Trammell hudson
f7de7d7388
Enable all flashrom devices (issue #249 ).
...
This allows flashrom to work on the r630 NERF server, but
also increases the size of the flashrom executable significantly
since it brings in all chipset and flash types.
2017-09-21 10:26:11 -04:00
Trammell hudson
796ea2870a
build appears to produce a NERFed r630 firmware image
2017-09-20 18:24:54 -04:00
Trammell hudson
3a8710cf49
unquiet it for now
2017-09-20 17:47:12 -04:00
Trammell hudson
81a7f18b86
build edk2 as a module for the r630 NERF firmware
2017-09-20 14:26:38 -04:00
Trammell hudson
a4d7654b1e
Build the Heads/NERF firmware for the Dell R630 server.
...
This development branch builds a NERF firmware for the Dell R630
server. It does not use coreboot; instead it branches directly
from the vendor's PEI core into Linux and the Heads runtime
that is setup to be run as an EFI executable.
2017-09-20 10:29:14 -04:00
Francis Lam
41f49237c6
Added configurable xen version for Qubes 4 support
...
also addresses issue #238
2017-09-13 22:10:46 -04:00
Trammell hudson
498105c979
enable i915 native support (needed for Librem 13v2)
2017-09-06 19:07:02 -04:00
Francis Lam
472ffd35c0
Moved kernel command line parameters to config
2017-09-02 14:13:29 -04:00
Johan Grip
6f48c14d0c
Update X220 to do generic image instead of qubes.
...
Also added a script to extract the necessary blobs from a bios
dump image.
2017-08-04 22:48:27 +02:00
Trammell Hudson
314ce7b350
bump Linux kernel to 4.9.38 (issue #224 )
2017-07-18 14:25:15 -04:00
Trammell Hudson
3e48f1c5e8
tweaks to make qemu run through the /bin/generic-init process
2017-07-18 13:42:19 -04:00
Trammell Hudson
36e3172c8e
disable i915 for now, since it causes screen glitches in Xen/Qubes (issue #219 )
2017-07-18 13:32:57 -04:00
Trammell Hudson
7aec9a2288
add support for i915 and render mode setting (issue #219 )
2017-07-18 10:10:55 -04:00
Trammell Hudson
831dca5124
remove older qubes-specific files, no longer required in generic boot env
2017-07-17 12:31:58 -04:00
Trammell Hudson
ba98d5dda6
Merge branch 'usb-boot' of https://github.com/flammit/heads into flammit-usb-boot
2017-07-17 08:52:48 -04:00
Francis Lam
22a52ec4b8
Added TPM secret management to generic boot
...
Also cleaned up error handling and boot parsing edge cases
2017-07-12 00:17:45 -04:00
Francis Lam
d67360a24b
Added rollback protection to generic boot
...
Changed the checking of required hashes or required rollback state
to be right before boot, allowing the user to sign/set defaults
in interactive mode.
Also cleaned up usages of recovery and fixed iso parameter
regression.
2017-07-08 16:59:37 -04:00
Francis Lam
8004b5df2a
Added the ability to persist a default boot option
...
Similar to qubes-update, it will save then verify the hashes of
the kexec files. Once TOTP is verified, a normal boot will verify
that the file hashes and all the kexec params match and if
successful, boot directly to OS.
Also added a config option to require hash verification for
non-recovery boots, failing to recovery not met.
2017-07-04 19:49:14 -04:00
Francis Lam
3614044fff
Added a generic boot config and persistent params
...
Refactored boot parsing code and applied that in local-init to
scan /boot for grub options and allow the user to unsafely boot
anything. This goes a long way to addressing #196 .
Optionally the user can customize those boot parameters or enforce
arbitrary hashes on the boot device by creating and signing config
files in /boot/ or /media/ or /media/kexec_iso/ISO_FILENAME/.
2017-07-02 23:01:04 -04:00
Francis Lam
7f6f365afe
Reverted submodule name back to xen
2017-06-26 13:07:48 -04:00
Francis Lam
c2ec62bfcd
Changed xen submodule to track Qubes Xen
...
Closes #159
2017-06-23 23:01:20 -04:00
Trammell Hudson
2b2c00e594
typo in comment
2017-05-01 10:52:49 -04:00
Johan Grip
8b3ed5fd7a
Added blob directory for non-free blobs Also basic documentation for the binaries needed for the X220 and how the get to them
2017-05-01 10:49:45 -04:00
Johan Grip
186b641385
Inital test of a lenovo x220 port. Uses hardcoded paths for the blobs required. Uses a stripped ME blob.
2017-05-01 10:49:38 -04:00
Trammell Hudson
2cad84a768
make the ME a module (issue #194 )
2017-05-01 10:47:24 -04:00
Francis Lam
efd662c63a
adds a USB boot option with basic parsing to kexec
...
Supports booting from USB media using either the root device or
a signed ISO as the boot device. Boot options are parsed with
quick/dirty shell scripts to infer kexec params.
Closes #195 and begins to address #196
2017-04-29 13:40:34 -04:00
Trammell Hudson
448d0731a9
cherry pick Linux config from zfs branch with multi-user set
2017-04-17 16:10:48 -04:00
Trammell Hudson
d73c92e63f
quiet down the boot process
2017-04-12 06:46:55 -04:00
Trammell Hudson
8c57ac59e7
x230-flash configuration and initialization
2017-04-11 07:16:20 -04:00
Trammell Hudson
85f0586615
build xen for the qemu image so that we can test kexec
2017-04-10 12:59:07 -04:00
Trammell Hudson
300b17fa25
add dropbear ssh to qubes and moc configurations (issue #169 )
2017-04-07 09:53:02 -04:00
Trammell Hudson
830828f2a2
enable usb storage module (issue #160 )
2017-04-06 09:45:47 -04:00
Trammell Hudson
cfcf6c46d5
Purism Librem 13v1 initial configuration
2017-04-05 14:13:40 -04:00
Trammell Hudson
3d79f51e4a
Build lvm command line utility (issue #80 )
...
Replace libuuid with util-linux libuuid (and libblkid,
although we are not using libblkid right now).
This also requires a much larger coreboot cbfs, which was
fixed as part of issue #154 .
2017-04-03 17:13:59 -04:00
Trammell Hudson
4c413a1737
enable file locking for LVM
2017-04-03 17:11:12 -04:00
Trammell Hudson
d335f24292
split x230 config into 4MB bootstrap image and 7MB runtime image (issue #156 )
2017-04-03 14:53:29 -04:00
Trammell Hudson
f99944abe5
qubes init script and improved TPM disk encryption with LUKS headers (issue #123 and #6 )
2017-04-01 23:02:00 -04:00
Trammell Hudson
3225501e84
remove power related busybox tools that do not work
2017-03-31 16:00:27 -04:00
Trammell Hudson
7045d02794
move to Linux 4.9.20 (issue #149 )
2017-03-31 15:59:37 -04:00
Trammell Hudson
8544c5fe6d
busybox 1.26.2 update (issue #148 )
2017-03-31 14:53:01 -04:00
Trammell Hudson
d6c553e884
typo in qemu description
2017-03-31 13:04:46 -04:00
Trammell Hudson
c40748aa25
Build time configuration for startup scripts and modules.
...
This addresses multiple issues:
* Issue #63 : initrd is build fresh each time, so tracked files do not matter.
* Issue #144 : build time configuration
* Issue #123 : allows us to customize the startup experience
* Issue #122 : manual start-xen will go away
* Issue #25 : tpmtotp PCRs are updated after reading the secret
* Issue #16 : insmod now meaures modules
2017-03-31 11:18:46 -04:00
Trammell Hudson
9feb094701
enable flashrom and pciutils to allow the boot ROM to be re-written (issue #17 )
2017-03-30 14:35:30 -04:00
Trammell Hudson
bf94e4c416
include a nearly empty, but consistent, cpio file to ensure reproducible Linux builds (issue #142 )
2017-03-30 10:16:13 -04:00
Trammell Hudson
418ceaf733
make USB a module, strip debug info (issue #139 )
2017-03-28 17:05:04 -04:00
Trammell Hudson
8384201e9c
Change ethernet drivers to be modules and measure them when they are loaded.
...
This is a step towards unifying the server and laptop config (issue #139 )
and also makes it possible to later remove the USB modules from the
normal boot path.
2017-03-28 16:32:58 -04:00
Trammell Hudson
1475148848
enable TCP SYN cookies (issue #138 )
2017-03-28 11:46:17 -04:00
Trammell Hudson
e83ba0a0c7
enable futex for keylime
2017-03-27 18:52:31 -04:00
Trammell Hudson
f39dfd321d
enable dhcp and add helper script for lease setup
2017-03-27 15:56:10 -04:00
Trammell Hudson
edb4b4de50
enable raw sockets and the qemu network driver
2017-03-27 15:27:53 -04:00
Trammell Hudson
48adc3e4cd
enable wget
2017-03-27 14:25:34 -04:00
Trammell Hudson
279851e66d
started on extra features for MOC server initrd build
2017-03-20 14:57:22 -04:00
Trammell Hudson
b06b0331a0
started on extra features for MOC server kernel build
2017-03-20 14:52:39 -04:00
Trammell Hudson
4182c0e0aa
enable ISO9660 file systems and code page ISO8859-1 (issues #116 and #107 )
2017-03-20 11:17:18 -04:00
Trammell Hudson
e4538785ec
enable read-only, no-execute for module data (issue #72 )
2017-03-20 11:12:41 -04:00
Trammell Hudson
54cded7f59
pass extra parameters to xz to compress initrd.cpio for Linux kernel (issue #127 )
2017-03-18 10:50:43 -04:00
Trammell Hudson
b81a20fb71
enable CONFIG_NET, to allow cryptsetup to work (issue #79 )
2017-01-05 06:00:59 -05:00
Trammell Hudson
8ff56aff5a
Enable IOMMU by default (issue #75 ) and prune kernel features.
2017-01-04 18:38:45 -05:00
Trammell Hudson
45ba75949b
kernel 4.9 setup with framebuffer for x230 (issue #64 )
2016-12-13 14:58:23 -05:00
Trammell Hudson
a6520772dc
Update Heads to use the 4.9 Linux LTS kernel.
...
No patches are required to boot 4.9 as a coreboot payload,
unlike the 4.7 kernel that required a head_64.S patch.
The new kernel is about 40 KB larger than the 4.7; the
config might be shrinkable.
Close issue #61 .
2016-12-12 11:01:18 -05:00
Trammell Hudson
0aae22d67c
increase CBFS size for qemu builds to allow easier experimentation
2016-12-01 14:02:57 -05:00
Trammell Hudson
c98a392508
enable EPOLL for plymouth
2016-12-01 14:02:26 -05:00
Trammell Hudson
05056aefc0
include chmod ( fix #30 )
2016-11-29 14:29:38 -05:00
Trammell Hudson
e55a6a4df4
Rework Makefile a bit.
...
rename TARGET to BOARD (fix #55 )
use .INTERMEDIATE trick to avoid building multiple times (fix #52 )
Don't touch build/*/.config if we don't have to (fix #51 )
2016-11-29 11:28:05 -05:00
Trammell Hudson
4a83273744
disable ACPI on qemu boots, this fixes #53
2016-11-29 11:22:47 -05:00
Trammell Hudson
4fbd6ca58b
Make coreboot building modular to support multiple boards.
...
This touches most of the module configurations since the
coreboot build process had to add a few new features.
The Linux kernel could make use of it as well if we need
separate x230/chell/qemu kernels, for instance.
2016-11-23 12:11:08 -05:00
Trammell Hudson
638329709e
include find and compression tools
2016-11-23 10:47:04 -05:00
Trammell Hudson
16bad1abd4
enable aes-xts in Heads kernel (issue #44 )
2016-10-26 15:10:53 -04:00
Trammell Hudson
2663fc464b
updated for receent merge of coreboot master
2016-09-26 14:10:32 -04:00
Trammell Hudson
ab5fb03475
enable unicode on vt so that qrenc works
2016-09-09 18:32:44 -04:00
Trammell Hudson
0e16afe17a
update config after recent coreboot/coreboot merge
2016-09-09 13:27:20 -04:00
Trammell Hudson
47ad314798
enable CONFIG_USE_BLOBS to checkout non-free binary blobs submodule
2016-08-19 14:41:32 -04:00
Trammell Hudson
d857170e0f
Enable measured boot support
2016-08-16 17:44:51 -04:00
Trammell Hudson
c755b8431f
update for coreboot-git
2016-08-16 09:13:38 -04:00
Trammell Hudson
21268a4bb8
Updates for coreboot-git
2016-08-14 16:04:43 -04:00
Trammell Hudson
c84293ad62
4.7 is the new default kernel
2016-08-14 16:04:11 -04:00
Trammell Hudson
d85d72a0d7
enable a few more busybox tools
2016-08-06 17:14:56 -04:00
Trammell Hudson
377cb1415b
Add cdroms to Linux config, support 4.7 kernels
2016-08-05 12:25:00 -04:00
Trammell Hudson
69ede68ced
enable /dev/mem so that cbmem tool can work
2016-08-04 17:29:26 -04:00
Trammell Hudson
a81a002abb
Build and bundle the patched xen 4.6.3 kernel
2016-08-03 18:10:44 -04:00
Trammell Hudson
4589e5d1d3
copy the bzImage into the coreboot build directory
2016-08-02 21:59:14 -04:00
Trammell Hudson
62c544ea96
coreboot build (might) work; need to do a test from clean while online
2016-08-02 21:49:22 -04:00
Trammell Hudson
3fde9759f3
coreboot-4.4 binary blobs
2016-08-02 21:39:24 -04:00
Trammell Hudson
426cd8f94f
build the linux kernel after building the initrd
2016-08-02 21:23:18 -04:00
Trammell Hudson
00559def5d
porting Makefile to use a modular build system for each package
2016-08-02 19:25:47 -04:00
Trammell Hudson
2471e15109
cleanup initrd, improve population of lib directories, remove some extra drivers, add notes on /dev
2016-07-28 00:08:33 -04:00
Trammell Hudson
364e44fcdf
working configuration files for coreboot-4.4 and linux-4.6.4, as well as with qemu
2016-07-26 15:14:07 -04:00
Trammell Hudson
4dded24fb7
build almost works
2016-07-25 13:36:15 -04:00
Trammell Hudson
a6d9902a2d
started on automated build process
2016-07-25 10:08:53 -04:00