Commit Graph

1315 Commits

Author SHA1 Message Date
tlaurion
497765038e
Merge pull request #657 from MrChromebox/fix-librem-hotp
libremkey-hotp-verification: toolchain adjustments
2020-01-28 17:31:45 -05:00
tlaurion
ceda2d3e3f
Merge pull request #663 from flammit/fix-gpg-tty
init: fix invalid GPG_TTY variable
2020-01-27 20:08:10 -05:00
Francis Lam
92e706bf1b init: fix invalid GPG_TTY variable
busyboy tty isn't working after the musl-cross-make change so
revert to known good value.
2020-01-25 20:45:03 -08:00
Kyle Rankin
ac71f295a0
Merge pull request #660 from MrChromebox/update-librem-blobs
blobs/librem_{kbl,skl}: update blobs
2020-01-22 15:08:28 -08:00
Matt DeVillier
a3bbdbab54
blobs/librem*: update hashes for FSP and VBT
Update hashes of coreboot images, releases repo, FSP blobs,
and VBT file. Updated VBT from coreboot 4.11 release eliminates
flickering on some 13v4/15v4 displays.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-01-22 16:59:54 -06:00
Matt DeVillier
ad2395d3db
libremkey-hotp-verification: toolchain adjustments
Pass through new toolchain path via $(CROSS) so we can set the
c/c++ compiler paths correctly for CMake. Adjust patch to use
new paths, and fix compiler/linker paths to correct a libusb linking issue.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-01-22 12:03:05 -06:00
tlaurion
6b485ed89f
Merge pull request #655 from flammit/fix-kexec-and-repro
Fix kexec and repro
2020-01-16 19:59:10 -05:00
Francis Lam
ed3602f0ba
modules: maintain reproducibility by removing rpath 2020-01-16 09:36:42 -08:00
Francis Lam
c3213e150a
initrd: update distro keys
Update distro keys to the latest with updated expiration dates
2020-01-16 09:33:41 -08:00
Francis Lam
d63d5b4508
modules: update to use full commit id
The short commit id can cause the tar archive potentially cause
the root directory in the archive to be named with the short id
causing the verification to fail
2020-01-16 09:30:48 -08:00
Francis Lam
23d0126407
kexec: update to 2.0.20
Fix issue with kexec failing to load the target kernel when
building with musl-cross-make
2020-01-16 09:30:15 -08:00
tlaurion
8e4b10922b
Merge pull request #653 from osresearch/musl-cross-make
Use musl cross make for Heads, Linux, coreboot and edk2
2020-01-15 13:15:19 -05:00
tlaurion
a5f4d7d8be
Merge pull request #652 from osresearch/lvm-segfault
lvm2: turn off buffering, which prevents segfault with new musl (#651)
2020-01-15 13:14:30 -05:00
tlaurion
a78034d017
Merge pull request #649 from osresearch/libksba-reproducibile
libksba: fix qsort handler to reproducible sort the string table
2020-01-15 12:48:33 -05:00
Trammell hudson
6962bfda10
lvm2: turn off buffering, which prevents segfault with new musl (#651)
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-01-09 13:27:09 +01:00
Trammell hudson
1e77a72f99
circleci: skip linuxboot steps for now
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-01-09 00:07:19 +01:00
Trammell hudson
31f021e5f7
circleci: enable V=1 to produce more output and avoid timing out
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-01-08 23:26:20 +01:00
Trammell hudson
97402ed32d
circleci: replace -j4 with --load 2 2020-01-08 23:10:46 +01:00
Trammell hudson
c069901f90
circleci: no tabs!
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-01-08 22:47:27 +01:00
Trammell hudson
35ddd3e065
circleci: pre-build edk2 for linuxboot
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-01-08 22:45:39 +01:00
Trammell Hudson
fed0858126
circleci: try using the osresearch/musl-cross docker image
Signed-off-by: Trammell Hudson <hudson@trmm.net>
2020-01-08 17:33:49 +01:00
Trammell Hudson
791d064397
musl-cross-make: replace all cross compilers with musl-cross-make
Signed-off-by: Trammell Hudson <hudson@trmm.net>
2020-01-08 17:08:15 +01:00
Trammell hudson
6c93a5e854
libksba: fix name of patch file
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-01-08 10:01:21 +01:00
Trammell Hudson
69f3cc46ab
libksba: fix qsort handler to sort the string table in a reproducible way
Signed-off-by: Trammell Hudson <hudson@trmm.net>
2020-01-07 19:01:59 +01:00
alex-nitrokey
f0f6e80e95
Add option to choose GnuPG userinfo during OEM reset 2020-01-02 17:29:11 +01:00
tlaurion
8af849cadc
Merge pull request #618 from osresearch/musl-cross-pin
Pin tag of musl-cross, tpmtotp and msrtools
2019-12-06 10:52:50 -05:00
Trammell hudson
027ae39abe
modules: add module_tar_opt to allow different strip options
Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-12-03 10:48:10 +01:00
tlaurion
28740017d8
Merge pull request #635 from rofl0r/musl-cross-pin
update musl-cross to 1952975
2019-12-02 23:22:40 -05:00
rofl0r
7370b75945 update musl-cross to 1952975
this should fix issues with compressed ELF header sections.
2019-12-02 23:03:14 +00:00
tlaurion
b4a647c485
Merge pull request #461 from osresearch/debug-linux
Enable verbose bootup debugging and set the early serial IO base port
2019-11-28 10:53:29 -05:00
tlaurion
81e7c1b636
Merge pull request #575 from merge/remove_keylime
initrd: remove unused keylime-init
2019-11-28 10:52:37 -05:00
tlaurion
61dd9ce2a0
Merge pull request #633 from merge/anykey_text
oem-factory-reset: Fix description for rebooting when finished
2019-11-28 10:51:43 -05:00
Martin Kepplinger
81df949632 oem-factory-reset: Fix description for rebooting when finished
As is in many cases in Heads, not any key will work, just Enter.

Signed-off-by: Martin Kepplinger <martin.kepplinger@puri.sm>
2019-11-26 18:10:39 +01:00
Kyle Rankin
bd8d1c3e3d
Merge pull request #632 from MrChromebox/password_min
oem-factory-reset: enforce 8-char min on custom password
2019-11-25 10:47:25 -08:00
Matt DeVillier
4db6fbd51a
oem-factory-reset: enforce 8-char min on custom password
Since the custom password is used to set the GPG admin
password as well as the TPM and GPG user passwords, an
8-character minimum is required. Inform the user of this,
and validate custom password length upon entry.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-25 12:44:56 -06:00
Kyle Rankin
8110b6192c
Merge pull request #628 from MrChromebox/hotp_check_boot
unseal-hotp: ensure /boot mounted before checking HOTP secret
2019-11-25 09:26:07 -08:00
Kyle Rankin
9576a427a0
Merge pull request #627 from MrChromebox/totp_error_prompt
gui-init: update TOTP error prompt
2019-11-25 09:23:21 -08:00
Kyle Rankin
ac987a2870
Merge pull request #626 from MrChromebox/librem_cfgs
Update Librem configs
2019-11-25 09:22:05 -08:00
Kyle Rankin
c55c36ba50
Merge pull request #624 from MrChromebox/purism_resync
Resync with Purism tree
2019-11-25 09:20:48 -08:00
Matt DeVillier
e8fb231bc7
config/coreboot-librem*: disable iGPU IOMMU for Linux payload
Disabling IOMMU on the iGPU for Heads (mostly) eliminates
display corruption when kexec'ing to new kernel (and has no effect
on iGPU/IOMMU for kexec'ed kernel)

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-21 15:42:51 -06:00
Matt DeVillier
0dbc748233
unseal-hotp: ensure /boot mounted before checking HOTP secret
If /boot isn't mounted, we can't read the HOTP counter, so no
point in reading from the TPM. This speeds up getting to the
main menu in the case of an inaccessible or non-existant /boot.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-18 21:52:48 -06:00
Matt DeVillier
b9fd6e2708
gui-init: update TOTP error prompt
Update text on TOTP error prompt to provide better
guidance for users following the use of the OEM
factory reset function

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-18 21:46:04 -06:00
Matt DeVillier
5d28532a0f
board/librem*.config: set default boot device to NVMe
Automatic /boot detection will fall back to /dev/sd*

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-18 21:45:01 -06:00
Matt DeVillier
858f027285
config/coreboot-librem*: drop secondary payloads
Drop coreinto/memtest secondary payloads as they are not
usable with Linux as primary payload. Leftover copy-pasta
from original SeaBIOS configs.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-18 21:43:47 -06:00
Matt DeVillier
7998e96b98
functions: check both grub/grub2 dirs for boot files
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-18 11:33:25 -06:00
Matt DeVillier
4d32b4adf8
functions: fix handling of checksum update fail
If kexec-sign-config fails due to GPG key not present,
the double die() results in a kernel panic (and if it didn't,
/boot would be left mounted RW). Fix this by removing call to
die() and ensuring /boot remounted RO regardless checksum
update success or failure.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-18 11:33:08 -06:00
Kyle Rankin
018279b2bf
Add ability to enter custom password for OEM reset
Normally we resort to default passwords for OEM reset, however we have a
use case where it would be convenient to set a custom password instead.
This patch adds a simple prompt (that defaults to the defaults if you
hit Enter) that enables someone using the OEM reset to enter a single
password that will replace the defaults (TPM, GPG Admin, GPG User).
2019-11-18 11:31:55 -06:00
Matt DeVillier
c14c09b602
flash-gui: clear boot signatures after flashing a cleaned ROM
If the user chooses to flash a "cleaned" ROM (not persisting settings
or GPG keys) then the signatures on /boot are no longer valid, so clear
them out. This allows for the OEM factory reset prompt to be shown on
the next boot.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-18 11:17:35 -06:00
Matt DeVillier
5dc9b0b457
config-gui: mount new /boot after selection
Users may wish to temporarily boot an OS from a drive other than
their primary boot drive, without changing the default and saving
to ROM. Mounting /boot after changing the device selection
facilitates this by allowing the user to then choose an unsafe boot
from the newly-selected boot drive.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-18 11:16:53 -06:00
Matt DeVillier
0599ce97af
config-gui: fix Save Config option
when commit [928f003] config-gui: add 'Full Reset' option
was added, the bottom end of the save config option was
accidentally truncated; restore it to fix save config option

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-11-18 11:16:49 -06:00