Download coreboot toolchain archives into packages/<arch> before
coreboot tries to download them. This allows us to use mirrors to get
the archives. We could also update the primary source this way if it
goes down instead of patching coreboot itself (has happened for IASL).
The archive versions and digests are retrieved from the coreboot
module, so there isn't another copy of that info to maintain. That is
done in bin/fetch_coreboot_crossgcc_archive.sh, which uses the
existing fetch script to do the actual download, leveraging mirrors.
bin/fetch_source_archive.sh supports using a SHA-1 digest instead of
SHA-256, since coreboot has SHA-1 digests. It also checks if the file
already exists (deleting the coreboot directory will cause it to be
re-run, but the packages are already there and can be used from cache).
The coreboot-4.11 IASL patch is updated to delete the outdated acpica
archive digest (it already added the new one, but the old one was still
there). bin/fetch_coreboot_crossgcc_archive.sh finds the archive
version and digest from the digest files, so only one acpica file must
be present.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
kgpe-d16 and librem-l1um depend on 4.11 still today in tree, even though building is successful only on debian-10.
Fixing so people building 4.11 today are still successful.
4.19+ already depends on github.com releases tarballs.
REF: https://review.coreboot.org/c/coreboot/+/76399
Heads build system is reextracting archives and reapplying patches on each iteration.
CircleCI optimizes building time by providing cache mechanisms and forces users to build a target under an hour.
This is to force Open Source projects (free tier) to not be leechers of the free tier.
In the past days, CircleCI bails on building coreboot 4.11 boards because some files being cached are already being present (created files from patches).
In those, two files were unwanted artifacts, recreated on top of coreboot 4.11 extracted original files (undesired .orig files), while bailing on the creating of src/security/tpm/sha1.c from patches/coreboot-4.11/0001-Add-Heads-TPM-measured-boot-support.patch.
Hopefully, this is CircleCI having a maximum of 3 automatically entered input (it fails on the 3rd)... And this fix will permit src/security/tpm/sha1.c and src/security/tpm/sha1.h to be skipped if existing.
Below, we see that CircleCI fills patch prompts with EOF 2 times, and then waits for input and then timeouts.
Here is the failing log trace from https://app.circleci.com/pipelines/github/tlaurion/heads/990/workflows/f2a430fd-dc8c-4e95-abe3-364a0e825533/jobs/4914/parallel-runs/0/steps/0-103:
Exerpt of that log:
if [ -d patches/coreboot-4.11 ] && [ -r patches/coreboot-4.11 ] ; then for patch in patches/coreboot-4.11/*.patch ; do echo "Applying patch file : $patch " ; ( cd /root/project/build/coreboot-4.11/ ; patch -p1 ) < $patch || exit 1 ; done ; fi
Applying patch file : patches/coreboot-4.11/0000-cpu-x86-smm-Use-PRIxPTR-to-print-uintptr_t.patch
patching file src/cpu/x86/smm/tseg_region.c
Applying patch file : patches/coreboot-4.11/0001-Add-Heads-TPM-measured-boot-support.patch
patching file src/Kconfig
The next patch would create the file src/Kconfig.orig,
which already exists! Assume -R? [n] EOF
Apply anyway? [n] EOF
Skipping patch.
1 out of 1 hunk ignored
patching file src/include/program_loading.h
patching file src/lib/cbfs.c
patching file src/lib/hardwaremain.c
Hunk #2 succeeded at 549 (offset 8 lines).
patching file src/lib/rmodule.c
patching file src/security/tpm/Makefile.inc
The next patch would create the file src/security/tpm/sha1.c,
which already exists! Assume -R? [n] make: *** [Makefile:507: /root/project/build/coreboot-4.11/.canary] Hangup
context deadline exceeded
- Add kgpe-d16 patch to remove HID for PCI devices (successful build on top of #1101 and #1012 per https://app.circleci.com/pipelines/github/tlaurion/heads/937/workflows/de49bea0-3f58-4a91-8891-87622f5a0eed)
- CircleCI modified to build for coreboot 4.11 kgpe-d16_workstation on top of 4.15 passed workspace
- CircleCI modified so that we still archive all the logs in artifacts for the current build even if failing. We now exit 1 after having archived all the log files under build/
- remove https patch that was made as temporarily fix for bad cert
- upgrade crossgcc's iasl to 2021 so toolchain can be built on debian 11+
- make iasl report itself as being part of coreboot crossgcc build stack.
- remove acpinames from buildgcc make jobss
- add missing string include for binutils gold
- add gnat statements workarounds
- patch Librem L1UM ACPI for newer IASL
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
cp config/linux.. ./build/linux*/.config
cd build/linux*
make savedefconfig
cp defconfig ../../config/linux..
Resulting in only linux-kgpe-d16_workstation.config being updated.
For KGPE-D16 workstation boards:
Remove `console=tty0` from `CONFIG_BOOT_KERNEL_ADD` as was blocking Qubes graphical installer (CLI installer was launched).
Comment out `export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles"` to provide a more desktop like experience.
Removed 0001-cpu-x86-smm-Use-PRIxPTR-to-print-uintptr_t.patch as already exists as 0000-cpu-x86-smm-Use-PRIxPTR-to-print-uintptr_t.patch
Added 0020-kgpe-d16_measured-boot-support.patch for coreboot 4.11
Fix TPM errors when microcode is measured by initialising TPM earlier and loading the microcode later.
Thanks to Michał Żygowski <miczyg1> for condition suggestion: `if (CONFIG(MEASURED_BOOT) && CONFIG(LPC_TPM) && boot_cpu())`
Locate bootblock location and size with CBFS API. Credit to: Michał Żygowski <miczyg1>
Bring patches/coreboot-4.11 on par with master
Removed patches/coreboot-4.11/0020-kgpe-d16-vboot.patch
Removed Vboot options from KGPE-D16 coreboot configs
Enabled TPM in kgpe-d16 board configs
Enabled measured boot in kgpe-d16 coreboot configs.
Added support for video cards that require nouveau, radeon and amdgpu drivers in linux-kgpe-d16_workstation.config
`nouveau.config=NvForcePost=1` to be added to kexec'd kernels for better Nvidia card support.
Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC
Adding dual console to OpenBmc and tty0
putting kgpe-d16-coreboot.conf in defconfig format
NO_HZ wasn't included in kernel config. Adding it.
Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation
Removing serial configuration and static IP stuff since we have a workstation here.
Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then.
Placing files in good directories
Corrrect flashrom options for kgpe-d16 server and workstation boards
kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ
kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server
kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH.
kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation)
kgpe-d16_workstation in defconfig format
kgpe-d16 boards: pass from GPG to GPG2 board definitions
kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode
kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output
kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging
kgpe-d16 : expressively export CONFIG_TPM=n
kgpe-d16_wokstation gui-init variables were missing
kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized
linux-kgpe-d16*: add support for Pike
kgpe-d16_workstation-usb_keyboard board support addition
kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based
GitlabCI: kgpe-d16 fixes and upstream merge of change
kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment
kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file
KGPE-D16: community work migration to coreboot 4.11 to fix issue #740
KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per https://github.com/osresearch/heads/pull/709
kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637
kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch
kgpe-d16 boards: add Linux kernel version where missing.
CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master
coreboot module: typo correction (tabs vs spaces)
CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds
CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large"
CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support
At this stage:
- job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32)
- "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node
CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console.
coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM)
coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram.
CircleCI & coreboot config: fix merge conflict rebasing on master
coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599
Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for #867
* modules/coreboot: add option to use coreboot 4.11
Port patches from coreboot 4.8.1 to 4.11:
* 0000-measure-boot -> 0001
* 0010-cross-compiler-support
All other patches for coreboot 4.8.1 have either already been
integrated, or are for platforms which do not need to be migrated
to coreboot 4.11 (they will move to 4.12 or newer).
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
* patches/coreboot-4.11: Add Broadwell-DE platform patch
Add a patch for FSP Broadwell-DE to make use of Heads' measured boot.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
* patches/coreboot-4.11: Add patch to read serial # from CBFS
Will be used by multiple Librem boards.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
* patches/coreboot-4.11: add board support for Librem Server L1UM
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
* Librem Server L1UM: add new board
Add board config, coreboot config, kernel config files.
Add conditional purism-blobs dependency to coreboot-4.11 module.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
* flash.sh: add special handling for librem_l1um board
Add support for persisting PCIe config via PCHSTRP9 in flash descriptor.
This is needed to support multiple variants of the L1UM server which
use the same firmware but differ in PCIe lane configuration via the
PCH straps configuration in the flash descriptor.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
* patches/coreboot-4.11: Add 'Use PRIxPTR to print uintptr_t' patch
Cherry-picked from upstream coreboot (post-4.11), fixes compilation issue.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
* CircleCI: add target to build board librem_l1um
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>