Commit Graph

1898 Commits

Author SHA1 Message Date
Sergii Dmytruk
3df4a45477
modules/coreboot: update coreboot
* Properly initialize sensor IDs of 2nd CPU to fix fan control.
* Use 2s delay for I2C communications with TPM in OPAL (configured in
  device tree).
* Stop building unused parts of skiboot using host GCC.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2023-06-07 01:09:42 +03:00
Sergii Dmytruk
17f652da3b
config/linux-talos-2.config: don't enable IMA
It only extends PCR10 and logs it separately.

Added entries are to compensate disabling IMA which selects those config
options.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2023-06-06 00:49:07 +03:00
Thierry Laurion
7b949a1a44
initrd/bin/seal-totp: PCR0-4 cannot be expected to be 0 on PPC64.
Seal with extended PCR values, expected to be the same at unseal-totp operation
2023-06-04 20:20:46 +03:00
Thierry Laurion
92cddb315f
boards/talos-2/talos-2.config : sda1 will never be a boot device
/dev/nvme0n1p2 expected to contain /boot/grub dir
2023-06-04 20:20:46 +03:00
tlaurion
21b87ff7d2
Merge pull request #1410 from tlaurion/QubesOS_update_weekly_ISO_signing_keys
Qubes weekly signing key has changed. Removed testing and replaced.
2023-05-24 13:56:01 -04:00
Thierry Laurion
d917ca1c96
Qubes weekly signing key has changed. Removed testing and replaced.
Already minimized and cleaned upstream, taken from https://qubes.notset.fr/iso/ today
2023-05-24 12:13:07 -04:00
tlaurion
b70547f188
Merge pull request #1401 from daringer/fix-makefile
Makefile: adapt cleaning targets for arch directory
2023-05-09 14:09:11 -04:00
Markus Meissner
3ea82ec31e
Makefile: adapt cleaning targets for arch directory 2023-05-09 17:50:49 +02:00
tlaurion
bc148f1341
Merge pull request #1397 from danielp96/fbwhiptail-reproducibility 2023-05-06 11:08:29 -04:00
Daniel Pineda
ca00952048
modules/fbwhiptail: Update for reproducibility
Updated to reproducible version of fbwhiptail.
Added flags to remove debug info.
Updated url to current one instead of going through redirect.

Signed-off-by: Daniel Pineda <daniel.pineda@puri.sm>
2023-05-04 13:14:26 -06:00
tlaurion
3c98f080e4
Merge pull request #1394 from srgrint/linux_4.14_patch_for_use_after_free_realloc
backport upstream patch for 4.14.62.  Allows building on debian 12
2023-05-03 10:52:41 -04:00
srgrint
09f3984020 backport upstream patch for 4.14.62. Allows building on debian 12 2023-05-02 20:49:34 +01:00
tlaurion
87871ad18d
Merge pull request #1393 from tlaurion/linux_5.10.5_patch_for_use_after_free_realloc 2023-05-02 13:02:26 -04:00
Thierry Laurion
e8bc15ee60
linux 5.10.5: backporting linux upstream patch for 5.10.5 (libsubcmd fix use after free for realloc)
Permits building on top of debian-12 (testing), which fails to build since detecting bug.
2023-05-02 10:29:24 -04:00
tlaurion
ab1faf5389
Merge pull request #1378 from JonathonHall-Purism/kexec-framebuffer-graphics 2023-04-28 17:34:32 -04:00
tlaurion
bdcc556e2b
Merge pull request #1377 from tlaurion/iso_boot_debugging_and_fixes 2023-04-28 16:56:21 -04:00
tlaurion
a7777a7dce
Merge pull request #1390 from danielp96/bash-reproducibility
Bash reproducibility
2023-04-28 13:42:41 -04:00
Daniel Pineda
1aa216773a
patches/bash-5.1.16.patch: Do not increment build number
Bash uses .build to keep count of the build number, which conflicts
with heads build system usage of .build to keep track of built modules.

If .build already exists when bash/configure is run it will increment by 1
the build number. This is configurable on the call to the support script
support/mkversion.sh, which is called from the bash/Makefile.

Patching the Makefile template used during bash configuration allows
disabling the build number increment.

Signed-off-by: Daniel Pineda <daniel.pineda@puri.sm>
2023-04-27 11:49:22 -06:00
Jonathon Hall
6d0cd94ba8
Enable CONFIG_NO_GFX_INIT in coreboot on i915 boards with Linux 5.10
We don't need coreboot to initialize graphics on this boards, this
eliminates some unneeded code and the gnat dependency for them.

Coreboot was using libgfxinit, but it was initializing in text mode.
Heads' kernel will then switch to graphics mode, and we hand that
framebuffer from i915 to the target kernel during kexec.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-04-27 12:50:29 -04:00
tlaurion
3a38ac02e3
Merge pull request #1312 from tlaurion/coreboot-4.13_coreboot-4.19_version_bump
Bump boards depending on coreboot 4.13 to 4.19
2023-04-24 19:21:18 -04:00
tlaurion
060c979e4b
Merge pull request #1382 from tlaurion/coreboot_xcompile_fixed_location
coreboot: output xcompile into old shared location for all coreboot versions to prevent buildstack rebuild
2023-04-24 19:14:12 -04:00
Thierry Laurion
2901d29e24
coreboot: output xcompile into old shared location for all coreboot versions (prevents rebuild of buildstack) 2023-04-21 16:54:48 -04:00
tlaurion
77b593301a
Merge pull request #1380 from tlaurion/coreboot+linux_helpers_for_version_bump
coreboot+linux modules: add helpers to edit config, save in oldconfig/defconfig
2023-04-20 14:13:02 -04:00
Thierry Laurion
a29c277849
coreboot+linux modules: add modules target helpers to edit configs (oldconfig/defconfig)
Most useful to me are:
coreboot.modify_and_save_defconfig_in_place
coreboot.modify_and_save_oldconfig_in_place
linux.modify_and_save_oldconfig_in_place
linux.modify_and_save_defconfig_in_place
Which permit to take current in tree configs and translate them into other format.
This is useful when trying to version bump and build.

Also add helpers to save in versioned version to facilitate change tracking:
linux.generate_and_save-versioned-oldconfig
linux.regenerate_and_save_versioned_defconfig
2023-04-20 14:07:20 -04:00
Daniel Pineda
31e122443c
modules/bash: Remove debug info from binary
Add -g0 to CFLAGS
Add -s to LDFLAGS

Signed-off-by: Daniel Pineda <daniel.pineda@puri.sm>
2023-04-20 10:44:34 -06:00
Jonathon Hall
353e836dc1
kexec: Update to 2.0.26, add framebuffer tracing
Update kexec to 2.0.26.  Add tracing to framebuffer initialization.  In
particular, the driver name is traced if not recognized, and messages
about kernel config are shown if the kernel doesn't provide the
framebuffer pointer.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-04-19 14:16:38 -04:00
Jonathon Hall
a75ecdfc8d
t440p: Enable i915 kexec framebuffer fixes
Add CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM and related kernel parameters to
t440p.  This board is already on kernel 5.10 and uses i915 graphics.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-04-19 10:34:29 -04:00
Jonathon Hall
cd4c1a0fdb
coreboot-librem*: Set framebuffer kernel params for Librems except L1UM
Allow leaking the DRM framebuffer pointer to userspace, and disable
framebuffer compression, like librem_15v4.

Tested booting memtest86+ and Debian netinstaller on Mini v2.

Do not enable this for L1UM, it uses Aspeed graphics which still don't
work.  qemu uses virtio graphics, which also are not working.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-04-19 10:32:23 -04:00
Jonathon Hall
2a2279b587
librem_15v4: Disable i915 compressed framebuffer
Compressed framebuffer requires the driver to track updates to the
framebuffer from the CPU and update the compressed framebuffer.  This
doesn't work if we kexec into an OS that will use the linear
framebuffer, so disable it.  (The OS kernel can still use compressed
framebuffer if it has i915.)

Linux 5.8 enabled compressed framebuffer on more chipsets using i915,
which is why this stopped working.

memtest86+ and Debian (manually blacklisted i915, comparable to
netinst) now boot correctly on Librem 15v4.  This will need to be
enabled for other boards too.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-04-18 17:00:03 -04:00
Jonathon Hall
13a3cee0e5
kexec: Add new i915 driver ID
The i915 driver's ID changed again, now to i915drmfb.

It's unclear why kexec checks this, it seems it could populate the
target kernel's framebuffer info as long as it knows enough about the
host kernel's framebuffer, which it already checks.  Maybe we could
improve this, for now just add the new ID again.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-04-18 13:29:38 -04:00
Jonathon Hall
abbc1b5dd8
linux: Allow kexec in userspace to get framebuffer address
kexec(8) needs to get the framebuffer address in order to set up the
new kernel's boot parameters.  This is one of the reasons that using a
>4.20 kernel in Heads prevents framebuffer graphics from working in the
OS kernel.

Linux 4.20 started hiding this address from userspace, because
userspace is not supposed to need physical memory addresses.  A
workaround was added to keep leaking the address, apparently for some
proprietary userspace OpenGL drivers.  This requires both a Kconfig and
a kernel parameter.

This commit enables the Kconfig on the librem_common config, and the
kernel parameter on the librem_15v4 (where I'm testing this).  We will
need to enable it on other >4.20 configs/boards as well.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-04-18 13:17:18 -04:00
Thierry Laurion
40872d8b31
kexec-parse-boot: fix isolinux iso booting 2023-04-17 16:19:08 -04:00
Thierry Laurion
7ec658ffdf
kexec-iso-init: add TinyCore iso boot logic (Based on https://github.com/u-root/webboot/) 2023-04-17 16:18:22 -04:00
Thierry Laurion
4a78225548
media-scan/usb-init: add debugging info 2023-04-17 16:17:55 -04:00
tlaurion
8ff4b9a51b
Merge pull request #1319 from danielp96/master
Update busybox 1.32.0 to 1.33.2
2023-04-12 12:36:46 -04:00
tlaurion
26d936b934
Merge pull request #1372 from JonathonHall-Purism/fix-benign-script-errors
Fix benign script errors
2023-04-12 11:19:18 -04:00
Jonathon Hall
1217cffbc1
kexec-select-boot: Fix errant continue
This isn't in a loop, continue makes no sense.  ash had silently
ignored it.  Proceeding to the do_boot below is the correct behavior.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-04-12 09:12:14 -04:00
Jonathon Hall
f1708bf3a7
mount-usb: Fix word splitting in test for USB devices
For partitioned media or when more than one device is present, this
fixes a benign script error that ash had apparently ignored.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-04-12 09:12:10 -04:00
tlaurion
e32fc91baf
Merge pull request #1358 from ThePlexus/p8z77-m_pro 2023-04-11 18:59:52 -04:00
tlaurion
5b9d9529ba
Merge pull request #1367 from danielp96/libjson-reproducibility
modules/json-c: set cmake build type as minsizerel
2023-04-11 10:42:00 -04:00
ThePlexus
b64077fac6 Incorporate COREBOOT_DIr mod and VSCC optioanl setting 2023-04-10 13:43:54 +01:00
Daniel Pineda
46aa2535ba
modules/json-c: set cmake build type as minsizerel
By default json-c builds as debug instead of release.

Adding CMAKE_BUILD_TYPE=minsizerel ensures it does not
add debug info and also optimizes for file size.

Signed-off-by: Daniel Pineda <daniel.pineda@puri.sm>
2023-04-06 12:13:26 -06:00
tlaurion
1cf7158e8e
Merge pull request #1365 from tlaurion/move_tpm2_board_pcap_to_debug_section 2023-04-04 13:38:22 -04:00
ThePlexus
668d7739ce
change default loglevel 2023-04-04 16:13:19 +01:00
Thierry Laurion
a475ecef24
qemu-coreboot-*whiptail-tpm2-* boards: move TPM2 debug PCAP variable to debug section for clarity 2023-04-04 09:36:31 -04:00
tlaurion
a447674a89
Merge pull request #1313 from Dasharo/talos_fan_speed 2023-04-03 19:40:38 -04:00
tlaurion
3b56c0cf53
Merge pull request #1362 from tlaurion/fix_usb_keyboard_at_init
Fix usb keyboard at init
2023-04-03 14:34:03 -04:00
Thierry Laurion
8dbe85ddaf
Fix 'Tracing...' text output still stating functions instead of ash_functions where they are called from 2023-04-03 14:31:21 -04:00
Thierry Laurion
429d8bbead
move enable_usb from /etc/functions to /etc/ash_functions so that usb keyboard can be enabled from init
Reminder: insmod is a bash script and will fail on legacy-flash boards (which should not enable USB_KEYBOARD anyway)
2023-04-03 14:31:09 -04:00
ThePlexus
1761505d87 Autoboot not needed in this board 2023-03-31 17:37:02 +01:00