Commit Graph

117 Commits

Author SHA1 Message Date
shamen123
e274a2c396
remove CONFIG_GPG=y
Building make BOARD=x230-flash fails due to size. Removal of CONFIG_GPG fixes this. For further details, see https://github.com/osresearch/heads/issues/451
2019-01-10 15:06:40 +00:00
Francis Lam
a14a4fb419
qemu-coreboot: change configs to enable gui-init testing 2018-12-01 10:10:04 -08:00
Trammell Hudson
3f53cfe05b
Merge branch 'add_librem_key_support' of https://github.com/kylerankin/heads 2018-11-07 16:37:01 -05:00
Thierry Laurion
cc4976b3da
Commenting out DROPBEAR support; not fitting into 4MB image with GPG integrated. 2018-08-09 07:51:30 -04:00
Trammell Hudson
770c696117
Merge branch 'x230-flash' of https://github.com/tlaurion/heads 2018-07-18 06:50:46 -04:00
Kyle Rankin
31cf85b707
Add Librem Key support to Heads
The Librem Key is a custom device USB-based security token Nitrokey is
producing for Purism and among other things it has custom firmware
created for use with Heads. In particular, when a board is configured
with CONFIG_LIBREMKEY, this custom firmware allows Heads to use the
sealed TOTP secret to also send an HOTP authentication to the Librem
Key. If the HOTP code is successful, the Librem Key will blink a green
LED, if unsuccessful it will blink red, thereby informing the user that
Heads has been tampered with without requiring them to use a phone to
validate the TOTP secret.

Heads will still use and show the TOTP secret, in case the user wants to
validate both codes (in case the Librem Key was lost or is no longer
trusted). It will also show the result of the HOTP verification (but not
the code itself), even though the user should trust only what the Librem
Key displays, so the user can confirm that both the device and Heads are
in sync. If HOTP is enabled, Heads will maintain a new TPM counter
separate from the Heads TPM counter that will increment each time HOTP
codes are checked.

This change also modifies the routines that update TOTP so that if
the Librem Key executables are present it will also update HOTP codes
and synchronize them with a Librem Key.
2018-06-19 12:27:27 -07:00
Martin Kepplinger
4ea175838f x230: remove 4M and 8M split-images from the build
The bios regions of the 12M coreboot image is 7M: 4M and 3 of the 8M split
image. The rest of the 8M image _generated_ with fake data and not usable
on real systems! It's dangerous to create them and suggest flashing them
externally.

That's exactly why the x230-flash build target is there: To
have a self-contained 4M image and enable easy unlocking of the 8M image
using the _original_ data.

the heads-wiki project is updated accordingly.

Closes #307
Closes #302
2018-06-04 09:22:05 +02:00
Trammell hudson
33e9dda884
Merge branch 'add-boot-devices-to-qemu-coreboot' of https://github.com/paulmenzel/heads 2018-05-18 15:39:19 -04:00
Paul Menzel
2839364d43 boards/qemu-coreboot: Set /dev/sdb1 as USB boot device
QEMU’s USB device is detected as `/dev/sdb1`.
2018-05-18 18:38:29 +02:00
Paul Menzel
c5665b7882 boards/qemu-coreboot: Set boot device to /dev/sda1
QEMU emulated drive is detected as `/dev/sda1`. Set it up as the boot
device.

Use the same value as in for `qemu-linuxboot.config`.
2018-05-18 18:35:54 +02:00
Paul Menzel
1585f596d1 qemu-coreboot: Add modules libata, libahci and ahci to initrd
To be able to boot a disk image, passed to QEMU with `-hda
/path/qemu.img`, the appropriate modules are needed. Strange, `libata`
is not enough, and the drive is only detected, when the module `ahci` is
loaded.

> ata1.00: ATA-7: QEMU HARDDISK, 2.5+, max UDMA/100

Tested with QEMU emulator version 2.11.1(Debian 1:2.11+dfsg-1ubuntu7)
with the command below,

    qemu-system-x86_64 -enable-kvm -M q35 -m 1G -bios \
    qemu-coreboot/coreboot.rom -serial stdio -L /dev/shm -hda \
    /dev/shm/qemu-debian.img

where `qemu-debian.img` is created with grml-debootstrap.

    grml-debootstrap --vmfile --vmsize 3G --target \
    /dev/shm/qemu-debian.img -r sid
2018-05-12 22:53:44 +02:00
Thierry Laurion
fbcedd77dc reverting changes on x230.config 2018-05-07 16:52:54 -04:00
Thierry Laurion
3d23cadd15 x230-flash depends on independent and minimal linux-x230-flash.config. ash_history content replaced with usefull commands. Everything is there to generate keys from Yubikey/Nitrokey, export armored versions to external media and cbfs them into reproducible rom and flash resulting rom with flashrom-x230.sh. 2018-05-07 16:45:47 -04:00
Thierry Laurion
7b57db976f Merge branch 'master' of https://github.com/osresearch/heads into tlaurion/x230-fbwhiptail 2018-05-05 02:03:47 -04:00
Trammell hudson
958c26e0f5
include flashrom in the x230-flash config 2018-05-04 14:09:20 -04:00
Trammell hudson
a772b27e5d
parallel make fixes and hacks, which seem to work and reduce excessive remaking (issue #394) 2018-05-02 11:38:39 -04:00
Trammell hudson
1a04226eea
Merge branch 'librem15v3' of https://github.com/kakaroto/heads 2018-04-30 16:36:21 -04:00
Trammell hudson
cd2325781c
Merge branch 'colorized_warning_error' of https://github.com/kylerankin/heads 2018-04-30 16:31:45 -04:00
Youness Alaoui
eedf5a31a1
librem15v3: Add board and coreboot config files for Librem 15 v3 2018-04-30 16:22:22 -04:00
Francis Lam
c0f3a4bb79
Read and measure an EFI file into initrd during init 2018-04-29 19:58:44 -07:00
Thierry Laurion
1a7dff3180 FB Whiptail: coreboot FB without text support, linux with i915 support. Still flickering when Xen owns FB. 2018-04-29 13:35:24 -04:00
Kyle Rankin
22a8d6f603
Colorize warning and error messages in fbwhiptail
Since fbwhiptail allows us to customize the background colors, we should
colorize warnings and error messages to provide a user with an
additional subtle cue that there might be a problem. I have added two
additional configuration options:

CONFIG_WARNING_BG_COLOR
CONFIG_ERROR_BG_COLOR

and in the librem13v2.config file you can see an example for how to set
them to be yellow and red gradients, respectively. I've also updated the
main two scripts that use whiptail to include those background colors.

If you decide to use regular whiptail, just don't set these config
options and it should behave as expected.
2018-04-25 13:21:56 -07:00
Francis Lam
28256ca3b6 Add flashtool to all coreboot-based boards 2018-04-24 10:13:02 -04:00
Francis Lam
789c2db70d
Add flashtool to all coreboot-based boards 2018-04-21 18:29:52 -07:00
Francis Lam
37feebdc76
Read and measure CBFS files into initrd during init 2018-04-20 09:29:57 -07:00
Trammell hudson
4fe148a19b
split the x230 ROM image into 8MB and 4MB pieces (issue #375) 2018-04-18 16:41:22 -04:00
Youness Alaoui
1fc114ba42
Librem13v2: Enable IOMMU and Pass-through mode
By enabling Pass-through iommu, it fixes the GPU glitching issues
we've had with IOMMU, and it also allows us to boot a target kernel
without having to give it intel_iommu=igfx_off as argument.
2018-04-03 19:04:57 -04:00
Youness Alaoui
8ca6286ae0
Add Cairo/FBWhiptail to the build process
Enable it by default for the Librem 13 v2
2018-03-28 16:42:34 -04:00
Trammell hudson
e62362ddcc
Tioga Pass support, with the Broadcom BCM57302 2018-03-23 21:13:09 -04:00
Trammell hudson
b0fa91a6cf
very small Leopard board build 2018-03-22 17:34:58 -04:00
Trammell hudson
e7697055a3
Merge branch 'init-changes' of https://github.com/flammit/heads 2018-03-15 17:16:13 -04:00
Trammell hudson
514ec6bb29
reduce the number of tools include in a qemu-linuxboot u-root build so that it fits 2018-03-15 15:30:05 -04:00
Trammell hudson
bac09ec191
Merge branch 'nerf' of https://github.com/vejmarie/heads into vejmarie-nerf 2018-03-15 14:46:50 -04:00
Trammell hudson
6f151a287d
Merge branch 'librem13v2_blobs_config' of https://github.com/kakaroto/heads 2018-03-12 13:56:11 -04:00
Jean-Marie Verdun
87ae9072b2 Add uinit.go init script for winterfell board. This is setting up the basic
storage drivers to boot locally (ATA and NVME) and kick the RSDP
2018-03-12 14:27:43 +01:00
Jean-Marie Verdun
d6743abcc4 Refactor config directory content as to add extension capabilities for
inserting init script within generated ramfs.
Each init script are board file dependant (think kernel drivers auto insertion)
2018-03-12 10:26:23 +01:00
Francis Lam
dabb181516
Temporarily add flashrom back to x230 config
Until scripts are changed to use flashtool
2018-03-10 18:12:52 -08:00
Francis Lam
e86123769b
Moved network init to a separate bootscript
Enabled recovery serial console (tested on kgpe-d16)
Minor fix to kexec-boot to correct xen boot
Remove busybox power utils
2018-03-10 15:40:07 -08:00
Trammell hudson
54fe11a4f2
restore x230-flash configuration for a 4MB build (#340) 2018-03-08 04:33:04 -05:00
Trammell hudson
091ae92b6f
Merge branch 'KGPE-D16_port_NoTPM' of https://github.com/tlaurion/heads 2018-03-08 01:13:16 -05:00
Burke Cates
b79d518f8d x220 board and coreboot config fixes
x220 board config references correct x230 linux config path.
x220 coreboot config references proper bzImage and initrd path.
2018-03-06 00:21:19 -08:00
Thierry Laurion
77d2fc9eb4
reverted remote configuration from board config, which will be pushed by flammit 2018-03-01 02:08:24 -05:00
Thierry Laurion
1c1a1a215d
reverting changes that were not merged from other branches 2018-03-01 01:53:37 -05:00
Thierry Laurion
9eadb07280
Merging to osresearch master 2018-03-01 01:37:36 -05:00
Thierry Laurion
23ae788c6f
Board, linux and coreboot configs 2018-03-01 00:40:46 -05:00
Trammell hudson
f9a12a270a
Merge branch 'add_gui_init' of https://github.com/kylerankin/heads into kylerankin-add_gui_init 2018-02-28 15:06:06 -05:00
Trammell hudson
4f5432bb46
generate /etc/config from exported configuration variables 2018-02-28 14:57:46 -05:00
Trammell hudson
ef4576e881
Enable NVMe option for winterfell 2018-02-28 14:06:53 -05:00
Trammell hudson
a84ea7b9de
Merge branch 'tpm-optional' of https://github.com/persmule/heads 2018-02-28 13:33:01 -05:00
Trammell hudson
a4f121b838
make uroot optional 2018-02-28 11:12:02 -05:00
Trammell hudson
f618f09a69
Generate a fake EBDA with kexec, removing the need for a custom xen (#227)
This modifies the segment at 0x0 so that it contains enough of a fake
Extended BIOS Data Area at addresses 0x40e and 0x413 that Xen can
correctly locate its trampoline code.

Since custom Xen is no longer required, we can remove the module,
the patches and all of the references to it in the board definition
files.
2018-02-28 10:48:35 -05:00
Trammell hudson
2facd55e44
flashtool can write to the winterfell ROM 2018-02-28 02:46:14 -05:00
Francis Lam
e9312e19bf
Cleanup of init to support server and desktop
Guarded linuxboot specific init entries
Removed Makefile entries into separate file (conflicts with srcing /etc/config)
Added CONFIG_BOOT_LOCAL/_REMOTE to control interface setup
Fixed CONFIG_TPM usage
2018-02-25 11:51:19 -08:00
persmule
b5072390ee
Make TPM dependency optional and controlled by flag CONFIG_TPM
if "CONFIG_TPM=y" is not present in the config file, functionalities
needing TPM could be disabled, while leaving other functionalities intact.

This will make Heads a more general-usage bootloader payload atop coreboot.
2018-02-24 14:46:33 -08:00
Kyle Rankin
57405b0d28
Add menu for TOTP updates, provide sample board config to use gui-init 2018-02-21 15:58:54 -08:00
persmule
9bf131b601 Make TPM dependency optional and controlled by flag CONFIG_TPM
if "CONFIG_TPM=y" is not present in the config file, functionalities
needing TPM could be disabled, while leaving other functionalities intact.

This will make Heads a more general-usage bootloader payload atop coreboot.
2018-02-15 22:42:12 +08:00
Kyle Rankin
b6514fc333
Add board and Linux kernel config for Purism Librem 13v2 2018-02-14 11:44:18 -08:00
Trammell hudson
1459e701e3
Make the Heads runtime opt-out from the initrd.cpio. #317
Allow sub-modules like u-root to opt out of the Heads runtime,
while retaining the musl-libc built tools.
2018-02-13 17:46:48 -05:00
Trammell hudson
10c1f56b0a
Enable easy building with the NERF u-root tree #317
This adds a `CONFIG_UROOT=y` option to allow the busybox
runtime to be replaced with the go u-root runtime.
You must have go 1.9 or newer for it to work.

It has been tested on the OCP winterfell and qemu nodes,
and it can be specified on the build command line as well.

Nothing from `heads/initrd` or any of the tools will be
linked into the cpio file.  Only the kernel modules and the
go shell will be included.
2018-02-13 15:47:31 -05:00
Trammell hudson
15a07b3fce
enable qemu networking and ssh key login (#312) 2018-02-09 13:42:52 -05:00
Trammell hudson
8d7eee22d1
BOARD definitions are no longer required since the user defines BOARD 2018-02-08 14:54:25 -05:00
Trammell hudson
ee291ec95b
add AHCI and e1000e drivers, as well as flashing targets for winterfell 2018-02-07 19:05:56 -05:00
Trammell hudson
3ea842b564
add run target for starting the emulators 2018-02-07 19:05:22 -05:00
Trammell hudson
a3d3a3c813
moved boards into boards/, removed old config files 2018-02-05 16:07:00 -05:00
Trammell hudson
b50f8e847b
cleanup configuration options to all have the same CONFIG_MODULE_OPTION naming scheme 2018-02-05 15:59:26 -05:00
Trammell hudson
47a94da5ed
x230 build works on the NERF tree (#305)
Fix FAST=1 builds to actually be fast.
2018-02-05 11:56:15 -05:00
Trammell hudson
cf8509e0f5
Add LinuxBoot as a module, prep for nerf branch merge (#305)
Move board configuration into `boards/` instead of `config/`
Fix mistake in building kernel module tree before kernel was done.
Allow per-board initrd builds (#278)
Allow per-board configurations for things (#304)
2018-02-05 11:27:45 -05:00