[Skiboot] skiboot 5.10-rc2

Fri Feb 9 16:16:01 AEDT 2018

skiboot-5.10-rc2
****************

skiboot v5.10-rc2 was released on Friday February 9th 2018. It is the
second release candidate of skiboot 5.10, which will become the new
stable release of skiboot following the 5.9 release, first released
October 31st 2017.

skiboot v5.10-rc2 contains all bug fixes as of *skiboot-5.9.8* and
*skiboot-5.4.9* (the currently maintained stable releases). There may
be more 5.9.x stable releases, it will depend on demand.

For how the skiboot stable releases work, see Skiboot stable tree
rules and releases for details.

The current plan is to cut the final 5.10 in February, with skiboot
5.10 being for all POWER8 and POWER9 platforms in op-build v1.21. This
release will be targeted to early POWER9 systems.

Over skiboot-5.10-rc1, we have the following changes:

* hw/npu2: Implement logging HMI actions

* opal-prd: Fix FTBFS with -Werror=format-overflow

  i2c.c fails to compile with gcc7 and -Werror=format-overflow used in
  Debian Unstable and Ubuntu 18.04 :

     i2c.c: In function ‘i2c_init’:
     i2c.c:211:15: error: ‘%s’ directive writing up to 255 bytes into a
     region of size 236 [-Werror=format-overflow=]

* core/exception: beautify exception handler, add MCE-involved
  registers

  Print DSISR and DAR, to help with deciphering machine check
  exceptions, and improve the output a bit, decode NIP symbol, improve
  alignment, etc. Also print a specific header for machine check,
  because we do expect to see these if there is a hardware failure.

  Before:

     [    0.005968779,3] ***********************************************
     [    0.005974102,3] Unexpected exception 200 !
     [    0.005978696,3] SRR0 : 000000003002ad80 SRR1 : 9000000000001000
     [    0.005985239,3] HSRR0: 00000000300027b4 HSRR1: 9000000030001000
     [    0.005991782,3] LR   : 000000003002ad80 CTR  : 0000000000000000
     [    0.005998130,3] CFAR : 00000000300b58bc
     [    0.006002769,3] CR   : 40000004  XER: 20000000
     [    0.006008069,3] GPR00: 000000003002ad80 GPR16: 0000000000000000
     [    0.006015170,3] GPR01: 0000000031c03bd0 GPR17: 0000000000000000
     [...]

  After:

     [    0.003287941,3] ***********************************************
     [    0.003561769,3] Fatal MCE at 000000003002ad80   .nvram_init+0x24
     [    0.003579628,3] CFAR : 00000000300b5964
     [    0.003584268,3] SRR0 : 000000003002ad80 SRR1 : 9000000000001000
     [    0.003590812,3] HSRR0: 00000000300027b4 HSRR1: 9000000030001000
     [    0.003597355,3] DSISR: 00000000         DAR  : 0000000000000000
     [    0.003603480,3] LR   : 000000003002ad68 CTR  : 0000000030093d80
     [    0.003609930,3] CR   : 40000004         XER  : 20000000
     [    0.003615698,3] GPR00: 00000000300149e8 GPR16: 0000000000000000
     [    0.003622799,3] GPR01: 0000000031c03bc0 GPR17: 0000000000000000
     [...]

* core/init: manage MSR[ME] explicitly, always enable

  The current boot sequence inherits MSR[ME] from the IPL firmware,
  and never changes it. Some environments disable MSR[ME] (e.g.,
  mambo), and others can enable it (hostboot).

  This has two problems. First, MSR[ME] must be disabled while in the
  process of taking over the interrupt vector from the previous
  environment.  Second, after installing our machine check handler,
  MSR[ME] should be enabled to get some useful output rather than a
  checkstop.

* fast-reboot: occ: Re-parse the pstate table during fast-reboot

  OCC shares the frequency list to host by copying the pstate table to
  main memory in HOMER. This table is parsed during boot to create
  device-tree properties for frequency and pstate IDs. OCC can update
  the pstate table to present a new set of frequencies to the host.
  But host will remain oblivious to these changes unless it is re-
  inited with the updated device-tree CPU frequency properties. So
  this patch allows to re-parse the pstate table and update the
  device-tree properties during fast-reboot.

  OCC updates the pstate table when asked to do so using pstate-table
  bias command. And this is mainly used by WOF team for
  characterization purposes.

* fast-reboot: move pci_reset error handling into fast-reboot code

  pci_reset() currently does a platform reboot if it fails. It should
  not know about fast-reboot at this level, so instead have it return
  an error, and the fast reboot caller will do the platform reboot.

  The code essentially does the same thing, but flexibility is
  improved. Ideally the fast reboot code should perform pci_reset and
  all such fail-able operations before the CPU resets itself and
  destroys its own stack. That’s not the case now, but that should be
  the goal.

* capi: Fix the max tlbi divider and the directory size.

  Switch to 512KB mode (directory size) as we don’t use bit 48 of the
  tag in addressing the array. This mode is controlled by the Snoop
  CAPI Configuration Register. Set the maximum of the number of data
  polls received before signaling TLBI hang detect timer expired. The
  value of ‘0000’ is equal to 16.

* npu2/tce: Fix page size checking

  The page size is encoded in the TVT data [59:63] as @shift+11 but
  the tce_kill handler does not do the math right; this fixes it.

* stb: Enforce secure boot if called before libstb initialized

* stb: Correctly error out when no PCR for resource

* core/init: move imc catalog preload init after the STB init.

  As a safer side move the imc catalog preload after the STB init to
  make sure the imc catalog resource get’s verified and measured
  properly during loading when both secure and trusted boot modes are
  on.

* libstb: fix failure of calling trusted measure without STB
  initialization.

  When we load a flash resource during OPAL init, STB calls trusted
  measure to measure the given resource. There is a situation when a
  flash gets loaded before STB initialization then trusted measure
  cannot measure properly.

  So this patch fixes this issue by calling trusted measure only if
  the corresponding trusted init was done.

  The ideal fix is to make sure STB init done at the first place
  during init and then do the loading of flash resources, by that way
  STB can properly verify and measure the all resources.

* libstb: fix failure of calling cvc verify without STB
  initialization.

  Currently in OPAL init time at various stages we are loading various
  PNOR partition containers from the flash device. When we load a
  flash resource STB calls the CVC verify and trusted measure(sha512)
  functions. So when we have a flash resource gets loaded before STB
  initialization, then cvc verify function fails to start the verify
  and enforce the boot.

  Below is one of the example failure where our VERSION partition gets
  loading early in the boot stage without STB initialization done.

  This is with secure mode off. STB: VERSION NOT VERIFIED, invalid
  param. buf=0x305ed930, len=4096 key-hash=0x0 hash-size=0

  In the same code path when secure mode is on, the boot process will
  abort.

  So this patch fixes this issue by calling cvc verify only if we have
  STB init was done.

  And also we need a permanent fix in init path to ensure STB init
  gets done at first place and then start loading all other flash
  resources.

* libstb/tpm_chip: Add missing new line to print messages.

* libstb: increase the log level of verify/measure messages to
  PR_NOTICE.

  Currently libstb logs the verify and hash caluculation messages in
  PR_INFO level. So when there is a secure boot enforcement happens in
  loading last flash resource(Ex: BOOTKERNEL), the previous verify and
  measure messages are not logged to console, which is not clear to
  the end user which resource is verified and measured. So this patch
  fixes this by increasing the log level to PR_NOTICE.

-- 
Stewart Smith
OPAL Architect, IBM.