systemd-stub fails to boot when loaded via peimage
Bug #2057679 reported by
Mate Kukri
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
grub2-unsigned (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Mantic |
Fix Released
|
Undecided
|
Unassigned | ||
Noble |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
systemd-stub fails to boot when loaded via peimage.
This is because peimage internally allocates an ImageHandle for images it starts and loads. systemd-stub will then pass its own ImageHandle as ParentImageHandle to the firmware's LoadImage() function to load and start the embedded Linux kernel.
The UEFI spec doesn't elaborate on this being allowed or not, but it seems like edk2 based firmwares try to locate private data attached to such a ParentImageHandle, then assert.
Related branches
~ubuntu-uefi-team/grub/+git/ubuntu:ubuntu
Merged
into
~ubuntu-core-dev/grub/+git/ubuntu:ubuntu
at
revision f1625e10dda448f9592c1f2b3142a43cf9b5d46b
- Julian Andres Klode: Pending requested
-
Diff: 2339 lines (+1674/-237)24 files modifieddebian/build-efi-images (+6/-0)
debian/changelog (+26/-0)
debian/control (+2/-0)
debian/grub-sort-version (+2/-2)
debian/patches/grub-sort-version.patch (+16/-1)
debian/patches/kern-efi-mm-Change-grub_efi_allocate_pages_real-to-call-s.patch (+36/-0)
debian/patches/kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-track-.patch (+69/-0)
debian/patches/kern-efi-mm-Detect-calls-to-grub_efi_drop_alloc-with-wron.patch (+34/-0)
debian/patches/nx/efi-Disallow-fallback-to-legacy-Linux-loader-when-shim-sa.patch (+116/-0)
debian/patches/nx/modules-Don-t-allocate-space-for-non-allocable-sections.patch (+37/-0)
debian/patches/nx/modules-load-module-sections-at-page-aligned-addresses.patch (+390/-0)
debian/patches/nx/modules-strip-.llvm_addrsig-sections-and-similar.patch (+41/-0)
debian/patches/nx/nx-add-memory-attribute-get-set-API.patch (+252/-0)
debian/patches/nx/nx-set-page-permissions-for-loaded-modules.patch (+222/-0)
debian/patches/nx/nx-set-the-nx-compatible-flag-in-EFI-grub-images.patch (+49/-0)
debian/patches/nx/peimage-Add-memory-attribute-support.patch (+132/-0)
debian/patches/secure-boot/efi-use-peimage-shim.patch (+151/-227)
debian/patches/series (+11/-0)
debian/patches/suse-grub.texi-add-net_bootp6-document.patch (+3/-3)
debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch (+1/-1)
debian/patches/ubuntu-support-initrd-less-boot.patch (+1/-1)
debian/rules (+3/-0)
debian/sbat.ubuntu.csv.in (+2/-2)
debian/test_grub_sort_version.py (+72/-0)
CVE References
description: | updated |
Changed in grub2-unsigned (Ubuntu Mantic): | |
status: | New → Invalid |
status: | Invalid → Fix Committed |
To post a comment you must log in.
This bug was fixed in the package grub2-unsigned - 2.12-1ubuntu7
---------------
grub2-unsigned (2.12-1ubuntu7) noble; urgency=medium
* d/p/grub- sort-version. patch: Also patch grub-mkconfig to export GRUB_FLAVOUR_ORDER sort-version: Update regex to correctly match kernel flavour sort-version: Append `-0` to abi strings before passing to python-apt (Fixes LP: #2041827) grub2-unsigned
* d/grub-
* d/grub-
* debian/: Add tests for grub-sort-version
* Revert peimage to re-use GRUB's image handle (LP: #2057679) (LP: #2054127)
* Increase SBAT level to "grub.ubuntu,2" and "grub.peimage,2"
* d/build-efi-images: Make sure downstream didn't remove peimage SBAT entry
* SECURITY UPDATE: Use-after-free in peimage module [LP: #2054127]
- CVE-2024-2312
* Source package generated from src:grub2 using make -f ./debian/rules
generate-
-- Mate Kukri <email address hidden> Thu, 04 Apr 2024 11:12:35 +0100