ipxe.git
2 years ago[mucurses] Attempt to fix resource leaks
Michael Brown [Tue, 21 Mar 2017 12:46:19 +0000 (14:46 +0200)] 
[mucurses] Attempt to fix resource leaks

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[mucurses] Attempt to fix keypress processing logic
Michael Brown [Tue, 21 Mar 2017 12:42:02 +0000 (14:42 +0200)] 
[mucurses] Attempt to fix keypress processing logic

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[mucurses] Attempt to fix test for empty string
Michael Brown [Tue, 21 Mar 2017 12:37:53 +0000 (14:37 +0200)] 
[mucurses] Attempt to fix test for empty string

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[usb] Use correct length for memcpy()
Michael Brown [Tue, 21 Mar 2017 12:21:54 +0000 (14:21 +0200)] 
[usb] Use correct length for memcpy()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[librm] Fail gracefully if asked to ioremap() a zero length
Michael Brown [Tue, 21 Mar 2017 12:17:18 +0000 (14:17 +0200)] 
[librm] Fail gracefully if asked to ioremap() a zero length

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[crypto] Free correct pointer on the error path
Michael Brown [Tue, 21 Mar 2017 12:07:07 +0000 (14:07 +0200)] 
[crypto] Free correct pointer on the error path

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[802.11] Remove redundant NULL pointer check after dereference
Michael Brown [Tue, 21 Mar 2017 12:01:08 +0000 (14:01 +0200)] 
[802.11] Remove redundant NULL pointer check after dereference

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[sis900] Remove extraneous memset() with incorrect length
Michael Brown [Tue, 21 Mar 2017 11:55:04 +0000 (13:55 +0200)] 
[sis900] Remove extraneous memset() with incorrect length

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[qib7322] Use correct length for memset()
Michael Brown [Tue, 21 Mar 2017 11:51:56 +0000 (13:51 +0200)] 
[qib7322] Use correct length for memset()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[linda] Use correct length for memset()
Michael Brown [Tue, 21 Mar 2017 11:50:51 +0000 (13:50 +0200)] 
[linda] Use correct length for memset()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[nfs] Fix double free bug on error path
Michael Brown [Tue, 21 Mar 2017 11:45:17 +0000 (13:45 +0200)] 
[nfs] Fix double free bug on error path

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[xfer] Ensure va_end() is called on failure path
Michael Brown [Tue, 21 Mar 2017 11:38:39 +0000 (13:38 +0200)] 
[xfer] Ensure va_end() is called on failure path

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[arbel] Avoid potential integer overflow when calculating memory mappings
Michael Brown [Tue, 21 Mar 2017 09:46:17 +0000 (11:46 +0200)] 
[arbel] Avoid potential integer overflow when calculating memory mappings

When the area to be mapped straddles the 2GB boundary, the expression
(high+size) will overflow on the first loop iteration.  Fix by using
(end-size), which cannot underflow.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[hermon] Avoid potential integer overflow when calculating memory mappings
Michael Brown [Tue, 21 Mar 2017 09:46:17 +0000 (11:46 +0200)] 
[hermon] Avoid potential integer overflow when calculating memory mappings

When the area to be mapped straddles the 2GB boundary, the expression
(high+size) will overflow on the first loop iteration.  Fix by using
(end-size), which cannot underflow.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[dhcp] Allow vendor class to be changed in DHCP requests
Michael Brown [Mon, 20 Mar 2017 11:58:59 +0000 (13:58 +0200)] 
[dhcp] Allow vendor class to be changed in DHCP requests

Allow the DHCPv4 vendor class to be specified via the "vendor-class"
setting.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[undi] Move PXE API caller back into UNDI driver
Michael Brown [Sun, 19 Mar 2017 15:57:24 +0000 (15:57 +0000)] 
[undi] Move PXE API caller back into UNDI driver

As of commit 10d19bd ("[pxe] Always retrieve cached DHCPACK and apply
to relevant network device"), the UNDI driver has been the only user
of pxeparent_call().  Remove the unnecessary layer of abstraction by
refactoring this code back into undinet.c, and fix the ability of
undiisr.S to fall back to chaining to the original handler if we were
unable to unhook our own ISR.

This effectively reverts commit 337e1ed ("[pxe] Separate parent PXE
API caller from UNDINET driver").

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[efi] Skip cable detection at initialisation where possible
Michael Brown [Sun, 19 Mar 2017 13:22:33 +0000 (13:22 +0000)] 
[efi] Skip cable detection at initialisation where possible

We currently request cable detection in PXE_OPCODE_INITIALIZE to work
around buggy Emulex drivers (see commit c0b61ba ("[efi] Work around
bugs in Emulex NII driver")).

This causes problems with some other NII drivers (e.g. Mellanox),
which may time out if the underlying link is intrinsically slow to
come up.

Attempt to work around both problems simultaneously by requesting
cable detection only if the underlying NII driver does not support
link status reporting via PXE_OPCODE_GET_STATUS.  (This is based on a
potentially incorrect assumption that the buggy Emulex drivers do not
claim to report link status via PXE_OPCODE_GET_STATUS.)

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[efi] Provide ACPI table description for SAN devices
Michael Brown [Mon, 13 Mar 2017 12:18:46 +0000 (12:18 +0000)] 
[efi] Provide ACPI table description for SAN devices

Provide a basic proof of concept ACPI table description (e.g. iBFT for
iSCSI) for SAN devices in a UEFI environment, using a control flow
that is functionally identical to that used in a BIOS environment.

Originally-implemented-by: Vishvananda Ishaya Abrams <vish.ishaya@oracle.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[efi] Add EFI_ACPI_TABLE_PROTOCOL header and GUID definition
Michael Brown [Fri, 10 Mar 2017 21:51:59 +0000 (21:51 +0000)] 
[efi] Add EFI_ACPI_TABLE_PROTOCOL header and GUID definition

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[efi] Update to current EDK2 headers
Michael Brown [Fri, 10 Mar 2017 21:18:03 +0000 (21:18 +0000)] 
[efi] Update to current EDK2 headers

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[build] Provide common ARRAY_SIZE() definition
Michael Brown [Fri, 10 Mar 2017 15:40:17 +0000 (15:40 +0000)] 
[build] Provide common ARRAY_SIZE() definition

Several files define the ARRAY_SIZE() macro as used in Linux.  Provide
a common definition for this in include/compiler.h.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[iscsi] Don't close when receiving NOP-In
Vishvananda Ishaya Abrams [Thu, 9 Mar 2017 14:23:22 +0000 (14:23 +0000)] 
[iscsi] Don't close when receiving NOP-In

Some iSCSI targets send NOP-In.  Rather than closing the connection
when we receive one, it is more user friendly to log a debug message
and keep the connection open.  Eventually, it would be nice if iPXE
supported replying to NOP-Ins, but we might as well keep the
connection open until the target disconnects us.

Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[intel] Reset all virtual function settings
Vishvananda Ishaya [Thu, 9 Mar 2017 13:54:13 +0000 (13:54 +0000)] 
[intel] Reset all virtual function settings

Some VF data is not cleared with reset, so make sure to return all the
settings to default before configuring the VF.

This fixes an issue where network packets would fail to be received if
the VF was previously used by the linux ixgbevf driver.

Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[scsi] Avoid duplicate calls to scsicmd_close()
Michael Brown [Thu, 9 Mar 2017 12:45:45 +0000 (12:45 +0000)] 
[scsi] Avoid duplicate calls to scsicmd_close()

When a SCSI device is closed in error, the shutdown of the device's
block data interface will probably lead to any outstanding commands
being closed (by whichever object is currently connected to the block
data interface).  However, commands remain in the list of outstanding
commands until the final reference is dropped.  The result is that
scsidev_close() will make a second call to scsicmd_close() for each
command.  This is harmless, but produces confusing debug messages.

Fix by treating the outstanding command list as holding an explicit
reference to each command, and removing the command from the list of
outstanding commands in scsicmd_close().

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[block] Use intfs_shutdown() when shutting down multiple interfaces
Michael Brown [Thu, 9 Mar 2017 12:16:56 +0000 (12:16 +0000)] 
[block] Use intfs_shutdown() when shutting down multiple interfaces

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[scsi] Use intfs_shutdown() when shutting down multiple interfaces
Michael Brown [Thu, 9 Mar 2017 12:16:35 +0000 (12:16 +0000)] 
[scsi] Use intfs_shutdown() when shutting down multiple interfaces

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[iscsi] Use intfs_shutdown() when shutting down multiple interfaces
Michael Brown [Thu, 9 Mar 2017 12:16:15 +0000 (12:16 +0000)] 
[iscsi] Use intfs_shutdown() when shutting down multiple interfaces

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[block] Retry any SAN device operation
Michael Brown [Tue, 7 Mar 2017 16:11:22 +0000 (16:11 +0000)] 
[block] Retry any SAN device operation

The SCSI layer currently implements a retry loop in order to retry
commands that fail due to spurious "error" conditions such as "power
on occurred".  Move this retry loop to the generic SAN device layer:
this allow for retries due to other transient error conditions such as
an iSCSI target having dropped the connection due to inactivity.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[efi] Refactor to use centralised SAN device abstraction
Michael Brown [Mon, 6 Mar 2017 14:22:51 +0000 (14:22 +0000)] 
[efi] Refactor to use centralised SAN device abstraction

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[int13] Refactor to use centralised SAN device abstraction
Michael Brown [Sat, 4 Mar 2017 21:02:31 +0000 (21:02 +0000)] 
[int13] Refactor to use centralised SAN device abstraction

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[block] Centralise "san-drive" setting
Michael Brown [Mon, 6 Mar 2017 12:25:20 +0000 (12:25 +0000)] 
[block] Centralise "san-drive" setting

The concept of the SAN drive number is meaningful only in a BIOS
environment, where it represents the INT13 drive number (0x80 for the
first hard disk).  We retain this concept in a UEFI environment to
allow for a simple way for iPXE commands to refer to SAN drives.

Centralise the concept of the default drive number, since it is shared
between all supported environments.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[block] Centralise SAN device abstraction
Michael Brown [Sat, 4 Mar 2017 18:43:07 +0000 (18:43 +0000)] 
[block] Centralise SAN device abstraction

Create a central SAN device abstraction to be shared between BIOS and
UEFI.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[block] Remove spurious comments
Michael Brown [Fri, 3 Mar 2017 17:31:33 +0000 (17:31 +0000)] 
[block] Remove spurious comments

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[efi] Add missing SANBOOT_PROTO_HTTP to EFI default configuration
Michael Brown [Mon, 6 Mar 2017 15:01:39 +0000 (15:01 +0000)] 
[efi] Add missing SANBOOT_PROTO_HTTP to EFI default configuration

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[thunderx] Don't disable NIC when exiting from iPXE
Konrad Adamczyk [Tue, 7 Feb 2017 11:20:19 +0000 (12:20 +0100)] 
[thunderx] Don't disable NIC when exiting from iPXE

According to ThunderX Errata G-17560, NIC_PF_CFG[ENA] bit should not
be cleared at exit.  This allows other drivers to access the NIC regs
correctly.

Signed-off-by: Konrad Adamczyk <konrad.adamczyk@cavium.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[thunderx] Fix hardware deinitialization
Bartosz Szczepanek [Tue, 7 Feb 2017 11:20:18 +0000 (12:20 +0100)] 
[thunderx] Fix hardware deinitialization

It is required to reset BGX context state for the LMAC using
BGX_CMR_CONFIG register.

This solves problem with network connectivity in Linux booted from
iPXE.

Signed-off-by: Bartosz Szczepanek <bartosz.szczepanek@cavium.com>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[http] Cleanly shut down potentially looped interfaces
Michael Brown [Thu, 2 Feb 2017 16:52:55 +0000 (16:52 +0000)] 
[http] Cleanly shut down potentially looped interfaces

Use intfs_shutdown() and intfs_restart() to cleanly shut down multiple
interfaces that may loop back to the same object.

This fixes a regression introduced by commit daa8ed9 ("[interface]
Provide intf_reinit() to reinitialise nullified interfaces") which
broke the use of HTTP Basic and Digest authentication.

Reported-by: murmansk <murmansk@hotmail.com>
Reported-by: Brett Waldo <brettwaldo@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[interface] Provide the ability to shut down multiple interfaces
Michael Brown [Thu, 2 Feb 2017 15:49:21 +0000 (15:49 +0000)] 
[interface] Provide the ability to shut down multiple interfaces

Shutting down (and optionally restarting) multiple interfaces is
fraught with problems if there are loops in the interface connectivity
(e.g. the HTTP content-decoded and transfer-decoded interfaces, which
will generally loop back to each other).  Various workarounds
currently exist across the codebase, generally involving preceding
calls to intf_nullify() to avoid problems due to known loops.

Provide intfs_shutdown() and intfs_restart() to allow all of an
object's interfaces to be shut down (or restarted) in a single call,
without having to worry about potential external loops.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[time] Report attempts to use timers before initialisation
Michael Brown [Wed, 1 Feb 2017 15:30:41 +0000 (15:30 +0000)] 
[time] Report attempts to use timers before initialisation

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[settings] Add "unixtime" builtin setting to expose the current time
Michael Brown [Thu, 26 Jan 2017 11:39:25 +0000 (11:39 +0000)] 
[settings] Add "unixtime" builtin setting to expose the current time

Expose the current wall-clock time (in seconds since the Epoch), since
this is often useful in captured boot logs and can also be useful when
checking unexpected X.509 certificate validation failures.

Use a :uint32 setting to avoid Y2K38 rollover, thereby ensuring that
this will eventually be somebody else's problem.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[intel] Add INTEL_NO_PHY_RST for I219-LM (2)
Christian Nilsson [Wed, 21 Dec 2016 19:21:33 +0000 (20:21 +0100)] 
[intel] Add INTEL_NO_PHY_RST for I219-LM (2)

Originally-implemented-by: Malte zu Klampen <malte@pclab.ifg.uni-kiel.de>
Originally-implemented-by: Richard Moore <rich@richud.com>
Tested-by: Esben Storgaard Nielsen <esn@solar.dk>
Signed-off-by: Christian Nilsson <nikize@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[int13] Test correct return status from INT 13 calls
Michael Brown [Thu, 26 Jan 2017 09:45:19 +0000 (09:45 +0000)] 
[int13] Test correct return status from INT 13 calls

INT 13 calls return a status value via %ah, with CF set if %ah is
non-zero (indicating an error).  Our wrappers zero the whole of %ax if
CF is clear, to allow C code (which has no easy access to CF) to
simply test for a non-zero status to detect an error.

The current code assigns the returned status to a uint8_t, effectively
testing %al rather than %ah.  Fix by treating the returned status as a
uint16_t instead.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[int13] Avoid potential division by zero
Michael Brown [Thu, 26 Jan 2017 09:31:40 +0000 (09:31 +0000)] 
[int13] Avoid potential division by zero

Avoid using a zero sector count to guess the disk geometry, since that
would result in a division by zero when calculating the number of
cylinders.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[hyperv] Provide timer based on the 10MHz time reference count MSR
Michael Brown [Thu, 26 Jan 2017 08:03:11 +0000 (08:03 +0000)] 
[hyperv] Provide timer based on the 10MHz time reference count MSR

When running on AMD platforms, the legacy hardware emulation is
extremely unreliable.  In particular, the IRQ0 timer interrupt is
likely to simply stop working, resulting in a total failure of any
code that relies on timers (such as DHCP retransmission attempts).

Work around this by using the 10MHz time counter provided by Hyper-V
via an MSR.  (This timer can be tested in KVM via the command-line
option "-cpu host,hv_time".)

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[time] Allow timer to be selected at runtime
Michael Brown [Wed, 25 Jan 2017 20:59:15 +0000 (20:59 +0000)] 
[time] Allow timer to be selected at runtime

Allow the active timer (providing udelay() and currticks()) to be
selected at runtime based on probing during the INIT_EARLY stage of
initialisation.

TICKS_PER_SEC is now a fixed compile-time constant for all builds, and
is independent of the underlying clock tick rate.  We choose the value
1024 to allow multiplications and divisions on seconds to be converted
to bit shifts.

TICKS_PER_MS is defined as 1, allowing multiplications and divisions
on milliseconds to be omitted entirely.  The 2% inaccuracy in this
definition is negligible when using the standard BIOS timer (running
at around 18.2Hz).

TIMER_RDTSC now checks for a constant TSC before claiming to be a
usable timer.  (This timer can be tested in KVM via the command-line
option "-cpu host,+invtsc".)

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[cpuid] Provide cpuid_supported() to test for supported functions
Michael Brown [Wed, 25 Jan 2017 20:57:18 +0000 (20:57 +0000)] 
[cpuid] Provide cpuid_supported() to test for supported functions

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[netdevice] Limit MTU by hardware maximum frame length
Michael Brown [Wed, 25 Jan 2017 14:48:24 +0000 (14:48 +0000)] 
[netdevice] Limit MTU by hardware maximum frame length

Separate out the concept of "hardware maximum supported frame length"
and "configured link MTU", and limit the latter according to the
former.

In networks where the DHCP-supplied link MTU is inconsistent with the
hardware or driver capabilities (e.g. a network using jumbo frames),
this will result in iPXE advertising a TCP MSS consistent with a size
that can actually be received.

Note that the term "MTU" is typically used to refer to the maximum
length excluding the link-layer headers; we adopt this usage.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[interface] Unplug interface before calling intf_close() in intf_shutdown()
Michael Brown [Wed, 25 Jan 2017 10:19:02 +0000 (10:19 +0000)] 
[interface] Unplug interface before calling intf_close() in intf_shutdown()

The call to intf_close() may result in the original interface being
reopened.  For example: when reading the capacity of a 2TB+ disk via
iSCSI, the SCSI layer will respond to the intf_close() from the READ
CAPACITY (10) command by immediately issuing a READ CAPACITY (16)
command.  The iSCSI layer happens to reuse the same interface for the
new command (since it allows only a single concurrent command).

Currently, intf_shutdown() unplugs the interface after the call to
intf_close() returns.  In the above scenario, this results in
unplugging the just-reopened interface.

Fix by transferring the interface destination (and its reference) to a
temporary interface, and so effectively performing the unplug before
making the call to intf_close().

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[interface] Remove misleading comment
Michael Brown [Wed, 25 Jan 2017 10:17:48 +0000 (10:17 +0000)] 
[interface] Remove misleading comment

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[interface] Avoid unnecessary reference counting in intf_unplug()
Michael Brown [Wed, 25 Jan 2017 10:11:26 +0000 (10:11 +0000)] 
[interface] Avoid unnecessary reference counting in intf_unplug()

The null interface does not have a reference counter, so the call to
intf_get() is always redundant.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[efi] Fix building elf2efi.c when -fpic is enabled by default
Michael Brown [Wed, 25 Jan 2017 08:00:50 +0000 (08:00 +0000)] 
[efi] Fix building elf2efi.c when -fpic is enabled by default

The x86_64 EDK2 headers include a #pragma to mark all subsequent
symbol declarations and references as hidden if position-independent
code is being generated.  Since libgen.h is currently included only
after the EDK2 headers, this results in __xpg_basename() being
erroneously marked as having hidden visibility (if the compiler
defaults to building position-independent code); this eventually
results in a failure to link the elf2efi binary.

Fix by including libgen.h prior to including the EDK2 headers.

Originally-fixed-by: Doug Goldstein <cardoe@cardoe.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[pic8259] Fix definitions for "read IRR" and "read ISR" commands
Michael Brown [Wed, 25 Jan 2017 07:32:38 +0000 (07:32 +0000)] 
[pic8259] Fix definitions for "read IRR" and "read ISR" commands

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[hyperv] Ignore unsolicited VMBus messages
Michael Brown [Tue, 24 Jan 2017 15:03:10 +0000 (15:03 +0000)] 
[hyperv] Ignore unsolicited VMBus messages

In some high-end Azure instances (e.g. NC6) we may receive an
unsolicited VMBUS_OFFER_CHANNEL message for a PCIe pass-through device
some time after completing the bus enumeration.  This currently causes
apparently random failures due to unexpected VMBus message types.

Fix by ignoring any unsolicited VMBus messages.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[cloud] Show CPU vendor and model in example cloud boot scripts
Michael Brown [Tue, 24 Jan 2017 13:47:03 +0000 (13:47 +0000)] 
[cloud] Show CPU vendor and model in example cloud boot scripts

Some problems arise only when running on a specific CPU type (e.g.
non-functional timer interrupts as observed in Azure AMD instances).
Include the CPU vendor and model within the sample cloud boot scripts,
to assist in debugging such problems.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[netdevice] Allow MTU to be changed at runtime
Michael Brown [Mon, 23 Jan 2017 17:47:28 +0000 (17:47 +0000)] 
[netdevice] Allow MTU to be changed at runtime

Provide a settings applicator to modify netdev->max_pkt_len in
response to changes to the "mtu" setting (DHCP option 26).

Note that as with MAC address changes, drivers are permitted to
completely ignore any changes in the MTU value.  The net result will
be that iPXE effectively uses the smaller of either the hardware
default MTU or the software configured MTU.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[virtio] Use host-specified MTU when available
Michael Brown [Mon, 23 Jan 2017 16:32:54 +0000 (16:32 +0000)] 
[virtio] Use host-specified MTU when available

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[cloud] Add ability to retrieve Google Compute Engine metadata
Michael Brown [Mon, 23 Jan 2017 14:41:22 +0000 (14:41 +0000)] 
[cloud] Add ability to retrieve Google Compute Engine metadata

For some unspecified "security" reason, the Google Compute Engine
metadata server will refuse any requests that do not include the
non-standard HTTP header "Metadata-Flavor: Google".

Attempt to autodetect such requests (by comparing the hostname against
"metadata.google.internal"), and add the "Metadata-Flavor: Google"
header if applicable.

Enable this feature in the CONFIG=cloud build, and include a sample
embedded script allowing iPXE to boot from a script configured as
metadata via e.g.

  # Create shared boot image
  make bin/ipxe.usb CONFIG=cloud EMBED=config/cloud/gce.ipxe

  # Configure per-instance boot script
  gcloud compute instances add-metadata <instance> \
         --metadata-from-file ipxeboot=boot.ipxe

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[virtio] Use separate RX and TX empty header buffers
Michael Brown [Mon, 23 Jan 2017 13:23:31 +0000 (13:23 +0000)] 
[virtio] Use separate RX and TX empty header buffers

Some host implementations (notably Google Compute Platform) are known
to unconditionally write back VIRTIO_NET_HDR_F_DATA_VALID to
header->flags for received packets, regardless of the features
negotiated by the driver.  This breaks the transmit datapath by
effectively setting an illegal flag for all subsequent transmitted
packets.

Work around this problem by using separate empty header buffers for
the receive and transmit queues.

Debugged-by: Ladi Prosek <lprosek@redhat.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[af_packet] Add new AF_PACKET driver for Linux
David Decotigny [Fri, 20 Jan 2017 18:29:24 +0000 (10:29 -0800)] 
[af_packet] Add new AF_PACKET driver for Linux

This code largely inspired by tap.c.  Allows for testing iPXE on real
NICs from within Linux.  For example:

  make bin-x86_64-linux/af_packet.linux
  valgrind ./bin-x86_64-linux/af_packet.linux --net af_packet,if=eth3

Tested as x86_64 and i386 binary.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[build] Return const char * from uuid_ntoa()
David Decotigny [Fri, 20 Jan 2017 18:29:22 +0000 (10:29 -0800)] 
[build] Return const char * from uuid_ntoa()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[virtio] Remove queue size limit in legacy virtio
Ladi Prosek [Fri, 16 Dec 2016 13:07:08 +0000 (14:07 +0100)] 
[virtio] Remove queue size limit in legacy virtio

Virtio 0.9 implementation was limited to the maximum virtqueue size of
MAX_QUEUE_NUM and the virtio-net driver would fail to initialize on hosts
exceeding this limit.

This commit lifts the restriction by allocating the queue memory based on
the actual queue size instead of using a fixed maximum. Note that virtio
1.0 still uses the MAX_QUEUE_NUM constant to cap the size (unfortunately
this functionality is not available in virtio 0.9).

Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[virtio] Simplify virtqueue shutdown
Ladi Prosek [Fri, 16 Dec 2016 12:31:22 +0000 (13:31 +0100)] 
[virtio] Simplify virtqueue shutdown

This commit introduces virtnet_free_virtqueues called on all virtqueue
error and shutdown paths. vpm_find_vqs no longer cleans up after itself
and instead expects virtnet_free_virtqueues to be always called to undo
its effect.

Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[virtio] Cap queue size to MAX_QUEUE_NUM
Ladi Prosek [Fri, 16 Dec 2016 09:54:32 +0000 (10:54 +0100)] 
[virtio] Cap queue size to MAX_QUEUE_NUM

vpm_find_vqs incorrectly accepted the host provided queue size with no
regard to iPXE's internal limitations. Virtio 1.0 makes it possible for
the driver to override the queue size to reduce memory requirements and
iPXE is a great use case for this feature.

Also removing the extra vq->vring.num assignment which is already
handled in vring_init.

Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[build] Add %.vhd target for building VM bootable disk images
Michael Brown [Sun, 22 Jan 2017 11:22:11 +0000 (11:22 +0000)] 
[build] Add %.vhd target for building VM bootable disk images

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[ipv4] Accept unicast packets for the local network broadcast address
Michael Brown [Sun, 22 Jan 2017 09:12:52 +0000 (09:12 +0000)] 
[ipv4] Accept unicast packets for the local network broadcast address

The ISC Kea DHCP server transmits its DHCPOFFER as a unicast packet
with a broadcast IPv4 destination address (255.255.255.255).  This
combination is currently rejected by iPXE.

Fix by explicitly accepting the local network broadcast address
(255.255.255.255) as a valid unicast destination address.

Reported-by: Roy Ledochowski <roy.ledochowski@hpe.com>
Tested-by: Roy Ledochowski <roy.ledochowski@hpe.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[golan] Update Connect-IB, ConnectX-4 and ConnectX-4 Lx (Infiniband) support
Raed Salem [Thu, 8 Dec 2016 09:01:51 +0000 (11:01 +0200)] 
[golan] Update Connect-IB, ConnectX-4 and ConnectX-4 Lx (Infiniband) support

Updates:
- Nodnic: Support for arm cq doorbell via the UAR BAR
- Ensure hardware is quiescent when no interface is open - WinPE WA
- Support for clear interrupt via BAR
- Nodnic: Support for send TX doorbells via the UAR BAR
- Added ConnectX-5EX device
- Added ConnectX-5 device

Signed-off-by: Raed Salem <raeds@mellanox.com>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2 years ago[efi] Work around temporal anomaly encountered during ExitBootServices()
Michael Brown [Wed, 7 Dec 2016 13:41:06 +0000 (13:41 +0000)] 
[efi] Work around temporal anomaly encountered during ExitBootServices()

EFI provides no clean way for device drivers to shut down in
preparation for handover to a booted operating system.  The platform
firmware simply doesn't bother to call the drivers' Stop() methods.
Instead, drivers must register an EVT_SIGNAL_EXIT_BOOT_SERVICES event
to be signalled when ExitBootServices() is called, and clean up
without any reference to the EFI driver model.

Unfortunately, all timers silently stop working when ExitBootServices()
is called.  Even more unfortunately, and for no discernible reason,
this happens before any EVT_SIGNAL_EXIT_BOOT_SERVICES events are
signalled.  The net effect of this entertaining design choice is that
any timeout loops on the shutdown path (e.g. for gracefully closing
outstanding TCP connections) may wait indefinitely.

There is no way to report failure from currticks(), since the API
lazily assumes that the host system continues to travel through time
in the usual direction.  Work around EFI's violation of this
assumption by falling back to a simple free-running monotonic counter.

Debugged-by: Maor Dickman <maord@mellanox.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[undi] Try matching UNDI ROMs in BIOS enumeration order
Michael Brown [Wed, 7 Dec 2016 07:25:44 +0000 (07:25 +0000)] 
[undi] Try matching UNDI ROMs in BIOS enumeration order

When searching for an UNDI ROM to match against a PCI device, search
in order of increasing ROM address (within the 128kB BIOS option ROM
area).  This is likely (though not guaranteed) to match the order of
the original enumeration performed by the BIOS, which is in turn
likely to match the order of enumeration on the PCI bus.

Since we load at most one UNDI ROM, the net result is that we increase
our chances of loading the ROM corresponding to the selected PCI
device (rather than loading a ROM corresponding to a higher-numbered
PCI device with the same vendor and device IDs.)

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[prefix] Include diagnostic information within progress messages
Michael Brown [Tue, 6 Dec 2016 09:38:33 +0000 (09:38 +0000)] 
[prefix] Include diagnostic information within progress messages

Include some relevant diagnostic infomation within the progress
messages generated via DEBUG=libprefix.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[prefix] Remove impossible progress message
Michael Brown [Tue, 6 Dec 2016 07:36:33 +0000 (07:36 +0000)] 
[prefix] Remove impossible progress message

The "progress" macro can be used only from within the .prefix section.
At the point of calling relocate(), we are running in .text16 and so
the near call to print_message() will end up calling a random function
somewhere in .text16.

Interestingly, this problem has remained unnoticed for some time.  It
is rare to build with DEBUG=libprefix.  In the few cases that it has
been used during development, the randomly selected function in
.text16 seems to have been a harmless no-op with no visible
side-effects (beyond the unnoticed failure to print the "relocate"
progress message).

Fix by removing the futile attempt to print a progress message before
calling relocate().

Reported-by: Raed Salem <raeds@mellanox.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[undi] Clean up driver and device name information
Michael Brown [Mon, 5 Dec 2016 15:45:17 +0000 (15:45 +0000)] 
[undi] Clean up driver and device name information

Fix the <NULL> driver name reported by "ifstat" when using the undipci
driver (due to the unnecessary extra device node inserted as a child
of the PCI device).

Remove the "UNDI-" prefix from device names since the driver name is
also now visible via "ifstat", and tidy up the device name to match
the format used by standard PCI devices.

The output from "ifstat" now resembles:

  iPXE> ifstat
  net0: 52:54:00:12:34:56 using undipci on 0000:00:03.0

  iPXE> ifstat
  net0: 52:54:00:12:34:56 using undionly on 0000:00:03.0

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[romprefix] Avoid using PMM-allocated memory in UNDI loader entry point
Michael Brown [Mon, 5 Dec 2016 14:11:00 +0000 (14:11 +0000)] 
[romprefix] Avoid using PMM-allocated memory in UNDI loader entry point

The UNDI loader entry point is very likely to be called after POST,
when there is a high chance that the PMM-allocated image source area
and decompression area have been reused by something else.

In particular, using an iPXE .iso to test a separate iPXE ROM's UNDI
loader entry point in a qemu VM is likely to crash.  SeaBIOS allocates
PMM blocks from close to the top of memory and so these blocks have a
high chance of colliding with the runtime addresses subsequently
chosen by the non-ROM iPXE by scanning the INT 15,e820 memory map.

The standard romprefix.S has no choice about relying on the
PMM-allocated image source area, since it has no other way to retrieve
its compressed payload.

In mromprefix.S, the image source area functions only as an optional
buffer used to avoid repeated reads from the (potentially slow)
expansion ROM BAR by the decompression code.  We can therefore always
set %esi=0 when calling install_prealloc from the UNDI loader entry
point, and simply fall back to reading directly from the expansion ROM
BAR.

We can always set %edi=0 when calling install_prealloc from the UNDI
loader entry point.  This will behave as though the decompression area
PMM allocation failed, and will therefore use INT 15,88 to find a
temporary decompression area somewhere close to 64MB.  This is by no
means guaranteed to be safe from collisions, but it's probably safer
on balance than the PMM-allocated address.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[undi] Allocate base memory before calling UNDI loader entry point
Michael Brown [Mon, 5 Dec 2016 08:50:03 +0000 (08:50 +0000)] 
[undi] Allocate base memory before calling UNDI loader entry point

Allocate base memory (by decreasing the free base memory counter)
before calling the UNDI loader entry point, to minimise surprises for
the UNDI loader code.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[efi] Add basic EFI SAN booting capability
Michael Brown [Wed, 16 Nov 2016 22:22:22 +0000 (22:22 +0000)] 
[efi] Add basic EFI SAN booting capability

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[iscsi] Avoid potential infinite loops during shutdown
Michael Brown [Wed, 16 Nov 2016 23:00:57 +0000 (23:00 +0000)] 
[iscsi] Avoid potential infinite loops during shutdown

The command and data interfaces may be connected to the same object.
Nullify the data interface before shutting down the control interface
to avoid potential infinite loops.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[interface] Provide intf_reinit() to reinitialise nullified interfaces
Michael Brown [Wed, 16 Nov 2016 22:22:13 +0000 (22:22 +0000)] 
[interface] Provide intf_reinit() to reinitialise nullified interfaces

Provide an abstraction intf_reinit() to restore the descriptor of a
previously nullified interface.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[build] Disable TIVOLI_VMM_WORKAROUND in the qemu configuration ipxe-qemu-release-v2.8.0 ipxe-qemu-release-v2.9.0
Laszlo Ersek [Wed, 26 Oct 2016 22:13:51 +0000 (00:13 +0200)] 
[build] Disable TIVOLI_VMM_WORKAROUND in the qemu configuration

This prevents KVM guests from crashing that run iPXE on host CPUs
without "unrestricted_guest" support.

Once KVM gets the FXSAVE / FXRSTOR emulation feature (*), and the
feature becomes widely available to users, we can back out this change
from iPXE.

(*) Already in progress by Radim:

    [PATCH 0/2] KVM: x86: emulate fxsave and fxrstor

    https://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1258895.html
    https://www.spinics.net/lists/kernel/msg2370327.html

Cc: Bandan Das <bsd@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Greg <rollenwiese@yahoo.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Michael Prokop <launchpad@michael-prokop.at>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Pickford <arch@netremedies.ca>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Ref: https://bugs.archlinux.org/task/50778
Ref: https://bugs.launchpad.net/qemu/+bug/1623276
Ref: https://bugzilla.proxmox.com/show_bug.cgi?id=1182
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1356762
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[librm] Conditionalize the workaround for the Tivoli VMM's SSE garbling
Laszlo Ersek [Wed, 26 Oct 2016 22:13:50 +0000 (00:13 +0200)] 
[librm] Conditionalize the workaround for the Tivoli VMM's SSE garbling

Commit 71560d1 ("[librm] Preserve FPU, MMX and SSE state across calls
to virt_call()") added FXSAVE and FXRSTOR instructions to iPXE.  In
KVM virtual machines, these instructions execute fine as long as the
host CPU supports the "unrestricted_guest" feature (that is, it can
virtualize big real mode natively).  On older host CPUs however, KVM
has to emulate big real mode, and it currently doesn't implement
FXSAVE emulation.

Upstream QEMU rebuilt iPXE at commit 0418631 ("[thunderx] Fix
compilation with older versions of gcc") which is a descendant of
commit 71560d1 (see above).

This was done in QEMU commit ffdc5a2 ("ipxe: update submodule from
4e03af8ec to 041863191").  The resultant binaries were bundled with
the QEMU v2.7.0 release; see QEMU commit c52125a ("ipxe: update
prebuilt binaries").

This distributed the iPXE workaround for the Tivoli VMM bug to a
number of KVM users with old host CPUs, causing KVM emulation failures
(guest crashes) for them while netbooting.

Make the FXSAVE and FXRSTOR instructions conditional on a new feature
test macro called TIVOLI_VMM_WORKAROUND.  Define the macro by default.

There is prior art for an assembly file including config/general.h:
see arch/x86/prefix/romprefix.S.  Also, TIVOLI_VMM_WORKAROUND seems to
be a good fit for the "Obscure configuration options" section in
config/general.h.

Cc: Bandan Das <bsd@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Greg <rollenwiese@yahoo.com>
Cc: Michael Brown <mcb30@ipxe.org>
Cc: Michael Prokop <launchpad@michael-prokop.at>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Pickford <arch@netremedies.ca>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Ref: https://bugs.archlinux.org/task/50778
Ref: https://bugs.launchpad.net/qemu/+bug/1623276
Ref: https://bugzilla.proxmox.com/show_bug.cgi?id=1182
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1356762
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[bzimage] Fix page alignment of initrd images
Michael Brown [Fri, 28 Oct 2016 23:08:48 +0000 (00:08 +0100)] 
[bzimage] Fix page alignment of initrd images

The initrd_addr_max field represents the highest byte address that may
be used to hold initrd images, and is therefore almost certainly not
aligned to a page boundary: a typical value might be 0x7fffffff.

Fix the address calculations to ensure that the initrd images are
always aligned to a page boundary.

Reported-by: Sitsofe Wheeler <sitsofe@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[efi] Add EFI_BLOCK_IO2_PROTOCOL header and GUID definition
Michael Brown [Sun, 16 Oct 2016 22:27:50 +0000 (23:27 +0100)] 
[efi] Add EFI_BLOCK_IO2_PROTOCOL header and GUID definition

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[efi] Update to current EDK2 headers
Michael Brown [Sun, 16 Oct 2016 15:32:49 +0000 (16:32 +0100)] 
[efi] Update to current EDK2 headers

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[efi] Mark AppleNetBoot.h as a native iPXE header
Michael Brown [Sun, 16 Oct 2016 16:04:30 +0000 (17:04 +0100)] 
[efi] Mark AppleNetBoot.h as a native iPXE header

AppleNetBoot.h is not taken from the EDK2 codebase and so cannot be
imported using include/ipxe/efi/import.pl.  Mark as a native iPXE
header (by changing the include guard) to avoid breaking the import
process.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Mark permanent certificates as permanent
Michael Brown [Wed, 31 Aug 2016 16:23:42 +0000 (17:23 +0100)] 
[crypto] Mark permanent certificates as permanent

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[cmdline] Add certificate management commands
Michael Brown [Thu, 25 Aug 2016 14:40:27 +0000 (15:40 +0100)] 
[cmdline] Add certificate management commands

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Add certstat() to display basic certificate information
Michael Brown [Thu, 25 Aug 2016 14:39:43 +0000 (15:39 +0100)] 
[crypto] Add certstat() to display basic certificate information

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Allow certificates to be marked as having been added explicitly
Michael Brown [Thu, 25 Aug 2016 14:38:58 +0000 (15:38 +0100)] 
[crypto] Allow certificates to be marked as having been added explicitly

Allow certificates to be marked as having been added explicitly at run
time.  Such certificates will not be discarded via the certificate
store cache discarder.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Expose certstore_del() to explicitly remove stored certificates
Michael Brown [Wed, 31 Aug 2016 14:16:43 +0000 (15:16 +0100)] 
[crypto] Expose certstore_del() to explicitly remove stored certificates

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[list] Add list_next_entry() and list_prev_entry()
Michael Brown [Wed, 31 Aug 2016 14:05:22 +0000 (15:05 +0100)] 
[list] Add list_next_entry() and list_prev_entry()

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Generalise X.509 "valid" field to a "flags" field
Michael Brown [Thu, 25 Aug 2016 14:41:57 +0000 (15:41 +0100)] 
[crypto] Generalise X.509 "valid" field to a "flags" field

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Add image_x509() to extract X.509 certificates from image
Michael Brown [Thu, 25 Aug 2016 14:35:44 +0000 (15:35 +0100)] 
[crypto] Add image_x509() to extract X.509 certificates from image

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[pixbuf] Enable PNG format by default
Michael Brown [Fri, 29 Jul 2016 14:58:59 +0000 (15:58 +0100)] 
[pixbuf] Enable PNG format by default

Enable IMAGE_PNG (but not IMAGE_PNM) by default, and drag in the
relevant objects only when image_pixbuf() is present in the binary.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[build] Remove more obsolete explicit object requirements
Michael Brown [Fri, 29 Jul 2016 14:56:10 +0000 (15:56 +0100)] 
[build] Remove more obsolete explicit object requirements

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Enable both DER and PEM formats by default
Michael Brown [Fri, 29 Jul 2016 14:40:39 +0000 (15:40 +0100)] 
[crypto] Enable both DER and PEM formats by default

Enable both IMAGE_DER and IMAGE_PEM by default, and drag in the
relevant objects only when image_asn1() is present in the binary.

This allows "imgverify" to transparently use either DER or PEM
signature files.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[build] Remove obsolete explicit object requirements
Michael Brown [Fri, 29 Jul 2016 14:18:35 +0000 (15:18 +0100)] 
[build] Remove obsolete explicit object requirements

As of commit b1caa48 ("[crypto] Support SHA-{224,384,512} in X.509
certificates"), the list of supported cryptographic algorithms is
controlled by config/crypto.h.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[image] Use image_asn1() to extract data from CMS signature images
Michael Brown [Thu, 28 Jul 2016 15:22:08 +0000 (16:22 +0100)] 
[image] Use image_asn1() to extract data from CMS signature images

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Add PEM image format
Michael Brown [Thu, 28 Jul 2016 21:51:50 +0000 (22:51 +0100)] 
[crypto] Add PEM image format

Add PEM-encoded ASN.1 as an image format.  We accept as PEM any image
containing a line starting with a "-----BEGIN" boundary marker.

We allow for PEM files containing multiple ASN.1 objects, such as a
certificate chain produced by concatenating individual certificate
files.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Add DER image format
Michael Brown [Thu, 28 Jul 2016 15:18:23 +0000 (16:18 +0100)] 
[crypto] Add DER image format

Add DER-encoded ASN.1 as an image format.  There is no fixed signature
for DER files.  We treat an image as DER if it comprises a single
valid SEQUENCE object covering the entire length of the image.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[image] Add image_asn1() to extract ASN.1 objects from image
Michael Brown [Thu, 28 Jul 2016 15:16:55 +0000 (16:16 +0100)] 
[image] Add image_asn1() to extract ASN.1 objects from image

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Allow for parsing of partial ASN.1 cursors
Michael Brown [Thu, 28 Jul 2016 14:02:15 +0000 (15:02 +0100)] 
[crypto] Allow for parsing of partial ASN.1 cursors

Allow code to create a partial ASN.1 cursor containing only the type
and length bytes, so that asn1_start() may be used to determine the
length of a large ASN.1 blob without first allocating memory to hold
the entire blob.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
3 years ago[crypto] Remove obsolete extern declaration for asn1_invalidate_cursor()
Michael Brown [Thu, 28 Jul 2016 14:00:26 +0000 (15:00 +0100)] 
[crypto] Remove obsolete extern declaration for asn1_invalidate_cursor()

Signed-off-by: Michael Brown <mcb30@ipxe.org>