-
Notifications
You must be signed in to change notification settings - Fork 134
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Stewart Smith <[email protected]>
- Loading branch information
1 parent
253a158
commit f240c68
Showing
1 changed file
with
270 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,270 @@ | ||
================= | ||
skiboot-5.4.0-rc2 | ||
================= | ||
|
||
skiboot-5.4.0-rc2 was released on Wednesday October 26th 2016. It is the | ||
second release candidate of skiboot 5.4, which will become the new stable | ||
release of skiboot following the 5.3 release, first released August 2nd 2016. | ||
|
||
skiboot-5.4.0-rc2 contains all bug fixes as of :ref:`skiboot-5.3.7` | ||
and :ref:`skiboot-5.1.18` (the currently maintained stable releases). | ||
|
||
For how the skiboot stable releases work, see :ref:`stable-rules` for details. | ||
|
||
Since this is a release candidate, it should *NOT* be put into production. | ||
|
||
The current plan is to release a new release candidate every week until we | ||
feel good about it. The aim is for skiboot-5.4.x to be in op-build v1.13, which | ||
is due by November 23rd 2016. | ||
|
||
Over :ref:`skiboot-5.4.0-rc1`, we have a few changes: | ||
|
||
Secure and Trusted Boot | ||
======================= | ||
|
||
skiboot 5.4.0-rc2 improves upon the progress towards Secure and Trusted Boot | ||
in rc1. It is important to note that this is *not* a complete, end-to-end | ||
secure/trusted boot implementation. | ||
|
||
With the current code, it is now possible to verify and measure resources | ||
loaded from PNOR by skiboot (namely the CAPP and BOOTKERNEL partitions). | ||
|
||
Note that this functionality is currently *only* available on systems that | ||
use the libflash backend. It is *NOT* enabled on IBM FSP based systems. | ||
There is some support for some simulators though. | ||
|
||
- libstb/stb.c: ignore the secure mode flag unless forced in NVRAM | ||
|
||
For this stage in Trusted Boot development, we are wishing to not | ||
force Secure Mode through the whole firmware boot process, but we | ||
are wanting to be able to test it (classic chicken and egg problem with | ||
build infrastructure). | ||
|
||
We disabled secure mode if the secure-enabled devtree property is | ||
read from the device tree *IF* we aren't overriding it through NVRAM. | ||
Seeing as we can only increase (not decrease) what we're checking through | ||
the NVRAM variable, it is safe. | ||
|
||
The NVRAM setting is force-secure-mode=true in the ibm,skiboot partition. | ||
|
||
However, if you want to force secure mode even if Hostboot has *not* set | ||
the secure-enabled proprety in the device tree, set force-secure-mode | ||
to "always". | ||
|
||
There is also a force-trusted-mode NVRAM setting to force trusted mode | ||
even if Hostboot has not enabled it int the device tree. | ||
|
||
To indicate to Linux that we haven't gone through the whole firmware | ||
process in secure mode, we replace the 'secure-enabled' property with | ||
'partial-secure-enabled', to indicate that only part of the firmware | ||
boot process has gone through secure mode. | ||
|
||
|
||
Command line arguments to BOOTKERNEL | ||
==================================== | ||
|
||
- core/init.c: Fix bootargs parsing | ||
|
||
Currently the bootargs are unconditionally deleted, which causes | ||
a bug where the bootargs passed in by the device tree are lost. | ||
|
||
This patch deletes bootargs only if it needs to be replaced by the NVRAM | ||
entry. | ||
|
||
This patch also removes KERNEL_COMMAND_LINE config option in favour of | ||
using the NVRAM or a device tree. | ||
|
||
pflash utility | ||
============== | ||
|
||
- external/pflash: Make MTD accesses the default | ||
|
||
Now that BMC and host kernel mtd drivers exist and have matured we | ||
should use them by default. | ||
|
||
This is especially important since we seem to be telling everyone to use | ||
pflash (pflash world domination plans are continuing on schedule). | ||
- external/pflash: Catch incompatible combination of flags | ||
- external/common: arm: Don't error trying to wrprotect with MTD access | ||
- libflash/libffs: Use blocklevel_smart_write() when updating partitions | ||
|
||
Other changes | ||
============= | ||
- extract-gcov: build with -m64 if compiler supports it. | ||
|
||
Fixes build break on 32bit ppc64 (e.g. PowerMac G5, where user space | ||
is mostly 32bit). | ||
|
||
Fast Reset | ||
========== | ||
|
||
- fast-reset: disable fast reboot in event of platform error | ||
|
||
Most of the time, if we're rebooting due to a platform error, we should | ||
trigger a checkstop. However, if we haven't been told what we should do | ||
to trigger a checkstop (e.g. on an FSP machine), then we should still | ||
fail to fast-reboot. | ||
|
||
So, disable fast-reboot in the OPAL_CEC_REBOOT2 code path | ||
for OPAL_REBOOT_PLATFORM_ERROR reboot type. | ||
- fast-reboot: disable on FSP code update or unrecoverable HMI | ||
- fast-reboot: abort fast reboot if CAPP attached | ||
|
||
If a PHB is in CAPI mode, we cannot safely fast reboot - the PHB will be | ||
fenced during the reboot resulting in major problems when we load the new | ||
kernel. | ||
|
||
In order to handle this safely, we need to disable CAPI mode before | ||
resetting PHBs during the fast reboot. However, we don't currently support | ||
this. | ||
|
||
In the meantime, when fast rebooting, check if there are any PHBs with a | ||
CAPP attached, and if so, abort the fast reboot and revert to a normal | ||
reboot instead. | ||
|
||
OpenPOWER Platforms | ||
=================== | ||
|
||
For all hardware platforms that aren't IBM FSP machines: | ||
|
||
- Revert "flash: Move flash node under ibm,opal/flash/" | ||
|
||
This reverts commit e1e6d009860d0ef60f9daf7a0fbe15f869516bd0. | ||
|
||
Breaks DT enough that it makes people cranky, reverting for now. | ||
This could break access to flash with existing kernels in POWER9 simulators | ||
|
||
- flash: rework flash_load_resource to correctly read FFS/STB | ||
|
||
This fixes the previous reverts of loading the CAPP partition with | ||
STB headers (which broke CAPP partitions without STB headers). | ||
|
||
The new logic fixes both CAPP partition loading with STB headers *and* | ||
addresses a long standing bug due to differing interpretations of FFS. | ||
|
||
The f_part utility that *constructs* PNOR files just sets actualSize=totalSize | ||
no matter on what the size of the partition is. Prior to this patch, | ||
skiboot would always load actualSize, leading to longer than needed IPL. | ||
|
||
The pflash utility updates actualSize, so no developer has really ever | ||
noticed this, apart from maybe an inkling that it's odd that a freshly | ||
baked PNOR from op-build takes ever so slightly longer to boot than one | ||
that has had individual partitions pflashed in. | ||
|
||
With this patch, we now compute actualSize. For partitions with a STB | ||
header, we take the payload size from the STB header. For partitions | ||
that don't have a STB header, we compute the size either by parsing | ||
the ELF header or by looking at the subpartition header and computing it. | ||
|
||
We now need to read the entire partition for partitions with subpartitions | ||
so that we pass consistent values to be measured as part of Trusted Boot. | ||
|
||
As of this patch, the actualSize field in FFS is *not* relied on for | ||
partition size, we determine it from the content of the partition. | ||
|
||
However, this patch *will* break loading of partitions that are not ELF | ||
and do not contain subpartitions. Luckily, nothing in-tree makes use of | ||
that. | ||
|
||
PCI | ||
=== | ||
- pci: Check power state before powering off slot | ||
|
||
Prevents the erroneous "Error -1 powering off slot" error message. | ||
|
||
Contributors | ||
============ | ||
Since :ref:`skiboot-5.4.0-rc1`, we have 23 csets from 8 developers. | ||
|
||
A total of 876 lines added, 621 removed (delta 255) | ||
|
||
Developers with the most changesets | ||
|
||
============================ = ======= | ||
Developer # % | ||
============================ = ======= | ||
Stewart Smith 7 (30.4%) | ||
Cyril Bur 5 (21.7%) | ||
Mukesh Ojha 3 (13.0%) | ||
Gavin Shan 3 (13.0%) | ||
Claudio Carvalho 2 (8.7%) | ||
Chris Smart 1 (4.3%) | ||
Andrew Donnellan 1 (4.3%) | ||
Nageswara R Sastry 1 (4.3%) | ||
============================ = ======= | ||
|
||
Developers with the most changed lines | ||
|
||
========================== === ======= | ||
Developer # % | ||
========================== === ======= | ||
Stewart Smith 424 (45.7%) | ||
Mukesh Ojha 204 (22.0%) | ||
Gavin Shan 173 (18.6%) | ||
Cyril Bur 69 (7.4%) | ||
Claudio Carvalho 35 (3.8%) | ||
Andrew Donnellan 13 (1.4%) | ||
Chris Smart 8 (0.9%) | ||
Nageswara R Sastry 2 (0.2%) | ||
========================== === ======= | ||
|
||
Developers with the most lines removed | ||
|
||
============================ = ======= | ||
Developer # % | ||
============================ = ======= | ||
Gavin Shan 9 (1.4%) | ||
Chris Smart 4 (0.6%) | ||
============================ = ======= | ||
|
||
Developers with the most signoffs (total 16) | ||
|
||
============================ = ======= | ||
Developer # % | ||
============================ = ======= | ||
Stewart Smith 16 (100.0%) | ||
============================ = ======= | ||
|
||
Developers with the most reviews (total 4) | ||
|
||
============================ = ======= | ||
Developer # % | ||
============================ = ======= | ||
Vasant Hegde 2 (50.0%) | ||
Andrew Donnellan 2 (50.0%) | ||
============================ = ======= | ||
|
||
Developers with the most test credits (total 1) | ||
|
||
============================ = ======= | ||
Developer # % | ||
============================ = ======= | ||
Pridhiviraj Paidipeddi 1 (100.0%) | ||
============================ = ======= | ||
|
||
Developers who gave the most tested-by credits (total 1) | ||
|
||
============================ = ======= | ||
Developer # % | ||
============================ = ======= | ||
Gavin Shan 1 (100.0%) | ||
============================ = ======= | ||
|
||
Developers with the most report credits (total 3) | ||
|
||
============================ = ======= | ||
Developer # % | ||
============================ = ======= | ||
Pridhiviraj Paidipeddi 1 (33.3%) | ||
Andrei Warkenti 1 (33.3%) | ||
Michael Neuling 1 (33.3%) | ||
============================ = ======= | ||
|
||
Developers who gave the most report credits (total 3) | ||
|
||
============================ = ======= | ||
Developer # % | ||
============================ = ======= | ||
Stewart Smith 2 (66.7%) | ||
Gavin Shan 1 (33.3%) | ||
============================ = ======= |