Francis Lam
1a34bd9d6f
Updated to coreboot 4.6
...
Also changed x220 and purism configs to use generic boot
2017-10-10 16:27:16 -04:00
Trammell hudson
5ebe5a119a
Merge branch 'x220' of https://github.com/jgrip/heads into jgrip-x220
2017-10-09 18:16:45 -04:00
Francis Lam
41f49237c6
Added configurable xen version for Qubes 4 support
...
also addresses issue #238
2017-09-13 22:10:46 -04:00
Francis Lam
472ffd35c0
Moved kernel command line parameters to config
2017-09-02 14:13:29 -04:00
Johan Grip
6f48c14d0c
Update X220 to do generic image instead of qubes.
...
Also added a script to extract the necessary blobs from a bios
dump image.
2017-08-04 22:48:27 +02:00
Trammell Hudson
314ce7b350
bump Linux kernel to 4.9.38 (issue #224 )
2017-07-18 14:25:15 -04:00
Trammell Hudson
3e48f1c5e8
tweaks to make qemu run through the /bin/generic-init process
2017-07-18 13:42:19 -04:00
Trammell Hudson
36e3172c8e
disable i915 for now, since it causes screen glitches in Xen/Qubes (issue #219 )
2017-07-18 13:32:57 -04:00
Trammell Hudson
7aec9a2288
add support for i915 and render mode setting (issue #219 )
2017-07-18 10:10:55 -04:00
Trammell Hudson
831dca5124
remove older qubes-specific files, no longer required in generic boot env
2017-07-17 12:31:58 -04:00
Trammell Hudson
ba98d5dda6
Merge branch 'usb-boot' of https://github.com/flammit/heads into flammit-usb-boot
2017-07-17 08:52:48 -04:00
Francis Lam
22a52ec4b8
Added TPM secret management to generic boot
...
Also cleaned up error handling and boot parsing edge cases
2017-07-12 00:17:45 -04:00
Francis Lam
d67360a24b
Added rollback protection to generic boot
...
Changed the checking of required hashes or required rollback state
to be right before boot, allowing the user to sign/set defaults
in interactive mode.
Also cleaned up usages of recovery and fixed iso parameter
regression.
2017-07-08 16:59:37 -04:00
Francis Lam
8004b5df2a
Added the ability to persist a default boot option
...
Similar to qubes-update, it will save then verify the hashes of
the kexec files. Once TOTP is verified, a normal boot will verify
that the file hashes and all the kexec params match and if
successful, boot directly to OS.
Also added a config option to require hash verification for
non-recovery boots, failing to recovery not met.
2017-07-04 19:49:14 -04:00
Francis Lam
3614044fff
Added a generic boot config and persistent params
...
Refactored boot parsing code and applied that in local-init to
scan /boot for grub options and allow the user to unsafely boot
anything. This goes a long way to addressing #196 .
Optionally the user can customize those boot parameters or enforce
arbitrary hashes on the boot device by creating and signing config
files in /boot/ or /media/ or /media/kexec_iso/ISO_FILENAME/.
2017-07-02 23:01:04 -04:00
Francis Lam
7f6f365afe
Reverted submodule name back to xen
2017-06-26 13:07:48 -04:00
Francis Lam
c2ec62bfcd
Changed xen submodule to track Qubes Xen
...
Closes #159
2017-06-23 23:01:20 -04:00
Trammell Hudson
2b2c00e594
typo in comment
2017-05-01 10:52:49 -04:00
Johan Grip
8b3ed5fd7a
Added blob directory for non-free blobs Also basic documentation for the binaries needed for the X220 and how the get to them
2017-05-01 10:49:45 -04:00
Johan Grip
186b641385
Inital test of a lenovo x220 port. Uses hardcoded paths for the blobs required. Uses a stripped ME blob.
2017-05-01 10:49:38 -04:00
Trammell Hudson
2cad84a768
make the ME a module (issue #194 )
2017-05-01 10:47:24 -04:00
Francis Lam
efd662c63a
adds a USB boot option with basic parsing to kexec
...
Supports booting from USB media using either the root device or
a signed ISO as the boot device. Boot options are parsed with
quick/dirty shell scripts to infer kexec params.
Closes #195 and begins to address #196
2017-04-29 13:40:34 -04:00
Trammell Hudson
448d0731a9
cherry pick Linux config from zfs branch with multi-user set
2017-04-17 16:10:48 -04:00
Trammell Hudson
d73c92e63f
quiet down the boot process
2017-04-12 06:46:55 -04:00
Trammell Hudson
8c57ac59e7
x230-flash configuration and initialization
2017-04-11 07:16:20 -04:00
Trammell Hudson
85f0586615
build xen for the qemu image so that we can test kexec
2017-04-10 12:59:07 -04:00
Trammell Hudson
300b17fa25
add dropbear ssh to qubes and moc configurations (issue #169 )
2017-04-07 09:53:02 -04:00
Trammell Hudson
830828f2a2
enable usb storage module (issue #160 )
2017-04-06 09:45:47 -04:00
Trammell Hudson
cfcf6c46d5
Purism Librem 13v1 initial configuration
2017-04-05 14:13:40 -04:00
Trammell Hudson
3d79f51e4a
Build lvm command line utility (issue #80 )
...
Replace libuuid with util-linux libuuid (and libblkid,
although we are not using libblkid right now).
This also requires a much larger coreboot cbfs, which was
fixed as part of issue #154 .
2017-04-03 17:13:59 -04:00
Trammell Hudson
4c413a1737
enable file locking for LVM
2017-04-03 17:11:12 -04:00
Trammell Hudson
d335f24292
split x230 config into 4MB bootstrap image and 7MB runtime image (issue #156 )
2017-04-03 14:53:29 -04:00
Trammell Hudson
f99944abe5
qubes init script and improved TPM disk encryption with LUKS headers (issue #123 and #6 )
2017-04-01 23:02:00 -04:00
Trammell Hudson
3225501e84
remove power related busybox tools that do not work
2017-03-31 16:00:27 -04:00
Trammell Hudson
7045d02794
move to Linux 4.9.20 (issue #149 )
2017-03-31 15:59:37 -04:00
Trammell Hudson
8544c5fe6d
busybox 1.26.2 update (issue #148 )
2017-03-31 14:53:01 -04:00
Trammell Hudson
d6c553e884
typo in qemu description
2017-03-31 13:04:46 -04:00
Trammell Hudson
c40748aa25
Build time configuration for startup scripts and modules.
...
This addresses multiple issues:
* Issue #63 : initrd is build fresh each time, so tracked files do not matter.
* Issue #144 : build time configuration
* Issue #123 : allows us to customize the startup experience
* Issue #122 : manual start-xen will go away
* Issue #25 : tpmtotp PCRs are updated after reading the secret
* Issue #16 : insmod now meaures modules
2017-03-31 11:18:46 -04:00
Trammell Hudson
9feb094701
enable flashrom and pciutils to allow the boot ROM to be re-written (issue #17 )
2017-03-30 14:35:30 -04:00
Trammell Hudson
bf94e4c416
include a nearly empty, but consistent, cpio file to ensure reproducible Linux builds (issue #142 )
2017-03-30 10:16:13 -04:00
Trammell Hudson
418ceaf733
make USB a module, strip debug info (issue #139 )
2017-03-28 17:05:04 -04:00
Trammell Hudson
8384201e9c
Change ethernet drivers to be modules and measure them when they are loaded.
...
This is a step towards unifying the server and laptop config (issue #139 )
and also makes it possible to later remove the USB modules from the
normal boot path.
2017-03-28 16:32:58 -04:00
Trammell Hudson
1475148848
enable TCP SYN cookies (issue #138 )
2017-03-28 11:46:17 -04:00
Trammell Hudson
e83ba0a0c7
enable futex for keylime
2017-03-27 18:52:31 -04:00
Trammell Hudson
f39dfd321d
enable dhcp and add helper script for lease setup
2017-03-27 15:56:10 -04:00
Trammell Hudson
edb4b4de50
enable raw sockets and the qemu network driver
2017-03-27 15:27:53 -04:00
Trammell Hudson
48adc3e4cd
enable wget
2017-03-27 14:25:34 -04:00
Trammell Hudson
279851e66d
started on extra features for MOC server initrd build
2017-03-20 14:57:22 -04:00
Trammell Hudson
b06b0331a0
started on extra features for MOC server kernel build
2017-03-20 14:52:39 -04:00
Trammell Hudson
4182c0e0aa
enable ISO9660 file systems and code page ISO8859-1 (issues #116 and #107 )
2017-03-20 11:17:18 -04:00