2021-02-03 14:21:26 +00:00
version : 2.1
commands :
build_board :
parameters :
target :
type : string
2021-11-25 15:38:15 +00:00
subcommand :
type : string
2021-02-03 14:21:26 +00:00
steps :
- run :
name : Install dependencies
command : |
2022-01-31 15:57:24 +00:00
ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime
2021-02-03 14:21:26 +00:00
apt update
2022-01-31 15:57:24 +00:00
apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg gawk iasl m4 nasm patch python python2 python3 wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool rsync innoextract sudo
2021-02-03 14:21:26 +00:00
- run :
name : Make Board
command : |
2021-12-01 17:37:27 +00:00
rm -rf build/<<parameters.target>>/* build/log/* && make V=1 BOARD=<<parameters.target>> <<parameters.subcommand>> || touch ./tmpDir/failed_build
2021-02-03 14:21:26 +00:00
no_output_timeout : 3h
- run :
name : Output hashes
command : |
2021-11-25 15:38:15 +00:00
cat build/<<parameters.target>>/hashes.txt || echo "No hashes for this build step..."\
2021-02-03 14:21:26 +00:00
- run :
name : Archiving build logs.
command : |
2022-01-31 15:57:24 +00:00
tar zcvf build/<<parameters.target>>/logs.tar.gz $(find build/ -name "*.log")
- run :
name : Output build failing logs
command : |
if [[ -f ./tmpDir/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Step hasn't failed. Continuing with next step..."; fi \
2021-02-03 14:21:26 +00:00
- store_artifacts :
path : build/<<parameters.target>>
2018-09-15 09:42:42 +00:00
jobs :
2021-02-03 14:21:26 +00:00
prep_env :
2018-09-15 09:42:42 +00:00
docker :
2022-01-31 15:57:24 +00:00
- image : debian:11
2021-11-25 15:38:15 +00:00
resource_class : large
2018-09-15 09:42:42 +00:00
steps :
2020-05-04 16:07:14 +00:00
- run :
name : Install dependencies
command : |
2022-01-31 15:57:24 +00:00
ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime
2020-05-04 16:07:14 +00:00
apt update
2022-01-31 15:57:24 +00:00
apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg gawk iasl m4 nasm patch python python2 python3 wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool rsync innoextract sudo
2018-09-15 10:56:42 +00:00
- checkout
2018-09-18 16:08:16 +00:00
- run :
2020-05-04 16:07:14 +00:00
name : git reset
2018-09-18 16:08:16 +00:00
command : |
2020-05-04 16:07:14 +00:00
git reset --hard "$CIRCLE_SHA1" \
2018-09-18 16:08:16 +00:00
2021-02-03 14:21:26 +00:00
- run :
name : Make tmp dir
command : |
mkdir ./tmpDir \
2020-08-11 20:38:26 +00:00
- run :
2021-01-02 20:09:52 +00:00
name : Creating all modules and patches digest (All modules cache digest)
2020-08-11 20:38:26 +00:00
command : |
2021-02-03 14:21:26 +00:00
find ./patches/ ./modules/ -type f | sort -h |xargs sha256sum > ./tmpDir/all_modules_and_patches.sha256sums \
2020-08-11 20:38:26 +00:00
- run :
2021-01-02 20:09:52 +00:00
name : Creating coreboot (and associated patches) and musl-cross-make modules digest (musl-cross-make and coreboot cache digest)
2020-08-11 20:38:26 +00:00
command : |
2021-02-03 14:21:26 +00:00
find ./modules/coreboot ./modules/musl-cross* ./patches/coreboot* -type f | sort -h | xargs sha256sum > ./tmpDir/coreboot_musl-cross.sha256sums \
2021-01-02 20:09:52 +00:00
- run :
name : Creating musl-cross-make and musl-cross-make patches digest (musl-cross-make cache digest)
command : |
2021-02-03 14:21:26 +00:00
find modules/musl-cross* -type f | sort -h | xargs sha256sum > ./tmpDir/musl-cross.sha256sums \
2020-08-11 20:38:26 +00:00
- restore_cache :
keys :
2021-01-02 20:09:52 +00:00
#Restore existing cache for matching modules digest, validated to be exactly the same as in github current commit.
#This cache was made on top of below caches, if previously existing. If no module definition changed, we reuse this one. Otherwise...
2021-02-03 14:21:26 +00:00
- heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
2021-01-02 20:09:52 +00:00
#If precedent cache not found, restore cache for coreboot module (and patches) and musl-cross-make digests (bi-yearly modified)
#Otehrwise....
2021-02-03 14:21:26 +00:00
- heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
2021-01-02 20:09:52 +00:00
#If precedent cache not found. Restore cache for musl-cross-make module digest (rarely modified).
#Otherwise, we build cleanly.
2021-02-03 14:21:26 +00:00
- heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
Activate dual console by default and restructure board config
Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC
Adding dual console to OpenBmc and tty0
putting kgpe-d16-coreboot.conf in defconfig format
NO_HZ wasn't included in kernel config. Adding it.
Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation
Removing serial configuration and static IP stuff since we have a workstation here.
Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then.
Placing files in good directories
Corrrect flashrom options for kgpe-d16 server and workstation boards
kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ
kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server
kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH.
kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation)
kgpe-d16_workstation in defconfig format
kgpe-d16 boards: pass from GPG to GPG2 board definitions
kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode
kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output
kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging
kgpe-d16 : expressively export CONFIG_TPM=n
kgpe-d16_wokstation gui-init variables were missing
kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized
linux-kgpe-d16*: add support for Pike
kgpe-d16_workstation-usb_keyboard board support addition
kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based
GitlabCI: kgpe-d16 fixes and upstream merge of change
kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment
kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file
KGPE-D16: community work migration to coreboot 4.11 to fix issue #740
KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per https://github.com/osresearch/heads/pull/709
kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch
kgpe-d16 boards: add Linux kernel version where missing.
CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master
coreboot module: typo correction (tabs vs spaces)
CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds
CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large"
CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support
At this stage:
- job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32)
- "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node
CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console.
coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM)
coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram.
CircleCI & coreboot config: fix merge conflict rebasing on master
coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599
Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for #867
2018-10-23 12:43:36 +00:00
- run :
2021-02-03 14:21:26 +00:00
name : Download and neuter xx20 ME (keep generated GBE and extracted IFD in tree)
Activate dual console by default and restructure board config
Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC
Adding dual console to OpenBmc and tty0
putting kgpe-d16-coreboot.conf in defconfig format
NO_HZ wasn't included in kernel config. Adding it.
Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation
Removing serial configuration and static IP stuff since we have a workstation here.
Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then.
Placing files in good directories
Corrrect flashrom options for kgpe-d16 server and workstation boards
kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ
kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server
kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH.
kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation)
kgpe-d16_workstation in defconfig format
kgpe-d16 boards: pass from GPG to GPG2 board definitions
kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode
kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output
kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging
kgpe-d16 : expressively export CONFIG_TPM=n
kgpe-d16_wokstation gui-init variables were missing
kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized
linux-kgpe-d16*: add support for Pike
kgpe-d16_workstation-usb_keyboard board support addition
kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based
GitlabCI: kgpe-d16 fixes and upstream merge of change
kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment
kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file
KGPE-D16: community work migration to coreboot 4.11 to fix issue #740
KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per https://github.com/osresearch/heads/pull/709
kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch
kgpe-d16 boards: add Linux kernel version where missing.
CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master
coreboot module: typo correction (tabs vs spaces)
CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds
CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large"
CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support
At this stage:
- job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32)
- "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node
CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console.
coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM)
coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram.
CircleCI & coreboot config: fix merge conflict rebasing on master
coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599
Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for #867
2018-10-23 12:43:36 +00:00
command : |
2021-02-03 14:21:26 +00:00
./blobs/xx20/download_parse_me.sh
2020-12-03 00:37:34 +00:00
Activate dual console by default and restructure board config
Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC
Adding dual console to OpenBmc and tty0
putting kgpe-d16-coreboot.conf in defconfig format
NO_HZ wasn't included in kernel config. Adding it.
Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation
Removing serial configuration and static IP stuff since we have a workstation here.
Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then.
Placing files in good directories
Corrrect flashrom options for kgpe-d16 server and workstation boards
kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ
kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server
kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH.
kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation)
kgpe-d16_workstation in defconfig format
kgpe-d16 boards: pass from GPG to GPG2 board definitions
kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode
kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output
kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging
kgpe-d16 : expressively export CONFIG_TPM=n
kgpe-d16_wokstation gui-init variables were missing
kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized
linux-kgpe-d16*: add support for Pike
kgpe-d16_workstation-usb_keyboard board support addition
kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based
GitlabCI: kgpe-d16 fixes and upstream merge of change
kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment
kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file
KGPE-D16: community work migration to coreboot 4.11 to fix issue #740
KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per https://github.com/osresearch/heads/pull/709
kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch
kgpe-d16 boards: add Linux kernel version where missing.
CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master
coreboot module: typo correction (tabs vs spaces)
CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds
CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large"
CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support
At this stage:
- job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32)
- "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node
CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console.
coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM)
coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram.
CircleCI & coreboot config: fix merge conflict rebasing on master
coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599
Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for #867
2018-10-23 12:43:36 +00:00
- run :
2021-02-03 14:21:26 +00:00
name : Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree)
2021-10-30 20:59:31 +00:00
# me_cleaner.py present under heads xx30 blobs dir comes from https://github.com/corna/me_cleaner/blob/43612a630c79f3bc6f2653bfe90dfe0b7b137e08/me_cleaner.py
Activate dual console by default and restructure board config
Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC
Adding dual console to OpenBmc and tty0
putting kgpe-d16-coreboot.conf in defconfig format
NO_HZ wasn't included in kernel config. Adding it.
Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation
Removing serial configuration and static IP stuff since we have a workstation here.
Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then.
Placing files in good directories
Corrrect flashrom options for kgpe-d16 server and workstation boards
kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ
kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server
kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH.
kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation)
kgpe-d16_workstation in defconfig format
kgpe-d16 boards: pass from GPG to GPG2 board definitions
kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode
kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output
kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging
kgpe-d16 : expressively export CONFIG_TPM=n
kgpe-d16_wokstation gui-init variables were missing
kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized
linux-kgpe-d16*: add support for Pike
kgpe-d16_workstation-usb_keyboard board support addition
kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based
GitlabCI: kgpe-d16 fixes and upstream merge of change
kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment
kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file
KGPE-D16: community work migration to coreboot 4.11 to fix issue #740
KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per https://github.com/osresearch/heads/pull/709
kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch
kgpe-d16 boards: add Linux kernel version where missing.
CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master
coreboot module: typo correction (tabs vs spaces)
CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds
CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large"
CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support
At this stage:
- job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32)
- "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node
CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console.
coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM)
coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram.
CircleCI & coreboot config: fix merge conflict rebasing on master
coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599
Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for #867
2018-10-23 12:43:36 +00:00
command : |
2021-02-03 14:21:26 +00:00
./blobs/xx30/download_clean_me.sh -m $(readlink -f ./blobs/xx30/me_cleaner.py)
Activate dual console by default and restructure board config
Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC
Adding dual console to OpenBmc and tty0
putting kgpe-d16-coreboot.conf in defconfig format
NO_HZ wasn't included in kernel config. Adding it.
Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation
Removing serial configuration and static IP stuff since we have a workstation here.
Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then.
Placing files in good directories
Corrrect flashrom options for kgpe-d16 server and workstation boards
kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ
kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server
kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH.
kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation)
kgpe-d16_workstation in defconfig format
kgpe-d16 boards: pass from GPG to GPG2 board definitions
kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode
kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output
kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging
kgpe-d16 : expressively export CONFIG_TPM=n
kgpe-d16_wokstation gui-init variables were missing
kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized
linux-kgpe-d16*: add support for Pike
kgpe-d16_workstation-usb_keyboard board support addition
kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based
GitlabCI: kgpe-d16 fixes and upstream merge of change
kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment
kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file
KGPE-D16: community work migration to coreboot 4.11 to fix issue #740
KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per https://github.com/osresearch/heads/pull/709
kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch
kgpe-d16 boards: add Linux kernel version where missing.
CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master
coreboot module: typo correction (tabs vs spaces)
CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds
CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large"
CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support
At this stage:
- job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32)
- "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node
CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console.
coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM)
coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram.
CircleCI & coreboot config: fix merge conflict rebasing on master
coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599
Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for #867
2018-10-23 12:43:36 +00:00
2021-12-27 08:28:03 +00:00
- run :
name : Download and extract t530 vbios roms for dgpu boards
command : |
./blobs/xx30/vbios_t530.sh
- run :
name : Download and extract w530 vbios roms for dgpu boards
command : |
./blobs/xx30/vbios_w530.sh
2021-02-03 14:21:26 +00:00
- persist_to_workspace :
root : ~/
paths :
- .
Activate dual console by default and restructure board config
Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC
Adding dual console to OpenBmc and tty0
putting kgpe-d16-coreboot.conf in defconfig format
NO_HZ wasn't included in kernel config. Adding it.
Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation
Removing serial configuration and static IP stuff since we have a workstation here.
Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then.
Placing files in good directories
Corrrect flashrom options for kgpe-d16 server and workstation boards
kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ
kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server
kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH.
kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation)
kgpe-d16_workstation in defconfig format
kgpe-d16 boards: pass from GPG to GPG2 board definitions
kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode
kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output
kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging
kgpe-d16 : expressively export CONFIG_TPM=n
kgpe-d16_wokstation gui-init variables were missing
kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized
linux-kgpe-d16*: add support for Pike
kgpe-d16_workstation-usb_keyboard board support addition
kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based
GitlabCI: kgpe-d16 fixes and upstream merge of change
kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment
kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file
KGPE-D16: community work migration to coreboot 4.11 to fix issue #740
KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per https://github.com/osresearch/heads/pull/709
kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch
kgpe-d16 boards: add Linux kernel version where missing.
CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master
coreboot module: typo correction (tabs vs spaces)
CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds
CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large"
CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support
At this stage:
- job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32)
- "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node
CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console.
coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM)
coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram.
CircleCI & coreboot config: fix merge conflict rebasing on master
coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599
Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for #867
2018-10-23 12:43:36 +00:00
2021-02-03 14:21:26 +00:00
build_and_persist :
docker :
2022-01-31 15:57:24 +00:00
- image : debian:11
2021-11-25 15:38:15 +00:00
resource_class : large
2021-02-03 14:21:26 +00:00
parameters :
target :
type : string
2021-11-25 15:38:15 +00:00
subcommand :
type : string
2021-02-03 14:21:26 +00:00
steps :
- attach_workspace :
at : ~/
- build_board :
2021-11-25 15:38:15 +00:00
target : <<parameters.target>>
subcommand : <<parameters.subcommand>>
2021-02-03 14:21:26 +00:00
- persist_to_workspace :
root : ~/
paths :
- .
2020-12-27 22:33:57 +00:00
2021-02-03 14:21:26 +00:00
build :
docker :
2022-01-31 15:57:24 +00:00
- image : debian:11
2022-01-31 15:57:24 +00:00
resource_class : large
2021-02-03 14:21:26 +00:00
parameters :
target :
type : string
2021-11-25 15:38:15 +00:00
subcommand :
type : string
2021-02-03 14:21:26 +00:00
steps :
- attach_workspace :
at : ~/
- build_board :
2021-11-25 15:38:15 +00:00
target : <<parameters.target>>
subcommand : <<parameters.subcommand>>
2020-10-18 18:48:25 +00:00
2021-02-03 14:21:26 +00:00
save_cache :
docker :
2022-01-31 15:57:24 +00:00
- image : debian:11
2022-01-31 15:57:24 +00:00
resource_class : large
2021-02-03 14:21:26 +00:00
steps :
- attach_workspace :
at : ~/
- save_cache :
#Generate cache for the same musl-cross module definition if hash is not previously existing
2021-11-25 15:38:15 +00:00
#CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names
2021-02-03 14:21:26 +00:00
key : heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
paths :
- crossgcc
2021-11-25 15:38:15 +00:00
- build/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
CircleCI cache: have all cache layers caching packages directory
Heads buildstystem:
Makefile logic will download modules packages under ./packages, check itheir integrity, then extract it and patch extraction directory ONLY if no corresponding .*_verify files are found under ./packages directory. They are extracted under build/modulename-ver/ where patches are applied prior of building them.
build/module* .configured is written when packages are configured under build/modulename-ver/.configured
build/modules* .build is written when packages are built under build/modulename-ver/.build
CircleCI caching subsystem notes:
A cache name tag is calculated in the prep_env stage early at each beginning of a workflow, and consists of a cache name, appended by a calculated digest signature (which is the final hash of hashed files (the hash of a digest).
Look for the following under .circleci/config.yml:
"Creating .... digest statements" : they are basically files passed under sha256sum to create a digest.
restore_cache keys: they are basically a string concatenating: name + checksum of digest + CACHE_VERSION. Only the first cache is extracted following declared order.
save_cache keys: same as above, only saving non-existing caches. That is, skipping existing ones and creating missing ones.
A cache is extracted at the beginning of a workflow if an archive matches an archive name, which consists of a name tag + digest hash + CACHE_VERSION
A cache is created only at the end of a workflow ("Saving cache...").
Caches are specialized. Caches are linked to checkumming of some content. And the largest available cache is extracted on next workflow, only extracting the directories/files that were contained in that cache.
A workspace cache ("Attaching workspace..."), as opposed to a end workflow cache, is passed along steps that depends on prior workflow, as specified under CirclecI config. The current CircleCI config creates a workspace cache for:
make + gawk + musl-cross-make (passed along next)
the most massive board config for each coreboot version (passed along next)
which is finally leading to the workflow cache, specialized for different content that should not change across builds.
That is 3 caches
musl-cross-make and bootstrapping tools (builds make and gawk locally) as long as musl-cross module has same checksum
a coreboot cache, containing all coreboot building directories, as long as coreboot module and patches are having the same hashes
a global cache containing alla builds artifacts (build dir, install dir, musl-cross dir etc)
Consequently, a workspace cache contains all the files under a path that is specified. For heads running under CircleCI, this is ~/project, which is basically "heads" checked out GitHub project, and everything being built under it.
When a workflow is successful, save_cache is ran, constructing caches for digest hashes that are not yet saved (which corresponds to a hash matching muslc-cross module hash, coreboot+patches digest hash and another one for all modules and patches digest hash.
On next workspace iteration, pre_env step will include a "Restore cache" step, which will use the largest cache available and extract it prior of passing it as workspace caches. This is why there is no such different in build time when building on a clean build (the workspace caches layers are smaller, and passed along. This means saving it, passing it. next workspace downloads extracts and builds on top of those smaller layers), as opposed to a workspace reusing and repassing the bigger workspaces containing the whole cache (bigger initial cache extract, then compressing and saving it to be passed as a workspace layer that is then downloaded, extracted, building on top, compressing and saving which then passed as a workspace cache to the next layer depending on it).
And finally, the caching system (save_cache, restore_cache) is based on a CircleCI environment variable named CACHE_VERSION which is appended at the end of the checkum fingerprint of a named cache. It can at any moment be changed to wipe actually used cache, if for some reason it is broken.
Consequently:
CircleCI cache should include packages cache (so that packages are downloaded and verified only once.)
Heads Makefile only downloads, checks and extracts packages and then patch extracted directory content if packages/.module-version_verify doesn't exist. This was missing, causing coreboot tarballs to be redownloaded (not present under packages) and reextracted and repatched (since _verify file was not present under packages/*_verify)
2022-02-24 20:23:16 +00:00
- packages
2021-02-03 14:21:26 +00:00
- save_cache :
#Generate cache for the same coreboot mnd musl-cross-make modules definition if hash is not previously existing
2021-11-25 15:38:15 +00:00
#CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names
2021-02-03 14:21:26 +00:00
key : heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
paths :
CircleCI cache: have all cache layers caching packages directory
Heads buildstystem:
Makefile logic will download modules packages under ./packages, check itheir integrity, then extract it and patch extraction directory ONLY if no corresponding .*_verify files are found under ./packages directory. They are extracted under build/modulename-ver/ where patches are applied prior of building them.
build/module* .configured is written when packages are configured under build/modulename-ver/.configured
build/modules* .build is written when packages are built under build/modulename-ver/.build
CircleCI caching subsystem notes:
A cache name tag is calculated in the prep_env stage early at each beginning of a workflow, and consists of a cache name, appended by a calculated digest signature (which is the final hash of hashed files (the hash of a digest).
Look for the following under .circleci/config.yml:
"Creating .... digest statements" : they are basically files passed under sha256sum to create a digest.
restore_cache keys: they are basically a string concatenating: name + checksum of digest + CACHE_VERSION. Only the first cache is extracted following declared order.
save_cache keys: same as above, only saving non-existing caches. That is, skipping existing ones and creating missing ones.
A cache is extracted at the beginning of a workflow if an archive matches an archive name, which consists of a name tag + digest hash + CACHE_VERSION
A cache is created only at the end of a workflow ("Saving cache...").
Caches are specialized. Caches are linked to checkumming of some content. And the largest available cache is extracted on next workflow, only extracting the directories/files that were contained in that cache.
A workspace cache ("Attaching workspace..."), as opposed to a end workflow cache, is passed along steps that depends on prior workflow, as specified under CirclecI config. The current CircleCI config creates a workspace cache for:
make + gawk + musl-cross-make (passed along next)
the most massive board config for each coreboot version (passed along next)
which is finally leading to the workflow cache, specialized for different content that should not change across builds.
That is 3 caches
musl-cross-make and bootstrapping tools (builds make and gawk locally) as long as musl-cross module has same checksum
a coreboot cache, containing all coreboot building directories, as long as coreboot module and patches are having the same hashes
a global cache containing alla builds artifacts (build dir, install dir, musl-cross dir etc)
Consequently, a workspace cache contains all the files under a path that is specified. For heads running under CircleCI, this is ~/project, which is basically "heads" checked out GitHub project, and everything being built under it.
When a workflow is successful, save_cache is ran, constructing caches for digest hashes that are not yet saved (which corresponds to a hash matching muslc-cross module hash, coreboot+patches digest hash and another one for all modules and patches digest hash.
On next workspace iteration, pre_env step will include a "Restore cache" step, which will use the largest cache available and extract it prior of passing it as workspace caches. This is why there is no such different in build time when building on a clean build (the workspace caches layers are smaller, and passed along. This means saving it, passing it. next workspace downloads extracts and builds on top of those smaller layers), as opposed to a workspace reusing and repassing the bigger workspaces containing the whole cache (bigger initial cache extract, then compressing and saving it to be passed as a workspace layer that is then downloaded, extracted, building on top, compressing and saving which then passed as a workspace cache to the next layer depending on it).
And finally, the caching system (save_cache, restore_cache) is based on a CircleCI environment variable named CACHE_VERSION which is appended at the end of the checkum fingerprint of a named cache. It can at any moment be changed to wipe actually used cache, if for some reason it is broken.
Consequently:
CircleCI cache should include packages cache (so that packages are downloaded and verified only once.)
Heads Makefile only downloads, checks and extracts packages and then patch extracted directory content if packages/.module-version_verify doesn't exist. This was missing, causing coreboot tarballs to be redownloaded (not present under packages) and reextracted and repatched (since _verify file was not present under packages/*_verify)
2022-02-24 20:23:16 +00:00
- crossgcc
- build/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
- packages
2021-11-25 15:38:15 +00:00
- build/coreboot-4.11
- build/coreboot-4.13
- build/coreboot-4.14
- build/coreboot-4.15
2021-02-03 14:21:26 +00:00
- save_cache :
#Generate cache for the exact same modules definitions if hash is not previously existing
key : heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
paths :
- crossgcc
- build
CircleCI cache: have all cache layers caching packages directory
Heads buildstystem:
Makefile logic will download modules packages under ./packages, check itheir integrity, then extract it and patch extraction directory ONLY if no corresponding .*_verify files are found under ./packages directory. They are extracted under build/modulename-ver/ where patches are applied prior of building them.
build/module* .configured is written when packages are configured under build/modulename-ver/.configured
build/modules* .build is written when packages are built under build/modulename-ver/.build
CircleCI caching subsystem notes:
A cache name tag is calculated in the prep_env stage early at each beginning of a workflow, and consists of a cache name, appended by a calculated digest signature (which is the final hash of hashed files (the hash of a digest).
Look for the following under .circleci/config.yml:
"Creating .... digest statements" : they are basically files passed under sha256sum to create a digest.
restore_cache keys: they are basically a string concatenating: name + checksum of digest + CACHE_VERSION. Only the first cache is extracted following declared order.
save_cache keys: same as above, only saving non-existing caches. That is, skipping existing ones and creating missing ones.
A cache is extracted at the beginning of a workflow if an archive matches an archive name, which consists of a name tag + digest hash + CACHE_VERSION
A cache is created only at the end of a workflow ("Saving cache...").
Caches are specialized. Caches are linked to checkumming of some content. And the largest available cache is extracted on next workflow, only extracting the directories/files that were contained in that cache.
A workspace cache ("Attaching workspace..."), as opposed to a end workflow cache, is passed along steps that depends on prior workflow, as specified under CirclecI config. The current CircleCI config creates a workspace cache for:
make + gawk + musl-cross-make (passed along next)
the most massive board config for each coreboot version (passed along next)
which is finally leading to the workflow cache, specialized for different content that should not change across builds.
That is 3 caches
musl-cross-make and bootstrapping tools (builds make and gawk locally) as long as musl-cross module has same checksum
a coreboot cache, containing all coreboot building directories, as long as coreboot module and patches are having the same hashes
a global cache containing alla builds artifacts (build dir, install dir, musl-cross dir etc)
Consequently, a workspace cache contains all the files under a path that is specified. For heads running under CircleCI, this is ~/project, which is basically "heads" checked out GitHub project, and everything being built under it.
When a workflow is successful, save_cache is ran, constructing caches for digest hashes that are not yet saved (which corresponds to a hash matching muslc-cross module hash, coreboot+patches digest hash and another one for all modules and patches digest hash.
On next workspace iteration, pre_env step will include a "Restore cache" step, which will use the largest cache available and extract it prior of passing it as workspace caches. This is why there is no such different in build time when building on a clean build (the workspace caches layers are smaller, and passed along. This means saving it, passing it. next workspace downloads extracts and builds on top of those smaller layers), as opposed to a workspace reusing and repassing the bigger workspaces containing the whole cache (bigger initial cache extract, then compressing and saving it to be passed as a workspace layer that is then downloaded, extracted, building on top, compressing and saving which then passed as a workspace cache to the next layer depending on it).
And finally, the caching system (save_cache, restore_cache) is based on a CircleCI environment variable named CACHE_VERSION which is appended at the end of the checkum fingerprint of a named cache. It can at any moment be changed to wipe actually used cache, if for some reason it is broken.
Consequently:
CircleCI cache should include packages cache (so that packages are downloaded and verified only once.)
Heads Makefile only downloads, checks and extracts packages and then patch extracted directory content if packages/.module-version_verify doesn't exist. This was missing, causing coreboot tarballs to be redownloaded (not present under packages) and reextracted and repatched (since _verify file was not present under packages/*_verify)
2022-02-24 20:23:16 +00:00
- packages
2021-02-03 14:21:26 +00:00
- install
workflows :
version : 2
build_and_test :
jobs :
- prep_env
# Below, sequentially build one board for each coreboot
# version. The last board in the sequence is the dependency
# for the parallel boards built at the end, and also save_cache.
2021-11-25 15:38:15 +00:00
# Prerequisites
2021-02-03 14:21:26 +00:00
- build_and_persist :
2022-01-31 15:57:24 +00:00
name : bootstrap_musl-cross-make
2021-11-25 15:38:15 +00:00
target : x230-hotp-maximized
2022-01-31 15:57:24 +00:00
subcommand : bootstrap musl-cross
2021-02-03 14:21:26 +00:00
requires :
2021-07-26 18:02:42 +00:00
- prep_env
2021-02-03 14:21:26 +00:00
2021-10-21 15:56:08 +00:00
# Coreboot 4.13
2021-02-03 14:21:26 +00:00
- build_and_persist :
2021-08-05 17:56:23 +00:00
name : x230-hotp-maximized
target : x230-hotp-maximized
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-02-03 14:21:26 +00:00
requires :
2022-01-31 15:57:24 +00:00
- bootstrap_musl-cross-make
2021-12-01 17:37:27 +00:00
2021-12-18 03:08:47 +00:00
# Coreboot 4.15
- build_and_persist :
name : librem_14
target : librem_14
subcommand : ""
requires :
- x230-hotp-maximized
2021-12-01 17:37:27 +00:00
# Coreboot 4.11
2022-01-31 15:57:24 +00:00
- build_and_persist :
name : kgpe-d16_workstation
target : kgpe-d16_workstation
subcommand : ""
requires :
- librem_14
2020-10-16 21:57:49 +00:00
2022-01-31 15:57:24 +00:00
#Cache one workspace per Coreboot version, ideally the boards including the highest number of modules, since not rebuilt across builds.
#Below, 4.11, 4.13, 4.15
2021-02-03 14:21:26 +00:00
- save_cache :
requires :
2022-01-31 15:57:24 +00:00
- kgpe-d16_workstation
2021-02-03 14:21:26 +00:00
#
#
# Those onboarding new boards should add their entries below.
#
#
- build :
2020-12-12 17:31:25 +00:00
name : x220-hotp-maximized
2021-02-03 14:21:26 +00:00
target : x220-hotp-maximized
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-02-03 14:21:26 +00:00
requires :
2021-08-05 17:56:23 +00:00
- x230-hotp-maximized
2020-12-12 17:31:25 +00:00
2021-02-03 14:21:26 +00:00
- build :
2020-12-03 00:37:34 +00:00
name : x220-maximized
2021-02-03 14:21:26 +00:00
target : x220-maximized
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-02-03 14:21:26 +00:00
requires :
2021-08-05 17:56:23 +00:00
- x230-hotp-maximized
2020-12-03 00:37:34 +00:00
2021-02-03 14:21:26 +00:00
- build :
2020-12-12 17:31:25 +00:00
name : t420-hotp-maximized
2021-02-03 14:21:26 +00:00
target : t420-hotp-maximized
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-02-03 14:21:26 +00:00
requires :
2021-08-05 17:56:23 +00:00
- x230-hotp-maximized
2020-12-12 17:31:25 +00:00
2021-12-05 18:24:50 +00:00
- build :
name : t520-hotp-maximized
target : t520-hotp-maximized
subcommand : ""
requires :
- x230-hotp-maximized
2021-02-03 14:21:26 +00:00
- build :
2020-12-03 00:37:34 +00:00
name : t420-maximized
2021-02-03 14:21:26 +00:00
target : t420-maximized
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-02-03 14:21:26 +00:00
requires :
2021-08-05 17:56:23 +00:00
- x230-hotp-maximized
2020-12-03 00:37:34 +00:00
2021-12-05 18:24:50 +00:00
- build :
name : t520-maximized
target : t520-maximized
subcommand : ""
requires :
- x230-hotp-maximized
2021-02-03 14:21:26 +00:00
- build :
2020-06-06 16:35:13 +00:00
name : x230-flash
2021-02-03 14:21:26 +00:00
target : x230-flash
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-02-03 14:21:26 +00:00
requires :
2021-08-05 17:56:23 +00:00
- x230-hotp-maximized
2018-09-18 17:07:14 +00:00
2021-02-03 14:21:26 +00:00
- build :
2020-06-06 16:35:13 +00:00
name : t430-flash
2021-02-03 14:21:26 +00:00
target : t430-flash
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-02-03 14:21:26 +00:00
requires :
2021-08-05 17:56:23 +00:00
- x230-hotp-maximized
2020-05-24 21:12:13 +00:00
2021-02-03 14:21:26 +00:00
- build :
2020-06-06 16:35:13 +00:00
name : t430
2021-02-03 14:21:26 +00:00
target : t430
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-02-03 14:21:26 +00:00
requires :
2021-08-05 17:56:23 +00:00
- x230-hotp-maximized
2020-05-24 21:12:13 +00:00
2021-10-29 18:42:44 +00:00
- build :
name : t430-hotp-verification
target : t430-hotp-verification
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-10-29 18:42:44 +00:00
requires :
- x230-hotp-maximized
2021-02-03 14:21:26 +00:00
- build :
2018-09-18 17:07:14 +00:00
name : x230
2021-02-03 14:21:26 +00:00
target : x230
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-02-03 14:21:26 +00:00
requires :
2021-08-05 17:56:23 +00:00
- x230-hotp-maximized
2020-05-24 21:12:13 +00:00
2021-02-03 14:21:26 +00:00
- build :
2020-05-16 17:38:14 +00:00
name : x230-hotp-verification
2021-02-03 14:21:26 +00:00
target : x230-hotp-verification
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-02-03 14:21:26 +00:00
requires :
2021-08-05 17:56:23 +00:00
- x230-hotp-maximized
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703)
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.
* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)
* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin.
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.
* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
2021-02-03 14:21:26 +00:00
- build :
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703)
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.
* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)
* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin.
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.
* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
name : t430-hotp-maximized
2021-02-03 14:21:26 +00:00
target : t430-hotp-maximized
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-02-03 14:21:26 +00:00
requires :
2021-08-05 17:56:23 +00:00
- x230-hotp-maximized
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703)
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.
* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)
* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin.
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.
* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
2022-02-20 17:38:21 +00:00
- build :
name : x230-maximized
target : x230-maximized
subcommand : ""
requires :
- x230-hotp-maximized
2021-12-05 18:24:50 +00:00
- build :
name : t530-hotp-maximized
target : t530-hotp-maximized
subcommand : ""
requires :
- x230-hotp-maximized
2021-12-27 08:28:03 +00:00
- build :
name : t530-dgpu-hotp-maximized
target : t530-dgpu-hotp-maximized
subcommand : ""
requires :
- x230-hotp-maximized
2021-12-05 18:24:50 +00:00
- build :
name : w530-hotp-maximized
target : w530-hotp-maximized
subcommand : ""
requires :
- x230-hotp-maximized
2021-12-27 08:28:03 +00:00
- build :
name : w530-dgpu-K1000m-hotp-maximized
target : w530-dgpu-K1000m-hotp-maximized
subcommand : ""
requires :
- x230-hotp-maximized
- build :
name : w530-dgpu-K2000m-hotp-maximized
target : w530-dgpu-K2000m-hotp-maximized
subcommand : ""
requires :
- x230-hotp-maximized
2021-02-03 14:21:26 +00:00
- build :
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703)
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.
* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)
* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin.
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.
* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
name : t430-maximized
2021-02-03 14:21:26 +00:00
target : t430-maximized
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-02-03 14:21:26 +00:00
requires :
2021-08-05 17:56:23 +00:00
- x230-hotp-maximized
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703)
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.
* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)
* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin.
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.
* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
2021-12-05 18:24:50 +00:00
- build :
name : t530-maximized
target : t530-maximized
subcommand : ""
requires :
- x230-hotp-maximized
2021-12-27 08:28:03 +00:00
- build :
name : t530-dgpu-maximized
target : t530-dgpu-maximized
subcommand : ""
requires :
- x230-hotp-maximized
2021-12-05 18:24:50 +00:00
- build :
name : w530-maximized
target : w530-maximized
2021-12-27 08:28:03 +00:00
subcommand : ""
requires :
- x230-hotp-maximized
- build :
name : w530-dgpu-K1000m-maximized
target : w530-dgpu-K1000m-maximized
subcommand : ""
requires :
- x230-hotp-maximized
- build :
name : w530-dgpu-K2000m-maximized
target : w530-dgpu-K2000m-maximized
2021-12-05 18:24:50 +00:00
subcommand : ""
requires :
- x230-hotp-maximized
2021-07-26 18:02:42 +00:00
- build :
name : qemu-coreboot
target : qemu-coreboot
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-07-26 18:02:42 +00:00
requires :
2021-08-05 17:56:23 +00:00
- x230-hotp-maximized
2021-07-26 18:02:42 +00:00
2021-02-03 14:21:26 +00:00
- build :
2020-11-02 22:41:36 +00:00
name : qemu-coreboot-fbwhiptail
2021-02-03 14:21:26 +00:00
target : qemu-coreboot-fbwhiptail
2021-11-25 15:38:15 +00:00
subcommand : ""
2021-02-03 14:21:26 +00:00
requires :
2021-08-05 17:56:23 +00:00
- x230-hotp-maximized
2021-12-18 03:08:47 +00:00
- build :
name : librem_13v2
target : librem_13v2
subcommand : ""
requires :
- librem_14
- build :
name : librem_15v3
target : librem_15v3
subcommand : ""
requires :
- librem_14
- build :
name : librem_13v4
target : librem_13v4
subcommand : ""
requires :
- librem_14
- build :
name : librem_15v4
target : librem_15v4
subcommand : ""
requires :
- librem_14
- build :
name : librem_mini
target : librem_mini
subcommand : ""
requires :
- librem_14
- build :
name : librem_mini_v2
target : librem_mini_v2
subcommand : ""
requires :
- librem_14
2022-01-31 15:57:24 +00:00
- build :
name : kgpe-d16_workstation-usb_keyboard
target : kgpe-d16_workstation-usb_keyboard
subcommand : ""
requires :
- kgpe-d16_workstation
- build :
name : kgpe-d16_server
target : kgpe-d16_server
subcommand : ""
requires :
- kgpe-d16_workstation
- build :
name : kgpe-d16_server-whiptail
target : kgpe-d16_server-whiptail
subcommand : ""
requires :
- kgpe-d16_workstation
- build :
name : librem_l1um
target : librem_l1um
subcommand : ""
requires :
- kgpe-d16_workstation
2021-02-03 14:21:26 +00:00
########################
########################
### OLD STUFF ###
########################
########################
# linuxboot steps need something to pass in the kernel header path
# skipping for now
# - run:
# name: qemu-linuxboot-edk2
# command: |
# ./build/make-4.2.1/make \
# CROSS=/cross/bin/x86_64-linux-musl- \
# BOARD=qemu-linuxboot \
# `/bin/pwd`/build/linuxboot-git/build/qemu/.configured \
# # Run first to avoid too many processes
#
# - run:
# name: qemu-linuxboot
# command: |
# ./build/make-4.2.1/make \
# CROSS=/cross/bin/x86_64-linux-musl- \
2021-04-27 14:32:10 +00:00
# CPUS=16 \
2021-02-03 14:21:26 +00:00
# V=1 \
# BOARD=qemu-linuxboot \
#
# - store-artifacts:
# path: build/qemu-linuxboot/linuxboot.rom
# - store-artifacts:
# path: build/qemu-linuxboot/hashes.txt
