From 09ca500d3e9be3c741cc3a668b841d22677687bb Mon Sep 17 00:00:00 2001 From: Markus Meissner Date: Mon, 19 Oct 2020 16:47:22 +0200 Subject: [PATCH] add x230-nkstorecli board config (#817) * add x230-nkstorecli board; * add modules: nkstorecli, libnk, libhidapi-libusb * version bump nkstorecli; related minor in libnk * upd. libnk module version bump to 3.6; remove 3.5 patch --- .circleci/config.yml | 20 ++++++- Makefile | 1 + boards/x230-nkstorecli/x230-nkstorecli.config | 53 +++++++++++++++++++ config/coreboot-x230-nkstorecli.config | 15 ++++++ modules/libhidapi-libusb | 28 ++++++++++ modules/libnitrokey | 37 +++++++++++++ modules/nkstorecli | 15 ++++++ 7 files changed, 168 insertions(+), 1 deletion(-) create mode 100644 boards/x230-nkstorecli/x230-nkstorecli.config create mode 100644 config/coreboot-x230-nkstorecli.config create mode 100644 modules/libhidapi-libusb create mode 100644 modules/libnitrokey create mode 100644 modules/nkstorecli diff --git a/.circleci/config.yml b/.circleci/config.yml index 8def1efd..cecca5b2 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -8,7 +8,7 @@ jobs: name: Install dependencies command: | apt update - apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev + apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool - checkout - run: @@ -186,6 +186,24 @@ jobs: - store-artifacts: path: build/x230-hotp-verification + - run: + name: x230-nkstorecli + command: | + rm -rf build/x230-nkstorecli/* build/log/* && make CPUS=4 \ + V=1 \ + BOARD=x230-nkstorecli || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \ + no_output_timeout: 3h + - run: + name: Ouput x230-nkstorecli hashes + command: | + cat build/x230-nkstorecli/hashes.txt \ + - run: + name: Archiving build logs for x230-nkstorecli + command: | + tar zcvf build/x230-nkstorecli/logs.tar.gz build/log/* + - store-artifacts: + path: build/x230-nkstorecli + - run: name: qemu-coreboot command: | diff --git a/Makefile b/Makefile index 42fad6e0..7817f5f6 100644 --- a/Makefile +++ b/Makefile @@ -486,6 +486,7 @@ bin_modules-$(CONFIG_CAIRO) += cairo bin_modules-$(CONFIG_FBWHIPTAIL) += fbwhiptail bin_modules-$(CONFIG_HOTPKEY) += hotp-verification bin_modules-$(CONFIG_MSRTOOLS) += msrtools +bin_modules-$(CONFIG_NKSTORECLI) += nkstorecli $(foreach m, $(bin_modules-y), \ $(call map,initrd_bin_add,$(call bins,$m)) \ diff --git a/boards/x230-nkstorecli/x230-nkstorecli.config b/boards/x230-nkstorecli/x230-nkstorecli.config new file mode 100644 index 00000000..5e95fda0 --- /dev/null +++ b/boards/x230-nkstorecli/x230-nkstorecli.config @@ -0,0 +1,53 @@ +# Configuration for a x230-nkstorecli (Nitrokey Storage client + HOTP support) +# running Qubes and other OSes +# Note that CBFS region is too small. So e1000e (ethernet) and dropbear (ssh client/server) has been disabled. +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + +CONFIG_COREBOOT_CONFIG=config/coreboot-x230-nkstorecli.config +CONFIG_LINUX_CONFIG=config/linux-x230.config + +CONFIG_CRYPTSETUP=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_DROPBEAR=n +CONFIG_NKSTORECLI=y + +#CONFIG_SLANG=y +#CONFIG_NEWT=y +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y +CONFIG_HOTPKEY=y + +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=n + +export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-nkstorecli Heads Boot Menu" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" + +# This board has two SPI flash chips, an 8 MB that holds the IFD, +# the ME image and part of the coreboot image, and a 4 MB one that +# has the rest of the coreboot and the reset vector. +# +# Only flashing to the bios region is safe to do. The easiest is to +# flash internally when the IFD is unlocked for writing, and x230-flash +# is installed first. diff --git a/config/coreboot-x230-nkstorecli.config b/config/coreboot-x230-nkstorecli.config new file mode 100644 index 00000000..f0f85b64 --- /dev/null +++ b/config/coreboot-x230-nkstorecli.config @@ -0,0 +1,15 @@ +CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y +CONFIG_MEASURED_BOOT=y +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x710000 +CONFIG_BOARD_LENOVO_X230=y +CONFIG_NO_POST=y +CONFIG_UART_PCI_ADDR=0 +CONFIG_NO_GFX_INIT=y +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/x230-nkstorecli/bzImage" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet" +CONFIG_LINUX_INITRD="../../build/x230-nkstorecli/initrd.cpio.xz" diff --git a/modules/libhidapi-libusb b/modules/libhidapi-libusb new file mode 100644 index 00000000..baaf538f --- /dev/null +++ b/modules/libhidapi-libusb @@ -0,0 +1,28 @@ +modules-$(CONFIG_NKSTORECLI) += libhidapi-libusb + +libhidapi-libusb_depends += libusb + +libhidapi-libusb_version := 0.9.0 +libhidapi-libusb_dir := hidapi-hidapi-$(libhidapi-libusb_version) +libhidapi-libusb_tar := hidapi-$(libhidapi-libusb_version).tar.gz +libhidapi-libusb_url := https://github.com/libusb/hidapi/archive/$(libhidapi-libusb_tar) +libhidapi-libusb_hash := 630ee1834bdd5c5761ab079fd04f463a89585df8fcae51a7bfe4229b1e02a652 + +MY_CROSS_TOOLS := \ + CC="$(heads_cc) -Os" \ + $(CROSS_TOOLS_NOCC) \ + + +libhidapi-libusb_configure := ./bootstrap && \ + ./configure \ + $(MY_CROSS_TOOLS) \ + --host i386-elf-linux\ + --prefix "/" + + +libhidapi-libusb_target := $(MAKE_JOBS) -C libusb \ + DESTDIR="$(INSTALL)" \ + $(MY_CROSS_TOOLS) \ + install && \ + cp $(INSTALL)/../build/$(libhidapi-libusb_dir)/pc/hidapi-libusb.pc $(INSTALL)/lib/pkgconfig/ \ + diff --git a/modules/libnitrokey b/modules/libnitrokey new file mode 100644 index 00000000..455680f4 --- /dev/null +++ b/modules/libnitrokey @@ -0,0 +1,37 @@ +modules-$(CONFIG_NKSTORECLI) += libnitrokey + +libnitrokey_depends := libhidapi-libusb libusb $(musl_dep) + +libnitrokey_version := 3.6 +libnitrokey_dir := libnitrokey-$(libnitrokey_version) +libnitrokey_tar := libnitrokey-v$(libnitrokey_version).tar.gz +libnitrokey_url := https://github.com/Nitrokey/libnitrokey/releases/download/v$(libnitrokey_version)/$(libnitrokey_tar) +libnitrokey_hash := 4f3382b6193afe69c2001321038fce9490bc28803ed687152a397ccd89146ae6 + +# currently the dynamic lib is not included +#libnitrokey_libraries := \ +# build/libnitrokey.so.3 + +cmake_cross := "-DCMAKE_AR=$(CROSS)ar" \ + -DCMAKE_CXX_COMPILER="$(CROSS)g++" \ + -DCMAKE_C_COMPILER="$(CROSS)gcc" \ + -DCMAKE_CXX_FLAGS="-Os -fdata-sections -ffunction-sections -ffile-prefix-map=$(pwd)=heads -gno-record-gcc-switches -D__MUSL__ -I$(INSTALL)/include -L$(INSTALL)/lib " \ + -DCMAKE_LINKER="$(CROSS)ld" + -DCMAKE_SHARED_LINKER_FLAGS="-gc-sections" + -DCMAKE_CXX_COMPILER_AR="$(CROSS)ar" \ + -DCMAKE_NM="$(CROSS)nm" \ + -DCMAKE_OBJDUMP="$(CROSS)objdump" \ + -DCMAKE_OBCOPY="$(CROSS)obcopy" \ + -DCMAKE_STRIP="$(CROSS)strip" + +libnitrokey_configure := \ + mkdir build -p && \ + cd build && \ + $(CROSS_TOOLS) cmake .. -DNO_LOG=ON -DBUILD_SHARED_LIBS=OFF -DCOMPILE_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/ -DCMAKE_INSTALL_LIBDIR=lib -DCMAKE_BUILD_TYPE=MinSizeRel $(cmake_cross) + +# install "by-hand" as INSTALL_PREFIX is not working as expected +libnitrokey_target := $(CROSS_TOOLS) $(MAKE_JOBS) -C build DESTDIR="$(INSTALL)" && \ + cp build/$(libnitrokey_dir)/build/libnitrokey.a $(INSTALL)/lib/libnitrokey.a && \ + mkdir -p $(INSTALL)/include/libnitrokey/ && \ + cp -r build/$(libnitrokey_dir)/NK_C_API.h $(INSTALL)/include/libnitrokey/ && \ + cp -r build/$(libnitrokey_dir)/libnitrokey/*.h $(INSTALL)/include/libnitrokey diff --git a/modules/nkstorecli b/modules/nkstorecli new file mode 100644 index 00000000..942b9a4d --- /dev/null +++ b/modules/nkstorecli @@ -0,0 +1,15 @@ +modules-$(CONFIG_NKSTORECLI) += nkstorecli + +nkstorecli_depends := libnitrokey libusb $(musl_dep) + +nkstorecli_version := 0.4.1 +nkstorecli_dir := nkstorecli-$(nkstorecli_version) +nkstorecli_tar := nkstorecli-$(nkstorecli_version).tar.gz +nkstorecli_url := https://github.com/Nitrokey/nitrokey-storage-cli/releases/download/v$(nkstorecli_version)/nkstorecli-$(nkstorecli_version).tar.gz +nkstorecli_hash := 0fa7dbbede453b9c40d920c0563afdd2b0f7d08625aeb68f065512613b6fbb6b + +nkstorecli_target := $(MAKE_JOBS) -C src $(CROSS_TOOLS) DESTDIR=$(INSTALL) install + +nkstorecli_output := \ + src/nkstorecli +