| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
gcc15 has -Wunterminated-string-initialization in -Wextra and
warns about string constants that are not null terminated even though
the functions do do out of bounds access.
Silence the warnings by simply not providing an explicit size.
|
| |
|
|
| |
Follow-up for dcac1e4a9ba231d8e88d36dbecf3d8b6c9b07cb2.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A PE image's memory footprint might be larger than its file size due
to uninitialized memory sections. Normally all PE headers should be
parsed to check the actual required size, but the legacy EFI handover
protocol is only used for x86 Linux bzImages, so we know only the last
section will require extra memory. Use SizeOfImage from the PE header
and if it is larger than the file size, allocate and zero extra memory
before using it.
Fixes https://github.com/systemd/systemd/issues/33816
|
| |
|
|
|
|
|
|
|
|
|
| |
The original CVM detection logic for TDX assumes that the guest can see
the standard TDX CPUID leaf. This was true in Azure when this code was
originally written, however, current Azure now blocks that leaf in the
paravisor. Instead it is required to use the same Azure specific CPUID
leaf that is used for SEV-SNP detection, which reports the VM isolation
type.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
It's time. sd-json was already done earlier in this cycle, let's now
make sd-varlink public too.
This is mostly just a search/replace job of epical proportions.
I left some functions internal (mostly IDL handling), and I turned some
static inline calls into regular calls.
|
| | |
|
| |
|
|
| |
This is VFAT world after all.
|
| |
|
|
| |
This extends #31872 to also load microcode from addon files.
|
| |
|
|
|
|
|
|
|
| |
* stub: mem fixes in devicetree addon handling
Two bugs here: The elements are of size `DevicetreeAddon`, not `size_t`,
and `[]` binds stronger than `*`. This means the first element is ok,
but the second corrupts the stack.
Found this while refactoring #32463
|
| |
|
|
|
|
|
| |
An smbios object with no variable part is a special case, it's just
suffixed with two NUL btes. handle that properly.
This is inspired by a similar fix from https://github.com/systemd/systemd/pull/29726
|
| |
|
|
|
|
|
|
|
| |
Follow up for 8b3b01c4b7e0fde39b4be354990ee68f5e612c52
We switch to PROJECT_VERSION instead of PROJECT_VERSION_FULL where
we report our version and which is likely being parsed to avoid
breaking compat. If we didn't, the output would change from systemd
255 to systemd 255.1 which could break various tools.
|
| |\
| |
| | |
sd-boot,sd-stub: a variety of smaller fixes
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The patch is originally from Brenton Simpson, I (Lennart) just added some
comments and rebased it.
I didn't test this, but the patch looks so obviously right to me, that
I think we should just merge it, instead of delaying this further. In
the worst case noone notices, in the best case this makes sd-boot work
reasonably nicely on devices that only have a hadware power key + volume
rocker.
Fixes: #30598
Replaces: #31135
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
At this point we have a clearer model:
* systemd-measure should be used for measuring UKIs on vendor build
systems, i.e. only cover stuff predictable by the OS vendor, and
identical on all systems. And that is pretty much only PCR 11.
* systemd-pcrlock should cover the other PCRs, which carry inherently
local information, and can only be predicted locally and not already
on vendor build systems.
Because of that, let's not bother with any PCRs except for 11 in
systemd-measure. This was added at a time where systemd-pcrlock didn't
exist yet, and hence it wasn't clear how this will play out in the end.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Let's simplify the code a bit, and parse Type 2 entries in a function of
its own, separate from the directory enumeration.
This closely follows a similar split we did a long time ago for Type 1.
This is just refactoring, no real code change.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While we write data to this parameter, it's not really a return
parameter, we after all do not fully set it, we just fill in some
fields. Hence it must be initialized beforehand.
According to our coding style only parameters that are purely used for
returning something should be named "ret_xyz", hence this one should not
be.
(We'll later rely on the current behaviour that it leaves array entries
for which we find no sections untouched, hence leave behaviour as is,
just rename the parameters to something more appropriate).
(Since we are dropping the "ret_" prefix of "ret_sections", let's rename
the old "section" parameter at the same time to "section_names", to make
clearer what it is about).
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The GIT_VERSION is changed to use VERSION_TAG, but in case of cross build
for src/boot/efi, it's not set, causing build error because the compiler cannot
know it's a macro thus treating it as some variable and error out.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
| |/
|
|
|
| |
The meson.version file might contain e.g. 256.2~devel in a stable
branch so let's make sure we deal with that.
|
| |
|
|
|
|
|
|
| |
Be explicit with the type, and more inline with our other code, that
likes to indicate the string char width in the name.
Also, switch to a fixed size type, since EFI variables should really be
binary exact the same on all archs.
|
| |
|
|
|
|
| |
These functions after all write EFI UTF-16 strings, i.e. are relatively
high-level, hence give them a specific name indicating the type, to
match our other helpers that have similar type suffixes.
|
| |
|
|
|
| |
We don't actually want chars here, but rather raw bytes, in particular
to avoid signedness issues. Hence, let's use uint8_t here.
|
| |
|
|
|
|
|
| |
This is the "raw", untyped version after all, hence we should return a
void pointer, and let the client cast, if they know more.
Replaces: #30812
|
| |
|
|
|
|
| |
These are quite a bunch of functions, let's give them their own file.
No code changes, just some trivial refactoring.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two ways to get the command line: from the EFI shell,
preparsed, already split at whitespace. This we just combine with
spaces, since kernel wants it as one string.
And as one command line blob which is how we are invoked otherwise and
which comes with all kinds of whitespace quite likely.
Let's only strip leading and trailing whitespace in the latter case,
given it's likely the concatenation of whitespace separated strings
generated by shell scripts and such. But let's not strip it we already
received a preparsed array.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We have very similar code for setting generic efi vars in sd-stub and
sd-boot. Let's share it.
This changes behaviour in a minor way: if you chainload multiple
versions of an sd-boot you'll see the efi vars of the first one now in
the OS, not of the last one.
But this should not matter, invocation like that should generally not
happen.
|
| |
|
|
|
| |
Always put the success path at least indentation, and indent the error
paths.
|
| | |
|
| |
|
|
| |
sectin into char* string
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Always pass the pointer through so that the functions combine the flags
directly, instead of doing that in the caller.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Let's do the section measurement first, before we use any data of it.
Let's bring up the boot splash next, so that it covers anything else we
might do.
|
| | |
|
| | |
|
| |
|
|
|
| |
Instead of keeping the lists for the global and per-UKI addons separate
throughout, just merge them. We apply them in the same order after all.
|
| | |
|
| |
|
|
|
|
| |
Instead of keeping three parallel arrays of dt base, dt size and dt
filename, just introduce a proper structure and use an array of that,
greatly simplifying DT handling.
|
| | |
|
