From c35f385cf7665d7edd833e9ad9da5b804e87a871 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Wed, 14 Feb 2018 11:50:21 -0800 Subject: [PATCH 01/26] Make eth0 init condition on module, remove early bin/ash To avoid unnecessary errors, only load the eth0 network if the e1000 module exists. Also remove /bin/ash so CONFIG_BOOTSCRIPT works. --- initrd/init | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/initrd/init b/initrd/init index 217e2690..e0c42c12 100755 --- a/initrd/init +++ b/initrd/init @@ -29,15 +29,18 @@ fi # bring up the ethernet; maybe should do DHCP? ifconfig lo 127.0.0.1 -insmod /lib/modules/e1000.ko -ifconfig eth0 10.0.2.15 # qemu -ifconfig eth0 > /dev/ttyprintk +if [ -f /lib/modules/e1000.ko ]; + insmod /lib/modules/e1000.ko + ifconfig eth0 10.0.2.15 # qemu + ifconfig eth0 > /dev/ttyprintk # Setup the ssh server, allow root logins and log to stderr -if [ ! -d /etc/dropbear ]; then - mkdir /etc/dropbear + if [ ! -d /etc/dropbear ]; then + mkdir /etc/dropbear + fi + dropbear -B -R 2>/dev/ttyprintk + ifconfig eth0 | head -1 > /dev/tty0 fi -dropbear -B -R 2>/dev/ttyprintk # Recovery shells will erase anything from here mkdir -p /tmp/secret @@ -48,11 +51,6 @@ if [ -r /etc/motd ]; then cat /etc/motd > /dev/tty0 fi -ifconfig eth0 | head -1 > /dev/tty0 - -# For now we just start a shell -exec /bin/ash - # Load the date from the hardware clock, setting it in local time hwclock -l -s From 1f22da73af35d66c621060a76f4a8a0a832c1eca Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Wed, 14 Feb 2018 14:43:35 -0800 Subject: [PATCH 02/26] Fix missing parenthesis in cpio make option --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a371f182..0bbfb11c 100644 --- a/Makefile +++ b/Makefile @@ -112,7 +112,7 @@ endif # helpful targets for common uses linux: $(build)/$(BOARD)/bzImage -cpio: $(build/$(BOARD)/initrd.cpio.xz +cpio: $(build)/$(BOARD)/initrd.cpio.xz # Disable all built in rules .SUFFIXES: From 9bf131b6019ac4a9f613ff619a5373e8119706d4 Mon Sep 17 00:00:00 2001 From: persmule Date: Tue, 5 Dec 2017 16:29:07 +0800 Subject: [PATCH 03/26] Make TPM dependency optional and controlled by flag CONFIG_TPM if "CONFIG_TPM=y" is not present in the config file, functionalities needing TPM could be disabled, while leaving other functionalities intact. This will make Heads a more general-usage bootloader payload atop coreboot. --- boards/librem13v2.config | 1 + boards/x230.config | 1 + initrd/bin/kexec-save-default | 128 ++++++++++++++++++---------------- initrd/bin/kexec-select-boot | 30 ++++---- initrd/bin/usb-init | 6 +- initrd/etc/functions | 7 +- 6 files changed, 95 insertions(+), 78 deletions(-) diff --git a/boards/librem13v2.config b/boards/librem13v2.config index eaf3df45..25eb471a 100644 --- a/boards/librem13v2.config +++ b/boards/librem13v2.config @@ -15,6 +15,7 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_LINUX_USB=y +CONFIG_TPM=y CONFIG_BOOTSCRIPT=/bin/generic-init diff --git a/boards/x230.config b/boards/x230.config index 3e0b2085..228699d2 100644 --- a/boards/x230.config +++ b/boards/x230.config @@ -17,6 +17,7 @@ CONFIG_TPMTOTP=y CONFIG_XEN=y CONFIG_XEN_VERSION=4.8 CONFIG_DROPBEAR=y +CONFIG_TPM=y CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y diff --git a/initrd/bin/kexec-save-default b/initrd/bin/kexec-save-default index 0ca4422a..0bbaa100 100755 --- a/initrd/bin/kexec-save-default +++ b/initrd/bin/kexec-save-default @@ -1,6 +1,7 @@ #!/bin/sh # Save these options to be the persistent default set -e -o pipefail +. /etc/config . /etc/functions while getopts "b:d:p:i:" arg; do @@ -44,69 +45,72 @@ fi KEY_DEVICES="$paramsdir/kexec_key_devices.txt" KEY_LVM="$paramsdir/kexec_key_lvm.txt" save_key="n" -if [ ! -r "$KEY_DEVICES" ]; then - read \ - -n 1 \ - -p "Do you wish to add a disk encryption to the TPM [y/N]: " \ - add_key_confirm - echo +if [ "$CONFIG_TPM" = "y" ]; then + if [ ! -r "$KEY_DEVICES" ]; then + read \ + -n 1 \ + -p "Do you wish to add a disk encryption to the TPM [y/N]: " \ + add_key_confirm + echo - if [ "$add_key_confirm" = "y" \ - -o "$add_key_confirm" = "Y" ] \ - ; then - lvm_suggest="e.g. qubes_dom0 or blank" - devices_suggest="e.g. /dev/sda2 or blank" - save_key="y" - fi -else - read \ - -n 1 \ - -p "Do you want to reseal a disk key to the TPM [y/N]: " \ - change_key_confirm - echo - - if [ "$change_key_confirm" = "y" \ - -o "$change_key_confirm" = "Y" ] \ - ; then - old_lvm_volume_group="" - if [ -r "$KEY_LVM" ]; then - old_lvm_volume_group=`cat $KEY_LVM` || true - old_key_devices=`cat $KEY_DEVICES | cut -d\ -f1 \ - | grep -v "$old_lvm_volume_group" | xargs` || true - else - old_key_devices=`cat $KEY_DEVICES | cut -d\ -f1 | xargs` || true + if [ "$add_key_confirm" = "y" \ + -o "$add_key_confirm" = "Y" ]; then + lvm_suggest="e.g. qubes_dom0 or blank" + devices_suggest="e.g. /dev/sda2 or blank" + save_key="y" fi - - lvm_suggest="was '$old_lvm_volume_group'" - devices_suggest="was '$old_key_devices'" - save_key="y" - fi -fi - -if [ "$save_key" = "y" ]; then - echo "+++ LVM volume groups (lvm vgscan): " - lvm vgscan || true - - read \ - -p "Encrypted LVM group? ($lvm_suggest): " \ - lvm_volume_group - - echo "+++ Block devices (blkid): " - blkid || true - - read \ - -p "Encrypted devices? ($devices_suggest): " \ - key_devices - - save_key_params="-s -p $paramsdev" - if [ -n "$lvm_volume_group" ]; then - save_key_params="$save_key_params -l $lvm_volume_group $key_devices" else - save_key_params="$save_key_params $key_devices" + read \ + -n 1 \ + -p "Do you want to reseal a disk key to the TPM [y/N]: " \ + change_key_confirm + echo + + if [ "$change_key_confirm" = "y" \ + -o "$change_key_confirm" = "Y" ]; then + old_lvm_volume_group="" + if [ -r "$KEY_LVM" ]; then + old_lvm_volume_group=`cat $KEY_LVM` || true + old_key_devices=`cat $KEY_DEVICES \ + | cut -d\ -f1 \ + | grep -v "$old_lvm_volume_group" \ + | xargs` || true + else + old_key_devices=`cat $KEY_DEVICES \ + | cut -d\ -f1 | xargs` || true + fi + + lvm_suggest="was '$old_lvm_volume_group'" + devices_suggest="was '$old_key_devices'" + save_key="y" + fi + fi + + if [ "$save_key" = "y" ]; then + echo "+++ LVM volume groups (lvm vgscan): " + lvm vgscan || true + + read \ + -p "Encrypted LVM group? ($lvm_suggest): " \ + lvm_volume_group + + echo "+++ Block devices (blkid): " + blkid || true + + read \ + -p "Encrypted devices? ($devices_suggest): " \ + key_devices + + save_key_params="-s -p $paramsdev" + if [ -n "$lvm_volume_group" ]; then + save_key_params="$save_key_params -l $lvm_volume_group $key_devices" + else + save_key_params="$save_key_params $key_devices" + fi + echo "Running kexec-save-key with params: $save_key_params" + kexec-save-key $save_key_params \ + || die "Failed to save the disk key" fi - echo "Running kexec-save-key with params: $save_key_params" - kexec-save-key $save_key_params \ - || die "Failed to save the disk key" fi # try to switch to rw mode @@ -126,7 +130,11 @@ if [ ! -r $ENTRY_FILE -o ! -r $HASH_FILE ]; then fi # sign and auto-roll config counter -kexec-sign-config -p $paramsdir -u \ +extparam= +if [ "$CONFIG_TPM" = "y" ]; then + extparam=-u +fi +kexec-sign-config -p $paramsdir $extparam \ || die "Failed to sign default config" # switch back to ro mode diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot index 034890bb..64e57173 100755 --- a/initrd/bin/kexec-select-boot +++ b/initrd/bin/kexec-select-boot @@ -232,7 +232,8 @@ do_boot() die "!!! Missing required boot hashes" fi - if [ -r "$TMP_KEY_DEVICES" ]; then + if [ "$CONFIG_TPM" = "y" \ + -a -r "$TMP_KEY_DEVICES" ]; then INITRD=`kexec-boot -b "$bootdir" -e "$option" -i` \ || die "!!! Failed to extract the initrd from boot option" if [ -z "$INITRD" ]; then @@ -261,7 +262,8 @@ while true; do TMP_KEY_DEVICES="/tmp/kexec/kexec_key_devices.txt" TMP_KEY_LVM="/tmp/kexec/kexec_key_lvm.txt" - if [ ! -r "$TMP_KEY_DEVICES" ]; then + if [ "$CONFIG_TPM" = "y" \ + -a ! -r "$TMP_KEY_DEVICES" ]; then # Extend PCR4 as soon as possible tpm extend -ix 4 -ic generic \ || die "Failed to extend PCR 4" @@ -272,22 +274,24 @@ while true; do scan_options fi - # Optionally enforce device file hashes - if [ -r "$TMP_HASH_FILE" ]; then - valid_global_hash="n" + if [ "$CONFIG_TPM" = "y" ]; then + # Optionally enforce device file hashes + if [ -r "$TMP_HASH_FILE" ]; then + valid_global_hash="n" - verify_global_hashes + verify_global_hashes - if [ "$valid_global_hash" = "n" ]; then - die "Failed to verify global hashes" + if [ "$valid_global_hash" = "n" ]; then + die "Failed to verify global hashes" + fi fi - fi - if [ -r "$TMP_ROLLBACK_FILE" ]; then - # in the case of iso boot with a rollback file, do not assume valid - valid_rollback="n" + if [ -r "$TMP_ROLLBACK_FILE" ]; then + # in the case of iso boot with a rollback file, do not assume valid + valid_rollback="n" - verify_rollback_counter + verify_rollback_counter + fi fi if [ "$default_failed" != "y" \ diff --git a/initrd/bin/usb-init b/initrd/bin/usb-init index 45b19ed7..5ddfdff1 100755 --- a/initrd/bin/usb-init +++ b/initrd/bin/usb-init @@ -4,8 +4,10 @@ . /etc/functions . /etc/config -# Extend PCR4 as soon as possible -tpm extend -ix 4 -ic usb +if [ "$CONFIG_TPM" = "y" ]; then + # Extend PCR4 as soon as possible + tpm extend -ix 4 -ic usb +fi usb-scan recovery "Something failed during USB boot" diff --git a/initrd/etc/functions b/initrd/etc/functions index eb8a7289..f9a6dc09 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -17,8 +17,9 @@ recovery() { # but recreate the directory so that new tools can use it. rm -rf /tmp/secret mkdir -p /tmp/secret - tpm extend -ix 4 -ic recovery - + if [ "$CONFIG_TPM" = y ]; then + tpm extend -ix 4 -ic recovery + fi echo >&2 "!!!!! Starting recovery shell" sleep 1 exec /bin/ash @@ -41,7 +42,7 @@ confirm_totp() date=`date "+%Y-%m-%d %H:%M:%S"` seconds=`date "+%s"` half=`expr \( $seconds % 60 \) / 30` - if [ "$CONFIG_TPM" = n ]; then + if [ "$CONFIG_TPM" != y ]; then TOTP="NO TPM" elif [ "$half" != "$last_half" ]; then last_half=$half; From baa30a20266086d7886fcb92b521b7e220abb774 Mon Sep 17 00:00:00 2001 From: persmule Date: Wed, 6 Dec 2017 16:04:27 +0800 Subject: [PATCH 04/26] Add OHCI and UHCI drivers to initrd. USB smart card readers are most full speed devices, and there is no "rate-matching hubs" beneath the root hub on older (e.g. GM45) plat- forms, which has companion OHCI or UHCI controllers and needs cor- responding drivers to communicate with card readers directly plugged into the motherboard, otherwise a discrete USB hub should be inserted between the motherboard and the reader. This time I make inserting linux modules for OHCI and UHCI controllable with option CONFIG_LINUX_USB_COMPANION_CONTROLLER. A linux config for x200 is added as an example. Tested on my x200s and elitebook revolve 810g1. --- config/linux-x200.config | 2667 ++++++++++++++++++++++++++++++++++ initrd/bin/kexec-sign-config | 1 + initrd/bin/mount-usb | 20 +- initrd/etc/functions | 53 +- modules/linux | 4 + 5 files changed, 2711 insertions(+), 34 deletions(-) create mode 100644 config/linux-x200.config diff --git a/config/linux-x200.config b/config/linux-x200.config new file mode 100644 index 00000000..d6ea25e0 --- /dev/null +++ b/config/linux-x200.config @@ -0,0 +1,2667 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86 4.9.80 Kernel Configuration +# +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_GENERIC_HWEIGHT=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_RWSEM_XCHGADD_ALGORITHM=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ZONE_DMA32=y +CONFIG_AUDIT_ARCH=y +CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_HAVE_INTEL_TXT=y +CONFIG_X86_64_SMP=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_DEBUG_RODATA=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config" +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_EXTABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_INIT_ENV_ARG_LIMIT=32 +CONFIG_CROSS_COMPILE="" +# CONFIG_COMPILE_TEST is not set +CONFIG_LOCALVERSION="-heads" +# CONFIG_LOCALVERSION_AUTO is not set +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +# CONFIG_KERNEL_GZIP is not set +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +CONFIG_KERNEL_XZ=y +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +CONFIG_DEFAULT_HOSTNAME="(none)" +# CONFIG_SWAP is not set +# CONFIG_SYSVIPC is not set +# CONFIG_POSIX_MQUEUE is not set +# CONFIG_CROSS_MEMORY_ATTACH is not set +# CONFIG_FHANDLE is not set +# CONFIG_USELIB is not set +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_GENERIC_PENDING_IRQ=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +# CONFIG_IRQ_DOMAIN_DEBUG is not set +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_DATA=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +# CONFIG_NO_HZ_FULL is not set +# CONFIG_NO_HZ is not set +# CONFIG_HIGH_RES_TIMERS is not set + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +# CONFIG_BSD_PROCESS_ACCT is not set +# CONFIG_TASKSTATS is not set + +# +# RCU Subsystem +# +CONFIG_TREE_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +# CONFIG_TASKS_RCU is not set +CONFIG_RCU_STALL_COMMON=y +# CONFIG_TREE_RCU_TRACE is not set +# CONFIG_RCU_EXPEDITE_BOOT is not set +CONFIG_BUILD_BIN2C=y +# CONFIG_IKCONFIG is not set +CONFIG_LOG_BUF_SHIFT=18 +CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 +CONFIG_NMI_LOG_BUF_SHIFT=13 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y +CONFIG_ARCH_SUPPORTS_INT128=y +# CONFIG_CGROUPS is not set +# CONFIG_CHECKPOINT_RESTORE is not set +# CONFIG_NAMESPACES is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +# CONFIG_RELAY is not set +CONFIG_BLK_DEV_INITRD=y +CONFIG_INITRAMFS_SOURCE="../../../blobs/dev.cpio" +CONFIG_INITRAMFS_ROOT_UID=0 +CONFIG_INITRAMFS_ROOT_GID=0 +# CONFIG_RD_GZIP is not set +# CONFIG_RD_BZIP2 is not set +# CONFIG_RD_LZMA is not set +CONFIG_RD_XZ=y +# CONFIG_RD_LZO is not set +# CONFIG_RD_LZ4 is not set +# CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +CONFIG_ANON_INODES=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_BPF=y +CONFIG_EXPERT=y +CONFIG_MULTIUSER=y +# CONFIG_SGETMASK_SYSCALL is not set +# CONFIG_SYSFS_SYSCALL is not set +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_PRINTK=y +CONFIG_PRINTK_NMI=y +CONFIG_BUG=y +CONFIG_PCSPKR_PLATFORM=y +# CONFIG_BASE_FULL is not set +CONFIG_FUTEX=y +CONFIG_EPOLL=y +# CONFIG_SIGNALFD is not set +# CONFIG_TIMERFD is not set +# CONFIG_EVENTFD is not set +# CONFIG_BPF_SYSCALL is not set +CONFIG_SHMEM=y +# CONFIG_AIO is not set +# CONFIG_ADVISE_SYSCALLS is not set +# CONFIG_USERFAULTFD is not set +CONFIG_PCI_QUIRKS=y +# CONFIG_MEMBARRIER is not set +CONFIG_EMBEDDED=y +CONFIG_HAVE_PERF_EVENTS=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +# CONFIG_VM_EVENT_COUNTERS is not set +# CONFIG_SLUB_DEBUG is not set +# CONFIG_COMPAT_BRK is not set +# CONFIG_SLAB is not set +CONFIG_SLUB=y +# CONFIG_SLOB is not set +# CONFIG_SLAB_FREELIST_RANDOM is not set +CONFIG_SLUB_CPU_PARTIAL=y +# CONFIG_SYSTEM_DATA_VERIFICATION is not set +# CONFIG_PROFILING is not set +CONFIG_KEXEC_CORE=y +CONFIG_HAVE_OPROFILE=y +CONFIG_OPROFILE_NMI_TIMER=y +# CONFIG_KPROBES is not set +CONFIG_JUMP_LABEL=y +# CONFIG_STATIC_KEYS_SELFTEST is not set +# CONFIG_UPROBES is not set +# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_HAVE_NMI=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_DMA_API_DEBUG=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_HAVE_GCC_PLUGINS=y +# CONFIG_GCC_PLUGINS is not set +CONFIG_HAVE_CC_STACKPROTECTOR=y +CONFIG_CC_STACKPROTECTOR=y +# CONFIG_CC_STACKPROTECTOR_NONE is not set +# CONFIG_CC_STACKPROTECTOR_REGULAR is not set +CONFIG_CC_STACKPROTECTOR_STRONG=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_HAVE_COPY_THREAD_TLS=y +CONFIG_HAVE_STACK_VALIDATION=y +# CONFIG_HAVE_ARCH_HASH is not set +# CONFIG_ISA_BUS_API is not set +# CONFIG_CPU_NO_EFFICIENT_FFS is not set +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y + +# +# GCOV-based kernel profiling +# +# CONFIG_GCOV_KERNEL is not set +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=1 +CONFIG_MODULES=y +# CONFIG_MODULE_FORCE_LOAD is not set +# CONFIG_MODULE_UNLOAD is not set +# CONFIG_MODVERSIONS is not set +# CONFIG_MODULE_SRCVERSION_ALL is not set +# CONFIG_MODULE_SIG is not set +# CONFIG_MODULE_COMPRESS is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +CONFIG_BLK_DEV_BSG=y +CONFIG_BLK_DEV_BSGLIB=y +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_CMDLINE_PARSER is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y +CONFIG_BLK_MQ_PCI=y + +# +# IO Schedulers +# +CONFIG_IOSCHED_NOOP=y +# CONFIG_IOSCHED_DEADLINE is not set +# CONFIG_IOSCHED_CFQ is not set +CONFIG_DEFAULT_NOOP=y +CONFIG_DEFAULT_IOSCHED="noop" +CONFIG_ASN1=m +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_MUTEX_SPIN_ON_OWNER=y +CONFIG_RWSEM_SPIN_ON_OWNER=y +CONFIG_LOCK_SPIN_ON_OWNER=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_QUEUED_RWLOCKS=y +# CONFIG_FREEZER is not set + +# +# Processor type and features +# +CONFIG_ZONE_DMA=y +CONFIG_SMP=y +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_FAST_FEATURE_TESTS=y +CONFIG_X86_MPPARSE=y +# CONFIG_GOLDFISH is not set +CONFIG_RETPOLINE=y +# CONFIG_X86_EXTENDED_PLATFORM is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +# CONFIG_IOSF_MBI is not set +CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +CONFIG_NO_BOOTMEM=y +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +# CONFIG_MCORE2 is not set +# CONFIG_MATOM is not set +CONFIG_GENERIC_CPU=y +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_PROCESSOR_SELECT=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +# CONFIG_CPU_SUP_CENTAUR is not set +CONFIG_HPET_TIMER=y +CONFIG_HPET_EMULATE_RTC=y +CONFIG_DMI=y +# CONFIG_GART_IOMMU is not set +# CONFIG_CALGARY_IOMMU is not set +CONFIG_SWIOTLB=y +CONFIG_IOMMU_HELPER=y +# CONFIG_MAXSMP is not set +CONFIG_NR_CPUS=64 +# CONFIG_SCHED_SMT is not set +CONFIG_SCHED_MC=y +# CONFIG_PREEMPT_NONE is not set +CONFIG_PREEMPT_VOLUNTARY=y +# CONFIG_PREEMPT is not set +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y +CONFIG_X86_MCE=y +CONFIG_X86_MCE_INTEL=y +# CONFIG_X86_MCE_AMD is not set +CONFIG_X86_MCE_THRESHOLD=y +# CONFIG_X86_MCE_INJECT is not set +CONFIG_X86_THERMAL_VECTOR=y + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +# CONFIG_PERF_EVENTS_INTEL_RAPL is not set +CONFIG_PERF_EVENTS_INTEL_CSTATE=y +# CONFIG_PERF_EVENTS_AMD_POWER is not set +# CONFIG_VM86 is not set +CONFIG_X86_VSYSCALL_EMULATION=y +# CONFIG_I8K is not set +# CONFIG_MICROCODE is not set +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +CONFIG_ARCH_PHYS_ADDR_T_64BIT=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_X86_DIRECT_GBPAGES=y +# CONFIG_NUMA is not set +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SPARSEMEM=y +CONFIG_HAVE_MEMORY_PRESENT=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y +# CONFIG_SPARSEMEM_VMEMMAP is not set +CONFIG_HAVE_MEMBLOCK=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y +# CONFIG_HAVE_BOOTMEM_INFO_NODE is not set +# CONFIG_MEMORY_HOTPLUG is not set +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +# CONFIG_COMPACTION is not set +CONFIG_PHYS_ADDR_T_64BIT=y +# CONFIG_BOUNCE is not set +CONFIG_VIRT_TO_BUS=y +CONFIG_MMU_NOTIFIER=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 +CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y +# CONFIG_MEMORY_FAILURE is not set +# CONFIG_TRANSPARENT_HUGEPAGE is not set +# CONFIG_CLEANCACHE is not set +# CONFIG_CMA is not set +# CONFIG_ZPOOL is not set +# CONFIG_ZBUD is not set +# CONFIG_ZSMALLOC is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +CONFIG_ARCH_SUPPORTS_DEFERRED_STRUCT_PAGE_INIT=y +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_X86_PMEM_LEGACY_DEVICE=y +CONFIG_X86_PMEM_LEGACY=y +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +CONFIG_X86_RESERVE_LOW=64 +# CONFIG_MTRR is not set +CONFIG_ARCH_RANDOM=y +# CONFIG_X86_SMAP is not set +# CONFIG_X86_INTEL_MPX is not set +# CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set +# CONFIG_EFI is not set +# CONFIG_SECCOMP is not set +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +# CONFIG_SCHED_HRTICK is not set +CONFIG_KEXEC=y +CONFIG_KEXEC_FILE=y +# CONFIG_KEXEC_VERIFY_SIG is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +# CONFIG_RELOCATABLE is not set +CONFIG_PHYSICAL_ALIGN=0x1000000 +# CONFIG_HOTPLUG_CPU is not set +# CONFIG_LEGACY_VSYSCALL_NATIVE is not set +CONFIG_LEGACY_VSYSCALL_EMULATE=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +# CONFIG_MODIFY_LDT_SYSCALL is not set +CONFIG_HAVE_LIVEPATCH=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y + +# +# Power management and ACPI options +# +# CONFIG_SUSPEND is not set +# CONFIG_PM is not set +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +# CONFIG_ACPI_PROCFS_POWER is not set +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_VIDEO=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_PROCESSOR=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +CONFIG_ACPI_CUSTOM_DSDT_FILE="" +# CONFIG_ACPI_CUSTOM_DSDT is not set +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +CONFIG_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_X86_PM_TIMER=y +# CONFIG_ACPI_CONTAINER is not set +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_CUSTOM_METHOD is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_DPTF_POWER is not set +# CONFIG_ACPI_EXTLOG is not set +# CONFIG_PMIC_OPREGION is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_SFI is not set + +# +# CPU Frequency scaling +# +# CONFIG_CPU_FREQ is not set + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +# CONFIG_CPU_IDLE_GOV_LADDER is not set +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set +# CONFIG_INTEL_IDLE is not set + +# +# Memory power savings +# +# CONFIG_I7300_IDLE is not set + +# +# Bus options (PCI etc.) +# +CONFIG_PCI=y +CONFIG_PCI_DIRECT=y +# CONFIG_PCI_MMCONFIG is not set +CONFIG_PCI_DOMAINS=y +# CONFIG_PCI_CNB20LE_QUIRK is not set +# CONFIG_PCIEPORTBUS is not set +CONFIG_PCI_BUS_ADDR_T_64BIT=y +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set +# CONFIG_PCI_STUB is not set +# CONFIG_HT_IRQ is not set +CONFIG_PCI_ATS=y +CONFIG_PCI_IOV=y +CONFIG_PCI_PRI=y +CONFIG_PCI_PASID=y +CONFIG_PCI_LABEL=y +# CONFIG_HOTPLUG_PCI is not set + +# +# PCI host controller drivers +# +# CONFIG_PCIE_DW_PLAT is not set +# CONFIG_VMD is not set +# CONFIG_ISA_BUS is not set +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set +# CONFIG_X86_SYSFB is not set + +# +# Executable file formats / Emulations +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +CONFIG_BINFMT_SCRIPT=y +# CONFIG_HAVE_AOUT is not set +# CONFIG_BINFMT_MISC is not set +# CONFIG_COREDUMP is not set +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32 is not set +CONFIG_X86_DEV_DMA_OPS=y +CONFIG_PMC_ATOM=y +CONFIG_NET=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +# CONFIG_UNIX is not set +# CONFIG_XFRM_USER is not set +# CONFIG_NET_KEY is not set +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +# CONFIG_IP_ADVANCED_ROUTER is not set +# CONFIG_IP_PNP is not set +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +# CONFIG_NET_IP_TUNNEL is not set +CONFIG_SYN_COOKIES=y +# CONFIG_NET_UDP_TUNNEL is not set +# CONFIG_NET_FOU is not set +# CONFIG_INET_AH is not set +# CONFIG_INET_ESP is not set +# CONFIG_INET_IPCOMP is not set +# CONFIG_INET_XFRM_TUNNEL is not set +# CONFIG_INET_TUNNEL is not set +# CONFIG_INET_XFRM_MODE_TRANSPORT is not set +# CONFIG_INET_XFRM_MODE_TUNNEL is not set +# CONFIG_INET_XFRM_MODE_BEET is not set +# CONFIG_INET_DIAG is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +# CONFIG_IPV6 is not set +# CONFIG_NETWORK_SECMARK is not set +CONFIG_NET_PTP_CLASSIFY=y +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +# CONFIG_NETFILTER is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +# CONFIG_L2TP is not set +# CONFIG_BRIDGE is not set +CONFIG_HAVE_NET_DSA=y +# CONFIG_NET_DSA is not set +# CONFIG_VLAN_8021Q is not set +# CONFIG_DECNET is not set +# CONFIG_LLC2 is not set +# CONFIG_IPX is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +# CONFIG_NET_NCSI is not set +CONFIG_RPS=y +CONFIG_RFS_ACCEL=y +CONFIG_XPS=y +# CONFIG_SOCK_CGROUP_DATA is not set +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y +# CONFIG_BPF_JIT is not set +CONFIG_NET_FLOW_LIMIT=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_IRDA is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +# CONFIG_STREAM_PARSER is not set +# CONFIG_WIRELESS is not set +# CONFIG_WIMAX is not set +# CONFIG_RFKILL is not set +# CONFIG_NET_9P is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_LWTUNNEL is not set +# CONFIG_DST_CACHE is not set +# CONFIG_NET_DEVLINK is not set +CONFIG_MAY_USE_DEVLINK=y +CONFIG_HAVE_EBPF_JIT=y + +# +# Device Drivers +# + +# +# Generic Driver Options +# +# CONFIG_UEVENT_HELPER is not set +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +# CONFIG_STANDALONE is not set +CONFIG_PREVENT_FIRMWARE_BUILD=y +CONFIG_FW_LOADER=y +# CONFIG_FIRMWARE_IN_KERNEL is not set +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +# CONFIG_ALLOW_DEV_COREDUMP is not set +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +# CONFIG_SYS_HYPERVISOR is not set +# CONFIG_GENERIC_CPU_DEVICES is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y +CONFIG_REGMAP=y +CONFIG_REGMAP_I2C=y +CONFIG_REGMAP_MMIO=y +CONFIG_DMA_SHARED_BUFFER=y +# CONFIG_FENCE_TRACE is not set + +# +# Bus devices +# +# CONFIG_CONNECTOR is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_BLK_CPQ_CISS_DA is not set +# CONFIG_BLK_DEV_DAC960 is not set +# CONFIG_BLK_DEV_UMEM is not set +# CONFIG_BLK_DEV_COW_COMMON is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +# CONFIG_BLK_DEV_NBD is not set +# CONFIG_BLK_DEV_SKD is not set +# CONFIG_BLK_DEV_SX8 is not set +CONFIG_BLK_DEV_RAM=y +CONFIG_BLK_DEV_RAM_COUNT=16 +CONFIG_BLK_DEV_RAM_SIZE=65536 +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +# CONFIG_BLK_DEV_HD is not set +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_RSXX is not set +# CONFIG_BLK_DEV_NVME is not set + +# +# Misc devices +# +# CONFIG_SENSORS_LIS3LV02D is not set +# CONFIG_AD525X_DPOT is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_SGI_IOC4 is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ICS932S401 is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_APDS9802ALS is not set +# CONFIG_ISL29003 is not set +# CONFIG_ISL29020 is not set +# CONFIG_SENSORS_TSL2550 is not set +# CONFIG_SENSORS_BH1770 is not set +# CONFIG_SENSORS_APDS990X is not set +# CONFIG_HMC6352 is not set +# CONFIG_DS1682 is not set +# CONFIG_USB_SWITCH_FSA9480 is not set +# CONFIG_SRAM is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_AT24 is not set +# CONFIG_EEPROM_LEGACY is not set +# CONFIG_EEPROM_MAX6875 is not set +CONFIG_EEPROM_93CX6=m +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# +# CONFIG_SENSORS_LIS3_I2C is not set + +# +# Altera FPGA firmware download module +# +# CONFIG_ALTERA_STAPL is not set +CONFIG_INTEL_MEI=m +CONFIG_INTEL_MEI_ME=m +CONFIG_INTEL_MEI_TXE=m +# CONFIG_VMWARE_VMCI is not set + +# +# Intel MIC Bus Driver +# +# CONFIG_INTEL_MIC_BUS is not set + +# +# SCIF Bus Driver +# +# CONFIG_SCIF_BUS is not set + +# +# VOP Bus Driver +# +# CONFIG_VOP_BUS is not set + +# +# Intel MIC Host Driver +# + +# +# Intel MIC Card Driver +# + +# +# SCIF Driver +# + +# +# Intel MIC Coprocessor State Management (COSM) Drivers +# + +# +# VOP Driver +# +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_CXL_BASE is not set +# CONFIG_CXL_AFU_DRIVER_OPS is not set +CONFIG_HAVE_IDE=y +# CONFIG_IDE is not set + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +CONFIG_SCSI=y +CONFIG_SCSI_DMA=y +# CONFIG_SCSI_NETLINK is not set +# CONFIG_SCSI_MQ_DEFAULT is not set +# CONFIG_SCSI_PROC_FS is not set + +# +# SCSI support type (disk, tape, CD-ROM) +# +CONFIG_BLK_DEV_SD=y +# CONFIG_CHR_DEV_ST is not set +# CONFIG_CHR_DEV_OSST is not set +CONFIG_BLK_DEV_SR=y +# CONFIG_BLK_DEV_SR_VENDOR is not set +CONFIG_CHR_DEV_SG=y +# CONFIG_CHR_DEV_SCH is not set +# CONFIG_SCSI_CONSTANTS is not set +# CONFIG_SCSI_LOGGING is not set +CONFIG_SCSI_SCAN_ASYNC=y + +# +# SCSI Transports +# +# CONFIG_SCSI_SPI_ATTRS is not set +# CONFIG_SCSI_FC_ATTRS is not set +CONFIG_SCSI_ISCSI_ATTRS=y +# CONFIG_SCSI_SAS_ATTRS is not set +# CONFIG_SCSI_SAS_LIBSAS is not set +# CONFIG_SCSI_SRP_ATTRS is not set +CONFIG_SCSI_LOWLEVEL=y +CONFIG_ISCSI_TCP=y +# CONFIG_ISCSI_BOOT_SYSFS is not set +# CONFIG_SCSI_CXGB3_ISCSI is not set +# CONFIG_SCSI_CXGB4_ISCSI is not set +# CONFIG_SCSI_BNX2_ISCSI is not set +# CONFIG_BE2ISCSI is not set +# CONFIG_BLK_DEV_3W_XXXX_RAID is not set +# CONFIG_SCSI_HPSA is not set +# CONFIG_SCSI_3W_9XXX is not set +# CONFIG_SCSI_3W_SAS is not set +# CONFIG_SCSI_ACARD is not set +# CONFIG_SCSI_AACRAID is not set +# CONFIG_SCSI_AIC7XXX is not set +# CONFIG_SCSI_AIC79XX is not set +# CONFIG_SCSI_AIC94XX is not set +# CONFIG_SCSI_MVSAS is not set +# CONFIG_SCSI_MVUMI is not set +# CONFIG_SCSI_DPT_I2O is not set +# CONFIG_SCSI_ADVANSYS is not set +# CONFIG_SCSI_ARCMSR is not set +# CONFIG_SCSI_ESAS2R is not set +# CONFIG_MEGARAID_NEWGEN is not set +# CONFIG_MEGARAID_LEGACY is not set +# CONFIG_MEGARAID_SAS is not set +# CONFIG_SCSI_MPT3SAS is not set +# CONFIG_SCSI_MPT2SAS is not set +# CONFIG_SCSI_SMARTPQI is not set +# CONFIG_SCSI_UFSHCD is not set +# CONFIG_SCSI_HPTIOP is not set +# CONFIG_SCSI_BUSLOGIC is not set +# CONFIG_VMWARE_PVSCSI is not set +# CONFIG_SCSI_SNIC is not set +# CONFIG_SCSI_DMX3191D is not set +# CONFIG_SCSI_EATA is not set +# CONFIG_SCSI_FUTURE_DOMAIN is not set +# CONFIG_SCSI_GDTH is not set +# CONFIG_SCSI_ISCI is not set +# CONFIG_SCSI_IPS is not set +# CONFIG_SCSI_INITIO is not set +# CONFIG_SCSI_INIA100 is not set +# CONFIG_SCSI_STEX is not set +# CONFIG_SCSI_SYM53C8XX_2 is not set +# CONFIG_SCSI_IPR is not set +# CONFIG_SCSI_QLOGIC_1280 is not set +# CONFIG_SCSI_QLA_ISCSI is not set +# CONFIG_SCSI_DC395x is not set +# CONFIG_SCSI_AM53C974 is not set +# CONFIG_SCSI_WD719X is not set +# CONFIG_SCSI_DEBUG is not set +# CONFIG_SCSI_PMCRAID is not set +# CONFIG_SCSI_PM8001 is not set +# CONFIG_SCSI_DH is not set +# CONFIG_SCSI_OSD_INITIATOR is not set +CONFIG_ATA=y +# CONFIG_ATA_NONSTANDARD is not set +CONFIG_ATA_VERBOSE_ERROR=y +CONFIG_ATA_ACPI=y +CONFIG_SATA_PMP=y + +# +# Controllers with non-SFF native interface +# +CONFIG_SATA_AHCI=y +# CONFIG_SATA_AHCI_PLATFORM is not set +# CONFIG_SATA_INIC162X is not set +# CONFIG_SATA_ACARD_AHCI is not set +# CONFIG_SATA_SIL24 is not set +# CONFIG_ATA_SFF is not set +CONFIG_MD=y +# CONFIG_BLK_DEV_MD is not set +# CONFIG_BCACHE is not set +CONFIG_BLK_DEV_DM_BUILTIN=y +CONFIG_BLK_DEV_DM=y +# CONFIG_DM_MQ_DEFAULT is not set +# CONFIG_DM_DEBUG is not set +CONFIG_DM_BUFIO=y +# CONFIG_DM_DEBUG_BLOCK_STACK_TRACING is not set +CONFIG_DM_CRYPT=y +# CONFIG_DM_SNAPSHOT is not set +# CONFIG_DM_THIN_PROVISIONING is not set +# CONFIG_DM_CACHE is not set +# CONFIG_DM_ERA is not set +# CONFIG_DM_MIRROR is not set +# CONFIG_DM_RAID is not set +# CONFIG_DM_ZERO is not set +# CONFIG_DM_MULTIPATH is not set +# CONFIG_DM_DELAY is not set +# CONFIG_DM_UEVENT is not set +# CONFIG_DM_FLAKEY is not set +CONFIG_DM_VERITY=y +CONFIG_DM_VERITY_FEC=y +# CONFIG_DM_SWITCH is not set +# CONFIG_DM_LOG_WRITES is not set +# CONFIG_TARGET_CORE is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +# CONFIG_DUMMY is not set +# CONFIG_EQUALIZER is not set +# CONFIG_NET_FC is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_MACSEC is not set +# CONFIG_NETCONSOLE is not set +# CONFIG_NETPOLL is not set +# CONFIG_NET_POLL_CONTROLLER is not set +# CONFIG_TUN is not set +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set + +# +# CAIF transport drivers +# + +# +# Distributed Switch Architecture drivers +# +CONFIG_ETHERNET=y +# CONFIG_NET_VENDOR_3COM is not set +# CONFIG_NET_VENDOR_ADAPTEC is not set +# CONFIG_NET_VENDOR_AGERE is not set +# CONFIG_NET_VENDOR_ALTEON is not set +# CONFIG_ALTERA_TSE is not set +# CONFIG_NET_VENDOR_AMAZON is not set +# CONFIG_NET_VENDOR_AMD is not set +# CONFIG_NET_VENDOR_ARC is not set +# CONFIG_NET_VENDOR_ATHEROS is not set +# CONFIG_NET_VENDOR_AURORA is not set +# CONFIG_NET_CADENCE is not set +# CONFIG_NET_VENDOR_BROADCOM is not set +# CONFIG_NET_VENDOR_BROCADE is not set +# CONFIG_NET_VENDOR_CAVIUM is not set +# CONFIG_NET_VENDOR_CHELSIO is not set +# CONFIG_NET_VENDOR_CISCO is not set +# CONFIG_CX_ECAT is not set +# CONFIG_DNET is not set +# CONFIG_NET_VENDOR_DEC is not set +# CONFIG_NET_VENDOR_DLINK is not set +# CONFIG_NET_VENDOR_EMULEX is not set +# CONFIG_NET_VENDOR_EZCHIP is not set +# CONFIG_NET_VENDOR_EXAR is not set +# CONFIG_NET_VENDOR_HP is not set +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +CONFIG_E1000=m +CONFIG_E1000E=m +CONFIG_E1000E_HWTS=y +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_FM10K is not set +# CONFIG_NET_VENDOR_I825XX is not set +# CONFIG_JME is not set +# CONFIG_NET_VENDOR_MARVELL is not set +# CONFIG_NET_VENDOR_MELLANOX is not set +# CONFIG_NET_VENDOR_MICREL is not set +# CONFIG_NET_VENDOR_MYRI is not set +# CONFIG_FEALNX is not set +# CONFIG_NET_VENDOR_NATSEMI is not set +# CONFIG_NET_VENDOR_NETRONOME is not set +# CONFIG_NET_VENDOR_NVIDIA is not set +# CONFIG_NET_VENDOR_OKI is not set +# CONFIG_ETHOC is not set +# CONFIG_NET_PACKET_ENGINE is not set +# CONFIG_NET_VENDOR_QLOGIC is not set +# CONFIG_NET_VENDOR_QUALCOMM is not set +# CONFIG_NET_VENDOR_REALTEK is not set +# CONFIG_NET_VENDOR_RENESAS is not set +# CONFIG_NET_VENDOR_RDC is not set +# CONFIG_NET_VENDOR_ROCKER is not set +# CONFIG_NET_VENDOR_SAMSUNG is not set +# CONFIG_NET_VENDOR_SEEQ is not set +# CONFIG_NET_VENDOR_SILAN is not set +# CONFIG_NET_VENDOR_SIS is not set +# CONFIG_SFC is not set +# CONFIG_NET_VENDOR_SMSC is not set +# CONFIG_NET_VENDOR_STMICRO is not set +# CONFIG_NET_VENDOR_SUN is not set +# CONFIG_NET_VENDOR_SYNOPSYS is not set +# CONFIG_NET_VENDOR_TEHUTI is not set +# CONFIG_NET_VENDOR_TI is not set +# CONFIG_NET_VENDOR_VIA is not set +# CONFIG_NET_VENDOR_WIZNET is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_PHYLIB is not set +# CONFIG_PPP is not set +# CONFIG_SLIP is not set +# CONFIG_USB_NET_DRIVERS is not set +# CONFIG_WLAN is not set + +# +# Enable WiMAX (Networking options) to see the WiMAX drivers +# +# CONFIG_WAN is not set +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_ISDN is not set +# CONFIG_NVM is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_POLLDEV is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +# CONFIG_INPUT_MOUSEDEV is not set +# CONFIG_INPUT_JOYDEV is not set +# CONFIG_INPUT_EVDEV is not set +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +# CONFIG_KEYBOARD_ADP5588 is not set +# CONFIG_KEYBOARD_ADP5589 is not set +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_QT1070 is not set +# CONFIG_KEYBOARD_QT2160 is not set +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_TCA6416 is not set +# CONFIG_KEYBOARD_TCA8418 is not set +# CONFIG_KEYBOARD_LM8333 is not set +# CONFIG_KEYBOARD_MAX7359 is not set +# CONFIG_KEYBOARD_MCS is not set +# CONFIG_KEYBOARD_MPR121 is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +# CONFIG_INPUT_MOUSE is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +# CONFIG_SERIO_SERPORT is not set +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_HW_CONSOLE=y +CONFIG_VT_HW_CONSOLE_BINDING=y +# CONFIG_UNIX98_PTYS is not set +# CONFIG_LEGACY_PTYS is not set +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_NOZOMI is not set +# CONFIG_N_GSM is not set +# CONFIG_TRACE_SINK is not set +CONFIG_DEVMEM=y +# CONFIG_DEVKMEM is not set + +# +# Serial drivers +# +CONFIG_SERIAL_8250=y +# CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set +# CONFIG_SERIAL_8250_PNP is not set +# CONFIG_SERIAL_8250_FINTEK is not set +# CONFIG_SERIAL_8250_CONSOLE is not set +# CONFIG_SERIAL_8250_PCI is not set +CONFIG_SERIAL_8250_NR_UARTS=4 +CONFIG_SERIAL_8250_RUNTIME_UARTS=4 +# CONFIG_SERIAL_8250_EXTENDED is not set +# CONFIG_SERIAL_8250_DW is not set +# CONFIG_SERIAL_8250_RT288X is not set +# CONFIG_SERIAL_8250_LPSS is not set +# CONFIG_SERIAL_8250_MID is not set +# CONFIG_SERIAL_8250_MOXA is not set + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +CONFIG_SERIAL_CORE=y +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_SC16IS7XX is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +CONFIG_TTY_PRINTK=y +# CONFIG_IPMI_HANDLER is not set +CONFIG_HW_RANDOM=y +CONFIG_HW_RANDOM_TIMERIOMEM=m +CONFIG_HW_RANDOM_INTEL=m +CONFIG_HW_RANDOM_AMD=m +CONFIG_HW_RANDOM_VIA=m +CONFIG_HW_RANDOM_TPM=m +# CONFIG_NVRAM is not set +# CONFIG_R3964 is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +# CONFIG_RAW_DRIVER is not set +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +CONFIG_TCG_TPM=y +CONFIG_TCG_TIS_CORE=y +CONFIG_TCG_TIS=y +# CONFIG_TCG_TIS_I2C_ATMEL is not set +# CONFIG_TCG_TIS_I2C_INFINEON is not set +# CONFIG_TCG_TIS_I2C_NUVOTON is not set +# CONFIG_TCG_NSC is not set +# CONFIG_TCG_ATMEL is not set +# CONFIG_TCG_INFINEON is not set +# CONFIG_TCG_CRB is not set +# CONFIG_TCG_VTPM_PROXY is not set +# CONFIG_TCG_TIS_ST33ZP24_I2C is not set +# CONFIG_TELCLOCK is not set +CONFIG_DEVPORT=y +# CONFIG_XILLYBUS is not set + +# +# I2C support +# +CONFIG_I2C=y +CONFIG_ACPI_I2C_OPREGION=y +CONFIG_I2C_BOARDINFO=y +# CONFIG_I2C_COMPAT is not set +# CONFIG_I2C_CHARDEV is not set +CONFIG_I2C_MUX=m + +# +# Multiplexer I2C Chip support +# +CONFIG_I2C_MUX_PCA9541=m +CONFIG_I2C_MUX_REG=m +# CONFIG_I2C_HELPER_AUTO is not set +# CONFIG_I2C_SMBUS is not set + +# +# I2C Algorithms +# +CONFIG_I2C_ALGOBIT=y +# CONFIG_I2C_ALGOPCF is not set +# CONFIG_I2C_ALGOPCA is not set + +# +# I2C Hardware Bus support +# + +# +# PC SMBus host controller drivers +# +# CONFIG_I2C_ALI1535 is not set +# CONFIG_I2C_ALI1563 is not set +# CONFIG_I2C_ALI15X3 is not set +# CONFIG_I2C_AMD756 is not set +# CONFIG_I2C_AMD8111 is not set +# CONFIG_I2C_I801 is not set +# CONFIG_I2C_ISCH is not set +# CONFIG_I2C_ISMT is not set +# CONFIG_I2C_PIIX4 is not set +# CONFIG_I2C_NFORCE2 is not set +# CONFIG_I2C_SIS5595 is not set +# CONFIG_I2C_SIS630 is not set +# CONFIG_I2C_SIS96X is not set +# CONFIG_I2C_VIA is not set +# CONFIG_I2C_VIAPRO is not set + +# +# ACPI drivers +# +# CONFIG_I2C_SCMI is not set + +# +# I2C system bus drivers (mostly embedded / system-on-chip) +# +# CONFIG_I2C_DESIGNWARE_PCI is not set +# CONFIG_I2C_OCORES is not set +# CONFIG_I2C_PCA_PLATFORM is not set +# CONFIG_I2C_PXA_PCI is not set +# CONFIG_I2C_SIMTEC is not set +# CONFIG_I2C_XILINX is not set + +# +# External I2C/SMBus adapter drivers +# +# CONFIG_I2C_DIOLAN_U2C is not set +# CONFIG_I2C_PARPORT_LIGHT is not set +# CONFIG_I2C_ROBOTFUZZ_OSIF is not set +# CONFIG_I2C_TAOS_EVM is not set +# CONFIG_I2C_TINY_USB is not set + +# +# Other I2C/SMBus bus drivers +# +# CONFIG_I2C_STUB is not set +CONFIG_I2C_SLAVE=y +# CONFIG_I2C_SLAVE_EEPROM is not set +# CONFIG_I2C_DEBUG_CORE is not set +# CONFIG_I2C_DEBUG_ALGO is not set +# CONFIG_I2C_DEBUG_BUS is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set + +# +# PPS support +# +CONFIG_PPS=y +# CONFIG_PPS_DEBUG is not set + +# +# PPS clients support +# +# CONFIG_PPS_CLIENT_KTIMER is not set +# CONFIG_PPS_CLIENT_LDISC is not set +# CONFIG_PPS_CLIENT_GPIO is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +CONFIG_PTP_1588_CLOCK=y + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +# CONFIG_POWER_AVS is not set +# CONFIG_POWER_RESET is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_PDA_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_DS2782 is not set +# CONFIG_BATTERY_SBS is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_BATTERY_MAX17040 is not set +# CONFIG_BATTERY_MAX17042 is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_CHARGER_LP8727 is not set +# CONFIG_CHARGER_BQ2415X is not set +# CONFIG_CHARGER_SMB347 is not set +# CONFIG_BATTERY_GAUGE_LTC2941 is not set +# CONFIG_HWMON is not set +CONFIG_THERMAL=y +# CONFIG_THERMAL_WRITABLE_TRIPS is not set +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +# CONFIG_THERMAL_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set +# CONFIG_THERMAL_EMULATION is not set +# CONFIG_INTEL_POWERCLAMP is not set +# CONFIG_X86_PKG_TEMP_THERMAL is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y + +# +# Sonics Silicon Backplane +# +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y + +# +# Broadcom specific AMBA +# +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_CORE is not set +# CONFIG_MFD_AS3711 is not set +# CONFIG_PMIC_ADP5520 is not set +# CONFIG_MFD_BCM590XX is not set +# CONFIG_MFD_AXP20X_I2C is not set +# CONFIG_MFD_CROS_EC is not set +# CONFIG_PMIC_DA903X is not set +# CONFIG_MFD_DA9052_I2C is not set +# CONFIG_MFD_DA9055 is not set +# CONFIG_MFD_DA9062 is not set +# CONFIG_MFD_DA9063 is not set +# CONFIG_MFD_DA9150 is not set +# CONFIG_MFD_DLN2 is not set +# CONFIG_MFD_EXYNOS_LPASS is not set +# CONFIG_MFD_MC13XXX_I2C is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_88PM800 is not set +# CONFIG_MFD_88PM805 is not set +# CONFIG_MFD_88PM860X is not set +# CONFIG_MFD_MAX14577 is not set +# CONFIG_MFD_MAX77693 is not set +# CONFIG_MFD_MAX77843 is not set +# CONFIG_MFD_MAX8907 is not set +# CONFIG_MFD_MAX8925 is not set +# CONFIG_MFD_MAX8997 is not set +# CONFIG_MFD_MAX8998 is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_MENF21BMC is not set +# CONFIG_MFD_VIPERBOARD is not set +# CONFIG_MFD_RETU is not set +# CONFIG_MFD_PCF50633 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RTSX_PCI is not set +# CONFIG_MFD_RT5033 is not set +# CONFIG_MFD_RTSX_USB is not set +# CONFIG_MFD_RC5T583 is not set +# CONFIG_MFD_SEC_CORE is not set +# CONFIG_MFD_SI476X_CORE is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_MFD_SKY81452 is not set +# CONFIG_MFD_SMSC is not set +# CONFIG_ABX500_CORE is not set +CONFIG_MFD_SYSCON=y +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_LP3943 is not set +# CONFIG_MFD_LP8788 is not set +# CONFIG_MFD_PALMAS is not set +# CONFIG_TPS6105X is not set +# CONFIG_TPS6507X is not set +# CONFIG_MFD_TPS65086 is not set +# CONFIG_MFD_TPS65090 is not set +# CONFIG_MFD_TPS65217 is not set +# CONFIG_MFD_TI_LP873X is not set +# CONFIG_MFD_TPS65218 is not set +# CONFIG_MFD_TPS6586X is not set +# CONFIG_MFD_TPS65912_I2C is not set +# CONFIG_MFD_TPS80031 is not set +# CONFIG_TWL4030_CORE is not set +# CONFIG_TWL6040_CORE is not set +# CONFIG_MFD_WL1273_CORE is not set +# CONFIG_MFD_LM3533 is not set +# CONFIG_MFD_TMIO is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_MFD_ARIZONA_I2C is not set +# CONFIG_MFD_WM8400 is not set +# CONFIG_MFD_WM831X_I2C is not set +# CONFIG_MFD_WM8350_I2C is not set +# CONFIG_MFD_WM8994 is not set +# CONFIG_REGULATOR is not set +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +# CONFIG_AGP is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_VGA_SWITCHEROO is not set +CONFIG_DRM=y +# CONFIG_DRM_DP_AUX_CHARDEV is not set +CONFIG_DRM_KMS_HELPER=y +CONFIG_DRM_KMS_FB_HELPER=y +CONFIG_DRM_FBDEV_EMULATION=y +# CONFIG_DRM_LOAD_EDID_FIRMWARE is not set + +# +# I2C encoder or helper chips +# +# CONFIG_DRM_I2C_CH7006 is not set +# CONFIG_DRM_I2C_SIL164 is not set +# CONFIG_DRM_I2C_NXP_TDA998X is not set +# CONFIG_DRM_RADEON is not set +# CONFIG_DRM_AMDGPU is not set + +# +# ACP (Audio CoProcessor) Configuration +# +# CONFIG_DRM_NOUVEAU is not set +# CONFIG_DRM_I915 is not set +# CONFIG_DRM_VGEM is not set +# CONFIG_DRM_VMWGFX is not set +# CONFIG_DRM_GMA500 is not set +# CONFIG_DRM_UDL is not set +# CONFIG_DRM_AST is not set +# CONFIG_DRM_MGAG200 is not set +# CONFIG_DRM_CIRRUS_QEMU is not set +# CONFIG_DRM_QXL is not set +# CONFIG_DRM_BOCHS is not set +CONFIG_DRM_BRIDGE=y + +# +# Display Interface Bridges +# +# CONFIG_DRM_ANALOGIX_ANX78XX is not set +# CONFIG_DRM_LEGACY is not set + +# +# Frame buffer Devices +# +CONFIG_FB=y +# CONFIG_FIRMWARE_EDID is not set +CONFIG_FB_CMDLINE=y +CONFIG_FB_NOTIFY=y +# CONFIG_FB_DDC is not set +CONFIG_FB_BOOT_VESA_SUPPORT=y +CONFIG_FB_CFB_FILLRECT=y +CONFIG_FB_CFB_COPYAREA=y +CONFIG_FB_CFB_IMAGEBLIT=y +# CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set +CONFIG_FB_SYS_FILLRECT=y +CONFIG_FB_SYS_COPYAREA=y +CONFIG_FB_SYS_IMAGEBLIT=y +# CONFIG_FB_FOREIGN_ENDIAN is not set +CONFIG_FB_SYS_FOPS=y +CONFIG_FB_DEFERRED_IO=y +# CONFIG_FB_SVGALIB is not set +# CONFIG_FB_MACMODES is not set +# CONFIG_FB_BACKLIGHT is not set +# CONFIG_FB_MODE_HELPERS is not set +# CONFIG_FB_TILEBLITTING is not set + +# +# Frame buffer hardware drivers +# +# CONFIG_FB_CIRRUS is not set +# CONFIG_FB_PM2 is not set +# CONFIG_FB_CYBER2000 is not set +# CONFIG_FB_ARC is not set +# CONFIG_FB_ASILIANT is not set +# CONFIG_FB_IMSTT is not set +# CONFIG_FB_VGA16 is not set +CONFIG_FB_VESA=y +# CONFIG_FB_N411 is not set +# CONFIG_FB_HGA is not set +# CONFIG_FB_OPENCORES is not set +# CONFIG_FB_S1D13XXX is not set +# CONFIG_FB_NVIDIA is not set +# CONFIG_FB_RIVA is not set +# CONFIG_FB_I740 is not set +# CONFIG_FB_LE80578 is not set +# CONFIG_FB_MATROX is not set +# CONFIG_FB_RADEON is not set +# CONFIG_FB_ATY128 is not set +# CONFIG_FB_ATY is not set +# CONFIG_FB_S3 is not set +# CONFIG_FB_SAVAGE is not set +# CONFIG_FB_SIS is not set +# CONFIG_FB_NEOMAGIC is not set +# CONFIG_FB_KYRO is not set +# CONFIG_FB_3DFX is not set +# CONFIG_FB_VOODOO1 is not set +# CONFIG_FB_VT8623 is not set +# CONFIG_FB_TRIDENT is not set +# CONFIG_FB_ARK is not set +# CONFIG_FB_PM3 is not set +# CONFIG_FB_CARMINE is not set +# CONFIG_FB_SMSCUFX is not set +# CONFIG_FB_UDL is not set +# CONFIG_FB_IBM_GXT4500 is not set +# CONFIG_FB_VIRTUAL is not set +# CONFIG_FB_METRONOME is not set +# CONFIG_FB_MB862XX is not set +# CONFIG_FB_BROADSHEET is not set +# CONFIG_FB_AUO_K190X is not set +# CONFIG_FB_SIMPLE is not set +# CONFIG_FB_SM712 is not set +CONFIG_BACKLIGHT_LCD_SUPPORT=y +# CONFIG_LCD_CLASS_DEVICE is not set +CONFIG_BACKLIGHT_CLASS_DEVICE=y +# CONFIG_BACKLIGHT_GENERIC is not set +# CONFIG_BACKLIGHT_APPLE is not set +# CONFIG_BACKLIGHT_PM8941_WLED is not set +# CONFIG_BACKLIGHT_SAHARA is not set +# CONFIG_BACKLIGHT_ADP8860 is not set +# CONFIG_BACKLIGHT_ADP8870 is not set +# CONFIG_BACKLIGHT_LM3639 is not set +# CONFIG_BACKLIGHT_LV5207LP is not set +# CONFIG_BACKLIGHT_BD6107 is not set +# CONFIG_VGASTATE is not set +CONFIG_HDMI=y + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +# CONFIG_VGACON_SOFT_SCROLLBACK is not set +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_FRAMEBUFFER_CONSOLE=y +CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y +# CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set +# CONFIG_LOGO is not set +# CONFIG_SOUND is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +# CONFIG_HID_A4TECH is not set +# CONFIG_HID_ACRUX is not set +# CONFIG_HID_APPLE is not set +# CONFIG_HID_APPLEIR is not set +# CONFIG_HID_AUREAL is not set +# CONFIG_HID_BELKIN is not set +# CONFIG_HID_BETOP_FF is not set +# CONFIG_HID_CHERRY is not set +# CONFIG_HID_CHICONY is not set +# CONFIG_HID_CMEDIA is not set +# CONFIG_HID_CYPRESS is not set +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +# CONFIG_HID_ELO is not set +# CONFIG_HID_EZKEY is not set +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_HOLTEK is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_UCLOGIC is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_TWINHAN is not set +# CONFIG_HID_KENSINGTON is not set +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +# CONFIG_HID_LOGITECH is not set +# CONFIG_HID_MAGICMOUSE is not set +# CONFIG_HID_MICROSOFT is not set +# CONFIG_HID_MONTEREY is not set +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_NTRIG is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PENMOUNT is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +# CONFIG_HID_PLANTRONICS is not set +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_ROCCAT is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set + +# +# USB HID support +# +CONFIG_USB_HID=y +# CONFIG_HID_PID is not set +# CONFIG_USB_HIDDEV is not set + +# +# I2C HID support +# +# CONFIG_I2C_HID is not set + +# +# Intel ISH HID support +# +# CONFIG_INTEL_ISH_HID is not set +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_COMMON=y +CONFIG_USB_ARCH_HAS_HCD=y +CONFIG_USB=y +# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set + +# +# Miscellaneous USB options +# +CONFIG_USB_DEFAULT_PERSIST=y +# CONFIG_USB_DYNAMIC_MINORS is not set +# CONFIG_USB_OTG_WHITELIST is not set +# CONFIG_USB_OTG_BLACKLIST_HUB is not set +# CONFIG_USB_MON is not set +# CONFIG_USB_WUSB_CBAF is not set + +# +# USB Host Controller Drivers +# +# CONFIG_USB_C67X00_HCD is not set +CONFIG_USB_XHCI_HCD=m +CONFIG_USB_XHCI_PCI=m +CONFIG_USB_XHCI_PLATFORM=m +CONFIG_USB_EHCI_HCD=m +# CONFIG_USB_EHCI_ROOT_HUB_TT is not set +CONFIG_USB_EHCI_TT_NEWSCHED=y +CONFIG_USB_EHCI_PCI=m +CONFIG_USB_EHCI_HCD_PLATFORM=m +# CONFIG_USB_OXU210HP_HCD is not set +# CONFIG_USB_ISP116X_HCD is not set +# CONFIG_USB_ISP1362_HCD is not set +# CONFIG_USB_FOTG210_HCD is not set +CONFIG_USB_OHCI_HCD=m +CONFIG_USB_UHCI_HCD=m +# CONFIG_USB_SL811_HCD is not set +# CONFIG_USB_R8A66597_HCD is not set +# CONFIG_USB_HCD_TEST_MODE is not set + +# +# USB Device Class drivers +# +# CONFIG_USB_ACM is not set +# CONFIG_USB_PRINTER is not set +# CONFIG_USB_WDM is not set +# CONFIG_USB_TMC is not set + +# +# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may +# + +# +# also be needed; see USB_STORAGE Help for more info +# +CONFIG_USB_STORAGE=m +# CONFIG_USB_STORAGE_DEBUG is not set +# CONFIG_USB_STORAGE_REALTEK is not set +# CONFIG_USB_STORAGE_DATAFAB is not set +# CONFIG_USB_STORAGE_FREECOM is not set +# CONFIG_USB_STORAGE_ISD200 is not set +# CONFIG_USB_STORAGE_USBAT is not set +# CONFIG_USB_STORAGE_SDDR09 is not set +# CONFIG_USB_STORAGE_SDDR55 is not set +# CONFIG_USB_STORAGE_JUMPSHOT is not set +# CONFIG_USB_STORAGE_ALAUDA is not set +# CONFIG_USB_STORAGE_ONETOUCH is not set +# CONFIG_USB_STORAGE_KARMA is not set +# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set +# CONFIG_USB_STORAGE_ENE_UB6250 is not set +# CONFIG_USB_UAS is not set + +# +# USB Imaging devices +# +# CONFIG_USB_MDC800 is not set +# CONFIG_USB_MICROTEK is not set +# CONFIG_USBIP_CORE is not set +# CONFIG_USB_MUSB_HDRC is not set +# CONFIG_USB_DWC3 is not set +# CONFIG_USB_DWC2 is not set +# CONFIG_USB_CHIPIDEA is not set +# CONFIG_USB_ISP1760 is not set + +# +# USB port drivers +# +# CONFIG_USB_SERIAL is not set + +# +# USB Miscellaneous drivers +# +# CONFIG_USB_EMI62 is not set +# CONFIG_USB_EMI26 is not set +# CONFIG_USB_ADUTUX is not set +# CONFIG_USB_SEVSEG is not set +# CONFIG_USB_RIO500 is not set +# CONFIG_USB_LEGOTOWER is not set +# CONFIG_USB_LCD is not set +# CONFIG_USB_CYPRESS_CY7C63 is not set +# CONFIG_USB_CYTHERM is not set +# CONFIG_USB_IDMOUSE is not set +# CONFIG_USB_FTDI_ELAN is not set +# CONFIG_USB_APPLEDISPLAY is not set +# CONFIG_USB_SISUSBVGA is not set +# CONFIG_USB_LD is not set +# CONFIG_USB_TRANCEVIBRATOR is not set +# CONFIG_USB_IOWARRIOR is not set +# CONFIG_USB_TEST is not set +# CONFIG_USB_EHSET_TEST_FIXTURE is not set +# CONFIG_USB_ISIGHTFW is not set +# CONFIG_USB_YUREX is not set +# CONFIG_USB_EZUSB_FX2 is not set +# CONFIG_USB_HSIC_USB3503 is not set +# CONFIG_USB_HSIC_USB4604 is not set +# CONFIG_USB_LINK_LAYER_TEST is not set +# CONFIG_USB_CHAOSKEY is not set +# CONFIG_UCSI is not set + +# +# USB Physical Layer drivers +# +# CONFIG_USB_PHY is not set +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_ISP1301 is not set +# CONFIG_USB_GADGET is not set +# CONFIG_USB_ULPI_BUS is not set +# CONFIG_UWB is not set +# CONFIG_MMC is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +# CONFIG_EDAC is not set +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +CONFIG_RTC_CLASS=y +CONFIG_RTC_HCTOSYS=y +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" +CONFIG_RTC_SYSTOHC=y +CONFIG_RTC_SYSTOHC_DEVICE="rtc0" +# CONFIG_RTC_DEBUG is not set + +# +# RTC interfaces +# +CONFIG_RTC_INTF_SYSFS=y +CONFIG_RTC_INTF_PROC=y +CONFIG_RTC_INTF_DEV=y +# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set +# CONFIG_RTC_DRV_TEST is not set + +# +# I2C RTC drivers +# +# CONFIG_RTC_DRV_ABB5ZES3 is not set +# CONFIG_RTC_DRV_ABX80X is not set +# CONFIG_RTC_DRV_DS1307 is not set +# CONFIG_RTC_DRV_DS1374 is not set +# CONFIG_RTC_DRV_DS1672 is not set +# CONFIG_RTC_DRV_MAX6900 is not set +# CONFIG_RTC_DRV_RS5C372 is not set +# CONFIG_RTC_DRV_ISL1208 is not set +# CONFIG_RTC_DRV_ISL12022 is not set +# CONFIG_RTC_DRV_X1205 is not set +# CONFIG_RTC_DRV_PCF8523 is not set +# CONFIG_RTC_DRV_PCF85063 is not set +# CONFIG_RTC_DRV_PCF8563 is not set +# CONFIG_RTC_DRV_PCF8583 is not set +# CONFIG_RTC_DRV_M41T80 is not set +# CONFIG_RTC_DRV_BQ32K is not set +# CONFIG_RTC_DRV_S35390A is not set +# CONFIG_RTC_DRV_FM3130 is not set +# CONFIG_RTC_DRV_RX8010 is not set +# CONFIG_RTC_DRV_RX8581 is not set +# CONFIG_RTC_DRV_RX8025 is not set +# CONFIG_RTC_DRV_EM3027 is not set +# CONFIG_RTC_DRV_RV8803 is not set + +# +# SPI RTC drivers +# +CONFIG_RTC_I2C_AND_SPI=y + +# +# SPI and I2C RTC drivers +# +# CONFIG_RTC_DRV_DS3232 is not set +# CONFIG_RTC_DRV_PCF2127 is not set +# CONFIG_RTC_DRV_RV3029C2 is not set + +# +# Platform RTC drivers +# +CONFIG_RTC_DRV_CMOS=y +# CONFIG_RTC_DRV_DS1286 is not set +# CONFIG_RTC_DRV_DS1511 is not set +# CONFIG_RTC_DRV_DS1553 is not set +# CONFIG_RTC_DRV_DS1685_FAMILY is not set +# CONFIG_RTC_DRV_DS1742 is not set +# CONFIG_RTC_DRV_DS2404 is not set +# CONFIG_RTC_DRV_STK17TA8 is not set +# CONFIG_RTC_DRV_M48T86 is not set +# CONFIG_RTC_DRV_M48T35 is not set +# CONFIG_RTC_DRV_M48T59 is not set +# CONFIG_RTC_DRV_MSM6242 is not set +# CONFIG_RTC_DRV_BQ4802 is not set +# CONFIG_RTC_DRV_RP5C01 is not set +# CONFIG_RTC_DRV_V3020 is not set + +# +# on-CPU RTC drivers +# + +# +# HID Sensor RTC drivers +# +# CONFIG_RTC_DRV_HID_SENSOR_TIME is not set +# CONFIG_DMADEVICES is not set + +# +# DMABUF options +# +# CONFIG_SYNC_FILE is not set +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VFIO is not set +# CONFIG_VIRT_DRIVERS is not set + +# +# Virtio drivers +# +# CONFIG_VIRTIO_PCI is not set +# CONFIG_VIRTIO_MMIO is not set + +# +# Microsoft Hyper-V guest support +# +# CONFIG_STAGING is not set +# CONFIG_X86_PLATFORM_DEVICES is not set +# CONFIG_CHROME_PLATFORMS is not set + +# +# Hardware Spinlock drivers +# + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# CONFIG_ATMEL_PIT is not set +# CONFIG_SH_TIMER_CMT is not set +# CONFIG_SH_TIMER_MTU2 is not set +# CONFIG_SH_TIMER_TMU is not set +# CONFIG_EM_TIMER_STI is not set +# CONFIG_MAILBOX is not set +CONFIG_IOMMU_API=y +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +CONFIG_IOMMU_IOVA=y +# CONFIG_AMD_IOMMU is not set +CONFIG_DMAR_TABLE=y +CONFIG_INTEL_IOMMU=y +CONFIG_INTEL_IOMMU_SVM=y +CONFIG_INTEL_IOMMU_DEFAULT_ON=y +CONFIG_INTEL_IOMMU_FLOPPY_WA=y +# CONFIG_IRQ_REMAP is not set + +# +# Remoteproc drivers +# +# CONFIG_STE_MODEM_RPROC is not set + +# +# Rpmsg drivers +# + +# +# SOC (System On Chip) specific Drivers +# + +# +# Broadcom SoC drivers +# +# CONFIG_SUNXI_SRAM is not set +# CONFIG_SOC_TI is not set +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +# CONFIG_PWM is not set +CONFIG_ARM_GIC_MAX_NR=1 +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set +# CONFIG_FMC is not set + +# +# PHY Subsystem +# +CONFIG_GENERIC_PHY=y +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# CONFIG_RAS is not set +# CONFIG_THUNDERBOLT is not set + +# +# Android +# +# CONFIG_ANDROID is not set +CONFIG_LIBNVDIMM=y +# CONFIG_BLK_DEV_PMEM is not set +# CONFIG_ND_BLK is not set +# CONFIG_BTT is not set +# CONFIG_NVMEM is not set +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set + +# +# FPGA Configuration Support +# +# CONFIG_FPGA is not set + +# +# Firmware Drivers +# +# CONFIG_EDD is not set +# CONFIG_FIRMWARE_MEMMAP is not set +# CONFIG_DELL_RBU is not set +# CONFIG_DCDBAS is not set +# CONFIG_DMIID is not set +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT_FIND is not set +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +# CONFIG_EXT2_FS is not set +# CONFIG_EXT3_FS is not set +CONFIG_EXT4_FS=y +CONFIG_EXT4_USE_FOR_EXT2=y +# CONFIG_EXT4_FS_POSIX_ACL is not set +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_ENCRYPTION is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +# CONFIG_REISERFS_FS is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_FS_DAX is not set +# CONFIG_FS_POSIX_ACL is not set +# CONFIG_EXPORTFS_BLOCK_OPS is not set +CONFIG_FILE_LOCKING=y +CONFIG_MANDATORY_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +# CONFIG_FSNOTIFY is not set +# CONFIG_DNOTIFY is not set +# CONFIG_INOTIFY_USER is not set +# CONFIG_FANOTIFY is not set +# CONFIG_QUOTA is not set +# CONFIG_QUOTACTL is not set +# CONFIG_AUTOFS4_FS is not set +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +# CONFIG_ZISOFS is not set +# CONFIG_UDF_FS is not set + +# +# DOS/FAT/NT Filesystems +# +CONFIG_FAT_FS=y +CONFIG_MSDOS_FS=y +CONFIG_VFAT_FS=y +CONFIG_FAT_DEFAULT_CODEPAGE=437 +CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" +# CONFIG_FAT_DEFAULT_UTF8 is not set +# CONFIG_NTFS_FS is not set + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +# CONFIG_PROC_KCORE is not set +# CONFIG_PROC_SYSCTL is not set +# CONFIG_PROC_PAGE_MONITOR is not set +# CONFIG_PROC_CHILDREN is not set +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_HUGETLBFS is not set +# CONFIG_HUGETLB_PAGE is not set +CONFIG_ARCH_HAS_GIGANTIC_PAGE=y +# CONFIG_CONFIGFS_FS is not set +# CONFIG_MISC_FILESYSTEMS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_NCP_FS is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="utf8" +CONFIG_NLS_CODEPAGE_437=y +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +CONFIG_NLS_ISO8859_1=y +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +CONFIG_NLS_UTF8=y + +# +# Kernel hacking +# +CONFIG_TRACE_IRQFLAGS_SUPPORT=y + +# +# printk and dmesg options +# +CONFIG_PRINTK_TIME=y +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +CONFIG_BOOT_PRINTK_DELAY=y +CONFIG_DYNAMIC_DEBUG=y + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +# CONFIG_DEBUG_INFO_REDUCED is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +CONFIG_DEBUG_INFO_DWARF4=y +CONFIG_GDB_SCRIPTS=y +# CONFIG_ENABLE_WARN_DEPRECATED is not set +# CONFIG_ENABLE_MUST_CHECK is not set +CONFIG_FRAME_WARN=1024 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +CONFIG_UNUSED_SYMBOLS=y +# CONFIG_PAGE_OWNER is not set +CONFIG_DEBUG_FS=y +# CONFIG_HEADERS_CHECK is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_ARCH_WANT_FRAME_POINTERS=y +CONFIG_FRAME_POINTER=y +CONFIG_STACK_VALIDATION=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +CONFIG_MAGIC_SYSRQ=y +CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1 +CONFIG_DEBUG_KERNEL=y + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_SLUB_STATS is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VIRTUAL is not set +# CONFIG_DEBUG_MEMORY_INIT is not set +# CONFIG_DEBUG_PER_CPU_MAPS is not set +CONFIG_HAVE_DEBUG_STACKOVERFLOW=y +# CONFIG_DEBUG_STACKOVERFLOW is not set +CONFIG_HAVE_ARCH_KMEMCHECK=y +CONFIG_ARCH_HAS_KCOV=y +# CONFIG_KCOV is not set +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Lockups and Hangs +# +CONFIG_LOCKUP_DETECTOR=y +CONFIG_HARDLOCKUP_DETECTOR=y +# CONFIG_BOOTPARAM_HARDLOCKUP_PANIC is not set +CONFIG_BOOTPARAM_HARDLOCKUP_PANIC_VALUE=0 +# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set +CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0 +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 +CONFIG_WQ_WATCHDOG=y +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SCHED_DEBUG is not set +# CONFIG_SCHED_INFO is not set +# CONFIG_SCHEDSTATS is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +# CONFIG_DEBUG_TIMEKEEPING is not set +# CONFIG_TIMER_STATS is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +CONFIG_STACKTRACE=y +# CONFIG_DEBUG_KOBJECT is not set +# CONFIG_DEBUG_BUGVERBOSE is not set +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PI_LIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_PROVE_RCU is not set +# CONFIG_SPARSE_RCU_POINTER is not set +# CONFIG_TORTURE_TEST is not set +# CONFIG_RCU_PERF_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +CONFIG_RCU_CPU_STALL_TIMEOUT=21 +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +# CONFIG_LATENCYTOP is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACING_SUPPORT=y +# CONFIG_FTRACE is not set + +# +# Runtime Testing +# +# CONFIG_LKDTM is not set +# CONFIG_TEST_LIST_SORT is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_INTERVAL_TREE_TEST is not set +# CONFIG_PERCPU_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_HASH is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_TEST_LKM is not set +# CONFIG_TEST_USER_COPY is not set +# CONFIG_TEST_BPF is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_MEMTEST is not set +# CONFIG_TEST_STATIC_KEYS is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set +# CONFIG_UBSAN is not set +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +# CONFIG_STRICT_DEVMEM is not set +# CONFIG_X86_VERBOSE_BOOTUP is not set +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_X86_PTDUMP_CORE is not set +# CONFIG_X86_PTDUMP is not set +# CONFIG_DEBUG_RODATA_TEST is not set +# CONFIG_DEBUG_WX is not set +CONFIG_DEBUG_SET_MODULE_RONX=y +# CONFIG_DEBUG_NX_TEST is not set +# CONFIG_DOUBLEFAULT is not set +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_STRESS is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +CONFIG_IO_DELAY_TYPE_0X80=0 +CONFIG_IO_DELAY_TYPE_0XED=1 +CONFIG_IO_DELAY_TYPE_UDELAY=2 +CONFIG_IO_DELAY_TYPE_NONE=3 +# CONFIG_IO_DELAY_0X80 is not set +CONFIG_IO_DELAY_0XED=y +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +CONFIG_DEFAULT_IO_DELAY_TYPE=1 +# CONFIG_DEBUG_BOOT_PARAMS is not set +# CONFIG_CPA_DEBUG is not set +CONFIG_OPTIMIZE_INLINING=y +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +# CONFIG_X86_DEBUG_FPU is not set +# CONFIG_PUNIT_ATOM_DEBUG is not set + +# +# Security options +# +# CONFIG_KEYS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +# CONFIG_SECURITY is not set +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_SECURITYFS=y +# CONFIG_INTEL_TXT is not set +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y +CONFIG_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_DEFAULT_SECURITY="" +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_BLKCIPHER=y +CONFIG_CRYPTO_BLKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=m +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_AKCIPHER=m +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_RSA=m +# CONFIG_CRYPTO_DH is not set +# CONFIG_CRYPTO_ECDH is not set +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=m +CONFIG_CRYPTO_NULL2=y +# CONFIG_CRYPTO_PCRYPT is not set +CONFIG_CRYPTO_WORKQUEUE=y +CONFIG_CRYPTO_CRYPTD=y +CONFIG_CRYPTO_MCRYPTD=m +CONFIG_CRYPTO_AUTHENC=m +# CONFIG_CRYPTO_TEST is not set +CONFIG_CRYPTO_ABLK_HELPER=y +CONFIG_CRYPTO_GLUE_HELPER_X86=y + +# +# Authenticated Encryption with Associated Data +# +CONFIG_CRYPTO_CCM=m +CONFIG_CRYPTO_GCM=m +CONFIG_CRYPTO_CHACHA20POLY1305=m +CONFIG_CRYPTO_SEQIV=m +CONFIG_CRYPTO_ECHAINIV=m + +# +# Block modes +# +CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_CTR=m +CONFIG_CRYPTO_CTS=m +CONFIG_CRYPTO_ECB=y +CONFIG_CRYPTO_LRW=y +CONFIG_CRYPTO_PCBC=m +CONFIG_CRYPTO_XTS=y +CONFIG_CRYPTO_KEYWRAP=m + +# +# Hash modes +# +CONFIG_CRYPTO_CMAC=m +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_XCBC=m +CONFIG_CRYPTO_VMAC=m + +# +# Digest +# +CONFIG_CRYPTO_CRC32C=y +CONFIG_CRYPTO_CRC32C_INTEL=y +CONFIG_CRYPTO_CRC32=m +CONFIG_CRYPTO_CRC32_PCLMUL=m +CONFIG_CRYPTO_CRCT10DIF=y +CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m +CONFIG_CRYPTO_GHASH=m +CONFIG_CRYPTO_POLY1305=m +CONFIG_CRYPTO_POLY1305_X86_64=m +CONFIG_CRYPTO_MD4=m +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=m +CONFIG_CRYPTO_RMD128=m +CONFIG_CRYPTO_RMD160=m +CONFIG_CRYPTO_RMD256=m +CONFIG_CRYPTO_RMD320=m +CONFIG_CRYPTO_SHA1=y +CONFIG_CRYPTO_SHA1_SSSE3=y +# CONFIG_CRYPTO_SHA256_SSSE3 is not set +# CONFIG_CRYPTO_SHA512_SSSE3 is not set +# CONFIG_CRYPTO_SHA1_MB is not set +# CONFIG_CRYPTO_SHA256_MB is not set +# CONFIG_CRYPTO_SHA512_MB is not set +CONFIG_CRYPTO_SHA256=y +# CONFIG_CRYPTO_SHA512 is not set +# CONFIG_CRYPTO_SHA3 is not set +CONFIG_CRYPTO_TGR192=m +CONFIG_CRYPTO_WP512=m +CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m + +# +# Ciphers +# +CONFIG_CRYPTO_AES=y +CONFIG_CRYPTO_AES_X86_64=y +CONFIG_CRYPTO_AES_NI_INTEL=y +CONFIG_CRYPTO_ANUBIS=m +CONFIG_CRYPTO_ARC4=m +CONFIG_CRYPTO_BLOWFISH=m +CONFIG_CRYPTO_BLOWFISH_COMMON=m +CONFIG_CRYPTO_BLOWFISH_X86_64=m +CONFIG_CRYPTO_CAMELLIA=m +CONFIG_CRYPTO_CAMELLIA_X86_64=m +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m +CONFIG_CRYPTO_CAST_COMMON=m +CONFIG_CRYPTO_CAST5=m +CONFIG_CRYPTO_CAST5_AVX_X86_64=m +CONFIG_CRYPTO_CAST6=m +CONFIG_CRYPTO_CAST6_AVX_X86_64=m +CONFIG_CRYPTO_DES=m +CONFIG_CRYPTO_DES3_EDE_X86_64=m +CONFIG_CRYPTO_FCRYPT=m +CONFIG_CRYPTO_KHAZAD=m +CONFIG_CRYPTO_SALSA20=m +CONFIG_CRYPTO_SALSA20_X86_64=m +CONFIG_CRYPTO_CHACHA20=m +CONFIG_CRYPTO_CHACHA20_X86_64=m +CONFIG_CRYPTO_SEED=m +CONFIG_CRYPTO_SERPENT=m +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m +CONFIG_CRYPTO_SERPENT_AVX_X86_64=m +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m +CONFIG_CRYPTO_TEA=m +CONFIG_CRYPTO_TWOFISH=m +CONFIG_CRYPTO_TWOFISH_COMMON=m +CONFIG_CRYPTO_TWOFISH_X86_64=m +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=m +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_842=m +CONFIG_CRYPTO_LZ4=m +CONFIG_CRYPTO_LZ4HC=m + +# +# Random Number Generation +# +CONFIG_CRYPTO_ANSI_CPRNG=m +CONFIG_CRYPTO_DRBG_MENU=m +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=m +CONFIG_CRYPTO_JITTERENTROPY=m +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +CONFIG_CRYPTO_USER_API_RNG=y +CONFIG_CRYPTO_USER_API_AEAD=y +# CONFIG_CRYPTO_HW is not set + +# +# Certificates for signature checking +# +CONFIG_HAVE_KVM=y +# CONFIG_VIRTUALIZATION is not set +# CONFIG_BINARY_PRINTF is not set + +# +# Library routines +# +CONFIG_BITREVERSE=y +# CONFIG_HAVE_ARCH_BITREVERSE is not set +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_GENERIC_IO=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_CRC_CCITT=m +CONFIG_CRC16=y +CONFIG_CRC_T10DIF=y +CONFIG_CRC_ITU_T=m +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +CONFIG_CRC7=m +CONFIG_LIBCRC32C=m +CONFIG_CRC8=m +# CONFIG_AUDIT_ARCH_COMPAT_GENERIC is not set +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_842_COMPRESS=m +CONFIG_842_DECOMPRESS=m +CONFIG_ZLIB_INFLATE=m +CONFIG_ZLIB_DEFLATE=m +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_COMPRESS=m +CONFIG_LZ4HC_COMPRESS=m +CONFIG_LZ4_DECOMPRESS=m +CONFIG_XZ_DEC=y +CONFIG_XZ_DEC_X86=y +CONFIG_XZ_DEC_POWERPC=y +CONFIG_XZ_DEC_IA64=y +CONFIG_XZ_DEC_ARM=y +CONFIG_XZ_DEC_ARMTHUMB=y +CONFIG_XZ_DEC_SPARC=y +CONFIG_XZ_DEC_BCJ=y +CONFIG_XZ_DEC_TEST=m +CONFIG_DECOMPRESS_XZ=y +CONFIG_GENERIC_ALLOCATOR=y +CONFIG_REED_SOLOMON=y +CONFIG_REED_SOLOMON_DEC8=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_CPU_RMAP=y +CONFIG_DQL=y +CONFIG_GLOB=y +# CONFIG_GLOB_SELFTEST is not set +CONFIG_NLATTR=y +CONFIG_CLZ_TAB=y +CONFIG_CORDIC=m +# CONFIG_DDR is not set +CONFIG_IRQ_POLL=y +CONFIG_MPILIB=m +CONFIG_FONT_SUPPORT=y +# CONFIG_FONTS is not set +CONFIG_FONT_8x8=y +CONFIG_FONT_8x16=y +# CONFIG_SG_SPLIT is not set +CONFIG_SG_POOL=y +CONFIG_ARCH_HAS_SG_CHAIN=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_MMIO_FLUSH=y +CONFIG_SBITMAP=y diff --git a/initrd/bin/kexec-sign-config b/initrd/bin/kexec-sign-config index bf47d804..1ff9f46c 100755 --- a/initrd/bin/kexec-sign-config +++ b/initrd/bin/kexec-sign-config @@ -1,6 +1,7 @@ #!/bin/sh # Sign a valid directory of kexec params set -e -o pipefail +. /etc/config . /etc/functions rollback="n" diff --git a/initrd/bin/mount-usb b/initrd/bin/mount-usb index dd89bfe9..50643687 100755 --- a/initrd/bin/mount-usb +++ b/initrd/bin/mount-usb @@ -1,23 +1,9 @@ #!/bin/sh # Mount a USB device -die() { echo >&2 "!!!!! $@"; exit 1; } +. /etc/functions + +enable_usb -if ! lsmod | grep -q ehci_hcd; then - insmod /lib/modules/ehci-hcd.ko \ - || die "ehci_hcd: module load failed" -fi -if ! lsmod | grep -q ehci_pci; then - insmod /lib/modules/ehci-pci.ko \ - || die "ehci_pci: module load failed" -fi -if ! lsmod | grep -q xhci_hcd; then - insmod /lib/modules/xhci-hcd.ko \ - || die "ehci_hcd: module load failed" -fi -if ! lsmod | grep -q xhci_pci; then - insmod /lib/modules/xhci-pci.ko \ - || die "ehci_pci: module load failed" -fi if ! lsmod | grep -q usb_storage; then insmod /lib/modules/usb-storage.ko \ || die "usb_storage: module load failed" diff --git a/initrd/etc/functions b/initrd/etc/functions index eb8a7289..f2a961a2 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -68,6 +68,41 @@ confirm_totp() echo } +enable_usb() +{ + if [ "$CONFIG_LINUX_USB_COMPANION_CONTROLLER" = y ]; then + if ! lsmod | grep -q uhci_hcd; then + insmod /lib/modules/uhci-hcd.ko \ + || die "uhci_hcd: module load failed" + fi + if ! lsmod | grep -q ohci_hcd; then + insmod /lib/modules/ohci-hcd.ko \ + || die "ohci_hcd: module load failed" + fi + if ! lsmod | grep -q ohci_pci; then + insmod /lib/modules/ohci-pci.ko \ + || die "ohci_pci: module load failed" + fi + fi + if ! lsmod | grep -q ehci_hcd; then + insmod /lib/modules/ehci-hcd.ko \ + || die "ehci_hcd: module load failed" + fi + if ! lsmod | grep -q ehci_pci; then + insmod /lib/modules/ehci-pci.ko \ + || die "ehci_pci: module load failed" + fi + if ! lsmod | grep -q xhci_hcd; then + insmod /lib/modules/xhci-hcd.ko \ + || die "xhci_hcd: module load failed" + fi + if ! lsmod | grep -q xhci_pci; then + insmod /lib/modules/xhci-pci.ko \ + || die "xhci_pci: module load failed" + sleep 2 + fi +} + confirm_gpg_card() { read \ @@ -84,23 +119,7 @@ confirm_gpg_card() fi # setup the USB so we can reach the GPG card - if ! lsmod | grep -q ehci_hcd; then - insmod /lib/modules/ehci-hcd.ko \ - || die "ehci_hcd: module load failed" - fi - if ! lsmod | grep -q ehci_pci; then - insmod /lib/modules/ehci-pci.ko \ - || die "ehci_pci: module load failed" - fi - if ! lsmod | grep -q xhci_hcd; then - insmod /lib/modules/xhci-hcd.ko \ - || die "ehci_hcd: module load failed" - fi - if ! lsmod | grep -q xhci_pci; then - insmod /lib/modules/xhci-pci.ko \ - || die "ehci_pci: module load failed" - sleep 2 - fi + enable_usb gpg --card-status \ || die "gpg card read failed" diff --git a/modules/linux b/modules/linux index 59c3fa77..40b565aa 100644 --- a/modules/linux +++ b/modules/linux @@ -63,6 +63,10 @@ linux_modules-$(CONFIG_LINUX_MLX4) += drivers/net/ethernet/mellanox/mlx4/mlx4_co linux_modules-$(CONFIG_LINUX_MLX4) += drivers/net/ethernet/mellanox/mlx4/mlx4_en.ko # USB modules for both types of controllers +# older boards also need ohci and uhci +linux_modules-$(CONFIG_LINUX_USB_COMPANION_CONTROLLER) += drivers/usb/host/uhci-hcd.ko +linux_modules-$(CONFIG_LINUX_USB_COMPANION_CONTROLLER) += drivers/usb/host/ohci-hcd.ko +linux_modules-$(CONFIG_LINUX_USB_COMPANION_CONTROLLER) += drivers/usb/host/ohci-pci.ko linux_modules-$(CONFIG_LINUX_USB) += drivers/usb/host/ehci-hcd.ko linux_modules-$(CONFIG_LINUX_USB) += drivers/usb/host/ehci-pci.ko linux_modules-$(CONFIG_LINUX_USB) += drivers/usb/host/xhci-hcd.ko From 88c732833ab0bad00cf4fec0eb3bb61a52beaa6b Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Mon, 19 Feb 2018 16:39:42 -0800 Subject: [PATCH 05/26] Add whiptail binary, new libraries, and slang dependency The whiptail binary will allow us to create GUI menus from bash scripts. It is included in the newt library, which depends on slang. To enable, the board configuration file should add CONFIG_SLANG=y and CONFIG_NEWT=y --- Makefile | 3 +++ modules/newt | 24 ++++++++++++++++++++++++ modules/slang | 26 ++++++++++++++++++++++++++ 3 files changed, 53 insertions(+) create mode 100644 modules/newt create mode 100644 modules/slang diff --git a/Makefile b/Makefile index a371f182..0bd0fa88 100644 --- a/Makefile +++ b/Makefile @@ -333,6 +333,7 @@ bin_modules-$(CONFIG_GPG) += gpg bin_modules-$(CONFIG_LVM2) += lvm2 bin_modules-$(CONFIG_XEN) += xen bin_modules-$(CONFIG_DROPBEAR) += dropbear +bin_modules-$(CONFIG_NEWT) += newt $(foreach m, $(bin_modules-y), \ $(call map,initrd_bin_add,$(call bins,$m)) \ @@ -456,6 +457,8 @@ module_dirs := \ $(util-linux_dir) \ $(zlib_dir) \ $(kernel-headers_dir) \ + $(slang_dir) \ + $(newt_dir) \ modules.clean: for dir in $(module_dirs) \ diff --git a/modules/newt b/modules/newt new file mode 100644 index 00000000..817c0c14 --- /dev/null +++ b/modules/newt @@ -0,0 +1,24 @@ +modules-$(CONFIG_TPMTOTP) += newt + +newt_depends := popt slang $(musl_dep) + +newt_version := 0.52.20 +newt_dir := newt-$(newt_version) +newt_tar := newt-$(newt_version).tar.gz +newt_url := https://releases.pagure.org/newt/$(newt_tar) +newt_hash := 8d66ba6beffc3f786d4ccfee9d2b43d93484680ef8db9397a4fb70b5adbb6dbc + +newt_target := \ + $(MAKE_JOBS) \ + $(CROSS_TOOLS) \ + +newt_output := \ + whiptail \ + +newt_libraries := \ + libnewt.so.0.52 \ + +newt_configure := ./autogen.sh; ./configure \ + $(CROSS_TOOLS) \ + --prefix "/" \ + --host i386-elf-linux \ diff --git a/modules/slang b/modules/slang new file mode 100644 index 00000000..7446a21c --- /dev/null +++ b/modules/slang @@ -0,0 +1,26 @@ +modules-$(CONFIG_SLANG) += slang + +slang_version := 2.3.1a +slang_dir := slang-$(slang_version) +slang_tar := slang-$(slang_version).tar.bz2 +slang_url := https://www.jedsoft.org/releases/slang/$(slang_tar) +slang_hash := 54f0c3007fde918039c058965dffdfd6c5aec0bad0f4227192cc486021f08c36 + +slang_configure := ./configure \ + $(CROSS_TOOLS) \ + --prefix "/" \ + --host i386-elf-linux \ + --with-png=no \ + +slang_target := \ + $(MAKE_JOBS) \ + $(CROSS_TOOLS) \ + && $(MAKE) \ + -C "$(build)/$(slang_dir)" \ + $(CROSS_TOOLS) \ + DESTDIR="$(INSTALL)" \ + install + +slang_libraries := src/elfobjs/libslang.so.2 + +slang_depends := $(musl_dep) From bb465ad5131783b38ab3e6c2afc91659a9d677b8 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Mon, 19 Feb 2018 16:44:24 -0800 Subject: [PATCH 06/26] Align tabs with previous lines --- modules/slang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/slang b/modules/slang index 7446a21c..28600373 100644 --- a/modules/slang +++ b/modules/slang @@ -10,7 +10,7 @@ slang_configure := ./configure \ $(CROSS_TOOLS) \ --prefix "/" \ --host i386-elf-linux \ - --with-png=no \ + --with-png=no \ slang_target := \ $(MAKE_JOBS) \ From 34296b54a6bb828a3077913f56bfb27c92fe8f85 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Mon, 19 Feb 2018 17:20:10 -0800 Subject: [PATCH 07/26] Fix bad copy/paste variable reference from TPMTOTP --- modules/newt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/newt b/modules/newt index 817c0c14..9b6d60c4 100644 --- a/modules/newt +++ b/modules/newt @@ -1,4 +1,4 @@ -modules-$(CONFIG_TPMTOTP) += newt +modules-$(CONFIG_NEWT) += newt newt_depends := popt slang $(musl_dep) From 140064bbf8029122b0a9152a874255182d369610 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Tue, 20 Feb 2018 15:35:37 -0800 Subject: [PATCH 08/26] Add graphical init menu that uses whiptail This is a modified version of the generic-init script that uses whiptail to generate a graphical menu. I changed two of the options so that the user can refresh the menu to get an updated TOTP code if needed. --- initrd/bin/gui-init | 83 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100755 initrd/bin/gui-init diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init new file mode 100755 index 00000000..ab6f8a47 --- /dev/null +++ b/initrd/bin/gui-init @@ -0,0 +1,83 @@ +#!/bin/sh +# Boot from a local disk installation + +. /etc/functions +. /etc/config + +mount_boot() +{ + # Mount local disk if it is not already mounted + if ! grep -q /boot /proc/mounts ; then + mount -o ro /boot \ + || recovery "Unable to mount /boot" + fi +} + + +# Confirm we have a good TOTP unseal and ask the user for next choice +while true; do + last_half=X + unset totp_confirm + # update the TOTP code every thirty seconds + date=`date "+%Y-%m-%d %H:%M:%S"` + seconds=`date "+%s"` + half=`expr \( $seconds % 60 \) / 30` + if [ "$CONFIG_TPM" = n ]; then + TOTP="NO TPM" + elif [ "$half" != "$last_half" ]; then + last_half=$half; + TOTP=`unseal-totp` \ + || recovery "TOTP code generation failed" + fi + + whiptail --clear --title 'Heads Boot Menu' \ + --menu "$date\nTOTP code: $TOTP" 20 60 8 \ + 'y' ' Default boot' \ + 'n' ' TOTP does not match' \ + 'r' ' Refresh TOTP code' \ + 'm' ' Boot menu'\ + 'u' ' USB boot' \ + 'x' ' Exit to recovery shell' \ + 2>/tmp/whiptail + + totp_confirm=$(cat /tmp/whiptail) + + if [ "$totp_confirm" = "x" ]; then + recovery "User requested recovery shell" + fi + + if [ "$totp_confirm" = "r" ]; then + continue + fi + + if [ "$totp_confirm" = "n" ]; then + echo "" + echo "To correct clock drift: 'date -s HH:MM:SS'" + echo "and save it to the RTC: 'hwclock -w'" + echo "then reboot and try again" + echo "" + recovery "TOTP mismatch" + fi + + if [ "$totp_confirm" = "u" ]; then + exec /bin/usb-init + continue + fi + + if [ "$totp_confirm" = "m" ]; then + # Try to select a kernel from the menu + mount_boot + kexec-select-boot -m -b /boot -c "grub.cfg" + continue + fi + + if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then + # Try to boot the default + mount_boot + kexec-select-boot -b /boot -c "grub.cfg" \ + || recovery "Failed default boot" + fi + +done + +recovery "Something failed during boot" From 57405b0d2883c6f23491adfe84c11f81f5c28015 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Wed, 21 Feb 2018 15:58:54 -0800 Subject: [PATCH 09/26] Add menu for TOTP updates, provide sample board config to use gui-init --- boards/librem13v2.config | 29 +++++++++++++++++++++++++++++ initrd/bin/gui-init | 25 ++++++++++++++++++++----- 2 files changed, 49 insertions(+), 5 deletions(-) create mode 100644 boards/librem13v2.config diff --git a/boards/librem13v2.config b/boards/librem13v2.config new file mode 100644 index 00000000..5b79b33d --- /dev/null +++ b/boards/librem13v2.config @@ -0,0 +1,29 @@ +# Configuration for a librem13v2 +CONFIG_LINUX_CONFIG=config/linux-librem13v2.config + +CONFIG_COREBOOT=y +CONFIG_CRYPTSETUP=y +CONFIG_FLASHROM=y +CONFIG_GPG=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_NEWT=y +CONFIG_PCIUTILS=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_SLANG=y +CONFIG_TPMTOTP=y + +CONFIG_LINUX_USB=y + +CONFIG_BOOTSCRIPT=/bin/gui-init + +CONFIG_BOOT_REQ_HASH=n +CONFIG_BOOT_REQ_ROLLBACK=n +CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +CONFIG_BOOT_KERNEL_REMOVE="quiet" +CONFIG_BOOT_DEV="/dev/sda1" +CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 13v2 Heads Boot Menu" +CONFIG_USB_BOOT_DEV="/dev/sdb1" diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index ab6f8a47..f48060cb 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -1,6 +1,8 @@ #!/bin/sh # Boot from a local disk installation +CONFIG_BOOT_GUI_MENU_NAME='Heads Boot Menu' + . /etc/functions . /etc/config @@ -14,9 +16,8 @@ mount_boot() } -# Confirm we have a good TOTP unseal and ask the user for next choice +last_half=X while true; do - last_half=X unset totp_confirm # update the TOTP code every thirty seconds date=`date "+%Y-%m-%d %H:%M:%S"` @@ -30,15 +31,16 @@ while true; do || recovery "TOTP code generation failed" fi - whiptail --clear --title 'Heads Boot Menu' \ + whiptail --clear --title "$CONFIG_BOOT_GUI_MENU_NAME" \ --menu "$date\nTOTP code: $TOTP" 20 60 8 \ 'y' ' Default boot' \ 'n' ' TOTP does not match' \ 'r' ' Refresh TOTP code' \ - 'm' ' Boot menu'\ + 'm' ' Boot menu' \ 'u' ' USB boot' \ + 'g' ' Generate new TOTP secret' \ 'x' ' Exit to recovery shell' \ - 2>/tmp/whiptail + 2>/tmp/whiptail || recovery "GUI menu failed" totp_confirm=$(cat /tmp/whiptail) @@ -64,6 +66,19 @@ while true; do continue fi + if [ "$totp_confirm" = "g" ]; then + if (whiptail --title 'Generate new TOTP secret' \ + --yesno "This will erase your old secret and replace it with a new one!\n\nDo you want to proceed?" 16 60) then + echo "Scan the QR code to add the new TOTP secret" + /bin/seal-totp + echo "Hit Enter to return to the main menu" + read + else + echo "Returning to the main menu" + fi + continue + fi + if [ "$totp_confirm" = "m" ]; then # Try to select a kernel from the menu mount_boot From 6ab78ae236c59758bfc3bbda3d2bdea509e86e31 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Thu, 22 Feb 2018 13:18:16 -0800 Subject: [PATCH 10/26] Add gui option to kexec-select-boot, use in gui-init menu option When selecting the boot menu option (m) in the gui-init you call out to kexec-select-boot. To better maintain the graphical menu experience, I've added a -g option to kexec-select-boot that, when set, will use a graphical whiptail menu for the most common menu selection modes. --- initrd/bin/gui-init | 2 +- initrd/bin/kexec-select-boot | 45 +++++++++++++++++++++++++++++------- 2 files changed, 38 insertions(+), 9 deletions(-) diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index f48060cb..08335488 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -82,7 +82,7 @@ while true; do if [ "$totp_confirm" = "m" ]; then # Try to select a kernel from the menu mount_boot - kexec-select-boot -m -b /boot -c "grub.cfg" + kexec-select-boot -m -b /boot -c "grub.cfg" -g continue fi diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot index 034890bb..c3cc05f1 100755 --- a/initrd/bin/kexec-select-boot +++ b/initrd/bin/kexec-select-boot @@ -12,7 +12,8 @@ valid_hash="n" valid_global_hash="n" valid_rollback="n" force_menu="n" -while getopts "b:d:p:a:r:c:uim" arg; do +gui_menu="n" +while getopts "b:d:p:a:r:c:uimg" arg; do case $arg in b) bootdir="$OPTARG" ;; d) paramsdev="$OPTARG" ;; @@ -23,6 +24,7 @@ while getopts "b:d:p:a:r:c:uim" arg; do u) unique="y" ;; m) force_menu="y" ;; i) valid_hash="y"; valid_rollback="y" ;; + g) gui_menu="y" ;; esac done @@ -80,6 +82,24 @@ get_menu_option() { if [ $num_options -eq 1 -a $first_menu = "y" ]; then option_index=1 + elif [ "$gui_menu" = "y" ]; then + MENU_OPTIONS="" + n=0 + while read option + do + parse_option + n=`expr $n + 1` + name=$(echo $name | tr " " "_") + kernel=$(echo $kernel | cut -f2 -d " ") + MENU_OPTIONS="$MENU_OPTIONS $n ${name}_[$kernel]" + done < $TMP_MENU_FILE + + whiptail --clear --title "Select your boot option" \ + --menu "Choose the boot option [1-$n, a to abort]:" 20 120 8 \ + -- $MENU_OPTIONS \ + 2>/tmp/whiptail || die "Aborting boot attempt" + + option_index=$(cat /tmp/whiptail) else echo "+++ Select your boot option:" n=0 @@ -105,14 +125,23 @@ get_menu_option() { } confirm_menu_option() { - echo "+++ Please confirm the boot details for $name:" - echo $option + if [ "$gui_menu" = "y" ]; then + whiptail --clear --title "Confirm boot details" \ + --menu "Confirm the boot details for $name:\n\n$option\n\n" 20 120 8 \ + -- 'y' "Boot $name" 'd' "Make $name the default" \ + 2>/tmp/whiptail || die "Aborting boot attempt" - read \ - -n 1 \ - -p "Confirm selection by pressing 'y', make default with 'd': " \ - option_confirm - echo + option_confirm=$(cat /tmp/whiptail) + else + echo "+++ Please confirm the boot details for $name:" + echo $option + + read \ + -n 1 \ + -p "Confirm selection by pressing 'y', make default with 'd': " \ + option_confirm + echo + fi } parse_option() { From fbbfc8e22f3a6e15df710b259fc31bb2d521584d Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Fri, 23 Feb 2018 12:13:21 -0800 Subject: [PATCH 11/26] Replace remaining text-only options in main workflow w/ gui menus In particular I added a GUI menu to instruct the user if there is no TOTP code registered (as is the case upon first flash) and also added better handling of the case the user selects 'default boot' when there is no default boot set yet. Apart from that where there were text-only menus left in gui-init I've replaced them with GUI menus. --- initrd/bin/gui-init | 163 ++++++++++++++++++++++++++------------------ 1 file changed, 96 insertions(+), 67 deletions(-) diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 08335488..252462f1 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -8,90 +8,119 @@ CONFIG_BOOT_GUI_MENU_NAME='Heads Boot Menu' mount_boot() { - # Mount local disk if it is not already mounted - if ! grep -q /boot /proc/mounts ; then - mount -o ro /boot \ - || recovery "Unable to mount /boot" - fi + # Mount local disk if it is not already mounted + if ! grep -q /boot /proc/mounts ; then + mount -o ro /boot \ + || recovery "Unable to mount /boot" + fi } last_half=X while true; do + MAIN_MENU_OPTIONS="" unset totp_confirm - # update the TOTP code every thirty seconds - date=`date "+%Y-%m-%d %H:%M:%S"` - seconds=`date "+%s"` - half=`expr \( $seconds % 60 \) / 30` - if [ "$CONFIG_TPM" = n ]; then - TOTP="NO TPM" - elif [ "$half" != "$last_half" ]; then - last_half=$half; - TOTP=`unseal-totp` \ - || recovery "TOTP code generation failed" - fi + # update the TOTP code every thirty seconds + date=`date "+%Y-%m-%d %H:%M:%S"` + seconds=`date "+%s"` + half=`expr \( $seconds % 60 \) / 30` + if [ "$CONFIG_TPM" = n ]; then + TOTP="NO TPM" + elif [ "$half" != "$last_half" ]; then + last_half=$half; + TOTP=`unseal-totp` + if [ $? -ne 0 ]; then + whiptail --clear --title "ERROR: TOTP Generation Failed!" \ + --menu "ERROR: Heads couldn't generate the TOTP code.\n\nIf you have just reflashed your BIOS, you will need to generate a new TOTP secret.\n\nIf you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n\nHow would you like to proceed?" 20 60 4 \ + 'g' ' Generate new TOTP secret' \ + 'i' ' Ignore error and continue to default boot menu' \ + 'x' ' Exit to recovery shell' \ + 2>/tmp/whiptail || recovery "GUI menu failed" - whiptail --clear --title "$CONFIG_BOOT_GUI_MENU_NAME" \ - --menu "$date\nTOTP code: $TOTP" 20 60 8 \ - 'y' ' Default boot' \ - 'n' ' TOTP does not match' \ - 'r' ' Refresh TOTP code' \ - 'm' ' Boot menu' \ - 'u' ' USB boot' \ - 'g' ' Generate new TOTP secret' \ - 'x' ' Exit to recovery shell' \ - 2>/tmp/whiptail || recovery "GUI menu failed" + totp_confirm=$(cat /tmp/whiptail) + fi + fi - totp_confirm=$(cat /tmp/whiptail) + if [ "$totp_confirm" = "i" -o -z "$totp_confirm" ]; then + whiptail --clear --title "$CONFIG_BOOT_GUI_MENU_NAME" \ + --menu "$date\nTOTP code: $TOTP" 20 60 8 \ + 'y' ' Default boot' \ + 'r' ' TOTP does not match, refresh code' \ + 'n' ' TOTP does not match after refresh, troubleshoot' \ + 'm' ' Show OS boot menu' \ + 'u' ' USB boot' \ + 'g' ' Generate new TOTP secret' \ + 'x' ' Exit to recovery shell' \ + 2>/tmp/whiptail || recovery "GUI menu failed" - if [ "$totp_confirm" = "x" ]; then - recovery "User requested recovery shell" - fi + totp_confirm=$(cat /tmp/whiptail) + fi - if [ "$totp_confirm" = "r" ]; then - continue - fi + if [ "$totp_confirm" = "x" ]; then + recovery "User requested recovery shell" + fi - if [ "$totp_confirm" = "n" ]; then - echo "" - echo "To correct clock drift: 'date -s HH:MM:SS'" - echo "and save it to the RTC: 'hwclock -w'" - echo "then reboot and try again" - echo "" - recovery "TOTP mismatch" - fi + if [ "$totp_confirm" = "r" ]; then + continue + fi - if [ "$totp_confirm" = "u" ]; then - exec /bin/usb-init - continue - fi + if [ "$totp_confirm" = "n" ]; then + if (whiptail --title "TOTP code mismatched" \ + --yesno "TOTP code mismatches could indicate either TPM tampering or clock drift:\n\nTo correct clock drift: 'date -s HH:MM:SS'\nand save it to the RTC: 'hwclock -w'\nthen reboot and try again.\n\nWould you like to exit to a recovery console?" 30 60) then + echo "" + echo "To correct clock drift: 'date -s HH:MM:SS'" + echo "and save it to the RTC: 'hwclock -w'" + echo "then reboot and try again" + echo "" + recovery "TOTP mismatch" + else + continue + fi + fi - if [ "$totp_confirm" = "g" ]; then - if (whiptail --title 'Generate new TOTP secret' \ - --yesno "This will erase your old secret and replace it with a new one!\n\nDo you want to proceed?" 16 60) then + if [ "$totp_confirm" = "u" ]; then + exec /bin/usb-init + continue + fi + + if [ "$totp_confirm" = "g" ]; then + if (whiptail --title 'Generate new TOTP secret' \ + --yesno "This will erase your old secret and replace it with a new one!\n\nDo you want to proceed?" 16 60) then echo "Scan the QR code to add the new TOTP secret" - /bin/seal-totp - echo "Hit Enter to return to the main menu" + /bin/seal-totp + echo "Once you have scanned the QR code, hit Enter to reboot" read - else - echo "Returning to the main menu" - fi - continue - fi + /bin/reboot + else + echo "Returning to the main menu" + fi + continue + fi - if [ "$totp_confirm" = "m" ]; then - # Try to select a kernel from the menu - mount_boot - kexec-select-boot -m -b /boot -c "grub.cfg" -g - continue - fi + if [ "$totp_confirm" = "m" ]; then + # Try to select a kernel from the menu + mount_boot + kexec-select-boot -m -b /boot -c "grub.cfg" -g + continue + fi - if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then - # Try to boot the default - mount_boot - kexec-select-boot -b /boot -c "grub.cfg" \ - || recovery "Failed default boot" - fi + if [ "$totp_confirm" = "y" -o -n "$totp_confirm" ]; then + # Try to boot the default + mount_boot + DEFAULT_FILE=`find /boot/kexec_default.*.txt 2>/dev/null | head -1` + if [ -r "$DEFAULT_FILE" ]; then + kexec-select-boot -b /boot -c "grub.cfg" \ + || recovery "Failed default boot" + else + if (whiptail --title 'No Default Boot Option Configured' \ + --yesno "There is no default boot option configured yet. Would you like to load a menu of boot options? Otherwise you will return to the main menu." 16 60) then + kexec-select-boot -m -b /boot -c "grub.cfg" -g + else + echo "Returning to the main menu" + fi + continue + fi + fi done From 5f03be56e58a3ab3505a614a0e407047a6a32d2b Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Fri, 23 Feb 2018 15:03:18 -0800 Subject: [PATCH 12/26] Add CONFIG_MEASURED_BOOT=y to librem13v2 coreboot config --- config/coreboot-librem13v2.config | 1 + 1 file changed, 1 insertion(+) diff --git a/config/coreboot-librem13v2.config b/config/coreboot-librem13v2.config index 702e54ed..5da18342 100644 --- a/config/coreboot-librem13v2.config +++ b/config/coreboot-librem13v2.config @@ -26,6 +26,7 @@ CONFIG_CACHE_RELOCATED_RAMSTAGE_OUTSIDE_CBMEM=y # CONFIG_UPDATE_IMAGE is not set CONFIG_BOOTSPLASH_IMAGE=y CONFIG_BOOTSPLASH_FILE="bootsplash.jpg" +CONFIG_MEASURED_BOOT=y # # Mainboard From 43ba7a777df3bf90330e15c27dd251140019464d Mon Sep 17 00:00:00 2001 From: persmule Date: Sat, 24 Feb 2018 14:21:44 +0800 Subject: [PATCH 13/26] fix the broken if syntax --- initrd/init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/init b/initrd/init index e0c42c12..2fb29561 100755 --- a/initrd/init +++ b/initrd/init @@ -29,7 +29,7 @@ fi # bring up the ethernet; maybe should do DHCP? ifconfig lo 127.0.0.1 -if [ -f /lib/modules/e1000.ko ]; +if [ -f /lib/modules/e1000.ko ]; then insmod /lib/modules/e1000.ko ifconfig eth0 10.0.2.15 # qemu ifconfig eth0 > /dev/ttyprintk From dadfbeb3b329c7c025230f4c9932e22de1065bca Mon Sep 17 00:00:00 2001 From: persmule Date: Sat, 24 Feb 2018 15:27:21 +0800 Subject: [PATCH 14/26] Changed to coreboot patch not to call prog_segment_loaded in smm. --- patches/coreboot-4.7.patch | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/patches/coreboot-4.7.patch b/patches/coreboot-4.7.patch index 84698f1c..b386af7d 100644 --- a/patches/coreboot-4.7.patch +++ b/patches/coreboot-4.7.patch @@ -113,14 +113,16 @@ diff --git ./src/lib/cbfs.c ./src/lib/cbfs.c index 596abc5..f1928ce 100644 --- ./src/lib/cbfs.c +++ ./src/lib/cbfs.c -@@ -69,7 +69,11 @@ void *cbfs_boot_map_with_leak(const char *name, uint32_t type, size_t *size) +@@ -69,7 +69,13 @@ void *cbfs_boot_map_with_leak(const char *name, uint32_t type, size_t *size) if (size != NULL) *size = fsize; - return rdev_mmap(&fh.data, 0, fsize); + void * buffer = rdev_mmap(&fh.data, 0, fsize); + ++#ifndef __SMM__ + prog_segment_loaded((uintptr_t)buffer, fsize, 0); ++#endif + + return buffer; } From 8ced05de157f9d726d3d72e53636b04e0c05a9ae Mon Sep 17 00:00:00 2001 From: Trammell hudson Date: Mon, 26 Feb 2018 11:39:27 -0500 Subject: [PATCH 15/26] musl-cross has the correct URLs now (#324) --- patches/musl-cross.patch | 27 --------------------------- 1 file changed, 27 deletions(-) diff --git a/patches/musl-cross.patch b/patches/musl-cross.patch index 1ffa84e5..267c339a 100644 --- a/patches/musl-cross.patch +++ b/patches/musl-cross.patch @@ -32,30 +32,3 @@ index 4e321c9..6d9ea32 100644 + +# Build GMP, MPFR and MPC +GCC_BUILTIN_PREREQS=yes -diff --git a/defs.sh b/defs.sh -index f76a2ac..9184123 100644 ---- a/defs.sh -+++ b/defs.sh -@@ -221,19 +221,19 @@ muslfetchextract() { - gccprereqs() { - if [ ! -e gcc-$GCC_VERSION/gmp ] - then -- fetchextract http://gmplib.org/download/gmp/ gmp-$GMP_VERSION .tar.bz2 -+ fetchextract https://gmplib.org/download/gmp/ gmp-$GMP_VERSION .tar.bz2 - mv gmp-$GMP_VERSION gcc-$GCC_VERSION/gmp - fi - - if [ ! -e gcc-$GCC_VERSION/mpfr ] - then -- fetchextract http://ftp.gnu.org/gnu/mpfr/ mpfr-$MPFR_VERSION .tar.bz2 -+ fetchextract https://ftp.gnu.org/gnu/mpfr/ mpfr-$MPFR_VERSION .tar.bz2 - mv mpfr-$MPFR_VERSION gcc-$GCC_VERSION/mpfr - fi - - if [ ! -e gcc-$GCC_VERSION/mpc ] - then -- fetchextract http://www.multiprecision.org/mpc/download/ mpc-$MPC_VERSION .tar.gz -+ fetchextract https://ftp.gnu.org/gnu/mpc/ mpc-$MPC_VERSION .tar.gz - mv mpc-$MPC_VERSION gcc-$GCC_VERSION/mpc - fi - } From b4bb4edb739779e879337c53ccbe539d4ad1c73d Mon Sep 17 00:00:00 2001 From: Trammell hudson Date: Mon, 26 Feb 2018 11:40:04 -0500 Subject: [PATCH 16/26] fix dependency for bzImage, allowing make -jN to work (#306) --- modules/linux | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/linux b/modules/linux index 59c3fa77..e87b235d 100644 --- a/modules/linux +++ b/modules/linux @@ -124,8 +124,10 @@ $(build)/$(BOARD)/modules.cpio: linux.intermediate @$(RM) -rf "$(module_initrd_dir)" -# hack for the coreboot to find the linux kernel -$(build)/$(BOARD)/bzImage: linux.intermediate +# The output of the linux.intermediate is the bzImage in the +# linus build directory. We need to copy it into our board +# specific directory for ease of locating it later. +$(linux_board_dir)/arch/x86/boot/bzImage: linux.intermediate $(build)/$(BOARD)/bzImage: $(linux_board_dir)/arch/x86/boot/bzImage $(call do-copy,$<,$@) From e88700d0d9c72faf72533b360e3a63d0a6d603be Mon Sep 17 00:00:00 2001 From: Trammell hudson Date: Mon, 26 Feb 2018 11:42:07 -0500 Subject: [PATCH 17/26] add inteltool build instructions (not included by default) --- Makefile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Makefile b/Makefile index a371f182..e9671bf7 100644 --- a/Makefile +++ b/Makefile @@ -86,6 +86,7 @@ musl_dep := musl heads_cc := $(INSTALL)/bin/musl-gcc \ -fdebug-prefix-map=$(pwd)=heads \ -gno-record-gcc-switches \ + -D__MUSL__ \ CROSS := $(build)/../crossgcc/x86_64-linux-musl/bin/x86_64-musl-linux- CROSS_TOOLS_NOCC := \ @@ -333,6 +334,7 @@ bin_modules-$(CONFIG_GPG) += gpg bin_modules-$(CONFIG_LVM2) += lvm2 bin_modules-$(CONFIG_XEN) += xen bin_modules-$(CONFIG_DROPBEAR) += dropbear +bin_modules-$(CONFIG_FLASHTOOLS) += flashtools $(foreach m, $(bin_modules-y), \ $(call map,initrd_bin_add,$(call bins,$m)) \ @@ -365,6 +367,7 @@ $(initrd_bin_dir)/busybox: $(build)/$(busybox_dir)/busybox # ifeq ($(CONFIG_COREBOOT),y) $(eval $(call initrd_bin_add,$(build)/$(coreboot_dir)/util/cbmem/cbmem)) +#$(eval $(call initrd_bin_add,$(build)/$(coreboot_dir)/util/inteltool/inteltool)) endif $(build)/$(coreboot_dir)/util/cbmem/cbmem: \ @@ -373,6 +376,12 @@ $(build)/$(coreboot_dir)/util/cbmem/cbmem: \ $(call do,MAKE,cbmem,\ $(MAKE) -C "$(dir $@)" CC="$(heads_cc)" \ ) +$(build)/$(coreboot_dir)/util/inteltool/inteltool: \ + $(build)/$(coreboot_dir)/.canary \ + musl.intermediate + $(call do,MAKE,inteltool,\ + $(MAKE) -C "$(dir $@)" CC="$(heads_cc)" \ + ) # # initrd image creation From 1b8ac07a58bc095688bb6d7d2fbc84fd20b381a9 Mon Sep 17 00:00:00 2001 From: Kyle Rankin Date: Mon, 26 Feb 2018 13:28:11 -0800 Subject: [PATCH 18/26] Fix bad slang modules file The modules file had a few errors that prevented slang from being built. First the src/elfobjs file needed to be created before make started. Second it needed to be configured without external png, pcre and onig libraries it doesn't need for this application. --- modules/slang | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/slang b/modules/slang index 28600373..ef31de02 100644 --- a/modules/slang +++ b/modules/slang @@ -11,6 +11,9 @@ slang_configure := ./configure \ --prefix "/" \ --host i386-elf-linux \ --with-png=no \ + --with-pcre=no \ + --with-onig=no \ + && mkdir src/elfobjs slang_target := \ $(MAKE_JOBS) \ From ff9925a6d45b3b64a83661975e99654bb3efa084 Mon Sep 17 00:00:00 2001 From: Trammell hudson Date: Mon, 26 Feb 2018 16:32:42 -0500 Subject: [PATCH 19/26] remove ancient default CONFIG variable --- Makefile | 7 ------- 1 file changed, 7 deletions(-) diff --git a/Makefile b/Makefile index 45a542c7..f78c4257 100644 --- a/Makefile +++ b/Makefile @@ -66,13 +66,6 @@ initrd_bin_dir := $(initrd_dir)/bin $(shell mkdir -p "$(initrd_lib_dir)" "$(initrd_bin_dir)") -#ifeq "$(CONFIG)" "" -#CONFIG := config/qemu-moc.config -#$(eval $(shell echo >&2 "$(DATE) CONFIG is not set, defaulting to $(CONFIG)")) -#endif -# -#include $(CONFIG) - # We are running our own version of make, # proceed with the build. From 2facd55e44ab5a7b6303268ff8dbf35c4cc6b07e Mon Sep 17 00:00:00 2001 From: Trammell hudson Date: Wed, 28 Feb 2018 02:46:14 -0500 Subject: [PATCH 20/26] flashtool can write to the winterfell ROM --- boards/winterfell.config | 3 ++- modules/flashtools | 26 ++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 modules/flashtools diff --git a/boards/winterfell.config b/boards/winterfell.config index d946bdfc..4159a0e1 100644 --- a/boards/winterfell.config +++ b/boards/winterfell.config @@ -5,7 +5,7 @@ CONFIG_LINUXBOOT_ROM=blobs/winterfell.rom CONFIG_LINUX_CONFIG=config/linux-linuxboot.config # If you want to build with the go-based u-root instead of Heads -CONFIG_UROOT=y +CONFIG_UROOT ?= y ifeq "$(CONFIG_UROOT)" "y" # The busybox will likely be redundant and can be trimmed for space. @@ -16,6 +16,7 @@ else # These don't fit if u-root is turned on CONFIG_CRYPTSETUP=y CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG=y CONFIG_KEXEC=y CONFIG_UTIL_LINUX=y diff --git a/modules/flashtools b/modules/flashtools new file mode 100644 index 00000000..21686a84 --- /dev/null +++ b/modules/flashtools @@ -0,0 +1,26 @@ +modules-$(CONFIG_FLASHTOOLS) += flashtools + +flashtools_depends := $(musl_dep) + +flashtools_version := git +flashtools_repo := ssh://git@github.com/osresearch/flashtools + +flashtools_version := 0.0.1 +flashtools_dir := flashtools-$(flashtools_version) +flashtools_tar := flashtools-$(flashtools_version).tar.gz +flashtools_url := https://github.com/osresearch/flashtools/archive/v$(flashtools_version).tar.gz +flashtools_hash := e8205aa3d19e536080f5974ed06ab9a88c4c3f37870c2f6a3a08a2f39302c22c + +flashtools_target := \ + $(CROSS_TOOLS) \ + CFLAGS="-I$(INSTALL)/include" \ + LDFLAGS="-L$(INSTALL)/lib" \ + +flashtools_output := \ + flashtool \ + peek \ + poke \ + +flashtools_libraries := \ + +flashtools_configure := From f618f09a6985a961a789ef52bc779d474ca3b947 Mon Sep 17 00:00:00 2001 From: Trammell hudson Date: Wed, 28 Feb 2018 10:48:35 -0500 Subject: [PATCH 21/26] Generate a fake EBDA with kexec, removing the need for a custom xen (#227) This modifies the segment at 0x0 so that it contains enough of a fake Extended BIOS Data Area at addresses 0x40e and 0x413 that Xen can correctly locate its trampoline code. Since custom Xen is no longer required, we can remove the module, the patches and all of the references to it in the board definition files. --- Makefile | 3 - boards/r630.config | 1 - boards/s2600wf.config | 1 - boards/winterfell.config | 1 - boards/x220.config | 2 - boards/x230.config | 2 - modules/kexec | 4 +- modules/xen | 34 --------- patches/kexec-2.0.12.patch | 102 --------------------------- patches/kexec-2.0.16.patch | 89 +++++++++++++++++++++++ patches/xen-4.6.6-36.patch | 140 ------------------------------------- patches/xen-4.8.2-12.patch | 130 ---------------------------------- 12 files changed, 91 insertions(+), 418 deletions(-) delete mode 100644 modules/xen delete mode 100644 patches/kexec-2.0.12.patch create mode 100644 patches/kexec-2.0.16.patch delete mode 100644 patches/xen-4.6.6-36.patch delete mode 100644 patches/xen-4.8.2-12.patch diff --git a/Makefile b/Makefile index 36ec2cb4..217a189e 100644 --- a/Makefile +++ b/Makefile @@ -325,7 +325,6 @@ bin_modules-$(CONFIG_FLASHROM) += flashrom bin_modules-$(CONFIG_CRYPTSETUP) += cryptsetup bin_modules-$(CONFIG_GPG) += gpg bin_modules-$(CONFIG_LVM2) += lvm2 -bin_modules-$(CONFIG_XEN) += xen bin_modules-$(CONFIG_DROPBEAR) += dropbear bin_modules-$(CONFIG_FLASHTOOLS) += flashtools bin_modules-$(CONFIG_NEWT) += newt @@ -339,8 +338,6 @@ $(foreach m, $(modules-y), \ $(call map,initrd_lib_add,$(call libs,$m)) \ ) -#$(foreach _, $(call outputs,xen), $(eval $(call initrd_bin,$_))) - # hack to install busybox into the initrd $(build)/$(BOARD)/heads.cpio: busybox.intermediate initrd_bins += $(initrd_bin_dir)/busybox diff --git a/boards/r630.config b/boards/r630.config index b112818a..b24425e1 100644 --- a/boards/r630.config +++ b/boards/r630.config @@ -16,7 +16,6 @@ CONFIG_PCIUTILS=y CONFIG_POPT=y CONFIG_QRENCODE=y CONFIG_TPMTOTP=y -#CONFIG_XEN=y CONFIG_DROPBEAR=y CONFIG_LINUX_USB=y diff --git a/boards/s2600wf.config b/boards/s2600wf.config index e40203b2..b384ada0 100644 --- a/boards/s2600wf.config +++ b/boards/s2600wf.config @@ -24,7 +24,6 @@ CONFIG_PCIUTILS=y #CONFIG_POPT=y #CONFIG_QRENCODE=y #CONFIG_TPMTOTP=y -#CONFIG_XEN=y CONFIG_DROPBEAR=y CONFIG_LINUX_USB=y diff --git a/boards/winterfell.config b/boards/winterfell.config index 4159a0e1..f93d2e75 100644 --- a/boards/winterfell.config +++ b/boards/winterfell.config @@ -26,7 +26,6 @@ CONFIG_PCIUTILS=y CONFIG_POPT=y #CONFIG_QRENCODE=y #CONFIG_TPMTOTP=y -CONFIG_XEN=y CONFIG_DROPBEAR=y endif diff --git a/boards/x220.config b/boards/x220.config index b485bfba..f59573c3 100644 --- a/boards/x220.config +++ b/boards/x220.config @@ -15,8 +15,6 @@ CONFIG_PCIUTILS=y CONFIG_POPT=y CONFIG_QRENCODE=y CONFIG_TPMTOTP=y -CONFIG_XEN=y -CONFIG_XEN_VERSION=4.6 CONFIG_DROPBEAR=y CONFIG_LINUX_USB=y diff --git a/boards/x230.config b/boards/x230.config index 3e0b2085..c474e77d 100644 --- a/boards/x230.config +++ b/boards/x230.config @@ -14,8 +14,6 @@ CONFIG_PCIUTILS=y CONFIG_POPT=y CONFIG_QRENCODE=y CONFIG_TPMTOTP=y -CONFIG_XEN=y -CONFIG_XEN_VERSION=4.8 CONFIG_DROPBEAR=y CONFIG_LINUX_USB=y diff --git a/modules/kexec b/modules/kexec index 2dfc7381..d2311c21 100644 --- a/modules/kexec +++ b/modules/kexec @@ -1,10 +1,10 @@ modules-$(CONFIG_KEXEC) += kexec -kexec_version := 2.0.12 +kexec_version := 2.0.16 kexec_dir := kexec-tools-$(kexec_version) kexec_tar := kexec-tools-$(kexec_version).tar.gz kexec_url := https://kernel.org/pub/linux/utils/kernel/kexec/$(kexec_tar) -kexec_hash := cc7b60dad0da202004048a6179d8a53606943062dd627a2edba45a8ea3a85135 +kexec_hash := cf17fc99bf77c9b39f06ee88ac0e86d0349c4a0c3f8214a3cc78eece872f6f3a kexec_configure := ./configure \ $(CROSS_TOOLS) \ diff --git a/modules/xen b/modules/xen deleted file mode 100644 index 643d4ff7..00000000 --- a/modules/xen +++ /dev/null @@ -1,34 +0,0 @@ -modules-$(CONFIG_XEN) += xen - -ifeq "$(CONFIG_XEN_VERSION)" "4.8" - xen_base_version := 4.8.2 - xen_version := $(xen_base_version)-12 - xen_hash := dbadfcd93f6b9f1735816b59ff8f68bb05056bf8780d93345535af5bc3760531 -else - xen_base_version := 4.6.6 - xen_version := $(xen_base_version)-36 - xen_hash := fcf0703b2931a9230653e0cf38831bad629ab561f6498b8292e532e873286464 -endif - -# We extract the entire Xen tree, but only use the xen/xen hypervisor -# portion since Qubes provides the rest of it. -xen_dir := qubes-vmm-xen-$(xen_version) -xen_tar := qubes-vmm-xen-$(xen_version).tar.gz -xen_url := https://github.com/QubesOS/qubes-vmm-xen/archive/v$(xen_version).tar.gz - -xen_depends := musl-cross - -xen_output := xen-$(xen_base_version)/xen/xen.gz -xen_configure := - -xen_target := \ - $(MAKE_JOBS) \ - $(CROSS_TOOLS_NOCC) \ - XEN_WHOAMI=$(GIT_HASH) \ - XEN_DOMAIN=heads \ - XEN_BUILD_DATE=1970-01-01 \ - XEN_BUILD_TIME=00:00:00 \ - XEN_BUILD_HOST=xen-buildhost \ - CC="$(CROSS)gcc -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-builtin-macro-redefined -D__FILE__=\\\"__FILE__\\\"" \ - HOSTCC="gcc" \ - xen.gz diff --git a/patches/kexec-2.0.12.patch b/patches/kexec-2.0.12.patch deleted file mode 100644 index 1dbf48b4..00000000 --- a/patches/kexec-2.0.12.patch +++ /dev/null @@ -1,102 +0,0 @@ -diff -u --recursive ../clean/kexec-tools-2.0.12/include/config.h kexec-tools-2.0.12/include/config.h ---- ../clean/kexec-tools-2.0.12/include/config.h 2016-03-21 21:08:17.000000000 -0400 -+++ kexec-tools-2.0.12/include/config.h 2017-04-08 11:28:01.644379416 -0400 -@@ -11,7 +11,7 @@ - /* #undef HAVE_LIBLZMA */ - - /* Define to 1 if you have the `xenctrl' library (-lxenctrl). */ --#define HAVE_LIBXENCTRL 1 -+/* #undef HAVE_LIBXENCTRL */ - - /* Define to 1 if you have the `z' library (-lz). */ - #define HAVE_LIBZ 1 -diff -u --recursive ../clean/kexec-tools-2.0.12/kexec/arch/i386/kexec-x86-common.c kexec-tools-2.0.12/kexec/arch/i386/kexec-x86-common.c ---- ../clean/kexec-tools-2.0.12/kexec/arch/i386/kexec-x86-common.c 2015-11-29 18:52:07.000000000 -0500 -+++ kexec-tools-2.0.12/kexec/arch/i386/kexec-x86-common.c 2017-04-08 11:28:00.688368402 -0400 -@@ -24,6 +24,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -74,20 +75,20 @@ - return -1; - } - while(fgets(line, sizeof(line), fp) != 0) { -- unsigned long long start, end; -+ uintptr_t start, end; - char *str; - int type; - int consumed; - int count; - if (memory_ranges >= MAX_MEMORY_RANGES) - break; -- count = sscanf(line, "%Lx-%Lx : %n", -+ count = sscanf(line, "%"SCNxPTR"-%"SCNxPTR" : %n", - &start, &end, &consumed); - if (count != 2) - continue; - str = line + consumed; - -- dbgprintf("%016Lx-%016Lx : %s", start, end, str); -+ dbgprintf("%016"PRIxPTR"-%016"PRIxPTR" : %s", start, end, str); - - if (memcmp(str, "System RAM\n", 11) == 0) { - type = RANGE_RAM; -@@ -114,7 +115,7 @@ - memory_range[memory_ranges].end = end; - memory_range[memory_ranges].type = type; - -- dbgprintf("%016Lx-%016Lx : %x\n", start, end, type); -+ dbgprintf("%016"PRIxPTR"-%016"PRIxPTR" : %x\n", start, end, type); - - memory_ranges++; - } -diff -u --recursive ../clean/kexec-tools-2.0.12/Makefile.in kexec-tools-2.0.12/Makefile.in ---- ../clean/kexec-tools-2.0.12/Makefile.in 2014-10-14 00:58:06.000000000 -0400 -+++ kexec-tools-2.0.12/Makefile.in 2017-04-08 11:28:00.688368402 -0400 -@@ -158,16 +158,16 @@ - - # kdump (read a crashdump from memory) - # --include $(srcdir)/kdump/Makefile -+#include $(srcdir)/kdump/Makefile - - # vmcore-dmesg (read dmesg from a vmcore) - # --include $(srcdir)/vmcore-dmesg/Makefile -+#include $(srcdir)/vmcore-dmesg/Makefile - - # - # kexec_test (test program) - # --include $(srcdir)/kexec_test/Makefile -+#include $(srcdir)/kexec_test/Makefile - - SPEC=$(PACKAGE_NAME).spec - GENERATED_SRCS:= $(SPEC) -diff -u --recursive ../clean/kexec-tools-2.0.12/purgatory/Makefile kexec-tools-2.0.12/purgatory/Makefile ---- ../clean/kexec-tools-2.0.12/purgatory/Makefile 2015-04-30 01:05:17.000000000 -0400 -+++ kexec-tools-2.0.12/purgatory/Makefile 2017-04-08 11:28:00.688368402 -0400 -@@ -45,7 +45,6 @@ - mkdir -p $(@D) - $(COMPILE.c) -o $@ $^ - --$(PURGATORY): CC=$(TARGET_CC) - $(PURGATORY): CFLAGS+=$(PURGATORY_EXTRA_CFLAGS) \ - $($(ARCH)_PURGATORY_EXTRA_CFLAGS) \ - -Os -fno-builtin -ffreestanding \ -diff -u --recursive ../clean/kexec-tools-2.0.12/util/Makefile kexec-tools-2.0.12/util/Makefile ---- ../clean/kexec-tools-2.0.12/util/Makefile 2010-07-29 05:22:16.000000000 -0400 -+++ kexec-tools-2.0.12/util/Makefile 2017-04-08 11:32:33.267394444 -0400 -@@ -2,7 +2,7 @@ - - $(BIN_TO_HEX): $(srcdir)/util/bin-to-hex.c - @$(MKDIR) -p $(@D) -- $(LINK.o) $(CFLAGS) -o $@ $^ -+ $(BUILD_CC) $(BUILD_CFLAGS) -o $@ $^ - - $(BIN_TO_HEX): CC=$(BUILD_CC) - $(BIN_TO_HEX): CFLAGS=$(BUILD_CFLAGS) diff --git a/patches/kexec-2.0.16.patch b/patches/kexec-2.0.16.patch new file mode 100644 index 00000000..fc9a2579 --- /dev/null +++ b/patches/kexec-2.0.16.patch @@ -0,0 +1,89 @@ +diff -u --recursive clean/kexec-tools-2.0.16/Makefile.in kexec-tools-2.0.16/Makefile.in +--- clean/kexec-tools-2.0.16/Makefile.in 2016-12-09 04:42:06.000000000 -0500 ++++ kexec-tools-2.0.16/Makefile.in 2018-02-28 05:39:20.461000000 -0500 +@@ -158,16 +158,16 @@ + + # kdump (read a crashdump from memory) + # +-include $(srcdir)/kdump/Makefile ++#include $(srcdir)/kdump/Makefile + + # vmcore-dmesg (read dmesg from a vmcore) + # +-include $(srcdir)/vmcore-dmesg/Makefile ++#include $(srcdir)/vmcore-dmesg/Makefile + + # + # kexec_test (test program) + # +-include $(srcdir)/kexec_test/Makefile ++#include $(srcdir)/kexec_test/Makefile + + SPEC=$(PACKAGE_NAME).spec + GENERATED_SRCS:= $(SPEC) +diff -u --recursive clean/kexec-tools-2.0.16/include/config.h kexec-tools-2.0.16/include/config.h +--- clean/kexec-tools-2.0.16/include/config.h 2017-11-20 04:17:12.000000000 -0500 ++++ kexec-tools-2.0.16/include/config.h 2018-02-28 05:39:22.420000000 -0500 +@@ -17,7 +17,7 @@ + /* #undef HAVE_LIBXENCTRL */ + + /* Define to 1 if you have the `z' library (-lz). */ +-/* #undef HAVE_LIBZ */ ++#define HAVE_LIBZ 1 + + /* Define to 1 if you have the header file. */ + #define HAVE_MEMORY_H 1 +diff -u --recursive clean/kexec-tools-2.0.16/kexec/kexec.c kexec-tools-2.0.16/kexec/kexec.c +--- clean/kexec-tools-2.0.16/kexec/kexec.c 2017-03-02 04:45:46.000000000 -0500 ++++ kexec-tools-2.0.16/kexec/kexec.c 2018-02-28 10:40:01.662000000 -0500 +@@ -794,6 +794,27 @@ + if (sort_segments(&info) < 0) { + return -1; + } ++ ++#if 1 ++ // force segment 0 to have memsz == bufsz ++ // so that it won't overwrite EBDA ++ if (info.segment[0].mem == 0) ++ { ++ if (kexec_debug) ++ printf("hack ebda into segment 0!\n"); ++ ++ uint8_t * ebda = calloc(1, info.segment[0].memsz); ++ memcpy(ebda, info.segment[0].buf, info.segment[0].bufsz); ++ info.segment[0].bufsz = info.segment[0].memsz; ++ info.segment[0].buf = ebda; ++ ++ // install some default EBDA values that are off scale, ++ // which will force Xen to use the multiboot info ++ *(uint16_t*)(ebda + 0x40e) = 0xFFFF; // segment ++ *(uint16_t*)(ebda + 0x413) = 0xFFFF; // size ++ } ++#endif ++ + /* if purgatory is loaded update it */ + update_purgatory(&info); + if (entry) +diff -u --recursive clean/kexec-tools-2.0.16/purgatory/Makefile kexec-tools-2.0.16/purgatory/Makefile +--- clean/kexec-tools-2.0.16/purgatory/Makefile 2017-01-31 06:23:48.000000000 -0500 ++++ kexec-tools-2.0.16/purgatory/Makefile 2018-02-28 05:39:20.461000000 -0500 +@@ -44,7 +44,6 @@ + mkdir -p $(@D) + $(COMPILE.c) -o $@ $^ + +-$(PURGATORY): CC=$(TARGET_CC) + $(PURGATORY): CFLAGS+=$(PURGATORY_EXTRA_CFLAGS) \ + $($(ARCH)_PURGATORY_EXTRA_CFLAGS) \ + -Os -fno-builtin -ffreestanding \ +diff -u --recursive clean/kexec-tools-2.0.16/util/Makefile kexec-tools-2.0.16/util/Makefile +--- clean/kexec-tools-2.0.16/util/Makefile 2010-07-29 05:22:16.000000000 -0400 ++++ kexec-tools-2.0.16/util/Makefile 2018-02-28 05:39:20.461000000 -0500 +@@ -2,7 +2,7 @@ + + $(BIN_TO_HEX): $(srcdir)/util/bin-to-hex.c + @$(MKDIR) -p $(@D) +- $(LINK.o) $(CFLAGS) -o $@ $^ ++ $(BUILD_CC) $(BUILD_CFLAGS) -o $@ $^ + + $(BIN_TO_HEX): CC=$(BUILD_CC) + $(BIN_TO_HEX): CFLAGS=$(BUILD_CFLAGS) diff --git a/patches/xen-4.6.6-36.patch b/patches/xen-4.6.6-36.patch deleted file mode 100644 index 996ecc7f..00000000 --- a/patches/xen-4.6.6-36.patch +++ /dev/null @@ -1,140 +0,0 @@ -diff --git ./Makefile ./Makefile -index 13fa4af..0320888 100644 ---- ./Makefile -+++ ./Makefile -@@ -122,6 +122,7 @@ verrel: - - .PHONY: clean - clean:: -+ rm -rf xen-$(version)/ - @echo "Running the %clean script of the rpmbuild..." - -$(RPMBUILD) --clean --nodeps $(SPECFILE) - -@@ -153,6 +154,14 @@ update-repo-installer: - for pkg in $(xen-pkgs); do ln -f rpm/x86_64/$$pkg*.rpm ../installer/yum/qubes-dom0/rpm/; done - ln -f rpm/x86_64/xen-hvm-$(version)gui2*-$(release).$(DIST_DOM0)*.rpm ../installer/yum/qubes-dom0/rpm/ - -+xen-$(version)/.canary: xen-$(version).tar.gz -+ tar xzvf xen-$(version).tar.gz -+ cd xen-$(version) && ../apply-patches ../series.conf ../ -+ touch $@ -+ -+xen.gz: xen-$(version)/.canary -+ $(MAKE) -C xen-$(version)/ xen -+ - help: - @echo "Usage: make " - @echo -diff --git ./apply-patches ./apply-patches -index b1c8468..74a4c20 100755 ---- ./apply-patches -+++ ./apply-patches -@@ -6,8 +6,7 @@ - - USAGE="$0 [--vanilla] [symbol ...]" - --set -e --set -o pipefail -+set -euf - if test $# -lt 2; then - echo "$USAGE" >&2 - exit 1 -@@ -17,10 +16,7 @@ SERIES_CONF=$1 - PATCH_DIR=$2 - shift 2 - --( -- echo "trap 'echo \"*** patch \$_ failed ***\"' ERR" -- echo "set -ex" -- egrep -v '^\s*#|^\s*$' <"$SERIES_CONF" | \ -- sed "s|^|patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/|" --) | sh -- -+for i in `egrep -v '^\s*#|^\s*$' < $SERIES_CONF` -+do -+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/$i -+done -diff --git ./series.conf ./series.conf -index 80972b7..1466c44 100644 ---- ./series.conf -+++ ./series.conf -@@ -115,3 +115,5 @@ patches.qubes/libxl-disable-forced-vkb-for-HVM.patch - patches.qubes/xenconsoled-enable-logging.patch - patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch - patches.qubes/xen-hotplug-qubesdb-update.patch -+ -+patches.heads/heads.patch -diff --git ./patches.heads/heads.patch ./patches.heads/heads.patch -new file mode 100644 -index 0000000..bb17c3d ---- /dev/null -+++ ./patches.heads/heads.patch -@@ -0,0 +1,68 @@ -+diff --recursive -u ../xen-4.6.5-clean/xen/arch/x86/boot/head.S ./xen/arch/x86/boot/head.S -+--- ../xen-4.6.5-clean/xen/arch/x86/boot/head.S 2017-03-07 11:19:05.000000000 -0500 -++++ ./xen/arch/x86/boot/head.S 2017-06-23 21:18:50.498798061 -0400 -+@@ -86,6 +86,8 @@ -+ cmp $MULTIBOOT_BOOTLOADER_MAGIC,%eax -+ jne not_multiboot -+ -++#if 0 -++ -+ /* Set up trampoline segment 64k below EBDA */ -+ movzwl 0x40e,%eax /* EBDA segment */ -+ cmp $0xa000,%eax /* sanity check (high) */ -+@@ -108,6 +110,12 @@ -+ shl $10-4,%edx -+ cmp %eax,%edx /* compare with BDA value */ -+ cmovb %edx,%eax /* and use the smaller */ -++#else -++ // coreboot does not provide an Extended BIOS Data Area pointer -++ // just stash things the Multiboot structure, adjusted to bytes -++ mov MB_mem_lower(%ebx),%eax -++ shl $10-4,%eax -++#endif -+ -+ 2: /* Reserve 64kb for the trampoline */ -+ sub $0x1000,%eax -+diff --recursive -u ../xen-4.6.5-clean/xen/arch/x86/boot/mkelf32.c ./xen/arch/x86/boot/mkelf32.c -+--- ../xen-4.6.5-clean/xen/arch/x86/boot/mkelf32.c 2017-03-07 11:19:05.000000000 -0500 -++++ ./xen/arch/x86/boot/mkelf32.c 2017-06-23 21:18:50.498798061 -0400 -+@@ -231,14 +231,14 @@ -+ u32 loadbase, dat_siz, mem_siz; -+ char *inimage, *outimage; -+ int infd, outfd; -+- char buffer[1024]; -++ char buffer[1024] = {}; -+ int bytes, todo, i; -+ -+- Elf32_Ehdr in32_ehdr; -+- Elf32_Phdr in32_phdr; -++ Elf32_Ehdr in32_ehdr = {}; -++ Elf32_Phdr in32_phdr = {}; -+ -+- Elf64_Ehdr in64_ehdr; -+- Elf64_Phdr in64_phdr; -++ Elf64_Ehdr in64_ehdr = {}; -++ Elf64_Phdr in64_phdr = {}; -+ -+ if ( argc != 5 ) -+ { -+--- ../xen-4.6.5-clean/xen/Makefile.orig 2017-06-26 16:11:02.692193372 -0400 -++++ ./xen/Makefile 2017-06-26 16:11:46.528708643 -0400 -+@@ -97,7 +97,7 @@ -+ rm -f tags TAGS cscope.files cscope.in.out cscope.out cscope.po.out GTAGS GPATH GRTAGS GSYMS -+ -+ $(TARGET).gz: $(TARGET) -+- gzip -f -9 < $< > $@.new -++ gzip -f -9 -n < $< > $@.new -+ mv $@.new $@ -+ -+ $(TARGET): delete-unfresh-files -+@@ -121,7 +121,7 @@ -+ fi -+ -+ .banner: Makefile -+- @if which figlet >/dev/null 2>&1 ; then \ -++ @if false ; then \ -+ echo " Xen $(XEN_FULLVERSION)" | figlet -f tools/xen.flf > $@.tmp; \ -+ else \ -+ echo " Xen $(XEN_FULLVERSION)" > $@.tmp; \ diff --git a/patches/xen-4.8.2-12.patch b/patches/xen-4.8.2-12.patch deleted file mode 100644 index 2067699d..00000000 --- a/patches/xen-4.8.2-12.patch +++ /dev/null @@ -1,130 +0,0 @@ -diff --git ./Makefile ./Makefile -index 75df729..4113caa 100644 ---- ./Makefile -+++ ./Makefile -@@ -122,6 +122,7 @@ verrel: - - .PHONY: clean - clean:: -+ rm -rf xen-$(version)/ - @echo "Running the %clean script of the rpmbuild..." - -$(RPMBUILD) --clean --nodeps $(SPECFILE) - -@@ -153,6 +154,14 @@ update-repo-installer: - for pkg in $(xen-pkgs); do ln -f rpm/x86_64/$$pkg*.rpm ../installer/yum/qubes-dom0/rpm/; done - ln -f rpm/x86_64/xen-hvm-$(version)gui2*-$(release).$(DIST_DOM0)*.rpm ../installer/yum/qubes-dom0/rpm/ - -+xen-$(version)/.canary: xen-$(version).tar.gz -+ tar xzvf xen-$(version).tar.gz -+ cd xen-$(version) && ../apply-patches ../series.conf ../ -+ touch $@ -+ -+xen.gz: xen-$(version)/.canary -+ $(MAKE) -C xen-$(version)/ xen -+ - help: - @echo "Usage: make " - @echo -diff --git ./apply-patches ./apply-patches -index b1c8468..74a4c20 100755 ---- ./apply-patches -+++ ./apply-patches -@@ -6,8 +6,7 @@ - - USAGE="$0 [--vanilla] [symbol ...]" - --set -e --set -o pipefail -+set -euf - if test $# -lt 2; then - echo "$USAGE" >&2 - exit 1 -@@ -17,10 +16,7 @@ SERIES_CONF=$1 - PATCH_DIR=$2 - shift 2 - --( -- echo "trap 'echo \"*** patch \$_ failed ***\"' ERR" -- echo "set -ex" -- egrep -v '^\s*#|^\s*$' <"$SERIES_CONF" | \ -- sed "s|^|patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/|" --) | sh -- -+for i in `egrep -v '^\s*#|^\s*$' < $SERIES_CONF` -+do -+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i $PATCH_DIR/$i -+done -diff --git ./patches.heads/heads.patch ./patches.heads/heads.patch -new file mode 100644 -index 0000000..d956f8a ---- /dev/null -+++ ./patches.heads/heads.patch -@@ -0,0 +1,54 @@ -+diff -u --recursive xen-4.8.2-clean/xen/arch/x86/boot/head.S xen-4.8.2/xen/arch/x86/boot/head.S -+--- xen-4.8.2-clean/xen/arch/x86/boot/head.S 2017-09-06 06:26:35.000000000 -0400 -++++ xen-4.8.2/xen/arch/x86/boot/head.S 2017-09-13 21:58:31.186882703 -0400 -+@@ -86,6 +86,8 @@ -+ cmp $MULTIBOOT_BOOTLOADER_MAGIC,%eax -+ jne not_multiboot -+ -++#if 0 -++ -+ /* Set up trampoline segment 64k below EBDA */ -+ movzwl 0x40e,%ecx /* EBDA segment */ -+ cmp $0xa000,%ecx /* sanity check (high) */ -+@@ -108,6 +110,12 @@ -+ shl $10-4,%edx -+ cmp %ecx,%edx /* compare with BDA value */ -+ cmovb %edx,%ecx /* and use the smaller */ -++#else -++ // coreboot does not provide an Extended BIOS Data Area pointer -++ // just stash things the Multiboot structure, adjusted to bytes -++ mov MB_mem_lower(%ebx),%ecx -++ shl $10-4,%ecx -++#endif -+ -+ 2: /* Reserve 64kb for the trampoline */ -+ sub $0x1000,%ecx -+diff -u --recursive xen-4.8.2-clean/xen/arch/x86/boot/mkelf32.c xen-4.8.2/xen/arch/x86/boot/mkelf32.c -+--- xen-4.8.2-clean/xen/arch/x86/boot/mkelf32.c 2017-09-06 06:26:35.000000000 -0400 -++++ xen-4.8.2/xen/arch/x86/boot/mkelf32.c 2017-09-13 21:58:31.186882703 -0400 -+@@ -264,10 +264,10 @@ -+ int bytes, todo, i = 1; -+ int num_phdrs = 1; -+ -+- Elf32_Ehdr in32_ehdr; -++ Elf32_Ehdr in32_ehdr = {}; -+ -+- Elf64_Ehdr in64_ehdr; -+- Elf64_Phdr in64_phdr; -++ Elf64_Ehdr in64_ehdr = {}; -++ Elf64_Phdr in64_phdr = {}; -+ -+ if ( argc < 5 ) -+ { -+diff -u --recursive xen-4.8.2-clean/xen/Makefile xen-4.8.2/xen/Makefile -+--- xen-4.8.2-clean/xen/Makefile 2017-09-06 06:26:35.000000000 -0400 -++++ xen-4.8.2/xen/Makefile 2017-09-13 21:58:31.186882703 -0400 -+@@ -152,7 +152,7 @@ -+ fi -+ -+ .banner: Makefile -+- @if which figlet >/dev/null 2>&1 ; then \ -++ @if false ; then \ -+ echo " Xen $(XEN_FULLVERSION)" | figlet -f tools/xen.flf > $@.tmp; \ -+ else \ -+ echo " Xen $(XEN_FULLVERSION)" > $@.tmp; \ -diff --git ./series.conf ./series.conf -index 750ec6c..0706300 100644 ---- ./series.conf -+++ ./series.conf -@@ -97,6 +97,9 @@ patches.qubes/xenconsoled-enable-logging.patch - patches.qubes/vm-0001-hotplug-do-not-attempt-to-remove-containing-xenstore.patch - patches.qubes/xen-hotplug-qubesdb-update.patch - -+# Custom patches for Heads -+patches.heads/heads.patch -+ - #python3 - patches.misc/0001-python-check-return-value-of-PyErr_NewException.patch - patches.misc/0002-python-drop-tp_getattr-implementation.patch From 495e88f1752820057c34d20466f009f5d407966a Mon Sep 17 00:00:00 2001 From: Trammell hudson Date: Wed, 28 Feb 2018 10:53:18 -0500 Subject: [PATCH 22/26] correct flashtools repo url --- modules/flashtools | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/flashtools b/modules/flashtools index 21686a84..08c3d1cf 100644 --- a/modules/flashtools +++ b/modules/flashtools @@ -3,7 +3,7 @@ modules-$(CONFIG_FLASHTOOLS) += flashtools flashtools_depends := $(musl_dep) flashtools_version := git -flashtools_repo := ssh://git@github.com/osresearch/flashtools +flashtools_repo := https://github.com/osresearch/flashtools flashtools_version := 0.0.1 flashtools_dir := flashtools-$(flashtools_version) From a4f121b838d1c71de4d43ea4ccec79294c42f898 Mon Sep 17 00:00:00 2001 From: Trammell hudson Date: Wed, 28 Feb 2018 11:12:02 -0500 Subject: [PATCH 23/26] make uroot optional --- boards/qemu-coreboot.config | 33 ++++++++++++++++++++------------- boards/qemu-linuxboot.config | 27 ++++++++++++++------------- 2 files changed, 34 insertions(+), 26 deletions(-) diff --git a/boards/qemu-coreboot.config b/boards/qemu-coreboot.config index cedc4fcc..c0d4c062 100644 --- a/boards/qemu-coreboot.config +++ b/boards/qemu-coreboot.config @@ -5,20 +5,25 @@ CONFIG_COREBOOT=y CONFIG_COREBOOT_CONFIG=config/coreboot-qemu.config CONFIG_LINUX_CONFIG=config/linux-qemu.config -CONFIG_CRYPTSETUP=y -CONFIG_FLASHROM=y -CONFIG_GPG=y +ifeq "$(CONFIG_UROOT)" "y" +CONFIG_BUSYBOX=n +else CONFIG_KEXEC=y -CONFIG_UTIL_LINUX=y -CONFIG_LVM2=y -CONFIG_MBEDTLS=y -CONFIG_PCIUTILS=y -CONFIG_POPT=y CONFIG_QRENCODE=y CONFIG_TPMTOTP=y +CONFIG_POPT=y +CONFIG_FLASHTOOLS=y +#CONFIG_FLASHROM=y +CONFIG_PCIUTILS=y +CONFIG_UTIL_LINUX=y +CONFIG_CRYPTSETUP=y +CONFIG_GPG=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y CONFIG_DROPBEAR=y -CONFIG_XEN=y -CONFIG_XEN_VERSION=4.6 +CONFIG_NEWT=y +CONFIG_SLANG=y +endif CONFIG_LINUX_USB=y CONFIG_LINUX_E1000=y @@ -26,8 +31,10 @@ CONFIG_LINUX_E1000=y CONFIG_BOOTSCRIPT=/bin/generic-init CONFIG_TPM=n -run: coreboot.intermediate -run: $(build)/$(BOARD)/coreboot.rom +#run: coreboot.intermediate +run: qemu-system-x86_64 \ --machine q35 \ - --bios $< \ + --serial /dev/tty \ + --bios $(build)/$(BOARD)/coreboot.rom \ + ; stty sane diff --git a/boards/qemu-linuxboot.config b/boards/qemu-linuxboot.config index 7e4461f6..98db32be 100644 --- a/boards/qemu-linuxboot.config +++ b/boards/qemu-linuxboot.config @@ -4,25 +4,26 @@ CONFIG_LINUXBOOT=y CONFIG_LINUXBOOT_BOARD=qemu CONFIG_LINUX_CONFIG=config/linux-linuxboot.config -#CONFIG_CRYPTSETUP=y +ifeq "$(CONFIG_UROOT)" "y" +CONFIG_BUSYBOX=n +endif + +CONFIG_CRYPTSETUP=y #CONFIG_FLASHROM=y -#CONFIG_GPG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG=y CONFIG_KEXEC=y CONFIG_UTIL_LINUX=y -#CONFIG_LVM2=y -#CONFIG_MBEDTLS=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y CONFIG_PCIUTILS=y -#CONFIG_POPT=y -#CONFIG_QRENCODE=y -#CONFIG_TPMTOTP=y -#CONFIG_XEN=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y CONFIG_DROPBEAR=y -CONFIG_FROTZ=y +#CONFIG_FROTZ=y CONFIG_LINUX_USB=y -#CONFIG_LINUX_IGB=y -#CONFIG_LINUX_MEGARAID=y -#CONFIG_LINUX_E1000E=y CONFIG_LINUX_E1000=y CONFIG_LINUX_SCSI_GDTH=y CONFIG_LINUX_ATA=y @@ -40,7 +41,7 @@ CONFIG_USB_BOOT_DEV="/dev/sdb1" # The LinuxBoot firmware should set its ip address to 10.0.2.15 # or run udhcpc to get a qemu address -run: linuxboot.intermediate +run: qemu-system-x86_64 \ -machine q35,smm=on \ -global ICH9-LPC.disable_s3=1 \ From 4566801420103b965322663dee40b982af08a238 Mon Sep 17 00:00:00 2001 From: Trammell hudson Date: Wed, 28 Feb 2018 12:06:42 -0500 Subject: [PATCH 24/26] switch to an 8 MB flash part for qemu writable flash support --- config/coreboot-qemu.config | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/config/coreboot-qemu.config b/config/coreboot-qemu.config index 552897be..1cfcd0e0 100644 --- a/config/coreboot-qemu.config +++ b/config/coreboot-qemu.config @@ -109,7 +109,7 @@ CONFIG_MAINBOARD_PART_NUMBER="QEMU x86 q35/ich9" CONFIG_MAINBOARD_VENDOR="Emulation" CONFIG_MAX_CPUS=1 CONFIG_CACHE_ROM_SIZE_OVERRIDE=0x0 -CONFIG_CBFS_SIZE=0x800000 +CONFIG_CBFS_SIZE=0x700000 # CONFIG_ONBOARD_VGA_IS_PRIMARY is not set CONFIG_DIMM_SPD_SIZE=256 # CONFIG_VGA_BIOS is not set @@ -151,14 +151,14 @@ CONFIG_BOARD_ROMSIZE_KB_2048=y # CONFIG_COREBOOT_ROMSIZE_KB_1024 is not set # CONFIG_COREBOOT_ROMSIZE_KB_2048 is not set # CONFIG_COREBOOT_ROMSIZE_KB_4096 is not set -# CONFIG_COREBOOT_ROMSIZE_KB_8192 is not set +CONFIG_COREBOOT_ROMSIZE_KB_8192=y # CONFIG_COREBOOT_ROMSIZE_KB_10240 is not set -CONFIG_COREBOOT_ROMSIZE_KB_12288=y +# CONFIG_COREBOOT_ROMSIZE_KB_12288 is not set # CONFIG_COREBOOT_ROMSIZE_KB_16384 is not set # CONFIG_COREBOOT_ROMSIZE_KB_32768 is not set # CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set -CONFIG_COREBOOT_ROMSIZE_KB=12288 -CONFIG_ROM_SIZE=0xc00000 +CONFIG_COREBOOT_ROMSIZE_KB=8192 +CONFIG_ROM_SIZE=0x800000 # CONFIG_MAINBOARD_HAS_TPM2 is not set # CONFIG_SYSTEM_TYPE_LAPTOP is not set # CONFIG_CBFS_AUTOGEN_ATTRIBUTES is not set @@ -532,7 +532,7 @@ CONFIG_PAYLOAD_LINUX=y CONFIG_PAYLOAD_FILE="../../build/qemu-coreboot/bzImage" CONFIG_PAYLOAD_OPTIONS="" # CONFIG_PXE is not set -CONFIG_LINUX_COMMAND_LINE="acpi=off console=ttyS0 console=tty quiet" +CONFIG_LINUX_COMMAND_LINE="" CONFIG_LINUX_INITRD="../../build/qemu-coreboot/initrd.cpio.xz" # CONFIG_PAYLOAD_IS_FLAT_BINARY is not set From ef4576e881f564d62f074056c62117b29bafbcd9 Mon Sep 17 00:00:00 2001 From: Trammell hudson Date: Wed, 28 Feb 2018 14:06:53 -0500 Subject: [PATCH 25/26] Enable NVMe option for winterfell --- boards/winterfell.config | 1 + config/linux-linuxboot.config | 4 +++- modules/linux | 4 ++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/boards/winterfell.config b/boards/winterfell.config index f93d2e75..fb2cb05c 100644 --- a/boards/winterfell.config +++ b/boards/winterfell.config @@ -35,6 +35,7 @@ CONFIG_LINUX_MLX4=y CONFIG_LINUX_ATA=y CONFIG_LINUX_AHCI=y CONFIG_LINUX_E1000E=y +CONFIG_LINUX_NVME=y CONFIG_BOOTSCRIPT=/bin/generic-init diff --git a/config/linux-linuxboot.config b/config/linux-linuxboot.config index ab359f6c..58fead68 100644 --- a/config/linux-linuxboot.config +++ b/config/linux-linuxboot.config @@ -809,7 +809,9 @@ CONFIG_BLK_DEV_RAM_SIZE=65536 # CONFIG_BLK_DEV_HD is not set # CONFIG_BLK_DEV_RBD is not set # CONFIG_BLK_DEV_RSXX is not set -# CONFIG_BLK_DEV_NVME is not set +CONFIG_NVME_CORE=m +CONFIG_BLK_DEV_NVME=m +# CONFIG_BLK_DEV_NVME_SCSI is not set # CONFIG_NVME_TARGET is not set # diff --git a/modules/linux b/modules/linux index 5adfe512..7c139f9b 100644 --- a/modules/linux +++ b/modules/linux @@ -73,6 +73,10 @@ linux_modules-$(CONFIG_LINUX_USB) += drivers/usb/host/xhci-hcd.ko linux_modules-$(CONFIG_LINUX_USB) += drivers/usb/host/xhci-pci.ko linux_modules-$(CONFIG_LINUX_USB) += drivers/usb/storage/usb-storage.ko +# NVMe driver for winterfell and other servers +linux_modules-$(CONFIG_LINUX_NVME) += drivers/nvme/host/nvme.ko +linux_modules-$(CONFIG_LINUX_NVME) += drivers/nvme/host/nvme-core.ko + EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches linux_target := \ From 4f5432bb461ad63995afb45aba34534e1d8c3d23 Mon Sep 17 00:00:00 2001 From: Trammell hudson Date: Wed, 28 Feb 2018 14:57:46 -0500 Subject: [PATCH 26/26] generate /etc/config from exported configuration variables --- Makefile | 5 ++++- boards/librem13v2.config | 16 ++++++++-------- boards/qemu-coreboot.config | 6 +++--- boards/qemu-linuxboot.config | 10 +++++----- boards/r630.config | 10 +++++----- boards/s2600wf.config | 13 +++++++------ boards/winterfell.config | 12 ++++++------ boards/x220.config | 16 ++++++++-------- boards/x230.config | 19 +++++++++---------- 9 files changed, 55 insertions(+), 52 deletions(-) diff --git a/Makefile b/Makefile index 217a189e..840a186f 100644 --- a/Makefile +++ b/Makefile @@ -424,7 +424,10 @@ $(build)/$(BOARD)/tools.cpio: \ $(call do,INSTALL,$(CONFIG), \ mkdir -p "$(initrd_dir)/etc" ; \ - cp "$(CONFIG)" "$(initrd_dir)/etc/config" \ + export \ + | grep ' CONFIG_' \ + | sed 's/^declare -x /export /' \ + > "$(initrd_dir)/etc/config" \ ) $(call do-cpio,$@,$(initrd_dir)) @$(RM) -rf "$(initrd_dir)" diff --git a/boards/librem13v2.config b/boards/librem13v2.config index 25eb471a..1b6a5333 100644 --- a/boards/librem13v2.config +++ b/boards/librem13v2.config @@ -15,13 +15,13 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_LINUX_USB=y -CONFIG_TPM=y -CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/generic-init -CONFIG_BOOT_REQ_HASH=n -CONFIG_BOOT_REQ_ROLLBACK=n -CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" -CONFIG_BOOT_KERNEL_REMOVE="quiet" -CONFIG_BOOT_DEV="/dev/sda1" -CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_USB_BOOT_DEV="/dev/sdb1" diff --git a/boards/qemu-coreboot.config b/boards/qemu-coreboot.config index c0d4c062..fe2963a6 100644 --- a/boards/qemu-coreboot.config +++ b/boards/qemu-coreboot.config @@ -13,7 +13,7 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_POPT=y CONFIG_FLASHTOOLS=y -#CONFIG_FLASHROM=y +CONFIG_FLASHROM=y CONFIG_PCIUTILS=y CONFIG_UTIL_LINUX=y CONFIG_CRYPTSETUP=y @@ -28,8 +28,8 @@ endif CONFIG_LINUX_USB=y CONFIG_LINUX_E1000=y -CONFIG_BOOTSCRIPT=/bin/generic-init -CONFIG_TPM=n +export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_TPM=n #run: coreboot.intermediate run: diff --git a/boards/qemu-linuxboot.config b/boards/qemu-linuxboot.config index 98db32be..6c648b7b 100644 --- a/boards/qemu-linuxboot.config +++ b/boards/qemu-linuxboot.config @@ -29,12 +29,12 @@ CONFIG_LINUX_SCSI_GDTH=y CONFIG_LINUX_ATA=y CONFIG_LINUX_AHCI=y -CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOTSCRIPT=/bin/generic-init -CONFIG_BOOT_REQ_HASH=n -CONFIG_BOOT_REQ_ROLLBACK=n -CONFIG_BOOT_DEV="/dev/sda1" -CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_USB_BOOT_DEV="/dev/sdb1" # You can ssh into the qemu instance by running # ssh -p 5555 root@localhost diff --git a/boards/r630.config b/boards/r630.config index b24425e1..23c8d43b 100644 --- a/boards/r630.config +++ b/boards/r630.config @@ -23,9 +23,9 @@ CONFIG_LINUX_IGB=y CONFIG_LINUX_MEGARAID=y CONFIG_LINUX_E1000E=y -CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOTSCRIPT=/bin/generic-init -CONFIG_BOOT_REQ_HASH=n -CONFIG_BOOT_REQ_ROLLBACK=n -CONFIG_BOOT_DEV="/dev/sda1" -CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_USB_BOOT_DEV="/dev/sdb1" diff --git a/boards/s2600wf.config b/boards/s2600wf.config index b384ada0..8af98511 100644 --- a/boards/s2600wf.config +++ b/boards/s2600wf.config @@ -15,6 +15,7 @@ CONFIG_LINUX_CONFIG=config/linux-linuxboot.config #CONFIG_CRYPTSETUP=y #CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG=y CONFIG_KEXEC=y CONFIG_UTIL_LINUX=y @@ -34,9 +35,9 @@ CONFIG_LINUX_SCSI_GDTH=y CONFIG_LINUX_ATA=y CONFIG_LINUX_AHCI=y -CONFIG_BOOTSCRIPT=/bin/generic-init - -CONFIG_BOOT_REQ_HASH=n -CONFIG_BOOT_REQ_ROLLBACK=n -CONFIG_BOOT_DEV="/dev/sda1" -CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_TPM=n +export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_USB_BOOT_DEV="/dev/sdb1" diff --git a/boards/winterfell.config b/boards/winterfell.config index fb2cb05c..5aecb293 100644 --- a/boards/winterfell.config +++ b/boards/winterfell.config @@ -37,12 +37,12 @@ CONFIG_LINUX_AHCI=y CONFIG_LINUX_E1000E=y CONFIG_LINUX_NVME=y -CONFIG_BOOTSCRIPT=/bin/generic-init - -CONFIG_BOOT_REQ_HASH=n -CONFIG_BOOT_REQ_ROLLBACK=n -CONFIG_BOOT_DEV="/dev/sda1" -CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_TPM=n +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_USB_BOOT_DEV="/dev/sdb1" $(build)/$(BOARD)/linuxboot.rom: linuxboot.intermediate diff --git a/boards/x220.config b/boards/x220.config index f59573c3..9e980b06 100644 --- a/boards/x220.config +++ b/boards/x220.config @@ -20,11 +20,11 @@ CONFIG_DROPBEAR=y CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y -CONFIG_BOOTSCRIPT=/bin/generic-init - -CONFIG_BOOT_REQ_HASH=n -CONFIG_BOOT_REQ_ROLLBACK=n -CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" -CONFIG_BOOT_KERNEL_REMOVE="quiet" -CONFIG_BOOT_DEV="/dev/sda1" -CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_TPM=y +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_USB_BOOT_DEV="/dev/sdb1" diff --git a/boards/x230.config b/boards/x230.config index 1e38a27f..ab499425 100644 --- a/boards/x230.config +++ b/boards/x230.config @@ -4,7 +4,7 @@ CONFIG_COREBOOT_CONFIG=config/coreboot-x230.config CONFIG_LINUX_CONFIG=config/linux-x230.config CONFIG_CRYPTSETUP=y -CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG=y CONFIG_KEXEC=y CONFIG_UTIL_LINUX=y @@ -15,16 +15,15 @@ CONFIG_POPT=y CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_DROPBEAR=y -CONFIG_TPM=y CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y -CONFIG_BOOTSCRIPT=/bin/generic-init - -CONFIG_BOOT_REQ_HASH=n -CONFIG_BOOT_REQ_ROLLBACK=n -CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" -CONFIG_BOOT_KERNEL_REMOVE="quiet" -CONFIG_BOOT_DEV="/dev/sda1" -CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_USB_BOOT_DEV="/dev/sdb1"