ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 04:57:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,280 Commits 27 Branches 6 Tags 21 MiB
8ce9c9d438
Commit Graph

462 Commits

Author SHA1 Message Date
Trammell hudson
6962bfda10
lvm2: turn off buffering, which prevents segfault with new musl (#651) 
Signed-off-by: Trammell hudson <hudson@trmm.net>
 2020-01-09 13:27:09 +01:00
Trammell Hudson
791d064397
musl-cross-make: replace all cross compilers with musl-cross-make 
Signed-off-by: Trammell Hudson <hudson@trmm.net>
 2020-01-08 17:08:15 +01:00
Trammell hudson
027ae39abe
modules: add module_tar_opt to allow different strip options 
Signed-off-by: Trammell hudson <hudson@trmm.net>
 2019-12-03 10:48:10 +01:00
rofl0r
7370b75945 update musl-cross to 1952975 
this should fix issues with compressed ELF header sections.
 2019-12-02 23:03:14 +00:00
Trammell hudson
2980eb0522
pin msrtools and tpmtotp to current git heads 
Signed-off-by: Trammell hudson <hudson@trmm.net>
 2019-10-29 13:36:04 +01:00
Trammell hudson
e5038e6adf
musl-cross: crossgcc binary changed names (#617) 
Signed-off-by: Trammell hudson <hudson@trmm.net>
 2019-10-29 13:26:23 +01:00
Trammell hudson
56aa508b8d
musl-cross: pin to a specific checkout (#617) 
Add `--strip 1` to tar file extraction in the `Makefile`,
which ensures that the directory name in `build/` will
match the one listed in `$($(MODULE)_dir)`.

Signed-off-by: Trammell hudson <hudson@trmm.net>
 2019-10-29 13:15:56 +01:00
Trammell hudson
a37e1f434d
add Intel msrtools commands 2019-07-30 15:36:57 +02:00
tlaurion
6080219d85
tabs required instead of spaces... 2019-04-27 13:40:12 -04:00
Thierry Laurion
a15504b414
Fedora 30 fix for pinentry: remove gtk and gnome3 support. TODO: remove all unneeded config options for ALL modules 2019-04-27 13:36:05 -04:00
tlaurion
64c830e652
Merge branch 'master' into make-4.2.1 2019-04-22 21:53:43 -04:00
tlaurion
6612352a60
Merge pull request #496 from strugee/better-mirror-url 
Improve mirror URLs
 2019-02-28 16:12:25 -05:00
tlaurion
695993b593
Merge branch 'master' into gpg2 2019-02-08 13:29:02 -05:00
Thierry Laurion
8dd1082808
module/pinentry: disable-pinentry-qt instead of qt5 
else:
make[4]: Entering directory '/home/user/heads/build/pinentry-1.1.0/qt'
g++ -DHAVE_CONFIG_H -I. -I..  -I//include -I//include  -I.. -I../secmem  -I../pinentry -Wall -I/home/user/heads/install/usr/include -I/home/user/heads/install/usr/include/QtCore -I/home/user/heads/install/usr/include/QtGui -DQT_SHARED  -g -O2 -MT pinentrydialog.o -MD -MP -MF .deps/pinentrydialog.Tpo -c -o pinentrydialog.o pinentrydialog.cpp
In file included from pinentrydialog.cpp:24:
pinentrydialog.h:27:10: fatal error: QDialog: No such file or directory
 2019-01-29 11:18:14 -05:00
Itay Grudev
3bc79495bb
Disabled libsecret support in the pinentry module 2019-01-29 11:16:26 -05:00
Thierry Laurion
44d566a72a
pinentry-tty path needs to be known from gpg-agent 2019-01-26 11:51:59 -05:00
Trammell Hudson
e5a739e54c
use /bin for libexecdir and disable curses pinentry 2019-01-26 11:51:54 -05:00
Thierry Laurion
8ba3c33402
required changes to apply on top of osresearch/gpg2 for gpg2 to actually work, tools and libs updated to latest versions 2019-01-26 11:51:51 -05:00
Trammell hudson
c261907ee6
gpg2 pinentry program is required for passwords or PINs 2019-01-26 11:51:41 -05:00
tlaurion
49269f2bb4
gpg2 library fixes 2019-01-26 11:51:17 -05:00
Trammell hudson
b1736d7cb3
use full version names on output libraries 2019-01-26 11:48:26 -05:00
Trammell hudson
c1c615e677
copy gpg2 executables and pass in the libusb include path 2019-01-26 11:47:16 -05:00
Duncan Guthrie
7f1288b89c
Preliminary support for GnuPG2 2019-01-26 11:45:00 -05:00
AJ Jordan
8b28e49459
Switch popt mirror to Launchpad 
Launchpad offers HTTPS downloads, whereas other more obvious mirrors
(like the one used originally, as well as rpm5.org) do not.

Note: it is unclear to whether Launchpad's tarballs will always match
the checksum from upstream tarballs. However, at least for 1.16, this
condition does indeed seem to hold true. Homebrew, FWIW, lists OpenBSD
as a mirror:

https://github.com/Homebrew/homebrew-core/blob/master/Formula/popt.rb
 2018-12-13 16:39:07 -05:00
AJ Jordan
6303fbcacc
Download most resource from HTTPS 
As much as possible.
 2018-12-13 16:21:21 -05:00
AJ Jordan
b38e720440
Use a better GNU mirror URL 
The new URL automatically redirects to a nearby, current GNU mirror.

Also, the fact that it's HTTPS helps with restrictive outbound
firewall policies that disallow plaintext traffic (for example,
using Qubes' firewall functionality).
 2018-12-13 01:32:37 -05:00
Francis Lam
c559d71725
cairo: restore reproducibility 
libtool needs to be patched to not write rpath to targets
 2018-11-24 09:18:32 -08:00
Francis Lam
25113cb8c2
Fix coreboot build for kgpe-d16 2018-11-10 13:41:01 -08:00
Trammell Hudson
d8a3be47af
Merge branch 'coreboot-4.8' of https://github.com/flammit/heads 2018-11-07 17:04:23 -05:00
Trammell Hudson
7f83a0a028
Merge branch 'fbwhiptail_url' of https://github.com/merge/heads 2018-11-07 16:41:28 -05:00
Trammell Hudson
8fec61f6e8
Merge branch 'cryptsetup-reencrypt' of https://github.com/tlaurion/heads 2018-11-07 16:38:12 -05:00
Trammell Hudson
3f53cfe05b
Merge branch 'add_librem_key_support' of https://github.com/kylerankin/heads 2018-11-07 16:37:01 -05:00
Francis Lam
fe0f957bfc
Make lvm and slang build reproducibly again 2018-10-28 10:59:33 -07:00
Francis Lam
79c1434610
Fix DOTCONFIG in coreboot module and clean up configs 2018-10-27 14:03:45 -07:00
Trammell hudson
0bb78d343f
Use defconfig for coreboot builds 2018-10-27 11:02:23 -07:00
Francis Lam
c326ff62c7
Start updating to coreboot 4.8.1 
missing librem patches
 2018-10-27 11:02:23 -07:00
Martin Kepplinger
255181c02f fix the fbwhiptail source URL 
The current source URL is not available anymore.

kakaroto changed his copy of heads to point to his own github account's fbwhiptail:
b13cc5e68d

But it seems that source.puri.sm/coreboot is a more accessible home for the
project.
 2018-10-18 13:47:54 +02:00
Thierry Laurion
1d2fb02668 Adding cryptsetup-reencrypt support 2018-10-08 16:28:05 -04:00
Trammell hudson
aeb59e1b48
coreboot must be extracted before the xgcc symlink 2018-09-18 16:06:35 -04:00
Trammell hudson
6183d58ecc
fix config spacing and path to xgcc 2018-09-18 16:04:28 -04:00
Trammell hudson
9ab033aa06
use externally built coreboot compilers 2018-09-18 15:59:48 -04:00
Trammell hudson
66b51d3296
quiet hashing process slightly 2018-09-18 13:07:40 -04:00
Trammell hudson
54748c663a
hash the kernel 2018-09-18 12:09:47 -04:00
Trammell hudson
606600586c
coreboot-gcc target 2018-09-18 09:27:18 -04:00
Trammell hudson
f712d7aefe
move limits.h dependency into modules/linux 2018-09-18 07:24:19 -04:00
Trammell hudson
292a8bec81
patch for __alloca missing on ubuntu 18.04 (#352) 2018-09-18 06:33:15 -04:00
Trammell Hudson
fb37c5dcc8
bds-pr is on the main branch now 2018-08-13 06:31:07 -04:00
Trammell Hudson
f4e25dd216
Use Linux kernel defconfig format (issue #416) 
This reduces the amount of noise in the Linux kernel config files
by only storing the differences from the stock configuration.
It adds a new makefile target 'linux.saveconfig' to convert the
build tree's .config file into config/linux-linuxboot.config.
 2018-08-09 12:45:53 -04:00
Trammell Hudson
c7c4b9919c
ensure that the dxe modules will be built with the Heads cross compiler 2018-08-09 12:20:03 -04:00
Trammell Hudson
c98bfe158f
update to 4.14.62 and use the linuxboot.efi BDS 2018-08-09 10:20:22 -04:00
Trammell Hudson
d400c4dd4d
update paths for Linux 4.14.56 (issue #423) 2018-07-17 06:48:06 -04:00
Kyle Rankin
31cf85b707
Add Librem Key support to Heads 
The Librem Key is a custom device USB-based security token Nitrokey is
producing for Purism and among other things it has custom firmware
created for use with Heads. In particular, when a board is configured
with CONFIG_LIBREMKEY, this custom firmware allows Heads to use the
sealed TOTP secret to also send an HOTP authentication to the Librem
Key. If the HOTP code is successful, the Librem Key will blink a green
LED, if unsuccessful it will blink red, thereby informing the user that
Heads has been tampered with without requiring them to use a phone to
validate the TOTP secret.

Heads will still use and show the TOTP secret, in case the user wants to
validate both codes (in case the Librem Key was lost or is no longer
trusted). It will also show the result of the HOTP verification (but not
the code itself), even though the user should trust only what the Librem
Key displays, so the user can confirm that both the device and Heads are
in sync. If HOTP is enabled, Heads will maintain a new TPM counter
separate from the Heads TPM counter that will increment each time HOTP
codes are checked.

This change also modifies the routines that update TOTP so that if
the Librem Key executables are present it will also update HOTP codes
and synchronize them with a Librem Key.
 2018-06-19 12:27:27 -07:00
Trammell hudson
d88cc4fe3c
use tpmtotp git and add hotp command 2018-06-01 12:36:21 -04:00
Trammell hudson
c7bad87e42
update URL for popt since rpm5.or gis down (issue #421) 2018-05-29 17:28:47 -04:00
Francis Lam
bb0e13c24f
Add back flashrom support for KGPE-D16 
Also fix up flashrom-x230.sh command only read bios area
 2018-05-05 18:59:43 -07:00
Trammell hudson
492b94afb5
move git hash into /etc/config instead of Linux kernel version and track clean/dirty status (#398) 2018-05-04 14:36:56 -04:00
Trammell hudson
0b644b1e19
ensure that Linux kernel is updated after a build and that busybox is not spuriously rebuilt (#397) 2018-05-03 18:03:24 -04:00
Trammell hudson
3d6eeb6a95
force re-configuration when linux or coreboot config files change (#397) 2018-05-03 16:47:09 -04:00
Trammell hudson
17bcc68f5d
fix symlink install of busybox so that it happens even on parallel builds (#394) 2018-05-02 16:13:23 -04:00
Trammell hudson
3dc4672bc6
fix path to edk2/OvmfPkg for qemu-linuxboot board (#394) 2018-05-02 15:46:30 -04:00
Trammell hudson
e5740c6bfe
ensure that both coreboot.rom and linuxboot.rom are built in a parallel build (#394) 2018-05-02 14:53:54 -04:00
Trammell hudson
022ca815e4
fix external cross compiler parallel build and patch directories 2018-05-02 14:30:58 -04:00
Trammell hudson
589e67db8e
Fix linux header install path 2018-05-02 14:30:27 -04:00
Trammell hudson
a772b27e5d
parallel make fixes and hacks, which seem to work and reduce excessive remaking (issue #394) 2018-05-02 11:38:39 -04:00
Trammell hudson
ca5a7e0809
Merge branch 'flashrom' of https://github.com/kakaroto/heads 2018-04-30 17:08:51 -04:00
Trammell hudson
463f91c601
Merge branch 'cbfs-init' of https://github.com/flammit/heads 2018-04-30 16:02:16 -04:00
vejmarie
6104c5bdd4 Fix uinit setup 2018-04-30 16:14:18 +02:00
vejmarie
4c8e97eda1 Enhance parallel build 2018-04-30 14:48:24 +02:00
Francis Lam
c0f3a4bb79
Read and measure an EFI file into initrd during init 2018-04-29 19:58:44 -07:00
vejmarie
a90858c0e5 Fix u-root parallel build 2018-04-29 20:56:33 +02:00
Trammell hudson
acf16c7304
slang: disable parallel make during the install target (issue #385) 2018-04-19 20:41:49 -04:00
Trammell hudson
19ef20ed94
flashtools include cbfs reader 2018-04-19 12:54:05 -04:00
Trammell hudson
23e0dc84ef
option for Intel ME modules 2018-04-10 15:28:24 -04:00
Youness Alaoui
8ca6286ae0
Add Cairo/FBWhiptail to the build process 
Enable it by default for the Librem 13 v2
 2018-03-28 16:42:34 -04:00
Youness Alaoui
02145a80f5
Update flashrom to 1.0 2018-03-26 15:21:41 -04:00
Trammell hudson
e62362ddcc
Tioga Pass support, with the Broadcom BCM57302 2018-03-23 21:13:09 -04:00
Trammell hudson
f01e4076a0
fix target for non-external cross compiler build (issue #162) 2018-03-16 15:18:13 -04:00
Trammell hudson
7e52951715
fix missing ) in check for cross compiler (issue #162) 2018-03-16 13:37:24 -04:00
Trammell hudson
7f30b22b82
allow CROSS or MUSL_DIR to be set on the command line so that an external cross compiler can be used (issue #162) 2018-03-16 12:59:24 -04:00
Trammell hudson
6c041ad845
use the Makefile dependencies to setup the per-board uinit.go file (#358) 2018-03-15 15:29:36 -04:00
Trammell hudson
bac09ec191
Merge branch 'nerf' of https://github.com/vejmarie/heads into vejmarie-nerf 2018-03-15 14:46:50 -04:00
Trammell hudson
921bda774f
pre-build more of edk2 (issue #362) 2018-03-15 11:49:02 -04:00
Trammell hudson
fadbc77fe8
prebuild the edk2 OVMF for a qemu system (issue #362) 2018-03-14 20:31:47 -04:00
Jean-Marie Verdun
5bad1cc595 Move u-root.cpio pre-deletion from a global make definition to a "clean" rule 2018-03-12 21:31:58 +01:00
Jean-Marie Verdun
87ae9072b2 Add uinit.go init script for winterfell board. This is setting up the basic 
storage drivers to boot locally (ATA and NVME) and kick the RSDP
 2018-03-12 14:27:43 +01:00
Jean-Marie Verdun
8e69f8cdbf Automatically remove u-root.cpio before compilation. u-root doesn't do that 
and if the file is soon created, it will dropped the creation of a new initramfs
 2018-03-12 10:28:35 +01:00
Youness Alaoui
00c7717f70 slang: Don't error out when building slang for the 2nd time 2018-03-08 19:22:44 -05:00
Youness Alaoui
112daf475d newt: Disable compiling TCL module if tcl headers are installed in system 2018-03-08 18:42:55 -05:00
Trammell hudson
ef4576e881
Enable NVMe option for winterfell 2018-02-28 14:06:53 -05:00
Trammell hudson
495e88f175
correct flashtools repo url 2018-02-28 10:53:18 -05:00
Trammell hudson
f618f09a69
Generate a fake EBDA with kexec, removing the need for a custom xen (#227) 
This modifies the segment at 0x0 so that it contains enough of a fake
Extended BIOS Data Area at addresses 0x40e and 0x413 that Xen can
correctly locate its trampoline code.

Since custom Xen is no longer required, we can remove the module,
the patches and all of the references to it in the board definition
files.
 2018-02-28 10:48:35 -05:00
Trammell hudson
2facd55e44
flashtool can write to the winterfell ROM 2018-02-28 02:46:14 -05:00
Trammell hudson
7283a5397a
Merge branch 'add_whiptail' of https://github.com/kylerankin/heads 2018-02-26 16:33:34 -05:00
Kyle Rankin
1b8ac07a58
Fix bad slang modules file 
The modules file had a few errors that prevented slang from being built.
First the src/elfobjs file needed to be created before make started.
Second it needed to be configured without external png, pcre and onig
libraries it doesn't need for this application.
 2018-02-26 13:28:11 -08:00
Trammell hudson
082a4e28ee
Merge branch 'companion-controller' of https://github.com/persmule/heads 2018-02-26 11:43:14 -05:00
Trammell hudson
b4bb4edb73
fix dependency for bzImage, allowing make -jN to work (#306) 2018-02-26 11:40:04 -05:00
Kyle Rankin
34296b54a6
Fix bad copy/paste variable reference from TPMTOTP 2018-02-19 17:20:10 -08:00
Kyle Rankin
bb465ad513
Align tabs with previous lines 2018-02-19 16:44:24 -08:00
Kyle Rankin
88c732833a
Add whiptail binary, new libraries, and slang dependency 
The whiptail binary will allow us to create GUI menus from bash scripts.
It is included in the newt library, which depends on slang. To enable,
the board configuration file should add CONFIG_SLANG=y and CONFIG_NEWT=y
 2018-02-19 16:39:42 -08:00
persmule
baa30a2026 Add OHCI and UHCI drivers to initrd. 
USB smart card readers are most full speed devices, and there is no
"rate-matching hubs" beneath the root hub on older (e.g. GM45) plat-
forms, which has companion OHCI or UHCI controllers and needs cor-
responding drivers to communicate with card readers directly plugged
into the motherboard, otherwise a discrete USB hub should be inserted
between the motherboard and the reader.

This time I make inserting linux modules for OHCI and UHCI controllable
with option CONFIG_LINUX_USB_COMPANION_CONTROLLER.

A linux config for x200 is added as an example.

Tested on my x200s and elitebook revolve 810g1.
 2018-02-15 22:59:22 +08:00
Trammell hudson
1459e701e3
Make the Heads runtime opt-out from the initrd.cpio. #317 
Allow sub-modules like u-root to opt out of the Heads runtime,
while retaining the musl-libc built tools.
 2018-02-13 17:46:48 -05:00
Trammell hudson
fc5d21cc28
remove unused _platform modules 2018-02-13 17:46:38 -05:00
Trammell hudson
78543fb7c7
make zlib, busybox and musl opt-out 2018-02-13 17:37:28 -05:00
Trammell hudson
10c1f56b0a
Enable easy building with the NERF u-root tree #317 
This adds a `CONFIG_UROOT=y` option to allow the busybox
runtime to be replaced with the go u-root runtime.
You must have go 1.9 or newer for it to work.

It has been tested on the OCP winterfell and qemu nodes,
and it can be specified on the build command line as well.

Nothing from `heads/initrd` or any of the tools will be
linked into the cpio file.  Only the kernel modules and the
go shell will be included.
 2018-02-13 15:47:31 -05:00
Trammell hudson
e0d390c62d
Helpful targets 2018-02-13 13:20:27 -05:00
Trammell hudson
f9a9ae544f
busybox 1.28.0 (#310) 2018-02-09 12:15:35 -05:00
Trammell hudson
670f76889b
allow easier reconfig 2018-02-08 16:02:54 -05:00
Trammell hudson
f51e1c419c
do not pass in ROM= for boards that do not define one 2018-02-08 16:02:29 -05:00
Trammell hudson
f738cacdbe
use the ROM in our directory, rather than copying it into the LinuxBoot boards/ directory 2018-02-08 15:21:38 -05:00
Trammell hudson
d225527cad
move to Linux 4.9.80, add winterfell AHCI patch, qemu NMI patch #308 2018-02-07 19:07:53 -05:00
Trammell hudson
cade555c46
Merge branch 'master' of https://github.com/flammit/heads #297 2018-02-07 11:33:02 -05:00
Trammell hudson
1047e5877e
messed up musl.intermediate target #304 2018-02-06 16:21:59 -05:00
Trammell hudson
6b8dc76ae8
fix headers_install so that it does not corrupt the linux build tree #304 2018-02-06 15:56:28 -05:00
Trammell hudson
ef677fc3f2
fixup per-board Linux build so that it runs make oldconfig before starting build (issue #304) 2018-02-06 15:03:47 -05:00
Trammell hudson
14d9bd1cb3
include the Heads git hash in the xen build 2018-02-06 15:02:49 -05:00
Trammell hudson
db35de4e48
force cross compile flags for gpg (#299) 2018-02-06 11:13:20 -05:00
Trammell hudson
d26f79bac9
coreboot and linuxboot qemu builds work 2018-02-05 17:27:12 -05:00
Trammell hudson
452aabe528
fix path to CONFIG_LINUX_CONFIG file 2018-02-05 16:27:48 -05:00
Trammell hudson
b50f8e847b
cleanup configuration options to all have the same CONFIG_MODULE_OPTION naming scheme 2018-02-05 15:59:26 -05:00
Trammell hudson
22f7442710
perform per-board Linux builds 2018-02-05 15:28:33 -05:00
Trammell hudson
47a94da5ed
x230 build works on the NERF tree (#305) 
Fix FAST=1 builds to actually be fast.
 2018-02-05 11:56:15 -05:00
Trammell hudson
9c92a1ff4d
adventure module 2018-02-05 11:30:39 -05:00
Trammell hudson
cf8509e0f5
Add LinuxBoot as a module, prep for nerf branch merge (#305) 
Move board configuration into `boards/` instead of `config/`
Fix mistake in building kernel module tree before kernel was done.
Allow per-board initrd builds (#278)
Allow per-board configurations for things (#304)
 2018-02-05 11:27:45 -05:00
Trammell hudson
383f1f66a5
merge changes from master into nerf branch in preparation for closing nerf branch 2018-02-02 17:06:49 -05:00
Trammell hudson
d1c6e6573f
merge from s2600wf tree 2018-02-02 16:01:58 -05:00
Trammell hudson
1c43f25de0
Remove edk2 dependency and Makefile.nerf -- it is now part of LinuxBoot 2018-02-02 15:57:48 -05:00
Trammell hudson
3cece82118
Solarflare card driver and use git hash for build user 2018-02-02 15:57:11 -05:00
Trammell hudson
12185e0a28
fix url for LVM2 2018-02-02 15:54:01 -05:00
Trammell hudson
23bded6e8f
Merge branch 'nerf' of ssh://github.com/osresearch/heads into nerf 2018-02-02 15:51:16 -05:00
Trammell hudson
39796634e3
Enable MLX4 cards, TPM, MSR, microcode and turn off vga console 2018-02-02 15:49:49 -05:00
Francis Lam
28628d54f2
Update qubes xen version for QSB 37 
For Qubes 3.2: version 4.6.6-36
For Qubes 4.0: version 4.8.2-12
 2018-01-26 09:30:06 -08:00
Francis Lam
bd38a9cd58
Update to coreboot 4.7 2018-01-26 09:30:06 -08:00
Trammell hudson
1c9334553c
fix flashrom URL (#295) 2018-01-16 12:55:44 -05:00
Francis Lam
6898b84b28
Use HTTPS URL for flashrom 2018-01-02 08:53:23 -08:00
Trammell hudson
103d435fe1
Make the AHCI and ATA drivers a module (issue #291) 2017-12-04 16:00:35 -05:00
Francis Lam
61f6973c5c
Merge branch 'coreboot-4.6' 2017-12-02 14:54:48 -05:00
Francis Lam
491fe083fa
Update qubes xen version for QSB 36 
For Qubes 3.2: version 4.6.6-35
For Qubes 4.0: version 4.8.2-11
 2017-12-02 14:47:52 -05:00
Francis Lam
8d34bcc6bc
Update qubes xen version for QSB 34 and QSB 35 
For Qubes 3.2: version 4.6.6-34
For Qubes 4.0: version 4.8.2-9
 2017-10-28 15:12:39 -04:00
Francis Lam
1a34bd9d6f
Updated to coreboot 4.6 
Also changed x220 and purism configs to use generic boot
 2017-10-10 16:27:16 -04:00
Trammell hudson
12cea9a8e9
make coreboot an optional dependency (issue #265) 2017-09-22 16:17:05 -04:00
Trammell hudson
91ef9aeefa
Make megaraid a module so that it does not delay normal boots (issue #253) 2017-09-21 16:54:48 -04:00
Trammell hudson
796ea2870a
build appears to produce a NERFed r630 firmware image 2017-09-20 18:24:54 -04:00
Trammell hudson
81a7f18b86
build edk2 as a module for the r630 NERF firmware 2017-09-20 14:26:38 -04:00
Trammell hudson
a4d7654b1e
Build the Heads/NERF firmware for the Dell R630 server. 
This development branch builds a NERF firmware for the Dell R630
server.  It does not use coreboot; instead it branches directly
from the vendor's PEI core into Linux and the Heads runtime
that is setup to be run as an EFI executable.
 2017-09-20 10:29:14 -04:00
Francis Lam
41f49237c6
Added configurable xen version for Qubes 4 support 
also addresses issue #238
 2017-09-13 22:10:46 -04:00
Francis Lam
ec1a54c6b6
Updated to match latest qubes 3.2 xen 4.6.6-30 (issue #238) 2017-09-13 21:14:13 -04:00
Francis Lam
821e48446a
Updated to match latest qubes 3.2 xen 4.6.6-29 (issue #238) 2017-09-02 14:13:29 -04:00
Trammell Hudson
314ce7b350
bump Linux kernel to 4.9.38 (issue #224) 2017-07-18 14:25:15 -04:00
Trammell Hudson
7e5c9bf5f8
fix Xen reproducibility by not using figlet #207 2017-06-26 16:33:49 -04:00
Francis Lam
7f6f365afe
Reverted submodule name back to xen 2017-06-26 13:07:48 -04:00
Francis Lam
c2ec62bfcd
Changed xen submodule to track Qubes Xen 
Closes #159
 2017-06-23 23:01:20 -04:00
Trammell Hudson
265424b101
do not enable libkmod (issue #164) 2017-06-13 10:45:33 -04:00
Trammell Hudson
964b967c9e
Use kernel headers from our Linux kernel tree (issue #188) 2017-04-17 16:09:06 -04:00
Trammell Hudson
bf95aa1839
use 0.3.0 release of tpmtotp 2017-04-12 08:46:56 -04:00
Trammell Hudson
122bacab37
use xen.gz since we have zlib support in kexec again (issue #170) 2017-04-12 06:50:57 -04:00
Trammell Hudson
7a9ab72144
import the seal/unseal totp scripts since they are very specialized to the heads install, skip owner password if not required (issue #151) 2017-04-12 06:49:39 -04:00
Trammell Hudson
1043517371
typo in $(CROSS_TOOLS_NOCC), building xen with system ld (issue #173) 2017-04-09 16:09:17 -04:00
Trammell Hudson
132d26de05
do two make passes to avoid concurrency errors in lvm2 (issue #175) 2017-04-09 02:49:42 -04:00
Trammell Hudson
740f197487
Linux does not need the musl-libc, just the cross compiler (issue #175) 2017-04-09 02:11:18 -04:00
Trammell Hudson
a42aaa37c6
xen depends on musl-cross (issue #175) 2017-04-08 17:46:21 -04:00
Trammell Hudson
46a2ae8c2b
disable more unnecessary LVM components 2017-04-08 14:30:50 -04:00
Trammell Hudson
07eb5e9717
Define $(CROSS_TOOLS) to ensure reproducible builds (issue #173) 
Each of the submodule configuration files defined a subset of the
cross compiler tools that it used and many were picking up the
system `ar`, `nm`, `strip, `ld`, etc.  They all now use a `Makefile`
macro that defines the path to the proper cross compiler tools.

For ones that need the tools, but not the musl-libc gcc,
there is $(CROSS_TOOLS_NOCC) that is all of them without gcc.
This is for musl-libc itself, as well as xen and the Linux kernel.
 2017-04-08 13:23:34 -04:00
Trammell Hudson
9fb1f247ad
use cross compiler ar (issue #166) 2017-04-07 11:28:36 -04:00
Trammell Hudson
2b0b6f33c0
use cross compiler ar (issue #166) 2017-04-07 11:19:44 -04:00
Trammell Hudson
ea175466a0
use cross compiler ar (issue #166) 2017-04-07 10:57:19 -04:00
Trammell Hudson
8241f190ac
use cross compiler ar (issue #166) 2017-04-07 10:48:46 -04:00
Trammell Hudson
75117c0e5b
reconfigure submodules if their config files ever change (issue #172) 2017-04-07 10:34:57 -04:00
Trammell Hudson
300b17fa25
add dropbear ssh to qubes and moc configurations (issue #169) 2017-04-07 09:53:02 -04:00
Trammell Hudson
ac74b92157
re-enable zlib and use it in kexec (issue #170) 2017-04-07 09:51:49 -04:00
Trammell Hudson
3c07e27d73
prefix should not be empty 2017-04-07 09:51:15 -04:00
Trammell Hudson
f65136c1a2
parallel crosscompiler build (issue #168) 2017-04-07 08:59:25 -04:00
Trammell Hudson
6b0013e038
use the non-musl-libc wrapped gcc (issue #167) 2017-04-06 17:28:12 -04:00
Trammell Hudson
c76a618b1e
use our cross compiler ld (issue #166) 2017-04-06 17:02:14 -04:00
Trammell Hudson
7c8f86bc52
lvm2 builds reproducibly again (issue #166) 2017-04-06 16:44:48 -04:00
Trammell Hudson
2b55d8bcf8
use our cross compiler ar, not /usr/bin/ar (issue #166) 2017-04-06 16:22:40 -04:00
Trammell Hudson
96fe3f3f09
replaced PREFIX= with DESTDIR= to make builds reproducible (issue #166) 2017-04-06 16:01:56 -04:00
Trammell Hudson
09718fc97e
replace __FILE__ with "__FILE__" to make Xen reproducible (issue #166) 2017-04-06 15:58:51 -04:00
Trammell Hudson
350a3564b1
move usb-storage into a kernel module (issue #160) 2017-04-05 19:20:53 -04:00
Trammell Hudson
a2e51a599c
fix build to avoid libusb installed on host system 2017-04-05 18:07:50 -04:00
Trammell Hudson
a1efbb8e02
fix build to avoid libusb installed on host system 2017-04-05 18:06:42 -04:00
Trammell Hudson
71f6cf3315
hash update 2017-04-05 18:01:36 -04:00
Trammell Hudson
0da184fe01
Enable gpg with card support (issue #32) 2017-04-05 17:59:49 -04:00
Trammell Hudson
3d79f51e4a
Build lvm command line utility (issue #80) 
Replace libuuid with util-linux libuuid (and libblkid,
although we are not using libblkid right now).

This also requires a much larger coreboot cbfs, which was
fixed as part of issue #154.
 2017-04-03 17:13:59 -04:00
Trammell Hudson
392599b90b
have xen output the xen executable for x230-qubes (issue #84) 2017-04-03 17:13:07 -04:00
Trammell Hudson
cd584c4fad
remove unused platform modules 2017-04-03 17:10:22 -04:00
Trammell Hudson
4e71017bea
bump xen to 4.6.4 (issue #153) 2017-04-02 21:45:10 -04:00
Trammell Hudson
7045d02794
move to Linux 4.9.20 (issue #149) 2017-03-31 15:59:37 -04:00
Trammell Hudson
858b48d304
use our specific strip program to ensure reproducibility (issue #148) 2017-03-31 15:26:41 -04:00
Trammell Hudson
8544c5fe6d
busybox 1.26.2 update (issue #148) 2017-03-31 14:53:01 -04:00
Trammell Hudson
2db3c33866
fix IDSDIR to make pciutils reproducible (issue #147) 2017-03-31 14:33:15 -04:00
Trammell Hudson
3241499ee3
pciutils fails on first build if both install and install-lib are specified 2017-03-31 13:05:05 -04:00
Trammell Hudson
4141c75c8c
make kexec work with the modular build 2017-03-31 11:59:18 -04:00
Trammell Hudson
c40748aa25
Build time configuration for startup scripts and modules. 
This addresses multiple issues:

* Issue #63: initrd is build fresh each time, so tracked files do not matter.
* Issue #144: build time configuration
* Issue #123: allows us to customize the startup experience
* Issue #122: manual start-xen will go away
* Issue #25: tpmtotp PCRs are updated after reading the secret
* Issue #16: insmod now meaures modules
 2017-03-31 11:18:46 -04:00
Trammell Hudson
8589370708
Flash writing from userspace works (issue #17). 
Reduce the size of flashrom by commenting out most flash chips,
boards and programmers.

Wrapper script to make it easier to rewrite the ROM on the x230
using the flashrom layout.

Keep the entire 12 MB ROM for flashing.
 2017-03-30 17:12:22 -04:00
Trammell Hudson
9feb094701
enable flashrom and pciutils to allow the boot ROM to be re-written (issue #17) 2017-03-30 14:35:30 -04:00
Trammell Hudson
9666f52e44
bioswrite tool (beta, untested!) 2017-03-30 11:59:55 -04:00
Trammell Hudson
40c9db0416
wait until the coreboot tree is unpacked before building xgcc 2017-03-29 18:00:54 -04:00
Trammell Hudson
8f63763e53
install symlinks directly into initrd 2017-03-29 16:49:07 -04:00
Trammell Hudson
ab0476ad2f
Remove populate-lib, rework libraries and kernel module installation. 
The populate-lib program was buggy on some systems and could accidentally
introduce unwanted libraries into the initrd.  The Makefile now uses the
modules' $(module_libraries) variable to select which libraries should be
installed into the initrd.

Kernel modules are now stripped and installed using a similar system.
 2017-03-29 15:15:03 -04:00
Trammell Hudson
418ceaf733
make USB a module, strip debug info (issue #139) 2017-03-28 17:05:04 -04:00
Trammell Hudson
8384201e9c
Change ethernet drivers to be modules and measure them when they are loaded. 
This is a step towards unifying the server and laptop config (issue #139)
and also makes it possible to later remove the USB modules from the
normal boot path.
 2017-03-28 16:32:58 -04:00
Trammell Hudson
f0e42d65ab
use git tpmtotp on the moc branch for development 2017-03-27 06:41:38 -04:00
Trammell Hudson
0ddd56b3c5
bump mbedssl version to 2.4.2 2017-03-27 06:41:13 -04:00
Trammell Hudson
aa473a0dea
limit parallel make load (issue #131) 2017-03-22 11:53:08 -04:00
Trammell Hudson
9d638c8f8d
use relative outputs for musl-gcc and cross-gcc, clean up coreboot.rom (issue #62) 2017-03-22 11:52:45 -04:00
Trammell Hudson
3632c35da6
Linux kernel depends on musl-cross (issue #130) 2017-03-20 14:52:03 -04:00
Trammell Hudson
356e9307a2
parameterize number of parallel make jobs (issue #125) 2017-03-18 10:50:37 -04:00
Trammell Hudson
26b323d2ac
use /bin/echo instead of built in echo (issue #106) 2017-02-28 15:54:49 -05:00
Trammell Hudson
453317921a
fix Makefile generation in musl-cross build (issue #106) 2017-02-26 12:52:49 -05:00
Trammell Hudson
b8508ffe94
use BUILD_TIMELESS to avoid timestamps in coreboot when not in a git tree (issue #104) 2017-02-01 13:39:56 -05:00
Trammell Hudson
cc8151749e
use coreboot-4.5 release with a patch against the source tree (issue #102) 2017-02-01 11:50:52 -05:00
Trammell Hudson
8f7debc52f
bump tpmtotp version to v0.2.1 2017-02-01 11:50:02 -05:00
Trammell Hudson
fe4eab2a7e
use Linux 4.9.7 kernel (issue #103) 2017-02-01 11:47:43 -05:00
Trammell Hudson
267b355766
use v0.2.0 release of tpmtotp instead of git (issue #102) 2017-02-01 11:21:53 -05:00
Trammell Hudson
1b9f99617a
wrong path to correct strip binary (issue #100) 2017-02-01 10:25:17 -05:00
Trammell Hudson
e051915707
use musl-libc cross compiler strip (issue #100) 2017-01-31 14:57:41 -05:00
Trammell Hudson
3008bb6945
Make musl-cross a normal Heads module. 
This merges pull request #99 by @blackwellops and removes
the ./bootstrap script since the musl-cross can be built as
part of the normal dependency tree.
 2017-01-31 13:22:43 -05:00
Trammell Hudson
d64caac4db
silence the builds 2017-01-28 20:42:26 -05:00
Trammell Hudson
26ef81f5fb
coreboot flags to strip build paths (issue #95) 2017-01-28 20:21:47 -05:00
Trammell Hudson
1ec00592af
pass in flags to make Linux kernel reproducible (issue #94) 2017-01-28 18:38:29 -05:00
Trammell Hudson
1411dffb6a
Make modules not depend on build path (issue #1). 
Use --prefix="" to ensure that no destination paths are in libraries.

Use -fdebug-prefix-map to rewrite build path so that it does not
appear in the executables.

Use -gno-record-gcc-switches to ensure that the -fdebug-prefix-map
does not appear in the executables.
 2017-01-28 13:14:56 -05:00
Trammell Hudson
19cb1bcb73
use bootstrap built crossgcc 2017-01-28 13:14:48 -05:00
Trammell Hudson
8ca440b7ae
allow $(heads_cc) to contain spaces 2017-01-28 12:16:34 -05:00
Trammell Hudson
2213500000
bootstrap the musl-libc gcc cross compiler and use it to build everything except coreboot 2017-01-27 18:01:25 -05:00
Trammell Hudson
24e54a65f6
Build GNU make-4.2 if the system make is the wrong version (issue #88). 
Change all of the builds to use $(MAKE) instead of the /usr/bin/make.

Download and build GNU make-4.2 if the wrong version is installed
on the system.

Re-invoke build/make-4.2/make with the target that was passed in once
the correct make has been built.
 2017-01-27 18:00:50 -05:00
iseeareddoor
85dcbf6687
modules/coreboot: remove 'time' for dash compat 
the 'time' builtin is a bashism whichis not supported in Debian's standard sh ('dash'), which is used implicitly here.
 2017-01-23 13:35:48 -05:00
Trammell Hudson
5b3ca49a15
force kexec to build 64-bit version, otherwise xen fails to load 2017-01-05 04:29:56 -05:00
Trammell Hudson
bf914e7156
make clean before install; crosscompile failed? 2017-01-04 17:05:29 -05:00
Trammell Hudson
58ff95818e
Working build with musl-libc cross compiler (issue #77). 
Pass in the --host argument to all of the various programs
that need to treat the configure scripts as cross compilation
targets.

This removes all dependencies on the host libc (issue #7)
and adds some tools to the initrd (cryptsetup #46).
 2017-01-04 16:39:10 -05:00
Trammell Hudson
84064debbe
musl-libc patches to build a successfull qemu image 2017-01-04 10:31:27 -05:00
Trammell Hudson
3e5be157e9
remove the dev mapper library output; it will be detected by the populate-lib step 2017-01-04 10:30:50 -05:00
Trammell Hudson
9273e252f6
Build initrd tools with musl-libc (issue #77). 
This adds compilations modules for musl-libc and kernel-headers.
The entire initrd (busybox, cryptsetup, gpgv, kexec, etc) can be built
with the much smaller libc and it appears to work with chroot.

Library paths are not set correctly and files are installed into
heads/install to make them accessible to other modules.  This prevents
the initrd from working without manual fixup; need to fix before
merging into master.

Build times have gone up since everything is being rebuilt more
often for some reason.
 2016-12-29 18:23:08 -05:00
Trammell Hudson
177dede4ca
install the gpgv binary into the initrd (typo in output variable) 2016-12-29 06:44:49 -05:00
Trammell Hudson
092a395dbc
update hash for gnupg-1.4 (issue #76) 2016-12-29 06:39:32 -05:00
Trammell Hudson
065179758e
lzma is not required in kexec 2016-12-28 16:47:10 -05:00
Trammell Hudson
5fd9878d28
Download and build almost all dependencies. 
As part of issue #1, we should build all libraries and programs that we
deploy into the Heads initrd.  This modifies the module configurations
for all of them to install into heads/install so that we can build
against them.

Add dmsetup, cryptsetup and veritysetup (issue #46).

Build gpgv 1.4 as a standalone tool (issue #23).

Modify populate-lib to use the install directory by setting
LD_LIBRARY_PATH (issue #35).
 2016-12-28 12:45:12 -05:00
Trammell Hudson
24dd8489b4
use the mega-binary version of the tpm utilities (issue #70) 2016-12-26 10:55:43 -05:00
Trammell Hudson
a6520772dc
Update Heads to use the 4.9 Linux LTS kernel. 
No patches are required to boot 4.9 as a coreboot payload,
unlike the 4.7 kernel that required a head_64.S patch.

The new kernel is about 40 KB larger than the 4.7; the
config might be shrinkable.

Close issue #61.
 2016-12-12 11:01:18 -05:00
Trammell Hudson
ff5639a542
Build cryptsetup and install it into the initrd 2016-12-01 14:03:55 -05:00
Philipp Deppenwiese
5fd61f3e52
Update cryptsetup module and strip it down 
Signed-off-by: Philipp Deppenwiese <zaolin@das-labor.org>
 2016-11-29 20:24:01 +01:00
Trammell Hudson
e55a6a4df4
Rework Makefile a bit. 
rename TARGET to BOARD (fix #55)
use .INTERMEDIATE trick to avoid building multiple times (fix #52)
Don't touch build/*/.config if we don't have to (fix #51)
 2016-11-29 11:28:05 -05:00
Trammell Hudson
4fbd6ca58b
Make coreboot building modular to support multiple boards. 
This touches most of the module configurations since the
coreboot build process had to add a few new features.
The Linux kernel could make use of it as well if we need
separate x230/chell/qemu kernels, for instance.
 2016-11-23 12:11:08 -05:00
Trammell Hudson
c66167b9e5
remove unused binary sealtotp/unsealtotp programs 2016-09-11 00:07:56 -04:00
Trammell Hudson
4b2064f193
improve library/binary handling in building initrd (issue #21) 2016-09-10 17:36:36 -04:00
Trammell Hudson
9a85bc22d9
use the new tpmtotp shell scripts 2016-09-09 17:24:52 -04:00
Trammell Hudson
e342aa3f18
checkout tpmtotp from github, install various tpm utilities 2016-08-19 17:25:44 -04:00
Trammell Hudson
a707cab403
correct path and patch for xen-4.6.3 files 2016-08-19 14:51:45 -04:00
Trammell Hudson
b228290ae1
checkout coreboot from github, rather than downloading release file 2016-08-19 11:31:07 -04:00
Trammell Hudson
18c9b2d808
cryptsetup for dm-verity support 2016-08-19 11:20:41 -04:00
Trammell Hudson
3ba3e2a939
use coreboot from git instead of downloading it, move blobs into this module file 2016-08-14 16:03:11 -04:00