From 6f48c14d0c9b24148d60025c50355bb9bb6d439f Mon Sep 17 00:00:00 2001 From: Johan Grip Date: Fri, 4 Aug 2017 22:48:27 +0200 Subject: [PATCH 01/17] Update X220 to do generic image instead of qubes. Also added a script to extract the necessary blobs from a bios dump image. --- blobs/x220/.gitignore | 3 + blobs/x220/extract.sh | 64 ++++++++++++++++++ blobs/x220/ifd.bin | Bin 4096 -> 0 bytes blobs/x220/readme.md | 17 ++--- ...{x220-qubes.config => x220-generic.config} | 11 +-- 5 files changed, 80 insertions(+), 15 deletions(-) create mode 100644 blobs/x220/.gitignore create mode 100755 blobs/x220/extract.sh delete mode 100644 blobs/x220/ifd.bin rename config/{x220-qubes.config => x220-generic.config} (58%) diff --git a/blobs/x220/.gitignore b/blobs/x220/.gitignore new file mode 100644 index 00000000..62887eff --- /dev/null +++ b/blobs/x220/.gitignore @@ -0,0 +1,3 @@ +gbe.bin +me.bin +ifd.bin diff --git a/blobs/x220/extract.sh b/blobs/x220/extract.sh new file mode 100755 index 00000000..173ed7fc --- /dev/null +++ b/blobs/x220/extract.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +function printusage { + echo "Usage: $0 -f -m (optional) -i (optional)" + exit 0 +} + +if [ "$#" -eq 0 ]; then printusage; fi + +while getopts ":f:m:i:" opt; do + case $opt in + f) + FILE="$OPTARG" + ;; + m) + if [ -x "$OPTARG" ]; then + MECLEAN="$OPTARG" + fi + ;; + i) + if [ -x "$OPTARG" ]; then + IFDTOOL="$OPTARG" + fi + ;; + esac +done + +if [ -z "$MECLEAN" ]; then + MECLEAN=`command -v me_cleaner.py 2>&1` + if [ -z "$MECLEAN" ]; then + echo "me_cleaner.py required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +if [ -z "$IFDTOOL" ]; then + IFDTOOL=`command -v ifdtool 2>&1` + if [ -z "$IFDTOOL" ]; then + echo "ifdtool required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +echo "FILE: $FILE" +echo "ME: $MECLEAN" +echo "IFD: $IFDTOOL" + +bioscopy=$(mktemp) +extractdir=$(mktemp -d) +BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +cp "$FILE" $bioscopy + +cd "$extractdir" +$IFDTOOL -x $bioscopy +cp "$extractdir/flashregion_3_gbe.bin" "$BLOBDIR/gbe.bin" +$MECLEAN -O "$BLOBDIR/me.bin" -r -t "$extractdir/flashregion_2_intel_me.bin" +$IFDTOOL -n "$BLOBDIR/layout.txt" $bioscopy +$IFDTOOL -x $bioscopy.new +cp "$extractdir/flashregion_0_flashdescriptor.bin" "$BLOBDIR/ifd.bin" + +rm "$bioscopy" +rm "$bioscopy.new" +rm -r "$extractdir" diff --git a/blobs/x220/ifd.bin b/blobs/x220/ifd.bin deleted file mode 100644 index b71c701a0a7c98e0fa13e2b0619c15b86f73faa5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4096 zcmezW9~DF`{lL%6z{1SNBp{@~sK}toz`%g4LWN<1Cr}6sK;j^VB*TApW(ElcMg}H^ z|NN-xK|BzaVC3LHHfOM~o30CZ@H2vZ5e_04m>!-0)5t^vFN1*#gCoOq28Nl);&sdr z9utrnEdC+Y9Uvc&s%KRFXb6mkz-S1JhQMeDjE2By2#kinXb6mkz|aVRLki*ytO~3O z?;RlYepPPnBLh7{Lqkjax`vl50D1%{SpWb4 diff --git a/blobs/x220/readme.md b/blobs/x220/readme.md index d06a24d0..f8c2aabf 100644 --- a/blobs/x220/readme.md +++ b/blobs/x220/readme.md @@ -1,7 +1,7 @@ To build for X220 we need to have the following files in this folder: * `me.bin` - ME binary that has been stripped and truncated with me_cleaner * `gbe.bin` - Network card blob from the original firmware -* `ifd.bin` - Flash layout file has been provided, layout.txt is also present for changes +* `ifd.bin` - Flash layout file has been provided as text To get the binaries, start with a copy of the original lenovo firmware image. If you do not have one already, you can read one out from the laptops SPI flash. @@ -10,22 +10,19 @@ If you do not have one already, you can read one out from the laptops SPI flash. flashrom --programmer internal:laptop=force_I_want_a_brick -r original.bin ``` -Once you have the image, run `ifdtool` to extract the parts. +Once you have the image, the provided extraction script will extract the files needed. ``` -ifdtool -x origin.bin +./extract.sh -f ``` -Rename `flashregion_3_gbe.bin` to `gbe.bin` +Use the options '-m' and '-i' to provide me_cleaner and ifdtool if they can not be located +automatically. -To truncate and neuter the ME blob (this can be done automatically in coreboot 4.6): - -``` -me_cleaner -r -t -O me.bin flashregion_2_intel_me.bin" -``` +The flash layout will be automatically adjusted and the ME image cleaned and truncated. You can now compile the image with: ``` -make CONFIG=config/x220-qubes.config +make CONFIG=config/x220-generic.config ``` diff --git a/config/x220-qubes.config b/config/x220-generic.config similarity index 58% rename from config/x220-qubes.config rename to config/x220-generic.config index a2ca71f1..3c8267c6 100644 --- a/config/x220-qubes.config +++ b/config/x220-generic.config @@ -1,4 +1,4 @@ -# Configuration for a x220 running Qubes OS +# Configuration for a x220 running non-Qubes BOARD=x220 CONFIG_CRYPTSETUP=y @@ -18,8 +18,9 @@ CONFIG_DROPBEAR=y CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y -CONFIG_BOOTSCRIPT=/bin/qubes-init +CONFIG_BOOTSCRIPT=/bin/generic-init -# Disks encrypted by the TPM LUKS key -CONFIG_QUBES_BOOT_DEV="/dev/sda1" -CONFIG_QUBES_VG="qubes_dom0" +CONFIG_BOOT_REQ_HASH=n +CONFIG_BOOT_REQ_ROLLBACK=n +CONFIG_BOOT_DEV="/dev/sda1" +CONFIG_USB_BOOT_DEV="/dev/sdb1" From e8f3d206c557169c60918f436f65c62d37d6f394 Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Sat, 22 Jul 2017 14:25:39 -0400 Subject: [PATCH 02/17] Strip invalid leading/trailing '/' from script params --- initrd/bin/kexec-boot | 2 +- initrd/bin/kexec-iso-init | 6 ++++-- initrd/bin/kexec-parse-boot | 6 +++--- initrd/bin/kexec-save-default | 4 ++++ initrd/bin/kexec-save-key | 3 +++ initrd/bin/kexec-select-boot | 4 ++++ initrd/bin/kexec-sign-config | 2 ++ initrd/bin/usb-scan | 2 +- 8 files changed, 22 insertions(+), 7 deletions(-) diff --git a/initrd/bin/kexec-boot b/initrd/bin/kexec-boot index 0e1ad9e5..71a4e944 100755 --- a/initrd/bin/kexec-boot +++ b/initrd/bin/kexec-boot @@ -22,7 +22,7 @@ if [ -z "$bootdir" -o -z "$entry" ]; then die "Usage: $0 -b /boot -e 'kexec params|...|...'" fi -bootdir=${bootdir%%"/"} +bootdir="${bootdir%%/}" kexectype=`echo $entry | cut -d\| -f2` kexecparams=`echo $entry | cut -d\| -f3- | tr '|' '\n'` diff --git a/initrd/bin/kexec-iso-init b/initrd/bin/kexec-iso-init index 7cf22cb7..3b0a16b5 100755 --- a/initrd/bin/kexec-iso-init +++ b/initrd/bin/kexec-iso-init @@ -15,6 +15,8 @@ if ! [ -r "$ISOSIG" ]; then ISOSIG="$MOUNTED_ISO_PATH.asc" fi +ISO_PATH="${ISO_PATH##/}" + gpgv "$ISOSIG" "$MOUNTED_ISO_PATH" \ || die 'ISO signature failed' @@ -26,7 +28,7 @@ DEV_UUID=`blkid $DEV | tail -1 | tr " " "\n" | grep UUID | cut -d\" -f2` ADD="fromiso=/dev/disk/by-uuid/$DEV_UUID/$ISO_PATH" REMOVE="" -paramsdir="/media/kexec_iso/$ISO_PATH/" +paramsdir="/media/kexec_iso/$ISO_PATH" check_config $paramsdir ADD_FILE=/tmp/kexec/kexec_iso_add.txt @@ -43,7 +45,7 @@ if [ -r $REMOVE_FILE ]; then fi # Call kexec and indicate that hashes have been verified -kexec-select-boot -b /boot -d /media/ -p "$paramsdir" \ +kexec-select-boot -b /boot -d /media -p "$paramsdir" \ -a "$ADD" -r "$REMOVE" -c "*.cfg" -u -i die "Something failed in selecting boot" diff --git a/initrd/bin/kexec-parse-boot b/initrd/bin/kexec-parse-boot index 4c6f8d09..8dfa648d 100755 --- a/initrd/bin/kexec-parse-boot +++ b/initrd/bin/kexec-parse-boot @@ -17,9 +17,9 @@ reset_entry() { } filedir=`dirname $file` -bootdir=${bootdir%%"/"} -bootlen=${#bootdir} -appenddir=${filedir:$bootlen} +bootdir="${bootdir%%/}" +bootlen="${#bootdir}" +appenddir="${filedir:$bootlen}" fix_path() { path="$@" diff --git a/initrd/bin/kexec-save-default b/initrd/bin/kexec-save-default index 70b54c93..0008db37 100755 --- a/initrd/bin/kexec-save-default +++ b/initrd/bin/kexec-save-default @@ -24,6 +24,10 @@ if [ -z "$paramsdir" ]; then paramsdir="$bootdir" fi +bootdir="${bootdir%%/}" +paramsdev="${paramsdev%%/}" +paramsdir="${paramsdir%%/}" + TMP_MENU_FILE="/tmp/kexec/kexec_menu.txt" ENTRY_FILE="$paramsdir/kexec_default.$index.txt" HASH_FILE="$paramsdir/kexec_default_hashes.txt" diff --git a/initrd/bin/kexec-save-key b/initrd/bin/kexec-save-key index 80995c08..6b3ec4e5 100755 --- a/initrd/bin/kexec-save-key +++ b/initrd/bin/kexec-save-key @@ -22,6 +22,9 @@ if [ -z "$paramsdev" ]; then paramsdev="$paramsdir" fi +paramsdev="${paramsdev%%/}" +paramsdir="${paramsdir%%/}" + if [ -n "$lvm_volume_group" ]; then lvm vgchange -a y $lvm_volume_group \ || die "Failed to activate the LVM group" diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot index 6e3d474b..52114bca 100755 --- a/initrd/bin/kexec-select-boot +++ b/initrd/bin/kexec-select-boot @@ -37,6 +37,10 @@ if [ -z "$paramsdir" ]; then paramsdir="$bootdir" fi +bootdir="${bootdir%%/}" +paramsdev="${paramsdev%%/}" +paramsdir="${paramsdir%%/}" + verify_global_hashes() { echo "+++ Checking verified boot hash file " diff --git a/initrd/bin/kexec-sign-config b/initrd/bin/kexec-sign-config index fc91a1d3..a409d521 100755 --- a/initrd/bin/kexec-sign-config +++ b/initrd/bin/kexec-sign-config @@ -17,6 +17,8 @@ if [ -z "$paramsdir" ]; then die "Usage: $0 -p /boot [ -u | -c counter ]" fi +paramsdir="${paramsdir%%/}" + confirm_gpg_card if [ "$rollback" = "y" ]; then diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan index 0089caa2..3d0995fe 100755 --- a/initrd/bin/usb-scan +++ b/initrd/bin/usb-scan @@ -62,6 +62,6 @@ fi echo "!!! Could not find any ISO, trying bootable USB" # Attempt to pull verified config from device -kexec-select-boot -b /media/ -c "*.cfg" -u +kexec-select-boot -b /media -c "*.cfg" -u die "Something failed in selecting boot" From 0897a20b845c387d8c297bf2d006568f2ca88db9 Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Sat, 22 Jul 2017 14:57:46 -0400 Subject: [PATCH 03/17] Ensure recovery for failed default boot Should close #223 Added reboot and poweroff scripts using /proc/sysrq-trigger Also cleaned up the boot loop in generic-init --- initrd/bin/generic-init | 9 ++++++--- initrd/bin/kexec-select-boot | 28 +++++++++++++++++----------- initrd/bin/poweroff | 10 ++++++++++ initrd/bin/reboot | 10 ++++++++++ 4 files changed, 43 insertions(+), 14 deletions(-) create mode 100755 initrd/bin/poweroff create mode 100755 initrd/bin/reboot diff --git a/initrd/bin/generic-init b/initrd/bin/generic-init index aae646c7..c0808e48 100755 --- a/initrd/bin/generic-init +++ b/initrd/bin/generic-init @@ -30,7 +30,7 @@ while true; do recovery "User requested recovery shell" fi - if [ "$totp_confim" = "n" ]; then + if [ "$totp_confirm" = "n" ]; then echo "" echo "To correct clock drift: 'date -s HH:MM:SS'" echo "and save it to the RTC: 'hwclock -w'" @@ -41,18 +41,21 @@ while true; do if [ "$totp_confirm" = "u" ]; then exec /bin/usb-init + continue fi if [ "$totp_confirm" = "m" ]; then # Try to select a kernel from the menu mount_boot kexec-select-boot -m -b /boot -c "grub.cfg" + continue fi - if [ "$totp_confirm" = "y" -o "$totp_confirm" != " " ]; then + if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then # Try to boot the default mount_boot - kexec-select-boot -b /boot -c "grub.cfg" + kexec-select-boot -b /boot -c "grub.cfg" \ + || recovery "Failed default boot" fi done diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot index 52114bca..034890bb 100755 --- a/initrd/bin/kexec-select-boot +++ b/initrd/bin/kexec-select-boot @@ -11,6 +11,7 @@ unique="n" valid_hash="n" valid_global_hash="n" valid_rollback="n" +force_menu="n" while getopts "b:d:p:a:r:c:uim" arg; do case $arg in b) bootdir="$OPTARG" ;; @@ -20,7 +21,7 @@ while getopts "b:d:p:a:r:c:uim" arg; do r) remove="$OPTARG" ;; c) config="$OPTARG" ;; u) unique="y" ;; - m) show_menu="y" ;; + m) force_menu="y" ;; i) valid_hash="y"; valid_rollback="y" ;; esac done @@ -153,6 +154,7 @@ save_default_option() { echo "+++ Saved defaults to device" sleep 2 default_failed="n" + force_menu="n" return else echo "Failed to save defaults" @@ -172,9 +174,7 @@ default_select() { expectedoption=`cat $TMP_DEFAULT_FILE` option=`head -n $default_index $TMP_MENU_FILE | tail -1` if [ "$option" != "$expectedoption" ]; then - warn "!!! Boot entry has changed - please set a new default" - sleep 5 - return + die "!!! Boot entry has changed - please set a new default" fi parse_option @@ -185,7 +185,7 @@ default_select() { echo "+++ Verified default boot hashes " valid_hash='y' else - die "$TMP_DEFAULT_HASH_FILE: default boot hash mismatch" + die "!!! $TMP_DEFAULT_HASH_FILE: default boot hash mismatch" fi echo "+++ Executing default boot for $name:" @@ -208,8 +208,15 @@ user_select() { done if [ "$option_confirm" = "d" ]; then - # reload settings to reflect new default - continue + if [ ! -r "$TMP_KEY_DEVICES" ]; then + # rerun primary boot loop to boot the new default option + continue + else + echo "+++ Rebooting to start the new default option" + sleep 2 + reboot \ + || die "!!! Failed to reboot system" + fi fi do_boot @@ -218,13 +225,11 @@ user_select() { do_boot() { if [ "$CONFIG_BOOT_REQ_ROLLBACK" = "y" -a "$valid_rollback" = "n" ]; then - warn "!!! Missing required rollback counter state" - return + die "!!! Missing required rollback counter state" fi if [ "$CONFIG_BOOT_REQ_HASH" = "y" -a "$valid_hash" = "n" ]; then - warn "!!! Missing required boot hashes" - return + die "!!! Missing required boot hashes" fi if [ -r "$TMP_KEY_DEVICES" ]; then @@ -286,6 +291,7 @@ while true; do fi if [ "$default_failed" != "y" \ + -a "$force_menu" = "n" \ -a -r "$TMP_DEFAULT_FILE" \ -a -r "$TMP_DEFAULT_HASH_FILE" ] \ ; then diff --git a/initrd/bin/poweroff b/initrd/bin/poweroff new file mode 100755 index 00000000..f7a0b123 --- /dev/null +++ b/initrd/bin/poweroff @@ -0,0 +1,10 @@ +#!/bin/sh + +# Sync all mounted filesystems +echo s > /proc/sysrq-trigger + +# Remount all mounted filesystems in read-only mode +echo u > /proc/sysrq-trigger + +# Shut off the system +echo o > /proc/sysrq-trigger diff --git a/initrd/bin/reboot b/initrd/bin/reboot new file mode 100755 index 00000000..aab0fd7d --- /dev/null +++ b/initrd/bin/reboot @@ -0,0 +1,10 @@ +#!/bin/sh + +# Sync all mounted filesystems +echo s > /proc/sysrq-trigger + +# Remount all mounted filesystems in read-only mode +echo u > /proc/sysrq-trigger + +# Immediately reboot the system, without unmounting or syncing filesystems +echo b > /proc/sysrq-trigger From 26b2d498977f793c8092226ab9f0be93231dbb54 Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Sat, 22 Jul 2017 16:32:10 -0400 Subject: [PATCH 04/17] Allow TPM LUKS key to be set during default selection Closes #222 --- initrd/bin/kexec-save-default | 33 ++++++++++++++++++++++++++++++++- initrd/bin/kexec-save-key | 14 +++++++++----- initrd/bin/kexec-sign-config | 2 ++ initrd/bin/usb-scan | 4 ++-- initrd/etc/functions | 13 +++++++++++++ 5 files changed, 58 insertions(+), 8 deletions(-) diff --git a/initrd/bin/kexec-save-default b/initrd/bin/kexec-save-default index 0008db37..e7c88be0 100755 --- a/initrd/bin/kexec-save-default +++ b/initrd/bin/kexec-save-default @@ -3,7 +3,7 @@ set -e -o pipefail . /etc/functions -while getopts "b:d:p:e:i:" arg; do +while getopts "b:d:p:i:" arg; do case $arg in b) bootdir="$OPTARG" ;; d) paramsdev="$OPTARG" ;; @@ -41,6 +41,37 @@ if [ -z "$entry" ]; then die "Invalid menu index $index" fi +KEY_DEVICE_FILE="$paramsdir/kexec_key_devices.txt" +if [ ! -r "$KEY_DEVICE_FILE" ]; then + read \ + -n 1 \ + -p "Do you wish to add a disk encryption to the TPM [y/N]: " \ + add_key_confirm + echo + + if [ "$add_key_confirm" = "y" \ + -o "$add_key_confirm" = "Y" ] \ + ; then + read \ + -p "Encrypted LVM group? (e.g. qubes_dom0 or blank): " \ + lvm_volume_group + + read \ + -p "Encrypted devices? (e.g. /dev/sda2 or blank): " \ + key_devices + + save_key_params="-s -p $paramsdev" + if [ -n "$lvm_volume_group" ]; then + save_key_params="$save_key_params -l $lvm_volume_group $key_devices" + else + save_key_params="$save_key_params $key_devices" + fi + echo "Running kexec-save-key with params: $save_key_params" + kexec-save-key $save_key_params \ + || die "Failed to save the disk key" + fi +fi + # try to switch to rw mode mount -o rw,remount $paramsdev diff --git a/initrd/bin/kexec-save-key b/initrd/bin/kexec-save-key index 6b3ec4e5..2ea17f63 100755 --- a/initrd/bin/kexec-save-key +++ b/initrd/bin/kexec-save-key @@ -4,8 +4,10 @@ set -e -o pipefail . /etc/functions lvm_volume_group="" -while getopts "p:d:l:" arg; do +skip_sign="n" +while getopts "sp:d:l:" arg; do case $arg in + s) skip_sign="y" ;; p) paramsdir="$OPTARG" ;; d) paramsdev="$OPTARG" ;; l) lvm_volume_group="$OPTARG" ;; @@ -15,7 +17,7 @@ shift `expr $OPTIND - 1` key_devices="$@" if [ -z "$paramsdir" ]; then - die "Usage: $0 -p /boot [-l qubes_dom0] [/dev/sda2 /dev/sda5 ...] " + die "Usage: $0 [-s] -p /boot [-l qubes_dom0] [/dev/sda2 /dev/sda5 ...] " fi if [ -z "$paramsdev" ]; then @@ -58,9 +60,11 @@ done kexec-seal-key $paramsdir \ || die "Failed to save and generate key in TPM" -# sign and auto-roll config counter -kexec-sign-config -p $paramsdir -u \ -|| die "Failed to sign updated config" +if [ "$skip_sign" != "y" ]; then + # sign and auto-roll config counter + kexec-sign-config -p $paramsdir -u \ + || die "Failed to sign updated config" +fi # switch back to ro mode mount -o ro,remount $paramsdev diff --git a/initrd/bin/kexec-sign-config b/initrd/bin/kexec-sign-config index a409d521..bf47d804 100755 --- a/initrd/bin/kexec-sign-config +++ b/initrd/bin/kexec-sign-config @@ -54,6 +54,8 @@ for tries in 1 2 3; do -a \ > $paramsdir/kexec.sig \ ; then + # successful - update the validated params + check_config $paramsdir exit 0 fi done diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan index 3d0995fe..aa5b7d7f 100755 --- a/initrd/bin/usb-scan +++ b/initrd/bin/usb-scan @@ -7,13 +7,13 @@ set -e -o pipefail # Unmount any previous boot device if grep -q /boot /proc/mounts ; then umount /boot \ - || die '$CONFIG_USB_BOOT_DEV: Unable to unmount /boot' + || die "Unable to unmount /boot" fi # Mount the USB boot device if ! grep -q /media /proc/mounts ; then mount-usb "$CONFIG_USB_BOOT_DEV" \ - || die '$CONFIG_USB_BOOT_DEV: Unable to mount /media' + || die "Unable to mount /media" fi # Check for ISO first diff --git a/initrd/etc/functions b/initrd/etc/functions index 59aabdbb..eb8a7289 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -70,6 +70,19 @@ confirm_totp() confirm_gpg_card() { + read \ + -n 1 \ + -p "Please confirm that your GPG card is inserted [Y/n]: " \ + card_confirm + echo + + if [ "$card_confirm" != "y" \ + -a "$card_confirm" != "Y" \ + -a -n "$card_confirm" ] \ + ; then + die "gpg card not confirmed" + fi + # setup the USB so we can reach the GPG card if ! lsmod | grep -q ehci_hcd; then insmod /lib/modules/ehci-hcd.ko \ From 7cec25542d45b7a2251c395a2e6ffc5ac16cf3ba Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Sat, 29 Jul 2017 13:24:34 -0400 Subject: [PATCH 05/17] Allow boot without unseal of TPM LUKS key Closes issue #226 Also changed to procedure to show LVM volume groups and block device ids to aid in choosing the right combination during the TPM LUKS key sealing process. --- initrd/bin/kexec-insert-key | 32 ++++++++++++--- initrd/bin/kexec-save-default | 75 ++++++++++++++++++++++++++--------- initrd/bin/kexec-unseal-key | 6 ++- 3 files changed, 87 insertions(+), 26 deletions(-) diff --git a/initrd/bin/kexec-insert-key b/initrd/bin/kexec-insert-key index ef403e3a..5b4020ec 100755 --- a/initrd/bin/kexec-insert-key +++ b/initrd/bin/kexec-insert-key @@ -39,14 +39,32 @@ mkdir -p "$INITRD_DIR/etc" # Attempt to unseal the disk key from the TPM # should we give this some number of tries? +unseal_failed="n" if ! kexec-unseal-key "$INITRD_DIR/secret.key" ; then - die 'Unseal disk key failed' + unseal_failed="y" + echo "!!! Failed to unseal the TPM LUKS disk key" fi # Override PCR 4 so that user can't read the key tpm extend -ix 4 -ic generic \ || die 'Unable to scramble PCR' +# Check to continue +if [ "$unseal_failed" = "y" ]; then + confirm_boot="n" + read \ + -n 1 \ + -p "Do you wish to boot and use the disk recovery key? [Y/n] " \ + confirm_boot + + if [ "$confirm_boot" != 'y' \ + -a "$confirm_boot" != 'Y' \ + -a -n "$confirm_boot" ] \ + ; then + die "!!! Aborting boot due to failure to unseal TPM disk key" + fi +fi + echo '+++ Building initrd' # pad the initramfs (dracut doesn't pad the last gz blob) # without this the kernel init/initramfs.c fails to read @@ -54,8 +72,10 @@ echo '+++ Building initrd' dd if="$INITRD" of="$SECRET_CPIO" bs=512 conv=sync \ || die "Failed to copy initrd to /tmp" -# overwrite /etc/crypttab to mirror the behavior for in seal-key -for uuid in `cat "$TMP_KEY_DEVICES" | cut -d\ -f2`; do - echo "luks-$uuid UUID=$uuid /secret.key" >> "$INITRD_DIR/etc/crypttab" -done -( cd "$INITRD_DIR" ; find . -type f | cpio -H newc -o ) >> "$SECRET_CPIO" +if [ "$unseal_failed" = "n" ]; then + # overwrite /etc/crypttab to mirror the behavior for in seal-key + for uuid in `cat "$TMP_KEY_DEVICES" | cut -d\ -f2`; do + echo "luks-$uuid UUID=$uuid /secret.key" >> "$INITRD_DIR/etc/crypttab" + done + ( cd "$INITRD_DIR" ; find . -type f | cpio -H newc -o ) >> "$SECRET_CPIO" +fi diff --git a/initrd/bin/kexec-save-default b/initrd/bin/kexec-save-default index e7c88be0..0ca4422a 100755 --- a/initrd/bin/kexec-save-default +++ b/initrd/bin/kexec-save-default @@ -41,8 +41,10 @@ if [ -z "$entry" ]; then die "Invalid menu index $index" fi -KEY_DEVICE_FILE="$paramsdir/kexec_key_devices.txt" -if [ ! -r "$KEY_DEVICE_FILE" ]; then +KEY_DEVICES="$paramsdir/kexec_key_devices.txt" +KEY_LVM="$paramsdir/kexec_key_lvm.txt" +save_key="n" +if [ ! -r "$KEY_DEVICES" ]; then read \ -n 1 \ -p "Do you wish to add a disk encryption to the TPM [y/N]: " \ @@ -52,24 +54,59 @@ if [ ! -r "$KEY_DEVICE_FILE" ]; then if [ "$add_key_confirm" = "y" \ -o "$add_key_confirm" = "Y" ] \ ; then - read \ - -p "Encrypted LVM group? (e.g. qubes_dom0 or blank): " \ - lvm_volume_group - - read \ - -p "Encrypted devices? (e.g. /dev/sda2 or blank): " \ - key_devices - - save_key_params="-s -p $paramsdev" - if [ -n "$lvm_volume_group" ]; then - save_key_params="$save_key_params -l $lvm_volume_group $key_devices" - else - save_key_params="$save_key_params $key_devices" - fi - echo "Running kexec-save-key with params: $save_key_params" - kexec-save-key $save_key_params \ - || die "Failed to save the disk key" + lvm_suggest="e.g. qubes_dom0 or blank" + devices_suggest="e.g. /dev/sda2 or blank" + save_key="y" fi +else + read \ + -n 1 \ + -p "Do you want to reseal a disk key to the TPM [y/N]: " \ + change_key_confirm + echo + + if [ "$change_key_confirm" = "y" \ + -o "$change_key_confirm" = "Y" ] \ + ; then + old_lvm_volume_group="" + if [ -r "$KEY_LVM" ]; then + old_lvm_volume_group=`cat $KEY_LVM` || true + old_key_devices=`cat $KEY_DEVICES | cut -d\ -f1 \ + | grep -v "$old_lvm_volume_group" | xargs` || true + else + old_key_devices=`cat $KEY_DEVICES | cut -d\ -f1 | xargs` || true + fi + + lvm_suggest="was '$old_lvm_volume_group'" + devices_suggest="was '$old_key_devices'" + save_key="y" + fi +fi + +if [ "$save_key" = "y" ]; then + echo "+++ LVM volume groups (lvm vgscan): " + lvm vgscan || true + + read \ + -p "Encrypted LVM group? ($lvm_suggest): " \ + lvm_volume_group + + echo "+++ Block devices (blkid): " + blkid || true + + read \ + -p "Encrypted devices? ($devices_suggest): " \ + key_devices + + save_key_params="-s -p $paramsdev" + if [ -n "$lvm_volume_group" ]; then + save_key_params="$save_key_params -l $lvm_volume_group $key_devices" + else + save_key_params="$save_key_params $key_devices" + fi + echo "Running kexec-save-key with params: $save_key_params" + kexec-save-key $save_key_params \ + || die "Failed to save the disk key" fi # try to switch to rw mode diff --git a/initrd/bin/kexec-unseal-key b/initrd/bin/kexec-unseal-key index ce228897..122ede4d 100755 --- a/initrd/bin/kexec-unseal-key +++ b/initrd/bin/kexec-unseal-key @@ -24,9 +24,13 @@ tpm nv_readvalue \ || die "Unable to read key from TPM NVRAM" for tries in 1 2 3; do - read -s -p "Enter unlock password: " tpm_password + read -s -p "Enter unlock password (blank to abort): " tpm_password echo + if [ -z "$tpm_password" ]; then + die "Aborting unseal disk encryption key" + fi + if tpm unsealfile \ -if "$sealed_file" \ -of "$key_file" \ From 472ffd35c0a5d8b9d4d678a3ab5117722cccf2ae Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Sun, 30 Jul 2017 17:33:26 -0400 Subject: [PATCH 06/17] Moved kernel command line parameters to config --- config/x230-generic.config | 2 ++ initrd/bin/kexec-boot | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/config/x230-generic.config b/config/x230-generic.config index 966fdd29..373a090b 100644 --- a/config/x230-generic.config +++ b/config/x230-generic.config @@ -22,5 +22,7 @@ CONFIG_BOOTSCRIPT=/bin/generic-init CONFIG_BOOT_REQ_HASH=n CONFIG_BOOT_REQ_ROLLBACK=n +CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +CONFIG_BOOT_KERNEL_REMOVE="quiet" CONFIG_BOOT_DEV="/dev/sda1" CONFIG_USB_BOOT_DEV="/dev/sdb1" diff --git a/initrd/bin/kexec-boot b/initrd/bin/kexec-boot index 71a4e944..362354af 100755 --- a/initrd/bin/kexec-boot +++ b/initrd/bin/kexec-boot @@ -1,6 +1,7 @@ #!/bin/sh # Launches kexec from saved configuration entries set -e -o pipefail +. /etc/config . /etc/functions dryrun="n" @@ -28,9 +29,8 @@ kexectype=`echo $entry | cut -d\| -f2` kexecparams=`echo $entry | cut -d\| -f3- | tr '|' '\n'` kexeccmd="kexec" -# TODO: make this configurable -cmdadd="intel_iommu=on $cmdadd" -cmdremove="quiet $cmdremove" +cmdadd="$CONFIG_BOOT_KERNEL_ADD $cmdadd" +cmdremove="$CONFIG_BOOT_KERNEL_REMOVE $cmdremove" fix_file_path() { if [ "$printfiles" = "y" ]; then From 821e48446a19c53a1afdd433ff79e9d74068c5b1 Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Wed, 16 Aug 2017 21:52:06 -0400 Subject: [PATCH 07/17] Updated to match latest qubes 3.2 xen 4.6.6-29 (issue #238) --- modules/xen | 6 +++--- patches/{xen-4.6.5-28.patch => xen-4.6.6-29.patch} | 0 2 files changed, 3 insertions(+), 3 deletions(-) rename patches/{xen-4.6.5-28.patch => xen-4.6.6-29.patch} (100%) diff --git a/modules/xen b/modules/xen index cb81109d..cc4dcd98 100644 --- a/modules/xen +++ b/modules/xen @@ -2,12 +2,12 @@ modules-$(CONFIG_XEN) += xen # We extract the entire Xen tree, but only use the xen/xen hypervisor # portion since Qubes provides the rest of it. -xen_base_version := 4.6.5 -xen_version := $(xen_base_version)-28 +xen_base_version := 4.6.6 +xen_version := $(xen_base_version)-29 xen_dir := qubes-vmm-xen-$(xen_version)/ xen_tar := qubes-vmm-xen-$(xen_version).tar.gz xen_url := https://github.com/QubesOS/qubes-vmm-xen/archive/v$(xen_version).tar.gz -xen_hash := 314b01af6726ed7b09dfd72ff8b224636d822d432790765287abeedc81fd86b2 +xen_hash := 64bf6a7179252d954ed67cfc7b64af88016812164032e4aaa30e0fc996e73d90 xen_depends := musl-cross diff --git a/patches/xen-4.6.5-28.patch b/patches/xen-4.6.6-29.patch similarity index 100% rename from patches/xen-4.6.5-28.patch rename to patches/xen-4.6.6-29.patch From ec1a54c6b61b10b9dbdc7e7791c0bd75ba93cb11 Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Wed, 13 Sep 2017 21:14:13 -0400 Subject: [PATCH 08/17] Updated to match latest qubes 3.2 xen 4.6.6-30 (issue #238) --- modules/xen | 4 ++-- patches/{xen-4.6.6-29.patch => xen-4.6.6-30.patch} | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename patches/{xen-4.6.6-29.patch => xen-4.6.6-30.patch} (100%) diff --git a/modules/xen b/modules/xen index cc4dcd98..66f163f6 100644 --- a/modules/xen +++ b/modules/xen @@ -3,11 +3,11 @@ modules-$(CONFIG_XEN) += xen # We extract the entire Xen tree, but only use the xen/xen hypervisor # portion since Qubes provides the rest of it. xen_base_version := 4.6.6 -xen_version := $(xen_base_version)-29 +xen_version := $(xen_base_version)-30 xen_dir := qubes-vmm-xen-$(xen_version)/ xen_tar := qubes-vmm-xen-$(xen_version).tar.gz xen_url := https://github.com/QubesOS/qubes-vmm-xen/archive/v$(xen_version).tar.gz -xen_hash := 64bf6a7179252d954ed67cfc7b64af88016812164032e4aaa30e0fc996e73d90 +xen_hash := 65cdbdb77d30475d77d849011343cba970b61c99d6638ccfeca4b7bbc308dc36 xen_depends := musl-cross diff --git a/patches/xen-4.6.6-29.patch b/patches/xen-4.6.6-30.patch similarity index 100% rename from patches/xen-4.6.6-29.patch rename to patches/xen-4.6.6-30.patch From 41f49237c636bf6ff12938253641b317a932fa09 Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Wed, 13 Sep 2017 22:10:46 -0400 Subject: [PATCH 09/17] Added configurable xen version for Qubes 4 support also addresses issue #238 --- config/purism13v1-qubes.config | 1 + config/qemu-moc.config | 1 + config/x220-qubes.config | 1 + config/x230-generic.config | 1 + modules/xen | 16 +++- patches/xen-4.8.2-2.patch | 130 +++++++++++++++++++++++++++++++++ 6 files changed, 146 insertions(+), 4 deletions(-) create mode 100644 patches/xen-4.8.2-2.patch diff --git a/config/purism13v1-qubes.config b/config/purism13v1-qubes.config index 21b24806..abbd5ea3 100644 --- a/config/purism13v1-qubes.config +++ b/config/purism13v1-qubes.config @@ -13,6 +13,7 @@ CONFIG_POPT=y CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_XEN=y +CONFIG_XEN_VERSION=4.6 CONFIG_LINUX_USB=y #CONFIG_LINUX_E1000E=y diff --git a/config/qemu-moc.config b/config/qemu-moc.config index 553487d5..7f8f0f6c 100644 --- a/config/qemu-moc.config +++ b/config/qemu-moc.config @@ -15,6 +15,7 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_DROPBEAR=y CONFIG_XEN=y +CONFIG_XEN_VERSION=4.6 CONFIG_LINUX_USB=y CONFIG_LINUX_E1000=y diff --git a/config/x220-qubes.config b/config/x220-qubes.config index a2ca71f1..dbc1ede8 100644 --- a/config/x220-qubes.config +++ b/config/x220-qubes.config @@ -13,6 +13,7 @@ CONFIG_POPT=y CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_XEN=y +CONFIG_XEN_VERSION=4.6 CONFIG_DROPBEAR=y CONFIG_LINUX_USB=y diff --git a/config/x230-generic.config b/config/x230-generic.config index 373a090b..53ad7346 100644 --- a/config/x230-generic.config +++ b/config/x230-generic.config @@ -13,6 +13,7 @@ CONFIG_POPT=y CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_XEN=y +CONFIG_XEN_VERSION=4.8 CONFIG_DROPBEAR=y CONFIG_LINUX_USB=y diff --git a/modules/xen b/modules/xen index 66f163f6..7279536e 100644 --- a/modules/xen +++ b/modules/xen @@ -1,13 +1,20 @@ modules-$(CONFIG_XEN) += xen +ifeq "$(CONFIG_XEN_VERSION)" "4.8" + xen_base_version := 4.8.2 + xen_version := $(xen_base_version)-2 + xen_hash := 866855dfbe1e7d6086738e2e82fa0475bf831f4a65df224abf6dc5589122c7d5 +else + xen_base_version := 4.6.6 + xen_version := $(xen_base_version)-30 + xen_hash := 65cdbdb77d30475d77d849011343cba970b61c99d6638ccfeca4b7bbc308dc36 +endif + # We extract the entire Xen tree, but only use the xen/xen hypervisor # portion since Qubes provides the rest of it. -xen_base_version := 4.6.6 -xen_version := $(xen_base_version)-30 -xen_dir := qubes-vmm-xen-$(xen_version)/ +xen_dir := qubes-vmm-xen-$(xen_version) xen_tar := qubes-vmm-xen-$(xen_version).tar.gz xen_url := https://github.com/QubesOS/qubes-vmm-xen/archive/v$(xen_version).tar.gz -xen_hash := 65cdbdb77d30475d77d849011343cba970b61c99d6638ccfeca4b7bbc308dc36 xen_depends := musl-cross @@ -23,4 +30,5 @@ xen_target := \ XEN_BUILD_TIME=00:00:00 \ XEN_BUILD_HOST=xen-buildhost \ CC="$(CROSS)gcc -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-builtin-macro-redefined -D__FILE__=\\\"__FILE__\\\"" \ + HOSTCC="gcc" \ xen.gz diff --git a/patches/xen-4.8.2-2.patch b/patches/xen-4.8.2-2.patch new file mode 100644 index 00000000..dbd69d93 --- /dev/null +++ b/patches/xen-4.8.2-2.patch @@ -0,0 +1,130 @@ +diff --git ./Makefile ./Makefile +index 75df729..4113caa 100644 +--- ./Makefile ++++ ./Makefile +@@ -122,6 +122,7 @@ verrel: + + .PHONY: clean + clean:: ++ rm -rf xen-$(version)/ + @echo "Running the %clean script of the rpmbuild..." + -$(RPMBUILD) --clean --nodeps $(SPECFILE) + +@@ -153,6 +154,14 @@ update-repo-installer: + for pkg in $(xen-pkgs); do ln -f rpm/x86_64/$$pkg*.rpm ../installer/yum/qubes-dom0/rpm/; done + ln -f rpm/x86_64/xen-hvm-$(version)gui2*-$(release).$(DIST_DOM0)*.rpm ../installer/yum/qubes-dom0/rpm/ + ++xen-$(version)/.canary: xen-$(version).tar.gz ++ tar xzvf xen-$(version).tar.gz ++ cd xen-$(version) && ../apply-patches ../series.conf ../ ++ touch $@ ++ ++xen.gz: xen-$(version)/.canary ++ $(MAKE) -C xen-$(version)/ xen ++ + help: + @echo "Usage: make " + @echo +diff --git ./apply-patches ./apply-patches +index b1c8468..74a4c20 100755 +--- ./apply-patches ++++ ./apply-patches +@@ -6,8 +6,7 @@ + + USAGE="$0 [--vanilla] [symbol ...]" + +-set -e +-set -o pipefail ++set -euf + if test $# -lt 2; then + echo "$USAGE" >&2 + exit 1 +@@ -17,10 +16,7 @@ SERIES_CONF=$1 + PATCH_DIR=$2 + shift 2 + +-( +- echo "trap 'echo \"*** patch \$_ failed ***\"' ERR" +- echo "set -ex" +- egrep -v '^\s*#|^\s*$' <"$SERIES_CONF" | \ +- sed "s|^|patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/|" +-) | sh +- ++for i in `egrep -v '^\s*#|^\s*$' < $SERIES_CONF` ++do ++ patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/$i ++done +diff --git ./patches.heads/heads.patch ./patches.heads/heads.patch +new file mode 100644 +index 0000000..d956f8a +--- /dev/null ++++ ./patches.heads/heads.patch +@@ -0,0 +1,54 @@ ++diff -u --recursive xen-4.8.2-clean/xen/arch/x86/boot/head.S xen-4.8.2/xen/arch/x86/boot/head.S ++--- xen-4.8.2-clean/xen/arch/x86/boot/head.S 2017-09-06 06:26:35.000000000 -0400 +++++ xen-4.8.2/xen/arch/x86/boot/head.S 2017-09-13 21:58:31.186882703 -0400 ++@@ -86,6 +86,8 @@ ++ cmp $MULTIBOOT_BOOTLOADER_MAGIC,%eax ++ jne not_multiboot ++ +++#if 0 +++ ++ /* Set up trampoline segment 64k below EBDA */ ++ movzwl 0x40e,%ecx /* EBDA segment */ ++ cmp $0xa000,%ecx /* sanity check (high) */ ++@@ -108,6 +110,12 @@ ++ shl $10-4,%edx ++ cmp %ecx,%edx /* compare with BDA value */ ++ cmovb %edx,%ecx /* and use the smaller */ +++#else +++ // coreboot does not provide an Extended BIOS Data Area pointer +++ // just stash things the Multiboot structure, adjusted to bytes +++ mov MB_mem_lower(%ebx),%ecx +++ shl $10-4,%ecx +++#endif ++ ++ 2: /* Reserve 64kb for the trampoline */ ++ sub $0x1000,%ecx ++diff -u --recursive xen-4.8.2-clean/xen/arch/x86/boot/mkelf32.c xen-4.8.2/xen/arch/x86/boot/mkelf32.c ++--- xen-4.8.2-clean/xen/arch/x86/boot/mkelf32.c 2017-09-06 06:26:35.000000000 -0400 +++++ xen-4.8.2/xen/arch/x86/boot/mkelf32.c 2017-09-13 21:58:31.186882703 -0400 ++@@ -264,10 +264,10 @@ ++ int bytes, todo, i = 1; ++ int num_phdrs = 1; ++ ++- Elf32_Ehdr in32_ehdr; +++ Elf32_Ehdr in32_ehdr = {}; ++ ++- Elf64_Ehdr in64_ehdr; ++- Elf64_Phdr in64_phdr; +++ Elf64_Ehdr in64_ehdr = {}; +++ Elf64_Phdr in64_phdr = {}; ++ ++ if ( argc < 5 ) ++ { ++diff -u --recursive xen-4.8.2-clean/xen/Makefile xen-4.8.2/xen/Makefile ++--- xen-4.8.2-clean/xen/Makefile 2017-09-06 06:26:35.000000000 -0400 +++++ xen-4.8.2/xen/Makefile 2017-09-13 21:58:31.186882703 -0400 ++@@ -152,7 +152,7 @@ ++ fi ++ ++ .banner: Makefile ++- @if which figlet >/dev/null 2>&1 ; then \ +++ @if false ; then \ ++ echo " Xen $(XEN_FULLVERSION)" | figlet -f tools/xen.flf > $@.tmp; \ ++ else \ ++ echo " Xen $(XEN_FULLVERSION)" > $@.tmp; \ +diff --git ./series.conf ./series.conf +index 18fd577..56174a9 100644 +--- ./series.conf ++++ ./series.conf +@@ -68,6 +68,9 @@ patches.qubes/xenconsoled-enable-logging.patch + patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch + patches.qubes/xen-hotplug-qubesdb-update.patch + ++# Custom patches for Heads ++patches.heads/heads.patch ++ + #python3 + patches.misc/0001-python-check-return-value-of-PyErr_NewException.patch + patches.misc/0002-python-drop-tp_getattr-implementation.patch From 1a34bd9d6f2bd6d3ce89421bfc461b268fef49aa Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Mon, 21 Aug 2017 23:40:17 -0400 Subject: [PATCH 10/17] Updated to coreboot 4.6 Also changed x220 and purism configs to use generic boot --- config/coreboot-purism13v1.config | 110 +++++++++----- config/coreboot-qemu.config | 97 +++++++----- config/coreboot-x220.config | 103 ++++++++----- config/coreboot-x230.config | 111 +++++++++----- config/coreboot-x230.flash.config | 110 +++++++++----- config/purism13v1-qubes.config | 11 +- config/x220-generic.config | 2 + modules/coreboot | 6 +- ...{coreboot-4.5.patch => coreboot-4.6.patch} | 140 ++++++++---------- 9 files changed, 418 insertions(+), 272 deletions(-) rename patches/{coreboot-4.5.patch => coreboot-4.6.patch} (79%) diff --git a/config/coreboot-purism13v1.config b/config/coreboot-purism13v1.config index 6b05cfb5..ef623a60 100644 --- a/config/coreboot-purism13v1.config +++ b/config/coreboot-purism13v1.config @@ -6,6 +6,7 @@ # # General setup # +CONFIG_COREBOOT_BUILD=y CONFIG_LOCALVERSION="" CONFIG_CBFS_PREFIX="fallback" CONFIG_COMPILER_GCC=y @@ -13,35 +14,24 @@ CONFIG_COMPILER_GCC=y # CONFIG_ANY_TOOLCHAIN is not set # CONFIG_CCACHE is not set # CONFIG_FMD_GENPARSER is not set -# CONFIG_SCONFIG_GENPARSER is not set -# CONFIG_UNCOMPRESSED_RAMSTAGE is not set +# CONFIG_UTIL_GENPARSER is not set CONFIG_COMPRESS_RAMSTAGE=y CONFIG_INCLUDE_CONFIG_FILE=y -# CONFIG_NO_XIP_EARLY_STAGES is not set -CONFIG_EARLY_CBMEM_INIT=y -# CONFIG_EARLY_CBMEM_LIST is not set CONFIG_COLLECT_TIMESTAMPS=y CONFIG_USE_BLOBS=y # CONFIG_COVERAGE is not set -CONFIG_RELOCATABLE_MODULES=y CONFIG_RELOCATABLE_RAMSTAGE=y CONFIG_CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM=y -# CONFIG_NO_STAGE_CACHE is not set -CONFIG_BOOTBLOCK_SIMPLE=y -# CONFIG_BOOTBLOCK_NORMAL is not set -CONFIG_BOOTBLOCK_CUSTOM=y -CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c" -# CONFIG_C_ENVIRONMENT_BOOTBLOCK is not set # CONFIG_UPDATE_IMAGE is not set -# CONFIG_GENERIC_GPIO_LIB is not set -# CONFIG_BOARD_ID_AUTO is not set -# CONFIG_BOARD_ID_MANUAL is not set -# CONFIG_RAM_CODE_SUPPORT is not set # CONFIG_BOOTSPLASH_IMAGE is not set # # Mainboard # + +# +# Important: Run 'make distclean' before switching boards +# # CONFIG_VENDOR_A_TREND is not set # CONFIG_VENDOR_AAEON is not set # CONFIG_VENDOR_ABIT is not set @@ -86,6 +76,7 @@ CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c" # CONFIG_VENDOR_LENOVO is not set # CONFIG_VENDOR_LINUTOP is not set # CONFIG_VENDOR_LIPPERT is not set +# CONFIG_VENDOR_LOWRISC is not set # CONFIG_VENDOR_MITAC is not set # CONFIG_VENDOR_MSI is not set # CONFIG_VENDOR_NEC is not set @@ -97,6 +88,7 @@ CONFIG_VENDOR_PURISM=y # CONFIG_VENDOR_RCA is not set # CONFIG_VENDOR_RODA is not set # CONFIG_VENDOR_SAMSUNG is not set +# CONFIG_VENDOR_SAPPHIRE is not set # CONFIG_VENDOR_SIEMENS is not set # CONFIG_VENDOR_SOYO is not set # CONFIG_VENDOR_SUNW is not set @@ -118,6 +110,7 @@ CONFIG_CACHE_ROM_SIZE_OVERRIDE=0x0 CONFIG_CBFS_SIZE=0x600000 CONFIG_VGA_BIOS_ID="8086,1616" # CONFIG_ONBOARD_VGA_IS_PRIMARY is not set +CONFIG_DIMM_SPD_SIZE=256 CONFIG_VGA_BIOS=y CONFIG_MAINBOARD_SERIAL_NUMBER="System Serial Number" CONFIG_DCACHE_RAM_BASE=0xff7c0000 @@ -127,17 +120,22 @@ CONFIG_MMCONF_BASE_ADDRESS=0xf0000000 CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Purism" CONFIG_HAVE_IFD_BIN=y CONFIG_HAVE_ME_BIN=y +CONFIG_DEVICETREE="devicetree.cb" CONFIG_MAX_REBOOT_CNT=3 CONFIG_ID_SECTION_OFFSET=0x80 +# CONFIG_VBOOT is not set CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0 -CONFIG_DRIVERS_PS2_KEYBOARD=y -CONFIG_DEVICETREE="devicetree.cb" +CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00 # CONFIG_DRIVERS_UART_8250IO is not set +CONFIG_FMDFILE="" +CONFIG_IFD_BIN_PATH="3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin" +CONFIG_ME_BIN_PATH="3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin" # CONFIG_HAVE_GBE_BIN is not set CONFIG_CPU_ADDR_BITS=36 CONFIG_DEFAULT_CONSOLE_LOGLEVEL=8 # CONFIG_USBDEBUG is not set CONFIG_MAINBOARD_VERSION="1.0" +CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_BOARD_PURISM_LIBREM13=y CONFIG_NO_POST=y CONFIG_PRE_GRAPHICS_DELAY=50 @@ -156,9 +154,8 @@ CONFIG_COREBOOT_ROMSIZE_KB_8192=y # CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set CONFIG_COREBOOT_ROMSIZE_KB=8192 CONFIG_ROM_SIZE=0x800000 -CONFIG_FMDFILE="" # CONFIG_MAINBOARD_HAS_TPM2 is not set -# CONFIG_SYSTEM_TYPE_LAPTOP is not set +CONFIG_SYSTEM_TYPE_LAPTOP=y # CONFIG_CBFS_AUTOGEN_ATTRIBUTES is not set # @@ -177,6 +174,8 @@ CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y CONFIG_ROMSTAGE_ADDR=0x2000000 CONFIG_VERSTAGE_ADDR=0x2000000 CONFIG_CACHE_MRC_SETTINGS=y +# CONFIG_MRC_SETTINGS_VARIABLE_DATA is not set +CONFIG_HEAP_SIZE=0x4000 CONFIG_SPI_FLASH_INCLUDE_ALL_DRIVERS=y CONFIG_SMM_RESERVED_SIZE=0x100000 CONFIG_SMM_TSEG_SIZE=0x800000 @@ -184,7 +183,6 @@ CONFIG_HAVE_MRC=y CONFIG_MRC_FILE="3rdparty/blobs/mrc.bin" CONFIG_MRC_BIN_ADDRESS=0xfffa0000 CONFIG_DCACHE_RAM_MRC_VAR_SIZE=0x30000 -CONFIG_DCACHE_RAM_ROMSTAGE_STACK_SIZE=0x2000 # CONFIG_RESET_ON_INVALID_RAMSTAGE_CACHE is not set CONFIG_HAVE_REFCODE_BLOB=y CONFIG_REFCODE_BLOB_FILE="3rdparty/blobs/refcode.elf" @@ -200,26 +198,32 @@ CONFIG_CACHE_MRC_SIZE_KB=512 CONFIG_EHCI_BAR=0xd8000000 CONFIG_EHCI_DEBUG_OFFSET=0xa0 CONFIG_SERIRQ_CONTINUOUS_MODE=y -# CONFIG_BROADWELL_POWER_OPTIMIZER is not set CONFIG_SOC_INTEL_COMMON=y + +# +# Intel SoC Common Code +# +# CONFIG_SOC_INTEL_COMMON_SPI_FLASH_PROTECT is not set CONFIG_MRC_SETTINGS_CACHE_BASE=0xfffe0000 CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000 CONFIG_MRC_SETTINGS_PROTECT=y +# CONFIG_HAS_RECOVERY_MRC_CACHE is not set +# CONFIG_MRC_CLEAR_NORMAL_CACHE_ON_RECOVERY_RETRAIN is not set # CONFIG_DISPLAY_MTRRS is not set # CONFIG_DISPLAY_SMM_MEMORY_MAP is not set CONFIG_SOC_INTEL_COMMON_ACPI_WAKE_SOURCE=y # CONFIG_ACPI_CONSOLE is not set # CONFIG_SOC_INTEL_COMMON_LPSS_I2C is not set -# CONFIG_MMA is not set # CONFIG_ADD_VBT_DATA_FILE is not set # CONFIG_SOC_INTEL_COMMON_GFX_OPREGION is not set # CONFIG_SOC_INTEL_COMMON_SMI is not set # CONFIG_SOC_INTEL_COMMON_ACPI is not set # CONFIG_SOC_INTEL_COMMON_NHLT is not set CONFIG_RAMTOP=0x200000 -CONFIG_HEAP_SIZE=0x4000 CONFIG_CONSOLE_CBMEM=y CONFIG_UART_PCI_ADDR=0x0 +# CONFIG_SOC_INTEL_KABYLAKE is not set +# CONFIG_SOC_LOWRISC_LOWRISC is not set # CONFIG_SOC_MARVELL_ARMADA38X is not set # CONFIG_SOC_MARVELL_BG4CD is not set # CONFIG_SOC_MARVELL_MVMAP2315 is not set @@ -247,9 +251,13 @@ CONFIG_SSE2=y CONFIG_CPU_INTEL_FIRMWARE_INTERFACE_TABLE=y CONFIG_CPU_INTEL_NUM_FIT_ENTRIES=4 # CONFIG_CPU_INTEL_TURBO_NOT_PACKAGE_SCOPED is not set +CONFIG_CPU_INTEL_COMMON=y +CONFIG_ENABLE_VMX=y +CONFIG_SET_VMX_LOCK_BIT=y # CONFIG_CPU_TI_AM335X is not set # CONFIG_PARALLEL_CPU_INIT is not set CONFIG_PARALLEL_MP=y +# CONFIG_PARALLEL_MP_AP_WORK is not set # CONFIG_UDELAY_IO is not set # CONFIG_UDELAY_LAPIC is not set CONFIG_UDELAY_TSC=y @@ -269,6 +277,7 @@ CONFIG_SMM_MODULE_HEAP_SIZE=0x4000 # CONFIG_MIRROR_PAYLOAD_TO_RAM_BEFORE_LOADING is not set # CONFIG_SOC_SETS_MSRS is not set CONFIG_CACHE_AS_RAM=y +# CONFIG_NO_CAR_GLOBAL_MIGRATION is not set CONFIG_SMP=y CONFIG_AP_SIPI_VECTOR=0xfffff000 CONFIG_SUPPORT_CPU_UCODE_IN_CBFS=y @@ -284,6 +293,7 @@ CONFIG_CPU_UCODE_BINARIES="" # # CONFIG_NORTHBRIDGE_AMD_AGESA is not set # CONFIG_S3_VGA_ROM_RUN is not set +# CONFIG_NO_MMCONF_SUPPORT is not set # CONFIG_AMD_NB_CIMX is not set # CONFIG_NORTHBRIDGE_AMD_CIMX_RD890 is not set CONFIG_VIDEO_MB=0 @@ -301,8 +311,6 @@ CONFIG_MAX_PIRQ_LINKS=4 # CONFIG_SOUTHBRIDGE_AMD_CIMX_SB900 is not set # CONFIG_SOUTHBRIDGE_INTEL_COMMON is not set # CONFIG_SOUTHBRIDGE_INTEL_COMMON_GPIO is not set -CONFIG_IFD_BIN_PATH="3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin" -CONFIG_ME_BIN_PATH="3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin" # CONFIG_LOCK_MANAGEMENT_ENGINE is not set # @@ -320,12 +328,14 @@ CONFIG_HAVE_INTEL_FIRMWARE=y # Intel Firmware # # CONFIG_EM100 is not set -CONFIG_VBOOT_VBNV_OFFSET=0x26 -# CONFIG_VBOOT_VBNV_CMOS is not set -# CONFIG_VBOOT_VBNV_EC is not set -# CONFIG_VBOOT_VBNV_FLASH is not set -# CONFIG_VBOOT is not set +CONFIG_CHECK_ME=y +# CONFIG_USE_ME_CLEANER is not set + +# +# Verified Boot (vboot) +# # CONFIG_MAINBOARD_HAS_CHROMEOS is not set +# CONFIG_GOOGLE_SMBIOS_MAINBOARD_VERSION is not set # CONFIG_UEFI_2_4_BINDING is not set # CONFIG_UDK_2015_BINDING is not set # CONFIG_USE_SIEMENS_HWILIB is not set @@ -391,12 +401,14 @@ CONFIG_ARCH_RAMSTAGE_X86_32=y CONFIG_PC80_SYSTEM=y # CONFIG_BOOTBLOCK_DEBUG_SPINLOOP is not set # CONFIG_BOOTBLOCK_SAVE_BIST_AND_TIMESTAMP is not set -# CONFIG_HAVE_CMOS_DEFAULT is not set CONFIG_IOAPIC_INTERRUPTS_ON_FSB=y # CONFIG_IOAPIC_INTERRUPTS_ON_APIC_SERIAL_BUS is not set # CONFIG_POSTCAR_STAGE is not set # CONFIG_VERSTAGE_DEBUG_SPINLOOP is not set # CONFIG_ROMSTAGE_DEBUG_SPINLOOP is not set +CONFIG_BOOTBLOCK_SIMPLE=y +# CONFIG_BOOTBLOCK_NORMAL is not set +CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c" # # Devices @@ -404,6 +416,7 @@ CONFIG_IOAPIC_INTERRUPTS_ON_FSB=y # CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT is not set CONFIG_NATIVE_VGA_INIT_USE_EDID=y # CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT_TEXTMODECFG is not set +# CONFIG_MAINBOARD_HAS_LIBGFXINIT is not set CONFIG_VGA_ROM_RUN=y # CONFIG_ALWAYS_LOAD_OPROM is not set # CONFIG_ON_DEVICE_ROM_LOAD is not set @@ -411,18 +424,18 @@ CONFIG_PCI_OPTION_ROM_RUN_REALMODE=y # CONFIG_PCI_OPTION_ROM_RUN_YABEL is not set # CONFIG_MULTIPLE_VGA_ADAPTERS is not set # CONFIG_SMBUS_HAS_AUX_CHANNELS is not set -# CONFIG_SPD_CACHE is not set CONFIG_PCI=y +CONFIG_MMCONF_SUPPORT=y # CONFIG_HYPERTRANSPORT_PLUGIN_SUPPORT is not set CONFIG_PCIX_PLUGIN_SUPPORT=y -CONFIG_PCIEXP_PLUGIN_SUPPORT=y CONFIG_CARDBUS_PLUGIN_SUPPORT=y # CONFIG_AZALIA_PLUGIN_SUPPORT is not set +CONFIG_PCIEXP_PLUGIN_SUPPORT=y CONFIG_PCIEXP_COMMON_CLOCK=y CONFIG_PCIEXP_ASPM=y CONFIG_PCIEXP_CLK_PM=y -# CONFIG_EARLY_PCI_BRIDGE is not set CONFIG_PCIEXP_L1_SUB_STATE=y +# CONFIG_EARLY_PCI_BRIDGE is not set CONFIG_SUBSYSTEM_VENDOR_ID=0x0000 CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 # CONFIG_SOFTWARE_I2C is not set @@ -473,11 +486,9 @@ CONFIG_FRAMEBUFFER_KEEP_VESA_MODE=y # CONFIG_IPMI_KCS is not set # CONFIG_DRIVERS_LENOVO_WACOM is not set # CONFIG_DRIVERS_LENOVO_HYBRID_GRAPHICS is not set -# CONFIG_REALTEK_8168_RESET is not set CONFIG_SPI_FLASH=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y # CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY is not set -CONFIG_SPI_ATOMIC_SEQUENCING=y # CONFIG_SPI_FLASH_SMM is not set # CONFIG_SPI_FLASH_NO_FAST_READ is not set CONFIG_SPI_FLASH_ADESTO=y @@ -491,7 +502,9 @@ CONFIG_SPI_FLASH_SST=y CONFIG_SPI_FLASH_STMICRO=y CONFIG_SPI_FLASH_WINBOND=y # CONFIG_SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B is not set +# CONFIG_SPI_FLASH_HAS_VOLATILE_GROUP is not set CONFIG_HAVE_SPI_CONSOLE_SUPPORT=y +# CONFIG_DRIVERS_STORAGE is not set # CONFIG_DRIVERS_UART is not set # CONFIG_NO_UART_ON_SUPERIO is not set # CONFIG_UART_OVERRIDE_INPUT_CLOCK_DIVIDER is not set @@ -505,17 +518,21 @@ CONFIG_HAVE_SPI_CONSOLE_SUPPORT=y CONFIG_HAVE_USBDEBUG=y # CONFIG_HAVE_USBDEBUG_OPTIONS is not set # CONFIG_SMBIOS_PROVIDED_BY_MOBO is not set +# CONFIG_DRIVERS_I2C_MAX98927 is not set # CONFIG_DRIVERS_I2C_PCF8523 is not set # CONFIG_DRIVERS_I2C_RTD2132 is not set +# CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL is not set # CONFIG_MAINBOARD_HAS_I2C_TPM_CR50 is not set -# CONFIG_DRIVER_I2C_TPM_ACPI is not set # CONFIG_INTEL_DP is not set # CONFIG_INTEL_DDI is not set # CONFIG_INTEL_EDID is not set CONFIG_INTEL_INT15=y # CONFIG_INTEL_GMA_ACPI is not set +# CONFIG_INTEL_GMA_SSC_ALTERNATE_REF is not set # CONFIG_DRIVER_INTEL_I210 is not set +# CONFIG_DRIVERS_INTEL_MIPI_CAMERA is not set # CONFIG_DRIVERS_INTEL_WIFI is not set +# CONFIG_USE_SAR is not set # CONFIG_DRIVER_MAXIM_MAX77686 is not set # CONFIG_DRIVER_PARADE_PS8625 is not set # CONFIG_DRIVER_PARADE_PS8640 is not set @@ -524,6 +541,7 @@ CONFIG_DRIVERS_MC146818=y # CONFIG_DRIVERS_RICOH_RCE822 is not set # CONFIG_DRIVER_SIEMENS_NC_FPGA is not set # CONFIG_DRIVERS_SIL_3114 is not set +# CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set # CONFIG_DRIVER_TI_TPS65090 is not set # CONFIG_DRIVERS_TI_TPS65913 is not set # CONFIG_DRIVERS_TI_TPS65913_RTC is not set @@ -536,9 +554,8 @@ CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y CONFIG_BOOT_DEVICE_SUPPORTS_WRITES=y CONFIG_RTC=y # CONFIG_TPM is not set +# CONFIG_MAINBOARD_HAS_TPM_CR50 is not set CONFIG_STACK_SIZE=0x1000 -CONFIG_MMCONF_SUPPORT_DEFAULT=y -CONFIG_MMCONF_SUPPORT=y # # Console @@ -559,7 +576,9 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set # CONFIG_NO_EARLY_BOOTBLOCK_POSTCODES is not set +CONFIG_HWBASE_DEBUG_CB=y CONFIG_HAVE_ACPI_RESUME=y +# CONFIG_ACPI_HUGE_LOWMEM_BACKUP is not set CONFIG_RESUME_PATH_SAME_AS_BOOT=y CONFIG_HAVE_HARD_RESET=y # CONFIG_HAVE_ROMSTAGE_CONSOLE_SPINLOCK is not set @@ -633,6 +652,7 @@ CONFIG_MEMTEST_STABLE=y # CONFIG_DEBUG_SPI_FLASH is not set # CONFIG_TRACE is not set # CONFIG_DEBUG_BOOT_STATE is not set +# CONFIG_DEBUG_ADA_CODE is not set # CONFIG_ENABLE_APIC_EXT_ID is not set CONFIG_WARNINGS_ARE_ERRORS=y # CONFIG_POWER_BUTTON_DEFAULT_ENABLE is not set @@ -643,3 +663,13 @@ CONFIG_WARNINGS_ARE_ERRORS=y CONFIG_REG_SCRIPT=y # CONFIG_CREATE_BOARD_CHECKLIST is not set # CONFIG_MAKE_CHECKLIST_PUBLIC is not set +# CONFIG_RAMSTAGE_ADA is not set +# CONFIG_RAMSTAGE_LIBHWBASE is not set +CONFIG_HWBASE_DYNAMIC_MMIO=y +# CONFIG_NO_XIP_EARLY_STAGES is not set +CONFIG_EARLY_CBMEM_INIT=y +# CONFIG_EARLY_CBMEM_LIST is not set +CONFIG_RELOCATABLE_MODULES=y +# CONFIG_BOARD_ID_AUTO is not set +# CONFIG_BOARD_ID_MANUAL is not set +CONFIG_BOOTBLOCK_CUSTOM=y diff --git a/config/coreboot-qemu.config b/config/coreboot-qemu.config index 8a5e63ef..00830d8f 100644 --- a/config/coreboot-qemu.config +++ b/config/coreboot-qemu.config @@ -6,6 +6,7 @@ # # General setup # +CONFIG_COREBOOT_BUILD=y CONFIG_LOCALVERSION="-heads" CONFIG_CBFS_PREFIX="fallback" CONFIG_COMPILER_GCC=y @@ -13,34 +14,23 @@ CONFIG_COMPILER_GCC=y # CONFIG_ANY_TOOLCHAIN is not set # CONFIG_CCACHE is not set # CONFIG_FMD_GENPARSER is not set -# CONFIG_SCONFIG_GENPARSER is not set -# CONFIG_UNCOMPRESSED_RAMSTAGE is not set +# CONFIG_UTIL_GENPARSER is not set CONFIG_COMPRESS_RAMSTAGE=y # CONFIG_INCLUDE_CONFIG_FILE is not set -# CONFIG_NO_XIP_EARLY_STAGES is not set -CONFIG_EARLY_CBMEM_INIT=y -# CONFIG_EARLY_CBMEM_LIST is not set CONFIG_COLLECT_TIMESTAMPS=y # CONFIG_USE_BLOBS is not set # CONFIG_COVERAGE is not set -# CONFIG_RELOCATABLE_MODULES is not set # CONFIG_RELOCATABLE_RAMSTAGE is not set -# CONFIG_NO_STAGE_CACHE is not set -CONFIG_BOOTBLOCK_SIMPLE=y -# CONFIG_BOOTBLOCK_NORMAL is not set -CONFIG_BOOTBLOCK_CUSTOM=y -CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c" -# CONFIG_C_ENVIRONMENT_BOOTBLOCK is not set # CONFIG_UPDATE_IMAGE is not set -# CONFIG_GENERIC_GPIO_LIB is not set -# CONFIG_BOARD_ID_AUTO is not set -# CONFIG_BOARD_ID_MANUAL is not set -# CONFIG_RAM_CODE_SUPPORT is not set # CONFIG_BOOTSPLASH_IMAGE is not set # # Mainboard # + +# +# Important: Run 'make distclean' before switching boards +# # CONFIG_VENDOR_A_TREND is not set # CONFIG_VENDOR_AAEON is not set # CONFIG_VENDOR_ABIT is not set @@ -85,6 +75,7 @@ CONFIG_VENDOR_EMULATION=y # CONFIG_VENDOR_LENOVO is not set # CONFIG_VENDOR_LINUTOP is not set # CONFIG_VENDOR_LIPPERT is not set +# CONFIG_VENDOR_LOWRISC is not set # CONFIG_VENDOR_MITAC is not set # CONFIG_VENDOR_MSI is not set # CONFIG_VENDOR_NEC is not set @@ -96,6 +87,7 @@ CONFIG_VENDOR_EMULATION=y # CONFIG_VENDOR_RCA is not set # CONFIG_VENDOR_RODA is not set # CONFIG_VENDOR_SAMSUNG is not set +# CONFIG_VENDOR_SAPPHIRE is not set # CONFIG_VENDOR_SIEMENS is not set # CONFIG_VENDOR_SOYO is not set # CONFIG_VENDOR_SUNW is not set @@ -115,14 +107,18 @@ CONFIG_MAINBOARD_VENDOR="Emulation" CONFIG_MAX_CPUS=1 CONFIG_CACHE_ROM_SIZE_OVERRIDE=0x0 CONFIG_CBFS_SIZE=0x800000 +CONFIG_VGA_BIOS_ID="1106,3344" # CONFIG_ONBOARD_VGA_IS_PRIMARY is not set +CONFIG_DIMM_SPD_SIZE=256 # CONFIG_VGA_BIOS is not set CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" CONFIG_DCACHE_RAM_BASE=0xd0000 CONFIG_DCACHE_RAM_SIZE=0x10000 CONFIG_MMCONF_BASE_ADDRESS=0xb0000000 CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Emulation" +# CONFIG_HAVE_IFD_BIN is not set # CONFIG_POST_IO is not set +CONFIG_DEVICETREE="devicetree.cb" CONFIG_BOOTBLOCK_MAINBOARD_INIT="mainboard/emulation/qemu-q35/bootblock.c" CONFIG_MAX_REBOOT_CNT=3 CONFIG_MAINBOARD_DO_NATIVE_VGA_INIT=y @@ -135,16 +131,17 @@ CONFIG_BOARD_EMULATION_QEMU_X86_Q35=y # CONFIG_BOARD_EMULATION_SPIKE_UCB_RISCV is not set CONFIG_BOARD_EMULATION_QEMU_X86=y # CONFIG_POST_DEVICE is not set -CONFIG_DRIVERS_PS2_KEYBOARD=y -CONFIG_DEVICETREE="devicetree.cb" -# CONFIG_CONSOLE_POST is not set +# CONFIG_VBOOT is not set +CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00 CONFIG_DRIVERS_UART_8250IO=y +CONFIG_FMDFILE="" CONFIG_CPU_ADDR_BITS=36 CONFIG_DEFAULT_CONSOLE_LOGLEVEL=4 # CONFIG_USBDEBUG is not set CONFIG_MAINBOARD_VERSION="1.0" +CONFIG_DRIVERS_PS2_KEYBOARD=y # CONFIG_NO_POST is not set -CONFIG_BOARD_ROMSIZE_KB_256=y +CONFIG_BOARD_ROMSIZE_KB_2048=y # CONFIG_COREBOOT_ROMSIZE_KB_64 is not set # CONFIG_COREBOOT_ROMSIZE_KB_128 is not set # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set @@ -159,7 +156,6 @@ CONFIG_COREBOOT_ROMSIZE_KB_12288=y # CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set CONFIG_COREBOOT_ROMSIZE_KB=12288 CONFIG_ROM_SIZE=0xc00000 -CONFIG_FMDFILE="" # CONFIG_MAINBOARD_HAS_TPM2 is not set # CONFIG_SYSTEM_TYPE_LAPTOP is not set # CONFIG_CBFS_AUTOGEN_ATTRIBUTES is not set @@ -176,13 +172,16 @@ CONFIG_C_ENV_BOOTBLOCK_SIZE=0x10000 CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y CONFIG_ROMSTAGE_ADDR=0x2000000 CONFIG_VERSTAGE_ADDR=0x2000000 +CONFIG_HEAP_SIZE=0x4000 +# CONFIG_BUILD_WITH_FAKE_IFD is not set CONFIG_BOOTBLOCK_SOUTHBRIDGE_INIT="southbridge/intel/i82801ix/bootblock.c" CONFIG_EHCI_BAR=0xfef00000 CONFIG_RAMTOP=0x200000 -CONFIG_HEAP_SIZE=0x4000 CONFIG_CONSOLE_CBMEM=y CONFIG_UART_PCI_ADDR=0 CONFIG_HPET_MIN_TICKS=0x80 +# CONFIG_SOC_INTEL_KABYLAKE is not set +# CONFIG_SOC_LOWRISC_LOWRISC is not set # CONFIG_SOC_MARVELL_ARMADA38X is not set # CONFIG_SOC_MARVELL_BG4CD is not set # CONFIG_SOC_MARVELL_MVMAP2315 is not set @@ -229,6 +228,7 @@ CONFIG_LOGICAL_CPUS=y # CONFIG_MIRROR_PAYLOAD_TO_RAM_BEFORE_LOADING is not set # CONFIG_SOC_SETS_MSRS is not set CONFIG_CACHE_AS_RAM=y +# CONFIG_NO_CAR_GLOBAL_MIGRATION is not set CONFIG_SMP=y CONFIG_AP_SIPI_VECTOR=0xfffff000 # CONFIG_SUPPORT_CPU_UCODE_IN_CBFS is not set @@ -243,6 +243,7 @@ CONFIG_CPU_UCODE_BINARIES="" # Northbridge # # CONFIG_NORTHBRIDGE_AMD_AGESA is not set +# CONFIG_NO_MMCONF_SUPPORT is not set # CONFIG_AMD_NB_CIMX is not set # CONFIG_NORTHBRIDGE_AMD_CIMX_RD890 is not set CONFIG_VIDEO_MB=0 @@ -261,6 +262,7 @@ CONFIG_MAX_PIRQ_LINKS=4 CONFIG_SOUTHBRIDGE_INTEL_COMMON=y CONFIG_SOUTHBRIDGE_INTEL_COMMON_GPIO=y CONFIG_SOUTHBRIDGE_INTEL_I82801IX=y +# CONFIG_LOCK_MANAGEMENT_ENGINE is not set # # Super I/O @@ -270,11 +272,17 @@ CONFIG_SOUTHBRIDGE_INTEL_I82801IX=y # # Embedded Controllers # -CONFIG_VBOOT_VBNV_OFFSET=0x26 -# CONFIG_VBOOT_VBNV_CMOS is not set -# CONFIG_VBOOT_VBNV_EC is not set -# CONFIG_VBOOT is not set +CONFIG_HAVE_INTEL_FIRMWARE=y + +# +# Intel Firmware +# + +# +# Verified Boot (vboot) +# # CONFIG_MAINBOARD_HAS_CHROMEOS is not set +# CONFIG_GOOGLE_SMBIOS_MAINBOARD_VERSION is not set # CONFIG_UEFI_2_4_BINDING is not set # CONFIG_UDK_2015_BINDING is not set # CONFIG_USE_SIEMENS_HWILIB is not set @@ -340,11 +348,13 @@ CONFIG_ARCH_RAMSTAGE_X86_32=y CONFIG_PC80_SYSTEM=y # CONFIG_BOOTBLOCK_DEBUG_SPINLOOP is not set # CONFIG_BOOTBLOCK_SAVE_BIST_AND_TIMESTAMP is not set -# CONFIG_HAVE_CMOS_DEFAULT is not set CONFIG_IOAPIC_INTERRUPTS_ON_APIC_SERIAL_BUS=y # CONFIG_POSTCAR_STAGE is not set # CONFIG_VERSTAGE_DEBUG_SPINLOOP is not set # CONFIG_ROMSTAGE_DEBUG_SPINLOOP is not set +CONFIG_BOOTBLOCK_SIMPLE=y +# CONFIG_BOOTBLOCK_NORMAL is not set +CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c" # # Devices @@ -352,21 +362,22 @@ CONFIG_IOAPIC_INTERRUPTS_ON_APIC_SERIAL_BUS=y CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT=y CONFIG_NATIVE_VGA_INIT_USE_EDID=y CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT_TEXTMODECFG=y +# CONFIG_MAINBOARD_HAS_LIBGFXINIT is not set # CONFIG_ON_DEVICE_ROM_LOAD is not set # CONFIG_MULTIPLE_VGA_ADAPTERS is not set # CONFIG_SMBUS_HAS_AUX_CHANNELS is not set -# CONFIG_SPD_CACHE is not set CONFIG_PCI=y +CONFIG_MMCONF_SUPPORT=y # CONFIG_HYPERTRANSPORT_PLUGIN_SUPPORT is not set CONFIG_PCIX_PLUGIN_SUPPORT=y -CONFIG_PCIEXP_PLUGIN_SUPPORT=y CONFIG_CARDBUS_PLUGIN_SUPPORT=y # CONFIG_AZALIA_PLUGIN_SUPPORT is not set +CONFIG_PCIEXP_PLUGIN_SUPPORT=y CONFIG_PCIEXP_COMMON_CLOCK=y CONFIG_PCIEXP_ASPM=y # CONFIG_PCIEXP_CLK_PM is not set -# CONFIG_EARLY_PCI_BRIDGE is not set # CONFIG_PCIEXP_L1_SUB_STATE is not set +# CONFIG_EARLY_PCI_BRIDGE is not set CONFIG_SUBSYSTEM_VENDOR_ID=0x0000 CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 # CONFIG_SOFTWARE_I2C is not set @@ -384,9 +395,9 @@ CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 # CONFIG_IPMI_KCS is not set # CONFIG_DRIVERS_LENOVO_WACOM is not set # CONFIG_DRIVERS_LENOVO_HYBRID_GRAPHICS is not set -# CONFIG_REALTEK_8168_RESET is not set # CONFIG_SPI_FLASH is not set # CONFIG_HAVE_SPI_CONSOLE_SUPPORT is not set +# CONFIG_DRIVERS_STORAGE is not set # CONFIG_DRIVERS_UART is not set # CONFIG_DRIVERS_UART_8250IO_SKIP_INIT is not set # CONFIG_NO_UART_ON_SUPERIO is not set @@ -402,17 +413,21 @@ CONFIG_HAVE_USBDEBUG=y CONFIG_HAVE_USBDEBUG_OPTIONS=y CONFIG_DRIVERS_EMULATION_QEMU_BOCHS=y # CONFIG_SMBIOS_PROVIDED_BY_MOBO is not set +# CONFIG_DRIVERS_I2C_MAX98927 is not set # CONFIG_DRIVERS_I2C_PCF8523 is not set # CONFIG_DRIVERS_I2C_RTD2132 is not set +# CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL is not set # CONFIG_MAINBOARD_HAS_I2C_TPM_CR50 is not set -# CONFIG_DRIVER_I2C_TPM_ACPI is not set # CONFIG_INTEL_DP is not set # CONFIG_INTEL_DDI is not set # CONFIG_INTEL_EDID is not set # CONFIG_INTEL_INT15 is not set # CONFIG_INTEL_GMA_ACPI is not set +# CONFIG_INTEL_GMA_SSC_ALTERNATE_REF is not set # CONFIG_DRIVER_INTEL_I210 is not set +# CONFIG_DRIVERS_INTEL_MIPI_CAMERA is not set CONFIG_DRIVERS_INTEL_WIFI=y +# CONFIG_USE_SAR is not set # CONFIG_DRIVER_MAXIM_MAX77686 is not set # CONFIG_DRIVER_PARADE_PS8625 is not set # CONFIG_DRIVER_PARADE_PS8640 is not set @@ -421,6 +436,7 @@ CONFIG_DRIVERS_MC146818=y # CONFIG_DRIVERS_RICOH_RCE822 is not set # CONFIG_DRIVER_SIEMENS_NC_FPGA is not set # CONFIG_DRIVERS_SIL_3114 is not set +# CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set # CONFIG_DRIVER_TI_TPS65090 is not set # CONFIG_DRIVERS_TI_TPS65913 is not set # CONFIG_DRIVERS_TI_TPS65913_RTC is not set @@ -433,9 +449,8 @@ CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y # CONFIG_BOOT_DEVICE_SUPPORTS_WRITES is not set # CONFIG_RTC is not set # CONFIG_TPM is not set +# CONFIG_MAINBOARD_HAS_TPM_CR50 is not set CONFIG_STACK_SIZE=0x1000 -CONFIG_MMCONF_SUPPORT_DEFAULT=y -CONFIG_MMCONF_SUPPORT=y # # Console @@ -458,8 +473,12 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_4=y # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set # CONFIG_CMOS_POST is not set +# CONFIG_CONSOLE_POST is not set # CONFIG_NO_EARLY_BOOTBLOCK_POSTCODES is not set +# CONFIG_HWBASE_DEBUG_CB is not set +CONFIG_HWBASE_DEBUG_NULL=y # CONFIG_HAVE_ACPI_RESUME is not set +# CONFIG_ACPI_HUGE_LOWMEM_BACKUP is not set CONFIG_HAVE_HARD_RESET=y # CONFIG_HAVE_ROMSTAGE_CONSOLE_SPINLOCK is not set # CONFIG_HAVE_ROMSTAGE_NVRAM_CBFS_SPINLOCK is not set @@ -526,6 +545,7 @@ CONFIG_LINUX_INITRD="./initrd.cpio.xz" # CONFIG_DEBUG_ACPI is not set # CONFIG_TRACE is not set # CONFIG_DEBUG_BOOT_STATE is not set +# CONFIG_DEBUG_ADA_CODE is not set # CONFIG_ENABLE_APIC_EXT_ID is not set CONFIG_WARNINGS_ARE_ERRORS=y # CONFIG_POWER_BUTTON_DEFAULT_ENABLE is not set @@ -536,3 +556,12 @@ CONFIG_WARNINGS_ARE_ERRORS=y # CONFIG_REG_SCRIPT is not set # CONFIG_CREATE_BOARD_CHECKLIST is not set # CONFIG_MAKE_CHECKLIST_PUBLIC is not set +# CONFIG_RAMSTAGE_ADA is not set +# CONFIG_RAMSTAGE_LIBHWBASE is not set +CONFIG_HWBASE_DYNAMIC_MMIO=y +# CONFIG_NO_XIP_EARLY_STAGES is not set +CONFIG_EARLY_CBMEM_INIT=y +# CONFIG_EARLY_CBMEM_LIST is not set +# CONFIG_BOARD_ID_AUTO is not set +# CONFIG_BOARD_ID_MANUAL is not set +CONFIG_BOOTBLOCK_CUSTOM=y diff --git a/config/coreboot-x220.config b/config/coreboot-x220.config index af145af5..1c5f26b2 100644 --- a/config/coreboot-x220.config +++ b/config/coreboot-x220.config @@ -6,6 +6,7 @@ # # General setup # +CONFIG_COREBOOT_BUILD=y CONFIG_LOCALVERSION="heads" CONFIG_CBFS_PREFIX="fallback" CONFIG_COMPILER_GCC=y @@ -13,36 +14,25 @@ CONFIG_COMPILER_GCC=y # CONFIG_ANY_TOOLCHAIN is not set # CONFIG_CCACHE is not set # CONFIG_FMD_GENPARSER is not set -# CONFIG_SCONFIG_GENPARSER is not set +# CONFIG_UTIL_GENPARSER is not set # CONFIG_USE_OPTION_TABLE is not set -# CONFIG_UNCOMPRESSED_RAMSTAGE is not set CONFIG_COMPRESS_RAMSTAGE=y # CONFIG_INCLUDE_CONFIG_FILE is not set -# CONFIG_NO_XIP_EARLY_STAGES is not set -CONFIG_EARLY_CBMEM_INIT=y -# CONFIG_EARLY_CBMEM_LIST is not set # CONFIG_COLLECT_TIMESTAMPS is not set CONFIG_USE_BLOBS=y # CONFIG_COVERAGE is not set -CONFIG_RELOCATABLE_MODULES=y -# CONFIG_RELOCATABLE_RAMSTAGE is not set -# CONFIG_NO_STAGE_CACHE is not set -CONFIG_BOOTBLOCK_SIMPLE=y -# CONFIG_BOOTBLOCK_NORMAL is not set -CONFIG_BOOTBLOCK_CUSTOM=y -CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c" -# CONFIG_C_ENVIRONMENT_BOOTBLOCK is not set +CONFIG_RELOCATABLE_RAMSTAGE=y # CONFIG_UPDATE_IMAGE is not set -# CONFIG_GENERIC_GPIO_LIB is not set -# CONFIG_BOARD_ID_AUTO is not set -# CONFIG_BOARD_ID_MANUAL is not set -# CONFIG_RAM_CODE_SUPPORT is not set # CONFIG_BOOTSPLASH_IMAGE is not set CONFIG_MEASURED_BOOT=y # # Mainboard # + +# +# Important: Run 'make distclean' before switching boards +# # CONFIG_VENDOR_A_TREND is not set # CONFIG_VENDOR_AAEON is not set # CONFIG_VENDOR_ABIT is not set @@ -87,6 +77,7 @@ CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_LENOVO=y # CONFIG_VENDOR_LINUTOP is not set # CONFIG_VENDOR_LIPPERT is not set +# CONFIG_VENDOR_LOWRISC is not set # CONFIG_VENDOR_MITAC is not set # CONFIG_VENDOR_MSI is not set # CONFIG_VENDOR_NEC is not set @@ -98,6 +89,7 @@ CONFIG_VENDOR_LENOVO=y # CONFIG_VENDOR_RCA is not set # CONFIG_VENDOR_RODA is not set # CONFIG_VENDOR_SAMSUNG is not set +# CONFIG_VENDOR_SAPPHIRE is not set # CONFIG_VENDOR_SIEMENS is not set # CONFIG_VENDOR_SOYO is not set # CONFIG_VENDOR_SUNW is not set @@ -119,6 +111,7 @@ CONFIG_CACHE_ROM_SIZE_OVERRIDE=0x0 CONFIG_CBFS_SIZE=0x7e8000 CONFIG_VGA_BIOS_ID="8086,0126" CONFIG_ONBOARD_VGA_IS_PRIMARY=y +CONFIG_DIMM_SPD_SIZE=256 # CONFIG_VGA_BIOS is not set CONFIG_DCACHE_RAM_BASE=0xfefe0000 CONFIG_DCACHE_RAM_SIZE=0x20000 @@ -129,18 +122,24 @@ CONFIG_MMCONF_BASE_ADDRESS=0xf8000000 CONFIG_HAVE_IFD_BIN=y CONFIG_HAVE_ME_BIN=y CONFIG_DRAM_RESET_GATE_GPIO=10 +CONFIG_DEVICETREE="devicetree.cb" CONFIG_MAX_REBOOT_CNT=3 CONFIG_MAINBOARD_DO_NATIVE_VGA_INIT=y CONFIG_ID_SECTION_OFFSET=0x80 CONFIG_USBDEBUG_HCD_INDEX=2 +# CONFIG_VBOOT is not set CONFIG_TPM_PIRQ=0x0 CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0 -CONFIG_DRIVERS_PS2_KEYBOARD=y -CONFIG_DEVICETREE="devicetree.cb" +CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00 # CONFIG_DRIVERS_UART_8250IO is not set +CONFIG_FMDFILE="" +CONFIG_IFD_BIN_PATH="../../blobs/x220/ifd.bin" +CONFIG_ME_BIN_PATH="../../blobs/x220/me.bin" CONFIG_HAVE_GBE_BIN=y # CONFIG_BOARD_LENOVO_G505S is not set +# CONFIG_BOARD_LENOVO_L520 is not set # CONFIG_BOARD_LENOVO_R400 is not set +# CONFIG_BOARD_LENOVO_S230U is not set # CONFIG_BOARD_LENOVO_T400 is not set # CONFIG_BOARD_LENOVO_T420 is not set # CONFIG_BOARD_LENOVO_T420S is not set @@ -149,6 +148,7 @@ CONFIG_HAVE_GBE_BIN=y # CONFIG_BOARD_LENOVO_T520 is not set # CONFIG_BOARD_LENOVO_T530 is not set # CONFIG_BOARD_LENOVO_T60 is not set +# CONFIG_BOARD_LENOVO_X1_CARBON_GEN1 is not set # CONFIG_BOARD_LENOVO_X200 is not set # CONFIG_BOARD_LENOVO_X201 is not set CONFIG_BOARD_LENOVO_X220=y @@ -158,6 +158,7 @@ CONFIG_BOARD_LENOVO_X220=y CONFIG_CPU_ADDR_BITS=36 CONFIG_DEFAULT_CONSOLE_LOGLEVEL=5 # CONFIG_USBDEBUG is not set +CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_NO_POST=y CONFIG_BOARD_ROMSIZE_KB_8192=y # CONFIG_COREBOOT_ROMSIZE_KB_64 is not set @@ -174,7 +175,6 @@ CONFIG_COREBOOT_ROMSIZE_KB_8192=y # CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set CONFIG_COREBOOT_ROMSIZE_KB=8192 CONFIG_ROM_SIZE=0x800000 -CONFIG_FMDFILE="" # CONFIG_MAINBOARD_HAS_TPM2 is not set CONFIG_SYSTEM_TYPE_LAPTOP=y # CONFIG_CBFS_AUTOGEN_ATTRIBUTES is not set @@ -193,6 +193,7 @@ CONFIG_C_ENV_BOOTBLOCK_SIZE=0x10000 CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y CONFIG_ROMSTAGE_ADDR=0x2000000 CONFIG_VERSTAGE_ADDR=0x2000000 +CONFIG_HEAP_SIZE=0x4000 CONFIG_SPI_FLASH_INCLUDE_ALL_DRIVERS=y CONFIG_SMM_TSEG_SIZE=0x800000 CONFIG_DCACHE_RAM_MRC_VAR_SIZE=0x0 @@ -203,10 +204,11 @@ CONFIG_CACHE_MRC_SIZE_KB=512 CONFIG_EHCI_BAR=0xfef00000 CONFIG_SERIRQ_CONTINUOUS_MODE=y CONFIG_RAMTOP=0x200000 -CONFIG_HEAP_SIZE=0x4000 CONFIG_CONSOLE_CBMEM=y CONFIG_UART_PCI_ADDR=0x0 CONFIG_HPET_MIN_TICKS=0x80 +# CONFIG_SOC_INTEL_KABYLAKE is not set +# CONFIG_SOC_LOWRISC_LOWRISC is not set # CONFIG_SOC_MARVELL_ARMADA38X is not set # CONFIG_SOC_MARVELL_BG4CD is not set # CONFIG_SOC_MARVELL_MVMAP2315 is not set @@ -226,17 +228,19 @@ CONFIG_HPET_MIN_TICKS=0x80 # # CONFIG_CPU_ALLWINNER_A10 is not set CONFIG_SOCKET_SPECIFIC_OPTIONS=y -CONFIG_XIP_ROM_SIZE=0x10000 +CONFIG_XIP_ROM_SIZE=0x20000 CONFIG_NUM_IPI_STARTS=2 # CONFIG_CPU_AMD_AGESA is not set # CONFIG_CPU_AMD_PI is not set # CONFIG_CPU_ARMLTD_CORTEX_A9 is not set CONFIG_CPU_INTEL_MODEL_206AX=y -CONFIG_ENABLE_VMX=y CONFIG_SSE2=y CONFIG_CPU_INTEL_SOCKET_RPGA989=y # CONFIG_CPU_INTEL_FIRMWARE_INTERFACE_TABLE is not set # CONFIG_CPU_INTEL_TURBO_NOT_PACKAGE_SCOPED is not set +CONFIG_CPU_INTEL_COMMON=y +CONFIG_ENABLE_VMX=y +CONFIG_SET_VMX_LOCK_BIT=y # CONFIG_CPU_TI_AM335X is not set # CONFIG_PARALLEL_CPU_INIT is not set # CONFIG_PARALLEL_MP is not set @@ -258,6 +262,7 @@ CONFIG_SMM_MODULE_HEAP_SIZE=0x4000 # CONFIG_MIRROR_PAYLOAD_TO_RAM_BEFORE_LOADING is not set # CONFIG_SOC_SETS_MSRS is not set CONFIG_CACHE_AS_RAM=y +# CONFIG_NO_CAR_GLOBAL_MIGRATION is not set CONFIG_SMP=y CONFIG_AP_SIPI_VECTOR=0xfffff000 CONFIG_MMX=y @@ -274,6 +279,7 @@ CONFIG_CPU_UCODE_BINARIES="" # Northbridge # # CONFIG_NORTHBRIDGE_AMD_AGESA is not set +# CONFIG_NO_MMCONF_SUPPORT is not set # CONFIG_AMD_NB_CIMX is not set # CONFIG_NORTHBRIDGE_AMD_CIMX_RD890 is not set CONFIG_VIDEO_MB=0 @@ -300,8 +306,6 @@ CONFIG_LOCK_SPI_ON_RESUME_RO=y # CONFIG_LOCK_SPI_ON_RESUME_NO_ACCESS is not set CONFIG_SOUTHBRIDGE_INTEL_COMMON=y CONFIG_SOUTHBRIDGE_INTEL_COMMON_GPIO=y -CONFIG_IFD_BIN_PATH="../../blobs/x220/ifd.bin" -CONFIG_ME_BIN_PATH="../../blobs/x220/me.bin" # CONFIG_LOCK_MANAGEMENT_ENGINE is not set # @@ -321,12 +325,15 @@ CONFIG_HAVE_INTEL_FIRMWARE=y # Intel Firmware # # CONFIG_EM100 is not set +CONFIG_CHECK_ME=y +# CONFIG_USE_ME_CLEANER is not set CONFIG_GBE_BIN_PATH="../../blobs/x220/gbe.bin" -CONFIG_VBOOT_VBNV_OFFSET=0x26 -# CONFIG_VBOOT_VBNV_CMOS is not set -# CONFIG_VBOOT_VBNV_EC is not set -# CONFIG_VBOOT is not set + +# +# Verified Boot (vboot) +# # CONFIG_MAINBOARD_HAS_CHROMEOS is not set +# CONFIG_GOOGLE_SMBIOS_MAINBOARD_VERSION is not set # CONFIG_UEFI_2_4_BINDING is not set # CONFIG_UDK_2015_BINDING is not set # CONFIG_USE_SIEMENS_HWILIB is not set @@ -399,6 +406,9 @@ CONFIG_IOAPIC_INTERRUPTS_ON_FSB=y # CONFIG_POSTCAR_STAGE is not set # CONFIG_VERSTAGE_DEBUG_SPINLOOP is not set # CONFIG_ROMSTAGE_DEBUG_SPINLOOP is not set +CONFIG_BOOTBLOCK_SIMPLE=y +# CONFIG_BOOTBLOCK_NORMAL is not set +CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c" # # Devices @@ -406,21 +416,22 @@ CONFIG_IOAPIC_INTERRUPTS_ON_FSB=y CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT=y CONFIG_NATIVE_VGA_INIT_USE_EDID=y CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT_TEXTMODECFG=y +# CONFIG_MAINBOARD_HAS_LIBGFXINIT is not set # CONFIG_ON_DEVICE_ROM_LOAD is not set # CONFIG_MULTIPLE_VGA_ADAPTERS is not set # CONFIG_SMBUS_HAS_AUX_CHANNELS is not set -# CONFIG_SPD_CACHE is not set CONFIG_PCI=y +CONFIG_MMCONF_SUPPORT=y # CONFIG_HYPERTRANSPORT_PLUGIN_SUPPORT is not set CONFIG_PCIX_PLUGIN_SUPPORT=y -CONFIG_PCIEXP_PLUGIN_SUPPORT=y CONFIG_CARDBUS_PLUGIN_SUPPORT=y # CONFIG_AZALIA_PLUGIN_SUPPORT is not set +CONFIG_PCIEXP_PLUGIN_SUPPORT=y CONFIG_PCIEXP_COMMON_CLOCK=y CONFIG_PCIEXP_ASPM=y # CONFIG_PCIEXP_CLK_PM is not set -# CONFIG_EARLY_PCI_BRIDGE is not set # CONFIG_PCIEXP_L1_SUB_STATE is not set +# CONFIG_EARLY_PCI_BRIDGE is not set CONFIG_SUBSYSTEM_VENDOR_ID=0x0000 CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 # CONFIG_SOFTWARE_I2C is not set @@ -438,11 +449,9 @@ CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 # CONFIG_IPMI_KCS is not set # CONFIG_DRIVERS_LENOVO_WACOM is not set # CONFIG_DRIVERS_LENOVO_HYBRID_GRAPHICS is not set -# CONFIG_REALTEK_8168_RESET is not set CONFIG_SPI_FLASH=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y # CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY is not set -CONFIG_SPI_ATOMIC_SEQUENCING=y # CONFIG_SPI_FLASH_SMM is not set # CONFIG_SPI_FLASH_NO_FAST_READ is not set CONFIG_SPI_FLASH_ADESTO=y @@ -456,7 +465,9 @@ CONFIG_SPI_FLASH_SST=y CONFIG_SPI_FLASH_STMICRO=y CONFIG_SPI_FLASH_WINBOND=y # CONFIG_SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B is not set +# CONFIG_SPI_FLASH_HAS_VOLATILE_GROUP is not set # CONFIG_HAVE_SPI_CONSOLE_SUPPORT is not set +# CONFIG_DRIVERS_STORAGE is not set # CONFIG_DRIVERS_UART is not set CONFIG_NO_UART_ON_SUPERIO=y # CONFIG_UART_OVERRIDE_INPUT_CLOCK_DIVIDER is not set @@ -470,18 +481,22 @@ CONFIG_NO_UART_ON_SUPERIO=y CONFIG_HAVE_USBDEBUG=y CONFIG_HAVE_USBDEBUG_OPTIONS=y CONFIG_SMBIOS_PROVIDED_BY_MOBO=y +# CONFIG_DRIVERS_I2C_MAX98927 is not set # CONFIG_DRIVERS_I2C_PCF8523 is not set # CONFIG_DRIVERS_I2C_RTD2132 is not set # CONFIG_I2C_TPM is not set +# CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL is not set # CONFIG_MAINBOARD_HAS_I2C_TPM_CR50 is not set -# CONFIG_DRIVER_I2C_TPM_ACPI is not set # CONFIG_INTEL_DP is not set # CONFIG_INTEL_DDI is not set CONFIG_INTEL_EDID=y CONFIG_INTEL_INT15=y CONFIG_INTEL_GMA_ACPI=y +# CONFIG_INTEL_GMA_SSC_ALTERNATE_REF is not set # CONFIG_DRIVER_INTEL_I210 is not set +# CONFIG_DRIVERS_INTEL_MIPI_CAMERA is not set CONFIG_DRIVERS_INTEL_WIFI=y +# CONFIG_USE_SAR is not set # CONFIG_DRIVER_MAXIM_MAX77686 is not set # CONFIG_DRIVER_PARADE_PS8625 is not set # CONFIG_DRIVER_PARADE_PS8640 is not set @@ -495,6 +510,7 @@ CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 CONFIG_DRIVERS_RICOH_RCE822=y # CONFIG_DRIVER_SIEMENS_NC_FPGA is not set # CONFIG_DRIVERS_SIL_3114 is not set +# CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set # CONFIG_DRIVER_TI_TPS65090 is not set # CONFIG_DRIVERS_TI_TPS65913 is not set # CONFIG_DRIVERS_TI_TPS65913_RTC is not set @@ -507,9 +523,8 @@ CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y # CONFIG_BOOT_DEVICE_SUPPORTS_WRITES is not set CONFIG_RTC=y CONFIG_TPM=y +# CONFIG_MAINBOARD_HAS_TPM_CR50 is not set CONFIG_STACK_SIZE=0x1000 -CONFIG_MMCONF_SUPPORT_DEFAULT=y -CONFIG_MMCONF_SUPPORT=y # # Console @@ -529,7 +544,10 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set # CONFIG_NO_EARLY_BOOTBLOCK_POSTCODES is not set +# CONFIG_HWBASE_DEBUG_CB is not set +CONFIG_HWBASE_DEBUG_NULL=y CONFIG_HAVE_ACPI_RESUME=y +# CONFIG_ACPI_HUGE_LOWMEM_BACKUP is not set CONFIG_RESUME_PATH_SAME_AS_BOOT=y CONFIG_HAVE_HARD_RESET=y # CONFIG_HAVE_ROMSTAGE_CONSOLE_SPINLOCK is not set @@ -601,6 +619,7 @@ CONFIG_DEBUG_SMM_RELOCATION=y # CONFIG_DEBUG_SPI_FLASH is not set # CONFIG_TRACE is not set # CONFIG_DEBUG_BOOT_STATE is not set +# CONFIG_DEBUG_ADA_CODE is not set # CONFIG_ENABLE_APIC_EXT_ID is not set CONFIG_WARNINGS_ARE_ERRORS=y # CONFIG_POWER_BUTTON_DEFAULT_ENABLE is not set @@ -611,3 +630,13 @@ CONFIG_WARNINGS_ARE_ERRORS=y # CONFIG_REG_SCRIPT is not set # CONFIG_CREATE_BOARD_CHECKLIST is not set # CONFIG_MAKE_CHECKLIST_PUBLIC is not set +# CONFIG_RAMSTAGE_ADA is not set +# CONFIG_RAMSTAGE_LIBHWBASE is not set +CONFIG_HWBASE_DYNAMIC_MMIO=y +# CONFIG_NO_XIP_EARLY_STAGES is not set +CONFIG_EARLY_CBMEM_INIT=y +# CONFIG_EARLY_CBMEM_LIST is not set +CONFIG_RELOCATABLE_MODULES=y +# CONFIG_BOARD_ID_AUTO is not set +# CONFIG_BOARD_ID_MANUAL is not set +CONFIG_BOOTBLOCK_CUSTOM=y diff --git a/config/coreboot-x230.config b/config/coreboot-x230.config index 720d0714..9d61ad8e 100644 --- a/config/coreboot-x230.config +++ b/config/coreboot-x230.config @@ -6,6 +6,7 @@ # # General setup # +CONFIG_COREBOOT_BUILD=y CONFIG_LOCALVERSION="heads" CONFIG_CBFS_PREFIX="fallback" CONFIG_COMPILER_GCC=y @@ -13,36 +14,25 @@ CONFIG_COMPILER_GCC=y # CONFIG_ANY_TOOLCHAIN is not set # CONFIG_CCACHE is not set # CONFIG_FMD_GENPARSER is not set -# CONFIG_SCONFIG_GENPARSER is not set +# CONFIG_UTIL_GENPARSER is not set # CONFIG_USE_OPTION_TABLE is not set -# CONFIG_UNCOMPRESSED_RAMSTAGE is not set CONFIG_COMPRESS_RAMSTAGE=y # CONFIG_INCLUDE_CONFIG_FILE is not set -# CONFIG_NO_XIP_EARLY_STAGES is not set -CONFIG_EARLY_CBMEM_INIT=y -# CONFIG_EARLY_CBMEM_LIST is not set # CONFIG_COLLECT_TIMESTAMPS is not set CONFIG_USE_BLOBS=y # CONFIG_COVERAGE is not set -CONFIG_RELOCATABLE_MODULES=y -# CONFIG_RELOCATABLE_RAMSTAGE is not set -# CONFIG_NO_STAGE_CACHE is not set -CONFIG_BOOTBLOCK_SIMPLE=y -# CONFIG_BOOTBLOCK_NORMAL is not set -CONFIG_BOOTBLOCK_CUSTOM=y -CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c" -# CONFIG_C_ENVIRONMENT_BOOTBLOCK is not set +CONFIG_RELOCATABLE_RAMSTAGE=y # CONFIG_UPDATE_IMAGE is not set -# CONFIG_GENERIC_GPIO_LIB is not set -# CONFIG_BOARD_ID_AUTO is not set -# CONFIG_BOARD_ID_MANUAL is not set -# CONFIG_RAM_CODE_SUPPORT is not set # CONFIG_BOOTSPLASH_IMAGE is not set CONFIG_MEASURED_BOOT=y # # Mainboard # + +# +# Important: Run 'make distclean' before switching boards +# # CONFIG_VENDOR_A_TREND is not set # CONFIG_VENDOR_AAEON is not set # CONFIG_VENDOR_ABIT is not set @@ -87,6 +77,7 @@ CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_LENOVO=y # CONFIG_VENDOR_LINUTOP is not set # CONFIG_VENDOR_LIPPERT is not set +# CONFIG_VENDOR_LOWRISC is not set # CONFIG_VENDOR_MITAC is not set # CONFIG_VENDOR_MSI is not set # CONFIG_VENDOR_NEC is not set @@ -98,6 +89,7 @@ CONFIG_VENDOR_LENOVO=y # CONFIG_VENDOR_RCA is not set # CONFIG_VENDOR_RODA is not set # CONFIG_VENDOR_SAMSUNG is not set +# CONFIG_VENDOR_SAPPHIRE is not set # CONFIG_VENDOR_SIEMENS is not set # CONFIG_VENDOR_SOYO is not set # CONFIG_VENDOR_SUNW is not set @@ -119,6 +111,7 @@ CONFIG_CACHE_ROM_SIZE_OVERRIDE=0x0 CONFIG_CBFS_SIZE=0x700000 CONFIG_VGA_BIOS_ID="8086,0166" # CONFIG_ONBOARD_VGA_IS_PRIMARY is not set +CONFIG_DIMM_SPD_SIZE=256 # CONFIG_VGA_BIOS is not set CONFIG_DCACHE_RAM_BASE=0xfefe0000 CONFIG_DCACHE_RAM_SIZE=0x20000 @@ -130,6 +123,7 @@ CONFIG_MMCONF_BASE_ADDRESS=0xf8000000 # CONFIG_HAVE_ME_BIN is not set CONFIG_DRAM_RESET_GATE_GPIO=10 # CONFIG_POST_IO is not set +CONFIG_DEVICETREE="devicetree.cb" CONFIG_MAX_REBOOT_CNT=3 CONFIG_MAINBOARD_DO_NATIVE_VGA_INIT=y CONFIG_ID_SECTION_OFFSET=0x80 @@ -137,15 +131,17 @@ CONFIG_ID_SECTION_OFFSET=0x80 CONFIG_USBDEBUG_HCD_INDEX=2 CONFIG_IFD_BIOS_SECTION="" CONFIG_IFD_ME_SECTION="" +# CONFIG_VBOOT is not set CONFIG_TPM_PIRQ=0x0 CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0 -CONFIG_DRIVERS_PS2_KEYBOARD=y -CONFIG_DEVICETREE="devicetree.cb" -# CONFIG_CONSOLE_POST is not set +CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00 CONFIG_DRIVERS_UART_8250IO=y +CONFIG_FMDFILE="" CONFIG_IFD_GBE_SECTION="" # CONFIG_BOARD_LENOVO_G505S is not set +# CONFIG_BOARD_LENOVO_L520 is not set # CONFIG_BOARD_LENOVO_R400 is not set +# CONFIG_BOARD_LENOVO_S230U is not set # CONFIG_BOARD_LENOVO_T400 is not set # CONFIG_BOARD_LENOVO_T420 is not set # CONFIG_BOARD_LENOVO_T420S is not set @@ -154,6 +150,7 @@ CONFIG_IFD_GBE_SECTION="" # CONFIG_BOARD_LENOVO_T520 is not set # CONFIG_BOARD_LENOVO_T530 is not set # CONFIG_BOARD_LENOVO_T60 is not set +# CONFIG_BOARD_LENOVO_X1_CARBON_GEN1 is not set # CONFIG_BOARD_LENOVO_X200 is not set # CONFIG_BOARD_LENOVO_X201 is not set # CONFIG_BOARD_LENOVO_X220 is not set @@ -163,6 +160,7 @@ CONFIG_BOARD_LENOVO_X230=y CONFIG_CPU_ADDR_BITS=36 CONFIG_DEFAULT_CONSOLE_LOGLEVEL=5 # CONFIG_USBDEBUG is not set +CONFIG_DRIVERS_PS2_KEYBOARD=y # CONFIG_NO_POST is not set CONFIG_BOARD_ROMSIZE_KB_12288=y # CONFIG_COREBOOT_ROMSIZE_KB_64 is not set @@ -179,7 +177,6 @@ CONFIG_COREBOOT_ROMSIZE_KB_12288=y # CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set CONFIG_COREBOOT_ROMSIZE_KB=12288 CONFIG_ROM_SIZE=0xc00000 -CONFIG_FMDFILE="" # CONFIG_MAINBOARD_HAS_TPM2 is not set CONFIG_SYSTEM_TYPE_LAPTOP=y # CONFIG_CBFS_AUTOGEN_ATTRIBUTES is not set @@ -198,6 +195,7 @@ CONFIG_C_ENV_BOOTBLOCK_SIZE=0x10000 CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y CONFIG_ROMSTAGE_ADDR=0x2000000 CONFIG_VERSTAGE_ADDR=0x2000000 +CONFIG_HEAP_SIZE=0x4000 CONFIG_SPI_FLASH_INCLUDE_ALL_DRIVERS=y CONFIG_SMM_TSEG_SIZE=0x800000 CONFIG_DCACHE_RAM_MRC_VAR_SIZE=0x0 @@ -208,10 +206,11 @@ CONFIG_CACHE_MRC_SIZE_KB=512 CONFIG_EHCI_BAR=0xfef00000 CONFIG_SERIRQ_CONTINUOUS_MODE=y CONFIG_RAMTOP=0x200000 -CONFIG_HEAP_SIZE=0x4000 CONFIG_CONSOLE_CBMEM=y CONFIG_UART_PCI_ADDR=0 CONFIG_HPET_MIN_TICKS=0x80 +# CONFIG_SOC_INTEL_KABYLAKE is not set +# CONFIG_SOC_LOWRISC_LOWRISC is not set # CONFIG_SOC_MARVELL_ARMADA38X is not set # CONFIG_SOC_MARVELL_BG4CD is not set # CONFIG_SOC_MARVELL_MVMAP2315 is not set @@ -231,17 +230,19 @@ CONFIG_HPET_MIN_TICKS=0x80 # # CONFIG_CPU_ALLWINNER_A10 is not set CONFIG_SOCKET_SPECIFIC_OPTIONS=y -CONFIG_XIP_ROM_SIZE=0x10000 +CONFIG_XIP_ROM_SIZE=0x20000 CONFIG_NUM_IPI_STARTS=2 # CONFIG_CPU_AMD_AGESA is not set # CONFIG_CPU_AMD_PI is not set # CONFIG_CPU_ARMLTD_CORTEX_A9 is not set CONFIG_CPU_INTEL_MODEL_306AX=y -CONFIG_ENABLE_VMX=y CONFIG_SSE2=y CONFIG_CPU_INTEL_SOCKET_RPGA989=y # CONFIG_CPU_INTEL_FIRMWARE_INTERFACE_TABLE is not set # CONFIG_CPU_INTEL_TURBO_NOT_PACKAGE_SCOPED is not set +CONFIG_CPU_INTEL_COMMON=y +CONFIG_ENABLE_VMX=y +CONFIG_SET_VMX_LOCK_BIT=y # CONFIG_CPU_TI_AM335X is not set # CONFIG_PARALLEL_CPU_INIT is not set # CONFIG_PARALLEL_MP is not set @@ -263,6 +264,7 @@ CONFIG_SMM_MODULE_HEAP_SIZE=0x4000 # CONFIG_MIRROR_PAYLOAD_TO_RAM_BEFORE_LOADING is not set # CONFIG_SOC_SETS_MSRS is not set CONFIG_CACHE_AS_RAM=y +# CONFIG_NO_CAR_GLOBAL_MIGRATION is not set CONFIG_SMP=y CONFIG_AP_SIPI_VECTOR=0xfffff000 CONFIG_MMX=y @@ -279,6 +281,7 @@ CONFIG_CPU_UCODE_BINARIES="" # Northbridge # # CONFIG_NORTHBRIDGE_AMD_AGESA is not set +# CONFIG_NO_MMCONF_SUPPORT is not set # CONFIG_AMD_NB_CIMX is not set # CONFIG_NORTHBRIDGE_AMD_CIMX_RD890 is not set CONFIG_VIDEO_MB=0 @@ -305,6 +308,7 @@ CONFIG_LOCK_SPI_ON_RESUME_RO=y # CONFIG_LOCK_SPI_ON_RESUME_NO_ACCESS is not set CONFIG_SOUTHBRIDGE_INTEL_COMMON=y CONFIG_SOUTHBRIDGE_INTEL_COMMON_GPIO=y +# CONFIG_LOCK_MANAGEMENT_ENGINE is not set # # Super I/O @@ -323,11 +327,12 @@ CONFIG_HAVE_INTEL_FIRMWARE=y # Intel Firmware # CONFIG_IFD_PLATFORM_SECTION="" -CONFIG_VBOOT_VBNV_OFFSET=0x26 -# CONFIG_VBOOT_VBNV_CMOS is not set -# CONFIG_VBOOT_VBNV_EC is not set -# CONFIG_VBOOT is not set + +# +# Verified Boot (vboot) +# # CONFIG_MAINBOARD_HAS_CHROMEOS is not set +# CONFIG_GOOGLE_SMBIOS_MAINBOARD_VERSION is not set # CONFIG_UEFI_2_4_BINDING is not set # CONFIG_UDK_2015_BINDING is not set # CONFIG_USE_SIEMENS_HWILIB is not set @@ -400,6 +405,9 @@ CONFIG_IOAPIC_INTERRUPTS_ON_FSB=y # CONFIG_POSTCAR_STAGE is not set # CONFIG_VERSTAGE_DEBUG_SPINLOOP is not set # CONFIG_ROMSTAGE_DEBUG_SPINLOOP is not set +CONFIG_BOOTBLOCK_SIMPLE=y +# CONFIG_BOOTBLOCK_NORMAL is not set +CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c" # # Devices @@ -407,21 +415,23 @@ CONFIG_IOAPIC_INTERRUPTS_ON_FSB=y CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT=y CONFIG_NATIVE_VGA_INIT_USE_EDID=y CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT_TEXTMODECFG=y +CONFIG_MAINBOARD_HAS_LIBGFXINIT=y +# CONFIG_MAINBOARD_USE_LIBGFXINIT is not set # CONFIG_ON_DEVICE_ROM_LOAD is not set # CONFIG_MULTIPLE_VGA_ADAPTERS is not set # CONFIG_SMBUS_HAS_AUX_CHANNELS is not set -# CONFIG_SPD_CACHE is not set CONFIG_PCI=y +CONFIG_MMCONF_SUPPORT=y # CONFIG_HYPERTRANSPORT_PLUGIN_SUPPORT is not set CONFIG_PCIX_PLUGIN_SUPPORT=y -CONFIG_PCIEXP_PLUGIN_SUPPORT=y CONFIG_CARDBUS_PLUGIN_SUPPORT=y # CONFIG_AZALIA_PLUGIN_SUPPORT is not set +CONFIG_PCIEXP_PLUGIN_SUPPORT=y CONFIG_PCIEXP_COMMON_CLOCK=y CONFIG_PCIEXP_ASPM=y # CONFIG_PCIEXP_CLK_PM is not set -# CONFIG_EARLY_PCI_BRIDGE is not set # CONFIG_PCIEXP_L1_SUB_STATE is not set +# CONFIG_EARLY_PCI_BRIDGE is not set CONFIG_SUBSYSTEM_VENDOR_ID=0x0000 CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 # CONFIG_SOFTWARE_I2C is not set @@ -439,11 +449,9 @@ CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 # CONFIG_IPMI_KCS is not set # CONFIG_DRIVERS_LENOVO_WACOM is not set # CONFIG_DRIVERS_LENOVO_HYBRID_GRAPHICS is not set -# CONFIG_REALTEK_8168_RESET is not set CONFIG_SPI_FLASH=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y # CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY is not set -CONFIG_SPI_ATOMIC_SEQUENCING=y # CONFIG_SPI_FLASH_SMM is not set # CONFIG_SPI_FLASH_NO_FAST_READ is not set CONFIG_SPI_FLASH_ADESTO=y @@ -457,7 +465,9 @@ CONFIG_SPI_FLASH_SST=y CONFIG_SPI_FLASH_STMICRO=y CONFIG_SPI_FLASH_WINBOND=y # CONFIG_SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B is not set +# CONFIG_SPI_FLASH_HAS_VOLATILE_GROUP is not set # CONFIG_HAVE_SPI_CONSOLE_SUPPORT is not set +# CONFIG_DRIVERS_STORAGE is not set # CONFIG_DRIVERS_UART is not set # CONFIG_DRIVERS_UART_8250IO_SKIP_INIT is not set CONFIG_NO_UART_ON_SUPERIO=y @@ -472,18 +482,32 @@ CONFIG_NO_UART_ON_SUPERIO=y CONFIG_HAVE_USBDEBUG=y CONFIG_HAVE_USBDEBUG_OPTIONS=y CONFIG_SMBIOS_PROVIDED_BY_MOBO=y +# CONFIG_DRIVERS_I2C_MAX98927 is not set # CONFIG_DRIVERS_I2C_PCF8523 is not set # CONFIG_DRIVERS_I2C_RTD2132 is not set # CONFIG_I2C_TPM is not set +# CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL is not set # CONFIG_MAINBOARD_HAS_I2C_TPM_CR50 is not set -# CONFIG_DRIVER_I2C_TPM_ACPI is not set # CONFIG_INTEL_DP is not set # CONFIG_INTEL_DDI is not set CONFIG_INTEL_EDID=y CONFIG_INTEL_INT15=y CONFIG_INTEL_GMA_ACPI=y +# CONFIG_INTEL_GMA_SSC_ALTERNATE_REF is not set +CONFIG_GFX_GMA=y +CONFIG_GFX_GMA_CPU="Ivybridge" +CONFIG_GFX_GMA_CPU_VARIANT="Normal" +# CONFIG_GFX_GMA_INTERNAL_IS_EDP is not set +CONFIG_GFX_GMA_INTERNAL_IS_LVDS=y +CONFIG_GFX_GMA_INTERNAL_PORT="LVDS" +# CONFIG_GFX_GMA_ANALOG_I2C_HDMI_B is not set +# CONFIG_GFX_GMA_ANALOG_I2C_HDMI_C is not set +# CONFIG_GFX_GMA_ANALOG_I2C_HDMI_D is not set +CONFIG_GFX_GMA_ANALOG_I2C_PORT="PCH_DAC" # CONFIG_DRIVER_INTEL_I210 is not set +# CONFIG_DRIVERS_INTEL_MIPI_CAMERA is not set CONFIG_DRIVERS_INTEL_WIFI=y +# CONFIG_USE_SAR is not set # CONFIG_DRIVER_MAXIM_MAX77686 is not set # CONFIG_DRIVER_PARADE_PS8625 is not set # CONFIG_DRIVER_PARADE_PS8640 is not set @@ -497,6 +521,7 @@ CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 CONFIG_DRIVERS_RICOH_RCE822=y # CONFIG_DRIVER_SIEMENS_NC_FPGA is not set # CONFIG_DRIVERS_SIL_3114 is not set +# CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set # CONFIG_DRIVER_TI_TPS65090 is not set # CONFIG_DRIVERS_TI_TPS65913 is not set # CONFIG_DRIVERS_TI_TPS65913_RTC is not set @@ -509,9 +534,8 @@ CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y # CONFIG_BOOT_DEVICE_SUPPORTS_WRITES is not set CONFIG_RTC=y CONFIG_TPM=y +# CONFIG_MAINBOARD_HAS_TPM_CR50 is not set CONFIG_STACK_SIZE=0x1000 -CONFIG_MMCONF_SUPPORT_DEFAULT=y -CONFIG_MMCONF_SUPPORT=y # # Console @@ -532,8 +556,12 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set # CONFIG_CMOS_POST is not set +# CONFIG_CONSOLE_POST is not set # CONFIG_NO_EARLY_BOOTBLOCK_POSTCODES is not set +# CONFIG_HWBASE_DEBUG_CB is not set +CONFIG_HWBASE_DEBUG_NULL=y CONFIG_HAVE_ACPI_RESUME=y +# CONFIG_ACPI_HUGE_LOWMEM_BACKUP is not set CONFIG_RESUME_PATH_SAME_AS_BOOT=y CONFIG_HAVE_HARD_RESET=y # CONFIG_HAVE_ROMSTAGE_CONSOLE_SPINLOCK is not set @@ -605,6 +633,7 @@ CONFIG_DEBUG_SMM_RELOCATION=y # CONFIG_DEBUG_SPI_FLASH is not set # CONFIG_TRACE is not set # CONFIG_DEBUG_BOOT_STATE is not set +# CONFIG_DEBUG_ADA_CODE is not set # CONFIG_ENABLE_APIC_EXT_ID is not set CONFIG_WARNINGS_ARE_ERRORS=y # CONFIG_POWER_BUTTON_DEFAULT_ENABLE is not set @@ -615,3 +644,13 @@ CONFIG_WARNINGS_ARE_ERRORS=y # CONFIG_REG_SCRIPT is not set # CONFIG_CREATE_BOARD_CHECKLIST is not set # CONFIG_MAKE_CHECKLIST_PUBLIC is not set +# CONFIG_RAMSTAGE_ADA is not set +# CONFIG_RAMSTAGE_LIBHWBASE is not set +CONFIG_HWBASE_DYNAMIC_MMIO=y +# CONFIG_NO_XIP_EARLY_STAGES is not set +CONFIG_EARLY_CBMEM_INIT=y +# CONFIG_EARLY_CBMEM_LIST is not set +CONFIG_RELOCATABLE_MODULES=y +# CONFIG_BOARD_ID_AUTO is not set +# CONFIG_BOARD_ID_MANUAL is not set +CONFIG_BOOTBLOCK_CUSTOM=y diff --git a/config/coreboot-x230.flash.config b/config/coreboot-x230.flash.config index 95343ff0..8faeb23f 100644 --- a/config/coreboot-x230.flash.config +++ b/config/coreboot-x230.flash.config @@ -6,6 +6,7 @@ # # General setup # +CONFIG_COREBOOT_BUILD=y CONFIG_LOCALVERSION="heads" CONFIG_CBFS_PREFIX="fallback" CONFIG_COMPILER_GCC=y @@ -13,36 +14,25 @@ CONFIG_COMPILER_GCC=y # CONFIG_ANY_TOOLCHAIN is not set # CONFIG_CCACHE is not set # CONFIG_FMD_GENPARSER is not set -# CONFIG_SCONFIG_GENPARSER is not set +# CONFIG_UTIL_GENPARSER is not set # CONFIG_USE_OPTION_TABLE is not set -# CONFIG_UNCOMPRESSED_RAMSTAGE is not set CONFIG_COMPRESS_RAMSTAGE=y # CONFIG_INCLUDE_CONFIG_FILE is not set -# CONFIG_NO_XIP_EARLY_STAGES is not set -CONFIG_EARLY_CBMEM_INIT=y -# CONFIG_EARLY_CBMEM_LIST is not set # CONFIG_COLLECT_TIMESTAMPS is not set CONFIG_USE_BLOBS=y # CONFIG_COVERAGE is not set -CONFIG_RELOCATABLE_MODULES=y -# CONFIG_RELOCATABLE_RAMSTAGE is not set -# CONFIG_NO_STAGE_CACHE is not set -CONFIG_BOOTBLOCK_SIMPLE=y -# CONFIG_BOOTBLOCK_NORMAL is not set -CONFIG_BOOTBLOCK_CUSTOM=y -CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c" -# CONFIG_C_ENVIRONMENT_BOOTBLOCK is not set +CONFIG_RELOCATABLE_RAMSTAGE=y # CONFIG_UPDATE_IMAGE is not set -# CONFIG_GENERIC_GPIO_LIB is not set -# CONFIG_BOARD_ID_AUTO is not set -# CONFIG_BOARD_ID_MANUAL is not set -# CONFIG_RAM_CODE_SUPPORT is not set # CONFIG_BOOTSPLASH_IMAGE is not set CONFIG_MEASURED_BOOT=y # # Mainboard # + +# +# Important: Run 'make distclean' before switching boards +# # CONFIG_VENDOR_A_TREND is not set # CONFIG_VENDOR_AAEON is not set # CONFIG_VENDOR_ABIT is not set @@ -87,6 +77,7 @@ CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_LENOVO=y # CONFIG_VENDOR_LINUTOP is not set # CONFIG_VENDOR_LIPPERT is not set +# CONFIG_VENDOR_LOWRISC is not set # CONFIG_VENDOR_MITAC is not set # CONFIG_VENDOR_MSI is not set # CONFIG_VENDOR_NEC is not set @@ -98,6 +89,7 @@ CONFIG_VENDOR_LENOVO=y # CONFIG_VENDOR_RCA is not set # CONFIG_VENDOR_RODA is not set # CONFIG_VENDOR_SAMSUNG is not set +# CONFIG_VENDOR_SAPPHIRE is not set # CONFIG_VENDOR_SIEMENS is not set # CONFIG_VENDOR_SOYO is not set # CONFIG_VENDOR_SUNW is not set @@ -120,6 +112,7 @@ CONFIG_CBFS_SIZE=0x400000 CONFIG_UART_FOR_CONSOLE=0 CONFIG_VGA_BIOS_ID="8086,0166" # CONFIG_ONBOARD_VGA_IS_PRIMARY is not set +CONFIG_DIMM_SPD_SIZE=256 # CONFIG_VGA_BIOS is not set CONFIG_DCACHE_RAM_BASE=0xfefe0000 CONFIG_DCACHE_RAM_SIZE=0x20000 @@ -131,6 +124,7 @@ CONFIG_MMCONF_BASE_ADDRESS=0xf8000000 # CONFIG_HAVE_ME_BIN is not set CONFIG_DRAM_RESET_GATE_GPIO=10 CONFIG_POST_IO=y +CONFIG_DEVICETREE="devicetree.cb" CONFIG_MAX_REBOOT_CNT=3 CONFIG_MAINBOARD_DO_NATIVE_VGA_INIT=y CONFIG_ID_SECTION_OFFSET=0x80 @@ -138,16 +132,18 @@ CONFIG_ID_SECTION_OFFSET=0x80 CONFIG_USBDEBUG_HCD_INDEX=2 CONFIG_IFD_BIOS_SECTION="" CONFIG_IFD_ME_SECTION="" +# CONFIG_VBOOT is not set CONFIG_TPM_PIRQ=0x0 CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0 -CONFIG_DRIVERS_PS2_KEYBOARD=y -CONFIG_DEVICETREE="devicetree.cb" +CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00 CONFIG_TTYS0_LCS=3 -# CONFIG_CONSOLE_POST is not set CONFIG_DRIVERS_UART_8250IO=y +CONFIG_FMDFILE="" CONFIG_IFD_GBE_SECTION="" # CONFIG_BOARD_LENOVO_G505S is not set +# CONFIG_BOARD_LENOVO_L520 is not set # CONFIG_BOARD_LENOVO_R400 is not set +# CONFIG_BOARD_LENOVO_S230U is not set # CONFIG_BOARD_LENOVO_T400 is not set # CONFIG_BOARD_LENOVO_T420 is not set # CONFIG_BOARD_LENOVO_T420S is not set @@ -156,6 +152,7 @@ CONFIG_IFD_GBE_SECTION="" # CONFIG_BOARD_LENOVO_T520 is not set # CONFIG_BOARD_LENOVO_T530 is not set # CONFIG_BOARD_LENOVO_T60 is not set +# CONFIG_BOARD_LENOVO_X1_CARBON_GEN1 is not set # CONFIG_BOARD_LENOVO_X200 is not set # CONFIG_BOARD_LENOVO_X201 is not set # CONFIG_BOARD_LENOVO_X220 is not set @@ -165,6 +162,7 @@ CONFIG_BOARD_LENOVO_X230=y CONFIG_CPU_ADDR_BITS=36 CONFIG_DEFAULT_CONSOLE_LOGLEVEL=8 # CONFIG_USBDEBUG is not set +CONFIG_DRIVERS_PS2_KEYBOARD=y # CONFIG_NO_POST is not set CONFIG_BOARD_ROMSIZE_KB_12288=y # CONFIG_COREBOOT_ROMSIZE_KB_64 is not set @@ -181,7 +179,6 @@ CONFIG_COREBOOT_ROMSIZE_KB_12288=y # CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set CONFIG_COREBOOT_ROMSIZE_KB=12288 CONFIG_ROM_SIZE=0xc00000 -CONFIG_FMDFILE="" # CONFIG_MAINBOARD_HAS_TPM2 is not set CONFIG_SYSTEM_TYPE_LAPTOP=y # CONFIG_CBFS_AUTOGEN_ATTRIBUTES is not set @@ -200,6 +197,7 @@ CONFIG_C_ENV_BOOTBLOCK_SIZE=0x10000 CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y CONFIG_ROMSTAGE_ADDR=0x2000000 CONFIG_VERSTAGE_ADDR=0x2000000 +CONFIG_HEAP_SIZE=0x4000 CONFIG_SPI_FLASH_INCLUDE_ALL_DRIVERS=y CONFIG_SMM_TSEG_SIZE=0x800000 CONFIG_DCACHE_RAM_MRC_VAR_SIZE=0x0 @@ -211,10 +209,11 @@ CONFIG_TTYS0_BASE=0x3f8 CONFIG_EHCI_BAR=0xfef00000 CONFIG_SERIRQ_CONTINUOUS_MODE=y CONFIG_RAMTOP=0x200000 -CONFIG_HEAP_SIZE=0x4000 CONFIG_CONSOLE_CBMEM=y CONFIG_UART_PCI_ADDR=0 CONFIG_HPET_MIN_TICKS=0x80 +# CONFIG_SOC_INTEL_KABYLAKE is not set +# CONFIG_SOC_LOWRISC_LOWRISC is not set # CONFIG_SOC_MARVELL_ARMADA38X is not set # CONFIG_SOC_MARVELL_BG4CD is not set # CONFIG_SOC_MARVELL_MVMAP2315 is not set @@ -235,17 +234,19 @@ CONFIG_TTYS0_BAUD=115200 # # CONFIG_CPU_ALLWINNER_A10 is not set CONFIG_SOCKET_SPECIFIC_OPTIONS=y -CONFIG_XIP_ROM_SIZE=0x10000 +CONFIG_XIP_ROM_SIZE=0x20000 CONFIG_NUM_IPI_STARTS=2 # CONFIG_CPU_AMD_AGESA is not set # CONFIG_CPU_AMD_PI is not set # CONFIG_CPU_ARMLTD_CORTEX_A9 is not set CONFIG_CPU_INTEL_MODEL_306AX=y -CONFIG_ENABLE_VMX=y CONFIG_SSE2=y CONFIG_CPU_INTEL_SOCKET_RPGA989=y # CONFIG_CPU_INTEL_FIRMWARE_INTERFACE_TABLE is not set # CONFIG_CPU_INTEL_TURBO_NOT_PACKAGE_SCOPED is not set +CONFIG_CPU_INTEL_COMMON=y +CONFIG_ENABLE_VMX=y +CONFIG_SET_VMX_LOCK_BIT=y # CONFIG_CPU_TI_AM335X is not set # CONFIG_PARALLEL_CPU_INIT is not set # CONFIG_PARALLEL_MP is not set @@ -267,6 +268,7 @@ CONFIG_SMM_MODULE_HEAP_SIZE=0x4000 # CONFIG_MIRROR_PAYLOAD_TO_RAM_BEFORE_LOADING is not set # CONFIG_SOC_SETS_MSRS is not set CONFIG_CACHE_AS_RAM=y +# CONFIG_NO_CAR_GLOBAL_MIGRATION is not set CONFIG_SMP=y CONFIG_AP_SIPI_VECTOR=0xfffff000 CONFIG_MMX=y @@ -283,6 +285,7 @@ CONFIG_CPU_UCODE_BINARIES="" # Northbridge # # CONFIG_NORTHBRIDGE_AMD_AGESA is not set +# CONFIG_NO_MMCONF_SUPPORT is not set # CONFIG_AMD_NB_CIMX is not set # CONFIG_NORTHBRIDGE_AMD_CIMX_RD890 is not set CONFIG_VIDEO_MB=0 @@ -309,6 +312,7 @@ CONFIG_LOCK_SPI_ON_RESUME_RO=y # CONFIG_LOCK_SPI_ON_RESUME_NO_ACCESS is not set CONFIG_SOUTHBRIDGE_INTEL_COMMON=y CONFIG_SOUTHBRIDGE_INTEL_COMMON_GPIO=y +# CONFIG_LOCK_MANAGEMENT_ENGINE is not set # # Super I/O @@ -327,11 +331,12 @@ CONFIG_HAVE_INTEL_FIRMWARE=y # Intel Firmware # CONFIG_IFD_PLATFORM_SECTION="" -CONFIG_VBOOT_VBNV_OFFSET=0x26 -# CONFIG_VBOOT_VBNV_CMOS is not set -# CONFIG_VBOOT_VBNV_EC is not set -# CONFIG_VBOOT is not set + +# +# Verified Boot (vboot) +# # CONFIG_MAINBOARD_HAS_CHROMEOS is not set +# CONFIG_GOOGLE_SMBIOS_MAINBOARD_VERSION is not set # CONFIG_UEFI_2_4_BINDING is not set # CONFIG_UDK_2015_BINDING is not set # CONFIG_USE_SIEMENS_HWILIB is not set @@ -404,6 +409,9 @@ CONFIG_IOAPIC_INTERRUPTS_ON_FSB=y # CONFIG_POSTCAR_STAGE is not set # CONFIG_VERSTAGE_DEBUG_SPINLOOP is not set # CONFIG_ROMSTAGE_DEBUG_SPINLOOP is not set +CONFIG_BOOTBLOCK_SIMPLE=y +# CONFIG_BOOTBLOCK_NORMAL is not set +CONFIG_BOOTBLOCK_SOURCE="bootblock_simple.c" # # Devices @@ -411,21 +419,23 @@ CONFIG_IOAPIC_INTERRUPTS_ON_FSB=y CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT=y CONFIG_NATIVE_VGA_INIT_USE_EDID=y CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT_TEXTMODECFG=y +CONFIG_MAINBOARD_HAS_LIBGFXINIT=y +# CONFIG_MAINBOARD_USE_LIBGFXINIT is not set # CONFIG_ON_DEVICE_ROM_LOAD is not set # CONFIG_MULTIPLE_VGA_ADAPTERS is not set # CONFIG_SMBUS_HAS_AUX_CHANNELS is not set -# CONFIG_SPD_CACHE is not set CONFIG_PCI=y +CONFIG_MMCONF_SUPPORT=y # CONFIG_HYPERTRANSPORT_PLUGIN_SUPPORT is not set CONFIG_PCIX_PLUGIN_SUPPORT=y -CONFIG_PCIEXP_PLUGIN_SUPPORT=y CONFIG_CARDBUS_PLUGIN_SUPPORT=y # CONFIG_AZALIA_PLUGIN_SUPPORT is not set +CONFIG_PCIEXP_PLUGIN_SUPPORT=y CONFIG_PCIEXP_COMMON_CLOCK=y CONFIG_PCIEXP_ASPM=y # CONFIG_PCIEXP_CLK_PM is not set -# CONFIG_EARLY_PCI_BRIDGE is not set # CONFIG_PCIEXP_L1_SUB_STATE is not set +# CONFIG_EARLY_PCI_BRIDGE is not set CONFIG_SUBSYSTEM_VENDOR_ID=0x0000 CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 # CONFIG_SOFTWARE_I2C is not set @@ -443,11 +453,9 @@ CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 # CONFIG_IPMI_KCS is not set # CONFIG_DRIVERS_LENOVO_WACOM is not set # CONFIG_DRIVERS_LENOVO_HYBRID_GRAPHICS is not set -# CONFIG_REALTEK_8168_RESET is not set CONFIG_SPI_FLASH=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y # CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY is not set -CONFIG_SPI_ATOMIC_SEQUENCING=y # CONFIG_SPI_FLASH_SMM is not set # CONFIG_SPI_FLASH_NO_FAST_READ is not set CONFIG_SPI_FLASH_ADESTO=y @@ -461,7 +469,9 @@ CONFIG_SPI_FLASH_SST=y CONFIG_SPI_FLASH_STMICRO=y CONFIG_SPI_FLASH_WINBOND=y # CONFIG_SPI_FLASH_FAST_READ_DUAL_OUTPUT_3B is not set +# CONFIG_SPI_FLASH_HAS_VOLATILE_GROUP is not set # CONFIG_HAVE_SPI_CONSOLE_SUPPORT is not set +# CONFIG_DRIVERS_STORAGE is not set CONFIG_DRIVERS_UART=y # CONFIG_DRIVERS_UART_8250IO_SKIP_INIT is not set CONFIG_NO_UART_ON_SUPERIO=y @@ -476,18 +486,32 @@ CONFIG_NO_UART_ON_SUPERIO=y CONFIG_HAVE_USBDEBUG=y CONFIG_HAVE_USBDEBUG_OPTIONS=y CONFIG_SMBIOS_PROVIDED_BY_MOBO=y +# CONFIG_DRIVERS_I2C_MAX98927 is not set # CONFIG_DRIVERS_I2C_PCF8523 is not set # CONFIG_DRIVERS_I2C_RTD2132 is not set # CONFIG_I2C_TPM is not set +# CONFIG_MAINBOARD_HAS_I2C_TPM_ATMEL is not set # CONFIG_MAINBOARD_HAS_I2C_TPM_CR50 is not set -# CONFIG_DRIVER_I2C_TPM_ACPI is not set # CONFIG_INTEL_DP is not set # CONFIG_INTEL_DDI is not set CONFIG_INTEL_EDID=y CONFIG_INTEL_INT15=y CONFIG_INTEL_GMA_ACPI=y +# CONFIG_INTEL_GMA_SSC_ALTERNATE_REF is not set +CONFIG_GFX_GMA=y +CONFIG_GFX_GMA_CPU="Ivybridge" +CONFIG_GFX_GMA_CPU_VARIANT="Normal" +# CONFIG_GFX_GMA_INTERNAL_IS_EDP is not set +CONFIG_GFX_GMA_INTERNAL_IS_LVDS=y +CONFIG_GFX_GMA_INTERNAL_PORT="LVDS" +# CONFIG_GFX_GMA_ANALOG_I2C_HDMI_B is not set +# CONFIG_GFX_GMA_ANALOG_I2C_HDMI_C is not set +# CONFIG_GFX_GMA_ANALOG_I2C_HDMI_D is not set +CONFIG_GFX_GMA_ANALOG_I2C_PORT="PCH_DAC" # CONFIG_DRIVER_INTEL_I210 is not set +# CONFIG_DRIVERS_INTEL_MIPI_CAMERA is not set CONFIG_DRIVERS_INTEL_WIFI=y +# CONFIG_USE_SAR is not set # CONFIG_DRIVER_MAXIM_MAX77686 is not set # CONFIG_DRIVER_PARADE_PS8625 is not set # CONFIG_DRIVER_PARADE_PS8640 is not set @@ -501,6 +525,7 @@ CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 CONFIG_DRIVERS_RICOH_RCE822=y # CONFIG_DRIVER_SIEMENS_NC_FPGA is not set # CONFIG_DRIVERS_SIL_3114 is not set +# CONFIG_MAINBOARD_HAS_SPI_TPM_CR50 is not set # CONFIG_DRIVER_TI_TPS65090 is not set # CONFIG_DRIVERS_TI_TPS65913 is not set # CONFIG_DRIVERS_TI_TPS65913_RTC is not set @@ -513,9 +538,8 @@ CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y # CONFIG_BOOT_DEVICE_SUPPORTS_WRITES is not set CONFIG_RTC=y CONFIG_TPM=y +# CONFIG_MAINBOARD_HAS_TPM_CR50 is not set CONFIG_STACK_SIZE=0x1000 -CONFIG_MMCONF_SUPPORT_DEFAULT=y -CONFIG_MMCONF_SUPPORT=y # # Console @@ -551,9 +575,12 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set # CONFIG_CMOS_POST is not set +# CONFIG_CONSOLE_POST is not set CONFIG_POST_IO_PORT=0x80 # CONFIG_NO_EARLY_BOOTBLOCK_POSTCODES is not set +CONFIG_HWBASE_DEBUG_CB=y CONFIG_HAVE_ACPI_RESUME=y +# CONFIG_ACPI_HUGE_LOWMEM_BACKUP is not set CONFIG_RESUME_PATH_SAME_AS_BOOT=y CONFIG_HAVE_HARD_RESET=y # CONFIG_HAVE_ROMSTAGE_CONSOLE_SPINLOCK is not set @@ -626,6 +653,7 @@ CONFIG_DEBUG_SMM_RELOCATION=y # CONFIG_DEBUG_SPI_FLASH is not set # CONFIG_TRACE is not set # CONFIG_DEBUG_BOOT_STATE is not set +# CONFIG_DEBUG_ADA_CODE is not set # CONFIG_ENABLE_APIC_EXT_ID is not set CONFIG_WARNINGS_ARE_ERRORS=y # CONFIG_POWER_BUTTON_DEFAULT_ENABLE is not set @@ -636,3 +664,13 @@ CONFIG_WARNINGS_ARE_ERRORS=y # CONFIG_REG_SCRIPT is not set # CONFIG_CREATE_BOARD_CHECKLIST is not set # CONFIG_MAKE_CHECKLIST_PUBLIC is not set +# CONFIG_RAMSTAGE_ADA is not set +# CONFIG_RAMSTAGE_LIBHWBASE is not set +CONFIG_HWBASE_DYNAMIC_MMIO=y +# CONFIG_NO_XIP_EARLY_STAGES is not set +CONFIG_EARLY_CBMEM_INIT=y +# CONFIG_EARLY_CBMEM_LIST is not set +CONFIG_RELOCATABLE_MODULES=y +# CONFIG_BOARD_ID_AUTO is not set +# CONFIG_BOARD_ID_MANUAL is not set +CONFIG_BOOTBLOCK_CUSTOM=y diff --git a/config/purism13v1-qubes.config b/config/purism13v1-qubes.config index abbd5ea3..a84cc2e3 100644 --- a/config/purism13v1-qubes.config +++ b/config/purism13v1-qubes.config @@ -18,10 +18,11 @@ CONFIG_XEN_VERSION=4.6 CONFIG_LINUX_USB=y #CONFIG_LINUX_E1000E=y -CONFIG_BOOTSCRIPT=/bin/qubes-init +CONFIG_BOOTSCRIPT=/bin/generic-init +CONFIG_BOOT_REQ_HASH=n +CONFIG_BOOT_REQ_ROLLBACK=n +CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +CONFIG_BOOT_KERNEL_REMOVE="quiet" +CONFIG_BOOT_DEV="/dev/sda1" CONFIG_USB_BOOT_DEV="/dev/sdb1" - -# Disks encrypted by the TPM LUKS key -CONFIG_QUBES_BOOT_DEV="/dev/sda1" -CONFIG_QUBES_VG="qubes_dom0" diff --git a/config/x220-generic.config b/config/x220-generic.config index f1a336d7..29c1af34 100644 --- a/config/x220-generic.config +++ b/config/x220-generic.config @@ -23,5 +23,7 @@ CONFIG_BOOTSCRIPT=/bin/generic-init CONFIG_BOOT_REQ_HASH=n CONFIG_BOOT_REQ_ROLLBACK=n +CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +CONFIG_BOOT_KERNEL_REMOVE="quiet" CONFIG_BOOT_DEV="/dev/sda1" CONFIG_USB_BOOT_DEV="/dev/sdb1" diff --git a/modules/coreboot b/modules/coreboot index b1d042ce..c05010d6 100644 --- a/modules/coreboot +++ b/modules/coreboot @@ -2,11 +2,11 @@ modules-y += coreboot #coreboot_version := git #coreboot_repo := https://github.com/osresearch/coreboot -coreboot_version := 4.5 +coreboot_version := 4.6 coreboot_dir := coreboot-$(coreboot_version) coreboot_tar := coreboot-$(coreboot_version).tar.xz coreboot_url := https://www.coreboot.org/releases/$(coreboot_tar) -coreboot_hash := 0ffdcb0d18f506c483f8fe99df54fe7d5769f834eeffdc23160b035fee2a6027 +coreboot_hash := ecfc57f3e16543fe38f83171eaa3a7933098387d0cf597933b7e89a0c95ef531 # Coreboot builds are specialized on a per-target basis. @@ -58,7 +58,7 @@ coreboot-blobs_version := $(coreboot_version) coreboot-blobs_tar := coreboot-blobs-$(coreboot-blobs_version).tar.xz coreboot-blobs_dir := coreboot-$(coreboot-blobs_version)/3rdparty/blobs coreboot-blobs_url := https://www.coreboot.org/releases/$(coreboot-blobs_tar) -coreboot-blobs_hash := 86dc3939f546fa9c3907434f9e8ee9e2362f9572b492fc92ea89ae313cf214e4 +coreboot-blobs_hash := 1dc17ef41496791c241490897a65078b0cfbaca6a0a37dc72ce048f25993824c ## there is nothing to build for the blobs, this should be ## made easier to make happen diff --git a/patches/coreboot-4.5.patch b/patches/coreboot-4.6.patch similarity index 79% rename from patches/coreboot-4.5.patch rename to patches/coreboot-4.6.patch index 33bc04ad..6f4f97f5 100644 --- a/patches/coreboot-4.5.patch +++ b/patches/coreboot-4.6.patch @@ -1,8 +1,8 @@ -diff --git a/src/Kconfig b/src/Kconfig -index 91b27ce..2e9beb9 100644 ---- a/src/Kconfig -+++ b/src/Kconfig -@@ -365,6 +365,21 @@ config BOOTSPLASH_FILE +diff --git ./src/Kconfig ./src/Kconfig +index 49f8672..4ca811d 100644 +--- ./src/Kconfig ++++ ./src/Kconfig +@@ -259,6 +259,21 @@ config BOOTSPLASH_FILE The path and filename of the file to use as graphical bootsplash screen. The file format has to be jpg. @@ -24,11 +24,11 @@ index 91b27ce..2e9beb9 100644 endmenu menu "Mainboard" -diff --git a/src/include/sha1.h b/src/include/sha1.h +diff --git ./src/include/sha1.h ./src/include/sha1.h new file mode 100644 index 0000000..e7e28e6 --- /dev/null -+++ b/src/include/sha1.h ++++ ./src/include/sha1.h @@ -0,0 +1,31 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be @@ -61,12 +61,12 @@ index 0000000..e7e28e6 +uint8_t *sha1_final(struct sha1_ctx *ctx); + +#endif /* _sha1_h_ */ -diff --git a/src/include/tpm_lite/tlcl.h b/src/include/tpm_lite/tlcl.h -index 8ea5564..c600d78 100644 ---- a/src/include/tpm_lite/tlcl.h -+++ b/src/include/tpm_lite/tlcl.h +diff --git ./src/include/tpm_lite/tlcl.h ./src/include/tpm_lite/tlcl.h +index 8dd5d80..15fbebf 100644 +--- ./src/include/tpm_lite/tlcl.h ++++ ./src/include/tpm_lite/tlcl.h @@ -147,6 +147,11 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest, - uint8_t *out_digest); + uint8_t *out_digest); /** + * Perform a SHA1 hash on a region and extend a PCR with the hash. @@ -77,30 +77,30 @@ index 8ea5564..c600d78 100644 * Get the entire set of permanent flags. */ uint32_t tlcl_get_permanent_flags(TPM_PERMANENT_FLAGS *pflags); -diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc -index 67f8364..20b359a 100644 ---- a/src/lib/Makefile.inc -+++ b/src/lib/Makefile.inc -@@ -56,7 +56,14 @@ else - libverstage-$(CONFIG_TPM) += tlcl.c - libverstage-$(CONFIG_TPM2) += tpm2_marshaling.c - libverstage-$(CONFIG_TPM2) += tpm2_tlcl.c -+ +diff --git ./src/lib/Makefile.inc ./src/lib/Makefile.inc +index 8f92b29..1822daf 100644 +--- ./src/lib/Makefile.inc ++++ ./src/lib/Makefile.inc +@@ -54,8 +54,13 @@ verstage-$(CONFIG_TPM) += tlcl.c + verstage-$(CONFIG_TPM2) += tpm2_marshaling.c + verstage-$(CONFIG_TPM2) += tpm2_tlcl.c + +-ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y) +# Add the TPM support into the ROM stage for measuring the bootblock -+romstage-$(CONFIG_TPM) += tlcl.c + romstage-$(CONFIG_TPM) += tlcl.c +romstage-$(CONFIG_TPM) += sha1.c +ramstage-$(CONFIG_TPM) += tlcl.c +ramstage-$(CONFIG_TPM) += sha1.c - endif -+$(info yes) - - verstage-$(CONFIG_GENERIC_UDELAY) += timer.c - verstage-$(CONFIG_GENERIC_GPIO_LIB) += gpio.c -diff --git a/src/lib/cbfs.c b/src/lib/cbfs.c -index 5a2f63f..c5b145d 100644 ---- a/src/lib/cbfs.c -+++ b/src/lib/cbfs.c -@@ -69,9 +69,15 @@ void *cbfs_boot_map_with_leak(const char *name, uint32_t type, size_t *size) ++ ++ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y) + romstage-$(CONFIG_TPM2) += tpm2_marshaling.c + romstage-$(CONFIG_TPM2) += tpm2_tlcl.c + endif # CONFIG_VBOOT_SEPARATE_VERSTAGE +diff --git ./src/lib/cbfs.c ./src/lib/cbfs.c +index 11bce2c..c1024f9 100644 +--- ./src/lib/cbfs.c ++++ ./src/lib/cbfs.c +@@ -69,7 +69,11 @@ void *cbfs_boot_map_with_leak(const char *name, uint32_t type, size_t *size) if (size != NULL) *size = fsize; @@ -112,12 +112,8 @@ index 5a2f63f..c5b145d 100644 + return buffer; } -+ -+ - size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset, - size_t in_size, void *buffer, size_t buffer_size, uint32_t compression) - { -@@ -83,7 +89,8 @@ size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset, + int cbfs_locate_file_in_region(struct cbfsf *fh, const char *region_name, +@@ -97,7 +101,8 @@ size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset, return 0; if (rdev_readat(rdev, buffer, offset, in_size) != in_size) return 0; @@ -127,7 +123,7 @@ index 5a2f63f..c5b145d 100644 case CBFS_COMPRESS_LZ4: if ((ENV_BOOTBLOCK || ENV_VERSTAGE) && -@@ -101,7 +108,7 @@ size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset, +@@ -115,7 +120,7 @@ size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset, timestamp_add_now(TS_START_ULZ4F); out_size = ulz4fn(compr_start, in_size, buffer, buffer_size); timestamp_add_now(TS_END_ULZ4F); @@ -136,7 +132,7 @@ index 5a2f63f..c5b145d 100644 case CBFS_COMPRESS_LZMA: if (ENV_BOOTBLOCK || ENV_VERSTAGE) -@@ -120,11 +127,15 @@ size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset, +@@ -134,11 +139,15 @@ size_t cbfs_load_and_decompress(const struct region_device *rdev, size_t offset, rdev_munmap(rdev, map); @@ -153,11 +149,11 @@ index 5a2f63f..c5b145d 100644 } static inline int tohex4(unsigned int c) -diff --git a/src/lib/hardwaremain.c b/src/lib/hardwaremain.c -index ab4d9f4..01d83cb 100644 ---- a/src/lib/hardwaremain.c -+++ b/src/lib/hardwaremain.c -@@ -31,6 +31,7 @@ +diff --git ./src/lib/hardwaremain.c ./src/lib/hardwaremain.c +index a56d68e..94f7c95 100644 +--- ./src/lib/hardwaremain.c ++++ ./src/lib/hardwaremain.c +@@ -32,6 +32,7 @@ #include #include #include @@ -165,7 +161,7 @@ index ab4d9f4..01d83cb 100644 #include #if CONFIG_HAVE_ACPI_RESUME #include -@@ -526,3 +527,13 @@ void boot_state_current_unblock(void) +@@ -544,3 +545,13 @@ void boot_state_current_unblock(void) { boot_state_unblock(current_phase.state_id, current_phase.seq); } @@ -179,10 +175,10 @@ index ab4d9f4..01d83cb 100644 + } +} + -diff --git a/src/lib/rmodule.c b/src/lib/rmodule.c -index 7043157..e3c6ef5 100644 ---- a/src/lib/rmodule.c -+++ b/src/lib/rmodule.c +diff --git ./src/lib/rmodule.c ./src/lib/rmodule.c +index a3a74ac..f5c3ad3 100644 +--- ./src/lib/rmodule.c ++++ ./src/lib/rmodule.c @@ -125,10 +125,21 @@ static inline size_t rmodule_number_relocations(const struct rmodule *module) static void rmodule_copy_payload(const struct rmodule *module) @@ -219,11 +215,11 @@ index 7043157..e3c6ef5 100644 reloc++; num_relocations--; -diff --git a/src/lib/sha1.c b/src/lib/sha1.c +diff --git ./src/lib/sha1.c ./src/lib/sha1.c new file mode 100644 index 0000000..506907f --- /dev/null -+++ b/src/lib/sha1.c ++++ ./src/lib/sha1.c @@ -0,0 +1,175 @@ +/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be @@ -400,11 +396,11 @@ index 0000000..506907f + ctx->state[4] = 0xC3D2E1F0; + ctx->count = 0; +} -diff --git a/src/lib/tlcl.c b/src/lib/tlcl.c -index ccf4e80..fe78b70 100644 ---- a/src/lib/tlcl.c -+++ b/src/lib/tlcl.c -@@ -18,6 +18,7 @@ +diff --git ./src/lib/tlcl.c ./src/lib/tlcl.c +index 49854cb..32eb128 100644 +--- ./src/lib/tlcl.c ++++ ./src/lib/tlcl.c +@@ -19,6 +19,7 @@ #include #include #include @@ -412,7 +408,7 @@ index ccf4e80..fe78b70 100644 #include #include "tlcl_internal.h" #include "tlcl_structures.h" -@@ -325,3 +326,23 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t* in_digest, +@@ -351,3 +352,23 @@ uint32_t tlcl_extend(int pcr_num, const uint8_t *in_digest, kPcrDigestLength); return result; } @@ -436,10 +432,10 @@ index ccf4e80..fe78b70 100644 + return tlcl_extend(pcr_num, hash, NULL); +} + -diff --git a/src/northbridge/intel/sandybridge/romstage.c b/src/northbridge/intel/sandybridge/romstage.c -index a2ca1c1..df80286 100644 ---- a/src/northbridge/intel/sandybridge/romstage.c -+++ b/src/northbridge/intel/sandybridge/romstage.c +diff --git ./src/northbridge/intel/sandybridge/romstage.c ./src/northbridge/intel/sandybridge/romstage.c +index 738e285..2b16657 100644 +--- ./src/northbridge/intel/sandybridge/romstage.c ++++ ./src/northbridge/intel/sandybridge/romstage.c @@ -29,6 +29,8 @@ #include #include @@ -465,7 +461,7 @@ index a2ca1c1..df80286 100644 + tlcl_measure(1, &_romstage, &_eromstage - &_romstage); + } + - /* USB is inited in MRC if MRC is used. */ + /* USB is initialized in MRC if MRC is used. */ if (CONFIG_USE_NATIVE_RAMINIT) { early_usb_init(mainboard_usb_ports); @@ -116,9 +130,23 @@ void mainboard_romstage_entry(unsigned long bist) @@ -493,21 +489,3 @@ index a2ca1c1..df80286 100644 + } +} + -diff --git a/util/crossgcc/buildgcc b/util/crossgcc/buildgcc -index 4883754..1037fe0 100755 ---- a/util/crossgcc/buildgcc -+++ b/util/crossgcc/buildgcc -@@ -502,6 +502,13 @@ set_hostcflags_from_gmp() { - } - - build_GMP() { -+ # Check if GCC enables `-pie` by default (possible since GCC 6). -+ # We need PIC in all static libraries then. -+ if "${CC}" -dumpspecs 2>/dev/null | grep -q '[{;][[:space:]]*:-pie\>' -+ then -+ OPTIONS="$OPTIONS --with-pic" -+ fi -+ - CC="$CC" ../${GMP_DIR}/configure --disable-shared --enable-fat \ - --prefix=$TARGETDIR $OPTIONS \ - || touch .failed From 87251fd1b16400ddaf916a16b2c3479264d5983c Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Sun, 27 Aug 2017 15:39:22 -0400 Subject: [PATCH 11/17] Changed to coreboot patch to not measure relocated modules --- patches/coreboot-4.6.patch | 70 +++++++++++++++----------------------- 1 file changed, 28 insertions(+), 42 deletions(-) diff --git a/patches/coreboot-4.6.patch b/patches/coreboot-4.6.patch index 6f4f97f5..5e2824ca 100644 --- a/patches/coreboot-4.6.patch +++ b/patches/coreboot-4.6.patch @@ -24,6 +24,19 @@ index 49f8672..4ca811d 100644 endmenu menu "Mainboard" +diff --git ./src/include/program_loading.h ./src/include/program_loading.h +index 416e2e9..40486cd 100644 +--- ./src/include/program_loading.h ++++ ./src/include/program_loading.h +@@ -24,6 +24,8 @@ enum { + /* Last segment of program. Can be used to take different actions for + * cache maintenance of a program load. */ + SEG_FINAL = 1 << 0, ++ /* Indicate that the program segment should not be measured */ ++ SEG_NO_MEASURE = 1 << 1, + }; + + enum prog_type { diff --git ./src/include/sha1.h ./src/include/sha1.h new file mode 100644 index 0000000..e7e28e6 @@ -97,7 +110,7 @@ index 8f92b29..1822daf 100644 romstage-$(CONFIG_TPM2) += tpm2_tlcl.c endif # CONFIG_VBOOT_SEPARATE_VERSTAGE diff --git ./src/lib/cbfs.c ./src/lib/cbfs.c -index 11bce2c..c1024f9 100644 +index 11bce2c..8428245 100644 --- ./src/lib/cbfs.c +++ ./src/lib/cbfs.c @@ -69,7 +69,11 @@ void *cbfs_boot_map_with_leak(const char *name, uint32_t type, size_t *size) @@ -107,7 +120,7 @@ index 11bce2c..c1024f9 100644 - return rdev_mmap(&fh.data, 0, fsize); + void * buffer = rdev_mmap(&fh.data, 0, fsize); + -+ prog_segment_loaded((uintptr_t)buffer, fsize, SEG_FINAL); ++ prog_segment_loaded((uintptr_t)buffer, fsize, 0); + + return buffer; } @@ -143,14 +156,14 @@ index 11bce2c..c1024f9 100644 return 0; } + -+ prog_segment_loaded((uintptr_t)buffer, out_size, SEG_FINAL); ++ prog_segment_loaded((uintptr_t)buffer, out_size, 0); + + return out_size; } static inline int tohex4(unsigned int c) diff --git ./src/lib/hardwaremain.c ./src/lib/hardwaremain.c -index a56d68e..94f7c95 100644 +index a56d68e..8c13f5f 100644 --- ./src/lib/hardwaremain.c +++ ./src/lib/hardwaremain.c @@ -32,6 +32,7 @@ @@ -169,52 +182,25 @@ index a56d68e..94f7c95 100644 +// ramstage measurements go into PCR3 if we are doing measured boot +void platform_segment_loaded(uintptr_t start, size_t size, int flags) +{ -+ if (IS_ENABLED(CONFIG_MEASURED_BOOT)) ++ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE)) + { + tlcl_measure(3, (const void*) start, size); + } +} + diff --git ./src/lib/rmodule.c ./src/lib/rmodule.c -index a3a74ac..f5c3ad3 100644 +index a3a74ac..bb99e5f 100644 --- ./src/lib/rmodule.c +++ ./src/lib/rmodule.c -@@ -125,10 +125,21 @@ static inline size_t rmodule_number_relocations(const struct rmodule *module) +@@ -198,7 +198,7 @@ int rmodule_load(void *base, struct rmodule *module) + rmodule_clear_bss(module); - static void rmodule_copy_payload(const struct rmodule *module) - { -- printk(BIOS_DEBUG, "Loading module at %p with entry %p. " -- "filesize: 0x%x memsize: 0x%x\n", -- module->location, rmodule_entry(module), -- module->payload_size, rmodule_memory_size(module)); -+ const size_t mem_size = rmodule_memory_size(module); -+ -+ printk(BIOS_DEBUG, "Loading module at %p/%p with entry %p. " -+ "filesize: 0x%x memsize: 0x%zx\n", -+ module->location, module->payload, rmodule_entry(module), -+ module->payload_size, mem_size); -+ -+ // zero the excess memory if there is any -+ if (mem_size > module->payload_size) -+ { -+ memset((uint8_t*) module->location + module->payload_size, -+ 0, -+ mem_size - module->payload_size -+ ); -+ } + prog_segment_loaded((uintptr_t)module->location, +- rmodule_memory_size(module), SEG_FINAL); ++ rmodule_memory_size(module), SEG_FINAL | SEG_NO_MEASURE); - /* No need to copy the payload if the load location and the - * payload location are the same. */ -@@ -162,7 +173,8 @@ static int rmodule_relocate(const struct rmodule *module) - printk(PK_ADJ_LEVEL, "Adjusting %p: 0x%08lx -> 0x%08lx\n", - adjust_loc, (unsigned long) *adjust_loc, - (unsigned long) (*adjust_loc + adjustment)); -- *adjust_loc += adjustment; -+ -+ *adjust_loc += adjustment; - - reloc++; - num_relocations--; + return 0; + } diff --git ./src/lib/sha1.c ./src/lib/sha1.c new file mode 100644 index 0000000..506907f @@ -433,7 +419,7 @@ index 49854cb..32eb128 100644 +} + diff --git ./src/northbridge/intel/sandybridge/romstage.c ./src/northbridge/intel/sandybridge/romstage.c -index 738e285..2b16657 100644 +index 738e285..c7c0c62 100644 --- ./src/northbridge/intel/sandybridge/romstage.c +++ ./src/northbridge/intel/sandybridge/romstage.c @@ -29,6 +29,8 @@ @@ -483,7 +469,7 @@ index 738e285..2b16657 100644 + +void platform_segment_loaded(uintptr_t start, size_t size, int flags) +{ -+ if (IS_ENABLED(CONFIG_MEASURED_BOOT)) ++ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE)) + { + tlcl_measure(2, (const void*) start, size); + } From 8d34bcc6bc45dae6dac5a78b6e1a3d6e0123621d Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Sat, 28 Oct 2017 15:12:39 -0400 Subject: [PATCH 12/17] Update qubes xen version for QSB 34 and QSB 35 For Qubes 3.2: version 4.6.6-34 For Qubes 4.0: version 4.8.2-9 --- modules/xen | 8 ++--- ...{xen-4.6.6-30.patch => xen-4.6.6-34.patch} | 29 ++++++++++--------- .../{xen-4.8.2-2.patch => xen-4.8.2-9.patch} | 4 +-- 3 files changed, 22 insertions(+), 19 deletions(-) rename patches/{xen-4.6.6-30.patch => xen-4.6.6-34.patch} (93%) rename patches/{xen-4.8.2-2.patch => xen-4.8.2-9.patch} (97%) diff --git a/modules/xen b/modules/xen index 7279536e..949ad456 100644 --- a/modules/xen +++ b/modules/xen @@ -2,12 +2,12 @@ modules-$(CONFIG_XEN) += xen ifeq "$(CONFIG_XEN_VERSION)" "4.8" xen_base_version := 4.8.2 - xen_version := $(xen_base_version)-2 - xen_hash := 866855dfbe1e7d6086738e2e82fa0475bf831f4a65df224abf6dc5589122c7d5 + xen_version := $(xen_base_version)-9 + xen_hash := c8d2e7d155fd35a40f8da9aab646a18b073488b6dd92b3097d70e541d4f4741e else xen_base_version := 4.6.6 - xen_version := $(xen_base_version)-30 - xen_hash := 65cdbdb77d30475d77d849011343cba970b61c99d6638ccfeca4b7bbc308dc36 + xen_version := $(xen_base_version)-34 + xen_hash := b5cc725fc12e0885b5fb4e9f0af6516a3f3025cbe9b49ecdfa71c1c13c4ac55e endif # We extract the entire Xen tree, but only use the xen/xen hypervisor diff --git a/patches/xen-4.6.6-30.patch b/patches/xen-4.6.6-34.patch similarity index 93% rename from patches/xen-4.6.6-30.patch rename to patches/xen-4.6.6-34.patch index ba65736a..1344b4dd 100644 --- a/patches/xen-4.6.6-30.patch +++ b/patches/xen-4.6.6-34.patch @@ -1,5 +1,5 @@ diff --git ./Makefile ./Makefile -index c210da9..d8f8708 100644 +index 13fa4af..0320888 100644 --- ./Makefile +++ ./Makefile @@ -122,6 +122,7 @@ verrel: @@ -54,18 +54,11 @@ index b1c8468..74a4c20 100755 +do + patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/$i +done -diff --git ./series.conf ./series.conf -index ede01b2..109ddfb 100644 ---- ./series.conf -+++ ./series.conf -@@ -98,3 +98,5 @@ patches.qubes/libxl-disable-forced-vkb-for-HVM.patch - patches.qubes/xenconsoled-enable-logging.patch - patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch - patches.qubes/xen-hotplug-qubesdb-update.patch -+ -+patches.heads/heads.patch ---- /dev/null 2017-07-08 09:18:33.906645246 -0400 -+++ ./patches.heads/heads.patch 2017-07-18 12:39:11.715840524 -0400 +diff --git ./patches.heads/heads.patch ./patches.heads/heads.patch +new file mode 100644 +index 0000000..bb17c3d +--- /dev/null ++++ ./patches.heads/heads.patch @@ -0,0 +1,68 @@ +diff --recursive -u ../xen-4.6.5-clean/xen/arch/x86/boot/head.S ./xen/arch/x86/boot/head.S +--- ../xen-4.6.5-clean/xen/arch/x86/boot/head.S 2017-03-07 11:19:05.000000000 -0500 @@ -135,3 +128,13 @@ index ede01b2..109ddfb 100644 + echo " Xen $(XEN_FULLVERSION)" | figlet -f tools/xen.flf > $@.tmp; \ + else \ + echo " Xen $(XEN_FULLVERSION)" > $@.tmp; \ +diff --git ./series.conf ./series.conf +index 49dc710..164a4dd 100644 +--- ./series.conf ++++ ./series.conf +@@ -112,3 +112,5 @@ patches.qubes/libxl-disable-forced-vkb-for-HVM.patch + patches.qubes/xenconsoled-enable-logging.patch + patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch + patches.qubes/xen-hotplug-qubesdb-update.patch ++ ++patches.heads/heads.patch diff --git a/patches/xen-4.8.2-2.patch b/patches/xen-4.8.2-9.patch similarity index 97% rename from patches/xen-4.8.2-2.patch rename to patches/xen-4.8.2-9.patch index dbd69d93..0aea7afc 100644 --- a/patches/xen-4.8.2-2.patch +++ b/patches/xen-4.8.2-9.patch @@ -115,10 +115,10 @@ index 0000000..d956f8a + else \ + echo " Xen $(XEN_FULLVERSION)" > $@.tmp; \ diff --git ./series.conf ./series.conf -index 18fd577..56174a9 100644 +index 98eab7a..f72e088 100644 --- ./series.conf +++ ./series.conf -@@ -68,6 +68,9 @@ patches.qubes/xenconsoled-enable-logging.patch +@@ -93,6 +93,9 @@ patches.qubes/xenconsoled-enable-logging.patch patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch patches.qubes/xen-hotplug-qubesdb-update.patch From 491fe083fa76a77bd733e39016d3d402b826b785 Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Sat, 2 Dec 2017 14:47:52 -0500 Subject: [PATCH 13/17] Update qubes xen version for QSB 36 For Qubes 3.2: version 4.6.6-35 For Qubes 4.0: version 4.8.2-11 --- modules/xen | 8 ++++---- ...{xen-4.6.6-34.patch => xen-4.6.6-35.patch} | 20 +++++++++---------- .../{xen-4.8.2-9.patch => xen-4.8.2-11.patch} | 4 ++-- 3 files changed, 16 insertions(+), 16 deletions(-) rename patches/{xen-4.6.6-34.patch => xen-4.6.6-35.patch} (97%) rename patches/{xen-4.8.2-9.patch => xen-4.8.2-11.patch} (97%) diff --git a/modules/xen b/modules/xen index 949ad456..1c35e935 100644 --- a/modules/xen +++ b/modules/xen @@ -2,12 +2,12 @@ modules-$(CONFIG_XEN) += xen ifeq "$(CONFIG_XEN_VERSION)" "4.8" xen_base_version := 4.8.2 - xen_version := $(xen_base_version)-9 - xen_hash := c8d2e7d155fd35a40f8da9aab646a18b073488b6dd92b3097d70e541d4f4741e + xen_version := $(xen_base_version)-11 + xen_hash := 417bd9585cf8c460812475023bdb80ee964a51205783922b673bed3226d6b91d else xen_base_version := 4.6.6 - xen_version := $(xen_base_version)-34 - xen_hash := b5cc725fc12e0885b5fb4e9f0af6516a3f3025cbe9b49ecdfa71c1c13c4ac55e + xen_version := $(xen_base_version)-35 + xen_hash := af1089c84c277d1d88d25b62184fa21518828e034b08dbb4b039a6c1f6676e55 endif # We extract the entire Xen tree, but only use the xen/xen hypervisor diff --git a/patches/xen-4.6.6-34.patch b/patches/xen-4.6.6-35.patch similarity index 97% rename from patches/xen-4.6.6-34.patch rename to patches/xen-4.6.6-35.patch index 1344b4dd..996ecc7f 100644 --- a/patches/xen-4.6.6-34.patch +++ b/patches/xen-4.6.6-35.patch @@ -54,6 +54,16 @@ index b1c8468..74a4c20 100755 +do + patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/$i +done +diff --git ./series.conf ./series.conf +index 80972b7..1466c44 100644 +--- ./series.conf ++++ ./series.conf +@@ -115,3 +115,5 @@ patches.qubes/libxl-disable-forced-vkb-for-HVM.patch + patches.qubes/xenconsoled-enable-logging.patch + patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch + patches.qubes/xen-hotplug-qubesdb-update.patch ++ ++patches.heads/heads.patch diff --git ./patches.heads/heads.patch ./patches.heads/heads.patch new file mode 100644 index 0000000..bb17c3d @@ -128,13 +138,3 @@ index 0000000..bb17c3d + echo " Xen $(XEN_FULLVERSION)" | figlet -f tools/xen.flf > $@.tmp; \ + else \ + echo " Xen $(XEN_FULLVERSION)" > $@.tmp; \ -diff --git ./series.conf ./series.conf -index 49dc710..164a4dd 100644 ---- ./series.conf -+++ ./series.conf -@@ -112,3 +112,5 @@ patches.qubes/libxl-disable-forced-vkb-for-HVM.patch - patches.qubes/xenconsoled-enable-logging.patch - patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch - patches.qubes/xen-hotplug-qubesdb-update.patch -+ -+patches.heads/heads.patch diff --git a/patches/xen-4.8.2-9.patch b/patches/xen-4.8.2-11.patch similarity index 97% rename from patches/xen-4.8.2-9.patch rename to patches/xen-4.8.2-11.patch index 0aea7afc..2067699d 100644 --- a/patches/xen-4.8.2-9.patch +++ b/patches/xen-4.8.2-11.patch @@ -115,10 +115,10 @@ index 0000000..d956f8a + else \ + echo " Xen $(XEN_FULLVERSION)" > $@.tmp; \ diff --git ./series.conf ./series.conf -index 98eab7a..f72e088 100644 +index 750ec6c..0706300 100644 --- ./series.conf +++ ./series.conf -@@ -93,6 +93,9 @@ patches.qubes/xenconsoled-enable-logging.patch +@@ -97,6 +97,9 @@ patches.qubes/xenconsoled-enable-logging.patch patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch patches.qubes/xen-hotplug-qubesdb-update.patch From 5f9567c3907696a81d7115bf0c915307155e0faf Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Sat, 2 Dec 2017 15:14:42 -0500 Subject: [PATCH 14/17] Fix coreboot GCC7 build issue This is fixed in coreboot master but backporting for Heads. Closes #241 --- patches/coreboot-4.6.patch | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/patches/coreboot-4.6.patch b/patches/coreboot-4.6.patch index 5e2824ca..ae6968c8 100644 --- a/patches/coreboot-4.6.patch +++ b/patches/coreboot-4.6.patch @@ -475,3 +475,16 @@ index 738e285..c7c0c62 100644 + } +} + +diff --git ./util/cbfstool/lz4/lib/lz4frame.c ./util/cbfstool/lz4/lib/lz4frame.c +index e5458bb..58fb68f 100644 +--- ./util/cbfstool/lz4/lib/lz4frame.c ++++ ./util/cbfstool/lz4/lib/lz4frame.c +@@ -1091,7 +1091,7 @@ size_t LZ4F_decompress(LZ4F_decompressionContext_t decompressionContext, + dctxPtr->tmpInTarget = minFHSize; /* minimum to attempt decode */ + dctxPtr->dStage = dstage_storeHeader; + } +- ++ /* Falls through. */ + case dstage_storeHeader: + { + size_t sizeToCopy = dctxPtr->tmpInTarget - dctxPtr->tmpInSize; From 6898b84b28298bfbe325dc941319545d259cedc5 Mon Sep 17 00:00:00 2001 From: Francis Lam Date: Tue, 2 Jan 2018 08:53:23 -0800 Subject: [PATCH 15/17] Use HTTPS URL for flashrom --- modules/flashrom | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/flashrom b/modules/flashrom index ec9491ba..e6dd9f7f 100644 --- a/modules/flashrom +++ b/modules/flashrom @@ -8,7 +8,7 @@ flashrom_depends := pciutils $(musl_dep) flashrom_version := 0.9.9 flashrom_dir := flashrom-$(flashrom_version) flashrom_tar := flashrom-$(flashrom_version).tar.bz2 -flashrom_url := http://download.flashrom.org/releases/$(flashrom_tar) +flashrom_url := https://download.flashrom.org/releases/$(flashrom_tar) flashrom_hash := cb3156b0f63eb192024b76c0814135930297aac41f80761a5d293de769783c45 flashrom_target := \ From 5daeb025f2b823d2e41e2907e09eb1f9079b3cd1 Mon Sep 17 00:00:00 2001 From: Trammell hudson Date: Sat, 20 Jan 2018 13:28:02 -0500 Subject: [PATCH 16/17] fix path for MPC (issue #299) --- patches/musl-cross.patch | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/patches/musl-cross.patch b/patches/musl-cross.patch index 940a7fb3..1ffa84e5 100644 --- a/patches/musl-cross.patch +++ b/patches/musl-cross.patch @@ -1,5 +1,5 @@ diff --git a/config.sh b/config.sh -index 4e321c9..336c65b 100644 +index 4e321c9..6d9ea32 100644 --- a/config.sh +++ b/config.sh @@ -1,13 +1,15 @@ @@ -32,3 +32,30 @@ index 4e321c9..336c65b 100644 + +# Build GMP, MPFR and MPC +GCC_BUILTIN_PREREQS=yes +diff --git a/defs.sh b/defs.sh +index f76a2ac..9184123 100644 +--- a/defs.sh ++++ b/defs.sh +@@ -221,19 +221,19 @@ muslfetchextract() { + gccprereqs() { + if [ ! -e gcc-$GCC_VERSION/gmp ] + then +- fetchextract http://gmplib.org/download/gmp/ gmp-$GMP_VERSION .tar.bz2 ++ fetchextract https://gmplib.org/download/gmp/ gmp-$GMP_VERSION .tar.bz2 + mv gmp-$GMP_VERSION gcc-$GCC_VERSION/gmp + fi + + if [ ! -e gcc-$GCC_VERSION/mpfr ] + then +- fetchextract http://ftp.gnu.org/gnu/mpfr/ mpfr-$MPFR_VERSION .tar.bz2 ++ fetchextract https://ftp.gnu.org/gnu/mpfr/ mpfr-$MPFR_VERSION .tar.bz2 + mv mpfr-$MPFR_VERSION gcc-$GCC_VERSION/mpfr + fi + + if [ ! -e gcc-$GCC_VERSION/mpc ] + then +- fetchextract http://www.multiprecision.org/mpc/download/ mpc-$MPC_VERSION .tar.gz ++ fetchextract https://ftp.gnu.org/gnu/mpc/ mpc-$MPC_VERSION .tar.gz + mv mpc-$MPC_VERSION gcc-$GCC_VERSION/mpc + fi + } From 4310bd4743f98b8a2c966e9bce4ab0fd1dc1d0ab Mon Sep 17 00:00:00 2001 From: Trammell hudson Date: Sat, 20 Jan 2018 16:56:53 -0500 Subject: [PATCH 17/17] force cross_compile=yes for gnupg (issue #299) --- patches/gpg-1.4.21.patch | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/patches/gpg-1.4.21.patch b/patches/gpg-1.4.21.patch index b8946872..37e2fdd3 100644 --- a/patches/gpg-1.4.21.patch +++ b/patches/gpg-1.4.21.patch @@ -1,6 +1,15 @@ -diff -u --recursive ../clean/gnupg-1.4.21/configure gnupg-1.4.21/configure ---- ../clean/gnupg-1.4.21/configure 2016-08-17 09:20:25.000000000 -0400 -+++ gnupg-1.4.21/configure 2017-04-05 17:59:31.785284325 -0400 +diff -u --recursive /home/hudson/build/clean/gnupg-1.4.21/configure gnupg-1.4.21/configure +--- /home/hudson/build/clean/gnupg-1.4.21/configure 2016-08-17 09:20:25.000000000 -0400 ++++ gnupg-1.4.21/configure 2018-01-20 16:55:14.502067084 -0500 +@@ -572,7 +572,7 @@ + ac_clean_files= + ac_config_libobj_dir=. + LIBOBJS= +-cross_compiling=no ++cross_compiling=yes + subdirs= + MFLAGS= + MAKEFLAGS= @@ -17100,7 +17100,7 @@ _libusb_try_libs=`$LIBS $_usb_config --libs` _libusb_try_cflags=`$LIBS $_usb_config --cflags` @@ -18,9 +27,9 @@ diff -u --recursive ../clean/gnupg-1.4.21/configure gnupg-1.4.21/configure #include int main () -diff -u --recursive ../clean/gnupg-1.4.21/util/ttyio.c gnupg-1.4.21/util/ttyio.c ---- ../clean/gnupg-1.4.21/util/ttyio.c 2016-04-22 03:30:18.000000000 -0400 -+++ gnupg-1.4.21/util/ttyio.c 2017-04-05 18:33:05.000125354 -0400 +diff -u --recursive /home/hudson/build/clean/gnupg-1.4.21/util/ttyio.c gnupg-1.4.21/util/ttyio.c +--- /home/hudson/build/clean/gnupg-1.4.21/util/ttyio.c 2016-04-22 03:30:18.000000000 -0400 ++++ gnupg-1.4.21/util/ttyio.c 2018-01-20 13:44:46.186273642 -0500 @@ -183,7 +183,8 @@ #elif defined(__EMX__) ttyfp = stdout; /* Fixme: replace by the real functions: see wklib */