Add qemu-coreboot-fbwhiptail-tpm1-hotp configuration, which has a 'run'
target to boot with a persistent TPM, disk, virtual USB disk, and USB-
forwarded token
Provide instructions for bootstrapping a complete working system in qemu
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
flashrom doesn't work in qemu, so the firmware isn't able to update its
keyring. Adding an already-provisioned key ahead of time works though.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Set ATA and SATA configs to y, not m - modules weren't being loaded. Other
configs also build these into kernel, so do the same for qemu. Remove relevant
configs from boards since modules no longer need to be in initrd.
Enable OHCI and UHCI. qemu forwards host USB devices over a UHCI controller.
This enables USB-forwarding a physical Librem Key or Nitrokey Pro to the VM.
Export CONFIG_LINUX_USB_COMPANION_CONTROLLER to have enable_usb() load the
modules - it wants both UHCI and OHCI modules, so build both.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Global Makefile is the most effective modifier of builds.
As soon as the global Makefile change, so should not be reused caches having measured a different Makefile
EC signatures requires that the digest has the corresponding length. Removing the hardcoded sha2-256 hash function and adding support of sha2-384 and sha2-512 should allow using EC crypto.
-Makefile: remove local gawk and make version compare and local build
-modules: remove gawk and make
-patches: remove make
local make was added to build 4.2.1 on OSes that were having older version. It was then patched to be built on OSes having newer buildstack.
local gawk was added when GPG toolstack was older then libgpg-error 1.37. GPG toolstack was then upgraded, but local gawk stayed.
Removing those permits better parallelization and of builds and reduces CircleCI (and higher cores systems) to have race conditions and stalled builds
Coreboot 4.11 boards are not properly building as of now.
coreboot.pre fails to depend on .car.data because of a race condition that can only be mitigated by single threading CPUS=
This is unrelated to other changes.
KGPE-D16 will soon enough depend on dasharo coreboot and be ported upstream later on.
- Take System Info changes from 06311ff068 (Thanks to @nestire)
- Move changes to seperate script under /bin/oem-system-info-xx30
- Add additional camera and wifi card IDs, add synaptic touchpad detection if kernel has module built in
Above changes squashed in this commit.
Since /etc/luks-functions are currently exporting passphrases tested good per cryptsetup to be reused in the code,
the logic calling both luks_reencrypt and luks_change_passphrase testing for non-empty luks_current_Disk_Recovery_Key_passphrase
was bogus.
This commit includes a new variable luks_new_Disk_Recovery_Key_desired which is set when reencryption is desired.
The 3 use cases (reencrypt+passphrase change, reencrypt no passphrase change and passphrase change alone now only test
for luks_new_Disk_Recovery_Key_desired and luks_new_Disk_Recovery_Key_passphrase_desired, nothing else.
network-init-reovery can be used to automatically set RTC clock to obtained NTP clock.
The script would fail if other devices devices previously registered on the network with the same MAC.
Consequently, maximized boards are detected here, and a full random MAC is generated and used instead of using hardcoded DE:AD:C0:FF:EE.
This continues to generate checksums and sign them per new GPG User PIN, but does not set a default boot option.
The user hitting Default Boot on reboot will go through having to setup a new boot default, which will ask him to setup a Disk Unlock Key if desired.
Otherwise, hitting Default Boot goes into asking the user for its Disk Recovery Key passphrase, and requires to manually setup a default boot option.
Simplify the menu options by removing the duplication of the entry name
in the menu selections; instead, use clear verbiage to distinish
between booting one time and making the default. And as the majority of
the boot menu is shown is when the grub entires have changed and the
user is prompted to select a new default, so make that the first/default
menu option.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Drop the duplicated kernel info which hurts readability, runs off the
end of the menu window. This also makes it easier to identify which
menu option is the default, and more closely resembles the grub menu
shown in a traditional BIOS boot.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
