Commit Graph

7 Commits

Author SHA1 Message Date
Thierry Laurion
46cad549ef
WiP flake.nix: make docker image usable for testing as well, target: qemu-coreboot-whiptail-tpm2 with swtpm and canokey for smartcard
- include nix tools inside of the docker to be able to call the garbage collector prior of creating docker.
- protect roots from garbage collection (WiP)
  - Requires external preparation call so that nix (the binary) is not wiped as well. See NIX_REPRO_NOTES at the end of the file for repro notes
   - Could probably be improved. Works as of now and created a 4Gb vs 3.02Gb docker image I'm uploading now.
- CircleCI bumped to use v0.0.9 version including this
- CircleCI now depending on flake.lock for all cache layers. Will rebuild clean once again

So now we have qemu with canokey support in image, nix basic tools inside of container. Possible to call docker with DISPLAY, see NIX_REPRO_NOTES as of now.
That feels nice. No need of USB security dongle to have TPM based TPMTOTP nor detach sign? Not tested but feature is there

TODO:
- make docker creating nicer in the Nix way.
- Add canokey support under targets/qemu.mk
- add canokey board version

At least we have reproducible stack and testing stack being in same docker image. Docker image moved from 991.18MB (v0.0.8) to 1.18GB (v0.0.9)
- And I tried to clean binaries of symbols here! Seems like I do not know enough of the Nix way here.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-02 20:51:18 -04:00
Thierry Laurion
40c34453df
all scripts: replace TRACE manual strings with dynamic tracing by bash debug
Exception: scripts sourcing/calls within etc/ash_functions continues to use old TRACE functions until we switch to bash completely getting rid of ash.
This would mean getting rid of legacy boards (flash + legacy boards which do not have enough space for bash in flash boards) once and for all.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-02-01 15:48:27 -05:00
Thierry Laurion
77f9933538
xx20/xx30 blob based boards: move ME blobs target outside of board configs (targets/xx*_blobs.mk)
Makefile: have inclusion of all defined $BOARD BOARD_TARGETS (me, split_8mb4mb, ...)

TODO: VBIOS scripts for W530/T530 need way more work. To be done later.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-01-04 15:32:09 -05:00
Jonathon Hall
12a099ad8e
talos-2: Move PPC-style tgz update package targets to targets/
Move the targets generating talos-2's tgz update package to targets.

While this wasn't duplicated, it breaks a cyclic dependency between
board config and BRAND_NAME by moving the ROM output name dependencies
later.  The logic probably would be shared with similar boards if any
were supported, so it is in the spirit of the other targets/ shared
target Makefiles.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-12-18 16:49:52 -05:00
Jonathon Hall
8ce9c9d438
*-legacy-flash: Deduplicate generation of "top" ROM
Move Makefile target for the "top" ROM to targets/legacy_flash.mk.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-12-18 16:49:52 -05:00
Jonathon Hall
d512cd4ad2
12MB boards: Deduplicate generation of 8MB/4MB split ROMs
Move Makefile targets for split ROMs to targets/split_8mb4mb.mk.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-12-18 16:49:52 -05:00
Jonathon Hall
c8e114166c
qemu: Deduplicate Qemu targets/documentation, extract from boards
The 8 qemu-* targets all contained nearly-identical copies of the
targets to prepare the TPM/disk/etc. and then run Qemu.  The only
significant differences were for TPM1/TPM2 (extra swtpm_setup step,
addition of --tpm2 to swtpm_setup and swtpm).  ROOT_DISK_IMG used := or
= differently in some boards, := was kept.

targets/qemu.mk now defines all Qemu targets and is included only for
qemu-* boards (by defining BOARD_TARGETS in each of those boards).

The documentation was moved from qemu-coreboot-fbwhiptail-tpm1-hotp/
qemu-coreboot-fbwhiptail-tpm1-htop.md to targets/qemu.md.  The other 7
qemu boards' symlinks to that file were removed.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-12-18 16:49:10 -05:00