move all other boards (but KGPE-D16) to coreboot 4.13

- xx30 legacy boards (x230, x230-flash, t430, t430-flash) now rely also on coreboot 4.13 - DOWNSIDE: x230 and t430 legacy boards now rely on WHIPTAIL (NOT FBWhiptail) to have enough space to fit under 7mb) - xx20 boards moved to 4.13 (no need of xx20-flash boards here since single SPI boards with 7.5mb useable since blobs scripts are required) - DOWNSIDE: all xx20 boards now have dropbear deactivated, while still having ethernet driver in. - qemu-coreboot and qemu-coreboot-fbwhiptail switched to coreboot 4.13 WITHOUT TPM SUPPORT (with cryptsetup 2.x support) - DOWNSIDE: - coreboot-qemu board CBFS_SIZE=0x700000 -> 0x750000 - coreboot-qemu-fbwhiptail CBFS_SIZE=0x750000 -> 0x780000 - CircleCi build recipe removes 4.8.1 boards altogether - KGPE-D16 workstation is used as new base build to save workspace layer (we removed one workspace layer) - Removing one workspace layer will save approx 2 hours of build time on fresh builds - Removing one coreboot version will save us approx 2 hours of build time on fresh builds - KGPE-D16 will stay to coreboot 4.11 until forward notice. - All other board configs SHOULD be built on latest coreboot versions
linuxboot · Jul 29, 2021 · b8696ac · b8696ac
1 parent 41a6025
commit b8696ac
Show file tree

Hide file tree

Showing 32 changed files with 192 additions and 131 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -165,19 +165,12 @@ workflows:
 # version. The last board in the sequence is the dependency
 # for the parallel boards built at the end, and also save_cache.
 
-      # Coreboot 4.8.1
-      - build_and_persist:
-          name: qemu-coreboot
-          target: qemu-coreboot
-          requires:
-            - prep_env
-
       # Coreboot 4.11
       - build_and_persist:
           name: kgpe-d16_workstation
           target: kgpe-d16_workstation
           requires:
-            - qemu-coreboot
+            - prep_env
 
       # Coreboot 4.13
       - build_and_persist:
@@ -275,6 +268,12 @@ workflows:
           requires:
             - librem_mini
 
+      - build:
+          name: qemu-coreboot
+          target: qemu-coreboot
+          requires:
+            - librem_mini
+
       - build:
           name: qemu-coreboot-fbwhiptail
           target: qemu-coreboot-fbwhiptail

diff --git a/boards/qemu-coreboot-fbwhiptail/qemu-coreboot-fbwhiptail.config b/boards/qemu-coreboot-fbwhiptail/qemu-coreboot-fbwhiptail.config
@@ -1,8 +1,9 @@
 # Configuration for building a coreboot ROM that works in
 # the qemu emulator in GUI mode thanks to FBWhiptail
-
+#
+# Note that the TPM does not work.
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-fbwhiptail.config
@@ -19,16 +20,21 @@ CONFIG_FLASHTOOLS=y
 CONFIG_FLASHROM=y
 CONFIG_PCIUTILS=y
 CONFIG_UTIL_LINUX=y
-CONFIG_CRYPTSETUP=y
+CONFIG_CRYPTSETUP2=y
 CONFIG_GPG2=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_DROPBEAR=y
 CONFIG_MSRTOOLS=y
 
+#Uncomment only one of the following block
 #Required for graphical gui-init (FBWhiptail)
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
+#
+#text-based init (generic-init and gui-init)
+#CONFIG_NEWT=y
+#CONFIG_SLANG=y
 
 endif
 
@@ -37,13 +43,17 @@ CONFIG_LINUX_AHCI=y
 CONFIG_LINUX_USB=y
 CONFIG_LINUX_E1000=y
 
+#Uncomment only one BOOTSCRIPT:
 #Whiptail-based init (text-based or FBWhiptail)
 export CONFIG_BOOTSCRIPT=/bin/gui-init
+#
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
 
 export CONFIG_TPM=n
 
 export CONFIG_BOOT_DEV="/dev/sda1"
-export CONFIG_BOARD_NAME="QEMU-fbwhiptail"
+export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail"
 
 #borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
 run:

diff --git a/boards/qemu-coreboot/qemu-coreboot.config b/boards/qemu-coreboot/qemu-coreboot.config
@@ -1,8 +1,10 @@
 # Configuration for building a coreboot ROM that works in the.
-# the qemu emulator.  Note that the TPM does not work, so this
+# the qemu emulator.  
+# 
+# Note that the TPM does not work, so this
 # will just drop into the recovery shell.
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-qemu.config
@@ -19,7 +21,7 @@ CONFIG_FLASHTOOLS=y
 CONFIG_FLASHROM=y
 CONFIG_PCIUTILS=y
 CONFIG_UTIL_LINUX=y
-CONFIG_CRYPTSETUP=y
+CONFIG_CRYPTSETUP2=y
 CONFIG_GPG2=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
@@ -52,6 +54,7 @@ export CONFIG_BOOTSCRIPT=/bin/generic-init
 export CONFIG_TPM=n
 
 export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOARD_NAME="qemu-coreboot"
 
 #borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
 run:

diff --git a/boards/t420-hotp-maximized/t420-hotp-maximized.config b/boards/t420-hotp-maximized/t420-hotp-maximized.config
@@ -4,6 +4,10 @@
 # - Deactivated+neutered ME and expended consequent IFD BIOS regions
 # - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx20/extract.sh)
 #   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
+#
+# Doesn't include (to fit in 7mb image)
+# - dropbear
+
 export CONFIG_COREBOOT=y
 export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62

diff --git a/boards/t420-maximized/t420-maximized.config b/boards/t420-maximized/t420-maximized.config
@@ -4,6 +4,9 @@
 # - Deactivated+neutered ME and expended consequent IFD BIOS regions
 # - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx20/extract.sh)
 #   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
+#
+# Doesn't include (to fit in 7mb image)
+# - dropbear
 export CONFIG_COREBOOT=y
 export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
@@ -48,7 +51,7 @@ CONFIG_FBWHIPTAIL=y
 
 #Additional tools:
 #SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
-CONFIG_DROPBEAR=y
+CONFIG_DROPBEAR=n
 
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n

diff --git a/boards/t430-flash/t430-flash.config b/boards/t430-flash/t430-flash.config
@@ -2,7 +2,7 @@
 BOARD=t430.flash
 
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_FLASHROM=y

diff --git a/boards/t430-hotp-maximized/t430-hotp-maximized.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config
@@ -17,7 +17,7 @@ CONFIG_LINUX_CONFIG=config/linux-x230.config
 CONFIG_LINUX_USB=y
 CONFIG_LINUX_E1000E=y
 
-CONFIG_CRYPTSETUP=y
+CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y

diff --git a/boards/t430/t430.config b/boards/t430/t430.config
@@ -1,17 +1,21 @@
-# Configuration for a t430 running Qubes and other OSes
+# Configuration for a t430 running Qubes 4.1 and other OSes
 # STATIC_OPTION_TABLE is set inside of coreboot config
 #
 # Deactivated to fit in coreboot's CONFIG_CBFS_SIZE=0x700000 :
 # dropbear support(ssh client/server)
 # e1000e (ethernet driver)
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-t430.config
 CONFIG_LINUX_CONFIG=config/linux-x230.config
 
-CONFIG_CRYPTSETUP=y
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=n
+
+CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y
@@ -20,26 +24,32 @@ CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_PCIUTILS=y
+
+#Remote attestation support
+#TPM based requirements
+export CONFIG_TPM=y
 CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=n
 
-#Whiptail in console mode
-#CONFIG_SLANG=y
-#CONFIG_NEWT=y
+#Nitrokey Storage admin tool
+CONFIG_NKSTORECLI=n
 
-#whiptail in graphical mode
-CONFIG_CAIRO=y
-CONFIG_FBWHIPTAIL=y
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+CONFIG_SLANG=y
+CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+#CONFIG_CAIRO=y
+#CONFIG_FBWHIPTAIL=y
 
-CONFIG_LINUX_USB=y
-
-#SSH client/server
+#Additional tools:
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
 CONFIG_DROPBEAR=n
-#Ethernet driver (Heads only)
-CONFIG_LINUX_E1000E=n
 
-export CONFIG_TPM=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n

diff --git a/boards/x220-hotp-maximized/x220-hotp-maximized.config b/boards/x220-hotp-maximized/x220-hotp-maximized.config
@@ -4,6 +4,10 @@
 # - Deactivated+neutered ME and expended consequent IFD BIOS regions
 # - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx20/extract.sh)
 #   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
+#
+# Doesn't include (to fit in 7mb image)
+# - dropbear
+
 export CONFIG_COREBOOT=y
 export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62

diff --git a/boards/x220-maximized/x220-maximized.config b/boards/x220-maximized/x220-maximized.config
@@ -4,6 +4,10 @@
 # - Deactivated+neutered ME and expended consequent IFD BIOS regions
 # - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx20/extract.sh)
 #   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
+#
+# Doesn't include (to fit in 7mb image)
+# - dropbear
+
 export CONFIG_COREBOOT=y
 export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
@@ -48,7 +52,7 @@ CONFIG_FBWHIPTAIL=y
 
 #Additional tools:
 #SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
-CONFIG_DROPBEAR=y
+CONFIG_DROPBEAR=n
 
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n

diff --git a/boards/x220/x220.config b/boards/x220/x220.config
@@ -1,12 +1,12 @@
-# Configuration for a x220 running Qubes and other OS, X220 is identical to X230 on the Linux Side of things.
+# Configuration for a x220 running Qubes 4.1 and other OS, X220 is identical to X230 on the Linux Side of things.
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-x220.config
 CONFIG_LINUX_CONFIG=config/linux-x230.config
 
-CONFIG_CRYPTSETUP=y
+CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y
@@ -18,7 +18,7 @@ CONFIG_PCIUTILS=y
 CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
-CONFIG_DROPBEAR=y
+CONFIG_DROPBEAR=n
 
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y

diff --git a/boards/x230-flash/x230-flash.config b/boards/x230-flash/x230-flash.config
@@ -1,8 +1,7 @@
 # Minimal configuration for a x230 to support flashrom, USB and networking
-BOARD=x230.flash
 
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_FLASHROM=y

diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config
@@ -17,7 +17,7 @@ CONFIG_LINUX_CONFIG=config/linux-x230.config
 CONFIG_LINUX_USB=y
 CONFIG_LINUX_E1000E=y
 
-CONFIG_CRYPTSETUP=y
+CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y

diff --git a/boards/x230-hotp-verification/x230-hotp-verification.config b/boards/x230-hotp-verification/x230-hotp-verification.config
@@ -1,5 +1,5 @@
-# Configuration for a x230-hotp-verification (Nitrokey/Purism USB Security dongle enabled HOTP support) 
-# running Qubes and other OSes.
+# Configuration for a x230 with HOTP (Nitrokey/Purism USB Security dongle enabled HOTP support) 
+# running Qubes 4.1 and other OSes.
 #
 # Deactivated to fit in coreboot's CONFIG_CBFS_SIZE=0x700000 :
 # dropbear support(ssh client/server)
@@ -8,13 +8,17 @@
 # Addition vs standard x230 board config:
 # HOTP_KEY: HOTP challenge for currently supported USB Security dongles
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-hotp-verification.config
 CONFIG_LINUX_CONFIG=config/linux-x230.config
 
-CONFIG_CRYPTSETUP=y
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=n
+
+CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y
@@ -23,24 +27,34 @@ CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_PCIUTILS=y
+
+#Remote attestation support
+#TPM based requirements
+export CONFIG_TPM=y
 CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
-
-#CONFIG_SLANG=y
-#CONFIG_NEWT=y
-CONFIG_CAIRO=y
-CONFIG_FBWHIPTAIL=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
 CONFIG_HOTPKEY=y
 
-CONFIG_LINUX_USB=y
+#Nitrokey Storage admin tool
+CONFIG_NKSTORECLI=n
 
-#SSH client/server
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+CONFIG_SLANG=y
+CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+#CONFIG_CAIRO=y
+#CONFIG_FBWHIPTAIL=y
+
+#Additional tools:
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
 CONFIG_DROPBEAR=n
 #Ethernet driver (Heads only)
 CONFIG_LINUX_E1000E=n
 
-export CONFIG_TPM=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n