Commit Graph

343 Commits

Author SHA1 Message Date
Trammell Hudson
300b17fa25
add dropbear ssh to qubes and moc configurations (issue #169) 2017-04-07 09:53:02 -04:00
Trammell Hudson
ac74b92157
re-enable zlib and use it in kexec (issue #170) 2017-04-07 09:51:49 -04:00
Trammell Hudson
3c07e27d73
prefix should not be empty 2017-04-07 09:51:15 -04:00
Trammell Hudson
f65136c1a2
parallel crosscompiler build (issue #168) 2017-04-07 08:59:25 -04:00
Trammell Hudson
6b0013e038
use the non-musl-libc wrapped gcc (issue #167) 2017-04-06 17:28:12 -04:00
Trammell Hudson
c76a618b1e
use our cross compiler ld (issue #166) 2017-04-06 17:02:14 -04:00
Trammell Hudson
7c8f86bc52
lvm2 builds reproducibly again (issue #166) 2017-04-06 16:44:48 -04:00
Trammell Hudson
2b55d8bcf8
use our cross compiler ar, not /usr/bin/ar (issue #166) 2017-04-06 16:22:40 -04:00
Trammell Hudson
727e2fbc56
report sha256 of stages as they are built 2017-04-06 16:06:52 -04:00
Trammell Hudson
96fe3f3f09
replaced PREFIX= with DESTDIR= to make builds reproducible (issue #166) 2017-04-06 16:01:56 -04:00
Trammell Hudson
09718fc97e
replace __FILE__ with "__FILE__" to make Xen reproducible (issue #166) 2017-04-06 15:58:51 -04:00
Trammell Hudson
ea8a55fe5b
shell syntax, not makefile syntax (issue #131) 2017-04-06 11:01:48 -04:00
Trammell Hudson
192e122719
scale the max load by the number of CPUs (issue #131) 2017-04-06 10:50:43 -04:00
Trammell Hudson
830828f2a2
enable usb storage module (issue #160) 2017-04-06 09:45:47 -04:00
Trammell Hudson
350a3564b1
move usb-storage into a kernel module (issue #160) 2017-04-05 19:20:53 -04:00
Trammell Hudson
362785b81c
gpg uses pubring.gpg instead of trustedkeys.gpg 2017-04-05 18:43:58 -04:00
Trammell Hudson
06d2f7728b
ignore tilde files 2017-04-05 18:43:18 -04:00
Trammell Hudson
9d6c5c5da8
fix gpg tty reading from /dev/console to support yubikey (issue #32) 2017-04-05 18:35:45 -04:00
Trammell Hudson
a2e51a599c
fix build to avoid libusb installed on host system 2017-04-05 18:07:50 -04:00
Trammell Hudson
a1efbb8e02
fix build to avoid libusb installed on host system 2017-04-05 18:06:42 -04:00
Trammell Hudson
71f6cf3315
hash update 2017-04-05 18:01:36 -04:00
Trammell Hudson
0da184fe01
Enable gpg with card support (issue #32) 2017-04-05 17:59:49 -04:00
Trammell Hudson
cfcf6c46d5
Purism Librem 13v1 initial configuration 2017-04-05 14:13:40 -04:00
Trammell Hudson
0019d8031c
make %.rom generic 2017-04-05 14:12:44 -04:00
Trammell Hudson
5195a74422
remove initrd unpacking, since Qubes dracut /etc/cryptab can be fixed 2017-04-05 10:30:28 -04:00
Trammell Hudson
ce766bdc58
LVM patches to compile with musl 2017-04-04 09:41:50 -04:00
Trammell Hudson
39cb4031f4
TPM disk encryption keys for Qubes.
Issue #123: This streamline Qubes startup experience by
making it possible to have a single-password decryption.

Issue #29: The disk keys in `/secret.key` are passed to the systemd
in initramfs through `/etc/crypttab`, which is generated on each boot.
This is slow; need to look at alternate ways.

Issue #110: By using LVM instead of partitions it is now
possible to find the root filesystem in a consistent way.

Issue #80: LVM is now included in the ROM.
2017-04-03 17:18:11 -04:00
Trammell Hudson
3d79f51e4a
Build lvm command line utility (issue #80)
Replace libuuid with util-linux libuuid (and libblkid,
although we are not using libblkid right now).

This also requires a much larger coreboot cbfs, which was
fixed as part of issue #154.
2017-04-03 17:13:59 -04:00
Trammell Hudson
392599b90b
have xen output the xen executable for x230-qubes (issue #84) 2017-04-03 17:13:07 -04:00
Trammell Hudson
4c413a1737
enable file locking for LVM 2017-04-03 17:11:12 -04:00
Trammell Hudson
cd584c4fad
remove unused platform modules 2017-04-03 17:10:22 -04:00
Trammell Hudson
3dcc3d4b49
load the xhci USB3 modules as well 2017-04-03 17:09:54 -04:00
Trammell Hudson
85a77cf5de
build xen for installation into x230-qubes ROM (issue #84) 2017-04-03 17:09:22 -04:00
Trammell Hudson
d335f24292
split x230 config into 4MB bootstrap image and 7MB runtime image (issue #156) 2017-04-03 14:53:29 -04:00
Trammell Hudson
e41e21084a
extend PCR 4 in a recovery to prevent disk key decryption (issue #154) 2017-04-03 10:30:03 -04:00
Trammell Hudson
174bb64957
Move Qubes startup script to /boot/boot.sh
This also adds a set of files in the qubes/ directory that
are meant to be copied to the /boot partition.

Issue #154: for ease of upgrading Qubes, the script should
live on /boot instead of in the ROM.  This requires a GPG
signature on the startup script to avoid attacks by modifying
the boot script.

Issue #123: this streamlines the boot process for Qubes, although
the disk password is still not passed in correctly to the initrd
(issue #29).

This does not address issues #110 of how to find the root device.
The best approach is probably disk labels, which will require
special installation instructions.
2017-04-02 22:21:49 -04:00
Trammell Hudson
4e71017bea
bump xen to 4.6.4 (issue #153) 2017-04-02 21:45:10 -04:00
Trammell Hudson
f99944abe5
qubes init script and improved TPM disk encryption with LUKS headers (issue #123 and #6) 2017-04-01 23:02:00 -04:00
Trammell Hudson
d06ba0a851
reset $boot_option between loops 2017-04-01 22:25:16 -04:00
Trammell Hudson
93a0d7eee2
support clean targets 2017-03-31 18:13:50 -04:00
Trammell Hudson
3225501e84
remove power related busybox tools that do not work 2017-03-31 16:00:27 -04:00
Trammell Hudson
7045d02794
move to Linux 4.9.20 (issue #149) 2017-03-31 15:59:37 -04:00
Trammell Hudson
858b48d304
use our specific strip program to ensure reproducibility (issue #148) 2017-03-31 15:26:41 -04:00
Trammell Hudson
8544c5fe6d
busybox 1.26.2 update (issue #148) 2017-03-31 14:53:01 -04:00
Trammell Hudson
2db3c33866
fix IDSDIR to make pciutils reproducible (issue #147) 2017-03-31 14:33:15 -04:00
Trammell Hudson
27e35f6ef7
cleanup initrd tmpfile and reduce recursive make calls 2017-03-31 13:28:20 -04:00
Trammell Hudson
3241499ee3
pciutils fails on first build if both install and install-lib are specified 2017-03-31 13:05:05 -04:00
Trammell Hudson
d6c553e884
typo in qemu description 2017-03-31 13:04:46 -04:00
Trammell Hudson
9322dbef2d
use default qemu config, parameterize bin_modules 2017-03-31 12:06:59 -04:00
Trammell Hudson
4141c75c8c
make kexec work with the modular build 2017-03-31 11:59:18 -04:00