Trammell hudson
0cc31132d3
Allow initrd.cpio to be a separate EFI firmware volume (issue #257 )
...
Add a function to walk all firmware volumes looking for a well
known GUID that is the initrd.cpio image. Currently it must be
uncompressed.
2017-09-22 15:13:41 -04:00
Trammell hudson
03d21da268
generate 512-byte padded xz files
2017-09-22 15:09:57 -04:00
Trammell hudson
91ef9aeefa
Make megaraid a module so that it does not delay normal boots (issue #253 )
2017-09-21 16:54:48 -04:00
Trammell hudson
a1c9bbb9ff
Enable MegaRaid and XFS support (issue #253 )
2017-09-21 16:18:17 -04:00
Trammell hudson
0b7e5e60a0
quiet down the output to the vga, since it is so slow to update
2017-09-21 10:34:35 -04:00
Trammell hudson
f7de7d7388
Enable all flashrom devices (issue #249 ).
...
This allows flashrom to work on the r630 NERF server, but
also increases the size of the flashrom executable significantly
since it brings in all chipset and flash types.
2017-09-21 10:26:11 -04:00
Trammell hudson
607868c0b5
document how to extract and unlock regions from r630.rom (issue #259 )
2017-09-21 10:24:16 -04:00
Trammell hudson
ddbdcd4d4d
remove unneeded foo.vol.txt output from GenVol
2017-09-21 09:34:16 -04:00
Trammell hudson
8148c970fb
expand the NERF volume to fill all available space in the ROM (issue #242 )
2017-09-20 18:59:24 -04:00
Trammell hudson
9596e73dfc
make edk2 a dep for building the DXE images
2017-09-20 18:33:05 -04:00
Trammell hudson
796ea2870a
build appears to produce a NERFed r630 firmware image
2017-09-20 18:24:54 -04:00
Trammell hudson
998736fc50
initial tools to build the nerf EFI volume that goes into the firmware
2017-09-20 17:47:48 -04:00
Trammell hudson
3a8710cf49
unquiet it for now
2017-09-20 17:47:12 -04:00
Trammell hudson
04a108912f
ignore edk2 generated files
2017-09-20 17:46:56 -04:00
Trammell hudson
81a7f18b86
build edk2 as a module for the r630 NERF firmware
2017-09-20 14:26:38 -04:00
Trammell hudson
bda821dbb9
fix patches to have the correct -p level
2017-09-20 14:26:07 -04:00
Trammell hudson
8194f2f477
allow extra options to git via the repo variable
2017-09-20 14:25:19 -04:00
Trammell hudson
33c1c9147e
ACPI tables for the r630 NERF firmware
2017-09-20 10:34:25 -04:00
Trammell hudson
a4d7654b1e
Build the Heads/NERF firmware for the Dell R630 server.
...
This development branch builds a NERF firmware for the Dell R630
server. It does not use coreboot; instead it branches directly
from the vendor's PEI core into Linux and the Heads runtime
that is setup to be run as an EFI executable.
2017-09-20 10:29:14 -04:00
Trammell hudson
498105c979
enable i915 native support (needed for Librem 13v2)
2017-09-06 19:07:02 -04:00
Trammell Hudson
9d9af31e58
fix typo and format with markdown (issue #206 )
2017-07-27 06:26:04 -04:00
Trammell Hudson
314ce7b350
bump Linux kernel to 4.9.38 (issue #224 )
2017-07-18 14:25:15 -04:00
Trammell Hudson
fcc99eca93
include version number in verify target (issue #228 )
2017-07-18 14:03:43 -04:00
Trammell Hudson
b550a7f967
rework startup scripts to combine totp prompt with boot mode selection (issue #221 )
2017-07-18 13:44:02 -04:00
Trammell Hudson
3e48f1c5e8
tweaks to make qemu run through the /bin/generic-init process
2017-07-18 13:42:19 -04:00
Trammell Hudson
36e3172c8e
disable i915 for now, since it causes screen glitches in Xen/Qubes (issue #219 )
2017-07-18 13:32:57 -04:00
Trammell Hudson
3c8adf2cf1
remove no longer required vga patch from xen (issue #227 )
2017-07-18 13:31:08 -04:00
Trammell Hudson
7aec9a2288
add support for i915 and render mode setting (issue #219 )
2017-07-18 10:10:55 -04:00
Trammell Hudson
39ade211ce
add support for fractional second timeouts in busybox read (issue #221 )
2017-07-18 09:11:05 -04:00
Trammell Hudson
f0913e9670
Merge branch 'flammit-usb-boot' pull request #200
2017-07-17 12:43:53 -04:00
Trammell Hudson
af3170ebf7
remove trailing / on the /boot device parameter
2017-07-17 12:43:14 -04:00
Trammell Hudson
831dca5124
remove older qubes-specific files, no longer required in generic boot env
2017-07-17 12:31:58 -04:00
Trammell Hudson
22282da905
default to mounting USB device on /media
2017-07-17 12:24:15 -04:00
Trammell Hudson
86f3e9f5dc
add /boot and /media to /etc/fstab on startup (issue #220 )
2017-07-17 12:22:48 -04:00
Trammell Hudson
ba98d5dda6
Merge branch 'usb-boot' of https://github.com/flammit/heads into flammit-usb-boot
2017-07-17 08:52:48 -04:00
Francis Lam
11aca354e9
Fixed edge case in kernel argument injection
...
Debian 9 installer doesn't have kernel arguments so the iommu fix
wasn't being applied properly.
2017-07-13 00:33:49 -04:00
Francis Lam
2a9ca6fdba
Fixed regression on kexec-save-key
2017-07-12 00:43:08 -04:00
Francis Lam
22a52ec4b8
Added TPM secret management to generic boot
...
Also cleaned up error handling and boot parsing edge cases
2017-07-12 00:17:45 -04:00
Francis Lam
d67360a24b
Added rollback protection to generic boot
...
Changed the checking of required hashes or required rollback state
to be right before boot, allowing the user to sign/set defaults
in interactive mode.
Also cleaned up usages of recovery and fixed iso parameter
regression.
2017-07-08 16:59:37 -04:00
Francis Lam
8004b5df2a
Added the ability to persist a default boot option
...
Similar to qubes-update, it will save then verify the hashes of
the kexec files. Once TOTP is verified, a normal boot will verify
that the file hashes and all the kexec params match and if
successful, boot directly to OS.
Also added a config option to require hash verification for
non-recovery boots, failing to recovery not met.
2017-07-04 19:49:14 -04:00
Francis Lam
ce4b91cad9
Minor tweaks to signing params and boot options
...
Also split out usb-scan to allow manual initiation of scan from
the recovery shell
2017-07-03 13:07:03 -04:00
Francis Lam
3614044fff
Added a generic boot config and persistent params
...
Refactored boot parsing code and applied that in local-init to
scan /boot for grub options and allow the user to unsafely boot
anything. This goes a long way to addressing #196 .
Optionally the user can customize those boot parameters or enforce
arbitrary hashes on the boot device by creating and signing config
files in /boot/ or /media/ or /media/kexec_iso/ISO_FILENAME/.
2017-07-02 23:01:04 -04:00
Francis Lam
76a20288a3
Tweaks to allow qubes install w/o custom script
...
usb-boot automatically uses internal xen binary / command line
when multiboot is detected.
also tweaked to evaluate/remove variable refs in kexec arguments
2017-07-02 14:27:02 -04:00
Trammell Hudson
7e5c9bf5f8
fix Xen reproducibility by not using figlet #207
2017-06-26 16:33:49 -04:00
Francis Lam
7f6f365afe
Reverted submodule name back to xen
2017-06-26 13:07:48 -04:00
Francis Lam
e1e654696b
Fixes the patched qubes-vmm-xen Makefile
...
Prevents subsequent builds from trying to unpack/repatch
2017-06-25 18:35:59 -04:00
Francis Lam
c2ec62bfcd
Changed xen submodule to track Qubes Xen
...
Closes #159
2017-06-23 23:01:20 -04:00
Trammell Hudson
265424b101
do not enable libkmod (issue #164 )
2017-06-13 10:45:33 -04:00
Trammell Hudson
a5d4c65533
use SHA256 digest on signatures to avoid SHA1 collision attacks (issue #120 )
2017-05-04 11:19:50 -04:00
Trammell Hudson
2b2c00e594
typo in comment
2017-05-01 10:52:49 -04:00