[crypto] Rename KEY= to PRIVKEY= and "key" to "privkey"
The setting name "key" conflicts with the setting name "key" already
in use by the 802.11 code. Resolve the conflict by renaming the newer
setting to "privkey".
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[build] Use $(xxx_DEPS) for additional dependency information
Some objects (embedded.o, rootcert.o, and clientcert.o) define
additional dependencies on external files, using syntax such as:
$(BIN)/clientcert.o : $(CERT_LIST)
This dependency can be missed when using debug builds. For example,
if DEBUG=clientcert is used, then the relevant object is
$(BIN)/clientcert.dbg1.o rather than $(BIN)/clientcert.o.
Fix by adding dependencies to $(clientcert_DEPS) instead:
clientcert_DEPS += $(CERT_LIST)
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[build] Allow a client certificate to be specified at build time
Allow a client certificate and corresponding private key to be
specified at build time using the syntax
make CERT=/path/to/certificate KEY=/path/to/key
The build process uses openssl to convert the files into DER format,
and includes them within the client certificate store in
clientcert.c. The build process will prompt for the private key
password if applicable.
Note that the private key is stored unencrypted, and so the resulting
iPXE binary (and the temporary files created during the build process)
should be treated as being equivalent to an unencrypted private key
file.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[build] Allow trusted root certificates to be specified at build time
Allow trusted root certificates to be specified at build time using
the syntax
make TRUST=/path/to/certificate1,/path/to/certificate2,...
The build process uses openssl to calculate the SHA-256 fingerprints
of the specified certificates, and adds them to the root certificate
store in rootcert.c. The certificates can be in any format understood
by openssl.
The certificates may be server certificates or (more usefully) CA
certificates.
If no trusted certificates are specified, then the default "iPXE root
CA" certificate will be used.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[build] Avoid using -ffunction-sections on some older versions of gcc
Some older versions of gcc issue a warning if -ffunction-sections is
used in combination with -g (gcc bug #18553). Inhibit
-ffunction-sections when building with such a version of gcc.
Reported-by: zhengwei <zw111_2001@126.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[build] Accept EMBED=... as a synonym for EMBEDDED_IMAGE=...
Make the build command line less cumbersome by accepting
make DEBUG=int13 EMBED=test.ipxe
rather then
make DEBUG=int13 EMBEDDED_IMAGE=test.ipxe
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[build] Run parserom.pl only on potential driver files
PCI_ROM() and ISA_ROM() macros occur only within driver files.
Running parserom.pl on non-driver files is therefore redundant.
Skip running parserom.pl on any files outside a "drivers" directory.
This reduces the time taken to generate build rules and dependencies
after a "make veryclean" by around 12%.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[build] Refuse to attempt building with the GNU gold linker
GNU gold (part of newer binutils builds) does not appear to be
designed to support generic linker functionality, since its source
code contains several Linux-specific hard-coded assumptions about the
layout of ELF binaries. Attempting to build iPXE using GNU gold will
generally cause some kind of "linker internal error".
Provide an explicit error message suggesting the use of GNU ld
instead.
Reported-by: Chris Hills <chaz@chaz6.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[build] Avoid spurious address comparison warnings in gcc 4.6
A construction such as "assert ( ptr != NULL )" seems to trigger a
false positive warning in gcc 4.6 if the value of "ptr" is known at
compile-time to be non-NULL. Use -Wno-address to inhibit this
warning.
Reported-by: Ralph Giles <giles@thaumas.net>
Tested-by: Ralph Giles <giles@thaumas.net>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
The keymap files, though autogenerated, are checked in to version
control and should be considered as source files. They should never
be automatically rebuilt.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Inspired by LILO's keytab-lilo.pl, genkeymap.pl uses "loadkeys -b" to
obtain a Linux keyboard map, and generates a file keymap_xx.c in
hci/keymap.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Some binutils versions will drag in an object to satisfy the entry
symbol; some won't. Try to cope with this exciting variety of
behaviour by ensuring that all entry symbols are unique.
Remove the explicit inclusion of the prefix object on the linker
command line, since the entry symbol now provides all the information
needed to identify the prefix.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Use -ffunction-sections, -fdata-sections, and --gc-sections to
automatically prune out any unreferenced sections.
This saves around 744 bytes (uncompressed) from the rtl8139.rom build.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[legal] Ignore config/local header files for licensing purposes
The config/local/*.h files are expected to be empty in most cases.
This should not cause a licence determination to fail.
Fix by ignoring config/local/*.h for licensing purposes.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
When using binutils 2.20, it seems to be necessary to add -ldl to link
against -lbfd.
Reported-by: Duane Voth <duanev@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[build] Properly handle multiple goals per BIN directory
When building multiple targets per BIN with multiple jobs, for
example:
make -j16 bin-i386-efi/ipxe.efi{,drv,rom} bin-x86_64-efi/ipxe.efi{,drv,rom}
we would invoke a make subprocess for each goal in parallel resulting
in multiple makes running in a single BIN directory. Fix by grouping
goals per BIN directory and invoking only one make per BIN. It is
both safer and faster.
Signed-off-by: Piotr Jaroszyński <p.jaroszynski@gmail.com>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Currently, if elf2efi.c is compiled using a 32-bit HOST_CC, then the
resulting elf2efi64 binary will generate 32-bit EFI binaries instead
of 64-bit EFI binaries.
The problem is that elf2efi.c uses the MDE_CPU_* definitions to decide
whether to output a 32-bit or 64-bit PE binary. However, MDE_CPU_*
gets defined in ProcessorBind.h, depending on the compiler's target
architecture. Overriding them on the command line doesn't work in the
expected way, and you can end up in cases where both MDE_CPU_IA32 and
MDE_CPU_X64 are defined.
Fix by using a separate definition, EFI_TARGET_IA32/EFI_TARGET_X64,
which is specified only on the command line.
Signed-off-by: Geoff Lywood <glywood@vmware.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[build] Speed up rebuilding on header file changes
Split src_template into deps_template (which handles the definition of
foo_DEPS) and rules_template (which handles the rules referencing
foo_DEPS). The rules_template is not affected by any included header
files and so does not need to be reprocessed following a change to an
included header file.
This reduces the time required to rebuild the Makefile rules following
a change to stdint.h by around 45%, at a cost of increasing the time
required to rebuild after a "make veryclean" by around 3%.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[build] Avoid unnecessary "rm" and "touch" in dependency generation
Speed up dependency generation by omitting the totally unnecessary
"rm" and "touch" commands. This reduces the time taken to generate
dependencies by around 6%.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[build] Fix broken build caused by implied dependency upon "perl"
Commit ea12dc0 ("[build] Avoid hard-coding the path to perl")
introduced a build failure for fully clean trees (e.g. after running
"make veryclean"), since the dependency upon $(PARSEROM) now includes
a dependency upon "perl" (which doesn't exist) rather than upon
"/usr/bin/perl" (which does exist).
There should of course be no dependency upon the perl binary at all;
the dependency should be upon "./util/parserom.pl" alone.
Fix by removing the $(PERL) from the definition of Perl-based utility
paths, and adding $(PERL) at the point of usage.
Reported-by: Stefan Hajnoczi <stefanha@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
The linker chooses to look for _start first and always picks
efidrvprefix.o to satisfy it (probably because it's earlier in the
archive) which causes a multiple definition error when the linker
later has to pick efiprefix.o for other symbols.
Fix by using EFI-specific TGT_LD_FLAGS with an explicit entry point.
Signed-off-by: Piotr Jaroszyński <p.jaroszynski@gmail.com>
Signed-off-by: Joshua Oreman <oremanj@rwcr.net>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Dependencies are considered in left-to-right order so the source file
needs to come first in this case.
Signed-off-by: Piotr Jaroszyński <p.jaroszynski@gmail.com>
Signed-off-by: Joshua Oreman <oremanj@rwcr.net>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[build] Inhibit "skipping incompatible" message from ld
On 64-bit systems with both 32-bit and 64-bit libraries installed, ld
tends to generate noisy "skipping incompatible /usr/lib/libxxx.so"
messages when building elf2efi.c.
Fix by passing --no-warn-search-mismatch to ld.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
[build] Replace obsolete makerom.pl with quick script using Option::ROM
The only remaining useful function of makerom.pl is to correct the ROM
and PnP checksums; the PCI IDs are set at link time, and padding is
performed using padimg.pl.
Option::ROM already provides a facility for correcting the checksums,
so we may as well just use this instead.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Randomly generate a 32-bit build identifier that can be used to
identify identical iPXE ROMs when multiple such ROMs are present in a
system (e.g. when a multi-function NIC exposes the same iPXE ROM image
via each function's expansion ROM BAR).
Signed-off-by: Michael Brown <mcb30@ipxe.org>
The .hrom prefix provides an experimental mechanism for reducing
option ROM space usage on systems where PMM allocation fails, by
pretending that PMM allocation succeeded and gave us an address fixed
at compilation time. This is unreliable, and potentially dangerous.
In particular, when multiple gPXE ROMs are present in a system, each
gPXE ROM will assume ownership of the same fixed address, resulting in
undefined behaviour.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
The .xrom prefix provides an experimental mechanism for loading ROM
images greater than 64kB in size by mapping the expansion ROM BAR in
at a hopefully-unused address. This is unreliable, and potentially
dangerous. In particular, there is no guarantee that any PCI bridges
between the CPU and the device will respond to accesses for the
"unused" memory region that is chosen, and it is possible that the
process of scanning for the "unused" memory region may end up issuing
reads to other PCI devices. If this ends up trampling on a register
with read side-effects belonging to an unrelated PCI device, this may
cause undefined behaviour.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Access to the gpxe.org and etherboot.org domains and associated
resources has been revoked by the registrant of the domain. Work
around this problem by renaming project from gPXE to iPXE, and
updating URLs to match.
Also update README, LOG and COPYRIGHTS to remove obsolete information.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Include config/local/$file in config/$file where it makes sense and
create empty local configs during build if not present.
Modified-by: Michael Brown <mcb30@etherboot.org>
Signed-off-by: Michael Brown <mcb30@etherboot.org>
The function recorder is a crash and hang debugging tool. It logs each
function call into a memory buffer while gPXE runs. After the machine
is reset, and if the contents of memory have not been overwritten, gPXE
will detect the memory buffer and print out its contents.
This allows developers to see a trace of the last functions called
before a crash or hang. The util/fnrec.sh script can be used to convert
the function addresses back into symbol names.
To build with fnrec:
make FNREC=1
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
Signed-off-by: Marty Connor <mdc@etherboot.org>
Embedded image support uses .incbin in inline assembly to include binary
files. The file dependency is not spotted by ccache when deciding
whether or not to rebuild embedded.o. This results in builds that
contain an outdated version of the embedded image when ccache is used.
Reported-by: Tim 'Shaggy' Bielawa <tbielawa@jabber.org>
Reported-by: Matt Domsch <Matt_Domsch@dell.com>
Signed-off-by: Stefan Hajnoczi <stefanha@gmail.com>
Signed-off-by: Marty Connor <mdc@etherboot.org>
[prefix] Add .xrom prefix for a ROM that loads itself by PCI accesses
The standard option ROM format provides a header indicating the size
of the entire ROM, which the BIOS will reserve space for, load, and
call as necessary. However, this space is strictly limited to 128k for
all ROMs. gPXE ameliorates this somewhat by reserving space for itself
in high memory and relocating the majority of its code there, but on
systems prior to PCI3 enough space must still be present to load the
ROM in the first place. Even on PCI3 systems, the BIOS often limits the
size of ROM it will load to a bit over 64kB.
These space problems can be solved by providing an artificially small
size in the ROM header: just enough to let the prefix code (at the
beginning of the ROM image) be loaded by the BIOS. To the BIOS, the
gPXE ROM will appear to be only a few kilobytes; it can then load
the rest of itself by accessing the ROM directly using the PCI
interface reserved for that task.
There are a few problems with this approach. First, gPXE needs to find
an unmapped region in memory to map the ROM so it can read from it;
this is done using the crude but effective approach of scanning high
memory (over 0xF0000000) for a sufficiently large region of all-ones
(0xFF) reads. (In x86 architecture, all-ones is returned for accesses
to memory regions that no mapped device can satisfy.) This is not
provably valid in all situations, but has worked well in practice.
More importantly, this type of ROM access can only work if the PCI ROM
BAR exists at all. NICs on physical add-in PCI cards generally must
have the BAR in order for the BIOS to be able to load their ROM, but
ISA cards and LAN-on-Motherboard cards will both fail to load gPXE
using this scheme.
Due to these uncertainties, it is recommended that .xrom only be used
when a regular .rom image is infeasible due to crowded option ROM
space. However, when it works it could allow loading gPXE images
as large as a flash chip one could find - 128kB or even higher.
Signed-off-by: Marty Connor <mdc@etherboot.org>
[makefile] Allow .sizes target to work with funny-named objects
The bin/xxx.sizes targets examine the list of obj_ symbols in bin/xxx.tmp
to determine which objects to measure the size of. These symbols have been
normalized to C identifiers, so the result is an error message from `size'
when examining a target that includes objects that were originally named
with hyphens.
Fix by turning obj_foo_bar into $(wildcard bin/foo?bar.o) instead of
bin/foo_bar.o.
Signed-off-by: Marty Connor <mdc@etherboot.org>
[prefix] Add .hrom prefix for a ROM that loads high under PCI3 without PMM
gPXE currently takes advantage of the feature of PCI3.0 that allows
option ROMs to relocate the bulk of their code to high memory and so
take up only a small amount of space in the option ROM area. Currently,
the relocation can only take place if the BIOS's implementation of PMM
can be made to return blocks aligned to an even megabyte, because of
the A20 gate. AMI BIOSes, in particular, will not return allocations
that gPXE can use.
Ameliorate the situation somewhat by adding a prefix, .hrom, that works
identically to .rom except in the case that PMM allocation fails. Where
.rom would give up and place itself entirely in option ROM space, .hrom
moves to a block (assumed free) at HIGHMEM_LOADPOINT = 4MB. This allows
for the use of larger gPXE ROMs than would otherwise be possible.
Because there is no way to check that the area at HIGHMEM_LOADPOINT is
really free, other devices using that memory during the boot process
will cause failure for gPXE, the other device, or both. In practice
such conflicts will likely not occur, but this prefix should still be
considered EXPERIMENTAL.
Signed-off-by: Marty Connor <mdc@etherboot.org>
[build] Fix DEBUG builds for filenames with hyphens
Debug builds for filenames with hyphens such as:
$ make bin/via-rhine.dsk DEBUG=via-rhine
fail with:
[BUILD] bin/via-rhine.dbg1.o
<command-line>: error: missing whitespace after the macro name
make: *** [bin/via-rhine.dbg1.o] Error 1
This is because "-" is not a legal character in C identifiers, and
gcc rejects "-Ddebug_via-rhine=1" as an argument.
Signed-off-by: Daniel Verkamp <daniel@drv.nu>
Signed-off-by: Joshua Oreman <oremanj@rwcr.net>
Signed-off-by: Marty Connor <mdc@etherboot.org>