skiboot v5.10-rc2 was released on Friday February 9th 2018. It is the second release candidate of skiboot 5.10, which will become the new stable release of skiboot following the 5.9 release, first released October 31st 2017.

skiboot v5.10-rc2 contains all bug fixes as of skiboot-5.9.8 and skiboot-5.4.9 (the currently maintained stable releases). There may be more 5.9.x stable releases, it will depend on demand.

For how the skiboot stable releases work, see Skiboot stable tree rules and releases for details.

The current plan is to cut the final 5.10 in February, with skiboot 5.10 being for all POWER8 and POWER9 platforms in op-build v1.21. This release will be targeted to early POWER9 systems.

Over skiboot-5.10-rc1, we have the following changes:

  • hw/npu2: Implement logging HMI actions

  • opal-prd: Fix FTBFS with -Werror=format-overflow

    i2c.c fails to compile with gcc7 and -Werror=format-overflow used in Debian Unstable and Ubuntu 18.04 :

    i2c.c: In function ‘i2c_init’:
    i2c.c:211:15: error: ‘%s’ directive writing up to 255 bytes into a
    region of size 236 [-Werror=format-overflow=]
  • core/exception: beautify exception handler, add MCE-involved registers

    Print DSISR and DAR, to help with deciphering machine check exceptions, and improve the output a bit, decode NIP symbol, improve alignment, etc. Also print a specific header for machine check, because we do expect to see these if there is a hardware failure.


    [    0.005968779,3] ***********************************************
    [    0.005974102,3] Unexpected exception 200 !
    [    0.005978696,3] SRR0 : 000000003002ad80 SRR1 : 9000000000001000
    [    0.005985239,3] HSRR0: 00000000300027b4 HSRR1: 9000000030001000
    [    0.005991782,3] LR   : 000000003002ad80 CTR  : 0000000000000000
    [    0.005998130,3] CFAR : 00000000300b58bc
    [    0.006002769,3] CR   : 40000004  XER: 20000000
    [    0.006008069,3] GPR00: 000000003002ad80 GPR16: 0000000000000000
    [    0.006015170,3] GPR01: 0000000031c03bd0 GPR17: 0000000000000000


    [    0.003287941,3] ***********************************************
    [    0.003561769,3] Fatal MCE at 000000003002ad80   .nvram_init+0x24
    [    0.003579628,3] CFAR : 00000000300b5964
    [    0.003584268,3] SRR0 : 000000003002ad80 SRR1 : 9000000000001000
    [    0.003590812,3] HSRR0: 00000000300027b4 HSRR1: 9000000030001000
    [    0.003597355,3] DSISR: 00000000         DAR  : 0000000000000000
    [    0.003603480,3] LR   : 000000003002ad68 CTR  : 0000000030093d80
    [    0.003609930,3] CR   : 40000004         XER  : 20000000
    [    0.003615698,3] GPR00: 00000000300149e8 GPR16: 0000000000000000
    [    0.003622799,3] GPR01: 0000000031c03bc0 GPR17: 0000000000000000
  • core/init: manage MSR[ME] explicitly, always enable

    The current boot sequence inherits MSR[ME] from the IPL firmware, and never changes it. Some environments disable MSR[ME] (e.g., mambo), and others can enable it (hostboot).

    This has two problems. First, MSR[ME] must be disabled while in the process of taking over the interrupt vector from the previous environment. Second, after installing our machine check handler, MSR[ME] should be enabled to get some useful output rather than a checkstop.

  • fast-reboot: occ: Re-parse the pstate table during fast-reboot

    OCC shares the frequency list to host by copying the pstate table to main memory in HOMER. This table is parsed during boot to create device-tree properties for frequency and pstate IDs. OCC can update the pstate table to present a new set of frequencies to the host. But host will remain oblivious to these changes unless it is re-inited with the updated device-tree CPU frequency properties. So this patch allows to re-parse the pstate table and update the device-tree properties during fast-reboot.

    OCC updates the pstate table when asked to do so using pstate-table bias command. And this is mainly used by WOF team for characterization purposes.

  • fast-reboot: move pci_reset error handling into fast-reboot code

    pci_reset() currently does a platform reboot if it fails. It should not know about fast-reboot at this level, so instead have it return an error, and the fast reboot caller will do the platform reboot.

    The code essentially does the same thing, but flexibility is improved. Ideally the fast reboot code should perform pci_reset and all such fail-able operations before the CPU resets itself and destroys its own stack. That’s not the case now, but that should be the goal.

  • capi: Fix the max tlbi divider and the directory size.

    Switch to 512KB mode (directory size) as we don’t use bit 48 of the tag in addressing the array. This mode is controlled by the Snoop CAPI Configuration Register. Set the maximum of the number of data polls received before signaling TLBI hang detect timer expired. The value of ‘0000’ is equal to 16.

  • npu2/tce: Fix page size checking

    The page size is encoded in the TVT data [59:63] as @shift+11 but the tce_kill handler does not do the math right; this fixes it.

  • stb: Enforce secure boot if called before libstb initialized

  • stb: Correctly error out when no PCR for resource

  • core/init: move imc catalog preload init after the STB init.

    As a safer side move the imc catalog preload after the STB init to make sure the imc catalog resource get’s verified and measured properly during loading when both secure and trusted boot modes are on.

  • libstb: fix failure of calling trusted measure without STB initialization.

    When we load a flash resource during OPAL init, STB calls trusted measure to measure the given resource. There is a situation when a flash gets loaded before STB initialization then trusted measure cannot measure properly.

    So this patch fixes this issue by calling trusted measure only if the corresponding trusted init was done.

    The ideal fix is to make sure STB init done at the first place during init and then do the loading of flash resources, by that way STB can properly verify and measure the all resources.

  • libstb: fix failure of calling cvc verify without STB initialization.

    Currently in OPAL init time at various stages we are loading various PNOR partition containers from the flash device. When we load a flash resource STB calls the CVC verify and trusted measure(sha512) functions. So when we have a flash resource gets loaded before STB initialization, then cvc verify function fails to start the verify and enforce the boot.

    Below is one of the example failure where our VERSION partition gets loading early in the boot stage without STB initialization done.

    This is with secure mode off. STB: VERSION NOT VERIFIED, invalid param. buf=0x305ed930, len=4096 key-hash=0x0 hash-size=0

    In the same code path when secure mode is on, the boot process will abort.

    So this patch fixes this issue by calling cvc verify only if we have STB init was done.

    And also we need a permanent fix in init path to ensure STB init gets done at first place and then start loading all other flash resources.

  • libstb/tpm_chip: Add missing new line to print messages.

  • libstb: increase the log level of verify/measure messages to PR_NOTICE.

    Currently libstb logs the verify and hash caluculation messages in PR_INFO level. So when there is a secure boot enforcement happens in loading last flash resource(Ex: BOOTKERNEL), the previous verify and measure messages are not logged to console, which is not clear to the end user which resource is verified and measured. So this patch fixes this by increasing the log level to PR_NOTICE.