58e312617d
- The location of the udevadm binary was changed from /sbin/ to /usr/bin
a while back. A symbolic link was added for compatibility. In the latest
versions, that symbolic link has been removed, requiring changes to scripts
that were depending on that.
Added the following patches for bsc#1171587
* s390-tools-sles15sp2-lsluns-try-harder-to-find-udevadm.patch
* s390-tools-sles15sp2-znetconf-introduce-better-ways-to-locate-udevadm.patch
*s390-tools-sles15sp2-mon_tools-update-udevadm-location.patch
- Added s390-tools-sles15sp2-zipl-prevent-endless-loop-during-IPL.patch
(bsc#1174309) zipl: prevent endless loop during secure IPL
- Added s390-tools-sles15sp2-zipl-check-for-valid-ipl-parmblock-lowcore-pointer.patch
(bsc#1174310) zipl: check for valid ipl parmblock lowcore pointer
- Added s390-tools-sles15sp2-01-zipl-libc-libc_stop-move-noreturn-to-declaration.patch
s390-tools-sles15sp2-02-zipl-stage3-correctly-handle-diag308-response-code.patch
(bsc1174311) zipl: Fix KVM IPL without bootindex
- Updated cputype and read_values to recognize the new z15 models.
- Added s390-tools-sles15sp2-zipl-prevent-endless-loop-during-IPL.patch
(bsc#1174309) zipl: prevent endless loop during secure IPL
- Added s390-tools-sles15sp2-zipl-check-for-valid-ipl-parmblock-lowcore-pointer.patch
(bsc#1174310) zipl: check for valid ipl parmblock lowcore pointer
- Added s390-tools-sles15sp2-01-zipl-libc-libc_stop-move-noreturn-to-declaration.patch
s390-tools-sles15sp2-02-zipl-stage3-correctly-handle-diag308-response-code.patch
(bsc1174311) zipl: Fix KVM IPL without bootindex
- Updated cputype and read_values to recognize the new z15 models.
- Added s390-tools-sles15sp2-vmcp-exit-code.patch (bsc#1173481)
Change the vmcp exit code and return 'CP command failed' when both
"CP command failed" and "response buffer is too small" error
conditions are true.
OBS-URL: https://build.opensuse.org/request/show/823200
OBS-URL: https://build.opensuse.org/package/show/Base:System/s390-tools?expand=0&rev=97
82 lines
2.5 KiB
Diff
82 lines
2.5 KiB
Diff
Subject: [PATCH] [BZ 186938] zipl: check for valid ipl parmblock lowcore pointer
|
|
From: Stefan Haberland <sth@linux.ibm.com>
|
|
|
|
Description: zipl: check for valid ipl parmblock lowcore pointer
|
|
Symptom: For CCW type IPL the IPL might fail.
|
|
Problem: The lowcore parmblock pointer is not valid in every
|
|
case. For example it is invalid for CCW type IPL.
|
|
Solution: To have an indication if the pointer is valid do a
|
|
diag308 to store the parmblock and check if secure boot
|
|
is enabled. If it is enabled the lowcore pointer is
|
|
valid and the ipl report that is needed for secure boot
|
|
can be found right behind the ipl parmblock.
|
|
Reproduction: IPL from CCW devices.
|
|
Upstream-ID: ee9d606f800741eedeec1dcf1d2ddbfccbc21140
|
|
Problem-ID: 186938
|
|
|
|
Signed-off-by: Stefan Haberland <sth@linux.ibm.com>
|
|
---
|
|
include/boot/ipl.h | 1 +
|
|
zipl/boot/stage3.c | 24 ++++++++++++++++++++----
|
|
2 files changed, 21 insertions(+), 4 deletions(-)
|
|
|
|
--- a/include/boot/ipl.h
|
|
+++ b/include/boot/ipl.h
|
|
@@ -18,6 +18,7 @@
|
|
#define IPL_RB_COMPONENT_FLAG_SIGNED 0x80
|
|
#define IPL_RB_COMPONENT_FLAG_VERIFIED 0x40
|
|
|
|
+#define IPL_MAX_SUPPORTED_VERSION 0
|
|
#define IPL_PARM_BLOCK_VERSION 0x1
|
|
|
|
/* IPL Types */
|
|
--- a/zipl/boot/stage3.c
|
|
+++ b/zipl/boot/stage3.c
|
|
@@ -26,6 +26,7 @@
|
|
|
|
static const char *msg_sipl_inval = "Secure boot failure: invalid load address";
|
|
static const char *msg_sipl_unverified = "Secure boot failure: unverified load address";
|
|
+static const char *msg_sipl_noparm = "Secure boot failure: unable to load ipl parameter";
|
|
|
|
static inline void __noreturn start_kernel(void)
|
|
{
|
|
@@ -54,6 +55,18 @@ static inline void __noreturn start_kern
|
|
while (1);
|
|
}
|
|
|
|
+unsigned int store_ipl_parmblock(struct ipl_pl_hdr *pl_hdr)
|
|
+{
|
|
+ int rc;
|
|
+
|
|
+ rc = diag308(DIAG308_STORE, pl_hdr);
|
|
+ if (rc == DIAG308_RC_OK &&
|
|
+ pl_hdr->version <= IPL_MAX_SUPPORTED_VERSION)
|
|
+ return 0;
|
|
+
|
|
+ return 1;
|
|
+}
|
|
+
|
|
unsigned int
|
|
is_verified_address(unsigned long image_addr)
|
|
{
|
|
@@ -104,12 +117,15 @@ unsigned int
|
|
secure_boot_enabled()
|
|
{
|
|
struct ipl_pl_hdr *pl_hdr;
|
|
- unsigned long tmp;
|
|
+ unsigned int rc;
|
|
|
|
- tmp = (unsigned long) S390_lowcore.ipl_parmblock_ptr;
|
|
- pl_hdr = (struct ipl_pl_hdr *) tmp;
|
|
+ pl_hdr = (void *)get_zeroed_page();
|
|
+ if (!pl_hdr || store_ipl_parmblock(pl_hdr))
|
|
+ panic(ESECUREBOOT, "%s", msg_sipl_noparm);
|
|
+ rc = !!(pl_hdr->flags & IPL_FLAG_SECURE);
|
|
+ free_page((unsigned long) pl_hdr);
|
|
|
|
- return pl_hdr->flags & IPL_FLAG_SECURE;
|
|
+ return rc;
|
|
}
|
|
|
|
void start(void)
|