Commit Graph

239 Commits

Author SHA1 Message Date
Sergii Dmytruk
fa8e8843c6
Expand @VAR@ placeholders in configuration files
This makes configs much less dependent on directory layout.

As of this commit the following variables are supported:
 * @BOARD_BUILD_DIR@ - absolute path under build/
 * @BLOB_DIR@ - absolute path to blobs/

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2022-08-25 13:58:40 +03:00
Jonathon Hall
2d188e493d
build: Allow injecting GPG key at build time
flashrom doesn't work in qemu, so the firmware isn't able to update its
keyring.  Adding an already-provisioned key ahead of time works though.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2022-08-24 13:04:06 -04:00
Thierry Laurion
921daabdaf
Makefile: replace patch with git apply
Otherwise binary patches cannot be patched/created

Additional fixes needed
- flashrom patch was invalid and got catched by git apply. Correcting
- gpg2-2.2.21.patch was pointing to bad target. Correcting
2022-08-21 14:28:30 -04:00
Thierry Laurion
bf415a8d69
Remove local build of gawk make
-Makefile: remove local gawk and make version compare and local build
-modules: remove gawk and make
-patches: remove make

local make was added to build 4.2.1 on OSes that were having older version. It was then patched to be built on OSes having newer buildstack.
local gawk was added when GPG toolstack was older then libgpg-error 1.37. GPG toolstack was then upgraded, but local gawk stayed.

Removing those permits better parallelization and of builds and reduces CircleCI (and higher cores systems) to have race conditions and stalled builds
2022-06-23 10:51:13 -04:00
Thierry Laurion
f9d143d77a Retry CircleCI for 4.11 on Debian 11 docker
- Add kgpe-d16 patch to remove HID for PCI devices (successful build on top of #1101 and #1012 per https://app.circleci.com/pipelines/github/tlaurion/heads/937/workflows/de49bea0-3f58-4a91-8891-87622f5a0eed)
- CircleCI modified to build for coreboot 4.11 kgpe-d16_workstation on top of 4.15 passed workspace
- CircleCI modified so that we still archive all the logs in artifacts for the current build even if failing. We now exit 1 after having archived all the log files under build/
- Add xx30 vbios extract scripts to test. Expecting musl-cross target to fail since make and gawk aren't built
- CircleCI: gawk was not installed in apt statements under Debian. Installing
- Makefile: seperate and fix local make and gawk building pror of using. Otherwise, impossible to build musl-cross target seperatly.
  - Also give some debugging info at start of Heads builds to tell which local gawk and make are used, also telling which make call will be propagated in the rest of the builds
  - Fix gawk version checking, reporting bad version even if 4.2.1 as expected on debian-10 (debian-10 OS deploys gawk and make in version 4.2.1)
- CircleCI: Changing musl-cross taget to bootstrap (gawk+make) and musl-cross-make (bootstrap_musl-cross-make) for clarity
2022-02-08 13:58:14 -05:00
Thierry Laurion
e492786d0a CircleCI: fix #1058 and partly #984
CircleCI: We currently drop coreboot 4.11 builds.
- There is a file missing in the builds. Not sure why/how this is happening
src/soc/intel/fsp_broadwell_de/romstage/romstage.c:41:10: fatal error: build.h: No such file or directory
Example:https://app.circleci.com/pipelines/github/tlaurion/heads/877/workflows/7d0248d2-459c-42ad-b741-8fd56a75d527/jobs/2487
- kgpe-d16_workstation building for all GPUs is unfortunately taking too much time to build (40 minutes).
- Not sure why, but it seems that the kernel build paralellization is not working for 4.11 while it works for 4.13
Makefile: Uncomment MAKE_JOBS which passes the number of jobs to numbers cores by default and --max-load of 16
CircleCI: Remove CPUS statement to use Makefile default
modules/newt: force build with one make job, otherwise there is a race condition in module which fails randomly expecting build modules. (TODO: FIX)

Interestingly, building all coreboot 4.13 boards is happening on a clean commit just above 1h limit.

More details:
- CircleCI changed job build time to a maximum of 1h each.
- CircleCI now permits parallelization of 30 jobs
- 6000 build minutes a month.
- Still waiting for osresearch/heads CircleCI project to be unlocked (currently not recognized as open source project?!)
2021-12-04 15:51:53 -05:00
Thierry Laurion
ee5073ebe8 CircleCI: add large ressource class for free tier as defined under https://support.circleci.com/hc/en-us/articles/4410707277083-Context-deadline-exceeded-after-1-hour-Build-timed-out-Free-tier-only-
Readd https://github.com/osresearch/heads/pull/984 without cache
Add kgpe-d16 musl-cross target prior of having kgpe-d16 depend on musl-cross target (To try to have musl-cross step successfull under 1h CircleCI new limit)
CircleCI: add a subcommand that can follow a target (to build musl-cross-make now and coreboot version specific musl-cross later)
Output of hashes is now optional
29/11/2021 CircleCI public information available states parallelization of up to 30 jobs at a time. Let's play
- We first build heads musl-cross-make and persist (passing musl-cross-make into next job)
- We then build per coreboot version board with coreboot make statement only and persist (passing musl-cross-make + coreboot's musl-cross buildstack)
- We then build per coreboot version board (reusing past build musl-cross-make and coreboot's version musl-cross buildstack)
Remove 4.11 boards for the moment to test only build time and parallelization
2021-12-04 15:51:53 -05:00
tlaurion
60081318b5
Merge pull request #1011 from SergiiDmytruk/build-enhancements
Build enhancements
2021-07-29 14:38:26 -04:00
Thierry Laurion
ddc5d25a25
Makefile: Add cryptsetup2 so that binaries are copied under tools.cpio when building initrd. 2021-07-26 09:42:38 -04:00
Sergii Dmytruk
14c7bb6b7a
Allow using files other than coreboot.rom
Talos 2 will need signed ROM with ECC and an analogous separate bootblock
file.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2021-07-26 12:02:10 +03:00
Sergii Dmytruk
ea66885acb
Allow having multiple patches for the same version
By means of specifying ` <module>_patch_version` variable.

Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2021-07-26 12:02:10 +03:00
Sergii Dmytruk
97dc552d28
Support generation of bundled kernel
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
2021-07-26 12:02:08 +03:00
tlaurion
883f4958f8
Merge pull request #876 from hardenedvault/cryptsetup-2.3
Upgrade to cryptsetup 2.3 and make cryptsetup1/cryptsetup2 optionals
2021-02-04 18:21:38 -05:00
HardenedVault
209c9778ad Use -isystem instead of -I to introduce header files of target system
If using -I to introduce header files, the elf.h in the target system
instead of elf.h shipped with kexec-tools will be included, making its
building process failed.
2020-10-28 15:28:05 +02:00
MrChromebox
bd7a945bbb
Inject Heads version string into coreboot LOCALVERSION... (#859)
* config/coreboot-*: drop CONFIG_LOCALVERSION
Will be injected as part of the build using $(HEADS_GIT_VERSION)
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules/coreboot: inject $(HEADS_GIT_VERSION) as CONFIG_LOCALVERSION
Needed for fwupd to handle board updates
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* modules/coreboot: override SMBIOS ProductName with $(BOARD)
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

* Use $(BOARD)-$(HEADS_GIT_VERSION) as basis for output filename
makes builds uniquely identifiable based on board and version.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
2020-10-21 11:04:27 -04:00
Markus Meissner
09ca500d3e
add x230-nkstorecli board config (#817)
* add x230-nkstorecli board; 
* add modules: nkstorecli, libnk, libhidapi-libusb
* version bump nkstorecli; related minor in libnk
* upd. libnk module version bump to 3.6; remove 3.5 patch
2020-10-19 10:47:22 -04:00
Thierry Laurion
c74564086c
Buildsystem: permit to pass CPUS=X to make to force a number of CPUS to be used if desired, else the default is detected in Makefile and pushed to submodules. If nothing specified, uses nproc and pass it to submodules. CircleCI forced to CPUS=2 2020-09-25 15:52:31 -04:00
Nathan Rennie-Waldock
7ce12fe621
Add gawk module to use if the host is running a different major version (fixes #668) (#811)
Signed-off-by: Nathan Rennie-Waldock <nathan.renniewaldock@gmail.com>
2020-09-07 08:50:01 -04:00
tlaurion
b14e564ac9
Fix CircleCI build problems (#808)
* CircleCI: debian:10 docker based. Give possitility to override CACHE_VERSION through CircleCI when needed
* Makefile: fix #799 with implementation of @osresearch's recommended https://github.com/osresearch/heads/issues/799#issuecomment-673059028
* modules/coreboot : indentation fix and putting version hashes together to facilitate future maintainership.
2020-08-20 15:15:46 -04:00
alex-nitrokey
53b67d27a4
Prepare usage of /boot/kexec_hotp_key as branding 2020-06-24 16:11:41 +02:00
alex-nitrokey
28735a8c84
Add CONFIG_HOTP_BRANDING 2020-06-11 17:04:03 +02:00
alex-nitrokey
4069619ead
Rename libremkey-hotp-verification module 2020-06-11 15:54:10 +02:00
alex-nitrokey
1ba73ac1d5
Rename CONFIG_LIBREMKEY to CONFIG_HOTPKEY 2020-06-11 15:29:51 +02:00
Trammell Hudson
791d064397
musl-cross-make: replace all cross compilers with musl-cross-make
Signed-off-by: Trammell Hudson <hudson@trmm.net>
2020-01-08 17:08:15 +01:00
Trammell hudson
027ae39abe
modules: add module_tar_opt to allow different strip options
Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-12-03 10:48:10 +01:00
Trammell hudson
56aa508b8d
musl-cross: pin to a specific checkout (#617)
Add `--strip 1` to tar file extraction in the `Makefile`,
which ensures that the directory name in `build/` will
match the one listed in `$($(MODULE)_dir)`.

Signed-off-by: Trammell hudson <hudson@trmm.net>
2019-10-29 13:15:56 +01:00
Trammell hudson
a37e1f434d
add Intel msrtools commands 2019-07-30 15:36:57 +02:00
Martin Kepplinger
ae916cbd91 Makefile: add submodule checkout after git cloning coreboot
Right now all git submodules are left behind on a git clone. Add
git submodule update --init --checkout according to the docs, see
https://www.coreboot.org/Build_HOWTO
2019-05-21 13:35:50 +02:00
tlaurion
64c830e652
Merge branch 'master' into make-4.2.1 2019-04-22 21:53:43 -04:00
Trammell hudson
82701fb10f
typo on pinentry 2019-01-26 11:51:47 -05:00
Trammell hudson
c261907ee6
gpg2 pinentry program is required for passwords or PINs 2019-01-26 11:51:41 -05:00
Trammell hudson
c1c615e677
copy gpg2 executables and pass in the libusb include path 2019-01-26 11:47:16 -05:00
Martin Kepplinger
371b65ff58
fix install directory handling for git and builds
The install directly should basically behave like the "build" directory.
Since it's tracked by git, containing a gitignore file, we shouldn't
have it in the toplevel gitignore (just like the build directory).

But then, the toplevel Makefile's real.clean target removes the install
directory. This is changed so that only it's content is being removed.
2018-11-23 12:29:08 -05:00
Trammell Hudson
3f53cfe05b
Merge branch 'add_librem_key_support' of https://github.com/kylerankin/heads 2018-11-07 16:37:01 -05:00
Trammell hudson
66b51d3296
quiet hashing process slightly 2018-09-18 13:07:40 -04:00
Trammell hudson
a5a11e8213
fix missing ) in hashes 2018-09-18 12:35:19 -04:00
Trammell hudson
7a39cc78f4
create hashes and store them in the circleci artifacts 2018-09-18 12:08:16 -04:00
Trammell hudson
c494d0a5fd
fix wget and allow packages to be overridden 2018-09-18 07:14:02 -04:00
Trammell hudson
292a8bec81
patch for __alloca missing on ubuntu 18.04 (#352) 2018-09-18 06:33:15 -04:00
Trammell Hudson
22b1241475
Exit if patch fails to apply (issue #429) 2018-07-17 06:22:52 -04:00
Kyle Rankin
31cf85b707
Add Librem Key support to Heads
The Librem Key is a custom device USB-based security token Nitrokey is
producing for Purism and among other things it has custom firmware
created for use with Heads. In particular, when a board is configured
with CONFIG_LIBREMKEY, this custom firmware allows Heads to use the
sealed TOTP secret to also send an HOTP authentication to the Librem
Key. If the HOTP code is successful, the Librem Key will blink a green
LED, if unsuccessful it will blink red, thereby informing the user that
Heads has been tampered with without requiring them to use a phone to
validate the TOTP secret.

Heads will still use and show the TOTP secret, in case the user wants to
validate both codes (in case the Librem Key was lost or is no longer
trusted). It will also show the result of the HOTP verification (but not
the code itself), even though the user should trust only what the Librem
Key displays, so the user can confirm that both the device and Heads are
in sync. If HOTP is enabled, Heads will maintain a new TPM counter
separate from the Heads TPM counter that will increment each time HOTP
codes are checked.

This change also modifies the routines that update TOTP so that if
the Librem Key executables are present it will also update HOTP codes
and synchronize them with a Librem Key.
2018-06-19 12:27:27 -07:00
Trammell hudson
584c07042e
Merge branch 'generic_flashrom_script' of https://github.com/kylerankin/heads 2018-06-01 12:40:16 -04:00
Trammell hudson
29f0f914c5
do not create empty file if wget fails (issue #422) 2018-05-29 17:09:26 -04:00
Kyle Rankin
3c88bc5d86
Split flash GUI into separate script
To keep the flash logic simpler the GUI logic has been split into a
flash-gui.sh program so flash.sh behaves closer to the original flashrom
scripts it was based from. I've also removed the previous flashrom
scripts and incorporated their options into flash.sh. Finally I set
CONFIG_BOARD via the Makefile instead of setting a duplicate option in
each board's config.
2018-05-11 14:08:31 -07:00
Trammell hudson
492b94afb5
move git hash into /etc/config instead of Linux kernel version and track clean/dirty status (#398) 2018-05-04 14:36:56 -04:00
Trammell hudson
7f8cec0992
fix clean checkout missing tagets, silence a spurious print (#394) 2018-05-04 12:31:21 -04:00
Trammell hudson
0b644b1e19
ensure that Linux kernel is updated after a build and that busybox is not spuriously rebuilt (#397) 2018-05-03 18:03:24 -04:00
Trammell hudson
17bcc68f5d
fix symlink install of busybox so that it happens even on parallel builds (#394) 2018-05-02 16:13:23 -04:00
Trammell hudson
a1eae9111f
allow a system make that matches the same major number (#353) 2018-05-02 15:41:11 -04:00
Trammell hudson
e5740c6bfe
ensure that both coreboot.rom and linuxboot.rom are built in a parallel build (#394) 2018-05-02 14:53:54 -04:00
Trammell hudson
022ca815e4
fix external cross compiler parallel build and patch directories 2018-05-02 14:30:58 -04:00
Trammell hudson
a772b27e5d
parallel make fixes and hacks, which seem to work and reduce excessive remaking (issue #394) 2018-05-02 11:38:39 -04:00
Trammell hudson
7dee3902f3
ensure clean builds work even if BOARD is not specified in the environment 2018-04-19 20:06:36 -04:00
Trammell hudson
a91be6b38d
move log directory creation above the make version check (issue #375) 2018-04-19 19:37:45 -04:00
Trammell hudson
ee9bb29c7d
relocate Make version check to be above the inclusion of the board config (issue #375) 2018-04-19 17:41:50 -04:00
Trammell hudson
1f04cf94ef
generate the list of modules to be cleaned automatically (issue #313) 2018-03-29 18:05:57 -04:00
Trammell hudson
c6ece3bea1
Merge branch 'cairo' of https://github.com/kakaroto/heads 2018-03-29 17:21:57 -04:00
Trammell hudson
bd0c7da8f5
point pkg-config at the $(INSTALL) directory (issue #373) 2018-03-29 17:21:51 -04:00
Youness Alaoui
8ca6286ae0
Add Cairo/FBWhiptail to the build process
Enable it by default for the Librem 13 v2
2018-03-28 16:42:34 -04:00
Trammell hudson
7f30b22b82
allow CROSS or MUSL_DIR to be set on the command line so that an external cross compiler can be used (issue #162) 2018-03-16 12:59:24 -04:00
Trammell hudson
114d17bab6
add leading + to enable job server mode for parallel make 2018-03-15 18:10:15 -04:00
Trammell hudson
bac09ec191
Merge branch 'nerf' of https://github.com/vejmarie/heads into vejmarie-nerf 2018-03-15 14:46:50 -04:00
Trammell hudson
cd98b36b7c
Merge branch 'patch_series' of https://github.com/kakaroto/heads 2018-03-15 14:44:51 -04:00
Trammell hudson
ac537d0300
clean all cpio files and ensure that they are all padded 2018-03-15 11:46:42 -04:00
Youness Alaoui
e7d4b88d39
Add ability to specify a series of patches per module
If a file $module_$version.series exists, it will be used to
specify a list of patch files to apply to the module.
This is becoming necessary for coreboot which has an increasing
amount of patches required and which makes it hard to maintain
all in one file.
2018-03-14 16:27:21 -04:00
Jean-Marie Verdun
d6743abcc4 Refactor config directory content as to add extension capabilities for
inserting init script within generated ramfs.
Each init script are board file dependant (think kernel drivers auto insertion)
2018-03-12 10:26:23 +01:00
Trammell hudson
adee5a1261
Merge branch 'master' of ssh://github.com/osresearch/heads 2018-03-08 11:41:42 -05:00
Trammell hudson
dd8685c1be
Do not include busybox if CONFIG_BUSYBOX is not set (issue #346) 2018-03-08 11:41:28 -05:00
Trammell hudson
4e8e88b323
remove superiotool from default build 2018-03-08 04:32:23 -05:00
Trammell hudson
ab460645a3
allow $(packages) to be set in Make enviroment (#338) 2018-03-08 01:16:28 -05:00
Trammell hudson
b2868cf3cf
Merge branch 'export-quote-walkaround' of https://github.com/persmule/heads 2018-03-08 01:07:58 -05:00
Trammell hudson
d9808f6659
build the superiotool, which requires a hack on the pciutils lib/types.h file 2018-03-02 09:37:31 -05:00
persmule
4e758b8bfb Walkaround envvars passed through make(1) when generating etc/config
"export" statements included or declared in a Makefile proves literally
(with no escape) passed to the shell, which may result in shell envvars
containing literal double quote if SHELL is set as bash, and they further
becomes statements containing `\"` when printed with command export.

This behavior could be observed by the makefile inlined at the end.

This commit adds a regexp to sed to remove those `\"`.

export QUOTE="QUOTE"
SHELL := /bin/bash
.SHELLFLAGS := -o pipefail -c
export-quote:
        export|grep QUOTE
2018-03-01 15:36:54 +08:00
Trammell hudson
4f5432bb46
generate /etc/config from exported configuration variables 2018-02-28 14:57:46 -05:00
Trammell hudson
f618f09a69
Generate a fake EBDA with kexec, removing the need for a custom xen (#227)
This modifies the segment at 0x0 so that it contains enough of a fake
Extended BIOS Data Area at addresses 0x40e and 0x413 that Xen can
correctly locate its trampoline code.

Since custom Xen is no longer required, we can remove the module,
the patches and all of the references to it in the board definition
files.
2018-02-28 10:48:35 -05:00
Trammell hudson
7283a5397a
Merge branch 'add_whiptail' of https://github.com/kylerankin/heads 2018-02-26 16:33:34 -05:00
Trammell hudson
ff9925a6d4
remove ancient default CONFIG variable 2018-02-26 16:32:42 -05:00
Trammell hudson
657693f791
Merge branch 'fix_cpio_in_Makefile' of https://github.com/kylerankin/heads 2018-02-26 11:42:13 -05:00
Trammell hudson
e88700d0d9
add inteltool build instructions (not included by default) 2018-02-26 11:42:07 -05:00
Kyle Rankin
88c732833a
Add whiptail binary, new libraries, and slang dependency
The whiptail binary will allow us to create GUI menus from bash scripts.
It is included in the newt library, which depends on slang. To enable,
the board configuration file should add CONFIG_SLANG=y and CONFIG_NEWT=y
2018-02-19 16:39:42 -08:00
Kyle Rankin
1f22da73af
Fix missing parenthesis in cpio make option 2018-02-14 14:43:35 -08:00
Trammell hudson
1459e701e3
Make the Heads runtime opt-out from the initrd.cpio. #317
Allow sub-modules like u-root to opt out of the Heads runtime,
while retaining the musl-libc built tools.
2018-02-13 17:46:48 -05:00
Trammell hudson
10c1f56b0a
Enable easy building with the NERF u-root tree #317
This adds a `CONFIG_UROOT=y` option to allow the busybox
runtime to be replaced with the go u-root runtime.
You must have go 1.9 or newer for it to work.

It has been tested on the OCP winterfell and qemu nodes,
and it can be specified on the build command line as well.

Nothing from `heads/initrd` or any of the tools will be
linked into the cpio file.  Only the kernel modules and the
go shell will be included.
2018-02-13 15:47:31 -05:00
Trammell hudson
e0d390c62d
Helpful targets 2018-02-13 13:20:27 -05:00
Trammell hudson
3bf51cb74c
ensure that all is the default target and have a useful default board 2018-02-07 19:03:40 -05:00
Trammell hudson
d26f79bac9
coreboot and linuxboot qemu builds work 2018-02-05 17:27:12 -05:00
Trammell hudson
452aabe528
fix path to CONFIG_LINUX_CONFIG file 2018-02-05 16:27:48 -05:00
Trammell hudson
b50f8e847b
cleanup configuration options to all have the same CONFIG_MODULE_OPTION naming scheme 2018-02-05 15:59:26 -05:00
Trammell hudson
22f7442710
perform per-board Linux builds 2018-02-05 15:28:33 -05:00
Trammell hudson
47a94da5ed
x230 build works on the NERF tree (#305)
Fix FAST=1 builds to actually be fast.
2018-02-05 11:56:15 -05:00
Trammell hudson
cf8509e0f5
Add LinuxBoot as a module, prep for nerf branch merge (#305)
Move board configuration into `boards/` instead of `config/`
Fix mistake in building kernel module tree before kernel was done.
Allow per-board initrd builds (#278)
Allow per-board configurations for things (#304)
2018-02-05 11:27:45 -05:00
Trammell hudson
16d13e61de
rename initrd.cpio to inird-$(BOARD).cpio), remove old tools 2018-02-02 16:26:26 -05:00
Trammell hudson
982256df60
add config, git hash and phase out the Makefile.nerf 2018-02-02 15:56:46 -05:00
Trammell hudson
07f7653999
move tools into bin/ directory 2018-01-19 14:17:26 -05:00
Trammell hudson
517d242da5
allow .vol targets to be passed through 2017-12-04 15:29:00 -05:00
Trammell hudson
c954ec1947
Fix default target for NERF and edk2 dependency (issue #284) 2017-11-20 17:28:35 -05:00
Trammell hudson
12cea9a8e9
make coreboot an optional dependency (issue #265) 2017-09-22 16:17:05 -04:00
Trammell hudson
03d21da268
generate 512-byte padded xz files 2017-09-22 15:09:57 -04:00
Trammell hudson
796ea2870a
build appears to produce a NERFed r630 firmware image 2017-09-20 18:24:54 -04:00
Trammell hudson
8194f2f477
allow extra options to git via the repo variable 2017-09-20 14:25:19 -04:00