Age | Commit message (Collapse) | Author | Files | Lines |
|
Changelog:
- Add flag CERBERUS_SECURE_BOOT_ONLY. No udpate, recovery and logging.
Change-Id: Id242eca001cadd7e6a0ed116300baa87f56a0ddb
Signed-off-by: Benjamin Fair <benjaminfair@google.com>
|
|
Also remove Google-specific version since it has been merged into the
mainline branch.
Changelog:
IGPS 03.08.00 - Dec 15th 2022
==============
- TIP_FW: 0.5.0 L0 0.3.9 L1
- Code cleanup for production.
- bug fix key selection during recovery.
- Add DME+RIOT data export to PCI MBOX.
- align BMC and TIP that both will use PLL2 and not CLKREF.
- Bug fix: don't save previous INTCR2 for reset indication.
- Bug fix: update flow using wrong KMT.
- TIP_FW: 0.5.0 L0 0.3.9 L1 GOOGLE3
- aligned to the above release.
- split SFDP
- enable flag CERBERUS_SECURE_BOOT_ONLY
- uboot https://github.com/Nuvoton-Israel/u-boot/releases/tag/v2021.04-npcm8xx-20221215
- OpTee: https://github.com/Nuvoton-Israel/optee_os/releases/tag/npcm845x_3.18.0_v1.0
- linux offset 4MB.
- Update scripts to sign in yocto build (signatures only).
Signed-off-by: Benjamin Fair <benjaminfair@google.com>
Change-Id: I396a8e05bc6aa53fd6c7062ed342ce1f26b7e2fb
|
|
Patrick Williams (4):
eslintignore: drop
clang-ignore: rename
beautysh: re-format
prettier: re-format
Change-Id: I9411ad8d58d66f2830f2d4f30838f31c356f9f8e
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Google uses a different version via ipmi-config:
https://github.com/openbmc/openbmc/blob/master/meta-google/recipes-phosphor/ipmi/phosphor-ipmi-config.bbappend
The dbus active software keeps failing and printing errors.
Change-Id: Ibbbc73a2121c51d146f0db76d231a2be5e30231d
Signed-off-by: Willy Tu <wltu@google.com>
|
|
Change-Id: Ifba9ca17d889873d71cefe94d56de0174e70bbe3
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Patrick Williams (2):
ncsid: add shebang on shell libraries
shellcheck: add ignore for files currently failing
Change-Id: Ic7bcdea0f09cd4d11426248acbeea29c471e1066
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
This adds a flag to the interface based on the presence of the NCSI
state machine. Non-NCSI connections will not impersonate the CN to avoid
breaking flat network topologies where the BMC and CN share an ethernet
channel.
Tested: On a machine without an NCSI stack to verify the impersonation
record is not present. Also on a machine with NCSI to prove that
impersonation is still working.
Change-Id: Ifb8048abe443c60a333e7eff7cdc9d063a8c656a
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Sometimes the build does not include directories we remove based on some
system non-determinism.
Change-Id: Ia1c1d66349f1aa0a1bd3ae7860ec10d10fc31b5d
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This enables timesync support for the gbmc distro.
Change-Id: Idb653e6b98a347b5d8c3a0b3a16c6a4abbe268ac
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This is the prod configuration.
Change-Id: I04c33362cf874637caa528779c57bcacfca50201
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
These got updated in meta-phosphor in 305902e3c04e25ba769f3b682bf1dc39266e9447.
Change-Id: Ie75a6b949323bce1ffb4260247730b3d78a1ee46
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Change-Id: I284f85c2a114d079fdca74978bbae867bf120879
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Change-Id: I66f808499e228653cd964422275959be9e12b7d7
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Brandon Kim (1):
bmc_mode_enum: Add cstdint include to the header
Change-Id: Ia9ae5af76fee5140801d9fb927e596ddc9a3b6f1
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Add CONFIG_NPCM_EDAC=y to gbmc-nuvoton.cfg
Signed-off-by: Brandon Kim <brandonkim@google.com>
Change-Id: I046eba8b7dc7d16150faaf0f55fbf1947bb25e5d
|
|
Nikhil Namjoshi (1):
Move bmc mode enum to a header file
Change-Id: I17e14d5d869be1c1ee77cf838b98fe0be23193af
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
These specific versions are needed to boot on Google hardware, so
override the defaults.
Signed-off-by: Benjamin Fair <benjaminfair@google.com>
Change-Id: I200ed7e281868b6bb2ba08129fc122b55d754848
|
|
This package depends on a u-boot environment partition being available,
which we don't have on gBMC systems.
Signed-off-by: Benjamin Fair <benjaminfair@google.com>
Change-Id: I5b875ef05398d79a997106f799b942273e63d84b
|
|
Harvey.Wu (1):
nemora-postd: update add_option function
Change-Id: I747d2a1c96d97e3f2279ddaa649461031083bd0c
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
The repository referenced is still written with Python2 and should
not have any users any longer. Remove all the recipes (and references
to it).
This functionality is implemented in bmcweb (enabled with options)
and should be enabled there if still desired.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Id689a3b749ddadd939ef43343379e569c16bc183
|
|
All of these abstractions have exactly one implementation. Remove the
indirection to improve at a glance comprehension.
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: I5d701aff6d0876fa3b2d16c841cbdcb0433b221f
|
|
A recipe for phosphor-rest has not existed for some time now. Remove
remaining references to it.
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Change-Id: Id5e8232f60172cb877bcecf612740d217cf92f85
|
|
Commit 951f1aabea4c8683cda113e743b68ad2dfd57fa8 removed the entry for
pam_cracklib.so from common-password. This resulted in the next entry in
the file to become the first module. However, as it still contained the
use_authtok flag, this forced the module to not prompt the user for a
new password and instead attempt to use the one provided by the
previously stacked password module. Since there is no previous stacked
password module, the process just fails.
This change adds code to remove the use_authtok entry from the first
password module to fix this issue.
Tested: Check that passwords can be changed again via "passwd".
Signed-off-by: Oskar Senft <osk@google.com>
Change-Id: Id88302732fe9d4c6e6c8cbb0004271d6ea2ac340
|
|
Big cleanups to the phosphor-mapper/phosphor-objmgr recipe.
- Remove all "mapper-config-native" constructs as the underlying
repository has no such support.
- Remove all mapper-related bbclasses as they are no longer relevant.
- Remove environment support in service file as the mapper executable
no longer supports any arguments.
- Greatly simplify the 'libmapper' packaging to avoid stray python
in the recipe.
- Update all recipes to use `DEPENDS += "libmapper"` where appropriate
for clarity if they use libmapper.
- Rename the recipe from phosphor-mapper to phosphor-objmgr to match
the repository name, which allows simpler devtool invocations.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I5a64e2feddd1a7919813e007411f9c28b6c9a330
|
|
The close parenthesis was misplaced causing the first if statement to
always be skipped.
Tested: Built for 64-bit platform and inspected cr51-image-layout.json
Signed-off-by: Benjamin Fair <benjaminfair@google.com>
Change-Id: If3dacd917ae26908ef0d4c98866b58051176dea1
|
|
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I65febeeec11e6e5b40ee728f42cfbe77023dae1e
|
|
Move the update and image descriptor partitions to the end in images
targeting 64-bit machines since we may not have space in the current
location when the bootloader and kernel grow in size.
Tested: Built for 64-bit platform and inspected cr51-image-layout.json
Signed-off-by: Benjamin Fair <benjaminfair@google.com>
Change-Id: Ib66ebbb824319fd526a161bca9330b127f37fe6c
|
|
Any google image should able to support the RootOfTrust service
of BMCWeb. Adding the option will enable the feature of BMCWeb.
Signed-off-by: Hao Jiang <jianghao@google.com>
Change-Id: I13bf5f7ebef4ac907a02379a4b8c0cbaa87f3c51
|
|
Nikhil Namjoshi (2):
Fix the license comment format
Add ipmi OEM handler to get the BMC mode
Change-Id: I128898193033af562b43650b8cd10474af3fc530
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
The package "cracklib" is not needed. Ideally in the future we will
start using Google GLOME.
The "libpam" library depends on cracklib, so override the libpam
recipe also, so that it no longer depends on cracklib.
Tested: This has been tested locally on our local product, which uses
OpenBMC, and it appeared to work just fine for us.
Signed-off-by: Kasun Athukorala <kasunath@google.com>
Change-Id: I0d7714766a2e14151f00f6582abee78dee43614d
Signed-off-by: Josh Lehan <krellan@google.com>
|
|
glome-config only provides the config file for glome. It is more
appropriate to decouple them by adding glome-config to
OBMC_IMAGE_EXTRA_INSTALL in the meta-google layer. Then when glome is
migrated to another meta layer, it won't need this RDEPENDS.
(This is a follow-up of
https://gerrit.openbmc.org/c/openbmc/openbmc/+/56618/)
Also add glome-login to OBMC_IMAGE_EXTRA_INSTALL since it is also
needed.
Tested:
Built an image and run it on a real machine. Verified that glome is
enabled and the generated link gave a valid password.
Signed-off-by: Leo Tu <leotu@google.com>
Change-Id: I985670454f4749c5297261ec81466fed9cdc5c40
|
|
We have to use glome-config since the sample config is removed in
glome recipe. As a result, now glome depends on glome-config.
The platform also needs to overwrite these variables in their
bbappend files:
- glome-login.bb
* GLOME_FALLBACK_SERV
* GLOME_FALLBACK_OBJ
* GLOME_HOSTNAME_SUFFIX
* GLOME_BOARDSN_KEY
- glome-config.bb
* GLOME_PUBLIC_KEY
* GLOME_KEY_VERSION
* GLOME_URL_PREFIX
Tested:
1) `bitbake obmc-phosphor-image` build passes
2) inplace update the image on a real machine
3) connect to it
The glome is enabled and login is successful
Signed-off-by: Leo Tu <leotu@google.com>
Change-Id: I21a48cbdcfea67772f143b4fc115f717e6d7cbc5
|
|
We are blocking the old address internally to prevent large amounts of
DHCP spam from old builds. Increment this so new builds are not blocked.
Change-Id: Ib00e632faa9c79445a87c955ca62450379894923
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We can't do floating point math so just chop it off.
Change-Id: I7f78f05856d774236d6e9746b69b362b6468ca0a
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Upstream has changed the service name from `rngd.service` to
`rng-tools.service`. Change the name of the "nojitter" service
to match.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ie7cef3f0b9106db38e6a399494a85d7e5fc5e3eb
|
|
Remove service dependency so that serial will not be delayed by
network.target.
Signed-off-by: David Wang <davidwang@quantatw.com>
Change-Id: I6febe89373a5e1c845b998905305aafe25744380
|
|
Michael Shen (2):
all: cleanup, prefer "ipmid/api-types.hpp" type to "ipmid/api.h" type
accel: rename `accelOobGetDbus` to `getBus`
Willy Tu (1):
fix typo: Prase -> Parse
Yunyun Lin (1):
google-ipmi-sys: Move Warning to debug statement
Change-Id: Ic83bd456d4e4f1da6a7544fe9f98f17c85dac237
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
Patrick Williams (3):
sdbusplus: use shorter type aliases
OWNERS: fix syntax
MAINTAINERS: remove file
Change-Id: I840f81789852a998a1ced1ea0bd47c76ba96ea8c
Signed-off-by: Andrew Geissler <openbmcbump-github@yahoo.com>
|
|
We don't want to terminate just after 5 minutes, we want to make sure
the DHCP process has been idle for at least that long too.
Change-Id: I6311a6baf21c7bc10ece2d4994f225dbc8c06cc4
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We should complete the DHCP process even if we don't receive a bootfile
payload.
Change-Id: I77c45920fda2bcaa732b546f48c5d247c903268f
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This makes it possible to produce an error in the case that a hook sets
up state for something to trigger later.
Change-Id: Ied9f150153172213a98a73f6a556aa8fed87c75a
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
Re-read the spec and realized the bit being used was off by 1.
Change-Id: I02d0e747f5e47cfbf3a8c4f4b9e45d16a6f8c8b1
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This does not affect correctness but it matches the file priority of
gbmc-upgrade.
Change-Id: Ie19fc91c5292e1588fe7a46763172273f0724e23
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
We want to make sure this happens before any coalesced powercycle.
Change-Id: I12f161b4a69df49c4cf960badfba90d08737d7b9
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
libhoth is the google specific usb protocol implementation which is
required by hothd.
Signed-off-by: Hao Jiang <jianghao@google.com>
Change-Id: Ibe64304342681be390f717fcd62921d1cb1ffcb4
|
|
Copybara-Service (1):
Merge pull request #108 from l9i:l9i-fix-pylint
Markus Rudy (6):
Enforce some code standards when compiling C. (#110)
Merge pull request #112 from vvidic/ini-parser
Merge pull request #114 from vvidic/docker
Merge pull request #111 from vvidic/login-pam
Correctly free the message buffer in case of an snprintf error
Merge pull request #118 from vvidic/newline
Philipp Kern (10):
Merge pull request #106 from vvidic/cli-login
Merge pull request #113 from vvidic/addrinfo-free
Merge pull request #119 from vvidic/option-tests
Support compilation with both old and new pam_wrapper
Run the C compilation presubmit on Debian stable and testing
Merge pull request #123 from pkern/pamtest-fix
Merge pull request #124 from pkern/debian-presubmit
Merge pull request #128 from google/l9i/fakepassword
Merge pull request #129 from vvidic/getopt-long
Merge pull request #130 from vvidic/pam-options
Piotr Lewandowski (7):
pyglome: more consise exception messages
Fix the tag length check exception message
Use comma, not semicolon for intervals notation
pam_glome: support fake passwords from OpenSSH
Apply clang-format
Apply clang-format, Google style
Use an error message matching the rest of the file
Valentin Vidic (9):
Add login command to glome CLI (#91)
Free struct addrinfo allocated by getaddrinfo
Implement a simple INI parser for config files
Create a Docker container for testing glome-login and PAM module
Use the same auth function for PAM and login binary
Make tests optional using a global meson option
Fix handling of long authorization codes
Add support for long and config options
Sync PAM config options names with the rest of the code.
Change-Id: I07674f198f1a00ae7bff4feb99a01db940e7d7ad
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This is trivial to enable if desired, we mostly don't want a huge amount
of BIOS logspam to fill the journal and cause it to rotate out valuable
logs in normal situations.
Change-Id: I991e8f048e847ba081b69f755c48275b63d4af66
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
This makes the override idempotent and correct. Otherwise, running the
script multiple times would produce broken unit files.
Change-Id: I351c0becc5555020ce9531cae164fa56f502cfdc
Signed-off-by: William A. Kennington III <wak@google.com>
|
|
mkdir -p $work will fail if rwfs partition is full, and then it will
cause overlayfs mount fail as well. Finally it cause kernel panic and
bmc fails to boot:
rofs = mtd4 squashfs rwfs = mtd5 jffs2
[ 3.841846] jffs2: notice: (103) jffs2_build_xattr_subsystem: complete building xattr subsystem, 21 of xdatum (19 unchecked, 2 orphan) and 45 of xref (1 dead, 1 orphan) found.
mkdir: can't create directory 'run/initramfs/rw/work': No space left on device
[ 9.022304] overlayfs: failed to resolve 'run/initramfs/rw/work': -2
mount: mounting cow on /root failed: No such file or directory
chroot: can't execute '/bin/sh': No such file or directory
Unable to confirm /sbin/init is an executable non-empty file
in merged file system mounted at /root.
Change Root test failed!
Fatal error, triggering kernel panic!
[ 9.141777] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100
[ 9.142489] CPU: 0 PID: 1 Comm: init Not tainted 5.10.36-60b3c9d #1
[ 9.142667] Hardware name: Generic DT based system
[ 9.142949] Backtrace:
[ 9.144308] [<80915100>] (dump_backtrace) from [<809153a4>] (show_stack+0x20/0x24)
[ 9.144623] r7:80b08ed4 r6:60000093 r5:00000000 r4:80d71c9c
[ 9.144816] [<80915384>] (show_stack) from [<80919b54>] (dump_stack+0x9c/0xb0)
[ 9.144982] [<80919ab8>] (dump_stack) from [<80915824>] (panic+0x114/0x33c)
[ 9.145136] r7:80b08ed4 r6:80d0a970 r5:00000000 r4:80dbe378
[ 9.145271] [<80915710>] (panic) from [<80126c14>] (do_exit+0x99c/0xa0c)
[ 9.145426] r3:00000001 r2:00000000 r1:00000100 r0:80b08ed4
[ 9.145552] r7:ffffe000
[ 9.145632] [<80126278>] (do_exit) from [<80127cf0>] (do_group_exit+0x50/0xc8)
[ 9.145787] r7:000000f8
[ 9.145863] [<80127ca0>] (do_group_exit) from [<80127d88>] (__wake_up_parent+0x0/0x30)
[ 9.146034] r7:000000f8 r6:00000004 r5:00000004 r4:010fd190
[ 9.146185] [<80127d68>] (sys_exit_group) from [<80100060>] (ret_fast_syscall+0x0/0x54)
[ 9.146425] Exception stack(0x810c5fa8 to 0x810c5ff0)
[ 9.146745] 5fa0: 010fd190 00000004 00000001 00000000 00000001 010fd190
[ 9.147049] 5fc0: 010fd190 00000004 00000004 000000f8 00000000 00000000 004e4a84 00000000
[ 9.147295] 5fe0: 004e4b40 7ec93a04 00474048 76df4a54
[ 9.147959] CPU1: stopping
[ 9.148650] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.10.36-60b3c9d #1
[ 9.148957] Hardware name: Generic DT based system
[ 9.149264] Backtrace:
[ 9.150182] [<80915100>] (dump_backtrace) from [<809153a4>] (show_stack+0x20/0x24)
[ 9.150598] r7:00000001 r6:60070193 r5:00000000 r4:80d71c9c
[ 9.150878] [<80915384>] (show_stack) from [<80919b54>] (dump_stack+0x9c/0xb0)
[ 9.151149] [<80919ab8>] (dump_stack) from [<8010f1f4>] (do_handle_IPI+0x2f8/0x32c)
[ 9.151430] r7:00000001 r6:0d15a000 r5:00000001 r4:80dbe278
[ 9.151649] [<8010eefc>] (do_handle_IPI) from [<8010f250>] (ipi_handler+0x28/0x30)
[ 9.151925] r9:810f6000 r8:81080800 r7:00000001 r6:0d15a000 r5:81084b80 r4:00000014
[ 9.152205] [<8010f228>] (ipi_handler) from [<80184754>] (handle_percpu_devid_fasteoi_ipi+0x80/0x154)
[ 9.152536] [<801846d4>] (handle_percpu_devid_fasteoi_ipi) from [<8017dce4>] (__handle_domain_irq+0x8c/0xe0)
[ 9.152911] r7:00000001 r6:00000000 r5:00000000 r4:80c6fbdc
[ 9.153147] [<8017dc58>] (__handle_domain_irq) from [<80101348>] (gic_handle_irq+0x7c/0x90)
[ 9.153508] r9:810f6000 r8:8f80200c r7:80c6fbe8 r6:8f802000 r5:810f7f38 r4:80d0541c
[ 9.153819] [<801012cc>] (gic_handle_irq) from [<80100b0c>] (__irq_svc+0x6c/0x90)
[ 9.154168] Exception stack(0x810f7f38 to 0x810f7f80)
[ 9.154541] 7f20: 00000000 000195e0
[ 9.154993] 7f40: 8ddcb144 8011ba00 810f6000 00000001 80d04d10 80d04d4c 80d9dfdc 80b0b4f0
[ 9.155402] 7f60: 00000000 810f7f94 810f7f98 810f7f88 80108fd4 80108fd8 60070013 ffffffff
[ 9.155762] r9:810f6000 r8:80d9dfdc r7:810f7f6c r6:ffffffff r5:60070013 r4:80108fd8
[ 9.156070] [<80108f90>] (arch_cpu_idle) from [<80926c68>] (default_idle_call+0x38/0x108)
[ 9.156382] [<80926c30>] (default_idle_call) from [<80159894>] (do_idle+0xdc/0x148)
[ 9.156676] [<801597b8>] (do_idle) from [<80159bd0>] (cpu_startup_entry+0x28/0x2c)
[ 9.156974] r9:410fc075 r8:8000406a r7:80dbe280 r6:10c0387d r5:00000001 r4:00000091
[ 9.157275] [<80159ba8>] (cpu_startup_entry) from [<8010f7c0>] (secondary_start_kernel+0x15c/0x180)
[ 9.157614] [<8010f664>] (secondary_start_kernel) from [<8010182c>] (__enable_mmu+0x0/0x14)
[ 9.157919] r5:00000051 r4:810e006a
Fix this by not removing workdir directly, but keeping the directory
and removing all entires under it. We will still get below warning,
but it can boot to shell and provide ssh access to give a chance of
recovery.
[ 9.519053] overlayfs: failed to create directory run/initramfs/rw/work/work (errno: 28); mounting read-only
Also update related patch file in meta-google to avoid build failure.
Signed-off-by: Heyi Guo <guoheyi@linux.alibaba.com>
Change-Id: I69c640c70ee3e9d1133b7d61d391501616c229d6
|
|
We don't actually store the firmware at a top-level directory, we expect
it to be stored in a hierarchy of directories.
Change-Id: I04eebb166d34616b346b401d1201574939cab60c
Signed-off-by: William A. Kennington III <wak@google.com>
|