From 61ac2d9960b9f7541138ee53803dcc8042429a8c Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 3 Nov 2024 09:10:54 -0500 Subject: [PATCH 01/27] flake.nix: make sure git dubitious permission error vanishes with docker image using /root .gitconfig considering all dirs as safe dir Signed-off-by: Thierry Laurion --- flake.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 3ae2de90..bee186b0 100644 --- a/flake.nix +++ b/flake.nix @@ -139,15 +139,17 @@ -e ACLOCAL_PATH \ ${self.devShell.${system}} >/devenv.sh - # Git configuration for safe directory access. - printf '[safe]\n\tdirectory = *\n' >/.gitconfig mkdir /tmp; # Temporary directory for various operations. + chmod 1777 /tmp # Ensure /etc/passwd and /etc/group exist with root entries echo "root:x:0:0:root:/root:/bin/bash" > /etc/passwd echo "root:x:0:" > /etc/group mkdir -p /root chmod 700 /root + + # Git configuration for safe directory access. + echo -e '[safe]\n\tdirectory = *\n' > /root/.gitconfig ''; }; }); From 9f735e2238073955384a244ac9d1d484bd38f9c2 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 3 Nov 2024 09:13:12 -0500 Subject: [PATCH 02/27] Bump nix develop based docker image to tlaurion/heads-dev-env:v0.2.4 Signed-off-by: Thierry Laurion --- .circleci/config.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 26917a2d..2214f1e0 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -45,7 +45,7 @@ commands: jobs: prep_env: docker: - - image: tlaurion/heads-dev-env:v0.2.3 + - image: tlaurion/heads-dev-env:v0.2.4 resource_class: large working_directory: ~/heads steps: @@ -115,7 +115,7 @@ jobs: build_and_persist: docker: - - image: tlaurion/heads-dev-env:v0.2.3 + - image: tlaurion/heads-dev-env:v0.2.4 resource_class: large working_directory: ~/heads parameters: @@ -143,7 +143,7 @@ jobs: build: docker: - - image: tlaurion/heads-dev-env:v0.2.3 + - image: tlaurion/heads-dev-env:v0.2.4 resource_class: large working_directory: ~/heads parameters: @@ -164,7 +164,7 @@ jobs: save_cache: docker: - - image: tlaurion/heads-dev-env:v0.2.3 + - image: tlaurion/heads-dev-env:v0.2.4 resource_class: large working_directory: ~/heads steps: From a0c3d8ec5b8211e6f6cdfe5f8de3b10240382b45 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 3 Nov 2024 11:26:24 -0500 Subject: [PATCH 03/27] BUGFIX: targets/split_8mb4mb.mk Makefile: Make sure top/bottom/rom hash+size are always outputted in console+hashes.txt+sizes.txt Signed-off-by: Thierry Laurion --- Makefile | 7 +++++++ targets/split_8mb4mb.mk | 28 ++++++++++++++++++++-------- 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/Makefile b/Makefile index 1026785a..1cd4b457 100644 --- a/Makefile +++ b/Makefile @@ -245,7 +245,14 @@ $(board_build)/$(CB_UPDATE_PKG_FILE): $(board_build)/$(CB_OUTPUT_FILE) cd "$(board_build)/update_pkg" && sha256sum "$(CB_OUTPUT_FILE)" >sha256sum.txt cd "$(board_build)/update_pkg" && zip -9 "$@" "$(CB_OUTPUT_FILE)" sha256sum.txt +# Only add the hash and size if split_8mb4mb.mk is not included +ifeq ($(wildcard split_8mb4mb.mk),) all: $(board_build)/$(CB_OUTPUT_FILE) $(board_build)/$(CB_UPDATE_PKG_FILE) + @sha256sum $(board_build)/$(CB_OUTPUT_FILE) | tee -a "$(HASHES)" + @stat -c "%8s:%n" $(board_build)/$(CB_OUTPUT_FILE) | tee -a "$(SIZES)" +else +all: $(board_build)/$(CB_OUTPUT_FILE) $(board_build)/$(CB_UPDATE_PKG_FILE) +endif endif endif diff --git a/targets/split_8mb4mb.mk b/targets/split_8mb4mb.mk index 473c41bc..f6e8e7fa 100644 --- a/targets/split_8mb4mb.mk +++ b/targets/split_8mb4mb.mk @@ -7,12 +7,24 @@ # # When flashing via an external programmer it is easiest to have # two separate files for these pieces. -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +all: bottom top -all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom -$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) - $(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none) - @sha256sum $@ | tee -a "$(HASHES)" +bottom: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom + +$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) FORCE + @rm -f $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom + $(call do,DD 8MB,$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom,dd if=$< of=$@ bs=65536 count=128 skip=0 status=none) + @sha256sum $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom | tee -a "$(HASHES)" + @stat -c "%8s:%n" $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom | tee -a "$(SIZES)" + +top: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom + +$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) FORCE + @rm -f $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom + $(call do,DD 4MB,$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom,dd if=$< of=$@ bs=65536 count=64 skip=128 status=none) + @sha256sum $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom | tee -a "$(HASHES)" + @stat -c "%8s:%n" $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom | tee -a "$(SIZES)" + +FORCE: + +.PHONY: all bottom top FORCE From ade5ef12865f839c5fbc789cdf2b8859574f6c02 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 5 Nov 2024 15:24:11 -0500 Subject: [PATCH 04/27] modules/linux: Inconditional: pack USB keyboard optional support to all boards (linux_modules-y for usbhid.ko) Signed-off-by: Thierry Laurion --- modules/linux | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/linux b/modules/linux index b0f6cab2..8bde1234 100644 --- a/modules/linux +++ b/modules/linux @@ -79,6 +79,8 @@ $(INSTALL)/include/linux/limits.h: $(build)/$(linux_base_dir)/.canary KCONFIG_CONFIG="$(pwd)/$(linux_kconfig)" \ headers_install +# Inconditional: add USB keyboard support to all boards (linux_modules-y) +linux_modules-y += drivers/hid/usbhid/usbhid.ko # qemu linux_modules-$(CONFIG_LINUX_E1000) += drivers/net/ethernet/intel/e1000/e1000.ko @@ -122,9 +124,6 @@ linux_modules-$(CONFIG_LINUX_USB) += drivers/usb/host/xhci-hcd.ko linux_modules-$(CONFIG_LINUX_USB) += drivers/usb/host/xhci-pci.ko linux_modules-$(CONFIG_LINUX_USB) += drivers/usb/storage/usb-storage.ko -#USB modules when a USB keyboard is defined in board config -linux_modules-$(CONFIG_SUPPORT_USB_KEYBOARD) += drivers/hid/usbhid/usbhid.ko - #USB modules for Mobile USB Tethering (Most Android phones, Librem phone, etc) linux_modules-$(CONFIG_MOBILE_TETHERING) += drivers/net/mii.ko linux_modules-$(CONFIG_MOBILE_TETHERING) += drivers/net/usb/usbnet.ko From 6e0edcbce6f94e42e6b490f539bcdb5b67cb28d0 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 5 Nov 2024 15:26:26 -0500 Subject: [PATCH 05/27] initrd/bin/config-gui.sh: remove check for CONFIG_SUPPORT_USB_KEYBOARD since usbhid.ko packed for all boards. Menu now permits turning on keyboard from internal, non-usb keyboard or force support through CONFIG_USB_KEYBOARD_REQUIRED=y under board configs Signed-off-by: Thierry Laurion --- initrd/bin/config-gui.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index 7f8142e6..2580dc26 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -71,12 +71,10 @@ while true; do ) # Boards with built-in keyboards can support optional USB keyboards as well. - # Export CONFIG_SUPPORT_USB_KEYBOARD=y to enable optional support. - # Boards that do not have a built-in keyboard export + # Boards that do not have a built-in keyboard/internal keyboard is USB connected export # CONFIG_USB_KEYBOARD_REQUIRED=y; this hides the config option and ensures # USB keyboard support always loads. - [ "$CONFIG_SUPPORT_USB_KEYBOARD" = y ] && [ "$CONFIG_USB_KEYBOARD_REQUIRED" != y ] \ - && dynamic_config_options+=( + [ "$CONFIG_USB_KEYBOARD_REQUIRED" != y ] && dynamic_config_options+=( 'K' " $(get_config_display_action "$CONFIG_USER_USB_KEYBOARD") USB keyboard" ) From b36ed46c11933d03695addf6ec8c5907b4e5fed8 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 5 Nov 2024 15:27:40 -0500 Subject: [PATCH 06/27] boards/librems: remove CONFIG_SUPPORT_USB_KEYBOARD which is now offered by default if kernel config enable it as compiled as module Signed-off-by: Thierry Laurion --- boards/librem_13v2/librem_13v2.config | 1 - boards/librem_13v4/librem_13v4.config | 1 - boards/librem_14/librem_14.config | 1 - boards/librem_15v3/librem_15v3.config | 1 - boards/librem_15v4/librem_15v4.config | 1 - 5 files changed, 5 deletions(-) diff --git a/boards/librem_13v2/librem_13v2.config b/boards/librem_13v2/librem_13v2.config index 5accb0bc..c52f16ab 100644 --- a/boards/librem_13v2/librem_13v2.config +++ b/boards/librem_13v2/librem_13v2.config @@ -27,7 +27,6 @@ CONFIG_HOTPKEY=y CONFIG_LINUX_USB=y CONFIG_MOBILE_TETHERING=y -export CONFIG_SUPPORT_USB_KEYBOARD=y export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init diff --git a/boards/librem_13v4/librem_13v4.config b/boards/librem_13v4/librem_13v4.config index 0abeb61d..fcc51515 100644 --- a/boards/librem_13v4/librem_13v4.config +++ b/boards/librem_13v4/librem_13v4.config @@ -27,7 +27,6 @@ CONFIG_HOTPKEY=y CONFIG_LINUX_USB=y CONFIG_MOBILE_TETHERING=y -export CONFIG_SUPPORT_USB_KEYBOARD=y export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init diff --git a/boards/librem_14/librem_14.config b/boards/librem_14/librem_14.config index 5c8b3d8e..6ac128a5 100644 --- a/boards/librem_14/librem_14.config +++ b/boards/librem_14/librem_14.config @@ -27,7 +27,6 @@ CONFIG_LINUX_USB=y CONFIG_MOBILE_TETHERING=y export CONFIG_TPM=y -export CONFIG_SUPPORT_USB_KEYBOARD=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n diff --git a/boards/librem_15v3/librem_15v3.config b/boards/librem_15v3/librem_15v3.config index cf541ef0..f21c3d67 100644 --- a/boards/librem_15v3/librem_15v3.config +++ b/boards/librem_15v3/librem_15v3.config @@ -27,7 +27,6 @@ CONFIG_HOTPKEY=y CONFIG_LINUX_USB=y CONFIG_MOBILE_TETHERING=y -export CONFIG_SUPPORT_USB_KEYBOARD=y export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init diff --git a/boards/librem_15v4/librem_15v4.config b/boards/librem_15v4/librem_15v4.config index 9deaea27..8b9ec201 100644 --- a/boards/librem_15v4/librem_15v4.config +++ b/boards/librem_15v4/librem_15v4.config @@ -28,7 +28,6 @@ CONFIG_HOTPKEY=y CONFIG_LINUX_USB=y CONFIG_MOBILE_TETHERING=y -export CONFIG_SUPPORT_USB_KEYBOARD=y export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init From 8fad71ec73e33c2c7840921413eb79747a2c96f4 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Wed, 6 Nov 2024 09:18:43 -0500 Subject: [PATCH 07/27] d16 boards: bump CONFIG_CRYPTSETUP=y to CONFIG_CRYPTSETUP2=y (were still using 1.7.3 which failed to build with newer muslc version bump) Signed-off-by: Thierry Laurion --- .../UNMAINTAINED_kgpe-d16_server-whiptail.config | 2 +- .../UNMAINTAINED_kgpe-d16_server.config | 2 +- .../UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config | 2 +- .../UNMAINTAINED_kgpe-d16_workstation.config | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config b/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config index cc998fd3..271affcd 100644 --- a/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config +++ b/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config @@ -24,7 +24,7 @@ export CONFIG_LINUX_VERSION=6.1.8 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_server-whiptail.config CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_server-whiptail.config -CONFIG_CRYPTSETUP=y +CONFIG_CRYPTSETUP2=y CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y diff --git a/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config b/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config index cd34fde4..be247d9f 100644 --- a/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config +++ b/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config @@ -22,7 +22,7 @@ export CONFIG_LINUX_VERSION=6.1.8 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_server.config CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_server.config -CONFIG_CRYPTSETUP=y +CONFIG_CRYPTSETUP2=y CONFIG_FLASHPROG=y #flashprog to support internal flashing of BMC CONFIG_FLASHPROG_AST1100=y diff --git a/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config b/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config index fcea9b85..a7555897 100644 --- a/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config +++ b/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config @@ -18,7 +18,7 @@ export CONFIG_LINUX_VERSION=6.1.8 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_workstation-usb_keyboard.config CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_workstation.config -CONFIG_CRYPTSETUP=y +CONFIG_CRYPTSETUP2=y CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y diff --git a/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config b/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config index 14623969..fe4b0a94 100644 --- a/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config +++ b/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config @@ -22,7 +22,7 @@ export CONFIG_LINUX_VERSION=6.1.8 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_workstation.config CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_workstation.config -CONFIG_CRYPTSETUP=y +CONFIG_CRYPTSETUP2=y CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y From 30da60917c6d082b28644f59e28893d7af4f0026 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Wed, 6 Nov 2024 08:03:42 -0500 Subject: [PATCH 08/27] musl-cross-make: rename musl-cross->musl-cross-make + bump version from ~0.9.9+->~0.9.10+ (musl 1.2.0 -> 1.2.5) Signed-off-by: Thierry Laurion --- .circleci/config.yml | 42 ++++++++++++------------- Makefile | 16 +++++----- modules/linux | 2 +- modules/{musl-cross => musl-cross-make} | 28 ++++++++--------- 4 files changed, 44 insertions(+), 44 deletions(-) rename modules/{musl-cross => musl-cross-make} (55%) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2214f1e0..2ce80704 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -65,11 +65,11 @@ jobs: - run: name: Creating coreboot (and associated patches) and musl-cross-make modules digest (musl-cross-make and coreboot cache digest) command: | - find .circleci/config.yml ./Makefile ./flake.lock ./modules/coreboot ./modules/musl-cross* ./patches/coreboot* -type f | sort -h | xargs sha256sum > ./tmpDir/coreboot_musl-cross.sha256sums + find .circleci/config.yml ./Makefile ./flake.lock ./modules/coreboot ./modules/musl-cross-make* ./patches/coreboot* -type f | sort -h | xargs sha256sum > ./tmpDir/coreboot_musl-cross-make.sha256sums - run: name: Creating musl-cross-make and musl-cross-make patches digest (musl-cross-make cache digest) command: | - find .circleci/config.yml ./Makefile ./flake.lock modules/musl-cross* -type f | sort -h | xargs sha256sum > ./tmpDir/musl-cross.sha256sums + find .circleci/config.yml ./Makefile ./flake.lock modules/musl-cross-make* -type f | sort -h | xargs sha256sum > ./tmpDir/musl-cross-make.sha256sums - restore_cache: # First matched/found key wins and following keys are not tried keys: @@ -79,10 +79,10 @@ jobs: - nix-docker-heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }} # Cache for coreboot module (and patches) and musl-cross-make digests (coreboot: triannual release) - - nix-docker-heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }} + - nix-docker-heads-coreboot-musl-cross-make-{{ checksum "./tmpDir/coreboot_musl-cross-make.sha256sums" }}{{ .Environment.CACHE_VERSION }} # Cache for musl-cross-make module digest (rarely modified). - - nix-docker-heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }} + - nix-docker-heads-musl-cross-make-{{ checksum "./tmpDir/musl-cross-make.sha256sums" }}{{ .Environment.CACHE_VERSION }} - run: name: Download and neuter xx20 ME (keep generated GBE and extracted IFD in tree) command: | @@ -171,26 +171,26 @@ jobs: - attach_workspace: at: ~/heads - save_cache: - # Generate cache for the same musl-cross module definition if hash is not previously existing + # Generate cache for the same musl-cross-make module definition if hash is not previously existing # CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names - key: nix-docker-heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }} + key: nix-docker-heads-musl-cross-make-{{ checksum "./tmpDir/musl-cross-make.sha256sums" }}{{ .Environment.CACHE_VERSION }} paths: - - build/ppc64/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1 - - build/x86/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1 + - build/ppc64/musl-cross-make-38e52db8358c043ae82b346a2e6e66bc86a53bc1 + - build/x86/musl-cross-make-38e52db8358c043ae82b346a2e6e66bc86a53bc1 - crossgcc - packages - save_cache: # Generate cache for the same coreboot and musl-cross-make modules definition if hash is not previously existing # CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names - key: nix-docker-heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }} + key: nix-docker-heads-coreboot-musl-cross-make-{{ checksum "./tmpDir/coreboot_musl-cross-make.sha256sums" }}{{ .Environment.CACHE_VERSION }} paths: - build/ppc64/coreboot-talos_2 - - build/ppc64/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1 + - build/ppc64/musl-cross-make-38e52db8358c043ae82b346a2e6e66bc86a53bc1 - build/x86/coreboot-4.11 - build/x86/coreboot-24.02.01 - build/x86/coreboot-dasharo - build/x86/coreboot-purism - - build/x86/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1 + - build/x86/musl-cross-make-38e52db8358c043ae82b346a2e6e66bc86a53bc1 - crossgcc - packages - save_cache: @@ -208,20 +208,20 @@ workflows: jobs: - prep_env - # This step builds musl-cross for x86 architecture, which will be used by subsequent x86 board builds + # This step builds musl-cross-make for x86 architecture, which will be used by subsequent x86 board builds - build_and_persist: - name: x86-musl-cross + name: x86-musl-cross-make target: x230-hotp-maximized - subcommand: "musl-cross" + subcommand: "musl-cross-make" requires: - prep_env - # This step builds musl-cross for ppc64 architecture, which will be used by subsequent ppc64 board builds + # This step builds musl-cross-make for ppc64 architecture, which will be used by subsequent ppc64 board builds - build_and_persist: - name: ppc64-musl-cross + name: ppc64-musl-cross-make arch: ppc64 target: talos-2 - subcommand: "musl-cross" + subcommand: "musl-cross-make" requires: - prep_env @@ -234,7 +234,7 @@ workflows: target: x230-hotp-maximized subcommand: "" requires: - - x86-musl-cross + - x86-musl-cross-make # coreboot purism - build_and_persist: @@ -254,7 +254,7 @@ workflows: target: nitropad-nv41 subcommand: "" requires: - - x86-musl-cross + - x86-musl-cross-make # coreboot talos_2 - build_and_persist: @@ -263,7 +263,7 @@ workflows: target: talos-2 subcommand: "" requires: - - ppc64-musl-cross + - ppc64-musl-cross-make # coreboot 4.11 - build_and_persist: @@ -271,7 +271,7 @@ workflows: target: librem_l1um subcommand: "" requires: - - x86-musl-cross + - x86-musl-cross-make # Cache one workspace per architecture # Make sure workspace caches are chainloaded and the last in chain for an arch is saved diff --git a/Makefile b/Makefile index 1cd4b457..ff814647 100644 --- a/Makefile +++ b/Makefile @@ -189,11 +189,11 @@ $(shell mkdir -p "$(initrd_lib_dir)" "$(initrd_bin_dir)" "$(initrd_data_dir)") SHELL := /usr/bin/env bash .SHELLFLAGS := -o pipefail -c -# Include the musl-cross module early so that $(CROSS) will +# Include the musl-cross-make module early so that $(CROSS) will # be defined prior to any other module. -include modules/musl-cross +include modules/musl-cross-make -musl_dep := musl-cross +musl_dep := musl-cross-make target := $(shell echo $(CROSS) | grep -Eoe '([^/]*?)-linux-musl') arch := $(subst -linux-musl, , $(target)) heads_cc := $(CROSS)gcc \ @@ -568,8 +568,8 @@ endef $(call map, define_module, $(modules-y)) -# hack to force musl-cross to be built before musl -#$(build)/$(musl_dir)/.configured: $(build)/$(musl-cross_dir)/../../crossgcc/x86_64-linux-musl/bin/x86_64-musl-linux-gcc +# hack to force musl-cross-make to be built before musl +#$(build)/$(musl_dir)/.configured: $(build)/$(musl-cross-make_dir)/../../crossgcc/x86_64-linux-musl/bin/x86_64-musl-linux-gcc # # Install a file into the initrd, if it changed from @@ -606,7 +606,7 @@ endef # Only some modules have binaries that we install # Shouldn't this be specified in the module file? -#bin_modules-$(CONFIG_MUSL) += musl-cross +#bin_modules-$(CONFIG_MUSL) += musl-cross-make bin_modules-$(CONFIG_KEXEC) += kexec bin_modules-$(CONFIG_TPMTOTP) += tpmtotp bin_modules-$(CONFIG_PCIUTILS) += pciutils @@ -666,7 +666,7 @@ endif $(COREBOOT_UTIL_DIR)/cbmem/cbmem \ $(COREBOOT_UTIL_DIR)/superiotool/superiotool \ $(COREBOOT_UTIL_DIR)/inteltool/inteltool \ -: $(build)/$(coreboot_base_dir)/.canary musl-cross +: $(build)/$(coreboot_base_dir)/.canary musl-cross-make +$(call do,MAKE,$(notdir $@),\ $(MAKE) -C "$(dir $@)" $(CROSS_TOOLS) \ ) @@ -785,7 +785,7 @@ $(build)/$(initrd_dir)/tools.cpio: $(foreach d,$(bin_modules-y),$(build)/$($d_di # List of all modules, excluding the slow to-build modules -modules-slow := musl musl-cross kernel_headers +modules-slow := musl musl-cross-make kernel_headers module_dirs := $(foreach m,$(filter-out $(modules-slow),$(modules-y)),$($m_dir)) echo_modules: diff --git a/modules/linux b/modules/linux index 8bde1234..8f6ea3d7 100644 --- a/modules/linux +++ b/modules/linux @@ -159,7 +159,7 @@ linux_target := \ $(MAKE_JOBS) \ # We cross compile linux now -linux_depends := musl-cross +linux_depends := musl-cross-make # # Linux kernel module installation diff --git a/modules/musl-cross b/modules/musl-cross-make similarity index 55% rename from modules/musl-cross rename to modules/musl-cross-make index 9c601cc4..f10a159e 100644 --- a/modules/musl-cross +++ b/modules/musl-cross-make @@ -2,13 +2,13 @@ CONFIG_MUSL ?= y ifeq "$(MUSL_CROSS_ONCE)" "" MUSL_CROSS_ONCE := 1 -modules-$(CONFIG_MUSL) += musl-cross +modules-$(CONFIG_MUSL) += musl-cross-make -musl-cross_version := 38e52db8358c043ae82b346a2e6e66bc86a53bc1 -musl-cross_dir := musl-cross-$(musl-cross_version) -musl-cross_url := https://github.com/richfelker/musl-cross-make/archive/$(musl-cross_version).tar.gz -musl-cross_tar := musl-cross-$(musl-cross_version).tar.gz -musl-cross_hash := b4b85d6d3ddab0f2b8650a53e775673f8c346fa2fb07d652a9880bd206ade100 +musl-cross-make_version := fd6be58297ee21fcba89216ccd0d4aca1e3f1c5c +musl-cross-make_dir := musl-cross-make-$(musl-cross-make_version) +musl-cross-make_url := https://github.com/richfelker/musl-cross-make/archive/$(musl-cross-make_version).tar.gz +musl-cross-make_tar := musl-cross-make-$(musl-cross-make_version).tar.gz +musl-cross-make_hash := 15b8e0a287d738a46e069e90d67a8d96213b357b79aaf3e8cf0cd40e4b230d9e ifneq "$(CROSS)" "" @@ -20,42 +20,42 @@ else $(info Using $(CROSS)gcc) endif -# The cross compiler has already been built, so the musl-cross target +# The cross compiler has already been built, so the musl-cross-make target # is a NOP. We really don't need to check out this code tree, but it is easier # if we have a target for it. -musl-cross_target := --version +musl-cross-make_target := --version # Ask the compiler where to find its own libc.so -musl-cross_libraries := \ +musl-cross-make_libraries := \ $(shell $(CROSS)gcc --print-file-name=libc.so) \ else # Force a full build of the cross compiler for target platform # No need to build i386 for x86 since coreboot uses its own compiler -musl-cross_configure := \ +musl-cross-make_configure := \ echo -e >> Makefile 'musl-target:' ; \ echo -e >> Makefile '\t$$$$(MAKE) TARGET="$(MUSL_ARCH)-linux-musl" install' ; CROSS_PATH ?= $(pwd)/crossgcc/$(CONFIG_TARGET_ARCH) -musl-cross_target := \ +musl-cross-make_target := \ OUTPUT="$(CROSS_PATH)" \ MAKE="$(MAKE)" \ $(MAKE_JOBS) \ "musl-target" CROSS := $(CROSS_PATH)/bin/$(subst -,_,$(MUSL_ARCH))-linux-musl- -musl-cross_libraries := $(CROSS_PATH)/$(subst -,_,$(MUSL_ARCH))-linux-musl/lib/libc.so +musl-cross-make_libraries := $(CROSS_PATH)/$(subst -,_,$(MUSL_ARCH))-linux-musl/lib/libc.so endif -musl-cross_output := $(CROSS)gcc +musl-cross-make_output := $(CROSS)gcc ## Fake a target so that musl will force a header install by the ## Linux kernel sources. -$(build)/$(musl-cross_dir)/.build: $(INSTALL)/include/linux/limits.h +$(build)/$(musl-cross-make_dir)/.build: $(INSTALL)/include/linux/limits.h endif From 9e311b6e970b9737c3fd0757825fa1c3f38a886d Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Wed, 6 Nov 2024 12:12:56 -0500 Subject: [PATCH 09/27] patches/coreboot-talos_2: add ugly patch against skiboot-to fix CFLAGS against newer mulslc (Doesn't use coreboot buildstack, obviously) Signed-off-by: Thierry Laurion --- ...-patch_fix_for_newer_gcc_from_musl_125.patch | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 patches/coreboot-talos_2/0003-ugly_skiboot-patch_fix_for_newer_gcc_from_musl_125.patch diff --git a/patches/coreboot-talos_2/0003-ugly_skiboot-patch_fix_for_newer_gcc_from_musl_125.patch b/patches/coreboot-talos_2/0003-ugly_skiboot-patch_fix_for_newer_gcc_from_musl_125.patch new file mode 100644 index 00000000..97bb9cc6 --- /dev/null +++ b/patches/coreboot-talos_2/0003-ugly_skiboot-patch_fix_for_newer_gcc_from_musl_125.patch @@ -0,0 +1,17 @@ +diff --git a/payloads/external/skiboot/patches/0002-ugly_fix_for_newer_gcc_from_musl_125.patch b/payloads/external/skiboot/patches/0002-ugly_fix_for_newer_gcc_from_musl_125.patch +new file mode 100644 +index 0000000..5db9bca +--- /dev/null ++++ b/payloads/external/skiboot/patches/0002-ugly_fix_for_newer_gcc_from_musl_125.patch +@@ -0,0 +1,11 @@ ++--- Makefile.main.orig 2024-11-06 16:19:12.161240140 -0500 +++++ Makefile.main 2024-11-06 16:23:01.119252412 -0500 ++@@ -74,7 +74,7 @@ ++ CPPFLAGS += -DDEBUG -DCCAN_LIST_DEBUG ++ endif ++ ++-CFLAGS := -fno-strict-aliasing -pie -fpie -fno-pic -mbig-endian -m64 -fno-asynchronous-unwind-tables +++CFLAGS := -Wno-error=address-of-packed-member -Wno-error=format-overflow -fno-strict-aliasing -pie -fpie -fno-pic -mbig-endian -m64 -fno-asynchronous-unwind-tables ++ CFLAGS += -mcpu=power7 ++ CFLAGS += -Wl,--oformat,elf64-powerpc -ggdb ++ CFLAGS += $(call try-cflag,$(CC),-ffixed-r13) From 2a8cc11a46a31b95b243209936ea04676f16363f Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 7 Nov 2024 10:18:58 -0500 Subject: [PATCH 10/27] newt (whiptail): bump version 0.52.20 -> 0.52.24 (fixs random whiptail crash with newer muslc + parallel builds popt havent't changed. Signed-off-by: Thierry Laurion --- modules/newt | 5 ++--- patches/{newt-0.52.20.patch => newt-0.52.24.patch} | 0 2 files changed, 2 insertions(+), 3 deletions(-) rename patches/{newt-0.52.20.patch => newt-0.52.24.patch} (100%) diff --git a/modules/newt b/modules/newt index d9fb2c2d..2d8b2f26 100644 --- a/modules/newt +++ b/modules/newt @@ -2,16 +2,15 @@ modules-$(CONFIG_NEWT) += newt newt_depends := popt slang $(musl_dep) -newt_version := 0.52.20 +newt_version := 0.52.24 newt_dir := newt-$(newt_version) newt_tar := newt-$(newt_version).tar.gz newt_url := https://releases.pagure.org/newt/$(newt_tar) -newt_hash := 8d66ba6beffc3f786d4ccfee9d2b43d93484680ef8db9397a4fb70b5adbb6dbc +newt_hash := 5ded7e221f85f642521c49b1826c8de19845aa372baf5d630a51774b544fbdbb newt_target := \ #We remove Makefile passed number of jobs to only pass one job, otherwise fails to build #$(MAKE_JOBS) \ - -j1 \ $(CROSS_TOOLS) \ newt_output := \ diff --git a/patches/newt-0.52.20.patch b/patches/newt-0.52.24.patch similarity index 100% rename from patches/newt-0.52.20.patch rename to patches/newt-0.52.24.patch From d3ec7d7ba90feaea31d5b25dbef8a5a5be177176 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 8 Nov 2024 07:35:39 -0500 Subject: [PATCH 11/27] talos-2: fix buildsystem: make paths dynamic for this board so board name can change over time Signed-off-by: Thierry Laurion --- Makefile | 6 +++--- config/linux-talos-2.config | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index ff814647..e5334097 100644 --- a/Makefile +++ b/Makefile @@ -231,9 +231,9 @@ ifeq ($(CONFIG_COREBOOT), y) # Legacy flash boards don't generate an update package, the only purpose of # those boards is to be flashed over vendor firmware via an exploit. ifneq ($(CONFIG_LEGACY_FLASH), y) -# talos-2 builds its own update package, which is not integrated with the ZIP -# method currently -ifneq ($(BOARD), talos-2) +# Boards containing 'talos-2' build their own update package, which is not integrated with the ZIP method currently +ifneq ($(findstring talos-2, $(BOARD)),) +else # Coreboot targets create an update package that can be applied with integrity # verification before flashing (see flash-gui.sh). The ZIP package format # allows other metadata that might be needed to added in the future without diff --git a/config/linux-talos-2.config b/config/linux-talos-2.config index f42b657b..a4d82665 100644 --- a/config/linux-talos-2.config +++ b/config/linux-talos-2.config @@ -128,7 +128,7 @@ CONFIG_CC_HAS_INT128=y # CONFIG_SYSFS_DEPRECATED is not set CONFIG_RELAY=y CONFIG_BLK_DEV_INITRD=y -CONFIG_INITRAMFS_SOURCE="../../talos-2/initrd.cpio" +CONFIG_INITRAMFS_SOURCE="../@BOARD_BUILD_DIR@/initrd.cpio" CONFIG_INITRAMFS_ROOT_UID=0 CONFIG_INITRAMFS_ROOT_GID=0 # CONFIG_RD_GZIP is not set From a8ba6bafb79944e61c82f278bc57527c23066282 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 7 Nov 2024 13:25:13 -0500 Subject: [PATCH 12/27] talos-2: move(tag) board to untested: I won't have time any time soon to test nor report issues for this unknowingly used board prior of feature freeze planned for 2024-11-20 repro: helper used time docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=talos-2 board.move_tested_to_untested Signed-off-by: Thierry Laurion --- .circleci/config.yml | 8 ++++---- .../UNTESTED_talos-2.config} | 0 2 files changed, 4 insertions(+), 4 deletions(-) rename boards/{talos-2/talos-2.config => UNTESTED_talos-2/UNTESTED_talos-2.config} (100%) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2ce80704..f7a347d9 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -220,7 +220,7 @@ workflows: - build_and_persist: name: ppc64-musl-cross-make arch: ppc64 - target: talos-2 + target: UNTESTED_talos-2 subcommand: "musl-cross-make" requires: - prep_env @@ -258,9 +258,9 @@ workflows: # coreboot talos_2 - build_and_persist: - name: talos-2 + name: UNTESTED_talos-2 arch: ppc64 - target: talos-2 + target: UNTESTED_talos-2 subcommand: "" requires: - ppc64-musl-cross-make @@ -277,7 +277,7 @@ workflows: # Make sure workspace caches are chainloaded and the last in chain for an arch is saved - save_cache: requires: - - talos-2 + - UNTESTED_talos-2 - librem_14 # Those onboarding new boards should add their entries below. diff --git a/boards/talos-2/talos-2.config b/boards/UNTESTED_talos-2/UNTESTED_talos-2.config similarity index 100% rename from boards/talos-2/talos-2.config rename to boards/UNTESTED_talos-2/UNTESTED_talos-2.config From 068c977e73440e946791ad0c9822bbb92d00ef92 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 11 Nov 2024 19:37:31 -0500 Subject: [PATCH 13/27] boards/qemu*: add "prod" variants, not built by CircleCI as of now, to test Heads prod console output Signed-off-by: Thierry Laurion --- ...-coreboot-fbwhiptail-tpm1-hotp-prod.config | 97 +++++++++++++++++++ .../qemu-coreboot-fbwhiptail-tpm1-prod.config | 95 ++++++++++++++++++ ...-coreboot-fbwhiptail-tpm2-hotp-prod.config | 96 ++++++++++++++++++ .../qemu-coreboot-fbwhiptail-tpm2-prod.config | 95 ++++++++++++++++++ ...mu-coreboot-whiptail-tpm1-hotp-prod.config | 97 +++++++++++++++++++ .../qemu-coreboot-whiptail-tpm1-prod.config | 95 ++++++++++++++++++ ...mu-coreboot-whiptail-tpm2-hotp-prod.config | 96 ++++++++++++++++++ .../qemu-coreboot-whiptail-tpm2-prod.config | 95 ++++++++++++++++++ 8 files changed, 766 insertions(+) create mode 100644 boards/qemu-coreboot-fbwhiptail-tpm1-hotp-prod/qemu-coreboot-fbwhiptail-tpm1-hotp-prod.config create mode 100644 boards/qemu-coreboot-fbwhiptail-tpm1-prod/qemu-coreboot-fbwhiptail-tpm1-prod.config create mode 100644 boards/qemu-coreboot-fbwhiptail-tpm2-hotp-prod/qemu-coreboot-fbwhiptail-tpm2-hotp-prod.config create mode 100644 boards/qemu-coreboot-fbwhiptail-tpm2-prod/qemu-coreboot-fbwhiptail-tpm2-prod.config create mode 100644 boards/qemu-coreboot-whiptail-tpm1-hotp-prod/qemu-coreboot-whiptail-tpm1-hotp-prod.config create mode 100644 boards/qemu-coreboot-whiptail-tpm1-prod/qemu-coreboot-whiptail-tpm1-prod.config create mode 100644 boards/qemu-coreboot-whiptail-tpm2-hotp-prod/qemu-coreboot-whiptail-tpm2-hotp-prod.config create mode 100644 boards/qemu-coreboot-whiptail-tpm2-prod/qemu-coreboot-whiptail-tpm2-prod.config diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp-prod/qemu-coreboot-fbwhiptail-tpm1-hotp-prod.config b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp-prod/qemu-coreboot-fbwhiptail-tpm1-hotp-prod.config new file mode 100644 index 00000000..d31ba5f3 --- /dev/null +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp-prod/qemu-coreboot-fbwhiptail-tpm1-hotp-prod.config @@ -0,0 +1,97 @@ +# Configuration for building a coreboot ROM that works in +# the qemu emulator in console mode thanks to Whiptail +# +# TPM can be used with a qemu software TPM (TIS, 1.2). A Librem Key or +# Nitrokey Pro can also be used by forwarding the USB device from the host to +# the VM. +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=24.02.01 +export CONFIG_LINUX_VERSION=6.1.8 + +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + +#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) +#export CONFIG_RESTRICTED_BOOT=y +#export CONFIG_BASIC=y + +#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing)) +#export CONFIG_HAVE_GPG_KEY_BACKUP=y + +#Enable DEBUG output +#export CONFIG_DEBUG_OUTPUT=y +#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y +#Runtime on-demand additional hardware support (modules.cpio) +export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y + + + +#Modules packed into tools.cpio +ifeq "$(CONFIG_UROOT)" "y" +CONFIG_BUSYBOX=n +else +#Modules packed into tools.cpio +CONFIG_CRYPTSETUP2=y +CONFIG_FLASHPROG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +#Runtime tools to write to MSR +#CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +#CONFIG_TPM2_TSS=y +#CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +CONFIG_HOTPKEY=y +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#Console based Whiptail support(Console based, no FB): +#CONFIG_SLANG=y +#CONFIG_NEWT=y +#FBWhiptail based (Graphical): +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y +endif + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +#export CONFIG_TPM2_TOOLS=y +#export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +#text-based original init: +#export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" +export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" +export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" +export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1-hotp" +#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal" +export CONFIG_AUTO_BOOT_TIMEOUT=5 + +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-prod/qemu-coreboot-fbwhiptail-tpm1-prod.config b/boards/qemu-coreboot-fbwhiptail-tpm1-prod/qemu-coreboot-fbwhiptail-tpm1-prod.config new file mode 100644 index 00000000..ee978597 --- /dev/null +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-prod/qemu-coreboot-fbwhiptail-tpm1-prod.config @@ -0,0 +1,95 @@ +# Configuration for building a coreboot ROM that works in +# the qemu emulator in console mode thanks to Whiptail +# +# TPM can be used with a qemu software TPM (TIS, 1.2). +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=24.02.01 +export CONFIG_LINUX_VERSION=6.1.8 + +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + +#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) +#export CONFIG_RESTRICTED_BOOT=y +#export CONFIG_BASIC=y + +#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing)) +#export CONFIG_HAVE_GPG_KEY_BACKUP=y + +#Enable DEBUG output +#export CONFIG_DEBUG_OUTPUT=y +#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y +#Runtime on-demand additional hardware support (modules.cpio) +export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y + + + +#Modules packed into tools.cpio +ifeq "$(CONFIG_UROOT)" "y" +CONFIG_BUSYBOX=n +else +#Modules packed into tools.cpio +CONFIG_CRYPTSETUP2=y +CONFIG_FLASHPROG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +#Runtime tools to write to MSR +CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +#CONFIG_TPM2_TSS=y +#CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +#CONFIG_HOTPKEY=y +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#Console based Whiptail support(Console based, no FB): +#CONFIG_SLANG=y +#CONFIG_NEWT=y +#FBWhiptail based (Graphical): +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y +endif + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +#export CONFIG_TPM2_TOOLS=y +#export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +#text-based original init: +#export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" +export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" +export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" +export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1" +#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal" +#export CONFIG_AUTO_BOOT_TIMEOUT=5 + +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp-prod/qemu-coreboot-fbwhiptail-tpm2-hotp-prod.config b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp-prod/qemu-coreboot-fbwhiptail-tpm2-hotp-prod.config new file mode 100644 index 00000000..cb8626f2 --- /dev/null +++ b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp-prod/qemu-coreboot-fbwhiptail-tpm2-hotp-prod.config @@ -0,0 +1,96 @@ +# Configuration for building a coreboot ROM that works in +# the qemu emulator in graphical mode thanks to FBWhiptail +# This version requires a supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key) +# +# TPM can be used with a qemu software TPM (TIS, 2.0). +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=24.02.01 +export CONFIG_LINUX_VERSION=6.1.8 + +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + +#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) +#export CONFIG_RESTRICTED_BOOT=y +#export CONFIG_BASIC=y + +#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing)) +#export CONFIG_HAVE_GPG_KEY_BACKUP=y + +#Enable DEBUG output +#export CONFIG_DEBUG_OUTPUT=y +#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y +#Runtime on-demand additional hardware support (modules.cpio) +export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y + + + +#Modules packed into tools.cpio +ifeq "$(CONFIG_UROOT)" "y" +CONFIG_BUSYBOX=n +else +#Modules packed into tools.cpio +CONFIG_CRYPTSETUP2=y +CONFIG_FLASHPROG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +#Runtime tools to write to MSR +CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +CONFIG_HOTPKEY=y +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#Console based Whiptail support(Console based, no FB): +#CONFIG_SLANG=y +#CONFIG_NEWT=y +#FBWhiptail based (Graphical): +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y +endif + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +export CONFIG_TPM2_TOOLS=y +export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +#export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +#text-based original init: +#export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" +export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" +export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" +export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2-hotp" +#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal" +export CONFIG_AUTO_BOOT_TIMEOUT=5 + +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-prod/qemu-coreboot-fbwhiptail-tpm2-prod.config b/boards/qemu-coreboot-fbwhiptail-tpm2-prod/qemu-coreboot-fbwhiptail-tpm2-prod.config new file mode 100644 index 00000000..9368ada6 --- /dev/null +++ b/boards/qemu-coreboot-fbwhiptail-tpm2-prod/qemu-coreboot-fbwhiptail-tpm2-prod.config @@ -0,0 +1,95 @@ +# Configuration for building a coreboot ROM that works in +# the qemu emulator in graphical mode thanks to FBWhiptail +# +# TPM can be used with a qemu software TPM (TIS, 2.0). +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=24.02.01 +export CONFIG_LINUX_VERSION=6.1.8 + +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + +#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) +#export CONFIG_RESTRICTED_BOOT=y +#export CONFIG_BASIC=y + +#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing)) +#export CONFIG_HAVE_GPG_KEY_BACKUP=y + +#Enable DEBUG output +#export CONFIG_DEBUG_OUTPUT=y +#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y +#Runtime on-demand additional hardware support (modules.cpio) +export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y + + + +#Modules packed into tools.cpio +ifeq "$(CONFIG_UROOT)" "y" +CONFIG_BUSYBOX=n +else +#Modules packed into tools.cpio +CONFIG_CRYPTSETUP2=y +CONFIG_FLASHPROG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +#Runtime tools to write to MSR +CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +#CONFIG_HOTPKEY=y +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#Console based Whiptail support(Console based, no FB): +#CONFIG_SLANG=y +#CONFIG_NEWT=y +#FBWhiptail based (Graphical): +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y +endif + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +export CONFIG_TPM2_TOOLS=y +export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +#export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +#text-based original init: +#export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" +export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" +export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" +export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2" +#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal" +#export CONFIG_AUTO_BOOT_TIMEOUT=5 + +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp-prod/qemu-coreboot-whiptail-tpm1-hotp-prod.config b/boards/qemu-coreboot-whiptail-tpm1-hotp-prod/qemu-coreboot-whiptail-tpm1-hotp-prod.config new file mode 100644 index 00000000..ba886d90 --- /dev/null +++ b/boards/qemu-coreboot-whiptail-tpm1-hotp-prod/qemu-coreboot-whiptail-tpm1-hotp-prod.config @@ -0,0 +1,97 @@ +# Configuration for building a coreboot ROM that works in +# the qemu emulator in console mode thanks to Whiptail +# +# TPM can be used with a qemu software TPM (TIS, 1.2). A Librem Key or +# Nitrokey Pro can also be used by forwarding the USB device from the host to +# the VM. +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=24.02.01 +export CONFIG_LINUX_VERSION=6.1.8 + +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + +#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) +#export CONFIG_RESTRICTED_BOOT=y +#export CONFIG_BASIC=y + +#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing)) +#export CONFIG_HAVE_GPG_KEY_BACKUP=y + +#Enable DEBUG output +#export CONFIG_DEBUG_OUTPUT=y +#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y +#Runtime on-demand additional hardware support (modules.cpio) +export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y + + + +#Modules packed into tools.cpio +ifeq "$(CONFIG_UROOT)" "y" +CONFIG_BUSYBOX=n +else +#Modules packed into tools.cpio +CONFIG_CRYPTSETUP2=y +CONFIG_FLASHPROG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +#Runtime tools to write to MSR +CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +#CONFIG_TPM2_TSS=y +#CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +CONFIG_HOTPKEY=y +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#Console based Whiptail support(Console based, no FB): +CONFIG_SLANG=y +CONFIG_NEWT=y +#FBWhiptail based (Graphical): +#CONFIG_CAIRO=y +#CONFIG_FBWHIPTAIL=y +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y +endif + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +#export CONFIG_TPM2_TOOLS=y +#export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +#text-based original init: +#export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" +export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" +export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" +export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1-hotp" +#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal" +export CONFIG_AUTO_BOOT_TIMEOUT=5 + +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm1-prod/qemu-coreboot-whiptail-tpm1-prod.config b/boards/qemu-coreboot-whiptail-tpm1-prod/qemu-coreboot-whiptail-tpm1-prod.config new file mode 100644 index 00000000..20c99137 --- /dev/null +++ b/boards/qemu-coreboot-whiptail-tpm1-prod/qemu-coreboot-whiptail-tpm1-prod.config @@ -0,0 +1,95 @@ +# Configuration for building a coreboot ROM that works in +# the qemu emulator in console mode thanks to Whiptail +# +# TPM can be used with a qemu software TPM (TIS, 1.2). +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=24.02.01 +export CONFIG_LINUX_VERSION=6.1.8 + +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + +#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) +#export CONFIG_RESTRICTED_BOOT=y +#export CONFIG_BASIC=y + +#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing)) +#export CONFIG_HAVE_GPG_KEY_BACKUP=y + +#Enable DEBUG output +#export CONFIG_DEBUG_OUTPUT=y +#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y +#Runtime on-demand additional hardware support (modules.cpio) +export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y + + + +#Modules packed into tools.cpio +ifeq "$(CONFIG_UROOT)" "y" +CONFIG_BUSYBOX=n +else +#Modules packed into tools.cpio +CONFIG_CRYPTSETUP2=y +CONFIG_FLASHPROG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +#Runtime tools to write to MSR +CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +#CONFIG_TPM2_TSS=y +#CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +#CONFIG_HOTPKEY=y +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#Console based Whiptail support(Console based, no FB): +CONFIG_SLANG=y +CONFIG_NEWT=y +#FBWhiptail based (Graphical): +#CONFIG_CAIRO=y +#CONFIG_FBWHIPTAIL=y +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y +endif + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +#export CONFIG_TPM2_TOOLS=y +#export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +#text-based original init: +#export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" +export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" +export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" +export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1" +#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal" +#export CONFIG_AUTO_BOOT_TIMEOUT=5 + +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm2-hotp-prod/qemu-coreboot-whiptail-tpm2-hotp-prod.config b/boards/qemu-coreboot-whiptail-tpm2-hotp-prod/qemu-coreboot-whiptail-tpm2-hotp-prod.config new file mode 100644 index 00000000..e1858e25 --- /dev/null +++ b/boards/qemu-coreboot-whiptail-tpm2-hotp-prod/qemu-coreboot-whiptail-tpm2-hotp-prod.config @@ -0,0 +1,96 @@ +# Configuration for building a coreboot ROM that works in +# the qemu emulator in console mode thanks to Whiptail +# This version requires a supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key) +# +# TPM can be used with a qemu software TPM (TIS, 2.0). +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=24.02.01 +export CONFIG_LINUX_VERSION=6.1.8 + +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + +#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) +#export CONFIG_RESTRICTED_BOOT=y +#export CONFIG_BASIC=y + +#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing)) +#export CONFIG_HAVE_GPG_KEY_BACKUP=y + +#Enable DEBUG output +#export CONFIG_DEBUG_OUTPUT=y +#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y +#Runtime on-demand additional hardware support (modules.cpio) +export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y + + + +#Modules packed into tools.cpio +ifeq "$(CONFIG_UROOT)" "y" +CONFIG_BUSYBOX=n +else +#Modules packed into tools.cpio +CONFIG_CRYPTSETUP2=y +CONFIG_FLASHPROG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +#Runtime tools to write to MSR +#CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +CONFIG_HOTPKEY=y +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#Console based Whiptail support(Console based, no FB): +CONFIG_SLANG=y +CONFIG_NEWT=y +#FBWhiptail based (Graphical): +#CONFIG_CAIRO=y +#CONFIG_FBWHIPTAIL=y +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y +endif + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +export CONFIG_TPM2_TOOLS=y +export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +#export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +#text-based original init: +#export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" +export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" +export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" +export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2-hotp" +#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal" +export CONFIG_AUTO_BOOT_TIMEOUT=5 + +BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm2-prod/qemu-coreboot-whiptail-tpm2-prod.config b/boards/qemu-coreboot-whiptail-tpm2-prod/qemu-coreboot-whiptail-tpm2-prod.config new file mode 100644 index 00000000..cef49da5 --- /dev/null +++ b/boards/qemu-coreboot-whiptail-tpm2-prod/qemu-coreboot-whiptail-tpm2-prod.config @@ -0,0 +1,95 @@ +# Configuration for building a coreboot ROM that works in +# the qemu emulator in console mode thanks to Whiptail +# +# TPM can be used with a qemu software TPM (TIS, 2.0). +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=24.02.01 +export CONFIG_LINUX_VERSION=6.1.8 + +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + +#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) +#export CONFIG_RESTRICTED_BOOT=y +#export CONFIG_BASIC=y + +#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing)) +#export CONFIG_HAVE_GPG_KEY_BACKUP=y + +#Enable DEBUG output +#export CONFIG_DEBUG_OUTPUT=y +#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y +#Runtime on-demand additional hardware support (modules.cpio) +export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y + + + +#Modules packed into tools.cpio +ifeq "$(CONFIG_UROOT)" "y" +CONFIG_BUSYBOX=n +else +#Modules packed into tools.cpio +CONFIG_CRYPTSETUP2=y +CONFIG_FLASHPROG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +#Runtime tools to write to MSR +#CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +#CONFIG_HOTPKEY=y +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#Console based Whiptail support(Console based, no FB): +CONFIG_SLANG=y +CONFIG_NEWT=y +#FBWhiptail based (Graphical): +#CONFIG_CAIRO=y +#CONFIG_FBWHIPTAIL=y +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y +endif + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +export CONFIG_TPM2_TOOLS=y +export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +#export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +#text-based original init: +#export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" +export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" +export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" +export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2" +#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal" +#export CONFIG_AUTO_BOOT_TIMEOUT=5 + +BOARD_TARGETS := qemu From 9fccfb46270a71f0dc561c2f1c7c04e88df9d59a Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Wed, 11 Sep 2024 12:44:10 -0400 Subject: [PATCH 14/27] Change board name from nitropad-nv41 -> novacustom_nv4x_adl - Move/rename board config - Rename coreboot config - Applies changes to coreboot config from defconfig+dasharo coreboot fork config + fixes - Rename CircleCI board for rom build ----- Repro: First: change some oldconfig defaults from dasharo coreboot fork git checkout -b move_nitropad-nv41_to_novacustom-v41 mv boards/nitropad-nv41 boards/novacustom_nv4x_adl mv boards/novacustom_nv4x_adl/nitropad-nv41.config boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config vim boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config vim config/coreboot-nitropad-nv41.config mv config/coreboot-nitropad-nv41.config config/coreboot-novacustom_nv4x_adl.config vim boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=novacustom_nv4x_adl coreboot.modify_and_save_oldconfig_in_place cd /home/user/heads/build/x86/coreboot-dasharo sudo make menuconfig cd ~/heads sudo meld /home/user/heads/build/x86/coreboot-dasharo/.config config/coreboot-novacustom_nv4x_adl.config git status git add boards/nitropad-nv41/nitropad-nv41.config config/coreboot-nitropad-nv41.config config/coreboot-novacustom_nv4x_adl.config config/coreboot-novacustom_nv4x_adl.config git add boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config sed -i 's/nitropad-nv41/novacustom_nv4x_adl/g' .circleci/config.yml git add .circleci/config.yml git commit --sigoff -m git push tlaurion-github --force ... (and multiple 'git commit --signoff --amend' to add traces below) ---- Relevant changes from nitropad-nv41 coreboot configs: diff --git a/config/coreboot-nitropad-nv41.config b/config/coreboot-novacustom_nv4x_adl.config index 9484aaf512..235f255a31 100644 --- a/config/coreboot-nitropad-nv41.config +++ b/config/coreboot-novacustom_nv4x_adl.config @@ -111,7 +111,7 @@ CONFIG_VENDOR_NOVACUSTOM=y # CONFIG_VENDOR_UP is not set CONFIG_MAINBOARD_FAMILY="Not Applicable" CONFIG_MAINBOARD_PART_NUMBER="nv40pz" -CONFIG_MAINBOARD_VERSION="v2.1" +CONFIG_MAINBOARD_VERSION="nv40pz" CONFIG_MAINBOARD_DIR="clevo/adl-p" CONFIG_DIMM_MAX=4 CONFIG_DIMM_SPD_SIZE=512 @@ -131,7 +131,7 @@ CONFIG_VBOOT_VBNV_OFFSET=0x28 CONFIG_VARIANT_DIR="nv40pz" CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb" # CONFIG_VGA_BIOS is not set -CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Nitrokey" +CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Notebook" CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/variants/$(VARIANT_DIR)/data.vbt" # CONFIG_DISABLE_HECI1_AT_PRE_BOOT is not set CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0x4000 @@ -140,7 +140,7 @@ CONFIG_CMOS_LAYOUT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.layout" CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0 CONFIG_BOARD_CLEVO_ADLP_COMMON=y CONFIG_BOARD_CLEVO_NV40PZ_BASE=y -CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="Nitropad NV41" +CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="NV4xPZ" CONFIG_CONSOLE_POST=y # CONFIG_USE_PM_ACPI_TIMER is not set CONFIG_TPM_PIRQ=0x27 When comparing against dasharo/coreboot fork coreboot config saved in oldconfig format, diffs: diff --git a/config/coreboot-novacustom_nv4x_adl.config b/config/coreboot-novacustom_nv4x_adl.config index 235f255a31..41bdd7889c 100644 --- a/config/coreboot-novacustom_nv4x_adl.config +++ b/config/coreboot-novacustom_nv4x_adl.config @@ -7,19 +7,19 @@ # General setup # CONFIG_COREBOOT_BUILD=y -CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION="v1.7.2" CONFIG_CBFS_PREFIX="fallback" CONFIG_COMPILER_GCC=y # CONFIG_COMPILER_LLVM_CLANG is not set CONFIG_ARCH_SUPPORTS_CLANG=y # CONFIG_ANY_TOOLCHAIN is not set -# CONFIG_CCACHE is not set +CONFIG_CCACHE=y # CONFIG_IWYU is not set # CONFIG_FMD_GENPARSER is not set # CONFIG_UTIL_GENPARSER is not set -# CONFIG_OPTION_BACKEND_NONE is not set -CONFIG_USE_OPTION_TABLE=y -# CONFIG_STATIC_OPTION_TABLE is not set +CONFIG_OPTION_BACKEND_NONE=y +# CONFIG_USE_OPTION_TABLE is not set +# CONFIG_USE_UEFI_VARIABLE_STORE is not set CONFIG_COMPRESS_RAMSTAGE_LZMA=y # CONFIG_COMPRESS_RAMSTAGE_LZ4 is not set CONFIG_INCLUDE_CONFIG_FILE=y @@ -35,12 +35,7 @@ CONFIG_HAVE_ASAN_IN_RAMSTAGE=y # CONFIG_NO_STAGE_CACHE is not set CONFIG_TSEG_STAGE_CACHE=y # CONFIG_UPDATE_IMAGE is not set -CONFIG_BOOTSPLASH_IMAGE=y -CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg" -CONFIG_BOOTSPLASH_CONVERT=y -CONFIG_BOOTSPLASH_CONVERT_QUALITY=90 -# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set -# CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set +# CONFIG_BOOTSPLASH_IMAGE is not set # CONFIG_FW_CONFIG is not set # @@ -111,14 +106,14 @@ CONFIG_VENDOR_NOVACUSTOM=y # CONFIG_VENDOR_UP is not set CONFIG_MAINBOARD_FAMILY="Not Applicable" CONFIG_MAINBOARD_PART_NUMBER="nv40pz" -CONFIG_MAINBOARD_VERSION="nv40pz" +CONFIG_MAINBOARD_VERSION="v2.1" CONFIG_MAINBOARD_DIR="clevo/adl-p" CONFIG_DIMM_MAX=4 CONFIG_DIMM_SPD_SIZE=512 -CONFIG_FMDFILE="" +CONFIG_FMDFILE="src/mainboard/$(CONFIG_MAINBOARD_DIR)/vboot-rwa.fmd" # CONFIG_NO_POST is not set CONFIG_MAINBOARD_VENDOR="Notebook" -CONFIG_CBFS_SIZE=0x1000000 +CONFIG_CBFS_SIZE=0xA00000 # CONFIG_CONSOLE_SERIAL is not set CONFIG_MAX_CPUS=24 CONFIG_ONBOARD_VGA_IS_PRIMARY=y @@ -126,8 +121,9 @@ CONFIG_ONBOARD_VGA_IS_PRIMARY=y # CONFIG_POST_IO is not set CONFIG_UART_FOR_CONSOLE=0 CONFIG_DEVICETREE="devicetree.cb" -# CONFIG_VBOOT is not set +CONFIG_VBOOT=y CONFIG_VBOOT_VBNV_OFFSET=0x28 +CONFIG_RO_REGION_ONLY="" CONFIG_VARIANT_DIR="nv40pz" CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb" # CONFIG_VGA_BIOS is not set @@ -143,10 +139,12 @@ CONFIG_BOARD_CLEVO_NV40PZ_BASE=y CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="NV4xPZ" CONFIG_CONSOLE_POST=y # CONFIG_USE_PM_ACPI_TIMER is not set -CONFIG_TPM_PIRQ=0x27 +CONFIG_VBOOT_SLOTS_RW_A=y +CONFIG_TPM_PIRQ=0x0 # CONFIG_SOC_INTEL_CSE_SEND_EOP_EARLY is not set CONFIG_VBOOT_FWID_VERSION="$(CONFIG_LOCALVERSION)" CONFIG_EC_SYSTEM76_EC_BAT_THRESHOLDS=y +CONFIG_PXE_ROM_ID="10ec,8168" CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xc0000000 CONFIG_ECAM_MMCONF_BUS_NUMBER=256 CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld" @@ -156,20 +154,28 @@ CONFIG_C_ENV_BOOTBLOCK_SIZE=0x40000 CONFIG_DCACHE_BSP_STACK_SIZE=0x80400 CONFIG_MAX_ACPI_TABLE_SIZE_KB=144 CONFIG_HAVE_INTEL_FIRMWARE=y +CONFIG_VBOOT_NO_BOARD_SUPPORT=y +CONFIG_RW_REGION_ONLY="" CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000 CONFIG_DRIVERS_INTEL_WIFI=y CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/novacustom/nv4x_adl/descriptor.bin" CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/novacustom/nv4x_adl/me.bin" -CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000 +# CONFIG_VBOOT_ALWAYS_ALLOW_UDC is not set +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x100000 +CONFIG_EDK2_BOOT_TIMEOUT=2 CONFIG_VBT_DATA_SIZE_KB=9 +CONFIG_VBOOT_FWID_MODEL="$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)" +CONFIG_VBOOT_STARTS_IN_BOOTBLOCK=y CONFIG_CARDBUS_PLUGIN_SUPPORT=y CONFIG_SPI_FLASH_DONT_INCLUDE_ALL_DRIVERS=y # CONFIG_USE_LEGACY_8254_TIMER is not set +CONFIG_GBB_HWID="" # CONFIG_DEBUG_SMI is not set CONFIG_HAVE_IFD_BIN=y CONFIG_PCIEXP_HOTPLUG_BUSES=42 CONFIG_PCIEXP_HOTPLUG_MEM=0xc200000 CONFIG_PCIEXP_HOTPLUG_PREFETCH_MEM=0x1c000000 +# CONFIG_VBOOT_SLOTS_RW_AB is not set CONFIG_PS2K_EISAID="PNP0303" CONFIG_PS2M_EISAID="PNP0F13" @@ -193,8 +199,8 @@ CONFIG_PCIEXP_CLK_PM=y CONFIG_PC_CMOS_BASE_PORT_BANK1=0x72 CONFIG_HEAP_SIZE=0x10000 CONFIG_EC_GPE_SCI=0x50 +CONFIG_EDK2_BOOTSPLASH_FILE="3rdparty/dasharo-blobs/novacustom/bootsplash.bmp" CONFIG_TPM_MEASURED_BOOT=y -CONFIG_LINUX_COMMAND_LINE="quiet loglevel=2" CONFIG_BOARD_ROMSIZE_KB_32768=y # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set @@ -399,7 +405,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_TCO=y CONFIG_SOC_INTEL_COMMON_BLOCK_TCO_ENABLE_THROUGH_SMBUS=y CONFIG_SOC_INTEL_COMMON_BLOCK_SMM=y CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_IO_TRAP=y -# CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE=y CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_S5_DELAY_MS=0 CONFIG_SOC_INTEL_COMMON_BLOCK_SPI=y CONFIG_SOC_INTEL_COMMON_BLOCK_SA=y @@ -417,7 +423,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_USB4_PCIE=y CONFIG_SOC_INTEL_COMMON_BLOCK_USB4_XHCI=y CONFIG_SOC_INTEL_ENABLE_USB4_PCIE_RESOURCES=y CONFIG_SOC_INTEL_COMMON_BLOCK_VTD=y -# CONFIG_ENABLE_EARLY_DMA_PROTECTION is not set +CONFIG_ENABLE_EARLY_DMA_PROTECTION=y CONFIG_SOC_INTEL_COMMON_BLOCK_XDCI=y CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI=y CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI_ELOG=y @@ -508,15 +514,15 @@ CONFIG_EC_SYSTEM76_EC_DGPU=y # # Intel Firmware # -CONFIG_IFDTOOL_DISABLE_ME=y +# CONFIG_IFDTOOL_DISABLE_ME is not set CONFIG_HAVE_ME_BIN=y # CONFIG_STITCH_ME_BIN is not set # CONFIG_ME_REGION_ALLOW_CPU_READ_ACCESS is not set CONFIG_HAVE_INTEL_ME_HAP=y # CONFIG_INTEL_ME_DISABLED_HECI is not set -CONFIG_INTEL_ME_DISABLED_HAP=y -# CONFIG_INTEL_ME_ENABLED is not set -CONFIG_INTEL_ME_DEFAULT_STATE=2 +# CONFIG_INTEL_ME_DISABLED_HAP is not set +CONFIG_INTEL_ME_ENABLED=y +CONFIG_INTEL_ME_DEFAULT_STATE=0 # CONFIG_DO_NOT_TOUCH_DESCRIPTOR_REGION is not set # CONFIG_LOCK_MANAGEMENT_ENGINE is not set CONFIG_UNLOCK_FLASH_REGIONS=y @@ -529,7 +535,7 @@ CONFIG_BIOS_VENDOR="3mdeb" # # Dasharo Configuration # -CONFIG_DASHARO_PREFER_S3_SLEEP=y +# CONFIG_DASHARO_PREFER_S3_SLEEP is not set # end of Dasharo Configuration CONFIG_UDK_BASE=y @@ -550,8 +556,6 @@ CONFIG_X86_CUSTOM_BOOTMEDIA=y CONFIG_PC80_SYSTEM=y CONFIG_HAVE_CMOS_DEFAULT=y CONFIG_POSTCAR_STAGE=y -CONFIG_BOOTBLOCK_SIMPLE=y -# CONFIG_BOOTBLOCK_NORMAL is not set CONFIG_COLLECT_TIMESTAMPS_TSC=y CONFIG_IDT_IN_EVERY_STAGE=y CONFIG_HAVE_CF9_RESET=y @@ -575,9 +579,10 @@ CONFIG_NO_EARLY_GFX_INIT=y # # Display # +CONFIG_WANT_LINEAR_FRAMEBUFFER=y CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y CONFIG_LINEAR_FRAMEBUFFER=y -CONFIG_BOOTSPLASH=y +# CONFIG_BOOTSPLASH is not set # end of Display CONFIG_PCI=y @@ -610,17 +615,21 @@ CONFIG_I2C_TRANSFER_TIMEOUT_US=500000 # Generic Drivers # CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 -# CONFIG_DRIVERS_EFI_VARIABLE_STORE is not set +CONFIG_DRIVERS_EFI_VARIABLE_STORE=y # CONFIG_ELOG is not set CONFIG_CACHE_MRC_SETTINGS=y CONFIG_MRC_SETTINGS_PROTECT=y -# CONFIG_SMMSTORE is not set +CONFIG_HAS_RECOVERY_MRC_CACHE=y +CONFIG_MRC_SAVE_HASH_IN_TPM=y +CONFIG_SMMSTORE=y +CONFIG_SMMSTORE_V2=y +CONFIG_SMMSTORE_SIZE=0x40000 CONFIG_SPI_FLASH=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y +CONFIG_SPI_FLASH_SMM=y # CONFIG_SPI_FLASH_NO_FAST_READ is not set -CONFIG_TPM_INIT_RAMSTAGE=y -# CONFIG_TPM_PPI is not set +CONFIG_TPM_PPI=y CONFIG_DRIVERS_UART=y CONFIG_NO_UART_ON_SUPERIO=y CONFIG_DRIVERS_UART_8250MEM=y @@ -669,7 +678,7 @@ CONFIG_DRIVERS_INTEL_PMC=y # CONFIG_DRIVERS_NXP_UWB_SR1XX is not set # CONFIG_DRIVERS_PS2_KEYBOARD is not set CONFIG_DRIVERS_MC146818=y -# CONFIG_USE_PC_CMOS_ALTCENTURY is not set +CONFIG_USE_PC_CMOS_ALTCENTURY=y CONFIG_PC_CMOS_BASE_PORT_BANK0=0x70 CONFIG_MEMORY_MAPPED_TPM=y CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 @@ -695,6 +704,50 @@ CONFIG_DRIVERS_INTEL_USB4_RETIMER=y # Verified Boot (vboot) # CONFIG_VBOOT_LIB=y +CONFIG_VBOOT_VBNV_CMOS=y +CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH=y +# CONFIG_VBOOT_MOCK_SECDATA is not set +CONFIG_VBOOT_MUST_REQUEST_DISPLAY=y +CONFIG_VBOOT_ALWAYS_ENABLE_DISPLAY=y +CONFIG_VBOOT_HAS_REC_HASH_SPACE=y +CONFIG_CBFS_MCACHE_RW_PERCENTAGE=50 +CONFIG_VBOOT_CLEAR_RECOVERY_EACH_BOOT=y +# CONFIG_VBOOT_EC_EFS is not set +CONFIG_VBOOT_X86_SHA256_ACCELERATION=y + +# +# GBB configuration +# +CONFIG_GBB_BMPFV_FILE="" +# CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY is not set +# CONFIG_GBB_FLAG_LOAD_OPTION_ROMS is not set +# CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS is not set +# CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON is not set +CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB=y +CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK=y +# CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM is not set +# CONFIG_GBB_FLAG_FORCE_DEV_BOOT_ALTFW is not set +# CONFIG_GBB_FLAG_RUNNING_FAFT is not set +CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC=y +# CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_ALTFW is not set +CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC=y +CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN=y +# CONFIG_GBB_FLAG_FORCE_MANUAL_RECOVERY is not set +CONFIG_GBB_FLAG_DISABLE_FWMP=y +# CONFIG_GBB_FLAG_ENABLE_UDC is not set +# end of GBB configuration + +# +# Vboot Keys +# +CONFIG_VBOOT_ROOT_KEY="$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk" +CONFIG_VBOOT_RECOVERY_KEY="$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk" +CONFIG_VBOOT_FIRMWARE_PRIVKEY="$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk" +CONFIG_VBOOT_KERNEL_KEY="$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk" +CONFIG_VBOOT_KEYBLOCK="$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock" +CONFIG_VBOOT_KEYBLOCK_VERSION=1 +CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS=0x0 +# end of Vboot Keys # end of Verified Boot (vboot) # @@ -730,10 +783,14 @@ CONFIG_INTEL_TXT_LIB=y # CONFIG_INTEL_TXT is not set # CONFIG_STM is not set # CONFIG_INTEL_CBNT_SUPPORT is not set -CONFIG_BOOTMEDIA_LOCK_NONE=y -# CONFIG_BOOTMEDIA_LOCK_CONTROLLER is not set +# CONFIG_BOOTMEDIA_LOCK_NONE is not set +CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y # CONFIG_BOOTMEDIA_LOCK_CHIP is not set -# CONFIG_BOOTMEDIA_SMM_BWP is not set +# CONFIG_BOOTMEDIA_LOCK_WHOLE_RO is not set +# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set +CONFIG_BOOTMEDIA_LOCK_WPRO_VBOOT_RO=y +CONFIG_BOOTMEDIA_LOCK_IN_VERSTAGE=y +CONFIG_BOOTMEDIA_SMM_BWP=y # end of Security CONFIG_ACPI_HAVE_PCAT_8259=y @@ -772,8 +829,8 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7=y # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7 -CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX=y -CONFIG_CONSOLE_USE_ANSI_ESCAPES=y +# CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX is not set +# CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set # CONFIG_CMOS_POST is not set CONFIG_HWBASE_DEBUG_CB=y # end of Console @@ -804,12 +861,89 @@ CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" # CONFIG_PAYLOAD_LINUXBOOT is not set # CONFIG_PAYLOAD_SEABIOS is not set # CONFIG_PAYLOAD_UBOOT is not set -# CONFIG_PAYLOAD_EDK2 is not set -CONFIG_PAYLOAD_LINUX=y -CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage" +CONFIG_PAYLOAD_EDK2=y +# CONFIG_PAYLOAD_LINUX is not set +CONFIG_PAYLOAD_FILE="novacustom_nv4x_adl/UEFIPAYLOAD.fd" CONFIG_PAYLOAD_OPTIONS="" -# CONFIG_PXE is not set -CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz" +CONFIG_EDK2_UEFIPAYLOAD=y +# CONFIG_EDK2_UNIVERSAL_PAYLOAD is not set +CONFIG_EDK2_REPO_MRCHROMEBOX=y +# CONFIG_EDK2_REPO_OFFICIAL is not set +# CONFIG_EDK2_REPO_CUSTOM is not set +CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" +CONFIG_EDK2_TAG_OR_REV="b7274c98697e972e772236caf830c0780ec498bd" +CONFIG_EDK2_USE_EDK2_PLATFORMS=y +CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" +CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" +# CONFIG_EDK2_DEBUG is not set +CONFIG_EDK2_RELEASE=y +# CONFIG_EDK2_BOOT_MANAGER_ESCAPE is not set +CONFIG_EDK2_CBMEM_LOGGING=y +CONFIG_EDK2_SYSTEM76_EC_LOGGING=y +CONFIG_EDK2_CPU_TIMER_LIB=y +CONFIG_EDK2_FOLLOW_BGRT_SPEC=y +CONFIG_EDK2_FULL_SCREEN_SETUP=y +CONFIG_EDK2_HAVE_EFI_SHELL=y +CONFIG_EDK2_PRIORITIZE_INTERNAL=y +CONFIG_EDK2_PS2_SUPPORT=y +CONFIG_EDK2_SKIP_PS2_DETECT=y +CONFIG_EDK2_SD_MMC_TIMEOUT=10 +CONFIG_EDK2_SERIAL_SUPPORT=y +CONFIG_EDK2_ENABLE_IPXE=y +CONFIG_EDK2_IPXE_OPTION_NAME="iPXE Network Boot" +CONFIG_EDK2_SECURE_BOOT=y +# CONFIG_EDK2_SECURE_BOOT_DEFAULT_ENABLE is not set +# CONFIG_EDK2_SATA_PASSWORD is not set +# CONFIG_EDK2_OPAL_PASSWORD is not set +CONFIG_EDK2_SETUP_PASSWORD=y +CONFIG_EDK2_PERFORMANCE_MEASUREMENT_ENABLE=y +CONFIG_EDK2_DASHARO_SYSTEM_FEATURES=y +CONFIG_EDK2_DASHARO_SECURITY_OPTIONS=y +CONFIG_EDK2_SHOW_CAMERA_OPTION=y +CONFIG_EDK2_SHOW_WIFI_BT_OPTION=y +CONFIG_EDK2_DASHARO_INTEL_ME_OPTIONS=y +CONFIG_EDK2_DASHARO_USB_CONFIG=y +CONFIG_EDK2_DASHARO_NETWORK_CONFIG=y +# CONFIG_EDK2_DASHARO_CHIPSET_CONFIG is not set +CONFIG_EDK2_DASHARO_POWER_CONFIG=y +CONFIG_EDK2_SLEEP_TYPE_OPTION=y +CONFIG_EDK2_FAN_CURVE_OPTION=y +CONFIG_EDK2_BATTERY_CONFIG_OPTION=y +# CONFIG_EDK2_DASHARO_PCI_CONFIG is not set +# CONFIG_EDK2_DASHARO_MEMORY_CONFIG is not set +# CONFIG_EDK2_DASHARO_NETWORK_BOOT_DEFAULT_ENABLE is not set +# CONFIG_EDK2_DASHARO_SERIAL_REDIRECTION_DEFAULT_ENABLE is not set +CONFIG_EDK2_BOOT_MENU_KEY=0x0011 +CONFIG_EDK2_SETUP_MENU_KEY=0x000C +CONFIG_EDK2_DISABLE_MTRR_PROGRAMMING=y +CONFIG_EDK2_ENABLE_BATTERY_CHECK=y +# CONFIG_EDK2_DISABLE_OPTION_ROMS is not set +CONFIG_EDK2_PRINT_SOL_STRINGS=y +# CONFIG_EDK2_RAM_DISK_ENABLE is not set +CONFIG_EDK2_CUSTOM_BUILD_PARAMS="-D VARIABLE_SUPPORT=SMMSTORE" +CONFIG_EDK2_LAN_ROM_DRIVER="" +# CONFIG_EDK2_CREATE_PREINSTALLED_BOOT_OPTIONS is not set +CONFIG_PXE=y + +# +# PXE Options +# +# CONFIG_PXE_ROM is not set +CONFIG_BUILD_IPXE=y +CONFIG_IPXE_STABLE=y +# CONFIG_IPXE_MASTER is not set +# CONFIG_PXE_SERIAL_CONSOLE is not set +# CONFIG_PXE_NO_PROMPT is not set +CONFIG_PXE_ADD_SCRIPT=y +CONFIG_PXE_SCRIPT="3rdparty/dasharo-blobs/dasharo/dasharo.ipxe" +CONFIG_PXE_HAS_HTTPS=y +CONFIG_PXE_CUSTOM_BUILD_ID="0123456789" +CONFIG_PXE_TRUST_CMD=y +# end of PXE Options + +# CONFIG_COMPRESSED_PAYLOAD_NONE is not set +CONFIG_COMPRESSED_PAYLOAD_LZMA=y +# CONFIG_COMPRESSED_PAYLOAD_LZ4 is not set CONFIG_COMPRESS_SECONDARY_PAYLOAD=y # Signed-off-by: Thierry Laurion --- .circleci/config.yml | 6 +++--- .../novacustom_nv4x_adl.config} | 4 ++-- ...opad-nv41.config => coreboot-novacustom_nv4x_adl.config} | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) rename boards/{nitropad-nv41/nitropad-nv41.config => novacustom_nv4x_adl/novacustom_nv4x_adl.config} (94%) rename config/{coreboot-nitropad-nv41.config => coreboot-novacustom_nv4x_adl.config} (99%) diff --git a/.circleci/config.yml b/.circleci/config.yml index f7a347d9..1ee70a4a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -250,8 +250,8 @@ workflows: # No need to wait further for other board's cache # We reuse built modules from x230-hotp-maximized cache only - build_and_persist: - name: nitropad-nv41 - target: nitropad-nv41 + name: novacustom_nv4x_adl + target: novacustom_nv4x_adl subcommand: "" requires: - x86-musl-cross-make @@ -516,7 +516,7 @@ workflows: target: nitropad-ns50 subcommand: "" requires: - - nitropad-nv41 + - novacustom_nv4x_adl # coreboot 4.11 - build: diff --git a/boards/nitropad-nv41/nitropad-nv41.config b/boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config similarity index 94% rename from boards/nitropad-nv41/nitropad-nv41.config rename to boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config index 54bc0d44..966cc4ed 100644 --- a/boards/nitropad-nv41/nitropad-nv41.config +++ b/boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config @@ -5,7 +5,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=dasharo export CONFIG_LINUX_VERSION=6.1.8 -CONFIG_COREBOOT_CONFIG=config/coreboot-nitropad-nv41.config +CONFIG_COREBOOT_CONFIG=config/coreboot-novacustom_nv4x_adl.config CONFIG_LINUX_CONFIG=config/linux-nitropad-x.config #Enable DEBUG output @@ -67,6 +67,6 @@ export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" -export CONFIG_BOARD_NAME="Nitropad NV41" +export CONFIG_BOARD_NAME="NovaCustom NV4x 12th" export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 diff --git a/config/coreboot-nitropad-nv41.config b/config/coreboot-novacustom_nv4x_adl.config similarity index 99% rename from config/coreboot-nitropad-nv41.config rename to config/coreboot-novacustom_nv4x_adl.config index 9484aaf5..235f255a 100644 --- a/config/coreboot-nitropad-nv41.config +++ b/config/coreboot-novacustom_nv4x_adl.config @@ -111,7 +111,7 @@ CONFIG_VENDOR_NOVACUSTOM=y # CONFIG_VENDOR_UP is not set CONFIG_MAINBOARD_FAMILY="Not Applicable" CONFIG_MAINBOARD_PART_NUMBER="nv40pz" -CONFIG_MAINBOARD_VERSION="v2.1" +CONFIG_MAINBOARD_VERSION="nv40pz" CONFIG_MAINBOARD_DIR="clevo/adl-p" CONFIG_DIMM_MAX=4 CONFIG_DIMM_SPD_SIZE=512 @@ -131,7 +131,7 @@ CONFIG_VBOOT_VBNV_OFFSET=0x28 CONFIG_VARIANT_DIR="nv40pz" CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb" # CONFIG_VGA_BIOS is not set -CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Nitrokey" +CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Notebook" CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/variants/$(VARIANT_DIR)/data.vbt" # CONFIG_DISABLE_HECI1_AT_PRE_BOOT is not set CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0x4000 @@ -140,7 +140,7 @@ CONFIG_CMOS_LAYOUT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.layout" CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0 CONFIG_BOARD_CLEVO_ADLP_COMMON=y CONFIG_BOARD_CLEVO_NV40PZ_BASE=y -CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="Nitropad NV41" +CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="NV4xPZ" CONFIG_CONSOLE_POST=y # CONFIG_USE_PM_ACPI_TIMER is not set CONFIG_TPM_PIRQ=0x27 From 15bf33007566b1534ff92736cd00f9d9d684603c Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 4 Nov 2024 15:01:23 -0500 Subject: [PATCH 15/27] boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config: 'CONFIG_BOARD_NAME=NovaCustom NV4x 12th Gen', nv40pz in title. Remove forgotten Nitrokey Nitropad NV41 reference Signed-off-by: Thierry Laurion --- boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config b/boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config index 966cc4ed..fa351396 100644 --- a/boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config +++ b/boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config @@ -1,4 +1,4 @@ -# Nitrokey Nitropad NV41 board configuration +# NovaCustom NV4x 12th Gen (nv40pz: Alder Lake) board configuration # Note: for reference, other GOP enabled FB board is librem_11 export CONFIG_COREBOOT=y @@ -67,6 +67,6 @@ export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" -export CONFIG_BOARD_NAME="NovaCustom NV4x 12th" +export CONFIG_BOARD_NAME="NovaCustom NV4x 12th Gen" export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 From 6746058d28b9b70b30b30e85d223f0a4d725f832 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 14 Nov 2024 08:47:02 -0500 Subject: [PATCH 16/27] config/coreboot-novacustom_nv4x_adl.config: set CONFIG_MAINBOARD_VERSION to v2.1 as per fork reference config TODO: config LOCALVERSION and SMBIOS strings... Signed-off-by: Thierry Laurion --- config/coreboot-novacustom_nv4x_adl.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/coreboot-novacustom_nv4x_adl.config b/config/coreboot-novacustom_nv4x_adl.config index 235f255a..933b04de 100644 --- a/config/coreboot-novacustom_nv4x_adl.config +++ b/config/coreboot-novacustom_nv4x_adl.config @@ -111,7 +111,7 @@ CONFIG_VENDOR_NOVACUSTOM=y # CONFIG_VENDOR_UP is not set CONFIG_MAINBOARD_FAMILY="Not Applicable" CONFIG_MAINBOARD_PART_NUMBER="nv40pz" -CONFIG_MAINBOARD_VERSION="nv40pz" +CONFIG_MAINBOARD_VERSION="v2.1" CONFIG_MAINBOARD_DIR="clevo/adl-p" CONFIG_DIMM_MAX=4 CONFIG_DIMM_SPD_SIZE=512 From 80a4c84ea2b4eb49d3abe56aeaae597c76c21d33 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 15 Nov 2024 10:13:53 -0500 Subject: [PATCH 17/27] config/coreboot* config/linux* : verify/unify/fix branding strings (only LOCALVERSION was varying) Signed-off-by: Thierry Laurion --- config/coreboot-talos-2.config | 2 +- config/linux-linuxboot.config | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/coreboot-talos-2.config b/config/coreboot-talos-2.config index 975cf865..8896e9e1 100644 --- a/config/coreboot-talos-2.config +++ b/config/coreboot-talos-2.config @@ -7,7 +7,7 @@ # General setup # CONFIG_COREBOOT_BUILD=y -CONFIG_LOCALVERSION="Heads-v0.2.0-2215-g21ab781-dirty" +CONFIG_LOCALVERSION="" CONFIG_CBFS_PREFIX="fallback" CONFIG_COMPILER_GCC=y # CONFIG_ALLOW_EXPERIMENTAL_CLANG is not set diff --git a/config/linux-linuxboot.config b/config/linux-linuxboot.config index 31e7efb6..66e78f97 100644 --- a/config/linux-linuxboot.config +++ b/config/linux-linuxboot.config @@ -1,4 +1,4 @@ -CONFIG_LOCALVERSION="-heads" +CONFIG_LOCALVERSION="-@BRAND_NAME@" # CONFIG_LOCALVERSION_AUTO is not set CONFIG_KERNEL_XZ=y CONFIG_DEFAULT_HOSTNAME="linuxboot" From a9bb1e6e9e923cc1ca3ac13126c025fc417e873c Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 19 Nov 2024 14:05:42 -0500 Subject: [PATCH 18/27] qemu prod coreboot configs: remove debug output + unify with other boards prod kernel output (quiet, loglevel2), change resolution 1024x768 (4:3) to 1280x720 (16:9) resolution changed to fit smallest (uncommon) x230 screen size supported for dev cycles to show prod output: 1366x768 (16:9) Signed-off-by: Thierry Laurion --- ...-coreboot-fbwhiptail-tpm1-hotp-prod.config | 2 +- .../qemu-coreboot-fbwhiptail-tpm1-prod.config | 2 +- ...-coreboot-fbwhiptail-tpm2-hotp-prod.config | 2 +- .../qemu-coreboot-fbwhiptail-tpm2-prod.config | 2 +- ...mu-coreboot-whiptail-tpm1-hotp-prod.config | 2 +- .../qemu-coreboot-whiptail-tpm1-prod.config | 2 +- ...mu-coreboot-whiptail-tpm2-hotp-prod.config | 2 +- .../qemu-coreboot-whiptail-tpm2-prod.config | 2 +- .../coreboot-qemu-fbwhiptail-tpm1-hotp.config | 21 - config/coreboot-qemu-tpm1-prod.config | 562 ++++++++++++++++++ config/coreboot-qemu-tpm2-prod.config | 555 +++++++++++++++++ 11 files changed, 1125 insertions(+), 29 deletions(-) delete mode 100644 config/coreboot-qemu-fbwhiptail-tpm1-hotp.config create mode 100644 config/coreboot-qemu-tpm1-prod.config create mode 100644 config/coreboot-qemu-tpm2-prod.config diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp-prod/qemu-coreboot-fbwhiptail-tpm1-hotp-prod.config b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp-prod/qemu-coreboot-fbwhiptail-tpm1-hotp-prod.config index d31ba5f3..25535708 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp-prod/qemu-coreboot-fbwhiptail-tpm1-hotp-prod.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp-prod/qemu-coreboot-fbwhiptail-tpm1-hotp-prod.config @@ -8,7 +8,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=24.02.01 export CONFIG_LINUX_VERSION=6.1.8 -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1-prod.config CONFIG_LINUX_CONFIG=config/linux-qemu.config #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-prod/qemu-coreboot-fbwhiptail-tpm1-prod.config b/boards/qemu-coreboot-fbwhiptail-tpm1-prod/qemu-coreboot-fbwhiptail-tpm1-prod.config index ee978597..04c0c647 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1-prod/qemu-coreboot-fbwhiptail-tpm1-prod.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-prod/qemu-coreboot-fbwhiptail-tpm1-prod.config @@ -6,7 +6,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=24.02.01 export CONFIG_LINUX_VERSION=6.1.8 -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2-prod.config CONFIG_LINUX_CONFIG=config/linux-qemu.config #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp-prod/qemu-coreboot-fbwhiptail-tpm2-hotp-prod.config b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp-prod/qemu-coreboot-fbwhiptail-tpm2-hotp-prod.config index cb8626f2..fd1b23d4 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp-prod/qemu-coreboot-fbwhiptail-tpm2-hotp-prod.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp-prod/qemu-coreboot-fbwhiptail-tpm2-hotp-prod.config @@ -7,7 +7,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=24.02.01 export CONFIG_LINUX_VERSION=6.1.8 -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2-prod.config CONFIG_LINUX_CONFIG=config/linux-qemu.config #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-prod/qemu-coreboot-fbwhiptail-tpm2-prod.config b/boards/qemu-coreboot-fbwhiptail-tpm2-prod/qemu-coreboot-fbwhiptail-tpm2-prod.config index 9368ada6..188d6702 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2-prod/qemu-coreboot-fbwhiptail-tpm2-prod.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2-prod/qemu-coreboot-fbwhiptail-tpm2-prod.config @@ -6,7 +6,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=24.02.01 export CONFIG_LINUX_VERSION=6.1.8 -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2-prod.config CONFIG_LINUX_CONFIG=config/linux-qemu.config #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp-prod/qemu-coreboot-whiptail-tpm1-hotp-prod.config b/boards/qemu-coreboot-whiptail-tpm1-hotp-prod/qemu-coreboot-whiptail-tpm1-hotp-prod.config index ba886d90..aeb1b4fa 100644 --- a/boards/qemu-coreboot-whiptail-tpm1-hotp-prod/qemu-coreboot-whiptail-tpm1-hotp-prod.config +++ b/boards/qemu-coreboot-whiptail-tpm1-hotp-prod/qemu-coreboot-whiptail-tpm1-hotp-prod.config @@ -8,7 +8,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=24.02.01 export CONFIG_LINUX_VERSION=6.1.8 -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1-prod.config CONFIG_LINUX_CONFIG=config/linux-qemu.config #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) diff --git a/boards/qemu-coreboot-whiptail-tpm1-prod/qemu-coreboot-whiptail-tpm1-prod.config b/boards/qemu-coreboot-whiptail-tpm1-prod/qemu-coreboot-whiptail-tpm1-prod.config index 20c99137..0038b8a9 100644 --- a/boards/qemu-coreboot-whiptail-tpm1-prod/qemu-coreboot-whiptail-tpm1-prod.config +++ b/boards/qemu-coreboot-whiptail-tpm1-prod/qemu-coreboot-whiptail-tpm1-prod.config @@ -6,7 +6,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=24.02.01 export CONFIG_LINUX_VERSION=6.1.8 -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1-prod.config CONFIG_LINUX_CONFIG=config/linux-qemu.config #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) diff --git a/boards/qemu-coreboot-whiptail-tpm2-hotp-prod/qemu-coreboot-whiptail-tpm2-hotp-prod.config b/boards/qemu-coreboot-whiptail-tpm2-hotp-prod/qemu-coreboot-whiptail-tpm2-hotp-prod.config index e1858e25..10f051f9 100644 --- a/boards/qemu-coreboot-whiptail-tpm2-hotp-prod/qemu-coreboot-whiptail-tpm2-hotp-prod.config +++ b/boards/qemu-coreboot-whiptail-tpm2-hotp-prod/qemu-coreboot-whiptail-tpm2-hotp-prod.config @@ -7,7 +7,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=24.02.01 export CONFIG_LINUX_VERSION=6.1.8 -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2-prod.config CONFIG_LINUX_CONFIG=config/linux-qemu.config #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) diff --git a/boards/qemu-coreboot-whiptail-tpm2-prod/qemu-coreboot-whiptail-tpm2-prod.config b/boards/qemu-coreboot-whiptail-tpm2-prod/qemu-coreboot-whiptail-tpm2-prod.config index cef49da5..2db24f73 100644 --- a/boards/qemu-coreboot-whiptail-tpm2-prod/qemu-coreboot-whiptail-tpm2-prod.config +++ b/boards/qemu-coreboot-whiptail-tpm2-prod/qemu-coreboot-whiptail-tpm2-prod.config @@ -6,7 +6,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=24.02.01 export CONFIG_LINUX_VERSION=6.1.8 -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2-prod.config CONFIG_LINUX_CONFIG=config/linux-qemu.config #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) diff --git a/config/coreboot-qemu-fbwhiptail-tpm1-hotp.config b/config/coreboot-qemu-fbwhiptail-tpm1-hotp.config deleted file mode 100644 index bd633213..00000000 --- a/config/coreboot-qemu-fbwhiptail-tpm1-hotp.config +++ /dev/null @@ -1,21 +0,0 @@ -# CONFIG_INCLUDE_CONFIG_FILE is not set -CONFIG_ONBOARD_VGA_IS_PRIMARY=y -CONFIG_CBFS_SIZE=0x980000 -# CONFIG_POST_IO is not set -# CONFIG_POST_DEVICE is not set -CONFIG_BOARD_EMULATION_QEMU_X86_Q35=y -# CONFIG_CONSOLE_SERIAL is not set -CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty" -CONFIG_COREBOOT_ROMSIZE_KB_10240=y -CONFIG_PCIEXP_ASPM=y -CONFIG_PCIEXP_COMMON_CLOCK=y -CONFIG_UART_PCI_ADDR=0 -CONFIG_DRIVERS_PS2_KEYBOARD=y -CONFIG_USER_TPM1=y -CONFIG_TPM_MEASURED_BOOT=y -# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set -CONFIG_PAYLOAD_LINUX=y -CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage" -CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz" -CONFIG_USBDEBUG=y -CONFIG_USBDEBUG=n diff --git a/config/coreboot-qemu-tpm1-prod.config b/config/coreboot-qemu-tpm1-prod.config new file mode 100644 index 00000000..94e0990d --- /dev/null +++ b/config/coreboot-qemu-tpm1-prod.config @@ -0,0 +1,562 @@ +# +# Automatically generated file; DO NOT EDIT. +# coreboot configuration +# + +# +# General setup +# +CONFIG_COREBOOT_BUILD=y +CONFIG_LOCALVERSION="" +CONFIG_CBFS_PREFIX="fallback" +CONFIG_COMPILER_GCC=y +# CONFIG_COMPILER_LLVM_CLANG is not set +CONFIG_ARCH_SUPPORTS_CLANG=y +# CONFIG_ANY_TOOLCHAIN is not set +CONFIG_CCACHE=y +# CONFIG_IWYU is not set +# CONFIG_FMD_GENPARSER is not set +# CONFIG_UTIL_GENPARSER is not set +CONFIG_OPTION_BACKEND_NONE=y +# CONFIG_USE_OPTION_TABLE is not set +CONFIG_COMPRESS_RAMSTAGE_LZMA=y +# CONFIG_COMPRESS_RAMSTAGE_LZ4 is not set +CONFIG_SEPARATE_ROMSTAGE=y +# CONFIG_INCLUDE_CONFIG_FILE is not set +CONFIG_COLLECT_TIMESTAMPS=y +# CONFIG_TIMESTAMPS_ON_CONSOLE is not set +CONFIG_USE_BLOBS=y +# CONFIG_USE_AMD_BLOBS is not set +# CONFIG_USE_QC_BLOBS is not set +# CONFIG_COVERAGE is not set +# CONFIG_UBSAN is not set +CONFIG_HAVE_ASAN_IN_RAMSTAGE=y +# CONFIG_ASAN is not set +CONFIG_NO_STAGE_CACHE=y +# CONFIG_CBMEM_STAGE_CACHE is not set +# CONFIG_UPDATE_IMAGE is not set +CONFIG_BOOTSPLASH_IMAGE=y +CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg" +CONFIG_BOOTSPLASH_CONVERT=y +CONFIG_BOOTSPLASH_CONVERT_QUALITY=70 +# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set +# CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set +# CONFIG_FW_CONFIG is not set + +# +# Software Bill Of Materials (SBOM) +# +# CONFIG_SBOM is not set +# end of Software Bill Of Materials (SBOM) +# end of General setup + +# +# Mainboard +# + +# +# Important: Run 'make distclean' before switching boards +# +# CONFIG_VENDOR_51NB is not set +# CONFIG_VENDOR_ACER is not set +# CONFIG_VENDOR_ADLINK is not set +# CONFIG_VENDOR_AMD is not set +# CONFIG_VENDOR_AOPEN is not set +# CONFIG_VENDOR_APPLE is not set +# CONFIG_VENDOR_ASROCK is not set +# CONFIG_VENDOR_ASUS is not set +# CONFIG_VENDOR_BIOSTAR is not set +# CONFIG_VENDOR_BOSTENTECH is not set +# CONFIG_VENDOR_BYTEDANCE is not set +# CONFIG_VENDOR_CAVIUM is not set +# CONFIG_VENDOR_CLEVO is not set +# CONFIG_VENDOR_COMPULAB is not set +# CONFIG_VENDOR_DELL is not set +CONFIG_VENDOR_EMULATION=y +# CONFIG_VENDOR_EXAMPLE is not set +# CONFIG_VENDOR_FACEBOOK is not set +# CONFIG_VENDOR_FOXCONN is not set +# CONFIG_VENDOR_GETAC is not set +# CONFIG_VENDOR_GIGABYTE is not set +# CONFIG_VENDOR_GOOGLE is not set +# CONFIG_VENDOR_HP is not set +# CONFIG_VENDOR_IBASE is not set +# CONFIG_VENDOR_IBM is not set +# CONFIG_VENDOR_INTEL is not set +# CONFIG_VENDOR_INVENTEC is not set +# CONFIG_VENDOR_KONTRON is not set +# CONFIG_VENDOR_LENOVO is not set +# CONFIG_VENDOR_LIBRETREND is not set +# CONFIG_VENDOR_MSI is not set +# CONFIG_VENDOR_OCP is not set +# CONFIG_VENDOR_OPENCELLULAR is not set +# CONFIG_VENDOR_PACKARDBELL is not set +# CONFIG_VENDOR_PCENGINES is not set +# CONFIG_VENDOR_PINE64 is not set +# CONFIG_VENDOR_PORTWELL is not set +# CONFIG_VENDOR_PRODRIVE is not set +# CONFIG_VENDOR_PROTECTLI is not set +# CONFIG_VENDOR_PURISM is not set +# CONFIG_VENDOR_RAZER is not set +# CONFIG_VENDOR_RODA is not set +# CONFIG_VENDOR_SAMSUNG is not set +# CONFIG_VENDOR_SAPPHIRE is not set +# CONFIG_VENDOR_SIEMENS is not set +# CONFIG_VENDOR_SIFIVE is not set +# CONFIG_VENDOR_STARLABS is not set +# CONFIG_VENDOR_SUPERMICRO is not set +# CONFIG_VENDOR_SYSTEM76 is not set +# CONFIG_VENDOR_TI is not set +# CONFIG_VENDOR_UP is not set +CONFIG_BOARD_SPECIFIC_OPTIONS=y +CONFIG_MAINBOARD_PART_NUMBER="QEMU x86 q35/ich9" +CONFIG_MAINBOARD_VERSION="1.0" +CONFIG_MAINBOARD_DIR="emulation/qemu-q35" +CONFIG_DIMM_MAX=4 +CONFIG_DIMM_SPD_SIZE=256 +CONFIG_FMDFILE="" +# CONFIG_NO_POST is not set +CONFIG_MAINBOARD_VENDOR="Emulation" +CONFIG_CBFS_SIZE=0x980000 +# CONFIG_CONSOLE_SERIAL is not set +CONFIG_MAX_CPUS=4 +CONFIG_ONBOARD_VGA_IS_PRIMARY=y +# CONFIG_POST_DEVICE is not set +# CONFIG_POST_IO is not set +CONFIG_DEVICETREE="devicetree.cb" +# CONFIG_VBOOT is not set +CONFIG_VBOOT_VBNV_OFFSET=0x2c +# CONFIG_CHROMEOS is not set +CONFIG_OVERRIDE_DEVICETREE="" +# CONFIG_VGA_BIOS is not set +CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Emulation" +CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00 +CONFIG_CMOS_DEFAULT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.default" +CONFIG_CMOS_LAYOUT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.layout" +# CONFIG_CONSOLE_POST is not set +CONFIG_TPM_PIRQ=0x0 +# CONFIG_BOARD_EMULATION_QEMU_AARCH64 is not set +# CONFIG_BOARD_EMULATION_QEMU_ARMV7 is not set +# CONFIG_BOARD_EMULATION_QEMU_X86_I440FX is not set +# CONFIG_BOARD_EMULATION_QEMU_POWER8 is not set +# CONFIG_BOARD_EMULATION_QEMU_POWER9 is not set +CONFIG_BOARD_EMULATION_QEMU_X86_Q35=y +# CONFIG_BOARD_EMULATION_QEMU_RISCV_RV64 is not set +# CONFIG_BOARD_EMULATION_QEMU_RISCV_RV32 is not set +# CONFIG_BOARD_EMULATION_SPIKE_RISCV is not set +CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xb0000000 +CONFIG_ECAM_MMCONF_BUS_NUMBER=256 +CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld" +CONFIG_DCACHE_RAM_BASE=0x10000 +CONFIG_DCACHE_RAM_SIZE=0x90000 +CONFIG_C_ENV_BOOTBLOCK_SIZE=0x40000 +CONFIG_DCACHE_BSP_STACK_SIZE=0x4000 +CONFIG_MAX_ACPI_TABLE_SIZE_KB=224 +# CONFIG_DRIVERS_INTEL_WIFI is not set +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000 +CONFIG_CARDBUS_PLUGIN_SUPPORT=y +# CONFIG_DEBUG_SMI is not set +CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="QEMU x86 q35/ich9" +CONFIG_PCIEXP_HOTPLUG_BUSES=32 +CONFIG_PCIEXP_HOTPLUG_MEM=0x800000 +CONFIG_PCIEXP_HOTPLUG_PREFETCH_MEM=0x10000000 +CONFIG_PS2K_EISAID="PNP0303" +CONFIG_PS2M_EISAID="PNP0F13" +CONFIG_D3COLD_SUPPORT=y +CONFIG_PCIEXP_ASPM=y +# CONFIG_PCIEXP_L1_SUB_STATE is not set +# CONFIG_PCIEXP_CLK_PM is not set +CONFIG_DRIVERS_UART_8250IO=y +CONFIG_PC_CMOS_BASE_PORT_BANK1=0x72 +CONFIG_EC_GPE_SCI=0x50 +CONFIG_TPM_MEASURED_BOOT=y +CONFIG_LINUX_COMMAND_LINE="console=ttyS0,115200 console=tty quiet loglevel=2" +CONFIG_BOARD_ROMSIZE_KB_16384=y +# CONFIG_COREBOOT_ROMSIZE_KB_256 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_512 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_1024 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_2048 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_4096 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_5120 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_6144 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_8192 is not set +CONFIG_COREBOOT_ROMSIZE_KB_10240=y +# CONFIG_COREBOOT_ROMSIZE_KB_12288 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_16384 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_24576 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_32768 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set +CONFIG_COREBOOT_ROMSIZE_KB=10240 +CONFIG_ROM_SIZE=0x00a00000 +CONFIG_HAVE_POWER_STATE_AFTER_FAILURE=y +CONFIG_HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE=y +CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y +# CONFIG_POWER_STATE_ON_AFTER_FAILURE is not set +# CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set +CONFIG_MAINBOARD_POWER_FAILURE_STATE=0 +# end of Mainboard + +# +# Chipset +# + +# +# SoC +# +CONFIG_CHIPSET_DEVICETREE="" +CONFIG_CBFS_MCACHE_SIZE=0x4000 +CONFIG_ROMSTAGE_ADDR=0x2000000 +CONFIG_VERSTAGE_ADDR=0x2000000 +CONFIG_SMM_MODULE_STACK_SIZE=0x400 +# CONFIG_USE_EXP_X86_64_SUPPORT is not set +CONFIG_PRERAM_CBFS_CACHE_SIZE=0x4000 +CONFIG_DOMAIN_RESOURCE_32BIT_LIMIT=0xfe000000 +CONFIG_EHCI_BAR=0xfef00000 +CONFIG_ACPI_CPU_STRING="CP%02X" +CONFIG_STACK_SIZE=0x2000 +CONFIG_INTEL_GMA_BCLV_OFFSET=0xc8254 +CONFIG_INTEL_GMA_BCLV_WIDTH=16 +CONFIG_INTEL_GMA_BCLM_OFFSET=0xc8256 +CONFIG_INTEL_GMA_BCLM_WIDTH=16 +CONFIG_BOOTBLOCK_IN_CBFS=y +CONFIG_HPET_MIN_TICKS=0x80 +CONFIG_PCIEXP_COMMON_CLOCK=y +CONFIG_SOC_PHYSICAL_ADDRESS_WIDTH=0 +CONFIG_FIXED_SMBUS_IO_BASE=0x400 +CONFIG_CBFS_CACHE_ALIGN=8 + +# +# CPU +# +CONFIG_CPU_QEMU_X86=y +# CONFIG_CPU_QEMU_X86_NO_SMM is not set +CONFIG_CPU_QEMU_X86_ASEG_SMM=y +# CONFIG_CPU_QEMU_X86_TSEG_SMM is not set +CONFIG_PARALLEL_MP=y +CONFIG_XAPIC_ONLY=y +# CONFIG_X2APIC_ONLY is not set +# CONFIG_X2APIC_RUNTIME is not set +# CONFIG_X2APIC_LATE_WORKAROUND is not set +CONFIG_UDELAY_TSC=y +CONFIG_UNKNOWN_TSC_RATE=y +CONFIG_TSC_MONOTONIC_TIMER=y +CONFIG_HAVE_SMI_HANDLER=y +CONFIG_SMM_ASEG=y +CONFIG_SMM_PCI_RESOURCE_STORE_NUM_SLOTS=8 +CONFIG_AP_STACK_SIZE=0x800 +CONFIG_SMP=y + +# +# Northbridge +# + +# +# Southbridge +# +CONFIG_PCIEXP_HOTPLUG=y +CONFIG_SOUTHBRIDGE_INTEL_I82801IX=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_RESET=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_RTC=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_PMCLIB=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_PMBASE=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_GPIO=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_EARLY_SMBUS=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y +CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y +# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set +CONFIG_TCO_SPACE_NOT_YET_SPLIT=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y +CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000 +CONFIG_RCBA_LENGTH=0x4000 + +# +# Super I/O +# + +# +# Embedded Controllers +# +CONFIG_MAINBOARD_HAS_CHROMEOS=y + +# +# ChromeOS +# +# end of ChromeOS + +CONFIG_ARCH_X86=y +CONFIG_ARCH_BOOTBLOCK_X86_32=y +CONFIG_ARCH_VERSTAGE_X86_32=y +CONFIG_ARCH_ROMSTAGE_X86_32=y +CONFIG_ARCH_POSTCAR_X86_32=y +CONFIG_ARCH_RAMSTAGE_X86_32=y +CONFIG_ARCH_ALL_STAGES_X86_32=y +CONFIG_HAVE_EXP_X86_64_SUPPORT=y +CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y +CONFIG_POSTRAM_CBFS_CACHE_IN_BSS=y +CONFIG_RAMSTAGE_CBFS_CACHE_SIZE=0x4000 +CONFIG_PC80_SYSTEM=y +CONFIG_HAVE_CMOS_DEFAULT=y +CONFIG_POSTCAR_STAGE=y +CONFIG_BOOTBLOCK_SIMPLE=y +# CONFIG_BOOTBLOCK_NORMAL is not set +CONFIG_COLLECT_TIMESTAMPS_TSC=y +CONFIG_HAVE_CF9_RESET=y +CONFIG_DEBUG_HW_BREAKPOINTS=y +CONFIG_DEBUG_NULL_DEREF_BREAKPOINTS=y +# CONFIG_DUMP_SMBIOS_TYPE17 is not set +# end of Chipset + +# +# Devices +# +CONFIG_HAVE_VGA_TEXT_FRAMEBUFFER=y +CONFIG_HAVE_LINEAR_FRAMEBUFFER=y +CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT=y +CONFIG_MAINBOARD_FORCE_NATIVE_VGA_INIT=y +CONFIG_MAINBOARD_DO_NATIVE_VGA_INIT=y +CONFIG_NO_EARLY_GFX_INIT=y + +# +# Display +# +# CONFIG_VGA_TEXT_FRAMEBUFFER is not set +CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y +CONFIG_LINEAR_FRAMEBUFFER=y +CONFIG_BOOTSPLASH=y +CONFIG_HEAP_SIZE=0x100000 +# end of Display + +CONFIG_PCI=y +CONFIG_ECAM_MMCONF_SUPPORT=y +CONFIG_PCIX_PLUGIN_SUPPORT=y +CONFIG_AZALIA_HDA_CODEC_SUPPORT=y +CONFIG_PCIEXP_PLUGIN_SUPPORT=y +CONFIG_ECAM_MMCONF_LENGTH=0x10000000 +CONFIG_PCI_ALLOW_BUS_MASTER=y +CONFIG_PCI_SET_BUS_MASTER_PCI_BRIDGES=y +CONFIG_PCI_ALLOW_BUS_MASTER_ANY_DEVICE=y +# CONFIG_PCIEXP_SUPPORT_RESIZABLE_BARS is not set +# CONFIG_PCIEXP_LANE_ERR_STAT_CLEAR is not set +CONFIG_PCIEXP_HOTPLUG_PREFETCH_MEM_ABOVE_4G=y +# CONFIG_PCIEXP_HOTPLUG_PREFETCH_MEM_BELOW_4G is not set +CONFIG_PCIEXP_HOTPLUG_IO=0x2000 +# CONFIG_EARLY_PCI_BRIDGE is not set +CONFIG_SUBSYSTEM_VENDOR_ID=0x0000 +CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 +# CONFIG_SOFTWARE_I2C is not set +CONFIG_I2C_TRANSFER_TIMEOUT_US=500000 +CONFIG_RESOURCE_ALLOCATION_TOP_DOWN=y +# end of Devices + +# +# Generic Drivers +# +CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 +CONFIG_TPM_INIT_RAMSTAGE=y +# CONFIG_TPM_PPI is not set +CONFIG_DRIVERS_UART=y +# CONFIG_DRIVERS_UART_OXPCIE is not set +CONFIG_HAVE_USBDEBUG=y +CONFIG_HAVE_USBDEBUG_OPTIONS=y +# CONFIG_USBDEBUG is not set +# CONFIG_VPD is not set +CONFIG_DRIVERS_EMULATION_QEMU_BOCHS=y +CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_XRES=1280 +CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_YRES=720 +# CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set +# CONFIG_DRIVERS_GENERIC_CBFS_UUID is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9750 is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9755 is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9763E is not set +# CONFIG_DRIVERS_I2C_MAX98396 is not set +# CONFIG_DRIVERS_NXP_UWB_SR1XX is not set +CONFIG_DRIVERS_PS2_KEYBOARD=y +CONFIG_DRIVERS_MC146818=y +CONFIG_USE_PC_CMOS_ALTCENTURY=y +CONFIG_PC_CMOS_BASE_PORT_BANK0=0x70 +CONFIG_MEMORY_MAPPED_TPM=y +CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 +CONFIG_VGA=y +# CONFIG_DRIVERS_SIL_3114 is not set +# CONFIG_DRIVERS_MTK_WIFI is not set +# end of Generic Drivers + +# +# Security +# + +# +# CBFS verification +# +# CONFIG_CBFS_VERIFICATION is not set +# end of CBFS verification + +# +# Verified Boot (vboot) +# +CONFIG_VBOOT_LIB=y +# end of Verified Boot (vboot) + +# +# Trusted Platform Module +# +# CONFIG_NO_TPM is not set +CONFIG_TPM1=y +# CONFIG_TPM2 is not set +CONFIG_TPM=y +# CONFIG_TPM_DEACTIVATE is not set +# CONFIG_DEBUG_TPM is not set +# CONFIG_TPM_RDRESP_NEED_DELAY is not set +# CONFIG_TPM_LOG_CB is not set +CONFIG_TPM_LOG_TPM1=y +CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA="" +CONFIG_PCR_BOOT_MODE=1 +CONFIG_PCR_HWID=1 +CONFIG_PCR_SRTM=2 +CONFIG_PCR_FW_VER=10 +CONFIG_PCR_RUNTIME_DATA=3 +# end of Trusted Platform Module + +# +# Memory initialization +# +CONFIG_PLATFORM_HAS_DRAM_CLEAR=y +# CONFIG_SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT is not set +# end of Memory initialization + +# CONFIG_INTEL_TXT is not set +CONFIG_BOOTMEDIA_LOCK_NONE=y +# CONFIG_BOOTMEDIA_LOCK_CONTROLLER is not set +# CONFIG_BOOTMEDIA_LOCK_CHIP is not set +# end of Security + +CONFIG_ACPI_HAVE_PCAT_8259=y +CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES=y +CONFIG_ACPI_SOC_NVS=y +CONFIG_ACPI_NO_CUSTOM_MADT=y +CONFIG_ACPI_COMMON_MADT_LAPIC=y +CONFIG_ACPI_COMMON_MADT_IOAPIC=y +CONFIG_HAVE_ACPI_TABLES=y +CONFIG_BOOT_DEVICE_NOT_SPI_FLASH=y +CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y + +# +# Console +# +CONFIG_BOOTBLOCK_CONSOLE=y +CONFIG_POSTCAR_CONSOLE=y +CONFIG_SQUELCH_EARLY_SMP=y +# CONFIG_SPKMODEM is not set +# CONFIG_CONSOLE_NE2K is not set +CONFIG_CONSOLE_CBMEM=y +# CONFIG_CONSOLE_CBMEM_DUMP_TO_UART is not set +# CONFIG_CONSOLE_I2C_SMBUS is not set +CONFIG_CONSOLE_QEMU_DEBUGCON=y +CONFIG_CONSOLE_QEMU_DEBUGCON_PORT=0x402 +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8 is not set +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7=y +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_4 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_3 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_2 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set +CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7 +CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX=y +CONFIG_CONSOLE_USE_ANSI_ESCAPES=y +# CONFIG_CMOS_POST is not set +CONFIG_HWBASE_DEBUG_CB=y +# end of Console + +CONFIG_HAVE_MONOTONIC_TIMER=y +CONFIG_HAVE_OPTION_TABLE=y +CONFIG_IOAPIC=y +CONFIG_USE_WATCHDOG_ON_BOOT=y + +# +# System tables +# +CONFIG_GENERATE_SMBIOS_TABLES=y +CONFIG_BIOS_VENDOR="coreboot" +CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" +# end of System tables + +# +# Payload +# +# CONFIG_PAYLOAD_NONE is not set +# CONFIG_PAYLOAD_ELF is not set +# CONFIG_PAYLOAD_BOOTBOOT is not set +# CONFIG_PAYLOAD_FILO is not set +# CONFIG_PAYLOAD_GRUB2 is not set +# CONFIG_PAYLOAD_SEAGRUB is not set +# CONFIG_PAYLOAD_LINUXBOOT is not set +# CONFIG_PAYLOAD_SEABIOS is not set +# CONFIG_PAYLOAD_UBOOT is not set +# CONFIG_PAYLOAD_EDK2 is not set +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage" +CONFIG_PAYLOAD_OPTIONS="" +# CONFIG_PXE is not set +CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz" +# CONFIG_PAYLOAD_IS_FLAT_BINARY is not set +CONFIG_COMPRESS_SECONDARY_PAYLOAD=y + +# +# Secondary Payloads +# +# CONFIG_COREINFO_SECONDARY_PAYLOAD is not set +# CONFIG_GRUB2_SECONDARY_PAYLOAD is not set +# CONFIG_MEMTEST_SECONDARY_PAYLOAD is not set +# CONFIG_NVRAMCUI_SECONDARY_PAYLOAD is not set +# CONFIG_SEABIOS_SECONDARY_PAYLOAD is not set +# CONFIG_TINT_SECONDARY_PAYLOAD is not set +# CONFIG_COREDOOM_SECONDARY_PAYLOAD is not set +# end of Secondary Payloads +# end of Payload + +# +# Debugging +# + +# +# CPU Debug Settings +# +# CONFIG_DISPLAY_MTRRS is not set + +# +# Vendorcode Debug Settings +# + +# +# BLOB Debug Settings +# + +# +# General Debug Settings +# +# CONFIG_GDB_STUB is not set +# CONFIG_FATAL_ASSERTS is not set +# CONFIG_DEBUG_CBFS is not set +CONFIG_HAVE_DEBUG_SMBUS=y +# CONFIG_DEBUG_SMBUS is not set +# CONFIG_DEBUG_MALLOC is not set +# CONFIG_DEBUG_CONSOLE_INIT is not set +# CONFIG_DEBUG_BOOT_STATE is not set +# CONFIG_DEBUG_ADA_CODE is not set +# CONFIG_DEBUG_ACPICA_COMPATIBLE is not set +# end of Debugging + +CONFIG_DECOMPRESS_OFAST=y +CONFIG_PROBE_RAM=y +CONFIG_WARNINGS_ARE_ERRORS=y +CONFIG_MAX_REBOOT_CNT=3 +CONFIG_RELOCATABLE_MODULES=y +CONFIG_HAVE_BOOTBLOCK=y +CONFIG_HAVE_ROMSTAGE=y +CONFIG_HAVE_RAMSTAGE=y diff --git a/config/coreboot-qemu-tpm2-prod.config b/config/coreboot-qemu-tpm2-prod.config new file mode 100644 index 00000000..4baf458b --- /dev/null +++ b/config/coreboot-qemu-tpm2-prod.config @@ -0,0 +1,555 @@ +# +# Automatically generated file; DO NOT EDIT. +# coreboot configuration +# + +# +# General setup +# +CONFIG_COREBOOT_BUILD=y +CONFIG_LOCALVERSION="" +CONFIG_CBFS_PREFIX="fallback" +CONFIG_COMPILER_GCC=y +# CONFIG_COMPILER_LLVM_CLANG is not set +CONFIG_ARCH_SUPPORTS_CLANG=y +# CONFIG_ANY_TOOLCHAIN is not set +CONFIG_CCACHE=y +# CONFIG_IWYU is not set +# CONFIG_FMD_GENPARSER is not set +# CONFIG_UTIL_GENPARSER is not set +CONFIG_OPTION_BACKEND_NONE=y +# CONFIG_USE_OPTION_TABLE is not set +CONFIG_COMPRESS_RAMSTAGE_LZMA=y +# CONFIG_COMPRESS_RAMSTAGE_LZ4 is not set +CONFIG_SEPARATE_ROMSTAGE=y +# CONFIG_INCLUDE_CONFIG_FILE is not set +CONFIG_COLLECT_TIMESTAMPS=y +# CONFIG_TIMESTAMPS_ON_CONSOLE is not set +CONFIG_USE_BLOBS=y +# CONFIG_USE_AMD_BLOBS is not set +# CONFIG_USE_QC_BLOBS is not set +# CONFIG_COVERAGE is not set +# CONFIG_UBSAN is not set +CONFIG_HAVE_ASAN_IN_RAMSTAGE=y +# CONFIG_ASAN is not set +CONFIG_NO_STAGE_CACHE=y +# CONFIG_CBMEM_STAGE_CACHE is not set +# CONFIG_UPDATE_IMAGE is not set +CONFIG_BOOTSPLASH_IMAGE=y +CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg" +CONFIG_BOOTSPLASH_CONVERT=y +CONFIG_BOOTSPLASH_CONVERT_QUALITY=70 +# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set +# CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set +# CONFIG_FW_CONFIG is not set + +# +# Software Bill Of Materials (SBOM) +# +# CONFIG_SBOM is not set +# end of Software Bill Of Materials (SBOM) +# end of General setup + +# +# Mainboard +# + +# +# Important: Run 'make distclean' before switching boards +# +# CONFIG_VENDOR_51NB is not set +# CONFIG_VENDOR_ACER is not set +# CONFIG_VENDOR_ADLINK is not set +# CONFIG_VENDOR_AMD is not set +# CONFIG_VENDOR_AOPEN is not set +# CONFIG_VENDOR_APPLE is not set +# CONFIG_VENDOR_ASROCK is not set +# CONFIG_VENDOR_ASUS is not set +# CONFIG_VENDOR_BIOSTAR is not set +# CONFIG_VENDOR_BOSTENTECH is not set +# CONFIG_VENDOR_BYTEDANCE is not set +# CONFIG_VENDOR_CAVIUM is not set +# CONFIG_VENDOR_CLEVO is not set +# CONFIG_VENDOR_COMPULAB is not set +# CONFIG_VENDOR_DELL is not set +CONFIG_VENDOR_EMULATION=y +# CONFIG_VENDOR_EXAMPLE is not set +# CONFIG_VENDOR_FACEBOOK is not set +# CONFIG_VENDOR_FOXCONN is not set +# CONFIG_VENDOR_GETAC is not set +# CONFIG_VENDOR_GIGABYTE is not set +# CONFIG_VENDOR_GOOGLE is not set +# CONFIG_VENDOR_HP is not set +# CONFIG_VENDOR_IBASE is not set +# CONFIG_VENDOR_IBM is not set +# CONFIG_VENDOR_INTEL is not set +# CONFIG_VENDOR_INVENTEC is not set +# CONFIG_VENDOR_KONTRON is not set +# CONFIG_VENDOR_LENOVO is not set +# CONFIG_VENDOR_LIBRETREND is not set +# CONFIG_VENDOR_MSI is not set +# CONFIG_VENDOR_OCP is not set +# CONFIG_VENDOR_OPENCELLULAR is not set +# CONFIG_VENDOR_PACKARDBELL is not set +# CONFIG_VENDOR_PCENGINES is not set +# CONFIG_VENDOR_PINE64 is not set +# CONFIG_VENDOR_PORTWELL is not set +# CONFIG_VENDOR_PRODRIVE is not set +# CONFIG_VENDOR_PROTECTLI is not set +# CONFIG_VENDOR_PURISM is not set +# CONFIG_VENDOR_RAZER is not set +# CONFIG_VENDOR_RODA is not set +# CONFIG_VENDOR_SAMSUNG is not set +# CONFIG_VENDOR_SAPPHIRE is not set +# CONFIG_VENDOR_SIEMENS is not set +# CONFIG_VENDOR_SIFIVE is not set +# CONFIG_VENDOR_STARLABS is not set +# CONFIG_VENDOR_SUPERMICRO is not set +# CONFIG_VENDOR_SYSTEM76 is not set +# CONFIG_VENDOR_TI is not set +# CONFIG_VENDOR_UP is not set +CONFIG_BOARD_SPECIFIC_OPTIONS=y +CONFIG_MAINBOARD_PART_NUMBER="QEMU x86 q35/ich9" +CONFIG_MAINBOARD_VERSION="1.0" +CONFIG_MAINBOARD_DIR="emulation/qemu-q35" +CONFIG_DIMM_MAX=4 +CONFIG_DIMM_SPD_SIZE=256 +CONFIG_FMDFILE="" +# CONFIG_NO_POST is not set +CONFIG_MAINBOARD_VENDOR="Emulation" +CONFIG_CBFS_SIZE=0xfe0000 +# CONFIG_CONSOLE_SERIAL is not set +CONFIG_MAX_CPUS=4 +CONFIG_ONBOARD_VGA_IS_PRIMARY=y +# CONFIG_POST_DEVICE is not set +# CONFIG_POST_IO is not set +CONFIG_DEVICETREE="devicetree.cb" +# CONFIG_VBOOT is not set +CONFIG_VBOOT_VBNV_OFFSET=0x2c +# CONFIG_CHROMEOS is not set +CONFIG_OVERRIDE_DEVICETREE="" +# CONFIG_VGA_BIOS is not set +CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Emulation" +CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00 +CONFIG_CMOS_DEFAULT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.default" +CONFIG_CMOS_LAYOUT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.layout" +# CONFIG_CONSOLE_POST is not set +CONFIG_TPM_PIRQ=0x0 +# CONFIG_BOARD_EMULATION_QEMU_AARCH64 is not set +# CONFIG_BOARD_EMULATION_QEMU_ARMV7 is not set +# CONFIG_BOARD_EMULATION_QEMU_X86_I440FX is not set +# CONFIG_BOARD_EMULATION_QEMU_POWER8 is not set +# CONFIG_BOARD_EMULATION_QEMU_POWER9 is not set +CONFIG_BOARD_EMULATION_QEMU_X86_Q35=y +# CONFIG_BOARD_EMULATION_QEMU_RISCV_RV64 is not set +# CONFIG_BOARD_EMULATION_QEMU_RISCV_RV32 is not set +# CONFIG_BOARD_EMULATION_SPIKE_RISCV is not set +CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xb0000000 +CONFIG_ECAM_MMCONF_BUS_NUMBER=256 +CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld" +CONFIG_DCACHE_RAM_BASE=0x10000 +CONFIG_DCACHE_RAM_SIZE=0x90000 +CONFIG_C_ENV_BOOTBLOCK_SIZE=0x40000 +CONFIG_DCACHE_BSP_STACK_SIZE=0x4000 +CONFIG_MAX_ACPI_TABLE_SIZE_KB=224 +# CONFIG_DRIVERS_INTEL_WIFI is not set +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000 +CONFIG_CARDBUS_PLUGIN_SUPPORT=y +# CONFIG_DEBUG_SMI is not set +CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="QEMU x86 q35/ich9" +CONFIG_PS2K_EISAID="PNP0303" +CONFIG_PS2M_EISAID="PNP0F13" +CONFIG_D3COLD_SUPPORT=y +CONFIG_PCIEXP_ASPM=y +# CONFIG_PCIEXP_L1_SUB_STATE is not set +# CONFIG_PCIEXP_CLK_PM is not set +CONFIG_DRIVERS_UART_8250IO=y +CONFIG_PC_CMOS_BASE_PORT_BANK1=0x72 +CONFIG_EC_GPE_SCI=0x50 +CONFIG_TPM_MEASURED_BOOT=y +CONFIG_LINUX_COMMAND_LINE="console=ttyS0,115200 console=tty quiet loglevel=2" +CONFIG_BOARD_ROMSIZE_KB_16384=y +# CONFIG_COREBOOT_ROMSIZE_KB_256 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_512 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_1024 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_2048 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_4096 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_5120 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_6144 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_8192 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_10240 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_12288 is not set +CONFIG_COREBOOT_ROMSIZE_KB_16384=y +# CONFIG_COREBOOT_ROMSIZE_KB_24576 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_32768 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set +CONFIG_COREBOOT_ROMSIZE_KB=16384 +CONFIG_ROM_SIZE=0x01000000 +CONFIG_HAVE_POWER_STATE_AFTER_FAILURE=y +CONFIG_HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE=y +CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y +# CONFIG_POWER_STATE_ON_AFTER_FAILURE is not set +# CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set +CONFIG_MAINBOARD_POWER_FAILURE_STATE=0 +# end of Mainboard + +# +# Chipset +# + +# +# SoC +# +CONFIG_CHIPSET_DEVICETREE="" +CONFIG_CBFS_MCACHE_SIZE=0x4000 +CONFIG_ROMSTAGE_ADDR=0x2000000 +CONFIG_VERSTAGE_ADDR=0x2000000 +CONFIG_SMM_MODULE_STACK_SIZE=0x400 +# CONFIG_USE_EXP_X86_64_SUPPORT is not set +CONFIG_PRERAM_CBFS_CACHE_SIZE=0x4000 +CONFIG_DOMAIN_RESOURCE_32BIT_LIMIT=0xfe000000 +CONFIG_EHCI_BAR=0xfef00000 +CONFIG_ACPI_CPU_STRING="CP%02X" +CONFIG_STACK_SIZE=0x2000 +CONFIG_INTEL_GMA_BCLV_OFFSET=0xc8254 +CONFIG_INTEL_GMA_BCLV_WIDTH=16 +CONFIG_INTEL_GMA_BCLM_OFFSET=0xc8256 +CONFIG_INTEL_GMA_BCLM_WIDTH=16 +CONFIG_BOOTBLOCK_IN_CBFS=y +CONFIG_HPET_MIN_TICKS=0x80 +CONFIG_PCIEXP_COMMON_CLOCK=y +CONFIG_SOC_PHYSICAL_ADDRESS_WIDTH=0 +CONFIG_FIXED_SMBUS_IO_BASE=0x400 +CONFIG_CBFS_CACHE_ALIGN=8 + +# +# CPU +# +CONFIG_CPU_QEMU_X86=y +# CONFIG_CPU_QEMU_X86_NO_SMM is not set +CONFIG_CPU_QEMU_X86_ASEG_SMM=y +# CONFIG_CPU_QEMU_X86_TSEG_SMM is not set +CONFIG_PARALLEL_MP=y +CONFIG_XAPIC_ONLY=y +# CONFIG_X2APIC_ONLY is not set +# CONFIG_X2APIC_RUNTIME is not set +# CONFIG_X2APIC_LATE_WORKAROUND is not set +CONFIG_UDELAY_TSC=y +CONFIG_UNKNOWN_TSC_RATE=y +CONFIG_TSC_MONOTONIC_TIMER=y +CONFIG_HAVE_SMI_HANDLER=y +CONFIG_SMM_ASEG=y +CONFIG_SMM_PCI_RESOURCE_STORE_NUM_SLOTS=8 +CONFIG_AP_STACK_SIZE=0x800 +CONFIG_SMP=y + +# +# Northbridge +# + +# +# Southbridge +# +# CONFIG_PCIEXP_HOTPLUG is not set +CONFIG_SOUTHBRIDGE_INTEL_I82801IX=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_RESET=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_RTC=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_PMCLIB=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_PMBASE=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_GPIO=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_EARLY_SMBUS=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y +CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y +# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set +CONFIG_TCO_SPACE_NOT_YET_SPLIT=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y +CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000 +CONFIG_RCBA_LENGTH=0x4000 + +# +# Super I/O +# + +# +# Embedded Controllers +# +CONFIG_MAINBOARD_HAS_CHROMEOS=y + +# +# ChromeOS +# +# end of ChromeOS + +CONFIG_ARCH_X86=y +CONFIG_ARCH_BOOTBLOCK_X86_32=y +CONFIG_ARCH_VERSTAGE_X86_32=y +CONFIG_ARCH_ROMSTAGE_X86_32=y +CONFIG_ARCH_POSTCAR_X86_32=y +CONFIG_ARCH_RAMSTAGE_X86_32=y +CONFIG_ARCH_ALL_STAGES_X86_32=y +CONFIG_HAVE_EXP_X86_64_SUPPORT=y +CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y +CONFIG_POSTRAM_CBFS_CACHE_IN_BSS=y +CONFIG_RAMSTAGE_CBFS_CACHE_SIZE=0x4000 +CONFIG_PC80_SYSTEM=y +CONFIG_HAVE_CMOS_DEFAULT=y +CONFIG_POSTCAR_STAGE=y +CONFIG_BOOTBLOCK_SIMPLE=y +# CONFIG_BOOTBLOCK_NORMAL is not set +CONFIG_COLLECT_TIMESTAMPS_TSC=y +CONFIG_HAVE_CF9_RESET=y +CONFIG_DEBUG_HW_BREAKPOINTS=y +CONFIG_DEBUG_NULL_DEREF_BREAKPOINTS=y +# CONFIG_DUMP_SMBIOS_TYPE17 is not set +# end of Chipset + +# +# Devices +# +CONFIG_HAVE_VGA_TEXT_FRAMEBUFFER=y +CONFIG_HAVE_LINEAR_FRAMEBUFFER=y +CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT=y +CONFIG_MAINBOARD_FORCE_NATIVE_VGA_INIT=y +CONFIG_MAINBOARD_DO_NATIVE_VGA_INIT=y +CONFIG_NO_EARLY_GFX_INIT=y + +# +# Display +# +# CONFIG_VGA_TEXT_FRAMEBUFFER is not set +CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y +CONFIG_LINEAR_FRAMEBUFFER=y +CONFIG_BOOTSPLASH=y +CONFIG_HEAP_SIZE=0x100000 +# end of Display + +CONFIG_PCI=y +CONFIG_ECAM_MMCONF_SUPPORT=y +CONFIG_PCIX_PLUGIN_SUPPORT=y +CONFIG_AZALIA_HDA_CODEC_SUPPORT=y +CONFIG_PCIEXP_PLUGIN_SUPPORT=y +CONFIG_ECAM_MMCONF_LENGTH=0x10000000 +CONFIG_PCI_ALLOW_BUS_MASTER=y +CONFIG_PCI_SET_BUS_MASTER_PCI_BRIDGES=y +CONFIG_PCI_ALLOW_BUS_MASTER_ANY_DEVICE=y +# CONFIG_PCIEXP_SUPPORT_RESIZABLE_BARS is not set +# CONFIG_PCIEXP_LANE_ERR_STAT_CLEAR is not set +# CONFIG_EARLY_PCI_BRIDGE is not set +CONFIG_SUBSYSTEM_VENDOR_ID=0x0000 +CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 +# CONFIG_SOFTWARE_I2C is not set +CONFIG_I2C_TRANSFER_TIMEOUT_US=500000 +CONFIG_RESOURCE_ALLOCATION_TOP_DOWN=y +# end of Devices + +# +# Generic Drivers +# +CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 +CONFIG_TPM_INIT_RAMSTAGE=y +# CONFIG_TPM_PPI is not set +CONFIG_DRIVERS_UART=y +# CONFIG_DRIVERS_UART_OXPCIE is not set +CONFIG_HAVE_USBDEBUG=y +CONFIG_HAVE_USBDEBUG_OPTIONS=y +# CONFIG_USBDEBUG is not set +# CONFIG_VPD is not set +CONFIG_DRIVERS_EMULATION_QEMU_BOCHS=y +CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_XRES=1280 +CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_YRES=720 +# CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set +# CONFIG_DRIVERS_GENERIC_CBFS_UUID is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9750 is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9755 is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9763E is not set +# CONFIG_DRIVERS_I2C_MAX98396 is not set +# CONFIG_DRIVERS_NXP_UWB_SR1XX is not set +CONFIG_DRIVERS_PS2_KEYBOARD=y +CONFIG_DRIVERS_MC146818=y +CONFIG_USE_PC_CMOS_ALTCENTURY=y +CONFIG_PC_CMOS_BASE_PORT_BANK0=0x70 +CONFIG_MEMORY_MAPPED_TPM=y +CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 +CONFIG_VGA=y +# CONFIG_DRIVERS_SIL_3114 is not set +# CONFIG_DRIVERS_MTK_WIFI is not set +# end of Generic Drivers + +# +# Security +# + +# +# CBFS verification +# +# CONFIG_CBFS_VERIFICATION is not set +# end of CBFS verification + +# +# Verified Boot (vboot) +# +CONFIG_VBOOT_LIB=y +# end of Verified Boot (vboot) + +# +# Trusted Platform Module +# +# CONFIG_NO_TPM is not set +# CONFIG_TPM1 is not set +CONFIG_TPM2=y +CONFIG_TPM=y +# CONFIG_DEBUG_TPM is not set +# CONFIG_TPM_RDRESP_NEED_DELAY is not set +CONFIG_TPM_LOG_CB=y +# CONFIG_TPM_LOG_TPM2 is not set +CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA="" +CONFIG_PCR_BOOT_MODE=1 +CONFIG_PCR_HWID=1 +CONFIG_PCR_SRTM=2 +CONFIG_PCR_FW_VER=10 +CONFIG_PCR_RUNTIME_DATA=3 +# end of Trusted Platform Module + +# +# Memory initialization +# +CONFIG_PLATFORM_HAS_DRAM_CLEAR=y +# CONFIG_SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT is not set +# end of Memory initialization + +# CONFIG_INTEL_TXT is not set +CONFIG_BOOTMEDIA_LOCK_NONE=y +# CONFIG_BOOTMEDIA_LOCK_CONTROLLER is not set +# CONFIG_BOOTMEDIA_LOCK_CHIP is not set +# end of Security + +CONFIG_ACPI_HAVE_PCAT_8259=y +CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES=y +CONFIG_ACPI_SOC_NVS=y +CONFIG_ACPI_NO_CUSTOM_MADT=y +CONFIG_ACPI_COMMON_MADT_LAPIC=y +CONFIG_ACPI_COMMON_MADT_IOAPIC=y +CONFIG_HAVE_ACPI_TABLES=y +CONFIG_BOOT_DEVICE_NOT_SPI_FLASH=y +CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y + +# +# Console +# +CONFIG_BOOTBLOCK_CONSOLE=y +CONFIG_POSTCAR_CONSOLE=y +CONFIG_SQUELCH_EARLY_SMP=y +# CONFIG_SPKMODEM is not set +# CONFIG_CONSOLE_NE2K is not set +CONFIG_CONSOLE_CBMEM=y +# CONFIG_CONSOLE_CBMEM_DUMP_TO_UART is not set +# CONFIG_CONSOLE_I2C_SMBUS is not set +CONFIG_CONSOLE_QEMU_DEBUGCON=y +CONFIG_CONSOLE_QEMU_DEBUGCON_PORT=0x402 +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8 is not set +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7=y +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_4 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_3 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_2 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set +CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7 +CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX=y +CONFIG_CONSOLE_USE_ANSI_ESCAPES=y +# CONFIG_CMOS_POST is not set +CONFIG_HWBASE_DEBUG_CB=y +# end of Console + +CONFIG_HAVE_MONOTONIC_TIMER=y +CONFIG_HAVE_OPTION_TABLE=y +CONFIG_IOAPIC=y +CONFIG_USE_WATCHDOG_ON_BOOT=y + +# +# System tables +# +CONFIG_GENERATE_SMBIOS_TABLES=y +CONFIG_BIOS_VENDOR="coreboot" +CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" +# end of System tables + +# +# Payload +# +# CONFIG_PAYLOAD_NONE is not set +# CONFIG_PAYLOAD_ELF is not set +# CONFIG_PAYLOAD_BOOTBOOT is not set +# CONFIG_PAYLOAD_FILO is not set +# CONFIG_PAYLOAD_GRUB2 is not set +# CONFIG_PAYLOAD_SEAGRUB is not set +# CONFIG_PAYLOAD_LINUXBOOT is not set +# CONFIG_PAYLOAD_SEABIOS is not set +# CONFIG_PAYLOAD_UBOOT is not set +# CONFIG_PAYLOAD_EDK2 is not set +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage" +CONFIG_PAYLOAD_OPTIONS="" +# CONFIG_PXE is not set +CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz" +# CONFIG_PAYLOAD_IS_FLAT_BINARY is not set +CONFIG_COMPRESS_SECONDARY_PAYLOAD=y + +# +# Secondary Payloads +# +# CONFIG_COREINFO_SECONDARY_PAYLOAD is not set +# CONFIG_GRUB2_SECONDARY_PAYLOAD is not set +# CONFIG_MEMTEST_SECONDARY_PAYLOAD is not set +# CONFIG_NVRAMCUI_SECONDARY_PAYLOAD is not set +# CONFIG_SEABIOS_SECONDARY_PAYLOAD is not set +# CONFIG_TINT_SECONDARY_PAYLOAD is not set +# CONFIG_COREDOOM_SECONDARY_PAYLOAD is not set +# end of Secondary Payloads +# end of Payload + +# +# Debugging +# + +# +# CPU Debug Settings +# +# CONFIG_DISPLAY_MTRRS is not set + +# +# Vendorcode Debug Settings +# + +# +# BLOB Debug Settings +# + +# +# General Debug Settings +# +# CONFIG_GDB_STUB is not set +# CONFIG_FATAL_ASSERTS is not set +# CONFIG_DEBUG_CBFS is not set +CONFIG_HAVE_DEBUG_SMBUS=y +# CONFIG_DEBUG_SMBUS is not set +# CONFIG_DEBUG_MALLOC is not set +# CONFIG_DEBUG_CONSOLE_INIT is not set +# CONFIG_DEBUG_BOOT_STATE is not set +# CONFIG_DEBUG_ADA_CODE is not set +# CONFIG_DEBUG_ACPICA_COMPATIBLE is not set +# end of Debugging + +CONFIG_DECOMPRESS_OFAST=y +CONFIG_PROBE_RAM=y +CONFIG_WARNINGS_ARE_ERRORS=y +CONFIG_MAX_REBOOT_CNT=3 +CONFIG_RELOCATABLE_MODULES=y +CONFIG_HAVE_BOOTBLOCK=y +CONFIG_HAVE_ROMSTAGE=y +CONFIG_HAVE_RAMSTAGE=y From 5600c096105c57885c7a304d2cc83d0ee9c4fab6 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 19 Nov 2024 15:18:41 -0500 Subject: [PATCH 19/27] bugfix, bootsplash: qemu coreboot prod configs: add CONFIG_BOOTSPLASH_CONVERT_RESIZE=y and CONFIG_BOOTSPLASH_CONVERT_RESOLUTION="1280x720" Signed-off-by: Thierry Laurion --- config/coreboot-qemu-tpm1-prod.config | 5 +++-- config/coreboot-qemu-tpm2-prod.config | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/config/coreboot-qemu-tpm1-prod.config b/config/coreboot-qemu-tpm1-prod.config index 94e0990d..8ecfb64f 100644 --- a/config/coreboot-qemu-tpm1-prod.config +++ b/config/coreboot-qemu-tpm1-prod.config @@ -39,7 +39,8 @@ CONFIG_BOOTSPLASH_IMAGE=y CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg" CONFIG_BOOTSPLASH_CONVERT=y CONFIG_BOOTSPLASH_CONVERT_QUALITY=70 -# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set +CONFIG_BOOTSPLASH_CONVERT_RESIZE=y +CONFIG_BOOTSPLASH_CONVERT_RESOLUTION="1280x720" # CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set # CONFIG_FW_CONFIG is not set @@ -327,7 +328,6 @@ CONFIG_NO_EARLY_GFX_INIT=y CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y CONFIG_LINEAR_FRAMEBUFFER=y CONFIG_BOOTSPLASH=y -CONFIG_HEAP_SIZE=0x100000 # end of Display CONFIG_PCI=y @@ -443,6 +443,7 @@ CONFIG_ACPI_COMMON_MADT_IOAPIC=y CONFIG_HAVE_ACPI_TABLES=y CONFIG_BOOT_DEVICE_NOT_SPI_FLASH=y CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y +CONFIG_HEAP_SIZE=0x100000 # # Console diff --git a/config/coreboot-qemu-tpm2-prod.config b/config/coreboot-qemu-tpm2-prod.config index 4baf458b..85f5987d 100644 --- a/config/coreboot-qemu-tpm2-prod.config +++ b/config/coreboot-qemu-tpm2-prod.config @@ -39,7 +39,8 @@ CONFIG_BOOTSPLASH_IMAGE=y CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg" CONFIG_BOOTSPLASH_CONVERT=y CONFIG_BOOTSPLASH_CONVERT_QUALITY=70 -# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set +CONFIG_BOOTSPLASH_CONVERT_RESIZE=y +CONFIG_BOOTSPLASH_CONVERT_RESOLUTION="1280x720" # CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set # CONFIG_FW_CONFIG is not set @@ -324,7 +325,6 @@ CONFIG_NO_EARLY_GFX_INIT=y CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y CONFIG_LINEAR_FRAMEBUFFER=y CONFIG_BOOTSPLASH=y -CONFIG_HEAP_SIZE=0x100000 # end of Display CONFIG_PCI=y @@ -436,6 +436,7 @@ CONFIG_ACPI_COMMON_MADT_IOAPIC=y CONFIG_HAVE_ACPI_TABLES=y CONFIG_BOOT_DEVICE_NOT_SPI_FLASH=y CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y +CONFIG_HEAP_SIZE=0x100000 # # Console From 7c539c9aff26c4d18de0a7c8676ac7264b3be17a Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 19 Nov 2024 18:15:39 -0500 Subject: [PATCH 20/27] bugfix qemu boards: revert changes of CONFIG_BOOTSPLASH_CONVERT_RESOLUTION=XYZ for all boards, set qemu prod boards to 1440x810 * CONFIG_BOOTSPLASH_CONVERT_RESOLUTION: setting this stretches the bootsplash and makes it ugly. Revert the change on master so that produced videos/screenshots are ok. * qemu prod boards: CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_XRES=1440 and CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_YRES=810 brings the Height just big enough to fit on screens we mostly have out there. * qemu dev boards: CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_XRES=1024 and CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_YRES=768: is a reminder of x230's 1376x768 (16:9) for Height and shows us that things are not perfect for all platforms Notes: - cannot put to 1376x768 for qemu (would have been nice to see what console text looks like + fbwhiptail windows for x230 (min screen size supported) - that tears bochs fb for some unknown reason - doesn't tear x230 fb (TODO: bug report for bochs qemu driver?) Signed-off-by: Thierry Laurion --- config/coreboot-qemu-tpm1-prod.config | 7 +++---- config/coreboot-qemu-tpm2-prod.config | 7 +++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/config/coreboot-qemu-tpm1-prod.config b/config/coreboot-qemu-tpm1-prod.config index 8ecfb64f..c48958de 100644 --- a/config/coreboot-qemu-tpm1-prod.config +++ b/config/coreboot-qemu-tpm1-prod.config @@ -39,8 +39,7 @@ CONFIG_BOOTSPLASH_IMAGE=y CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg" CONFIG_BOOTSPLASH_CONVERT=y CONFIG_BOOTSPLASH_CONVERT_QUALITY=70 -CONFIG_BOOTSPLASH_CONVERT_RESIZE=y -CONFIG_BOOTSPLASH_CONVERT_RESOLUTION="1280x720" +# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set # CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set # CONFIG_FW_CONFIG is not set @@ -365,8 +364,8 @@ CONFIG_HAVE_USBDEBUG_OPTIONS=y # CONFIG_USBDEBUG is not set # CONFIG_VPD is not set CONFIG_DRIVERS_EMULATION_QEMU_BOCHS=y -CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_XRES=1280 -CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_YRES=720 +CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_XRES=1440 +CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_YRES=810 # CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set # CONFIG_DRIVERS_GENERIC_CBFS_UUID is not set # CONFIG_DRIVERS_GENESYSLOGIC_GL9750 is not set diff --git a/config/coreboot-qemu-tpm2-prod.config b/config/coreboot-qemu-tpm2-prod.config index 85f5987d..e1dee0ec 100644 --- a/config/coreboot-qemu-tpm2-prod.config +++ b/config/coreboot-qemu-tpm2-prod.config @@ -39,8 +39,7 @@ CONFIG_BOOTSPLASH_IMAGE=y CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg" CONFIG_BOOTSPLASH_CONVERT=y CONFIG_BOOTSPLASH_CONVERT_QUALITY=70 -CONFIG_BOOTSPLASH_CONVERT_RESIZE=y -CONFIG_BOOTSPLASH_CONVERT_RESOLUTION="1280x720" +# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set # CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set # CONFIG_FW_CONFIG is not set @@ -359,8 +358,8 @@ CONFIG_HAVE_USBDEBUG_OPTIONS=y # CONFIG_USBDEBUG is not set # CONFIG_VPD is not set CONFIG_DRIVERS_EMULATION_QEMU_BOCHS=y -CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_XRES=1280 -CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_YRES=720 +CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_XRES=1440 +CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_YRES=810 # CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set # CONFIG_DRIVERS_GENERIC_CBFS_UUID is not set # CONFIG_DRIVERS_GENESYSLOGIC_GL9750 is not set From e70e2f70165692116bff4c76ed43f81622195c2f Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 21 Nov 2024 11:03:31 -0500 Subject: [PATCH 21/27] ./docker_*: add 3 nix+docker helpers; local_dev, latest and repro - Kill any GPG toolstack USB host consumers of USB devices so targets/qemu.md instruction can be used as intended (usb security dongles, HOTP features) Signed-off-by: Thierry Laurion --- docker_latest.sh | 49 ++++++++++++++++++++++++++ docker_local_dev.sh | 84 +++++++++++++++++++++++++++++++++++++++++++++ docker_repro.sh | 58 +++++++++++++++++++++++++++++++ 3 files changed, 191 insertions(+) create mode 100755 docker_latest.sh create mode 100755 docker_local_dev.sh create mode 100755 docker_repro.sh diff --git a/docker_latest.sh b/docker_latest.sh new file mode 100755 index 00000000..e831b058 --- /dev/null +++ b/docker_latest.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# Inform the user that the latest published Docker image is being used +echo "Using the latest Docker image: tlaurion/heads-dev-env:latest" + +# Function to display usage information +usage() { + echo "Usage: $0 [OPTIONS] -- [COMMAND]" + echo "Options:" + echo " CPUS=N Set the number of CPUs" + echo " V=1 Enable verbose mode" + echo "Command:" + echo " The command to run inside the Docker container, e.g., make BOARD=BOARD_NAME" +} + +# Function to kill GPG toolstack related processes using USB devices +kill_usb_processes() { + echo "Killing any GPG toolstack related processes on host currently using USB devices..." + sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print $1}' | xargs -r sudo kill -9 + if [ $? -ne 0 ]; then + echo "Failed to kill GPG toolstack related processes using USB devices. Please run the following command manually:" + echo "sudo lsof /dev/bus/usb/00*/0* | awk 'NR>1 {print \$2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print \$1}' | xargs -r sudo kill -9" + exit 1 + fi +} + +# Handle Ctrl-C (SIGINT) to exit gracefully +trap "echo 'Script interrupted. Exiting...'; exit 1" SIGINT + +# Check if --help or -h is provided +for arg in "$@"; do + if [[ "$arg" == "--help" || "$arg" == "-h" ]]; then + usage + exit 0 + fi +done + +# Kill processes using USB devices +kill_usb_processes + +# Inform the user about entering the Docker container +echo "----" +echo "Usage reminder: The minimal command is 'make BOARD=XYZ', where additional options, including 'V=1' or 'CPUS=N' are optional." +echo "For more advanced QEMU testing options, refer to targets/qemu.md and boards/qemu-*/*.config." +echo "----" +echo "Entering the Docker container. Type 'exit' to return to the host shell." + +# Execute the docker run command with the provided parameters +docker run --device=/dev/bus/usb:/dev/bus/usb -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- "$@" diff --git a/docker_local_dev.sh b/docker_local_dev.sh new file mode 100755 index 00000000..dd543d15 --- /dev/null +++ b/docker_local_dev.sh @@ -0,0 +1,84 @@ +#!/bin/bash + +# Check if Nix is installed +if ! command -v nix &> /dev/null; then + echo "Nix is not installed or not in the PATH. Please install Nix before running this script." + echo "Refer to the README.md at the root of the repository for installation instructions." + exit 1 +fi + +# Check if Docker is installed +if ! command -v docker &> /dev/null; then + echo "Docker is not installed or not in the PATH. Please install Docker before running this script." + echo "Refer to the README.md at the root of the repository for installation instructions." + exit 1 +fi + +# Inform the user about the Docker image being used +echo "** This ./docker_local_dev.sh script is for developers usage only. **" +echo "" +echo "Using the last locally produced Docker image: linuxboot/heads:dev-env" +echo "Warning: Using anything other than the published Docker image might lead to non-reproducible builds." +echo "" +echo "For using the latest published Docker image, refer to ./docker_latest.sh." +echo "For producing reproducible builds as CircleCI, refer to ./docker_repro.sh." +echo "" +echo "---" + +# Function to display usage information +usage() { + echo "Usage: $0 [OPTIONS] -- [COMMAND]" + echo "Options:" + echo " CPUS=N Set the number of CPUs" + echo " V=1 Enable verbose mode" + echo "Command:" + echo " The command to run inside the Docker container, e.g., make BOARD=BOARD_NAME" +} + +# Function to kill GPG toolstack related processes using USB devices +kill_usb_processes() { + echo "Killing any GPG toolstack related processes on host currently using USB devices..." + sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print $1}' | xargs -r sudo kill -9 + if [ $? -ne 0 ]; then + echo "Failed to kill GPG toolstack related processes using USB devices. Please run the following command manually:" + echo "sudo lsof /dev/bus/usb/00*/0* | awk 'NR>1 {print \$2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print \$1}' | xargs -r sudo kill -9" + exit 1 + fi +} + +# Handle Ctrl-C (SIGINT) to exit gracefully +trap "echo 'Script interrupted. Exiting...'; exit 1" SIGINT + +# Check if --help or -h is provided +for arg in "$@"; do + if [[ "$arg" == "--help" || "$arg" == "-h" ]]; then + usage + exit 0 + fi +done + +# Check if the git repository is dirty and if flake.nix or flake.lock are part of the uncommitted changes +if [ -n "$(git status --porcelain | grep -E 'flake\.nix|flake\.lock')" ]; then + echo "Warning: Uncommitted changes detected in flake.nix or flake.lock. The Docker image will be rebuilt." + echo "If this was not intended, please commit your changes and rerun the script." + echo "Building the Docker image from flake.nix..." + nix --print-build-logs --verbose develop --ignore-environment --command true + nix --print-build-logs --verbose build .#dockerImage && docker load < result +else + echo "Git repository is clean. Using the previously built Docker image." + echo "---" + sleep 1 +fi + +# Kill processes using USB devices +kill_usb_processes + +# Inform the user about entering the Docker container +echo "----" +echo "Usage reminder: The minimal command is 'make BOARD=XYZ', where additional options, including 'V=1' or 'CPUS=N' are optional." +echo "For more advanced QEMU testing options, refer to targets/qemu.md and boards/qemu-*/*.config." +echo "----" +echo "Entering the Docker container. Type 'exit' to return to the host shell." + +# Execute the docker run command with the provided parameters +docker run --device=/dev/bus/usb:/dev/bus/usb -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env -- "$@" diff --git a/docker_repro.sh b/docker_repro.sh new file mode 100755 index 00000000..173bef62 --- /dev/null +++ b/docker_repro.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +# Extract the Docker image version from the CircleCI config file +DOCKER_IMAGE=$(grep -oP '^\s*-?\s*image:\s*\K(tlaurion/heads-dev-env:[^\s]+)' .circleci/config.yml | head -n 1) + +# Check if the Docker image was found +if [ -z "$DOCKER_IMAGE" ]; then + echo "Error: Docker image not found in .circleci/config.yml" + exit 1 +fi + +# Inform the user about the versioned CircleCI Docker image being used +echo "Using CircleCI Docker image: $DOCKER_IMAGE" + +# Function to display usage information +usage() { + echo "Usage: $0 [OPTIONS] -- [COMMAND]" + echo "Options:" + echo " CPUS=N Set the number of CPUs" + echo " V=1 Enable verbose mode" + echo "Command:" + echo " The command to run inside the Docker container, e.g., make BOARD=BOARD_NAME" +} + +# Function to kill GPG toolstack related processes using USB devices +kill_usb_processes() { + echo "Killing any GPG toolstack related processes on host currently using USB devices..." + sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print $1}' | xargs -r sudo kill -9 + if [ $? -ne 0 ]; then + echo "Failed to kill GPG toolstack related processes using USB devices. Please run the following command manually:" + echo "sudo lsof /dev/bus/usb/00*/0* | awk 'NR>1 {print \$2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print \$1}' | xargs -r sudo kill -9" + exit 1 + fi +} + +# Handle Ctrl-C (SIGINT) to exit gracefully +trap "echo 'Script interrupted. Exiting...'; exit 1" SIGINT + +# Check if --help or -h is provided +for arg in "$@"; do + if [[ "$arg" == "--help" || "$arg" == "-h" ]]; then + usage + exit 0 + fi +done + +# Kill processes using USB devices +kill_usb_processes + +# Inform the user about entering the Docker container +echo "----" +echo "Usage reminder: The minimal command is 'make BOARD=XYZ', where additional options, including 'V=1' or 'CPUS=N' are optional." +echo "For more advanced QEMU testing options, refer to targets/qemu.md and boards/qemu-*/*.config." +echo "----" +echo "Entering the Docker container. Type 'exit' to return to the host shell." + +# Execute the docker run command with the provided parameters +docker run --device=/dev/bus/usb:/dev/bus/usb -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) $DOCKER_IMAGE -- "$@" From 4ec2fef3e90bd6c3c52f2ca78474cf4be4c0ffeb Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 21 Nov 2024 11:07:17 -0500 Subject: [PATCH 22/27] README.md: simplify local usage of nix/docker for devs/local images builders(local repro of CircleCI builds), referring to ./docker_*.sh scripts created Signed-off-by: Thierry Laurion --- README.md | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index cda6d788..c8d6bc24 100644 --- a/README.md +++ b/README.md @@ -55,10 +55,10 @@ Build docker from nix develop layer locally #### Build image +* Have docker and Nix installed + * Build nix developer local environment with flakes locked to specified versions - * `nix --print-build-logs --verbose develop --ignore-environment --command true` -* Build docker image with current develop created environment (this will take a while and create "linuxboot/heads:dev-env" local docker image): - * `nix --print-build-logs --verbose build .#dockerImage && docker load < result` + * `./docker_local_dev.sh` On some hardened OSes, you may encounter problems with ptrace. ``` @@ -75,12 +75,16 @@ sudo sysctl -w kernel.yama.ptrace_scope=1 #setup the value to let nix+docker run Done! -Your local docker image "linuxboot/heads:dev-env" is ready to use, reproducible for the specific Heads commit used and will produce ROMs reproducible for that Heads commit ID. +Your local docker image "linuxboot/heads:dev-env" is ready to use, reproducible for the specific Heads commit used to build it, and will produce ROMs reproducible for that Heads commit ID. Jump into nix develop created docker image for interactive workflow ==== -`docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env` +There is 3 helpers: +- `./docker_local_dev.sh`: for developers wanting to customize docker image built from flake.nix(nix devenv creation) and flake.lock (pinned versions used by flake.nix) +- `./docker_latest.sh`: for Heads developers, wanting to use latest published docker images to develop Heads +- `./docker_repro.sh`: versioned docker image used under CircleCI to produce reproducivle builds, both locally and under CircleCI. **Use this one if in doubt** +ie: `./docker_repro.sh` will jump into CircleCI used versioned docker image for that Heads commit id to build images reproducibly if git repo is clean (not dirty). From there you can use the docker image interactively. @@ -92,22 +96,22 @@ Please refer to [qemu documentation](targets/qemu.md) for more information. Eg: ``` -make BOARD=qemu-coreboot-fbwhiptail-tpm2 # Build rom, export public key to emulated usb storage from qemu runtime -make BOARD=qemu-coreboot-fbwhiptail-tpm2 PUBKEY_ASC=~/pubkey.asc inject_gpg # Inject pubkey into rom image -make BOARD=qemu-coreboot-fbwhiptail-tpm2 USB_TOKEN=Nitrokey3NFC PUBKEY_ASC=~/pubkey.asc ROOT_DISK_IMG=~/qemu-disks/debian-9.cow2 INSTALL_IMG=~/Downloads/debian-9.13.0-amd64-xfce-CD-1.iso run # Install +./docker_repro.sh make BOARD=qemu-coreboot-fbwhiptail-tpm2 # Build rom, export public key to emulated usb storage from qemu runtime +./docker_repro.sh make BOARD=qemu-coreboot-fbwhiptail-tpm2 PUBKEY_ASC=~/pubkey.asc inject_gpg # Inject pubkey into rom image +./docker_repro.sh make BOARD=qemu-coreboot-fbwhiptail-tpm2 USB_TOKEN=Nitrokey3NFC PUBKEY_ASC=~/pubkey.asc ROOT_DISK_IMG=~/qemu-disks/debian-9.cow2 INSTALL_IMG=~/Downloads/debian-9.13.0-amd64-xfce-CD-1.iso run # Install ``` -Alternatively, you can use locally built docker image to build a board ROM image in a single call. +Alternatively, you can use locally built docker image to build a board ROM image in a single call **but do not expect reproducible builds if not using versioned docker images as per CircleCI as per usage of `./docker_repro.sh`** Eg: -`docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env -- make BOARD=nitropad-nv41` +`./docker_local_dev.sh make BOARD=nitropad-nv41` Pull docker hub image to prepare reproducible ROMs as CircleCI in one call ==== ``` -docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=x230-hotp-maximized -docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=nitropad-nv41 +./docker_repro.sh make BOARD=x230-hotp-maximized +./docker_repro.sh make BOARD=nitropad-nv41 ``` Maintenance notes on docker image From dd540366b5b0437c675db9613dd9f53203620c9f Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 21 Nov 2024 16:54:08 -0500 Subject: [PATCH 23/27] docker_* helpers: pass usb host controllers to docker only if usb devices are connected, unify, bugfixes Signed-off-by: Thierry Laurion --- docker_latest.sh | 47 ++++++++++++++---------- docker_local_dev.sh | 87 +++++++++++++++++++++++++-------------------- docker_repro.sh | 50 +++++++++++++++----------- 3 files changed, 105 insertions(+), 79 deletions(-) diff --git a/docker_latest.sh b/docker_latest.sh index e831b058..f073e5a7 100755 --- a/docker_latest.sh +++ b/docker_latest.sh @@ -2,26 +2,27 @@ # Inform the user that the latest published Docker image is being used echo "Using the latest Docker image: tlaurion/heads-dev-env:latest" +DOCKER_IMAGE="tlaurion/heads-dev-env:latest" # Function to display usage information usage() { - echo "Usage: $0 [OPTIONS] -- [COMMAND]" - echo "Options:" - echo " CPUS=N Set the number of CPUs" - echo " V=1 Enable verbose mode" - echo "Command:" - echo " The command to run inside the Docker container, e.g., make BOARD=BOARD_NAME" + echo "Usage: $0 [OPTIONS] -- [COMMAND]" + echo "Options:" + echo " CPUS=N Set the number of CPUs" + echo " V=1 Enable verbose mode" + echo "Command:" + echo " The command to run inside the Docker container, e.g., make BOARD=BOARD_NAME" } # Function to kill GPG toolstack related processes using USB devices kill_usb_processes() { - echo "Killing any GPG toolstack related processes on host currently using USB devices..." - sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print $1}' | xargs -r sudo kill -9 - if [ $? -ne 0 ]; then - echo "Failed to kill GPG toolstack related processes using USB devices. Please run the following command manually:" - echo "sudo lsof /dev/bus/usb/00*/0* | awk 'NR>1 {print \$2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print \$1}' | xargs -r sudo kill -9" - exit 1 - fi + # check if scdaemon or pcscd processes are using USB devices + if [ -d /dev/bus/usb ]; then + if sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' >/dev/null; then + echo "Killing GPG toolstack related processes using USB devices..." + sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print $1}' | xargs -r sudo kill -9 + fi + fi } # Handle Ctrl-C (SIGINT) to exit gracefully @@ -29,10 +30,10 @@ trap "echo 'Script interrupted. Exiting...'; exit 1" SIGINT # Check if --help or -h is provided for arg in "$@"; do - if [[ "$arg" == "--help" || "$arg" == "-h" ]]; then - usage - exit 0 - fi + if [[ "$arg" == "--help" || "$arg" == "-h" ]]; then + usage + exit 0 + fi done # Kill processes using USB devices @@ -42,8 +43,16 @@ kill_usb_processes echo "----" echo "Usage reminder: The minimal command is 'make BOARD=XYZ', where additional options, including 'V=1' or 'CPUS=N' are optional." echo "For more advanced QEMU testing options, refer to targets/qemu.md and boards/qemu-*/*.config." +echo +echo "Type exit within docker image to get back to host if launched interactively!" echo "----" -echo "Entering the Docker container. Type 'exit' to return to the host shell." +echo # Execute the docker run command with the provided parameters -docker run --device=/dev/bus/usb:/dev/bus/usb -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- "$@" +if [ -d "/dev/bus/usb" ]; then + echo "--->Launching container with access to host's USB buses (some USB devices were connected to host)..." + docker run --device=/dev/bus/usb:/dev/bus/usb -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) $DOCKER_IMAGE -- "$@" +else + echo "--->Launching container without access to host's USB buses (no USB devices was connected to host)..." + docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) $DOCKER_IMAGE -- "$@" +fi diff --git a/docker_local_dev.sh b/docker_local_dev.sh index dd543d15..43b8022b 100755 --- a/docker_local_dev.sh +++ b/docker_local_dev.sh @@ -1,49 +1,51 @@ #!/bin/bash +#locally build docker name is linuxboot/heads:dev-env +DOCKER_IMAGE="linuxboot/heads:dev-env" + # Check if Nix is installed -if ! command -v nix &> /dev/null; then - echo "Nix is not installed or not in the PATH. Please install Nix before running this script." - echo "Refer to the README.md at the root of the repository for installation instructions." - exit 1 +if ! command -v nix &>/dev/null; then + echo "Nix is not installed or not in the PATH. Please install Nix before running this script." + echo "Refer to the README.md at the root of the repository for installation instructions." + exit 1 fi # Check if Docker is installed -if ! command -v docker &> /dev/null; then - echo "Docker is not installed or not in the PATH. Please install Docker before running this script." - echo "Refer to the README.md at the root of the repository for installation instructions." - exit 1 +if ! command -v docker &>/dev/null; then + echo "Docker is not installed or not in the PATH. Please install Docker before running this script." + echo "Refer to the README.md at the root of the repository for installation instructions." + exit 1 fi # Inform the user about the Docker image being used -echo "** This ./docker_local_dev.sh script is for developers usage only. **" +echo "!!! This ./docker_local_dev.sh script is for developers usage only. !!!" echo "" -echo "Using the last locally produced Docker image: linuxboot/heads:dev-env" -echo "Warning: Using anything other than the published Docker image might lead to non-reproducible builds." +echo "Using the last locally built Docker image when flake.nix/flake.lock was modified and repo was dirty: linuxboot/heads:dev-env" +echo "!!! Warning: Using anything other than the published Docker image might lead to non-reproducible builds. !!!" echo "" echo "For using the latest published Docker image, refer to ./docker_latest.sh." echo "For producing reproducible builds as CircleCI, refer to ./docker_repro.sh." echo "" -echo "---" # Function to display usage information usage() { - echo "Usage: $0 [OPTIONS] -- [COMMAND]" - echo "Options:" - echo " CPUS=N Set the number of CPUs" - echo " V=1 Enable verbose mode" - echo "Command:" - echo " The command to run inside the Docker container, e.g., make BOARD=BOARD_NAME" + echo "Usage: $0 [OPTIONS] -- [COMMAND]" + echo "Options:" + echo " CPUS=N Set the number of CPUs" + echo " V=1 Enable verbose mode" + echo "Command:" + echo " The command to run inside the Docker container, e.g., make BOARD=BOARD_NAME" } # Function to kill GPG toolstack related processes using USB devices kill_usb_processes() { - echo "Killing any GPG toolstack related processes on host currently using USB devices..." - sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print $1}' | xargs -r sudo kill -9 - if [ $? -ne 0 ]; then - echo "Failed to kill GPG toolstack related processes using USB devices. Please run the following command manually:" - echo "sudo lsof /dev/bus/usb/00*/0* | awk 'NR>1 {print \$2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print \$1}' | xargs -r sudo kill -9" - exit 1 - fi + # check if scdaemon or pcscd processes are using USB devices + if [ -d /dev/bus/usb ]; then + if sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' >/dev/null; then + echo "Killing GPG toolstack related processes using USB devices..." + sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print $1}' | xargs -r sudo kill -9 + fi + fi } # Handle Ctrl-C (SIGINT) to exit gracefully @@ -51,23 +53,22 @@ trap "echo 'Script interrupted. Exiting...'; exit 1" SIGINT # Check if --help or -h is provided for arg in "$@"; do - if [[ "$arg" == "--help" || "$arg" == "-h" ]]; then - usage - exit 0 - fi + if [[ "$arg" == "--help" || "$arg" == "-h" ]]; then + usage + exit 0 + fi done # Check if the git repository is dirty and if flake.nix or flake.lock are part of the uncommitted changes if [ -n "$(git status --porcelain | grep -E 'flake\.nix|flake\.lock')" ]; then - echo "Warning: Uncommitted changes detected in flake.nix or flake.lock. The Docker image will be rebuilt." - echo "If this was not intended, please commit your changes and rerun the script." - echo "Building the Docker image from flake.nix..." - nix --print-build-logs --verbose develop --ignore-environment --command true - nix --print-build-logs --verbose build .#dockerImage && docker load < result + echo "**Warning: Uncommitted changes detected in flake.nix or flake.lock. The Docker image will be rebuilt!**" + echo "If this was not intended, please CTRL-C now, commit your changes and rerun the script." + echo "Building the Docker image from flake.nix..." + nix --print-build-logs --verbose develop --ignore-environment --command true + nix --print-build-logs --verbose build .#dockerImage && docker load Launching container with access to host's USB buses (some USB devices were connected to host)..." + docker run --device=/dev/bus/usb:/dev/bus/usb -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) $DOCKER_IMAGE -- "$@" +else + echo "--->Launching container without access to host's USB buses (no USB devices was connected to host)..." + docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) $DOCKER_IMAGE -- "$@" +fi diff --git a/docker_repro.sh b/docker_repro.sh index 173bef62..0dbeb2f6 100755 --- a/docker_repro.sh +++ b/docker_repro.sh @@ -5,8 +5,8 @@ DOCKER_IMAGE=$(grep -oP '^\s*-?\s*image:\s*\K(tlaurion/heads-dev-env:[^\s]+)' .c # Check if the Docker image was found if [ -z "$DOCKER_IMAGE" ]; then - echo "Error: Docker image not found in .circleci/config.yml" - exit 1 + echo "Error: Docker image not found in .circleci/config.yml" + exit 1 fi # Inform the user about the versioned CircleCI Docker image being used @@ -14,23 +14,23 @@ echo "Using CircleCI Docker image: $DOCKER_IMAGE" # Function to display usage information usage() { - echo "Usage: $0 [OPTIONS] -- [COMMAND]" - echo "Options:" - echo " CPUS=N Set the number of CPUs" - echo " V=1 Enable verbose mode" - echo "Command:" - echo " The command to run inside the Docker container, e.g., make BOARD=BOARD_NAME" + echo "Usage: $0 [OPTIONS] -- [COMMAND]" + echo "Options:" + echo " CPUS=N Set the number of CPUs" + echo " V=1 Enable verbose mode" + echo "Command:" + echo " The command to run inside the Docker container, e.g., make BOARD=BOARD_NAME" } # Function to kill GPG toolstack related processes using USB devices kill_usb_processes() { - echo "Killing any GPG toolstack related processes on host currently using USB devices..." - sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print $1}' | xargs -r sudo kill -9 - if [ $? -ne 0 ]; then - echo "Failed to kill GPG toolstack related processes using USB devices. Please run the following command manually:" - echo "sudo lsof /dev/bus/usb/00*/0* | awk 'NR>1 {print \$2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print \$1}' | xargs -r sudo kill -9" - exit 1 - fi + # check if scdaemon or pcscd processes are using USB devices + if [ -d /dev/bus/usb ]; then + if sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' >/dev/null; then + echo "Killing GPG toolstack related processes using USB devices..." + sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print $1}' | xargs -r sudo kill -9 + fi + fi } # Handle Ctrl-C (SIGINT) to exit gracefully @@ -38,10 +38,10 @@ trap "echo 'Script interrupted. Exiting...'; exit 1" SIGINT # Check if --help or -h is provided for arg in "$@"; do - if [[ "$arg" == "--help" || "$arg" == "-h" ]]; then - usage - exit 0 - fi + if [[ "$arg" == "--help" || "$arg" == "-h" ]]; then + usage + exit 0 + fi done # Kill processes using USB devices @@ -51,8 +51,16 @@ kill_usb_processes echo "----" echo "Usage reminder: The minimal command is 'make BOARD=XYZ', where additional options, including 'V=1' or 'CPUS=N' are optional." echo "For more advanced QEMU testing options, refer to targets/qemu.md and boards/qemu-*/*.config." +echo +echo "Type exit within docker image to get back to host if launched interactively!" echo "----" -echo "Entering the Docker container. Type 'exit' to return to the host shell." +echo # Execute the docker run command with the provided parameters -docker run --device=/dev/bus/usb:/dev/bus/usb -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) $DOCKER_IMAGE -- "$@" +if [ -d "/dev/bus/usb" ]; then + echo "--->Launching container with access to host's USB buses (some USB devices were connected to host)..." + docker run --device=/dev/bus/usb:/dev/bus/usb -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) $DOCKER_IMAGE -- "$@" +else + echo "--->Launching container without access to host's USB buses (no USB devices was connected to host)..." + docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) $DOCKER_IMAGE -- "$@" +fi From 1a07bf7b68907554c851a6c037377e8c2193a49c Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 22 Nov 2024 09:41:32 -0500 Subject: [PATCH 24/27] modules/lvm2: define /run relative paths (not sure why circleci remote docker default run dir != local run dir) Signed-off-by: Thierry Laurion --- modules/lvm2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/lvm2 b/modules/lvm2 index 6df76284..0306d56d 100644 --- a/modules/lvm2 +++ b/modules/lvm2 @@ -16,6 +16,9 @@ lvm2_configure := \ --host $(MUSL_ARCH)-elf-linux \ --prefix "" \ --libexecdir "/bin" \ + --with-default-pid-dir=/run \ + --with-default-dm-run-dir=/run \ + --with-default-run-dir=/run/lvm \ --with-optimisation=-Os \ --enable-devmapper \ --disable-selinux \ From 71a80751257f11a64e6035cf91fc6b23e6c31863 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 22 Nov 2024 16:40:40 -0500 Subject: [PATCH 25/27] initrd/bin/unpack_initramfs.sh: no functional change, just format with tabs Signed-off-by: Thierry Laurion --- initrd/bin/unpack_initramfs.sh | 131 +++++++++++++++++---------------- 1 file changed, 67 insertions(+), 64 deletions(-) diff --git a/initrd/bin/unpack_initramfs.sh b/initrd/bin/unpack_initramfs.sh index db176fd6..12ce32b8 100755 --- a/initrd/bin/unpack_initramfs.sh +++ b/initrd/bin/unpack_initramfs.sh @@ -31,78 +31,81 @@ CPIO_ARGS=("$@") # Consume zero bytes, the first nonzero byte read (if any) is repeated on stdout consume_zeros() { - TRACE_FUNC - next_byte='00' - while [ "$next_byte" = "00" ]; do - # if we reach EOF, next_byte becomes empty (dd does not fail) - next_byte="$(dd bs=1 count=1 status=none | xxd -p | tr -d ' ')" - done - # if we finished due to nonzero byte (not EOF), then carry that byte - if [ -n "$next_byte" ]; then - echo -n "$next_byte" | xxd -p -r - fi + TRACE_FUNC + next_byte='00' + while [ "$next_byte" = "00" ]; do + # if we reach EOF, next_byte becomes empty (dd does not fail) + next_byte="$(dd bs=1 count=1 status=none | xxd -p | tr -d ' ')" + done + # if we finished due to nonzero byte (not EOF), then carry that byte + if [ -n "$next_byte" ]; then + echo -n "$next_byte" | xxd -p -r + fi } unpack_cpio() { - TRACE_FUNC - (cd "$dest_dir"; cpio -i "${CPIO_ARGS[@]}" 2>/dev/null) + TRACE_FUNC + ( + cd "$dest_dir" + cpio -i "${CPIO_ARGS[@]}" 2>/dev/null + ) } # unpack the first segment of an archive, then write the rest to another file unpack_first_segment() { - TRACE_FUNC - unpack_archive="$1" - dest_dir="$2" - rest_archive="$3" + TRACE_FUNC + unpack_archive="$1" + dest_dir="$2" + rest_archive="$3" - mkdir -p "$dest_dir" + mkdir -p "$dest_dir" - # peek the beginning of the file to determine what type of content is next - magic="$(dd if="$unpack_archive" bs=6 count=1 status=none | xxd -p)" + # peek the beginning of the file to determine what type of content is next + magic="$(dd if="$unpack_archive" bs=6 count=1 status=none | xxd -p)" - # read this segment of the archive, then write the rest to the next file - ( - # Magic values correspond to Linux init/initramfs.c (zero, cpio) and - # lib/decompress.c (gzip) - case "$magic" in - 00*) - DEBUG "archive segment $magic: uncompressed cpio" - # Skip zero bytes and copy the first nonzero byte - consume_zeros - # Copy the remaining data - cat - ;; - 303730373031*|303730373032*) # plain cpio - DEBUG "archive segment $magic: plain cpio" - # Unpack the plain cpio, this stops reading after the trailer - unpack_cpio - # Copy the remaining data - cat - ;; - 1f8b*|1f9e*) # gzip - DEBUG "archive segment $magic: gzip" - # gunzip won't stop when reaching the end of the gzipped member, - # so we can't read another segment after this. We can't - # reasonably determine the member length either, this requires - # walking all the compressed blocks. - gunzip | unpack_cpio - ;; - 28b5*) # zstd - DEBUG "archive segment $magic: zstd" - # Like gunzip, this will not stop when reaching the end of the - # frame, and determining the frame length requires walking all - # of its blocks. - (zstd-decompress -d || true) | unpack_cpio - ;; - *) # unknown - die "Can't decompress initramfs archive, unknown type: $magic" - ;; - esac - ) <"$unpack_archive" >"$rest_archive" + # read this segment of the archive, then write the rest to the next file + ( + # Magic values correspond to Linux init/initramfs.c (zero, cpio) and + # lib/decompress.c (gzip) + case "$magic" in + 00*) + DEBUG "archive segment $magic: uncompressed cpio" + # Skip zero bytes and copy the first nonzero byte + consume_zeros + # Copy the remaining data + cat + ;; + 303730373031* | 303730373032*) # plain cpio + DEBUG "archive segment $magic: plain cpio" + # Unpack the plain cpio, this stops reading after the trailer + unpack_cpio + # Copy the remaining data + cat + ;; + 1f8b* | 1f9e*) # gzip + DEBUG "archive segment $magic: gzip" + # gunzip won't stop when reaching the end of the gzipped member, + # so we can't read another segment after this. We can't + # reasonably determine the member length either, this requires + # walking all the compressed blocks. + gunzip | unpack_cpio + ;; + 28b5*) # zstd + DEBUG "archive segment $magic: zstd" + # Like gunzip, this will not stop when reaching the end of the + # frame, and determining the frame length requires walking all + # of its blocks. + (zstd-decompress -d || true) | unpack_cpio + ;; + *) # unknown + die "Can't decompress initramfs archive, unknown type: $magic" + ;; + esac + ) <"$unpack_archive" >"$rest_archive" - orig_size="$(stat -c %s "$unpack_archive")" - rest_size="$(stat -c %s "$rest_archive")" - DEBUG "archive segment $magic: $((orig_size - rest_size)) bytes" + orig_size="$(stat -c %s "$unpack_archive")" + rest_size="$(stat -c %s "$rest_archive")" + DEBUG "archive segment $magic: $((orig_size - rest_size)) bytes" } DEBUG "Unpacking $INITRAMFS_ARCHIVE to $DEST_DIR" @@ -112,7 +115,7 @@ rest_archive="/tmp/unpack_initramfs_rest" # Break when there is no remaining data while [ -s "$next_archive" ]; do - unpack_first_segment "$next_archive" "$DEST_DIR" "$rest_archive" - next_archive="/tmp/unpack_initramfs_next" - mv "$rest_archive" "$next_archive" + unpack_first_segment "$next_archive" "$DEST_DIR" "$rest_archive" + next_archive="/tmp/unpack_initramfs_next" + mv "$rest_archive" "$next_archive" done From 95c6eb5c498bebc028cd92d62c83e33c2be3ed2e Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 22 Nov 2024 16:43:12 -0500 Subject: [PATCH 26/27] initrd/bin/unpack_initramfs.sh: add xz to unpack logic (add commented: bzip2, lzma, lzo and lz4) xz: tested working with tails test build and 6.8.1's initrd latest ubuntu 24.10: switched back to zstd, works as expected (tested) Magic numbers referred at: - https://github.com/torvalds/linux/blob/28eb75e178d389d325f1666e422bc13bbbb9804c/scripts/extract-vmlinux#L52C1-L58C43 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/lib/decompress.c#n51 Signed-off-by: Thierry Laurion --- initrd/bin/unpack_initramfs.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/initrd/bin/unpack_initramfs.sh b/initrd/bin/unpack_initramfs.sh index 12ce32b8..77213118 100755 --- a/initrd/bin/unpack_initramfs.sh +++ b/initrd/bin/unpack_initramfs.sh @@ -90,6 +90,10 @@ unpack_first_segment() { # walking all the compressed blocks. gunzip | unpack_cpio ;; + fd37*) # xz + DEBUG "archive segment $magic: xz" + unxz | unpack_cpio + ;; 28b5*) # zstd DEBUG "archive segment $magic: zstd" # Like gunzip, this will not stop when reaching the end of the @@ -99,6 +103,26 @@ unpack_first_segment() { ;; *) # unknown die "Can't decompress initramfs archive, unknown type: $magic" + # The following are magic values for other compression formats + # but not added because not tested. + # TODO: open an issue for unsupported magic number reported on die. + # + #425a*) # bzip2 + # DEBUG "archive segment $magic: bzip2" + # bunzip2 | unpack_cpio + #;; + #5d00*) # lzma + # DEBUG "archive segment $magic: lzma" + # unlzma | unpack_cpio + #;; + #894c*) # lzo + # DEBUG "archive segment $magic: lzo" + # lzop -d | unpack_cpio + #;; + #0221*) # lz4 + # DEBUG "archive segment $magic: lz4" + # lz4 -d | unpack_cpio + # ;; ;; esac ) <"$unpack_archive" >"$rest_archive" From 5501cd0744b2274adbe1eda5cc354e9c09c0b05b Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 25 Nov 2024 10:56:32 -0500 Subject: [PATCH 27/27] oem-factory-reset: debug mode; hide passphrase output on screen/debug.log on gpg --detach-sign of /boot hash digest Before: [ 155.845101] DEBUG: gpg --pinentry-mode loopback --passphrase Please Change Me --digest-algo SHA256 --detach-sign -a After: [ 131.272954] DEBUG: gpg --pinentry-mode loopback --passphrase --digest-algo SHA256 --detach-sign -a Signed-off-by: Thierry Laurion --- initrd/bin/oem-factory-reset | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index ca000e50..8fa69ca9 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -680,7 +680,7 @@ generate_checksums() { fi DEBUG "Detach-signing boot files under kexec.sig: ${param_files}" - if sha256sum $param_files 2>/dev/null | DO_WITH_DEBUG gpg \ + if sha256sum $param_files 2>/dev/null | DO_WITH_DEBUG --mask-position 4 gpg \ --pinentry-mode loopback \ --passphrase "${USER_PIN}" \ --digest-algo SHA256 \