From 713d4867fd0195fabe8551a90c875fda890620fe Mon Sep 17 00:00:00 2001 From: Trammell Hudson Date: Tue, 28 Mar 2017 16:32:58 -0400 Subject: [PATCH 1/4] Change ethernet drivers to be modules and measure them when they are loaded. This is a step towards unifying the server and laptop config (issue #139) and also makes it possible to later remove the USB modules from the normal boot path. --- Makefile | 10 +++++++++- config/linux.config | 17 ++++------------- initrd/sbin/insmod-measure.sh | 29 +++++++++++++++++++++++++++++ modules/linux | 6 +++++- 4 files changed, 47 insertions(+), 15 deletions(-) create mode 100755 initrd/sbin/insmod-measure.sh diff --git a/Makefile b/Makefile index 0b9d920e..0a91c0e2 100644 --- a/Makefile +++ b/Makefile @@ -280,7 +280,7 @@ initrd_lib_install: $(initrd_bins) $(initrd_libs) # unlikely that their device file has a different major/minor) # # -initrd.cpio: $(initrd_bins) $(initrd_libs) initrd_lib_install +initrd.cpio: $(initrd_bins) $(initrd_libs) initrd_lib_install linux_modules cd ./initrd ; \ find . \ | cpio --quiet -H newc -o \ @@ -289,6 +289,14 @@ initrd.cpio: $(initrd_bins) $(initrd_libs) initrd_lib_install initrd.intermediate: initrd.cpio +linux_modules: linux.intermediate + @-mkdir initrd/lib/modules + @for mod in $(linux_modules); do \ + echo "$(DATE) Installing $$mod"; \ + cp -a "$(build)/$(linux_dir)/$$mod" initrd/lib/modules; \ + done + + # populate the coreboot initrd image from the one we built. # 4.4 doesn't allow this, but building from head does. diff --git a/config/linux.config b/config/linux.config index a57143ec..d99264d8 100644 --- a/config/linux.config +++ b/config/linux.config @@ -619,9 +619,7 @@ CONFIG_NET_PTP_CLASSIFY=y # CONFIG_L2TP is not set # CONFIG_BRIDGE is not set CONFIG_HAVE_NET_DSA=y -CONFIG_VLAN_8021Q=y -# CONFIG_VLAN_8021Q_GVRP is not set -# CONFIG_VLAN_8021Q_MVRP is not set +# CONFIG_VLAN_8021Q is not set # CONFIG_DECNET is not set # CONFIG_LLC2 is not set # CONFIG_IPX is not set @@ -661,14 +659,7 @@ CONFIG_NET_FLOW_LIMIT=y # CONFIG_AF_RXRPC is not set # CONFIG_AF_KCM is not set # CONFIG_STREAM_PARSER is not set -CONFIG_WIRELESS=y -# CONFIG_CFG80211 is not set -# CONFIG_LIB80211 is not set - -# -# CFG80211 needs to be enabled for MAC80211 -# -CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_WIRELESS is not set # CONFIG_WIMAX is not set # CONFIG_RFKILL is not set # CONFIG_NET_9P is not set @@ -1028,8 +1019,8 @@ CONFIG_ETHERNET=y # CONFIG_NET_VENDOR_HP is not set CONFIG_NET_VENDOR_INTEL=y # CONFIG_E100 is not set -CONFIG_E1000=y -CONFIG_E1000E=y +CONFIG_E1000=m +CONFIG_E1000E=m CONFIG_E1000E_HWTS=y # CONFIG_IGB is not set # CONFIG_IGBVF is not set diff --git a/initrd/sbin/insmod-measure.sh b/initrd/sbin/insmod-measure.sh new file mode 100755 index 00000000..53cb3e52 --- /dev/null +++ b/initrd/sbin/insmod-measure.sh @@ -0,0 +1,29 @@ +#!/bin/sh +# extend a TPM PCR with a module and then load it +# any arguments will also be measured + +die() { + echo >&2 "$@" + exit 1 +} + +INDEX="$1"; shift +MODULE="$1"; shift + +if [ -z "$INDEX" -o -z "$MODULE" ]; then + die "Usage: $0 pcr-index module [args...]" +fi + +if [ ! -r "$MODULE" ]; then + die "$MODULE: not found?" +fi + +tpm extend -ix "$INDEX" -if "$MODULE" || die "$MODULE: tpm extend failed" + +if [ ! -z "$@" ]; then + TMPFILE=/tmp/insmod.$$ + echo "$@" > $TMPFILE + tpm extend -ix "$INDEX" -if $TMPFILE || die "$MODULE: tpm extend on arguments failed" +fi + +insmod "$MODULE" "$@" || die "$MODULE: insmod failed" diff --git a/modules/linux b/modules/linux index 075d384d..5f8af068 100644 --- a/modules/linux +++ b/modules/linux @@ -17,6 +17,11 @@ linux_configure := \ linux_output := arch/x86/boot/bzImage linux_config := linux.config +linux_modules := \ + drivers/net/ethernet/intel/e1000/e1000.ko \ + drivers/net/ethernet/intel/e1000e/e1000e.ko \ + + EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches linux_target := \ @@ -29,7 +34,6 @@ linux_target := \ KBUILD_BUILD_TIMESTAMP="1970-00-00" \ KBUILD_BUILD_VERSION=0 \ -j $(MAKE_JOBS) \ - bzImage # We cross compile linux now linux_depends := $(musl_dep) From 0913adbacb30f826e54a70a2760ef041939b3d96 Mon Sep 17 00:00:00 2001 From: Trammell Hudson Date: Tue, 28 Mar 2017 16:35:58 -0400 Subject: [PATCH 2/4] silence NMI errors on qemu (issue #141) --- patches/linux-4.9.7.patch | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 patches/linux-4.9.7.patch diff --git a/patches/linux-4.9.7.patch b/patches/linux-4.9.7.patch new file mode 100644 index 00000000..27cb0a27 --- /dev/null +++ b/patches/linux-4.9.7.patch @@ -0,0 +1,18 @@ +--- a/arch/x86/kernel/nmi.c 2017-03-28 16:19:30.830924335 -0400 ++++ b/arch/x86/kernel/nmi.c 2017-03-28 16:19:32.798935626 -0400 +@@ -303,6 +303,7 @@ + + __this_cpu_add(nmi_stats.unknown, 1); + ++/* + pr_emerg("Uhhuh. NMI received for unknown reason %02x on CPU %d.\n", + reason, smp_processor_id()); + +@@ -311,6 +312,7 @@ + nmi_panic(regs, "NMI: Not continuing"); + + pr_emerg("Dazed and confused, but trying to continue\n"); ++*/ + } + NOKPROBE_SYMBOL(unknown_nmi_error); + From 453029bde1c5391f228e85000e05002b9fa75d7c Mon Sep 17 00:00:00 2001 From: Trammell Hudson Date: Tue, 28 Mar 2017 16:36:37 -0400 Subject: [PATCH 3/4] ignore install and crossgcc directories --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 7e2b6cd8..1e7148cf 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,5 @@ initrd/lib typescript* config/*.old *.log +crossgcc +install From 59bae0bf51230f862cbbf5e7804f8c5d35cb03f5 Mon Sep 17 00:00:00 2001 From: Trammell Hudson Date: Tue, 28 Mar 2017 17:05:04 -0400 Subject: [PATCH 4/4] make USB a module, strip debug info (issue #139) --- Makefile | 1 + config/linux.config | 12 ++++++------ modules/linux | 7 ++++++- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 0a91c0e2..1843d320 100644 --- a/Makefile +++ b/Makefile @@ -295,6 +295,7 @@ linux_modules: linux.intermediate echo "$(DATE) Installing $$mod"; \ cp -a "$(build)/$(linux_dir)/$$mod" initrd/lib/modules; \ done + $(CROSS)strip --strip-debug initrd/lib/modules/*.ko diff --git a/config/linux.config b/config/linux.config index d99264d8..94457ab6 100644 --- a/config/linux.config +++ b/config/linux.config @@ -1608,14 +1608,14 @@ CONFIG_USB_DEFAULT_PERSIST=y # USB Host Controller Drivers # # CONFIG_USB_C67X00_HCD is not set -CONFIG_USB_XHCI_HCD=y -CONFIG_USB_XHCI_PCI=y -CONFIG_USB_XHCI_PLATFORM=y -CONFIG_USB_EHCI_HCD=y +CONFIG_USB_XHCI_HCD=m +CONFIG_USB_XHCI_PCI=m +CONFIG_USB_XHCI_PLATFORM=m +CONFIG_USB_EHCI_HCD=m # CONFIG_USB_EHCI_ROOT_HUB_TT is not set CONFIG_USB_EHCI_TT_NEWSCHED=y -CONFIG_USB_EHCI_PCI=y -CONFIG_USB_EHCI_HCD_PLATFORM=y +CONFIG_USB_EHCI_PCI=m +CONFIG_USB_EHCI_HCD_PLATFORM=m # CONFIG_USB_OXU210HP_HCD is not set # CONFIG_USB_ISP116X_HCD is not set # CONFIG_USB_ISP1362_HCD is not set diff --git a/modules/linux b/modules/linux index 5f8af068..e94b1f76 100644 --- a/modules/linux +++ b/modules/linux @@ -20,7 +20,12 @@ linux_config := linux.config linux_modules := \ drivers/net/ethernet/intel/e1000/e1000.ko \ drivers/net/ethernet/intel/e1000e/e1000e.ko \ - + drivers/usb/host/xhci-hcd.ko \ + drivers/usb/host/ehci-platform.ko \ + drivers/usb/host/ehci-hcd.ko \ + drivers/usb/host/xhci-plat-hcd.ko \ + drivers/usb/host/xhci-pci.ko \ + drivers/usb/host/ehci-pci.ko \ EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches