Package: grub2 / 2.04-8

Metadata

Package Version Patches format
grub2 2.04-8 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
olpc prefix hack.patch | (download)

grub-core/kern/ieee1275/init.c | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

 hack prefix for olpc

This sucks, but it's better than what OFW was giving us.

Patch-Name: olpc-prefix-hack.patch

core in fs.patch | (download)

util/setup.c | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 write marker if core.img was written to filesystem

The Debian bug reporting script includes a warning in this case.

Patch-Name: core-in-fs.patch

dpkg version comparison.patch | (download)

util/grub-mkconfig_lib.in | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 improve handling of debian kernel version numbers

grub legacy 0 based partitions.patch | (download)

util/getroot.c | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 support running grub-probe in grub-legacy's update-grub

disable floppies.patch | (download)

grub-core/kern/emu/hostdisk.c | 12 12 + 0 - 0 !
1 file changed, 12 insertions(+)

 disable use of floppy devices

An ugly kludge.  Should this be merged upstream?

grub.cfg 400.patch | (download)

util/grub-mkconfig.in | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 make grub.cfg world-readable if it contains no passwords

Patch-Name: grub.cfg-400.patch

gfxpayload keep default.patch | (download)

util/grub.d/10_linux.in | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 disable gfxpayload=keep by default

Setting gfxpayload=keep has been known to cause efifb to be
inappropriately enabled.  In any case, with the current Linux kernel the
result of this option is that early kernelspace will be unable to print
anything to the console, so (for example) if boot fails and you end up
dumped to an initramfs prompt, you won't be able to see anything on the
screen.  As such it shouldn't be enabled by default in Debian, no matter
what kernel options are enabled.

gfxpayload=keep is a good idea but rather ahead of its time ...

Bug-Debian: http://bugs.debian.org/567245
install stage2 confusion.patch | (download)

util/grub-install.c | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 if grub legacy is still around, tell packaging to ignore it

Bug-Debian: http://bugs.debian.org/586143
mkrescue efi modules.patch | (download)

util/grub-mkrescue.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 build vfat into efi boot images

mkconfig loopback.patch | (download)

util/grub-mkconfig_lib.in | 24 24 + 0 - 0 !
util/grub.d/10_linux.in | 5 5 + 0 - 0 !
util/grub.d/20_linux_xen.in | 5 5 + 0 - 0 !
3 files changed, 34 insertions(+)

 handle filesystems loop-mounted on file images

Improve prepare_grub_to_access_device to emit appropriate commands for
such filesystems, and ignore them in Linux grub.d scripts.

This is needed for Ubuntu's Wubi installation method.

This patch isn't inherently Debian/Ubuntu-specific.  losetup and
/proc/mounts are Linux-specific, though, so we might need to refine this
before sending it upstream.  The changes to the Linux grub.d scripts
might be better handled by integrating 10_lupin properly instead.

Patch-Name: mkconfig-loopback.patch

restore mkdevicemap.patch | (download)

Makefile.util.def | 17 17 + 0 - 0 !
docs/man/grub-mkdevicemap.h2m | 4 4 + 0 - 0 !
include/grub/util/deviceiter.h | 14 14 + 0 - 0 !
util/deviceiter.c | 1021 1021 + 0 - 0 !
util/devicemap.c | 13 13 + 0 - 0 !
util/grub-mkdevicemap.c | 181 181 + 0 - 0 !
6 files changed, 1250 insertions(+)

 restore grub-mkdevicemap

This is kind of a mess, requiring lots of OS-specific code to iterate
over all possible devices.  However, we use it in a number of scripts to
discover devices and reimplementing those in terms of something else
would be very complicated.

gettext quiet.patch | (download)

grub-core/gettext/gettext.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 silence error messages when translations are unavailable

Bug: https://savannah.gnu.org/bugs/?35880
install efi fallback.patch | (download)

grub-core/osdep/linux/platform.c | 40 35 + 5 - 0 !
1 file changed, 35 insertions(+), 5 deletions(-)

 fall back to non-efi if booted using efi but -efi is missing

It may be possible, particularly in recovery situations, to be booted
using EFI on x86 when only the i386-pc target is installed, or on ARM
when only the arm-uboot target is installed.  There's nothing actually
stopping us installing i386-pc or arm-uboot from an EFI environment, and
it's better than returning a confusing error.

mkconfig ubuntu recovery.patch | (download)

configure.ac | 11 11 + 0 - 0 !
util/grub.d/10_linux.in | 16 14 + 2 - 0 !
util/grub.d/30_os-prober.in | 2 1 + 1 - 0 !
3 files changed, 26 insertions(+), 3 deletions(-)

 "single" -> "recovery" when friendly-recovery is installed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

If configured with --enable-ubuntu-recovery, also set nomodeset for
recovery mode, and disable 'set gfxpayload=keep' even if the system
normally supports it.  See
https://launchpad.net/ubuntu/+spec/desktop-o-xorg-tools-and-processes.

install locale langpack.patch | (download)

util/grub-install-common.c | 37 30 + 7 - 0 !
1 file changed, 30 insertions(+), 7 deletions(-)

 prefer translations from ubuntu language packs if available

Bug-Ubuntu: https://bugs.launchpad.net/bugs/537998
mkconfig nonexistent loopback.patch | (download)

util/grub-mkconfig_lib.in | 2 1 + 1 - 0 !
util/grub.d/30_os-prober.in | 9 5 + 4 - 0 !
2 files changed, 6 insertions(+), 5 deletions(-)

 avoid getting confused by inaccessible loop device backing paths

Bug-Ubuntu: https://bugs.launchpad.net/bugs/938724
no insmod on sb.patch | (download)

grub-core/kern/dl.c | 13 13 + 0 - 0 !
grub-core/kern/efi/efi.c | 28 28 + 0 - 0 !
include/grub/efi/efi.h | 1 1 + 0 - 0 !
3 files changed, 42 insertions(+)

 don't permit loading modules on uefi secure boot

default grub d.patch | (download)

grub-core/osdep/unix/config.c | 114 93 + 21 - 0 !
util/grub-mkconfig.in | 5 5 + 0 - 0 !
2 files changed, 98 insertions(+), 21 deletions(-)

 read /etc/default/grub.d/*.cfg after /etc/default/grub

Bug-Ubuntu: https://bugs.launchpad.net/bugs/901600
blacklist 1440x900x32.patch | (download)

grub-core/video/i386/pc/vbe.c | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 blacklist 1440x900x32 from vbe preferred mode handling

Bug-Ubuntu: https://bugs.launchpad.net/bugs/701111
uefi firmware setup.patch | (download)

Makefile.util.def | 6 6 + 0 - 0 !
util/grub.d/30_uefi-firmware.in | 46 46 + 0 - 0 !
2 files changed, 52 insertions(+)

 output a menu entry for firmware setup on uefi fastboot systems

mkconfig ubuntu distributor.patch | (download)

util/grub.d/10_linux.in | 9 8 + 1 - 0 !
1 file changed, 8 insertions(+), 1 deletion(-)

 remove gnu/linux from default distributor string for ubuntu

Ubuntu is called "Ubuntu", not "Ubuntu GNU/Linux".

linuxefi.patch | (download)

grub-core/Makefile.core.def | 7 7 + 0 - 0 !
grub-core/kern/efi/mm.c | 32 32 + 0 - 0 !
grub-core/loader/i386/efi/linux.c | 381 381 + 0 - 0 !
grub-core/loader/i386/linux.c | 41 41 + 0 - 0 !
include/grub/efi/efi.h | 3 3 + 0 - 0 !
5 files changed, 464 insertions(+)

 add "linuxefi" loader which avoids exitbootservices

mkconfig signed kernel.patch | (download)

util/grub.d/10_linux.in | 15 15 + 0 - 0 !
1 file changed, 15 insertions(+)

 generate configuration for signed uefi kernels if available

install signed.patch | (download)

util/grub-install.c | 212 153 + 59 - 0 !
1 file changed, 153 insertions(+), 59 deletions(-)

 install signed images if uefi secure boot is enabled
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

sleep shift.patch | (download)

grub-core/commands/sleep.c | 27 26 + 1 - 0 !
grub-core/normal/menu.c | 19 19 + 0 - 0 !
2 files changed, 45 insertions(+), 1 deletion(-)

 allow shift to interrupt 'sleep --interruptible'

Upstream would like to consider this at more length. See
http://lists.gnu.org/archive/html/grub-devel/2009-08/msg00718.html, and
the rest of the thread for context.

wubi no windows.patch | (download)

util/grub.d/30_os-prober.in | 19 19 + 0 - 0 !
1 file changed, 19 insertions(+)

 skip windows os-prober entries on wubi systems

Since we're already being booted from the Windows boot loader, including
entries that take us back to it mostly just causes confusion, and stops
us from being able to hide the menu if there are no other OSes
installed.

https://blueprints.launchpad.net/ubuntu/+spec/foundations-o-wubi

maybe quiet.patch | (download)

config.h.in | 2 2 + 0 - 0 !
configure.ac | 16 16 + 0 - 0 !
grub-core/boot/i386/pc/boot.S | 11 11 + 0 - 0 !
grub-core/boot/i386/pc/diskboot.S | 26 26 + 0 - 0 !
grub-core/kern/main.c | 17 17 + 0 - 0 !
grub-core/kern/rescue_reader.c | 2 2 + 0 - 0 !
grub-core/normal/main.c | 11 11 + 0 - 0 !
grub-core/normal/menu.c | 17 15 + 2 - 0 !
util/grub.d/10_linux.in | 15 11 + 4 - 0 !
9 files changed, 111 insertions(+), 6 deletions(-)

 add configure option to reduce visual clutter at boot time

If this option is enabled, then do all of the following:

Don't display introductory message about line editing unless we're
actually offering a shell prompt.  (This is believed to be a workaround
install efi adjust distributor.patch | (download)

util/grub-install.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 adjust efi_distributor for some distributions

This is not a very good approach, and certainly not sanely upstreamable;
quick boot.patch | (download)

configure.ac | 11 11 + 0 - 0 !
docs/grub.texi | 14 14 + 0 - 0 !
grub-core/normal/menu.c | 24 24 + 0 - 0 !
util/grub-mkconfig.in | 3 2 + 1 - 0 !
util/grub.d/00_header.in | 77 65 + 12 - 0 !
util/grub.d/10_linux.in | 4 4 + 0 - 0 !
util/grub.d/30_os-prober.in | 21 21 + 0 - 0 !
7 files changed, 141 insertions(+), 13 deletions(-)

 add configure option to bypass boot menu if possible

If other operating systems are installed, then automatically unhide the
menu.  Otherwise, if GRUB_HIDDEN_TIMEOUT is 0, then use keystatus if
available to check whether Shift is pressed.  If it is, show the menu,
otherwise boot immediately.  If keystatus is not available, then fall
back to a short delay interruptible with Escape.

This may or may not remain Ubuntu-specific, although it's not obviously
wanted upstream.  It implements a requirement of
https://wiki.ubuntu.com/DesktopExperienceTeam/KarmicBootExperienceDesignSpec#Bootloader.

If the previous boot failed (defined as failing to get to the end of one
of the normal runlevels), then show the boot menu regardless.

quick boot lvm.patch | (download)

util/grub.d/00_header.in | 18 15 + 3 - 0 !
1 file changed, 15 insertions(+), 3 deletions(-)

 if we don't have writable grubenv and we're on efi, always show the
 menu

If we don't have writable grubenv, recordfail doesn't work, which means our
quickboot behavior - with a timeout of 0 - leaves the user without a
reliable way to access the boot menu if they're on UEFI, because unlike
BIOS, UEFI does not support checking the state of modifier keys (i.e.
holding down shift at boot is not detectable).

Handle this corner case by always using a non-zero timeout on EFI when
save_env doesn't work.

Reuse GRUB_RECORDFAIL_TIMEOUT to avoid introducing another variable.

Signed-off-by: Steve Langasek <steve.langasek@canonical.com>

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1800722
gfxpayload dynamic.patch | (download)

configure.ac | 11 11 + 0 - 0 !
grub-core/Makefile.core.def | 8 8 + 0 - 0 !
grub-core/commands/i386/pc/hwmatch.c | 146 146 + 0 - 0 !
include/grub/file.h | 1 1 + 0 - 0 !
util/grub.d/10_linux.in | 37 34 + 3 - 0 !
5 files changed, 200 insertions(+), 3 deletions(-)

 add configure option to enable gfxpayload=keep dynamically

Set GRUB_GFXPAYLOAD_LINUX=keep unless it's known to be unsupported on
the current hardware.  See
https://blueprints.launchpad.net/ubuntu/+spec/packageselection-foundations-n-grub2-boot-framebuffer.

vt handoff.patch | (download)

configure.ac | 11 11 + 0 - 0 !
util/grub.d/10_linux.in | 28 27 + 1 - 0 !
2 files changed, 38 insertions(+), 1 deletion(-)

 add configure option to use vt.handoff=7

This is used for non-recovery Linux entries only; it enables
flicker-free booting if gfxpayload=keep is in use and a suitable kernel
is present.

probe fusionio.patch | (download)

grub-core/osdep/linux/getroot.c | 13 13 + 0 - 0 !
util/deviceiter.c | 19 19 + 0 - 0 !
2 files changed, 32 insertions(+)

 probe fusionio devices

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1237519
ignore grub_func_test failures.patch | (download)

tests/grub_func_test.in | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 ignore functional test failures for now as they are broken

See: https://lists.gnu.org/archive/html/grub-devel/2013-11/msg00242.html

mkconfig recovery title.patch | (download)

docs/grub.texi | 5 5 + 0 - 0 !
util/grub-mkconfig.in | 7 6 + 1 - 0 !
util/grub.d/10_hurd.in | 4 2 + 2 - 0 !
util/grub.d/10_kfreebsd.in | 2 1 + 1 - 0 !
util/grub.d/10_linux.in | 2 1 + 1 - 0 !
util/grub.d/10_netbsd.in | 2 1 + 1 - 0 !
util/grub.d/20_linux_xen.in | 2 1 + 1 - 0 !
7 files changed, 17 insertions(+), 7 deletions(-)

 add grub_recovery_title option

This allows the controversial "recovery mode" text to be customised.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1240360
install powerpc machtypes.patch | (download)

grub-core/osdep/basic/platform.c | 5 5 + 0 - 0 !
grub-core/osdep/linux/platform.c | 72 72 + 0 - 0 !
grub-core/osdep/unix/platform.c | 28 22 + 6 - 0 !
grub-core/osdep/windows/platform.c | 6 6 + 0 - 0 !
include/grub/util/install.h | 3 3 + 0 - 0 !
util/grub-install.c | 11 11 + 0 - 0 !
6 files changed, 119 insertions(+), 6 deletions(-)

 port yaboot logic for various powerpc machine types

Some powerpc machines require not updating the NVRAM.  This can be handled
by existing grub-install command-line options, but it's friendlier to detect
this automatically.

On chrp_ibm machines, use the nvram utility rather than nvsetenv.  (This
is possibly suitable for other machines too, but that needs to be
verified.)

ieee1275 clear reset.patch | (download)

grub-core/term/terminfo.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 include a text attribute reset in the clear command for ppc

Always clear text attribute for clear command in order to avoid problems
after it boots.

* grub-core/term/terminfo.c: Add escape for text attribute reset

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1295255
ppc64el disable vsx.patch | (download)

grub-core/kern/powerpc/ieee1275/startup.S | 12 12 + 0 - 0 !
1 file changed, 12 insertions(+)

 disable vsx instruction

VSX bit is enabled by default for Power7 and Power8 CPU models,
so we need to disable them in order to avoid instruction exceptions.
Kernel will activate it when necessary.

* grub-core/kern/powerpc/ieee1275/startup.S: Disable VSX.

Also-By: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Also-By: Colin Watson <cjwatson@debian.org>

grub install pvxen paths.patch | (download)

util/grub-install.c | 24 22 + 2 - 0 !
1 file changed, 22 insertions(+), 2 deletions(-)

 grub-install: install pv xen binaries into the upstream specified
 path

Upstream have defined a specification for where guests ought to place their
xenpv grub binaries in order to facilitate chainloading from a stage 1 grub
loaded from dom0.

http://xenbits.xen.org/docs/unstable-staging/misc/x86-xenpv-bootloader.html

The spec calls for installation into /boot/xen/pvboot-i386.elf or
/boot/xen/pvboot-x86_64.elf.

Signed-off-by: Ian Campbell <ijc@hellion.org.uk>

Bug-Debian: https://bugs.debian.org/762307
insmod xzio and lzopio on xen.patch | (download)

util/grub.d/10_linux.in | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 arrange to insmod xzio and lzopio when booting a kernel as a xen
 guest

This is needed in case the Linux kernel is compiled with CONFIG_KERNEL_XZ or
CONFIG_KERNEL_LZO rather than CONFIG_KERNEL_GZ (gzio is already loaded by
grub.cfg today).

Signed-off-by: Ian Campbell <ijc@debian.org>

Bug-Debian: https://bugs.debian.org/755256
grub install extra removable.patch | (download)

util/grub-install.c | 110 108 + 2 - 0 !
1 file changed, 108 insertions(+), 2 deletions(-)

 add support for forcing efi installation to the removable media path

Add an extra option to grub-install "--force-extra-removable". On EFI
platforms, this will cause an extra copy of the grub-efi image to be
written to the appropriate removable media patch
/boot/efi/EFI/BOOT/BOOT$ARCH.EFI as well. This will help with broken
UEFI implementations where the firmware does not work when configured
with new boot paths.

Signed-off-by: Steve McIntyre <93sam@debian.org>

Bug-Debian: https://bugs.debian.org/767037 https://bugs.debian.org/773092
mkconfig other inits.patch | (download)

util/grub.d/10_linux.in | 10 10 + 0 - 0 !
util/grub.d/20_linux_xen.in | 11 11 + 0 - 0 !
2 files changed, 21 insertions(+)

 generate alternative init entries in advanced menu

Add fallback boot entries for alternative installed init systems.  Based
on patches from Michael Biebl and Didier Roche.

Bug-Debian: https://bugs.debian.org/757298
Bug-Debian: https://bugs.debian.org/773173
zpool full device name.patch | (download)

grub-core/osdep/unix/getroot.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 tell zpool to emit full device names

zfs-initramfs currently provides extraneous, undesired symlinks to
devices directly underneath /dev/ to satisfy zpool's historical output
of unqualified device names. By including this environment variable to
signal our intent to zpool, zfs-linux packages can drop the symlink
behavior when updating to its upstream or backported output behavior.

Bug: https://savannah.gnu.org/bugs/?43653
Bug-Debian: https://bugs.debian.org/824974
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1527727
net read bracketed ipv6 addr.patch | (download)

grub-core/net/http.c | 21 17 + 4 - 0 !
grub-core/net/net.c | 93 87 + 6 - 0 !
grub-core/net/tftp.c | 6 5 + 1 - 0 !
include/grub/net.h | 1 1 + 0 - 0 !
4 files changed, 110 insertions(+), 11 deletions(-)

 net: read bracketed ipv6 addrs and port numbers

Allow specifying port numbers for http and tftp paths, and allow ipv6 addresses
to be recognized with brackets around them, which is required to specify a port
number

Patch-Name: net-read-bracketed-ipv6-addr.patch

bootp new net_bootp6 command.patch | (download)

grub-core/net/bootp.c | 908 907 + 1 - 0 !
grub-core/net/ip.c | 39 39 + 0 - 0 !
include/grub/net.h | 72 72 + 0 - 0 !
3 files changed, 1018 insertions(+), 1 deletion(-)

 bootp: new net_bootp6 command

Implement new net_bootp6 command for IPv6 network auto configuration via the
DHCPv6 protocol (RFC3315).

Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Ken Lin <ken.lin@hpe.com>

Patch-Name: bootp-new-net_bootp6-command.patch

efinet uefi ipv6 pxe support.patch | (download)

grub-core/net/drivers/efi/efinet.c | 24 19 + 5 - 0 !
include/grub/efi/api.h | 55 54 + 1 - 0 !
2 files changed, 73 insertions(+), 6 deletions(-)

 efinet: uefi ipv6 pxe support

When grub2 image is booted from UEFI IPv6 PXE, the DHCPv6 Reply packet is
cached in firmware buffer which can be obtained by PXE Base Code protocol. The
network interface can be setup through the parameters in that obtained packet.

Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Ken Lin <ken.lin@hpe.com>

Patch-Name: efinet-uefi-ipv6-pxe-support.patch

bootp process dhcpack http boot.patch | (download)

grub-core/net/bootp.c | 60 59 + 1 - 0 !
include/grub/net.h | 1 1 + 0 - 0 !
2 files changed, 60 insertions(+), 1 deletion(-)

 bootp: add processing dhcpack packet from http boot

The vendor class identifier with the string "HTTPClient" is used to denote the
packet as responding to HTTP boot request. In DHCP4 config, the filename for
HTTP boot is the URL of the boot file while for PXE boot it is the path to the
boot file. As a consequence, the next-server becomes obseleted because the HTTP
URL already contains the server address for the boot file. For DHCP6 config,
efinet set network from uefi devpath.patch | (download)

grub-core/net/drivers/efi/efinet.c | 268 259 + 9 - 0 !
include/grub/efi/api.h | 11 11 + 0 - 0 !
2 files changed, 270 insertions(+), 9 deletions(-)

 efinet: setting network from uefi device path

The PXE Base Code protocol used to obtain cached PXE DHCPACK packet is no
longer provided for HTTP Boot. Instead, we have to get the HTTP boot
information from the device path nodes defined in following UEFI Specification
sections.

 9.3.5.12 IPv4 Device Path
 9.3.5.13 IPv6 Device Path
 9.3.5.23 Uniform Resource Identifiers (URI) Device Path

This patch basically does:

include/grub/efi/api.h:
Add new structure of Uniform Resource Identifiers (URI) Device Path

grub-core/net/drivers/efi/efinet.c:
Check if PXE Base Code is available, if not it will try to obtain the netboot
information from the device path where the image booted from. The DHCPACK
packet is recoverd from the information in device patch and feed into the same
DHCP packet processing functions to ensure the network interface is setting up
the same way it used to be.

Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Ken Lin <ken.lin@hpe.com>

Patch-Name: efinet-set-network-from-uefi-devpath.patch

efinet set dns from uefi proto.patch | (download)

grub-core/net/drivers/efi/efinet.c | 163 163 + 0 - 0 !
include/grub/efi/api.h | 76 76 + 0 - 0 !
2 files changed, 239 insertions(+)

 efinet: setting dns server from uefi protocol

In the URI device path node, any name rahter than address can be used for
looking up the resources so that DNS service become needed to get answer of the
name's address. Unfortunately the DNS is not defined in any of the device path
nodes so that we use the EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL
to obtain it.

These two protcols are defined the sections of UEFI specification.

 27.5 EFI IPv4 Configuration II Protocol
 27.7 EFI IPv6 Configuration Protocol

include/grub/efi/api.h:
Add new structure and protocol UUID of EFI_IP4_CONFIG2_PROTOCOL and
EFI_IP6_CONFIG_PROTOCOL.

grub-core/net/drivers/efi/efinet.c:
Use the EFI_IP4_CONFIG2_PROTOCOL and EFI_IP6_CONFIG_PROTOCOL to obtain the list
of DNS server address for IPv4 and IPv6 respectively. The address of DNS
servers is structured into DHCPACK packet and feed into the same DHCP packet
processing functions to ensure the network interface is setting up the same way
it used to be.

Signed-off-by: Michael Chang <mchang@suse.com>
Signed-off-by: Ken Lin <ken.lin@hpe.com>

Patch-Name: efinet-set-dns-from-uefi-proto.patch

fix lockdown.patch | (download)

grub-core/loader/i386/efi/linux.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 do not overwrite sentinel byte in boot_params, breaks lockdown

grub currently copies the entire boot_params, which includes setting
sentinel byte to 0xff, which triggers sanitize_boot_params in the kernel
which in turn clears various boot_params variables, including the
indication that the bootloader chain is verified and thus the kernel
disables lockdown mode.  According to the information on the Fedora bug
tracker, only the information from byte 0x1f1 is necessary, so start
copying from there instead.

skip grub_cmd_set_date.patch | (download)

tests/grub_cmd_set_date.in | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 skip flaky grub_cmd_set_date test

Bug-Debian: https://bugs.debian.org/906470
bash completion drop have checks.patch | (download)

util/bash-completion.d/grub-completion.bash.in | 39 13 + 26 - 0 !
1 file changed, 13 insertions(+), 26 deletions(-)

 bash-completion: drop "have" checks

These don't work with and aren't needed by dynamically-loaded
completions.

Bug-Debian: https://bugs.debian.org/912852
at_keyboard module init.patch | (download)

grub-core/term/at_keyboard.c | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 at_keyboard: initialize keyboard in module init if keyboard is ready

The change in 0c62a5b2 caused at_keyboard to fail on some
machines. Immediately initializing the keyboard in the module init if
the keyboard is ready makes the problem go away.

Bug-Debian: https://bugs.debian.org/741464
uefi secure boot cryptomount.patch | (download)

util/grub-install.c | 17 17 + 0 - 0 !
1 file changed, 17 insertions(+)

 fix setup on secure boot systems where cryptodisk is in use

On full-encrypted systems, including /boot, the current code omits
cryptodisk commands needed to open the drives if Secure Boot is enabled.
This prevents grub2 from reading any further configuration residing on
the encrypted disk.
This patch fixes this issue by adding the needed "cryptomount" commands in
the load.cfg file that is then copied in the EFI partition.

Bug-Debian: https://bugs.debian.org/917117
vsnprintf upper case hex.patch | (download)

grub-core/kern/misc.c | 7 5 + 2 - 0 !
1 file changed, 5 insertions(+), 2 deletions(-)

 add %x to grub_vsnprintf_real and friends

This is needed for UEFI Boot* variables, which the standard says are
named using upper-case hexadecimal.

Signed-off-by: Colin Watson <cjwatson@ubuntu.com>

Bug-Debian: https://bugs.debian.org/891434
efi variable storage minimise writes.patch | (download)

INSTALL | 5 5 + 0 - 0 !
Makefile.util.def | 20 20 + 0 - 0 !
configure.ac | 12 12 + 0 - 0 !
grub-core/osdep/efivar.c | 3 3 + 0 - 0 !
grub-core/osdep/unix/efivar.c | 508 508 + 0 - 0 !
grub-core/osdep/unix/platform.c | 100 7 + 93 - 0 !
include/grub/util/install.h | 5 5 + 0 - 0 !
util/grub-install.c | 4 2 + 2 - 0 !
8 files changed, 562 insertions(+), 95 deletions(-)

 minimise writes to efi variable storage

Some UEFI firmware is easily provoked into running out of space in its
variable storage.  This is usually due to certain kernel drivers (e.g.
pstore), but regardless of the cause it can cause grub-install to fail
because it currently asks efibootmgr to delete and re-add entries, and
the deletion often doesn't result in an immediate garbage collection.
Writing variables frequently also increases wear on the NVRAM which may
have limited write cycles.  For these reasons, it's desirable to find a
way to minimise writes while still allowing grub-install to ensure that
a suitable boot entry exists.

Unfortunately, efibootmgr doesn't offer an interface that would let
grub-install do this.  It doesn't in general make very much effort to
minimise writes; it doesn't allow modifying an existing Boot* variable
entry, except in certain limited ways; and current versions don't have a
way to export the expected variable data so that grub-install can
compare it to the current data.  While it would be possible (and perhaps
desirable?) to add at least some of this to efibootmgr, that would still
leave the problem that there isn't a good upstreamable way for
grub-install to guarantee that it has a new enough version of
efibootmgr.  In any case, it's cumbersome and slow for grub-install to
have to fork efibootmgr to get things done.

Fortunately, a few years ago Peter Jones helpfully factored out a
substantial part of efibootmgr to the efivar and efiboot libraries, and
so it's now possible to have grub-install use those directly.  We still
have to use some code from efibootmgr, but much less than would
previously have been necessary.

grub-install now reuses existing boot entries where possible, and avoids
writing to variables when the new contents are the same as the old
contents.  In the common upgrade case where nothing needs to change, it
no longer writes to NVRAM at all.  It's also now slightly faster, since
using libefivar is faster than forking efibootmgr.

Fixes Debian bug #891434.

Signed-off-by: Colin Watson <cjwatson@ubuntu.com>

Bug-Debian: https://bugs.debian.org/891434
no devicetree if secure boot.patch | (download)

grub-core/loader/arm/linux.c | 12 12 + 0 - 0 !
grub-core/loader/efi/fdt.c | 8 8 + 0 - 0 !
2 files changed, 20 insertions(+)

 forbid the "devicetree" command when secure boot is enabled.

Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Steve McIntyre <93sam@debian.org>

grub install removable shim.patch | (download)

util/grub-install.c | 84 67 + 17 - 0 !
1 file changed, 67 insertions(+), 17 deletions(-)

 deal with --force-extra-removable with signed shim too

In this case, we need both the signed shim as /EFI/BOOT/BOOTXXX.EFI
and signed Grub as /EFI/BOOT/grubXXX.efi.

Also install the BOOTXXX.CSV into /EFI/debian, and FBXXX.EFI into
/EFI/BOOT/ so that it can work when needed (*iff* we're updating the
NVRAM).

[cjwatson: Refactored also_install_removable somewhat for brevity and so
that we're using consistent case-insensitive logic.]

Bug-Debian: https://bugs.debian.org/930531
sparc64 fix bios boot partition support.patch | (download)

util/setup.c | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 [patch] sparc64: fix bios boot partition support

Currently, gpt_offset is uninitialised when using a BIOS Boot Partition
but is used unconditionally inside save_blocklists. Instead, ensure it
is always initialised to 0 (note that there is already separate code to
do the equivalent adjustment after we call save_blocklists on this code
path).

This patch has been tested on a T5-2 LDOM.

Signed-off-by: James Clarke <jrtc27@jrtc27.com>
Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
verifiers blocklist fallout.patch | (download)

grub-core/osdep/generic/blocklist.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 verifiers: blocklist fallout cleanup

Blocklist fallout cleanup after commit 5c6f9bc15 (generic/blocklist: Fix
implicit declaration of function grub_file_filter_disable_compression()).

Signed-off-by: David Michael <fedora.dm0@gmail.com>