Author: wmb Date: 2008-10-04 02:10:55 +0200 (Sat, 04 Oct 2008) New Revision: 976
Modified: cpu/x86/pc/linux.fth cpu/x86/pc/olpc/gui.fth cpu/x86/pc/olpc/security.fth Log: This change encompasses three not-quite-related issues: a) The new ramdisk-moving code, needed for recent Linux kernels, was breaking both old kernels and new kernels when booted in secure mode. b) The secure mode code was leaving the display in freeze-when-Linux-starts mode when a developer key was found - sort of a "half-pretty" situation. c) Secure startup didn't give Linux a command line, so you couldn't watch the kernel startup messages on the serial port.
Modified: cpu/x86/pc/linux.fth =================================================================== --- cpu/x86/pc/linux.fth 2008-10-04 00:10:49 UTC (rev 975) +++ cpu/x86/pc/linux.fth 2008-10-04 00:10:55 UTC (rev 976) @@ -42,8 +42,13 @@ : code16-size ( -- #bytes ) load-base h# 1f1 + c@ 1+ d# 512 * ; 0 value cmdline-offset
+0 value linux-memtop + \ Find the end of the largest piece of memory : memory-limit ( -- limit ) + \ If we have already loaded a RAMdisk in high memory, its base is the memory limit + ramdisk-adr ?dup if exit then + " /memory" find-package 0= abort" No /memory node" ( phandle ) " available" rot get-package-property abort" No memory node available property" ( $ ) \ Find the memory piece that starts at 1 Meg @@ -92,11 +97,11 @@ : set-parameters ( cmdline$ -- ) screen-info linux-params /screen-info move \ Ostensibly screen info
- memory-limit ( #bytes ) + linux-memtop ( #bytes ) d# 1023 invert and d# 1024 / ( #kbytes ) d# 1024 - h# 002 +lp w! \ Kbytes of extended (not the 1st meg) memory
- memory-limit ( #bytes ) + linux-memtop ( #bytes ) d# 1023 invert and d# 1024 / ( #kbytes ) d# 1024 - h# 1e0 +lp l! \ Alternate amount of extended memory
@@ -156,6 +161,27 @@ ' ramdisk-buf " ramdisk" chosen-string
defer load-ramdisk +: place-ramdisk ( adr len -- ) + to /ramdisk ( adr ) + + \ Move ramdisk to top of memory for new kernels. In principle, + \ this should work for older kernels too, but for some reason it doesn't. + h# 206 +lp w@ h# 207 < if ( adr ) + dup load-base <> if ( adr ) + load-base tuck /ramdisk move ( adr' ) + then ( adr ) + memory-limit ( adr memtop ) + else + \ The initrd_addr_max field appeared in boot protocol 2.03 + h# 22c +lp l@ ( adr ramdisk-limit ) + ?dup if 1+ else h# 8000.0000 then ( adr ramdisk-limit ) + + memory-limit umin /ramdisk - ( adr new-ramdisk-adr ) + tuck /ramdisk move ( new-ramdisk-adr ) + dup + then ( ramdisk-adr memtop ) + to linux-memtop to ramdisk-adr +; : $load-ramdisk ( name$ -- ) 0 to /ramdisk ( name$ )
@@ -168,18 +194,7 @@ r> to load-path ( throw-code ) throw
- loaded to /ramdisk ( adr ) - - \ Move ramdisk to top of memory - - \ The initrd_addr_max field appeared in boot protocol 2.03 - h# 22c +lp l@ ( adr ramdisk-limit ) - ?dup if 1+ else h# 8000.0000 then ( adr ramdisk-limit ) - - memory-limit umin /ramdisk - ( adr new-ramdisk-adr ) - dup to ramdisk-adr ( adr new-ramdisk-adr ) - - /ramdisk move ( ) + loaded place-ramdisk ; : cv-load-ramdisk ( -- ) " ramdisk" eval dup 0= if 2drop exit then ( name$ )
Modified: cpu/x86/pc/olpc/gui.fth =================================================================== --- cpu/x86/pc/olpc/gui.fth 2008-10-04 00:10:49 UTC (rev 975) +++ cpu/x86/pc/olpc/gui.fth 2008-10-04 00:10:55 UTC (rev 976) @@ -398,7 +398,7 @@ ; : linux-hook-freeze [ ' linux-hook behavior compile, ] - 0 " set-source" $call-screen + dcon-freeze ; : freeze ( -- ) ['] linux-hook-freeze to linux-hook ; : unfreeze ( -- ) ['] linux-hook-unfreeze to linux-hook ;
Modified: cpu/x86/pc/olpc/security.fth =================================================================== --- cpu/x86/pc/olpc/security.fth 2008-10-04 00:10:49 UTC (rev 975) +++ cpu/x86/pc/olpc/security.fth 2008-10-04 00:10:55 UTC (rev 976) @@ -562,9 +562,7 @@ " RD found - " ?lease-debug img$ sig$ sha-valid? if show-unlock - load-base to ramdisk-adr - img$ dup to /ramdisk ( adr len ) - load-base swap move ( ) + img$ place-ramdisk exit else show-unlock @@ -762,6 +760,10 @@ 0<> ;
+: set-cmdline ( -- ) + " console=ttyS0,115200 console=tty0 fbcon=font:SUN12x22" args-buf place-cstr drop +; + : load-from-list ( list$ -- devkey? ) " dev /jffs2-file-system ' ?unfreeze to scan-callout dend" eval
@@ -780,7 +782,7 @@ has-developer-key? if ( list$ ) 2drop ( ) true to security-off? - visible + visible unfreeze show-unlock true exit then ( list$ ) @@ -790,6 +792,7 @@ 2drop ( ) ['] secure-load-ramdisk to load-ramdisk " init-program" $find if + set-cmdline execute show-going go then show-x @@ -826,7 +829,7 @@
?force-secure
- secure? 0= if unfreeze visible exit then + secure? 0= if visible unfreeze exit then
button-check game-key? if unfreeze visible banner @@ -834,7 +837,7 @@ freeze dcon-freeze then
- persistent-devkey? if true to security-off? visible exit then + persistent-devkey? if true to security-off? visible unfreeze exit then
get-my-sn if " No serial number" .security-failure then