boot/grub2: Backport 2021/03/02 securify fixes

Details: https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

As detailed in commit 7e64a050fb, it is
difficult to utilize the upstream patches directly, so a number of
patches include changes to generated files so that we don't need invoke
the gentpl.py script.

In addition to the security fixes, these required patches has been
backported:

  f76a27996 efi: Make shim_lock GUID and protocol type public
  04ae030d0 efi: Return grub_efi_status_t from grub_efi_get_variable()
  ac5c93675 efi: Add a function to read EFI variables with attributes
  d7e54b2e5 efi: Add secure boot detection

The following security issues are fixed:

CVE-2020-14372 grub2: The acpi command allows privileged user to load crafted
               ACPI tables when Secure Boot is enabled
CWE-184
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

GRUB2 enables the use of the command acpi even when Secure Boot is signaled by
the firmware. An attacker with local root privileges to can drop a small SSDT
in /boot/efi and modify grub.cfg to instruct grub to load said SSDT. The SSDT
then gets run by the kernel and it overwrites the kernel lock down configuration
enabling the attacker to load unsigned kernel modules and kexec unsigned code.

Reported-by: Máté Kukri

*******************************************************************************

CVE-2020-25632 grub2: Use-after-free in rmmod command
CWE-416
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The rmmod implementation for GRUB2 is flawed, allowing an attacker to unload
a module used as dependency without checking if any other dependent module is
still loaded. This leads to an use-after-free scenario possibly allowing an
attacker to execute arbitrary code and by-pass Secure Boot protections.

Reported-by: Chris Coulson (Canonical)

*******************************************************************************

CVE-2020-25647 grub2: Out-of-bound write in grub_usb_device_initialize()
CWE-787
6.9/CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

grub_usb_device_initialize() is called to handle USB device initialization. It
reads out the descriptors it needs from the USB device and uses that data to
fill in some USB data structures. grub_usb_device_initialize() performs very
little bounds checking and simply assumes the USB device provides sane values.
This behavior can trigger memory corruption. If properly exploited, this would
lead to arbitrary code execution allowing the attacker to by-pass Secure Boot
mechanism.

Reported-by: Joseph Tartaro (IOActive) and Ilja van Sprundel (IOActive)

*******************************************************************************

CVE-2020-27749 grub2: Stack buffer overflow in grub_parser_split_cmdline
CWE-121
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

grub_parser_split_cmdline() expands variable names present in the supplied
command line in to their corresponding variable contents and uses a 1kB stack
buffer for temporary storage without sufficient bounds checking. If the
function is called with a command line that references a variable with a
sufficiently large payload, it is possible to overflow the stack buffer,
corrupt the stack frame and control execution. An attacker may use this to
circumvent Secure Boot protections.

Reported-by: Chris Coulson (Canonical)

*******************************************************************************

CVE-2020-27779 grub2: The cutmem command allows privileged user to remove
               memory regions when Secure Boot is enabled
CWE-285
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The GRUB2's cutmem command does not honor Secure Boot locking. This allows an
privileged attacker to remove address ranges from memory creating an
opportunity to circumvent Secure Boot protections after proper triage about
grub's memory layout.

Reported-by: Teddy Reed

*******************************************************************************

CVE-2021-3418 - grub2: GRUB 2.05 reintroduced CVE-2020-15705
CWE-281
6.4/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

The GRUB2 upstream reintroduced the CVE-2020-15705. This refers to a distro
specific flaw which made upstream in the mentioned version.

If certificates that signed GRUB2 are installed into db, GRUB2 can be booted
directly. It will then boot any kernel without signature validation. The booted
kernel will think it was booted in Secure Boot mode and will implement lock
down, yet it could have been tampered.

This flaw only affects upstream and distributions using the shim_lock verifier.

Reported-by: Dimitri John Ledkov (Canonical)

*******************************************************************************

CVE-2021-20225 grub2: Heap out-of-bounds write in short form option parser
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

The option parser in GRUB2 allows an attacker to write past the end of
a heap-allocated buffer by calling certain commands with a large number
of specific short forms of options.

Reported-by: Daniel Axtens (IBM)

*******************************************************************************

CVE-2021-20233 grub2: Heap out-of-bound write due to mis-calculation of
               space required for quoting
CWE-787
7.5/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

There's a flaw on GRUB2 menu rendering code setparam_prefix() in the menu
rendering code performs a length calculation on the assumption that expressing
a quoted single quote will require 3 characters, while it actually requires
4 characters. This allow an attacker to corrupt memory by one byte for each
quote in the input.

Reported-by: Daniel Axtens (IBM)

*******************************************************************************

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

boot/grub2/0029-efi-Make-shim_lock-GUID-and-protocol-type-public.patch

@@ -0,0 +1,97 @@
+From f76a27996c34900f2c369a8a0d6ac72ae2faa988 Mon Sep 17 00:00:00 2001
+From: Daniel Kiper <daniel.kiper@oracle.com>
+Date: Thu, 3 Dec 2020 16:01:45 +0100
+Subject: [PATCH] efi: Make shim_lock GUID and protocol type public
+
+The GUID will be used to properly detect and report UEFI Secure Boot
+status to the x86 Linux kernel. The functionality will be added by
+subsequent patches. The shim_lock protocol type is made public for
+completeness.
+
+Additionally, fix formatting of four preceding GUIDs.
+
+Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/commands/efi/shim_lock.c | 12 ------------
+ include/grub/efi/api.h             | 19 +++++++++++++++----
+ 2 files changed, 15 insertions(+), 16 deletions(-)
+
+diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c
+index 764098c..d8f52d7 100644
+--- a/grub-core/commands/efi/shim_lock.c
++++ b/grub-core/commands/efi/shim_lock.c
+@@ -27,18 +27,6 @@
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+-#define GRUB_EFI_SHIM_LOCK_GUID \
+-  { 0x605dab50, 0xe046, 0x4300, \
+-    { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } \
+-  }
+-
+-struct grub_efi_shim_lock_protocol
+-{
+-  grub_efi_status_t
+-  (*verify) (void *buffer, grub_uint32_t size);
+-};
+-typedef struct grub_efi_shim_lock_protocol grub_efi_shim_lock_protocol_t;
+-
+ static grub_efi_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID;
+ static grub_efi_shim_lock_protocol_t *sl;
+ 
+diff --git a/include/grub/efi/api.h b/include/grub/efi/api.h
+index cf1355a..13e5715 100644
+--- a/include/grub/efi/api.h
++++ b/include/grub/efi/api.h
+@@ -316,22 +316,27 @@
+ 
+ #define GRUB_EFI_SAL_TABLE_GUID \
+   { 0xeb9d2d32, 0x2d88, 0x11d3, \
+-      { 0x9a, 0x16, 0x0, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \
++    { 0x9a, 0x16, 0x0, 0x90, 0x27, 0x3f, 0xc1, 0x4d } \
+   }
+ 
+ #define GRUB_EFI_HCDP_TABLE_GUID \
+   { 0xf951938d, 0x620b, 0x42ef, \
+-      { 0x82, 0x79, 0xa8, 0x4b, 0x79, 0x61, 0x78, 0x98 } \
++    { 0x82, 0x79, 0xa8, 0x4b, 0x79, 0x61, 0x78, 0x98 } \
+   }
+ 
+ #define GRUB_EFI_DEVICE_TREE_GUID \
+   { 0xb1b621d5, 0xf19c, 0x41a5, \
+-      { 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 } \
++    { 0x83, 0x0b, 0xd9, 0x15, 0x2c, 0x69, 0xaa, 0xe0 } \
+   }
+ 
+ #define GRUB_EFI_VENDOR_APPLE_GUID \
+   { 0x2B0585EB, 0xD8B8, 0x49A9,	\
+-      { 0x8B, 0x8C, 0xE2, 0x1B, 0x01, 0xAE, 0xF2, 0xB7 } \
++    { 0x8B, 0x8C, 0xE2, 0x1B, 0x01, 0xAE, 0xF2, 0xB7 } \
++  }
++
++#define GRUB_EFI_SHIM_LOCK_GUID \
++  { 0x605dab50, 0xe046, 0x4300, \
++    { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } \
+   }
+ 
+ struct grub_efi_sal_system_table
+@@ -1689,6 +1694,12 @@ struct grub_efi_block_io
+ };
+ typedef struct grub_efi_block_io grub_efi_block_io_t;
+ 
++struct grub_efi_shim_lock_protocol
++{
++  grub_efi_status_t (*verify) (void *buffer, grub_uint32_t size);
++};
++typedef struct grub_efi_shim_lock_protocol grub_efi_shim_lock_protocol_t;
++
+ #if (GRUB_TARGET_SIZEOF_VOID_P == 4) || defined (__ia64__) \
+   || defined (__aarch64__) || defined (__MINGW64__) || defined (__CYGWIN__) \
+   || defined(__riscv)
+-- 
+2.14.2
+

boot/grub2/0030-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch

@@ -0,0 +1,149 @@
+From 04ae030d0eea8668d4417702d88bf2cf04713d80 Mon Sep 17 00:00:00 2001
+From: Daniel Kiper <daniel.kiper@oracle.com>
+Date: Thu, 3 Dec 2020 16:01:46 +0100
+Subject: [PATCH] efi: Return grub_efi_status_t from grub_efi_get_variable()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This is needed to properly detect and report UEFI Secure Boot status
+to the x86 Linux kernel. The functionality will be added by subsequent
+patches.
+
+Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/commands/efi/efifwsetup.c |  8 ++++----
+ grub-core/kern/efi/efi.c            | 16 +++++++++-------
+ grub-core/video/efi_gop.c           |  2 +-
+ include/grub/efi/efi.h              |  7 ++++---
+ 4 files changed, 18 insertions(+), 15 deletions(-)
+
+diff --git a/grub-core/commands/efi/efifwsetup.c b/grub-core/commands/efi/efifwsetup.c
+index 7a137a72a..eaca03283 100644
+--- a/grub-core/commands/efi/efifwsetup.c
++++ b/grub-core/commands/efi/efifwsetup.c
+@@ -38,8 +38,8 @@ grub_cmd_fwsetup (grub_command_t cmd __attribute__ ((unused)),
+   grub_size_t oi_size;
+   grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID;
+ 
+-  old_os_indications = grub_efi_get_variable ("OsIndications", &global,
+-					      &oi_size);
++  grub_efi_get_variable ("OsIndications", &global, &oi_size,
++			 (void **) &old_os_indications);
+ 
+   if (old_os_indications != NULL && oi_size == sizeof (os_indications))
+     os_indications |= *old_os_indications;
+@@ -63,8 +63,8 @@ efifwsetup_is_supported (void)
+   grub_size_t oi_size = 0;
+   grub_efi_guid_t global = GRUB_EFI_GLOBAL_VARIABLE_GUID;
+ 
+-  os_indications_supported = grub_efi_get_variable ("OsIndicationsSupported",
+-						    &global, &oi_size);
++  grub_efi_get_variable ("OsIndicationsSupported", &global, &oi_size,
++			 (void **) &os_indications_supported);
+ 
+   if (!os_indications_supported)
+     return 0;
+diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
+index e0165e74c..9403b12cd 100644
+--- a/grub-core/kern/efi/efi.c
++++ b/grub-core/kern/efi/efi.c
+@@ -223,9 +223,9 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid,
+   return grub_error (GRUB_ERR_IO, "could not set EFI variable `%s'", var);
+ }
+ 
+-void *
++grub_efi_status_t
+ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
+-		       grub_size_t *datasize_out)
++		       grub_size_t *datasize_out, void **data_out)
+ {
+   grub_efi_status_t status;
+   grub_efi_uintn_t datasize = 0;
+@@ -234,13 +234,14 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
+   void *data;
+   grub_size_t len, len16;
+ 
++  *data_out = NULL;
+   *datasize_out = 0;
+ 
+   len = grub_strlen (var);
+   len16 = len * GRUB_MAX_UTF16_PER_UTF8;
+   var16 = grub_calloc (len16 + 1, sizeof (var16[0]));
+   if (!var16)
+-    return NULL;
++    return GRUB_EFI_OUT_OF_RESOURCES;
+   len16 = grub_utf8_to_utf16 (var16, len16, (grub_uint8_t *) var, len, NULL);
+   var16[len16] = 0;
+ 
+@@ -251,14 +252,14 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
+   if (status != GRUB_EFI_BUFFER_TOO_SMALL || !datasize)
+     {
+       grub_free (var16);
+-      return NULL;
++      return status;
+     }
+ 
+   data = grub_malloc (datasize);
+   if (!data)
+     {
+       grub_free (var16);
+-      return NULL;
++      return GRUB_EFI_OUT_OF_RESOURCES;
+     }
+ 
+   status = efi_call_5 (r->get_variable, var16, guid, NULL, &datasize, data);
+@@ -266,12 +267,13 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
+ 
+   if (status == GRUB_EFI_SUCCESS)
+     {
++      *data_out = data;
+       *datasize_out = datasize;
+-      return data;
++      return status;
+     }
+ 
+   grub_free (data);
+-  return NULL;
++  return status;
+ }
+ 
+ #pragma GCC diagnostic ignored "-Wcast-align"
+diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c
+index be446f8d2..7fe0cdabf 100644
+--- a/grub-core/video/efi_gop.c
++++ b/grub-core/video/efi_gop.c
+@@ -316,7 +316,7 @@ grub_video_gop_get_edid (struct grub_video_edid_info *edid_info)
+       char edidname[] = "agp-internal-edid";
+       grub_size_t datasize;
+       grub_uint8_t *data;
+-      data = grub_efi_get_variable (edidname, &efi_var_guid, &datasize);
++      grub_efi_get_variable (edidname, &efi_var_guid, &datasize, (void **) &data);
+       if (data && datasize > 16)
+ 	{
+ 	  copy_size = datasize - 16;
+diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
+index e90e00dc4..8b2a0f1f5 100644
+--- a/include/grub/efi/efi.h
++++ b/include/grub/efi/efi.h
+@@ -74,9 +74,10 @@ grub_err_t EXPORT_FUNC (grub_efi_set_virtual_address_map) (grub_efi_uintn_t memo
+ 							   grub_efi_uintn_t descriptor_size,
+ 							   grub_efi_uint32_t descriptor_version,
+ 							   grub_efi_memory_descriptor_t *virtual_map);
+-void *EXPORT_FUNC (grub_efi_get_variable) (const char *variable,
+-					   const grub_efi_guid_t *guid,
+-					   grub_size_t *datasize_out);
++grub_efi_status_t EXPORT_FUNC (grub_efi_get_variable) (const char *variable,
++						       const grub_efi_guid_t *guid,
++						       grub_size_t *datasize_out,
++						       void **data_out);
+ grub_err_t
+ EXPORT_FUNC (grub_efi_set_variable) (const char *var,
+ 				     const grub_efi_guid_t *guid,
+-- 
+2.29.2
+

boot/grub2/0031-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch

@@ -0,0 +1,78 @@
+From ac5c9367548750e75ed1e7fc4354a3d20186d733 Mon Sep 17 00:00:00 2001
+From: Daniel Kiper <daniel.kiper@oracle.com>
+Date: Thu, 3 Dec 2020 16:01:47 +0100
+Subject: [PATCH] efi: Add a function to read EFI variables with attributes
+
+It will be used to properly detect and report UEFI Secure Boot status to
+the x86 Linux kernel. The functionality will be added by subsequent patches.
+
+Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
+Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/kern/efi/efi.c | 16 +++++++++++++---
+ include/grub/efi/efi.h   |  5 +++++
+ 2 files changed, 18 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
+index 9403b12cd..2942b8e35 100644
+--- a/grub-core/kern/efi/efi.c
++++ b/grub-core/kern/efi/efi.c
+@@ -224,8 +224,11 @@ grub_efi_set_variable(const char *var, const grub_efi_guid_t *guid,
+ }
+ 
+ grub_efi_status_t
+-grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
+-		       grub_size_t *datasize_out, void **data_out)
++grub_efi_get_variable_with_attributes (const char *var,
++				       const grub_efi_guid_t *guid,
++				       grub_size_t *datasize_out,
++				       void **data_out,
++				       grub_efi_uint32_t *attributes)
+ {
+   grub_efi_status_t status;
+   grub_efi_uintn_t datasize = 0;
+@@ -262,7 +265,7 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
+       return GRUB_EFI_OUT_OF_RESOURCES;
+     }
+ 
+-  status = efi_call_5 (r->get_variable, var16, guid, NULL, &datasize, data);
++  status = efi_call_5 (r->get_variable, var16, guid, attributes, &datasize, data);
+   grub_free (var16);
+ 
+   if (status == GRUB_EFI_SUCCESS)
+@@ -276,6 +279,13 @@ grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
+   return status;
+ }
+ 
++grub_efi_status_t
++grub_efi_get_variable (const char *var, const grub_efi_guid_t *guid,
++		       grub_size_t *datasize_out, void **data_out)
++{
++  return grub_efi_get_variable_with_attributes (var, guid, datasize_out, data_out, NULL);
++}
++
+ #pragma GCC diagnostic ignored "-Wcast-align"
+ 
+ /* Search the mods section from the PE32/PE32+ image. This code uses
+diff --git a/include/grub/efi/efi.h b/include/grub/efi/efi.h
+index 8b2a0f1f5..83d958f99 100644
+--- a/include/grub/efi/efi.h
++++ b/include/grub/efi/efi.h
+@@ -74,6 +74,11 @@ grub_err_t EXPORT_FUNC (grub_efi_set_virtual_address_map) (grub_efi_uintn_t memo
+ 							   grub_efi_uintn_t descriptor_size,
+ 							   grub_efi_uint32_t descriptor_version,
+ 							   grub_efi_memory_descriptor_t *virtual_map);
++grub_efi_status_t EXPORT_FUNC (grub_efi_get_variable_with_attributes) (const char *variable,
++								       const grub_efi_guid_t *guid,
++								       grub_size_t *datasize_out,
++								       void **data_out,
++								       grub_efi_uint32_t *attributes);
+ grub_efi_status_t EXPORT_FUNC (grub_efi_get_variable) (const char *variable,
+ 						       const grub_efi_guid_t *guid,
+ 						       grub_size_t *datasize_out,
+-- 
+2.29.2
+

boot/grub2/0032-efi-Add-secure-boot-detection.patch

@@ -0,0 +1,541 @@
+From d7e54b2e5feee95d2f83058ed30d883c450d1473 Mon Sep 17 00:00:00 2001
+From: Daniel Kiper <daniel.kiper@oracle.com>
+Date: Thu, 3 Dec 2020 16:01:48 +0100
+Subject: [PATCH] efi: Add secure boot detection
+
+Introduce grub_efi_get_secureboot() function which returns whether
+UEFI Secure Boot is enabled or not on UEFI systems.
+
+Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
+Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+[Add changes to generated files]
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/Makefile.am       |   1 +
+ grub-core/Makefile.core.am  |  14 +++---
+ grub-core/Makefile.core.def |   1 +
+ grub-core/Makefile.in       | 102 ++++++++++++++++++++++++++---------------
+ grub-core/kern/efi/sb.c     | 109 ++++++++++++++++++++++++++++++++++++++++++++
+ include/grub/efi/sb.h       |  40 ++++++++++++++++
+ po/POTFILES.in              |   2 +
+ 7 files changed, 225 insertions(+), 44 deletions(-)
+ create mode 100644 grub-core/kern/efi/sb.c
+ create mode 100644 include/grub/efi/sb.h
+
+diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
+index 3ea8e7f..c6ba5b2 100644
+--- a/grub-core/Makefile.am
++++ b/grub-core/Makefile.am
+@@ -71,6 +71,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/command.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/device.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/disk.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/dl.h
++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/efi/sb.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/env_private.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/err.h
+diff --git a/grub-core/Makefile.core.am b/grub-core/Makefile.core.am
+index a217716..f28b753 100644
+--- a/grub-core/Makefile.core.am
++++ b/grub-core/Makefile.core.am
+@@ -22421,7 +22421,7 @@ endif
+ if COND_i386_efi
+ platform_PROGRAMS += kernel.exec
+ kernel_exec_SOURCES  = kern/i386/efi/startup.S 
+-kernel_exec_SOURCES += kern/i386/efi/tsc.c kern/i386/tsc_pmtimer.c kern/i386/efi/init.c bus/pci.c kern/i386/dl.c kern/i386/tsc.c kern/i386/tsc_pit.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c 
++kernel_exec_SOURCES += kern/i386/efi/tsc.c kern/i386/tsc_pmtimer.c kern/i386/efi/init.c bus/pci.c kern/i386/dl.c kern/i386/tsc.c kern/i386/tsc_pit.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c 
+ nodist_kernel_exec_SOURCES  = symlist.c  ## platform nodist sources
+ kernel_exec_LDADD  = 
+ kernel_exec_CFLAGS  = $(AM_CFLAGS) $(CFLAGS_KERNEL) 
+@@ -22531,7 +22531,7 @@ endif
+ if COND_x86_64_efi
+ platform_PROGRAMS += kernel.exec
+ kernel_exec_SOURCES  = kern/x86_64/efi/startup.S 
+-kernel_exec_SOURCES += kern/i386/efi/tsc.c kern/i386/tsc_pmtimer.c kern/x86_64/efi/callwrap.S kern/i386/efi/init.c bus/pci.c kern/x86_64/dl.c kern/i386/tsc.c kern/i386/tsc_pit.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c 
++kernel_exec_SOURCES += kern/i386/efi/tsc.c kern/i386/tsc_pmtimer.c kern/x86_64/efi/callwrap.S kern/i386/efi/init.c bus/pci.c kern/x86_64/dl.c kern/i386/tsc.c kern/i386/tsc_pit.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c 
+ nodist_kernel_exec_SOURCES  = symlist.c  ## platform nodist sources
+ kernel_exec_LDADD  = 
+ kernel_exec_CFLAGS  = $(AM_CFLAGS) $(CFLAGS_KERNEL) 
+@@ -22707,7 +22707,7 @@ endif
+ if COND_ia64_efi
+ platform_PROGRAMS += kernel.exec
+ kernel_exec_SOURCES  = 
+-kernel_exec_SOURCES += kern/ia64/efi/startup.S kern/ia64/efi/init.c kern/ia64/dl.c kern/ia64/dl_helper.c kern/ia64/cache.c lib/division.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c 
++kernel_exec_SOURCES += kern/ia64/efi/startup.S kern/ia64/efi/init.c kern/ia64/dl.c kern/ia64/dl_helper.c kern/ia64/cache.c lib/division.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c 
+ nodist_kernel_exec_SOURCES  = symlist.c  ## platform nodist sources
+ kernel_exec_LDADD  = 
+ kernel_exec_CFLAGS  = $(AM_CFLAGS) $(CFLAGS_KERNEL) -fno-builtin -fpic -minline-int-divide-max-throughput 
+@@ -22773,7 +22773,7 @@ endif
+ if COND_arm_efi
+ platform_PROGRAMS += kernel.exec
+ kernel_exec_SOURCES  = kern/arm/efi/startup.S 
+-kernel_exec_SOURCES += kern/arm/efi/init.c kern/efi/fdt.c kern/arm/dl.c kern/arm/dl_helper.c kern/arm/cache_armv6.S kern/arm/cache_armv7.S kern/arm/cache.c kern/arm/compiler-rt.S lib/division.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c 
++kernel_exec_SOURCES += kern/arm/efi/init.c kern/efi/fdt.c kern/arm/dl.c kern/arm/dl_helper.c kern/arm/cache_armv6.S kern/arm/cache_armv7.S kern/arm/cache.c kern/arm/compiler-rt.S lib/division.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c 
+ nodist_kernel_exec_SOURCES  = symlist.c  ## platform nodist sources
+ kernel_exec_LDADD  = 
+ kernel_exec_CFLAGS  = $(AM_CFLAGS) $(CFLAGS_KERNEL) 
+@@ -22795,7 +22795,7 @@ endif
+ if COND_arm64_efi
+ platform_PROGRAMS += kernel.exec
+ kernel_exec_SOURCES  = kern/arm64/efi/startup.S 
+-kernel_exec_SOURCES += kern/arm64/efi/init.c kern/efi/fdt.c kern/arm64/cache.c kern/arm64/cache_flush.S kern/arm64/dl.c kern/arm64/dl_helper.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c 
++kernel_exec_SOURCES += kern/arm64/efi/init.c kern/efi/fdt.c kern/arm64/cache.c kern/arm64/cache_flush.S kern/arm64/dl.c kern/arm64/dl_helper.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c 
+ nodist_kernel_exec_SOURCES  = symlist.c  ## platform nodist sources
+ kernel_exec_LDADD  = 
+ kernel_exec_CFLAGS  = $(AM_CFLAGS) $(CFLAGS_KERNEL) 
+@@ -22839,7 +22839,7 @@ endif
+ if COND_riscv32_efi
+ platform_PROGRAMS += kernel.exec
+ kernel_exec_SOURCES  = kern/riscv/efi/startup.S 
+-kernel_exec_SOURCES += kern/riscv/efi/init.c kern/efi/fdt.c kern/riscv/cache.c kern/riscv/cache_flush.S kern/riscv/dl.c lib/division.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c 
++kernel_exec_SOURCES += kern/riscv/efi/init.c kern/efi/fdt.c kern/riscv/cache.c kern/riscv/cache_flush.S kern/riscv/dl.c lib/division.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c 
+ nodist_kernel_exec_SOURCES  = symlist.c  ## platform nodist sources
+ kernel_exec_LDADD  = 
+ kernel_exec_CFLAGS  = $(AM_CFLAGS) $(CFLAGS_KERNEL) 
+@@ -22861,7 +22861,7 @@ endif
+ if COND_riscv64_efi
+ platform_PROGRAMS += kernel.exec
+ kernel_exec_SOURCES  = kern/riscv/efi/startup.S 
+-kernel_exec_SOURCES += kern/riscv/efi/init.c kern/efi/fdt.c kern/riscv/cache.c kern/riscv/cache_flush.S kern/riscv/dl.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c 
++kernel_exec_SOURCES += kern/riscv/efi/init.c kern/efi/fdt.c kern/riscv/cache.c kern/riscv/cache_flush.S kern/riscv/dl.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c 
+ nodist_kernel_exec_SOURCES  = symlist.c  ## platform nodist sources
+ kernel_exec_LDADD  = 
+ kernel_exec_CFLAGS  = $(AM_CFLAGS) $(CFLAGS_KERNEL) 
+diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
+index 474a63e..abd26cf 100644
+--- a/grub-core/Makefile.core.def
++++ b/grub-core/Makefile.core.def
+@@ -203,6 +203,7 @@ kernel = {
+   efi = term/efi/console.c;
+   efi = kern/acpi.c;
+   efi = kern/efi/acpi.c;
++  efi = kern/efi/sb.c;
+   i386_coreboot = kern/i386/pc/acpi.c;
+   i386_multiboot = kern/i386/pc/acpi.c;
+   i386_coreboot = kern/acpi.c;
+diff --git a/grub-core/Makefile.in b/grub-core/Makefile.in
+index d287607..8fb81ee 100644
+--- a/grub-core/Makefile.in
++++ b/grub-core/Makefile.in
+@@ -10468,32 +10468,33 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ 	kern/arm64/cache_flush.S kern/arm64/dl.c \
+ 	kern/arm64/dl_helper.c disk/efi/efidisk.c kern/efi/efi.c \
+ 	kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c \
+-	kern/efi/acpi.c kern/compiler-rt.c kern/mm.c kern/time.c \
+-	kern/generic/millisleep.c kern/command.c kern/corecmd.c \
+-	kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c \
+-	kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c \
+-	kern/parser.c kern/partition.c kern/rescue_parser.c \
+-	kern/rescue_reader.c kern/term.c kern/arm/startup.S \
+-	kern/arm/coreboot/init.c kern/arm/coreboot/timer.c \
+-	kern/arm/coreboot/coreboot.S lib/fdt.c bus/fdt.c term/ps2.c \
+-	term/arm/pl050.c term/arm/cros.c term/arm/cros_ec.c \
+-	bus/spi/rk3288_spi.c commands/keylayouts.c \
+-	kern/arm/coreboot/dma.c kern/arm/coreboot/cbtable.c \
+-	video/coreboot/cbfb.c kern/coreboot/mmap.c \
+-	kern/coreboot/cbtable.c term/gfxterm.c font/font.c \
+-	font/font_cmd.c io/bufio.c video/fb/fbblit.c video/fb/fbfill.c \
+-	video/fb/fbutil.c video/fb/video_fb.c video/video.c \
+-	kern/arm/dl.c kern/arm/dl_helper.c kern/arm/cache_armv6.S \
+-	kern/arm/cache_armv7.S kern/arm/cache.c kern/arm/compiler-rt.S \
+-	lib/division.c kern/arm/efi/startup.S kern/arm/efi/init.c \
+-	kern/arm/uboot/init.c kern/arm/uboot/uboot.S \
+-	disk/uboot/ubootdisk.c kern/uboot/uboot.c kern/uboot/init.c \
+-	kern/uboot/hw.c term/uboot/console.c term/terminfo.c \
+-	term/tparm.c commands/extcmd.c lib/arg.c disk/host.c \
+-	kern/emu/cache_s.S kern/emu/hostdisk.c osdep/unix/hostdisk.c \
+-	osdep/exec.c osdep/devmapper/hostdisk.c osdep/hostdisk.c \
+-	kern/emu/hostfs.c kern/emu/main.c kern/emu/argp_common.c \
+-	kern/emu/misc.c kern/emu/mm.c kern/emu/time.c kern/emu/cache.c \
++	kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c \
++	kern/time.c kern/generic/millisleep.c kern/command.c \
++	kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c \
++	kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c \
++	kern/misc.c kern/parser.c kern/partition.c \
++	kern/rescue_parser.c kern/rescue_reader.c kern/term.c \
++	kern/arm/startup.S kern/arm/coreboot/init.c \
++	kern/arm/coreboot/timer.c kern/arm/coreboot/coreboot.S \
++	lib/fdt.c bus/fdt.c term/ps2.c term/arm/pl050.c \
++	term/arm/cros.c term/arm/cros_ec.c bus/spi/rk3288_spi.c \
++	commands/keylayouts.c kern/arm/coreboot/dma.c \
++	kern/arm/coreboot/cbtable.c video/coreboot/cbfb.c \
++	kern/coreboot/mmap.c kern/coreboot/cbtable.c term/gfxterm.c \
++	font/font.c font/font_cmd.c io/bufio.c video/fb/fbblit.c \
++	video/fb/fbfill.c video/fb/fbutil.c video/fb/video_fb.c \
++	video/video.c kern/arm/dl.c kern/arm/dl_helper.c \
++	kern/arm/cache_armv6.S kern/arm/cache_armv7.S kern/arm/cache.c \
++	kern/arm/compiler-rt.S lib/division.c kern/arm/efi/startup.S \
++	kern/arm/efi/init.c kern/arm/uboot/init.c \
++	kern/arm/uboot/uboot.S disk/uboot/ubootdisk.c \
++	kern/uboot/uboot.c kern/uboot/init.c kern/uboot/hw.c \
++	term/uboot/console.c term/terminfo.c term/tparm.c \
++	commands/extcmd.c lib/arg.c disk/host.c kern/emu/cache_s.S \
++	kern/emu/hostdisk.c osdep/unix/hostdisk.c osdep/exec.c \
++	osdep/devmapper/hostdisk.c osdep/hostdisk.c kern/emu/hostfs.c \
++	kern/emu/main.c kern/emu/argp_common.c kern/emu/misc.c \
++	kern/emu/mm.c kern/emu/time.c kern/emu/cache.c \
+ 	osdep/emuconsole.c osdep/dl.c osdep/sleep.c osdep/init.c \
+ 	osdep/emunet.c osdep/cputime.c kern/i386/coreboot/startup.S \
+ 	kern/i386/coreboot/init.c kern/i386/pc/acpi.c \
+@@ -10580,6 +10581,7 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_FALSE@@COND_sparc64_ieee1275_FALSE@@COND_x86_64_efi_TRUE@	term/efi/kernel_exec-console.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_FALSE@@COND_sparc64_ieee1275_FALSE@@COND_x86_64_efi_TRUE@	kern/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_FALSE@@COND_sparc64_ieee1275_FALSE@@COND_x86_64_efi_TRUE@	kern/efi/kernel_exec-acpi.$(OBJEXT) \
++@COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_FALSE@@COND_sparc64_ieee1275_FALSE@@COND_x86_64_efi_TRUE@	kern/efi/kernel_exec-sb.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_FALSE@@COND_sparc64_ieee1275_FALSE@@COND_x86_64_efi_TRUE@	kern/kernel_exec-compiler-rt.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_FALSE@@COND_sparc64_ieee1275_FALSE@@COND_x86_64_efi_TRUE@	kern/kernel_exec-mm.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_FALSE@@COND_sparc64_ieee1275_FALSE@@COND_x86_64_efi_TRUE@	kern/kernel_exec-time.$(OBJEXT) \
+@@ -10651,6 +10653,7 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_TRUE@	term/efi/kernel_exec-console.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_TRUE@	kern/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_TRUE@	kern/efi/kernel_exec-acpi.$(OBJEXT) \
++@COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_TRUE@	kern/efi/kernel_exec-sb.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_TRUE@	kern/kernel_exec-compiler-rt.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_TRUE@	kern/kernel_exec-mm.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_TRUE@	kern/kernel_exec-time.$(OBJEXT) \
+@@ -10686,6 +10689,7 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_TRUE@	term/efi/kernel_exec-console.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_TRUE@	kern/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_TRUE@	kern/efi/kernel_exec-acpi.$(OBJEXT) \
++@COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_TRUE@	kern/efi/kernel_exec-sb.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_TRUE@	kern/kernel_exec-compiler-rt.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_TRUE@	kern/kernel_exec-mm.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_TRUE@	kern/kernel_exec-time.$(OBJEXT) \
+@@ -10881,6 +10885,7 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_TRUE@	term/efi/kernel_exec-console.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_TRUE@	kern/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_TRUE@	kern/efi/kernel_exec-acpi.$(OBJEXT) \
++@COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_TRUE@	kern/efi/kernel_exec-sb.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_TRUE@	kern/kernel_exec-compiler-rt.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_TRUE@	kern/kernel_exec-mm.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_TRUE@	kern/kernel_exec-time.$(OBJEXT) \
+@@ -11109,6 +11114,7 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_TRUE@	term/efi/kernel_exec-console.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_TRUE@	kern/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_TRUE@	kern/efi/kernel_exec-acpi.$(OBJEXT) \
++@COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_TRUE@	kern/efi/kernel_exec-sb.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_TRUE@	kern/kernel_exec-compiler-rt.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_TRUE@	kern/kernel_exec-mm.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_TRUE@	kern/kernel_exec-time.$(OBJEXT) \
+@@ -11271,6 +11277,7 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_TRUE@	term/efi/kernel_exec-console.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_TRUE@	kern/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_TRUE@	kern/efi/kernel_exec-acpi.$(OBJEXT) \
++@COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_TRUE@	kern/efi/kernel_exec-sb.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_TRUE@	kern/kernel_exec-compiler-rt.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_TRUE@	kern/kernel_exec-mm.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_TRUE@	kern/kernel_exec-time.$(OBJEXT) \
+@@ -11360,6 +11367,7 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ @COND_arm64_efi_TRUE@	term/efi/kernel_exec-console.$(OBJEXT) \
+ @COND_arm64_efi_TRUE@	kern/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_TRUE@	kern/efi/kernel_exec-acpi.$(OBJEXT) \
++@COND_arm64_efi_TRUE@	kern/efi/kernel_exec-sb.$(OBJEXT) \
+ @COND_arm64_efi_TRUE@	kern/kernel_exec-compiler-rt.$(OBJEXT) \
+ @COND_arm64_efi_TRUE@	kern/kernel_exec-mm.$(OBJEXT) \
+ @COND_arm64_efi_TRUE@	kern/kernel_exec-time.$(OBJEXT) \
+@@ -16380,6 +16388,7 @@ KERNEL_HEADER_FILES = $(top_srcdir)/include/grub/cache.h \
+ 	$(top_srcdir)/include/grub/device.h \
+ 	$(top_srcdir)/include/grub/disk.h \
+ 	$(top_srcdir)/include/grub/dl.h \
++	$(top_srcdir)/include/grub/efi/sb.h \
+ 	$(top_srcdir)/include/grub/env.h \
+ 	$(top_srcdir)/include/grub/env_private.h \
+ 	$(top_srcdir)/include/grub/err.h \
+@@ -25612,7 +25621,7 @@ gcry_whirlpool_module_DEPENDENCIES = $(TARGET_OBJ2ELF)
+ @COND_arm64_efi_TRUE@	kern/arm64/dl_helper.c disk/efi/efidisk.c \
+ @COND_arm64_efi_TRUE@	kern/efi/efi.c kern/efi/init.c \
+ @COND_arm64_efi_TRUE@	kern/efi/mm.c term/efi/console.c \
+-@COND_arm64_efi_TRUE@	kern/acpi.c kern/efi/acpi.c \
++@COND_arm64_efi_TRUE@	kern/acpi.c kern/efi/acpi.c kern/efi/sb.c \
+ @COND_arm64_efi_TRUE@	kern/compiler-rt.c kern/mm.c kern/time.c \
+ @COND_arm64_efi_TRUE@	kern/generic/millisleep.c kern/command.c \
+ @COND_arm64_efi_TRUE@	kern/corecmd.c kern/device.c kern/disk.c \
+@@ -25661,8 +25670,8 @@ gcry_whirlpool_module_DEPENDENCIES = $(TARGET_OBJ2ELF)
+ @COND_arm_efi_TRUE@	disk/efi/efidisk.c kern/efi/efi.c \
+ @COND_arm_efi_TRUE@	kern/efi/init.c kern/efi/mm.c \
+ @COND_arm_efi_TRUE@	term/efi/console.c kern/acpi.c \
+-@COND_arm_efi_TRUE@	kern/efi/acpi.c kern/compiler-rt.c \
+-@COND_arm_efi_TRUE@	kern/mm.c kern/time.c \
++@COND_arm_efi_TRUE@	kern/efi/acpi.c kern/efi/sb.c \
++@COND_arm_efi_TRUE@	kern/compiler-rt.c kern/mm.c kern/time.c \
+ @COND_arm_efi_TRUE@	kern/generic/millisleep.c kern/command.c \
+ @COND_arm_efi_TRUE@	kern/corecmd.c kern/device.c kern/disk.c \
+ @COND_arm_efi_TRUE@	kern/dl.c kern/env.c kern/err.c kern/file.c \
+@@ -25739,7 +25748,7 @@ gcry_whirlpool_module_DEPENDENCIES = $(TARGET_OBJ2ELF)
+ @COND_i386_efi_TRUE@	kern/i386/tsc_pit.c disk/efi/efidisk.c \
+ @COND_i386_efi_TRUE@	kern/efi/efi.c kern/efi/init.c \
+ @COND_i386_efi_TRUE@	kern/efi/mm.c term/efi/console.c \
+-@COND_i386_efi_TRUE@	kern/acpi.c kern/efi/acpi.c \
++@COND_i386_efi_TRUE@	kern/acpi.c kern/efi/acpi.c kern/efi/sb.c \
+ @COND_i386_efi_TRUE@	kern/compiler-rt.c kern/mm.c kern/time.c \
+ @COND_i386_efi_TRUE@	kern/generic/millisleep.c kern/command.c \
+ @COND_i386_efi_TRUE@	kern/corecmd.c kern/device.c kern/disk.c \
+@@ -25851,7 +25860,7 @@ gcry_whirlpool_module_DEPENDENCIES = $(TARGET_OBJ2ELF)
+ @COND_ia64_efi_TRUE@	lib/division.c disk/efi/efidisk.c \
+ @COND_ia64_efi_TRUE@	kern/efi/efi.c kern/efi/init.c \
+ @COND_ia64_efi_TRUE@	kern/efi/mm.c term/efi/console.c \
+-@COND_ia64_efi_TRUE@	kern/acpi.c kern/efi/acpi.c \
++@COND_ia64_efi_TRUE@	kern/acpi.c kern/efi/acpi.c kern/efi/sb.c \
+ @COND_ia64_efi_TRUE@	kern/compiler-rt.c kern/mm.c kern/time.c \
+ @COND_ia64_efi_TRUE@	kern/generic/millisleep.c kern/command.c \
+ @COND_ia64_efi_TRUE@	kern/corecmd.c kern/device.c kern/disk.c \
+@@ -25959,9 +25968,9 @@ gcry_whirlpool_module_DEPENDENCIES = $(TARGET_OBJ2ELF)
+ @COND_riscv32_efi_TRUE@	disk/efi/efidisk.c kern/efi/efi.c \
+ @COND_riscv32_efi_TRUE@	kern/efi/init.c kern/efi/mm.c \
+ @COND_riscv32_efi_TRUE@	term/efi/console.c kern/acpi.c \
+-@COND_riscv32_efi_TRUE@	kern/efi/acpi.c kern/compiler-rt.c \
+-@COND_riscv32_efi_TRUE@	kern/mm.c kern/time.c \
+-@COND_riscv32_efi_TRUE@	kern/generic/millisleep.c \
++@COND_riscv32_efi_TRUE@	kern/efi/acpi.c kern/efi/sb.c \
++@COND_riscv32_efi_TRUE@	kern/compiler-rt.c kern/mm.c \
++@COND_riscv32_efi_TRUE@	kern/time.c kern/generic/millisleep.c \
+ @COND_riscv32_efi_TRUE@	kern/command.c kern/corecmd.c \
+ @COND_riscv32_efi_TRUE@	kern/device.c kern/disk.c kern/dl.c \
+ @COND_riscv32_efi_TRUE@	kern/env.c kern/err.c kern/file.c \
+@@ -25977,8 +25986,9 @@ gcry_whirlpool_module_DEPENDENCIES = $(TARGET_OBJ2ELF)
+ @COND_riscv64_efi_TRUE@	kern/efi/efi.c kern/efi/init.c \
+ @COND_riscv64_efi_TRUE@	kern/efi/mm.c term/efi/console.c \
+ @COND_riscv64_efi_TRUE@	kern/acpi.c kern/efi/acpi.c \
+-@COND_riscv64_efi_TRUE@	kern/compiler-rt.c kern/mm.c \
+-@COND_riscv64_efi_TRUE@	kern/time.c kern/generic/millisleep.c \
++@COND_riscv64_efi_TRUE@	kern/efi/sb.c kern/compiler-rt.c \
++@COND_riscv64_efi_TRUE@	kern/mm.c kern/time.c \
++@COND_riscv64_efi_TRUE@	kern/generic/millisleep.c \
+ @COND_riscv64_efi_TRUE@	kern/command.c kern/corecmd.c \
+ @COND_riscv64_efi_TRUE@	kern/device.c kern/disk.c kern/dl.c \
+ @COND_riscv64_efi_TRUE@	kern/env.c kern/err.c kern/file.c \
+@@ -26022,7 +26032,8 @@ gcry_whirlpool_module_DEPENDENCIES = $(TARGET_OBJ2ELF)
+ @COND_x86_64_efi_TRUE@	kern/efi/efi.c kern/efi/init.c \
+ @COND_x86_64_efi_TRUE@	kern/efi/mm.c term/efi/console.c \
+ @COND_x86_64_efi_TRUE@	kern/acpi.c kern/efi/acpi.c \
+-@COND_x86_64_efi_TRUE@	kern/compiler-rt.c kern/mm.c kern/time.c \
++@COND_x86_64_efi_TRUE@	kern/efi/sb.c kern/compiler-rt.c \
++@COND_x86_64_efi_TRUE@	kern/mm.c kern/time.c \
+ @COND_x86_64_efi_TRUE@	kern/generic/millisleep.c kern/command.c \
+ @COND_x86_64_efi_TRUE@	kern/corecmd.c kern/device.c kern/disk.c \
+ @COND_x86_64_efi_TRUE@	kern/dl.c kern/env.c kern/err.c \
+@@ -27989,6 +28000,8 @@ kern/kernel_exec-acpi.$(OBJEXT): kern/$(am__dirstamp) \
+ 	kern/$(DEPDIR)/$(am__dirstamp)
+ kern/efi/kernel_exec-acpi.$(OBJEXT): kern/efi/$(am__dirstamp) \
+ 	kern/efi/$(DEPDIR)/$(am__dirstamp)
++kern/efi/kernel_exec-sb.$(OBJEXT): kern/efi/$(am__dirstamp) \
++	kern/efi/$(DEPDIR)/$(am__dirstamp)
+ kern/kernel_exec-compiler-rt.$(OBJEXT): kern/$(am__dirstamp) \
+ 	kern/$(DEPDIR)/$(am__dirstamp)
+ kern/kernel_exec-mm.$(OBJEXT): kern/$(am__dirstamp) \
+@@ -30994,6 +31007,7 @@ distclean-compile:
+ @AMDEP_TRUE@@am__include@ @am__quote@kern/efi/$(DEPDIR)/kernel_exec-fdt.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@kern/efi/$(DEPDIR)/kernel_exec-init.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@kern/efi/$(DEPDIR)/kernel_exec-mm.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@kern/efi/$(DEPDIR)/kernel_exec-sb.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@kern/emu/$(DEPDIR)/grub_emu-full.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@kern/emu/$(DEPDIR)/grub_emu_lite-lite.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@kern/emu/$(DEPDIR)/kernel_exec-argp_common.Po@am__quote@
+@@ -35285,6 +35299,20 @@ kern/efi/kernel_exec-acpi.obj: kern/efi/acpi.c
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(kernel_exec_CPPFLAGS) $(CPPFLAGS) $(kernel_exec_CFLAGS) $(CFLAGS) -c -o kern/efi/kernel_exec-acpi.obj `if test -f 'kern/efi/acpi.c'; then $(CYGPATH_W) 'kern/efi/acpi.c'; else $(CYGPATH_W) '$(srcdir)/kern/efi/acpi.c'; fi`
+ 
++kern/efi/kernel_exec-sb.o: kern/efi/sb.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(kernel_exec_CPPFLAGS) $(CPPFLAGS) $(kernel_exec_CFLAGS) $(CFLAGS) -MT kern/efi/kernel_exec-sb.o -MD -MP -MF kern/efi/$(DEPDIR)/kernel_exec-sb.Tpo -c -o kern/efi/kernel_exec-sb.o `test -f 'kern/efi/sb.c' || echo '$(srcdir)/'`kern/efi/sb.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) kern/efi/$(DEPDIR)/kernel_exec-sb.Tpo kern/efi/$(DEPDIR)/kernel_exec-sb.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='kern/efi/sb.c' object='kern/efi/kernel_exec-sb.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(kernel_exec_CPPFLAGS) $(CPPFLAGS) $(kernel_exec_CFLAGS) $(CFLAGS) -c -o kern/efi/kernel_exec-sb.o `test -f 'kern/efi/sb.c' || echo '$(srcdir)/'`kern/efi/sb.c
++
++kern/efi/kernel_exec-sb.obj: kern/efi/sb.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(kernel_exec_CPPFLAGS) $(CPPFLAGS) $(kernel_exec_CFLAGS) $(CFLAGS) -MT kern/efi/kernel_exec-sb.obj -MD -MP -MF kern/efi/$(DEPDIR)/kernel_exec-sb.Tpo -c -o kern/efi/kernel_exec-sb.obj `if test -f 'kern/efi/sb.c'; then $(CYGPATH_W) 'kern/efi/sb.c'; else $(CYGPATH_W) '$(srcdir)/kern/efi/sb.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) kern/efi/$(DEPDIR)/kernel_exec-sb.Tpo kern/efi/$(DEPDIR)/kernel_exec-sb.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='kern/efi/sb.c' object='kern/efi/kernel_exec-sb.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(kernel_exec_CPPFLAGS) $(CPPFLAGS) $(kernel_exec_CFLAGS) $(CFLAGS) -c -o kern/efi/kernel_exec-sb.obj `if test -f 'kern/efi/sb.c'; then $(CYGPATH_W) 'kern/efi/sb.c'; else $(CYGPATH_W) '$(srcdir)/kern/efi/sb.c'; fi`
++
+ kern/kernel_exec-compiler-rt.o: kern/compiler-rt.c
+ @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(kernel_exec_CPPFLAGS) $(CPPFLAGS) $(kernel_exec_CFLAGS) $(CFLAGS) -MT kern/kernel_exec-compiler-rt.o -MD -MP -MF kern/$(DEPDIR)/kernel_exec-compiler-rt.Tpo -c -o kern/kernel_exec-compiler-rt.o `test -f 'kern/compiler-rt.c' || echo '$(srcdir)/'`kern/compiler-rt.c
+ @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) kern/$(DEPDIR)/kernel_exec-compiler-rt.Tpo kern/$(DEPDIR)/kernel_exec-compiler-rt.Po
+diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
+new file mode 100644
+index 0000000..19658d9
+--- /dev/null
++++ b/grub-core/kern/efi/sb.c
+@@ -0,0 +1,109 @@
++/*
++ *  GRUB  --  GRand Unified Bootloader
++ *  Copyright (C) 2020  Free Software Foundation, Inc.
++ *
++ *  GRUB is free software: you can redistribute it and/or modify
++ *  it under the terms of the GNU General Public License as published by
++ *  the Free Software Foundation, either version 3 of the License, or
++ *  (at your option) any later version.
++ *
++ *  GRUB is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *  GNU General Public License for more details.
++ *
++ *  You should have received a copy of the GNU General Public License
++ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ *  UEFI Secure Boot related checkings.
++ */
++
++#include <grub/efi/efi.h>
++#include <grub/efi/pe32.h>
++#include <grub/efi/sb.h>
++#include <grub/err.h>
++#include <grub/i386/linux.h>
++#include <grub/mm.h>
++#include <grub/types.h>
++
++/*
++ * Determine whether we're in secure boot mode.
++ *
++ * Please keep the logic in sync with the Linux kernel,
++ * drivers/firmware/efi/libstub/secureboot.c:efi_get_secureboot().
++ */
++grub_uint8_t
++grub_efi_get_secureboot (void)
++{
++  static grub_efi_guid_t efi_variable_guid = GRUB_EFI_GLOBAL_VARIABLE_GUID;
++  static grub_efi_guid_t efi_shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID;
++  grub_efi_status_t status;
++  grub_efi_uint32_t attr = 0;
++  grub_size_t size = 0;
++  grub_uint8_t *secboot = NULL;
++  grub_uint8_t *setupmode = NULL;
++  grub_uint8_t *moksbstate = NULL;
++  grub_uint8_t secureboot = GRUB_EFI_SECUREBOOT_MODE_UNKNOWN;
++  const char *secureboot_str = "UNKNOWN";
++
++  status = grub_efi_get_variable ("SecureBoot", &efi_variable_guid,
++				  &size, (void **) &secboot);
++
++  if (status == GRUB_EFI_NOT_FOUND)
++    {
++      secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED;
++      goto out;
++    }
++
++  if (status != GRUB_EFI_SUCCESS)
++    goto out;
++
++  status = grub_efi_get_variable ("SetupMode", &efi_variable_guid,
++				  &size, (void **) &setupmode);
++
++  if (status != GRUB_EFI_SUCCESS)
++    goto out;
++
++  if ((*secboot == 0) || (*setupmode == 1))
++    {
++      secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED;
++      goto out;
++    }
++
++  /*
++   * See if a user has put the shim into insecure mode. If so, and if the
++   * variable doesn't have the runtime attribute set, we might as well
++   * honor that.
++   */
++  status = grub_efi_get_variable_with_attributes ("MokSBState", &efi_shim_lock_guid,
++						  &size, (void **) &moksbstate, &attr);
++
++  /* If it fails, we don't care why. Default to secure. */
++  if (status != GRUB_EFI_SUCCESS)
++    {
++      secureboot = GRUB_EFI_SECUREBOOT_MODE_ENABLED;
++      goto out;
++    }
++
++  if (!(attr & GRUB_EFI_VARIABLE_RUNTIME_ACCESS) && *moksbstate == 1)
++    {
++      secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED;
++      goto out;
++    }
++
++  secureboot = GRUB_EFI_SECUREBOOT_MODE_ENABLED;
++
++ out:
++  grub_free (moksbstate);
++  grub_free (setupmode);
++  grub_free (secboot);
++
++  if (secureboot == GRUB_EFI_SECUREBOOT_MODE_DISABLED)
++    secureboot_str = "Disabled";
++  else if (secureboot == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
++    secureboot_str = "Enabled";
++
++  grub_dprintf ("efi", "UEFI Secure Boot state: %s\n", secureboot_str);
++
++  return secureboot;
++}
+diff --git a/include/grub/efi/sb.h b/include/grub/efi/sb.h
+new file mode 100644
+index 0000000..a33d985
+--- /dev/null
++++ b/include/grub/efi/sb.h
+@@ -0,0 +1,40 @@
++/*
++ *  GRUB  --  GRand Unified Bootloader
++ *  Copyright (C) 2020  Free Software Foundation, Inc.
++ *
++ *  GRUB is free software: you can redistribute it and/or modify
++ *  it under the terms of the GNU General Public License as published by
++ *  the Free Software Foundation, either version 3 of the License, or
++ *  (at your option) any later version.
++ *
++ *  GRUB is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *  GNU General Public License for more details.
++ *
++ *  You should have received a copy of the GNU General Public License
++ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#ifndef GRUB_EFI_SB_H
++#define GRUB_EFI_SB_H     1
++
++#include <grub/types.h>
++#include <grub/dl.h>
++
++#define GRUB_EFI_SECUREBOOT_MODE_UNSET	0
++#define GRUB_EFI_SECUREBOOT_MODE_UNKNOWN	1
++#define GRUB_EFI_SECUREBOOT_MODE_DISABLED	2
++#define GRUB_EFI_SECUREBOOT_MODE_ENABLED	3
++
++#ifdef GRUB_MACHINE_EFI
++extern grub_uint8_t
++EXPORT_FUNC (grub_efi_get_secureboot) (void);
++#else
++static inline grub_uint8_t
++grub_efi_get_secureboot (void)
++{
++  return GRUB_EFI_SECUREBOOT_MODE_UNSET;
++}
++#endif
++#endif /* GRUB_EFI_SB_H */
+diff --git a/po/POTFILES.in b/po/POTFILES.in
+index 5574cbe..22543be 100644
+--- a/po/POTFILES.in
++++ b/po/POTFILES.in
+@@ -266,6 +266,7 @@
+ ./grub-core/kern/efi/fdt.c
+ ./grub-core/kern/efi/init.c
+ ./grub-core/kern/efi/mm.c
++./grub-core/kern/efi/sb.c
+ ./grub-core/kern/elf.c
+ ./grub-core/kern/elfXX.c
+ ./grub-core/kern/emu/argp_common.c
+@@ -1053,6 +1054,7 @@
+ ./include/grub/efi/memory.h
+ ./include/grub/efi/pci.h
+ ./include/grub/efi/pe32.h
++./include/grub/efi/sb.h
+ ./include/grub/efi/tpm.h
+ ./include/grub/efi/uga_draw.h
+ ./include/grub/efiemu/efiemu.h
+-- 
+2.14.2
+

boot/grub2/0035-kern-Add-lockdown-support.patch

@@ -0,0 +1,763 @@
+From 578c95298bcc46e0296f4c786db64c2ff26ce2cc Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Mon, 28 Sep 2020 20:08:02 +0200
+Subject: [PATCH] kern: Add lockdown support
+
+When the GRUB starts on a secure boot platform, some commands can be
+used to subvert the protections provided by the verification mechanism and
+could lead to booting untrusted system.
+
+To prevent that situation, allow GRUB to be locked down. That way the code
+may check if GRUB has been locked down and further restrict the commands
+that are registered or what subset of their functionality could be used.
+
+The lockdown support adds the following components:
+
+* The grub_lockdown() function which can be used to lockdown GRUB if,
+  e.g., UEFI Secure Boot is enabled.
+
+* The grub_is_lockdown() function which can be used to check if the GRUB
+  was locked down.
+
+* A verifier that flags OS kernels, the GRUB modules, Device Trees and ACPI
+  tables as GRUB_VERIFY_FLAGS_DEFER_AUTH to defer verification to other
+  verifiers. These files are only successfully verified if another registered
+  verifier returns success. Otherwise, the whole verification process fails.
+
+  For example, PE/COFF binaries verification can be done by the shim_lock
+  verifier which validates the signatures using the shim_lock protocol.
+  However, the verification is not deferred directly to the shim_lock verifier.
+  The shim_lock verifier is hooked into the verification process instead.
+
+* A set of grub_{command,extcmd}_lockdown functions that can be used by
+  code registering command handlers, to only register unsafe commands if
+  the GRUB has not been locked down.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+[Add changes to generated files]
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ Makefile.in                 |  2 ++
+ conf/Makefile.common        |  2 ++
+ docs/grub-dev.texi          | 27 +++++++++++++++
+ docs/grub.texi              |  8 +++++
+ grub-core/Makefile.am       |  5 ++-
+ grub-core/Makefile.core.am  | 14 ++++----
+ grub-core/Makefile.core.def |  1 +
+ grub-core/Makefile.in       | 73 ++++++++++++++++++++++++++++++-----------
+ grub-core/commands/extcmd.c | 23 +++++++++++++
+ grub-core/kern/command.c    | 24 ++++++++++++++
+ grub-core/kern/lockdown.c   | 80 +++++++++++++++++++++++++++++++++++++++++++++
+ include/grub/command.h      |  5 +++
+ include/grub/extcmd.h       |  7 ++++
+ include/grub/lockdown.h     | 44 +++++++++++++++++++++++++
+ po/POTFILES.in              |  2 ++
+ 15 files changed, 290 insertions(+), 27 deletions(-)
+ create mode 100644 grub-core/kern/lockdown.c
+ create mode 100644 include/grub/lockdown.h
+
+diff --git a/Makefile.in b/Makefile.in
+index e6a185b..ecb3278 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -2617,7 +2617,9 @@ CPPFLAGS_PARTTOOL_LIST = -Dgrub_parttool_register=PARTTOOL_LIST_MARKER
+ CPPFLAGS_TERMINAL_LIST = '-Dgrub_term_register_input(...)=INPUT_TERMINAL_LIST_MARKER(__VA_ARGS__)' \
+ 	'-Dgrub_term_register_output(...)=OUTPUT_TERMINAL_LIST_MARKER(__VA_ARGS__)'
+ CPPFLAGS_COMMAND_LIST = '-Dgrub_register_command(...)=COMMAND_LIST_MARKER(__VA_ARGS__)' \
++	'-Dgrub_register_command_lockdown(...)=COMMAND_LOCKDOWN_LIST_MARKER(__VA_ARGS__)' \
+ 	'-Dgrub_register_extcmd(...)=EXTCOMMAND_LIST_MARKER(__VA_ARGS__)' \
++	'-Dgrub_register_extcmd_lockdown(...)=EXTCOMMAND_LOCKDOWN_LIST_MARKER(__VA_ARGS__)' \
+ 	'-Dgrub_register_command_p1(...)=P1COMMAND_LIST_MARKER(__VA_ARGS__)'
+ CPPFLAGS_FDT_LIST := '-Dgrub_fdtbus_register(...)=FDT_DRIVER_LIST_MARKER(__VA_ARGS__)'
+ CPPFLAGS_MARKER = $(CPPFLAGS_FS_LIST) $(CPPFLAGS_VIDEO_LIST) \
+diff --git a/conf/Makefile.common b/conf/Makefile.common
+index 6cd71cb..2a1a886 100644
+--- a/conf/Makefile.common
++++ b/conf/Makefile.common
+@@ -84,7 +84,9 @@ CPPFLAGS_PARTTOOL_LIST = -Dgrub_parttool_register=PARTTOOL_LIST_MARKER
+ CPPFLAGS_TERMINAL_LIST = '-Dgrub_term_register_input(...)=INPUT_TERMINAL_LIST_MARKER(__VA_ARGS__)'
+ CPPFLAGS_TERMINAL_LIST += '-Dgrub_term_register_output(...)=OUTPUT_TERMINAL_LIST_MARKER(__VA_ARGS__)'
+ CPPFLAGS_COMMAND_LIST = '-Dgrub_register_command(...)=COMMAND_LIST_MARKER(__VA_ARGS__)'
++CPPFLAGS_COMMAND_LIST += '-Dgrub_register_command_lockdown(...)=COMMAND_LOCKDOWN_LIST_MARKER(__VA_ARGS__)'
+ CPPFLAGS_COMMAND_LIST += '-Dgrub_register_extcmd(...)=EXTCOMMAND_LIST_MARKER(__VA_ARGS__)'
++CPPFLAGS_COMMAND_LIST += '-Dgrub_register_extcmd_lockdown(...)=EXTCOMMAND_LOCKDOWN_LIST_MARKER(__VA_ARGS__)'
+ CPPFLAGS_COMMAND_LIST += '-Dgrub_register_command_p1(...)=P1COMMAND_LIST_MARKER(__VA_ARGS__)'
+ CPPFLAGS_FDT_LIST := '-Dgrub_fdtbus_register(...)=FDT_DRIVER_LIST_MARKER(__VA_ARGS__)'
+ CPPFLAGS_MARKER = $(CPPFLAGS_FS_LIST) $(CPPFLAGS_VIDEO_LIST) \
+diff --git a/docs/grub-dev.texi b/docs/grub-dev.texi
+index ee389fd..635ec72 100644
+--- a/docs/grub-dev.texi
++++ b/docs/grub-dev.texi
+@@ -86,6 +86,7 @@ This edition documents version @value{VERSION}.
+ * PFF2 Font File Format::
+ * Graphical Menu Software Design::
+ * Verifiers framework::
++* Lockdown framework::
+ * Copying This Manual::         Copying This Manual
+ * Index::
+ @end menu
+@@ -2086,6 +2087,32 @@ Optionally at the end of the file @samp{fini}, if it exists, is called with just
+ the context. If you return no error during any of @samp{init}, @samp{write} and
+ @samp{fini} then the file is considered as having succeded verification.
+ 
++@node Lockdown framework
++@chapter Lockdown framework
++
++The GRUB can be locked down, which is a restricted mode where some operations
++are not allowed. For instance, some commands cannot be used when the GRUB is
++locked down.
++
++The function
++@code{grub_lockdown()} is used to lockdown GRUB and the function
++@code{grub_is_lockdown()} function can be used to check whether lockdown is
++enabled or not. When enabled, the function returns @samp{GRUB_LOCKDOWN_ENABLED}
++and @samp{GRUB_LOCKDOWN_DISABLED} when is not enabled.
++
++The following functions can be used to register the commands that can only be
++used when lockdown is disabled:
++
++@itemize
++
++@item @code{grub_cmd_lockdown()} registers command which should not run when the
++GRUB is in lockdown mode.
++
++@item @code{grub_cmd_lockdown()} registers extended command which should not run
++when the GRUB is in lockdown mode.
++
++@end itemize
++
+ @node Copying This Manual
+ @appendix Copying This Manual
+ 
+diff --git a/docs/grub.texi b/docs/grub.texi
+index aefe032..a25459f 100644
+--- a/docs/grub.texi
++++ b/docs/grub.texi
+@@ -5581,6 +5581,7 @@ environment variables and commands are listed in the same order.
+ * Using digital signatures::         Booting digitally signed code
+ * UEFI secure boot and shim::        Booting digitally signed PE files
+ * Measured Boot::                    Measuring boot components
++* Lockdown::                         Lockdown when booting on a secure setup
+ @end menu
+ 
+ @node Authentication and authorisation
+@@ -5795,6 +5796,13 @@ into @file{core.img} in order to avoid a potential gap in measurement between
+ 
+ Measured boot is currently only supported on EFI platforms.
+ 
++@node Lockdown
++@section Lockdown when booting on a secure setup
++
++The GRUB can be locked down when booted on a secure boot environment, for example
++if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will
++be restricted and some operations/commands cannot be executed.
++
+ @node Platform limitations
+ @chapter Platform limitations
+ 
+diff --git a/grub-core/Makefile.am b/grub-core/Makefile.am
+index cc6fc7d..30e23ad 100644
+--- a/grub-core/Makefile.am
++++ b/grub-core/Makefile.am
+@@ -80,6 +80,7 @@ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/fs.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/i18n.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/kernel.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/list.h
++KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/lockdown.h
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/misc.h
+ if COND_emu
+ KERNEL_HEADER_FILES += $(top_srcdir)/include/grub/compiler-rt-emu.h
+@@ -377,8 +378,10 @@ command.lst: $(MARKER_FILES)
+ 	  b=`basename $$pp .marker`; \
+ 	  sed -n \
+ 	    -e "/EXTCOMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \
++	    -e "/EXTCOMMAND_LOCKDOWN_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \
+ 	    -e "/P1COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \
+-	    -e "/COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" $$pp; \
++	    -e "/COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" \
++	    -e "/COMMAND_LOCKDOWN_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" $$pp; \
+ 	done) | sort -u > $@
+ platform_DATA += command.lst
+ CLEANFILES += command.lst
+diff --git a/grub-core/Makefile.core.am b/grub-core/Makefile.core.am
+index 5623a5e..fbfb627 100644
+--- a/grub-core/Makefile.core.am
++++ b/grub-core/Makefile.core.am
+@@ -22378,7 +22378,7 @@ endif
+ if COND_i386_efi
+ platform_PROGRAMS += kernel.exec
+ kernel_exec_SOURCES  = kern/i386/efi/startup.S 
+-kernel_exec_SOURCES += kern/i386/efi/tsc.c kern/i386/tsc_pmtimer.c kern/i386/efi/init.c bus/pci.c kern/i386/dl.c kern/i386/tsc.c kern/i386/tsc_pit.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c kern/verifiers.c 
++kernel_exec_SOURCES += kern/i386/efi/tsc.c kern/i386/tsc_pmtimer.c kern/i386/efi/init.c bus/pci.c kern/i386/dl.c kern/i386/tsc.c kern/i386/tsc_pit.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c kern/verifiers.c 
+ nodist_kernel_exec_SOURCES  = symlist.c  ## platform nodist sources
+ kernel_exec_LDADD  = 
+ kernel_exec_CFLAGS  = $(AM_CFLAGS) $(CFLAGS_KERNEL) 
+@@ -22488,7 +22488,7 @@ endif
+ if COND_x86_64_efi
+ platform_PROGRAMS += kernel.exec
+ kernel_exec_SOURCES  = kern/x86_64/efi/startup.S 
+-kernel_exec_SOURCES += kern/i386/efi/tsc.c kern/i386/tsc_pmtimer.c kern/x86_64/efi/callwrap.S kern/i386/efi/init.c bus/pci.c kern/x86_64/dl.c kern/i386/tsc.c kern/i386/tsc_pit.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c kern/verifiers.c 
++kernel_exec_SOURCES += kern/i386/efi/tsc.c kern/i386/tsc_pmtimer.c kern/x86_64/efi/callwrap.S kern/i386/efi/init.c bus/pci.c kern/x86_64/dl.c kern/i386/tsc.c kern/i386/tsc_pit.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c kern/verifiers.c 
+ nodist_kernel_exec_SOURCES  = symlist.c  ## platform nodist sources
+ kernel_exec_LDADD  = 
+ kernel_exec_CFLAGS  = $(AM_CFLAGS) $(CFLAGS_KERNEL) 
+@@ -22664,7 +22664,7 @@ endif
+ if COND_ia64_efi
+ platform_PROGRAMS += kernel.exec
+ kernel_exec_SOURCES  = 
+-kernel_exec_SOURCES += kern/ia64/efi/startup.S kern/ia64/efi/init.c kern/ia64/dl.c kern/ia64/dl_helper.c kern/ia64/cache.c lib/division.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c kern/verifiers.c 
++kernel_exec_SOURCES += kern/ia64/efi/startup.S kern/ia64/efi/init.c kern/ia64/dl.c kern/ia64/dl_helper.c kern/ia64/cache.c lib/division.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c kern/verifiers.c 
+ nodist_kernel_exec_SOURCES  = symlist.c  ## platform nodist sources
+ kernel_exec_LDADD  = 
+ kernel_exec_CFLAGS  = $(AM_CFLAGS) $(CFLAGS_KERNEL) -fno-builtin -fpic -minline-int-divide-max-throughput 
+@@ -22730,7 +22730,7 @@ endif
+ if COND_arm_efi
+ platform_PROGRAMS += kernel.exec
+ kernel_exec_SOURCES  = kern/arm/efi/startup.S 
+-kernel_exec_SOURCES += kern/arm/efi/init.c kern/efi/fdt.c kern/arm/dl.c kern/arm/dl_helper.c kern/arm/cache_armv6.S kern/arm/cache_armv7.S kern/arm/cache.c kern/arm/compiler-rt.S lib/division.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c kern/verifiers.c 
++kernel_exec_SOURCES += kern/arm/efi/init.c kern/efi/fdt.c kern/arm/dl.c kern/arm/dl_helper.c kern/arm/cache_armv6.S kern/arm/cache_armv7.S kern/arm/cache.c kern/arm/compiler-rt.S lib/division.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c kern/verifiers.c 
+ nodist_kernel_exec_SOURCES  = symlist.c  ## platform nodist sources
+ kernel_exec_LDADD  = 
+ kernel_exec_CFLAGS  = $(AM_CFLAGS) $(CFLAGS_KERNEL) 
+@@ -22752,7 +22752,7 @@ endif
+ if COND_arm64_efi
+ platform_PROGRAMS += kernel.exec
+ kernel_exec_SOURCES  = kern/arm64/efi/startup.S 
+-kernel_exec_SOURCES += kern/arm64/efi/init.c kern/efi/fdt.c kern/arm64/cache.c kern/arm64/cache_flush.S kern/arm64/dl.c kern/arm64/dl_helper.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c kern/verifiers.c 
++kernel_exec_SOURCES += kern/arm64/efi/init.c kern/efi/fdt.c kern/arm64/cache.c kern/arm64/cache_flush.S kern/arm64/dl.c kern/arm64/dl_helper.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c kern/verifiers.c 
+ nodist_kernel_exec_SOURCES  = symlist.c  ## platform nodist sources
+ kernel_exec_LDADD  = 
+ kernel_exec_CFLAGS  = $(AM_CFLAGS) $(CFLAGS_KERNEL) 
+@@ -22796,7 +22796,7 @@ endif
+ if COND_riscv32_efi
+ platform_PROGRAMS += kernel.exec
+ kernel_exec_SOURCES  = kern/riscv/efi/startup.S 
+-kernel_exec_SOURCES += kern/riscv/efi/init.c kern/efi/fdt.c kern/riscv/cache.c kern/riscv/cache_flush.S kern/riscv/dl.c lib/division.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c kern/verifiers.c 
++kernel_exec_SOURCES += kern/riscv/efi/init.c kern/efi/fdt.c kern/riscv/cache.c kern/riscv/cache_flush.S kern/riscv/dl.c lib/division.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c kern/verifiers.c 
+ nodist_kernel_exec_SOURCES  = symlist.c  ## platform nodist sources
+ kernel_exec_LDADD  = 
+ kernel_exec_CFLAGS  = $(AM_CFLAGS) $(CFLAGS_KERNEL) 
+@@ -22818,7 +22818,7 @@ endif
+ if COND_riscv64_efi
+ platform_PROGRAMS += kernel.exec
+ kernel_exec_SOURCES  = kern/riscv/efi/startup.S 
+-kernel_exec_SOURCES += kern/riscv/efi/init.c kern/efi/fdt.c kern/riscv/cache.c kern/riscv/cache_flush.S kern/riscv/dl.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c kern/verifiers.c 
++kernel_exec_SOURCES += kern/riscv/efi/init.c kern/efi/fdt.c kern/riscv/cache.c kern/riscv/cache_flush.S kern/riscv/dl.c disk/efi/efidisk.c kern/efi/efi.c kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c kern/compiler-rt.c kern/mm.c kern/time.c kern/generic/millisleep.c kern/command.c kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c kern/parser.c kern/partition.c kern/rescue_parser.c kern/rescue_reader.c kern/term.c kern/verifiers.c 
+ nodist_kernel_exec_SOURCES  = symlist.c  ## platform nodist sources
+ kernel_exec_LDADD  = 
+ kernel_exec_CFLAGS  = $(AM_CFLAGS) $(CFLAGS_KERNEL) 
+diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
+index 4d380ed..ee8dc55 100644
+--- a/grub-core/Makefile.core.def
++++ b/grub-core/Makefile.core.def
+@@ -205,6 +205,7 @@ kernel = {
+   efi = kern/acpi.c;
+   efi = kern/efi/acpi.c;
+   efi = kern/efi/sb.c;
++  efi = kern/lockdown.c;
+   i386_coreboot = kern/i386/pc/acpi.c;
+   i386_multiboot = kern/i386/pc/acpi.c;
+   i386_coreboot = kern/acpi.c;
+diff --git a/grub-core/Makefile.in b/grub-core/Makefile.in
+index 09dc802..ac400ea 100644
+--- a/grub-core/Makefile.in
++++ b/grub-core/Makefile.in
+@@ -10457,13 +10457,14 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ 	kern/arm64/cache_flush.S kern/arm64/dl.c \
+ 	kern/arm64/dl_helper.c disk/efi/efidisk.c kern/efi/efi.c \
+ 	kern/efi/init.c kern/efi/mm.c term/efi/console.c kern/acpi.c \
+-	kern/efi/acpi.c kern/efi/sb.c kern/compiler-rt.c kern/mm.c \
+-	kern/time.c kern/generic/millisleep.c kern/command.c \
+-	kern/corecmd.c kern/device.c kern/disk.c kern/dl.c kern/env.c \
+-	kern/err.c kern/file.c kern/fs.c kern/list.c kern/main.c \
+-	kern/misc.c kern/parser.c kern/partition.c \
+-	kern/rescue_parser.c kern/rescue_reader.c kern/term.c \
+-	kern/verifiers.c kern/arm/startup.S kern/arm/coreboot/init.c \
++	kern/efi/acpi.c kern/efi/sb.c kern/lockdown.c \
++	kern/compiler-rt.c kern/mm.c kern/time.c \
++	kern/generic/millisleep.c kern/command.c kern/corecmd.c \
++	kern/device.c kern/disk.c kern/dl.c kern/env.c kern/err.c \
++	kern/file.c kern/fs.c kern/list.c kern/main.c kern/misc.c \
++	kern/parser.c kern/partition.c kern/rescue_parser.c \
++	kern/rescue_reader.c kern/term.c kern/verifiers.c \
++	kern/arm/startup.S kern/arm/coreboot/init.c \
+ 	kern/arm/coreboot/timer.c kern/arm/coreboot/coreboot.S \
+ 	lib/fdt.c bus/fdt.c term/ps2.c term/arm/pl050.c \
+ 	term/arm/cros.c term/arm/cros_ec.c bus/spi/rk3288_spi.c \
+@@ -10572,6 +10573,7 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_FALSE@@COND_sparc64_ieee1275_FALSE@@COND_x86_64_efi_TRUE@	kern/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_FALSE@@COND_sparc64_ieee1275_FALSE@@COND_x86_64_efi_TRUE@	kern/efi/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_FALSE@@COND_sparc64_ieee1275_FALSE@@COND_x86_64_efi_TRUE@	kern/efi/kernel_exec-sb.$(OBJEXT) \
++@COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_FALSE@@COND_sparc64_ieee1275_FALSE@@COND_x86_64_efi_TRUE@	kern/kernel_exec-lockdown.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_FALSE@@COND_sparc64_ieee1275_FALSE@@COND_x86_64_efi_TRUE@	kern/kernel_exec-compiler-rt.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_FALSE@@COND_sparc64_ieee1275_FALSE@@COND_x86_64_efi_TRUE@	kern/kernel_exec-mm.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_FALSE@@COND_sparc64_ieee1275_FALSE@@COND_x86_64_efi_TRUE@	kern/kernel_exec-time.$(OBJEXT) \
+@@ -10646,6 +10648,7 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_TRUE@	kern/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_TRUE@	kern/efi/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_TRUE@	kern/efi/kernel_exec-sb.$(OBJEXT) \
++@COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_TRUE@	kern/kernel_exec-lockdown.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_TRUE@	kern/kernel_exec-compiler-rt.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_TRUE@	kern/kernel_exec-mm.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_FALSE@@COND_riscv64_efi_TRUE@	kern/kernel_exec-time.$(OBJEXT) \
+@@ -10683,6 +10686,7 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_TRUE@	kern/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_TRUE@	kern/efi/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_TRUE@	kern/efi/kernel_exec-sb.$(OBJEXT) \
++@COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_TRUE@	kern/kernel_exec-lockdown.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_TRUE@	kern/kernel_exec-compiler-rt.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_TRUE@	kern/kernel_exec-mm.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_FALSE@@COND_mips_arc_FALSE@@COND_mips_loongson_FALSE@@COND_mips_qemu_mips_FALSE@@COND_powerpc_ieee1275_FALSE@@COND_riscv32_efi_TRUE@	kern/kernel_exec-time.$(OBJEXT) \
+@@ -10884,6 +10888,7 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_TRUE@	kern/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_TRUE@	kern/efi/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_TRUE@	kern/efi/kernel_exec-sb.$(OBJEXT) \
++@COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_TRUE@	kern/kernel_exec-lockdown.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_TRUE@	kern/kernel_exec-compiler-rt.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_TRUE@	kern/kernel_exec-mm.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_FALSE@@COND_i386_ieee1275_FALSE@@COND_i386_multiboot_FALSE@@COND_i386_pc_FALSE@@COND_i386_qemu_FALSE@@COND_i386_xen_FALSE@@COND_i386_xen_pvh_FALSE@@COND_ia64_efi_TRUE@	kern/kernel_exec-time.$(OBJEXT) \
+@@ -11120,6 +11125,7 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_TRUE@	kern/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_TRUE@	kern/efi/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_TRUE@	kern/efi/kernel_exec-sb.$(OBJEXT) \
++@COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_TRUE@	kern/kernel_exec-lockdown.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_TRUE@	kern/kernel_exec-compiler-rt.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_TRUE@	kern/kernel_exec-mm.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_FALSE@@COND_arm_uboot_FALSE@@COND_emu_FALSE@@COND_i386_coreboot_FALSE@@COND_i386_efi_TRUE@	kern/kernel_exec-time.$(OBJEXT) \
+@@ -11287,6 +11293,7 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_TRUE@	kern/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_TRUE@	kern/efi/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_TRUE@	kern/efi/kernel_exec-sb.$(OBJEXT) \
++@COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_TRUE@	kern/kernel_exec-lockdown.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_TRUE@	kern/kernel_exec-compiler-rt.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_TRUE@	kern/kernel_exec-mm.$(OBJEXT) \
+ @COND_arm64_efi_FALSE@@COND_arm_coreboot_FALSE@@COND_arm_efi_TRUE@	kern/kernel_exec-time.$(OBJEXT) \
+@@ -11379,6 +11386,7 @@ am__kernel_exec_SOURCES_DIST = kern/arm64/efi/startup.S \
+ @COND_arm64_efi_TRUE@	kern/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_TRUE@	kern/efi/kernel_exec-acpi.$(OBJEXT) \
+ @COND_arm64_efi_TRUE@	kern/efi/kernel_exec-sb.$(OBJEXT) \
++@COND_arm64_efi_TRUE@	kern/kernel_exec-lockdown.$(OBJEXT) \
+ @COND_arm64_efi_TRUE@	kern/kernel_exec-compiler-rt.$(OBJEXT) \
+ @COND_arm64_efi_TRUE@	kern/kernel_exec-mm.$(OBJEXT) \
+ @COND_arm64_efi_TRUE@	kern/kernel_exec-time.$(OBJEXT) \
+@@ -15379,7 +15387,9 @@ CPPFLAGS_PARTTOOL_LIST = -Dgrub_parttool_register=PARTTOOL_LIST_MARKER
+ CPPFLAGS_TERMINAL_LIST = '-Dgrub_term_register_input(...)=INPUT_TERMINAL_LIST_MARKER(__VA_ARGS__)' \
+ 	'-Dgrub_term_register_output(...)=OUTPUT_TERMINAL_LIST_MARKER(__VA_ARGS__)'
+ CPPFLAGS_COMMAND_LIST = '-Dgrub_register_command(...)=COMMAND_LIST_MARKER(__VA_ARGS__)' \
++	'-Dgrub_register_command_lockdown(...)=COMMAND_LOCKDOWN_LIST_MARKER(__VA_ARGS__)' \
+ 	'-Dgrub_register_extcmd(...)=EXTCOMMAND_LIST_MARKER(__VA_ARGS__)' \
++	'-Dgrub_register_extcmd_lockdown(...)=EXTCOMMAND_LOCKDOWN_LIST_MARKER(__VA_ARGS__)' \
+ 	'-Dgrub_register_command_p1(...)=P1COMMAND_LIST_MARKER(__VA_ARGS__)'
+ CPPFLAGS_FDT_LIST := '-Dgrub_fdtbus_register(...)=FDT_DRIVER_LIST_MARKER(__VA_ARGS__)'
+ CPPFLAGS_MARKER = $(CPPFLAGS_FS_LIST) $(CPPFLAGS_VIDEO_LIST) \
+@@ -16387,6 +16397,7 @@ KERNEL_HEADER_FILES = $(top_srcdir)/include/grub/cache.h \
+ 	$(top_srcdir)/include/grub/i18n.h \
+ 	$(top_srcdir)/include/grub/kernel.h \
+ 	$(top_srcdir)/include/grub/list.h \
++	$(top_srcdir)/include/grub/lockdown.h \
+ 	$(top_srcdir)/include/grub/misc.h $(am__append_5794) \
+ 	$(am__append_5795) $(top_srcdir)/include/grub/mm.h \
+ 	$(top_srcdir)/include/grub/parser.h \
+@@ -25594,7 +25605,8 @@ gcry_whirlpool_module_DEPENDENCIES = $(TARGET_OBJ2ELF)
+ @COND_arm64_efi_TRUE@	kern/efi/efi.c kern/efi/init.c \
+ @COND_arm64_efi_TRUE@	kern/efi/mm.c term/efi/console.c \
+ @COND_arm64_efi_TRUE@	kern/acpi.c kern/efi/acpi.c kern/efi/sb.c \
+-@COND_arm64_efi_TRUE@	kern/compiler-rt.c kern/mm.c kern/time.c \
++@COND_arm64_efi_TRUE@	kern/lockdown.c kern/compiler-rt.c \
++@COND_arm64_efi_TRUE@	kern/mm.c kern/time.c \
+ @COND_arm64_efi_TRUE@	kern/generic/millisleep.c kern/command.c \
+ @COND_arm64_efi_TRUE@	kern/corecmd.c kern/device.c kern/disk.c \
+ @COND_arm64_efi_TRUE@	kern/dl.c kern/env.c kern/err.c \
+@@ -25645,7 +25657,8 @@ gcry_whirlpool_module_DEPENDENCIES = $(TARGET_OBJ2ELF)
+ @COND_arm_efi_TRUE@	kern/efi/init.c kern/efi/mm.c \
+ @COND_arm_efi_TRUE@	term/efi/console.c kern/acpi.c \
+ @COND_arm_efi_TRUE@	kern/efi/acpi.c kern/efi/sb.c \
+-@COND_arm_efi_TRUE@	kern/compiler-rt.c kern/mm.c kern/time.c \
++@COND_arm_efi_TRUE@	kern/lockdown.c kern/compiler-rt.c \
++@COND_arm_efi_TRUE@	kern/mm.c kern/time.c \
+ @COND_arm_efi_TRUE@	kern/generic/millisleep.c kern/command.c \
+ @COND_arm_efi_TRUE@	kern/corecmd.c kern/device.c kern/disk.c \
+ @COND_arm_efi_TRUE@	kern/dl.c kern/env.c kern/err.c kern/file.c \
+@@ -25725,7 +25738,8 @@ gcry_whirlpool_module_DEPENDENCIES = $(TARGET_OBJ2ELF)
+ @COND_i386_efi_TRUE@	kern/efi/efi.c kern/efi/init.c \
+ @COND_i386_efi_TRUE@	kern/efi/mm.c term/efi/console.c \
+ @COND_i386_efi_TRUE@	kern/acpi.c kern/efi/acpi.c kern/efi/sb.c \
+-@COND_i386_efi_TRUE@	kern/compiler-rt.c kern/mm.c kern/time.c \
++@COND_i386_efi_TRUE@	kern/lockdown.c kern/compiler-rt.c \
++@COND_i386_efi_TRUE@	kern/mm.c kern/time.c \
+ @COND_i386_efi_TRUE@	kern/generic/millisleep.c kern/command.c \
+ @COND_i386_efi_TRUE@	kern/corecmd.c kern/device.c kern/disk.c \
+ @COND_i386_efi_TRUE@	kern/dl.c kern/env.c kern/err.c \
+@@ -25843,7 +25857,8 @@ gcry_whirlpool_module_DEPENDENCIES = $(TARGET_OBJ2ELF)
+ @COND_ia64_efi_TRUE@	kern/efi/efi.c kern/efi/init.c \
+ @COND_ia64_efi_TRUE@	kern/efi/mm.c term/efi/console.c \
+ @COND_ia64_efi_TRUE@	kern/acpi.c kern/efi/acpi.c kern/efi/sb.c \
+-@COND_ia64_efi_TRUE@	kern/compiler-rt.c kern/mm.c kern/time.c \
++@COND_ia64_efi_TRUE@	kern/lockdown.c kern/compiler-rt.c \
++@COND_ia64_efi_TRUE@	kern/mm.c kern/time.c \
+ @COND_ia64_efi_TRUE@	kern/generic/millisleep.c kern/command.c \
+ @COND_ia64_efi_TRUE@	kern/corecmd.c kern/device.c kern/disk.c \
+ @COND_ia64_efi_TRUE@	kern/dl.c kern/env.c kern/err.c \
+@@ -25956,8 +25971,9 @@ gcry_whirlpool_module_DEPENDENCIES = $(TARGET_OBJ2ELF)
+ @COND_riscv32_efi_TRUE@	kern/efi/init.c kern/efi/mm.c \
+ @COND_riscv32_efi_TRUE@	term/efi/console.c kern/acpi.c \
+ @COND_riscv32_efi_TRUE@	kern/efi/acpi.c kern/efi/sb.c \
+-@COND_riscv32_efi_TRUE@	kern/compiler-rt.c kern/mm.c \
+-@COND_riscv32_efi_TRUE@	kern/time.c kern/generic/millisleep.c \
++@COND_riscv32_efi_TRUE@	kern/lockdown.c kern/compiler-rt.c \
++@COND_riscv32_efi_TRUE@	kern/mm.c kern/time.c \
++@COND_riscv32_efi_TRUE@	kern/generic/millisleep.c \
+ @COND_riscv32_efi_TRUE@	kern/command.c kern/corecmd.c \
+ @COND_riscv32_efi_TRUE@	kern/device.c kern/disk.c kern/dl.c \
+ @COND_riscv32_efi_TRUE@	kern/env.c kern/err.c kern/file.c \
+@@ -25974,9 +25990,9 @@ gcry_whirlpool_module_DEPENDENCIES = $(TARGET_OBJ2ELF)
+ @COND_riscv64_efi_TRUE@	kern/efi/efi.c kern/efi/init.c \
+ @COND_riscv64_efi_TRUE@	kern/efi/mm.c term/efi/console.c \
+ @COND_riscv64_efi_TRUE@	kern/acpi.c kern/efi/acpi.c \
+-@COND_riscv64_efi_TRUE@	kern/efi/sb.c kern/compiler-rt.c \
+-@COND_riscv64_efi_TRUE@	kern/mm.c kern/time.c \
+-@COND_riscv64_efi_TRUE@	kern/generic/millisleep.c \
++@COND_riscv64_efi_TRUE@	kern/efi/sb.c kern/lockdown.c \
++@COND_riscv64_efi_TRUE@	kern/compiler-rt.c kern/mm.c \
++@COND_riscv64_efi_TRUE@	kern/time.c kern/generic/millisleep.c \
+ @COND_riscv64_efi_TRUE@	kern/command.c kern/corecmd.c \
+ @COND_riscv64_efi_TRUE@	kern/device.c kern/disk.c kern/dl.c \
+ @COND_riscv64_efi_TRUE@	kern/env.c kern/err.c kern/file.c \
+@@ -26022,8 +26038,8 @@ gcry_whirlpool_module_DEPENDENCIES = $(TARGET_OBJ2ELF)
+ @COND_x86_64_efi_TRUE@	kern/efi/efi.c kern/efi/init.c \
+ @COND_x86_64_efi_TRUE@	kern/efi/mm.c term/efi/console.c \
+ @COND_x86_64_efi_TRUE@	kern/acpi.c kern/efi/acpi.c \
+-@COND_x86_64_efi_TRUE@	kern/efi/sb.c kern/compiler-rt.c \
+-@COND_x86_64_efi_TRUE@	kern/mm.c kern/time.c \
++@COND_x86_64_efi_TRUE@	kern/efi/sb.c kern/lockdown.c \
++@COND_x86_64_efi_TRUE@	kern/compiler-rt.c kern/mm.c kern/time.c \
+ @COND_x86_64_efi_TRUE@	kern/generic/millisleep.c kern/command.c \
+ @COND_x86_64_efi_TRUE@	kern/corecmd.c kern/device.c kern/disk.c \
+ @COND_x86_64_efi_TRUE@	kern/dl.c kern/env.c kern/err.c \
+@@ -27994,6 +28010,8 @@ kern/efi/kernel_exec-acpi.$(OBJEXT): kern/efi/$(am__dirstamp) \
+ 	kern/efi/$(DEPDIR)/$(am__dirstamp)
+ kern/efi/kernel_exec-sb.$(OBJEXT): kern/efi/$(am__dirstamp) \
+ 	kern/efi/$(DEPDIR)/$(am__dirstamp)
++kern/kernel_exec-lockdown.$(OBJEXT): kern/$(am__dirstamp) \
++	kern/$(DEPDIR)/$(am__dirstamp)
+ kern/kernel_exec-compiler-rt.$(OBJEXT): kern/$(am__dirstamp) \
+ 	kern/$(DEPDIR)/$(am__dirstamp)
+ kern/kernel_exec-mm.$(OBJEXT): kern/$(am__dirstamp) \
+@@ -30945,6 +30963,7 @@ distclean-compile:
+ @AMDEP_TRUE@@am__include@ @am__quote@kern/$(DEPDIR)/kernel_exec-file.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@kern/$(DEPDIR)/kernel_exec-fs.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@kern/$(DEPDIR)/kernel_exec-list.Po@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@kern/$(DEPDIR)/kernel_exec-lockdown.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@kern/$(DEPDIR)/kernel_exec-main.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@kern/$(DEPDIR)/kernel_exec-misc.Po@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@kern/$(DEPDIR)/kernel_exec-mm.Po@am__quote@
+@@ -35293,6 +35312,20 @@ kern/efi/kernel_exec-sb.obj: kern/efi/sb.c
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(kernel_exec_CPPFLAGS) $(CPPFLAGS) $(kernel_exec_CFLAGS) $(CFLAGS) -c -o kern/efi/kernel_exec-sb.obj `if test -f 'kern/efi/sb.c'; then $(CYGPATH_W) 'kern/efi/sb.c'; else $(CYGPATH_W) '$(srcdir)/kern/efi/sb.c'; fi`
+ 
++kern/kernel_exec-lockdown.o: kern/lockdown.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(kernel_exec_CPPFLAGS) $(CPPFLAGS) $(kernel_exec_CFLAGS) $(CFLAGS) -MT kern/kernel_exec-lockdown.o -MD -MP -MF kern/$(DEPDIR)/kernel_exec-lockdown.Tpo -c -o kern/kernel_exec-lockdown.o `test -f 'kern/lockdown.c' || echo '$(srcdir)/'`kern/lockdown.c
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) kern/$(DEPDIR)/kernel_exec-lockdown.Tpo kern/$(DEPDIR)/kernel_exec-lockdown.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='kern/lockdown.c' object='kern/kernel_exec-lockdown.o' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(kernel_exec_CPPFLAGS) $(CPPFLAGS) $(kernel_exec_CFLAGS) $(CFLAGS) -c -o kern/kernel_exec-lockdown.o `test -f 'kern/lockdown.c' || echo '$(srcdir)/'`kern/lockdown.c
++
++kern/kernel_exec-lockdown.obj: kern/lockdown.c
++@am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(kernel_exec_CPPFLAGS) $(CPPFLAGS) $(kernel_exec_CFLAGS) $(CFLAGS) -MT kern/kernel_exec-lockdown.obj -MD -MP -MF kern/$(DEPDIR)/kernel_exec-lockdown.Tpo -c -o kern/kernel_exec-lockdown.obj `if test -f 'kern/lockdown.c'; then $(CYGPATH_W) 'kern/lockdown.c'; else $(CYGPATH_W) '$(srcdir)/kern/lockdown.c'; fi`
++@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) kern/$(DEPDIR)/kernel_exec-lockdown.Tpo kern/$(DEPDIR)/kernel_exec-lockdown.Po
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='kern/lockdown.c' object='kern/kernel_exec-lockdown.obj' libtool=no @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(kernel_exec_CPPFLAGS) $(CPPFLAGS) $(kernel_exec_CFLAGS) $(CFLAGS) -c -o kern/kernel_exec-lockdown.obj `if test -f 'kern/lockdown.c'; then $(CYGPATH_W) 'kern/lockdown.c'; else $(CYGPATH_W) '$(srcdir)/kern/lockdown.c'; fi`
++
+ kern/kernel_exec-compiler-rt.o: kern/compiler-rt.c
+ @am__fastdepCC_TRUE@	$(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(kernel_exec_CPPFLAGS) $(CPPFLAGS) $(kernel_exec_CFLAGS) $(CFLAGS) -MT kern/kernel_exec-compiler-rt.o -MD -MP -MF kern/$(DEPDIR)/kernel_exec-compiler-rt.Tpo -c -o kern/kernel_exec-compiler-rt.o `test -f 'kern/compiler-rt.c' || echo '$(srcdir)/'`kern/compiler-rt.c
+ @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) kern/$(DEPDIR)/kernel_exec-compiler-rt.Tpo kern/$(DEPDIR)/kernel_exec-compiler-rt.Po
+@@ -46650,8 +46683,10 @@ command.lst: $(MARKER_FILES)
+ 	  b=`basename $$pp .marker`; \
+ 	  sed -n \
+ 	    -e "/EXTCOMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \
++	    -e "/EXTCOMMAND_LOCKDOWN_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \
+ 	    -e "/P1COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/*\1: $$b/;p;}" \
+-	    -e "/COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" $$pp; \
++	    -e "/COMMAND_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" \
++	    -e "/COMMAND_LOCKDOWN_LIST_MARKER *( *\"/{s/.*( *\"\([^\"]*\)\".*/\1: $$b/;p;}" $$pp; \
+ 	done) | sort -u > $@
+ 
+ partmap.lst: $(MARKER_FILES)
+diff --git a/grub-core/commands/extcmd.c b/grub-core/commands/extcmd.c
+index 69574e2..90a5ca2 100644
+--- a/grub-core/commands/extcmd.c
++++ b/grub-core/commands/extcmd.c
+@@ -19,6 +19,7 @@
+ 
+ #include <grub/mm.h>
+ #include <grub/list.h>
++#include <grub/lockdown.h>
+ #include <grub/misc.h>
+ #include <grub/extcmd.h>
+ #include <grub/script_sh.h>
+@@ -110,6 +111,28 @@ grub_register_extcmd (const char *name, grub_extcmd_func_t func,
+ 				    summary, description, parser, 1);
+ }
+ 
++static grub_err_t
++grub_extcmd_lockdown (grub_extcmd_context_t ctxt __attribute__ ((unused)),
++                      int argc __attribute__ ((unused)),
++                      char **argv __attribute__ ((unused)))
++{
++  return grub_error (GRUB_ERR_ACCESS_DENIED,
++                     N_("%s: the command is not allowed when lockdown is enforced"),
++                     ctxt->extcmd->cmd->name);
++}
++
++grub_extcmd_t
++grub_register_extcmd_lockdown (const char *name, grub_extcmd_func_t func,
++                               grub_command_flags_t flags, const char *summary,
++                               const char *description,
++                               const struct grub_arg_option *parser)
++{
++  if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED)
++    func = grub_extcmd_lockdown;
++
++  return grub_register_extcmd (name, func, flags, summary, description, parser);
++}
++
+ void
+ grub_unregister_extcmd (grub_extcmd_t ext)
+ {
+diff --git a/grub-core/kern/command.c b/grub-core/kern/command.c
+index acd7218..4aabcd4 100644
+--- a/grub-core/kern/command.c
++++ b/grub-core/kern/command.c
+@@ -17,6 +17,7 @@
+  *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+  */
+ 
++#include <grub/lockdown.h>
+ #include <grub/mm.h>
+ #include <grub/command.h>
+ 
+@@ -77,6 +78,29 @@ grub_register_command_prio (const char *name,
+   return cmd;
+ }
+ 
++static grub_err_t
++grub_cmd_lockdown (grub_command_t cmd __attribute__ ((unused)),
++                   int argc __attribute__ ((unused)),
++                   char **argv __attribute__ ((unused)))
++
++{
++  return grub_error (GRUB_ERR_ACCESS_DENIED,
++                     N_("%s: the command is not allowed when lockdown is enforced"),
++                     cmd->name);
++}
++
++grub_command_t
++grub_register_command_lockdown (const char *name,
++                                grub_command_func_t func,
++                                const char *summary,
++                                const char *description)
++{
++  if (grub_is_lockdown () == GRUB_LOCKDOWN_ENABLED)
++    func = grub_cmd_lockdown;
++
++  return grub_register_command_prio (name, func, summary, description, 0);
++}
++
+ void
+ grub_unregister_command (grub_command_t cmd)
+ {
+diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c
+new file mode 100644
+index 0000000..1e56c0b
+--- /dev/null
++++ b/grub-core/kern/lockdown.c
+@@ -0,0 +1,80 @@
++/*
++ *  GRUB  --  GRand Unified Bootloader
++ *  Copyright (C) 2020  Free Software Foundation, Inc.
++ *
++ *  GRUB is free software: you can redistribute it and/or modify
++ *  it under the terms of the GNU General Public License as published by
++ *  the Free Software Foundation, either version 3 of the License, or
++ *  (at your option) any later version.
++ *
++ *  GRUB is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *  GNU General Public License for more details.
++ *
++ *  You should have received a copy of the GNU General Public License
++ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
++ *
++ */
++
++#include <grub/dl.h>
++#include <grub/file.h>
++#include <grub/lockdown.h>
++#include <grub/verify.h>
++
++static int lockdown = GRUB_LOCKDOWN_DISABLED;
++
++static grub_err_t
++lockdown_verifier_init (grub_file_t io __attribute__ ((unused)),
++                    enum grub_file_type type,
++                    void **context __attribute__ ((unused)),
++                    enum grub_verify_flags *flags)
++{
++  *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
++
++  switch (type & GRUB_FILE_TYPE_MASK)
++    {
++    case GRUB_FILE_TYPE_GRUB_MODULE:
++    case GRUB_FILE_TYPE_LINUX_KERNEL:
++    case GRUB_FILE_TYPE_MULTIBOOT_KERNEL:
++    case GRUB_FILE_TYPE_XEN_HYPERVISOR:
++    case GRUB_FILE_TYPE_BSD_KERNEL:
++    case GRUB_FILE_TYPE_XNU_KERNEL:
++    case GRUB_FILE_TYPE_PLAN9_KERNEL:
++    case GRUB_FILE_TYPE_NTLDR:
++    case GRUB_FILE_TYPE_TRUECRYPT:
++    case GRUB_FILE_TYPE_FREEDOS:
++    case GRUB_FILE_TYPE_PXECHAINLOADER:
++    case GRUB_FILE_TYPE_PCCHAINLOADER:
++    case GRUB_FILE_TYPE_COREBOOT_CHAINLOADER:
++    case GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE:
++    case GRUB_FILE_TYPE_ACPI_TABLE:
++    case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:
++      *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;
++
++      /* Fall through. */
++
++    default:
++      return GRUB_ERR_NONE;
++    }
++}
++
++struct grub_file_verifier lockdown_verifier =
++  {
++    .name = "lockdown_verifier",
++    .init = lockdown_verifier_init,
++  };
++
++void
++grub_lockdown (void)
++{
++  lockdown = GRUB_LOCKDOWN_ENABLED;
++
++  grub_verifier_register (&lockdown_verifier);
++}
++
++int
++grub_is_lockdown (void)
++{
++  return lockdown;
++}
+diff --git a/include/grub/command.h b/include/grub/command.h
+index eee4e84..2a6f7f8 100644
+--- a/include/grub/command.h
++++ b/include/grub/command.h
+@@ -86,6 +86,11 @@ EXPORT_FUNC(grub_register_command_prio) (const char *name,
+ 					 const char *summary,
+ 					 const char *description,
+ 					 int prio);
++grub_command_t
++EXPORT_FUNC(grub_register_command_lockdown) (const char *name,
++                                             grub_command_func_t func,
++                                             const char *summary,
++                                             const char *description);
+ void EXPORT_FUNC(grub_unregister_command) (grub_command_t cmd);
+ 
+ static inline grub_command_t
+diff --git a/include/grub/extcmd.h b/include/grub/extcmd.h
+index 19fe592..fe9248b 100644
+--- a/include/grub/extcmd.h
++++ b/include/grub/extcmd.h
+@@ -62,6 +62,13 @@ grub_extcmd_t EXPORT_FUNC(grub_register_extcmd) (const char *name,
+ 						 const char *description,
+ 						 const struct grub_arg_option *parser);
+ 
++grub_extcmd_t EXPORT_FUNC(grub_register_extcmd_lockdown) (const char *name,
++                                                          grub_extcmd_func_t func,
++                                                          grub_command_flags_t flags,
++                                                          const char *summary,
++                                                          const char *description,
++                                                          const struct grub_arg_option *parser);
++
+ grub_extcmd_t EXPORT_FUNC(grub_register_extcmd_prio) (const char *name,
+ 						      grub_extcmd_func_t func,
+ 						      grub_command_flags_t flags,
+diff --git a/include/grub/lockdown.h b/include/grub/lockdown.h
+new file mode 100644
+index 0000000..40531fa
+--- /dev/null
++++ b/include/grub/lockdown.h
+@@ -0,0 +1,44 @@
++/*
++ *  GRUB  --  GRand Unified Bootloader
++ *  Copyright (C) 2020  Free Software Foundation, Inc.
++ *
++ *  GRUB is free software: you can redistribute it and/or modify
++ *  it under the terms of the GNU General Public License as published by
++ *  the Free Software Foundation, either version 3 of the License, or
++ *  (at your option) any later version.
++ *
++ *  GRUB is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *  GNU General Public License for more details.
++ *
++ *  You should have received a copy of the GNU General Public License
++ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
++ */
++
++#ifndef GRUB_LOCKDOWN_H
++#define GRUB_LOCKDOWN_H 1
++
++#include <grub/symbol.h>
++
++#define GRUB_LOCKDOWN_DISABLED       0
++#define GRUB_LOCKDOWN_ENABLED        1
++
++#ifdef GRUB_MACHINE_EFI
++extern void
++EXPORT_FUNC (grub_lockdown) (void);
++extern int
++EXPORT_FUNC (grub_is_lockdown) (void);
++#else
++static inline void
++grub_lockdown (void)
++{
++}
++
++static inline int
++grub_is_lockdown (void)
++{
++  return GRUB_LOCKDOWN_DISABLED;
++}
++#endif
++#endif /* ! GRUB_LOCKDOWN_H */
+diff --git a/po/POTFILES.in b/po/POTFILES.in
+index 49755d3..5e26845 100644
+--- a/po/POTFILES.in
++++ b/po/POTFILES.in
+@@ -309,6 +309,7 @@
+ ./grub-core/kern/ieee1275/mmap.c
+ ./grub-core/kern/ieee1275/openfw.c
+ ./grub-core/kern/list.c
++./grub-core/kern/lockdown.c
+ ./grub-core/kern/main.c
+ ./grub-core/kern/mips/arc/init.c
+ ./grub-core/kern/mips/dl.c
+@@ -1207,6 +1208,7 @@
+ ./include/grub/linux.h
+ ./include/grub/list.h
+ ./include/grub/loader.h
++./include/grub/lockdown.h
+ ./include/grub/lvm.h
+ ./include/grub/macho.h
+ ./include/grub/machoload.h
+-- 
+2.14.2
+

boot/grub2/0036-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch

@@ -0,0 +1,57 @@
+From d90367471779c240e002e62edfb6b31fc85b4908 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 2 Feb 2021 19:59:48 +0100
+Subject: [PATCH] kern/lockdown: Set a variable if the GRUB is locked down
+
+It may be useful for scripts to determine whether the GRUB is locked
+down or not. Add the lockdown variable which is set to "y" when the GRUB
+is locked down.
+
+Suggested-by: Dimitri John Ledkov <xnox@ubuntu.com>
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ docs/grub.texi            | 3 +++
+ grub-core/kern/lockdown.c | 4 ++++
+ 2 files changed, 7 insertions(+)
+
+diff --git a/docs/grub.texi b/docs/grub.texi
+index a25459f..bdbb329 100644
+--- a/docs/grub.texi
++++ b/docs/grub.texi
+@@ -5803,6 +5803,9 @@ The GRUB can be locked down when booted on a secure boot environment, for exampl
+ if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will
+ be restricted and some operations/commands cannot be executed.
+ 
++The @samp{lockdown} variable is set to @samp{y} when the GRUB is locked down.
++Otherwise it does not exit.
++
+ @node Platform limitations
+ @chapter Platform limitations
+ 
+diff --git a/grub-core/kern/lockdown.c b/grub-core/kern/lockdown.c
+index 1e56c0b..0bc70fd 100644
+--- a/grub-core/kern/lockdown.c
++++ b/grub-core/kern/lockdown.c
+@@ -18,6 +18,7 @@
+  */
+ 
+ #include <grub/dl.h>
++#include <grub/env.h>
+ #include <grub/file.h>
+ #include <grub/lockdown.h>
+ #include <grub/verify.h>
+@@ -71,6 +72,9 @@ grub_lockdown (void)
+   lockdown = GRUB_LOCKDOWN_ENABLED;
+ 
+   grub_verifier_register (&lockdown_verifier);
++
++  grub_env_set ("lockdown", "y");
++  grub_env_export ("lockdown");
+ }
+ 
+ int
+-- 
+2.14.2
+

boot/grub2/0037-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch

@@ -0,0 +1,49 @@
+From 98b00a403cbf2ba6833d1ac0499871b27a08eb77 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Mon, 28 Sep 2020 20:08:29 +0200
+Subject: [PATCH] efi: Lockdown the GRUB when the UEFI Secure Boot is enabled
+
+If the UEFI Secure Boot is enabled then the GRUB must be locked down
+to prevent executing code that can potentially be used to subvert its
+verification mechanisms.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/kern/efi/init.c | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c
+index b683bec..1333465 100644
+--- a/grub-core/kern/efi/init.c
++++ b/grub-core/kern/efi/init.c
+@@ -21,6 +21,7 @@
+ #include <grub/efi/console.h>
+ #include <grub/efi/disk.h>
+ #include <grub/efi/sb.h>
++#include <grub/lockdown.h>
+ #include <grub/term.h>
+ #include <grub/misc.h>
+ #include <grub/env.h>
+@@ -40,8 +41,15 @@ grub_efi_init (void)
+   /* Initialize the memory management system.  */
+   grub_efi_mm_init ();
+ 
+-  /* Register the shim_lock verifier if UEFI Secure Boot is enabled. */
+-  grub_shim_lock_verifier_setup ();
++  /*
++   * Lockdown the GRUB and register the shim_lock verifier
++   * if the UEFI Secure Boot is enabled.
++   */
++  if (grub_efi_get_secureboot () == GRUB_EFI_SECUREBOOT_MODE_ENABLED)
++    {
++      grub_lockdown ();
++      grub_shim_lock_verifier_setup ();
++    }
+ 
+   efi_call_4 (grub_efi_system_table->boot_services->set_watchdog_timer,
+ 	      0, 0, 0, NULL);
+-- 
+2.14.2
+

boot/grub2/0038-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch

@@ -0,0 +1,232 @@
+From 8f73052885892bc0dbc01e297f79d7cf4925e491 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Mon, 28 Sep 2020 20:08:33 +0200
+Subject: [PATCH] efi: Use grub_is_lockdown() instead of hardcoding a disabled
+ modules list
+
+Now the GRUB can check if it has been locked down and this can be used to
+prevent executing commands that can be utilized to circumvent the UEFI
+Secure Boot mechanisms. So, instead of hardcoding a list of modules that
+have to be disabled, prevent the usage of commands that can be dangerous.
+
+This not only allows the commands to be disabled on other platforms, but
+also properly separate the concerns. Since the shim_lock verifier logic
+should be only about preventing to run untrusted binaries and not about
+defining these kind of policies.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ docs/grub.texi                  | 15 +++++++++------
+ grub-core/commands/i386/wrmsr.c |  5 +++--
+ grub-core/commands/iorw.c       | 19 ++++++++++---------
+ grub-core/commands/memrw.c      | 19 ++++++++++---------
+ grub-core/kern/efi/sb.c         | 41 -----------------------------------------
+ 5 files changed, 32 insertions(+), 67 deletions(-)
+
+diff --git a/docs/grub.texi b/docs/grub.texi
+index bdbb329..bbe60a4 100644
+--- a/docs/grub.texi
++++ b/docs/grub.texi
+@@ -5256,6 +5256,9 @@ only applies to the particular cpu/core/thread that runs the command.
+ Also, if you specify a reserved or unimplemented MSR address, it will
+ cause a general protection exception (which is not currently being handled)
+ and the system will reboot.
++
++Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}).
++      This is done to prevent subverting various security mechanisms.
+ @end deffn
+ 
+ @node xen_hypervisor
+@@ -5752,12 +5755,12 @@ boot and the shim. This functionality is provided by the shim_lock verifier. It
+ is built into the @file{core.img} and is registered if the UEFI secure boot is
+ enabled.
+ 
+-All modules not stored in the @file{core.img} and the ACPI tables for the
+-@command{acpi} command have to be signed, e.g. using PGP. Additionally, the
+-@command{iorw}, the @command{memrw} and the @command{wrmsr} commands are
+-prohibited if the UEFI secure boot is enabled. This is done due to
+-security reasons. All above mentioned requirements are enforced by the
+-shim_lock verifier logic.
++All GRUB modules not stored in the @file{core.img}, OS kernels, ACPI tables,
++Device Trees, etc. have to be signed, e.g, using PGP. Additionally, the commands
++that can be used to subvert the UEFI secure boot mechanism, such as @command{iorw}
++and @command{memrw} will not be available when the UEFI secure boot is enabled.
++This is done for security reasons and are enforced by the GRUB Lockdown mechanism
++(@pxref{Lockdown}).
+ 
+ @node Measured Boot
+ @section Measuring boot components
+diff --git a/grub-core/commands/i386/wrmsr.c b/grub-core/commands/i386/wrmsr.c
+index 9c5e510..56a29c2 100644
+--- a/grub-core/commands/i386/wrmsr.c
++++ b/grub-core/commands/i386/wrmsr.c
+@@ -24,6 +24,7 @@
+ #include <grub/env.h>
+ #include <grub/command.h>
+ #include <grub/extcmd.h>
++#include <grub/lockdown.h>
+ #include <grub/i18n.h>
+ #include <grub/i386/cpuid.h>
+ #include <grub/i386/wrmsr.h>
+@@ -83,8 +84,8 @@ grub_cmd_msr_write (grub_command_t cmd __attribute__ ((unused)), int argc, char
+ 
+ GRUB_MOD_INIT(wrmsr)
+ {
+-  cmd_write = grub_register_command ("wrmsr", grub_cmd_msr_write, N_("ADDR VALUE"),
+-				     N_("Write a value to a CPU model specific register."));
++  cmd_write = grub_register_command_lockdown ("wrmsr", grub_cmd_msr_write, N_("ADDR VALUE"),
++                                              N_("Write a value to a CPU model specific register."));
+ }
+ 
+ GRUB_MOD_FINI(wrmsr)
+diff --git a/grub-core/commands/iorw.c b/grub-core/commands/iorw.c
+index a0c164e..584baec 100644
+--- a/grub-core/commands/iorw.c
++++ b/grub-core/commands/iorw.c
+@@ -23,6 +23,7 @@
+ #include <grub/env.h>
+ #include <grub/cpu/io.h>
+ #include <grub/i18n.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -131,17 +132,17 @@ GRUB_MOD_INIT(memrw)
+ 			  N_("PORT"), N_("Read 32-bit value from PORT."),
+ 			  options);
+   cmd_write_byte =
+-    grub_register_command ("outb", grub_cmd_write,
+-			   N_("PORT VALUE [MASK]"),
+-			   N_("Write 8-bit VALUE to PORT."));
++    grub_register_command_lockdown ("outb", grub_cmd_write,
++                                    N_("PORT VALUE [MASK]"),
++                                    N_("Write 8-bit VALUE to PORT."));
+   cmd_write_word =
+-    grub_register_command ("outw", grub_cmd_write,
+-			   N_("PORT VALUE [MASK]"),
+-			   N_("Write 16-bit VALUE to PORT."));
++    grub_register_command_lockdown ("outw", grub_cmd_write,
++                                    N_("PORT VALUE [MASK]"),
++                                    N_("Write 16-bit VALUE to PORT."));
+   cmd_write_dword =
+-    grub_register_command ("outl", grub_cmd_write,
+-			   N_("ADDR VALUE [MASK]"),
+-			   N_("Write 32-bit VALUE to PORT."));
++    grub_register_command_lockdown ("outl", grub_cmd_write,
++                                    N_("ADDR VALUE [MASK]"),
++                                    N_("Write 32-bit VALUE to PORT."));
+ }
+ 
+ GRUB_MOD_FINI(memrw)
+diff --git a/grub-core/commands/memrw.c b/grub-core/commands/memrw.c
+index 98769ea..d401a6d 100644
+--- a/grub-core/commands/memrw.c
++++ b/grub-core/commands/memrw.c
+@@ -22,6 +22,7 @@
+ #include <grub/extcmd.h>
+ #include <grub/env.h>
+ #include <grub/i18n.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -133,17 +134,17 @@ GRUB_MOD_INIT(memrw)
+ 			  N_("ADDR"), N_("Read 32-bit value from ADDR."),
+ 			  options);
+   cmd_write_byte =
+-    grub_register_command ("write_byte", grub_cmd_write,
+-			   N_("ADDR VALUE [MASK]"),
+-			   N_("Write 8-bit VALUE to ADDR."));
++    grub_register_command_lockdown ("write_byte", grub_cmd_write,
++                                    N_("ADDR VALUE [MASK]"),
++                                    N_("Write 8-bit VALUE to ADDR."));
+   cmd_write_word =
+-    grub_register_command ("write_word", grub_cmd_write,
+-			   N_("ADDR VALUE [MASK]"),
+-			   N_("Write 16-bit VALUE to ADDR."));
++    grub_register_command_lockdown ("write_word", grub_cmd_write,
++                                    N_("ADDR VALUE [MASK]"),
++                                    N_("Write 16-bit VALUE to ADDR."));
+   cmd_write_dword =
+-    grub_register_command ("write_dword", grub_cmd_write,
+-			   N_("ADDR VALUE [MASK]"),
+-			   N_("Write 32-bit VALUE to ADDR."));
++    grub_register_command_lockdown ("write_dword", grub_cmd_write,
++                                    N_("ADDR VALUE [MASK]"),
++                                    N_("Write 32-bit VALUE to ADDR."));
+ }
+ 
+ GRUB_MOD_FINI(memrw)
+diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
+index ce3b7f6..5d7210a 100644
+--- a/grub-core/kern/efi/sb.c
++++ b/grub-core/kern/efi/sb.c
+@@ -30,9 +30,6 @@
+ 
+ static grub_efi_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID;
+ 
+-/* List of modules which cannot be loaded if UEFI secure boot mode is enabled. */
+-static const char * const disabled_mods[] = {"iorw", "memrw", NULL};
+-
+ /*
+  * Determine whether we're in secure boot mode.
+  *
+@@ -121,53 +118,15 @@ shim_lock_verifier_init (grub_file_t io __attribute__ ((unused)),
+ 			 void **context __attribute__ ((unused)),
+ 			 enum grub_verify_flags *flags)
+ {
+-  const char *b, *e;
+-  int i;
+-
+   *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
+ 
+   switch (type & GRUB_FILE_TYPE_MASK)
+     {
+-    case GRUB_FILE_TYPE_GRUB_MODULE:
+-      /* Establish GRUB module name. */
+-      b = grub_strrchr (io->name, '/');
+-      e = grub_strrchr (io->name, '.');
+-
+-      b = b ? (b + 1) : io->name;
+-      e = e ? e : io->name + grub_strlen (io->name);
+-      e = (e > b) ? e : io->name + grub_strlen (io->name);
+-
+-      for (i = 0; disabled_mods[i]; i++)
+-	if (!grub_strncmp (b, disabled_mods[i], grub_strlen (b) - grub_strlen (e)))
+-	  {
+-	    grub_error (GRUB_ERR_ACCESS_DENIED,
+-			N_("module cannot be loaded in UEFI secure boot mode: %s"),
+-			io->name);
+-	    return GRUB_ERR_ACCESS_DENIED;
+-	  }
+-
+-      /* Fall through. */
+-
+-    case GRUB_FILE_TYPE_ACPI_TABLE:
+-    case GRUB_FILE_TYPE_DEVICE_TREE_IMAGE:
+-      *flags = GRUB_VERIFY_FLAGS_DEFER_AUTH;
+-
+-      return GRUB_ERR_NONE;
+-
+     case GRUB_FILE_TYPE_LINUX_KERNEL:
+     case GRUB_FILE_TYPE_MULTIBOOT_KERNEL:
+     case GRUB_FILE_TYPE_BSD_KERNEL:
+     case GRUB_FILE_TYPE_XNU_KERNEL:
+     case GRUB_FILE_TYPE_PLAN9_KERNEL:
+-      for (i = 0; disabled_mods[i]; i++)
+-	if (grub_dl_get (disabled_mods[i]))
+-	  {
+-	    grub_error (GRUB_ERR_ACCESS_DENIED,
+-			N_("cannot boot due to dangerous module in memory: %s"),
+-			disabled_mods[i]);
+-	    return GRUB_ERR_ACCESS_DENIED;
+-	  }
+-
+       *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
+ 
+       /* Fall through. */
+-- 
+2.14.2
+

boot/grub2/0039-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch

@@ -0,0 +1,76 @@
+From 3e8e4c0549240fa209acffceb473e1e509b50c95 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Mon, 28 Sep 2020 20:08:41 +0200
+Subject: [PATCH] acpi: Don't register the acpi command when locked down
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The command is not allowed when lockdown is enforced. Otherwise an
+attacker can instruct the GRUB to load an SSDT table to overwrite
+the kernel lockdown configuration and later load and execute
+unsigned code.
+
+Fixes: CVE-2020-14372
+
+Reported-by: Máté Kukri <km@mkukri.xyz>
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ docs/grub.texi            |  5 +++++
+ grub-core/commands/acpi.c | 15 ++++++++-------
+ 2 files changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/docs/grub.texi b/docs/grub.texi
+index bbe60a4..98592d3 100644
+--- a/docs/grub.texi
++++ b/docs/grub.texi
+@@ -3986,6 +3986,11 @@ Normally, this command will replace the Root System Description Pointer
+ (RSDP) in the Extended BIOS Data Area to point to the new tables. If the
+ @option{--no-ebda} option is used, the new tables will be known only to
+ GRUB, but may be used by GRUB's EFI emulation.
++
++Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}).
++      Otherwise an attacker can instruct the GRUB to load an SSDT table to
++      overwrite the kernel lockdown configuration and later load and execute
++      unsigned code.
+ @end deffn
+ 
+ 
+diff --git a/grub-core/commands/acpi.c b/grub-core/commands/acpi.c
+index 5a1499a..1215f2a 100644
+--- a/grub-core/commands/acpi.c
++++ b/grub-core/commands/acpi.c
+@@ -27,6 +27,7 @@
+ #include <grub/mm.h>
+ #include <grub/memory.h>
+ #include <grub/i18n.h>
++#include <grub/lockdown.h>
+ 
+ #ifdef GRUB_MACHINE_EFI
+ #include <grub/efi/efi.h>
+@@ -775,13 +776,13 @@ static grub_extcmd_t cmd;
+ 
+ GRUB_MOD_INIT(acpi)
+ {
+-  cmd = grub_register_extcmd ("acpi", grub_cmd_acpi, 0,
+-			      N_("[-1|-2] [--exclude=TABLE1,TABLE2|"
+-			      "--load-only=TABLE1,TABLE2] FILE1"
+-			      " [FILE2] [...]"),
+-			      N_("Load host ACPI tables and tables "
+-			      "specified by arguments."),
+-			      options);
++  cmd = grub_register_extcmd_lockdown ("acpi", grub_cmd_acpi, 0,
++                                       N_("[-1|-2] [--exclude=TABLE1,TABLE2|"
++                                          "--load-only=TABLE1,TABLE2] FILE1"
++                                          " [FILE2] [...]"),
++                                       N_("Load host ACPI tables and tables "
++                                          "specified by arguments."),
++                                       options);
+ }
+ 
+ GRUB_MOD_FINI(acpi)
+-- 
+2.14.2
+

boot/grub2/0040-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch

@@ -0,0 +1,70 @@
+From d298b41f90cbf1f2e5a10e29daa1fc92ddee52c9 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed, 14 Oct 2020 16:33:42 +0200
+Subject: [PATCH] mmap: Don't register cutmem and badram commands when lockdown
+ is enforced
+
+The cutmem and badram commands can be used to remove EFI memory regions
+and potentially disable the UEFI Secure Boot. Prevent the commands to be
+registered if the GRUB is locked down.
+
+Fixes: CVE-2020-27779
+
+Reported-by: Teddy Reed <teddy.reed@gmail.com>
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ docs/grub.texi        |  4 ++++
+ grub-core/mmap/mmap.c | 13 +++++++------
+ 2 files changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/docs/grub.texi b/docs/grub.texi
+index 98592d3..f2fe149 100644
+--- a/docs/grub.texi
++++ b/docs/grub.texi
+@@ -4051,6 +4051,10 @@ this page is to be filtered.  This syntax makes it easy to represent patterns
+ that are often result of memory damage, due to physical distribution of memory
+ cells.
+ 
++Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}).
++      This prevents removing EFI memory regions to potentially subvert the
++      security mechanisms provided by the UEFI secure boot.
++
+ @node blocklist
+ @subsection blocklist
+ 
+diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c
+index 57b4e9a..7ebf32e 100644
+--- a/grub-core/mmap/mmap.c
++++ b/grub-core/mmap/mmap.c
+@@ -20,6 +20,7 @@
+ #include <grub/memory.h>
+ #include <grub/machine/memory.h>
+ #include <grub/err.h>
++#include <grub/lockdown.h>
+ #include <grub/misc.h>
+ #include <grub/mm.h>
+ #include <grub/command.h>
+@@ -534,12 +535,12 @@ static grub_command_t cmd, cmd_cut;
+ 
+ GRUB_MOD_INIT(mmap)
+ {
+-  cmd = grub_register_command ("badram", grub_cmd_badram,
+-			       N_("ADDR1,MASK1[,ADDR2,MASK2[,...]]"),
+-			       N_("Declare memory regions as faulty (badram)."));
+-  cmd_cut = grub_register_command ("cutmem", grub_cmd_cutmem,
+-				   N_("FROM[K|M|G] TO[K|M|G]"),
+-				   N_("Remove any memory regions in specified range."));
++  cmd = grub_register_command_lockdown ("badram", grub_cmd_badram,
++                                        N_("ADDR1,MASK1[,ADDR2,MASK2[,...]]"),
++                                        N_("Declare memory regions as faulty (badram)."));
++  cmd_cut = grub_register_command_lockdown ("cutmem", grub_cmd_cutmem,
++                                            N_("FROM[K|M|G] TO[K|M|G]"),
++                                            N_("Remove any memory regions in specified range."));
+ 
+ }
+ 
+-- 
+2.14.2
+

boot/grub2/0041-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch

@@ -0,0 +1,105 @@
+From 468a5699b249fe6816b4e7e86c5dc9d325c9b09e Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed, 24 Feb 2021 09:00:05 +0100
+Subject: [PATCH] commands: Restrict commands that can load BIOS or DT blobs
+ when locked down
+
+There are some more commands that should be restricted when the GRUB is
+locked down. Following is the list of commands and reasons to restrict:
+
+  * fakebios:   creates BIOS-like structures for backward compatibility with
+                existing OSes. This should not be allowed when locked down.
+
+  * loadbios:   reads a BIOS dump from storage and loads it. This action
+                should not be allowed when locked down.
+
+  * devicetree: loads a Device Tree blob and passes it to the OS. It replaces
+                any Device Tree provided by the firmware. This also should
+                not be allowed when locked down.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ docs/grub.texi                    |  3 +++
+ grub-core/commands/efi/loadbios.c | 16 ++++++++--------
+ grub-core/loader/arm/linux.c      |  6 +++---
+ grub-core/loader/efi/fdt.c        |  4 ++--
+ 4 files changed, 16 insertions(+), 13 deletions(-)
+
+diff --git a/docs/grub.texi b/docs/grub.texi
+index f2fe149..79f58c5 100644
+--- a/docs/grub.texi
++++ b/docs/grub.texi
+@@ -4235,6 +4235,9 @@ hour, minute, and second unchanged.
+ Load a device tree blob (.dtb) from a filesystem, for later use by a Linux
+ kernel. Does not perform merging with any device tree supplied by firmware,
+ but rather replaces it completely.
++
++Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}).
++      This is done to prevent subverting various security mechanisms.
+ @ref{GNU/Linux}.
+ @end deffn
+ 
+diff --git a/grub-core/commands/efi/loadbios.c b/grub-core/commands/efi/loadbios.c
+index d41d521..5c7725f 100644
+--- a/grub-core/commands/efi/loadbios.c
++++ b/grub-core/commands/efi/loadbios.c
+@@ -205,14 +205,14 @@ static grub_command_t cmd_fakebios, cmd_loadbios;
+ 
+ GRUB_MOD_INIT(loadbios)
+ {
+-  cmd_fakebios = grub_register_command ("fakebios", grub_cmd_fakebios,
+-					0, N_("Create BIOS-like structures for"
+-					      " backward compatibility with"
+-					      " existing OS."));
+-
+-  cmd_loadbios = grub_register_command ("loadbios", grub_cmd_loadbios,
+-					N_("BIOS_DUMP [INT10_DUMP]"),
+-					N_("Load BIOS dump."));
++  cmd_fakebios = grub_register_command_lockdown ("fakebios", grub_cmd_fakebios,
++						 0, N_("Create BIOS-like structures for"
++						       " backward compatibility with"
++						       " existing OS."));
++
++  cmd_loadbios = grub_register_command_lockdown ("loadbios", grub_cmd_loadbios,
++						 N_("BIOS_DUMP [INT10_DUMP]"),
++						 N_("Load BIOS dump."));
+ }
+ 
+ GRUB_MOD_FINI(loadbios)
+diff --git a/grub-core/loader/arm/linux.c b/grub-core/loader/arm/linux.c
+index d70c174..ed23dc7 100644
+--- a/grub-core/loader/arm/linux.c
++++ b/grub-core/loader/arm/linux.c
+@@ -493,9 +493,9 @@ GRUB_MOD_INIT (linux)
+ 				     0, N_("Load Linux."));
+   cmd_initrd = grub_register_command ("initrd", grub_cmd_initrd,
+ 				      0, N_("Load initrd."));
+-  cmd_devicetree = grub_register_command ("devicetree", grub_cmd_devicetree,
+-					  /* TRANSLATORS: DTB stands for device tree blob.  */
+-					  0, N_("Load DTB file."));
++  cmd_devicetree = grub_register_command_lockdown ("devicetree", grub_cmd_devicetree,
++						   /* TRANSLATORS: DTB stands for device tree blob. */
++						   0, N_("Load DTB file."));
+   my_mod = mod;
+   current_fdt = (const void *) grub_arm_firmware_get_boot_data ();
+   machine_type = grub_arm_firmware_get_machine_type ();
+diff --git a/grub-core/loader/efi/fdt.c b/grub-core/loader/efi/fdt.c
+index ee9c559..003d07c 100644
+--- a/grub-core/loader/efi/fdt.c
++++ b/grub-core/loader/efi/fdt.c
+@@ -165,8 +165,8 @@ static grub_command_t cmd_devicetree;
+ GRUB_MOD_INIT (fdt)
+ {
+   cmd_devicetree =
+-    grub_register_command ("devicetree", grub_cmd_devicetree, 0,
+-			   N_("Load DTB file."));
++    grub_register_command_lockdown ("devicetree", grub_cmd_devicetree, 0,
++				    N_("Load DTB file."));
+ }
+ 
+ GRUB_MOD_FINI (fdt)
+-- 
+2.14.2
+

boot/grub2/0042-commands-setpci-Restrict-setpci-command-when-locked-.patch

@@ -0,0 +1,37 @@
+From 58b77d4069823b44c5fa916fa8ddfc9c4cd51e02 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed, 24 Feb 2021 22:59:59 +0100
+Subject: [PATCH] commands/setpci: Restrict setpci command when locked down
+
+This command can set PCI devices register values, which makes it dangerous
+in a locked down configuration. Restrict it so can't be used on this setup.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/commands/setpci.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/commands/setpci.c b/grub-core/commands/setpci.c
+index d5bc97d..fa2ba7d 100644
+--- a/grub-core/commands/setpci.c
++++ b/grub-core/commands/setpci.c
+@@ -329,10 +329,10 @@ static grub_extcmd_t cmd;
+ 
+ GRUB_MOD_INIT(setpci)
+ {
+-  cmd = grub_register_extcmd ("setpci", grub_cmd_setpci, 0,
+-			      N_("[-s POSITION] [-d DEVICE] [-v VAR] "
+-				 "REGISTER[=VALUE[:MASK]]"),
+-			      N_("Manipulate PCI devices."), options);
++  cmd = grub_register_extcmd_lockdown ("setpci", grub_cmd_setpci, 0,
++				       N_("[-s POSITION] [-d DEVICE] [-v VAR] "
++					  "REGISTER[=VALUE[:MASK]]"),
++				       N_("Manipulate PCI devices."), options);
+ }
+ 
+ GRUB_MOD_FINI(setpci)
+-- 
+2.14.2
+

boot/grub2/0043-commands-hdparm-Restrict-hdparm-command-when-locked-.patch

@@ -0,0 +1,35 @@
+From 5c97492a29c6063567b65ed1a069f5e6f4e211f0 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed, 24 Feb 2021 12:59:29 +0100
+Subject: [PATCH] commands/hdparm: Restrict hdparm command when locked down
+
+The command can be used to get/set ATA disk parameters. Some of these can
+be dangerous since change the disk behavior. Restrict it when locked down.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/commands/hdparm.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/commands/hdparm.c b/grub-core/commands/hdparm.c
+index d3fa966..2e2319e 100644
+--- a/grub-core/commands/hdparm.c
++++ b/grub-core/commands/hdparm.c
+@@ -436,9 +436,9 @@ static grub_extcmd_t cmd;
+ 
+ GRUB_MOD_INIT(hdparm)
+ {
+-  cmd = grub_register_extcmd ("hdparm", grub_cmd_hdparm, 0,
+-			      N_("[OPTIONS] DISK"),
+-			      N_("Get/set ATA disk parameters."), options);
++  cmd = grub_register_extcmd_lockdown ("hdparm", grub_cmd_hdparm, 0,
++				       N_("[OPTIONS] DISK"),
++				       N_("Get/set ATA disk parameters."), options);
+ }
+ 
+ GRUB_MOD_FINI(hdparm)
+-- 
+2.14.2
+

boot/grub2/0044-gdb-Restrict-GDB-access-when-locked-down.patch

@@ -0,0 +1,62 @@
+From 508270838998f151a82e9c13e7cb8a470a2dc23d Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed, 24 Feb 2021 15:03:26 +0100
+Subject: [PATCH] gdb: Restrict GDB access when locked down
+
+The gdbstub* commands allow to start and control a GDB stub running on
+local host that can be used to connect from a remote debugger. Restrict
+this functionality when the GRUB is locked down.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/gdb/gdb.c | 32 ++++++++++++++++++--------------
+ 1 file changed, 18 insertions(+), 14 deletions(-)
+
+diff --git a/grub-core/gdb/gdb.c b/grub-core/gdb/gdb.c
+index 847a1e1..1818cb6 100644
+--- a/grub-core/gdb/gdb.c
++++ b/grub-core/gdb/gdb.c
+@@ -75,20 +75,24 @@ static grub_command_t cmd, cmd_stop, cmd_break;
+ GRUB_MOD_INIT (gdb)
+ {
+   grub_gdb_idtinit ();
+-  cmd = grub_register_command ("gdbstub", grub_cmd_gdbstub,
+-			       N_("PORT"), 
+-			       /* TRANSLATORS: GDB stub is a small part of
+-				  GDB functionality running on local host
+-				  which allows remote debugger to
+-				  connect to it.  */
+-			       N_("Start GDB stub on given port"));
+-  cmd_break = grub_register_command ("gdbstub_break", grub_cmd_gdb_break,
+-				     /* TRANSLATORS: this refers to triggering
+-					a breakpoint so that the user will land
+-					into GDB.  */
+-				     0, N_("Break into GDB"));
+-  cmd_stop = grub_register_command ("gdbstub_stop", grub_cmd_gdbstop,
+-				    0, N_("Stop GDB stub"));
++  cmd = grub_register_command_lockdown ("gdbstub", grub_cmd_gdbstub,
++					N_("PORT"),
++					/*
++					 * TRANSLATORS: GDB stub is a small part of
++					 * GDB functionality running on local host
++					 * which allows remote debugger to
++					 * connect to it.
++					 */
++					N_("Start GDB stub on given port"));
++  cmd_break = grub_register_command_lockdown ("gdbstub_break", grub_cmd_gdb_break,
++					      /*
++					       * TRANSLATORS: this refers to triggering
++					       * a breakpoint so that the user will land
++					       * into GDB.
++					       */
++					      0, N_("Break into GDB"));
++  cmd_stop = grub_register_command_lockdown ("gdbstub_stop", grub_cmd_gdbstop,
++					     0, N_("Stop GDB stub"));
+ }
+ 
+ GRUB_MOD_FINI (gdb)
+-- 
+2.14.2
+

boot/grub2/0045-loader-xnu-Don-t-allow-loading-extension-and-package.patch

@@ -0,0 +1,61 @@
+From 9c5565135f12400a925ee901b25984e7af4442f5 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Wed, 24 Feb 2021 14:44:38 +0100
+Subject: [PATCH] loader/xnu: Don't allow loading extension and packages when
+ locked down
+
+The shim_lock verifier validates the XNU kernels but no its extensions
+and packages. Prevent these to be loaded when the GRUB is locked down.
+
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/loader/xnu.c | 31 +++++++++++++++++--------------
+ 1 file changed, 17 insertions(+), 14 deletions(-)
+
+diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
+index 9ae4ceb..44fd5a9 100644
+--- a/grub-core/loader/xnu.c
++++ b/grub-core/loader/xnu.c
+@@ -1485,20 +1485,23 @@ GRUB_MOD_INIT(xnu)
+ 				      N_("Load XNU image."));
+   cmd_kernel64 = grub_register_command ("xnu_kernel64", grub_cmd_xnu_kernel64,
+ 					0, N_("Load 64-bit XNU image."));
+-  cmd_mkext = grub_register_command ("xnu_mkext", grub_cmd_xnu_mkext, 0,
+-				     N_("Load XNU extension package."));
+-  cmd_kext = grub_register_command ("xnu_kext", grub_cmd_xnu_kext, 0,
+-				    N_("Load XNU extension."));
+-  cmd_kextdir = grub_register_command ("xnu_kextdir", grub_cmd_xnu_kextdir,
+-				       /* TRANSLATORS: OSBundleRequired is a
+-					  variable name in xnu extensions
+-					  manifests. It behaves mostly like
+-					  GNU/Linux runlevels.
+-				       */
+-				       N_("DIRECTORY [OSBundleRequired]"),
+-				       /* TRANSLATORS: There are many extensions
+-					  in extension directory.  */
+-				       N_("Load XNU extension directory."));
++  cmd_mkext = grub_register_command_lockdown ("xnu_mkext", grub_cmd_xnu_mkext, 0,
++					      N_("Load XNU extension package."));
++  cmd_kext = grub_register_command_lockdown ("xnu_kext", grub_cmd_xnu_kext, 0,
++					     N_("Load XNU extension."));
++  cmd_kextdir = grub_register_command_lockdown ("xnu_kextdir", grub_cmd_xnu_kextdir,
++						/*
++						 * TRANSLATORS: OSBundleRequired is
++						 * a variable name in xnu extensions
++						 * manifests. It behaves mostly like
++						 * GNU/Linux runlevels.
++						 */
++						N_("DIRECTORY [OSBundleRequired]"),
++						/*
++						 * TRANSLATORS: There are many extensions
++						 * in extension directory.
++						 */
++						N_("Load XNU extension directory."));
+   cmd_ramdisk = grub_register_command ("xnu_ramdisk", grub_cmd_xnu_ramdisk, 0,
+    /* TRANSLATORS: ramdisk here isn't identifier. It can be translated.  */
+ 				       N_("Load XNU ramdisk. "
+-- 
+2.14.2
+

boot/grub2/0046-docs-Document-the-cutmem-command.patch

@@ -0,0 +1,65 @@
+From f05e79a0143beb2d9a482a3ebf4fe0ce76778122 Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Sat, 7 Nov 2020 01:03:18 +0100
+Subject: [PATCH] docs: Document the cutmem command
+
+The command is not present in the docs/grub.texi user documentation.
+
+Reported-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ docs/grub.texi | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/docs/grub.texi b/docs/grub.texi
+index 79f58c5..8518cc0 100644
+--- a/docs/grub.texi
++++ b/docs/grub.texi
+@@ -3892,6 +3892,7 @@ you forget a command, you can run the command @command{help}
+ * cpuid::                       Check for CPU features
+ * crc::                         Compute or check CRC32 checksums
+ * cryptomount::                 Mount a crypto device
++* cutmem::                      Remove memory regions
+ * date::                        Display or set current date and time
+ * devicetree::                  Load a device tree blob
+ * distrust::                    Remove a pubkey from trusted keys
+@@ -4051,6 +4052,8 @@ this page is to be filtered.  This syntax makes it easy to represent patterns
+ that are often result of memory damage, due to physical distribution of memory
+ cells.
+ 
++The command is similar to @command{cutmem} command.
++
+ Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}).
+       This prevents removing EFI memory regions to potentially subvert the
+       security mechanisms provided by the UEFI secure boot.
+@@ -4214,6 +4217,24 @@ GRUB suports devices encrypted using LUKS and geli. Note that necessary modules
+ be used.
+ @end deffn
+ 
++@node cutmem
++@subsection cutmem
++
++@deffn Command cutmem from[K|M|G] to[K|M|G]
++Remove any memory regions in specified range.
++@end deffn
++
++This command notifies the memory manager that specified regions of RAM ought to
++be filtered out. This remains in effect after a payload kernel has been loaded
++by GRUB, as long as the loaded kernel obtains its memory map from GRUB. Kernels
++that support this include Linux, GNU Mach, the kernel of FreeBSD and Multiboot
++kernels in general.
++
++The command is similar to @command{badram} command.
++
++Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}).
++      This prevents removing EFI memory regions to potentially subvert the
++      security mechanisms provided by the UEFI secure boot.
+ 
+ @node date
+ @subsection date
+-- 
+2.14.2
+

boot/grub2/0047-dl-Only-allow-unloading-modules-that-are-not-depende.patch

@@ -0,0 +1,87 @@
+From 7630ec5397fe418276b360f9011934b8c034936c Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Tue, 29 Sep 2020 14:08:55 +0200
+Subject: [PATCH] dl: Only allow unloading modules that are not dependencies
+
+When a module is attempted to be removed its reference counter is always
+decremented. This means that repeated rmmod invocations will cause the
+module to be unloaded even if another module depends on it.
+
+This may lead to a use-after-free scenario allowing an attacker to execute
+arbitrary code and by-pass the UEFI Secure Boot protection.
+
+While being there, add the extern keyword to some function declarations in
+that header file.
+
+Fixes: CVE-2020-25632
+
+Reported-by: Chris Coulson <chris.coulson@canonical.com>
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/commands/minicmd.c | 7 +++++--
+ grub-core/kern/dl.c          | 9 +++++++++
+ include/grub/dl.h            | 8 +++++---
+ 3 files changed, 19 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c
+index 6bbce31..fa49893 100644
+--- a/grub-core/commands/minicmd.c
++++ b/grub-core/commands/minicmd.c
+@@ -140,8 +140,11 @@ grub_mini_cmd_rmmod (struct grub_command *cmd __attribute__ ((unused)),
+   if (grub_dl_is_persistent (mod))
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload persistent module");
+ 
+-  if (grub_dl_unref (mod) <= 0)
+-    grub_dl_unload (mod);
++  if (grub_dl_ref_count (mod) > 1)
++    return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload referenced module");
++
++  grub_dl_unref (mod);
++  grub_dl_unload (mod);
+ 
+   return 0;
+ }
+diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c
+index 48eb5e7..48f8a79 100644
+--- a/grub-core/kern/dl.c
++++ b/grub-core/kern/dl.c
+@@ -549,6 +549,15 @@ grub_dl_unref (grub_dl_t mod)
+   return --mod->ref_count;
+ }
+ 
++int
++grub_dl_ref_count (grub_dl_t mod)
++{
++  if (mod == NULL)
++    return 0;
++
++  return mod->ref_count;
++}
++
+ static void
+ grub_dl_flush_cache (grub_dl_t mod)
+ {
+diff --git a/include/grub/dl.h b/include/grub/dl.h
+index f03c035..b3753c9 100644
+--- a/include/grub/dl.h
++++ b/include/grub/dl.h
+@@ -203,9 +203,11 @@ grub_dl_t EXPORT_FUNC(grub_dl_load) (const char *name);
+ grub_dl_t grub_dl_load_core (void *addr, grub_size_t size);
+ grub_dl_t EXPORT_FUNC(grub_dl_load_core_noinit) (void *addr, grub_size_t size);
+ int EXPORT_FUNC(grub_dl_unload) (grub_dl_t mod);
+-void grub_dl_unload_unneeded (void);
+-int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod);
+-int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod);
++extern void grub_dl_unload_unneeded (void);
++extern int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod);
++extern int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod);
++extern int EXPORT_FUNC(grub_dl_ref_count) (grub_dl_t mod);
++
+ extern grub_dl_t EXPORT_VAR(grub_dl_head);
+ 
+ #ifndef GRUB_UTIL
+-- 
+2.14.2
+

boot/grub2/0048-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch

@@ -0,0 +1,116 @@
+From 128c16a682034263eb519c89bc0934eeb6fa8cfa Mon Sep 17 00:00:00 2001
+From: Javier Martinez Canillas <javierm@redhat.com>
+Date: Fri, 11 Dec 2020 19:19:21 +0100
+Subject: [PATCH] usb: Avoid possible out-of-bound accesses caused by malicious
+ devices
+
+The maximum number of configurations and interfaces are fixed but there is
+no out-of-bound checking to prevent a malicious USB device to report large
+values for these and cause accesses outside the arrays' memory.
+
+Fixes: CVE-2020-25647
+
+Reported-by: Joseph Tartaro <joseph.tartaro@ioactive.com>
+Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
+Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/bus/usb/usb.c | 15 ++++++++++++---
+ include/grub/usb.h      | 10 +++++++---
+ 2 files changed, 19 insertions(+), 6 deletions(-)
+
+diff --git a/grub-core/bus/usb/usb.c b/grub-core/bus/usb/usb.c
+index 8da5e4c..7cb3cc2 100644
+--- a/grub-core/bus/usb/usb.c
++++ b/grub-core/bus/usb/usb.c
+@@ -75,6 +75,9 @@ grub_usb_controller_iterate (grub_usb_controller_iterate_hook_t hook,
+ grub_usb_err_t
+ grub_usb_clear_halt (grub_usb_device_t dev, int endpoint)
+ {
++  if (endpoint >= GRUB_USB_MAX_TOGGLE)
++    return GRUB_USB_ERR_BADDEVICE;
++
+   dev->toggle[endpoint] = 0;
+   return grub_usb_control_msg (dev, (GRUB_USB_REQTYPE_OUT
+ 				     | GRUB_USB_REQTYPE_STANDARD
+@@ -134,10 +137,10 @@ grub_usb_device_initialize (grub_usb_device_t dev)
+     return err;
+   descdev = &dev->descdev;
+ 
+-  for (i = 0; i < 8; i++)
++  for (i = 0; i < GRUB_USB_MAX_CONF; i++)
+     dev->config[i].descconf = NULL;
+ 
+-  if (descdev->configcnt == 0)
++  if (descdev->configcnt == 0 || descdev->configcnt > GRUB_USB_MAX_CONF)
+     {
+       err = GRUB_USB_ERR_BADDEVICE;
+       goto fail;
+@@ -172,6 +175,12 @@ grub_usb_device_initialize (grub_usb_device_t dev)
+       /* Skip the configuration descriptor.  */
+       pos = dev->config[i].descconf->length;
+ 
++      if (dev->config[i].descconf->numif > GRUB_USB_MAX_IF)
++        {
++          err = GRUB_USB_ERR_BADDEVICE;
++          goto fail;
++        }
++
+       /* Read all interfaces.  */
+       for (currif = 0; currif < dev->config[i].descconf->numif; currif++)
+ 	{
+@@ -217,7 +226,7 @@ grub_usb_device_initialize (grub_usb_device_t dev)
+ 
+  fail:
+ 
+-  for (i = 0; i < 8; i++)
++  for (i = 0; i < GRUB_USB_MAX_CONF; i++)
+     grub_free (dev->config[i].descconf);
+ 
+   return err;
+diff --git a/include/grub/usb.h b/include/grub/usb.h
+index 512ae1d..6475c55 100644
+--- a/include/grub/usb.h
++++ b/include/grub/usb.h
+@@ -23,6 +23,10 @@
+ #include <grub/usbdesc.h>
+ #include <grub/usbtrans.h>
+ 
++#define GRUB_USB_MAX_CONF    8
++#define GRUB_USB_MAX_IF      32
++#define GRUB_USB_MAX_TOGGLE  256
++
+ typedef struct grub_usb_device *grub_usb_device_t;
+ typedef struct grub_usb_controller *grub_usb_controller_t;
+ typedef struct grub_usb_controller_dev *grub_usb_controller_dev_t;
+@@ -167,7 +171,7 @@ struct grub_usb_configuration
+   struct grub_usb_desc_config *descconf;
+ 
+   /* Interfaces associated to this configuration.  */
+-  struct grub_usb_interface interf[32];
++  struct grub_usb_interface interf[GRUB_USB_MAX_IF];
+ };
+ 
+ struct grub_usb_hub_port
+@@ -191,7 +195,7 @@ struct grub_usb_device
+   struct grub_usb_controller controller;
+ 
+   /* Device configurations (after opening the device).  */
+-  struct grub_usb_configuration config[8];
++  struct grub_usb_configuration config[GRUB_USB_MAX_CONF];
+ 
+   /* Device address.  */
+   int addr;
+@@ -203,7 +207,7 @@ struct grub_usb_device
+   int initialized;
+ 
+   /* Data toggle values (used for bulk transfers only).  */
+-  int toggle[256];
++  int toggle[GRUB_USB_MAX_TOGGLE];
+ 
+   /* Used by libusb wrapper.  Schedulded for removal. */
+   void *data;
+-- 
+2.14.2
+

boot/grub2/0049-mmap-Fix-memory-leak-when-iterating-over-mapped-memo.patch

@@ -0,0 +1,40 @@
+From 8cb2848f9699642a698af84b12ba187cab722031 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 3 Dec 2020 14:39:45 +0000
+Subject: [PATCH] mmap: Fix memory leak when iterating over mapped memory
+
+When returning from grub_mmap_iterate() the memory allocated to present
+is not being released causing it to leak.
+
+Fixes: CID 96655
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/mmap/mmap.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/grub-core/mmap/mmap.c b/grub-core/mmap/mmap.c
+index 7ebf32e..8bf235f 100644
+--- a/grub-core/mmap/mmap.c
++++ b/grub-core/mmap/mmap.c
+@@ -270,6 +270,7 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data)
+ 		   hook_data))
+ 	{
+ 	  grub_free (ctx.scanline_events);
++	  grub_free (present);
+ 	  return GRUB_ERR_NONE;
+ 	}
+ 
+@@ -282,6 +283,7 @@ grub_mmap_iterate (grub_memory_hook_t hook, void *hook_data)
+     }
+ 
+   grub_free (ctx.scanline_events);
++  grub_free (present);
+   return GRUB_ERR_NONE;
+ }
+ 
+-- 
+2.14.2
+

boot/grub2/0050-net-net-Fix-possible-dereference-to-of-a-NULL-pointe.patch

@@ -0,0 +1,40 @@
+From 03f2515ae0c503406f1a99a2178405049c6555db Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 27 Nov 2020 15:10:26 +0000
+Subject: [PATCH] net/net: Fix possible dereference to of a NULL pointer
+
+It is always possible that grub_zalloc() could fail, so we should check for
+a NULL return. Otherwise we run the risk of dereferencing a NULL pointer.
+
+Fixes: CID 296221
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/net/net.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index 38f19df..7c2cdf2 100644
+--- a/grub-core/net/net.c
++++ b/grub-core/net/net.c
+@@ -86,8 +86,13 @@ grub_net_link_layer_add_address (struct grub_net_card *card,
+ 
+   /* Add sender to cache table.  */
+   if (card->link_layer_table == NULL)
+-    card->link_layer_table = grub_zalloc (LINK_LAYER_CACHE_SIZE
+-					  * sizeof (card->link_layer_table[0]));
++    {
++      card->link_layer_table = grub_zalloc (LINK_LAYER_CACHE_SIZE
++					    * sizeof (card->link_layer_table[0]));
++      if (card->link_layer_table == NULL)
++	return;
++    }
++
+   entry = &(card->link_layer_table[card->new_ll_entry]);
+   entry->avail = 1;
+   grub_memcpy (&entry->ll_address, ll, sizeof (entry->ll_address));
+-- 
+2.14.2
+

boot/grub2/0051-net-tftp-Fix-dangling-memory-pointer.patch

@@ -0,0 +1,34 @@
+From 0cb838b281a68b536a09681f9557ea6a7ac5da7a Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 19 Feb 2021 17:12:23 +0000
+Subject: [PATCH] net/tftp: Fix dangling memory pointer
+
+The static code analysis tool, Parfait, reported that the valid of
+file->data was left referencing memory that was freed by the call to
+grub_free(data) where data was initialized from file->data.
+
+To ensure that there is no unintentional access to this memory
+referenced by file->data we should set the pointer to NULL.
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/net/tftp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/grub-core/net/tftp.c b/grub-core/net/tftp.c
+index b4297bc..c106704 100644
+--- a/grub-core/net/tftp.c
++++ b/grub-core/net/tftp.c
+@@ -406,6 +406,7 @@ tftp_close (struct grub_file *file)
+       grub_net_udp_close (data->sock);
+     }
+   grub_free (data);
++  file->data = NULL;
+   return GRUB_ERR_NONE;
+ }
+ 
+-- 
+2.14.2
+

boot/grub2/0052-kern-parser-Fix-resource-leak-if-argc-0.patch

@@ -0,0 +1,51 @@
+From d06161b035dde4769199ad65aa0a587a5920012b Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 22 Jan 2021 12:32:41 +0000
+Subject: [PATCH] kern/parser: Fix resource leak if argc == 0
+
+After processing the command-line yet arriving at the point where we are
+setting argv, we are allocating memory, even if argc == 0, which makes
+no sense since we never put anything into the allocated argv.
+
+The solution is to simply return that we've successfully processed the
+arguments but that argc == 0, and also ensure that argv is NULL when
+we're not allocating anything in it.
+
+There are only 2 callers of this function, and both are handling a zero
+value in argc assuming nothing is allocated in argv.
+
+Fixes: CID 96680
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/kern/parser.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c
+index 619db31..d1cf061 100644
+--- a/grub-core/kern/parser.c
++++ b/grub-core/kern/parser.c
+@@ -146,6 +146,7 @@ grub_parser_split_cmdline (const char *cmdline,
+   int i;
+ 
+   *argc = 0;
++  *argv = NULL;
+   do
+     {
+       if (!rd || !*rd)
+@@ -207,6 +208,10 @@ grub_parser_split_cmdline (const char *cmdline,
+       (*argc)++;
+     }
+ 
++  /* If there are no args, then we're done. */
++  if (!*argc)
++    return 0;
++
+   /* Reserve memory for the return values.  */
+   args = grub_malloc (bp - buffer);
+   if (!args)
+-- 
+2.14.2
+

boot/grub2/0053-kern-efi-Fix-memory-leak-on-failure.patch

@@ -0,0 +1,31 @@
+From ed286ceba6015d37a9304f04602451c47bf195d7 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 5 Nov 2020 10:15:25 +0000
+Subject: [PATCH] kern/efi: Fix memory leak on failure
+
+Free the memory allocated to name before returning on failure.
+
+Fixes: CID 296222
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/kern/efi/efi.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/grub-core/kern/efi/efi.c b/grub-core/kern/efi/efi.c
+index 9cfd88d..4fc14d6 100644
+--- a/grub-core/kern/efi/efi.c
++++ b/grub-core/kern/efi/efi.c
+@@ -388,6 +388,7 @@ grub_efi_get_filename (grub_efi_device_path_t *dp0)
+ 	    {
+ 	      grub_error (GRUB_ERR_OUT_OF_RANGE,
+ 			  "malformed EFI Device Path node has length=%d", len);
++	      grub_free (name);
+ 	      return NULL;
+ 	    }
+ 
+-- 
+2.14.2
+

boot/grub2/0054-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch

@@ -0,0 +1,66 @@
+From 6aee4bfd6973c714056fb7b56890b8d524e94ee1 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 11 Dec 2020 15:03:13 +0000
+Subject: [PATCH] kern/efi/mm: Fix possible NULL pointer dereference
+
+The model of grub_efi_get_memory_map() is that if memory_map is NULL,
+then the purpose is to discover how much memory should be allocated to
+it for the subsequent call.
+
+The problem here is that with grub_efi_is_finished set to 1, there is no
+check at all that the function is being called with a non-NULL memory_map.
+
+While this MAY be true, we shouldn't assume it.
+
+The solution to this is to behave as expected, and if memory_map is NULL,
+then don't try to use it and allow memory_map_size to be filled in, and
+return 0 as is done later in the code if the buffer is too small (or NULL).
+
+Additionally, drop unneeded ret = 1.
+
+Fixes: CID 96632
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/kern/efi/mm.c | 19 ++++++++++++++-----
+ 1 file changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
+index b02fab1..5afcef7 100644
+--- a/grub-core/kern/efi/mm.c
++++ b/grub-core/kern/efi/mm.c
+@@ -328,15 +328,24 @@ grub_efi_get_memory_map (grub_efi_uintn_t *memory_map_size,
+   if (grub_efi_is_finished)
+     {
+       int ret = 1;
+-      if (*memory_map_size < finish_mmap_size)
++
++      if (memory_map != NULL)
+ 	{
+-	  grub_memcpy (memory_map, finish_mmap_buf, *memory_map_size);
+-	  ret = 0;
++	  if (*memory_map_size < finish_mmap_size)
++	    {
++	      grub_memcpy (memory_map, finish_mmap_buf, *memory_map_size);
++	      ret = 0;
++	    }
++          else
++	    grub_memcpy (memory_map, finish_mmap_buf, finish_mmap_size);
+ 	}
+       else
+ 	{
+-	  grub_memcpy (memory_map, finish_mmap_buf, finish_mmap_size);
+-	  ret = 1;
++	  /*
++	   * Incomplete, no buffer to copy into, same as
++	   * GRUB_EFI_BUFFER_TOO_SMALL below.
++	   */
++	  ret = 0;
+ 	}
+       *memory_map_size = finish_mmap_size;
+       if (map_key)
+-- 
+2.14.2
+

boot/grub2/0055-gnulib-regexec-Resolve-unused-variable.patch

@@ -0,0 +1,90 @@
+From a983d36bd9178d377d2072fd4b11c635fdc404b4 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Wed, 21 Oct 2020 14:41:27 +0000
+Subject: [PATCH] gnulib/regexec: Resolve unused variable
+
+This is a really minor issue where a variable is being assigned to but
+not checked before it is overwritten again.
+
+The reason for this issue is that we are not building with DEBUG set and
+this in turn means that the assert() that reads the value of the
+variable match_last is being processed out.
+
+The solution, move the assignment to match_last in to an ifdef DEBUG too.
+
+Fixes: CID 292459
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+[Add changes to generated files]
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ Makefile.in                                         |  1 +
+ conf/Makefile.extra-dist                            |  1 +
+ grub-core/lib/gnulib-patches/fix-unused-value.patch | 14 ++++++++++++++
+ grub-core/lib/gnulib/regexec.c                      |  4 ++++
+ 4 files changed, 20 insertions(+)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-unused-value.patch
+
+diff --git a/Makefile.in b/Makefile.in
+index ecb3278..e6b287b 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -2742,6 +2742,7 @@ EXTRA_DIST = autogen.sh geninit.sh gentpl.py Makefile.util.def \
+ 	grub-core/gensyminfo.sh.in grub-core/gensymlist.sh \
+ 	grub-core/genemuinit.sh grub-core/genemuinitheader.sh \
+ 	grub-core/lib/gnulib-patches/fix-null-deref.patch \
++	grub-core/lib/gnulib-patches/fix-unused-value.patch \
+ 	grub-core/lib/gnulib-patches/fix-width.patch \
+ 	grub-core/lib/gnulib-patches/no-abort.patch \
+ 	grub-core/lib/libgcrypt \
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index 46c4e95..9b01152 100644
+--- a/conf/Makefile.extra-dist
++++ b/conf/Makefile.extra-dist
+@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh
+ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/no-abort.patch
+ 
+diff --git a/grub-core/lib/gnulib-patches/fix-unused-value.patch b/grub-core/lib/gnulib-patches/fix-unused-value.patch
+new file mode 100644
+index 0000000..ba51f1b
+--- /dev/null
++++ b/grub-core/lib/gnulib-patches/fix-unused-value.patch
+@@ -0,0 +1,14 @@
++--- a/lib/regexec.c	2020-10-21 14:25:35.310195912 +0000
+++++ b/lib/regexec.c	2020-10-21 14:32:07.961765604 +0000
++@@ -828,7 +828,11 @@
++ 		    break;
++ 		  if (__glibc_unlikely (err != REG_NOMATCH))
++ 		    goto free_return;
+++#ifdef DEBUG
+++		  /* Only used for assertion below when DEBUG is set, otherwise
+++		     it will be over-written when we loop around.  */
++ 		  match_last = -1;
+++#endif
++ 		}
++ 	      else
++ 		break; /* We found a match.  */
+diff --git a/grub-core/lib/gnulib/regexec.c b/grub-core/lib/gnulib/regexec.c
+index 21cf791..98a25f5 100644
+--- a/grub-core/lib/gnulib/regexec.c
++++ b/grub-core/lib/gnulib/regexec.c
+@@ -828,6 +828,10 @@ re_search_internal (const regex_t *preg, const char *string, Idx length,
+ 		    break;
+ 		  if (__glibc_unlikely (err != REG_NOMATCH))
+ 		    goto free_return;
++#ifdef DEBUG
++		  /* Only used for assertion below when DEBUG is set, otherwise
++		     it will be over-written when we loop around.  */
++#endif
+ 		  match_last = -1;
+ 		}
+ 	      else
+-- 
+2.14.2
+

boot/grub2/0056-gnulib-regcomp-Fix-uninitialized-token-structure.patch

@@ -0,0 +1,82 @@
+From 75c3d3cec4f408848f575d6d5e30a95bd6313db0 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 22 Oct 2020 13:54:06 +0000
+Subject: [PATCH] gnulib/regcomp: Fix uninitialized token structure
+
+The code is assuming that the value of br_token.constraint was
+initialized to zero when it wasn't.
+
+While some compilers will ensure that, not all do, so it is better to
+fix this explicitly than leave it to chance.
+
+Fixes: CID 73749
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+[Add changes to generated files]
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ Makefile.in                                             |  1 +
+ conf/Makefile.extra-dist                                |  1 +
+ grub-core/lib/gnulib-patches/fix-uninit-structure.patch | 11 +++++++++++
+ grub-core/lib/gnulib/regcomp.c                          |  2 +-
+ 4 files changed, 14 insertions(+), 1 deletion(-)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+
+diff --git a/Makefile.in b/Makefile.in
+index e6b287b..d58a7d7 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -2742,6 +2742,7 @@ EXTRA_DIST = autogen.sh geninit.sh gentpl.py Makefile.util.def \
+ 	grub-core/gensyminfo.sh.in grub-core/gensymlist.sh \
+ 	grub-core/genemuinit.sh grub-core/genemuinitheader.sh \
+ 	grub-core/lib/gnulib-patches/fix-null-deref.patch \
++	grub-core/lib/gnulib-patches/fix-uninit-structure.patch \
+ 	grub-core/lib/gnulib-patches/fix-unused-value.patch \
+ 	grub-core/lib/gnulib-patches/fix-width.patch \
+ 	grub-core/lib/gnulib-patches/no-abort.patch \
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index 9b01152..9e55458 100644
+--- a/conf/Makefile.extra-dist
++++ b/conf/Makefile.extra-dist
+@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh
+ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/no-abort.patch
+diff --git a/grub-core/lib/gnulib-patches/fix-uninit-structure.patch b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+new file mode 100644
+index 0000000..7b4d9f6
+--- /dev/null
++++ b/grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+@@ -0,0 +1,11 @@
++--- a/lib/regcomp.c	2020-10-22 13:49:06.770168928 +0000
+++++ b/lib/regcomp.c	2020-10-22 13:50:37.026528298 +0000
++@@ -3662,7 +3662,7 @@
++   Idx alloc = 0;
++ #endif /* not RE_ENABLE_I18N */
++   reg_errcode_t ret;
++-  re_token_t br_token;
+++  re_token_t br_token = {0};
++   bin_tree_t *tree;
++ 
++   sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1);
+diff --git a/grub-core/lib/gnulib/regcomp.c b/grub-core/lib/gnulib/regcomp.c
+index fe7dfcb..2545d3e 100644
+--- a/grub-core/lib/gnulib/regcomp.c
++++ b/grub-core/lib/gnulib/regcomp.c
+@@ -3662,7 +3662,7 @@ build_charclass_op (re_dfa_t *dfa, RE_TRANSLATE_TYPE trans,
+   Idx alloc = 0;
+ #endif /* not RE_ENABLE_I18N */
+   reg_errcode_t ret;
+-  re_token_t br_token;
++  re_token_t br_token = {0};
+   bin_tree_t *tree;
+ 
+   sbcset = (re_bitset_ptr_t) calloc (sizeof (bitset_t), 1);
+-- 
+2.14.2
+

boot/grub2/0057-gnulib-argp-help-Fix-dereference-of-a-possibly-NULL-.patch

@@ -0,0 +1,82 @@
+From 3a37bf120a9194c373257c70175cdb5b337bc107 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Wed, 28 Oct 2020 14:43:01 +0000
+Subject: [PATCH] gnulib/argp-help: Fix dereference of a possibly NULL state
+
+All other instances of call to __argp_failure() where there is
+a dgettext() call is first checking whether state is NULL before
+attempting to dereference it to get the root_argp->argp_domain.
+
+Fixes: CID 292436
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+[Add changes to generated files]
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ Makefile.in                                             |  1 +
+ conf/Makefile.extra-dist                                |  1 +
+ grub-core/lib/gnulib-patches/fix-null-state-deref.patch | 12 ++++++++++++
+ grub-core/lib/gnulib/argp-help.c                        |  3 ++-
+ 4 files changed, 16 insertions(+), 1 deletion(-)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+
+diff --git a/Makefile.in b/Makefile.in
+index d58a7d7..812b7c2 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -2742,6 +2742,7 @@ EXTRA_DIST = autogen.sh geninit.sh gentpl.py Makefile.util.def \
+ 	grub-core/gensyminfo.sh.in grub-core/gensymlist.sh \
+ 	grub-core/genemuinit.sh grub-core/genemuinitheader.sh \
+ 	grub-core/lib/gnulib-patches/fix-null-deref.patch \
++	grub-core/lib/gnulib-patches/fix-null-state-deref.patch \
+ 	grub-core/lib/gnulib-patches/fix-uninit-structure.patch \
+ 	grub-core/lib/gnulib-patches/fix-unused-value.patch \
+ 	grub-core/lib/gnulib-patches/fix-width.patch \
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index 9e55458..96d7e69 100644
+--- a/conf/Makefile.extra-dist
++++ b/conf/Makefile.extra-dist
+@@ -29,6 +29,7 @@ EXTRA_DIST += grub-core/genemuinit.sh
+ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
+diff --git a/grub-core/lib/gnulib-patches/fix-null-state-deref.patch b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+new file mode 100644
+index 0000000..813ec09
+--- /dev/null
++++ b/grub-core/lib/gnulib-patches/fix-null-state-deref.patch
+@@ -0,0 +1,12 @@
++--- a/lib/argp-help.c	2020-10-28 14:32:19.189215988 +0000
+++++ b/lib/argp-help.c	2020-10-28 14:38:21.204673940 +0000
++@@ -145,7 +145,8 @@
++       if (*(int *)((char *)upptr + up->uparams_offs) >= upptr->rmargin)
++         {
++           __argp_failure (state, 0, 0,
++-                          dgettext (state->root_argp->argp_domain,
+++                          dgettext (state == NULL ? NULL
+++                                    : state->root_argp->argp_domain,
++                                     "\
++ ARGP_HELP_FMT: %s value is less than or equal to %s"),
++                           "rmargin", up->name);
+diff --git a/grub-core/lib/gnulib/argp-help.c b/grub-core/lib/gnulib/argp-help.c
+index 5d8f451..c75568c 100644
+--- a/grub-core/lib/gnulib/argp-help.c
++++ b/grub-core/lib/gnulib/argp-help.c
+@@ -145,7 +145,8 @@ validate_uparams (const struct argp_state *state, struct uparams *upptr)
+       if (*(int *)((char *)upptr + up->uparams_offs) >= upptr->rmargin)
+         {
+           __argp_failure (state, 0, 0,
+-                          dgettext (state->root_argp->argp_domain,
++                          dgettext (state == NULL ? NULL
++                                    : state->root_argp->argp_domain,
+                                     "\
+ ARGP_HELP_FMT: %s value is less than or equal to %s"),
+                           "rmargin", up->name);
+-- 
+2.14.2
+

boot/grub2/0058-gnulib-regexec-Fix-possible-null-dereference.patch

@@ -0,0 +1,83 @@
+From 0b7f347638153e403ee2dd518af3ce26f4f99647 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 5 Nov 2020 10:57:14 +0000
+Subject: [PATCH] gnulib/regexec: Fix possible null-dereference
+
+It appears to be possible that the mctx->state_log field may be NULL,
+and the name of this function, clean_state_log_if_needed(), suggests
+that it should be checking that it is valid to be cleaned before
+assuming that it does.
+
+Fixes: CID 86720
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+[Add changes to generated files]
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ Makefile.in                                               |  1 +
+ conf/Makefile.extra-dist                                  |  1 +
+ grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch | 12 ++++++++++++
+ grub-core/lib/gnulib/regexec.c                            |  3 +++
+ 4 files changed, 17 insertions(+)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+
+diff --git a/Makefile.in b/Makefile.in
+index 812b7c2..d9da6e9 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -2743,6 +2743,7 @@ EXTRA_DIST = autogen.sh geninit.sh gentpl.py Makefile.util.def \
+ 	grub-core/genemuinit.sh grub-core/genemuinitheader.sh \
+ 	grub-core/lib/gnulib-patches/fix-null-deref.patch \
+ 	grub-core/lib/gnulib-patches/fix-null-state-deref.patch \
++	grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch \
+ 	grub-core/lib/gnulib-patches/fix-uninit-structure.patch \
+ 	grub-core/lib/gnulib-patches/fix-unused-value.patch \
+ 	grub-core/lib/gnulib-patches/fix-width.patch \
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index 96d7e69..d27d3a9 100644
+--- a/conf/Makefile.extra-dist
++++ b/conf/Makefile.extra-dist
+@@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-width.patch
+diff --git a/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+new file mode 100644
+index 0000000..db6dac9
+--- /dev/null
++++ b/grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+@@ -0,0 +1,12 @@
++--- a/lib/regexec.c	2020-10-21 14:25:35.310195912 +0000
+++++ b/lib/regexec.c	2020-11-05 10:55:09.621542984 +0000
++@@ -1692,6 +1692,9 @@
++ {
++   Idx top = mctx->state_log_top;
++
+++  if (mctx->state_log == NULL)
+++    return REG_NOERROR;
+++
++   if ((next_state_log_idx >= mctx->input.bufs_len
++        && mctx->input.bufs_len < mctx->input.len)
++       || (next_state_log_idx >= mctx->input.valid_len
+diff --git a/grub-core/lib/gnulib/regexec.c b/grub-core/lib/gnulib/regexec.c
+index 98a25f5..df97667 100644
+--- a/grub-core/lib/gnulib/regexec.c
++++ b/grub-core/lib/gnulib/regexec.c
+@@ -1696,6 +1696,9 @@ clean_state_log_if_needed (re_match_context_t *mctx, Idx next_state_log_idx)
+ {
+   Idx top = mctx->state_log_top;
+ 
++  if (mctx->state_log == NULL)
++    return REG_NOERROR;
++
+   if ((next_state_log_idx >= mctx->input.bufs_len
+        && mctx->input.bufs_len < mctx->input.len)
+       || (next_state_log_idx >= mctx->input.valid_len
+-- 
+2.14.2
+

boot/grub2/0059-gnulib-regcomp-Fix-uninitialized-re_token.patch

@@ -0,0 +1,88 @@
+From 03477085f9a33789ba6cca7cd49ab9326a1baa0e Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 24 Nov 2020 18:04:22 +0000
+Subject: [PATCH] gnulib/regcomp: Fix uninitialized re_token
+
+This issue has been fixed in the latest version of gnulib, so to
+maintain consistency, I've backported that change rather than doing
+something different.
+
+Fixes: CID 73828
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+[Add changes to generated files]
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ Makefile.in                                               |  1 +
+ conf/Makefile.extra-dist                                  |  1 +
+ .../lib/gnulib-patches/fix-regcomp-uninit-token.patch     | 15 +++++++++++++++
+ grub-core/lib/gnulib/regcomp.c                            |  6 +-----
+ 4 files changed, 18 insertions(+), 5 deletions(-)
+ create mode 100644 grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
+
+diff --git a/Makefile.in b/Makefile.in
+index d9da6e9..9442504 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -2743,6 +2743,7 @@ EXTRA_DIST = autogen.sh geninit.sh gentpl.py Makefile.util.def \
+ 	grub-core/genemuinit.sh grub-core/genemuinitheader.sh \
+ 	grub-core/lib/gnulib-patches/fix-null-deref.patch \
+ 	grub-core/lib/gnulib-patches/fix-null-state-deref.patch \
++	grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch \
+ 	grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch \
+ 	grub-core/lib/gnulib-patches/fix-uninit-structure.patch \
+ 	grub-core/lib/gnulib-patches/fix-unused-value.patch \
+diff --git a/conf/Makefile.extra-dist b/conf/Makefile.extra-dist
+index d27d3a9..ffe6829 100644
+--- a/conf/Makefile.extra-dist
++++ b/conf/Makefile.extra-dist
+@@ -30,6 +30,7 @@ EXTRA_DIST += grub-core/genemuinitheader.sh
+ 
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-null-state-deref.patch
++EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-regexec-null-deref.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-uninit-structure.patch
+ EXTRA_DIST += grub-core/lib/gnulib-patches/fix-unused-value.patch
+diff --git a/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
+new file mode 100644
+index 0000000..02e0631
+--- /dev/null
++++ b/grub-core/lib/gnulib-patches/fix-regcomp-uninit-token.patch
+@@ -0,0 +1,15 @@
++--- a/lib/regcomp.c	2020-11-24 17:06:08.159223858 +0000
+++++ b/lib/regcomp.c	2020-11-24 17:06:15.630253923 +0000
++@@ -3808,11 +3808,7 @@
++ create_tree (re_dfa_t *dfa, bin_tree_t *left, bin_tree_t *right,
++ 	     re_token_type_t type)
++ {
++-  re_token_t t;
++-#if defined GCC_LINT || defined lint
++-  memset (&t, 0, sizeof t);
++-#endif
++-  t.type = type;
+++  re_token_t t = { .type = type };
++   return create_token_tree (dfa, left, right, &t);
++ }
++ 
+diff --git a/grub-core/lib/gnulib/regcomp.c b/grub-core/lib/gnulib/regcomp.c
+index 2545d3e..64a4fa7 100644
+--- a/grub-core/lib/gnulib/regcomp.c
++++ b/grub-core/lib/gnulib/regcomp.c
+@@ -3808,11 +3808,7 @@ static bin_tree_t *
+ create_tree (re_dfa_t *dfa, bin_tree_t *left, bin_tree_t *right,
+ 	     re_token_type_t type)
+ {
+-  re_token_t t;
+-#if defined GCC_LINT || defined lint
+-  memset (&t, 0, sizeof t);
+-#endif
+-  t.type = type;
++  re_token_t t = { .type = type };
+   return create_token_tree (dfa, left, right, &t);
+ }
+ 
+-- 
+2.14.2
+

boot/grub2/0060-io-lzopio-Resolve-unnecessary-self-assignment-errors.patch

@@ -0,0 +1,42 @@
+From 59666e520f44177c97b82a44c169b3b315d63b42 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Wed, 21 Oct 2020 14:44:10 +0000
+Subject: [PATCH] io/lzopio: Resolve unnecessary self-assignment errors
+
+These 2 assignments are unnecessary since they are just assigning
+to themselves.
+
+Fixes: CID 73643
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/io/lzopio.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/grub-core/io/lzopio.c b/grub-core/io/lzopio.c
+index 3014485..a7d4425 100644
+--- a/grub-core/io/lzopio.c
++++ b/grub-core/io/lzopio.c
+@@ -125,8 +125,6 @@ read_block_header (struct grub_lzopio *lzopio)
+ 			  sizeof (lzopio->block.ucheck)) !=
+ 	  sizeof (lzopio->block.ucheck))
+ 	return -1;
+-
+-      lzopio->block.ucheck = lzopio->block.ucheck;
+     }
+ 
+   /* Read checksum of compressed data.  */
+@@ -143,8 +141,6 @@ read_block_header (struct grub_lzopio *lzopio)
+ 			      sizeof (lzopio->block.ccheck)) !=
+ 	      sizeof (lzopio->block.ccheck))
+ 	    return -1;
+-
+-	  lzopio->block.ccheck = lzopio->block.ccheck;
+ 	}
+     }
+ 
+-- 
+2.14.2
+

boot/grub2/0061-zstd-Initialize-seq_t-structure-fully.patch

@@ -0,0 +1,35 @@
+From 2777cf4466719921dbe4b30af358a75e7d76f217 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 5 Nov 2020 10:29:59 +0000
+Subject: [PATCH] zstd: Initialize seq_t structure fully
+
+While many compilers will initialize this to zero, not all will, so it
+is better to be sure that fields not being explicitly set are at known
+values, and there is code that checks this fields value elsewhere in the
+code.
+
+Fixes: CID 292440
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/lib/zstd/zstd_decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/lib/zstd/zstd_decompress.c b/grub-core/lib/zstd/zstd_decompress.c
+index 711b5b6..e4b5670 100644
+--- a/grub-core/lib/zstd/zstd_decompress.c
++++ b/grub-core/lib/zstd/zstd_decompress.c
+@@ -1325,7 +1325,7 @@ typedef enum { ZSTD_lo_isRegularOffset, ZSTD_lo_isLongOffset=1 } ZSTD_longOffset
+ FORCE_INLINE_TEMPLATE seq_t
+ ZSTD_decodeSequence(seqState_t* seqState, const ZSTD_longOffset_e longOffsets)
+ {
+-    seq_t seq;
++    seq_t seq = {0};
+     U32 const llBits = seqState->stateLL.table[seqState->stateLL.state].nbAdditionalBits;
+     U32 const mlBits = seqState->stateML.table[seqState->stateML.state].nbAdditionalBits;
+     U32 const ofBits = seqState->stateOffb.table[seqState->stateOffb.state].nbAdditionalBits;
+-- 
+2.14.2
+

boot/grub2/0062-kern-partition-Check-for-NULL-before-dereferencing-i.patch

@@ -0,0 +1,44 @@
+From bc9c468a2ce84bc767234eec888b71f1bc744fff Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 23 Oct 2020 09:49:59 +0000
+Subject: [PATCH] kern/partition: Check for NULL before dereferencing input
+ string
+
+There is the possibility that the value of str comes from an external
+source and continuing to use it before ever checking its validity is
+wrong. So, needs fixing.
+
+Additionally, drop unneeded part initialization.
+
+Fixes: CID 292444
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/kern/partition.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/kern/partition.c b/grub-core/kern/partition.c
+index e499147..b10a184 100644
+--- a/grub-core/kern/partition.c
++++ b/grub-core/kern/partition.c
+@@ -109,11 +109,14 @@ grub_partition_map_probe (const grub_partition_map_t partmap,
+ grub_partition_t
+ grub_partition_probe (struct grub_disk *disk, const char *str)
+ {
+-  grub_partition_t part = 0;
++  grub_partition_t part;
+   grub_partition_t curpart = 0;
+   grub_partition_t tail;
+   const char *ptr;
+ 
++  if (str == NULL)
++    return 0;
++
+   part = tail = disk->partition;
+ 
+   for (ptr = str; *ptr;)
+-- 
+2.14.2
+

boot/grub2/0063-disk-ldm-Make-sure-comp-data-is-freed-before-exiting.patch

@@ -0,0 +1,129 @@
+From 23e39f50ca7a107f6b66396ed4d177a914dee035 Mon Sep 17 00:00:00 2001
+From: Marco A Benatto <mbenatto@redhat.com>
+Date: Mon, 7 Dec 2020 11:53:03 -0300
+Subject: [PATCH] disk/ldm: Make sure comp data is freed before exiting from
+ make_vg()
+
+Several error handling paths in make_vg() do not free comp data before
+jumping to fail2 label and returning from the function. This will leak
+memory. So, let's fix all issues of that kind.
+
+Fixes: CID 73804
+
+Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/disk/ldm.c | 51 ++++++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 44 insertions(+), 7 deletions(-)
+
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index 58f8a53..428415f 100644
+--- a/grub-core/disk/ldm.c
++++ b/grub-core/disk/ldm.c
+@@ -554,7 +554,11 @@ make_vg (grub_disk_t disk,
+ 	      comp->segments = grub_calloc (comp->segment_alloc,
+ 					    sizeof (*comp->segments));
+ 	      if (!comp->segments)
+-		goto fail2;
++		{
++		  grub_free (comp->internal_id);
++		  grub_free (comp);
++		  goto fail2;
++		}
+ 	    }
+ 	  else
+ 	    {
+@@ -562,7 +566,11 @@ make_vg (grub_disk_t disk,
+ 	      comp->segment_count = 1;
+ 	      comp->segments = grub_malloc (sizeof (*comp->segments));
+ 	      if (!comp->segments)
+-		goto fail2;
++		{
++		  grub_free (comp->internal_id);
++		  grub_free (comp);
++		  goto fail2;
++		}
+ 	      comp->segments->start_extent = 0;
+ 	      comp->segments->extent_count = lv->size;
+ 	      comp->segments->layout = 0;
+@@ -574,15 +582,26 @@ make_vg (grub_disk_t disk,
+ 		  comp->segments->layout = GRUB_RAID_LAYOUT_SYMMETRIC_MASK;
+ 		}
+ 	      else
+-		goto fail2;
++		{
++		  grub_free (comp->segments);
++		  grub_free (comp->internal_id);
++		  grub_free (comp);
++		  goto fail2;
++		}
+ 	      ptr += *ptr + 1;
+ 	      ptr++;
+ 	      if (!(vblk[i].flags & 0x10))
+-		goto fail2;
++		{
++		  grub_free (comp->segments);
++		  grub_free (comp->internal_id);
++		  grub_free (comp);
++		  goto fail2;
++		}
+ 	      if (ptr >= vblk[i].dynamic + sizeof (vblk[i].dynamic)
+ 		  || ptr + *ptr + 1 >= vblk[i].dynamic
+ 		  + sizeof (vblk[i].dynamic))
+ 		{
++		  grub_free (comp->segments);
+ 		  grub_free (comp->internal_id);
+ 		  grub_free (comp);
+ 		  goto fail2;
+@@ -592,6 +611,7 @@ make_vg (grub_disk_t disk,
+ 	      if (ptr + *ptr + 1 >= vblk[i].dynamic
+ 		  + sizeof (vblk[i].dynamic))
+ 		{
++		  grub_free (comp->segments);
+ 		  grub_free (comp->internal_id);
+ 		  grub_free (comp);
+ 		  goto fail2;
+@@ -601,7 +621,12 @@ make_vg (grub_disk_t disk,
+ 	      comp->segments->nodes = grub_calloc (comp->segments->node_alloc,
+ 						   sizeof (*comp->segments->nodes));
+ 	      if (!lv->segments->nodes)
+-		goto fail2;
++		{
++		  grub_free (comp->segments);
++		  grub_free (comp->internal_id);
++		  grub_free (comp);
++		  goto fail2;
++		}
+ 	    }
+ 
+ 	  if (lv->segments->node_alloc == lv->segments->node_count)
+@@ -611,11 +636,23 @@ make_vg (grub_disk_t disk,
+ 
+ 	      if (grub_mul (lv->segments->node_alloc, 2, &lv->segments->node_alloc) ||
+ 		  grub_mul (lv->segments->node_alloc, sizeof (*lv->segments->nodes), &sz))
+-		goto fail2;
++		{
++		  grub_free (comp->segments->nodes);
++		  grub_free (comp->segments);
++		  grub_free (comp->internal_id);
++		  grub_free (comp);
++		  goto fail2;
++		}
+ 
+ 	      t = grub_realloc (lv->segments->nodes, sz);
+ 	      if (!t)
+-		goto fail2;
++		{
++		  grub_free (comp->segments->nodes);
++		  grub_free (comp->segments);
++		  grub_free (comp->internal_id);
++		  grub_free (comp);
++		  goto fail2;
++		}
+ 	      lv->segments->nodes = t;
+ 	    }
+ 	  lv->segments->nodes[lv->segments->node_count].pv = 0;
+-- 
+2.14.2
+

boot/grub2/0064-disk-ldm-If-failed-then-free-vg-variable-too.patch

@@ -0,0 +1,29 @@
+From e0b83df5da538d2a38f770e60817b3a4b9d5b4d7 Mon Sep 17 00:00:00 2001
+From: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
+Date: Mon, 7 Dec 2020 10:07:47 -0300
+Subject: [PATCH] disk/ldm: If failed then free vg variable too
+
+Fixes: CID 73809
+
+Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/disk/ldm.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index 428415f..54713f4 100644
+--- a/grub-core/disk/ldm.c
++++ b/grub-core/disk/ldm.c
+@@ -199,6 +199,7 @@ make_vg (grub_disk_t disk,
+     {
+       grub_free (vg->uuid);
+       grub_free (vg->name);
++      grub_free (vg);
+       return NULL;
+     }
+   grub_memcpy (vg->uuid, label->group_guid, LDM_GUID_STRLEN);
+-- 
+2.14.2
+

boot/grub2/0065-disk-ldm-Fix-memory-leak-on-uninserted-lv-references.patch

@@ -0,0 +1,51 @@
+From 156c281a1625dc73fd350530630c6f2d5673d4f6 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 8 Dec 2020 10:00:51 +0000
+Subject: [PATCH] disk/ldm: Fix memory leak on uninserted lv references
+
+The problem here is that the memory allocated to the variable lv is not
+yet inserted into the list that is being processed at the label fail2.
+
+As we can already see at line 342, which correctly frees lv before going
+to fail2, we should also be doing that at these earlier jumps to fail2.
+
+Fixes: CID 73824
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/disk/ldm.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/disk/ldm.c b/grub-core/disk/ldm.c
+index 54713f4..e82e989 100644
+--- a/grub-core/disk/ldm.c
++++ b/grub-core/disk/ldm.c
+@@ -321,7 +321,10 @@ make_vg (grub_disk_t disk,
+ 	  lv->visible = 1;
+ 	  lv->segments = grub_zalloc (sizeof (*lv->segments));
+ 	  if (!lv->segments)
+-	    goto fail2;
++	    {
++	      grub_free (lv);
++	      goto fail2;
++	    }
+ 	  lv->segments->start_extent = 0;
+ 	  lv->segments->type = GRUB_DISKFILTER_MIRROR;
+ 	  lv->segments->node_count = 0;
+@@ -329,7 +332,10 @@ make_vg (grub_disk_t disk,
+ 	  lv->segments->nodes = grub_calloc (lv->segments->node_alloc,
+ 					     sizeof (*lv->segments->nodes));
+ 	  if (!lv->segments->nodes)
+-	    goto fail2;
++	    {
++	      grub_free (lv);
++	      goto fail2;
++	    }
+ 	  ptr = vblk[i].dynamic;
+ 	  if (ptr + *ptr + 1 >= vblk[i].dynamic
+ 	      + sizeof (vblk[i].dynamic))
+-- 
+2.14.2
+

boot/grub2/0066-disk-cryptodisk-Fix-potential-integer-overflow.patch

@@ -0,0 +1,51 @@
+From a201ad17caa430aa710654fdf2e6ab4c8166f031 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 21 Jan 2021 11:38:31 +0000
+Subject: [PATCH] disk/cryptodisk: Fix potential integer overflow
+
+The encrypt and decrypt functions expect a grub_size_t. So, we need to
+ensure that the constant bit shift is using grub_size_t rather than
+unsigned int when it is performing the shift.
+
+Fixes: CID 307788
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/disk/cryptodisk.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
+index 5037768..6883f48 100644
+--- a/grub-core/disk/cryptodisk.c
++++ b/grub-core/disk/cryptodisk.c
+@@ -311,10 +311,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
+ 	case GRUB_CRYPTODISK_MODE_CBC:
+ 	  if (do_encrypt)
+ 	    err = grub_crypto_cbc_encrypt (dev->cipher, data + i, data + i,
+-					   (1U << dev->log_sector_size), iv);
++					   ((grub_size_t) 1 << dev->log_sector_size), iv);
+ 	  else
+ 	    err = grub_crypto_cbc_decrypt (dev->cipher, data + i, data + i,
+-					   (1U << dev->log_sector_size), iv);
++					   ((grub_size_t) 1 << dev->log_sector_size), iv);
+ 	  if (err)
+ 	    return err;
+ 	  break;
+@@ -322,10 +322,10 @@ grub_cryptodisk_endecrypt (struct grub_cryptodisk *dev,
+ 	case GRUB_CRYPTODISK_MODE_PCBC:
+ 	  if (do_encrypt)
+ 	    err = grub_crypto_pcbc_encrypt (dev->cipher, data + i, data + i,
+-					    (1U << dev->log_sector_size), iv);
++					    ((grub_size_t) 1 << dev->log_sector_size), iv);
+ 	  else
+ 	    err = grub_crypto_pcbc_decrypt (dev->cipher, data + i, data + i,
+-					    (1U << dev->log_sector_size), iv);
++					    ((grub_size_t) 1 << dev->log_sector_size), iv);
+ 	  if (err)
+ 	    return err;
+ 	  break;
+-- 
+2.14.2
+

boot/grub2/0067-hfsplus-Check-that-the-volume-name-length-is-valid.patch

@@ -0,0 +1,44 @@
+From 2298f6e0d951251bb9ca97d891d1bc8b74515f8c Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 23 Oct 2020 17:09:31 +0000
+Subject: [PATCH] hfsplus: Check that the volume name length is valid
+
+HFS+ documentation suggests that the maximum filename and volume name is
+255 Unicode characters in length.
+
+So, when converting from big-endian to little-endian, we should ensure
+that the name of the volume has a length that is between 0 and 255,
+inclusive.
+
+Fixes: CID 73641
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/hfsplus.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
+index 9c4e4c8..8fe7c12 100644
+--- a/grub-core/fs/hfsplus.c
++++ b/grub-core/fs/hfsplus.c
+@@ -1012,6 +1012,15 @@ grub_hfsplus_label (grub_device_t device, char **label)
+     grub_hfsplus_btree_recptr (&data->catalog_tree, node, ptr);
+ 
+   label_len = grub_be_to_cpu16 (catkey->namelen);
++
++  /* Ensure that the length is >= 0. */
++  if (label_len < 0)
++    label_len = 0;
++
++  /* Ensure label length is at most 255 Unicode characters. */
++  if (label_len > 255)
++    label_len = 255;
++
+   label_name = grub_calloc (label_len, sizeof (*label_name));
+   if (!label_name)
+     {
+-- 
+2.14.2
+

boot/grub2/0068-zfs-Fix-possible-negative-shift-operation.patch

@@ -0,0 +1,43 @@
+From a02091834d3e167320d8a262ff04b8e83c5e616d Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 24 Nov 2020 16:41:49 +0000
+Subject: [PATCH] zfs: Fix possible negative shift operation
+
+While it is possible for the return value from zfs_log2() to be zero
+(0), it is quite unlikely, given that the previous assignment to blksz
+is shifted up by SPA_MINBLOCKSHIFT (9) before 9 is subtracted at the
+assignment to epbs.
+
+But, while unlikely during a normal operation, it may be that a carefully
+crafted ZFS filesystem could result in a zero (0) value to the
+dn_datalbkszsec field, which means that the shift left does nothing
+and assigns zero (0) to blksz, resulting in a negative epbs value.
+
+Fixes: CID 73608
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/zfs/zfs.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index 36d0373..0c42cba 100644
+--- a/grub-core/fs/zfs/zfs.c
++++ b/grub-core/fs/zfs/zfs.c
+@@ -2667,6 +2667,11 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, grub_uint8_t type,
+   blksz = grub_zfs_to_cpu16 (mdn->dn.dn_datablkszsec, 
+ 			     mdn->endian) << SPA_MINBLOCKSHIFT;
+   epbs = zfs_log2 (blksz) - DNODE_SHIFT;
++
++  /* While this should never happen, we should check that epbs is not negative. */
++  if (epbs < 0)
++    epbs = 0;
++
+   blkid = objnum >> epbs;
+   idx = objnum & ((1 << epbs) - 1);
+ 
+-- 
+2.14.2
+

boot/grub2/0069-zfs-Fix-resource-leaks-while-constructing-path.patch

@@ -0,0 +1,122 @@
+From 89bdab965805e8d54d7f75349024e1a11cbe2eb8 Mon Sep 17 00:00:00 2001
+From: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
+Date: Mon, 14 Dec 2020 18:54:49 -0300
+Subject: [PATCH] zfs: Fix resource leaks while constructing path
+
+There are several exit points in dnode_get_path() that are causing possible
+memory leaks.
+
+In the while(1) the correct exit mechanism should not be to do a direct return,
+but to instead break out of the loop, setting err first if it is not already set.
+
+The reason behind this is that the dnode_path is a linked list, and while doing
+through this loop, it is being allocated and built up - the only way to
+correctly unravel it is to traverse it, which is what is being done at the end
+of the function outside of the loop.
+
+Several of the existing exit points correctly did a break, but not all so this
+change makes that more consistent and should resolve the leaking of memory as
+found by Coverity.
+
+Fixes: CID 73741
+
+Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/zfs/zfs.c | 30 +++++++++++++++++++++---------
+ 1 file changed, 21 insertions(+), 9 deletions(-)
+
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index 0c42cba..9087a72 100644
+--- a/grub-core/fs/zfs/zfs.c
++++ b/grub-core/fs/zfs/zfs.c
+@@ -2836,8 +2836,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ 
+       if (dnode_path->dn.dn.dn_type != DMU_OT_DIRECTORY_CONTENTS)
+ 	{
+-	  grub_free (path_buf);
+-	  return grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory"));
++	  err = grub_error (GRUB_ERR_BAD_FILE_TYPE, N_("not a directory"));
++	  break;
+ 	}
+       err = zap_lookup (&(dnode_path->dn), cname, &objnum,
+ 			data, subvol->case_insensitive);
+@@ -2879,11 +2879,18 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ 		       << SPA_MINBLOCKSHIFT);
+ 
+ 	      if (blksz == 0)
+-		return grub_error(GRUB_ERR_BAD_FS, "0-sized block");
++                {
++                  err = grub_error (GRUB_ERR_BAD_FS, "0-sized block");
++                  break;
++                }
+ 
+ 	      sym_value = grub_malloc (sym_sz);
+ 	      if (!sym_value)
+-		return grub_errno;
++		{
++		  err = grub_errno;
++		  break;
++		}
++
+ 	      for (block = 0; block < (sym_sz + blksz - 1) / blksz; block++)
+ 		{
+ 		  void *t;
+@@ -2893,7 +2900,7 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ 		  if (err)
+ 		    {
+ 		      grub_free (sym_value);
+-		      return err;
++		      break;
+ 		    }
+ 
+ 		  movesize = sym_sz - block * blksz;
+@@ -2903,6 +2910,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ 		  grub_memcpy (sym_value + block * blksz, t, movesize);
+ 		  grub_free (t);
+ 		}
++		if (err)
++		  break;
+ 	      free_symval = 1;
+ 	    }	    
+ 	  path = path_buf = grub_malloc (sym_sz + grub_strlen (oldpath) + 1);
+@@ -2911,7 +2920,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ 	      grub_free (oldpathbuf);
+ 	      if (free_symval)
+ 		grub_free (sym_value);
+-	      return grub_errno;
++	      err = grub_errno;
++	      break;
+ 	    }
+ 	  grub_memcpy (path, sym_value, sym_sz);
+ 	  if (free_symval)
+@@ -2949,11 +2959,12 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ 	      
+ 	      err = zio_read (bp, dnode_path->dn.endian, &sahdrp, NULL, data);
+ 	      if (err)
+-		return err;
++	        break;
+ 	    }
+ 	  else
+ 	    {
+-	      return grub_error (GRUB_ERR_BAD_FS, "filesystem is corrupt");
++	      err = grub_error (GRUB_ERR_BAD_FS, "filesystem is corrupt");
++	      break;
+ 	    }
+ 
+ 	  hdrsize = SA_HDR_SIZE (((sa_hdr_phys_t *) sahdrp));
+@@ -2974,7 +2985,8 @@ dnode_get_path (struct subvolume *subvol, const char *path_in, dnode_end_t *dn,
+ 	      if (!path_buf)
+ 		{
+ 		  grub_free (oldpathbuf);
+-		  return grub_errno;
++		  err = grub_errno;
++		  break;
+ 		}
+ 	      grub_memcpy (path, sym_value, sym_sz);
+ 	      path [sym_sz] = 0;
+-- 
+2.14.2
+

boot/grub2/0070-zfs-Fix-possible-integer-overflows.patch

@@ -0,0 +1,57 @@
+From 302c12ff5714bc455949117c1c9548ccb324d55b Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 8 Dec 2020 22:17:04 +0000
+Subject: [PATCH] zfs: Fix possible integer overflows
+
+In all cases the problem is that the value being acted upon by
+a left-shift is a 32-bit number which is then being used in the
+context of a 64-bit number.
+
+To avoid overflow we ensure that the number being shifted is 64-bit
+before the shift is done.
+
+Fixes: CID 73684, CID 73695, CID 73764
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/zfs/zfs.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
+index 9087a72..b078ccc 100644
+--- a/grub-core/fs/zfs/zfs.c
++++ b/grub-core/fs/zfs/zfs.c
+@@ -564,7 +564,7 @@ find_bestub (uberblock_phys_t * ub_array,
+       ubptr = (uberblock_phys_t *) ((grub_properly_aligned_t *) ub_array
+ 				    + ((i << ub_shift)
+ 				       / sizeof (grub_properly_aligned_t)));
+-      err = uberblock_verify (ubptr, offset, 1 << ub_shift);
++      err = uberblock_verify (ubptr, offset, (grub_size_t) 1 << ub_shift);
+       if (err)
+ 	{
+ 	  grub_errno = GRUB_ERR_NONE;
+@@ -1543,7 +1543,7 @@ read_device (grub_uint64_t offset, struct grub_zfs_device_desc *desc,
+ 
+ 	    high = grub_divmod64 ((offset >> desc->ashift) + c,
+ 				  desc->n_children, &devn);
+-	    csize = bsize << desc->ashift;
++	    csize = (grub_size_t) bsize << desc->ashift;
+ 	    if (csize > len)
+ 	      csize = len;
+ 
+@@ -1635,8 +1635,8 @@ read_device (grub_uint64_t offset, struct grub_zfs_device_desc *desc,
+ 
+ 	    while (len > 0)
+ 	      {
+-		grub_size_t csize;
+-		csize = ((s / (desc->n_children - desc->nparity))
++		grub_size_t csize = s;
++		csize = ((csize / (desc->n_children - desc->nparity))
+ 			 << desc->ashift);
+ 		if (csize > len)
+ 		  csize = len;
+-- 
+2.14.2
+

boot/grub2/0071-zfsinfo-Correct-a-check-for-error-allocating-memory.patch

@@ -0,0 +1,36 @@
+From 7aab03418ec6a9b991aa44416cb2585aff4e7972 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 26 Nov 2020 10:56:45 +0000
+Subject: [PATCH] zfsinfo: Correct a check for error allocating memory
+
+While arguably the check for grub_errno is correct, we should really be
+checking the return value from the function since it is always possible
+that grub_errno was set elsewhere, making this code behave incorrectly.
+
+Fixes: CID 73668
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/zfs/zfsinfo.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/fs/zfs/zfsinfo.c b/grub-core/fs/zfs/zfsinfo.c
+index c8a28ac..bf29180 100644
+--- a/grub-core/fs/zfs/zfsinfo.c
++++ b/grub-core/fs/zfs/zfsinfo.c
+@@ -358,8 +358,8 @@ grub_cmd_zfs_bootfs (grub_command_t cmd __attribute__ ((unused)), int argc,
+     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("one argument expected"));
+ 
+   devname = grub_file_get_device_name (args[0]);
+-  if (grub_errno)
+-    return grub_errno;
++  if (devname == NULL)
++    return GRUB_ERR_OUT_OF_MEMORY;
+ 
+   dev = grub_device_open (devname);
+   grub_free (devname);
+-- 
+2.14.2
+

boot/grub2/0072-affs-Fix-memory-leaks.patch

@@ -0,0 +1,83 @@
+From 178ac5107389f8e5b32489d743d6824a5ebf342a Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 26 Nov 2020 12:48:07 +0000
+Subject: [PATCH] affs: Fix memory leaks
+
+The node structure reference is being allocated but not freed if it
+reaches the end of the function. If any of the hooks had returned
+a non-zero value, then node would have been copied in to the context
+reference, but otherwise node is not stored and should be freed.
+
+Similarly, the call to grub_affs_create_node() replaces the allocated
+memory in node with a newly allocated structure, leaking the existing
+memory pointed by node.
+
+Finally, when dir->parent is set, then we again replace node with newly
+allocated memory, which seems unnecessary when we copy in the values
+from dir->parent immediately after.
+
+Fixes: CID 73759
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/affs.c | 18 ++++++++----------
+ 1 file changed, 8 insertions(+), 10 deletions(-)
+
+diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
+index 220b371..230e26a 100644
+--- a/grub-core/fs/affs.c
++++ b/grub-core/fs/affs.c
+@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+ {
+   unsigned int i;
+   struct grub_affs_file file;
+-  struct grub_fshelp_node *node = 0;
++  struct grub_fshelp_node *node, *orig_node;
+   struct grub_affs_data *data = dir->data;
+   grub_uint32_t *hashtable;
+ 
+   /* Create the directory entries for `.' and `..'.  */
+-  node = grub_zalloc (sizeof (*node));
++  node = orig_node = grub_zalloc (sizeof (*node));
+   if (!node)
+     return 1;
+     
+@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+     return 1;
+   if (dir->parent)
+     {
+-      node = grub_zalloc (sizeof (*node));
+-      if (!node)
+-	return 1;
+       *node = *dir->parent;
+       if (hook ("..", GRUB_FSHELP_DIR, node, hook_data))
+ 	return 1;
+@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+ 
+ 	  if (grub_affs_create_node (dir, hook, hook_data, &node, &hashtable,
+ 				     next, &file))
+-	    return 1;
++	    {
++	      /* Node has been replaced in function. */
++	      grub_free (orig_node);
++	      return 1;
++	    }
+ 
+ 	  next = grub_be_to_cpu32 (file.next);
+ 	}
+     }
+ 
+-  grub_free (hashtable);
+-  return 0;
+-
+  fail:
+-  grub_free (node);
++  grub_free (orig_node);
+   grub_free (hashtable);
+   return 0;
+ }
+-- 
+2.14.2
+

boot/grub2/0073-libgcrypt-mpi-Fix-possible-unintended-sign-extension.patch

@@ -0,0 +1,50 @@
+From e8814c811132a70f9b55418f7567378a34ad3883 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 3 Nov 2020 16:43:37 +0000
+Subject: [PATCH] libgcrypt/mpi: Fix possible unintended sign extension
+
+The array of unsigned char gets promoted to a signed 32-bit int before
+it is finally promoted to a size_t. There is the possibility that this
+may result in the signed-bit being set for the intermediate signed
+32-bit int. We should ensure that the promotion is to the correct type
+before we bitwise-OR the values.
+
+Fixes: CID 96697
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/lib/libgcrypt-grub/mpi/mpicoder.c | 2 +-
+ grub-core/lib/libgcrypt/mpi/mpicoder.c      | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/lib/libgcrypt-grub/mpi/mpicoder.c b/grub-core/lib/libgcrypt-grub/mpi/mpicoder.c
+index 3d55dfc..faf1cd6 100644
+--- a/grub-core/lib/libgcrypt-grub/mpi/mpicoder.c
++++ b/grub-core/lib/libgcrypt-grub/mpi/mpicoder.c
+@@ -460,7 +460,7 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format,
+       if (len && len < 4)
+         return gcry_error (GPG_ERR_TOO_SHORT);
+ 
+-      n = (s[0] << 24 | s[1] << 16 | s[2] << 8 | s[3]);
++      n = ((size_t)s[0] << 24 | (size_t)s[1] << 16 | (size_t)s[2] << 8 | (size_t)s[3]);
+       s += 4;
+       if (len)
+         len -= 4;
+diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c
+index a3435ed..7ecad27 100644
+--- a/grub-core/lib/libgcrypt/mpi/mpicoder.c
++++ b/grub-core/lib/libgcrypt/mpi/mpicoder.c
+@@ -458,7 +458,7 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format,
+       if (len && len < 4)
+         return gcry_error (GPG_ERR_TOO_SHORT);
+ 
+-      n = (s[0] << 24 | s[1] << 16 | s[2] << 8 | s[3]);
++      n = ((size_t)s[0] << 24 | (size_t)s[1] << 16 | (size_t)s[2] << 8 | (size_t)s[3]);
+       s += 4;
+       if (len)
+         len -= 4;
+-- 
+2.14.2
+

boot/grub2/0074-libgcrypt-mpi-Fix-possible-NULL-dereference.patch

@@ -0,0 +1,49 @@
+From ae0f3fabeba7b393113d5dc185b6aff9b728136d Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 26 Nov 2020 10:41:54 +0000
+Subject: [PATCH] libgcrypt/mpi: Fix possible NULL dereference
+
+The code in gcry_mpi_scan() assumes that buffer is not NULL, but there
+is no explicit check for that, so we add one.
+
+Fixes: CID 73757
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/lib/libgcrypt-grub/mpi/mpicoder.c | 3 +++
+ grub-core/lib/libgcrypt/mpi/mpicoder.c      | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/grub-core/lib/libgcrypt-grub/mpi/mpicoder.c b/grub-core/lib/libgcrypt-grub/mpi/mpicoder.c
+index faf1cd6..e734dcf 100644
+--- a/grub-core/lib/libgcrypt-grub/mpi/mpicoder.c
++++ b/grub-core/lib/libgcrypt-grub/mpi/mpicoder.c
+@@ -381,6 +381,9 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format,
+   unsigned int len;
+   int secure = (buffer && gcry_is_secure (buffer));
+ 
++  if (!buffer)
++    return gcry_error (GPG_ERR_INV_ARG);
++
+   if (format == GCRYMPI_FMT_SSH)
+     len = 0;
+   else
+diff --git a/grub-core/lib/libgcrypt/mpi/mpicoder.c b/grub-core/lib/libgcrypt/mpi/mpicoder.c
+index 7ecad27..6fe3891 100644
+--- a/grub-core/lib/libgcrypt/mpi/mpicoder.c
++++ b/grub-core/lib/libgcrypt/mpi/mpicoder.c
+@@ -379,6 +379,9 @@ gcry_mpi_scan (struct gcry_mpi **ret_mpi, enum gcry_mpi_format format,
+   unsigned int len;
+   int secure = (buffer && gcry_is_secure (buffer));
+ 
++  if (!buffer)
++    return gcry_error (GPG_ERR_INV_ARG);
++
+   if (format == GCRYMPI_FMT_SSH)
+     len = 0;
+   else
+-- 
+2.14.2
+

boot/grub2/0075-syslinux-Fix-memory-leak-while-parsing.patch

@@ -0,0 +1,44 @@
+From 95bc016dba94cab3d398dd74160665915cd08ad6 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 26 Nov 2020 15:31:53 +0000
+Subject: [PATCH] syslinux: Fix memory leak while parsing
+
+In syslinux_parse_real() the 2 points where return is being called
+didn't release the memory stored in buf which is no longer required.
+
+Fixes: CID 176634
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/lib/syslinux_parse.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/lib/syslinux_parse.c b/grub-core/lib/syslinux_parse.c
+index 4afa992..3acc6b4 100644
+--- a/grub-core/lib/syslinux_parse.c
++++ b/grub-core/lib/syslinux_parse.c
+@@ -737,7 +737,10 @@ syslinux_parse_real (struct syslinux_menu *menu)
+ 		  && grub_strncasecmp ("help", ptr3, ptr4 - ptr3) == 0))
+ 	    {
+ 	      if (helptext (ptr5, file, menu))
+-		return 1;
++		{
++		  grub_free (buf);
++		  return 1;
++		}
+ 	      continue;
+ 	    }
+ 
+@@ -757,6 +760,7 @@ syslinux_parse_real (struct syslinux_menu *menu)
+     }
+  fail:
+   grub_file_close (file);
++  grub_free (buf);
+   return err;
+ }
+ 
+-- 
+2.14.2
+

boot/grub2/0076-normal-completion-Fix-leaking-of-memory-when-process.patch

@@ -0,0 +1,53 @@
+From 9213575b7a95b514bce80be5964a28d407d7d56d Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 4 Dec 2020 18:56:48 +0000
+Subject: [PATCH] normal/completion: Fix leaking of memory when processing a
+ completion
+
+It is possible for the code to reach the end of the function without
+freeing the memory allocated to argv and argc still to be 0.
+
+We should always call grub_free(argv). The grub_free() will handle
+a NULL argument correctly if it reaches that code without the memory
+being allocated.
+
+Fixes: CID 96672
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/normal/completion.c | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/grub-core/normal/completion.c b/grub-core/normal/completion.c
+index 5961028..46e473c 100644
+--- a/grub-core/normal/completion.c
++++ b/grub-core/normal/completion.c
+@@ -400,8 +400,8 @@ char *
+ grub_normal_do_completion (char *buf, int *restore,
+ 			   void (*hook) (const char *, grub_completion_type_t, int))
+ {
+-  int argc;
+-  char **argv;
++  int argc = 0;
++  char **argv = NULL;
+ 
+   /* Initialize variables.  */
+   match = 0;
+@@ -516,10 +516,8 @@ grub_normal_do_completion (char *buf, int *restore,
+ 
+  fail:
+   if (argc != 0)
+-    {
+-      grub_free (argv[0]);
+-      grub_free (argv);
+-    }
++    grub_free (argv[0]);
++  grub_free (argv);
+   grub_free (match);
+   grub_errno = GRUB_ERR_NONE;
+ 
+-- 
+2.14.2
+

boot/grub2/0077-commands-hashsum-Fix-a-memory-leak.patch

@@ -0,0 +1,57 @@
+From 8b6f528e52e18b7a69f90b8dc3671d7b1147d9f3 Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Tue, 1 Dec 2020 23:41:24 +0000
+Subject: [PATCH] commands/hashsum: Fix a memory leak
+
+check_list() uses grub_file_getline(), which allocates a buffer.
+If the hash list file contains invalid lines, the function leaks
+this buffer when it returns an error.
+
+Fixes: CID 176635
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/commands/hashsum.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/commands/hashsum.c b/grub-core/commands/hashsum.c
+index 456ba90..b8a22b0 100644
+--- a/grub-core/commands/hashsum.c
++++ b/grub-core/commands/hashsum.c
+@@ -128,11 +128,17 @@ check_list (const gcry_md_spec_t *hash, const char *hashfilename,
+ 	  high = hextoval (*p++);
+ 	  low = hextoval (*p++);
+ 	  if (high < 0 || low < 0)
+-	    return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list");
++	    {
++	      grub_free (buf);
++	      return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list");
++	    }
+ 	  expected[i] = (high << 4) | low;
+ 	}
+       if ((p[0] != ' ' && p[0] != '\t') || (p[1] != ' ' && p[1] != '\t'))
+-	return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list");
++	{
++	  grub_free (buf);
++	  return grub_error (GRUB_ERR_BAD_FILE_TYPE, "invalid hash list");
++	}
+       p += 2;
+       if (prefix)
+ 	{
+@@ -140,7 +146,10 @@ check_list (const gcry_md_spec_t *hash, const char *hashfilename,
+ 	  
+ 	  filename = grub_xasprintf ("%s/%s", prefix, p);
+ 	  if (!filename)
+-	    return grub_errno;
++	    {
++	      grub_free (buf);
++	      return grub_errno;
++	    }
+ 	  file = grub_file_open (filename, GRUB_FILE_TYPE_TO_HASH
+ 				 | (!uncompress ? GRUB_FILE_TYPE_NO_DECOMPRESS
+ 				    : GRUB_FILE_TYPE_NONE));
+-- 
+2.14.2
+

boot/grub2/0079-video-efi_gop-Remove-unnecessary-return-value-of-gru.patch

@@ -0,0 +1,95 @@
+From fc5951d3b1616055ef81a019a5affc09d13344d0 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 8 Dec 2020 21:14:31 +0000
+Subject: [PATCH] video/efi_gop: Remove unnecessary return value of
+ grub_video_gop_fill_mode_info()
+
+The return value of grub_video_gop_fill_mode_info() is never able to be
+anything other than GRUB_ERR_NONE. So, rather than continue to return
+a value and checking it each time, it is more correct to redefine the
+function to not return anything and remove checks of its return value
+altogether.
+
+Fixes: CID 96701
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/video/efi_gop.c | 25 ++++++-------------------
+ 1 file changed, 6 insertions(+), 19 deletions(-)
+
+diff --git a/grub-core/video/efi_gop.c b/grub-core/video/efi_gop.c
+index 7f9d1c2..db2ee98 100644
+--- a/grub-core/video/efi_gop.c
++++ b/grub-core/video/efi_gop.c
+@@ -227,7 +227,7 @@ grub_video_gop_fill_real_mode_info (unsigned mode,
+   return GRUB_ERR_NONE;
+ }
+ 
+-static grub_err_t
++static void
+ grub_video_gop_fill_mode_info (unsigned mode,
+ 			       struct grub_efi_gop_mode_info *in,
+ 			       struct grub_video_mode_info *out)
+@@ -252,8 +252,6 @@ grub_video_gop_fill_mode_info (unsigned mode,
+   out->blit_format = GRUB_VIDEO_BLIT_FORMAT_BGRA_8888;
+   out->mode_type |= (GRUB_VIDEO_MODE_TYPE_DOUBLE_BUFFERED
+ 		     | GRUB_VIDEO_MODE_TYPE_UPDATING_SWAP);
+-
+-  return GRUB_ERR_NONE;
+ }
+ 
+ static int
+@@ -266,7 +264,6 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo
+       grub_efi_uintn_t size;
+       grub_efi_status_t status;
+       struct grub_efi_gop_mode_info *info = NULL;
+-      grub_err_t err;
+       struct grub_video_mode_info mode_info;
+ 	 
+       status = efi_call_4 (gop->query_mode, gop, mode, &size, &info);
+@@ -277,12 +274,7 @@ grub_video_gop_iterate (int (*hook) (const struct grub_video_mode_info *info, vo
+ 	  continue;
+ 	}
+ 
+-      err = grub_video_gop_fill_mode_info (mode, info, &mode_info);
+-      if (err)
+-	{
+-	  grub_errno = GRUB_ERR_NONE;
+-	  continue;
+-	}
++      grub_video_gop_fill_mode_info (mode, info, &mode_info);
+       if (hook (&mode_info, hook_arg))
+ 	return 1;
+     }
+@@ -466,13 +458,8 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
+ 
+   info = gop->mode->info;
+ 
+-  err = grub_video_gop_fill_mode_info (gop->mode->mode, info,
+-				       &framebuffer.mode_info);
+-  if (err)
+-    {
+-      grub_dprintf ("video", "GOP: couldn't fill mode info\n");
+-      return err;
+-    }
++  grub_video_gop_fill_mode_info (gop->mode->mode, info,
++				 &framebuffer.mode_info);
+ 
+   framebuffer.ptr = (void *) (grub_addr_t) gop->mode->fb_base;
+   framebuffer.offscreen
+@@ -486,8 +473,8 @@ grub_video_gop_setup (unsigned int width, unsigned int height,
+     {
+       grub_dprintf ("video", "GOP: couldn't allocate shadow\n");
+       grub_errno = 0;
+-      err = grub_video_gop_fill_mode_info (gop->mode->mode, info,
+-					   &framebuffer.mode_info);
++      grub_video_gop_fill_mode_info (gop->mode->mode, info,
++				     &framebuffer.mode_info);
+       buffer = framebuffer.ptr;
+     }
+     
+-- 
+2.14.2
+

boot/grub2/0080-video-fb-fbfill-Fix-potential-integer-overflow.patch

@@ -0,0 +1,79 @@
+From 7ce3259f67ac2cd93acb0ec0080c24b3b69e66c6 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Wed, 4 Nov 2020 15:10:51 +0000
+Subject: [PATCH] video/fb/fbfill: Fix potential integer overflow
+
+The multiplication of 2 unsigned 32-bit integers may overflow before
+promotion to unsigned 64-bit. We should ensure that the multiplication
+is done with overflow detection. Additionally, use grub_sub() for
+subtraction.
+
+Fixes: CID 73640, CID 73697, CID 73702, CID 73823
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/video/fb/fbfill.c | 17 +++++++++++++----
+ 1 file changed, 13 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/video/fb/fbfill.c b/grub-core/video/fb/fbfill.c
+index 11816d0..a37acd1 100644
+--- a/grub-core/video/fb/fbfill.c
++++ b/grub-core/video/fb/fbfill.c
+@@ -31,6 +31,7 @@
+ #include <grub/fbfill.h>
+ #include <grub/fbutil.h>
+ #include <grub/types.h>
++#include <grub/safemath.h>
+ #include <grub/video.h>
+ 
+ /* Generic filler that works for every supported mode.  */
+@@ -61,7 +62,9 @@ grub_video_fbfill_direct32 (struct grub_video_fbblit_info *dst,
+ 
+   /* Calculate the number of bytes to advance from the end of one line
+      to the beginning of the next line.  */
+-  rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width;
++  if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) ||
++      grub_sub (dst->mode_info->pitch, rowskip, &rowskip))
++    return;
+ 
+   /* Get the start address.  */
+   dstptr = grub_video_fb_get_video_ptr (dst, x, y);
+@@ -98,7 +101,9 @@ grub_video_fbfill_direct24 (struct grub_video_fbblit_info *dst,
+ #endif
+   /* Calculate the number of bytes to advance from the end of one line
+      to the beginning of the next line.  */
+-  rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width;
++  if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) ||
++      grub_sub (dst->mode_info->pitch, rowskip, &rowskip))
++    return;
+ 
+   /* Get the start address.  */
+   dstptr = grub_video_fb_get_video_ptr (dst, x, y);
+@@ -131,7 +136,9 @@ grub_video_fbfill_direct16 (struct grub_video_fbblit_info *dst,
+ 
+   /* Calculate the number of bytes to advance from the end of one line
+      to the beginning of the next line.  */
+-  rowskip = (dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width);
++  if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) ||
++      grub_sub (dst->mode_info->pitch, rowskip, &rowskip))
++    return;
+ 
+   /* Get the start address.  */
+   dstptr = grub_video_fb_get_video_ptr (dst, x, y);
+@@ -161,7 +168,9 @@ grub_video_fbfill_direct8 (struct grub_video_fbblit_info *dst,
+ 
+   /* Calculate the number of bytes to advance from the end of one line
+      to the beginning of the next line.  */
+-  rowskip = dst->mode_info->pitch - dst->mode_info->bytes_per_pixel * width;
++  if (grub_mul (dst->mode_info->bytes_per_pixel, width, &rowskip) ||
++      grub_sub (dst->mode_info->pitch, rowskip, &rowskip))
++    return;
+ 
+   /* Get the start address.  */
+   dstptr = grub_video_fb_get_video_ptr (dst, x, y);
+-- 
+2.14.2
+

boot/grub2/0081-video-fb-video_fb-Fix-multiple-integer-overflows.patch

@@ -0,0 +1,105 @@
+From 08e098b1dbf01e96376f594b337491bc4cfa48dd Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Wed, 4 Nov 2020 14:43:44 +0000
+Subject: [PATCH] video/fb/video_fb: Fix multiple integer overflows
+
+The calculation of the unsigned 64-bit value is being generated by
+multiplying 2, signed or unsigned, 32-bit integers which may overflow
+before promotion to unsigned 64-bit. Fix all of them.
+
+Fixes: CID 73703, CID 73767, CID 73833
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/video/fb/video_fb.c | 52 ++++++++++++++++++++++++++++++-------------
+ 1 file changed, 36 insertions(+), 16 deletions(-)
+
+diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c
+index 1a602c8..1c9a138 100644
+--- a/grub-core/video/fb/video_fb.c
++++ b/grub-core/video/fb/video_fb.c
+@@ -25,6 +25,7 @@
+ #include <grub/fbutil.h>
+ #include <grub/bitmap.h>
+ #include <grub/dl.h>
++#include <grub/safemath.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1417,15 +1418,23 @@ doublebuf_blit_update_screen (void)
+ {
+   if (framebuffer.current_dirty.first_line
+       <= framebuffer.current_dirty.last_line)
+-    grub_memcpy ((char *) framebuffer.pages[0]
+-		 + framebuffer.current_dirty.first_line
+-		 * framebuffer.back_target->mode_info.pitch,
+-		 (char *) framebuffer.back_target->data
+-		 + framebuffer.current_dirty.first_line
+-		 * framebuffer.back_target->mode_info.pitch,
+-		 framebuffer.back_target->mode_info.pitch
+-		 * (framebuffer.current_dirty.last_line
+-		    - framebuffer.current_dirty.first_line));
++    {
++      grub_size_t copy_size;
++
++      if (grub_sub (framebuffer.current_dirty.last_line,
++		    framebuffer.current_dirty.first_line, &copy_size) ||
++	  grub_mul (framebuffer.back_target->mode_info.pitch, copy_size, &copy_size))
++	{
++	  /* Shouldn't happen, but if it does we've a bug. */
++	  return GRUB_ERR_BUG;
++	}
++
++      grub_memcpy ((char *) framebuffer.pages[0] + framebuffer.current_dirty.first_line *
++		   framebuffer.back_target->mode_info.pitch,
++		   (char *) framebuffer.back_target->data + framebuffer.current_dirty.first_line *
++		   framebuffer.back_target->mode_info.pitch,
++		   copy_size);
++    }
+   framebuffer.current_dirty.first_line
+     = framebuffer.back_target->mode_info.height;
+   framebuffer.current_dirty.last_line = 0;
+@@ -1439,7 +1448,7 @@ grub_video_fb_doublebuf_blit_init (struct grub_video_fbrender_target **back,
+ 				   volatile void *framebuf)
+ {
+   grub_err_t err;
+-  grub_size_t page_size = mode_info.pitch * mode_info.height;
++  grub_size_t page_size = (grub_size_t) mode_info.pitch * mode_info.height;
+ 
+   framebuffer.offscreen_buffer = grub_zalloc (page_size);
+   if (! framebuffer.offscreen_buffer)
+@@ -1482,12 +1491,23 @@ doublebuf_pageflipping_update_screen (void)
+     last_line = framebuffer.previous_dirty.last_line;
+ 
+   if (first_line <= last_line)
+-    grub_memcpy ((char *) framebuffer.pages[framebuffer.render_page]
+-		 + first_line * framebuffer.back_target->mode_info.pitch,
+-		 (char *) framebuffer.back_target->data
+-		 + first_line * framebuffer.back_target->mode_info.pitch,
+-		 framebuffer.back_target->mode_info.pitch
+-		 * (last_line - first_line));
++    {
++      grub_size_t copy_size;
++
++      if (grub_sub (last_line, first_line, &copy_size) ||
++	  grub_mul (framebuffer.back_target->mode_info.pitch, copy_size, &copy_size))
++	{
++	  /* Shouldn't happen, but if it does we've a bug. */
++	  return GRUB_ERR_BUG;
++	}
++
++      grub_memcpy ((char *) framebuffer.pages[framebuffer.render_page] + first_line *
++		   framebuffer.back_target->mode_info.pitch,
++		   (char *) framebuffer.back_target->data + first_line *
++		   framebuffer.back_target->mode_info.pitch,
++		   copy_size);
++    }
++
+   framebuffer.previous_dirty = framebuffer.current_dirty;
+   framebuffer.current_dirty.first_line
+     = framebuffer.back_target->mode_info.height;
+-- 
+2.14.2
+

boot/grub2/0082-video-fb-video_fb-Fix-possible-integer-overflow.patch

@@ -0,0 +1,40 @@
+From 08413f2f4edec0e2d9bf15f836f6ee5ca2e379cb Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 4 Dec 2020 14:51:30 +0000
+Subject: [PATCH] video/fb/video_fb: Fix possible integer overflow
+
+It is minimal possibility that the values being used here will overflow.
+So, change the code to use the safemath function grub_mul() to ensure
+that doesn't happen.
+
+Fixes: CID 73761
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/video/fb/video_fb.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/video/fb/video_fb.c b/grub-core/video/fb/video_fb.c
+index 1c9a138..ae6b89f 100644
+--- a/grub-core/video/fb/video_fb.c
++++ b/grub-core/video/fb/video_fb.c
+@@ -1537,7 +1537,13 @@ doublebuf_pageflipping_init (struct grub_video_mode_info *mode_info,
+ 			     volatile void *page1_ptr)
+ {
+   grub_err_t err;
+-  grub_size_t page_size = mode_info->pitch * mode_info->height;
++  grub_size_t page_size = 0;
++
++  if (grub_mul (mode_info->pitch, mode_info->height, &page_size))
++    {
++      /* Shouldn't happen, but if it does we've a bug. */
++      return GRUB_ERR_BUG;
++    }
+ 
+   framebuffer.offscreen_buffer = grub_malloc (page_size);
+   if (! framebuffer.offscreen_buffer)
+-- 
+2.14.2
+

boot/grub2/0083-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch

@@ -0,0 +1,39 @@
+From 5f5eb7ca8e971227e95745abe541df3e1509360e Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 4 Dec 2020 15:39:00 +0000
+Subject: [PATCH] video/readers/jpeg: Test for an invalid next marker reference
+ from a jpeg file
+
+While it may never happen, and potentially could be caught at the end of
+the function, it is worth checking up front for a bad reference to the
+next marker just in case of a maliciously crafted file being provided.
+
+Fixes: CID 73694
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/video/readers/jpeg.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
+index 31359a4..0b6ce3c 100644
+--- a/grub-core/video/readers/jpeg.c
++++ b/grub-core/video/readers/jpeg.c
+@@ -253,6 +253,12 @@ grub_jpeg_decode_quan_table (struct grub_jpeg_data *data)
+   next_marker = data->file->offset;
+   next_marker += grub_jpeg_get_word (data);
+ 
++  if (next_marker > data->file->size)
++    {
++      /* Should never be set beyond the size of the file. */
++      return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid next reference");
++    }
++
+   while (data->file->offset + sizeof (data->quan_table[id]) + 1
+ 	 <= next_marker)
+     {
+-- 
+2.14.2
+

boot/grub2/0084-gfxmenu-gui_list-Remove-code-that-coverity-is-flaggi.patch

@@ -0,0 +1,35 @@
+From 4a1aa5917595650efbd46b581368c470ebee42ab Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Mon, 7 Dec 2020 14:44:47 +0000
+Subject: [PATCH] gfxmenu/gui_list: Remove code that coverity is flagging as
+ dead
+
+The test of value for NULL before calling grub_strdup() is not required,
+since the if condition prior to this has already tested for value being
+NULL and cannot reach this code if it is.
+
+Fixes: CID 73659
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/gfxmenu/gui_list.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/gfxmenu/gui_list.c b/grub-core/gfxmenu/gui_list.c
+index 01477cd..df334a6 100644
+--- a/grub-core/gfxmenu/gui_list.c
++++ b/grub-core/gfxmenu/gui_list.c
+@@ -771,7 +771,7 @@ list_set_property (void *vself, const char *name, const char *value)
+         {
+           self->need_to_recreate_boxes = 1;
+           grub_free (self->selected_item_box_pattern);
+-          self->selected_item_box_pattern = value ? grub_strdup (value) : 0;
++          self->selected_item_box_pattern = grub_strdup (value);
+           self->selected_item_box_pattern_inherit = 0;
+         }
+     }
+-- 
+2.14.2
+

boot/grub2/0085-loader-bsd-Check-for-NULL-arg-up-front.patch

@@ -0,0 +1,48 @@
+From 5d5391b0a05abe76e04c1eb68dcc6cbef5326c4a Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Tue, 8 Dec 2020 21:47:13 +0000
+Subject: [PATCH] loader/bsd: Check for NULL arg up-front
+
+The code in the next block suggests that it is possible for .set to be
+true but .arg may still be NULL.
+
+This code assumes that it is never NULL, yet later is testing if it is
+NULL - that is inconsistent.
+
+So we should check first if .arg is not NULL, and remove this check that
+is being flagged by Coverity since it is no longer required.
+
+Fixes: CID 292471
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/loader/i386/bsd.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/loader/i386/bsd.c b/grub-core/loader/i386/bsd.c
+index b92cbe9..8432283 100644
+--- a/grub-core/loader/i386/bsd.c
++++ b/grub-core/loader/i386/bsd.c
+@@ -1605,7 +1605,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, char *argv[])
+   kernel_type = KERNEL_TYPE_OPENBSD;
+   bootflags = grub_bsd_parse_flags (ctxt->state, openbsd_flags);
+ 
+-  if (ctxt->state[OPENBSD_ROOT_ARG].set)
++  if (ctxt->state[OPENBSD_ROOT_ARG].set && ctxt->state[OPENBSD_ROOT_ARG].arg != NULL)
+     {
+       const char *arg = ctxt->state[OPENBSD_ROOT_ARG].arg;
+       unsigned type, unit, part;
+@@ -1622,7 +1622,7 @@ grub_cmd_openbsd (grub_extcmd_context_t ctxt, int argc, char *argv[])
+ 			   "unknown disk type name");
+ 
+       unit = grub_strtoul (arg, (char **) &arg, 10);
+-      if (! (arg && *arg >= 'a' && *arg <= 'z'))
++      if (! (*arg >= 'a' && *arg <= 'z'))
+ 	return grub_error (GRUB_ERR_BAD_ARGUMENT,
+ 			   "only device specifications of form "
+ 			   "<type><number><lowercase letter> are supported");
+-- 
+2.14.2
+

boot/grub2/0086-loader-xnu-Fix-memory-leak.patch

@@ -0,0 +1,39 @@
+From bcb59ece3263d118510c4440c4da0950f224bb7f Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 26 Nov 2020 12:53:10 +0000
+Subject: [PATCH] loader/xnu: Fix memory leak
+
+The code here is finished with the memory stored in name, but it only
+frees it if there curvalue is valid, while it could actually free it
+regardless.
+
+The fix is a simple relocation of the grub_free() to before the test
+of curvalue.
+
+Fixes: CID 96646
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/loader/xnu.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
+index 44fd5a9..eb14462 100644
+--- a/grub-core/loader/xnu.c
++++ b/grub-core/loader/xnu.c
+@@ -1391,9 +1391,9 @@ grub_xnu_fill_devicetree (void)
+     name[len] = 0;
+ 
+     curvalue = grub_xnu_create_value (curkey, name);
++    grub_free (name);
+     if (!curvalue)
+       return grub_errno;
+-    grub_free (name);
+    
+     data = grub_malloc (grub_strlen (var->value) + 1);
+     if (!data)
+-- 
+2.14.2
+

boot/grub2/0087-loader-xnu-Free-driverkey-data-when-an-error-is-dete.patch

@@ -0,0 +1,78 @@
+From 4b4027b6b1c877d7ab467896b04c7bd1aadcfa15 Mon Sep 17 00:00:00 2001
+From: Marco A Benatto <mbenatto@redhat.com>
+Date: Mon, 30 Nov 2020 12:18:24 -0300
+Subject: [PATCH] loader/xnu: Free driverkey data when an error is detected in
+ grub_xnu_writetree_toheap()
+
+... to avoid memory leaks.
+
+Fixes: CID 96640
+
+Signed-off-by: Marco A Benatto <mbenatto@redhat.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/loader/xnu.c | 24 ++++++++++++++++++++----
+ 1 file changed, 20 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
+index eb14462..1a590db 100644
+--- a/grub-core/loader/xnu.c
++++ b/grub-core/loader/xnu.c
+@@ -227,26 +227,33 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size)
+   if (! memorymap)
+     return grub_errno;
+ 
+-  driverkey = (struct grub_xnu_devtree_key *) grub_malloc (sizeof (*driverkey));
++  driverkey = (struct grub_xnu_devtree_key *) grub_zalloc (sizeof (*driverkey));
+   if (! driverkey)
+     return grub_errno;
+   driverkey->name = grub_strdup ("DeviceTree");
+   if (! driverkey->name)
+-    return grub_errno;
++    {
++      err = grub_errno;
++      goto fail;
++    }
++
+   driverkey->datasize = sizeof (*extdesc);
+   driverkey->next = memorymap->first_child;
+   memorymap->first_child = driverkey;
+   driverkey->data = extdesc
+     = (struct grub_xnu_extdesc *) grub_malloc (sizeof (*extdesc));
+   if (! driverkey->data)
+-    return grub_errno;
++    {
++      err = grub_errno;
++      goto fail;
++    }
+ 
+   /* Allocate the space based on the size with dummy value. */
+   *size = grub_xnu_writetree_get_size (grub_xnu_devtree_root, "/");
+   err = grub_xnu_heap_malloc (ALIGN_UP (*size + 1, GRUB_XNU_PAGESIZE),
+ 			      &src, target);
+   if (err)
+-    return err;
++    goto fail;
+ 
+   /* Put real data in the dummy. */
+   extdesc->addr = *target;
+@@ -255,6 +262,15 @@ grub_xnu_writetree_toheap (grub_addr_t *target, grub_size_t *size)
+   /* Write the tree to heap. */
+   grub_xnu_writetree_toheap_real (src, grub_xnu_devtree_root, "/");
+   return GRUB_ERR_NONE;
++
++ fail:
++  memorymap->first_child = NULL;
++
++  grub_free (driverkey->data);
++  grub_free (driverkey->name);
++  grub_free (driverkey);
++
++  return err;
+ }
+ 
+ /* Find a key or value in parent key. */
+-- 
+2.14.2
+

boot/grub2/0088-loader-xnu-Check-if-pointer-is-NULL-before-using-it.patch

@@ -0,0 +1,43 @@
+From 7c8a2b5d1421a0f2a33d33531f7561f3da93b844 Mon Sep 17 00:00:00 2001
+From: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
+Date: Mon, 30 Nov 2020 10:36:00 -0300
+Subject: [PATCH] loader/xnu: Check if pointer is NULL before using it
+
+Fixes: CID 73654
+
+Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/loader/xnu.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
+index 1a590db..1c0cf6a 100644
+--- a/grub-core/loader/xnu.c
++++ b/grub-core/loader/xnu.c
+@@ -670,6 +670,9 @@ grub_xnu_load_driver (char *infoplistname, grub_file_t binaryfile,
+   char *name, *nameend;
+   int namelen;
+ 
++  if (infoplistname == NULL)
++    return grub_error (GRUB_ERR_BAD_FILENAME, N_("missing p-list filename"));
++
+   name = get_name_ptr (infoplistname);
+   nameend = grub_strchr (name, '/');
+ 
+@@ -701,10 +704,7 @@ grub_xnu_load_driver (char *infoplistname, grub_file_t binaryfile,
+   else
+     macho = 0;
+ 
+-  if (infoplistname)
+-    infoplist = grub_file_open (infoplistname, GRUB_FILE_TYPE_XNU_INFO_PLIST);
+-  else
+-    infoplist = 0;
++  infoplist = grub_file_open (infoplistname, GRUB_FILE_TYPE_XNU_INFO_PLIST);
+   grub_errno = GRUB_ERR_NONE;
+   if (infoplist)
+     {
+-- 
+2.14.2
+

boot/grub2/0089-util-grub-install-Fix-NULL-pointer-dereferences.patch

@@ -0,0 +1,42 @@
+From 8b3a95655b4391122e7b0315d8cc6f876caf8183 Mon Sep 17 00:00:00 2001
+From: Daniel Kiper <daniel.kiper@oracle.com>
+Date: Thu, 25 Feb 2021 18:35:01 +0100
+Subject: [PATCH] util/grub-install: Fix NULL pointer dereferences
+
+Two grub_device_open() calls does not have associated NULL checks
+for returned values. Fix that and appease the Coverity.
+
+Fixes: CID 314583
+
+Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
+Reviewed-by: Javier Martinez Canillas <javierm@redhat.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ util/grub-install.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/util/grub-install.c b/util/grub-install.c
+index a82725f..367350f 100644
+--- a/util/grub-install.c
++++ b/util/grub-install.c
+@@ -1775,6 +1775,8 @@ main (int argc, char *argv[])
+ 	  fill_core_services (core_services);
+ 
+ 	  ins_dev = grub_device_open (install_drive);
++	  if (ins_dev == NULL)
++	    grub_util_error ("%s", grub_errmsg);
+ 
+ 	  bless (ins_dev, core_services, 0);
+ 
+@@ -1875,6 +1877,8 @@ main (int argc, char *argv[])
+ 	  fill_core_services(core_services);
+ 
+ 	  ins_dev = grub_device_open (install_drive);
++	  if (ins_dev == NULL)
++	    grub_util_error ("%s", grub_errmsg);
+ 
+ 	  bless (ins_dev, boot_efi, 1);
+ 	  if (!removable && update_nvram)
+-- 
+2.14.2
+

boot/grub2/0090-util-grub-editenv-Fix-incorrect-casting-of-a-signed-.patch

@@ -0,0 +1,47 @@
+From 5dc41edc4eba259c6043ae7698c245ec1baaacc6 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 5 Nov 2020 14:33:50 +0000
+Subject: [PATCH] util/grub-editenv: Fix incorrect casting of a signed value
+
+The return value of ftell() may be negative (-1) on error. While it is
+probably unlikely to occur, we should not blindly cast to an unsigned
+value without first testing that it is not negative.
+
+Fixes: CID 73856
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ util/grub-editenv.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/util/grub-editenv.c b/util/grub-editenv.c
+index f3662c9..db6f187 100644
+--- a/util/grub-editenv.c
++++ b/util/grub-editenv.c
+@@ -125,6 +125,7 @@ open_envblk_file (const char *name)
+ {
+   FILE *fp;
+   char *buf;
++  long loc;
+   size_t size;
+   grub_envblk_t envblk;
+ 
+@@ -143,7 +144,12 @@ open_envblk_file (const char *name)
+     grub_util_error (_("cannot seek `%s': %s"), name,
+ 		     strerror (errno));
+ 
+-  size = (size_t) ftell (fp);
++  loc = ftell (fp);
++  if (loc < 0)
++    grub_util_error (_("cannot get file location `%s': %s"), name,
++		     strerror (errno));
++
++  size = (size_t) loc;
+ 
+   if (fseek (fp, 0, SEEK_SET) < 0)
+     grub_util_error (_("cannot seek `%s': %s"), name,
+-- 
+2.14.2
+

boot/grub2/0091-util-glue-efi-Fix-incorrect-use-of-a-possibly-negati.patch

@@ -0,0 +1,51 @@
+From 1641d74e16f9d1ca35ba1a87ee4a0bf3afa48e72 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 4 Dec 2020 15:04:28 +0000
+Subject: [PATCH] util/glue-efi: Fix incorrect use of a possibly negative value
+
+It is possible for the ftell() function to return a negative value,
+although it is fairly unlikely here, we should be checking for
+a negative value before we assign it to an unsigned value.
+
+Fixes: CID 73744
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ util/glue-efi.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/util/glue-efi.c b/util/glue-efi.c
+index 68f5316..de0fa6d 100644
+--- a/util/glue-efi.c
++++ b/util/glue-efi.c
+@@ -39,13 +39,23 @@ write_fat (FILE *in32, FILE *in64, FILE *out, const char *out_filename,
+   struct grub_macho_fat_header head;
+   struct grub_macho_fat_arch arch32, arch64;
+   grub_uint32_t size32, size64;
++  long size;
+   char *buf;
+ 
+   fseek (in32, 0, SEEK_END);
+-  size32 = ftell (in32);
++  size = ftell (in32);
++  if (size < 0)
++    grub_util_error ("cannot get end of input file '%s': %s",
++		     name32, strerror (errno));
++  size32 = (grub_uint32_t) size;
+   fseek (in32, 0, SEEK_SET);
++
+   fseek (in64, 0, SEEK_END);
+-  size64 = ftell (in64);
++  size = ftell (in64);
++  if (size < 0)
++    grub_util_error ("cannot get end of input file '%s': %s",
++		     name64, strerror (errno));
++  size64 = (grub_uint64_t) size;
+   fseek (in64, 0, SEEK_SET);
+ 
+   head.magic = grub_cpu_to_le32_compile_time (GRUB_MACHO_FAT_EFI_MAGIC);
+-- 
+2.14.2
+

boot/grub2/0092-script-execute-Fix-NULL-dereference-in-grub_script_e.patch

@@ -0,0 +1,29 @@
+From 41ae93b2e6c75453514629bcfe684300e3aec0ce Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 3 Apr 2020 23:05:13 +1100
+Subject: [PATCH] script/execute: Fix NULL dereference in
+ grub_script_execute_cmdline()
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/script/execute.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index 7e028e1..5ea2aef 100644
+--- a/grub-core/script/execute.c
++++ b/grub-core/script/execute.c
+@@ -940,7 +940,7 @@ grub_script_execute_cmdline (struct grub_script_cmd *cmd)
+   struct grub_script_argv argv = { 0, 0, 0 };
+ 
+   /* Lookup the command.  */
+-  if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args[0])
++  if (grub_script_arglist_to_argv (cmdline->arglist, &argv) || ! argv.args || ! argv.args[0])
+     return grub_errno;
+ 
+   for (i = 0; i < argv.argc; i++)
+-- 
+2.14.2
+

boot/grub2/0093-commands-ls-Require-device_name-is-not-NULL-before-p.patch

@@ -0,0 +1,34 @@
+From 6afbe6063c95b827372f9ec310c9fc7461311eb1 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 11 Jan 2021 16:57:37 +1100
+Subject: [PATCH] commands/ls: Require device_name is not NULL before printing
+
+This can be triggered with:
+  ls -l (0 0*)
+and causes a NULL deref in grub_normal_print_device_info().
+
+I'm not sure if there's any implication with the IEEE 1275 platform.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/commands/ls.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/commands/ls.c b/grub-core/commands/ls.c
+index 5b7491a..326d2d6 100644
+--- a/grub-core/commands/ls.c
++++ b/grub-core/commands/ls.c
+@@ -196,7 +196,7 @@ grub_ls_list_files (char *dirname, int longlist, int all, int human)
+       goto fail;
+     }
+ 
+-  if (! *path)
++  if (! *path && device_name)
+     {
+       if (grub_errno == GRUB_ERR_UNKNOWN_FS)
+ 	grub_errno = GRUB_ERR_NONE;
+-- 
+2.14.2
+

boot/grub2/0094-script-execute-Avoid-crash-when-using-outside-a-func.patch

@@ -0,0 +1,38 @@
+From fe0586347ee46f927ae27bb9673532da9f5dead5 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 11 Jan 2021 17:30:42 +1100
+Subject: [PATCH] script/execute: Avoid crash when using "$#" outside a
+ function scope
+
+"$#" represents the number of arguments to a function. It is only
+defined in a function scope, where "scope" is non-NULL. Currently,
+if we attempt to evaluate "$#" outside a function scope, "scope" will
+be NULL and we will crash with a NULL pointer dereference.
+
+Do not attempt to count arguments for "$#" if "scope" is NULL. This
+will result in "$#" being interpreted as an empty string if evaluated
+outside a function scope.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/script/execute.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index 5ea2aef..23d34bd 100644
+--- a/grub-core/script/execute.c
++++ b/grub-core/script/execute.c
+@@ -485,7 +485,7 @@ gettext_putvar (const char *str, grub_size_t len,
+     return 0;
+ 
+   /* Enough for any number.  */
+-  if (len == 1 && str[0] == '#')
++  if (len == 1 && str[0] == '#' && scope != NULL)
+     {
+       grub_snprintf (*ptr, 30, "%u", scope->argv.argc);
+       *ptr += grub_strlen (*ptr);
+-- 
+2.14.2
+

boot/grub2/0095-lib-arg-Block-repeated-short-options-that-require-an.patch

@@ -0,0 +1,56 @@
+From 2a330dba93ff11bc00eda76e9419bc52b0c7ead6 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 22 Jan 2021 16:07:29 +1100
+Subject: [PATCH] lib/arg: Block repeated short options that require an
+ argument
+
+Fuzzing found the following crash:
+
+  search -hhhhhhhhhhhhhf
+
+We didn't allocate enough option space for 13 hints because the
+allocation code counts the number of discrete arguments (i.e. argc).
+However, the shortopt parsing code will happily keep processing
+a combination of short options without checking if those short
+options require an argument. This means you can easily end writing
+past the allocated option space.
+
+This fixes a OOB write which can cause heap corruption.
+
+Fixes: CVE-2021-20225
+
+Reported-by: Daniel Axtens <dja@axtens.net>
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/lib/arg.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/grub-core/lib/arg.c b/grub-core/lib/arg.c
+index 3288609..537c5e9 100644
+--- a/grub-core/lib/arg.c
++++ b/grub-core/lib/arg.c
+@@ -299,6 +299,19 @@ grub_arg_parse (grub_extcmd_t cmd, int argc, char **argv,
+ 		 it can have an argument value.  */
+ 	      if (*curshort)
+ 		{
++		  /*
++		   * Only permit further short opts if this one doesn't
++		   * require a value.
++		   */
++		  if (opt->type != ARG_TYPE_NONE &&
++		      !(opt->flags & GRUB_ARG_OPTION_OPTIONAL))
++		    {
++		      grub_error (GRUB_ERR_BAD_ARGUMENT,
++				  N_("missing mandatory option for `%s'"),
++				  opt->longarg);
++		      goto fail;
++		    }
++
+ 		  if (parse_option (cmd, opt, 0, usr) || grub_errno)
+ 		    goto fail;
+ 		}
+-- 
+2.14.2
+

boot/grub2/0096-script-execute-Don-t-crash-on-a-for-loop-with-no-ite.patch

@@ -0,0 +1,40 @@
+From 0a05f88e2bb33ed2a0cfd93f481f471efb7791aa Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 22 Jan 2021 16:18:26 +1100
+Subject: [PATCH] script/execute: Don't crash on a "for" loop with no items
+
+The following crashes the parser:
+
+  for x in; do
+  0
+  done
+
+This is because grub_script_arglist_to_argv() doesn't consider the
+possibility that arglist is NULL. Catch that explicitly.
+
+This avoids a NULL pointer dereference.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/script/execute.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/grub-core/script/execute.c b/grub-core/script/execute.c
+index 23d34bd..31dac25 100644
+--- a/grub-core/script/execute.c
++++ b/grub-core/script/execute.c
+@@ -624,6 +624,9 @@ grub_script_arglist_to_argv (struct grub_script_arglist *arglist,
+   struct grub_script_arg *arg = 0;
+   struct grub_script_argv result = { 0, 0, 0 };
+ 
++  if (arglist == NULL)
++    return 1;
++
+   for (; arglist && arglist->arg; arglist = arglist->next)
+     {
+       if (grub_script_argv_next (&result))
+-- 
+2.14.2
+

boot/grub2/0097-commands-menuentry-Fix-quoting-in-setparams_prefix.patch

@@ -0,0 +1,48 @@
+From 2f533a89a8dfcacbf2c9dbc77d910f111f24bf33 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 22 Jan 2021 17:10:48 +1100
+Subject: [PATCH] commands/menuentry: Fix quoting in setparams_prefix()
+
+Commit 9acdcbf32542 (use single quotes in menuentry setparams command)
+says that expressing a quoted single quote will require 3 characters. It
+actually requires (and always did require!) 4 characters:
+
+  str: a'b => a'\''b
+  len:  3  => 6 (2 for the letters + 4 for the quote)
+
+This leads to not allocating enough memory and thus out of bounds writes
+that have been observed to cause heap corruption.
+
+Allocate 4 bytes for each single quote.
+
+Commit 22e7dbb2bb81 (Fix quoting in legacy parser.) does the same
+quoting, but it adds 3 as extra overhead on top of the single byte that
+the quote already needs. So it's correct.
+
+Fixes: 9acdcbf32542 (use single quotes in menuentry setparams command)
+Fixes: CVE-2021-20233
+
+Reported-by: Daniel Axtens <dja@axtens.net>
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/commands/menuentry.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
+index 9164df7..720e6d8 100644
+--- a/grub-core/commands/menuentry.c
++++ b/grub-core/commands/menuentry.c
+@@ -230,7 +230,7 @@ setparams_prefix (int argc, char **args)
+       len += 3; /* 3 = 1 space + 2 quotes */
+       p = args[i];
+       while (*p)
+-	len += (*p++ == '\'' ? 3 : 1);
++	len += (*p++ == '\'' ? 4 : 1);
+     }
+ 
+   result = grub_malloc (len + 2);
+-- 
+2.14.2
+

boot/grub2/0098-kern-misc-Always-set-end-in-grub_strtoull.patch

@@ -0,0 +1,47 @@
+From f41f0af48ab7f7c135aac17ac862c30bde0bbab7 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Wed, 13 Jan 2021 22:19:01 +1100
+Subject: [PATCH] kern/misc: Always set *end in grub_strtoull()
+
+Currently, if there is an error in grub_strtoull(), *end is not set.
+This differs from the usual behavior of strtoull(), and also means that
+some callers may use an uninitialized value for *end.
+
+Set *end unconditionally.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/kern/misc.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/grub-core/kern/misc.c b/grub-core/kern/misc.c
+index a7abd36..b02693b 100644
+--- a/grub-core/kern/misc.c
++++ b/grub-core/kern/misc.c
+@@ -406,6 +406,10 @@ grub_strtoull (const char *str, char **end, int base)
+ 	{
+ 	  grub_error (GRUB_ERR_OUT_OF_RANGE,
+ 		      N_("overflow is detected"));
++
++          if (end)
++            *end = (char *) str;
++
+ 	  return ~0ULL;
+ 	}
+ 
+@@ -417,6 +421,10 @@ grub_strtoull (const char *str, char **end, int base)
+     {
+       grub_error (GRUB_ERR_BAD_NUMBER,
+ 		  N_("unrecognized number"));
++
++      if (end)
++        *end = (char *) str;
++
+       return 0;
+     }
+ 
+-- 
+2.14.2
+

boot/grub2/0099-video-readers-jpeg-Catch-files-with-unsupported-quan.patch

@@ -0,0 +1,53 @@
+From 693989598fd38c3c0b2a928f4f64865b5681762f Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 15 Jan 2021 12:57:04 +1100
+Subject: [PATCH] video/readers/jpeg: Catch files with unsupported quantization
+ or Huffman tables
+
+Our decoder only supports 2 quantization tables. If a file asks for
+a quantization table with index > 1, reject it.
+
+Similarly, our decoder only supports 4 Huffman tables. If a file asks
+for a Huffman table with index > 3, reject it.
+
+This fixes some out of bounds reads. It's not clear what degree of control
+over subsequent execution could be gained by someone who can carefully
+set up the contents of memory before loading an invalid JPEG file.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/video/readers/jpeg.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
+index 0b6ce3c..23f919a 100644
+--- a/grub-core/video/readers/jpeg.c
++++ b/grub-core/video/readers/jpeg.c
+@@ -333,7 +333,11 @@ grub_jpeg_decode_sof (struct grub_jpeg_data *data)
+       else if (ss != JPEG_SAMPLING_1x1)
+ 	return grub_error (GRUB_ERR_BAD_FILE_TYPE,
+ 			   "jpeg: sampling method not supported");
++
+       data->comp_index[id][0] = grub_jpeg_get_byte (data);
++      if (data->comp_index[id][0] > 1)
++	return grub_error (GRUB_ERR_BAD_FILE_TYPE,
++			   "jpeg: too many quantization tables");
+     }
+ 
+   if (data->file->offset != next_marker)
+@@ -602,6 +606,10 @@ grub_jpeg_decode_sos (struct grub_jpeg_data *data)
+       ht = grub_jpeg_get_byte (data);
+       data->comp_index[id][1] = (ht >> 4);
+       data->comp_index[id][2] = (ht & 0xF) + 2;
++
++      if ((data->comp_index[id][1] < 0) || (data->comp_index[id][1] > 3) ||
++	  (data->comp_index[id][2] < 0) || (data->comp_index[id][2] > 3))
++	return grub_error (GRUB_ERR_BAD_FILE_TYPE, "jpeg: invalid hufftable index");
+     }
+ 
+   grub_jpeg_get_byte (data);	/* Skip 3 unused bytes.  */
+-- 
+2.14.2
+

boot/grub2/0100-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch

@@ -0,0 +1,48 @@
+From 34b85a6e07014383ddcad09f99ff239ad752dd1a Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 15 Jan 2021 13:29:53 +1100
+Subject: [PATCH] video/readers/jpeg: Catch OOB reads/writes in
+ grub_jpeg_decode_du()
+
+The key line is:
+
+  du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos];
+
+jpeg_zigzag_order is grub_uint8_t[64].
+
+I don't understand JPEG decoders quite well enough to explain what's
+going on here. However, I observe sometimes pos=64, which leads to an
+OOB read of the jpeg_zigzag_order global then an OOB write to du.
+That leads to various unpleasant memory corruption conditions.
+
+Catch where pos >= ARRAY_SIZE(jpeg_zigzag_order) and bail.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/video/readers/jpeg.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
+index 23f919a..e514812 100644
+--- a/grub-core/video/readers/jpeg.c
++++ b/grub-core/video/readers/jpeg.c
+@@ -526,6 +526,14 @@ grub_jpeg_decode_du (struct grub_jpeg_data *data, int id, jpeg_data_unit_t du)
+       val = grub_jpeg_get_number (data, num & 0xF);
+       num >>= 4;
+       pos += num;
++
++      if (pos >= ARRAY_SIZE (jpeg_zigzag_order))
++	{
++	  grub_error (GRUB_ERR_BAD_FILE_TYPE,
++		      "jpeg: invalid position in zigzag order!?");
++	  return;
++	}
++
+       du[jpeg_zigzag_order[pos]] = val * (int) data->quan_table[qt][pos];
+       pos++;
+     }
+-- 
+2.14.2
+

boot/grub2/0101-video-readers-jpeg-Don-t-decode-data-before-start-of.patch

@@ -0,0 +1,40 @@
+From 8338a8238f08d9f3ae4c2ddfff0603eff80af9e2 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 15 Jan 2021 14:06:46 +1100
+Subject: [PATCH] video/readers/jpeg: Don't decode data before start of stream
+
+When a start of stream marker is encountered, we call grub_jpeg_decode_sos()
+which allocates space for a bitmap.
+
+When a restart marker is encountered, we call grub_jpeg_decode_data() which
+then fills in that bitmap.
+
+If we get a restart marker before the start of stream marker, we will
+attempt to write to a bitmap_ptr that hasn't been allocated. Catch this
+and bail out. This fixes an attempt to write to NULL.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/video/readers/jpeg.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/grub-core/video/readers/jpeg.c b/grub-core/video/readers/jpeg.c
+index e514812..e31602f 100644
+--- a/grub-core/video/readers/jpeg.c
++++ b/grub-core/video/readers/jpeg.c
+@@ -646,6 +646,10 @@ grub_jpeg_decode_data (struct grub_jpeg_data *data)
+   nr1 = (data->image_height + vb - 1) >> (3 + data->log_vs);
+   nc1 = (data->image_width + hb - 1)  >> (3 + data->log_hs);
+ 
++  if (data->bitmap_ptr == NULL)
++    return grub_error(GRUB_ERR_BAD_FILE_TYPE,
++		      "jpeg: attempted to decode data before start of stream");
++
+   for (; data->r1 < nr1 && (!data->dri || rst);
+        data->r1++, data->bitmap_ptr += (vb * data->image_width - hb * nc1) * 3)
+     for (c1 = 0;  c1 < nc1 && (!data->dri || rst);
+-- 
+2.14.2
+

boot/grub2/0102-term-gfxterm-Don-t-set-up-a-font-with-glyphs-that-ar.patch

@@ -0,0 +1,52 @@
+From 829329bddb2c3e623270cc634cc9ab32e6455fe7 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 15 Jan 2021 20:03:20 +1100
+Subject: [PATCH] term/gfxterm: Don't set up a font with glyphs that are too
+ big
+
+Catch the case where we have a font so big that it causes the number of
+rows or columns to be 0. Currently we continue and allocate a
+virtual_screen.text_buffer of size 0. We then try to use that for glpyhs
+and things go badly.
+
+On the emu platform, malloc() may give us a valid pointer, in which case
+we'll access heap memory which we shouldn't. Alternatively, it may give us
+NULL, in which case we'll crash. For other platforms, if I understand
+grub_memalign() correctly, we will receive a valid but small allocation
+that we will very likely later overrun.
+
+Prevent the creation of a virtual screen that isn't at least 40 cols
+by 12 rows. This is arbitrary, but it seems that if your width or height
+is half a standard 80x24 terminal, you're probably going to struggle to
+read anything anyway.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/term/gfxterm.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/grub-core/term/gfxterm.c b/grub-core/term/gfxterm.c
+index af7c090..b40fcce 100644
+--- a/grub-core/term/gfxterm.c
++++ b/grub-core/term/gfxterm.c
+@@ -232,6 +232,15 @@ grub_virtual_screen_setup (unsigned int x, unsigned int y,
+   virtual_screen.columns = virtual_screen.width / virtual_screen.normal_char_width;
+   virtual_screen.rows = virtual_screen.height / virtual_screen.normal_char_height;
+ 
++  /*
++   * There must be a minimum number of rows and columns for the screen to
++   * make sense. Arbitrarily pick half of 80x24. If either dimensions is 0
++   * we would allocate 0 bytes for the text_buffer.
++   */
++  if (virtual_screen.columns < 40 || virtual_screen.rows < 12)
++    return grub_error (GRUB_ERR_BAD_FONT,
++		       "font: glyphs too large to fit on screen");
++
+   /* Allocate memory for text buffer.  */
+   virtual_screen.text_buffer =
+     (struct grub_colored_char *) grub_malloc (virtual_screen.columns
+-- 
+2.14.2
+

boot/grub2/0103-fs-fshelp-Catch-impermissibly-large-block-sizes-in-r.patch

@@ -0,0 +1,47 @@
+From b5bc456f664bc301ab4cd5a17d3d23c6661c259e Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 18 Jan 2021 11:46:39 +1100
+Subject: [PATCH] fs/fshelp: Catch impermissibly large block sizes in read
+ helper
+
+A fuzzed HFS+ filesystem had log2blocksize = 22. This gave
+log2blocksize + GRUB_DISK_SECTOR_BITS = 31. 1 << 31 = 0x80000000,
+which is -1 as an int. This caused some wacky behavior later on in
+the function, leading to out-of-bounds writes on the destination buffer.
+
+Catch log2blocksize + GRUB_DISK_SECTOR_BITS >= 31. We could be stricter,
+but this is the minimum that will prevent integer size weirdness.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/fshelp.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/grub-core/fs/fshelp.c b/grub-core/fs/fshelp.c
+index 4c902ad..a2d0d29 100644
+--- a/grub-core/fs/fshelp.c
++++ b/grub-core/fs/fshelp.c
+@@ -362,6 +362,18 @@ grub_fshelp_read_file (grub_disk_t disk, grub_fshelp_node_t node,
+   grub_disk_addr_t i, blockcnt;
+   int blocksize = 1 << (log2blocksize + GRUB_DISK_SECTOR_BITS);
+ 
++  /*
++   * Catch blatantly invalid log2blocksize. We could be a lot stricter, but
++   * this is the most permissive we can be before we start to see integer
++   * overflow/underflow issues.
++   */
++  if (log2blocksize + GRUB_DISK_SECTOR_BITS >= 31)
++    {
++      grub_error (GRUB_ERR_OUT_OF_RANGE,
++		  N_("blocksize too large"));
++      return -1;
++    }
++
+   if (pos > filesize)
+     {
+       grub_error (GRUB_ERR_OUT_OF_RANGE,
+-- 
+2.14.2
+

boot/grub2/0104-fs-hfsplus-Don-t-fetch-a-key-beyond-the-end-of-the-n.patch

@@ -0,0 +1,33 @@
+From 58ea11d5b9ca0966bd9c68d8ba5240cf7dc3ba83 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 22 Jan 2021 18:13:56 +1100
+Subject: [PATCH] fs/hfsplus: Don't fetch a key beyond the end of the node
+
+Otherwise you get a wild pointer, leading to a bunch of invalid reads.
+Check it falls inside the given node.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/hfsplus.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
+index 8fe7c12..1c7791b 100644
+--- a/grub-core/fs/hfsplus.c
++++ b/grub-core/fs/hfsplus.c
+@@ -635,6 +635,10 @@ grub_hfsplus_btree_search (struct grub_hfsplus_btree *btree,
+ 	      pointer = ((char *) currkey
+ 			 + grub_be_to_cpu16 (currkey->keylen)
+ 			 + 2);
++
++	      if ((char *) pointer > node + btree->nodesize - 2)
++		return grub_error (GRUB_ERR_BAD_FS, "HFS+ key beyond end of node");
++
+ 	      currnode = grub_be_to_cpu32 (grub_get_unaligned32 (pointer));
+ 	      match = 1;
+ 	    }
+-- 
+2.14.2
+

boot/grub2/0105-fs-hfsplus-Don-t-use-uninitialized-data-on-corrupt-f.patch

@@ -0,0 +1,108 @@
+From 2ca0e5dbcdcb6fc93ccae39a0f39d0dba4a7ff20 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 2 Feb 2021 16:59:35 +1100
+Subject: [PATCH] fs/hfsplus: Don't use uninitialized data on corrupt
+ filesystems
+
+Valgrind identified the following use of uninitialized data:
+
+  ==2782220== Conditional jump or move depends on uninitialised value(s)
+  ==2782220==    at 0x42B364: grub_hfsplus_btree_search (hfsplus.c:566)
+  ==2782220==    by 0x42B21D: grub_hfsplus_read_block (hfsplus.c:185)
+  ==2782220==    by 0x42A693: grub_fshelp_read_file (fshelp.c:386)
+  ==2782220==    by 0x42C598: grub_hfsplus_read_file (hfsplus.c:219)
+  ==2782220==    by 0x42C598: grub_hfsplus_mount (hfsplus.c:330)
+  ==2782220==    by 0x42B8C5: grub_hfsplus_dir (hfsplus.c:958)
+  ==2782220==    by 0x4C1AE6: grub_fs_probe (fs.c:73)
+  ==2782220==    by 0x407C94: grub_ls_list_files (ls.c:186)
+  ==2782220==    by 0x407C94: grub_cmd_ls (ls.c:284)
+  ==2782220==    by 0x4D7130: grub_extcmd_dispatcher (extcmd.c:55)
+  ==2782220==    by 0x4045A6: execute_command (grub-fstest.c:59)
+  ==2782220==    by 0x4045A6: fstest (grub-fstest.c:433)
+  ==2782220==    by 0x4045A6: main (grub-fstest.c:772)
+  ==2782220==  Uninitialised value was created by a heap allocation
+  ==2782220==    at 0x483C7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
+  ==2782220==    by 0x4C0305: grub_malloc (mm.c:42)
+  ==2782220==    by 0x42C21D: grub_hfsplus_mount (hfsplus.c:239)
+  ==2782220==    by 0x42B8C5: grub_hfsplus_dir (hfsplus.c:958)
+  ==2782220==    by 0x4C1AE6: grub_fs_probe (fs.c:73)
+  ==2782220==    by 0x407C94: grub_ls_list_files (ls.c:186)
+  ==2782220==    by 0x407C94: grub_cmd_ls (ls.c:284)
+  ==2782220==    by 0x4D7130: grub_extcmd_dispatcher (extcmd.c:55)
+  ==2782220==    by 0x4045A6: execute_command (grub-fstest.c:59)
+  ==2782220==    by 0x4045A6: fstest (grub-fstest.c:433)
+  ==2782220==    by 0x4045A6: main (grub-fstest.c:772)
+
+This happens when the process of reading the catalog file goes sufficiently
+wrong that there's an attempt to read the extent overflow file, which has
+not yet been loaded. Keep track of when the extent overflow file is
+fully loaded and refuse to use it before then.
+
+The load valgrind doesn't like is btree->nodesize, and that's then used
+to allocate a data structure. It looks like there are subsequently a lot
+of reads based on that pointer so OOB reads are likely, and indeed crashes
+(albeit difficult-to-replicate ones) have been observed in fuzzing.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/hfsplus.c | 14 ++++++++++++++
+ include/grub/hfsplus.h |  2 ++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/grub-core/fs/hfsplus.c b/grub-core/fs/hfsplus.c
+index 1c7791b..361e5be 100644
+--- a/grub-core/fs/hfsplus.c
++++ b/grub-core/fs/hfsplus.c
+@@ -177,6 +177,17 @@ grub_hfsplus_read_block (grub_fshelp_node_t node, grub_disk_addr_t fileblock)
+ 	  break;
+ 	}
+ 
++      /*
++       * If the extent overflow tree isn't ready yet, we can't look
++       * in it. This can happen where the catalog file is corrupted.
++       */
++      if (!node->data->extoverflow_tree_ready)
++	{
++	  grub_error (GRUB_ERR_BAD_FS,
++		      "attempted to read extent overflow tree before loading");
++	  break;
++	}
++
+       /* Set up the key to look for in the extent overflow file.  */
+       extoverflow.extkey.fileid = node->fileid;
+       extoverflow.extkey.type = 0;
+@@ -241,6 +252,7 @@ grub_hfsplus_mount (grub_disk_t disk)
+     return 0;
+ 
+   data->disk = disk;
++  data->extoverflow_tree_ready = 0;
+ 
+   /* Read the bootblock.  */
+   grub_disk_read (disk, GRUB_HFSPLUS_SBLOCK, 0, sizeof (volheader),
+@@ -357,6 +369,8 @@ grub_hfsplus_mount (grub_disk_t disk)
+   if (data->extoverflow_tree.nodesize < 2)
+     goto fail;
+ 
++  data->extoverflow_tree_ready = 1;
++
+   if (grub_hfsplus_read_file (&data->attr_tree.file, 0, 0,
+ 			      sizeof (struct grub_hfsplus_btnode),
+ 			      sizeof (header), (char *) &header) <= 0)
+diff --git a/include/grub/hfsplus.h b/include/grub/hfsplus.h
+index 117740a..e14dd31 100644
+--- a/include/grub/hfsplus.h
++++ b/include/grub/hfsplus.h
+@@ -113,6 +113,8 @@ struct grub_hfsplus_data
+   struct grub_hfsplus_btree extoverflow_tree;
+   struct grub_hfsplus_btree attr_tree;
+ 
++  int extoverflow_tree_ready;
++
+   struct grub_hfsplus_file dirroot;
+   struct grub_hfsplus_file opened_file;
+ 
+-- 
+2.14.2
+

boot/grub2/0106-fs-hfs-Disable-under-lockdown.patch

@@ -0,0 +1,47 @@
+From 1c15848838d924552611247110723e2a1c17a5a1 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 18 Jan 2021 12:19:07 +1100
+Subject: [PATCH] fs/hfs: Disable under lockdown
+
+HFS has issues such as infinite mutual recursion that are simply too
+complex to fix for such a legacy format. So simply do not permit
+it to be loaded under lockdown.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/hfs.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/fs/hfs.c b/grub-core/fs/hfs.c
+index 3fe842b..9a5b7bb 100644
+--- a/grub-core/fs/hfs.c
++++ b/grub-core/fs/hfs.c
+@@ -30,6 +30,7 @@
+ #include <grub/hfs.h>
+ #include <grub/i18n.h>
+ #include <grub/fshelp.h>
++#include <grub/lockdown.h>
+ 
+ GRUB_MOD_LICENSE ("GPLv3+");
+ 
+@@ -1433,11 +1434,13 @@ static struct grub_fs grub_hfs_fs =
+ 
+ GRUB_MOD_INIT(hfs)
+ {
+-  grub_fs_register (&grub_hfs_fs);
++  if (!grub_is_lockdown ())
++    grub_fs_register (&grub_hfs_fs);
+   my_mod = mod;
+ }
+ 
+ GRUB_MOD_FINI(hfs)
+ {
+-  grub_fs_unregister (&grub_hfs_fs);
++  if (!grub_is_lockdown())
++    grub_fs_unregister (&grub_hfs_fs);
+ }
+-- 
+2.14.2
+

boot/grub2/0107-fs-sfs-Fix-over-read-of-root-object-name.patch

@@ -0,0 +1,50 @@
+From 8d3ae59dee2930d640add3bba983006e1f5dd1b6 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 18 Jan 2021 14:34:58 +1100
+Subject: [PATCH] fs/sfs: Fix over-read of root object name
+
+There's a read of the name of the root object that assumes that the name
+is nul-terminated within the root block. This isn't guaranteed - it seems
+SFS would require you to read multiple blocks to get a full name in general,
+but maybe that doesn't apply to the root object.
+
+Either way, figure out how much space is left in the root block and don't
+over-read it. This fixes some OOB reads.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/sfs.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/sfs.c b/grub-core/fs/sfs.c
+index de2b107..983e880 100644
+--- a/grub-core/fs/sfs.c
++++ b/grub-core/fs/sfs.c
+@@ -373,6 +373,7 @@ grub_sfs_mount (grub_disk_t disk)
+   struct grub_sfs_objc *rootobjc;
+   char *rootobjc_data = 0;
+   grub_uint32_t blk;
++  unsigned int max_len;
+ 
+   data = grub_malloc (sizeof (*data));
+   if (!data)
+@@ -421,7 +422,13 @@ grub_sfs_mount (grub_disk_t disk)
+   data->diropen.data = data;
+   data->diropen.cache = 0;
+   data->disk = disk;
+-  data->label = grub_strdup ((char *) (rootobjc->objects[0].filename));
++
++  /* We only read 1 block of data, so truncate the name if needed. */
++  max_len = ((GRUB_DISK_SECTOR_SIZE << data->log_blocksize)
++	     - 24    /* offsetof (struct grub_sfs_objc, objects) */
++	     - 25);  /* offsetof (struct grub_sfs_obj, filename) */
++  data->label = grub_zalloc (max_len + 1);
++  grub_strncpy (data->label, (char *) rootobjc->objects[0].filename, max_len);
+ 
+   grub_free (rootobjc_data);
+   return data;
+-- 
+2.14.2
+

boot/grub2/0108-fs-jfs-Do-not-move-to-leaf-level-if-name-length-is-n.patch

@@ -0,0 +1,34 @@
+From ffd5a46f68710e2781899d0be4d701429a5a817d Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 18 Jan 2021 14:51:11 +1100
+Subject: [PATCH] fs/jfs: Do not move to leaf level if name length is negative
+
+Fuzzing JFS revealed crashes where a negative number would be passed
+to le_to_cpu16_copy(). There it would be cast to a large positive number
+and the copy would read and write off the end of the respective buffers.
+
+Catch this at the top as well as the bottom of the loop.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/jfs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c
+index d5a6d65..e5bbda6 100644
+--- a/grub-core/fs/jfs.c
++++ b/grub-core/fs/jfs.c
+@@ -567,7 +567,7 @@ grub_jfs_getent (struct grub_jfs_diropen *diro)
+ 
+   /* Move down to the leaf level.  */
+   nextent = leaf->next;
+-  if (leaf->next != 255)
++  if (leaf->next != 255 && len > 0)
+     do
+       {
+  	next_leaf = &diro->next_leaf[nextent];
+-- 
+2.14.2
+

boot/grub2/0109-fs-jfs-Limit-the-extents-that-getblk-can-consider.patch

@@ -0,0 +1,62 @@
+From bd0cf8148ccf721f6e39ffbd70f8abad0c8897f0 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 18 Jan 2021 14:57:17 +1100
+Subject: [PATCH] fs/jfs: Limit the extents that getblk() can consider
+
+getblk() implicitly trusts that treehead->count is an accurate count of
+the number of extents. However, that value is read from disk and is not
+trustworthy, leading to OOB reads and crashes. I am not sure to what
+extent the data read from OOB can influence subsequent program execution.
+
+Require callers to pass in the maximum number of extents for which
+they have storage.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/jfs.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c
+index e5bbda6..804c42d 100644
+--- a/grub-core/fs/jfs.c
++++ b/grub-core/fs/jfs.c
+@@ -261,13 +261,15 @@ static grub_err_t grub_jfs_lookup_symlink (struct grub_jfs_data *data, grub_uint
+ static grub_int64_t
+ getblk (struct grub_jfs_treehead *treehead,
+ 	struct grub_jfs_tree_extent *extents,
++	int max_extents,
+ 	struct grub_jfs_data *data,
+ 	grub_uint64_t blk)
+ {
+   int found = -1;
+   int i;
+ 
+-  for (i = 0; i < grub_le_to_cpu16 (treehead->count) - 2; i++)
++  for (i = 0; i < grub_le_to_cpu16 (treehead->count) - 2 &&
++	      i < max_extents; i++)
+     {
+       if (treehead->flags & GRUB_JFS_TREE_LEAF)
+ 	{
+@@ -302,7 +304,7 @@ getblk (struct grub_jfs_treehead *treehead,
+ 			   << (grub_le_to_cpu16 (data->sblock.log2_blksz)
+ 			       - GRUB_DISK_SECTOR_BITS), 0,
+ 			   sizeof (*tree), (char *) tree))
+-	ret = getblk (&tree->treehead, &tree->extents[0], data, blk);
++	ret = getblk (&tree->treehead, &tree->extents[0], 254, data, blk);
+       grub_free (tree);
+       return ret;
+     }
+@@ -316,7 +318,7 @@ static grub_int64_t
+ grub_jfs_blkno (struct grub_jfs_data *data, struct grub_jfs_inode *inode,
+ 		grub_uint64_t blk)
+ {
+-  return getblk (&inode->file.tree, &inode->file.extents[0], data, blk);
++  return getblk (&inode->file.tree, &inode->file.extents[0], 16, data, blk);
+ }
+ 
+ 
+-- 
+2.14.2
+

boot/grub2/0110-fs-jfs-Catch-infinite-recursion.patch

@@ -0,0 +1,46 @@
+From 223120dd83745126cb232a0248c9a8901d7e350d Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 18 Jan 2021 15:47:24 +1100
+Subject: [PATCH] fs/jfs: Catch infinite recursion
+
+It's possible with a fuzzed filesystem for JFS to keep getblk()-ing
+the same data over and over again, leading to stack exhaustion.
+
+Check if we'd be calling the function with exactly the same data as
+was passed in, and if so abort.
+
+I'm not sure what the performance impact of this is and am open to
+better ideas.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/jfs.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/jfs.c b/grub-core/fs/jfs.c
+index 804c42d..6f7c439 100644
+--- a/grub-core/fs/jfs.c
++++ b/grub-core/fs/jfs.c
+@@ -304,7 +304,16 @@ getblk (struct grub_jfs_treehead *treehead,
+ 			   << (grub_le_to_cpu16 (data->sblock.log2_blksz)
+ 			       - GRUB_DISK_SECTOR_BITS), 0,
+ 			   sizeof (*tree), (char *) tree))
+-	ret = getblk (&tree->treehead, &tree->extents[0], 254, data, blk);
++	{
++	  if (grub_memcmp (&tree->treehead, treehead, sizeof (struct grub_jfs_treehead)) ||
++	      grub_memcmp (&tree->extents, extents, 254 * sizeof (struct grub_jfs_tree_extent)))
++	    ret = getblk (&tree->treehead, &tree->extents[0], 254, data, blk);
++	  else
++	    {
++	      grub_error (GRUB_ERR_BAD_FS, "jfs: infinite recursion detected");
++	      ret = -1;
++	    }
++	}
+       grub_free (tree);
+       return ret;
+     }
+-- 
+2.14.2
+

boot/grub2/0111-fs-nilfs2-Reject-too-large-keys.patch

@@ -0,0 +1,46 @@
+From 20ab8cb44bc140a1dedda82a3fccdd45e9bc6929 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 18 Jan 2021 16:49:09 +1100
+Subject: [PATCH] fs/nilfs2: Reject too-large keys
+
+NILFS2 has up to 7 keys, per the data structure. Do not permit array
+indices in excess of that.
+
+This catches some OOB reads. I don't know how controllable the invalidly
+read data is or if that could be used later in the program.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/nilfs2.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c
+index 7ed148d..fee2242 100644
+--- a/grub-core/fs/nilfs2.c
++++ b/grub-core/fs/nilfs2.c
+@@ -569,6 +569,11 @@ grub_nilfs2_btree_lookup (struct grub_nilfs2_data *data,
+ static inline grub_uint64_t
+ grub_nilfs2_direct_lookup (struct grub_nilfs2_inode *inode, grub_uint64_t key)
+ {
++  if (1 + key > 6)
++    {
++      grub_error (GRUB_ERR_BAD_FS, "key is too large");
++      return 0xffffffffffffffff;
++    }
+   return grub_le_to_cpu64 (inode->i_bmap[1 + key]);
+ }
+ 
+@@ -584,7 +589,7 @@ grub_nilfs2_bmap_lookup (struct grub_nilfs2_data *data,
+     {
+       grub_uint64_t ptr;
+       ptr = grub_nilfs2_direct_lookup (inode, key);
+-      if (need_translate)
++      if (ptr != ((grub_uint64_t) 0xffffffffffffffff) && need_translate)
+ 	ptr = grub_nilfs2_dat_translate (data, ptr);
+       return ptr;
+     }
+-- 
+2.14.2
+

boot/grub2/0112-fs-nilfs2-Don-t-search-children-if-provided-number-i.patch

@@ -0,0 +1,100 @@
+From 37c0eb05cdcc64c28d31c4ebd300f14d5239d05e Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 18 Jan 2021 16:49:44 +1100
+Subject: [PATCH] fs/nilfs2: Don't search children if provided number is too
+ large
+
+NILFS2 reads the number of children a node has from the node. Unfortunately,
+that's not trustworthy. Check if it's beyond what the filesystem permits and
+reject it if so.
+
+This blocks some OOB reads. I'm not sure how controllable the read is and what
+could be done with invalidly read data later on.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/nilfs2.c | 38 +++++++++++++++++++++++---------------
+ 1 file changed, 23 insertions(+), 15 deletions(-)
+
+diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c
+index fee2242..43ac1ad 100644
+--- a/grub-core/fs/nilfs2.c
++++ b/grub-core/fs/nilfs2.c
+@@ -416,14 +416,34 @@ grub_nilfs2_btree_node_get_key (struct grub_nilfs2_btree_node *node,
+ }
+ 
+ static inline int
+-grub_nilfs2_btree_node_lookup (struct grub_nilfs2_btree_node *node,
++grub_nilfs2_btree_node_nchildren_max (struct grub_nilfs2_data *data,
++				      struct grub_nilfs2_btree_node *node)
++{
++  int node_children_max = ((NILFS2_BLOCK_SIZE (data) -
++			    sizeof (struct grub_nilfs2_btree_node) -
++			    NILFS_BTREE_NODE_EXTRA_PAD_SIZE) /
++			   (sizeof (grub_uint64_t) + sizeof (grub_uint64_t)));
++
++  return (node->bn_flags & NILFS_BTREE_NODE_ROOT) ? 3 : node_children_max;
++}
++
++static inline int
++grub_nilfs2_btree_node_lookup (struct grub_nilfs2_data *data,
++			       struct grub_nilfs2_btree_node *node,
+ 			       grub_uint64_t key, int *indexp)
+ {
+   grub_uint64_t nkey;
+   int index, low, high, s;
+ 
+   low = 0;
++
+   high = grub_le_to_cpu16 (node->bn_nchildren) - 1;
++  if (high >= grub_nilfs2_btree_node_nchildren_max (data, node))
++    {
++      grub_error (GRUB_ERR_BAD_FS, "too many children");
++      return 0;
++    }
++
+   index = 0;
+   s = 0;
+   while (low <= high)
+@@ -459,18 +479,6 @@ grub_nilfs2_btree_node_lookup (struct grub_nilfs2_btree_node *node,
+   return s == 0;
+ }
+ 
+-static inline int
+-grub_nilfs2_btree_node_nchildren_max (struct grub_nilfs2_data *data,
+-				      struct grub_nilfs2_btree_node *node)
+-{
+-  int node_children_max = ((NILFS2_BLOCK_SIZE (data) -
+-			    sizeof (struct grub_nilfs2_btree_node) -
+-			    NILFS_BTREE_NODE_EXTRA_PAD_SIZE) /
+-			   (sizeof (grub_uint64_t) + sizeof (grub_uint64_t)));
+-
+-  return (node->bn_flags & NILFS_BTREE_NODE_ROOT) ? 3 : node_children_max;
+-}
+-
+ static inline grub_uint64_t *
+ grub_nilfs2_btree_node_dptrs (struct grub_nilfs2_data *data,
+ 			      struct grub_nilfs2_btree_node *node)
+@@ -517,7 +525,7 @@ grub_nilfs2_btree_lookup (struct grub_nilfs2_data *data,
+   node = grub_nilfs2_btree_get_root (inode);
+   level = grub_nilfs2_btree_get_level (node);
+ 
+-  found = grub_nilfs2_btree_node_lookup (node, key, &index);
++  found = grub_nilfs2_btree_node_lookup (data, node, key, &index);
+   ptr = grub_nilfs2_btree_node_get_ptr (data, node, index);
+   if (need_translate)
+     ptr = grub_nilfs2_dat_translate (data, ptr);
+@@ -538,7 +546,7 @@ grub_nilfs2_btree_lookup (struct grub_nilfs2_data *data,
+ 	}
+ 
+       if (!found)
+-	found = grub_nilfs2_btree_node_lookup (node, key, &index);
++	found = grub_nilfs2_btree_node_lookup (data, node, key, &index);
+       else
+ 	index = 0;
+ 
+-- 
+2.14.2
+

boot/grub2/0113-fs-nilfs2-Properly-bail-on-errors-in-grub_nilfs2_btr.patch

@@ -0,0 +1,68 @@
+From ca5d9ac206043b1fb4cb06259272fb1c5946bb6d Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 18 Jan 2021 17:06:19 +1100
+Subject: [PATCH] fs/nilfs2: Properly bail on errors in
+ grub_nilfs2_btree_node_lookup()
+
+We just introduced an error return in grub_nilfs2_btree_node_lookup().
+Make sure the callers catch it.
+
+At the same time, make sure that grub_nilfs2_btree_node_lookup() always
+inits the index pointer passed to it.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/nilfs2.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/fs/nilfs2.c b/grub-core/fs/nilfs2.c
+index 43ac1ad..aaba002 100644
+--- a/grub-core/fs/nilfs2.c
++++ b/grub-core/fs/nilfs2.c
+@@ -433,7 +433,7 @@ grub_nilfs2_btree_node_lookup (struct grub_nilfs2_data *data,
+ 			       grub_uint64_t key, int *indexp)
+ {
+   grub_uint64_t nkey;
+-  int index, low, high, s;
++  int index = 0, low, high, s;
+ 
+   low = 0;
+ 
+@@ -441,10 +441,10 @@ grub_nilfs2_btree_node_lookup (struct grub_nilfs2_data *data,
+   if (high >= grub_nilfs2_btree_node_nchildren_max (data, node))
+     {
+       grub_error (GRUB_ERR_BAD_FS, "too many children");
++      *indexp = index;
+       return 0;
+     }
+ 
+-  index = 0;
+   s = 0;
+   while (low <= high)
+     {
+@@ -526,6 +526,10 @@ grub_nilfs2_btree_lookup (struct grub_nilfs2_data *data,
+   level = grub_nilfs2_btree_get_level (node);
+ 
+   found = grub_nilfs2_btree_node_lookup (data, node, key, &index);
++
++  if (grub_errno != GRUB_ERR_NONE)
++    goto fail;
++
+   ptr = grub_nilfs2_btree_node_get_ptr (data, node, index);
+   if (need_translate)
+     ptr = grub_nilfs2_dat_translate (data, ptr);
+@@ -550,7 +554,8 @@ grub_nilfs2_btree_lookup (struct grub_nilfs2_data *data,
+       else
+ 	index = 0;
+ 
+-      if (index < grub_nilfs2_btree_node_nchildren_max (data, node))
++      if (index < grub_nilfs2_btree_node_nchildren_max (data, node) &&
++	  grub_errno == GRUB_ERR_NONE)
+ 	{
+ 	  ptr = grub_nilfs2_btree_node_get_ptr (data, node, index);
+ 	  if (need_translate)
+-- 
+2.14.2
+

boot/grub2/0114-io-gzio-Bail-if-gzio-tl-td-is-NULL.patch

@@ -0,0 +1,67 @@
+From 3334a5e6c86f10e715cca3bf66ce0fc2f164b61b Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Wed, 13 Jan 2021 20:59:09 +1100
+Subject: [PATCH] io/gzio: Bail if gzio->tl/td is NULL
+
+This is an ugly fix that doesn't address why gzio->tl comes to be NULL.
+However, it seems to be sufficient to patch up a bunch of NULL derefs.
+
+It would be good to revisit this in future and see if we can have
+a cleaner solution that addresses some of the causes of the unexpected
+NULL pointers.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/io/gzio.c | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c
+index 43d98a7..4a8eaea 100644
+--- a/grub-core/io/gzio.c
++++ b/grub-core/io/gzio.c
+@@ -669,6 +669,13 @@ inflate_codes_in_window (grub_gzio_t gzio)
+     {
+       if (! gzio->code_state)
+ 	{
++
++	  if (gzio->tl == NULL)
++	    {
++	      grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->tl");
++	      return 1;
++	    }
++
+ 	  NEEDBITS ((unsigned) gzio->bl);
+ 	  if ((e = (t = gzio->tl + ((unsigned) b & ml))->e) > 16)
+ 	    do
+@@ -707,6 +714,12 @@ inflate_codes_in_window (grub_gzio_t gzio)
+ 	      n = t->v.n + ((unsigned) b & mask_bits[e]);
+ 	      DUMPBITS (e);
+ 
++	      if (gzio->td == NULL)
++		{
++		  grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->td");
++		  return 1;
++		}
++
+ 	      /* decode distance of block to copy */
+ 	      NEEDBITS ((unsigned) gzio->bd);
+ 	      if ((e = (t = gzio->td + ((unsigned) b & md))->e) > 16)
+@@ -917,6 +930,13 @@ init_dynamic_block (grub_gzio_t gzio)
+   n = nl + nd;
+   m = mask_bits[gzio->bl];
+   i = l = 0;
++
++  if (gzio->tl == NULL)
++    {
++      grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "NULL gzio->tl");
++      return;
++    }
++
+   while ((unsigned) i < n)
+     {
+       NEEDBITS ((unsigned) gzio->bl);
+-- 
+2.14.2
+

boot/grub2/0115-io-gzio-Add-init_dynamic_block-clean-up-if-unpacking.patch

@@ -0,0 +1,67 @@
+From 18490336d91da2b532277cba56473bfed1376fc4 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Thu, 21 Jan 2021 00:05:58 +1100
+Subject: [PATCH] io/gzio: Add init_dynamic_block() clean up if unpacking codes
+ fails
+
+init_dynamic_block() didn't clean up gzio->tl and td in some error
+paths. This left td pointing to part of tl. Then in grub_gzio_close(),
+when tl was freed the storage for td would also be freed. The code then
+attempts to free td explicitly, performing a UAF and then a double free.
+
+Explicitly clean up tl and td in the error paths.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/io/gzio.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c
+index 4a8eaea..4236f0f 100644
+--- a/grub-core/io/gzio.c
++++ b/grub-core/io/gzio.c
+@@ -953,7 +953,7 @@ init_dynamic_block (grub_gzio_t gzio)
+ 	  if ((unsigned) i + j > n)
+ 	    {
+ 	      grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "too many codes found");
+-	      return;
++	      goto fail;
+ 	    }
+ 	  while (j--)
+ 	    ll[i++] = l;
+@@ -966,7 +966,7 @@ init_dynamic_block (grub_gzio_t gzio)
+ 	  if ((unsigned) i + j > n)
+ 	    {
+ 	      grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "too many codes found");
+-	      return;
++	      goto fail;
+ 	    }
+ 	  while (j--)
+ 	    ll[i++] = 0;
+@@ -981,7 +981,7 @@ init_dynamic_block (grub_gzio_t gzio)
+ 	  if ((unsigned) i + j > n)
+ 	    {
+ 	      grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "too many codes found");
+-	      return;
++	      goto fail;
+ 	    }
+ 	  while (j--)
+ 	    ll[i++] = 0;
+@@ -1019,6 +1019,12 @@ init_dynamic_block (grub_gzio_t gzio)
+   /* indicate we're now working on a block */
+   gzio->code_state = 0;
+   gzio->block_len++;
++  return;
++
++ fail:
++  huft_free (gzio->tl);
++  gzio->td = NULL;
++  gzio->tl = NULL;
+ }
+ 
+ 
+-- 
+2.14.2
+

boot/grub2/0116-io-gzio-Catch-missing-values-in-huft_build-and-bail.patch

@@ -0,0 +1,57 @@
+From 4e76b08f7171a8603d74fcafb27409a91f578647 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Thu, 21 Jan 2021 12:20:49 +1100
+Subject: [PATCH] io/gzio: Catch missing values in huft_build() and bail
+
+In huft_build(), "v" is a table of values in order of bit length.
+The code later (when setting up table entries in "r") assumes that all
+elements of this array corresponding to a code are initialized and less
+than N_MAX. However, it doesn't enforce this.
+
+With sufficiently manipulated inputs (e.g. from fuzzing), there can be
+elements of "v" that are not filled. Therefore a lookup into "e" or "d"
+will use an uninitialized value. This can lead to an invalid/OOB read on
+those values, often leading to a crash.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/io/gzio.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c
+index 4236f0f..19adebe 100644
+--- a/grub-core/io/gzio.c
++++ b/grub-core/io/gzio.c
+@@ -507,6 +507,7 @@ huft_build (unsigned *b,	/* code lengths in bits (all assumed <= BMAX) */
+     }
+ 
+   /* Make a table of values in order of bit lengths */
++  grub_memset (v, N_MAX, ARRAY_SIZE (v));
+   p = b;
+   i = 0;
+   do
+@@ -588,11 +589,18 @@ huft_build (unsigned *b,	/* code lengths in bits (all assumed <= BMAX) */
+ 	      r.v.n = (ush) (*p);	/* simple code is just the value */
+ 	      p++;		/* one compiler does not like *p++ */
+ 	    }
+-	  else
++	  else if (*p < N_MAX)
+ 	    {
+ 	      r.e = (uch) e[*p - s];	/* non-simple--look up in lists */
+ 	      r.v.n = d[*p++ - s];
+ 	    }
++	  else
++	    {
++	      /* Detected an uninitialised value, abort. */
++	      if (h)
++		huft_free (u[0]);
++	      return 2;
++	    }
+ 
+ 	  /* fill code-like entries with r */
+ 	  f = 1 << (k - w);
+-- 
+2.14.2
+

boot/grub2/0117-io-gzio-Zero-gzio-tl-td-in-init_dynamic_block-if-huf.patch

@@ -0,0 +1,42 @@
+From b5a2b59cc5b8f5ee7ba3b951e7693e402d5b3a6f Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Thu, 21 Jan 2021 12:22:28 +1100
+Subject: [PATCH] io/gzio: Zero gzio->tl/td in init_dynamic_block() if
+ huft_build() fails
+
+If huft_build() fails, gzio->tl or gzio->td could contain pointers that
+are no longer valid. Zero them out.
+
+This prevents a double free when grub_gzio_close() comes through and
+attempts to free them again.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/io/gzio.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c
+index 19adebe..aea86a0 100644
+--- a/grub-core/io/gzio.c
++++ b/grub-core/io/gzio.c
+@@ -1010,6 +1010,7 @@ init_dynamic_block (grub_gzio_t gzio)
+   gzio->bl = lbits;
+   if (huft_build (ll, nl, 257, cplens, cplext, &gzio->tl, &gzio->bl) != 0)
+     {
++      gzio->tl = 0;
+       grub_error (GRUB_ERR_BAD_COMPRESSED_DATA,
+ 		  "failed in building a Huffman code table");
+       return;
+@@ -1019,6 +1020,7 @@ init_dynamic_block (grub_gzio_t gzio)
+     {
+       huft_free (gzio->tl);
+       gzio->tl = 0;
++      gzio->td = 0;
+       grub_error (GRUB_ERR_BAD_COMPRESSED_DATA,
+ 		  "failed in building a Huffman code table");
+       return;
+-- 
+2.14.2
+

boot/grub2/0118-disk-lvm-Don-t-go-beyond-the-end-of-the-data-we-read.patch

@@ -0,0 +1,49 @@
+From a8cc95de74ccc3ad090e8062ac335c844f13c9f4 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Thu, 21 Jan 2021 17:59:14 +1100
+Subject: [PATCH] disk/lvm: Don't go beyond the end of the data we read from
+ disk
+
+We unconditionally trusted offset_xl from the LVM label header, even if
+it told us that the PV header/disk locations were way off past the end
+of the data we read from disk.
+
+Require that the offset be sane, fixing an OOB read and crash.
+
+Fixes: CID 314367, CID 314371
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/disk/lvm.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
+index 139fafd..8136122 100644
+--- a/grub-core/disk/lvm.c
++++ b/grub-core/disk/lvm.c
+@@ -141,6 +141,20 @@ grub_lvm_detect (grub_disk_t disk,
+       goto fail;
+     }
+ 
++  /*
++   * We read a grub_lvm_pv_header and then 2 grub_lvm_disk_locns that
++   * immediately follow the PV header. Make sure we have space for both.
++   */
++  if (grub_le_to_cpu32 (lh->offset_xl) >=
++      GRUB_LVM_LABEL_SIZE - sizeof (struct grub_lvm_pv_header) -
++      2 * sizeof (struct grub_lvm_disk_locn))
++    {
++#ifdef GRUB_UTIL
++      grub_util_info ("LVM PV header/disk locations are beyond the end of the block");
++#endif
++      goto fail;
++    }
++
+   pvh = (struct grub_lvm_pv_header *) (buf + grub_le_to_cpu32(lh->offset_xl));
+ 
+   for (i = 0, j = 0; i < GRUB_LVM_ID_LEN; i++)
+-- 
+2.14.2
+

boot/grub2/0119-disk-lvm-Don-t-blast-past-the-end-of-the-circular-me.patch

@@ -0,0 +1,43 @@
+From 27a79bf38e6d050e497eb96a3fdddce43af25577 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Thu, 21 Jan 2021 18:19:51 +1100
+Subject: [PATCH] disk/lvm: Don't blast past the end of the circular metadata
+ buffer
+
+This catches at least some OOB reads, and it's possible I suppose that
+if 2 * mda_size is less than GRUB_LVM_MDA_HEADER_SIZE it might catch some
+OOB writes too (although that hasn't showed up as a crash in fuzzing yet).
+
+It's a bit ugly and I'd appreciate better suggestions.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/disk/lvm.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
+index 8136122..36da575 100644
+--- a/grub-core/disk/lvm.c
++++ b/grub-core/disk/lvm.c
+@@ -214,6 +214,16 @@ grub_lvm_detect (grub_disk_t disk,
+   if (grub_le_to_cpu64 (rlocn->offset) + grub_le_to_cpu64 (rlocn->size) >
+       grub_le_to_cpu64 (mdah->size))
+     {
++      if (2 * mda_size < GRUB_LVM_MDA_HEADER_SIZE ||
++          (grub_le_to_cpu64 (rlocn->offset) + grub_le_to_cpu64 (rlocn->size) -
++	   grub_le_to_cpu64 (mdah->size) > mda_size - GRUB_LVM_MDA_HEADER_SIZE))
++	{
++#ifdef GRUB_UTIL
++	  grub_util_info ("cannot copy metadata wrap in circular buffer");
++#endif
++	  goto fail2;
++	}
++
+       /* Metadata is circular. Copy the wrap in place. */
+       grub_memcpy (metadatabuf + mda_size,
+ 		   metadatabuf + GRUB_LVM_MDA_HEADER_SIZE,
+-- 
+2.14.2
+

boot/grub2/0120-disk-lvm-Bail-on-missing-PV-list.patch

@@ -0,0 +1,35 @@
+From 2958695c4cdc785de6ed708709af071a2d20afef Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Thu, 21 Jan 2021 18:54:29 +1100
+Subject: [PATCH] disk/lvm: Bail on missing PV list
+
+There's an if block for the presence of "physical_volumes {", but if
+that block is absent, then p remains NULL and a NULL-deref will result
+when looking for logical volumes.
+
+It doesn't seem like LVM makes sense without physical volumes, so error
+out rather than crashing.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/disk/lvm.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
+index 36da575..8e560f3 100644
+--- a/grub-core/disk/lvm.c
++++ b/grub-core/disk/lvm.c
+@@ -370,6 +370,8 @@ grub_lvm_detect (grub_disk_t disk,
+ 	      goto fail4;
+ 	    }
+ 	}
++      else
++        goto fail4;
+ 
+       p = grub_strstr (p, "logical_volumes {");
+       if (p)
+-- 
+2.14.2
+

boot/grub2/0121-disk-lvm-Do-not-crash-if-an-expected-string-is-not-f.patch

@@ -0,0 +1,83 @@
+From db29073fc7aec71a40dabfc722a96ea9f3280907 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Thu, 21 Jan 2021 18:35:22 +1100
+Subject: [PATCH] disk/lvm: Do not crash if an expected string is not found
+
+Clean up a bunch of cases where we could have strstr() fail and lead to
+us dereferencing NULL.
+
+We'll still leak memory in some cases (loops don't clean up allocations
+from earlier iterations if a later iteration fails) but at least we're
+not crashing.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/disk/lvm.c | 22 +++++++++++++++++-----
+ 1 file changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
+index 8e560f3..bd5ae87 100644
+--- a/grub-core/disk/lvm.c
++++ b/grub-core/disk/lvm.c
+@@ -539,7 +539,16 @@ grub_lvm_detect (grub_disk_t disk,
+ 			}
+ 
+ 		      if (seg->node_count != 1)
+-			seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
++			{
++			  seg->stripe_size = grub_lvm_getvalue (&p, "stripe_size = ");
++			  if (p == NULL)
++			    {
++#ifdef GRUB_UTIL
++			      grub_util_info ("unknown stripe_size");
++#endif
++			      goto lvs_segment_fail;
++			    }
++			}
+ 
+ 		      seg->nodes = grub_calloc (seg->node_count,
+ 						sizeof (*stripe));
+@@ -559,7 +568,7 @@ grub_lvm_detect (grub_disk_t disk,
+ 			{
+ 			  p = grub_strchr (p, '"');
+ 			  if (p == NULL)
+-			    continue;
++			    goto lvs_segment_fail2;
+ 			  q = ++p;
+ 			  while (*q != '"')
+ 			    q++;
+@@ -578,7 +587,10 @@ grub_lvm_detect (grub_disk_t disk,
+ 			  stripe->start = grub_lvm_getvalue (&p, ",")
+ 			    * vg->extent_size;
+ 			  if (p == NULL)
+-			    continue;
++			    {
++			      grub_free (stripe->name);
++			      goto lvs_segment_fail2;
++			    }
+ 
+ 			  stripe++;
+ 			}
+@@ -615,7 +627,7 @@ grub_lvm_detect (grub_disk_t disk,
+ 
+ 			  p = grub_strchr (p, '"');
+ 			  if (p == NULL)
+-			    continue;
++			    goto lvs_segment_fail2;
+ 			  q = ++p;
+ 			  while (*q != '"')
+ 			    q++;
+@@ -703,7 +715,7 @@ grub_lvm_detect (grub_disk_t disk,
+ 			  p = p ? grub_strchr (p + 1, '"') : 0;
+ 			  p = p ? grub_strchr (p + 1, '"') : 0;
+ 			  if (p == NULL)
+-			    continue;
++			    goto lvs_segment_fail2;
+ 			  q = ++p;
+ 			  while (*q != '"')
+ 			    q++;
+-- 
+2.14.2
+

boot/grub2/0122-disk-lvm-Do-not-overread-metadata.patch

@@ -0,0 +1,111 @@
+From 1155d7dffd3337942cb7583706b429d567d4db86 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Thu, 21 Jan 2021 18:35:22 +1100
+Subject: [PATCH] disk/lvm: Do not overread metadata
+
+We could reach the end of valid metadata and not realize, leading to
+some buffer overreads. Check if we have reached the end and bail.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/disk/lvm.c | 31 +++++++++++++++++++++++++------
+ 1 file changed, 25 insertions(+), 6 deletions(-)
+
+diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
+index bd5ae87..742ecd6 100644
+--- a/grub-core/disk/lvm.c
++++ b/grub-core/disk/lvm.c
+@@ -313,17 +313,23 @@ grub_lvm_detect (grub_disk_t disk,
+ 	  while (1)
+ 	    {
+ 	      grub_ssize_t s;
+-	      while (grub_isspace (*p))
++	      while (grub_isspace (*p) && p < mda_end)
+ 		p++;
+ 
++	      if (p == mda_end)
++		goto fail4;
++
+ 	      if (*p == '}')
+ 		break;
+ 
+ 	      pv = grub_zalloc (sizeof (*pv));
+ 	      q = p;
+-	      while (*q != ' ')
++	      while (*q != ' ' && q < mda_end)
+ 		q++;
+ 
++	      if (q == mda_end)
++		goto pvs_fail_noname;
++
+ 	      s = q - p;
+ 	      pv->name = grub_malloc (s + 1);
+ 	      grub_memcpy (pv->name, p, s);
+@@ -366,6 +372,7 @@ grub_lvm_detect (grub_disk_t disk,
+ 	      continue;
+ 	    pvs_fail:
+ 	      grub_free (pv->name);
++	    pvs_fail_noname:
+ 	      grub_free (pv);
+ 	      goto fail4;
+ 	    }
+@@ -387,18 +394,24 @@ grub_lvm_detect (grub_disk_t disk,
+ 	      struct grub_diskfilter_segment *seg;
+ 	      int is_pvmove;
+ 
+-	      while (grub_isspace (*p))
++	      while (grub_isspace (*p) && p < mda_end)
+ 		p++;
+ 
++	      if (p == mda_end)
++		goto fail4;
++
+ 	      if (*p == '}')
+ 		break;
+ 
+ 	      lv = grub_zalloc (sizeof (*lv));
+ 
+ 	      q = p;
+-	      while (*q != ' ')
++	      while (*q != ' ' && q < mda_end)
+ 		q++;
+ 
++	      if (q == mda_end)
++		goto lvs_fail;
++
+ 	      s = q - p;
+ 	      lv->name = grub_strndup (p, s);
+ 	      if (!lv->name)
+@@ -570,9 +583,12 @@ grub_lvm_detect (grub_disk_t disk,
+ 			  if (p == NULL)
+ 			    goto lvs_segment_fail2;
+ 			  q = ++p;
+-			  while (*q != '"')
++			  while (q < mda_end && *q != '"')
+ 			    q++;
+ 
++			  if (q == mda_end)
++			    goto lvs_segment_fail2;
++
+ 			  s = q - p;
+ 
+ 			  stripe->name = grub_malloc (s + 1);
+@@ -629,9 +645,12 @@ grub_lvm_detect (grub_disk_t disk,
+ 			  if (p == NULL)
+ 			    goto lvs_segment_fail2;
+ 			  q = ++p;
+-			  while (*q != '"')
++			  while (q < mda_end && *q != '"')
+ 			    q++;
+ 
++			  if (q == mda_end)
++			    goto lvs_segment_fail2;
++
+ 			  s = q - p;
+ 
+ 			  lvname = grub_malloc (s + 1);
+-- 
+2.14.2
+

boot/grub2/0123-disk-lvm-Sanitize-rlocn-offset-to-prevent-wild-read.patch

@@ -0,0 +1,41 @@
+From 701293684742d00133b39bf957d3642c81dc83f4 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 22 Jan 2021 14:43:58 +1100
+Subject: [PATCH] disk/lvm: Sanitize rlocn->offset to prevent wild read
+
+rlocn->offset is read directly from disk and added to the metadatabuf
+pointer to create a pointer to a block of metadata. It's a 64-bit
+quantity so as long as you don't overflow you can set subsequent
+pointers to point anywhere in memory.
+
+Require that rlocn->offset fits within the metadata buffer size.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/disk/lvm.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
+index 742ecd6..ed0712f 100644
+--- a/grub-core/disk/lvm.c
++++ b/grub-core/disk/lvm.c
+@@ -211,6 +211,14 @@ grub_lvm_detect (grub_disk_t disk,
+     }
+ 
+   rlocn = mdah->raw_locns;
++  if (grub_le_to_cpu64 (rlocn->offset) >= grub_le_to_cpu64 (mda_size))
++    {
++#ifdef GRUB_UTIL
++      grub_util_info ("metadata offset is beyond end of metadata area");
++#endif
++      goto fail2;
++    }
++
+   if (grub_le_to_cpu64 (rlocn->offset) + grub_le_to_cpu64 (rlocn->size) >
+       grub_le_to_cpu64 (mdah->size))
+     {
+-- 
+2.14.2
+

boot/grub2/0124-disk-lvm-Do-not-allow-a-LV-to-be-it-s-own-segment-s-.patch

@@ -0,0 +1,39 @@
+From e18a00073890021362b4a48097672f1d4b340d3c Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Fri, 22 Jan 2021 14:42:21 +1100
+Subject: [PATCH] disk/lvm: Do not allow a LV to be it's own segment's node's
+ LV
+
+This prevents infinite recursion in the diskfilter verification code.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/disk/lvm.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/grub-core/disk/lvm.c b/grub-core/disk/lvm.c
+index ed0712f..81dc375 100644
+--- a/grub-core/disk/lvm.c
++++ b/grub-core/disk/lvm.c
+@@ -838,9 +838,13 @@ grub_lvm_detect (grub_disk_t disk,
+ 		    }
+ 		if (lv1->segments[i].nodes[j].pv == NULL)
+ 		  for (lv2 = vg->lvs; lv2; lv2 = lv2->next)
+-		    if (grub_strcmp (lv2->name,
+-				     lv1->segments[i].nodes[j].name) == 0)
+-		      lv1->segments[i].nodes[j].lv = lv2;
++		    {
++		      if (lv1 == lv2)
++		        continue;
++		      if (grub_strcmp (lv2->name,
++				       lv1->segments[i].nodes[j].name) == 0)
++			lv1->segments[i].nodes[j].lv = lv2;
++		    }
+ 	      }
+ 	
+       }
+-- 
+2.14.2
+

boot/grub2/0125-fs-btrfs-Validate-the-number-of-stripes-parities-in-.patch

@@ -0,0 +1,33 @@
+From b88a82e78cdd0ab8e0339c1c3f9564c4d8c0c969 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 18 Jan 2021 17:17:16 +1100
+Subject: [PATCH] fs/btrfs: Validate the number of stripes/parities in RAID5/6
+
+This prevents a divide by zero if nstripes == nparities, and
+also prevents propagation of invalid values if nstripes ends up
+less than nparities.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/btrfs.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index 2b65bd5..e4e87ba 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -1076,6 +1076,9 @@ grub_btrfs_read_logical (struct grub_btrfs_data *data, grub_disk_addr_t addr,
+ 	       * stripen is computed without the parities
+ 	       * (0 for A0, A1, A2, 1 for B0, B1, B2, etc.).
+ 	       */
++	      if (nparities >= nstripes)
++		return grub_error (GRUB_ERR_BAD_FS,
++				   "invalid RAID5/6: nparities >= nstripes");
+ 	      high = grub_divmod64 (stripe_nr, nstripes - nparities, &stripen);
+ 
+ 	      /*
+-- 
+2.14.2
+

boot/grub2/0126-fs-btrfs-Squash-some-uninitialized-reads.patch

@@ -0,0 +1,43 @@
+From b911884dd707ba1e6f641eb17857df3155013a45 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Mon, 18 Jan 2021 17:27:18 +1100
+Subject: [PATCH] fs/btrfs: Squash some uninitialized reads
+
+We need to check errors before calling into a function that uses the result.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/fs/btrfs.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/grub-core/fs/btrfs.c b/grub-core/fs/btrfs.c
+index e4e87ba..d489cb0 100644
+--- a/grub-core/fs/btrfs.c
++++ b/grub-core/fs/btrfs.c
+@@ -381,9 +381,9 @@ next (struct grub_btrfs_data *data,
+ 
+       err = grub_btrfs_read_logical (data, grub_le_to_cpu64 (node.addr),
+ 				     &head, sizeof (head), 0);
+-      check_btrfs_header (data, &head, grub_le_to_cpu64 (node.addr));
+       if (err)
+ 	return -err;
++      check_btrfs_header (data, &head, grub_le_to_cpu64 (node.addr));
+ 
+       save_ref (desc, grub_le_to_cpu64 (node.addr), 0,
+ 		grub_le_to_cpu32 (head.nitems), !head.level);
+@@ -443,9 +443,9 @@ lower_bound (struct grub_btrfs_data *data,
+       /* FIXME: preread few nodes into buffer. */
+       err = grub_btrfs_read_logical (data, addr, &head, sizeof (head),
+ 				     recursion_depth + 1);
+-      check_btrfs_header (data, &head, addr);
+       if (err)
+ 	return err;
++      check_btrfs_header (data, &head, addr);
+       addr += sizeof (head);
+       if (head.level)
+ 	{
+-- 
+2.14.2
+

boot/grub2/0127-kern-parser-Fix-a-memory-leak.patch

@@ -0,0 +1,77 @@
+From c6c426e5ab6ea715153b72584de6bd8c82f698ec Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Wed, 18 Nov 2020 00:59:24 +0000
+Subject: [PATCH] kern/parser: Fix a memory leak
+
+The getline() function supplied to grub_parser_split_cmdline() returns
+a newly allocated buffer and can be called multiple times, but the
+returned buffer is never freed.
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/kern/parser.c | 20 ++++++++++++++++----
+ 1 file changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c
+index d1cf061..39e4df6 100644
+--- a/grub-core/kern/parser.c
++++ b/grub-core/kern/parser.c
+@@ -140,6 +140,7 @@ grub_parser_split_cmdline (const char *cmdline,
+   char buffer[1024];
+   char *bp = buffer;
+   char *rd = (char *) cmdline;
++  char *rp = rd;
+   char varname[200];
+   char *vp = varname;
+   char *args;
+@@ -149,10 +150,18 @@ grub_parser_split_cmdline (const char *cmdline,
+   *argv = NULL;
+   do
+     {
+-      if (!rd || !*rd)
++      if (rp == NULL || *rp == '\0')
+ 	{
++	  if (rd != cmdline)
++	    {
++	      grub_free (rd);
++	      rd = rp = NULL;
++	    }
+ 	  if (getline)
+-	    getline (&rd, 1, getline_data);
++	    {
++	      getline (&rd, 1, getline_data);
++	      rp = rd;
++	    }
+ 	  else
+ 	    break;
+ 	}
+@@ -160,12 +169,12 @@ grub_parser_split_cmdline (const char *cmdline,
+       if (!rd)
+ 	break;
+ 
+-      for (; *rd; rd++)
++      for (; *rp != '\0'; rp++)
+ 	{
+ 	  grub_parser_state_t newstate;
+ 	  char use;
+ 
+-	  newstate = grub_parser_cmdline_state (state, *rd, &use);
++	  newstate = grub_parser_cmdline_state (state, *rp, &use);
+ 
+ 	  /* If a variable was being processed and this character does
+ 	     not describe the variable anymore, write the variable to
+@@ -198,6 +207,9 @@ grub_parser_split_cmdline (const char *cmdline,
+     }
+   while (state != GRUB_PARSER_STATE_TEXT && !check_varstate (state));
+ 
++  if (rd != cmdline)
++    grub_free (rd);
++
+   /* A special case for when the last character was part of a
+      variable.  */
+   add_var (varname, &bp, &vp, state, GRUB_PARSER_STATE_TEXT);
+-- 
+2.14.2
+

boot/grub2/0128-kern-parser-Introduce-process_char-helper.patch

@@ -0,0 +1,120 @@
+From b1c9e9e889e4273fb15712051c887e6078511448 Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Tue, 5 Jan 2021 22:17:28 +0000
+Subject: [PATCH] kern/parser: Introduce process_char() helper
+
+grub_parser_split_cmdline() iterates over each command line character.
+In order to add error checking and to simplify the subsequent error
+handling, split the character processing in to a separate function.
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/kern/parser.c | 74 ++++++++++++++++++++++++++++++-------------------
+ 1 file changed, 46 insertions(+), 28 deletions(-)
+
+diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c
+index 39e4df6..0d3582b 100644
+--- a/grub-core/kern/parser.c
++++ b/grub-core/kern/parser.c
+@@ -1,7 +1,7 @@
+ /* parser.c - the part of the parser that can return partial tokens */
+ /*
+  *  GRUB  --  GRand Unified Bootloader
+- *  Copyright (C) 2005,2007,2009  Free Software Foundation, Inc.
++ *  Copyright (C) 2005,2007,2009,2021  Free Software Foundation, Inc.
+  *
+  *  GRUB is free software: you can redistribute it and/or modify
+  *  it under the terms of the GNU General Public License as published by
+@@ -129,6 +129,46 @@ add_var (char *varname, char **bp, char **vp,
+     *((*bp)++) = *val;
+ }
+ 
++static grub_err_t
++process_char (char c, char *buffer, char **bp, char *varname, char **vp,
++	      grub_parser_state_t state, int *argc,
++	      grub_parser_state_t *newstate)
++{
++  char use;
++
++  *newstate = grub_parser_cmdline_state (state, c, &use);
++
++  /*
++   * If a variable was being processed and this character does
++   * not describe the variable anymore, write the variable to
++   * the buffer.
++   */
++  add_var (varname, bp, vp, state, *newstate);
++
++  if (check_varstate (*newstate))
++    {
++      if (use)
++	*((*vp)++) = use;
++    }
++  else if (*newstate == GRUB_PARSER_STATE_TEXT &&
++	   state != GRUB_PARSER_STATE_ESC && grub_isspace (use))
++    {
++      /*
++       * Don't add more than one argument if multiple
++       * spaces are used.
++       */
++      if (*bp != buffer && *((*bp) - 1) != '\0')
++	{
++	  *((*bp)++) = '\0';
++	  (*argc)++;
++	}
++    }
++  else if (use)
++    *((*bp)++) = use;
++
++  return GRUB_ERR_NONE;
++}
++
+ grub_err_t
+ grub_parser_split_cmdline (const char *cmdline,
+ 			   grub_reader_getline_t getline, void *getline_data,
+@@ -172,35 +212,13 @@ grub_parser_split_cmdline (const char *cmdline,
+       for (; *rp != '\0'; rp++)
+ 	{
+ 	  grub_parser_state_t newstate;
+-	  char use;
+-
+-	  newstate = grub_parser_cmdline_state (state, *rp, &use);
+ 
+-	  /* If a variable was being processed and this character does
+-	     not describe the variable anymore, write the variable to
+-	     the buffer.  */
+-	  add_var (varname, &bp, &vp, state, newstate);
+-
+-	  if (check_varstate (newstate))
+-	    {
+-	      if (use)
+-		*(vp++) = use;
+-	    }
+-	  else
++	  if (process_char (*rp, buffer, &bp, varname, &vp, state, argc,
++			    &newstate) != GRUB_ERR_NONE)
+ 	    {
+-	      if (newstate == GRUB_PARSER_STATE_TEXT
+-		  && state != GRUB_PARSER_STATE_ESC && grub_isspace (use))
+-		{
+-		  /* Don't add more than one argument if multiple
+-		     spaces are used.  */
+-		  if (bp != buffer && *(bp - 1))
+-		    {
+-		      *(bp++) = '\0';
+-		      (*argc)++;
+-		    }
+-		}
+-	      else if (use)
+-		*(bp++) = use;
++	      if (rd != cmdline)
++		grub_free (rd);
++	      return grub_errno;
+ 	    }
+ 	  state = newstate;
+ 	}
+-- 
+2.14.2
+

boot/grub2/0129-kern-parser-Introduce-terminate_arg-helper.patch

@@ -0,0 +1,66 @@
+From 3d157bbd06506b170fde5ec23980c4bf9f7660e2 Mon Sep 17 00:00:00 2001
+From: Chris Coulson <chris.coulson@canonical.com>
+Date: Thu, 7 Jan 2021 19:53:55 +0000
+Subject: [PATCH] kern/parser: Introduce terminate_arg() helper
+
+process_char() and grub_parser_split_cmdline() use similar code for
+terminating the most recent argument. Add a helper function for this.
+
+Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
+---
+ grub-core/kern/parser.c | 23 +++++++++++++----------
+ 1 file changed, 13 insertions(+), 10 deletions(-)
+
+diff --git a/grub-core/kern/parser.c b/grub-core/kern/parser.c
+index 0d3582b..572c670 100644
+--- a/grub-core/kern/parser.c
++++ b/grub-core/kern/parser.c
+@@ -129,6 +129,16 @@ add_var (char *varname, char **bp, char **vp,
+     *((*bp)++) = *val;
+ }
+ 
++static void
++terminate_arg (char *buffer, char **bp, int *argc)
++{
++  if (*bp != buffer && *((*bp) - 1) != '\0')
++    {
++      *((*bp)++) = '\0';
++      (*argc)++;
++    }
++}
++
+ static grub_err_t
+ process_char (char c, char *buffer, char **bp, char *varname, char **vp,
+ 	      grub_parser_state_t state, int *argc,
+@@ -157,11 +167,7 @@ process_char (char c, char *buffer, char **bp, char *varname, char **vp,
+        * Don't add more than one argument if multiple
+        * spaces are used.
+        */
+-      if (*bp != buffer && *((*bp) - 1) != '\0')
+-	{
+-	  *((*bp)++) = '\0';
+-	  (*argc)++;
+-	}
++      terminate_arg (buffer, bp, argc);
+     }
+   else if (use)
+     *((*bp)++) = use;
+@@ -232,11 +238,8 @@ grub_parser_split_cmdline (const char *cmdline,
+      variable.  */
+   add_var (varname, &bp, &vp, state, GRUB_PARSER_STATE_TEXT);
+ 
+-  if (bp != buffer && *(bp - 1))
+-    {
+-      *(bp++) = '\0';
+-      (*argc)++;
+-    }
++  /* Ensure that the last argument is terminated. */
++  terminate_arg (buffer, &bp, argc);
+ 
+   /* If there are no args, then we're done. */
+   if (!*argc)
+-- 
+2.14.2
+