Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This fixes gcc warnings from -Waddress-of-packed-member and -Wzero-length-bounds.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
---
tpm_drivers.c: In function ‘spapr_send_crq_and_wait’:
tpm_drivers.c:153:2: warning: converting a packed ‘struct crq’ pointer (alignment 1) to a ‘uint64_t’ {aka ‘long long unsigned int’} pointer alignment 8) may result in an unaligned pointer value [-Waddress-of-packed-member]
153 | rc = hv_send_crq(unit, (uint64_t *)crq);
| ^~
tpm_drivers.c:34:8: note: defined here
34 | struct crq {
| ^~~
tpm_drivers.c: In function ‘spapr_vtpm_senddata’:
tpm_drivers.c:346:2: warning: converting a packed ‘struct crq’ pointer (alignment 1) to a ‘uint64_t’ {aka ‘long long unsigned int’} pointer (alignment 8) may result in an unaligned pointer value [-Waddress-of-packed-member]
346 | rc = hv_send_crq(spapr_vtpm.unit, (uint64_t *)&crq);
| ^~
tpm_drivers.c:34:8: note: defined here
34 | struct crq {
| ^~~
[CC] common-libs
[CC] common-libs
tcgbios.c: In function ‘tpm20_write_EfiSpecIdEventStruct’:
tcgbios.c:708:24: warning: array subscript ‘numAlgs’ is outside the bounds of an interior zero-length array ‘struct TCG_EfiSpecIdEventAlgorithmSize[0]’ [-Wzero-length-bounds]
708 | event.hdr.digestSizes[numAlgs].algorithmId =
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
In file included from tpm_drivers.h:20,
from tcgbios.c:27:
tcgbios_int.h:92:4: note: while referencing ‘digestSizes’
92 | } digestSizes[0];
| ^~~~~~~~~~~
tcgbios.c:710:24: warning: array subscript ‘numAlgs’ is outside the bounds of an interior zero-length array ‘struct TCG_EfiSpecIdEventAlgorithmSize[0]’ [-Wzero-length-bounds]
710 | event.hdr.digestSizes[numAlgs].digestSize = cpu_to_log16(hsize);
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
In file included from tpm_drivers.h:20,
from tcgbios.c:27:
tcgbios_int.h:92:4: note: while referencing ‘digestSizes’
92 | } digestSizes[0];
| ^~~~~~~~~~~
|
|
The #define in version.h does not match the #ifndef in the line before
due to a typo in the suffix ("_F" instead of "_H"). Fix it, and while
we're at it, also remove the underscore at the beginning to avoid that
we're using an identifier here that is reserved by the C standard.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Fix two details of the logs:
- Set the filed SpecErrata to 2 as required by specs.
- Write the separator into the log entry's event field.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
The only exception is -Wno-unused-parameter, one thing at the time.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Note this adds MIN() in tpm_gpt_set_lba1() so it may potentially fail
which is unlikely as the length comes from disk-label's block-size which
is used in other places.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
This also fixes unused parameters warning by passing meaningful value and
doing sanity checks.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* updated commit log about using AF_INET/etc
* replaced cast to int with size_t in pxelinux_load_cfg
* added (alen == 0) in ping()
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes with
one exception of -Wunused-parameter - this fixes it for debug macros only
and leave the rest for the future as more functional change is needed.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* updated debug macros to fix -Wunused-parameter
---
These are not fixed:
====== Building common libraries ======
[CC] usb-core.o
[CC] usb-ohci.o
[CC] usb-hid.o
[CC] usb-xhci.o
/home/aik/p/slof/lib/libusb/usb-core.c: In function ‘usb_set_address’:
/home/aik/p/slof/lib/libusb/usb-core.c:244:58: warning: unused parameter ‘port’ [-Wunused-parameter]
static int usb_set_address(struct usb_dev *dev, uint32_t port)
^~~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘xhci_send_enable_slot’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:353:67: warning: unused parameter ‘port’ [-Wunused-parameter]
static void xhci_send_enable_slot(struct xhci_hcd *xhcd, uint32_t port)
^~~~
/home/aik/p/slof/lib/libusb/usb-ohci.c: In function ‘ohci_dump_regs’:
/home/aik/p/slof/lib/libusb/usb-ohci.c:42:46: warning: unused parameter ‘regs’ [-Wunused-parameter]
static void ohci_dump_regs(struct ohci_regs *regs)
^~~~
/home/aik/p/slof/lib/libusb/usb-core.c: In function ‘usb_handle_device’:
/home/aik/p/slof/lib/libusb/usb-core.c:444:80: warning: unused parameter ‘cfg’ [-Wunused-parameter]
static int usb_handle_device(struct usb_dev *dev, struct usb_dev_config_descr *cfg,
^~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘fill_setup_trb’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:1026:13: warning: unused parameter ‘size’ [-Wunused-parameter]
uint32_t size)
^~~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘xhci_transfer_bulk’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:1217:60: warning: unused parameter ‘td’ [-Wunused-parameter]
static int xhci_transfer_bulk(struct usb_pipe *pipe, void *td, void *td_phys,
^~
/home/aik/p/slof/lib/libusb/usb-xhci.c:1217:70: warning: unused parameter ‘td_phys’ [-Wunused-parameter]
static int xhci_transfer_bulk(struct usb_pipe *pipe, void *td, void *td_phys,
^~~~~~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘xhci_get_pipe_intr’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:1364:22: warning: unused parameter ‘len’ [-Wunused-parameter]
char *buf, size_t len)
^~~
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
This changes the return value for the case when no ELF headers were found
to avoid (ugly-ish) cast of -1 to unsigned.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* cast the return value to (int)
* added missing (long)
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* replaced cast to int with cast to size_t
|
|
We already have MAX() defined, add MIN() to the common helpers header.
Using the common helper also fixes a bug in tpmdrivers's MIN() where
it was reverted.
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* updated the comment about a fixed bug
|
|
These likely were a blind copy-n-paste from hvterm.fs, but they
simply do not make any sense in virtio-serial.fs. The hvterm.fs is
always included from OF.fs, so the serial-* words are globally there.
virtio-serial.fs is only used within the virtio-serial device tree
nodes, to adding the serial-* words there is just superfluous.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
A loop over peers does not need recursion which becomes a problem with
hundreds devices.
This was discovered with "-smp 2048,cores=512,threads=4".
Suggested-by: Jordan Niethe <jniethe5@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
On QEMU pseries (and alike environments) the PC starts at 0x100, hence SLOF
starts at address 0x100, not at 0x0 as the current comment informs. After
that fix the comment also matches the comment above it about the __start
load position, which is correct.
Signed-off-by: Gustavo Romero <gromero@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Measure the bootloader file read from disk into PCR 4 and log it with
the description 'BOOTLOADER' and the event type EV_COMPACT_HASH
(code 0xc). Since the loaded file should be an ELF file, have its size
determined and only the bytes from the ELF image measured rather than
the whole buffer that it was read into and is much bigger (0x700000
bytes).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Implement tpm_hash_log_extend_event_buffer() that allows to measure
the contents of a buffer into a given PCR and log it with the
given event type and description. The caller may choose to have
the size of an ELF image file detected so that only data from the
ELF image are hashed rather than the much larger buffer.
Besides using this function call now for measuring the bootloader
read from a GPT partition, we also intend to use it for calls from
the firmware API that allow us to measure and log data from a boot
loader, such as grub. Grub will then invoke this function with a
buffer whose size it knows and will not need the ELF file size
detection.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Implement elf_get_file_size to determine the size of an ELF image
that has been loaded into a buffer much larger than the actual size
of the original file. We determine the size by searching for the
farthest offset declared by the ELF headers.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Add support for SHA3 type of algorithms that the vTPM may support
some time in the future.
The algorithms are assigned in "TCG Algorithm Registry"
https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The vendorInfoSize is a uint8_t rather than a uint32_t.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Only write the logs for those PCRs that are allocated in
banks.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The default .o:.c rule passes a short file name to gcc to when doing
"make -C <dir>", we do this a lot for all the libraries.
The file names printed in gcc errors are relative to <dir> and this
prevents vim from navigating through errors.
This passes the full file name to gcc to make it print errors with
absolute path so vim can navigate through errors nicely.
This makes it optional when V=1 or V=2 is passed.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Recent commit cf28264196e5 fixed an issue where a virtio-serial device
wouldn't shutdown properly during quiesce. The fix is to close stdout
just before quiesce. As expected this causes some messages to not
appear anymore, like the well known ones from prom_init():
Quiescing Open Firmware ...
Booting Linux via __start() @ 0x0000000002000000 ...
Actually all messages are discarded until the OS driver finally takes
control of the device, which may represent a fair amount of logging.
This is suboptimal but this still better than hanging in SLOF.
The hammer is a bit too big though because the change also affects
spapr-vty based consoles, which have no reason to stop working
after quiesce.
Move the hack from the common code to the virtio-serial code so that
it doesn't affect other device types anymore. Register a quiesce hook
that closes stdout in virtio-serial.fs.
While here, as suggested by Segher, bring back some robustness in the
shutdown method.
Reported-by: Fabiano Rosas <farosas@linux.ibm.com>
Fixes: cf28264196e5 "virtio-serial: Rework shutdown sequence"
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This reverts commit 674d0d0cf66d4 ("rtas: Reserve space for FWNMI log")
which expanded the RTAS blob size to match the QEMU expectation about
the RTAS area available for FWNMI logs.
Instead, it relies on QEMU passing the "rtas-size" property and passes it
through untouched. This adds a check that QEMU allocated enough for
RTAS blob. This adds a fallback to the default 20 bytes "rtas-size" if
none specified by QEMU.
While we are here, replace 's" /rtas" find-node' with 'rtas-node' which
we just set above.
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Linux closes stdout at the end of prom_init which triggers the FW quiesce
code which closes the virtio-serial instance. This misses stopping the
virtio queues. However this seemed working for a little longer (until the
Linux driver took over) till 300384f3dc68 which moved the VQ descriptors
around which caused use-after-free corruption.
This adds virtio_queue_term_vq(), cleanup in the forth driver and a few
checks.
Fixes: 300384f3dc68 ("virtio: Store queue descriptors in virtio_device")
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
[groug: - fix changelog
- don't restore emit]
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The "io" word of term-io.fs opens two separate instances of the device
for stdin and stdout. The prom_init() function in Linux closes stdin at
some point, which internally calls quiesce and shuts the device down
through a quiesce hook.
When the "open-count" variable in virtio-serial.fs reaches 0, ie. when
closing the last instance, we call "close" two times, which is clearly
wrong. This never hits however because the stdout instance is never
closed which prevents "open-count" to reach 0.
It would make more sense to shutdown the device when closing the last
instance, for symmetry with the first open that initializes the device.
Change the shutdown sequence to do that rather than relying on a quiesce
hook.
Have quiesce to explicitly close stdout, which is supposedly the last
instance, and shutdown the device.
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
term-io.fs already overrides "emit", "key" and "key?" with its own version:
- "term-io-emit" calls the "write" method of the "stdout" instance, which
then calls "virtio-serial-putchar"
- "term-io-key" calls the "read" method of the "stdout" instance, which then
calls "virtio-serial-getchar"
- "term-io-key?" calls "serial-key?" if the device is a serial device, which
is the case here and we already override "serial-key?" with
"virtio-serial-term-key?".
It thus looks weird to rely on these shortcuts. Especially, when IOMMU is
enabled, we need a valid instance in "dmap-map-in" and going through
"term-io-emit" buys us that.
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Fixes: 300384f3dc68 ("virtio: Store queue descriptors in virtio_device")
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Measure and log the GPT table including LBA1 and all GPT table entries
with a non-zero Type GUID.
We follow the specification "TCG PC Client Platform Firmware Profile
Specification" for the format of what needs to be logged and measured.
See section "Event Logging" subsection "Measuring UEFI Variables" for
the UEFI_GPT_DATA structure.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Implement a TPM 2 menu and enable the user to clear the TPM
and its activate PCR banks.
The main TPM menu is activated by pressing the 't' key during
firmware startup.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This patch adds TPM 2.0 support along with the firmware API that Linux
uses to transfer the firmware log.
The firmware API follows the "PFW Virtual TPM Driver" specification.
The API has callers in existing Linux code (prom_init.c) from TPM 1.2
times but the API also works for TPM 2.0 without modifications.
The TPM 2.0 support logs PCR extensions of measurements of code and data.
For this part we follow the TCG specification "TCG PC Client
Platform Firmware Profile Specification" (section "Event Logging").
Other relevant specs for the construction of TPM commands are:
- Trusted Platform Module Library; Part 2 Structures
- Trusted Platform Module Library; Part 3 Commands
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
[aik: removed new blank lines at EOF]
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The following patch adds a SHA256 implementation based on the algorithm
description in NIST FIPS PUB 180-4. The patch includes test cases that test
the sha256 implementation and pass on big and little endian ppc64 hosts.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This patch adds a TPM driver for the CRQ interface as used by
the QEMU PAPR implementation.
Also add a Readme that explains the benefits and installation procedure
for the vTPM.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Make the print_version global variable accessible so that
we can measure the firmware version.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Make linker script variables related to 'text' addresses available
to the code so we can measure the static core root of trust contents.
When hashing the 'data' part of SLOF we do not end up with the same
measurements for the same firmware when booting with different
configurations, so we don't make those available.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Implement SLOF_get_keystroke() and SLOF_reset() helper functions.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
We recently fixed node creation at CAS in order to support early hotplug
of devices between boot and CAS. Let's handle node removal now to support
early hot *un*plug of devices.
This is achieved by associating a generation number to each FDT received
from QEMU and tagging all nodes with this number in a "slof,from-fdt"
property. The generation number is kept in the fdt-generation# variable.
It starts at 0 for the initial boot time FDT, and it is incremented at
each subsequent CAS. All boot time nodes hence get "slof,from-fdt" == 0,
all nodes present at CAS get "slof,from-fdt" == 1 and so on in case the
guest calls CAS again. If a device gets hot unplugged before quiesce, we
hence can detect it doesn't have the right generation number and thus
delete the node from the DT. Note that this only affects nodes coming
from the FDT. Nodes created by SLOF don't have the "slof,from-fdt"
property, and therefore cannot be candidates to deletion.
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|