skiboot 5.10-rc2 release notes

Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>

1 files changed, 162 insertions, 0 deletions

diff --git a/doc/release-notes/skiboot-5.10-rc2.rst b/doc/release-notes/skiboot-5.10-rc2.rst
new file mode 100644
index 00000000..b39ebb93
--- /dev/null
+++ b/doc/release-notes/skiboot-5.10-rc2.rst
@@ -0,0 +1,162 @@
+.. _skiboot-5.10-rc2:
+
+skiboot-5.10-rc2
+================
+
+skiboot v5.10-rc2 was released on Friday February 9th 2018. It is the second
+release candidate of skiboot 5.10, which will become the new stable release
+of skiboot following the 5.9 release, first released October 31st 2017.
+
+skiboot v5.10-rc2 contains all bug fixes as of :ref:`skiboot-5.9.8`
+and :ref:`skiboot-5.4.9` (the currently maintained stable releases). There
+may be more 5.9.x stable releases, it will depend on demand.
+
+For how the skiboot stable releases work, see :ref:`stable-rules` for details.
+
+The current plan is to cut the final 5.10 in February, with skiboot 5.10
+being for all POWER8 and POWER9 platforms in op-build v1.21.
+This release will be targeted to early POWER9 systems.
+
+Over skiboot-5.10-rc1, we have the following changes:
+
+- hw/npu2: Implement logging HMI actions
+- opal-prd: Fix FTBFS with -Werror=format-overflow
+
+  i2c.c fails to compile with gcc7 and -Werror=format-overflow used in
+  Debian Unstable and Ubuntu 18.04 : ::
+
+    i2c.c: In function ‘i2c_init’:
+    i2c.c:211:15: error: ‘%s’ directive writing up to 255 bytes into a
+    region of size 236 [-Werror=format-overflow=]
+
+- core/exception: beautify exception handler, add MCE-involved registers
+
+  Print DSISR and DAR, to help with deciphering machine check exceptions,
+  and improve the output a bit, decode NIP symbol, improve alignment, etc.
+  Also print a specific header for machine check, because we do expect to
+  see these if there is a hardware failure.
+
+  Before: ::
+
+    [    0.005968779,3] ***********************************************
+    [    0.005974102,3] Unexpected exception 200 !
+    [    0.005978696,3] SRR0 : 000000003002ad80 SRR1 : 9000000000001000
+    [    0.005985239,3] HSRR0: 00000000300027b4 HSRR1: 9000000030001000
+    [    0.005991782,3] LR   : 000000003002ad80 CTR  : 0000000000000000
+    [    0.005998130,3] CFAR : 00000000300b58bc
+    [    0.006002769,3] CR   : 40000004  XER: 20000000
+    [    0.006008069,3] GPR00: 000000003002ad80 GPR16: 0000000000000000
+    [    0.006015170,3] GPR01: 0000000031c03bd0 GPR17: 0000000000000000
+    [...]
+
+  After: ::
+
+    [    0.003287941,3] ***********************************************
+    [    0.003561769,3] Fatal MCE at 000000003002ad80   .nvram_init+0x24
+    [    0.003579628,3] CFAR : 00000000300b5964
+    [    0.003584268,3] SRR0 : 000000003002ad80 SRR1 : 9000000000001000
+    [    0.003590812,3] HSRR0: 00000000300027b4 HSRR1: 9000000030001000
+    [    0.003597355,3] DSISR: 00000000         DAR  : 0000000000000000
+    [    0.003603480,3] LR   : 000000003002ad68 CTR  : 0000000030093d80
+    [    0.003609930,3] CR   : 40000004         XER  : 20000000
+    [    0.003615698,3] GPR00: 00000000300149e8 GPR16: 0000000000000000
+    [    0.003622799,3] GPR01: 0000000031c03bc0 GPR17: 0000000000000000
+    [...]
+- core/init: manage MSR[ME] explicitly, always enable
+
+  The current boot sequence inherits MSR[ME] from the IPL firmware, and
+  never changes it. Some environments disable MSR[ME] (e.g., mambo), and
+  others can enable it (hostboot).
+
+  This has two problems. First, MSR[ME] must be disabled while in the
+  process of taking over the interrupt vector from the previous
+  environment.  Second, after installing our machine check handler,
+  MSR[ME] should be enabled to get some useful output rather than a
+  checkstop.
+- fast-reboot: occ: Re-parse the pstate table during fast-reboot
+
+  OCC shares the frequency list to host by copying the pstate table to
+  main memory in HOMER. This table is parsed during boot to create
+  device-tree properties for frequency and pstate IDs. OCC can update
+  the pstate table to present a new set of frequencies to the host. But
+  host will remain oblivious to these changes unless it is re-inited
+  with the updated device-tree CPU frequency properties. So this patch
+  allows to re-parse the pstate table and update the device-tree
+  properties during fast-reboot.
+
+  OCC updates the pstate table when asked to do so using pstate-table
+  bias command. And this is mainly used by WOF team for
+  characterization purposes.
+- fast-reboot: move pci_reset error handling into fast-reboot code
+
+  pci_reset() currently does a platform reboot if it fails. It
+  should not know about fast-reboot at this level, so instead have
+  it return an error, and the fast reboot caller will do the
+  platform reboot.
+
+  The code essentially does the same thing, but flexibility is
+  improved. Ideally the fast reboot code should perform pci_reset
+  and all such fail-able operations before the CPU resets itself
+  and destroys its own stack. That's not the case now, but that
+  should be the goal.
+- capi: Fix the max tlbi divider and the directory size.
+
+  Switch to 512KB mode (directory size) as we don’t use bit 48 of the tag
+  in addressing the array. This mode is controlled by the Snoop CAPI
+  Configuration Register.
+  Set the maximum of the number of data polls received before signaling
+  TLBI hang detect timer expired. The value of '0000' is equal to 16.
+- npu2/tce: Fix page size checking
+
+  The page size is encoded in the TVT data [59:63] as @shift+11 but
+  the tce_kill handler does not do the math right; this fixes it.
+- stb: Enforce secure boot if called before libstb initialized
+- stb: Correctly error out when no PCR for resource
+- core/init: move imc catalog preload init after the STB init.
+
+  As a safer side move the imc catalog preload after the STB init
+  to make sure the imc catalog resource get's verified and measured
+  properly during loading when both secure and trusted boot modes
+  are on.
+- libstb: fix failure of calling trusted measure without STB initialization.
+
+  When we load a flash resource during OPAL init, STB calls trusted measure
+  to measure the given resource. There is a situation when a flash gets loaded
+  before STB initialization then trusted measure cannot measure properly.
+
+  So this patch fixes this issue by calling trusted measure only if the
+  corresponding trusted init was done.
+
+  The ideal fix is to make sure STB init done at the first place during init
+  and then do the loading of flash resources, by that way STB can properly
+  verify and measure the all resources.
+- libstb: fix failure of calling cvc verify without STB initialization.
+
+  Currently in OPAL init time at various stages we are loading various
+  PNOR partition containers from the flash device. When we load a flash
+  resource STB calls the CVC verify and trusted measure(sha512) functions.
+  So when we have a flash resource gets loaded before STB initialization,
+  then cvc verify function fails to start the verify and enforce the boot.
+
+  Below is one of the example failure where our VERSION partition gets
+  loading early in the boot stage without STB initialization done.
+
+  This is with secure mode off.
+  STB: VERSION NOT VERIFIED, invalid param. buf=0x305ed930, len=4096 key-hash=0x0 hash-size=0
+
+  In the same code path when secure mode is on, the boot process will abort.
+
+  So this patch fixes this issue by calling cvc verify only if we have
+  STB init was done.
+
+  And also we need a permanent fix in init path to ensure STB init gets
+  done at first place and then start loading all other flash resources.
+- libstb/tpm_chip: Add missing new line to print messages.
+- libstb: increase the log level of verify/measure messages to PR_NOTICE.
+
+  Currently libstb logs the verify and hash caluculation messages in
+  PR_INFO level. So when there is a secure boot enforcement happens
+  in loading last flash resource(Ex: BOOTKERNEL), the previous verify
+  and measure messages are not logged to console, which is not clear
+  to the end user which resource is verified and measured.
+  So this patch fixes this by increasing the log level to PR_NOTICE.