Commit Graph

1694 Commits

Author SHA1 Message Date
Thierry Laurion
ee23fe9d3b
busybox: CONFIG_BASH_IS_ASH is incompatible with CONFIG_BASH_IS_NONE. Disabling the latter. 2020-12-30 20:31:37 -05:00
Thomas Clarke
a1f29410be
modules/flashrom: Enable AST1100 in flashrom. This will allow user to flash the BMC internally for KGPE-D16. 2020-12-30 19:18:04 +00:00
Thomas Clarke
aba13a9c55
modules/flashrom: Fixes two issues:
* Flashrom was being fetched with git and was always using `master`
* No patches were being applied (i.e. `0100-enable-kgpe-d16.patch` was being ignored).
2020-12-30 19:17:54 +00:00
tlaurion
69eb819958
Merge pull request #909 from Thrilleratplay/bash_is_ash
feat(busybox): set CONFIG_BASH_IS_ASH
2020-12-30 13:06:04 -05:00
tlaurion
4addeab3f5
Merge pull request #900 from tlaurion/busybox-1_32
Upgrade busybox to 1.32
2020-12-30 13:05:49 -05:00
tlaurion
7c686d576f
Merge pull request #938 from tlaurion/revert-coreboot_musl-cross-make
coreboot: revert building coreboot against musl-cross-make.
2020-12-30 13:04:50 -05:00
Thierry Laurion
8e4485347e
coreboot: revert building coreboot against musl-cross-make.
coreboot: correct $$CPUS -> $(CPUS)
2020-12-29 17:06:54 -05:00
tlaurion
b06a26f814
Merge pull request #932 from MrChromebox/coreboot_4.13
modules/coreboot: bump 4.12 build option to 4.13
2020-12-29 16:57:35 -05:00
Thierry Laurion
e9eedc4717
Upgrade busybox to 1.32
+CONFIG_STACK_OPTIMIZATION_386=y
+CONFIG_FLOAT_DURATION=y
+CONFIG_FEATURE_RTMINMAX_USE_LIBC_DEFINITIONS=y
+CONFIG_FEATURE_EDITING_WINCH=y
+CONFIG_BZIP2_SMALL=8
+CONFIG_FEATURE_CP_REFLINK=y
+CONFIG_MKTEMP=y
+CONFIG_PRINTF=y
+CONFIG_SYNC=y
+CONFIG_FEATURE_SYNC_FANCY=y
+CONFIG_CMP=y
+CONFIG_DIFF=y
+CONFIG_PATCH=y
+CONFIG_FEATURE_FIND_EXECUTABLE=y
+CONFIG_FEATURE_FIND_QUIT=y
+CONFIG_FEATURE_FIND_EMPTY=y
+CONFIG_FEATURE_GPT_LABEL=y
+CONFIG_MKFS_VFAT=y
+CONFIG_DC=y
+CONFIG_FEATURE_LESS_RAW=y
+CONFIG_FEATURE_LESS_ENV=y
+CONFIG_FEATURE_NSLOOKUP_BIG=y
+CONFIG_FEATURE_NSLOOKUP_LONG_OPTIONS=y
+CONFIG_FEATURE_NTP_AUTH=y
+CONFIG_FEATURE_TFTP_HPA_COMPAT=y
+CONFIG_PIDOF=y
+CONFIG_FEATURE_PIDOF_SINGLE=y
+CONFIG_FEATURE_PIDOF_OMIT=y
+CONFIG_SHELL_ASH=y
+CONFIG_ASH_BASH_NOT_FOUND_HOOK=y
+CONFIG_FEATURE_SH_MATH_BASE=y
+CONFIG_FEATURE_SH_EMBEDDED_SCRIPTS=y

This commit changes used compressed space from 6851524 -> 6863812.
Coherent reduction of free available space being 143768 -> 131480 before saturation.

Net increase of 24kB for busybox binary:

    busybox 1.28 : 484kB
    busybox 1.32: 508kB

Increase of 15kB of needed BIOS region space:

    ROM's initrd.cpio.xz with busybox 1.28: 3839kB
    ROM's initrd.cpio.xz with busybox 1.32: 3854kB
2020-12-29 16:49:08 -05:00
tlaurion
46ff6c56cb
Merge pull request #942 from tlaurion/circleci_kgpe-d16_fix
CircleCI: seperate build error from details for KGPE-D16 (par to other boards)
2020-12-28 21:39:46 -05:00
Thierry Laurion
2da03d2ef0
CircleCI: seperate build error from details for KGPE-D16 (par to other boards) 2020-12-27 17:33:57 -05:00
tlaurion
ba8ddd2308
Merge pull request #941 from synackd/coreboot-cpus
coreboot: Pass $CPUS to coreboot make target unerroneously
2020-12-27 17:16:16 -05:00
Devon Bautista
d2b41c5249
modules/coreboot: $$CPUS --> $(CPUS) 2020-12-26 13:37:36 -08:00
tlaurion
6ed1f3ab31
Merge pull request #940 from synackd/qemu-linuxboot-cpus
linuxboot: Pass $CPUS to edk2/OvmfPkg/build.sh unerroneously
2020-12-26 16:13:49 -05:00
Devon Bautista
b85dadee76
modules/linuxboot: $$CPUS --> $(CPUS) 2020-12-26 12:19:10 -08:00
Matt DeVillier
883ac669a8
modules/coreboot: bump 4.12 build option to 4.13
- update module hash and blobs hash
- drop patches no longer needed; migrate those that remain
- adjust Librem Mini/Mini v2 board configs

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-12-14 21:03:32 -06:00
tlaurion
a81ae6ed5b
Merge pull request #930 from tlaurion/xx20_hotp_fix
xx20-hotp-maximized: forgot to fix path to initrd, failed under CI.
2020-12-13 12:22:15 -05:00
Thierry Laurion
bead24c4eb
xx20-hotp-maximized: forgot to fix path to initrd, failed under CI. 2020-12-13 12:17:15 -05:00
tlaurion
0f1f547eb1
Merge pull request #928 from tlaurion/xx20_boards_correction
(WiP) xx20 boards: add xx20-hotp-maximized & remove HOTP and NITROCLI support from xxx0-maximized boards
2020-12-13 11:36:22 -05:00
Thierry Laurion
164d991a69
xx30 boards: remove NKSTORECLI from all boards. Par with xx20. 2020-12-12 22:11:20 -05:00
Thierry Laurion
16488fb21a
xx20 boards: add xx20-hotp-maximized boards, remove hotp support from xx20-boards. Modify CircleCI conf accordingly. 2020-12-12 12:44:06 -05:00
Thierry Laurion
64b1712e78
oem-factory-reset: set default KEY_LENGTH to 3072 and change expectation management message to console (Fixes #919) 2020-12-10 10:33:02 -05:00
tlaurion
671522eff4
Merge pull request #912 from Thrilleratplay/xx20_blobs_extraction_fix
xx20-maximized t420 and x220 boards addition  (ME downloaded from Lenovo and cleaned per @Thrilleratplay me_cleaner adaptation)
2020-12-03 16:39:36 -05:00
Tom Hiller
75e11cbb8d circleci: add xx20 maximized builds 2020-12-03 13:13:47 -05:00
Tom Hiller
5b898e369c boards: add t420-maximized 2020-12-03 13:11:05 -05:00
Tom Hiller
d7ccd87d49 boards: add x220-maximized 2020-12-03 13:10:21 -05:00
Tom Hiller
646ddee748 blobs: add blobs/xx20 2020-12-02 19:18:35 -05:00
tlaurion
1661e5dcb0
Merge pull request #867 from Tonux599/kgpe-d16_411_measured-boot
KGPE-D16 Coreboot 4.11 + Measured Boot
2020-12-02 18:23:55 -05:00
tlaurion
014e59210d
Merge pull request #906 from Nitrokey/gpg-default-keylength
Default to 4096 bit for OEM factory reset (fixes #831)
2020-12-02 18:20:39 -05:00
tlaurion
4d570523f8
Merge pull request #908 from osresearch/pr/non-coreboot-builds
non-coreboot-builds: do not error if CONFIG_COREBOOT_VERSION is not set
2020-12-02 18:04:55 -05:00
tlaurion
05e212d9bf
Merge pull request #917 from tlaurion/quick_typo_fixes
xx30-*-maximized boards: typo fix in comments expend -> expand
2020-12-02 17:40:05 -05:00
Thierry Laurion
1b0a9c4c22
xx30-*-maximized boards: typo fix in comments expend -> expand 2020-12-02 17:35:10 -05:00
tlaurion
36c04f19e4
Add xx30-maximized and xx30-hotp-maximized boards (11.5mb flashable BIOS regions, reproducible me.bin and generated gbe.bin and totally externally and internally flashable roms) (#703)
* xx30-*-maximized: update flashrom options removing --ifd bios option, keeping whole flash of rom internally. WARNING: ifd needs to be initially unlocked through ifdtool -u on 8mb bottom SPI backup. YOU CANNOT COME FROM 1VYRAIN. IF COMING FROM SKULLS, YOU MUST HAVE RAN OPTIONAL -u OPTION FROM SKULLS. PLEASE UPGRADE ONLY AFTER HAVING A PHYSICAL BACKUP OF BOTH SPI FLASH CHIPS. MORE INFORMATION UNDER https://github.com/osresearch/heads/pull/703. This will guarantee that future flash of produced rom will reflash the ROM totally, where heads make sure of adding users customizations (public key, /etc/config.user) when internally flashed. Unfortunately, if you flash externally, you will have to reinject your public key and readd /etc/config customizations.

* Adding generated bincfg coreboot 4.8.1 patch (merged under coreboot 4.13 and backported here to 4.8.1), resulting in gbe.bin under blobs/xx30/gbe.bin and instructions to replicate in README prior of automation (under repo). Note that MAC under gbe.bin is fixed to DE:AD:C0:FF:EE unless extract.sh script is ran on external backup to keep current user's MAC (Thanks to @Thrilleratplay's contribution!)

* xx30 blobs: add two blobs management scripts for xx30: extract from local backup/download+neuter ME
extract.sh: extract from external backup: gbe.bin, neuter under me.bin and maximize BIOS+reduce ME regions under unlocked ifd.bin. 
download_clean_me.sh: download and verify Lenovo latest ME version from website, and drop me.bin in place.
Note: me.bin is 98kb, containing only BUP and ROMP partitions which cannot be modified nor deleted else computer won't boot. As a result, BIOS region is maximized in ifd.bin to 11.5mb and coreboot config takes advantage of that freed space.

* CircleCI: xx30-*-maximized additional step to call download_clean_me.sh prior of building boards so that me.bin is dopped in place. This should be done by users prior of building xx30-*-maximized boards locally, which is imitated in CircleCI builds (look at .circleci/config.yaml for innoextract host added dependency and board buildings. Results on github for each commit).
2020-12-02 17:01:44 -05:00
Thomas Clarke
572f5b3414
On KGPE-D16 boards, ensure linux-kgpe-d16*.config are up-to-date by:
cp config/linux.. ./build/linux*/.config
	cd build/linux*
	make savedefconfig
	cp defconfig ../../config/linux..

Resulting in only linux-kgpe-d16_workstation.config being updated.

For KGPE-D16 workstation boards:
Remove `console=tty0` from `CONFIG_BOOT_KERNEL_ADD` as was blocking Qubes graphical installer (CLI installer was launched).
Comment out `export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles"` to provide a more desktop like experience.

Removed 0001-cpu-x86-smm-Use-PRIxPTR-to-print-uintptr_t.patch as already exists as 0000-cpu-x86-smm-Use-PRIxPTR-to-print-uintptr_t.patch

Added 0020-kgpe-d16_measured-boot-support.patch for coreboot 4.11

Fix TPM errors when microcode is measured by initialising TPM earlier and loading the microcode later.
Thanks to Michał Żygowski <miczyg1> for condition suggestion: `if (CONFIG(MEASURED_BOOT) && CONFIG(LPC_TPM) && boot_cpu())`

Locate bootblock location and size with CBFS API. Credit to: Michał Żygowski <miczyg1>
2020-12-02 15:56:42 +00:00
Thierry Laurion
9f751f11fe
KGPE-D16: fix coreboot config to have LOCAL_VERSION injected since not defined, describe better board configs applications 2020-12-02 15:56:42 +00:00
Thomas Clarke
6bd3f815e4
Better vboot-rwa.fmd for KGPE-D16.
Bring patches/coreboot-4.11 on par with master

Removed patches/coreboot-4.11/0020-kgpe-d16-vboot.patch
Removed Vboot options from KGPE-D16 coreboot configs

Enabled TPM in kgpe-d16 board configs
Enabled measured boot in kgpe-d16 coreboot configs.

Added support for video cards that require nouveau, radeon and amdgpu drivers in linux-kgpe-d16_workstation.config

`nouveau.config=NvForcePost=1` to be added to kexec'd kernels for better Nvidia card support.
2020-12-02 15:56:41 +00:00
Thierry Laurion
bac1d54bde
Activate dual console by default and restructure board config
Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC

Adding dual console to OpenBmc and tty0

putting kgpe-d16-coreboot.conf in defconfig format

NO_HZ wasn't included in kernel config. Adding it.

Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation

Removing serial configuration and static IP stuff since we have a workstation here.

Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then.

Placing files in good directories

Corrrect flashrom options for kgpe-d16 server and workstation boards

kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ

kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server

kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH.

kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation)

kgpe-d16_workstation in defconfig format

kgpe-d16 boards: pass from GPG to GPG2 board definitions

kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode

kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output

kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging

kgpe-d16 : expressively export CONFIG_TPM=n

kgpe-d16_wokstation gui-init variables were missing

kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized

linux-kgpe-d16*: add support for Pike

kgpe-d16_workstation-usb_keyboard board support addition

kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based

GitlabCI: kgpe-d16 fixes and upstream merge of change

kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment

kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file

KGPE-D16: community work migration to coreboot 4.11 to fix issue #740

KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per https://github.com/osresearch/heads/pull/709

kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637

KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under https://github.com/osresearch/heads/pull/795#issuecomment-671214637

kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch

kgpe-d16 boards: add Linux kernel version where missing.

CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master

coreboot module: typo correction (tabs vs spaces)

CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds

CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large"

CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support

At this stage:
- job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32)
- "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node

CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console.

coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM)

coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram.

CircleCI & coreboot config: fix merge conflict rebasing on master

coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599

Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for #867
2020-12-02 15:56:34 +00:00
Tom Hiller
3512853ab0 feat(busybox): set CONFIG_BASH_IS_ASH 2020-11-25 21:46:33 -05:00
Trammell hudson
fbd38155d9
non-coreboot-builds: do not error if CONFIG_COREBOOT_VERSION is not set
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-11-25 14:43:07 +01:00
alex-nitrokey
e31d6dcb8e Default to 4096 bit for OEM factory reset 2020-11-24 12:48:41 +01:00
Matt DeVillier
7ee4a11d1b Add new board: Purism Librem Mini v2
Add board config, coreboot config, Circle CI entry.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-11-19 15:39:44 -05:00
Matt DeVillier
9d14a286f3 configs/coreboot-librem_mini: update blob paths
Update blob paths to match submodule layout

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-11-19 15:39:44 -05:00
Matt DeVillier
1241f9714f modules/purism-blobs: Update module pointer and hash
Update purism-blobs for Librem Mini v2 release

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-11-19 15:39:44 -05:00
Matt DeVillier
85f52e7c7d patches/coreboot-4.12: Add support to coreboot for Librem Mini v2
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-11-19 15:39:44 -05:00
Matt DeVillier
904b64db93 patches/coreboot-4.12: Add patches to update Librem Mini
Combination of commits from upstream coreboot master backported to
coreboot 4.12 (tag) to improve performance/functionality, and
prepare for addition of Librem Mini v2.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-11-19 15:39:44 -05:00
Matt DeVillier
acd9d258b8 patches/coreboot-4.12: Add patch for cbmem alignment
Cherry-pick of commit 3dea2b63eeb8f97b31571f6f0eb37f38f9967b6b
[soc/intel/common/block/systemagent/memmap.c: Align cached region]
from upstream coreboot.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-11-19 15:39:44 -05:00
Matt DeVillier
561452508b boards/librem*: enable automatic booting
Add CONFIG_AUTO_BOOT_TIMEOUT=5 to Librem board configs, to
enable automatic booting of default boot target after successful
HOTP verifcation via a Librem Key

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-11-09 22:26:50 -05:00
Matt DeVillier
055165d61a gui-init: add support for auto-booting default target
if CONFIG_AUTO_BOOT_TIMEOUT exists and is set, and if HOTP
validation was successful, then attempt to boot the default
target after CONFIG_AUTO_BOOT_TIMEOUT seconds if not interrupted
by key press

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-11-09 22:26:50 -05:00
Thierry Laurion
89c457706f coreboot configs: remove CONFIG_LOCALVERSION artifacts in conformity of bd7a945bbb 2020-11-06 15:24:13 -05:00
Matt DeVillier
f445b29dbe kexec-sign-config: fix args to getopts
The -u arg does not take a parameter, so remove the trailing colon.

Fixes /boot hashes not being updated when update_checksums() is called.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-11-06 15:16:29 -05:00