ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-18 20:47:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Commit Graph

  • d5b4bd5644
         Merge 1ac5229aba into fa0f90cbec #1875 Thierry Laurion 2024-12-18 15:41:49 -0500
  • 1ac5229aba
         kexec-save-default: fix primary handle once more. Can't wait we get rid of this... file must exist and not be empty, and hash output to console must not be silenced #1875 Thierry Laurion 2024-12-18 14:57:48 -0500
  • 887e3865bf
         Merge fc572e25b9 into fa0f90cbec #1846 Michał Kopeć 2024-12-18 10:29:46 -0500
  • fc572e25b9
         modules/coreboot: bump dasharo fork for FSP submodule fix #1846 Michał Kopeć 2024-12-18 16:29:33 +0100
  • f1299c1ce7
         modules/coreboot: update for HAP disable fix Michał Kopeć 2024-12-18 14:09:52 +0100
  • 1dba3e932f
         CircleCI v560tu/v540tu: build atop x230-hotp-maximized workspace cache to reuse 24.02.01 coreboot buildstack, no point waiting for novacustom_nv4x_adl to be built. Gonna clear cache for next run and build clean Thierry Laurion 2024-12-11 15:55:09 -0500
  • f45452b736
         nv4x_adl/ns50 coreboot config bumped to 24.02.01 with save in old config helper Thierry Laurion 2024-12-11 13:50:41 -0500
  • a09b64d390
         v560tu/v540tu coreboot configs: add bootsplash, remove ME HAP bit to be applied by IFDTOOL to https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-11 11:05:43 -0500
  • b98492377c
         v560tu/v540tu board configs: adapt FLASH_OPTIONS to not overwrite GBE region, document S3/S01x/Hibernation limitation which is lackking from https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-10 19:24:56 -0500
  • bf06be9017
         config/coreboot-novacustom-v560tu.config: reuse changes proposed under https://github.com/linuxboot/heads/pull/1871 but not yet taken under https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-10 17:57:06 -0500
  • fffc3a88c4
         v540tu/v560tu: remove MSRTOOL, reuse proposed changes not taken from https://github.com/linuxboot/heads/pull/1871 for https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-10 17:55:46 -0500
  • 6ee05c3dce
         CircleCI: Add v560tu missing into https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-10 17:46:58 -0500
  • 6f5f8264e6
         TPM2 primary handle debugging once more. Can't wait we get rid of this... Thierry Laurion 2024-12-17 16:10:48 -0500
  • 6480119040
         novacustom_nv4x_adl/novacustom_nv4x_adl.config : add quiet mode for real hardware recording in PR, will comment and generalize in next commit to all maintained boards, leaving this to be overriden by branding downstream for downstream releases exercice and choice Thierry Laurion 2024-12-17 14:39:54 -0500
  • 874ad13832
         init: Quiet mode enablement output string modified; tell users having enabled it through Configuration Settings that earlier suppression requires enabling through board config Thierry Laurion 2024-12-17 13:40:44 -0500
  • d0950dc48d
         Merge d8bde03ba3 into fa0f90cbec #1606 TrustExecutor 2024-12-17 13:35:44 -0500
  • f39bbc244f
         Merge 7bf492e777 into fa0f90cbec #1683 Thierry Laurion 2024-12-17 13:35:44 -0500
  • a28f6379b9
         Merge de5cc49366 into fa0f90cbec #1804 Thierry Laurion 2024-12-17 13:35:44 -0500
  • de7c8c2129
         Merge a9a1b208d4 into fa0f90cbec #1816 Antoine Luciani 2024-12-17 13:35:44 -0500
  • 91c98d2a10
         Merge 4b4ac60240 into fa0f90cbec #1850 Thierry Laurion 2024-12-17 13:35:44 -0500
  • 434f2521f2
         Merge ef30271618 into fa0f90cbec #1863 Thierry Laurion 2024-12-17 13:35:44 -0500
  • 4f31a25997
         Merge eee1d53b1b into fa0f90cbec #1870 Thierry Laurion 2024-12-17 13:35:44 -0500
  • efa05f2d57
         Merge ace2947f25 into fa0f90cbec #1019 Siproqu 2024-12-17 13:35:43 -0500
  • e2cbf8848c
         Merge 15b5be6c9d into fa0f90cbec #1191 Cody Ho 2024-12-17 13:35:43 -0500
  • a266b2f6df
         Merge 1d83f7bdce into fa0f90cbec #521 Francis Lam 2024-12-17 13:35:43 -0500
  • fa0f90cbec
         Put usage of ./docker_repro.sh (docker images with docker-ce) first master Thierry Laurion 2024-12-17 11:23:30 -0500
  • bd0871b683
         kexec-select-boot+kexec-save-default: Quiet mode; remove last rollback counters printed to console Thierry Laurion 2024-12-16 17:47:25 -0500
  • 81c6b00e9b
         seal-totp: contextualize qr code output for manual input of those without qr scanner app in mobile phone Thierry Laurion 2024-12-16 16:47:06 -0500
  • ce9da989b4
         init: some more comments in code per review Thierry Laurion 2024-12-16 16:39:12 -0500
  • 82059b896e
         DEBUG: inform that output will be both in dmesg and on console from where that measure is enforced in code Thierry Laurion 2024-12-16 16:27:49 -0500
  • f2d801ef01
         init+cbfs-init: refactor and explain why quiet mode cannot suppress measurements of cbfs-init extracted+measured TPM stuff if not in board config Thierry Laurion 2024-12-16 13:28:34 -0500
  • c7986fdc2f
         Deprecate ash in favor of bash shell; /etc/ash_functions: move /etc/ash_functions under /etc/functions, replace TRACE calls by TRACE_FUNC, remove xx30-flash.init Thierry Laurion 2024-12-16 11:46:37 -0500
  • 72fbf94523
         config-gui.sh: Add quiet mode toggle, which turns off debug+tracing if enabled, and where enabling debug+tracing disables Quiet mode Thierry Laurion 2024-12-15 20:41:08 -0500
  • 3a04195b40
         hot-verification: bump to 1.7+ unrelease patchset https://github.com/Nitrokey/nitrokey-hotp-verification/pull/51 Thierry Laurion 2024-12-13 17:20:52 -0500
  • f5184d6810
         WiP: staging changes, refusing to fight against tools helping me, formatting changed. sign after tpm-reset now to work around primary handle issue. Thierry Laurion 2024-12-13 16:56:05 -0500
  • 2fe7cd095e
         WiP: staging changes, warn loud and clear of weak security posture by using weak OEM defaults provisioned secrets Thierry Laurion 2024-12-13 15:50:05 -0500
  • b8fcddc730
         WiP: staging changes, no more tpm output. Next warn /boot changed because htop counter and primary handle until removed outside of this PR Thierry Laurion 2024-12-13 14:50:24 -0500
  • 89349dbea0
         Turn some info on default boot into LOGged info, LOG might go out forever if not pertinent to most? Thierry Laurion 2024-12-12 18:44:51 -0500
  • 23462aa59d
         WiP: staging changes Thierry Laurion 2024-12-12 17:03:47 -0500
  • 68923b91b1
         Bump hotp-verification to version 1.7, remove patches: contains info fixes and reset fixes so that oem-factory-reset can reset secrets app PIN Thierry Laurion 2024-12-12 16:34:21 -0500
  • 41082716ee
         WiP: staging changes Thierry Laurion 2024-12-10 17:12:47 -0500
  • fe23df6ae3
         CircleCI v560tu/v540tu: build atop x230-hotp-maximized workspace cache to reuse 24.02.01 coreboot buildstack, no point waiting for novacustom_nv4x_adl to be built. Gonna clear cache for next run and build clean #1876 Thierry Laurion 2024-12-11 15:55:09 -0500
  • 133d1cdd5c
         nv4x_adl/ns50 coreboot config bumped to 24.02.01 with save in old config helper Thierry Laurion 2024-12-11 13:50:41 -0500
  • 11a118d6c1
         patches/coreboot-dasharo-unreleased: add back JPEG patches Michał Kopeć 2024-12-11 18:31:11 +0100
  • 602e281f2f
         config/coreboot-novacustom-v5.0tu.config: add bootsplash Michał Kopeć 2024-12-11 18:43:36 +0100
  • c516918fac
         patches/coreboot-dasharo-unreleased: add back JPEG patches Michał Kopeć 2024-12-11 18:31:11 +0100
  • 44871a483d
         v560tu/v540tu coreboot configs: add bootsplash, remove ME HAP bit to be applied by IFDTOOL to https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-11 11:05:43 -0500
  • b65b45a2f7
         v560tu/v540tu board configs: adapt FLASH_OPTIONS to not overwrite GBE region, document S3/S01x/Hibernation limitation which is lackking from https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-10 19:24:56 -0500
  • 294c4d5096
         config/coreboot-novacustom-v560tu.config: reuse changes proposed under https://github.com/linuxboot/heads/pull/1871 but not yet taken under https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-10 17:57:06 -0500
  • 698222cae3
         v540tu/v560tu: remove MSRTOOL, reuse proposed changes not taken from https://github.com/linuxboot/heads/pull/1871 for https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-10 17:55:46 -0500
  • 30951a7934
         CircleCI: Add v560tu missing into https://github.com/linuxboot/heads/pull/1846 Thierry Laurion 2024-12-10 17:46:58 -0500
  • 4199bd8e25
         WiP: staging changes (TPM1 regression fixes for LOG/DEBUG on quiet mode) Thierry Laurion 2024-12-10 14:50:52 -0500
  • c14a3ad4db
         WiP: staging changes including https://github.com/linuxboot/heads/pull/1850 https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 and https://github.com/Nitrokey/nitrokey-hotp-verification/pull/46 Thierry Laurion 2024-12-09 12:48:16 -0500
  • 7323fef604
         modules/coreboot: bump for MTL S3 Michał Kopeć 2024-12-10 18:24:47 +0100
  • b5fe89903d
         config/coreboot-novacustom-v5*: set ME HAP, prefer S3 sleep Michał Kopeć 2024-12-10 18:22:00 +0100
  • ac43d5e78b
         config/coreboot-novacustom-v5*: bump version to rc2 Michał Kopeć 2024-12-10 13:10:06 +0100
  • 1d7b442668
         novacustom-v560tu: sync to v540tu Michał Kopeć 2024-12-10 12:41:39 +0100
  • ef30271618
         initrd/bin/oem-factory-reset: fix tpmr counter output on screen, output of gpg on screen and safeguard PIN that would be word splitted #1863 Thierry Laurion 2024-12-09 13:44:57 -0500
  • 4ec37e7bbb
         initrd/bin/kexec-sign-config: safeguard ops between remounting /boot rw/ro Thierry Laurion 2024-12-09 13:42:58 -0500
  • 38b3db451f
         initrd/bin/tmpr: silence unneeded output for tpm related operations Thierry Laurion 2024-12-09 13:40:17 -0500
  • 385c99f2fc
         SQUASH codebase: silence dd output while capturing output in variables when needed Thierry Laurion 2024-12-09 13:38:28 -0500
  • 5b444119ca
         config/coreboot-novacustom-v540tu.config: disable serial console Michał Kopeć 2024-12-09 16:30:16 +0100
  • 6174b63a12
         novacustom-v540tu: enable PR0 lockdown in SMM Michał Kopeć 2024-12-09 16:21:45 +0100
  • 0166533b47
         Merge remote-tracking branch 'tlaurion-github/generate_passphrase-reownership_qr_code' into introduce_quiet_mode-diceware_STAGING Thierry Laurion 2024-12-07 12:46:44 -0500
  • 4b4ac60240
         patches/hotp-verification-*/46.patch : readd https://github.com/Nitrokey/nitrokey-hotp-verification/pull/46 so that this PR can be tested and reviewed from OEM Factory Reset/User Re-Ownership perspective (PR 43 not in which fixes hotp_verification info, needed to reuse default PINs under seal-hotp if pubkey age <1 month and if Secret app PIN/GPG Admin PIN count >=3 ) #1850 Thierry Laurion 2024-12-07 11:12:38 -0500
  • 86a61586b5
         oem-factory-reset: Stop adding leading blank lines in 'passphrases' msg Jonathon Hall 2024-12-06 16:26:41 -0500
  • c00c036c01
         functions: Simplify dictionary word selection Jonathon Hall 2024-12-06 16:24:20 -0500
  • 7051fc8785
         functions: Fix spelling of 'dictionaries' Jonathon Hall 2024-12-06 16:22:52 -0500
  • 6591f267e6
         hotp-verification: removed patches/hotp-verification-e9050e0c914e7a8ffef5d1c82a014e0e2bf79346 directory: waiting for https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 and https://github.com/Nitrokey/nitrokey-hotp-verification/pull/46 to be merged to change modules/hotp-verification commit Thierry Laurion 2024-12-06 11:36:50 -0500
  • d142f76202
         oem-factory-reset+seal-hotp nk3 hotp-verification info adaptations Thierry Laurion 2024-12-06 09:48:28 -0500
  • e73bb05557
         hotp-verification patches: Use https://github.com/Nitrokey/nitrokey-hotp-verification/pull/43 instead of https://github.com/Nitrokey/nitrokey-hotp-verification/pull/46 for hotp-verification info parsing and validation of oem-factory-reset and seal-hotp Thierry Laurion 2024-12-06 10:50:59 -0500
  • 295935f311
         WiP seal-hotp: customize message to be GPG Admin PIN or Secure App PIN Thierry Laurion 2024-12-05 16:48:32 -0500
  • 835b7acfcb
         kexec-sign-config: mount rw, write things to /boot, mount ro after Thierry Laurion 2024-12-05 16:08:34 -0500
  • 444ff3ee37
         oem-factory-reset: reset nk3 secure app PIN early since we need physical presence, put nk3 secure APP PIN after TPM but before GPG PINS in output for consistency Thierry Laurion 2024-12-05 14:37:48 -0500
  • e43626016a
         oem-factory-reset: set title_text accordingly to mode, either 'OEM Factory Reset Mode', 'Re-Ownership Mode' or 'OEM Factory Reset / Re-Ownership' Thierry Laurion 2024-12-05 14:25:22 -0500
  • 91704d0c0a
         oem-factory-reset: fix Secure App wording, prevent word globbing, warn that physical presence is needed Thierry Laurion 2024-12-05 13:55:39 -0500
  • 85dfaf9ac2
         oem-factory-reset: if nk3, also display Secure App PIN = GPG Admin PIN as text and in Qr code Thierry Laurion 2024-12-05 13:46:25 -0500
  • b760e636fd
         oem-factory-reset: don't set user re-ownership by default for now: use current defaults being DEF pins (12345678 and 123456 as master) Thierry Laurion 2024-12-05 13:42:11 -0500
  • 9623053da5
         modules/hotp-verification: 1.6, removing patch pr43, only keeping 46 for this PR (43 conflicts when applied atop 46. 46 is needed here) Thierry Laurion 2024-12-05 13:32:23 -0500
  • b550151d54
         oem-factory-reset: add reset secure app PIN = ADMIN_PIN at reownership, make sure defaults are set for all modes, including default which uses current defaults being DEF pins (12345678 and 123456 as master) Thierry Laurion 2024-12-05 13:23:37 -0500
  • a9d3d96ec1
         modules/hotp-verification: revert to 1.6, add patches tested instead Thierry Laurion 2024-12-05 13:21:34 -0500
  • c4832eed0e
         WiP: add nk3 secret app reset function and call it following security dongle reset logic Thierry Laurion 2024-11-28 16:57:26 -0500
  • 1e0df1f597
         WiP: bump to hotp-verification version supporting reset of secret app Thierry Laurion 2024-11-28 16:39:02 -0500
  • 89d15fb57c
         WiP initrd/bin/oem-factory-reset: add qrcode+secet output loop until user press y (end of reownership wizard secret output) Thierry Laurion 2024-11-17 17:37:30 -0500
  • 18c066f697
         /etc/functions:: reuse detect_boot_device instead of trying only to mount /etc/fstab existing /boot partition (otherwise early 'o' to enter oem mode of oem-factory-reset Thierry Laurion 2024-11-17 17:36:21 -0500
  • 439f3eceb9
         WiP initrd/bin/oem-factory-reset: add --mode (oem/user) skeleton Thierry Laurion 2024-11-17 14:07:10 -0500
  • 6eac70a319
         WiP initrd/bin/oem-factory-reset: format unification Thierry Laurion 2024-11-17 14:02:35 -0500
  • 81293c9c7e
         initrd/etc/functions: add generate_passphrase logic Thierry Laurion 2024-11-15 13:25:43 -0500
  • c5bc76dd1c
         diceware: add short list v2, requiring 4 dices and providing longer words then short list v1 for easier to remember passphrases Thierry Laurion 2024-11-15 15:46:51 -0500
  • b78c1745f9
         novacustom-v540tu/novacustom-v560tu: add s3 preferred, bootsplash, disabling ME, saved in oldconfig #1871 Thierry Laurion 2024-12-04 13:41:27 -0500
  • f4175e891f
         novacustom_nvx_adl/mitropad-ns50: save coreboot configs in oldconfig with helper Thierry Laurion 2024-12-04 13:34:36 -0500
  • b70cb81809
         novacustom-v540tu/novacustom-v560tu: save coreboot configs in oldconfig with helper, adding some missing PR0 settings Thierry Laurion 2024-12-04 13:21:43 -0500
  • 341d5e4ed9
         novacustom-v540tu/novacustom-v560tu: add board and coreboot config support for PRR/PR0 Thierry Laurion 2024-12-04 13:17:00 -0500
  • a3732cb296
         .circleci/config.yml: build v560TU, reusing novacustom_nv4x_adl cache (might not show much more gain then if based on x230-hotp-maximized) Thierry Laurion 2024-12-04 09:51:56 -0500
  • f1a9f5c657
         .circleci/config.yml: have novacustom_nv4x_adl depend on x230-hotp-maximized to reuse coreboot 24.02.01 utils/crossgcc buildstack build for x230-hotp-maximized to skip rebuilding buildstack for novacustom boards Thierry Laurion 2024-12-04 09:48:36 -0500
  • bb6c83de49
         modules/coreboot: add commented out patch version Michał Kopeć 2024-12-04 18:13:07 +0100
  • 34ee256dd2
         modules/coreboot: bump dasharo fork for PRR lockdown Michał Kopeć 2024-12-04 18:11:54 +0100
  • 0f339496a7
         Add NovaCustom V560TU Michał Kopeć 2024-11-29 19:20:59 +0100
  • ad6605d84b
         config/coreboot-novacustom-v540tu.config: set version to rc1 Michał Kopeć 2024-11-29 19:20:30 +0100
  • 0cdba412ef
         modules/coreboot: dasharo: reuse 24.02.1 toolchain Michał Kopeć 2024-12-02 12:22:11 +0100