1################################################################################ 2# 3# grub2 4# 5################################################################################ 6 7GRUB2_VERSION = 2.04 8GRUB2_SITE = http://ftp.gnu.org/gnu/grub 9GRUB2_SOURCE = grub-$(GRUB2_VERSION).tar.xz 10GRUB2_LICENSE = GPL-3.0+ 11GRUB2_LICENSE_FILES = COPYING 12GRUB2_DEPENDENCIES = host-bison host-flex host-grub2 13HOST_GRUB2_DEPENDENCIES = host-bison host-flex 14GRUB2_INSTALL_IMAGES = YES 15 16# 0001-build-Fix-GRUB-i386-pc-build-with-Ubuntu-gcc.patch and 2021/03/02 17# security fixes (patches 0029-0149) 18define GRUB2_AVOID_AUTORECONF 19 $(Q)touch $(@D)/Makefile.util.am 20 $(Q)touch $(@D)/aclocal.m4 21 $(Q)touch $(@D)/Makefile.in 22 $(Q)touch $(@D)/configure 23endef 24GRUB2_POST_PATCH_HOOKS += GRUB2_AVOID_AUTORECONF 25HOST_GRUB2_POST_PATCH_HOOKS += GRUB2_AVOID_AUTORECONF 26 27# 0002-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch 28GRUB2_IGNORE_CVES += CVE-2020-10713 29# 0005-calloc-Use-calloc-at-most-places.patch 30GRUB2_IGNORE_CVES += CVE-2020-14308 31# 0006-malloc-Use-overflow-checking-primitives-where-we-do-.patch 32GRUB2_IGNORE_CVES += CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 33# 0019-script-Avoid-a-use-after-free-when-redefining-a-func.patch 34GRUB2_IGNORE_CVES += CVE-2020-15706 35# 0028-linux-Fix-integer-overflows-in-initrd-size-handling.patch 36GRUB2_IGNORE_CVES += CVE-2020-15707 37# 2021/03/02 security fixes - patches 0029-0149 38GRUB2_IGNORE_CVES += CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 \ 39 CVE-2020-27779 CVE-2021-3418 CVE-2021-20225 CVE-2021-20233 40# 0039-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch 41GRUB2_IGNORE_CVES += CVE-2020-14372 42# CVE-2019-14865 is about a flaw in the grub2-set-bootflag tool, which 43# doesn't exist upstream, but is added by the Redhat/Fedora 44# packaging. Not applicable to Buildroot. 45GRUB2_IGNORE_CVES += CVE-2019-14865 46# CVE-2020-15705 is related to a flaw in the use of the 47# grub_linuxefi_secure_validate(), which was added by Debian/Ubuntu 48# patches. The issue doesn't affect upstream Grub, and 49# grub_linuxefi_secure_validate() is not implemented in the grub2 50# version available in Buildroot. 51GRUB2_IGNORE_CVES += CVE-2020-15705 52 53ifeq ($(BR2_TARGET_GRUB2_INSTALL_TOOLS),y) 54GRUB2_INSTALL_TARGET = YES 55else 56GRUB2_INSTALL_TARGET = NO 57endif 58GRUB2_CPE_ID_VENDOR = gnu 59 60GRUB2_BUILTIN_MODULES_PC = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_MODULES_PC)) 61GRUB2_BUILTIN_MODULES_EFI = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_MODULES_EFI)) 62GRUB2_BUILTIN_CONFIG_PC = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_CONFIG_PC)) 63GRUB2_BUILTIN_CONFIG_EFI = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_CONFIG_EFI)) 64GRUB2_BOOT_PARTITION = $(call qstrip,$(BR2_TARGET_GRUB2_BOOT_PARTITION)) 65 66GRUB2_IMAGE_i386-pc = $(BINARIES_DIR)/grub.img 67GRUB2_CFG_i386-pc = $(TARGET_DIR)/boot/grub/grub.cfg 68GRUB2_PREFIX_i386-pc = ($(GRUB2_BOOT_PARTITION))/boot/grub 69GRUB2_TARGET_i386-pc = i386 70GRUB2_PLATFORM_i386-pc = pc 71GRUB2_BUILTIN_CONFIG_i386-pc = $(GRUB2_BUILTIN_CONFIG_PC) 72GRUB2_BUILTIN_MODULES_i386-pc = $(GRUB2_BUILTIN_MODULES_PC) 73GRUB2_TUPLES-$(BR2_TARGET_GRUB2_I386_PC) += i386-pc 74 75GRUB2_IMAGE_i386-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/bootia32.efi 76GRUB2_CFG_i386-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/grub.cfg 77GRUB2_PREFIX_i386-efi = /EFI/BOOT 78GRUB2_TARGET_i386-efi = i386 79GRUB2_PLATFORM_i386-efi = efi 80GRUB2_BUILTIN_CONFIG_i386-efi = $(GRUB2_BUILTIN_CONFIG_EFI) 81GRUB2_BUILTIN_MODULES_i386-efi = $(GRUB2_BUILTIN_MODULES_EFI) 82GRUB2_TUPLES-$(BR2_TARGET_GRUB2_I386_EFI) += i386-efi 83 84GRUB2_IMAGE_x86_64-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/bootx64.efi 85GRUB2_CFG_x86_64-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/grub.cfg 86GRUB2_PREFIX_x86_64-efi = /EFI/BOOT 87GRUB2_TARGET_x86_64-efi = x86_64 88GRUB2_PLATFORM_x86_64-efi = efi 89GRUB2_BUILTIN_CONFIG_x86_64-efi = $(GRUB2_BUILTIN_CONFIG_EFI) 90GRUB2_BUILTIN_MODULES_x86_64-efi = $(GRUB2_BUILTIN_MODULES_EFI) 91GRUB2_TUPLES-$(BR2_TARGET_GRUB2_X86_64_EFI) += x86_64-efi 92 93GRUB2_IMAGE_arm-uboot = $(BINARIES_DIR)/boot-part/grub/grub.img 94GRUB2_CFG_arm-uboot = $(BINARIES_DIR)/boot-part/grub/grub.cfg 95GRUB2_PREFIX_arm-uboot = ($(GRUB2_BOOT_PARTITION))/boot/grub 96GRUB2_TARGET_arm-uboot = arm 97GRUB2_PLATFORM_arm-uboot = uboot 98GRUB2_BUILTIN_CONFIG_arm-uboot = $(GRUB2_BUILTIN_CONFIG_PC) 99GRUB2_BUILTIN_MODULES_arm-uboot = $(GRUB2_BUILTIN_MODULES_PC) 100GRUB2_TUPLES-$(BR2_TARGET_GRUB2_ARM_UBOOT) += arm-uboot 101 102GRUB2_IMAGE_arm-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/bootarm.efi 103GRUB2_CFG_arm-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/grub.cfg 104GRUB2_PREFIX_arm-efi = /EFI/BOOT 105GRUB2_TARGET_arm-efi = arm 106GRUB2_PLATFORM_arm-efi = efi 107GRUB2_BUILTIN_CONFIG_arm-efi = $(GRUB2_BUILTIN_CONFIG_EFI) 108GRUB2_BUILTIN_MODULES_arm-efi = $(GRUB2_BUILTIN_MODULES_EFI) 109GRUB2_TUPLES-$(BR2_TARGET_GRUB2_ARM_EFI) += arm-efi 110 111GRUB2_IMAGE_arm64-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/bootaa64.efi 112GRUB2_CFG_arm64-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/grub.cfg 113GRUB2_PREFIX_arm64-efi = /EFI/BOOT 114GRUB2_TARGET_arm64-efi = aarch64 115GRUB2_PLATFORM_arm64-efi = efi 116GRUB2_BUILTIN_CONFIG_arm64-efi = $(GRUB2_BUILTIN_CONFIG_EFI) 117GRUB2_BUILTIN_MODULES_arm64-efi = $(GRUB2_BUILTIN_MODULES_EFI) 118GRUB2_TUPLES-$(BR2_TARGET_GRUB2_ARM64_EFI) += arm64-efi 119 120# Grub2 is kind of special: it considers CC, LD and so on to be the 121# tools to build the host programs and uses TARGET_CC, TARGET_CFLAGS, 122# TARGET_CPPFLAGS, TARGET_LDFLAGS to build the bootloader itself. 123# 124# NOTE: TARGET_STRIP is overridden by !BR2_STRIP_strip, so always 125# use the cross compile variant to ensure grub2 builds 126 127HOST_GRUB2_CONF_ENV = \ 128 CPP="$(HOSTCC) -E" 129 130GRUB2_CONF_ENV = \ 131 CPP="$(TARGET_CC) -E" \ 132 TARGET_CC="$(TARGET_CC)" \ 133 CFLAGS="$(TARGET_CFLAGS) -Os" \ 134 TARGET_CFLAGS="$(TARGET_CFLAGS) -Os" \ 135 CPPFLAGS="$(TARGET_CPPFLAGS) -Os -fno-stack-protector" \ 136 TARGET_CPPFLAGS="$(TARGET_CPPFLAGS) -Os -fno-stack-protector" \ 137 TARGET_LDFLAGS="$(TARGET_LDFLAGS) -Os" \ 138 TARGET_NM="$(TARGET_NM)" \ 139 TARGET_OBJCOPY="$(TARGET_OBJCOPY)" \ 140 TARGET_STRIP="$(TARGET_CROSS)strip" 141 142HOST_GRUB2_CONF_OPTS = \ 143 --with-platform=none \ 144 --disable-grub-mkfont \ 145 --enable-efiemu=no \ 146 ac_cv_lib_lzma_lzma_code=no \ 147 --enable-device-mapper=no \ 148 --enable-libzfs=no \ 149 --disable-werror 150 151define GRUB2_CONFIGURE_CMDS 152 $(foreach tuple, $(GRUB2_TUPLES-y), \ 153 @$(call MESSAGE,Configuring $(tuple)) 154 mkdir -p $(@D)/build-$(tuple) 155 cd $(@D)/build-$(tuple) && \ 156 $(TARGET_CONFIGURE_OPTS) \ 157 $(TARGET_CONFIGURE_ARGS) \ 158 $(GRUB2_CONF_ENV) \ 159 ../configure \ 160 --target=$(GRUB2_TARGET_$(tuple)) \ 161 --with-platform=$(GRUB2_PLATFORM_$(tuple)) \ 162 --host=$(GNU_TARGET_NAME) \ 163 --build=$(GNU_HOST_NAME) \ 164 --prefix=/ \ 165 --exec-prefix=/ \ 166 --disable-grub-mkfont \ 167 --enable-efiemu=no \ 168 ac_cv_lib_lzma_lzma_code=no \ 169 --enable-device-mapper=no \ 170 --enable-libzfs=no \ 171 --disable-werror 172 ) 173endef 174 175define GRUB2_BUILD_CMDS 176 $(foreach tuple, $(GRUB2_TUPLES-y), \ 177 @$(call MESSAGE,Building $(tuple)) 178 $(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/build-$(tuple) 179 ) 180endef 181 182define GRUB2_INSTALL_IMAGES_CMDS 183 $(foreach tuple, $(GRUB2_TUPLES-y), \ 184 @$(call MESSAGE,Installing $(tuple) to images directory) 185 mkdir -p $(dir $(GRUB2_IMAGE_$(tuple))) 186 $(HOST_DIR)/usr/bin/grub-mkimage \ 187 -d $(@D)/build-$(tuple)/grub-core/ \ 188 -O $(tuple) \ 189 -o $(GRUB2_IMAGE_$(tuple)) \ 190 -p "$(GRUB2_PREFIX_$(tuple))" \ 191 $(if $(GRUB2_BUILTIN_CONFIG_$(tuple)), \ 192 -c $(GRUB2_BUILTIN_CONFIG_$(tuple))) \ 193 $(GRUB2_BUILTIN_MODULES_$(tuple)) 194 $(INSTALL) -D -m 0644 boot/grub2/grub.cfg $(GRUB2_CFG_$(tuple)) 195 $(if $(findstring $(GRUB2_PLATFORM_$(tuple)), pc), \ 196 cat $(@D)/build-$(tuple)/grub-core/cdboot.img $(GRUB2_IMAGE_$(tuple)) > \ 197 $(BINARIES_DIR)/grub-eltorito.img 198 ) \ 199 ) 200endef 201 202ifeq ($(BR2_TARGET_GRUB2_INSTALL_TOOLS),y) 203define GRUB2_INSTALL_TARGET_CMDS 204 $(foreach tuple, $(GRUB2_TUPLES-y), \ 205 @$(call MESSAGE,Installing $(tuple) to target directory) 206 $(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/build-$(tuple) DESTDIR=$(TARGET_DIR) install 207 ) 208endef 209endif 210 211$(eval $(generic-package)) 212$(eval $(host-autotools-package)) 213