Commit Graph

166 Commits

Author SHA1 Message Date
Francis Lam
821e48446a
Updated to match latest qubes 3.2 xen 4.6.6-29 (issue #238) 2017-09-02 14:13:29 -04:00
Trammell Hudson
314ce7b350
bump Linux kernel to 4.9.38 (issue #224) 2017-07-18 14:25:15 -04:00
Trammell Hudson
7e5c9bf5f8
fix Xen reproducibility by not using figlet #207 2017-06-26 16:33:49 -04:00
Francis Lam
7f6f365afe
Reverted submodule name back to xen 2017-06-26 13:07:48 -04:00
Francis Lam
c2ec62bfcd
Changed xen submodule to track Qubes Xen
Closes #159
2017-06-23 23:01:20 -04:00
Trammell Hudson
265424b101
do not enable libkmod (issue #164) 2017-06-13 10:45:33 -04:00
Trammell Hudson
964b967c9e
Use kernel headers from our Linux kernel tree (issue #188) 2017-04-17 16:09:06 -04:00
Trammell Hudson
bf95aa1839
use 0.3.0 release of tpmtotp 2017-04-12 08:46:56 -04:00
Trammell Hudson
122bacab37
use xen.gz since we have zlib support in kexec again (issue #170) 2017-04-12 06:50:57 -04:00
Trammell Hudson
7a9ab72144
import the seal/unseal totp scripts since they are very specialized to the heads install, skip owner password if not required (issue #151) 2017-04-12 06:49:39 -04:00
Trammell Hudson
1043517371
typo in $(CROSS_TOOLS_NOCC), building xen with system ld (issue #173) 2017-04-09 16:09:17 -04:00
Trammell Hudson
132d26de05
do two make passes to avoid concurrency errors in lvm2 (issue #175) 2017-04-09 02:49:42 -04:00
Trammell Hudson
740f197487
Linux does not need the musl-libc, just the cross compiler (issue #175) 2017-04-09 02:11:18 -04:00
Trammell Hudson
a42aaa37c6
xen depends on musl-cross (issue #175) 2017-04-08 17:46:21 -04:00
Trammell Hudson
46a2ae8c2b
disable more unnecessary LVM components 2017-04-08 14:30:50 -04:00
Trammell Hudson
07eb5e9717
Define $(CROSS_TOOLS) to ensure reproducible builds (issue #173)
Each of the submodule configuration files defined a subset of the
cross compiler tools that it used and many were picking up the
system `ar`, `nm`, `strip, `ld`, etc.  They all now use a `Makefile`
macro that defines the path to the proper cross compiler tools.

For ones that need the tools, but not the musl-libc gcc,
there is $(CROSS_TOOLS_NOCC) that is all of them without gcc.
This is for musl-libc itself, as well as xen and the Linux kernel.
2017-04-08 13:23:34 -04:00
Trammell Hudson
9fb1f247ad
use cross compiler ar (issue #166) 2017-04-07 11:28:36 -04:00
Trammell Hudson
2b0b6f33c0
use cross compiler ar (issue #166) 2017-04-07 11:19:44 -04:00
Trammell Hudson
ea175466a0
use cross compiler ar (issue #166) 2017-04-07 10:57:19 -04:00
Trammell Hudson
8241f190ac
use cross compiler ar (issue #166) 2017-04-07 10:48:46 -04:00
Trammell Hudson
75117c0e5b
reconfigure submodules if their config files ever change (issue #172) 2017-04-07 10:34:57 -04:00
Trammell Hudson
300b17fa25
add dropbear ssh to qubes and moc configurations (issue #169) 2017-04-07 09:53:02 -04:00
Trammell Hudson
ac74b92157
re-enable zlib and use it in kexec (issue #170) 2017-04-07 09:51:49 -04:00
Trammell Hudson
3c07e27d73
prefix should not be empty 2017-04-07 09:51:15 -04:00
Trammell Hudson
f65136c1a2
parallel crosscompiler build (issue #168) 2017-04-07 08:59:25 -04:00
Trammell Hudson
6b0013e038
use the non-musl-libc wrapped gcc (issue #167) 2017-04-06 17:28:12 -04:00
Trammell Hudson
c76a618b1e
use our cross compiler ld (issue #166) 2017-04-06 17:02:14 -04:00
Trammell Hudson
7c8f86bc52
lvm2 builds reproducibly again (issue #166) 2017-04-06 16:44:48 -04:00
Trammell Hudson
2b55d8bcf8
use our cross compiler ar, not /usr/bin/ar (issue #166) 2017-04-06 16:22:40 -04:00
Trammell Hudson
96fe3f3f09
replaced PREFIX= with DESTDIR= to make builds reproducible (issue #166) 2017-04-06 16:01:56 -04:00
Trammell Hudson
09718fc97e
replace __FILE__ with "__FILE__" to make Xen reproducible (issue #166) 2017-04-06 15:58:51 -04:00
Trammell Hudson
350a3564b1
move usb-storage into a kernel module (issue #160) 2017-04-05 19:20:53 -04:00
Trammell Hudson
a2e51a599c
fix build to avoid libusb installed on host system 2017-04-05 18:07:50 -04:00
Trammell Hudson
a1efbb8e02
fix build to avoid libusb installed on host system 2017-04-05 18:06:42 -04:00
Trammell Hudson
71f6cf3315
hash update 2017-04-05 18:01:36 -04:00
Trammell Hudson
0da184fe01
Enable gpg with card support (issue #32) 2017-04-05 17:59:49 -04:00
Trammell Hudson
3d79f51e4a
Build lvm command line utility (issue #80)
Replace libuuid with util-linux libuuid (and libblkid,
although we are not using libblkid right now).

This also requires a much larger coreboot cbfs, which was
fixed as part of issue #154.
2017-04-03 17:13:59 -04:00
Trammell Hudson
392599b90b
have xen output the xen executable for x230-qubes (issue #84) 2017-04-03 17:13:07 -04:00
Trammell Hudson
cd584c4fad
remove unused platform modules 2017-04-03 17:10:22 -04:00
Trammell Hudson
4e71017bea
bump xen to 4.6.4 (issue #153) 2017-04-02 21:45:10 -04:00
Trammell Hudson
7045d02794
move to Linux 4.9.20 (issue #149) 2017-03-31 15:59:37 -04:00
Trammell Hudson
858b48d304
use our specific strip program to ensure reproducibility (issue #148) 2017-03-31 15:26:41 -04:00
Trammell Hudson
8544c5fe6d
busybox 1.26.2 update (issue #148) 2017-03-31 14:53:01 -04:00
Trammell Hudson
2db3c33866
fix IDSDIR to make pciutils reproducible (issue #147) 2017-03-31 14:33:15 -04:00
Trammell Hudson
3241499ee3
pciutils fails on first build if both install and install-lib are specified 2017-03-31 13:05:05 -04:00
Trammell Hudson
4141c75c8c
make kexec work with the modular build 2017-03-31 11:59:18 -04:00
Trammell Hudson
c40748aa25
Build time configuration for startup scripts and modules.
This addresses multiple issues:

* Issue #63: initrd is build fresh each time, so tracked files do not matter.
* Issue #144: build time configuration
* Issue #123: allows us to customize the startup experience
* Issue #122: manual start-xen will go away
* Issue #25: tpmtotp PCRs are updated after reading the secret
* Issue #16: insmod now meaures modules
2017-03-31 11:18:46 -04:00
Trammell Hudson
8589370708
Flash writing from userspace works (issue #17).
Reduce the size of flashrom by commenting out most flash chips,
boards and programmers.

Wrapper script to make it easier to rewrite the ROM on the x230
using the flashrom layout.

Keep the entire 12 MB ROM for flashing.
2017-03-30 17:12:22 -04:00
Trammell Hudson
9feb094701
enable flashrom and pciutils to allow the boot ROM to be re-written (issue #17) 2017-03-30 14:35:30 -04:00
Trammell Hudson
9666f52e44
bioswrite tool (beta, untested!) 2017-03-30 11:59:55 -04:00
Trammell Hudson
40c9db0416
wait until the coreboot tree is unpacked before building xgcc 2017-03-29 18:00:54 -04:00
Trammell Hudson
8f63763e53
install symlinks directly into initrd 2017-03-29 16:49:07 -04:00
Trammell Hudson
ab0476ad2f
Remove populate-lib, rework libraries and kernel module installation.
The populate-lib program was buggy on some systems and could accidentally
introduce unwanted libraries into the initrd.  The Makefile now uses the
modules' $(module_libraries) variable to select which libraries should be
installed into the initrd.

Kernel modules are now stripped and installed using a similar system.
2017-03-29 15:15:03 -04:00
Trammell Hudson
418ceaf733
make USB a module, strip debug info (issue #139) 2017-03-28 17:05:04 -04:00
Trammell Hudson
8384201e9c
Change ethernet drivers to be modules and measure them when they are loaded.
This is a step towards unifying the server and laptop config (issue #139)
and also makes it possible to later remove the USB modules from the
normal boot path.
2017-03-28 16:32:58 -04:00
Trammell Hudson
f0e42d65ab
use git tpmtotp on the moc branch for development 2017-03-27 06:41:38 -04:00
Trammell Hudson
0ddd56b3c5
bump mbedssl version to 2.4.2 2017-03-27 06:41:13 -04:00
Trammell Hudson
aa473a0dea
limit parallel make load (issue #131) 2017-03-22 11:53:08 -04:00
Trammell Hudson
9d638c8f8d
use relative outputs for musl-gcc and cross-gcc, clean up coreboot.rom (issue #62) 2017-03-22 11:52:45 -04:00
Trammell Hudson
3632c35da6
Linux kernel depends on musl-cross (issue #130) 2017-03-20 14:52:03 -04:00
Trammell Hudson
356e9307a2
parameterize number of parallel make jobs (issue #125) 2017-03-18 10:50:37 -04:00
Trammell Hudson
26b323d2ac
use /bin/echo instead of built in echo (issue #106) 2017-02-28 15:54:49 -05:00
Trammell Hudson
453317921a
fix Makefile generation in musl-cross build (issue #106) 2017-02-26 12:52:49 -05:00
Trammell Hudson
b8508ffe94
use BUILD_TIMELESS to avoid timestamps in coreboot when not in a git tree (issue #104) 2017-02-01 13:39:56 -05:00
Trammell Hudson
cc8151749e
use coreboot-4.5 release with a patch against the source tree (issue #102) 2017-02-01 11:50:52 -05:00
Trammell Hudson
8f7debc52f
bump tpmtotp version to v0.2.1 2017-02-01 11:50:02 -05:00
Trammell Hudson
fe4eab2a7e
use Linux 4.9.7 kernel (issue #103) 2017-02-01 11:47:43 -05:00
Trammell Hudson
267b355766
use v0.2.0 release of tpmtotp instead of git (issue #102) 2017-02-01 11:21:53 -05:00
Trammell Hudson
1b9f99617a
wrong path to correct strip binary (issue #100) 2017-02-01 10:25:17 -05:00
Trammell Hudson
e051915707
use musl-libc cross compiler strip (issue #100) 2017-01-31 14:57:41 -05:00
Trammell Hudson
3008bb6945
Make musl-cross a normal Heads module.
This merges pull request #99 by @blackwellops and removes
the ./bootstrap script since the musl-cross can be built as
part of the normal dependency tree.
2017-01-31 13:22:43 -05:00
Trammell Hudson
d64caac4db
silence the builds 2017-01-28 20:42:26 -05:00
Trammell Hudson
26ef81f5fb
coreboot flags to strip build paths (issue #95) 2017-01-28 20:21:47 -05:00
Trammell Hudson
1ec00592af
pass in flags to make Linux kernel reproducible (issue #94) 2017-01-28 18:38:29 -05:00
Trammell Hudson
1411dffb6a
Make modules not depend on build path (issue #1).
Use --prefix="" to ensure that no destination paths are in libraries.

Use -fdebug-prefix-map to rewrite build path so that it does not
appear in the executables.

Use -gno-record-gcc-switches to ensure that the -fdebug-prefix-map
does not appear in the executables.
2017-01-28 13:14:56 -05:00
Trammell Hudson
19cb1bcb73
use bootstrap built crossgcc 2017-01-28 13:14:48 -05:00
Trammell Hudson
8ca440b7ae
allow $(heads_cc) to contain spaces 2017-01-28 12:16:34 -05:00
Trammell Hudson
2213500000
bootstrap the musl-libc gcc cross compiler and use it to build everything except coreboot 2017-01-27 18:01:25 -05:00
Trammell Hudson
24e54a65f6
Build GNU make-4.2 if the system make is the wrong version (issue #88).
Change all of the builds to use $(MAKE) instead of the /usr/bin/make.

Download and build GNU make-4.2 if the wrong version is installed
on the system.

Re-invoke build/make-4.2/make with the target that was passed in once
the correct make has been built.
2017-01-27 18:00:50 -05:00
iseeareddoor
85dcbf6687
modules/coreboot: remove 'time' for dash compat
the 'time' builtin is a bashism whichis not supported in Debian's standard sh ('dash'), which is used implicitly here.
2017-01-23 13:35:48 -05:00
Trammell Hudson
5b3ca49a15
force kexec to build 64-bit version, otherwise xen fails to load 2017-01-05 04:29:56 -05:00
Trammell Hudson
bf914e7156
make clean before install; crosscompile failed? 2017-01-04 17:05:29 -05:00
Trammell Hudson
58ff95818e
Working build with musl-libc cross compiler (issue #77).
Pass in the --host argument to all of the various programs
that need to treat the configure scripts as cross compilation
targets.

This removes all dependencies on the host libc (issue #7)
and adds some tools to the initrd (cryptsetup #46).
2017-01-04 16:39:10 -05:00
Trammell Hudson
84064debbe
musl-libc patches to build a successfull qemu image 2017-01-04 10:31:27 -05:00
Trammell Hudson
3e5be157e9
remove the dev mapper library output; it will be detected by the populate-lib step 2017-01-04 10:30:50 -05:00
Trammell Hudson
9273e252f6
Build initrd tools with musl-libc (issue #77).
This adds compilations modules for musl-libc and kernel-headers.
The entire initrd (busybox, cryptsetup, gpgv, kexec, etc) can be built
with the much smaller libc and it appears to work with chroot.

Library paths are not set correctly and files are installed into
heads/install to make them accessible to other modules.  This prevents
the initrd from working without manual fixup; need to fix before
merging into master.

Build times have gone up since everything is being rebuilt more
often for some reason.
2016-12-29 18:23:08 -05:00
Trammell Hudson
177dede4ca
install the gpgv binary into the initrd (typo in output variable) 2016-12-29 06:44:49 -05:00
Trammell Hudson
092a395dbc
update hash for gnupg-1.4 (issue #76) 2016-12-29 06:39:32 -05:00
Trammell Hudson
065179758e
lzma is not required in kexec 2016-12-28 16:47:10 -05:00
Trammell Hudson
5fd9878d28
Download and build almost all dependencies.
As part of issue #1, we should build all libraries and programs that we
deploy into the Heads initrd.  This modifies the module configurations
for all of them to install into heads/install so that we can build
against them.

Add dmsetup, cryptsetup and veritysetup (issue #46).

Build gpgv 1.4 as a standalone tool (issue #23).

Modify populate-lib to use the install directory by setting
LD_LIBRARY_PATH (issue #35).
2016-12-28 12:45:12 -05:00
Trammell Hudson
24dd8489b4
use the mega-binary version of the tpm utilities (issue #70) 2016-12-26 10:55:43 -05:00
Trammell Hudson
a6520772dc
Update Heads to use the 4.9 Linux LTS kernel.
No patches are required to boot 4.9 as a coreboot payload,
unlike the 4.7 kernel that required a head_64.S patch.

The new kernel is about 40 KB larger than the 4.7; the
config might be shrinkable.

Close issue #61.
2016-12-12 11:01:18 -05:00
Trammell Hudson
ff5639a542
Build cryptsetup and install it into the initrd 2016-12-01 14:03:55 -05:00
Philipp Deppenwiese
5fd61f3e52
Update cryptsetup module and strip it down
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
2016-11-29 20:24:01 +01:00
Trammell Hudson
e55a6a4df4
Rework Makefile a bit.
rename TARGET to BOARD (fix #55)
use .INTERMEDIATE trick to avoid building multiple times (fix #52)
Don't touch build/*/.config if we don't have to (fix #51)
2016-11-29 11:28:05 -05:00
Trammell Hudson
4fbd6ca58b
Make coreboot building modular to support multiple boards.
This touches most of the module configurations since the
coreboot build process had to add a few new features.
The Linux kernel could make use of it as well if we need
separate x230/chell/qemu kernels, for instance.
2016-11-23 12:11:08 -05:00
Trammell Hudson
c66167b9e5
remove unused binary sealtotp/unsealtotp programs 2016-09-11 00:07:56 -04:00
Trammell Hudson
4b2064f193
improve library/binary handling in building initrd (issue #21) 2016-09-10 17:36:36 -04:00
Trammell Hudson
9a85bc22d9
use the new tpmtotp shell scripts 2016-09-09 17:24:52 -04:00
Trammell Hudson
e342aa3f18
checkout tpmtotp from github, install various tpm utilities 2016-08-19 17:25:44 -04:00