aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/release-notes/skiboot-5.4.0-rc2.rst270
1 files changed, 270 insertions, 0 deletions
diff --git a/doc/release-notes/skiboot-5.4.0-rc2.rst b/doc/release-notes/skiboot-5.4.0-rc2.rst
new file mode 100644
index 0000000..f84c5b0
--- /dev/null
+++ b/doc/release-notes/skiboot-5.4.0-rc2.rst
@@ -0,0 +1,270 @@
+=================
+skiboot-5.4.0-rc2
+=================
+
+skiboot-5.4.0-rc2 was released on Wednesday October 26th 2016. It is the
+second release candidate of skiboot 5.4, which will become the new stable
+release of skiboot following the 5.3 release, first released August 2nd 2016.
+
+skiboot-5.4.0-rc2 contains all bug fixes as of :ref:`skiboot-5.3.7`
+and :ref:`skiboot-5.1.18` (the currently maintained stable releases).
+
+For how the skiboot stable releases work, see :ref:`stable-rules` for details.
+
+Since this is a release candidate, it should *NOT* be put into production.
+
+The current plan is to release a new release candidate every week until we
+feel good about it. The aim is for skiboot-5.4.x to be in op-build v1.13, which
+is due by November 23rd 2016.
+
+Over :ref:`skiboot-5.4.0-rc1`, we have a few changes:
+
+Secure and Trusted Boot
+=======================
+
+skiboot 5.4.0-rc2 improves upon the progress towards Secure and Trusted Boot
+in rc1. It is important to note that this is *not* a complete, end-to-end
+secure/trusted boot implementation.
+
+With the current code, it is now possible to verify and measure resources
+loaded from PNOR by skiboot (namely the CAPP and BOOTKERNEL partitions).
+
+Note that this functionality is currently *only* available on systems that
+use the libflash backend. It is *NOT* enabled on IBM FSP based systems.
+There is some support for some simulators though.
+
+- libstb/stb.c: ignore the secure mode flag unless forced in NVRAM
+
+ For this stage in Trusted Boot development, we are wishing to not
+ force Secure Mode through the whole firmware boot process, but we
+ are wanting to be able to test it (classic chicken and egg problem with
+ build infrastructure).
+
+ We disabled secure mode if the secure-enabled devtree property is
+ read from the device tree *IF* we aren't overriding it through NVRAM.
+ Seeing as we can only increase (not decrease) what we're checking through
+ the NVRAM variable, it is safe.
+
+ The NVRAM setting is force-secure-mode=true in the ibm,skiboot partition.
+
+ However, if you want to force secure mode even if Hostboot has *not* set
+ the secure-enabled proprety in the device tree, set force-secure-mode
+ to "always".
+
+ There is also a force-trusted-mode NVRAM setting to force trusted mode
+ even if Hostboot has not enabled it int the device tree.
+
+ To indicate to Linux that we haven't gone through the whole firmware
+ process in secure mode, we replace the 'secure-enabled' property with
+ 'partial-secure-enabled', to indicate that only part of the firmware
+ boot process has gone through secure mode.
+
+
+Command line arguments to BOOTKERNEL
+====================================
+
+- core/init.c: Fix bootargs parsing
+
+ Currently the bootargs are unconditionally deleted, which causes
+ a bug where the bootargs passed in by the device tree are lost.
+
+ This patch deletes bootargs only if it needs to be replaced by the NVRAM
+ entry.
+
+ This patch also removes KERNEL_COMMAND_LINE config option in favour of
+ using the NVRAM or a device tree.
+
+pflash utility
+==============
+
+- external/pflash: Make MTD accesses the default
+
+ Now that BMC and host kernel mtd drivers exist and have matured we
+ should use them by default.
+
+ This is especially important since we seem to be telling everyone to use
+ pflash (pflash world domination plans are continuing on schedule).
+- external/pflash: Catch incompatible combination of flags
+- external/common: arm: Don't error trying to wrprotect with MTD access
+- libflash/libffs: Use blocklevel_smart_write() when updating partitions
+
+Other changes
+=============
+- extract-gcov: build with -m64 if compiler supports it.
+
+ Fixes build break on 32bit ppc64 (e.g. PowerMac G5, where user space
+ is mostly 32bit).
+
+Fast Reset
+==========
+
+- fast-reset: disable fast reboot in event of platform error
+
+ Most of the time, if we're rebooting due to a platform error, we should
+ trigger a checkstop. However, if we haven't been told what we should do
+ to trigger a checkstop (e.g. on an FSP machine), then we should still
+ fail to fast-reboot.
+
+ So, disable fast-reboot in the OPAL_CEC_REBOOT2 code path
+ for OPAL_REBOOT_PLATFORM_ERROR reboot type.
+- fast-reboot: disable on FSP code update or unrecoverable HMI
+- fast-reboot: abort fast reboot if CAPP attached
+
+ If a PHB is in CAPI mode, we cannot safely fast reboot - the PHB will be
+ fenced during the reboot resulting in major problems when we load the new
+ kernel.
+
+ In order to handle this safely, we need to disable CAPI mode before
+ resetting PHBs during the fast reboot. However, we don't currently support
+ this.
+
+ In the meantime, when fast rebooting, check if there are any PHBs with a
+ CAPP attached, and if so, abort the fast reboot and revert to a normal
+ reboot instead.
+
+OpenPOWER Platforms
+===================
+
+For all hardware platforms that aren't IBM FSP machines:
+
+- Revert "flash: Move flash node under ibm,opal/flash/"
+
+ This reverts commit e1e6d009860d0ef60f9daf7a0fbe15f869516bd0.
+
+ Breaks DT enough that it makes people cranky, reverting for now.
+ This could break access to flash with existing kernels in POWER9 simulators
+
+- flash: rework flash_load_resource to correctly read FFS/STB
+
+ This fixes the previous reverts of loading the CAPP partition with
+ STB headers (which broke CAPP partitions without STB headers).
+
+ The new logic fixes both CAPP partition loading with STB headers *and*
+ addresses a long standing bug due to differing interpretations of FFS.
+
+ The f_part utility that *constructs* PNOR files just sets actualSize=totalSize
+ no matter on what the size of the partition is. Prior to this patch,
+ skiboot would always load actualSize, leading to longer than needed IPL.
+
+ The pflash utility updates actualSize, so no developer has really ever
+ noticed this, apart from maybe an inkling that it's odd that a freshly
+ baked PNOR from op-build takes ever so slightly longer to boot than one
+ that has had individual partitions pflashed in.
+
+ With this patch, we now compute actualSize. For partitions with a STB
+ header, we take the payload size from the STB header. For partitions
+ that don't have a STB header, we compute the size either by parsing
+ the ELF header or by looking at the subpartition header and computing it.
+
+ We now need to read the entire partition for partitions with subpartitions
+ so that we pass consistent values to be measured as part of Trusted Boot.
+
+ As of this patch, the actualSize field in FFS is *not* relied on for
+ partition size, we determine it from the content of the partition.
+
+ However, this patch *will* break loading of partitions that are not ELF
+ and do not contain subpartitions. Luckily, nothing in-tree makes use of
+ that.
+
+PCI
+===
+- pci: Check power state before powering off slot
+
+ Prevents the erroneous "Error -1 powering off slot" error message.
+
+Contributors
+============
+Since :ref:`skiboot-5.4.0-rc1`, we have 23 csets from 8 developers.
+
+A total of 876 lines added, 621 removed (delta 255)
+
+Developers with the most changesets
+
+============================ = =======
+Developer # %
+============================ = =======
+Stewart Smith 7 (30.4%)
+Cyril Bur 5 (21.7%)
+Mukesh Ojha 3 (13.0%)
+Gavin Shan 3 (13.0%)
+Claudio Carvalho 2 (8.7%)
+Chris Smart 1 (4.3%)
+Andrew Donnellan 1 (4.3%)
+Nageswara R Sastry 1 (4.3%)
+============================ = =======
+
+Developers with the most changed lines
+
+========================== === =======
+Developer # %
+========================== === =======
+Stewart Smith 424 (45.7%)
+Mukesh Ojha 204 (22.0%)
+Gavin Shan 173 (18.6%)
+Cyril Bur 69 (7.4%)
+Claudio Carvalho 35 (3.8%)
+Andrew Donnellan 13 (1.4%)
+Chris Smart 8 (0.9%)
+Nageswara R Sastry 2 (0.2%)
+========================== === =======
+
+Developers with the most lines removed
+
+============================ = =======
+Developer # %
+============================ = =======
+Gavin Shan 9 (1.4%)
+Chris Smart 4 (0.6%)
+============================ = =======
+
+Developers with the most signoffs (total 16)
+
+============================ = =======
+Developer # %
+============================ = =======
+Stewart Smith 16 (100.0%)
+============================ = =======
+
+Developers with the most reviews (total 4)
+
+============================ = =======
+Developer # %
+============================ = =======
+Vasant Hegde 2 (50.0%)
+Andrew Donnellan 2 (50.0%)
+============================ = =======
+
+Developers with the most test credits (total 1)
+
+============================ = =======
+Developer # %
+============================ = =======
+Pridhiviraj Paidipeddi 1 (100.0%)
+============================ = =======
+
+Developers who gave the most tested-by credits (total 1)
+
+============================ = =======
+Developer # %
+============================ = =======
+Gavin Shan 1 (100.0%)
+============================ = =======
+
+Developers with the most report credits (total 3)
+
+============================ = =======
+Developer # %
+============================ = =======
+Pridhiviraj Paidipeddi 1 (33.3%)
+Andrei Warkenti 1 (33.3%)
+Michael Neuling 1 (33.3%)
+============================ = =======
+
+Developers who gave the most report credits (total 3)
+
+============================ = =======
+Developer # %
+============================ = =======
+Stewart Smith 2 (66.7%)
+Gavin Shan 1 (33.3%)
+============================ = =======