| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
|
|
|
|
|
|
| |
As Segher points out, any compiler that is capable of building skiboot
will support these flags.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GCC 8 warns that -mno-direct-move is depreciated. We had it there so
we wouldn't use VSX registers in skiboot, as they are not
saved/restored, however Segher confirms:
> if you already have -mno-altivec then -mno-direct-move does zilch
So it was never doing anything.
Resolves: open-power/skiboot#186
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
|
|
|
|
|
| |
This warning appears to not be particularly useful if you ever
actually *want* to truncate a string.
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
|
|
|
|
|
|
| |
While CROSS can be set to a ppc64le toolchian, we don't want to build
for that target. Hardcode the target to powerpc64-linux-gnu.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
| |
We were using gcc instead of ld. This isn't required, as we're disabling
all of the things that gcc could do for us.
This helps enable clang as the compiler, with GNU ld used for the
final linking step.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
|
|
|
|
|
|
|
| |
Clang doesn't like some of the warnings we have, so silence the ones we
know about in order to enable the build to succeed. These should be
investigated and removed in once the code issues are resolved.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
|
|
|
|
|
|
| |
Clang needs to be told which target it's building for, as unlike GCC the
one binary targets many architectures.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
|
|
|
|
|
| |
Clang errors out when attempting to build with these flags present.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
|
|
|
|
|
|
|
| |
Ad a top level 'doc' target that builds the html docs when the user
types 'make doc'. Users who want other targets know that the docs live
under docs/, so can go looking there.
Signed-off-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Stewart Smith <stewart@linux.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes to build system to use thin archives rather than
incremental linking for built-in.o, similar to recent change to Linux.
built-in.o is renamed to built-in.a, and is created as a thin archive
with no index, for speed and size. All built-in.a are aggregated into
a skiboot.tmp.a which is a thin archive built with an index, making it
suitable or linking. This is input into the final link.
The advantags of build size and linker code placement flexibility are
not as great with skiboot as a bigger project like Linux, but it's a
conceptually better way to build, and is more compatible with link
time optimisation in toolchains which might be interesting for skiboot
particularly for size reductions.
Size of build tree before this patch is 34.4MB, afterwards 23.1MB.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hostboot will expect the label field of the stb header to contain
"PAYLOAD" for skiboot or it will fail to load and run skiboot.
The failure looks something like this:
53.40896|ISTEP 20. 1 - host_load_payload
53.65840|secure|Secureboot Failure plid = 0x90000755, rc = 0x1E07
53.65881|System shutting down with error status 0x1E07
53.67547|================================================
53.67954|Error reported by secure (0x1E00) PLID 0x90000755
53.67560| Container's component ID does not match expected component ID
53.67561| ModuleId 0x09 SECUREBOOT::MOD_SECURE_VERIFY_COMPONENT
53.67845| ReasonCode 0x1e07 SECUREBOOT::RC_ROM_VERIFY
53.67998| UserData1 : 0x0000000000000000
53.67999| UserData2 : 0x0000000000000000
53.67999|------------------------------------------------
53.68000| Callout type : Procedure Callout
53.68000| Procedure : EPUB_PRC_HB_CODE
53.68001| Priority : SRCI_PRIORITY_HIGH
53.68001|------------------------------------------------
53.68002| Callout type : Procedure Callout
53.68003| Procedure : EPUB_PRC_FW_VERIFICATION_ERR
53.68003| Priority : SRCI_PRIORITY_HIGH
53.68004|------------------------------------------------
Reported-by: Pridhiviraj Paidipeddi <ppaidipe@linux.vnet.ibm.com>
Tested-by: Pridhiviraj Paidipeddi <ppaidipe@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
| |
This gives us per-cpu guard values as well. For now I just
xor a magic constant with the CPU PIR value.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sb-signing-utils project has improved upon the skeleton
create-container tool that existed in skiboot, including
being able to (quite easily) create *signed* images.
This commit brings in that code (and makes it build in the
skiboot build environment) and updates our skiboot.*.stb
generating code to use the development keys.
We also update print-container as well, syncing it with the
upstream project.
Derived from github.com:open-power/sb-signing-utils.git
at v0.3-5-gcb111c03ad7f
(and yes, changes here will be submitted upstream)
Cc: Dave Heller <hellerda@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
| |
To (slightly) lower the barrier for contributions, we can make valgrind
optional with just a small amount of plumbing.
This allows make check to run successfully without valgrind.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The gcc powerpc64le cross compiler for x86 builds with -mcpu=power8 by
default, which does not match the powerpc64 compiler, and is not
the right thing to do for POWER7 support.
Pass -mcpu=power7 explicitly. This may cause a change of target on
existing BE toolchains.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When gcc is configured with --enabled-default-pie, sets -fpic which
does not need to be enabled, so remove it. Pass -fpie explicitly as
well just to be careful. This was observed with the powerpc64le cross
compiler for Debian.
This allows the powerpc64le toolchain to compile an almost identical
binary as the powerpc64 toolchain.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building with some toolchains, the gcc -pie option does not
enable the linker pie without explicitly passing it to ld,
resulting in a non-PIE binary that silently fails (due to
relocation failure). This was observed with the powerpc64le
cross compiler for Debian.
Pass -Wl,-pie explicitly, which allows the powerpc64le toolchain
to create a position independnet binary that boots.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent reworks were tested on the travis-ci system. Unfortunately, there
are configurations of running `make check` which the travis-ci doesn't
do. On some systems extra problems crop up.
Removing the stack size check is only done for the host compiler as the
check is only critical for skiboot its self where stack space is
contained.
Signed-off-by: Cyril Bur <cyril.bur@au1.ibm.com>
Reviewed-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
| |
We end up with a bit of a nasty hack to count the libflash symlinks
in gard and pflash as part of libflash code coverage, but it does
work and is unlikely to break anytime soon.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
| |
This enables us to do coverage reports on gard/pflash.
Reviewed-by: Cyril Bur <cyril.bur@au1.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a library for compression/decompression using xz.
The code comes from http://tukaani.org/xz/embedded.html.
The codebase has been kept as-is with a new Makefile.inc.
For libxz/Makefile.inc and Makefile.main :
Signed-off-by: Hemant Kumar <hemant@linux.vnet.ibm.com>
Acked-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Hemant Kumar <hemant@linux.vnet.ibm.com>
Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
| |
In the days of yore libpore was closed source and people wanted the
option to not use it. That's no longer the case so lets ditch all
the #ifdef crap.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
| |
This adds support for writing all the public key and signature fields to the
container header, and for dumping the prefix and software headers so they may
may be signed, and for signing those headers with the imprint keys.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: fixup warnings&build, include openssl-devel in CI dockerfiles]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
| |
stb leaves a bunch of files around even after clean. Fix this.
Signed-off-by: Michael Neuling <mikey@neuling.org>
[stewart@linux.vnet.ibm.com: use explicit TARGET rather than *.stb]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add an experimental option to do basic dead code and data elimintation
with -ffunction-sections/-fdata-sections/--gc-sections.
This saves about 80kB of text/data.
Also remove the use of of -ffunction-sections by default. This predates
git history, but I don't think there is a good reason to use it without
--gc-sections. The GCC manual says:
Only use these options when there are significant benefits from
doing so. When you specify these options, the assembler and linker
create larger object and executable files and are also slower. You
cannot use gprof on all systems if you specify this option, and you
may have problems with debugging if you specify both this option
and -g.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide an experimental option to compile using ELFv2 ABI even on big
endian builds. ELFv2 + BE is not officially supported by the toolchain,
but it works quite well. It may be useful as a small step toward a
little-endian build.
This saves about 200kB of text/data.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on how it was built, gcc will use the canary from a global
(works for us) or from the TLS (doesn't work for us and accesses
random stuff instead).
Fixing that would be tricky. There are talks of adding a gcc option
to force use of globals, but in the meantime, disable the stack
protector
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
[stewart@linux.vnet.ibm.com: add -fno-stack-protector]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
| |
We use r13 for our own stuff, make sure it's properly fixed
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We produce **UNSIGNED** skiboot.lid.stb and skiboot.lid.xz.stb as build
artifacts
These are suitable blobs for flashing onto Trusted Boot enabled op-build
builds *WITH* the secure boot jumpers *ON* (i.e. *NOT* in secure mode).
It's just enough of the Secure and Trusted Boot container format to
make Hostboot behave.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
Tested-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This greatly simplifies the build process for travis, yet makes it more
powerful and increases coverage without increasing wall time to test.
Travis has the concept of a build matrix, and we want to ensure we continue
to build succesfully on a variety of platforms and compiler combinations.
We limit what we run on some OSs to conserve vital sanity.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
| |
Fixes build break on 32bit ppc64 (e.g. PowerMac G5, where user space
is mostly 32bit).
Fixes: https://github.com/open-power/skiboot/issues/42
Reported-by: Andrei Warkenti <andrey.warkentin@gmail.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The full container header layout will be released soon either as
a separate github project or as part of hostboot.
This adds the secure boot header structures required by skiboot,
and also implements some helper routines related to containers.
Signed-off-by: Claudio Carvalho <cclaudio@linux.vnet.ibm.com>
[stewart@linux.vnet.ibm.com: Add unit test, print utility, use zero length
arrays to ensure sizeof() works correctly, add parsing function]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
| |
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
| |
We set it already in DEBUG builds and we use -fstack-protector-strong
in release builds which provides most of the benefits and is more
efficient.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
| |
This enables memory poisoning in allocations and list checking
among other things.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
| |
And use it to control the stack checker, memory poisoning and
CCAN's list debugging.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
| |
Fixes: 5fc07eaa (Produce XZ compressed skiboot.lid as part of build)
CC: Stewart Smith <stewart@linux.vnet.ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With a recent HostBoot change, we can have an XZ compressed PAYLOAD
that's automagically detected (looking at magic numbers).
This gives us three great benefits:
1) it's transparent, uncompressed skiboot.lid works everywhere
2) it lets us grow greater than 1MB binary, as long as we compress
down to <1MB
3) It speeds up boot. We currently compress down to 230kb rather than
922kb, which is much quicker to read off flash.
This patch produces skiboot.lid.xz alongside standard skiboot.lid.
We currently use crc32 as this is supported by hostboot. Future HB
may support crc64, but this seems to be disabled currently.
Having CRC32 in the PAYLOAD partition also gives the advantage of
error detection in PAYLOAD, which we previously did not have as it
was not an ECC protected partition.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
|
|
| |
.version is missing from the clean target. Fix this.
Found with 'make; make clean; git clean -dfx'
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|
|
|
|
|
|
| |
Include 'extract-gcov' in make clean.
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The story of extract-gcov is not necessarily a pleasant one, involving
GCC internals, padding of data structures, differences in data structures
that are designed to change whenever GCC wants to and a strong desire
to not implement a VFS in skiboot or some other streaming interface
(and associated userspace and other such blergh).
This patch makes us be all explicit about padding in the structures,
enabling -Wpadding for extract-gcov.c.
We also get all strict over the size of things and add support for
gcc 5.1, which added an extra counter.
There is likely GCC hacking in my future to make this a lot less
fragile.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In commit 8f5b8616, we introduced a dependency on libgcc, for the
__builtin_parityl() function in commit 6cfaa3ba.
However, if we're building with a biarch compiler, we may not have a
libgcc available.
This commit removes the __builtin_parityl() call, and replaces with the
equivalent instructions, and removes the dependency on libgcc.
Although this is untested, I have confirmed that the __builtin_parityl()
functions emits the same instructions (on power7 and power8, with
gcc-4.9) as we're using in the parity() function.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
[stewart@linux.vnet.ibm.com: only use inline asm for skiboot build]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
| |
| |
| |
| |
| |
| |
| | |
We create our own inttypes.h to get the correct printf formatting for
64bit numbers.
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In commit 8f5b8616, we introduced a dependency on libgcc, for the
__builtin_parityl() function in commit 6cfaa3ba.
However, if we're building with a biarch compiler, we may not have a
libgcc available.
This commit removes the __builtin_parityl() call, and replaces with the
equivalent instructions, and removes the dependency on libgcc.
Although this is untested, I have confirmed that the __builtin_parityl()
functions emits the same instructions (on power7 and power8, with
gcc-4.9) as we're using in the parity() function.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
[stewart@linux.vnet.ibm.com: only use inline asm for skiboot build]
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
| |
| |
| |
| | |
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|
|/
|
|
|
|
|
| |
Some versions of sparse (all?) don't support -std=gnu11 CFLAG, so filter
it out when calling sparse. Doesn't affect non-sparse build
Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
|