diff options
71 files changed, 456 insertions, 123 deletions
diff --git a/.gitmodules b/.gitmodules index 2857eec763..c5c474169d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -55,3 +55,6 @@ [submodule "slirp"] path = slirp url = https://git.qemu.org/git/libslirp.git +[submodule "roms/opensbi"] + path = roms/opensbi + url = https://git.qemu.org/git/opensbi.git diff --git a/LICENSE b/LICENSE index 0e0b4b9553..9389ba614f 100644 --- a/LICENSE +++ b/LICENSE @@ -1,13 +1,18 @@ -The following points clarify the QEMU license: +The QEMU distribution includes both the QEMU emulator and +various firmware files. These are separate programs that are +distributed together for our users' convenience, and they have +separate licenses. -1) QEMU as a whole is released under the GNU General Public License, -version 2. +The following points clarify the license of the QEMU emulator: -2) Parts of QEMU have specific licenses which are compatible with the -GNU General Public License, version 2. Hence each source file contains -its own licensing information. Source files with no licensing information -are released under the GNU General Public License, version 2 or (at your -option) any later version. +1) The QEMU emulator as a whole is released under the GNU General +Public License, version 2. + +2) Parts of the QEMU emulator have specific licenses which are compatible +with the GNU General Public License, version 2. Hence each source file +contains its own licensing information. Source files with no licensing +information are released under the GNU General Public License, version +2 or (at your option) any later version. As of July 2013, contributions under version 2 of the GNU General Public License (and no later version) are only accepted for the following files diff --git a/Makefile b/Makefile index f9791dcb82..386e13a6ea 100644 --- a/Makefile +++ b/Makefile @@ -770,7 +770,10 @@ palcode-clipper \ u-boot.e500 u-boot-sam460-20100605.bin \ qemu_vga.ndrv \ edk2-licenses.txt \ -hppa-firmware.img +hppa-firmware.img \ +opensbi-riscv32-virt-fw_jump.bin \ +opensbi-riscv64-sifive_u-fw_jump.bin opensbi-riscv64-virt-fw_jump.bin + DESCS=50-edk2-i386-secure.json 50-edk2-x86_64-secure.json \ 60-edk2-aarch64.json 60-edk2-arm.json 60-edk2-i386.json 60-edk2-x86_64.json diff --git a/Makefile.target b/Makefile.target index 85216cace8..933b27453a 100644 --- a/Makefile.target +++ b/Makefile.target @@ -120,6 +120,7 @@ obj-$(CONFIG_TCG) += fpu/softfloat.o obj-y += target/$(TARGET_BASE_ARCH)/ obj-y += disas.o obj-$(call notempty,$(TARGET_XML_FILES)) += gdbstub-xml.o +LIBS := $(libs_cpu) $(LIBS) ######################################################### # Linux user emulator target diff --git a/configure b/configure index eb635c3b9a..99c64be6b7 100755 --- a/configure +++ b/configure @@ -294,6 +294,7 @@ audio_drv_list="" block_drv_rw_whitelist="" block_drv_ro_whitelist="" host_cc="cc" +libs_cpu="" libs_softmmu="" libs_tools="" audio_pt_int="" @@ -5042,12 +5043,12 @@ case "$capstone" in else LIBCAPSTONE=libcapstone.a fi - LIBS="-L\$(BUILD_DIR)/capstone -lcapstone $LIBS" + libs_cpu="-L\$(BUILD_DIR)/capstone -lcapstone $libs_cpu" ;; system) QEMU_CFLAGS="$QEMU_CFLAGS $($pkg_config --cflags capstone)" - LIBS="$($pkg_config --libs capstone) $LIBS" + libs_cpu="$($pkg_config --libs capstone) $libs_cpu" ;; no) @@ -6537,6 +6538,7 @@ echo "qemu_helperdir=$libexecdir" >> $config_host_mak echo "qemu_localedir=$qemu_localedir" >> $config_host_mak echo "qemu_icondir=$qemu_icondir" >> $config_host_mak echo "qemu_desktopdir=$qemu_desktopdir" >> $config_host_mak +echo "libs_cpu=$libs_cpu" >> $config_host_mak echo "libs_softmmu=$libs_softmmu" >> $config_host_mak echo "GIT=$git" >> $config_host_mak echo "GIT_SUBMODULES=$git_submodules" >> $config_host_mak diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 5a69b3ce74..409ab50f20 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/block-luks.h b/crypto/block-luks.h index befd8b2c56..7f094e7e96 100644 --- a/crypto/block-luks.h +++ b/crypto/block-luks.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/block-qcow.c b/crypto/block-qcow.c index cefb3b2a7b..4d7cf36a8f 100644 --- a/crypto/block-qcow.c +++ b/crypto/block-qcow.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/block-qcow.h b/crypto/block-qcow.h index 6988fb210b..340dcfe464 100644 --- a/crypto/block-qcow.h +++ b/crypto/block-qcow.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/block.c b/crypto/block.c index d70d401f87..ee96759f7d 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 5438e822fd..71c59cb542 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/cipher-builtin.c b/crypto/cipher-builtin.c index d8c811fd33..bf8413e71a 100644 --- a/crypto/cipher-builtin.c +++ b/crypto/cipher-builtin.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/cipher-gcrypt.c b/crypto/cipher-gcrypt.c index 10d75da75d..5cece9b244 100644 --- a/crypto/cipher-gcrypt.c +++ b/crypto/cipher-gcrypt.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/cipher-nettle.c b/crypto/cipher-nettle.c index 3848cb3b3a..d7411bb8ff 100644 --- a/crypto/cipher-nettle.c +++ b/crypto/cipher-nettle.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -42,29 +42,89 @@ typedef void * cipher_ctx_t; typedef unsigned cipher_length_t; #define cast5_set_key cast128_set_key + +#define aes128_ctx aes_ctx +#define aes192_ctx aes_ctx +#define aes256_ctx aes_ctx +#define aes128_set_encrypt_key(c, k) \ + aes_set_encrypt_key(c, 16, k) +#define aes192_set_encrypt_key(c, k) \ + aes_set_encrypt_key(c, 24, k) +#define aes256_set_encrypt_key(c, k) \ + aes_set_encrypt_key(c, 32, k) +#define aes128_set_decrypt_key(c, k) \ + aes_set_decrypt_key(c, 16, k) +#define aes192_set_decrypt_key(c, k) \ + aes_set_decrypt_key(c, 24, k) +#define aes256_set_decrypt_key(c, k) \ + aes_set_decrypt_key(c, 32, k) +#define aes128_encrypt aes_encrypt +#define aes192_encrypt aes_encrypt +#define aes256_encrypt aes_encrypt +#define aes128_decrypt aes_decrypt +#define aes192_decrypt aes_decrypt +#define aes256_decrypt aes_decrypt #else typedef nettle_cipher_func * QCryptoCipherNettleFuncNative; typedef const void * cipher_ctx_t; typedef size_t cipher_length_t; #endif -typedef struct QCryptoNettleAES { - struct aes_ctx enc; - struct aes_ctx dec; -} QCryptoNettleAES; +typedef struct QCryptoNettleAES128 { + struct aes128_ctx enc; + struct aes128_ctx dec; +} QCryptoNettleAES128; + +typedef struct QCryptoNettleAES192 { + struct aes192_ctx enc; + struct aes192_ctx dec; +} QCryptoNettleAES192; + +typedef struct QCryptoNettleAES256 { + struct aes256_ctx enc; + struct aes256_ctx dec; +} QCryptoNettleAES256; + +static void aes128_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES128 *aesctx = ctx; + aes128_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes128_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES128 *aesctx = ctx; + aes128_decrypt(&aesctx->dec, length, dst, src); +} + +static void aes192_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES192 *aesctx = ctx; + aes192_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes192_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES192 *aesctx = ctx; + aes192_decrypt(&aesctx->dec, length, dst, src); +} -static void aes_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, +static void aes256_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, uint8_t *dst, const uint8_t *src) { - const QCryptoNettleAES *aesctx = ctx; - aes_encrypt(&aesctx->enc, length, dst, src); + const QCryptoNettleAES256 *aesctx = ctx; + aes256_encrypt(&aesctx->enc, length, dst, src); } -static void aes_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, +static void aes256_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, uint8_t *dst, const uint8_t *src) { - const QCryptoNettleAES *aesctx = ctx; - aes_decrypt(&aesctx->dec, length, dst, src); + const QCryptoNettleAES256 *aesctx = ctx; + aes256_decrypt(&aesctx->dec, length, dst, src); } static void des_encrypt_native(cipher_ctx_t ctx, cipher_length_t length, @@ -127,18 +187,46 @@ static void twofish_decrypt_native(cipher_ctx_t ctx, cipher_length_t length, twofish_decrypt(ctx, length, dst, src); } -static void aes_encrypt_wrapper(const void *ctx, size_t length, +static void aes128_encrypt_wrapper(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES128 *aesctx = ctx; + aes128_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes128_decrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { - const QCryptoNettleAES *aesctx = ctx; - aes_encrypt(&aesctx->enc, length, dst, src); + const QCryptoNettleAES128 *aesctx = ctx; + aes128_decrypt(&aesctx->dec, length, dst, src); } -static void aes_decrypt_wrapper(const void *ctx, size_t length, +static void aes192_encrypt_wrapper(const void *ctx, size_t length, uint8_t *dst, const uint8_t *src) { - const QCryptoNettleAES *aesctx = ctx; - aes_decrypt(&aesctx->dec, length, dst, src); + const QCryptoNettleAES192 *aesctx = ctx; + aes192_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes192_decrypt_wrapper(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES192 *aesctx = ctx; + aes192_decrypt(&aesctx->dec, length, dst, src); +} + +static void aes256_encrypt_wrapper(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES256 *aesctx = ctx; + aes256_encrypt(&aesctx->enc, length, dst, src); +} + +static void aes256_decrypt_wrapper(const void *ctx, size_t length, + uint8_t *dst, const uint8_t *src) +{ + const QCryptoNettleAES256 *aesctx = ctx; + aes256_decrypt(&aesctx->dec, length, dst, src); } static void des_encrypt_wrapper(const void *ctx, size_t length, @@ -319,34 +407,94 @@ static QCryptoCipherNettle *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, break; case QCRYPTO_CIPHER_ALG_AES_128: + ctx->ctx = g_new0(QCryptoNettleAES128, 1); + + if (mode == QCRYPTO_CIPHER_MODE_XTS) { + ctx->ctx_tweak = g_new0(QCryptoNettleAES128, 1); + + nkey /= 2; + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc, + key); + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec, + key); + + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)-> + enc, key + nkey); + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx_tweak)-> + dec, key + nkey); + } else { + aes128_set_encrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->enc, + key); + aes128_set_decrypt_key(&((QCryptoNettleAES128 *)ctx->ctx)->dec, + key); + } + + ctx->alg_encrypt_native = aes128_encrypt_native; + ctx->alg_decrypt_native = aes128_decrypt_native; + ctx->alg_encrypt_wrapper = aes128_encrypt_wrapper; + ctx->alg_decrypt_wrapper = aes128_decrypt_wrapper; + + ctx->blocksize = AES_BLOCK_SIZE; + break; + case QCRYPTO_CIPHER_ALG_AES_192: + ctx->ctx = g_new0(QCryptoNettleAES192, 1); + + if (mode == QCRYPTO_CIPHER_MODE_XTS) { + ctx->ctx_tweak = g_new0(QCryptoNettleAES192, 1); + + nkey /= 2; + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc, + key); + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec, + key); + + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)-> + enc, key + nkey); + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx_tweak)-> + dec, key + nkey); + } else { + aes192_set_encrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->enc, + key); + aes192_set_decrypt_key(&((QCryptoNettleAES192 *)ctx->ctx)->dec, + key); + } + + ctx->alg_encrypt_native = aes192_encrypt_native; + ctx->alg_decrypt_native = aes192_decrypt_native; + ctx->alg_encrypt_wrapper = aes192_encrypt_wrapper; + ctx->alg_decrypt_wrapper = aes192_decrypt_wrapper; + + ctx->blocksize = AES_BLOCK_SIZE; + break; + case QCRYPTO_CIPHER_ALG_AES_256: - ctx->ctx = g_new0(QCryptoNettleAES, 1); + ctx->ctx = g_new0(QCryptoNettleAES256, 1); if (mode == QCRYPTO_CIPHER_MODE_XTS) { - ctx->ctx_tweak = g_new0(QCryptoNettleAES, 1); + ctx->ctx_tweak = g_new0(QCryptoNettleAES256, 1); nkey /= 2; - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc, - nkey, key); - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec, - nkey, key); - - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx_tweak)->enc, - nkey, key + nkey); - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx_tweak)->dec, - nkey, key + nkey); + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc, + key); + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec, + key); + + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)-> + enc, key + nkey); + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx_tweak)-> + dec, key + nkey); } else { - aes_set_encrypt_key(&((QCryptoNettleAES *)ctx->ctx)->enc, - nkey, key); - aes_set_decrypt_key(&((QCryptoNettleAES *)ctx->ctx)->dec, - nkey, key); + aes256_set_encrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->enc, + key); + aes256_set_decrypt_key(&((QCryptoNettleAES256 *)ctx->ctx)->dec, + key); } - ctx->alg_encrypt_native = aes_encrypt_native; - ctx->alg_decrypt_native = aes_decrypt_native; - ctx->alg_encrypt_wrapper = aes_encrypt_wrapper; - ctx->alg_decrypt_wrapper = aes_decrypt_wrapper; + ctx->alg_encrypt_native = aes256_encrypt_native; + ctx->alg_decrypt_native = aes256_decrypt_native; + ctx->alg_encrypt_wrapper = aes256_encrypt_wrapper; + ctx->alg_decrypt_wrapper = aes256_decrypt_wrapper; ctx->blocksize = AES_BLOCK_SIZE; break; diff --git a/crypto/cipher.c b/crypto/cipher.c index b3af57961b..e5adb56271 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/hash-gcrypt.c b/crypto/hash-gcrypt.c index 972beaa0f9..829e48258d 100644 --- a/crypto/hash-gcrypt.c +++ b/crypto/hash-gcrypt.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/hash-glib.c b/crypto/hash-glib.c index a0096c7c47..82de9db705 100644 --- a/crypto/hash-glib.c +++ b/crypto/hash-glib.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/hash-nettle.c b/crypto/hash-nettle.c index 96f186f442..2a6ee7c7d5 100644 --- a/crypto/hash-nettle.c +++ b/crypto/hash-nettle.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of @@ -26,12 +26,18 @@ #include <nettle/sha.h> #include <nettle/ripemd160.h> +#if CONFIG_NETTLE_VERSION_MAJOR < 3 +typedef unsigned int hash_length_t; +#else +typedef size_t hash_length_t; +#endif + typedef void (*qcrypto_nettle_init)(void *ctx); typedef void (*qcrypto_nettle_write)(void *ctx, - unsigned int len, + hash_length_t len, const uint8_t *buf); typedef void (*qcrypto_nettle_result)(void *ctx, - unsigned int len, + hash_length_t len, uint8_t *buf); union qcrypto_hash_ctx { @@ -112,7 +118,7 @@ qcrypto_nettle_hash_bytesv(QCryptoHashAlgorithm alg, size_t *resultlen, Error **errp) { - int i; + size_t i; union qcrypto_hash_ctx ctx; if (!qcrypto_hash_supports(alg)) { diff --git a/crypto/hash.c b/crypto/hash.c index b97323cf90..b0f8228bdc 100644 --- a/crypto/hash.c +++ b/crypto/hash.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/hmac-nettle.c b/crypto/hmac-nettle.c index ec2d61bdde..1152b741fd 100644 --- a/crypto/hmac-nettle.c +++ b/crypto/hmac-nettle.c @@ -18,14 +18,23 @@ #include "hmacpriv.h" #include <nettle/hmac.h> +#if CONFIG_NETTLE_VERSION_MAJOR < 3 +typedef unsigned int hmac_length_t; +#else +typedef size_t hmac_length_t; +#endif + typedef void (*qcrypto_nettle_hmac_setkey)(void *ctx, - size_t key_length, const uint8_t *key); + hmac_length_t key_length, + const uint8_t *key); typedef void (*qcrypto_nettle_hmac_update)(void *ctx, - size_t length, const uint8_t *data); + hmac_length_t length, + const uint8_t *data); typedef void (*qcrypto_nettle_hmac_digest)(void *ctx, - size_t length, uint8_t *digest); + hmac_length_t length, + uint8_t *digest); typedef struct QCryptoHmacNettle QCryptoHmacNettle; struct QCryptoHmacNettle { @@ -135,7 +144,7 @@ qcrypto_nettle_hmac_bytesv(QCryptoHmac *hmac, Error **errp) { QCryptoHmacNettle *ctx; - int i; + size_t i; ctx = (QCryptoHmacNettle *)hmac->opaque; diff --git a/crypto/init.c b/crypto/init.c index c30156405a..b305381ec5 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgen-essiv.c b/crypto/ivgen-essiv.c index 43e258c6f7..3d5a188795 100644 --- a/crypto/ivgen-essiv.c +++ b/crypto/ivgen-essiv.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgen-essiv.h b/crypto/ivgen-essiv.h index 6c35c0b5ab..d6edecf181 100644 --- a/crypto/ivgen-essiv.h +++ b/crypto/ivgen-essiv.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgen-plain.c b/crypto/ivgen-plain.c index 06f4145fe5..81af198c49 100644 --- a/crypto/ivgen-plain.c +++ b/crypto/ivgen-plain.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgen-plain.h b/crypto/ivgen-plain.h index 395501f693..43db898809 100644 --- a/crypto/ivgen-plain.h +++ b/crypto/ivgen-plain.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgen-plain64.c b/crypto/ivgen-plain64.c index fbb7724b20..b377036c19 100644 --- a/crypto/ivgen-plain64.c +++ b/crypto/ivgen-plain64.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgen-plain64.h b/crypto/ivgen-plain64.h index 0a20fd1fd8..f14100947d 100644 --- a/crypto/ivgen-plain64.h +++ b/crypto/ivgen-plain64.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgen.c b/crypto/ivgen.c index 6a2b3ad01e..12822f8519 100644 --- a/crypto/ivgen.c +++ b/crypto/ivgen.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/ivgenpriv.h b/crypto/ivgenpriv.h index 28e5c67383..cecdbedfde 100644 --- a/crypto/ivgenpriv.h +++ b/crypto/ivgenpriv.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/pbkdf-gcrypt.c b/crypto/pbkdf-gcrypt.c index 54ca0d9c75..a8d8e64f4d 100644 --- a/crypto/pbkdf-gcrypt.c +++ b/crypto/pbkdf-gcrypt.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/pbkdf-nettle.c b/crypto/pbkdf-nettle.c index 212b3e816b..d6293c25a1 100644 --- a/crypto/pbkdf-nettle.c +++ b/crypto/pbkdf-nettle.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/pbkdf-stub.c b/crypto/pbkdf-stub.c index a15044da42..9c4622e424 100644 --- a/crypto/pbkdf-stub.c +++ b/crypto/pbkdf-stub.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/pbkdf.c b/crypto/pbkdf.c index f22e71d183..b7c7c4a59b 100644 --- a/crypto/pbkdf.c +++ b/crypto/pbkdf.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/random-gcrypt.c b/crypto/random-gcrypt.c index 7aea4ac81f..8306f16b64 100644 --- a/crypto/random-gcrypt.c +++ b/crypto/random-gcrypt.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/random-gnutls.c b/crypto/random-gnutls.c index ed6c9ca12f..96af91aee4 100644 --- a/crypto/random-gnutls.c +++ b/crypto/random-gnutls.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/random-platform.c b/crypto/random-platform.c index 66624106fe..f92f96987d 100644 --- a/crypto/random-platform.c +++ b/crypto/random-platform.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/secret.c b/crypto/secret.c index 30294b3229..a75d50ae0c 100644 --- a/crypto/secret.c +++ b/crypto/secret.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/tlscreds.c b/crypto/tlscreds.c index 50ecb704ee..4e657b850c 100644 --- a/crypto/tlscreds.c +++ b/crypto/tlscreds.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/tlscredsanon.c b/crypto/tlscredsanon.c index 3024b17cfd..d2adc7c131 100644 --- a/crypto/tlscredsanon.c +++ b/crypto/tlscredsanon.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/tlscredspriv.h b/crypto/tlscredspriv.h index 13e9b6c0b2..39f1a91c41 100644 --- a/crypto/tlscredspriv.h +++ b/crypto/tlscredspriv.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/tlscredspsk.c b/crypto/tlscredspsk.c index 9c53c6c7b1..4b6cf636ce 100644 --- a/crypto/tlscredspsk.c +++ b/crypto/tlscredspsk.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 5247dd3b18..56dcef3673 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/tlssession.c b/crypto/tlssession.c index c3a920dfe8..33203e8ca7 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/crypto/xts.c b/crypto/xts.c index 4277ad40de..d4a49fdb70 100644 --- a/crypto/xts.c +++ b/crypto/xts.c @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/docs/security.texi b/docs/security.texi index 927764f1e6..0d6b30edfc 100644 --- a/docs/security.texi +++ b/docs/security.texi @@ -129,3 +129,39 @@ those resources that were granted to it. system calls that are not needed by QEMU, thereby reducing the host kernel attack surface. @end itemize + +@section Sensitive configurations + +There are aspects of QEMU that can have security implications which users & +management applications must be aware of. + +@subsection Monitor console (QMP and HMP) + +The monitor console (whether used with QMP or HMP) provides an interface +to dynamically control many aspects of QEMU's runtime operation. Many of the +commands exposed will instruct QEMU to access content on the host file system +and/or trigger spawning of external processes. + +For example, the @code{migrate} command allows for the spawning of arbitrary +processes for the purpose of tunnelling the migration data stream. The +@code{blockdev-add} command instructs QEMU to open arbitrary files, exposing +their content to the guest as a virtual disk. + +Unless QEMU is otherwise confined using technologies such as SELinux, AppArmor, +or Linux namespaces, the monitor console should be considered to have privileges +equivalent to those of the user account QEMU is running under. + +It is further important to consider the security of the character device backend +over which the monitor console is exposed. It needs to have protection against +malicious third parties which might try to make unauthorized connections, or +perform man-in-the-middle attacks. Many of the character device backends do not +satisfy this requirement and so must not be used for the monitor console. + +The general recommendation is that the monitor console should be exposed over +a UNIX domain socket backend to the local host only. Use of the TCP based +character device backend is inappropriate unless configured to use both TLS +encryption and authorization control policy on client connections. + +In summary, the monitor console is considered a privileged control interface to +QEMU and as such should only be made accessible to a trusted management +application or user. diff --git a/hw/riscv/boot.c b/hw/riscv/boot.c index ff023f42d0..5dee63011b 100644 --- a/hw/riscv/boot.c +++ b/hw/riscv/boot.c @@ -18,6 +18,7 @@ */ #include "qemu/osdep.h" +#include "qemu-common.h" #include "qemu/units.h" #include "qemu/error-report.h" #include "exec/cpu-defs.h" @@ -32,6 +33,59 @@ # define KERNEL_BOOT_ADDRESS 0x80200000 #endif +void riscv_find_and_load_firmware(MachineState *machine, + const char *default_machine_firmware, + hwaddr firmware_load_addr) +{ + char *firmware_filename; + + if (!machine->firmware) { + /* + * The user didn't specify -bios. + * At the moment we default to loading nothing when this hapens. + * In the future this defaul will change to loading the prebuilt + * OpenSBI firmware. Let's warn the user and then continue. + */ + warn_report("No -bios option specified. Not loading a firmware."); + warn_report("This default will change in QEMU 4.3. Please use the " \ + "-bios option to aviod breakages when this happens."); + warn_report("See QEMU's deprecation documentation for details"); + return; + } + + if (!strcmp(machine->firmware, "default")) { + /* + * The user has specified "-bios default". That means we are going to + * load the OpenSBI binary included in the QEMU source. + * + * We can't load the binary by default as it will break existing users + * as users are already loading their own firmware. + * + * Let's try to get everyone to specify the -bios option at all times, + * so then in the future we can make "-bios default" the default option + * if no -bios option is set without breaking anything. + */ + firmware_filename = qemu_find_file(QEMU_FILE_TYPE_BIOS, + default_machine_firmware); + if (firmware_filename == NULL) { + error_report("Unable to load the default RISC-V firmware \"%s\"", + default_machine_firmware); + exit(1); + } + } else { + firmware_filename = machine->firmware; + } + + if (strcmp(firmware_filename, "none")) { + /* If not "none" load the firmware */ + riscv_load_firmware(firmware_filename, firmware_load_addr); + } + + if (!strcmp(machine->firmware, "default")) { + g_free(firmware_filename); + } +} + target_ulong riscv_load_firmware(const char *firmware_filename, hwaddr firmware_load_addr) { diff --git a/hw/riscv/sifive_u.c b/hw/riscv/sifive_u.c index ca53a9290d..71b8083c05 100644 --- a/hw/riscv/sifive_u.c +++ b/hw/riscv/sifive_u.c @@ -49,6 +49,8 @@ #include <libfdt.h> +#define BIOS_FILENAME "opensbi-riscv64-sifive_u-fw_jump.bin" + static const struct MemmapEntry { hwaddr base; hwaddr size; @@ -269,9 +271,8 @@ static void riscv_sifive_u_init(MachineState *machine) /* create device tree */ create_fdt(s, memmap, machine->ram_size, machine->kernel_cmdline); - if (machine->firmware) { - riscv_load_firmware(machine->firmware, memmap[SIFIVE_U_DRAM].base); - } + riscv_find_and_load_firmware(machine, BIOS_FILENAME, + memmap[SIFIVE_U_DRAM].base); if (machine->kernel_filename) { riscv_load_kernel(machine->kernel_filename); diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c index ecdc77d728..25faf3b417 100644 --- a/hw/riscv/virt.c +++ b/hw/riscv/virt.c @@ -44,6 +44,12 @@ #include <libfdt.h> +#if defined(TARGET_RISCV32) +# define BIOS_FILENAME "opensbi-riscv32-virt-fw_jump.bin" +#else +# define BIOS_FILENAME "opensbi-riscv64-virt-fw_jump.bin" +#endif + static const struct MemmapEntry { hwaddr base; hwaddr size; @@ -399,9 +405,8 @@ static void riscv_virt_board_init(MachineState *machine) memory_region_add_subregion(system_memory, memmap[VIRT_MROM].base, mask_rom); - if (machine->firmware) { - riscv_load_firmware(machine->firmware, memmap[VIRT_DRAM].base); - } + riscv_find_and_load_firmware(machine, BIOS_FILENAME, + memmap[VIRT_DRAM].base); if (machine->kernel_filename) { uint64_t kernel_entry = riscv_load_kernel(machine->kernel_filename); diff --git a/hw/s390x/s390-pci-inst.c b/hw/s390x/s390-pci-inst.c index 61f30b8e55..00235148be 100644 --- a/hw/s390x/s390-pci-inst.c +++ b/hw/s390x/s390-pci-inst.c @@ -1209,8 +1209,10 @@ int stpcifc_service_call(S390CPU *cpu, uint8_t r1, uint64_t fiba, uint8_t ar, * FH Enabled bit is set to one in states of ENABLED, BLOCKED or ERROR. */ case ZPCI_FS_ERROR: fib.fc |= 0x20; + /* fallthrough */ case ZPCI_FS_BLOCKED: fib.fc |= 0x40; + /* fallthrough */ case ZPCI_FS_ENABLED: fib.fc |= 0x80; if (pbdev->iommu->enabled) { diff --git a/include/crypto/block.h b/include/crypto/block.h index e729d5bd66..fe12899831 100644 --- a/include/crypto/block.h +++ b/include/crypto/block.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/cipher.h b/include/crypto/cipher.h index bce2d4c8e4..cac90b410c 100644 --- a/include/crypto/cipher.h +++ b/include/crypto/cipher.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/hash.h b/include/crypto/hash.h index 077ac7bea0..54d87aa2a1 100644 --- a/include/crypto/hash.h +++ b/include/crypto/hash.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/init.h b/include/crypto/init.h index f79c02266b..00e0f637ce 100644 --- a/include/crypto/init.h +++ b/include/crypto/init.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/ivgen.h b/include/crypto/ivgen.h index 0350cd2a93..9b4a62f7bb 100644 --- a/include/crypto/ivgen.h +++ b/include/crypto/ivgen.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/pbkdf.h b/include/crypto/pbkdf.h index ef209b3e03..2c31a44a27 100644 --- a/include/crypto/pbkdf.h +++ b/include/crypto/pbkdf.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/random.h b/include/crypto/random.h index c09998894f..325ff075d8 100644 --- a/include/crypto/random.h +++ b/include/crypto/random.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/secret.h b/include/crypto/secret.h index edd0e13236..5e07e29bae 100644 --- a/include/crypto/secret.h +++ b/include/crypto/secret.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/tlscreds.h b/include/crypto/tlscreds.h index 6b011e1dbc..fd7a284aa2 100644 --- a/include/crypto/tlscreds.h +++ b/include/crypto/tlscreds.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/tlscredsanon.h b/include/crypto/tlscredsanon.h index 4d6b7e4d29..9e9a5ce1a8 100644 --- a/include/crypto/tlscredsanon.h +++ b/include/crypto/tlscredsanon.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/tlscredspsk.h b/include/crypto/tlscredspsk.h index 306d36c67d..907035a29b 100644 --- a/include/crypto/tlscredspsk.h +++ b/include/crypto/tlscredspsk.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/tlscredsx509.h b/include/crypto/tlscredsx509.h index 66ad6a7486..e1542e5c8c 100644 --- a/include/crypto/tlscredsx509.h +++ b/include/crypto/tlscredsx509.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/tlssession.h b/include/crypto/tlssession.h index 1c7414e4ff..816300cdcc 100644 --- a/include/crypto/tlssession.h +++ b/include/crypto/tlssession.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/crypto/xts.h b/include/crypto/xts.h index 39ccaed822..f267b7824a 100644 --- a/include/crypto/xts.h +++ b/include/crypto/xts.h @@ -6,7 +6,7 @@ * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either - * version 2 of the License, or (at your option) any later version. + * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of diff --git a/include/hw/riscv/boot.h b/include/hw/riscv/boot.h index daa179b600..d56f2ae3eb 100644 --- a/include/hw/riscv/boot.h +++ b/include/hw/riscv/boot.h @@ -20,6 +20,9 @@ #ifndef RISCV_BOOT_H #define RISCV_BOOT_H +void riscv_find_and_load_firmware(MachineState *machine, + const char *default_machine_firmware, + hwaddr firmware_load_addr); target_ulong riscv_load_firmware(const char *firmware_filename, hwaddr firmware_load_addr); target_ulong riscv_load_kernel(const char *kernel_filename); diff --git a/pc-bios/README b/pc-bios/README index 0a17f3ec6d..68b4a81103 100644 --- a/pc-bios/README +++ b/pc-bios/README @@ -63,3 +63,14 @@ ARM. Licensing information is given in "edk2-licenses.txt". The image files are described by the JSON documents in the "pc-bios/descriptors" directory, which conform to the "docs/interop/firmware.json" schema. + +- OpenSBI (https://github.com/riscv/opensbi) aims to provide an open-source + reference implementation of the RISC-V Supervisor Binary Interface (SBI) + specifications for platform-specific firmwares executing in M-mode. For all + supported platforms, OpenSBI provides several runtime firmware examples. + These example firmwares can be used to replace the legacy riscv-pk bootloader + and enable the use of well-known bootloaders such as U-Boot. + OpenSBI is distributed under the terms of the BSD 2-clause license + ("Simplified BSD License" or "FreeBSD License", SPDX: BSD-2-Clause). OpenSBI + source code also contains code reused from other projects desribed here: + https://github.com/riscv/opensbi/blob/master/ThirdPartyNotices.md. diff --git a/pc-bios/opensbi-riscv32-virt-fw_jump.bin b/pc-bios/opensbi-riscv32-virt-fw_jump.bin new file mode 100755 index 0000000000..f5bcaa5695 --- /dev/null +++ b/pc-bios/opensbi-riscv32-virt-fw_jump.bin Binary files differdiff --git a/pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin b/pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin new file mode 100755 index 0000000000..5d7a1ef681 --- /dev/null +++ b/pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin Binary files differdiff --git a/pc-bios/opensbi-riscv64-virt-fw_jump.bin b/pc-bios/opensbi-riscv64-virt-fw_jump.bin new file mode 100755 index 0000000000..4cec6f0210 --- /dev/null +++ b/pc-bios/opensbi-riscv64-virt-fw_jump.bin Binary files differdiff --git a/qemu-deprecated.texi b/qemu-deprecated.texi index c90b08d553..fff07bb2a3 100644 --- a/qemu-deprecated.texi +++ b/qemu-deprecated.texi @@ -121,6 +121,26 @@ the backing storage specified with @option{-mem-path} can actually provide the guest RAM configured with @option{-m} and QEMU will fail to start up if RAM allocation is unsuccessful. +@subsection RISC-V -bios (since 4.1) + +QEMU 4.1 introduced support for the -bios option in QEMU for RISC-V for the +RISC-V virt machine and sifive_u machine. + +QEMU 4.1 has no changes to the default behaviour to avoid breakages. This +default will change in a future QEMU release, so please prepare now. All users +of the virt or sifive_u machine must change their command line usage. + +QEMU 4.1 has three options, please migrate to one of these three: + 1. ``-bios none`` - This is the current default behavior if no -bios option + is included. QEMU will not automatically load any firmware. It is up + to the user to load all the images they need. + 2. ``-bios default`` - In a future QEMU release this will become the default + behaviour if no -bios option is specified. This option will load the + default OpenSBI firmware automatically. The firmware is included with + the QEMU release and no user interaction is required. All a user needs + to do is specify the kernel they want to boot with the -kernel option + 3. ``-bios <file>`` - Tells QEMU to load the specified file as the firmwrae. + @section QEMU Machine Protocol (QMP) commands @subsection block-dirty-bitmap-add "autoload" parameter (since 2.12.0) diff --git a/roms/Makefile b/roms/Makefile index 078d3fb705..dc70fb5aea 100644 --- a/roms/Makefile +++ b/roms/Makefile @@ -37,6 +37,8 @@ find-cross-prefix = $(subst gcc,,$(notdir $(call find-cross-gcc,$(1)))) powerpc64_cross_prefix := $(call find-cross-prefix,powerpc64) powerpc_cross_prefix := $(call find-cross-prefix,powerpc) x86_64_cross_prefix := $(call find-cross-prefix,x86_64) +riscv32_cross_prefix := $(call find-cross-prefix,riscv32) +riscv64_cross_prefix := $(call find-cross-prefix,riscv64) # tag our seabios builds SEABIOS_EXTRAVERSION="-prebuilt.qemu.org" @@ -52,18 +54,21 @@ EDK2_EFIROM = edk2/BaseTools/Source/C/bin/EfiRom default: @echo "nothing is build by default" @echo "available build targets:" - @echo " bios -- update bios.bin (seabios)" - @echo " vgabios -- update vgabios binaries (seabios)" - @echo " sgabios -- update sgabios binaries" - @echo " pxerom -- update nic roms (bios only)" - @echo " efirom -- update nic roms (bios+efi)" - @echo " slof -- update slof.bin" - @echo " skiboot -- update skiboot.lid" - @echo " u-boot.e500 -- update u-boot.e500" - @echo " u-boot.sam460 -- update u-boot.sam460" - @echo " efi -- update UEFI (edk2) platform firmware" - @echo " clean -- delete the files generated by the previous" \ - "build targets" + @echo " bios -- update bios.bin (seabios)" + @echo " vgabios -- update vgabios binaries (seabios)" + @echo " sgabios -- update sgabios binaries" + @echo " pxerom -- update nic roms (bios only)" + @echo " efirom -- update nic roms (bios+efi)" + @echo " slof -- update slof.bin" + @echo " skiboot -- update skiboot.lid" + @echo " u-boot.e500 -- update u-boot.e500" + @echo " u-boot.sam460 -- update u-boot.sam460" + @echo " efi -- update UEFI (edk2) platform firmware" + @echo " opensbi32-virt -- update OpenSBI for 32-bit virt machine" + @echo " opensbi64-virt -- update OpenSBI for 64-bit virt machine" + @echo " opensbi64-sifive_u -- update OpenSBI for 64-bit sifive_u machine" + @echo " clean -- delete the files generated by the previous" \ + "build targets" bios: build-seabios-config-seabios-128k build-seabios-config-seabios-256k cp seabios/builds/seabios-128k/bios.bin ../pc-bios/bios.bin @@ -162,6 +167,24 @@ skiboot: efi: edk2-basetools $(MAKE) -f Makefile.edk2 +opensbi32-virt: + $(MAKE) -C opensbi \ + CROSS_COMPILE=$(riscv32_cross_prefix) \ + PLATFORM="qemu/virt" + cp opensbi/build/platform/qemu/virt/firmware/fw_jump.bin ../pc-bios/opensbi-riscv32-virt-fw_jump.bin + +opensbi64-virt: + $(MAKE) -C opensbi \ + CROSS_COMPILE=$(riscv64_cross_prefix) \ + PLATFORM="qemu/virt" + cp opensbi/build/platform/qemu/virt/firmware/fw_jump.bin ../pc-bios/opensbi-riscv64-virt-fw_jump.bin + +opensbi64-sifive_u: + $(MAKE) -C opensbi \ + CROSS_COMPILE=$(riscv64_cross_prefix) \ + PLATFORM="qemu/sifive_u" + cp opensbi/build/platform/qemu/virt/firmware/fw_jump.bin ../pc-bios/opensbi-riscv64-sifive_u-fw_jump.bin + clean: rm -rf seabios/.config seabios/out seabios/builds $(MAKE) -C sgabios clean @@ -173,3 +196,4 @@ clean: $(MAKE) -C u-boot-sam460ex distclean $(MAKE) -C skiboot clean $(MAKE) -f Makefile.edk2 clean + $(MAKE) -C opensbi clean diff --git a/roms/opensbi b/roms/opensbi new file mode 160000 +Subproject ce228ee0919deb9957192d723eecc8aaae2697c |