| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
All the documentation on travis-ci.com talks about "jobs:" instead of
"matrix:" these days, so let's also use this keywords now. Also fix
a typo in "inlcude" - it's weird that Travis did not complain about
this, but it's certainly better to have this fixed.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
In the rare case of a TPM 2 failure, disable the platform hierarchy after
disabling the endorsement and owner hierarchies.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
It should be "channel" instead of "cannel", obviously.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
It has been moved to a new location in the Linux git repository
quite a while ago already.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
SLOF coding style is to use spaces in Forth code, not TABs, and the TAB
in the (accept) function breaks the right indentation in my editor, so
let's replace the TABs in this file with spaces now.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Let's hope that this will help to avoid that people run into the same
problem again in the future. At least we've got some lines of documentation
this way where we can point people to who try to use "nc" in the wrong way.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This reverts commit 283d88c46c1d4d2ae65f0a3eaf582d0c124d37db as:
- it wrongly assumes the default V=0 (V=1 is the default);
- the new rule broke js2x;
- does not really solve the original problem of printing partial
filenames in gcc error messages.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Add test cases for sha1, sha256, sha384, and sha512 and a test script
to run the test cases.
The tests are passing on little and big endian machines (Fedora 28).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Instead of just using sha256 for all PCR banks (and truncating
the value or zero-padding it) use the proper hash function for
each one of the banks. For unimplemented hashes, fill the buffer
with 0xff.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Use assembly for the 32 bit rotr in the sha256 implementation
similar to the assembly used in the sha1 and sha512 implementations.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Change the format of the S_CRTM_VERSION string to ucs-2 since this
is what seems to be commonly used by other firmwares following
insight from a TCG work group member.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Add a new firmware API call with the name 2HASH-EXT-LOG that will be used
by trusted grub for measuring, logging, and extending TPM PCRs.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This fixes gcc warnings from -Waddress-of-packed-member and -Wzero-length-bounds.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
---
tpm_drivers.c: In function ‘spapr_send_crq_and_wait’:
tpm_drivers.c:153:2: warning: converting a packed ‘struct crq’ pointer (alignment 1) to a ‘uint64_t’ {aka ‘long long unsigned int’} pointer alignment 8) may result in an unaligned pointer value [-Waddress-of-packed-member]
153 | rc = hv_send_crq(unit, (uint64_t *)crq);
| ^~
tpm_drivers.c:34:8: note: defined here
34 | struct crq {
| ^~~
tpm_drivers.c: In function ‘spapr_vtpm_senddata’:
tpm_drivers.c:346:2: warning: converting a packed ‘struct crq’ pointer (alignment 1) to a ‘uint64_t’ {aka ‘long long unsigned int’} pointer (alignment 8) may result in an unaligned pointer value [-Waddress-of-packed-member]
346 | rc = hv_send_crq(spapr_vtpm.unit, (uint64_t *)&crq);
| ^~
tpm_drivers.c:34:8: note: defined here
34 | struct crq {
| ^~~
[CC] common-libs
[CC] common-libs
tcgbios.c: In function ‘tpm20_write_EfiSpecIdEventStruct’:
tcgbios.c:708:24: warning: array subscript ‘numAlgs’ is outside the bounds of an interior zero-length array ‘struct TCG_EfiSpecIdEventAlgorithmSize[0]’ [-Wzero-length-bounds]
708 | event.hdr.digestSizes[numAlgs].algorithmId =
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
In file included from tpm_drivers.h:20,
from tcgbios.c:27:
tcgbios_int.h:92:4: note: while referencing ‘digestSizes’
92 | } digestSizes[0];
| ^~~~~~~~~~~
tcgbios.c:710:24: warning: array subscript ‘numAlgs’ is outside the bounds of an interior zero-length array ‘struct TCG_EfiSpecIdEventAlgorithmSize[0]’ [-Wzero-length-bounds]
710 | event.hdr.digestSizes[numAlgs].digestSize = cpu_to_log16(hsize);
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
In file included from tpm_drivers.h:20,
from tcgbios.c:27:
tcgbios_int.h:92:4: note: while referencing ‘digestSizes’
92 | } digestSizes[0];
| ^~~~~~~~~~~
|
|
The #define in version.h does not match the #ifndef in the line before
due to a typo in the suffix ("_F" instead of "_H"). Fix it, and while
we're at it, also remove the underscore at the beginning to avoid that
we're using an identifier here that is reserved by the C standard.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Fix two details of the logs:
- Set the filed SpecErrata to 2 as required by specs.
- Write the separator into the log entry's event field.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
The only exception is -Wno-unused-parameter, one thing at the time.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Note this adds MIN() in tpm_gpt_set_lba1() so it may potentially fail
which is unlikely as the length comes from disk-label's block-size which
is used in other places.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
This also fixes unused parameters warning by passing meaningful value and
doing sanity checks.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* updated commit log about using AF_INET/etc
* replaced cast to int with size_t in pxelinux_load_cfg
* added (alen == 0) in ping()
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes with
one exception of -Wunused-parameter - this fixes it for debug macros only
and leave the rest for the future as more functional change is needed.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* updated debug macros to fix -Wunused-parameter
---
These are not fixed:
====== Building common libraries ======
[CC] usb-core.o
[CC] usb-ohci.o
[CC] usb-hid.o
[CC] usb-xhci.o
/home/aik/p/slof/lib/libusb/usb-core.c: In function ‘usb_set_address’:
/home/aik/p/slof/lib/libusb/usb-core.c:244:58: warning: unused parameter ‘port’ [-Wunused-parameter]
static int usb_set_address(struct usb_dev *dev, uint32_t port)
^~~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘xhci_send_enable_slot’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:353:67: warning: unused parameter ‘port’ [-Wunused-parameter]
static void xhci_send_enable_slot(struct xhci_hcd *xhcd, uint32_t port)
^~~~
/home/aik/p/slof/lib/libusb/usb-ohci.c: In function ‘ohci_dump_regs’:
/home/aik/p/slof/lib/libusb/usb-ohci.c:42:46: warning: unused parameter ‘regs’ [-Wunused-parameter]
static void ohci_dump_regs(struct ohci_regs *regs)
^~~~
/home/aik/p/slof/lib/libusb/usb-core.c: In function ‘usb_handle_device’:
/home/aik/p/slof/lib/libusb/usb-core.c:444:80: warning: unused parameter ‘cfg’ [-Wunused-parameter]
static int usb_handle_device(struct usb_dev *dev, struct usb_dev_config_descr *cfg,
^~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘fill_setup_trb’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:1026:13: warning: unused parameter ‘size’ [-Wunused-parameter]
uint32_t size)
^~~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘xhci_transfer_bulk’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:1217:60: warning: unused parameter ‘td’ [-Wunused-parameter]
static int xhci_transfer_bulk(struct usb_pipe *pipe, void *td, void *td_phys,
^~
/home/aik/p/slof/lib/libusb/usb-xhci.c:1217:70: warning: unused parameter ‘td_phys’ [-Wunused-parameter]
static int xhci_transfer_bulk(struct usb_pipe *pipe, void *td, void *td_phys,
^~~~~~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘xhci_get_pipe_intr’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:1364:22: warning: unused parameter ‘len’ [-Wunused-parameter]
char *buf, size_t len)
^~~
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
This changes the return value for the case when no ELF headers were found
to avoid (ugly-ish) cast of -1 to unsigned.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* cast the return value to (int)
* added missing (long)
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* replaced cast to int with cast to size_t
|
|
We already have MAX() defined, add MIN() to the common helpers header.
Using the common helper also fixes a bug in tpmdrivers's MIN() where
it was reverted.
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* updated the comment about a fixed bug
|
|
These likely were a blind copy-n-paste from hvterm.fs, but they
simply do not make any sense in virtio-serial.fs. The hvterm.fs is
always included from OF.fs, so the serial-* words are globally there.
virtio-serial.fs is only used within the virtio-serial device tree
nodes, to adding the serial-* words there is just superfluous.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
A loop over peers does not need recursion which becomes a problem with
hundreds devices.
This was discovered with "-smp 2048,cores=512,threads=4".
Suggested-by: Jordan Niethe <jniethe5@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
On QEMU pseries (and alike environments) the PC starts at 0x100, hence SLOF
starts at address 0x100, not at 0x0 as the current comment informs. After
that fix the comment also matches the comment above it about the __start
load position, which is correct.
Signed-off-by: Gustavo Romero <gromero@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Measure the bootloader file read from disk into PCR 4 and log it with
the description 'BOOTLOADER' and the event type EV_COMPACT_HASH
(code 0xc). Since the loaded file should be an ELF file, have its size
determined and only the bytes from the ELF image measured rather than
the whole buffer that it was read into and is much bigger (0x700000
bytes).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Implement tpm_hash_log_extend_event_buffer() that allows to measure
the contents of a buffer into a given PCR and log it with the
given event type and description. The caller may choose to have
the size of an ELF image file detected so that only data from the
ELF image are hashed rather than the much larger buffer.
Besides using this function call now for measuring the bootloader
read from a GPT partition, we also intend to use it for calls from
the firmware API that allow us to measure and log data from a boot
loader, such as grub. Grub will then invoke this function with a
buffer whose size it knows and will not need the ELF file size
detection.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Implement elf_get_file_size to determine the size of an ELF image
that has been loaded into a buffer much larger than the actual size
of the original file. We determine the size by searching for the
farthest offset declared by the ELF headers.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Add support for SHA3 type of algorithms that the vTPM may support
some time in the future.
The algorithms are assigned in "TCG Algorithm Registry"
https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The vendorInfoSize is a uint8_t rather than a uint32_t.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Only write the logs for those PCRs that are allocated in
banks.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The default .o:.c rule passes a short file name to gcc to when doing
"make -C <dir>", we do this a lot for all the libraries.
The file names printed in gcc errors are relative to <dir> and this
prevents vim from navigating through errors.
This passes the full file name to gcc to make it print errors with
absolute path so vim can navigate through errors nicely.
This makes it optional when V=1 or V=2 is passed.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Recent commit cf28264196e5 fixed an issue where a virtio-serial device
wouldn't shutdown properly during quiesce. The fix is to close stdout
just before quiesce. As expected this causes some messages to not
appear anymore, like the well known ones from prom_init():
Quiescing Open Firmware ...
Booting Linux via __start() @ 0x0000000002000000 ...
Actually all messages are discarded until the OS driver finally takes
control of the device, which may represent a fair amount of logging.
This is suboptimal but this still better than hanging in SLOF.
The hammer is a bit too big though because the change also affects
spapr-vty based consoles, which have no reason to stop working
after quiesce.
Move the hack from the common code to the virtio-serial code so that
it doesn't affect other device types anymore. Register a quiesce hook
that closes stdout in virtio-serial.fs.
While here, as suggested by Segher, bring back some robustness in the
shutdown method.
Reported-by: Fabiano Rosas <farosas@linux.ibm.com>
Fixes: cf28264196e5 "virtio-serial: Rework shutdown sequence"
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This reverts commit 674d0d0cf66d4 ("rtas: Reserve space for FWNMI log")
which expanded the RTAS blob size to match the QEMU expectation about
the RTAS area available for FWNMI logs.
Instead, it relies on QEMU passing the "rtas-size" property and passes it
through untouched. This adds a check that QEMU allocated enough for
RTAS blob. This adds a fallback to the default 20 bytes "rtas-size" if
none specified by QEMU.
While we are here, replace 's" /rtas" find-node' with 'rtas-node' which
we just set above.
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
