mirror of
https://github.com/linuxboot/heads.git
synced 2025-01-11 15:32:48 +00:00
445ca053fb
- Based on initial server board
- Uses whiptail as opposed to fbwhiptail (was slow and output fuzzy)
- Simple fix to have dual KVM(BMC) and vga output for consoles
Reasoning for dropping fbwhiptail support is that:
- it is impossible to output framebuffer content through remote BMC console.
- A workstation board config could output to fbwhiptail for VGA and give remote recovery shell access through BMC
- If someone shows interest for that, qemu-coreboot-tpm boards can be used as reference.
- slowness/fuzzyness of fbwhiptail output through AST would still need to be fixed in kernel drivers. Not a priority here.
Limitation:
- Since whiptail is sent to both consoles:
- If one console goes to recovery shell, recovery shell access invalidate TPM PCR4 measurements.
- The other console won't be aware that TPM measurements were invalidated, and will consequently:
- not be able to unseal TOTP if refreshed
- not be able to unseal TPM disk unlock key on default boot
- A reboot will fix this.
69 lines
1.9 KiB
Makefile
69 lines
1.9 KiB
Makefile
# Configuration for a Talos 2 running Qubes and other OSes
|
|
# The board uses BE coreboot and LE Linux kernel and initrd
|
|
CONFIG_TARGET_ARCH=ppc64
|
|
|
|
export CONFIG_COREBOOT=y
|
|
export CONFIG_COREBOOT_VERSION=talos_2
|
|
export CONFIG_LINUX_VERSION=5.5-openpower
|
|
|
|
CONFIG_COREBOOT_CONFIG=config/coreboot-talos-2.config
|
|
CONFIG_COREBOOT_ROM=coreboot.rom.signed.ecc
|
|
CONFIG_COREBOOT_BOOTBLOCK=bootblock.signed.ecc
|
|
CONFIG_LINUX_CONFIG=config/linux-talos-2.config
|
|
|
|
CONFIG_CRYPTSETUP2=y
|
|
CONFIG_LVM2=y
|
|
CONFIG_KEXEC=y
|
|
CONFIG_UTIL_LINUX=y
|
|
CONFIG_MBEDTLS=y
|
|
CONFIG_POPT=y
|
|
CONFIG_QRENCODE=y
|
|
CONFIG_TPMTOTP=y
|
|
CONFIG_GPG2=y
|
|
CONFIG_PCIUTILS=y
|
|
CONFIG_FLASHROM=y
|
|
CONFIG_FLASHTOOLS=y
|
|
|
|
#Whiptail in console mode
|
|
CONFIG_SLANG=y
|
|
CONFIG_NEWT=y
|
|
|
|
CONFIG_LINUX_USB=y
|
|
CONFIG_LINUX_BUNDLED=y
|
|
|
|
#SSH client/server
|
|
CONFIG_DROPBEAR=y
|
|
|
|
# for OpenBMC VGA console
|
|
export CONFIG_USE_AGETTY=y
|
|
export CONFIG_USB_KEYBOARD=y
|
|
export CONFIG_BOOT_EXTRA_TTYS="tty0"
|
|
|
|
export CONFIG_TPM=y
|
|
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
|
export CONFIG_BOOT_REQ_HASH=n
|
|
export CONFIG_BOOT_REQ_ROLLBACK=n
|
|
export CONFIG_BOOT_KERNEL_REMOVE="quiet"
|
|
export CONFIG_BOOT_KERNEL_ADD="console=tty0 console=hvc0 rootdelay=3 rootwait panic=10"
|
|
export CONFIG_BOOT_DEV="/dev/sda1"
|
|
export CONFIG_BOARD_NAME="Talos 2"
|
|
export CONFIG_FLASHROM_OPTIONS="--noverify-all -p linux_mtd"
|
|
|
|
OUTPUT_PREFIX := heads-$(BOARD)-$(HEADS_GIT_VERSION)
|
|
BUNDLED_LINUX := $(OUTPUT_PREFIX)-zImage.bundled
|
|
OUTPUT_FILES := $(CB_OUTPUT_FILE) $(CB_BOOTBLOCK_FILE) $(BUNDLED_LINUX)
|
|
|
|
all: $(board_build)/$(BUNDLED_LINUX)
|
|
$(board_build)/$(BUNDLED_LINUX): $(board_build)/zImage.bundled
|
|
$(call do-copy,$<,$@)
|
|
|
|
all: $(board_build)/$(OUTPUT_PREFIX).tgz
|
|
$(board_build)/$(OUTPUT_PREFIX).tgz: \
|
|
$(addprefix $(board_build)/,$(OUTPUT_FILES))
|
|
rm -rf $(board_build)/pkg # cleanup in case directory exists
|
|
mkdir $(board_build)/pkg
|
|
cp $^ $(board_build)/pkg
|
|
cd $(board_build)/pkg && sha256sum * > hashes.txt
|
|
cd $(board_build)/pkg && tar zcf $@ *
|
|
rm -r $(board_build)/pkg
|