This file was not added to EXTRA_DIST during test creation.
Fixes: 51ebc6f67 (tests: Add functional tests for ecb/cbc helpers)
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Srish Srinivasan <ssrish@linux.ibm.com>
Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Add the tpm2key.asn file to the dist archive for reference by end users.
Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Include the two new zstd test support files in the dist archive
so end users can successfully run this test.
Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Include the MAINTAINERS and SECURITY files in the dist archive
for reference in distributed archives by end users.
Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This file was not added to EXTRA_DIST during the appended signatures merge.
Fixes: 3e4ff6ffb (appended signatures: Parse ASN1 node)
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Alec Brown <alec.r.brown@oracle.com>
Enable hardware acceleration for the gcry_sha512 module when building
for the x86_64 EFI target.
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Enable hardware acceleration for the gcry_sha256 module when building
for the x86_64 EFI target.
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
There is no prototype of _gcry_sha256_transform_intel_shaext() defined
in the header or libgcrypt-grub/cipher/sha256.c, and gcc may complain
the missing-prototypes error when compiling sha256-intel-shaext.c.
Declare the prototype in sha256-intel-shaext.c to avoid the error.
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Implement _gcry_get_hw_features() and enable hardware feature detection
for x86_64.
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
To enable hardware acceleration, this commit ports the feature detection
logic from libgcrypt. This allows us to check if the compiler supports
specific assembly instructions, including SSSE3, Intel SHA extensions,
SSE4.1, AVX, AVX2, AVX512, and BMI2.
To simplify the initial implementation, support for x86_64 feature
detection is currently limited to the x86_64 EFI target.
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Use grub_divmod64() for the 64-bit modulus to prevent creation of
special division calls such as __umoddi3() and __aeabi_uldivmod() on
32-bit platforms.
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
gpg_err_code_from_errno() requires libgcrypt_wrap/mem.c which is not in
Makefile.utilgcry.def. This commit replaces gpg_err_code_from_errno()
with GPG_ERR_* to avoid the build errors.
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The hash_buffers() functions are disabled in GRUB by default but the
Argon2 implementation requires hash_buffers() for BLAKE2b-512.
This commit implements argon2_blake2b_512_hash_buffers() as the
replacement of _gcry_digest_spec_blake2b_512.hash_buffers().
Signed-off-by: Gary Lin <glin@suse.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Add test ISO files to dist package to allow ISO test to pass.
Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
These files were not added to EXTRA_DISTS during the libgcrypt
and libtasn1 imports but are required for autogen.sh to work.
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This new file was not added to the distribution tarball during the last
libgcrypt import.
Fixes: 0739d24cd164 (libgcrypt: Adjust import script, definitions and API users for libgcrypt 1.11)
Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
libgcrypt itself is compiled with -Wno-sign-compare. Do the same for consistency.
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
HAVE_STRTOUL is now defined in stdlib.h. Include it in g10lib.h rather
than defining on command line.
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This patches modifies the GRUB-libgcrypt API to match new libgcrypt 1.11.
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This patch resolved a minor issue spotted by Coverity:
a983d36bd917 (gnulib/regexec: Resolve unused variable)
But, it was removed by the Gnulib update:
2b7902459803 (Update gnulib version and drop most gnulib patches)
It caused Coverity to continue to flag the issue. Daniel Kiper
suggested to bring back the patch a983d36bd917 (gnulib/regexec: Resolve
unused variable).
Fixes: CID 292459
Signed-off-by: Lidong Chen <lidong.chen@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Pull in Gnulib fix to allow lib/base64.c to compile using GCC 15 or newer.
Pulled from Gnulib commit 25df6dc425 (Silence some
-Wunterminated-string-initialization warnings.)
GCC 15 adds a new compiler warning "-Wunterminated-string-initialization"
that will trigger what is considered a false-positive in lib/base64.c as
this array is not treated as a string but an array of characters so the
lack of NUL string terminator is expected.
GCC team has added ability to flag such instances of arrays that the
compiler may think are strings as "nonstring" arrays to avoid this
warning: __attribute__((nonstring)).
Fixes: https://savannah.gnu.org/bugs/?66470
Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Reviewed-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
In the function merge_state_with_log(), memory is allocated for the variable
next_nodes when creating a union of the variables table_nodes and log_nodes.
However, if next_state->entrance_nodes is NULL, then table_nodes becomes NULL
and we still allocate memory to copy the content of log_nodes. This can cause
a resource leak since we only free the memory for next_nodes if table_nodes
isn't NULL. To prevent this, we need to check that next_state->entrance_nodes
isn't NULL before allocating memory for the union.
This issue has been fixed in the latest version of gnulib and I've backported
this change to maintain consistency.
This issue was found by a Coverity scan of GRUB2 under the CID 473887.
Fixes: CID 473887
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
In the functions create_initial_state() and calc_eclosure_iter(), memory
is allocated for the elems member of a re_node_set structure but that
memory isn't freed on error. Before returning an error, a call to
re_node_set_free() should be made to prevent the resource leak.
This issue has been fixed in the latest version of gnulib and I've
backported this change to maintain consistency.
This issue was found by a Coverity scan of GRUB2 under the following
CIDs: 473869, 473888.
Fixes: CID 473869
Fixes: CID 473888
Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Several new header files have been added to GRUB which need
to be manually added to the dist archive. This allows building
from the tar archive created by "make dist".
Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This file is auto-generated based on the selected platform and should
not be included in the source tarball.
Fixes: 6744840b (build: Track explicit module dependencies in Makefile.core.def)
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Signed-off-by: Andrew Hamilton <adhamilt@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Add a new keyword, "depends", to the module definition syntax
used in Makefile.core.def. This allows specifying explicit module
dependencies together with the module definition.
Do not track the "extra_deps.lst" file in the repository anymore,
it is now auto-generated.
Make use of this new keyword in the bli module definition.
Signed-off-by: Oliver Steffen <osteffen@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Fixes build failure due to the extra_deps.lst file not existing in the
tarball. Found while trying to package GRUB 2.12 for Gentoo.
make[3]: *** No rule to make target '/var/tmp/portage/sys-boot/grub-2.12/work/grub-2.12/grub-core/extra_deps.lst', needed by 'syminfo.lst'. Stop.
Fixes: 89fbe0cac (grub-core/Makefile.am: Make path to extra_deps.lst relative to $(top_srcdir)/grub-core)
Fixes: 154dcb1ae (build: Allow explicit module dependencies)
Signed-off-by: Oskari Pirhonen <xxc3ncoredxx@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
It's not critical, -Werror on it is inappropriate. We don't want to
modify gnulib too much. This warning is pretty much irrelevant.
Signed-off-by: Vladimir Serbinenko <phcoder@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The list of targets that support PCI is in gentpl.py. However, there is no
support for generating makefile script from a .def file that will apply
globally to the makefile, but on a per target basis. So instead, use
gentpl.py in configure to get the list of targets and check if the current
build target is one of them. If it is, set the automake conditional
COND_HAVE_PCI. Then in conf/Makefile.common add -DGRUB_HAS_PCI for the
platform if COND_HAVE_PCI is true.
Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Add linker flags when linking kernel.exec to have malloc and free point to
grub_malloc() and grub_free() respectively. Some gdb functionality depends on
gdb locating the symbols "malloc" and "free", such as dynamically creating
strings for arguments to injected function calls. A trivial example would
the gdb command 'p strlen("astring")'. Make sure not to do this on emu
platforms, or an infinite loop occurs because emu has a special
grub_malloc() that calls malloc().
Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
In addition to the changes carried in our gnulib patches, several
Coverity and code hygiene fixes that were previously downstream are also
included in this 3-year gnulib increment.
Unfortunately, fix-width.patch is retained.
Bump minimum autoconf version from 2.63 to 2.64 and automake from 1.11
to 1.14, as required by gnulib.
Sync bootstrap script itself with gnulib.
Update regexp module for new dynarray dependency.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Originally added in commit db7337a3d (grub-core/lib/posix_wrap/stdlib.h
(abort): Removed), this patched out all relevant invocations of abort()
in gnulib. While it was not documented why at the time, testing suggests
that there's no abort() implementation available for gnulib to use.
gnulib's position is that the use of abort() is correct here, since it
happens when input violates a "shall" from POSIX. Additionally, the
code in question is probably not reachable. Since abort() is more
friendly to user-space, they prefer to make no change, so we can just
carry a define instead (suggested by Paul Eggert).
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Originally added in commit 9fbdec2f (bootstrap: Add gnulib's base64
module) and subsequently modified in commit 552c9fd08 (gnulib: Fix build
of base64 when compiling with memory debugging), fix-base64.patch
handled two problems we have using gnulib, which are exercised by the
base64 module but not directly caused by it.
First, GRUB defines its own bool type, while gnulib expects the
equivalent of stdbool.h to be present. Rather than patching gnulib,
instead use gnulib's stdbool module to provide a bool type if needed
(suggested by Simon Josefsson).
Second, our config.h doesn't always inherit config-util.h, which is
where gnulib-related options like _GL_ATTRIBUTE_CONST end up.
fix-base64.h worked around this by defining the attribute away, but this
workaround is better placed in config.h itself, not a gnulib patch.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
$ ./configure --target=i686-w64-mingw32 --with-platform=efi --host=i686-w64-mingw32
[...]
checking if __bss_start is defined by the compiler... no
checking if edata is defined by the compiler... no
checking if _edata is defined by the compiler... no
configure: error: none of __bss_start, edata or _edata is defined
This happens on machines with quite recent ld due to an error:
`edata' referenced in section `.text' of /tmp/cc72w9E4.o: defined in discarded section `.data' of conftest.exe
collect2: error: ld returned 1 exit status
So, we have to tell linker to not discard .data and .edata sections.
The trick comes from ld documentation:
3.6.7 Output Section Discarding
The linker will not normally create output sections with no contents.
This is for convenience when referring to input sections that may or may
not be present in any of the input files. For example:
.foo : { *(.foo) }
will only create a ‘.foo’ section in the output file if there is a
‘.foo’ section in at least one input file, and if the input sections are
not all empty. Other link script directives that allocate space in an
output section will also create the output section. So too will
assignments to dot even if the assignment does not create space, except
for ‘. = 0’, ‘. = . + 0’, ‘. = sym’, ‘. = . + sym’ and ‘. = ALIGN (. !=
0, expr, 1)’ when ‘sym’ is an absolute symbol of value 0 defined in the
script. This allows you to force output of an empty section with ‘. = .’.
This change does not impact generated binaries because the
conf/i386-cygwin-img-ld.sc linker script is used only when
you run configure.
Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
In GNU ld and ld.lld, -d is used with -r to allocate space to COMMON symbols.
This behavior is presumably to work around legacy projects which inspect
relocatable output by themselves and do not handle COMMON symbols. The GRUB
does not do this.
See https://github.com/llvm/llvm-project/issues/53660
-d is quite useless and ld.lld 15.0.0 will make -d no-op.
COMMON symbols have special symbol resolution semantics which can cause surprise
(see https://maskray.me/blog/2022-02-06-all-about-common-symbols). GCC<10 and
Clang<11 defaulted to -fcommon. Just use -fno-common to avoid COMMON symbols.
Signed-off-by: Fangrui Song <maskray@google.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This allows for testing only tests that run directly on the build machine or
only tests that run in a virtualized environment. When testing multiple
targets on the same build machine the native tests only need to be run once
for all targets. Whereas, the nonnative tests must be run for each target
because the test is potentially compiled differently for each target.
Signed-off-by: Glenn Washburn <development@efficientek.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This issue has been fixed in the latest version of gnulib, so to
maintain consistency, I've backported that change rather than doing
something different.
Fixes: CID 73828
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
It appears to be possible that the mctx->state_log field may be NULL,
and the name of this function, clean_state_log_if_needed(), suggests
that it should be checking that it is valid to be cleaned before
assuming that it does.
Fixes: CID 86720
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
All other instances of call to __argp_failure() where there is
a dgettext() call is first checking whether state is NULL before
attempting to dereference it to get the root_argp->argp_domain.
Fixes: CID 292436
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The code is assuming that the value of br_token.constraint was
initialized to zero when it wasn't.
While some compilers will ensure that, not all do, so it is better to
fix this explicitly than leave it to chance.
Fixes: CID 73749
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This is a really minor issue where a variable is being assigned to but
not checked before it is overwritten again.
The reason for this issue is that we are not building with DEBUG set and
this in turn means that the assert() that reads the value of the
variable match_last is being processed out.
The solution, move the assignment to match_last in to an ifdef DEBUG too.
Fixes: CID 292459
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
When the GRUB starts on a secure boot platform, some commands can be
used to subvert the protections provided by the verification mechanism and
could lead to booting untrusted system.
To prevent that situation, allow GRUB to be locked down. That way the code
may check if GRUB has been locked down and further restrict the commands
that are registered or what subset of their functionality could be used.
The lockdown support adds the following components:
* The grub_lockdown() function which can be used to lockdown GRUB if,
e.g., UEFI Secure Boot is enabled.
* The grub_is_lockdown() function which can be used to check if the GRUB
was locked down.
* A verifier that flags OS kernels, the GRUB modules, Device Trees and ACPI
tables as GRUB_VERIFY_FLAGS_DEFER_AUTH to defer verification to other
verifiers. These files are only successfully verified if another registered
verifier returns success. Otherwise, the whole verification process fails.
For example, PE/COFF binaries verification can be done by the shim_lock
verifier which validates the signatures using the shim_lock protocol.
However, the verification is not deferred directly to the shim_lock verifier.
The shim_lock verifier is hooked into the verification process instead.
* A set of grub_{command,extcmd}_lockdown functions that can be used by
code registering command handlers, to only register unsafe commands if
the GRUB has not been locked down.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
These were inadvertently lost during the conversion to Gnulib (gnulib:
Upgrade Gnulib and switch to bootstrap tool; commit 35b909062). The
files in po/gettext-patches/ can be imported using "git am" on top of
the gettext tag corresponding to AM_GNU_GETTEXT_VERSION in configure.ac
(currently 0.18.3). They handle translation of messages in shell files,
make msgfmt output in little-endian format, and arrange to use @SHELL@
rather than /bin/sh.
There were some changes solely for the purpose of distributing extra
files; for ease of maintenance, I've added these to
conf/Makefile.extra-dist instead.
Fixes: https://savannah.gnu.org/bugs/?57298
Signed-off-by: Colin Watson <cjwatson@ubuntu.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
The upcoming support for LUKS2 disc encryption requires us to include a
parser for base64-encoded data, as it is used to represent salts and
digests. As gnulib already has code to decode such data, we can just
add it to the boostrapping configuration in order to make it available
in GRUB.
The gnulib module makes use of booleans via the <stdbool.h> header. As
GRUB does not provide any POSIX wrapper header for this, but instead
implements support for bool in <sys/types.h>, we need to patch
base64.h to not use <stdbool.h> anymore. We unfortunately cannot include
<sys/types.h> instead, as it would then use gnulib's internal header
while compiling the gnulib object but our own <sys/types.h> when
including it in a GRUB module. Because of this, the patch replaces the
include with a direct typedef.
A second fix is required to make available _GL_ATTRIBUTE_CONST, which
is provided by the configure script. As base64.h does not include
<config.h>, it is thus not available and results in a compile error.
This is fixed by adding an include of <config-util.h>.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Upgrade Gnulib files to 20190105.
It's much easier to maintain GRUB's use of portability support files
from Gnulib when the process is automatic and driven by a single
configuration file, rather than by maintainers occasionally running
gnulib-tool and committing the result. Removing these
automatically-copied files from revision control also removes the
temptation to hack the output in ways that are difficult for future
maintainers to follow. Gnulib includes a "bootstrap" program which is
designed for this.
The canonical way to bootstrap GRUB from revision control is now
"./bootstrap", but "./autogen.sh" is still useful if you just want to
generate the GRUB-specific parts of the build system.
GRUB now requires Autoconf >= 2.63 and Automake >= 1.11, in line with
Gnulib.
Gnulib source code is now placed in grub-core/lib/gnulib/ (which should
not be edited directly), and GRUB's patches are in
grub-core/lib/gnulib-patches/. I've added a few notes to the developer
manual on how to maintain this.
Signed-off-by: Colin Watson <cjwatson@ubuntu.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
gentpl.py is python2/3-agnostic, but there's no way to cause it
to be run with any interpreter other than 'python', it's just
hard-coded into Makefile.common that way. Adjust that to use
AM_PATH_PYTHON (provided by automake) to find an interpreter
and run gentpl.py with that instead. This makes grub buildable
when `python` does not exist (but rather `python3` or `python2`
or `python2.7`, etc.) Minimum version is set to 2.6 as this is
the first version with `__future__.print_function` available.
Note, AM_PATH_PYTHON respects the PYTHON environment variable
and will treat its value as the *only* candidate for a valid
interpreter if it is set - when PYTHON is set, AM_PATH_PYTHON
will not try to find any alternative interpreter, it will only
check whether the interpreter set as the value of PYTHON meets
the requirements and use it if so or fail if not. This means
that when using grub's `autogen.sh`, as it too uses the value
of the PYTHON environment variable (and if it is not set, just
sets it to 'python') you cannot rely on AM_PATH_PYTHON
interpreter discovery. If your desired Python interpreter is
not just 'python', you must set the PYTHON environment variable,
e.g. 'PYTHON=/usr/local/bin/python3 ./autogen.sh'. The specified
interpreter will then be used both by autogen.sh itself and by
the autotools-driven build scripts.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
