Merge pull request #1411 from Dasharo/fix-tpm

Talos-II vs. TPM
This commit is contained in:
tlaurion 2023-06-09 17:07:55 -04:00 committed by GitHub
commit 3b3c49b026
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 425 additions and 22 deletions

View File

@ -264,17 +264,41 @@ define define_module =
ifneq ("$($1_repo)","") ifneq ("$($1_repo)","")
$(eval $1_patch_name = $1$(if $($1_patch_version),-$($1_patch_version),)) $(eval $1_patch_name = $1$(if $($1_patch_version),-$($1_patch_version),))
# Checkout the tree instead and touch the canary file so that we know # First time:
# that the files are all present. No signature hashes are checked in # Checkout the tree instead and create the canary file with repo and
# this case, since we don't have a stable version to compare against. # revision so that we know that the files are all present and their
$(build)/$($1_base_dir)/.canary: # version.
git clone $($1_repo) "$(build)/$($1_base_dir)" #
cd $(build)/$($1_base_dir) && git reset --hard $($1_commit_hash) && git submodule update --init --checkout # Other times:
# If .canary contains the same repo and revision combination, do nothing.
# Otherwise, pull a new revision and checkout with update of submodules
#
# No signature hashes are checked in this case, since we don't have a
# stable version to compare against.
#
# XXX: "git clean -dffx" is a hack for coreboot during commit switching, need
# module-specific cleanup action to get rid of it.
$(build)/$($1_base_dir)/.canary: FORCE
if [ ! -e "$$@" ]; then \
git clone $($1_repo) "$(build)/$($1_base_dir)"; \
git -C "$(build)/$($1_base_dir)" reset --hard $($1_commit_hash) && git submodule update --init --checkout; \
echo -n '$($1_repo)|$($1_commit_hash)' > "$$@"; \
elif [ "$$$$(cat "$$@")" != '$($1_repo)|$($1_commit_hash)' ]; then \
echo "Switching $1 to $($1_repo) at $($1_commit_hash)" && \
git -C "$(build)/$($1_base_dir)" fetch $($1_repo) $($1_commit_hash) && \
git -C "$(build)/$($1_base_dir)" reset --hard $($1_commit_hash) && \
git -C "$(build)/$($1_base_dir)" clean -df && \
git -C "$(build)/$($1_base_dir)" clean -dffx payloads util/cbmem && \
git -C "$(build)/$($1_base_dir)" submodule sync && \
git -C "$(build)/$($1_base_dir)" submodule update --init --checkout && \
echo -n '$($1_repo)|$($1_commit_hash)' > "$$@"; \
fi
if [ ! -e "$(build)/$($1_base_dir)/.patched" ]; then \
if [ -r patches/$($1_patch_name).patch ]; then \ if [ -r patches/$($1_patch_name).patch ]; then \
( git apply --verbose --reject --binary --directory build/$(CONFIG_TARGET_ARCH)/$($1_base_dir) ) \ ( git apply --verbose --reject --binary --directory build/$(CONFIG_TARGET_ARCH)/$($1_base_dir) ) \
< patches/$($1_patch_name).patch \ < patches/$($1_patch_name).patch \
|| exit 1 ; \ || exit 1 ; \
fi fi && \
if [ -d patches/$($1_patch_name) ] && \ if [ -d patches/$($1_patch_name) ] && \
[ -r patches/$($1_patch_name) ] ; then \ [ -r patches/$($1_patch_name) ] ; then \
for patch in patches/$($1_patch_name)/*.patch ; do \ for patch in patches/$($1_patch_name)/*.patch ; do \
@ -283,8 +307,9 @@ define define_module =
< $$$$patch \ < $$$$patch \
|| exit 1 ; \ || exit 1 ; \
done ; \ done ; \
fi && \
touch "$(build)/$($1_base_dir)/.patched"; \
fi fi
@touch "$$@"
else else
$(eval $1_patch_version ?= $($1_version)) $(eval $1_patch_version ?= $($1_version))
$(eval $1_patch_name = $1-$($1_patch_version)) $(eval $1_patch_name = $1-$($1_patch_version))
@ -473,6 +498,7 @@ bin_modules-$(CONFIG_UTIL_LINUX) += util-linux
bin_modules-$(CONFIG_OPENSSL) += openssl bin_modules-$(CONFIG_OPENSSL) += openssl
bin_modules-$(CONFIG_TPM2_TOOLS) += tpm2-tools bin_modules-$(CONFIG_TPM2_TOOLS) += tpm2-tools
bin_modules-$(CONFIG_BASH) += bash bin_modules-$(CONFIG_BASH) += bash
bin_modules-$(CONFIG_POWERPC_UTILS) += powerpc-utils
$(foreach m, $(bin_modules-y), \ $(foreach m, $(bin_modules-y), \
$(call map,initrd_bin_add,$(call bins,$m)) \ $(call map,initrd_bin_add,$(call bins,$m)) \

View File

@ -23,6 +23,7 @@ CONFIG_GPG2=y
CONFIG_PCIUTILS=y CONFIG_PCIUTILS=y
CONFIG_FLASHROM=y CONFIG_FLASHROM=y
CONFIG_FLASHTOOLS=y CONFIG_FLASHTOOLS=y
CONFIG_POWERPC_UTILS=y
#Whiptail in console mode #Whiptail in console mode
CONFIG_SLANG=y CONFIG_SLANG=y
@ -45,7 +46,7 @@ export CONFIG_BOOT_REQ_HASH=n
export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_REQ_ROLLBACK=n
export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_KERNEL_REMOVE="quiet"
export CONFIG_BOOT_KERNEL_ADD="console=tty0 console=hvc0 rootdelay=3 rootwait panic=10" export CONFIG_BOOT_KERNEL_ADD="console=tty0 console=hvc0 rootdelay=3 rootwait panic=10"
export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_DEV="/dev/nvme0n1p2"
export CONFIG_BOARD_NAME="Talos 2" export CONFIG_BOARD_NAME="Talos 2"
export CONFIG_FLASHROM_OPTIONS="--noverify-all -p linux_mtd" export CONFIG_FLASHROM_OPTIONS="--noverify-all -p linux_mtd"

View File

@ -175,13 +175,14 @@ CONFIG_NLS_ASCII=y
CONFIG_NLS_ISO8859_1=y CONFIG_NLS_ISO8859_1=y
CONFIG_NLS_UTF8=y CONFIG_NLS_UTF8=y
CONFIG_SECURITY=y CONFIG_SECURITY=y
CONFIG_IMA=y
CONFIG_EVM=y CONFIG_EVM=y
CONFIG_SECURITYFS=y
CONFIG_CRYPTO_ECB=y CONFIG_CRYPTO_ECB=y
CONFIG_CRYPTO_CMAC=y CONFIG_CRYPTO_CMAC=y
CONFIG_CRYPTO_MD4=y CONFIG_CRYPTO_MD4=y
CONFIG_CRYPTO_ARC4=y CONFIG_CRYPTO_ARC4=y
CONFIG_CRYPTO_DES=y CONFIG_CRYPTO_DES=y
CONFIG_TCG_TPM=y
# CONFIG_CRYPTO_HW is not set # CONFIG_CRYPTO_HW is not set
CONFIG_PRINTK_TIME=y CONFIG_PRINTK_TIME=y
CONFIG_MAGIC_SYSRQ=y CONFIG_MAGIC_SYSRQ=y

View File

@ -30,12 +30,17 @@ dd \
secret="`base32 < $TOTP_SECRET`" secret="`base32 < $TOTP_SECRET`"
pcrf="/tmp/secret/pcrf.bin" pcrf="/tmp/secret/pcrf.bin"
DEBUG "Sealing TOTP with actual state of PCR0-4)"
tpmr pcrread 0 "$pcrf" tpmr pcrread 0 "$pcrf"
tpmr pcrread -a 1 "$pcrf" tpmr pcrread -a 1 "$pcrf"
tpmr pcrread -a 2 "$pcrf" tpmr pcrread -a 2 "$pcrf"
tpmr pcrread -a 3 "$pcrf" tpmr pcrread -a 3 "$pcrf"
# pcr 4 is expected to be zero (boot mode: init) DEBUG "Sealing TOTP with actual state of PCR4 (Going to recovery shell extends PCR4)"
dd if=/dev/zero bs="$(tpmr pcrsize)" count=1 status=none >> "$pcrf" # pcr 4 is expected to either:
# zero on bare coreboot+linuxboot on x86 (boot mode: init)
# already extended on ppc64 per BOOTKERNEL (skiboot) which boots heads.
#We expect the PCR4 to be in the right state at unattended unseal operation
tpmr pcrread -a 4 "$pcrf"
# pcr 5 (kernel modules loaded) is not measured at sealing/unsealing of totp # pcr 5 (kernel modules loaded) is not measured at sealing/unsealing of totp
DEBUG "Sealing TOTP neglecting PCR5 involvement (Dynamically loaded kernel modules are not firmware integrity attestation related)" DEBUG "Sealing TOTP neglecting PCR5 involvement (Dynamically loaded kernel modules are not firmware integrity attestation related)"
# pcr 6 (drive luks header) is not measured at sealing/unsealing of totp # pcr 6 (drive luks header) is not measured at sealing/unsealing of totp

View File

@ -8,6 +8,10 @@
devmem 0x80060300D0010081 8 254 devmem 0x80060300D0010081 8 254
devmem 0x80060300D0010082 8 254 devmem 0x80060300D0010082 8 254
# Disable fast-reset which doesn't reset TPM and results in different values of
# PRCs every time.
nvram -p ibm,skiboot --update-config fast-reset=0
# Alias for cbmem to remove need for '-f' option in every call # Alias for cbmem to remove need for '-f' option in every call
echo "alias cbmem='cbmem -f /sys/firmware/cbmem'" >> $HOME/.profile echo "alias cbmem='cbmem -f /sys/firmware/cbmem'" >> $HOME/.profile
export ENV=$HOME/.profile export ENV=$HOME/.profile

View File

@ -43,7 +43,8 @@ else ifeq "$(CONFIG_COREBOOT_VERSION)" "4.19"
EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-error=packed-not-aligned -Wno-error=address-of-packed-member EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-error=packed-not-aligned -Wno-error=address-of-packed-member
else ifeq "$(CONFIG_COREBOOT_VERSION)" "talos_2" else ifeq "$(CONFIG_COREBOOT_VERSION)" "talos_2"
coreboot_version = git coreboot_version = git
coreboot_commit_hash = b2d4cc237c51b84c0b465976a56c6deb21b9f263 coreboot_patch_version = talos_2
coreboot_commit_hash = 068ad520e4ae898d356add72ea7d2a13913b76ab
coreboot_repo := https://github.com/Dasharo/coreboot coreboot_repo := https://github.com/Dasharo/coreboot
else else

27
modules/powerpc-utils Normal file
View File

@ -0,0 +1,27 @@
modules-$(CONFIG_POWERPC_UTILS) += powerpc-utils
powerpc-utils_version := 1.3.5
powerpc-utils_dir := powerpc-utils-$(powerpc-utils_version)
powerpc-utils_tar := powerpc-utils-$(powerpc-utils_version).tar.gz
powerpc-utils_url := https://github.com/ibm-power-utilities/powerpc-utils/archive/v$(powerpc-utils_version)/$(powerpc-utils_tar)
powerpc-utils_hash := 77efe3978ac9c251c4728a35b9aebd6076583939a8e26cc7f07ffa86432a8bf0
powerpc-utils_configure := \
./autogen.sh && \
$(CROSS_TOOLS) \
CFLAGS="-Os" \
./configure \
--host $(MUSL_ARCH)-elf-linux \
--prefix "/" \
--without-systemd \
--without-librtas
powerpc-utils_target := \
$(MAKE_JOBS) \
$(CROSS_TOOLS) \
DESTDIR="$(INSTALL)" \
install
powerpc-utils_output := src/nvram
powerpc-utils_depends := $(musl_dep)

View File

@ -0,0 +1,321 @@
Use /usr/bin/env in skiboot's shebangs
diff --git a/payloads/external/skiboot/Makefile b/payloads/external/skiboot/Makefile
index e4db9bb5616..8ce85049afe 100644
--- a/payloads/external/skiboot/Makefile
+++ b/payloads/external/skiboot/Makefile
@@ -22,6 +22,7 @@ $(skiboot_elf): | $(skiboot_dir) $(build_dir)
$(skiboot_dir):
git clone $(skiboot_git_repo) $(skiboot_dir)
git -C $(skiboot_dir) checkout $(skiboot_revision)
+ git -C $(skiboot_dir) apply $(CURDIR)/patches/*.patch
$(build_dir):
mkdir -p $(build_dir)
diff --git a/payloads/external/skiboot/patches/0001-Update-shebangs-to-use-usr-bin-env.patch b/payloads/external/skiboot/patches/0001-Update-shebangs-to-use-usr-bin-env.patch
new file mode 100644
index 00000000000..23e6d80514d
--- /dev/null
+++ b/payloads/external/skiboot/patches/0001-Update-shebangs-to-use-usr-bin-env.patch
@@ -0,0 +1,301 @@
+From fcdc09787c255ea43a0efc035e6e346b4b2c161a Mon Sep 17 00:00:00 2001
+From: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
+Date: Fri, 9 Jun 2023 20:40:09 +0300
+Subject: [PATCH] Update shebangs to use /usr/bin/env
+
+Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
+---
+ external/boot-tests/boot_test.sh | 2 +-
+ external/boot-tests/extract_gcov.sh | 2 +-
+ external/gard/test/add_test.sh | 2 +-
+ external/npu/run_procedure.sh | 2 +-
+ external/pflash/build-all-arch.sh | 2 +-
+ external/read_esel.sh | 2 +-
+ hdata/test/dtdiff_wrap.sh | 2 +-
+ libstb/sign-with-local-keys.sh | 2 +-
+ make_version.sh | 2 +-
+ opal-ci/build-centos7.sh | 2 +-
+ opal-ci/build-docs.sh | 2 +-
+ opal-ci/build-fedora29.sh | 2 +-
+ opal-ci/build-qemu-powernv.sh | 2 +-
+ opal-ci/build-ubuntu-16.04.sh | 2 +-
+ opal-ci/build-ubuntu-18.04.sh | 2 +-
+ opal-ci/build-ubuntu-latest.sh | 2 +-
+ opal-ci/install-deps-qemu-powernv.sh | 2 +-
+ test/hello_world/run_mambo_hello_world.sh | 2 +-
+ test/hello_world/run_mambo_p9_hello_world.sh | 2 +-
+ test/hello_world/run_qemu_hello_world.sh | 2 +-
+ test/make-boot-coverage-report.sh | 2 +-
+ test/run.sh | 2 +-
+ test/run_mambo_boot_test.sh | 2 +-
+ test/run_qemu_boot_test.sh | 2 +-
+ test/sreset_world/run_mambo_p9_sreset.sh | 2 +-
+ test/sreset_world/run_mambo_sreset.sh | 2 +-
+ 26 files changed, 26 insertions(+), 26 deletions(-)
+ mode change 100644 => 100755 external/read_esel.sh
+
+diff --git a/external/boot-tests/boot_test.sh b/external/boot-tests/boot_test.sh
+index 233467c2..ade47f13 100755
+--- a/external/boot-tests/boot_test.sh
++++ b/external/boot-tests/boot_test.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+ # Lets try for /bin/sh but bashisms will sneak in.
+
+ # partial bash strict mode
+diff --git a/external/boot-tests/extract_gcov.sh b/external/boot-tests/extract_gcov.sh
+index c40e01e5..0c2f8ae5 100755
+--- a/external/boot-tests/extract_gcov.sh
++++ b/external/boot-tests/extract_gcov.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ if [ "$SKIBOOT_GCOV" != 1 ]; then
+ echo "Skipping GCOV test on physical hardware. Enable with SKIBOOT_GCOV=1"
+diff --git a/external/gard/test/add_test.sh b/external/gard/test/add_test.sh
+index 8e773609..b401414c 100755
+--- a/external/gard/test/add_test.sh
++++ b/external/gard/test/add_test.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash -uex
++#!/usr/bin/env bash
+ #
+ # this is a really dumb script for auto-generating test cases from known good-data
+ #
+diff --git a/external/npu/run_procedure.sh b/external/npu/run_procedure.sh
+index f61ec8d4..6605c883 100755
+--- a/external/npu/run_procedure.sh
++++ b/external/npu/run_procedure.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ # Copyright 2016 IBM Corp.
+ #
+diff --git a/external/pflash/build-all-arch.sh b/external/pflash/build-all-arch.sh
+index 5974fbce..ef709c57 100755
+--- a/external/pflash/build-all-arch.sh
++++ b/external/pflash/build-all-arch.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+ #
+ # Script to build all pflash backends
+ #
+diff --git a/external/read_esel.sh b/external/read_esel.sh
+old mode 100644
+new mode 100755
+index 492fbce1..872d8cbf
+--- a/external/read_esel.sh
++++ b/external/read_esel.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+ # Copyright 2013-2014 IBM Corp.
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+diff --git a/hdata/test/dtdiff_wrap.sh b/hdata/test/dtdiff_wrap.sh
+index 75c18baf..55cd016b 100755
+--- a/hdata/test/dtdiff_wrap.sh
++++ b/hdata/test/dtdiff_wrap.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ # Takes /dev/stdin as dtb, saves to file, does dtdiff
+ # Also runs parameter through a dts->dtb->dts conversion
+diff --git a/libstb/sign-with-local-keys.sh b/libstb/sign-with-local-keys.sh
+index b78a079b..164e53a1 100755
+--- a/libstb/sign-with-local-keys.sh
++++ b/libstb/sign-with-local-keys.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ PAYLOAD=$1
+ OUTPUT=$2
+diff --git a/make_version.sh b/make_version.sh
+index 59fe01c7..fa8bdb44 100755
+--- a/make_version.sh
++++ b/make_version.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ usage() {
+ echo "$0 [ prefix ]"
+diff --git a/opal-ci/build-centos7.sh b/opal-ci/build-centos7.sh
+index 79b4c2e9..96dcad00 100755
+--- a/opal-ci/build-centos7.sh
++++ b/opal-ci/build-centos7.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ set -uo pipefail
+ set -e
+diff --git a/opal-ci/build-docs.sh b/opal-ci/build-docs.sh
+index 817773bf..3f56b61c 100644
+--- a/opal-ci/build-docs.sh
++++ b/opal-ci/build-docs.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ set -uo pipefail
+ set -e
+diff --git a/opal-ci/build-fedora29.sh b/opal-ci/build-fedora29.sh
+index 56099d28..3b1c63a4 100755
+--- a/opal-ci/build-fedora29.sh
++++ b/opal-ci/build-fedora29.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ set -uo pipefail
+ set -e
+diff --git a/opal-ci/build-qemu-powernv.sh b/opal-ci/build-qemu-powernv.sh
+index 904f0e67..8c6ba96c 100755
+--- a/opal-ci/build-qemu-powernv.sh
++++ b/opal-ci/build-qemu-powernv.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+ set -e
+ set -vx
+
+diff --git a/opal-ci/build-ubuntu-16.04.sh b/opal-ci/build-ubuntu-16.04.sh
+index 39fb3f1c..cffbfdfc 100755
+--- a/opal-ci/build-ubuntu-16.04.sh
++++ b/opal-ci/build-ubuntu-16.04.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ set -uo pipefail
+ set -e
+diff --git a/opal-ci/build-ubuntu-18.04.sh b/opal-ci/build-ubuntu-18.04.sh
+index 6fd755f3..dde32b12 100755
+--- a/opal-ci/build-ubuntu-18.04.sh
++++ b/opal-ci/build-ubuntu-18.04.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ set -uo pipefail
+ set -e
+diff --git a/opal-ci/build-ubuntu-latest.sh b/opal-ci/build-ubuntu-latest.sh
+index 16c33a9f..099b5c5c 100755
+--- a/opal-ci/build-ubuntu-latest.sh
++++ b/opal-ci/build-ubuntu-latest.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ set -uo pipefail
+ set -e
+diff --git a/opal-ci/install-deps-qemu-powernv.sh b/opal-ci/install-deps-qemu-powernv.sh
+index a67daf40..506c9470 100755
+--- a/opal-ci/install-deps-qemu-powernv.sh
++++ b/opal-ci/install-deps-qemu-powernv.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+ set -e
+ sudo apt-get -y install eatmydata
+ sudo eatmydata apt-get -y install gcc python g++ pkg-config \
+diff --git a/test/hello_world/run_mambo_hello_world.sh b/test/hello_world/run_mambo_hello_world.sh
+index 54d445b1..a5bb99ad 100755
+--- a/test/hello_world/run_mambo_hello_world.sh
++++ b/test/hello_world/run_mambo_hello_world.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+
+ if [ -z "$MAMBO_PATH" ]; then
+diff --git a/test/hello_world/run_mambo_p9_hello_world.sh b/test/hello_world/run_mambo_p9_hello_world.sh
+index 9560527a..45f3eaa6 100755
+--- a/test/hello_world/run_mambo_p9_hello_world.sh
++++ b/test/hello_world/run_mambo_p9_hello_world.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ if [ -z "$P9MAMBO_PATH" ]; then
+ P9MAMBO_PATH=/opt/ibm/systemsim-p9/
+diff --git a/test/hello_world/run_qemu_hello_world.sh b/test/hello_world/run_qemu_hello_world.sh
+index 4f12958d..b1a70d62 100755
+--- a/test/hello_world/run_qemu_hello_world.sh
++++ b/test/hello_world/run_qemu_hello_world.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ QEMU_ARGS="-M powernv -nographic -device ipmi-bmc-sim,id=bmc0 -device isa-ipmi-bt,bmc=bmc0,irq=10"
+
+diff --git a/test/make-boot-coverage-report.sh b/test/make-boot-coverage-report.sh
+index 210880ee..0bdeff15 100755
+--- a/test/make-boot-coverage-report.sh
++++ b/test/make-boot-coverage-report.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ # We cheat and do this in a shell script so I don't go Makefile crazy.
+
+diff --git a/test/run.sh b/test/run.sh
+index e159bd30..8c28e222 100755
+--- a/test/run.sh
++++ b/test/run.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ t=$(mktemp) || exit 1
+
+diff --git a/test/run_mambo_boot_test.sh b/test/run_mambo_boot_test.sh
+index adff1804..675138d9 100755
+--- a/test/run_mambo_boot_test.sh
++++ b/test/run_mambo_boot_test.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+
+ if [ -z "$MAMBO_PATH" ]; then
+diff --git a/test/run_qemu_boot_test.sh b/test/run_qemu_boot_test.sh
+index db657eed..8fe751f7 100755
+--- a/test/run_qemu_boot_test.sh
++++ b/test/run_qemu_boot_test.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ QEMU_ARGS="-M powernv -m 3G -nographic -device ipmi-bmc-sim,id=bmc0 -device isa-ipmi-bt,bmc=bmc0,irq=10"
+
+diff --git a/test/sreset_world/run_mambo_p9_sreset.sh b/test/sreset_world/run_mambo_p9_sreset.sh
+index 926ce3e4..25e95365 100755
+--- a/test/sreset_world/run_mambo_p9_sreset.sh
++++ b/test/sreset_world/run_mambo_p9_sreset.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+ if [ -z "$P9MAMBO_PATH" ]; then
+ P9MAMBO_PATH=/opt/ibm/systemsim-p9/
+diff --git a/test/sreset_world/run_mambo_sreset.sh b/test/sreset_world/run_mambo_sreset.sh
+index 8fba5eb9..6192aa4f 100755
+--- a/test/sreset_world/run_mambo_sreset.sh
++++ b/test/sreset_world/run_mambo_sreset.sh
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+
+
+ if [ -z "$MAMBO_PATH" ]; then
+--
+2.35.8
+

View File

@ -0,0 +1,17 @@
AC_FUNC_MALLOC somehow fails to find malloc(), so drop the check
Weirdly, it doesn't fail configuration, but instead adds -Dmalloc=rpl_malloc
and fails linking.
diff --git a/configure.ac.orig b/configure.ac
index a7be3ee95c..74aade323b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -33,7 +33,6 @@ AC_TYPE_UINT8_T
# Checks for library functions.
AC_FUNC_FORK
AC_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK
-AC_FUNC_MALLOC
AC_FUNC_MKTIME
AC_CHECK_FUNCS([memset strchr strcspn strdup strerror strrchr strstr strtol strtoul strtoull gettimeofday])