Causes trouble if a gz image is loaded via grub and later used as initrd for a
Linux VM (e.g. with Seoul VMM)
Discovered during Turmvilla scenario #1552 and issue #1733.
To make the creation of a bootstrap medium for most ARM platforms more
comfortable this tool shall bundle all the different U-Boot source
states, patches, and MMC preparation rules that we gathered over the
year for that purpose. As input, the tool merely needs the targeted
platform (analogous to the platform parameter of 'create_builddir'). By
now, 'hw_wand_quad' is the only supported platform. Further platforms
can be added successively. As output, the tool creates a head image file
of small size (8MiB) that can be copied (dd) with offset 0 to the MMC.
Fixes#1730
This makes use of the iPXE sanboot command [1] which downloads and
boots an ISO image directly via HTTP. Therefore, your RUN_OPT needs
both
--include image/iso and
--include load/ipxe
NOTE: The webserver serving the ISO image must support ranged requests,
see [2].
[1] - http://ipxe.org/cmd/sanboot
[2] - http://forum.ipxe.org/showthread.php?tid=7295&pid=10482#pid10482
iPXE is an open source network boot firmware which supports booting from
a web server via HTTP [1].
The following two parameters can be used to specify the iPXE/HTTP setup:
--load-ipxe-base-dir
This parameter specifies the base directory of the HTTP server from
which the target machine downloads the files.
--load-ipxe-boot-dir
The directory relative to iPXE base dir which contains the iPXE
chainload configuration and all necessary files.
The target machine is expected to request the following iPXE
configuration via HTTP:
http://${HOST_URL}/${ipxe-boot-dir}/boot.cfg
This can be achieved by building iPXE with the following embedded
script:
#!ipxe
dhcp
chain http://${HOST_URL}/${ipxe-boot-dir}/boot.cfg
See also [2] for additional information.
[1] - http://ipxe.org/
[2] - http://ipxe.org/howto/chainloading#breaking_the_loop_with_an_embedded_scriptFixes#1708
The commit consumes the argument of a unsupported printf command.
Without the commit - a subsequent command uses the argument of the preceding
command, which may cause memory corruption or page faults for sequences using
string commands, e.g.
Genode::printf("%#x %s\n", 0x20, "Test");
'#' is not supported by Genode::printf. In this scenario a pagefault at
address 0x20 is caused.
Fixes#1701
Instead of holding SPEC-variable dependent files and directories inline
within the repository structure, move them into 'spec' subdirectories
at the corresponding levels, e.g.:
repos/base/include/spec
repos/base/mk/spec
repos/base/lib/mk/spec
repos/base/src/core/spec
...
Moreover, this commit removes the 'platform' directories. That term was
used in an overloaded sense. All SPEC-relative 'platform' directories are
now named 'spec'. Other files, like for instance those related to the
kernel/architecture specific startup library, where moved from 'platform'
directories to explicit, more meaningful places like e.g.: 'src/lib/startup'.
Fix#1673
The plugin works just like the netio plugin and uses the following
parameters
--power-off-energenie-host network address of device
--power-off-energenie-password password for device
--power-off-energenie-port target port of device
The run plugin is not generic and works for NETIO4/NETIO230 powerplugs
only. Further, this opens the path for other vendor-specific powerplug
plugins.
Note, the plugin parameter for the addressed powerplug was renamed to
--power-on-netio-host resp.
--power-off-netio-host
The hw_x86_64_muen platform is a x86/64 base-hw kernel which runs as
isolated subject (guest) on the Muen Separation Kernel (SK) [1].
The platform is implemented as an extension to hw_x86_64 replacing the
PIC and timer drivers with paravirtualized variants. The skeleton
contains a dummy PIC and timer implementation for now.
[1] - http://muen.sk
If a requested report already exists the request is denied with
Invalid_args.
Further, I dusted the report_rom test and added it to the
autopilot list.
If a user has e.g. /tftpboot/x86 as directory and configures
base_dir=/tftboot and offset_dir=/x86, this leads to bad behavior
as the load module creates a symlink
/tftpboot/x86/<builddir> -> <absolut_builddir>
in this case instead of the desired
/tftpboot/x86 -> <absolut_builddir>
Furthermore, the module works on
/tftpboot/x86/config-00-00-00-00-00-00
and
/tftpboot/x86/<builddir>/config-00-00-00-00-00-00
afterwards, which looks bad too. As there is no warning at all, this can
be hard to debug. The commit adds an appropriate check with error message and
exit -1 on an existing directory.
Fixes#1630
If just one multiboot kernel module was loaded after bender, the
relocation was skipped before. This resulted in a corrupt binary image
on ELF loading if the regions of the boot module and the final program
overlap. Now, all modules are copied below 2 GiB (and out of the way)
before ELF loading.
Fixes#1624
Bender upstream issue is TUD-OS/morbo#4
The base-hw kernel on x86_64 currently assumes 254 MiB of RAM. The RAM
region is subtracted from the I/O mem allocator and therefore this range
is not available for device I/O.
If qemu is started with -m 128, the region for (emulated) PCI config
space access lies within this region and I/O mem allocation in the
pci_drv will fail. Giving qemu more RAM moves the PCI config space out
of the 254 MiB region, making the run/libc_ffat scenario with acpi work.
This repository is superseded by the 'dde_bsd' repository. Though
OSSv4 served us well, its future is uncertain and having active
upstream development is preferable. In addition the ported Intel
HD Audio driver did not work on any Thinpad model newer than T60.
Issue #1498.
These audio drivers enable support for Intel HD Audio (Azalia) and
Ensoniq AudioPCI (ES1370) compatible soundcards. They are ported
from OpenBSD 5.7.
Fixes#1498.
Physical CPU quota was previously given to a thread on construction only
by directly specifying a percentage of the quota of the according CPU
session. Now, a new thread is given a weighting that can be any value.
The physical counter-value of such a weighting depends on the weightings
of the other threads at the CPU session. Thus, the physical quota of all
threads of a CPU session must be updated when a weighting is added or
removed. This is each time the session creates or destroys a thread.
This commit also adapts the "cpu_quota" test in base-hw accordingly.
Ref #1464
This patch improves the C++ parser to accommodate the tools for
generating the functional specification from source code:
* Added support for class definitions prefixed with a
namespace as promoted by Genode's coding style.
* Improves robustness of the parsing of function arguments by
considering nameless arguments in function declarations, default
values, varargs.
* Consider const qualfiers in return types.
* Added support for the override, constexpr keywords.
* Parsing of overloaded operators.
* Improved handling of type definitions.
* Added parsing of template arguments.
* Handling of template constructors.
The port uses the Cortex-A9 private timer for the kernel and an EPIT as
user timer. It was successfully tested on the Wandboard Quad and the CuBox-i
with the signal test. It lacks L2-cache and Trustzone support by now.
Thanks to Praveen Srinivas (IIT Madras, India) and Nikolay Golikov (Ksys Labs
LLC, Russia). This work is partially based on their contributions.
Fix#1467
The boot modules assembled by the generated boot_modules.s file is
accessed from core using struct Bm_header. Unfortunately the assembler
.long directive is synonym to .int [1] and thus has the same size as the
C++ int type and *not* long. Use the matching assembly type .quad in
boot_modules.s when generating the file for 64-bit platforms such as
x86_64.
[1] - https://sourceware.org/binutils/docs/as/Long.html
This patch contains the initial code needed to build and bootstrap the
base-hw kernel on x86 64-bit platforms. It gets stuck earlier
because the binary contains 64-bit instructions, but it is started in
32-bit mode. The initial setup of page tables and switch to long mode is
still missing from the crt0 code.
On each execution the output buffer is overriden when run_genode_until
is executed multiple times. Run scripts, that depend on extracting
information after several execution steps, e.g. noux_net_netcat, will
fail to do so. Therefore, we append the newly captured log output to
the old output buffer.
Issue #1327.
The 'check_port_source' checks whether all remote sources defined for a given
port are currently available. It returns zero, when all remote resources are
available.
Fix#1430
The mkfs.ext2 heuristics select the "small" ext2 usage type, which does
not fit well with GiB-sized pen drives. For example, the block size is
just 1024 bytes compared to 4096 for "default". Therefore, we enforce
the default usage type as this fits our use case of dumping the image to
USB sticks better.
The USB Armory is almost the same as the i.MX53-QSB but it uses only
one of the two RAM banks available in i.MX53. Furthermore we use the USB
Armory only with Trustzone enabled.
Ref #1422
* enables world-switch using ARM virtualization extensions
* split TrustZone and virtualization extensions hardly from platforms,
where it is not used
* extend 'Vm_session' interface to enable configuration of guest-physical memory
* introduce VM destruction syscall
* add virtual machine monitor for hw_arndale that emulates a simplified version
of ARM's Versatile Express Cortex A15 board for a Linux guest OS
Fixes#1405
While booting up, some devices send garbage over the serial connection.
This can result in an unexpected EOF event within expect(1). A filter
program may be specified with '--log-serial-filter' to circumvent this
problem. Then, the output of the serial program is piped through
the filter, which may sanitize the character stream.
Fixes#1395.
and move it close to run_genode_until implementation.
Somehow the "match_max -d" gets ignored if it is to far away and some
our run scripts fails because the buffer contains not all information
(seen for affinity.run on a 8 core machine)
This is needed at least by rump_ext2.run as it uses the perf-counter
in the jitterentropy-lib. On other platforms the perf-counter gets enabled
by the kernel by default. However, on HW, we keep the specifier to allow users
to disable it easily (e.g. for security reasons).
Ref #1393
The patch supports both, a download-specific UNZIP_OPT(download) and a
general UNZIP_OPT that can be defined across downloads.
UNZIP_OPT(download) overrides UNZIP_OPT.
Note, the `--strip-components=1` argument is not required for unzip.
Issue #1357
tool/ports/shortcut
create symbolic link from 'contrib/<port-name>-<hash>' to
contrib/<port-name>
tool/ports/current
print current contrib directory of port
Fixes#1345.
When building Genode for VEA9X4 as micro-hypervisor protected by the ARM
TrustZone hardware we ran into limitations regarding our basic daily
testing routines. The most significant is that, when speaking about RAM
partitioning, the only available options are to configure the whole SRAM
to be secure and the whole DDR-RAM to be non-secure or vice versa. The
SRAM however provides only 32 MB which isn't enough for both a
representative non-secure guest OS or a secure Genode that is still
capable of passing our basic tests. This initiated our decision to
remove the VEA9X4 TrustZone-support.
Fixes#1351
Some downloads are available via HTTPS only, but wget < 3.14 does not
support server-name identification, which is used by some sites. So, we
disable certificate checking in wget and check the validity of the
download via SIG or SHA.
Fixes#1334.
Due to commit "run: relax IP power plug recognition + serial EOF",
when piping the serial command through 'tr', some characters might
get buffered, thereby preventing some run scripts to finish correctly.
This commit removes the 'tr' hack. Instead, to circumvent the 'expect'
problem, which kills under special conditions spawned childs used to
obtain serial line content, whenever EOF of the serial command is
recognized during the boot phase, the child process gets re-spawned.
* To communicate with IP power plug devices from Koukaam, to remote
control power supply of test boards, don't parse minor versions, but
support different IP power plugs
* TCL's expect may report an EOF when reading from the spawned serial
terminal, especially when using 'socat' to stream serial over TCP/IP,
although the spawned child is still running and delivering content.
This problem is clearly not dependent on the characters send, but
possibly due to strange pipe signals. When piping the serial output
through 'tr' the problem vanishs.
The older SOAP EOI protocol is not supported with AMT version 9+. By default
the wsman tool will be used if installed.
RUN_OPT examples to enforce amtool or wsman:
--target amt --amt-tool wsman
--target amt --amt-tool amttool
Fixes#1251
Until now, the rumpkernel based tools were installed with all symbols
included. This accounts for about 200MiB used space on 64Bit system.
Stripping the binaries prior to installation brings the space
requirements down to 20MiB.
Fixes#1245.
The clean rule is used to delete already built binaries as well as to
clean-up any left-overs from previous build attempts. If there was
no previous attempt just return true to prevent make from complaining.
Fixes#1245.
This provides bootable disk images for x86 platforms via
! RUN_OPT="--target disk"
The resulting disk image contains one ext2 partition with binaries from
the GRUB2 boot loader and the run scenario. The default disk size fits
all binaries, but is configurable via
! --disk-size <size in MiB>
in RUN_OPT.
The feature depends on an grub2-head.img, which is part of the commit,
but may also be generated by executing tool/create_grub2. The script
generates a disk image prepared for one partition, which contains files
for GRUB2. All image preparation steps that need superuser privileges
are conducted by this script.
The final step of writing the entire image to a disk must be executed
later by
sudo dd if=<image file> of=<device> bs=8M conv=fsync
Fixes#1203.
The build config for core is now provided through libraries to enable
implicit config composition through specifiers and thereby avoid
consideration of inappropriate targets.
fix#1199
Until now, the HW platform support for the TrustZone features of the
i.MX53 boards could only be used, when adding a "trustzone" SPEC variable
manually. This commit adds a create_builddir target for HW i.MX53 with
TrustZone features enabled, fo convenience reasons.
- Log elapsed time per test in summary
- Command-line switch `--time-stamp` prefixes log output lines with
current time stamp (requires ts utility from Debian package _moreutils_)
Fixes#1156.
By adding: "--target jtag \
--jtag-debugger <debugger configuration> \
--jtag-board <board configuration>" to the RUN_OPTs
this commits enables the run-tool to load and execute an ELF image
via JTAG to the target platform.
Fixes#1191
Using 'upvar' instead of 'global' in the 'append_if' and 'lappend_if'
functions makes it possible to use these functions with local variables
of the calling function.
Fixes#1137.
The rumpkernel based tools are intended to be used by executing
'tool/rump'. Since it covers the most common use cases for these
tools, this script is comparatively extensive, hence giving a short
tutorial seems reasonable:
* Format a disk image with Ext2:
To format a disk image with the Ext2 file system, first prepare the
actual image by executing dd:
! dd if=/dev/zero of=/path/to/disk_image bs=1M count=128
Second, use 'tool/rump' to format the disk image:
! rump -f -F ext2fs /path/to/disk_image
Afterwards the just created file system may be populated with the
content of another directory by executing
! rump -F ext2fs -p /path/to/another_dir /path/to/disk_image
The content of the file system image can be listed by executing
! rump -F ext2fs -l /path/to/disk_image
* Create a encrypted disk image:
Creating a cryptographic disk image based on cgd(4) is done by
executing the following command:
! rump -c /path/to/disk_image
This will generate a key that may be used to decrypt the image
later on. Since this command will _only_ generate a key and NOT
initialize the disk image, it is highly advised to prepare the disk
image by using '/dev/urandom' instead of '/dev/zero' (only new blocks
that will be written to the disk image are encrypted). In addition
while generating the key a temporary configuration file will be
created. Although this file has proper permissions, it may leak the
generated key if it is created on persistent storage. To specify a more
secure directory the '-t' option should be used:
! rump -c -t /path/to/secure/directory /path/to/disk_image
Decrypting the disk image requires the key generated in the previous
step:
! rump -c -k <key> /path/to/disk_image
For now this key has to specified as command line argument. This is
an issue if the shell, which is used, is maintaing a history of
executed commands.
For completness sake let us put all examples together by creating a
encrypted Ext2 image that will contain all files of Genode's _demo_
scenario:
! dd if=/dev/urandom of=/tmp/demo.img bs=1M count=16
! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs /tmp/demo.img > \
! /ramfs/key # key is printed out to stdout
! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs -k <key> \
! -p $(BUILD_DIR)/var/run/demo /tmp/demo.img
To check if the image was populated succesfully, execute the
following:
! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs -k <key> -l \
! /tmp/demo.img
The rumpkernel tools are used within the Genode OS Framework tool chain
for preparing and populating disk images as well as creating cgd(4)
based cryptographic disk devices.
Execute 'tool/tool_chain_rump build' to build the tools and afterwards
'tool/tool_chain_rump install' to install the binaries. The default
install location is _/usr/local/genode-rump_.
The new 'select_from_ports' function allows a target description file to
query the path to an installed port. All ports are stored in a central
location specified as CONTRIB_DIR. By default, CONTRIB_DIR is defined
as '<genode-dir>/contrib'. Ports of 3rd-party source code are managed
using the tools at '<genode-dir>/tool/ports/'.
Issue #1082
This patch changes the top-level directory layout as a preparatory
step for improving the tools for managing 3rd-party source codes.
The rationale is described in the issue referenced below.
Issue #1082
It covers bugs which we should detect and fix, especially depending on
the result of pthread_myself locking implementation (ours and vbox) takes
decision to take a lock or just to assume it is a reentrant locking attempt.
Fixes#1128
For further information see: http://wiki.netbsd.org/rumpkernel/. In this version
I ported the central rump components to Genode in order to take advantage of
NetBSD file system implementation. The new 'dde_rump' repository contains the
Genode version of the rump libraries and a 'rump_fs' server that implements
Genode file-system-session interface. Currently ext2, iso9660, and fat
file-systems are supported.
Issue #1048
'check_installed' takes a command name as argument and tries to call 'which' in
order to find the command path. If that does not succeed, paths like '/sbin' are
'/usr/sbin' searched. On success the absolute path of the command is returned,
on failure 'exit' is called with an error message.
Issue #1048
There exist different default setups for a specific autoconf version:
* autoconf
* autoconf$(VERSION)
* autoconf-$(VERSION)
As of now, only the second option is recognized by the check in tool_chain.
This patch ensures that if one of those is present in the correct
version, it will be found and used in the build process.
Fixes#1053.
This block cache component acts as a block device for a single client.
It uses fixed 4K blocks as caching granularity, thereby implicitly reads
ahead whenever a client requests lesser amount of blocks. Currently,
it only supports a least-recently-used replacement policy.
Fixes#113
Instead of terminating tool/tool_chain when finding the first
missing tool, this patch runs all checks to completion before
bailing out. This eases finding missing programs, because the
user has to run the script only once to get a list of all missing
software.
Fixes#1046Fixes#1047
Unless '-ignorestderr' is set on 'exec' in expect, any output on stderr
is interpreted as execution failure. In this case, 'create_iso' logs
some diagnostics but does not fail.
We repeatedly promote our ISOs to be bootable from USB storage.
Therefore, we have a hard dependency on 'isohybrid' and should fail in
the case that the tool is missing.