Trammell Hudson
c98bfe158f
update to 4.14.62 and use the linuxboot.efi BDS
2018-08-09 10:20:22 -04:00
Trammell Hudson
d400c4dd4d
update paths for Linux 4.14.56 (issue #423 )
2018-07-17 06:48:06 -04:00
Kyle Rankin
ec3248dbc9
Shorten timeout for Librem Key
...
Currently the Librem Key tests will time out after 40 seconds, which
adds to the boot time significantly if the user wants to boot without
inserting it. This patch changes that timeout to one second.
2018-06-20 16:20:15 -07:00
Kyle Rankin
31cf85b707
Add Librem Key support to Heads
...
The Librem Key is a custom device USB-based security token Nitrokey is
producing for Purism and among other things it has custom firmware
created for use with Heads. In particular, when a board is configured
with CONFIG_LIBREMKEY, this custom firmware allows Heads to use the
sealed TOTP secret to also send an HOTP authentication to the Librem
Key. If the HOTP code is successful, the Librem Key will blink a green
LED, if unsuccessful it will blink red, thereby informing the user that
Heads has been tampered with without requiring them to use a phone to
validate the TOTP secret.
Heads will still use and show the TOTP secret, in case the user wants to
validate both codes (in case the Librem Key was lost or is no longer
trusted). It will also show the result of the HOTP verification (but not
the code itself), even though the user should trust only what the Librem
Key displays, so the user can confirm that both the device and Heads are
in sync. If HOTP is enabled, Heads will maintain a new TPM counter
separate from the Heads TPM counter that will increment each time HOTP
codes are checked.
This change also modifies the routines that update TOTP so that if
the Librem Key executables are present it will also update HOTP codes
and synchronize them with a Librem Key.
2018-06-19 12:27:27 -07:00
Francis Lam
bb0e13c24f
Add back flashrom support for KGPE-D16
...
Also fix up flashrom-x230.sh command only read bios area
2018-05-05 18:59:43 -07:00
Trammell hudson
8108e419fe
remove unused flashrom 0.9.9 patch and use new --ifd feature in its place (pr #370 )
2018-04-30 17:16:06 -04:00
Youness Alaoui
16d9c405ac
Librem13v2: Update to 4.7-Purism-4
...
Fixes access to the EC through the Index I/O interface
Fixes AC and DC LoadLine values to avoid overheating problems
Fix Turbo mode value from EC
Change version name to have '-heads' suffix
2018-04-03 19:04:59 -04:00
Trammell hudson
7e0450113f
split Linux patches into separate files (issue #348 )
2018-03-15 17:44:42 -04:00
Trammell hudson
3cbff7ed1e
split coreboot patch into measured boot, kgpe-16 and sandybridge patches ( #358 )
2018-03-15 15:41:46 -04:00
Youness Alaoui
8bf187b50a
Add patches to coreboot to support Librem 13 v2 with TPM
...
Add a new series of patches which add measurement support for skylake,
add IOMMU for skylake, fix TPM support, and add support for TPM for
the Librem 13v2 and Librem 15v3 hardware.
2018-03-14 16:27:25 -04:00
Trammell hudson
091ae92b6f
Merge branch 'KGPE-D16_port_NoTPM' of https://github.com/tlaurion/heads
2018-03-08 01:13:16 -05:00
Trammell hudson
d9808f6659
build the superiotool, which requires a hack on the pciutils lib/types.h file
2018-03-02 09:37:31 -05:00
Thierry Laurion
9eadb07280
Merging to osresearch master
2018-03-01 01:37:36 -05:00
Thierry Laurion
0f299fe4be
IKVM4 and alike SMB support into coreboot from here: https://review.coreboot.org/#/c/coreboot/+/19820/ . Flashing scripts and flashrom patches.
2018-03-01 00:49:53 -05:00
Trammell hudson
f618f09a69
Generate a fake EBDA with kexec, removing the need for a custom xen ( #227 )
...
This modifies the segment at 0x0 so that it contains enough of a fake
Extended BIOS Data Area at addresses 0x40e and 0x413 that Xen can
correctly locate its trampoline code.
Since custom Xen is no longer required, we can remove the module,
the patches and all of the references to it in the board definition
files.
2018-02-28 10:48:35 -05:00
Trammell hudson
9f19cd9dc3
Merge branch 'smm-walkaround' of https://github.com/persmule/heads
2018-02-26 13:13:42 -05:00
Trammell hudson
8ced05de15
musl-cross has the correct URLs now ( #324 )
2018-02-26 11:39:27 -05:00
Francis Lam
ffa857d087
update mpc url for musl-cross patch
2018-02-24 14:45:55 -08:00
persmule
dadfbeb3b3
Changed to coreboot patch not to call prog_segment_loaded in smm.
2018-02-24 15:27:21 +08:00
Francis Lam
a6a5fef57f
Update qubes xen version for Qubes 4.0rc4
2018-02-19 14:29:43 -05:00
Trammell hudson
f9a9ae544f
busybox 1.28.0 ( #310 )
2018-02-09 12:15:35 -05:00
Trammell hudson
d225527cad
move to Linux 4.9.80, add winterfell AHCI patch, qemu NMI patch #308
2018-02-07 19:07:53 -05:00
Trammell hudson
cade555c46
Merge branch 'master' of https://github.com/flammit/heads #297
2018-02-07 11:33:02 -05:00
Trammell hudson
eb26a45361
Revert "moved to 4.8 xen"
...
This reverts commit 2f879be221
.
2018-02-06 11:38:35 -05:00
Trammell hudson
2f879be221
moved to 4.8 xen
2018-02-05 17:38:09 -05:00
Trammell hudson
c46c078157
remove old patches
2018-02-05 16:12:32 -05:00
Trammell hudson
383f1f66a5
merge changes from master into nerf branch in preparation for closing nerf branch
2018-02-02 17:06:49 -05:00
Trammell hudson
6df5c8a18b
fix path for MPC (issue #299 )
2018-02-02 16:27:57 -05:00
Francis Lam
28628d54f2
Update qubes xen version for QSB 37
...
For Qubes 3.2: version 4.6.6-36
For Qubes 4.0: version 4.8.2-12
2018-01-26 09:30:06 -08:00
Francis Lam
bd38a9cd58
Update to coreboot 4.7
2018-01-26 09:30:06 -08:00
Francis Lam
21004fbb77
Backport patch to build coreboot 4.6 with GCC 7
...
Resolves pointer and integer comparison while building crossgcc
2018-01-26 09:30:06 -08:00
Trammell hudson
4310bd4743
force cross_compile=yes for gnupg (issue #299 )
2018-01-20 16:56:53 -05:00
Trammell hudson
5daeb025f2
fix path for MPC (issue #299 )
2018-01-20 13:28:02 -05:00
Trammell hudson
9bdb01944b
fix patch format for edk2/Makefile
2018-01-16 12:56:03 -05:00
Trammell hudson
a3983d4fa7
patches for DxeCore to work on s2600wf
2017-12-04 18:58:15 -05:00
Trammell hudson
4e3d19b72a
fix newlines
2017-12-04 15:59:51 -05:00
Trammell hudson
5a188f5b46
Add support for building the Linux kernel as a BDS target
2017-12-04 15:30:40 -05:00
Francis Lam
5f9567c390
Fix coreboot GCC7 build issue
...
This is fixed in coreboot master but backporting for Heads.
Closes #241
2017-12-02 15:14:42 -05:00
Francis Lam
61f6973c5c
Merge branch 'coreboot-4.6'
2017-12-02 14:54:48 -05:00
Francis Lam
491fe083fa
Update qubes xen version for QSB 36
...
For Qubes 3.2: version 4.6.6-35
For Qubes 4.0: version 4.8.2-11
2017-12-02 14:47:52 -05:00
Francis Lam
8d34bcc6bc
Update qubes xen version for QSB 34 and QSB 35
...
For Qubes 3.2: version 4.6.6-34
For Qubes 4.0: version 4.8.2-9
2017-10-28 15:12:39 -04:00
Trammell hudson
3e5783a24f
enable serial debugging and moderate verbose output from dxe-core
2017-10-19 16:04:14 -04:00
Trammell hudson
87bd21111f
Include edk2 EmuVariableRuntimeDxe to provide efi vars (issue #270 )
...
Remove the patch to Linux efivar_init() since we now have efi vars
for it to use.
Also link in SmbiosDxe, although it is not currently used.
2017-10-19 15:59:13 -04:00
Francis Lam
87251fd1b1
Changed to coreboot patch to not measure relocated modules
2017-10-10 16:27:16 -04:00
Francis Lam
1a34bd9d6f
Updated to coreboot 4.6
...
Also changed x220 and purism configs to use generic boot
2017-10-10 16:27:16 -04:00
Trammell hudson
212b030660
generate ACPI firmware volume and removed Linux ACPI table hacks (issue #266 )
2017-09-25 15:21:16 -04:00
Trammell hudson
30c844661c
make a hole in low memory for the trampoline (issue #246 )
2017-09-22 19:13:23 -04:00
Trammell hudson
90c231623c
support XZ initrd, without forcing XZ on initramfs (issue #257 )
2017-09-22 15:27:10 -04:00
Trammell hudson
0cc31132d3
Allow initrd.cpio to be a separate EFI firmware volume (issue #257 )
...
Add a function to walk all firmware volumes looking for a well
known GUID that is the initrd.cpio image. Currently it must be
uncompressed.
2017-09-22 15:13:41 -04:00
Trammell hudson
f7de7d7388
Enable all flashrom devices (issue #249 ).
...
This allows flashrom to work on the r630 NERF server, but
also increases the size of the flashrom executable significantly
since it brings in all chipset and flash types.
2017-09-21 10:26:11 -04:00
Trammell hudson
796ea2870a
build appears to produce a NERFed r630 firmware image
2017-09-20 18:24:54 -04:00
Trammell hudson
bda821dbb9
fix patches to have the correct -p level
2017-09-20 14:26:07 -04:00
Trammell hudson
a4d7654b1e
Build the Heads/NERF firmware for the Dell R630 server.
...
This development branch builds a NERF firmware for the Dell R630
server. It does not use coreboot; instead it branches directly
from the vendor's PEI core into Linux and the Heads runtime
that is setup to be run as an EFI executable.
2017-09-20 10:29:14 -04:00
Francis Lam
41f49237c6
Added configurable xen version for Qubes 4 support
...
also addresses issue #238
2017-09-13 22:10:46 -04:00
Francis Lam
ec1a54c6b6
Updated to match latest qubes 3.2 xen 4.6.6-30 (issue #238 )
2017-09-13 21:14:13 -04:00
Francis Lam
821e48446a
Updated to match latest qubes 3.2 xen 4.6.6-29 (issue #238 )
2017-09-02 14:13:29 -04:00
Trammell Hudson
3c8adf2cf1
remove no longer required vga patch from xen (issue #227 )
2017-07-18 13:31:08 -04:00
Trammell Hudson
39ade211ce
add support for fractional second timeouts in busybox read (issue #221 )
2017-07-18 09:11:05 -04:00
Trammell Hudson
7e5c9bf5f8
fix Xen reproducibility by not using figlet #207
2017-06-26 16:33:49 -04:00
Francis Lam
7f6f365afe
Reverted submodule name back to xen
2017-06-26 13:07:48 -04:00
Francis Lam
e1e654696b
Fixes the patched qubes-vmm-xen Makefile
...
Prevents subsequent builds from trying to unpack/repatch
2017-06-25 18:35:59 -04:00
Francis Lam
c2ec62bfcd
Changed xen submodule to track Qubes Xen
...
Closes #159
2017-06-23 23:01:20 -04:00
Johan Grip
dea6cb60d3
Also enable the correct flash chip for x220
2017-05-01 10:49:43 -04:00
Johan Grip
ceb81944a1
Re-enabled x220 components in flashrom.
2017-05-01 10:49:40 -04:00
Trammell Hudson
4310b59686
fix patch for -p1
2017-04-12 09:30:08 -04:00
Trammell Hudson
87b6f1e489
supress mlock error
2017-04-12 08:27:57 -04:00
Francis Lam
a39a24665c
Fix coreboot build where gcc defaults to pie (issue #177 )
...
See 8bbd596de6
2017-04-09 17:39:23 -04:00
Trammell Hudson
ae6bed14a2
lvm Makefile was defining $(STRIP) (issue #174 )
2017-04-08 13:21:14 -04:00
Trammell Hudson
c262de30a4
kexec/util/bin-to-hex needs to be HOST_CC, not LD (issue #173 )
2017-04-08 13:20:40 -04:00
Trammell Hudson
ea8a55fe5b
shell syntax, not makefile syntax (issue #131 )
2017-04-06 11:01:48 -04:00
Trammell Hudson
192e122719
scale the max load by the number of CPUs (issue #131 )
2017-04-06 10:50:43 -04:00
Trammell Hudson
9d6c5c5da8
fix gpg tty reading from /dev/console to support yubikey (issue #32 )
2017-04-05 18:35:45 -04:00
Trammell Hudson
0da184fe01
Enable gpg with card support (issue #32 )
2017-04-05 17:59:49 -04:00
Trammell Hudson
ce766bdc58
LVM patches to compile with musl
2017-04-04 09:41:50 -04:00
Trammell Hudson
4e71017bea
bump xen to 4.6.4 (issue #153 )
2017-04-02 21:45:10 -04:00
Trammell Hudson
7045d02794
move to Linux 4.9.20 (issue #149 )
2017-03-31 15:59:37 -04:00
Trammell Hudson
8544c5fe6d
busybox 1.26.2 update (issue #148 )
2017-03-31 14:53:01 -04:00
Trammell Hudson
8589370708
Flash writing from userspace works (issue #17 ).
...
Reduce the size of flashrom by commenting out most flash chips,
boards and programmers.
Wrapper script to make it easier to rewrite the ROM on the x230
using the flashrom layout.
Keep the entire 12 MB ROM for flashing.
2017-03-30 17:12:22 -04:00
Trammell Hudson
9feb094701
enable flashrom and pciutils to allow the boot ROM to be re-written (issue #17 )
2017-03-30 14:35:30 -04:00
Trammell Hudson
581af6dbd9
silence NMI errors on qemu (issue #141 )
2017-03-28 16:35:58 -04:00
Trammell Hudson
cc8151749e
use coreboot-4.5 release with a patch against the source tree (issue #102 )
2017-02-01 11:50:52 -05:00
Jason Blackwell
2f2d68755f
remove patch for MUSL_DEFAULT_VERSION
...
Signed-off-by: Trammell Hudson <trammell.hudson@twosigma.com>
2017-01-31 13:12:15 -05:00
Trammell Hudson
66a663ac00
use our cross compiler for purgatory files, in place of host CC (issue #34 )
2017-01-28 15:44:28 -05:00
Trammell Hudson
8d912ced8f
patch busybox to not include build times (issue #91 )
2017-01-28 14:22:51 -05:00
Trammell Hudson
2213500000
bootstrap the musl-libc gcc cross compiler and use it to build everything except coreboot
2017-01-27 18:01:25 -05:00
Trammell Hudson
5c425b3ec9
include uuid and devmapper since musl cross compiler is not linking them in
2017-01-27 18:00:56 -05:00
Trammell Hudson
e68f09bbfd
Make kexec work with musl-libc.
...
Remove unused tools (crash kernel and vmcore).
Replace "%Lx" scanf formatting with "%"SCNxPTR in /proc/iommem
reading code. This might be a musl bug since it works with glibc
sscanf.
2017-01-04 13:51:36 -05:00
Trammell Hudson
850abfc9c8
Remove -lm and -lpthreads dependencies from devmapper.
...
This resolves issue #73 by replacing the use of log10() with
an integer version so that -lm is no longer required.
The parts of dmsetup that we use don't need threads, so
-lpthreads is removed from the link line.
2016-12-28 12:50:48 -05:00
Trammell Hudson
a707cab403
correct path and patch for xen-4.6.3 files
2016-08-19 14:51:45 -04:00
Trammell Hudson
4a8163bcf8
adjust file name so that patch -p1 works
2016-08-19 14:38:39 -04:00
Trammell Hudson
015b5290cf
total hack patch to allow Linux 4.7 to boot with coreboot
2016-08-05 12:26:12 -04:00
Trammell Hudson
3e5aa26c99
update the 4.6.3 patch to make the xen build reproducible on at least one machine
2016-08-04 18:08:27 -04:00
Trammell Hudson
a81a002abb
Build and bundle the patched xen 4.6.3 kernel
2016-08-03 18:10:44 -04:00
Trammell Hudson
6dcbaeb5d8
patch to let Xen 4.6.3 boot via kexec without a BIOS
2016-07-26 15:14:34 -04:00