xref: /dports/emulators/qemu60/qemu-6.0.0/roms/skiboot/doc/release-notes/skiboot-5.4.0-rc2.rst

.. _skiboot-5.4.0-rc2:

=================
skiboot-5.4.0-rc2
=================

skiboot-5.4.0-rc2 was released on Wednesday October 26th 2016. It is the
second release candidate of skiboot 5.4, which will become the new stable
release of skiboot following the 5.3 release, first released August 2nd 2016.

skiboot-5.4.0-rc2 contains all bug fixes as of :ref:`skiboot-5.3.7`
and :ref:`skiboot-5.1.18` (the currently maintained stable releases).

For how the skiboot stable releases work, see :ref:`stable-rules` for details.

Since this is a release candidate, it should *NOT* be put into production.

The current plan is to release a new release candidate every week until we
feel good about it. The aim is for skiboot-5.4.x to be in op-build v1.13, which
is due by November 23rd 2016.

Over :ref:`skiboot-5.4.0-rc1`, we have a few changes:

Secure and Trusted Boot
=======================

skiboot 5.4.0-rc2 improves upon the progress towards Secure and Trusted Boot
in rc1. It is important to note that this is *not* a complete, end-to-end
secure/trusted boot implementation.

With the current code, it is now possible to verify and measure resources
loaded from PNOR by skiboot (namely the CAPP and BOOTKERNEL partitions).

Note that this functionality is currently *only* available on systems that
use the libflash backend. It is *NOT* enabled on IBM FSP based systems.
There is some support for some simulators though.

- libstb/stb.c: ignore the secure mode flag unless forced in NVRAM

  For this stage in Trusted Boot development, we are wishing to not
  force Secure Mode through the whole firmware boot process, but we
  are wanting to be able to test it (classic chicken and egg problem with
  build infrastructure).

  We disabled secure mode if the secure-enabled devtree property is
  read from the device tree *IF* we aren't overriding it through NVRAM.
  Seeing as we can only increase (not decrease) what we're checking through
  the NVRAM variable, it is safe.

  The NVRAM setting is force-secure-mode=true in the ibm,skiboot partition.

  However, if you want to force secure mode even if Hostboot has *not* set
  the secure-enabled proprety in the device tree, set force-secure-mode
  to "always".

  There is also a force-trusted-mode NVRAM setting to force trusted mode
  even if Hostboot has not enabled it int the device tree.

  To indicate to Linux that we haven't gone through the whole firmware
  process in secure mode, we replace the 'secure-enabled' property with
  'partial-secure-enabled', to indicate that only part of the firmware
  boot process has gone through secure mode.


Command line arguments to BOOTKERNEL
====================================

- core/init.c: Fix bootargs parsing

  Currently the bootargs are unconditionally deleted, which causes
  a bug where the bootargs passed in by the device tree are lost.

  This patch deletes bootargs only if it needs to be replaced by the NVRAM
  entry.

  This patch also removes KERNEL_COMMAND_LINE config option in favour of
  using the NVRAM or a device tree.

pflash utility
==============

- external/pflash: Make MTD accesses the default

  Now that BMC and host kernel mtd drivers exist and have matured we
  should use them by default.

  This is especially important since we seem to be telling everyone to use
  pflash (pflash world domination plans are continuing on schedule).
- external/pflash: Catch incompatible combination of flags
- external/common: arm: Don't error trying to wrprotect with MTD access
- libflash/libffs: Use blocklevel_smart_write() when updating partitions

Other changes
=============
- extract-gcov: build with -m64 if compiler supports it.

  Fixes build break on 32bit ppc64 (e.g. PowerMac G5, where user space
  is mostly 32bit).

Fast Reset
==========

- fast-reset: disable fast reboot in event of platform error

  Most of the time, if we're rebooting due to a platform error, we should
  trigger a checkstop. However, if we haven't been told what we should do
  to trigger a checkstop (e.g. on an FSP machine), then we should still
  fail to fast-reboot.

  So, disable fast-reboot in the OPAL_CEC_REBOOT2 code path
  for OPAL_REBOOT_PLATFORM_ERROR reboot type.
- fast-reboot: disable on FSP code update or unrecoverable HMI
- fast-reboot: abort fast reboot if CAPP attached

  If a PHB is in CAPI mode, we cannot safely fast reboot - the PHB will be
  fenced during the reboot resulting in major problems when we load the new
  kernel.

  In order to handle this safely, we need to disable CAPI mode before
  resetting PHBs during the fast reboot. However, we don't currently support
  this.

  In the meantime, when fast rebooting, check if there are any PHBs with a
  CAPP attached, and if so, abort the fast reboot and revert to a normal
  reboot instead.

OpenPOWER Platforms
===================

For all hardware platforms that aren't IBM FSP machines:

- Revert "flash: Move flash node under ibm,opal/flash/"

  This reverts commit e1e6d009860d0ef60f9daf7a0fbe15f869516bd0.

  Breaks DT enough that it makes people cranky, reverting for now.
  This could break access to flash with existing kernels in POWER9 simulators

- flash: rework flash_load_resource to correctly read FFS/STB

  This fixes the previous reverts of loading the CAPP partition with
  STB headers (which broke CAPP partitions without STB headers).

  The new logic fixes both CAPP partition loading with STB headers *and*
  addresses a long standing bug due to differing interpretations of FFS.

  The f_part utility that *constructs* PNOR files just sets actualSize=totalSize
  no matter on what the size of the partition is. Prior to this patch,
  skiboot would always load actualSize, leading to longer than needed IPL.

  The pflash utility updates actualSize, so no developer has really ever
  noticed this, apart from maybe an inkling that it's odd that a freshly
  baked PNOR from op-build takes ever so slightly longer to boot than one
  that has had individual partitions pflashed in.

  With this patch, we now compute actualSize. For partitions with a STB
  header, we take the payload size from the STB header. For partitions
  that don't have a STB header, we compute the size either by parsing
  the ELF header or by looking at the subpartition header and computing it.

  We now need to read the entire partition for partitions with subpartitions
  so that we pass consistent values to be measured as part of Trusted Boot.

  As of this patch, the actualSize field in FFS is *not* relied on for
  partition size, we determine it from the content of the partition.

  However, this patch *will* break loading of partitions that are not ELF
  and do not contain subpartitions. Luckily, nothing in-tree makes use of
  that.

PCI
===
- pci: Check power state before powering off slot

  Prevents the erroneous "Error -1 powering off slot" error message.

Contributors
============
Since :ref:`skiboot-5.4.0-rc1`, we have 23 csets from 8 developers.

A total of 876 lines added, 621 removed (delta 255)

Developers with the most changesets

============================ = =======
Developer                    # %
============================ = =======
Stewart Smith                7 (30.4%)
Cyril Bur                    5 (21.7%)
Mukesh Ojha                  3 (13.0%)
Gavin Shan                   3 (13.0%)
Claudio Carvalho             2 (8.7%)
Chris Smart                  1 (4.3%)
Andrew Donnellan             1 (4.3%)
Nageswara R Sastry           1 (4.3%)
============================ = =======

Developers with the most changed lines

========================== === =======
Developer                    # %
========================== === =======
Stewart Smith              424 (45.7%)
Mukesh Ojha                204 (22.0%)
Gavin Shan                 173 (18.6%)
Cyril Bur                   69 (7.4%)
Claudio Carvalho            35 (3.8%)
Andrew Donnellan            13 (1.4%)
Chris Smart                  8 (0.9%)
Nageswara R Sastry           2 (0.2%)
========================== === =======

Developers with the most lines removed

============================ = =======
Developer                    # %
============================ = =======
Gavin Shan                   9 (1.4%)
Chris Smart                  4 (0.6%)
============================ = =======

Developers with the most signoffs (total 16)

=========================== == ========
Developer                    # %
=========================== == ========
Stewart Smith               16 (100.0%)
=========================== == ========

Developers with the most reviews (total 4)

============================ = =======
Developer                    # %
============================ = =======
Vasant Hegde                 2 (50.0%)
Andrew Donnellan             2 (50.0%)
============================ = =======

Developers with the most test credits (total 1)

============================ = =======
Developer                    # %
============================ = =======
Pridhiviraj Paidipeddi       1 (100.0%)
============================ = =======

Developers who gave the most tested-by credits (total 1)

============================ = =======
Developer                    # %
============================ = =======
Gavin Shan                   1 (100.0%)
============================ = =======

Developers with the most report credits (total 3)

============================ = =======
Developer                    # %
============================ = =======
Pridhiviraj Paidipeddi       1 (33.3%)
Andrei Warkenti              1 (33.3%)
Michael Neuling              1 (33.3%)
============================ = =======

Developers who gave the most report credits (total 3)

============================ = =======
Developer                    # %
============================ = =======
Stewart Smith                2 (66.7%)
Gavin Shan                   1 (33.3%)
============================ = =======