Support LVM2 thin-provisioned volumes. LVM2 wants the thin_check
utility by default, but it has multiple dependencies we do not
currently ship (boost, libexpat, others), so disable it.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Add TRACE_FUNC to trace the file, line, and name of the calling
function. File and function names don't have to be duplicated in a
TRACE statement with this (they tend to become inaccurate as functions
are renamed and the TRACE statement is forgotten).
Add DEBUG_STACK to dump the bash stack to debug output.
Configure bash with --enable-debugger. Bash doesn't actually include
the entire debugger, this is just some supporting variables for it.
Evidently, BASH_SOURCE[n] is only set within a function if this is
enabled. I couldn't find this indicated in any documentation, but it
happened in practice.
Compressed initrd size only increased by 2560 bytes for librem_mini_v2,
I think that is fine. This also gives us BASH_ARGC/BASH_ARGV which
might be useful for diagnostics.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Rebuild the kernel 6.1.8 config for Librem devices starting from the
current 5.10 config as a base. The current 5.10 config had cleaned up
some unneeded options, but that hadn't been carried over to the 6.1.8
config.
Graphics init still uses EFIFB in the 6.1.8 kernel. 5.10 keeps DRM+ast
to support librem_l1um (the only board still using it).
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
popt: too old to have a working config.guess
libusb-compat: not needed for gpg2
gpg2: depend on libusb not libusb-compat
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Laptops can include optional USB keyboard support (default off unless
the board also sets the default to 'y'). The setting is in the
configuration GUI.
CONFIG_USER_USB_KEYBOARD is now the user-controlled setting on those
boards. 'CONFIG_USB_KEYBOARD' is no longer used to avoid any conflict
with prior releases that expect this to be a compile-time setting only
(conflicts risk total lock out requiring hardware flash, so some
caution is justified IMO).
Boards previously exporting CONFIG_USB_KEYBOARD now export
CONFIG_USB_KEYBOARD_REQUIRED. Those boards don't have built-in
keyboards, USB keyboard is always enabled. (librem_mini,
librem_mini_v2, librem_11, librem_l1um, librem_l1um_v2, talos-2,
kgpe-d16_workstation-usb_keyboard, x230-hotp-maximized_usb-kb).
Librem laptops now export CONFIG_SUPPORT_USB_KEYBOARD to enable
optional support. The default is still 'off'.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Changes in things like modules/coreboot will check the coreboot
toolchain archives again. We reuse the cached archive already, but the
final ln -s may fail if the link already exists. Remove it first and
link again.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
'find' may fail if I/O errors occur (medium faulty or removed,
filesystem corruption, etc.) Show a message if this occurs rather than
just dying and returning to the main menu.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
If the user selects a plain ROM, but that file can't be read, show a
message and exit rather than dying. Copy the ROM to RAM before doing
anything with it in case the media fails later.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
If we can't mount /boot, show a meaningful error rather than dropping
to a recovery shell.
Dropping to a recovery shell should be a last resort. Users that know
how to use the recovery shell know how to get there. Users that don't
know how to use it can be completely stuck and may not know how to get
back to the menu or even how to turn off the device.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Automatic boot can be configured in the configuration GUI. Options are
disable, 1 second, 5 seconds, or 10 seconds.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Disable the Ada compiler, as it no longer compiles on Debian 12 and is
not needed.
The Ada compiler is only used for libgfxinit - Intel native graphics
initialization. Neither of the boards on coreboot 4.11 uses this;
Aspeed graphics initialization is written in C (but is not used yet as
it only supports text mode in 4.11).
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Download coreboot toolchain archives into packages/<arch> before
coreboot tries to download them. This allows us to use mirrors to get
the archives. We could also update the primary source this way if it
goes down instead of patching coreboot itself (has happened for IASL).
The archive versions and digests are retrieved from the coreboot
module, so there isn't another copy of that info to maintain. That is
done in bin/fetch_coreboot_crossgcc_archive.sh, which uses the
existing fetch script to do the actual download, leveraging mirrors.
bin/fetch_source_archive.sh supports using a SHA-1 digest instead of
SHA-256, since coreboot has SHA-1 digests. It also checks if the file
already exists (deleting the coreboot directory will cause it to be
re-run, but the packages are already there and can be used from cache).
The coreboot-4.11 IASL patch is updated to delete the outdated acpica
archive digest (it already added the new one, but the old one was still
there). bin/fetch_coreboot_crossgcc_archive.sh finds the archive
version and digest from the digest files, so only one acpica file must
be present.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Use the Heads name for a package when it differs from the primary
source. E.g. musl-cross-make's archive is just <hash>.tar.gz, which
makes little sense out of context. musl-cross-<hash>.tar.gz makes
more sense for a mirror.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Try to download dependency source packages from mirrors if the primary
source fails or the archive has changed.
Move the download and verify logic to bin/fetch_source_archive.sh. The
mirror list is here, currently only
https://storage.puri.sm/heads-packages/, but others can be added. The
mirror list is randomized to load each mirror equally.
The verify logic is moved to this script too so it can fail over to a
mirror (or another mirror) if a mismatched archive is served, not just
for a failure. Makefile no longer needs to verify separately and there
are no separate .*-_verify files any more, the archive is only moved to
its final place once verified.
Add `packages` target to just fetch all needed packages for a board,
facilitates seeding a mirror.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Makefile: have inclusion of all defined $BOARD BOARD_TARGETS (me, split_8mb4mb, ...)
TODO: VBIOS scripts for W530/T530 need way more work. To be done later.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Adds two golbal helpers in Makefile:
- board.move_untested_to_tested
- board.move_tested_to_untested
Which can be called by:
- make BOARD=UNTESTED_t420-maximized board.move_untested_to_tested
- make BOARD=x230-legacy board.move_tested_to_untested
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
* overwriting a hotp secret is not possible anymore
* make sure to delete the hotp secret before setting a new one
* requires one additional user presence check during HOTP setup
* bump to v1.5
Signed-off-by: Markus Meissner <coder@safemailbox.de>