From c8e114166c1f2d1a68aae55ee3024025554da923 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Mon, 18 Dec 2023 15:24:21 -0500 Subject: [PATCH 1/5] qemu: Deduplicate Qemu targets/documentation, extract from boards The 8 qemu-* targets all contained nearly-identical copies of the targets to prepare the TPM/disk/etc. and then run Qemu. The only significant differences were for TPM1/TPM2 (extra swtpm_setup step, addition of --tpm2 to swtpm_setup and swtpm). ROOT_DISK_IMG used := or = differently in some boards, := was kept. targets/qemu.mk now defines all Qemu targets and is included only for qemu-* boards (by defining BOARD_TARGETS in each of those boards). The documentation was moved from qemu-coreboot-fbwhiptail-tpm1-hotp/ qemu-coreboot-fbwhiptail-tpm1-htop.md to targets/qemu.md. The other 7 qemu boards' symlinks to that file were removed. Signed-off-by: Jonathon Hall --- Makefile | 4 + README.md | 2 +- .../qemu-coreboot-fbwhiptail-tpm1-hotp.config | 91 +-------------- .../qemu-coreboot-fbwhiptail-tpm1.config | 91 +-------------- .../qemu-coreboot-fbwhiptail-tpm1.md | 1 - .../qemu-coreboot-fbwhiptail-tpm2-hotp.config | 93 +-------------- .../qemu-coreboot-fbwhiptail-tpm2-hotp.md | 1 - .../qemu-coreboot-fbwhiptail-tpm2.config | 93 +-------------- .../qemu-coreboot-fbwhiptail-tpm2.md | 1 - .../qemu-coreboot-whiptail-tpm1-hotp.config | 91 +-------------- .../qemu-coreboot-whiptail-tpm1-hotp.md | 1 - .../qemu-coreboot-whiptail-tpm1.config | 91 +-------------- .../qemu-coreboot-whiptail-tpm1.md | 1 - .../qemu-coreboot-whiptail-tpm2-hotp.config | 93 +-------------- .../qemu-coreboot-whiptail-tpm2-hotp.md | 1 - .../qemu-coreboot-whiptail-tpm2.config | 93 +-------------- .../qemu-coreboot-whiptail-tpm2.md | 1 - .../qemu.md | 0 targets/qemu.mk | 109 ++++++++++++++++++ 19 files changed, 122 insertions(+), 736 deletions(-) delete mode 120000 boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md delete mode 120000 boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.md delete mode 120000 boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md delete mode 120000 boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md delete mode 120000 boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md delete mode 120000 boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.md delete mode 120000 boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.md rename boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md => targets/qemu.md (100%) create mode 100644 targets/qemu.mk diff --git a/Makefile b/Makefile index 258911f3..7fbd4976 100644 --- a/Makefile +++ b/Makefile @@ -74,6 +74,10 @@ else $(error "Unexpected value of $$(CONFIG_TARGET_ARCH): $(CONFIG_TARGET_ARCH)") endif +ifneq "$(BOARD_TARGETS)" "" +include targets/$(BOARD_TARGETS).mk +endif + # Create directories if they don't already exist BUILD_LOG := $(shell mkdir -p "$(log_dir)") PACKAGES := $(shell mkdir -p "$(packages)") diff --git a/README.md b/README.md index e6c19bd1..a0819f48 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ QEMU: OS booting can be tested in QEMU using a software TPM. HOTP can be tested by forwarding a USB token from the host to the guest. -For more information and setup instructions, refer to the [qemu-coreboot-fbwhiptail-tpm1-hotp documentation](boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md). +For more information and setup instructions, refer to the [qemu documentation](targets/qemu.md). coreboot console messages --- diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config index f710d2fc..677b7ac6 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config @@ -70,93 +70,4 @@ export CONFIG_TPM=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1-hotp" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config index 7dc4ea91..442f06dc 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config @@ -71,93 +71,4 @@ export CONFIG_TPM=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config index b9eec341..2b622f43 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config @@ -75,95 +75,4 @@ CONFIG_OPENSSL=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2-hotp" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --create-config-files skip-if-exist - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2 - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpm2 \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.md b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config index c286f1a4..fce10e7c 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config @@ -77,95 +77,4 @@ CONFIG_OPENSSL=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --create-config-files skip-if-exist - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2 - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpm2 \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config index 0c568ff2..dc275271 100644 --- a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config @@ -70,93 +70,4 @@ export CONFIG_TPM=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1-hotp" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config index e03dc06f..4cdd6eb8 100644 --- a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config +++ b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config @@ -71,93 +71,4 @@ export CONFIG_TPM=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md deleted file mode 120000 index e35b1088..00000000 --- a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.md \ No newline at end of file diff --git a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config index 999f8a55..28930477 100644 --- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config @@ -75,95 +75,4 @@ CONFIG_OPENSSL=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2-hotp" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --create-config-files skip-if-exist - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2 - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpm2 \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.md b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config index ea6f3d36..82349b27 100644 --- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config +++ b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config @@ -77,95 +77,4 @@ CONFIG_OPENSSL=y export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2" -# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG -# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested -# that way without a GPG key. -ifneq "$(PUBKEY_ASC)" "" -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) -else -QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) -endif - -#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh -TPMDIR=$(build)/$(BOARD)/vtpm -$(TPMDIR)/.manufacture: - mkdir -p "$(TPMDIR)" - swtpm_setup --create-config-files skip-if-exist - swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram --tpm2 - touch "$(TPMDIR)/.manufacture" -ROOT_DISK_IMG=$(build)/$(BOARD)/root.qcow2 -# Default to 20G disk -QEMU_DISK_SIZE?=20G -$(ROOT_DISK_IMG): - qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) -# Remember the amount of memory so it doesn't have to be specified every time. -# Default to 4G, most bootable OSes are not usable with less. -QEMU_MEMORY_SIZE?=4G -MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory -$(MEMORY_SIZE_FILE): - @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" -USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw -$(USB_FD_IMG): - dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 - # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even - # though it is meaningful to use mkfs.vfat (etc.) as non-root - MKFS_VFAT=mkfs.vfat; \ - [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ - "$$MKFS_VFAT" "$(USB_FD_IMG)" -# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead -# of the temporary flash drive for exporting GPG keys. -ifneq "$(INSTALL_IMG)" "" -QEMU_USB_FD_IMG := $(INSTALL_IMG) -else -QEMU_USB_FD_IMG := $(USB_FD_IMG) -endif -# To forward a USB token, set USB_TOKEN to one of the following: -# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID -# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID -# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID -# - LibremKey - forwards a Librem Key by VID:PID -# - - Provide the QEMU usb-host parameters, such as -# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' -ifeq "$(USB_TOKEN)" "NitrokeyPro" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 -else ifeq "$(USB_TOKEN)" "NitrokeyStorage" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 -else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 -else ifeq "$(USB_TOKEN)" "LibremKey" -QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 -else ifneq "$(USB_TOKEN)" "" -QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" -endif - -run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) - swtpm socket \ - --tpm2 \ - --tpmstate dir="$(TPMDIR)" \ - --flags "startup-clear" \ - --terminate \ - --ctrl type=unixio,path="$(TPMDIR)/sock" & - sleep 0.5 - - -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ - --machine q35,accel=kvm:tcg \ - -rtc base=utc \ - -smp "$$(nproc)" \ - -vga std \ - -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ - -serial stdio \ - --bios "$(QEMU_BOOT_ROM)" \ - -object rng-random,filename=/dev/urandom,id=rng0 \ - -device virtio-rng-pci,rng=rng0 \ - -netdev user,id=u1 -device e1000,netdev=u1 \ - -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ - -tpmdev emulator,id=tpm0,chardev=chrtpm \ - -device tpm-tis,tpmdev=tpm0 \ - -device qemu-xhci,id=usb \ - -device usb-tablet \ - -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ - -device usb-storage,bus=usb.0,drive=usb-fd-drive \ - $(QEMU_USB_TOKEN_DEV) \ - - stty sane - @echo +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.md b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.md deleted file mode 120000 index a9ee0493..00000000 --- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.md +++ /dev/null @@ -1 +0,0 @@ -../qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md \ No newline at end of file diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md b/targets/qemu.md similarity index 100% rename from boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md rename to targets/qemu.md diff --git a/targets/qemu.mk b/targets/qemu.mk new file mode 100644 index 00000000..930afa7b --- /dev/null +++ b/targets/qemu.mk @@ -0,0 +1,109 @@ +# Targets for running in qemu, including: +# * virtual TPM +# * virtual disk image (configurable size) +# * virtual USB flash drive +# * configurable guest memory size +# * forwarded USB security token + +# Use the GPG-injected ROM if a key was given, since we can't reflash a GPG +# keyring in QEMU. Otherwise use the plain ROM, some things can still be tested +# that way without a GPG key. +ifneq "$(PUBKEY_ASC)" "" +QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE_GPG_INJ) +else +QEMU_BOOT_ROM := $(build)/$(BOARD)/$(CB_OUTPUT_FILE) +endif + +ifeq "$(CONFIG_TPM2_TSS)" "y" +SWTPM_TPMVER := --tpm2 +SWTPM_PRESETUP := swtpm_setup --create-config-files skip-if-exist +else +# TPM1 is the default +SWTPM_TPMVER := +# No pre-setup +SWTPM_PRESETUP := true +endif + +#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh +TPMDIR=$(build)/$(BOARD)/vtpm +$(TPMDIR)/.manufacture: + mkdir -p "$(TPMDIR)" + $(SWTPM_PRESETUP) + swtpm_setup --tpm-state "$(TPMDIR)" --create-platform-cert --lock-nvram $(SWTPM_TPMVER) + touch "$(TPMDIR)/.manufacture" +ROOT_DISK_IMG:=$(build)/$(BOARD)/root.qcow2 +# Default to 20G disk +QEMU_DISK_SIZE?=20G +$(ROOT_DISK_IMG): + qemu-img create -f qcow2 "$(ROOT_DISK_IMG)" $(QEMU_DISK_SIZE) +# Remember the amount of memory so it doesn't have to be specified every time. +# Default to 4G, most bootable OSes are not usable with less. +QEMU_MEMORY_SIZE?=4G +MEMORY_SIZE_FILE=$(build)/$(BOARD)/memory +$(MEMORY_SIZE_FILE): + @echo "$(QEMU_MEMORY_SIZE)" >"$(MEMORY_SIZE_FILE)" +USB_FD_IMG=$(build)/$(BOARD)/usb_fd.raw +$(USB_FD_IMG): + dd if=/dev/zero bs=1M of="$(USB_FD_IMG)" bs=1M count=256 + # Debian obnoxiously does not include /usr/sbin in PATH for non-root, even + # though it is meaningful to use mkfs.vfat (etc.) as non-root + MKFS_VFAT=mkfs.vfat; \ + [ -x /usr/sbin/mkfs.vfat ] && MKFS_VFAT=/usr/sbin/mkfs.vfat; \ + "$$MKFS_VFAT" "$(USB_FD_IMG)" +# Pass INSTALL_IMG= to attach an installer as a USB flash drive instead +# of the temporary flash drive for exporting GPG keys. +ifneq "$(INSTALL_IMG)" "" +QEMU_USB_FD_IMG := $(INSTALL_IMG) +else +QEMU_USB_FD_IMG := $(USB_FD_IMG) +endif +# To forward a USB token, set USB_TOKEN to one of the following: +# - NitrokeyPro - forwards a Nitrokey Pro by VID:PID +# - NitrokeyStorage - forwards a Nitrokey Storage by VID:PID +# - Nitrokey3NFC - forwards a Nitrokey 3 by VID:PID +# - LibremKey - forwards a Librem Key by VID:PID +# - - Provide the QEMU usb-host parameters, such as +# 'hostbus=<#>,hostport=<#>' or 'vendorid=<#>,productid=<#>' +ifeq "$(USB_TOKEN)" "NitrokeyPro" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16648 +else ifeq "$(USB_TOKEN)" "NitrokeyStorage" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=16649 +else ifeq "$(USB_TOKEN)" "Nitrokey3NFC" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=8352,productid=17074 +else ifeq "$(USB_TOKEN)" "LibremKey" +QEMU_USB_TOKEN_DEV := -device usb-host,vendorid=12653,productid=19531 +else ifneq "$(USB_TOKEN)" "" +QEMU_USB_TOKEN_DEV := -device "usb-host,$(USB_TOKEN)" +endif + +run: $(TPMDIR)/.manufacture $(ROOT_DISK_IMG) $(MEMORY_SIZE_FILE) $(USB_FD_IMG) + swtpm socket \ + $(SWTPM_TPMVER) \ + --tpmstate dir="$(TPMDIR)" \ + --flags "startup-clear" \ + --terminate \ + --ctrl type=unixio,path="$(TPMDIR)/sock" & + sleep 0.5 + + -qemu-system-x86_64 -drive file="$(ROOT_DISK_IMG)",if=virtio \ + --machine q35,accel=kvm:tcg \ + -rtc base=utc \ + -smp "$$(nproc)" \ + -vga std \ + -m "$$(cat "$(MEMORY_SIZE_FILE)")" \ + -serial stdio \ + --bios "$(QEMU_BOOT_ROM)" \ + -object rng-random,filename=/dev/urandom,id=rng0 \ + -device virtio-rng-pci,rng=rng0 \ + -netdev user,id=u1 -device e1000,netdev=u1 \ + -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ + -tpmdev emulator,id=tpm0,chardev=chrtpm \ + -device tpm-tis,tpmdev=tpm0 \ + -device qemu-xhci,id=usb \ + -device usb-tablet \ + -drive file="$(QEMU_USB_FD_IMG)",if=none,id=usb-fd-drive,format=raw \ + -device usb-storage,bus=usb.0,drive=usb-fd-drive \ + $(QEMU_USB_TOKEN_DEV) \ + + stty sane + @echo From d512cd4ad241beaf606d09e31b2f263bfffdea76 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Mon, 18 Dec 2023 16:44:00 -0500 Subject: [PATCH 2/5] 12MB boards: Deduplicate generation of 8MB/4MB split ROMs Move Makefile targets for split ROMs to targets/split_8mb4mb.mk. Signed-off-by: Jonathon Hall --- .../UNTESTED_t530-dgpu-hotp-maximized.config | 23 ++----------------- .../UNTESTED_t530-dgpu-maximized.config | 23 ++----------------- .../UNTESTED_t530-hotp-maximized.config | 23 ++----------------- .../UNTESTED_t530-maximized.config | 23 ++----------------- ...TED_w530-dgpu-K1000m-hotp-maximized.config | 23 ++----------------- ...UNTESTED_w530-dgpu-K1000m-maximized.config | 23 ++----------------- ...TED_w530-dgpu-K2000m-hotp-maximized.config | 23 ++----------------- ...UNTESTED_w530-dgpu-K2000m-maximized.config | 23 ++----------------- .../UNTESTED_w530-hotp-maximized.config | 23 ++----------------- .../UNTESTED_w530-maximized.config | 23 ++----------------- .../t430-hotp-maximized.config | 23 ++----------------- boards/t430-maximized/t430-maximized.config | 23 ++----------------- boards/t440p-maximized/t440p-maximized.config | 13 ++--------- boards/w541-maximized/w541-maximized.config | 13 ++--------- .../x230-hotp-maximized-fhd_edp.config | 23 ++----------------- .../x230-hotp-maximized.config | 23 ++----------------- .../x230-hotp-maximized_usb-kb.config | 23 ++----------------- .../x230-maximized-fhd_edp.config | 23 ++----------------- boards/x230-maximized/x230-maximized.config | 23 ++----------------- targets/split_8mb4mb.mk | 18 +++++++++++++++ 20 files changed, 56 insertions(+), 379 deletions(-) create mode 100644 targets/split_8mb4mb.mk diff --git a/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config b/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config index b231c8d4..e0d0bcae 100644 --- a/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config +++ b/boards/UNTESTED_t530-dgpu-hotp-maximized/UNTESTED_t530-dgpu-hotp-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config b/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config index e89c98f9..446157e8 100644 --- a/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config +++ b/boards/UNTESTED_t530-dgpu-maximized/UNTESTED_t530-dgpu-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config b/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config index 647fbc28..3228c3cd 100644 --- a/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config +++ b/boards/UNTESTED_t530-hotp-maximized/UNTESTED_t530-hotp-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config b/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config index b5890d2b..098e617b 100644 --- a/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config +++ b/boards/UNTESTED_t530-maximized/UNTESTED_t530-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config b/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config index ca5cd972..4f801981 100644 --- a/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K1000m-hotp-maximized/UNTESTED_w530-dgpu-K1000m-hotp-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config b/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config index 7dfc6d82..fb0649bf 100644 --- a/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K1000m-maximized/UNTESTED_w530-dgpu-K1000m-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config b/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config index e9a7ab8a..70ed7023 100644 --- a/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K2000m-hotp-maximized/UNTESTED_w530-dgpu-K2000m-hotp-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config b/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config index 93cb8d99..baa822e4 100644 --- a/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config +++ b/boards/UNTESTED_w530-dgpu-K2000m-maximized/UNTESTED_w530-dgpu-K2000m-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-hotp-maximized/UNTESTED_w530-hotp-maximized.config b/boards/UNTESTED_w530-hotp-maximized/UNTESTED_w530-hotp-maximized.config index ec01b248..75516c56 100644 --- a/boards/UNTESTED_w530-hotp-maximized/UNTESTED_w530-hotp-maximized.config +++ b/boards/UNTESTED_w530-hotp-maximized/UNTESTED_w530-hotp-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/UNTESTED_w530-maximized/UNTESTED_w530-maximized.config b/boards/UNTESTED_w530-maximized/UNTESTED_w530-maximized.config index b369d4d4..5587c1ff 100644 --- a/boards/UNTESTED_w530-maximized/UNTESTED_w530-maximized.config +++ b/boards/UNTESTED_w530-maximized/UNTESTED_w530-maximized.config @@ -74,25 +74,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t530-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/t430-hotp-maximized/t430-hotp-maximized.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config index 749de960..45f982d8 100644 --- a/boards/t430-hotp-maximized/t430-hotp-maximized.config +++ b/boards/t430-hotp-maximized/t430-hotp-maximized.config @@ -72,25 +72,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t430-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/t430-maximized/t430-maximized.config b/boards/t430-maximized/t430-maximized.config index 3a5d3516..a8e32a67 100644 --- a/boards/t430-maximized/t430-maximized.config +++ b/boards/t430-maximized/t430-maximized.config @@ -73,25 +73,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash t430-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/t440p-maximized/t440p-maximized.config b/boards/t440p-maximized/t440p-maximized.config index 2f94b882..34f7bfbf 100644 --- a/boards/t440p-maximized/t440p-maximized.config +++ b/boards/t440p-maximized/t440p-maximized.config @@ -52,14 +52,5 @@ $(pwd)/blobs/t440p/me.bin: COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ $(pwd)/blobs/t440p/download-clean-me $(pwd)/blobs/t440p -# Haswell boards have an 8 MiB and 4 MiB SPI flash chip. So, we split the -# Coreboot ROM into two files to flash one on each chip. -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/w541-maximized/w541-maximized.config b/boards/w541-maximized/w541-maximized.config index a3c1a50f..220229f5 100644 --- a/boards/w541-maximized/w541-maximized.config +++ b/boards/w541-maximized/w541-maximized.config @@ -52,14 +52,5 @@ $(pwd)/blobs/w541/me.bin: COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ $(pwd)/blobs/w541/download-clean-me $(pwd)/blobs/w541 -# Haswell boards have an 8 MiB and 4 MiB SPI flash chip. So, we split the -# Coreboot ROM into two files to flash one on each chip. -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config index cef25df1..accbc52b 100644 --- a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config +++ b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config @@ -86,25 +86,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash x230-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(build)/$(BOARD)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(build)/$(BOARD)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(build)/$(BOARD)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config index acc0dd59..08b16f66 100644 --- a/boards/x230-hotp-maximized/x230-hotp-maximized.config +++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config @@ -77,25 +77,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash x230-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config index 07acf58d..dd860cdc 100644 --- a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config +++ b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config @@ -76,25 +76,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash x230-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config index 07ac10cc..8e53f5d9 100644 --- a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config +++ b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config @@ -86,25 +86,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash x230-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/boards/x230-maximized/x230-maximized.config b/boards/x230-maximized/x230-maximized.config index 47dc1b84..28e23b9e 100644 --- a/boards/x230-maximized/x230-maximized.config +++ b/boards/x230-maximized/x230-maximized.config @@ -77,25 +77,6 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # reduced IFD ME region and expanded BIOS IFD region. # - blobs/xx30/extract.sh # To extract from backuped 8M (bottom SPI) ME binary, GBE and IFD blobs. -# -# This board has two SPI flash chips, an 8 MB that holds the IFD, -# the ME image and part of the coreboot image, and a 4 MB one that -# has the rest of the coreboot and the reset vector. -# -# As a consequence, this replaces the need of having to flash x230-flash -# and expands available CBFS region (11.5Mb available CBFS space) -# -# When flashing via an external programmer it is easiest to have -# two separate files for these pieces. -all: $(board_build)/$(CB_OUTPUT_FILE) - @sha256sum $@ | tee -a "$(HASHES)" -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" - -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +# Generate split 4MB top / 8MB bottom ROMs +BOARD_TARGETS := split_8mb4mb diff --git a/targets/split_8mb4mb.mk b/targets/split_8mb4mb.mk new file mode 100644 index 00000000..473c41bc --- /dev/null +++ b/targets/split_8mb4mb.mk @@ -0,0 +1,18 @@ +# Many Lenovo boards have two SPI flash chips, an 8 MB that holds the IFD, +# the ME image and part of the coreboot image, and a 4 MB one that +# has the rest of the coreboot and the reset vector. +# +# As a consequence, this replaces the need of having to flash a legacy-flash ROM +# and expands available CBFS region (11.5Mb available CBFS space) +# +# When flashing via an external programmer it is easiest to have +# two separate files for these pieces. +all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom +$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) + $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) + @sha256sum $@ | tee -a "$(HASHES)" + +all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom +$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) + $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) + @sha256sum $@ | tee -a "$(HASHES)" From 8ce9c9d438edabde15670bf37d5b58a8e16a9203 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Mon, 18 Dec 2023 16:44:59 -0500 Subject: [PATCH 3/5] *-legacy-flash: Deduplicate generation of "top" ROM Move Makefile target for the "top" ROM to targets/legacy_flash.mk. Signed-off-by: Jonathon Hall --- .../UNTESTED_t430-legacy-flash.config | 17 +---------------- .../x230-legacy-flash/x230-legacy-flash.config | 17 +---------------- targets/legacy_flash.mk | 16 ++++++++++++++++ 3 files changed, 18 insertions(+), 32 deletions(-) create mode 100644 targets/legacy_flash.mk diff --git a/boards/UNTESTED_t430-legacy-flash/UNTESTED_t430-legacy-flash.config b/boards/UNTESTED_t430-legacy-flash/UNTESTED_t430-legacy-flash.config index b09fd7ef..3a7312a5 100644 --- a/boards/UNTESTED_t430-legacy-flash/UNTESTED_t430-legacy-flash.config +++ b/boards/UNTESTED_t430-legacy-flash/UNTESTED_t430-legacy-flash.config @@ -32,19 +32,4 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image CONFIG_LEGACY_FLASH=y -# This board is "special" in that we need a 4MB top SPI flashable ROM. -# This is enough to allow the board to boot into a minimal Heads and read the full Legacy -# ROM from an external USB media. -# -# No tools outside of flashrom are provided here as you can see per activated modules above. -# Everything Heads is now delegated to the Legacy ROM to be flashed -# from xx30-flash ROMs. -# -# Instructions to mount USB thumb drive and flash legacy 12Mb image will be given on screen -# per CONFIG_BOOTSCRIPT script above. -# -# Below, we just move produced ROM with a name appended with -top.rom for clarity. -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,MV 4MB top ROM,$@, mv $< $@) - @sha256sum $@ +BOARD_TARGETS := legacy_flash diff --git a/boards/x230-legacy-flash/x230-legacy-flash.config b/boards/x230-legacy-flash/x230-legacy-flash.config index 8e3ccecf..356ca7c7 100644 --- a/boards/x230-legacy-flash/x230-legacy-flash.config +++ b/boards/x230-legacy-flash/x230-legacy-flash.config @@ -33,19 +33,4 @@ export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image CONFIG_LEGACY_FLASH=y -# This board is "special" in that we need a 4MB top SPI flashable ROM. -# This is enough to allow the board to boot into a minimal Heads and read the full Legacy -# ROM from an external USB media. -# -# No tools outside of flashrom are provided here as you can see per activated modules above. -# Everything Heads is now delegated to the Legacy ROM to be flashed -# from xx30-flash ROMs. -# -# Instructions to mount USB thumb drive and flash legacy 12Mb image will be given on screen -# per CONFIG_BOOTSCRIPT script above. -# -# Below, we just move produced ROM with a name appended with -top.rom for clarity. -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,MV 4MB top ROM,$@, mv $< $@) - @sha256sum $@ +BOARD_TARGETS := legacy_flash diff --git a/targets/legacy_flash.mk b/targets/legacy_flash.mk new file mode 100644 index 00000000..de90e7a5 --- /dev/null +++ b/targets/legacy_flash.mk @@ -0,0 +1,16 @@ +# legacy-flash boards are "special" in that we need a 4MB top SPI flashable ROM. +# This is enough to allow the board to boot into a minimal Heads and read the full Legacy +# ROM from an external USB media. +# +# No tools outside of flashrom are provided here as you can see per activated modules above. +# Everything Heads is now delegated to the Legacy ROM to be flashed +# from xx30-flash ROMs. +# +# Instructions to mount USB thumb drive and flash legacy 12Mb image will be given on screen +# per CONFIG_BOOTSCRIPT script above. +# +# Below, we just move produced ROM with a name appended with -top.rom for clarity. +all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom +$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) + $(call do,MV 4MB top ROM,$@, mv $< $@) + @sha256sum $@ From 12a099ad8e416da884403b103ea5dfcb67ff7de1 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Mon, 18 Dec 2023 16:45:46 -0500 Subject: [PATCH 4/5] talos-2: Move PPC-style tgz update package targets to targets/ Move the targets generating talos-2's tgz update package to targets. While this wasn't duplicated, it breaks a cyclic dependency between board config and BRAND_NAME by moving the ROM output name dependencies later. The logic probably would be shared with similar boards if any were supported, so it is in the spirit of the other targets/ shared target Makefiles. Signed-off-by: Jonathon Hall --- boards/talos-2/talos-2.config | 18 +----------------- targets/ppc_tgz.mk | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 17 deletions(-) create mode 100644 targets/ppc_tgz.mk diff --git a/boards/talos-2/talos-2.config b/boards/talos-2/talos-2.config index 7de53584..d4e98a25 100644 --- a/boards/talos-2/talos-2.config +++ b/boards/talos-2/talos-2.config @@ -50,20 +50,4 @@ export CONFIG_BOOT_DEV="/dev/nvme0n1p2" export CONFIG_BOARD_NAME="Talos 2" export CONFIG_FLASHROM_OPTIONS="--noverify-all -p linux_mtd" -OUTPUT_PREFIX := heads-$(BOARD)-$(HEADS_GIT_VERSION) -BUNDLED_LINUX := $(OUTPUT_PREFIX)-zImage.bundled -OUTPUT_FILES := $(CB_OUTPUT_FILE) $(CB_BOOTBLOCK_FILE) $(BUNDLED_LINUX) - -all: $(board_build)/$(BUNDLED_LINUX) -$(board_build)/$(BUNDLED_LINUX): $(board_build)/zImage.bundled - $(call do-copy,$<,$@) - -all: $(board_build)/$(OUTPUT_PREFIX).tgz -$(board_build)/$(OUTPUT_PREFIX).tgz: \ - $(addprefix $(board_build)/,$(OUTPUT_FILES)) - rm -rf $(board_build)/pkg # cleanup in case directory exists - mkdir $(board_build)/pkg - cp $^ $(board_build)/pkg - cd $(board_build)/pkg && sha256sum * > sha256sum.txt - cd $(board_build)/pkg && tar zcf $@ * - rm -r $(board_build)/pkg +BOARD_TARGETS := ppc_tgz diff --git a/targets/ppc_tgz.mk b/targets/ppc_tgz.mk new file mode 100644 index 00000000..c1725488 --- /dev/null +++ b/targets/ppc_tgz.mk @@ -0,0 +1,17 @@ +OUTPUT_PREFIX := heads-$(BOARD)-$(HEADS_GIT_VERSION) +BUNDLED_LINUX := $(OUTPUT_PREFIX)-zImage.bundled +OUTPUT_FILES := $(CB_OUTPUT_FILE) $(CB_BOOTBLOCK_FILE) $(BUNDLED_LINUX) + +all: $(board_build)/$(BUNDLED_LINUX) +$(board_build)/$(BUNDLED_LINUX): $(board_build)/zImage.bundled + $(call do-copy,$<,$@) + +all: $(board_build)/$(OUTPUT_PREFIX).tgz +$(board_build)/$(OUTPUT_PREFIX).tgz: \ + $(addprefix $(board_build)/,$(OUTPUT_FILES)) + rm -rf $(board_build)/pkg # cleanup in case directory exists + mkdir $(board_build)/pkg + cp $^ $(board_build)/pkg + cd $(board_build)/pkg && sha256sum * > sha256sum.txt + cd $(board_build)/pkg && tar zcf $@ * + rm -r $(board_build)/pkg From 0cb6d9154f5eba228ec04bb8f7afbdc526edefd7 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Mon, 18 Dec 2023 13:34:55 -0500 Subject: [PATCH 5/5] Makefile: Allow downstream config in site-local/config Allow downstreams to add config to site-local/config, which can set config options, including overriding board config and exporting config to /etc/config. The intent of site-local is exactly the same as in coreboot - it is a place for downstreams to add customizations that are included at well- defined points in the build. site-local should never appear in the upstream repository. coreboot's documentation explains this as well: https://doc.coreboot.org/tutorial/managing_local_additions.html Move definitions of ROM artifacts later, so site config can override BRAND_NAME (and still is included after board config to override it as well). Signed-off-by: Jonathon Hall --- Makefile | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 7fbd4976..a83bd5e4 100644 --- a/Makefile +++ b/Makefile @@ -12,13 +12,6 @@ HEADS_GIT_VERSION := $(shell git describe --abbrev=7 --tags --dirty) # Override BRAND_NAME to set the name displayed in the UI, filenames, versions, etc. BRAND_NAME ?= Heads -CB_OUTPUT_BASENAME := $(shell echo $(BRAND_NAME) | tr A-Z a-z)-$(BOARD)-$(HEADS_GIT_VERSION) -CB_OUTPUT_FILE := $(CB_OUTPUT_BASENAME).rom -CB_OUTPUT_FILE_GPG_INJ := $(CB_OUTPUT_BASENAME)-gpg-injected.rom -CB_BOOTBLOCK_FILE := $(CB_OUTPUT_BASENAME).bootblock -CB_UPDATE_PKG_FILE := $(CB_OUTPUT_BASENAME).zip -LB_OUTPUT_FILE := linuxboot-$(BOARD)-$(HEADS_GIT_VERSION).rom - all: -include .config @@ -59,6 +52,20 @@ CONFIG_LEGACY_FLASH := n include $(CONFIG) +# Include site-local/config only if it exists, downstreams can set configs for +# all boards, including overriding values specified by boards. site-local is +# not a part of the upstream distribution but is for downstreams to insert +# customizations at well-defined points, like in coreboot: +# https://doc.coreboot.org/tutorial/managing_local_additions.html +-include $(pwd)/site-local/config + +CB_OUTPUT_BASENAME := $(shell echo $(BRAND_NAME) | tr A-Z a-z)-$(BOARD)-$(HEADS_GIT_VERSION) +CB_OUTPUT_FILE := $(CB_OUTPUT_BASENAME).rom +CB_OUTPUT_FILE_GPG_INJ := $(CB_OUTPUT_BASENAME)-gpg-injected.rom +CB_BOOTBLOCK_FILE := $(CB_OUTPUT_BASENAME).bootblock +CB_UPDATE_PKG_FILE := $(CB_OUTPUT_BASENAME).zip +LB_OUTPUT_FILE := linuxboot-$(BOARD)-$(HEADS_GIT_VERSION).rom + # Unless otherwise specified, we are building for heads CONFIG_HEADS ?= y