| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit ce54f86 "Add petitboot,tty and track available consoles" added
the petitboot,tty parameter, but the petitboot,console parameter is also
recognised by Petitboot. These are ultimately handled by the 30-add-offb
and 80-set-stdout hooks respectively, but exist for mostly the same
purpose.
We consolidate these down to just the original petitboot,console
parameter. If the contents of petitboot,console have been configured by
Petitboot (ie. it is of the form /dev/dev# [ Description ]) we behave as
normal, otherwise we assume that petitboot,console contains a full
OF path to the intended console device and do not allow it to be
modified. This follows petitboot,console's original intent to be a debug
aid, and takes precedence over any other use.
The 80-set-stdout hook is removed as 30-add-offb now accounts for both
use cases.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
| |
'Console' is more readily understandable and technically more correct
than 'tty' for referring to the interfaces that Petitboot starts a UI on.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
Explicitly keep track of whether the current interface config was set by
an IPMI network override, and avoid overwriting any saved config unless
the override was marked persistent.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In certain cases, such as network booting over an untrusted connection,
it may be useful to fully encrypt and sign the kernel files.
Enable fully encrypted boot using builtin keyring via the addition of
the string "ENCRYPTED" to the first line of the /etc/pb-lockdown file.
This disables detached (plaintext) signature verification.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
|
| |
|
|
|
|
|
|
|
|
| |
Add tty_list and boot_tty to the config struct to keep track of
available console interfaces and the default console to set as primary
respectively.
Also add a tty field to the boot_command struct so that the current
console can be sent to the discover server during a manual boot command.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Depending on the configuration of the DHCP server and the network, tftp
requests made by the pxe parser can timeout. The pxe parser makes these
requests synchronously so several timeouts can block the server
completely for several minutes, leaving the server unresponsive to UI
requests.
Rework the pxe parser such that it handles the result of each tftp
request in a callback, which can complete after iterate_parsers() has
returned. Each callback is allocated its own conf_context which takes a
talloc reference on the discover_context so that each callback can
commit new boot options after the initial iterate loop has completed.
This also means talloc_unlink must be used instead by the original
parent of the discover_context.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The addition of the "url" field is not reflected in
config_copy_interface() which leaves the pointer uninitialised, causing
a potential segfault later on.
Copy the field from the source config, and use talloc_zero() for the
interface_config struct to prevent this more generally.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Some error paths in flash_setup_buffer() fail to free the flash_info struct
or close the open ffs before they return. Change them to goto the cleanup
code at the end. Separate the cleanup code into separate labels depending
on whether we need to call ffs_close(), arch_flash_close() and
talloc_free().
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
| |
libdevmapper is a hard dependency since snapshots were introduced, so
add an unconditional configure-time check for it.
Also add a check for libflash library and headers if --enable-mtd is
set.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The assert() statement in fold_text() only evaluates in a debug build.
If mbrtowc() encounters an error return the portion of the string that
has been parsed and stop.
This avoids an issue with glibc 2.22 where previous calls to
setlocale() failed and set an unsuitable locale. Since the error was not
caught this resulted in an infinite loop when trying to access the
Language screen.
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
| |
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When queried libflash will return the 'first' flash side (ie. the one
with the lowest TOC address), however we label this the 'Current' side
which is incorrect if the machine has booted from the alternate side.
A future fix will inlcude additional platform logic to determine which
flash side is current; in the interim label the first flash side as
'Primary' instead of 'Current'.
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
On BMC machines the "Get Device ID" and "Get BMC Golden Side Version"
IPMI commands are available. If possible retrieve some interesting
version numbers and display them in the System Information screen.
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
| |
On supported platforms read the VERSION partition on startup and display
the available versions strings in the System Information screen.
This adds a skeleton hostboot.c to support possible additional BMC
platform support.
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add basic libflash support to read the VERSION partition on BMC
machines. This adds a dependency on the libflash shared library from
Skiboot.
The MTD partition is accessed through the libflash helper functions.
Once read into a buffer, the VERSION partition is a simple list of
newline-terminated version strings. Some BMC platforms may have two
'sides' to flash - these are interpreted as the "current" and "other"
sides depending on which one the current Petitboot is running from.
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
| |
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
| |
Fixes Coverity defect #30486
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
| |
|
|
|
|
|
|
| |
If not running on a powerpc platform the bmc_mac pointer remains NULL.
If this is the case set an address of zero when serialising rather
than dereferencing the pointer.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In certain configurations, e.g. automation, we want to use static
networking but load a particular file, automatically and parse it as a
pxelinux config file. Currently, we support something like this for DHCP
based booting, but not static. Add a URL field to the UI for static
configurations and reuse the logic from device_handler_process_url() to
load the specified file.
Signed-off-by: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
| |
Fixes Coverity defects #30485 and #30486
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
| |
Useful for identifying the initial BMC traffic on the network.
Signed-off-by: Jack Miller <jack@codezen.org>
|
| |
|
|
|
|
|
| |
Instead of using 'Optical' in some places and 'CD/DVD' in others, simply
use 'CD/DVD' for all cases.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
| |
Users may want to prioritise USB-attached storage devices differently to
other devices. Detect if a device is USB-attached and add a new device
type to identify it.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
| |
Make the strncols() helper available generally to i18n-concerned code.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
| |
Commit 9781a370 ("Handle mblen return code when n is zero.") in glibc
changes the return value for when the number of bytes ('n') is zero.
Add an extra condition to detect if we've reached the end of the buffer.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
| |
Add a debug-style nvram parameter to disallow the use of device-mapper
snapshots.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
| |
Create a new Petitboot option 'petitboot,write?' that specifies whether
the system is allowed to mount devices read-write. The option can be
toggled by the user in the nc-config screen.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
| |
Move the ipmi_bootdev definition to types.h to support returning
descriptive strings to the system configuration UI.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Move petitboot to a more familiar 'boot-order' based autoboot system.
The discover server now reads multiple values from the petitboot,bootdev
parameter and adds them in order to config->autoboot_opts. Boot priority
is determined by the options' position in the list.
On the client, nc-config now recognises the new boot order, and allows
the user to add, remove, and reorder the devices in the list.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
Add the new autoboot_option struct, and helper functions for working
with device_type enums. device_type_name() returns exact strings as used
by platform code to read/write nvram params, so
device_type_display_name() is added for use in user-visible strings.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, we expose the boot device priorities through an array in
struct config, which will either be the default (network -> disk), or a
single device type specified by the IPMI code.
Rather than hide the implementation details in this array, we'd like to
expose the details of the machine configuration instead. This allows
user visibility of the real boot configuration (for example, if an IPMI
boot preference is set).
This change removes the priority array, and replaces it with the
ipmi_bootdev data (and a persistent flag). We update the
default-conflict-resolution code to reflect the priorities between IPMI
and UUID preferences.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When compiling the fold code with DEBUG defined, we get:
../lib/fold/fold.c: In function 'fold_text':
../lib/fold/fold.c:37:3: error: comparison of unsigned expression >= 0 is always true [-Werror=type-limits]
assert(bytes >= 0);
^
We should be comparing with != (size_t)-1, not >= 0
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
| |
Currently, the fold_text function doesn't understand multibyte strings,
so may break a line in the middle of a multibyte sequence.
This change adds multibyte-awareness to the fold code, and uses proper
width calculations for the contents of the folded string.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
| |
This change adds a debug flag to the config, and groups it under
not-user-modifiable parts of struct config.
This means we no longer need the pb-sysinfo helper, as the last
remaining function (--debug-enabled) can be implemented with pb-config.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With the current testing infrastructure, we don't have a strictly
hierarchical set of dependencies. This causes problems with a recursive
make, and means we have to hack around some of the dependencies.
This change generates a single, top-level makefile from all of the
Makefile.am fragments. We still need the po/ directory as a separate
SUBDIR, but all others can be converted to non-recursive.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Safe mode configures the discover server to not start any device
parsing; this can be used to diagnose any problems with early device
handing.
In safe mode, we don't initialise any of the device sources - udev,
network and user events are disabled.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
| |
If a default device is set, we only allow booting from that device.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
| |
We'd like to specify a way to only boot from a specific block device;
this adds a field to the configuration to hold the value.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We need a couple of automake options to prevent errors when regenerating
Makefile.ins during source preparation.
Some makefiles assume GNU make, so add 'foreign' where necessary. Also,
we are building objects in subdirectories, so we need 'subdir-objects'.
Modified to suit recent petitboot by Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Jeff Bailey <jeffbailey@google.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Commit aa530148 introduced a priority member to struct boot_priority,
but didn't update the protocol deserialise function to properly decode
config messages. This meant we were leaving half of the struct
uninitialised, and getting invalid values in the initialised part.
This change updates the config deserialise function to do proper
handling for boot priority data.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, we need to compile with -DDEBUG to implement debug-level
logging in the UIs and discover server.
Since we may not be able to easily replace a system's petitboot
binaries, this change introduces a -v|--verbose option to the discver
server and ncurses UI, which enables debug at runtime. We also move some
of the udev debug code out of an #ifdef DEBUG block.
Since petitboot is generally started on boot, we also add a little
infrastructure to pass -v to petitboot on certain system contitions:
either petitboot.debug on the kernel command line, or a petitboot,debug?
NVRAM property containing the value 'true'.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
| |
Now that we can re-initialise the device handler, allow this to be
triggered from UIs over the petitboot protocol.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If our read() of the process stdout pipe fails with EINTR (eg, if we
receive a SIGCHLD because the process exited), then
process_read_stdout_once will return a non-zero exit code, and we'll
abort any further stdout collection.
Instead, we should check for EINTR, and allow the reads to continue.
This change normalises the return value from process_read_stdout_once to
return positive on success, negative on failure, and zero on competion.
We use a positive return value for the non-error EINTR case.
Also, add a pb_log if the read fails for non-EINTR reasons.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
| |
|
|
|
|
|
| |
We want to fold help text into the ncurses UI, so add a little module to
split text into lines.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
