ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-11 13:15:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,945 Commits 28 Branches 6 Tags
Commit Graph

2945 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thierry Laurion
462c157b23
Merge pull request #1903 from tlaurion/BUGFIX_non_hotp_nk3_regression_fix 
non-hotp boards: skip Secrets App reset with hotp_verification if binary doesn't exit
 2025-02-04 09:23:05 -05:00
Thierry Laurion
e2d1a87809
non-hotp boards: skip Secrets App reset with hotp_verification if binary doesn't exit 
nk3 was not tested on non-hotp boards. Make sure both htop_verification and nk3 is present before resetting Secrets App

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-02-03 15:10:13 -05:00
Thierry Laurion
89a9c1b276
Merge pull request #1899 from tlaurion/unify_nv41_with_other_novacustom_board_name_scheme 
novacustom_nv4x_adl -> novacustom-nv4x_adl consistent NovaCustom board naming scheme from now on
 2025-01-30 14:09:15 -05:00
Thierry Laurion
8381ee3a86
novacustom_nv4x_adl -> novacustom-nv4x_adl consistent NovaCustom board naming scheme from now on 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-24 12:07:59 -05:00
Thierry Laurion
2ba5a0420b
Merge pull request #1896 from tlaurion/nitropad_novacustom-point_to_dasharo_docs 
nitropad/novacustom board configs: point to Dasharo docs for disassembly and recovery instructions
 2025-01-22 15:48:01 -05:00
Thierry Laurion
fef0326f55
nitropad/novacustom board configs: point to Dasharo docs for disassembly and recovery instructions 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-22 15:24:29 -05:00
Thierry Laurion
decb100288
Merge pull request #1895 from tlaurion/board_testers_review 
Board testers review
 2025-01-21 13:46:15 -05:00
Thierry Laurion
c62b0c93ec
BOARD_TESTERS.md: add https://matrix.to/#/@rsabdpy:matrix.org per https://matrix.to/#/!pAlHOfxQNPXOgFGTmo:matrix.org/$pj1W6y6usxTnE0DnU1uhQKX2HfPVVgCcCeyAoOITmgk?via=matrix.org&via=nitro.chat&via=envs.net agreement for d16 and x230 fhd 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-21 11:15:49 -05:00
Thierry Laurion
f17cd908fb
BOARD_TESTERS.md: remove @natterangell for t420 and x230i per https://github.com/linuxboot/heads/issues/692#issuecomment-2603162727 request) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-20 15:25:46 -05:00
Thierry Laurion
6ab23088dc
BOARD_TESTERS.md: add @notgivenby on t420 and t430 
Closes 	https://github.com/linuxboot/heads/issues/1869

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-20 15:23:43 -05:00
Thierry Laurion
36e30d0174
Merge pull request #1875 from tlaurion/introduce_quiet_mode-diceware_STAGING 
TESTING NEEDED: STAGING PR  (quiet mode + diceware + nk3 fixes)
 2025-01-20 14:53:29 -05:00
Thierry Laurion
836af32a42
BUGFIX >2tb drives: replace all fdisk -l calls with stderr suppression (workaround) 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-20 14:15:06 -05:00
Thierry Laurion
2d19fa9470
Merge remote-tracking branch 'osresearch/master' into introduce_quiet_mode-diceware_STAGING 2025-01-17 18:36:37 -05:00
Thierry Laurion
6b73d6d7cd
Merge pull request #1892 from tlaurion/revert_coreboot_bump_dasharo 
BUGFIX: Revert "modules/coreboot: set Dasharo coreboot fork rev to the main d…
 2025-01-17 18:35:55 -05:00
Thierry Laurion
a37c4e4264
Revert "modules/coreboot: set Dasharo coreboot fork rev to the main dasharo branch" 
This reverts commit 13f8cce1bf9cdbf7ffd78672d732924a425841fa.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-17 18:32:11 -05:00
Thierry Laurion
0cdd4414cf
Merge remote-tracking branch 'osresearch/master' into introduce_quiet_mode-diceware_STAGING 2025-01-17 16:38:51 -05:00
Thierry Laurion
8c3fb0394d
Merge pull request #1889 from Dasharo/dasharo_coreboot_main_branch 
modules/coreboot: set Dasharo coreboot fork rev to the main dasharo branch
 2025-01-17 16:38:24 -05:00
Thierry Laurion
61e6cf6129
Merge remote-tracking branch 'osresearch/master' into introduce_quiet_mode-diceware_STAGING 2025-01-17 16:25:04 -05:00
Thierry Laurion
05ad469fcb
Merge pull request #1890 from tlaurion/v560tu_remove_debug 
BUGFIX: v560tu: unify board config, remove debug cmdline passed from coreboot to linux kernel
 2025-01-17 16:24:23 -05:00
Thierry Laurion
0cb5f2faa8
BUGFIX: v560tu: unify board config, remove debug cmdline passed from coreboot to linux kernel 
Note: qemu coreboot config still pass debug (non quiet, non prod board = debug)
config/coreboot-qemu-tpm1.config:173:CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty"
config/coreboot-qemu-tpm2.config:170:CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty"

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-17 16:21:17 -05:00
Michał Kopeć
13f8cce1bf
modules/coreboot: set Dasharo coreboot fork rev to the main dasharo branch 
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
 2025-01-17 13:24:11 +01:00
Jonathon Hall
22a86e6d48
oem-factory-reset: Only badger user to record passphrases if generated 
There are many flows through oem-factory-reset that use passwords
provided by the user or basic defaults to be changed later.  We don't
need to badger the user to record those passwords.

Still do this if we generated diceware passwords though, as the user
does not know them yet.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
 2025-01-16 11:31:30 -05:00
Thierry Laurion
2872f44621
v560tu: unify board config, remove debug cmdline passed from coreboot to linux kernel 
Note: qemu coreboot config still pass debug (non quiet, non prod board = debug)
config/coreboot-qemu-tpm1.config:173:CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty"
config/coreboot-qemu-tpm2.config:170:CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty"

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-16 11:23:40 -05:00
Thierry Laurion
392d4561f3
typo: s01x -> s0ix 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-15 21:58:30 -05:00
Thierry Laurion
bab46bc97b
novacustom-v560tu board config: set board to have quiet mode enabled by default 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-15 15:41:22 -05:00
Thierry Laurion
69037fc0bb
BOARD_TESTERS.md: revise board names, add v560tu, add testers expected to answer testing calls 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-15 15:38:58 -05:00
Thierry Laurion
b1690ce473
Merge remote-tracking branch 'osresearch/master' into introduce_quiet_mode-diceware_STAGING 2025-01-15 15:35:53 -05:00
Thierry Laurion
49e0849d98
Merge pull request #1846 from Dasharo/add_novacustom_v540tu 
Add NovaCustom V560TU board
 2025-01-15 15:21:43 -05:00
Thierry Laurion
eee5039cb3
Move ns50 to UNTESTED 
Move https://github.com/linuxboot/heads/pull/1846 forward.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-15 19:29:05 +01:00
Michał Kopeć
b59c0e2e33
Remove leftover Linux 6.11.9 patches 
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
 2025-01-15 17:36:09 +01:00
Michał Kopeć
de79d2a853
boards/novacustom-v540tu: remove board 
Support for V54 series is not added at this time.

Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
 2025-01-15 15:13:57 +01:00
Michał Kopeć
a80d6da99b
modules/coreboot: bump Dasharo fork for GOP single display fix 
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
 2025-01-15 15:09:38 +01:00
Michał Kopeć
75f0fd12d7
config/coreboot-novacustom-v5.0tu: Set correct IOE PCR base addr 
As per coreboot commit 8adaae026dc055fa8b445fbe32e5146576d56c28

Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
 2025-01-15 12:42:26 +01:00
Michał Kopeć
2148e64aa3
coreboot-dasharo: move patches from Heads into Dasharo coreboot fork 
Patch 0003-CONFIG_RESOURCE_ALLOCATION_TOP_DOWN-CONFIG_DOMAIN_RESOURCE_32BIT_LIMIT.patch
is removed because it is no longer required.

Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
 2025-01-15 12:20:25 +01:00
Thierry Laurion
930d3e6114
BUGFIX: replace direct calls from LOG to INFO, so that only DO_WITH_DEBUG uses LOG. INFO manages console output to log or console 
Quiet mode introduced output reduction to console to limit technical info provided to end users.
Previous informational output (previous default) now outputs this now considered additional information through INFO() calls, which either outputs to console, or debug.log
Only DO_WITH_DEBUG should call LOG directly, so that stderr+stdout output is prepended with LOG into debug.log

This fixes previous implementation which called LOG in DO_WITH_DEBUG calls and modified expected output to files, which was observed by @3hhh in output of GRUB entries when selecting boot option.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-13 11:00:14 -05:00
Thierry Laurion
8f7b1c4128
Revert "functions: remove DO_WITH_DEBUG call for kexec-parse-boot which redirects output to file used to show boot options in GUI" 
This reverts commit 618ff26d28edd55faf498563d293842f41124c71.

This is not the proper way.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-13 10:50:42 -05:00
Thierry Laurion
b8cb467dd3
novacustom boards: rename linux-nittropad-x.config -> linux-novacustom-common.config, switch back to kernel 6.1.8, save config in oldconfig 
Input for https://github.com/linuxboot/heads/pull/1846

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-13 13:27:05 +01:00
Thierry Laurion
3687dcbb5a
config/coreboot-novacustom-v560tu.config: switch CONFIG_USE_PC_CMOS_ALTCENTURY=y to CONFIG_USE_PC_CMOS_ALTCENTURY=n otherwise in year 2070 after initial external flashing 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-13 13:26:59 +01:00
Michał Kopeć
e2237a6e73
modules/coreboot: bump Dasharo fork for 96GB boot time fix 
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
 2025-01-10 15:26:56 +01:00
Thierry Laurion
618ff26d28
functions: remove DO_WITH_DEBUG call for kexec-parse-boot which redirects output to file used to show boot options in GUI 
Thanks @3hhh for bug in PR bug report at https://github.com/linuxboot/heads/pull/1875#issuecomment-2580660074
This bug is present for all DO_WITH_DEBUG calls to functions redirecting output to file.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2025-01-09 13:49:14 -05:00
Thierry Laurion
af59704bc5
TODOs: remove no more relevant ones code per review 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 15:06:27 -05:00
Thierry Laurion
94dd788249
seal-hotpkey: change warning when default GPG Admin PIN/Secrets app PIN is detected 
Additional 0.5h for applying changes linked to code review under https://github.com/linuxboot/heads/pull/1875
Linked to Nitrokey unacknowledged RfP https://github.com/linuxboot/heads/issues/1866 that continues to grow past the 40h (now near 42... but unpaid because 'unplanned'... As if this was planned on my side.)

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 14:14:58 -05:00
Thierry Laurion
696ecf54cd
initrd/bin/seal-hotpkey: fix regression of hotp_verification 1.7+ version bump output parsing for <nk3 
As tested working with old librem key fw 0.10: works
Log entry of additioanl 30 minutes for https://github.com/linuxboot/heads/pull/1875 (I cannot not fix with my time @jans23 https://github.com/linuxboot/heads/issues/1866, since nk3 is not the only dongle support by Heads)

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:22:38 -05:00
Thierry Laurion
d2b84597bf
tpmr: check for CONFIG_TPM2_CAPTURE_PCAP=y to export TPM comms under /tmp/tpm0.pcap (not just check for existence of CONFIG_TPM2_CAPTURE_PCAP under env) 
So that export CONFIG_TPM2_CAPTURE_PCAP=n across all boards doesn't break and so that its easy for auditors to just toggle on in board configs

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:22:32 -05:00
Thierry Laurion
ff94d78c03
all maintained boards: add debug(n)+tracing(n)+pcap(n)+quiet(y) just prior of bootscript to unify to all boards 
with exception of
- qemu boards not being *quiet: quiet=n
- qemu boards not being *prod* having pcap=y
- qemy boards not being *prod* have debug+tracing=y
- qemu tpm1 boards have '#pcap=n'

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:22:27 -05:00
Thierry Laurion
27b3e3a0a0
qemu-*-prod_quiet board configs: move debug(n)+tracing(n)+pcap(n)+quiet(y) just prior of gui-init to attempt to unify to all boards 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:22:21 -05:00
Thierry Laurion
574cd97a2f
Revert "TO REVERT BEFORE MERGE: enable quiet mode in all boards and revert for qemu so only prod_quiet boards have quiet upon revert" 
This reverts commit 65d6fc48ee4f9e8b61bd59f102b60cd01f7a3a39.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:22:15 -05:00
Thierry Laurion
89309f0523
init: clarify origin of quiet mode once more after merge conflict resolution 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:22:09 -05:00
Jonathon Hall
0825b57e29
config-gui.sh: Combine quiet mode / debug output to one output setting 
These two settings are exclusive, so they would disable each other if
enabled.  Present them as one setting with three output levels.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:22:03 -05:00
Jonathon Hall
8e630e0e4d
seal-totp: Print plain secret instead of URL for manual entry 
Don't print the URL and then explain how to get the secret out of it,
just print the secret.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
 2024-12-21 13:21:57 -05:00