'find' may fail if I/O errors occur (medium faulty or removed,
filesystem corruption, etc.) Show a message if this occurs rather than
just dying and returning to the main menu.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
If the user selects a plain ROM, but that file can't be read, show a
message and exit rather than dying. Copy the ROM to RAM before doing
anything with it in case the media fails later.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
If we can't mount /boot, show a meaningful error rather than dropping
to a recovery shell.
Dropping to a recovery shell should be a last resort. Users that know
how to use the recovery shell know how to get there. Users that don't
know how to use it can be completely stuck and may not know how to get
back to the menu or even how to turn off the device.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Automatic boot can be configured in the configuration GUI. Options are
disable, 1 second, 5 seconds, or 10 seconds.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Disable the Ada compiler, as it no longer compiles on Debian 12 and is
not needed.
The Ada compiler is only used for libgfxinit - Intel native graphics
initialization. Neither of the boards on coreboot 4.11 uses this;
Aspeed graphics initialization is written in C (but is not used yet as
it only supports text mode in 4.11).
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Download coreboot toolchain archives into packages/<arch> before
coreboot tries to download them. This allows us to use mirrors to get
the archives. We could also update the primary source this way if it
goes down instead of patching coreboot itself (has happened for IASL).
The archive versions and digests are retrieved from the coreboot
module, so there isn't another copy of that info to maintain. That is
done in bin/fetch_coreboot_crossgcc_archive.sh, which uses the
existing fetch script to do the actual download, leveraging mirrors.
bin/fetch_source_archive.sh supports using a SHA-1 digest instead of
SHA-256, since coreboot has SHA-1 digests. It also checks if the file
already exists (deleting the coreboot directory will cause it to be
re-run, but the packages are already there and can be used from cache).
The coreboot-4.11 IASL patch is updated to delete the outdated acpica
archive digest (it already added the new one, but the old one was still
there). bin/fetch_coreboot_crossgcc_archive.sh finds the archive
version and digest from the digest files, so only one acpica file must
be present.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Use the Heads name for a package when it differs from the primary
source. E.g. musl-cross-make's archive is just <hash>.tar.gz, which
makes little sense out of context. musl-cross-<hash>.tar.gz makes
more sense for a mirror.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Try to download dependency source packages from mirrors if the primary
source fails or the archive has changed.
Move the download and verify logic to bin/fetch_source_archive.sh. The
mirror list is here, currently only
https://storage.puri.sm/heads-packages/, but others can be added. The
mirror list is randomized to load each mirror equally.
The verify logic is moved to this script too so it can fail over to a
mirror (or another mirror) if a mismatched archive is served, not just
for a failure. Makefile no longer needs to verify separately and there
are no separate .*-_verify files any more, the archive is only moved to
its final place once verified.
Add `packages` target to just fetch all needed packages for a board,
facilitates seeding a mirror.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Makefile: have inclusion of all defined $BOARD BOARD_TARGETS (me, split_8mb4mb, ...)
TODO: VBIOS scripts for W530/T530 need way more work. To be done later.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Adds two golbal helpers in Makefile:
- board.move_untested_to_tested
- board.move_tested_to_untested
Which can be called by:
- make BOARD=UNTESTED_t420-maximized board.move_untested_to_tested
- make BOARD=x230-legacy board.move_tested_to_untested
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
* overwriting a hotp secret is not possible anymore
* make sure to delete the hotp secret before setting a new one
* requires one additional user presence check during HOTP setup
* bump to v1.5
Signed-off-by: Markus Meissner <coder@safemailbox.de>
* remove all previous coreboot patches (as they are already included)
* to be investigated: linux trampoline patch
* add new patch to hardcode sleep configuration
* activate smmstore as dasharo vendor code requires it
Signed-off-by: Markus Meissner <coder@safemailbox.de>
- Upstream boards will not deactivate TPM DUK
- Upstream will not force BRAND_NAME which currently defaults to Heads
- Upstream will not deactivate Qr code on screen output on HOTP sealing
- Upstream will not offer OEM reset defaults (deprecated and now default anyway)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Allow downstreams to add config to site-local/config, which can set
config options, including overriding board config and exporting config
to /etc/config.
The intent of site-local is exactly the same as in coreboot - it is a
place for downstreams to add customizations that are included at well-
defined points in the build. site-local should never appear in the
upstream repository. coreboot's documentation explains this as well:
https://doc.coreboot.org/tutorial/managing_local_additions.html
Move definitions of ROM artifacts later, so site config can override
BRAND_NAME (and still is included after board config to override it as
well).
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Move the targets generating talos-2's tgz update package to targets.
While this wasn't duplicated, it breaks a cyclic dependency between
board config and BRAND_NAME by moving the ROM output name dependencies
later. The logic probably would be shared with similar boards if any
were supported, so it is in the spirit of the other targets/ shared
target Makefiles.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>