diff --git a/.circleci/config.yml b/.circleci/config.yml index feba622a..47a7dab7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -83,6 +83,17 @@ jobs: name: Ouput x230 hashes command: | cat build/x230/hashes.txt \ + - run: + name: x230-hotp-verification + command: | + make --load 2 \ + V=1 \ + BOARD=x230-hotp-verification \ + no_output_timeout: 3h + - run: + name: Ouput x230-hotp-verification hashes + command: | + cat build/x230-hotp-verification/hashes.txt \ - run: name: Archiving build logs to bundle in artifacts command: | @@ -94,6 +105,10 @@ jobs: path: build/x230/coreboot.rom - store-artifacts: path: build/x230/initrd.cpio.xz + - store-artifacts: + path: build/x230-hotp-verification/coreboot.rom + - store-artifacts: + path: build/x230-hotp-verification/initrd.cpio.xz - store-artifacts: path: logs.tar.gz diff --git a/boards/x230-hotp-verification/x230-hotp-verification.config b/boards/x230-hotp-verification/x230-hotp-verification.config new file mode 100644 index 00000000..1c9ef31b --- /dev/null +++ b/boards/x230-hotp-verification/x230-hotp-verification.config @@ -0,0 +1,48 @@ +# Configuration for a x230-hotp-verification (Nitrokey/Purism USB Security dongle enabled HOTP support) +# running Qubes and other OSes +export CONFIG_COREBOOT=y +CONFIG_COREBOOT_CONFIG=config/coreboot-x230-hotp-verification.config +CONFIG_LINUX_CONFIG=config/linux-x230.config + +CONFIG_CRYPTSETUP=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_DROPBEAR=y + +#CONFIG_SLANG=y +#CONFIG_NEWT=y +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y +CONFIG_LIBREMKEY=y + +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=y + +export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230 Heads Boot Menu" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" + +# This board has two SPI flash chips, an 8 MB that holds the IFD, +# the ME image and part of the coreboot image, and a 4 MB one that +# has the rest of the coreboot and the reset vector. +# +# Only flashing to the bios region is safe to do. The easiest is to +# flash internally when the IFD is unlocked for writing, and x230-flash +# is installed first. diff --git a/config/coreboot-x230-hotp-verification.config b/config/coreboot-x230-hotp-verification.config new file mode 100644 index 00000000..db20e18c --- /dev/null +++ b/config/coreboot-x230-hotp-verification.config @@ -0,0 +1,15 @@ +CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y +CONFIG_MEASURED_BOOT=y +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x800000 +CONFIG_BOARD_LENOVO_X230=y +CONFIG_NO_POST=y +CONFIG_UART_PCI_ADDR=0 +CONFIG_NO_GFX_INIT=y +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/x230-hotp-verification/bzImage" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet" +CONFIG_LINUX_INITRD="../../build/x230-hotp-verification/initrd.cpio.xz"