| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The PPC kernel image has an ELF Note 'namespace' called 'PowerPC'
to store capabilities and information which can be used by a
bootloader or userland. The capabilities can be accessed using
the 'type' PPC_ELFNOTE_CAPABILITIES which returns a bitmap
as 'descriptor' field.
Bit 0 in this bitmap indicates that the powerpc kernel binary
knows how to run in an ultravisor-enabled system. So, using this
bit, the petitboot can decide to abort the boot if the kernel is
incompatible, avoiding the crash later.
This validation only occours on PowerPC ultravisor-system and if
the config 'preboot check' in UI screen is enabled.
Signed-off-by: Maxiwell S. Garcia <maxiwell@linux.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Petitboot might run some checks to validate the kernel images before
call the kexec load. This patch adds both 'preboot check' option in the
config UI screen and a NVRAM variable 'petitboot,preboot-check' to make
the user choice persistent.
The 'preboot check' is enabled by default. The 'petitboot,preboot-check'
is created on NVRAM only when 'preboot check' is disabled by the user.
NVRAM property changed to preboot-check, small label changes and help
text added by Jeremy Kerr <jk@ozlabs.org>.
Signed-off-by: Maxiwell S. Garcia <maxiwell@linux.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The libelf has low level functions to access the ELF structures.
This commit adds two external higher level functions:
elf_open_image():
- Get the ELF structure from a binary;
elf_getnote_desc()
- Get the ELF note 'descriptor' using both namespace and ELF type.
The definitions used in the 'elf.h' was taken from linux source code:
- arch/powerpc/include/asm/elfnote.h
- arch/powerpc/kernel/note.S
Signed-off-by: Maxiwell S. Garcia <maxiwell@linux.ibm.com>
|
|
|
|
|
|
|
|
|
|
| |
With this library, petitboot is able to open the ELF binary to check
information, like annotation in ELF notes section.
Minor libelf-dw dependency additions by Jeremy Kerr <jk@ozlabs.org>.
Signed-off-by: Maxiwell S. Garcia <maxiwell@linux.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, we have two sites where the result of validate_boot_files is
interpreted: in kexec_load, and boot_process. In the former, we generate
the pb_log message, and in the latter we generate the status message.
This means we have separate places to maintain similar error messages,
which is prone to future errors. This change does all of the
interpretation directly after calling validate_boot_files().
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
| |
kexec supports a -s option to perform a kexec_file_load syscall (in
place of a kexec_load). This is triggered through the -s argument to
kexec.
This change adds support for calling kexec with -s. If that fails, we
fall back to -l.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
| |
As per the OPAL devicetree specification:
https://github.com/open-power/skiboot/blob/master/doc/device-tree/ibm%2Csecureboot.rst
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
| |
This change add support for the grub2 'source' command, executing a
referenced script in the current parse context.
We impose a limit of 10 (concurrent) source commands, to prevent
infinite recursion.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
| |
We want to execute newly-parsed statements, so expose
statements_execute() to the rest of the grub2 parser code.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
| |
Upcoming changes will need a method to parse a secondary file (to
support the 'source' command), but not execute it as a new script.
This change exposes the parsing code, separate from the execution code.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
| |
Future commands will need to access the parser, so add a reference from
struct grub2_script.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, we have support for grub2 (device)/path syntax for boot
resources. This change allows this syntax for general paths in grub2
scripts (for example, -f tests).
This involves exposing grub2_lookup_device, to allow the script
execution code to resolve pathnames.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change incorporates the grub2-style (device)/path specifiers in the
grub2 parser's resource code. This allows the boot option paths to use
device-specific references.
Device names are looked-up using the UUID and kernel IDs, but with the
lookup logic specific to a new function (grub2_lookup_device), so that
can be extended in a future change.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
| |
This change adds a (currently unused) function to parse (device)/path
references from grub scripts.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, we have struct grub2_resource_info to keep references to boot
payloads that may be returned in boot options, and be (conditionally)
resolved by the parser.
We'd also like to use the same semantics for other file references in
the grub2 parser, for arbitrary usage in scripts - where files are
also referenced by a path and an optional device.
To do this, this change moves struct grub2_resource_info to grub2.h, and
renames to struct grub2_file. Future changes will use this for
script-internal file handling.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
| |
This change adds support for searching by UUID and filesystem label.
We still fall back to passthrough if the UUID is not found, but we now
resolve to device ID strings.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The search command will be extended to add the full set of grub2-style
arguments, so switch to using getopt, rather than manual parsing.
This means we now support `--set=foo` and `--set foo` style arguments,
both of which appear in the docs and common grub configs.
Also, add a small test for the search argument handling.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
| |
If no --set= argument is specified, default to the variable named
'root', as per current grub docs.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
| |
This patch adds code that takes into account the size of the IANA
identifier number in the mailbox and doesn't copy it into the data
buffer
Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
|
|
|
|
|
|
|
|
| |
Use structure for the IPMI response mailbox message instead of raw byte
array as its done in the ipmitool utility:
https://github.com/ipmitool/ipmitool/commit/62a04390e10f8e62ce16b7bc95bf6ced419b80eb
Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
|
|
|
|
|
|
|
| |
get_ipmi_boot_mailbox_block() should return the actual size
of the received IPMI mailbox data
Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The maximum size of the mailbox with Boot Initiator info is defined in
the specification (1). The code should not extract data from the IPMI
response message if its size exceeds the maximum limit from the
specification.
[1] page 398, IPMI Specification v2.0, Revision 1.1, October 1, 2013
Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to IPMI Specification, in the IPMI response message with
boot initiator mailbox information block, byte 4 should be used as
the block selector (1). However, this parameter isn`t taken into
account in the code and bytes 4-6 in the block 0 are defined as the
IANA enterprise ID number. Thus, IANA contains an invalid value and
doesn`t match the IBM ID. For this reason, the get_ipmi_boot_mailbox()
procedure fails with error and the boot options from mailbox doesn`t
apply.
/var/log/petitboot/pb-discover.log:
IANA number unrecognised: 0x00:0x02:0x00
This patch adds the missing block selector parameter.
It has been tested on the YADRO Vesnin P8 Server with the Openbmc
[1] page 398, IPMI Specification v2.0, Revision 1.1, October 1, 2013
Signed-off-by: Maxim Polyakov <m.polyakov@yadro.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The GRUB menuentry command allows to separate the arguments for options
using either a '=' or a ' '. The latter is the convention used when the
menu entries are defined in the GRUB config file, but this is currently
not supported by Petitboot.
Add tests to cover both using '--id=foo' and '--id foo' as options.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A default menu entry can be chosen using any of the following attributes:
index, title or id (if the entry was defined with the --id option).
But Petitboot doesn't honor this correctly and only compares the default
with the menu entry title if the entry doesn't have an id defined. This
is wrong since an index or title can be used even if an id was defined.
This issue wasn't covered by the test that sets a default using a title
because the menu entries didn't have an id defined. Add an id to them.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handle devices encrypted with LUKS and call cryptsetup to open them if a
client sends the associated password.
If a new device has the "crypto_LUKS" filesystem type it is marked as a
LUKS device and sent to clients but further discovery is not performed.
Once a client sends the device's password cryptsetup is called to open
it. The opened device will appear separately, so the source device is
"forgotten" at this point and then the newly opened device is treated as
a normal partition. On destruction the device is "closed" with
cryptsetup so that discovery can start from the beginning.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Buildroot's libdm is not built with --enable-udev_sync, so device-mapper
actions are not able to sync or wait for udev events.
(see 185676316, "discover/devmapper: Disable libdm udev sync support")
This can cause an issue when tearing down a snapshot in
devmapper_destroy_snapshot() which performs a DM_DEVICE_REMOVE task
against the snapshot, origin, and base devices one after the other. In
some cases if the interval between these actions is too short the action
can fail as the preceding device hasn't disappeared yet and the device
being removed is still busy.
Since we don't yet have a way to tell exactly when the device is ready,
pause for a short time and retry the action, letting
devmapper_destroy_snapshot() continue and, for example, letting
mount_device() fall back to the physical device.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The IPMI Get System Boot Options commands includes parameter 7, the
"boot initiator mailbox". This can be used to hold arbitrary data to
influence the boot order.
Use this to provide an alternate bootdev configuration to Petitboot that
will override the one saved to NVRAM. This provides more fine grained
override options than the existing device-type based overrides.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Keep track of the default boot option, and prefix its display name with
a '(*)' to point it out to the user.
This avoids having to authenticate with pb-discover even if only booting
the default option.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
If petitboot,password exists set it as the root password. This will be
the password used to authenticate clients.
This is the *hash* of a password as it would appear in /etc/shadow, not
the password itself.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If crypt support is enabled restrict what actions clients can perform by
default. Initial authorisation is set at connection time; clients
running as root are unrestricted, anything else runs as restricted until
it makes an authentication to pb-discover.
Unprivileged clients may only perform the following actions:
- Boot the default boot option.
- Cancel the autoboot timeout.
- Make an authentication request.
If a group named "petitgroup" exists then the socket permissions are
also modified so that only clients running as root or in that group may
connect to the socket.
The user-event socket is only usable by root since the two main
usecases are by utilities called by pb-discover or by a user in the
shell who will need to su to root anyway.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
The pb_urls for the boot resources use 'opt' as the talloc parent but
this may be NULL, for example if this is a user-created boot option.
Move the boot_task initialisation so it can be used as the talloc parent
instead.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
This commit adds support for the initrd16 builtin
which compliments the existing linux16 support and
improves usability on x86 platforms.
Signed-off-by: Shawn Anastasio <shawn@anastas.io>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few places where we print out the response buffer from an IPMI command
weren't updated when log timestamps were added, resulting in very hard
to read output. Add a little helper to format buffers and use it to
print these with only one timestamp.
Example:
[04:59:01] ipmi_get_bmc_versions: BMC version resp [0][16]:
0x00 0x20 0x01 0x02 0x13 0x02 0xbf 0x00
0x00 0x00 0xbb 0xaa 0x58 0x98 0x01 0x00
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ncurses UI sets a few console options at startup that are needed for
ncurses to work properly. These aren't reset however and can lead to
quirks like the cursor being invisible after kexecing to the next
kernel.
The UI process doesn't have time to reset these when it is killed by
kexec, so instead add a 'boot_active' field to status updates. This is
set by boot.c's update handler so the UI can assume it is about to boot
if it receives a status update with this field, and resets the console
options. If the boot is cancelled for any reason the status update will
reflect that and the console options are restored.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Occasionally you look at some code and realise that a) this never gets
built, and b) even if it did it would never compile. Today's example is
native-parser.c which we must have just assumed worked for quite a
while.
The native parser has bitrotted entirely and needs to be brought up to
date. While we're here, lets take the chance to implement a proper
grammar for it. This helps us reason more effectively about the parser,
lets us extend it easily in the future, and.. I wanted to write a Bison
parser too.
This implements most of the old functionality, but drops off some
smaller details like settings icons which needs some separate attention
to bring up to date.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
The discover/params code is an artifact from a long time ago, and isn't
used by anything today: remove it.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The kboot parser doesn't set a default option. Change it so that if we
see the 'default' parameter we match against this value when deciding if
an option should be set as default.
For example:
default=linux
linux='/vmlinux initrd=/initrd arg1=value1 arg2'
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a device requery is triggered we cancel any default boot option on
the device. This also disables autoboot which we don't want; any boot
options found after the requery will not be able to autoboot.
To avoid this restore the existing autoboot setting after checking for
default options.
This prevents a particular corner case where a default boot option has
been selected for boot but one of its boot files has stalled or is
taking more time to download than the requery timeout and the requery
accidentally cancels autoboot preventing Petitboot from trying to boot
again.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
If a 'name' parameter is used for a boot user event, search existing
boot options for one that matches that name on the given device.
This allows a pb-event user to boot based on name rather than having to
specify the exact boot arguments.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
For convenience, add a new efi data attributes macro
EFI_DEFALT_ATTRIBUTES.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
| |
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
Signed-off-by: Ge Song <ge.song@hxt-semitech.com>
[Split from a larger patch and cleaned up]
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|