From e8d54384d2b49983ba17471527db797159bfede4 Mon Sep 17 00:00:00 2001 From: srs5694 Date: Thu, 5 Nov 2015 21:53:56 -0500 Subject: [PATCH] Better reporting of SIP problems; minor code cleanup. --- NEWS.txt | 10 ++++++++++ mvrefind | 2 +- refind-install | 10 ++++------ refind.conf-sample | 2 +- refind/apple.c | 16 +++++++--------- refind/apple.h | 2 +- 6 files changed, 24 insertions(+), 18 deletions(-) diff --git a/NEWS.txt b/NEWS.txt index f661e60..74a3133 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,6 +1,16 @@ 0.9.3 (??/??/2015): ------------------- +- Modified refind-install and mkrlconf scripts to use /proc/cmdline as + source for default boot options EXCEPT when refind-install receives the + --root option. In that case, refind-install continues to use + /etc/default/grub as the source of default options. The idea behind this + change is that it's more reliable to get boot options from /proc/cmdline + when the targeted system is the one that's booted; but --root would be + used from emergency disks or live CDs, in which case the current boot + options would be completely wrong, so extracting boot options from GRUB + files is the best bet for getting close to the right options. + - Added "@/boot" to default also_scan_dirs setting. This makes kernels show up on Btrfs volumes under Ubuntu (and perhaps others), at least when the Btrfs driver is loaded. diff --git a/mvrefind b/mvrefind index 6b16a1a..d910a55 100755 --- a/mvrefind +++ b/mvrefind @@ -12,7 +12,7 @@ # # Revision history: # -# 0.9.3 -- Renamed from mvrefind.sh to mvrefind +# 0.10.0 -- Renamed from mvrefind.sh to mvrefind # 0.6.3 -- Initial release # # Note: mvrefind version numbers match those of the rEFInd package diff --git a/refind-install b/refind-install index 663c612..c851952 100755 --- a/refind-install +++ b/refind-install @@ -36,9 +36,10 @@ # # Revision history: # -# 0.9.3 -- Enable running under OS X's recovery system & add warning about +# 0.10.0 -- Enable running under OS X's recovery system & add warning about # SIP & brief instructions on how to deal with it if SIP is -# detected to be enabled. +# detected to be enabled. Also change way refind_linux.conf default +# options are found; use /proc/cmdline as base. # 0.9.2 -- Added --keepname option. # 0.8.7 -- Better detection of Secure Boot mode & fixed errors when copying # Shim & MokManager files over themselves; fixed bug that caused @@ -167,7 +168,7 @@ GetParams() { echo "or --preloader! Aborting!" exit 1 fi - if [[ "$KeepName" == 1 && ("$OSTYPE" != "linux" && "$OSTYPE" != "linux-gnu") ]] ; then + if [[ "$KeepName" == 1 && "$OSTYPE" != "linux" && "$OSTYPE" != "linux-gnu" ]] ; then echo "The --keepname option is valid only under Linux! Aborting!" exit 1 fi @@ -1073,15 +1074,12 @@ GenerateRefindLinuxConf() { else echo "Creating $RLConfFile; edit it to adjust kernel options." RootFS=`df "$RootDir" | grep dev | cut -f 1 -d " "` - echo "RootFS starts as $RootFS" StartOfDevname=`echo "$RootFS" | cut -b 1-7` if [[ "$StartOfDevname" == "/dev/sd" || "$StartOfDevName" == "/dev/hd" ]] ; then # Identify root filesystem by UUID rather than by device node, if possible Uuid=`blkid -o export -s UUID "$RootFS" 2> /dev/null | grep UUID=` if [[ -n $Uuid ]] ; then RootFS="$Uuid" - echo "Uuid is $Uuid" - echo "Adjusting RootFS to $RootFS" fi fi if [[ $RootDir == "/" ]] ; then diff --git a/refind.conf-sample b/refind.conf-sample index 2f6c38a..a1c57b5 100644 --- a/refind.conf-sample +++ b/refind.conf-sample @@ -386,7 +386,7 @@ timeout 20 # non-Apple computers. # The default is inactive (no OS X spoofing is done). # -#spoof_osx_version "10.9" +#spoof_osx_version 10.9 # Set the CSR values for Apple's System Integrity Protection (SIP) feature. # Values are one-byte (two-character) hexadecimal numbers. These values diff --git a/refind/apple.c b/refind/apple.c index e5bc99a..6225d9a 100644 --- a/refind/apple.c +++ b/refind/apple.c @@ -26,7 +26,7 @@ #include "apple.h" #include "refit_call_wrapper.h" -CHAR16 *gCsrStatus = NULL; +CHAR16 gCsrStatus[256]; // Get CSR (Apple's System Integrity Protection [SIP], or "rootless") status // information. @@ -43,6 +43,7 @@ EFI_STATUS GetCsrStatus(UINT32 *CsrStatus) { *CsrStatus = *ReturnValue; } else { Status = EFI_BAD_BUFFER_SIZE; + SPrint(gCsrStatus, 255, L" Unknown System Integrity Protection version"); } MyFreePool(ReturnValue); } // if (Status == EFI_SUCCESS) @@ -50,7 +51,7 @@ EFI_STATUS GetCsrStatus(UINT32 *CsrStatus) { return Status; } // INTN GetCsrStatus() -// Store string describing CSR status byte in gCsrStatus variable, which appears +// Store string describing CSR status value in gCsrStatus variable, which appears // on the Info page. If DisplayMessage is TRUE, displays the new value of // gCsrStatus on the screen for three seconds. VOID RecordgCsrStatus(UINT32 CsrStatus, BOOLEAN DisplayMessage) { @@ -61,9 +62,6 @@ VOID RecordgCsrStatus(UINT32 CsrStatus, BOOLEAN DisplayMessage) { BGColor.r = 100; BGColor.a = 0; - if (gCsrStatus == NULL) - gCsrStatus = AllocateZeroPool(256 * sizeof(CHAR16)); - switch (CsrStatus) { case SIP_ENABLED: SPrint(gCsrStatus, 255, L" System Integrity Protection is enabled (0x%02x)", CsrStatus); @@ -83,11 +81,9 @@ VOID RecordgCsrStatus(UINT32 CsrStatus, BOOLEAN DisplayMessage) { // Find the current CSR status and reset it to the next one in the // GlobalConfig.CsrValues list, or to the first value if the current // value is not on the list. -// Returns the value to which the CSR is being set. VOID RotateCsrValue(VOID) { - UINT32 CurrentValue; + UINT32 CurrentValue, TargetCsr; UINT32_LIST *ListItem; - UINT32 TargetCsr; EFI_GUID CsrGuid = CSR_GUID; EFI_STATUS Status; @@ -104,8 +100,10 @@ VOID RotateCsrValue(VOID) { Status = EfivarSetRaw(&CsrGuid, L"csr-active-config", (CHAR8 *) &TargetCsr, 4, TRUE); if (Status == EFI_SUCCESS) RecordgCsrStatus(TargetCsr, TRUE); + else + SPrint(gCsrStatus, 255, L" Error setting System Integrity Protection code."); } // if -} // INTN RotateCsrValue() +} // VOID RotateCsrValue() /* diff --git a/refind/apple.h b/refind/apple.h index 17ed155..94062b1 100644 --- a/refind/apple.h +++ b/refind/apple.h @@ -48,7 +48,7 @@ CSR_ALLOW_UNRESTRICTED_DTRACE | \ CSR_ALLOW_UNRESTRICTED_NVRAM) -extern CHAR16 *gCsrStatus; +extern CHAR16 gCsrStatus[256]; EFI_STATUS GetCsrStatus(UINT32 *CsrValue); VOID RecordgCsrStatus(UINT32 CsrStatus, BOOLEAN DisplayMessage); -- 2.39.2