[tboot-devel] suse patches for tboot

[Marcus Meissner]

Hi,

I have some SUSE specific patches for tboot.

Attached.

tboot-grub2-suse.patch:
        Allow to use /usr/share/grub2/grub-mkconfig_lib

tboot-grub2-fix-xen-submenu-name.patch:
        Have the tboot version in the menu name

tboot-grub2-fix-menu-in-xen-host-server.patch

        When system is configred as "Xen Virtual Machines Host Server", the
        grub2 menu is not well organized. We could see some issues on it.

         - Many duplicated xen entries generated by links to xen hypervisor
         - Non bootable kernel entries trying to boot xen kernel natively
         - The -dbg xen hypervisor takes precedence over release version

        This patch fixes above three issues.

        v2:
        References: bnc#877040
        Create only hypervisor pointed by /boot/xen.gz symlink to not clutter
        the menu with multiple versions and also not include -dbg. Use 
custom.cfg
        if you need any other custom entries.

        v3:
        References: bnc#865815
        Porting to tboot in order to fix duplicated xen entries


Ciao, Marcus

Index: tboot-1.9.4/tboot/20_linux_tboot
===================================================================
--- tboot-1.9.4.orig/tboot/20_linux_tboot
+++ tboot-1.9.4/tboot/20_linux_tboot
@@ -24,6 +24,8 @@ libdir=${exec_prefix}/lib
 sysconfdir=/etc
 if test -e /usr/share/grub/grub-mkconfig_lib; then
   . /usr/share/grub/grub-mkconfig_lib
+elif test -e /usr/share/grub2/grub-mkconfig_lib; then
+  . /usr/share/grub2/grub-mkconfig_lib
 elif test -e ${libdir}/grub/grub-mkconfig_lib; then
   . ${libdir}/grub/grub-mkconfig_lib
 fi
Index: tboot-1.9.4/tboot/20_linux_xen_tboot
===================================================================
--- tboot-1.9.4.orig/tboot/20_linux_xen_tboot
+++ tboot-1.9.4/tboot/20_linux_xen_tboot
@@ -24,6 +24,8 @@ libdir=${exec_prefix}/lib
 sysconfdir=/etc
 if test -e /usr/share/grub/grub-mkconfig_lib; then
   . /usr/share/grub/grub-mkconfig_lib
+if test -e /usr/share/grub2/grub-mkconfig_lib; then
+  . /usr/share/grub2/grub-mkconfig_lib
 elif test -e ${libdir}/grub/grub-mkconfig_lib; then
   . ${libdir}/grub/grub-mkconfig_lib
 fi

From: Michael Chang <mch...@suse.com>
Subject: [PATCH] fix menu in xen host server

References: bnc#771689, bnc#757895
Patch-Mainline: no

When system is configred as "Xen Virtual Machines Host Server", the
grub2 menu is not well organized. We could see some issues on it.

 - Many duplicated xen entries generated by links to xen hypervisor
 - Non bootable kernel entries trying to boot xen kernel natively
 - The -dbg xen hypervisor takes precedence over release version

This patch fixes above three issues.

v2:
References: bnc#877040
Create only hypervisor pointed by /boot/xen.gz symlink to not clutter
the menu with multiple versions and also not include -dbg. Use custom.cfg
if you need any other custom entries.

v3:
References: bnc#865815
Porting to tboot in order to fix duplicated xen entries

Index: tboot-1.8.0/tboot/20_linux_tboot
===================================================================
--- tboot-1.8.0.orig/tboot/20_linux_tboot
+++ tboot-1.8.0/tboot/20_linux_tboot
@@ -166,6 +166,49 @@ while [ "x${tboot_list}" != "x" ] && [ "
 		break
 	    fi
 	done
+
+	config=
+	for i in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do
+	    if test -e "${i}" ; then
+	    config="${i}"
+	    break
+	fi
+	done
+
+	# try to get the kernel config if $linux is a symlink
+	if test -z "${config}" ; then
+	    lnk_version=`basename \`readlink -f $linux\` | sed -e "s,^[^0-9]*-,,g"`
+	    if (test -n ${lnk_version} && test -e "${dirname}/config-${lnk_version}") ; then
+		config="${dirname}/config-${lnk_version}"
+	    fi
+	fi
+
+	# check if we are in xen domU
+	if [ ! -e /proc/xen/xsd_port -a -e /proc/xen ]; then
+	    # we're running on xen domU guest
+	    dmi=/sys/class/dmi/id
+	    if [ -r "${dmi}/product_name" -a -r "${dmi}/sys_vendor" ]; then
+		product_name=`cat ${dmi}/product_name`
+		sys_vendor=`cat ${dmi}/sys_vendor`
+		if test "${sys_vendor}" = "Xen" -a "${product_name}" = "HVM domU"; then
+		    # xen HVM guest
+		    xen_pv_domU=false
+		fi
+	    fi
+	else
+	    # we're running on baremetal or xen dom0
+	    xen_pv_domU=false
+	fi
+
+	if test "$xen_pv_domU" = "false" ; then
+	    # prevent xen kernel without pv_opt support from booting
+	    if (grep -qx "CONFIG_XEN=y" "${config}" 2> /dev/null && grep -qvx "CONFIG_PARAVIRT=y" "${config}" 2> /dev/null); then
+		echo "Skip xenlinux kernel $linux" >&2
+		list=`echo $list | tr ' ' '\n' | grep -vx $linux | tr '\n' ' '`
+		continue
+	    fi
+	fi
+
 	if test -n "${initrd}" ; then
 	    echo "Found initrd image: ${dirname}/${initrd}" >&2
 	else
Index: tboot-1.8.0/tboot/20_linux_xen_tboot
===================================================================
--- tboot-1.8.0.orig/tboot/20_linux_xen_tboot
+++ tboot-1.8.0/tboot/20_linux_xen_tboot
@@ -30,6 +30,12 @@ fi
 export TEXTDOMAIN=grub
 export TEXTDOMAINDIR=${prefix}/share/locale
 
+if [ ! -e /proc/xen/xsd_port -a -e /proc/xen ]; then
+# we're running on xen domU guest
+# prevent setting up nested virt on HVM or PV domU guest
+    exit 0
+fi
+
 CLASS="--class gnu-linux --class gnu --class os --class xen"
 
 if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then
@@ -147,9 +153,17 @@ linux_list=`for i in /boot/vmlinu[xz]-*
 if [ "x${linux_list}" = "x" ] ; then
     exit 0
 fi
-xen_list=`for i in /boot/xen*; do
-        if grub_file_is_not_garbage "$i" ; then echo -n "$i " ; fi
-      done`
+# bnc#877040 - Duplicate entries for boot menu created
+# only create /boot/xen.gz symlink boot entry
+if test -L /boot/xen.gz; then
+    xen_list=`readlink -f /boot/xen.gz`
+else
+    # bnc#757895 - Grub2 menu items incorrect when "Xen Virtual Machines Host Server" selected
+    # wildcard expasion with correct suffix (.gz) for not generating many duplicated menu entries
+    xen_list=`for i in /boot/xen*.gz; do
+         if grub_file_is_not_garbage "$i" && file_is_not_sym "$i" ; then echo -n "$i " ; fi
+         done`
+fi
 tboot_list=`for i in /boot/tboot*.gz; do
         if grub_file_is_not_garbage "$i" ; then echo -n "$i " ; fi
       done`

From: Michael Chang <mch...@suse.com>
Subject: fix xen submenu name to show tboot version 

References: bnc#865815
Patch-Mainline: no

Index: tboot-1.9.4/tboot/20_linux_xen_tboot
===================================================================
--- tboot-1.9.4.orig/tboot/20_linux_xen_tboot
+++ tboot-1.9.4/tboot/20_linux_xen_tboot
@@ -232,7 +232,7 @@ while [ "x${xen_list}" != "x" ] ; do
         rel_tboot_dirname=`make_system_path_relative_to_its_root $tboot_dirname`
         tboot_version="1.9.4"
         list="${linux_list}"
-        echo "submenu \"Xen ${xen_version}\" \"Tboot ${tboot_version}\"{"
+        echo "submenu \"Xen ${xen_version} with Tboot ${tboot_version}\"{"
         while [ "x$list" != "x" ] ; do
             linux=`version_find_latest $list`
             echo "Found linux image: $linux" >&2

------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel