|
| 1 | +================= |
| 2 | +skiboot-5.4.0-rc2 |
| 3 | +================= |
| 4 | + |
| 5 | +skiboot-5.4.0-rc2 was released on Wednesday October 26th 2016. It is the |
| 6 | +second release candidate of skiboot 5.4, which will become the new stable |
| 7 | +release of skiboot following the 5.3 release, first released August 2nd 2016. |
| 8 | + |
| 9 | +skiboot-5.4.0-rc2 contains all bug fixes as of :ref:`skiboot-5.3.7` |
| 10 | +and :ref:`skiboot-5.1.18` (the currently maintained stable releases). |
| 11 | + |
| 12 | +For how the skiboot stable releases work, see :ref:`stable-rules` for details. |
| 13 | + |
| 14 | +Since this is a release candidate, it should *NOT* be put into production. |
| 15 | + |
| 16 | +The current plan is to release a new release candidate every week until we |
| 17 | +feel good about it. The aim is for skiboot-5.4.x to be in op-build v1.13, which |
| 18 | +is due by November 23rd 2016. |
| 19 | + |
| 20 | +Over :ref:`skiboot-5.4.0-rc1`, we have a few changes: |
| 21 | + |
| 22 | +Secure and Trusted Boot |
| 23 | +======================= |
| 24 | + |
| 25 | +skiboot 5.4.0-rc2 improves upon the progress towards Secure and Trusted Boot |
| 26 | +in rc1. It is important to note that this is *not* a complete, end-to-end |
| 27 | +secure/trusted boot implementation. |
| 28 | + |
| 29 | +With the current code, it is now possible to verify and measure resources |
| 30 | +loaded from PNOR by skiboot (namely the CAPP and BOOTKERNEL partitions). |
| 31 | + |
| 32 | +Note that this functionality is currently *only* available on systems that |
| 33 | +use the libflash backend. It is *NOT* enabled on IBM FSP based systems. |
| 34 | +There is some support for some simulators though. |
| 35 | + |
| 36 | +- libstb/stb.c: ignore the secure mode flag unless forced in NVRAM |
| 37 | + |
| 38 | + For this stage in Trusted Boot development, we are wishing to not |
| 39 | + force Secure Mode through the whole firmware boot process, but we |
| 40 | + are wanting to be able to test it (classic chicken and egg problem with |
| 41 | + build infrastructure). |
| 42 | + |
| 43 | + We disabled secure mode if the secure-enabled devtree property is |
| 44 | + read from the device tree *IF* we aren't overriding it through NVRAM. |
| 45 | + Seeing as we can only increase (not decrease) what we're checking through |
| 46 | + the NVRAM variable, it is safe. |
| 47 | + |
| 48 | + The NVRAM setting is force-secure-mode=true in the ibm,skiboot partition. |
| 49 | + |
| 50 | + However, if you want to force secure mode even if Hostboot has *not* set |
| 51 | + the secure-enabled proprety in the device tree, set force-secure-mode |
| 52 | + to "always". |
| 53 | + |
| 54 | + There is also a force-trusted-mode NVRAM setting to force trusted mode |
| 55 | + even if Hostboot has not enabled it int the device tree. |
| 56 | + |
| 57 | + To indicate to Linux that we haven't gone through the whole firmware |
| 58 | + process in secure mode, we replace the 'secure-enabled' property with |
| 59 | + 'partial-secure-enabled', to indicate that only part of the firmware |
| 60 | + boot process has gone through secure mode. |
| 61 | + |
| 62 | + |
| 63 | +Command line arguments to BOOTKERNEL |
| 64 | +==================================== |
| 65 | + |
| 66 | +- core/init.c: Fix bootargs parsing |
| 67 | + |
| 68 | + Currently the bootargs are unconditionally deleted, which causes |
| 69 | + a bug where the bootargs passed in by the device tree are lost. |
| 70 | + |
| 71 | + This patch deletes bootargs only if it needs to be replaced by the NVRAM |
| 72 | + entry. |
| 73 | + |
| 74 | + This patch also removes KERNEL_COMMAND_LINE config option in favour of |
| 75 | + using the NVRAM or a device tree. |
| 76 | + |
| 77 | +pflash utility |
| 78 | +============== |
| 79 | + |
| 80 | +- external/pflash: Make MTD accesses the default |
| 81 | + |
| 82 | + Now that BMC and host kernel mtd drivers exist and have matured we |
| 83 | + should use them by default. |
| 84 | + |
| 85 | + This is especially important since we seem to be telling everyone to use |
| 86 | + pflash (pflash world domination plans are continuing on schedule). |
| 87 | +- external/pflash: Catch incompatible combination of flags |
| 88 | +- external/common: arm: Don't error trying to wrprotect with MTD access |
| 89 | +- libflash/libffs: Use blocklevel_smart_write() when updating partitions |
| 90 | + |
| 91 | +Other changes |
| 92 | +============= |
| 93 | +- extract-gcov: build with -m64 if compiler supports it. |
| 94 | + |
| 95 | + Fixes build break on 32bit ppc64 (e.g. PowerMac G5, where user space |
| 96 | + is mostly 32bit). |
| 97 | + |
| 98 | +Fast Reset |
| 99 | +========== |
| 100 | + |
| 101 | +- fast-reset: disable fast reboot in event of platform error |
| 102 | + |
| 103 | + Most of the time, if we're rebooting due to a platform error, we should |
| 104 | + trigger a checkstop. However, if we haven't been told what we should do |
| 105 | + to trigger a checkstop (e.g. on an FSP machine), then we should still |
| 106 | + fail to fast-reboot. |
| 107 | + |
| 108 | + So, disable fast-reboot in the OPAL_CEC_REBOOT2 code path |
| 109 | + for OPAL_REBOOT_PLATFORM_ERROR reboot type. |
| 110 | +- fast-reboot: disable on FSP code update or unrecoverable HMI |
| 111 | +- fast-reboot: abort fast reboot if CAPP attached |
| 112 | + |
| 113 | + If a PHB is in CAPI mode, we cannot safely fast reboot - the PHB will be |
| 114 | + fenced during the reboot resulting in major problems when we load the new |
| 115 | + kernel. |
| 116 | + |
| 117 | + In order to handle this safely, we need to disable CAPI mode before |
| 118 | + resetting PHBs during the fast reboot. However, we don't currently support |
| 119 | + this. |
| 120 | + |
| 121 | + In the meantime, when fast rebooting, check if there are any PHBs with a |
| 122 | + CAPP attached, and if so, abort the fast reboot and revert to a normal |
| 123 | + reboot instead. |
| 124 | + |
| 125 | +OpenPOWER Platforms |
| 126 | +=================== |
| 127 | + |
| 128 | +For all hardware platforms that aren't IBM FSP machines: |
| 129 | + |
| 130 | +- Revert "flash: Move flash node under ibm,opal/flash/" |
| 131 | + |
| 132 | + This reverts commit e1e6d009860d0ef60f9daf7a0fbe15f869516bd0. |
| 133 | + |
| 134 | + Breaks DT enough that it makes people cranky, reverting for now. |
| 135 | + This could break access to flash with existing kernels in POWER9 simulators |
| 136 | + |
| 137 | +- flash: rework flash_load_resource to correctly read FFS/STB |
| 138 | + |
| 139 | + This fixes the previous reverts of loading the CAPP partition with |
| 140 | + STB headers (which broke CAPP partitions without STB headers). |
| 141 | + |
| 142 | + The new logic fixes both CAPP partition loading with STB headers *and* |
| 143 | + addresses a long standing bug due to differing interpretations of FFS. |
| 144 | + |
| 145 | + The f_part utility that *constructs* PNOR files just sets actualSize=totalSize |
| 146 | + no matter on what the size of the partition is. Prior to this patch, |
| 147 | + skiboot would always load actualSize, leading to longer than needed IPL. |
| 148 | + |
| 149 | + The pflash utility updates actualSize, so no developer has really ever |
| 150 | + noticed this, apart from maybe an inkling that it's odd that a freshly |
| 151 | + baked PNOR from op-build takes ever so slightly longer to boot than one |
| 152 | + that has had individual partitions pflashed in. |
| 153 | + |
| 154 | + With this patch, we now compute actualSize. For partitions with a STB |
| 155 | + header, we take the payload size from the STB header. For partitions |
| 156 | + that don't have a STB header, we compute the size either by parsing |
| 157 | + the ELF header or by looking at the subpartition header and computing it. |
| 158 | + |
| 159 | + We now need to read the entire partition for partitions with subpartitions |
| 160 | + so that we pass consistent values to be measured as part of Trusted Boot. |
| 161 | + |
| 162 | + As of this patch, the actualSize field in FFS is *not* relied on for |
| 163 | + partition size, we determine it from the content of the partition. |
| 164 | + |
| 165 | + However, this patch *will* break loading of partitions that are not ELF |
| 166 | + and do not contain subpartitions. Luckily, nothing in-tree makes use of |
| 167 | + that. |
| 168 | + |
| 169 | +PCI |
| 170 | +=== |
| 171 | +- pci: Check power state before powering off slot |
| 172 | + |
| 173 | + Prevents the erroneous "Error -1 powering off slot" error message. |
| 174 | + |
| 175 | +Contributors |
| 176 | +============ |
| 177 | +Since :ref:`skiboot-5.4.0-rc1`, we have 23 csets from 8 developers. |
| 178 | + |
| 179 | +A total of 876 lines added, 621 removed (delta 255) |
| 180 | + |
| 181 | +Developers with the most changesets |
| 182 | + |
| 183 | +============================ = ======= |
| 184 | +Developer # % |
| 185 | +============================ = ======= |
| 186 | +Stewart Smith 7 (30.4%) |
| 187 | +Cyril Bur 5 (21.7%) |
| 188 | +Mukesh Ojha 3 (13.0%) |
| 189 | +Gavin Shan 3 (13.0%) |
| 190 | +Claudio Carvalho 2 (8.7%) |
| 191 | +Chris Smart 1 (4.3%) |
| 192 | +Andrew Donnellan 1 (4.3%) |
| 193 | +Nageswara R Sastry 1 (4.3%) |
| 194 | +============================ = ======= |
| 195 | + |
| 196 | +Developers with the most changed lines |
| 197 | + |
| 198 | +========================== === ======= |
| 199 | +Developer # % |
| 200 | +========================== === ======= |
| 201 | +Stewart Smith 424 (45.7%) |
| 202 | +Mukesh Ojha 204 (22.0%) |
| 203 | +Gavin Shan 173 (18.6%) |
| 204 | +Cyril Bur 69 (7.4%) |
| 205 | +Claudio Carvalho 35 (3.8%) |
| 206 | +Andrew Donnellan 13 (1.4%) |
| 207 | +Chris Smart 8 (0.9%) |
| 208 | +Nageswara R Sastry 2 (0.2%) |
| 209 | +========================== === ======= |
| 210 | + |
| 211 | +Developers with the most lines removed |
| 212 | + |
| 213 | +============================ = ======= |
| 214 | +Developer # % |
| 215 | +============================ = ======= |
| 216 | +Gavin Shan 9 (1.4%) |
| 217 | +Chris Smart 4 (0.6%) |
| 218 | +============================ = ======= |
| 219 | + |
| 220 | +Developers with the most signoffs (total 16) |
| 221 | + |
| 222 | +============================ = ======= |
| 223 | +Developer # % |
| 224 | +============================ = ======= |
| 225 | +Stewart Smith 16 (100.0%) |
| 226 | +============================ = ======= |
| 227 | + |
| 228 | +Developers with the most reviews (total 4) |
| 229 | + |
| 230 | +============================ = ======= |
| 231 | +Developer # % |
| 232 | +============================ = ======= |
| 233 | +Vasant Hegde 2 (50.0%) |
| 234 | +Andrew Donnellan 2 (50.0%) |
| 235 | +============================ = ======= |
| 236 | + |
| 237 | +Developers with the most test credits (total 1) |
| 238 | + |
| 239 | +============================ = ======= |
| 240 | +Developer # % |
| 241 | +============================ = ======= |
| 242 | +Pridhiviraj Paidipeddi 1 (100.0%) |
| 243 | +============================ = ======= |
| 244 | + |
| 245 | +Developers who gave the most tested-by credits (total 1) |
| 246 | + |
| 247 | +============================ = ======= |
| 248 | +Developer # % |
| 249 | +============================ = ======= |
| 250 | +Gavin Shan 1 (100.0%) |
| 251 | +============================ = ======= |
| 252 | + |
| 253 | +Developers with the most report credits (total 3) |
| 254 | + |
| 255 | +============================ = ======= |
| 256 | +Developer # % |
| 257 | +============================ = ======= |
| 258 | +Pridhiviraj Paidipeddi 1 (33.3%) |
| 259 | +Andrei Warkenti 1 (33.3%) |
| 260 | +Michael Neuling 1 (33.3%) |
| 261 | +============================ = ======= |
| 262 | + |
| 263 | +Developers who gave the most report credits (total 3) |
| 264 | + |
| 265 | +============================ = ======= |
| 266 | +Developer # % |
| 267 | +============================ = ======= |
| 268 | +Stewart Smith 2 (66.7%) |
| 269 | +Gavin Shan 1 (33.3%) |
| 270 | +============================ = ======= |
0 commit comments