diff --git a/Makefile b/Makefile index 258911f3..a83bd5e4 100644 --- a/Makefile +++ b/Makefile @@ -12,13 +12,6 @@ HEADS_GIT_VERSION := $(shell git describe --abbrev=7 --tags --dirty) # Override BRAND_NAME to set the name displayed in the UI, filenames, versions, etc. BRAND_NAME ?= Heads -CB_OUTPUT_BASENAME := $(shell echo $(BRAND_NAME) | tr A-Z a-z)-$(BOARD)-$(HEADS_GIT_VERSION) -CB_OUTPUT_FILE := $(CB_OUTPUT_BASENAME).rom -CB_OUTPUT_FILE_GPG_INJ := $(CB_OUTPUT_BASENAME)-gpg-injected.rom -CB_BOOTBLOCK_FILE := $(CB_OUTPUT_BASENAME).bootblock -CB_UPDATE_PKG_FILE := $(CB_OUTPUT_BASENAME).zip -LB_OUTPUT_FILE := linuxboot-$(BOARD)-$(HEADS_GIT_VERSION).rom - all: -include .config @@ -59,6 +52,20 @@ CONFIG_LEGACY_FLASH := n include $(CONFIG) +# Include site-local/config only if it exists, downstreams can set configs for +# all boards, including overriding values specified by boards. site-local is +# not a part of the upstream distribution but is for downstreams to insert +# customizations at well-defined points, like in coreboot: +# https://doc.coreboot.org/tutorial/managing_local_additions.html +-include $(pwd)/site-local/config + +CB_OUTPUT_BASENAME := $(shell echo $(BRAND_NAME) | tr A-Z a-z)-$(BOARD)-$(HEADS_GIT_VERSION) +CB_OUTPUT_FILE := $(CB_OUTPUT_BASENAME).rom +CB_OUTPUT_FILE_GPG_INJ := $(CB_OUTPUT_BASENAME)-gpg-injected.rom +CB_BOOTBLOCK_FILE := $(CB_OUTPUT_BASENAME).bootblock +CB_UPDATE_PKG_FILE := $(CB_OUTPUT_BASENAME).zip +LB_OUTPUT_FILE := linuxboot-$(BOARD)-$(HEADS_GIT_VERSION).rom + # Unless otherwise specified, we are building for heads CONFIG_HEADS ?= y @@ -74,6 +81,10 @@ else $(error "Unexpected value of $$(CONFIG_TARGET_ARCH): $(CONFIG_TARGET_ARCH)") endif +ifneq "$(BOARD_TARGETS)" "" +include targets/$(BOARD_TARGETS).mk +endif + # Create directories if they don't already exist BUILD_LOG := $(shell mkdir -p "$(log_dir)") PACKAGES := $(shell mkdir -p "$(packages)") diff --git a/README.md b/README.md index e6c19bd1..a0819f48 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ QEMU: OS booting can be tested in QEMU using a software TPM. HOTP can be tested by forwarding a USB token from the host to the guest. -For more information and setup instructions, refer to the [qemu-coreboot-fbwhiptail-tpm1-hotp documentation](boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md). +For more information and setup instructions, refer to the [qemu documentation](targets/qemu.md). coreboot console messages --- diff --git a/boards/UNTESTED_t430-legacy-flash/UNTESTED_t430-legacy-flash.config b/boards/UNTESTED_t430-legacy-flash/UNTESTED_t430-legacy-flash.config index b09fd7ef..3a7312a5 100644 --- a/boards/UNTESTED_t430-legacy-flash/UNTESTED_t430-legacy-flash.config +++ b/boards/UNTESTED_t430-legacy-flash/UNTESTED_t430-legacy-flash.config @@ -32,19 +32,4 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image CONFIG_LEGACY_FLASH=y -# This board is "special" in that we need a 4MB top SPI flashable ROM. -# This is enough to allow the board to boot into a minimal Heads and read the full Legacy -# ROM from an external USB media. -# -# No tools outside of flashrom are provided here as you can see per activated modules above. -# Everything Heads is now delegated to the Legacy ROM to be flashed -# from xx30-flash ROMs. -# -# Instructions to mount USB thumb drive and flash legacy 12Mb image will be given on screen -# per CONFIG_BOOTSCRIPT script above. -# -# Below, we just move produced ROM with a name appended with -top.rom for clarity. -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,MV 4MB top ROM,$@, mv $< $@) - @sha256sum $@ +BOARD_TARGETS := legacy_flash diff --git a/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config b/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config index b231c8d4..e0d0bcae 100644 --- a/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config +++ b/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config b/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config index e89c98f9..446157e8 100644 --- a/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config +++ b/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config b/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config index 647fbc28..3228c3cd 100644 --- a/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config +++ b/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config b/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config index b5890d2b..098e617b 100644 --- a/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config +++ b/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config b/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config index ca5cd972..4f801981 100644 --- a/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config b/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config index 7dfc6d82..fb0649bf 100644 --- a/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config b/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config index e9a7ab8a..70ed7023 100644 --- a/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config b/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config index 93cb8d99..baa822e4 100644 --- a/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-hotp-maximized/UNTESTED_w530-hotp-maximized.config b/boards/UNTESTED_w530-hotp-maximized/UNTESTED_w530-hotp-maximized.config index ec01b248..75516c56 100644 --- a/boards/UNTESTED_w530-hotp-maximized/UNTESTED_w530-hotp-maximized.config +++ b/boards/UNTESTED_w530-hotp-maximized/UNTESTED_w530-hotp-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-maximized/UNTESTED_w530-maximized.config b/boards/UNTESTED_w530-maximized/UNTESTED_w530-maximized.config index b369d4d4..5587c1ff 100644 --- a/boards/UNTESTED_w530-maximized/UNTESTED_w530-maximized.config +++ b/boards/UNTESTED_w530-maximized/UNTESTED_w530-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config index f710d2fc..677b7ac6 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config @@ -70,93 +70,4 @@ export CONFIG_TPM=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1-hotp" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config index 7dc4ea91..442f06dc 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config @@ -71,93 +71,4 @@ export CONFIG_TPM=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config index b9eec341..2b622f43 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config @@ -75,95 +75,4 @@ CONFIG_OPENSSL=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2-hotp" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --create-config-files skip-if-exist - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2 - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpm2 \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.md b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config index c286f1a4..fce10e7c 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config @@ -77,95 +77,4 @@ CONFIG_OPENSSL=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --create-config-files skip-if-exist - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2 - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpm2 \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config index 0c568ff2..dc275271 100644 --- a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config @@ -70,93 +70,4 @@ export CONFIG_TPM=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1-hotp" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config index e03dc06f..4cdd6eb8 100644 --- a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config +++ b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config @@ -71,93 +71,4 @@ export CONFIG_TPM=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md deleted file mode 120000 index e35b1088..00000000 --- a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md \ No newline at end of file diff --git a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config index 999f8a55..28930477 100644 --- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config @@ -75,95 +75,4 @@ CONFIG_OPENSSL=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2-hotp" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --create-config-files skip-if-exist - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2 - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpm2 \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.md b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config index ea6f3d36..82349b27 100644 --- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config +++ b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config @@ -77,95 +77,4 @@ CONFIG_OPENSSL=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --create-config-files skip-if-exist - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2 - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpm2 \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.md b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/t430-hotp-maximized/t430-hotp-maximized.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config index 749de960..45f982d8 100644 --- a/boards/t430-hotp-maximized/t430-hotp-maximized.config +++ b/boards/t430-hotp-maximized/t430-hotp-maximized.config @@ -72,25 +72,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t430-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/t430-maximized/t430-maximized.config b/boards/t430-maximized/t430-maximized.config index 3a5d3516..a8e32a67 100644 --- a/boards/t430-maximized/t430-maximized.config +++ b/boards/t430-maximized/t430-maximized.config @@ -73,25 +73,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t430-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/t440p-maximized/t440p-maximized.config b/boards/t440p-maximized/t440p-maximized.config index 2f94b882..34f7bfbf 100644 --- a/boards/t440p-maximized/t440p-maximized.config +++ b/boards/t440p-maximized/t440p-maximized.config @@ -52,14 +52,5 @@ $(pwd)/blobs/t440p/me.bin: COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ $(pwd)/blobs/t440p/download-clean-me $(pwd)/blobs/t440p -# Haswell boards have an 8 MiB and 4 MiB SPI flash chip. So, we split the -# Coreboot ROM into two files to flash one on each chip. -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/talos-2/talos-2.config b/boards/talos-2/talos-2.config index 7de53584..d4e98a25 100644 --- a/boards/talos-2/talos-2.config +++ b/boards/talos-2/talos-2.config @@ -50,20 +50,4 @@ export CONFIG_BOOT_DEV="/dev/nvme0n1p2" export CONFIG_BOARD_NAME="Talos 2" export CONFIG_FLASHROM_OPTIONS="--noverify-all -p linux_mtd" -OUTPUT_PREFIX := heads-$(BOARD)-$(HEADS_GIT_VERSION) -BUNDLED_LINUX := $(OUTPUT_PREFIX)-zImage.bundled -OUTPUT_FILES := $(CB_OUTPUT_FILE) $(CB_BOOTBLOCK_FILE) $(BUNDLED_LINUX) - -all: $(board_build)/$(BUNDLED_LINUX) -$(board_build)/$(BUNDLED_LINUX): $(board_build)/zImage.bundled - $(call do-copy,$<,$@) - -all: $(board_build)/$(OUTPUT_PREFIX).tgz -$(board_build)/$(OUTPUT_PREFIX).tgz: \ - $(addprefix $(board_build)/,$(OUTPUT_FILES)) - rm -rf $(board_build)/pkg # cleanup in case directory exists - mkdir $(board_build)/pkg - cp $^ $(board_build)/pkg - cd $(board_build)/pkg && sha256sum * > sha256sum.txt - cd $(board_build)/pkg && tar zcf $@ * - rm -r $(board_build)/pkg +BOARD_TARGETS := ppc_tgz diff --git a/boards/w541-maximized/w541-maximized.config b/boards/w541-maximized/w541-maximized.config index a3c1a50f..220229f5 100644 --- a/boards/w541-maximized/w541-maximized.config +++ b/boards/w541-maximized/w541-maximized.config @@ -52,14 +52,5 @@ $(pwd)/blobs/w541/me.bin: COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ $(pwd)/blobs/w541/download-clean-me $(pwd)/blobs/w541 -# Haswell boards have an 8 MiB and 4 MiB SPI flash chip. So, we split the -# Coreboot ROM into two files to flash one on each chip. -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config index cef25df1..accbc52b 100644 --- a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config +++ b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config @@ -86,25 +86,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash x230-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(build)/$(BOARD)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config index acc0dd59..08b16f66 100644 --- a/boards/x230-hotp-maximized/x230-hotp-maximized.config +++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config @@ -77,25 +77,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash x230-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config index 07acf58d..dd860cdc 100644 --- a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config +++ b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config @@ -76,25 +76,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash x230-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-legacy-flash/x230-legacy-flash.config b/boards/x230-legacy-flash/x230-legacy-flash.config index 8e3ccecf..356ca7c7 100644 --- a/boards/x230-legacy-flash/x230-legacy-flash.config +++ b/boards/x230-legacy-flash/x230-legacy-flash.config @@ -33,19 +33,4 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image CONFIG_LEGACY_FLASH=y -# This board is "special" in that we need a 4MB top SPI flashable ROM. -# This is enough to allow the board to boot into a minimal Heads and read the full Legacy -# ROM from an external USB media. -# -# No tools outside of flashrom are provided here as you can see per activated modules above. -# Everything Heads is now delegated to the Legacy ROM to be flashed -# from xx30-flash ROMs. -# -# Instructions to mount USB thumb drive and flash legacy 12Mb image will be given on screen -# per CONFIG_BOOTSCRIPT script above. -# -# Below, we just move produced ROM with a name appended with -top.rom for clarity. -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,MV 4MB top ROM,$@, mv $< $@) - @sha256sum $@ +BOARD_TARGETS := legacy_flash diff --git a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config index 07ac10cc..8e53f5d9 100644 --- a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config +++ b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config @@ -86,25 +86,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash x230-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-maximized/x230-maximized.config b/boards/x230-maximized/x230-maximized.config index 47dc1b84..28e23b9e 100644 --- a/boards/x230-maximized/x230-maximized.config +++ b/boards/x230-maximized/x230-maximized.config @@ -77,25 +77,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash x230-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/targets/legacy_flash.mk b/targets/legacy_flash.mk new file mode 100644 index 00000000..de90e7a5 --- /dev/null +++ b/targets/legacy_flash.mk @@ -0,0 +1,16 @@ +# legacy-flash boards are "special" in that we need a 4MB top SPI flashable ROM. +# This is enough to allow the board to boot into a minimal Heads and read the full Legacy +# ROM from an external USB media. +# +# No tools outside of flashrom are provided here as you can see per activated modules above. +# Everything Heads is now delegated to the Legacy ROM to be flashed +# from xx30-flash ROMs. +# +# Instructions to mount USB thumb drive and flash legacy 12Mb image will be given on screen +# per CONFIG_BOOTSCRIPT script above. +# +# Below, we just move produced ROM with a name appended with -top.rom for clarity. +all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom +$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) + $(call do,MV 4MB top ROM,$@, mv $< $@) + @sha256sum $@ diff --git a/targets/ppc_tgz.mk b/targets/ppc_tgz.mk new file mode 100644 index 00000000..c1725488 --- /dev/null +++ b/targets/ppc_tgz.mk @@ -0,0 +1,17 @@ +OUTPUT_PREFIX := heads-$(BOARD)-$(HEADS_GIT_VERSION) +BUNDLED_LINUX := $(OUTPUT_PREFIX)-zImage.bundled +OUTPUT_FILES := $(CB_OUTPUT_FILE) $(CB_BOOTBLOCK_FILE) $(BUNDLED_LINUX) + +all: $(board_build)/$(BUNDLED_LINUX) +$(board_build)/$(BUNDLED_LINUX): $(board_build)/zImage.bundled + $(call do-copy,$<,$@) + +all: $(board_build)/$(OUTPUT_PREFIX).tgz +$(board_build)/$(OUTPUT_PREFIX).tgz: \ + $(addprefix $(board_build)/,$(OUTPUT_FILES)) + rm -rf $(board_build)/pkg # cleanup in case directory exists + mkdir $(board_build)/pkg + cp $^ $(board_build)/pkg + cd $(board_build)/pkg && sha256sum * > sha256sum.txt + cd $(board_build)/pkg && tar zcf $@ * + rm -r $(board_build)/pkg diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md b/targets/qemu.md similarity index 100% rename from boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md rename to targets/qemu.md diff --git a/targets/qemu.mk b/targets/qemu.mk new file mode 100644 index 00000000..930afa7b --- /dev/null +++ b/targets/qemu.mk @@ -0,0 +1,109 @@ +# Targets for running in qemu, including: +# * virtual TPM +# * virtual disk image (configurable size) +# * virtual USB flash drive +# * configurable guest memory size +# * forwarded USB security token + +# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG +# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested +# that way without a GPG key. +ifneq "$(PUBKEY_ASC)" "" +QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) +else +QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) +endif + +ifeq "$(CONFIG_TPM2_TSS)" "y" +SWTPM_TPMVER := --tpm2 +SWTPM_PRESETUP := swtpm_setup --create-config-files skip-if-exist +else +# TPM1 is the default +SWTPM_TPMVER := +# No pre-setup +SWTPM_PRESETUP := true +endif + +#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh +TPMDIR=$(build)/$(BOARD)/vtpm +$(TPMDIR)/.manufacture: + mkdir -p "$(TPMDIR)" + $(SWTPM_PRESETUP) + swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram $(SWTPM_TPMVER) + touch "$(TPMDIR)/.manufacture" +ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 +# Default to 20G disk +QEMU_DISK_SIZE?=20G +$(ROOT_DISK_IMG): + qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) +# Remember the amount of memory so it doesn't have to be specified every time. +# Default to 4G, most bootable OSes are not usable with less. +QEMU_MEMORY_SIZE?=4G +MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory +$(MEMORY_SIZE_FILE): + @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" +USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw +$(USB_FD_IMG): + dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 + # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even + # though it is meaningful to use mkfs.vfat (etc.) as non-root + MKFS_VFAT=mkfs.vfat; \ + [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ + "$$MKFS_VFAT" "$(USB_FD_IMG)" +# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead +# of the temporary flash drive for exporting GPG keys. +ifneq "$(INSTALL_IMG)" "" +QEMU_USB_FD_IMG := $(INSTALL_IMG) +else +QEMU_USB_FD_IMG := $(USB_FD_IMG) +endif +# To forward a USB token, set USB_TOKEN to one of the following: +# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID +# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID +# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID +# - LibremKey - forwards a Librem Key by VID:PID +# - - Provide the QEMU usb-host parameters, such as +# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' +ifeq "$(USB_TOKEN)" "NitrokeyPro" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 +else ifeq "$(USB_TOKEN)" "NitrokeyStorage" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 +else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 +else ifeq "$(USB_TOKEN)" "LibremKey" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 +else ifneq "$(USB_TOKEN)" "" +QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" +endif + +run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) + swtpm socket \ + $(SWTPM_TPMVER) \ + --tpmstate dir="$(TPMDIR)" \ + --flags "startup-clear" \ + --terminate \ + --ctrl type=unixio,path="$(TPMDIR)/sock" & + sleep 0.5 + + -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ + --machine q35,accel=kvm:tcg \ + -rtc base=utc \ + -smp "$$(nproc)" \ + -vga std \ + -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ + -serial stdio \ + --bios "$(QEMU_BOOT_ROM)" \ + -object rng-random,filename=/dev/urandom,id=rng0 \ + -device virtio-rng-pci,rng=rng0 \ + -netdev user,id=u1 -device e1000,netdev=u1 \ + -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ + -tpmdev emulator,id=tpm0,chardev=chrtpm \ + -device tpm-tis,tpmdev=tpm0 \ + -device qemu-xhci,id=usb \ + -device usb-tablet \ + -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ + -device usb-storage,bus=usb.0,drive=usb-fd-drive \ + $(QEMU_USB_TOKEN_DEV) \ + + stty sane + @echo diff --git a/targets/split_8mb4mb.mk b/targets/split_8mb4mb.mk new file mode 100644 index 00000000..473c41bc --- /dev/null +++ b/targets/split_8mb4mb.mk @@ -0,0 +1,18 @@ +# Many Lenovo boards have two SPI flash chips, an 8 MB that holds the IFD, +# the ME image and part of the coreboot image, and a 4 MB one that +# has the rest of the coreboot and the reset vector. +# +# As a consequence, this replaces the need of having to flash a legacy-flash ROM +# and expands available CBFS region (11.5Mb available CBFS space) +# +# When flashing via an external programmer it is easiest to have +# two separate files for these pieces. +all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom +$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) + $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) + @sha256sum $@ | tee -a "$(HASHES)" + +all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom +$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) + $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) + @sha256sum $@ | tee -a "$(HASHES)"