talos-petitboot, branch master

test/parser: Add rhel8 test data to check_DATA

2020-01-25T03:54:50+00:00

We want these included in the distribtion tarball too. Signed-off-by: Jeremy Kerr

docker: build petitboot outside of the source dir

2020-01-25T03:54:50+00:00

Ensure that srcdir != builddir builds will keep working. Signed-off-by: Jeremy Kerr

Remove unused 's' file

2020-01-25T03:54:50+00:00

Remove a spurious (empty) file. Signed-off-by: Jeremy Kerr

discover: Check if the kernel image has Ultravisor support

2020-01-25T03:54:50+00:00

The PPC kernel image has an ELF Note 'namespace' called 'PowerPC' to store capabilities and information which can be used by a bootloader or userland. The capabilities can be accessed using the 'type' PPC_ELFNOTE_CAPABILITIES which returns a bitmap as 'descriptor' field. Bit 0 in this bitmap indicates that the powerpc kernel binary knows how to run in an ultravisor-enabled system. So, using this bit, the petitboot can decide to abort the boot if the kernel is incompatible, avoiding the crash later. This validation only occours on PowerPC ultravisor-system and if the config 'preboot check' in UI screen is enabled. Signed-off-by: Maxiwell S. Garcia

ui/ncurses: Add preboot check option in the config screen

2020-01-25T03:54:27+00:00

Petitboot might run some checks to validate the kernel images before call the kexec load. This patch adds both 'preboot check' option in the config UI screen and a NVRAM variable 'petitboot,preboot-check' to make the user choice persistent. The 'preboot check' is enabled by default. The 'petitboot,preboot-check' is created on NVRAM only when 'preboot check' is disabled by the user. NVRAM property changed to preboot-check, small label changes and help text added by Jeremy Kerr . Signed-off-by: Maxiwell S. Garcia Signed-off-by: Jeremy Kerr

discover: Add helper functions to read ELF notes

2020-01-23T03:56:39+00:00

The libelf has low level functions to access the ELF structures. This commit adds two external higher level functions: elf_open_image(): - Get the ELF structure from a binary; elf_getnote_desc() - Get the ELF note 'descriptor' using both namespace and ELF type. The definitions used in the 'elf.h' was taken from linux source code: - arch/powerpc/include/asm/elfnote.h - arch/powerpc/kernel/note.S Signed-off-by: Maxiwell S. Garcia

configure: Add libelf as a requirement

2020-01-23T03:55:39+00:00

With this library, petitboot is able to open the ELF binary to check information, like annotation in ELF notes section. Minor libelf-dw dependency additions by Jeremy Kerr . Signed-off-by: Maxiwell S. Garcia Signed-off-by: Jeremy Kerr

discover/boot: unify verification failure messages

2020-01-23T01:02:43+00:00

Currently, we have two sites where the result of validate_boot_files is interpreted: in kexec_load, and boot_process. In the former, we generate the pb_log message, and in the latter we generate the status message. This means we have separate places to maintain similar error messages, which is prone to future errors. This change does all of the interpretation directly after calling validate_boot_files(). Signed-off-by: Jeremy Kerr

discover/boot: add support for `kexec -s` for kexec_file_load

2020-01-23T01:02:43+00:00

kexec supports a -s option to perform a kexec_file_load syscall (in place of a kexec_load). This is triggered through the -s argument to kexec. This change adds support for calling kexec with -s. If that fails, we fall back to -l. Signed-off-by: Jeremy Kerr

ui/ncurses: Add secure & trusted boot status

2020-01-23T01:02:43+00:00

Signed-off-by: Jeremy Kerr