Francis Lam
d67360a24b
Added rollback protection to generic boot
...
Changed the checking of required hashes or required rollback state
to be right before boot, allowing the user to sign/set defaults
in interactive mode.
Also cleaned up usages of recovery and fixed iso parameter
regression.
2017-07-08 16:59:37 -04:00
Francis Lam
8004b5df2a
Added the ability to persist a default boot option
...
Similar to qubes-update, it will save then verify the hashes of
the kexec files. Once TOTP is verified, a normal boot will verify
that the file hashes and all the kexec params match and if
successful, boot directly to OS.
Also added a config option to require hash verification for
non-recovery boots, failing to recovery not met.
2017-07-04 19:49:14 -04:00
Francis Lam
3614044fff
Added a generic boot config and persistent params
...
Refactored boot parsing code and applied that in local-init to
scan /boot for grub options and allow the user to unsafely boot
anything. This goes a long way to addressing #196 .
Optionally the user can customize those boot parameters or enforce
arbitrary hashes on the boot device by creating and signing config
files in /boot/ or /media/ or /media/kexec_iso/ISO_FILENAME/.
2017-07-02 23:01:04 -04:00
Francis Lam
7f6f365afe
Reverted submodule name back to xen
2017-06-26 13:07:48 -04:00
Francis Lam
c2ec62bfcd
Changed xen submodule to track Qubes Xen
...
Closes #159
2017-06-23 23:01:20 -04:00
Trammell Hudson
2b2c00e594
typo in comment
2017-05-01 10:52:49 -04:00
Johan Grip
8b3ed5fd7a
Added blob directory for non-free blobs Also basic documentation for the binaries needed for the X220 and how the get to them
2017-05-01 10:49:45 -04:00
Johan Grip
186b641385
Inital test of a lenovo x220 port. Uses hardcoded paths for the blobs required. Uses a stripped ME blob.
2017-05-01 10:49:38 -04:00
Trammell Hudson
2cad84a768
make the ME a module (issue #194 )
2017-05-01 10:47:24 -04:00
Francis Lam
efd662c63a
adds a USB boot option with basic parsing to kexec
...
Supports booting from USB media using either the root device or
a signed ISO as the boot device. Boot options are parsed with
quick/dirty shell scripts to infer kexec params.
Closes #195 and begins to address #196
2017-04-29 13:40:34 -04:00
Trammell Hudson
448d0731a9
cherry pick Linux config from zfs branch with multi-user set
2017-04-17 16:10:48 -04:00
Trammell Hudson
d73c92e63f
quiet down the boot process
2017-04-12 06:46:55 -04:00
Trammell Hudson
8c57ac59e7
x230-flash configuration and initialization
2017-04-11 07:16:20 -04:00
Trammell Hudson
85f0586615
build xen for the qemu image so that we can test kexec
2017-04-10 12:59:07 -04:00
Trammell Hudson
300b17fa25
add dropbear ssh to qubes and moc configurations (issue #169 )
2017-04-07 09:53:02 -04:00
Trammell Hudson
830828f2a2
enable usb storage module (issue #160 )
2017-04-06 09:45:47 -04:00
Trammell Hudson
cfcf6c46d5
Purism Librem 13v1 initial configuration
2017-04-05 14:13:40 -04:00
Trammell Hudson
3d79f51e4a
Build lvm command line utility (issue #80 )
...
Replace libuuid with util-linux libuuid (and libblkid,
although we are not using libblkid right now).
This also requires a much larger coreboot cbfs, which was
fixed as part of issue #154 .
2017-04-03 17:13:59 -04:00
Trammell Hudson
4c413a1737
enable file locking for LVM
2017-04-03 17:11:12 -04:00
Trammell Hudson
d335f24292
split x230 config into 4MB bootstrap image and 7MB runtime image (issue #156 )
2017-04-03 14:53:29 -04:00
Trammell Hudson
f99944abe5
qubes init script and improved TPM disk encryption with LUKS headers (issue #123 and #6 )
2017-04-01 23:02:00 -04:00
Trammell Hudson
3225501e84
remove power related busybox tools that do not work
2017-03-31 16:00:27 -04:00
Trammell Hudson
7045d02794
move to Linux 4.9.20 (issue #149 )
2017-03-31 15:59:37 -04:00
Trammell Hudson
8544c5fe6d
busybox 1.26.2 update (issue #148 )
2017-03-31 14:53:01 -04:00
Trammell Hudson
d6c553e884
typo in qemu description
2017-03-31 13:04:46 -04:00
Trammell Hudson
c40748aa25
Build time configuration for startup scripts and modules.
...
This addresses multiple issues:
* Issue #63 : initrd is build fresh each time, so tracked files do not matter.
* Issue #144 : build time configuration
* Issue #123 : allows us to customize the startup experience
* Issue #122 : manual start-xen will go away
* Issue #25 : tpmtotp PCRs are updated after reading the secret
* Issue #16 : insmod now meaures modules
2017-03-31 11:18:46 -04:00
Trammell Hudson
9feb094701
enable flashrom and pciutils to allow the boot ROM to be re-written (issue #17 )
2017-03-30 14:35:30 -04:00
Trammell Hudson
bf94e4c416
include a nearly empty, but consistent, cpio file to ensure reproducible Linux builds (issue #142 )
2017-03-30 10:16:13 -04:00
Trammell Hudson
418ceaf733
make USB a module, strip debug info (issue #139 )
2017-03-28 17:05:04 -04:00
Trammell Hudson
8384201e9c
Change ethernet drivers to be modules and measure them when they are loaded.
...
This is a step towards unifying the server and laptop config (issue #139 )
and also makes it possible to later remove the USB modules from the
normal boot path.
2017-03-28 16:32:58 -04:00
Trammell Hudson
1475148848
enable TCP SYN cookies (issue #138 )
2017-03-28 11:46:17 -04:00
Trammell Hudson
e83ba0a0c7
enable futex for keylime
2017-03-27 18:52:31 -04:00
Trammell Hudson
f39dfd321d
enable dhcp and add helper script for lease setup
2017-03-27 15:56:10 -04:00
Trammell Hudson
edb4b4de50
enable raw sockets and the qemu network driver
2017-03-27 15:27:53 -04:00
Trammell Hudson
48adc3e4cd
enable wget
2017-03-27 14:25:34 -04:00
Trammell Hudson
279851e66d
started on extra features for MOC server initrd build
2017-03-20 14:57:22 -04:00
Trammell Hudson
b06b0331a0
started on extra features for MOC server kernel build
2017-03-20 14:52:39 -04:00
Trammell Hudson
4182c0e0aa
enable ISO9660 file systems and code page ISO8859-1 (issues #116 and #107 )
2017-03-20 11:17:18 -04:00
Trammell Hudson
e4538785ec
enable read-only, no-execute for module data (issue #72 )
2017-03-20 11:12:41 -04:00
Trammell Hudson
54cded7f59
pass extra parameters to xz to compress initrd.cpio for Linux kernel (issue #127 )
2017-03-18 10:50:43 -04:00
Trammell Hudson
b81a20fb71
enable CONFIG_NET, to allow cryptsetup to work (issue #79 )
2017-01-05 06:00:59 -05:00
Trammell Hudson
8ff56aff5a
Enable IOMMU by default (issue #75 ) and prune kernel features.
2017-01-04 18:38:45 -05:00
Trammell Hudson
45ba75949b
kernel 4.9 setup with framebuffer for x230 (issue #64 )
2016-12-13 14:58:23 -05:00
Trammell Hudson
a6520772dc
Update Heads to use the 4.9 Linux LTS kernel.
...
No patches are required to boot 4.9 as a coreboot payload,
unlike the 4.7 kernel that required a head_64.S patch.
The new kernel is about 40 KB larger than the 4.7; the
config might be shrinkable.
Close issue #61 .
2016-12-12 11:01:18 -05:00
Trammell Hudson
0aae22d67c
increase CBFS size for qemu builds to allow easier experimentation
2016-12-01 14:02:57 -05:00
Trammell Hudson
c98a392508
enable EPOLL for plymouth
2016-12-01 14:02:26 -05:00
Trammell Hudson
05056aefc0
include chmod ( fix #30 )
2016-11-29 14:29:38 -05:00
Trammell Hudson
e55a6a4df4
Rework Makefile a bit.
...
rename TARGET to BOARD (fix #55 )
use .INTERMEDIATE trick to avoid building multiple times (fix #52 )
Don't touch build/*/.config if we don't have to (fix #51 )
2016-11-29 11:28:05 -05:00
Trammell Hudson
4a83273744
disable ACPI on qemu boots, this fixes #53
2016-11-29 11:22:47 -05:00
Trammell Hudson
4fbd6ca58b
Make coreboot building modular to support multiple boards.
...
This touches most of the module configurations since the
coreboot build process had to add a few new features.
The Linux kernel could make use of it as well if we need
separate x230/chell/qemu kernels, for instance.
2016-11-23 12:11:08 -05:00
Trammell Hudson
638329709e
include find and compression tools
2016-11-23 10:47:04 -05:00
Trammell Hudson
16bad1abd4
enable aes-xts in Heads kernel (issue #44 )
2016-10-26 15:10:53 -04:00
Trammell Hudson
2663fc464b
updated for receent merge of coreboot master
2016-09-26 14:10:32 -04:00
Trammell Hudson
ab5fb03475
enable unicode on vt so that qrenc works
2016-09-09 18:32:44 -04:00
Trammell Hudson
0e16afe17a
update config after recent coreboot/coreboot merge
2016-09-09 13:27:20 -04:00
Trammell Hudson
47ad314798
enable CONFIG_USE_BLOBS to checkout non-free binary blobs submodule
2016-08-19 14:41:32 -04:00
Trammell Hudson
d857170e0f
Enable measured boot support
2016-08-16 17:44:51 -04:00
Trammell Hudson
c755b8431f
update for coreboot-git
2016-08-16 09:13:38 -04:00
Trammell Hudson
21268a4bb8
Updates for coreboot-git
2016-08-14 16:04:43 -04:00
Trammell Hudson
c84293ad62
4.7 is the new default kernel
2016-08-14 16:04:11 -04:00
Trammell Hudson
d85d72a0d7
enable a few more busybox tools
2016-08-06 17:14:56 -04:00
Trammell Hudson
377cb1415b
Add cdroms to Linux config, support 4.7 kernels
2016-08-05 12:25:00 -04:00
Trammell Hudson
69ede68ced
enable /dev/mem so that cbmem tool can work
2016-08-04 17:29:26 -04:00
Trammell Hudson
a81a002abb
Build and bundle the patched xen 4.6.3 kernel
2016-08-03 18:10:44 -04:00
Trammell Hudson
4589e5d1d3
copy the bzImage into the coreboot build directory
2016-08-02 21:59:14 -04:00
Trammell Hudson
62c544ea96
coreboot build (might) work; need to do a test from clean while online
2016-08-02 21:49:22 -04:00
Trammell Hudson
3fde9759f3
coreboot-4.4 binary blobs
2016-08-02 21:39:24 -04:00
Trammell Hudson
426cd8f94f
build the linux kernel after building the initrd
2016-08-02 21:23:18 -04:00
Trammell Hudson
00559def5d
porting Makefile to use a modular build system for each package
2016-08-02 19:25:47 -04:00
Trammell Hudson
2471e15109
cleanup initrd, improve population of lib directories, remove some extra drivers, add notes on /dev
2016-07-28 00:08:33 -04:00
Trammell Hudson
364e44fcdf
working configuration files for coreboot-4.4 and linux-4.6.4, as well as with qemu
2016-07-26 15:14:07 -04:00
Trammell Hudson
4dded24fb7
build almost works
2016-07-25 13:36:15 -04:00
Trammell Hudson
a6d9902a2d
started on automated build process
2016-07-25 10:08:53 -04:00