1*4882a593Smuzhiyun################################################################################ 2*4882a593Smuzhiyun# 3*4882a593Smuzhiyun# grub2 4*4882a593Smuzhiyun# 5*4882a593Smuzhiyun################################################################################ 6*4882a593Smuzhiyun 7*4882a593SmuzhiyunGRUB2_VERSION = 2.04 8*4882a593SmuzhiyunGRUB2_SITE = http://ftp.gnu.org/gnu/grub 9*4882a593SmuzhiyunGRUB2_SOURCE = grub-$(GRUB2_VERSION).tar.xz 10*4882a593SmuzhiyunGRUB2_LICENSE = GPL-3.0+ 11*4882a593SmuzhiyunGRUB2_LICENSE_FILES = COPYING 12*4882a593SmuzhiyunGRUB2_DEPENDENCIES = host-bison host-flex host-grub2 13*4882a593SmuzhiyunHOST_GRUB2_DEPENDENCIES = host-bison host-flex 14*4882a593SmuzhiyunGRUB2_INSTALL_IMAGES = YES 15*4882a593Smuzhiyun 16*4882a593Smuzhiyun# 0001-build-Fix-GRUB-i386-pc-build-with-Ubuntu-gcc.patch and 2021/03/02 17*4882a593Smuzhiyun# security fixes (patches 0029-0149) 18*4882a593Smuzhiyundefine GRUB2_AVOID_AUTORECONF 19*4882a593Smuzhiyun $(Q)touch $(@D)/Makefile.util.am 20*4882a593Smuzhiyun $(Q)touch $(@D)/aclocal.m4 21*4882a593Smuzhiyun $(Q)touch $(@D)/Makefile.in 22*4882a593Smuzhiyun $(Q)touch $(@D)/configure 23*4882a593Smuzhiyunendef 24*4882a593SmuzhiyunGRUB2_POST_PATCH_HOOKS += GRUB2_AVOID_AUTORECONF 25*4882a593SmuzhiyunHOST_GRUB2_POST_PATCH_HOOKS += GRUB2_AVOID_AUTORECONF 26*4882a593Smuzhiyun 27*4882a593Smuzhiyun# 0002-yylex-Make-lexer-fatal-errors-actually-be-fatal.patch 28*4882a593SmuzhiyunGRUB2_IGNORE_CVES += CVE-2020-10713 29*4882a593Smuzhiyun# 0005-calloc-Use-calloc-at-most-places.patch 30*4882a593SmuzhiyunGRUB2_IGNORE_CVES += CVE-2020-14308 31*4882a593Smuzhiyun# 0006-malloc-Use-overflow-checking-primitives-where-we-do-.patch 32*4882a593SmuzhiyunGRUB2_IGNORE_CVES += CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 33*4882a593Smuzhiyun# 0019-script-Avoid-a-use-after-free-when-redefining-a-func.patch 34*4882a593SmuzhiyunGRUB2_IGNORE_CVES += CVE-2020-15706 35*4882a593Smuzhiyun# 0028-linux-Fix-integer-overflows-in-initrd-size-handling.patch 36*4882a593SmuzhiyunGRUB2_IGNORE_CVES += CVE-2020-15707 37*4882a593Smuzhiyun# 2021/03/02 security fixes - patches 0029-0149 38*4882a593SmuzhiyunGRUB2_IGNORE_CVES += CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 \ 39*4882a593Smuzhiyun CVE-2020-27779 CVE-2021-3418 CVE-2021-20225 CVE-2021-20233 40*4882a593Smuzhiyun# 0039-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch 41*4882a593SmuzhiyunGRUB2_IGNORE_CVES += CVE-2020-14372 42*4882a593Smuzhiyun# CVE-2019-14865 is about a flaw in the grub2-set-bootflag tool, which 43*4882a593Smuzhiyun# doesn't exist upstream, but is added by the Redhat/Fedora 44*4882a593Smuzhiyun# packaging. Not applicable to Buildroot. 45*4882a593SmuzhiyunGRUB2_IGNORE_CVES += CVE-2019-14865 46*4882a593Smuzhiyun# CVE-2020-15705 is related to a flaw in the use of the 47*4882a593Smuzhiyun# grub_linuxefi_secure_validate(), which was added by Debian/Ubuntu 48*4882a593Smuzhiyun# patches. The issue doesn't affect upstream Grub, and 49*4882a593Smuzhiyun# grub_linuxefi_secure_validate() is not implemented in the grub2 50*4882a593Smuzhiyun# version available in Buildroot. 51*4882a593SmuzhiyunGRUB2_IGNORE_CVES += CVE-2020-15705 52*4882a593Smuzhiyun 53*4882a593Smuzhiyunifeq ($(BR2_TARGET_GRUB2_INSTALL_TOOLS),y) 54*4882a593SmuzhiyunGRUB2_INSTALL_TARGET = YES 55*4882a593Smuzhiyunelse 56*4882a593SmuzhiyunGRUB2_INSTALL_TARGET = NO 57*4882a593Smuzhiyunendif 58*4882a593SmuzhiyunGRUB2_CPE_ID_VENDOR = gnu 59*4882a593Smuzhiyun 60*4882a593SmuzhiyunGRUB2_BUILTIN_MODULES_PC = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_MODULES_PC)) 61*4882a593SmuzhiyunGRUB2_BUILTIN_MODULES_EFI = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_MODULES_EFI)) 62*4882a593SmuzhiyunGRUB2_BUILTIN_CONFIG_PC = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_CONFIG_PC)) 63*4882a593SmuzhiyunGRUB2_BUILTIN_CONFIG_EFI = $(call qstrip,$(BR2_TARGET_GRUB2_BUILTIN_CONFIG_EFI)) 64*4882a593SmuzhiyunGRUB2_BOOT_PARTITION = $(call qstrip,$(BR2_TARGET_GRUB2_BOOT_PARTITION)) 65*4882a593Smuzhiyun 66*4882a593SmuzhiyunGRUB2_IMAGE_i386-pc = $(BINARIES_DIR)/grub.img 67*4882a593SmuzhiyunGRUB2_CFG_i386-pc = $(TARGET_DIR)/boot/grub/grub.cfg 68*4882a593SmuzhiyunGRUB2_PREFIX_i386-pc = ($(GRUB2_BOOT_PARTITION))/boot/grub 69*4882a593SmuzhiyunGRUB2_TARGET_i386-pc = i386 70*4882a593SmuzhiyunGRUB2_PLATFORM_i386-pc = pc 71*4882a593SmuzhiyunGRUB2_BUILTIN_CONFIG_i386-pc = $(GRUB2_BUILTIN_CONFIG_PC) 72*4882a593SmuzhiyunGRUB2_BUILTIN_MODULES_i386-pc = $(GRUB2_BUILTIN_MODULES_PC) 73*4882a593SmuzhiyunGRUB2_TUPLES-$(BR2_TARGET_GRUB2_I386_PC) += i386-pc 74*4882a593Smuzhiyun 75*4882a593SmuzhiyunGRUB2_IMAGE_i386-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/bootia32.efi 76*4882a593SmuzhiyunGRUB2_CFG_i386-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/grub.cfg 77*4882a593SmuzhiyunGRUB2_PREFIX_i386-efi = /EFI/BOOT 78*4882a593SmuzhiyunGRUB2_TARGET_i386-efi = i386 79*4882a593SmuzhiyunGRUB2_PLATFORM_i386-efi = efi 80*4882a593SmuzhiyunGRUB2_BUILTIN_CONFIG_i386-efi = $(GRUB2_BUILTIN_CONFIG_EFI) 81*4882a593SmuzhiyunGRUB2_BUILTIN_MODULES_i386-efi = $(GRUB2_BUILTIN_MODULES_EFI) 82*4882a593SmuzhiyunGRUB2_TUPLES-$(BR2_TARGET_GRUB2_I386_EFI) += i386-efi 83*4882a593Smuzhiyun 84*4882a593SmuzhiyunGRUB2_IMAGE_x86_64-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/bootx64.efi 85*4882a593SmuzhiyunGRUB2_CFG_x86_64-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/grub.cfg 86*4882a593SmuzhiyunGRUB2_PREFIX_x86_64-efi = /EFI/BOOT 87*4882a593SmuzhiyunGRUB2_TARGET_x86_64-efi = x86_64 88*4882a593SmuzhiyunGRUB2_PLATFORM_x86_64-efi = efi 89*4882a593SmuzhiyunGRUB2_BUILTIN_CONFIG_x86_64-efi = $(GRUB2_BUILTIN_CONFIG_EFI) 90*4882a593SmuzhiyunGRUB2_BUILTIN_MODULES_x86_64-efi = $(GRUB2_BUILTIN_MODULES_EFI) 91*4882a593SmuzhiyunGRUB2_TUPLES-$(BR2_TARGET_GRUB2_X86_64_EFI) += x86_64-efi 92*4882a593Smuzhiyun 93*4882a593SmuzhiyunGRUB2_IMAGE_arm-uboot = $(BINARIES_DIR)/boot-part/grub/grub.img 94*4882a593SmuzhiyunGRUB2_CFG_arm-uboot = $(BINARIES_DIR)/boot-part/grub/grub.cfg 95*4882a593SmuzhiyunGRUB2_PREFIX_arm-uboot = ($(GRUB2_BOOT_PARTITION))/boot/grub 96*4882a593SmuzhiyunGRUB2_TARGET_arm-uboot = arm 97*4882a593SmuzhiyunGRUB2_PLATFORM_arm-uboot = uboot 98*4882a593SmuzhiyunGRUB2_BUILTIN_CONFIG_arm-uboot = $(GRUB2_BUILTIN_CONFIG_PC) 99*4882a593SmuzhiyunGRUB2_BUILTIN_MODULES_arm-uboot = $(GRUB2_BUILTIN_MODULES_PC) 100*4882a593SmuzhiyunGRUB2_TUPLES-$(BR2_TARGET_GRUB2_ARM_UBOOT) += arm-uboot 101*4882a593Smuzhiyun 102*4882a593SmuzhiyunGRUB2_IMAGE_arm-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/bootarm.efi 103*4882a593SmuzhiyunGRUB2_CFG_arm-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/grub.cfg 104*4882a593SmuzhiyunGRUB2_PREFIX_arm-efi = /EFI/BOOT 105*4882a593SmuzhiyunGRUB2_TARGET_arm-efi = arm 106*4882a593SmuzhiyunGRUB2_PLATFORM_arm-efi = efi 107*4882a593SmuzhiyunGRUB2_BUILTIN_CONFIG_arm-efi = $(GRUB2_BUILTIN_CONFIG_EFI) 108*4882a593SmuzhiyunGRUB2_BUILTIN_MODULES_arm-efi = $(GRUB2_BUILTIN_MODULES_EFI) 109*4882a593SmuzhiyunGRUB2_TUPLES-$(BR2_TARGET_GRUB2_ARM_EFI) += arm-efi 110*4882a593Smuzhiyun 111*4882a593SmuzhiyunGRUB2_IMAGE_arm64-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/bootaa64.efi 112*4882a593SmuzhiyunGRUB2_CFG_arm64-efi = $(BINARIES_DIR)/efi-part/EFI/BOOT/grub.cfg 113*4882a593SmuzhiyunGRUB2_PREFIX_arm64-efi = /EFI/BOOT 114*4882a593SmuzhiyunGRUB2_TARGET_arm64-efi = aarch64 115*4882a593SmuzhiyunGRUB2_PLATFORM_arm64-efi = efi 116*4882a593SmuzhiyunGRUB2_BUILTIN_CONFIG_arm64-efi = $(GRUB2_BUILTIN_CONFIG_EFI) 117*4882a593SmuzhiyunGRUB2_BUILTIN_MODULES_arm64-efi = $(GRUB2_BUILTIN_MODULES_EFI) 118*4882a593SmuzhiyunGRUB2_TUPLES-$(BR2_TARGET_GRUB2_ARM64_EFI) += arm64-efi 119*4882a593Smuzhiyun 120*4882a593Smuzhiyun# Grub2 is kind of special: it considers CC, LD and so on to be the 121*4882a593Smuzhiyun# tools to build the host programs and uses TARGET_CC, TARGET_CFLAGS, 122*4882a593Smuzhiyun# TARGET_CPPFLAGS, TARGET_LDFLAGS to build the bootloader itself. 123*4882a593Smuzhiyun# 124*4882a593Smuzhiyun# NOTE: TARGET_STRIP is overridden by !BR2_STRIP_strip, so always 125*4882a593Smuzhiyun# use the cross compile variant to ensure grub2 builds 126*4882a593Smuzhiyun 127*4882a593SmuzhiyunHOST_GRUB2_CONF_ENV = \ 128*4882a593Smuzhiyun CPP="$(HOSTCC) -E" 129*4882a593Smuzhiyun 130*4882a593SmuzhiyunGRUB2_CONF_ENV = \ 131*4882a593Smuzhiyun CPP="$(TARGET_CC) -E" \ 132*4882a593Smuzhiyun TARGET_CC="$(TARGET_CC)" \ 133*4882a593Smuzhiyun CFLAGS="$(TARGET_CFLAGS) -Os" \ 134*4882a593Smuzhiyun TARGET_CFLAGS="$(TARGET_CFLAGS) -Os" \ 135*4882a593Smuzhiyun CPPFLAGS="$(TARGET_CPPFLAGS) -Os -fno-stack-protector" \ 136*4882a593Smuzhiyun TARGET_CPPFLAGS="$(TARGET_CPPFLAGS) -Os -fno-stack-protector" \ 137*4882a593Smuzhiyun TARGET_LDFLAGS="$(TARGET_LDFLAGS) -Os" \ 138*4882a593Smuzhiyun TARGET_NM="$(TARGET_NM)" \ 139*4882a593Smuzhiyun TARGET_OBJCOPY="$(TARGET_OBJCOPY)" \ 140*4882a593Smuzhiyun TARGET_STRIP="$(TARGET_CROSS)strip" 141*4882a593Smuzhiyun 142*4882a593SmuzhiyunHOST_GRUB2_CONF_OPTS = \ 143*4882a593Smuzhiyun --with-platform=none \ 144*4882a593Smuzhiyun --disable-grub-mkfont \ 145*4882a593Smuzhiyun --enable-efiemu=no \ 146*4882a593Smuzhiyun ac_cv_lib_lzma_lzma_code=no \ 147*4882a593Smuzhiyun --enable-device-mapper=no \ 148*4882a593Smuzhiyun --enable-libzfs=no \ 149*4882a593Smuzhiyun --disable-werror 150*4882a593Smuzhiyun 151*4882a593Smuzhiyundefine GRUB2_CONFIGURE_CMDS 152*4882a593Smuzhiyun $(foreach tuple, $(GRUB2_TUPLES-y), \ 153*4882a593Smuzhiyun @$(call MESSAGE,Configuring $(tuple)) 154*4882a593Smuzhiyun mkdir -p $(@D)/build-$(tuple) 155*4882a593Smuzhiyun cd $(@D)/build-$(tuple) && \ 156*4882a593Smuzhiyun $(TARGET_CONFIGURE_OPTS) \ 157*4882a593Smuzhiyun $(TARGET_CONFIGURE_ARGS) \ 158*4882a593Smuzhiyun $(GRUB2_CONF_ENV) \ 159*4882a593Smuzhiyun ../configure \ 160*4882a593Smuzhiyun --target=$(GRUB2_TARGET_$(tuple)) \ 161*4882a593Smuzhiyun --with-platform=$(GRUB2_PLATFORM_$(tuple)) \ 162*4882a593Smuzhiyun --host=$(GNU_TARGET_NAME) \ 163*4882a593Smuzhiyun --build=$(GNU_HOST_NAME) \ 164*4882a593Smuzhiyun --prefix=/ \ 165*4882a593Smuzhiyun --exec-prefix=/ \ 166*4882a593Smuzhiyun --disable-grub-mkfont \ 167*4882a593Smuzhiyun --enable-efiemu=no \ 168*4882a593Smuzhiyun ac_cv_lib_lzma_lzma_code=no \ 169*4882a593Smuzhiyun --enable-device-mapper=no \ 170*4882a593Smuzhiyun --enable-libzfs=no \ 171*4882a593Smuzhiyun --disable-werror 172*4882a593Smuzhiyun ) 173*4882a593Smuzhiyunendef 174*4882a593Smuzhiyun 175*4882a593Smuzhiyundefine GRUB2_BUILD_CMDS 176*4882a593Smuzhiyun $(foreach tuple, $(GRUB2_TUPLES-y), \ 177*4882a593Smuzhiyun @$(call MESSAGE,Building $(tuple)) 178*4882a593Smuzhiyun $(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/build-$(tuple) 179*4882a593Smuzhiyun ) 180*4882a593Smuzhiyunendef 181*4882a593Smuzhiyun 182*4882a593Smuzhiyundefine GRUB2_INSTALL_IMAGES_CMDS 183*4882a593Smuzhiyun $(foreach tuple, $(GRUB2_TUPLES-y), \ 184*4882a593Smuzhiyun @$(call MESSAGE,Installing $(tuple) to images directory) 185*4882a593Smuzhiyun mkdir -p $(dir $(GRUB2_IMAGE_$(tuple))) 186*4882a593Smuzhiyun $(HOST_DIR)/usr/bin/grub-mkimage \ 187*4882a593Smuzhiyun -d $(@D)/build-$(tuple)/grub-core/ \ 188*4882a593Smuzhiyun -O $(tuple) \ 189*4882a593Smuzhiyun -o $(GRUB2_IMAGE_$(tuple)) \ 190*4882a593Smuzhiyun -p "$(GRUB2_PREFIX_$(tuple))" \ 191*4882a593Smuzhiyun $(if $(GRUB2_BUILTIN_CONFIG_$(tuple)), \ 192*4882a593Smuzhiyun -c $(GRUB2_BUILTIN_CONFIG_$(tuple))) \ 193*4882a593Smuzhiyun $(GRUB2_BUILTIN_MODULES_$(tuple)) 194*4882a593Smuzhiyun $(INSTALL) -D -m 0644 boot/grub2/grub.cfg $(GRUB2_CFG_$(tuple)) 195*4882a593Smuzhiyun $(if $(findstring $(GRUB2_PLATFORM_$(tuple)), pc), \ 196*4882a593Smuzhiyun cat $(@D)/build-$(tuple)/grub-core/cdboot.img $(GRUB2_IMAGE_$(tuple)) > \ 197*4882a593Smuzhiyun $(BINARIES_DIR)/grub-eltorito.img 198*4882a593Smuzhiyun ) \ 199*4882a593Smuzhiyun ) 200*4882a593Smuzhiyunendef 201*4882a593Smuzhiyun 202*4882a593Smuzhiyunifeq ($(BR2_TARGET_GRUB2_INSTALL_TOOLS),y) 203*4882a593Smuzhiyundefine GRUB2_INSTALL_TARGET_CMDS 204*4882a593Smuzhiyun $(foreach tuple, $(GRUB2_TUPLES-y), \ 205*4882a593Smuzhiyun @$(call MESSAGE,Installing $(tuple) to target directory) 206*4882a593Smuzhiyun $(TARGET_MAKE_ENV) $(MAKE) -C $(@D)/build-$(tuple) DESTDIR=$(TARGET_DIR) install 207*4882a593Smuzhiyun ) 208*4882a593Smuzhiyunendef 209*4882a593Smuzhiyunendif 210*4882a593Smuzhiyun 211*4882a593Smuzhiyun$(eval $(generic-package)) 212*4882a593Smuzhiyun$(eval $(host-autotools-package)) 213