heads/.circleci/config.yml

559 lines
17 KiB
YAML
Raw Normal View History

version: 2.1
commands:
build_board:
parameters:
arch:
type: string
target:
type: string
subcommand:
type: string
steps:
- run:
name: Make Board (console logs not contiguous because multiple CPUs used to build under CircleCI, see logs in artifacts or Output build failing logs below in case of failed step)
command: |
echo "Sourcing /devenv.sh since docker entrypoint doesn't do it as expected"
source /devenv.sh
rm -rf build/<< parameters.arch >>/<< parameters.target >>/* build/<< parameters.arch >>/log/*
make V=1 BOARD=<< parameters.target >> << parameters.subcommand >> | ts || touch ./tmpDir/failed_build
no_output_timeout: 3h
- run:
name: Output hashes
command: |
cat build/<< parameters.arch >>/<< parameters.target >>/hashes.txt || echo "No hashes.txt for this build step..."
- run:
name: Output sizes
command: |
cat build/<< parameters.arch >>/<< parameters.target >>/sizes.txt || echo "No sizes.txt for this build step..."
- run:
name: Archiving build logs.
command: |
tar zcvf build/<< parameters.arch >>/<< parameters.target >>/logs.tar.gz $(find build/ -name "*.log")
- run:
name: Output build failing logs
command: |
if [[ -f ./tmpDir/failed_build ]]; then
find "./build/<< parameters.arch >>/" -name "*.log" -type f -mmin -1 -exec tail -n +1 '{}' +
exit 1
else
echo "Step hasn't failed. Continuing with next step..."
fi
- store_artifacts:
path: build/<< parameters.arch >>/<< parameters.target >>
2018-09-15 09:42:42 +00:00
jobs:
prep_env:
2018-09-15 09:42:42 +00:00
docker:
- image: tlaurion/heads-dev-env:v0.2.4
resource_class: large
working_directory: ~/heads
2018-09-15 09:42:42 +00:00
steps:
2018-09-15 10:56:42 +00:00
- checkout
- run:
name: git reset
command: |
git reset --hard "$CIRCLE_SHA1"
- run:
name: Make tmp dir
command: |
mkdir ./tmpDir
- run:
name: Creating all modules and patches digest (All modules cache digest)
command: |
find .circleci/config.yml ./Makefile ./flake.lock ./patches/ ./modules/ -type f | sort -h |xargs sha256sum > ./tmpDir/all_modules_and_patches.sha256sums
- run:
name: Creating coreboot (and associated patches) and musl-cross-make modules digest (musl-cross-make and coreboot cache digest)
command: |
find .circleci/config.yml ./Makefile ./flake.lock ./modules/coreboot ./modules/musl-cross-make* ./patches/coreboot* -type f | sort -h | xargs sha256sum > ./tmpDir/coreboot_musl-cross-make.sha256sums
- run:
name: Creating musl-cross-make and musl-cross-make patches digest (musl-cross-make cache digest)
command: |
find .circleci/config.yml ./Makefile ./flake.lock modules/musl-cross-make* -type f | sort -h | xargs sha256sum > ./tmpDir/musl-cross-make.sha256sums
- restore_cache:
# First matched/found key wins and following keys are not tried
keys:
# Cache for matching modules digest, validated to be exactly the same as in GitHub current commit.
# This cache was made on top of below caches, if previously existing.
# If no module definition changed, we reuse this one
- nix-docker-heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
# Cache for coreboot module (and patches) and musl-cross-make digests (coreboot: triannual release)
- nix-docker-heads-coreboot-musl-cross-make-{{ checksum "./tmpDir/coreboot_musl-cross-make.sha256sums" }}{{ .Environment.CACHE_VERSION }}
# Cache for musl-cross-make module digest (rarely modified).
- nix-docker-heads-musl-cross-make-{{ checksum "./tmpDir/musl-cross-make.sha256sums" }}{{ .Environment.CACHE_VERSION }}
- run:
name: Download and neuter xx20 ME (keep generated GBE and extracted IFD in tree)
command: |
./blobs/xx20/download_parse_me.sh
- run:
name: Download Optiplex 7010/9010 blobs
command: |
./blobs/xx30/optiplex_7010_9010.sh ./blobs/xx30
- run:
# me_cleaner.py present under heads xx30 blobs dir comes from https://github.com/corna/me_cleaner/blob/43612a630c79f3bc6f2653bfe90dfe0b7b137e08/me_cleaner.py
name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree)
command: |
./blobs/xx30/download_clean_me_manually.sh -m $(readlink -f ./blobs/xx30/me_cleaner.py)
- run:
name: Download and extract t530 vbios roms for dgpu boards
command: |
echo skipping for now
exit 0
./blobs/xx30/vbios_t530.sh
- run:
name: Download and extract w530 vbios roms for dgpu boards
command: |
echo skipping for now
exit 0
./blobs/xx30/vbios_w530.sh
- persist_to_workspace:
root: ~/heads
paths:
- .
Activate dual console by default and restructure board config Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC Adding dual console to OpenBmc and tty0 putting kgpe-d16-coreboot.conf in defconfig format NO_HZ wasn't included in kernel config. Adding it. Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation Removing serial configuration and static IP stuff since we have a workstation here. Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then. Placing files in good directories Corrrect flashrom options for kgpe-d16 server and workstation boards kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH. kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation) kgpe-d16_workstation in defconfig format kgpe-d16 boards: pass from GPG to GPG2 board definitions kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging kgpe-d16 : expressively export CONFIG_TPM=n kgpe-d16_wokstation gui-init variables were missing kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized linux-kgpe-d16*: add support for Pike kgpe-d16_workstation-usb_keyboard board support addition kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based GitlabCI: kgpe-d16 fixes and upstream merge of change kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file KGPE-D16: community work migration to coreboot 4.11 to fix issue #740 KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per https://github.com/osresearch/heads/pull/709 kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637 KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637 kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch kgpe-d16 boards: add Linux kernel version where missing. CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master coreboot module: typo correction (tabs vs spaces) CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large" CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support At this stage: - job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32) - "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console. coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM) coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram. CircleCI & coreboot config: fix merge conflict rebasing on master coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599 Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for #867
2018-10-23 12:43:36 +00:00
build_and_persist:
docker:
- image: tlaurion/heads-dev-env:v0.2.4
resource_class: large
working_directory: ~/heads
parameters:
arch:
type: string
default: x86
target:
type: string
subcommand:
type: string
steps:
- attach_workspace:
at: ~/heads
- build_board:
arch: << parameters.arch >>
target: << parameters.target >>
subcommand: << parameters.subcommand >>
- persist_to_workspace:
root: ~/heads
paths:
- packages/<< parameters.arch >>
- build/<< parameters.arch >>
- crossgcc/<< parameters.arch >>
- install/<< parameters.arch >>
build:
docker:
- image: tlaurion/heads-dev-env:v0.2.4
resource_class: large
working_directory: ~/heads
parameters:
arch:
type: string
default: x86
target:
type: string
subcommand:
type: string
steps:
- attach_workspace:
at: ~/heads
- build_board:
arch: <<parameters.arch>>
target: <<parameters.target>>
subcommand: <<parameters.subcommand>>
Add new board: Purism Librem Server L1UM (#858) * modules/coreboot: add option to use coreboot 4.11 Port patches from coreboot 4.8.1 to 4.11: * 0000-measure-boot -> 0001 * 0010-cross-compiler-support All other patches for coreboot 4.8.1 have either already been integrated, or are for platforms which do not need to be migrated to coreboot 4.11 (they will move to 4.12 or newer). Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> * patches/coreboot-4.11: Add Broadwell-DE platform patch Add a patch for FSP Broadwell-DE to make use of Heads' measured boot. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> * patches/coreboot-4.11: Add patch to read serial # from CBFS Will be used by multiple Librem boards. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> * patches/coreboot-4.11: add board support for Librem Server L1UM Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> * Librem Server L1UM: add new board Add board config, coreboot config, kernel config files. Add conditional purism-blobs dependency to coreboot-4.11 module. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> * flash.sh: add special handling for librem_l1um board Add support for persisting PCIe config via PCHSTRP9 in flash descriptor. This is needed to support multiple variants of the L1UM server which use the same firmware but differ in PCIe lane configuration via the PCH straps configuration in the flash descriptor. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> * patches/coreboot-4.11: Add 'Use PRIxPTR to print uintptr_t' patch Cherry-picked from upstream coreboot (post-4.11), fixes compilation issue. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm> * CircleCI: add target to build board librem_l1um Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-18 18:48:25 +00:00
save_cache:
docker:
- image: tlaurion/heads-dev-env:v0.2.4
resource_class: large
working_directory: ~/heads
steps:
- attach_workspace:
at: ~/heads
- save_cache:
# Generate cache for the same musl-cross-make module definition if hash is not previously existing
# CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names
key: nix-docker-heads-musl-cross-make-{{ checksum "./tmpDir/musl-cross-make.sha256sums" }}{{ .Environment.CACHE_VERSION }}
paths:
- build/ppc64/musl-cross-make-38e52db8358c043ae82b346a2e6e66bc86a53bc1
- build/x86/musl-cross-make-38e52db8358c043ae82b346a2e6e66bc86a53bc1
- crossgcc
CircleCI cache: have all cache layers caching packages directory Heads buildstystem: Makefile logic will download modules packages under ./packages, check itheir integrity, then extract it and patch extraction directory ONLY if no corresponding .*_verify files are found under ./packages directory. They are extracted under build/modulename-ver/ where patches are applied prior of building them. build/module* .configured is written when packages are configured under build/modulename-ver/.configured build/modules* .build is written when packages are built under build/modulename-ver/.build CircleCI caching subsystem notes: A cache name tag is calculated in the prep_env stage early at each beginning of a workflow, and consists of a cache name, appended by a calculated digest signature (which is the final hash of hashed files (the hash of a digest). Look for the following under .circleci/config.yml: "Creating .... digest statements" : they are basically files passed under sha256sum to create a digest. restore_cache keys: they are basically a string concatenating: name + checksum of digest + CACHE_VERSION. Only the first cache is extracted following declared order. save_cache keys: same as above, only saving non-existing caches. That is, skipping existing ones and creating missing ones. A cache is extracted at the beginning of a workflow if an archive matches an archive name, which consists of a name tag + digest hash + CACHE_VERSION A cache is created only at the end of a workflow ("Saving cache..."). Caches are specialized. Caches are linked to checkumming of some content. And the largest available cache is extracted on next workflow, only extracting the directories/files that were contained in that cache. A workspace cache ("Attaching workspace..."), as opposed to a end workflow cache, is passed along steps that depends on prior workflow, as specified under CirclecI config. The current CircleCI config creates a workspace cache for: make + gawk + musl-cross-make (passed along next) the most massive board config for each coreboot version (passed along next) which is finally leading to the workflow cache, specialized for different content that should not change across builds. That is 3 caches musl-cross-make and bootstrapping tools (builds make and gawk locally) as long as musl-cross module has same checksum a coreboot cache, containing all coreboot building directories, as long as coreboot module and patches are having the same hashes a global cache containing alla builds artifacts (build dir, install dir, musl-cross dir etc) Consequently, a workspace cache contains all the files under a path that is specified. For heads running under CircleCI, this is ~/project, which is basically "heads" checked out GitHub project, and everything being built under it. When a workflow is successful, save_cache is ran, constructing caches for digest hashes that are not yet saved (which corresponds to a hash matching muslc-cross module hash, coreboot+patches digest hash and another one for all modules and patches digest hash. On next workspace iteration, pre_env step will include a "Restore cache" step, which will use the largest cache available and extract it prior of passing it as workspace caches. This is why there is no such different in build time when building on a clean build (the workspace caches layers are smaller, and passed along. This means saving it, passing it. next workspace downloads extracts and builds on top of those smaller layers), as opposed to a workspace reusing and repassing the bigger workspaces containing the whole cache (bigger initial cache extract, then compressing and saving it to be passed as a workspace layer that is then downloaded, extracted, building on top, compressing and saving which then passed as a workspace cache to the next layer depending on it). And finally, the caching system (save_cache, restore_cache) is based on a CircleCI environment variable named CACHE_VERSION which is appended at the end of the checkum fingerprint of a named cache. It can at any moment be changed to wipe actually used cache, if for some reason it is broken. Consequently: CircleCI cache should include packages cache (so that packages are downloaded and verified only once.) Heads Makefile only downloads, checks and extracts packages and then patch extracted directory content if packages/.module-version_verify doesn't exist. This was missing, causing coreboot tarballs to be redownloaded (not present under packages) and reextracted and repatched (since _verify file was not present under packages/*_verify)
2022-02-24 20:23:16 +00:00
- packages
- save_cache:
# Generate cache for the same coreboot and musl-cross-make modules definition if hash is not previously existing
# CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names
key: nix-docker-heads-coreboot-musl-cross-make-{{ checksum "./tmpDir/coreboot_musl-cross-make.sha256sums" }}{{ .Environment.CACHE_VERSION }}
paths:
- build/ppc64/coreboot-talos_2
- build/ppc64/musl-cross-make-38e52db8358c043ae82b346a2e6e66bc86a53bc1
- build/x86/coreboot-4.11
- build/x86/coreboot-24.02.01
- build/x86/coreboot-dasharo
- build/x86/coreboot-purism
- build/x86/musl-cross-make-38e52db8358c043ae82b346a2e6e66bc86a53bc1
- crossgcc
- packages
- save_cache:
# Generate cache for the exact same modules definitions if hash is not previously existing
key: nix-docker-heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
paths:
- build
- crossgcc
- install
- packages
workflows:
version: 2
build_and_test:
jobs:
- prep_env
# This step builds musl-cross-make for x86 architecture, which will be used by subsequent x86 board builds
- build_and_persist:
name: x86-musl-cross-make
target: x230-hotp-maximized
subcommand: "musl-cross-make"
requires:
- prep_env
# This step builds musl-cross-make for ppc64 architecture, which will be used by subsequent ppc64 board builds
- build_and_persist:
name: ppc64-musl-cross-make
arch: ppc64
target: UNTESTED_talos-2
subcommand: "musl-cross-make"
requires:
- prep_env
# Below, sequentially build one board for each coreboot version.
# The last board in the sequence is the dependency for the parallel boards built at the end, and also save_cache.
# coreboot 24.02.01
- build_and_persist:
name: x230-hotp-maximized
target: x230-hotp-maximized
subcommand: ""
requires:
- x86-musl-cross-make
# coreboot purism
- build_and_persist:
name: librem_14
target: librem_14
subcommand: ""
requires:
- x230-hotp-maximized
# coreboot nitropad
# Nitropads depending on x230-hotp-maximized cache since kernel is 6.x and coreboot is git is unshared
# We use nitropad's coreboot's fork crossgcc
# No need to wait further for other board's cache
# We reuse built modules from x230-hotp-maximized cache only
- build_and_persist:
Change board name from nitropad-nv41 -> novacustom_nv4x_adl - Move/rename board config - Rename coreboot config - Applies changes to coreboot config from defconfig+dasharo coreboot fork config + fixes - Rename CircleCI board for rom build ----- Repro: First: change some oldconfig defaults from dasharo coreboot fork git checkout -b move_nitropad-nv41_to_novacustom-v41 mv boards/nitropad-nv41 boards/novacustom_nv4x_adl mv boards/novacustom_nv4x_adl/nitropad-nv41.config boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config vim boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config vim config/coreboot-nitropad-nv41.config mv config/coreboot-nitropad-nv41.config config/coreboot-novacustom_nv4x_adl.config vim boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=novacustom_nv4x_adl coreboot.modify_and_save_oldconfig_in_place cd /home/user/heads/build/x86/coreboot-dasharo sudo make menuconfig cd ~/heads sudo meld /home/user/heads/build/x86/coreboot-dasharo/.config config/coreboot-novacustom_nv4x_adl.config git status git add boards/nitropad-nv41/nitropad-nv41.config config/coreboot-nitropad-nv41.config config/coreboot-novacustom_nv4x_adl.config config/coreboot-novacustom_nv4x_adl.config git add boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config sed -i 's/nitropad-nv41/novacustom_nv4x_adl/g' .circleci/config.yml git add .circleci/config.yml git commit --sigoff -m git push tlaurion-github --force ... (and multiple 'git commit --signoff --amend' to add traces below) ---- Relevant changes from nitropad-nv41 coreboot configs: diff --git a/config/coreboot-nitropad-nv41.config b/config/coreboot-novacustom_nv4x_adl.config index 9484aaf512..235f255a31 100644 --- a/config/coreboot-nitropad-nv41.config +++ b/config/coreboot-novacustom_nv4x_adl.config @@ -111,7 +111,7 @@ CONFIG_VENDOR_NOVACUSTOM=y # CONFIG_VENDOR_UP is not set CONFIG_MAINBOARD_FAMILY="Not Applicable" CONFIG_MAINBOARD_PART_NUMBER="nv40pz" -CONFIG_MAINBOARD_VERSION="v2.1" +CONFIG_MAINBOARD_VERSION="nv40pz" CONFIG_MAINBOARD_DIR="clevo/adl-p" CONFIG_DIMM_MAX=4 CONFIG_DIMM_SPD_SIZE=512 @@ -131,7 +131,7 @@ CONFIG_VBOOT_VBNV_OFFSET=0x28 CONFIG_VARIANT_DIR="nv40pz" CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb" # CONFIG_VGA_BIOS is not set -CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Nitrokey" +CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Notebook" CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/variants/$(VARIANT_DIR)/data.vbt" # CONFIG_DISABLE_HECI1_AT_PRE_BOOT is not set CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0x4000 @@ -140,7 +140,7 @@ CONFIG_CMOS_LAYOUT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.layout" CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0 CONFIG_BOARD_CLEVO_ADLP_COMMON=y CONFIG_BOARD_CLEVO_NV40PZ_BASE=y -CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="Nitropad NV41" +CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="NV4xPZ" CONFIG_CONSOLE_POST=y # CONFIG_USE_PM_ACPI_TIMER is not set CONFIG_TPM_PIRQ=0x27 When comparing against dasharo/coreboot fork coreboot config saved in oldconfig format, diffs: diff --git a/config/coreboot-novacustom_nv4x_adl.config b/config/coreboot-novacustom_nv4x_adl.config index 235f255a31..41bdd7889c 100644 --- a/config/coreboot-novacustom_nv4x_adl.config +++ b/config/coreboot-novacustom_nv4x_adl.config @@ -7,19 +7,19 @@ # General setup # CONFIG_COREBOOT_BUILD=y -CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION="v1.7.2" CONFIG_CBFS_PREFIX="fallback" CONFIG_COMPILER_GCC=y # CONFIG_COMPILER_LLVM_CLANG is not set CONFIG_ARCH_SUPPORTS_CLANG=y # CONFIG_ANY_TOOLCHAIN is not set -# CONFIG_CCACHE is not set +CONFIG_CCACHE=y # CONFIG_IWYU is not set # CONFIG_FMD_GENPARSER is not set # CONFIG_UTIL_GENPARSER is not set -# CONFIG_OPTION_BACKEND_NONE is not set -CONFIG_USE_OPTION_TABLE=y -# CONFIG_STATIC_OPTION_TABLE is not set +CONFIG_OPTION_BACKEND_NONE=y +# CONFIG_USE_OPTION_TABLE is not set +# CONFIG_USE_UEFI_VARIABLE_STORE is not set CONFIG_COMPRESS_RAMSTAGE_LZMA=y # CONFIG_COMPRESS_RAMSTAGE_LZ4 is not set CONFIG_INCLUDE_CONFIG_FILE=y @@ -35,12 +35,7 @@ CONFIG_HAVE_ASAN_IN_RAMSTAGE=y # CONFIG_NO_STAGE_CACHE is not set CONFIG_TSEG_STAGE_CACHE=y # CONFIG_UPDATE_IMAGE is not set -CONFIG_BOOTSPLASH_IMAGE=y -CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg" -CONFIG_BOOTSPLASH_CONVERT=y -CONFIG_BOOTSPLASH_CONVERT_QUALITY=90 -# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set -# CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set +# CONFIG_BOOTSPLASH_IMAGE is not set # CONFIG_FW_CONFIG is not set # @@ -111,14 +106,14 @@ CONFIG_VENDOR_NOVACUSTOM=y # CONFIG_VENDOR_UP is not set CONFIG_MAINBOARD_FAMILY="Not Applicable" CONFIG_MAINBOARD_PART_NUMBER="nv40pz" -CONFIG_MAINBOARD_VERSION="nv40pz" +CONFIG_MAINBOARD_VERSION="v2.1" CONFIG_MAINBOARD_DIR="clevo/adl-p" CONFIG_DIMM_MAX=4 CONFIG_DIMM_SPD_SIZE=512 -CONFIG_FMDFILE="" +CONFIG_FMDFILE="src/mainboard/$(CONFIG_MAINBOARD_DIR)/vboot-rwa.fmd" # CONFIG_NO_POST is not set CONFIG_MAINBOARD_VENDOR="Notebook" -CONFIG_CBFS_SIZE=0x1000000 +CONFIG_CBFS_SIZE=0xA00000 # CONFIG_CONSOLE_SERIAL is not set CONFIG_MAX_CPUS=24 CONFIG_ONBOARD_VGA_IS_PRIMARY=y @@ -126,8 +121,9 @@ CONFIG_ONBOARD_VGA_IS_PRIMARY=y # CONFIG_POST_IO is not set CONFIG_UART_FOR_CONSOLE=0 CONFIG_DEVICETREE="devicetree.cb" -# CONFIG_VBOOT is not set +CONFIG_VBOOT=y CONFIG_VBOOT_VBNV_OFFSET=0x28 +CONFIG_RO_REGION_ONLY="" CONFIG_VARIANT_DIR="nv40pz" CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb" # CONFIG_VGA_BIOS is not set @@ -143,10 +139,12 @@ CONFIG_BOARD_CLEVO_NV40PZ_BASE=y CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="NV4xPZ" CONFIG_CONSOLE_POST=y # CONFIG_USE_PM_ACPI_TIMER is not set -CONFIG_TPM_PIRQ=0x27 +CONFIG_VBOOT_SLOTS_RW_A=y +CONFIG_TPM_PIRQ=0x0 # CONFIG_SOC_INTEL_CSE_SEND_EOP_EARLY is not set CONFIG_VBOOT_FWID_VERSION="$(CONFIG_LOCALVERSION)" CONFIG_EC_SYSTEM76_EC_BAT_THRESHOLDS=y +CONFIG_PXE_ROM_ID="10ec,8168" CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xc0000000 CONFIG_ECAM_MMCONF_BUS_NUMBER=256 CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld" @@ -156,20 +154,28 @@ CONFIG_C_ENV_BOOTBLOCK_SIZE=0x40000 CONFIG_DCACHE_BSP_STACK_SIZE=0x80400 CONFIG_MAX_ACPI_TABLE_SIZE_KB=144 CONFIG_HAVE_INTEL_FIRMWARE=y +CONFIG_VBOOT_NO_BOARD_SUPPORT=y +CONFIG_RW_REGION_ONLY="" CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000 CONFIG_DRIVERS_INTEL_WIFI=y CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/novacustom/nv4x_adl/descriptor.bin" CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/novacustom/nv4x_adl/me.bin" -CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000 +# CONFIG_VBOOT_ALWAYS_ALLOW_UDC is not set +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x100000 +CONFIG_EDK2_BOOT_TIMEOUT=2 CONFIG_VBT_DATA_SIZE_KB=9 +CONFIG_VBOOT_FWID_MODEL="$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)" +CONFIG_VBOOT_STARTS_IN_BOOTBLOCK=y CONFIG_CARDBUS_PLUGIN_SUPPORT=y CONFIG_SPI_FLASH_DONT_INCLUDE_ALL_DRIVERS=y # CONFIG_USE_LEGACY_8254_TIMER is not set +CONFIG_GBB_HWID="" # CONFIG_DEBUG_SMI is not set CONFIG_HAVE_IFD_BIN=y CONFIG_PCIEXP_HOTPLUG_BUSES=42 CONFIG_PCIEXP_HOTPLUG_MEM=0xc200000 CONFIG_PCIEXP_HOTPLUG_PREFETCH_MEM=0x1c000000 +# CONFIG_VBOOT_SLOTS_RW_AB is not set CONFIG_PS2K_EISAID="PNP0303" CONFIG_PS2M_EISAID="PNP0F13" @@ -193,8 +199,8 @@ CONFIG_PCIEXP_CLK_PM=y CONFIG_PC_CMOS_BASE_PORT_BANK1=0x72 CONFIG_HEAP_SIZE=0x10000 CONFIG_EC_GPE_SCI=0x50 +CONFIG_EDK2_BOOTSPLASH_FILE="3rdparty/dasharo-blobs/novacustom/bootsplash.bmp" CONFIG_TPM_MEASURED_BOOT=y -CONFIG_LINUX_COMMAND_LINE="quiet loglevel=2" CONFIG_BOARD_ROMSIZE_KB_32768=y # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set @@ -399,7 +405,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_TCO=y CONFIG_SOC_INTEL_COMMON_BLOCK_TCO_ENABLE_THROUGH_SMBUS=y CONFIG_SOC_INTEL_COMMON_BLOCK_SMM=y CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_IO_TRAP=y -# CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE=y CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_S5_DELAY_MS=0 CONFIG_SOC_INTEL_COMMON_BLOCK_SPI=y CONFIG_SOC_INTEL_COMMON_BLOCK_SA=y @@ -417,7 +423,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_USB4_PCIE=y CONFIG_SOC_INTEL_COMMON_BLOCK_USB4_XHCI=y CONFIG_SOC_INTEL_ENABLE_USB4_PCIE_RESOURCES=y CONFIG_SOC_INTEL_COMMON_BLOCK_VTD=y -# CONFIG_ENABLE_EARLY_DMA_PROTECTION is not set +CONFIG_ENABLE_EARLY_DMA_PROTECTION=y CONFIG_SOC_INTEL_COMMON_BLOCK_XDCI=y CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI=y CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI_ELOG=y @@ -508,15 +514,15 @@ CONFIG_EC_SYSTEM76_EC_DGPU=y # # Intel Firmware # -CONFIG_IFDTOOL_DISABLE_ME=y +# CONFIG_IFDTOOL_DISABLE_ME is not set CONFIG_HAVE_ME_BIN=y # CONFIG_STITCH_ME_BIN is not set # CONFIG_ME_REGION_ALLOW_CPU_READ_ACCESS is not set CONFIG_HAVE_INTEL_ME_HAP=y # CONFIG_INTEL_ME_DISABLED_HECI is not set -CONFIG_INTEL_ME_DISABLED_HAP=y -# CONFIG_INTEL_ME_ENABLED is not set -CONFIG_INTEL_ME_DEFAULT_STATE=2 +# CONFIG_INTEL_ME_DISABLED_HAP is not set +CONFIG_INTEL_ME_ENABLED=y +CONFIG_INTEL_ME_DEFAULT_STATE=0 # CONFIG_DO_NOT_TOUCH_DESCRIPTOR_REGION is not set # CONFIG_LOCK_MANAGEMENT_ENGINE is not set CONFIG_UNLOCK_FLASH_REGIONS=y @@ -529,7 +535,7 @@ CONFIG_BIOS_VENDOR="3mdeb" # # Dasharo Configuration # -CONFIG_DASHARO_PREFER_S3_SLEEP=y +# CONFIG_DASHARO_PREFER_S3_SLEEP is not set # end of Dasharo Configuration CONFIG_UDK_BASE=y @@ -550,8 +556,6 @@ CONFIG_X86_CUSTOM_BOOTMEDIA=y CONFIG_PC80_SYSTEM=y CONFIG_HAVE_CMOS_DEFAULT=y CONFIG_POSTCAR_STAGE=y -CONFIG_BOOTBLOCK_SIMPLE=y -# CONFIG_BOOTBLOCK_NORMAL is not set CONFIG_COLLECT_TIMESTAMPS_TSC=y CONFIG_IDT_IN_EVERY_STAGE=y CONFIG_HAVE_CF9_RESET=y @@ -575,9 +579,10 @@ CONFIG_NO_EARLY_GFX_INIT=y # # Display # +CONFIG_WANT_LINEAR_FRAMEBUFFER=y CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y CONFIG_LINEAR_FRAMEBUFFER=y -CONFIG_BOOTSPLASH=y +# CONFIG_BOOTSPLASH is not set # end of Display CONFIG_PCI=y @@ -610,17 +615,21 @@ CONFIG_I2C_TRANSFER_TIMEOUT_US=500000 # Generic Drivers # CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 -# CONFIG_DRIVERS_EFI_VARIABLE_STORE is not set +CONFIG_DRIVERS_EFI_VARIABLE_STORE=y # CONFIG_ELOG is not set CONFIG_CACHE_MRC_SETTINGS=y CONFIG_MRC_SETTINGS_PROTECT=y -# CONFIG_SMMSTORE is not set +CONFIG_HAS_RECOVERY_MRC_CACHE=y +CONFIG_MRC_SAVE_HASH_IN_TPM=y +CONFIG_SMMSTORE=y +CONFIG_SMMSTORE_V2=y +CONFIG_SMMSTORE_SIZE=0x40000 CONFIG_SPI_FLASH=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y +CONFIG_SPI_FLASH_SMM=y # CONFIG_SPI_FLASH_NO_FAST_READ is not set -CONFIG_TPM_INIT_RAMSTAGE=y -# CONFIG_TPM_PPI is not set +CONFIG_TPM_PPI=y CONFIG_DRIVERS_UART=y CONFIG_NO_UART_ON_SUPERIO=y CONFIG_DRIVERS_UART_8250MEM=y @@ -669,7 +678,7 @@ CONFIG_DRIVERS_INTEL_PMC=y # CONFIG_DRIVERS_NXP_UWB_SR1XX is not set # CONFIG_DRIVERS_PS2_KEYBOARD is not set CONFIG_DRIVERS_MC146818=y -# CONFIG_USE_PC_CMOS_ALTCENTURY is not set +CONFIG_USE_PC_CMOS_ALTCENTURY=y CONFIG_PC_CMOS_BASE_PORT_BANK0=0x70 CONFIG_MEMORY_MAPPED_TPM=y CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 @@ -695,6 +704,50 @@ CONFIG_DRIVERS_INTEL_USB4_RETIMER=y # Verified Boot (vboot) # CONFIG_VBOOT_LIB=y +CONFIG_VBOOT_VBNV_CMOS=y +CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH=y +# CONFIG_VBOOT_MOCK_SECDATA is not set +CONFIG_VBOOT_MUST_REQUEST_DISPLAY=y +CONFIG_VBOOT_ALWAYS_ENABLE_DISPLAY=y +CONFIG_VBOOT_HAS_REC_HASH_SPACE=y +CONFIG_CBFS_MCACHE_RW_PERCENTAGE=50 +CONFIG_VBOOT_CLEAR_RECOVERY_EACH_BOOT=y +# CONFIG_VBOOT_EC_EFS is not set +CONFIG_VBOOT_X86_SHA256_ACCELERATION=y + +# +# GBB configuration +# +CONFIG_GBB_BMPFV_FILE="" +# CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY is not set +# CONFIG_GBB_FLAG_LOAD_OPTION_ROMS is not set +# CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS is not set +# CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON is not set +CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB=y +CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK=y +# CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM is not set +# CONFIG_GBB_FLAG_FORCE_DEV_BOOT_ALTFW is not set +# CONFIG_GBB_FLAG_RUNNING_FAFT is not set +CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC=y +# CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_ALTFW is not set +CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC=y +CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN=y +# CONFIG_GBB_FLAG_FORCE_MANUAL_RECOVERY is not set +CONFIG_GBB_FLAG_DISABLE_FWMP=y +# CONFIG_GBB_FLAG_ENABLE_UDC is not set +# end of GBB configuration + +# +# Vboot Keys +# +CONFIG_VBOOT_ROOT_KEY="$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk" +CONFIG_VBOOT_RECOVERY_KEY="$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk" +CONFIG_VBOOT_FIRMWARE_PRIVKEY="$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk" +CONFIG_VBOOT_KERNEL_KEY="$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk" +CONFIG_VBOOT_KEYBLOCK="$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock" +CONFIG_VBOOT_KEYBLOCK_VERSION=1 +CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS=0x0 +# end of Vboot Keys # end of Verified Boot (vboot) # @@ -730,10 +783,14 @@ CONFIG_INTEL_TXT_LIB=y # CONFIG_INTEL_TXT is not set # CONFIG_STM is not set # CONFIG_INTEL_CBNT_SUPPORT is not set -CONFIG_BOOTMEDIA_LOCK_NONE=y -# CONFIG_BOOTMEDIA_LOCK_CONTROLLER is not set +# CONFIG_BOOTMEDIA_LOCK_NONE is not set +CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y # CONFIG_BOOTMEDIA_LOCK_CHIP is not set -# CONFIG_BOOTMEDIA_SMM_BWP is not set +# CONFIG_BOOTMEDIA_LOCK_WHOLE_RO is not set +# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set +CONFIG_BOOTMEDIA_LOCK_WPRO_VBOOT_RO=y +CONFIG_BOOTMEDIA_LOCK_IN_VERSTAGE=y +CONFIG_BOOTMEDIA_SMM_BWP=y # end of Security CONFIG_ACPI_HAVE_PCAT_8259=y @@ -772,8 +829,8 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7=y # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7 -CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX=y -CONFIG_CONSOLE_USE_ANSI_ESCAPES=y +# CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX is not set +# CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set # CONFIG_CMOS_POST is not set CONFIG_HWBASE_DEBUG_CB=y # end of Console @@ -804,12 +861,89 @@ CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" # CONFIG_PAYLOAD_LINUXBOOT is not set # CONFIG_PAYLOAD_SEABIOS is not set # CONFIG_PAYLOAD_UBOOT is not set -# CONFIG_PAYLOAD_EDK2 is not set -CONFIG_PAYLOAD_LINUX=y -CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage" +CONFIG_PAYLOAD_EDK2=y +# CONFIG_PAYLOAD_LINUX is not set +CONFIG_PAYLOAD_FILE="novacustom_nv4x_adl/UEFIPAYLOAD.fd" CONFIG_PAYLOAD_OPTIONS="" -# CONFIG_PXE is not set -CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz" +CONFIG_EDK2_UEFIPAYLOAD=y +# CONFIG_EDK2_UNIVERSAL_PAYLOAD is not set +CONFIG_EDK2_REPO_MRCHROMEBOX=y +# CONFIG_EDK2_REPO_OFFICIAL is not set +# CONFIG_EDK2_REPO_CUSTOM is not set +CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" +CONFIG_EDK2_TAG_OR_REV="b7274c98697e972e772236caf830c0780ec498bd" +CONFIG_EDK2_USE_EDK2_PLATFORMS=y +CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" +CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" +# CONFIG_EDK2_DEBUG is not set +CONFIG_EDK2_RELEASE=y +# CONFIG_EDK2_BOOT_MANAGER_ESCAPE is not set +CONFIG_EDK2_CBMEM_LOGGING=y +CONFIG_EDK2_SYSTEM76_EC_LOGGING=y +CONFIG_EDK2_CPU_TIMER_LIB=y +CONFIG_EDK2_FOLLOW_BGRT_SPEC=y +CONFIG_EDK2_FULL_SCREEN_SETUP=y +CONFIG_EDK2_HAVE_EFI_SHELL=y +CONFIG_EDK2_PRIORITIZE_INTERNAL=y +CONFIG_EDK2_PS2_SUPPORT=y +CONFIG_EDK2_SKIP_PS2_DETECT=y +CONFIG_EDK2_SD_MMC_TIMEOUT=10 +CONFIG_EDK2_SERIAL_SUPPORT=y +CONFIG_EDK2_ENABLE_IPXE=y +CONFIG_EDK2_IPXE_OPTION_NAME="iPXE Network Boot" +CONFIG_EDK2_SECURE_BOOT=y +# CONFIG_EDK2_SECURE_BOOT_DEFAULT_ENABLE is not set +# CONFIG_EDK2_SATA_PASSWORD is not set +# CONFIG_EDK2_OPAL_PASSWORD is not set +CONFIG_EDK2_SETUP_PASSWORD=y +CONFIG_EDK2_PERFORMANCE_MEASUREMENT_ENABLE=y +CONFIG_EDK2_DASHARO_SYSTEM_FEATURES=y +CONFIG_EDK2_DASHARO_SECURITY_OPTIONS=y +CONFIG_EDK2_SHOW_CAMERA_OPTION=y +CONFIG_EDK2_SHOW_WIFI_BT_OPTION=y +CONFIG_EDK2_DASHARO_INTEL_ME_OPTIONS=y +CONFIG_EDK2_DASHARO_USB_CONFIG=y +CONFIG_EDK2_DASHARO_NETWORK_CONFIG=y +# CONFIG_EDK2_DASHARO_CHIPSET_CONFIG is not set +CONFIG_EDK2_DASHARO_POWER_CONFIG=y +CONFIG_EDK2_SLEEP_TYPE_OPTION=y +CONFIG_EDK2_FAN_CURVE_OPTION=y +CONFIG_EDK2_BATTERY_CONFIG_OPTION=y +# CONFIG_EDK2_DASHARO_PCI_CONFIG is not set +# CONFIG_EDK2_DASHARO_MEMORY_CONFIG is not set +# CONFIG_EDK2_DASHARO_NETWORK_BOOT_DEFAULT_ENABLE is not set +# CONFIG_EDK2_DASHARO_SERIAL_REDIRECTION_DEFAULT_ENABLE is not set +CONFIG_EDK2_BOOT_MENU_KEY=0x0011 +CONFIG_EDK2_SETUP_MENU_KEY=0x000C +CONFIG_EDK2_DISABLE_MTRR_PROGRAMMING=y +CONFIG_EDK2_ENABLE_BATTERY_CHECK=y +# CONFIG_EDK2_DISABLE_OPTION_ROMS is not set +CONFIG_EDK2_PRINT_SOL_STRINGS=y +# CONFIG_EDK2_RAM_DISK_ENABLE is not set +CONFIG_EDK2_CUSTOM_BUILD_PARAMS="-D VARIABLE_SUPPORT=SMMSTORE" +CONFIG_EDK2_LAN_ROM_DRIVER="" +# CONFIG_EDK2_CREATE_PREINSTALLED_BOOT_OPTIONS is not set +CONFIG_PXE=y + +# +# PXE Options +# +# CONFIG_PXE_ROM is not set +CONFIG_BUILD_IPXE=y +CONFIG_IPXE_STABLE=y +# CONFIG_IPXE_MASTER is not set +# CONFIG_PXE_SERIAL_CONSOLE is not set +# CONFIG_PXE_NO_PROMPT is not set +CONFIG_PXE_ADD_SCRIPT=y +CONFIG_PXE_SCRIPT="3rdparty/dasharo-blobs/dasharo/dasharo.ipxe" +CONFIG_PXE_HAS_HTTPS=y +CONFIG_PXE_CUSTOM_BUILD_ID="0123456789" +CONFIG_PXE_TRUST_CMD=y +# end of PXE Options + +# CONFIG_COMPRESSED_PAYLOAD_NONE is not set +CONFIG_COMPRESSED_PAYLOAD_LZMA=y +# CONFIG_COMPRESSED_PAYLOAD_LZ4 is not set CONFIG_COMPRESS_SECONDARY_PAYLOAD=y # Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-09-11 16:44:10 +00:00
name: novacustom_nv4x_adl
target: novacustom_nv4x_adl
subcommand: ""
requires:
- x86-musl-cross-make
# coreboot talos_2
- build_and_persist:
name: UNTESTED_talos-2
arch: ppc64
target: UNTESTED_talos-2
subcommand: ""
requires:
- ppc64-musl-cross-make
# coreboot 4.11
- build_and_persist:
name: librem_l1um
target: librem_l1um
subcommand: ""
requires:
- x86-musl-cross-make
# Cache one workspace per architecture
# Make sure workspace caches are chainloaded and the last in chain for an arch is saved
- save_cache:
requires:
- UNTESTED_talos-2
- librem_14
# Those onboarding new boards should add their entries below.
# coreboot 24.02.01 boards
- build:
name: x220-hotp-maximized
target: x220-hotp-maximized
subcommand: ""
requires:
- x230-hotp-maximized
- build:
2020-12-03 00:37:34 +00:00
name: x220-maximized
target: x220-maximized
subcommand: ""
requires:
- x230-hotp-maximized
2020-12-03 00:37:34 +00:00
- build:
name: t420-hotp-maximized
target: t420-hotp-maximized
subcommand: ""
requires:
- x230-hotp-maximized
- build:
name: t420-maximized
target: t420-maximized
subcommand: ""
requires:
- x230-hotp-maximized
2020-12-03 00:37:34 +00:00
- build:
name: x230-hotp-maximized_usb-kb
target: x230-hotp-maximized_usb-kb
subcommand: ""
requires:
- x230-hotp-maximized
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703) * xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations. * Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!) * xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin. download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place. Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space. * CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
- build:
name: t430-hotp-maximized
target: t430-hotp-maximized
subcommand: ""
requires:
- x230-hotp-maximized
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703) * xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations. * Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!) * xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin. download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place. Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space. * CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
- build:
name: x230-maximized
target: x230-maximized
subcommand: ""
requires:
- x230-hotp-maximized
#TODO: move away of 24.02.01 coreboot and depend on optiplex specific dasharo commit
- build:
name: optiplex-7010_9010-maximized
target: optiplex-7010_9010-maximized
subcommand: ""
requires:
- x230-hotp-maximized
- build:
name: optiplex-7010_9010-hotp-maximized
target: optiplex-7010_9010-hotp-maximized
subcommand: ""
requires:
- x230-hotp-maximized
- build:
name: optiplex-7010_9010_TXT-maximized
target: optiplex-7010_9010_TXT-maximized
subcommand: ""
requires:
- x230-hotp-maximized
- build:
name: optiplex-7010_9010_TXT-hotp-maximized
target: optiplex-7010_9010_TXT-hotp-maximized
subcommand: ""
requires:
- x230-hotp-maximized
- build:
name: x230-maximized-fhd_edp
target: x230-maximized-fhd_edp
subcommand: ""
requires:
- x230-hotp-maximized
- build:
name: x230-hotp-maximized-fhd_edp
target: x230-hotp-maximized-fhd_edp
subcommand: ""
requires:
- x230-hotp-maximized
- build:
name: w530-hotp-maximized
target: w530-hotp-maximized
subcommand: ""
requires:
- x230-hotp-maximized
- build:
name: t430-maximized
target: t430-maximized
subcommand: ""
requires:
- x230-hotp-maximized
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703) * xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations. * Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!) * xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin. download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place. Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space. * CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
- build:
name: w530-maximized
target: w530-maximized
2021-12-27 08:28:03 +00:00
subcommand: ""
requires:
- x230-hotp-maximized
- build:
name: t530-maximized
target: t530-maximized
subcommand: ""
requires:
- x230-hotp-maximized
- build:
name: t530-hotp-maximized
target: t530-hotp-maximized
subcommand: ""
requires:
- x230-hotp-maximized
2023-02-26 00:46:00 +00:00
- build:
name: UNTESTED_t440p-maximized
target: UNTESTED_t440p-maximized
2023-02-26 00:46:00 +00:00
subcommand: ""
requires:
- x230-hotp-maximized
2023-02-26 00:46:00 +00:00
- build:
name: UNTESTED_t440p-hotp-maximized
target: UNTESTED_t440p-hotp-maximized
2023-02-26 00:46:00 +00:00
subcommand: ""
requires:
- x230-hotp-maximized
- build:
name: UNTESTED_w541-maximized
target: UNTESTED_w541-maximized
subcommand: ""
requires:
- x230-hotp-maximized
- build:
name: UNTESTED_w541-hotp-maximized
target: UNTESTED_w541-hotp-maximized
subcommand: ""
requires:
- x230-hotp-maximized
- build:
name: qemu-coreboot-fbwhiptail-tpm2-hotp
target: qemu-coreboot-fbwhiptail-tpm2-hotp
subcommand: ""
requires:
- x230-hotp-maximized
2023-07-09 05:11:00 +00:00
- build:
name: z220-cmt-maximized
target: z220-cmt-maximized
subcommand: ""
requires:
- x230-hotp-maximized
- build:
name: z220-cmt-hotp-maximized
target: z220-cmt-hotp-maximized
subcommand: ""
requires:
- x230-hotp-maximized
# coreboot purism
# librem boards
- build:
name: librem_13v2
target: librem_13v2
subcommand: ""
requires:
- librem_14
- build:
name: librem_15v3
target: librem_15v3
subcommand: ""
requires:
- librem_14
- build:
name: librem_13v4
target: librem_13v4
subcommand: ""
requires:
- librem_14
- build:
name: librem_15v4
target: librem_15v4
subcommand: ""
requires:
- librem_14
- build:
name: librem_mini
target: librem_mini
subcommand: ""
requires:
- librem_14
- build:
name: librem_mini_v2
target: librem_mini_v2
subcommand: ""
requires:
- librem_14
- build:
name: librem_11
target: librem_11
subcommand: ""
requires:
- librem_14
# dasharo release
- build:
name: nitropad-ns50
target: nitropad-ns50
subcommand: ""
requires:
Change board name from nitropad-nv41 -> novacustom_nv4x_adl - Move/rename board config - Rename coreboot config - Applies changes to coreboot config from defconfig+dasharo coreboot fork config + fixes - Rename CircleCI board for rom build ----- Repro: First: change some oldconfig defaults from dasharo coreboot fork git checkout -b move_nitropad-nv41_to_novacustom-v41 mv boards/nitropad-nv41 boards/novacustom_nv4x_adl mv boards/novacustom_nv4x_adl/nitropad-nv41.config boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config vim boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config vim config/coreboot-nitropad-nv41.config mv config/coreboot-nitropad-nv41.config config/coreboot-novacustom_nv4x_adl.config vim boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=novacustom_nv4x_adl coreboot.modify_and_save_oldconfig_in_place cd /home/user/heads/build/x86/coreboot-dasharo sudo make menuconfig cd ~/heads sudo meld /home/user/heads/build/x86/coreboot-dasharo/.config config/coreboot-novacustom_nv4x_adl.config git status git add boards/nitropad-nv41/nitropad-nv41.config config/coreboot-nitropad-nv41.config config/coreboot-novacustom_nv4x_adl.config config/coreboot-novacustom_nv4x_adl.config git add boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config sed -i 's/nitropad-nv41/novacustom_nv4x_adl/g' .circleci/config.yml git add .circleci/config.yml git commit --sigoff -m git push tlaurion-github --force ... (and multiple 'git commit --signoff --amend' to add traces below) ---- Relevant changes from nitropad-nv41 coreboot configs: diff --git a/config/coreboot-nitropad-nv41.config b/config/coreboot-novacustom_nv4x_adl.config index 9484aaf512..235f255a31 100644 --- a/config/coreboot-nitropad-nv41.config +++ b/config/coreboot-novacustom_nv4x_adl.config @@ -111,7 +111,7 @@ CONFIG_VENDOR_NOVACUSTOM=y # CONFIG_VENDOR_UP is not set CONFIG_MAINBOARD_FAMILY="Not Applicable" CONFIG_MAINBOARD_PART_NUMBER="nv40pz" -CONFIG_MAINBOARD_VERSION="v2.1" +CONFIG_MAINBOARD_VERSION="nv40pz" CONFIG_MAINBOARD_DIR="clevo/adl-p" CONFIG_DIMM_MAX=4 CONFIG_DIMM_SPD_SIZE=512 @@ -131,7 +131,7 @@ CONFIG_VBOOT_VBNV_OFFSET=0x28 CONFIG_VARIANT_DIR="nv40pz" CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb" # CONFIG_VGA_BIOS is not set -CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Nitrokey" +CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Notebook" CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/variants/$(VARIANT_DIR)/data.vbt" # CONFIG_DISABLE_HECI1_AT_PRE_BOOT is not set CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0x4000 @@ -140,7 +140,7 @@ CONFIG_CMOS_LAYOUT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.layout" CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0 CONFIG_BOARD_CLEVO_ADLP_COMMON=y CONFIG_BOARD_CLEVO_NV40PZ_BASE=y -CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="Nitropad NV41" +CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="NV4xPZ" CONFIG_CONSOLE_POST=y # CONFIG_USE_PM_ACPI_TIMER is not set CONFIG_TPM_PIRQ=0x27 When comparing against dasharo/coreboot fork coreboot config saved in oldconfig format, diffs: diff --git a/config/coreboot-novacustom_nv4x_adl.config b/config/coreboot-novacustom_nv4x_adl.config index 235f255a31..41bdd7889c 100644 --- a/config/coreboot-novacustom_nv4x_adl.config +++ b/config/coreboot-novacustom_nv4x_adl.config @@ -7,19 +7,19 @@ # General setup # CONFIG_COREBOOT_BUILD=y -CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION="v1.7.2" CONFIG_CBFS_PREFIX="fallback" CONFIG_COMPILER_GCC=y # CONFIG_COMPILER_LLVM_CLANG is not set CONFIG_ARCH_SUPPORTS_CLANG=y # CONFIG_ANY_TOOLCHAIN is not set -# CONFIG_CCACHE is not set +CONFIG_CCACHE=y # CONFIG_IWYU is not set # CONFIG_FMD_GENPARSER is not set # CONFIG_UTIL_GENPARSER is not set -# CONFIG_OPTION_BACKEND_NONE is not set -CONFIG_USE_OPTION_TABLE=y -# CONFIG_STATIC_OPTION_TABLE is not set +CONFIG_OPTION_BACKEND_NONE=y +# CONFIG_USE_OPTION_TABLE is not set +# CONFIG_USE_UEFI_VARIABLE_STORE is not set CONFIG_COMPRESS_RAMSTAGE_LZMA=y # CONFIG_COMPRESS_RAMSTAGE_LZ4 is not set CONFIG_INCLUDE_CONFIG_FILE=y @@ -35,12 +35,7 @@ CONFIG_HAVE_ASAN_IN_RAMSTAGE=y # CONFIG_NO_STAGE_CACHE is not set CONFIG_TSEG_STAGE_CACHE=y # CONFIG_UPDATE_IMAGE is not set -CONFIG_BOOTSPLASH_IMAGE=y -CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg" -CONFIG_BOOTSPLASH_CONVERT=y -CONFIG_BOOTSPLASH_CONVERT_QUALITY=90 -# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set -# CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set +# CONFIG_BOOTSPLASH_IMAGE is not set # CONFIG_FW_CONFIG is not set # @@ -111,14 +106,14 @@ CONFIG_VENDOR_NOVACUSTOM=y # CONFIG_VENDOR_UP is not set CONFIG_MAINBOARD_FAMILY="Not Applicable" CONFIG_MAINBOARD_PART_NUMBER="nv40pz" -CONFIG_MAINBOARD_VERSION="nv40pz" +CONFIG_MAINBOARD_VERSION="v2.1" CONFIG_MAINBOARD_DIR="clevo/adl-p" CONFIG_DIMM_MAX=4 CONFIG_DIMM_SPD_SIZE=512 -CONFIG_FMDFILE="" +CONFIG_FMDFILE="src/mainboard/$(CONFIG_MAINBOARD_DIR)/vboot-rwa.fmd" # CONFIG_NO_POST is not set CONFIG_MAINBOARD_VENDOR="Notebook" -CONFIG_CBFS_SIZE=0x1000000 +CONFIG_CBFS_SIZE=0xA00000 # CONFIG_CONSOLE_SERIAL is not set CONFIG_MAX_CPUS=24 CONFIG_ONBOARD_VGA_IS_PRIMARY=y @@ -126,8 +121,9 @@ CONFIG_ONBOARD_VGA_IS_PRIMARY=y # CONFIG_POST_IO is not set CONFIG_UART_FOR_CONSOLE=0 CONFIG_DEVICETREE="devicetree.cb" -# CONFIG_VBOOT is not set +CONFIG_VBOOT=y CONFIG_VBOOT_VBNV_OFFSET=0x28 +CONFIG_RO_REGION_ONLY="" CONFIG_VARIANT_DIR="nv40pz" CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb" # CONFIG_VGA_BIOS is not set @@ -143,10 +139,12 @@ CONFIG_BOARD_CLEVO_NV40PZ_BASE=y CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="NV4xPZ" CONFIG_CONSOLE_POST=y # CONFIG_USE_PM_ACPI_TIMER is not set -CONFIG_TPM_PIRQ=0x27 +CONFIG_VBOOT_SLOTS_RW_A=y +CONFIG_TPM_PIRQ=0x0 # CONFIG_SOC_INTEL_CSE_SEND_EOP_EARLY is not set CONFIG_VBOOT_FWID_VERSION="$(CONFIG_LOCALVERSION)" CONFIG_EC_SYSTEM76_EC_BAT_THRESHOLDS=y +CONFIG_PXE_ROM_ID="10ec,8168" CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xc0000000 CONFIG_ECAM_MMCONF_BUS_NUMBER=256 CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld" @@ -156,20 +154,28 @@ CONFIG_C_ENV_BOOTBLOCK_SIZE=0x40000 CONFIG_DCACHE_BSP_STACK_SIZE=0x80400 CONFIG_MAX_ACPI_TABLE_SIZE_KB=144 CONFIG_HAVE_INTEL_FIRMWARE=y +CONFIG_VBOOT_NO_BOARD_SUPPORT=y +CONFIG_RW_REGION_ONLY="" CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000 CONFIG_DRIVERS_INTEL_WIFI=y CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/novacustom/nv4x_adl/descriptor.bin" CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/novacustom/nv4x_adl/me.bin" -CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000 +# CONFIG_VBOOT_ALWAYS_ALLOW_UDC is not set +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x100000 +CONFIG_EDK2_BOOT_TIMEOUT=2 CONFIG_VBT_DATA_SIZE_KB=9 +CONFIG_VBOOT_FWID_MODEL="$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)" +CONFIG_VBOOT_STARTS_IN_BOOTBLOCK=y CONFIG_CARDBUS_PLUGIN_SUPPORT=y CONFIG_SPI_FLASH_DONT_INCLUDE_ALL_DRIVERS=y # CONFIG_USE_LEGACY_8254_TIMER is not set +CONFIG_GBB_HWID="" # CONFIG_DEBUG_SMI is not set CONFIG_HAVE_IFD_BIN=y CONFIG_PCIEXP_HOTPLUG_BUSES=42 CONFIG_PCIEXP_HOTPLUG_MEM=0xc200000 CONFIG_PCIEXP_HOTPLUG_PREFETCH_MEM=0x1c000000 +# CONFIG_VBOOT_SLOTS_RW_AB is not set CONFIG_PS2K_EISAID="PNP0303" CONFIG_PS2M_EISAID="PNP0F13" @@ -193,8 +199,8 @@ CONFIG_PCIEXP_CLK_PM=y CONFIG_PC_CMOS_BASE_PORT_BANK1=0x72 CONFIG_HEAP_SIZE=0x10000 CONFIG_EC_GPE_SCI=0x50 +CONFIG_EDK2_BOOTSPLASH_FILE="3rdparty/dasharo-blobs/novacustom/bootsplash.bmp" CONFIG_TPM_MEASURED_BOOT=y -CONFIG_LINUX_COMMAND_LINE="quiet loglevel=2" CONFIG_BOARD_ROMSIZE_KB_32768=y # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set @@ -399,7 +405,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_TCO=y CONFIG_SOC_INTEL_COMMON_BLOCK_TCO_ENABLE_THROUGH_SMBUS=y CONFIG_SOC_INTEL_COMMON_BLOCK_SMM=y CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_IO_TRAP=y -# CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE=y CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_S5_DELAY_MS=0 CONFIG_SOC_INTEL_COMMON_BLOCK_SPI=y CONFIG_SOC_INTEL_COMMON_BLOCK_SA=y @@ -417,7 +423,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_USB4_PCIE=y CONFIG_SOC_INTEL_COMMON_BLOCK_USB4_XHCI=y CONFIG_SOC_INTEL_ENABLE_USB4_PCIE_RESOURCES=y CONFIG_SOC_INTEL_COMMON_BLOCK_VTD=y -# CONFIG_ENABLE_EARLY_DMA_PROTECTION is not set +CONFIG_ENABLE_EARLY_DMA_PROTECTION=y CONFIG_SOC_INTEL_COMMON_BLOCK_XDCI=y CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI=y CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI_ELOG=y @@ -508,15 +514,15 @@ CONFIG_EC_SYSTEM76_EC_DGPU=y # # Intel Firmware # -CONFIG_IFDTOOL_DISABLE_ME=y +# CONFIG_IFDTOOL_DISABLE_ME is not set CONFIG_HAVE_ME_BIN=y # CONFIG_STITCH_ME_BIN is not set # CONFIG_ME_REGION_ALLOW_CPU_READ_ACCESS is not set CONFIG_HAVE_INTEL_ME_HAP=y # CONFIG_INTEL_ME_DISABLED_HECI is not set -CONFIG_INTEL_ME_DISABLED_HAP=y -# CONFIG_INTEL_ME_ENABLED is not set -CONFIG_INTEL_ME_DEFAULT_STATE=2 +# CONFIG_INTEL_ME_DISABLED_HAP is not set +CONFIG_INTEL_ME_ENABLED=y +CONFIG_INTEL_ME_DEFAULT_STATE=0 # CONFIG_DO_NOT_TOUCH_DESCRIPTOR_REGION is not set # CONFIG_LOCK_MANAGEMENT_ENGINE is not set CONFIG_UNLOCK_FLASH_REGIONS=y @@ -529,7 +535,7 @@ CONFIG_BIOS_VENDOR="3mdeb" # # Dasharo Configuration # -CONFIG_DASHARO_PREFER_S3_SLEEP=y +# CONFIG_DASHARO_PREFER_S3_SLEEP is not set # end of Dasharo Configuration CONFIG_UDK_BASE=y @@ -550,8 +556,6 @@ CONFIG_X86_CUSTOM_BOOTMEDIA=y CONFIG_PC80_SYSTEM=y CONFIG_HAVE_CMOS_DEFAULT=y CONFIG_POSTCAR_STAGE=y -CONFIG_BOOTBLOCK_SIMPLE=y -# CONFIG_BOOTBLOCK_NORMAL is not set CONFIG_COLLECT_TIMESTAMPS_TSC=y CONFIG_IDT_IN_EVERY_STAGE=y CONFIG_HAVE_CF9_RESET=y @@ -575,9 +579,10 @@ CONFIG_NO_EARLY_GFX_INIT=y # # Display # +CONFIG_WANT_LINEAR_FRAMEBUFFER=y CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y CONFIG_LINEAR_FRAMEBUFFER=y -CONFIG_BOOTSPLASH=y +# CONFIG_BOOTSPLASH is not set # end of Display CONFIG_PCI=y @@ -610,17 +615,21 @@ CONFIG_I2C_TRANSFER_TIMEOUT_US=500000 # Generic Drivers # CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 -# CONFIG_DRIVERS_EFI_VARIABLE_STORE is not set +CONFIG_DRIVERS_EFI_VARIABLE_STORE=y # CONFIG_ELOG is not set CONFIG_CACHE_MRC_SETTINGS=y CONFIG_MRC_SETTINGS_PROTECT=y -# CONFIG_SMMSTORE is not set +CONFIG_HAS_RECOVERY_MRC_CACHE=y +CONFIG_MRC_SAVE_HASH_IN_TPM=y +CONFIG_SMMSTORE=y +CONFIG_SMMSTORE_V2=y +CONFIG_SMMSTORE_SIZE=0x40000 CONFIG_SPI_FLASH=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y +CONFIG_SPI_FLASH_SMM=y # CONFIG_SPI_FLASH_NO_FAST_READ is not set -CONFIG_TPM_INIT_RAMSTAGE=y -# CONFIG_TPM_PPI is not set +CONFIG_TPM_PPI=y CONFIG_DRIVERS_UART=y CONFIG_NO_UART_ON_SUPERIO=y CONFIG_DRIVERS_UART_8250MEM=y @@ -669,7 +678,7 @@ CONFIG_DRIVERS_INTEL_PMC=y # CONFIG_DRIVERS_NXP_UWB_SR1XX is not set # CONFIG_DRIVERS_PS2_KEYBOARD is not set CONFIG_DRIVERS_MC146818=y -# CONFIG_USE_PC_CMOS_ALTCENTURY is not set +CONFIG_USE_PC_CMOS_ALTCENTURY=y CONFIG_PC_CMOS_BASE_PORT_BANK0=0x70 CONFIG_MEMORY_MAPPED_TPM=y CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 @@ -695,6 +704,50 @@ CONFIG_DRIVERS_INTEL_USB4_RETIMER=y # Verified Boot (vboot) # CONFIG_VBOOT_LIB=y +CONFIG_VBOOT_VBNV_CMOS=y +CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH=y +# CONFIG_VBOOT_MOCK_SECDATA is not set +CONFIG_VBOOT_MUST_REQUEST_DISPLAY=y +CONFIG_VBOOT_ALWAYS_ENABLE_DISPLAY=y +CONFIG_VBOOT_HAS_REC_HASH_SPACE=y +CONFIG_CBFS_MCACHE_RW_PERCENTAGE=50 +CONFIG_VBOOT_CLEAR_RECOVERY_EACH_BOOT=y +# CONFIG_VBOOT_EC_EFS is not set +CONFIG_VBOOT_X86_SHA256_ACCELERATION=y + +# +# GBB configuration +# +CONFIG_GBB_BMPFV_FILE="" +# CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY is not set +# CONFIG_GBB_FLAG_LOAD_OPTION_ROMS is not set +# CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS is not set +# CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON is not set +CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB=y +CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK=y +# CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM is not set +# CONFIG_GBB_FLAG_FORCE_DEV_BOOT_ALTFW is not set +# CONFIG_GBB_FLAG_RUNNING_FAFT is not set +CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC=y +# CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_ALTFW is not set +CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC=y +CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN=y +# CONFIG_GBB_FLAG_FORCE_MANUAL_RECOVERY is not set +CONFIG_GBB_FLAG_DISABLE_FWMP=y +# CONFIG_GBB_FLAG_ENABLE_UDC is not set +# end of GBB configuration + +# +# Vboot Keys +# +CONFIG_VBOOT_ROOT_KEY="$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk" +CONFIG_VBOOT_RECOVERY_KEY="$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk" +CONFIG_VBOOT_FIRMWARE_PRIVKEY="$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk" +CONFIG_VBOOT_KERNEL_KEY="$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk" +CONFIG_VBOOT_KEYBLOCK="$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock" +CONFIG_VBOOT_KEYBLOCK_VERSION=1 +CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS=0x0 +# end of Vboot Keys # end of Verified Boot (vboot) # @@ -730,10 +783,14 @@ CONFIG_INTEL_TXT_LIB=y # CONFIG_INTEL_TXT is not set # CONFIG_STM is not set # CONFIG_INTEL_CBNT_SUPPORT is not set -CONFIG_BOOTMEDIA_LOCK_NONE=y -# CONFIG_BOOTMEDIA_LOCK_CONTROLLER is not set +# CONFIG_BOOTMEDIA_LOCK_NONE is not set +CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y # CONFIG_BOOTMEDIA_LOCK_CHIP is not set -# CONFIG_BOOTMEDIA_SMM_BWP is not set +# CONFIG_BOOTMEDIA_LOCK_WHOLE_RO is not set +# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set +CONFIG_BOOTMEDIA_LOCK_WPRO_VBOOT_RO=y +CONFIG_BOOTMEDIA_LOCK_IN_VERSTAGE=y +CONFIG_BOOTMEDIA_SMM_BWP=y # end of Security CONFIG_ACPI_HAVE_PCAT_8259=y @@ -772,8 +829,8 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7=y # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7 -CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX=y -CONFIG_CONSOLE_USE_ANSI_ESCAPES=y +# CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX is not set +# CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set # CONFIG_CMOS_POST is not set CONFIG_HWBASE_DEBUG_CB=y # end of Console @@ -804,12 +861,89 @@ CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" # CONFIG_PAYLOAD_LINUXBOOT is not set # CONFIG_PAYLOAD_SEABIOS is not set # CONFIG_PAYLOAD_UBOOT is not set -# CONFIG_PAYLOAD_EDK2 is not set -CONFIG_PAYLOAD_LINUX=y -CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage" +CONFIG_PAYLOAD_EDK2=y +# CONFIG_PAYLOAD_LINUX is not set +CONFIG_PAYLOAD_FILE="novacustom_nv4x_adl/UEFIPAYLOAD.fd" CONFIG_PAYLOAD_OPTIONS="" -# CONFIG_PXE is not set -CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz" +CONFIG_EDK2_UEFIPAYLOAD=y +# CONFIG_EDK2_UNIVERSAL_PAYLOAD is not set +CONFIG_EDK2_REPO_MRCHROMEBOX=y +# CONFIG_EDK2_REPO_OFFICIAL is not set +# CONFIG_EDK2_REPO_CUSTOM is not set +CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" +CONFIG_EDK2_TAG_OR_REV="b7274c98697e972e772236caf830c0780ec498bd" +CONFIG_EDK2_USE_EDK2_PLATFORMS=y +CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" +CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" +# CONFIG_EDK2_DEBUG is not set +CONFIG_EDK2_RELEASE=y +# CONFIG_EDK2_BOOT_MANAGER_ESCAPE is not set +CONFIG_EDK2_CBMEM_LOGGING=y +CONFIG_EDK2_SYSTEM76_EC_LOGGING=y +CONFIG_EDK2_CPU_TIMER_LIB=y +CONFIG_EDK2_FOLLOW_BGRT_SPEC=y +CONFIG_EDK2_FULL_SCREEN_SETUP=y +CONFIG_EDK2_HAVE_EFI_SHELL=y +CONFIG_EDK2_PRIORITIZE_INTERNAL=y +CONFIG_EDK2_PS2_SUPPORT=y +CONFIG_EDK2_SKIP_PS2_DETECT=y +CONFIG_EDK2_SD_MMC_TIMEOUT=10 +CONFIG_EDK2_SERIAL_SUPPORT=y +CONFIG_EDK2_ENABLE_IPXE=y +CONFIG_EDK2_IPXE_OPTION_NAME="iPXE Network Boot" +CONFIG_EDK2_SECURE_BOOT=y +# CONFIG_EDK2_SECURE_BOOT_DEFAULT_ENABLE is not set +# CONFIG_EDK2_SATA_PASSWORD is not set +# CONFIG_EDK2_OPAL_PASSWORD is not set +CONFIG_EDK2_SETUP_PASSWORD=y +CONFIG_EDK2_PERFORMANCE_MEASUREMENT_ENABLE=y +CONFIG_EDK2_DASHARO_SYSTEM_FEATURES=y +CONFIG_EDK2_DASHARO_SECURITY_OPTIONS=y +CONFIG_EDK2_SHOW_CAMERA_OPTION=y +CONFIG_EDK2_SHOW_WIFI_BT_OPTION=y +CONFIG_EDK2_DASHARO_INTEL_ME_OPTIONS=y +CONFIG_EDK2_DASHARO_USB_CONFIG=y +CONFIG_EDK2_DASHARO_NETWORK_CONFIG=y +# CONFIG_EDK2_DASHARO_CHIPSET_CONFIG is not set +CONFIG_EDK2_DASHARO_POWER_CONFIG=y +CONFIG_EDK2_SLEEP_TYPE_OPTION=y +CONFIG_EDK2_FAN_CURVE_OPTION=y +CONFIG_EDK2_BATTERY_CONFIG_OPTION=y +# CONFIG_EDK2_DASHARO_PCI_CONFIG is not set +# CONFIG_EDK2_DASHARO_MEMORY_CONFIG is not set +# CONFIG_EDK2_DASHARO_NETWORK_BOOT_DEFAULT_ENABLE is not set +# CONFIG_EDK2_DASHARO_SERIAL_REDIRECTION_DEFAULT_ENABLE is not set +CONFIG_EDK2_BOOT_MENU_KEY=0x0011 +CONFIG_EDK2_SETUP_MENU_KEY=0x000C +CONFIG_EDK2_DISABLE_MTRR_PROGRAMMING=y +CONFIG_EDK2_ENABLE_BATTERY_CHECK=y +# CONFIG_EDK2_DISABLE_OPTION_ROMS is not set +CONFIG_EDK2_PRINT_SOL_STRINGS=y +# CONFIG_EDK2_RAM_DISK_ENABLE is not set +CONFIG_EDK2_CUSTOM_BUILD_PARAMS="-D VARIABLE_SUPPORT=SMMSTORE" +CONFIG_EDK2_LAN_ROM_DRIVER="" +# CONFIG_EDK2_CREATE_PREINSTALLED_BOOT_OPTIONS is not set +CONFIG_PXE=y + +# +# PXE Options +# +# CONFIG_PXE_ROM is not set +CONFIG_BUILD_IPXE=y +CONFIG_IPXE_STABLE=y +# CONFIG_IPXE_MASTER is not set +# CONFIG_PXE_SERIAL_CONSOLE is not set +# CONFIG_PXE_NO_PROMPT is not set +CONFIG_PXE_ADD_SCRIPT=y +CONFIG_PXE_SCRIPT="3rdparty/dasharo-blobs/dasharo/dasharo.ipxe" +CONFIG_PXE_HAS_HTTPS=y +CONFIG_PXE_CUSTOM_BUILD_ID="0123456789" +CONFIG_PXE_TRUST_CMD=y +# end of PXE Options + +# CONFIG_COMPRESSED_PAYLOAD_NONE is not set +CONFIG_COMPRESSED_PAYLOAD_LZMA=y +# CONFIG_COMPRESSED_PAYLOAD_LZ4 is not set CONFIG_COMPRESS_SECONDARY_PAYLOAD=y # Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-09-11 16:44:10 +00:00
- novacustom_nv4x_adl
- build:
name: novacustom-v540tu
target: novacustom-v540tu
subcommand: ""
requires:
- nitropad-nv41
# coreboot 4.11
- build:
name: UNMAINTAINED_kgpe-d16_workstation
target: UNMAINTAINED_kgpe-d16_workstation
subcommand: ""
requires:
- librem_l1um
# coreboot 4.11
- build:
name: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard
target: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard
subcommand: ""
requires:
- librem_l1um
# coreboot 4.11
- build:
name: UNMAINTAINED_kgpe-d16_server
target: UNMAINTAINED_kgpe-d16_server
subcommand: ""
requires:
- librem_l1um
# coreboot 4.11
- build:
name: UNMAINTAINED_kgpe-d16_server-whiptail
target: UNMAINTAINED_kgpe-d16_server-whiptail
subcommand: ""
requires:
- librem_l1um