Bug#988876: grub-efi-amd64: outb command no longer works

2021-05-21 Thread Marco Kühnel 
UEFI Secure Boot is disabled. The machine is a Macbook8,3 converted to a pure 
Linux box, however. So, the EFI firmware might be damaged. Thank you for the 
clarification.

In order to disable the (not properly supported) discrete graphics card, I 
need to execute the mentioned outb commands. Indeed, I edited /etc/grub.d/
10_linux in order to do this. 


signature.asc
Description: This is a digitally signed message part.

Bug#988876: grub-efi-amd64: outb command no longer works

2021-05-20 Thread Colin Watson 
On Thu, May 20, 2021 at 06:13:16PM +0200, Marco Kühnel wrote:
> After a fresh install of debian buster a grub.cfg containing an outb command 
> throws the error "outb command not found" (and, in my case, 
> cannot start lightdm thereafter). This problem does not appear when 
> downgrading all installed grub packages to version 
> 2.02+dfsg1-20+deb10u3. 

Can you clarify whether you have UEFI Secure Boot enabled?  The outb
command had to be disabled in Secure Boot mode, because it could be used
to subvert boot security mechanisms.  Systems that use the outb command
will have to disable Secure Boot, or find some other way to achieve the
same effect.

> outb 0x728 1
> outb 0x710 2
> outb 0x740 2
> outb 0x750 0

I'm just noting explicitly here that these are local customizations to
grub.cfg (presumably by way of editing /etc/grub.d/10_linux or similar),
and not in the default setup.

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Bug#988876: grub-efi-amd64: outb command no longer works

2021-05-20 Thread Marco Kühnel 
Package: grub-efi-amd64
Version: 2.02+dfsg1-20+deb10u4
Severity: important
Tags: d-i

After a fresh install of debian buster a grub.cfg containing an outb command 
throws the error "outb command not found" (and, in my case, 
cannot start lightdm thereafter). This problem does not appear when downgrading 
all installed grub packages to version 
2.02+dfsg1-20+deb10u3. 

-- Package-specific info:

*** BEGIN /proc/mounts
/dev/sdb4 / ext4 rw,relatime,errors=remount-ro 0 0
/dev/sdb9 /home ext4 rw,relatime 0 0
/dev/sdb5 /var ext4 rw,relatime 0 0
/dev/sdb2 /home/mac/macOS ext4 rw,relatime 0 0
/dev/sdb7 /tmp ext4 rw,relatime 0 0
/dev/sdb3 /boot/efi vfat 
rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro
 0 0
*** END /proc/mounts

*** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
insmod iorw
if [ -s $prefix/grubenv ]; then
  set have_grubenv=true
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
  fi
}
function load_video {
  if [ x$feature_all_video_module = xy ]; then
insmod all_video
  else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
  fi
}

if [ x$feature_default_font_path = xy ] ; then
   font=unicode
else
insmod part_gpt
insmod ext2
set root='hd1,gpt4'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd1,gpt4 
--hint-efi=hd1,gpt4 --hint-baremetal=ahci1,gpt4  
fb7e40d6-bc1d-447c-b907-accd056dc7eb
else
  search --no-floppy --fs-uuid --set=root fb7e40d6-bc1d-447c-b907-accd056dc7eb
fi
font="/usr/share/grub/unicode.pf2"
fi

if loadfont $font ; then
  set gfxmode=1440x900
  load_video
  insmod gfxterm
  set locale_dir=$prefix/locale
  set lang=de_DE
  insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
  set timeout=30
else
  if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
  # Fallback normal timeout code in case the timeout_style feature is
  # unavailable.
  else
set timeout=5
  fi
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_gpt
insmod ext2
set root='hd1,gpt4'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd1,gpt4 
--hint-efi=hd1,gpt4 --hint-baremetal=ahci1,gpt4  
fb7e40d6-bc1d-447c-b907-accd056dc7eb
else
  search --no-floppy --fs-uuid --set=root fb7e40d6-bc1d-447c-b907-accd056dc7eb
fi
insmod png
if background_image 
/usr/share/desktop-base/futureprototype-theme/grub/grub-4x3.png; then
  set color_normal=white/black
  set color_highlight=black/white
else
  set menu_color_normal=cyan/blue
  set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###

### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu 
--class os $menuentry_id_option 
'gnulinux-simple-fb7e40d6-bc1d-447c-b907-accd056dc7eb' {
load_video
outb 0x728 1
outb 0x710 2
outb 0x740 2
outb 0x750 0
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd1,gpt4'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root --hint-bios=hd1,gpt4 
--hint-efi=hd1,gpt4 --hint-baremetal=ahci1,gpt4  
fb7e40d6-bc1d-447c-b907-accd056dc7eb
else
  search --no-floppy --fs-uuid --set=root 
fb7e40d6-bc1d-447c-b907-accd056dc7eb
fi
echo'Linux 4.19.0-16-amd64 wird geladen …'
linux   /boot/vmlinuz-4.19.0-16-amd64 
root=UUID=fb7e40d6-bc1d-447c-b907-accd056dc7eb ro  quiet splash i915.modeset=1 
i915.lvds_channel_mode=2 i915.lvds_use_ssc=0 libata.force=noncq
echo'Initiale Ramdisk wird geladen …'
initrd  /boot/initrd.img-4.19.0-16-amd64
}
submenu 'Erweiterte Optionen für Debian GNU/Linux' $menuentry_id_option 
'gnulinux-advanced-fb7e40d6-bc1d-447c-b907-accd056dc7eb' {
menuentry 'Debian GNU/Linux, mit Linux 4.19.0-16-amd64' --class debian 
-