Merge branch 'master' into openslxopenslx

21 files changed, 214 insertions, 44 deletions

diff --git a/src/usr/autoboot.c b/src/usr/autoboot.c
index 4b64ca82b..3d46e65e0 100644
--- a/src/usr/autoboot.c
+++ b/src/usr/autoboot.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <string.h>
 #include <stdio.h>
diff --git a/src/usr/certmgmt.c b/src/usr/certmgmt.c
index e6bf51fd8..9056a917c 100644
--- a/src/usr/certmgmt.c
+++ b/src/usr/certmgmt.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdio.h>
 #include <errno.h>
diff --git a/src/usr/dhcpmgmt.c b/src/usr/dhcpmgmt.c
index dcb360b23..2a0a8c718 100644
--- a/src/usr/dhcpmgmt.c
+++ b/src/usr/dhcpmgmt.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <string.h>
 #include <stdio.h>
diff --git a/src/usr/fdtmgmt.c b/src/usr/fdtmgmt.c
new file mode 100644
index 000000000..dabeef2c8
--- /dev/null
+++ b/src/usr/fdtmgmt.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2025 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <ipxe/fdt.h>
+#include <usr/fdtmgmt.h>
+
+/** @file
+ *
+ * Flattened Device Tree management
+ *
+ */
+
+/**
+ * Apply flattened device tree image
+ *
+ * @v image		FDT image, or NULL to clear FDT
+ * @ret rc		Return status code
+ */
+int imgfdt ( struct image *image ) {
+
+	/* Record (or clear) FDT image */
+	image_tag ( image, &fdt_image );
+
+	/* Avoid including image in constructed initrd */
+	if ( image )
+		image_hide ( image );
+
+	return 0;
+}
diff --git a/src/usr/ifmgmt.c b/src/usr/ifmgmt.c
index d87ffff27..80f350ee4 100644
--- a/src/usr/ifmgmt.c
+++ b/src/usr/ifmgmt.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <string.h>
 #include <stdio.h>
diff --git a/src/usr/imgarchive.c b/src/usr/imgarchive.c
index 6849dd510..91600760e 100644
--- a/src/usr/imgarchive.c
+++ b/src/usr/imgarchive.c
@@ -24,6 +24,7 @@
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 
 #include <stdio.h>
+#include <string.h>
 #include <ipxe/image.h>
 #include <usr/imgarchive.h>
 
diff --git a/src/usr/imgcrypt.c b/src/usr/imgcrypt.c
new file mode 100644
index 000000000..1b649f197
--- /dev/null
+++ b/src/usr/imgcrypt.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2024 Michael Brown <mbrown@fensystems.co.uk>.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 2 of the
+ * License, or any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ *
+ * You can also choose to distribute this program under the terms of
+ * the Unmodified Binary Distribution Licence (as given in the file
+ * COPYING.UBDL), provided that you have satisfied its requirements.
+ */
+
+FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+
+#include <string.h>
+#include <syslog.h>
+#include <ipxe/image.h>
+#include <ipxe/cms.h>
+#include <ipxe/privkey.h>
+#include <usr/imgcrypt.h>
+
+/** @file
+ *
+ * Image encryption management
+ *
+ */
+
+/**
+ * Decrypt image using downloaded envelope
+ *
+ * @v image		Image to decrypt
+ * @v envelope		Image containing decryption key
+ * @v name		Decrypted image name (or NULL to use default)
+ * @ret rc		Return status code
+ */
+int imgdecrypt ( struct image *image, struct image *envelope,
+		 const char *name ) {
+	struct cms_message *cms;
+	int rc;
+
+	/* Parse envelope */
+	if ( ( rc = cms_message ( envelope, &cms ) ) != 0 )
+		goto err_parse;
+
+	/* Decrypt image */
+	if ( ( rc = cms_decrypt ( cms, image, name, &private_key ) ) != 0 )
+		goto err_decrypt;
+
+	/* Drop reference to message */
+	cms_put ( cms );
+	cms = NULL;
+
+	/* Record decryption */
+	syslog ( LOG_NOTICE, "Image \"%s\" decrypted OK\n", image->name );
+
+	return 0;
+
+ err_decrypt:
+	cms_put ( cms );
+ err_parse:
+	syslog ( LOG_ERR, "Image \"%s\" decryption failed: %s\n",
+		 image->name, strerror ( rc ) );
+	return rc;
+}
diff --git a/src/usr/imgmgmt.c b/src/usr/imgmgmt.c
index 92bf236f9..bad056f0e 100644
--- a/src/usr/imgmgmt.c
+++ b/src/usr/imgmgmt.c
@@ -22,10 +22,12 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdint.h>
 #include <stdlib.h>
 #include <stdio.h>
+#include <string.h>
 #include <errno.h>
 #include <ipxe/image.h>
 #include <ipxe/downloader.h>
@@ -184,7 +186,7 @@ void imgstat ( struct image *image ) {
  * @v len		Length
  * @ret rc		Return status code
  */
-int imgmem ( const char *name, userptr_t data, size_t len ) {
+int imgmem ( const char *name, const void *data, size_t len ) {
 	struct image *image;
 
 	/* Create image */
diff --git a/src/usr/imgtrust.c b/src/usr/imgtrust.c
index e7c2067a0..fa8282da0 100644
--- a/src/usr/imgtrust.c
+++ b/src/usr/imgtrust.c
@@ -22,12 +22,13 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdlib.h>
+#include <string.h>
 #include <errno.h>
 #include <time.h>
 #include <syslog.h>
-#include <ipxe/uaccess.h>
 #include <ipxe/image.h>
 #include <ipxe/cms.h>
 #include <ipxe/validator.h>
@@ -50,34 +51,18 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
  */
 int imgverify ( struct image *image, struct image *signature,
 		const char *name ) {
-	struct asn1_cursor *data;
-	struct cms_signature *sig;
-	struct cms_signer_info *info;
+	struct cms_message *cms;
+	struct cms_participant *part;
 	time_t now;
-	int next;
 	int rc;
 
-	/* Mark image as untrusted */
-	image_untrust ( image );
-
-	/* Get raw signature data */
-	next = image_asn1 ( signature, 0, &data );
-	if ( next < 0 ) {
-		rc = next;
-		goto err_asn1;
-	}
-
 	/* Parse signature */
-	if ( ( rc = cms_signature ( data->data, data->len, &sig ) ) != 0 )
+	if ( ( rc = cms_message ( signature, &cms ) ) != 0 )
 		goto err_parse;
 
-	/* Free raw signature data */
-	free ( data );
-	data = NULL;
-
 	/* Complete all certificate chains */
-	list_for_each_entry ( info, &sig->info, list ) {
-		if ( ( rc = create_validator ( &monojob, info->chain,
+	list_for_each_entry ( part, &cms->participants, list ) {
+		if ( ( rc = create_validator ( &monojob, part->chain,
 					       NULL ) ) != 0 )
 			goto err_create_validator;
 		if ( ( rc = monojob_wait ( NULL, 0 ) ) != 0 )
@@ -86,16 +71,14 @@ int imgverify ( struct image *image, struct image *signature,
 
 	/* Use signature to verify image */
 	now = time ( NULL );
-	if ( ( rc = cms_verify ( sig, image->data, image->len,
-				 name, now, NULL, NULL ) ) != 0 )
+	if ( ( rc = cms_verify ( cms, image, name, now, NULL, NULL ) ) != 0 )
 		goto err_verify;
 
-	/* Drop reference to signature */
-	cms_put ( sig );
-	sig = NULL;
+	/* Drop reference to message */
+	cms_put ( cms );
+	cms = NULL;
 
-	/* Mark image as trusted */
-	image_trust ( image );
+	/* Record signature verification */
 	syslog ( LOG_NOTICE, "Image \"%s\" signature OK\n", image->name );
 
 	return 0;
@@ -103,10 +86,8 @@ int imgverify ( struct image *image, struct image *signature,
  err_verify:
  err_validator_wait:
  err_create_validator:
-	cms_put ( sig );
+	cms_put ( cms );
  err_parse:
-	free ( data );
- err_asn1:
 	syslog ( LOG_ERR, "Image \"%s\" signature bad: %s\n",
 		 image->name, strerror ( rc ) );
 	return rc;
diff --git a/src/usr/ipstat.c b/src/usr/ipstat.c
index 0f09cc2ff..c0d9739fa 100644
--- a/src/usr/ipstat.c
+++ b/src/usr/ipstat.c
@@ -22,25 +22,28 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdio.h>
+#include <ipxe/tcp.h>
 #include <ipxe/ipstat.h>
 #include <usr/ipstat.h>
 
 /** @file
  *
- * IP statistics
+ * TCP/IP statistics
  *
  */
 
 /**
- * Print IP statistics
+ * Print TCP/IP statistics
  *
  */
 void ipstat ( void ) {
 	struct ip_statistics_family *family;
 	struct ip_statistics *stats;
 
+	/* Print per-family statistics */
 	for_each_table_entry ( family, IP_STATISTICS_FAMILIES ) {
 		stats = family->stats;
 		printf ( "IP version %d:\n", family->version );
@@ -63,4 +66,12 @@ void ipstat ( void ) {
 			 stats->out_mcast_pkts, stats->out_bcast_pkts,
 			 stats->out_octets );
 	}
+
+	/* Print TCP statistics */
+	printf ( "TCP:\n" );
+	printf ( "  InSegs:%ld InOctets:%ld InOctetsGood:%ld\n",
+		 tcp_stats.in_segs, tcp_stats.in_octets,
+		 tcp_stats.in_octets_good );
+	printf ( "  InDiscards:%ld InOutOfOrder:%ld\n",
+		 tcp_stats.in_discards, tcp_stats.in_out_of_order );
 }
diff --git a/src/usr/neighmgmt.c b/src/usr/neighmgmt.c
index 9fd88f82b..79f62e6d3 100644
--- a/src/usr/neighmgmt.c
+++ b/src/usr/neighmgmt.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdio.h>
 #include <ipxe/neighbour.h>
@@ -50,9 +51,8 @@ void nstat ( void ) {
 		printf ( "%s %s %s is %s %s", netdev->name, net_protocol->name,
 			 net_protocol->ntoa ( neighbour->net_dest ),
 			 ll_protocol->name,
-			 ( neighbour_has_ll_dest ( neighbour ) ?
-			   ll_protocol->ntoa ( neighbour->ll_dest ) :
-			   "(incomplete)" ) );
+			 ( neighbour->discovery ? "(incomplete)" :
+			   ll_protocol->ntoa ( neighbour->ll_dest ) ) );
 		if ( neighbour->discovery )
 			printf ( " (%s)", neighbour->discovery->name );
 		printf ( "\n" );
diff --git a/src/usr/nslookup.c b/src/usr/nslookup.c
index eb2b08b42..e4386e2c0 100644
--- a/src/usr/nslookup.c
+++ b/src/usr/nslookup.c
@@ -18,6 +18,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdlib.h>
 #include <stdio.h>
diff --git a/src/usr/ntpmgmt.c b/src/usr/ntpmgmt.c
index 765c6dc9e..8b61662a0 100644
--- a/src/usr/ntpmgmt.c
+++ b/src/usr/ntpmgmt.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdint.h>
 #include <stdio.h>
diff --git a/src/usr/pingmgmt.c b/src/usr/pingmgmt.c
index bb33c5d47..fee6b438b 100644
--- a/src/usr/pingmgmt.c
+++ b/src/usr/pingmgmt.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdint.h>
 #include <stdio.h>
diff --git a/src/usr/profstat.c b/src/usr/profstat.c
index d80fa26b2..7fafd7b5f 100644
--- a/src/usr/profstat.c
+++ b/src/usr/profstat.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdio.h>
 #include <ipxe/profile.h>
diff --git a/src/usr/prompt.c b/src/usr/prompt.c
index fca0a157c..ea233e2ed 100644
--- a/src/usr/prompt.c
+++ b/src/usr/prompt.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 /** @file
  *
diff --git a/src/usr/route.c b/src/usr/route.c
index 690ba3b6b..77c68eeb3 100644
--- a/src/usr/route.c
+++ b/src/usr/route.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <ipxe/netdevice.h>
 #include <usr/route.h>
diff --git a/src/usr/route_ipv4.c b/src/usr/route_ipv4.c
index 6260335ac..21b0820da 100644
--- a/src/usr/route_ipv4.c
+++ b/src/usr/route_ipv4.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdio.h>
 #include <ipxe/netdevice.h>
@@ -41,16 +42,51 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
  */
 static void route_ipv4_print ( struct net_device *netdev ) {
 	struct ipv4_miniroute *miniroute;
+	struct ipv4_miniroute *defroute;
+	struct in_addr address;
+	struct in_addr network;
+	struct in_addr netmask;
+	struct in_addr gateway;
+	int remote;
 
+	/* Print routing table */
 	list_for_each_entry ( miniroute, &ipv4_miniroutes, list ) {
+
+		/* Skip non-matching network devices */
 		if ( miniroute->netdev != netdev )
 			continue;
-		printf ( "%s: %s/", netdev->name,
-			 inet_ntoa ( miniroute->address ) );
-		printf ( "%s", inet_ntoa ( miniroute->netmask ) );
-		if ( miniroute->gateway.s_addr )
-			printf ( " gw %s", inet_ntoa ( miniroute->gateway ) );
-		if ( ! netdev_is_open ( miniroute->netdev ) )
+		address = miniroute->address;
+		network = miniroute->network;
+		netmask = miniroute->netmask;
+		gateway = miniroute->gateway;
+		assert ( ( network.s_addr & ~netmask.s_addr ) == 0 );
+
+		/* Defer default routes to be printed with local addresses */
+		if ( ! netmask.s_addr )
+			continue;
+
+		/* Print local address and destination subnet */
+	        remote = ( ( address.s_addr ^ network.s_addr ) &
+			   netmask.s_addr );
+		printf ( "%s: %s", netdev->name, inet_ntoa ( address ) );
+		if ( remote )
+			printf ( " for %s", inet_ntoa ( network ) );
+		printf ( "/%s", inet_ntoa ( netmask ) );
+		if ( gateway.s_addr )
+			printf ( " gw %s", inet_ntoa ( gateway ) );
+
+		/* Print default routes with local subnets */
+		list_for_each_entry ( defroute, &ipv4_miniroutes, list ) {
+			if ( ( defroute->netdev == netdev ) &&
+			     ( defroute->address.s_addr = address.s_addr ) &&
+			     ( ! defroute->netmask.s_addr ) && ( ! remote ) ) {
+				printf ( " gw %s",
+					 inet_ntoa ( defroute->gateway ) );
+			}
+		}
+
+		/* Print trailer */
+		if ( ! netdev_is_open ( netdev ) )
 			printf ( " (inaccessible)" );
 		printf ( "\n" );
 	}
diff --git a/src/usr/route_ipv6.c b/src/usr/route_ipv6.c
index 9e94b4a15..9d773ec60 100644
--- a/src/usr/route_ipv6.c
+++ b/src/usr/route_ipv6.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdio.h>
 #include <ipxe/netdevice.h>
diff --git a/src/usr/shimmgmt.c b/src/usr/shimmgmt.c
index 6ac1ac35e..fb063ad51 100644
--- a/src/usr/shimmgmt.c
+++ b/src/usr/shimmgmt.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <ipxe/efi/efi.h>
 #include <ipxe/efi/efi_shim.h>
diff --git a/src/usr/sync.c b/src/usr/sync.c
index f599588ae..1e740bd4c 100644
--- a/src/usr/sync.c
+++ b/src/usr/sync.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stddef.h>
 #include <ipxe/job.h>