From ec2d7dfc2cb24b6b4cc34f68d91440b60b60c255 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Wed, 9 May 2018 14:25:43 -0700 Subject: [PATCH 1/6] Make TPM counter label a variable Currently the TPM counter label is hard-coded. By changing it to a variable in this function we can reuse all of the TPM counter functions to create other monotonic counters in the TPM (if the hardware supports it) with custom labels. --- initrd/etc/functions | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/initrd/etc/functions b/initrd/etc/functions index b2cfa4ef..4790e74b 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -143,13 +143,19 @@ check_tpm_counter() if [ -r "$1" ]; then TPM_COUNTER=`grep counter- "$1" | cut -d- -f2` else + # Initialize label to default if not set + if [ "$2" != "" ]; then + LABEL=$2 + else + LABEL=3135106223 + fi warn "$BOOT_HASHES does not exist; creating new TPM counter" read -s -p "TPM Owner password: " tpm_password echo tpm counter_create \ -pwdo "$tpm_password" \ -pwdc '' \ - -la 3135106223 \ + -la $LABEL \ | tee /tmp/counter \ || die "Unable to create TPM counter" TPM_COUNTER=`cut -d: -f1 < /tmp/counter` From fc72daa6e391b4aa21253075d8e80860c30e3f3e Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Wed, 9 May 2018 14:28:36 -0700 Subject: [PATCH 2/6] Fix tabbing --- initrd/etc/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/etc/functions b/initrd/etc/functions index 4790e74b..17a81c27 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -145,7 +145,7 @@ check_tpm_counter() else # Initialize label to default if not set if [ "$2" != "" ]; then - LABEL=$2 + LABEL=$2 else LABEL=3135106223 fi From 1585f596d1f88ee638bd4a3ba2c0d6ec2592ef4a Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Fri, 11 May 2018 22:40:12 +0200 Subject: [PATCH 3/6] qemu-coreboot: Add modules libata, libahci and ahci to initrd To be able to boot a disk image, passed to QEMU with `-hda /path/qemu.img`, the appropriate modules are needed. Strange, `libata` is not enough, and the drive is only detected, when the module `ahci` is loaded. > ata1.00: ATA-7: QEMU HARDDISK, 2.5+, max UDMA/100 Tested with QEMU emulator version 2.11.1(Debian 1:2.11+dfsg-1ubuntu7) with the command below, qemu-system-x86_64 -enable-kvm -M q35 -m 1G -bios \ qemu-coreboot/coreboot.rom -serial stdio -L /dev/shm -hda \ /dev/shm/qemu-debian.img where `qemu-debian.img` is created with grml-debootstrap. grml-debootstrap --vmfile --vmsize 3G --target \ /dev/shm/qemu-debian.img -r sid --- boards/qemu-coreboot/qemu-coreboot.config | 2 ++ 1 file changed, 2 insertions(+) diff --git a/boards/qemu-coreboot/qemu-coreboot.config b/boards/qemu-coreboot/qemu-coreboot.config index e095bed5..eb0e0dd2 100644 --- a/boards/qemu-coreboot/qemu-coreboot.config +++ b/boards/qemu-coreboot/qemu-coreboot.config @@ -25,6 +25,8 @@ CONFIG_NEWT=y CONFIG_SLANG=y endif +CONFIG_LINUX_ATA=y +CONFIG_LINUX_AHCI=y CONFIG_LINUX_USB=y CONFIG_LINUX_E1000=y From c5665b78822cd7a72f338e96c76cd0b81d0089c4 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Fri, 18 May 2018 18:35:54 +0200 Subject: [PATCH 4/6] boards/qemu-coreboot: Set boot device to `/dev/sda1` QEMU emulated drive is detected as `/dev/sda1`. Set it up as the boot device. Use the same value as in for `qemu-linuxboot.config`. --- boards/qemu-coreboot/qemu-coreboot.config | 2 ++ 1 file changed, 2 insertions(+) diff --git a/boards/qemu-coreboot/qemu-coreboot.config b/boards/qemu-coreboot/qemu-coreboot.config index e095bed5..74d7d7c7 100644 --- a/boards/qemu-coreboot/qemu-coreboot.config +++ b/boards/qemu-coreboot/qemu-coreboot.config @@ -31,6 +31,8 @@ CONFIG_LINUX_E1000=y export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_TPM=n +export CONFIG_BOOT_DEV="/dev/sda1" + #run: coreboot.intermediate run: qemu-system-x86_64 \ From 2839364d435e79cb04d20e7ce14ab00374bffe4a Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Fri, 18 May 2018 18:38:29 +0200 Subject: [PATCH 5/6] boards/qemu-coreboot: Set `/dev/sdb1` as USB boot device MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit QEMU’s USB device is detected as `/dev/sdb1`. --- boards/qemu-coreboot/qemu-coreboot.config | 1 + 1 file changed, 1 insertion(+) diff --git a/boards/qemu-coreboot/qemu-coreboot.config b/boards/qemu-coreboot/qemu-coreboot.config index 74d7d7c7..eed6fac1 100644 --- a/boards/qemu-coreboot/qemu-coreboot.config +++ b/boards/qemu-coreboot/qemu-coreboot.config @@ -32,6 +32,7 @@ export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_TPM=n export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_USB_BOOT_DEV="/dev/sdb1" #run: coreboot.intermediate run: From 6d9b0a7c6cce30ac95a7536f902d3f3ff37fc267 Mon Sep 17 00:00:00 2001 From: Trammell hudson Date: Fri, 18 May 2018 16:14:27 -0400 Subject: [PATCH 6/6] enable cgroups and the various controllers (issue #384) --- config/linux-linuxboot.config | 33 +++++++++++++++++++++++++++------ 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/config/linux-linuxboot.config b/config/linux-linuxboot.config index 95d4c92f..a6c2ed57 100644 --- a/config/linux-linuxboot.config +++ b/config/linux-linuxboot.config @@ -139,7 +139,25 @@ CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_ARCH_SUPPORTS_INT128=y -# CONFIG_CGROUPS is not set +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +CONFIG_MEMCG=y +CONFIG_BLK_CGROUP=y +CONFIG_DEBUG_BLK_CGROUP=y +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +# CONFIG_CFS_BANDWIDTH is not set +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_FREEZER=y +CONFIG_CGROUP_HUGETLB=y +CONFIG_CPUSETS=y +CONFIG_PROC_PID_CPUSET=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +# CONFIG_CGROUP_DEBUG is not set # CONFIG_CHECKPOINT_RESTORE is not set # CONFIG_NAMESPACES is not set # CONFIG_SCHED_AUTOGROUP is not set @@ -180,7 +198,7 @@ CONFIG_FUTEX=y CONFIG_EPOLL=y # CONFIG_SIGNALFD is not set # CONFIG_TIMERFD is not set -# CONFIG_EVENTFD is not set +CONFIG_EVENTFD=y # CONFIG_BPF_SYSCALL is not set CONFIG_SHMEM=y # CONFIG_AIO is not set @@ -294,6 +312,7 @@ CONFIG_BLOCK=y CONFIG_BLK_DEV_BSG=y CONFIG_BLK_DEV_BSGLIB=y # CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_THROTTLING is not set # CONFIG_BLK_CMDLINE_PARSER is not set # @@ -327,7 +346,7 @@ CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y CONFIG_QUEUED_SPINLOCKS=y CONFIG_ARCH_USE_QUEUED_RWLOCKS=y CONFIG_QUEUED_RWLOCKS=y -# CONFIG_FREEZER is not set +CONFIG_FREEZER=y # # Processor type and features @@ -712,7 +731,9 @@ CONFIG_VLAN_8021Q=y CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y -# CONFIG_SOCK_CGROUP_DATA is not set +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y CONFIG_NET_RX_BUSY_POLL=y CONFIG_BQL=y # CONFIG_BPF_JIT is not set @@ -2126,8 +2147,8 @@ CONFIG_SYSFS=y CONFIG_TMPFS=y # CONFIG_TMPFS_POSIX_ACL is not set # CONFIG_TMPFS_XATTR is not set -# CONFIG_HUGETLBFS is not set -# CONFIG_HUGETLB_PAGE is not set +CONFIG_HUGETLBFS=y +CONFIG_HUGETLB_PAGE=y CONFIG_ARCH_HAS_GIGANTIC_PAGE=y CONFIG_CONFIGFS_FS=y CONFIG_EFIVAR_FS=y