Commit Graph

1273 Commits

Author SHA1 Message Date
Matt DeVillier
998dc684f1 gpg_gui: use 'and' vs '+' in menu listings
Using words is more explicit and clear here rather than symbols.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-27 16:19:46 -04:00
Matt DeVillier
cd6ba01429 boards/x220: update flashrom parameters
Force use of hardware sequencing for internal flashing to avoid
needing to specify the chip to be flashed.

Addresses #870

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-27 10:47:08 -04:00
tlaurion
e3519f2ecd
WiP: gpg2 2.21 LTS upgrade (gnupg toolstack) (#860)
* gpg2: change gpg2 toolstack to gpg2 2.21 LTS
* remove additional gpg2 unneeded configure options across gpg2 toolstack dependencies
2020-10-26 10:19:57 -04:00
MrChromebox
b71f3757c1
modules/linux: add support for building with kernel 5.4.69 (#854)
* modules/linux: add support for building with kernel 5.4.69

Add support to module, port patches from 4.19.139.
Needed for newer platforms not supported by 4.19 kernel.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* CircleCI: add rysnc dependency for building kernel 5.x

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* Migrate all Librem boards to kernel 5.x, common config

Update linux-librem_common.config from 4.x to 5.x, and add
CONFIG items needed to support the librem_l1um (AST DRM drivers,
serial port output).

Tested on Librem 13v4, Librem Mini, and Librem Server L1UM.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-25 01:26:08 -04:00
MrChromebox
d398a4e440
configs/coreboot-librem_l1um: drop CONFIG_LOCALVERSION (#866)
PR #859 should have included this after #858 was merged,
but was missed

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-21 18:06:03 -04:00
MrChromebox
bd7a945bbb
Inject Heads version string into coreboot LOCALVERSION... (#859)
* config/coreboot-*: drop CONFIG_LOCALVERSION
Will be injected as part of the build using $(HEADS_GIT_VERSION)
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules/coreboot: inject $(HEADS_GIT_VERSION) as CONFIG_LOCALVERSION
Needed for fwupd to handle board updates
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules/coreboot: override SMBIOS ProductName with $(BOARD)
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* Use $(BOARD)-$(HEADS_GIT_VERSION) as basis for output filename
makes builds uniquely identifiable based on board and version.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-21 11:04:27 -04:00
tlaurion
b3d01c1962
GitlabCI: remove .gitlab-ci.yml (backup present under .gitlab-ci.yml.deprecated) (#865) 2020-10-21 10:53:28 -04:00
tlaurion
99c309026d
GitlabCI now deprecated. For details and failed experiments, see https://github.com/osresearch/heads/pull/851 (#864) 2020-10-20 19:33:42 -04:00
MrChromebox
1e5a08fa78
Librem Mini: increase size of CBFS (#863)
Increase size of CBFS to 0xC00000 (from 0x800000) to accomodate
newer/larger kernels.

Update purism-blobs module so an update/modified IFD and smaller
ME blob are used.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-20 18:20:55 -04:00
tlaurion
30852aa273
xx30 boards: suspend/resume fix (#838)
* x230-hotp-verification: revert to coreboot "CONFIG_CBFS_SIZE=0x700000" by disabling board "CONFIG_DROPBEAR=y" and "CONFIG_LINUX_E1000E" to save space per @alex-nitrokey test under #770 to fix #608
* x230-htop-verification board: add clarifications on x230 board differences. Fixes #737 #770 #608
* X230 board & coreboot config: Fix x230 board, removing dropbear and e1000e driver.
* t430: board and coreboot config par with x230 to circumvent CBFS linked suspend/resume issues.
2020-10-19 12:50:24 -04:00
Markus Meissner
09ca500d3e
add x230-nkstorecli board config (#817)
* add x230-nkstorecli board; 
* add modules: nkstorecli, libnk, libhidapi-libusb
* version bump nkstorecli; related minor in libnk
* upd. libnk module version bump to 3.6; remove 3.5 patch
2020-10-19 10:47:22 -04:00
MrChromebox
85d7e29d18
Add new board: Purism Librem Server L1UM (#858)
* modules/coreboot: add option to use coreboot 4.11

Port patches from coreboot 4.8.1 to 4.11:
* 0000-measure-boot -> 0001
* 0010-cross-compiler-support

All other patches for coreboot 4.8.1 have either already been
integrated, or are for platforms which do not need to be migrated
to coreboot 4.11 (they will move to 4.12 or newer).

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: Add Broadwell-DE platform patch

Add a patch for FSP Broadwell-DE to make use of Heads' measured boot.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: Add patch to read serial # from CBFS

Will be used by multiple Librem boards.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: add board support for Librem Server L1UM

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* Librem Server L1UM: add new board

Add board config, coreboot config, kernel config files.
Add conditional purism-blobs dependency to coreboot-4.11 module.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* flash.sh: add special handling for librem_l1um board

Add support for persisting PCIe config via PCHSTRP9 in flash descriptor.
This is needed to support multiple variants of the L1UM server which
use the same firmware but differ in PCIe lane configuration via the
PCH straps configuration in the flash descriptor.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* patches/coreboot-4.11: Add 'Use PRIxPTR to print uintptr_t' patch

Cherry-picked from upstream coreboot (post-4.11), fixes compilation issue.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* CircleCI: add target to build board librem_l1um

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-18 14:48:25 -04:00
Tom Hiller
636e40456e
fix: update chesksums of filenames with spaces (#847)
Signed-off-by: Tom Hiller <thrilleratplay@gmail.com>
2020-10-18 14:46:57 -04:00
MrChromebox
3c24460f1a
modules/flashrom: update to add support for Comet Lake-U (#855)
Update to upstream flashrom (post v1.2) commit 4d3657b4:
Add support for Comet Lake-U/400-series PCH

kgpe-d16 patch from flashrom 1.2 still applies cleanly.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-18 10:17:34 -04:00
MrChromebox
2d53395c03
config/coreboot-librem_15v4: set kernel video mode to 1080p (#857)
Set the kernel video mode for the internal display to 1080p,
as the native panel resolution of 2160p is difficult to read.

A recent update to fbwhiptail allows the GUI to make use of the
scaled resolution as well, provided it is set via kernel param.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-18 10:11:42 -04:00
tlaurion
5d2f6d57bf
Merge pull request #852 from Nitrokey/update_checksum
Change hash files only if gpg card is present
2020-10-17 20:16:21 -04:00
MrChromebox
ad8d102f8a
fbwhiptail: Fix module to specific git commit vs master (#856)
Even though repo is stable at the moment, improves reproducibility.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-16 22:43:56 -04:00
tlaurion
b80899f36c
musl-cross: remove old patch artifact of the musl-cross era (#849)
* musl-cross: remove old patch artifact of the musl-cross era

* CircleCI: do not produce hash digest for musl-cross-make patches (artifact was for musl-cross, not musl-cross-make)
2020-10-16 15:26:59 -04:00
alex-nitrokey
7baeebe9bf Change hash files only if gpg card is present
Update_checksum was already changing files in /boot, befor checking for
gpg card. If no card is present, the user will end up in the recovery
next time instead of getting the same dialog again. Therefore, the
confirm_gpg_card should be checked before altering files.

The dead -u flag/$update_counter is used to mark the necessisty to
update the hash files now.
2020-10-15 17:05:12 +02:00
MrChromebox
92e9a24902
coreboot-4.12: Use musl-cross-make (#844)
* patches/coreboot-4.12: add cross-compiler support patch

Ported from coreboot-4.8.1, re-exported via `git diff`

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules/coreboot: use musl-cross-make to build

revert toolchain bits to pre-4.12 addition

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* config/coreboot-librem_mini: use CONFIG_ANY_TOOLCHAIN

Needed since coreboot 4.12 now built with musl-cross-make

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-02 15:12:59 -04:00
MrChromebox
afa6753a30
librem_mini-NoTPM: drop '-noTPM' suffix (#843)
There's only one Librem Mini board, it doesn't use a TPM,
no reason to unnecesarily lengthen the board name.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-09-30 16:13:15 -04:00
tlaurion
f009acb4a3
Merge pull request #842 from tlaurion/CPUS_as_make_argument
Add 'CPUS' as make BOARD=X argument
2020-09-29 13:25:11 -04:00
Thierry Laurion
e3c81a94f8
CircleCI: changing order of build boards, since we want to test coreboot 4.12 built boards currently failing for lack of memory in other builds (make error 137). 2020-09-25 16:00:07 -04:00
Thierry Laurion
c47425709f
CircleCI: we pass CPUS=2 to CPUS=4 since the logic calculation for threads/memory is 1/1024Mb, CircleCI supposedly reserving 4Gb for medium (free). Build time will increase, unfortunately, when compared to nproc returning 32 cores. 2020-09-25 15:56:27 -04:00
Thierry Laurion
c74564086c
Buildsystem: permit to pass CPUS=X to make to force a number of CPUS to be used if desired, else the default is detected in Makefile and pushed to submodules. If nothing specified, uses nproc and pass it to submodules. CircleCI forced to CPUS=2 2020-09-25 15:52:31 -04:00
MrChromebox
0eb1f69216
functions/recovery: loop recovery shell when exited (#835)
Currently, exiting the recovery shell results in a kernel panic,
necessitating a hard reset / power cycle. As this is less than ideal,
drop the exec and add a loop to restart the shell.

Addresses issue #833

Tested under qemu-coreboot-fbwhiptail

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-09-16 17:46:22 -04:00
tlaurion
53c74fa02a
CircleCI: readd librem_mini (#832)
* CircleCI: readd librem_mini while making sure that if a board build fails, all logfile modified in the last minute are outputted on the CircleCI console prior to really failing and exiting

* librem_mini-NoTPM: addition of board config, distinctive coreboot config (required per Heads build system) to construct a ROM without TPM requirement.

* librem_mini: deletion of board and coreboot relative config, keeping librem_mini-NoTPM and coreboot config only. Removed librem_mini board build under CircleCI, keeping only librem_mini-NoTPM
2020-09-15 10:51:37 -04:00
tlaurion
51fd3b3546
Merge pull request #829 from tlaurion/flashtools_par_upstream
modules/flashtools: bring par to upstream flashtools.
2020-09-07 13:41:31 -04:00
Nathan Rennie-Waldock
7ce12fe621
Add gawk module to use if the host is running a different major version (fixes #668) (#811)
Signed-off-by: Nathan Rennie-Waldock <nathan.renniewaldock@gmail.com>
2020-09-07 08:50:01 -04:00
Thierry Laurion
4d7286991d
modules/flashtools: bring par to upstream flashtools. 2020-09-06 19:06:02 -04:00
tlaurion
c096a1f54d
Merge pull request #812 from Nitrokey/default_boot
Remove quotes to fix use of asterisk in command
2020-09-04 22:54:38 -04:00
Patrick Rudolph
843d4adb4c
blobs/*: Fix extract script (#792)
Command returns a list of utilities found. This can happen if multiple
coreboot folders are present.

Use only one to fix a crash in the following lines.

Test: Being able to extract blobs when two coreboot folders are present,
      both containing an IFDTOOL.

Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
2020-09-04 14:01:47 -04:00
tlaurion
b2c49e8742
CircleCI: removing librem_mini board under CircleCI (#825)
Coreboot 4.12, on which the librem_mini depends, doesn't build under debian:10 docker image as of right now.
	It was building over debian:bullseye (where 4.8.1 boards didn't) which constructed a valid cache that
	was reused when building #806 (https://app.circleci.com/pipelines/github/tlaurion/heads/364/workflows/df9bad8d-8ff1-40da-b8d8-1b87a05be509/jobs/392)
Consequently, more troubleshooting would need to be done under local debian:10 docker image.
2020-09-03 22:02:16 -04:00
tlaurion
ef96d64d09
Merge pull request #821 from tlaurion/x230_t430-CBFS_fix
xx30 boards: fixing CONFIG_CBFS_SIZE=0x710000 for x230 and t430 boards
2020-09-02 17:25:55 -04:00
tlaurion
8067efc9ae
CircleCI: bring recent failing logs on CI output (#822) 2020-09-02 14:42:55 -04:00
tlaurion
480a2e1130
modules/fbwhiptail: fixate to latest commit ID to make sure Heads commit would produce the same binary signature long term. (#820) 2020-09-02 14:41:29 -04:00
MrChromebox
268fb90623
Add new board: Purism Librem Mini (#806)
* patches/coreboot-4.12: Add patch for Cannonlake ME status

Add patch print ME status regardless of enablement state

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules: add purism-blobs module

Rather than require users to manually run a script to download the required
blobs to build Purism Librem boards, automate it so the correct version
is automatically downloaded/extracted. Restrict to coreboot 4.12 for now
since 4.8.1 still needs FSP blobs, which are not in module.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* configs/linux-librem13v2: unset CONFIG_RETPOLINE

Fixes compilation issue with newer kernels, ignored by older ones
which don't need it

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* Add new board: Librem Mini

Add Librem Mini board patch for coreboot 4.12, board config and
coreboot config. Continue reusing existing librem13v2 Linux config,
same as all other Librem boards currently. Use new purism-blobs module.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* board/librem*: rename for consistency

Use 'librem_<board>' notation for consistency across all models.
Rename linux config file since used by multiple Librem models.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* CircleCI: add librem_mini board to test

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-09-02 14:39:37 -04:00
Thierry Laurion
cde6e24e8d
xx30 boards: fixing CONFIG_CBFS_SIZE=0x710000 for x230 and t430 boards to fix #815 and #667 2020-09-01 12:31:47 -04:00
alex-nitrokey
c7085d89c3
Remove quotes to fix use of asterisk in command
Changing the default boot was failing because remove the old entries did
not work as `rm "/some/path/*.txt"` does not work as intended, e.g. the
asterisk is no catch-all.
2020-08-26 13:21:57 +02:00
MrChromebox
a075347351
kexec-parse-boot/bls: Strip boot dir from front of grub entries (#804)
Some grub configs/bls entries contain the full paths to the
kernel/initrd files, which the parsers currently fail to handle,
causing a failed boot without any useful error being presented to the user.

To fix this, strip the bootdir prefix from the menu entries when parsing,
should it exist.

Test: build/boot Librem 13v2 w/F32 and bls entries containing absolute paths.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-08-24 16:42:33 -04:00
MrChromebox
f23ced0a3b
Support Multiple Kernel Options (#805)
* modules/linux: Add support for multiple kernel versions

Follow same pattern as used for coreboot. Add existing kernel version
as default for all existing boards.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules/linux: Add option to use 4.19 LTS kernel

Add option to use kernel 4.19.139 (current LTS version).
Duplicate existing patches from 4.14.62 as they all apply cleanly.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-08-20 19:26:48 -04:00
tlaurion
b14e564ac9
Fix CircleCI build problems (#808)
* CircleCI: debian:10 docker based. Give possitility to override CACHE_VERSION through CircleCI when needed
* Makefile: fix #799 with implementation of @osresearch's recommended https://github.com/osresearch/heads/issues/799#issuecomment-673059028
* modules/coreboot : indentation fix and putting version hashes together to facilitate future maintainership.
2020-08-20 15:15:46 -04:00
tlaurion
9eff5c5b70
Merge pull request #721 from MrChromebox/coreboot-4.12
Add option to build against coreboot 4.12
2020-08-17 19:56:03 -04:00
Matt DeVillier
5f9e59afae
modules/coreboot: Add option to build with coreboot 4.12
Add version and hash for coreboot and coreboot-blobs modules.
Adjust to use own toolchain, fix blobs path and extraction depth.

Test: build Librem 13v4 using both coreboot 4.8.1 and coreboot 4.12
(after adjusting board defconfig), verify correct toolchains used to
build each, and that teh result is a bootable ROM.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-08-13 09:51:22 -05:00
tlaurion
c6a82a2464
CircleCI: mitigate issue #799 (#800) 2020-08-12 15:07:54 -04:00
Patrick Rudolph
28d3b7c89c
patches/coreboot-4.8.1: Measure firmware into PCR2 (#793)
As part of migration to coreboot 4.12, which includes measured boot
without additional patches, measure all parts of the firmware and the
payload into PCR2.

The same is done in coreboot 4.12. This commit ensures that boards not
migrated yet will show the same behaviour.

TODO: Update heads-wiki.

Signed-off-by: Patrick Rudolph <patrick.rudolph@9elements.com>
2020-08-11 17:54:59 -04:00
tlaurion
63b400c73f
CircleCI : specialized caches (#798)
CircleCI: two cache save/restore mechanisms. One bound to musl-cross+patches, one for modules + patches.

* Replacing the generic cache bound to CircleCI user to have two caches levels. One for musl-cross and its patchsets, one for all modules and their patchset being the same. So if modules changed, we use the cache for musl-cross as a fallback to economize one hour of precious build time out of two, while most of Heads changes are on the scripts and can be built on top of packages+patches cache
2020-08-11 16:38:26 -04:00
tlaurion
ae9fb74759
Merge pull request #763 from Nitrokey/storage-factoryreset
Delete AES keys of Nitrokey Storage after reset
2020-08-06 16:14:01 -04:00
tlaurion
3aa919ade9
Merge pull request #791 from MrChromebox/gui_boot_tweaks
GUI / Boot Device Tweaks
2020-08-06 16:13:21 -04:00
tlaurion
5dc65f63b6
Merge pull request #766 from Nitrokey/gpgexport-factoryreset
Make gnupg pubkey export an option only in oem-factory-reset
2020-08-06 16:12:53 -04:00