Commit Graph

1165 Commits

Author SHA1 Message Date
tlaurion
577fd806d7
Merge pull request #722 from tlaurion/x230-hotp-verification
board: x230-hotp-verification (includes libremkey-hotp-verification)
2020-05-22 13:34:16 -04:00
Szczepan Zalega
2d50e01071
Make hotp-verification hashes same across two CIs
Move from CMake build system to GNU Make for hotp-verification
Change version to one supporting Makefile build

Fixes https://github.com/osresearch/heads/pull/724
Connected:
- https://github.com/Nitrokey/nitrokey-hotp-verification/issues/13
- https://github.com/osresearch/heads/pull/722
2020-05-22 15:17:04 +02:00
Thierry Laurion
d5083f410c
x230-hotp-verification: Add x230-hotp-verification board to have a HOTP supported remote attestation for Nitrokey Pro 2, Nitrokey Storage 2 and Librem Key 2020-05-21 18:06:19 -04:00
Thierry Laurion
241b0bc680
upgrade gpg toolstack to latest versions
- Remove unrecognized configure options
- fixes gawk issue #668 by upgrading to libgpg-error 1.37 instead of patching 1.32 for regex change (fixed upstream)
- move patches so they match new versions for libassuan, gpg and libgcrypt (no change)

Version change:
- gpg 2.2.10 -> 2.2.20
- libassuan 2.5.1 -> 2.5.3
- libgcrypt 1.8.3 -> 1.8.5
- libgpg-error 1.32 -> 1.37

Size changes:
- gpg 			886.5 -> 911.3 kB
- gpg-agent:		371.9 -> 376.0 kB
- scdaemon:		399.5 -> 407.8 kB
- libgpg-error.so.0	125.9 -> 130.0 kB

Unrecognized options on gpg2 toolstack:
- disable-nls and disable-asm disable-keyserver-helpers disable-hkp disable-finger disable-dns-srv disable-dns-cert and disable-wks-server
2020-05-20 13:19:51 -04:00
tlaurion
fa35b3c557
Merge pull request #715 from tlaurion/circle_ci_based_on_debian_bullseye_with_x230-flash_and_reproducibility_troubleshooting_helpers
CIs: pass CircleCI to debian:bullseye docker image
2020-05-15 19:20:04 -04:00
tlaurion
2ee51d864c
Merge pull request #656 from fibreblazer/master
T430 Support
2020-05-15 19:19:00 -04:00
tlaurion
762e59eac3
Merge pull request #693 from SebastianMcMillan/patch-4
Fix X220 and T420 CBFS sizes
2020-05-15 19:16:52 -04:00
flawedworld
23735d729a Add T430 board support
Co-authored-by: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com>
Co-authored-by: Andrew Montoya <halossqwerty@gmail.com>
2020-05-15 18:52:11 +01:00
flawedworld
5a033fa80d T430 TPM Backport 2020-05-15 18:51:49 +01:00
tlaurion
950acf9355
Merge pull request #708 from tlaurion/qemu-coreboot-fbwhiptail_board
qemu-coreboot-fbwhiptail board addition
2020-05-14 23:07:07 -04:00
Thierry Laurion
29e28005ab
qemu-coreboot-fbwhiptail: removing of unneeded comments 2020-05-11 13:57:08 -04:00
Thierry Laurion
31a103fdae
Working config to do make BOARD=qemu-coreboot-fbwhiptail and then make BOARD=qemu-coreboot-fbwhiptail run 2020-05-11 13:56:40 -04:00
tlaurion
df89d16f7c
Merge pull request #707 from tlaurion/useful_qemu-coreboot_board
qemu-coreboot: finally a useable debug/test board
2020-05-04 17:07:30 -04:00
Thierry Laurion
040e358b2d
CIs: pass CircleCI to debian:bullseye docker image, provide logs.tar.gz and cpios to facilitate debugging of reproducibility issues 2020-05-04 14:55:36 -04:00
Matt DeVillier
8d6f47fb4d
mount-usb: suppress error output from calls to stat
If no USB storage devices inserted, stat will output
unnecessary error text to console

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-05-04 11:41:21 -05:00
Matt DeVillier
a2d50a10f7
mount-usb: replace fixed timeout with drive detection
Rather than wait a fixed 5s for the usb storage kernel modules
to load, and the user to insert a drive, check for new USB drives
inserted every 1s with a 5s timeout.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-05-04 11:41:20 -05:00
tlaurion
59b65d1069
Merge pull request #713 from tlaurion/acpica-unix2_revert_url_change
coreboot patch: revert acpica-unix2 url change
2020-05-03 23:42:38 -04:00
Thierry Laurion
15e19d0594
coreboot patch: remove acpica-unix2-20180531.tar.gz url change fix since acpica.org is now functional again while crux.ster.zone is not... 2020-05-03 23:39:15 -04:00
tlaurion
00a1a2bef6
Merge pull request #679 from MrChromebox/flashrom_1.2
modules/flashrom: update to v1.2 release
2020-05-01 17:55:43 -04:00
Thierry Laurion
ba68c723bf
qemu-coreboot: Now useful to debug something through make BOARD=qemu-coreboot. TODO: map a virtual TPM instance and USB passthrough. Thanks to @orangecms for the tip 2020-04-22 23:02:46 -04:00
Thierry Laurion
01dabe19e7
network-init-recovery: do DHCP, then ask NTP from DNS server before attempting sync on internet 2020-04-22 15:00:48 -04:00
Matt DeVillier
b29447ef8f
modules/flashrom: update to v1.2 release
- Update flashrom module to v1.2.
- Drop Thinkpad x220 patch as it's now properly supported.
- Drop 'laptop=force_I_want_a_brick' from board FLASHROM_OPTIONS
  since it's no longer needed.
- Migrate kgpe-d16 patch.

The kgpe-d16 patch needed a complete overhaul when rebased against
flashrom v1.2, and needs close inspection/testing as a result.
The following changes were made from the previous patch:

- dropped addition of 4-byte addressing (4BA), since now supported
- dropped addtiion of Macronix MX25L256 and MX66L512 chips,
  since now supported
- added 4BA erase commands for Winbond W25Q256 chip
- dropped code to show progress indicator, since another PR already adds that

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-04-20 17:34:08 -05:00
alex-nitrokey
a16b97b6ea
Add more input validation
Based on tlaurion's work done here
ff148e4daf/initrd/bin/factory-reset-libremkey.sh (L53)
2020-03-26 15:05:51 +01:00
tlaurion
83c22f3e4a
Merge pull request #696 from tlaurion/acpica-unix2_fix
coreboot-4.8.1 : fix acpica-unix2 download
2020-03-17 09:18:58 -04:00
Thierry Laurion
58cb8df266
coreboot-4.8.1: acpica-unix2 cannot be downloaded per www.acpica.org since cert is signed by Intel which cert authority is unknown from older build systems... Cert was renewed March 10 2020. URL changed to crux.ster.zone 2020-03-15 18:45:33 -04:00
Sebastian McMillan
cc2eb8f207
Update coreboot-t420.config 2020-03-09 15:59:00 -05:00
Sebastian McMillan
b1471d945a
Update coreboot-x220.config
Add some room in the CBFS to actually save GPG keys, as well as have room to add libremkey support.
2020-03-09 15:53:19 -05:00
tlaurion
f62364ffa2
Update README.md
- Add basic board building
- Remove xen as Heads dependency
- change musl-cross in text to musl-cross-make to reflect new building tools reality
2020-03-09 14:21:46 -04:00
tlaurion
ad84c38aed
Merge pull request #685 from MrChromebox/fix_iso_boot
Eliminate use of CONFIG_USB_BOOT_DEV
2020-03-04 22:55:46 -05:00
Gabe Gałązka
801bbed601
Update coreboot-x230.config 2020-02-23 18:51:42 +00:00
tlaurion
f42b338de9
Merge pull request #478 from flammit/coreboot-kgpe-d16
Fix coreboot build for kgpe-d16
2020-02-22 14:17:07 -05:00
Matt DeVillier
1bd93d6679
Eliminate use of CONFIG_USB_BOOT_DEV
mount-usb switched to dynamic USB device detection a while back,
so eliminate instances of CONFIG_BOOT_USB_DEV, and derive the
mounted USB device from /etc/mtab in the one place where it's
actually needed (usb-scan). Clean up areas around calls to
mount-usb for clarity/readability.

Addresses issue #673

Test: Build Librem 13v4, boot ISO file on USB

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-19 22:32:08 -06:00
tlaurion
508034b4d9
Merge pull request #680 from MrChromebox/libremkey_hotp_reproducible
modules/libremkey-hotp-verification: make reproducible
2020-02-19 22:49:18 -05:00
tlaurion
65e718b6de
Merge pull request #684 from SebastianMcMillan/patch-2
T420: Fix screen garble
2020-02-19 21:27:30 -05:00
Sebastian McMillan
3165ba60f6
Update coreboot-t420.config
Fix Screen Garble
2020-02-19 19:03:31 -06:00
tlaurion
76ac9d2259
Merge pull request #683 from MrChromebox/oem-reset-fix
oem-factory-reset: fix GPG key backup filename
2020-02-19 18:04:21 -05:00
tlaurion
e5c7f7397f
Merge pull request #682 from MrChromebox/clean_boot_detect_fix
gui-init: fix checking librem key card-status
2020-02-19 17:57:46 -05:00
Matt DeVillier
83a67d2798
oem-factory-reset: fix GPG key backup filename
fix $GPG_GEN_KEY getting clobbered when using a custom password

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-19 16:47:51 -06:00
tlaurion
c684d6b37c
Merge pull request #681 from tlaurion/flash_sh-config_export_fix
Flash.sh cleanup: Fix FLASHROM_OPTIONS -> CONFIG_FLASHROM_OPTIONS
2020-02-19 17:44:10 -05:00
Matt DeVillier
30b098bfac
gui-init: fix checking librem key card-status
Commit 6b5adcca moved the call to enable_usb from gui-init
to init and guarded it with CONFIG_USB_KEYBOARD, but it was
missed that this is needed for the clean boot check logic
when a librem key is used. Add the call back to gui-init
and guard it properly

Test: clean_boot_detect works properly on a librem 13v4

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-19 16:31:39 -06:00
Thierry Laurion
62f180d098
Flash.sh cleanup: Fix FLASHROM_OPTIONS -> CONFIG_FLASHROM_OPTIONS to be exported by Makefile 2020-02-19 17:18:01 -05:00
Matt DeVillier
28fedf9a7e
modules/libremkey-hotp-verification: make reproducible
Modeled after modules/tpmtotp, use a specific git commit hash for
module libremkey-hotp-verification. Add hidapi as a submodule with
dummy/placeholder in modules (like coreboot-blobs), also specified
by git commit hash. Adjust libremkey-hotp-verification patch file
name so patch applied properly.

Addresses issue #640

Test: build Librem 13v4

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-19 13:37:41 -06:00
tlaurion
8e23a54f28
Merge pull request #677 from MrChromebox/usb_keyboard
init: load usb modules for devices using USB keyboard
gui-init: remove enable_usb to fix generic Heads users who wanted to release LUKS disk encryption key from TPM if measurements were valid (fix regression)
2020-02-19 12:54:26 -05:00
Sebastian McMillan
21faf524b9
T420 initial support + X220 FBWhiptail Support (#578)
* Add support for the Lenovo ThinkPad T420 and X220.
* Fix the autodetection of ifdtool and me_cleaner.
* Enable FBWhiptail mode for X220 and T420
* Decreased CBFS size to fix 50 seconds boot delay problems
2020-02-19 12:51:03 -05:00
Matt DeVillier
6b5adcca6f
init: load usb modules for devices using USB keyboard
Some (out of tree) servers require use of a USB keyboard, and need
the USB kernel modules loaded prior to checking for keypress to enter
a recovery console. Since loading the modules affects the value in PRC5
and can cause issues putting a LUKS key in TPM, guard the loading of the
USB modules with CONFIG_USB_KEYBOARD and remove the unguarded call from
gui-init.

This should resolve issues #603 and #674.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-02-19 11:40:34 -06:00
Sebastian McMillan
f0d85ba2d7
Flash.sh cleanup : flashrom specifics now in board configs (#592)
Flash.sh cleanup : flashrom specifics now in board configs (#592)
2020-02-19 12:04:56 -05:00
Gabe Gałązka
e341f40cc4
Update coreboot-x230.config 2020-02-03 22:09:42 +00:00
Gabe Gałązka
6c85d7a61e
Add ability to change CMOS values for X230
Add ability to change CMOS values by genning SMBIOS tables and using the values from stock bios, this allows for editing of SMBIOS values to change things such as VRAM allocation, FN and CTRL key swap etc
2020-02-01 17:43:35 +00:00
Kyle Rankin
bcf522cb2e
Merge pull request #666 from MrChromebox/flash_gui-fixup
flash-gui: set unset variable USB_FAILED
2020-01-29 12:00:55 -08:00
Matt DeVillier
132dcb2344
flash-gui: set unset variable USB_FAILED
Not setting USB_FAILED when call to mount-usb succeeds results
in a spurious 'sh: 0 unknown operand' error printed to console.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-01-29 13:58:29 -06:00