &grub_console_term_input); + } + + void +Index: grub2-2.02~beta2/include/grub/efi/api.h +=================================================================== +--- grub2-2.02~beta2.orig/include/grub/efi/api.h ++++ grub2-2.02~beta2/include/grub/efi/api.h +@@ -114,7 +114,7 @@ + { 0x8e, 0x39, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b } \ + } + +-#define EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL_GUID \ ++#define GRUB_EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL_GUID \ + { 0xdd9e7534, 0x7762, 0x4698, \ + { 0x8c, 0x14, 0xf5, 0x85, 0x17, 0xa6, 0x25, 0xaa } \ + } +@@ -977,6 +977,32 @@ struct grub_efi_input_key + }; + typedef struct grub_efi_input_key grub_efi_input_key_t; + ++typedef grub_efi_uint8_t grub_efi_key_toggle_state_t; ++struct grub_efi_key_state ++{ ++ grub_efi_uint32_t key_shift_state; ++ grub_efi_key_toggle_state_t key_toggle_state; ++}; ++typedef struct grub_efi_key_state grub_efi_key_state_t; ++ ++#define GRUB_EFI_SHIFT_STATE_VALID 0x80000000 ++#define GRUB_EFI_RIGHT_SHIFT_PRESSED 0x00000001 ++#define GRUB_EFI_LEFT_SHIFT_PRESSED 0x00000002 ++#define GRUB_EFI_RIGHT_CONTROL_PRESSED 0x00000004 ++#define GRUB_EFI_LEFT_CONTROL_PRESSED 0x00000008 ++#define GRUB_EFI_RIGHT_ALT_PRESSED 0x00000010 ++#define GRUB_EFI_LEFT_ALT_PRESSED 0x00000020 ++#define GRUB_EFI_RIGHT_LOGO_PRESSED 0x00000040 ++#define GRUB_EFI_LEFT_LOGO_PRESSED 0x00000080 ++#define GRUB_EFI_MENU_KEY_PRESSED 0x00000100 ++#define GRUB_EFI_SYS_REQ_PRESSED 0x00000200 ++ ++#define GRUB_EFI_TOGGLE_STATE_VALID 0x80 ++#define GRUB_EFI_KEY_STATE_EXPOSED 0x40 ++#define GRUB_EFI_SCROLL_LOCK_ACTIVE 0x01 ++#define GRUB_EFI_NUM_LOCK_ACTIVE 0x02 ++#define GRUB_EFI_CAPS_LOCK_ACTIVE 0x04 ++ + struct grub_efi_simple_text_output_mode + { + grub_efi_int32_t max_mode; +@@ -1319,6 +1345,43 @@ struct grub_efi_simple_input_interface + }; + typedef struct grub_efi_simple_input_interface grub_efi_simple_input_interface_t; + ++struct grub_efi_key_data { ++ grub_efi_input_key_t key; ++ grub_efi_key_state_t key_state; ++}; ++typedef struct grub_efi_key_data grub_efi_key_data_t; ++ ++typedef grub_efi_status_t (*grub_efi_key_notify_function_t) ( ++ grub_efi_key_data_t *key_data ++ ); ++ ++struct grub_efi_simple_text_input_ex_interface ++{ ++ grub_efi_status_t ++ (*reset) (struct grub_efi_simple_text_input_ex_interface *this, ++ grub_efi_boolean_t extended_verification); ++ ++ grub_efi_status_t ++ (*read_key_stroke) (struct grub_efi_simple_text_input_ex_interface *this, ++ grub_efi_key_data_t *key_data); ++ ++ grub_efi_event_t wait_for_key; ++ ++ grub_efi_status_t ++ (*set_state) (struct grub_efi_simple_text_input_ex_interface *this, ++ grub_efi_key_toggle_state_t *key_toggle_state); ++ ++ grub_efi_status_t ++ (*register_key_notify) (struct grub_efi_simple_text_input_ex_interface *this, ++ grub_efi_key_data_t *key_data, ++ grub_efi_key_notify_function_t key_notification_function); ++ ++ grub_efi_status_t ++ (*unregister_key_notify) (struct grub_efi_simple_text_input_ex_interface *this, ++ void *notification_handle); ++}; ++typedef struct grub_efi_simple_text_input_ex_interface grub_efi_simple_text_input_ex_interface_t; ++ + struct grub_efi_simple_text_output_interface + { + grub_efi_status_t diff -Nru grub2-2.02~beta2/debian/patches/zpool_full_device_name.patch grub2-2.02~beta2/debian/patches/zpool_full_device_name.patch --- grub2-2.02~beta2/debian/patches/zpool_full_device_name.patch 1970-01-01 00:00:00.000000000 +0000 +++ grub2-2.02~beta2/debian/patches/zpool_full_device_name.patch 2020-08-24 08:54:59.000000000 +0000 @@ -0,0 +1,31 @@ +From 4a35328805da7f65dd96405c8c2247b71156c0a4 Mon Sep 17 00:00:00 2001 +From: Chad MILLER +Date: Thu, 27 Oct 2016 17:15:07 -0400 +Subject: Tell zpool to emit full device names + +zfs-initramfs currently provides extraneous, undesired symlinks to +devices directly underneath /dev/ to satisfy zpool's historical output +of unqualified device names. By including this environment variable to +signal our intent to zpool, zfs-linux packages can drop the symlink +behavior when updating to its upstream or backported output behavior. + +Bug: https://savannah.gnu.org/bugs/?43653 +Bug-Debian: https://bugs.debian.org/824974 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1527727 +Last-Update: 2016-11-01 + +Patch-Name: zpool_full_device_name.patch +--- + grub-core/osdep/unix/getroot.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/grub-core/osdep/unix/getroot.c ++++ b/grub-core/osdep/unix/getroot.c +@@ -243,6 +243,7 @@ grub_util_find_root_devices_from_poolnam + argv[2] = poolname; + argv[3] = NULL; + ++ setenv ("ZPOOL_VDEV_NAME_PATH", "YES", 1); + pid = grub_util_exec_pipe (argv, &fd); + if (!pid) + return NULL; diff -Nru grub2-2.02~beta2/debian/po/ar.po grub2-2.02~beta2/debian/po/ar.po --- grub2-2.02~beta2/debian/po/ar.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/ar.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: grub.ar\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2010-07-16 02:38+0300\n" "Last-Translator: Ossama M. Khayat \n" "Language-Team: Arabic \n" @@ -362,15 +362,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "سطر أوامر KFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 #, fuzzy #| msgid "" #| "The following kFreeBSD command line was extracted from /etc/default/grub " @@ -387,13 +404,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "سطر أوامر KFreeBSD الافتراضي:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -403,13 +420,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "تم إعادة إنشاء /boot/grub/device.map" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -421,7 +438,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 #, fuzzy #| msgid "" #| "However, since you have more than one disk in your system, it is possible " @@ -441,7 +458,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 #, fuzzy #| msgid "" #| "If you do not understand this message, or if you do not have any custom " diff -Nru grub2-2.02~beta2/debian/po/ast.po grub2-2.02~beta2/debian/po/ast.po --- grub2-2.02~beta2/debian/po/ast.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/ast.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2012-01-27 11:10+0100\n" "Last-Translator: Mikel González \n" "Language-Team: Asturian \n" @@ -349,15 +349,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Linia comandos kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -369,13 +386,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Llínia comandos por defeutu kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -385,13 +402,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map foi xeneráu" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -404,7 +421,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -418,7 +435,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/be.po grub2-2.02~beta2/debian/po/be.po --- grub2-2.02~beta2/debian/po/be.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/be.po 2020-08-24 08:54:59.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: be\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-15 05:50+0300\n" "Last-Translator: Viktar Siarheichyk \n" "Language-Team: Debian l10n team for Belarusian \n" "Language-Team: Български \n" @@ -361,15 +361,32 @@ "път. В такъв случай трябва да се уверите, че GRUB е настроен да зарежда " "другите операционни системи." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Команден ред за kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -381,13 +398,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Параметри на Линукс по подразбиране:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -397,13 +414,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map е създаден наново" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -416,7 +433,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -430,7 +447,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/ca.po grub2-2.02~beta2/debian/po/ca.po --- grub2-2.02~beta2/debian/po/ca.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/ca.po 2020-08-24 08:54:59.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: grub2 1.99-5\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2011-05-30 22:57+0200\n" "Last-Translator: Jordi Mallach \n" "Language-Team: Catalan \n" @@ -355,15 +355,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Línia d'ordres de kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -376,13 +393,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Línia d'ordres de kFreeBSD per defecte:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -392,13 +409,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "S'ha regenerat el fitxer «/boot/grub/device.map»" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -411,7 +428,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -425,7 +442,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/cs.po grub2-2.02~beta2/debian/po/cs.po --- grub2-2.02~beta2/debian/po/cs.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/cs.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-21 10:32+0100\n" "Last-Translator: Miroslav Kure \n" "Language-Team: Czech \n" @@ -347,21 +347,38 @@ msgstr "" "Některé systémy používající EFI obsahují chyby a neumí správně pracovat s " "novými zavaděči. Vynutíte-li další instalaci GRUBu do EFI cesty pro výměnná, " -"média, mělo by to zajistit, že se na tomto systému bude Debian zavádět " -"i přes zmíněné chyby. Tím však můžete přijít o možnost zavádění jiných " +"média, mělo by to zajistit, že se na tomto systému bude Debian zavádět i " +"přes zmíněné chyby. Tím však můžete přijít o možnost zavádění jiných " "operačních systémů, které na této cestě také závisí. V takovém případě si " "budete muset pohlídat nastavení GRUBu, aby zvládlo zavést ostatní operační " "systémy." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Parametry pro kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -374,13 +391,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Výchozí parametry pro kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -390,13 +407,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map byl aktualizován" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -409,7 +426,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -423,7 +440,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/cy.po grub2-2.02~beta2/debian/po/cy.po --- grub2-2.02~beta2/debian/po/cy.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/cy.po 2020-08-24 08:54:59.000000000 +0000 @@ -10,7 +10,7 @@ msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2012-06-16 22:25-0000\n" "Last-Translator: Dafydd Tomos \n" "Language-Team: Welsh\n" @@ -356,15 +356,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Llinell orchymyn kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -376,13 +393,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Llinell orchymyn ddiofyn kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -392,13 +409,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "Mae'r ffeil /boot/grub/device.map wedi ei ail-greu" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -411,7 +428,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -425,7 +442,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/da.po grub2-2.02~beta2/debian/po/da.po --- grub2-2.02~beta2/debian/po/da.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/da.po 2020-08-24 08:54:59.000000000 +0000 @@ -20,7 +20,7 @@ msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2015-03-27 17:30+01:00\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" @@ -368,18 +368,35 @@ "starte Debian korrekt op på trods af et sådant problem. Det kan dog fjerne " "muligheden for at starte et andet operativsystem op, som også afhænger af " "denne sti. Hvis dette er tilfældet, så skal du sikre dig, at GRUB er " -"konfigureret succesfuldt for at kunne starte andre operativsystemer " -"op korrekt." +"konfigureret succesfuldt for at kunne starte andre operativsystemer op " +"korrekt." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Kommandolinje for kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -391,13 +408,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Standardkommandolinje i kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -407,13 +424,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map er blevet gendannet" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -426,7 +443,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -440,7 +457,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/de.po grub2-2.02~beta2/debian/po/de.po --- grub2-2.02~beta2/debian/po/de.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/de.po 2020-08-24 08:54:59.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: grub2 1.98+20100710-2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-21 18:29+0100\n" "Last-Translator: Martin Eberhard Schauer \n" "Language-Team: German \n" @@ -364,22 +364,39 @@ msgstr "" "Einige EFI-basierte Systeme haben einen Fehler und handhaben neue Bootloader " "nicht korrekt. Falls Sie eine zusätzliche Installation von GRUB in den Pfad " -"für EFI-Wechselmedien erzwingen, sollten Sie gewährleisten, dass das " -"System Debian trotz dieses Problems korrekt startet. Es besteht jedoch die " +"für EFI-Wechselmedien erzwingen, sollten Sie gewährleisten, dass das System " +"Debian trotz dieses Problems korrekt startet. Es besteht jedoch die " "Möglichkeit, dass ein anderes von diesem Pfad abhängiges Betriebssystem " "nicht mehr starten kann. In diesem Fall müssen Sie sicherstellen, dass GRUB " "erfolgreich konfiguriert wurde und Installationen beliebiger anderer " "Betriebssystem korrekt starten können." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Befehlszeile für kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -392,13 +409,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Standard-Befehlszeile für kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -408,13 +425,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map wurde neu erstellt." #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -427,7 +444,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -441,11 +458,10 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." msgstr "" "Wenn Sie diese Nachricht nicht verstehen oder wenn keine modifizierten Boot-" "Menü-Einträge vorhanden sind, können Sie diese Nachricht ignorieren." - diff -Nru grub2-2.02~beta2/debian/po/dz.po grub2-2.02~beta2/debian/po/dz.po --- grub2-2.02~beta2/debian/po/dz.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/dz.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2001-12-31 19:57-0500\n" "Last-Translator: Dawa \n" "Language-Team: Dzongkha \n" @@ -343,15 +343,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD བརྡ་བཀོད་གྲལ་ཐིག་:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -363,13 +380,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD སྔོན་སྒྲིག་བརྡ་བཀོད་གྲལ་ཐིག་:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -379,13 +396,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map འདི་ ལོག་བཟོ་ཡོདཔ།" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -397,7 +414,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -410,7 +427,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/el.po grub2-2.02~beta2/debian/po/el.po --- grub2-2.02~beta2/debian/po/el.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/el.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2012-08-17 14:44+0300\n" "Last-Translator: pankgeorg\n" "Language-Team: Greek \n" @@ -67,8 +67,8 @@ "by issuing the following command as root:" msgstr "" "Όποια κι αν είναι η απόφασή σας, μπορείτε να αντικαταστήσετε αργότερα το " -"προηγούμενο αντίγραφο του MBR με τη βοήθεια του GRUB 2, εκτελώντας ως χρήστης " -"root την ακόλουθη εντολή: " +"προηγούμενο αντίγραφο του MBR με τη βοήθεια του GRUB 2, εκτελώντας ως " +"χρήστης root την ακόλουθη εντολή: " #. Type: multiselect #. Description @@ -143,10 +143,10 @@ msgstr "" "Ο φορτωτής εκκίνησης GRUB είχε εγκατασταθεί προηγουμένως σε έναν δίσκο που " "δεν είναι πλέον παρών στο σύστημα ή που ο μοναδικός κωδικός αναγνώρισής του " -"έχει για κάποιο λόγο αλλάξει. Είναι σημαντικό να βεβαιωθείτε ότι το " -"κύριο εγκατεστημένο αντίγραφο του GRUB παραμένει συγχρονισμένο με τις" -"ενότητεςτου GRUB στο αρχείο grub.cfg. Παρακαλώ ελέγξτε ξανά για να" -"σιγουρευτείτε ότι το GRUB έχει εγγραφεί στις κατάλληλες εκκινήσιμες συσκευές." +"έχει για κάποιο λόγο αλλάξει. Είναι σημαντικό να βεβαιωθείτε ότι το κύριο " +"εγκατεστημένο αντίγραφο του GRUB παραμένει συγχρονισμένο με τιςενότητεςτου " +"GRUB στο αρχείο grub.cfg. Παρακαλώ ελέγξτε ξανά για νασιγουρευτείτε ότι το " +"GRUB έχει εγγραφεί στις κατάλληλες εκκινήσιμες συσκευές." #. Type: text #. Description @@ -184,15 +184,14 @@ "Do you want to continue anyway? If you do, your computer may not start up " "properly." msgstr "" -"Θέλετε να συνεχίσετε παρόλα αυτά; Αν ναι, είναι πιθανόν ο υπολογιστής σας " -"να μην μπορεί να εκκινήσει κανονικά." +"Θέλετε να συνεχίσετε παρόλα αυτά; Αν ναι, είναι πιθανόν ο υπολογιστής σας να " +"μην μπορεί να εκκινήσει κανονικά." #. Type: boolean #. Description #: ../grub-pc.templates.in:8001 msgid "Writing GRUB to boot device failed - try again?" -msgstr "" -"Η εγγραφή του GRUB στη συσκευή εκκίνησης απέτυχε - Επανάληψη;" +msgstr "Η εγγραφή του GRUB στη συσκευή εκκίνησης απέτυχε - Επανάληψη;" #. Type: boolean #. Description @@ -227,8 +226,8 @@ "συνεχίσετε, το πρόγραμμα εκκίνησης πιθανόν να μην έχει ρυθμιστεί σωστά και " "στην επανεκκίνηση του υπολογιστή σας θα χρησιμοποιήσει οτιδήποτε υπήρχε από " "πριν στον τομέα εκκίνησης. Αν υπάρχει μια προηγούμενη έκδοση του GRUB 2 στον " -"τομέα εκκίνησης, πιθανόν να μην μπορεί να φορτώσει κάποιες ενότητες αλλά ούτε" -"να χειριστεί το τρέχον αρχείο ρυθμίσεων." +"τομέα εκκίνησης, πιθανόν να μην μπορεί να φορτώσει κάποιες ενότητες αλλά " +"ούτενα χειριστεί το τρέχον αρχείο ρυθμίσεων." #. Type: boolean #. Description @@ -307,9 +306,9 @@ "You should generally finish the conversion to GRUB 2 unless these boot " "records were created by a GRUB 2 installation on some other operating system." msgstr "" -"Στη γενική περίπτωση θα πρέπει να τελειώσετε την μετατροπή σε GRUB 2 εκτός" -"κι αν αυτά τα αρχεία εκκίνησης έχουν δημιουργηθεί από μια εγκατάσταση του " -"GRUB 2 σε ένα άλλο λειτουργικό σύστημα." +"Στη γενική περίπτωση θα πρέπει να τελειώσετε την μετατροπή σε GRUB 2 εκτόςκι " +"αν αυτά τα αρχεία εκκίνησης έχουν δημιουργηθεί από μια εγκατάσταση του GRUB " +"2 σε ένα άλλο λειτουργικό σύστημα." #. Type: string #. Description @@ -351,8 +350,7 @@ #. Description #: ../templates.in:3001 msgid "Force extra installation to the EFI removable media path?" -msgstr "" -"Να γίνει εξαναγκασμένη εγκατάσταση στην αποσπώμενη EFI συσκευή;" +msgstr "Να γίνει εξαναγκασμένη εγκατάσταση στην αποσπώμενη EFI συσκευή;" #. Type: boolean #. Description @@ -367,23 +365,40 @@ "OS installations correctly." msgstr "" "Μερικά συστήματα που βασίζουνται στο EFI είναι ελλειπώς ανεπτυγμένα και δεν " -"διαχειρίζονται τα νέα προγράμματα εκκίνησης σωστά. Αν εξαναγκάσετε το σύστημα " -"να κάνει εγκατάσταση του GRUB στην αποσπώμενη EFI συσκευή, είναι βέβαιο ότι " -"αυτό το σύστημα θα δύναται να εκκινεί το Debian σωστά, ακόμα και να " -"εμφανιστεί τέτοιο πρόβλημα. Παρόλα αυτά, ίσβς αφαιρέσει τη δυνατότητα να " +"διαχειρίζονται τα νέα προγράμματα εκκίνησης σωστά. Αν εξαναγκάσετε το " +"σύστημα να κάνει εγκατάσταση του GRUB στην αποσπώμενη EFI συσκευή, είναι " +"βέβαιο ότι αυτό το σύστημα θα δύναται να εκκινεί το Debian σωστά, ακόμα και " +"να εμφανιστεί τέτοιο πρόβλημα. Παρόλα αυτά, ίσβς αφαιρέσει τη δυνατότητα να " "εκκινείτε οποιοδήποτε άλλο λειτουργικό σύστημα που ίσως εξαρτάται από αυτή " "τη συσκευή. Αν υπάρχει άλλο λειτουργικό σύστημα, θα χρειαστεί να σιγουρέψετε " "ότι ο GRUB είναι σωστά ρυθμισμένος να φορτώνει όλα τα άλλα λειτουργικά. " -#. Type: string +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Γραμμή εντολών kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -396,13 +411,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Προκαθορισμένη γραμμή εντολών kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -413,13 +428,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "Το αρχείο /boot/grub/device.map έχει αναδημιουργηθεί" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -432,7 +447,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -447,7 +462,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/eo.po grub2-2.02~beta2/debian/po/eo.po --- grub2-2.02~beta2/debian/po/eo.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/eo.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: grub2 2.02-18\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-13 21:14-0300\n" "Last-Translator: Felipe Castro \n" "Language-Team: Esperanto \n" @@ -354,15 +354,32 @@ "Tiaokaze, vi devas certigi ke GRUB estas sukcese agordita tiel ke ĝi " "kapablos ekŝargi iun ajn alian OS-instalon ĝuste." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Ordon-linio de kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -375,13 +392,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Implicita komand-linio de kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -391,13 +408,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map estas regenerita" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -410,7 +427,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -424,7 +441,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/es.po grub2-2.02~beta2/debian/po/es.po --- grub2-2.02~beta2/debian/po/es.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/es.po 2020-08-24 08:54:59.000000000 +0000 @@ -36,7 +36,7 @@ msgstr "" "Project-Id-Version: grub2 1.99-5\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-11 23:57+0100\n" "Last-Translator: Manuel \"Venturi\" Porras Peralta \n" @@ -397,15 +397,32 @@ "configurado correctamente para ser capaz de iniciar sin problemas cualquier " "otro sistema operativo instalado." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Línea de órdenes de kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -418,13 +435,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Línea de órdenes predeterminada de kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -434,13 +451,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "Se ha regenerado el fichero «/boot/grub/device.map»" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -453,7 +470,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -467,7 +484,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/eu.po grub2-2.02~beta2/debian/po/eu.po --- grub2-2.02~beta2/debian/po/eu.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/eu.po 2020-08-24 08:54:59.000000000 +0000 @@ -9,7 +9,7 @@ msgstr "" "Project-Id-Version: grub2_2.02~beta2-18\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-16 09:10+0100\n" "Last-Translator: Iñaki Larrañaga Murgoitio \n" "Language-Team: Basque \n" @@ -361,15 +361,32 @@ "dezake. Horrela bada, ziurtatu zaitez GRUB ongi konfiguratuta dagoela beste " "edozer SE-ren instalazioak ongi abiatzeko." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "KFreeBSD-ko komando-lerroa:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -381,13 +398,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "KFreeBSD-ko komando-lerro lehenetsia:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -397,13 +414,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map berriro sortu da" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -415,7 +432,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -429,7 +446,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/fa.po grub2-2.02~beta2/debian/po/fa.po --- grub2-2.02~beta2/debian/po/fa.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/fa.po 2020-08-24 08:54:59.000000000 +0000 @@ -2,7 +2,7 @@ msgstr "" "Project-Id-Version: fa\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: \n" "Last-Translator: Behrad Eslamifar \n" "Language-Team: debian-l10n-persian \n" @@ -344,15 +344,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "خط فرمان kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -364,13 +381,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "خط فرمان پیش فرض kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -380,13 +397,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map بازسازی شده است." #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -399,7 +416,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -413,7 +430,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/fi.po grub2-2.02~beta2/debian/po/fi.po --- grub2-2.02~beta2/debian/po/fi.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/fi.po 2020-08-24 08:54:59.000000000 +0000 @@ -4,7 +4,7 @@ msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-27 18:53+0200\n" "Last-Translator: Timo Jyrinki \n" "Language-Team: Finnish \n" @@ -360,15 +360,32 @@ "tulee varmistaa, että GRUBin asetukset on tehty niin, että GRUBista voidaan " "käynnistää nämä muut käyttöjärjestelmät oikein." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD:n komentorivi:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -381,13 +398,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD:n oletuskomentorivi:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -397,13 +414,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map on luotu uudelleen" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -416,7 +433,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -430,7 +447,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/fr.po grub2-2.02~beta2/debian/po/fr.po --- grub2-2.02~beta2/debian/po/fr.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/fr.po 2020-08-24 08:54:59.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: fr\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-14 08:09+0100\n" "Last-Translator: Christian Perrier \n" "Language-Team: French \n" @@ -374,15 +374,32 @@ "devez vous assurer que GRUB lui-même est configuré pour démarrer les autres " "systèmes d'exploitation." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Ligne de commande de kFreeBSD :" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -395,13 +412,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Ligne de commande par défaut de kFreeBSD :" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -411,13 +428,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "Recréation de /boot/grub/device.map" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -430,7 +447,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -445,7 +462,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/gl.po grub2-2.02~beta2/debian/po/gl.po --- grub2-2.02~beta2/debian/po/gl.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/gl.po 2020-08-24 08:54:59.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: grub2_1.98+20100804-2_gl\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2012-06-13 16:13+0200\n" "Last-Translator: Jorge Barreiro \n" "Language-Team: Galician \n" @@ -359,15 +359,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Liña de comando de kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -380,13 +397,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Liña de comando por defecto para kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -396,13 +413,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map foi rexenerado." #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -415,7 +432,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -429,7 +446,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/gu.po grub2-2.02~beta2/debian/po/gu.po --- grub2-2.02~beta2/debian/po/gu.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/gu.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: grub-gu\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2012-03-04 09:56+0530\n" "Last-Translator: Kartik Mistry \n" "Language-Team: Gujarati \n" @@ -336,15 +336,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD આદેશ:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -356,13 +373,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD મૂળભૂત આદેશ:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -372,13 +389,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map ફરી બનાવવામાં આવી છે" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -390,7 +407,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -403,7 +420,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/he.po grub2-2.02~beta2/debian/po/he.po --- grub2-2.02~beta2/debian/po/he.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/he.po 2020-08-24 08:54:59.000000000 +0000 @@ -9,7 +9,7 @@ msgstr "" "Project-Id-Version: grub_debian_po_he\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-17 18:35+0200\n" "Last-Translator: Omer Zak\n" "Language-Team: Hebrew \n" @@ -336,21 +336,38 @@ "make sure that GRUB is configured successfully to be able to boot any other " "OS installations correctly." msgstr "" -"כמה מערכות מבוססות EFI מכילות בגים ואינן מתמודדות נכונות עם מאתחלים חדשים. אם " -"הינך מאלץ התקנה נוספת של GRUB לנתיב מדיה EFI הניתן להסרה, הדבר אמור להבטיח " -"שהמערכת תאתחל נכון את Debian למרות בעיה כזו. עם זאת, הדבר עלול למנוע אתחול כל " -"מערכת הפעלה אחרת שתלויה גם כן בנתיב זה. אם זה המצב, תצטרך לוודא ש-GRUB הוגדר " -"בהצלחה כדי שתוכל לאתחל נכון כל מערכת הפעלה מותקנת אחרת." +"כמה מערכות מבוססות EFI מכילות בגים ואינן מתמודדות נכונות עם מאתחלים חדשים. " +"אם הינך מאלץ התקנה נוספת של GRUB לנתיב מדיה EFI הניתן להסרה, הדבר אמור " +"להבטיח שהמערכת תאתחל נכון את Debian למרות בעיה כזו. עם זאת, הדבר עלול למנוע " +"אתחול כל מערכת הפעלה אחרת שתלויה גם כן בנתיב זה. אם זה המצב, תצטרך לוודא ש-" +"GRUB הוגדר בהצלחה כדי שתוכל לאתחל נכון כל מערכת הפעלה מותקנת אחרת." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "שורת הפקודה של kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -362,13 +379,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "ברירת מחדל לשורת הפקודה של kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -378,13 +395,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "הקובץ ‎/boot/grub/device.map נוצר מחדש" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -396,7 +413,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -409,11 +426,10 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." msgstr "" "אם אינך מבין הודעה זו, או אם אין לך ברירות מותאמות אישית בתפריט האתחול, אזי " "ניתן להתעלם מהודעה זו." - diff -Nru grub2-2.02~beta2/debian/po/hr.po grub2-2.02~beta2/debian/po/hr.po --- grub2-2.02~beta2/debian/po/hr.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/hr.po 2020-08-24 08:54:59.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: grub2 1.97-2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2012-03-22 16:37+0100\n" "Last-Translator: Tomislav Krznar \n" "Language-Team: Hrvatski \n" @@ -350,15 +350,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD naredbeni redak:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -370,13 +387,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Pretpostavljeni kFreeBSD naredbeni redak:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -386,13 +403,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map je regeneriran" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -405,7 +422,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -419,7 +436,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/hu.po grub2-2.02~beta2/debian/po/hu.po --- grub2-2.02~beta2/debian/po/hu.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/hu.po 2020-08-24 08:54:59.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2013-05-18 15:44+0200\n" "Last-Translator: Dr. Nagy Elemér Károly \n" "Language-Team: Hungarian \n" @@ -352,15 +352,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD parancssor:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -372,13 +389,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Az alapértelmezett kFreeBSD parancssor:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -388,13 +405,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "A /boot/grub/device.map fájlt újraépítettem." #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -407,7 +424,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -421,7 +438,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/id.po grub2-2.02~beta2/debian/po/id.po --- grub2-2.02~beta2/debian/po/id.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/id.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2012-01-20 12:28+0700\n" "Last-Translator: Mahyuddin Susanto \n" "Language-Team: Debian Indonesian Translation Team \n" "Language-Team: Icelandic \n" @@ -358,15 +358,32 @@ "verður þú að ganga úr skugga um að GRUB sé sett upp á fullnægjandi máta til " "þess að geta ræst rétt öll önnur stýrikerfi." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD skipanalína:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -378,13 +395,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Sjálfgefin kFreeBSD skipanalína:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -394,13 +411,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map var endurskrifað" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -413,7 +430,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -427,7 +444,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/it.po grub2-2.02~beta2/debian/po/it.po --- grub2-2.02~beta2/debian/po/it.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/it.po 2020-08-24 08:54:59.000000000 +0000 @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: grub2 2.02~beta2-18 italian debconf templates\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-19 21:49+0100\n" "Last-Translator: Luca Monducci \n" "Language-Team: Italian \n" @@ -358,15 +358,32 @@ "occorre accertarsi che GRUB sia configurato in modo che possa avviare " "correttamente qualsiasi altro SO installato." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Riga di comando kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -379,13 +396,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Riga di comando kFreeBSD predefinita:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -395,13 +412,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map è stato rigenerato" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -414,7 +431,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -428,7 +445,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/ja.po grub2-2.02~beta2/debian/po/ja.po --- grub2-2.02~beta2/debian/po/ja.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/ja.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: grub2 1.99-5\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2016-03-03 09:57+0900\n" "Last-Translator: Takuma Yamada \n" "Language-Team: Japanese \n" @@ -357,15 +357,32 @@ "テムを起動する機能を削除することがあります。その場合は、ほかにインストールさ" "れた OS が正常に起動するよう GRUB を適切に設定する必要があります。" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD コマンドライン:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -377,13 +394,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD デフォルトコマンドライン:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -393,13 +410,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map が再生成されました" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -411,7 +428,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -425,7 +442,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/ka.po grub2-2.02~beta2/debian/po/ka.po --- grub2-2.02~beta2/debian/po/ka.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/ka.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2009-08-30 18:05+0400\n" "Last-Translator: Aiet Kolkhi \n" "Language-Team: Georgian \n" @@ -325,15 +325,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD ბრძანების სტრიქონი:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 #, fuzzy #| msgid "" #| "The following kFreeBSD command line was extracted from /etc/default/grub " @@ -350,13 +367,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD-ის სტანდარტული ბრძანების სტრიქონი:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -366,13 +383,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -381,7 +398,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -391,7 +408,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/kk.po grub2-2.02~beta2/debian/po/kk.po --- grub2-2.02~beta2/debian/po/kk.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/kk.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: master\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-14 20:02+0600\n" "Last-Translator: Baurzhan Muftakhidinov \n" "Language-Team: Kazakh \n" @@ -351,15 +351,32 @@ "мүмкін. Олай болса сізге GRUB барлық басқа ОЖ-ды жүктей алатындай етіп дұрыс " "бапталғанына көз жеткізу керек." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD командалық жолы:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -371,13 +388,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD бастапқы командалық жолы:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -387,13 +404,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map қайта құрылды" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -405,7 +422,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -418,7 +435,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/km.po grub2-2.02~beta2/debian/po/km.po --- grub2-2.02~beta2/debian/po/km.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/km.po 2020-08-24 08:54:59.000000000 +0000 @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: grub_debian_po\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2012-04-05 15:38+0700\n" "Last-Translator: Khoem Sokhem \n" "Language-Team: Khmer \n" @@ -336,15 +336,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "ពាក្យ​បញ្ជា kFreeBSD ៖" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -355,13 +372,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "ពាក្យ​បញ្ជា​លំនាំដើម​របស់ kFreeBSD ៖" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -371,13 +388,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map ត្រូវ​បាន​បង្កើត​ឡើង​វិញ" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -389,7 +406,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -402,7 +419,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/ko.po grub2-2.02~beta2/debian/po/ko.po --- grub2-2.02~beta2/debian/po/ko.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/ko.po 2020-08-24 08:54:59.000000000 +0000 @@ -4,7 +4,7 @@ msgstr "" "Project-Id-Version: grub_debian\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-04-23 04:55+0900\n" "Last-Translator: Changwoo Ryu \n" "Language-Team: Korean \n" @@ -338,15 +338,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD 명령어:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -358,13 +375,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD 기본 명령어:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -374,13 +391,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map 파일을 다시 만들었습니다" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -392,7 +409,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -405,7 +422,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/lt.po grub2-2.02~beta2/debian/po/lt.po --- grub2-2.02~beta2/debian/po/lt.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/lt.po 2020-08-24 08:54:59.000000000 +0000 @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-14 10:37+0300\n" "Last-Translator: Rimas Kudelis \n" "Language-Team: Lithuanian \n" @@ -359,15 +359,32 @@ "kad „GRUB“ paleidyklė sukonfigūruota tinkamai ir geba korektiškai paleisti " "šias operacines sistemas." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "„kFreeBSD“ komandos eilutė:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -380,13 +397,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Numatytoji „kFreeBSD“ komandos eilutė:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -396,13 +413,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "Failas „boot/grub/device.map“ pergeneruotas" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -414,7 +431,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -428,7 +445,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/lv.po grub2-2.02~beta2/debian/po/lv.po --- grub2-2.02~beta2/debian/po/lv.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/lv.po 2020-08-24 08:54:59.000000000 +0000 @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2015-02-10 21:14+0200\n" "Last-Translator: Rūdolfs Mazurs \n" "Language-Team: Latvian \n" @@ -355,15 +355,32 @@ "jāpārliecinās, ka GRUB ir veiksmīgi nokonfigurēts un varēs veiksmīgi ielādēt " "citas OS instalācijas." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD komandrinda:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -375,13 +392,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD noklusējuma komandrinda:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -391,13 +408,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map tika reģistrēts" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -410,7 +427,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -424,7 +441,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/mr.po grub2-2.02~beta2/debian/po/mr.po --- grub2-2.02~beta2/debian/po/mr.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/mr.po 2020-08-24 08:54:59.000000000 +0000 @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-24 20:56+0530\n" "Last-Translator: localuser \n" "Language-Team: C-DAC/Sampada\n" @@ -344,15 +344,32 @@ "होण्याची क्षमता काढून टाकली जाऊ शकते. असे असल्यास, अन्य एखादी प्रणाली योग्य रीतीने आरंभ " "होण्यासाठी ग्रब यशस्वीपणे संरचित केला गेला असल्याची खातरजमा तुम्ही करणे गरजेचे आहे." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "केफ्रीबीएसडी आदेश ओळ:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -364,13 +381,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "केफ्रीबीएसडी मूलनिर्धारीत आदेश ओळ:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -380,13 +397,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map पुनर्निर्मिला गेला आहे" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -398,7 +415,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -411,7 +428,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/nb.po grub2-2.02~beta2/debian/po/nb.po --- grub2-2.02~beta2/debian/po/nb.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/nb.po 2020-08-24 08:54:59.000000000 +0000 @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2012-03-12 02:14+0200\n" "Last-Translator: Hans Fredrik Nordhaug \n" "Language-Team: Norwegian Bokmål \n" @@ -352,15 +352,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Kommandolinje i kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -372,13 +389,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Standardkommandolinje i kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -388,13 +405,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map er regenerert" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -406,7 +423,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -420,7 +437,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/nl.po grub2-2.02~beta2/debian/po/nl.po --- grub2-2.02~beta2/debian/po/nl.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/nl.po 2020-08-24 08:54:59.000000000 +0000 @@ -9,7 +9,7 @@ msgstr "" "Project-Id-Version: grub2 1.99-14\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-18 16:14+0100\n" "Last-Translator: Frans Spiesschaert \n" "Language-Team: Debian Dutch l10n Team \n" @@ -371,15 +371,32 @@ "succesvol geconfigureerd wordt om eventueel andere geïnstalleerde " "besturingssystemen correct te kunnen opstarten." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD-commandoregel:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -392,13 +409,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Standaard kFreeBSD-commandoregel:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -408,13 +425,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map is opnieuw aangemaakt" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -427,7 +444,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -441,7 +458,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/pl.po grub2-2.02~beta2/debian/po/pl.po --- grub2-2.02~beta2/debian/po/pl.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/pl.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-14 10:28+0100\n" "Last-Translator: Łukasz Dulny \n" "Language-Team: Polish \n" @@ -359,22 +359,39 @@ "OS installations correctly." msgstr "" "Niektóre oparte na EFI systemy mają błędy i nie obsługują poprawnie nowych " -"programów rozruchowych. Jeśli wymusisz dodatkową instalację GRUB-a do ścieżki " -"nośników wymiennych EFI, powinno to zapewnić, że system załaduje Debiana " -"prawidłowo mimo tego problemu. Jednak może to także uniemożliwić ładowanie " -"innych systemów operacyjnych, które również zależą od tej ścieżki. W takiej " -"sytuacji będziesz musiał upewnić się, że GRUB jest skonfigurowany poprawnie i " -"będzie mógł ładować te systemy." +"programów rozruchowych. Jeśli wymusisz dodatkową instalację GRUB-a do " +"ścieżki nośników wymiennych EFI, powinno to zapewnić, że system załaduje " +"Debiana prawidłowo mimo tego problemu. Jednak może to także uniemożliwić " +"ładowanie innych systemów operacyjnych, które również zależą od tej ścieżki. " +"W takiej sytuacji będziesz musiał upewnić się, że GRUB jest skonfigurowany " +"poprawnie i będzie mógł ładować te systemy." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Wiersz poleceń do kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -387,13 +404,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Domyślny wiersz poleceń do kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -403,13 +420,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map został odtworzony" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -422,7 +439,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -436,11 +453,10 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." msgstr "" "Jeśli ta wiadomość jest niezrozumiała lub jeśli nie tworzono żadnych " "specjalnych wpisów menu, można ją zignorować." - diff -Nru grub2-2.02~beta2/debian/po/pt_BR.po grub2-2.02~beta2/debian/po/pt_BR.po --- grub2-2.02~beta2/debian/po/pt_BR.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/pt_BR.po 2020-08-24 08:54:59.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: grub2 2.02~beta2-18\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-21 21:37-0200\n" "Last-Translator: Adriano Rafael Gomes \n" "Language-Team: Brazilian Portuguese \n" "Language-Team: Portuguese \n" @@ -358,15 +358,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "linha de comandos kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -379,13 +396,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Linha de comandos padrão do kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -395,13 +412,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "O /boot/grub/device.map foi recriado" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -414,7 +431,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -429,7 +446,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/ro.po grub2-2.02~beta2/debian/po/ro.po --- grub2-2.02~beta2/debian/po/ro.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/ro.po 2020-08-24 08:54:59.000000000 +0000 @@ -11,7 +11,7 @@ msgstr "" "Project-Id-Version: ro\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-17 12:19+0200\n" "Last-Translator: Andrei POPESCU \n" "Language-Team: Romanian \n" @@ -364,15 +364,32 @@ "acest caz va trebui să vă asigurați că GRUB este configurat corect pentru a " "putea încărca și orice alte sisteme de operare." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Linia de comandă kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -385,13 +402,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Linia de comandă implicită kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -401,13 +418,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map a fost regenerat" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -420,7 +437,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -434,7 +451,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/ru.po grub2-2.02~beta2/debian/po/ru.po --- grub2-2.02~beta2/debian/po/ru.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/ru.po 2020-08-24 08:54:59.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: grub2 2.02~beta2-18\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-15 19:25+0300\n" "Last-Translator: Yuri Kozlov \n" "Language-Team: Russian \n" @@ -353,23 +353,39 @@ "make sure that GRUB is configured successfully to be able to boot any other " "OS installations correctly." msgstr "" -"Некоторые системы на основе EFI содержат ошибки и неправильно " -"работают с новыми системными загрузчиками. " -"Если выполнить принудительную установку GRUB в путь съёмных носителей EFI, " -"то на такой системе Debian будет запускаться несмотря на эту проблему. " -"Однако это может привести к отказу запуска всех остальных операционных " -"систем, которые также зависят от этого пути. " +"Некоторые системы на основе EFI содержат ошибки и неправильно работают с " +"новыми системными загрузчиками. Если выполнить принудительную установку GRUB " +"в путь съёмных носителей EFI, то на такой системе Debian будет запускаться " +"несмотря на эту проблему. Однако это может привести к отказу запуска всех " +"остальных операционных систем, которые также зависят от этого пути. " "Проверьте, что GRUB правильно настроен для загрузки любой другой ОС." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Командная строка kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -382,13 +398,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Командная строка kFreeBSD по умолчанию:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -398,13 +414,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "Пересоздан файл /boot/grub/device.map" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -417,7 +433,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -431,7 +447,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/si.po grub2-2.02~beta2/debian/po/si.po --- grub2-2.02~beta2/debian/po/si.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/si.po 2020-08-24 08:54:59.000000000 +0000 @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2011-09-29 08:35+0530\n" "Last-Translator: Danishka Navin \n" "Language-Team: Sinhala \n" @@ -334,15 +334,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD විධාන රේඛාව:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -354,13 +371,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD පෙරනිමි විධාන රේඛාව:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -370,13 +387,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map නැවත ජනනය වී ඇත" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -388,7 +405,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -401,7 +418,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/sk.po grub2-2.02~beta2/debian/po/sk.po --- grub2-2.02~beta2/debian/po/sk.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/sk.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: grub2 1.99-5\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2011-07-19 07:49+0200\n" "Last-Translator: Slavko \n" "Language-Team: Slovak \n" @@ -350,15 +350,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Príkazový riadok kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -370,13 +387,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Predvolený príkazový riadok kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -386,13 +403,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map bol aktualizovaný" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -404,7 +421,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -418,7 +435,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/sl.po grub2-2.02~beta2/debian/po/sl.po --- grub2-2.02~beta2/debian/po/sl.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/sl.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-19 11:58+0100\n" "Last-Translator: Vanja Cvelbar \n" "Language-Team: Slovenian \n" @@ -15,7 +15,8 @@ "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Plural-Forms: nplurals=4; plural=(n%100==1 ? 1 : n%100==2 ? 2 : n%100==3 || n%100==4 ? 3 : 0);\n" +"Plural-Forms: nplurals=4; plural=(n%100==1 ? 1 : n%100==2 ? 2 : n%100==3 || n" +"%100==4 ? 3 : 0);\n" "X-Poedit-Language: Slovenian\n" "X-Poedit-Country: SLOVENIA\n" "X-Poedit-SourceCharset: utf-8\n" @@ -35,65 +36,108 @@ #. Type: boolean #. Description #: ../grub-pc.templates.in:2001 -msgid "In order to replace the Legacy version of GRUB in your system, it is recommended that /boot/grub/menu.lst is adjusted to load a GRUB 2 boot image from your existing GRUB Legacy setup. This step can be automatically performed now." -msgstr "Da zamenjate različico GRUB Legacy na vašem sistemu vam priporočamo, da se /boot/grub/menu.lst spremeni tako, da verižno naloži GRUB 2 iz vaše obstoječe namestitve GRUB Legacy. To dejanje lahko zdaj izvedete samodejno." +msgid "" +"In order to replace the Legacy version of GRUB in your system, it is " +"recommended that /boot/grub/menu.lst is adjusted to load a GRUB 2 boot image " +"from your existing GRUB Legacy setup. This step can be automatically " +"performed now." +msgstr "" +"Da zamenjate različico GRUB Legacy na vašem sistemu vam priporočamo, da se /" +"boot/grub/menu.lst spremeni tako, da verižno naloži GRUB 2 iz vaše obstoječe " +"namestitve GRUB Legacy. To dejanje lahko zdaj izvedete samodejno." #. Type: boolean #. Description #: ../grub-pc.templates.in:2001 -msgid "It's recommended that you accept chainloading GRUB 2 from menu.lst, and verify that the new GRUB 2 setup works before it is written to the MBR (Master Boot Record)." -msgstr "Priporočamo vam, da sprejmete verižno nalaganje GRUB 2 iz datoteke menu.lst in preverite delovanje namestitve GRUB2 preden ga namestite na MBR (Master Boot Record)." +msgid "" +"It's recommended that you accept chainloading GRUB 2 from menu.lst, and " +"verify that the new GRUB 2 setup works before it is written to the MBR " +"(Master Boot Record)." +msgstr "" +"Priporočamo vam, da sprejmete verižno nalaganje GRUB 2 iz datoteke menu.lst " +"in preverite delovanje namestitve GRUB2 preden ga namestite na MBR (Master " +"Boot Record)." #. Type: boolean #. Description #: ../grub-pc.templates.in:2001 -msgid "Whatever your decision, you can replace the old MBR image with GRUB 2 later by issuing the following command as root:" -msgstr "Kakorkoli se odločite, stari MBR lahko kasneje vedno zamenjate z GRUB 2, če izvedete kot root sledeči ukaz:" +msgid "" +"Whatever your decision, you can replace the old MBR image with GRUB 2 later " +"by issuing the following command as root:" +msgstr "" +"Kakorkoli se odločite, stari MBR lahko kasneje vedno zamenjate z GRUB 2, če " +"izvedete kot root sledeči ukaz:" #. Type: multiselect #. Description #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 -#: ../grub-pc.templates.in:4001 +#: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 msgid "GRUB install devices:" msgstr "Namestitvene naprave za GRUB:" #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 -msgid "The grub-pc package is being upgraded. This menu allows you to select which devices you'd like grub-install to be automatically run for, if any." -msgstr "Nadgrajevanje paketa grub-pc. Ta meni vam omogoči izbiro naprav za katere želite samodejno zagnati grub-install." +msgid "" +"The grub-pc package is being upgraded. This menu allows you to select which " +"devices you'd like grub-install to be automatically run for, if any." +msgstr "" +"Nadgrajevanje paketa grub-pc. Ta meni vam omogoči izbiro naprav za katere " +"želite samodejno zagnati grub-install." #. Type: multiselect #. Description #: ../grub-pc.templates.in:3001 -msgid "Running grub-install automatically is recommended in most situations, to prevent the installed GRUB core image from getting out of sync with GRUB modules or grub.cfg." -msgstr "V večini primerov je priporočen samodejni zagon grub-install, da preprečite neskladja med jedrom GRUBa in moduli ali grub.cfg." +msgid "" +"Running grub-install automatically is recommended in most situations, to " +"prevent the installed GRUB core image from getting out of sync with GRUB " +"modules or grub.cfg." +msgstr "" +"V večini primerov je priporočen samodejni zagon grub-install, da preprečite " +"neskladja med jedrom GRUBa in moduli ali grub.cfg." #. Type: multiselect #. Description #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 -#: ../grub-pc.templates.in:4001 -msgid "If you're unsure which drive is designated as boot drive by your BIOS, it is often a good idea to install GRUB to all of them." -msgstr "V primeru, da niste prepričani kateri pogon je označuje vaš BIOS za zagonskega, je ponavadi dobro, da namestite GRUB kar na vse." +#: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +msgid "" +"If you're unsure which drive is designated as boot drive by your BIOS, it is " +"often a good idea to install GRUB to all of them." +msgstr "" +"V primeru, da niste prepričani kateri pogon je označuje vaš BIOS za " +"zagonskega, je ponavadi dobro, da namestite GRUB kar na vse." #. Type: multiselect #. Description #. Type: multiselect #. Description -#: ../grub-pc.templates.in:3001 -#: ../grub-pc.templates.in:4001 -msgid "Note: it is possible to install GRUB to partition boot records as well, and some appropriate partitions are offered here. However, this forces GRUB to use the blocklist mechanism, which makes it less reliable, and therefore is not recommended." -msgstr "Opomba: GRUB je mogoče namestiti tudi na zagonski zapis razdelka. Primerni razdelki so na tem spisku. To pa zahteva uporabo mehanizma blocklist, ki je manj zanesljiv in zato ni priporočen." +#: ../grub-pc.templates.in:3001 ../grub-pc.templates.in:4001 +msgid "" +"Note: it is possible to install GRUB to partition boot records as well, and " +"some appropriate partitions are offered here. However, this forces GRUB to " +"use the blocklist mechanism, which makes it less reliable, and therefore is " +"not recommended." +msgstr "" +"Opomba: GRUB je mogoče namestiti tudi na zagonski zapis razdelka. Primerni " +"razdelki so na tem spisku. To pa zahteva uporabo mehanizma blocklist, ki je " +"manj zanesljiv in zato ni priporočen." #. Type: multiselect #. Description #: ../grub-pc.templates.in:4001 -msgid "The GRUB boot loader was previously installed to a disk that is no longer present, or whose unique identifier has changed for some reason. It is important to make sure that the installed GRUB core image stays in sync with GRUB modules and grub.cfg. Please check again to make sure that GRUB is written to the appropriate boot devices." -msgstr "Zagonski nalagalnik GRUB je bil nameščen na disku, ki ni več prisoten ali se mu je spremenil enolični identifikator. Važno je, da so jedro GRUBa in moduli ter grub.cfg skladni. Preverite prosim, da je GRUB zapisan na pravilno zagonsko napravo." +msgid "" +"The GRUB boot loader was previously installed to a disk that is no longer " +"present, or whose unique identifier has changed for some reason. It is " +"important to make sure that the installed GRUB core image stays in sync with " +"GRUB modules and grub.cfg. Please check again to make sure that GRUB is " +"written to the appropriate boot devices." +msgstr "" +"Zagonski nalagalnik GRUB je bil nameščen na disku, ki ni več prisoten ali se " +"mu je spremenil enolični identifikator. Važno je, da so jedro GRUBa in " +"moduli ter grub.cfg skladni. Preverite prosim, da je GRUB zapisan na " +"pravilno zagonsko napravo." #. Type: text #. Description @@ -120,28 +164,38 @@ #. Description #. Type: boolean #. Description -#: ../grub-pc.templates.in:7001 -#: ../grub-pc.templates.in:8001 +#: ../grub-pc.templates.in:7001 ../grub-pc.templates.in:8001 msgid "GRUB failed to install to the following devices:" msgstr "Napaka pri nameščanju GRUBa na sledeče naprave:" #. Type: boolean #. Description #: ../grub-pc.templates.in:7001 -msgid "Do you want to continue anyway? If you do, your computer may not start up properly." -msgstr "Želite vseeno nadaljevati? V primeru, da boste nadaljevali se računalnik mogoče ne bo pravilno zagnal." +msgid "" +"Do you want to continue anyway? If you do, your computer may not start up " +"properly." +msgstr "" +"Želite vseeno nadaljevati? V primeru, da boste nadaljevali se računalnik " +"mogoče ne bo pravilno zagnal." #. Type: boolean #. Description #: ../grub-pc.templates.in:8001 msgid "Writing GRUB to boot device failed - try again?" -msgstr "Nameščanje GRUBa na zagonsko napravo ni uspelo. Želite še enkrat poskusiti?" +msgstr "" +"Nameščanje GRUBa na zagonsko napravo ni uspelo. Želite še enkrat poskusiti?" #. Type: boolean #. Description #: ../grub-pc.templates.in:8001 -msgid "You may be able to install GRUB to some other device, although you should check that your system will boot from that device. Otherwise, the upgrade from GRUB Legacy will be canceled." -msgstr "Mogoče lahko namestite GRUB na katero drugo napravo, preveriti pa morate, da se bo lahko vaš sistem zagnal iz te naprave. Drugače bo posodobitev iz zastarelega GRUB prekinjena ." +msgid "" +"You may be able to install GRUB to some other device, although you should " +"check that your system will boot from that device. Otherwise, the upgrade " +"from GRUB Legacy will be canceled." +msgstr "" +"Mogoče lahko namestite GRUB na katero drugo napravo, preveriti pa morate, da " +"se bo lahko vaš sistem zagnal iz te naprave. Drugače bo posodobitev iz " +"zastarelega GRUB prekinjena ." #. Type: boolean #. Description @@ -152,14 +206,32 @@ #. Type: boolean #. Description #: ../grub-pc.templates.in:9001 -msgid "You chose not to install GRUB to any devices. If you continue, the boot loader may not be properly configured, and when this computer next starts up it will use whatever was previously in the boot sector. If there is an earlier version of GRUB 2 in the boot sector, it may be unable to load modules or handle the current configuration file." -msgstr "Izbrali ste, da ne boste namestili GRUBa na nobeno napravo. V primeru, da nadaljujete zagonski nalagalnik ne bo pravilno nastavljen. Računalnik bo ob naslednjem zagonu uporabil karkoli je bilo prej nameščeno na zagonskem sektorju. V primeru, da se tam nahaja starejša različica GRUB 2 mogoče ta ne bo uspela naložiti modulov ali brati sedanje nastavitvene datoteke." +msgid "" +"You chose not to install GRUB to any devices. If you continue, the boot " +"loader may not be properly configured, and when this computer next starts up " +"it will use whatever was previously in the boot sector. If there is an " +"earlier version of GRUB 2 in the boot sector, it may be unable to load " +"modules or handle the current configuration file." +msgstr "" +"Izbrali ste, da ne boste namestili GRUBa na nobeno napravo. V primeru, da " +"nadaljujete zagonski nalagalnik ne bo pravilno nastavljen. Računalnik bo ob " +"naslednjem zagonu uporabil karkoli je bilo prej nameščeno na zagonskem " +"sektorju. V primeru, da se tam nahaja starejša različica GRUB 2 mogoče ta ne " +"bo uspela naložiti modulov ali brati sedanje nastavitvene datoteke." #. Type: boolean #. Description #: ../grub-pc.templates.in:9001 -msgid "If you are already using a different boot loader and want to carry on doing so, or if this is a special environment where you do not need a boot loader, then you should continue anyway. Otherwise, you should install GRUB somewhere." -msgstr "V primeru, da že uporabljate različen zagonski nalagalnik in želite s tem nadaljevati ali pa je to posebno zagonsko okolje kjer ne rabite zagonskega nalagalnika lahko vsekakor nadaljujete. V ostalih primerih bi morali nekam namestiti GRUB." +msgid "" +"If you are already using a different boot loader and want to carry on doing " +"so, or if this is a special environment where you do not need a boot loader, " +"then you should continue anyway. Otherwise, you should install GRUB " +"somewhere." +msgstr "" +"V primeru, da že uporabljate različen zagonski nalagalnik in želite s tem " +"nadaljevati ali pa je to posebno zagonsko okolje kjer ne rabite zagonskega " +"nalagalnika lahko vsekakor nadaljujete. V ostalih primerih bi morali nekam " +"namestiti GRUB." #. Type: boolean #. Description @@ -171,13 +243,17 @@ #. Description #: ../grub-pc.templates.in:10001 msgid "Do you want to have all GRUB 2 files removed from /boot/grub?" -msgstr "Želite odstraniti iz /boot/grub vse datoteke, ki se nanašajo na GRUB 2?" +msgstr "" +"Želite odstraniti iz /boot/grub vse datoteke, ki se nanašajo na GRUB 2?" #. Type: boolean #. Description #: ../grub-pc.templates.in:10001 -msgid "This will make the system unbootable unless another boot loader is installed." -msgstr "Zaradi tega se sistem ne bo mogel zagnati, razen, če uporabite drugi zagonski nalagalnik." +msgid "" +"This will make the system unbootable unless another boot loader is installed." +msgstr "" +"Zaradi tega se sistem ne bo mogel zagnati, razen, če uporabite drugi " +"zagonski nalagalnik." #. Type: boolean #. Description @@ -188,20 +264,39 @@ #. Type: boolean #. Description #: ../grub-pc.templates.in:11001 -msgid "This system still has files from the GRUB Legacy boot loader installed, but it now also has GRUB 2 boot records installed on these disks:" -msgstr "Na tem sistemu so še nameščene datoteke iz zastarelega GRUBa, a zdaj je nameščen tudi zagonski zapis GRUB 2 na sledečih diskih:" +msgid "" +"This system still has files from the GRUB Legacy boot loader installed, but " +"it now also has GRUB 2 boot records installed on these disks:" +msgstr "" +"Na tem sistemu so še nameščene datoteke iz zastarelega GRUBa, a zdaj je " +"nameščen tudi zagonski zapis GRUB 2 na sledečih diskih:" #. Type: boolean #. Description #: ../grub-pc.templates.in:11001 -msgid "It seems likely that GRUB Legacy is no longer in use, and that you should instead upgrade the GRUB 2 images on these disks and finish the conversion to GRUB 2 by removing old GRUB Legacy files. If you do not upgrade these GRUB 2 images, then they may be incompatible with the new packages and cause your system to stop booting properly." -msgstr "Zdi se verjetno, da zastareli GRUB ni več v uporabi in da bi morali namesto tega nadgraditi te diske na GRUB 2 ter dokončati pretvorbo v GRUB 2 z odstranitvijo datotek za zastareli GRUB. V primeru, da ne boste izvedli nadgradnje na GRUB 2 lahko pride do nezdružljivosti z novimi paketi in težav pri zagonu." +msgid "" +"It seems likely that GRUB Legacy is no longer in use, and that you should " +"instead upgrade the GRUB 2 images on these disks and finish the conversion " +"to GRUB 2 by removing old GRUB Legacy files. If you do not upgrade these " +"GRUB 2 images, then they may be incompatible with the new packages and cause " +"your system to stop booting properly." +msgstr "" +"Zdi se verjetno, da zastareli GRUB ni več v uporabi in da bi morali namesto " +"tega nadgraditi te diske na GRUB 2 ter dokončati pretvorbo v GRUB 2 z " +"odstranitvijo datotek za zastareli GRUB. V primeru, da ne boste izvedli " +"nadgradnje na GRUB 2 lahko pride do nezdružljivosti z novimi paketi in težav " +"pri zagonu." #. Type: boolean #. Description #: ../grub-pc.templates.in:11001 -msgid "You should generally finish the conversion to GRUB 2 unless these boot records were created by a GRUB 2 installation on some other operating system." -msgstr "Običajno bi morali dokončati pretvorbo v GRUB 2 razen, če so bili ti zagonski zapisi ustvarjeni pri nameščanju GRUB 2 na drugem operacijskem sistemu." +msgid "" +"You should generally finish the conversion to GRUB 2 unless these boot " +"records were created by a GRUB 2 installation on some other operating system." +msgstr "" +"Običajno bi morali dokončati pretvorbo v GRUB 2 razen, če so bili ti " +"zagonski zapisi ustvarjeni pri nameščanju GRUB 2 na drugem operacijskem " +"sistemu." #. Type: string #. Description @@ -212,8 +307,14 @@ #. Type: string #. Description #: ../templates.in:1001 -msgid "The following Linux command line was extracted from /etc/default/grub or the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is correct, and modify it if necessary. The command line is allowed to be empty." -msgstr "Sledeči ukaz za Linux je vzet iz datoteke /etc/default/grub ali iz parametra `kopt' v datoteki menu.lst sistema GRUB Legacy. Preverite prosim, da je točen in ga po potrebi popravite. Ukazna vrstica je lahko tudi prazna." +msgid "" +"The following Linux command line was extracted from /etc/default/grub or the " +"`kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " +"correct, and modify it if necessary. The command line is allowed to be empty." +msgstr "" +"Sledeči ukaz za Linux je vzet iz datoteke /etc/default/grub ali iz parametra " +"`kopt' v datoteki menu.lst sistema GRUB Legacy. Preverite prosim, da je " +"točen in ga po potrebi popravite. Ukazna vrstica je lahko tudi prazna." #. Type: string #. Description @@ -224,8 +325,12 @@ #. Type: string #. Description #: ../templates.in:2001 -msgid "The following string will be used as Linux parameters for the default menu entry but not for the recovery mode." -msgstr "Sledeča vrstica bo uporabljena kot parameter Linuxa za privzeti vnos v meniju, ne pa za reševalni način." +msgid "" +"The following string will be used as Linux parameters for the default menu " +"entry but not for the recovery mode." +msgstr "" +"Sledeča vrstica bo uporabljena kot parameter Linuxa za privzeti vnos v " +"meniju, ne pa za reševalni način." #. Type: boolean #. Description @@ -236,56 +341,117 @@ #. Type: boolean #. Description #: ../templates.in:3001 -msgid "Some EFI-based systems are buggy and do not handle new bootloaders correctly. If you force an extra installation of GRUB to the EFI removable media path, this should ensure that this system will boot Debian correctly despite such a problem. However, it may remove the ability to boot any other operating systems that also depend on this path. If so, you will need to make sure that GRUB is configured successfully to be able to boot any other OS installations correctly." -msgstr "Nekateri sistemi na osnovi EFI imajo napake in ne morejo pravilno uporabljati novih zagonskih nalagalnikov. Če prisilno dodatno namestite GRUB v pot EFI na odstranljivem mediju, bi to moralo zadostovati, da bo, kljub tem težavam, lahko sistem zagnal Debian. Zaradi tega pa mogoče ne boste mogli več zagnati drugih operacijskih sistemov, ki so odvisni od te poti. V takem primeru morate preveriti, da je GRUB pravilno nastavljen in boste lahko zagnali tudi druge operacijske sisteme." +msgid "" +"Some EFI-based systems are buggy and do not handle new bootloaders " +"correctly. If you force an extra installation of GRUB to the EFI removable " +"media path, this should ensure that this system will boot Debian correctly " +"despite such a problem. However, it may remove the ability to boot any other " +"operating systems that also depend on this path. If so, you will need to " +"make sure that GRUB is configured successfully to be able to boot any other " +"OS installations correctly." +msgstr "" +"Nekateri sistemi na osnovi EFI imajo napake in ne morejo pravilno " +"uporabljati novih zagonskih nalagalnikov. Če prisilno dodatno namestite GRUB " +"v pot EFI na odstranljivem mediju, bi to moralo zadostovati, da bo, kljub " +"tem težavam, lahko sistem zagnal Debian. Zaradi tega pa mogoče ne boste " +"mogli več zagnati drugih operacijskih sistemov, ki so odvisni od te poti. V " +"takem primeru morate preveriti, da je GRUB pravilno nastavljen in boste " +"lahko zagnali tudi druge operacijske sisteme." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Ukazna vrstica kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 -msgid "The following kFreeBSD command line was extracted from /etc/default/grub or the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is correct, and modify it if necessary. The command line is allowed to be empty." -msgstr "Sledeči ukaz za kFreeBSD je vzet iz datoteke /etc/default/grub ali iz parametra `kopt' v datoteki menu.lst sistema GRUB Legacy. Preverite prosim, da je točen in ga po potrebi popravite. Ukazna vrstica je lahko tudi prazna." +#: ../templates.in:5001 +msgid "" +"The following kFreeBSD command line was extracted from /etc/default/grub or " +"the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " +"correct, and modify it if necessary. The command line is allowed to be empty." +msgstr "" +"Sledeči ukaz za kFreeBSD je vzet iz datoteke /etc/default/grub ali iz " +"parametra `kopt' v datoteki menu.lst sistema GRUB Legacy. Preverite " +"prosim, da je točen in ga po potrebi popravite. Ukazna vrstica je lahko tudi " +"prazna." #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Privzeta ukazna vrstica kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 -msgid "The following string will be used as kFreeBSD parameters for the default menu entry but not for the recovery mode." -msgstr "Sledeča vrstica bo uporabljena kot parameter kFreeBSD za privzeti vnos v meniju, ne pa za reševalni način." +#: ../templates.in:6001 +msgid "" +"The following string will be used as kFreeBSD parameters for the default " +"menu entry but not for the recovery mode." +msgstr "" +"Sledeča vrstica bo uporabljena kot parameter kFreeBSD za privzeti vnos v " +"meniju, ne pa za reševalni način." #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "ustvarjena je bila datoteka /boot/grub/device.map" #. Type: note #. Description -#: ../templates.in:6001 -msgid "The file /boot/grub/device.map has been rewritten to use stable device names. In most cases, this should significantly reduce the need to change it in future, and boot menu entries generated by GRUB should not be affected." -msgstr "Datoteka /boot/grub/device.map je bila prepisana s stabilnimi imeni naprav. V večini primerov bo to v prihodnosti močno zmanjšalo potrebo po njenih spremembah. Na vnose v zagonskem meniju, ki jih ustvari GRUB to ne bi smelo imeti učinka." +#: ../templates.in:7001 +msgid "" +"The file /boot/grub/device.map has been rewritten to use stable device " +"names. In most cases, this should significantly reduce the need to change it " +"in future, and boot menu entries generated by GRUB should not be affected." +msgstr "" +"Datoteka /boot/grub/device.map je bila prepisana s stabilnimi imeni naprav. " +"V večini primerov bo to v prihodnosti močno zmanjšalo potrebo po njenih " +"spremembah. Na vnose v zagonskem meniju, ki jih ustvari GRUB to ne bi smelo " +"imeti učinka." #. Type: note #. Description -#: ../templates.in:6001 -msgid "However, since more than one disk is present in the system, it is possible that the system is depending on the old device map. Please check whether there are any custom boot menu entries that rely on GRUB's (hdN) drive numbering, and update them if necessary." -msgstr "Ker imate več kot en disk na vašem sistemu je možno, da ste bili odvisni od starega spiska naprav. Preverite prosim ali imate kakšen vnos po meri v zagonskem meniju, ki se naslanja na poimenovanje diskov (hdN) v GRUBu in ga posodobite, če je to potrebno." +#: ../templates.in:7001 +msgid "" +"However, since more than one disk is present in the system, it is possible " +"that the system is depending on the old device map. Please check whether " +"there are any custom boot menu entries that rely on GRUB's (hdN) drive " +"numbering, and update them if necessary." +msgstr "" +"Ker imate več kot en disk na vašem sistemu je možno, da ste bili odvisni od " +"starega spiska naprav. Preverite prosim ali imate kakšen vnos po meri v " +"zagonskem meniju, ki se naslanja na poimenovanje diskov (hdN) v GRUBu in ga " +"posodobite, če je to potrebno." #. Type: note #. Description -#: ../templates.in:6001 -msgid "If you do not understand this message, or if there are no custom boot menu entries, you can ignore this message." -msgstr "V primeru, da tega sporočila ne razumete ali nimate nobenih vnosov po meri v zagonskem meniju se za to sporočilo ne menite." +#: ../templates.in:7001 +msgid "" +"If you do not understand this message, or if there are no custom boot menu " +"entries, you can ignore this message." +msgstr "" +"V primeru, da tega sporočila ne razumete ali nimate nobenih vnosov po meri " +"v zagonskem meniju se za to sporočilo ne menite." #~ msgid "" #~ "In either case, whenever you want GRUB 2 to be loaded directly from MBR, " diff -Nru grub2-2.02~beta2/debian/po/sv.po grub2-2.02~beta2/debian/po/sv.po --- grub2-2.02~beta2/debian/po/sv.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/sv.po 2020-08-24 08:54:59.000000000 +0000 @@ -10,7 +10,7 @@ msgstr "" "Project-Id-Version: grub2_sv\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-15 16:53+0100\n" "Last-Translator: Martin Bagge / brother \n" "Language-Team: Swedish \n" @@ -354,22 +354,39 @@ "OS installations correctly." msgstr "" "Vissa EFI-baserade system beter sig felaktigt och kan inte hantera nyare " -"uppstartshanterare korrekt. Om Grub-installationen forceras in i en " -"flyttbar EFI-enhet så ska detta säkerställa att systemet kommer att starta " -"Debian korrekt oavsett sådana problem. Å andra sidan kan detta innebära att " -"andra operativsystem inte kan startas eftersom de är beroende av den " -"sökvägen. Om detta är fallet behöver du säkerställa att Grub ställts in " -"komplett för att kunna starta andra operativsystem korrekt." +"uppstartshanterare korrekt. Om Grub-installationen forceras in i en flyttbar " +"EFI-enhet så ska detta säkerställa att systemet kommer att starta Debian " +"korrekt oavsett sådana problem. Å andra sidan kan detta innebära att andra " +"operativsystem inte kan startas eftersom de är beroende av den sökvägen. Om " +"detta är fallet behöver du säkerställa att Grub ställts in komplett för att " +"kunna starta andra operativsystem korrekt." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Kommandorad för kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -381,13 +398,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Standardkommandorad för kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -397,13 +414,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map har skapats på nytt" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -416,7 +433,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -430,7 +447,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/ta.po grub2-2.02~beta2/debian/po/ta.po --- grub2-2.02~beta2/debian/po/ta.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/ta.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: ta\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2012-02-16 10:15+0530\n" "Last-Translator: Dr.T.Vasudevan \n" "Language-Team: Tamil \n" @@ -342,15 +342,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "கேப்ரீபிஎஸ்டி கட்டளை வரி:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -362,13 +379,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "கேப்ரீபிஎஸ்டி முன்னிருப்பு கட்டளை வரி:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -378,13 +395,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map மறு உருவாக்கப்பட்டது" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -396,7 +413,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -410,7 +427,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/templates.pot grub2-2.02~beta2/debian/po/templates.pot --- grub2-2.02~beta2/debian/po/templates.pot 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/templates.pot 2020-08-24 08:54:59.000000000 +0000 @@ -1,6 +1,6 @@ # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER -# This file is distributed under the same license as the PACKAGE package. +# This file is distributed under the same license as the grub2 package. # FIRST AUTHOR , YEAR. # #, fuzzy @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -293,15 +293,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -310,13 +327,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -324,13 +341,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -339,7 +356,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -349,7 +366,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/th.po grub2-2.02~beta2/debian/po/th.po --- grub2-2.02~beta2/debian/po/th.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/th.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: grub\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-15 12:54+0700\n" "Last-Translator: Theppitak Karoonboonyanan \n" "Language-Team: Thai \n" @@ -339,15 +339,32 @@ "คุณจะต้องตรวจสอบให้แน่ใจว่าได้ตั้งค่า GRUB " "ได้สำเร็จเพื่อให้สามารถบูตระบบปฏิบัติการอื่นได้อย่างถูกต้องด้วย" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "พารามิเตอร์สำหรับบูต kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -359,13 +376,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "พารามิเตอร์สำหรับบูต kFreeBSD แบบปกติ:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -373,13 +390,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "สร้าง /boot/grub/device.map ใหม่เรียบร้อยแล้ว" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -391,7 +408,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -404,7 +421,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/tr.po grub2-2.02~beta2/debian/po/tr.po --- grub2-2.02~beta2/debian/po/tr.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/tr.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: debian-installer\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-21 21:54+0200\n" "Last-Translator: Mert Dirik \n" "Language-Team: Debian L10n Turkish \n" @@ -363,15 +363,32 @@ "de düzgün bir biçimde başlatabilecek şekilde başarı ile yapılandırıldığından " "emin olmalısınız." -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD komut satırı:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -383,13 +400,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Öntanımlı kFreeBSD komut satırı:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -399,13 +416,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map dosyası yeniden oluşturuldu" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -418,7 +435,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -432,7 +449,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/ug.po grub2-2.02~beta2/debian/po/ug.po --- grub2-2.02~beta2/debian/po/ug.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/ug.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: grub_debian\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2012-01-20 11:29+0600\n" "Last-Translator: Sahran \n" "Language-Team: Uyghur Computer Science Association \n" @@ -352,15 +352,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD بۇيرۇق قۇرى:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -372,13 +389,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD كۆڭۈلدىكى بۇيرۇق قۇرى:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -388,13 +405,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map ھاسىل قىلىندى" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -406,7 +423,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -420,7 +437,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/uk.po grub2-2.02~beta2/debian/po/uk.po --- grub2-2.02~beta2/debian/po/uk.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/uk.po 2020-08-24 08:54:59.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2010-12-09 23:57+0200\n" "Last-Translator: Yatsenko Alexandr \n" "Language-Team: Ukrainian \n" @@ -351,15 +351,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Рядок параметрів ядра kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -372,13 +389,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Типовий рядок параметрів ядра kFreeBSD:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -388,13 +405,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map було створено наново" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -406,7 +423,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -420,7 +437,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/vi.po grub2-2.02~beta2/debian/po/vi.po --- grub2-2.02~beta2/debian/po/vi.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/vi.po 2020-08-24 08:54:59.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2012-04-23 20:48+0700\n" "Last-Translator: Hai Lang \n" "Language-Team: Vietnamese \n" @@ -350,15 +350,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "Dòng lệnh kFreeBSD:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -370,13 +387,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "Dòng lệnh kFreeBSD mặc định:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -386,13 +403,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "Tập tin /boot/grub/device.map đã được tạo lại." #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -405,7 +422,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -419,7 +436,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/zh_CN.po grub2-2.02~beta2/debian/po/zh_CN.po --- grub2-2.02~beta2/debian/po/zh_CN.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/zh_CN.po 2020-08-24 08:54:59.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: grub2-po-debconf master\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2011-05-28 17:29+0800\n" "Last-Translator: YunQiang Su \n" "Language-Team: Chinese (simplified) \n" @@ -327,15 +327,32 @@ "OS installations correctly." msgstr "" -#. Type: string +#. Type: boolean +#. Description +#: ../templates.in:4001 +msgid "Update NVRAM variables to automatically boot into Debian?" +msgstr "" + +#. Type: boolean #. Description #: ../templates.in:4001 +msgid "" +"GRUB can configure your platform's NVRAM variables so that it boots into " +"Debian automatically when powered on. However, you may prefer to disable " +"this behavior and avoid changes to your boot configuration. For example, if " +"your NVRAM variables have been setup such that your system contacts a PXE " +"server on every boot, this would preserve that behavior." +msgstr "" + +#. Type: string +#. Description +#: ../templates.in:5001 msgid "kFreeBSD command line:" msgstr "kFreeBSD 参数:" #. Type: string #. Description -#: ../templates.in:4001 +#: ../templates.in:5001 msgid "" "The following kFreeBSD command line was extracted from /etc/default/grub or " "the `kopt' parameter in GRUB Legacy's menu.lst. Please verify that it is " @@ -347,13 +364,13 @@ #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "kFreeBSD default command line:" msgstr "kFreeBSD 默认命令行:" #. Type: string #. Description -#: ../templates.in:5001 +#: ../templates.in:6001 msgid "" "The following string will be used as kFreeBSD parameters for the default " "menu entry but not for the recovery mode." @@ -361,13 +378,13 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "/boot/grub/device.map has been regenerated" msgstr "/boot/grub/device.map 已经生成" #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "The file /boot/grub/device.map has been rewritten to use stable device " "names. In most cases, this should significantly reduce the need to change it " @@ -378,7 +395,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "However, since more than one disk is present in the system, it is possible " "that the system is depending on the old device map. Please check whether " @@ -390,7 +407,7 @@ #. Type: note #. Description -#: ../templates.in:6001 +#: ../templates.in:7001 msgid "" "If you do not understand this message, or if there are no custom boot menu " "entries, you can ignore this message." diff -Nru grub2-2.02~beta2/debian/po/zh_TW.po grub2-2.02~beta2/debian/po/zh_TW.po --- grub2-2.02~beta2/debian/po/zh_TW.po 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/po/zh_TW.po 2020-08-24 08:54:59.000000000 +0000 @@ -5,7 +5,7 @@ msgstr "" "Project-Id-Version: grub2\n" "Report-Msgid-Bugs-To: grub2@packages.debian.org\n" -"POT-Creation-Date: 2014-12-13 20:23+0000\n" +"POT-Creation-Date: 2017-09-14 16:15-0600\n" "PO-Revision-Date: 2014-12-17 17:08-0800\n" "Last-Translator: Vincent Chen \n" "Language-Team: Debian-user in Chinese [Big5] /dev/null 2>&1 && systemd-detect-virt --quiet --container } +no_nvram_arg() { + db_get grub2/update_nvram + if [ "$RET" = false ]; then + echo "--no-nvram" + fi +} + run_grub_install() { if ! grub-install $@ ; then @@ -307,97 +314,6 @@ fi } -setup_mok_validation() -{ - local sb_enabled moksb moksbstatert - local efivars secureboot_var moksb_var moksbstatert_var - efivars=/sys/firmware/efi/efivars - secureboot_var=SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c - moksb_var=MokSB-605dab50-e046-4300-abb6-3dd810dd8b23 - moksbstatert_var=MokSBStateRT-605dab50-e046-4300-abb6-3dd810dd8b23 - - # nothing to do if there is no dkms package installed. - if ! dpkg -l dkms | grep -qc ii; then - return - fi - - if [ -d $efivars ] && [ -f $efivars/$secureboot_var ]; then - sb_enabled=$(od -An -t u1 $efivars/$secureboot_var | awk '{ print $NF; }') - moksb=0 - moksbstatert=0 - if [ -f $efivars/$moksb_var ]; then - # if MokSB exists we've likely already run mokutil since last boot - moksb=1 - fi - if [ -f $efivars/$moksbstatert_var ]; then - # MokSBStateRT set to 1 means validation is disabled - moksbstatert=$(od -An -t u1 $efivars/$moksbstatert_var | \ - awk '{ print $NF; }') - fi - if [ $sb_enabled -eq 1 ]; then - if [ $moksb -eq 0 ] && [ $moksbstatert -eq 0 ]; then - db_capb backup - STATE=1 - db_settitle dkms/title/secureboot - while true; do - case "$STATE" in - 1) - # Allow the user to skip disabling Secure Boot. - db_input high dkms/disable_secureboot || true - ;; - 2) - db_get dkms/disable_secureboot - if [ "$RET" = "false" ]; then - break - fi - - db_input high dkms/secureboot_key || true - db_input high dkms/secureboot_key_again || true - ;; - 3) - db_get dkms/secureboot_key - key="$RET" - db_get dkms/secureboot_key_again - again="$RET" - - if [ "$key" != "$again" ]; then - db_fset dkms/error/secureboot_key_mismatch seen false - db_input critical dkms/error/secureboot_key_mismatch - STATE=$(($STATE - 2)) - else - length=`echo "$key" | wc -c` - if [ $length -lt 8 ] || [ $length -gt 16 ]; then - db_fset dkms/error/bad_secureboot_key seen false - db_input critical dkms/error/bad_secureboot_key - STATE=$(($STATE - 2)) - elif [ $length -ne 0 ]; then - printf '%s\n%s\n' "$RET" "$RET" | mokutil --disable-validation >/dev/null || true - fi - fi - - # Always clear secureboot key. - db_set dkms/secureboot_key '' - db_fset dkms/secureboot_key seen false - db_set dkms/secureboot_key_again '' - db_fset dkms/secureboot_key_again seen false - ;; - *) - break - ;; - esac; - - if db_go; then - STATE=$(($STATE + 1)) - else - STATE=$(($STATE - 1)) - fi - done - db_capb - fi - fi - fi -} - case "$1" in configure) . /usr/share/debconf/confmodule @@ -464,6 +380,15 @@ sed -i -e 's/^GRUB_HIDDEN_TIMEOUT=/#&/' "$tmp_default_grub" fi ;; + grub-ieee1275) + if grep ^platform /proc/cpuinfo | grep -q PowerNV; then + cat <<-EOF >>"$tmp_default_grub" + + # Disable os-prober for ppc64el on the PowerNV platform (for Petitboot) + GRUB_DISABLE_OS_PROBER=true + EOF + fi + ;; esac ucf --three-way --debconf-ok --sum-file=/usr/share/grub/default/grub.md5sum ${tmp_default_grub} /etc/default/grub @@ -550,6 +475,10 @@ elif running_in_container; then # Skip grub-install in containers. : + elif dpkg --compare-versions "$2" ge 2.02~beta2-36ubuntu3; then + # Avoid the possibility of breaking grub on SRU update + # due to ABI change + : elif test -z "$2" || test -e /boot/grub/core.img || \ test -e /boot/grub/@FIRST_CPU_PLATFORM@/core.img || \ test "$UPGRADE_FROM_GRUB_LEGACY" || test "$wubi_device"; then @@ -777,6 +706,13 @@ case $bootloader_id in kubuntu) bootloader_id=ubuntu ;; esac + + if dpkg --compare-versions "$2" lt-nl 2.02~beta2-36ubuntu3.10; then + if [ -e "/boot/efi/EFI/${bootloader_id}/fbx64.efi" ]; then + rm -f "/boot/efi/EFI/${bootloader_id}/fbx64.efi"; + fi + fi + if [ "$bootloader_id" ] && [ -d "/boot/efi/EFI/$bootloader_id" ]; then case @PACKAGE@ in grub-efi-ia32) target=i386-efi ;; @@ -789,7 +725,8 @@ if [ "$RET" = true ]; then FORCE_EXTRA_REMOVABLE="--force-extra-removable" fi - run_grub_install --target="$target" "$FORCE_EXTRA_REMOVABLE" + NO_NVRAM="$(no_nvram_arg)" + run_grub_install --target="$target" "$FORCE_EXTRA_REMOVABLE" "$NO_NVRAM" fi # /boot/grub/ has more chances of being accessible by GRUB @@ -800,7 +737,9 @@ fi done - setup_mok_validation + if type update-secureboot-policy >/dev/null 2>&1; then + update-secureboot-policy || true + fi ;; grub-ieee1275) @@ -809,7 +748,8 @@ # Output may be empty; if so, just update the core image but # don't install it to any PReP partition. prep_bootdev="$(/usr/lib/grub/powerpc-ieee1275/prep-bootdev)" - run_grub_install --target=powerpc-ieee1275 $prep_bootdev + NO_NVRAM="$(no_nvram_arg)" + run_grub_install --target=powerpc-ieee1275 $prep_bootdev "$NO_NVRAM" ;; esac ;; diff -Nru grub2-2.02~beta2/debian/rules grub2-2.02~beta2/debian/rules --- grub2-2.02~beta2/debian/rules 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/rules 2021-02-24 19:59:33.000000000 +0000 @@ -99,7 +99,9 @@ endif SB_PACKAGE := +ONLY_BUILD := ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes)) +ONLY_BUILD := -Ngrub-efi-amd64 -Ngrub-efi-amd64-bin -Ngrub-efi-amd64-dbg -Ngrub-efi-arm64 -Ngrub-efi-arm64-bin -Ngrub-efi-arm64-dbg ifeq ($(DEB_HOST_ARCH),amd64) SB_PACKAGE := grub-efi-amd64 SB_PLATFORM := x86_64-efi @@ -476,12 +478,12 @@ endif override_dh_gencontrol: - dh_gencontrol -- -Vlegacy-doc-br="$(LEGACY_DOC_BR)" $(substvars) + dh_gencontrol $(ONLY_BUILD) -- -Vlegacy-doc-br="$(LEGACY_DOC_BR)" $(substvars) TARNAME := grub2_$(deb_version)_$(DEB_HOST_ARCH).tar.gz override_dh_builddeb: - dh_builddeb -- -Zxz + dh_builddeb $(ONLY_BUILD) -- -Zxz ifneq (,$(SB_PACKAGE)) debian/build-efi-images \ obj/grub-$(COMMON_PLATFORM)/grub-mkimage \ @@ -491,7 +493,8 @@ echo $(deb_version) \ > debian/grub2-images/$(deb_version)/version cd debian/grub2-images && tar czvf ../../../$(TARNAME) . - dpkg-distaddfile $(TARNAME) raw-uefi - + # Disable submitting obsolete grub2 for signing + #dpkg-distaddfile $(TARNAME) raw-uefi - endif override_dh_auto_clean: diff -Nru grub2-2.02~beta2/debian/templates.in grub2-2.02~beta2/debian/templates.in --- grub2-2.02~beta2/debian/templates.in 2016-03-15 18:08:17.000000000 +0000 +++ grub2-2.02~beta2/debian/templates.in 2020-08-24 08:54:59.000000000 +0000 @@ -24,6 +24,16 @@ GRUB is configured successfully to be able to boot any other OS installations correctly. +Template: grub2/update_nvram +Type: boolean +Default: true +_Description: Update NVRAM variables to automatically boot into Debian? + GRUB can configure your platform's NVRAM variables so that it boots into + Debian automatically when powered on. However, you may prefer to disable + this behavior and avoid changes to your boot configuration. For example, + if your NVRAM variables have been setup such that your system contacts a + PXE server on every boot, this would preserve that behavior. + # still unused Template: grub2/kfreebsd_cmdline Type: string