summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [intel] Add PCI ID for I219-V and -LM 6 to 9HEADmasterChristian Nilsson2019-03-181-0/+8
| | | | | Signed-off-by: Christian Nilsson <nikize@gmail.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [ocsp] Accept response certID with missing hashAlgorithm parametersMichael Brown2019-03-102-14/+32
| | | | | | | | | | | | | | | | | | One of the design goals of ASN.1 DER is to provide a canonical serialization of a data structure, thereby allowing for equality of values to be tested by simply comparing the serialized bytes. Some OCSP servers will modify the request certID to omit the optional (and null) "parameters" portion of the hashAlgorithm. This is arguably legal but breaks the ability to perform a straightforward bitwise comparison on the entire certID field between request and response. Fix by comparing the OID-identified hashAlgorithm separately from the remaining certID fields. Originally-fixed-by: Thilo Fromm <Thilo@kinvolk.io> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tcp] Display "connecting" status until connection is establishedMichael Brown2019-03-101-0/+21
| | | | | | | | Provide increased visibility into the progress of TCP connections by displaying an explicit "connecting" status message while waiting for the TCP handshake to complete. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tls] Display validator messages only while validation is in progressMichael Brown2019-03-102-3/+11
| | | | | | | Allow the cipherstream to report progress status messages during connection establishment. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tls] Display cross-certificate and OCSP status messagesMichael Brown2019-03-072-8/+82
| | | | | | | | | | | | | TLS connections will almost always create background connections to perform cross-signed certificate downloads and OCSP checks. There is currently no direct visibility into which checks are taking place, which makes troubleshooting difficult in the absence of either a packet capture or a debug build. Use the job progress message buffer to report the current cross-signed certificate download or OCSP status check, where applicable. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [crypto] Use x509_name() in validator debug messagesMichael Brown2019-03-071-37/+68
| | | | | | | Display a human-readable certificate name in validator debug messages wherever possible. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tls] Support stateless session resumptionMichael Brown2019-03-062-19/+122
| | | | | | | Add support for RFC5077 session ticket extensions to allow for stateless TLS session resumption. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tls] Fix incorrectly duplicated error numberMichael Brown2019-03-061-1/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tls] Support stateful session resumptionMichael Brown2019-02-212-10/+220
| | | | | | | | | | | | | Record the session ID (if any) provided by the server and attempt to reuse it for any concurrent connections to the same server. If multiple connections are initiated concurrently (e.g. when using PeerDist) then defer sending the ClientHello for all but the first connection, to allow time for the first connection to potentially obtain a session ID (and thereby speed up the negotiation for all remaining connections). Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [efi] Blacklist the Dell Ip4ConfigDxe driverMichael Brown2019-02-194-0/+257
| | | | | | | | | | | | | | | | | | On a Dell OptiPlex 7010, calling DisconnectController() on the LOM device handle will lock up the system. Debugging shows that execution is trapped in an infinite loop that is somehow trying to reconnect drivers (without going via ConnectController()). The problem can be reproduced in the UEFI shell with no iPXE code present, by using the "disconnect" command. Experimentation shows that the only fix is to unload (rather than just disconnect) the "Ip4ConfigDxe" driver. Add the concept of a blacklist of UEFI drivers that will be automatically unloaded when iPXE runs as an application, and add the Dell Ip4ConfigDxe driver to this blacklist. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [init] Show startup and shutdown function names in debug messagesMichael Brown2019-01-2519-2/+31
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [util] Add support for EFI ROM imagesPetr Borsodi2019-01-212-1/+78
| | | | | | | The Option::ROM module recognizes and checks EFI header of image. The disrom.pl utility dumps this header if is present. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [util] Improve processing of ROM images in Option::ROMPetr Borsodi2019-01-212-39/+110
| | | | | | | | | | The Option::ROM module now compares the Code Type in the PCIR header to 0x00 (PC-AT) in order to check the presence of other header types (PnP, UNDI, iPXE, etc). The validity of these headers are checked not only by offset, but by range and signature checks also. The image checksum and initial size also depends on Code Type. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [zbin] Fix compiler warning with GCC 9Michael Brown2019-01-211-6/+6
| | | | | | | | GCC 9 warns that abs() may truncate its signed long argument. Fix by using labs() instead. Reported-by: Martin Liška <mliska@suse.cz> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [libc] Fix strcmp()/strncmp() to return proper valuesAaron Young2019-01-152-3/+4
| | | | | | | | | | | | | | | Fix strcmp() and strncmp() to return proper standard positive/negative values for unequal strings. Current implementation is backwards (i.e. the functions are returning negative when should be positive and vice-versa). Currently all consumers of these functions only check the return value for ==0 or !=0 and so we can safely change the implementation without breaking things. Signed-off-by: Aaron Young <Aaron.Young@oracle.com> Modified-by: Michael Brown <mcb30@ipxe.org> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [efi] Fix error handling path in efi_snp_probeIgnat Korchagin2019-01-151-3/+3
| | | | | | | | | | | | | | | | | | | | | | | Current (simplified): 1. InstallMultipleProtocolInterfaces if err goto err_install_protocol_interface; 2. OpenProtocol(efi_nii_protocol_guid) if err goto err_open_nii; 3. OpenProtocol(efi_nii31_protocol_guid) if err goto err_open_nii31; 4. efi_child_add if err goto err_efi_child_add; ... err_efi_child_add: CloseProtocol(efi_nii_protocol_guid) <= should be efi_nii31_protocol_guid err_open_nii: <= should be err_open_nii31 CloseProtocol(efi_nii31_protocol_guid) <= should be efi_nii_protocol_guid err_open_nii31: <= should be err_open_nii UninstallMultipleProtocolInterfaces Signed-off-by: Ignat Korchagin <ignat@cloudflare.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [pci] Correct invalid base-class/sub-class/prog-if order in PCIRPetr Borsodi2019-01-154-5/+5
| | | | | | | | | PCI Configuration Space contains fields prog-if at the offset 0x09, sub-class at the offset 0x0a and base-class at the offset 0x0b (it respects little endian). PCIR structure uses these fields in the same order. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [build] Handle R_X86_64_PLT32 from binutils 2.31Christian Hesse2018-09-171-0/+1
| | | | | | | | Starting from binutils 2.31.0 (commit bd7ab16b) x86-64 assembler generates R_X86_64_PLT32 instead of R_X86_64_PC32. Acked-by: John Jolly <jjolly@suse.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [sfc] Add support for X25xx adaptersMartin Habets2018-08-262-3/+11
| | | | | | | | | | The first adapters in this family are X2522-10, X2522-25, X2541 and X2542. These no longer use PCI BAR 0 for I/O, but use that for memory. In other words, BAR 2 on SFN8xxx adapters now becomes BAR 0. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [intelxl] Add driver for Intel 40 Gigabit Ethernet NICsMichael Brown2018-07-173-0/+2316
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [ethernet] Use standard 1500 byte MTU unless explicitly overriddenMichael Brown2018-07-173-0/+3
| | | | | | | | | | | | | Devices that support jumbo frames will currently default to the largest possible MTU. This assumption is valid for virtual adapters such as virtio-net, where the MTU must have been configured by a system administrator, but is unsafe in the general case of a physical adapter. Default to the standard Ethernet MTU, unless explicitly overridden either by the driver or via the ${netX/mtu} setting. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [rndis] Clean up error handling path in register_rndis()Michael Brown2018-07-091-41/+61
| | | | | | | | Avoid calling rndis_halt() and rndis->op->close() twice if the call to register_netdev() fails. Reported-by: Roman Kagan <rkagan@virtuozzo.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [build] Use positive-form tests when checking for supported warningsMichael Brown2018-07-081-2/+2
| | | | | | | | | | | | Some versions of gcc seem to silently accept an attempt to disable an unrecognised warning (e.g. via -Wno-stringop-truncation) but will then report the unrecognised warning if any other error occurs during the build, resulting in a potentially misleading error message. Avoid this potential confusion by using the positive-form tests in order to determine the workaround CFLAGS. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [vmbus] Do not expect version in version_responseRoman Kagan2018-07-081-8/+2Star
| | | | | | | | | | | | | | | | | | The definition of version_response channel message in Linux doesn't include version field, so the upcoming VMBus implementation in QEMU doesn't set it either. Neither Windows nor Linux had any problem with this. The check against this field is redundant because the message is the response to initiate_contact message containing the specific version requested, so the response with version_supported=true is unambiguous. Drop this check and don't rely on the field to be present in the message. Signed-off-by: Roman Kagan <rkagan@virtuozzo.com> Modified-by: Michael Brown <mcb30@ipxe.org> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [rndis] Register netdev with MAC filledRoman Kagan2018-07-071-9/+9
| | | | | | | | | | register_netdev expects ->hw_addr and ->ll_addr to be already filled, so move it towards the end of register_rndis, after the respective fields have been successfully queried from the underlying device. Signed-off-by: Roman Kagan <rkagan@virtuozzo.com> Modified-by: Michael Brown <mcb30@ipxe.org> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [efi] Exclude link-layer header length from MaxPacketSizeRob Taglang2018-07-071-1/+1
| | | | | Modified-by: Michael Brown <mcb30@ipxe.org> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [intelx] Add support for Intel X552 NICSteven Haber2018-07-071-0/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [build] Disable gcc stringop-truncation warningsBruce Rogers2018-07-071-1/+9
| | | | | | | | | | | | | | | | | | | The gcc 8 compiler introduces a warning for certain string manipulation functions, flagging usages which _may_ not be intended. An audit of the iPXE sources indicates all usages of strncat and strncpy are as intended, so the warnings currently issued are not helpful, especially if warnings are considered errors. Fix by detecting gcc's support for -Wno-stringop-truncation and, if detected, using that option to avoid the warning. Signed-off-by: Bruce Rogers <brogers@suse.com> Modified-by: Michael Brown <mcb30@ipxe.org> Also-fixed-by: Christian Hesse <list@eworm.de> Also-fixed-by: Roman Kagan <rkagan@virtuozzo.com> Also-fixed-by: Bernhard M. Wiedemann <bwiedemann@suse.de> Also-fixed-by: Olaf Hering <olaf@aepfle.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [http] Work around stateful authentication schemesMichael Brown2018-06-082-2/+19
| | | | | | | | | | | | | | | | As pointedly documented in RFC7230 section 2.3, HTTP is a stateless protocol: each request message can be understood in isolation from any other requests or responses. Various authentication schemes such as NTLM break this fundamental property of HTTP and rely on the same TCP connection being reused. Work around these broken authentication schemes by ensuring that the most recently pooled connection is reused for the subsequent authentication retry. Reported-by: Andreas Hammarskjöld <junior@2PintSoftware.com> Tested-by: Andreas Hammarskjöld <junior@2PintSoftware.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [icplus] Add driver for IC+ network cardSylvie Barlow2018-04-203-0/+1016
| | | | | Signed-off-by: Sylvie Barlow <sylvie.c.barlow@gmail.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [mii] Add bit-bashing interfaceSylvie Barlow2018-04-202-0/+217
| | | | | | Signed-off-by: Sylvie Barlow <sylvie.c.barlow@gmail.com> Modified-by: Michael Brown <mcb30@ipxe.org> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [mii] Add mii_find()Sylvie Barlow2018-04-202-0/+29
| | | | | | | Add the function mii_find() in order to locate the PHY address. Signed-off-by: Sylvie Barlow <sylvie.c.barlow@gmail.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [mii] Fix typo in parameter nameMichael Brown2018-04-201-1/+1
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tcp] Add missing packed attribute on struct tcp_headerMichael Brown2018-04-191-1/+1
| | | | | | Debugged-by: Mark Rutland <mark.rutland@arm.com> Debugged-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [mii] Separate concepts of MII interface and MII deviceMichael Brown2018-04-1910-59/+118
| | | | | | | | | | | | | We currently have no generic concept of a PHY address, since all existing implementations simply hardcode the PHY address within the MII access methods. A bit-bashing MII interface will need to be provided with an explicit PHY address in order to generate the correct waveform. Allow for this by separating out the concept of a MII device (i.e. a specific PHY address attached to a particular MII interface). Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [velocity] Fix usage of mii_read() and mii_write()Michael Brown2018-04-191-4/+4
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [rhine] Fix usage of mii_read()Michael Brown2018-04-191-2/+1Star
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [undi] Include subsystem IDs in broken interrupt device checkMichael Brown2018-04-181-6/+27
| | | | | | | | Allow the subsystem IDs to be used when checking for PXE stacks with broken interrupt support. Suggested-by: Levi Hsieh <Levi.Hsieh@dell.com> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [intelx] Add PCI_ROM entry for Intel X553 NICRob Taglang2018-04-101-0/+1
| | | | | Modified-by: Michael Brown <mcb30@ipxe.org> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [efi] Add support for R_ARM_REL32 relocationsHeinrich Schuchardt2018-03-281-0/+1
| | | | | | | | | | | The relocation type R_ARM_REL32 is generated when building bin-arm32-efi/snp.efi using gcc 6.3 and ld 2.28. R_ARM_REL32 is a program counter (PC) relative 32 bit relocation so we can ignore it like all other PC relative relocations. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [efi] Do not raise TPL within EFI_DRIVER_BINDING_PROTOCOL.Supported()Michael Brown2018-03-261-7/+0Star
| | | | | | | | | | | | When booting some versions of the UEFI shell, our driver binding protocol's Supported() entry point is called at TPL_NOTIFY for no discernible reason. Attempting to raise to TPL_CALLBACK triggers an immediate assertion failure in the firmware. Since our Supported() method can run at any TPL, fix by simply not attempting to raise the TPL within this method. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [efi] Release SNP devices before starting SAN boot imageMichael Brown2018-03-261-0/+4
| | | | | | | | Release SNP devices to allow the SAN booted image to use our EFI_SIMPLE_NETWORK_PROTOCOL instance, and to ensure that the image is started at TPL_APPLICATION. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tls] Ensure that window change is propagated to plainstream interfaceMichael Brown2018-03-241-2/+7
| | | | | | | | | | | | | | | | The cipherstream xfer_window_changed() message is used to retrigger the TLS transmit state machine. If the transmit state machine is idle, then the window change message will not be propagated to the plainstream interface. This can potentially cause the plainstream interface peer (e.g. httpcore) to block waiting for a window change message that will never arrive. Fix by ensuring that the window change message is propagated to the plainstream interface if the transmit state machine is idle. (If the transmit state machine is not idle then the plainstream window will be zero anyway.) Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tls] Rename tls_session to tls_connectionMichael Brown2018-03-242-121/+125
| | | | | | | | | | | | In TLS terminology a session conceptually spans multiple individual connections, and essentially represents the stored cryptographic state (master secret and cipher suite) required to establish communication without going through the certificate and key exchange handshakes. Rename tls_session to tls_connection in order to make the name tls_session available to represent the session state. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [list] Add list_is_first_entry() and list_is_last_entry()Michael Brown2018-03-242-0/+43
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [tls] Ensure received data list is initialised before calling tls_free()Michael Brown2018-03-231-3/+3
| | | | | | | | | | | A failure in tls_generate_random() will result in a call to ref_put() before the received data list has been initialised, which will cause free_tls() to attempt to traverse an uninitialised list. Fix by ensuring that all fields referenced by free_tls() are initialised before any of the potential failure paths. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [util] Support reversed sort ordering when generating NIC listRobin Smidsrød2018-03-211-21/+29
| | | | Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [librm] Ensure that inline code symbols are uniqueMichael Brown2018-03-216-9/+9
| | | | | | | | | | | | | | | Commit 6149e0a ("[librm] Provide symbols for inline code placed into other sections") may cause build failures due to duplicate label names if the compiler chooses to duplicate inline assembly code. Fix by using the "%=" special format string to include a guaranteed-unique number within the label name. The "%=" will be expanded only if constraints exist for the inline assembly. This fix therefore requires that all REAL_CODE() fragments use a (possibly empty) constraint list. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [librm] Provide symbols for inline code placed into other sectionsMichael Brown2018-03-211-0/+5
| | | | | | | | | | | | | Provide symbols constructed from the object name and line number for code fragments placed into alternative sections, such as inline REAL_CODE() assembly placed into .text16. This simplifies the debugging task of finding the source code corresponding to a given instruction pointer. Note that we cannot use __FUNCTION__ since it is not a preprocessor macro and so cannot be concatenated with string literals. Signed-off-by: Michael Brown <mcb30@ipxe.org>
* [undi] Treat invalid IRQ numbers as non-fatal errorsMichael Brown2018-03-211-4/+2Star
| | | | | | | | If the underlying PXE stack reports an invalid IRQ number (above IRQ_MAX), treat this as equivalent to an empty IRQ number and fall back to using polling mode. Signed-off-by: Michael Brown <mcb30@ipxe.org>