Cloudfare patches to speed up LUKS encryption were upstreamed into linux kernel and backported to 5.10.9: https://github.com/cloudflare/linux/issues/1#issuecomment-763085915
Therefore, we bump to latest of 5.10.x (bump from 5.10.5 which doesn't contain the fixes)
Trace:
sed -i 's/5.10.5/5.10.214/g' boards/*/*.config
find ./boards/*/*.config | awk -F "/" {'print $3'}| while read board; do echo "make BOARD=$board linux"; make BOARD=$board linux; echo make BOARD=$board linux.save_in_oldconfig_format_in_place || make BOARD=$board linux.modify_and_save_oldconfig_in_place; done
git status | grep modified | awk -F ":" {'print $2'}| xargs git add
git commit --signoff
- Move patches from 5.10.5 -> 5.10.214
- Add linux kernel hash and version under modules/linux
- Change board configs accordingly
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
- CircleCI: add build based on coreboot 24.02.01 release (might be old but unclear to my eyes now)
- Add board non-HOTP board config as a start, reuse x230 linux config
- Add coreboot config modified ans saved theourh coreboot Makefile file helper
Next steps
- Create blobs extraction scripts automating https://docs.dasharo.com/variants/dell_optiplex/initial-deployment/#firmware-preparation
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
a9e6dfe8 ("config/coreboot-*: Turn off WIFI support in coreboot. If
regression, will turn on case by case") broke builds for Librem 11.
CONFIG_DRIVER_WIFI_GENERIC is required for Librem 11 as it describes
its built-in Wi-Fi card in the device tree.
The CONFIG_DRIVER_INTEL_WIFI driver does not actually seem to be
needed directly, but this is the only way to bring in the generic
driver, which is not selectable itself.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Enabling CONFIG_DRIVERS_INTEL_WIFI=y in turn enables CONFIG_DRIVERS_WIFI_GENERIC=y which is needed.
Bugfix, pushed on master without review: this is regression preventing master to report succcess for last master commit.
nv41:
CC generated/ramstage.o
/home/user/heads/build/x86/coreboot-dasharo/util/crossgcc/xgcc/bin/i386-elf-ld.bfd: nitropad-nv41/romstage/soc/intel/alderlake/romstage/fsp_params.o: in function `fill_fspm_misc_params':
/home/user/heads/build/x86/coreboot-dasharo/src/soc/intel/alderlake/romstage/fsp_params.c:235: undefined reference to `wifi_generic_cnvi_ddr_rfim_enabled'
make[1]: *** [src/arch/x86/Makefile.inc:196: nitropad-nv41/cbfs/fallback/romstage.debug] Error 1
ns50:
CC generated/ramstage.o
/home/user/heads/build/x86/coreboot-dasharo/util/crossgcc/xgcc/bin/i386-elf-ld.bfd: nitropad-ns50/romstage/soc/intel/alderlake/romstage/fsp_params.o: in function `fill_fspm_misc_params':
/home/user/heads/build/x86/coreboot-dasharo/src/soc/intel/alderlake/romstage/fsp_params.c:235: undefined reference to `wifi_generic_cnvi_ddr_rfim_enabled'
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
sed -i '$a CONFIG_USBDEBUG=n' config/coreboot-*.config
grep -R CONFIG_COREBOOT_VERSION boards/ | awk -F "/" {'print $2'} | while read board; do if ! sudo make BOARD=$board coreboot.save_in_oldconfig_format_in_place > /dev/null 2>&1; then echo $board failed;fi; done
Note:
Boards that are unmaintained accumulates settings addition per the sed call.
Why deactivate:
- Well, this is equivalent of cbmem -c which gives way too much information from attacker.
TODO: add an helper later on so that builds aimed at testing coreboot version bump pass to release mode or something.
As of this commit, we accept that bricks might happen and that troubleshooting will be made in a case basis?!
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This is needed so that ACPI tables are generated from coreboot for final OS to not apply quirks to support wifi cards
TODO: bluethooth not activated here, maybe we should.
sed -i '/# CONFIG_DRIVERS_INTEL_WIFI is not set/d' config/coreboot-*.config
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Update Purism coreboot to 24.02.01-Purism-1.
Remove CFLAGS overrides when building coreboot. These overrides break
24.02.01, which added (and needs) --param=min-pagesize=1024. This has
happened repeatedly in the past since Heads has to duplicate coreboot's
CFLAGS if it overrides them.
Specifically, the build fails with this error:
src/commonlib/include/commonlib/endian.h:27:26: error: array subscript 1 is outside array bounds of 'void[0]' [-Werror=array-bounds=]
27 | *(uint8_t *)dest = val;
| ~~~~~~~~~~~~~~~~~^~~~~
In function 'setup_default_ebda':
cc1: note: source object is likely at address zero
That's because coreboot is attempting to write to EBDA at physical
address 0x40e, just above 1024. That is a valid address for x86, but
it's too close to 0 by default for GCC, --param-min-pagesize=1024
allows writes to physical addresses above 1024.
coreboot shouldn't need any of the usual Heads CFLAGS overrides for
reproducibility; it is already reproducible.
Fix indentation in modules/coreboot. Make accepted it before because
the indented lines followed a variable assignment, so they couldn't
be part of a recipe. That assignment is now gone, so they're now
interprted as part of a recipe for the `.configured` target just above,
they should not be indented.
Add nss to flake.nix, needed as of 24.02.01.
Update Librem coreboot configs for 24.02.01-Purism-1. Notably, the
board Kconfig changed for Mini v2 in coreboot, so this is needed for
correct builds.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
intel_iommu=igfx_off is needed on the Heads kernel command line for
memtest86+ to work. Without this parameter, the screen blanks when
memtest86+ starts testing.
This is unique to Librem 11, probably because it is the only device
using FSP GOP for graphics init in coreboot. (libgfxinit does not yet
support Jasper Lake.)
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
removes a comment:
-# CONFIG_DASHARO_FIRMWARE_UPDATE_MODE is not set
- Unify ns50/nv41
- CONFIG_TPM_PIRQ=0x27 in both nv41/ns50 as per https://github.com/linuxboot/heads/pull/1662#issuecomment-2100820944
NOTE that this doesn't stick when calling
make[1]: Leaving directory '/home/user/heads/build/x86/coreboot-dasharo'
user@heads-tests-deb12:~/heads$ git diff
diff --git a/config/coreboot-nitropad-nv41.config b/config/coreboot-nitropad-nv41.config
index 9484aaf5122..ddd4e5d7c56 100644
--- a/config/coreboot-nitropad-nv41.config
+++ b/config/coreboot-nitropad-nv41.config
@@ -143,7 +143,7 @@ CONFIG_BOARD_CLEVO_NV40PZ_BASE=y
CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="Nitropad NV41"
CONFIG_CONSOLE_POST=y
# CONFIG_USE_PM_ACPI_TIMER is not set
-CONFIG_TPM_PIRQ=0x27
+CONFIG_TPM_PIRQ=0x0
# CONFIG_SOC_INTEL_CSE_SEND_EOP_EARLY is not set
CONFIG_VBOOT_FWID_VERSION="$(CONFIG_LOCALVERSION)"
CONFIG_EC_SYSTEM76_EC_BAT_THRESHOLDS=y
Also note that CONFIG_EC_SYSTEM76_EC_DGPU=y is not present on ns50 as opposed to nv41, whatever that does.
user@heads-tests-deb12:~/heads$ diff -u config/coreboot-nitropad-nv41.config config/coreboot-nitropad-ns50.config
--- config/coreboot-nitropad-nv41.config 2024-05-10 14:59:42.156754718 -0400
+++ config/coreboot-nitropad-ns50.config 2024-05-10 14:55:37.699761391 -0400
@@ -110,7 +110,7 @@
# CONFIG_VENDOR_TI is not set
# CONFIG_VENDOR_UP is not set
CONFIG_MAINBOARD_FAMILY="Not Applicable"
-CONFIG_MAINBOARD_PART_NUMBER="nv40pz"
+CONFIG_MAINBOARD_PART_NUMBER="ns50pu"
CONFIG_MAINBOARD_VERSION="v2.1"
CONFIG_MAINBOARD_DIR="clevo/adl-p"
CONFIG_DIMM_MAX=4
@@ -128,7 +128,7 @@
CONFIG_DEVICETREE="devicetree.cb"
# CONFIG_VBOOT is not set
CONFIG_VBOOT_VBNV_OFFSET=0x28
-CONFIG_VARIANT_DIR="nv40pz"
+CONFIG_VARIANT_DIR="ns50pu"
CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb"
# CONFIG_VGA_BIOS is not set
CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Nitrokey"
@@ -139,8 +139,8 @@
CONFIG_CMOS_LAYOUT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.layout"
CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0
CONFIG_BOARD_CLEVO_ADLP_COMMON=y
-CONFIG_BOARD_CLEVO_NV40PZ_BASE=y
-CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="Nitropad NV41"
+CONFIG_BOARD_CLEVO_NS50PU_BASE=y
+CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="Nitropad NS51"
CONFIG_CONSOLE_POST=y
# CONFIG_USE_PM_ACPI_TIMER is not set
CONFIG_TPM_PIRQ=0x27
@@ -158,8 +158,8 @@
CONFIG_HAVE_INTEL_FIRMWARE=y
CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000
CONFIG_DRIVERS_INTEL_WIFI=y
-CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/novacustom/nv4x_adl/descriptor.bin"
-CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/novacustom/nv4x_adl/me.bin"
+CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/novacustom/ns5x_adl/descriptor.bin"
+CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/novacustom/ns5x_adl/me.bin"
CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000
CONFIG_VBT_DATA_SIZE_KB=9
CONFIG_CARDBUS_PLUGIN_SUPPORT=y
@@ -176,8 +176,8 @@
#
# Alder Lake P (2022)
#
-# CONFIG_BOARD_NOVACUSTOM_NS5X_ADLP is not set
-CONFIG_BOARD_NOVACUSTOM_NV4X_ADLP=y
+CONFIG_BOARD_NOVACUSTOM_NS5X_ADLP=y
+# CONFIG_BOARD_NOVACUSTOM_NV4X_ADLP is not set
#
# Tiger Lake U (2021)
@@ -503,7 +503,6 @@
#
CONFIG_EC_ACPI=y
CONFIG_EC_SYSTEM76_EC=y
-CONFIG_EC_SYSTEM76_EC_DGPU=y
#
# Intel Firmware
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Also disable bootsplash resizing to center the logo in the middle of
the screen.
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
git difftool -d HEAD^ to check config against previous version (librem shared config), noticed I2C options being maybe relevant, added them back in
Then saved with make BOARD=nitropad-ns50 linux.modify_and_save_oldconfig_in_place
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Result of:
make BOARD=nitropad-nv41 coreboot.save_in_oldconfig_format_in_place
make BOARD=nitropad-ns50 coreboot.save_in_oldconfig_format_in_place
No change, was applied like this anyway at compilation.
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
The coreboot power failure state Kconfig options are wired up to the
Power on AC feature on Clevo mainboards. Set the power failure state to
0 to prevent these boards from powering on or waking up with AC attach.
Signed-off-by: Michał Kopeć <michal.kopec@3mdeb.com>
