The relative time between logged events is very useful during debugging,
particularly when debugging autoboot failures. Prepend a short HH:MM:SS
timestamp to each line logged.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Geoff Levand [Thu, 24 May 2018 00:25:57 +0000 (17:25 -0700)]
jenkins: Add build jobs
Adds two Jenkins pipeline jobs pb-upstream-trigger and pb-build-matrix.
pb-upstream-trigger checks for upstream updates and runs
pb-build-matrix. pb-build-matrix builds a pb-builder image and runs the
build-pb script.
Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Determine connectivity with getaddrinfo()
Use getaddrinfo() to determine if a remote URL is reachable instead of
only checking if we have an addresses configured. This avoids, for
example, trying to load an IPv4 URL when only an IPv6 address is
available.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
lib: Add support and helpers for IPv6 host addresses
Recognise IPv6 addresses and URLs, and allow an interface_info struct to
have both an IPv4 and IPv6 address.
The addr_scheme() helper returns the address family of a given address.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Jeremy Kerr [Tue, 3 Jul 2018 06:24:58 +0000 (16:24 +1000)]
discover: implement a periodic requery for network devices
If we boot a machine before external (network) dependencies are properly
configured, it will have tried once to download configuration, and
possibly failed due to that configuration not being present.
This change introduces a periodic requery of network resources. After a
timeout, petitboot will either re-acquire its DHCP lease (causing any
downloads to be re-processed, possibly with different parameters from
the new lease), or re-download a statically defined URL.
This timeout defaults to five minutes (similar to pxelinux), and is
configurable by DHCP option 211, "reboot time".
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
[added test stub] Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/user-event: Check for required parameters
Check for some required parameters in the 'dhcp' handler, and in the
'add' handler return an error if parse_user_event() fails rather than
charging ahead into a segfault.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
The fields from a BootLoaderSpec file can contain environment variables,
in GRUB 2 these are show verbatim and are evaluated later when an entry
is selected. But on Petitboot these have to be expanded before creating
the GRUB 2 resources and show in the UI the values after the evaluation.
The current blscfg handler had a very limited support for variables, it
only had support for the options field and also didn't take into account
that variables could be mixed with literal values.
So for example the following fields were not expanded correctly:
linux $bootprefix/vmlinuz
options $kernelopts foo=bar
options foo=bar $kernelopts
options $kernelopts $debugopts
Also change some of the tests to cover mixing variables and literals.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub: Use different paths to search for the BLS directory
Currenlty the BLS fragments are only searched in the /loader/entries
directory, but this assumes that there is a boot partition mounted
in /boot. This may not always be the case, /boot may not be a mount
point and just a directory inside the root partition.
To cover this case, Petitboot tries to find a GRUB 2 config file in
different paths. So let's do the same for the BLS files directory.
Also change some of the unit tests to use /boot/loader/entries as a
BLS directory instead of /loader/entries.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
test/parser: Make parser_scandir() ignore files with path len less than dir
Both the test files and directories added into the test harness are stored
into the same file list. So the parser_scandir() stub compares the absolute
file path of the files and the directory to scan, to know if a file belongs
to the directory.
Files whose absolute file path length isn't bigger than the directory to
scan should just be ignored, since it means they can't be from that dir.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
In signed-boot environments consistent handling of kernel commandline
options is essential as they must be pre-signed. In the syslinux parser
ensure that in the absence of a global APPEND they are processed
exactly as found and not with the leading space that the current APPEND
processing has as a shortcut.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Brett Grandbois [Sun, 10 Jun 2018 21:36:58 +0000 (07:36 +1000)]
lib/security: hard_lockdown flag to stop runtime disable of signed boot
Currently if signed-boot is enabled in configure the presence of the
LOCKDOWN_FILE is used as a runtime determination to perform the actual
verification. In some environments this may be acceptable or even the
intended operation but in other environments could be a security hole
since the removal of the file will then cause boot task verification.
Add a 'hard_lockdown' enable flag to generate a HARD_LOCKDOWN
preprocessor definition to force the system to always do a signed boot
verification for each boot task, which in the case of a missing file the
boot will fail.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
GCC 8 produces the following warning for network.c:
In function ‘network_handle_nlmsg’,
inlined from ‘network_netlink_process’ at ../discover/network.c:726:3:
../discover/network.c:568:3: warning: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 16 [-Wstringop-truncation]
strncpy(interface->name, ifname, sizeof(interface->name) - 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../discover/network.c:586:3: warning: ‘strncpy’ output may be truncated copying 15 bytes from a string of length 16 [-Wstringop-truncation]
strncpy(interface->name, ifname, sizeof(interface->name) - 1);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The code is safe since interface is allocated with talloc_zero() and we
could use -Wno-stringop-truncation to hide this but since this is the
only offender instead just copy the whole IFNAMSIZ bytes and explicitly
terminate the ifname buffer to be safe.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Brett Grandbois [Tue, 15 May 2018 00:55:49 +0000 (10:55 +1000)]
lib/security: add in openssl support
Refactor to export a generic API rather than specific gpg_ prefixes by
changing gpg.h to security.h and renaming some of the exports.
Break out the common and specific functionality into common.c and
none.c/gpg.c/openssl.c for no/gpgme/openssl modes respectively.
gpgme should work as before
OpenSSL support works like this:
The pb-lockdown file is a PKCS12 file or X509 certificate or PEM-encoded
raw public key. To follow the current conventions the presence of a
PKCS12 file as a lockdown signals decrypt mode because of the presence
of the private key, anything else signals signature verification mode.
The keyring path is currently ignored but in the future could be used to
point to an X509 certificate chain for validity checking. Because of
this self-signed certificates are currently supported and really just
used as a public key container.
Signature verification mode supports:
* Cryptographic Message Syntax (CMS) as detached S/MIME, this is really
more for consistency for the encryption mode (see below). This mode
requires the lockdown file to be an X509 certificate.
* Raw signature digest as output from openssl dgst -sign command. This
mode can have the lockdown file be an X509 certificate or a PEM raw
public key but the digest algorithm must be pre-defined by the
VERIFY_DIGEST configure argument. The default is SHA256.
A sample creation command would be:
openssl dgst -sign (private key) -out (outfile) -(digest mode) \
(infile)
Decryption mode supports:
* CMS signed-envelope as attached S/MIME. This is for consistency with
the current expectation of no external file for decryption. Some
future enhancement could be to come up with some proprietary external
file format containing the cipher used, the encrypted cipher key, and
the IV (if necessary).
Brett Grandbois [Tue, 15 May 2018 00:55:48 +0000 (10:55 +1000)]
configure: Add signed-boot openssl configuration support
Change the with-signed-boot option to take the following values:
no - disable signed boot (as before)
gpgme - configure for gpgme, fail if not found
openssl - configure for openssl, fail if not found
yes - look first for gpgme then openssl using first found, fail on none
this should behave as before if gpgme has been installed
fail on any other invalid options
add in the ax_check_openssl.m4 macro to facilitate openssl probing
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Geoff Levand [Mon, 21 May 2018 19:59:39 +0000 (19:59 +0000)]
docker: Add DOCKER_FROM arg
The dockerfile for each architecture is the same except for the 'FROM' image.
Add a new Dockerfile argument DOCKER_FROM that allows for a commom dockerfile.
If the docker version is older than 17.05 generate a docker file from
the common one.
Signed-off-by: Geoff Levand <geoff@infradead.org> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Brett Grandbois [Wed, 16 May 2018 03:23:49 +0000 (13:23 +1000)]
discover/boot: abort kexec on any error from validation
gpg_validate_boot_files() can return error codes for a variety of
reasons but kexec_load only aborts for signature or decryption failure.
In any other failure case like unable to open LOCKDOWN_FILE or do the
secure copy the validation is bypassed by an early return but kexec_load
does not abort.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Brett Grandbois [Thu, 3 May 2018 06:02:04 +0000 (16:02 +1000)]
lib/file: remove mkstemp umask in copy_file_secure_dest
mkstemp will generate the temp file with permissions 0600 so the
umask(0644) is causing the file to have permissions of 0000, making
signature files unreadable
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Andrew Donnellan [Mon, 30 Apr 2018 07:29:04 +0000 (17:29 +1000)]
travis: Enable ppc64le Travis builds
Travis now supports building on ppc64le. Given that Power machines are
currently the largest use case of petitboot, it seems appropriate that we
enable this.
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/syslinux-parser: filter out duplicate conf files
in case insensitive filesystems like vfat the duplicate conf file list
will create duplicate boot options. to filter that out strore the
struct stat of each parsed conf file and compare inodes
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub: Allow to set a default index for BLS entries
When the BLS support was added, the conclusion was that default indexes
didn't apply for BLS snippets. But for GRUB 2 the indexes refers to the
boot menu entries in memory, regardless of how these were generated.
Since in GRUB 2 is valid to set a default index even for menu entries
generated from BLS fragments, allow this to also be done in Petitboot.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub: Don't add discover context boot options in blscfg handler
Instead of adding a boot option explicitly, just add it to the grub script
boot option list and increment the number of options. That way BLS entries
will be known by the grub script handler and can check if is a valid index.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub: Reverse BLS entries sorting to match Petitboot's boot order
The BLS entries were sorted so that the latest entry was at the top in the
Petitboot UI, since it matches how menu entries are sorted in GRUB2 config
and the GRUB2 UI.
But in the Petitboot's UI, the latest entry is expected to be at the bottom
and the older one at the top. Sort the BLS entries to match what's expected.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/grub: Add blscfg command support to parse BootLoaderSpec files
The BootLoaderSpec (BLS) defines a file format for boot configurations,
so bootloaders can parse these files and create their boot menu entries
by using the information provided by them [0].
This allow to configure the boot items as drop-in files in a directory
instead of having to parse and modify a bootloader configuration file.
The GRUB 2 bootloader provides a blscfg command that parses these files
and creates menu entries using this information. Add support for it.
lib/security: Fix broken if statements in gpg_validate_boot_files()
The patch ccb478ac "Add encrypted file support" removes two
result = KEXEC_LOAD_SIGNATURE_FAILURE;
statements from after the `if (verify_file_signature)` lines for the
kernel and cmdline signatures. This appears to have been a mistake that
snuck through testing, and would allow incorrect signatures to pass
validation.
Also fix up some confusing indenting in the decryption section.
Reported-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Include the CCAN endian.h header in build sources and change the
--with-twin-foo options to default off - most users are not building
with libtwin so avoid having configure fail for them.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
In dc85de97 "Allow load_async_url() to call callback for local paths"
several load_url_result fields of the boot_task struct were deprecated
but were accidentally left in the struct. This caused the now out of
date code in cleanup_cancellations() to go unnoticed since it can return
safely if these fields are NULL. However freeing the boot task can free
the memory associated with each load before it is complete, resulting in
a confusing segfault.
This brings cleanup_cancellations() up to date and along the way
implicitly includes the signature resources in cleanup which were missed
originally.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Joel Stanley [Tue, 6 Mar 2018 04:02:20 +0000 (14:32 +1030)]
discover: pxe: Avoid dereferencing null pointer
When result is null, we may end up in the error handling path where we
try to dereference null to call cleanup_local. This adds a check for
result.
Found with scan-build.
Signed-off-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Cyril Bur <cyrilbur@gmail.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
[Fixed up commit message typo]
Joel Stanley [Tue, 6 Mar 2018 04:02:18 +0000 (14:32 +1030)]
discover: Fix unused function warning
clang errors out about an unused have_busybox function:
discover/paths.c:44:13: error: unused function 'have_busybox' [-Werror,-Wunused-function]
static bool have_busybox(void)
^
Move have_busybox() to inside the #ifndef PETITBOOT_TEST scope to
eliminate the warning and avoid having #ifdefs in load_url_async().
Signed-off-by: Joel Stanley <joel@jms.id.au> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
[Moved definition into #ifndef PETITBOOT_TEST instead of using
#ifdef at the call site]
Joel Stanley [Tue, 6 Mar 2018 04:02:17 +0000 (14:32 +1030)]
ncurses: Fix bad strncmp
ui/ncurses/nc-cui.c:967:58: warning: size argument in 'strncmp' call is a comparison [-Wmemsize-comparison]
if (strncmp(cod->opt->id, "dummy", strlen("dummy") == 0 &&
~~~~~~~~~~~~~~~~~~~~~^~
ui/ncurses/nc-cui.c:967:6: note: did you mean to compare the result of 'strncmp' instead?
if (strncmp(cod->opt->id, "dummy", strlen("dummy") == 0 &&
^
There appears to be two bonus conditions inside the length field. I
chose to drop the pointless strncmp(foo, bar, strlen(bar)), as this is
equivalent to strcmp(foo, bar).
Signed-off-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Cyril Bur <cyrilbur@gmail.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
[Fixed up commit message typo]
Joel Stanley [Tue, 6 Mar 2018 04:02:16 +0000 (14:32 +1030)]
discover: Fix bad check of version string
Clang says this:
discover/device-handler.c:1564:27: warning: size argument in 'strncmp' call is a comparison [-Wmemsize-comparison]
strlen(opt->version) == 0)) {
~~~~~~~~~~~~~~~~~~~~~^~~~
discover/device-handler.c:1563:5: note: did you mean to compare the result of 'strncmp' instead?
strncmp(opt->version, tmp->version,
^
It looks like it's correct. However, we can go one better and drop the
pointless strncmp(foo, bar, strlen(bar)), as this is equivalent to
strcmp(foo, bar).
Signed-off-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Cyril Bur <cyrilbur@gmail.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
The linux,stdout-path property was deprecated in favour of stdout-path
in the v3.14 kernel. 'stdout-path' takes priority in newer kernels but
older kernels won't be aware of it, so set both at boot time.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/platform-powerpc: Avoid confusing gateway and URL
If we have a static network config with a URL set but not a gateway we
can confuse the URL as the gateway due to how we write the network
string in NVRAM.
To avoid changing the parameter format if we only have one of the two
tokens check whether or not it's actually a URL; the gateway and the URL
will have distinct formats.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
The boot option editor screen segfaults on a system info update since it
loses track of which fields actually exist.
The boot editor screen's setup and drawing logic is a bit different from
other screens, so to fix this bug and preserve the maintainer's sanity,
bring the screen setup and redraw into line with other screens. This
includes a full teardown of the widgets on update, so save the content
of any textboxes on update so the user's changes are not lost.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover: Allow load_async_url() to call callback for local paths
Several pxe-parser tests fail because the test harness's version of
load_async_url() will call the callback directly, but in pxe-parser the
caller checks if the path was local and calls the callback immediately.
Being called twice, a use-after-free occurs in the callback.
For consistency change the load_async_url() semantics such that it is
possible for load_async_url() to call the callback before it returns in
the case of local paths. Callers need to know this is possible, but now
won't need to check to call it manually.
This requires a slight reorganisation of the boot_process() code, since
it checks the result of several asynchronous load operations in the same
callback, and with this change not all of those results will necessarily
be initialised at callback time. Add a list of 'boot_resources' which
carry the required information for the resource and allow the boot
handler to treat different resources generically.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/device-handler: Treat empty boot order as 'boot any'
It is possible to have autoboot enabled with an empty boot order.
Currently this acts as if autoboot is disabled, but it likely makes more
sense to the user for this to behave as "autoboot any device".
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Clear remaining space when drawing help line
When drawing the screen's help line clear each character after the new
help line to avoid stale parts of the previous screen's help line
remaining on the screen.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Brett Grandbois [Mon, 5 Feb 2018 20:40:31 +0000 (06:40 +1000)]
grub2/grub2-parser: accept no whitespace in grub menuentry
The Yocto wic grub support will generate a grub.cfg with no whitespace
between the ending quote of the menuentry label and the opening bracket.
There doesn't seem to be anything in the specification that this is
illegal so accept it here.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Allow multiple hot key handlers per pmenu
The main menu and plugin menu are separate screens but they share the
pmenu_process_key() handler. This means all the key shortcuts intended
for the main menu can also be used in the plugin menu, which is
particularly odd for "add new boot option" for example.
To work around this extend the 'hot_key' functionality in pmenu to allow
multiple handlers. This allows all pmenus to have the usual navigation
and action keys, and then add extra handlers as needed. For example,
ps3_mm_init() needs main menu shortcuts as well as some PS3-specific
shortcuts, whereas plugin_menu_init() only needs the generic key
handler.
This changes the functionality of pmenu_process_key() such that if a
hot_key_fn successfully handles a key, pmenu_process_key() returns
instead of continuing to process the key. This does not affect the
current usage.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
discover/pxe-parser: Fix relative parsing for manual config files
Manually specified config files are asynchronously downloaded by
device_handler_process_url() before being parsed. This overwrites the
'pxeconffile' parameter, causing the parser to create relative paths
relative to the downloaded file's path, not the original remote path.
Work around this by setting 'pxeconffile-local' instead to differentiate
between the original config file's location and the local copy.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
If the ncurses UI exits before it has contacted the server it is meant
to fork a process to wait until the connection is made and cancel
autoboot. This prevents users dropping to the shell and then having the
machine boot out from underneath them.
In e1e2ca68 "Spawn shell in exit handler" the UI doesn't actually exit
on "exit", but it isn't listening to server events either while the
shell is active. In this case make sure we still fork to notify the
server.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
In the vt100 'application' cursor mode arrow keys produce ^[Ox rather
than the usual ^[[x. Add this pattern to our defined keys so we don't
accidentally catch the escape key.
For reference:
http://www.tldp.org/HOWTO/Keyboard-and-Console-HOWTO-21.html
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Cyril Bur [Thu, 16 Nov 2017 03:49:14 +0000 (14:49 +1100)]
discover/pxe-parser: Fine grained proxy control
Petitboot provides a method for a user to manually specify a
configuration file that should be retrieved. Petitboot also has a
global proxy configuration.
This patch aims to marry the two so that a custom configuration file
can specify that a specific proxy should be used to access one (or all)
of the options within it.
This makes custom configuration files more powerful as they can point
to files behind proxies without the user needing to also specify the
global proxy for that specific custom configuration file to work.
This adds parsing for a `proxy` option which will apply to all boot
items found after.
Signed-off-by: Cyril Bur <cyrilbur@gmail.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
The commit message reads:
If ax_with_ncurses finds a ncursesw instance the former code checks
only for <ncursesw/panelh>. If not there the search fails.
That let to problems at least in Arch Linux which has only <panel.h>
installed.
The patched version here checks first for <ncursesw/panel.h> and if
not found also for <panel.h>.
Tested for the following distributions:
Gentoo, Debian 7..9, Linux Mint 17 and 18.1, Arch Linux, Ubuntu
ARCH Linux builds ncurses with wide character support but does not add
any ncurses specific headers. nurses its self (by default) adds almost
no ncurses specific headers. No {prefix}/include/ncurses directory. In
fact the only ncurses specific file is the ncurses.h symlink to
curses.h, other than that there are no ncurses headers.
The ax_with_curses.m4 script detects if the installed ncurses has wide
character support. It checks using code snippets against all possible
ncurses header files.
If the ax_with_curses.m4 script detects wide character support the
ax_with_curses_extra.m4 will only look for extra curses features (in
the case of petitboot, form.h and menu.h) inside the
{prefix}/include/ncurses directory, when they could simply be in
{prefix}/include.
Signed-off-by: Cyril Bur <cyrilbur@gmail.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
ui/ncurses: Safely handle lost terminal control commands
Normally terminal control commands are caught and handled before ncurses
or Petitboot could see them. However several combinations of broken
terminal emulators or console connections can cause these command
sequences to be seen by Petitboot, usually resulting in Petitboot
exiting due to the ESC character and then the rest printed to the
console.
Aside from confusing the user this can also cancel autoboot, so it's
important we don't let these sequences go unnoticed if possible.
In ui/ncurses/console-codes we add a state machine that recognises the
syntax of these control/escape sequences and handles the lost
characters. We don't try to emulate the functionality of these commands,
instead just logging them for reference.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
On OpenBMC platforms IPMI requests can take over five seconds to
complete. OpenBMC does inform OPAL in BT init that it may take up to
ten seconds to respond to any requests, so update our timeout value to
accommodate this extra delay.
On other platforms this will won't change anything (AMI- and SMC- based
BMCs for example respond in under a second), but on OpenBMC platforms
such as Witherspoon this will delay Petitboot significantly while we
wait for the response. This is not ideal but we need to wait in order to
receive important information such as a safe mode request.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>