Linux UEFI Validation (LUV) v2.3-rc1 released

Megha Dey of Intel has announced the latest release of LUV, with multiple new features and bugfixes by multiple contributors:

Gayatri Kammela (12), Megha Dey (9), Naresh Bhat (3), Ricardo Neri (22),  Sai Praneeth (5)

It mostly includes updates to yocto, meta-oe, various test suites and kernel version and bug fixes. We have also added a feature to display the severity of failed test cases. Since we had the stable v2.2 release 2 months back, it made sense to have this release as rc1 of v2.3 to allow stabilization towards the next release cycle.

Main new feature: Display the severity of failed test cases In this release, Ricardo submitted 2 patchsets to display the severity of failed test cases. This is a valuable addition as LUV now ships with 7 different test suites. Some test suites include hundreds of test cases. Thus, we could possibly have tens of failed test cases, which can be overwhelming. In order to help users to decide on which failed test cases focus their attention, it is useful to indicate the severity of failed test cases.

See the full announcement for list of bugfixes.

https://download.01.org/linux-uefi-validation/v2.3/
https://lists.01.org/mailman/listinfo/luv

Firmware Test Suite 18.02.00 is released

New Features:
* ACPICA: Update to version 20180209
* uefirtvariable: add test for EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS attribute

See full announcement for list of bugfixes.

In related news, LUV has picked up the latest FWTS.

http://fwts.ubuntu.com/release/fwts-V18.02.00.tar.gz
https://launchpad.net/~firmware-testing-team/+archive/ubuntu/ppa-fwts-stable
https://wiki.ubuntu.com/FirmwareTestSuite/ReleaseNotes/18.02.00
https://launchpad.net/ubuntu/+source/fwts
https://lists.ubuntu.com/mailman/listinfo/fwts-announce

Linux UEFI Validation Project v2.2 released

Features:

1. Add a wrapper script to setup build environment which makes
configuring LUV build systems very simple. It also makes it easy to
perform automated builds from a fresh clone of the git repository.

2. Write messages to a console and/or debug file so that someone with
access to only a serial console or netconsole will also know what is
going on. Currently, we only use the plymouth graphical manager to
display certain messages to the user.

The LUV git repository URL has been updated from
https://github.com/01org/luv-yocto.git
to:
https://github.com/intel/luv-yocto.git

See the full announcement for list of bugfixes an other changes.

https://lists.01.org/mailman/listinfo/luv

 

LUV 2.2-rc2 released

Megha Dey of Intel announced the v2.2-rc2 release of LUV, Linux UEFI Validation. Excerpts of announcement below, for full announcement, see LUV mailing list post.

Two main new features:

Dump list of Device-Specific Methods:
DSM (Device Specific Method) as defined in ACPI spec is a control method that enables devices to provide device specific control functions that are consumed by the device driver. DSM’s are optional on a platform and they are optional to be consumed by OS. Both these points mean that a kernel developer might be unaware of these DSM’s and hence might never use them in their device driver. By adding this feature, LUV could be used as a vehicle to educate kernel developers about these DSM’s. A device driver developer, from the list of DSM’s provided by LUV, could then evaluate the usefulness of a DSM and then decide if it needs to be used or left as an option.

Add tests in bits to detect Machine Check Errors:
Machine Check Error (MCE) test is a way to find the errors generated by the hardware or any specific subsystem(s). The value of these tests is that it detects any MCEs that might have occurred before Linux starts to boot. Hence, if detected, they were caused by hardware or possibly BIOS.

https://01.org/linux-uefi-validation/v2.2

https://lists.01.org/mailman/listinfo/luv

FWTS 17.11.00 released (and added to LUV)

The November 2017 release of FirmWare Test Suite is out, with many ACPI changes, and a few UEFI changes.

New Features:
* acpi: devices: add a new test for acpi ec device
* acpi: devices: add a new test for ACPI AC adapter device
* acpi: devices: add a new test for ACPI battery device
* acpi: devices: add a new test for smart battery device
* acpi: devices: add new tests for power and sleep button devices
* acpi: madt: check GICD’s system vector according to mantis 1819 (ACPI 6.2a)
* acp: nfit: add platform capability according to manit 1831 (ACPI 6.2a)
* lib: add new large resource data type for _CRS methods
* acpi: sdev: add ACPI SDEV test (mantis 1632)
* acpi: dppt: add ACPI PDTT test (mantis 1576)
* acpi: devices: add new tests for lid device
* acpi: devices: add new tests for ambient light sensor device
* acpi: devices: add new tests for time and alarm device
* acpi: devices: add new tests for wireless power calibration device
* acpi: add tests for _SRT control method
* auto-packager: mkpackage.sh: add bionic
* fwts: add bash command-line completion
* Add ACPI 1.0 RSDP test to make sure RSDT field isn’t null
* ACPICA: Update to version 20171110
* uefi: uefidump: add dumping for BluetoothLE device path
* uefi: uefidump: add dumping for DNS device path
* uefi: uefibootpath: add test for BluetoothLE device path
* uefi: uefibootpath: add test for DNS device path

https://launchpad.net/ubuntu/+source/fwts
http://fwts.ubuntu.com/release/fwts-V17.11.00.tar.gz
https://launchpad.net/~firmware-testing-team/+archive/ubuntu/ppa-fwts-stable
https://wiki.ubuntu.com/FirmwareTestSuite/ReleaseNotes/17.11.00

See full announcement for list of few-dozen bugfixes.

Full announcement:
https://lists.ubuntu.com/archives/fwts-announce

In related news,  Gayatri Kammela has added this updated FWTS to LUV.

Update FWTS to version v17.11.00

Full patch:
https://lists.01.org/mailman/listinfo/luv

Linux UEFI Validation Project v2.2-rc1 released

Megha Dey of Intel has taken over the role of LUV maintainer, and announced the 2.2-rc1 release. Excerpts of announcement are below, read full announcement for list of bugfixes.

This is to announce the release of LUV v2.2-rc1. Firstly, I would inform all of you that I have taken over the role of maintainer of this project from Ricardo Neri. I would like to thank Ricardo for all the guidance and support he has provided to make this release possible. This release comes approximately 3 months after our last 2.1-rc2 release and we are further working to have releases more frequently. It mostly includes updates to yocto, meta-oe, various test suites and kernel version. We have also added a new test suite called pstore-test which will run the pstore selftests of the kernel and added some tests in kernel-efi-warnings to detect machine check errors. Given that this is the first time I am doing the release, it is possible for some issues to arise, hence it made sense to have this release as rc1 of v2.2 to allow stabilization towards the next release cycle.

We added a new test suite called pstore-test. This test-suite will check the pstore behavior and are useful to avoid regressions of pstore. This test-suite will cause a reboot during its execution. The necessary groundwork to ensure these type of test suites can be integrated seamlessly into LUV has also been included in this release.

Also, Ricardo added some tests in kernel-efi-warnings to detect machine check errors such as system bus errors, parity errors, cache errors and TLB errors. Linux has support to detect this underlying mechanism and report the error in the kernel message buffer.

We include FWTS V17.09.00 Chipsec 1.3.3 and NDCTL v58, the latest versions available as of this week.

The release images for x86 (disk and network) will be available on 10/23/2017.

 

https://01.org/linux-uefi-validation/v2.2 (apparently this URL won’t be valid until 10/23?)

https://01.org/linux-uefi-validation

Full announcement:
https://lists.01.org/mailman/listinfo/luv

Intel releases LUV (Linux UEFI Validation) v2.1

Today Ricardo Neri of Intel announced the 2.1 release of LUV. In additon to updating Linux to v4.11, FWTS to V17.06.00, CHIPSEC to v1.3.1, BITS to v2079, and NDCTL v56, they also started doing nightly builds. Here are some of the other highlights of this release, from the announcement:

Gayatri Kammela won the prize of the most active contributor with many bug fixes and a new feature. She fixed our netboot image, which was missing the ramdisk(!). She added support for debugging and logging of BITS output via network. Likewise, she reworked the LUV configuration file to make more sense to both humans and computers by making clear when parameters are not used. She also investigated and fixed dependencies in systemd that caused delays in the execution of tests. Lastly, she fixed a couple of build-time bugs.

Naresh Bhat updated our Linux kernel recipe to retrieve the kernel configuration directly from the source tree rather than manually updating it. This helped us to remove those eyesore patches for updating our configuration that needed to be sent every time we bumped to a new kernel version. The overall result looks great and is closer to the intended use of the kernel and Yocto Projects’s scripts to merge multiple configuration fragments. I took this opportunity to sanitize the configuration for x86 to add missing configurations and reorganize them.

Sai Praneeth Prakhya added functionality to dump relevant and useful dumps as part of the testing results. Now LUV is capable of dumping the kernel’s boot log, the contents of the ACPI tables as well as the properties of the CPUs in the system. Very useful! Also, he helped us to bump to Linux v4.11. He also took burden of rebasing our implementation to detect firmware’s illegal memory access in this new version of Linux.

Matt Hart updated our GRUB configuration to automate boots across all CPU architectures by not waiting for human intervention to complete boots.

See the full announcement for lists of Known and Fixed Issues:
https://lists.01.org/mailman/listinfo/luv

In addition to stuff mentioned in LUV announcement, LUV also did some updates to how LUV calls CHIPSEC, see these posts:
https://lists.01.org/pipermail/chipsec/2017-July/thread.html

These days, LUV-live ships with BIOS MBR or UEFI GPT partition types, local or network boot types, and x86 or x64 architecture type, multiple choices for the image:
https://download.01.org/linux-uefi-validation/v2.1/
https://download.01.org/linux-uefi-validation/v2.1/sha256sums.asc

 

LUV announces v2.1-rc2 release

Ricardo Neri of Intel posted a LONG announcement about LUV V2.1-rc2, most of which included here. There are a LOT of new features in this LUV release!

This is to announce the release of LUV v2.1-rc2. It has been a while since the last time of our last release. This is not the ideal release cadence are working to make changes. We will now release more frequently. We aim to release a new version every 4-5 weeks with the content we accumulate over that period of time. Given the large number of new features and changes in this release, it made sense to release it as rc2 of v2.1 to allow for issues to arise and stabilize towards the next release cycle.

This release include the client side of our telemetrics solution. This solution is based on the implementation done for Clear Linux[1]; abiding Intel privacy policies[2]. Please note that telemetrics is an opt-in feature and is disabled by default and only works for systems within Intel networks. We will work now on the server side of the solution.

In this release we have migrated from systemV to systemd, which is inline with most Linux distributions. Also, our telemetrics client needed it to function. Megha Dey did all the heavy lifting to migrate to systemd; which was not an easy task (kudos to her!). She worked on stabilizing network and revamping our splash screen, which now uses plymouth.

Sai Praneeth Prakhya extended our existing implementation to detect illegal access to UEFI Boot Services memory regions after boot. His extension now allows to detect such access to also conventional memory. Likewise, it now detects these acceses at runtime and long after UEFI SetVirtualAddressMap. This has been quite useful recently to detect bugs related to UEFI capsules in certain firmware implementations.

Gayatri Kammela worked on providing tools to make the netboot images more useful. She completed a reference implementation of an HTTP server to collect test results in a test farm. The documentation of this implementation can be found here[2]; we don’t provide collection services. Of course, the client-side implementation of this solution is part of this release. Along with this solution, she wrote a script to customize a netboot binary (an EFI application) to work with her reference implementation[4].

Naresh Bhat updated the kernel configuration for aarch64. He also worked on providing a more clean, unified and structured kernel command line for all the supported CPU architectures. He also enabled support of netboot images for aarch64.

Fathi Boudra kindly reworked the kernel configuration fragments to avoid unnecessary duplications.

Matt Hart added a new luv.poweroff option.

Configuration of LUV has been simplified by moving all the parameters that the user might configure a LUV.cfg file found in the boot partition of the disk image. No more meddling with the grub.cfg configuration file.

We now provide images built for both GPT and MBR partition schemes.

Updated test suites: We include FWTS V17.03.00, CHIPSEC v1.2.5 plus all the changes available as of this week towards the release of v.1.2.6, which should be coming soon. BITS was bumped to v2079. We use Linux v4.10. This release is based on the Morty version of the Yocto Project.

meta-oe and updates to the build process: Our build process changed a bit. We now include certain components from the  meta-oe layer[5]. Such layer has been added to our repository, but it still need to be added locally to the build/conf/bblayers.conf file when building.

Binary images for x86: A announcement to download binary images for x86 will be sent this week.

See rest of announcement for list of Known Issues, and Fixed Issues.

[1] https://clearlinux.org/features/telemetry
[2] http://www.intel.com/content/www/us/en/privacy/intel-privacy.html
[3] https://github.com/01org/luv-yocto/wiki/Send–LUV-test-results-to-an-HTTP-server
[4] https://github.com/01org/luv-yocto/wiki/Using-LUV-Script-modify_luv_netboot_efi.py
[5] https://layers.openembedded.org/layerindex/branch/master/layer/meta-oe/

Full announcement:
https://lists.01.org/mailman/listinfo/luv

LUV adds EFI_WARN_ON_ILLEGAL_ACCESSES

Sai Praneeth Prakhya of Intel has posted a patch to the LUV project list, with new clever new abilities to increase LUV’s ability to detect bad UEFI firmware.

Presently, LUV detects illegal accesses by firmware to EFI_BOOT_SERVICES_* regions only during “SetVirtualAddressMap()”. According to UEFI spec, this function will be called only once; by kernel during boot. Hence, LUV cannot detect any other illegal accesses that firmware might do after boot. Moreover, LUV can detect illegal accesses *only* to EFI_BOOT_SERVICES_CODE/DATA regions. This patch set tries to address the above mentioned two issues:
1. Detect illegal accesses to other EFI regions (like EFI_LOADER_CODE/DATA, EFI_CONVENTIONAL_MEMORY)
2. Detect illegal accesses to these regions even after kernel has booted
Recently, we came across machines with buggy firmware that access EFI memory regions like EFI_CONVENTIONAL_MEMORY, EFI_BOOT_SERVICES_CODE/DATA and EFI_LOADER_CODE/DATA even after kernel has booted. Firmware accesses these regions when some efi_runtime_service() is invoked by test cases like FWTS. These illegal accesses can potentially cause kernel hang. Hence, it’s good to have a test case in LUV which can detect these illegal accesses and hence report them to user. This requires making changes to kernel and searching dmesg for relative warnings. As there are 9 patches to linux kernel to enable this feature and putting all these 9 kernel patches in a single LUV patch makes the LUV patch gigantic; hence I have split them into smaller ones (as suggested by Ricardo). The first patch in this series (“linux-yocto-efi-test: Do not support EFI_BOOT_SERVICES_WARN”) removes support to “EFI_BOOT_SERVICES_WARN” and the later patches add all the bits and pieces together and the 10th patch (“linux-yocto-efi-test: Introduce EFI_WARN_ON_ILLEGAL_ACCESSES”) enables the (new) feature.

Full patch:
https://lists.01.org/mailman/listinfo/luv
.

LUV gets telemetrics

Megha Dey of Intel just submitted a 4-part patch to LUV, adding telemetrics. Below is slightly-edited comments from patch, some build instructions omitted. For full text see email, URL at end.

[Luv] [PATCH V1 0/4] Introduce telemetrics feature in LUV

This patchset consists of all the patches needed to enable the telemetrics feature in LUV. LUV brings together multiple separate upstream test suites into a cohesive and easy-to-use product and validates UEFI firmware at critical levels of the software stack. It may be possible that one of the test suites crashes while running. It may be even possible that a kernel panic is observed. Under these scenarios, it would be useful for LUV to call home and submit forensic data to analyze and address the problem. The telemetrics feature will do just this.  Of course, this will be an opt-in feature(command line argument telemetrics.opt-in) and users will get clear indication that data is being collected. We have used the telemetrics-client code developed by the clear-linux team and tried to incorporate it in LUV. It has support for crashprobe (invoked whenever a core dump is created), oopsprobe(invoked when there is a kernel oops observed) and pstore-probe(invoked when there is a kernel panic and system reboots). In any of these scenarios, telemetrics records will be sent to the server, currently residing at(one used by clear linux):
 http://rnesius-tmdev.jf.intel.com/telemetryui/
The build ID 122122 can be used to filter the LUV telemetrics records which can be further analysed. In due course, we will have to implement a server of our own to handle this. For telemetrics to work in LUV, the following changes were needed:

1. Migrate to SystemD: LUV currently uses the SystemV init manager but since telemetrics-client repo and the latest yocto have updated on to SystemD, LUV also needs to migrate to SystemD. Since Systemd will not work with the existing psplash graphical manager, we have disabled the splash screen

2.    Migrate to Plymouth: LUV currently uses the psplash graphical manager, but since SystemD is compatible with only Plymouth graphical manager, we have migrated to Plymouth. PLEASE NOTE: Before migrating to plymouth, we have to merge the morty branch of the meta-oe layer provided by open embedded into the LUV repo and add the meta-oe layer to the build/conf/bblayers.conf file. Here are the steps to do this: <omitted> The loglevel has been set to 0 else there are lots of kernel messages overwriting the plymouth screen. Hence, details about the individual tests in the testsuites will not appear when the splash screen is set to false when using plymouth. If the user wants the test details to be shown, they would have to remove the ‘quiet’ and ‘loglevel=0’ kernel command line parameters.

3. Enable networking: After shifting to systemD, the LUV image is not being assigned an IP on boot. This is because it is still using a systemV startup script to do the same. Since systemD names its interfaces differently, we could not see any interfaces with a valid IP. This patch adds the networkd package, introduces a network config file which starts dhcp by default for all interfaces whose names start with en(pci devices which get renamed by udev) or eth(backward compatible) and a service file (networking.service) which will bring up the network and make sure an IP is assigned during boot. It refers:
    https://wiki.archlinux.org/index.php/systemd-networkd

4. Enable telemetrics in LUV: A yocto recipe which fetches the clear-linux telemetrics-client repo, builds it and installs all the necessary service files, daemons and probes has been added. Also, Add a kernel line parameter which lets the user opt-in to the telemetrics feature (telemetrics.opt-in). By default, this feature is disabled. Currently, the telemetrics records can be found here: http://rnesius-tmdev.jf.intel.com/telemetryui/

Full announcement and patch:
https://lists.01.org/mailman/listinfo/luv

LUV 2.0 released!

The Intel LUV team, at least including: Gayatri Kammela (12), Megha Dey (12), Naresh Bhat (1), and Ricardo Neri (46) have released 2.0 of LUV, the Linux UEFI Validation Project.

These are the highlights of the release:

*Different types of image available (i386 and x86_x64)
*Logging and debugging via network (or serial)
*Tests for persistent memory (NVDIMM)
*Support for i386
*Booting LUV via network (PXE, HTTP boot later)
*Miscellaneous updates (BITS perf improvements, Linux 4.4 kernel, …)
*Dropped support for fido (focus is on Jethro)
*Known issues and limitations (Debugging works only over Ethernet, not WiFi, …)

Read the full announcement, there are pages of details not included here.

One new feature is i386 support. LUV 1.x was x64-centric, now we hopefully also use LUV 2.0 for testing x86 systems! But signed shim is still only available for 64-bit, so Secure Boot is not enabled for 32-bit support [yet?]. Quoting the release notes:  “At the last minute we faced a kernel issue when booting on a i386-based system. We are debugging. Once this is cleared, a bootable image will be uploaded (issue #76 on [3])”

Full announcement:
https://lists.01.org/pipermail/luv/2016-April/001035.html
https://download.01.org/linux-uefi-validation/v2.0
https://download.01.org/linux-uefi-validation/v2.0/sha256_sums.asc
[1]. https://github.com/01org/luv-yocto/tree/master/meta-luv
[2]. https://github.com/pmem/ndctl
[3]. https://github.com/01org/luv-yocto

NTCTL (NFIT Defined Control) tests added to LUV

Megha Dey of Intel just checked in a 5-part patch to the LUV project, adding a new NDCTL (NFIT Defined Control) test suite to LUV.

This patchset adds the NDCTL(NFIT Defined Control) test suite to LUV. Apart from the recipe, it updates the Linux kernel headers, adds the related binaries and a parser to the final LUV image.It addresses issue 58. We also compile and install the required kernel modules for running the  NDCTL test suite and add the configurations needed by the NDCTL testsuite as config fragments to the default config values from v4.4 kernel. A Non-Volatile DIMM (NVDIMM), is a module that can be integrated into the main memory of a compute platform, perform workloads at DRAM speeds, yet be persistent & provide data retention in the event of a power failure or system crash. The LIBNVDIMM subsystem provides block device drivers for three types of NVDIMMs namely nd_pmem (NFIT enabled version of existing ‘pmem’ driver), nd_blk (mmio aperture method for accessing persistent storage) and nd_btt(give persistent memory disk semantics)that can simultaneously support both PMEM and BLK mode access. The NVDIMM Firmware Interface Table (NFIT) numerates persistent memory ranges, memory-mapped-I/O apertures, physical memory devices (DIMMs), and their associated properties. Prior to the arrival of the NFIT, non-volatile memory was described to a system only using a single system-physical-address range where writes are expected to be durable after a system power loss. Now, the NFIT specification standardizes not only the description of PMEM, but also BLK and platform message-passing entry points for control and configuration. The NDCTL test suite has 5 tests in total divided into 2 sets of tests: One uses the manufactured NFIT (NVDIMM Firmware Interface Table) to build the nfit_test module as an external module and arrange for the external module replacements of nfit, libnvdimm, nd_pmem, and nd_blk and the other which has the actual *destructive* tests that create namespaces and perform I/O tests on them.

  luv: NDCTL:  Update the linux kernel headers
  core-image-efi-initramfs: Add NDCTL binaries
  luv-test-manager: Add stderr output to LUV parser
  luv : NDCTL: Add NDCTL test suite
  linux-efi-yocto-test: build NDCTL test suite

More info:
https://github.com/01org/luv-yocto/issues/58
https://www.kernel.org/doc/Documentation/nvdimm/nvdimm.txt
http://www.uefi.org/sites/default/files/resources/ACPI_6.0.pdf
https://github.com/pmem/ndctl
http://permalink.gmane.org/gmane.linux.kernel.commits.head/535671
https://lists.01.org/mailman/listinfo/luv
https://lwn.net/Articles/640891/

LUV/BITS/CHIPSEC ported from x64 to x86!!

Get ready to test your Intel x86 systems!

Megha Dey of Intel submitted an 8-part patch to LUV that enables it to build on x86.

LUV has been useful for 64-bit x64 systems, and now is getting useful for 32-bit x86 systems!

Including 32-bit versions of BITS and CHIPSEC!

Is this the first time that pre-compiled binaries of CHIPSEC for x86 systems have been available? Not sure. Anyway, if you build from source you can start now, otherwise, look for the LUV-live binary download site to start having 32- and 64-bit versions, hopefully

Excerpt from part 0 of the patch:

[PATCH 0/8] Build and run LUV on 32 bit platforms

Currently LUV can be built only for 64 bit target platforms. This patchset contains patches which make sure that LUV can be compiled and run on both 32 as well as 64 bit target platforms. This required reworking of the PE header checks, adding call wrappers used by the shim bootloader to store and restore context, making sure chainloader.c compiled for 32 bit systems, adding support to ensure correct direct directory structure for 32 bit case and removing bugs in chipsec so that it could build without any erros on 32 bit systems. Also, the bits recipe is updated to build the grub EFI image only for target builds.This patchset addresses the following issue:
https://github.com/01org/luv-yocto/issues/57

grub: chainloader: shim: rework PE header checks
grub: shim: Add call wrappers for 32 bit systems
grub: shim: compile chainloader.c for 32bit system
luv : Correct directory structure for 32 bit case
luv: Add the ARCH parameter to chipsec Makefile
luv: chipsec : compile for 32 bit systems
bits: only build grub EFI image for target builds
bits: grub: specify location of images and modules for mkimage

More information:

https://lists.01.org/mailman/listinfo/luv

Intel 01.org mailing lists

It is sometimes funny to watch a company do open source. Intel’s 01.org, for Open Source projects, has a mailing list server with multiple lists:
https://lists.01.org/

There are lists for LUV and CHIPSEC. These work fine!
https://lists.01.org/mailman/listinfo/chipsec
https://lists.01.org/mailman/listinfo/luv

There is a list for Thunderbolt Software. …but it is a closed list, with no public archives. 😦
https://lists.01.org/mailman/listinfo/thunderbolt-software

The text that it is a closed list:
“This is a hidden list, which means that the list of members is available only to the list administrator.”

There’s a list for Intel Kernel Guard Technology (KGT). It also is a closed list, with the same text as the Thunderbolt list. BUT, their archives are publicly-available.
https://lists.01.org/mailman/listinfo/intel-kgt
https://lists.01.org/pipermail/intel-kgt/

There’s a list for BIOS Implementation Test Suite (BITS)!
But there are no archives, perhaps a closed list, or just broken archives?
https://lists.01.org/mailman/listinfo/bits

I rather wish Intel used intel.com or 01.com for closed lists, and kept the Open Source-centric 01.0rg’s list all public, with working archives. 😦

LUV-live 2.0-RC4 released

Ricardo Neri of Intel announced Linux UEFI Validation (LUV) v2.0-rc4 release, with lots of changes, new versions of CHIPSEC, BITS, FWTS, and multiple UEFI improvements in LUV. IMO, one of the most important features it that LUV-live’s CHIPSEC should properly log results now! Excerpts from Ricardo’s announcement:

This release touches many areas. Here are some highlights:

Naresh Bhat implemented changes to build from Linus’ tree when building LUV for ARM. While doing this, he got rid of the leg-kernel recipe. Now the kernel is built from linux-yocto-efi-test for all architectures. Also, he took the opportunity to remove some of the LUV-specific changes we had in the meta layer (i.e., our genericarmv8 machine). It always good to restrict ourselves to the meta-luv layer, unless we plan to upstream to the Yocto Project. Now LUV for aarch64 is built using qemuarm64.

It was reported that CHIPSEC was not running correctly in LUV due to missing configuration files and Python modules. This release includes a major rework of CHIPSEC integration into LUV. It ran correctly on all the systems in which we tested. Also, we bumped to v1.2.2; the CHIPSEC latest release.

This release includes new functionality to build BITS from its source rather than just deploying its binaries. BITS is a challenging piece of software when it comes to integration into a bitbake recipe. The build process was broken into several steps. This work help for future work to customize BITS for other CPU architectures and netboot.

The UEFI specification v2.5 includes a Properties Table for the memory map. Under this feature, it is possible to split into separate memory sections the code and data regions of the PE/COFF image. Unfortunately, kernels previous to v4.3 crash if this features is enabled. We have backported a fix pushed to Linux v4.3. We will be bumping the kernel for x86 to 4.3 in our next release.

The EFI stub feature in the kernel allows to run the kernel as an EFI application. Also, it allows the kernel to parse the memory map directly from the firmware rather than taking the map from the bootloader. This is clearly advantageous in case of bugs in the bootloader.

Now that LUV support storing the results of multiple bots, it may happen that disk runs out of space. Gayatri Kammela made updates to increase the size of the results partition and issue a warning when available space runs below 2MB.

Finally, keeping up with the latest changes in the Yocto Project has paid off handsomely. This release is based on Jethro, the latest version of the Yocto Project. Rebasing to this new version as done with very little effort. In the LUV tree you can find the jethro and jethro-next branches; the bases of this release. The fido and fido-next branches are still maintained.

We have bumped the following test suite versions:

 *FTWS is now V15.12.00
 *CHIPSEC is now v1.2.2
 *BITS is 2005

Time to update your LUV-live images! It is a Release Candidate, so please help the LUV team by testing it out and pointing out any issues on the LUV mailing list. This version of CHIPSEC includes VMM tests, so time to test LUV-luv in your virtual machines, not just on bare-metal boxes.

Many people contributed to this release, including: Ricardo Neri, Naresh Bhat, Darren Bilby, Megha Dey, Gayatri Kammela, John Loucaides, Sai Praneeth Prakhya, and Thiebaud Weksteen. It was nice to see the LUV and CHIPSEC teams work together in this release!

More information:
https://lists.01.org/pipermail/luv/2015-December/000745.html
https://download.01.org/linux-uefi-validation/v2.0/luv-live-v2.0-rc4.tar.bz2
https://download.01.org/linux-uefi-validation/v2.0/sha256_sums.asc

https://01.org/linux-uefi-validation/

Netconsole added to LUV

Gayatri Kammela of Intel posted a new feature patch to LUV: the netconsole. From the patch’s comments:

This is about adding a Linux feature called Netconsole in Linux* UEFI Validation. In LUV netconsole feature is enabled only for the test suites that run once  the Linux takes control over and BITS test suite will be excluded from  having this kind of support.

Why this feature: Netconsole in LUV help us debug the kernel panics or system hangs by  sending not only kernel messages but also information regarding the running tests simultaneously on to the remote machine via ethernet. Now the remote machine can  be on same subnet or different subnet with respective to the local machine  ( machine you are trying to boot LUV). To enable netconsole feature in LUV, changes are made in various files to include kernel modules like netconsole  and different network utilites that can send messages  via ethernet.Besides these changes are made to luv-test-manger to make all the  running tests information sent to dmesg to make the debugging more easy.

How this feature works: Liberty is given to user to choose the ip address and port number where he/she wants all messages to sent to. once decided , user can replace the dummy ip address given  in grub.cfg as @,64001@10.11.12.13/ with the destined address and port number.  The same information is mentioned in README file , so that user can get  to know the usage of netconsole.

Requirements for this feature: Not many changes are required for this feature , except enabling some of the kernel config options. Luv kernel has config optons enabled that are  obsolutely necessary for the image and to keep the kernel size as low as possible. Since netconsole require lot of options enabled related to TCP/IP , IPV4 , IPV6 and  filesystem related options. These information can be overwhelming and just for the sake of clarity some of the important options that needs to enabled are given below […]

See checkin post for full comment and sources:
https://lists.01.org/mailman/listinfo/luv

LUV updated to include CHIPSEC 1.2.2

Ricardo Neri of Intel has updated LUV to include the latest CHIPSEC, version 1.2.2!  Excerpt from checkin patch message:

A new version of CHIPSEC has been released. Bump LUV to use such version.

Updating CHIPSEC requires to also update the patches that we apply on top of it. Changes to these patches are not functional; only rebased to 1.2.2.

Finally, take this opportunity to add a PV variable to the recipe.

Full message:
https://lists.01.org/pipermail/luv/2015-November/000687.html

CHIPSEC 1.2.2 released!

After nearly a quarter without an update, CHIPSEC 1.2.2 has been released!!

This release includes multiple new VMM tests — including new fuzzers — hinted at DEF CON and elsewhere, a VENOM test, some S3 tests, support for more Intel CPUs,  as well as a bunch of new/updated features:

NEW modules:
 * tools.vmm.cpuid_fuzz to test CPUID instruction emulation by VMMs
 * tools.vmm.iofuzz to test port I/O emulation by VMMs
 * tools.vmm.msr_fuzz to test CPU Model Specific Registers (MSR) emulation by VMMs
 * tools.vmm.pcie_fuzz to test PCIe device memory-mapped I/O (MMIO) and I/O ranges emulation by VMMs
 * tools.vmm.pcie_overlap_fuzz to test handling of overlapping PCIe device MMIO ranges by VMMs
 * tools.vmm.venom to test for VENOM vulnerability

Updated modules:
 * tools.smm.smm_ptr to perform exhaustive fuzzing of SMI handler for insufficient input validation pointer vulnerabilities
 * smm_dma to remove TSEGMB 8MB alignment check and to use XML “controls”. Please recheck failures in smm_dma.py with the new version.
 * common.bios_smi, common.spi_lock, and common.bios_wp to use XML “controls”
 * common.uefi.s3bootscript which automatically tests protections of UEFI S3 Resume Boot Script table
 * tools.uefi.s3script_modify which allows further manual testing of protections of UEFI S3 Resume Boot Script table

NEW functionality:
 * hal.cpu component to access x86 CPU functionality. Removed hal.cr which merged to hal.cpu
 * hipsec_util cpu utility, removed chipsec_util cr
 * S3 boot script opcodes encoding functionality in hal.uefi_platform
 * hal.iommu, cfg/iommu.xml and chipsec_util iommu to access IOMMU/VT-d hardware
 * chipsec_util io list to list predefined I/O BARs
 * support for Broadwell, Skylake, IvyTown, Jaketown and Haswell Server CPU families
 * ability to define I/O BARs in XML configuration using register attriute similarly to MMIO BARs
 * UEFI firmware volume assembling functionality in hal.uefi
 * Implemented alloc_phys_mem in EFI helper

See the full readme on the github page, which also includes short lists of bugfixes and known-issues:

https://github.com/chipsec/chipsec

If you haven’t been following current security research by Intel’s ATR team, who produces CHIPSEC, watch this video to see why you need to run this new version of CHIPSEC on any machine — after reading CHIPSEC’s warning.txt first — that runs a VMM:

[Hopefully we’ll see Intel LUV team add this release to their project, including LUV-live, soon. There has been a recent patch to LUV that may fix CHIPSEC’s usage in LUV-live, a second important reason to update your LUV-live images.]

LinuxCon Europe UEFI Mini-Summit presentations available

Earlier this month, the UEFI Forum recently had a “Mini-Summit” at LinuxCon Europe. The presentations are now available online (so far just the slides, unclear if A/V will show up on Youtube later):

UEFI Mini-Summit at LinuxCon Europe: October 7, 2015

* UEFI Forum Update and Open Source Community Benefits – Mark Doran (Intel)
* What Linux Developers Need to Know About Recent UEFI Spec Advances – Jeff Bobzin (Insyde Software)
* LUV Shack: An Automated Linux Kernel and UEFI Firmware Testing Infrastructure – Matt Fleming (Intel)
* Goodbye PXE, Hello HTTP Boot – Dong Wei (HP)
* UEFI Development in an Open Source Ecosystem – Michael Krau (Intel)

More information (about halfway down the page, past the Youtube section):

http://www.uefi.org/learning_center/presentationsandvideos

 

LUV 2.0 RC3 released

Ricardo Neri of Intel announced version 2.0-RC3 of the LUV (Linux UEFI Validation) distribution today. It includes fresh versions of CHIPSEC, FWTS, BITS, as well as changes to LUV. Excerpts of announcement:

This release includes improvements to allow to use the same LUV USB stick several times and save the results of all the executions. This comes handy when, for instance, you want tests several systems or you need to run LUV several times if you are debugging. From now on, the luv-results directory name will be appended with a timestamp; it will look like: luv-results-yyyy-mm-dd–hh-mm-ss. A new directory will be created each time you run LUV. If, for any reason (e.g., your system resets the real time clock each time you reboot) a directory with the same timestamps exists already in the luv-results partition, a number will be appended to the newly created directory.

We have bumped the following test suite versions: FTWS is now V15.09.00, CHIPSEC is now v1.2.1, BITS is now 2005.

On top of FWTS, we have a applied a patch to downgrade the the severity of failure in systems that are prepared for Secure Boot (i.e., have a database of keys and certificates) but do not have the Microsoft UEFI CA certificate. This is especially relevant for users that want to build their own chain of trust. This is a patch that is in process of being merged in to FWTS (https://lists.ubuntu.com/archives/fwts-devel/2015-September/006884.html).

We also have included a change in the LEG (Linaro) kernel to fix a build break due to a problem in the kernel configuration. Work is in progress to use the mainline kernel instead of the LEG kernel tree.

There are patches to improve builds of sbsigntool in native and cross-compilation mode.

More info:
https://lists.01.org/pipermail/luv/2015-September/000610.html

https://download.01.org/linux-uefi-validation/v2.0/luv-live-v2.0-rc3.tar.bz2
https://download.01.org/linux-uefi-validation/v2.0/sha256_sums.asc