summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* test/parser: Add rhel8 test data to check_DATAHEADmasterJeremy Kerr2020-01-251-0/+2
| | | | | | We want these included in the distribtion tarball too. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* docker: build petitboot outside of the source dirJeremy Kerr2020-01-251-1/+1
| | | | | | Ensure that srcdir != builddir builds will keep working. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* Remove unused 's' fileJeremy Kerr2020-01-251-0/+0
| | | | | | Remove a spurious (empty) file. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover: Check if the kernel image has Ultravisor supportMaxiwell S. Garcia2020-01-254-0/+80
| | | | | | | | | | | | | | | | | | The PPC kernel image has an ELF Note 'namespace' called 'PowerPC' to store capabilities and information which can be used by a bootloader or userland. The capabilities can be accessed using the 'type' PPC_ELFNOTE_CAPABILITIES which returns a bitmap as 'descriptor' field. Bit 0 in this bitmap indicates that the powerpc kernel binary knows how to run in an ultravisor-enabled system. So, using this bit, the petitboot can decide to abort the boot if the kernel is incompatible, avoiding the crash later. This validation only occours on PowerPC ultravisor-system and if the config 'preboot check' in UI screen is enabled. Signed-off-by: Maxiwell S. Garcia <maxiwell@linux.ibm.com>
* ui/ncurses: Add preboot check option in the config screenMaxiwell S. Garcia2020-01-257-2/+73
| | | | | | | | | | | | | | | | Petitboot might run some checks to validate the kernel images before call the kexec load. This patch adds both 'preboot check' option in the config UI screen and a NVRAM variable 'petitboot,preboot-check' to make the user choice persistent. The 'preboot check' is enabled by default. The 'petitboot,preboot-check' is created on NVRAM only when 'preboot check' is disabled by the user. NVRAM property changed to preboot-check, small label changes and help text added by Jeremy Kerr <jk@ozlabs.org>. Signed-off-by: Maxiwell S. Garcia <maxiwell@linux.ibm.com> Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover: Add helper functions to read ELF notesMaxiwell S. Garcia2020-01-233-1/+118
| | | | | | | | | | | | | | | | | The libelf has low level functions to access the ELF structures. This commit adds two external higher level functions: elf_open_image(): - Get the ELF structure from a binary; elf_getnote_desc() - Get the ELF note 'descriptor' using both namespace and ELF type. The definitions used in the 'elf.h' was taken from linux source code: - arch/powerpc/include/asm/elfnote.h - arch/powerpc/kernel/note.S Signed-off-by: Maxiwell S. Garcia <maxiwell@linux.ibm.com>
* configure: Add libelf as a requirementMaxiwell S. Garcia2020-01-234-2/+16
| | | | | | | | | | With this library, petitboot is able to open the ELF binary to check information, like annotation in ELF notes section. Minor libelf-dw dependency additions by Jeremy Kerr <jk@ozlabs.org>. Signed-off-by: Maxiwell S. Garcia <maxiwell@linux.ibm.com> Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/boot: unify verification failure messagesJeremy Kerr2020-01-231-23/+22
| | | | | | | | | | | | Currently, we have two sites where the result of validate_boot_files is interpreted: in kexec_load, and boot_process. In the former, we generate the pb_log message, and in the latter we generate the status message. This means we have separate places to maintain similar error messages, which is prone to future errors. This change does all of the interpretation directly after calling validate_boot_files(). Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/boot: add support for `kexec -s` for kexec_file_loadJeremy Kerr2020-01-231-24/+57
| | | | | | | | | | | kexec supports a -s option to perform a kexec_file_load syscall (in place of a kexec_load). This is triggered through the -s argument to kexec. This change adds support for calling kexec with -s. If that fails, we fall back to -l. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* ui/ncurses: Add secure & trusted boot statusJeremy Kerr2020-01-231-0/+9
| | | | Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/powerpc: detect secureboot enforcing modeJeremy Kerr2020-01-231-0/+28
| | | | | | | | As per the OPAL devicetree specification: https://github.com/open-power/skiboot/blob/master/doc/device-tree/ibm%2Csecureboot.rst Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* protocol,types: Add secure & trusted boot state to system infoJeremy Kerr2020-01-232-0/+21
| | | | | | | | | | Add state of secure & trusted boot to struct system_info: - fw_measurement: whether the firmware has been measured - fw_enforcing: whether the firmware has been authenticated - os_enforcing: whether the boot payload will be authenticated Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* lib/types: consolidate struct system_info layout with serialised versionJeremy Kerr2020-01-231-1/+1
| | | | | | | We currently serialise the BMC MAC at the end of a system info message, so update struct system_info to suit. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* lib/pb-protocol: fix ordering of system info length calculationJeremy Kerr2020-01-231-3/+3
| | | | | | ... to match the definition of struct system_info. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* test/parser: Add RHEL8 grub config testJeremy Kerr2019-11-293-0/+212
| | | | Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* test/parser: Add test for recent RHCOS grub2 configJeremy Kerr2019-11-293-0/+233
| | | | | | | Add a test for a RHCOS grub2 boot config, using the ignition firstboot facility. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/grub2: implement 'source' commandJeremy Kerr2019-11-297-1/+256
| | | | | | | | | | This change add support for the grub2 'source' command, executing a referenced script in the current parse context. We impose a limit of 10 (concurrent) source commands, to prevent infinite recursion. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/grub2: make statements_execute non-staticJeremy Kerr2019-11-292-1/+4
| | | | | | | We want to execute newly-parsed statements, so expose statements_execute() to the rest of the grub2 parser code. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/grub2: expose internal parse functionJeremy Kerr2019-11-293-5/+22
| | | | | | | | | Upcoming changes will need a method to parse a secondary file (to support the 'source' command), but not execute it as a new script. This change exposes the parsing code, separate from the execution code. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/grub2: Add a reference from script to parserJeremy Kerr2019-11-292-0/+2
| | | | | | | Future commands will need to access the parser, so add a reference from struct grub2_script. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/grub2: Allow (device)/path references in general script usageJeremy Kerr2019-11-295-9/+104
| | | | | | | | | | | Currently, we have support for grub2 (device)/path syntax for boot resources. This change allows this syntax for general paths in grub2 scripts (for example, -f tests). This involves exposing grub2_lookup_device, to allow the script execution code to resolve pathnames. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/grub2: add support for grub2-style path specifiers in resourcesJeremy Kerr2019-11-296-37/+147
| | | | | | | | | | | | This change incorporates the grub2-style (device)/path specifiers in the grub2 parser's resource code. This allows the boot option paths to use device-specific references. Device names are looked-up using the UUID and kernel IDs, but with the lookup logic specific to a new function (grub2_lookup_device), so that can be extended in a future change. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/grub2: Add parsing code for grub2 file specifiersJeremy Kerr2019-11-292-0/+42
| | | | | | | This change adds a (currently unused) function to parse (device)/path references from grub scripts. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/grub2: expose a struct for grub2 file referencesJeremy Kerr2019-11-292-15/+17
| | | | | | | | | | | | | | | | Currently, we have struct grub2_resource_info to keep references to boot payloads that may be returned in boot options, and be (conditionally) resolved by the parser. We'd also like to use the same semantics for other file references in the grub2 parser, for arbitrary usage in scripts - where files are also referenced by a path and an optional device. To do this, this change moves struct grub2_resource_info to grub2.h, and renames to struct grub2_file. Future changes will use this for script-internal file handling. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/grub2: Add support for UUID and label for 'search' commandJeremy Kerr2019-11-294-3/+156
| | | | | | | | This change adds support for searching by UUID and filesystem label. We still fall back to passthrough if the UUID is not found, but we now resolve to device ID strings. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/grub2: test for (ignored) --no-floppy argumentJeremy Kerr2019-11-291-2/+4
| | | | | | | --no-floppy is used almost everywhere, so add it to the tests. The code will already ignore unknown arguments, but ensure that this works OK. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/grub2: Use getopt for `search` argument parsingJeremy Kerr2019-11-293-5/+62
| | | | | | | | | | | | The search command will be extended to add the full set of grub2-style arguments, so switch to using getopt, rather than manual parsing. This means we now support `--set=foo` and `--set foo` style arguments, both of which appear in the docs and common grub configs. Also, add a small test for the search argument handling. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/grub2: 'search' set-variable defaults to rootJeremy Kerr2019-11-291-2/+2
| | | | | | | If no --set= argument is specified, default to the variable named 'root', as per current grub docs. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/platform-powerpc: don't copy IANA from mbox to bufferMaxim Polyakov2019-10-081-7/+13
| | | | | | | | This patch adds code that takes into account the size of the IANA identifier number in the mailbox and doesn't copy it into the data buffer Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
* discover/platform-powerpc: add mailbox message structureMaxim Polyakov2019-10-082-31/+52
| | | | | | | | Use structure for the IPMI response mailbox message instead of raw byte array as its done in the ipmitool utility: https://github.com/ipmitool/ipmitool/commit/62a04390e10f8e62ce16b7bc95bf6ced419b80eb Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
* discover/platform-powerpc: return the actual mailbox sizeMaxim Polyakov2019-10-081-6/+7
| | | | | | | get_ipmi_boot_mailbox_block() should return the actual size of the received IPMI mailbox data Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
* discover/platform-powerpc: limit mailbox response sizeMaxim Polyakov2019-10-081-14/+17
| | | | | | | | | | | The maximum size of the mailbox with Boot Initiator info is defined in the specification (1). The code should not extract data from the IPMI response message if its size exceeds the maximum limit from the specification. [1] page 398, IPMI Specification v2.0, Revision 1.1, October 1, 2013 Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
* discover/platform-powerpc: add missing mbox block selectorMaxim Polyakov2019-10-081-4/+11
| | | | | | | | | | | | | | | | | | | | | According to IPMI Specification, in the IPMI response message with boot initiator mailbox information block, byte 4 should be used as the block selector (1). However, this parameter isn`t taken into account in the code and bytes 4-6 in the block 0 are defined as the IANA enterprise ID number. Thus, IANA contains an invalid value and doesn`t match the IBM ID. For this reason, the get_ipmi_boot_mailbox() procedure fails with error and the boot options from mailbox doesn`t apply. /var/log/petitboot/pb-discover.log: IANA number unrecognised: 0x00:0x02:0x00 This patch adds the missing block selector parameter. It has been tested on the YADRO Vesnin P8 Server with the Openbmc [1] page 398, IPMI Specification v2.0, Revision 1.1, October 1, 2013 Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
* pb-console: don't modify PATH unless it's emptyJeremy Kerr2019-10-081-3/+1
| | | | | | | | | | | We're now running pb-console through a proper login shell, so we shouldn't need to modify PATH, as we expect it to be properly set up by the shell profile. This change removes the unconditional PATH modification, so we only set a basic PATH if it's currently empty. Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* pb-console: start shell as a login shellJeremy Kerr2019-10-081-1/+1
| | | | | | | | | | | | | The environment that pb-console starts is minimal, as we have likely been run by udev. Because we're starting a shell, we want the proper profile set up, so run as a login shell. This assumes the shell accepts -l, but we already have an assumption for supporting -m (as /bin/ash does). Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
* discover/grub2: Allow to separate the --id argument using a space charJavier Martinez Canillas2019-06-214-3/+80
| | | | | | | | | | | | The GRUB menuentry command allows to separate the arguments for options using either a '=' or a ' '. The latter is the convention used when the menu entries are defined in the GRUB config file, but this is currently not supported by Petitboot. Add tests to cover both using '--id=foo' and '--id foo' as options. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover/grub2: Allow using title for default even if id was definedJavier Martinez Canillas2019-06-212-7/+5
| | | | | | | | | | | | | | | A default menu entry can be chosen using any of the following attributes: index, title or id (if the entry was defined with the --id option). But Petitboot doesn't honor this correctly and only compares the default with the menu entry title if the entry doesn't have an id defined. This is wrong since an index or title can be used even if an id was defined. This issue wasn't covered by the test that sets a default using a title because the menu entries didn't have an id defined. Add an id to them. Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* travis: Publish sphinx docs to Github pagesSamuel Mendoza-Jonas2019-06-072-2/+19
| | | | | | Use Travis to build and publish the Sphinx docs automatically. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* doc: Start writing some in-tree documentationSamuel Mendoza-Jonas2019-06-0715-0/+470
| | | | | | | | | | | Use sphinx-docs to start adding some proper in-tree documentation that will be easy to generate and display. Documentation exists in various places around the internet but there isn't a consolidated, up-to-date source. This starts to sketch out the framework for a good central source of documentation. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* Remove outdated TODO fileSamuel Mendoza-Jonas2019-06-071-39/+0
| | | | | | | | There's still plenty to do and patches are still very welcome, but the TODO file departed from reality a very long time ago; better to start over again. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* utils: Optionally run utilities as rootSamuel Mendoza-Jonas2019-06-071-1/+12
| | | | | | | In particular this fixes running pb-plugin executables from the UI since the wrapper requires root to set up the environment. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* utils: Quote plugin name and vendor variablesSamuel Mendoza-Jonas2019-05-301-2/+2
| | | | | | Otherwise we only get the first word displayed in the UI. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* Various fixups and checks to make scan-build happySamuel Mendoza-Jonas2019-05-3014-45/+71
| | | | Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* utils/pb-console: Use -m to run shell in own process groupv1.10.3Samuel Mendoza-Jonas2019-04-011-1/+1
| | | | | | | | Use -m to have the shell spawned by pb-console run it its own process group, allowing commands such as Ctrl-C (SIGINT) to behave as expected rather than killing the shell. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* ui/ncurses: Add prompt for LUKS device passwordSamuel Mendoza-Jonas2019-03-266-8/+219
| | | | | | | | | | | | | | | Implement device_add() in cui_client_ops and use this interface to recognise when the server notifies the client of an encrypted device. A "device header" will be created for this device and added to the menu with no associated boot options. The nc-auth prompt is extended to ask for a disk password when the device header for an encrypted device is selected. Assuming the password is correct pb-discover will remove the original device and notify the client about the newly opened device, which will be reflected in the menu. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* discover: Recognise and open LUKS encrypted partitionsSamuel Mendoza-Jonas2019-03-265-7/+206
| | | | | | | | | | | | | | Handle devices encrypted with LUKS and call cryptsetup to open them if a client sends the associated password. If a new device has the "crypto_LUKS" filesystem type it is marked as a LUKS device and sent to clients but further discovery is not performed. Once a client sends the device's password cryptsetup is called to open it. The opened device will appear separately, so the source device is "forgotten" at this point and then the newly opened device is treated as a normal partition. On destruction the device is "closed" with cryptsetup so that discovery can start from the beginning. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* lib: Add AUTH_MSG_DECRYPTSamuel Mendoza-Jonas2019-03-065-0/+31
| | | | | | | | | Extend the auth_message struct to support the AUTH_MSG_DECRYPT operation, allowing the existing authentications methods to be used for passing a disk password from the UI to pb-discover. In addition add DEVICE_TYPE_LUKS to identify encrypted disk devices. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* lib/process: Add option to pipe to process stdinSamuel Mendoza-Jonas2019-03-062-0/+34
| | | | | | | | If pipe_stdin exists, create a second pipe to write to the child process's STDIN. This allows Petitboot to pipe information to a process, for example piping a LUKS password to cryptsetup. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* lib/system: Add cryptsetup utilitySamuel Mendoza-Jonas2019-03-063-0/+3
| | | | Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
* utils/pb-console: Trap SIGTERM on bootv1.10.2Samuel Mendoza-Jonas2019-03-061-2/+1
| | | | | | | | | | | | | | | | On kexec all processes will be sent a SIGTERM and SIGKILL. By default there are messages on the console alerting the user to this, however in some implementations these messages are disabled. This can have the effect of the UI seemingly exiting to the shell on boot and hanging for a short while before the kexec actually jumps into the next kernel. Trap the SIGTERM sent to the pb-console parent process and print a short message to the screen instead of momentarily dropping to the shell and printing the usual help messages. While here also cleanup the shell help messages below which are now handled in the shell's .shrc file. Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
OpenPOWER on IntegriCloud