| .. _skiboot-5.4.0-rc2: |
| |
| ================= |
| skiboot-5.4.0-rc2 |
| ================= |
| |
| skiboot-5.4.0-rc2 was released on Wednesday October 26th 2016. It is the |
| second release candidate of skiboot 5.4, which will become the new stable |
| release of skiboot following the 5.3 release, first released August 2nd 2016. |
| |
| skiboot-5.4.0-rc2 contains all bug fixes as of :ref:`skiboot-5.3.7` |
| and :ref:`skiboot-5.1.18` (the currently maintained stable releases). |
| |
| For how the skiboot stable releases work, see :ref:`stable-rules` for details. |
| |
| Since this is a release candidate, it should *NOT* be put into production. |
| |
| The current plan is to release a new release candidate every week until we |
| feel good about it. The aim is for skiboot-5.4.x to be in op-build v1.13, which |
| is due by November 23rd 2016. |
| |
| Over :ref:`skiboot-5.4.0-rc1`, we have a few changes: |
| |
| Secure and Trusted Boot |
| ======================= |
| |
| skiboot 5.4.0-rc2 improves upon the progress towards Secure and Trusted Boot |
| in rc1. It is important to note that this is *not* a complete, end-to-end |
| secure/trusted boot implementation. |
| |
| With the current code, it is now possible to verify and measure resources |
| loaded from PNOR by skiboot (namely the CAPP and BOOTKERNEL partitions). |
| |
| Note that this functionality is currently *only* available on systems that |
| use the libflash backend. It is *NOT* enabled on IBM FSP based systems. |
| There is some support for some simulators though. |
| |
| - libstb/stb.c: ignore the secure mode flag unless forced in NVRAM |
| |
| For this stage in Trusted Boot development, we are wishing to not |
| force Secure Mode through the whole firmware boot process, but we |
| are wanting to be able to test it (classic chicken and egg problem with |
| build infrastructure). |
| |
| We disabled secure mode if the secure-enabled devtree property is |
| read from the device tree *IF* we aren't overriding it through NVRAM. |
| Seeing as we can only increase (not decrease) what we're checking through |
| the NVRAM variable, it is safe. |
| |
| The NVRAM setting is force-secure-mode=true in the ibm,skiboot partition. |
| |
| However, if you want to force secure mode even if Hostboot has *not* set |
| the secure-enabled proprety in the device tree, set force-secure-mode |
| to "always". |
| |
| There is also a force-trusted-mode NVRAM setting to force trusted mode |
| even if Hostboot has not enabled it int the device tree. |
| |
| To indicate to Linux that we haven't gone through the whole firmware |
| process in secure mode, we replace the 'secure-enabled' property with |
| 'partial-secure-enabled', to indicate that only part of the firmware |
| boot process has gone through secure mode. |
| |
| |
| Command line arguments to BOOTKERNEL |
| ==================================== |
| |
| - core/init.c: Fix bootargs parsing |
| |
| Currently the bootargs are unconditionally deleted, which causes |
| a bug where the bootargs passed in by the device tree are lost. |
| |
| This patch deletes bootargs only if it needs to be replaced by the NVRAM |
| entry. |
| |
| This patch also removes KERNEL_COMMAND_LINE config option in favour of |
| using the NVRAM or a device tree. |
| |
| pflash utility |
| ============== |
| |
| - external/pflash: Make MTD accesses the default |
| |
| Now that BMC and host kernel mtd drivers exist and have matured we |
| should use them by default. |
| |
| This is especially important since we seem to be telling everyone to use |
| pflash (pflash world domination plans are continuing on schedule). |
| - external/pflash: Catch incompatible combination of flags |
| - external/common: arm: Don't error trying to wrprotect with MTD access |
| - libflash/libffs: Use blocklevel_smart_write() when updating partitions |
| |
| Other changes |
| ============= |
| - extract-gcov: build with -m64 if compiler supports it. |
| |
| Fixes build break on 32bit ppc64 (e.g. PowerMac G5, where user space |
| is mostly 32bit). |
| |
| Fast Reset |
| ========== |
| |
| - fast-reset: disable fast reboot in event of platform error |
| |
| Most of the time, if we're rebooting due to a platform error, we should |
| trigger a checkstop. However, if we haven't been told what we should do |
| to trigger a checkstop (e.g. on an FSP machine), then we should still |
| fail to fast-reboot. |
| |
| So, disable fast-reboot in the OPAL_CEC_REBOOT2 code path |
| for OPAL_REBOOT_PLATFORM_ERROR reboot type. |
| - fast-reboot: disable on FSP code update or unrecoverable HMI |
| - fast-reboot: abort fast reboot if CAPP attached |
| |
| If a PHB is in CAPI mode, we cannot safely fast reboot - the PHB will be |
| fenced during the reboot resulting in major problems when we load the new |
| kernel. |
| |
| In order to handle this safely, we need to disable CAPI mode before |
| resetting PHBs during the fast reboot. However, we don't currently support |
| this. |
| |
| In the meantime, when fast rebooting, check if there are any PHBs with a |
| CAPP attached, and if so, abort the fast reboot and revert to a normal |
| reboot instead. |
| |
| OpenPOWER Platforms |
| =================== |
| |
| For all hardware platforms that aren't IBM FSP machines: |
| |
| - Revert "flash: Move flash node under ibm,opal/flash/" |
| |
| This reverts commit e1e6d009860d0ef60f9daf7a0fbe15f869516bd0. |
| |
| Breaks DT enough that it makes people cranky, reverting for now. |
| This could break access to flash with existing kernels in POWER9 simulators |
| |
| - flash: rework flash_load_resource to correctly read FFS/STB |
| |
| This fixes the previous reverts of loading the CAPP partition with |
| STB headers (which broke CAPP partitions without STB headers). |
| |
| The new logic fixes both CAPP partition loading with STB headers *and* |
| addresses a long standing bug due to differing interpretations of FFS. |
| |
| The f_part utility that *constructs* PNOR files just sets actualSize=totalSize |
| no matter on what the size of the partition is. Prior to this patch, |
| skiboot would always load actualSize, leading to longer than needed IPL. |
| |
| The pflash utility updates actualSize, so no developer has really ever |
| noticed this, apart from maybe an inkling that it's odd that a freshly |
| baked PNOR from op-build takes ever so slightly longer to boot than one |
| that has had individual partitions pflashed in. |
| |
| With this patch, we now compute actualSize. For partitions with a STB |
| header, we take the payload size from the STB header. For partitions |
| that don't have a STB header, we compute the size either by parsing |
| the ELF header or by looking at the subpartition header and computing it. |
| |
| We now need to read the entire partition for partitions with subpartitions |
| so that we pass consistent values to be measured as part of Trusted Boot. |
| |
| As of this patch, the actualSize field in FFS is *not* relied on for |
| partition size, we determine it from the content of the partition. |
| |
| However, this patch *will* break loading of partitions that are not ELF |
| and do not contain subpartitions. Luckily, nothing in-tree makes use of |
| that. |
| |
| PCI |
| === |
| - pci: Check power state before powering off slot |
| |
| Prevents the erroneous "Error -1 powering off slot" error message. |
| |
| Contributors |
| ============ |
| Since :ref:`skiboot-5.4.0-rc1`, we have 23 csets from 8 developers. |
| |
| A total of 876 lines added, 621 removed (delta 255) |
| |
| Developers with the most changesets |
| |
| ============================ = ======= |
| Developer # % |
| ============================ = ======= |
| Stewart Smith 7 (30.4%) |
| Cyril Bur 5 (21.7%) |
| Mukesh Ojha 3 (13.0%) |
| Gavin Shan 3 (13.0%) |
| Claudio Carvalho 2 (8.7%) |
| Chris Smart 1 (4.3%) |
| Andrew Donnellan 1 (4.3%) |
| Nageswara R Sastry 1 (4.3%) |
| ============================ = ======= |
| |
| Developers with the most changed lines |
| |
| ========================== === ======= |
| Developer # % |
| ========================== === ======= |
| Stewart Smith 424 (45.7%) |
| Mukesh Ojha 204 (22.0%) |
| Gavin Shan 173 (18.6%) |
| Cyril Bur 69 (7.4%) |
| Claudio Carvalho 35 (3.8%) |
| Andrew Donnellan 13 (1.4%) |
| Chris Smart 8 (0.9%) |
| Nageswara R Sastry 2 (0.2%) |
| ========================== === ======= |
| |
| Developers with the most lines removed |
| |
| ============================ = ======= |
| Developer # % |
| ============================ = ======= |
| Gavin Shan 9 (1.4%) |
| Chris Smart 4 (0.6%) |
| ============================ = ======= |
| |
| Developers with the most signoffs (total 16) |
| |
| =========================== == ======== |
| Developer # % |
| =========================== == ======== |
| Stewart Smith 16 (100.0%) |
| =========================== == ======== |
| |
| Developers with the most reviews (total 4) |
| |
| ============================ = ======= |
| Developer # % |
| ============================ = ======= |
| Vasant Hegde 2 (50.0%) |
| Andrew Donnellan 2 (50.0%) |
| ============================ = ======= |
| |
| Developers with the most test credits (total 1) |
| |
| ============================ = ======= |
| Developer # % |
| ============================ = ======= |
| Pridhiviraj Paidipeddi 1 (100.0%) |
| ============================ = ======= |
| |
| Developers who gave the most tested-by credits (total 1) |
| |
| ============================ = ======= |
| Developer # % |
| ============================ = ======= |
| Gavin Shan 1 (100.0%) |
| ============================ = ======= |
| |
| Developers with the most report credits (total 3) |
| |
| ============================ = ======= |
| Developer # % |
| ============================ = ======= |
| Pridhiviraj Paidipeddi 1 (33.3%) |
| Andrei Warkenti 1 (33.3%) |
| Michael Neuling 1 (33.3%) |
| ============================ = ======= |
| |
| Developers who gave the most report credits (total 3) |
| |
| ============================ = ======= |
| Developer # % |
| ============================ = ======= |
| Stewart Smith 2 (66.7%) |
| Gavin Shan 1 (33.3%) |
| ============================ = ======= |