Since legacy boards do not have e1000e as opposed to maximized builds (no network), we also deactivate:
+# CONFIG_INET is not set
+# CONFIG_ETHTOOL_NETLINK is not set
+# CONFIG_NETDEVICES is not set
This makes gpg24 and newer flashrom bump possible
CONFIG_PREEMPT_NONE=y: Remove preemptiveness for servers. Under heads, we are single tasking. No point having this big thing in kernel https://lwn.net/Articles/746780/
IO scheduler: only enable CONFIG_MQ_IOSCHED_DEADLINE=y since we want maximum throughput and do not have concurrent tasks
CONFIG_CPU_ISOLATION=y : Enable CPU Isolation accross all boards: this permits to make sure that the kernel tasks running on a CPU are not distrurbed bu user tasks
CONFIG_MULTIUSER not defined: Removing cluttering since we are single root user under Heads anyway
CONFIG_IO_URING=y : limit number of copy operations between kernel and user space from apps
CONFIG_ZONE_DMA not defined: relevant for older hardware (less then 32bit addressing space)
CONFIG_X86_MPPARSE not defined: relevant for older smp systems
CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE is enabled and SCHEDUTIL is disabled: we want performance with CPU sched with deadline IO.
CONFIG_PERF_EVENTS_INTEL_UNCORE and CONFIG_PERF_EVENTS_INTEL_CSTATE not defined: we want max perf on Heads
CONFIG_X86_VSYSCALL_EMULATION not defined: no need for syscall emulation under Heads
CONFIG_SECCOMP not defined : usefull if BPF is enabled and used.
CONFIG_ACPI_SPCR_TABLE=y : usefull for serial redirection table and earlycon
CONFIG_PCI_MMCONFIG CONFIG_MMCONF_FAM10H unset but for kgpe-d16 which is either fam10h of fam15h
CONFIG_DM_SNAPSHOT=y CONFIG_DM_THIN_PROVISIONING=y so that recovery shell can provide LVM/DM functionality in later PR.
CONFIG_EXFAT_FS=y so that exfat preformated thumb drives can work out of the box
Adjust CONFIG_HW_RANDOM per platform, removing CONFIG_HW_RANDOM_TIMERIOMEM
Only support processor family needed per board (AMD only AMD, Intel only Intel, removing CONFIG_CPU_SUP_HYGON CONFIG_CPU_SUP_HYGON CONFIG_CPU_SUP_CENTAUR CONFIG_CPU_SUP_ZHAOXIN CONFIG_CPU_SUP_ZHAOXIN everywhere
qemu: support both AMD and INTEL as an exception for the above.
Removed unused compiled modules unpacked under modules.cpio
Removed not needed crypto modules compiled in or as modules, reviewed from https://github.com/osresearch/heads/issues/1396#issuecomment-1538780319 :
CONFIG_CRYPTO=y
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD=y
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_SKCIPHER=y
CONFIG_CRYPTO_SKCIPHER2=y
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_HASH2=y
CONFIG_CRYPTO_RNG=y
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_AKCIPHER2=y
CONFIG_CRYPTO_KPP2=y
CONFIG_CRYPTO_ACOMP2=y
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MANAGER2=y
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y
CONFIG_CRYPTO_NULL=y
CONFIG_CRYPTO_NULL2=y
CONFIG_CRYPTO_CRYPTD=y
CONFIG_CRYPTO_AUTHENC=y
CONFIG_CRYPTO_SIMD=y
CONFIG_CRYPTO_GLUE_HELPER_X86=y
CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_ECB=y
CONFIG_CRYPTO_XTS=y
CONFIG_CRYPTO_ESSIV=y
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_CRC32C=y
CONFIG_CRYPTO_CRC32C_INTEL=y
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA1_SSSE3=y
CONFIG_CRYPTO_SHA256_SSSE3=y
CONFIG_CRYPTO_SHA512_SSSE3=y
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=y
CONFIG_CRYPTO_AES_NI_INTEL=y
CONFIG_CRYPTO_USER_API=y
CONFIG_CRYPTO_USER_API_HASH=y
CONFIG_CRYPTO_USER_API_SKCIPHER=y
CONFIG_CRYPTO_USER_API_RNG=y
CONFIG_CRYPTO_USER_API_AEAD=y
CONFIG_CRYPTO_HASH_INFO=y
CONFIG_CRYPTO_LIB_AES=y
CONFIG_CRYPTO_LIB_SHA256=y
Remove CONFIG_NO_GFX_INIT from configs having CONFIG_NORTHBRIDGE_INTEL_SANDYBRIDGE=y
Add CONFIG_BOOTSPLASH_IMAGE from configs having CONFIG_NORTHBRIDGE_INTEL_SANDYBRIDGE=y
Add CONFIG_LINEAR_FRAMEBUFFER from configs having CONFIG_NORTHBRIDGE_INTEL_SANDYBRIDGE=y
Set BOOTSPLASH parameters to match bootsplash and jpeg requirements
+CONFIG_LINEAR_FRAMEBUFFER_MAX_HEIGHT=768
+CONFIG_LINEAR_FRAMEBUFFER_MAX_WIDTH=1024
+CONFIG_BOOTSPLASH=y
Others paramaters defined per board default setting with coreboot.save_oldconfig_in_place helper
both linux/coreboot:
- save_in_defconfig_format_in_place : takes whatever coreboot config file for a make BOARD=xyz statement and saves it in defconfig
- save_in_oldefconfig_format_in_place : takes whatever coreboot config file for a make BOARD=xyz statement and saves it in oldefconfig
linux:
- linux.prompt_for_new_config_options_for_kernel_version_bump:
- The most useful helper as of now when doing kernel version bump.
- Requires to save current kernel config in oldconfig (make BOARD=xyz linux.save_in_oldefconfig_format_in_place) first, then bump kernel version in board config and then use that helper to review new options and save in tree.
- add additional kernel boot params for i915 where needed:
- adds : drm_kms_helper.drm_leak_fbdev_smem=1 i915.enable_fbc=0 ( to permit kexec into vesa fb of kexec'ed kernel for i915 driven gpus without framebuffer compression, leaking smem fbdev address for kexec to pickup )
advanced qemu-coreboot-*-tpm*-* boards enables virtio qemu/kvm through command line option.
qemu-coreboot-* (whiptail or fbwhiptail) basic boards are using bochs gpu emulation, provided through qemu
linux-qemu.config, if shared as of now, needs to provide both virtio (no need of FB_SIMPLE because DRM) and BOCHS+SIMPLE_FB
It was impossible to use directly 4.14 defconfig and apply it to 5.10.
Saving 4.14 in oldconfig, then editing in 5.10 was necessary.
- E1000E module (as kernel module support...) was lost in conversion and needed to be added back.
Also tuned things up:
- legacy-flash has no RETPOLINE, no security policy at all. Has expected usb controllers modules, exFAT and bare minimal support for flashrom.
- IMPORTANT: CONFIG_X86_IOPL_IOPERM kernel option is required by flashrom
- legacy adds sata, retpoline, additional modules (ethernet), security policy related material on top of legacy-flash config
- maximized adds MMC card support, mousedev+synaptic (to report presence through oem-system-info-xx30), thin provisioning+snapshot support
- tuned with linux.prompt_for_new_config_options_for_kernel_version_bump
Current storage format is oldconfig from now on for proper analysis. If needed, once can save back in defconfig prior of bumping to newer version.
Use CONFIG_BRAND_NAME to control the brand name displayed in the UI.
Override by setting BRAND_NAME when building, either in the Makefile or
on the command line.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Remove brand name from this configuration variable. For backward
compatibility, update config.user in init if the branded variable is
present.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Debian 12's initrd by default now consists of an uncompressed cpio
archive containing microcode, followed by a zstd-compressed cpio
archive. inject_firmware.sh only supported gzip-compressed cpio, so it
could not extract /init from this archive.
Add zstd-decompress to decompress zstd streams (uncompressed size is
about 180 KB).
Add unpack_initramfs.sh which is able to decompress uncompressed, gzip,
or zstd archives, with multiple segments, much like the Linux kernel
itself does.
Use unpack_initramfs.sh to extract /init for blob jail.
Don't compress the new archive segment containing firmware and the
updated /init.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
These changes primarily improve server boards using BMC video. The
correct DRI card is selected even if it isn't the first one, and
performance is greatly improved on non-UMA cards.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
This is particularly beneficial for servers with Aspeed BMC video,
because it introduces framebuffer console acceleration. The
framebuffer console is much more responsive.
Patches were ported from 5.10.5:
0001-fake-acpi.patch: This may not be needed any more, but it applies
cleanly and I don't think it would harm anything.
0002-nmi-squelch.patch: The comment mentions qemu but I see this
message on physical machines occasionally, so I think this is needed.
0003-fake-trampoline.patch: This patch does not apply cleanly. It
could be ported, but I don't think it's needed, I dropped it. Dates
back to a very old commit where Linux was being embedded into a vendor
UEFI firmware: a4d7654b1e.
0010-winterfell-ahci.patch: Minor change of %x to %lx in context.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
PureBoot doesn't have any other three-valued settings and this doesn't
present very well in the config UI.
Instead make this a two-valued setting; drop the mode that forces the
EC setting to "stay off" at every boot because this is the default.
When disabling automatic power-on, disable the EC BRAM setting too.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Stop manually loading config values, just update config in environment.
Never test values against "n", since many default to empty. Always
test ="y" or !="y", any other value is off.
Add set_user_config() function to set a value in config.user,
combine configs, and update config in environment. Use it in setting
implementations.
Remove toggle_config, it wasn't very useful because the settings still
test y/n in order to show specific confirmation and success messages.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
