1.. _skiboot-5.4.0-rc2: 2 3================= 4skiboot-5.4.0-rc2 5================= 6 7skiboot-5.4.0-rc2 was released on Wednesday October 26th 2016. It is the 8second release candidate of skiboot 5.4, which will become the new stable 9release of skiboot following the 5.3 release, first released August 2nd 2016. 10 11skiboot-5.4.0-rc2 contains all bug fixes as of :ref:`skiboot-5.3.7` 12and :ref:`skiboot-5.1.18` (the currently maintained stable releases). 13 14For how the skiboot stable releases work, see :ref:`stable-rules` for details. 15 16Since this is a release candidate, it should *NOT* be put into production. 17 18The current plan is to release a new release candidate every week until we 19feel good about it. The aim is for skiboot-5.4.x to be in op-build v1.13, which 20is due by November 23rd 2016. 21 22Over :ref:`skiboot-5.4.0-rc1`, we have a few changes: 23 24Secure and Trusted Boot 25======================= 26 27skiboot 5.4.0-rc2 improves upon the progress towards Secure and Trusted Boot 28in rc1. It is important to note that this is *not* a complete, end-to-end 29secure/trusted boot implementation. 30 31With the current code, it is now possible to verify and measure resources 32loaded from PNOR by skiboot (namely the CAPP and BOOTKERNEL partitions). 33 34Note that this functionality is currently *only* available on systems that 35use the libflash backend. It is *NOT* enabled on IBM FSP based systems. 36There is some support for some simulators though. 37 38- libstb/stb.c: ignore the secure mode flag unless forced in NVRAM 39 40 For this stage in Trusted Boot development, we are wishing to not 41 force Secure Mode through the whole firmware boot process, but we 42 are wanting to be able to test it (classic chicken and egg problem with 43 build infrastructure). 44 45 We disabled secure mode if the secure-enabled devtree property is 46 read from the device tree *IF* we aren't overriding it through NVRAM. 47 Seeing as we can only increase (not decrease) what we're checking through 48 the NVRAM variable, it is safe. 49 50 The NVRAM setting is force-secure-mode=true in the ibm,skiboot partition. 51 52 However, if you want to force secure mode even if Hostboot has *not* set 53 the secure-enabled proprety in the device tree, set force-secure-mode 54 to "always". 55 56 There is also a force-trusted-mode NVRAM setting to force trusted mode 57 even if Hostboot has not enabled it int the device tree. 58 59 To indicate to Linux that we haven't gone through the whole firmware 60 process in secure mode, we replace the 'secure-enabled' property with 61 'partial-secure-enabled', to indicate that only part of the firmware 62 boot process has gone through secure mode. 63 64 65Command line arguments to BOOTKERNEL 66==================================== 67 68- core/init.c: Fix bootargs parsing 69 70 Currently the bootargs are unconditionally deleted, which causes 71 a bug where the bootargs passed in by the device tree are lost. 72 73 This patch deletes bootargs only if it needs to be replaced by the NVRAM 74 entry. 75 76 This patch also removes KERNEL_COMMAND_LINE config option in favour of 77 using the NVRAM or a device tree. 78 79pflash utility 80============== 81 82- external/pflash: Make MTD accesses the default 83 84 Now that BMC and host kernel mtd drivers exist and have matured we 85 should use them by default. 86 87 This is especially important since we seem to be telling everyone to use 88 pflash (pflash world domination plans are continuing on schedule). 89- external/pflash: Catch incompatible combination of flags 90- external/common: arm: Don't error trying to wrprotect with MTD access 91- libflash/libffs: Use blocklevel_smart_write() when updating partitions 92 93Other changes 94============= 95- extract-gcov: build with -m64 if compiler supports it. 96 97 Fixes build break on 32bit ppc64 (e.g. PowerMac G5, where user space 98 is mostly 32bit). 99 100Fast Reset 101========== 102 103- fast-reset: disable fast reboot in event of platform error 104 105 Most of the time, if we're rebooting due to a platform error, we should 106 trigger a checkstop. However, if we haven't been told what we should do 107 to trigger a checkstop (e.g. on an FSP machine), then we should still 108 fail to fast-reboot. 109 110 So, disable fast-reboot in the OPAL_CEC_REBOOT2 code path 111 for OPAL_REBOOT_PLATFORM_ERROR reboot type. 112- fast-reboot: disable on FSP code update or unrecoverable HMI 113- fast-reboot: abort fast reboot if CAPP attached 114 115 If a PHB is in CAPI mode, we cannot safely fast reboot - the PHB will be 116 fenced during the reboot resulting in major problems when we load the new 117 kernel. 118 119 In order to handle this safely, we need to disable CAPI mode before 120 resetting PHBs during the fast reboot. However, we don't currently support 121 this. 122 123 In the meantime, when fast rebooting, check if there are any PHBs with a 124 CAPP attached, and if so, abort the fast reboot and revert to a normal 125 reboot instead. 126 127OpenPOWER Platforms 128=================== 129 130For all hardware platforms that aren't IBM FSP machines: 131 132- Revert "flash: Move flash node under ibm,opal/flash/" 133 134 This reverts commit e1e6d009860d0ef60f9daf7a0fbe15f869516bd0. 135 136 Breaks DT enough that it makes people cranky, reverting for now. 137 This could break access to flash with existing kernels in POWER9 simulators 138 139- flash: rework flash_load_resource to correctly read FFS/STB 140 141 This fixes the previous reverts of loading the CAPP partition with 142 STB headers (which broke CAPP partitions without STB headers). 143 144 The new logic fixes both CAPP partition loading with STB headers *and* 145 addresses a long standing bug due to differing interpretations of FFS. 146 147 The f_part utility that *constructs* PNOR files just sets actualSize=totalSize 148 no matter on what the size of the partition is. Prior to this patch, 149 skiboot would always load actualSize, leading to longer than needed IPL. 150 151 The pflash utility updates actualSize, so no developer has really ever 152 noticed this, apart from maybe an inkling that it's odd that a freshly 153 baked PNOR from op-build takes ever so slightly longer to boot than one 154 that has had individual partitions pflashed in. 155 156 With this patch, we now compute actualSize. For partitions with a STB 157 header, we take the payload size from the STB header. For partitions 158 that don't have a STB header, we compute the size either by parsing 159 the ELF header or by looking at the subpartition header and computing it. 160 161 We now need to read the entire partition for partitions with subpartitions 162 so that we pass consistent values to be measured as part of Trusted Boot. 163 164 As of this patch, the actualSize field in FFS is *not* relied on for 165 partition size, we determine it from the content of the partition. 166 167 However, this patch *will* break loading of partitions that are not ELF 168 and do not contain subpartitions. Luckily, nothing in-tree makes use of 169 that. 170 171PCI 172=== 173- pci: Check power state before powering off slot 174 175 Prevents the erroneous "Error -1 powering off slot" error message. 176 177Contributors 178============ 179Since :ref:`skiboot-5.4.0-rc1`, we have 23 csets from 8 developers. 180 181A total of 876 lines added, 621 removed (delta 255) 182 183Developers with the most changesets 184 185============================ = ======= 186Developer # % 187============================ = ======= 188Stewart Smith 7 (30.4%) 189Cyril Bur 5 (21.7%) 190Mukesh Ojha 3 (13.0%) 191Gavin Shan 3 (13.0%) 192Claudio Carvalho 2 (8.7%) 193Chris Smart 1 (4.3%) 194Andrew Donnellan 1 (4.3%) 195Nageswara R Sastry 1 (4.3%) 196============================ = ======= 197 198Developers with the most changed lines 199 200========================== === ======= 201Developer # % 202========================== === ======= 203Stewart Smith 424 (45.7%) 204Mukesh Ojha 204 (22.0%) 205Gavin Shan 173 (18.6%) 206Cyril Bur 69 (7.4%) 207Claudio Carvalho 35 (3.8%) 208Andrew Donnellan 13 (1.4%) 209Chris Smart 8 (0.9%) 210Nageswara R Sastry 2 (0.2%) 211========================== === ======= 212 213Developers with the most lines removed 214 215============================ = ======= 216Developer # % 217============================ = ======= 218Gavin Shan 9 (1.4%) 219Chris Smart 4 (0.6%) 220============================ = ======= 221 222Developers with the most signoffs (total 16) 223 224=========================== == ======== 225Developer # % 226=========================== == ======== 227Stewart Smith 16 (100.0%) 228=========================== == ======== 229 230Developers with the most reviews (total 4) 231 232============================ = ======= 233Developer # % 234============================ = ======= 235Vasant Hegde 2 (50.0%) 236Andrew Donnellan 2 (50.0%) 237============================ = ======= 238 239Developers with the most test credits (total 1) 240 241============================ = ======= 242Developer # % 243============================ = ======= 244Pridhiviraj Paidipeddi 1 (100.0%) 245============================ = ======= 246 247Developers who gave the most tested-by credits (total 1) 248 249============================ = ======= 250Developer # % 251============================ = ======= 252Gavin Shan 1 (100.0%) 253============================ = ======= 254 255Developers with the most report credits (total 3) 256 257============================ = ======= 258Developer # % 259============================ = ======= 260Pridhiviraj Paidipeddi 1 (33.3%) 261Andrei Warkenti 1 (33.3%) 262Michael Neuling 1 (33.3%) 263============================ = ======= 264 265Developers who gave the most report credits (total 3) 266 267============================ = ======= 268Developer # % 269============================ = ======= 270Stewart Smith 2 (66.7%) 271Gavin Shan 1 (33.3%) 272============================ = ======= 273