2020-10-20 23:33:42 +00:00
|
|
|
image: fedora:30
|
|
|
|
|
|
|
|
|
|
variables:
|
|
|
|
|
DOCKER_DRIVER: overlay2
|
|
|
|
|
|
|
|
|
|
stages:
|
|
|
|
|
- build
|
|
|
|
|
|
|
|
|
|
build:
|
|
|
|
|
stage: build
|
Activate dual console by default and restructure board config
Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC
Adding dual console to OpenBmc and tty0
putting kgpe-d16-coreboot.conf in defconfig format
NO_HZ wasn't included in kernel config. Adding it.
Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation
Removing serial configuration and static IP stuff since we have a workstation here.
Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then.
Placing files in good directories
Corrrect flashrom options for kgpe-d16 server and workstation boards
kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ
kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server
kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH.
kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation)
kgpe-d16_workstation in defconfig format
kgpe-d16 boards: pass from GPG to GPG2 board definitions
kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode
kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output
kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging
kgpe-d16 : expressively export CONFIG_TPM=n
kgpe-d16_wokstation gui-init variables were missing
kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized
linux-kgpe-d16*: add support for Pike
kgpe-d16_workstation-usb_keyboard board support addition
kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based
GitlabCI: kgpe-d16 fixes and upstream merge of change
kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment
kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file
KGPE-D16: community work migration to coreboot 4.11 to fix issue #740
KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per https://github.com/osresearch/heads/pull/709
kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch
kgpe-d16 boards: add Linux kernel version where missing.
CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master
coreboot module: typo correction (tabs vs spaces)
CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds
CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large"
CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support
At this stage:
- job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32)
- "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node
CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console.
coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM)
coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram.
CircleCI & coreboot config: fix merge conflict rebasing on master
coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599
Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for #867
2018-10-23 12:43:36 +00:00
|
|
|
retry: 2
|
2020-10-20 23:33:42 +00:00
|
|
|
cache:
|
|
|
|
|
paths:
|
|
|
|
|
- packages
|
|
|
|
|
- crossgcc
|
|
|
|
|
- build
|
|
|
|
|
key: "heads-$GITLAB_USER_LOGIN-2"
|
|
|
|
|
script:
|
|
|
|
|
- dnf install -y @development-tools gcc-c++ gcc-gnat zlib-devel perl-Digest-MD5 perl-Digest-SHA uuid-devel pcsc-tools ncurses-devel lbzip2 libuuid-devel lzma elfutils-libelf-devel bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget libusb-devel cmake automake pv bsdiff autoconf libtool cpio texinfo
|
|
|
|
|
- git fetch origin
|
|
|
|
|
- git reset --hard origin/$CI_COMMIT_REF_NAME
|
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703)
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.
* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)
* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin.
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.
* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
|
|
|
|
2020-10-20 23:33:42 +00:00
|
|
|
- echo "Removing old x230-flash artifacts..."
|
|
|
|
|
- rm -rf ./build/x230-flash/*
|
|
|
|
|
- rm -rf ./build/log/*
|
|
|
|
|
- echo "Building BOARD=x230-flash board..."
|
|
|
|
|
- make BOARD=x230-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1)
|
|
|
|
|
- echo "x230-flash hashes:"
|
|
|
|
|
- cat ./build/x230-flash/hashes.txt
|
|
|
|
|
- echo "Archiving x230-flash logs..."
|
|
|
|
|
- tar zcvf ./build/x230-flash/logs.tar.gz ./build/log/*
|
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703)
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.
* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)
* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin.
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.
* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
|
|
|
|
2020-10-20 23:33:42 +00:00
|
|
|
- echo "Removing old t430-flash artifacts..."
|
|
|
|
|
- rm -rf ./build/t430-flash/*
|
|
|
|
|
- rm -rf ./build/log/*
|
|
|
|
|
- echo "Building BOARD=t430-flash board..."
|
|
|
|
|
- make BOARD=t430-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1)
|
|
|
|
|
- echo "t430-flash hashes:"
|
|
|
|
|
- cat ./build/t430-flash/hashes.txt
|
|
|
|
|
- echo "Archiving t430-flash logs..."
|
|
|
|
|
- tar zcvf ./build/t430-flash/logs.tar.gz ./build/log/*
|
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703)
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.
* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)
* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin.
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.
* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
|
|
|
|
|
|
|
|
- echo "Removing old x230-external-flash artifacts..."
|
|
|
|
|
- rm -rf ./build/x230-external-flash/*
|
|
|
|
|
- rm -rf ./build/log/*
|
|
|
|
|
- echo "Building BOARD=x230-external-flash board..."
|
|
|
|
|
- make BOARD=x230-external-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1)
|
|
|
|
|
- echo "x230-external-flash hashes:"
|
|
|
|
|
- cat ./build/x230-external-flash/hashes.txt
|
|
|
|
|
- echo "Archiving x230-external-flash logs..."
|
|
|
|
|
|
|
|
|
|
- tar zcvf ./build/x230-external-flash/logs.tar.gz ./build/log/*
|
2020-10-20 23:33:42 +00:00
|
|
|
- echo "Removing old x230-hotp-verification artifacts..."
|
|
|
|
|
- rm -rf ./build/x230-hotp-verification/*
|
|
|
|
|
- rm -rf ./build/log/*
|
|
|
|
|
- echo "Building BOARD=x230-hotp-verification board..."
|
|
|
|
|
- make BOARD=x230-hotp-verification || (find ./build/log/ -cmin 1|xargs tail; exit 1)
|
|
|
|
|
- echo "x230-hotp-verification hashes:"
|
|
|
|
|
- cat ./build/x230-hotp-verification/hashes.txt
|
|
|
|
|
- echo "Archiving x230-hotp-verification logs..."
|
|
|
|
|
- tar zcvf ./build/x230-hotp-verification/logs.tar.gz ./build/log/*
|
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703)
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.
* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)
* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin.
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.
* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
|
|
|
|
2020-10-20 23:33:42 +00:00
|
|
|
- echo "Removing old x230 artifacts..."
|
|
|
|
|
- rm -rf ./build/x230/*
|
|
|
|
|
- rm -rf ./build/log/*
|
|
|
|
|
- echo "Building BOARD=x230 board..."
|
|
|
|
|
- make BOARD=x230 || (find ./build/log/ -cmin 1|xargs tail; exit 1)
|
|
|
|
|
- echo "x230 hashes:"
|
|
|
|
|
- cat ./build/x230/hashes.txt
|
|
|
|
|
- echo "Archiving x230 logs..."
|
|
|
|
|
- tar zcvf ./build/x230/logs.tar.gz ./build/log/*
|
|
|
|
|
- echo "Removing old t430 artifacts..."
|
|
|
|
|
- rm -rf ./build/t430/*
|
|
|
|
|
- rm -rf ./build/log/*
|
|
|
|
|
- echo "Building BOARD=t430 board..."
|
|
|
|
|
- make BOARD=t430 || (find ./build/log/ -cmin 1|xargs tail; exit 1)
|
|
|
|
|
- echo "t430 hashes:"
|
|
|
|
|
- cat ./build/t430/hashes.txt
|
|
|
|
|
- echo "Archiving t430 logs..."
|
|
|
|
|
- tar zcvf ./build/t430/logs.tar.gz ./build/log/*
|
Activate dual console by default and restructure board config
Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC
Adding dual console to OpenBmc and tty0
putting kgpe-d16-coreboot.conf in defconfig format
NO_HZ wasn't included in kernel config. Adding it.
Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation
Removing serial configuration and static IP stuff since we have a workstation here.
Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then.
Placing files in good directories
Corrrect flashrom options for kgpe-d16 server and workstation boards
kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ
kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server
kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH.
kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation)
kgpe-d16_workstation in defconfig format
kgpe-d16 boards: pass from GPG to GPG2 board definitions
kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode
kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output
kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging
kgpe-d16 : expressively export CONFIG_TPM=n
kgpe-d16_wokstation gui-init variables were missing
kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized
linux-kgpe-d16*: add support for Pike
kgpe-d16_workstation-usb_keyboard board support addition
kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based
GitlabCI: kgpe-d16 fixes and upstream merge of change
kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment
kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file
KGPE-D16: community work migration to coreboot 4.11 to fix issue #740
KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per https://github.com/osresearch/heads/pull/709
kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch
kgpe-d16 boards: add Linux kernel version where missing.
CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master
coreboot module: typo correction (tabs vs spaces)
CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds
CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large"
CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support
At this stage:
- job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32)
- "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node
CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console.
coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM)
coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram.
CircleCI & coreboot config: fix merge conflict rebasing on master
coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599
Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for #867
2018-10-23 12:43:36 +00:00
|
|
|
- echo "Removing old kgpe-d16_workstation artifacts..."
|
|
|
|
|
- rm -rf ./build/kgpe-d16_workstation/*
|
|
|
|
|
- rm -rf ./build/log/*
|
|
|
|
|
- echo "Building BOARD=kgpe-d16_workstation board..."
|
|
|
|
|
- make BOARD=kgpe-d16_workstation || (find ./build/log/ -cmin 1|xargs tail; exit 1)
|
|
|
|
|
- echo "kgpe-d16_workstation hashes:"
|
|
|
|
|
- cat ./build/kgpe-d16_workstation/hashes.txt
|
|
|
|
|
- echo "Archiving kgpe-d16_workstation logs..."
|
|
|
|
|
- tar zcvf ./build/kgpe-d16_workstation/logs.tar.gz ./build/log/*
|
|
|
|
|
- echo "Removing old kgpe-d16_workstation-usb_keyboard artifacts..."
|
|
|
|
|
- rm -rf ./build/kgpe-d16_workstation-usb_keyboard/*
|
|
|
|
|
- rm -rf ./build/log/*
|
|
|
|
|
- echo "Building BOARD=kgpe-d16_workstation-usb_keyboard board..."
|
|
|
|
|
- make BOARD=kgpe-d16_workstation || (find ./build/log/ -cmin 1|xargs tail; exit 1)
|
|
|
|
|
- echo "kgpe-d16_workstation-usb_keyboard hashes:"
|
|
|
|
|
- cat ./build/kgpe-d16_workstation-usb_keyboard/hashes.txt
|
|
|
|
|
- echo "Archiving kgpe-d16_workstation-usb_keyboard logs..."
|
|
|
|
|
- tar zcvf ./build/kgpe-d16_workstation-usb_keyboard/logs.tar.gz ./build/log/*
|
|
|
|
|
- echo "Removing old kgpe-d16_server-whiptail artifacts..."
|
|
|
|
|
- rm -rf ./build/kgpe-d16_server-whiptail/*
|
|
|
|
|
- rm -rf ./build/log/*
|
|
|
|
|
- echo "Building BOARD=kgpe-d16_server-whiptail board..."
|
|
|
|
|
- make BOARD=kgpe-d16_server-whiptail || (find ./build/log/ -cmin 1|xargs tail; exit 1)
|
|
|
|
|
- echo "kgpe-d16_server-whiptail hashes:"
|
|
|
|
|
- cat ./build/kgpe-d16_server-whiptail/hashes.txt
|
|
|
|
|
- echo "Archiving kgpe-d16_server-whiptail logs..."
|
|
|
|
|
- tar zcvf ./build/kgpe-d16_server-whiptail/logs.tar.gz ./build/log/*
|
|
|
|
|
- echo "Removing old kgpe-d16_server artifacts..."
|
|
|
|
|
- rm -rf ./build/kgpe-d16_server/*
|
|
|
|
|
- rm -rf ./build/log/*
|
|
|
|
|
- echo "Building BOARD=kgpe-d16_server board..."
|
|
|
|
|
- make BOARD=kgpe-d16_server || (find ./build/log/ -cmin 1|xargs tail; exit 1)
|
|
|
|
|
- echo "kgpe-d16_server hashes:"
|
|
|
|
|
- cat ./build/kgpe-d16_server/hashes.txt
|
|
|
|
|
- echo "Archiving kgpe-d16_server logs..."
|
|
|
|
|
- tar zcvf ./build/kgpe-d16_server/logs.tar.gz ./build/log/*
|
|
|
|
|
- echo "Removing old qemu-coreboot artifacts..."
|
2020-10-20 23:33:42 +00:00
|
|
|
- rm -rf ./build/qemu-coreboot/*
|
|
|
|
|
- rm -rf ./build/log/*
|
|
|
|
|
- echo "Building BOARD=qemu-coreboot board..."
|
|
|
|
|
- make BOARD=qemu-coreboot || (find ./build/log/ -cmin 1|xargs tail; exit 1)
|
|
|
|
|
- echo "qemu-coreboot hashes:"
|
|
|
|
|
- cat ./build/qemu-coreboot/hashes.txt
|
|
|
|
|
- echo "Archiving qemu-coreboot logs..."
|
|
|
|
|
- tar zcvf ./build/qemu-coreboot/logs.tar.gz ./build/log/*
|
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703)
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.
* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)
* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin.
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.
* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
|
|
|
|
2020-10-20 23:33:42 +00:00
|
|
|
- echo "Calculate used space for cache"
|
|
|
|
|
- du -shc packages crossgcc build
|
|
|
|
|
artifacts:
|
|
|
|
|
paths:
|
Activate dual console by default and restructure board config
Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC
Adding dual console to OpenBmc and tty0
putting kgpe-d16-coreboot.conf in defconfig format
NO_HZ wasn't included in kernel config. Adding it.
Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation
Removing serial configuration and static IP stuff since we have a workstation here.
Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then.
Placing files in good directories
Corrrect flashrom options for kgpe-d16 server and workstation boards
kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ
kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server
kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH.
kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation)
kgpe-d16_workstation in defconfig format
kgpe-d16 boards: pass from GPG to GPG2 board definitions
kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode
kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output
kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging
kgpe-d16 : expressively export CONFIG_TPM=n
kgpe-d16_wokstation gui-init variables were missing
kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized
linux-kgpe-d16*: add support for Pike
kgpe-d16_workstation-usb_keyboard board support addition
kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based
GitlabCI: kgpe-d16 fixes and upstream merge of change
kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment
kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file
KGPE-D16: community work migration to coreboot 4.11 to fix issue #740
KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per https://github.com/osresearch/heads/pull/709
kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch
kgpe-d16 boards: add Linux kernel version where missing.
CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master
coreboot module: typo correction (tabs vs spaces)
CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds
CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large"
CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support
At this stage:
- job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32)
- "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node
CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console.
coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM)
coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram.
CircleCI & coreboot config: fix merge conflict rebasing on master
coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599
Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for #867
2018-10-23 12:43:36 +00:00
|
|
|
- ./build/kgpe-d16_workstation
|
|
|
|
|
- ./build/kgpe-d16_workstation-usb_keyboard
|
|
|
|
|
- ./build/kgpe-d16_server
|
2020-10-20 23:33:42 +00:00
|
|
|
- ./build/qemu-coreboot
|
|
|
|
|
- ./build/x230-flash
|
|
|
|
|
- ./build/t430-flash
|
|
|
|
|
- ./build/x230-hotp-verification
|
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703)
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.
* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)
* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin.
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.
* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 22:01:44 +00:00
|
|
|
- ./build/x230-external-flash
|
2020-10-20 23:33:42 +00:00
|
|
|
- ./build/x230
|