From patchwork Mon Sep 23 22:30:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Maxiwell S. Garcia" X-Patchwork-Id: 1166223 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46cfDX5P2dz9s00 for ; Tue, 24 Sep 2019 08:31:08 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 46cfDX4VYmzDqPT for ; Tue, 24 Sep 2019 08:31:08 +1000 (AEST) X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=maxiwell@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 46cfD40R5mzDqHW for ; Tue, 24 Sep 2019 08:30:43 +1000 (AEST) Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x8NMQs1L127932 for ; Mon, 23 Sep 2019 18:30:37 -0400 Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0b-001b2d01.pphosted.com with ESMTP id 2v743wvsjb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 23 Sep 2019 18:30:37 -0400 Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id x8NMUDev026412 for ; Mon, 23 Sep 2019 22:30:36 GMT Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by ppma01wdc.us.ibm.com with ESMTP id 2v5bg6q8m1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 23 Sep 2019 22:30:36 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x8NMUZoB41353530 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 23 Sep 2019 22:30:35 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F099EC6055; Mon, 23 Sep 2019 22:30:34 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D6EDFC6057; Mon, 23 Sep 2019 22:30:33 +0000 (GMT) Received: from maxibm.ibmuc.com (unknown [9.85.133.177]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 23 Sep 2019 22:30:33 +0000 (GMT) From: "Maxiwell S. Garcia" To: petitboot@lists.ozlabs.org Subject: [PATCH v2 1/4] configure: Add libelf as a requirement Date: Mon, 23 Sep 2019 19:30:21 -0300 Message-Id: <20190923223024.995-2-maxiwell@linux.ibm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190923223024.995-1-maxiwell@linux.ibm.com> References: <20190923223024.995-1-maxiwell@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-09-23_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1909230189 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" With this library, petitboot is able to open the ELF binary to check information, like annotation in ELF notes section. Signed-off-by: Maxiwell S. Garcia --- configure.ac | 6 ++++++ discover/Makefile.am | 3 ++- utils/Makefile.am | 3 ++- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 5d541fb..f3382e0 100644 --- a/configure.ac +++ b/configure.ac @@ -66,6 +66,11 @@ AC_CHECK_LIB([udev], [udev_new], [AC_MSG_FAILURE([The libudev development library is required by petitboot. Try installing the package libudev-dev or libudev-devel.])] ) +AC_CHECK_LIB([elf], [elf_begin], + [ELF_LIBS=-lelf], + [AC_MSG_FAILURE([The libelf development library is required by petitboot. Try installing the package libelf-dev or elfutils-libelf-devel.])] +) + PKG_CHECK_EXISTS(libudev >= 218, [old_udev=no], [old_udev=yes]) if test "$old_udev" = "yes" ; then AC_DEFINE(UDEV_LOGGING, 1, [Support old udev logging interface]) @@ -476,6 +481,7 @@ AS_IF( ) AC_SUBST([UDEV_LIBS]) +AC_SUBST([ELF_LIBS]) AC_SUBST([DEVMAPPER_LIBS]) AC_SUBST([CRYPT_LIBS]) AC_SUBST([FDT_LIBS]) diff --git a/discover/Makefile.am b/discover/Makefile.am index bfe33fa..e2d0e93 100644 --- a/discover/Makefile.am +++ b/discover/Makefile.am @@ -58,7 +58,8 @@ discover_pb_discover_LDADD = \ discover/native/native-parser.ro \ discover/platform.ro \ $(core_lib) \ - $(UDEV_LIBS) + $(UDEV_LIBS) \ + $(ELF_LIBS) discover_pb_discover_LDFLAGS = \ $(AM_LDFLAGS) \ diff --git a/utils/Makefile.am b/utils/Makefile.am index a523430..8788150 100644 --- a/utils/Makefile.am +++ b/utils/Makefile.am @@ -18,7 +18,8 @@ dist_pkglibexec_SCRIPTS = utils/pb-console sbin_PROGRAMS += utils/pb-event utils/pb-config utils_pb_config_LDADD = $(top_builddir)/lib/libpbcore.la \ - $(top_builddir)/discover/platform.ro + $(top_builddir)/discover/platform.ro \ + $(ELF_LIBS) utils_hooks_30_dtb_updates_SOURCES = utils/hooks/30-dtb-updates.c utils_hooks_30_dtb_updates_LDADD = $(top_builddir)/lib/libpbcore.la \ From patchwork Mon Sep 23 22:30:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Maxiwell S. Garcia" X-Patchwork-Id: 1166224 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46cfDf6mCJz9sNF for ; Tue, 24 Sep 2019 08:31:14 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 46cfDf5WcYzDqPf for ; Tue, 24 Sep 2019 08:31:14 +1000 (AEST) X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=maxiwell@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 46cfD40Mq2zDqH4 for ; Tue, 24 Sep 2019 08:30:43 +1000 (AEST) Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x8NMQuRE045594 for ; Mon, 23 Sep 2019 18:30:39 -0400 Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com [169.47.144.27]) by mx0a-001b2d01.pphosted.com with ESMTP id 2v76tmg514-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 23 Sep 2019 18:30:39 -0400 Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1]) by ppma05wdc.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id x8NMUDY3020273 for ; Mon, 23 Sep 2019 22:30:38 GMT Received: from b03cxnp07029.gho.boulder.ibm.com (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16]) by ppma05wdc.us.ibm.com with ESMTP id 2v5bg6y903-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 23 Sep 2019 22:30:38 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x8NMUal841615776 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 23 Sep 2019 22:30:36 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C5E1EC605A; Mon, 23 Sep 2019 22:30:36 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 89566C6057; Mon, 23 Sep 2019 22:30:35 +0000 (GMT) Received: from maxibm.ibmuc.com (unknown [9.85.133.177]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 23 Sep 2019 22:30:35 +0000 (GMT) From: "Maxiwell S. Garcia" To: petitboot@lists.ozlabs.org Subject: [PATCH v2 2/4] discover: Add helper functions to read ELF notes Date: Mon, 23 Sep 2019 19:30:22 -0300 Message-Id: <20190923223024.995-3-maxiwell@linux.ibm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190923223024.995-1-maxiwell@linux.ibm.com> References: <20190923223024.995-1-maxiwell@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-09-23_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1909230189 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" The libelf has low level functions to access the ELF structures. This commit adds two external higher level functions: elf_open_image(): - Get the ELF structure from a binary; elf_getnote_desc() - Get the ELF note 'descriptor' using both namespace and ELF type. The definitions used in the 'elf.h' was taken from linux source code: - arch/powerpc/include/asm/elfnote.h - arch/powerpc/kernel/note.S Signed-off-by: Maxiwell S. Garcia --- discover/Makefile.am | 4 ++- discover/elf.c | 86 ++++++++++++++++++++++++++++++++++++++++++++ discover/elf.h | 29 +++++++++++++++ 3 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 discover/elf.c create mode 100644 discover/elf.h diff --git a/discover/Makefile.am b/discover/Makefile.am index e2d0e93..2339203 100644 --- a/discover/Makefile.am +++ b/discover/Makefile.am @@ -80,7 +80,9 @@ discover_platform_ro_SOURCES = \ discover/ipmi.h \ discover/dt.c \ discover/dt.h \ - discover/hostboot.h + discover/hostboot.h \ + discover/elf.c \ + discover/elf.h if PLATFORM_ARM64 discover_platform_ro_SOURCES += discover/platform-arm64.c diff --git a/discover/elf.c b/discover/elf.c new file mode 100644 index 0000000..8c2711e --- /dev/null +++ b/discover/elf.c @@ -0,0 +1,86 @@ +#include +#include +#include + +#include +#include "elf.h" + +Elf *elf_open_image(const char *image) +{ + int fd; + Elf *elf = NULL; + int err; + + if (!image) { + pb_log_fn("kernel image path is null\n"); + return NULL; + } + + if ((elf_version(EV_CURRENT) == EV_NONE) || + ((fd = open(image, O_RDONLY, 0)) == -1) || + (!(elf = elf_begin(fd, ELF_C_READ, NULL)))) { + err = elf_errno(); + if (err) + pb_log_fn("failed to read %s elf: %s\n", + image, elf_errmsg(err)); + } + + return elf; +} + +static bool elf_getnote_offset(Elf_Data * const edata, + const char *namespace, + const uint32_t type, GElf_Nhdr *nhdr, + size_t *n_off, size_t *d_off) +{ + size_t off = 0; + size_t next; + + /* Iterate through notes */ + while ((next = gelf_getnote(edata, off, nhdr, n_off, d_off)) > 0) { + char *note_ns = (char *) edata->d_buf + (*n_off); + if ((strcmp(note_ns, namespace) == 0) && (nhdr->n_type == type)) + return true; + + off = next; + } + return false; +} + +void *elf_getnote_desc(Elf *elf, + const char *namespace, + uint32_t type) +{ + Elf_Scn *scn = NULL; + Elf_Data *edata = NULL; + GElf_Shdr shdr; + GElf_Nhdr nhdr; + + size_t n_off; + size_t d_off; + void *desc = NULL; + + if (!elf || !namespace) + return NULL; + + /* Iterate through sections */ + while ((scn = elf_nextscn(elf, scn))) { + gelf_getshdr(scn, &shdr); + + /* ELF might have more than one SHT_NOTE section but + only one has the 'namespace' note */ + if (shdr.sh_type == SHT_NOTE) { + edata = elf_getdata(scn, NULL); + if (elf_getnote_offset(edata, namespace, type, + &nhdr, &n_off, &d_off)) { + desc = calloc(nhdr.n_descsz, sizeof(char)); + memcpy(desc, edata->d_buf + d_off, + nhdr.n_descsz); + break; + } + } + } + + return desc; +} + diff --git a/discover/elf.h b/discover/elf.h new file mode 100644 index 0000000..742b791 --- /dev/null +++ b/discover/elf.h @@ -0,0 +1,29 @@ +#ifndef _PB_ELF_H +#define _PB_ELF_H + +#include +#include + +/* + * The PowerPC namespace in an ELF Note of the kernel binary is used to store + * capabilities and information which can be used by a bootloader or userland + * + * docs: Documentation/powerpc/elfnote.rst + */ +#define POWERPC_ELFNOTE_NAMESPACE "PowerPC" + +/* + * The capabilities supported/required by the kernel + * This type uses a bitmap as "desc" field. + */ +#define PPC_ELFNOTE_CAPABILITIES 0x1 + +/* bitmap fields: */ +#define PPCCAP_ULTRAVISOR_BIT 0x1 + +Elf *elf_open_image(const char *image); +void *elf_getnote_desc(Elf *elf, + const char *namespace, + uint32_t type); + +#endif /* _PB_ELF_H */ From patchwork Mon Sep 23 22:30:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Maxiwell S. Garcia" X-Patchwork-Id: 1166226 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46cfDt3hQVz9sNF for ; Tue, 24 Sep 2019 08:31:26 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 46cfDt2Kl6zDqQ4 for ; Tue, 24 Sep 2019 08:31:26 +1000 (AEST) X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=maxiwell@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 46cfD61RfJzDqHP for ; Tue, 24 Sep 2019 08:30:45 +1000 (AEST) Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x8NMQtvG016431 for ; Mon, 23 Sep 2019 18:30:43 -0400 Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com [169.55.85.253]) by mx0a-001b2d01.pphosted.com with ESMTP id 2v73eae18p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 23 Sep 2019 18:30:42 -0400 Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1]) by ppma01wdc.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id x8NMUDf0026412 for ; Mon, 23 Sep 2019 22:30:40 GMT Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma01wdc.us.ibm.com with ESMTP id 2v5bg6q8mf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 23 Sep 2019 22:30:39 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x8NMUc0x60424514 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 23 Sep 2019 22:30:38 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 804A3C6059; Mon, 23 Sep 2019 22:30:38 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 77EE0C605A; Mon, 23 Sep 2019 22:30:37 +0000 (GMT) Received: from maxibm.ibmuc.com (unknown [9.85.133.177]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 23 Sep 2019 22:30:37 +0000 (GMT) From: "Maxiwell S. Garcia" To: petitboot@lists.ozlabs.org Subject: [PATCH v2 3/4] ui/ncurses: Add preboot check option in the config screen Date: Mon, 23 Sep 2019 19:30:23 -0300 Message-Id: <20190923223024.995-4-maxiwell@linux.ibm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190923223024.995-1-maxiwell@linux.ibm.com> References: <20190923223024.995-1-maxiwell@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-09-23_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1909230189 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Petitboot might run some checks to validate the kernel images before call the kexec load. This patch adds both 'preboot check' option in the config UI screen and a NVRAM variable 'petitboot,preboot_check' to make the user choice persistent. The 'preboot check' is enabled by default. The 'petitboot,preboot_check' is created on NVRAM only when 'preboot check' is disabled by the user. Signed-off-by: Maxiwell S. Garcia --- discover/platform-powerpc.c | 7 ++++++ discover/platform.c | 4 ++++ lib/param_list/param_list.c | 1 + lib/pb-protocol/pb-protocol.c | 9 ++++++++ lib/types/types.h | 2 ++ ui/ncurses/nc-config.c | 43 ++++++++++++++++++++++++++++++++++- 6 files changed, 65 insertions(+), 1 deletion(-) diff --git a/discover/platform-powerpc.c b/discover/platform-powerpc.c index 5d7cc59..e4422d9 100644 --- a/discover/platform-powerpc.c +++ b/discover/platform-powerpc.c @@ -222,6 +222,13 @@ static void params_update_all(struct param_list *pl, params_update_network_values(pl, "petitboot,network", config); params_update_bootdev_values(pl, "petitboot,bootdevs", config); + + if (config->preboot_check_enabled == defaults->preboot_check_enabled) + val = ""; + else + val = config->preboot_check_enabled ? "true" : "false"; + + param_list_set_non_empty(pl, "petitboot,preboot_check", val, true); } static void config_set_ipmi_bootdev(struct config *config, enum ipmi_bootdev bootdev, diff --git a/discover/platform.c b/discover/platform.c index 8ce52fc..ea45594 100644 --- a/discover/platform.c +++ b/discover/platform.c @@ -159,6 +159,7 @@ void config_set_defaults(struct config *config) else config->lang = NULL; + config->preboot_check_enabled = true; } int platform_init(void *ctx) @@ -572,6 +573,9 @@ void config_populate_all(struct config *config, const struct param_list *pl) val = param_list_get_value(pl, "petitboot,https_proxy"); if (val) config->https_proxy = talloc_strdup(config, val); + + val = param_list_get_value(pl, "petitboot,preboot_check"); + config->preboot_check_enabled = !val || strcmp(val, "false"); } static char *interface_config_str(void *ctx, struct interface_config *config) diff --git a/lib/param_list/param_list.c b/lib/param_list/param_list.c index 9a01be6..62baddf 100644 --- a/lib/param_list/param_list.c +++ b/lib/param_list/param_list.c @@ -23,6 +23,7 @@ const char **common_known_params(void) "petitboot,http_proxy", "petitboot,https_proxy", "petitboot,password", + "petitboot,preboot_check", NULL, }; diff --git a/lib/pb-protocol/pb-protocol.c b/lib/pb-protocol/pb-protocol.c index daf4ec9..c9debbd 100644 --- a/lib/pb-protocol/pb-protocol.c +++ b/lib/pb-protocol/pb-protocol.c @@ -341,6 +341,8 @@ int pb_protocol_config_len(const struct config *config) len += 4 + optional_strlen(config->lang); + len += 4; /* preboot check */ + return len; } @@ -667,6 +669,9 @@ int pb_protocol_serialise_config(const struct config *config, pos += pb_protocol_serialise_string(pos, config->lang); + *(uint32_t *)pos = config->preboot_check_enabled; + pos += 4; + assert(pos <= buf + buf_len); return (pos <= buf + buf_len) ? 0 : -1; @@ -1317,6 +1322,10 @@ int pb_protocol_deserialise_config(struct config *config, config->lang = str; + if (read_u32(&pos, &len, &tmp)) + goto out; + config->preboot_check_enabled = !!tmp; + rc = 0; out: diff --git a/lib/types/types.h b/lib/types/types.h index 433a37b..7643234 100644 --- a/lib/types/types.h +++ b/lib/types/types.h @@ -184,6 +184,8 @@ struct config { unsigned int autoboot_timeout_sec; struct network_config network; + bool preboot_check_enabled; + struct autoboot_option *autoboot_opts; unsigned int n_autoboot_opts; diff --git a/ui/ncurses/nc-config.c b/ui/ncurses/nc-config.c index 943ee8a..b12baec 100644 --- a/ui/ncurses/nc-config.c +++ b/ui/ncurses/nc-config.c @@ -34,7 +34,7 @@ #include "nc-config.h" #include "nc-widgets.h" -#define N_FIELDS 51 +#define N_FIELDS 53 extern struct help_text config_help_text; @@ -70,6 +70,8 @@ struct config_screen { bool ipmi_mailbox; bool net_override; + bool preboot_check_enabled; + struct { struct nc_widget_label *autoboot_l; struct nc_widget_select *autoboot_f; @@ -124,6 +126,9 @@ struct config_screen { struct nc_widget_button *update_password_l; + struct nc_widget_label *preboot_check_l; + struct nc_widget_select *preboot_check_f; + struct nc_widget_label *net_override_l; struct nc_widget_label *safe_mode; struct nc_widget_button *ok_b; @@ -364,6 +369,9 @@ static int screen_process_form(struct config_screen *screen) } } + config->preboot_check_enabled = widget_select_get_value( + screen->widgets.preboot_check_f); + config->safe_mode = false; rc = cui_send_config(screen->cui, config); talloc_free(config); @@ -735,6 +743,17 @@ static void config_screen_layout_widgets(struct config_screen *screen) y += 1; } + wl = widget_label_base(screen->widgets.preboot_check_l); + widget_set_visible(wl, true); + widget_move(wl, y, screen->label_x); + + wf = widget_select_base(screen->widgets.preboot_check_f); + widget_set_visible(wf, true); + widget_move(wf, y, screen->field_x); + y += widget_height(wf); + + y += 1; + widget_move(widget_button_base(screen->widgets.ok_b), y, screen->field_x); widget_move(widget_button_base(screen->widgets.help_b), @@ -770,6 +789,15 @@ static void config_screen_autoboot_change(void *arg, int value) widgetset_post(screen->widgetset); } +static void config_screen_preboot_check_change(void *arg, int value) +{ + struct config_screen *screen = arg; + screen->preboot_check_enabled = !!value; + widgetset_unpost(screen->widgetset); + config_screen_layout_widgets(screen); + widgetset_post(screen->widgetset); +} + static void config_screen_add_device(void *arg) { struct config_screen *screen = arg; @@ -1196,6 +1224,19 @@ static void config_screen_setup_widgets(struct config_screen *screen, _("Update system password"), password_click, screen); #endif + screen->preboot_check_enabled = config->preboot_check_enabled; + screen->widgets.preboot_check_l = widget_new_label(set, 0, 0, _("Pre-boot Check:")); + screen->widgets.preboot_check_f = widget_new_select(set, 0, 0, + COLS - screen->field_x - 1); + + widget_select_add_option(screen->widgets.preboot_check_f, 0, _("Disabled"), + !screen->preboot_check_enabled); + widget_select_add_option(screen->widgets.preboot_check_f, 1, _("Enabled"), + screen->preboot_check_enabled); + + widget_select_on_change(screen->widgets.preboot_check_f, + config_screen_preboot_check_change, screen); + screen->widgets.ok_b = widget_new_button(set, 0, 0, 10, _("OK"), ok_click, screen); screen->widgets.help_b = widget_new_button(set, 0, 0, 10, _("Help"), From patchwork Mon Sep 23 22:30:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Maxiwell S. Garcia" X-Patchwork-Id: 1166225 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 46cfDm46Zcz9s00 for ; Tue, 24 Sep 2019 08:31:20 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 46cfDm2xx3zDqQ9 for ; Tue, 24 Sep 2019 08:31:20 +1000 (AEST) X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=maxiwell@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 46cfD60yt9zDqH4 for ; Tue, 24 Sep 2019 08:30:45 +1000 (AEST) Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x8NMQrsA042559 for ; Mon, 23 Sep 2019 18:30:43 -0400 Received: from ppma02wdc.us.ibm.com (aa.5b.37a9.ip4.static.sl-reverse.com [169.55.91.170]) by mx0a-001b2d01.pphosted.com with ESMTP id 2v75vb1n60-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 23 Sep 2019 18:30:43 -0400 Received: from pps.filterd (ppma02wdc.us.ibm.com [127.0.0.1]) by ppma02wdc.us.ibm.com (8.16.0.27/8.16.0.27) with SMTP id x8NMUBue005506 for ; Mon, 23 Sep 2019 22:30:42 GMT Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by ppma02wdc.us.ibm.com with ESMTP id 2v5bg6q88m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 23 Sep 2019 22:30:42 +0000 Received: from b03ledav006.gho.boulder.ibm.com (b03ledav006.gho.boulder.ibm.com [9.17.130.237]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x8NMUejg53019134 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 23 Sep 2019 22:30:40 GMT Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AF1C5C6057; Mon, 23 Sep 2019 22:30:40 +0000 (GMT) Received: from b03ledav006.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 31F18C6055; Mon, 23 Sep 2019 22:30:39 +0000 (GMT) Received: from maxibm.ibmuc.com (unknown [9.85.133.177]) by b03ledav006.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 23 Sep 2019 22:30:38 +0000 (GMT) From: "Maxiwell S. Garcia" To: petitboot@lists.ozlabs.org Subject: [PATCH v2 4/4] discover: Check if the kernel image has Ultravisor support Date: Mon, 23 Sep 2019 19:30:24 -0300 Message-Id: <20190923223024.995-5-maxiwell@linux.ibm.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190923223024.995-1-maxiwell@linux.ibm.com> References: <20190923223024.995-1-maxiwell@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-09-23_08:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1909230189 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" The PPC kernel image has an ELF Note 'namespace' called 'PowerPC' to store capabilities and information which can be used by a bootloader or userland. The capabilities can be accessed using the 'type' PPC_ELFNOTE_CAPABILITIES which returns a bitmap as 'descriptor' field. Bit 0 in this bitmap indicates that the powerpc kernel binary knows how to run in an ultravisor-enabled system. So, using this bit, the petitboot can decide to abort the boot if the kernel is incompatible, avoiding the crash later. This validation only occours on PowerPC ultravisor-system and if the config 'preboot check' in UI screen is enabled. Signed-off-by: Maxiwell S. Garcia --- discover/boot.c | 21 ++++++++++++++++++ discover/platform-powerpc.c | 43 +++++++++++++++++++++++++++++++++++++ discover/platform.c | 11 ++++++++++ discover/platform.h | 5 +++++ 4 files changed, 80 insertions(+) diff --git a/discover/boot.c b/discover/boot.c index 91fc46d..9963498 100644 --- a/discover/boot.c +++ b/discover/boot.c @@ -401,6 +401,24 @@ static void cleanup_cancellations(struct boot_task *task, talloc_free(task); } +static bool preboot_check(struct boot_task *task) +{ + const char *local_image = (task->local_image_override) ? + task->local_image_override : task->local_image; + + char *preboot_check_err_msg = NULL; + bool preboot_check_ret = platform_preboot_check(local_image, + &preboot_check_err_msg); + + if (preboot_check_err_msg) { + update_status(task->status_fn, task->status_arg, + STATUS_ERROR, "%s", preboot_check_err_msg); + talloc_free(preboot_check_err_msg); + } + + return preboot_check_ret; +} + static void boot_process(struct load_url_result *result, void *data) { struct boot_task *task = data; @@ -424,6 +442,9 @@ static void boot_process(struct load_url_result *result, void *data) run_boot_hooks(task); + if (!preboot_check(task)) + return; + update_status(task->status_fn, task->status_arg, STATUS_INFO, _("Performing kexec load")); diff --git a/discover/platform-powerpc.c b/discover/platform-powerpc.c index e4422d9..7efa531 100644 --- a/discover/platform-powerpc.c +++ b/discover/platform-powerpc.c @@ -21,6 +21,7 @@ #include "platform.h" #include "ipmi.h" #include "dt.h" +#include "elf.h" static const char *partition = "common"; static const char *sysparams_dir = "/sys/firmware/opal/sysparams/"; @@ -930,6 +931,47 @@ static void pre_boot(struct platform *p, const struct config *config) platform->set_os_boot_sensor(platform); } +static bool preboot_check(struct platform *p, + const struct config *config, + const char *image, + char **err_msg) +{ + struct platform_powerpc *platform = p->platform_data; + unsigned int *ppc_cap_bitmap = NULL; + bool ultravisor_enabled; + struct stat statbuf; + bool ret = true; + + /* check if ultravisor-system is enabled */ + ultravisor_enabled = stat("/proc/device-tree/ibm,ultravisor", + &statbuf) == 0; + + /* if ultravisor-system is disabled, continue the boot process */ + if (!ultravisor_enabled) + return true; + + ppc_cap_bitmap = elf_getnote_desc(elf_open_image(image), + POWERPC_ELFNOTE_NAMESPACE, + PPC_ELFNOTE_CAPABILITIES); + + if ((ppc_cap_bitmap) && (*ppc_cap_bitmap & PPCCAP_ULTRAVISOR_BIT)) { + pb_debug("kernel capabilities: ultravisor mode found.\n"); + } else { + ret = false; + pb_log_fn("kernel capabilities failed:" + " IBM Ultravisor mode is required.\n"); + *err_msg = talloc_strdup(platform, "IBM Ultravisor capability" + " not found"); + } + free(ppc_cap_bitmap); + + /* if preboot_check is disabled, continue the boot process */ + if (!config->preboot_check_enabled) + return true; + + return ret; +} + static int get_sysinfo(struct platform *p, struct system_info *sysinfo) { struct platform_powerpc *platform = p->platform_data; @@ -1035,6 +1077,7 @@ static struct platform platform_powerpc = { .get_sysinfo = get_sysinfo, .restrict_clients = restrict_clients, .set_password = set_password, + .preboot_check = preboot_check, }; register_platform(platform_powerpc); diff --git a/discover/platform.c b/discover/platform.c index ea45594..9d52f2a 100644 --- a/discover/platform.c +++ b/discover/platform.c @@ -207,6 +207,17 @@ void platform_pre_boot(void) platform->pre_boot(platform, config); } +bool platform_preboot_check(const char *image, char **err_msg) +{ + const struct config *config = config_get(); + + if (platform && config && platform->preboot_check) + return platform->preboot_check(platform, config, + image, err_msg); + + return true; +} + int platform_get_sysinfo(struct system_info *info) { if (platform && platform->get_sysinfo) diff --git a/discover/platform.h b/discover/platform.h index 5a5c990..fe3d390 100644 --- a/discover/platform.h +++ b/discover/platform.h @@ -14,6 +14,10 @@ struct platform { int (*get_sysinfo)(struct platform *, struct system_info *); bool (*restrict_clients)(struct platform *); int (*set_password)(struct platform *, const char *hash); + bool (*preboot_check)(struct platform *, + const struct config *, + const char *image, + char **err_msg); uint16_t dhcp_arch_id; void *platform_data; }; @@ -25,6 +29,7 @@ int platform_get_sysinfo(struct system_info *info); bool platform_restrict_clients(void); int platform_set_password(const char *hash); void platform_pre_boot(void); +bool platform_preboot_check(const char *image, char **err_msg); /* configuration interface */ const struct config *config_get(void);