Commit Graph

296 Commits

Author SHA1 Message Date
tlaurion
dff4f9f321 Revert "Add new board: Purism Librem Mini ()"
This reverts commit 268fb90623.
2020-09-02 20:37:02 -04:00
tlaurion
480a2e1130
modules/fbwhiptail: fixate to latest commit ID to make sure Heads commit would produce the same binary signature long term. () 2020-09-02 14:41:29 -04:00
MrChromebox
268fb90623
Add new board: Purism Librem Mini ()
* patches/coreboot-4.12: Add patch for Cannonlake ME status

Add patch print ME status regardless of enablement state

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules: add purism-blobs module

Rather than require users to manually run a script to download the required
blobs to build Purism Librem boards, automate it so the correct version
is automatically downloaded/extracted. Restrict to coreboot 4.12 for now
since 4.8.1 still needs FSP blobs, which are not in module.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* configs/linux-librem13v2: unset CONFIG_RETPOLINE

Fixes compilation issue with newer kernels, ignored by older ones
which don't need it

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* Add new board: Librem Mini

Add Librem Mini board patch for coreboot 4.12, board config and
coreboot config. Continue reusing existing librem13v2 Linux config,
same as all other Librem boards currently. Use new purism-blobs module.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* board/librem*: rename for consistency

Use 'librem_<board>' notation for consistency across all models.
Rename linux config file since used by multiple Librem models.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* CircleCI: add librem_mini board to test

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-09-02 14:39:37 -04:00
MrChromebox
f23ced0a3b
Support Multiple Kernel Options ()
* modules/linux: Add support for multiple kernel versions

Follow same pattern as used for coreboot. Add existing kernel version
as default for all existing boards.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules/linux: Add option to use 4.19 LTS kernel

Add option to use kernel 4.19.139 (current LTS version).
Duplicate existing patches from 4.14.62 as they all apply cleanly.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-08-20 19:26:48 -04:00
tlaurion
b14e564ac9
Fix CircleCI build problems ()
* CircleCI: debian:10 docker based. Give possitility to override CACHE_VERSION through CircleCI when needed
* Makefile: fix  with implementation of @osresearch's recommended https://github.com/osresearch/heads/issues/799#issuecomment-673059028
* modules/coreboot : indentation fix and putting version hashes together to facilitate future maintainership.
2020-08-20 15:15:46 -04:00
Matt DeVillier
5f9e59afae
modules/coreboot: Add option to build with coreboot 4.12
Add version and hash for coreboot and coreboot-blobs modules.
Adjust to use own toolchain, fix blobs path and extraction depth.

Test: build Librem 13v4 using both coreboot 4.8.1 and coreboot 4.12
(after adjusting board defconfig), verify correct toolchains used to
build each, and that teh result is a bootable ROM.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-08-13 09:51:22 -05:00
Matt DeVillier
d6292015a1
modules/hotp-verification: Update and drop patch
Update to nitrokey-hotp-verification master (c0956cf) and drop
existing patch which is no longer needed.

Test: clean build for Librem 13v2

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-30 14:26:59 -05:00
Matt DeVillier
efe30b72bf
modules/hotp-verification: update to upstream master
Update hotp-verification to Nitrokey upstream commit 03a198c4.

Test: build/boot Librem 13v4, verify Librem key verification functional.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-23 19:59:46 -05:00
tlaurion
7ea13ee000
Merge pull request from Nitrokey/hotp-neutral
Fix branding issue with HOTP USB Security Dongles
2020-07-23 15:05:13 -04:00
tlaurion
9719510f39
Merge pull request from tlaurion/coreboot_481
coreboot: 4.8.1 fixed in Makefile, coreboot module and board configs
2020-07-12 11:51:15 -04:00
Thierry Laurion
5f067ea908
coreboot: 4.8.1 fixed in Makefile, coreboot module and board configs (coreboot_481) to facilitate newer coreboot version integration and testing without breaking old fixed boards 2020-07-10 12:37:11 -04:00
Matt DeVillier
5cb45bbc99
Revert "upgrade gpg toolstack to latest versions"
This reverts commit 972c25de7d.

This commit broke OEM factory reset functionality, so revert it
until the issue can be properly diagnosed.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-07 17:50:45 -05:00
Szczepan Zalega
9c9edb0cfc
Remove pkg-config and git version use 2020-06-30 16:00:04 +02:00
alex-nitrokey
53dc659c01
Replace libremkey_htop_* by hotp_* 2020-06-25 15:35:47 +02:00
alex-nitrokey
73c9d6efc8
Merge branch 'hotp-verification-update' into hotp-neutral-merge 2020-06-24 18:17:54 +02:00
alex-nitrokey
38ba257063
Include upstream updates of hotp_verification 2020-06-24 16:31:22 +02:00
alex-nitrokey
4069619ead
Rename libremkey-hotp-verification module 2020-06-11 15:54:10 +02:00
alex-nitrokey
fc8c7b0e64
Merge branch 'hotp-verification-update' into hotp-neutral 2020-06-11 15:44:53 +02:00
alex-nitrokey
1ba73ac1d5
Rename CONFIG_LIBREMKEY to CONFIG_HOTPKEY 2020-06-11 15:29:51 +02:00
alex-nitrokey
0e349c565e
Update hotp-verification 2020-06-09 18:42:55 +02:00
Thierry Laurion
9090f1a1f9
libpng : moving archive download from sourceforge to github
Fixes 
2020-06-03 16:51:18 -04:00
Thierry Laurion
972c25de7d
upgrade gpg toolstack to latest versions
- Remove unrecognized configure options
- fixes gawk issue  by upgrading to libgpg-error 1.37 instead of patching 1.32 for regex change (fixed upstream)
- move patches so they match new versions for libassuan, gpg and libgcrypt (no change)

Version change:
- gpg 2.2.10 -> 2.2.20
- libassuan 2.5.1 -> 2.5.3
- libgcrypt 1.8.3 -> 1.8.5
- libgpg-error 1.32 -> 1.37

Size changes:
- gpg                   886.5 -> 911.3 kB
- gpg-agent:            371.9 -> 376.0 kB
- scdaemon:             399.5 -> 407.8 kB
- libgpg-error.so.0     125.9 -> 130.0 kB

Unrecognized options on gpg2 toolstack:
- disable-nls and disable-asm disable-keyserver-helpers disable-hkp disable-finger disable-dns-srv disable-dns-cert and disable-wks-server
2020-05-22 15:13:06 -04:00
tlaurion
0cd1a0d04c
Revert "GPG toolstack upgrade to latest available versions (Fixes Gawk issue)" 2020-05-22 14:55:41 -04:00
tlaurion
69c7b207ba
Merge pull request from tlaurion/gawk_test_over_latest_debian
GPG toolstack upgrade to latest available versions (Fixes Gawk issue)
2020-05-22 14:55:04 -04:00
Szczepan Zalega
2d50e01071
Make hotp-verification hashes same across two CIs
Move from CMake build system to GNU Make for hotp-verification
Change version to one supporting Makefile build

Fixes https://github.com/osresearch/heads/pull/724
Connected:
- https://github.com/Nitrokey/nitrokey-hotp-verification/issues/13
- https://github.com/osresearch/heads/pull/722
2020-05-22 15:17:04 +02:00
Thierry Laurion
241b0bc680
upgrade gpg toolstack to latest versions
- Remove unrecognized configure options
- fixes gawk issue  by upgrading to libgpg-error 1.37 instead of patching 1.32 for regex change (fixed upstream)
- move patches so they match new versions for libassuan, gpg and libgcrypt (no change)

Version change:
- gpg 2.2.10 -> 2.2.20
- libassuan 2.5.1 -> 2.5.3
- libgcrypt 1.8.3 -> 1.8.5
- libgpg-error 1.32 -> 1.37

Size changes:
- gpg 			886.5 -> 911.3 kB
- gpg-agent:		371.9 -> 376.0 kB
- scdaemon:		399.5 -> 407.8 kB
- libgpg-error.so.0	125.9 -> 130.0 kB

Unrecognized options on gpg2 toolstack:
- disable-nls and disable-asm disable-keyserver-helpers disable-hkp disable-finger disable-dns-srv disable-dns-cert and disable-wks-server
2020-05-20 13:19:51 -04:00
Matt DeVillier
b29447ef8f
modules/flashrom: update to v1.2 release
- Update flashrom module to v1.2.
- Drop Thinkpad x220 patch as it's now properly supported.
- Drop 'laptop=force_I_want_a_brick' from board FLASHROM_OPTIONS
  since it's no longer needed.
- Migrate kgpe-d16 patch.

The kgpe-d16 patch needed a complete overhaul when rebased against
flashrom v1.2, and needs close inspection/testing as a result.
The following changes were made from the previous patch:

- dropped addition of 4-byte addressing (4BA), since now supported
- dropped addtiion of Macronix MX25L256 and MX66L512 chips,
  since now supported
- added 4BA erase commands for Winbond W25Q256 chip
- dropped code to show progress indicator, since another PR already adds that

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-04-20 17:34:08 -05:00
tlaurion
f42b338de9
Merge pull request from flammit/coreboot-kgpe-d16
Fix coreboot build for kgpe-d16
2020-02-22 14:17:07 -05:00
Matt DeVillier
28fedf9a7e
modules/libremkey-hotp-verification: make reproducible
Modeled after modules/tpmtotp, use a specific git commit hash for
module libremkey-hotp-verification. Add hidapi as a submodule with
dummy/placeholder in modules (like coreboot-blobs), also specified
by git commit hash. Adjust libremkey-hotp-verification patch file
name so patch applied properly.

Addresses issue 

Test: build Librem 13v4

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-19 13:37:41 -06:00
Matt DeVillier
ad2395d3db
libremkey-hotp-verification: toolchain adjustments
Pass through new toolchain path via $(CROSS) so we can set the
c/c++ compiler paths correctly for CMake. Adjust patch to use
new paths, and fix compiler/linker paths to correct a libusb linking issue.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-01-22 12:03:05 -06:00
Francis Lam
ed3602f0ba
modules: maintain reproducibility by removing rpath 2020-01-16 09:36:42 -08:00
Francis Lam
d63d5b4508
modules: update to use full commit id
The short commit id can cause the tar archive potentially cause
the root directory in the archive to be named with the short id
causing the verification to fail
2020-01-16 09:30:48 -08:00
Francis Lam
23d0126407
kexec: update to 2.0.20
Fix issue with kexec failing to load the target kernel when
building with musl-cross-make
2020-01-16 09:30:15 -08:00
tlaurion
8e4b10922b
Merge pull request from osresearch/musl-cross-make
Use musl cross make for Heads, Linux, coreboot and edk2
2020-01-15 13:15:19 -05:00
Trammell hudson
6962bfda10
lvm2: turn off buffering, which prevents segfault with new musl ()
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-01-09 13:27:09 +01:00
Trammell Hudson
791d064397
musl-cross-make: replace all cross compilers with musl-cross-make
Signed-off-by: Trammell Hudson <hudson@trmm.net>
2020-01-08 17:08:15 +01:00
Trammell hudson
027ae39abe
modules: add module_tar_opt to allow different strip options
Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-12-03 10:48:10 +01:00
rofl0r
7370b75945 update musl-cross to 1952975
this should fix issues with compressed ELF header sections.
2019-12-02 23:03:14 +00:00
Trammell hudson
2980eb0522
pin msrtools and tpmtotp to current git heads
Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-10-29 13:36:04 +01:00
Trammell hudson
e5038e6adf
musl-cross: crossgcc binary changed names ()
Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-10-29 13:26:23 +01:00
Trammell hudson
56aa508b8d
musl-cross: pin to a specific checkout ()
Add `--strip 1` to tar file extraction in the `Makefile`,
which ensures that the directory name in `build/` will
match the one listed in `$($(MODULE)_dir)`.

Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-10-29 13:15:56 +01:00
Trammell hudson
a37e1f434d
add Intel msrtools commands 2019-07-30 15:36:57 +02:00
tlaurion
6080219d85
tabs required instead of spaces... 2019-04-27 13:40:12 -04:00
Thierry Laurion
a15504b414
Fedora 30 fix for pinentry: remove gtk and gnome3 support. TODO: remove all unneeded config options for ALL modules 2019-04-27 13:36:05 -04:00
tlaurion
64c830e652
Merge branch 'master' into make-4.2.1 2019-04-22 21:53:43 -04:00
tlaurion
6612352a60
Merge pull request from strugee/better-mirror-url
Improve mirror URLs
2019-02-28 16:12:25 -05:00
tlaurion
695993b593
Merge branch 'master' into gpg2 2019-02-08 13:29:02 -05:00
Thierry Laurion
8dd1082808
module/pinentry: disable-pinentry-qt instead of qt5
else:
make[4]: Entering directory '/home/user/heads/build/pinentry-1.1.0/qt'
g++ -DHAVE_CONFIG_H -I. -I..  -I//include -I//include  -I.. -I../secmem  -I../pinentry -Wall -I/home/user/heads/install/usr/include -I/home/user/heads/install/usr/include/QtCore -I/home/user/heads/install/usr/include/QtGui -DQT_SHARED  -g -O2 -MT pinentrydialog.o -MD -MP -MF .deps/pinentrydialog.Tpo -c -o pinentrydialog.o pinentrydialog.cpp
In file included from pinentrydialog.cpp:24:
pinentrydialog.h:27:10: fatal error: QDialog: No such file or directory
2019-01-29 11:18:14 -05:00
Itay Grudev
3bc79495bb
Disabled libsecret support in the pinentry module 2019-01-29 11:16:26 -05:00
Thierry Laurion
44d566a72a
pinentry-tty path needs to be known from gpg-agent 2019-01-26 11:51:59 -05:00