ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 04:57:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
409 Commits 27 Branches 6 Tags 21 MiB
28628d54f2
Commit Graph

409 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Francis Lam
28628d54f2
Update qubes xen version for QSB 37 
For Qubes 3.2: version 4.6.6-36
For Qubes 4.0: version 4.8.2-12
 2018-01-26 09:30:06 -08:00
Francis Lam
bd38a9cd58
Update to coreboot 4.7 2018-01-26 09:30:06 -08:00
Francis Lam
21004fbb77
Backport patch to build coreboot 4.6 with GCC 7 
Resolves pointer and integer comparison while building crossgcc
 2018-01-26 09:30:06 -08:00
Trammell hudson
4310bd4743
force cross_compile=yes for gnupg (issue #299) 2018-01-20 16:56:53 -05:00
Trammell hudson
5daeb025f2
fix path for MPC (issue #299) 2018-01-20 13:28:02 -05:00
Trammell hudson
83816d2b2d
Merge branch 'pr-295' 2018-01-02 17:15:16 -05:00
Francis Lam
6898b84b28
Use HTTPS URL for flashrom 2018-01-02 08:53:23 -08:00
Trammell hudson
5dcbc44d39
Merge branch 'pr289': QSB 34, 35, 36 and coreboot 4.6 updates #289 2017-12-10 20:59:29 -05:00
Francis Lam
5f9567c390
Fix coreboot GCC7 build issue 
This is fixed in coreboot master but backporting for Heads.

Closes #241
 2017-12-02 15:14:42 -05:00
Francis Lam
61f6973c5c
Merge branch 'coreboot-4.6' 2017-12-02 14:54:48 -05:00
Francis Lam
491fe083fa
Update qubes xen version for QSB 36 
For Qubes 3.2: version 4.6.6-35
For Qubes 4.0: version 4.8.2-11
 2017-12-02 14:47:52 -05:00
Francis Lam
8d34bcc6bc
Update qubes xen version for QSB 34 and QSB 35 
For Qubes 3.2: version 4.6.6-34
For Qubes 4.0: version 4.8.2-9
 2017-10-28 15:12:39 -04:00
Francis Lam
87251fd1b1
Changed to coreboot patch to not measure relocated modules 2017-10-10 16:27:16 -04:00
Francis Lam
1a34bd9d6f
Updated to coreboot 4.6 
Also changed x220 and purism configs to use generic boot
 2017-10-10 16:27:16 -04:00
Trammell hudson
32ebb70e76
Merge branch 'jgrip-x220' PR #235 2017-10-09 18:18:29 -04:00
Trammell hudson
5ebe5a119a
Merge branch 'x220' of https://github.com/jgrip/heads into jgrip-x220 2017-10-09 18:16:45 -04:00
Trammell hudson
076e246549
Merge branch 'qubes-4.0' PR #210 2017-10-09 18:14:01 -04:00
Trammell hudson
645c7656fa
Merge branch 'qubes-4.0' of https://github.com/flammit/heads into qubes-4.0 2017-10-09 18:12:33 -04:00
Trammell hudson
48175f7528
Merge branch 'generic-boot-cleanup' PR #230 2017-10-09 18:08:05 -04:00
Francis Lam
41f49237c6
Added configurable xen version for Qubes 4 support 
also addresses issue #238
 2017-09-13 22:10:46 -04:00
Francis Lam
ec1a54c6b6
Updated to match latest qubes 3.2 xen 4.6.6-30 (issue #238) 2017-09-13 21:14:13 -04:00
Francis Lam
821e48446a
Updated to match latest qubes 3.2 xen 4.6.6-29 (issue #238) 2017-09-02 14:13:29 -04:00
Francis Lam
472ffd35c0
Moved kernel command line parameters to config 2017-09-02 14:13:29 -04:00
Francis Lam
7cec25542d
Allow boot without unseal of TPM LUKS key 
Closes issue #226

Also changed to procedure to show LVM volume groups and block
device ids to aid in choosing the right combination during the
TPM LUKS key sealing process.
 2017-09-02 14:13:29 -04:00
Francis Lam
26b2d49897
Allow TPM LUKS key to be set during default selection 
Closes #222
 2017-09-02 14:13:29 -04:00
Francis Lam
0897a20b84
Ensure recovery for failed default boot 
Should close #223

Added reboot and poweroff scripts using /proc/sysrq-trigger

Also cleaned up the boot loop in generic-init
 2017-09-02 14:13:29 -04:00
Francis Lam
e8f3d206c5
Strip invalid leading/trailing '/' from script params 2017-09-02 14:13:29 -04:00
Johan Grip
6f48c14d0c Update X220 to do generic image instead of qubes. 
Also added a script to extract the necessary blobs from a bios
dump image.
 2017-08-04 22:48:27 +02:00
Trammell Hudson
9d9af31e58
fix typo and format with markdown (issue #206) 2017-07-27 06:26:04 -04:00
Trammell Hudson
314ce7b350
bump Linux kernel to 4.9.38 (issue #224) 2017-07-18 14:25:15 -04:00
Trammell Hudson
fcc99eca93
include version number in verify target (issue #228) 2017-07-18 14:03:43 -04:00
Trammell Hudson
b550a7f967
rework startup scripts to combine totp prompt with boot mode selection (issue #221) 2017-07-18 13:44:02 -04:00
Trammell Hudson
3e48f1c5e8
tweaks to make qemu run through the /bin/generic-init process 2017-07-18 13:42:19 -04:00
Trammell Hudson
36e3172c8e
disable i915 for now, since it causes screen glitches in Xen/Qubes (issue #219) 2017-07-18 13:32:57 -04:00
Trammell Hudson
3c8adf2cf1
remove no longer required vga patch from xen (issue #227) 2017-07-18 13:31:08 -04:00
Trammell Hudson
7aec9a2288
add support for i915 and render mode setting (issue #219) 2017-07-18 10:10:55 -04:00
Trammell Hudson
39ade211ce
add support for fractional second timeouts in busybox read (issue #221) 2017-07-18 09:11:05 -04:00
Trammell Hudson
f0913e9670
Merge branch 'flammit-usb-boot' pull request #200 2017-07-17 12:43:53 -04:00
Trammell Hudson
af3170ebf7
remove trailing / on the /boot device parameter 2017-07-17 12:43:14 -04:00
Trammell Hudson
831dca5124
remove older qubes-specific files, no longer required in generic boot env 2017-07-17 12:31:58 -04:00
Trammell Hudson
22282da905
default to mounting USB device on /media 2017-07-17 12:24:15 -04:00
Trammell Hudson
86f3e9f5dc
add /boot and /media to /etc/fstab on startup (issue #220) 2017-07-17 12:22:48 -04:00
Trammell Hudson
ba98d5dda6
Merge branch 'usb-boot' of https://github.com/flammit/heads into flammit-usb-boot 2017-07-17 08:52:48 -04:00
Francis Lam
11aca354e9
Fixed edge case in kernel argument injection 
Debian 9 installer doesn't have kernel arguments so the iommu fix
wasn't being applied properly.
 2017-07-13 00:33:49 -04:00
Francis Lam
2a9ca6fdba
Fixed regression on kexec-save-key 2017-07-12 00:43:08 -04:00
Francis Lam
22a52ec4b8
Added TPM secret management to generic boot 
Also cleaned up error handling and boot parsing edge cases
 2017-07-12 00:17:45 -04:00
Francis Lam
d67360a24b
Added rollback protection to generic boot 
Changed the checking of required hashes or required rollback state
to be right before boot, allowing the user to sign/set defaults
in interactive mode.

Also cleaned up usages of recovery and fixed iso parameter
regression.
 2017-07-08 16:59:37 -04:00
Francis Lam
8004b5df2a
Added the ability to persist a default boot option 
Similar to qubes-update, it will save then verify the hashes of
the kexec files. Once TOTP is verified, a normal boot will verify
that the file hashes and all the kexec params match and if
successful, boot directly to OS.

Also added a config option to require hash verification for
non-recovery boots, failing to recovery not met.
 2017-07-04 19:49:14 -04:00
Francis Lam
ce4b91cad9
Minor tweaks to signing params and boot options 
Also split out usb-scan to allow manual initiation of scan from
the recovery shell
 2017-07-03 13:07:03 -04:00
Francis Lam
3614044fff
Added a generic boot config and persistent params 
Refactored boot parsing code and applied that in local-init to
scan /boot for grub options and allow the user to unsafely boot
anything.  This goes a long way to addressing #196.

Optionally the user can customize those boot parameters or enforce
arbitrary hashes on the boot device by creating and signing config
files in /boot/ or /media/ or /media/kexec_iso/ISO_FILENAME/.
 2017-07-02 23:01:04 -04:00