Trammell Hudson
c76a618b1e
use our cross compiler ld (issue #166 )
2017-04-06 17:02:14 -04:00
Trammell Hudson
7c8f86bc52
lvm2 builds reproducibly again (issue #166 )
2017-04-06 16:44:48 -04:00
Trammell Hudson
2b55d8bcf8
use our cross compiler ar, not /usr/bin/ar (issue #166 )
2017-04-06 16:22:40 -04:00
Trammell Hudson
727e2fbc56
report sha256 of stages as they are built
2017-04-06 16:06:52 -04:00
Trammell Hudson
96fe3f3f09
replaced PREFIX= with DESTDIR= to make builds reproducible (issue #166 )
2017-04-06 16:01:56 -04:00
Trammell Hudson
09718fc97e
replace __FILE__ with "__FILE__" to make Xen reproducible (issue #166 )
2017-04-06 15:58:51 -04:00
Trammell Hudson
ea8a55fe5b
shell syntax, not makefile syntax (issue #131 )
2017-04-06 11:01:48 -04:00
Trammell Hudson
192e122719
scale the max load by the number of CPUs (issue #131 )
2017-04-06 10:50:43 -04:00
Trammell Hudson
830828f2a2
enable usb storage module (issue #160 )
2017-04-06 09:45:47 -04:00
Trammell Hudson
350a3564b1
move usb-storage into a kernel module (issue #160 )
2017-04-05 19:20:53 -04:00
Trammell Hudson
362785b81c
gpg uses pubring.gpg instead of trustedkeys.gpg
2017-04-05 18:43:58 -04:00
Trammell Hudson
06d2f7728b
ignore tilde files
2017-04-05 18:43:18 -04:00
Trammell Hudson
9d6c5c5da8
fix gpg tty reading from /dev/console to support yubikey (issue #32 )
2017-04-05 18:35:45 -04:00
Trammell Hudson
a2e51a599c
fix build to avoid libusb installed on host system
2017-04-05 18:07:50 -04:00
Trammell Hudson
a1efbb8e02
fix build to avoid libusb installed on host system
2017-04-05 18:06:42 -04:00
Trammell Hudson
71f6cf3315
hash update
2017-04-05 18:01:36 -04:00
Trammell Hudson
0da184fe01
Enable gpg with card support (issue #32 )
2017-04-05 17:59:49 -04:00
Trammell Hudson
cfcf6c46d5
Purism Librem 13v1 initial configuration
2017-04-05 14:13:40 -04:00
Trammell Hudson
0019d8031c
make %.rom generic
2017-04-05 14:12:44 -04:00
Trammell Hudson
5195a74422
remove initrd unpacking, since Qubes dracut /etc/cryptab can be fixed
2017-04-05 10:30:28 -04:00
Trammell Hudson
ce766bdc58
LVM patches to compile with musl
2017-04-04 09:41:50 -04:00
Trammell Hudson
39cb4031f4
TPM disk encryption keys for Qubes.
...
Issue #123 : This streamline Qubes startup experience by
making it possible to have a single-password decryption.
Issue #29 : The disk keys in `/secret.key` are passed to the systemd
in initramfs through `/etc/crypttab`, which is generated on each boot.
This is slow; need to look at alternate ways.
Issue #110 : By using LVM instead of partitions it is now
possible to find the root filesystem in a consistent way.
Issue #80 : LVM is now included in the ROM.
2017-04-03 17:18:11 -04:00
Trammell Hudson
3d79f51e4a
Build lvm command line utility (issue #80 )
...
Replace libuuid with util-linux libuuid (and libblkid,
although we are not using libblkid right now).
This also requires a much larger coreboot cbfs, which was
fixed as part of issue #154 .
2017-04-03 17:13:59 -04:00
Trammell Hudson
392599b90b
have xen output the xen executable for x230-qubes (issue #84 )
2017-04-03 17:13:07 -04:00
Trammell Hudson
4c413a1737
enable file locking for LVM
2017-04-03 17:11:12 -04:00
Trammell Hudson
cd584c4fad
remove unused platform modules
2017-04-03 17:10:22 -04:00
Trammell Hudson
3dcc3d4b49
load the xhci USB3 modules as well
2017-04-03 17:09:54 -04:00
Trammell Hudson
85a77cf5de
build xen for installation into x230-qubes ROM (issue #84 )
2017-04-03 17:09:22 -04:00
Trammell Hudson
d335f24292
split x230 config into 4MB bootstrap image and 7MB runtime image (issue #156 )
2017-04-03 14:53:29 -04:00
Trammell Hudson
e41e21084a
extend PCR 4 in a recovery to prevent disk key decryption (issue #154 )
2017-04-03 10:30:03 -04:00
Trammell Hudson
174bb64957
Move Qubes startup script to /boot/boot.sh
...
This also adds a set of files in the qubes/ directory that
are meant to be copied to the /boot partition.
Issue #154 : for ease of upgrading Qubes, the script should
live on /boot instead of in the ROM. This requires a GPG
signature on the startup script to avoid attacks by modifying
the boot script.
Issue #123 : this streamlines the boot process for Qubes, although
the disk password is still not passed in correctly to the initrd
(issue #29 ).
This does not address issues #110 of how to find the root device.
The best approach is probably disk labels, which will require
special installation instructions.
2017-04-02 22:21:49 -04:00
Trammell Hudson
4e71017bea
bump xen to 4.6.4 (issue #153 )
2017-04-02 21:45:10 -04:00
Trammell Hudson
f99944abe5
qubes init script and improved TPM disk encryption with LUKS headers (issue #123 and #6 )
2017-04-01 23:02:00 -04:00
Trammell Hudson
d06ba0a851
reset $boot_option between loops
2017-04-01 22:25:16 -04:00
Trammell Hudson
93a0d7eee2
support clean targets
2017-03-31 18:13:50 -04:00
Trammell Hudson
3225501e84
remove power related busybox tools that do not work
2017-03-31 16:00:27 -04:00
Trammell Hudson
7045d02794
move to Linux 4.9.20 (issue #149 )
2017-03-31 15:59:37 -04:00
Trammell Hudson
858b48d304
use our specific strip program to ensure reproducibility (issue #148 )
2017-03-31 15:26:41 -04:00
Trammell Hudson
8544c5fe6d
busybox 1.26.2 update (issue #148 )
2017-03-31 14:53:01 -04:00
Trammell Hudson
2db3c33866
fix IDSDIR to make pciutils reproducible (issue #147 )
2017-03-31 14:33:15 -04:00
Trammell Hudson
27e35f6ef7
cleanup initrd tmpfile and reduce recursive make calls
2017-03-31 13:28:20 -04:00
Trammell Hudson
3241499ee3
pciutils fails on first build if both install and install-lib are specified
2017-03-31 13:05:05 -04:00
Trammell Hudson
d6c553e884
typo in qemu description
2017-03-31 13:04:46 -04:00
Trammell Hudson
9322dbef2d
use default qemu config, parameterize bin_modules
2017-03-31 12:06:59 -04:00
Trammell Hudson
4141c75c8c
make kexec work with the modular build
2017-03-31 11:59:18 -04:00
Trammell Hudson
b35f8d35ae
Merge /tmp/heads
2017-03-31 11:34:11 -04:00
Trammell Hudson
43ef324ae7
Merge /tmp/heads
2017-03-31 11:30:17 -04:00
Trammell Hudson
5ae0b09eb2
do not ignore files in initrd anymore
2017-03-31 11:24:10 -04:00
Trammell Hudson
c40748aa25
Build time configuration for startup scripts and modules.
...
This addresses multiple issues:
* Issue #63 : initrd is build fresh each time, so tracked files do not matter.
* Issue #144 : build time configuration
* Issue #123 : allows us to customize the startup experience
* Issue #122 : manual start-xen will go away
* Issue #25 : tpmtotp PCRs are updated after reading the secret
* Issue #16 : insmod now meaures modules
2017-03-31 11:18:46 -04:00
Trammell Hudson
581602e5b4
not using jekyl pages on this branch
2017-03-31 09:06:04 -04:00