patches/coreboot-4.15: remove patches for coreboot 4.15
No boards depend on it and is affected by CVE-2022-29264
Signed-off-by: Daniel Pineda <daniel.pineda@puri.sm>
Add patches for coreboot 4.17:
- show ME status even when device is disable (kept from 4.15)
- zero unused part of SMBIOS region
Signed-off-by: Daniel Pineda <daniel.pineda@puri.sm>
It specifies whitespace-separated list of console devices to run Heads
on in addition to the default one.
Example for board config:
export CONFIG_BOOT_EXTRA_TTYS="tty0 tty1"
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
This also involves splitting workspaces based on target architecture to
avoid severely degrading performance of CI.
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
To be used in board configuration. Expands to the path of the board's
build directory. Also simplifies main Makefile a bit.
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
This makes configs much less dependent on directory layout.
As of this commit the following variables are supported:
* @BOARD_BUILD_DIR@ - absolute path under build/
* @BLOB_DIR@ - absolute path to blobs/
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Enable virtio video and storage.
Enable serial console and tweak kernel command line to show logs.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Add qemu-coreboot-fbwhiptail-tpm1-hotp configuration, which has a 'run'
target to boot with a persistent TPM, disk, virtual USB disk, and USB-
forwarded token
Provide instructions for bootstrapping a complete working system in qemu
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
flashrom doesn't work in qemu, so the firmware isn't able to update its
keyring. Adding an already-provisioned key ahead of time works though.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Set ATA and SATA configs to y, not m - modules weren't being loaded. Other
configs also build these into kernel, so do the same for qemu. Remove relevant
configs from boards since modules no longer need to be in initrd.
Enable OHCI and UHCI. qemu forwards host USB devices over a UHCI controller.
This enables USB-forwarding a physical Librem Key or Nitrokey Pro to the VM.
Export CONFIG_LINUX_USB_COMPANION_CONTROLLER to have enable_usb() load the
modules - it wants both UHCI and OHCI modules, so build both.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Otherwise binary patches cannot be patched/created
Additional fixes needed
- flashrom patch was invalid and got catched by git apply. Correcting
- gpg2-2.2.21.patch was pointing to bad target. Correcting
Global Makefile is the most effective modifier of builds.
As soon as the global Makefile change, so should not be reused caches having measured a different Makefile
EC signatures requires that the digest has the corresponding length. Removing the hardcoded sha2-256 hash function and adding support of sha2-384 and sha2-512 should allow using EC crypto.
-Makefile: remove local gawk and make version compare and local build
-modules: remove gawk and make
-patches: remove make
local make was added to build 4.2.1 on OSes that were having older version. It was then patched to be built on OSes having newer buildstack.
local gawk was added when GPG toolstack was older then libgpg-error 1.37. GPG toolstack was then upgraded, but local gawk stayed.
Removing those permits better parallelization and of builds and reduces CircleCI (and higher cores systems) to have race conditions and stalled builds
Coreboot 4.11 boards are not properly building as of now.
coreboot.pre fails to depend on .car.data because of a race condition that can only be mitigated by single threading CPUS=
This is unrelated to other changes.
KGPE-D16 will soon enough depend on dasharo coreboot and be ported upstream later on.