both linux/coreboot:
- save_in_defconfig_format_in_place : takes whatever coreboot config file for a make BOARD=xyz statement and saves it in defconfig
- save_in_oldefconfig_format_in_place : takes whatever coreboot config file for a make BOARD=xyz statement and saves it in oldefconfig
linux:
- linux.prompt_for_new_config_options_for_kernel_version_bump:
- The most useful helper as of now when doing kernel version bump.
- Requires to save current kernel config in oldconfig (make BOARD=xyz linux.save_in_oldefconfig_format_in_place) first, then bump kernel version in board config and then use that helper to review new options and save in tree.
This is particularly beneficial for servers with Aspeed BMC video,
because it introduces framebuffer console acceleration. The
framebuffer console is much more responsive.
Patches were ported from 5.10.5:
0001-fake-acpi.patch: This may not be needed any more, but it applies
cleanly and I don't think it would harm anything.
0002-nmi-squelch.patch: The comment mentions qemu but I see this
message on physical machines occasionally, so I think this is needed.
0003-fake-trampoline.patch: This patch does not apply cleanly. It
could be ported, but I don't think it's needed, I dropped it. Dates
back to a very old commit where Linux was being embedded into a vendor
UEFI firmware: a4d7654b1e.
0010-winterfell-ahci.patch: Minor change of %x to %lx in context.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Most useful to me are:
coreboot.modify_and_save_defconfig_in_place
coreboot.modify_and_save_oldconfig_in_place
linux.modify_and_save_oldconfig_in_place
linux.modify_and_save_defconfig_in_place
Which permit to take current in tree configs and translate them into other format.
This is useful when trying to version bump and build.
Also add helpers to save in versioned version to facilitate change tracking:
linux.generate_and_save-versioned-oldconfig
linux.regenerate_and_save_versioned_defconfig
This patch adds ARCH="$(LINUX_ARCH)" to Linux targets working on config
files. Without it, the architecture defaults to that of host, which for
cross-compilation isn't right.
Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
-coreboot support of TPM v2.0 (shared config for TPM2 support across all 4 previous variations)
-swtpm set to be launched under TPM v2.0 mode under board config
-Documentation file under each board.md softlinks to qemu-coreboot-fbwhiptail-tpm1.md (which has been generalized)
This is skeleton for TPM v2 integration under Heads
-------------
WiP
TODO:
- libcurl cannot be built as a tpm2-tools dependency as of now not sure why. curl currently needs to be added in board config to be built
- Note: tpm-reset (master and here) needs some review, no handle of no tpm use case. Caller is responsible to not call it otherwise does nothing
- init tries to bind fd and fails currently
- Note: Check if whiptail is different of fbwhiptail in clearing screen. As of now every clear seems to be removed, still whiptail clears previous console output
- When no OS' /boot can be mounted, do not try to TPM reset (will fail)
- seal-hotpkey is not working properly
- setting disk unlock key asks for TPM ownership passphrase (sealing in NV requires ownership, but text is misleading user as if reowning TPM)
- We should cache input, feed tpm behind the scene and wipe passphrase and state clearly that this is TPM disk unlock kye passphrase.
- primary key from TPM2 is invalid most of the time from kexec-select-boot and verifying global hashes but is setuped correctly at disk unlock key setup
- would be nice to take advantage of bash function tracing to understand where we are for debugging purposes, code takes ash in consideration only
- tpmr says it implements nv calls but actually doesn't. Removing those falsely wrapped functions would help.
- Implementing them would be better
- REVIEW TODOS IN CODE
- READD CIRCLECI CONFIG
Current state:
- TPM unseal works without disk unlock key and generates TOTP properly (was missing die condition at unseal to not produce always good TOTP even if invalid)
- TPM disk encryption key fails. Hypothesis is that sealing with USB drivers loaded and measures in inconsistent with sealed with/without.
- TPM disk unsealing happens without USB modules being loaded in non-HOTP setup. This fails.
- Current tests are with fbwhiptail (no clear called so having traces on command line of what happens)
- Testing with HOTP implementation for sealing/unsealing since that forces USB module loads on each boot to remove this from failing possibilities
This makes configs much less dependent on directory layout.
As of this commit the following variables are supported:
* @BOARD_BUILD_DIR@ - absolute path under build/
* @BLOB_DIR@ - absolute path to blobs/
Signed-off-by: Sergii Dmytruk <sergii.dmytruk@3mdeb.com>
Testing points:
- None here. Board who exported "CONFIG_USB_KEYBOARD=y" have it packed under their initrd, but there is no logic loading the module yet.
* modules/linux: add support for building with kernel 5.4.69
Add support to module, port patches from 4.19.139.
Needed for newer platforms not supported by 4.19 kernel.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
* CircleCI: add rysnc dependency for building kernel 5.x
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
* Migrate all Librem boards to kernel 5.x, common config
Update linux-librem_common.config from 4.x to 5.x, and add
CONFIG items needed to support the librem_l1um (AST DRM drivers,
serial port output).
Tested on Librem 13v4, Librem Mini, and Librem Server L1UM.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
* modules/linux: Add support for multiple kernel versions
Follow same pattern as used for coreboot. Add existing kernel version
as default for all existing boards.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
* modules/linux: Add option to use 4.19 LTS kernel
Add option to use kernel 4.19.139 (current LTS version).
Duplicate existing patches from 4.14.62 as they all apply cleanly.
Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
This reduces the amount of noise in the Linux kernel config files
by only storing the differences from the stock configuration.
It adds a new makefile target 'linux.saveconfig' to convert the
build tree's .config file into config/linux-linuxboot.config.
Michał Żygowski
Jonathon Hall
Thierry Laurion
Krystian Hebel
Sergii Dmytruk
Thomas Clarke
MrChromebox
Trammell hudson