SeaBIOS December 2019

seabios@seabios.org

7 participants
16 discussions

[PATCH] advanced_bootmenu: up to 35 entries (2 pages if >18), numpad support (console)
by Mike Banon 25 Apr '20

25 Apr '20

Add support for up to 35 boot menu entries (2 pages if >18). To solve the ">10" problem currently experienced by SeaBIOS users (there are no 11, 12, etc. keys on a keyboard - so impossible to choose the last menu entries if you got >10 entries because of multiple hard drives / secondary payloads / floppies) - the boot menu has been extended to the letter keys. NOTE: TPM menu has been moved from T to M letter: it is at the end of keyboard's 3rd row of letters and "Trusted" is adjective while "Module" is a noun; alternatively could press '-'. Also, add support for a numpad. Small USB numpad could be really convenient for choosing the boot entries at coreboot boards used as (maybe headless) servers. '/' char on numpad could be used to open the boot menu or to exit it. If there are >10 boot menu entries - the numpad console interface will be enabled: press one or two digit keys and then ENTER to confirm your choice, or remove a digit by pressing the '.Del' key. Also you could call TPM with '-' key at any moment, or boot with a single key press of your fullsize keyboard. Signed-off-by: Mike Banon <mikebdp2 at gmail.com> (patch body is after the testing instructions below) This "advanced_bootmenu" patch is much more useful when used together with my "multiple_floppies" patch: [SeaBIOS] [PATCH v2] ramdisk: search for all available floppy images instead of one https://mail.coreboot.org/pipermail/seabios/2018-December/012670.html Sadly I haven't done the suggestions by Kevin (I have so many unfinished tasks) so the "multiple_floppies" patch is also not merged yet. But you could install both patches to your coreboot by executing this script while at ./coreboot dir: https://pastebin.com/raw/hv9sSuMU And here is a coreboot image for QEMU with these two patches applied and my collection of wonderful and useful floppies added to popular the entries list: https://github.com/mikebdp2/floparchive/blob/master/coreboot.rom?raw=true Descriptions of the most prominent floppies could be found here: http://dangerousprototypes.com/docs/Lenovo_G505S_hacking#Useful_floppies Run this coreboot.rom by executing this QEMU command: (some floppies are 64-bit) qemu-system-x86_64 -L . -m 768 -localtime -vga vmware -net nic,model=rtl8139 \ -net user -soundhw ac97 -bios ./coreboot.rom -boot menu=on -serial stdio Best regards, Mike Banon diff --git a/src/boot.c b/src/boot.c index 9f82f3c..f94dd27 100644 --- a/src/boot.c +++ b/src/boot.c @@ -463,6 +463,7 @@ get_keystroke(int msec) * Boot menu and BCV execution ****************************************************************/ +#define BOOTMENU_PAGE_SIZE 18 #define DEFAULT_BOOTMENU_WAIT 2500 // Show IPL option menu. @@ -478,59 +479,282 @@ interactive_bootmenu(void) ; char *bootmsg = romfile_loadfile("etc/boot-menu-message", NULL); - int menukey = romfile_loadint("etc/boot-menu-key", 1); - printf("%s", bootmsg ?: "\nPress ESC for boot menu.\n\n"); + int menukey = romfile_loadint("etc/boot-menu-key", 1); // custom menukey + printf("%s", bootmsg ?: "\nPress ESC or \\ / slash for boot menu.\n\n"); free(bootmsg); u32 menutime = romfile_loadint("etc/boot-menu-wait", DEFAULT_BOOTMENU_WAIT); enable_bootsplash(); int scan_code = get_keystroke(menutime); disable_bootsplash(); - if (scan_code != menukey) + if (scan_code != menukey && // custom menukey + scan_code != 1 && // ESC + scan_code != 43 && // '\' char on keyboard + scan_code != 53 && // '/' char on keyboard + scan_code != 98) { // '/' char on numpad + if (scan_code == -1) + printf("No key pressed.\n"); + else + printf("Not a menukey pressed.\n"); return; + } while (get_keystroke(0) >= 0) ; - printf("Select boot device:\n\n"); wait_threads(); - // Show menu items + char keyboard_keys[35] = {'1','2','3','4','5','6','7','8','9','0', + 'q','w','e','r','t','y','u','i','o','p', + 'a','s','d','f','g','h','j','k','l', + 'z','x','c','v','b','n'}; /* m = TPM */ + int numpad_scancodes[10] = { 82, 79, 80, 81, 75, 76, 77, 71, 72, 73 }; + int numpi = 0; // Key index: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9. + int digits = 0; // Numerical length of a current choice number. + int decode = 0; // Decode the current choice number into a letter? + int entry_id = 0; + char desc[77]; + + printf("Select boot device"); + + // Show menu items after counting them and determining a number of pages. + // Only 35 boot menu items (36 if to count a TPM) are supported currently. + int maxmenu = 0; struct bootentry_s *pos; - hlist_for_each_entry(pos, &BootList, node) { - char desc[77]; + hlist_for_each_entry(pos, &BootList, node) maxmenu++; - printf("%d. %s\n", maxmenu + + if (maxmenu > 10) { + if (maxmenu > 35) + maxmenu = 35; + if (maxmenu > BOOTMENU_PAGE_SIZE) + printf(" - page 1 :"); + else + printf(": "); + printf(" // press ENTER after your numpad input"); + if (maxmenu > BOOTMENU_PAGE_SIZE) + printf(" - if any -\n " + " // - or to switch between the pages...\n"); + else + printf(" (if any)\n\n"); + } else { + printf(":\n\n"); + } + + hlist_for_each_entry(pos, &BootList, node) { + if (entry_id == BOOTMENU_PAGE_SIZE) // Show only the first page. + break; + printf("%c. %s\n", keyboard_keys[entry_id] , strtcpy(desc, pos->description, ARRAY_SIZE(desc))); + entry_id++; } + int tpm_cshm = 0; if (tpm_can_show_menu()) { - printf("\nt. TPM Configuration\n"); + tpm_cshm = 1; + printf("\nm-. TPM Configuration"); } - - // Get key press. If the menu key is ESC, do not restart boot unless - // 1.5 seconds have passed. Otherwise users (trained by years of - // repeatedly hitting keys to enter the BIOS) will end up hitting ESC - // multiple times and immediately booting the primary boot device. - int esc_accepted_time = irqtimer_calc(menukey == 1 ? 1500 : 0); + printf("\n> "); + + // Do not restart boot on menukey press, unless DEFAULT_BOOTMENU_WAIT msecs + // have passed. Otherwise users (trained by years of repeatedly hitting keys + // to enter the BIOS) will end up hitting menukey multiple times and + // immediately booting the primary boot device. + int esc_accepted_time = irqtimer_calc(DEFAULT_BOOTMENU_WAIT); + int choice = 0, kb_choice = 0; + int page_num = 1; + int enter = 0; + int backspace = 0; + int tpm_show_menu = 0; for (;;) { scan_code = get_keystroke(1000); - if (scan_code == 1 && !irqtimer_check(esc_accepted_time)) - continue; - if (tpm_can_show_menu() && scan_code == 20 /* t */) { + if (scan_code == menukey || // custom menukey + scan_code == 1 || // ESC + scan_code == 43 || // '\' char on keyboard + scan_code == 53 || // '/' char on keyboard + scan_code == 98) { // '/' char on numpad + if (!irqtimer_check(esc_accepted_time)) + continue; + if (digits == 2) // Remove the decoded "(*)" + printf(" \b\b\b"); + /* Remove the existing input before printing a message. */ + for (; digits > 0; digits--) + printf("\b \b"); + printf("Menukey pressed.\n"); + return; + } + kb_choice = 0; + /* 4 rows of keyboard_keys: 1 row with numbers, 3 rows with letters. + Use any of them to select a boot device (except the TPM 'm-' keys) */ + // 1st range: 1-9 and 0 (10) keys <==> 2-11 scan codes <==> 1-10 choice + if (scan_code >= 2 && scan_code <= 11) kb_choice = scan_code - 1; + // 2nd range: Q-P row of letters <==> 16-25 scan codes <==> 11-20 choice + if (scan_code >= 16 && scan_code <= 25) kb_choice = scan_code - 5; + // 3rd range: A-L row of letters <==> 30-38 scan codes <==> 21-29 choice + if (scan_code >= 30 && scan_code <= 38) kb_choice = scan_code - 9; + // 4th range: Z-N row of letters <==> 44-49 scan codes <==> 30-35 choice + if (scan_code >= 44 && scan_code <= 49) kb_choice = scan_code - 14; + // ENTER: (28) on keyboard, (96) on numpad. + if (scan_code == 28 || scan_code == 96) + enter = 1; + // BCKSPC: '<-'(14) and 'Delete'(111) on keyboard, '.Del'(83) on numpad. + if (scan_code == 14 || scan_code == 111 || scan_code == 83) + backspace = 1; + // TPM keys: 'm'(50) and '-'(12) chars on keyboard, '-'(74) on numpad. + if ((scan_code == 50 || scan_code == 12 || scan_code == 74) && tpm_cshm) + tpm_show_menu = 1; + + if (kb_choice != 0 || tpm_show_menu) { + if (kb_choice > maxmenu) { + if (!tpm_show_menu) + continue; + } else { + choice = kb_choice; + } + if (digits == 2) // Remove the decoded "(*)" + printf(" \b\b\b"); + /* Remove the existing input before printing a choice. */ + for (; digits > 0; digits--) + printf("\b \b"); + if (!tpm_show_menu) { + // Choice is any of the detected boot devices ==> lets boot! + break; + } + } else { + // Internal/USB Numpad console interface. + if (digits < 9) { + for (numpi = 0; numpi < 10; numpi++) { + if (scan_code == numpad_scancodes[numpi]) { + if (maxmenu <= 10) { // Console interface is not needed. + if ((numpi != 0 && numpi <= maxmenu) || + (numpi == 0 && 10 <= maxmenu)) { // 10(0) + choice = numpi; + enter = 1; // Fake ENTER to boot this entry now. + } else { // If no such an entry, don't try to boot. + break; + } + } else { + if (digits == 2) { + printf(" \b\b\b"); // Remove the decoded "(*)" + if (choice == 0) { + printf("\b\b \b\b"); // Remove "10". + digits = 0; + } + } + choice = 10 * choice + numpi; + } + if (choice > 0) { + printf("%d", numpi); // Print the entered digit. + digits++; + } else { + if (10 <= maxmenu) + printf("10(0)\b\b\b"); + else + printf("10(?)\b\b\b"); + digits = 2; + } + if (choice > 9 && digits == 2) // Decode into a letter. + decode = 1; + break; + } + } + } + if (backspace && digits > 0) { + backspace = 0; + choice = choice / 10; + if (digits == 2) { + printf(" \b\b\b"); // Remove the decoded "(*)" + // 0 turned into 10: one more Backspace is needed to remove. + if (choice == 0) { + printf("\b \b"); + digits--; + } + } + printf("\b \b"); // Remove the last entered digit. + digits--; + if (choice > 9 && digits == 2) // Decode into a letter. + decode = 1; + } + if (decode) { // Decode the current choice number into a letter. + decode = 0; + if (choice <= maxmenu) { + printf("(%c)", keyboard_keys[choice-1]); + } else { + if (tpm_cshm && choice == 36) + printf("(m)"); // For TPM. + else + printf("(?)"); // No matching letter found. + } + printf("\b\b\b"); // Move a cursor before the "(*)" + } + } + + if (enter) { + enter = 0; + if (choice == 0) { + if (digits == 2) { // for 0 that turned into 10 + if (10 <= maxmenu) + break; + else + continue; + } + // If there are two pages - switch between them. + if (maxmenu > BOOTMENU_PAGE_SIZE) { + entry_id = 0; + page_num = 3 - page_num; // 3 - 1 = 2; 3 - 2 = 1. + printf("\n\nSelect boot device - page %d :" + " // press ENTER after your numpad input" + " - if any -\n " + " // - or to switch between the pages...\n", + page_num); + hlist_for_each_entry(pos, &BootList, node) { + if ((page_num == 1 && entry_id == BOOTMENU_PAGE_SIZE) || + (page_num == 2 && entry_id == 35)) + break; + if (page_num == 1 || entry_id >= BOOTMENU_PAGE_SIZE) + printf("%c. %s\n", keyboard_keys[entry_id], + strtcpy(desc, pos->description, ARRAY_SIZE(desc))); + entry_id++; + } + if (tpm_cshm) + printf("\nm-. TPM Configuration"); + printf("\n> "); + } + } else { + if (choice > maxmenu) { + if (tpm_cshm && choice == 36) + tpm_show_menu = 1; + } else { + // Choice is any of the detected boot devices ==> lets boot! + break; + } + } + } + + if (tpm_show_menu) { + tpm_show_menu = 0; + choice = 0; + if (digits == 0) + printf("TPM key pressed."); + else + digits = 0; printf("\n"); tpm_menu(); + printf("> "); } - if (scan_code >= 1 && scan_code <= maxmenu+1) - break; + } + + if (choice == 0) // 10(0) + choice = 10; + + if (digits == 0 && choice < 36) { + printf("%c", keyboard_keys[choice-1]); + if (choice > 9) // Decode into a number. + printf("(%d)", choice); } printf("\n"); - if (scan_code == 0x01) - // ESC - return; // Find entry and make top priority. - int choice = scan_code - 1; hlist_for_each_entry(pos, &BootList, node) { if (! --choice) break; diff --git a/src/config.h b/src/config.h index 93c8dbc..f85cc14 100644 --- a/src/config.h +++ b/src/config.h @@ -19,7 +19,7 @@ // Space to reserve in high-memory for tables #define BUILD_MAX_HIGHTABLE (256*1024) // Largest supported externaly facing drive id -#define BUILD_MAX_EXTDRIVE 16 +#define BUILD_MAX_EXTDRIVE 36 // Number of bytes the smbios may be and still live in the f-segment #define BUILD_MAX_SMBIOS_FSEG 600 // Maximum number of bytes the mptable may be and still be copied to f-segment

2 2

Custom-sized, large floppy images?
by Rafael Send 03 Apr '20

03 Apr '20

Hi, I'm working on stuffing a bootable Linux distro into coreboot. In QEMU I already succeded by using coreboot's built-in kernel loading mechanism, but that's without SeaBIOS. I'd love to have it as a SeaBIOS payload so I can also boot other things, but I guess I'd have to create a custom-sized floppy image for this or figure out how to create an ELF payload out of a Linux kernel (I'm open to either, but I wasn't able to find any documentation on the ELF method). The guy who put Win 3.1 in coreboot attempted the floppy method, but according to his article he did not find success with this method due to unknown and complex issues in the floppy-side logic of SeaBIOS. So, I'm making the question explicit: What would it take to support custom-sized floppy images? In particular, I'm thinking of a 16MB device... Alternatively, would it be possible to create an ELF file out of a Linux kernel+initrd / bootable image? Cheers, Rafael

4 28

[PATCH 2/2] hw/usb-hid: Don't abort if setting key repeat rate fails
by Matt DeVillier 06 Mar '20

06 Mar '20

Since the USB stack doesn't handle stalled pipes, don't abort keyboard setup if the set_idle command fails, since it's a non-critical feature. Instead, log a warning. Test: build/boot Google Pixel Slate, observe keyboard functional Signed-off-by: Matt DeVillier <matt.devillier(a)gmail.com> --- src/hw/usb-hid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/hw/usb-hid.c b/src/hw/usb-hid.c index cedec0b..9e92dfe 100644 --- a/src/hw/usb-hid.c +++ b/src/hw/usb-hid.c @@ -70,7 +70,7 @@ usb_kbd_setup(struct usbdevice_s *usbdev // Periodically send reports to enable key repeat. ret = set_idle(usbdev->defpipe, KEYREPEATMS); if (ret) - return -1; + dprintf(3, "Warning: Failed to set key repeat rate\n"); keyboard_pipe = usb_alloc_pipe(usbdev, epdesc); if (!keyboard_pipe) -- 2.20.1

3 2

[PATCH v3] hw/usb-hid: handle devices with illegal max packet size
by Matt DeVillier 06 Mar '20

06 Mar '20

Some USB keyboards report 9 or 10-byte max packet sizes, instead of the 8-byte max specified by the USB HID spec. Handle this by increasing the size of the keyevent struct to 10 bytes, and using the key array size of the usbkeyinfo struct as loop bounds rather than that of the keyevent struct (since the former will always be smaller, and within spec). Test: built/boot on Google Pixel Slate, observe keyboard functional Signed-off-by: Matt DeVillier <matt.devillier(a)gmail.com> --- src/hw/usb-hid.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/hw/usb-hid.c b/src/hw/usb-hid.c index fa4d9a2..bce1b5f 100644 --- a/src/hw/usb-hid.c +++ b/src/hw/usb-hid.c @@ -8,6 +8,7 @@ #include "config.h" // CONFIG_* #include "output.h" // dprintf #include "ps2port.h" // ATKBD_CMD_GETID +#include <string.h> //memset #include "usb.h" // usb_ctrlrequest #include "usb-hid.h" // usb_keyboard_setup #include "util.h" // process_key @@ -59,8 +60,10 @@ usb_kbd_setup(struct usbdevice_s *usbdev // XXX - this enables the first found keyboard (could be random) return -1; - if (epdesc->wMaxPacketSize != 8) + if (epdesc->wMaxPacketSize > 10) { + dprintf(1, "USB keyboard endpoint wMaxPacketSize > 10; aborting\n"); return -1; + } // Enable "boot" protocol. int ret = set_protocol(usbdev->defpipe, 0); @@ -163,11 +166,15 @@ static u16 ModifierToScanCode[] VAR16 = { #define RELEASEBIT 0x80 -// Format of USB keyboard event data +// Format of USB keyboard event data. +// Some keyboards use a 9/10 byte packet size, +// so account for that here to prevent buffer +// overflow. We'll ignore the 9th/10th bytes +// as it's out of spec. struct keyevent { u8 modifiers; u8 reserved; - u8 keys[6]; + u8 keys[8]; }; // Translate data from KeyToScanCode[] to calls to process_key(). @@ -253,7 +260,7 @@ handle_key(struct keyevent *data) break; int j; for (j=0;; j++) { - if (j>=ARRAY_SIZE(data->keys)) { + if (j>=ARRAY_SIZE(old.keys)) { // Key released. procscankey(key, RELEASEBIT, data->modifiers); if (i+1 >= ARRAY_SIZE(old.keys) || !old.keys[i+1]) @@ -274,7 +281,7 @@ handle_key(struct keyevent *data) // Process new keys procmodkey(data->modifiers & ~old.modifiers, 0); old.modifiers = data->modifiers; - for (i=0; i<ARRAY_SIZE(data->keys); i++) { + for (i=0; i<ARRAY_SIZE(old.keys); i++) { u8 key = data->keys[i]; if (!key) continue; -- 2.20.1

2 3

[PATCH v2 0/2] Initialize only bootable virtio-blk/virtio-blk
by Alexey Kirillov 06 Jan '20

06 Jan '20

This patch aimed to avoid problem with uninitialized virtio-blk and virtio-scsi boot devices. Currently, 12 KiB of memory is allocated for each virtio-blk/scsi, so no more than about 10 devices can be initialized. If the device is not initialized, we cannot boot from it. So, if we have more than 10 devices, we can't boot from any of the following (11, 12, etc.). We can initialize only bootable devices, i.e. listed in boot order list, that this patch does. Alexey Kirillov (2): boot: Detect strict boot order (HALT record) in function virtio: Do not init non-bootable devices src/boot.c | 5 +++++ src/hw/virtio-blk.c | 11 ++++++++++- src/hw/virtio-scsi.c | 11 ++++++++++- src/util.h | 1 + 4 files changed, 26 insertions(+), 2 deletions(-) -- 2.17.1

2 3

strange behavior (regression?) with SeaBIOS + iPXE + WDSNBP.COM
by Laszlo Ersek 02 Jan '20

02 Jan '20

Hi Michael & Lists, I'd like to ask for ideas with the following problem we have. (1) There is a functional iPXE + WDS setup, with iPXE built as a traditional BIOS PCI option ROM, using CONFIG=qemu. Accordingly the platform is qemu, with SeaBIOS, and the NIC is virtio-net-pci. I don't know anything about the particulars of the WDS setup at this point, only that the boot loader program it exposes is WDSNBP.COM. (2) The setup works fine when iPXE is built at commit 4e85b2708fa0 ("[virtio] Use host-specified MTU when available", 2017-01-23). (3) When iPXE is built at commit 133f4c47baef ("[build] Handle R_X86_64_PLT32 from binutils 2.31", 2018-09-17), the setup breaks. The symptom is that iPXE fetches WDSNBP.COM just fine, but WDSNBP.COM, rather than doing whatever it does otherwise, keeps PXE-booting itself (3+ times), and finally aborts. Consider the following log output (my undertanding is that all this is logged by WDSNBP.COM): > Downloaded WDSNBP... > > Press F12 for network service boot > Architecture: x64 > WDSNBP started using DHCP Referral. > Contacting Server: ... (Gateway: ...) > Contacting Server: ... > TFTP Download: boot\x86\wdsnbp.com This block repeats approx. 3 times, after which the following is displayed: > Windows Deployment Services: PXE Boot Aborted. > Could not boot image: Error 0x7f8d8101 (http://ipxe.org/7f8d8101) > No more network devices > > No bootable device My understanding is that the first line from this last block is printed by WDSNBP.COM, the second line by iPXE (in pxe_start_nbp()), the third line also by iPXE, and the last one by SeaBIOS. This seems to indicate that WDSNBP.COM exits with an error code, and pxe_start_nbp() logs it as "Error 0x7f8d8101". (4) Now, after a bit of searching the web, I've found the following articles, which indicate that the WDS (= server side) setup is incorrect: (4a) "disable NetBios over TCPIP, on the WDS server" https://techthoughts.info/pxe-booting-wds-dhcp-scope-vs-ip-helpers/#comment… https://social.technet.microsoft.com/Forums/ie/en-US/f3883e8b-1039-477d-999… (4b) "cover all combinations of forward and backwards slashes in ReadFilter, on the WDS server" http://ipxe.org/appnote/chainload_wds#tftp_loops However: the regression appears to be a function of *only* the git commit at which we build iPXE. It seems so deterministic that we bisected commit range 4e85b2708fa0..133f4c47baef. (Hence we have not captured the network traffic yet, nor have we investigated the WDS server config.) The "culprit" commit is ea29122a70c6 ("[http] Include error messages for 4xx and 5xx response codes", 2017-12-28). (5) Which makes no sense to me, unfortunately. :( Commit ea29122a70c6 adds the "http_errors" array to the code. According to src/include/ipxe/tables.h and the build artifact src/bin/1af41000.rom.tmp.map this new array is placed in a new section called .textdata.tbl.errortab.01 Trying to retro-fit those facts to the symptom encountered, I came up with the idea that *maybe* the new array (or section) causes a memory allocation failure in WDSNBP.COM -- due to increased memory footprint of iPXE. Which then leads to the misbehavior of WDSNBP.COM. After all, WDSNBP.COM is a 16-bit real-mode program: https://support.microsoft.com/en-us/help/4468601/pxe-boot-in-configuration-… so it could be susceptible to the size & fragmentation of the RAM that is under 640KB. (6) Unfortunately, this "low RAM exhaustion" idea doesn't seem to hold water. There are at least two counter-arguments: (6a) if I revert commit ea29122a70c6 on top of commit 133f4c47baef, then the issue does *not* go away. (The issue also does not go away if I remove the "netdev_errors" array, also on top of commit 133f4c47baef -- that's a larger array.) (... In theory anyway, this might not necessarily disprove the memory exhaustion idea. What if the iPXE footprint grows, over the ea29122a70c6..133f4c47baef so much, for independent reasons, that reverting ea29122a70c6 at the end cannot compensate for that increase?) (6b) I added "DEBUG=pxe_call:1" to the "make" command, and compared the debug messages printed by pxe_start_nbp(), between 4e85b2708fa0 and 133f4c47baef. Alas, the debug messages are identical: > PXE NBP starting with netdev net0, code 9c6c:0802, data 9cf0:2ce0 which to me suggests that there is no change in the amount of memory that is made available to WDSNBP.COM -- its code and data continue to start at 0x9_CEC2 and 0x9_FBE0, respectively. Any hints as to what could be going wrong? Thanks! Laszlo

2 5

[PATCH 0/1] Initialize only bootable virtio-blk/virtio-blk
by Alexey Kirillov 20 Dec '19

20 Dec '19

This patch aimed to avoid problem with uninitialized virtio-blk and virtio-scsi boot devices. Currently, 12 KiB of memory is allocated for each virtio-blk/scsi, so no more than about 10 devices can be initialized. If the device is not initialized, we cannot boot from it. So, if we have more than 10 devices, we can't boot from any of the following (11, 12, etc.). We can initialize only bootable devices, i.e. listed in boot order list, that this patch does. Alexey Kirillov (1): virtio: do not init non-bootable devices docs/Runtime_config.md | 1 + src/hw/virtio-blk.c | 10 ++++++++++ src/hw/virtio-scsi.c | 10 ++++++++++ 3 files changed, 21 insertions(+) -- 2.17.1

2 4

[PATCH v2 1/3] csm: Call pci_probe_devices() late until PrepareToBoot is invoked by UEFI
by Bin Gao 19 Dec '19

19 Dec '19

On physical hardware, some PCI devices are not detectable when UEFI BIOS invokes our InitializeYourself() function. But they are guaranteed to be available before UEFI invokes our PreparToBoot() function. So in the case of running CSM on physical hardware, we execute pci_probe_devices() at PrepareToBoot() stage. Signed-off-by: Bin Gao <gaobin(a)amazon.com> --- src/fw/csm.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/fw/csm.c b/src/fw/csm.c index 8359bcb..82d375c 100644 --- a/src/fw/csm.c +++ b/src/fw/csm.c @@ -63,7 +63,9 @@ static void csm_maininit(struct bregs *regs) { interface_init(); - pci_probe_devices(); + + if (CONFIG_CSM && CONFIG_QEMU_HARDWARE) + pci_probe_devices(); csm_compat_table.PnPInstallationCheckSegment = SEG_BIOS; csm_compat_table.PnPInstallationCheckOffset = get_pnp_offset(); @@ -143,6 +145,13 @@ handle_csm_0002(struct bregs *regs) return; } + // On physical hardware, some PCI devices are not detectable when + // UEFI invokes our InitializeYourself() function. But they + // are guaranteed to be available before UEFI invokes our + // PreparToBoot() function. + if (CONFIG_CSM && !CONFIG_QEMU_HARDWARE) + pci_probe_devices(); + dprintf(3, "PrepareToBoot table %04x:%04x\n", regs->es, regs->bx); struct e820entry *p = (void *)csm_compat_table.E820Pointer; -- 2.17.1

2 7

[PATCH v2] hw/usb-hid: handle devices with illegal max packet size
by Matt DeVillier 13 Dec '19

13 Dec '19

Some USB keyboards report 9 or 10-byte max packet sizes, instead of the 8-byte max specified by the USB HID spec. Handle this by increasing the size of the keyevent struct to 10 bytes, zeroizing it before use, and using the key array size of the usbkeyinfo struct as loop bounds rather than that of the keyevent struct (since the former will always be smaller, and within spec) to prevent buffer overflow. Test: built/boot on Google Pixel Slate, observe keyboard functional Signed-off-by: Matt DeVillier <matt.devillier(a)gmail.com> --- src/hw/usb-hid.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/src/hw/usb-hid.c b/src/hw/usb-hid.c index fa4d9a2..bce1b5f 100644 --- a/src/hw/usb-hid.c +++ b/src/hw/usb-hid.c @@ -8,6 +8,7 @@ #include "config.h" // CONFIG_* #include "output.h" // dprintf #include "ps2port.h" // ATKBD_CMD_GETID +#include <string.h> //memset #include "usb.h" // usb_ctrlrequest #include "usb-hid.h" // usb_keyboard_setup #include "util.h" // process_key @@ -59,8 +60,10 @@ usb_kbd_setup(struct usbdevice_s *usbdev // XXX - this enables the first found keyboard (could be random) return -1; - if (epdesc->wMaxPacketSize != 8) + if (epdesc->wMaxPacketSize > 10) { + dprintf(1, "USB keyboard endpoint wMaxPacketSize > 10; aborting\n"); return -1; + } // Enable "boot" protocol. int ret = set_protocol(usbdev->defpipe, 0); @@ -163,11 +166,15 @@ static u16 ModifierToScanCode[] VAR16 = { #define RELEASEBIT 0x80 -// Format of USB keyboard event data +// Format of USB keyboard event data. +// Some keyboards use a 9/10 byte packet size, +// so account for that here to prevent buffer +// overflow. We'll ignore the 9th/10th bytes +// as it's out of spec. struct keyevent { u8 modifiers; u8 reserved; - u8 keys[6]; + u8 keys[8]; }; // Translate data from KeyToScanCode[] to calls to process_key(). @@ -253,7 +260,7 @@ handle_key(struct keyevent *data) break; int j; for (j=0;; j++) { - if (j>=ARRAY_SIZE(data->keys)) { + if (j>=ARRAY_SIZE(old.keys)) { // Key released. procscankey(key, RELEASEBIT, data->modifiers); if (i+1 >= ARRAY_SIZE(old.keys) || !old.keys[i+1]) @@ -274,7 +281,7 @@ handle_key(struct keyevent *data) // Process new keys procmodkey(data->modifiers & ~old.modifiers, 0); old.modifiers = data->modifiers; - for (i=0; i<ARRAY_SIZE(data->keys); i++) { + for (i=0; i<ARRAY_SIZE(old.keys); i++) { u8 key = data->keys[i]; if (!key) continue; @@ -310,6 +317,8 @@ usb_check_key(void) for (;;) { struct keyevent data; + // zeroize struct as most keyboards won't fill it + memset(&data, 0, sizeof(data)); int ret = usb_poll_intr(pipe, &data); if (ret) break; -- 2.20.1

1 0

Subject: [PATCH 1/2] hw/usb-hid: handle devices with illegal max packet size
by Matt DeVillier 13 Dec '19

13 Dec '19

Some USB keyboards report 9 or 10-byte max packet sizes, instead of the 8-byte max specified by the USB HID spec. Handle this by increasing the size of the keyevent struct to 10 bytes, zeroizing it before use, and using the key array size of the usbkeyinfo struct as loop bounds rather than that of the keyevent struct (since the former will always be smaller, and within spec). Test: built/boot on Google Pixel Slate, observe keyboard functional Signed-off-by: Matt DeVillier <matt.devillier(a)gmail.com> --- src/hw/usb-hid.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/hw/usb-hid.c b/src/hw/usb-hid.c index fa4d9a2..cedec0b 100644 --- a/src/hw/usb-hid.c +++ b/src/hw/usb-hid.c @@ -8,6 +8,7 @@ #include "config.h" // CONFIG_* #include "output.h" // dprintf #include "ps2port.h" // ATKBD_CMD_GETID +#include <string.h> //memset #include "usb.h" // usb_ctrlrequest #include "usb-hid.h" // usb_keyboard_setup #include "util.h" // process_key @@ -59,7 +60,7 @@ usb_kbd_setup(struct usbdevice_s *usbdev // XXX - this enables the first found keyboard (could be random) return -1; - if (epdesc->wMaxPacketSize != 8) + if (epdesc->wMaxPacketSize > 10) return -1; // Enable "boot" protocol. @@ -163,11 +164,15 @@ static u16 ModifierToScanCode[] VAR16 = { #define RELEASEBIT 0x80 -// Format of USB keyboard event data +// Format of USB keyboard event data. +// Some keyboards use a 9/10 byte packet size, +// so account for that here to prevent buffer +// overflow. We'll ignore the 9th/10th bytes +// as it's out of spec. struct keyevent { u8 modifiers; u8 reserved; - u8 keys[6]; + u8 keys[8]; }; // Translate data from KeyToScanCode[] to calls to process_key(). @@ -253,7 +258,7 @@ handle_key(struct keyevent *data) break; int j; for (j=0;; j++) { - if (j>=ARRAY_SIZE(data->keys)) { + if (j>=ARRAY_SIZE(old.keys)) { // Key released. procscankey(key, RELEASEBIT, data->modifiers); if (i+1 >= ARRAY_SIZE(old.keys) || !old.keys[i+1]) @@ -274,7 +279,7 @@ handle_key(struct keyevent *data) // Process new keys procmodkey(data->modifiers & ~old.modifiers, 0); old.modifiers = data->modifiers; - for (i=0; i<ARRAY_SIZE(data->keys); i++) { + for (i=0; i<ARRAY_SIZE(old.keys); i++) { u8 key = data->keys[i]; if (!key) continue; @@ -310,6 +315,8 @@ usb_check_key(void) for (;;) { struct keyevent data; + //zeroize struct as most keyboards won't fill it + memset(&data, 0, sizeof(data)); int ret = usb_poll_intr(pipe, &data); if (ret) break; -- 2.20.1

2 1

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

SeaBIOS December 2019