The measurements for confidential computing has been introduced in the commit
4c76565b6 (efi/tpm: Add EFI_CC_MEASUREMENT_PROTOCOL support). Recently
this patch 30708dfe3 (tpm: Disable the tpm verifier if the TPM device
is not present) has been introduced to optimize the memory usage when
TPM
Changes from v0:
- Add SOB line
- Compliant with grub coding style
Hector Cao (1):
Fix missing measurements on confidential computing enabled platform
grub-core/commands/efi/tpm.c | 7 +++
1 file changed, 7 insertions(+)
--
2.39.2
___
On Fri, May 17, 2024 at 10:53:27AM +0300, Vladimir Serbinenko wrote:
> Current code in some codepaths neither discards nor reports
> errors. Properly surface the error
>
> While on it split 2 cases of unrelated variables both named err.
>
> Signed-off-by: Vladimir Serbinenko
Reviewed-by: Daniel
On Mon, Jun 03, 2024 at 06:33:04PM +0200, Daniel Kiper wrote:
> On Thu, May 16, 2024 at 10:22:58PM +0300, Vladimir Serbinenko wrote:
> > Without them 0x80LL is 32-bit byte-swapped to 0x8000 instead
> > of correct 0x8000
I think it should be added "on 64-bit target"... Right?
> >
On Thu, May 16, 2024 at 10:27:41PM +0300, Vladimir Serbinenko wrote:
> We don't need any actual adjustments as we don't use the affected
> structures
>
> Signed-off-by: Vladimir Serbinenko
Reviewed-by: Daniel Kiper
Daniel
___
Grub-devel mailing list
On Thu, May 16, 2024 at 10:22:58PM +0300, Vladimir Serbinenko wrote:
> Without them 0x80LL is 32-bit byte-swapped to 0x8000 instead
> of correct 0x8000
>
> Signed-off-by: Vladimir Serbinenko
Reviewed-by: Daniel Kiper
Daniel
___
On Thu, May 16, 2024 at 10:07:12PM +0300, Vladimir Serbinenko wrote:
> This allows to set up cross environment with just 3 parameters: target,
> platform and TARGET_CROSS
May I ask you to document this in the INSTALL file?
Daniel
___
Grub-devel
On Thu, May 16, 2024 at 10:03:29PM +0300, Vladimir Serbinenko wrote:
> Signed-off-by: Vladimir Serbinenko
Reviewed-by: Daniel Kiper
Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
On Thu, May 16, 2024 at 09:37:49PM +0300, Vladimir Serbinenko wrote:
> Signed-off-by: Vladimir Serbinenko
Reviewed-by: Daniel Kiper
Daniel
___
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
On Mon, May 27, 2024 at 08:42:04PM +0800, Tianjia Zhang wrote:
> Allocate memory if needed, while saving the corresponding release
> operation, reducing the amount of code and code complexity.
>
> Signed-off-by: Tianjia Zhang
Reviewed-by: Daniel Kiper
Daniel
On Fri, May 31, 2024 at 02:42:38PM +0200, Hector Cao wrote:
> The measurements for confidential computing has been introduced in the commit
> 4c76565b6 (efi/tpm: Add EFI_CC_MEASUREMENT_PROTOCOL support). Recently
> this patch 30708dfe3 (tpm: Disable the tpm verifier if the TPM device
> is not
Currently we load module sections at whatever alignment gcc+ld happened
to dump into the ELF section header, which is often less then the page
size. Since NX protections are page based, this alignment must be
rounded up to page size on platforms supporting NX protections.
This patch switches most
For NX, we need to set write and executable permissions on the sections
of grub modules when we load them.
On sections with SHF_ALLOC set, which is typically everything except
.modname and the symbol and string tables, this patch clears the Read
Only flag on sections that have the ELF flag
For NX, we need the grub binary to announce that it is compatible with
the NX feature. This implies that when loading the executable grub
image, several attributes are true:
- the binary doesn't need an executable stack
- the binary doesn't need sections to be both executable and writable
- the
From: Peter Jones
Currently grub modules built with clang or gcc have several sections
which we don't actually need or support.
We already have a list of section to skip in genmod.sh, and this patch
adds the following sections to that list (as well as a few newlines):
.note.gnu.property
.llvm*
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 27 +++
grub-core/loader/efi/linux.c | 12 +++-
include/grub/efi/api.h | 2 ++
include/grub/efi/sb.h| 2 ++
4 files changed, 38 insertions(+), 5 deletions(-)
diff --git
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/sb.c | 39 +---
grub-core/loader/efi/linux.c | 16 ---
include/grub/efi/api.h | 5 +
include/grub/efi/efi.h | 19 +++---
include/grub/efi/sb.h| 3 ---
5 files
From: Julian Andres Klode
These can be used to register a different implementation later,
for example, when shim provides a protocol with those functions.
Signed-off-by: Mate Kukri
---
grub-core/kern/efi/efi.c | 57 ++
grub-core/loader/efi/chainloader.c |
For NX, we need to set the page access permission attributes for write
and execute permissions.
This patch adds two new primitives, grub_set_mem_attrs() and
grub_clear_mem_attrs(), and associated constant definitions, to be used
for that purpose.
For most platforms, it adds a dummy
From: Peter Jones
Currently when loading grub modules, we allocate space for all sections,
including those without SHF_ALLOC set. We then copy the sections that
/do/ have SHF_ALLOC set into the allocated memory, leaving some of our
allocation untouched forever. Additionally, on platforms with
From: Peter Jones
Currently .module_license is set writable (that is, the section has the
SHF_WRITE flag set) in the module's ELF headers. This probably never
actually matters, but it can't possibly be correct.
This patch sets that data as "const", which causes that flag not to be
set.
Currently the patchset consists of:
- Reworked Fedora NX patches to make GRUB itself work under NX.
- Julian Andres Klode's loader framework patch (used in Debian and Ubuntu for
the downstream loader).
- Implemented shim loader protocol support using the above loader framework.
- Added patch to
22 matches
Mail list logo
