Commit Graph

23 Commits

Author SHA1 Message Date
Thierry Laurion
acc6493492
coreboot configs: unify turning CONFIG_USBDEBUG off
sed -i '$a CONFIG_USBDEBUG=n' config/coreboot-*.config
grep -R CONFIG_COREBOOT_VERSION boards/ | awk -F "/" {'print $2'} | while read board; do if ! sudo make BOARD=$board coreboot.save_in_oldconfig_format_in_place  > /dev/null 2>&1; then echo $board failed;fi; done

Note:
Boards that are unmaintained accumulates settings addition per the sed call.

Why deactivate:
- Well, this is equivalent of cbmem -c which gives way too much information from attacker.

TODO: add an helper later on so that builds aimed at testing coreboot version bump pass to release mode or something.

As of this commit, we accept that bricks might happen and that troubleshooting will be made in a case basis?!

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 15:39:58 -04:00
Thierry Laurion
df1e6d7540
coreboot configs: put back all maintained boards (boards/*)'s coreboot configs in oldconfig format
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 15:39:40 -04:00
Thierry Laurion
446c98a3f8
coreboot configs: add CONFIG_USBDEBUG
sed -i '$a CONFIG_USBDEBUG=y' config/coreboot-*.config
grep -R CONFIG_COREBOOT_VERSION boards/ | awk -F "/" {'print $2'} | while read board; do if ! sudo make BOARD=$board coreboot.save_in_defconfig_format_in_place > /dev/null 2>&1; then echo $board failed;fi; done

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 15:39:28 -04:00
Thierry Laurion
d44fe53731
coreboot configs: add CONFIG_RESOURCE_ALLOCATION_TOP_DOWN
sed -i '/# CONFIG_RESOURCE_ALLOCATION_TOP_DOWN is not set/d' config/*.config

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 15:39:22 -04:00
Thierry Laurion
88cec3ab87
coreboot configs: put in defconfig to ease comparison and unification of configs
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 15:39:10 -04:00
Thierry Laurion
6e237d9edd
config/coreboot*: save new coreboot 24.02.01 coreboot configs in oldconfig (see new defaults from 4.22.01)
grep -R 24.02.01 boards/ | awk -F "/" {'print $2'} | while read board; do sudo make BOARD=$board coreboot.save_in_oldconfig_format_in_place; done

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 15:36:02 -04:00
Thierry Laurion
119cebc44f
coreboot 24.02.01: add upstream pending patches for heap allocation failure on bootsplash and defaulting to 4mb of heap when bootsplash
Add upstreeam patches to downstream:
git fetch https://review.coreboot.org/coreboot refs/changes/75/83475/1 && git format-patch -1 --stdout FETCH_HEAD > 0001-prevent_bootsplash_heap_allocation_failure_to_booting.patch
git fetch https://review.coreboot.org/coreboot refs/changes/76/83476/2 && git format-patch -1 --stdout FETCH_HEAD > 0002-increase_heap_from1mb_to4mb_when_bootpslash_enabled.patch

Rebuilding coreboot version with patches applied:
docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:v0.2.0 -- make BOARD=qemu-coreboot-whiptail-tpm1 real.remove_canary_files-extract_patch_rebuild_what_changed
Remove file added by patch when patching fails:
sudo rm build/x86/libgpg-error-1.46/src/syscfg/lock-obj-pub.powerpc64le-unknown-linux-musl.h

Applying patches touching coreboot version 24.02.01 defiend in board config to all boards:
grep -R 24.02.01 boards/ | awk -F "/" {'print $2'} | while read board; do sudo make BOARD=$board coreboot.save_in_oldconfig_format_in_place; done

Adding added/modified files to git tracked files for commit:
git status | grep -e modified -e added | awk -F ":" {'print $2'}| xargs git add

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 15:35:44 -04:00
Thierry Laurion
b91eaeda97
boards aimed to bump at coreboot 4.22.01: switch TPM event log format to TCG
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-03-25 15:16:03 -04:00
Thierry Laurion
fb616f416a
WiP 4.22.01 fhd patch test + bump all 4.19 boards to 4.22.01
- patches/coreboot-4.22.01/0001-x230-fhd-variant.patch created per
  - git fetch https://review.coreboot.org/coreboot refs/changes/50/28950/23 && git format-patch -1 --stdout FETCH_HEAD > ~/heads/patches/coreboot-4.22.01/0001-x230-fhd-variant.patch
- all boards configs bumped with:
  - grep -Rn 4.22 boards/ | awk -F "/" {'print $2'}| while read line; do make BOARD=$line coreboot.save_in_oldconfig_format_in_place ; done

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-03-25 15:14:42 -04:00
Thierry Laurion
0f0cb99a02
Adapt NV41/NS50 changes, unify bootsplash file usage for branding
Taken from : https://github.com/Nitrokey/heads/tree/temp-release-v2.3

- Move branding/Heads/bootsplash-1024x768.jpg -> branding/Heads/bootsplash.jpg (We don't care about the size. Make filename generic)
- Adapt all coreboot configs so bootsplash is adapted by BRAND_NAME CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg"
  - Reminders :
    - Makefile changes Heads to defined BRAND_NAME in board config
    - Makefile changes -e 's!@BRAND_DIR@!$(pwd)/branding/$(BRAND_NAME)!g'
- nv41/nv50
  - coreboot oldefconfigs adapted by:
    - make BOARD=nitropad-ns50 coreboot.modify_and_save_oldconfig_in_place
    - make BOARD=nitropad-nv41 coreboot.modify_and_save_oldconfig_in_place
  - linux oldefconfigs adapted by
    - make BOARD=nitropad-nv41 linux.modify_and_save_oldconfig_in_place
      - since this is shared config across nv41/ns50: it only needs to be done for a single board

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-20 09:40:52 -05:00
Thierry Laurion
f4a5a7cc10
FB_EFI next step: remove coreboot's Heads linux intel_iommu statements. TODO: check linux config to see if enabling automatically works as expected.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-20 09:40:42 -05:00
Thierry Laurion
5f38c715ce
coreboot config: unify quiet loglevel=2 for boards not defining default loglevel 2023-10-10 11:53:35 -04:00
d-wid
2bfa1737f8
Support branding under branding subdirectories
Squash of #1502 + moving logo/bootsplash files under branding/Heads

- Move logos and bootsplashes from blobs to branding/Heads/
- Makefile: add support for BRAND_DIR which depends on BRAND_NAME which defaults to Heads if no branding
- Boards coreboot configs: change bootsplash directory to depend on BRAND_DIR (instead of BLOBS_DIR) in bootsplash enabled configs
- Branding/Heads/bootsplash-1024x768.jpg points to branding/Heads/d-wid-ThePlexus_coreboot-linuxboot-heads_background-plain_DonateQrCode.jpg
- xcf file deleted. Original still under #1502 to reuse for modification without recompressing (blobs/heads.xcf)
- CREDITS file created to point to original authors, remixers (Open for details)
  - Thanks to: @d-wid for remixing Bing's AI generated Janus logo, @ThePlexus for Qubes Box concept and @ThrillerAtPlay for its matrix background
2023-10-06 17:09:23 -04:00
Thierry Laurion
8c366ef61d
coreboot configs: changeset needed to use efifb
- intel igpu related - remove i915drmfb hacks and use simplefb and libgfxinit enabled fb
- coreboot 4.19: add patch to fix https://ticket.coreboot.org/issues/500. fbwhiptail still tears screen if in native 1366x769 though
- coreboot 4.19: add patch to enable linux tampoline handle coreboot framebuffer (merged https://review.coreboot.org/c/coreboot/+/76431)
- coreboot 4.19: add patch to enable coreboot to apply jpeg voodoo to create bootsplash.jpeg injected in cbfs at build time + CircleCI apt imagemagick
  - (Thanks Nico Huber @icon again for above patches!)
- coreboot configs: adapt VESAFB/LIBGFXINIT to use maximum fb height/width
- coreboot configs for iGPU only: CONFIG_LINEAR_FRAMEBUFFER_MAX_HEIGHT CONFIG_LINEAR_FRAMEBUFFER_MAX_WIDTH to native size
- coreboot configs for dGPU based on Optional VBIOS injected: VESAFB set to 1280x1024 (maximum possible).

Details:
coreboot configs: remove CONFIG_LINUX_COMMAND_LINE="drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0"
 - Those were needed to expose i915drmfb driver prior of efifb working.
2023-08-16 09:39:09 -04:00
Thierry Laurion
da4c306d91
t440p p8z77-m_pro: pass to coreboot 4.19 and with comparable lockdown config to x230 + fix vbt path 2023-06-27 11:21:28 -04:00
Thierry Laurion
5710eafde4
coreboot configs: sandy/ivy/haswell : readd libgfxinit and bootsplash requirements
Remove CONFIG_NO_GFX_INIT from configs having CONFIG_NORTHBRIDGE_INTEL_SANDYBRIDGE=y
Add CONFIG_BOOTSPLASH_IMAGE from configs having CONFIG_NORTHBRIDGE_INTEL_SANDYBRIDGE=y
Add CONFIG_LINEAR_FRAMEBUFFER from configs having CONFIG_NORTHBRIDGE_INTEL_SANDYBRIDGE=y
Set BOOTSPLASH parameters to match bootsplash and jpeg requirements
 +CONFIG_LINEAR_FRAMEBUFFER_MAX_HEIGHT=768
 +CONFIG_LINEAR_FRAMEBUFFER_MAX_WIDTH=1024
 +CONFIG_BOOTSPLASH=y

Others paramaters defined per board default setting with coreboot.save_oldconfig_in_place helper
2023-06-27 11:21:25 -04:00
Thierry Laurion
f34d2dd7d7
bump qemu-tpm boards to coreboot 4.19 2023-06-27 11:21:09 -04:00
Thierry Laurion
9830c6c4ed
io386 platform lockdown: enable on sandy/ivy/haswell maximized board configs 2023-06-20 12:36:45 -04:00
Jonathon Hall
6d0cd94ba8
Enable CONFIG_NO_GFX_INIT in coreboot on i915 boards with Linux 5.10
We don't need coreboot to initialize graphics on this boards, this
eliminates some unneeded code and the gnat dependency for them.

Coreboot was using libgfxinit, but it was initializing in text mode.
Heads' kernel will then switch to graphics mode, and we hand that
framebuffer from i915 to the target kernel during kexec.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-04-27 12:50:29 -04:00
Jonathon Hall
a75ecdfc8d
t440p: Enable i915 kexec framebuffer fixes
Add CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM and related kernel parameters to
t440p.  This board is already on kernel 5.10 and uses i915 graphics.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-04-19 10:34:29 -04:00
Rocky Breslow
24d23ff47c
Add intel_iommu=igfx_off to T440p Coreboot kernel parameters
Without this, neither Qubes OS nor the Qubes OS installer would start.
Presumably, because we're "kexecing" from an already running kernel, we
need this set at the Coreboot level? Testing revealed that including
`intel_iommu=igfx_off` in the `CONFIG_BOOT_KERNEL_ADD` board config
option did nothing. And, the Qubes OS default boot option already
contains `intel_iommu=igfx_off`.

See:
- https://www.qubes-os.org/doc/installation-troubleshooting/#not-asking-for-vnc-because-we-dont-have-a-network--x-startup-failed-aborting-installation--pane-is-dead-error-during-installation
- https://github.com/Qubes-Community/Contents/blob/master/docs/troubleshooting/intel-igfx-troubleshooting.md
- https://www.kernel.org/doc/html/v5.10/x86/intel-iommu.html?highlight=igfx_off#graphics-problems
2023-01-18 15:27:45 -05:00
Rocky Breslow
f0792117ef
Adjust T440p default Coreboot defconfig options
Remove options that haven't deviated from defaults in the Coreboot
Kconfig, despite being saved by `make savedefconfig`. Also, add
`CONFIG_BOARD_LENOVO_THINKPAD_T440P`, which was missing from the `make
savedefconfig` output, causing Heads builds to fail. And finally, bump
`CONFIG_CBFS_SIZE` to `0x800000` (8 MiB to bytes to hexadecimal).

This value for the CBFS size is arbitrary. Originally, I had totaled the
size of all binary blobs, subtracted that from the T440p's ROM size (12
MiB), and used the remaining space as the CBFS size (~11.68 MiB).
However, this caused very long RAM initialization times (courtesy of
`cbmem -t`). And, an anecdote in
https://groups.google.com/a/chromium.org/g/chromium-os-reviews/c/lUqRrGUoEBY/m/ka7L1f2BS8gJ
suggested that this value needs to be a power of 2.

So, I picked a size I expected our Linux payload to fit into that was a
power of 2 that I also expected would leave enough space in the ROM for
the IFD, ME, GbE, and Coreboot.

Now, it takes less than a second for RAM initialization after
flashing/first boot (anecdotally, it seems the MRC needs to be
"trained?").
2023-01-18 15:27:44 -05:00
Rocky Breslow
e325976569
Add initial T440p Coreboot defconfig
I generated this config by walking through Coreboot's `make menuconfig`.
The plan is to pare down verbose defaults and tweak from here.
2023-01-18 15:27:44 -05:00