heads

mirror of https://github.com/linuxboot/heads.git synced 2024-12-18 20:47:55 +00:00

Author	SHA1	Message	Date
Thierry Laurion	9fccfb4627	Change board name from nitropad-nv41 -> novacustom_nv4x_adl - Move/rename board config - Rename coreboot config - Applies changes to coreboot config from defconfig+dasharo coreboot fork config + fixes - Rename CircleCI board for rom build ----- Repro: First: change some oldconfig defaults from dasharo coreboot fork git checkout -b move_nitropad-nv41_to_novacustom-v41 mv boards/nitropad-nv41 boards/novacustom_nv4x_adl mv boards/novacustom_nv4x_adl/nitropad-nv41.config boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config vim boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config vim config/coreboot-nitropad-nv41.config mv config/coreboot-nitropad-nv41.config config/coreboot-novacustom_nv4x_adl.config vim boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=novacustom_nv4x_adl coreboot.modify_and_save_oldconfig_in_place cd /home/user/heads/build/x86/coreboot-dasharo sudo make menuconfig cd ~/heads sudo meld /home/user/heads/build/x86/coreboot-dasharo/.config config/coreboot-novacustom_nv4x_adl.config git status git add boards/nitropad-nv41/nitropad-nv41.config config/coreboot-nitropad-nv41.config config/coreboot-novacustom_nv4x_adl.config config/coreboot-novacustom_nv4x_adl.config git add boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config sed -i 's/nitropad-nv41/novacustom_nv4x_adl/g' .circleci/config.yml git add .circleci/config.yml git commit --sigoff -m git push tlaurion-github --force ... (and multiple 'git commit --signoff --amend' to add traces below) ---- Relevant changes from nitropad-nv41 coreboot configs: diff --git a/config/coreboot-nitropad-nv41.config b/config/coreboot-novacustom_nv4x_adl.config index 9484aaf512..235f255a31 100644 --- a/config/coreboot-nitropad-nv41.config +++ b/config/coreboot-novacustom_nv4x_adl.config @@ -111,7 +111,7 @@ CONFIG_VENDOR_NOVACUSTOM=y # CONFIG_VENDOR_UP is not set CONFIG_MAINBOARD_FAMILY="Not Applicable" CONFIG_MAINBOARD_PART_NUMBER="nv40pz" -CONFIG_MAINBOARD_VERSION="v2.1" +CONFIG_MAINBOARD_VERSION="nv40pz" CONFIG_MAINBOARD_DIR="clevo/adl-p" CONFIG_DIMM_MAX=4 CONFIG_DIMM_SPD_SIZE=512 @@ -131,7 +131,7 @@ CONFIG_VBOOT_VBNV_OFFSET=0x28 CONFIG_VARIANT_DIR="nv40pz" CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb" # CONFIG_VGA_BIOS is not set -CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Nitrokey" +CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Notebook" CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/variants/$(VARIANT_DIR)/data.vbt" # CONFIG_DISABLE_HECI1_AT_PRE_BOOT is not set CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0x4000 @@ -140,7 +140,7 @@ CONFIG_CMOS_LAYOUT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.layout" CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0 CONFIG_BOARD_CLEVO_ADLP_COMMON=y CONFIG_BOARD_CLEVO_NV40PZ_BASE=y -CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="Nitropad NV41" +CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="NV4xPZ" CONFIG_CONSOLE_POST=y # CONFIG_USE_PM_ACPI_TIMER is not set CONFIG_TPM_PIRQ=0x27 When comparing against dasharo/coreboot fork coreboot config saved in oldconfig format, diffs: diff --git a/config/coreboot-novacustom_nv4x_adl.config b/config/coreboot-novacustom_nv4x_adl.config index 235f255a31..41bdd7889c 100644 --- a/config/coreboot-novacustom_nv4x_adl.config +++ b/config/coreboot-novacustom_nv4x_adl.config @@ -7,19 +7,19 @@ # General setup # CONFIG_COREBOOT_BUILD=y -CONFIG_LOCALVERSION="" +CONFIG_LOCALVERSION="v1.7.2" CONFIG_CBFS_PREFIX="fallback" CONFIG_COMPILER_GCC=y # CONFIG_COMPILER_LLVM_CLANG is not set CONFIG_ARCH_SUPPORTS_CLANG=y # CONFIG_ANY_TOOLCHAIN is not set -# CONFIG_CCACHE is not set +CONFIG_CCACHE=y # CONFIG_IWYU is not set # CONFIG_FMD_GENPARSER is not set # CONFIG_UTIL_GENPARSER is not set -# CONFIG_OPTION_BACKEND_NONE is not set -CONFIG_USE_OPTION_TABLE=y -# CONFIG_STATIC_OPTION_TABLE is not set +CONFIG_OPTION_BACKEND_NONE=y +# CONFIG_USE_OPTION_TABLE is not set +# CONFIG_USE_UEFI_VARIABLE_STORE is not set CONFIG_COMPRESS_RAMSTAGE_LZMA=y # CONFIG_COMPRESS_RAMSTAGE_LZ4 is not set CONFIG_INCLUDE_CONFIG_FILE=y @@ -35,12 +35,7 @@ CONFIG_HAVE_ASAN_IN_RAMSTAGE=y # CONFIG_NO_STAGE_CACHE is not set CONFIG_TSEG_STAGE_CACHE=y # CONFIG_UPDATE_IMAGE is not set -CONFIG_BOOTSPLASH_IMAGE=y -CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg" -CONFIG_BOOTSPLASH_CONVERT=y -CONFIG_BOOTSPLASH_CONVERT_QUALITY=90 -# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set -# CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set +# CONFIG_BOOTSPLASH_IMAGE is not set # CONFIG_FW_CONFIG is not set # @@ -111,14 +106,14 @@ CONFIG_VENDOR_NOVACUSTOM=y # CONFIG_VENDOR_UP is not set CONFIG_MAINBOARD_FAMILY="Not Applicable" CONFIG_MAINBOARD_PART_NUMBER="nv40pz" -CONFIG_MAINBOARD_VERSION="nv40pz" +CONFIG_MAINBOARD_VERSION="v2.1" CONFIG_MAINBOARD_DIR="clevo/adl-p" CONFIG_DIMM_MAX=4 CONFIG_DIMM_SPD_SIZE=512 -CONFIG_FMDFILE="" +CONFIG_FMDFILE="src/mainboard/$(CONFIG_MAINBOARD_DIR)/vboot-rwa.fmd" # CONFIG_NO_POST is not set CONFIG_MAINBOARD_VENDOR="Notebook" -CONFIG_CBFS_SIZE=0x1000000 +CONFIG_CBFS_SIZE=0xA00000 # CONFIG_CONSOLE_SERIAL is not set CONFIG_MAX_CPUS=24 CONFIG_ONBOARD_VGA_IS_PRIMARY=y @@ -126,8 +121,9 @@ CONFIG_ONBOARD_VGA_IS_PRIMARY=y # CONFIG_POST_IO is not set CONFIG_UART_FOR_CONSOLE=0 CONFIG_DEVICETREE="devicetree.cb" -# CONFIG_VBOOT is not set +CONFIG_VBOOT=y CONFIG_VBOOT_VBNV_OFFSET=0x28 +CONFIG_RO_REGION_ONLY="" CONFIG_VARIANT_DIR="nv40pz" CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb" # CONFIG_VGA_BIOS is not set @@ -143,10 +139,12 @@ CONFIG_BOARD_CLEVO_NV40PZ_BASE=y CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="NV4xPZ" CONFIG_CONSOLE_POST=y # CONFIG_USE_PM_ACPI_TIMER is not set -CONFIG_TPM_PIRQ=0x27 +CONFIG_VBOOT_SLOTS_RW_A=y +CONFIG_TPM_PIRQ=0x0 # CONFIG_SOC_INTEL_CSE_SEND_EOP_EARLY is not set CONFIG_VBOOT_FWID_VERSION="$(CONFIG_LOCALVERSION)" CONFIG_EC_SYSTEM76_EC_BAT_THRESHOLDS=y +CONFIG_PXE_ROM_ID="10ec,8168" CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xc0000000 CONFIG_ECAM_MMCONF_BUS_NUMBER=256 CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld" @@ -156,20 +154,28 @@ CONFIG_C_ENV_BOOTBLOCK_SIZE=0x40000 CONFIG_DCACHE_BSP_STACK_SIZE=0x80400 CONFIG_MAX_ACPI_TABLE_SIZE_KB=144 CONFIG_HAVE_INTEL_FIRMWARE=y +CONFIG_VBOOT_NO_BOARD_SUPPORT=y +CONFIG_RW_REGION_ONLY="" CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000 CONFIG_DRIVERS_INTEL_WIFI=y CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/novacustom/nv4x_adl/descriptor.bin" CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/novacustom/nv4x_adl/me.bin" -CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000 +# CONFIG_VBOOT_ALWAYS_ALLOW_UDC is not set +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x100000 +CONFIG_EDK2_BOOT_TIMEOUT=2 CONFIG_VBT_DATA_SIZE_KB=9 +CONFIG_VBOOT_FWID_MODEL="$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)" +CONFIG_VBOOT_STARTS_IN_BOOTBLOCK=y CONFIG_CARDBUS_PLUGIN_SUPPORT=y CONFIG_SPI_FLASH_DONT_INCLUDE_ALL_DRIVERS=y # CONFIG_USE_LEGACY_8254_TIMER is not set +CONFIG_GBB_HWID="" # CONFIG_DEBUG_SMI is not set CONFIG_HAVE_IFD_BIN=y CONFIG_PCIEXP_HOTPLUG_BUSES=42 CONFIG_PCIEXP_HOTPLUG_MEM=0xc200000 CONFIG_PCIEXP_HOTPLUG_PREFETCH_MEM=0x1c000000 +# CONFIG_VBOOT_SLOTS_RW_AB is not set CONFIG_PS2K_EISAID="PNP0303" CONFIG_PS2M_EISAID="PNP0F13" @@ -193,8 +199,8 @@ CONFIG_PCIEXP_CLK_PM=y CONFIG_PC_CMOS_BASE_PORT_BANK1=0x72 CONFIG_HEAP_SIZE=0x10000 CONFIG_EC_GPE_SCI=0x50 +CONFIG_EDK2_BOOTSPLASH_FILE="3rdparty/dasharo-blobs/novacustom/bootsplash.bmp" CONFIG_TPM_MEASURED_BOOT=y -CONFIG_LINUX_COMMAND_LINE="quiet loglevel=2" CONFIG_BOARD_ROMSIZE_KB_32768=y # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set @@ -399,7 +405,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_TCO=y CONFIG_SOC_INTEL_COMMON_BLOCK_TCO_ENABLE_THROUGH_SMBUS=y CONFIG_SOC_INTEL_COMMON_BLOCK_SMM=y CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_IO_TRAP=y -# CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE=y CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_S5_DELAY_MS=0 CONFIG_SOC_INTEL_COMMON_BLOCK_SPI=y CONFIG_SOC_INTEL_COMMON_BLOCK_SA=y @@ -417,7 +423,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_USB4_PCIE=y CONFIG_SOC_INTEL_COMMON_BLOCK_USB4_XHCI=y CONFIG_SOC_INTEL_ENABLE_USB4_PCIE_RESOURCES=y CONFIG_SOC_INTEL_COMMON_BLOCK_VTD=y -# CONFIG_ENABLE_EARLY_DMA_PROTECTION is not set +CONFIG_ENABLE_EARLY_DMA_PROTECTION=y CONFIG_SOC_INTEL_COMMON_BLOCK_XDCI=y CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI=y CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI_ELOG=y @@ -508,15 +514,15 @@ CONFIG_EC_SYSTEM76_EC_DGPU=y # # Intel Firmware # -CONFIG_IFDTOOL_DISABLE_ME=y +# CONFIG_IFDTOOL_DISABLE_ME is not set CONFIG_HAVE_ME_BIN=y # CONFIG_STITCH_ME_BIN is not set # CONFIG_ME_REGION_ALLOW_CPU_READ_ACCESS is not set CONFIG_HAVE_INTEL_ME_HAP=y # CONFIG_INTEL_ME_DISABLED_HECI is not set -CONFIG_INTEL_ME_DISABLED_HAP=y -# CONFIG_INTEL_ME_ENABLED is not set -CONFIG_INTEL_ME_DEFAULT_STATE=2 +# CONFIG_INTEL_ME_DISABLED_HAP is not set +CONFIG_INTEL_ME_ENABLED=y +CONFIG_INTEL_ME_DEFAULT_STATE=0 # CONFIG_DO_NOT_TOUCH_DESCRIPTOR_REGION is not set # CONFIG_LOCK_MANAGEMENT_ENGINE is not set CONFIG_UNLOCK_FLASH_REGIONS=y @@ -529,7 +535,7 @@ CONFIG_BIOS_VENDOR="3mdeb" # # Dasharo Configuration # -CONFIG_DASHARO_PREFER_S3_SLEEP=y +# CONFIG_DASHARO_PREFER_S3_SLEEP is not set # end of Dasharo Configuration CONFIG_UDK_BASE=y @@ -550,8 +556,6 @@ CONFIG_X86_CUSTOM_BOOTMEDIA=y CONFIG_PC80_SYSTEM=y CONFIG_HAVE_CMOS_DEFAULT=y CONFIG_POSTCAR_STAGE=y -CONFIG_BOOTBLOCK_SIMPLE=y -# CONFIG_BOOTBLOCK_NORMAL is not set CONFIG_COLLECT_TIMESTAMPS_TSC=y CONFIG_IDT_IN_EVERY_STAGE=y CONFIG_HAVE_CF9_RESET=y @@ -575,9 +579,10 @@ CONFIG_NO_EARLY_GFX_INIT=y # # Display # +CONFIG_WANT_LINEAR_FRAMEBUFFER=y CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y CONFIG_LINEAR_FRAMEBUFFER=y -CONFIG_BOOTSPLASH=y +# CONFIG_BOOTSPLASH is not set # end of Display CONFIG_PCI=y @@ -610,17 +615,21 @@ CONFIG_I2C_TRANSFER_TIMEOUT_US=500000 # Generic Drivers # CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 -# CONFIG_DRIVERS_EFI_VARIABLE_STORE is not set +CONFIG_DRIVERS_EFI_VARIABLE_STORE=y # CONFIG_ELOG is not set CONFIG_CACHE_MRC_SETTINGS=y CONFIG_MRC_SETTINGS_PROTECT=y -# CONFIG_SMMSTORE is not set +CONFIG_HAS_RECOVERY_MRC_CACHE=y +CONFIG_MRC_SAVE_HASH_IN_TPM=y +CONFIG_SMMSTORE=y +CONFIG_SMMSTORE_V2=y +CONFIG_SMMSTORE_SIZE=0x40000 CONFIG_SPI_FLASH=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y +CONFIG_SPI_FLASH_SMM=y # CONFIG_SPI_FLASH_NO_FAST_READ is not set -CONFIG_TPM_INIT_RAMSTAGE=y -# CONFIG_TPM_PPI is not set +CONFIG_TPM_PPI=y CONFIG_DRIVERS_UART=y CONFIG_NO_UART_ON_SUPERIO=y CONFIG_DRIVERS_UART_8250MEM=y @@ -669,7 +678,7 @@ CONFIG_DRIVERS_INTEL_PMC=y # CONFIG_DRIVERS_NXP_UWB_SR1XX is not set # CONFIG_DRIVERS_PS2_KEYBOARD is not set CONFIG_DRIVERS_MC146818=y -# CONFIG_USE_PC_CMOS_ALTCENTURY is not set +CONFIG_USE_PC_CMOS_ALTCENTURY=y CONFIG_PC_CMOS_BASE_PORT_BANK0=0x70 CONFIG_MEMORY_MAPPED_TPM=y CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 @@ -695,6 +704,50 @@ CONFIG_DRIVERS_INTEL_USB4_RETIMER=y # Verified Boot (vboot) # CONFIG_VBOOT_LIB=y +CONFIG_VBOOT_VBNV_CMOS=y +CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH=y +# CONFIG_VBOOT_MOCK_SECDATA is not set +CONFIG_VBOOT_MUST_REQUEST_DISPLAY=y +CONFIG_VBOOT_ALWAYS_ENABLE_DISPLAY=y +CONFIG_VBOOT_HAS_REC_HASH_SPACE=y +CONFIG_CBFS_MCACHE_RW_PERCENTAGE=50 +CONFIG_VBOOT_CLEAR_RECOVERY_EACH_BOOT=y +# CONFIG_VBOOT_EC_EFS is not set +CONFIG_VBOOT_X86_SHA256_ACCELERATION=y + +# +# GBB configuration +# +CONFIG_GBB_BMPFV_FILE="" +# CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY is not set +# CONFIG_GBB_FLAG_LOAD_OPTION_ROMS is not set +# CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS is not set +# CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON is not set +CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB=y +CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK=y +# CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM is not set +# CONFIG_GBB_FLAG_FORCE_DEV_BOOT_ALTFW is not set +# CONFIG_GBB_FLAG_RUNNING_FAFT is not set +CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC=y +# CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_ALTFW is not set +CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC=y +CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN=y +# CONFIG_GBB_FLAG_FORCE_MANUAL_RECOVERY is not set +CONFIG_GBB_FLAG_DISABLE_FWMP=y +# CONFIG_GBB_FLAG_ENABLE_UDC is not set +# end of GBB configuration + +# +# Vboot Keys +# +CONFIG_VBOOT_ROOT_KEY="$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk" +CONFIG_VBOOT_RECOVERY_KEY="$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk" +CONFIG_VBOOT_FIRMWARE_PRIVKEY="$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk" +CONFIG_VBOOT_KERNEL_KEY="$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk" +CONFIG_VBOOT_KEYBLOCK="$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock" +CONFIG_VBOOT_KEYBLOCK_VERSION=1 +CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS=0x0 +# end of Vboot Keys # end of Verified Boot (vboot) # @@ -730,10 +783,14 @@ CONFIG_INTEL_TXT_LIB=y # CONFIG_INTEL_TXT is not set # CONFIG_STM is not set # CONFIG_INTEL_CBNT_SUPPORT is not set -CONFIG_BOOTMEDIA_LOCK_NONE=y -# CONFIG_BOOTMEDIA_LOCK_CONTROLLER is not set +# CONFIG_BOOTMEDIA_LOCK_NONE is not set +CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y # CONFIG_BOOTMEDIA_LOCK_CHIP is not set -# CONFIG_BOOTMEDIA_SMM_BWP is not set +# CONFIG_BOOTMEDIA_LOCK_WHOLE_RO is not set +# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set +CONFIG_BOOTMEDIA_LOCK_WPRO_VBOOT_RO=y +CONFIG_BOOTMEDIA_LOCK_IN_VERSTAGE=y +CONFIG_BOOTMEDIA_SMM_BWP=y # end of Security CONFIG_ACPI_HAVE_PCAT_8259=y @@ -772,8 +829,8 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7=y # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7 -CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX=y -CONFIG_CONSOLE_USE_ANSI_ESCAPES=y +# CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX is not set +# CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set # CONFIG_CMOS_POST is not set CONFIG_HWBASE_DEBUG_CB=y # end of Console @@ -804,12 +861,89 @@ CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" # CONFIG_PAYLOAD_LINUXBOOT is not set # CONFIG_PAYLOAD_SEABIOS is not set # CONFIG_PAYLOAD_UBOOT is not set -# CONFIG_PAYLOAD_EDK2 is not set -CONFIG_PAYLOAD_LINUX=y -CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage" +CONFIG_PAYLOAD_EDK2=y +# CONFIG_PAYLOAD_LINUX is not set +CONFIG_PAYLOAD_FILE="novacustom_nv4x_adl/UEFIPAYLOAD.fd" CONFIG_PAYLOAD_OPTIONS="" -# CONFIG_PXE is not set -CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz" +CONFIG_EDK2_UEFIPAYLOAD=y +# CONFIG_EDK2_UNIVERSAL_PAYLOAD is not set +CONFIG_EDK2_REPO_MRCHROMEBOX=y +# CONFIG_EDK2_REPO_OFFICIAL is not set +# CONFIG_EDK2_REPO_CUSTOM is not set +CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2" +CONFIG_EDK2_TAG_OR_REV="b7274c98697e972e772236caf830c0780ec498bd" +CONFIG_EDK2_USE_EDK2_PLATFORMS=y +CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms" +CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf" +# CONFIG_EDK2_DEBUG is not set +CONFIG_EDK2_RELEASE=y +# CONFIG_EDK2_BOOT_MANAGER_ESCAPE is not set +CONFIG_EDK2_CBMEM_LOGGING=y +CONFIG_EDK2_SYSTEM76_EC_LOGGING=y +CONFIG_EDK2_CPU_TIMER_LIB=y +CONFIG_EDK2_FOLLOW_BGRT_SPEC=y +CONFIG_EDK2_FULL_SCREEN_SETUP=y +CONFIG_EDK2_HAVE_EFI_SHELL=y +CONFIG_EDK2_PRIORITIZE_INTERNAL=y +CONFIG_EDK2_PS2_SUPPORT=y +CONFIG_EDK2_SKIP_PS2_DETECT=y +CONFIG_EDK2_SD_MMC_TIMEOUT=10 +CONFIG_EDK2_SERIAL_SUPPORT=y +CONFIG_EDK2_ENABLE_IPXE=y +CONFIG_EDK2_IPXE_OPTION_NAME="iPXE Network Boot" +CONFIG_EDK2_SECURE_BOOT=y +# CONFIG_EDK2_SECURE_BOOT_DEFAULT_ENABLE is not set +# CONFIG_EDK2_SATA_PASSWORD is not set +# CONFIG_EDK2_OPAL_PASSWORD is not set +CONFIG_EDK2_SETUP_PASSWORD=y +CONFIG_EDK2_PERFORMANCE_MEASUREMENT_ENABLE=y +CONFIG_EDK2_DASHARO_SYSTEM_FEATURES=y +CONFIG_EDK2_DASHARO_SECURITY_OPTIONS=y +CONFIG_EDK2_SHOW_CAMERA_OPTION=y +CONFIG_EDK2_SHOW_WIFI_BT_OPTION=y +CONFIG_EDK2_DASHARO_INTEL_ME_OPTIONS=y +CONFIG_EDK2_DASHARO_USB_CONFIG=y +CONFIG_EDK2_DASHARO_NETWORK_CONFIG=y +# CONFIG_EDK2_DASHARO_CHIPSET_CONFIG is not set +CONFIG_EDK2_DASHARO_POWER_CONFIG=y +CONFIG_EDK2_SLEEP_TYPE_OPTION=y +CONFIG_EDK2_FAN_CURVE_OPTION=y +CONFIG_EDK2_BATTERY_CONFIG_OPTION=y +# CONFIG_EDK2_DASHARO_PCI_CONFIG is not set +# CONFIG_EDK2_DASHARO_MEMORY_CONFIG is not set +# CONFIG_EDK2_DASHARO_NETWORK_BOOT_DEFAULT_ENABLE is not set +# CONFIG_EDK2_DASHARO_SERIAL_REDIRECTION_DEFAULT_ENABLE is not set +CONFIG_EDK2_BOOT_MENU_KEY=0x0011 +CONFIG_EDK2_SETUP_MENU_KEY=0x000C +CONFIG_EDK2_DISABLE_MTRR_PROGRAMMING=y +CONFIG_EDK2_ENABLE_BATTERY_CHECK=y +# CONFIG_EDK2_DISABLE_OPTION_ROMS is not set +CONFIG_EDK2_PRINT_SOL_STRINGS=y +# CONFIG_EDK2_RAM_DISK_ENABLE is not set +CONFIG_EDK2_CUSTOM_BUILD_PARAMS="-D VARIABLE_SUPPORT=SMMSTORE" +CONFIG_EDK2_LAN_ROM_DRIVER="" +# CONFIG_EDK2_CREATE_PREINSTALLED_BOOT_OPTIONS is not set +CONFIG_PXE=y + +# +# PXE Options +# +# CONFIG_PXE_ROM is not set +CONFIG_BUILD_IPXE=y +CONFIG_IPXE_STABLE=y +# CONFIG_IPXE_MASTER is not set +# CONFIG_PXE_SERIAL_CONSOLE is not set +# CONFIG_PXE_NO_PROMPT is not set +CONFIG_PXE_ADD_SCRIPT=y +CONFIG_PXE_SCRIPT="3rdparty/dasharo-blobs/dasharo/dasharo.ipxe" +CONFIG_PXE_HAS_HTTPS=y +CONFIG_PXE_CUSTOM_BUILD_ID="0123456789" +CONFIG_PXE_TRUST_CMD=y +# end of PXE Options + +# CONFIG_COMPRESSED_PAYLOAD_NONE is not set +CONFIG_COMPRESSED_PAYLOAD_LZMA=y +# CONFIG_COMPRESSED_PAYLOAD_LZ4 is not set CONFIG_COMPRESS_SECONDARY_PAYLOAD=y # Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-11-14 08:52:08 -05:00
Thierry Laurion	a8ba6bafb7	talos-2: move(tag) board to untested: I won't have time any time soon to test nor report issues for this unknowingly used board prior of feature freeze planned for 2024-11-20 repro: helper used time docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=talos-2 board.move_tested_to_untested Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-11-08 13:26:08 -05:00
Thierry Laurion	30da60917c	musl-cross-make: rename musl-cross->musl-cross-make + bump version from ~0.9.9+->~0.9.10+ (musl 1.2.0 -> 1.2.5) Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-11-06 19:12:18 -05:00
Thierry Laurion	9f735e2238	Bump nix develop based docker image to tlaurion/heads-dev-env:v0.2.4 Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-11-03 09:13:12 -05:00
Thierry Laurion	fb975d0642	t440p/w541: move to untested so that people don't flash those without external programmer for now repro: docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=w541-hotp-maximized board.move_tested_to_untested docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=w541-maximized board.move_tested_to_untested docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=t440p-hotp-maximized board.move_tested_to_untested docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=t440p-maximized board.move_tested_to_untested Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-10-30 16:18:22 -04:00
Thierry Laurion	de99b412ba	move w541 boards back to tested to dodge drama. Still this board has no known testers Repro docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=UNTESTED_w541-hotp-maximized board.move_untested_to_tested docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=UNTESTED_w541-maximized board.move_untested_to_tested git status git add .circleci/config.yml boards/UNTESTED_w541-hotp-maximized/UNTESTED_w541-hotp-maximized.config boards/UNTESTED_w541-maximized/UNTESTED_w541-maximized.config boards/w541-hotp-maximized/ boards/w541-maximized/ git commit --signoff -m Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-10-29 08:58:09 -04:00
Thierry Laurion	36efff4848	x230 legacy boards: move to unmaintained Also add Makefile helper to move from tested to unmaintained Done by: docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=x230-hotp-legacy board.move_tested_to_unmaintained docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=x230-legacy board.move_tested_to_unmaintained docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=x230-legacy-flash board.move_tested_to_unmaintained git difftool -d git add .circleci/config.yml boards/x230-hotp-legacy/x230-hotp-legacy.config boards/x230-legacy-flash/x230-legacy-flash.config boards/x230-legacy/x230-legacy.config unmaintained_boards/UNMAINTAINED_x230-hotp-legacy/ unmaintained_boards/UNMAINTAINED_x230-legacy-flash/ unmaintained_boards/UNMAINTAINED_x230-legacy/ git commit --signoff -m Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-10-29 08:58:09 -04:00
Thierry Laurion	2c2af013c5	board t440p: move board away from UNTESTED_ with improved Makefile helper board.move_untested_to_tested Update Makefile helper to be able to do it with these steps docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=UNTESTED_t440p-hotp-maximized board.move_untested_to_tested docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=UNTESTED_t440p-maximized board.move_untested_to_tested git status git add boards/t440p-hotp-maximized/t440p-hotp-maximized.config boards/t440p-maximized/t440p-maximized.config .circleci/config.yml boards/UNTESTED_t440p-hotp-maximized/UNTESTED_t440p-hotp-maximized.config boards/UNTESTED_t440p-maximized/UNTESTED_t440p-maximized.config Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-10-29 08:58:09 -04:00
Thierry Laurion	3f4104d068	Haswell boards : renamed to UNTESTED_* while still built by CircleCI per new policy (not blocking tested boards from being merged and downloaded without risks of possible bricks, leading UNTESTED_ boards untested until reported tested in seperate issue and ideally a PR from board testers). Fix Haswell board HOTP variants wrongly sourcing old non-hotp variants paths through Makefile inclusion. Fixing Makefile helper Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-10-29 08:58:09 -04:00
Thierry Laurion	90daec1e97	CircleCI: add HOTP variants, add optiplex blobs script execution so blobs are part of CircleCI cache (cleaning cache prior of push of this commit) Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-10-15 09:50:14 -04:00
Thierry Laurion	aa59169cc9	Bump nix develop based docker image to tlaurion/heads-dev-env:v0.2.3 Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-10-15 09:50:14 -04:00
Thierry Laurion	066dc144ce	Bump nix develop based docker image to tlaurion/heads-dev-env:v0.2.2 Pushing flake.nix new requirements for binwalk and uefi-firmware-parser to extract blobs Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-10-15 09:50:14 -04:00
Thierry Laurion	23cee75efd	boards/optiplex-7010_9010_TXT-maximized: add new TXT board, poitn coreboot to blobs, add to CI Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-10-15 09:50:14 -04:00
Thierry Laurion	8cf7d49fe8	Dell Optiplex 7019/9010 SFF inclusion based on coreboot master 24.02.01 for now - CircleCI: add build based on coreboot 24.02.01 release (might be old but unclear to my eyes now) - Add board non-HOTP board config as a start, reuse x230 linux config - Add coreboot config modified ans saved theourh coreboot Makefile file helper Next steps - Create blobs extraction scripts automating https://docs.dasharo.com/variants/dell_optiplex/initial-deployment/#firmware-preparation Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-10-15 09:50:14 -04:00
Jonathon Hall	d66f476d28	.circleci/config.yml: Add Librem 11 We didn't notice the breakage for Librem 11 because it wasn't in CI. Add it. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>	2024-09-05 14:27:30 -04:00
gaspar-ilom	39be8303d7	move w541 back to tested Signed-off-by: gaspar-ilom <gasparilom@riseup.net>	2024-08-07 00:02:50 +02:00
Thierry Laurion	1b6d26a888	w541: rename/move board flavors to UNTESTED since untested for coreboot 24.02.01 version bumped and no news from expected board testers in time for merge Replication notes: - w541-hotp-maximized is a makefile inclusion of w541-maximized so order of ops is important docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:v0.2.1 -- make -d BOARD=w541-hotp-maximized board.move_tested_to_untested time docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:v0.2.1 -- make -d BOARD=w541-maximized board.move_tested_to_untested git status git add boards/UNTESTED_w541-hotp-maximized/UNTESTED_w541-hotp-maximized.config boards/UNTESTED_w541-maximized/UNTESTED_w541-maximized.config boards/w541-hotp-maximized/w541-hotp-maximized.config boards/w541-maximized/w541-maximized.config .circleci/config.yml git commit --signoff Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-07-26 15:45:34 -04:00
Thierry Laurion	cf9d10adeb	t530(-hotp)-maximized: move+ rename to boards/* + unify with x230-maximized boards for 24.02.01 + add Makefile helper + add back to CircleCI Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-07-26 15:40:09 -04:00
Thierry Laurion	b8a87ff579	CircleCI: modify comments/cache relative to version bump 4.22.01->24.02.01 Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-07-26 15:38:53 -04:00
Thierry Laurion	f0c951fa91	CircleCI: fix naming of cache: coreboot-nitrokey -> coreboot-dasharo Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-07-26 14:16:37 -04:00
Thierry Laurion	43f3570288	CircleCI: add CircleCI intermediary musl-cross build step per arch, cleanup Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-07-26 12:14:08 -04:00
Jonathon Hall	265b1da920	Revert "Merge pull request #1713 from tlaurion/interim_fix_1712" This reverts commit `c43b6fc05f`, reversing changes made to `fb9c558ba4`. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>	2024-07-15 16:53:59 -04:00
Thierry Laurion	b20cde8c61	Revert "Merge pull request #1703 from JonathonHall-Purism/purism_coreboot_24.02.01" This reverts commit `7025031702`, reversing changes made to `156d2c80dd`. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-07-09 09:29:37 -04:00
Thierry Laurion	80284ff246	.circleci/config.yml: bump to v0.2.0 docker image based on flake.nix's new nss inclusion required for coreboot 24.02+ Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-06-20 13:54:20 -04:00
Jonathon Hall	b0b3449367	circleci: Add Librem L1UM to CI, in front of unmaintained 4.11 boards Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>	2024-06-18 16:34:33 -04:00
Thierry Laurion	34c7bb5a83	Merge pull request #1687 from tlaurion/use_nixos-unstable_prebuild_qemu-canokey Use nixos-unstable channel's prebuilt qemu_full with canokey support builtin from nix cache	2024-05-30 17:29:08 -04:00
Thierry Laurion	fc146681f7	Merge pull request #1673 from tlaurion/build-UNMAINTAINED_t530-maximized Build unmaintained t530 maximized	2024-05-29 18:55:07 -04:00
Thierry Laurion	c7d1495a0a	Use nixos-unstable channel's prebuilt qemu_full with canokey support builtin, downloaded from nix cache - flake.lock: bumps lcoekd package list to latest packages list through 'nix flake update' - flake.nix : comment out customizations of derivatives, removing canokey-qemu lib since qemu_full depends on qemu which depends on canokey-qemu by default now - flake.nux: add 'less' so that 'git log' is usable - circleci/config.yml: use docker v0.1.9 - README.md : update docker image maintainer notes to ease upstreaming of docker images and for others to play around, requiring dockerhub account For testing iterations of this, I used: docker_version="v0.1.9" && docker_hub_repo="tlaurion/heads-dev-env" && sed "s@$image: $$.$:$v[0-9]\.[0-9]\.[0-9]$@\1\2:$docker_version@" -i .circleci/config.yml && nix --print-build-logs --verbose develop --ignore-environment --command true && nix build .#dockerImage && docker load < result && docker tag linuxboot/heads:dev-env "$docker_hub_repo:$docker_version" && docker push "$docker_hub_repo:$docker_version" Then added final commit, and pushed. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-25 12:55:28 -04:00
Thierry Laurion	37f04e2855	Fix key to card failing with invalid time when moving keys to smartcard on master (Opt: Authenticated Heads) - Revert gnupg toolstack version bump to prior of #1661 merge (2.4.2 -> 2.4.0). Version bump not needed for reproducibility. - Investigation and upstream discussions will take their time resolving invalid time issue introduced by between 2.4.0 and latest gnupg, fix regression first under master) - oem-factory-reset - Adding DO_WITH_DEBUG to oem-factory-reset for all its gpg calls. If failing in debug mode, /tmp/debug.txt contains calls and errors - Wipe keyrings only (.gpg, .kbx) not conf files under gpg homedir (keep initrd/.gnupg/*.conf) - flake.nix - switch build derivative from qemu and qemu_kvm to qemu_full to have qemu-img tool which was missing to run qemu boards (v0.1.8 docker) - add gnupg so that qemu boards can call inject_gpg to inject public key in absence of flashrom+pflash support for internal flashing - flake.lock: Updated nix pinned package list under flake.lock with 'nix flake update' so qemu_full builds - README.md: have consistent docker testing + release (push) notes - .circleci/config.yml: depend on docker v0.1.8 (qemu_full built with canokey-qemu lib support, diffoscopeMinimal and gnupg for proper qemu testing) TODO: - some fd2 instead of fd1?! - oem-factory-resest has whiptail_or_die which sets whiptail box to HEIGHT 0. This doesn't show a scrolling window on gpg errors which is problematic with fbwhiptail, not whiptail Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-17 09:27:29 -04:00
Thierry Laurion	1035a93e79	Build UNMAINTAINED_t530-maximized as requested under #1672 Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-13 12:15:06 -04:00
Thierry Laurion	c73692e4f3	flake.nix + qemu.mk : add working qemu-canokey usable from all qemu boards by default flake.nix: add canokey-qemu lib, derivate qemu on tope of it and have qemu_kvm depend on qemu derivative targets/qemu.mk: modified to had canokey support by default if no "USB_TOKEN=" specified on make run call CircleCI: base docker image pull on v0.1.6 containing the newly added derivatives Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-12 13:51:28 -04:00
Thierry Laurion	e4976e7882	Re-add kgpe-d16 as UNMAINTAINED_* boards, still built by CircleCI (since cosntant interest in the builds) Modify .circleci/config.yml to also not reuse past caches if CircleCI config changes as part of calculated hashes for the 3 layers Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-08 15:36:27 -04:00
Thierry Laurion	b4936ea42c	CircleCI: use v.0.1.4 produced with latest flake.nix which includes qemu_kvm for kvm testing in docker image Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-08 11:35:23 -04:00
Thierry Laurion	f4db4b791c	README.md qemu.md + CircleCI: point to images for building and using nix developed created docker image - push v0.1.3 and have latest point to the same image, add repro notes inside of README.md - modify qemu.md to also refer to using docker images TODO: remove NIX_REPRO_NOTES prior of merging Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-06 15:22:11 -04:00
Thierry Laurion	2b2356e87e	CircleCI: use tlaurion/heads-dev-env:v0.1.1 which reverts nix attempt of garbage collection inside of nix prior of making the docker Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-03 15:07:29 -04:00
Thierry Laurion	46cad549ef	WiP flake.nix: make docker image usable for testing as well, target: qemu-coreboot-whiptail-tpm2 with swtpm and canokey for smartcard - include nix tools inside of the docker to be able to call the garbage collector prior of creating docker. - protect roots from garbage collection (WiP) - Requires external preparation call so that nix (the binary) is not wiped as well. See NIX_REPRO_NOTES at the end of the file for repro notes - Could probably be improved. Works as of now and created a 4Gb vs 3.02Gb docker image I'm uploading now. - CircleCI bumped to use v0.0.9 version including this - CircleCI now depending on flake.lock for all cache layers. Will rebuild clean once again So now we have qemu with canokey support in image, nix basic tools inside of container. Possible to call docker with DISPLAY, see NIX_REPRO_NOTES as of now. That feels nice. No need of USB security dongle to have TPM based TPMTOTP nor detach sign? Not tested but feature is there TODO: - make docker creating nicer in the Nix way. - Add canokey support under targets/qemu.mk - add canokey board version At least we have reproducible stack and testing stack being in same docker image. Docker image moved from 991.18MB (v0.0.8) to 1.18GB (v0.0.9) - And I tried to clean binaries of symbols here! Seems like I do not know enough of the Nix way here. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-02 20:51:18 -04:00
Thierry Laurion	6070d8f6f0	CircleCI: use tlaurion/heads-dev-env:v0.0.8 which includes AC_LOCAL export of develop env into the docker image. Works locally for talos-2 board build. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-02 13:03:09 -04:00
Thierry Laurion	9a72d9545a	CircleCI: use tlaurion/heads-dev-env:v0.0.7 which includes openssl in flake.nix for talos-2 board's linux config Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-02 13:02:50 -04:00
Thierry Laurion	76c20847da	CircleCI: add CircleCI step to source manually /devenv.sh in build_board additional step Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-02 13:02:31 -04:00
Thierry Laurion	70a9f93ddf	Revert "CirlceCI: use docker v0.0.6 which flake.nix jumped from zlib/zlib.dev to zlib-ng" This reverts commit 9052d2b562162183fa201ebf89c75be904d87281. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-02 13:02:26 -04:00
Thierry Laurion	53ca8d3554	CirlceCI: use docker v0.0.6 which flake.nix jumped from zlib/zlib.dev to zlib-ng Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-02 13:02:17 -04:00
Thierry Laurion	b45fc960cf	CircleCI: Test tlaurion/heads-dev-env:v.0.0.5 (created from flake develop) which fails at tpm2-tss - switch cache to nix-docker-heads to not interfere with nixos develop layer on same PR - remove nix develop calls; replace by direct script calls and make calls - make sure save/restore/root is ~/heads Signed-off-by: Thierry Laurion <insurgo@riseup.net> Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-02 13:02:07 -04:00
Thierry Laurion	05223ca6a3	CircleCI + Makefile: remove limitation to loadavg of 16 in Makefile, test CPUS=8 to maximize loadavg on CircleCI with 4 CPUs & 8GB ram See first lines of output of any make command. Change aimed to be respectful of CI resource (8GB ram 4CPUs) With CPUS=8 AVAILABLE_MEM_GB=4, CircleCI outputs: !!!!!! BUILD SYSTEM INFO !!!!!! System CPUS: 36 System Available Memory: 4 GB System Load Average: 12.99 ---------------------------------------------------------------------- Used CPUS: 8 Used LOADAVG: 8 Used AVAILABLE_MEM_GB: 4 GB ---------------------------------------------------------------------- MAKE_JOBS: -j8 --max-load 8 Variables available for override (use 'make VAR_NAME=value'): CPUS (default: number of processors, e.g., 'make CPUS=4') LOADAVG (default: same as CPUS, e.g., 'make LOADAVG=4') AVAILABLE_MEM_GB (default: memory available on the system in GB, e.g., 'make AVAILABLE_MEM_GB=4') MEM_PER_JOB_GB (default: 1GB per job, e.g., 'make MEM_PER_JOB_GB=2') ---------------------------------------------------------------------- Let's try without any limitation... Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-02 13:01:38 -04:00
Thierry Laurion	e5c55d79e3	CircleCI: have nitropad-nv41 build on top of prep_env, not x230-hotp-maximized Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-02 13:01:19 -04:00
Thierry Laurion	1174282bc4	ci: Prepend nix- to save and restore cache statements Until nix PR is merged to not interfere with master/other pr caches Signed-off-by: Manuel Mendez <github@i.m.mmlb.dev> Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-02 13:01:15 -04:00
Manuel Mendez	7169fab81b	ci: Switch image from debian to nix Signed-off-by: Manuel Mendez <github@i.m.mmlb.dev> Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-02 13:01:10 -04:00
Manuel Mendez	de3f4ec2a3	ci: Replace while loop with tail of multiple files Gives the exact same output: ``` docker run --rm -ti debian:11 bash -c ' mkdir -p build/subdir1/ build/subdir2 echo "subdir1 error" >build/subdir1/fail.log echo "subdir2 error" >build/subdir2/fail.log find build -type f -name "*.log" -exec tail -n +1 "{}" + ' ==> build/subdir1/fail.log <== subdir1 error ==> build/subdir2/fail.log <== subdir2 error ``` Signed-off-by: Manuel Mendez <github@i.m.mmlb.dev> Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-02 13:01:01 -04:00
Manuel Mendez	713eadc129	ci: Simple/mechanical tweaks to config file Got rid of long lines in favor of more lines for readability. Cleaned up some comments/typos and unnecessary cruft*. Finally ran prettier on the file for its automatic formatting, including whitespace clean ups. cruft: - && when already set -e - run commands with trailing \ - deleted commented out "OLD STUFF" - sorted listy looking things because unsorted stuff bothers me :) (I held back on sorting the board build definitions though, thats probably too much). Signed-off-by: Manuel Mendez <github@i.m.mmlb.dev> Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-05-02 13:00:56 -04:00
Thierry Laurion	d7915e1639	OpenSSL (libcrypto): patch so that crypto/buildinfo.h generated by perl script contains reproducible date and fake compiler_flags hardcode VERSION='reproducible_build' into generated configure script to get rid of generate random git abbrev 8/12 chars (could not find source) patches/openssl-3.0.8.patch: clean up tpm2-tools/tpm2-tss: hack configure scripts to not contain hardcoded libs and other rpath related strings, using sed instead of patching configure script like cryptsetup2 patch Will be clened up in other commits. Leaving here as trace for autotools sed patching for reproducible builds. CircleCI: change working dir from project->heads so that CircleCI and local builds are from heads directory, helping reproducible builds TODO: change other patches a well and generalize to gpg toolstack, removing patches that are a maintainership burden. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-04-03 13:48:47 -04:00
Thierry Laurion	7fe2f9dcb2	CircleCI: save_cache depends on librem_14 instead of nitropad-nv41 (so more boards can be built reusing cache and where nv41 will be rebuilt if coreboot level cache was not saved) Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-03-25 16:40:21 -04:00

1 2 3 4

176 Commits