Message ID | 20200430230128.2242469-1-maurosr@linux.vnet.ibm.com |
---|---|
State | Accepted |
Headers | show |
Series | libstb: Don't exit trustedboot services multiple times | expand |
Context | Check | Description |
---|---|---|
snowpatch_ozlabs/apply_patch | success | Successfully applied on branch master (0f1937ef40fca0c3212a9dff1010b832a24fb063) |
snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot | success | Test snowpatch/job/snowpatch-skiboot on branch master |
snowpatch_ozlabs/snowpatch_job_snowpatch-skiboot-dco | success | Signed-off-by present |
On Fri, May 1, 2020 at 9:02 AM Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com> wrote: > > For the very specific scenario when the fast-reboot is used, we see > multiple error messages regarding the trusteboot measurements not being > done. > > The way fast-reboot works is performing just fundamental operations, like > PCI initialization, to get skiboot into good shape to boot kernel, and > later the host's Kernel. That means fast-reboot contains data structures > filled since last full reboot. > > In this process trustedboot is not re-initialized when, but it still tries > to perform the STB measurements and event logging done in > trustedboot_exit_services, showing multiple failure messages. > > This patch avoids that situation by returning earlier and logging that > trustedboot already exited. > > If eventually something changes and trustedboot gets re-initialized during > fast-reboot this patch also set boot_services_exited to false after every > initialization so we always exit trustedboot whenever it get initialized. > > Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com> Thanks merged as 59314f312278548f2ec9f9a34ec11a67e470ab24
diff --git libstb/trustedboot.c libstb/trustedboot.c index 413862e639..b1f86cc709 100644 --- libstb/trustedboot.c +++ libstb/trustedboot.c @@ -116,6 +116,7 @@ void trustedboot_init(void) tpm_init(); trusted_init = true; + boot_services_exited = false; } int trustedboot_exit_boot_services(void) @@ -124,11 +125,15 @@ int trustedboot_exit_boot_services(void) int rc = 0; bool failed = false; - boot_services_exited = true; - if (!trusted_mode) goto out_free; + if (boot_services_exited) { + prlog(PR_WARNING, "Trusted boot services exited before.\n"); + goto out_free; + } + + boot_services_exited = true; #ifdef STB_DEBUG prlog(PR_NOTICE, "ev_separator.event: %s\n", ev_separator.event); prlog(PR_NOTICE, "ev_separator.sha1:\n");
For the very specific scenario when the fast-reboot is used, we see multiple error messages regarding the trusteboot measurements not being done. The way fast-reboot works is performing just fundamental operations, like PCI initialization, to get skiboot into good shape to boot kernel, and later the host's Kernel. That means fast-reboot contains data structures filled since last full reboot. In this process trustedboot is not re-initialized when, but it still tries to perform the STB measurements and event logging done in trustedboot_exit_services, showing multiple failure messages. This patch avoids that situation by returning earlier and logging that trustedboot already exited. If eventually something changes and trustedboot gets re-initialized during fast-reboot this patch also set boot_services_exited to false after every initialization so we always exit trustedboot whenever it get initialized. Signed-off-by: Mauro S. M. Rodrigues <maurosr@linux.vnet.ibm.com> --- libstb/trustedboot.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)