heads

mirror of https://github.com/linuxboot/heads.git synced 2025-02-09 20:31:08 +00:00

Author	SHA1	Message	Date
Thierry Laurion	2d19fa9470	Merge remote-tracking branch 'osresearch/master' into introduce_quiet_mode-diceware_STAGING	2025-01-17 18:36:37 -05:00
Thierry Laurion	6b73d6d7cd	Merge pull request #1892 from tlaurion/revert_coreboot_bump_dasharo BUGFIX: Revert "modules/coreboot: set Dasharo coreboot fork rev to the main d…	2025-01-17 18:35:55 -05:00
Thierry Laurion	a37c4e4264	Revert "modules/coreboot: set Dasharo coreboot fork rev to the main dasharo branch" This reverts commit 13f8cce1bf9cdbf7ffd78672d732924a425841fa. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2025-01-17 18:32:11 -05:00
Thierry Laurion	0cdd4414cf	Merge remote-tracking branch 'osresearch/master' into introduce_quiet_mode-diceware_STAGING	2025-01-17 16:38:51 -05:00
Thierry Laurion	8c3fb0394d	Merge pull request #1889 from Dasharo/dasharo_coreboot_main_branch modules/coreboot: set Dasharo coreboot fork rev to the main dasharo branch	2025-01-17 16:38:24 -05:00
Thierry Laurion	61e6cf6129	Merge remote-tracking branch 'osresearch/master' into introduce_quiet_mode-diceware_STAGING	2025-01-17 16:25:04 -05:00
Thierry Laurion	05ad469fcb	Merge pull request #1890 from tlaurion/v560tu_remove_debug BUGFIX: v560tu: unify board config, remove debug cmdline passed from coreboot to linux kernel	2025-01-17 16:24:23 -05:00
Thierry Laurion	0cb5f2faa8	BUGFIX: v560tu: unify board config, remove debug cmdline passed from coreboot to linux kernel Note: qemu coreboot config still pass debug (non quiet, non prod board = debug) config/coreboot-qemu-tpm1.config:173:CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty" config/coreboot-qemu-tpm2.config:170:CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty" Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2025-01-17 16:21:17 -05:00
Michał Kopeć	13f8cce1bf	modules/coreboot: set Dasharo coreboot fork rev to the main dasharo branch Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2025-01-17 13:24:11 +01:00
Jonathon Hall	22a86e6d48	oem-factory-reset: Only badger user to record passphrases if generated There are many flows through oem-factory-reset that use passwords provided by the user or basic defaults to be changed later. We don't need to badger the user to record those passwords. Still do this if we generated diceware passwords though, as the user does not know them yet. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>	2025-01-16 11:31:30 -05:00
Thierry Laurion	2872f44621	v560tu: unify board config, remove debug cmdline passed from coreboot to linux kernel Note: qemu coreboot config still pass debug (non quiet, non prod board = debug) config/coreboot-qemu-tpm1.config:173:CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty" config/coreboot-qemu-tpm2.config:170:CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty" Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2025-01-16 11:23:40 -05:00
Thierry Laurion	392d4561f3	typo: s01x -> s0ix Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2025-01-15 21:58:30 -05:00
Thierry Laurion	bab46bc97b	novacustom-v560tu board config: set board to have quiet mode enabled by default Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2025-01-15 15:41:22 -05:00
Thierry Laurion	69037fc0bb	BOARD_TESTERS.md: revise board names, add v560tu, add testers expected to answer testing calls Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2025-01-15 15:38:58 -05:00
Thierry Laurion	b1690ce473	Merge remote-tracking branch 'osresearch/master' into introduce_quiet_mode-diceware_STAGING	2025-01-15 15:35:53 -05:00
Thierry Laurion	49e0849d98	Merge pull request #1846 from Dasharo/add_novacustom_v540tu Add NovaCustom V560TU board	2025-01-15 15:21:43 -05:00
Thierry Laurion	eee5039cb3	Move ns50 to UNTESTED Move https://github.com/linuxboot/heads/pull/1846 forward. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2025-01-15 19:29:05 +01:00
Michał Kopeć	b59c0e2e33	Remove leftover Linux 6.11.9 patches Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2025-01-15 17:36:09 +01:00
Michał Kopeć	de79d2a853	boards/novacustom-v540tu: remove board Support for V54 series is not added at this time. Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2025-01-15 15:13:57 +01:00
Michał Kopeć	a80d6da99b	modules/coreboot: bump Dasharo fork for GOP single display fix Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2025-01-15 15:09:38 +01:00
Michał Kopeć	75f0fd12d7	config/coreboot-novacustom-v5.0tu: Set correct IOE PCR base addr As per coreboot commit 8adaae026dc055fa8b445fbe32e5146576d56c28 Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2025-01-15 12:42:26 +01:00
Michał Kopeć	2148e64aa3	coreboot-dasharo: move patches from Heads into Dasharo coreboot fork Patch 0003-CONFIG_RESOURCE_ALLOCATION_TOP_DOWN-CONFIG_DOMAIN_RESOURCE_32BIT_LIMIT.patch is removed because it is no longer required. Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2025-01-15 12:20:25 +01:00
Thierry Laurion	930d3e6114	BUGFIX: replace direct calls from LOG to INFO, so that only DO_WITH_DEBUG uses LOG. INFO manages console output to log or console Quiet mode introduced output reduction to console to limit technical info provided to end users. Previous informational output (previous default) now outputs this now considered additional information through INFO() calls, which either outputs to console, or debug.log Only DO_WITH_DEBUG should call LOG directly, so that stderr+stdout output is prepended with LOG into debug.log This fixes previous implementation which called LOG in DO_WITH_DEBUG calls and modified expected output to files, which was observed by @3hhh in output of GRUB entries when selecting boot option. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2025-01-13 11:00:14 -05:00
Thierry Laurion	8f7b1c4128	Revert "functions: remove DO_WITH_DEBUG call for kexec-parse-boot which redirects output to file used to show boot options in GUI" This reverts commit 618ff26d28edd55faf498563d293842f41124c71. This is not the proper way. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2025-01-13 10:50:42 -05:00
Thierry Laurion	b8cb467dd3	novacustom boards: rename linux-nittropad-x.config -> linux-novacustom-common.config, switch back to kernel 6.1.8, save config in oldconfig Input for https://github.com/linuxboot/heads/pull/1846 Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2025-01-13 13:27:05 +01:00
Thierry Laurion	3687dcbb5a	config/coreboot-novacustom-v560tu.config: switch CONFIG_USE_PC_CMOS_ALTCENTURY=y to CONFIG_USE_PC_CMOS_ALTCENTURY=n otherwise in year 2070 after initial external flashing Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2025-01-13 13:26:59 +01:00
Michał Kopeć	e2237a6e73	modules/coreboot: bump Dasharo fork for 96GB boot time fix Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>	2025-01-10 15:26:56 +01:00
Thierry Laurion	618ff26d28	functions: remove DO_WITH_DEBUG call for kexec-parse-boot which redirects output to file used to show boot options in GUI Thanks @3hhh for bug in PR bug report at https://github.com/linuxboot/heads/pull/1875#issuecomment-2580660074 This bug is present for all DO_WITH_DEBUG calls to functions redirecting output to file. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2025-01-09 13:49:14 -05:00
Thierry Laurion	af59704bc5	TODOs: remove no more relevant ones code per review Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 15:06:27 -05:00
Thierry Laurion	94dd788249	seal-hotpkey: change warning when default GPG Admin PIN/Secrets app PIN is detected Additional 0.5h for applying changes linked to code review under https://github.com/linuxboot/heads/pull/1875 Linked to Nitrokey unacknowledged RfP https://github.com/linuxboot/heads/issues/1866 that continues to grow past the 40h (now near 42... but unpaid because 'unplanned'... As if this was planned on my side.) Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 14:14:58 -05:00
Thierry Laurion	696ecf54cd	initrd/bin/seal-hotpkey: fix regression of hotp_verification 1.7+ version bump output parsing for <nk3 As tested working with old librem key fw 0.10: works Log entry of additioanl 30 minutes for https://github.com/linuxboot/heads/pull/1875 (I cannot not fix with my time @jans23 https://github.com/linuxboot/heads/issues/1866, since nk3 is not the only dongle support by Heads) Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:22:38 -05:00
Thierry Laurion	d2b84597bf	tpmr: check for CONFIG_TPM2_CAPTURE_PCAP=y to export TPM comms under /tmp/tpm0.pcap (not just check for existence of CONFIG_TPM2_CAPTURE_PCAP under env) So that export CONFIG_TPM2_CAPTURE_PCAP=n across all boards doesn't break and so that its easy for auditors to just toggle on in board configs Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:22:32 -05:00
Thierry Laurion	ff94d78c03	all maintained boards: add debug(n)+tracing(n)+pcap(n)+quiet(y) just prior of bootscript to unify to all boards with exception of - qemu boards not being quiet: quiet=n - qemu boards not being prod* having pcap=y - qemy boards not being prod have debug+tracing=y - qemu tpm1 boards have '#pcap=n' Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:22:27 -05:00
Thierry Laurion	27b3e3a0a0	qemu-*-prod_quiet board configs: move debug(n)+tracing(n)+pcap(n)+quiet(y) just prior of gui-init to attempt to unify to all boards Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:22:21 -05:00
Thierry Laurion	574cd97a2f	Revert "TO REVERT BEFORE MERGE: enable quiet mode in all boards and revert for qemu so only prod_quiet boards have quiet upon revert" This reverts commit 65d6fc48ee4f9e8b61bd59f102b60cd01f7a3a39. Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:22:15 -05:00
Thierry Laurion	89309f0523	init: clarify origin of quiet mode once more after merge conflict resolution Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:22:09 -05:00
Jonathon Hall	0825b57e29	config-gui.sh: Combine quiet mode / debug output to one output setting These two settings are exclusive, so they would disable each other if enabled. Present them as one setting with three output levels. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm> Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:22:03 -05:00
Jonathon Hall	8e630e0e4d	seal-totp: Print plain secret instead of URL for manual entry Don't print the URL and then explain how to get the secret out of it, just print the secret. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm> Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:21:57 -05:00
Jonathon Hall	a06ead69bc	tpmr: Don't continue blindly if a TPM reset step fails If a TPM reset step fails, don't blindly continue onto the other steps. Use DO_WITH_DEBUG to trace failures, so they're visible in the log but we still exit due to set -e. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm> Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:21:51 -05:00
Jonathon Hall	c4bb4107ab	tpmr: Use SINK_LOG rather than temp file, avoid doubled log output Use SINK_LOG to capture tpm2 unseal rather than a temp file. Don't double up output from tpm "$@" to log; DO_WITH_DEBUG already captures it. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm> Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:21:45 -05:00
Jonathon Hall	516f7b6924	etc/functions: Fix SINK_LOG blank lines, add more dev doc Add examples for capturing stderr or both stdout+stderr. Trace blank lines with LOG like non-blank lines. Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm> Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:21:40 -05:00
Jonathon Hall	283553956f	initrd/init: Delete outdated comment about ash Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm> Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:21:34 -05:00
Thierry Laurion	e1a263ce3b	init: warn user that if CONFIG_QUIET_MODE was enabled in board config at build time but disabled through Configuration Settings applied override, early measurement output got suppressed Also tell user that those early suppressed messages can be seen under /tmp/debug.txt Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:21:28 -05:00
Thierry Laurion	07218df9cb	initrd/bin/kexec-select-boot: clarify that TPM2 primary handle HASH is created upon setting default boot (was not clear) Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:21:22 -05:00
Thierry Laurion	eb63d4d46a	oem-factory-reset: remove duplicate output 'Checking for USB Security dongle...' Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:21:16 -05:00
Thierry Laurion	97121ab86e	global: finalize switch from ash to bash shell, including recovery shell access Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:21:10 -05:00
Thierry Laurion	bcd364c280	TO REVERT BEFORE MERGE: enable quiet mode in all boards and revert for qemu so only prod_quiet boards have quiet upon revert repro user@localhost:~/heads$ sed -i 's\|export CONFIG_BOOTSCRIPT=/bin/gui-init\|#Enable quiet mode: technical information logged under /tmp/debug.log\nexport CONFIG_QUIET_MODE=y\nexport CONFIG_BOOTSCRIPT=/bin/gui-init\|' boards//.config user@localhost:~/heads$ git restore boards/qemu/*.config Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:21:04 -05:00
Thierry Laurion	494ba09270	novacustom-nv4x board config: revert quiet mode enablement Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:20:58 -05:00
Thierry Laurion	02d8ce8d0d	kexec-save-default kexec-select-boot: fix primary handle once more. Can't wait we get rid of this... file must exist and not be empty, and hash output to console must not be silenced Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:20:53 -05:00
Thierry Laurion	1e6079620a	TPM2 primary handle debugging once more. Can't wait we get rid of this... Signed-off-by: Thierry Laurion <insurgo@riseup.net>	2024-12-21 13:20:47 -05:00

1 2 3 4 5 ...

2933 Commits