Hi,
I have some SUSE specific patches for tboot.
Attached.
tboot-grub2-suse.patch:
Allow to use /usr/share/grub2/grub-mkconfig_lib
tboot-grub2-fix-xen-submenu-name.patch:
Have the tboot version in the menu name
tboot-grub2-fix-menu-in-xen-host-server.patch
When system is configred as "Xen Virtual Machines Host Server", the
grub2 menu is not well organized. We could see some issues on it.
- Many duplicated xen entries generated by links to xen hypervisor
- Non bootable kernel entries trying to boot xen kernel natively
- The -dbg xen hypervisor takes precedence over release version
This patch fixes above three issues.
v2:
References: bnc#877040
Create only hypervisor pointed by /boot/xen.gz symlink to not clutter
the menu with multiple versions and also not include -dbg. Use
custom.cfg
if you need any other custom entries.
v3:
References: bnc#865815
Porting to tboot in order to fix duplicated xen entries
Ciao, Marcus
Index: tboot-1.9.4/tboot/20_linux_tboot
===================================================================
--- tboot-1.9.4.orig/tboot/20_linux_tboot
+++ tboot-1.9.4/tboot/20_linux_tboot
@@ -24,6 +24,8 @@ libdir=${exec_prefix}/lib
sysconfdir=/etc
if test -e /usr/share/grub/grub-mkconfig_lib; then
. /usr/share/grub/grub-mkconfig_lib
+elif test -e /usr/share/grub2/grub-mkconfig_lib; then
+ . /usr/share/grub2/grub-mkconfig_lib
elif test -e ${libdir}/grub/grub-mkconfig_lib; then
. ${libdir}/grub/grub-mkconfig_lib
fi
Index: tboot-1.9.4/tboot/20_linux_xen_tboot
===================================================================
--- tboot-1.9.4.orig/tboot/20_linux_xen_tboot
+++ tboot-1.9.4/tboot/20_linux_xen_tboot
@@ -24,6 +24,8 @@ libdir=${exec_prefix}/lib
sysconfdir=/etc
if test -e /usr/share/grub/grub-mkconfig_lib; then
. /usr/share/grub/grub-mkconfig_lib
+if test -e /usr/share/grub2/grub-mkconfig_lib; then
+ . /usr/share/grub2/grub-mkconfig_lib
elif test -e ${libdir}/grub/grub-mkconfig_lib; then
. ${libdir}/grub/grub-mkconfig_lib
fi
From: Michael Chang <mch...@suse.com>
Subject: [PATCH] fix menu in xen host server
References: bnc#771689, bnc#757895
Patch-Mainline: no
When system is configred as "Xen Virtual Machines Host Server", the
grub2 menu is not well organized. We could see some issues on it.
- Many duplicated xen entries generated by links to xen hypervisor
- Non bootable kernel entries trying to boot xen kernel natively
- The -dbg xen hypervisor takes precedence over release version
This patch fixes above three issues.
v2:
References: bnc#877040
Create only hypervisor pointed by /boot/xen.gz symlink to not clutter
the menu with multiple versions and also not include -dbg. Use custom.cfg
if you need any other custom entries.
v3:
References: bnc#865815
Porting to tboot in order to fix duplicated xen entries
Index: tboot-1.8.0/tboot/20_linux_tboot
===================================================================
--- tboot-1.8.0.orig/tboot/20_linux_tboot
+++ tboot-1.8.0/tboot/20_linux_tboot
@@ -166,6 +166,49 @@ while [ "x${tboot_list}" != "x" ] && [ "
break
fi
done
+
+ config=
+ for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do
+ if test -e "${i}" ; then
+ config="${i}"
+ break
+ fi
+ done
+
+ # try to get the kernel config if $linux is a symlink
+ if test -z "${config}" ; then
+ lnk_version=`basename \`readlink -f $linux\` | sed -e "s,^[^0-9]*-,,g"`
+ if (test -n ${lnk_version} && test -e "${dirname}/config-${lnk_version}") ; then
+ config="${dirname}/config-${lnk_version}"
+ fi
+ fi
+
+ # check if we are in xen domU
+ if [ ! -e /proc/xen/xsd_port -a -e /proc/xen ]; then
+ # we're running on xen domU guest
+ dmi=/sys/class/dmi/id
+ if [ -r "${dmi}/product_name" -a -r "${dmi}/sys_vendor" ]; then
+ product_name=`cat ${dmi}/product_name`
+ sys_vendor=`cat ${dmi}/sys_vendor`
+ if test "${sys_vendor}" = "Xen" -a "${product_name}" = "HVM domU"; then
+ # xen HVM guest
+ xen_pv_domU=false
+ fi
+ fi
+ else
+ # we're running on baremetal or xen dom0
+ xen_pv_domU=false
+ fi
+
+ if test "$xen_pv_domU" = "false" ; then
+ # prevent xen kernel without pv_opt support from booting
+ if (grep -qx "CONFIG_XEN=y" "${config}" 2> /dev/null && grep -qvx "CONFIG_PARAVIRT=y" "${config}" 2> /dev/null); then
+ echo "Skip xenlinux kernel $linux" >&2
+ list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '`
+ continue
+ fi
+ fi
+
if test -n "${initrd}" ; then
echo "Found initrd image: ${dirname}/${initrd}" >&2
else
Index: tboot-1.8.0/tboot/20_linux_xen_tboot
===================================================================
--- tboot-1.8.0.orig/tboot/20_linux_xen_tboot
+++ tboot-1.8.0/tboot/20_linux_xen_tboot
@@ -30,6 +30,12 @@ fi
export TEXTDOMAIN=grub
export TEXTDOMAINDIR=${prefix}/share/locale
+if [ ! -e /proc/xen/xsd_port -a -e /proc/xen ]; then
+# we're running on xen domU guest
+# prevent setting up nested virt on HVM or PV domU guest
+ exit 0
+fi
+
CLASS="--class gnu-linux --class gnu --class os --class xen"
if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
@@ -147,9 +153,17 @@ linux_list=`for i in /boot/vmlinu[xz]-*
if [ "x${linux_list}" = "x" ] ; then
exit 0
fi
-xen_list=`for i in /boot/xen*; do
- if grub_file_is_not_garbage "$i" ; then echo -n "$i " ; fi
- done`
+# bnc#877040 - Duplicate entries for boot menu created
+# only create /boot/xen.gz symlink boot entry
+if test -L /boot/xen.gz; then
+ xen_list=`readlink -f /boot/xen.gz`
+else
+ # bnc#757895 - Grub2 menu items incorrect when "Xen Virtual Machines Host Server" selected
+ # wildcard expasion with correct suffix (.gz) for not generating many duplicated menu entries
+ xen_list=`for i in /boot/xen*.gz; do
+ if grub_file_is_not_garbage "$i" && file_is_not_sym "$i" ; then echo -n "$i " ; fi
+ done`
+fi
tboot_list=`for i in /boot/tboot*.gz; do
if grub_file_is_not_garbage "$i" ; then echo -n "$i " ; fi
done`
From: Michael Chang <mch...@suse.com>
Subject: fix xen submenu name to show tboot version
References: bnc#865815
Patch-Mainline: no
Index: tboot-1.9.4/tboot/20_linux_xen_tboot
===================================================================
--- tboot-1.9.4.orig/tboot/20_linux_xen_tboot
+++ tboot-1.9.4/tboot/20_linux_xen_tboot
@@ -232,7 +232,7 @@ while [ "x${xen_list}" != "x" ] ; do
rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname`
tboot_version="1.9.4"
list="${linux_list}"
- echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
+ echo "submenu \"Xen ${xen_version} with Tboot ${tboot_version}\"{"
while [ "x$list" != "x" ] ; do
linux=`version_find_latest $list`
echo "Found linux image: $linux" >&2
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel