As discussed in: linuxboot#1704
there is no need to include iotools module for nitropads.
Since there is no board using it, and we see no reason to use
it in the future (the EC udpate will not require it, as update
will be server by coreboot in the future), drop the module as well.
Signed-off-by: Maciej Pijanowski <maciej.pijanowski@3mdeb.com>
This commit effectively reverts commits a1c13ff and 902866cc. There is
no need for this special EC-based poweroff command. See more details in
issue linked below.
Fixes: https://github.com/Dasharo/dasharo-issues/issues/711
Signed-off-by: Maciej Pijanowski <maciej.pijanowski@3mdeb.com>
Update Purism coreboot to 24.02.01-Purism-1.
Remove CFLAGS overrides when building coreboot. These overrides break
24.02.01, which added (and needs) --param=min-pagesize=1024. This has
happened repeatedly in the past since Heads has to duplicate coreboot's
CFLAGS if it overrides them.
Specifically, the build fails with this error:
src/commonlib/include/commonlib/endian.h:27:26: error: array subscript 1 is outside array bounds of 'void[0]' [-Werror=array-bounds=]
27 | *(uint8_t *)dest = val;
| ~~~~~~~~~~~~~~~~~^~~~~
In function 'setup_default_ebda':
cc1: note: source object is likely at address zero
That's because coreboot is attempting to write to EBDA at physical
address 0x40e, just above 1024. That is a valid address for x86, but
it's too close to 0 by default for GCC, --param-min-pagesize=1024
allows writes to physical addresses above 1024.
coreboot shouldn't need any of the usual Heads CFLAGS overrides for
reproducibility; it is already reproducible.
Fix indentation in modules/coreboot. Make accepted it before because
the indented lines followed a variable assignment, so they couldn't
be part of a recipe. That assignment is now gone, so they're now
interprted as part of a recipe for the `.configured` target just above,
they should not be indented.
Add nss to flake.nix, needed as of 24.02.01.
Update Librem coreboot configs for 24.02.01-Purism-1. Notably, the
board Kconfig changed for Mini v2 in coreboot, so this is needed for
correct builds.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
intel_iommu=igfx_off is needed on the Heads kernel command line for
memtest86+ to work. Without this parameter, the screen blanks when
memtest86+ starts testing.
This is unique to Librem 11, probably because it is the only device
using FSP GOP for graphics init in coreboot. (libgfxinit does not yet
support Jasper Lake.)
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
- flake.lock: bumps lcoekd package list to latest packages list through 'nix flake update'
- flake.nix : comment out customizations of derivatives, removing canokey-qemu lib since qemu_full depends on qemu which depends on canokey-qemu by default now
- flake.nux: add 'less' so that 'git log' is usable
- circleci/config.yml: use docker v0.1.9
- README.md : update docker image maintainer notes to ease upstreaming of docker images and for others to play around, requiring dockerhub account
For testing iterations of this, I used:
docker_version="v0.1.9" && docker_hub_repo="tlaurion/heads-dev-env" && sed "s@\(image: \)\(.*\):\(v[0-9]*\.[0-9]*\.[0-9]*\)@\1\2:$docker_version@" -i .circleci/config.yml && nix --print-build-logs --verbose develop --ignore-environment --command true && nix build .#dockerImage && docker load < result && docker tag linuxboot/heads:dev-env "$docker_hub_repo:$docker_version" && docker push "$docker_hub_repo:$docker_version"
Then added final commit, and pushed.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
- Revert gnupg toolstack version bump to prior of #1661 merge (2.4.2 -> 2.4.0). Version bump not needed for reproducibility.
- Investigation and upstream discussions will take their time resolving invalid time issue introduced by between 2.4.0 and latest gnupg, fix regression first under master)
- oem-factory-reset
- Adding DO_WITH_DEBUG to oem-factory-reset for all its gpg calls. If failing in debug mode, /tmp/debug.txt contains calls and errors
- Wipe keyrings only (*.gpg, *.kbx) not conf files under gpg homedir (keep initrd/.gnupg/*.conf)
- flake.nix
- switch build derivative from qemu and qemu_kvm to qemu_full to have qemu-img tool which was missing to run qemu boards (v0.1.8 docker)
- add gnupg so that qemu boards can call inject_gpg to inject public key in absence of flashrom+pflash support for internal flashing
- flake.lock: Updated nix pinned package list under flake.lock with 'nix flake update' so qemu_full builds
- README.md: have consistent docker testing + release (push) notes
- .circleci/config.yml: depend on docker v0.1.8 (qemu_full built with canokey-qemu lib support, diffoscopeMinimal and gnupg for proper qemu testing)
TODO:
- some fd2 instead of fd1?!
- oem-factory-resest has whiptail_or_die which sets whiptail box to HEIGHT 0. This doesn't show a scrolling window on gpg errors which is problematic with fbwhiptail, not whiptail
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
PR numbers being numerical and hopefully not conflicting with each other, keeping track of commits per their upstream PR should make sure they can be applied cleanly on top of each other
as opposed to commit id related patches that git apply will apply in random order.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
