Michał Kopeć
6174b63a12
novacustom-v540tu: enable PR0 lockdown in SMM
...
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
2024-12-09 16:21:45 +01:00
Michał Kopeć
bb6c83de49
modules/coreboot: add commented out patch version
...
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
2024-12-04 18:13:07 +01:00
Michał Kopeć
34ee256dd2
modules/coreboot: bump dasharo fork for PRR lockdown
...
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
2024-12-04 18:11:54 +01:00
Michał Kopeć
0f339496a7
Add NovaCustom V560TU
...
as a copy of V540TU
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
2024-12-04 13:51:55 +01:00
Michał Kopeć
ad6605d84b
config/coreboot-novacustom-v540tu.config: set version to rc1
...
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
2024-12-04 13:51:49 +01:00
Michał Kopeć
0cdba412ef
modules/coreboot: dasharo: reuse 24.02.1 toolchain
...
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
2024-12-04 12:46:38 +01:00
Michał Kopeć
b6f5c6d245
modules/coreboot: update comment about Dasharo coreboot fork
...
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
2024-12-04 12:46:37 +01:00
Michał Kopeć
4a3667b78c
boards/novacustom-v540tu/novacustom-v540tu.config: remove unneeded debug options
...
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
2024-12-04 12:46:37 +01:00
Michał Kopeć
cf02a2914e
config/coreboot-novacustom-v540tu.config: disable debug console
...
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
2024-12-04 12:46:37 +01:00
Thierry Laurion
059a60e43e
.circleci/config.yml nitropad-nv41 name changed -> novacustom_nv4x_adl
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-04 12:46:37 +01:00
Thierry Laurion
4394052b72
modules/linux: add Linux 6.11.9
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-04 12:46:37 +01:00
Michał Kopeć
ce2b051a48
Add NovaCustom V540TU board
...
Co-authored-by: Michał Kopeć <michal.kopec@3mdeb.com>
Co-authored-by: Thierry Laurion <insurgo@riseup.net>
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-12-04 12:46:35 +01:00
Thierry Laurion
99157f2291
Merge pull request #1802 from tlaurion/talos_2-kernel_version_bump_to_6.6.16
...
talos-2: kernel version bump to 6.6.16
2024-11-29 14:19:25 -05:00
Thierry Laurion
e31afc58b3
Merge pull request #1818 from tlaurion/pr0_skylake_and_more_recent
...
WiP: PR0 (SPI write prevention through chipset locking) for nv4x_adl, setting base for other platforms/downstream forks supporting >=Skylake+
2024-11-29 13:22:21 -05:00
Sergii Dmytruk
7ca7488474
config/linux-talos-2.config: update
...
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-29 12:38:30 -05:00
Sergii Dmytruk
e97b379796
talos2: port 2 more Linux patches to 6.6.16
...
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-29 12:38:24 -05:00
Thierry Laurion
a03857d85f
talos-2 kernel 6.6.16: review needed patches and config: cbmem missing, maybe some more patches needs porting
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-29 12:38:18 -05:00
Thierry Laurion
3ed0f2df35
talos-2 6.6.16 kernel config: deactivate CONFIG_COMPAT (32 bit support)
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-29 12:38:12 -05:00
Thierry Laurion
d7ff890c78
WiP: talos-2: kernel version bump to 6.6.16
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-29 12:38:05 -05:00
Thierry Laurion
03ba3864db
Merge remote-tracking branch 'osresearch/master' into pr0_skylake_and_more_recent
2024-11-29 11:38:36 -05:00
Thierry Laurion
f8b03b3087
nitropad-ns50: remove PR0 until tested and readded in seperate PR
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-29 11:17:02 -05:00
Thierry Laurion
87732b71ce
Merge pull request #1865 from tlaurion/bump-flashprog_latest-meteor_lake_support
...
modules/flashprog: bump to latest commit, including support for meteor lake
2024-11-28 15:33:22 -05:00
Thierry Laurion
43b03fbe60
Revert "coreboot dasharo fork patch: bump patchset to upstream reviewed"
...
This reverts commit f5fdf9a97e
.
Unfortunately, patch doesn't apply to dasharo current fork pointed under modules/coreboot
Waiting for Dasharo to provide a patch updated to heads used fork/dasahro bumping to newer coreboot version for which patchset applies clealy
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-28 13:24:30 -05:00
Thierry Laurion
3de473c409
modules/flashprog: bump to latest commit, including support for meteor lake
...
We use eb2c04185f
(2024-11-21 1.3+ bugfixes)
Where meteor lake is 5e0d9b04a0
is from 1.3 (3 weeks ago)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-28 12:06:42 -05:00
Thierry Laurion
6f2ea7c7bf
Merge remote-tracking branch 'osresearch/master' into pr0_skylake_and_more_recent
2024-11-28 11:53:48 -05:00
Thierry Laurion
f5fdf9a97e
coreboot dasharo fork patch: bump patchset to upstream reviewed
...
repro:
git fetch https://review.coreboot.org/coreboot refs/changes/78/85278/3 && git format-patch -1 --stdout FETCH_HEAD > patches/coreboot-dasharo-unreleased/0002-pr0_chipset_locking-post_skylake.patch
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-28 11:52:22 -05:00
Thierry Laurion
4f1405853f
Merge pull request #1861 from tlaurion/oem-factory_reset_hide-detach-sign-user-pin
...
bugfix: oem-factory-reset: debug mode; hide passphrase output on screen/debug log on gpg --detach-sign of /boot hash digest
2024-11-25 11:02:30 -05:00
Thierry Laurion
5501cd0744
oem-factory-reset: debug mode; hide passphrase output on screen/debug.log on gpg --detach-sign of /boot hash digest
...
Before:
[ 155.845101] DEBUG: gpg --pinentry-mode loopback --passphrase Please Change Me --digest-algo SHA256 --detach-sign -a
After:
[ 131.272954] DEBUG: gpg --pinentry-mode loopback --passphrase <hidden> --digest-algo SHA256 --detach-sign -a
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-25 10:57:44 -05:00
Thierry Laurion
45696a4c8a
Merge pull request #1860 from tlaurion/fix_initrd_unpack_for_repacking
...
initrd/bin/unpack_initramfs.sh: add xz unpacking support.
2024-11-22 17:50:23 -05:00
Thierry Laurion
95c6eb5c49
initrd/bin/unpack_initramfs.sh: add xz to unpack logic (add commented: bzip2, lzma, lzo and lz4)
...
xz: tested working with tails test build and 6.8.1's initrd
latest ubuntu 24.10: switched back to zstd, works as expected (tested)
Magic numbers referred at:
- 28eb75e178/scripts/extract-vmlinux (L52C1-L58C43)
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/lib/decompress.c#n51
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-22 17:30:17 -05:00
Thierry Laurion
71a8075125
initrd/bin/unpack_initramfs.sh: no functional change, just format with tabs
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-22 17:29:41 -05:00
Thierry Laurion
573f48dd11
Merge pull request #1858 from tlaurion/bugfix-fix_lvm_reproducibility
...
modules/lvm2: define /run relative paths (not sure why circleci remote docker default run dir != local run dir)
2024-11-22 11:51:29 -05:00
Thierry Laurion
1a07bf7b68
modules/lvm2: define /run relative paths (not sure why circleci remote docker default run dir != local run dir)
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-22 09:41:32 -05:00
Thierry Laurion
be0aac6914
Merge pull request #1856 from tlaurion/docker_helpers_conditional_usb_passthrough
...
docker_* helpers: pass usb host controllers to docker only if usb devices are connected, unify, bugfixes
2024-11-21 17:46:38 -05:00
Thierry Laurion
dd540366b5
docker_* helpers: pass usb host controllers to docker only if usb devices are connected, unify, bugfixes
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-21 17:38:31 -05:00
Thierry Laurion
ee8d1d9ae8
Merge pull request #1855 from tlaurion/docker_helpers
...
add 3 Docker users/build helpers : local_dev, repro and latest, update README.md to simplify usage
2024-11-21 11:44:49 -05:00
Thierry Laurion
4ec2fef3e9
README.md: simplify local usage of nix/docker for devs/local images builders(local repro of CircleCI builds), referring to ./docker_*.sh scripts created
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-21 11:30:16 -05:00
Thierry Laurion
e70e2f7016
./docker_*: add 3 nix+docker helpers; local_dev, latest and repro
...
- Kill any GPG toolstack USB host consumers of USB devices so targets/qemu.md instruction can be used as intended (usb security dongles, HOTP features)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-21 11:25:12 -05:00
Thierry Laurion
1939af6fa6
Merge pull request #1853 from tlaurion/bugfix-qemu_coreboot_prod-fix_bootsplash_stretched
...
bugfix qemu boards: revert changes of CONFIG_BOOTSPLASH_CONVERT_RESOLUTION=XYZ for all boards, set qemu prod boards to 1440x810
2024-11-19 18:55:21 -05:00
Thierry Laurion
7c539c9aff
bugfix qemu boards: revert changes of CONFIG_BOOTSPLASH_CONVERT_RESOLUTION=XYZ for all boards, set qemu prod boards to 1440x810
...
* CONFIG_BOOTSPLASH_CONVERT_RESOLUTION: setting this stretches the bootsplash and makes it ugly. Revert the change on master so that produced videos/screenshots are ok.
* qemu prod boards: CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_XRES=1440 and CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_YRES=810 brings the Height just big enough to fit on screens we mostly have out there.
* qemu dev boards: CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_XRES=1024 and CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_YRES=768: is a reminder of x230's 1376x768 (16:9) for Height and shows us that things are not perfect for all platforms
Notes:
- cannot put to 1376x768 for qemu (would have been nice to see what console text looks like + fbwhiptail windows for x230 (min screen size supported)
- that tears bochs fb for some unknown reason
- doesn't tear x230 fb (TODO: bug report for bochs qemu driver?)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-19 18:34:34 -05:00
Thierry Laurion
49733bbaa9
Merge pull request #1852 from tlaurion/bugfix-qemu_coreboot_prod-fix_bootsplash
...
bugfix, bootsplash: qemu coreboot prod configs
2024-11-19 15:30:32 -05:00
Thierry Laurion
5600c09610
bugfix, bootsplash: qemu coreboot prod configs: add CONFIG_BOOTSPLASH_CONVERT_RESIZE=y and CONFIG_BOOTSPLASH_CONVERT_RESOLUTION="1280x720"
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-19 15:19:34 -05:00
Thierry Laurion
c9bb7be58b
Merge pull request #1851 from tlaurion/qemu_prod-unify_with_other_prod_boards
...
qemu prod coreboot configs: remove debug output + unify with other boards prod kernel output (quiet, loglevel2), change resolution 1024x768 (4:3) to 1280x720 (16:9)
2024-11-19 14:56:36 -05:00
Thierry Laurion
a9bb1e6e9e
qemu prod coreboot configs: remove debug output + unify with other boards prod kernel output (quiet, loglevel2), change resolution 1024x768 (4:3) to 1280x720 (16:9)
...
resolution changed to fit smallest (uncommon) x230 screen size supported for dev cycles to show prod output: 1366x768 (16:9)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-19 14:51:31 -05:00
Thierry Laurion
8323078ff8
Merge pull request #1845 from tlaurion/add_qemu_prod_boards
...
boards/qemu*: add "prod" variants, not built by CircleCI as of now, to test Heads prod console output
2024-11-19 13:17:50 -05:00
Thierry Laurion
9ed131b79d
Merge pull request #1848 from tlaurion/bugfix-fix_configs_LOCALVERSION
...
config/coreboot* config/linux* : verify/unify/fix branding strings (only LOCALVERSION was varying)
2024-11-15 11:53:27 -05:00
Thierry Laurion
80a4c84ea2
config/coreboot* config/linux* : verify/unify/fix branding strings (only LOCALVERSION was varying)
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-15 10:13:53 -05:00
Thierry Laurion
045c71e351
Merge pull request #1793 from tlaurion/move_nitropad-nv41_to_novacustom-v41
...
Change board name from nitropad-nv41 -> novacustom_nv4x_adl
2024-11-15 09:13:52 -05:00
Thierry Laurion
6746058d28
config/coreboot-novacustom_nv4x_adl.config: set CONFIG_MAINBOARD_VERSION to v2.1 as per fork reference config
...
TODO: config LOCALVERSION and SMBIOS strings...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-14 09:39:12 -05:00
Thierry Laurion
15bf330075
boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config: 'CONFIG_BOARD_NAME=NovaCustom NV4x 12th Gen', nv40pz in title. Remove forgotten Nitrokey Nitropad NV41 reference
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-14 08:52:14 -05:00