From f05e79a0143beb2d9a482a3ebf4fe0ce76778122 Mon Sep 17 00:00:00 2001 From: Javier Martinez Canillas Date: Sat, 7 Nov 2020 01:03:18 +0100 Subject: [PATCH] docs: Document the cutmem command The command is not present in the docs/grub.texi user documentation. Reported-by: Daniel Kiper Signed-off-by: Javier Martinez Canillas Signed-off-by: Daniel Kiper Reviewed-by: Javier Martinez Canillas Signed-off-by: Stefan Sørensen --- docs/grub.texi | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/docs/grub.texi b/docs/grub.texi index 79f58c5..8518cc0 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -3892,6 +3892,7 @@ you forget a command, you can run the command @command{help} * cpuid:: Check for CPU features * crc:: Compute or check CRC32 checksums * cryptomount:: Mount a crypto device +* cutmem:: Remove memory regions * date:: Display or set current date and time * devicetree:: Load a device tree blob * distrust:: Remove a pubkey from trusted keys @@ -4051,6 +4052,8 @@ this page is to be filtered. This syntax makes it easy to represent patterns that are often result of memory damage, due to physical distribution of memory cells. +The command is similar to @command{cutmem} command. + Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). This prevents removing EFI memory regions to potentially subvert the security mechanisms provided by the UEFI secure boot. @@ -4214,6 +4217,24 @@ GRUB suports devices encrypted using LUKS and geli. Note that necessary modules be used. @end deffn +@node cutmem +@subsection cutmem + +@deffn Command cutmem from[K|M|G] to[K|M|G] +Remove any memory regions in specified range. +@end deffn + +This command notifies the memory manager that specified regions of RAM ought to +be filtered out. This remains in effect after a payload kernel has been loaded +by GRUB, as long as the loaded kernel obtains its memory map from GRUB. Kernels +that support this include Linux, GNU Mach, the kernel of FreeBSD and Multiboot +kernels in general. + +The command is similar to @command{badram} command. + +Note: The command is not allowed when lockdown is enforced (@pxref{Lockdown}). + This prevents removing EFI memory regions to potentially subvert the + security mechanisms provided by the UEFI secure boot. @node date @subsection date -- 2.14.2