sed -i '$a CONFIG_USBDEBUG=n' config/coreboot-*.config
grep -R CONFIG_COREBOOT_VERSION boards/ | awk -F "/" {'print $2'} | while read board; do if ! sudo make BOARD=$board coreboot.save_in_oldconfig_format_in_place > /dev/null 2>&1; then echo $board failed;fi; done
Note:
Boards that are unmaintained accumulates settings addition per the sed call.
Why deactivate:
- Well, this is equivalent of cbmem -c which gives way too much information from attacker.
TODO: add an helper later on so that builds aimed at testing coreboot version bump pass to release mode or something.
As of this commit, we accept that bricks might happen and that troubleshooting will be made in a case basis?!
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This is needed so that ACPI tables are generated from coreboot for final OS to not apply quirks to support wifi cards
TODO: bluethooth not activated here, maybe we should.
sed -i '/# CONFIG_DRIVERS_INTEL_WIFI is not set/d' config/coreboot-*.config
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Update Purism coreboot to 24.02.01-Purism-1.
Remove CFLAGS overrides when building coreboot. These overrides break
24.02.01, which added (and needs) --param=min-pagesize=1024. This has
happened repeatedly in the past since Heads has to duplicate coreboot's
CFLAGS if it overrides them.
Specifically, the build fails with this error:
src/commonlib/include/commonlib/endian.h:27:26: error: array subscript 1 is outside array bounds of 'void[0]' [-Werror=array-bounds=]
27 | *(uint8_t *)dest = val;
| ~~~~~~~~~~~~~~~~~^~~~~
In function 'setup_default_ebda':
cc1: note: source object is likely at address zero
That's because coreboot is attempting to write to EBDA at physical
address 0x40e, just above 1024. That is a valid address for x86, but
it's too close to 0 by default for GCC, --param-min-pagesize=1024
allows writes to physical addresses above 1024.
coreboot shouldn't need any of the usual Heads CFLAGS overrides for
reproducibility; it is already reproducible.
Fix indentation in modules/coreboot. Make accepted it before because
the indented lines followed a variable assignment, so they couldn't
be part of a recipe. That assignment is now gone, so they're now
interprted as part of a recipe for the `.configured` target just above,
they should not be indented.
Add nss to flake.nix, needed as of 24.02.01.
Update Librem coreboot configs for 24.02.01-Purism-1. Notably, the
board Kconfig changed for Mini v2 in coreboot, so this is needed for
correct builds.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
intel_iommu=igfx_off is needed on the Heads kernel command line for
memtest86+ to work. Without this parameter, the screen blanks when
memtest86+ starts testing.
This is unique to Librem 11, probably because it is the only device
using FSP GOP for graphics init in coreboot. (libgfxinit does not yet
support Jasper Lake.)
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
removes a comment:
-# CONFIG_DASHARO_FIRMWARE_UPDATE_MODE is not set
- Unify ns50/nv41
- CONFIG_TPM_PIRQ=0x27 in both nv41/ns50 as per https://github.com/linuxboot/heads/pull/1662#issuecomment-2100820944
NOTE that this doesn't stick when calling
make[1]: Leaving directory '/home/user/heads/build/x86/coreboot-dasharo'
user@heads-tests-deb12:~/heads$ git diff
diff --git a/config/coreboot-nitropad-nv41.config b/config/coreboot-nitropad-nv41.config
index 9484aaf5122..ddd4e5d7c56 100644
--- a/config/coreboot-nitropad-nv41.config
+++ b/config/coreboot-nitropad-nv41.config
@@ -143,7 +143,7 @@ CONFIG_BOARD_CLEVO_NV40PZ_BASE=y
CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="Nitropad NV41"
CONFIG_CONSOLE_POST=y
# CONFIG_USE_PM_ACPI_TIMER is not set
-CONFIG_TPM_PIRQ=0x27
+CONFIG_TPM_PIRQ=0x0
# CONFIG_SOC_INTEL_CSE_SEND_EOP_EARLY is not set
CONFIG_VBOOT_FWID_VERSION="$(CONFIG_LOCALVERSION)"
CONFIG_EC_SYSTEM76_EC_BAT_THRESHOLDS=y
Also note that CONFIG_EC_SYSTEM76_EC_DGPU=y is not present on ns50 as opposed to nv41, whatever that does.
user@heads-tests-deb12:~/heads$ diff -u config/coreboot-nitropad-nv41.config config/coreboot-nitropad-ns50.config
--- config/coreboot-nitropad-nv41.config 2024-05-10 14:59:42.156754718 -0400
+++ config/coreboot-nitropad-ns50.config 2024-05-10 14:55:37.699761391 -0400
@@ -110,7 +110,7 @@
# CONFIG_VENDOR_TI is not set
# CONFIG_VENDOR_UP is not set
CONFIG_MAINBOARD_FAMILY="Not Applicable"
-CONFIG_MAINBOARD_PART_NUMBER="nv40pz"
+CONFIG_MAINBOARD_PART_NUMBER="ns50pu"
CONFIG_MAINBOARD_VERSION="v2.1"
CONFIG_MAINBOARD_DIR="clevo/adl-p"
CONFIG_DIMM_MAX=4
@@ -128,7 +128,7 @@
CONFIG_DEVICETREE="devicetree.cb"
# CONFIG_VBOOT is not set
CONFIG_VBOOT_VBNV_OFFSET=0x28
-CONFIG_VARIANT_DIR="nv40pz"
+CONFIG_VARIANT_DIR="ns50pu"
CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb"
# CONFIG_VGA_BIOS is not set
CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Nitrokey"
@@ -139,8 +139,8 @@
CONFIG_CMOS_LAYOUT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.layout"
CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0
CONFIG_BOARD_CLEVO_ADLP_COMMON=y
-CONFIG_BOARD_CLEVO_NV40PZ_BASE=y
-CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="Nitropad NV41"
+CONFIG_BOARD_CLEVO_NS50PU_BASE=y
+CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="Nitropad NS51"
CONFIG_CONSOLE_POST=y
# CONFIG_USE_PM_ACPI_TIMER is not set
CONFIG_TPM_PIRQ=0x27
@@ -158,8 +158,8 @@
CONFIG_HAVE_INTEL_FIRMWARE=y
CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000
CONFIG_DRIVERS_INTEL_WIFI=y
-CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/novacustom/nv4x_adl/descriptor.bin"
-CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/novacustom/nv4x_adl/me.bin"
+CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/novacustom/ns5x_adl/descriptor.bin"
+CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/novacustom/ns5x_adl/me.bin"
CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000
CONFIG_VBT_DATA_SIZE_KB=9
CONFIG_CARDBUS_PLUGIN_SUPPORT=y
@@ -176,8 +176,8 @@
#
# Alder Lake P (2022)
#
-# CONFIG_BOARD_NOVACUSTOM_NS5X_ADLP is not set
-CONFIG_BOARD_NOVACUSTOM_NV4X_ADLP=y
+CONFIG_BOARD_NOVACUSTOM_NS5X_ADLP=y
+# CONFIG_BOARD_NOVACUSTOM_NV4X_ADLP is not set
#
# Tiger Lake U (2021)
@@ -503,7 +503,6 @@
#
CONFIG_EC_ACPI=y
CONFIG_EC_SYSTEM76_EC=y
-CONFIG_EC_SYSTEM76_EC_DGPU=y
#
# Intel Firmware
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Also disable bootsplash resizing to center the logo in the middle of
the screen.
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
git difftool -d HEAD^ to check config against previous version (librem shared config), noticed I2C options being maybe relevant, added them back in
Then saved with make BOARD=nitropad-ns50 linux.modify_and_save_oldconfig_in_place
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Result of:
make BOARD=nitropad-nv41 coreboot.save_in_oldconfig_format_in_place
make BOARD=nitropad-ns50 coreboot.save_in_oldconfig_format_in_place
No change, was applied like this anyway at compilation.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
The coreboot power failure state Kconfig options are wired up to the
Power on AC feature on Clevo mainboards. Set the power failure state to
0 to prevent these boards from powering on or waking up with AC attach.
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
- Add additional requirements to linux config
- Add additional CONFIG_MOBILE_TETHERING=y to all maximized board configs
- Fix issue under network-recovery-init to NTP sync against NTP server pool
- Extend network-recovery-init to first try NTP sync against DNS server returned by DHCP answer
- Remove network-recovery-init earlytty and tty0 redirection (console should be setuped properly by init in all cases)
- If CONFIG_MOBILE_TETHERING=y added to board config and network-recovery-init called, wait to user input on instructions and warning 30 secs before proceeding (non-blocking)
- Machines having STATIC_IP under board config won't benefit of autoatic NTP sync
Since network-recovery-init can only be called from recovery shell now, and recovery shell can be guarded by GPG auth, this is PoC code to be used to complement TOTP being out of sync
TODO(Future PR):
- Refactor into functions and reuse into TOTP/HOTP being out of sync automatically.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Rebuild the kernel 6.1.8 config for Librem devices starting from the
current 5.10 config as a base. The current 5.10 config had cleaned up
some unneeded options, but that hadn't been carried over to the 6.1.8
config.
Graphics init still uses EFIFB in the 6.1.8 kernel. 5.10 keeps DRM+ast
to support librem_l1um (the only board still using it).
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
* remove all previous coreboot patches (as they are already included)
* to be investigated: linux trampoline patch
* add new patch to hardcode sleep configuration
* activate smmstore as dasharo vendor code requires it
Signed-off-by: Markus Meissner <coder@safemailbox.de>
Taken from : https://github.com/Nitrokey/heads/tree/temp-release-v2.3
- Move branding/Heads/bootsplash-1024x768.jpg -> branding/Heads/bootsplash.jpg (We don't care about the size. Make filename generic)
- Adapt all coreboot configs so bootsplash is adapted by BRAND_NAME CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg"
- Reminders :
- Makefile changes Heads to defined BRAND_NAME in board config
- Makefile changes -e 's!@BRAND_DIR@!$(pwd)/branding/$(BRAND_NAME)!g'
- nv41/nv50
- coreboot oldefconfigs adapted by:
- make BOARD=nitropad-ns50 coreboot.modify_and_save_oldconfig_in_place
- make BOARD=nitropad-nv41 coreboot.modify_and_save_oldconfig_in_place
- linux oldefconfigs adapted by
- make BOARD=nitropad-nv41 linux.modify_and_save_oldconfig_in_place
- since this is shared config across nv41/ns50: it only needs to be done for a single board
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Touches c216, x230-flash, x230-legacy and x230-maximized.
TODO: Other boards, including AMD ones (qemu/kgpe) have this ON, including nv41/ns50 (which uses i915drm which most probably causes problems)
Note that qemu boards use q35 in config, but were made to have both i440fx and q35, where q35 is tested, which explains why its on by default there.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
- Closes https://github.com/linuxboot/heads/pull/1452
- coreboot: Take Talos II 0.7 release coreboot config file that was inside of cbfs and use it as a base upstream.
- linux: Readd sysctl and proc requirements for cbmem to work.
TODO: fix gpg2 module so that the following doesn't happen (a ppc64 thing. Can't figure out why):
```
Adding generated key to current firmware and re-flashing...
Board talos-2 detected, continuing...
37281653053696daf2e40a8efe9451b557d9d6ab586830dc85f814bf2e03a05f /tmp/talos-2.rom
Initializing Flash Programmer
Reading old flash contents. Please wait...
Flashing: [##################################################\] (100%)
Verifying flash contents. Please wait...
The flash contents were verified and the image was flashed correctly.
Signing boot files and generating checksums...
180726119: 000E452213510000005A
gpg: error running '//bin/dirmngr': probably not installed
gpg: failed to start dirmngr '//bin/dirmngr': Configuration error
gpg: can't connect to the dirmngr: Configuration error
gpg: no default secret key: No dirmngr
gpg: signing failed: No dirmngr
```
dirmngr is deactivated per configure statement --disable-dirmngr, and works as expected on x86
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
config/linux-librem_common-6.1.8.config: passed to oldconfig format through 'make BOARD=librem_14 linux.modify_and_save_oldconfig_in_place'
Signed-off-by: Thierry Laurion <insurgo@riseup.net>