Commit Graph

2764 Commits

Author SHA1 Message Date
Thierry Laurion
646db06eb6
boards/*/*.config: bump coreboot 4.22.01 boards config to use 24.02.01
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 15:35:56 -04:00
Thierry Laurion
f29c16d977
modules/coreboot: add 24.02.01 version
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 15:35:50 -04:00
Thierry Laurion
119cebc44f
coreboot 24.02.01: add upstream pending patches for heap allocation failure on bootsplash and defaulting to 4mb of heap when bootsplash
Add upstreeam patches to downstream:
git fetch https://review.coreboot.org/coreboot refs/changes/75/83475/1 && git format-patch -1 --stdout FETCH_HEAD > 0001-prevent_bootsplash_heap_allocation_failure_to_booting.patch
git fetch https://review.coreboot.org/coreboot refs/changes/76/83476/2 && git format-patch -1 --stdout FETCH_HEAD > 0002-increase_heap_from1mb_to4mb_when_bootpslash_enabled.patch

Rebuilding coreboot version with patches applied:
docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:v0.2.0 -- make BOARD=qemu-coreboot-whiptail-tpm1 real.remove_canary_files-extract_patch_rebuild_what_changed
Remove file added by patch when patching fails:
sudo rm build/x86/libgpg-error-1.46/src/syscfg/lock-obj-pub.powerpc64le-unknown-linux-musl.h

Applying patches touching coreboot version 24.02.01 defiend in board config to all boards:
grep -R 24.02.01 boards/ | awk -F "/" {'print $2'} | while read board; do sudo make BOARD=$board coreboot.save_in_oldconfig_format_in_place; done

Adding added/modified files to git tracked files for commit:
git status | grep -e modified -e added | awk -F ":" {'print $2'}| xargs git add

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 15:35:44 -04:00
Thierry Laurion
60ec2b9b45
Merge pull request #1734 from tlaurion/JonathonHall-Purism-module_checkout_submodules-flake_moreutils_for_timestamps_CircleCI_intermediary_arch_musl-cross-make_step
Fix master's CircleCI builds (Bandwidth throttling making all boards depending on coreboot forks to exceed 1h step's max build time)
2024-07-26 15:29:32 -04:00
Thierry Laurion
f0c951fa91
CircleCI: fix naming of cache: coreboot-nitrokey -> coreboot-dasharo
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 14:16:37 -04:00
Thierry Laurion
43f3570288
CircleCI: add CircleCI intermediary musl-cross build step per arch, cleanup
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 12:14:08 -04:00
Thierry Laurion
8ff19d17bc
Bump nix develop based docker image to tlaurion/heads-dev-env:v0.2.1: include moreutils to be able to use 'ts' in CircleCI builds ('make BOARD=xyz V=1 | ts') to give timestamps of each make step
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 11:44:33 -04:00
Jonathon Hall
1e54152f30
Makefile: Don't check out submodules when cloning a git module
Checking out submodules was much worse for coreboot, it has many
submodules and only a subset of them are actually used.  coreboot knows
to sync the needed submodules during its build.

Instead, just remove the errant command that did not actually work.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 11:44:27 -04:00
Jonathon Hall
a2876a26a1
Makefile: When cloning a repo from Git, update submodules correctly
When cloning a repo from Git, actually change to the repo directory to
check out the submodules as well.  Without the -C <dir>, the submodule
checkout happened in the Heads repo itself, which has no submodules.

This is important for coreboot being built in CI.  Without this, the
coreboot submodules will be checked out automatically by the coreboot
build system during the build, meaning they will not be in the
prepped module cache.

A trade-off though is that at this point, we don't know what submodules
are actually needed - we will clone some that are not needed.  coreboot
knows to skip some submodules during the build if they are not needed.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-07-24 15:54:18 -04:00
Thierry Laurion
0b494fea09
Merge pull request #1728 from tlaurion/fhvyhjriur_UNMAINTAINED_READMEmd
Update README.md : cherry-pick of PR #1696's commit with me signing.
2024-07-22 15:28:41 -04:00
fhvyhjriur
fa42c7a224
Update README.md : cherry-pick of PR #1696's commit with me signing.
Discussion about this here:
https://github.com/linuxboot/heads/issues/1682

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-22 15:21:56 -04:00
Thierry Laurion
ebd9fbadb6
Merge pull request #1721 from JonathonHall-Purism/purism_24.02.01_fixed
Update Librem devices coreboot to 24.02.01-Purism-1 plus bootsplash fix
2024-07-16 11:02:51 -04:00
Jonathon Hall
ff9adad7d2
modules/coreboot: Update Purism to 24.02.01-Purism-1 w/bootsplash fix
Increases coreboot heap size to accommodate Heads bootsplash.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-07-15 16:55:34 -04:00
Jonathon Hall
265b1da920
Revert "Merge pull request #1713 from tlaurion/interim_fix_1712"
This reverts commit c43b6fc05f, reversing
changes made to fb9c558ba4.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-07-15 16:53:59 -04:00
Jonathon Hall
75968382fc
Merge remote-tracking branch 'github-tlaurion/more_verbose_docker_build'
PR #1714
2024-07-09 12:32:15 -04:00
Thierry Laurion
1519bd74fe
README.md: Make docker image build more verbose on console, unify
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-09 11:40:09 -04:00
Thierry Laurion
c43b6fc05f
Merge pull request #1713 from tlaurion/interim_fix_1712
Revert "Merge pull request #1703 from JonathonHall-Purism/purism_coreboot_24.02.01"
2024-07-09 11:04:34 -04:00
Thierry Laurion
b20cde8c61
Revert "Merge pull request #1703 from JonathonHall-Purism/purism_coreboot_24.02.01"
This reverts commit 7025031702, reversing
changes made to 156d2c80dd.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-09 09:29:37 -04:00
Jonathon Hall
fb9c558ba4
Merge branch 'newt_colors' of github.com:mdrobnak/heads
PR 1698
2024-06-28 17:07:10 -04:00
Matthew Drobnak
2f8c1a51df
Build ncurses for terminfo definitions.
Signed-off-by: Matthew Drobnak <matthew@drobnak.com>
2024-06-25 17:26:18 +00:00
Matthew Drobnak
6e148cb7f2
Makefile changes to support putting data into the initrd, such as terminfo.
Signed-off-by: Matthew Drobnak <matthew@drobnak.com>
2024-06-25 17:26:18 +00:00
Matthew Drobnak
19a705c179
Add functions to handle normal, warning, and error for whiptail and fbwhiptail.
Signed-off-by: Matthew Drobnak <matthew@drobnak.com>
2024-06-25 17:26:14 +00:00
Thierry Laurion
e471a4ae65
Merge pull request #1707 from Dasharo/nitropad-drop-iotools
boards, module and Makefile: drop iotools
2024-06-21 11:44:15 -04:00
Maciej Pijanowski
2cd5b0960a
modules: drop iotools
As discussed in: linuxboot#1704
there is no need to include iotools module for nitropads.

Since there is no board using it, and we see no reason to use
it in the future (the EC udpate will not require it, as update
will be server by coreboot in the future), drop the module as well.

Signed-off-by: Maciej Pijanowski <maciej.pijanowski@3mdeb.com>
2024-06-21 17:08:14 +02:00
Thierry Laurion
96b619b5fd
Merge pull request #1704 from Dasharo/nitropad-shutdown
nitropad-nx: use standard shutdown/reboot commands
2024-06-21 10:24:45 -04:00
Thierry Laurion
7025031702
Merge pull request #1703 from JonathonHall-Purism/purism_coreboot_24.02.01
modules/coreboot: 24.02.01-Purism-1, remove CFLAGS overrides, needs nss
2024-06-20 14:11:30 -04:00
Thierry Laurion
80284ff246
.circleci/config.yml: bump to v0.2.0 docker image based on flake.nix's new nss inclusion required for coreboot 24.02+
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-06-20 13:54:20 -04:00
Maciej Pijanowski
fd98c8d0d9
nitropad-nx: use standard shutdown/reboot commands
This commit effectively reverts commits a1c13ff and 902866cc. There is
no need for this special EC-based poweroff command. See more details in
issue linked below.

Fixes: https://github.com/Dasharo/dasharo-issues/issues/711

Signed-off-by: Maciej Pijanowski <maciej.pijanowski@3mdeb.com>
2024-06-20 18:27:05 +02:00
Jonathon Hall
2ba56d1304
modules/coreboot: 24.02.01-Purism-1, remove CFLAGS overrides, needs nss
Update Purism coreboot to 24.02.01-Purism-1.

Remove CFLAGS overrides when building coreboot.  These overrides break
24.02.01, which added (and needs) --param=min-pagesize=1024.  This has
happened repeatedly in the past since Heads has to duplicate coreboot's
CFLAGS if it overrides them.

Specifically, the build fails with this error:
src/commonlib/include/commonlib/endian.h:27:26: error: array subscript 1 is outside array bounds of 'void[0]' [-Werror=array-bounds=]
   27 |         *(uint8_t *)dest = val;
      |         ~~~~~~~~~~~~~~~~~^~~~~
In function 'setup_default_ebda':
cc1: note: source object is likely at address zero

That's because coreboot is attempting to write to EBDA at physical
address 0x40e, just above 1024.  That is a valid address for x86, but
it's too close to 0 by default for GCC, --param-min-pagesize=1024
allows writes to physical addresses above 1024.

coreboot shouldn't need any of the usual Heads CFLAGS overrides for
reproducibility; it is already reproducible.

Fix indentation in modules/coreboot.  Make accepted it before because
the indented lines followed a variable assignment, so they couldn't
be part of a recipe.  That assignment is now gone, so they're now
interprted as part of a recipe for the `.configured` target just above,
they should not be indented.

Add nss to flake.nix, needed as of 24.02.01.

Update Librem coreboot configs for 24.02.01-Purism-1.  Notably, the
board Kconfig changed for Mini v2 in coreboot, so this is needed for
correct builds.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-06-19 12:38:45 -04:00
Thierry Laurion
156d2c80dd
Merge pull request #1702 from JonathonHall-Purism/librem_l1um_ci
circleci: Add Librem L1UM to CI, in front of unmaintained 4.11 boards
2024-06-19 09:05:55 -04:00
Jonathon Hall
b0b3449367
circleci: Add Librem L1UM to CI, in front of unmaintained 4.11 boards
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-06-18 16:34:33 -04:00
Thierry Laurion
d9a0caca13
Merge pull request #1700 from JonathonHall-Purism/coreboot_purism_4.22.01-Purism-1
Update Purism coreboot to 4.22.01-Purism-1
2024-06-13 11:15:40 -04:00
Jonathon Hall
a15f77e336
config/coreboot-librem_11.config: intel_iommu=igfx_off on Heads cmdline
intel_iommu=igfx_off is needed on the Heads kernel command line for
memtest86+ to work.  Without this parameter, the screen blanks when
memtest86+ starts testing.

This is unique to Librem 11, probably because it is the only device
using FSP GOP for graphics init in coreboot.  (libgfxinit does not yet
support Jasper Lake.)

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-06-11 13:02:03 -04:00
Jonathon Hall
65ca94b184
modules/coreboot: Update Purism coreboot to 4.22.01-Purism-1
Update Purism coreboot to 4.22.01-Purism-1.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-06-11 13:01:57 -04:00
Thierry Laurion
64730d9507
Merge pull request #1688 from 123ahaha/updated-instruction-ptrace_scope
Updated README.md for kernel.yama.ptrace_scope issues
2024-06-07 12:38:38 -04:00
Thierry Laurion
868abb75ba
Merge pull request #1697 from mdrobnak/issue_1692
1692 Update text for TPM Primary Handle error with correct remediation steps.
2024-06-07 09:28:31 -04:00
Matthew Drobnak
c7a5fbd66f
1692 Update text for TPM Primary Handle error with correct remediation steps.
Signed-off-by: Matthew Drobnak <matthew@drobnak.com>
2024-06-05 03:59:40 +00:00
Thierry Laurion
34c7bb5a83
Merge pull request #1687 from tlaurion/use_nixos-unstable_prebuild_qemu-canokey
Use nixos-unstable channel's prebuilt qemu_full with canokey support builtin from nix cache
2024-05-30 17:29:08 -04:00
Thierry Laurion
edd4378b60
flake.nix: remove commented material, add some more comments where needed
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-30 17:05:29 -04:00
Thierry Laurion
a8adfb5089
Merge pull request #1684 from Nitrokey/hotp-version-v1.6
Hotp version v1.6
2024-05-30 15:37:56 -04:00
Thierry Laurion
fc146681f7
Merge pull request #1673 from tlaurion/build-UNMAINTAINED_t530-maximized
Build unmaintained t530 maximized
2024-05-29 18:55:07 -04:00
Thierry Laurion
c7d1495a0a
Use nixos-unstable channel's prebuilt qemu_full with canokey support builtin, downloaded from nix cache
- flake.lock: bumps lcoekd package list to latest packages list through 'nix flake update'
- flake.nix : comment out customizations of derivatives, removing canokey-qemu lib since qemu_full depends on qemu which depends on canokey-qemu by default now
- flake.nux: add 'less' so that 'git log' is usable
- circleci/config.yml: use docker v0.1.9
- README.md : update docker image maintainer notes to ease upstreaming of docker images and for others to play around, requiring dockerhub account

For testing iterations of this, I used:
docker_version="v0.1.9" && docker_hub_repo="tlaurion/heads-dev-env" && sed "s@\(image: \)\(.*\):\(v[0-9]*\.[0-9]*\.[0-9]*\)@\1\2:$docker_version@" -i .circleci/config.yml && nix --print-build-logs --verbose develop --ignore-environment --command true && nix build .#dockerImage && docker load < result && docker tag linuxboot/heads:dev-env "$docker_hub_repo:$docker_version" && docker push "$docker_hub_repo:$docker_version"
Then added final commit, and pushed.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-25 12:55:28 -04:00
Antoine Luciani
6ac7e5d789 README.md updated in build instructions and in particular an error encountered because of kernel.yama.ptrace_scope during docker image build
Signed-off-by: Antoine Luciani <antoine.luciani@epita.fr>
2024-05-24 13:46:56 +02:00
nestire
ea05b1ed45
extent hotp error message for nitrokeys
Signed-off-by: nestire <hannes@nitrokey.com>
2024-05-21 17:03:08 +02:00
nestire
8bea5697d4
bump hotp version to 1.6
Signed-off-by: nestire <hannes@nitrokey.com>
2024-05-21 17:03:05 +02:00
Thierry Laurion
cf080564df
Merge pull request #1680 from tlaurion/fix_openssl_output_on_console_for_internal_hack
modules/openssl: remove hack, silence error on console when openssl is included for builds (affects tpm2 boards builds)
2024-05-17 15:05:59 -04:00
Thierry Laurion
74b1e2f7c1
modules/openssl: remove hack: silences error on console when openssl is included for builds (affects tpm2 boards builds)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-17 14:56:11 -04:00
Thierry Laurion
59df86fbd0
Merge pull request #1677 from tlaurion/fix_key_to_card
Revert gpg version bump and unify key to card  code to properly create bug upstream
2024-05-17 13:22:32 -04:00
Thierry Laurion
37f04e2855
Fix key to card failing with invalid time when moving keys to smartcard on master (Opt: Authenticated Heads)
- Revert gnupg toolstack version bump to prior of #1661 merge (2.4.2 -> 2.4.0). Version bump not needed for reproducibility.
  - Investigation and upstream discussions will take their time resolving invalid time issue introduced by between 2.4.0 and latest gnupg, fix regression first under master)

- oem-factory-reset
  - Adding DO_WITH_DEBUG to oem-factory-reset for all its gpg calls. If failing in debug mode, /tmp/debug.txt contains calls and errors
  - Wipe keyrings only (*.gpg, *.kbx)  not conf files under gpg homedir (keep initrd/.gnupg/*.conf)

- flake.nix
  - switch build derivative from qemu and qemu_kvm to qemu_full to have qemu-img tool which was missing to run qemu boards (v0.1.8 docker)
  - add gnupg so that qemu boards can call inject_gpg to inject public key in absence of flashrom+pflash support for internal flashing

- flake.lock: Updated nix pinned package list under flake.lock with 'nix flake update' so qemu_full builds

- README.md: have consistent docker testing + release (push) notes

- .circleci/config.yml: depend on docker v0.1.8 (qemu_full built with canokey-qemu lib support, diffoscopeMinimal and gnupg for proper qemu testing)

TODO:
- some fd2 instead of fd1?!
- oem-factory-resest has whiptail_or_die which sets whiptail box to HEIGHT 0. This doesn't show a scrolling window on gpg errors which is problematic with fbwhiptail, not whiptail

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-17 09:27:29 -04:00
Thierry Laurion
b80aa87077
Merge pull request #1662 from tlaurion/nitrokey_board_unification_clean-enable_htop_validated_autoboot-novacustom_coreboot_version_bump
Nitrokey boards coreboot version bump to match Dasharo+Heads heads+ coreboot version used in their v0.9.0 - 2024-02-29 BOM
2024-05-15 12:43:41 -04:00