Commit Graph

41 Commits

Author SHA1 Message Date
Thierry Laurion
4ec2fef3e9
README.md: simplify local usage of nix/docker for devs/local images builders(local repro of CircleCI builds), referring to ./docker_*.sh scripts created
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-21 11:30:16 -05:00
Thierry Laurion
e2e4d3deac
CONTRIBUTING.md: add baselines and refer in README.md
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-29 08:21:59 -04:00
Thierry Laurion
1519bd74fe
README.md: Make docker image build more verbose on console, unify
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-09 11:40:09 -04:00
Thierry Laurion
64730d9507
Merge pull request from 123ahaha/updated-instruction-ptrace_scope
Updated README.md for kernel.yama.ptrace_scope issues
2024-06-07 12:38:38 -04:00
Thierry Laurion
c7d1495a0a
Use nixos-unstable channel's prebuilt qemu_full with canokey support builtin, downloaded from nix cache
- flake.lock: bumps lcoekd package list to latest packages list through 'nix flake update'
- flake.nix : comment out customizations of derivatives, removing canokey-qemu lib since qemu_full depends on qemu which depends on canokey-qemu by default now
- flake.nux: add 'less' so that 'git log' is usable
- circleci/config.yml: use docker v0.1.9
- README.md : update docker image maintainer notes to ease upstreaming of docker images and for others to play around, requiring dockerhub account

For testing iterations of this, I used:
docker_version="v0.1.9" && docker_hub_repo="tlaurion/heads-dev-env" && sed "s@\(image: \)\(.*\):\(v[0-9]*\.[0-9]*\.[0-9]*\)@\1\2:$docker_version@" -i .circleci/config.yml && nix --print-build-logs --verbose develop --ignore-environment --command true && nix build .#dockerImage && docker load < result && docker tag linuxboot/heads:dev-env "$docker_hub_repo:$docker_version" && docker push "$docker_hub_repo:$docker_version"
Then added final commit, and pushed.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-25 12:55:28 -04:00
Antoine Luciani
6ac7e5d789 README.md updated in build instructions and in particular an error encountered because of kernel.yama.ptrace_scope during docker image build
Signed-off-by: Antoine Luciani <antoine.luciani@epita.fr>
2024-05-24 13:46:56 +02:00
Thierry Laurion
37f04e2855
Fix key to card failing with invalid time when moving keys to smartcard on master (Opt: Authenticated Heads)
- Revert gnupg toolstack version bump to prior of  merge (2.4.2 -> 2.4.0). Version bump not needed for reproducibility.
  - Investigation and upstream discussions will take their time resolving invalid time issue introduced by between 2.4.0 and latest gnupg, fix regression first under master)

- oem-factory-reset
  - Adding DO_WITH_DEBUG to oem-factory-reset for all its gpg calls. If failing in debug mode, /tmp/debug.txt contains calls and errors
  - Wipe keyrings only (*.gpg, *.kbx)  not conf files under gpg homedir (keep initrd/.gnupg/*.conf)

- flake.nix
  - switch build derivative from qemu and qemu_kvm to qemu_full to have qemu-img tool which was missing to run qemu boards (v0.1.8 docker)
  - add gnupg so that qemu boards can call inject_gpg to inject public key in absence of flashrom+pflash support for internal flashing

- flake.lock: Updated nix pinned package list under flake.lock with 'nix flake update' so qemu_full builds

- README.md: have consistent docker testing + release (push) notes

- .circleci/config.yml: depend on docker v0.1.8 (qemu_full built with canokey-qemu lib support, diffoscopeMinimal and gnupg for proper qemu testing)

TODO:
- some fd2 instead of fd1?!
- oem-factory-resest has whiptail_or_die which sets whiptail box to HEIGHT 0. This doesn't show a scrolling window on gpg errors which is problematic with fbwhiptail, not whiptail

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-17 09:27:29 -04:00
Thierry Laurion
ecbfdbc57b
README.md Simplify Setup of Nix and flakes and docker image creation instructions
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-10 16:01:15 -04:00
Thierry Laurion
181ce621bb
README.md Makefile: address comments in PR review for daily/non-daily Nix users, remove NIX_REPRO_NOTES, Makefile dev helpers self-explain themselves
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-10 12:04:32 -04:00
Thierry Laurion
1bef1083e0
README.md: update repro notes. flake.nix: qemu_kvm was not included for native kvm support: added
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-08 11:30:23 -04:00
Thierry Laurion
03e861ea48
README.md: Add docs refs to setup docker and nix persistence over QubesOS Template/AppVM for usage. Expand on nix repro instructions fro NIX_REPRO_NOTES for review
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-07 12:09:39 -04:00
Thierry Laurion
f4db4b791c
README.md qemu.md + CircleCI: point to images for building and using nix developed created docker image
- push v0.1.3 and have latest point to the same image, add repro notes inside of README.md
- modify qemu.md to also refer to using docker images

TODO: remove NIX_REPRO_NOTES prior of merging

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-06 15:22:11 -04:00
Jonathon Hall
c8e114166c
qemu: Deduplicate Qemu targets/documentation, extract from boards
The 8 qemu-* targets all contained nearly-identical copies of the
targets to prepare the TPM/disk/etc. and then run Qemu.  The only
significant differences were for TPM1/TPM2 (extra swtpm_setup step,
addition of --tpm2 to swtpm_setup and swtpm).  ROOT_DISK_IMG used := or
= differently in some boards, := was kept.

targets/qemu.mk now defines all Qemu targets and is included only for
qemu-* boards (by defining BOARD_TARGETS in each of those boards).

The documentation was moved from qemu-coreboot-fbwhiptail-tpm1-hotp/
qemu-coreboot-fbwhiptail-tpm1-htop.md to targets/qemu.md.  The other 7
qemu boards' symlinks to that file were removed.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-12-18 16:49:10 -05:00
Thierry Laurion
4ac16e0368
README: point to https://osresearch.net again (DNS name renewed) 2023-02-08 11:32:50 -05:00
tlaurion
305851ab4b
Temporary mitigation to osresearch.net having expired
Temporal mitigation to https://github.com/osresearch/heads/issues/1308 and https://github.com/osresearch/heads-wiki/issues/122
2023-02-07 11:42:35 -05:00
Jonathon Hall
73eccb364a
qemu: Add qemu-coreboot-fbwhiptail-tpm1-hotp for complete testing in QEMU
Add qemu-coreboot-fbwhiptail-tpm1-hotp configuration, which has a 'run'
target to boot with a persistent TPM, disk, virtual USB disk, and USB-
forwarded token
Provide instructions for bootstrapping a complete working system in qemu

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-08-24 13:04:06 -04:00
tlaurion
46414fa4a2
Changing landing picture to show FBWhiptail 2022-06-22 16:47:05 -04:00
Tom Hiller
e34d59fcfd
Update README.md
Change Heads Wiki link from index.md to https://osresearch.net
2021-03-15 20:50:58 +00:00
tlaurion
f62364ffa2
Update README.md
- Add basic board building
- Remove xen as Heads dependency
- change musl-cross in text to musl-cross-make to reflect new building tools reality
2020-03-09 14:21:46 -04:00
tlaurion
e6cfe38797
Strip README.md of outdated instructions
- dm-verity related instruction stripped (see https://github.com/osresearch/heads-wiki/issues/26)
- stripped Xen parts saying it needed to be patched. Was resolved by patching kexec instead of Xen (https://github.com/osresearch/heads/issues/227#issuecomment-369043638)
- Added a link to heads-wiki for documentation needs
2019-05-21 13:23:59 -04:00
Paul Menzel
6c9ff68a87 README: Spell *Chromebook* with capital letter in beginning 2018-08-09 23:36:03 +02:00
Trammell hudson
6f151a287d
Merge branch 'librem13v2_blobs_config' of https://github.com/kakaroto/heads 2018-03-12 13:56:11 -04:00
Trammell hudson
fa3e6fe7ea
And servers! 2018-02-05 17:25:51 -05:00
Johan Grip
8b3ed5fd7a
Added blob directory for non-free blobs Also basic documentation for the binaries needed for the X220 and how the get to them 2017-05-01 10:49:45 -04:00
Paul Menzel
c3368554be
README: Use www.coreboot.org over coreboot.org
coreboot.org gets redirected to www.coreboot.org.

```
$ curl -I https://coreboot.org
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.1
Date: Mon, 06 Mar 2017 12:59:27 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: https://www.coreboot.org/
```

So save a request, and use the final URL.
2017-03-09 11:18:41 -05:00
Paul Menzel
09feb834c6
README: Use secure URL for coreboot Web site
Use https://coreboot.org over http://coreboot.org.
2017-03-09 11:18:39 -05:00
Paul Menzel
02fc94869b
README: Remove trailing space 2017-03-09 11:18:37 -05:00
Paul Menzel
ff3622c847
README: Spell QEMU all uppercase
Use the official spelling for QEMU.
2017-03-09 11:18:34 -05:00
Trammell Hudson
3008bb6945
Make musl-cross a normal Heads module.
This merges pull request  by @blackwellops and removes
the ./bootstrap script since the musl-cross can be built as
part of the normal dependency tree.
2017-01-31 13:22:43 -05:00
Trammell Hudson
bdf8a6c978
updated docs, make note of new bootstrap build procedure 2017-01-29 16:44:23 -05:00
Trammell Hudson
73a3b6d08f
removed old info, added link to presentatoin 2016-12-26 16:29:36 -05:00
Paul Menzel
92b20bdfb6 Strip trailing whitespace 2016-12-13 19:10:21 +01:00
Paul Menzel
aa3375f5ef Spell coreboot all lowercase
[coreboot](https://www.coreboot.org/) is officially spelled all
lowercase.
2016-12-13 18:02:35 +01:00
Trammell Hudson
72f35dd151
rearrange notes 2016-08-14 12:57:54 -04:00
Trammell Hudson
9b405930de
read-only / thoughts 2016-08-07 13:50:06 -04:00
Trammell Hudson
d3bbc22d54
signing details 2016-08-06 18:45:56 -04:00
Trammell Hudson
a81a002abb
Build and bundle the patched xen 4.6.3 kernel 2016-08-03 18:10:44 -04:00
Trammell Hudson
c6e066fd0c
Images and warning 2016-08-02 23:29:46 -04:00
Trammell Hudson
2471e15109
cleanup initrd, improve population of lib directories, remove some extra drivers, add notes on /dev 2016-07-28 00:08:33 -04:00
Trammell Hudson
a6d9902a2d
started on automated build process 2016-07-25 10:08:53 -04:00
Trammell Hudson
84a2675841
created repo 2016-07-25 09:06:36 -04:00