Commit Graph

408 Commits

Author SHA1 Message Date
Trammell Hudson
174bb64957
Move Qubes startup script to /boot/boot.sh
This also adds a set of files in the qubes/ directory that
are meant to be copied to the /boot partition.

Issue #154: for ease of upgrading Qubes, the script should
live on /boot instead of in the ROM.  This requires a GPG
signature on the startup script to avoid attacks by modifying
the boot script.

Issue #123: this streamlines the boot process for Qubes, although
the disk password is still not passed in correctly to the initrd
(issue #29).

This does not address issues #110 of how to find the root device.
The best approach is probably disk labels, which will require
special installation instructions.
2017-04-02 22:21:49 -04:00
Trammell Hudson
4e71017bea
bump xen to 4.6.4 (issue #153) 2017-04-02 21:45:10 -04:00
Trammell Hudson
f99944abe5
qubes init script and improved TPM disk encryption with LUKS headers (issue #123 and #6) 2017-04-01 23:02:00 -04:00
Trammell Hudson
d06ba0a851
reset $boot_option between loops 2017-04-01 22:25:16 -04:00
Trammell Hudson
93a0d7eee2
support clean targets 2017-03-31 18:13:50 -04:00
Trammell Hudson
3225501e84
remove power related busybox tools that do not work 2017-03-31 16:00:27 -04:00
Trammell Hudson
7045d02794
move to Linux 4.9.20 (issue #149) 2017-03-31 15:59:37 -04:00
Trammell Hudson
858b48d304
use our specific strip program to ensure reproducibility (issue #148) 2017-03-31 15:26:41 -04:00
Trammell Hudson
8544c5fe6d
busybox 1.26.2 update (issue #148) 2017-03-31 14:53:01 -04:00
Trammell Hudson
2db3c33866
fix IDSDIR to make pciutils reproducible (issue #147) 2017-03-31 14:33:15 -04:00
Trammell Hudson
27e35f6ef7
cleanup initrd tmpfile and reduce recursive make calls 2017-03-31 13:28:20 -04:00
Trammell Hudson
3241499ee3
pciutils fails on first build if both install and install-lib are specified 2017-03-31 13:05:05 -04:00
Trammell Hudson
d6c553e884
typo in qemu description 2017-03-31 13:04:46 -04:00
Trammell Hudson
9322dbef2d
use default qemu config, parameterize bin_modules 2017-03-31 12:06:59 -04:00
Trammell Hudson
4141c75c8c
make kexec work with the modular build 2017-03-31 11:59:18 -04:00
Trammell Hudson
b35f8d35ae
Merge /tmp/heads 2017-03-31 11:34:11 -04:00
Trammell Hudson
43ef324ae7 Merge /tmp/heads 2017-03-31 11:30:17 -04:00
Trammell Hudson
5ae0b09eb2
do not ignore files in initrd anymore 2017-03-31 11:24:10 -04:00
Trammell Hudson
c40748aa25
Build time configuration for startup scripts and modules.
This addresses multiple issues:

* Issue #63: initrd is build fresh each time, so tracked files do not matter.
* Issue #144: build time configuration
* Issue #123: allows us to customize the startup experience
* Issue #122: manual start-xen will go away
* Issue #25: tpmtotp PCRs are updated after reading the secret
* Issue #16: insmod now meaures modules
2017-03-31 11:18:46 -04:00
Trammell Hudson
581602e5b4
not using jekyl pages on this branch 2017-03-31 09:06:04 -04:00
Trammell Hudson
36021e006b Rebuild sub-modules on each build (issue #143).
The .INTERMEDIATE target seemed to causing the problem with
make thinking it didn't have to descend into the sub-module
directories.  Removing it allows it to work correctly.
2017-03-31 09:05:08 -04:00
Trammell Hudson
d8ab8ecfe8
Rebuild sub-modules on each build (issue #143).
The .INTERMEDIATE target seemed to causing the problem with
make thinking it didn't have to descend into the sub-module
directories.  Removing it allows it to work correctly.
2017-03-30 18:39:18 -04:00
Trammell Hudson
8343130e9a
Merge branch 'moc' - kernel modules, flashrom and other enhancements. 2017-03-30 17:32:47 -04:00
Trammell Hudson
cfd549097f
disable dhcp, since there are no networking modules loaded 2017-03-30 17:21:22 -04:00
Trammell Hudson
8589370708
Flash writing from userspace works (issue #17).
Reduce the size of flashrom by commenting out most flash chips,
boards and programmers.

Wrapper script to make it easier to rewrite the ROM on the x230
using the flashrom layout.

Keep the entire 12 MB ROM for flashing.
2017-03-30 17:12:22 -04:00
Trammell Hudson
9feb094701
enable flashrom and pciutils to allow the boot ROM to be re-written (issue #17) 2017-03-30 14:35:30 -04:00
Trammell Hudson
9666f52e44
bioswrite tool (beta, untested!) 2017-03-30 11:59:55 -04:00
Trammell Hudson
bf94e4c416
include a nearly empty, but consistent, cpio file to ensure reproducible Linux builds (issue #142) 2017-03-30 10:16:13 -04:00
Trammell Hudson
40c9db0416
wait until the coreboot tree is unpacked before building xgcc 2017-03-29 18:00:54 -04:00
Trammell Hudson
4901ccd89c
major rearranging of Makefile, bin, library and busybox installation 2017-03-29 16:58:45 -04:00
Trammell Hudson
8f63763e53
install symlinks directly into initrd 2017-03-29 16:49:07 -04:00
Trammell Hudson
ab0476ad2f
Remove populate-lib, rework libraries and kernel module installation.
The populate-lib program was buggy on some systems and could accidentally
introduce unwanted libraries into the initrd.  The Makefile now uses the
modules' $(module_libraries) variable to select which libraries should be
installed into the initrd.

Kernel modules are now stripped and installed using a similar system.
2017-03-29 15:15:03 -04:00
Trammell Hudson
fbfe565064 Merge branch 'moc' of https://github.com/osresearch/heads into moc 2017-03-29 13:53:28 -04:00
Trammell Hudson
cab9e7c39f
ignore install and crossgcc directories 2017-03-28 17:20:02 -04:00
Trammell Hudson
555e173822
silence NMI errors on qemu (issue #141) 2017-03-28 17:19:53 -04:00
Trammell Hudson
59bae0bf51
make USB a module, strip debug info (issue #139) 2017-03-28 17:08:28 -04:00
Trammell Hudson
453029bde1
ignore install and crossgcc directories 2017-03-28 17:08:22 -04:00
Trammell Hudson
0913adbacb
silence NMI errors on qemu (issue #141) 2017-03-28 17:07:56 -04:00
Trammell Hudson
713d4867fd
Change ethernet drivers to be modules and measure them when they are loaded.
This is a step towards unifying the server and laptop config (issue #139)
and also makes it possible to later remove the USB modules from the
normal boot path.
2017-03-28 17:07:26 -04:00
Trammell Hudson
418ceaf733
make USB a module, strip debug info (issue #139) 2017-03-28 17:05:04 -04:00
Trammell Hudson
6f3e923a37
ignore install and crossgcc directories 2017-03-28 16:36:37 -04:00
Trammell Hudson
581af6dbd9
silence NMI errors on qemu (issue #141) 2017-03-28 16:35:58 -04:00
Trammell Hudson
8384201e9c
Change ethernet drivers to be modules and measure them when they are loaded.
This is a step towards unifying the server and laptop config (issue #139)
and also makes it possible to later remove the USB modules from the
normal boot path.
2017-03-28 16:32:58 -04:00
Trammell Hudson
664c0ebc24
initrd.cpio.tmp is no longer necessary 2017-03-28 12:05:45 -04:00
Trammell Hudson
7cb6ddd0dc
ignore log files 2017-03-28 12:05:33 -04:00
Trammell Hudson
1475148848
enable TCP SYN cookies (issue #138) 2017-03-28 11:46:17 -04:00
Trammell Hudson
e83ba0a0c7
enable futex for keylime 2017-03-27 18:52:31 -04:00
Trammell Hudson
c3757650fd
wget and measure files into the PCR 2017-03-27 18:03:29 -04:00
Trammell Hudson
b0d2d4b5ba
run dhcp automatically on boot 2017-03-27 18:03:09 -04:00
Trammell Hudson
291e28b040
initrd.cpio.tmp is no longer necessary 2017-03-27 18:02:27 -04:00