ipxe.git
7 days ago[efi] Compress EFI ROM images eficompress master
Michael Brown [Fri, 19 Feb 2021 19:58:04 +0000 (19:58 +0000)] 
[efi] Compress EFI ROM images

Use the reference implementation of the EFI compression algorithm
(taken from the EDK2 codebase, with minor bugfixes to allow
compilation with -Werror) to compress EFI ROM images.

Inspired-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
8 days ago[librm] Test for FXSAVE/FXRSTOR instruction support
Michael Brown [Thu, 18 Feb 2021 14:30:27 +0000 (14:30 +0000)] 
[librm] Test for FXSAVE/FXRSTOR instruction support

Assume that preservation of the %xmm registers is unnecessary during
installation of iPXE into memory, since this is an operation that by
its nature substantially disrupts large portions of the system anyway
(such as the E820 memory map).  This assumption allows us to utilise
the existing CPUID code to check that FXSAVE/FXRSTOR are supported.

Test for support during the call to init_librm and store the flag for
use during subsequent calls to virt_call.

Reduce the scope of TIVOLI_VMM_WORKAROUND to affecting only the call
to check_fxsr(), to reduce #ifdef pollution in the remaining code.

Debugged-by: Johannes Heimansberg <git@jhe.dedyn.io>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
8 days ago[librm] Add missing __asmcall on init_idt()
Michael Brown [Thu, 18 Feb 2021 14:51:28 +0000 (14:51 +0000)] 
[librm] Add missing __asmcall on init_idt()

The __asmcall declaration has no effect on a void function with no
parameters, but should be included for completeness since the function
is called directly from assembly code.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
8 days ago[prefix] Add a generic raw image prefix
Michael Brown [Thu, 18 Feb 2021 12:13:12 +0000 (12:13 +0000)] 
[prefix] Add a generic raw image prefix

Provide a generic raw image prefix, which assumes that the iPXE image
has been loaded in its entirety on a paragraph boundary.

The resulting .raw image can be loaded via RPL using an rpld.conf file
such as:

    HOST {
        ethernet = 00:00:00:00:00:00/6;
        FILE {
            path="ipxe.raw";
            load=0x2000;
        };
        execute=0x2000;
    };

Debugged-by: Johannes Heimansberg <git@jhe.dedyn.io>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
9 days ago[initrd] Allow for zero-length initrd files
Michael Brown [Thu, 18 Feb 2021 01:49:23 +0000 (01:49 +0000)] 
[initrd] Allow for zero-length initrd files

A zero-length initrd file will currently cause an endless loop during
reshuffling as the empty image is repeatedly swapped with itself.

Fix by terminating the inner loop before considering an image as a
candidate to be swapped with itself.

Reported-by: Pico Mitchell <pico@randomapplications.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
9 days ago[cloud] Do not enable serial console on EFI platforms
Michael Brown [Wed, 17 Feb 2021 22:37:56 +0000 (22:37 +0000)] 
[cloud] Do not enable serial console on EFI platforms

Most EFI firmware builds (including those found on ARM64 instances in
AWS EC2) will already send console output to the serial port.

Do not enable direct serial console output in EFI builds using
CONFIG=cloud.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
9 days ago[efi] Record cached DHCPACK from loaded image's device handle, if present cachedhcp
Michael Brown [Wed, 17 Feb 2021 18:11:43 +0000 (18:11 +0000)] 
[efi] Record cached DHCPACK from loaded image's device handle, if present

Record the cached DHCPACK obtained from the EFI_PXE_BASE_CODE_PROTOCOL
instance installed on the loaded image's device handle, if present.

This allows a chainloaded UEFI iPXE to reuse the IPv4 address and DHCP
options previously obtained by the built-in PXE stack, as is already
done for a chainloaded BIOS iPXE.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
9 days ago[efi] Defer autoboot link-layer address and autoexec script probing
Michael Brown [Wed, 17 Feb 2021 17:07:12 +0000 (17:07 +0000)] 
[efi] Defer autoboot link-layer address and autoexec script probing

The code to detect the autoboot link-layer address and to load the
autoexec script currently runs before the call to initialise() and so
has to function without a working heap.

This requirement can be relaxed by deferring this code to run via an
initialisation function.  This gives the code a normal runtime
environment, but still invokes it early enough to guarantee that the
original loaded image device handle has not yet been invalidated.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
9 days ago[efi] Split out autoexec script portions of efi_autoboot.c
Michael Brown [Wed, 17 Feb 2021 16:57:19 +0000 (16:57 +0000)] 
[efi] Split out autoexec script portions of efi_autoboot.c

The "autoboot device" and "autoexec script" functionalities in
efi_autoboot.c are unrelated except in that they both need to be
invoked by efiprefix.c before device drivers are loaded.

Split out the autoexec script portions to a separate file to avoid
potential confusion.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
9 days ago[pxe] Split out platform-independent portions of cachedhcp.c
Michael Brown [Wed, 17 Feb 2021 15:59:52 +0000 (15:59 +0000)] 
[pxe] Split out platform-independent portions of cachedhcp.c

Split out the portions of cachedhcp.c that can be shared between BIOS
and UEFI (both of which can provide a buffer containing a previously
obtained DHCP packet, and neither of which provide a means to
determine the length of this DHCP packet).

Signed-off-by: Michael Brown <mcb30@ipxe.org>
10 days ago[ath5k] Add missing AR5K_EEPROM_READ in ath5k_eeprom_read_turbo_modes
Bruce Rogers [Tue, 16 Feb 2021 18:29:41 +0000 (11:29 -0700)] 
[ath5k] Add missing AR5K_EEPROM_READ in ath5k_eeprom_read_turbo_modes

The GCC11 compiler pointed out something that apparently no previous
compiler noticed: in ath5k_eeprom_pread_turbo_modes, local variable
val is used uninitialized. From what I can see, the code is just
missing an initial AR5K_EEPROM_READ. Add it right before the switch
statement.

Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
10 days ago[cloud] Enable IPv6 and HTTPS in cloud boot images
Michael Brown [Tue, 16 Feb 2021 10:58:42 +0000 (10:58 +0000)] 
[cloud] Enable IPv6 and HTTPS in cloud boot images

Signed-off-by: Michael Brown <mcb30@ipxe.org>
11 days ago[cloud] Add utility for importing images to AWS EC2
Michael Brown [Tue, 16 Feb 2021 00:27:40 +0000 (00:27 +0000)] 
[cloud] Add utility for importing images to AWS EC2

Add a utility that can be used to upload an iPXE disk image to AWS EC2
as an Amazon Machine Image (AMI).  For example:

  make CONFIG=cloud EMBED=config/cloud/aws.ipxe bin/ipxe.usb

  ../contrib/cloud/aws-import -p -n "iPXE 1.21.1" bin/ipxe.usb

Uploads are performed in parallel across all regions, and use the EBS
direct APIs to avoid the need to store temporary files in S3 or to run
VM import tasks.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
11 days ago[build] Work around stray sections introduced by some binutils versions usbdisk
Michael Brown [Mon, 15 Feb 2021 09:54:03 +0000 (09:54 +0000)] 
[build] Work around stray sections introduced by some binutils versions

Some versions of GNU ld (observed with binutils 2.36 on Arch Linux)
introduce a .note.gnu.property section marked as loadable at a high
address and with non-empty contents.  This adds approximately 128MB of
garbage to the BIOS .usb disk images.

Fix by using a custom linker script for the prefix-only binaries such
as the USB disk partition table and MBR, in order to allow unwanted
sections to be explicitly discarded.

Reported-by: Christian Hesse <mail@eworm.de>
Tested-by: Christian Hesse <mail@eworm.de>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
13 days ago[cloud] Use PCIAPI_DIRECT for cloud images
Michael Brown [Sat, 13 Feb 2021 19:41:03 +0000 (19:41 +0000)] 
[cloud] Use PCIAPI_DIRECT for cloud images

The version of SeaBIOS found on some AWS EC2 instances (observed with
t3a.nano in eu-west-1) has no support for the INT 1A PCI BIOS calls.

Bring config/ioapi.h into the named-configuration set of headers, and
specify the use of PCIAPI_DIRECT for CONFIG=cloud, to work around the
missing PCI BIOS support.

Switching to a different named configuration will now unfortunately
cause an almost complete rebuild of iPXE.  As described in commit
c801cb2 ("[build] Allow for named configurations at build time"), this
is the reason why config/ioapi.h was not originally in the
named-configuration set of header files.

This rebuild cost is acceptable given that build times are
substantially faster now than seven years ago, and that very few
people are likely to be switching named configurations on a regular
basis.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
13 days ago[ena] Switch to two-phase reset mechanism
Michael Brown [Sat, 13 Feb 2021 18:55:39 +0000 (18:55 +0000)] 
[ena] Switch to two-phase reset mechanism

The Linux and FreeBSD drivers for the (totally undocumented) ENA
adapters use a two-phase reset mechanism: first set ENA_CTRL.RESET and
wait for this to be reflected in ENA_STAT.RESET, then clear
ENA_CTRL.RESET and again wait for it to be reflected in
ENA_STAT.RESET.

The iPXE driver currently assumes a self-clearing reset mechanism,
which appeared to work at the time that the driver was created but
seems no longer to function, at least on the t3.nano and t3a.nano
instance types found in eu-west-1.

Switch to a simplified version of the two-phase reset mechanism as
used by Linux and FreeBSD.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 weeks ago[build] Use .balign directive instead of .align
Michael Brown [Fri, 12 Feb 2021 23:22:54 +0000 (23:22 +0000)] 
[build] Use .balign directive instead of .align

The semantics of the assembler's .align directive vary by CPU
architecture.  For the ARM builds, it specifies a power of two rather
than a number of bytes.  This currently leads to the .einfo entries
(which do not appear in the final binary) having an alignment of 256
bytes for the ARM builds.

Fix by switching to the GNU-specific directive .balign, which is
consistent across architectures

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 weeks ago[build] Remove support for building with the Intel C compiler
Michael Brown [Fri, 12 Feb 2021 21:56:53 +0000 (21:56 +0000)] 
[build] Remove support for building with the Intel C compiler

Support for building with the Intel C compiler (icc) was added in 2009
in the expectation that UEFI support would eventually involve
compiling iPXE to EFI Byte Code.

EFI Byte Code has never found any widespread use: no widely available
compilers can emit it, Microsoft refuses to sign EFI Byte Code
binaries for UEFI Secure Boot, and I have personally never encountered
any examples of EFI Byte Code in the wild.

The support for using the Intel C compiler has not been tested in over
a decade, and would almost certainly require modification to work with
current releases of the compiler.

Simplify the build process by removing this old legacy code.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 weeks ago[build] Report detailed errors when unable to find a usable mkisofs
Michael Brown [Fri, 12 Feb 2021 12:13:18 +0000 (12:13 +0000)] 
[build] Report detailed errors when unable to find a usable mkisofs

As of commit 7c3d186 ("[build] Check that mkisofs equivalent supports
the required options"), we may refuse to use a mkisofs equivalent if
it does not support the options required to produce the requested
output file.

This can result in confusing error messages since the user is unaware
of the reason for which the installed mkisofs or genisoimage has been
rejected.

Fix by explicitly reporting the reason why each possible mkisofs
equivalent could not be used.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[ci] Disable redundant scheduled execution of Coverity Scan
Michael Brown [Fri, 5 Feb 2021 11:59:27 +0000 (11:59 +0000)] 
[ci] Disable redundant scheduled execution of Coverity Scan

The scheduled Coverity Scan run is triggered by an external mechanism
that synchronises the coverity_scan branch with the master branch.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[ci] Disable Travis CI
Michael Brown [Wed, 3 Feb 2021 16:08:10 +0000 (16:08 +0000)] 
[ci] Disable Travis CI

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[ci] Add GitHub action for Coverity Scan
Michael Brown [Thu, 4 Feb 2021 16:15:33 +0000 (16:15 +0000)] 
[ci] Add GitHub action for Coverity Scan

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[ci] Add GitHub action for build testing
Michael Brown [Wed, 3 Feb 2021 16:06:35 +0000 (16:06 +0000)] 
[ci] Add GitHub action for build testing

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[build] Work around distros that use -fcf-protection=full by default
Michael Brown [Thu, 4 Feb 2021 11:07:46 +0000 (11:07 +0000)] 
[build] Work around distros that use -fcf-protection=full by default

Some patched versions of gcc (observed with gcc 9.3.0 on Ubuntu 20.04)
enable -fcf-protection=full by default.  This breaks code that is not
explicitly written to expect the use of this flag.  The breakage
occurs only at runtime if the affected code (such as setjmp()) happens
to execute, and is therefore a particularly pernicious class of bug to
be introduced into working code by a broken compiler.

Work around these broken patched versions of gcc by detecting support
for -fcf-protection and explicitly setting -fcf-protection=none if
found.

If any Ubuntu maintainers are listening: PLEASE STOP DOING THIS.  It's
extremely unhelpful to have to keep working around breakages that you
introduce by modifying the compiler's default behaviour.  Do what Red
Hat does instead: set your preferred CFLAGS within the package build
system rather than by patching the compiler to behave in violation of
its own documentation.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[build] Work around -fPIE patched versions of gcc on all architectures
Michael Brown [Thu, 4 Feb 2021 02:05:28 +0000 (02:05 +0000)] 
[build] Work around -fPIE patched versions of gcc on all architectures

Several distributions include versions of gcc that are patched to
create position-independent executables by default.  These have caused
multiple problems over the years: see e.g. commits fe61f6d ("[build]
Fix compilation when gcc is patched to default to -fPIE -Wl,-pie"),
5de1346 ("[build] Apply the "-fno-PIE -nopie" workaround only to i386
builds"), 7c395b0 ("[build] Use -no-pie on newer versions of gcc"),
and decee20 ("[build] Disable position-independent code for ARM64 EFI
builds").

The build system currently attempts to work around these mildly broken
patched versions of gcc for the i386 and arm64 architectures.  This
misses the relatively obscure bin-x86_64-pcbios build platform, which
turns out to also require the same workaround.

Attempt to preempt the next such required workaround by moving the
existing i386 version to apply to all platforms and all architectures,
unless -fpie has been requested explicitly by another Makefile (as is
done by arch/x86_64/Makefile.efi).

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[build] Avoid spurious "make clean" when building for the first time
Michael Brown [Thu, 4 Feb 2021 02:45:45 +0000 (02:45 +0000)] 
[build] Avoid spurious "make clean" when building for the first time

The function trace recorder build logic defaults to making "clean" a
dependency of the first build in a clean checkout.  This is redundant
and causes problems if the build process spins up multiple make
invocations to handle multiple build architectures.

Fix by replacing with logic based on the known-working patterns used
for the ASSERT and PROFILE build parameters.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[efi] Fix erroneous comparison of a pointer against userptr_t
Michael Brown [Wed, 3 Feb 2021 16:00:06 +0000 (16:00 +0000)] 
[efi] Fix erroneous comparison of a pointer against userptr_t

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[contrib] Update bochsrc.txt to work with current versions 8d337ec
Michael Brown [Mon, 1 Feb 2021 23:57:37 +0000 (23:57 +0000)] 
[contrib] Update bochsrc.txt to work with current versions

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[hermon] Add support for ConnectX-3 based cards
Christian Iversen [Tue, 26 Jan 2021 23:08:18 +0000 (00:08 +0100)] 
[hermon] Add support for ConnectX-3 based cards

After a ton of tedious work, I am pleased to finally introduce full
support for ConnectX-3 cards in iPXE!

The work has been done by finding all publicly available versions of
the Mellanox Flexboot sources, cleaning them up, synthesizing a git
history from them, cleaning out non-significant changes, and
correlating with the iPXE upstream git history.

After this, a proof-of-concept diff was produced, that allowed iPXE to
be compiled with rudimentary ConnectX-3 support. This diff was over
10k lines, and contained many changes that were not part of the core
driver.

Special thanks to Michael Brown <mcb30@ipxe.org> for answering my
barrage of questions, and helping brainstorm the development along the
way.

Signed-off-by: Christian Iversen <ci@iversenit.dk>
3 weeks ago[autoboot] Avoid closing and immediately reopening network device
Michael Brown [Mon, 1 Feb 2021 23:32:34 +0000 (23:32 +0000)] 
[autoboot] Avoid closing and immediately reopening network device

Some network devices can take a substantial time to close and reopen.
Avoid closing the device from which we are about to attempt booting,
in case it happens to be already open.

Suggested-by: Christian Iversen <ci@iversenit.dk>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[hermon] Avoid parsing length field on completion errors
Michael Brown [Mon, 1 Feb 2021 23:06:04 +0000 (23:06 +0000)] 
[hermon] Avoid parsing length field on completion errors

The CQE length field will not be valid for a completion in error.
Avoid parsing the length field and just call the completion handler
directly.

In debug builds, also dump the queue pair context to allow for
inspection of the error.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[hermon] Make hermon_dump_xxx() functions no-ops on non-debug builds
Michael Brown [Mon, 1 Feb 2021 22:57:57 +0000 (22:57 +0000)] 
[hermon] Make hermon_dump_xxx() functions no-ops on non-debug builds

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[hermon] Minimise reset time
Michael Brown [Mon, 1 Feb 2021 22:25:52 +0000 (22:25 +0000)] 
[hermon] Minimise reset time

Check for reset completion by waiting for the device to respond to PCI
configuration cycles, as documented in the Programmer's Reference
Manual.  On the original ConnectX HCA, this reduces the time spent on
reset from 1000ms down to 1ms.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[hermon] Throttle debug output when sensing port type
Christian Iversen [Tue, 26 Jan 2021 23:06:37 +0000 (00:06 +0100)] 
[hermon] Throttle debug output when sensing port type

When auto-detecting the initial port type, the Hermon driver will spam
the debug output without hesitation.  Add a short delay in each
iteration to fix this.

Signed-off-by: Christian Iversen <ci@iversenit.dk>
3 weeks ago[hermon] Add a debug notice when initialization is complete
Christian Iversen [Tue, 26 Jan 2021 21:36:15 +0000 (22:36 +0100)] 
[hermon] Add a debug notice when initialization is complete

Signed-off-by: Christian Iversen <ci@iversenit.dk>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[hermon] Add support for port management event
Christian Iversen [Thu, 28 Jan 2021 20:29:57 +0000 (21:29 +0100)] 
[hermon] Add support for port management event

Inspired by Flexboot, the function hermon_event_port_mgmnt_change() is
added to handle the HERMON_EV_PORT_MGMNT_CHANGE event type, which
updates the Infiniband subsystem.

Signed-off-by: Christian Iversen <ci@iversenit.dk>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[hermon] Adjust Ethernet work queue size
Christian Iversen [Tue, 26 Jan 2021 23:03:01 +0000 (00:03 +0100)] 
[hermon] Adjust Ethernet work queue size

Hermon Ethernet work queues have more RX than TX entries, unlike most
other drivers.  This is possibly the source of some stochastic
deadlocks previously experienced with this driver.

Update the sizes to be in line with other drivers, and make them
slightly larger for better performance.  These new queue sizes have
been found to work well with ConnectX-3 hardware.

Signed-off-by: Christian Iversen <ci@iversenit.dk>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[hermon] Use reset value suitable for ConnectX-3
Michael Brown [Mon, 1 Feb 2021 01:53:15 +0000 (01:53 +0000)] 
[hermon] Use reset value suitable for ConnectX-3

The programming documentation states that the reset magic value is
"0x00000001 (Big Endian)", and the current code matches this by using
the value 0x01000000 for the implicitly little-endian writel().

Inspection of the FlexBoot source code reveals an exciting variety of
reset values, some suggestive of confusion around endianness.

Experimentation suggests that the value 0x01000001 works reliably
across a wide range of hardware.

Debugged-by: Christian Iversen <ci@iversenit.dk>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[hermon] Clean up whitespace in hermon.c
Christian Iversen [Tue, 26 Jan 2021 22:47:01 +0000 (23:47 +0100)] 
[hermon] Clean up whitespace in hermon.c

Signed-off-by: Christian Iversen <ci@iversenit.dk>
3 weeks ago[iscsi] Update link to iBFT reference manual
Christian Iversen [Mon, 1 Feb 2021 00:27:08 +0000 (01:27 +0100)] 
[iscsi] Update link to iBFT reference manual

Signed-off-by: Christian Iversen <ci@iversenit.dk>
3 weeks ago[hermon] Limit link poll frequency in DOWN state hermon_link_poll
Michael Brown [Sun, 31 Jan 2021 23:29:45 +0000 (23:29 +0000)] 
[hermon] Limit link poll frequency in DOWN state

Some older versions of the hardware (and/or firmware) do not report an
event when an Infiniband link reaches the INIT state.  The driver
works around this missing event by calling ib_smc_update() on each
event queue poll while the link is in the DOWN state.

Commit 6cb12ee ("[hermon] Increase polling rate for command
completions") addressed this by speeding up the time taken to issue
each command invoked by ib_smc_update().  Experimentation shows that
the impact is still significant: for example, in a situation where an
unplugged port is opened, the throughput on the other port can be
reduced by over 99%.

Fix by throttling the rate at which link polling is attempted.

Debugged-by: Christian Iversen <ci@iversenit.dk>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[build] Avoid using awk to format build ID as hexadecimal
Michael Brown [Sun, 31 Jan 2021 00:41:34 +0000 (00:41 +0000)] 
[build] Avoid using awk to format build ID as hexadecimal

The version of awk used in FreeBSD seems to be incapable of formatting
unsigned 32-bit integers above 0x80000000 and will silently render any
such value as 0x80000000.  For example:

  echo 3735928559 | awk '{printf "0x%08x", $1}'

will produce 0x80000000 instead of the correct 0xdeadbeef.

This results in an approximately 50% chance of a build ID collision
when building on FreeBSD.

Work around this problem by passing the decimal value directly in the
ld --defsym argument value.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[build] Avoid using sha1sum when calculating build ID
Michael Brown [Sun, 31 Jan 2021 00:30:10 +0000 (00:30 +0000)] 
[build] Avoid using sha1sum when calculating build ID

The sha1sum command may not be available on all systems.  Use the
POSIX-confirming cksum instead.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[build] Allow BIOS linker script to be used with FreeBSD linker
Michael Brown [Sat, 30 Jan 2021 11:48:47 +0000 (11:48 +0000)] 
[build] Allow BIOS linker script to be used with FreeBSD linker

Add a few more ABSOLUTE() expressions to convince the FreeBSD linker
that already-absolute symbols are, in fact, absolute.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[build] Check for broken elftoolchain version of objcopy
Michael Brown [Sat, 30 Jan 2021 01:56:16 +0000 (01:56 +0000)] 
[build] Check for broken elftoolchain version of objcopy

The elftoolchain version of objcopy (as used in FreeBSD) seems to be
unusable for generating a raw binary file, since it will apparently
ignore the load memory addresses specified for each section in the
input file.

The binutils version of objcopy may be used on FreeBSD by specifying

  OBJCOPY=/usr/local/bin/objcopy

Detect an attempt to use the unusable elftoolchain version of objcopy
and report it as an error.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[build] Avoid modifying load addresses when stripping .zinfo section
Michael Brown [Sat, 30 Jan 2021 01:35:27 +0000 (01:35 +0000)] 
[build] Avoid modifying load addresses when stripping .zinfo section

Some versions of objcopy will spuriously complain when asked to
extract the .zinfo section since doing so will nominally alter the
load addresses of the (non-loadable) .bss.* sections.

Avoid these warnings by placing the .zinfo section at the very end of
the load memory address space.

Allocate non-overlapping load memory addresses for the (non-loadable)
.bss.* sections, in the hope of avoiding spurious warnings about
overlapping load addresses.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[build] Replace random build ID with a deterministic one
Manuel Mendez [Thu, 28 Jan 2021 21:45:04 +0000 (16:45 -0500)] 
[build] Replace random build ID with a deterministic one

Calculate the build ID as a checksum over the input files.  Since the
input files include $(BIN)/version.%.o which itself includes the build
target name (from which TGT_LD_FLAGS is calculated), this should be
sufficient to meet the requirement that the build ID be unique for
each $(BIN)/%.tmp even within the same build run.

Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[build] Use $(shell ...) to invoke BUILD_ID_CMD
Manuel Mendez [Fri, 29 Jan 2021 14:23:54 +0000 (09:23 -0500)] 
[build] Use $(shell ...) to invoke BUILD_ID_CMD

When using $(shell), make will first invoke BUILD_ID_CMD and then have
the value defined when calling $(LD).  This means we get to see the
_build_id when building with make V=1.  Previously the build_id was
figured out as a subshell command run during the recipe execution
without being able to see the build_id itself.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[build] Use SOURCE_DATE_EPOCH if it exists
Manuel Mendez [Sat, 16 Jan 2021 02:29:27 +0000 (21:29 -0500)] 
[build] Use SOURCE_DATE_EPOCH if it exists

See https://reproducible-builds.org/docs/source-date-epoch/ for
rationale.

Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[build] Use recursive deletion for "make clean"
Michael Brown [Sat, 30 Jan 2021 17:37:09 +0000 (17:37 +0000)] 
[build] Use recursive deletion for "make clean"

Directories may be left behind by failed filesystem image builds, and
will not currently be successfully removed by a "make clean".

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 weeks ago[build] Avoid shell brace expansion in "make clean"
Michael Brown [Sat, 30 Jan 2021 17:34:49 +0000 (17:34 +0000)] 
[build] Avoid shell brace expansion in "make clean"

Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[build] Allow elf2efi.c to build on FreeBSD
Michael Brown [Sat, 30 Jan 2021 00:11:33 +0000 (00:11 +0000)] 
[build] Allow elf2efi.c to build on FreeBSD

The elf.h on FreeBSD defines ELF_R_TYPE and ELF_R_SYM (based on the
host platform) and omits some but not all of the AArch64 relocation
types.

Fix by undefining ELF_R_TYPE and ELF_R_SYM in favour of our own
definitions, and by placing each potentially missing relocation type
within an individual #ifdef guard.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[build] Ensure that isolinux.bin is modifiable
Michael Brown [Fri, 29 Jan 2021 23:55:36 +0000 (23:55 +0000)] 
[build] Ensure that isolinux.bin is modifiable

The -boot-info-table option to mkisofs will cause it to overwrite a
portion of the local copy of isolinux.bin.  Ensure that this file is
writable.

Originally-implemented-by: Nikolai Lifanov <lifanov@mail.lifanov.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[build] Add syslinux search locations used on FreeBSD
Michael Brown [Fri, 29 Jan 2021 23:51:49 +0000 (23:51 +0000)] 
[build] Add syslinux search locations used on FreeBSD

Originally-implemented-by: Nikolai Lifanov <lifanov@mail.lifanov.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[build] Drop timestamps from .a file determinism
Bernhard M. Wiedemann [Fri, 29 Jan 2021 12:41:42 +0000 (13:41 +0100)] 
[build] Drop timestamps from .a file

Make the contents of $(BLIB) deterministic to allow it to be
subsequently used for calculating a build ID.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[hermon] Perform clean MPT unmap on device shutdown
Christian Iversen [Tue, 26 Jan 2021 22:48:44 +0000 (23:48 +0100)] 
[hermon] Perform clean MPT unmap on device shutdown

This change is ported from Flexboot sources.  When stopping a Hermon
device, perform hermon_unmap_mpt() which runs HERMON_HCR_HW2SW_MPT to
bring the Memory Protection Table (MPT) back to software control.

Signed-off-by: Christian Iversen <ci@iversenit.dk>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[hermon] Use Ethernet MAC as eIPoIB local EMAC
Christian Iversen [Tue, 26 Jan 2021 21:56:42 +0000 (22:56 +0100)] 
[hermon] Use Ethernet MAC as eIPoIB local EMAC

The eIPoIB local Ethernet MAC is currently constructed from the port
GUID.  Given a base GUID/MAC value of N, Mellanox seems to populate:

  Node GUID:   N + 0
  Port 1 GUID: N + 1
  Port 2 GUID: N + 2

and

  Port 1 MAC:  N + 0
  Port 2 MAC:  N + 1

This causes a duplicate local MAC address when port 1 is configured as
Infiniband and port 2 as Ethernet, since both will derive their MAC
address as (N + 1).

Fix by using the port's Ethernet MAC as the eIPoIB local EMAC.  This
is a behavioural change that could potentially break configurations
that rely on the local EMAC value, such as a DHCP server relying on
the chaddr field for DHCP reservations.

Signed-off-by: Christian Iversen <ci@iversenit.dk>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[hermon] Increase polling rate for command completions
Christian Iversen [Tue, 26 Jan 2021 21:47:29 +0000 (22:47 +0100)] 
[hermon] Increase polling rate for command completions

Some older versions of the hardware (and/or firmware) do not report an
event when an Infiniband link reaches the INIT state.  The driver
works around this missing event by calling ib_smc_update() on each
event queue poll while the link is in the DOWN state.  This results in
a very large number of commands being issued while any open Infiniband
link is in the DOWN state (e.g. unplugged), to the point that the 1ms
delay from waiting for each command to complete will noticeably affect
responsiveness.

Fix by decreasing the command completion polling delay from 1ms to
10us.

Signed-off-by: Christian Iversen <ci@iversenit.dk>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[hermon] Add event queue debug functions
Michael Brown [Thu, 28 Jan 2021 22:01:43 +0000 (22:01 +0000)] 
[hermon] Add event queue debug functions

Add hermon_dump_eqctx() for dumping the event queue context and
hermon_dump_eqes() for dumping any unconsumed event queue entries.

Originally-implemented-by: Christian Iversen <ci@iversenit.dk>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[hermon] Increase command timeout from 2 to 10 seconds
Christian Iversen [Mon, 25 Jan 2021 12:32:04 +0000 (13:32 +0100)] 
[hermon] Increase command timeout from 2 to 10 seconds

Some commands (particularly in relation to device initialization) can
occasionally take longer than 2 seconds, and the Mellanox documentation
recommends a 10 second timeout.

Signed-off-by: Christian Iversen <ci@iversenit.dk>
4 weeks ago[hermon] Add assorted debug error messages
Michael Brown [Thu, 28 Jan 2021 20:52:36 +0000 (20:52 +0000)] 
[hermon] Add assorted debug error messages

Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[hermon] Show "issuing command" messages only at DBGLVL_EXTRA
Michael Brown [Thu, 28 Jan 2021 17:29:36 +0000 (17:29 +0000)] 
[hermon] Show "issuing command" messages only at DBGLVL_EXTRA

Originally-implemented-by: Christian Iversen <ci@iversenit.dk>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[hermon] Reorganize PCI ROM list and document well-known product names
Christian Iversen [Sat, 23 Jan 2021 12:26:24 +0000 (13:26 +0100)] 
[hermon] Reorganize PCI ROM list and document well-known product names

Signed-off-by: Christian Iversen <ci@iversenit.dk>
4 weeks ago[golan] Backport typo fix in nodnic_prm.h: s/HERMON/NODNIC/
Christian Iversen [Mon, 4 May 2020 19:45:29 +0000 (21:45 +0200)] 
[golan] Backport typo fix in nodnic_prm.h: s/HERMON/NODNIC/

Signed-off-by: Christian Iversen <ci@iversenit.dk>
4 weeks ago[arbel] Clean up whitespace in MT25218_PRM.h header
Christian Iversen [Mon, 4 May 2020 14:15:13 +0000 (16:15 +0200)] 
[arbel] Clean up whitespace in MT25218_PRM.h header

Signed-off-by: Christian Iversen <ci@iversenit.dk>
4 weeks ago[hermon] Clean up whitespace in MT25408_PRM.h header
Christian Iversen [Mon, 4 May 2020 13:45:11 +0000 (15:45 +0200)] 
[hermon] Clean up whitespace in MT25408_PRM.h header

Signed-off-by: Christian Iversen <ci@iversenit.dk>
4 weeks ago[efi] Use EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL if available
Michael Brown [Tue, 26 Jan 2021 20:46:57 +0000 (20:46 +0000)] 
[efi] Use EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL if available

The original EFI_SIMPLE_TEXT_INPUT_PROTOCOL is not technically
required to handle the use of the Ctrl key, and the long-obsolete EFI
1.10 specification lists only backspace, tab, linefeed, and carriage
return as required.  Some particularly brain-dead vendor UEFI firmware
implementations dutifully put in the extra effort of ensuring that all
other control characters (such as Ctrl-C) are impossible to type via
EFI_SIMPLE_TEXT_INPUT_PROTOCOL.

Current versions of the UEFI specification mandate that the console
input handle must support both EFI_SIMPLE_TEXT_INPUT_PROTOCOL and
EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL, the latter of which at least
provides access to modifier key state.

Unlike EFI_SIMPLE_TEXT_INPUT_PROTOCOL, the pointer to the
EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL instance does not appear within the
EFI system table and must therefore be opened explicitly.  The UEFI
specification provides no safe way to do so, since we cannot open the
handle BY_DRIVER or BY_CHILD_CONTROLLER and so nothing guarantees that
this pointer will remain valid for the lifetime of iPXE.  We must
simply hope that no UEFI firmware implementation ever discovers a
motivation for reinstalling the EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL
instance.

Use EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL if available, falling back to
the existing EFI_SIMPLE_TEXT_PROTOCOL otherwise.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[image] Implicitly trust first embedded image
Joe Groocock [Thu, 19 Dec 2019 13:08:50 +0000 (13:08 +0000)] 
[image] Implicitly trust first embedded image

iPXE when used as a NIC option ROM can sometimes be reloaded by the
UEFI/BIOS and any pre-initialised memory will remain loaded. When the
imgtrust command is run it sets `require_trusted_images'. Upon
reloading, iPXE tries to load the first embedded image but fails as it
is not marked trusted.

Setting this flag ensures that imgtrust with the first embedded script
is reentrant.

Signed-off-by: Joe Groocock <jgroocock@cloudflare.com>
4 weeks ago[infiniband] Require drivers to specify the number of ports
Christian Iversen [Tue, 26 Jan 2021 23:43:51 +0000 (00:43 +0100)] 
[infiniband] Require drivers to specify the number of ports

Require drivers to report the total number of Infiniband ports.  This
is necessary to report the correct number of ports on devices with
dynamic port types.

For example, dual-port Mellanox cards configured for (eth, ib) would
be rejected by the subnet manager, because they report using "port 2,
out of 1".

Signed-off-by: Christian Iversen <ci@iversenit.dk>
4 weeks ago[efi] Fix misleading debug message
Michael Brown [Tue, 26 Jan 2021 22:25:18 +0000 (22:25 +0000)] 
[efi] Fix misleading debug message

Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[ifmgmt] Make "ifstat" show the link-layer protocol for each netdev
Christian Iversen [Tue, 26 Jan 2021 20:46:33 +0000 (21:46 +0100)] 
[ifmgmt] Make "ifstat" show the link-layer protocol for each netdev

This is useful on devices that perform auto-detection for ports.
Example output:

    iPXE> ifstat
    net0: 00:11:22:33:44:55 using mt4099 on 0000:00:03.0 (Ethernet) [open]
      [Link:down, TX:0 TXE:0 RX:0 RXE:0]
      [Link status: Unknown (http://ipxe.org/1a086101)]
    net1: 00:11:22:33:44:56 using mt4099 on 0000:00:03.0 (IPoIB) [open]
      [Link:down, TX:0 TXE:0 RX:0 RXE:0]
      [Link status: Initialising (http://ipxe.org/1a136101)]

Signed-off-by: Christian Iversen <ci@iversenit.dk>
4 weeks ago[cmdline] Expose "iflinkwait" as a command
Michael Brown [Tue, 26 Jan 2021 15:44:59 +0000 (15:44 +0000)] 
[cmdline] Expose "iflinkwait" as a command

Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[efi] Fix use of uninitialised variable
Michael Brown [Tue, 26 Jan 2021 11:30:50 +0000 (11:30 +0000)] 
[efi] Fix use of uninitialised variable

Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[efi] Automatically load "/autoexec.ipxe" when booted from a filesystem
Michael Brown [Mon, 25 Jan 2021 16:34:22 +0000 (16:34 +0000)] 
[efi] Automatically load "/autoexec.ipxe" when booted from a filesystem

When booting iPXE from a filesystem (e.g. a FAT-formatted USB key) it
can be useful to have an iPXE script loaded automatically from the
same filesystem.  Compared to using an embedded script, this has the
advantage that the script can be edited without recompiling the iPXE
binary.

For the BIOS version of iPXE, loading from a filesystem is handled
using syslinux (or isolinux) which allows the script to be passed to
the iPXE .lkrn image as an initrd.

For the UEFI version of iPXE, the platform firmware loads the iPXE
.efi image directly and there is currently no equivalent of the BIOS
initrd mechanism.

Add support for automatically loading a file "autoexec.ipxe" (if
present) from the root of the filesystem containing the UEFI iPXE
binary.

A combined BIOS and UEFI image for a USB key can be created using e.g.

  ./util/genfsimg -o usbkey.img -s myscript.ipxe \
      bin-x86_64-efi/ipxe.efi bin/ipxe.lkrn

The file "myscript.ipxe" would appear as "autoexec.ipxe" on the USB
key, and would be loaded automatically on both BIOS and UEFI systems.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[image] Provide image_memory()
Michael Brown [Mon, 25 Jan 2021 16:18:28 +0000 (16:18 +0000)] 
[image] Provide image_memory()

Consolidate the remaining logic common to initrd_init() and imgmem()
into a shared image_memory() function.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[travis] Update to current default build environment
Michael Brown [Sun, 24 Jan 2021 12:39:46 +0000 (12:39 +0000)] 
[travis] Update to current default build environment

Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[build] Report a meaningful error message if isolinux.bin is missing
Michael Brown [Sun, 24 Jan 2021 12:31:48 +0000 (12:31 +0000)] 
[build] Report a meaningful error message if isolinux.bin is missing

Signed-off-by: Michael Brown <mcb30@ipxe.org>
4 weeks ago[build] Check that mkisofs equivalent supports the required options
Michael Brown [Sun, 24 Jan 2021 12:15:20 +0000 (12:15 +0000)] 
[build] Check that mkisofs equivalent supports the required options

The "-e" option required for creating EFI boot images is supported
only by widely used patched versions of genisoimage.

Check that the required options are supported when selecting a mkisofs
equivalent, thereby allowing a fallback to the use of xorrisofs when
building a UEFI ISO image on a system with an unpatched version of
genisoimage.

Continue to prefer the use of genisoimage over xorrisofs, since there
is apparently no way to inhibit the irritatingly useless startup
banner message printed by xorrisofs even when the "-quiet" option is
specified.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[tftp] Allow for profiling of client and server turnaround times
Michael Brown [Fri, 22 Jan 2021 21:05:07 +0000 (21:05 +0000)] 
[tftp] Allow for profiling of client and server turnaround times

Provide some visibility into the turnaround times on both client and
server sides as perceived by iPXE, to assist in debugging inexplicably
slow TFTP transfers.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[image] Add the "imgmem" command
Michael Brown [Wed, 20 Jan 2021 18:08:04 +0000 (18:08 +0000)] 
[image] Add the "imgmem" command

Provide the "imgmem" command to create an image from an existing block
of memory, for debugging purposes only.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[image] Provide image_set_data()
Michael Brown [Wed, 20 Jan 2021 18:03:16 +0000 (18:03 +0000)] 
[image] Provide image_set_data()

Extract part of the logic in initrd_init() to a standalone function
image_set_data().

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[build] Allow an initrd script to be provided via genfsimg
Michael Brown [Fri, 22 Jan 2021 18:33:51 +0000 (18:33 +0000)] 
[build] Allow an initrd script to be provided via genfsimg

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[build] Fail gracefully when no input files are given to genfsimg
Michael Brown [Fri, 22 Jan 2021 18:29:01 +0000 (18:29 +0000)] 
[build] Fail gracefully when no input files are given to genfsimg

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[build] Use explicit disk geometry for generated FAT filesystem images
Michael Brown [Fri, 22 Jan 2021 12:22:11 +0000 (12:22 +0000)] 
[build] Use explicit disk geometry for generated FAT filesystem images

For FAT filesystem images larger than a 1.44MB floppy disk, round up
the image size to a whole number of 504kB cylinders before formatting.
This avoids losing up to a cylinder's worth of expected space in the
filesystem image.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[build] Fix genfsimg incompatibility with dash shell
Michael Brown [Fri, 22 Jan 2021 09:52:57 +0000 (09:52 +0000)] 
[build] Fix genfsimg incompatibility with dash shell

Reported-by: Antony Messerli <antony@mes.ser.li>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[build] Set volume name "iPXE" on FAT filesystem images
Michael Brown [Thu, 21 Jan 2021 21:23:06 +0000 (21:23 +0000)] 
[build] Set volume name "iPXE" on FAT filesystem images

Allow generated filesystem images to be accessed using the file:// URI
syntax by setting a defined volume name.  This allows a script placed
on the same filesystem image to be accessed using e.g.

  chain file://iPXE/script.ipxe

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[build] Allow genfsimg to be used on third party UEFI binaries
Michael Brown [Tue, 19 Jan 2021 23:47:44 +0000 (23:47 +0000)] 
[build] Allow genfsimg to be used on third party UEFI binaries

Extract the PE header offset from the MZ header rather than assuming a
fixed offset as used in the binaries created by the iPXE build system.

This allows genfsimg to be used to create bootable filesystem images
from third party UEFI binaries such as the UEFI shell.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[ipv6] Defer router discovery timeout while link is blocked
Michael Brown [Tue, 19 Jan 2021 14:15:56 +0000 (14:15 +0000)] 
[ipv6] Defer router discovery timeout while link is blocked

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[dhcp] Allow for links that remained blocked for up to three minutes
Michael Brown [Tue, 19 Jan 2021 12:54:50 +0000 (12:54 +0000)] 
[dhcp] Allow for links that remained blocked for up to three minutes

With the default timeouts for Cisco MAC Authentication Bypass, the
link will remain blocked for around 90 seconds (plus a likely
subsequent delay for STP).

Extend the maximum number of DHCP discovery deferrals to allow for up
to three minutes of waiting for a link to become unblocked.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[eap] Treat an EAP Request-Identity as indicating a blocked link
Michael Brown [Tue, 19 Jan 2021 12:37:50 +0000 (12:37 +0000)] 
[eap] Treat an EAP Request-Identity as indicating a blocked link

A switch port using 802.1x authentication will send EAP
Request-Identity packets once the physical link is up, and will not be
forwarding packets until the port identity has been established.

We do not currently support 802.1x authentication.  However, a
reasonably common configuration involves using a preset list of
permitted MAC addresses, with the "authentication" taking place
between the switch and a RADIUS server.  In this configuration, the
end device does not need to perform any authentication step, but does
need to be prepared for the switch port to fail to forward packets for
a substantial time after physical link-up.  This exactly matches the
"blocked link" semantics already used when detecting a non-forwarding
switch port via LACP or STP.

Treat a received EAP Request-Identity as indicating a blocked link.
Unlike LACP or STP, there is no way to determine the expected time
until the next EAP packet and so we must choose a fixed timeout.

Erroneously assuming that the link is blocked is relatively harmless
since we will still attempt to transmit and receive data even over a
link that is marked as blocked, and so the net effect is merely to
prolong DHCP attempts.  In contrast, erroneously assuming that the
link is unblocked will potentially cause DHCP to time out and give up,
resulting in a failed boot.

The default EAP Request-Identity interval in Cisco switches (where
this is most likely to be encountered in practice) is 30 seconds, so
choose 45 seconds as a timeout that is likely to avoid gaps during
which we falsely assume that the link is unblocked.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[eapol] Replace EAPoL code
Michael Brown [Tue, 19 Jan 2021 12:34:10 +0000 (12:34 +0000)] 
[eapol] Replace EAPoL code

Replace the GPL2+-only EAPoL code (currently used only for WPA) with
new code licensed under GPL2+-or-UBDL.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[dhcp] Continue transmitting DHCPDISCOVER while link is blocked
Michael Brown [Tue, 19 Jan 2021 12:21:28 +0000 (12:21 +0000)] 
[dhcp] Continue transmitting DHCPDISCOVER while link is blocked

Continue to transmit DHCPDISCOVER while waiting for a blocked link, in
order to support mechanisms such as Cisco MAC Authentication Bypass
that require repeated transmission attempts in order to trigger the
action that will result in the link becoming unblocked.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
5 weeks ago[build] Include xorrisofs as a viable mkisofs equivalent
Omgalof [Sat, 16 Jan 2021 12:59:23 +0000 (09:59 -0300)] 
[build] Include xorrisofs as a viable mkisofs equivalent

Add support for xorrisofs, a GNU mkisofs equivalent that is available
in most distro repositories.

Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
6 weeks ago[build] Inhibit spurious array bounds warning on some versions of gcc
Michael Brown [Fri, 15 Jan 2021 20:54:27 +0000 (20:54 +0000)] 
[build] Inhibit spurious array bounds warning on some versions of gcc

Some versions of gcc (observed with gcc 9.3.0 on NixOS Linux) produce
a spurious warning about an out-of-bounds array access for the
isa_extra_probe_addrs[] array.

Work around this compiler bug by redefining the array index as a
signed long, which seems to somehow avoid this spurious warning.

Debugged-by: Manuel Mendez <mmendez534@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
6 weeks ago[isa] Add missing #include <config/isa.h>
Manuel Mendez [Wed, 13 Jan 2021 20:58:59 +0000 (15:58 -0500)] 
[isa] Add missing #include <config/isa.h>

Signed-off-by: Manuel Mendez <mmendez534@gmail.com>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
6 weeks ago[build] Create util/genfsimg for building filesystem-based images
Michael Brown [Wed, 13 Jan 2021 11:50:26 +0000 (11:50 +0000)] 
[build] Create util/genfsimg for building filesystem-based images

Generalise util/geniso, util/gensdsk, and util/genefidsk to create a
single script util/genfsimg that can be used to build either FAT
filesystem images or ISO images.

Extend the functionality to allow for building multi-architecture UEFI
bootable ISO images and combined BIOS+UEFI images.

For example:

  ./util/genfsimg -o combined.iso \
      bin-x86_64-efi/ipxe.efi \
      bin-arm64-efi/ipxe.efi \
      bin/ipxe.lkrn

would generate a hybrid image that could be used as a CDROM (or hard
disk or USB key) on legacy BIOS, x86_64 UEFI, or ARM64 UEFI.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
7 weeks ago[xhci] Avoid false positive Coverity warning
Michael Brown [Mon, 4 Jan 2021 09:37:59 +0000 (09:37 +0000)] 
[xhci] Avoid false positive Coverity warning

Signed-off-by: Michael Brown <mcb30@ipxe.org>
7 weeks ago[efi] Leave asynchronous USB endpoints open until device is removed
Michael Brown [Sun, 3 Jan 2021 19:12:41 +0000 (19:12 +0000)] 
[efi] Leave asynchronous USB endpoints open until device is removed

Some UEFI device drivers will react to an asynchronous USB transfer
failure by dubiously terminating the scheduled transfer from within
the completion handler.

We already have code from commit fbb776f ("[efi] Leave USB endpoint
descriptors in existence until device is removed") that avoids freeing
memory in this situation, in order to avoid use-after-free bugs.  This
is not sufficient to avoid potential problems, since with an xHCI
controller the act of closing the endpoint requires issuing a command
and awaiting completion via the event ring, which may in turn dispatch
further USB transfer completion events.

Avoid these problems by leaving the USB endpoint open (but with the
refill timer stopped) until the device is finally removed, as is
already done for control and bulk transfers.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
7 weeks ago[xhci] Show meaningful error messages after command failures
Michael Brown [Sun, 3 Jan 2021 19:10:30 +0000 (19:10 +0000)] 
[xhci] Show meaningful error messages after command failures

Ensure that any command failure messages are followed up with an error
message indicating what the failed command was attempting to perform.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
7 weeks ago[xhci] Fail attempts to issue concurrent commands
Michael Brown [Sun, 3 Jan 2021 19:08:49 +0000 (19:08 +0000)] 
[xhci] Fail attempts to issue concurrent commands

The xHCI driver can handle only a single command TRB in progress at
any one time.  Immediately fail any attempts to issue concurrent
commands (which should not occur in normal operation).

Signed-off-by: Michael Brown <mcb30@ipxe.org>