Age | Commit message (Collapse) | Author | Files | Lines |
|
-Wextra enables a bunch of rather useful checks which this fixes.
This also fixes unused parameters warning by passing meaningful value and
doing sanity checks.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* updated commit log about using AF_INET/etc
* replaced cast to int with size_t in pxelinux_load_cfg
* added (alen == 0) in ping()
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
-Wextra enables a bunch of rather useful checks which this fixes with
one exception of -Wunused-parameter - this fixes it for debug macros only
and leave the rest for the future as more functional change is needed.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* updated debug macros to fix -Wunused-parameter
---
These are not fixed:
====== Building common libraries ======
[CC] usb-core.o
[CC] usb-ohci.o
[CC] usb-hid.o
[CC] usb-xhci.o
/home/aik/p/slof/lib/libusb/usb-core.c: In function ‘usb_set_address’:
/home/aik/p/slof/lib/libusb/usb-core.c:244:58: warning: unused parameter ‘port’ [-Wunused-parameter]
static int usb_set_address(struct usb_dev *dev, uint32_t port)
^~~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘xhci_send_enable_slot’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:353:67: warning: unused parameter ‘port’ [-Wunused-parameter]
static void xhci_send_enable_slot(struct xhci_hcd *xhcd, uint32_t port)
^~~~
/home/aik/p/slof/lib/libusb/usb-ohci.c: In function ‘ohci_dump_regs’:
/home/aik/p/slof/lib/libusb/usb-ohci.c:42:46: warning: unused parameter ‘regs’ [-Wunused-parameter]
static void ohci_dump_regs(struct ohci_regs *regs)
^~~~
/home/aik/p/slof/lib/libusb/usb-core.c: In function ‘usb_handle_device’:
/home/aik/p/slof/lib/libusb/usb-core.c:444:80: warning: unused parameter ‘cfg’ [-Wunused-parameter]
static int usb_handle_device(struct usb_dev *dev, struct usb_dev_config_descr *cfg,
^~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘fill_setup_trb’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:1026:13: warning: unused parameter ‘size’ [-Wunused-parameter]
uint32_t size)
^~~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘xhci_transfer_bulk’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:1217:60: warning: unused parameter ‘td’ [-Wunused-parameter]
static int xhci_transfer_bulk(struct usb_pipe *pipe, void *td, void *td_phys,
^~
/home/aik/p/slof/lib/libusb/usb-xhci.c:1217:70: warning: unused parameter ‘td_phys’ [-Wunused-parameter]
static int xhci_transfer_bulk(struct usb_pipe *pipe, void *td, void *td_phys,
^~~~~~~
/home/aik/p/slof/lib/libusb/usb-xhci.c: In function ‘xhci_get_pipe_intr’:
/home/aik/p/slof/lib/libusb/usb-xhci.c:1364:22: warning: unused parameter ‘len’ [-Wunused-parameter]
char *buf, size_t len)
^~~
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
This changes the return value for the case when no ELF headers were found
to avoid (ugly-ish) cast of -1 to unsigned.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* cast the return value to (int)
* added missing (long)
|
|
-Wextra enables a bunch of rather useful checks which this fixes.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* replaced cast to int with cast to size_t
|
|
We already have MAX() defined, add MIN() to the common helpers header.
Using the common helper also fixes a bug in tpmdrivers's MIN() where
it was reverted.
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
---
Changes:
v2:
* updated the comment about a fixed bug
|
|
These likely were a blind copy-n-paste from hvterm.fs, but they
simply do not make any sense in virtio-serial.fs. The hvterm.fs is
always included from OF.fs, so the serial-* words are globally there.
virtio-serial.fs is only used within the virtio-serial device tree
nodes, to adding the serial-* words there is just superfluous.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
A loop over peers does not need recursion which becomes a problem with
hundreds devices.
This was discovered with "-smp 2048,cores=512,threads=4".
Suggested-by: Jordan Niethe <jniethe5@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
On QEMU pseries (and alike environments) the PC starts at 0x100, hence SLOF
starts at address 0x100, not at 0x0 as the current comment informs. After
that fix the comment also matches the comment above it about the __start
load position, which is correct.
Signed-off-by: Gustavo Romero <gromero@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Measure the bootloader file read from disk into PCR 4 and log it with
the description 'BOOTLOADER' and the event type EV_COMPACT_HASH
(code 0xc). Since the loaded file should be an ELF file, have its size
determined and only the bytes from the ELF image measured rather than
the whole buffer that it was read into and is much bigger (0x700000
bytes).
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Implement tpm_hash_log_extend_event_buffer() that allows to measure
the contents of a buffer into a given PCR and log it with the
given event type and description. The caller may choose to have
the size of an ELF image file detected so that only data from the
ELF image are hashed rather than the much larger buffer.
Besides using this function call now for measuring the bootloader
read from a GPT partition, we also intend to use it for calls from
the firmware API that allow us to measure and log data from a boot
loader, such as grub. Grub will then invoke this function with a
buffer whose size it knows and will not need the ELF file size
detection.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Implement elf_get_file_size to determine the size of an ELF image
that has been loaded into a buffer much larger than the actual size
of the original file. We determine the size by searching for the
farthest offset declared by the ELF headers.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Add support for SHA3 type of algorithms that the vTPM may support
some time in the future.
The algorithms are assigned in "TCG Algorithm Registry"
https://trustedcomputinggroup.org/resource/tcg-algorithm-registry/
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The vendorInfoSize is a uint8_t rather than a uint32_t.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Only write the logs for those PCRs that are allocated in
banks.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The default .o:.c rule passes a short file name to gcc to when doing
"make -C <dir>", we do this a lot for all the libraries.
The file names printed in gcc errors are relative to <dir> and this
prevents vim from navigating through errors.
This passes the full file name to gcc to make it print errors with
absolute path so vim can navigate through errors nicely.
This makes it optional when V=1 or V=2 is passed.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Recent commit cf28264196e5 fixed an issue where a virtio-serial device
wouldn't shutdown properly during quiesce. The fix is to close stdout
just before quiesce. As expected this causes some messages to not
appear anymore, like the well known ones from prom_init():
Quiescing Open Firmware ...
Booting Linux via __start() @ 0x0000000002000000 ...
Actually all messages are discarded until the OS driver finally takes
control of the device, which may represent a fair amount of logging.
This is suboptimal but this still better than hanging in SLOF.
The hammer is a bit too big though because the change also affects
spapr-vty based consoles, which have no reason to stop working
after quiesce.
Move the hack from the common code to the virtio-serial code so that
it doesn't affect other device types anymore. Register a quiesce hook
that closes stdout in virtio-serial.fs.
While here, as suggested by Segher, bring back some robustness in the
shutdown method.
Reported-by: Fabiano Rosas <farosas@linux.ibm.com>
Fixes: cf28264196e5 "virtio-serial: Rework shutdown sequence"
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This reverts commit 674d0d0cf66d4 ("rtas: Reserve space for FWNMI log")
which expanded the RTAS blob size to match the QEMU expectation about
the RTAS area available for FWNMI logs.
Instead, it relies on QEMU passing the "rtas-size" property and passes it
through untouched. This adds a check that QEMU allocated enough for
RTAS blob. This adds a fallback to the default 20 bytes "rtas-size" if
none specified by QEMU.
While we are here, replace 's" /rtas" find-node' with 'rtas-node' which
we just set above.
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Linux closes stdout at the end of prom_init which triggers the FW quiesce
code which closes the virtio-serial instance. This misses stopping the
virtio queues. However this seemed working for a little longer (until the
Linux driver took over) till 300384f3dc68 which moved the VQ descriptors
around which caused use-after-free corruption.
This adds virtio_queue_term_vq(), cleanup in the forth driver and a few
checks.
Fixes: 300384f3dc68 ("virtio: Store queue descriptors in virtio_device")
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
[groug: - fix changelog
- don't restore emit]
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The "io" word of term-io.fs opens two separate instances of the device
for stdin and stdout. The prom_init() function in Linux closes stdin at
some point, which internally calls quiesce and shuts the device down
through a quiesce hook.
When the "open-count" variable in virtio-serial.fs reaches 0, ie. when
closing the last instance, we call "close" two times, which is clearly
wrong. This never hits however because the stdout instance is never
closed which prevents "open-count" to reach 0.
It would make more sense to shutdown the device when closing the last
instance, for symmetry with the first open that initializes the device.
Change the shutdown sequence to do that rather than relying on a quiesce
hook.
Have quiesce to explicitly close stdout, which is supposedly the last
instance, and shutdown the device.
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
term-io.fs already overrides "emit", "key" and "key?" with its own version:
- "term-io-emit" calls the "write" method of the "stdout" instance, which
then calls "virtio-serial-putchar"
- "term-io-key" calls the "read" method of the "stdout" instance, which then
calls "virtio-serial-getchar"
- "term-io-key?" calls "serial-key?" if the device is a serial device, which
is the case here and we already override "serial-key?" with
"virtio-serial-term-key?".
It thus looks weird to rely on these shortcuts. Especially, when IOMMU is
enabled, we need a valid instance in "dmap-map-in" and going through
"term-io-emit" buys us that.
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Fixes: 300384f3dc68 ("virtio: Store queue descriptors in virtio_device")
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Measure and log the GPT table including LBA1 and all GPT table entries
with a non-zero Type GUID.
We follow the specification "TCG PC Client Platform Firmware Profile
Specification" for the format of what needs to be logged and measured.
See section "Event Logging" subsection "Measuring UEFI Variables" for
the UEFI_GPT_DATA structure.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Implement a TPM 2 menu and enable the user to clear the TPM
and its activate PCR banks.
The main TPM menu is activated by pressing the 't' key during
firmware startup.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This patch adds TPM 2.0 support along with the firmware API that Linux
uses to transfer the firmware log.
The firmware API follows the "PFW Virtual TPM Driver" specification.
The API has callers in existing Linux code (prom_init.c) from TPM 1.2
times but the API also works for TPM 2.0 without modifications.
The TPM 2.0 support logs PCR extensions of measurements of code and data.
For this part we follow the TCG specification "TCG PC Client
Platform Firmware Profile Specification" (section "Event Logging").
Other relevant specs for the construction of TPM commands are:
- Trusted Platform Module Library; Part 2 Structures
- Trusted Platform Module Library; Part 3 Commands
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
[aik: removed new blank lines at EOF]
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
The following patch adds a SHA256 implementation based on the algorithm
description in NIST FIPS PUB 180-4. The patch includes test cases that test
the sha256 implementation and pass on big and little endian ppc64 hosts.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This patch adds a TPM driver for the CRQ interface as used by
the QEMU PAPR implementation.
Also add a Readme that explains the benefits and installation procedure
for the vTPM.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Make the print_version global variable accessible so that
we can measure the firmware version.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Make linker script variables related to 'text' addresses available
to the code so we can measure the static core root of trust contents.
When hashing the 'data' part of SLOF we do not end up with the same
measurements for the same firmware when booting with different
configurations, so we don't make those available.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Implement SLOF_get_keystroke() and SLOF_reset() helper functions.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
We recently fixed node creation at CAS in order to support early hotplug
of devices between boot and CAS. Let's handle node removal now to support
early hot *un*plug of devices.
This is achieved by associating a generation number to each FDT received
from QEMU and tagging all nodes with this number in a "slof,from-fdt"
property. The generation number is kept in the fdt-generation# variable.
It starts at 0 for the initial boot time FDT, and it is incremented at
each subsequent CAS. All boot time nodes hence get "slof,from-fdt" == 0,
all nodes present at CAS get "slof,from-fdt" == 1 and so on in case the
guest calls CAS again. If a device gets hot unplugged before quiesce, we
hence can detect it doesn't have the right generation number and thus
delete the node from the DT. Note that this only affects nodes coming
from the FDT. Nodes created by SLOF don't have the "slof,from-fdt"
property, and therefore cannot be candidates to deletion.
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Now that QEMU passes a full FDT at CAS without rebooting, a guest that
has switched from XICS to XIVE ends up being presented an malformed
"interrupt-controller" node in the DT:
# dtc -I fs -O dts /proc/device-tree
<stdout>: Warning (unit_address_vs_reg): /interrupt-controller: node has a reg or ranges property, but no unit name
...
interrupt-controller {
ibm,xive-eq-sizes = <0x10>;
device_type = "power-ivpe";
ibm,interrupt-server-ranges = <0x00 0x03>;
compatible = "ibm,power-ivpe";
#interrupt-cells = <0x02>;
reg = <0x60302 0x31b0000 0x00 0x10000 0x60302 0x31a0000 0x00 0x10000>;
phandle = <0xe7448a8>;
ibm,xive-lisn-ranges = <0x00 0x03>;
interrupt-controller;
};
The node should have its unit set to "60302031b0000" as reported by dtc.
Also the node still has an "ibm,interrupt-server-ranges" property which
only makes sense with XICS.
This happens because we find an existing "interrupt-controller" node,
which describes a XICS controller, and we _wrongly_ decide to copy
all the properties from the new node into it. Delete the existing node
instead so that we create a new node with the appropriate properties
and unit name.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
So far we only allowed new ibm,dynamic-reconfiguration-memory and memory
nodes in the FDT update blob at ibm,client-architecture-support (CAS).
DRC do not have unit addresses and are easy, for memory nodes we use
an address from the node name.
For early hot plugged PCI devices (plugged after reset but before CAS)
we have to have a similar hack as for memory@ but parse the address
differently because of different binding.
Instead, this changes new nodes creation. At pass#0 when we copy phandles
from the FDT update blob to SLOF, we create new nodes with all
new properties and call "finish-device" only after all properties are
copied to the new nodes. At this point we particularly care about "reg"
as this is the unit address which SLOF parses for us and sets the unit
address in "finish-device"; we could skip other properties for later
passes.
Note this creates naked nodes with no methods normally added to the nodes
as this bypasses normal discovery which SLOF performs at start. So
if pass#1 does not find the node created in pass#0, this points to
missing "decode-unit" at the new node parent (happens when adding bridge-
under-bridge) and this prints a message and resets.
While at this, fix few trailing spaces and comments.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
[groug: - use fdt-reg-unit to set the unit name
- consolidate finish-device and unit name for nodes and subnodes
with a new fdt-cas-finish-device word ]
Signed-off-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
c2358afb40d4 ("Add support for 64bit LE ABI v1 and v2 support") added
little endian ELF support for one of two ELF loading helpers, this fixes
oversight. With this changes, 'boot disk:2,boot\zImage' is able to handle
little-endian zimages.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This allows booting from ext4 filesystems when EXT4_EXTENTS_FL is set in
inode.
Based on:
https://ext4.wiki.kernel.org/index.php/Ext4_Disk_Layout
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
When incompat flags has INCOMPAT_64BIT set ("Enable a filesystem size
over 2^32 blocks"), the group descriptor size is stored at 0xFE
and these days it is 0x40 so use that rather than the default value
of 0x20.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
A le32 value at 0x20 offset in supernode is:
0x20 __le32 s_blocks_per_group Blocks per group
Size of group descriptors is a le16 value at 0xfe.
Rename group-desc-size according to the ext2/4 spec.
This should cause no behavioral change.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
This adds support for:
"Linux filesystem data" 0FC63DAF-8483-4772-8E79-3D69D8477DE4
Previously, Linux used the same GUID for the data partitions as Windows
(Basic data partition: EBD0A0A2-B9E5-4433-87C0-68B6B72699C7).
The new GUID (Linux filesystem data: 0FC63DAF-8483-4772-8E79-3D69D8477DE4)
was defined jointly by GPT fdisk and GNU.
Source:
https://en.wikipedia.org/wiki/GUID_Partition_Table#cite_note-linwin-40
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|
|
We are going to add limited support for ext4 and Linux GPT partitions.
This moves try-ext2-files and (interpose-filesystem) earlier to be called
from try-gpt-dos-partition.
This simplifies UUID defining and handling.
This should cause no behavioral change.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
|