CentOS 8.2: Updated to DOCA_1.5.0_BSP_3.9.3

Signed-off-by: Vladimir Sokolovsky <[email protected]>

centos/8.2/Dockerfile

@@ -4,12 +4,10 @@ ADD qemu-aarch64-static /usr/bin/
 WORKDIR /root/workspace
 ADD install.sh .
 ADD create_bfb .
-ADD update.cap .
-ADD mlxbf-bootimages-3.8.5-12027.aarch64.rpm .
+ADD mlxbf-bootimages-3.9.3-12383.aarch64.rpm .
 
 ENV RUN_FW_UPDATER=no
 
-RUN rpm -ihv mlxbf-bootimages-3.8.5-12027.aarch64.rpm
 RUN yum install -y \
 		grub2-tools grub2 grubby grub2-tools-minimal grub2-efi-aa64 grub2-efi-aa64-modules grub2-common grub2-tools-extra \
 		efibootmgr tcpdump nvme-cli rsync binutils sg3_utils libnl3 bison flex libmnl perl lsof \
@@ -27,10 +25,13 @@ RUN yum-config-manager --nogpgcheck --add-repo https://download-ib01.fedoraproje
      yum install -y --nogpgcheck uriparser
 RUN yum install -y --enablerepo=PowerTools meson libnghttp2-devel
 
-RUN yum-config-manager --nogpgcheck --add-repo https://linux.mellanox.com/public/repo/doca/1.2.1/centos8.2/aarch64/
+RUN yum-config-manager --nogpgcheck --add-repo https://linux.mellanox.com/public/repo/doca/1.5.0/centos8.2/aarch64/
 
 RUN yum install --nogpgcheck -y doca-runtime doca-tools doca-sdk
 
 RUN /usr/sbin/update-pciids || true
+RUN rpm -ihv --force mlxbf-bootimages-*.aarch64.rpm || true
 
-CMD ["/root/workspace/create_bfb", "-k", "5.4.0-1023.24.gd30084e-bluefield"]
+RUN sed -i -e "s/signed/@IMAGE_TYPE@@CUSTOM_VERSION@/" /etc/mlnx-release
+
+CMD ["/root/workspace/create_bfb", "-k", "4.18.0-193.el8.aarch64"]

centos/8.2/bfb-build

@@ -19,14 +19,13 @@ fi
 
 DISTRO="centos"
 DISTRO_VERSION="8.2"
-VERSION="3.8.5"
+VERSION="3.9.3"
 IMAGE_TYPE=${IMAGE_TYPE:-"prod"}
 
 WDIR=/tmp/${DISTRO}${DISTRO_VERSION}.$$
 
 mkdir -p $WDIR
-wget -P $WDIR https://linux.mellanox.com/public/repo/bluefield/${VERSION}/bootimages/${IMAGE_TYPE}/update.cap
-wget -P $WDIR https://linux.mellanox.com/public/repo/bluefield/${VERSION}/bootimages/${IMAGE_TYPE}/mlxbf-bootimages-3.8.5-12027.aarch64.rpm
+wget -P $WDIR -r --no-verbose --no-directories -l1 --no-parent -A 'mlxbf-bootimages*.aarch64.rpm' https://linux.mellanox.com/public/repo/bluefield/${VERSION}/bootimages/${IMAGE_TYPE}/
 
 cp	Dockerfile \
 	create_bfb \
@@ -36,6 +35,8 @@ cp	Dockerfile \
 
 cd $WDIR
 
+sed -i -e "s/@IMAGE_TYPE@/$IMAGE_TYPE/;s/@CUSTOM_VERSION@/$CUSTOM_VERSION/" Dockerfile
+
 docker build -t bfb_runtime_${DISTRO}${DISTRO_VERSION} -f Dockerfile .
 docker run -t --rm --privileged -e container=docker \
 	-v $PWD:/workspace \
@@ -45,4 +46,6 @@ docker run -t --rm --privileged -e container=docker \
 	--mount type=bind,source=/proc,target=/proc \
 	bfb_runtime_${DISTRO}${DISTRO_VERSION}
 
-readlink -f *aarch64.bfb
+readlink -f *.bfb
+
+echo "Default root password is: centos"

centos/8.2/create_bfb

@@ -33,7 +33,7 @@ LANG=C
 BF_HOSTNAME="localhost"
 SDIR="/root/workspace"
 BFB="${BFB:-/lib/firmware/mellanox/boot/default.bfb}"
-CAPSULE="${SDIR}/update.cap"
+CAPSULE="${CAPSULE:-/lib/firmware/mellanox/boot/capsule/boot_update2.cap}"
 verbose=0
 kdir=$(/bin/ls -1d /lib/modules/4.19* /lib/modules/4.20* /lib/modules/5.* 2> /dev/null | head -1)
 if [ -n "$kdir" ]; then
@@ -46,7 +46,6 @@ usage() {
 cat << EOF
 Usage: `basename $0` [ OPTIONS ]
 OPTIONS:
--i, -install_bfb,    --install_bfb <BFB>        Installation BFB to be used as a basis for the target BFB. Default: $BFB
 -H, -hostname,       --hostname <hostname>      Hostname for the SmartNIC. Default: $BF_HOSTNAME
 -k, -kernel,         --kernel <kernel version>  Kernel version for the SmartNIC. Default: $kernel
 -v, -verbose,   --verbose                       Run script in verbose mode. Will print out each step of execution.
@@ -56,8 +55,7 @@ OPTIONS:
 EOF
 }
 
-
-options=$(getopt -l "install_bfb:,hostname:,kernel:,help,verbose" -o "i:H:k:hv" -a -- "$@")
+options=$(getopt -l "hostname:,kernel:,help,verbose" -o "H:k:hv" -a -- "$@")
 
 eval set -- "$options"
 
@@ -68,10 +66,6 @@ do
                     usage
                     exit 0
                     ;;
-				-i|--install_bfb)
-					shift
-					BFB=$1
-					;;
 				-H|--hostname)
 					shift
 					BF_HOSTNAME=$1
@@ -91,6 +85,9 @@ do
         shift
 done
 
+bootctl_module="mlxbf-bootctl"
+
+modinfo -n -k $kernel "mlx-bootctl" && bootctl_module="mlx-bootctl"
 
 SCRIPTS_DIR=`dirname $0`
 
@@ -128,18 +125,27 @@ echo ${BF_HOSTNAME} > /etc/hostname
 
 hostname ${BF_HOSTNAME}
 
+ex /bin/rm -rf ${WDIR}
 ex mkdir -p ${WDIR}
 ex cd ${WDIR}
-ex rm -rf initramfs
+ex /bin/rm -rf initramfs
 
 initramfs=$WDIR/dump-initramfs-v0
-# if [ ! -e /boot/initramfs-${kernel}.img ]; then
-# 	ex dracut --kver ${kernel} --force --omit-drivers 'mlx4_core mlx4_en' /boot/initramfs-${kernel}.img ${kernel}
-# fi
-# cp /boot/initramfs-${kernel}.img $initramfs
 
-yum install -y dracut-tools
-ex dracut --no-hostonly -m "bash network base shutdown" --gzip $initramfs ${kernel}
+if ! ( rpm -q dracut-tools > /dev/null 2>&1 ); then
+	yum install -y dracut-tools
+fi
+
+if ! ( rpm -q parted-3.2 > /dev/null 2>&1 ); then
+	if [ ! -e /tmp/parted-3.2-39.el7.aarch64.rpm ]; then
+		wget -P /tmp https://github.com/Mellanox/bfb-build/raw/master/common/packages/parted-3.2-39.el7.aarch64.rpm
+	fi
+	rpm -Uhv /tmp/parted-3.2-39.el7.aarch64.rpm || true
+fi
+
+ex dracut --no-hostonly -m "bash network base shutdown" --force-drivers "${bootctl_module} mlxbf_tmfifo dw_mmc_bluefield mmc_block virtio_console mlx5_core mlx5_ib ib_umad" --filesystems "xfs vfat" --gzip $initramfs ${kernel}
+
+rm -f /etc/udev/rules.d/91-tmfifo_net.rules /etc/udev/rules.d/92-oob_net.rules
 
 cat > /etc/default/grub << EOF
 GRUB_TIMEOUT=0
@@ -148,16 +154,12 @@ GRUB_DEFAULT=saved
 GRUB_DISABLE_SUBMENU=true
 GRUB_TERMINAL=console
 GRUB_SERIAL_COMMAND="serial --unit=1"
-GRUB_CMDLINE_LINUX="crashkernel=auto  console=hvc0 console=ttyAMA0 earlycon=pl011,0x01000000 modprobe.blacklist=mlx5_core,mlx5_ib"
+GRUB_CMDLINE_LINUX="crashkernel=auto console=hvc0 console=ttyAMA0 earlycon=pl011,0x01000000 modprobe.blacklist=mlx5_core,mlx5_ib net.ifnames=0 biosdevname=0"
 GRUB_DISABLE_RECOVERY="true"
 GRUB_TIMEOUT_STYLE=countdown
 GRUB_DISABLE_OS_PROBER=false
 EOF
 
-# initramfs=/boot/initramfs-$kernel.img
-# initramfs=$(realpath $initramfs)
-# cp $initramfs $WDIR/dump-initramfs-v0
-# initramfs=$WDIR/dump-initramfs-v0
 
 case "$(file --brief --mime-type "$initramfs")" in
 	"application/x-lzma")
@@ -183,7 +185,7 @@ copy_bin()
 	fi
 	if [ -z "$bin" ]; then
 		echo "ERROR: Cannot find $1"
-		exit 1
+		return 1
 	fi
 	sudo mkdir -p .`dirname $bin`
 	if [ -e .${bin} ]; then
@@ -217,6 +219,10 @@ copy_rpm()
 		yum install -y $package
 	fi
 
+	if ! (rpm -q $package); then
+		return
+	fi
+
 	case $package in
 		chkconfig)
 			for f in `rpm -ql $package | grep -v share`
@@ -250,15 +256,15 @@ copy_rpm()
 }
 
 # Copy the content of RPM packages
-for package in  mlxbf-bfscripts util-linux dosfstools e2fsprogs kmod pciutils usbutils chkconfig mft mft-oem kernel-mft tar xfsprogs coreutils parted
+for package in mlxbf-bfscripts util-linux dosfstools e2fsprogs kmod pciutils usbutils chkconfig mft mft-oem kernel-mft kmod-kernel-mft-mlnx tar xfsprogs coreutils parted which curl $ADDON_RPMS
 do
-	copy_rpm $package
+	copy_rpm $package || true
 done
 
 # Copy tools
 for tool in	xz efibootmgr bash getopt hexdump mstflint lspci perl \
 		lsblk shutdown systemctl strings \
-		mlxbf-bootctl id grep
+		mlxbf-bootctl id grep $ADDON_TOOLS
 do
 	if [ -d $tool ]; then
 		continue
@@ -270,20 +276,18 @@ sudo depmod -a -b ./ $kernel
 sudo ldconfig -r ./
 sudo mkdir -p usr/share/hwdata/ bin/
 sudo cp /usr/share/hwdata/pci.ids ./usr/share/hwdata/
-# Make sure we can load mlx-bootctl
-bootctl_ko=`modinfo -F filename -k $kernel mlx_bootctl`
-sudo cp $bootctl_ko .
 sudo mkdir -p ./lib/firmware/mellanox/boot/
 sudo cp /lib/firmware/mellanox/boot/default.bfb ./lib/firmware/mellanox/boot/default.bfb
 sudo cp -a /lib/firmware/mellanox/boot/capsule ./lib/firmware/mellanox/boot/
 sudo cp $CAPSULE ./lib/firmware/mellanox/boot/capsule/
 sudo mkdir -p mnt
 
-ex mkdir -p centos
+# CVE-2021-4034 workaround
+chmod 0755 /usr/bin/pkexec
 
 ex mkdir -p centos
 # Tar the image
-XZ_OPT="--threads=0 -9 --verbose" tar -cJp --exclude='./workspace'  --exclude='./root/workspace' --exclude='./tmp/*' --exclude='./run/*' --exclude='./sys/*' --exclude='./proc/*' --exclude='./dev/*' --exclude='./.dockerenv' --exclude='./root/rpmbuild' --exclude='./root/.rpmmacros' --exclude='./root/.bash_history' --exclude='./var/tmp/*rpm' --exclude='./bin/qemu-aarch64-static' --exclude='./usr/bin/qemu-aarch64-static' --exclude='./usr/bin/qemu-arm-static' --exclude='./var/lib/yum/*' --exclude='./var/cache/yum/*' -f ./centos/image.tar.xz -C / .
+XZ_OPT="--threads=0 -9 --verbose" tar -cJp --exclude='./workspace' --exclude='./signing-local' --exclude='./signing-shared' --exclude='./var/run/docker.sock' --exclude='./root/workspace' --exclude='./tmp/*' --exclude='./run/*' --exclude='./sys/*' --exclude='./proc/*' --exclude='./dev/*' --exclude='./.dockerenv' --exclude='./root/rpmbuild' --exclude='./root/.rpmmacros' --exclude='./root/.bash_history' --exclude='./var/tmp/*rpm' --exclude='./bin/qemu-aarch64-static' --exclude='./usr/bin/qemu-aarch64-static' --exclude='./usr/bin/qemu-arm-static' --exclude='./var/lib/yum/*' --exclude='./var/cache/yum/*' -f ./centos/image.tar.xz -C / .
 ex install -m 0755 ${SDIR}/install.sh ./centos/install.sh
 
 mkdir scripts
@@ -295,7 +299,7 @@ echo "=================================" | tee /dev/kmsg
 echo "Installing CentOS. Please wait..." | tee /dev/kmsg
 echo "=================================" | tee /dev/kmsg
 
-insmod /mlx-bootctl.ko > /dev/null 2>&1
+modprobe -a mlxbf_tmfifo dw_mmc_bluefield mmc_block virtio_console ${bootctl_module} 2>&1 | tee /dev/kmsg
 
 sleep 5
 
@@ -336,8 +340,10 @@ printf "Linux from rshim" > "$boot_desc"
 vmlinuz=$WDIR/vmlinuz
 if [ -e $SDIR/vmlinuz ]; then
 	sudo zcat $SDIR/vmlinuz > "$vmlinuz"
-else
+elif [ -e /boot/vmlinuz-$kernel ]; then
 	sudo zcat /boot/vmlinuz-$kernel > "$vmlinuz"
+else
+    sudo zcat /lib/modules/$kernel/vmlinuz > "$vmlinuz"
 fi
 
 mkdir -p /workspace