Trammell hudson
91ef9aeefa
Make megaraid a module so that it does not delay normal boots (issue #253 )
2017-09-21 16:54:48 -04:00
Trammell hudson
a1c9bbb9ff
Enable MegaRaid and XFS support (issue #253 )
2017-09-21 16:18:17 -04:00
Trammell hudson
0b7e5e60a0
quiet down the output to the vga, since it is so slow to update
2017-09-21 10:34:35 -04:00
Trammell hudson
f7de7d7388
Enable all flashrom devices (issue #249 ).
...
This allows flashrom to work on the r630 NERF server, but
also increases the size of the flashrom executable significantly
since it brings in all chipset and flash types.
2017-09-21 10:26:11 -04:00
Trammell hudson
607868c0b5
document how to extract and unlock regions from r630.rom (issue #259 )
2017-09-21 10:24:16 -04:00
Trammell hudson
ddbdcd4d4d
remove unneeded foo.vol.txt output from GenVol
2017-09-21 09:34:16 -04:00
Trammell hudson
8148c970fb
expand the NERF volume to fill all available space in the ROM (issue #242 )
2017-09-20 18:59:24 -04:00
Trammell hudson
9596e73dfc
make edk2 a dep for building the DXE images
2017-09-20 18:33:05 -04:00
Trammell hudson
796ea2870a
build appears to produce a NERFed r630 firmware image
2017-09-20 18:24:54 -04:00
Trammell hudson
998736fc50
initial tools to build the nerf EFI volume that goes into the firmware
2017-09-20 17:47:48 -04:00
Trammell hudson
3a8710cf49
unquiet it for now
2017-09-20 17:47:12 -04:00
Trammell hudson
04a108912f
ignore edk2 generated files
2017-09-20 17:46:56 -04:00
Trammell hudson
81a7f18b86
build edk2 as a module for the r630 NERF firmware
2017-09-20 14:26:38 -04:00
Trammell hudson
bda821dbb9
fix patches to have the correct -p level
2017-09-20 14:26:07 -04:00
Trammell hudson
8194f2f477
allow extra options to git via the repo variable
2017-09-20 14:25:19 -04:00
Trammell hudson
33c1c9147e
ACPI tables for the r630 NERF firmware
2017-09-20 10:34:25 -04:00
Trammell hudson
a4d7654b1e
Build the Heads/NERF firmware for the Dell R630 server.
...
This development branch builds a NERF firmware for the Dell R630
server. It does not use coreboot; instead it branches directly
from the vendor's PEI core into Linux and the Heads runtime
that is setup to be run as an EFI executable.
2017-09-20 10:29:14 -04:00
Francis Lam
41f49237c6
Added configurable xen version for Qubes 4 support
...
also addresses issue #238
2017-09-13 22:10:46 -04:00
Francis Lam
ec1a54c6b6
Updated to match latest qubes 3.2 xen 4.6.6-30 (issue #238 )
2017-09-13 21:14:13 -04:00
Trammell hudson
498105c979
enable i915 native support (needed for Librem 13v2)
2017-09-06 19:07:02 -04:00
Francis Lam
821e48446a
Updated to match latest qubes 3.2 xen 4.6.6-29 (issue #238 )
2017-09-02 14:13:29 -04:00
Francis Lam
472ffd35c0
Moved kernel command line parameters to config
2017-09-02 14:13:29 -04:00
Francis Lam
7cec25542d
Allow boot without unseal of TPM LUKS key
...
Closes issue #226
Also changed to procedure to show LVM volume groups and block
device ids to aid in choosing the right combination during the
TPM LUKS key sealing process.
2017-09-02 14:13:29 -04:00
Francis Lam
26b2d49897
Allow TPM LUKS key to be set during default selection
...
Closes #222
2017-09-02 14:13:29 -04:00
Francis Lam
0897a20b84
Ensure recovery for failed default boot
...
Should close #223
Added reboot and poweroff scripts using /proc/sysrq-trigger
Also cleaned up the boot loop in generic-init
2017-09-02 14:13:29 -04:00
Francis Lam
e8f3d206c5
Strip invalid leading/trailing '/' from script params
2017-09-02 14:13:29 -04:00
Johan Grip
6f48c14d0c
Update X220 to do generic image instead of qubes.
...
Also added a script to extract the necessary blobs from a bios
dump image.
2017-08-04 22:48:27 +02:00
Trammell Hudson
9d9af31e58
fix typo and format with markdown (issue #206 )
2017-07-27 06:26:04 -04:00
Trammell Hudson
314ce7b350
bump Linux kernel to 4.9.38 (issue #224 )
2017-07-18 14:25:15 -04:00
Trammell Hudson
fcc99eca93
include version number in verify target (issue #228 )
2017-07-18 14:03:43 -04:00
Trammell Hudson
b550a7f967
rework startup scripts to combine totp prompt with boot mode selection (issue #221 )
2017-07-18 13:44:02 -04:00
Trammell Hudson
3e48f1c5e8
tweaks to make qemu run through the /bin/generic-init process
2017-07-18 13:42:19 -04:00
Trammell Hudson
36e3172c8e
disable i915 for now, since it causes screen glitches in Xen/Qubes (issue #219 )
2017-07-18 13:32:57 -04:00
Trammell Hudson
3c8adf2cf1
remove no longer required vga patch from xen (issue #227 )
2017-07-18 13:31:08 -04:00
Trammell Hudson
7aec9a2288
add support for i915 and render mode setting (issue #219 )
2017-07-18 10:10:55 -04:00
Trammell Hudson
39ade211ce
add support for fractional second timeouts in busybox read (issue #221 )
2017-07-18 09:11:05 -04:00
Trammell Hudson
f0913e9670
Merge branch 'flammit-usb-boot' pull request #200
2017-07-17 12:43:53 -04:00
Trammell Hudson
af3170ebf7
remove trailing / on the /boot device parameter
2017-07-17 12:43:14 -04:00
Trammell Hudson
831dca5124
remove older qubes-specific files, no longer required in generic boot env
2017-07-17 12:31:58 -04:00
Trammell Hudson
22282da905
default to mounting USB device on /media
2017-07-17 12:24:15 -04:00
Trammell Hudson
86f3e9f5dc
add /boot and /media to /etc/fstab on startup (issue #220 )
2017-07-17 12:22:48 -04:00
Trammell Hudson
ba98d5dda6
Merge branch 'usb-boot' of https://github.com/flammit/heads into flammit-usb-boot
2017-07-17 08:52:48 -04:00
Francis Lam
11aca354e9
Fixed edge case in kernel argument injection
...
Debian 9 installer doesn't have kernel arguments so the iommu fix
wasn't being applied properly.
2017-07-13 00:33:49 -04:00
Francis Lam
2a9ca6fdba
Fixed regression on kexec-save-key
2017-07-12 00:43:08 -04:00
Francis Lam
22a52ec4b8
Added TPM secret management to generic boot
...
Also cleaned up error handling and boot parsing edge cases
2017-07-12 00:17:45 -04:00
Francis Lam
d67360a24b
Added rollback protection to generic boot
...
Changed the checking of required hashes or required rollback state
to be right before boot, allowing the user to sign/set defaults
in interactive mode.
Also cleaned up usages of recovery and fixed iso parameter
regression.
2017-07-08 16:59:37 -04:00
Francis Lam
8004b5df2a
Added the ability to persist a default boot option
...
Similar to qubes-update, it will save then verify the hashes of
the kexec files. Once TOTP is verified, a normal boot will verify
that the file hashes and all the kexec params match and if
successful, boot directly to OS.
Also added a config option to require hash verification for
non-recovery boots, failing to recovery not met.
2017-07-04 19:49:14 -04:00
Francis Lam
ce4b91cad9
Minor tweaks to signing params and boot options
...
Also split out usb-scan to allow manual initiation of scan from
the recovery shell
2017-07-03 13:07:03 -04:00
Francis Lam
3614044fff
Added a generic boot config and persistent params
...
Refactored boot parsing code and applied that in local-init to
scan /boot for grub options and allow the user to unsafely boot
anything. This goes a long way to addressing #196 .
Optionally the user can customize those boot parameters or enforce
arbitrary hashes on the boot device by creating and signing config
files in /boot/ or /media/ or /media/kexec_iso/ISO_FILENAME/.
2017-07-02 23:01:04 -04:00
Francis Lam
76a20288a3
Tweaks to allow qubes install w/o custom script
...
usb-boot automatically uses internal xen binary / command line
when multiboot is detected.
also tweaked to evaluate/remove variable refs in kexec arguments
2017-07-02 14:27:02 -04:00