[grub2] Add some more code to support Secure Boot
Peter Jones
pjones at fedoraproject.org
Wed Jul 25 13:35:52 UTC 2012
commit 58a808c00980b3a2e7d44d8d309e6e6219f100ff
Author: Peter Jones <pjones at redhat.com>
Date: Wed Jul 25 09:34:55 2012 -0400
Add some more code to support Secure Boot
Add some more code to support Secure Boot, and temporarily disable
ome other bits that don't work well enough yet.
Resolves: rhbz#836695
grub2-cdpath.patch | 25 +++
grub2-linuxefi.patch | 480 ++++++++++++++++++++++++++++++++++++++++++++++
grub2-use-linuxefi.patch | 50 +++++
grub2.spec | 33 +++-
4 files changed, 582 insertions(+), 6 deletions(-)
---
diff --git a/grub2-cdpath.patch b/grub2-cdpath.patch
new file mode 100644
index 0000000..3e00db4
--- /dev/null
+++ b/grub2-cdpath.patch
@@ -0,0 +1,25 @@
+From: Matthew Garrett <mjg at redhat.com>
+Date: 2012-07-10 11:58:52 EDT
+Subject: [PATCH] Add support for crappy cd craparino
+
+diff --git a/grub-core/disk/efi/efidisk.c b/grub-core/disk/efi/efidisk.c
+index d9d788c..a432b44 100644
+--- a/grub-core/disk/efi/efidisk.c
++++ b/grub-core/disk/efi/efidisk.c
+@@ -750,6 +750,16 @@ grub_efidisk_get_device_name (grub_efi_handle_t *handle)
+ if (! ldp)
+ return 0;
+
++ if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE &&
++ (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp) == GRUB_EFI_CDROM_DEVICE_PATH_SUBTYPE))
++ {
++ ldp->type = GRUB_EFI_END_DEVICE_PATH_TYPE;
++ ldp->subtype = GRUB_EFI_END_ENTIRE_DEVICE_PATH_SUBTYPE;
++ ldp->length[0] = 4;
++ ldp->length[1] = 0;
++ ldp = find_last_device_path(dp);
++ }
++
+ if (GRUB_EFI_DEVICE_PATH_TYPE (ldp) == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE
+ && (GRUB_EFI_DEVICE_PATH_SUBTYPE (ldp)
+ == GRUB_EFI_HARD_DRIVE_DEVICE_PATH_SUBTYPE))
diff --git a/grub2-linuxefi.patch b/grub2-linuxefi.patch
new file mode 100644
index 0000000..c0282d0
--- /dev/null
+++ b/grub2-linuxefi.patch
@@ -0,0 +1,480 @@
+From: Matthew Garrett <mjg at redhat.com>
+Date: 2012-07-10 11:58:52 EDT
+Subject: [PATCH] Add support for linuxefi
+
+diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
+index 39e77a4..f9cbfc3 100644
+--- a/grub-core/Makefile.core.def
++++ b/grub-core/Makefile.core.def
+@@ -1415,6 +1415,14 @@ module = {
+ };
+
+ module = {
++ name = linuxefi;
++ efi = loader/i386/efi/linux.c;
++ efi = lib/cmdline.c;
++ enable = i386_efi;
++ enable = x86_64_efi;
++};
++
++module = {
+ name = chain;
+ efi = loader/efi/chainloader.c;
+ i386_pc = loader/i386/pc/chainloader.c;
+diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
+index a2edc84..88b2557 100644
+--- a/grub-core/kern/efi/mm.c
++++ b/grub-core/kern/efi/mm.c
+@@ -47,6 +47,38 @@ static grub_efi_uintn_t finish_desc_size;
+ static grub_efi_uint32_t finish_desc_version;
+ int grub_efi_is_finished = 0;
+
++/* Allocate pages below a specified address */
++void *
++grub_efi_allocate_pages_max (grub_efi_physical_address_t max,
++ grub_efi_uintn_t pages)
++{
++ grub_efi_status_t status;
++ grub_efi_boot_services_t *b;
++ grub_efi_physical_address_t address = max;
++
++ if (max > 0xffffffff)
++ return 0;
++
++ b = grub_efi_system_table->boot_services;
++ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address);
++
++ if (status != GRUB_EFI_SUCCESS)
++ return 0;
++
++ if (address == 0)
++ {
++ /* Uggh, the address 0 was allocated... This is too annoying,
++ so reallocate another one. */
++ address = max;
++ status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_MAX_ADDRESS, GRUB_EFI_LOADER_DATA, pages, &address);
++ grub_efi_free_pages (0, pages);
++ if (status != GRUB_EFI_SUCCESS)
++ return 0;
++ }
++
++ return (void *) ((grub_addr_t) address);
++}
++
+ /* Allocate pages. Return the pointer to the first of allocated pages. */
+ void *
+ grub_efi_allocate_pages (grub_efi_physical_address_t address,
+diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
+new file mode 100644
+index 0000000..d06a0e3
+--- /dev/null
++++ b/grub-core/loader/i386/efi/linux.c
+@@ -0,0 +1,369 @@
++/*
++ * GRUB -- GRand Unified Bootloader
++ * Copyright (C) 2012 Free Software Foundation, Inc.
++ *
++ * GRUB is free software: you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License as published by
++ * the Free Software Foundation, either version 3 of the License, or
++ * (at your option) any later version.
++ *
++ * GRUB is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#include <grub/loader.h>
++#include <grub/file.h>
++#include <grub/err.h>
++#include <grub/types.h>
++#include <grub/mm.h>
++#include <grub/cpu/linux.h>
++#include <grub/command.h>
++#include <grub/i18n.h>
++#include <grub/lib/cmdline.h>
++#include <grub/efi/efi.h>
++
++GRUB_MOD_LICENSE ("GPLv3+");
++
++static grub_dl_t my_mod;
++static int loaded;
++static void *kernel_mem;
++static grub_uint64_t kernel_size;
++static grub_uint8_t *initrd_mem;
++static grub_uint32_t handover_offset;
++struct linux_kernel_params *params;
++static char *linux_cmdline;
++
++#define BYTES_TO_PAGES(bytes) (((bytes) + 0xfff) >> 12)
++
++#define SHIM_LOCK_GUID \
++ { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }
++
++struct grub_efi_shim_lock
++{
++ grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size);
++};
++typedef struct grub_efi_shim_lock grub_efi_shim_lock_t;
++
++static grub_efi_boolean_t
++grub_linuxefi_secure_validate (void *data, grub_uint32_t size)
++{
++ grub_efi_guid_t guid = SHIM_LOCK_GUID;
++ grub_efi_shim_lock_t *shim_lock;
++
++ shim_lock = grub_efi_locate_protocol(&guid, NULL);
++
++ if (!shim_lock)
++ return 1;
++
++ if (shim_lock->verify(data, size) == GRUB_EFI_SUCCESS)
++ return 1;
++
++ return 0;
++}
++
++typedef void(*handover_func)(void *, grub_efi_system_table_t *, struct linux_kernel_params *);
++
++static grub_err_t
++grub_linuxefi_boot (void)
++{
++ handover_func hf;
++ int offset = 0;
++
++#ifdef __x86_64__
++ offset = 512;
++#endif
++
++ hf = (handover_func)((char *)kernel_mem + handover_offset + offset);
++
++ asm volatile ("cli");
++
++ hf (grub_efi_image_handle, grub_efi_system_table, params);
++
++ /* Not reached */
++ return GRUB_ERR_NONE;
++}
++
++static grub_err_t
++grub_linuxefi_unload (void)
++{
++ grub_dl_unref (my_mod);
++ loaded = 0;
++ if (initrd_mem)
++ grub_efi_free_pages((grub_efi_physical_address_t)initrd_mem, BYTES_TO_PAGES(params->ramdisk_size));
++ if (linux_cmdline)
++ grub_efi_free_pages((grub_efi_physical_address_t)linux_cmdline, BYTES_TO_PAGES(params->cmdline_size + 1));
++ if (kernel_mem)
++ grub_efi_free_pages((grub_efi_physical_address_t)kernel_mem, BYTES_TO_PAGES(kernel_size));
++ if (params)
++ grub_efi_free_pages((grub_efi_physical_address_t)params, BYTES_TO_PAGES(16384));
++ return GRUB_ERR_NONE;
++}
++
++static grub_err_t
++grub_cmd_initrd (grub_command_t cmd __attribute__ ((unused)),
++ int argc, char *argv[])
++{
++ grub_file_t *files = 0;
++ int i, nfiles = 0;
++ grub_size_t size = 0;
++ grub_uint8_t *ptr;
++
++ if (argc == 0)
++ {
++ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
++ goto fail;
++ }
++
++ if (!loaded)
++ {
++ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("you need to load the kernel first"));
++ goto fail;
++ }
++
++ files = grub_zalloc (argc * sizeof (files[0]));
++ if (!files)
++ goto fail;
++
++ for (i = 0; i < argc; i++)
++ {
++ grub_file_filter_disable_compression ();
++ files[i] = grub_file_open (argv[i]);
++ if (! files[i])
++ goto fail;
++ nfiles++;
++ size += ALIGN_UP (grub_file_size (files[i]), 4);
++ }
++
++ initrd_mem = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(size));
++
++ if (!initrd_mem)
++ {
++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate initrd"));
++ goto fail;
++ }
++
++ params->ramdisk_size = size;
++ params->ramdisk_image = (grub_uint32_t)(grub_uint64_t) initrd_mem;
++
++ ptr = initrd_mem;
++
++ for (i = 0; i < nfiles; i++)
++ {
++ grub_ssize_t cursize = grub_file_size (files[i]);
++ if (grub_file_read (files[i], ptr, cursize) != cursize)
++ {
++ if (!grub_errno)
++ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("premature end of file %s"),
++ argv[i]);
++ goto fail;
++ }
++ ptr += cursize;
++ grub_memset (ptr, 0, ALIGN_UP_OVERHEAD (cursize, 4));
++ ptr += ALIGN_UP_OVERHEAD (cursize, 4);
++ }
++
++ params->ramdisk_size = size;
++
++ fail:
++ for (i = 0; i < nfiles; i++)
++ grub_file_close (files[i]);
++ grub_free (files);
++
++ if (initrd_mem && grub_errno)
++ grub_efi_free_pages((grub_efi_physical_address_t)initrd_mem, BYTES_TO_PAGES(size));
++
++ return grub_errno;
++}
++
++static grub_err_t
++grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
++ int argc, char *argv[])
++{
++ grub_file_t file = 0;
++ struct linux_kernel_header lh;
++ grub_ssize_t len, start, filelen;
++ void *kernel;
++
++ grub_dl_ref (my_mod);
++
++ if (argc == 0)
++ {
++ grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
++ goto fail;
++ }
++
++ file = grub_file_open (argv[0]);
++ if (! file)
++ goto fail;
++
++ filelen = grub_file_size (file);
++
++ kernel = grub_malloc(filelen);
++
++ if (!kernel)
++ {
++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("cannot allocate kernel buffer"));
++ goto fail;
++ }
++
++ if (grub_file_read (file, kernel, filelen) != filelen)
++ {
++ grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Can't read kernel %s"), argv[0]);
++ goto fail;
++ }
++
++ if (! grub_linuxefi_secure_validate (kernel, filelen))
++ {
++ grub_error (GRUB_ERR_INVALID_COMMAND, N_("%s has invalid signature"), argv[0]);
++ grub_free (kernel);
++ goto fail;
++ }
++
++ grub_file_seek (file, 0);
++
++ grub_free(kernel);
++
++ params = grub_efi_allocate_pages_max (0x3fffffff, BYTES_TO_PAGES(16384));
++
++ if (! params)
++ {
++ grub_error (GRUB_ERR_OUT_OF_MEMORY, "cannot allocate kernel parameters");
++ goto fail;
++ }
++
++ memset (params, 0, 16384);
++
++ if (grub_file_read (file, &lh, sizeof (lh)) != sizeof (lh))
++ {
++ if (!grub_errno)
++ grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
++ argv[0]);
++ goto fail;
++ }
++
++ if (lh.boot_flag != grub_cpu_to_le16 (0xaa55))
++ {
++ grub_error (GRUB_ERR_BAD_OS, N_("invalid magic number"));
++ goto fail;
++ }
++
++ if (lh.setup_sects > GRUB_LINUX_MAX_SETUP_SECTS)
++ {
++ grub_error (GRUB_ERR_BAD_OS, N_("too many setup sectors"));
++ goto fail;
++ }
++
++ if (lh.version < grub_cpu_to_le16 (0x020b))
++ {
++ grub_error (GRUB_ERR_BAD_OS, N_("kernel too old"));
++ goto fail;
++ }
++
++ if (!lh.handover_offset)
++ {
++ grub_error (GRUB_ERR_BAD_OS, N_("kernel doesn't support EFI handover"));
++ goto fail;
++ }
++
++ linux_cmdline = grub_efi_allocate_pages_max(0x3fffffff,
++ BYTES_TO_PAGES(lh.cmdline_size + 1));
++
++ if (!linux_cmdline)
++ {
++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate cmdline"));
++ goto fail;
++ }
++
++ grub_memcpy (linux_cmdline, LINUX_IMAGE, sizeof (LINUX_IMAGE));
++ grub_create_loader_cmdline (argc, argv,
++ linux_cmdline + sizeof (LINUX_IMAGE) - 1,
++ lh.cmdline_size - (sizeof (LINUX_IMAGE) - 1));
++
++ lh.cmd_line_ptr = (grub_uint32_t)(grub_uint64_t)linux_cmdline;
++
++ handover_offset = lh.handover_offset;
++
++ start = (lh.setup_sects + 1) * 512;
++ len = grub_file_size(file) - start;
++
++ kernel_mem = grub_efi_allocate_pages(lh.pref_address,
++ BYTES_TO_PAGES(lh.init_size));
++
++ if (!kernel_mem)
++ kernel_mem = grub_efi_allocate_pages_max(0x3fffffff,
++ BYTES_TO_PAGES(lh.init_size));
++
++ if (!kernel_mem)
++ {
++ grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("can't allocate kernel"));
++ goto fail;
++ }
++
++ if (grub_file_seek (file, start) == (grub_off_t) -1)
++ {
++ grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
++ argv[0]);
++ goto fail;
++ }
++
++ if (grub_file_read (file, kernel_mem, len) != len && !grub_errno)
++ {
++ grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
++ argv[0]);
++ }
++
++ if (grub_errno == GRUB_ERR_NONE)
++ {
++ grub_loader_set (grub_linuxefi_boot, grub_linuxefi_unload, 0);
++ loaded = 1;
++ lh.code32_start = (grub_uint32_t)(grub_uint64_t) kernel_mem;
++ }
++
++ memcpy(params, &lh, 2 * 512);
++
++ fail:
++
++ if (file)
++ grub_file_close (file);
++
++ if (grub_errno != GRUB_ERR_NONE)
++ {
++ grub_dl_unref (my_mod);
++ loaded = 0;
++ }
++
++ if (linux_cmdline && !loaded)
++ grub_efi_free_pages((grub_efi_physical_address_t)linux_cmdline, BYTES_TO_PAGES(lh.cmdline_size + 1));
++
++ if (kernel_mem && !loaded)
++ grub_efi_free_pages((grub_efi_physical_address_t)kernel_mem, BYTES_TO_PAGES(kernel_size));
++
++ if (params && !loaded)
++ grub_efi_free_pages((grub_efi_physical_address_t)params, BYTES_TO_PAGES(16384));
++
++ return grub_errno;
++}
++
++static grub_command_t cmd_linux, cmd_initrd;
++
++GRUB_MOD_INIT(linuxefi)
++{
++ cmd_linux =
++ grub_register_command ("linuxefi", grub_cmd_linux,
++ 0, N_("Load Linux."));
++ cmd_initrd =
++ grub_register_command ("initrdefi", grub_cmd_initrd,
++ 0, N_("Load initrd."));
++ my_mod = mod;
++}
++
++GRUB_MOD_FINI(linuxefi)
++{
++ grub_unregister_command (cmd_linux);
++ grub_unregister_command (cmd_initrd);
++}
+diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
+index e67d92b..1b0e7ae 100644
+--- a/include/grub/efi/efi.h
++++ b/include/grub/efi/efi.h
+@@ -40,6 +40,9 @@ void EXPORT_FUNC(grub_efi_stall) (grub_efi_uintn_t microseconds);
+ void *
+ EXPORT_FUNC(grub_efi_allocate_pages) (grub_efi_physical_address_t address,
+ grub_efi_uintn_t pages);
++void *
++EXPORT_FUNC(grub_efi_allocate_pages_max) (grub_efi_physical_address_t max,
++ grub_efi_uintn_t pages);
+ void EXPORT_FUNC(grub_efi_free_pages) (grub_efi_physical_address_t address,
+ grub_efi_uintn_t pages);
+ int
+diff --git a/include/grub/i386/linux.h b/include/grub/i386/linux.h
+index 9d064c8..c29c5af 100644
+--- a/include/grub/i386/linux.h
++++ b/include/grub/i386/linux.h
+@@ -139,6 +139,7 @@ struct linux_kernel_header
+ grub_uint64_t setup_data;
+ grub_uint64_t pref_address;
+ grub_uint32_t init_size;
++ grub_uint32_t handover_offset;
+ } __attribute__ ((packed));
+
+ /* Boot parameters for Linux based on 2.6.12. This is used by the setup
+diff --git a/grub-core/loader/i386/efi/linux.c b/grub-core/loader/i386/efi/linux.c
+index d06a0e3..b79e632 100644
+--- a/grub-core/loader/i386/efi/linux.c
++++ b/grub-core/loader/i386/efi/linux.c
+@@ -326,6 +326,8 @@ grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
+
+ memcpy(params, &lh, 2 * 512);
+
++ params->type_of_loader = 0x21;
++
+ fail:
+
+ if (file)
diff --git a/grub2-use-linuxefi.patch b/grub2-use-linuxefi.patch
new file mode 100644
index 0000000..18684b0
--- /dev/null
+++ b/grub2-use-linuxefi.patch
@@ -0,0 +1,50 @@
+From 151b1691fe0cf885df101c6e6a7cb1defc50428b Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones at redhat.com>
+Date: Mon, 16 Jul 2012 18:57:11 -0400
+Subject: [PATCH] Use "linuxefi" and "initrdefi" where appropriate.
+
+---
+ util/grub.d/10_linux.in | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
+index cd543bd..e2b8ab3 100644
+--- a/util/grub.d/10_linux.in
++++ b/util/grub.d/10_linux.in
+@@ -133,17 +133,31 @@ linux_entry ()
+ printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/"
+ fi
+ message="$(gettext_printf "Loading Linux %s ..." ${version})"
+- sed "s/^/$submenu_indentation/" << EOF
++ if [ -d /sys/firmware/efi ]; then
++ sed "s/^/$submenu_indentation/" << EOF
++ echo '$message'
++ linuxefi ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args}
++EOF
++ else
++ sed "s/^/$submenu_indentation/" << EOF
+ echo '$message'
+ linux ${rel_dirname}/${basename} root=${linux_root_device_thisversion} ro ${args}
+ EOF
++ fi
+ if test -n "${initrd}" ; then
+ # TRANSLATORS: ramdisk isn't identifier. Should be translated.
+ message="$(gettext_printf "Loading initial ramdisk ...")"
+- sed "s/^/$submenu_indentation/" << EOF
++ if [ -d /sys/firmware/efi ]; then
++ sed "s/^/$submenu_indentation/" << EOF
++ echo '$message'
++ initrdefi ${rel_dirname}/${initrd}
++EOF
++ else
++ sed "s/^/$submenu_indentation/" << EOF
+ echo '$message'
+ initrd ${rel_dirname}/${initrd}
+ EOF
++ fi
+ fi
+ sed "s/^/$submenu_indentation/" << EOF
+ }
+--
+1.7.10.4
+
diff --git a/grub2.spec b/grub2.spec
index ffd6d75..4f2442f 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -39,7 +39,7 @@
Name: grub2
Epoch: 1
Version: 2.00
-Release: 1%{?dist}
+Release: 3%{?dist}
Summary: Bootloader with support for Linux, Multiboot and more
Group: System Environment/Base
@@ -50,13 +50,17 @@ Source0: ftp://alpha.gnu.org/gnu/grub/grub-%{tarversion}.tar.xz
Source3: README.Fedora
Source4: http://unifoundry.com/unifont-5.1.20080820.pcf.gz
Source5: theme.tar.bz2
+#Source6: grub-cd.cfg
Patch2: grub-1.99-just-say-linux.patch
Patch5: grub-1.99-ppc-terminfo.patch
Patch10: grub-2.00-add-fw_path-search.patch
Patch11: grub-2.00-Add-fwsetup.patch
Patch13: grub-2.00-Dont-set-boot-on-ppc.patch
Patch18: grub-2.00-ignore-gnulib-gets-stupidity.patch
-Patch19: grub-2.00-who-trusts-you-and-who-do-you-trust.patch
+#Patch19: grub-2.00-who-trusts-you-and-who-do-you-trust.patch
+Patch20: grub2-linuxefi.patch
+Patch21: grub2-cdpath.patch
+Patch22: grub2-use-linuxefi.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -159,10 +163,15 @@ cd grub-efi-%{tarversion}
--program-transform-name=s,grub,%{name}, \
--disable-werror
make %{?_smp_mflags}
-./grub-mkimage -O %{grubefiarch} -o %{grubefiname} -d grub-core \
- part_gpt hfsplus fat ext2 btrfs normal chain boot configfile linux \
- minicmd reboot halt search font gfxterm echo video all_video \
- test gfxmenu png efifwsetup
+GRUB_MODULES=" all_video boot btrfs cat chain configfile echo efifwsetup \
+ efinet ext2 fat font gfxmenu gfxterm gzio halt hfsplus iso9660 \
+ jpeg linuxefi minicmd normal part_msdos part_gpt \
+ password_pbkdf2 png reboot search search_fs_uuid \
+ search_fs_file search_label test video"
+./grub-mkimage -O %{grubefiarch} -o %{grubefiname} -p /EFI/${efidir} \
+ -d grub-core ${GRUB_MODULES}
+./grub-mkimage -O %{grubefiarch} -o grub-cd.efi -p /EFI/BOOT \
+ -d grub-core ${GRUB_MODULES}
cd ..
%endif
@@ -233,6 +242,8 @@ do
# install -m 755 -D $BASE$EXT $TGT
done
install -m 755 %{grubefiname} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{grubefiname}
+install -m 755 grub-cd.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/grub-cd.efi
+install -D -m 644 unicode.pf2 $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/fonts/unicode.pf2
cd ..
%endif
@@ -332,6 +343,7 @@ fi
%{_libdir}/grub/%{grubefiarch}
%config(noreplace) %{_sysconfdir}/%{name}-efi.cfg
%attr(0755,root,root)/boot/efi/EFI/%{efidir}
+%attr(0755,root,root)/boot/efi/EFI/%{efidir}/fonts
%ghost %config(noreplace) /boot/efi/EFI/%{efidir}/grub.cfg
%doc grub-%{tarversion}/COPYING
%endif
@@ -382,6 +394,15 @@ fi
%doc grub-%{tarversion}/themes/starfield/COPYING.CC-BY-SA-3.0
%changelog
+* Wed Jul 25 2012 Peter Jones <pjones at redhat.com> - 2.00-3
+- Add some more code to support Secure Boot, and temporarily disable
+ some other bits that don't work well enough yet.
+ Resolves: rhbz#836695
+
+* Wed Jul 11 2012 Matthew Garrett <mjg at redhat.com> - 2.00-2
+- Set a prefix for the image - needed for installer work
+- Provide the font in the EFI directory for the same reason
+
* Thu Jun 28 2012 Peter Jones <pjones at redhat.com> - 2.00-1
- Rebase to grub-2.00 release.
More information about the scm-commits
mailing list