Issue #123: This streamline Qubes startup experience by
making it possible to have a single-password decryption.
Issue #29: The disk keys in `/secret.key` are passed to the systemd
in initramfs through `/etc/crypttab`, which is generated on each boot.
This is slow; need to look at alternate ways.
Issue #110: By using LVM instead of partitions it is now
possible to find the root filesystem in a consistent way.
Issue #80: LVM is now included in the ROM.
Replace libuuid with util-linux libuuid (and libblkid,
although we are not using libblkid right now).
This also requires a much larger coreboot cbfs, which was
fixed as part of issue #154.
This also adds a set of files in the qubes/ directory that
are meant to be copied to the /boot partition.
Issue #154: for ease of upgrading Qubes, the script should
live on /boot instead of in the ROM. This requires a GPG
signature on the startup script to avoid attacks by modifying
the boot script.
Issue #123: this streamlines the boot process for Qubes, although
the disk password is still not passed in correctly to the initrd
(issue #29).
This does not address issues #110 of how to find the root device.
The best approach is probably disk labels, which will require
special installation instructions.
This addresses multiple issues:
* Issue #63: initrd is build fresh each time, so tracked files do not matter.
* Issue #144: build time configuration
* Issue #123: allows us to customize the startup experience
* Issue #122: manual start-xen will go away
* Issue #25: tpmtotp PCRs are updated after reading the secret
* Issue #16: insmod now meaures modules
The .INTERMEDIATE target seemed to causing the problem with
make thinking it didn't have to descend into the sub-module
directories. Removing it allows it to work correctly.
The .INTERMEDIATE target seemed to causing the problem with
make thinking it didn't have to descend into the sub-module
directories. Removing it allows it to work correctly.
Reduce the size of flashrom by commenting out most flash chips,
boards and programmers.
Wrapper script to make it easier to rewrite the ROM on the x230
using the flashrom layout.
Keep the entire 12 MB ROM for flashing.
The populate-lib program was buggy on some systems and could accidentally
introduce unwanted libraries into the initrd. The Makefile now uses the
modules' $(module_libraries) variable to select which libraries should be
installed into the initrd.
Kernel modules are now stripped and installed using a similar system.
This is a step towards unifying the server and laptop config (issue #139)
and also makes it possible to later remove the USB modules from the
normal boot path.