Commit Graph

71 Commits

Author SHA1 Message Date
Thierry Laurion
89c9d6bc9b
WiP: unify 6.1.8 kernel config changes with librems, modify modules/linux helper
librems vs mainline have:
- mei module not compiled in

- Streamline modules/linux Makefile helpers so that one asks on console for new Kconfig options to be y/n, another one to do olddefconfig (accept new defaults)
  - Exercice proves again that oldconfig exposes new things added into kernel by default as opposed to defconfig format.
- Add TCP Syn cookies to all linux configs (all boards add CDC tethering AFAIK. Add this protection by default)
- Remove unneeded network card drivers from librems common and unify
- Remove unneeded microsoft surface drivers from librems common and unify
- Remove WMI embedded Binary MOF driver CONFIG_WMI_BMOF
- Unify removed Kconfig options from x230 ported to 6.1.8 to librems common
- Verify qemu (AMD) changes working (note, there is clock source watchdog that would need to be investigated seperately for QEMU TCG mode, that is, not KVM)
- Review crypto backend requirements/unify once more
- Removed bunch of unused stuff under QEMU Q35 (AMD)

Q/A:
- CONFIG_RANDSTRUCT_NONE vs CONFIG_RANDSTRUCT_FULL? CONFIG_RANDSTRUCT_NONE now.
- CONFIG_LDISC_AUTOLOAD=y?
- CONFIG_PTP_1588_CLOCK_OPTIONAL=y?
- CONFIG_X86_THERMAL_VECTOR=y?
- ACPI-WMI (Windows Management Instrumentation) mapper device (PNP0C14) enabled by ACPI_VIDEO and depended by DRM drivers.
  - ACPI_VIDEO seems needed.
- CONFIG_INPUT_VIVALDIFMAP=y anabled by CONFIG_KEYBOARD_ATKBD (AT/PS2 Keyboard)

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-10-30 09:59:39 -04:00
Thierry Laurion
7cbcdd8ed7
Tethering refresh for CDC NCM/CDC EEM mobile phones (tested on GrapheneOS Pixel 6a, no more RNDIS support)
- Add additional requirements to linux config
- Add additional CONFIG_MOBILE_TETHERING=y to all maximized board configs
- Fix issue under network-recovery-init to NTP sync against NTP server pool
- Extend network-recovery-init to first try NTP sync against DNS server returned by DHCP answer
- Remove network-recovery-init earlytty and tty0 redirection (console should be setuped properly by init in all cases)
- If CONFIG_MOBILE_TETHERING=y added to board config and network-recovery-init called, wait to user input on instructions and warning 30 secs before proceeding (non-blocking)
- Machines having STATIC_IP under board config won't benefit of autoatic NTP sync

Since network-recovery-init can only be called from recovery shell now, and recovery shell can be guarded by GPG auth, this is PoC code to be used to complement TOTP being out of sync

TODO(Future PR):
- Refactor into functions and reuse into TOTP/HOTP being out of sync automatically.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-02-21 13:50:18 -05:00
Jonathon Hall
0a823cb491
Allow laptops to include optional USB keyboard support
Laptops can include optional USB keyboard support (default off unless
the board also sets the default to 'y').  The setting is in the
configuration GUI.

CONFIG_USER_USB_KEYBOARD is now the user-controlled setting on those
boards.  'CONFIG_USB_KEYBOARD' is no longer used to avoid any conflict
with prior releases that expect this to be a compile-time setting only
(conflicts risk total lock out requiring hardware flash, so some
caution is justified IMO).

Boards previously exporting CONFIG_USB_KEYBOARD now export
CONFIG_USB_KEYBOARD_REQUIRED.  Those boards don't have built-in
keyboards, USB keyboard is always enabled. (librem_mini,
librem_mini_v2, librem_11, librem_l1um, librem_l1um_v2, talos-2,
kgpe-d16_workstation-usb_keyboard, x230-hotp-maximized_usb-kb).

Librem laptops now export CONFIG_SUPPORT_USB_KEYBOARD to enable
optional support.  The default is still 'off'.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-01-10 15:38:06 -05:00
Jonathon Hall
4c8e445dcd
Merge remote-tracking branch 'github-heads/master' into pureboot-27-heads-upstream
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-07-05 14:32:16 -04:00
Jonathon Hall
861529cf69
Merge remote-tracking branch 'github-heads/master' into pureboot-27-heads-upstream 2023-06-27 13:21:19 -04:00
Thierry Laurion
13daaa1203
modules/ coreboot+linux: add helpers to edit config in place + save in oldconfig/defconfig formats
both linux/coreboot:
- save_in_defconfig_format_in_place : takes whatever coreboot config file for a make BOARD=xyz statement and saves it in defconfig
- save_in_oldefconfig_format_in_place : takes whatever coreboot config file for a make BOARD=xyz statement and saves it in oldefconfig

linux:
- linux.prompt_for_new_config_options_for_kernel_version_bump:
  - The most useful helper as of now when doing kernel version bump.
  - Requires to save current kernel config in oldconfig (make BOARD=xyz linux.save_in_oldefconfig_format_in_place) first, then bump kernel version in board config and then use that helper to review new options and save in tree.
2023-06-27 11:20:59 -04:00
Thierry Laurion
f13432cca7
Makefile+ modules/linux: have sizes report output on screen and into sizes.txt
Basically a duplicate of HASHES related Makefile statements
2023-06-27 10:42:04 -04:00
Jonathon Hall
12c7dfdadc
modules/linux: Support building with Linux 6.1.8.
This is particularly beneficial for servers with Aspeed BMC video,
because it introduces framebuffer console acceleration.  The
framebuffer console is much more responsive.

Patches were ported from 5.10.5:

0001-fake-acpi.patch: This may not be needed any more, but it applies
cleanly and I don't think it would harm anything.

0002-nmi-squelch.patch: The comment mentions qemu but I see this
message on physical machines occasionally, so I think this is needed.

0003-fake-trampoline.patch: This patch does not apply cleanly.  It
could be ported, but I don't think it's needed, I dropped it.  Dates
back to a very old commit where Linux was being embedded into a vendor
UEFI firmware: a4d7654b1e.

0010-winterfell-ahci.patch: Minor change of %x to %lx in context.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-06-21 13:26:49 -04:00
Thierry Laurion
a29c277849
coreboot+linux modules: add modules target helpers to edit configs (oldconfig/defconfig)
Most useful to me are:
coreboot.modify_and_save_defconfig_in_place
coreboot.modify_and_save_oldconfig_in_place
linux.modify_and_save_oldconfig_in_place
linux.modify_and_save_defconfig_in_place
Which permit to take current in tree configs and translate them into other format.
This is useful when trying to version bump and build.

Also add helpers to save in versioned version to facilitate change tracking:
linux.generate_and_save-versioned-oldconfig
linux.regenerate_and_save_versioned_defconfig
2023-04-20 14:07:20 -04:00
Krystian Hebel
e7997abdcc
modules/linux: fix linux.*config targets for non-x86 architectures
This patch adds ARCH="$(LINUX_ARCH)" to Linux targets working on config
files. Without it, the architecture defaults to that of host, which for
cross-compilation isn't right.

Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
2023-03-24 15:26:34 +01:00
Thierry Laurion
6923fb5e20
Addition of qemu-(fb)whiptail-tpm2(-hotp) boards
-coreboot support of TPM v2.0 (shared config for TPM2 support across all 4 previous variations)
-swtpm set to be launched under TPM v2.0 mode under board config
-Documentation file under each board.md softlinks to qemu-coreboot-fbwhiptail-tpm1.md (which has been generalized)
This is skeleton for TPM v2 integration under Heads

-------------
WiP

TODO:
- libcurl cannot be built as a tpm2-tools dependency as of now not sure why. curl currently needs to be added in board config to be built
- Note: tpm-reset (master and here) needs some review, no handle of no tpm use case. Caller is responsible to not call it otherwise does nothing
- init tries to bind fd and fails currently
- Note: Check if whiptail is different of fbwhiptail in clearing screen. As of now every clear seems to be removed, still whiptail clears previous console output
- When no OS' /boot can be mounted, do not try to TPM reset (will fail)

- seal-hotpkey is not working properly
- setting disk unlock key asks for TPM ownership passphrase (sealing in NV requires ownership, but text is misleading user as if reowning TPM)
  - We should cache input, feed tpm behind the scene and wipe passphrase and state clearly that this is TPM disk unlock kye passphrase.
- primary key from TPM2 is invalid most of the time from kexec-select-boot and verifying global hashes but is setuped correctly at disk unlock key setup
- would be nice to take advantage of bash function tracing to understand where we are for debugging purposes, code takes ash in consideration only
- tpmr says it implements nv calls but actually doesn't. Removing those falsely wrapped functions would help.
  - Implementing them would be better
- REVIEW TODOS IN CODE
- READD CIRCLECI CONFIG

Current state:
- TPM unseal works without disk unlock key and generates TOTP properly (was missing die condition at unseal to not produce always good TOTP even if invalid)
- TPM disk encryption key fails. Hypothesis is that sealing with USB drivers loaded and measures in inconsistent with sealed with/without.
 - TPM disk unsealing happens without USB modules being loaded in non-HOTP setup. This fails.

- Current tests are with fbwhiptail (no clear called so having traces on command line of what happens)
 - Testing with HOTP implementation for sealing/unsealing since that forces USB module loads on each boot to remove this from failing possibilities
2023-03-08 12:45:43 -05:00
Thierry Laurion
77c2fb1e07 linux module: add linux.generateoldconfig and linux.modifydefconfig targets to help tweaking/version bumps 2022-11-05 21:05:08 +03:00
Sergii Dmytruk
55ef9912aa
Add Talos 2 boards
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-31 00:21:28 +03:00
Sergii Dmytruk
f16e92792a
Support targeting PowerPC 64
This prepares most of the modules to be build for it.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-25 20:55:39 +03:00
Sergii Dmytruk
fa8e8843c6
Expand @VAR@ placeholders in configuration files
This makes configs much less dependent on directory layout.

As of this commit the following variables are supported:
 * @BOARD_BUILD_DIR@ - absolute path under build/
 * @BLOB_DIR@ - absolute path to blobs/

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-25 13:58:40 +03:00
Thierry Laurion
97b124ab8e
adding the usb-hid kernel module inclusion under linux module when CONFIG_USB_KEYBOARD is defined
Testing points:
- None here. Board who exported "CONFIG_USB_KEYBOARD=y" have it packed under their initrd, but there is no logic loading the module yet.
2022-04-05 13:46:48 -04:00
Sergii Dmytruk
97dc552d28
Support generation of bundled kernel
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2021-07-26 12:02:08 +03:00
Thomas Clarke
194edf5424
modules/linux: Add support for building against Linux 5.10.5. All patches besides 0000-efi_bds.patch port cleanly. As a result of 0000-efi_bds.patch missing, it is strongly encouraged that no linuxboot boards use Linux 5.10.5 until a proper review has been done. 2021-01-07 19:24:03 +00:00
MrChromebox
b71f3757c1
modules/linux: add support for building with kernel 5.4.69 (#854)
* modules/linux: add support for building with kernel 5.4.69

Add support to module, port patches from 4.19.139.
Needed for newer platforms not supported by 4.19 kernel.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* CircleCI: add rysnc dependency for building kernel 5.x

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* Migrate all Librem boards to kernel 5.x, common config

Update linux-librem_common.config from 4.x to 5.x, and add
CONFIG items needed to support the librem_l1um (AST DRM drivers,
serial port output).

Tested on Librem 13v4, Librem Mini, and Librem Server L1UM.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-25 01:26:08 -04:00
MrChromebox
f23ced0a3b
Support Multiple Kernel Options (#805)
* modules/linux: Add support for multiple kernel versions

Follow same pattern as used for coreboot. Add existing kernel version
as default for all existing boards.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules/linux: Add option to use 4.19 LTS kernel

Add option to use kernel 4.19.139 (current LTS version).
Duplicate existing patches from 4.14.62 as they all apply cleanly.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-08-20 19:26:48 -04:00
Trammell hudson
66b51d3296
quiet hashing process slightly 2018-09-18 13:07:40 -04:00
Trammell hudson
54748c663a
hash the kernel 2018-09-18 12:09:47 -04:00
Trammell hudson
f712d7aefe
move limits.h dependency into modules/linux 2018-09-18 07:24:19 -04:00
Trammell Hudson
f4e25dd216
Use Linux kernel defconfig format (issue #416)
This reduces the amount of noise in the Linux kernel config files
by only storing the differences from the stock configuration.
It adds a new makefile target 'linux.saveconfig' to convert the
build tree's .config file into config/linux-linuxboot.config.
2018-08-09 12:45:53 -04:00
Trammell Hudson
c98bfe158f
update to 4.14.62 and use the linuxboot.efi BDS 2018-08-09 10:20:22 -04:00
Trammell Hudson
d400c4dd4d
update paths for Linux 4.14.56 (issue #423) 2018-07-17 06:48:06 -04:00
Trammell hudson
492b94afb5
move git hash into /etc/config instead of Linux kernel version and track clean/dirty status (#398) 2018-05-04 14:36:56 -04:00
Trammell hudson
0b644b1e19
ensure that Linux kernel is updated after a build and that busybox is not spuriously rebuilt (#397) 2018-05-03 18:03:24 -04:00
Trammell hudson
3d6eeb6a95
force re-configuration when linux or coreboot config files change (#397) 2018-05-03 16:47:09 -04:00
Trammell hudson
a772b27e5d
parallel make fixes and hacks, which seem to work and reduce excessive remaking (issue #394) 2018-05-02 11:38:39 -04:00
Trammell hudson
23e0dc84ef
option for Intel ME modules 2018-04-10 15:28:24 -04:00
Trammell hudson
e62362ddcc
Tioga Pass support, with the Broadcom BCM57302 2018-03-23 21:13:09 -04:00
Trammell hudson
ef4576e881
Enable NVMe option for winterfell 2018-02-28 14:06:53 -05:00
Trammell hudson
082a4e28ee
Merge branch 'companion-controller' of https://github.com/persmule/heads 2018-02-26 11:43:14 -05:00
Trammell hudson
b4bb4edb73
fix dependency for bzImage, allowing make -jN to work (#306) 2018-02-26 11:40:04 -05:00
persmule
baa30a2026 Add OHCI and UHCI drivers to initrd.
USB smart card readers are most full speed devices, and there is no
"rate-matching hubs" beneath the root hub on older (e.g. GM45) plat-
forms, which has companion OHCI or UHCI controllers and needs cor-
responding drivers to communicate with card readers directly plugged
into the motherboard, otherwise a discrete USB hub should be inserted
between the motherboard and the reader.

This time I make inserting linux modules for OHCI and UHCI controllable
with option CONFIG_LINUX_USB_COMPANION_CONTROLLER.

A linux config for x200 is added as an example.

Tested on my x200s and elitebook revolve 810g1.
2018-02-15 22:59:22 +08:00
Trammell hudson
fc5d21cc28
remove unused _platform modules 2018-02-13 17:46:38 -05:00
Trammell hudson
670f76889b
allow easier reconfig 2018-02-08 16:02:54 -05:00
Trammell hudson
d225527cad
move to Linux 4.9.80, add winterfell AHCI patch, qemu NMI patch #308 2018-02-07 19:07:53 -05:00
Trammell hudson
6b8dc76ae8
fix headers_install so that it does not corrupt the linux build tree #304 2018-02-06 15:56:28 -05:00
Trammell hudson
ef677fc3f2
fixup per-board Linux build so that it runs make oldconfig before starting build (issue #304) 2018-02-06 15:03:47 -05:00
Trammell hudson
d26f79bac9
coreboot and linuxboot qemu builds work 2018-02-05 17:27:12 -05:00
Trammell hudson
452aabe528
fix path to CONFIG_LINUX_CONFIG file 2018-02-05 16:27:48 -05:00
Trammell hudson
b50f8e847b
cleanup configuration options to all have the same CONFIG_MODULE_OPTION naming scheme 2018-02-05 15:59:26 -05:00
Trammell hudson
22f7442710
perform per-board Linux builds 2018-02-05 15:28:33 -05:00
Trammell hudson
cf8509e0f5
Add LinuxBoot as a module, prep for nerf branch merge (#305)
Move board configuration into `boards/` instead of `config/`
Fix mistake in building kernel module tree before kernel was done.
Allow per-board initrd builds (#278)
Allow per-board configurations for things (#304)
2018-02-05 11:27:45 -05:00
Trammell hudson
d1c6e6573f
merge from s2600wf tree 2018-02-02 16:01:58 -05:00
Trammell hudson
3cece82118
Solarflare card driver and use git hash for build user 2018-02-02 15:57:11 -05:00
Trammell hudson
39796634e3
Enable MLX4 cards, TPM, MSR, microcode and turn off vga console 2018-02-02 15:49:49 -05:00
Trammell hudson
103d435fe1
Make the AHCI and ATA drivers a module (issue #291) 2017-12-04 16:00:35 -05:00