Update all Purism Librem boards except the L1UM server
to coreboot 4.15:
- update coreboot version from 4.8.1/4.13 to 4.15
- use purism_blobs module (if not already)
- update board coreboot defconfig files (Librem 13/15)
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Update hash for coreboot module, coreboot-blobs.
Adjust extra flags to address SNB/IVB build issue.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Show state of flashrom reads/writes by means of a progress bar,
as used in the Librem coreboot flashing scripts
v2: add adjustment for use with `--ifd`
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
-CircleCI addition.
-Removal of t530-flash, w530-flash boards, flash scripts and associated coreboot configs (no more legacy boards additions)
This is a merger of #1071, #1072 and #1073 so that test builds are available over CircleCI until osresearch/master CircleCI gets unlocked.
CircleCI: We currently drop coreboot 4.11 builds.
- There is a file missing in the builds. Not sure why/how this is happening
src/soc/intel/fsp_broadwell_de/romstage/romstage.c:41:10: fatal error: build.h: No such file or directory
Example:https://app.circleci.com/pipelines/github/tlaurion/heads/877/workflows/7d0248d2-459c-42ad-b741-8fd56a75d527/jobs/2487
- kgpe-d16_workstation building for all GPUs is unfortunately taking too much time to build (40 minutes).
- Not sure why, but it seems that the kernel build paralellization is not working for 4.11 while it works for 4.13
Makefile: Uncomment MAKE_JOBS which passes the number of jobs to numbers cores by default and --max-load of 16
CircleCI: Remove CPUS statement to use Makefile default
modules/newt: force build with one make job, otherwise there is a race condition in module which fails randomly expecting build modules. (TODO: FIX)
Interestingly, building all coreboot 4.13 boards is happening on a clean commit just above 1h limit.
More details:
- CircleCI changed job build time to a maximum of 1h each.
- CircleCI now permits parallelization of 30 jobs
- 6000 build minutes a month.
- Still waiting for osresearch/heads CircleCI project to be unlocked (currently not recognized as open source project?!)
Readd https://github.com/osresearch/heads/pull/984 without cache
Add kgpe-d16 musl-cross target prior of having kgpe-d16 depend on musl-cross target (To try to have musl-cross step successfull under 1h CircleCI new limit)
CircleCI: add a subcommand that can follow a target (to build musl-cross-make now and coreboot version specific musl-cross later)
Output of hashes is now optional
29/11/2021 CircleCI public information available states parallelization of up to 30 jobs at a time. Let's play
- We first build heads musl-cross-make and persist (passing musl-cross-make into next job)
- We then build per coreboot version board with coreboot make statement only and persist (passing musl-cross-make + coreboot's musl-cross buildstack)
- We then build per coreboot version board (reusing past build musl-cross-make and coreboot's version musl-cross buildstack)
Remove 4.11 boards for the moment to test only build time and parallelization
- me_cleaner downloaded from 43612a630c/me_cleaner.py
- placed under xx30 blobs dir
- CircleCI uses it locally without downloading it everytime (me_cleaner hasn<t changed since 2018)
- xx30 legacy boards (x230, x230-flash, t430, t430-flash) now rely also on coreboot 4.13
- DOWNSIDE: x230 and t430 legacy boards now rely on WHIPTAIL (NOT FBWhiptail) to have enough space to fit under 7mb)
- xx20 boards moved to 4.13 (no need of xx20-flash boards here since single SPI boards with 7.5mb useable since blobs scripts are required)
- DOWNSIDE: all xx20 boards now have dropbear deactivated, while still having ethernet driver in.
- qemu-coreboot and qemu-coreboot-fbwhiptail switched to coreboot 4.13 WITHOUT TPM SUPPORT (with cryptsetup 2.x support)
- DOWNSIDE:
- coreboot-qemu board CBFS_SIZE=0x700000 -> 0x750000
- coreboot-qemu-fbwhiptail CBFS_SIZE=0x750000 -> 0x780000
- CircleCi build recipe removes 4.8.1 boards altogether
- KGPE-D16 workstation is used as new base build to save workspace layer (we removed one workspace layer)
- Removing one workspace layer will save approx 2 hours of build time on fresh builds
- Removing one coreboot version will save us approx 2 hours of build time on fresh builds
- KGPE-D16 will stay to coreboot 4.11 until forward notice.
- All other board configs SHOULD be built on latest coreboot versions
- all: coreboot NO_POST for all boards
- all: coreboot NO_GFX_INIT (linux payload does the graphic init)
- all: coreboot TPM_MEASURED_BOOT (no more patches under Heads for measured boot)
- all: coreboot DRIVERS_PS2_KEYBOARD (fixes no keyboard on soft reboot and potentially xx30t xx20t fix for random raw keyboard (to be tested)
- all: coreboot removal of DEFAULT_CONSOLE_LOGLEVEL_5 under some boards
- all: coreboot removal of "loglevel=3" under some linux command line options booting Heads kernel
- all: coreboot removal of DEBUG_SMM_RELOCATION (unneeded)
- all: coreboot INCLUDE_CONFIG_FILE and COLLECT_TIMESTAMPS for all boards
- all: coreboot CONSOLE_SERIAL present on all boards
- all: coreboot add VBT
- all: board configs switch to cryptsetup2
xx20 hotp-maximized boards:
- removal of dropbear (not enough space to have htop + dropbear)
txx0 boards coreboot:
- USE_OPTION_TABLE and STATIC_OPTION_TABLE added (todo: check T430 boards optimization and find issue/PR and ammend this commit)
When files in /boot fail hash verification, the list of files
can sometimes overflow the whiptail msgbox, preventing the
prompt and buttons to update checksums from showing. To mitigate
this, if # of files is > 10, use less to show the file list and
present a separate prompt to update the checksums once the file
list has been viewed.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
- Fixed inversed HEIGHT and WIDTH usage
- Fixed height to 30 and width to 90 as everywhere else
This was causing a blank screen when whiptail without framebuffer (fbwhiptail) was used.
Actually, it seems like the width and height under whiptail calls are only taken into consideration under NEWT, not FBWHIPTAIL.
Some devices, like older Librem laptops, use BAT vs BAT0 for the
primary battery. Accomodate this by using BAT* instead of BAT0.
Could break on multi-battery devices, but none supported in tree
currently so more of a theoretical problem.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
copy/paste error resulted in user-entered comment never
being set/checked/used, and email address being overwritten.
Fix variable usage so comment and email are set correctly.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Patches for the Librem Mini (v1/v2) and Librem 14 upstreamed
post-4.14. Fixes some issues with acoustic noise and headphone
jack detection.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
Grepping on just 'Disk' can lead to disk UUID identifier strings
being added to /tmp/disklist, which then fail to parse later on.
Avoid this by grepping on 'Disk /dev' instead.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
After updating/flashing a new ROM, a new TOTP secret must be generated,
but the $TOTP variable needs to be updated afterwards, otherwise it
will show the previous failure which led to the new secret being
created.
Fix this by re-calling update_totp() after generating a new secret
or resetting the TPM.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
If user selects to manually update the TOTP via the menu,
we should do it regardless of elapsed time from previous
check. Otherwise, HOTP will be checked regardless of validity
of TOTP.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
