| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
| |
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
|
|
|
|
|
|
|
|
| |
In some environments a default 'tun' device is created. Petitboot
doesn't use this and it clutters up the list of network devices, so
ignore it if it is encountered.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
If we don't specify command line arguments for the next kernel, kexec
will add the contents of /chosen/bootargs if present. This is unintended
and not obvious to the user, so explicitly add append="" to the kexec
arguments if we have none to add instead.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a user event named 'sync' that causes the discover server to merge
the devicemapper snapshots of mounted devices. This is particularly
useful as a debug aid (for example, when copying logs to a USB device),
as the server will otherwise only sync changes to mounted devices in
response to parser actions.
The command can be called as
pb-event sync@device
to sync a particular device, or as
pb-event sync@all
to sync all devices with snapshots.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
If one of a device's boot options is the current default boot option,
make sure the default boot is cancelled before the device is removed.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
In some cases additional netlink messages can be received for an
already-configured interface without any relevant changes. This can
result in multiple DHCP requests for the same interface.
Once an interface has been configured mark it as IFSTATE_CONFIGURED
to avoid configuring it again.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
With a kernel that has IPMI support Petitboot will try to use direct
IPMI, however on FSP machines this is not fully functional. Use direct
IPMI only on BMC-based machines, and use sysparams otherwise.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
All boot options must at least have a boot image; ignore any options
that do not before trying to resolve them.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
If boot_tty is set or a boot command is sent manually from a certain
console, set the boot_tty environment variable to be used by a boot hook
before kexec.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
Add the NVRAM parameter petitboot,tty which sets the default console to
use when booting a kernel.
In load_config() construct a list of available consoles depending on the
current platform. A future patch depending on firmware changes will
allow this list to be constructed dynamically.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on the configuration of the DHCP server and the network, tftp
requests made by the pxe parser can timeout. The pxe parser makes these
requests synchronously so several timeouts can block the server
completely for several minutes, leaving the server unresponsive to UI
requests.
Rework the pxe parser such that it handles the result of each tftp
request in a callback, which can complete after iterate_parsers() has
returned. Each callback is allocated its own conf_context which takes a
talloc reference on the discover_context so that each callback can
commit new boot options after the initial iterate loop has completed.
This also means talloc_unlink must be used instead by the original
parent of the discover_context.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Substitute load_url_async() when running tests to support direct
callers of load_url_async() who will expect to read a file in a
callback.
Stub out device_handler_discover_context_commit() since it will remove
discover_options from the given discover_context, but the tests will
check the discover_context to count boot_options.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
Rename boot_status() to device_handler_boot_status() and make it
accessible by files that include device-handler.h. This enables the boot
status to be updated from additional callers, in particular within
parser functions.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In one case get_ipmi_bootdev_ipmi() can return 0 on an error, which
leads to bootdev being treated as a valid bootdev despite being
uninitialised. If the planets line up correctly and bootdev is less than
or equal to IPMI_BOOTDEV_SETUP, Petitboot will incorrectly apply an IPMI
override.
Update the error return value in get_ipmi_bootdev_ipmi(), and properly
initialise bootdev.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows URLs of the form file:///path/to/local/file.conf to be used
in nc-add-url, in order to access configuration files relative
to the root directory. This is primarily a debugging tool aimed at
developers rather than an expected use case.
The DEVICE_TYPE_ANY enum is used in this case to represent that a
resulting boot option is not associated with any device in the
traditional sense, and in the UI is represented as a "Custom Local
Option".
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently there is no way to manually specify a DTB file when with a PXE
network boot configuration file. This makes it difficult when you need
to work with or emulate a special snowflake machines with special snowflake
hardware.
Some ARM systems provide this feature with the "fdt" option so this patch
adds support for using the ftd or dtb configuration options to the PXE
config parser.
Signed-off-by: Oliver O'Halloran <oohall@gmail.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Add a user event to send a boot command to the discover server.
The format of the boot command is similar to the add command, eg:
pb-event boot@eth0 image="http://host/image" initrd="http://host/initrd"
and also recognises "id", "dtb", and "args" arguments.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GRUB2 does not set $0 in functions, so don't set it in our GRUB2
script parser. (As it doesn't have a value in GRUB2 scripts, probably
no GRUB2 script depends on the value of $0.) Additionally, dash and
bash set environment variable 0 to the name of the script (even in
functions), so the current behavior of $0 doesn't really match shell
scripts either.
Tested:
Existing tests pass.
Signed-off-by: Alan Dunn <amdunn@google.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GRUB2 allows essentially arbitrary numbers of positional arguments, so
ensure that they can be evaluated within scripts. GRUB2 also appears
to support arbitrary numbers of leading 0's in positional parameters
(i.e., $01 should evalute the same as $1), but this doesn't seem like
a particularly important case to support.
Tested:
Modified test-grub2-pos-param to cover higher-numbered positional
arguments.
Signed-off-by: Alan Dunn <amdunn@google.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
Fix some sparse warnings by using NULL instead of 0 and static-ifying a
variable not used outside its file.
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
As of libudev 218 udev_set_log_fn() is deprecated, causing a
-Wdeprecated-declarations warning when building, and is otherwise a
noop.
Add a configure check for libudev, and only call udev_set_log_fn() if
using a version older than 218.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
When a default boot timeout expires boot() is called via
default_timeout() rather than device_handler_boot(). default_timeout()
doesn't call platform_pre_boot() beforehand, which means steps such as
clearing a temporary boot device override are skipped.
Add a call to platform_pre_boot() immediately before boot() to ensure
these steps are performed regardless of boot type.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If udev doesn't export the ID_PART_ENTRY_SIZE variable for a device we
skip creating a snapshot for it. However in most cases the sysfs
attribute which udev reads to find ID_PART_ENTRY_SIZE is still
available. Therefore if we don't have access to ID_PART_ENTRY_SIZE try
to find the size in sysfs directly.
This allows us to create snapshots for devices which often don't have
this udev variable set, such as software raid (md) devices and NVMe
devices.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
| |
libdevmapper is a hard dependency since snapshots were introduced, so
add an unconditional configure-time check for it.
Also add a check for libflash library and headers if --enable-mtd is
set.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
If the persistent bit is set in a IPMI network override, overwrite any
existing interface config in NVRAM with the new network override.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 6c1a9dd, "discover: Allow fs recovery if snapshot available",
forced the use of 'norecovery' for all XFS mounts to avoid failing when
a cross-endian journal existed. This is a bit heavy handed, healthy XFS
file systems can still be safely mounted, as can dirty filesystems in
the same endian as Petitboot.
This adds try_mount() which opportunistically mounts devices and falls
back to using 'norecovery' where possible on failure. This enables XFS
filesystems to be mounted read-write when possible. try_mount() contains
the logic previously described by fs_parameters(), and should be used in
place of any existing calls to mount().
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a call to load_url_async() fails immediately, boot() will free the
boot task and return. If other jobs started by load_url_async()
are still running they will attempt to free their task struct in
load_url_process_exit(), however the original boot task is the parent
context of this process task, resulting in a double-free.
Instead call cleanup_cancellations if an error immediately occurs to
cancel any pending load operations safely before freeing the boot task.
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Positional parameters are set in the environment with '$' prepended to
the name. This causes lookups to fail because parameter lookups don't
include the '$'.
TESTED:
Added a test that covers positional parameters in GRUB2 parser.
Build succeeds, tests pass.
Bootstrapped-by: Nancy Yuen <yuenn@google.com>
Signed-off-by: Alan Dunn <amdunn@google.com>
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the GRUB2 parser incorrectly reports "[ -f <path> ]" as
false if the size of the file is above 1 MB. This patch changes the
parser interface to allow stating files (with parser_stat_file). Then
in the implementation of "[ -f <path> ]", we can use parser_stat_file
instead of parser_request_file which has the size limitation. I
eliminate parser_check_dir in lieu of this new interface, which has
the side effect of making "[ -d <path> ]" work (the error code for
stat was not checked correctly before).
I add a basic test for the test file operations -f, -s, and -d (to
show that my changes to test file operations do not break them) and
minorly modify the test framework to ensure it has enough fidelity to
cause the expected results. Unfortunately the test wouldn't have
caught the issue with -d, since the test framework stubs out the
parser interface itself. Nor can the test framework catch the initial
problem with -f because the imposed limit is (transitively) in
function parser_request_file.
Note that -f and -d follow symlinks despite the fact that GRUB does
not (see
http://lists.gnu.org/archive/html/grub-devel/2016-02/msg00142.html
discussing GRUB's behavior). This is not a change to Petitboot's
behavior though.
Tested:
The test test-grub2-test-file-ops passes. I booted Petitboot against
a GRUB snippet:
status=success
if [ ! -f /large_file -a $status = success ]
then status=fail_large_file
fi
if [ ! -d /a_directory -a $status = success ]
then status=fail_dir
fi
menuentry $status {
linux /vmlinux
}
(after making /large_file a file of size > 1 MiB and /a_directory a
directory) and the menuentry had title "success", as desired.
Signed-off-by: Alan Dunn <amdunn@google.com>
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems better to treat unset variable values as empty rather than
crashing in save_env. While GRUB's behavior is actually to delete the
variable from the environment block, it seems useful to at least not
crash while later on someone can do further work to improve GRUB
compatibility if desired.
Tested:
Modified test-grub2-save-env to cover this case.
Signed-off-by: Alan Dunn <amdunn@google.com>
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When queried libflash will return the 'first' flash side (ie. the one
with the lowest TOC address), however we label this the 'Current' side
which is incorrect if the machine has booted from the alternate side.
A future fix will inlcude additional platform logic to determine which
flash side is current; in the interim label the first flash side as
'Primary' instead of 'Current'.
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On BMC platforms the 'Get System Boot Options' command can also be used
to check for a temporary network interface config override. This is
implemented via the optional 'OEM Parameters' field defined in the IPMI
v2 spec. We define the actual format of the field as:
- 4 byte cookie value
- 2 byte version value
- 1 byte hardware address size
- 1 byte IP address size
- Hardware address
- 1 byte flags for 'ignore' and 'method'
And for static configs:
- IP Address
- 1 byte subnet value
- Gateway address
If set the config override replaces any other interface config, forcing
the use of the specified configuration.
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
On BMC machines the "Get Device ID" and "Get BMC Golden Side Version"
IPMI commands are available. If possible retrieve some interesting
version numbers and display them in the System Information screen.
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
On supported platforms read the VERSION partition on startup and display
the available versions strings in the System Information screen.
This adds a skeleton hostboot.c to support possible additional BMC
platform support.
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
| |
If "" or '' are used in a statement to omit a word, we must still
return a TOKEN_WORD for an empty string.
In particular this fixes an issue where Petitboot would fail to parse
the grub.cfg included in the Debian 8.2 install image, which includes a
menuentry statement with an empty name.
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
| |
Fixes Coverity defect #30472
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During install some distributions[0] will create subvolumes when formatting
the root filesystem with BTRFS. In particular this can mean that
bootloader config files will appear (in the case of GRUB) under
/var/petitboot/mnt/dev/$device/@/boot/grub/
rather than the expected
/var/petitboot/mnt/dev/$device/boot/grub/
If this is the case, perform all file operations from the parser
relative to this subvolume rather than the mount point. At the moment
this only supports the trivial case where the subvolume name for root is
blank (ie. '@').
[0] In particular, Ubuntu from at least 14.04
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, "save_env -f" in the GRUB2 parser only works with three
arguments, which means only commands of the form "save_env -f <path>"
that save *no* environment variables are allowed.
Allow "save_env -f <path> [<var>]*", making "save_env -f" useful.
Tested:
Unit test test-grub2-save-env-dash-f tests this change, and the
remaining unit tests still pass.
Signed-off-by: Alan Dunn <amdunn@google.com>
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The URL field currently only supports loading a particular file for
static network configurations. But it makes sense in certain static
network configurations to 'auto-discover' a file like petitboot does
with DHCP -- based off the MAC address and IP. Extend
device_handler_process_url to take those as parameters, and toggle off
the URL ending in a '/' to indicate whether to 'auto-discover' or
directly load the specified URL.
Signed-off-by: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
In certain configurations, e.g. automation, we want to use static
networking but load a particular file, automatically and parse it as a
pxelinux config file. Currently, we support something like this for DHCP
based booting, but not static. Add a URL field to the UI for static
configurations and reuse the logic from device_handler_process_url() to
load the specified file.
Signed-off-by: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
|
|
|
|
|
| |
Fixes Coverity defect #30479
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
|
|
|
|
|
| |
Fixes Coverity defect #30480
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
|
|
|
|
|
| |
Fixes Coverity defects #30474 and #30475
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
|
|
|
|
|
| |
Fixes Coverity defect #30471
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
|
|
|
|
|
|
|
|
| |
The check against ddev->mounted to cause an eject action is logically
impossible. Change it so a cdrom_eject() is called properly.
Change the return value to 'true' for any action caused by
DISK_EJECT_REQUEST - no further action is appropriate in this case
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
|
|
|
|
|
| |
Fixes Coverity defects #30481 and #30482
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|