Commit Graph

147 Commits

Author SHA1 Message Date
Thierry Laurion
445ca053fb
Talos II - Have single board config
- Based on initial server board
- Uses whiptail as opposed to fbwhiptail (was slow and output fuzzy)
 - Simple fix to have dual KVM(BMC) and vga output for consoles

Reasoning for dropping fbwhiptail support is that:
- it is impossible to output framebuffer content through remote BMC console.
- A workstation board config could output to fbwhiptail for VGA and give remote recovery shell access through BMC
  - If someone shows interest for that, qemu-coreboot-tpm boards can be used as reference.
  - slowness/fuzzyness of fbwhiptail output through AST would still need to be fixed in kernel drivers. Not a priority here.

Limitation:
- Since whiptail is sent to both consoles:
 - If one console goes to recovery shell, recovery shell access invalidate TPM PCR4 measurements.
   - The other console won't be aware that TPM measurements were invalidated, and will consequently:
     - not be able to unseal TOTP if refreshed
     - not be able to unseal TPM disk unlock key on default boot
   - A reboot will fix this.
2023-03-13 14:33:03 -04:00
Jonathon Hall
4754a754dc
.circleci/config.yml: Add qemu TPM2 representative board
No other TPM2 boards exist yet, so add a qemu TPM2 board as a build
test for TPM2.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-03-13 14:26:25 -04:00
tlaurion
3ac896bb67
Merge pull request #1282 from rbreslow/rb/support-t440p 2023-02-28 15:23:16 -05:00
Rocky Breslow
1dd9c266a8
CircleCI: Make the T440p depend on Librem boards
This change will improve build times by allowing the T440p to share the
Coreboot 4.17 cache with the Librem boards. Once we update the other
ThinkPad boards to use Coreboot 4.19, we'll make the T440p depend on the
X230 again.

Co-authored-by: Thierry Laurion <insurgo@riseup.net>
2023-02-28 14:14:56 -05:00
Thierry Laurion
6300dd178a
Pass all coreboot 4.13 boards to 4.19
- Add 4.19 under modules/coreboot
- point all 4.13 boards to 4.19
- adapt x230 FHD/EDP patch under patches/coreboot-4.19/0001-x230-fhd-variant.patch (poked upstream to fix patch under https://review.coreboot.org/c/coreboot/+/28950)
- correct versioning info under .circleci/config/yml
2023-02-27 18:07:06 -05:00
Rocky Breslow
3efec15dc7
CircleCI: Install crosfirmware.sh dependencies
We need extra dependencies to support Coreboot's util/crosfirmware.sh to
extract the T440p's mrc.bin.
2023-02-25 21:28:29 -05:00
Rocky Breslow
5083ba356c
Add the T440p to CircleCI 2023-02-25 19:53:48 -05:00
Thierry Laurion
011276350b
CircleCI: change board names to reflect board name changes (legacy tagged correctly) 2023-02-09 12:51:07 -05:00
Thierry Laurion
03631a5e33
xx30: rename legacy boards names, remove coreboot config duplicates 2023-02-09 12:50:56 -05:00
tlaurion
77f8d5a4f6
Merge pull request #967 from tlaurion/x230-maximized-fhd
Add x230-maximized-fhd_edp and x230-hotp-maximized-fhd_edp boards
2023-02-09 12:24:54 -05:00
Thierry Laurion
074d19875c
CircleCI step name change : Make Board -> Make Board (FULL ORDERED BUILD LOGS HERE UNTIL JOB FAILED) 2023-01-31 19:06:33 -05:00
Thierry Laurion
2b05a6b42c
Add x230-maximized-fhd_edp and x230-hotp-maximized-fhd_edp boards
- add x230-maximized-fhd_edp and x230-hotp-maximized-fhd_edp board configs
- add/rework coreboot patch for x230 fhd variant to be applied on top of 4.13
- add coreboot config to point to x230-edp variant, fixing path to vbt file since default path is wrong under. Comment made upstream https://review.coreboot.org/c/coreboot/+/28950/22#message-4904ce82f01ba0505b391e072e4537b6a9f1a229
  - remove no gfx init and replace with libgfxinit(defonfig default), set internal display as default
- add x230-hotp-maximized-fhd_edp and x230-maximized-fhd_edp to CircleCI builds
- One single shared coreboot config between boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config and boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config
- Coreboot 4.13 patch from coreboot at patches/coreboot-4.13/0002-x230-fhd-variant.patch
- config/coreboot-x230-maximized-fhd_edp.config points to seperate coreboot config per patch (CONFIG_BOARD_LENOVO_X230_EDP)
2023-01-31 09:58:43 -05:00
Thierry Laurion
9447b17f86
CircleCI: add second layer cache for coreboot 4.17 (so buildstack is cached when other modules changes) 2022-12-14 12:07:25 -05:00
Sergii Dmytruk
fe9d80c6a7
CircleCI: build Talos 2 boards
This also involves splitting workspaces based on target architecture to
avoid severely degrading performance of CI.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-31 00:21:28 +03:00
Sergii Dmytruk
2a44e5e7ee
Incorporate architecture into directory layout
* build/ -> build/<arch>/
 * crossgcc/ -> crossgcc/<arch>/
 * install/ -> install/<arch>/
 * packages/ -> packages/<arch>/

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-25 20:55:39 +03:00
Thierry Laurion
9f75fa2362
.circleci/config.yml: Add Makefile as part of measured files for cache downloads
Global Makefile is the most effective modifier of builds.
As soon as the global Makefile change, so should not be reused caches having measured a different Makefile
2022-08-16 17:33:41 -04:00
Thierry Laurion
af26a7ef0c
CircleCI: Remove coreboot 4.11 builds
Coreboot 4.11 boards are not properly building as of now.
coreboot.pre fails to depend on .car.data because of a race condition that can only be mitigated by single threading CPUS=

This is unrelated to other changes.
KGPE-D16 will soon enough depend on dasharo coreboot and be ported upstream later on.
2022-06-22 16:30:05 -04:00
Thierry Laurion
7327f3524e
CircleCI : add x230-maximized_usb-kb board
Testing points:
- x230-hotp-maximized: USB keyboard is not working (confirmed)
- x230-hotp-maximized_usb-kb: USB keyboard is working (confirmed)
2022-04-05 14:36:53 -04:00
Thierry Laurion
f6d049b3c0
CircleCI cache: have all cache layers caching packages directory
Heads buildstystem:

    Makefile logic will download modules packages under ./packages, check itheir integrity, then extract it and patch extraction directory ONLY if no corresponding .*_verify files are found under ./packages directory. They are extracted under build/modulename-ver/ where patches are applied prior of building them.
    build/module* .configured is written when packages are configured under build/modulename-ver/.configured
    build/modules* .build is written when packages are built under build/modulename-ver/.build

CircleCI caching subsystem notes:

    A cache name tag is calculated in the prep_env stage early at each beginning of a workflow, and consists of a cache name, appended by a calculated digest signature (which is the final hash of hashed files (the hash of a digest).
        Look for the following under .circleci/config.yml:
            "Creating .... digest statements" : they are basically files passed under sha256sum to create a digest.
            restore_cache keys: they are basically a string concatenating: name + checksum of digest + CACHE_VERSION. Only the first cache is extracted following declared order.
            save_cache keys: same as above, only saving non-existing caches. That is, skipping existing ones and creating missing ones.
    A cache is extracted at the beginning of a workflow if an archive matches an archive name, which consists of a name tag + digest hash + CACHE_VERSION
    A cache is created only at the end of a workflow ("Saving cache...").
        Caches are specialized. Caches are linked to checkumming of some content. And the largest available cache is extracted on next workflow, only extracting the directories/files that were contained in that cache.
    A workspace cache ("Attaching workspace..."), as opposed to a end workflow cache, is passed along steps that depends on prior workflow, as specified under CirclecI config. The current CircleCI config creates a workspace cache for:
        make + gawk + musl-cross-make (passed along next)
        the most massive board config for each coreboot version (passed along next)
        which is finally leading to the workflow cache, specialized for different content that should not change across builds.
            That is 3 caches
                musl-cross-make and bootstrapping tools (builds make and gawk locally) as long as musl-cross module has same checksum
                a coreboot cache, containing all coreboot building directories, as long as coreboot module and patches are having the same hashes
                a global cache containing alla builds artifacts (build dir, install dir, musl-cross dir etc)
    Consequently, a workspace cache contains all the files under a path that is specified. For heads running under CircleCI, this is ~/project, which is basically "heads" checked out GitHub project, and everything being built under it.
    When a workflow is successful, save_cache is ran, constructing caches for digest hashes that are not yet saved (which corresponds to a hash matching muslc-cross module hash, coreboot+patches digest hash and another one for all modules and patches digest hash.
    On next workspace iteration, pre_env step will include a "Restore cache" step, which will use the largest cache available and extract it prior of passing it as workspace caches. This is why there is no such different in build time when building on a clean build (the workspace caches layers are smaller, and passed along. This means saving it, passing it. next workspace downloads extracts and builds on top of those smaller layers), as opposed to a workspace reusing and repassing the bigger workspaces containing the whole cache (bigger initial cache extract, then compressing and saving it to be passed as a workspace layer that is then downloaded, extracted, building on top, compressing and saving which then passed as a workspace cache to the next layer depending on it).
    And finally, the caching system (save_cache, restore_cache) is based on a CircleCI environment variable named CACHE_VERSION which is appended at the end of the checkum fingerprint of a named cache. It can at any moment be changed to wipe actually used cache, if for some reason it is broken.

Consequently:

    CircleCI cache should include packages cache (so that packages are downloaded and verified only once.)
    Heads Makefile only downloads, checks and extracts packages and then patch extracted directory content if packages/.module-version_verify doesn't exist. This was missing, causing coreboot tarballs to be redownloaded (not present under packages) and reextracted and repatched (since _verify file was not present under packages/*_verify)
2022-04-02 14:57:54 -04:00
Thierry Laurion
a3b058ded9 CircleCI: readd forgotten x230-maximized board 2022-02-21 11:04:02 -05:00
Thierry Laurion
f9d143d77a Retry CircleCI for 4.11 on Debian 11 docker
- Add kgpe-d16 patch to remove HID for PCI devices (successful build on top of #1101 and #1012 per https://app.circleci.com/pipelines/github/tlaurion/heads/937/workflows/de49bea0-3f58-4a91-8891-87622f5a0eed)
- CircleCI modified to build for coreboot 4.11 kgpe-d16_workstation on top of 4.15 passed workspace
- CircleCI modified so that we still archive all the logs in artifacts for the current build even if failing. We now exit 1 after having archived all the log files under build/
- Add xx30 vbios extract scripts to test. Expecting musl-cross target to fail since make and gawk aren't built
- CircleCI: gawk was not installed in apt statements under Debian. Installing
- Makefile: seperate and fix local make and gawk building pror of using. Otherwise, impossible to build musl-cross target seperatly.
  - Also give some debugging info at start of Heads builds to tell which local gawk and make are used, also telling which make call will be propagated in the rest of the builds
  - Fix gawk version checking, reporting bad version even if 4.2.1 as expected on debian-10 (debian-10 OS deploys gawk and make in version 4.2.1)
- CircleCI: Changing musl-cross taget to bootstrap (gawk+make) and musl-cross-make (bootstrap_musl-cross-make) for clarity
2022-02-08 13:58:14 -05:00
Thierry Laurion
4b260071c3 Retry CircleCI for 4.11 on Debian 10 docker
- Add kgpe-d16 patch to remove HID for PCI devices (successful build on top of #1101 and #1012 per https://app.circleci.com/pipelines/github/tlaurion/heads/937/workflows/de49bea0-3f58-4a91-8891-87622f5a0eed)
- CircleCI modified to build for coreboot 4.11 kgpe-d16_workstation on top of 4.15 passed workspace
- CircleCI modified so that we still archive all the logs in artifacts for the current build even if failing. We now exit 1 after having archived all the log files under build/
2022-02-03 15:04:09 -05:00
eganonoa
a1f86fa3aa Fixing config.yaml file path 2021-12-28 11:10:58 -05:00
Matt DeVillier
f0f4677112 circleci: add Librem boards as coreboot 4.15 build targets
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-12-20 22:13:36 -05:00
Thierry Laurion
415a08a732 board additions: w530, t530, t520 (hotp-maximized and maximized flavors only)
-CircleCI addition.
-Removal of t530-flash, w530-flash boards, flash scripts and associated coreboot configs (no more legacy boards additions)

This is a merger of #1071, #1072 and #1073 so that test builds are available over CircleCI until osresearch/master CircleCI gets unlocked.
2021-12-06 19:52:25 -05:00
Thierry Laurion
e492786d0a CircleCI: fix #1058 and partly #984
CircleCI: We currently drop coreboot 4.11 builds.
- There is a file missing in the builds. Not sure why/how this is happening
src/soc/intel/fsp_broadwell_de/romstage/romstage.c:41:10: fatal error: build.h: No such file or directory
Example:https://app.circleci.com/pipelines/github/tlaurion/heads/877/workflows/7d0248d2-459c-42ad-b741-8fd56a75d527/jobs/2487
- kgpe-d16_workstation building for all GPUs is unfortunately taking too much time to build (40 minutes).
- Not sure why, but it seems that the kernel build paralellization is not working for 4.11 while it works for 4.13
Makefile: Uncomment MAKE_JOBS which passes the number of jobs to numbers cores by default and --max-load of 16
CircleCI: Remove CPUS statement to use Makefile default
modules/newt: force build with one make job, otherwise there is a race condition in module which fails randomly expecting build modules. (TODO: FIX)

Interestingly, building all coreboot 4.13 boards is happening on a clean commit just above 1h limit.

More details:
- CircleCI changed job build time to a maximum of 1h each.
- CircleCI now permits parallelization of 30 jobs
- 6000 build minutes a month.
- Still waiting for osresearch/heads CircleCI project to be unlocked (currently not recognized as open source project?!)
2021-12-04 15:51:53 -05:00
Thierry Laurion
ee5073ebe8 CircleCI: add large ressource class for free tier as defined under https://support.circleci.com/hc/en-us/articles/4410707277083-Context-deadline-exceeded-after-1-hour-Build-timed-out-Free-tier-only-
Readd https://github.com/osresearch/heads/pull/984 without cache
Add kgpe-d16 musl-cross target prior of having kgpe-d16 depend on musl-cross target (To try to have musl-cross step successfull under 1h CircleCI new limit)
CircleCI: add a subcommand that can follow a target (to build musl-cross-make now and coreboot version specific musl-cross later)
Output of hashes is now optional
29/11/2021 CircleCI public information available states parallelization of up to 30 jobs at a time. Let's play
- We first build heads musl-cross-make and persist (passing musl-cross-make into next job)
- We then build per coreboot version board with coreboot make statement only and persist (passing musl-cross-make + coreboot's musl-cross buildstack)
- We then build per coreboot version board (reusing past build musl-cross-make and coreboot's version musl-cross buildstack)
Remove 4.11 boards for the moment to test only build time and parallelization
2021-12-04 15:51:53 -05:00
Thierry Laurion
22f2288331 xx30 blobs: use me_cleaner.py locally downloaded
- me_cleaner downloaded from 43612a630c/me_cleaner.py
- placed under xx30 blobs dir
- CircleCI uses it locally without downloading it everytime (me_cleaner hasn<t changed since 2018)
2021-12-04 15:51:53 -05:00
Thierry Laurion
40babfeaf4 t430-hotp-verification: addition of t430 counterpart of non-maximized x230-hotp-verification board 2021-12-04 15:51:53 -05:00
Thierry Laurion
8d805e8d8f CircleCI: build only for coreboot 4.13 and coreboot 4.11 boards. (TODO: change when 4.13 boards bumped to 4.14) 2021-12-04 15:51:53 -05:00
Thierry Laurion
7c576e2706 CircleCI: base all coreboot 4.13 boards on hotp-maximized to try to free more building time. 2021-12-04 15:51:53 -05:00
Thierry Laurion
41847f5cd2 move all other boards (but KGPE-D16) to coreboot 4.13
- xx30 legacy boards (x230, x230-flash, t430, t430-flash) now rely also on coreboot 4.13
  - DOWNSIDE: x230 and t430 legacy boards now rely on WHIPTAIL (NOT FBWhiptail) to have enough space to fit under 7mb)
- xx20 boards moved to 4.13 (no need of xx20-flash boards here since single SPI boards with 7.5mb useable since blobs scripts are required)
  - DOWNSIDE: all xx20 boards now have dropbear deactivated, while still having ethernet driver in.
- qemu-coreboot and qemu-coreboot-fbwhiptail switched to coreboot 4.13 WITHOUT TPM SUPPORT (with cryptsetup 2.x support)
  - DOWNSIDE:
    - coreboot-qemu board CBFS_SIZE=0x700000 -> 0x750000
    - coreboot-qemu-fbwhiptail CBFS_SIZE=0x750000 -> 0x780000
- CircleCi build recipe removes 4.8.1 boards altogether
  - KGPE-D16 workstation is used as new base build to save workspace layer (we removed one workspace layer)
  - Removing one workspace layer will save approx 2 hours of build time on fresh builds
  - Removing one coreboot version will save us approx 2 hours of build time on fresh builds
  - KGPE-D16 will stay to coreboot 4.11 until forward notice.
  - All other board configs SHOULD be built on latest coreboot versions
2021-12-04 15:51:53 -05:00
Matt DeVillier
e6dbfab3c2 board/librem_{mini,mini_v2}: Migrate from coreboot 4.13 to 4.14
- adjust board configs
- move/rename coreboot patch
- adjust comment in CI config

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2021-10-15 15:11:39 -04:00
Thierry Laurion
214703f92d
CircleCI: passing CPUS=24 to CPUS=16 to try to fix latest problems linked to master not building and https://github.com/osresearch/heads/pull/977 2021-04-27 22:53:31 +01:00
Thomas Clarke
eb29056461
CircleCI: Overhaul with parallelisation and parameters for a cleaner config.
* Bump CircleCI config version to 2.1.
* Use commands and parameters to get rid of repeated commands. New boards can be added with just 5 lines at the bottom of the config.
* Made use of some parallelisation. Currently a single board from each Coreboot version is built. Afterwards all remaining boards are built in parallel.
2021-02-24 19:54:54 +00:00
Thierry Laurion
815a7ef245
x230-nkstorecli PoC board removal, both in tree and in CI (board builds fails. fits in maximized boards.) 2021-02-04 22:13:43 -05:00
tlaurion
b310fc943e
Circle ci optimization build time (#972)
* CircleCI: pass CPUS=4 to CPUS=24
2021-02-04 11:59:53 -05:00
Thierry Laurion
62a90ed3be
CircleCI: Add coreboot+musl-cross cache
The idea here is a cache to restore from (musl-cross from coreboot version bound crosscomipler, from which coreboot is built)

1- Reuse existing cache for all modules and patches created digest's hash past build matching cache.
(If a single module or patch changes, we have cache miss.)
2- Reuse existing coreboot and musl-cross-make created digest's hash past build's matching cache
(If a patch was added to current coreboot, or new coreboot version was added in coreboot module definition, we have a cache miss.)
3- Reuse existing musl-cross-make created digest's hash past build matching cache
(If musl-cross-make module didn't change, we don't rebuild it.)

Per https://github.com/osresearch/heads/pull/947#issuecomment-753507412 proposition
2021-01-03 21:14:44 -05:00
Thierry Laurion
2da03d2ef0
CircleCI: seperate build error from details for KGPE-D16 (par to other boards) 2020-12-27 17:33:57 -05:00
Thierry Laurion
16488fb21a
xx20 boards: add xx20-hotp-maximized boards, remove hotp support from xx20-boards. Modify CircleCI conf accordingly. 2020-12-12 12:44:06 -05:00
Tom Hiller
75e11cbb8d circleci: add xx20 maximized builds 2020-12-03 13:13:47 -05:00
tlaurion
1661e5dcb0
Merge pull request #867 from Tonux599/kgpe-d16_411_measured-boot
KGPE-D16 Coreboot 4.11 + Measured Boot
2020-12-02 18:23:55 -05:00
tlaurion
36c04f19e4
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703)
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.

* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)

* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin. 
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.

* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 17:01:44 -05:00
Thierry Laurion
bac1d54bde
Activate dual console by default and restructure board config
Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC

Adding dual console to OpenBmc and tty0

putting kgpe-d16-coreboot.conf in defconfig format

NO_HZ wasn't included in kernel config. Adding it.

Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation

Removing serial configuration and static IP stuff since we have a workstation here.

Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then.

Placing files in good directories

Corrrect flashrom options for kgpe-d16 server and workstation boards

kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ

kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server

kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH.

kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation)

kgpe-d16_workstation in defconfig format

kgpe-d16 boards: pass from GPG to GPG2 board definitions

kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode

kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output

kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging

kgpe-d16 : expressively export CONFIG_TPM=n

kgpe-d16_wokstation gui-init variables were missing

kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized

linux-kgpe-d16*: add support for Pike

kgpe-d16_workstation-usb_keyboard board support addition

kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based

GitlabCI: kgpe-d16 fixes and upstream merge of change

kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment

kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file

KGPE-D16: community work migration to coreboot 4.11 to fix issue #740

KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per https://github.com/osresearch/heads/pull/709

kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637

KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637

kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch

kgpe-d16 boards: add Linux kernel version where missing.

CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master

coreboot module: typo correction (tabs vs spaces)

CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds

CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large"

CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support

At this stage:
- job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32)
- "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node

CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console.

coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM)

coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram.

CircleCI & coreboot config: fix merge conflict rebasing on master

coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599

Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for #867
2020-12-02 15:56:34 +00:00
Matt DeVillier
7ee4a11d1b Add new board: Purism Librem Mini v2
Add board config, coreboot config, Circle CI entry.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-11-19 15:39:44 -05:00
Thierry Laurion
9395f91d02 CircleCI seperation of main failed error and detailed logs of last minute + qemu-coreboot-fbwhiptail board addition 2020-11-03 14:26:47 -05:00
tlaurion
e3519f2ecd
WiP: gpg2 2.21 LTS upgrade (gnupg toolstack) (#860)
* gpg2: change gpg2 toolstack to gpg2 2.21 LTS
* remove additional gpg2 unneeded configure options across gpg2 toolstack dependencies
2020-10-26 10:19:57 -04:00
MrChromebox
b71f3757c1
modules/linux: add support for building with kernel 5.4.69 (#854)
* modules/linux: add support for building with kernel 5.4.69

Add support to module, port patches from 4.19.139.
Needed for newer platforms not supported by 4.19 kernel.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* CircleCI: add rysnc dependency for building kernel 5.x

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* Migrate all Librem boards to kernel 5.x, common config

Update linux-librem_common.config from 4.x to 5.x, and add
CONFIG items needed to support the librem_l1um (AST DRM drivers,
serial port output).

Tested on Librem 13v4, Librem Mini, and Librem Server L1UM.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-25 01:26:08 -04:00
Markus Meissner
09ca500d3e
add x230-nkstorecli board config (#817)
* add x230-nkstorecli board; 
* add modules: nkstorecli, libnk, libhidapi-libusb
* version bump nkstorecli; related minor in libnk
* upd. libnk module version bump to 3.6; remove 3.5 patch
2020-10-19 10:47:22 -04:00
MrChromebox
85d7e29d18
Add new board: Purism Librem Server L1UM (#858)
* modules/coreboot: add option to use coreboot 4.11

Port patches from coreboot 4.8.1 to 4.11:
* 0000-measure-boot -> 0001
* 0010-cross-compiler-support

All other patches for coreboot 4.8.1 have either already been
integrated, or are for platforms which do not need to be migrated
to coreboot 4.11 (they will move to 4.12 or newer).

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: Add Broadwell-DE platform patch

Add a patch for FSP Broadwell-DE to make use of Heads' measured boot.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: Add patch to read serial # from CBFS

Will be used by multiple Librem boards.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: add board support for Librem Server L1UM

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* Librem Server L1UM: add new board

Add board config, coreboot config, kernel config files.
Add conditional purism-blobs dependency to coreboot-4.11 module.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* flash.sh: add special handling for librem_l1um board

Add support for persisting PCIe config via PCHSTRP9 in flash descriptor.
This is needed to support multiple variants of the L1UM server which
use the same firmware but differ in PCIe lane configuration via the
PCH straps configuration in the flash descriptor.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: Add 'Use PRIxPTR to print uintptr_t' patch

Cherry-picked from upstream coreboot (post-4.11), fixes compilation issue.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* CircleCI: add target to build board librem_l1um

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-18 14:48:25 -04:00
tlaurion
b80899f36c
musl-cross: remove old patch artifact of the musl-cross era (#849)
* musl-cross: remove old patch artifact of the musl-cross era

* CircleCI: do not produce hash digest for musl-cross-make patches (artifact was for musl-cross, not musl-cross-make)
2020-10-16 15:26:59 -04:00
MrChromebox
afa6753a30
librem_mini-NoTPM: drop '-noTPM' suffix (#843)
There's only one Librem Mini board, it doesn't use a TPM,
no reason to unnecesarily lengthen the board name.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-09-30 16:13:15 -04:00
Thierry Laurion
e3c81a94f8
CircleCI: changing order of build boards, since we want to test coreboot 4.12 built boards currently failing for lack of memory in other builds (make error 137). 2020-09-25 16:00:07 -04:00
Thierry Laurion
c47425709f
CircleCI: we pass CPUS=2 to CPUS=4 since the logic calculation for threads/memory is 1/1024Mb, CircleCI supposedly reserving 4Gb for medium (free). Build time will increase, unfortunately, when compared to nproc returning 32 cores. 2020-09-25 15:56:27 -04:00
Thierry Laurion
c74564086c
Buildsystem: permit to pass CPUS=X to make to force a number of CPUS to be used if desired, else the default is detected in Makefile and pushed to submodules. If nothing specified, uses nproc and pass it to submodules. CircleCI forced to CPUS=2 2020-09-25 15:52:31 -04:00
tlaurion
53c74fa02a
CircleCI: readd librem_mini (#832)
* CircleCI: readd librem_mini while making sure that if a board build fails, all logfile modified in the last minute are outputted on the CircleCI console prior to really failing and exiting

* librem_mini-NoTPM: addition of board config, distinctive coreboot config (required per Heads build system) to construct a ROM without TPM requirement.

* librem_mini: deletion of board and coreboot relative config, keeping librem_mini-NoTPM and coreboot config only. Removed librem_mini board build under CircleCI, keeping only librem_mini-NoTPM
2020-09-15 10:51:37 -04:00
tlaurion
b2c49e8742
CircleCI: removing librem_mini board under CircleCI (#825)
Coreboot 4.12, on which the librem_mini depends, doesn't build under debian:10 docker image as of right now.
	It was building over debian:bullseye (where 4.8.1 boards didn't) which constructed a valid cache that
	was reused when building #806 (https://app.circleci.com/pipelines/github/tlaurion/heads/364/workflows/df9bad8d-8ff1-40da-b8d8-1b87a05be509/jobs/392)
Consequently, more troubleshooting would need to be done under local debian:10 docker image.
2020-09-03 22:02:16 -04:00
tlaurion
8067efc9ae
CircleCI: bring recent failing logs on CI output (#822) 2020-09-02 14:42:55 -04:00
MrChromebox
268fb90623
Add new board: Purism Librem Mini (#806)
* patches/coreboot-4.12: Add patch for Cannonlake ME status

Add patch print ME status regardless of enablement state

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules: add purism-blobs module

Rather than require users to manually run a script to download the required
blobs to build Purism Librem boards, automate it so the correct version
is automatically downloaded/extracted. Restrict to coreboot 4.12 for now
since 4.8.1 still needs FSP blobs, which are not in module.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* configs/linux-librem13v2: unset CONFIG_RETPOLINE

Fixes compilation issue with newer kernels, ignored by older ones
which don't need it

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* Add new board: Librem Mini

Add Librem Mini board patch for coreboot 4.12, board config and
coreboot config. Continue reusing existing librem13v2 Linux config,
same as all other Librem boards currently. Use new purism-blobs module.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* board/librem*: rename for consistency

Use 'librem_<board>' notation for consistency across all models.
Rename linux config file since used by multiple Librem models.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* CircleCI: add librem_mini board to test

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-09-02 14:39:37 -04:00
tlaurion
b14e564ac9
Fix CircleCI build problems (#808)
* CircleCI: debian:10 docker based. Give possitility to override CACHE_VERSION through CircleCI when needed
* Makefile: fix #799 with implementation of @osresearch's recommended https://github.com/osresearch/heads/issues/799#issuecomment-673059028
* modules/coreboot : indentation fix and putting version hashes together to facilitate future maintainership.
2020-08-20 15:15:46 -04:00
tlaurion
c6a82a2464
CircleCI: mitigate issue #799 (#800) 2020-08-12 15:07:54 -04:00
tlaurion
63b400c73f
CircleCI : specialized caches (#798)
CircleCI: two cache save/restore mechanisms. One bound to musl-cross+patches, one for modules + patches.

* Replacing the generic cache bound to CircleCI user to have two caches levels. One for musl-cross and its patchsets, one for all modules and their patchset being the same. So if modules changed, we use the cache for musl-cross as a fallback to economize one hour of precious build time out of two, while most of Heads changes are on the scripts and can be built on top of packages+patches cache
2020-08-11 16:38:26 -04:00
tlaurion
53071ce183
CircleCI: fix typos (save_cache and restore_cache not identical) 2020-06-08 09:42:01 -04:00
tlaurion
7941dac328
CIs: Replace cache fingerprints so cache is reusable between builds (fix save_cache) 2020-06-07 21:55:45 -04:00
Thierry Laurion
11a0fdc061
CIs: Replace cache fingerprint with username of the user launching the build to make it reusable between PRs 2020-06-07 16:39:38 -04:00
Thierry Laurion
dcbeb26e03
CIs: move qemu-coreboot to be built last, add t430 and t430-flash boards to CIs 2020-06-06 12:35:13 -04:00
Thierry Laurion
7600ce4bff
GitlabCI: restrict cache, store cleaned build artifacts for x230* and qemu-coreboot 2020-05-24 22:16:19 -04:00
Thierry Laurion
d5083f410c
x230-hotp-verification: Add x230-hotp-verification board to have a HOTP supported remote attestation for Nitrokey Pro 2, Nitrokey Storage 2 and Librem Key 2020-05-21 18:06:19 -04:00
Thierry Laurion
040e358b2d
CIs: pass CircleCI to debian:bullseye docker image, provide logs.tar.gz and cpios to facilitate debugging of reproducibility issues 2020-05-04 14:55:36 -04:00
Trammell hudson
1e77a72f99
circleci: skip linuxboot steps for now
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-01-09 00:07:19 +01:00
Trammell hudson
31f021e5f7
circleci: enable V=1 to produce more output and avoid timing out
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-01-08 23:26:20 +01:00
Trammell hudson
97402ed32d
circleci: replace -j4 with --load 2 2020-01-08 23:10:46 +01:00
Trammell hudson
c069901f90
circleci: no tabs!
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-01-08 22:47:27 +01:00
Trammell hudson
35ddd3e065
circleci: pre-build edk2 for linuxboot
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-01-08 22:45:39 +01:00
Trammell Hudson
fed0858126
circleci: try using the osresearch/musl-cross docker image
Signed-off-by: Trammell Hudson <hudson@trmm.net>
2020-01-08 17:33:49 +01:00
Trammell hudson
6183d58ecc
fix config spacing and path to xgcc 2018-09-18 16:04:28 -04:00
Trammell hudson
9ab033aa06
use externally built coreboot compilers 2018-09-18 15:59:48 -04:00
Trammell hudson
866358d5c7
rollback to 16.04? 2018-09-18 15:12:41 -04:00
Trammell hudson
fdb8268fc9
remove coreboot-gcc target (it will be built anyway) and add x230 2018-09-18 13:07:14 -04:00
Trammell hudson
eafe001097
fix yaml 2018-09-18 12:09:16 -04:00
Trammell hudson
7a39cc78f4
create hashes and store them in the circleci artifacts 2018-09-18 12:08:16 -04:00
Trammell hudson
553964157b
use a smaller image, maybe we will not run out of space 2018-09-18 10:43:36 -04:00
Trammell hudson
d3bf7aab64
does tput cause the problem with circleci? 2018-09-18 09:59:09 -04:00
Trammell hudson
606600586c
coreboot-gcc target 2018-09-18 09:27:18 -04:00
Trammell hudson
e03f375bfd
use osresearch/heads-builder docker image with pre-built compilers 2018-09-18 07:14:39 -04:00
Trammell hudson
5555e9e8ac
circleci needs to use the new 4.2.1 make 2018-09-18 06:55:16 -04:00
Trammell hudson
bec3335cf6
verbose builds to avoid quiet timeouts 2018-09-16 17:56:17 -04:00
Trammell hudson
e3ac9b59f3
ensure there is output from the musl-cross bild 2018-09-15 07:11:12 -04:00
Trammell hudson
f96cceb621
do dependencies before checkout 2018-09-15 06:56:42 -04:00
Trammell hudson
081cda2dd4
bootstrap and parallelize build 2018-09-15 06:53:34 -04:00
Trammell hudson
cdd061e063
switch back to 16.04 just to avoid make-4.2 error 2018-09-15 05:59:28 -04:00
Trammell hudson
607381fec2
try apt-update before apt-install 2018-09-15 05:58:00 -04:00
Trammell hudson
b826e4c705
tweak yaml 2018-09-15 05:56:58 -04:00
Trammell hudson
265ed9d043
checkout dependencies 2018-09-15 05:52:38 -04:00
Trammell hudson
96ea6b69ba
try ubuntu 18.04 build 2018-09-15 05:49:32 -04:00
Trammell hudson
32cd59d4f6
try ubuntu 18.04 build 2018-09-15 05:48:03 -04:00
Trammell hudson
2e1dd82992
try enabling circleci builder 2018-09-15 05:42:42 -04:00