Added note to KGPE-D16 configs about the current microcode bug, why microcode is not included and encouraging AMD Opteron 6300 series users to make sure their operating system loads microcode.
The idea here is a cache to restore from (musl-cross from coreboot version bound crosscomipler, from which coreboot is built)
1- Reuse existing cache for all modules and patches created digest's hash past build matching cache.
(If a single module or patch changes, we have cache miss.)
2- Reuse existing coreboot and musl-cross-make created digest's hash past build's matching cache
(If a patch was added to current coreboot, or new coreboot version was added in coreboot module definition, we have a cache miss.)
3- Reuse existing musl-cross-make created digest's hash past build matching cache
(If musl-cross-make module didn't change, we don't rebuild it.)
Per https://github.com/osresearch/heads/pull/947#issuecomment-753507412 proposition
* Flashrom was being fetched with git and was always using `master`
* No patches were being applied (i.e. `0100-enable-kgpe-d16.patch` was being ignored).
- update module hash and blobs hash
- drop patches no longer needed; migrate those that remain
- adjust Librem Mini/Mini v2 board configs
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.
* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)
* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin.
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.
* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
cp config/linux.. ./build/linux*/.config
cd build/linux*
make savedefconfig
cp defconfig ../../config/linux..
Resulting in only linux-kgpe-d16_workstation.config being updated.
For KGPE-D16 workstation boards:
Remove `console=tty0` from `CONFIG_BOOT_KERNEL_ADD` as was blocking Qubes graphical installer (CLI installer was launched).
Comment out `export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles"` to provide a more desktop like experience.
Removed 0001-cpu-x86-smm-Use-PRIxPTR-to-print-uintptr_t.patch as already exists as 0000-cpu-x86-smm-Use-PRIxPTR-to-print-uintptr_t.patch
Added 0020-kgpe-d16_measured-boot-support.patch for coreboot 4.11
Fix TPM errors when microcode is measured by initialising TPM earlier and loading the microcode later.
Thanks to Michał Żygowski <miczyg1> for condition suggestion: `if (CONFIG(MEASURED_BOOT) && CONFIG(LPC_TPM) && boot_cpu())`
Locate bootblock location and size with CBFS API. Credit to: Michał Żygowski <miczyg1>
