Commit Graph

101 Commits

Author SHA1 Message Date
Trammell Hudson
d8a3be47af
Merge branch 'coreboot-4.8' of https://github.com/flammit/heads 2018-11-07 17:04:23 -05:00
Trammell Hudson
3f53cfe05b
Merge branch 'add_librem_key_support' of https://github.com/kylerankin/heads 2018-11-07 16:37:01 -05:00
Youness Alaoui
03a09a1e1a
Add patches to update coreboot crossgcc to v1.52
crossgcc is now using gcc 8.1.0 which will compile without issues
if your host system has gcc 8.x
This is required if we are to build on a new system (such as latest Fedora)
2018-10-27 15:05:43 -07:00
Francis Lam
0113ecc806
Update coreboot patches condition on CONFIG_MEASURED_BOOT 2018-10-27 11:02:23 -07:00
Francis Lam
8601268a1f
Remove duplicate measurements on librem components
also fix indentation issues
2018-10-27 11:02:23 -07:00
Francis Lam
dd3ae6ee06
Update patches for librem boards 2018-10-27 11:02:23 -07:00
Francis Lam
c326ff62c7
Start updating to coreboot 4.8.1
missing librem patches
2018-10-27 11:02:23 -07:00
Trammell Hudson
c98bfe158f
update to 4.14.62 and use the linuxboot.efi BDS 2018-08-09 10:20:22 -04:00
Trammell Hudson
d400c4dd4d
update paths for Linux 4.14.56 (issue #423) 2018-07-17 06:48:06 -04:00
Kyle Rankin
ec3248dbc9
Shorten timeout for Librem Key
Currently the Librem Key tests will time out after 40 seconds, which
adds to the boot time significantly if the user wants to boot without
inserting it. This patch changes that timeout to one second.
2018-06-20 16:20:15 -07:00
Kyle Rankin
31cf85b707
Add Librem Key support to Heads
The Librem Key is a custom device USB-based security token Nitrokey is
producing for Purism and among other things it has custom firmware
created for use with Heads. In particular, when a board is configured
with CONFIG_LIBREMKEY, this custom firmware allows Heads to use the
sealed TOTP secret to also send an HOTP authentication to the Librem
Key. If the HOTP code is successful, the Librem Key will blink a green
LED, if unsuccessful it will blink red, thereby informing the user that
Heads has been tampered with without requiring them to use a phone to
validate the TOTP secret.

Heads will still use and show the TOTP secret, in case the user wants to
validate both codes (in case the Librem Key was lost or is no longer
trusted). It will also show the result of the HOTP verification (but not
the code itself), even though the user should trust only what the Librem
Key displays, so the user can confirm that both the device and Heads are
in sync. If HOTP is enabled, Heads will maintain a new TPM counter
separate from the Heads TPM counter that will increment each time HOTP
codes are checked.

This change also modifies the routines that update TOTP so that if
the Librem Key executables are present it will also update HOTP codes
and synchronize them with a Librem Key.
2018-06-19 12:27:27 -07:00
Francis Lam
bb0e13c24f
Add back flashrom support for KGPE-D16
Also fix up flashrom-x230.sh command only read bios area
2018-05-05 18:59:43 -07:00
Trammell hudson
8108e419fe
remove unused flashrom 0.9.9 patch and use new --ifd feature in its place (pr #370) 2018-04-30 17:16:06 -04:00
Youness Alaoui
16d9c405ac
Librem13v2: Update to 4.7-Purism-4
Fixes access to the EC through the Index I/O interface
Fixes AC and DC LoadLine values to avoid overheating problems
Fix Turbo mode value from EC
Change version name to have '-heads' suffix
2018-04-03 19:04:59 -04:00
Trammell hudson
7e0450113f
split Linux patches into separate files (issue #348) 2018-03-15 17:44:42 -04:00
Trammell hudson
3cbff7ed1e
split coreboot patch into measured boot, kgpe-16 and sandybridge patches (#358) 2018-03-15 15:41:46 -04:00
Youness Alaoui
8bf187b50a
Add patches to coreboot to support Librem 13 v2 with TPM
Add a new series of patches which add measurement support for skylake,
add IOMMU for skylake, fix TPM support, and add support for TPM for
the Librem 13v2 and Librem 15v3 hardware.
2018-03-14 16:27:25 -04:00
Trammell hudson
091ae92b6f
Merge branch 'KGPE-D16_port_NoTPM' of https://github.com/tlaurion/heads 2018-03-08 01:13:16 -05:00
Trammell hudson
d9808f6659
build the superiotool, which requires a hack on the pciutils lib/types.h file 2018-03-02 09:37:31 -05:00
Thierry Laurion
9eadb07280
Merging to osresearch master 2018-03-01 01:37:36 -05:00
Thierry Laurion
0f299fe4be
IKVM4 and alike SMB support into coreboot from here: https://review.coreboot.org/#/c/coreboot/+/19820/. Flashing scripts and flashrom patches. 2018-03-01 00:49:53 -05:00
Trammell hudson
f618f09a69
Generate a fake EBDA with kexec, removing the need for a custom xen (#227)
This modifies the segment at 0x0 so that it contains enough of a fake
Extended BIOS Data Area at addresses 0x40e and 0x413 that Xen can
correctly locate its trampoline code.

Since custom Xen is no longer required, we can remove the module,
the patches and all of the references to it in the board definition
files.
2018-02-28 10:48:35 -05:00
Trammell hudson
9f19cd9dc3
Merge branch 'smm-walkaround' of https://github.com/persmule/heads 2018-02-26 13:13:42 -05:00
Trammell hudson
8ced05de15
musl-cross has the correct URLs now (#324) 2018-02-26 11:39:27 -05:00
Francis Lam
ffa857d087
update mpc url for musl-cross patch 2018-02-24 14:45:55 -08:00
persmule
dadfbeb3b3 Changed to coreboot patch not to call prog_segment_loaded in smm. 2018-02-24 15:27:21 +08:00
Francis Lam
a6a5fef57f
Update qubes xen version for Qubes 4.0rc4 2018-02-19 14:29:43 -05:00
Trammell hudson
f9a9ae544f
busybox 1.28.0 (#310) 2018-02-09 12:15:35 -05:00
Trammell hudson
d225527cad
move to Linux 4.9.80, add winterfell AHCI patch, qemu NMI patch #308 2018-02-07 19:07:53 -05:00
Trammell hudson
cade555c46
Merge branch 'master' of https://github.com/flammit/heads #297 2018-02-07 11:33:02 -05:00
Trammell hudson
eb26a45361
Revert "moved to 4.8 xen"
This reverts commit 2f879be221.
2018-02-06 11:38:35 -05:00
Trammell hudson
2f879be221
moved to 4.8 xen 2018-02-05 17:38:09 -05:00
Trammell hudson
c46c078157
remove old patches 2018-02-05 16:12:32 -05:00
Trammell hudson
383f1f66a5
merge changes from master into nerf branch in preparation for closing nerf branch 2018-02-02 17:06:49 -05:00
Trammell hudson
6df5c8a18b
fix path for MPC (issue #299) 2018-02-02 16:27:57 -05:00
Francis Lam
28628d54f2
Update qubes xen version for QSB 37
For Qubes 3.2: version 4.6.6-36
For Qubes 4.0: version 4.8.2-12
2018-01-26 09:30:06 -08:00
Francis Lam
bd38a9cd58
Update to coreboot 4.7 2018-01-26 09:30:06 -08:00
Francis Lam
21004fbb77
Backport patch to build coreboot 4.6 with GCC 7
Resolves pointer and integer comparison while building crossgcc
2018-01-26 09:30:06 -08:00
Trammell hudson
4310bd4743
force cross_compile=yes for gnupg (issue #299) 2018-01-20 16:56:53 -05:00
Trammell hudson
5daeb025f2
fix path for MPC (issue #299) 2018-01-20 13:28:02 -05:00
Trammell hudson
9bdb01944b
fix patch format for edk2/Makefile 2018-01-16 12:56:03 -05:00
Trammell hudson
a3983d4fa7
patches for DxeCore to work on s2600wf 2017-12-04 18:58:15 -05:00
Trammell hudson
4e3d19b72a
fix newlines 2017-12-04 15:59:51 -05:00
Trammell hudson
5a188f5b46
Add support for building the Linux kernel as a BDS target 2017-12-04 15:30:40 -05:00
Francis Lam
5f9567c390
Fix coreboot GCC7 build issue
This is fixed in coreboot master but backporting for Heads.

Closes #241
2017-12-02 15:14:42 -05:00
Francis Lam
61f6973c5c
Merge branch 'coreboot-4.6' 2017-12-02 14:54:48 -05:00
Francis Lam
491fe083fa
Update qubes xen version for QSB 36
For Qubes 3.2: version 4.6.6-35
For Qubes 4.0: version 4.8.2-11
2017-12-02 14:47:52 -05:00
Francis Lam
8d34bcc6bc
Update qubes xen version for QSB 34 and QSB 35
For Qubes 3.2: version 4.6.6-34
For Qubes 4.0: version 4.8.2-9
2017-10-28 15:12:39 -04:00
Trammell hudson
3e5783a24f
enable serial debugging and moderate verbose output from dxe-core 2017-10-19 16:04:14 -04:00
Trammell hudson
87bd21111f
Include edk2 EmuVariableRuntimeDxe to provide efi vars (issue #270)
Remove the patch to Linux efivar_init() since we now have efi vars
for it to use.

Also link in SmbiosDxe, although it is not currently used.
2017-10-19 15:59:13 -04:00