Commit Graph

2791 Commits

Author SHA1 Message Date
Thierry Laurion
6f2ea7c7bf
Merge remote-tracking branch 'osresearch/master' into pr0_skylake_and_more_recent 2024-11-28 11:53:48 -05:00
Thierry Laurion
f5fdf9a97e
coreboot dasharo fork patch: bump patchset to upstream reviewed
repro:
git fetch https://review.coreboot.org/coreboot refs/changes/78/85278/3 && git format-patch -1 --stdout FETCH_HEAD > patches/coreboot-dasharo-unreleased/0002-pr0_chipset_locking-post_skylake.patch
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-28 11:52:22 -05:00
Thierry Laurion
4f1405853f
Merge pull request #1861 from tlaurion/oem-factory_reset_hide-detach-sign-user-pin
bugfix: oem-factory-reset: debug mode; hide passphrase output on screen/debug log on gpg --detach-sign of /boot hash digest
2024-11-25 11:02:30 -05:00
Thierry Laurion
5501cd0744
oem-factory-reset: debug mode; hide passphrase output on screen/debug.log on gpg --detach-sign of /boot hash digest
Before:
[  155.845101] DEBUG: gpg --pinentry-mode loopback --passphrase Please Change Me --digest-algo SHA256 --detach-sign -a

After:
[  131.272954] DEBUG: gpg --pinentry-mode loopback --passphrase <hidden> --digest-algo SHA256 --detach-sign -a

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-25 10:57:44 -05:00
Thierry Laurion
45696a4c8a
Merge pull request #1860 from tlaurion/fix_initrd_unpack_for_repacking
initrd/bin/unpack_initramfs.sh: add xz unpacking support.
2024-11-22 17:50:23 -05:00
Thierry Laurion
95c6eb5c49
initrd/bin/unpack_initramfs.sh: add xz to unpack logic (add commented: bzip2, lzma, lzo and lz4)
xz: tested working with tails test build and 6.8.1's initrd
latest ubuntu 24.10: switched back to zstd, works as expected (tested)

Magic numbers referred at:
- 28eb75e178/scripts/extract-vmlinux (L52C1-L58C43)
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/lib/decompress.c#n51

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-22 17:30:17 -05:00
Thierry Laurion
71a8075125
initrd/bin/unpack_initramfs.sh: no functional change, just format with tabs
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-22 17:29:41 -05:00
Thierry Laurion
573f48dd11
Merge pull request #1858 from tlaurion/bugfix-fix_lvm_reproducibility
modules/lvm2: define /run relative paths (not sure why circleci remote docker default run dir != local run dir)
2024-11-22 11:51:29 -05:00
Thierry Laurion
1a07bf7b68
modules/lvm2: define /run relative paths (not sure why circleci remote docker default run dir != local run dir)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-22 09:41:32 -05:00
Thierry Laurion
be0aac6914
Merge pull request #1856 from tlaurion/docker_helpers_conditional_usb_passthrough
docker_* helpers: pass usb host controllers to docker only if usb devices are connected, unify, bugfixes
2024-11-21 17:46:38 -05:00
Thierry Laurion
dd540366b5
docker_* helpers: pass usb host controllers to docker only if usb devices are connected, unify, bugfixes
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-21 17:38:31 -05:00
Thierry Laurion
ee8d1d9ae8
Merge pull request #1855 from tlaurion/docker_helpers
add 3 Docker users/build helpers : local_dev, repro and latest, update README.md to simplify usage
2024-11-21 11:44:49 -05:00
Thierry Laurion
4ec2fef3e9
README.md: simplify local usage of nix/docker for devs/local images builders(local repro of CircleCI builds), referring to ./docker_*.sh scripts created
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-21 11:30:16 -05:00
Thierry Laurion
e70e2f7016
./docker_*: add 3 nix+docker helpers; local_dev, latest and repro
- Kill any GPG toolstack USB host consumers of USB devices so targets/qemu.md instruction can be used as intended (usb security dongles, HOTP features)

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-21 11:25:12 -05:00
Thierry Laurion
1939af6fa6
Merge pull request #1853 from tlaurion/bugfix-qemu_coreboot_prod-fix_bootsplash_stretched
bugfix qemu boards: revert changes of CONFIG_BOOTSPLASH_CONVERT_RESOLUTION=XYZ for all boards, set qemu prod boards to 1440x810
2024-11-19 18:55:21 -05:00
Thierry Laurion
7c539c9aff
bugfix qemu boards: revert changes of CONFIG_BOOTSPLASH_CONVERT_RESOLUTION=XYZ for all boards, set qemu prod boards to 1440x810
* CONFIG_BOOTSPLASH_CONVERT_RESOLUTION: setting this stretches the bootsplash and makes it ugly. Revert the change on master so that produced videos/screenshots are ok.
* qemu prod boards: CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_XRES=1440 and CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_YRES=810 brings the Height just big enough to fit on screens we mostly have out there.
* qemu dev boards: CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_XRES=1024 and CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_YRES=768: is a reminder of x230's 1376x768 (16:9) for Height and shows us that things are not perfect for all platforms

Notes:
- cannot put to 1376x768 for qemu (would have been nice to see what console text looks like + fbwhiptail windows for x230 (min screen size supported)
  - that tears bochs fb for some unknown reason
    - doesn't tear x230 fb (TODO: bug report for bochs qemu driver?)

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-19 18:34:34 -05:00
Thierry Laurion
49733bbaa9
Merge pull request #1852 from tlaurion/bugfix-qemu_coreboot_prod-fix_bootsplash
bugfix, bootsplash: qemu coreboot prod configs
2024-11-19 15:30:32 -05:00
Thierry Laurion
5600c09610
bugfix, bootsplash: qemu coreboot prod configs: add CONFIG_BOOTSPLASH_CONVERT_RESIZE=y and CONFIG_BOOTSPLASH_CONVERT_RESOLUTION="1280x720"
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-19 15:19:34 -05:00
Thierry Laurion
c9bb7be58b
Merge pull request #1851 from tlaurion/qemu_prod-unify_with_other_prod_boards
qemu prod coreboot configs: remove debug output + unify with other boards prod kernel output (quiet, loglevel2), change resolution 1024x768 (4:3) to 1280x720 (16:9)
2024-11-19 14:56:36 -05:00
Thierry Laurion
a9bb1e6e9e
qemu prod coreboot configs: remove debug output + unify with other boards prod kernel output (quiet, loglevel2), change resolution 1024x768 (4:3) to 1280x720 (16:9)
resolution changed to fit smallest (uncommon) x230 screen size supported for dev cycles to show prod output: 1366x768 (16:9)

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-19 14:51:31 -05:00
Thierry Laurion
8323078ff8
Merge pull request #1845 from tlaurion/add_qemu_prod_boards
boards/qemu*: add "prod" variants, not built by CircleCI as of now, to test Heads prod console output
2024-11-19 13:17:50 -05:00
Thierry Laurion
9ed131b79d
Merge pull request #1848 from tlaurion/bugfix-fix_configs_LOCALVERSION
config/coreboot* config/linux* : verify/unify/fix branding strings (only LOCALVERSION was varying)
2024-11-15 11:53:27 -05:00
Thierry Laurion
80a4c84ea2
config/coreboot* config/linux* : verify/unify/fix branding strings (only LOCALVERSION was varying)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-15 10:13:53 -05:00
Thierry Laurion
045c71e351
Merge pull request #1793 from tlaurion/move_nitropad-nv41_to_novacustom-v41
Change board name from nitropad-nv41 -> novacustom_nv4x_adl
2024-11-15 09:13:52 -05:00
Thierry Laurion
6746058d28
config/coreboot-novacustom_nv4x_adl.config: set CONFIG_MAINBOARD_VERSION to v2.1 as per fork reference config
TODO: config LOCALVERSION and SMBIOS strings...

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-14 09:39:12 -05:00
Thierry Laurion
15bf330075
boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config: 'CONFIG_BOARD_NAME=NovaCustom NV4x 12th Gen', nv40pz in title. Remove forgotten Nitrokey Nitropad NV41 reference
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-14 08:52:14 -05:00
Thierry Laurion
9fccfb4627
Change board name from nitropad-nv41 -> novacustom_nv4x_adl
- Move/rename board config
- Rename coreboot config
- Applies changes to coreboot config from defconfig+dasharo coreboot fork config + fixes
- Rename CircleCI board for rom build

-----
Repro:

First: change some oldconfig defaults from dasharo coreboot fork
git checkout -b move_nitropad-nv41_to_novacustom-v41
mv boards/nitropad-nv41 boards/novacustom_nv4x_adl
mv boards/novacustom_nv4x_adl/nitropad-nv41.config boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config
vim boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config
vim config/coreboot-nitropad-nv41.config
mv config/coreboot-nitropad-nv41.config config/coreboot-novacustom_nv4x_adl.config
vim boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config
docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=novacustom_nv4x_adl coreboot.modify_and_save_oldconfig_in_place
cd /home/user/heads/build/x86/coreboot-dasharo
sudo make menuconfig
cd ~/heads
sudo meld /home/user/heads/build/x86/coreboot-dasharo/.config config/coreboot-novacustom_nv4x_adl.config
git status
git add boards/nitropad-nv41/nitropad-nv41.config config/coreboot-nitropad-nv41.config config/coreboot-novacustom_nv4x_adl.config config/coreboot-novacustom_nv4x_adl.config
git add boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config
sed -i 's/nitropad-nv41/novacustom_nv4x_adl/g' .circleci/config.yml
git add .circleci/config.yml
git commit --sigoff -m
git push tlaurion-github --force
...
(and multiple 'git commit --signoff --amend' to add traces below)

----

Relevant changes from nitropad-nv41 coreboot configs:
diff --git a/config/coreboot-nitropad-nv41.config b/config/coreboot-novacustom_nv4x_adl.config
index 9484aaf512..235f255a31 100644
--- a/config/coreboot-nitropad-nv41.config
+++ b/config/coreboot-novacustom_nv4x_adl.config
@@ -111,7 +111,7 @@ CONFIG_VENDOR_NOVACUSTOM=y
 # CONFIG_VENDOR_UP is not set
 CONFIG_MAINBOARD_FAMILY="Not Applicable"
 CONFIG_MAINBOARD_PART_NUMBER="nv40pz"
-CONFIG_MAINBOARD_VERSION="v2.1"
+CONFIG_MAINBOARD_VERSION="nv40pz"
 CONFIG_MAINBOARD_DIR="clevo/adl-p"
 CONFIG_DIMM_MAX=4
 CONFIG_DIMM_SPD_SIZE=512
@@ -131,7 +131,7 @@ CONFIG_VBOOT_VBNV_OFFSET=0x28
 CONFIG_VARIANT_DIR="nv40pz"
 CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb"
 # CONFIG_VGA_BIOS is not set
-CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Nitrokey"
+CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Notebook"
 CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/variants/$(VARIANT_DIR)/data.vbt"
 # CONFIG_DISABLE_HECI1_AT_PRE_BOOT is not set
 CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0x4000
@@ -140,7 +140,7 @@ CONFIG_CMOS_LAYOUT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.layout"
 CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0
 CONFIG_BOARD_CLEVO_ADLP_COMMON=y
 CONFIG_BOARD_CLEVO_NV40PZ_BASE=y
-CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="Nitropad NV41"
+CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="NV4xPZ"
 CONFIG_CONSOLE_POST=y
 # CONFIG_USE_PM_ACPI_TIMER is not set
 CONFIG_TPM_PIRQ=0x27

When comparing against dasharo/coreboot fork coreboot config saved in oldconfig format, diffs:
diff --git a/config/coreboot-novacustom_nv4x_adl.config b/config/coreboot-novacustom_nv4x_adl.config
index 235f255a31..41bdd7889c 100644
--- a/config/coreboot-novacustom_nv4x_adl.config
+++ b/config/coreboot-novacustom_nv4x_adl.config
@@ -7,19 +7,19 @@
 # General setup
 #
 CONFIG_COREBOOT_BUILD=y
-CONFIG_LOCALVERSION=""
+CONFIG_LOCALVERSION="v1.7.2"
 CONFIG_CBFS_PREFIX="fallback"
 CONFIG_COMPILER_GCC=y
 # CONFIG_COMPILER_LLVM_CLANG is not set
 CONFIG_ARCH_SUPPORTS_CLANG=y
 # CONFIG_ANY_TOOLCHAIN is not set
-# CONFIG_CCACHE is not set
+CONFIG_CCACHE=y
 # CONFIG_IWYU is not set
 # CONFIG_FMD_GENPARSER is not set
 # CONFIG_UTIL_GENPARSER is not set
-# CONFIG_OPTION_BACKEND_NONE is not set
-CONFIG_USE_OPTION_TABLE=y
-# CONFIG_STATIC_OPTION_TABLE is not set
+CONFIG_OPTION_BACKEND_NONE=y
+# CONFIG_USE_OPTION_TABLE is not set
+# CONFIG_USE_UEFI_VARIABLE_STORE is not set
 CONFIG_COMPRESS_RAMSTAGE_LZMA=y
 # CONFIG_COMPRESS_RAMSTAGE_LZ4 is not set
 CONFIG_INCLUDE_CONFIG_FILE=y
@@ -35,12 +35,7 @@ CONFIG_HAVE_ASAN_IN_RAMSTAGE=y
 # CONFIG_NO_STAGE_CACHE is not set
 CONFIG_TSEG_STAGE_CACHE=y
 # CONFIG_UPDATE_IMAGE is not set
-CONFIG_BOOTSPLASH_IMAGE=y
-CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg"
-CONFIG_BOOTSPLASH_CONVERT=y
-CONFIG_BOOTSPLASH_CONVERT_QUALITY=90
-# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set
-# CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set
+# CONFIG_BOOTSPLASH_IMAGE is not set
 # CONFIG_FW_CONFIG is not set

 #
@@ -111,14 +106,14 @@ CONFIG_VENDOR_NOVACUSTOM=y
 # CONFIG_VENDOR_UP is not set
 CONFIG_MAINBOARD_FAMILY="Not Applicable"
 CONFIG_MAINBOARD_PART_NUMBER="nv40pz"
-CONFIG_MAINBOARD_VERSION="nv40pz"
+CONFIG_MAINBOARD_VERSION="v2.1"
 CONFIG_MAINBOARD_DIR="clevo/adl-p"
 CONFIG_DIMM_MAX=4
 CONFIG_DIMM_SPD_SIZE=512
-CONFIG_FMDFILE=""
+CONFIG_FMDFILE="src/mainboard/$(CONFIG_MAINBOARD_DIR)/vboot-rwa.fmd"
 # CONFIG_NO_POST is not set
 CONFIG_MAINBOARD_VENDOR="Notebook"
-CONFIG_CBFS_SIZE=0x1000000
+CONFIG_CBFS_SIZE=0xA00000
 # CONFIG_CONSOLE_SERIAL is not set
 CONFIG_MAX_CPUS=24
 CONFIG_ONBOARD_VGA_IS_PRIMARY=y
@@ -126,8 +121,9 @@ CONFIG_ONBOARD_VGA_IS_PRIMARY=y
 # CONFIG_POST_IO is not set
 CONFIG_UART_FOR_CONSOLE=0
 CONFIG_DEVICETREE="devicetree.cb"
-# CONFIG_VBOOT is not set
+CONFIG_VBOOT=y
 CONFIG_VBOOT_VBNV_OFFSET=0x28
+CONFIG_RO_REGION_ONLY=""
 CONFIG_VARIANT_DIR="nv40pz"
 CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb"
 # CONFIG_VGA_BIOS is not set
@@ -143,10 +139,12 @@ CONFIG_BOARD_CLEVO_NV40PZ_BASE=y
 CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="NV4xPZ"
 CONFIG_CONSOLE_POST=y
 # CONFIG_USE_PM_ACPI_TIMER is not set
-CONFIG_TPM_PIRQ=0x27
+CONFIG_VBOOT_SLOTS_RW_A=y
+CONFIG_TPM_PIRQ=0x0
 # CONFIG_SOC_INTEL_CSE_SEND_EOP_EARLY is not set
 CONFIG_VBOOT_FWID_VERSION="$(CONFIG_LOCALVERSION)"
 CONFIG_EC_SYSTEM76_EC_BAT_THRESHOLDS=y
+CONFIG_PXE_ROM_ID="10ec,8168"
 CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xc0000000
 CONFIG_ECAM_MMCONF_BUS_NUMBER=256
 CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld"
@@ -156,20 +154,28 @@ CONFIG_C_ENV_BOOTBLOCK_SIZE=0x40000
 CONFIG_DCACHE_BSP_STACK_SIZE=0x80400
 CONFIG_MAX_ACPI_TABLE_SIZE_KB=144
 CONFIG_HAVE_INTEL_FIRMWARE=y
+CONFIG_VBOOT_NO_BOARD_SUPPORT=y
+CONFIG_RW_REGION_ONLY=""
 CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000
 CONFIG_DRIVERS_INTEL_WIFI=y
 CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/novacustom/nv4x_adl/descriptor.bin"
 CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/novacustom/nv4x_adl/me.bin"
-CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000
+# CONFIG_VBOOT_ALWAYS_ALLOW_UDC is not set
+CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x100000
+CONFIG_EDK2_BOOT_TIMEOUT=2
 CONFIG_VBT_DATA_SIZE_KB=9
+CONFIG_VBOOT_FWID_MODEL="$(CONFIG_MAINBOARD_VENDOR)_$(CONFIG_MAINBOARD_PART_NUMBER)"
+CONFIG_VBOOT_STARTS_IN_BOOTBLOCK=y
 CONFIG_CARDBUS_PLUGIN_SUPPORT=y
 CONFIG_SPI_FLASH_DONT_INCLUDE_ALL_DRIVERS=y
 # CONFIG_USE_LEGACY_8254_TIMER is not set
+CONFIG_GBB_HWID=""
 # CONFIG_DEBUG_SMI is not set
 CONFIG_HAVE_IFD_BIN=y
 CONFIG_PCIEXP_HOTPLUG_BUSES=42
 CONFIG_PCIEXP_HOTPLUG_MEM=0xc200000
 CONFIG_PCIEXP_HOTPLUG_PREFETCH_MEM=0x1c000000
+# CONFIG_VBOOT_SLOTS_RW_AB is not set
 CONFIG_PS2K_EISAID="PNP0303"
 CONFIG_PS2M_EISAID="PNP0F13"

@@ -193,8 +199,8 @@ CONFIG_PCIEXP_CLK_PM=y
 CONFIG_PC_CMOS_BASE_PORT_BANK1=0x72
 CONFIG_HEAP_SIZE=0x10000
 CONFIG_EC_GPE_SCI=0x50
+CONFIG_EDK2_BOOTSPLASH_FILE="3rdparty/dasharo-blobs/novacustom/bootsplash.bmp"
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="quiet loglevel=2"
 CONFIG_BOARD_ROMSIZE_KB_32768=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set
@@ -399,7 +405,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_TCO=y
 CONFIG_SOC_INTEL_COMMON_BLOCK_TCO_ENABLE_THROUGH_SMBUS=y
 CONFIG_SOC_INTEL_COMMON_BLOCK_SMM=y
 CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_IO_TRAP=y
-# CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE is not set
+CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE=y
 CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_S5_DELAY_MS=0
 CONFIG_SOC_INTEL_COMMON_BLOCK_SPI=y
 CONFIG_SOC_INTEL_COMMON_BLOCK_SA=y
@@ -417,7 +423,7 @@ CONFIG_SOC_INTEL_COMMON_BLOCK_USB4_PCIE=y
 CONFIG_SOC_INTEL_COMMON_BLOCK_USB4_XHCI=y
 CONFIG_SOC_INTEL_ENABLE_USB4_PCIE_RESOURCES=y
 CONFIG_SOC_INTEL_COMMON_BLOCK_VTD=y
-# CONFIG_ENABLE_EARLY_DMA_PROTECTION is not set
+CONFIG_ENABLE_EARLY_DMA_PROTECTION=y
 CONFIG_SOC_INTEL_COMMON_BLOCK_XDCI=y
 CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI=y
 CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI_ELOG=y
@@ -508,15 +514,15 @@ CONFIG_EC_SYSTEM76_EC_DGPU=y
 #
 # Intel Firmware
 #
-CONFIG_IFDTOOL_DISABLE_ME=y
+# CONFIG_IFDTOOL_DISABLE_ME is not set
 CONFIG_HAVE_ME_BIN=y
 # CONFIG_STITCH_ME_BIN is not set
 # CONFIG_ME_REGION_ALLOW_CPU_READ_ACCESS is not set
 CONFIG_HAVE_INTEL_ME_HAP=y
 # CONFIG_INTEL_ME_DISABLED_HECI is not set
-CONFIG_INTEL_ME_DISABLED_HAP=y
-# CONFIG_INTEL_ME_ENABLED is not set
-CONFIG_INTEL_ME_DEFAULT_STATE=2
+# CONFIG_INTEL_ME_DISABLED_HAP is not set
+CONFIG_INTEL_ME_ENABLED=y
+CONFIG_INTEL_ME_DEFAULT_STATE=0
 # CONFIG_DO_NOT_TOUCH_DESCRIPTOR_REGION is not set
 # CONFIG_LOCK_MANAGEMENT_ENGINE is not set
 CONFIG_UNLOCK_FLASH_REGIONS=y
@@ -529,7 +535,7 @@ CONFIG_BIOS_VENDOR="3mdeb"
 #
 # Dasharo Configuration
 #
-CONFIG_DASHARO_PREFER_S3_SLEEP=y
+# CONFIG_DASHARO_PREFER_S3_SLEEP is not set
 # end of Dasharo Configuration

 CONFIG_UDK_BASE=y
@@ -550,8 +556,6 @@ CONFIG_X86_CUSTOM_BOOTMEDIA=y
 CONFIG_PC80_SYSTEM=y
 CONFIG_HAVE_CMOS_DEFAULT=y
 CONFIG_POSTCAR_STAGE=y
-CONFIG_BOOTBLOCK_SIMPLE=y
-# CONFIG_BOOTBLOCK_NORMAL is not set
 CONFIG_COLLECT_TIMESTAMPS_TSC=y
 CONFIG_IDT_IN_EVERY_STAGE=y
 CONFIG_HAVE_CF9_RESET=y
@@ -575,9 +579,10 @@ CONFIG_NO_EARLY_GFX_INIT=y
 #
 # Display
 #
+CONFIG_WANT_LINEAR_FRAMEBUFFER=y
 CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y
 CONFIG_LINEAR_FRAMEBUFFER=y
-CONFIG_BOOTSPLASH=y
+# CONFIG_BOOTSPLASH is not set
 # end of Display

 CONFIG_PCI=y
@@ -610,17 +615,21 @@ CONFIG_I2C_TRANSFER_TIMEOUT_US=500000
 # Generic Drivers
 #
 CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000
-# CONFIG_DRIVERS_EFI_VARIABLE_STORE is not set
+CONFIG_DRIVERS_EFI_VARIABLE_STORE=y
 # CONFIG_ELOG is not set
 CONFIG_CACHE_MRC_SETTINGS=y
 CONFIG_MRC_SETTINGS_PROTECT=y
-# CONFIG_SMMSTORE is not set
+CONFIG_HAS_RECOVERY_MRC_CACHE=y
+CONFIG_MRC_SAVE_HASH_IN_TPM=y
+CONFIG_SMMSTORE=y
+CONFIG_SMMSTORE_V2=y
+CONFIG_SMMSTORE_SIZE=0x40000
 CONFIG_SPI_FLASH=y
 CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y
 CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y
+CONFIG_SPI_FLASH_SMM=y
 # CONFIG_SPI_FLASH_NO_FAST_READ is not set
-CONFIG_TPM_INIT_RAMSTAGE=y
-# CONFIG_TPM_PPI is not set
+CONFIG_TPM_PPI=y
 CONFIG_DRIVERS_UART=y
 CONFIG_NO_UART_ON_SUPERIO=y
 CONFIG_DRIVERS_UART_8250MEM=y
@@ -669,7 +678,7 @@ CONFIG_DRIVERS_INTEL_PMC=y
 # CONFIG_DRIVERS_NXP_UWB_SR1XX is not set
 # CONFIG_DRIVERS_PS2_KEYBOARD is not set
 CONFIG_DRIVERS_MC146818=y
-# CONFIG_USE_PC_CMOS_ALTCENTURY is not set
+CONFIG_USE_PC_CMOS_ALTCENTURY=y
 CONFIG_PC_CMOS_BASE_PORT_BANK0=0x70
 CONFIG_MEMORY_MAPPED_TPM=y
 CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000
@@ -695,6 +704,50 @@ CONFIG_DRIVERS_INTEL_USB4_RETIMER=y
 # Verified Boot (vboot)
 #
 CONFIG_VBOOT_LIB=y
+CONFIG_VBOOT_VBNV_CMOS=y
+CONFIG_VBOOT_VBNV_CMOS_BACKUP_TO_FLASH=y
+# CONFIG_VBOOT_MOCK_SECDATA is not set
+CONFIG_VBOOT_MUST_REQUEST_DISPLAY=y
+CONFIG_VBOOT_ALWAYS_ENABLE_DISPLAY=y
+CONFIG_VBOOT_HAS_REC_HASH_SPACE=y
+CONFIG_CBFS_MCACHE_RW_PERCENTAGE=50
+CONFIG_VBOOT_CLEAR_RECOVERY_EACH_BOOT=y
+# CONFIG_VBOOT_EC_EFS is not set
+CONFIG_VBOOT_X86_SHA256_ACCELERATION=y
+
+#
+# GBB configuration
+#
+CONFIG_GBB_BMPFV_FILE=""
+# CONFIG_GBB_FLAG_DEV_SCREEN_SHORT_DELAY is not set
+# CONFIG_GBB_FLAG_LOAD_OPTION_ROMS is not set
+# CONFIG_GBB_FLAG_ENABLE_ALTERNATE_OS is not set
+# CONFIG_GBB_FLAG_FORCE_DEV_SWITCH_ON is not set
+CONFIG_GBB_FLAG_FORCE_DEV_BOOT_USB=y
+CONFIG_GBB_FLAG_DISABLE_FW_ROLLBACK_CHECK=y
+# CONFIG_GBB_FLAG_ENTER_TRIGGERS_TONORM is not set
+# CONFIG_GBB_FLAG_FORCE_DEV_BOOT_ALTFW is not set
+# CONFIG_GBB_FLAG_RUNNING_FAFT is not set
+CONFIG_GBB_FLAG_DISABLE_EC_SOFTWARE_SYNC=y
+# CONFIG_GBB_FLAG_DEFAULT_DEV_BOOT_ALTFW is not set
+CONFIG_GBB_FLAG_DISABLE_PD_SOFTWARE_SYNC=y
+CONFIG_GBB_FLAG_DISABLE_LID_SHUTDOWN=y
+# CONFIG_GBB_FLAG_FORCE_MANUAL_RECOVERY is not set
+CONFIG_GBB_FLAG_DISABLE_FWMP=y
+# CONFIG_GBB_FLAG_ENABLE_UDC is not set
+# end of GBB configuration
+
+#
+# Vboot Keys
+#
+CONFIG_VBOOT_ROOT_KEY="$(VBOOT_SOURCE)/tests/devkeys/root_key.vbpubk"
+CONFIG_VBOOT_RECOVERY_KEY="$(VBOOT_SOURCE)/tests/devkeys/recovery_key.vbpubk"
+CONFIG_VBOOT_FIRMWARE_PRIVKEY="$(VBOOT_SOURCE)/tests/devkeys/firmware_data_key.vbprivk"
+CONFIG_VBOOT_KERNEL_KEY="$(VBOOT_SOURCE)/tests/devkeys/kernel_subkey.vbpubk"
+CONFIG_VBOOT_KEYBLOCK="$(VBOOT_SOURCE)/tests/devkeys/firmware.keyblock"
+CONFIG_VBOOT_KEYBLOCK_VERSION=1
+CONFIG_VBOOT_KEYBLOCK_PREAMBLE_FLAGS=0x0
+# end of Vboot Keys
 # end of Verified Boot (vboot)

 #
@@ -730,10 +783,14 @@ CONFIG_INTEL_TXT_LIB=y
 # CONFIG_INTEL_TXT is not set
 # CONFIG_STM is not set
 # CONFIG_INTEL_CBNT_SUPPORT is not set
-CONFIG_BOOTMEDIA_LOCK_NONE=y
-# CONFIG_BOOTMEDIA_LOCK_CONTROLLER is not set
+# CONFIG_BOOTMEDIA_LOCK_NONE is not set
+CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
 # CONFIG_BOOTMEDIA_LOCK_CHIP is not set
-# CONFIG_BOOTMEDIA_SMM_BWP is not set
+# CONFIG_BOOTMEDIA_LOCK_WHOLE_RO is not set
+# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
+CONFIG_BOOTMEDIA_LOCK_WPRO_VBOOT_RO=y
+CONFIG_BOOTMEDIA_LOCK_IN_VERSTAGE=y
+CONFIG_BOOTMEDIA_SMM_BWP=y
 # end of Security

 CONFIG_ACPI_HAVE_PCAT_8259=y
@@ -772,8 +829,8 @@ CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7=y
 # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set
 # CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set
 CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7
-CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX=y
-CONFIG_CONSOLE_USE_ANSI_ESCAPES=y
+# CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX is not set
+# CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set
 # CONFIG_CMOS_POST is not set
 CONFIG_HWBASE_DEBUG_CB=y
 # end of Console
@@ -804,12 +861,89 @@ CONFIG_MAINBOARD_SERIAL_NUMBER="123456789"
 # CONFIG_PAYLOAD_LINUXBOOT is not set
 # CONFIG_PAYLOAD_SEABIOS is not set
 # CONFIG_PAYLOAD_UBOOT is not set
-# CONFIG_PAYLOAD_EDK2 is not set
-CONFIG_PAYLOAD_LINUX=y
-CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
+CONFIG_PAYLOAD_EDK2=y
+# CONFIG_PAYLOAD_LINUX is not set
+CONFIG_PAYLOAD_FILE="novacustom_nv4x_adl/UEFIPAYLOAD.fd"
 CONFIG_PAYLOAD_OPTIONS=""
-# CONFIG_PXE is not set
-CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"
+CONFIG_EDK2_UEFIPAYLOAD=y
+# CONFIG_EDK2_UNIVERSAL_PAYLOAD is not set
+CONFIG_EDK2_REPO_MRCHROMEBOX=y
+# CONFIG_EDK2_REPO_OFFICIAL is not set
+# CONFIG_EDK2_REPO_CUSTOM is not set
+CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2"
+CONFIG_EDK2_TAG_OR_REV="b7274c98697e972e772236caf830c0780ec498bd"
+CONFIG_EDK2_USE_EDK2_PLATFORMS=y
+CONFIG_EDK2_PLATFORMS_REPOSITORY="https://github.com/Dasharo/edk2-platforms"
+CONFIG_EDK2_PLATFORMS_TAG_OR_REV="3323ed481d35096fb6a7eae7b49f35eff00f86cf"
+# CONFIG_EDK2_DEBUG is not set
+CONFIG_EDK2_RELEASE=y
+# CONFIG_EDK2_BOOT_MANAGER_ESCAPE is not set
+CONFIG_EDK2_CBMEM_LOGGING=y
+CONFIG_EDK2_SYSTEM76_EC_LOGGING=y
+CONFIG_EDK2_CPU_TIMER_LIB=y
+CONFIG_EDK2_FOLLOW_BGRT_SPEC=y
+CONFIG_EDK2_FULL_SCREEN_SETUP=y
+CONFIG_EDK2_HAVE_EFI_SHELL=y
+CONFIG_EDK2_PRIORITIZE_INTERNAL=y
+CONFIG_EDK2_PS2_SUPPORT=y
+CONFIG_EDK2_SKIP_PS2_DETECT=y
+CONFIG_EDK2_SD_MMC_TIMEOUT=10
+CONFIG_EDK2_SERIAL_SUPPORT=y
+CONFIG_EDK2_ENABLE_IPXE=y
+CONFIG_EDK2_IPXE_OPTION_NAME="iPXE Network Boot"
+CONFIG_EDK2_SECURE_BOOT=y
+# CONFIG_EDK2_SECURE_BOOT_DEFAULT_ENABLE is not set
+# CONFIG_EDK2_SATA_PASSWORD is not set
+# CONFIG_EDK2_OPAL_PASSWORD is not set
+CONFIG_EDK2_SETUP_PASSWORD=y
+CONFIG_EDK2_PERFORMANCE_MEASUREMENT_ENABLE=y
+CONFIG_EDK2_DASHARO_SYSTEM_FEATURES=y
+CONFIG_EDK2_DASHARO_SECURITY_OPTIONS=y
+CONFIG_EDK2_SHOW_CAMERA_OPTION=y
+CONFIG_EDK2_SHOW_WIFI_BT_OPTION=y
+CONFIG_EDK2_DASHARO_INTEL_ME_OPTIONS=y
+CONFIG_EDK2_DASHARO_USB_CONFIG=y
+CONFIG_EDK2_DASHARO_NETWORK_CONFIG=y
+# CONFIG_EDK2_DASHARO_CHIPSET_CONFIG is not set
+CONFIG_EDK2_DASHARO_POWER_CONFIG=y
+CONFIG_EDK2_SLEEP_TYPE_OPTION=y
+CONFIG_EDK2_FAN_CURVE_OPTION=y
+CONFIG_EDK2_BATTERY_CONFIG_OPTION=y
+# CONFIG_EDK2_DASHARO_PCI_CONFIG is not set
+# CONFIG_EDK2_DASHARO_MEMORY_CONFIG is not set
+# CONFIG_EDK2_DASHARO_NETWORK_BOOT_DEFAULT_ENABLE is not set
+# CONFIG_EDK2_DASHARO_SERIAL_REDIRECTION_DEFAULT_ENABLE is not set
+CONFIG_EDK2_BOOT_MENU_KEY=0x0011
+CONFIG_EDK2_SETUP_MENU_KEY=0x000C
+CONFIG_EDK2_DISABLE_MTRR_PROGRAMMING=y
+CONFIG_EDK2_ENABLE_BATTERY_CHECK=y
+# CONFIG_EDK2_DISABLE_OPTION_ROMS is not set
+CONFIG_EDK2_PRINT_SOL_STRINGS=y
+# CONFIG_EDK2_RAM_DISK_ENABLE is not set
+CONFIG_EDK2_CUSTOM_BUILD_PARAMS="-D VARIABLE_SUPPORT=SMMSTORE"
+CONFIG_EDK2_LAN_ROM_DRIVER=""
+# CONFIG_EDK2_CREATE_PREINSTALLED_BOOT_OPTIONS is not set
+CONFIG_PXE=y
+
+#
+# PXE Options
+#
+# CONFIG_PXE_ROM is not set
+CONFIG_BUILD_IPXE=y
+CONFIG_IPXE_STABLE=y
+# CONFIG_IPXE_MASTER is not set
+# CONFIG_PXE_SERIAL_CONSOLE is not set
+# CONFIG_PXE_NO_PROMPT is not set
+CONFIG_PXE_ADD_SCRIPT=y
+CONFIG_PXE_SCRIPT="3rdparty/dasharo-blobs/dasharo/dasharo.ipxe"
+CONFIG_PXE_HAS_HTTPS=y
+CONFIG_PXE_CUSTOM_BUILD_ID="0123456789"
+CONFIG_PXE_TRUST_CMD=y
+# end of PXE Options
+
+# CONFIG_COMPRESSED_PAYLOAD_NONE is not set
+CONFIG_COMPRESSED_PAYLOAD_LZMA=y
+# CONFIG_COMPRESSED_PAYLOAD_LZ4 is not set
 CONFIG_COMPRESS_SECONDARY_PAYLOAD=y

 #

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-14 08:52:08 -05:00
Thierry Laurion
068c977e73
boards/qemu*: add "prod" variants, not built by CircleCI as of now, to test Heads prod console output
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-11 19:46:52 -05:00
Thierry Laurion
cd683b1f35
Merge pull request #1841 from tlaurion/musl-cross-make_bump_rename
musl-cross-make: bump musl (1.2.0 -> 1.2.5) + rename module to reflect reality, bump newt ( whiptail:0.52.20 -> 0.52.24) to fix crash with newer musl
2024-11-08 15:13:54 -05:00
Thierry Laurion
a8ba6bafb7
talos-2: move(tag) board to untested: I won't have time any time soon to test nor report issues for this unknowingly used board prior of feature freeze planned for 2024-11-20
repro: helper used
time docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=talos-2 board.move_tested_to_untested

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-08 13:26:08 -05:00
Thierry Laurion
d3ec7d7ba9
talos-2: fix buildsystem: make paths dynamic for this board so board name can change over time
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-08 13:26:02 -05:00
Thierry Laurion
2a8cc11a46
newt (whiptail): bump version 0.52.20 -> 0.52.24 (fixs random whiptail crash with newer muslc + parallel builds
popt havent't changed.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-07 10:19:49 -05:00
Thierry Laurion
9e311b6e97
patches/coreboot-talos_2: add ugly patch against skiboot-to fix CFLAGS against newer mulslc (Doesn't use coreboot buildstack, obviously)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-06 19:12:39 -05:00
Thierry Laurion
30da60917c
musl-cross-make: rename musl-cross->musl-cross-make + bump version from ~0.9.9+->~0.9.10+ (musl 1.2.0 -> 1.2.5)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-06 19:12:18 -05:00
Thierry Laurion
9d656fceb5
Merge pull request #1840 from tlaurion/d16_cryptsetup2
d16 boards: bump CONFIG_CRYPTSETUP=y to CONFIG_CRYPTSETUP2=y
2024-11-06 19:11:42 -05:00
Thierry Laurion
8fad71ec73
d16 boards: bump CONFIG_CRYPTSETUP=y to CONFIG_CRYPTSETUP2=y (were still using 1.7.3 which failed to build with newer muslc version bump)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-06 17:06:07 -05:00
Jonathon Hall
5aa12437b4
Merge remote-tracking branch 'github-tlaurion/enable-optional_usb_keyboard_for_all'
PR #1838
2024-11-06 08:41:17 -05:00
Thierry Laurion
b36ed46c11
boards/librems: remove CONFIG_SUPPORT_USB_KEYBOARD which is now offered by default if kernel config enable it as compiled as module
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-05 15:27:40 -05:00
Thierry Laurion
6e0edcbce6
initrd/bin/config-gui.sh: remove check for CONFIG_SUPPORT_USB_KEYBOARD since usbhid.ko packed for all boards. Menu now permits turning on keyboard from internal, non-usb keyboard or force support through CONFIG_USB_KEYBOARD_REQUIRED=y under board configs
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-05 15:26:26 -05:00
Thierry Laurion
ade5ef1286
modules/linux: Inconditional: pack USB keyboard optional support to all boards (linux_modules-y for usbhid.ko)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-05 15:24:11 -05:00
Thierry Laurion
469da1b2b5
Merge pull request #1834 from tlaurion/fix_target-split_8mb4mb_mk
BUGFIX: targets/split_8mb4mb.mk Makefile: Make sure top/bottom/rom hash+size are always outputted in console+hashes.txt+sizes.txt
2024-11-05 12:24:23 -05:00
Thierry Laurion
a0c3d8ec5b
BUGFIX: targets/split_8mb4mb.mk Makefile: Make sure top/bottom/rom hash+size are always outputted in console+hashes.txt+sizes.txt
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-04 12:01:02 -05:00
Thierry Laurion
3ac02e72c8
Merge pull request #1833 from tlaurion/fix_git-dubious-ownership-in-repository
Docker image 0.2.4: Fix git dubious ownership in repository
2024-11-03 10:54:27 -05:00
Thierry Laurion
9f735e2238
Bump nix develop based docker image to tlaurion/heads-dev-env:v0.2.4
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-03 09:13:12 -05:00
Thierry Laurion
61ac2d9960
flake.nix: make sure git dubitious permission error vanishes with docker image using /root .gitconfig considering all dirs as safe dir
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-11-03 09:11:18 -05:00
Thierry Laurion
ef0b70a89a
ns50: add PR0 chipset locking requirements to board config and coreboot config
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-10-31 10:23:12 -04:00
Thierry Laurion
e999c90a16
codebase: CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE -> CONFIG_FINALIZE_PLATFORM_LOCKING
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-10-31 10:23:06 -04:00
Thierry Laurion
de1ee26fe3
nv41 coreboot config: add CONFIG_SOC_INTEL_COMMON_SPI_LOCKDOWN_SMM=y which enables CONFIG_SPI_FLASH_SMM=y (skylake+ requirements)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-10-31 10:23:00 -04:00
Thierry Laurion
eac77efc9b
nv41: add lock_chip current requirements for pre-skylake in board config
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-10-31 10:22:54 -04:00
Thierry Laurion
7e679d6d68
lock_chip: update documentation for skylake+
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-10-31 10:22:48 -04:00