Commit Graph

1138 Commits

Author SHA1 Message Date
Matt DeVillier
0cae2d7805
kexec-save-default: guard TPM LUKS usage with config option
Add CONFIG_TPM_NO_LUKS_DISK_UNLOCK to allow Librem boards to opt
out of using TPM to store LUKS key, and use it to guard the user
option to add the disk encryption key to the TPM.

Select this option for all Librem boards; all other boards which
select CONFIG_TPM=y will have no change in functionality.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-06-08 11:40:55 -05:00
tlaurion
3dbf1f5f39
Merge pull request #744 from tlaurion/CIs_reusable_cache_typo_fix
CircleCI: fix save_cache (save and restore were not identical)
2020-06-08 09:43:35 -04:00
tlaurion
53071ce183
CircleCI: fix typos (save_cache and restore_cache not identical) 2020-06-08 09:42:01 -04:00
tlaurion
872ac38fbb
Merge pull request #743 from tlaurion/CIs_reusable_cache_fix
CircleCI: fix save_cache
2020-06-07 21:57:20 -04:00
tlaurion
7941dac328
CIs: Replace cache fingerprints so cache is reusable between builds (fix save_cache) 2020-06-07 21:55:45 -04:00
tlaurion
27fe438261
Merge pull request #742 from tlaurion/CIs_reusable_cache
CIs: Replace cache fingerprints so cache is reusable between builds
2020-06-07 17:00:24 -04:00
Thierry Laurion
11a0fdc061
CIs: Replace cache fingerprint with username of the user launching the build to make it reusable between PRs 2020-06-07 16:39:38 -04:00
tlaurion
9311eec4f4
Merge pull request #738 from tlaurion/CIs_add_t430
CIs: add t430 and t430-flash boards to CircleCi and GitlabCI
2020-06-07 13:52:22 -04:00
Thierry Laurion
dcbeb26e03
CIs: move qemu-coreboot to be built last, add t430 and t430-flash boards to CIs 2020-06-06 12:35:13 -04:00
tlaurion
f095ab0fcb
Merge pull request #736 from tlaurion/libpng_download_from_github
Libpng download from GitHub
2020-06-03 16:52:19 -04:00
Thierry Laurion
9090f1a1f9
libpng : moving archive download from sourceforge to github
Fixes #735
2020-06-03 16:51:18 -04:00
tlaurion
78053b9ec1
Merge pull request #729 from tlaurion/CIs-cache_restriction-artifacts_cleanup
CIs: restrict cache, clean past build artifacts.
2020-05-24 23:21:03 -04:00
Thierry Laurion
7600ce4bff
GitlabCI: restrict cache, store cleaned build artifacts for x230* and qemu-coreboot 2020-05-24 22:16:19 -04:00
tlaurion
488d6529e4
Merge pull request #670 from flawedworld/patch-1
Add ability to change CMOS values for X230
2020-05-24 13:58:49 -04:00
tlaurion
3895318749
Merge pull request #728 from tlaurion/add_gitlabci_ci_integration
Add Fedora 30 gitlab-ci CI configuration building x230-hotp-verification
2020-05-24 13:47:15 -04:00
tlaurion
c66fed1bac
Merge branch 'master' into add_gitlabci_ci_integration 2020-05-24 13:45:15 -04:00
tlaurion
b1840e8b73
Merge pull request #727 from tlaurion/add_gitlabci_ci_integration
Add gitlabci ci integration
2020-05-24 12:32:53 -04:00
tlaurion
4245aec857
Merge pull request #706 from tlaurion/network-init-recovery_dhcp-ntp
network-init-recovery script: Request IP from DHCP, NTP time
2020-05-24 11:33:23 -04:00
Thierry Laurion
b88daa7710
Add Fedora 30 gitlab-ci CI configuration building x230-hotp-verification 2020-05-24 10:04:16 -04:00
tlaurion
f1f92a0fec
Merge pull request #726 from tlaurion/gawk_test_over_latest_debian_redo
upgrade gpg toolstack to latest versions
2020-05-22 15:17:09 -04:00
Thierry Laurion
972c25de7d
upgrade gpg toolstack to latest versions
- Remove unrecognized configure options
- fixes gawk issue #668 by upgrading to libgpg-error 1.37 instead of patching 1.32 for regex change (fixed upstream)
- move patches so they match new versions for libassuan, gpg and libgcrypt (no change)

Version change:
- gpg 2.2.10 -> 2.2.20
- libassuan 2.5.1 -> 2.5.3
- libgcrypt 1.8.3 -> 1.8.5
- libgpg-error 1.32 -> 1.37

Size changes:
- gpg                   886.5 -> 911.3 kB
- gpg-agent:            371.9 -> 376.0 kB
- scdaemon:             399.5 -> 407.8 kB
- libgpg-error.so.0     125.9 -> 130.0 kB

Unrecognized options on gpg2 toolstack:
- disable-nls and disable-asm disable-keyserver-helpers disable-hkp disable-finger disable-dns-srv disable-dns-cert and disable-wks-server
2020-05-22 15:13:06 -04:00
tlaurion
183007e16e
Merge pull request #725 from osresearch/revert-714-gawk_test_over_latest_debian
Revert "GPG toolstack upgrade to latest available versions (Fixes Gawk issue)"
2020-05-22 14:57:02 -04:00
tlaurion
0cd1a0d04c
Revert "GPG toolstack upgrade to latest available versions (Fixes Gawk issue)" 2020-05-22 14:55:41 -04:00
tlaurion
69c7b207ba
Merge pull request #714 from tlaurion/gawk_test_over_latest_debian
GPG toolstack upgrade to latest available versions (Fixes Gawk issue)
2020-05-22 14:55:04 -04:00
Thierry Laurion
83f2a20cbc
Merge branch 'master' of https://github.com/osresearch/heads into add_gitlabci_ci_integration 2020-05-22 14:47:15 -04:00
Thierry Laurion
fdbac6637f
Add gitlab-ci CI configuration which builds for x230-hotp-verification for the moment 2020-05-22 14:46:24 -04:00
tlaurion
69160699a3
Merge pull request #724 from szszszsz/repro-gitlab-circleci-pr-upstream
Make hotp-verification build reproducible across CIs
2020-05-22 14:35:27 -04:00
tlaurion
577fd806d7
Merge pull request #722 from tlaurion/x230-hotp-verification
board: x230-hotp-verification (includes libremkey-hotp-verification)
2020-05-22 13:34:16 -04:00
Szczepan Zalega
2d50e01071
Make hotp-verification hashes same across two CIs
Move from CMake build system to GNU Make for hotp-verification
Change version to one supporting Makefile build

Fixes https://github.com/osresearch/heads/pull/724
Connected:
- https://github.com/Nitrokey/nitrokey-hotp-verification/issues/13
- https://github.com/osresearch/heads/pull/722
2020-05-22 15:17:04 +02:00
Thierry Laurion
d5083f410c
x230-hotp-verification: Add x230-hotp-verification board to have a HOTP supported remote attestation for Nitrokey Pro 2, Nitrokey Storage 2 and Librem Key 2020-05-21 18:06:19 -04:00
Thierry Laurion
241b0bc680
upgrade gpg toolstack to latest versions
- Remove unrecognized configure options
- fixes gawk issue #668 by upgrading to libgpg-error 1.37 instead of patching 1.32 for regex change (fixed upstream)
- move patches so they match new versions for libassuan, gpg and libgcrypt (no change)

Version change:
- gpg 2.2.10 -> 2.2.20
- libassuan 2.5.1 -> 2.5.3
- libgcrypt 1.8.3 -> 1.8.5
- libgpg-error 1.32 -> 1.37

Size changes:
- gpg 			886.5 -> 911.3 kB
- gpg-agent:		371.9 -> 376.0 kB
- scdaemon:		399.5 -> 407.8 kB
- libgpg-error.so.0	125.9 -> 130.0 kB

Unrecognized options on gpg2 toolstack:
- disable-nls and disable-asm disable-keyserver-helpers disable-hkp disable-finger disable-dns-srv disable-dns-cert and disable-wks-server
2020-05-20 13:19:51 -04:00
tlaurion
fa35b3c557
Merge pull request #715 from tlaurion/circle_ci_based_on_debian_bullseye_with_x230-flash_and_reproducibility_troubleshooting_helpers
CIs: pass CircleCI to debian:bullseye docker image
2020-05-15 19:20:04 -04:00
tlaurion
2ee51d864c
Merge pull request #656 from fibreblazer/master
T430 Support
2020-05-15 19:19:00 -04:00
tlaurion
762e59eac3
Merge pull request #693 from SebastianMcMillan/patch-4
Fix X220 and T420 CBFS sizes
2020-05-15 19:16:52 -04:00
flawedworld
23735d729a Add T430 board support
Co-authored-by: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com>
Co-authored-by: Andrew Montoya <halossqwerty@gmail.com>
2020-05-15 18:52:11 +01:00
flawedworld
5a033fa80d T430 TPM Backport 2020-05-15 18:51:49 +01:00
tlaurion
950acf9355
Merge pull request #708 from tlaurion/qemu-coreboot-fbwhiptail_board
qemu-coreboot-fbwhiptail board addition
2020-05-14 23:07:07 -04:00
Thierry Laurion
29e28005ab
qemu-coreboot-fbwhiptail: removing of unneeded comments 2020-05-11 13:57:08 -04:00
Thierry Laurion
31a103fdae
Working config to do make BOARD=qemu-coreboot-fbwhiptail and then make BOARD=qemu-coreboot-fbwhiptail run 2020-05-11 13:56:40 -04:00
tlaurion
df89d16f7c
Merge pull request #707 from tlaurion/useful_qemu-coreboot_board
qemu-coreboot: finally a useable debug/test board
2020-05-04 17:07:30 -04:00
Thierry Laurion
040e358b2d
CIs: pass CircleCI to debian:bullseye docker image, provide logs.tar.gz and cpios to facilitate debugging of reproducibility issues 2020-05-04 14:55:36 -04:00
tlaurion
59b65d1069
Merge pull request #713 from tlaurion/acpica-unix2_revert_url_change
coreboot patch: revert acpica-unix2 url change
2020-05-03 23:42:38 -04:00
Thierry Laurion
15e19d0594
coreboot patch: remove acpica-unix2-20180531.tar.gz url change fix since acpica.org is now functional again while crux.ster.zone is not... 2020-05-03 23:39:15 -04:00
tlaurion
00a1a2bef6
Merge pull request #679 from MrChromebox/flashrom_1.2
modules/flashrom: update to v1.2 release
2020-05-01 17:55:43 -04:00
Thierry Laurion
ba68c723bf
qemu-coreboot: Now useful to debug something through make BOARD=qemu-coreboot. TODO: map a virtual TPM instance and USB passthrough. Thanks to @orangecms for the tip 2020-04-22 23:02:46 -04:00
Thierry Laurion
01dabe19e7
network-init-recovery: do DHCP, then ask NTP from DNS server before attempting sync on internet 2020-04-22 15:00:48 -04:00
Matt DeVillier
b29447ef8f
modules/flashrom: update to v1.2 release
- Update flashrom module to v1.2.
- Drop Thinkpad x220 patch as it's now properly supported.
- Drop 'laptop=force_I_want_a_brick' from board FLASHROM_OPTIONS
  since it's no longer needed.
- Migrate kgpe-d16 patch.

The kgpe-d16 patch needed a complete overhaul when rebased against
flashrom v1.2, and needs close inspection/testing as a result.
The following changes were made from the previous patch:

- dropped addition of 4-byte addressing (4BA), since now supported
- dropped addtiion of Macronix MX25L256 and MX66L512 chips,
  since now supported
- added 4BA erase commands for Winbond W25Q256 chip
- dropped code to show progress indicator, since another PR already adds that

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-04-20 17:34:08 -05:00
tlaurion
83c22f3e4a
Merge pull request #696 from tlaurion/acpica-unix2_fix
coreboot-4.8.1 : fix acpica-unix2 download
2020-03-17 09:18:58 -04:00
Thierry Laurion
58cb8df266
coreboot-4.8.1: acpica-unix2 cannot be downloaded per www.acpica.org since cert is signed by Intel which cert authority is unknown from older build systems... Cert was renewed March 10 2020. URL changed to crux.ster.zone 2020-03-15 18:45:33 -04:00
Sebastian McMillan
cc2eb8f207
Update coreboot-t420.config 2020-03-09 15:59:00 -05:00