Skip to content

Commit

Permalink
skiboot 5.4.0-rc2 release notes
Browse files Browse the repository at this point in the history
Signed-off-by: Stewart Smith <[email protected]>
  • Loading branch information
stewartsmith committed Oct 26, 2016
1 parent 253a158 commit f240c68
Showing 1 changed file with 270 additions and 0 deletions.
270 changes: 270 additions & 0 deletions doc/release-notes/skiboot-5.4.0-rc2.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,270 @@
=================
skiboot-5.4.0-rc2
=================

skiboot-5.4.0-rc2 was released on Wednesday October 26th 2016. It is the
second release candidate of skiboot 5.4, which will become the new stable
release of skiboot following the 5.3 release, first released August 2nd 2016.

skiboot-5.4.0-rc2 contains all bug fixes as of :ref:`skiboot-5.3.7`
and :ref:`skiboot-5.1.18` (the currently maintained stable releases).

For how the skiboot stable releases work, see :ref:`stable-rules` for details.

Since this is a release candidate, it should *NOT* be put into production.

The current plan is to release a new release candidate every week until we
feel good about it. The aim is for skiboot-5.4.x to be in op-build v1.13, which
is due by November 23rd 2016.

Over :ref:`skiboot-5.4.0-rc1`, we have a few changes:

Secure and Trusted Boot
=======================

skiboot 5.4.0-rc2 improves upon the progress towards Secure and Trusted Boot
in rc1. It is important to note that this is *not* a complete, end-to-end
secure/trusted boot implementation.

With the current code, it is now possible to verify and measure resources
loaded from PNOR by skiboot (namely the CAPP and BOOTKERNEL partitions).

Note that this functionality is currently *only* available on systems that
use the libflash backend. It is *NOT* enabled on IBM FSP based systems.
There is some support for some simulators though.

- libstb/stb.c: ignore the secure mode flag unless forced in NVRAM

For this stage in Trusted Boot development, we are wishing to not
force Secure Mode through the whole firmware boot process, but we
are wanting to be able to test it (classic chicken and egg problem with
build infrastructure).

We disabled secure mode if the secure-enabled devtree property is
read from the device tree *IF* we aren't overriding it through NVRAM.
Seeing as we can only increase (not decrease) what we're checking through
the NVRAM variable, it is safe.

The NVRAM setting is force-secure-mode=true in the ibm,skiboot partition.

However, if you want to force secure mode even if Hostboot has *not* set
the secure-enabled proprety in the device tree, set force-secure-mode
to "always".

There is also a force-trusted-mode NVRAM setting to force trusted mode
even if Hostboot has not enabled it int the device tree.

To indicate to Linux that we haven't gone through the whole firmware
process in secure mode, we replace the 'secure-enabled' property with
'partial-secure-enabled', to indicate that only part of the firmware
boot process has gone through secure mode.


Command line arguments to BOOTKERNEL
====================================

- core/init.c: Fix bootargs parsing

Currently the bootargs are unconditionally deleted, which causes
a bug where the bootargs passed in by the device tree are lost.

This patch deletes bootargs only if it needs to be replaced by the NVRAM
entry.

This patch also removes KERNEL_COMMAND_LINE config option in favour of
using the NVRAM or a device tree.

pflash utility
==============

- external/pflash: Make MTD accesses the default

Now that BMC and host kernel mtd drivers exist and have matured we
should use them by default.

This is especially important since we seem to be telling everyone to use
pflash (pflash world domination plans are continuing on schedule).
- external/pflash: Catch incompatible combination of flags
- external/common: arm: Don't error trying to wrprotect with MTD access
- libflash/libffs: Use blocklevel_smart_write() when updating partitions

Other changes
=============
- extract-gcov: build with -m64 if compiler supports it.

Fixes build break on 32bit ppc64 (e.g. PowerMac G5, where user space
is mostly 32bit).

Fast Reset
==========

- fast-reset: disable fast reboot in event of platform error

Most of the time, if we're rebooting due to a platform error, we should
trigger a checkstop. However, if we haven't been told what we should do
to trigger a checkstop (e.g. on an FSP machine), then we should still
fail to fast-reboot.

So, disable fast-reboot in the OPAL_CEC_REBOOT2 code path
for OPAL_REBOOT_PLATFORM_ERROR reboot type.
- fast-reboot: disable on FSP code update or unrecoverable HMI
- fast-reboot: abort fast reboot if CAPP attached

If a PHB is in CAPI mode, we cannot safely fast reboot - the PHB will be
fenced during the reboot resulting in major problems when we load the new
kernel.

In order to handle this safely, we need to disable CAPI mode before
resetting PHBs during the fast reboot. However, we don't currently support
this.

In the meantime, when fast rebooting, check if there are any PHBs with a
CAPP attached, and if so, abort the fast reboot and revert to a normal
reboot instead.

OpenPOWER Platforms
===================

For all hardware platforms that aren't IBM FSP machines:

- Revert "flash: Move flash node under ibm,opal/flash/"

This reverts commit e1e6d009860d0ef60f9daf7a0fbe15f869516bd0.

Breaks DT enough that it makes people cranky, reverting for now.
This could break access to flash with existing kernels in POWER9 simulators

- flash: rework flash_load_resource to correctly read FFS/STB

This fixes the previous reverts of loading the CAPP partition with
STB headers (which broke CAPP partitions without STB headers).

The new logic fixes both CAPP partition loading with STB headers *and*
addresses a long standing bug due to differing interpretations of FFS.

The f_part utility that *constructs* PNOR files just sets actualSize=totalSize
no matter on what the size of the partition is. Prior to this patch,
skiboot would always load actualSize, leading to longer than needed IPL.

The pflash utility updates actualSize, so no developer has really ever
noticed this, apart from maybe an inkling that it's odd that a freshly
baked PNOR from op-build takes ever so slightly longer to boot than one
that has had individual partitions pflashed in.

With this patch, we now compute actualSize. For partitions with a STB
header, we take the payload size from the STB header. For partitions
that don't have a STB header, we compute the size either by parsing
the ELF header or by looking at the subpartition header and computing it.

We now need to read the entire partition for partitions with subpartitions
so that we pass consistent values to be measured as part of Trusted Boot.

As of this patch, the actualSize field in FFS is *not* relied on for
partition size, we determine it from the content of the partition.

However, this patch *will* break loading of partitions that are not ELF
and do not contain subpartitions. Luckily, nothing in-tree makes use of
that.

PCI
===
- pci: Check power state before powering off slot

Prevents the erroneous "Error -1 powering off slot" error message.

Contributors
============
Since :ref:`skiboot-5.4.0-rc1`, we have 23 csets from 8 developers.

A total of 876 lines added, 621 removed (delta 255)

Developers with the most changesets

============================ = =======
Developer # %
============================ = =======
Stewart Smith 7 (30.4%)
Cyril Bur 5 (21.7%)
Mukesh Ojha 3 (13.0%)
Gavin Shan 3 (13.0%)
Claudio Carvalho 2 (8.7%)
Chris Smart 1 (4.3%)
Andrew Donnellan 1 (4.3%)
Nageswara R Sastry 1 (4.3%)
============================ = =======

Developers with the most changed lines

========================== === =======
Developer # %
========================== === =======
Stewart Smith 424 (45.7%)
Mukesh Ojha 204 (22.0%)
Gavin Shan 173 (18.6%)
Cyril Bur 69 (7.4%)
Claudio Carvalho 35 (3.8%)
Andrew Donnellan 13 (1.4%)
Chris Smart 8 (0.9%)
Nageswara R Sastry 2 (0.2%)
========================== === =======

Developers with the most lines removed

============================ = =======
Developer # %
============================ = =======
Gavin Shan 9 (1.4%)
Chris Smart 4 (0.6%)
============================ = =======

Developers with the most signoffs (total 16)

============================ = =======
Developer # %
============================ = =======
Stewart Smith 16 (100.0%)
============================ = =======

Developers with the most reviews (total 4)

============================ = =======
Developer # %
============================ = =======
Vasant Hegde 2 (50.0%)
Andrew Donnellan 2 (50.0%)
============================ = =======

Developers with the most test credits (total 1)

============================ = =======
Developer # %
============================ = =======
Pridhiviraj Paidipeddi 1 (100.0%)
============================ = =======

Developers who gave the most tested-by credits (total 1)

============================ = =======
Developer # %
============================ = =======
Gavin Shan 1 (100.0%)
============================ = =======

Developers with the most report credits (total 3)

============================ = =======
Developer # %
============================ = =======
Pridhiviraj Paidipeddi 1 (33.3%)
Andrei Warkenti 1 (33.3%)
Michael Neuling 1 (33.3%)
============================ = =======

Developers who gave the most report credits (total 3)

============================ = =======
Developer # %
============================ = =======
Stewart Smith 2 (66.7%)
Gavin Shan 1 (33.3%)
============================ = =======

0 comments on commit f240c68

Please sign in to comment.