Commit Graph

385 Commits

Author SHA1 Message Date
Trammell hudson
a4d7654b1e
Build the Heads/NERF firmware for the Dell R630 server.
This development branch builds a NERF firmware for the Dell R630
server.  It does not use coreboot; instead it branches directly
from the vendor's PEI core into Linux and the Heads runtime
that is setup to be run as an EFI executable.
2017-09-20 10:29:14 -04:00
Francis Lam
41f49237c6
Added configurable xen version for Qubes 4 support
also addresses issue #238
2017-09-13 22:10:46 -04:00
Trammell hudson
498105c979
enable i915 native support (needed for Librem 13v2) 2017-09-06 19:07:02 -04:00
Francis Lam
472ffd35c0
Moved kernel command line parameters to config 2017-09-02 14:13:29 -04:00
Johan Grip
6f48c14d0c Update X220 to do generic image instead of qubes.
Also added a script to extract the necessary blobs from a bios
dump image.
2017-08-04 22:48:27 +02:00
Trammell Hudson
314ce7b350
bump Linux kernel to 4.9.38 (issue #224) 2017-07-18 14:25:15 -04:00
Trammell Hudson
3e48f1c5e8
tweaks to make qemu run through the /bin/generic-init process 2017-07-18 13:42:19 -04:00
Trammell Hudson
36e3172c8e
disable i915 for now, since it causes screen glitches in Xen/Qubes (issue #219) 2017-07-18 13:32:57 -04:00
Trammell Hudson
7aec9a2288
add support for i915 and render mode setting (issue #219) 2017-07-18 10:10:55 -04:00
Trammell Hudson
831dca5124
remove older qubes-specific files, no longer required in generic boot env 2017-07-17 12:31:58 -04:00
Trammell Hudson
ba98d5dda6
Merge branch 'usb-boot' of https://github.com/flammit/heads into flammit-usb-boot 2017-07-17 08:52:48 -04:00
Francis Lam
22a52ec4b8
Added TPM secret management to generic boot
Also cleaned up error handling and boot parsing edge cases
2017-07-12 00:17:45 -04:00
Francis Lam
d67360a24b
Added rollback protection to generic boot
Changed the checking of required hashes or required rollback state
to be right before boot, allowing the user to sign/set defaults
in interactive mode.

Also cleaned up usages of recovery and fixed iso parameter
regression.
2017-07-08 16:59:37 -04:00
Francis Lam
8004b5df2a
Added the ability to persist a default boot option
Similar to qubes-update, it will save then verify the hashes of
the kexec files. Once TOTP is verified, a normal boot will verify
that the file hashes and all the kexec params match and if
successful, boot directly to OS.

Also added a config option to require hash verification for
non-recovery boots, failing to recovery not met.
2017-07-04 19:49:14 -04:00
Francis Lam
3614044fff
Added a generic boot config and persistent params
Refactored boot parsing code and applied that in local-init to
scan /boot for grub options and allow the user to unsafely boot
anything.  This goes a long way to addressing #196.

Optionally the user can customize those boot parameters or enforce
arbitrary hashes on the boot device by creating and signing config
files in /boot/ or /media/ or /media/kexec_iso/ISO_FILENAME/.
2017-07-02 23:01:04 -04:00
Francis Lam
7f6f365afe
Reverted submodule name back to xen 2017-06-26 13:07:48 -04:00
Francis Lam
c2ec62bfcd
Changed xen submodule to track Qubes Xen
Closes #159
2017-06-23 23:01:20 -04:00
Trammell Hudson
2b2c00e594
typo in comment 2017-05-01 10:52:49 -04:00
Johan Grip
8b3ed5fd7a
Added blob directory for non-free blobs Also basic documentation for the binaries needed for the X220 and how the get to them 2017-05-01 10:49:45 -04:00
Johan Grip
186b641385
Inital test of a lenovo x220 port. Uses hardcoded paths for the blobs required. Uses a stripped ME blob. 2017-05-01 10:49:38 -04:00
Trammell Hudson
2cad84a768
make the ME a module (issue #194) 2017-05-01 10:47:24 -04:00
Francis Lam
efd662c63a
adds a USB boot option with basic parsing to kexec
Supports booting from USB media using either the root device or
a signed ISO as the boot device.  Boot options are parsed with
quick/dirty shell scripts to infer kexec params.

Closes #195 and begins to address #196
2017-04-29 13:40:34 -04:00
Trammell Hudson
448d0731a9
cherry pick Linux config from zfs branch with multi-user set 2017-04-17 16:10:48 -04:00
Trammell Hudson
d73c92e63f
quiet down the boot process 2017-04-12 06:46:55 -04:00
Trammell Hudson
8c57ac59e7
x230-flash configuration and initialization 2017-04-11 07:16:20 -04:00
Trammell Hudson
85f0586615
build xen for the qemu image so that we can test kexec 2017-04-10 12:59:07 -04:00
Trammell Hudson
300b17fa25
add dropbear ssh to qubes and moc configurations (issue #169) 2017-04-07 09:53:02 -04:00
Trammell Hudson
830828f2a2
enable usb storage module (issue #160) 2017-04-06 09:45:47 -04:00
Trammell Hudson
cfcf6c46d5
Purism Librem 13v1 initial configuration 2017-04-05 14:13:40 -04:00
Trammell Hudson
3d79f51e4a
Build lvm command line utility (issue #80)
Replace libuuid with util-linux libuuid (and libblkid,
although we are not using libblkid right now).

This also requires a much larger coreboot cbfs, which was
fixed as part of issue #154.
2017-04-03 17:13:59 -04:00
Trammell Hudson
4c413a1737
enable file locking for LVM 2017-04-03 17:11:12 -04:00
Trammell Hudson
d335f24292
split x230 config into 4MB bootstrap image and 7MB runtime image (issue #156) 2017-04-03 14:53:29 -04:00
Trammell Hudson
f99944abe5
qubes init script and improved TPM disk encryption with LUKS headers (issue #123 and #6) 2017-04-01 23:02:00 -04:00
Trammell Hudson
3225501e84
remove power related busybox tools that do not work 2017-03-31 16:00:27 -04:00
Trammell Hudson
7045d02794
move to Linux 4.9.20 (issue #149) 2017-03-31 15:59:37 -04:00
Trammell Hudson
8544c5fe6d
busybox 1.26.2 update (issue #148) 2017-03-31 14:53:01 -04:00
Trammell Hudson
d6c553e884
typo in qemu description 2017-03-31 13:04:46 -04:00
Trammell Hudson
c40748aa25
Build time configuration for startup scripts and modules.
This addresses multiple issues:

* Issue #63: initrd is build fresh each time, so tracked files do not matter.
* Issue #144: build time configuration
* Issue #123: allows us to customize the startup experience
* Issue #122: manual start-xen will go away
* Issue #25: tpmtotp PCRs are updated after reading the secret
* Issue #16: insmod now meaures modules
2017-03-31 11:18:46 -04:00
Trammell Hudson
9feb094701
enable flashrom and pciutils to allow the boot ROM to be re-written (issue #17) 2017-03-30 14:35:30 -04:00
Trammell Hudson
bf94e4c416
include a nearly empty, but consistent, cpio file to ensure reproducible Linux builds (issue #142) 2017-03-30 10:16:13 -04:00
Trammell Hudson
418ceaf733
make USB a module, strip debug info (issue #139) 2017-03-28 17:05:04 -04:00
Trammell Hudson
8384201e9c
Change ethernet drivers to be modules and measure them when they are loaded.
This is a step towards unifying the server and laptop config (issue #139)
and also makes it possible to later remove the USB modules from the
normal boot path.
2017-03-28 16:32:58 -04:00
Trammell Hudson
1475148848
enable TCP SYN cookies (issue #138) 2017-03-28 11:46:17 -04:00
Trammell Hudson
e83ba0a0c7
enable futex for keylime 2017-03-27 18:52:31 -04:00
Trammell Hudson
f39dfd321d
enable dhcp and add helper script for lease setup 2017-03-27 15:56:10 -04:00
Trammell Hudson
edb4b4de50
enable raw sockets and the qemu network driver 2017-03-27 15:27:53 -04:00
Trammell Hudson
48adc3e4cd
enable wget 2017-03-27 14:25:34 -04:00
Trammell Hudson
279851e66d
started on extra features for MOC server initrd build 2017-03-20 14:57:22 -04:00
Trammell Hudson
b06b0331a0
started on extra features for MOC server kernel build 2017-03-20 14:52:39 -04:00
Trammell Hudson
4182c0e0aa
enable ISO9660 file systems and code page ISO8859-1 (issues #116 and #107) 2017-03-20 11:17:18 -04:00
Trammell Hudson
e4538785ec
enable read-only, no-execute for module data (issue #72) 2017-03-20 11:12:41 -04:00
Trammell Hudson
54cded7f59
pass extra parameters to xz to compress initrd.cpio for Linux kernel (issue #127) 2017-03-18 10:50:43 -04:00
Trammell Hudson
b81a20fb71
enable CONFIG_NET, to allow cryptsetup to work (issue #79) 2017-01-05 06:00:59 -05:00
Trammell Hudson
8ff56aff5a
Enable IOMMU by default (issue #75) and prune kernel features. 2017-01-04 18:38:45 -05:00
Trammell Hudson
45ba75949b
kernel 4.9 setup with framebuffer for x230 (issue #64) 2016-12-13 14:58:23 -05:00
Trammell Hudson
a6520772dc
Update Heads to use the 4.9 Linux LTS kernel.
No patches are required to boot 4.9 as a coreboot payload,
unlike the 4.7 kernel that required a head_64.S patch.

The new kernel is about 40 KB larger than the 4.7; the
config might be shrinkable.

Close issue #61.
2016-12-12 11:01:18 -05:00
Trammell Hudson
0aae22d67c
increase CBFS size for qemu builds to allow easier experimentation 2016-12-01 14:02:57 -05:00
Trammell Hudson
c98a392508
enable EPOLL for plymouth 2016-12-01 14:02:26 -05:00
Trammell Hudson
05056aefc0
include chmod (fix #30) 2016-11-29 14:29:38 -05:00
Trammell Hudson
e55a6a4df4
Rework Makefile a bit.
rename TARGET to BOARD (fix #55)
use .INTERMEDIATE trick to avoid building multiple times (fix #52)
Don't touch build/*/.config if we don't have to (fix #51)
2016-11-29 11:28:05 -05:00
Trammell Hudson
4a83273744 disable ACPI on qemu boots, this fixes #53 2016-11-29 11:22:47 -05:00
Trammell Hudson
4fbd6ca58b
Make coreboot building modular to support multiple boards.
This touches most of the module configurations since the
coreboot build process had to add a few new features.
The Linux kernel could make use of it as well if we need
separate x230/chell/qemu kernels, for instance.
2016-11-23 12:11:08 -05:00
Trammell Hudson
638329709e
include find and compression tools 2016-11-23 10:47:04 -05:00
Trammell Hudson
16bad1abd4
enable aes-xts in Heads kernel (issue #44) 2016-10-26 15:10:53 -04:00
Trammell Hudson
2663fc464b
updated for receent merge of coreboot master 2016-09-26 14:10:32 -04:00
Trammell Hudson
ab5fb03475
enable unicode on vt so that qrenc works 2016-09-09 18:32:44 -04:00
Trammell Hudson
0e16afe17a
update config after recent coreboot/coreboot merge 2016-09-09 13:27:20 -04:00
Trammell Hudson
47ad314798
enable CONFIG_USE_BLOBS to checkout non-free binary blobs submodule 2016-08-19 14:41:32 -04:00
Trammell Hudson
d857170e0f
Enable measured boot support 2016-08-16 17:44:51 -04:00
Trammell Hudson
c755b8431f
update for coreboot-git 2016-08-16 09:13:38 -04:00
Trammell Hudson
21268a4bb8
Updates for coreboot-git 2016-08-14 16:04:43 -04:00
Trammell Hudson
c84293ad62
4.7 is the new default kernel 2016-08-14 16:04:11 -04:00
Trammell Hudson
d85d72a0d7
enable a few more busybox tools 2016-08-06 17:14:56 -04:00
Trammell Hudson
377cb1415b
Add cdroms to Linux config, support 4.7 kernels 2016-08-05 12:25:00 -04:00
Trammell Hudson
69ede68ced
enable /dev/mem so that cbmem tool can work 2016-08-04 17:29:26 -04:00
Trammell Hudson
a81a002abb
Build and bundle the patched xen 4.6.3 kernel 2016-08-03 18:10:44 -04:00
Trammell Hudson
4589e5d1d3
copy the bzImage into the coreboot build directory 2016-08-02 21:59:14 -04:00
Trammell Hudson
62c544ea96
coreboot build (might) work; need to do a test from clean while online 2016-08-02 21:49:22 -04:00
Trammell Hudson
3fde9759f3
coreboot-4.4 binary blobs 2016-08-02 21:39:24 -04:00
Trammell Hudson
426cd8f94f
build the linux kernel after building the initrd 2016-08-02 21:23:18 -04:00
Trammell Hudson
00559def5d
porting Makefile to use a modular build system for each package 2016-08-02 19:25:47 -04:00
Trammell Hudson
2471e15109
cleanup initrd, improve population of lib directories, remove some extra drivers, add notes on /dev 2016-07-28 00:08:33 -04:00
Trammell Hudson
364e44fcdf
working configuration files for coreboot-4.4 and linux-4.6.4, as well as with qemu 2016-07-26 15:14:07 -04:00
Trammell Hudson
4dded24fb7
build almost works 2016-07-25 13:36:15 -04:00
Trammell Hudson
a6d9902a2d
started on automated build process 2016-07-25 10:08:53 -04:00