diff options
author | Isaac David <isacdaavid@isacdaavid.info> | 2017-07-17 16:39:37 -0500 |
---|---|---|
committer | Isaac David <isacdaavid@isacdaavid.info> | 2017-07-17 16:40:11 -0500 |
commit | d9ce509a69137af170f076029ef1b6e0a6c9abd6 (patch) | |
tree | 96f71e58e0c402e08ece803c0ace4f5370908634 /pcr-testing | |
parent | 50702b51a47ee4021f985fef887d3fd0acf79cd9 (diff) | |
download | abslibre-d9ce509a69137af170f076029ef1b6e0a6c9abd6.tar.gz abslibre-d9ce509a69137af170f076029ef1b6e0a6c9abd6.tar.bz2 abslibre-d9ce509a69137af170f076029ef1b6e0a6c9abd6.zip |
pcr/xen: move to pcr-testing
Diffstat (limited to 'pcr-testing')
-rw-r--r-- | pcr-testing/xen/09_xen | 231 | ||||
-rwxr-xr-x | pcr-testing/xen/21_linux_xen_multiboot_arch | 296 | ||||
-rw-r--r-- | pcr-testing/xen/ChangeLog | 169 | ||||
-rw-r--r-- | pcr-testing/xen/PKGBUILD | 513 | ||||
-rw-r--r-- | pcr-testing/xen/ati-passthrough.patch | 415 | ||||
-rw-r--r-- | pcr-testing/xen/efi-xen.cfg | 7 | ||||
-rw-r--r-- | pcr-testing/xen/patch-gcc7-minios-udivmod.patch | 31 | ||||
-rw-r--r-- | pcr-testing/xen/patch-gcc7-vtpm-implicit-fallthrough.patch | 46 | ||||
-rw-r--r-- | pcr-testing/xen/patch-gcc7-vtpmmgr-make-inline-static.patch | 1161 | ||||
-rw-r--r-- | pcr-testing/xen/patch-ipxe-patches-series.patch | 18 | ||||
-rw-r--r-- | pcr-testing/xen/patch-ovmf-apply-inbuild-patches.patch | 26 | ||||
-rw-r--r-- | pcr-testing/xen/patch-ovmf-patches-series.patch | 20 | ||||
-rw-r--r-- | pcr-testing/xen/patch-ovmf-use-python2.patch | 22 | ||||
-rw-r--r-- | pcr-testing/xen/tmpfiles.d-xen.conf | 2 | ||||
-rw-r--r-- | pcr-testing/xen/xen.conf | 19 | ||||
-rw-r--r-- | pcr-testing/xen/xen.install | 140 |
16 files changed, 3116 insertions, 0 deletions
diff --git a/pcr-testing/xen/09_xen b/pcr-testing/xen/09_xen new file mode 100644 index 000000000..47d357d99 --- /dev/null +++ b/pcr-testing/xen/09_xen @@ -0,0 +1,231 @@ +#!/usr/bin/env bash + +## +## grub-mkconfig helper script specific to Parabola GNU/Linux-libre +## Contributed by "Keshav Amburay" <the ddoott ridikulus ddoott rat aatt geemmayil ddoott ccoomm> +## Rebranded for Parabola by "André Silva" <emulatorman@parabola.nu> +## Updated on 08 February 2014 +## +## Script based on do_grub_config() function in Arch (the GNU/Linux distribution) Archboot ISO Installer/Setup script +## Some parts taken from /etc/grub.d/10_linux script shipped by GRUB(2) upstream +## +## This script can be freely distributed and/or modified +## under the terms of the GNU General Public License as published by +## the Free Software Foundation, either version 3 of the License, or +## (at your option) any later version. +## +## This script is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +## Adapted for use with the xen package, to ensure feature comparity +## Modified by "David Sutton" <kantras - gmail com> + +_FUNC_GRUB_FILE_PRESENT() { + + [[ -z "${GRUB_PLATFORM}" ]] && GRUB_PLATFORM="x86" + + if [[ "${GRUB_PLATFORM}" == "x86" ]]; then + check="--is-x86-linux32" + elif [[ "${GRUB_PLATFORM}" == "i386-xen-pae" ]]; then + check="--is-i386-xen-pae-domu" + elif [[ "${GRUB_PLATFORM}" == "x86_64-xen" ]]; then + check="--is-x86_64-xen-domu" + else + check="--is-${GRUB_PLATFORM}-linux" + fi + + case "${GRUB_PLATFORM}" in + x86) + list="$(for i in "${GRUB_ROOT}"/boot/vmlinuz-linux* ; do + if grub_file_is_not_garbage "${i}" && "${grub_file}" ${check} "${i}" ; then echo -n "${i} " ; fi + done)" ;; + *) + list="$(for i in "${GRUB_ROOT}"/boot/vmlinuz-linux* ; do + if grub_file_is_not_garbage "${i}" && "${grub_file}" ${check} "${i}" ; then echo -n "${i} " ; fi + done)" ;; + esac +} + +set -e + +prefix="/usr" +exec_prefix="${prefix}" +datarootdir="/usr/share" +datadir="${datarootdir}" +sysconfdir="/etc" + +. "${datarootdir}/grub/grub-mkconfig_lib" + +. "${sysconfdir}/default/grub" + +export XEN_HYPERVISOR_CMDLINE="xsave=1" +export XEN_LINUX_CMDLINE="console=tty0" + +[[ -r "${sysconfdir}/xen/grub.conf" ]] && . "${sysconfdir}/xen/grub.conf" + +[[ -z "${XEN_LINUX_CMDLINE_OVERRIDE}" ]] && XEN_LINUX_CMDLINE_OVERRIDE="0" + +export TEXTDOMAIN="grub" +export TEXTDOMAINDIR="${datarootdir}/locale" + +CLASS="--class xen --class parabola --class gnu-linux --class gnu --class os" + +[[ "${grub_file}" != "" ]] && _FUNC_GRUB_FILE_PRESENT + +BOOT_PART_FS_UUID="$(${grub_probe} --target="fs_uuid" "/boot" 2>/dev/null)" +BOOT_PART_HINTS_STRING="$(${grub_probe} --target="hints_string" "/boot" 2>/dev/null || true)" +BOOT_PART_FS="$(${grub_probe} --target="fs" "/boot" 2>/dev/null)" + +ROOT_PART_GRUB_DEVICE="$(${grub_probe} --target=device / || true)" +ROOT_PART_FS="$(${grub_probe} --device ${ROOT_PART_GRUB_DEVICE} --target=fs 2> /dev/null || echo "unknown")" + +if [[ "${GRUB_LINUX_ROOT_DEVICE}" == "" ]]; then + + case "${ROOT_PART_FS}" in + btrfs) + rootsubvol="$(make_system_path_relative_to_its_root /)" + rootsubvol="${rootsubvol#/}" + if [[ "${rootsubvol}" != "" ]]; then + GRUB_LINUX_ROOT_DEVICE="subvol=${rootsubvol}" + fi + ;; + zfs) + rpool="$(${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true)" + bootfs="$(make_system_path_relative_to_its_root / | sed -e "s,@$,,")" + GRUB_LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs}" + ;; + esac + + if [[ "${GRUB_DEVICE_UUID}" == "" ]] || \ + [[ "${GRUB_DISABLE_LINUX_UUID}" == "true" ]] || \ + [[ ! -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" ]] || \ + uses_abstraction "${GRUB_DEVICE}" lvm ; then + GRUB_LINUX_ROOT_DEVICE="${GRUB_DEVICE}" + else + GRUB_LINUX_ROOT_DEVICE="UUID=${GRUB_DEVICE_UUID}" + fi +fi + +[[ "${GRUB_LINUX_PARAMS}" == "" ]] && GRUB_LINUX_PARAMS="${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" +if [[ "${XEN_LINUX_CMDLINE_OVERRIDE}" == "0" ]]; then + GRUB_LINUX_PARAMS="${GRUB_LINUX_PARAMS} ${XEN_LINUX_CMDLINE}" +else + GRUB_LINUX_PARAMS="${XEN_LINUX_CMDLINE}" +fi + +xen_list=`for i in /boot/xen-*.gz /xen-*.gz ; do + if grub_file_is_not_garbage "$i" ; then echo -n "$i "; fi +done` + +while [ "x$xen_list" != "x" ] ; do + xen=`version_find_latest $xen_list` + echo "Found Xen hypervisor image: $xen" >&2 + XEN_BASENAME=`basename $xen` + XEN_VERSION=`echo $XEN_BASENAME | sed -e "s,^[^0-9]*-,,g" | sed -e "s,.gz,,g"` + + for _KERNEL_ in ${list} ; do + + echo "Found linux image: ${_KERNEL_}" >&2 + + basename="$(basename "${_KERNEL_}")" + dirname="$(dirname "${_KERNEL_}")" + REAL_DIR="$(make_system_path_relative_to_its_root "${dirname}")" + + _KERNEL_FILE_="$(echo ${_KERNEL_} | sed 's,/boot/,,g')" + _KERNEL_PKG_="pkg-$(echo ${_KERNEL_FILE_} | sed 's,vmlinuz-,,g')" + + _INITRAMFS_="${_KERNEL_FILE_/vmlinuz-/initramfs-}.img" + + if [[ -e "/boot/${_INITRAMFS_}" ]]; then + + echo "Found initramfs image: /boot/${_INITRAMFS_}" >&2 + + cat << EOF + +menuentry "Xen ${XEN_VERSION} / Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel" ${CLASS} { + $(save_default_entry) + if [ x\$feature_all_video_module = xy ]; then + insmod all_video + fi + set gfxpayload=keep + insmod ${BOOT_PART_FS} + if [ x\$feature_platform_search_hint = xy ]; then + search --no-floppy --fs-uuid --set=root ${BOOT_PART_HINTS_STRING} ${BOOT_PART_FS_UUID} + else + search --no-floppy --fs-uuid --set=root ${BOOT_PART_FS_UUID} + fi + echo '$(printf "Loading Xen %s ..." ${XEN_VERSION})' + multiboot ${REAL_DIR}/${XEN_BASENAME} ${REAL_DIR}/${XEN_BASENAME} ${XEN_HYPERVISOR_CMDLINE} + echo 'Loading Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel ...' + module ${REAL_DIR}/${_KERNEL_FILE_} ${REAL_DIR}/${_KERNEL_FILE_} root=${GRUB_LINUX_ROOT_DEVICE} rw ${GRUB_LINUX_PARAMS} + echo 'Loading Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel initramfs ...' + module ${REAL_DIR}/${_INITRAMFS_} +} + +EOF + fi + + _INITRAMFS_FALLBACK_="${_KERNEL_FILE_/vmlinuz-/initramfs-}-fallback.img" + + if [[ -e "/boot/${_INITRAMFS_FALLBACK_}" ]]; then + + echo "Found fallback initramfs image: /boot/${_INITRAMFS_FALLBACK_}" >&2 + + cat << EOF + +menuentry "Xen ${XEN_VERSION} / Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel (fallback initramfs)" ${CLASS} { + $(save_default_entry) + if [ x\$feature_all_video_module = xy ]; then + insmod all_video + fi + set gfxpayload=keep + insmod ${BOOT_PART_FS} + if [ x\$feature_platform_search_hint = xy ]; then + search --no-floppy --fs-uuid --set=root ${BOOT_PART_HINTS_STRING} ${BOOT_PART_FS_UUID} + else + search --no-floppy --fs-uuid --set=root ${BOOT_PART_FS_UUID} + fi + echo '$(printf "Loading Xen %s ..." ${XEN_VERSION})' + multiboot ${REAL_DIR}/${XEN_BASENAME} ${REAL_DIR}/${XEN_BASENAME} ${XEN_HYPERVISOR_CMDLINE} + echo 'Loading Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel ...' + module ${REAL_DIR}/${_KERNEL_FILE_} ${REAL_DIR}/${_KERNEL_FILE_} root=${GRUB_LINUX_ROOT_DEVICE} rw ${GRUB_LINUX_PARAMS} + echo 'Loading Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel fallback initramfs ...' + module ${REAL_DIR}/${_INITRAMFS_FALLBACK_} +} + +EOF + fi + + if [[ ! -e "/boot/${_INITRAMFS_}" ]] && [[ ! -e "/boot/${_INITRAMFS_FALLBACK_}" ]]; then + cat << EOF + +menuentry "Xen ${XEN_VERSION} / Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel (no initramfs)" ${CLASS} { + $(save_default_entry) + if [ x\$feature_all_video_module = xy ]; then + insmod all_video + fi + set gfxpayload=keep + insmod ${BOOT_PART_FS} + if [ x\$feature_platform_search_hint = xy ]; then + search --no-floppy --fs-uuid --set=root ${BOOT_PART_HINTS_STRING} ${BOOT_PART_FS_UUID} + else + search --no-floppy --fs-uuid --set=root ${BOOT_PART_FS_UUID} + fi + echo '$(printf "Loading Xen %s ..." ${XEN_VERSION})' + multiboot ${REAL_DIR}/${XEN_BASENAME} ${REAL_DIR}/${XEN_BASENAME} ${XEN_HYPERVISOR_CMDLINE} + echo 'Loading Parabola GNU/Linux-libre ${_KERNEL_PKG_} kernel ...' + module ${REAL_DIR}/${_KERNEL_FILE_} ${REAL_DIR}/${_KERNEL_FILE_} root=${GRUB_LINUX_ROOT_DEVICE} rw ${GRUB_LINUX_PARAMS} +} + +EOF + fi + + done + + xen_list=`echo $xen_list | tr ' ' '\n' | grep -vx $xen | tr '\n' ' '` +done + + diff --git a/pcr-testing/xen/21_linux_xen_multiboot_arch b/pcr-testing/xen/21_linux_xen_multiboot_arch new file mode 100755 index 000000000..ef3a39b54 --- /dev/null +++ b/pcr-testing/xen/21_linux_xen_multiboot_arch @@ -0,0 +1,296 @@ +#! /bin/sh +set -e + +# grub-mkconfig helper script. +# Copyright (C) 2006,2007,2008,2009,2010 Free Software Foundation, Inc. +# +# GRUB is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# GRUB is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with GRUB. If not, see <http://www.gnu.org/licenses/>. + +prefix="/usr" +exec_prefix="/usr" +datarootdir="/usr/share" + +. "$pkgdatadir/grub-mkconfig_lib" + +export TEXTDOMAIN=grub +export TEXTDOMAINDIR="${datarootdir}/locale" + +CLASS="--class gnu-linux --class gnu --class os --class xen" + +if [ "x${GRUB_DISTRIBUTOR}" = "x" ] ; then + OS=GNU/Linux-libre +else + OS="${GRUB_DISTRIBUTOR} GNU/Linux-libre" + CLASS="--class $(echo ${GRUB_DISTRIBUTOR} | tr 'A-Z' 'a-z' | cut -d' ' -f1|LC_ALL=C sed 's,[^[:alnum:]_],_,g') ${CLASS}" +fi + +# loop-AES arranges things so that /dev/loop/X can be our root device, but +# the initrds that Linux-libre uses don't like that. +case ${GRUB_DEVICE} in + /dev/loop/*|/dev/loop[0-9]) + GRUB_DEVICE=`losetup ${GRUB_DEVICE} | sed -e "s/^[^(]*(\([^)]\+\)).*/\1/"` + ;; +esac + +# btrfs may reside on multiple devices. We cannot pass them as value of root= parameter +# and mounting btrfs requires user space scanning, so force UUID in this case. +if [ "x${GRUB_DEVICE_UUID}" = "x" ] || [ "x${GRUB_DISABLE_LINUX_UUID}" = "xtrue" ] \ + || ! test -e "/dev/disk/by-uuid/${GRUB_DEVICE_UUID}" \ + || ( test -e "${GRUB_DEVICE}" && uses_abstraction "${GRUB_DEVICE}" lvm ); then + LINUX_ROOT_DEVICE=${GRUB_DEVICE} +else + LINUX_ROOT_DEVICE=UUID=${GRUB_DEVICE_UUID} +fi + +# Allow overriding GRUB_CMDLINE_LINUX and GRUB_CMDLINE_LINUX_DEFAULT. +if [ "${GRUB_CMDLINE_LINUX_XEN_REPLACE}" ]; then + GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX_XEN_REPLACE}" +fi +if [ "${GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT}" ]; then + GRUB_CMDLINE_LINUX_DEFAULT="${GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT}" +fi + +case x"$GRUB_FS" in + xbtrfs) + rootsubvol="`make_system_path_relative_to_its_root /`" + rootsubvol="${rootsubvol#/}" + if [ "x${rootsubvol}" != x ]; then + GRUB_CMDLINE_LINUX="rootflags=subvol=${rootsubvol} ${GRUB_CMDLINE_LINUX}" + fi;; + xzfs) + rpool=`${grub_probe} --device ${GRUB_DEVICE} --target=fs_label 2>/dev/null || true` + bootfs="`make_system_path_relative_to_its_root / | sed -e "s,@$,,"`" + LINUX_ROOT_DEVICE="ZFS=${rpool}${bootfs}" + ;; +esac + +title_correction_code= + +linux_entry () +{ + os="$1" + version="$2" + xen_version="$3" + type="$4" + args="$5" + xen_args="$6" + ver="" + if $($grub_file --is-x86-multiboot2 ${xen_dirname}/${xen_basename}); then + ver="2" + fi + if [ -z "$boot_device_id" ]; then + boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" + fi + if [ x$type != xsimple ] ; then + if [ x$type = xrecovery ] ; then + title="$(gettext_printf "%s, with Xen %s and Linux-%s (recovery mode)" "${os}" "${xen_version}" "${version}")" + else + title="$(gettext_printf "%s, with Xen %s and Linux-%s" "${os}" "${xen_version}" "${version}")" + fi + replacement_title="$(echo "Advanced options for ${OS}" | sed 's,>,>>,g')>$(echo "$title" | sed 's,>,>>,g')" + if [ x"Xen ${xen_version}>$title" = x"$GRUB_ACTUAL_DEFAULT" ]; then + quoted="$(echo "$GRUB_ACTUAL_DEFAULT" | grub_quote)" + title_correction_code="${title_correction_code}if [ \"x\$default\" = '$quoted' ]; then default='$(echo "$replacement_title" | grub_quote)'; fi;" + grub_warn "$(gettext_printf "Please don't use old title \`%s' for GRUB_DEFAULT, use \`%s' (for versions before 2.00) or \`%s' (for 2.00 or later)" "$GRUB_ACTUAL_DEFAULT" "$replacement_title" "gnulinux-advanced-$boot_device_id>gnulinux-$version-$type-$boot_device_id")" + fi + echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'xen-gnulinux-$version-$type-$boot_device_id' {" | sed "s/^/$submenu_indentation/" + else + title="$(gettext_printf "%s, with Xen hypervisor" "${os}")" + echo "menuentry '$(echo "$title" | grub_quote)' ${CLASS} \$menuentry_id_option 'xen-gnulinux-simple-$boot_device_id' {" | sed "s/^/$submenu_indentation/" + fi + if [ x$type != xrecovery ] ; then + save_default_entry | grub_add_tab | sed "s/^/$submenu_indentation/" + fi + + if [ -z "${prepare_boot_cache}" ]; then + prepare_boot_cache="$(prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | grub_add_tab)" + fi + printf '%s\n' "${prepare_boot_cache}" | sed "s/^/$submenu_indentation/" + xmessage="$(gettext_printf "Loading Xen %s ..." ${xen_version})" + lmessage="$(gettext_printf "Loading Linux-libre %s ..." ${version})" + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$xmessage" | grub_quote)' + if [ "\$grub_platform" = "pc" -o "\$grub_platform" = "" ]; then + xen_rm_opts= + else + xen_rm_opts="no-real-mode edd=off" + fi + multiboot${ver} ${rel_xen_dirname}/${xen_basename} placeholder ${xen_args} \${xen_rm_opts} + echo '$(echo "$lmessage" | grub_quote)' + module${ver} ${rel_dirname}/${basename} placeholder root=${linux_root_device_thisversion} ro ${args} +EOF + if test -n "${initrd}" ; then + # TRANSLATORS: ramdisk isn't identifier. Should be translated. + message="$(gettext_printf "Loading initial ramdisk ...")" + sed "s/^/$submenu_indentation/" << EOF + echo '$(echo "$message" | grub_quote)' + module${ver} --nounzip ${rel_dirname}/${initrd} +EOF + fi + sed "s/^/$submenu_indentation/" << EOF +} +EOF +} + +linux_list= +for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* /boot/kernel-*; do + if grub_file_is_not_garbage "$i"; then + basename=$(basename $i) + version=$(echo $basename | sed -e "s,^[^0-9]*-,,g") + dirname=$(dirname $i) + config= + for j in "${dirname}/config-${version}" "${dirname}/config-${alt_version}" "/etc/kernels/kernel-config-${version}" ; do + if test -e "${j}" ; then + config="${j}" + break + fi + done + if (grep -qx "CONFIG_XEN_DOM0=y" "${config}" 2> /dev/null || grep -qx "CONFIG_XEN_PRIVILEGED_GUEST=y" "${config}" 2> /dev/null || [ -z ${config} ]); then linux_list="$linux_list $i" ; fi + fi +done +if [ "x${linux_list}" = "x" ] ; then + exit 0 +fi + +file_is_not_sym () { + case "$1" in + */xen-syms-*) + return 1;; + *) + return 0;; + esac +} + +file_is_not_xen_config () { + case "$1" in + */xen*\.*config) + return 1;; + */xen*\.*cfg) + return 1;; + */xen*\.*efi) + return 1;; + *) + return 0;; + esac +} + + +xen_list= +for i in /boot/xen*; do + if grub_file_is_not_garbage "$i" && file_is_not_sym "$i" && file_is_not_xen_config "$i"; then xen_list="$xen_list $i" ; fi +done +prepare_boot_cache= +boot_device_id= + +title_correction_code= + +machine=`uname -m` + +case "$machine" in + i?86) GENKERNEL_ARCH="x86" ;; + mips|mips64) GENKERNEL_ARCH="mips" ;; + mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; + arm*) GENKERNEL_ARCH="arm" ;; + *) GENKERNEL_ARCH="$machine" ;; +esac + +# Extra indentation to add to menu entries in a submenu. We're not in a submenu +# yet, so it's empty. In a submenu it will be equal to '\t' (one tab). +submenu_indentation="" + +is_top_level=true + +while [ "x${xen_list}" != "x" ] ; do + list="${linux_list}" + current_xen=`version_find_latest $xen_list` + xen_basename=`basename ${current_xen}` + xen_dirname=`dirname ${current_xen}` + rel_xen_dirname=`make_system_path_relative_to_its_root $xen_dirname` + xen_version=`echo $xen_basename | sed -e "s,.gz$,,g;s,^xen-,,g"` + if [ -z "$boot_device_id" ]; then + boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" + fi + if [ "x$is_top_level" != xtrue ]; then + echo " submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {" + fi + while [ "x$list" != "x" ] ; do + linux=`version_find_latest $list` + gettext_printf "Found linux-libre image: %s\n" "$linux" >&2 + basename=`basename $linux` + dirname=`dirname $linux` + rel_dirname=`make_system_path_relative_to_its_root $dirname` + version=`echo $basename | sed -e "s,^[^0-9]*-,,g"` + alt_version=`echo $version | sed -e "s,\.old$,,g"` + linux_root_device_thisversion="${LINUX_ROOT_DEVICE}" + + initrd= + for i in "initramfs-linux-${version}.img" \ + "initrd.img-${version}" "initrd-${version}.img" \ + "initrd-${version}.gz" \ + "initrd-${version}" "initramfs-${version}.img" \ + "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ + "initrd-${alt_version}" "initramfs-${alt_version}.img" \ + "initramfs-genkernel-${version}" \ + "initramfs-genkernel-${alt_version}" \ + "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ + "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}" ; do + if test -e "${dirname}/${i}" ; then + initrd="$i" + break + fi + done + if test -n "${initrd}" ; then + gettext_printf "Found initrd image: %s\n" "${dirname}/${initrd}" >&2 + else + # "UUID=" magic is parsed by initrds. Since there's no initrd, it can't work here. + linux_root_device_thisversion=${GRUB_DEVICE} + fi + + if [ "x$is_top_level" = xtrue ] && [ "x${GRUB_DISABLE_SUBMENU}" != xy ]; then + linux_entry "${OS}" "${version}" "${xen_version}" simple \ + "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}" + + submenu_indentation="$grub_tab$grub_tab" + + if [ -z "$boot_device_id" ]; then + boot_device_id="$(grub_get_device_id "${GRUB_DEVICE}")" + fi + # TRANSLATORS: %s is replaced with an OS name + echo "submenu '$(gettext_printf "Advanced options for %s (with Xen hypervisor)" "${OS}" | grub_quote)' \$menuentry_id_option 'gnulinux-advanced-$boot_device_id' {" + echo " submenu '$(gettext_printf "Xen hypervisor, version %s" "${xen_version}" | grub_quote)' \$menuentry_id_option 'xen-hypervisor-$xen_version-$boot_device_id' {" + is_top_level=false + fi + + linux_entry "${OS}" "${version}" "${xen_version}" advanced \ + "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}" "${GRUB_CMDLINE_XEN} ${GRUB_CMDLINE_XEN_DEFAULT}" + if [ "x${GRUB_DISABLE_RECOVERY}" != "xtrue" ]; then + linux_entry "${OS}" "${version}" "${xen_version}" recovery \ + "single ${GRUB_CMDLINE_LINUX}" "${GRUB_CMDLINE_XEN}" + fi + + list=`echo $list | tr ' ' '\n' | fgrep -vx "$linux" | tr '\n' ' '` + done + if [ x"$is_top_level" != xtrue ]; then + echo ' }' + fi + xen_list=`echo $xen_list | tr ' ' '\n' | fgrep -vx "$current_xen" | tr '\n' ' '` +done + +# If at least one kernel was found, then we need to +# add a closing '}' for the submenu command. +if [ x"$is_top_level" != xtrue ]; then + echo '}' +fi + +echo "$title_correction_code" diff --git a/pcr-testing/xen/ChangeLog b/pcr-testing/xen/ChangeLog new file mode 100644 index 000000000..b23e810df --- /dev/null +++ b/pcr-testing/xen/ChangeLog @@ -0,0 +1,169 @@ +2015-06-24 John Thomson + * 4.7.0-1 + Xen 4.7.0 + +2015-06-11 John Thomson + * 4.6.1-7 + Apply XSA patch: 175, 178, 181 + +2015-05-23 John Thomson + * 4.6.1-6 + Apply XSA patch: 180 + +2015-05-19 John Thomson + * 4.6.1-5 + Apply XSA patch: 176 + +2016-05-12 John Thomson + * 4.6.1-4 + Apply XSA patch: 179 + Patches for GCC6 + +2016-04-19 John Thomson + * 4.6.1-3 + Apply XSA patch: 173 + +2016-03-31 John Thomson + * 4.6.1-2 + Apply XSA patch: 172 + +2016-02-19 John Thomson + * 4.6.1-1 + Xen source package updated to 4.6.1 + Apply XSA patch: 170 + +2016-02-19 John Thomson + * 4.5.2-1 + Xen source package updated to 4.5.2 + Build xen.efi with mingw-w64-binutils + Build ovmf + Apply XSA patches: 154, 156, 158 to 160, 162 to 168, and 170 + +2015-07-04 David Sutton <kantras - gmail.com> + * 4.5.1-1 + New major release from upstream + Added -fno-caller-saves CFLAG to PKGBUILD to work around GCC5 issues + Added in some compile fixes for GCC 5 + Disabled OVMF for now until patched for GCC 5 + +2015-05-13 David Sutton <kantras - gmail.com> + * 4.5.0-3 + Added Security patches + +2015-04-08 David Sutton <kantras - gmail.com> + * 4.5.0-2 + Updated PKGBUILD to use absolute instead of relative paths for install + Updated efi-xen.cfg with syntax fix + Added gnuttls-3.4.0 patch + Added security patches + +2015-03-01 David Sutton <kantras - gmail.com> + * 4.5.0-1 + New major release from upstream + Cleaned up old XSA patches + Removed old systemd support patches and realigned with the new upstream methods + +2014-10-26 David Sutton <kantras - gmail.com> + * 4.4.1-3 + Enabled OVMF support and added patches to fix compile + Enabled spice support and added patch to enable qemu support in qemu-xen + Added figlet as an make dependancy for the ascii art version number + Including an example xen.cfg package for people who will be using EFI + Additional cleanup (explictly disabling some unnecessary libraries) + +2014-10-12 David Sutton <kantras - gmail.com> + * 4.4.1-2: + Added XSA 104, 105, 106, 107 and 108 security patches + Added .config to resolve compile issues where /etc/sysconfig exists + +2014-09-04 David Sutton <kantras - gmail.com> + * 4.4.1-1: + New Upstream release + Cleared out unnecessary patches (security, gcc compile and pit) + +2014-06-22 David Sutton <kantras - gmail.com> + * 4.4.0-6: + Added additional patch to support XSA 100 on AMD platform + +2014-06-17 David Sutton <kantras - gmail.com> + * 4.4.0-5: + Added XSA 96 and 100 security patches + Added patch to explictly disable searching for bluez libs + Cleaned up PKGBUILD + +2014-05-17 David Sutton <kantras - gmail.com> + * 4.4.0-4: + Added patch to fix shutdown issues with pvh domains + +2014-05-01 David Sutton <kantras - gmail.com> + * 4.4.0-3: + Added XSA 92 Security patch + Added fix for compiling under GCC 4.9.0 (From Fedora Rawhide SRPM) + Added updates to 09_xen to closer match system 10_linux + +2014-03-11 David Sutton <kantras - gmail.com> + * 4.4.0-2: + Moved xen-syms file so 09_xen won't pick it up as a potential kernel. + Added XSA 89 Security patch + Minor PKGBUILD cleanup/changes + +2014-03-10 David Sutton <kantras - gmail.com> + * 4.4.0-1: + New upstream release + Cleaned up old unnecessary patches + +2014-02-19 David Sutton <kantras - gmail.com> + * 4.3.2-1: + New upstream release + Removed unnecessary security patches (since now integrated into source) + Attempts to pull down additional required source file to ensure not corrupted + Added missing dependancy libseccomp + +2013-11-25 David Sutton <kantras - gmail.com> + * 4.3.1-2: + Changed bluez dependancy from bluez4 to bluez + Added recent security patches + +2013-10-31 David Sutton <kantras - gmail.com> + * 4.3.1-1: + New upstream release + Removed unnecessary security patches (already merged) + Fixed BIOS Workaround patch to apply to the new source files + Fixed ATI Passthrough patch to apply to the new source files + Updated paths in all patches + +2013-09-29 David Sutton <kantras - gmail.com> + * 4.3.0-7: + Fixed optdepends in PKGBUILD + Added in a pre_remove function in xen.install to disable services + Minor text formating changes in xen.install + Added XSA 62,63,64 and 66 patches (Xen Security Advisories) + +2013-09-29 David Sutton <kantras - gmail.com> + * 4.3.0-6: + Fixed 09_xen so it can detect lts kernels + +2013-09-28 David Sutton <kantras - gmail.com> + * 4.3.0-5: + Fixed mount option in 09_xen from ro to rw + Added in dummy /etc/xen/grub.conf to control settings in 09_xen + Fix library sanitize so that it returns to the base directory + Move the syms file to /usr/share/xen so that it is out of the way of boot but still accessible + Added optional dependancy for openvswitch + +2013-08-13 David Sutton <kantras - gmail.com> + * 4.3.0-4 : + Added patch for qemu-xen to add a TOM register for PCI Hole mapping + Protected /etc/conf.d/xendomains from being overwritten + Included ATI Passthrough patch (not enabled by default, compile tested only) + +2013-07-23 David Sutton <kantras - gmail.com> + + * 4.3.0-3 : + added ChangeLog. + Cleaned up PKGBUILD to match Arch Package Standards + Fixed some path references - /var/run to /run + Removed some unnecessary empty directories + Updated xenconsoled and xenstored so they use /run for pid file + Updated auto-created /run directories to include xenstored + diff --git a/pcr-testing/xen/PKGBUILD b/pcr-testing/xen/PKGBUILD new file mode 100644 index 000000000..52eb1f402 --- /dev/null +++ b/pcr-testing/xen/PKGBUILD @@ -0,0 +1,513 @@ +# current version adapted from https://gitlab.com/johnth/aur-xen/blob/717dc1c8e32c3c615652f2b40838d1cb12441073/PKGBUILD + +# Maintainer (AUR): John Thomson <aur.xen at j0aur.mm.st> +# Contributor (Arch): David Sutton <kantras - gmail.com> +# Contributor (Arch): Shanmu Thiagaraja <sthiagaraja+AUR@prshanmu.com> +# Contributor (Arch): Limao Luo +# Contributor (Arch): Luceo +# Contributor (Arch): Revellion +# Contributor: André Silva <emulatorman@parabola.nu> +# Contributor: Márcio Silva <coadde@parabola.nu> +# Contributor: Isaac David <isacdaavid@at@isacdaavid@dot@info> + +#linux-4.7 EFI boot panic issue (patch linux) +#http://lkml.iu.edu/hypermail/linux/kernel/1608.2/03448.html + +_build_stubdom="${build_stubdom:-false}" +_system_seabios="${system_seabios:-false}" +_build_debug="${build_debug:-false}" +_build_livepatch="${build_livepatch:-false}" + +## use _build_stubdom=true to build xen with stubdom +## use _system_seabios=true to use system seabios +## this bios file is slightly different to the xen seabios +## /usr/share/qemu/bios-256k.bin uses CONFIG_ROM_SIZE=256, and newer seabios +## can force use this file through vm.cfg bios_path_override='/usr/share/qemu/bios-256k.bin' +## use _build_debug=true to compile Xen with debug options +## use _build_livepatch=true to compile Xen with livepatch support + +#_build_stubdom=true +#_system_seabios=true +#_build_debug=true +#_build_livepatch=true + +pkgbase=xen +pkgname=(xen{,-docs,-syms}) +_pkgname=xen +pkgver=4.9.0 +_pkgver=${pkgver/rc/-rc} +pkgrel=1.parabola1 +pkgdesc="Virtual Machine Hypervisor & Tools (Parabola rebranded)" +arch=(x86_64 armv7h) +depends=( + bridge-utils + curl + gnutls + iproute2 + libaio + libcap-ng + libiscsi + libnl + libpng + lzo + pciutils + python2 + sdl + spice + systemd + usbredir + yajl + # seabios ovmf qemu +) +[[ "$CARCH" == 'x86_64' ]] && depends+=( + lib32-glibc +) +[[ "$CARCH" == *'arm'* ]] && depends+=( + dtc-overlay +) +[[ "$_system_seabios" == true ]] && depends+=( + seabios +) +url='http://www.xenproject.org/' +license=('GPL2') +makedepends=( + cmake + figlet + git + markdown + nasm + ocaml-findlib + spice-protocol + wget +) +[[ "$CARCH" == 'x86_64' ]] && makedepends+=( + bin86 + dev86 + gcc-multilib + iasl +) + +## For building Xen EFI boot file. +## mingw-w64-binutils only needed if +## binutils not built with --enable-targets=x86_64-pep +_binutils_efi=false + +if [[ "$CARCH" == 'x86_64' ]]; then + _binutils_emulations="$(ld -V)" + if [[ "$_binutils_emulations" == *'i386pep'* ]]; then + _binutils_efi=true + echo '#ld has efi support' + else + makedepends+=( + mingw-w64-binutils + ) + echo '#ld does not have efi support, using mingw' + fi +fi + + +options=(!buildflags !strip) +changelog=ChangeLog + +##SeaBIOS & OVMF tags are in src/xen-*/tools/Config.mk +##grep -rE '_(REVISION|VERSION|TAG)( \?| :){0,1}=' src/xen**/{Config.mk,stubdom/configure,tools/firmware/etherboot/Makefile} +_git_tag_seabios='#tag=rel-1.10.0' +_git_tag_ovmf='#tag=5920a9d16b1ab887c2858224316a98e961d71b05' +_git_tag_ipxe='827dd1bfee67daa683935ce65316f7e0f057fe1c' + +if [[ "$_build_stubdom" == true ]]; then + if [[ "$CARCH" == *'arm'* ]]; then + echo '####Compile settings error:' + echo "#cannot build stubdom for $CARCH" + _build_stubdom=false + fi +fi + +source=( + "https://downloads.xenproject.org/release/$_pkgname/$_pkgver/$_pkgname-$_pkgver.tar.gz"{,.sig} + "http://xenbits.xen.org/xen-extfiles/ipxe-git-$_git_tag_ipxe.tar.gz" + + 'seabios'::"git://xenbits.xen.org/seabios.git$_git_tag_seabios" + 'ovmf'::"git://xenbits.xen.org/ovmf.git$_git_tag_ovmf" + ##HTTP access + #'seabios'::"git+http://xenbits.xen.org/git-http/seabios.git$_git_tag_seabios" + + ## Compile patches + ati-passthrough.patch + patch-ovmf-use-python2.patch + patch-ovmf-apply-inbuild-patches.patch + patch-ovmf-patches-series.patch + #patch-build-efi-with-mingw.patch::https://github.com/jakogut/xen-igvtg-aur/raw/28c81072e419d72a100ada9c393e37fae35ad263/xen_efi_build.patch + patch-inbuild-ovmf-5-hiilib.c-pointer-zero.patch::'https://github.com/tianocore/edk2/commit/fe4a28ccbfd33cae9e1f56b174d46b4eb2329efd.patch' + patch-inbuild-ipxe-gcc7-implicit-fallthrough.patch::'https://github.com/ipxe/ipxe/commit/5f85cbb9ee1c00cec81a848a9e871ad5d1e7f53f.patch' + patch-inbuild-ipxe-gcc7-implicit-fallthrough-ath5k.patch::'https://github.com/ipxe/ipxe/commit/45f2265bfcbbf2afd7fac24372ae26e453f2b52d.patch' + patch-inbuild-ipxe-gcc7-implicit-fallthrough-curses.patch::'https://github.com/ipxe/ipxe/commit/28e26dd2503e6006fabb26f8c33050ba93a99623.patch' + patch-ipxe-patches-series.patch + patch-gcc7-vtpm-implicit-fallthrough.patch + patch-gcc7-vtpmmgr-make-inline-static.patch + patch-gcc7-minios-udivmod.patch + + ## Files + xen.install + 21_linux_xen_multiboot_arch + efi-xen.cfg + "$_pkgname.conf" + "tmpfiles.d-$_pkgname.conf" + + ## XSA patches +) + +if [[ "$_build_stubdom" == true ]]; then + echo '#building with stubdom' + source+=( + http://xenbits.xen.org/xen-extfiles/lwip-1.3.0.tar.gz + http://xenbits.xen.org/xen-extfiles/zlib-1.2.3.tar.gz + http://xenbits.xen.org/xen-extfiles/newlib-1.16.0.tar.gz + http://xenbits.xen.org/xen-extfiles/pciutils-2.2.9.tar.bz2 + http://xenbits.xen.org/xen-extfiles/polarssl-1.1.4-gpl.tgz + http://xenbits.xen.org/xen-extfiles/grub-0.97.tar.gz + http://xenbits.xen.org/xen-extfiles/tpm_emulator-0.7.4.tar.gz + http://xenbits.xen.org/xen-extfiles/gmp-4.3.2.tar.bz2 + http://caml.inria.fr/pub/distrib/ocaml-3.11/ocaml-3.11.0.tar.gz + ) +fi + + +noextract=( + "ipxe-git-$_git_tag_ipxe.tar.gz" +) + +if [[ "$_build_stubdom" == true ]]; then + noextract+=( + lwip-1.3.0.tar.gz + zlib-1.2.3.tar.gz + newlib-1.16.0.tar.gz + pciutils-2.2.9.tar.bz2 + polarssl-1.1.4-gpl.tgz + grub-0.97.tar.gz + tpm_emulator-0.7.4.tar.gz + gmp-4.3.2.tar.bz2 + ocaml-3.11.0.tar.gz + ) +fi + +validpgpkeys=('23E3222C145F4475FA8060A783FE14C957E82BD9') +#gpg --keyserver pgp.mit.edu --recv-key 23E3222C145F4475FA8060A783FE14C957E82BD9 +sha256sums=( + 'cade643fe3310d4d6f97d0c215c6fa323bc1130d7e64d7e2043ffaa73a96f33b' + 'SKIP' + '36deacb946c59ad1d6600f6e5b89d6a7a8961e65eb000900e184075920120f49' + + 'SKIP' + 'SKIP' + + 'd93c2d5bcdf0c3e4c6e8efb357cb4b9d618209025361f5ccd9d03651a8acd7a3' + '5fb65130f96d1728368a09042e55f622c14117572030ce2141bff4ae150e4a01' + 'a853a38b8fd661d6b99979831cdae014cd23d831b57a90a467400660343f23f6' + '81b93e8c9e0ecb0d8c0555892b27b7e6c39d961af33cdea53ac72070e3e741b2' + #'a8ce42777e22af49080131e174b6b89c6e7597539838fb8b17a12280fd10b10b' + '79d8ce76bdeb72a1583254f1fb80309e56428d7406a6605a5ec860dc5a1beb3d' + 'e042b0161d76ee9af7b113c46703dde2663f762d696f4290585be36d907e97a5' + '2be4efb8be044c9b2459d09f5a6390fecb218ed4cb38964bce0674882817b91a' + 'db21442e38be53d342c7574c7c17fb8ce45e57c11dd1ad99e60641ea4061653b' + '9135c1ca7aed28a86afc7a0feb2930bd95b4fabf865dd368e8912cc77d38fb33' + '0ce9de822712e2b538dc144ba23b584970ac73b327277917b4afaa321c5b4b0c' + '5727d42575dfac1870d235fab23b8a230857cfdf44372bc1d98bb6384b752367' + 'b6fa5bff89242719b20747d7eb197d0aeb59f8a89e841137f0b0cab17de20686' + + #pkgbuild files + '330bcc5ab22e982d37495b57176d306353c220fec7c2b6c4a78a9133382a623e' + '7fa619845874e1a596acc5fb43b921496fba3014e04f40b2af462c51b02656ee' + '95f09bccc104d98c14559000823cb50f0d076f6a65b9f3b4e7725762b84ab5c7' + '50a9b7fd19e8beb1dea09755f07318f36be0b7ec53d3c9e74f3266a63e682c0c' + '40e0760810a49f925f2ae9f986940b40eba477dc6d3e83a78baaae096513b3cf' + + ## XSA patches +) + + +if [[ "$_build_stubdom" == true ]]; then + sha256sums+=( + #stubdom bits + '772e4d550e07826665ed0528c071dd5404ef7dbe1825a38c8adbc2a00bca948f' + '1795c7d067a43174113fdf03447532f373e1c6c57c08d61d9e4e9be5e244b05e' + 'db426394965c48c1d29023e1cc6d965ea6b9a9035d8a849be2750ca4659a3d07' + 'f60ae61cfbd5da1d849d0beaa21f593c38dac9359f0b3ddc612f447408265b24' + '2d29fd04a0d0ba29dae6bd29fb418944c08d3916665dcca74afb297ef37584b6' + '4e1d15d12dbd3e9208111d6b806ad5a9857ca8850c47877d36575b904559260b' + '4e48ea0d83dd9441cc1af04ab18cd6c961b9fa54d5cbf2c2feee038988dea459' + '936162c0312886c21581002b79932829aa048cfaf9937c6265aeaa14f1cd1775' + 'ecdd4f8473ab0dee5d3acb5c0a31a4c1dd6aa12179895cf1903dd0f455c43a4f' + + #stubdom patches + ) +fi + +_xen_kconfig_debug=$(cat <<EOF +CONFIG_DEBUG=y +CONFIG_CRASH_DEBUG=y +EOF +) +_xen_kconfig_livepatch=$(cat <<EOF +CONFIG_LIVEPATCH=y +EOF +) + +_makevars=( + LANG=C + PYTHON=python2 +) + +prepare() { + cd "$_pkgname-$_pkgver/" + + ### Copy git sourced tools/firmware + # move seabios into place + mv --force "$srcdir/seabios" tools/firmware/seabios-dir-remote + # move ovmf into place + mv --force "$srcdir/ovmf" tools/firmware/ovmf-dir-remote + + ### Patching + + # XSA Patches + echo 'XSA patches' + # Security Patches - Base + + # Security Patches - qemu-xen-traditional + cd 'tools/qemu-xen-traditional/' + cd '../../' + + # Security Patches - qemu-xen (upstream) + cd 'tools/qemu-xen/' + cd '../../' + + + # Compile Patches + echo 'Compile patches' + + # Build EFI binary with mingw + if [[ "$_binutils_efi" != true ]]; then + if $(stat /usr/x86_64-w64-mingw32/bin/ld >/dev/null 2>&1); then + #patch -Np1 -i "$srcdir/patch-build-efi-with-mingw.patch" + sed -i.bak '/ EFI_LD/s/LD/LD_EFI/' xen/arch/x86/Makefile + sed -i.bak 's/LD/LD_EFI/' xen/arch/x86/efi/Makefile + sed -i.bak '/EFI_MOUNTPOINT .*/aLD_EFI ?= $(LD)' xen/Makefile + else + echo '#Not capable of building xen.efi. Need either:' + echo '#(preferred) binutils compiled with --enable-targets=x86_64-pep' + echo '#or install mingw-w64-binutils' + fi + fi + + # OVMF Compile support (Pulls from GIT repo, so patching to patch after pull request) + patch -Np1 -i "$srcdir/patch-ovmf-use-python2.patch" + patch -Np1 -i "$srcdir/patch-ovmf-apply-inbuild-patches.patch" + mkdir -p tools/firmware/ovmf-patches + patch -Np1 -i "$srcdir/patch-ovmf-patches-series.patch" + cp "$srcdir"/patch-inbuild-ovmf*.patch tools/firmware/ovmf-patches/ + + # Uncomment line below if you want to enable ATI Passthrough support (some reported successes, untested with 4.4) + #patch -Np1 -i "$srcdir/ati-passthrough.patch" + + ## Fix fixed rundir paths + ## grep -Rl '\/var\/run\/xen' * 2> /dev/null + _var_run_fixed_paths=( + tools/hotplug/Linux/locking.sh + tools/xenmon/xenbaked.c + tools/xenmon/xenmon.py + tools/pygrub/src/pygrub + ) + sed -i 's:/var/run:/run:' ${_var_run_fixed_paths[@]} + + ## Fix python version in shebang + echo 'Fix python shebang to python2' + _python_files=( $(grep -Rlse '^#!/usr/bin/.*python$' || : ) ) + sed -Ei 's|(^#!.*/usr/bin/(env ){0,1})python$|\1python2|' ${_python_files[@]} + + if [[ "$_build_stubdom" == true ]]; then + # Copy supporting tarballs into place + ln -s "$srcdir/lwip-1.3.0.tar.gz" stubdom/ + ln -s "$srcdir/zlib-1.2.3.tar.gz" stubdom/ + ln -s "$srcdir/newlib-1.16.0.tar.gz" stubdom/ + ln -s "$srcdir/pciutils-2.2.9.tar.bz2" stubdom/ + ln -s "$srcdir/polarssl-1.1.4-gpl.tgz" stubdom/ + ln -s "$srcdir/grub-0.97.tar.gz" stubdom/ + ln -s "$srcdir/tpm_emulator-0.7.4.tar.gz" stubdom/ + ln -s "$srcdir/gmp-4.3.2.tar.bz2" stubdom/ + ln -s "$srcdir/ocaml-3.11.0.tar.gz" stubdom/ + + ## Stubdom patches + cd 'extras/mini-os' + patch -Np1 -i "$srcdir/patch-gcc7-minios-udivmod.patch" + cd '../../' + + #vtpm + patch -Np1 -i "$srcdir/patch-gcc7-vtpmmgr-make-inline-static.patch" + patch -Np1 -i "$srcdir/patch-gcc7-vtpm-implicit-fallthrough.patch" + fi + + #etherboot + ln -s "$srcdir/ipxe-git-$_git_tag_ipxe.tar.gz" tools/firmware/etherboot/ipxe.tar.gz + patch -Np1 -i "$srcdir/patch-ipxe-patches-series.patch" + cp "$srcdir"/patch-inbuild-ipxe*.patch tools/firmware/etherboot/patches/ +} + +build() { + cd "$_pkgname-$_pkgver/" + export LD_EFI='/usr/x86_64-w64-mingw32/bin/ld' + ./autogen.sh + if [[ "$_build_stubdom" == true ]]; then + _config_stubdom=(--enable-stubdom) + _config_stubdom+=( + #--enable-ioemu-stubdom=no + #--enable-c-stubdom=no + #--enable-caml-stubdom=no + #--enable-pv-grub=no + #--enable-xenstore-stubdom=no + #--enable-vtpm-stubdom=no + #--enable-vtpmmgr-stubdom=no + ) + else + _config_stubdom=(--disable-stubdom) + fi + _config_seabios=() + if [[ "$_system_seabios" == true ]]; then + _config_seabios=(--with-system-seabios=/usr/share/qemu/bios-256k.bin) + fi + _config_xen_kconfig='' + _config_debug=() + if [[ "$_build_debug" == true ]]; then + _config_debug=(--enable-debug --enable-debug-tcg --enable-debug-info) + _config_xen_kconfig+="\n$_xen_kconfig_debug" + _makevars+=(debug=y CONFIG_DEBUG=y) + fi + if [[ "$_build_livepatch" == true ]]; then + _config_xen_kconfig+="\n$_xen_kconfig_livepatch" + fi + if [[ -n "$_config_xen_kconfig" ]]; then + cd xen + echo -e "$_config_xen_kconfig" > .config + make "${_makevars[@]}" olddefconfig V=1 + cd ../ + fi + ./configure PYTHON=/usr/bin/python2 --prefix=/usr --sbindir=/usr/bin --with-sysconfig-leaf-dir=conf.d --with-rundir=/run \ + --enable-systemd --enable-ovmf \ + "${_config_seabios[@]}" \ + "${_config_stubdom[@]}" \ + "${_config_debug[@]}" \ + --with-extra-qemuu-configure-args='--disable-bluez --disable-gtk --enable-spice --enable-usb-redir' + #--with-system-qemu --with-system-seabios --with-system-ovmf + #defaults --enable-qemu-traditional --enable-rombios \ + make "${_makevars[@]}" dist + if [[ "$_build_livepatch" == true ]]; then + make "${_makevars[@]}" build-tests + fi +} + +package_xen() { + _makevars_package=("${_makevars[@]}" DESTDIR="$pkgdir") + optdepends=( + 'xen-docs: Official Xen documentation' + 'openvswitch: Optional advanced networking support' + 'urlgrabber: Required for xenpvnetboot' + ) + conflicts=(xen-{git,rc,igvtg,4.{5,6,7}} xenstore) + provides=(xenstore) + replaces=(xen-{git,rc,4.{5,6,7}}) + backup=( + etc/conf.d/xen{domains,commons} + "etc/$_pkgname/grub.conf" + "etc/$_pkgname/oxenstored.conf" + "etc/$_pkgname/xl.conf" + ) + install="$_pkgname.install" + + cd "$_pkgname-$_pkgver/" + + make "${_makevars_package[@]}" install-xen + make "${_makevars_package[@]}" install-tools + if [[ "$_build_stubdom" == true ]]; then + make "${_makevars_package[@]}" install-stubdom + fi + if [[ "$_build_livepatch" == true ]]; then + make "${_makevars_package[@]}" install-tests + fi + + cd "$pkgdir" + + # Install files from Parabola package + install -Dm644 "$srcdir/tmpfiles.d-$_pkgname.conf" "usr/lib/tmpfiles.d/$_pkgname.conf" + install -Dm755 "$srcdir/21_linux_xen_multiboot_arch" etc/grub.d/21_linux_xen_multiboot_arch + install -Dm644 "$srcdir/efi-xen.cfg" etc/xen/efi-xen.cfg + + mkdir -p var/log/xen/console + + # Sanitize library path (if lib64 exists) + if [[ -d usr/lib64 ]]; then + cd usr/ + mv lib64/* lib/ + rmdir lib64 + cd ../ + fi + + # If EFI binaries built, move to /boot + if [[ -f usr/lib/efi/xen.efi ]]; then + mv usr/lib/efi/*.efi boot/ + rmdir usr/lib/efi + fi + + # Remove syms + find usr/lib/debug -type f \( -name '*-syms*' -or -name '*\.map' \) -delete + rmdir --ignore-fail-on-non-empty usr/lib/debug + + # Remove hypervisor boot symlinks + rm -f boot/xen{,-4{,.8,.9}}{,.{gz,efi}} + + # Documentation cleanup ( see xen-docs package ) + #rm -rf usr/share/doc + #rm -rf usr/share/man + + # Remove tempdirs + rmdir run/xen{,stored} + rmdir run + + # Remove unnecessary qemu ELF support files + # qemuu + rm -f usr/share/qemu-xen/qemu/{palcode,openbios,s390}-* + rm -f usr/share/qemu-xen/qemu/u-boot.e500 + # qemut + if [[ "$CARCH" == *'x86'* ]]; then + rm -f usr/share/xen/qemu/openbios-* + fi + + # adhere to Static Library Packaging Guidelines + rm -rf usr/lib/*.a + + # Remove unneeded init.d files + rm -rf etc/init.d +} + +package_xen-docs(){ + _makevars_package=("${_makevars[@]}" DESTDIR="$pkgdir") + pkgdesc='Xen virtual machine hypervisor documentation' + arch=('any') + depends=() + cd "$_pkgname-$_pkgver/" + make "${_makevars_package[@]}" install-docs +} + +package_xen-syms(){ + _makevars_package=("${_makevars[@]}" DESTDIR="$pkgdir") + pkgdesc='Xen virtual machine hypervisor debugging symbols' + arch=('any') + depends=() + _installdir="${pkgdir}/usr/lib/debug" + cd "$_pkgname-$_pkgver/" + install -d -m0755 "$_installdir" + for _path in $(find xen -type f \( -name '*-syms' -or -name '*\.map' \)); do + _file=$(basename "$_path") + _installfile=$(echo "$_file" | + sed "s/\([^.]*\)\(\.*\)/\1-${_pkgver}\2/" ) + install -D -m0644 -p "$_path" "$_installdir/$_installfile" + done +} diff --git a/pcr-testing/xen/ati-passthrough.patch b/pcr-testing/xen/ati-passthrough.patch new file mode 100644 index 000000000..7c20b1ecd --- /dev/null +++ b/pcr-testing/xen/ati-passthrough.patch @@ -0,0 +1,415 @@ +--- xen-4.3.1/tools/qemu-xen-traditional/hw/pass-through.c Thu Sep 6 11:05:30 2012 ++++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pass-through.c Sat Nov 24 08:27:07 2012 +@@ -1438,9 +1438,17 @@ static void pt_ioport_map(PCIDevice *d, + if (e_phys != -1) + { + /* Create new mapping */ +- ret = xc_domain_ioport_mapping(xc_handle, domid, e_phys, +- assigned_device->bases[i].access.pio_base, e_size, +- DPCI_ADD_MAPPING); ++ if ( vga_skip_ioport_map(d) ) ++ { ++ assigned_device->bases[i].e_physbase = -1; ++ } ++ else ++ { ++ ret = xc_domain_ioport_mapping(xc_handle, domid, e_phys, ++ assigned_device->bases[i].access.pio_base, e_size, ++ DPCI_ADD_MAPPING); ++ } ++ + if ( ret != 0 ) + { + PT_LOG("Error: create new mapping failed!\n"); +--- xen-4.3.1/tools/qemu-xen-traditional/hw/pass-through.h Thu Sep 6 11:05:30 2012 ++++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pass-through.h Sat Nov 24 08:27:07 2012 +@@ -419,6 +419,11 @@ int pt_pci_host_write(struct pci_dev *pc + void intel_pch_init(PCIBus *bus); + int register_vga_regions(struct pt_dev *real_device); + int unregister_vga_regions(struct pt_dev *real_device); ++int vga_skip_ioport_map(PCIDevice *d); ++int igd_register_vga_regions(struct pt_dev *real_device); ++int igd_unregister_vga_regions(struct pt_dev *real_device); ++int ati_register_vga_regions(struct pt_dev *real_device); ++int ati_unregister_vga_regions(struct pt_dev *real_device); + int setup_vga_pt(struct pt_dev *real_device); + PCIBus *intel_pci_bridge_init(PCIBus *bus, int devfn, uint16_t vid, + uint16_t did, const char *name, uint16_t revision); +--- xen-4.3.1/tools/qemu-xen-traditional/hw/pci.h Thu Sep 6 11:05:30 2012 ++++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pci.h Sat Nov 24 08:27:07 2012 +@@ -54,6 +54,8 @@ extern target_phys_addr_t pci_mem_base; + + #define PCI_VENDOR_ID_CIRRUS 0x1013 + ++#define PCI_VENDOR_ID_ATI 0x1002 ++ + #define PCI_VENDOR_ID_IBM 0x1014 + #define PCI_DEVICE_ID_IBM_OPENPIC2 0xffff + +--- xen-4.3.1/tools/qemu-xen-traditional/hw/pt-graphics.c Thu Sep 6 11:05:30 2012 ++++ xen-4.3.1-new/tools/qemu-xen-traditional/hw/pt-graphics.c Sat Nov 24 08:28:10 2012 +@@ -13,6 +13,207 @@ + + extern int gfx_passthru; + extern int igd_passthru; ++/*********************************/ ++/* Code for ATI GFX Passthru */ ++/*********************************/ ++/* ATI VBIOS Working Mechanism ++ * ++ * Generally there are three memory resources (two MMIO and one PIO) ++ * associated with modern ATI gfx. VBIOS uses special tricks to figure out ++ * BARs, instead of using regular PCI config space read. ++ * ++ * (1) VBIOS relies on I/O port 0x3C3 to retrieve PIO BAR ++ * (2) VBIOS maintains a shadow copy of PCI configure space. It retries the ++ * MMIO BARs from this shadow copy via sending I/O requests to first two ++ * registers of PIO (MMINDEX and MMDATA). The workflow is like this: ++ * MMINDEX (register 0) is written with an index value, specifying the ++ * register VBIOS wanting to access. Then the shadowed data can be ++ * read/written from MMDATA (register 1). For two MMIO BARs, the index ++ * values are 0x4010 and 0x4014 respectively. ++ * ++ */ ++ ++#define ATI_BAR1_INDEX 0 //MMIO BAR1 ++#define ATI_BAR2_INDEX 1 //MMIO BAR2 ++#define ATI_BAR5_INDEX 4 //PIO BAR == BAR5 ++ ++#define ATI_BAR1_MMINDEX 0x4010 //data written to MMINDEX for MMIO BAR1 ++#define ATI_BAR2_MMINDEX 0x4014 //data written to MMINDEX FOR MMIO BAR2 ++ ++struct ati_gfx_info { ++ int initialized; /* initialized already? */ ++ ++ /* PIO */ ++ uint32_t host_pio_base; /* host base addr of PIO */ ++ uint32_t guest_pio_base; /* guest base addr of PIO */ ++ uint32_t pio_size; /* PIO size */ ++ ++ /* MMIO */ ++ uint32_t guest_mmio_base1; /* guest base addr of MMIO 1 */ ++ uint32_t guest_mmio_base2; /* guest base addr of MMIO 2 */ ++ ++ /* PIO MMINDEX access recording */ ++ uint32_t pre_mmindex_data; /* previous data written to MMINDEX */ ++}; ++ ++static struct ati_gfx_info gfx_info; ++ ++/* Convert guest PIO port to host PIO port */ ++static uint16_t gport_to_hport(uint16_t gport) ++{ ++ return (gport - gfx_info.guest_pio_base) + gfx_info.host_pio_base; ++} ++ ++/* Read host PIO port */ ++static uint32_t ati_hw_in(uint16_t hport) ++{ ++ unsigned val; ++ ++ //iopl(3); ++ asm volatile ("in %1,%0":"=a"(val):"Nd"(hport)); ++ //iopl(0); ++ ++ return val; ++} ++ ++/* Write data to host PIO */ ++static void ati_hw_out(uint16_t hport, uint32_t data) ++{ ++ //iopl(3); ++ asm volatile ("out %1, %0"::"Nd"(hport),"a"(data)); ++ //iopl(0); ++} ++ ++static uint32_t ati_io_regs_read(void *opaque, uint32_t addr) ++{ ++ uint32_t val; ++ ++ val = ati_hw_in(gport_to_hport(addr)); ++ ++ /* tweak the value if VBIOS is reading MMIO BAR1 and BAR2 */ ++ if ( addr == (gfx_info.guest_pio_base + 4) ) ++ { ++ switch ( gfx_info.pre_mmindex_data ) ++ { ++ case ATI_BAR1_MMINDEX: ++ val = gfx_info.guest_mmio_base1 | (val & 0x0000000f); ++ break; ++ case ATI_BAR2_MMINDEX: ++ val = gfx_info.guest_mmio_base2 | (val & 0x0000000f); ++ break; ++ default: ++ break; ++ } ++ } ++ ++ return val; ++} ++ ++static void ati_io_regs_write(void *opaque, uint32_t addr, uint32_t val) ++{ ++ ati_hw_out(gport_to_hport(addr), val); ++ ++ /* book keeping */ ++ if ( addr == gfx_info.guest_pio_base ) ++ gfx_info.pre_mmindex_data = val; ++} ++ ++static void ati_gfx_init(struct pt_dev *assigned) ++{ ++ PCIDevice *dev = (PCIDevice *)&assigned->dev; ++ ++ register_ioport_read(dev->io_regions[ATI_BAR5_INDEX].addr, ++ dev->io_regions[ATI_BAR5_INDEX].size, 4, ati_io_regs_read, assigned); ++ ++ register_ioport_write(dev->io_regions[ATI_BAR5_INDEX].addr, ++ dev->io_regions[ATI_BAR5_INDEX].size, 4, ati_io_regs_write, assigned); ++ ++ /* initialize IO registers */ ++ gfx_info.guest_pio_base = dev->io_regions[ATI_BAR5_INDEX].addr; ++ gfx_info.pio_size = dev->io_regions[ATI_BAR5_INDEX].size; ++ gfx_info.host_pio_base = assigned->bases[ATI_BAR5_INDEX].access.pio_base; ++ ++ gfx_info.guest_mmio_base1 = dev->io_regions[ATI_BAR1_INDEX].addr; ++ gfx_info.guest_mmio_base2 = dev->io_regions[ATI_BAR2_INDEX].addr; ++ gfx_info.initialized = 1; ++ ++ PT_LOG("guest_pio_bar = 0x%x, host_pio_bar = 0x%x, pio_size=0x%x " ++ "guest_mmio_bar1=0x%x, guest_mmio_bar2=0x%x\n", ++ gfx_info.guest_pio_base, gfx_info.host_pio_base, gfx_info.pio_size, ++ gfx_info.guest_mmio_base1, gfx_info.guest_mmio_base2); ++} ++ ++static uint32_t ati_legacy_io_read(void *opaque, uint32_t addr) ++{ ++ struct pt_dev *assigned_device = opaque; ++ PCIDevice *dev = (PCIDevice *)&assigned_device->dev; ++ uint32_t val = 0xFF; ++ ++ switch( addr ) ++ { ++ case 0x3c3: ++ val = dev->io_regions[ATI_BAR5_INDEX].addr >> 8; ++ /* Intercept GFX IO registers. This supposes to happen in ++ * ati_register_vga_regions(). But we cannot get guest phys IO BAR ++ * over there. */ ++ if ( !gfx_info.initialized ) ++ ati_gfx_init(assigned_device); ++ break; ++ default: ++ PT_LOG("ERROR: port 0x%x I/O read not handled\n", addr); ++ break; ++ } ++ ++ return val; ++} ++ ++static void ati_legacy_io_write(void *opaque, uint32_t addr, uint32_t val) ++{ ++ PT_LOG("ERROR: port 0x%x I/O write not handled\n", addr); ++} ++ ++int ati_register_vga_regions(struct pt_dev *real_device) ++{ ++ PCIDevice *dev = (PCIDevice *)&real_device->dev; ++ int ret = 0; ++ ++ /* We need to intercept VBIOS accesses to port 0x3C3, which returns ++ * device port I/O BAR. For the rest of legacy I/O ports, we allow direct ++ * accesses. ++ */ ++ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, ++ 0x3C0, 0x3, DPCI_ADD_MAPPING); ++ ++ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C4, ++ 0x3C4, 0x1C, DPCI_ADD_MAPPING); ++ ++ register_ioport_read(0x3c3, 1, 1, ati_legacy_io_read, real_device); ++ register_ioport_write(0x3c3, 1, 1, ati_legacy_io_write, real_device); ++ ++ /* initialized on the first port 0x3C3 access in ati_gfx_init */ ++ gfx_info.initialized = 0; ++ ++ return ret; ++} ++ ++int ati_unregister_vga_regions(struct pt_dev *real_device) ++{ ++ int ret = 0; ++ ++ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, ++ 0x3C0, 0x3, DPCI_REMOVE_MAPPING); ++ ++ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C4, ++ 0x3C4, 0x1C, DPCI_REMOVE_MAPPING); ++ ++ gfx_info.initialized = 0; ++ ++ return ret; ++} ++ ++/*********************************/ ++/* Code for Intel IGD Passthru */ ++/*********************************/ + + static uint32_t igd_guest_opregion = 0; + +@@ -176,6 +377,77 @@ read_default: + return pci_default_read_config(pci_dev, config_addr, len); + } + ++int igd_register_vga_regions(struct pt_dev *real_device) ++{ ++ u32 vendor_id, igd_opregion; ++ int ret = 0; ++ ++ /* legacy I/O ports 0x3C0 -- 0x3E0 */ ++ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, ++ 0x3C0, 0x20, DPCI_ADD_MAPPING); ++ ++ /* 1:1 map ASL Storage register value */ ++ vendor_id = pt_pci_host_read(real_device->pci_dev, PCI_VENDOR_ID, 2); ++ igd_opregion = pt_pci_host_read(real_device->pci_dev, PCI_INTEL_OPREGION, 4); ++ if ( (vendor_id == PCI_VENDOR_ID_INTEL) && igd_opregion ) ++ { ++ ret |= xc_domain_memory_mapping(xc_handle, domid, ++ igd_opregion >> XC_PAGE_SHIFT, ++ igd_opregion >> XC_PAGE_SHIFT, ++ 2, ++ DPCI_ADD_MAPPING); ++ PT_LOG("register_vga: igd_opregion = %x\n", igd_opregion); ++ } ++ ++ return ret; ++} ++ ++int igd_unregister_vga_regions(struct pt_dev *real_device) ++{ ++ u32 vendor_id, igd_opregion; ++ int ret = 0; ++ ++ ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, ++ 0x3C0, 0x20, DPCI_REMOVE_MAPPING); ++ ++ vendor_id = pt_pci_host_read(real_device->pci_dev, PCI_VENDOR_ID, 2); ++ igd_opregion = pt_pci_host_read(real_device->pci_dev, PCI_INTEL_OPREGION, 4); ++ if ( (vendor_id == PCI_VENDOR_ID_INTEL) && igd_opregion ) ++ { ++ ret |= xc_domain_memory_mapping(xc_handle, domid, ++ igd_opregion >> XC_PAGE_SHIFT, ++ igd_opregion >> XC_PAGE_SHIFT, ++ 2, ++ DPCI_REMOVE_MAPPING); ++ } ++ ++ return ret; ++} ++/*********************************/ ++/* Generic Code for GFX Passthru */ ++/*********************************/ ++/* This function decides whether I/O port map should be skipped */ ++int vga_skip_ioport_map(PCIDevice *d) ++{ ++ struct pt_dev *dev = (struct pt_dev *)d; ++ int skip = 0; ++ ++ if ( !gfx_passthru || dev->pci_dev->device_class != 0x0300 ) ++ return 0; ++ ++ switch( dev->pci_dev->vendor_id ) ++ { ++ case PCI_VENDOR_ID_ATI: ++ case PCI_VENDOR_ID_AMD: ++ skip = 1; ++ break; ++ default: ++ skip = 0; ++ break; ++ } ++ ++ return skip; ++} + /* + * register VGA resources for the domain with assigned gfx + */ +@@ -187,18 +459,33 @@ int register_vga_regions(struct pt_dev * + if ( !gfx_passthru || real_device->pci_dev->device_class != 0x0300 ) + return ret; + ++ /* legacy I/O ports 0x3B0 - 0x3BC */ + ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3B0, + 0x3B0, 0xC, DPCI_ADD_MAPPING); + +- ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, +- 0x3C0, 0x20, DPCI_ADD_MAPPING); +- ++ /* legacy video MMIO range 0xA0000 - 0xBFFFF */ + ret |= xc_domain_memory_mapping(xc_handle, domid, + 0xa0000 >> XC_PAGE_SHIFT, + 0xa0000 >> XC_PAGE_SHIFT, + 0x20, + DPCI_ADD_MAPPING); + ++ /* Other VGA regions are vendor specific */ ++ switch( real_device->pci_dev->vendor_id ) ++ { ++ case PCI_VENDOR_ID_INTEL: ++ ret = igd_register_vga_regions(real_device); ++ break; ++ case PCI_VENDOR_ID_ATI: ++ case PCI_VENDOR_ID_AMD: ++ ret = ati_register_vga_regions(real_device); ++ break; ++ default: ++ PT_LOG("gfx card wasn't supported by Xen passthru!\n"); ++ ret = 1; ++ break; ++ } ++ + if ( ret != 0 ) + PT_LOG("VGA region mapping failed\n"); + +@@ -216,26 +503,31 @@ int unregister_vga_regions(struct pt_dev + if ( !gfx_passthru || real_device->pci_dev->device_class != 0x0300 ) + return ret; + ++ /* legacy I/O ports 0x3B0 - 0x3BC */ + ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3B0, + 0x3B0, 0xC, DPCI_REMOVE_MAPPING); + +- ret |= xc_domain_ioport_mapping(xc_handle, domid, 0x3C0, +- 0x3C0, 0x20, DPCI_REMOVE_MAPPING); +- ++ /* legacy video MMIO range 0xA0000 - 0xBFFFF */ + ret |= xc_domain_memory_mapping(xc_handle, domid, + 0xa0000 >> XC_PAGE_SHIFT, + 0xa0000 >> XC_PAGE_SHIFT, + 20, + DPCI_REMOVE_MAPPING); + +- vendor_id = pt_pci_host_read(real_device->pci_dev, PCI_VENDOR_ID, 2); +- if ( (vendor_id == PCI_VENDOR_ID_INTEL) && igd_guest_opregion ) ++ /* Other VGA regions are vendor specific */ ++ switch( real_device->pci_dev->vendor_id ) + { +- ret |= xc_domain_memory_mapping(xc_handle, domid, +- igd_guest_opregion >> XC_PAGE_SHIFT, +- igd_guest_opregion >> XC_PAGE_SHIFT, +- 2, +- DPCI_REMOVE_MAPPING); ++ case PCI_VENDOR_ID_INTEL: ++ ret = igd_unregister_vga_regions(real_device); ++ break; ++ case PCI_VENDOR_ID_ATI: ++ case PCI_VENDOR_ID_AMD: ++ ret = ati_unregister_vga_regions(real_device); ++ break; ++ default: ++ PT_LOG("gfx card wasn't supported by Xen passthru!\n"); ++ ret = 1; ++ break; + } + + if ( ret != 0 ) diff --git a/pcr-testing/xen/efi-xen.cfg b/pcr-testing/xen/efi-xen.cfg new file mode 100644 index 000000000..3c8e4d04c --- /dev/null +++ b/pcr-testing/xen/efi-xen.cfg @@ -0,0 +1,7 @@ +[global] +default=xen + +[xen] +options=console=vga dom0_mem=1024M,max:1024M dom0_max_vcpus=4 loglvl=all noreboot +kernel=vmlinuz-linux-libre root=<Root Device> rw +ramdisk=initramfs-linux-libre.img diff --git a/pcr-testing/xen/patch-gcc7-minios-udivmod.patch b/pcr-testing/xen/patch-gcc7-minios-udivmod.patch new file mode 100644 index 000000000..868e63c20 --- /dev/null +++ b/pcr-testing/xen/patch-gcc7-minios-udivmod.patch @@ -0,0 +1,31 @@ +gcc7 generates a call to __udivmoddi4 ... + +stubdom/mini-os-x86_32-grub/mini-os.o: In function `_strtoll_r': +stubdom/newlib-x86_32/i686-xen-elf/newlib/libc/stdlib/../../../../../newlib-1.16.0/newlib/libc/stdlib/strtoll_r.c:110: undefined reference to `__udivmoddi4' +make[2]: *** [Makefile:167: stubdom/mini-os-x86_32-grub/mini-os] Error 1 + +... which the linker only finds if libgcc.a is provided on the commandline. + +Signed-off-by: Olaf Hering <olaf@aepfle.de> +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile b/Makefile +index ef8559b..b9c1336 100644 +--- a/Makefile ++++ b/Makefile +@@ -162,7 +162,7 @@ $(OBJ_DIR)/arch/x86/minios-x86%.lds: arch/x86/minios-x86.lds.S + $(CPP) $(ASFLAGS) -P $< -o $@ + + $(OBJ_DIR)/$(TARGET): $(OBJS) $(APP_O) arch_lib $(OBJ_DIR)/$(TARGET_ARCH_DIR)/minios-$(MINIOS_TARGET_ARCH).lds +- $(LD) -r $(LDFLAGS) $(HEAD_OBJ) $(APP_O) $(OBJS) $(LDARCHLIB) $(LDLIBS) -o $@.o ++ $(LD) -r $(LDFLAGS) $(HEAD_OBJ) $(APP_O) $(OBJS) $(LDARCHLIB) $(LDLIBS) $$(gcc -print-libgcc-file-name $(CFLAGS)) -o $@.o + $(OBJCOPY) -w -G $(GLOBAL_PREFIX)* -G _start $@.o $@.o + $(LD) $(LDFLAGS) $(LDFLAGS_FINAL) $@.o $(EXTRA_OBJS) -o $@ + gzip -f -9 -c $@ >$@.gz + +_______________________________________________ +Xen-devel mailing list +Xen-devel@lists.xen.org +https://lists.xen.org/xen-devel diff --git a/pcr-testing/xen/patch-gcc7-vtpm-implicit-fallthrough.patch b/pcr-testing/xen/patch-gcc7-vtpm-implicit-fallthrough.patch new file mode 100644 index 000000000..068752d2d --- /dev/null +++ b/pcr-testing/xen/patch-gcc7-vtpm-implicit-fallthrough.patch @@ -0,0 +1,46 @@ +GCC-7 have -Wimplicit-fallthrough enabled with -Wextra. Add appropriate +comment which both mute the warning and improve readibility. + +Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> +--- + stubdom/Makefile | 1 + + stubdom/vtpm-implicit-fallthrough.patch | 10 ++++++++++ + 2 files changed, 11 insertions(+) + create mode 100644 stubdom/vtpm-implicit-fallthrough.patch + +diff --git a/stubdom/Makefile b/stubdom/Makefile +index db01827..5055e31 100644 +--- a/stubdom/Makefile ++++ b/stubdom/Makefile +@@ -228,6 +228,7 @@ tpm_emulator-$(XEN_TARGET_ARCH): tpm_emulator-$(TPMEMU_VERSION).tar.gz + patch -d $@ -p1 < vtpm-deepquote.patch + patch -d $@ -p1 < vtpm-deepquote-anyloc.patch + patch -d $@ -p1 < vtpm-cmake-Wextra.patch ++ patch -d $@ -p1 < vtpm-implicit-fallthrough.patch + mkdir $@/build + cd $@/build; CC=${CC} $(CMAKE) .. -DCMAKE_C_FLAGS:STRING="-std=c99 -DTPM_NO_EXTERN $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -Wno-declaration-after-statement" + touch $@ +diff --git a/stubdom/vtpm-implicit-fallthrough.patch b/stubdom/vtpm-implicit-fallthrough.patch +new file mode 100644 +index 0000000..db97be5 +--- /dev/null ++++ b/stubdom/vtpm-implicit-fallthrough.patch +@@ -0,0 +1,10 @@ ++--- tpm_emulator-x86_64/tpm/tpm_cmd_handler.c.orig 2017-04-27 13:37:14.408000000 +0200 +++++ tpm_emulator-x86_64/tpm/tpm_cmd_handler.c 2017-04-27 13:39:53.585000000 +0200 ++@@ -3397,6 +3397,7 @@ ++ sizeof(rsp->auth2->nonceOdd.nonce)); ++ tpm_hmac_update(&hmac, (BYTE*)&rsp->auth2->continueAuthSession, 1); ++ tpm_hmac_final(&hmac, rsp->auth2->auth); +++ /* fall-thru */ ++ case TPM_TAG_RSP_AUTH1_COMMAND: ++ tpm_hmac_init(&hmac, rsp->auth1->secret, sizeof(rsp->auth1->secret)); ++ tpm_hmac_update(&hmac, rsp->auth1->digest, sizeof(rsp->auth1->digest)); +-- +2.7.4 + + +_______________________________________________ +Xen-devel mailing list +Xen-devel@lists.xen.org +https://lists.xen.org/xen-devel diff --git a/pcr-testing/xen/patch-gcc7-vtpmmgr-make-inline-static.patch b/pcr-testing/xen/patch-gcc7-vtpmmgr-make-inline-static.patch new file mode 100644 index 000000000..a2c96691a --- /dev/null +++ b/pcr-testing/xen/patch-gcc7-vtpmmgr-make-inline-static.patch @@ -0,0 +1,1161 @@ +gcc7 is more strict with functions marked as inline. They are not +automatically inlined. Instead a function call is generated, but the +actual code is not visible by the linker. + +Do a mechanical change and mark every 'inline' as 'static inline'. For +simpler review the static goes into an extra line. + +Signed-off-by: Olaf Hering <olaf@aepfle.de> +--- + stubdom/vtpmmgr/marshal.h | 76 ++++++++++++++++++++++++++++++++++++++++++ + stubdom/vtpmmgr/tcg.h | 14 ++++++++ + stubdom/vtpmmgr/tpm2_marshal.h | 58 ++++++++++++++++++++++++++++++++ + stubdom/vtpmmgr/tpmrsa.h | 1 + + 4 files changed, 149 insertions(+) + +diff --git a/stubdom/vtpmmgr/marshal.h b/stubdom/vtpmmgr/marshal.h +index d826f19d89..dce19c6439 100644 +--- a/stubdom/vtpmmgr/marshal.h ++++ b/stubdom/vtpmmgr/marshal.h +@@ -47,16 +47,19 @@ typedef enum UnpackPtr { + UNPACK_ALLOC + } UnpackPtr; + ++static + inline BYTE* pack_BYTE(BYTE* ptr, BYTE t) { + ptr[0] = t; + return ++ptr; + } + ++static + inline BYTE* unpack_BYTE(BYTE* ptr, BYTE* t) { + t[0] = ptr[0]; + return ++ptr; + } + ++static + inline int unpack3_BYTE(BYTE* ptr, UINT32* pos, UINT32 max, BYTE *t) + { + if (*pos + 1 > max) +@@ -72,18 +75,21 @@ inline int unpack3_BYTE(BYTE* ptr, UINT32* pos, UINT32 max, BYTE *t) + #define unpack3_BOOL(p, x, m, t) unpack3_BYTE(p, x, m, t) + #define sizeof_BOOL(t) 1 + ++static + inline BYTE* pack_UINT16(void* ptr, UINT16 t) { + UINT16* p = ptr; + *p = cpu_to_be16(t); + return ptr + sizeof(UINT16); + } + ++static + inline BYTE* unpack_UINT16(void* ptr, UINT16* t) { + UINT16* p = ptr; + *t = be16_to_cpu(*p); + return ptr + sizeof(UINT16); + } + ++static + inline int unpack3_UINT16(BYTE* ptr, UINT32* pos, UINT32 max, UINT16 *t) + { + if (*pos + 2 > max) +@@ -93,18 +99,21 @@ inline int unpack3_UINT16(BYTE* ptr, UINT32* pos, UINT32 max, UINT16 *t) + return 0; + } + ++static + inline BYTE* pack_UINT32(void* ptr, UINT32 t) { + UINT32* p = ptr; + *p = cpu_to_be32(t); + return ptr + sizeof(UINT32); + } + ++static + inline BYTE* unpack_UINT32(void* ptr, UINT32* t) { + UINT32* p = ptr; + *t = be32_to_cpu(*p); + return ptr + sizeof(UINT32); + } + ++static + inline int unpack3_UINT32(BYTE* ptr, UINT32* pos, UINT32 max, UINT32 *t) + { + if (*pos + 4 > max) +@@ -236,16 +245,19 @@ inline int unpack3_UINT32(BYTE* ptr, UINT32* pos, UINT32 max, UINT32 *t) + #define sizeof_TCS_KEY_HANDLE(t) sizeof_UINT32(t) + + ++static + inline BYTE* pack_BUFFER(BYTE* ptr, const BYTE* buf, UINT32 size) { + memcpy(ptr, buf, size); + return ptr + size; + } + ++static + inline BYTE* unpack_BUFFER(BYTE* ptr, BYTE* buf, UINT32 size) { + memcpy(buf, ptr, size); + return ptr + size; + } + ++static + inline int unpack3_BUFFER(BYTE* ptr, UINT32* pos, UINT32 max, BYTE* buf, UINT32 size) { + if (*pos + size > max) + return TPM_SIZE; +@@ -256,11 +268,13 @@ inline int unpack3_BUFFER(BYTE* ptr, UINT32* pos, UINT32 max, BYTE* buf, UINT32 + + #define sizeof_BUFFER(b, s) s + ++static + inline BYTE* unpack_ALIAS(BYTE* ptr, BYTE** buf, UINT32 size) { + *buf = ptr; + return ptr + size; + } + ++static + inline BYTE* unpack_ALLOC(BYTE* ptr, BYTE** buf, UINT32 size) { + if(size) { + *buf = malloc(size); +@@ -271,6 +285,7 @@ inline BYTE* unpack_ALLOC(BYTE* ptr, BYTE** buf, UINT32 size) { + return ptr + size; + } + ++static + inline BYTE* unpack_PTR(BYTE* ptr, BYTE** buf, UINT32 size, UnpackPtr alloc) { + if(alloc == UNPACK_ALLOC) { + return unpack_ALLOC(ptr, buf, size); +@@ -279,6 +294,7 @@ inline BYTE* unpack_PTR(BYTE* ptr, BYTE** buf, UINT32 size, UnpackPtr alloc) { + } + } + ++static + inline int unpack3_PTR(BYTE* ptr, UINT32* pos, UINT32 max, BYTE** buf, UINT32 size, UnpackPtr alloc) { + if (size > max || *pos + size > max) + return TPM_SIZE; +@@ -292,14 +308,17 @@ inline int unpack3_PTR(BYTE* ptr, UINT32* pos, UINT32 max, BYTE** buf, UINT32 si + } + #define unpack3_VPTR(ptr, pos, max, buf, size, alloc) unpack3_PTR(ptr, pos, max, (void*)(buf), size, alloc) + ++static + inline BYTE* pack_TPM_AUTHDATA(BYTE* ptr, const TPM_AUTHDATA* d) { + return pack_BUFFER(ptr, *d, TPM_DIGEST_SIZE); + } + ++static + inline BYTE* unpack_TPM_AUTHDATA(BYTE* ptr, TPM_AUTHDATA* d) { + return unpack_BUFFER(ptr, *d, TPM_DIGEST_SIZE); + } + ++static + inline int unpack3_TPM_AUTHDATA(BYTE* ptr, UINT32* pos, UINT32 len, TPM_AUTHDATA* d) { + return unpack3_BUFFER(ptr, pos, len, *d, TPM_DIGEST_SIZE); + } +@@ -325,6 +344,7 @@ inline int unpack3_TPM_AUTHDATA(BYTE* ptr, UINT32* pos, UINT32 len, TPM_AUTHDATA + #define sizeof_TPM_TAG(t) sizeof_UINT16(t) + #define sizeof_TPM_STRUCTURE_TAG(t) sizeof_UINT16(t) + ++static + inline BYTE* pack_TPM_VERSION(BYTE* ptr, const TPM_VERSION* t) { + ptr[0] = t->major; + ptr[1] = t->minor; +@@ -333,6 +353,7 @@ inline BYTE* pack_TPM_VERSION(BYTE* ptr, const TPM_VERSION* t) { + return ptr + 4; + } + ++static + inline BYTE* unpack_TPM_VERSION(BYTE* ptr, TPM_VERSION* t) { + t->major = ptr[0]; + t->minor = ptr[1]; +@@ -341,6 +362,7 @@ inline BYTE* unpack_TPM_VERSION(BYTE* ptr, TPM_VERSION* t) { + return ptr + 4; + } + ++static + inline int unpack3_TPM_VERSION(BYTE* ptr, UINT32 *pos, UINT32 max, TPM_VERSION* t) { + if (*pos + 4 > max) + return TPM_SIZE; +@@ -355,6 +377,7 @@ inline int unpack3_TPM_VERSION(BYTE* ptr, UINT32 *pos, UINT32 max, TPM_VERSION* + + #define sizeof_TPM_VERSION(x) 4 + ++static + inline BYTE* pack_TPM_CAP_VERSION_INFO(BYTE* ptr, const TPM_CAP_VERSION_INFO* v) { + ptr = pack_TPM_STRUCTURE_TAG(ptr, v->tag); + ptr = pack_TPM_VERSION(ptr, &v->version); +@@ -366,6 +389,7 @@ inline BYTE* pack_TPM_CAP_VERSION_INFO(BYTE* ptr, const TPM_CAP_VERSION_INFO* v) + return ptr; + } + ++static + inline BYTE* unpack_TPM_CAP_VERSION_INFO(BYTE* ptr, TPM_CAP_VERSION_INFO* v, UnpackPtr alloc) { + ptr = unpack_TPM_STRUCTURE_TAG(ptr, &v->tag); + ptr = unpack_TPM_VERSION(ptr, &v->version); +@@ -377,14 +401,17 @@ inline BYTE* unpack_TPM_CAP_VERSION_INFO(BYTE* ptr, TPM_CAP_VERSION_INFO* v, Unp + return ptr; + } + ++static + inline BYTE* pack_TPM_DIGEST(BYTE* ptr, const TPM_DIGEST* d) { + return pack_BUFFER(ptr, d->digest, TPM_DIGEST_SIZE); + } + ++static + inline BYTE* unpack_TPM_DIGEST(BYTE* ptr, TPM_DIGEST* d) { + return unpack_BUFFER(ptr, d->digest, TPM_DIGEST_SIZE); + } + ++static + inline int unpack3_TPM_DIGEST(BYTE* ptr, UINT32* pos, UINT32 max, TPM_DIGEST* d) { + return unpack3_BUFFER(ptr, pos, max, d->digest, TPM_DIGEST_SIZE); + } +@@ -409,20 +436,24 @@ inline int unpack3_TPM_DIGEST(BYTE* ptr, UINT32* pos, UINT32 max, TPM_DIGEST* d) + #define pack_TPM_CHOSENID_HASH(ptr, d) pack_TPM_DIGEST(ptr, d) + #define unpack_TPM_CHOSENID_HASH(ptr, d) unpack_TPM_DIGEST(ptr, d) + ++static + inline BYTE* pack_TPM_NONCE(BYTE* ptr, const TPM_NONCE* n) { + return pack_BUFFER(ptr, n->nonce, TPM_DIGEST_SIZE); + } + ++static + inline BYTE* unpack_TPM_NONCE(BYTE* ptr, TPM_NONCE* n) { + return unpack_BUFFER(ptr, n->nonce, TPM_DIGEST_SIZE); + } + + #define sizeof_TPM_NONCE(x) TPM_DIGEST_SIZE + ++static + inline int unpack3_TPM_NONCE(BYTE* ptr, UINT32* pos, UINT32 max, TPM_NONCE* n) { + return unpack3_BUFFER(ptr, pos, max, n->nonce, TPM_DIGEST_SIZE); + } + ++static + inline BYTE* pack_TPM_SYMMETRIC_KEY_PARMS(BYTE* ptr, const TPM_SYMMETRIC_KEY_PARMS* k) { + ptr = pack_UINT32(ptr, k->keyLength); + ptr = pack_UINT32(ptr, k->blockSize); +@@ -430,6 +461,7 @@ inline BYTE* pack_TPM_SYMMETRIC_KEY_PARMS(BYTE* ptr, const TPM_SYMMETRIC_KEY_PAR + return pack_BUFFER(ptr, k->IV, k->ivSize); + } + ++static + inline BYTE* pack_TPM_SYMMETRIC_KEY(BYTE* ptr, const TPM_SYMMETRIC_KEY* k) { + ptr = pack_UINT32(ptr, k->algId); + ptr = pack_UINT16(ptr, k->encScheme); +@@ -437,6 +469,7 @@ inline BYTE* pack_TPM_SYMMETRIC_KEY(BYTE* ptr, const TPM_SYMMETRIC_KEY* k) { + return pack_BUFFER(ptr, k->data, k->size); + } + ++static + inline int unpack3_TPM_SYMMETRIC_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 max, TPM_SYMMETRIC_KEY_PARMS* k, UnpackPtr alloc) { + return unpack3_UINT32(ptr, pos, max, &k->keyLength) || + unpack3_UINT32(ptr, pos, max, &k->blockSize) || +@@ -444,10 +477,12 @@ inline int unpack3_TPM_SYMMETRIC_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 max, T + unpack3_PTR(ptr, pos, max, &k->IV, k->ivSize, alloc); + } + ++static + inline int sizeof_TPM_SYMMETRIC_KEY_PARMS(const TPM_SYMMETRIC_KEY_PARMS* k) { + return 12 + k->ivSize; + } + ++static + inline int unpack3_TPM_SYMMETRIC_KEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_SYMMETRIC_KEY* k, UnpackPtr alloc) { + return unpack3_UINT32(ptr, pos, max, &k->algId) || + unpack3_UINT16(ptr, pos, max, &k->encScheme) || +@@ -455,6 +490,7 @@ inline int unpack3_TPM_SYMMETRIC_KEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_SYM + unpack3_PTR(ptr, pos, max, &k->data, k->size, alloc); + } + ++static + inline BYTE* pack_TPM_RSA_KEY_PARMS(BYTE* ptr, const TPM_RSA_KEY_PARMS* k) { + ptr = pack_UINT32(ptr, k->keyLength); + ptr = pack_UINT32(ptr, k->numPrimes); +@@ -462,6 +498,7 @@ inline BYTE* pack_TPM_RSA_KEY_PARMS(BYTE* ptr, const TPM_RSA_KEY_PARMS* k) { + return pack_BUFFER(ptr, k->exponent, k->exponentSize); + } + ++static + inline int unpack3_TPM_RSA_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 max, TPM_RSA_KEY_PARMS* k, UnpackPtr alloc) { + return unpack3_UINT32(ptr, pos, max, &k->keyLength) || + unpack3_UINT32(ptr, pos, max, &k->numPrimes) || +@@ -469,11 +506,13 @@ inline int unpack3_TPM_RSA_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 max, TPM_RSA + unpack3_PTR(ptr, pos, max, &k->exponent, k->exponentSize, alloc); + } + ++static + inline int sizeof_TPM_RSA_KEY_PARMS(const TPM_RSA_KEY_PARMS* k) { + return 12 + k->exponentSize; + } + + ++static + inline BYTE* pack_TPM_KEY_PARMS(BYTE* ptr, const TPM_KEY_PARMS* k) { + ptr = pack_TPM_ALGORITHM_ID(ptr, k->algorithmID); + ptr = pack_TPM_ENC_SCHEME(ptr, k->encScheme); +@@ -493,6 +532,7 @@ inline BYTE* pack_TPM_KEY_PARMS(BYTE* ptr, const TPM_KEY_PARMS* k) { + return ptr; + } + ++static + inline int unpack3_TPM_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 len, TPM_KEY_PARMS* k, UnpackPtr alloc) { + int rc = unpack3_TPM_ALGORITHM_ID(ptr, pos, len, &k->algorithmID) || + unpack3_TPM_ENC_SCHEME(ptr, pos, len, &k->encScheme) || +@@ -511,6 +551,7 @@ inline int unpack3_TPM_KEY_PARMS(BYTE* ptr, UINT32* pos, UINT32 len, TPM_KEY_PAR + return TPM_FAIL; + } + ++static + inline int sizeof_TPM_KEY_PARMS(const TPM_KEY_PARMS* k) { + int rc = 0; + rc += sizeof_TPM_ALGORITHM_ID(&k->algorithmID); +@@ -532,52 +573,62 @@ inline int sizeof_TPM_KEY_PARMS(const TPM_KEY_PARMS* k) { + return rc; + } + ++static + inline BYTE* pack_TPM_STORE_PUBKEY(BYTE* ptr, const TPM_STORE_PUBKEY* k) { + ptr = pack_UINT32(ptr, k->keyLength); + ptr = pack_BUFFER(ptr, k->key, k->keyLength); + return ptr; + } + ++static + inline int unpack3_TPM_STORE_PUBKEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_STORE_PUBKEY* k, UnpackPtr alloc) { + return unpack3_UINT32(ptr, pos, max, &k->keyLength) || + unpack3_PTR(ptr, pos, max, &k->key, k->keyLength, alloc); + } + ++static + inline int sizeof_TPM_STORE_PUBKEY(const TPM_STORE_PUBKEY* k) { + return 4 + k->keyLength; + } + ++static + inline BYTE* pack_TPM_PUBKEY(BYTE* ptr, const TPM_PUBKEY* k) { + ptr = pack_TPM_KEY_PARMS(ptr, &k->algorithmParms); + return pack_TPM_STORE_PUBKEY(ptr, &k->pubKey); + } + ++static + inline int unpack3_TPM_PUBKEY(BYTE* ptr, UINT32* pos, UINT32 len, TPM_PUBKEY* k, UnpackPtr alloc) { + return unpack3_TPM_KEY_PARMS(ptr, pos, len, &k->algorithmParms, alloc) || + unpack3_TPM_STORE_PUBKEY(ptr, pos, len, &k->pubKey, alloc); + } + ++static + inline BYTE* pack_TPM_PCR_SELECTION(BYTE* ptr, const TPM_PCR_SELECTION* p) { + ptr = pack_UINT16(ptr, p->sizeOfSelect); + ptr = pack_BUFFER(ptr, p->pcrSelect, p->sizeOfSelect); + return ptr; + } + ++static + inline BYTE* unpack_TPM_PCR_SELECTION(BYTE* ptr, TPM_PCR_SELECTION* p, UnpackPtr alloc) { + ptr = unpack_UINT16(ptr, &p->sizeOfSelect); + ptr = unpack_PTR(ptr, &p->pcrSelect, p->sizeOfSelect, alloc); + return ptr; + } + ++static + inline int unpack3_TPM_PCR_SELECTION(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR_SELECTION* p, UnpackPtr alloc) { + return unpack3_UINT16(ptr, pos, max, &p->sizeOfSelect) || + unpack3_PTR(ptr, pos, max, &p->pcrSelect, p->sizeOfSelect, alloc); + } + ++static + inline int sizeof_TPM_PCR_SELECTION(const TPM_PCR_SELECTION* p) { + return 2 + p->sizeOfSelect; + } + ++static + inline BYTE* pack_TPM_PCR_INFO(BYTE* ptr, const TPM_PCR_INFO* p) { + ptr = pack_TPM_PCR_SELECTION(ptr, &p->pcrSelection); + ptr = pack_TPM_COMPOSITE_HASH(ptr, &p->digestAtRelease); +@@ -585,12 +636,14 @@ inline BYTE* pack_TPM_PCR_INFO(BYTE* ptr, const TPM_PCR_INFO* p) { + return ptr; + } + ++static + inline int unpack3_TPM_PCR_INFO(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR_INFO* p, UnpackPtr alloc) { + return unpack3_TPM_PCR_SELECTION(ptr, pos, max, &p->pcrSelection, alloc) || + unpack3_TPM_COMPOSITE_HASH(ptr, pos, max, &p->digestAtRelease) || + unpack3_TPM_COMPOSITE_HASH(ptr, pos, max, &p->digestAtCreation); + } + ++static + inline int sizeof_TPM_PCR_INFO(const TPM_PCR_INFO* p) { + int rc = 0; + rc += sizeof_TPM_PCR_SELECTION(&p->pcrSelection); +@@ -599,6 +652,7 @@ inline int sizeof_TPM_PCR_INFO(const TPM_PCR_INFO* p) { + return rc; + } + ++static + inline BYTE* pack_TPM_PCR_INFO_LONG(BYTE* ptr, const TPM_PCR_INFO_LONG* p) { + ptr = pack_TPM_STRUCTURE_TAG(ptr, p->tag); + ptr = pack_TPM_LOCALITY_SELECTION(ptr, p->localityAtCreation); +@@ -610,6 +664,7 @@ inline BYTE* pack_TPM_PCR_INFO_LONG(BYTE* ptr, const TPM_PCR_INFO_LONG* p) { + return ptr; + } + ++static + inline int sizeof_TPM_PCR_INFO_LONG(const TPM_PCR_INFO_LONG* p) { + int rc = 0; + rc += sizeof_TPM_STRUCTURE_TAG(p->tag); +@@ -622,6 +677,7 @@ inline int sizeof_TPM_PCR_INFO_LONG(const TPM_PCR_INFO_LONG* p) { + return rc; + } + ++static + inline int unpack3_TPM_PCR_INFO_LONG(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR_INFO_LONG* p, UnpackPtr alloc) { + return unpack3_TPM_STRUCTURE_TAG(ptr, pos, max, &p->tag) || + unpack3_TPM_LOCALITY_SELECTION(ptr, pos, max, +@@ -637,6 +693,7 @@ inline int unpack3_TPM_PCR_INFO_LONG(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR + unpack3_TPM_COMPOSITE_HASH(ptr, pos, max, &p->digestAtRelease); + } + ++static + inline BYTE* pack_TPM_PCR_COMPOSITE(BYTE* ptr, const TPM_PCR_COMPOSITE* p) { + ptr = pack_TPM_PCR_SELECTION(ptr, &p->select); + ptr = pack_UINT32(ptr, p->valueSize); +@@ -644,12 +701,14 @@ inline BYTE* pack_TPM_PCR_COMPOSITE(BYTE* ptr, const TPM_PCR_COMPOSITE* p) { + return ptr; + } + ++static + inline int unpack3_TPM_PCR_COMPOSITE(BYTE* ptr, UINT32* pos, UINT32 max, TPM_PCR_COMPOSITE* p, UnpackPtr alloc) { + return unpack3_TPM_PCR_SELECTION(ptr, pos, max, &p->select, alloc) || + unpack3_UINT32(ptr, pos, max, &p->valueSize) || + unpack3_PTR(ptr, pos, max, (BYTE**)&p->pcrValue, p->valueSize, alloc); + } + ++static + inline BYTE* pack_TPM_KEY(BYTE* ptr, const TPM_KEY* k) { + ptr = pack_TPM_VERSION(ptr, &k->ver); + ptr = pack_TPM_KEY_USAGE(ptr, k->keyUsage); +@@ -665,6 +724,7 @@ inline BYTE* pack_TPM_KEY(BYTE* ptr, const TPM_KEY* k) { + return pack_BUFFER(ptr, k->encData, k->encDataSize); + } + ++static + inline int unpack3_TPM_KEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_KEY* k, UnpackPtr alloc) { + int rc = unpack3_TPM_VERSION(ptr, pos, max, &k->ver) || + unpack3_TPM_KEY_USAGE(ptr, pos, max, &k->keyUsage) || +@@ -682,6 +742,7 @@ inline int unpack3_TPM_KEY(BYTE* ptr, UINT32* pos, UINT32 max, TPM_KEY* k, Unpac + unpack3_PTR(ptr, pos, max, &k->encData, k->encDataSize, alloc); + } + ++static + inline int sizeof_TPM_KEY(const TPM_KEY* k) { + int rc = 0; + rc += sizeof_TPM_VERSION(&k->ver); +@@ -699,18 +760,21 @@ inline int sizeof_TPM_KEY(const TPM_KEY* k) { + return rc; + } + ++static + inline BYTE* pack_TPM_BOUND_DATA(BYTE* ptr, const TPM_BOUND_DATA* b, UINT32 payloadSize) { + ptr = pack_TPM_VERSION(ptr, &b->ver); + ptr = pack_TPM_PAYLOAD_TYPE(ptr, b->payload); + return pack_BUFFER(ptr, b->payloadData, payloadSize); + } + ++static + inline BYTE* unpack_TPM_BOUND_DATA(BYTE* ptr, TPM_BOUND_DATA* b, UINT32 payloadSize, UnpackPtr alloc) { + ptr = unpack_TPM_VERSION(ptr, &b->ver); + ptr = unpack_TPM_PAYLOAD_TYPE(ptr, &b->payload); + return unpack_PTR(ptr, &b->payloadData, payloadSize, alloc); + } + ++static + inline BYTE* pack_TPM_STORED_DATA(BYTE* ptr, const TPM_STORED_DATA* d) { + ptr = pack_TPM_VERSION(ptr, &d->ver); + ptr = pack_UINT32(ptr, d->sealInfoSize); +@@ -722,6 +786,7 @@ inline BYTE* pack_TPM_STORED_DATA(BYTE* ptr, const TPM_STORED_DATA* d) { + return ptr; + } + ++static + inline int sizeof_TPM_STORED_DATA(const TPM_STORED_DATA* d) { + int rv = sizeof_TPM_VERSION(&d->ver) + sizeof_UINT32(d->sealInfoSize); + if (d->sealInfoSize) { +@@ -732,6 +797,7 @@ inline int sizeof_TPM_STORED_DATA(const TPM_STORED_DATA* d) { + return rv; + } + ++static + inline int unpack3_TPM_STORED_DATA(BYTE* ptr, UINT32* pos, UINT32 len, TPM_STORED_DATA* d, UnpackPtr alloc) { + int rc = unpack3_TPM_VERSION(ptr, pos, len, &d->ver) || + unpack3_UINT32(ptr, pos, len, &d->sealInfoSize); +@@ -746,6 +812,7 @@ inline int unpack3_TPM_STORED_DATA(BYTE* ptr, UINT32* pos, UINT32 len, TPM_STORE + return rc; + } + ++static + inline BYTE* pack_TPM_STORED_DATA12(BYTE* ptr, const TPM_STORED_DATA12* d) { + ptr = pack_TPM_STRUCTURE_TAG(ptr, d->tag); + ptr = pack_TPM_ENTITY_TYPE(ptr, d->et); +@@ -758,6 +825,7 @@ inline BYTE* pack_TPM_STORED_DATA12(BYTE* ptr, const TPM_STORED_DATA12* d) { + return ptr; + } + ++static + inline int sizeof_TPM_STORED_DATA12(const TPM_STORED_DATA12* d) { + int rv = sizeof_TPM_STRUCTURE_TAG(&d->ver) + + sizeof_TPM_ENTITY_TYPE(&d->et) + +@@ -770,6 +838,7 @@ inline int sizeof_TPM_STORED_DATA12(const TPM_STORED_DATA12* d) { + return rv; + } + ++static + inline int unpack3_TPM_STORED_DATA12(BYTE* ptr, UINT32* pos, UINT32 len, TPM_STORED_DATA12* d, UnpackPtr alloc) { + int rc = unpack3_TPM_STRUCTURE_TAG(ptr, pos, len, &d->tag) || + unpack3_TPM_ENTITY_TYPE(ptr, pos, len, &d->et) || +@@ -786,6 +855,7 @@ inline int unpack3_TPM_STORED_DATA12(BYTE* ptr, UINT32* pos, UINT32 len, TPM_STO + return rc; + } + ++static + inline BYTE* pack_TPM_AUTH_SESSION(BYTE* ptr, const TPM_AUTH_SESSION* auth) { + ptr = pack_TPM_AUTH_HANDLE(ptr, auth->AuthHandle); + ptr = pack_TPM_NONCE(ptr, &auth->NonceOdd); +@@ -794,6 +864,7 @@ inline BYTE* pack_TPM_AUTH_SESSION(BYTE* ptr, const TPM_AUTH_SESSION* auth) { + return ptr; + } + ++static + inline BYTE* unpack_TPM_AUTH_SESSION(BYTE* ptr, TPM_AUTH_SESSION* auth) { + ptr = unpack_TPM_NONCE(ptr, &auth->NonceEven); + ptr = unpack_BOOL(ptr, &auth->fContinueAuthSession); +@@ -801,6 +872,7 @@ inline BYTE* unpack_TPM_AUTH_SESSION(BYTE* ptr, TPM_AUTH_SESSION* auth) { + return ptr; + } + ++static + inline int unpack3_TPM_AUTH_SESSION(BYTE* ptr, UINT32* pos, UINT32 len, TPM_AUTH_SESSION* auth) { + return unpack3_TPM_NONCE(ptr, pos, len, &auth->NonceEven) || + unpack3_BOOL(ptr, pos, len, &auth->fContinueAuthSession) || +@@ -808,6 +880,7 @@ inline int unpack3_TPM_AUTH_SESSION(BYTE* ptr, UINT32* pos, UINT32 len, TPM_AUTH + } + + ++static + inline int sizeof_TPM_AUTH_SESSION(const TPM_AUTH_SESSION* auth) { + int rv = 0; + rv += sizeof_TPM_AUTH_HANDLE(auth->AuthHandle); +@@ -817,6 +890,7 @@ inline int sizeof_TPM_AUTH_SESSION(const TPM_AUTH_SESSION* auth) { + return rv; + } + ++static + inline BYTE* pack_TPM_RQU_HEADER(BYTE* ptr, + TPM_TAG tag, + UINT32 size, +@@ -826,6 +900,7 @@ inline BYTE* pack_TPM_RQU_HEADER(BYTE* ptr, + return pack_UINT32(ptr, ord); + } + ++static + inline BYTE* unpack_TPM_RQU_HEADER(BYTE* ptr, + TPM_TAG* tag, + UINT32* size, +@@ -836,6 +911,7 @@ inline BYTE* unpack_TPM_RQU_HEADER(BYTE* ptr, + return ptr; + } + ++static + inline int unpack3_TPM_RQU_HEADER(BYTE* ptr, UINT32* pos, UINT32 max, + TPM_TAG* tag, UINT32* size, TPM_COMMAND_CODE* ord) { + return +diff --git a/stubdom/vtpmmgr/tcg.h b/stubdom/vtpmmgr/tcg.h +index 813ce57a2d..423131dc25 100644 +--- a/stubdom/vtpmmgr/tcg.h ++++ b/stubdom/vtpmmgr/tcg.h +@@ -461,6 +461,7 @@ typedef struct TPM_CAP_VERSION_INFO { + BYTE* vendorSpecific; + } TPM_CAP_VERSION_INFO; + ++static + inline void free_TPM_CAP_VERSION_INFO(TPM_CAP_VERSION_INFO* v) { + free(v->vendorSpecific); + v->vendorSpecific = NULL; +@@ -494,6 +495,7 @@ typedef struct TPM_SYMMETRIC_KEY { + BYTE* data; + } TPM_SYMMETRIC_KEY; + ++static + inline void free_TPM_SYMMETRIC_KEY_PARMS(TPM_SYMMETRIC_KEY_PARMS* p) { + free(p->IV); + p->IV = NULL; +@@ -510,6 +512,7 @@ typedef struct TPM_RSA_KEY_PARMS { + + #define TPM_RSA_KEY_PARMS_INIT { 0, 0, 0, NULL } + ++static + inline void free_TPM_RSA_KEY_PARMS(TPM_RSA_KEY_PARMS* p) { + free(p->exponent); + p->exponent = NULL; +@@ -528,6 +531,7 @@ typedef struct TPM_KEY_PARMS { + + #define TPM_KEY_PARMS_INIT { 0, 0, 0, 0 } + ++static + inline void free_TPM_KEY_PARMS(TPM_KEY_PARMS* p) { + if(p->parmSize) { + switch(p->algorithmID) { +@@ -550,6 +554,7 @@ typedef struct TPM_STORE_PUBKEY { + + #define TPM_STORE_PUBKEY_INIT { 0, NULL } + ++static + inline void free_TPM_STORE_PUBKEY(TPM_STORE_PUBKEY* p) { + free(p->key); + p->key = NULL; +@@ -562,6 +567,7 @@ typedef struct TPM_PUBKEY { + + #define TPM_PUBKEY_INIT { TPM_KEY_PARMS_INIT, TPM_STORE_PUBKEY_INIT } + ++static + inline void free_TPM_PUBKEY(TPM_PUBKEY* k) { + free_TPM_KEY_PARMS(&k->algorithmParms); + free_TPM_STORE_PUBKEY(&k->pubKey); +@@ -574,6 +580,7 @@ typedef struct TPM_PCR_SELECTION { + + #define TPM_PCR_SELECTION_INIT { 0, NULL } + ++static + inline void free_TPM_PCR_SELECTION(TPM_PCR_SELECTION* p) { + free(p->pcrSelect); + p->pcrSelect = NULL; +@@ -594,6 +601,7 @@ typedef struct TPM_PCR_INFO_LONG { + #define TPM_PCR_INFO_LONG_INIT { 0, 0, 0, TPM_PCR_SELECTION_INIT, \ + TPM_PCR_SELECTION_INIT } + ++static + inline void free_TPM_PCR_INFO_LONG(TPM_PCR_INFO_LONG* p) { + free_TPM_PCR_SELECTION(&p->creationPCRSelection); + free_TPM_PCR_SELECTION(&p->releasePCRSelection); +@@ -607,6 +615,7 @@ typedef struct TPM_PCR_INFO { + + #define TPM_PCR_INFO_INIT { TPM_PCR_SELECTION_INIT } + ++static + inline void free_TPM_PCR_INFO(TPM_PCR_INFO* p) { + free_TPM_PCR_SELECTION(&p->pcrSelection); + } +@@ -619,6 +628,7 @@ typedef struct TPM_PCR_COMPOSITE { + + #define TPM_PCR_COMPOSITE_INIT { TPM_PCR_SELECTION_INIT, 0, NULL } + ++static + inline void free_TPM_PCR_COMPOSITE(TPM_PCR_COMPOSITE* p) { + free_TPM_PCR_SELECTION(&p->select); + free(p->pcrValue); +@@ -643,6 +653,7 @@ typedef struct TPM_KEY { + .pubKey = TPM_STORE_PUBKEY_INIT, \ + .encDataSize = 0, .encData = NULL } + ++static + inline void free_TPM_KEY(TPM_KEY* k) { + if(k->PCRInfoSize) { + free_TPM_PCR_INFO(&k->PCRInfo); +@@ -660,6 +671,7 @@ typedef struct TPM_BOUND_DATA { + + #define TPM_BOUND_DATA_INIT { .payloadData = NULL } + ++static + inline void free_TPM_BOUND_DATA(TPM_BOUND_DATA* d) { + free(d->payloadData); + d->payloadData = NULL; +@@ -676,6 +688,7 @@ typedef struct TPM_STORED_DATA { + #define TPM_STORED_DATA_INIT { .sealInfoSize = 0, sealInfo = TPM_PCR_INFO_INIT,\ + .encDataSize = 0, .encData = NULL } + ++static + inline void free_TPM_STORED_DATA(TPM_STORED_DATA* d) { + if(d->sealInfoSize) { + free_TPM_PCR_INFO(&d->sealInfo); +@@ -696,6 +709,7 @@ typedef struct TPM_STORED_DATA12 { + #define TPM_STORED_DATA12_INIT { .sealInfoLongSize = 0, \ + sealInfoLong = TPM_PCR_INFO_INIT, .encDataSize = 0, .encData = NULL } + ++static + inline void free_TPM_STORED_DATA12(TPM_STORED_DATA12* d) { + if(d->sealInfoLongSize) { + free_TPM_PCR_INFO_LONG(&d->sealInfoLong); +diff --git a/stubdom/vtpmmgr/tpm2_marshal.h b/stubdom/vtpmmgr/tpm2_marshal.h +index aaa44645a2..ba070ad38e 100644 +--- a/stubdom/vtpmmgr/tpm2_marshal.h ++++ b/stubdom/vtpmmgr/tpm2_marshal.h +@@ -52,6 +52,7 @@ + #define pack_TPM_BUFFER(ptr, buf, size) pack_BUFFER(ptr, buf, size) + #define unpack_TPM_BUFFER(ptr, buf, size) unpack_BUFFER(ptr, buf, size) + ++static + inline BYTE* pack_BYTE_ARRAY(BYTE* ptr, const BYTE* array, UINT32 size) + { + int i; +@@ -60,21 +61,25 @@ inline BYTE* pack_BYTE_ARRAY(BYTE* ptr, const BYTE* array, UINT32 size) + return ptr; + } + ++static + inline BYTE* pack_TPMA_SESSION(BYTE* ptr, const TPMA_SESSION *attr) + { + return pack_BYTE(ptr, (BYTE)(*attr)); + } + ++static + inline BYTE* unpack_TPMA_SESSION(BYTE* ptr, TPMA_SESSION *attr) + { + return unpack_BYTE(ptr, (BYTE *)attr); + } + ++static + inline BYTE* pack_TPMI_ALG_HASH(BYTE* ptr, const TPMI_ALG_HASH *hash) + { + return pack_UINT16(ptr, *hash); + } + ++static + inline BYTE* unpack_TPMI_ALG_HASH(BYTE *ptr, TPMI_ALG_HASH *hash) + { + return unpack_UINT16(ptr, hash); +@@ -125,6 +130,7 @@ inline BYTE* unpack_TPMI_ALG_HASH(BYTE *ptr, TPMI_ALG_HASH *hash) + #define pack_TPMI_RH_LOCKOUT(ptr, l) pack_TPM2_HANDLE(ptr, l) + #define unpack_TPMI_RH_LOCKOUT(ptr, l) unpack_TPM2_HANDLE(ptr, l) + ++static + inline BYTE* pack_TPM2B_DIGEST(BYTE* ptr, const TPM2B_DIGEST *digest) + { + ptr = pack_UINT16(ptr, digest->size); +@@ -132,6 +138,7 @@ inline BYTE* pack_TPM2B_DIGEST(BYTE* ptr, const TPM2B_DIGEST *digest) + return ptr; + } + ++static + inline BYTE* unpack_TPM2B_DIGEST(BYTE* ptr, TPM2B_DIGEST *digest) + { + ptr = unpack_UINT16(ptr, &digest->size); +@@ -139,6 +146,7 @@ inline BYTE* unpack_TPM2B_DIGEST(BYTE* ptr, TPM2B_DIGEST *digest) + return ptr; + } + ++static + inline BYTE* pack_TPMT_TK_CREATION(BYTE* ptr,const TPMT_TK_CREATION *ticket ) + { + ptr = pack_TPM_ST(ptr , &ticket->tag); +@@ -147,6 +155,7 @@ inline BYTE* pack_TPMT_TK_CREATION(BYTE* ptr,const TPMT_TK_CREATION *ticket ) + return ptr; + } + ++static + inline BYTE* unpack_TPMT_TK_CREATION(BYTE* ptr, TPMT_TK_CREATION *ticket ) + { + ptr = unpack_TPM_ST(ptr, &ticket->tag); +@@ -155,6 +164,7 @@ inline BYTE* unpack_TPMT_TK_CREATION(BYTE* ptr, TPMT_TK_CREATION *ticket ) + return ptr; + } + ++static + inline BYTE* pack_TPM2B_NAME(BYTE* ptr,const TPM2B_NAME *name ) + { + ptr = pack_UINT16(ptr, name->size); +@@ -162,6 +172,7 @@ inline BYTE* pack_TPM2B_NAME(BYTE* ptr,const TPM2B_NAME *name ) + return ptr; + } + ++static + inline BYTE* unpack_TPM2B_NAME(BYTE* ptr, TPM2B_NAME *name) + { + ptr = unpack_UINT16(ptr, &name->size); +@@ -169,6 +180,7 @@ inline BYTE* unpack_TPM2B_NAME(BYTE* ptr, TPM2B_NAME *name) + return ptr; + } + ++static + inline BYTE* pack_TPM2B_NONCE(BYTE* ptr, const TPM2B_NONCE *nonce) + { + return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)nonce); +@@ -176,6 +188,7 @@ inline BYTE* pack_TPM2B_NONCE(BYTE* ptr, const TPM2B_NONCE *nonce) + + #define unpack_TPM2B_NONCE(ptr, nonce) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)nonce) + ++static + inline BYTE* pack_TPM2B_AUTH(BYTE* ptr, const TPM2B_AUTH *auth) + { + return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)auth); +@@ -183,6 +196,7 @@ inline BYTE* pack_TPM2B_AUTH(BYTE* ptr, const TPM2B_AUTH *auth) + + #define unpack_TPM2B_AUTH(ptr, auth) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)auth) + ++static + inline BYTE* pack_TPM2B_DATA(BYTE* ptr, const TPM2B_DATA *data) + { + return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)data); +@@ -190,6 +204,7 @@ inline BYTE* pack_TPM2B_DATA(BYTE* ptr, const TPM2B_DATA *data) + + #define unpack_TPM2B_DATA(ptr, data) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)data) + ++static + inline BYTE* pack_TPM2B_SENSITIVE_DATA(BYTE* ptr, const TPM2B_SENSITIVE_DATA *data) + { + return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)data); +@@ -197,6 +212,7 @@ inline BYTE* pack_TPM2B_SENSITIVE_DATA(BYTE* ptr, const TPM2B_SENSITIVE_DATA *da + + #define unpack_TPM2B_SENSITIVE_DATA(ptr, data) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)data) + ++static + inline BYTE* pack_TPM2B_PUBLIC_KEY_RSA(BYTE* ptr, const TPM2B_PUBLIC_KEY_RSA *rsa) + { + return pack_TPM2B_DIGEST(ptr, (const TPM2B_DIGEST*)rsa); +@@ -204,6 +220,7 @@ inline BYTE* pack_TPM2B_PUBLIC_KEY_RSA(BYTE* ptr, const TPM2B_PUBLIC_KEY_RSA *rs + + #define unpack_TPM2B_PUBLIC_KEY_RSA(ptr, rsa) unpack_TPM2B_DIGEST(ptr, (TPM2B_DIGEST*)rsa) + ++static + inline BYTE* pack_TPM2B_PRIVATE(BYTE* ptr, const TPM2B_PRIVATE *Private) + { + ptr = pack_UINT16(ptr, Private->size); +@@ -211,6 +228,7 @@ inline BYTE* pack_TPM2B_PRIVATE(BYTE* ptr, const TPM2B_PRIVATE *Private) + return ptr; + } + ++static + inline BYTE* unpack_TPM2B_PRIVATE(BYTE* ptr, TPM2B_PRIVATE *Private) + { + ptr = unpack_UINT16(ptr, &Private->size); +@@ -218,6 +236,7 @@ inline BYTE* unpack_TPM2B_PRIVATE(BYTE* ptr, TPM2B_PRIVATE *Private) + return ptr; + } + ++static + inline BYTE* pack_TPMS_PCR_SELECTION_ARRAY(BYTE* ptr, const TPMS_PCR_SELECTION *sel, UINT32 count) + { + int i; +@@ -229,6 +248,7 @@ inline BYTE* pack_TPMS_PCR_SELECTION_ARRAY(BYTE* ptr, const TPMS_PCR_SELECTION * + return ptr; + } + ++static + inline BYTE* unpack_TPMS_PCR_SELECTION_ARRAY(BYTE* ptr, TPMS_PCR_SELECTION *sel, UINT32 count) + { + int i; +@@ -240,6 +260,7 @@ inline BYTE* unpack_TPMS_PCR_SELECTION_ARRAY(BYTE* ptr, TPMS_PCR_SELECTION *sel, + return ptr; + } + ++static + inline BYTE* pack_TPML_PCR_SELECTION(BYTE* ptr, const TPML_PCR_SELECTION *sel) + { + ptr = pack_UINT32(ptr, sel->count); +@@ -247,6 +268,7 @@ inline BYTE* pack_TPML_PCR_SELECTION(BYTE* ptr, const TPML_PCR_SELECTION *sel) + return ptr; + } + ++static + inline BYTE* unpack_TPML_PCR_SELECTION(BYTE* ptr, TPML_PCR_SELECTION *sel) + { + ptr = unpack_UINT32(ptr, &sel->count); +@@ -254,6 +276,7 @@ inline BYTE* unpack_TPML_PCR_SELECTION(BYTE* ptr, TPML_PCR_SELECTION *sel) + return ptr; + } + ++static + inline BYTE* unpack_TPML_DIGEST(BYTE* ptr,TPML_DIGEST *digest) + { + int i; +@@ -265,6 +288,7 @@ inline BYTE* unpack_TPML_DIGEST(BYTE* ptr,TPML_DIGEST *digest) + return ptr; + } + ++static + inline BYTE* pack_TPMS_CREATION_DATA(BYTE* ptr,const TPMS_CREATION_DATA *data) + { + ptr = pack_TPML_PCR_SELECTION(ptr, &data->pcrSelect); +@@ -276,6 +300,7 @@ inline BYTE* pack_TPMS_CREATION_DATA(BYTE* ptr,const TPMS_CREATION_DATA *data) + return ptr; + } + ++static + inline BYTE* unpack_TPMS_CREATION_DATA(BYTE* ptr, TPMS_CREATION_DATA *data) + { + ptr = unpack_TPML_PCR_SELECTION(ptr, &data->pcrSelect); +@@ -288,6 +313,7 @@ inline BYTE* unpack_TPMS_CREATION_DATA(BYTE* ptr, TPMS_CREATION_DATA *data) + return ptr; + } + ++static + inline BYTE* pack_TPM2B_CREATION_DATA(BYTE* ptr, const TPM2B_CREATION_DATA *data ) + { + ptr = pack_UINT16(ptr, data->size); +@@ -295,6 +321,7 @@ inline BYTE* pack_TPM2B_CREATION_DATA(BYTE* ptr, const TPM2B_CREATION_DATA *data + return ptr; + } + ++static + inline BYTE* unpack_TPM2B_CREATION_DATA(BYTE* ptr, TPM2B_CREATION_DATA * data) + { + ptr = unpack_UINT16(ptr, &data->size); +@@ -302,6 +329,7 @@ inline BYTE* unpack_TPM2B_CREATION_DATA(BYTE* ptr, TPM2B_CREATION_DATA * data) + return ptr; + } + ++static + inline BYTE* pack_TPMS_SENSITIVE_CREATE(BYTE* ptr, const TPMS_SENSITIVE_CREATE *create) + { + ptr = pack_TPM2B_AUTH(ptr, &create->userAuth); +@@ -309,6 +337,7 @@ inline BYTE* pack_TPMS_SENSITIVE_CREATE(BYTE* ptr, const TPMS_SENSITIVE_CREATE * + return ptr; + } + ++static + inline BYTE* pack_TPM2B_SENSITIVE_CREATE(BYTE* ptr, const TPM2B_SENSITIVE_CREATE *create) + { + BYTE* sizePtr = ptr; +@@ -318,6 +347,7 @@ inline BYTE* pack_TPM2B_SENSITIVE_CREATE(BYTE* ptr, const TPM2B_SENSITIVE_CREATE + return ptr; + } + ++static + inline BYTE* pack_TPMU_SYM_MODE(BYTE* ptr, const TPMU_SYM_MODE *p, + const TPMI_ALG_SYM_OBJECT *sel) + { +@@ -336,6 +366,7 @@ inline BYTE* pack_TPMU_SYM_MODE(BYTE* ptr, const TPMU_SYM_MODE *p, + } + return ptr; + } ++static + inline BYTE* unpack_TPMU_SYM_MODE(BYTE* ptr, TPMU_SYM_MODE *p, + const TPMI_ALG_SYM_OBJECT *sel) + { +@@ -355,6 +386,7 @@ inline BYTE* unpack_TPMU_SYM_MODE(BYTE* ptr, TPMU_SYM_MODE *p, + return ptr; + } + ++static + inline BYTE* pack_TPMU_SYM_KEY_BITS(BYTE* ptr, const TPMU_SYM_KEY_BITS *p, + const TPMI_ALG_SYM_OBJECT *sel) + { +@@ -376,6 +408,7 @@ inline BYTE* pack_TPMU_SYM_KEY_BITS(BYTE* ptr, const TPMU_SYM_KEY_BITS *p, + return ptr; + } + ++static + inline BYTE* unpack_TPMU_SYM_KEY_BITS(BYTE* ptr, TPMU_SYM_KEY_BITS *p, + const TPMI_ALG_SYM_OBJECT *sel) + { +@@ -397,6 +430,7 @@ inline BYTE* unpack_TPMU_SYM_KEY_BITS(BYTE* ptr, TPMU_SYM_KEY_BITS *p, + return ptr; + } + ++static + inline BYTE* pack_TPMT_SYM_DEF_OBJECT(BYTE* ptr, const TPMT_SYM_DEF_OBJECT *p) + { + ptr = pack_TPMI_ALG_SYM_OBJECT(ptr, &p->algorithm); +@@ -405,6 +439,7 @@ inline BYTE* pack_TPMT_SYM_DEF_OBJECT(BYTE* ptr, const TPMT_SYM_DEF_OBJECT *p) + return ptr; + } + ++static + inline BYTE* unpack_TPMT_SYM_DEF_OBJECT(BYTE *ptr, TPMT_SYM_DEF_OBJECT *p) + { + ptr = unpack_TPMI_ALG_SYM_OBJECT(ptr, &p->algorithm); +@@ -416,6 +451,7 @@ inline BYTE* unpack_TPMT_SYM_DEF_OBJECT(BYTE *ptr, TPMT_SYM_DEF_OBJECT *p) + #define pack_TPMS_SCHEME_OAEP(p, t) pack_TPMI_ALG_HASH(p, &((t)->hashAlg)) + #define unpack_TPMS_SCHEME_OAEP(p, t) unpack_TPMI_ALG_HASH(p, &((t)->hashAlg)) + ++static + inline BYTE* pack_TPMU_ASYM_SCHEME(BYTE *ptr, const TPMU_ASYM_SCHEME *p, + const TPMI_ALG_RSA_SCHEME *s) + { +@@ -438,6 +474,7 @@ inline BYTE* pack_TPMU_ASYM_SCHEME(BYTE *ptr, const TPMU_ASYM_SCHEME *p, + return ptr; + } + ++static + inline BYTE* unpack_TPMU_ASYM_SCHEME(BYTE *ptr, TPMU_ASYM_SCHEME *p, + const TPMI_ALG_RSA_SCHEME *s) + { +@@ -462,6 +499,7 @@ inline BYTE* unpack_TPMU_ASYM_SCHEME(BYTE *ptr, TPMU_ASYM_SCHEME *p, + return ptr; + } + ++static + inline BYTE* pack_TPMT_RSA_SCHEME(BYTE* ptr, const TPMT_RSA_SCHEME *p) + { + ptr = pack_TPMI_ALG_RSA_SCHEME(ptr, &p->scheme); +@@ -469,6 +507,7 @@ inline BYTE* pack_TPMT_RSA_SCHEME(BYTE* ptr, const TPMT_RSA_SCHEME *p) + return ptr; + } + ++static + inline BYTE* unpack_TPMT_RSA_SCHEME(BYTE* ptr, TPMT_RSA_SCHEME *p) + { + ptr = unpack_TPMI_ALG_RSA_SCHEME(ptr, &p->scheme); +@@ -476,6 +515,7 @@ inline BYTE* unpack_TPMT_RSA_SCHEME(BYTE* ptr, TPMT_RSA_SCHEME *p) + return ptr; + } + ++static + inline BYTE* pack_TPMT_RSA_DECRYPT(BYTE* ptr, const TPMT_RSA_DECRYPT *p) + { + ptr = pack_TPMI_ALG_RSA_SCHEME(ptr, &p->scheme); +@@ -483,6 +523,7 @@ inline BYTE* pack_TPMT_RSA_DECRYPT(BYTE* ptr, const TPMT_RSA_DECRYPT *p) + return ptr; + } + ++static + inline BYTE* pack_TPMS_RSA_PARMS(BYTE* ptr, const TPMS_RSA_PARMS *p) + { + ptr = pack_TPMT_SYM_DEF_OBJECT(ptr, &p->symmetric); +@@ -492,6 +533,7 @@ inline BYTE* pack_TPMS_RSA_PARMS(BYTE* ptr, const TPMS_RSA_PARMS *p) + return ptr; + } + ++static + inline BYTE* unpack_TPMS_RSA_PARMS(BYTE *ptr, TPMS_RSA_PARMS *p) + { + ptr = unpack_TPMT_SYM_DEF_OBJECT(ptr, &p->symmetric); +@@ -501,6 +543,7 @@ inline BYTE* unpack_TPMS_RSA_PARMS(BYTE *ptr, TPMS_RSA_PARMS *p) + return ptr; + } + ++static + inline BYTE* pack_TPMU_PUBLIC_PARMS(BYTE* ptr, const TPMU_PUBLIC_PARMS *param, + const TPMI_ALG_PUBLIC *selector) + { +@@ -518,6 +561,7 @@ inline BYTE* pack_TPMU_PUBLIC_PARMS(BYTE* ptr, const TPMU_PUBLIC_PARMS *param, + return NULL; + } + ++static + inline BYTE* unpack_TPMU_PUBLIC_PARMS(BYTE* ptr, TPMU_PUBLIC_PARMS *param, + const TPMI_ALG_PUBLIC *selector) + { +@@ -535,18 +579,21 @@ inline BYTE* unpack_TPMU_PUBLIC_PARMS(BYTE* ptr, TPMU_PUBLIC_PARMS *param, + return NULL; + } + ++static + inline BYTE* pack_TPMS_ECC_POINT(BYTE* ptr, const TPMS_ECC_POINT *point) + { + assert(false); + return ptr; + } + ++static + inline BYTE* unpack_TPMS_ECC_POINT(BYTE* ptr, TPMS_ECC_POINT *point) + { + assert(false); + return ptr; + } + ++static + inline BYTE* pack_TPMU_PUBLIC_ID(BYTE* ptr, const TPMU_PUBLIC_ID *id, + const TPMI_ALG_PUBLIC *selector) + { +@@ -564,6 +611,7 @@ inline BYTE* pack_TPMU_PUBLIC_ID(BYTE* ptr, const TPMU_PUBLIC_ID *id, + return NULL; + } + ++static + inline BYTE* unpack_TPMU_PUBLIC_ID(BYTE* ptr, TPMU_PUBLIC_ID *id, TPMI_ALG_PUBLIC *selector) + { + switch (*selector) { +@@ -580,6 +628,7 @@ inline BYTE* unpack_TPMU_PUBLIC_ID(BYTE* ptr, TPMU_PUBLIC_ID *id, TPMI_ALG_PUBLI + return NULL; + } + ++static + inline BYTE* pack_TPMT_PUBLIC(BYTE* ptr, const TPMT_PUBLIC *public) + { + ptr = pack_TPMI_ALG_PUBLIC(ptr, &public->type); +@@ -591,6 +640,7 @@ inline BYTE* pack_TPMT_PUBLIC(BYTE* ptr, const TPMT_PUBLIC *public) + return ptr; + } + ++static + inline BYTE* unpack_TPMT_PUBLIC(BYTE* ptr, TPMT_PUBLIC *public) + { + ptr = unpack_TPMI_ALG_PUBLIC(ptr, &public->type); +@@ -602,6 +652,7 @@ inline BYTE* unpack_TPMT_PUBLIC(BYTE* ptr, TPMT_PUBLIC *public) + return ptr; + } + ++static + inline BYTE* pack_TPM2B_PUBLIC(BYTE* ptr, const TPM2B_PUBLIC *public) + { + BYTE *sizePtr = ptr; +@@ -611,6 +662,7 @@ inline BYTE* pack_TPM2B_PUBLIC(BYTE* ptr, const TPM2B_PUBLIC *public) + return ptr; + } + ++static + inline BYTE* unpack_TPM2B_PUBLIC(BYTE* ptr, TPM2B_PUBLIC *public) + { + ptr = unpack_UINT16(ptr, &public->size); +@@ -618,6 +670,7 @@ inline BYTE* unpack_TPM2B_PUBLIC(BYTE* ptr, TPM2B_PUBLIC *public) + return ptr; + } + ++static + inline BYTE* pack_TPMS_PCR_SELECTION(BYTE* ptr, const TPMS_PCR_SELECTION *selection) + { + ptr = pack_TPMI_ALG_HASH(ptr, &selection->hash); +@@ -626,6 +679,7 @@ inline BYTE* pack_TPMS_PCR_SELECTION(BYTE* ptr, const TPMS_PCR_SELECTION *select + return ptr; + } + ++static + inline BYTE* pack_TPMS_PCR_SELECTION_Array(BYTE* ptr, const TPMS_PCR_SELECTION *selections, + const UINT32 cnt) + { +@@ -635,6 +689,7 @@ inline BYTE* pack_TPMS_PCR_SELECTION_Array(BYTE* ptr, const TPMS_PCR_SELECTION * + return ptr; + } + ++static + inline BYTE* pack_TPM_AuthArea(BYTE* ptr, const TPM_AuthArea *auth) + { + BYTE* sizePtr = ptr; +@@ -647,6 +702,7 @@ inline BYTE* pack_TPM_AuthArea(BYTE* ptr, const TPM_AuthArea *auth) + return ptr; + } + ++static + inline BYTE* unpack_TPM_AuthArea(BYTE* ptr, TPM_AuthArea *auth) + { + ptr = unpack_UINT32(ptr, &auth->size); +@@ -657,6 +713,7 @@ inline BYTE* unpack_TPM_AuthArea(BYTE* ptr, TPM_AuthArea *auth) + return ptr; + } + ++static + inline BYTE* pack_TPM2_RSA_KEY(BYTE* ptr, const TPM2_RSA_KEY *key) + { + ptr = pack_TPM2B_PRIVATE(ptr, &key->Private); +@@ -664,6 +721,7 @@ inline BYTE* pack_TPM2_RSA_KEY(BYTE* ptr, const TPM2_RSA_KEY *key) + return ptr; + } + ++static + inline BYTE* unpack_TPM2_RSA_KEY(BYTE* ptr, TPM2_RSA_KEY *key) + { + ptr = unpack_TPM2B_PRIVATE(ptr, &key->Private); +diff --git a/stubdom/vtpmmgr/tpmrsa.h b/stubdom/vtpmmgr/tpmrsa.h +index 08213bbb7a..65fd32a45c 100644 +--- a/stubdom/vtpmmgr/tpmrsa.h ++++ b/stubdom/vtpmmgr/tpmrsa.h +@@ -62,6 +62,7 @@ TPM_RESULT tpmrsa_pub_encrypt_oaep( tpmrsa_context *ctx, + unsigned char *output ); + + /* free tpmrsa key */ ++static + inline void tpmrsa_free( tpmrsa_context *ctx ) { + mpi_free( &ctx->RN ); mpi_free( &ctx->E ); mpi_free( &ctx->N ); + } + +_______________________________________________ +Xen-devel mailing list +Xen-devel@lists.xen.org +https://lists.xen.org/xen-devel diff --git a/pcr-testing/xen/patch-ipxe-patches-series.patch b/pcr-testing/xen/patch-ipxe-patches-series.patch new file mode 100644 index 000000000..30e916417 --- /dev/null +++ b/pcr-testing/xen/patch-ipxe-patches-series.patch @@ -0,0 +1,18 @@ +Subject: [PATCH] Fix gcc7 warn + +--- + tools/firmware/etherboot/patches/series | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tools/firmware/etherboot/patches/series b/tools/firmware/etherboot/patches/series +index 86cb300..780c6c6 100644 +--- a/tools/firmware/etherboot/patches/series ++++ b/tools/firmware/etherboot/patches/series +@@ -1 +1,4 @@ + boot_prompt_option.patch ++patch-inbuild-ipxe-gcc7-implicit-fallthrough.patch ++patch-inbuild-ipxe-gcc7-implicit-fallthrough-ath5k.patch ++patch-inbuild-ipxe-gcc7-implicit-fallthrough-curses.patch +-- +2.13.0 + diff --git a/pcr-testing/xen/patch-ovmf-apply-inbuild-patches.patch b/pcr-testing/xen/patch-ovmf-apply-inbuild-patches.patch new file mode 100644 index 000000000..2c2f3ed75 --- /dev/null +++ b/pcr-testing/xen/patch-ovmf-apply-inbuild-patches.patch @@ -0,0 +1,26 @@ +From 088d0d605131eeb43dc1c4ab21631ea7e51f8501 Mon Sep 17 00:00:00 2001 +From: John Thomson <git@johnthomson.fastmail.com.au> +Date: Sat, 24 Jun 2017 09:38:13 +1000 +Subject: [PATCH] Fix OVMF apply patches series + +--- + tools/firmware/Makefile | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile +index a5a6802..875e7e5 100644 +--- a/tools/firmware/Makefile ++++ b/tools/firmware/Makefile +@@ -20,6 +20,9 @@ ovmf-dir: + sed 's|python |python2 |g' -i "ovmf-dir/BaseTools/BinWrappers/PosixLike"/* || true + sed 's|python |python2 |g' -i "ovmf-dir/BaseTools/Tests/GNUmakefile" + cp ovmf-makefile ovmf-dir/Makefile; ++ for i in $$(cat ovmf-patches/series); do \ ++ patch -d ovmf-dir -Np1 < ovmf-patches/$$i || exit 1; \ ++ done + + seabios-dir: + GIT=$(GIT) $(XEN_ROOT)/scripts/git-checkout.sh $(SEABIOS_UPSTREAM_URL) $(SEABIOS_UPSTREAM_REVISION) seabios-dir +-- +2.13.1 + diff --git a/pcr-testing/xen/patch-ovmf-patches-series.patch b/pcr-testing/xen/patch-ovmf-patches-series.patch new file mode 100644 index 000000000..0f230e504 --- /dev/null +++ b/pcr-testing/xen/patch-ovmf-patches-series.patch @@ -0,0 +1,20 @@ +From 30f9f61c42b9530332a856a5bc09db52c446289d Mon Sep 17 00:00:00 2001 +From: John Thomson <git@johnthomson.fastmail.com.au> +Date: Sat, 24 Jun 2017 09:48:02 +1000 +Subject: [PATCH] Add ovmf patches series file + +--- + tools/firmware/ovmf-patches/series | 1 + + 1 file changed, 1 insertion(+) + create mode 100644 tools/firmware/ovmf-patches/series + +diff --git a/tools/firmware/ovmf-patches/series b/tools/firmware/ovmf-patches/series +new file mode 100644 +index 0000000..ac6bda5 +--- /dev/null ++++ b/tools/firmware/ovmf-patches/series +@@ -0,0 +1 @@ ++patch-inbuild-ovmf-5-hiilib.c-pointer-zero.patch +-- +2.13.1 + diff --git a/pcr-testing/xen/patch-ovmf-use-python2.patch b/pcr-testing/xen/patch-ovmf-use-python2.patch new file mode 100644 index 000000000..b52b9230c --- /dev/null +++ b/pcr-testing/xen/patch-ovmf-use-python2.patch @@ -0,0 +1,22 @@ +Subject: [PATCH] Fix ovmf, use python2 + +--- + tools/firmware/Makefile | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile +index b840c6a..a5a6802 100644 +--- a/tools/firmware/Makefile ++++ b/tools/firmware/Makefile +@@ -17,6 +17,8 @@ LD32BIT-$(CONFIG_FreeBSD) := LD32BIT_FLAG=-melf_i386_fbsd + + ovmf-dir: + GIT=$(GIT) $(XEN_ROOT)/scripts/git-checkout.sh $(OVMF_UPSTREAM_URL) $(OVMF_UPSTREAM_REVISION) ovmf-dir ++ sed 's|python |python2 |g' -i "ovmf-dir/BaseTools/BinWrappers/PosixLike"/* || true ++ sed 's|python |python2 |g' -i "ovmf-dir/BaseTools/Tests/GNUmakefile" + cp ovmf-makefile ovmf-dir/Makefile; + + seabios-dir: +-- +2.13.0 + diff --git a/pcr-testing/xen/tmpfiles.d-xen.conf b/pcr-testing/xen/tmpfiles.d-xen.conf new file mode 100644 index 000000000..a55258b0f --- /dev/null +++ b/pcr-testing/xen/tmpfiles.d-xen.conf @@ -0,0 +1,2 @@ +d /run/xen 0755 root root - +d /run/xenstored 0755 root root - diff --git a/pcr-testing/xen/xen.conf b/pcr-testing/xen/xen.conf new file mode 100644 index 000000000..37a5b59f7 --- /dev/null +++ b/pcr-testing/xen/xen.conf @@ -0,0 +1,19 @@ +xen-evtchn +xen-gntdev +xen-gntalloc +xen-blkback +xen-netback +xen-pciback +xen-acpi-processor +## xen-acpi-processor: This module may not work on all machines; try removing this first if it causes issues. + +## The following were included in xencommons, but were not inserted by systemd: +# evtchn +# gntdev +# netbk +# blkbk +# xen-scsibk +# usbbk +# pciback +# blktap2 +# blktap diff --git a/pcr-testing/xen/xen.install b/pcr-testing/xen/xen.install new file mode 100644 index 000000000..f629e6643 --- /dev/null +++ b/pcr-testing/xen/xen.install @@ -0,0 +1,140 @@ +xen_boot() { + cat << __EOF__ +You are not running xen unless you boot xen. +Possible Xen boot paths: +EFI boot -> grubx64.efi -> multiboot2 -> [xen.gz, vmlinuz, ramdisk] +BIOS boot -> grub -> multiboot(2) -> [xen.gz, vmlinuz, ramdisk] + +EFI boot -> xen.efi + +########## +grub multiboot2 preparation: +Install grub: https://wiki.parabola.nu/index.php/GRUB + +At this time, some modifications are needed to 20_linux_xen. +These are included in this package as 21_linux_xen + +Set the values needed for your configuration in /etc/default/grub +Detailed here: https://www.gnu.org/software/grub/manual/html_node/Simple-configuration.html +Needed: +GRUB_CMDLINE_XEN +GRUB_CMDLINE_LINUX_XEN_REPLACE +These values are not required but can be used; they are appended to the previous values, then this is used for the non-recovery (default) entry: +GRUB_CMDLINE_XEN_DEFAULT +GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT + +run grub-mkconfig + +To boot xen as default: +suggested: inspect and use this config to boot with. Check if the xen entry works as expected +find the id of the xen entry and set this as DEFAULT in /etc/default/grub. +This may look something like: +GRUB_DEFAULT="xen-gnulinux-simple-a-unique-id-from-your-grub-goes-here" + +run grub-mkconfig + +########## + +Direct EFI boot preperation: +Create a xen.cfg file in the same directory as xen.efi. +These need to be in ESP, or in a directory accessible from you EFI bootloader. +Put settings relevant to your system into xen.cfg +Detailed here: https://xenbits.xen.org/docs/4.9-testing/misc/efi.html +Needed: +kernel +ramdisk +Add the xen.efi file to your EFI bootloader (such as Refind). +And / or add the xen.efi file to you EFI boot options (efibootmgr). +__EOF__ +} + +install_msg() { + cat << __EOF__ +===> IMPORTANT NOTICES: + +In order to complete the installation, and enable Xen, +at the very least you must: +1. Configure your bootloader to boot Xen: +__EOF__ + xen_boot + cat << __EOF__ +2. Issue the following commands to allow you to create and start VMs: + + systemctl enable xen-qemu-dom0-disk-backend.service + systemctl enable xen-init-dom0.service + systemctl enable xenconsoled.service + + Other optional services are: + systemctl enable xen-watchdog.service + +3. If you want some domains to automatically start up/shutdown, run the following: + systemctl enable xendomains.service + +For more information refer to the Wiki: + https://wiki.parabola.nu/index.php/Xen + +__EOF__ +} + +upgrade_msg() { + cat << __EOF__ +Xen 4.9 +Release notes +http://wiki.xen.org/wiki/Xen_Project_4.9_Release_Notes +Feature list +http://wiki.xen.org/wiki/Xen_Project_4.9_Feature_List +__EOF__ +} + +upgrade_msg_grub_multiboot2() { + cat << __EOF__ +########## +Xen 4.9 can now use grub>=2.02 multiboot2. +If you previously booted using xen.efi, you have an alternative. +If you previously relied on the packaged 09_xen for grub-mkconfig: +It is now removed. +You will need to do the following under grub multiboot2 preparation: +########## +__EOF__ + xen_boot +} + +post_install() { + install_msg + upgrade_msg + systemd-tmpfiles --create +} + +post_upgrade() { + if [[ "$2" < 4.9.0 || "$2" == *'4.9.0rc'* ]]; then + upgrade_msg + fi + if [[ "$2" < 4.9.0 || "$2" == *'4.9.0rc'* ]]; then + upgrade_msg_grub_multiboot2 + fi + systemd-tmpfiles --create +} + +pre_remove() { + systemctl stop xendomains.service + systemctl stop xen-watchdog.service + systemctl stop xenconsoled.service + systemctl stop xen-init-dom0.service + systemctl stop xen-qemu-dom0-disk-backend.service + + systemctl disable xendomains.service + systemctl disable xen-watchdog.service + systemctl disable xenconsoled.service + systemctl disable xen-init-dom0.service + systemctl disable xen-qemu-dom0-disk-backend.service +} + +post_remove() { + cat << __EOF__ +===> IMPORTANT NOTICE: + +In order to finish removing Xen, you will need to modify +your bootloader configuration files to load your Linux-libre +kernel instead of Xen kernel. +__EOF__ +} |