Thierry Laurion
3574e12be9
board configs: remove CONFIG_BOOT_DEV so detect_boot_device detects it prior of oem-factory-reset usage
...
repro:
sed -i '/CONFIG_BOOT_DEV/d' boards/*/*.config unmaintained_boards/*/*.config
qemu debug trace on preinstalled OS:
[ 3.999725] [U] hello world
[ 4.286215] DEBUG: Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config)
[ 4.315239] TRACE: Under init
[ 4.369379] DEBUG: Applying panic_on_oom setting to sysctl
[ 4.588333] TRACE: /bin/cbfs-init(5): main
[ 4.728310] TRACE: /bin/cbfs-init(24): main
[ 4.867039] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/pubring.kbx
[ 4.946757] TRACE: /bin/tpmr(788): main
[ 5.006987] DEBUG: TPM: Extending PCR[7] with hash 7ccf4f64044946cf4e5b0efe3d959f00562227ae
[ 5.068692] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/pubring.kbx
[ 5.326365] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/pubring.kbx
[ 5.399511] TRACE: /bin/tpmr(788): main
[ 5.460618] DEBUG: TPM: Extending PCR[7] with hash 547ca343719d3aa62af4763357d8c10cb35eae55
[ 5.524608] DEBUG: exec tpm extend -ix 7 -if /.gnupg/pubring.kbx
[ 5.752340] TRACE: /bin/cbfs-init(24): main
[ 5.908677] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/trustdb.gpg
[ 5.988169] TRACE: /bin/tpmr(788): main
[ 6.044996] DEBUG: TPM: Extending PCR[7] with hash 7236ea8e612c1435259a8a0f8e0a8f1f5dba7042
[ 6.101604] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/trustdb.gpg
[ 6.371341] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/trustdb.gpg
[ 6.451878] TRACE: /bin/tpmr(788): main
[ 6.511948] DEBUG: TPM: Extending PCR[7] with hash 4697c489f359b40dd8aec55df52a33b1f580a3df
[ 6.572785] DEBUG: exec tpm extend -ix 7 -if /.gnupg/trustdb.gpg
[ 6.879519] TRACE: /bin/key-init(6): main
[ 8.239618] TRACE: Under /etc/ash_functions:combine_configs
[ 8.323781] TRACE: Under /etc/ash_functions:pause_recovery
!!! Hit enter to proceed to recovery shell !!!
[ 8.572855] TRACE: /bin/setconsolefont.sh(6): main
[ 8.631296] DEBUG: Board does not ship setfont, not checking console font
[ 8.887295] TRACE: /bin/gui-init(641): main
[ 8.920627] TRACE: /etc/functions(715): detect_boot_device
[ 9.251212] TRACE: /etc/functions(682): mount_possible_boot_device
[ 9.312602] TRACE: /etc/functions(642): is_gpt_bios_grub
[ 9.410830] TRACE: /dev/vda1 is partition 1 of vda
[ 9.540007] TRACE: /etc/functions(619): find_lvm_vg_name
[ 9.707187] TRACE: Try mounting /dev/vda1 as /boot
[ 9.766843] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null)
[ 9.825028] TRACE: /bin/gui-init(319): clean_boot_check
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-09-09 10:35:03 -04:00
Thierry Laurion
646db06eb6
boards/*/*.config: bump coreboot 4.22.01 boards config to use 24.02.01
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-07-26 15:35:56 -04:00
Maciej Pijanowski
2cd5b0960a
modules: drop iotools
...
As discussed in: linuxboot#1704
there is no need to include iotools module for nitropads.
Since there is no board using it, and we see no reason to use
it in the future (the EC udpate will not require it, as update
will be server by coreboot in the future), drop the module as well.
Signed-off-by: Maciej Pijanowski <maciej.pijanowski@3mdeb.com>
2024-06-21 17:08:14 +02:00
Thierry Laurion
60e0d6017f
boards: uniformize nitropad boards with qemu-coreboot boards and against each other
...
- Add tethering in board configs
- Add autoboot after 5 seconds if HOTP remote attestation is successful
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-03 13:29:17 -04:00
Thierry Laurion
89a0c103ae
QEMU/KVM board configs: logical reorganization of requirements for board configs. Next step is creating fbwhiptail/whiptail/tpm1/tpm2 mk files and include them in all boards
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-04-19 15:52:50 -04:00
Thierry Laurion
fb616f416a
WiP 4.22.01 fhd patch test + bump all 4.19 boards to 4.22.01
...
- patches/coreboot-4.22.01/0001-x230-fhd-variant.patch created per
- git fetch https://review.coreboot.org/coreboot refs/changes/50/28950/23 && git format-patch -1 --stdout FETCH_HEAD > ~/heads/patches/coreboot-4.22.01/0001-x230-fhd-variant.patch
- all boards configs bumped with:
- grep -Rn 4.22 boards/ | awk -F "/" {'print $2'}| while read line; do make BOARD=$line coreboot.save_in_oldconfig_format_in_place ; done
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-03-25 15:14:42 -04:00
Jonathon Hall
c8e114166c
qemu: Deduplicate Qemu targets/documentation, extract from boards
...
The 8 qemu-* targets all contained nearly-identical copies of the
targets to prepare the TPM/disk/etc. and then run Qemu. The only
significant differences were for TPM1/TPM2 (extra swtpm_setup step,
addition of --tpm2 to swtpm_setup and swtpm). ROOT_DISK_IMG used := or
= differently in some boards, := was kept.
targets/qemu.mk now defines all Qemu targets and is included only for
qemu-* boards (by defining BOARD_TARGETS in each of those boards).
The documentation was moved from qemu-coreboot-fbwhiptail-tpm1-hotp/
qemu-coreboot-fbwhiptail-tpm1-htop.md to targets/qemu.md. The other 7
qemu boards' symlinks to that file were removed.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-12-18 16:49:10 -05:00
Thierry Laurion
a3086e9a1c
Remove TODO in code that were not relevant prior of first review
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:08:19 -04:00
Thierry Laurion
56b602974b
WiP: NK3 with p256 ECC algo supported for in-memory keygen and key-to-card op. With this commit, one can provision NK3 with thumb drive backup which enables authenticated recovery shell and USB boot.
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:40 -04:00
Thierry Laurion
27c457f04b
TPM2 DUK and TOTP/HOTP reseal fix, refactoring and ifferenciating tpm_password into tpm_owner_password and reusing correctly
...
i
TODO: fix all TODO in PR prior of review + squash
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:07:27 -04:00
Thierry Laurion
1f28c71447
WiP: adapt dmesg in function of CONFIG_DEBUG_OUTPUT being enabled or not so and adapt further troubleshooting notes in code when keys cannot be accessed on media for whatever cause so user can understand what is happening when accessing GPG material on backup thumb drive
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:55 -04:00
Thierry Laurion
b1e5c638cd
WiP
...
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-01 10:06:45 -04:00
Markus Meissner
b47da0be89
boards/qemu-*: update allowed usb-token comments
2023-09-05 12:32:22 +02:00
Thierry Laurion
106a9bf543
qemu boards: change default creation size of USB_FD_IMG from 128MB to 256MB
...
Otherwise 10% of 128mb (12mb) is not enough to create a LUKS container
2023-08-28 16:24:11 -04:00
Thierry Laurion
d3ea60f69e
linux configs: adapt to use efifb driver (Intel iGPU/qemu with bochs native gfxinit)
2023-08-15 17:24:34 -04:00
Thierry Laurion
c419cf7e2b
Qemu boards: typo in comment to manually enable Basic Boot mode : (was CONFIG_BASIC_BOOT where CONFIG_BASIC expected)
2023-07-17 12:32:27 -04:00
Jonathon Hall
45245fe417
qemu-*: Show how to enable restricted/basic in board config
...
For iterating, enabling these in the board config is easiest. It's
also possible to manually inject config.user ahead of time, or enable
at runtime without flashing, but the normal enable/flash/reboot path
does not work in qemu since it is unable to flash.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-07-12 14:17:43 -04:00
Thierry Laurion
6300dd178a
Pass all coreboot 4.13 boards to 4.19
...
- Add 4.19 under modules/coreboot
- point all 4.13 boards to 4.19
- adapt x230 FHD/EDP patch under patches/coreboot-4.19/0001-x230-fhd-variant.patch (poked upstream to fix patch under https://review.coreboot.org/c/coreboot/+/28950 )
- correct versioning info under .circleci/config/yml
2023-02-27 18:07:06 -05:00
Thierry Laurion
8259d3ca1e
Add TRACE function tracing function to output on console when enabled
...
- Add TRACE function tracing output under etc/functions, depending on CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT enabled in board configs
- Replace current DEBUG to TRACE calls in code, reserving DEBUG calls for more verbose debugging later on (output of variables etc)
- add 'export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y' in qemu-coreboot(fb)whiptail-tpm1(-hotp) boards to see it in action
2023-02-20 11:44:52 -05:00
Thierry Laurion
5bc2bc88e4
All scripts and functions: Add DEBUG calling trace on console when CONFIG_DEBUG_OUTPUT is exported in board config
...
-qemu-coreboot-*whiptail-tpm1(-hotp) boards have 'export CONFIG_DEBUG_OUTPUT=y' by default now
2023-02-18 21:52:44 -05:00
Thierry Laurion
080d439758
qemu-coreboot-tpm boards: usage optimizations
...
- ROOT_DISK_IMG is now dynamic (ROOT_DISK_IMG=/path/to/existing/provisioned/disk.img can be reused across run statements)
- Addition of missing boards to cover all use cases
- All TPM1 boards rely on common config/coreboot-qemu-tpm1.config
- boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md has been generalized
- all other boards are softlinked to the above for usage
2023-01-11 15:38:30 -05:00
Thierry Laurion
afb338d5d7
qemu-coreboot-whiptail-tpm1: correction of boardname to reflect reality
2023-01-04 19:01:42 -05:00
Thierry Laurion
ce19a5fb61
Add CONFIG_BOOT_RECOVERY_SERIAL to qemu board configs to interact with host through serial
2022-11-11 15:19:37 -05:00
Jonathon Hall
2ca34803af
qemu: Add qemu-coreboot-whiptail-tpm1 configuration
...
This configuration uses a console interface instead of fbwhiptail, and
no USB token is required.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-08-24 13:04:07 -04:00