Commit Graph

2457 Commits

Author SHA1 Message Date
tlaurion
f848070d16
Merge pull request #1230 from tlaurion/flash_sh-fixes
flash.sh: UX and logic fixes
2022-11-01 11:15:18 -04:00
Thierry Laurion
5a7902c5ab
flash.sh: single firmware read backup and logic fixes
- Have Talos II supported by detecting correctly size of mtd chip (not internal: different flashrom output needs to be parsed for chip size)
- Read SPI content only once: 66% speedup (TOCTOU? Don't think so, nothing should happen in parallel when flashing insingle user mode)
- Have the main flash_progress loop not break, but break in flash_rom state subcases (otherwise, verifying step was breaking)
- Change "Initializing internal Flash Programmer" -> "Initializing Flash Programmer"
- Apply changes suggested by @SergiiDmytruk under https://github.com/osresearch/heads/pull/1230#issuecomment-1295332539 to reduce userland wasted time processing flashrom -V output
2022-10-28 14:59:24 -04:00
tlaurion
0389eca95a
Merge pull request #1228 from tlaurion/heads_git_version_fixated_to_abbrev7
fixate HEADS_GIT_VERSION to use a commit id of 7 characters
2022-10-20 14:17:35 -04:00
Thierry Laurion
5e6f4fb90b
Reproducibility: fixate HEADS_GIT_VERSION to use a commit id of 7 characters 2022-10-20 11:00:33 -04:00
tlaurion
f2e45c4396
Merge pull request #1214 from tlaurion/cryptsetup2_for_xx30
xx30 - pack cryptsetup2 instead of cryptsetup
2022-09-16 17:33:30 -04:00
Thierry Laurion
9258ca7a68
xx30 - pack cryptsetup2 instead of cryptsetup 2022-09-16 12:51:38 -04:00
tlaurion
e71ef3a25a
Merge pull request #1210 from danielp96/master
Update Librem boards to coreboot 4.17
2022-09-15 15:49:21 -04:00
Daniel Pineda
8150e300ee
modules/coreboot: remove support for coreboot 4.15
patches/coreboot-4.15: remove patches for coreboot 4.15

No boards depend on it and is affected by CVE-2022-29264

Signed-off-by: Daniel Pineda <daniel.pineda@puri.sm>
2022-09-15 10:17:34 -06:00
Daniel Pineda
1cab17ae30
board/librem_*: Update to coreboot 4.17
Signed-off-by: Daniel Pineda <daniel.pineda@puri.sm>
2022-09-12 13:22:00 -06:00
Daniel Pineda
146b78e08c
patches/coreboot-4.17: Add Librem 4.17 patches
Add patches for coreboot 4.17:
- show ME status even when device is disable (kept from 4.15)
- zero unused part of SMBIOS region

Signed-off-by: Daniel Pineda <daniel.pineda@puri.sm>
2022-09-12 13:21:59 -06:00
Daniel Pineda
cc58994f3b
modules/coreboot: add support for coreboot 4.17
Update hash for coreboot module, coreboot-blobs.

Signed-off-by: Daniel Pineda <daniel.pineda@puri.sm>
2022-09-12 13:21:59 -06:00
tlaurion
6ec223fabe Update coreboot versions in build issues template
Will use that as a base. @eganonoa thanks
2022-09-08 23:22:26 -04:00
eganonoa
64aa6510a2 adding issue templates 2022-09-08 23:22:26 -04:00
tlaurion
493149b8d2
Merge pull request #1002 from SergiiDmytruk/openpower-talos-2
Add Talos 2 board (OpenPower)
2022-09-02 11:10:13 -04:00
Sergii Dmytruk
d0ef7e8c1f
Enable Infineon TPM1 for Talos-2 boards
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-09-01 00:28:16 +03:00
Sergii Dmytruk
72110e5915
Enable OpenBMC VGA console for Talos-2 boards
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-09-01 00:28:16 +03:00
Sergii Dmytruk
565963d51d
Add CONFIG_BOOT_EXTRA_TTYS option
It specifies whitespace-separated list of console devices to run Heads
on in addition to the default one.

Example for board config:

    export CONFIG_BOOT_EXTRA_TTYS="tty0 tty1"

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-09-01 00:28:15 +03:00
Sergii Dmytruk
b5fb2f907c
Build agetty from util-linux and optionally add it to initrd
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-09-01 00:21:27 +03:00
Sergii Dmytruk
fe9d80c6a7
CircleCI: build Talos 2 boards
This also involves splitting workspaces based on target architecture to
avoid severely degrading performance of CI.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-31 00:21:28 +03:00
Sergii Dmytruk
55ef9912aa
Add Talos 2 boards
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-31 00:21:28 +03:00
Matt DeVillier
00bb2b6c32
Makefile: Allow use of a specific hash for module using a git repo
`git reset --hard <commit_hash>` is a no-op when commit_hash is unset
2022-08-31 00:21:24 +03:00
tlaurion
9df4e48ff2
Merge pull request #1208 from tlaurion/emergency_revert_git_apply
Emergency revert of git apply instead of patch
2022-08-30 16:53:09 -04:00
Thierry Laurion
988b05f09d
Emergency revert of git apply instead of patch 2022-08-30 15:57:30 -04:00
tlaurion
48b9b74f39
Merge pull request #1201 from tlaurion/replace_patch_git_git_apply
Makefile: replace patch with git apply
2022-08-30 15:15:42 -04:00
tlaurion
c29c168176
Merge pull request #1009 from SergiiDmytruk/support-ppc64-arch
Support ppc64 arch
2022-08-30 12:50:29 -04:00
Sergii Dmytruk
f16e92792a
Support targeting PowerPC 64
This prepares most of the modules to be build for it.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-25 20:55:39 +03:00
Sergii Dmytruk
2a44e5e7ee
Incorporate architecture into directory layout
* build/ -> build/<arch>/
 * crossgcc/ -> crossgcc/<arch>/
 * install/ -> install/<arch>/
 * packages/ -> packages/<arch>/

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-25 20:55:39 +03:00
Sergii Dmytruk
5dc06bdbf1
Makefile: drop handling of $(TOOLCHAIN)
It came from https://github.com/osresearch/heads/pull/395 and was a
local workaround.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-25 20:55:39 +03:00
Sergii Dmytruk
8944710033
Introduce $(board_build) variable
To be used in board configuration.  Expands to the path of the board's
build directory.  Also simplifies main Makefile a bit.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-25 20:55:35 +03:00
Sergii Dmytruk
fa8e8843c6
Expand @VAR@ placeholders in configuration files
This makes configs much less dependent on directory layout.

As of this commit the following variables are supported:
 * @BOARD_BUILD_DIR@ - absolute path under build/
 * @BLOB_DIR@ - absolute path to blobs/

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-25 13:58:40 +03:00
tlaurion
c56e9d2917
Merge pull request #1188 from JonathonHall-Purism/qemu-testing-support 2022-08-24 18:56:32 -04:00
Jonathon Hall
2ca34803af
qemu: Add qemu-coreboot-whiptail-tpm1 configuration
This configuration uses a console interface instead of fbwhiptail, and
no USB token is required.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-08-24 13:04:07 -04:00
Jonathon Hall
ef3cd5c65f
qemu-coreboot-fbwhiptail-tpm1-hotp: Virtio video/storage, serial
Enable virtio video and storage.

Enable serial console and tweak kernel command line to show logs.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-08-24 13:04:07 -04:00
Jonathon Hall
64f194628f
qemu: Linux 5.10
Update to Linux 5.10 for improved virtio support.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-08-24 13:04:07 -04:00
Jonathon Hall
73eccb364a
qemu: Add qemu-coreboot-fbwhiptail-tpm1-hotp for complete testing in QEMU
Add qemu-coreboot-fbwhiptail-tpm1-hotp configuration, which has a 'run'
target to boot with a persistent TPM, disk, virtual USB disk, and USB-
forwarded token
Provide instructions for bootstrapping a complete working system in qemu

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-08-24 13:04:06 -04:00
Jonathon Hall
2d188e493d
build: Allow injecting GPG key at build time
flashrom doesn't work in qemu, so the firmware isn't able to update its
keyring.  Adding an already-provisioned key ahead of time works though.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-08-24 13:04:06 -04:00
Jonathon Hall
3e5fd6be75
qemu: Build ATA support into kernel, enable OHCI/UHCI
Set ATA and SATA configs to y, not m - modules weren't being loaded.  Other
configs also build these into kernel, so do the same for qemu.  Remove relevant
configs from boards since modules no longer need to be in initrd.

Enable OHCI and UHCI.  qemu forwards host USB devices over a UHCI controller.
This enables USB-forwarding a physical Librem Key or Nitrokey Pro to the VM.
Export CONFIG_LINUX_USB_COMPANION_CONTROLLER to have enable_usb() load the
modules - it wants both UHCI and OHCI modules, so build both.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-08-24 13:03:53 -04:00
tlaurion
f7facf042f
Merge pull request #1200 from SergiiDmytruk/optional-otp
init: assign CONFIG_TPM depending on /dev/tpm0 presence
2022-08-24 10:38:16 -04:00
Thierry Laurion
921daabdaf
Makefile: replace patch with git apply
Otherwise binary patches cannot be patched/created

Additional fixes needed
- flashrom patch was invalid and got catched by git apply. Correcting
- gpg2-2.2.21.patch was pointing to bad target. Correcting
2022-08-21 14:28:30 -04:00
Sergii Dmytruk
75748e86b7
gui-init: fix TOTP/HOTP initialization on missing OS
Skip only GPG key check, but always init TOTP and HOTP.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-21 00:05:20 +03:00
Sergii Dmytruk
b989889e5f
init: assign CONFIG_TPM depending on /dev/tpm0 presence
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-20 23:56:47 +03:00
tlaurion
4ca4656cf9
Merge pull request #1199 from tlaurion/CircleCI_Makefile_part_of_measured_files_in_cache_usage
.circleci/config.yml: Add Makefile as part of measured files for cache downloads
2022-08-16 18:14:25 -04:00
Thierry Laurion
9f75fa2362
.circleci/config.yml: Add Makefile as part of measured files for cache downloads
Global Makefile is the most effective modifier of builds.
As soon as the global Makefile change, so should not be reused caches having measured a different Makefile
2022-08-16 17:33:41 -04:00
tlaurion
160b3d19e7
Merge pull request #1196 from JonathonHall-Purism/dropbear-mirror
dropbear: Use mirror, main host is down
2022-08-02 17:42:47 -04:00
Jonathon Hall
2c3244f48d
dropbear: Use mirror, main host is down
Switch to mirror https://mirror.dropbear.nl/

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-08-02 17:35:18 -04:00
tlaurion
21505aa5dd
Merge pull request #1194 from Unb0rn/ecc_fix
EC keys support
2022-07-29 11:48:01 -04:00
Victor Bessonov
a221321b6a Allow gpg to select digest algo
EC signatures requires that the digest has the corresponding length. Removing the hardcoded sha2-256 hash function and adding support of sha2-384 and sha2-512 should allow using EC crypto.
2022-07-23 01:10:52 +03:00
tlaurion
2cfa94003b
Merge pull request #1178 from tlaurion/remove_gawk_make_local_build-fix_xx30_maximized-boards_produce_top_bottom_hashes
Remove local gawk and make builds, add xx30 top and bottom hashes under hashes.txt
2022-06-28 12:46:41 -04:00
tlaurion
7c69167e2a
Merge pull request #1183 from tlaurion/QrCode_named_after_boardname
gui-init: Have TPMTOTP QrCode named under TOTP app with $BOARD_NAME
2022-06-23 14:20:11 -04:00
Thierry Laurion
ba9235abcb
xx30 boards: add top bottom roms statements to get hashes under hashes.txt 2022-06-23 11:05:53 -04:00