lf-edge
diff --git a/‎pkg/grub/Dockerfile‎
Lines changed: 14 additions & 18 deletions b/‎pkg/grub/Dockerfile‎
Lines changed: 14 additions & 18 deletions
diff --git a/‎pkg/grub/patches-2.12/0001-Making-it-possible-to-export-variables-from-inner-co.patch‎
Lines changed: 39 additions & 0 deletions b/‎pkg/grub/patches-2.12/0001-Making-it-possible-to-export-variables-from-inner-co.patch‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎pkg/grub/patches-2.12/0002-Adding-a-capability-of-a-GRUB-cat-command-to-deposit.patch‎
Lines changed: 64 additions & 0 deletions b/‎pkg/grub/patches-2.12/0002-Adding-a-capability-of-a-GRUB-cat-command-to-deposit.patch‎
Lines changed: 64 additions & 0 deletions
diff --git a/‎pkg/grub/patches-2.12/0003-set-cmddevice.patch‎
Lines changed: 26 additions & 0 deletions b/‎pkg/grub/patches-2.12/0003-set-cmddevice.patch‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎pkg/grub/patches-2.12/0004-Put-removable-hard-drives-detected-by-UEFI-at-the-en.patch‎
Lines changed: 118 additions & 0 deletions b/‎pkg/grub/patches-2.12/0004-Put-removable-hard-drives-detected-by-UEFI-at-the-en.patch‎
Lines changed: 118 additions & 0 deletions
@@ -19,52 +19,48 @@ ENV BUILD_PKGS="automake \
                patch \
                gettext-dev \
                bash \
-               gawk"
-ENV BUILD_PKGS_arm64=coreutils
-ENV BUILD_PKGS_riscv64=coreutils
+               gawk \
+               coreutils"
 RUN eve-alpine-deploy.sh
 
 # list of grub modules that are portable between x86_64 and aarch64
 ENV GRUB_MODULES_PORT="part_gpt fat ext2 iso9660 squash4 gzio linux acpi normal cpio crypto disk boot crc64 \
-search_disk_uuid search_part_label search_label xzio xfs video gfxterm serial gptprio chain probe reboot regexp smbios \
+search_disk_uuid search_part_uuid search_part_label search_label xzio xfs video gfxterm serial gptprio chain probe reboot regexp smbios \
 part_msdos cat echo test configfile loopback net tftp http true"
 
 FROM grub-build-base AS grub-build-amd64
-ENV GRUB_MODULES="multiboot multiboot2 efi_uga efi_gop linuxefi gpt verify gcry_sha256 measurefs efinet getenv"
-ENV GRUB_MODULES_i386_pc="multiboot multiboot2 biosdisk gpt verify"
-ENV GRUB_COMMIT=71f9e4ac44142af52c3fc1860436cf9e432bf764
-ENV GRUB_PATCHES=patches
+ENV GRUB_MODULES="multiboot multiboot2 efi_uga efi_gop gpt measurefs efinet getenv"
+ENV GRUB_MODULES_i386_pc="multiboot multiboot2 biosdisk gpt"
+ENV GRUB_COMMIT=grub-2.12
+ENV GRUB_PATCHES=patches-2.12
 # colon separates a platform from an additional option.
 # this is far from perfect, but it works for now.
 ENV GRUB_PLATFORM="efi pc:--disable-efiemu"
 
 FROM grub-build-base AS grub-build-arm64
-ENV GRUB_MODULES="xen_boot efi_gop gpt gcry_sha256 measurefs efinet"
-ENV GRUB_COMMIT=grub-2.06
-ENV GRUB_PATCHES="patches-2.06 patches-aarch64-2.06"
+ENV GRUB_MODULES="xen_boot efi_gop gpt measurefs efinet getenv"
+ENV GRUB_COMMIT=grub-2.12
+ENV GRUB_PATCHES=patches-2.12
 ENV GRUB_PLATFORM=efi
 
 FROM grub-build-base AS grub-build-riscv64
 ENV GRUB_MODULES="efinet"
-ENV GRUB_COMMIT=grub-2.06
-ENV GRUB_PATCHES="patches-2.06 patches-riscv64-2.06"
+ENV GRUB_COMMIT=grub-2.12
+ENV GRUB_PATCHES=patches-2.12
 ENV GRUB_PLATFORM=efi
 
 # hadolint ignore=DL3006
 FROM grub-build-${TARGETARCH} AS grub-build
 
 ENV GRUB_REPO=git://git.git.savannah.gnu.org/grub.git
 
-COPY patches /patches
-COPY patches-2.06  /patches-2.06
-COPY patches-aarch64-2.06 /patches-aarch64-2.06
-COPY patches-riscv64-2.06 /patches-riscv64-2.06
+COPY patches-2.12 /patches-2.12
 # because python is not available
 RUN ln -s python3 /usr/bin/python && \
     mkdir /grub-lib
 
 ADD --keep-git-dir ${GRUB_REPO}#${GRUB_COMMIT} /grub
-ENV GNULIB_REVISION=d271f868a8df9bbec29049d01e056481b7a1a263
+ENV GNULIB_REVISION=9f48fb992a3d7e96610c4ce8be969cff2d61a01b
 ADD --keep-git-dir https://github.com/coreutils/gnulib.git#${GNULIB_REVISION} /gnulib
 
 # hadolint ignore=DL3003,SC2086
 
@@ -0,0 +1,39 @@
+From c2b3f20ca867812a414199a9bf50d861f0869eb2 Mon Sep 17 00:00:00 2001
+From: Vedant Paranjape <22630228+VedantParanjape@users.noreply.github.com>
+Date: Tue, 26 Oct 2021 22:18:49 +0530
+Subject: [PATCH 01/15] Making it possible to export variables from inner
+ contexts of GRUB
+
+Signed-off-by: Roman Shaposhnik <rvs@zededa.com>
+---
+ grub-core/normal/context.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/grub-core/normal/context.c b/grub-core/normal/context.c
+index ba185e915..4f13186f1 100644
+--- a/grub-core/normal/context.c
++++ b/grub-core/normal/context.c
+@@ -129,6 +129,20 @@ grub_env_context_close (void)
+ 
+       for (p = grub_current_context->vars[i]; p; p = q)
+ 	{
++	  if (p->global)
++	    {
++	      /* Set and export all global variables inside
++		 the calling/previous context.  */
++	      struct grub_env_context *tmp_context = grub_current_context;
++	      grub_current_context = grub_current_context->prev;
++	      if (grub_env_set (p->name, p->value) == GRUB_ERR_NONE)
++		{
++		  grub_env_export (p->name);
++		  grub_register_variable_hook (p->name, p->read_hook, p->write_hook);
++		}
++	      grub_current_context = tmp_context;
++	    }
++
+ 	  q = p->next;
+           grub_free (p->name);
+ 	  grub_free (p->value);
+-- 
+2.43.0
+
@@ -0,0 +1,64 @@
+From df8c8393afc5cd65440eb4ecca1d634968ab2da4 Mon Sep 17 00:00:00 2001
+From: Vedant Paranjape <22630228+VedantParanjape@users.noreply.github.com>
+Date: Tue, 26 Oct 2021 22:22:13 +0530
+Subject: [PATCH 02/15] Adding a capability of a GRUB cat command to deposit to
+ a var, not stdout
+
+Signed-off-by: Roman Shaposhnik <rvs@zededa.com>
+---
+ grub-core/commands/cat.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/grub-core/commands/cat.c b/grub-core/commands/cat.c
+index 2b67c1c7f..316d0c97d 100644
+--- a/grub-core/commands/cat.c
++++ b/grub-core/commands/cat.c
+@@ -20,6 +20,7 @@
+ #include <grub/dl.h>
+ #include <grub/file.h>
+ #include <grub/disk.h>
++#include <grub/env.h>
+ #include <grub/term.h>
+ #include <grub/misc.h>
+ #include <grub/extcmd.h>
+@@ -31,6 +32,7 @@ GRUB_MOD_LICENSE ("GPLv3+");
+ static const struct grub_arg_option options[] =
+   {
+     {"dos", -1, 0, N_("Accept DOS-style CR/NL line endings."), 0, 0},
++    {"set", 's', 0, N_("Read content of the file into a variable."), N_("VARNAME"), ARG_TYPE_STRING },
+     {0, 0, 0, 0, 0, 0}
+   };
+ 
+@@ -60,6 +62,20 @@ grub_cmd_cat (grub_extcmd_context_t ctxt, int argc, char **args)
+   if (! file)
+     return grub_errno;
+ 
++  if (ctxt->state[1].set) {
++    size = grub_file_read (file, buf, sizeof (buf));
++    if (size < 0 || (grub_size_t)size >= sizeof (buf)) {
++      return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("can't read more than disk block size into variable"));
++    }
++    buf[size]='\0';
++    for (;size;size--) {
++      if (buf[size] == '\n' || buf[size] == '\r')
++        buf[size]=0;
++    }
++    grub_env_set(ctxt->state[1].arg, (const char *)buf);
++    goto exit;
++  }
++
+   while ((size = grub_file_read (file, buf, sizeof (buf))) > 0
+ 	 && key != GRUB_TERM_ESC)
+     {
+@@ -150,6 +166,8 @@ grub_cmd_cat (grub_extcmd_context_t ctxt, int argc, char **args)
+ 
+   grub_xputs ("\n");
+   grub_refresh ();
++
++exit:
+   grub_file_close (file);
+ 
+   return 0;
+-- 
+2.43.0
+
@@ -0,0 +1,26 @@
+From 6950ceb177c23f6860f6b03f68c2e768ec124390 Mon Sep 17 00:00:00 2001
+From: Petr Fedchenkov <giggsoff@gmail.com>
+Date: Thu, 3 Mar 2022 13:00:27 +0100
+Subject: [PATCH 03/15] set cmddevice
+
+---
+ grub-core/kern/main.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/grub-core/kern/main.c b/grub-core/kern/main.c
+index 731c07c29..2eb9b4125 100644
+--- a/grub-core/kern/main.c
++++ b/grub-core/kern/main.c
+@@ -132,6 +132,9 @@ grub_set_prefix_and_root (void)
+     {
+       char *cmdpath;
+ 
++      grub_env_set ("cmddevice", fwdevice);
++      grub_env_export ("cmddevice");
++
+       cmdpath = grub_xasprintf ("(%s)%s", fwdevice, fwpath ? : "");
+       if (cmdpath)
+ 	{
+-- 
+2.43.0
+
@@ -0,0 +1,118 @@
+From 81a999c42425abd47b3ac195813367f46f659bcb Mon Sep 17 00:00:00 2001
+From: Mikhail Malyshev <mikem@zededa.com>
+Date: Tue, 30 May 2023 13:59:05 +0000
+Subject: [PATCH 04/15] Put removable hard drives detected by UEFI at the end
+ of the drive list
+
+When grub queries for available disks it doesn't take into account that
+the disk can be removable e.g. USB stick. The disk can appear in front of regular
+HDDs and the numbering will be different e.g. hd0 become hd1 when the
+USB stick is plugged in. It is not a problem for GRUB to find a correct
+partition in this case and the system can be booted just fine. However
+every command from grub.cfg is measured into PCR8 while being executed
+and HDD names appear in those commands e.g. 'set root=(hd2,gpt5)'. If
+any key is sealed into TPM using PCR8 then that key cannot be unsealed when a
+random USB stick is inserted (or removed if it was inserted when the key
+was sealed)
+
+The original issue should not affect PC BIOS case because USB devices
+are usually emulated as either CD or floppy drives and have their unique
+numbering
+
+The behaviour is controlled by reorder_removable_media flag set through
+eve_quirks environment variable
+
+Signed-off-by: Mikhail Malyshev <mikem@zededa.com>
+---
+ grub-core/disk/efi/efidisk.c | 49 ++++++++++++++++++++++++++++++------
+ 1 file changed, 41 insertions(+), 8 deletions(-)
+
+diff --git a/grub-core/disk/efi/efidisk.c b/grub-core/disk/efi/efidisk.c
+index 3b5ed5691..e8e102fcc 100644
+--- a/grub-core/disk/efi/efidisk.c
++++ b/grub-core/disk/efi/efidisk.c
+@@ -41,6 +41,7 @@ static grub_guid_t block_io_guid = GRUB_EFI_BLOCK_IO_GUID;
+ 
+ static struct grub_efidisk_data *fd_devices;
+ static struct grub_efidisk_data *hd_devices;
++static struct grub_efidisk_data *hd_removable_devices;
+ static struct grub_efidisk_data *cd_devices;
+ 
+ static struct grub_efidisk_data *
+@@ -262,14 +263,25 @@ name_devices (struct grub_efidisk_data *devices)
+ 		  }
+ 		if (is_hard_drive)
+ 		  {
++                    if (parent->block_io->media->removable_media == 1)
++                       {
+ #ifdef DEBUG_NAMES
+-		    grub_printf ("adding a hard drive by a partition: ");
+-		    grub_efi_print_device_path (parent->device_path);
++                        grub_printf("adding a REMOVABLE hard drive by a partition: ");
++                        grub_efi_print_device_path(parent->device_path);
+ #endif
+-		    add_device (&hd_devices, parent);
+-		  }
+-		else
+-		  {
++                        add_device(&hd_removable_devices, parent);
++                      }
++                    else
++                      {
++#ifdef DEBUG_NAMES
++                        grub_printf("adding a hard drive by a partition: ");
++                        grub_efi_print_device_path(parent->device_path);
++#endif
++                        add_device(&hd_devices, parent);
++                      }
++                  }
++                else
++                  {
+ #ifdef DEBUG_NAMES
+ 		    grub_printf ("adding a cdrom by a partition: ");
+ 		    grub_efi_print_device_path (parent->device_path);
+@@ -365,9 +377,28 @@ name_devices (struct grub_efidisk_data *devices)
+ 	  grub_printf ("adding a hard drive by guessing: ");
+ 	  grub_efi_print_device_path (d->device_path);
+ #endif
+-	  add_device (&hd_devices, d);
+-	}
++          if (m->removable_media == 0)
++            {
++              add_device(&hd_devices, d);
++            }
++          else
++            {
++              add_device(&hd_removable_devices, d);
++            }
++        }
+     }
++    // link the removable devices to the end of the hd_devices list
++    if (hd_devices)
++      {
++        struct grub_efidisk_data *p;
++        for (p = hd_devices; p->next; p = p->next)
++          ;
++        p->next = hd_removable_devices;
++      }
++    else
++      {
++        hd_devices = hd_removable_devices;
++      }
+ }
+ 
+ static void
+@@ -657,8 +688,10 @@ grub_efidisk_fini (void)
+   free_devices (fd_devices);
+   free_devices (hd_devices);
+   free_devices (cd_devices);
++  // do not free hd_removable_devices, as it is a subset of hd_devices
+   fd_devices = 0;
+   hd_devices = 0;
++  hd_removable_devices = 0;
+   cd_devices = 0;
+   grub_disk_dev_unregister (&grub_efidisk_dev);
+ }
+-- 
+2.43.0
+