* Sat Aug 07 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20200823-6.git4bd064de

- ipxe-Add-ping-command-support.patch [bz#1985658]
- ipxe-Add-VLAN-tagging-support.patch [bz#1985658]
- ipxe-netdevice-Strip-802.Q-VLAN-0-priority-tags.patch [bz#1985658]
- ipxe-Provide-snponly.efi-rom.patch [bz#1985658]
- ipxe-Build-hwcert-subpackage.patch [bz#1985658]
- Resolves: bz#1985658
  (carry forward rhel8 ipxe packaging changes)

ipxe-Add-VLAN-tagging-support.patch

@@ -0,0 +1,34 @@
+From 2a9170ed88dc55d601a70d34f2d93157dc30e307 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Mon, 2 Aug 2021 08:33:47 -0400
+Subject: [PATCH 2/5] Add VLAN tagging support
+
+RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
+RH-MergeRequest: 6: Forwardport  missing RHEL 8 downsteream changes
+RH-Commit: [2/5] 3359f0d96c8743abefdf1b81857c84f4e7312f9d (mrezanin/centos-src-ipxe)
+RH-Bugzilla: 1985658
+
+RHEL 8 added support for VLAN tagging. We need to add it to RHEL 9
+so we are not regressing.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ src/config/general.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/config/general.h b/src/config/general.h
+index 5adf6a35..a6df71b5 100644
+--- a/src/config/general.h
++++ b/src/config/general.h
+@@ -140,7 +140,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+ //#define TIME_CMD		/* Time commands */
+ //#define DIGEST_CMD		/* Image crypto digest commands */
+ //#define LOTEST_CMD		/* Loopback testing commands */
+-//#define VLAN_CMD		/* VLAN commands */
++#define VLAN_CMD		/* VLAN commands */
+ //#define PXE_CMD		/* PXE commands */
+ //#define REBOOT_CMD		/* Reboot command */
+ //#define POWEROFF_CMD		/* Power off command */
+-- 
+2.27.0
+

ipxe-Add-ping-command-support.patch

@@ -0,0 +1,36 @@
+From 4d004e6a535c4f102c7b91c2f4d259cebaf1fb69 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Mon, 2 Aug 2021 08:11:12 -0400
+Subject: [PATCH 1/5] Add ping command support
+
+RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
+RH-MergeRequest: 6: Forwardport  missing RHEL 8 downsteream changes
+RH-Commit: [1/5] f95713f55d7af7970d39462c94b866f833eedca1 (mrezanin/centos-src-ipxe)
+RH-Bugzilla: 1985658
+
+To allow trouble shooting ipxe issues, ping command were added to
+RHEL 8 (see BZ 1913719).
+
+Adding this command to RHEL 9 to prevent regression from RHEL 8 functionality.
+
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ src/config/general.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/config/general.h b/src/config/general.h
+index 3c14a2cd..5adf6a35 100644
+--- a/src/config/general.h
++++ b/src/config/general.h
+@@ -148,7 +148,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+ //#define PCI_CMD		/* PCI commands */
+ //#define PARAM_CMD		/* Form parameter commands */
+ //#define NEIGHBOUR_CMD		/* Neighbour management commands */
+-//#define PING_CMD		/* Ping command */
++#define PING_CMD		/* Ping command */
+ //#define CONSOLE_CMD		/* Console command */
+ //#define IPSTAT_CMD		/* IP statistics commands */
+ //#define PROFSTAT_CMD		/* Profiling commands */
+-- 
+2.27.0
+

ipxe-netdevice-Strip-802.Q-VLAN-0-priority-tags.patch

@@ -0,0 +1,195 @@
+From ff3a5af3d7f78577899626b2f8b612369e051916 Mon Sep 17 00:00:00 2001
+From: Miroslav Rezanina <mrezanin@redhat.com>
+Date: Mon, 2 Aug 2021 08:32:33 -0400
+Subject: [PATCH 3/5] [netdevice] Strip 802.Q VLAN 0 priority tags
+
+RH-Author: Miroslav Rezanina <mrezanin@redhat.com>
+RH-MergeRequest: 6: Forwardport  missing RHEL 8 downsteream changes
+RH-Commit: [3/5] 440560659da2028f365a71b4ed4991955022dce5 (mrezanin/centos-src-ipxe)
+RH-Bugzilla: 1985658
+
+iPXE was unable to receive priority tagged packets specified in
+the 802.1Q standard and supported by all major networking stacks.
+
+This commit adds a new function net_pull_tags which is called by
+all consumers of incoming packets after stripping their link-layer
+headers.
+
+Upstream patch:
+http://lists.ipxe.org/pipermail/ipxe-devel/2016-July/005099.html
+
+Downstream changes:
+Upstream commit fe680c822856 made vlan_find static. This prevents
+it's usage int this patch. Reverting changes adding static for
+vlan_find.
+
+Signed-off-by: Ladi Prosek <lprosek@redhat.com>
+Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
+---
+ src/arch/x86/interface/pxe/pxe_undi.c |  6 +++
+ src/include/ipxe/netdevice.h          |  2 +
+ src/include/ipxe/vlan.h               |  2 +
+ src/interface/efi/efi_snp.c           |  7 ++++
+ src/net/netdevice.c                   | 57 +++++++++++++++++++++++++++
+ src/net/vlan.c                        |  2 +-
+ 6 files changed, 75 insertions(+), 1 deletion(-)
+
+diff --git a/src/arch/x86/interface/pxe/pxe_undi.c b/src/arch/x86/interface/pxe/pxe_undi.c
+index 2eb68178..2ea14515 100644
+--- a/src/arch/x86/interface/pxe/pxe_undi.c
++++ b/src/arch/x86/interface/pxe/pxe_undi.c
+@@ -976,6 +976,12 @@ static PXENV_EXIT_t pxenv_undi_isr ( struct s_PXENV_UNDI_ISR *undi_isr ) {
+ 		}
+ 		ll_hlen = ( len - iob_len ( iobuf ) );
+ 
++		/* Strip link-layer-independent headers */
++		if ( ( rc = net_pull_tags ( iobuf, pxe_netdev, &net_proto ) ) != 0 ) {
++			/* Assume unknown net_proto */
++			net_proto = 0;
++		}
++
+ 		/* Determine network-layer protocol */
+ 		switch ( net_proto ) {
+ 		case htons ( ETH_P_IP ):
+diff --git a/src/include/ipxe/netdevice.h b/src/include/ipxe/netdevice.h
+index d498ab69..27dda45d 100644
+--- a/src/include/ipxe/netdevice.h
++++ b/src/include/ipxe/netdevice.h
+@@ -726,6 +726,8 @@ extern int net_tx ( struct io_buffer *iobuf, struct net_device *netdev,
+ extern int net_rx ( struct io_buffer *iobuf, struct net_device *netdev,
+ 		    uint16_t net_proto, const void *ll_dest,
+ 		    const void *ll_source, unsigned int flags );
++extern int net_pull_tags ( struct io_buffer *iobuf, struct net_device *netdev,
++			   uint16_t *net_proto );
+ extern void net_poll ( void );
+ extern struct net_device_configurator *
+ find_netdev_configurator ( const char *name );
+diff --git a/src/include/ipxe/vlan.h b/src/include/ipxe/vlan.h
+index 7f93439b..b82f3806 100644
+--- a/src/include/ipxe/vlan.h
++++ b/src/include/ipxe/vlan.h
+@@ -61,6 +61,8 @@ struct vlan_header {
+  */
+ #define VLAN_PRIORITY_IS_VALID( priority ) ( (priority) <= 7 )
+ 
++extern struct net_device * vlan_find ( struct net_device *trunk,
++                                      unsigned int tag );
+ extern unsigned int vlan_tag ( struct net_device *netdev );
+ extern int vlan_can_be_trunk ( struct net_device *trunk );
+ extern int vlan_create ( struct net_device *trunk, unsigned int tag,
+diff --git a/src/interface/efi/efi_snp.c b/src/interface/efi/efi_snp.c
+index d648700f..a8f2ac8e 100644
+--- a/src/interface/efi/efi_snp.c
++++ b/src/interface/efi/efi_snp.c
+@@ -813,6 +813,13 @@ efi_snp_receive ( EFI_SIMPLE_NETWORK_PROTOCOL *snp,
+ 		goto out_bad_ll_header;
+ 	}
+ 
++	/* Strip link-layer-independent headers */
++	if ( ( rc = net_pull_tags ( iobuf, snpdev->netdev, &iob_net_proto ) ) ) {
++		DBGC ( snpdev, "SNPDEV %p could not parse tags: %s\n",
++		       snpdev, strerror ( rc ) );
++		goto out_bad_ll_header;
++	}
++
+ 	/* Return link-layer header parameters to caller, if required */
+ 	if ( ll_header_len )
+ 		*ll_header_len = ll_protocol->ll_header_len;
+diff --git a/src/net/netdevice.c b/src/net/netdevice.c
+index 3b02e64b..95803f26 100644
+--- a/src/net/netdevice.c
++++ b/src/net/netdevice.c
+@@ -1043,6 +1043,45 @@ int net_rx ( struct io_buffer *iobuf, struct net_device *netdev,
+ 	return -ENOTSUP;
+ }
+ 
++
++/**
++ * Strip extra link-layer-independent tags from a received packet
++ *
++ * @v iobuf		I/O buffer
++ * @v netdev		Network device
++ * @v net_proto		Network-layer protocol, in network-byte order
++ * @ret rc		Return status code
++ *
++ * This function should be called after stripping link-layer headers but
++ * before inspecting the network-layer protocol.
++ */
++int net_pull_tags ( struct io_buffer *iobuf, struct net_device *netdev,
++		    uint16_t *net_proto ) {
++	struct vlan_header *vlanhdr;
++	uint16_t tag;
++
++	/* Strip 802.1Q VLAN 0 priority tags if present */
++	while ( *net_proto == htons ( ETH_P_8021Q ) ) {
++		if ( iob_len ( iobuf ) < sizeof ( *vlanhdr ) ) {
++			DBG ( "VLAN header too short at %zd bytes (min %zd bytes)\n",
++			      iob_len ( iobuf ), sizeof ( *vlanhdr ) );
++			return -EINVAL;
++		}
++		vlanhdr = ( struct vlan_header * ) iobuf->data;
++		tag = VLAN_TAG ( ntohs ( vlanhdr->tci ) );
++
++		if ( tag == 0 && ! vlan_find ( netdev, tag ) ) {
++			/* VLAN 0, strip and continue */
++			*net_proto = vlanhdr->net_proto;
++			iob_pull ( iobuf, sizeof ( *vlanhdr ) );
++		} else {
++			/* Real VLAN tag, leave it alone */
++			break;
++		}
++	}
++	return 0;
++}
++
+ /**
+  * Poll the network stack
+  *
+@@ -1094,6 +1133,12 @@ void net_poll ( void ) {
+ 				continue;
+ 			}
+ 
++			/* Remove link-layer-independent headers */
++			if ( ( rc = net_pull_tags ( iobuf, netdev, &net_proto ) ) ) {
++				free_iob ( iobuf );
++				continue;
++			}
++
+ 			/* Hand packet to network layer */
+ 			if ( ( rc = net_rx ( iob_disown ( iobuf ), netdev,
+ 					     net_proto, ll_dest,
+@@ -1125,6 +1170,18 @@ __weak unsigned int vlan_tag ( struct net_device *netdev __unused ) {
+ 	return 0;
+ }
+ 
++/**
++ * Identify VLAN device (when VLAN support is not present)
++ *
++ * @v netdev           Network device
++ * @v tag              VLAN tag, or zero
++ * @v iobuf            I/O buffer
++ */
++__weak struct net_device * vlan_find ( struct net_device *trunk __unused,
++                                      unsigned int tag __unused ) {
++       return NULL;
++}
++
+ /**
+  * Add VLAN tag-stripped packet to queue (when VLAN support is not present)
+  *
+diff --git a/src/net/vlan.c b/src/net/vlan.c
+index 90f2934d..0f234ea5 100644
+--- a/src/net/vlan.c
++++ b/src/net/vlan.c
+@@ -199,7 +199,7 @@ static void vlan_sync ( struct net_device *netdev ) {
+  * @v tag		VLAN tag
+  * @ret netdev		VLAN device, if any
+  */
+-static struct net_device * vlan_find ( struct net_device *trunk,
++struct net_device * vlan_find ( struct net_device *trunk,
+ 				       unsigned int tag ) {
+ 	struct net_device *netdev;
+ 	struct vlan_device *vlan;
+-- 
+2.27.0
+

ipxe.spec

@@ -50,13 +50,14 @@
 
 Name:    ipxe
 Version: %{date}
-Release: 5.git%{hash}%{?dist}
+Release: 6.git%{hash}%{?dist}
 Summary: A network boot loader
 
 License: GPLv2 with additional permissions and BSD
 URL:     http://ipxe.org/
 
 Source0: %{name}-%{version}-git%{hash}.tar.xz
+Source1: script.ipxe
 
 # Enable IPv6 for qemu's config
 # Sent upstream: http://lists.ipxe.org/pipermail/ipxe-devel/2015-November/004494.html
@@ -64,6 +65,12 @@ Patch0001: 0001-build-customize-configuration.patch
 Patch0002: 0002-Use-spec-compliant-timeouts.patch
 # For bz#1935932 - ipxe implements and/or uses the deprecated SHA-1 algorithm by default (
 Patch3: ipxe-Disable-SHA-1.patch
+# For bz#1985658 - carry forward rhel8 ipxe packaging changes
+Patch4: ipxe-Add-ping-command-support.patch
+# For bz#1985658 - carry forward rhel8 ipxe packaging changes
+Patch5: ipxe-Add-VLAN-tagging-support.patch
+# For bz#1985658 - carry forward rhel8 ipxe packaging changes
+Patch6: ipxe-netdevice-Strip-802.Q-VLAN-0-priority-tags.patch
 
 # Source-git patches
 
@@ -89,6 +96,10 @@ BuildRequires: make
 
 Obsoletes: gpxe <= 1.0.1
 
+%package rhcert
+Summary: Redhat hwcert custom ipxe image
+BuildArch: noarch
+
 %package bootimgs
 Summary: Network boot loader images in bootable USB, CD, floppy and GRUB formats
 BuildArch: noarch
@@ -105,6 +116,9 @@ Summary: Network boot loader roms supported by QEMU, .rom format
 BuildArch: noarch
 Obsoletes: gpxe-roms-qemu <= 1.0.1
 
+%description rhcert
+Custom ipxe image for use in hardware certification and validation
+
 %description bootimgs
 iPXE is an open source network bootloader. It provides a direct
 replacement for proprietary PXE ROMs, with many extra features such as
@@ -159,7 +173,12 @@ make_ipxe() {
         "$@"
 }
 
-make_ipxe bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi
+cp %{SOURCE1} .
+make_ipxe bin-x86_64-efi/ipxe.efi EMBED=script.ipxe
+mv bin-x86_64-efi/ipxe.efi bin-x86_64-efi/ipxe-rhcert.efi
+
+make_ipxe bin-i386-efi/ipxe.efi bin-x86_64-efi/ipxe.efi \
+    bin-x86_64-efi/snponly.efi
 
 make_ipxe ISOLINUX_BIN=/usr/share/syslinux/isolinux.bin \
     bin/undionly.kpxe bin/ipxe.{dsk,iso,usb,lkrn} \
@@ -208,6 +227,8 @@ popd
 
 cp -a src/bin-i386-efi/ipxe.efi %{buildroot}/%{_datadir}/%{name}/ipxe-i386.efi
 cp -a src/bin-x86_64-efi/ipxe.efi %{buildroot}/%{_datadir}/%{name}/ipxe-x86_64.efi
+cp -a src/bin-x86_64-efi/snponly.efi %{buildroot}/%{_datadir}/%{name}/ipxe-snponly-x86_64.efi
+cp -a src/bin-x86_64-efi/ipxe-rhcert.efi %{buildroot}/%{_datadir}/%{name}/ipxe-x86_64-rhcert.efi
 
 mkdir -p %{buildroot}%{_datadir}/%{name}/qemu/
 
@@ -241,6 +262,7 @@ done
 %{_datadir}/%{name}/ipxe-i386.efi
 %{_datadir}/%{name}/ipxe-x86_64.efi
 %{_datadir}/%{name}/undionly.kpxe
+%{_datadir}/%{name}/ipxe-snponly-x86_64.efi
 %doc COPYING COPYING.GPLv2 COPYING.UBDL
 
 %files roms -f rom.list
@@ -252,9 +274,22 @@ done
 %dir %{_datadir}/%{name}.efi
 %{_datadir}/%{name}/qemu
 %doc COPYING COPYING.GPLv2 COPYING.UBDL
+
+%files rhcert
+%dir %{_datadir}/%{name}
+%{_datadir}/%{name}/ipxe-x86_64-rhcert.efi
 %endif
 
 %changelog
+* Sat Aug 07 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20200823-6.git4bd064de
+- ipxe-Add-ping-command-support.patch [bz#1985658]
+- ipxe-Add-VLAN-tagging-support.patch [bz#1985658]
+- ipxe-netdevice-Strip-802.Q-VLAN-0-priority-tags.patch [bz#1985658]
+- ipxe-Provide-snponly.efi-rom.patch [bz#1985658]
+- ipxe-Build-hwcert-subpackage.patch [bz#1985658]
+- Resolves: bz#1985658
+  (carry forward rhel8 ipxe packaging changes)
+
 * Mon Jul 26 2021 Miroslav Rezanina <mrezanin@redhat.com> - 20200823-5.git4bd064de
 - ipxe-Disable-SHA-1.patch [bz#1935932]
 - ipxe-Replace-genisoimage-with-xorriso.patch [bz#1971981]

script.ipxe

@@ -0,0 +1,3 @@
+#!ipxe
+imgexec file:rhcert-script.ipxe
+