Commit Graph

2342 Commits

Author SHA1 Message Date
Trammell Hudson
ac74b92157
re-enable zlib and use it in kexec (issue ) 2017-04-07 09:51:49 -04:00
Trammell Hudson
3c07e27d73
prefix should not be empty 2017-04-07 09:51:15 -04:00
Trammell Hudson
f65136c1a2
parallel crosscompiler build (issue ) 2017-04-07 08:59:25 -04:00
Trammell Hudson
6b0013e038
use the non-musl-libc wrapped gcc (issue ) 2017-04-06 17:28:12 -04:00
Trammell Hudson
c76a618b1e
use our cross compiler ld (issue ) 2017-04-06 17:02:14 -04:00
Trammell Hudson
7c8f86bc52
lvm2 builds reproducibly again (issue ) 2017-04-06 16:44:48 -04:00
Trammell Hudson
2b55d8bcf8
use our cross compiler ar, not /usr/bin/ar (issue ) 2017-04-06 16:22:40 -04:00
Trammell Hudson
727e2fbc56
report sha256 of stages as they are built 2017-04-06 16:06:52 -04:00
Trammell Hudson
96fe3f3f09
replaced PREFIX= with DESTDIR= to make builds reproducible (issue ) 2017-04-06 16:01:56 -04:00
Trammell Hudson
09718fc97e
replace __FILE__ with "__FILE__" to make Xen reproducible (issue ) 2017-04-06 15:58:51 -04:00
Trammell Hudson
ea8a55fe5b
shell syntax, not makefile syntax (issue ) 2017-04-06 11:01:48 -04:00
Trammell Hudson
192e122719
scale the max load by the number of CPUs (issue ) 2017-04-06 10:50:43 -04:00
Trammell Hudson
830828f2a2
enable usb storage module (issue ) 2017-04-06 09:45:47 -04:00
Trammell Hudson
350a3564b1
move usb-storage into a kernel module (issue ) 2017-04-05 19:20:53 -04:00
Trammell Hudson
362785b81c
gpg uses pubring.gpg instead of trustedkeys.gpg 2017-04-05 18:43:58 -04:00
Trammell Hudson
06d2f7728b
ignore tilde files 2017-04-05 18:43:18 -04:00
Trammell Hudson
9d6c5c5da8
fix gpg tty reading from /dev/console to support yubikey (issue ) 2017-04-05 18:35:45 -04:00
Trammell Hudson
a2e51a599c
fix build to avoid libusb installed on host system 2017-04-05 18:07:50 -04:00
Trammell Hudson
a1efbb8e02
fix build to avoid libusb installed on host system 2017-04-05 18:06:42 -04:00
Trammell Hudson
71f6cf3315
hash update 2017-04-05 18:01:36 -04:00
Trammell Hudson
0da184fe01
Enable gpg with card support (issue ) 2017-04-05 17:59:49 -04:00
Trammell Hudson
cfcf6c46d5
Purism Librem 13v1 initial configuration 2017-04-05 14:13:40 -04:00
Trammell Hudson
0019d8031c
make %.rom generic 2017-04-05 14:12:44 -04:00
Trammell Hudson
5195a74422
remove initrd unpacking, since Qubes dracut /etc/cryptab can be fixed 2017-04-05 10:30:28 -04:00
Trammell Hudson
ce766bdc58
LVM patches to compile with musl 2017-04-04 09:41:50 -04:00
Trammell Hudson
39cb4031f4
TPM disk encryption keys for Qubes.
Issue : This streamline Qubes startup experience by
making it possible to have a single-password decryption.

Issue : The disk keys in `/secret.key` are passed to the systemd
in initramfs through `/etc/crypttab`, which is generated on each boot.
This is slow; need to look at alternate ways.

Issue : By using LVM instead of partitions it is now
possible to find the root filesystem in a consistent way.

Issue : LVM is now included in the ROM.
2017-04-03 17:18:11 -04:00
Trammell Hudson
3d79f51e4a
Build lvm command line utility (issue )
Replace libuuid with util-linux libuuid (and libblkid,
although we are not using libblkid right now).

This also requires a much larger coreboot cbfs, which was
fixed as part of issue .
2017-04-03 17:13:59 -04:00
Trammell Hudson
392599b90b
have xen output the xen executable for x230-qubes (issue ) 2017-04-03 17:13:07 -04:00
Trammell Hudson
4c413a1737
enable file locking for LVM 2017-04-03 17:11:12 -04:00
Trammell Hudson
cd584c4fad
remove unused platform modules 2017-04-03 17:10:22 -04:00
Trammell Hudson
3dcc3d4b49
load the xhci USB3 modules as well 2017-04-03 17:09:54 -04:00
Trammell Hudson
85a77cf5de
build xen for installation into x230-qubes ROM (issue ) 2017-04-03 17:09:22 -04:00
Trammell Hudson
d335f24292
split x230 config into 4MB bootstrap image and 7MB runtime image (issue ) 2017-04-03 14:53:29 -04:00
Trammell Hudson
e41e21084a
extend PCR 4 in a recovery to prevent disk key decryption (issue ) 2017-04-03 10:30:03 -04:00
Trammell Hudson
174bb64957
Move Qubes startup script to /boot/boot.sh
This also adds a set of files in the qubes/ directory that
are meant to be copied to the /boot partition.

Issue : for ease of upgrading Qubes, the script should
live on /boot instead of in the ROM.  This requires a GPG
signature on the startup script to avoid attacks by modifying
the boot script.

Issue : this streamlines the boot process for Qubes, although
the disk password is still not passed in correctly to the initrd
(issue ).

This does not address issues  of how to find the root device.
The best approach is probably disk labels, which will require
special installation instructions.
2017-04-02 22:21:49 -04:00
Trammell Hudson
4e71017bea
bump xen to 4.6.4 (issue ) 2017-04-02 21:45:10 -04:00
Trammell Hudson
f99944abe5
qubes init script and improved TPM disk encryption with LUKS headers (issue and ) 2017-04-01 23:02:00 -04:00
Trammell Hudson
d06ba0a851
reset $boot_option between loops 2017-04-01 22:25:16 -04:00
Trammell Hudson
93a0d7eee2
support clean targets 2017-03-31 18:13:50 -04:00
Trammell Hudson
3225501e84
remove power related busybox tools that do not work 2017-03-31 16:00:27 -04:00
Trammell Hudson
7045d02794
move to Linux 4.9.20 (issue ) 2017-03-31 15:59:37 -04:00
Trammell Hudson
858b48d304
use our specific strip program to ensure reproducibility (issue ) 2017-03-31 15:26:41 -04:00
Trammell Hudson
8544c5fe6d
busybox 1.26.2 update (issue ) 2017-03-31 14:53:01 -04:00
Trammell Hudson
2db3c33866
fix IDSDIR to make pciutils reproducible (issue ) 2017-03-31 14:33:15 -04:00
Trammell Hudson
27e35f6ef7
cleanup initrd tmpfile and reduce recursive make calls 2017-03-31 13:28:20 -04:00
Trammell Hudson
3241499ee3
pciutils fails on first build if both install and install-lib are specified 2017-03-31 13:05:05 -04:00
Trammell Hudson
d6c553e884
typo in qemu description 2017-03-31 13:04:46 -04:00
Trammell Hudson
9322dbef2d
use default qemu config, parameterize bin_modules 2017-03-31 12:06:59 -04:00
Trammell Hudson
4141c75c8c
make kexec work with the modular build 2017-03-31 11:59:18 -04:00
Trammell Hudson
b35f8d35ae
Merge /tmp/heads 2017-03-31 11:34:11 -04:00