From 908a3e71137970eaa927be7b646ead3ac17ce084 Mon Sep 17 00:00:00 2001
From: Qiumiao Zhang <zhangqiumiao1@huawei.com>
Date: Tue, 9 Apr 2024 13:59:26 +0000
Subject: [PATCH] sync patches from 22.03-LTS-Next

Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
---
 grub.patches                | 38 ++++++++-------
 grub2.spec                  |  9 +++-
 support-TPM2.0.patch        | 97 +++++++++++++++++++++++++++++++++++++
 use-default-timestamp.patch | 57 ++++++++++++++++++++++
 4 files changed, 182 insertions(+), 19 deletions(-)
 create mode 100644 support-TPM2.0.patch
 create mode 100644 use-default-timestamp.patch

diff --git a/grub.patches b/grub.patches
index 5295d23..0292498 100644
--- a/grub.patches
+++ b/grub.patches
@@ -202,21 +202,23 @@ Patch201:       0002-ofdisk-add-early_log-support.patch
 Patch202:       0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch
 Patch203:       grub2-bash-completion-2.12.patch
 Patch204:       0010-re-write-.gitignore.patch
-Patch205:	disable-some-unsupported-filesystems.patch
-Patch206:	remove-the-items-of-unsupported-filesystems-in-fs.ls.patch
-Patch207:	backport-Read-etc-default-grub.d-.cfg-after-etc-default-grub.patch
-Patch208:	modify-klist-in-10_linux.in.patch
-Patch209:	0019-Add-fw_path-variable-revised.patch
-Patch210:	0024-Don-t-say-GNU-Linux-in-generated-menus.patch
-Patch211:	0026-Don-t-require-a-password-to-boot-entries-generated-b.patch
-Patch212:	0028-use-fw_path-prefix-when-fallback-searching-for-grub-.patch
-Patch213:	0029-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch
-Patch214:	0030-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch
-Patch215:	0032-Try-prefix-if-fw_path-doesn-t-work.patch
-Patch216:	0034-Make-grub2-mkconfig-construct-titles-that-look-like-.patch
-Patch217:	0035-Add-friendly-grub2-password-config-tool-985962.patch
-Patch218:	grub2-set-password-prompts-to-enter-the-current-pass.patch
-Patch219:	add-TPCM-support-with-ipmi-channel.patch
-Patch220:	skip-verification-when-not-loading-grub.cfg.patch
-Patch221:	fix-setupmode-not-available-in-some-machine.patch
-Patch222:	fix-compressed-kernel-verification-failed.patch
+Patch205:       disable-some-unsupported-filesystems.patch
+Patch206:       remove-the-items-of-unsupported-filesystems-in-fs.ls.patch
+Patch207:       backport-Read-etc-default-grub.d-.cfg-after-etc-default-grub.patch
+Patch208:       modify-klist-in-10_linux.in.patch
+Patch209:       0019-Add-fw_path-variable-revised.patch
+Patch210:       0024-Don-t-say-GNU-Linux-in-generated-menus.patch
+Patch211:       0026-Don-t-require-a-password-to-boot-entries-generated-b.patch
+Patch212:       0028-use-fw_path-prefix-when-fallback-searching-for-grub-.patch
+Patch213:       0029-Try-mac-guid-etc-before-grub.cfg-on-tftp-config-file.patch
+Patch214:       0030-Generate-OS-and-CLASS-in-10_linux-from-etc-os-releas.patch
+Patch215:       0032-Try-prefix-if-fw_path-doesn-t-work.patch
+Patch216:       0034-Make-grub2-mkconfig-construct-titles-that-look-like-.patch
+Patch217:       0035-Add-friendly-grub2-password-config-tool-985962.patch
+Patch218:       grub2-set-password-prompts-to-enter-the-current-pass.patch
+Patch219:       add-TPCM-support-with-ipmi-channel.patch
+Patch220:       skip-verification-when-not-loading-grub.cfg.patch
+Patch221:       fix-setupmode-not-available-in-some-machine.patch
+Patch222:       fix-compressed-kernel-verification-failed.patch
+Patch223:       support-TPM2.0.patch
+Patch224:       use-default-timestamp.patch
diff --git a/grub2.spec b/grub2.spec
index b4bb1de..b21aa7d 100644
--- a/grub2.spec
+++ b/grub2.spec
@@ -14,7 +14,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.12
-Release:	7
+Release:	8
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@@ -447,6 +447,13 @@ fi
 %{_datadir}/man/man*
 
 %changelog
+* Tue Apr 9 2024 zhangqiumiao <zhangqiumiao1@huawei.com> - 1:2.12-8
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:support TPM2.0
+       use default timestamp
+
 * Mon Apr 8 2024 zhangqiumiao <zhangqiumiao1@huawei.com> - 1:2.12-7
 - Type:bugfix
 - CVE:NA
diff --git a/support-TPM2.0.patch b/support-TPM2.0.patch
new file mode 100644
index 0000000..e5ad77e
--- /dev/null
+++ b/support-TPM2.0.patch
@@ -0,0 +1,97 @@
+From f3d9f0413e8c7304b5bb4a0e927a6608504f2795 Mon Sep 17 00:00:00 2001
+From: gaoyusong <gaoyusong1@huawei.com>
+Date: Thu, 13 May 2021 18:34:23 +0800
+Subject: [PATCH] support TPM2.0
+
+---
+ grub-core/kern/verifiers.c | 26 ++++++++++++++++++++------
+ grub-core/script/execute.c | 12 +++++++++++-
+ 2 files changed, 31 insertions(+), 7 deletions(-)
+
+diff --git a/grub-core/kern/verifiers.c b/grub-core/kern/verifiers.c
+index 75d7994..1d3ca2b 100644
+--- a/grub-core/kern/verifiers.c
++++ b/grub-core/kern/verifiers.c
+@@ -84,9 +84,15 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
+   grub_file_t ret = 0;
+   grub_err_t err;
+   int defer = 0;
++  int grub_env_flag = 0;
++  char *ptr = NULL;
+ 
+   grub_dprintf ("verify", "file: %s type: %d\n", io->name, type);
+ 
++  ptr = grub_strstr(io->name, "grubenv");
++  if (ptr)
++    grub_env_flag = 1;
++
+   if ((type & GRUB_FILE_TYPE_MASK) == GRUB_FILE_TYPE_SIGNATURE
+       || (type & GRUB_FILE_TYPE_MASK) == GRUB_FILE_TYPE_VERIFY_SIGNATURE
+       || (type & GRUB_FILE_TYPE_SKIP_SIGNATURE))
+@@ -148,6 +154,8 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
+   verified->buf = grub_malloc (ret->size);
+   if (!verified->buf)
+     {
++      grub_error (GRUB_ERR_OUT_OF_MEMORY,
++            "cannot allocate verified buffer, the %s is too large\n", io->name);
+       goto fail;
+     }
+   if (grub_file_read (io, verified->buf, ret->size) != (grub_ssize_t) ret->size)
+@@ -158,9 +166,12 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
+       goto fail;
+     }
+ 
+-  err = ver->write (context, verified->buf, ret->size);
+-  if (err)
+-    goto fail;
++  if (!grub_env_flag)
++    {
++      err = ver->write (context, verified->buf, ret->size);
++      if (err)
++        goto fail;
++    }
+ 
+   err = ver->fini ? ver->fini (context) : GRUB_ERR_NONE;
+   if (err)
+@@ -179,9 +190,12 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type)
+ 	  /* Verification done earlier. So, we are happy here. */
+ 	  flags & GRUB_VERIFY_FLAGS_DEFER_AUTH)
+ 	continue;
+-      err = ver->write (context, verified->buf, ret->size);
+-      if (err)
+-	goto fail;
++      if (!grub_env_flag)
++        {
++          err = ver->write (context, verified->buf, ret->size);
++          if (err)
++            goto fail;
++        }
+ 
+       err = ver->fini ? ver->fini (context) : GRUB_ERR_NONE;
+       if (err)
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index 0c6dd9c..3e761c4 100644
+--- a/grub-core/script/execute.c
++++ b/grub-core/script/execute.c
+@@ -1002,7 +1002,17 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
+ 			       argv.args[i]);
+     }
+   cmdstring[cmdlen - 1] = '\0';
+-  grub_verify_string (cmdstring, GRUB_VERIFY_COMMAND);
++
++  if (grub_strncmp(cmdstring, "[ 0 = 1 ]", 9) == 0) {
++    char res_str[] = "[  = 1 ]";
++    grub_verify_string (res_str, GRUB_VERIFY_COMMAND);
++  } else if (grub_strncmp(cmdstring, "[ 0 = 1 -o  = 1 ]", 17) == 0) {
++    char res_str[] = "[  = 1 -o  = 1 ]";
++    grub_verify_string (res_str, GRUB_VERIFY_COMMAND);
++  } else {
++    grub_verify_string (cmdstring, GRUB_VERIFY_COMMAND);
++  }
++
+   grub_free (cmdstring);
+   invert = 0;
+   argc = argv.argc - 1;
+-- 
+2.19.1
+
diff --git a/use-default-timestamp.patch b/use-default-timestamp.patch
new file mode 100644
index 0000000..6196ab9
--- /dev/null
+++ b/use-default-timestamp.patch
@@ -0,0 +1,57 @@
+From 62cb96c5b34bfa68ad3d7ffe3f3098d8cd08f83f Mon Sep 17 00:00:00 2001
+From: zhouyihang <zhouyihang3@huawei.com>
+Date: Thu, 10 Jun 2021 20:01:54 +0800
+Subject: [PATCH] use default timestamp
+
+---
+ docs/grub-dev.texi | 4 ++--
+ docs/grub.texi     | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi
+index 9008377..874b3ea 100644
+--- a/docs/grub-dev.texi
++++ b/docs/grub-dev.texi
+@@ -18,7 +18,7 @@
+ 
+ @copying
+ This developer manual is for GNU GRUB (version @value{VERSION},
+-@value{UPDATED}).
++24 June 2019).
+ 
+ Copyright @copyright{} 1999,2000,2001,2002,2004,2005,2006,2008,2009,2010,2011 Free Software Foundation, Inc.
+ 
+@@ -40,7 +40,7 @@ Invariant Sections.
+ @titlepage
+ @sp 10
+ @title the GNU GRUB developer manual
+-@subtitle The GRand Unified Bootloader, version @value{VERSION}, @value{UPDATED}.
++@subtitle The GRand Unified Bootloader, version @value{VERSION}, 24 June 2019.
+ @author Yoshinori K. Okuji
+ @author Colin D Bennett
+ @author Vesa Jääskeläinen
+diff --git a/docs/grub.texi b/docs/grub.texi
+index a4da9c2..79055be 100644
+--- a/docs/grub.texi
++++ b/docs/grub.texi
+@@ -18,7 +18,7 @@
+ 
+ @copying
+ This manual is for GNU GRUB (version @value{VERSION},
+-@value{UPDATED}).
++24 June 2019).
+ 
+ Copyright @copyright{} 1999,2000,2001,2002,2004,2006,2008,2009,2010,2011,2012,2013 Free Software Foundation, Inc.
+ 
+@@ -48,7 +48,7 @@ Invariant Sections.
+ @titlepage
+ @sp 10
+ @title the GNU GRUB manual
+-@subtitle The GRand Unified Bootloader, version @value{VERSION}, @value{UPDATED}.
++@subtitle The GRand Unified Bootloader, version @value{VERSION}, 24 June 2019).
+ @author Gordon Matzigkeit
+ @author Yoshinori K. Okuji
+ @author Colin Watson
+-- 
+2.19.1
+
-- 
Gitee