Commit Graph

462 Commits

Author SHA1 Message Date
MrChromebox
bd7a945bbb
Inject Heads version string into coreboot LOCALVERSION... (#859)
* config/coreboot-*: drop CONFIG_LOCALVERSION
Will be injected as part of the build using $(HEADS_GIT_VERSION)
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules/coreboot: inject $(HEADS_GIT_VERSION) as CONFIG_LOCALVERSION
Needed for fwupd to handle board updates
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules/coreboot: override SMBIOS ProductName with $(BOARD)
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* Use $(BOARD)-$(HEADS_GIT_VERSION) as basis for output filename
makes builds uniquely identifiable based on board and version.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-21 11:04:27 -04:00
MrChromebox
1e5a08fa78
Librem Mini: increase size of CBFS (#863)
Increase size of CBFS to 0xC00000 (from 0x800000) to accomodate
newer/larger kernels.

Update purism-blobs module so an update/modified IFD and smaller
ME blob are used.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-20 18:20:55 -04:00
Markus Meissner
09ca500d3e
add x230-nkstorecli board config (#817)
* add x230-nkstorecli board; 
* add modules: nkstorecli, libnk, libhidapi-libusb
* version bump nkstorecli; related minor in libnk
* upd. libnk module version bump to 3.6; remove 3.5 patch
2020-10-19 10:47:22 -04:00
MrChromebox
85d7e29d18
Add new board: Purism Librem Server L1UM (#858)
* modules/coreboot: add option to use coreboot 4.11

Port patches from coreboot 4.8.1 to 4.11:
* 0000-measure-boot -> 0001
* 0010-cross-compiler-support

All other patches for coreboot 4.8.1 have either already been
integrated, or are for platforms which do not need to be migrated
to coreboot 4.11 (they will move to 4.12 or newer).

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: Add Broadwell-DE platform patch

Add a patch for FSP Broadwell-DE to make use of Heads' measured boot.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: Add patch to read serial # from CBFS

Will be used by multiple Librem boards.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: add board support for Librem Server L1UM

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* Librem Server L1UM: add new board

Add board config, coreboot config, kernel config files.
Add conditional purism-blobs dependency to coreboot-4.11 module.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* flash.sh: add special handling for librem_l1um board

Add support for persisting PCIe config via PCHSTRP9 in flash descriptor.
This is needed to support multiple variants of the L1UM server which
use the same firmware but differ in PCIe lane configuration via the
PCH straps configuration in the flash descriptor.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: Add 'Use PRIxPTR to print uintptr_t' patch

Cherry-picked from upstream coreboot (post-4.11), fixes compilation issue.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* CircleCI: add target to build board librem_l1um

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-18 14:48:25 -04:00
MrChromebox
3c24460f1a
modules/flashrom: update to add support for Comet Lake-U (#855)
Update to upstream flashrom (post v1.2) commit 4d3657b4:
Add support for Comet Lake-U/400-series PCH

kgpe-d16 patch from flashrom 1.2 still applies cleanly.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-18 10:17:34 -04:00
MrChromebox
ad8d102f8a
fbwhiptail: Fix module to specific git commit vs master (#856)
Even though repo is stable at the moment, improves reproducibility.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-16 22:43:56 -04:00
MrChromebox
92e9a24902
coreboot-4.12: Use musl-cross-make (#844)
* patches/coreboot-4.12: add cross-compiler support patch

Ported from coreboot-4.8.1, re-exported via `git diff`

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules/coreboot: use musl-cross-make to build

revert toolchain bits to pre-4.12 addition

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* config/coreboot-librem_mini: use CONFIG_ANY_TOOLCHAIN

Needed since coreboot 4.12 now built with musl-cross-make

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-02 15:12:59 -04:00
Thierry Laurion
c74564086c
Buildsystem: permit to pass CPUS=X to make to force a number of CPUS to be used if desired, else the default is detected in Makefile and pushed to submodules. If nothing specified, uses nproc and pass it to submodules. CircleCI forced to CPUS=2 2020-09-25 15:52:31 -04:00
tlaurion
51fd3b3546
Merge pull request #829 from tlaurion/flashtools_par_upstream
modules/flashtools: bring par to upstream flashtools.
2020-09-07 13:41:31 -04:00
Nathan Rennie-Waldock
7ce12fe621
Add gawk module to use if the host is running a different major version (fixes #668) (#811)
Signed-off-by: Nathan Rennie-Waldock <nathan.renniewaldock@gmail.com>
2020-09-07 08:50:01 -04:00
Thierry Laurion
4d7286991d
modules/flashtools: bring par to upstream flashtools. 2020-09-06 19:06:02 -04:00
tlaurion
480a2e1130
modules/fbwhiptail: fixate to latest commit ID to make sure Heads commit would produce the same binary signature long term. (#820) 2020-09-02 14:41:29 -04:00
MrChromebox
268fb90623
Add new board: Purism Librem Mini (#806)
* patches/coreboot-4.12: Add patch for Cannonlake ME status

Add patch print ME status regardless of enablement state

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules: add purism-blobs module

Rather than require users to manually run a script to download the required
blobs to build Purism Librem boards, automate it so the correct version
is automatically downloaded/extracted. Restrict to coreboot 4.12 for now
since 4.8.1 still needs FSP blobs, which are not in module.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* configs/linux-librem13v2: unset CONFIG_RETPOLINE

Fixes compilation issue with newer kernels, ignored by older ones
which don't need it

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* Add new board: Librem Mini

Add Librem Mini board patch for coreboot 4.12, board config and
coreboot config. Continue reusing existing librem13v2 Linux config,
same as all other Librem boards currently. Use new purism-blobs module.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* board/librem*: rename for consistency

Use 'librem_<board>' notation for consistency across all models.
Rename linux config file since used by multiple Librem models.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* CircleCI: add librem_mini board to test

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-09-02 14:39:37 -04:00
MrChromebox
f23ced0a3b
Support Multiple Kernel Options (#805)
* modules/linux: Add support for multiple kernel versions

Follow same pattern as used for coreboot. Add existing kernel version
as default for all existing boards.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules/linux: Add option to use 4.19 LTS kernel

Add option to use kernel 4.19.139 (current LTS version).
Duplicate existing patches from 4.14.62 as they all apply cleanly.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-08-20 19:26:48 -04:00
tlaurion
b14e564ac9
Fix CircleCI build problems (#808)
* CircleCI: debian:10 docker based. Give possitility to override CACHE_VERSION through CircleCI when needed
* Makefile: fix #799 with implementation of @osresearch's recommended https://github.com/osresearch/heads/issues/799#issuecomment-673059028
* modules/coreboot : indentation fix and putting version hashes together to facilitate future maintainership.
2020-08-20 15:15:46 -04:00
Matt DeVillier
5f9e59afae
modules/coreboot: Add option to build with coreboot 4.12
Add version and hash for coreboot and coreboot-blobs modules.
Adjust to use own toolchain, fix blobs path and extraction depth.

Test: build Librem 13v4 using both coreboot 4.8.1 and coreboot 4.12
(after adjusting board defconfig), verify correct toolchains used to
build each, and that teh result is a bootable ROM.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-08-13 09:51:22 -05:00
Matt DeVillier
d6292015a1
modules/hotp-verification: Update and drop patch
Update to nitrokey-hotp-verification master (c0956cf) and drop
existing patch which is no longer needed.

Test: clean build for Librem 13v2

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-30 14:26:59 -05:00
Matt DeVillier
efe30b72bf
modules/hotp-verification: update to upstream master
Update hotp-verification to Nitrokey upstream commit 03a198c4.

Test: build/boot Librem 13v4, verify Librem key verification functional.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-23 19:59:46 -05:00
tlaurion
7ea13ee000
Merge pull request #761 from Nitrokey/hotp-neutral
Fix branding issue with HOTP USB Security Dongles
2020-07-23 15:05:13 -04:00
tlaurion
9719510f39
Merge pull request #776 from tlaurion/coreboot_481
coreboot: 4.8.1 fixed in Makefile, coreboot module and board configs
2020-07-12 11:51:15 -04:00
Thierry Laurion
5f067ea908
coreboot: 4.8.1 fixed in Makefile, coreboot module and board configs (coreboot_481) to facilitate newer coreboot version integration and testing without breaking old fixed boards 2020-07-10 12:37:11 -04:00
Matt DeVillier
5cb45bbc99
Revert "upgrade gpg toolstack to latest versions"
This reverts commit 972c25de7d.

This commit broke OEM factory reset functionality, so revert it
until the issue can be properly diagnosed.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-07-07 17:50:45 -05:00
Szczepan Zalega
9c9edb0cfc
Remove pkg-config and git version use 2020-06-30 16:00:04 +02:00
alex-nitrokey
07cc2b64f5
Separate json-c module from cryptsetup module 2020-06-30 11:16:01 +02:00
alex-nitrokey
53dc659c01
Replace libremkey_htop_* by hotp_* 2020-06-25 15:35:47 +02:00
alex-nitrokey
73c9d6efc8
Merge branch 'hotp-verification-update' into hotp-neutral-merge 2020-06-24 18:17:54 +02:00
alex-nitrokey
38ba257063
Include upstream updates of hotp_verification 2020-06-24 16:31:22 +02:00
alex-nitrokey
19c1e8f1af
Clean up branch off testing stuff 2020-06-19 16:26:30 +02:00
alex-nitrokey
ff58f1524d
Fix build issue
* use --libdir to fix issue with .la files which had //lib as lib folder
* add libblkid as library
2020-06-19 16:23:16 +02:00
alex-nitrokey
4069619ead
Rename libremkey-hotp-verification module 2020-06-11 15:54:10 +02:00
alex-nitrokey
fc8c7b0e64
Merge branch 'hotp-verification-update' into hotp-neutral 2020-06-11 15:44:53 +02:00
alex-nitrokey
1ba73ac1d5
Rename CONFIG_LIBREMKEY to CONFIG_HOTPKEY 2020-06-11 15:29:51 +02:00
alex-nitrokey
1ef8d14921
Use configure parameter instead of patchfile for rpath
* hardcode rpatch patch not needed as `--disable-rpath` is available
* remove obsolete config parameters
2020-06-11 14:48:50 +02:00
alex-nitrokey
7adcd4b392
Add json-c as cryptsetup 2.3.3 dependency 2020-06-10 16:42:22 +02:00
alex-nitrokey
7b00cc679d
Upgrade cryptsetup to version 2.3.3 2020-06-10 10:24:03 +02:00
alex-nitrokey
0e349c565e
Update hotp-verification 2020-06-09 18:42:55 +02:00
Thierry Laurion
9090f1a1f9
libpng : moving archive download from sourceforge to github
Fixes #735
2020-06-03 16:51:18 -04:00
Thierry Laurion
972c25de7d
upgrade gpg toolstack to latest versions
- Remove unrecognized configure options
- fixes gawk issue #668 by upgrading to libgpg-error 1.37 instead of patching 1.32 for regex change (fixed upstream)
- move patches so they match new versions for libassuan, gpg and libgcrypt (no change)

Version change:
- gpg 2.2.10 -> 2.2.20
- libassuan 2.5.1 -> 2.5.3
- libgcrypt 1.8.3 -> 1.8.5
- libgpg-error 1.32 -> 1.37

Size changes:
- gpg                   886.5 -> 911.3 kB
- gpg-agent:            371.9 -> 376.0 kB
- scdaemon:             399.5 -> 407.8 kB
- libgpg-error.so.0     125.9 -> 130.0 kB

Unrecognized options on gpg2 toolstack:
- disable-nls and disable-asm disable-keyserver-helpers disable-hkp disable-finger disable-dns-srv disable-dns-cert and disable-wks-server
2020-05-22 15:13:06 -04:00
tlaurion
0cd1a0d04c
Revert "GPG toolstack upgrade to latest available versions (Fixes Gawk issue)" 2020-05-22 14:55:41 -04:00
tlaurion
69c7b207ba
Merge pull request #714 from tlaurion/gawk_test_over_latest_debian
GPG toolstack upgrade to latest available versions (Fixes Gawk issue)
2020-05-22 14:55:04 -04:00
Szczepan Zalega
2d50e01071
Make hotp-verification hashes same across two CIs
Move from CMake build system to GNU Make for hotp-verification
Change version to one supporting Makefile build

Fixes https://github.com/osresearch/heads/pull/724
Connected:
- https://github.com/Nitrokey/nitrokey-hotp-verification/issues/13
- https://github.com/osresearch/heads/pull/722
2020-05-22 15:17:04 +02:00
Thierry Laurion
241b0bc680
upgrade gpg toolstack to latest versions
- Remove unrecognized configure options
- fixes gawk issue #668 by upgrading to libgpg-error 1.37 instead of patching 1.32 for regex change (fixed upstream)
- move patches so they match new versions for libassuan, gpg and libgcrypt (no change)

Version change:
- gpg 2.2.10 -> 2.2.20
- libassuan 2.5.1 -> 2.5.3
- libgcrypt 1.8.3 -> 1.8.5
- libgpg-error 1.32 -> 1.37

Size changes:
- gpg 			886.5 -> 911.3 kB
- gpg-agent:		371.9 -> 376.0 kB
- scdaemon:		399.5 -> 407.8 kB
- libgpg-error.so.0	125.9 -> 130.0 kB

Unrecognized options on gpg2 toolstack:
- disable-nls and disable-asm disable-keyserver-helpers disable-hkp disable-finger disable-dns-srv disable-dns-cert and disable-wks-server
2020-05-20 13:19:51 -04:00
Matt DeVillier
b29447ef8f
modules/flashrom: update to v1.2 release
- Update flashrom module to v1.2.
- Drop Thinkpad x220 patch as it's now properly supported.
- Drop 'laptop=force_I_want_a_brick' from board FLASHROM_OPTIONS
  since it's no longer needed.
- Migrate kgpe-d16 patch.

The kgpe-d16 patch needed a complete overhaul when rebased against
flashrom v1.2, and needs close inspection/testing as a result.
The following changes were made from the previous patch:

- dropped addition of 4-byte addressing (4BA), since now supported
- dropped addtiion of Macronix MX25L256 and MX66L512 chips,
  since now supported
- added 4BA erase commands for Winbond W25Q256 chip
- dropped code to show progress indicator, since another PR already adds that

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-04-20 17:34:08 -05:00
tlaurion
f42b338de9
Merge pull request #478 from flammit/coreboot-kgpe-d16
Fix coreboot build for kgpe-d16
2020-02-22 14:17:07 -05:00
Matt DeVillier
28fedf9a7e
modules/libremkey-hotp-verification: make reproducible
Modeled after modules/tpmtotp, use a specific git commit hash for
module libremkey-hotp-verification. Add hidapi as a submodule with
dummy/placeholder in modules (like coreboot-blobs), also specified
by git commit hash. Adjust libremkey-hotp-verification patch file
name so patch applied properly.

Addresses issue #640

Test: build Librem 13v4

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-19 13:37:41 -06:00
Matt DeVillier
ad2395d3db
libremkey-hotp-verification: toolchain adjustments
Pass through new toolchain path via $(CROSS) so we can set the
c/c++ compiler paths correctly for CMake. Adjust patch to use
new paths, and fix compiler/linker paths to correct a libusb linking issue.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-01-22 12:03:05 -06:00
Francis Lam
ed3602f0ba
modules: maintain reproducibility by removing rpath 2020-01-16 09:36:42 -08:00
Francis Lam
d63d5b4508
modules: update to use full commit id
The short commit id can cause the tar archive potentially cause
the root directory in the archive to be named with the short id
causing the verification to fail
2020-01-16 09:30:48 -08:00
Francis Lam
23d0126407
kexec: update to 2.0.20
Fix issue with kexec failing to load the target kernel when
building with musl-cross-make
2020-01-16 09:30:15 -08:00
tlaurion
8e4b10922b
Merge pull request #653 from osresearch/musl-cross-make
Use musl cross make for Heads, Linux, coreboot and edk2
2020-01-15 13:15:19 -05:00
Trammell hudson
6962bfda10
lvm2: turn off buffering, which prevents segfault with new musl (#651)
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-01-09 13:27:09 +01:00
Trammell Hudson
791d064397
musl-cross-make: replace all cross compilers with musl-cross-make
Signed-off-by: Trammell Hudson <hudson@trmm.net>
2020-01-08 17:08:15 +01:00
Trammell hudson
027ae39abe
modules: add module_tar_opt to allow different strip options
Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-12-03 10:48:10 +01:00
rofl0r
7370b75945 update musl-cross to 1952975
this should fix issues with compressed ELF header sections.
2019-12-02 23:03:14 +00:00
Trammell hudson
2980eb0522
pin msrtools and tpmtotp to current git heads
Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-10-29 13:36:04 +01:00
Trammell hudson
e5038e6adf
musl-cross: crossgcc binary changed names (#617)
Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-10-29 13:26:23 +01:00
Trammell hudson
56aa508b8d
musl-cross: pin to a specific checkout (#617)
Add `--strip 1` to tar file extraction in the `Makefile`,
which ensures that the directory name in `build/` will
match the one listed in `$($(MODULE)_dir)`.

Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-10-29 13:15:56 +01:00
Trammell hudson
a37e1f434d
add Intel msrtools commands 2019-07-30 15:36:57 +02:00
tlaurion
6080219d85
tabs required instead of spaces... 2019-04-27 13:40:12 -04:00
Thierry Laurion
a15504b414
Fedora 30 fix for pinentry: remove gtk and gnome3 support. TODO: remove all unneeded config options for ALL modules 2019-04-27 13:36:05 -04:00
tlaurion
64c830e652
Merge branch 'master' into make-4.2.1 2019-04-22 21:53:43 -04:00
tlaurion
6612352a60
Merge pull request #496 from strugee/better-mirror-url
Improve mirror URLs
2019-02-28 16:12:25 -05:00
tlaurion
695993b593
Merge branch 'master' into gpg2 2019-02-08 13:29:02 -05:00
Thierry Laurion
8dd1082808
module/pinentry: disable-pinentry-qt instead of qt5
else:
make[4]: Entering directory '/home/user/heads/build/pinentry-1.1.0/qt'
g++ -DHAVE_CONFIG_H -I. -I..  -I//include -I//include  -I.. -I../secmem  -I../pinentry -Wall -I/home/user/heads/install/usr/include -I/home/user/heads/install/usr/include/QtCore -I/home/user/heads/install/usr/include/QtGui -DQT_SHARED  -g -O2 -MT pinentrydialog.o -MD -MP -MF .deps/pinentrydialog.Tpo -c -o pinentrydialog.o pinentrydialog.cpp
In file included from pinentrydialog.cpp:24:
pinentrydialog.h:27:10: fatal error: QDialog: No such file or directory
2019-01-29 11:18:14 -05:00
Itay Grudev
3bc79495bb
Disabled libsecret support in the pinentry module 2019-01-29 11:16:26 -05:00
Thierry Laurion
44d566a72a
pinentry-tty path needs to be known from gpg-agent 2019-01-26 11:51:59 -05:00
Trammell Hudson
e5a739e54c
use /bin for libexecdir and disable curses pinentry 2019-01-26 11:51:54 -05:00
Thierry Laurion
8ba3c33402
required changes to apply on top of osresearch/gpg2 for gpg2 to actually work, tools and libs updated to latest versions 2019-01-26 11:51:51 -05:00
Trammell hudson
c261907ee6
gpg2 pinentry program is required for passwords or PINs 2019-01-26 11:51:41 -05:00
tlaurion
49269f2bb4
gpg2 library fixes 2019-01-26 11:51:17 -05:00
Trammell hudson
b1736d7cb3
use full version names on output libraries 2019-01-26 11:48:26 -05:00
Trammell hudson
c1c615e677
copy gpg2 executables and pass in the libusb include path 2019-01-26 11:47:16 -05:00
Duncan Guthrie
7f1288b89c
Preliminary support for GnuPG2 2019-01-26 11:45:00 -05:00
AJ Jordan
8b28e49459
Switch popt mirror to Launchpad
Launchpad offers HTTPS downloads, whereas other more obvious mirrors
(like the one used originally, as well as rpm5.org) do not.

Note: it is unclear to whether Launchpad's tarballs will always match
the checksum from upstream tarballs. However, at least for 1.16, this
condition does indeed seem to hold true. Homebrew, FWIW, lists OpenBSD
as a mirror:

https://github.com/Homebrew/homebrew-core/blob/master/Formula/popt.rb
2018-12-13 16:39:07 -05:00
AJ Jordan
6303fbcacc
Download most resource from HTTPS
As much as possible.
2018-12-13 16:21:21 -05:00
AJ Jordan
b38e720440
Use a better GNU mirror URL
The new URL automatically redirects to a nearby, current GNU mirror.

Also, the fact that it's HTTPS helps with restrictive outbound
firewall policies that disallow plaintext traffic (for example,
using Qubes' firewall functionality).
2018-12-13 01:32:37 -05:00
Francis Lam
c559d71725
cairo: restore reproducibility
libtool needs to be patched to not write rpath to targets
2018-11-24 09:18:32 -08:00
Francis Lam
25113cb8c2
Fix coreboot build for kgpe-d16 2018-11-10 13:41:01 -08:00
Trammell Hudson
d8a3be47af
Merge branch 'coreboot-4.8' of https://github.com/flammit/heads 2018-11-07 17:04:23 -05:00
Trammell Hudson
7f83a0a028
Merge branch 'fbwhiptail_url' of https://github.com/merge/heads 2018-11-07 16:41:28 -05:00
Trammell Hudson
8fec61f6e8
Merge branch 'cryptsetup-reencrypt' of https://github.com/tlaurion/heads 2018-11-07 16:38:12 -05:00
Trammell Hudson
3f53cfe05b
Merge branch 'add_librem_key_support' of https://github.com/kylerankin/heads 2018-11-07 16:37:01 -05:00
Francis Lam
fe0f957bfc
Make lvm and slang build reproducibly again 2018-10-28 10:59:33 -07:00
Francis Lam
79c1434610
Fix DOTCONFIG in coreboot module and clean up configs 2018-10-27 14:03:45 -07:00
Trammell hudson
0bb78d343f
Use defconfig for coreboot builds 2018-10-27 11:02:23 -07:00
Francis Lam
c326ff62c7
Start updating to coreboot 4.8.1
missing librem patches
2018-10-27 11:02:23 -07:00
Martin Kepplinger
255181c02f fix the fbwhiptail source URL
The current source URL is not available anymore.

kakaroto changed his copy of heads to point to his own github account's fbwhiptail:
b13cc5e68d

But it seems that source.puri.sm/coreboot is a more accessible home for the
project.
2018-10-18 13:47:54 +02:00
Thierry Laurion
1d2fb02668 Adding cryptsetup-reencrypt support 2018-10-08 16:28:05 -04:00
Trammell hudson
aeb59e1b48
coreboot must be extracted before the xgcc symlink 2018-09-18 16:06:35 -04:00
Trammell hudson
6183d58ecc
fix config spacing and path to xgcc 2018-09-18 16:04:28 -04:00
Trammell hudson
9ab033aa06
use externally built coreboot compilers 2018-09-18 15:59:48 -04:00
Trammell hudson
66b51d3296
quiet hashing process slightly 2018-09-18 13:07:40 -04:00
Trammell hudson
54748c663a
hash the kernel 2018-09-18 12:09:47 -04:00
Trammell hudson
606600586c
coreboot-gcc target 2018-09-18 09:27:18 -04:00
Trammell hudson
f712d7aefe
move limits.h dependency into modules/linux 2018-09-18 07:24:19 -04:00
Trammell hudson
292a8bec81
patch for __alloca missing on ubuntu 18.04 (#352) 2018-09-18 06:33:15 -04:00
Trammell Hudson
fb37c5dcc8
bds-pr is on the main branch now 2018-08-13 06:31:07 -04:00
Trammell Hudson
f4e25dd216
Use Linux kernel defconfig format (issue #416)
This reduces the amount of noise in the Linux kernel config files
by only storing the differences from the stock configuration.
It adds a new makefile target 'linux.saveconfig' to convert the
build tree's .config file into config/linux-linuxboot.config.
2018-08-09 12:45:53 -04:00
Trammell Hudson
c7c4b9919c
ensure that the dxe modules will be built with the Heads cross compiler 2018-08-09 12:20:03 -04:00
Trammell Hudson
c98bfe158f
update to 4.14.62 and use the linuxboot.efi BDS 2018-08-09 10:20:22 -04:00
Trammell Hudson
d400c4dd4d
update paths for Linux 4.14.56 (issue #423) 2018-07-17 06:48:06 -04:00
Kyle Rankin
31cf85b707
Add Librem Key support to Heads
The Librem Key is a custom device USB-based security token Nitrokey is
producing for Purism and among other things it has custom firmware
created for use with Heads. In particular, when a board is configured
with CONFIG_LIBREMKEY, this custom firmware allows Heads to use the
sealed TOTP secret to also send an HOTP authentication to the Librem
Key. If the HOTP code is successful, the Librem Key will blink a green
LED, if unsuccessful it will blink red, thereby informing the user that
Heads has been tampered with without requiring them to use a phone to
validate the TOTP secret.

Heads will still use and show the TOTP secret, in case the user wants to
validate both codes (in case the Librem Key was lost or is no longer
trusted). It will also show the result of the HOTP verification (but not
the code itself), even though the user should trust only what the Librem
Key displays, so the user can confirm that both the device and Heads are
in sync. If HOTP is enabled, Heads will maintain a new TPM counter
separate from the Heads TPM counter that will increment each time HOTP
codes are checked.

This change also modifies the routines that update TOTP so that if
the Librem Key executables are present it will also update HOTP codes
and synchronize them with a Librem Key.
2018-06-19 12:27:27 -07:00
Trammell hudson
d88cc4fe3c
use tpmtotp git and add hotp command 2018-06-01 12:36:21 -04:00
Trammell hudson
c7bad87e42
update URL for popt since rpm5.or gis down (issue #421) 2018-05-29 17:28:47 -04:00
Francis Lam
bb0e13c24f
Add back flashrom support for KGPE-D16
Also fix up flashrom-x230.sh command only read bios area
2018-05-05 18:59:43 -07:00
Trammell hudson
492b94afb5
move git hash into /etc/config instead of Linux kernel version and track clean/dirty status (#398) 2018-05-04 14:36:56 -04:00
Trammell hudson
0b644b1e19
ensure that Linux kernel is updated after a build and that busybox is not spuriously rebuilt (#397) 2018-05-03 18:03:24 -04:00
Trammell hudson
3d6eeb6a95
force re-configuration when linux or coreboot config files change (#397) 2018-05-03 16:47:09 -04:00
Trammell hudson
17bcc68f5d
fix symlink install of busybox so that it happens even on parallel builds (#394) 2018-05-02 16:13:23 -04:00
Trammell hudson
3dc4672bc6
fix path to edk2/OvmfPkg for qemu-linuxboot board (#394) 2018-05-02 15:46:30 -04:00
Trammell hudson
e5740c6bfe
ensure that both coreboot.rom and linuxboot.rom are built in a parallel build (#394) 2018-05-02 14:53:54 -04:00
Trammell hudson
022ca815e4
fix external cross compiler parallel build and patch directories 2018-05-02 14:30:58 -04:00
Trammell hudson
589e67db8e
Fix linux header install path 2018-05-02 14:30:27 -04:00
Trammell hudson
a772b27e5d
parallel make fixes and hacks, which seem to work and reduce excessive remaking (issue #394) 2018-05-02 11:38:39 -04:00
Trammell hudson
ca5a7e0809
Merge branch 'flashrom' of https://github.com/kakaroto/heads 2018-04-30 17:08:51 -04:00
Trammell hudson
463f91c601
Merge branch 'cbfs-init' of https://github.com/flammit/heads 2018-04-30 16:02:16 -04:00
vejmarie
6104c5bdd4 Fix uinit setup 2018-04-30 16:14:18 +02:00
vejmarie
4c8e97eda1 Enhance parallel build 2018-04-30 14:48:24 +02:00
Francis Lam
c0f3a4bb79
Read and measure an EFI file into initrd during init 2018-04-29 19:58:44 -07:00
vejmarie
a90858c0e5 Fix u-root parallel build 2018-04-29 20:56:33 +02:00
Trammell hudson
acf16c7304
slang: disable parallel make during the install target (issue #385) 2018-04-19 20:41:49 -04:00
Trammell hudson
19ef20ed94
flashtools include cbfs reader 2018-04-19 12:54:05 -04:00
Trammell hudson
23e0dc84ef
option for Intel ME modules 2018-04-10 15:28:24 -04:00
Youness Alaoui
8ca6286ae0
Add Cairo/FBWhiptail to the build process
Enable it by default for the Librem 13 v2
2018-03-28 16:42:34 -04:00
Youness Alaoui
02145a80f5
Update flashrom to 1.0 2018-03-26 15:21:41 -04:00
Trammell hudson
e62362ddcc
Tioga Pass support, with the Broadcom BCM57302 2018-03-23 21:13:09 -04:00
Trammell hudson
f01e4076a0
fix target for non-external cross compiler build (issue #162) 2018-03-16 15:18:13 -04:00
Trammell hudson
7e52951715
fix missing ) in check for cross compiler (issue #162) 2018-03-16 13:37:24 -04:00
Trammell hudson
7f30b22b82
allow CROSS or MUSL_DIR to be set on the command line so that an external cross compiler can be used (issue #162) 2018-03-16 12:59:24 -04:00
Trammell hudson
6c041ad845
use the Makefile dependencies to setup the per-board uinit.go file (#358) 2018-03-15 15:29:36 -04:00
Trammell hudson
bac09ec191
Merge branch 'nerf' of https://github.com/vejmarie/heads into vejmarie-nerf 2018-03-15 14:46:50 -04:00
Trammell hudson
921bda774f
pre-build more of edk2 (issue #362) 2018-03-15 11:49:02 -04:00
Trammell hudson
fadbc77fe8
prebuild the edk2 OVMF for a qemu system (issue #362) 2018-03-14 20:31:47 -04:00
Jean-Marie Verdun
5bad1cc595 Move u-root.cpio pre-deletion from a global make definition to a "clean" rule 2018-03-12 21:31:58 +01:00
Jean-Marie Verdun
87ae9072b2 Add uinit.go init script for winterfell board. This is setting up the basic
storage drivers to boot locally (ATA and NVME) and kick the RSDP
2018-03-12 14:27:43 +01:00
Jean-Marie Verdun
8e69f8cdbf Automatically remove u-root.cpio before compilation. u-root doesn't do that
and if the file is soon created, it will dropped the creation of a new initramfs
2018-03-12 10:28:35 +01:00
Youness Alaoui
00c7717f70 slang: Don't error out when building slang for the 2nd time 2018-03-08 19:22:44 -05:00
Youness Alaoui
112daf475d newt: Disable compiling TCL module if tcl headers are installed in system 2018-03-08 18:42:55 -05:00
Trammell hudson
ef4576e881
Enable NVMe option for winterfell 2018-02-28 14:06:53 -05:00
Trammell hudson
495e88f175
correct flashtools repo url 2018-02-28 10:53:18 -05:00
Trammell hudson
f618f09a69
Generate a fake EBDA with kexec, removing the need for a custom xen (#227)
This modifies the segment at 0x0 so that it contains enough of a fake
Extended BIOS Data Area at addresses 0x40e and 0x413 that Xen can
correctly locate its trampoline code.

Since custom Xen is no longer required, we can remove the module,
the patches and all of the references to it in the board definition
files.
2018-02-28 10:48:35 -05:00
Trammell hudson
2facd55e44
flashtool can write to the winterfell ROM 2018-02-28 02:46:14 -05:00
Trammell hudson
7283a5397a
Merge branch 'add_whiptail' of https://github.com/kylerankin/heads 2018-02-26 16:33:34 -05:00
Kyle Rankin
1b8ac07a58
Fix bad slang modules file
The modules file had a few errors that prevented slang from being built.
First the src/elfobjs file needed to be created before make started.
Second it needed to be configured without external png, pcre and onig
libraries it doesn't need for this application.
2018-02-26 13:28:11 -08:00
Trammell hudson
082a4e28ee
Merge branch 'companion-controller' of https://github.com/persmule/heads 2018-02-26 11:43:14 -05:00
Trammell hudson
b4bb4edb73
fix dependency for bzImage, allowing make -jN to work (#306) 2018-02-26 11:40:04 -05:00
Kyle Rankin
34296b54a6
Fix bad copy/paste variable reference from TPMTOTP 2018-02-19 17:20:10 -08:00
Kyle Rankin
bb465ad513
Align tabs with previous lines 2018-02-19 16:44:24 -08:00
Kyle Rankin
88c732833a
Add whiptail binary, new libraries, and slang dependency
The whiptail binary will allow us to create GUI menus from bash scripts.
It is included in the newt library, which depends on slang. To enable,
the board configuration file should add CONFIG_SLANG=y and CONFIG_NEWT=y
2018-02-19 16:39:42 -08:00
persmule
baa30a2026 Add OHCI and UHCI drivers to initrd.
USB smart card readers are most full speed devices, and there is no
"rate-matching hubs" beneath the root hub on older (e.g. GM45) plat-
forms, which has companion OHCI or UHCI controllers and needs cor-
responding drivers to communicate with card readers directly plugged
into the motherboard, otherwise a discrete USB hub should be inserted
between the motherboard and the reader.

This time I make inserting linux modules for OHCI and UHCI controllable
with option CONFIG_LINUX_USB_COMPANION_CONTROLLER.

A linux config for x200 is added as an example.

Tested on my x200s and elitebook revolve 810g1.
2018-02-15 22:59:22 +08:00
Trammell hudson
1459e701e3
Make the Heads runtime opt-out from the initrd.cpio. #317
Allow sub-modules like u-root to opt out of the Heads runtime,
while retaining the musl-libc built tools.
2018-02-13 17:46:48 -05:00
Trammell hudson
fc5d21cc28
remove unused _platform modules 2018-02-13 17:46:38 -05:00
Trammell hudson
78543fb7c7
make zlib, busybox and musl opt-out 2018-02-13 17:37:28 -05:00
Trammell hudson
10c1f56b0a
Enable easy building with the NERF u-root tree #317
This adds a `CONFIG_UROOT=y` option to allow the busybox
runtime to be replaced with the go u-root runtime.
You must have go 1.9 or newer for it to work.

It has been tested on the OCP winterfell and qemu nodes,
and it can be specified on the build command line as well.

Nothing from `heads/initrd` or any of the tools will be
linked into the cpio file.  Only the kernel modules and the
go shell will be included.
2018-02-13 15:47:31 -05:00
Trammell hudson
e0d390c62d
Helpful targets 2018-02-13 13:20:27 -05:00
Trammell hudson
f9a9ae544f
busybox 1.28.0 (#310) 2018-02-09 12:15:35 -05:00
Trammell hudson
670f76889b
allow easier reconfig 2018-02-08 16:02:54 -05:00
Trammell hudson
f51e1c419c
do not pass in ROM= for boards that do not define one 2018-02-08 16:02:29 -05:00
Trammell hudson
f738cacdbe
use the ROM in our directory, rather than copying it into the LinuxBoot boards/ directory 2018-02-08 15:21:38 -05:00
Trammell hudson
d225527cad
move to Linux 4.9.80, add winterfell AHCI patch, qemu NMI patch #308 2018-02-07 19:07:53 -05:00
Trammell hudson
cade555c46
Merge branch 'master' of https://github.com/flammit/heads #297 2018-02-07 11:33:02 -05:00
Trammell hudson
1047e5877e
messed up musl.intermediate target #304 2018-02-06 16:21:59 -05:00
Trammell hudson
6b8dc76ae8
fix headers_install so that it does not corrupt the linux build tree #304 2018-02-06 15:56:28 -05:00
Trammell hudson
ef677fc3f2
fixup per-board Linux build so that it runs make oldconfig before starting build (issue #304) 2018-02-06 15:03:47 -05:00
Trammell hudson
14d9bd1cb3
include the Heads git hash in the xen build 2018-02-06 15:02:49 -05:00
Trammell hudson
db35de4e48
force cross compile flags for gpg (#299) 2018-02-06 11:13:20 -05:00
Trammell hudson
d26f79bac9
coreboot and linuxboot qemu builds work 2018-02-05 17:27:12 -05:00
Trammell hudson
452aabe528
fix path to CONFIG_LINUX_CONFIG file 2018-02-05 16:27:48 -05:00
Trammell hudson
b50f8e847b
cleanup configuration options to all have the same CONFIG_MODULE_OPTION naming scheme 2018-02-05 15:59:26 -05:00
Trammell hudson
22f7442710
perform per-board Linux builds 2018-02-05 15:28:33 -05:00
Trammell hudson
47a94da5ed
x230 build works on the NERF tree (#305)
Fix FAST=1 builds to actually be fast.
2018-02-05 11:56:15 -05:00
Trammell hudson
9c92a1ff4d
adventure module 2018-02-05 11:30:39 -05:00
Trammell hudson
cf8509e0f5
Add LinuxBoot as a module, prep for nerf branch merge (#305)
Move board configuration into `boards/` instead of `config/`
Fix mistake in building kernel module tree before kernel was done.
Allow per-board initrd builds (#278)
Allow per-board configurations for things (#304)
2018-02-05 11:27:45 -05:00
Trammell hudson
383f1f66a5
merge changes from master into nerf branch in preparation for closing nerf branch 2018-02-02 17:06:49 -05:00
Trammell hudson
d1c6e6573f
merge from s2600wf tree 2018-02-02 16:01:58 -05:00
Trammell hudson
1c43f25de0
Remove edk2 dependency and Makefile.nerf -- it is now part of LinuxBoot 2018-02-02 15:57:48 -05:00
Trammell hudson
3cece82118
Solarflare card driver and use git hash for build user 2018-02-02 15:57:11 -05:00
Trammell hudson
12185e0a28
fix url for LVM2 2018-02-02 15:54:01 -05:00
Trammell hudson
23bded6e8f
Merge branch 'nerf' of ssh://github.com/osresearch/heads into nerf 2018-02-02 15:51:16 -05:00
Trammell hudson
39796634e3
Enable MLX4 cards, TPM, MSR, microcode and turn off vga console 2018-02-02 15:49:49 -05:00
Francis Lam
28628d54f2
Update qubes xen version for QSB 37
For Qubes 3.2: version 4.6.6-36
For Qubes 4.0: version 4.8.2-12
2018-01-26 09:30:06 -08:00
Francis Lam
bd38a9cd58
Update to coreboot 4.7 2018-01-26 09:30:06 -08:00
Trammell hudson
1c9334553c
fix flashrom URL (#295) 2018-01-16 12:55:44 -05:00
Francis Lam
6898b84b28
Use HTTPS URL for flashrom 2018-01-02 08:53:23 -08:00
Trammell hudson
103d435fe1
Make the AHCI and ATA drivers a module (issue #291) 2017-12-04 16:00:35 -05:00
Francis Lam
61f6973c5c
Merge branch 'coreboot-4.6' 2017-12-02 14:54:48 -05:00
Francis Lam
491fe083fa
Update qubes xen version for QSB 36
For Qubes 3.2: version 4.6.6-35
For Qubes 4.0: version 4.8.2-11
2017-12-02 14:47:52 -05:00
Francis Lam
8d34bcc6bc
Update qubes xen version for QSB 34 and QSB 35
For Qubes 3.2: version 4.6.6-34
For Qubes 4.0: version 4.8.2-9
2017-10-28 15:12:39 -04:00
Francis Lam
1a34bd9d6f
Updated to coreboot 4.6
Also changed x220 and purism configs to use generic boot
2017-10-10 16:27:16 -04:00
Trammell hudson
12cea9a8e9
make coreboot an optional dependency (issue #265) 2017-09-22 16:17:05 -04:00
Trammell hudson
91ef9aeefa
Make megaraid a module so that it does not delay normal boots (issue #253) 2017-09-21 16:54:48 -04:00
Trammell hudson
796ea2870a
build appears to produce a NERFed r630 firmware image 2017-09-20 18:24:54 -04:00
Trammell hudson
81a7f18b86
build edk2 as a module for the r630 NERF firmware 2017-09-20 14:26:38 -04:00
Trammell hudson
a4d7654b1e
Build the Heads/NERF firmware for the Dell R630 server.
This development branch builds a NERF firmware for the Dell R630
server.  It does not use coreboot; instead it branches directly
from the vendor's PEI core into Linux and the Heads runtime
that is setup to be run as an EFI executable.
2017-09-20 10:29:14 -04:00
Francis Lam
41f49237c6
Added configurable xen version for Qubes 4 support
also addresses issue #238
2017-09-13 22:10:46 -04:00
Francis Lam
ec1a54c6b6
Updated to match latest qubes 3.2 xen 4.6.6-30 (issue #238) 2017-09-13 21:14:13 -04:00
Francis Lam
821e48446a
Updated to match latest qubes 3.2 xen 4.6.6-29 (issue #238) 2017-09-02 14:13:29 -04:00
Trammell Hudson
314ce7b350
bump Linux kernel to 4.9.38 (issue #224) 2017-07-18 14:25:15 -04:00
Trammell Hudson
7e5c9bf5f8
fix Xen reproducibility by not using figlet #207 2017-06-26 16:33:49 -04:00
Francis Lam
7f6f365afe
Reverted submodule name back to xen 2017-06-26 13:07:48 -04:00