diff --git a/fix-compressed-kernel-verification-failed.patch b/fix-compressed-kernel-verification-failed.patch new file mode 100644 index 0000000000000000000000000000000000000000..fa97f9670e9163da31f0cf648044cabbe02e42a8 --- /dev/null +++ b/fix-compressed-kernel-verification-failed.patch @@ -0,0 +1,29 @@ +From 0a73812b9ba12f8af4909b952751d6d5f4fd2dd2 Mon Sep 17 00:00:00 2001 +From: Qiumiao Zhang +Date: Sat, 23 Jul 2022 19:54:34 +0800 +Subject: [PATCH] fix compressed kernel verification failed + +Signed-off-by: Yusong Gao +--- + include/grub/file.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/grub/file.h b/include/grub/file.h +index daf23a9..5279e7d 100644 +--- a/include/grub/file.h ++++ b/include/grub/file.h +@@ -187,10 +187,10 @@ typedef enum grub_file_filter_id + { + GRUB_FILE_FILTER_DISTRUST, + GRUB_FILE_FILTER_NOCAT, +- GRUB_FILE_FILTER_VERIFY, + GRUB_FILE_FILTER_GZIO, + GRUB_FILE_FILTER_XZIO, + GRUB_FILE_FILTER_LZOPIO, ++ GRUB_FILE_FILTER_VERIFY, + GRUB_FILE_FILTER_MAX, + GRUB_FILE_FILTER_COMPRESSION_FIRST = GRUB_FILE_FILTER_GZIO, + GRUB_FILE_FILTER_COMPRESSION_LAST = GRUB_FILE_FILTER_LZOPIO, +-- +2.33.0 + diff --git a/fix-setupmode-not-available-in-some-machine.patch b/fix-setupmode-not-available-in-some-machine.patch new file mode 100644 index 0000000000000000000000000000000000000000..bfa78299248625576bf91b324e42b0cc70179647 --- /dev/null +++ b/fix-setupmode-not-available-in-some-machine.patch @@ -0,0 +1,48 @@ +From 4fc72f509627da808b452eb1186282237c449b65 Mon Sep 17 00:00:00 2001 +From: fengtao +Date: Tue, 22 Mar 2022 22:22:22 +0800 +Subject: [PATCH] fix setupmode not available in some machine + +In some machine, there is no setupmode variable, so we should +give setupmode a default vaule: setup_mode = 0 + +if we cannot get setupmode variable, we use setup_mode instead. + +--- + grub-core/kern/efi/sb.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c +index c52ec62..f58fb13 100644 +--- a/grub-core/kern/efi/sb.c ++++ b/grub-core/kern/efi/sb.c +@@ -50,6 +50,7 @@ grub_efi_get_secureboot (void) + grub_uint8_t *moksbstate = NULL; + grub_uint8_t secureboot = GRUB_EFI_SECUREBOOT_MODE_UNKNOWN; + const char *secureboot_str = "UNKNOWN"; ++ grub_uint8_t setup_mode = 0; + + status = grub_efi_get_variable ("SecureBoot", &efi_variable_guid, + &size, (void **) &secboot); +@@ -67,9 +68,16 @@ grub_efi_get_secureboot (void) + &size, (void **) &setupmode); + + if (status != GRUB_EFI_SUCCESS) +- goto out; ++ { ++ grub_dprintf ("efi", "No SetupMode variable\n"); ++ } ++ else ++ { ++ grub_dprintf ("efi", "SetupMode: %d\n", *setupmode); ++ setup_mode = *setupmode; ++ } + +- if ((*secboot == 0) || (*setupmode == 1)) ++ if ((*secboot == 0) || (setup_mode == 1)) + { + secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED; + goto out; +-- +2.23.0 + diff --git a/grub.patches b/grub.patches index d6547be8777ceb9d51484e4d52d0a1d115059732..5295d23c0bc385cb75bf26cddd0bbbd21928003c 100644 --- a/grub.patches +++ b/grub.patches @@ -218,3 +218,5 @@ Patch217: 0035-Add-friendly-grub2-password-config-tool-985962.patch Patch218: grub2-set-password-prompts-to-enter-the-current-pass.patch Patch219: add-TPCM-support-with-ipmi-channel.patch Patch220: skip-verification-when-not-loading-grub.cfg.patch +Patch221: fix-setupmode-not-available-in-some-machine.patch +Patch222: fix-compressed-kernel-verification-failed.patch diff --git a/grub2.spec b/grub2.spec index 6f087eff260ecc78444fa78d2d57d165b5b55518..b4bb1de76cab4a4792be0e40a3ae9cdbc4095cbe 100644 --- a/grub2.spec +++ b/grub2.spec @@ -14,7 +14,7 @@ Name: grub2 Epoch: 1 Version: 2.12 -Release: 6 +Release: 7 Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -447,6 +447,12 @@ fi %{_datadir}/man/man* %changelog +* Mon Apr 8 2024 zhangqiumiao - 1:2.12-7 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix compressed kernel verification failed + * Fri Mar 22 2024 jinlun - 1:2.12-6 - Type:requirement - CVE:NA