Commit Graph

17 Commits

Author SHA1 Message Date
Thierry Laurion
ef0b70a89a
ns50: add PR0 chipset locking requirements to board config and coreboot config
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-10-31 10:23:12 -04:00
Thierry Laurion
ebdfad3655 boards CONFIG_FLASH_OPTIONS: 'flashprog memory' -> 'flashprog' since flashprog aims to be compatible with flashrom
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-10-29 08:58:09 -04:00
Thierry Laurion
b9495130cf boards FLASH_OPTIONS: remove --noverify/--noverify-all for now
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-10-29 08:58:09 -04:00
Thierry Laurion
d9ad27f372 boards FLASH_OPTIONS: add --noverify. No point verifying flash with internal programmer?
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-10-29 08:58:09 -04:00
Thierry Laurion
9b101f1454 flash.sh: FLASHROM_OPTIONS->FLASH_OPTIONS: require FLASH_OPTIONS to specify flash program in board configs
- boards: switch flashrom->flashprog, FLASH_OPTIONS: flashprog memory --progress --programmer internal

TODO: check, Might break:
- xx20 : x220/t420/t520: used hwseq: verify compat
- legacy : not sure --ifd bios are support: verify compat (and drop, future PR drop legacy boards anyway...)
- talos: linux_mtd is used: verify compat

Tested:
- x230 works with awesome progress bar on read, erase and write.

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-10-29 08:58:09 -04:00
Thierry Laurion
3574e12be9
board configs: remove CONFIG_BOOT_DEV so detect_boot_device detects it prior of oem-factory-reset usage
repro:
sed -i '/CONFIG_BOOT_DEV/d' boards/*/*.config unmaintained_boards/*/*.config

qemu debug trace on preinstalled OS:
[    3.999725] [U] hello world
[    4.286215] DEBUG: Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config)
[    4.315239] TRACE: Under init
[    4.369379] DEBUG: Applying panic_on_oom setting to sysctl
[    4.588333] TRACE: /bin/cbfs-init(5): main
[    4.728310] TRACE: /bin/cbfs-init(24): main
[    4.867039] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/pubring.kbx
[    4.946757] TRACE: /bin/tpmr(788): main
[    5.006987] DEBUG: TPM: Extending PCR[7] with hash 7ccf4f64044946cf4e5b0efe3d959f00562227ae
[    5.068692] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/pubring.kbx
[    5.326365] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/pubring.kbx
[    5.399511] TRACE: /bin/tpmr(788): main
[    5.460618] DEBUG: TPM: Extending PCR[7] with hash 547ca343719d3aa62af4763357d8c10cb35eae55
[    5.524608] DEBUG: exec tpm extend -ix 7 -if /.gnupg/pubring.kbx
[    5.752340] TRACE: /bin/cbfs-init(24): main
[    5.908677] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/trustdb.gpg
[    5.988169] TRACE: /bin/tpmr(788): main
[    6.044996] DEBUG: TPM: Extending PCR[7] with hash 7236ea8e612c1435259a8a0f8e0a8f1f5dba7042
[    6.101604] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/trustdb.gpg
[    6.371341] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/trustdb.gpg
[    6.451878] TRACE: /bin/tpmr(788): main
[    6.511948] DEBUG: TPM: Extending PCR[7] with hash 4697c489f359b40dd8aec55df52a33b1f580a3df
[    6.572785] DEBUG: exec tpm extend -ix 7 -if /.gnupg/trustdb.gpg
[    6.879519] TRACE: /bin/key-init(6): main
[    8.239618] TRACE: Under /etc/ash_functions:combine_configs
[    8.323781] TRACE: Under /etc/ash_functions:pause_recovery
!!! Hit enter to proceed to recovery shell !!!
[    8.572855] TRACE: /bin/setconsolefont.sh(6): main
[    8.631296] DEBUG: Board does not ship setfont, not checking console font
[    8.887295] TRACE: /bin/gui-init(641): main
[    8.920627] TRACE: /etc/functions(715): detect_boot_device
[    9.251212] TRACE: /etc/functions(682): mount_possible_boot_device
[    9.312602] TRACE: /etc/functions(642): is_gpt_bios_grub
[    9.410830] TRACE: /dev/vda1 is partition 1 of vda
[    9.540007] TRACE: /etc/functions(619): find_lvm_vg_name
[    9.707187] TRACE: Try mounting /dev/vda1 as /boot
[    9.766843] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null)
[    9.825028] TRACE: /bin/gui-init(319): clean_boot_check

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-09-09 10:35:03 -04:00
Maciej Pijanowski
2cd5b0960a
modules: drop iotools
As discussed in: linuxboot#1704
there is no need to include iotools module for nitropads.

Since there is no board using it, and we see no reason to use
it in the future (the EC udpate will not require it, as update
will be server by coreboot in the future), drop the module as well.

Signed-off-by: Maciej Pijanowski <maciej.pijanowski@3mdeb.com>
2024-06-21 17:08:14 +02:00
Michał Kopeć
f6f216c5b8
Use single coreboot rev for MSI and NCM
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-10 14:50:37 -04:00
Thierry Laurion
443955e086
nv41/ns50 board config: Add note referring that those boards FB are GOP enabled just like the librem_11 for reference
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-10 14:50:31 -04:00
Michał Żygowski
8e7e18920d
modules/nitrokey-blobs,boards/nitropad: Remove obsolete blobs module
Signed-off-by: Michał Żygowski <michal.zygowski@3mdeb.com>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-10 14:39:53 -04:00
Thierry Laurion
60e0d6017f
boards: uniformize nitropad boards with qemu-coreboot boards and against each other
- Add tethering in board configs
- Add autoboot after 5 seconds if HOTP remote attestation is  successful

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-03 13:29:17 -04:00
Thierry Laurion
865a0c6a2b
WiP: Boards configuration unification between x230-hotp-maximized and nitrokey boards: enable Automatic boot when HOTP valid after 5 seconds
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2024-05-03 12:30:20 -04:00
Thierry Laurion
61843d890b
Unify upstream board config defaults
- Upstream boards will not deactivate TPM DUK
- Upstream will not force BRAND_NAME which currently defaults to Heads
- Upstream will not deactivate Qr code on screen output on HOTP sealing
- Upstream will not offer OEM reset defaults (deprecated and now default anyway)

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-12-19 13:05:46 -05:00
Thierry Laurion
d8f098cd53
All board configs: first line now BRAND_NAME=Heads to ease rebranding with sed scripts for downstream projects/forks
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-12-16 12:56:58 -05:00
Thierry Laurion
bac35e3b3e
Librems/Nitropad: enable TPM DUK under Heads branding (CONFIG_TPM_NO_LUKS_DISK_UNLOCK=n)
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-12-16 12:52:19 -05:00
Thierry Laurion
664603cf8c
Changeset based on nitrokey 2.3 release to understand what is attempted here. i915 is still under linux config on 2.3 release. coreboot is on gop, not libgfxinit. This is to open discussion.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
2023-11-20 11:17:38 -05:00
Markus Meissner
d01c3ab7c9
boards: add nitropad-nv41 + nitropad-ns50 2023-09-05 17:13:56 +02:00