After two years of development, the stable release of the modular, multi-platform GNU GRUB (GRand Unified Bootloader) is now available. GRUB supports a wide range of platforms, including standard BIOS-based PCs, IEEE-1275 platforms (PowerPC/Sparc64-based hardware), EFI systems, systems with RISC-V, Loongson, Itanium, ARM, ARM64, LoongArch, and ARCS (SGI) processors, and devices using the open-source CoreBoot package. The project's code is written in C and distributed under the GPLv3 license.
Main innovations:
- Added support for monitoring data integrity in LVM logical volumes (LVM LV), implemented using dm-integrity.
- Added support for configurations that use LVM cachevol to speed up access to slow disks by caching data on fast drives.
- Support has been added for the EROFS (Extendable Read-Only File System), a file system developed by Huawei for use on read-only partitions. The EROFS structure has been significantly simplified by eliminating some metadata areas, such as the free block bitmap, during implementation. EROFS supports compressed data storage, but uses a different approach for storing compressed blocks, optimized for high performance during random data access.
- Added the ability to place a block of GRUB environment variables in a reserved area of the Btrfs filesystem header. These variables can store information about the default boot partition.
- Added support for running GRUB EFI images in NX (No Execute) protection mode, which prohibits the execution of instructions in memory areas not specifically marked as executable.
- Added support for the Shim loader protocol, used for verified loading of the shim layer for booting in UEFI Secure Boot mode.
- Added support for loading unified kernel images (UKIs) that combine a handler for loading the kernel from UEFI (UEFI boot stub), a Linux kernel image, and an initrd system environment loaded into memory, used for initialization before mounting the root filesystem. The UKI image is packaged as a single executable file in PE format, which can be loaded using traditional bootloaders or directly invoked from the UEFI firmware.
- Added support for the universal bootloader configuration in the BLS (Boot Loader Specification) format, for parsing which the blscfg command has been implemented.
- Added support for the Argon2 password hashing scheme.
- Added support for the "TPM2 key protector" mechanism for automatically unlocking an encrypted partition at boot, thanks to storing information for decrypting keys in the TPM (Trusted Platform Module).
- Added support for the Appended Signature (used to attach a signature to Linux kernel modules without modifying the file itself) when verifying boot in Secure Boot mode on PowerPC systems.
- Implemented the "--disable-cli" option to lock the GRUB command line interface and prevent editing of menu items.
- Added support for dates outside the range 1901-2038.
- Added support for decompressing data compressed using the ZSTD algorithm.
- The transition to the new branch of the cryptographic library Libgcrypt 1.11.0 has been made (previously, the libgcrypt 1.5.3 release, created in 2013, was used).
- Accumulated vulnerabilities have been eliminated (1, 2).
Source: opennet.ru
