Commit Graph

35 Commits

Author SHA1 Message Date
Kyle Rankin
ec2d7dfc2c
Make TPM counter label a variable
Currently the TPM counter label is hard-coded. By changing it to a
variable in this function we can reuse all of the TPM counter functions
to create other monotonic counters in the TPM (if the hardware supports
it) with custom labels.
2018-05-09 14:25:43 -07:00
Trammell hudson
8108e419fe
remove unused flashrom 0.9.9 patch and use new --ifd feature in its place (pr #370) 2018-04-30 17:16:06 -04:00
Trammell hudson
03a0e39bce
Merge branch 'skip_sig_checks' of https://github.com/kylerankin/heads 2018-04-30 16:39:20 -04:00
Francis Lam
1cbae3cc12
Preserve custom CBFS files on flashrom updates 2018-04-21 17:21:37 -07:00
Francis Lam
37feebdc76
Read and measure CBFS files into initrd during init 2018-04-20 09:29:57 -07:00
Trammell hudson
b887104035
enable setsid for job control in recovery shell (issue #382) 2018-04-10 15:39:05 -04:00
Kyle Rankin
eaaa1dad39
Fix tab alignment to conform with rest of script 2018-03-14 10:24:14 -07:00
Kyle Rankin
665754122d
Allow insecure boot mode to bypass kexec sig checks
There was a bug in the "force" boot mode where it would still fail if
signatures didn't match. This was because the check_config function
validates the signatures for kexec files. I've added a few conditionals
here so that in the case of a forced boot mode, we can bypass those
signature checks that would prevent boot and error out to a recovery
console.
2018-03-14 10:18:52 -07:00
Francis Lam
e86123769b
Moved network init to a separate bootscript
Enabled recovery serial console (tested on kgpe-d16)
Minor fix to kexec-boot to correct xen boot
Remove busybox power utils
2018-03-10 15:40:07 -08:00
Trammell hudson
6443442912
restore /etc/motd 2018-03-08 01:14:41 -05:00
Thierry Laurion
1c1a1a215d
reverting changes that were not merged from other branches 2018-03-01 01:53:37 -05:00
Thierry Laurion
9eadb07280
Merging to osresearch master 2018-03-01 01:37:36 -05:00
Trammell hudson
a84ea7b9de
Merge branch 'tpm-optional' of https://github.com/persmule/heads 2018-02-28 13:33:01 -05:00
Francis Lam
e9312e19bf
Cleanup of init to support server and desktop
Guarded linuxboot specific init entries
Removed Makefile entries into separate file (conflicts with srcing /etc/config)
Added CONFIG_BOOT_LOCAL/_REMOTE to control interface setup
Fixed CONFIG_TPM usage
2018-02-25 11:51:19 -08:00
persmule
b5072390ee
Make TPM dependency optional and controlled by flag CONFIG_TPM
if "CONFIG_TPM=y" is not present in the config file, functionalities
needing TPM could be disabled, while leaving other functionalities intact.

This will make Heads a more general-usage bootloader payload atop coreboot.
2018-02-24 14:46:33 -08:00
persmule
baa30a2026 Add OHCI and UHCI drivers to initrd.
USB smart card readers are most full speed devices, and there is no
"rate-matching hubs" beneath the root hub on older (e.g. GM45) plat-
forms, which has companion OHCI or UHCI controllers and needs cor-
responding drivers to communicate with card readers directly plugged
into the motherboard, otherwise a discrete USB hub should be inserted
between the motherboard and the reader.

This time I make inserting linux modules for OHCI and UHCI controllable
with option CONFIG_LINUX_USB_COMPANION_CONTROLLER.

A linux config for x200 is added as an example.

Tested on my x200s and elitebook revolve 810g1.
2018-02-15 22:59:22 +08:00
persmule
9bf131b601 Make TPM dependency optional and controlled by flag CONFIG_TPM
if "CONFIG_TPM=y" is not present in the config file, functionalities
needing TPM could be disabled, while leaving other functionalities intact.

This will make Heads a more general-usage bootloader payload atop coreboot.
2018-02-15 22:42:12 +08:00
Trammell hudson
15a07b3fce
enable qemu networking and ssh key login (#312) 2018-02-09 13:42:52 -05:00
Trammell hudson
23bd4107de
localhost should be defined 2018-02-09 12:05:49 -05:00
Trammell hudson
a3177acb38
fix typos in efivarfs 2018-02-08 17:25:32 -05:00
Trammell hudson
bac7576979
enable efivarfs if it is available 2018-02-08 16:49:49 -05:00
Trammell hudson
383f1f66a5
merge changes from master into nerf branch in preparation for closing nerf branch 2018-02-02 17:06:49 -05:00
Trammell hudson
a4d7654b1e
Build the Heads/NERF firmware for the Dell R630 server.
This development branch builds a NERF firmware for the Dell R630
server.  It does not use coreboot; instead it branches directly
from the vendor's PEI core into Linux and the Heads runtime
that is setup to be run as an EFI executable.
2017-09-20 10:29:14 -04:00
Francis Lam
26b2d49897
Allow TPM LUKS key to be set during default selection
Closes #222
2017-09-02 14:13:29 -04:00
Trammell Hudson
b550a7f967
rework startup scripts to combine totp prompt with boot mode selection (issue #221) 2017-07-18 13:44:02 -04:00
Francis Lam
d67360a24b
Added rollback protection to generic boot
Changed the checking of required hashes or required rollback state
to be right before boot, allowing the user to sign/set defaults
in interactive mode.

Also cleaned up usages of recovery and fixed iso parameter
regression.
2017-07-08 16:59:37 -04:00
Francis Lam
8004b5df2a
Added the ability to persist a default boot option
Similar to qubes-update, it will save then verify the hashes of
the kexec files. Once TOTP is verified, a normal boot will verify
that the file hashes and all the kexec params match and if
successful, boot directly to OS.

Also added a config option to require hash verification for
non-recovery boots, failing to recovery not met.
2017-07-04 19:49:14 -04:00
Francis Lam
efd662c63a
adds a USB boot option with basic parsing to kexec
Supports booting from USB media using either the root device or
a signed ISO as the boot device.  Boot options are parsed with
quick/dirty shell scripts to infer kexec params.

Closes #195 and begins to address #196
2017-04-29 13:40:34 -04:00
Trammell Hudson
c5c47c6b1c
common recovery shell functions (issue #161) 2017-04-12 06:48:38 -04:00
Trammell Hudson
da9bde721c
add some color 2017-04-12 06:46:24 -04:00
Trammell Hudson
b6eaa5c295
remember to add /dev to /etc/fstab 2017-04-10 17:48:20 -04:00
Trammell Hudson
4c982856a3
add /etc/fstab and /etc/mtab to initrd image 2017-04-10 12:59:24 -04:00
Trammell Hudson
d335f24292
split x230 config into 4MB bootstrap image and 7MB runtime image (issue #156) 2017-04-03 14:53:29 -04:00
Trammell Hudson
c40748aa25
Build time configuration for startup scripts and modules.
This addresses multiple issues:

* Issue #63: initrd is build fresh each time, so tracked files do not matter.
* Issue #144: build time configuration
* Issue #123: allows us to customize the startup experience
* Issue #122: manual start-xen will go away
* Issue #25: tpmtotp PCRs are updated after reading the secret
* Issue #16: insmod now meaures modules
2017-03-31 11:18:46 -04:00
Trammell Hudson
8589370708
Flash writing from userspace works (issue #17).
Reduce the size of flashrom by commenting out most flash chips,
boards and programmers.

Wrapper script to make it easier to rewrite the ROM on the x230
using the flashrom layout.

Keep the entire 12 MB ROM for flashing.
2017-03-30 17:12:22 -04:00