Commit Graph

125 Commits

Author SHA1 Message Date
Thierry Laurion
58cb8df266
coreboot-4.8.1: acpica-unix2 cannot be downloaded per www.acpica.org since cert is signed by Intel which cert authority is unknown from older build systems... Cert was renewed March 10 2020. URL changed to crux.ster.zone 2020-03-15 18:45:33 -04:00
Matt DeVillier
28fedf9a7e
modules/libremkey-hotp-verification: make reproducible
Modeled after modules/tpmtotp, use a specific git commit hash for
module libremkey-hotp-verification. Add hidapi as a submodule with
dummy/placeholder in modules (like coreboot-blobs), also specified
by git commit hash. Adjust libremkey-hotp-verification patch file
name so patch applied properly.

Addresses issue #640

Test: build Librem 13v4

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-19 13:37:41 -06:00
Matt DeVillier
ad2395d3db
libremkey-hotp-verification: toolchain adjustments
Pass through new toolchain path via $(CROSS) so we can set the
c/c++ compiler paths correctly for CMake. Adjust patch to use
new paths, and fix compiler/linker paths to correct a libusb linking issue.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-01-22 12:03:05 -06:00
Francis Lam
ed3602f0ba
modules: maintain reproducibility by removing rpath 2020-01-16 09:36:42 -08:00
Francis Lam
23d0126407
kexec: update to 2.0.20
Fix issue with kexec failing to load the target kernel when
building with musl-cross-make
2020-01-16 09:30:15 -08:00
tlaurion
8e4b10922b
Merge pull request #653 from osresearch/musl-cross-make
Use musl cross make for Heads, Linux, coreboot and edk2
2020-01-15 13:15:19 -05:00
tlaurion
a5f4d7d8be
Merge pull request #652 from osresearch/lvm-segfault
lvm2: turn off buffering, which prevents segfault with new musl (#651)
2020-01-15 13:14:30 -05:00
Trammell hudson
6962bfda10
lvm2: turn off buffering, which prevents segfault with new musl (#651)
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-01-09 13:27:09 +01:00
Trammell Hudson
791d064397
musl-cross-make: replace all cross compilers with musl-cross-make
Signed-off-by: Trammell Hudson <hudson@trmm.net>
2020-01-08 17:08:15 +01:00
Trammell hudson
6c93a5e854
libksba: fix name of patch file
Signed-off-by: Trammell hudson <hudson@trmm.net>
2020-01-08 10:01:21 +01:00
Trammell Hudson
69f3cc46ab
libksba: fix qsort handler to sort the string table in a reproducible way
Signed-off-by: Trammell Hudson <hudson@trmm.net>
2020-01-07 19:01:59 +01:00
tlaurion
8af849cadc
Merge pull request #618 from osresearch/musl-cross-pin
Pin tag of musl-cross, tpmtotp and msrtools
2019-12-06 10:52:50 -05:00
rofl0r
7370b75945 update musl-cross to 1952975
this should fix issues with compressed ELF header sections.
2019-12-02 23:03:14 +00:00
tlaurion
b4a647c485
Merge pull request #461 from osresearch/debug-linux
Enable verbose bootup debugging and set the early serial IO base port
2019-11-28 10:53:29 -05:00
Trammell hudson
56aa508b8d
musl-cross: pin to a specific checkout (#617)
Add `--strip 1` to tar file extraction in the `Makefile`,
which ensures that the directory name in `build/` will
match the one listed in `$($(MODULE)_dir)`.

Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-10-29 13:15:56 +01:00
Trammell hudson
4f0e778582
musl-cross: update patch for recent git commits (#617)
Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-10-29 12:52:55 +01:00
Matt DeVillier
77949c9cff
libremkey_hotp_initialize: handle spaces in admin pin/pass
Fix HOTP verfication failure if LK admin pin/passphrase contains
spaces by quoting the variables when passed to functions.

Test: set LK admin pin to passphrase with spaces, generate
new TOTP/HOTP, verification passes.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-06-24 23:30:39 -05:00
Matt DeVillier
286303d95c
libremkey-hotp-verification: pass in key file directly
Reading the file into a variable and then redirecting to stdin
via echo() can cause the binary data to be truncated, leading
to an invalid base32 value and failure to properly generate
and validate the HOTP code.

To resolve this, pass the file directly to hotp(), and ensure
it is removed properly regardless of success or failure to
prevent leakage.

Fixes "Invalid base32 string" error seen when attempting to
generate a new TOTP secret.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-06-24 23:29:06 -05:00
tlaurion
64c830e652
Merge branch 'master' into make-4.2.1 2019-04-22 21:53:43 -04:00
Matt DeVillier
f5355815d9 patches/coreboot: add proper IOMMU/RMRR support
These two patches add the capability for coreboot to generate
the RMRR ACPI tables needed for proper IOMMU support. These
patches allow us to use 'intel_iommu=on' vs 'iommu=pt'

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-02-12 17:09:56 -06:00
Matt DeVillier
da2d267220 patches/coreboot: add support for librem 13v4/15v4 boards
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2019-02-12 16:32:04 -06:00
Thierry Laurion
75c11481f6
Port gpg1 patch to gpg2 to force crosscompiling and output to stderr. 2019-01-29 11:16:16 -05:00
Trammell Hudson
d8a3be47af
Merge branch 'coreboot-4.8' of https://github.com/flammit/heads 2018-11-07 17:04:23 -05:00
Trammell Hudson
3f53cfe05b
Merge branch 'add_librem_key_support' of https://github.com/kylerankin/heads 2018-11-07 16:37:01 -05:00
Youness Alaoui
03a09a1e1a
Add patches to update coreboot crossgcc to v1.52
crossgcc is now using gcc 8.1.0 which will compile without issues
if your host system has gcc 8.x
This is required if we are to build on a new system (such as latest Fedora)
2018-10-27 15:05:43 -07:00
Francis Lam
0113ecc806
Update coreboot patches condition on CONFIG_MEASURED_BOOT 2018-10-27 11:02:23 -07:00
Francis Lam
8601268a1f
Remove duplicate measurements on librem components
also fix indentation issues
2018-10-27 11:02:23 -07:00
Francis Lam
dd3ae6ee06
Update patches for librem boards 2018-10-27 11:02:23 -07:00
Francis Lam
c326ff62c7
Start updating to coreboot 4.8.1
missing librem patches
2018-10-27 11:02:23 -07:00
Trammell hudson
e177de63d0
Enable verbose bootup debugging and ensure that the serial IO base port is configured 2018-09-28 06:25:00 -04:00
Trammell hudson
292a8bec81
patch for __alloca missing on ubuntu 18.04 (#352) 2018-09-18 06:33:15 -04:00
Trammell Hudson
c98bfe158f
update to 4.14.62 and use the linuxboot.efi BDS 2018-08-09 10:20:22 -04:00
Trammell Hudson
d400c4dd4d
update paths for Linux 4.14.56 (issue #423) 2018-07-17 06:48:06 -04:00
Kyle Rankin
ec3248dbc9
Shorten timeout for Librem Key
Currently the Librem Key tests will time out after 40 seconds, which
adds to the boot time significantly if the user wants to boot without
inserting it. This patch changes that timeout to one second.
2018-06-20 16:20:15 -07:00
Kyle Rankin
31cf85b707
Add Librem Key support to Heads
The Librem Key is a custom device USB-based security token Nitrokey is
producing for Purism and among other things it has custom firmware
created for use with Heads. In particular, when a board is configured
with CONFIG_LIBREMKEY, this custom firmware allows Heads to use the
sealed TOTP secret to also send an HOTP authentication to the Librem
Key. If the HOTP code is successful, the Librem Key will blink a green
LED, if unsuccessful it will blink red, thereby informing the user that
Heads has been tampered with without requiring them to use a phone to
validate the TOTP secret.

Heads will still use and show the TOTP secret, in case the user wants to
validate both codes (in case the Librem Key was lost or is no longer
trusted). It will also show the result of the HOTP verification (but not
the code itself), even though the user should trust only what the Librem
Key displays, so the user can confirm that both the device and Heads are
in sync. If HOTP is enabled, Heads will maintain a new TPM counter
separate from the Heads TPM counter that will increment each time HOTP
codes are checked.

This change also modifies the routines that update TOTP so that if
the Librem Key executables are present it will also update HOTP codes
and synchronize them with a Librem Key.
2018-06-19 12:27:27 -07:00
Francis Lam
bb0e13c24f
Add back flashrom support for KGPE-D16
Also fix up flashrom-x230.sh command only read bios area
2018-05-05 18:59:43 -07:00
Trammell hudson
8108e419fe
remove unused flashrom 0.9.9 patch and use new --ifd feature in its place (pr #370) 2018-04-30 17:16:06 -04:00
Youness Alaoui
16d9c405ac
Librem13v2: Update to 4.7-Purism-4
Fixes access to the EC through the Index I/O interface
Fixes AC and DC LoadLine values to avoid overheating problems
Fix Turbo mode value from EC
Change version name to have '-heads' suffix
2018-04-03 19:04:59 -04:00
Trammell hudson
7e0450113f
split Linux patches into separate files (issue #348) 2018-03-15 17:44:42 -04:00
Trammell hudson
3cbff7ed1e
split coreboot patch into measured boot, kgpe-16 and sandybridge patches (#358) 2018-03-15 15:41:46 -04:00
Youness Alaoui
8bf187b50a
Add patches to coreboot to support Librem 13 v2 with TPM
Add a new series of patches which add measurement support for skylake,
add IOMMU for skylake, fix TPM support, and add support for TPM for
the Librem 13v2 and Librem 15v3 hardware.
2018-03-14 16:27:25 -04:00
Trammell hudson
091ae92b6f
Merge branch 'KGPE-D16_port_NoTPM' of https://github.com/tlaurion/heads 2018-03-08 01:13:16 -05:00
Trammell hudson
d9808f6659
build the superiotool, which requires a hack on the pciutils lib/types.h file 2018-03-02 09:37:31 -05:00
Thierry Laurion
9eadb07280
Merging to osresearch master 2018-03-01 01:37:36 -05:00
Thierry Laurion
0f299fe4be
IKVM4 and alike SMB support into coreboot from here: https://review.coreboot.org/#/c/coreboot/+/19820/. Flashing scripts and flashrom patches. 2018-03-01 00:49:53 -05:00
Trammell hudson
f618f09a69
Generate a fake EBDA with kexec, removing the need for a custom xen (#227)
This modifies the segment at 0x0 so that it contains enough of a fake
Extended BIOS Data Area at addresses 0x40e and 0x413 that Xen can
correctly locate its trampoline code.

Since custom Xen is no longer required, we can remove the module,
the patches and all of the references to it in the board definition
files.
2018-02-28 10:48:35 -05:00
Trammell hudson
9f19cd9dc3
Merge branch 'smm-walkaround' of https://github.com/persmule/heads 2018-02-26 13:13:42 -05:00
Trammell hudson
8ced05de15
musl-cross has the correct URLs now (#324) 2018-02-26 11:39:27 -05:00
Francis Lam
ffa857d087
update mpc url for musl-cross patch 2018-02-24 14:45:55 -08:00
persmule
dadfbeb3b3 Changed to coreboot patch not to call prog_segment_loaded in smm. 2018-02-24 15:27:21 +08:00