From a04158b398f1838f85fed7b1c63f493c684ac369 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 7 Apr 2024 12:34:40 -0400 Subject: [PATCH 01/84] oem-factory-reset: uniformize the prompts spacing Signed-off-by: Thierry Laurion --- initrd/bin/oem-factory-reset | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index ff0889f66..ba47bb11d 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -971,8 +971,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then echo if [ "$prompt_output" == "y" \ -o "$prompt_output" == "Y" ]; then - echo -e "\nThe chosen custom password must be between 8 and $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" - echo + echo -e "\nThe chosen custom password must be between 8 and $MAX_HOTP_GPG_PIN_LENGTH characters in length." while [[ ${#CUSTOM_SINGLE_PASS} -lt 8 ]] || [[ ${#CUSTOM_SINGLE_PASS} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do echo -e -n "Enter the custom password: " read CUSTOM_SINGLE_PASS From e837220ec619f0408b7750a1606e955ef1eff2a0 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 7 Apr 2024 12:39:57 -0400 Subject: [PATCH 02/84] cryptsetup2 toolstack version bump cryptsetup2 2.6.1 is a new release that supports reencryption of Q4.2 release LUKS2 volumes. This is a critical feature for the Qubes OS 4.2 release. cryptsetup 2.6.1 requires lvm2 2.03.23, which is also included in this PR. lvm2 in turn requires libaio, which is also included in this PR. util-linux 2.39 is also included in this PR and a dependency of lvm2. patches for reproducible builds are included for all packages. luks-functions is updated to support the new cryptsetup2 version calls reencryption happen in direct-io, offline mode and without locking. from tests, this is best for performance and reliability in single-user mode TODO: - async (AIO) calls are not used. direct-io is used instead. libaio could be hacked out - this could be subject to future work - time to deprecated legacy boards the do not enough space for the new space requirements - x230-legacy, x230-legacy-flash, x230-hotp-legacy - t430-legacy, t430-legacy-flash, t430-hotp-legacy already deprecated Signed-off-by: Thierry Laurion --- initrd/etc/luks-functions | 89 +++-- modules/cryptsetup2 | 15 +- modules/libaio | 19 + modules/lvm2 | 28 +- modules/util-linux | 6 +- ...p2-2.3.3.patch => cryptsetup2-2.6.1.patch} | 360 +++++++++++++----- patches/lvm2-2.03.23.patch | 150 ++++++++ patches/util-linux-2.29.2.patch | 139 ------- patches/util-linux-2.39.patch | 276 ++++++++++++++ 9 files changed, 789 insertions(+), 293 deletions(-) create mode 100644 modules/libaio rename patches/{cryptsetup2-2.3.3.patch => cryptsetup2-2.6.1.patch} (72%) create mode 100644 patches/lvm2-2.03.23.patch delete mode 100644 patches/util-linux-2.29.2.patch create mode 100644 patches/util-linux-2.39.patch diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index 7704620bb..fc95776ca 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -272,7 +272,8 @@ select_luks_container() DEBUG "Reusing known good LUKS container device from /boot/kexec_key_devices.txt" DEBUG "LUKS container device: $(cut -d ' ' -f1 /boot/kexec_key_devices.txt)" LUKS=$(cut -d ' ' -f1 /boot/kexec_key_devices.txt) - else + # LUKS variable not exported yet, prompt for LUKS device + elif [ -z $LUKS ]; then list_luks_devices > /tmp/luks_devices.txt #if /tmp/luks_devices.txt exists and is not empty if [ -s /tmp/luks_devices.txt ]; then @@ -280,11 +281,8 @@ select_luks_container() if [ "$FILE" == "" ]; then return 1 else + #TODO: What about BRTFS multi LUKS setup of QubesOS? LUKS=$FILE - detect_boot_device - mount -o remount,rw /boot - echo "$LUKS $(cryptsetup luksUUID $LUKS)" >/boot/kexec_key_devices.txt - mount -o remount,ro /boot fi else warn "No encrypted device found" @@ -303,17 +301,18 @@ test_luks_current_disk_recovery_key_passphrase() echo -e "\nEnter the current LUKS Disk Recovery Key passphrase (Configured at OS installation or by OEM):" read -r luks_current_Disk_Recovery_Key_passphrase echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase - warn "Testing opening "$LUKS" LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase..." - cryptsetup open $LUKS test --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase else echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase - warn "Testing opening "$LUKS" LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase..." - cryptsetup open $LUKS test --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase fi - #Validate past cryptsetup-reencrypt attempts - if [ $? -eq 0 ]; then + + #output test coming and do cryptsetup open call + echo -e "\nTesting opening "$LUKS" LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase..." + cryptsetup open $LUKS test --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase + + #Validate past cryptsetup reencrypt attempts + if [ $? -ne 0 ]; then whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ - "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 30 60 + "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null #unsetting luks_current_Disk_Recovery_Key_passphrase so we prompt for it again LUKS Disk Recovery Key passphrase prompt on next round unset luks_current_Disk_Recovery_Key_passphrase @@ -323,13 +322,21 @@ test_luks_current_disk_recovery_key_passphrase() mount -o remount,rw /boot rm -f /boot/kexec_key_devices.txt mount -o remount,ro /boot + unset LUKS else #LuksOpen test was successful. Cleanup should be called only when done #Exporting successfully used passphrase possibly reused by oem-factory-reset - + echo "Success." + #We close the volume cryptsetup close test export luks_current_Disk_Recovery_Key_passphrase + + #We export the LUKS volume the was tested valid with passphrase test + export LUKS + #TODO what about non-standard BRTFS multi LUKS containers? + + #exit while loop break; fi done @@ -339,10 +346,6 @@ luks_reencrypt() { TRACE_FUNC while :; do select_luks_container || return 1 - #If the user just set a new LUKS Disk Recovery Key passphrase - if [ -n "$luks_new_Disk_Recovery_Key_passphrase" ]; then - luks_current_Disk_Recovery_Key_passphrase="$luks_new_Disk_Recovery_Key_passphrase" - fi if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ]; then #if no external provisioning provides current LUKS Disk Recovery Key passphrase msg=$(echo -e "This will replace the encrypted container content and its LUKS Disk Recovery Key.\n\nThe passphrase associated with this key will be asked from the user under the following conditions:\n 1-Every boot if no Disk Unlock Key was added to the TPM\n 2-If the TPM fails (hardware failure)\n 3-If the firmware has been tampered with/modified by the user\n\nThis process requires you to type the current LUKS Disk Recovery Key passphrase and will delete the LUKS TPM Disk Unlock Key slot, if set up, by setting a default boot LUKS key slot (1) if present.\n\nAt the next prompt, you may be asked to select which file corresponds to the LUKS device container.\n\nHit Enter to continue." | fold -w 70 -s) @@ -351,17 +354,20 @@ luks_reencrypt() { echo -e "\nEnter the current LUKS Disk Recovery Key passphrase:" read -r luks_current_Disk_Recovery_Key_passphrase echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase - warn "Reencrypting "$LUKS" LUKS encrypted drive content with a new LUKS Disk Recovery Key. Do NOT shut down or reboot!" - cryptsetup-reencrypt -B 64 --use-directio "$LUKS" --key-slot 0 --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase else echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase - warn "Reencrypting "$LUKS" LUKS encrypted drive content with a new LUKS Disk Recovery Key. Do NOT shut down or reboot!" - cryptsetup-reencrypt -B 64 --use-directio "$LUKS" --key-slot 0 --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase fi - #Validate past cryptsetup-reencrypt attempts - if [ $(echo $?) -ne 0 ]; then + + #Warn and launch actual reencryption + echo -e "\nReencrypting "$LUKS" LUKS encrypted drive content with current Recovery Disk Key passphrase..." + warn "DO NOT POWER DOWN MACHINE, UNPLUG AC OR REMOVE BATTERY DURING REENCRYPTION PROCESS" + cryptsetup reencrypt --resilience=none --force-offline-reencrypt --disable-locks \ + "$LUKS" --key-slot 0 --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase + + #Validate past cryptsetup reencrypt attempts + if [ $? -ne 0 ]; then whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ - "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 30 60 + "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null #unsetting luks_current_Disk_Recovery_Key_passphrase so we prompt for it again LUKS Disk Recovery Key passphrase prompt on next round unset luks_current_Disk_Recovery_Key_passphrase @@ -371,11 +377,15 @@ luks_reencrypt() { mount -o remount,rw /boot rm -f /boot/kexec_key_devices.txt mount -o remount,ro /boot + unset LUKS else #Reencryption was successful. Cleanup should be called only when done #Exporting successfully used passphrase possibly reused by oem-factory-reset export luks_current_Disk_Recovery_Key_passphrase - break; + export LUKS + + # we break loop since success + break; fi done } @@ -388,7 +398,7 @@ luks_change_passphrase() #if actual or new LUKS Disk Recovery Key is not provisioned by oem-provisioning file if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ] || [ -z "$luks_new_Disk_Recovery_Key_passphrase" ]; then whiptail --title 'Changing LUKS Disk Recovery Key passphrase' --msgbox \ - "Please enter the current LUKS Disk Recovery Key passphrase (slot 0).\nThen choose a strong passphrase of your own.\n\n**DICEWARE passphrase methodology is STRONGLY ADVISED.**\n\nHit Enter to continue" 30 60 + "Please enter the current LUKS Disk Recovery Key passphrase (slot 0).\nThen choose a strong passphrase of your own.\n\n**DICEWARE passphrase methodology is STRONGLY ADVISED.**\n\nHit Enter to continue" 0 80 if [ -z "$luks_new_Disk_Recovery_Key_passphrase" ]; then echo -e "\nEnter your desired replacement for the actual LUKS Disk Recovery Key passphrase (At least 8 characters long):" while [[ ${#luks_new_Disk_Recovery_Key_passphrase} -lt 8 ]]; do @@ -404,21 +414,21 @@ luks_change_passphrase() export luks_new_Disk_Recovery_Key_passphrase echo -n "$luks_new_Disk_Recovery_Key_passphrase" >/tmp/luks_new_Disk_Recovery_Key_passphrase echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase - warn "Changing "$LUKS" LUKS encrypted disk passphrase to the new LUKS Disk Recovery Key passphrase..." - cryptsetup luksChangeKey "$LUKS" --key-slot 0 --key-file=/tmp/luks_current_Disk_Recovery_Key_passphrase /tmp/luks_new_Disk_Recovery_Key_passphrase else #If current and new LUKS Disk Recovery Key were exported echo -n "$luks_new_Disk_Recovery_Key_passphrase" >/tmp/luks_new_Disk_Recovery_Key_passphrase echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase - warn "Changing "$LUKS" LUKS encrypted disk passphrase to the new LUKS Disk Recovery Key passphrase..." - cryptsetup luksChangeKey "$LUKS" --key-slot 0 --key-file=/tmp/luks_current_Disk_Recovery_Key_passphrase /tmp/luks_new_Disk_Recovery_Key_passphrase fi + #output and do cryptsetup luksChangeKey op + echo -e "\nChanging "$LUKS" LUKS encrypted disk passphrase to the new LUKS Disk Recovery Key passphrase..." + cryptsetup luksChangeKey "$LUKS" --key-slot 0 --key-file=/tmp/luks_current_Disk_Recovery_Key_passphrase /tmp/luks_new_Disk_Recovery_Key_passphrase + #Validate past cryptsetup attempts - if [ $(echo $?) -ne 0 ]; then + if [ $? -ne 0 ]; then #Cryptsetup luksChangeKey was unsuccessful whiptail --title 'Invalid LUKS passphrase?' --msgbox \ - "The LUKS Disk Recovery Key passphrase was provided to you by the OEM over\n a secure communication channel.\n\nIf you previously changed it and do not remember it,\n you will have to reinstall the OS from a USB drive.\nTo do so, put OS ISO file and it's signature file on root of a USB drive,\n and select Boot from USB\n\nHit Enter to continue." 30 60 + "The LUKS Disk Recovery Key passphrase was provided to you by the OEM over\n a secure communication channel.\n\nIf you previously changed it and do not remember it,\n you will have to reinstall the OS from a USB drive.\nTo do so, put OS ISO file and it's signature file on root of a USB drive,\n and select Boot from USB\n\nHit Enter to continue." 0 80 unset luks_current_Disk_Recovery_Key_passphrase unset luks_new_Disk_Recovery_Key_passphrase #remove "known good" selected LUKS container so that next pass asks again user to select LUKS container. @@ -429,10 +439,20 @@ luks_change_passphrase() mount -o remount,ro /boot else #Cryptsetup was successful. + echo "Success." + #Cleanup should be called seperately. #Exporting successfully used passphrase possibly reused by oem-factory-reset + luks_current_Disk_Recovery_Key_passphrase=$luks_new_Disk_Recovery_Key_passphrase + export luks_current_Disk_Recovery_Key_passphrase export luks_new_Disk_Recovery_Key_passphrase - break; + + #Export chosen LUKS volume + export LUKS + + #break loop + #TODO: What about QubesSOS multi LUKS BRTFS deployment? + break; fi done } @@ -442,6 +462,9 @@ luks_secrets_cleanup() #Cleanup shred -n 10 -z -u /tmp/luks_new_Disk_Recovery_Key_passphrase 2>/dev/null || true shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null || true + + #Unset variables if launched in same boot unset luks_current_Disk_Recovery_Key_passphrase unset luks_new_Disk_Recovery_Key_passphrase + unset LUKS } diff --git a/modules/cryptsetup2 b/modules/cryptsetup2 index b7ffd8d43..ff98639b6 100644 --- a/modules/cryptsetup2 +++ b/modules/cryptsetup2 @@ -2,11 +2,11 @@ modules-$(CONFIG_CRYPTSETUP2) += cryptsetup2 cryptsetup2_depends := util-linux popt lvm2 json-c $(musl_dep) -cryptsetup2_version := 2.3.3 +cryptsetup2_version := 2.6.1 cryptsetup2_dir := cryptsetup-$(cryptsetup2_version) cryptsetup2_tar := cryptsetup-$(cryptsetup2_version).tar.xz -cryptsetup2_url := https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-$(cryptsetup2_version).tar.xz -cryptsetup2_hash := 3bca4ffe39e2f94cef50f6ea65acb873a6dbce5db34fc6bcefe38b6d095e82df +cryptsetup2_url := https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-$(cryptsetup2_version).tar.xz +cryptsetup2_hash := 410ded65a1072ab9c8e41added37b9729c087fef4d2db02bb4ef529ad6da4693 # Use an empty prefix so that the executables will not include the # build path. @@ -16,9 +16,15 @@ cryptsetup2_configure := \ ./configure \ --host $(MUSL_ARCH)-elf-linux \ --prefix "/" \ + --enable-internal-sse-argon2 \ --disable-rpath \ --disable-gcrypt-pbkdf2 \ - --enable-cryptsetup-reencrypt \ + --disable-ssh-token \ + --disable-asciidoc \ + --disable-nls \ + --disable-selinux \ + --disable-udev \ + --disable-external-tokens \ --with-crypto_backend=kernel \ --with-tmpfilesdir=$(INSTALL)/lib/tmpfiles.d @@ -33,7 +39,6 @@ cryptsetup2_target := \ cryptsetup2_output := \ .libs/cryptsetup \ - .libs/cryptsetup-reencrypt \ .libs/veritysetup \ cryptsetup2_libraries := \ diff --git a/modules/libaio b/modules/libaio new file mode 100644 index 000000000..bf83fb90a --- /dev/null +++ b/modules/libaio @@ -0,0 +1,19 @@ +modules-$(CONFIG_LVM2) += libaio + +libaio_version := 0.3.113 +libaio_dir := libaio-$(libaio_version) +libaio_tar := libaio_$(libaio_version).orig.tar.gz +libaio_url := https://deb.debian.org/debian/pool/main/liba/libaio/$(libaio_tar) +libaio_hash := 2c44d1c5fd0d43752287c9ae1eb9c023f04ef848ea8d4aafa46e9aedb678200b + +libaio_target := \ + DESTDIR="$(INSTALL)" \ + prefix="/" \ + $(CROSS_TOOLS) \ + install \ + && mv $(build)/$(libaio_dir)/src/libaio.so.1.0.2 $(build)/$(libaio_dir)/src/libaio.so.1 \ + +libaio_libraries:= src/libaio.so.1 + +libaio_depends := $(musl_dep) + diff --git a/modules/lvm2 b/modules/lvm2 index be1435a36..6df76284e 100644 --- a/modules/lvm2 +++ b/modules/lvm2 @@ -1,34 +1,36 @@ modules-$(CONFIG_LVM2) += lvm2 -lvm2_version := 2.02.168 +lvm2_version := 2.03.23 lvm2_dir := lvm2.$(lvm2_version) lvm2_tar := LVM2.$(lvm2_version).tgz lvm2_url := https://mirrors.kernel.org/sourceware/lvm2/$(lvm2_tar) -lvm2_hash := 23a3d1cddd41b3ef51812ebf83e9fa491f502fe74130d4263be327a91914660d +lvm2_hash := 74e794a9e9dee1bcf8a2065f65b9196c44fdf321e22d63b98ed7de8c9aa17a5d # cross compiling test assumes malloc/realloc aren't glibc compat # so we force it via the configure cache. lvm2_configure := \ $(CROSS_TOOLS) \ - CFLAGS="-Os" \ - PKG_CONFIG=/bin/false \ - MODPROBE_CMD=/bin/false \ ac_cv_func_malloc_0_nonnull=yes \ ac_cv_func_realloc_0_nonnull=yes \ ./configure \ --host $(MUSL_ARCH)-elf-linux \ - --prefix "/" \ + --prefix "" \ + --libexecdir "/bin" \ + --with-optimisation=-Os \ --enable-devmapper \ --disable-selinux \ - --disable-udev-systemd-background-jobs \ + --without-systemd \ + --disable-lvmimportvdo \ --disable-realtime \ + --disable-dmfilemapd \ --disable-dmeventd \ - --disable-lvmetad \ --disable-lvmpolld \ + --disable-readline \ + --disable-udev_sync \ + --enable-static_link \ --disable-use-lvmlockd \ - --disable-use-lvmetad \ --disable-use-lvmpolld \ - --disable-blkid_wiping \ + --disable-dmfilemapd \ --disable-cmirrord \ --disable-cache_check_needs_check \ --disable-thin_check_needs_check \ @@ -49,10 +51,10 @@ lvm2_target := \ DESTDIR="$(INSTALL)" \ install_device-mapper \ -lvm2_libraries := libdm/libdevmapper.so.1.02 +lvm2_libraries := libdm/ioctl/libdevmapper.so.1.02 lvm2_output := \ - tools/dmsetup \ + ./libdm/dm-tools/dmsetup \ tools/lvm \ -lvm2_depends := util-linux $(musl_dep) +lvm2_depends := util-linux libaio $(musl_dep) diff --git a/modules/util-linux b/modules/util-linux index 804ae56ea..055994d1b 100644 --- a/modules/util-linux +++ b/modules/util-linux @@ -1,10 +1,10 @@ modules-$(CONFIG_UTIL_LINUX) += util-linux -util-linux_version := 2.29.2 +util-linux_version := 2.39 util-linux_dir := util-linux-$(util-linux_version) util-linux_tar := util-linux-$(util-linux_version).tar.xz -util-linux_url := https://www.kernel.org/pub/linux/utils/util-linux/v2.29/$(util-linux_tar) -util-linux_hash := accea4d678209f97f634f40a93b7e9fcad5915d1f4749f6c47bee6bf110fe8e3 +util-linux_url := https://www.kernel.org/pub/linux/utils/util-linux/v2.39/$(util-linux_tar) +util-linux_hash := 32b30a336cda903182ed61feb3e9b908b762a5e66fe14e43efb88d37162075cb util-linux_configure := \ $(CROSS_TOOLS) \ diff --git a/patches/cryptsetup2-2.3.3.patch b/patches/cryptsetup2-2.6.1.patch similarity index 72% rename from patches/cryptsetup2-2.3.3.patch rename to patches/cryptsetup2-2.6.1.patch index 8a673ef86..036aa007a 100644 --- a/patches/cryptsetup2-2.3.3.patch +++ b/patches/cryptsetup2-2.6.1.patch @@ -1,7 +1,7 @@ -diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure ---- cryptsetup-2.3.3-clean/configure 2020-06-10 14:05:45.784925972 +0200 -+++ cryptsetup-2.3.3/configure 2020-06-10 14:12:03.811651237 +0200 -@@ -10206,7 +10206,7 @@ +diff -u -r cryptsetup-2.4.3-clean/configure cryptsetup-2.4.3/configure +--- cryptsetup-2.4.3-clean/configure 2022-01-13 17:24:34.000000000 +0800 ++++ cryptsetup-2.4.3/configure 2022-01-16 14:08:37.088258763 +0800 +@@ -11056,7 +11056,7 @@ hardcode_automatic=no hardcode_direct=no hardcode_direct_absolute=no @@ -10,7 +10,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_libdir_separator= hardcode_minus_L=no hardcode_shlibpath_var=unsupported -@@ -10290,7 +10290,7 @@ +@@ -11140,7 +11140,7 @@ # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH @@ -19,7 +19,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure export_dynamic_flag_spec='$wl--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then -@@ -10336,7 +10336,7 @@ +@@ -11186,7 +11186,7 @@ ;; m68k) archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' @@ -28,7 +28,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_minus_L=yes ;; esac -@@ -10356,7 +10356,7 @@ +@@ -11206,7 +11206,7 @@ cygwin* | mingw* | pw32* | cegcc*) # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, # as there is no search path for DLLs. @@ -37,7 +37,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure export_dynamic_flag_spec='$wl--export-all-symbols' allow_undefined_flag=unsupported always_export_symbols=no -@@ -10386,7 +10386,7 @@ +@@ -11236,7 +11236,7 @@ ;; os2*) @@ -46,7 +46,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_minus_L=yes allow_undefined_flag=unsupported shrext_cmds=.dll -@@ -10416,7 +10416,7 @@ +@@ -11266,7 +11266,7 @@ interix[3-9]*) hardcode_direct=no hardcode_shlibpath_var=no @@ -55,7 +55,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure export_dynamic_flag_spec='$wl-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by -@@ -10492,7 +10492,7 @@ +@@ -11342,7 +11342,7 @@ xlf* | bgf* | bgxlf* | mpixlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' @@ -64,7 +64,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' if test yes = "$supports_anon_versioning"; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ -@@ -10559,7 +10559,7 @@ +@@ -11409,7 +11409,7 @@ # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then @@ -73,7 +73,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' else -@@ -10588,7 +10588,7 @@ +@@ -11438,7 +11438,7 @@ if test no = "$ld_shlibs"; then runpath_var= @@ -82,7 +82,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure export_dynamic_flag_spec= whole_archive_flag_spec= fi -@@ -10706,7 +10706,7 @@ +@@ -11556,7 +11556,7 @@ # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking hardcode_minus_L=yes @@ -91,7 +91,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_libdir_separator= fi ;; -@@ -10790,11 +10790,11 @@ +@@ -11642,11 +11642,11 @@ aix_libpath=$lt_cv_aix_libpath_ fi @@ -105,7 +105,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure allow_undefined_flag="-z nodefs" archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" else -@@ -10843,7 +10843,7 @@ +@@ -11697,7 +11697,7 @@ aix_libpath=$lt_cv_aix_libpath_ fi @@ -114,7 +114,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. no_undefined_flag=' $wl-bernotok' -@@ -10883,7 +10883,7 @@ +@@ -11737,7 +11737,7 @@ ;; m68k) archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' @@ -123,25 +123,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_minus_L=yes ;; esac -@@ -10901,7 +10901,7 @@ - case $cc_basename in - cl*) - # Native MSVC -- hardcode_libdir_flag_spec=' ' -+ hardcode_libdir_flag_spec=" " - allow_undefined_flag=unsupported - always_export_symbols=yes - file_list_spec='@' -@@ -10942,7 +10942,7 @@ - ;; - *) - # Assume MSVC wrapper -- hardcode_libdir_flag_spec=' ' -+ hardcode_libdir_flag_spec=" " - allow_undefined_flag=unsupported - # Tell ltmain to make .lib files, not .a files. - libext=lib -@@ -10993,7 +10993,7 @@ +@@ -11847,7 +11847,7 @@ dgux*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' @@ -150,7 +132,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_shlibpath_var=no ;; -@@ -11003,7 +11003,7 @@ +@@ -11857,7 +11857,7 @@ # extra space). freebsd2.2*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' @@ -159,16 +141,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_direct=yes hardcode_shlibpath_var=no ;; -@@ -11019,7 +11019,7 @@ - # FreeBSD 3 and greater uses gcc -shared to do shared libraries. - freebsd* | dragonfly*) - archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' -- hardcode_libdir_flag_spec='-R$libdir' -+ hardcode_libdir_flag_spec=" " - hardcode_direct=yes - hardcode_shlibpath_var=no - ;; -@@ -11030,7 +11030,7 @@ +@@ -11884,7 +11884,7 @@ else archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' fi @@ -177,7 +150,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_libdir_separator=: hardcode_direct=yes -@@ -11047,7 +11047,7 @@ +@@ -11901,7 +11901,7 @@ archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test no = "$with_gnu_ld"; then @@ -186,7 +159,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_libdir_separator=: hardcode_direct=yes hardcode_direct_absolute=yes -@@ -11124,7 +11124,7 @@ +@@ -11979,7 +11979,7 @@ esac fi if test no = "$with_gnu_ld"; then @@ -195,7 +168,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_libdir_separator=: case $host_cpu in -@@ -11183,7 +11183,7 @@ +@@ -12040,7 +12040,7 @@ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' fi archive_cmds_need_lc='no' @@ -204,7 +177,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_libdir_separator=: inherit_rpath=yes link_all_deplibs=yes -@@ -11205,7 +11205,7 @@ +@@ -12062,7 +12062,7 @@ else archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi @@ -213,7 +186,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_direct=yes hardcode_shlibpath_var=no ;; -@@ -11213,7 +11213,7 @@ +@@ -12070,7 +12070,7 @@ newsos6) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes @@ -222,7 +195,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_libdir_separator=: hardcode_shlibpath_var=no ;; -@@ -11229,11 +11229,11 @@ +@@ -12086,11 +12086,11 @@ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' @@ -236,7 +209,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure fi else ld_shlibs=no -@@ -11241,7 +11241,7 @@ +@@ -12098,7 +12098,7 @@ ;; os2*) @@ -245,7 +218,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_minus_L=yes allow_undefined_flag=unsupported shrext_cmds=.dll -@@ -11277,7 +11277,7 @@ +@@ -12134,7 +12134,7 @@ archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' fi archive_cmds_need_lc='no' @@ -254,7 +227,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_libdir_separator=: ;; -@@ -11285,7 +11285,7 @@ +@@ -12142,7 +12142,7 @@ if test yes = "$GCC"; then allow_undefined_flag=' $wl-expect_unresolved $wl\*' archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' @@ -263,7 +236,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' -@@ -11293,7 +11293,7 @@ +@@ -12150,7 +12150,7 @@ $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly @@ -272,7 +245,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure fi archive_cmds_need_lc='no' hardcode_libdir_separator=: -@@ -11322,7 +11322,7 @@ +@@ -12179,7 +12179,7 @@ ;; esac fi @@ -281,7 +254,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_shlibpath_var=no case $host_os in solaris2.[0-5] | solaris2.[0-5].*) ;; -@@ -11349,7 +11349,7 @@ +@@ -12206,7 +12206,7 @@ else archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi @@ -290,7 +263,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no -@@ -11419,7 +11419,7 @@ +@@ -12276,7 +12276,7 @@ allow_undefined_flag='$wl-z,nodefs' archive_cmds_need_lc=no hardcode_shlibpath_var=no @@ -299,7 +272,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_libdir_separator=':' link_all_deplibs=yes export_dynamic_flag_spec='$wl-Bexport' -@@ -11436,7 +11436,7 @@ +@@ -12293,7 +12293,7 @@ uts4*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' @@ -308,7 +281,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_shlibpath_var=no ;; -@@ -11804,7 +11804,7 @@ +@@ -12662,7 +12662,7 @@ version_type=linux # correct to gnu/linux during the next big refactor need_lib_prefix=no need_version=no @@ -317,7 +290,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure if test ia64 = "$host_cpu"; then # AIX 5 supports IA64 library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' -@@ -12094,16 +12094,16 @@ +@@ -12952,16 +12952,16 @@ ;; freebsd3.[01]* | freebsdelf3.[01]*) shlibpath_overrides_runpath=yes @@ -337,7 +310,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure ;; esac ;; -@@ -12118,7 +12118,7 @@ +@@ -12976,7 +12976,7 @@ shlibpath_var=LIBRARY_PATH shlibpath_overrides_runpath=no sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' @@ -346,7 +319,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure ;; hpux9* | hpux10* | hpux11*) -@@ -12130,7 +12130,7 @@ +@@ -12988,7 +12988,7 @@ case $host_cpu in ia64*) shrext_cmds='.so' @@ -355,7 +328,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. -@@ -12146,7 +12146,7 @@ +@@ -13004,7 +13004,7 @@ ;; hppa*64*) shrext_cmds='.sl' @@ -364,7 +337,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. -@@ -12179,7 +12179,7 @@ +@@ -13037,7 +13037,7 @@ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no @@ -373,7 +346,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure ;; irix5* | irix6* | nonstopux*) -@@ -12216,7 +12216,7 @@ +@@ -13074,7 +13074,7 @@ shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" @@ -382,7 +355,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure ;; # No shared lib support for Linux oldld, aout, or coff. -@@ -12237,11 +12237,11 @@ +@@ -13095,11 +13095,11 @@ # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. @@ -396,7 +369,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure ;; # This must be glibc/ELF. -@@ -12292,7 +12292,7 @@ +@@ -13153,7 +13153,7 @@ # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. @@ -405,7 +378,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure # Ideally, we could use ldconfig to report *all* directores which are # searched for libraries, however this is still not possible. Aside from not -@@ -12322,7 +12322,7 @@ +@@ -13183,7 +13183,7 @@ soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no @@ -414,7 +387,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure dynamic_linker='NetBSD ld.elf_so' ;; -@@ -12341,7 +12341,7 @@ +@@ -13202,7 +13202,7 @@ fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes @@ -423,7 +396,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure ;; newsos6) -@@ -12359,7 +12359,7 @@ +@@ -13220,7 +13220,7 @@ soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no @@ -432,7 +405,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure dynamic_linker='ldqnx.so' ;; -@@ -12431,7 +12431,7 @@ +@@ -13292,7 +13292,7 @@ soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes @@ -441,7 +414,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; -@@ -12488,7 +12488,7 @@ +@@ -13349,7 +13349,7 @@ soname_spec='$libname$release$shared_ext$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes @@ -450,7 +423,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure if test yes = "$with_gnu_ld"; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else -@@ -12510,7 +12510,7 @@ +@@ -13371,7 +13371,7 @@ library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no @@ -459,7 +432,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure ;; uts4*) -@@ -13610,7 +13610,7 @@ +@@ -14490,7 +14490,7 @@ acl_shlibext="$acl_cv_shlibext" acl_libname_spec="$acl_cv_libname_spec" acl_library_names_spec="$acl_cv_library_names_spec" @@ -468,7 +441,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" acl_hardcode_direct="$acl_cv_hardcode_direct" acl_hardcode_minus_L="$acl_cv_hardcode_minus_L" -@@ -21296,7 +21296,7 @@ +@@ -22538,7 +22538,7 @@ with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' @@ -477,7 +450,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' -@@ -21327,7 +21327,7 @@ +@@ -22569,7 +22569,7 @@ postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' @@ -486,7 +459,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`' configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`' -@@ -22485,7 +22485,7 @@ +@@ -23727,7 +23727,7 @@ finish_eval=$lt_finish_eval # Whether we should hardcode library paths into libraries. @@ -495,7 +468,7 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure # Compile-time system search path for libraries. sys_lib_search_path_spec=$lt_sys_lib_search_path_spec -@@ -22582,7 +22582,7 @@ +@@ -23824,7 +23824,7 @@ # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist @@ -504,10 +477,10 @@ diff -u -r cryptsetup-2.3.3-clean/configure cryptsetup-2.3.3/configure # Whether we need a single "-rpath" flag with a separated argument. hardcode_libdir_separator=$lt_hardcode_libdir_separator -diff -u -r cryptsetup-2.3.3-clean/Makefile.in cryptsetup-2.3.3/Makefile.in ---- cryptsetup-2.3.3-clean/Makefile.in 2020-06-10 14:05:45.781594282 +0200 -+++ cryptsetup-2.3.3/Makefile.in 2020-06-10 14:30:09.512375745 +0200 -@@ -1032,6 +1032,8 @@ +diff -u -r cryptsetup-2.4.3-clean/Makefile.in cryptsetup-2.4.3/Makefile.in +--- cryptsetup-2.4.3-clean/Makefile.in 2022-01-13 17:24:33.000000000 +0800 ++++ cryptsetup-2.4.3/Makefile.in 2022-01-16 14:08:37.096258854 +0800 +@@ -1115,6 +1115,8 @@ @CRYPTSETUP_TRUE@cryptsetup_LDADD = $(LDADD) \ @CRYPTSETUP_TRUE@ libcryptsetup.la \ @CRYPTSETUP_TRUE@ @POPT_LIBS@ \ @@ -516,31 +489,218 @@ diff -u -r cryptsetup-2.3.3-clean/Makefile.in cryptsetup-2.3.3/Makefile.in @CRYPTSETUP_TRUE@ @PWQUALITY_LIBS@ \ @CRYPTSETUP_TRUE@ @PASSWDQC_LIBS@ \ @CRYPTSETUP_TRUE@ @UUID_LIBS@ \ -@@ -1060,6 +1062,9 @@ +@@ -1147,6 +1149,9 @@ @VERITYSETUP_TRUE@veritysetup_LDADD = $(LDADD) \ @VERITYSETUP_TRUE@ libcryptsetup.la \ @VERITYSETUP_TRUE@ @POPT_LIBS@ \ -+@VERITYSETUP_TRUE@ @UUID_LIBS@ \ -+@VERITYSETUP_TRUE@ @DEVMAPPER_LIBS@ \ -+@VERITYSETUP_TRUE@ @JSON_C_LIBS@ \ - @VERITYSETUP_TRUE@ @PWQUALITY_LIBS@ \ - @VERITYSETUP_TRUE@ @PASSWDQC_LIBS@ \ ++@VERITYSETUP_TRUE@ @UUID_LIBS@ \ ++@VERITYSETUP_TRUE@ @DEVMAPPER_LIBS@ \ ++@VERITYSETUP_TRUE@ @JSON_C_LIBS@ \ @VERITYSETUP_TRUE@ @BLKID_LIBS@ -@@ -1093,6 +1093,8 @@ + + @STATIC_TOOLS_TRUE@@VERITYSETUP_TRUE@veritysetup_static_SOURCES = $(veritysetup_SOURCES) +@@ -1177,6 +1182,8 @@ @INTEGRITYSETUP_TRUE@ libcryptsetup.la \ @INTEGRITYSETUP_TRUE@ @POPT_LIBS@ \ @INTEGRITYSETUP_TRUE@ @UUID_LIBS@ \ +@INTEGRITYSETUP_TRUE@ @DEVMAPPER_LIBS@ \ +@INTEGRITYSETUP_TRUE@ @JSON_C_LIBS@ \ @INTEGRITYSETUP_TRUE@ @BLKID_LIBS@ - + @INTEGRITYSETUP_TRUE@@STATIC_TOOLS_TRUE@integritysetup_static_SOURCES = $(integritysetup_SOURCES) -@@ -1122,6 +1122,8 @@ - @REENCRYPT_TRUE@ @POPT_LIBS@ \ - @REENCRYPT_TRUE@ @PWQUALITY_LIBS@ \ - @REENCRYPT_TRUE@ @PASSWDQC_LIBS@ \ -+@REENCRYPT_TRUE@ @DEVMAPPER_LIBS@ \ -+@REENCRYPT_TRUE@ @JSON_C_LIBS@ \ - @REENCRYPT_TRUE@ @UUID_LIBS@ \ - @REENCRYPT_TRUE@ @BLKID_LIBS@ +--- ./configure.orig 2023-11-26 14:22:30.912000000 -0500 ++++ ./configure 2023-11-26 14:26:21.714000000 -0500 +@@ -12336,7 +12336,7 @@ + + case $cc_basename in + tcc*) +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + export_dynamic_flag_spec='-rdynamic' + ;; + xlf* | bgf* | bgxlf* | mpixlf*) +@@ -12755,7 +12755,7 @@ + case $cc_basename in + cl* | icl*) + # Native MSVC or ICC +- hardcode_libdir_flag_spec=' ' ++ hardcode_libdir_flag_spec=" " + allow_undefined_flag=unsupported + always_export_symbols=yes + file_list_spec='@' +@@ -12796,7 +12796,7 @@ + ;; + *) + # Assume MSVC and ICC wrapper +- hardcode_libdir_flag_spec=' ' ++ hardcode_libdir_flag_spec=" " + allow_undefined_flag=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib +@@ -12873,7 +12873,7 @@ + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly* | midnightbsd*) + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' +- hardcode_libdir_flag_spec='-R$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; +@@ -13052,7 +13052,7 @@ + # Fabrice Bellard et al's Tiny C Compiler + ld_shlibs=yes + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + ;; + esac + ;; +--- ./configure.mod 2023-11-26 14:46:49.779000000 -0500 ++++ ./configure 2023-11-26 14:47:56.962000000 -0500 +@@ -17670,7 +17670,7 @@ + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test ia64 = "$host_cpu"; then + # AIX 5 supports IA64 + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' +@@ -17958,16 +17958,16 @@ + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + esac + ;; +@@ -17982,7 +17982,7 @@ + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=no + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + hpux9* | hpux10* | hpux11*) +@@ -17994,7 +17994,7 @@ + case $host_cpu in + ia64*) + shrext_cmds='.so' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -18010,7 +18010,7 @@ + ;; + hppa*64*) + shrext_cmds='.sl' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -18043,7 +18043,7 @@ + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + irix5* | irix6* | nonstopux*) +@@ -18080,7 +18080,7 @@ + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + # No shared lib support for Linux oldld, aout, or coff. +@@ -18101,7 +18101,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. +@@ -18159,7 +18159,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not +@@ -18189,7 +18189,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='NetBSD ld.elf_so' + ;; + +@@ -18208,7 +18208,7 @@ + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + newsos6) +@@ -18226,7 +18226,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='ldqnx.so' + ;; + +@@ -18298,7 +18298,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; +@@ -18355,7 +18355,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test yes = "$with_gnu_ld"; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else +@@ -18377,7 +18377,7 @@ + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + uts4*) diff --git a/patches/lvm2-2.03.23.patch b/patches/lvm2-2.03.23.patch new file mode 100644 index 000000000..587e1bb69 --- /dev/null +++ b/patches/lvm2-2.03.23.patch @@ -0,0 +1,150 @@ +--- ./lib/mm/memlock.c.orig 2023-11-27 13:52:46.281000000 -0500 ++++ ./lib/mm/memlock.c 2023-11-27 13:56:35.656000000 -0500 +@@ -160,6 +160,7 @@ + + static void _allocate_memory(void) + { ++#if 0 + #if defined(__GLIBC__) && !defined(VALGRIND_POOL) + /* Memory allocation is currently only tested with glibc + * for different C libraries, some other mechanisms might be needed +@@ -233,11 +234,14 @@ + for (i = 0; i < area; ++i) + free(areas[i]); + #endif ++#endif + } + + static void _release_memory(void) + { ++#if 0 + free(_malloc_mem); ++#endif + } + + /* +@@ -313,7 +317,7 @@ + + if (lock == LVM_MLOCK) { + if (mlock((const void*)from, sz) < 0) { +- log_sys_error("mlock", line); ++ //log_sys_error("mlock", line); + return 0; + } + } else { +--- ./libdm/libdm-stats.c.orig 2023-11-27 13:59:40.677000000 -0500 ++++ ./libdm/libdm-stats.c 2023-11-27 14:07:28.655000000 -0500 +@@ -18,7 +18,23 @@ + #include "libdm/misc/dmlib.h" + #include "libdm/misc/kdev_t.h" + ++#if 0 + #include "math.h" /* log10() */ ++#else ++static int ilog10(double x) ++{ ++ int e = 0; ++ ++ while(x > 10) ++ { ++ e++; ++ x = x / 10; ++ } ++ ++ return e; ++} ++#endif ++ + + #include + #include +@@ -556,7 +572,12 @@ + while(entry >= bins) { + value = (double) (entry--)->upper; + /* Use lround to avoid size_t -> double cast warning. */ ++#if 0 + hist_len += 1 + (size_t) lround(log10(value / scale)); ++#else ++ hist_len += 1 + ilog10(value / scale); ++#endif ++ + if (entry != bins) + hist_len++; /* ',' */ + } +@@ -1863,7 +1884,12 @@ + i = dm_bit_get_first(regions); + for (; i >= 0; i = dm_bit_get_next(regions, i)) { + /* length of region_id or range start in characters */ ++#if 0 + id_len = (i) ? 1 + (size_t) log10(i) : 1; ++#else ++ id_len = (i) ? 1 + ilog10(i) : 1; ++#endif ++ + buflen += id_len; + j = i; + do +@@ -1878,7 +1904,11 @@ + /* handle range */ + if (i != j) { + /* j is always > i, which is always >= 0 */ ++#if 0 + id_len = 1 + (size_t) log10(j); ++#else ++ id_len = 1 + ilog10(j); ++#endif + buflen += id_len + 1; /* range end plus "-" */ + } + buflen++; + +--- ./tools/lvmcmdline.c.orig 2023-11-27 14:12:46.649000000 -0500 ++++ ./tools/lvmcmdline.c 2023-11-27 14:15:47.563000000 -0500 +@@ -3438,7 +3438,7 @@ + static int _check_standard_fds(void) + { + int err = is_valid_fd(STDERR_FILENO); +- ++#if 0 + if (!is_valid_fd(STDIN_FILENO) && + !(stdin = fopen(_PATH_DEVNULL, "r"))) { + if (err) +@@ -3463,7 +3463,7 @@ + strerror(errno)); + return 0; + } +- ++#endif + return 1; + } + +@@ -3644,7 +3644,7 @@ + */ + dm_set_name_mangling_mode(DM_STRING_MANGLING_NONE); + +- if (!(cmd = create_toolcontext(0, NULL, 1, threaded, set_connections, set_filters))) { ++ if (!(cmd = create_toolcontext(0, NULL, 0, threaded, set_connections, set_filters))) { + return_NULL; + } + +--- ./make.tmpl.orig 2023-11-28 13:29:11.744000000 -0500 ++++ ./make.tmpl.in 2023-11-28 13:29:36.716000000 -0500 +@@ -210,7 +210,7 @@ + M_INSTALL_PROGRAM = -m 555 + M_INSTALL_DATA = -m 444 + endif +-INSTALL_PROGRAM = $(INSTALL) $(M_INSTALL_PROGRAM) $(STRIP) ++INSTALL_PROGRAM = $(INSTALL) $(M_INSTALL_PROGRAM) + INSTALL_DATA = $(INSTALL) -p $(M_INSTALL_DATA) + INSTALL_WDATA = $(INSTALL) -p -m 644 + +--- ./libdm/make.tmpl.orig 2023-11-28 13:29:52.760000000 -0500 ++++ ./libdm/make.tmpl.in 2023-11-28 13:30:22.336000000 -0500 +@@ -173,7 +173,7 @@ + M_INSTALL_PROGRAM = -m 555 + M_INSTALL_DATA = -m 444 + endif +-INSTALL_PROGRAM = $(INSTALL) $(M_INSTALL_PROGRAM) $(STRIP) ++INSTALL_PROGRAM = $(INSTALL) $(M_INSTALL_PROGRAM) + INSTALL_DATA = $(INSTALL) -p $(M_INSTALL_DATA) + INSTALL_WDATA = $(INSTALL) -p -m 644 + diff --git a/patches/util-linux-2.29.2.patch b/patches/util-linux-2.29.2.patch deleted file mode 100644 index 5a54b26ff..000000000 --- a/patches/util-linux-2.29.2.patch +++ /dev/null @@ -1,139 +0,0 @@ ---- ./configure 2017-02-22 07:07:46.595740152 -0500 -+++ ./configure 2023-02-27 13:34:27.068000000 -0500 -@@ -13408,7 +13408,7 @@ - version_type=linux # correct to gnu/linux during the next big refactor - need_lib_prefix=no - need_version=no -- hardcode_into_libs=yes -+ hardcode_into_libs=no - if test ia64 = "$host_cpu"; then - # AIX 5 supports IA64 - library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' -@@ -13698,16 +13698,16 @@ - ;; - freebsd3.[01]* | freebsdelf3.[01]*) - shlibpath_overrides_runpath=yes -- hardcode_into_libs=yes -+ hardcode_into_libs=no - ;; - freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ - freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) - shlibpath_overrides_runpath=no -- hardcode_into_libs=yes -+ hardcode_into_libs=no - ;; - *) # from 4.6 on, and DragonFly - shlibpath_overrides_runpath=yes -- hardcode_into_libs=yes -+ hardcode_into_libs=no - ;; - esac - ;; -@@ -13722,7 +13722,7 @@ - shlibpath_var=LIBRARY_PATH - shlibpath_overrides_runpath=no - sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' -- hardcode_into_libs=yes -+ hardcode_into_libs=no - ;; - - hpux9* | hpux10* | hpux11*) -@@ -13734,7 +13734,7 @@ - case $host_cpu in - ia64*) - shrext_cmds='.so' -- hardcode_into_libs=yes -+ hardcode_into_libs=no - dynamic_linker="$host_os dld.so" - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. -@@ -13750,7 +13750,7 @@ - ;; - hppa*64*) - shrext_cmds='.sl' -- hardcode_into_libs=yes -+ hardcode_into_libs=no - dynamic_linker="$host_os dld.sl" - shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH - shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. -@@ -13783,7 +13783,7 @@ - dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no -- hardcode_into_libs=yes -+ hardcode_into_libs=no - ;; - - irix5* | irix6* | nonstopux*) -@@ -13820,7 +13820,7 @@ - shlibpath_overrides_runpath=no - sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" - sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" -- hardcode_into_libs=yes -+ hardcode_into_libs=no - ;; - - # No shared lib support for Linux oldld, aout, or coff. -@@ -13841,7 +13841,7 @@ - # This implies no fast_install, which is unacceptable. - # Some rework will be needed to allow for fast_install - # before this can be enabled. -- hardcode_into_libs=yes -+ hardcode_into_libs=no - - dynamic_linker='Android linker' - # Don't embed -rpath directories since the linker doesn't support them. -@@ -13896,7 +13896,7 @@ - # This implies no fast_install, which is unacceptable. - # Some rework will be needed to allow for fast_install - # before this can be enabled. -- hardcode_into_libs=yes -+ hardcode_into_libs=no - - # Add ABI-specific directories to the system library path. - sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" -@@ -13936,7 +13936,7 @@ - fi - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes -- hardcode_into_libs=yes -+ hardcode_into_libs=no - ;; - - newsos6) -@@ -13954,7 +13954,7 @@ - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no -- hardcode_into_libs=yes -+ hardcode_into_libs=no - dynamic_linker='ldqnx.so' - ;; - -@@ -14026,7 +14026,7 @@ - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes -- hardcode_into_libs=yes -+ hardcode_into_libs=no - # ldd complains unless libraries are executable - postinstall_cmds='chmod +x $lib' - ;; -@@ -14083,7 +14083,7 @@ - soname_spec='$libname$release$shared_ext$major' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=yes -- hardcode_into_libs=yes -+ hardcode_into_libs=no - if test yes = "$with_gnu_ld"; then - sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' - else -@@ -14105,7 +14105,7 @@ - library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' - shlibpath_var=LD_LIBRARY_PATH - shlibpath_overrides_runpath=no -- hardcode_into_libs=yes -+ hardcode_into_libs=no - ;; - - uts4*) diff --git a/patches/util-linux-2.39.patch b/patches/util-linux-2.39.patch new file mode 100644 index 000000000..e39fcfc58 --- /dev/null +++ b/patches/util-linux-2.39.patch @@ -0,0 +1,276 @@ +--- ./configure.orig 2023-05-17 06:53:16.721284360 -0400 ++++ ./configure 2023-11-28 13:57:50.012000000 -0500 +@@ -16580,7 +16580,7 @@ + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test ia64 = "$host_cpu"; then + # AIX 5 supports IA64 + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' +@@ -16870,16 +16870,16 @@ + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + esac + ;; +@@ -16894,7 +16894,7 @@ + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=no + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + hpux9* | hpux10* | hpux11*) +@@ -16906,7 +16906,7 @@ + case $host_cpu in + ia64*) + shrext_cmds='.so' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -16922,7 +16922,7 @@ + ;; + hppa*64*) + shrext_cmds='.sl' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -16955,7 +16955,7 @@ + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + irix5* | irix6* | nonstopux*) +@@ -16992,7 +16992,7 @@ + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + # No shared lib support for Linux oldld, aout, or coff. +@@ -17013,7 +17013,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. +@@ -17071,7 +17071,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + # Add ABI-specific directories to the system library path. + sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" +@@ -17111,7 +17111,7 @@ + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + newsos6) +@@ -17129,7 +17129,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='ldqnx.so' + ;; + +@@ -17201,7 +17201,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; +@@ -17258,7 +17258,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test yes = "$with_gnu_ld"; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else +@@ -17280,7 +17280,7 @@ + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + uts4*) +@@ -20574,7 +20574,7 @@ + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test ia64 = "$host_cpu"; then + # AIX 5 supports IA64 + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' +@@ -20862,16 +20862,16 @@ + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + esac + ;; +@@ -20886,7 +20886,7 @@ + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=no + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + hpux9* | hpux10* | hpux11*) +@@ -20898,7 +20898,7 @@ + case $host_cpu in + ia64*) + shrext_cmds='.so' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -20914,7 +20914,7 @@ + ;; + hppa*64*) + shrext_cmds='.sl' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -20947,7 +20947,7 @@ + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + irix5* | irix6* | nonstopux*) +@@ -20984,7 +20984,7 @@ + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + # No shared lib support for Linux oldld, aout, or coff. +@@ -21005,7 +21005,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. +@@ -21063,7 +21063,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + # Add ABI-specific directories to the system library path. + sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" +@@ -21103,7 +21103,7 @@ + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + newsos6) +@@ -21121,7 +21121,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='ldqnx.so' + ;; + +@@ -21193,7 +21193,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; +@@ -21250,7 +21250,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test yes = "$with_gnu_ld"; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else +@@ -21272,7 +21272,7 @@ + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + uts4*) From 2ea319539ea72806c9792d211e9d2d10b8bc105d Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 7 Apr 2024 12:47:44 -0400 Subject: [PATCH 03/84] legacy boards officially deprecated The x230-hotp-legacy, x230-legacy-flash, and x230-legacy boards are officially deprecated. They have been moved to the unmaintained_boards directory. CircleCI has been updated to reflect this change. Signed-off-by: Thierry Laurion --- .circleci/config.yml | 21 ------------------- .../x230-hotp-legacy.config | 0 .../x230-legacy-flash.config | 0 .../x230-legacy/x230-legacy.config | 0 4 files changed, 21 deletions(-) rename {boards/x230-hotp-legacy => unmaintained_boards}/x230-hotp-legacy.config (100%) rename {boards => unmaintained_boards}/x230-legacy-flash/x230-legacy-flash.config (100%) rename {boards => unmaintained_boards}/x230-legacy/x230-legacy.config (100%) diff --git a/.circleci/config.yml b/.circleci/config.yml index d0bff5776..dab0fa2dd 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -293,27 +293,6 @@ workflows: requires: - x230-hotp-maximized - - build: - name: x230-legacy-flash - target: x230-legacy-flash - subcommand: "" - requires: - - x230-hotp-maximized - - - build: - name: x230-legacy - target: x230-legacy - subcommand: "" - requires: - - x230-hotp-maximized - - - build: - name: x230-hotp-legacy - target: x230-hotp-legacy - subcommand: "" - requires: - - x230-hotp-maximized - - build: name: x230-hotp-maximized_usb-kb target: x230-hotp-maximized_usb-kb diff --git a/boards/x230-hotp-legacy/x230-hotp-legacy.config b/unmaintained_boards/x230-hotp-legacy.config similarity index 100% rename from boards/x230-hotp-legacy/x230-hotp-legacy.config rename to unmaintained_boards/x230-hotp-legacy.config diff --git a/boards/x230-legacy-flash/x230-legacy-flash.config b/unmaintained_boards/x230-legacy-flash/x230-legacy-flash.config similarity index 100% rename from boards/x230-legacy-flash/x230-legacy-flash.config rename to unmaintained_boards/x230-legacy-flash/x230-legacy-flash.config diff --git a/boards/x230-legacy/x230-legacy.config b/unmaintained_boards/x230-legacy/x230-legacy.config similarity index 100% rename from boards/x230-legacy/x230-legacy.config rename to unmaintained_boards/x230-legacy/x230-legacy.config From 1cc2b0da249ef04e1f0892da85ce625e661eedf9 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 7 Apr 2024 15:52:47 -0400 Subject: [PATCH 04/84] Bump 5.10.5 kernel to 5.10.214 cloudfare patches to speed up LUKS encryption were upstreamed into linux kernel and backported to 5.10.9: https://github.com/cloudflare/linux/issues/1#issuecomment-763085915 Therefore, we bump to latest of 5.10.x (bump from 5.10.5 which doesn't contain the fixes) Trace: sed -i 's/5.10.5/5.10.214/g' boards/*/*.config find ./boards/*/*.config | awk -F "/" {'print $3'}| while read board; do echo "make BOARD=$board linux"; make BOARD=$board linux; echo make BOARD=$board linux.save_in_oldconfig_format_in_place || make BOARD=$board linux.modify_and_save_oldconfig_in_place; done git status | grep modified | awk -F ":" {'print $2'}| xargs git add git commit --signoff Signed-off-by: Thierry Laurion --- boards/librem_l1um/librem_l1um.config | 2 +- .../qemu-coreboot-fbwhiptail-tpm1-hotp.config | 2 +- .../qemu-coreboot-fbwhiptail-tpm1.config | 2 +- .../qemu-coreboot-fbwhiptail-tpm2-hotp.config | 2 +- .../qemu-coreboot-fbwhiptail-tpm2.config | 2 +- .../qemu-coreboot-whiptail-tpm1-hotp.config | 2 +- .../qemu-coreboot-whiptail-tpm1.config | 2 +- .../qemu-coreboot-whiptail-tpm2-hotp.config | 2 +- .../qemu-coreboot-whiptail-tpm2.config | 2 +- .../t420-hotp-maximized.config | 2 +- boards/t420-maximized/t420-maximized.config | 2 +- .../t430-hotp-maximized.config | 2 +- boards/t430-maximized/t430-maximized.config | 2 +- boards/t440p-maximized/t440p-maximized.config | 2 +- .../w530-hotp-maximized.config | 2 +- boards/w530-maximized/w530-maximized.config | 2 +- boards/w541-maximized/w541-maximized.config | 2 +- .../x220-hotp-maximized.config | 2 +- boards/x220-maximized/x220-maximized.config | 2 +- .../x230-hotp-maximized-fhd_edp.config | 2 +- .../x230-hotp-maximized.config | 2 +- .../x230-hotp-maximized_usb-kb.config | 2 +- .../x230-maximized-fhd_edp.config | 2 +- boards/x230-maximized/x230-maximized.config | 2 +- .../z220-cmt-maximized.config | 2 +- config/linux-c216.config | 2796 +--------------- config/linux-librem_common.config | 60 +- config/linux-qemu.config | 67 +- config/linux-t440p.config | 62 +- config/linux-w541.config | 2827 +---------------- config/linux-x230-maximized.config | 63 +- modules/linux | 6 +- 32 files changed, 193 insertions(+), 5738 deletions(-) diff --git a/boards/librem_l1um/librem_l1um.config b/boards/librem_l1um/librem_l1um.config index 1956c63a6..dda2ee344 100644 --- a/boards/librem_l1um/librem_l1um.config +++ b/boards/librem_l1um/librem_l1um.config @@ -4,7 +4,7 @@ CONFIG_COREBOOT_CONFIG=config/coreboot-librem_l1um.config export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.11 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 export CONFIG_PURISM_BLOBS=y CONFIG_CRYPTSETUP2=y diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config index 1b5308f2a..2b821baaf 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config @@ -6,7 +6,7 @@ # the VM. export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config index 090272412..be800d950 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config @@ -4,7 +4,7 @@ # TPM can be used with a qemu software TPM (TIS, 1.2). export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config index 6b714bf9f..112bbd24e 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config @@ -5,7 +5,7 @@ # TPM can be used with a qemu software TPM (TIS, 2.0). export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config index 629eeffea..f0a2132bd 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config @@ -4,7 +4,7 @@ # TPM can be used with a qemu software TPM (TIS, 2.0). export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config index 024c7b921..a2d554f3a 100644 --- a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config @@ -6,7 +6,7 @@ # the VM. export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y diff --git a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config index b6f76de58..54c82f869 100644 --- a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config +++ b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config @@ -4,7 +4,7 @@ # TPM can be used with a qemu software TPM (TIS, 1.2). export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing)) #export CONFIG_RESTRICTED_BOOT=y diff --git a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config index 157f6ce15..1a9f756da 100644 --- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config @@ -5,7 +5,7 @@ # TPM can be used with a qemu software TPM (TIS, 2.0). export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y diff --git a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config index 684d508e5..5bbdb6b56 100644 --- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config +++ b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config @@ -4,7 +4,7 @@ # TPM can be used with a qemu software TPM (TIS, 2.0). export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y diff --git a/boards/t420-hotp-maximized/t420-hotp-maximized.config b/boards/t420-hotp-maximized/t420-hotp-maximized.config index e1e3fc3b2..7da55e9cc 100644 --- a/boards/t420-hotp-maximized/t420-hotp-maximized.config +++ b/boards/t420-hotp-maximized/t420-hotp-maximized.config @@ -10,7 +10,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-t420-maximized.config CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config diff --git a/boards/t420-maximized/t420-maximized.config b/boards/t420-maximized/t420-maximized.config index 97c1b7cf0..ad086d3ad 100644 --- a/boards/t420-maximized/t420-maximized.config +++ b/boards/t420-maximized/t420-maximized.config @@ -9,7 +9,7 @@ # - dropbear export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-t420-maximized.config CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config diff --git a/boards/t430-hotp-maximized/t430-hotp-maximized.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config index 9a7839875..5320d68dc 100644 --- a/boards/t430-hotp-maximized/t430-hotp-maximized.config +++ b/boards/t430-hotp-maximized/t430-hotp-maximized.config @@ -8,7 +8,7 @@ # - Includes Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code) export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-t430-maximized.config CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config diff --git a/boards/t430-maximized/t430-maximized.config b/boards/t430-maximized/t430-maximized.config index f8874bab2..c74f63c51 100644 --- a/boards/t430-maximized/t430-maximized.config +++ b/boards/t430-maximized/t430-maximized.config @@ -8,7 +8,7 @@ # - DOES NOT INCLUDE Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code) export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-t430-maximized.config CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config diff --git a/boards/t440p-maximized/t440p-maximized.config b/boards/t440p-maximized/t440p-maximized.config index 0fa54f92d..caa1b4ffb 100644 --- a/boards/t440p-maximized/t440p-maximized.config +++ b/boards/t440p-maximized/t440p-maximized.config @@ -5,7 +5,7 @@ CONFIG_LINUX_CONFIG=config/linux-t440p.config export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_CRYPTSETUP2=y CONFIG_FLASHROM=y diff --git a/boards/w530-hotp-maximized/w530-hotp-maximized.config b/boards/w530-hotp-maximized/w530-hotp-maximized.config index bdcd19a34..251000cef 100644 --- a/boards/w530-hotp-maximized/w530-hotp-maximized.config +++ b/boards/w530-hotp-maximized/w530-hotp-maximized.config @@ -9,7 +9,7 @@ # This board ignores the in-built dGPU that comes with all w530's. In doing so the dGPU will not be initialized. This has some benefits in terms of reduced complexity in working with OS's with poor support for NVIDIA, better battery life and lower heat (making use of the thicker heatsink from a dGPU). Conversely, if you do not initialize the dGPU you will be unable to use an external monitor. To initialize the dGPU please use the dGPU boards that corresponds with the model of dGPU included with your device. export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-w530-maximized.config CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config diff --git a/boards/w530-maximized/w530-maximized.config b/boards/w530-maximized/w530-maximized.config index ec1efd74b..b5108f132 100644 --- a/boards/w530-maximized/w530-maximized.config +++ b/boards/w530-maximized/w530-maximized.config @@ -9,7 +9,7 @@ # This board ignores the in-built dGPU that comes with all w530's. In doing so the dGPU will not be initialized. This has some benefits in terms of reduced complexity in working with OS's with poor support for NVIDIA, better battery life and lower heat (making use of the thicker heatsink from a dGPU). Conversely, if you do not initialize the dGPU you will be unable to use an external monitor. To initialize the dGPU please use the dGPU boards that corresponds with the model of dGPU included with your device. export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-w530-maximized.config CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config diff --git a/boards/w541-maximized/w541-maximized.config b/boards/w541-maximized/w541-maximized.config index 1da0a1c82..562664083 100644 --- a/boards/w541-maximized/w541-maximized.config +++ b/boards/w541-maximized/w541-maximized.config @@ -5,7 +5,7 @@ CONFIG_LINUX_CONFIG=config/linux-w541.config export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_CRYPTSETUP2=y CONFIG_FLASHROM=y diff --git a/boards/x220-hotp-maximized/x220-hotp-maximized.config b/boards/x220-hotp-maximized/x220-hotp-maximized.config index f0e7eba45..d8507019e 100644 --- a/boards/x220-hotp-maximized/x220-hotp-maximized.config +++ b/boards/x220-hotp-maximized/x220-hotp-maximized.config @@ -10,7 +10,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-x220-maximized.config CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config diff --git a/boards/x220-maximized/x220-maximized.config b/boards/x220-maximized/x220-maximized.config index 80887214f..471f4b1c4 100644 --- a/boards/x220-maximized/x220-maximized.config +++ b/boards/x220-maximized/x220-maximized.config @@ -10,7 +10,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-x220-maximized.config CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config diff --git a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config index af1dd4d4c..fe7422624 100644 --- a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config +++ b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config @@ -20,7 +20,7 @@ # - Includes: Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code) export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-maximized-fhd_edp.config CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config index 1207493f3..f2fdc4a65 100644 --- a/boards/x230-hotp-maximized/x230-hotp-maximized.config +++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config @@ -8,7 +8,7 @@ # - Includes: Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code) export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-maximized.config CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config diff --git a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config index 71459a220..9442a8984 100644 --- a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config +++ b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config @@ -10,7 +10,7 @@ # USB Keyboard support export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-maximized.config CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config diff --git a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config index ae7b8d71a..d85b94eb0 100644 --- a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config +++ b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config @@ -20,7 +20,7 @@ # - DOES NOT INCLUDE Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code) export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-maximized-fhd_edp.config CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config diff --git a/boards/x230-maximized/x230-maximized.config b/boards/x230-maximized/x230-maximized.config index 4cccbf50f..e8a59e46d 100644 --- a/boards/x230-maximized/x230-maximized.config +++ b/boards/x230-maximized/x230-maximized.config @@ -8,7 +8,7 @@ # - DOES NOT INCLUDE Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code) export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-maximized.config CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config diff --git a/boards/z220-cmt-maximized/z220-cmt-maximized.config b/boards/z220-cmt-maximized/z220-cmt-maximized.config index ce1474395..ed4bc67c5 100644 --- a/boards/z220-cmt-maximized/z220-cmt-maximized.config +++ b/boards/z220-cmt-maximized/z220-cmt-maximized.config @@ -26,7 +26,7 @@ CONFIG_COREBOOT_CONFIG=config/coreboot-z220-cmt.config export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_CRYPTSETUP2=y CONFIG_FLASHROM=y diff --git a/config/linux-c216.config b/config/linux-c216.config index dbd963eac..57df09f48 100644 --- a/config/linux-c216.config +++ b/config/linux-c216.config @@ -1,1181 +1,133 @@ -# -# Automatically generated file; DO NOT EDIT. -# Linux/x86 5.10.5 Kernel Configuration -# -CONFIG_CC_VERSION_TEXT="x86_64-linux-musl-gcc (GCC) 8.3.0" -CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=80300 -CONFIG_LD_VERSION=232000000 -CONFIG_CLANG_VERSION=0 -CONFIG_LLD_VERSION=0 -CONFIG_CC_CAN_LINK=y -CONFIG_CC_CAN_LINK_STATIC=y -CONFIG_CC_HAS_ASM_GOTO=y -CONFIG_CC_HAS_ASM_INLINE=y -CONFIG_IRQ_WORK=y -CONFIG_BUILDTIME_TABLE_SORT=y -CONFIG_THREAD_INFO_IN_TASK=y - -# -# General setup -# -CONFIG_INIT_ENV_ARG_LIMIT=32 -# CONFIG_COMPILE_TEST is not set CONFIG_LOCALVERSION="-@BRAND_NAME@" # CONFIG_LOCALVERSION_AUTO is not set -CONFIG_BUILD_SALT="" -CONFIG_HAVE_KERNEL_GZIP=y -CONFIG_HAVE_KERNEL_BZIP2=y -CONFIG_HAVE_KERNEL_LZMA=y -CONFIG_HAVE_KERNEL_XZ=y -CONFIG_HAVE_KERNEL_LZO=y -CONFIG_HAVE_KERNEL_LZ4=y -CONFIG_HAVE_KERNEL_ZSTD=y -# CONFIG_KERNEL_GZIP is not set -# CONFIG_KERNEL_BZIP2 is not set -# CONFIG_KERNEL_LZMA is not set CONFIG_KERNEL_XZ=y -# CONFIG_KERNEL_LZO is not set -# CONFIG_KERNEL_LZ4 is not set -# CONFIG_KERNEL_ZSTD is not set -CONFIG_DEFAULT_INIT="" -CONFIG_DEFAULT_HOSTNAME="(none)" # CONFIG_SWAP is not set -# CONFIG_SYSVIPC is not set -# CONFIG_POSIX_MQUEUE is not set -# CONFIG_WATCH_QUEUE is not set # CONFIG_CROSS_MEMORY_ATTACH is not set -# CONFIG_USELIB is not set -# CONFIG_AUDIT is not set -CONFIG_HAVE_ARCH_AUDITSYSCALL=y - -# -# IRQ subsystem -# -CONFIG_GENERIC_IRQ_PROBE=y -CONFIG_GENERIC_IRQ_SHOW=y -CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y -CONFIG_GENERIC_PENDING_IRQ=y -CONFIG_GENERIC_IRQ_MIGRATION=y -CONFIG_HARDIRQS_SW_RESEND=y -CONFIG_IRQ_DOMAIN=y -CONFIG_IRQ_DOMAIN_HIERARCHY=y -CONFIG_GENERIC_MSI_IRQ=y -CONFIG_GENERIC_MSI_IRQ_DOMAIN=y -CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y -CONFIG_GENERIC_IRQ_RESERVATION_MODE=y -CONFIG_IRQ_FORCED_THREADING=y -CONFIG_SPARSE_IRQ=y -# end of IRQ subsystem - -CONFIG_CLOCKSOURCE_WATCHDOG=y -CONFIG_ARCH_CLOCKSOURCE_INIT=y -CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y -CONFIG_GENERIC_TIME_VSYSCALL=y -CONFIG_GENERIC_CLOCKEVENTS=y -CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y -CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y -CONFIG_GENERIC_CMOS_UPDATE=y -CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y -CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y - -# -# Timers subsystem -# -CONFIG_TICK_ONESHOT=y -CONFIG_NO_HZ_COMMON=y -# CONFIG_HZ_PERIODIC is not set CONFIG_NO_HZ_IDLE=y -# CONFIG_NO_HZ_FULL is not set -# CONFIG_NO_HZ is not set -# CONFIG_HIGH_RES_TIMERS is not set -# end of Timers subsystem - -CONFIG_PREEMPT_NONE=y -# CONFIG_PREEMPT_VOLUNTARY is not set -# CONFIG_PREEMPT is not set - -# -# CPU/Task time and stats accounting -# -CONFIG_TICK_CPU_ACCOUNTING=y -# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set -# CONFIG_IRQ_TIME_ACCOUNTING is not set -# CONFIG_PSI is not set -# end of CPU/Task time and stats accounting - # CONFIG_CPU_ISOLATION is not set - -# -# RCU Subsystem -# -CONFIG_TREE_RCU=y -# CONFIG_RCU_EXPERT is not set -CONFIG_SRCU=y -CONFIG_TREE_SRCU=y -CONFIG_RCU_STALL_COMMON=y -CONFIG_RCU_NEED_SEGCBLIST=y -# end of RCU Subsystem - -CONFIG_BUILD_BIN2C=y -# CONFIG_IKCONFIG is not set -# CONFIG_IKHEADERS is not set CONFIG_LOG_BUF_SHIFT=18 -CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 -CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 -CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y - -# -# Scheduler features -# -# CONFIG_UCLAMP_TASK is not set -# end of Scheduler features - -CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y -CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y -CONFIG_CC_HAS_INT128=y -CONFIG_ARCH_SUPPORTS_INT128=y -# CONFIG_CGROUPS is not set -# CONFIG_CHECKPOINT_RESTORE is not set -# CONFIG_SCHED_AUTOGROUP is not set -# CONFIG_SYSFS_DEPRECATED is not set CONFIG_RELAY=y CONFIG_BLK_DEV_INITRD=y CONFIG_INITRAMFS_SOURCE="@BLOB_DIR@/dev.cpio" -CONFIG_INITRAMFS_ROOT_UID=0 -CONFIG_INITRAMFS_ROOT_GID=0 # CONFIG_RD_GZIP is not set # CONFIG_RD_BZIP2 is not set # CONFIG_RD_LZMA is not set -CONFIG_RD_XZ=y # CONFIG_RD_LZO is not set # CONFIG_RD_LZ4 is not set # CONFIG_RD_ZSTD is not set -CONFIG_INITRAMFS_COMPRESSION_XZ=y -# CONFIG_INITRAMFS_COMPRESSION_NONE is not set -# CONFIG_BOOT_CONFIG is not set -# CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y -CONFIG_LD_ORPHAN_WARN=y -CONFIG_SYSCTL=y -CONFIG_SYSCTL_EXCEPTION_TRACE=y -CONFIG_HAVE_PCSPKR_PLATFORM=y -CONFIG_BPF=y -CONFIG_EXPERT=y # CONFIG_MULTIUSER is not set # CONFIG_SGETMASK_SYSCALL is not set # CONFIG_SYSFS_SYSCALL is not set # CONFIG_FHANDLE is not set -CONFIG_POSIX_TIMERS=y -CONFIG_PRINTK=y -CONFIG_PRINTK_NMI=y -CONFIG_BUG=y -CONFIG_PCSPKR_PLATFORM=y # CONFIG_BASE_FULL is not set -CONFIG_FUTEX=y -CONFIG_FUTEX_PI=y -CONFIG_EPOLL=y # CONFIG_SIGNALFD is not set # CONFIG_TIMERFD is not set # CONFIG_EVENTFD is not set -CONFIG_SHMEM=y # CONFIG_AIO is not set -CONFIG_IO_URING=y # CONFIG_ADVISE_SYSCALLS is not set -CONFIG_MEMBARRIER=y # CONFIG_KALLSYMS is not set -# CONFIG_BPF_SYSCALL is not set -CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y -# CONFIG_USERFAULTFD is not set -CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y # CONFIG_RSEQ is not set CONFIG_EMBEDDED=y -CONFIG_HAVE_PERF_EVENTS=y -# CONFIG_PC104 is not set - -# -# Kernel Performance Events And Counters -# -CONFIG_PERF_EVENTS=y -# CONFIG_DEBUG_PERF_USE_VMALLOC is not set -# end of Kernel Performance Events And Counters - # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set -# CONFIG_SLAB is not set -CONFIG_SLUB=y -# CONFIG_SLOB is not set -CONFIG_SLAB_MERGE_DEFAULT=y -# CONFIG_SLAB_FREELIST_RANDOM is not set -# CONFIG_SLAB_FREELIST_HARDENED is not set -# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set -CONFIG_SLUB_CPU_PARTIAL=y -# CONFIG_PROFILING is not set -# end of General setup - -CONFIG_64BIT=y -CONFIG_X86_64=y -CONFIG_X86=y -CONFIG_INSTRUCTION_DECODER=y -CONFIG_OUTPUT_FORMAT="elf64-x86-64" -CONFIG_LOCKDEP_SUPPORT=y -CONFIG_STACKTRACE_SUPPORT=y -CONFIG_MMU=y -CONFIG_ARCH_MMAP_RND_BITS_MIN=28 -CONFIG_ARCH_MMAP_RND_BITS_MAX=32 -CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 -CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 -CONFIG_GENERIC_ISA_DMA=y -CONFIG_GENERIC_BUG=y -CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y -CONFIG_ARCH_MAY_HAVE_PC_FDC=y -CONFIG_GENERIC_CALIBRATE_DELAY=y -CONFIG_ARCH_HAS_CPU_RELAX=y -CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y -CONFIG_ARCH_HAS_FILTER_PGPROT=y -CONFIG_HAVE_SETUP_PER_CPU_AREA=y -CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y -CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y -CONFIG_ARCH_HIBERNATION_POSSIBLE=y -CONFIG_ARCH_SUSPEND_POSSIBLE=y -CONFIG_ARCH_WANT_GENERAL_HUGETLB=y -CONFIG_ZONE_DMA32=y -CONFIG_AUDIT_ARCH=y -CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y -CONFIG_HAVE_INTEL_TXT=y -CONFIG_X86_64_SMP=y -CONFIG_ARCH_SUPPORTS_UPROBES=y -CONFIG_FIX_EARLYCON_MEM=y -CONFIG_PGTABLE_LEVELS=4 -CONFIG_CC_HAS_SANE_STACKPROTECTOR=y - -# -# Processor type and features -# # CONFIG_ZONE_DMA is not set CONFIG_SMP=y -CONFIG_X86_FEATURE_NAMES=y # CONFIG_X86_MPPARSE is not set -# CONFIG_GOLDFISH is not set -CONFIG_RETPOLINE=y -# CONFIG_X86_CPU_RESCTRL is not set # CONFIG_X86_EXTENDED_PLATFORM is not set -# CONFIG_X86_INTEL_LPSS is not set -# CONFIG_X86_AMD_PLATFORM_DEVICE is not set CONFIG_IOSF_MBI=y -CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y -CONFIG_SCHED_OMIT_FRAME_POINTER=y -# CONFIG_HYPERVISOR_GUEST is not set -# CONFIG_MK8 is not set -# CONFIG_MPSC is not set CONFIG_MCORE2=y -# CONFIG_MATOM is not set -# CONFIG_GENERIC_CPU is not set -CONFIG_X86_INTERNODE_CACHE_SHIFT=6 -CONFIG_X86_L1_CACHE_SHIFT=6 -CONFIG_X86_INTEL_USERCOPY=y -CONFIG_X86_USE_PPRO_CHECKSUM=y -CONFIG_X86_P6_NOP=y -CONFIG_X86_TSC=y -CONFIG_X86_CMPXCHG64=y -CONFIG_X86_CMOV=y -CONFIG_X86_MINIMUM_CPU_FAMILY=64 -CONFIG_X86_DEBUGCTLMSR=y -CONFIG_IA32_FEAT_CTL=y -CONFIG_X86_VMX_FEATURE_NAMES=y CONFIG_PROCESSOR_SELECT=y -CONFIG_CPU_SUP_INTEL=y # CONFIG_CPU_SUP_AMD is not set # CONFIG_CPU_SUP_HYGON is not set # CONFIG_CPU_SUP_CENTAUR is not set # CONFIG_CPU_SUP_ZHAOXIN is not set -CONFIG_HPET_TIMER=y -CONFIG_HPET_EMULATE_RTC=y -CONFIG_DMI=y -# CONFIG_MAXSMP is not set -CONFIG_NR_CPUS_RANGE_BEGIN=2 -CONFIG_NR_CPUS_RANGE_END=512 -CONFIG_NR_CPUS_DEFAULT=64 -CONFIG_NR_CPUS=64 -CONFIG_SCHED_SMT=y -CONFIG_SCHED_MC=y -CONFIG_SCHED_MC_PRIO=y -CONFIG_X86_LOCAL_APIC=y -CONFIG_X86_IO_APIC=y CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y -CONFIG_X86_MCE=y -# CONFIG_X86_MCELOG_LEGACY is not set -CONFIG_X86_MCE_INTEL=y -CONFIG_X86_MCE_THRESHOLD=y -CONFIG_X86_THERMAL_VECTOR=y - -# -# Performance monitoring -# # CONFIG_PERF_EVENTS_INTEL_UNCORE is not set # CONFIG_PERF_EVENTS_INTEL_RAPL is not set # CONFIG_PERF_EVENTS_INTEL_CSTATE is not set -# end of Performance monitoring - # CONFIG_X86_VSYSCALL_EMULATION is not set -CONFIG_X86_IOPL_IOPERM=y -# CONFIG_I8K is not set # CONFIG_MICROCODE is not set -# CONFIG_X86_MSR is not set -# CONFIG_X86_CPUID is not set # CONFIG_X86_5LEVEL is not set -CONFIG_X86_DIRECT_GBPAGES=y -# CONFIG_NUMA is not set -CONFIG_ARCH_SPARSEMEM_ENABLE=y -CONFIG_ARCH_SPARSEMEM_DEFAULT=y -CONFIG_ARCH_SELECT_MEMORY_MODEL=y -CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 -CONFIG_X86_PMEM_LEGACY_DEVICE=y CONFIG_X86_PMEM_LEGACY=y -# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set -CONFIG_X86_RESERVE_LOW=64 # CONFIG_MTRR is not set -CONFIG_ARCH_RANDOM=y # CONFIG_X86_SMAP is not set # CONFIG_X86_UMIP is not set # CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set -CONFIG_X86_INTEL_TSX_MODE_OFF=y -# CONFIG_X86_INTEL_TSX_MODE_ON is not set -# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set CONFIG_EFI=y -# CONFIG_EFI_STUB is not set -# CONFIG_HZ_100 is not set -CONFIG_HZ_250=y -# CONFIG_HZ_300 is not set -# CONFIG_HZ_1000 is not set -CONFIG_HZ=250 CONFIG_KEXEC=y CONFIG_KEXEC_FILE=y -CONFIG_ARCH_HAS_KEXEC_PURGATORY=y -# CONFIG_KEXEC_SIG is not set -# CONFIG_CRASH_DUMP is not set -CONFIG_PHYSICAL_START=0x1000000 # CONFIG_RELOCATABLE is not set CONFIG_PHYSICAL_ALIGN=0x1000000 -CONFIG_HOTPLUG_CPU=y -# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set -# CONFIG_DEBUG_HOTPLUG_CPU0 is not set -# CONFIG_LEGACY_VSYSCALL_EMULATE is not set -# CONFIG_LEGACY_VSYSCALL_XONLY is not set CONFIG_LEGACY_VSYSCALL_NONE=y -# CONFIG_CMDLINE_BOOL is not set # CONFIG_MODIFY_LDT_SYSCALL is not set -CONFIG_HAVE_LIVEPATCH=y -# end of Processor type and features - -CONFIG_ARCH_HAS_ADD_PAGES=y -CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y -CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y - -# -# Power management and ACPI options -# +# CONFIG_PAGE_TABLE_ISOLATION is not set # CONFIG_SUSPEND is not set -# CONFIG_PM is not set -# CONFIG_ENERGY_MODEL is not set -CONFIG_ARCH_SUPPORTS_ACPI=y -CONFIG_ACPI=y -CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y -CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y -CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y -# CONFIG_ACPI_DEBUGGER is not set -CONFIG_ACPI_SPCR_TABLE=y -CONFIG_ACPI_LPIT=y -CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y -# CONFIG_ACPI_EC_DEBUGFS is not set -CONFIG_ACPI_AC=y -CONFIG_ACPI_BATTERY=y -CONFIG_ACPI_BUTTON=y CONFIG_ACPI_VIDEO=y -CONFIG_ACPI_FAN=y -# CONFIG_ACPI_DOCK is not set -CONFIG_ACPI_CPU_FREQ_PSS=y -CONFIG_ACPI_PROCESSOR_CSTATE=y -CONFIG_ACPI_PROCESSOR_IDLE=y -CONFIG_ACPI_CPPC_LIB=y -CONFIG_ACPI_PROCESSOR=y -CONFIG_ACPI_HOTPLUG_CPU=y -# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set -CONFIG_ACPI_THERMAL=y -CONFIG_ACPI_CUSTOM_DSDT_FILE="" -CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y -CONFIG_ACPI_TABLE_UPGRADE=y -# CONFIG_ACPI_DEBUG is not set -# CONFIG_ACPI_PCI_SLOT is not set -CONFIG_ACPI_CONTAINER=y -CONFIG_ACPI_HOTPLUG_IOAPIC=y -# CONFIG_ACPI_SBS is not set -# CONFIG_ACPI_HED is not set -# CONFIG_ACPI_BGRT is not set -# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set -# CONFIG_ACPI_NFIT is not set -CONFIG_HAVE_ACPI_APEI=y -CONFIG_HAVE_ACPI_APEI_NMI=y -# CONFIG_ACPI_APEI is not set -# CONFIG_ACPI_DPTF is not set -# CONFIG_ACPI_CONFIGFS is not set -# CONFIG_PMIC_OPREGION is not set -CONFIG_X86_PM_TIMER=y -# CONFIG_SFI is not set - -# -# CPU Frequency scaling -# -CONFIG_CPU_FREQ=y -CONFIG_CPU_FREQ_GOV_ATTR_SET=y -# CONFIG_CPU_FREQ_STAT is not set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y -# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set -# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set -# CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL is not set -CONFIG_CPU_FREQ_GOV_PERFORMANCE=y -# CONFIG_CPU_FREQ_GOV_POWERSAVE is not set -# CONFIG_CPU_FREQ_GOV_USERSPACE is not set -# CONFIG_CPU_FREQ_GOV_ONDEMAND is not set -# CONFIG_CPU_FREQ_GOV_CONSERVATIVE is not set -CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y - -# -# CPU frequency scaling drivers -# -CONFIG_X86_INTEL_PSTATE=y -# CONFIG_X86_PCC_CPUFREQ is not set -# CONFIG_X86_ACPI_CPUFREQ is not set -# CONFIG_X86_SPEEDSTEP_CENTRINO is not set -# CONFIG_X86_P4_CLOCKMOD is not set - -# -# shared options -# -# end of CPU Frequency scaling - -# -# CPU Idle -# -CONFIG_CPU_IDLE=y -# CONFIG_CPU_IDLE_GOV_LADDER is not set -CONFIG_CPU_IDLE_GOV_MENU=y -# CONFIG_CPU_IDLE_GOV_TEO is not set -# end of CPU Idle - -# CONFIG_INTEL_IDLE is not set -# end of Power management and ACPI options - -# -# Bus options (PCI etc.) -# -CONFIG_PCI_DIRECT=y # CONFIG_PCI_MMCONFIG is not set -# CONFIG_PCI_CNB20LE_QUIRK is not set -# CONFIG_ISA_BUS is not set -CONFIG_ISA_DMA_API=y -# CONFIG_X86_SYSFB is not set -# end of Bus options (PCI etc.) - -# -# Binary Emulations -# -# CONFIG_IA32_EMULATION is not set -# CONFIG_X86_X32 is not set -# end of Binary Emulations - -# -# Firmware Drivers -# -# CONFIG_EDD is not set # CONFIG_FIRMWARE_MEMMAP is not set # CONFIG_DMIID is not set -# CONFIG_DMI_SYSFS is not set -CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y -# CONFIG_FW_CFG_SYSFS is not set CONFIG_GOOGLE_FIRMWARE=y -# CONFIG_GOOGLE_SMI is not set CONFIG_GOOGLE_COREBOOT_TABLE=y -CONFIG_GOOGLE_MEMCONSOLE=y CONFIG_GOOGLE_MEMCONSOLE_X86_LEGACY=y CONFIG_GOOGLE_MEMCONSOLE_COREBOOT=y -# CONFIG_GOOGLE_VPD is not set - -# -# EFI (Extensible Firmware Interface) Support -# -# CONFIG_EFI_VARS is not set -CONFIG_EFI_ESRT=y -CONFIG_EFI_RUNTIME_MAP=y -# CONFIG_EFI_FAKE_MEMMAP is not set -CONFIG_EFI_RUNTIME_WRAPPERS=y -# CONFIG_EFI_BOOTLOADER_CONTROL is not set -# CONFIG_EFI_CAPSULE_LOADER is not set -# CONFIG_EFI_TEST is not set -# CONFIG_EFI_RCI2_TABLE is not set -# CONFIG_EFI_DISABLE_PCI_DMA is not set -# end of EFI (Extensible Firmware Interface) Support - -CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y - -# -# Tegra firmware driver -# -# end of Tegra firmware driver -# end of Firmware Drivers - -CONFIG_HAVE_KVM=y # CONFIG_VIRTUALIZATION is not set -CONFIG_AS_AVX512=y -CONFIG_AS_SHA1_NI=y -CONFIG_AS_SHA256_NI=y -CONFIG_AS_TPAUSE=y - -# -# General architecture-dependent options -# -CONFIG_CRASH_CORE=y -CONFIG_KEXEC_CORE=y -CONFIG_HOTPLUG_SMT=y -CONFIG_GENERIC_ENTRY=y -CONFIG_HAVE_OPROFILE=y -CONFIG_OPROFILE_NMI_TIMER=y -# CONFIG_KPROBES is not set CONFIG_JUMP_LABEL=y -# CONFIG_STATIC_KEYS_SELFTEST is not set -# CONFIG_STATIC_CALL_SELFTEST is not set -CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y -CONFIG_ARCH_USE_BUILTIN_BSWAP=y -CONFIG_HAVE_IOREMAP_PROT=y -CONFIG_HAVE_KPROBES=y -CONFIG_HAVE_KRETPROBES=y -CONFIG_HAVE_OPTPROBES=y -CONFIG_HAVE_KPROBES_ON_FTRACE=y -CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y -CONFIG_HAVE_NMI=y -CONFIG_HAVE_ARCH_TRACEHOOK=y -CONFIG_HAVE_DMA_CONTIGUOUS=y -CONFIG_GENERIC_SMP_IDLE_THREAD=y -CONFIG_ARCH_HAS_FORTIFY_SOURCE=y -CONFIG_ARCH_HAS_SET_MEMORY=y -CONFIG_ARCH_HAS_SET_DIRECT_MAP=y -CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y -CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y -CONFIG_HAVE_ASM_MODVERSIONS=y -CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y -CONFIG_HAVE_RSEQ=y -CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y -CONFIG_HAVE_HW_BREAKPOINT=y -CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y -CONFIG_HAVE_USER_RETURN_NOTIFIER=y -CONFIG_HAVE_PERF_EVENTS_NMI=y -CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y -CONFIG_HAVE_PERF_REGS=y -CONFIG_HAVE_PERF_USER_STACK_DUMP=y -CONFIG_HAVE_ARCH_JUMP_LABEL=y -CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y -CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y -CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y -CONFIG_HAVE_CMPXCHG_LOCAL=y -CONFIG_HAVE_CMPXCHG_DOUBLE=y -CONFIG_HAVE_ARCH_SECCOMP=y -CONFIG_HAVE_ARCH_SECCOMP_FILTER=y # CONFIG_SECCOMP is not set -CONFIG_HAVE_ARCH_STACKLEAK=y -CONFIG_HAVE_STACKPROTECTOR=y -CONFIG_STACKPROTECTOR=y -CONFIG_STACKPROTECTOR_STRONG=y -CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y -CONFIG_HAVE_CONTEXT_TRACKING=y -CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y -CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y -CONFIG_HAVE_MOVE_PMD=y -CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y -CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y -CONFIG_HAVE_ARCH_HUGE_VMAP=y -CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y -CONFIG_HAVE_ARCH_SOFT_DIRTY=y -CONFIG_HAVE_MOD_ARCH_SPECIFIC=y -CONFIG_MODULES_USE_ELF_RELA=y -CONFIG_ARCH_HAS_ELF_RANDOMIZE=y -CONFIG_HAVE_ARCH_MMAP_RND_BITS=y -CONFIG_HAVE_EXIT_THREAD=y -CONFIG_ARCH_MMAP_RND_BITS=28 -CONFIG_HAVE_STACK_VALIDATION=y -CONFIG_HAVE_RELIABLE_STACKTRACE=y -# CONFIG_COMPAT_32BIT_TIME is not set -CONFIG_HAVE_ARCH_VMAP_STACK=y -CONFIG_VMAP_STACK=y -CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y -CONFIG_STRICT_KERNEL_RWX=y -CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y -CONFIG_STRICT_MODULE_RWX=y -CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y -CONFIG_ARCH_HAS_MEM_ENCRYPT=y -CONFIG_HAVE_STATIC_CALL=y -CONFIG_HAVE_STATIC_CALL_INLINE=y -CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y - -# -# GCOV-based kernel profiling -# -CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y -# end of GCOV-based kernel profiling - -CONFIG_HAVE_GCC_PLUGINS=y -# end of General architecture-dependent options - -CONFIG_RT_MUTEXES=y -CONFIG_BASE_SMALL=1 CONFIG_MODULES=y -# CONFIG_MODULE_FORCE_LOAD is not set -# CONFIG_MODULE_UNLOAD is not set -# CONFIG_MODVERSIONS is not set -# CONFIG_MODULE_SRCVERSION_ALL is not set -# CONFIG_MODULE_SIG is not set -# CONFIG_MODULE_COMPRESS is not set -# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set # CONFIG_UNUSED_SYMBOLS is not set CONFIG_TRIM_UNUSED_KSYMS=y -CONFIG_UNUSED_KSYMS_WHITELIST="" -CONFIG_MODULES_TREE_LOOKUP=y -CONFIG_BLOCK=y -CONFIG_BLK_SCSI_REQUEST=y -CONFIG_BLK_DEV_BSG=y -CONFIG_BLK_DEV_BSGLIB=y -# CONFIG_BLK_DEV_INTEGRITY is not set -# CONFIG_BLK_DEV_ZONED is not set -# CONFIG_BLK_CMDLINE_PARSER is not set -# CONFIG_BLK_WBT is not set -# CONFIG_BLK_SED_OPAL is not set -# CONFIG_BLK_INLINE_ENCRYPTION is not set - -# -# Partition Types -# -# CONFIG_PARTITION_ADVANCED is not set -CONFIG_MSDOS_PARTITION=y -CONFIG_EFI_PARTITION=y -# end of Partition Types - -CONFIG_BLK_MQ_PCI=y - -# -# IO Schedulers -# -CONFIG_MQ_IOSCHED_DEADLINE=y # CONFIG_MQ_IOSCHED_KYBER is not set -# CONFIG_IOSCHED_BFQ is not set -# end of IO Schedulers - -CONFIG_INLINE_SPIN_UNLOCK_IRQ=y -CONFIG_INLINE_READ_UNLOCK=y -CONFIG_INLINE_READ_UNLOCK_IRQ=y -CONFIG_INLINE_WRITE_UNLOCK=y -CONFIG_INLINE_WRITE_UNLOCK_IRQ=y -CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y -CONFIG_MUTEX_SPIN_ON_OWNER=y -CONFIG_RWSEM_SPIN_ON_OWNER=y -CONFIG_LOCK_SPIN_ON_OWNER=y -CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y -CONFIG_QUEUED_SPINLOCKS=y -CONFIG_ARCH_USE_QUEUED_RWLOCKS=y -CONFIG_QUEUED_RWLOCKS=y -CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y -CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y -CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y - -# -# Executable file formats -# -CONFIG_BINFMT_ELF=y -CONFIG_ELFCORE=y -CONFIG_BINFMT_SCRIPT=y -# CONFIG_BINFMT_MISC is not set # CONFIG_COREDUMP is not set -# end of Executable file formats - -# -# Memory Management options -# -CONFIG_SELECT_MEMORY_MODEL=y -CONFIG_SPARSEMEM_MANUAL=y -CONFIG_SPARSEMEM=y -CONFIG_SPARSEMEM_EXTREME=y -CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y -CONFIG_SPARSEMEM_VMEMMAP=y -CONFIG_HAVE_FAST_GUP=y -# CONFIG_MEMORY_HOTPLUG is not set -CONFIG_SPLIT_PTLOCK_CPUS=4 # CONFIG_COMPACTION is not set -# CONFIG_PAGE_REPORTING is not set -CONFIG_PHYS_ADDR_T_64BIT=y -CONFIG_VIRT_TO_BUS=y -CONFIG_MMU_NOTIFIER=y -# CONFIG_KSM is not set CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 -CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y -# CONFIG_MEMORY_FAILURE is not set -# CONFIG_TRANSPARENT_HUGEPAGE is not set -CONFIG_ARCH_WANTS_THP_SWAP=y -# CONFIG_CLEANCACHE is not set -# CONFIG_CMA is not set -# CONFIG_ZPOOL is not set -# CONFIG_ZBUD is not set -# CONFIG_ZSMALLOC is not set -CONFIG_GENERIC_EARLY_IOREMAP=y -# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set -# CONFIG_IDLE_PAGE_TRACKING is not set -CONFIG_ARCH_HAS_PTE_DEVMAP=y -# CONFIG_PERCPU_STATS is not set -# CONFIG_GUP_BENCHMARK is not set -CONFIG_ARCH_HAS_PTE_SPECIAL=y -# end of Memory Management options - CONFIG_NET=y - -# -# Networking options -# CONFIG_PACKET=y -# CONFIG_PACKET_DIAG is not set CONFIG_UNIX=y -CONFIG_UNIX_SCM=y -# CONFIG_UNIX_DIAG is not set -# CONFIG_TLS is not set -# CONFIG_XFRM_USER is not set -# CONFIG_NET_KEY is not set CONFIG_INET=y -# CONFIG_IP_MULTICAST is not set -# CONFIG_IP_ADVANCED_ROUTER is not set -# CONFIG_IP_PNP is not set -# CONFIG_NET_IPIP is not set -# CONFIG_NET_IPGRE_DEMUX is not set CONFIG_SYN_COOKIES=y -# CONFIG_NET_IPVTI is not set -# CONFIG_NET_FOU is not set -# CONFIG_INET_AH is not set -# CONFIG_INET_ESP is not set -# CONFIG_INET_IPCOMP is not set # CONFIG_INET_DIAG is not set -# CONFIG_TCP_CONG_ADVANCED is not set -CONFIG_TCP_CONG_CUBIC=y -CONFIG_DEFAULT_TCP_CONG="cubic" -# CONFIG_TCP_MD5SIG is not set # CONFIG_IPV6 is not set -# CONFIG_MPTCP is not set -# CONFIG_NETWORK_SECMARK is not set -# CONFIG_NETWORK_PHY_TIMESTAMPING is not set -# CONFIG_NETFILTER is not set -# CONFIG_BPFILTER is not set -# CONFIG_IP_DCCP is not set -# CONFIG_IP_SCTP is not set -# CONFIG_RDS is not set -# CONFIG_TIPC is not set -# CONFIG_ATM is not set -# CONFIG_L2TP is not set -# CONFIG_BRIDGE is not set -CONFIG_HAVE_NET_DSA=y -# CONFIG_NET_DSA is not set -# CONFIG_VLAN_8021Q is not set -# CONFIG_DECNET is not set -# CONFIG_LLC2 is not set -# CONFIG_ATALK is not set -# CONFIG_X25 is not set -# CONFIG_LAPB is not set -# CONFIG_PHONET is not set -# CONFIG_IEEE802154 is not set -# CONFIG_NET_SCHED is not set -# CONFIG_DCB is not set -# CONFIG_BATMAN_ADV is not set -# CONFIG_OPENVSWITCH is not set -# CONFIG_VSOCKETS is not set -# CONFIG_NETLINK_DIAG is not set -# CONFIG_MPLS is not set -# CONFIG_NET_NSH is not set -# CONFIG_HSR is not set -# CONFIG_NET_SWITCHDEV is not set -# CONFIG_NET_L3_MASTER_DEV is not set -# CONFIG_QRTR is not set -# CONFIG_NET_NCSI is not set -CONFIG_RPS=y -CONFIG_RFS_ACCEL=y -CONFIG_XPS=y -CONFIG_NET_RX_BUSY_POLL=y -CONFIG_BQL=y -# CONFIG_BPF_JIT is not set -CONFIG_NET_FLOW_LIMIT=y - -# -# Network testing -# -# CONFIG_NET_PKTGEN is not set -# end of Network testing -# end of Networking options - -# CONFIG_HAMRADIO is not set -# CONFIG_CAN is not set -# CONFIG_BT is not set -# CONFIG_AF_RXRPC is not set -# CONFIG_AF_KCM is not set # CONFIG_WIRELESS is not set -# CONFIG_WIMAX is not set -# CONFIG_RFKILL is not set -# CONFIG_NET_9P is not set -# CONFIG_CAIF is not set -# CONFIG_CEPH_LIB is not set -# CONFIG_NFC is not set -# CONFIG_PSAMPLE is not set -# CONFIG_NET_IFE is not set -# CONFIG_LWTUNNEL is not set -# CONFIG_FAILOVER is not set -CONFIG_ETHTOOL_NETLINK=y -CONFIG_HAVE_EBPF_JIT=y - -# -# Device Drivers -# -CONFIG_HAVE_EISA=y -# CONFIG_EISA is not set -CONFIG_HAVE_PCI=y CONFIG_PCI=y -CONFIG_PCI_DOMAINS=y -# CONFIG_PCIEPORTBUS is not set # CONFIG_PCIEASPM is not set -# CONFIG_PCIE_PTM is not set CONFIG_PCI_MSI=y -CONFIG_PCI_MSI_IRQ_DOMAIN=y -CONFIG_PCI_QUIRKS=y -# CONFIG_PCI_DEBUG is not set -# CONFIG_PCI_STUB is not set -CONFIG_PCI_ATS=y -CONFIG_PCI_LOCKLESS_CONFIG=y -# CONFIG_PCI_IOV is not set -CONFIG_PCI_PRI=y -CONFIG_PCI_PASID=y -CONFIG_PCI_LABEL=y -# CONFIG_PCIE_BUS_TUNE_OFF is not set -CONFIG_PCIE_BUS_DEFAULT=y -# CONFIG_PCIE_BUS_SAFE is not set -# CONFIG_PCIE_BUS_PERFORMANCE is not set -# CONFIG_PCIE_BUS_PEER2PEER is not set -# CONFIG_HOTPLUG_PCI is not set - -# -# PCI controller drivers -# -# CONFIG_VMD is not set - -# -# DesignWare PCI Core Support -# -# CONFIG_PCIE_DW_PLAT_HOST is not set -# CONFIG_PCI_MESON is not set -# end of DesignWare PCI Core Support - -# -# Mobiveil PCIe Core Support -# -# end of Mobiveil PCIe Core Support - -# -# Cadence PCIe controllers support -# -# end of Cadence PCIe controllers support -# end of PCI controller drivers - -# -# PCI Endpoint -# -# CONFIG_PCI_ENDPOINT is not set -# end of PCI Endpoint - -# -# PCI switch controller drivers -# -# CONFIG_PCI_SW_SWITCHTEC is not set -# end of PCI switch controller drivers - -# CONFIG_PCCARD is not set -# CONFIG_RAPIDIO is not set - -# -# Generic Driver Options -# -# CONFIG_UEVENT_HELPER is not set CONFIG_DEVTMPFS=y CONFIG_DEVTMPFS_MOUNT=y # CONFIG_STANDALONE is not set -CONFIG_PREVENT_FIRMWARE_BUILD=y - -# -# Firmware loader -# -CONFIG_FW_LOADER=y -CONFIG_EXTRA_FIRMWARE="" -# CONFIG_FW_LOADER_USER_HELPER is not set -# CONFIG_FW_LOADER_COMPRESS is not set -# end of Firmware loader - # CONFIG_ALLOW_DEV_COREDUMP is not set -# CONFIG_DEBUG_DRIVER is not set -# CONFIG_DEBUG_DEVRES is not set -# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set -# CONFIG_TEST_ASYNC_DRIVER_PROBE is not set -CONFIG_GENERIC_CPU_AUTOPROBE=y -CONFIG_GENERIC_CPU_VULNERABILITIES=y -CONFIG_REGMAP=y -CONFIG_REGMAP_MMIO=y -CONFIG_DMA_SHARED_BUFFER=y -# CONFIG_DMA_FENCE_TRACE is not set -# end of Generic Driver Options - -# -# Bus devices -# -# CONFIG_MHI_BUS is not set -# end of Bus devices - -# CONFIG_CONNECTOR is not set -# CONFIG_GNSS is not set -# CONFIG_MTD is not set -# CONFIG_OF is not set -CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y -# CONFIG_PARPORT is not set -CONFIG_PNP=y # CONFIG_PNP_DEBUG_MESSAGES is not set - -# -# Protocols -# -CONFIG_PNPACPI=y -CONFIG_BLK_DEV=y -# CONFIG_BLK_DEV_NULL_BLK is not set -# CONFIG_BLK_DEV_FD is not set -CONFIG_CDROM=y -# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set -# CONFIG_BLK_DEV_UMEM is not set CONFIG_BLK_DEV_LOOP=y -CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 -# CONFIG_BLK_DEV_CRYPTOLOOP is not set -# CONFIG_BLK_DEV_DRBD is not set -# CONFIG_BLK_DEV_NBD is not set -# CONFIG_BLK_DEV_SKD is not set -# CONFIG_BLK_DEV_SX8 is not set CONFIG_BLK_DEV_RAM=y -CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=65536 -# CONFIG_CDROM_PKTCDVD is not set -# CONFIG_ATA_OVER_ETH is not set -# CONFIG_BLK_DEV_RBD is not set -# CONFIG_BLK_DEV_RSXX is not set - -# -# NVME Support -# -CONFIG_NVME_CORE=y CONFIG_BLK_DEV_NVME=y -# CONFIG_NVME_MULTIPATH is not set -# CONFIG_NVME_FC is not set -# CONFIG_NVME_TCP is not set -# end of NVME Support - -# -# Misc devices -# -# CONFIG_AD525X_DPOT is not set -# CONFIG_DUMMY_IRQ is not set -# CONFIG_IBM_ASM is not set -# CONFIG_PHANTOM is not set -# CONFIG_TIFM_CORE is not set -# CONFIG_ICS932S401 is not set -# CONFIG_ENCLOSURE_SERVICES is not set -# CONFIG_HP_ILO is not set -# CONFIG_APDS9802ALS is not set -# CONFIG_ISL29003 is not set -# CONFIG_ISL29020 is not set -# CONFIG_SENSORS_TSL2550 is not set -# CONFIG_SENSORS_BH1770 is not set -# CONFIG_SENSORS_APDS990X is not set -# CONFIG_HMC6352 is not set -# CONFIG_DS1682 is not set -# CONFIG_SRAM is not set -# CONFIG_PCI_ENDPOINT_TEST is not set -# CONFIG_XILINX_SDFEC is not set -# CONFIG_PVPANIC is not set -# CONFIG_C2PORT is not set - -# -# EEPROM support -# -# CONFIG_EEPROM_AT24 is not set -# CONFIG_EEPROM_LEGACY is not set -# CONFIG_EEPROM_MAX6875 is not set -# CONFIG_EEPROM_93CX6 is not set -# CONFIG_EEPROM_IDT_89HPESX is not set -# CONFIG_EEPROM_EE1004 is not set -# end of EEPROM support - -# CONFIG_CB710_CORE is not set - -# -# Texas Instruments shared transport line discipline -# -# end of Texas Instruments shared transport line discipline - -# CONFIG_SENSORS_LIS3_I2C is not set -# CONFIG_ALTERA_STAPL is not set -CONFIG_INTEL_MEI=m CONFIG_INTEL_MEI_ME=m CONFIG_INTEL_MEI_TXE=m -# CONFIG_VMWARE_VMCI is not set -# CONFIG_GENWQE is not set -# CONFIG_ECHO is not set -# CONFIG_MISC_ALCOR_PCI is not set -# CONFIG_MISC_RTSX_PCI is not set -# CONFIG_MISC_RTSX_USB is not set -# CONFIG_HABANA_AI is not set -# CONFIG_UACCE is not set -# end of Misc devices - -CONFIG_HAVE_IDE=y -# CONFIG_IDE is not set - -# -# SCSI device support -# -CONFIG_SCSI_MOD=y -# CONFIG_RAID_ATTRS is not set -CONFIG_SCSI=y -CONFIG_SCSI_DMA=y # CONFIG_SCSI_PROC_FS is not set - -# -# SCSI support type (disk, tape, CD-ROM) -# CONFIG_BLK_DEV_SD=y -# CONFIG_CHR_DEV_ST is not set CONFIG_BLK_DEV_SR=y CONFIG_CHR_DEV_SG=y -# CONFIG_CHR_DEV_SCH is not set -# CONFIG_SCSI_CONSTANTS is not set -# CONFIG_SCSI_LOGGING is not set CONFIG_SCSI_SCAN_ASYNC=y - -# -# SCSI Transports -# -# CONFIG_SCSI_SPI_ATTRS is not set -# CONFIG_SCSI_FC_ATTRS is not set CONFIG_SCSI_ISCSI_ATTRS=y -# CONFIG_SCSI_SAS_ATTRS is not set -# CONFIG_SCSI_SAS_LIBSAS is not set -# CONFIG_SCSI_SRP_ATTRS is not set -# end of SCSI Transports - # CONFIG_SCSI_LOWLEVEL is not set -# CONFIG_SCSI_DH is not set -# end of SCSI device support - CONFIG_ATA=y -CONFIG_SATA_HOST=y -CONFIG_PATA_TIMINGS=y -CONFIG_ATA_VERBOSE_ERROR=y -CONFIG_ATA_FORCE=y -CONFIG_ATA_ACPI=y -CONFIG_SATA_PMP=y - -# -# Controllers with non-SFF native interface -# CONFIG_SATA_AHCI=y -CONFIG_SATA_MOBILE_LPM_POLICY=0 -# CONFIG_SATA_AHCI_PLATFORM is not set -# CONFIG_SATA_INIC162X is not set -# CONFIG_SATA_ACARD_AHCI is not set -# CONFIG_SATA_SIL24 is not set # CONFIG_ATA_SFF is not set CONFIG_MD=y -# CONFIG_BLK_DEV_MD is not set -# CONFIG_BCACHE is not set -CONFIG_BLK_DEV_DM_BUILTIN=y CONFIG_BLK_DEV_DM=y -# CONFIG_DM_DEBUG is not set -CONFIG_DM_BUFIO=y -# CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set -CONFIG_DM_BIO_PRISON=y -CONFIG_DM_PERSISTENT_DATA=y -# CONFIG_DM_UNSTRIPED is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_THIN_PROVISIONING=y -# CONFIG_DM_CACHE is not set -# CONFIG_DM_WRITECACHE is not set -# CONFIG_DM_EBS is not set -# CONFIG_DM_ERA is not set -# CONFIG_DM_CLONE is not set -# CONFIG_DM_MIRROR is not set -# CONFIG_DM_RAID is not set -# CONFIG_DM_ZERO is not set -# CONFIG_DM_MULTIPATH is not set -# CONFIG_DM_DELAY is not set -# CONFIG_DM_DUST is not set -# CONFIG_DM_INIT is not set -# CONFIG_DM_UEVENT is not set -# CONFIG_DM_FLAKEY is not set CONFIG_DM_VERITY=y -# CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG is not set CONFIG_DM_VERITY_FEC=y -# CONFIG_DM_SWITCH is not set -# CONFIG_DM_LOG_WRITES is not set -# CONFIG_DM_INTEGRITY is not set -# CONFIG_TARGET_CORE is not set -# CONFIG_FUSION is not set - -# -# IEEE 1394 (FireWire) support -# -# CONFIG_FIREWIRE is not set -# CONFIG_FIREWIRE_NOSY is not set -# end of IEEE 1394 (FireWire) support - -# CONFIG_MACINTOSH_DRIVERS is not set CONFIG_NETDEVICES=y -CONFIG_MII=m -CONFIG_NET_CORE=y -# CONFIG_BONDING is not set -# CONFIG_DUMMY is not set -# CONFIG_WIREGUARD is not set -# CONFIG_EQUALIZER is not set -# CONFIG_NET_FC is not set -# CONFIG_NET_TEAM is not set -# CONFIG_MACVLAN is not set -# CONFIG_IPVLAN is not set -# CONFIG_VXLAN is not set -# CONFIG_GENEVE is not set -# CONFIG_BAREUDP is not set -# CONFIG_GTP is not set -# CONFIG_MACSEC is not set -# CONFIG_NETCONSOLE is not set -# CONFIG_TUN is not set -# CONFIG_TUN_VNET_CROSS_LE is not set -# CONFIG_VETH is not set -# CONFIG_NLMON is not set -# CONFIG_ARCNET is not set - -# -# Distributed Switch Architecture drivers -# -# end of Distributed Switch Architecture drivers - -CONFIG_ETHERNET=y # CONFIG_NET_VENDOR_3COM is not set # CONFIG_NET_VENDOR_ADAPTEC is not set # CONFIG_NET_VENDOR_AGERE is not set # CONFIG_NET_VENDOR_ALACRITECH is not set # CONFIG_NET_VENDOR_ALTEON is not set -# CONFIG_ALTERA_TSE is not set # CONFIG_NET_VENDOR_AMAZON is not set # CONFIG_NET_VENDOR_AMD is not set # CONFIG_NET_VENDOR_AQUANTIA is not set @@ -1189,8 +141,6 @@ CONFIG_ETHERNET=y # CONFIG_NET_VENDOR_CHELSIO is not set # CONFIG_NET_VENDOR_CISCO is not set # CONFIG_NET_VENDOR_CORTINA is not set -# CONFIG_CX_ECAT is not set -# CONFIG_DNET is not set # CONFIG_NET_VENDOR_DEC is not set # CONFIG_NET_VENDOR_DLINK is not set # CONFIG_NET_VENDOR_EMULEX is not set @@ -1198,36 +148,20 @@ CONFIG_ETHERNET=y # CONFIG_NET_VENDOR_GOOGLE is not set # CONFIG_NET_VENDOR_HUAWEI is not set # CONFIG_NET_VENDOR_I825XX is not set -CONFIG_NET_VENDOR_INTEL=y -# CONFIG_E100 is not set CONFIG_E1000=m CONFIG_E1000E=m -CONFIG_E1000E_HWTS=y -# CONFIG_IGB is not set -# CONFIG_IGBVF is not set -# CONFIG_IXGB is not set -# CONFIG_IXGBE is not set -# CONFIG_IXGBEVF is not set -# CONFIG_I40E is not set -# CONFIG_I40EVF is not set -# CONFIG_ICE is not set -# CONFIG_FM10K is not set -# CONFIG_IGC is not set -# CONFIG_JME is not set # CONFIG_NET_VENDOR_MARVELL is not set # CONFIG_NET_VENDOR_MELLANOX is not set # CONFIG_NET_VENDOR_MICREL is not set # CONFIG_NET_VENDOR_MICROCHIP is not set # CONFIG_NET_VENDOR_MICROSEMI is not set # CONFIG_NET_VENDOR_MYRI is not set -# CONFIG_FEALNX is not set # CONFIG_NET_VENDOR_NATSEMI is not set # CONFIG_NET_VENDOR_NETERION is not set # CONFIG_NET_VENDOR_NETRONOME is not set # CONFIG_NET_VENDOR_NI is not set # CONFIG_NET_VENDOR_NVIDIA is not set # CONFIG_NET_VENDOR_OKI is not set -# CONFIG_ETHOC is not set # CONFIG_NET_VENDOR_PACKET_ENGINES is not set # CONFIG_NET_VENDOR_PENSANDO is not set # CONFIG_NET_VENDOR_QLOGIC is not set @@ -1251,1857 +185,129 @@ CONFIG_E1000E_HWTS=y # CONFIG_NET_VENDOR_VIA is not set # CONFIG_NET_VENDOR_WIZNET is not set # CONFIG_NET_VENDOR_XILINX is not set -# CONFIG_FDDI is not set -# CONFIG_HIPPI is not set -# CONFIG_NET_SB1000 is not set -# CONFIG_PHYLIB is not set -# CONFIG_MDIO_DEVICE is not set - -# -# PCS device drivers -# -# end of PCS device drivers - -# CONFIG_PPP is not set -# CONFIG_SLIP is not set CONFIG_USB_NET_DRIVERS=m -# CONFIG_USB_CATC is not set -# CONFIG_USB_KAWETH is not set -# CONFIG_USB_PEGASUS is not set -# CONFIG_USB_RTL8150 is not set -# CONFIG_USB_RTL8152 is not set -# CONFIG_USB_LAN78XX is not set CONFIG_USB_USBNET=m # CONFIG_USB_NET_AX8817X is not set # CONFIG_USB_NET_AX88179_178A is not set -CONFIG_USB_NET_CDCETHER=m CONFIG_USB_NET_CDC_EEM=m -CONFIG_USB_NET_CDC_NCM=m -# CONFIG_USB_NET_HUAWEI_CDC_NCM is not set -# CONFIG_USB_NET_CDC_MBIM is not set -# CONFIG_USB_NET_DM9601 is not set -# CONFIG_USB_NET_SR9700 is not set -# CONFIG_USB_NET_SR9800 is not set -# CONFIG_USB_NET_SMSC75XX is not set -# CONFIG_USB_NET_SMSC95XX is not set -# CONFIG_USB_NET_GL620A is not set # CONFIG_USB_NET_NET1080 is not set -# CONFIG_USB_NET_PLUSB is not set -# CONFIG_USB_NET_MCS7830 is not set -# CONFIG_USB_NET_RNDIS_HOST is not set -CONFIG_USB_NET_CDC_SUBSET=m -# CONFIG_USB_ALI_M5632 is not set -# CONFIG_USB_AN2720 is not set # CONFIG_USB_BELKIN is not set # CONFIG_USB_ARMLINUX is not set -# CONFIG_USB_EPSON2888 is not set -# CONFIG_USB_KC2190 is not set # CONFIG_USB_NET_ZAURUS is not set -# CONFIG_USB_NET_CX82310_ETH is not set -# CONFIG_USB_NET_KALMIA is not set -# CONFIG_USB_NET_QMI_WWAN is not set -# CONFIG_USB_NET_INT51X1 is not set -# CONFIG_USB_IPHETH is not set -# CONFIG_USB_SIERRA_NET is not set -# CONFIG_USB_VL600 is not set -# CONFIG_USB_NET_CH9200 is not set -# CONFIG_USB_NET_AQC111 is not set # CONFIG_WLAN is not set - -# -# Enable WiMAX (Networking options) to see the WiMAX drivers -# -# CONFIG_WAN is not set -# CONFIG_VMXNET3 is not set -# CONFIG_FUJITSU_ES is not set -# CONFIG_NET_FAILOVER is not set -# CONFIG_ISDN is not set -# CONFIG_NVM is not set - -# -# Input device support -# -CONFIG_INPUT=y -# CONFIG_INPUT_FF_MEMLESS is not set -# CONFIG_INPUT_POLLDEV is not set -# CONFIG_INPUT_SPARSEKMAP is not set -# CONFIG_INPUT_MATRIXKMAP is not set - -# -# Userland interfaces -# CONFIG_INPUT_MOUSEDEV=y -# CONFIG_INPUT_MOUSEDEV_PSAUX is not set -CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 -CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 -# CONFIG_INPUT_JOYDEV is not set -# CONFIG_INPUT_EVDEV is not set -# CONFIG_INPUT_EVBUG is not set - -# -# Input Device Drivers -# -CONFIG_INPUT_KEYBOARD=y -# CONFIG_KEYBOARD_ADP5588 is not set -# CONFIG_KEYBOARD_ADP5589 is not set -CONFIG_KEYBOARD_ATKBD=y -# CONFIG_KEYBOARD_QT1050 is not set -# CONFIG_KEYBOARD_QT1070 is not set -# CONFIG_KEYBOARD_QT2160 is not set -# CONFIG_KEYBOARD_DLINK_DIR685 is not set -# CONFIG_KEYBOARD_LKKBD is not set -# CONFIG_KEYBOARD_TCA6416 is not set -# CONFIG_KEYBOARD_TCA8418 is not set -# CONFIG_KEYBOARD_LM8333 is not set -# CONFIG_KEYBOARD_MAX7359 is not set -# CONFIG_KEYBOARD_MCS is not set -# CONFIG_KEYBOARD_MPR121 is not set -# CONFIG_KEYBOARD_NEWTON is not set -# CONFIG_KEYBOARD_OPENCORES is not set -# CONFIG_KEYBOARD_SAMSUNG is not set -# CONFIG_KEYBOARD_STOWAWAY is not set -# CONFIG_KEYBOARD_SUNKBD is not set -# CONFIG_KEYBOARD_XTKBD is not set -CONFIG_INPUT_MOUSE=y -CONFIG_MOUSE_PS2=y # CONFIG_MOUSE_PS2_ALPS is not set # CONFIG_MOUSE_PS2_BYD is not set # CONFIG_MOUSE_PS2_LOGIPS2PP is not set -CONFIG_MOUSE_PS2_SYNAPTICS=y # CONFIG_MOUSE_PS2_SYNAPTICS_SMBUS is not set # CONFIG_MOUSE_PS2_CYPRESS is not set # CONFIG_MOUSE_PS2_LIFEBOOK is not set # CONFIG_MOUSE_PS2_TRACKPOINT is not set -# CONFIG_MOUSE_PS2_ELANTECH is not set -# CONFIG_MOUSE_PS2_SENTELIC is not set -# CONFIG_MOUSE_PS2_TOUCHKIT is not set # CONFIG_MOUSE_PS2_FOCALTECH is not set -# CONFIG_MOUSE_SERIAL is not set -# CONFIG_MOUSE_APPLETOUCH is not set -# CONFIG_MOUSE_BCM5974 is not set -# CONFIG_MOUSE_CYAPA is not set -# CONFIG_MOUSE_ELAN_I2C is not set -# CONFIG_MOUSE_VSXXXAA is not set -# CONFIG_MOUSE_SYNAPTICS_I2C is not set -# CONFIG_MOUSE_SYNAPTICS_USB is not set -# CONFIG_INPUT_JOYSTICK is not set -# CONFIG_INPUT_TABLET is not set -# CONFIG_INPUT_TOUCHSCREEN is not set -# CONFIG_INPUT_MISC is not set -# CONFIG_RMI4_CORE is not set - -# -# Hardware I/O ports -# -CONFIG_SERIO=y -CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y -CONFIG_SERIO_I8042=y # CONFIG_SERIO_SERPORT is not set -# CONFIG_SERIO_CT82C710 is not set -# CONFIG_SERIO_PCIPS2 is not set -CONFIG_SERIO_LIBPS2=y -# CONFIG_SERIO_RAW is not set -# CONFIG_SERIO_ALTERA_PS2 is not set -# CONFIG_SERIO_PS2MULT is not set -# CONFIG_SERIO_ARC_PS2 is not set -# CONFIG_USERIO is not set -# CONFIG_GAMEPORT is not set -# end of Hardware I/O ports -# end of Input device support - -# -# Character devices -# -CONFIG_TTY=y -CONFIG_VT=y -CONFIG_CONSOLE_TRANSLATIONS=y -CONFIG_VT_CONSOLE=y -CONFIG_HW_CONSOLE=y -CONFIG_VT_HW_CONSOLE_BINDING=y -CONFIG_UNIX98_PTYS=y # CONFIG_LEGACY_PTYS is not set # CONFIG_LDISC_AUTOLOAD is not set - -# -# Serial drivers -# CONFIG_SERIAL_8250=y # CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set # CONFIG_SERIAL_8250_PNP is not set -# CONFIG_SERIAL_8250_16550A_VARIANTS is not set -# CONFIG_SERIAL_8250_FINTEK is not set -# CONFIG_SERIAL_8250_CONSOLE is not set # CONFIG_SERIAL_8250_PCI is not set -CONFIG_SERIAL_8250_NR_UARTS=4 -CONFIG_SERIAL_8250_RUNTIME_UARTS=4 -# CONFIG_SERIAL_8250_EXTENDED is not set -# CONFIG_SERIAL_8250_DW is not set -# CONFIG_SERIAL_8250_RT288X is not set # CONFIG_SERIAL_8250_LPSS is not set # CONFIG_SERIAL_8250_MID is not set - -# -# Non-8250 serial port support -# -# CONFIG_SERIAL_UARTLITE is not set -CONFIG_SERIAL_CORE=y -# CONFIG_SERIAL_JSM is not set -# CONFIG_SERIAL_LANTIQ is not set -# CONFIG_SERIAL_SCCNXP is not set -# CONFIG_SERIAL_SC16IS7XX is not set -# CONFIG_SERIAL_ALTERA_JTAGUART is not set -# CONFIG_SERIAL_ALTERA_UART is not set -# CONFIG_SERIAL_ARC is not set -# CONFIG_SERIAL_RP2 is not set -# CONFIG_SERIAL_FSL_LPUART is not set -# CONFIG_SERIAL_FSL_LINFLEXUART is not set -# CONFIG_SERIAL_SPRD is not set -# end of Serial drivers - -# CONFIG_SERIAL_NONSTANDARD is not set -# CONFIG_N_GSM is not set -# CONFIG_NOZOMI is not set -# CONFIG_NULL_TTY is not set -# CONFIG_TRACE_SINK is not set -# CONFIG_SERIAL_DEV_BUS is not set CONFIG_TTY_PRINTK=y -CONFIG_TTY_PRINTK_LEVEL=6 -# CONFIG_VIRTIO_CONSOLE is not set -# CONFIG_IPMI_HANDLER is not set -# CONFIG_IPMB_DEVICE_INTERFACE is not set CONFIG_HW_RANDOM=y -# CONFIG_HW_RANDOM_TIMERIOMEM is not set -CONFIG_HW_RANDOM_INTEL=y # CONFIG_HW_RANDOM_AMD is not set -# CONFIG_HW_RANDOM_BA431 is not set # CONFIG_HW_RANDOM_VIA is not set -# CONFIG_HW_RANDOM_XIPHERA is not set -# CONFIG_APPLICOM is not set -# CONFIG_MWAVE is not set -CONFIG_DEVMEM=y -# CONFIG_DEVKMEM is not set -# CONFIG_NVRAM is not set -# CONFIG_RAW_DRIVER is not set -CONFIG_DEVPORT=y -# CONFIG_HPET is not set -# CONFIG_HANGCHECK_TIMER is not set CONFIG_TCG_TPM=y # CONFIG_HW_RANDOM_TPM is not set -CONFIG_TCG_TIS_CORE=y CONFIG_TCG_TIS=y -# CONFIG_TCG_TIS_I2C_ATMEL is not set -# CONFIG_TCG_TIS_I2C_INFINEON is not set -# CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_NSC is not set -# CONFIG_TCG_ATMEL is not set -# CONFIG_TCG_INFINEON is not set -# CONFIG_TCG_CRB is not set -# CONFIG_TCG_VTPM_PROXY is not set -# CONFIG_TCG_TIS_ST33ZP24_I2C is not set -# CONFIG_TELCLOCK is not set -# CONFIG_XILLYBUS is not set -# end of Character devices - -CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set - -# -# I2C support -# CONFIG_I2C=y -CONFIG_ACPI_I2C_OPREGION=y -CONFIG_I2C_BOARDINFO=y # CONFIG_I2C_COMPAT is not set -# CONFIG_I2C_CHARDEV is not set -# CONFIG_I2C_MUX is not set # CONFIG_I2C_HELPER_AUTO is not set -# CONFIG_I2C_SMBUS is not set - -# -# I2C Algorithms -# CONFIG_I2C_ALGOBIT=y -# CONFIG_I2C_ALGOPCF is not set -# CONFIG_I2C_ALGOPCA is not set -# end of I2C Algorithms - -# -# I2C Hardware Bus support -# - -# -# PC SMBus host controller drivers -# -# CONFIG_I2C_ALI1535 is not set -# CONFIG_I2C_ALI1563 is not set -# CONFIG_I2C_ALI15X3 is not set -# CONFIG_I2C_AMD756 is not set -# CONFIG_I2C_AMD8111 is not set -# CONFIG_I2C_AMD_MP2 is not set -# CONFIG_I2C_I801 is not set -# CONFIG_I2C_ISCH is not set -# CONFIG_I2C_ISMT is not set -# CONFIG_I2C_PIIX4 is not set -# CONFIG_I2C_NFORCE2 is not set -# CONFIG_I2C_NVIDIA_GPU is not set -# CONFIG_I2C_SIS5595 is not set -# CONFIG_I2C_SIS630 is not set -# CONFIG_I2C_SIS96X is not set -# CONFIG_I2C_VIA is not set -# CONFIG_I2C_VIAPRO is not set - -# -# ACPI drivers -# -# CONFIG_I2C_SCMI is not set - -# -# I2C system bus drivers (mostly embedded / system-on-chip) -# -# CONFIG_I2C_DESIGNWARE_PLATFORM is not set -# CONFIG_I2C_DESIGNWARE_PCI is not set -# CONFIG_I2C_EMEV2 is not set -# CONFIG_I2C_OCORES is not set -# CONFIG_I2C_PCA_PLATFORM is not set -# CONFIG_I2C_SIMTEC is not set -# CONFIG_I2C_XILINX is not set - -# -# External I2C/SMBus adapter drivers -# -# CONFIG_I2C_DIOLAN_U2C is not set -# CONFIG_I2C_ROBOTFUZZ_OSIF is not set -# CONFIG_I2C_TAOS_EVM is not set -# CONFIG_I2C_TINY_USB is not set - -# -# Other I2C/SMBus bus drivers -# -# CONFIG_I2C_MLXCPLD is not set -# end of I2C Hardware Bus support - -# CONFIG_I2C_STUB is not set CONFIG_I2C_SLAVE=y -# CONFIG_I2C_SLAVE_EEPROM is not set -# CONFIG_I2C_SLAVE_TESTUNIT is not set -# CONFIG_I2C_DEBUG_CORE is not set -# CONFIG_I2C_DEBUG_ALGO is not set -# CONFIG_I2C_DEBUG_BUS is not set -# end of I2C support - -# CONFIG_I3C is not set -# CONFIG_SPI is not set -# CONFIG_SPMI is not set -# CONFIG_HSI is not set -# CONFIG_PPS is not set - -# -# PTP clock support -# # CONFIG_PTP_1588_CLOCK is not set - -# -# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. -# -# end of PTP clock support - -# CONFIG_PINCTRL is not set -# CONFIG_GPIOLIB is not set -# CONFIG_W1 is not set -# CONFIG_POWER_RESET is not set -CONFIG_POWER_SUPPLY=y -# CONFIG_POWER_SUPPLY_DEBUG is not set -# CONFIG_PDA_POWER is not set -# CONFIG_TEST_POWER is not set -# CONFIG_CHARGER_ADP5061 is not set -# CONFIG_BATTERY_CW2015 is not set -# CONFIG_BATTERY_DS2780 is not set -# CONFIG_BATTERY_DS2781 is not set -# CONFIG_BATTERY_DS2782 is not set -# CONFIG_BATTERY_SBS is not set -# CONFIG_CHARGER_SBS is not set -# CONFIG_BATTERY_BQ27XXX is not set -# CONFIG_BATTERY_MAX17040 is not set -# CONFIG_BATTERY_MAX17042 is not set -# CONFIG_CHARGER_MAX8903 is not set -# CONFIG_CHARGER_LP8727 is not set -# CONFIG_CHARGER_BQ2415X is not set -# CONFIG_CHARGER_SMB347 is not set -# CONFIG_BATTERY_GAUGE_LTC2941 is not set -# CONFIG_CHARGER_BD99954 is not set # CONFIG_HWMON is not set -CONFIG_THERMAL=y -# CONFIG_THERMAL_NETLINK is not set -# CONFIG_THERMAL_STATISTICS is not set -CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 -# CONFIG_THERMAL_WRITABLE_TRIPS is not set -CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y -# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set -# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set -# CONFIG_THERMAL_GOV_FAIR_SHARE is not set -CONFIG_THERMAL_GOV_STEP_WISE=y -# CONFIG_THERMAL_GOV_BANG_BANG is not set -# CONFIG_THERMAL_GOV_USER_SPACE is not set -# CONFIG_THERMAL_EMULATION is not set - -# -# Intel thermal drivers -# -# CONFIG_INTEL_POWERCLAMP is not set # CONFIG_X86_PKG_TEMP_THERMAL is not set -# CONFIG_INTEL_SOC_DTS_THERMAL is not set - -# -# ACPI INT340X thermal drivers -# -# CONFIG_INT340X_THERMAL is not set -# end of ACPI INT340X thermal drivers - -# CONFIG_INTEL_PCH_THERMAL is not set -# end of Intel thermal drivers - -# CONFIG_WATCHDOG is not set -CONFIG_SSB_POSSIBLE=y -# CONFIG_SSB is not set -CONFIG_BCMA_POSSIBLE=y -# CONFIG_BCMA is not set - -# -# Multifunction device drivers -# -# CONFIG_MFD_AS3711 is not set -# CONFIG_PMIC_ADP5520 is not set -# CONFIG_MFD_BCM590XX is not set -# CONFIG_MFD_BD9571MWV is not set -# CONFIG_MFD_AXP20X_I2C is not set -# CONFIG_MFD_MADERA is not set -# CONFIG_PMIC_DA903X is not set -# CONFIG_MFD_DA9052_I2C is not set -# CONFIG_MFD_DA9055 is not set -# CONFIG_MFD_DA9062 is not set -# CONFIG_MFD_DA9063 is not set -# CONFIG_MFD_DA9150 is not set -# CONFIG_MFD_DLN2 is not set -# CONFIG_MFD_MC13XXX_I2C is not set -# CONFIG_MFD_MP2629 is not set -# CONFIG_HTC_PASIC3 is not set -# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set -# CONFIG_LPC_ICH is not set -# CONFIG_LPC_SCH is not set -# CONFIG_MFD_INTEL_LPSS_ACPI is not set -# CONFIG_MFD_INTEL_LPSS_PCI is not set -# CONFIG_MFD_IQS62X is not set -# CONFIG_MFD_JANZ_CMODIO is not set -# CONFIG_MFD_KEMPLD is not set -# CONFIG_MFD_88PM800 is not set -# CONFIG_MFD_88PM805 is not set -# CONFIG_MFD_88PM860X is not set -# CONFIG_MFD_MAX14577 is not set -# CONFIG_MFD_MAX77693 is not set -# CONFIG_MFD_MAX77843 is not set -# CONFIG_MFD_MAX8907 is not set -# CONFIG_MFD_MAX8925 is not set -# CONFIG_MFD_MAX8997 is not set -# CONFIG_MFD_MAX8998 is not set -# CONFIG_MFD_MT6360 is not set -# CONFIG_MFD_MT6397 is not set -# CONFIG_MFD_MENF21BMC is not set -# CONFIG_MFD_VIPERBOARD is not set -# CONFIG_MFD_RETU is not set -# CONFIG_MFD_PCF50633 is not set -# CONFIG_MFD_RDC321X is not set -# CONFIG_MFD_RT5033 is not set -# CONFIG_MFD_RC5T583 is not set -# CONFIG_MFD_SEC_CORE is not set -# CONFIG_MFD_SI476X_CORE is not set -# CONFIG_MFD_SM501 is not set -# CONFIG_MFD_SKY81452 is not set -# CONFIG_ABX500_CORE is not set CONFIG_MFD_SYSCON=y -# CONFIG_MFD_TI_AM335X_TSCADC is not set -# CONFIG_MFD_LP3943 is not set -# CONFIG_MFD_LP8788 is not set -# CONFIG_MFD_TI_LMU is not set -# CONFIG_MFD_PALMAS is not set -# CONFIG_TPS6105X is not set -# CONFIG_TPS6507X is not set -# CONFIG_MFD_TPS65086 is not set -# CONFIG_MFD_TPS65090 is not set -# CONFIG_MFD_TI_LP873X is not set -# CONFIG_MFD_TPS6586X is not set -# CONFIG_MFD_TPS65912_I2C is not set -# CONFIG_MFD_TPS80031 is not set -# CONFIG_TWL4030_CORE is not set -# CONFIG_TWL6040_CORE is not set -# CONFIG_MFD_WL1273_CORE is not set -# CONFIG_MFD_LM3533 is not set -# CONFIG_MFD_TQMX86 is not set -# CONFIG_MFD_VX855 is not set -# CONFIG_MFD_ARIZONA_I2C is not set -# CONFIG_MFD_WM8400 is not set -# CONFIG_MFD_WM831X_I2C is not set -# CONFIG_MFD_WM8350_I2C is not set -# CONFIG_MFD_WM8994 is not set -# end of Multifunction device drivers - -# CONFIG_REGULATOR is not set -# CONFIG_RC_CORE is not set -# CONFIG_MEDIA_CEC_SUPPORT is not set -# CONFIG_MEDIA_SUPPORT is not set - -# -# Graphics support -# -# CONFIG_AGP is not set -CONFIG_VGA_ARB=y -CONFIG_VGA_ARB_MAX_GPUS=16 -# CONFIG_VGA_SWITCHEROO is not set -# CONFIG_DRM is not set - -# -# ARM devices -# -# end of ARM devices - -CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y - -# -# Frame buffer Devices -# -CONFIG_FB_CMDLINE=y -CONFIG_FB_NOTIFY=y CONFIG_FB=y -# CONFIG_FIRMWARE_EDID is not set -CONFIG_FB_CFB_FILLRECT=y -CONFIG_FB_CFB_COPYAREA=y -CONFIG_FB_CFB_IMAGEBLIT=y -# CONFIG_FB_FOREIGN_ENDIAN is not set -# CONFIG_FB_MODE_HELPERS is not set -# CONFIG_FB_TILEBLITTING is not set - -# -# Frame buffer hardware drivers -# -# CONFIG_FB_CIRRUS is not set -# CONFIG_FB_PM2 is not set -# CONFIG_FB_CYBER2000 is not set -# CONFIG_FB_ARC is not set -# CONFIG_FB_ASILIANT is not set -# CONFIG_FB_IMSTT is not set -# CONFIG_FB_VGA16 is not set -# CONFIG_FB_VESA is not set CONFIG_FB_EFI=y -# CONFIG_FB_N411 is not set -# CONFIG_FB_HGA is not set -# CONFIG_FB_OPENCORES is not set -# CONFIG_FB_S1D13XXX is not set -# CONFIG_FB_NVIDIA is not set -# CONFIG_FB_RIVA is not set -# CONFIG_FB_I740 is not set -# CONFIG_FB_LE80578 is not set -# CONFIG_FB_MATROX is not set -# CONFIG_FB_RADEON is not set -# CONFIG_FB_ATY128 is not set -# CONFIG_FB_ATY is not set -# CONFIG_FB_S3 is not set -# CONFIG_FB_SAVAGE is not set -# CONFIG_FB_SIS is not set -# CONFIG_FB_NEOMAGIC is not set -# CONFIG_FB_KYRO is not set -# CONFIG_FB_3DFX is not set -# CONFIG_FB_VOODOO1 is not set -# CONFIG_FB_VT8623 is not set -# CONFIG_FB_TRIDENT is not set -# CONFIG_FB_ARK is not set -# CONFIG_FB_PM3 is not set -# CONFIG_FB_CARMINE is not set -# CONFIG_FB_SMSCUFX is not set -# CONFIG_FB_UDL is not set -# CONFIG_FB_IBM_GXT4500 is not set -# CONFIG_FB_VIRTUAL is not set -# CONFIG_FB_METRONOME is not set -# CONFIG_FB_MB862XX is not set -# CONFIG_FB_SIMPLE is not set -# CONFIG_FB_SM712 is not set -# end of Frame buffer Devices - -# -# Backlight & LCD device support -# -# CONFIG_LCD_CLASS_DEVICE is not set CONFIG_BACKLIGHT_CLASS_DEVICE=y -# CONFIG_BACKLIGHT_APPLE is not set -# CONFIG_BACKLIGHT_QCOM_WLED is not set -# CONFIG_BACKLIGHT_SAHARA is not set -# CONFIG_BACKLIGHT_ADP8860 is not set -# CONFIG_BACKLIGHT_ADP8870 is not set -# CONFIG_BACKLIGHT_LM3639 is not set -# CONFIG_BACKLIGHT_LV5207LP is not set -# CONFIG_BACKLIGHT_BD6107 is not set -# CONFIG_BACKLIGHT_ARCXCNN is not set -# end of Backlight & LCD device support - -# -# Console display driver support -# -CONFIG_VGA_CONSOLE=y -CONFIG_DUMMY_CONSOLE=y -CONFIG_DUMMY_CONSOLE_COLUMNS=80 -CONFIG_DUMMY_CONSOLE_ROWS=25 CONFIG_FRAMEBUFFER_CONSOLE=y CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y -# CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set -# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set -# end of Console display driver support - -# CONFIG_LOGO is not set -# end of Graphics support - -# CONFIG_SOUND is not set - -# -# HID support -# -CONFIG_HID=y -# CONFIG_HID_BATTERY_STRENGTH is not set -# CONFIG_HIDRAW is not set -# CONFIG_UHID is not set -CONFIG_HID_GENERIC=y - -# -# Special HID drivers -# -# CONFIG_HID_A4TECH is not set -# CONFIG_HID_ACCUTOUCH is not set -# CONFIG_HID_ACRUX is not set -# CONFIG_HID_APPLE is not set -# CONFIG_HID_APPLEIR is not set -# CONFIG_HID_AUREAL is not set -# CONFIG_HID_BELKIN is not set -# CONFIG_HID_BETOP_FF is not set -# CONFIG_HID_CHERRY is not set -# CONFIG_HID_CHICONY is not set -# CONFIG_HID_COUGAR is not set -# CONFIG_HID_MACALLY is not set -# CONFIG_HID_CMEDIA is not set -# CONFIG_HID_CREATIVE_SB0540 is not set -# CONFIG_HID_CYPRESS is not set -# CONFIG_HID_DRAGONRISE is not set -# CONFIG_HID_EMS_FF is not set -# CONFIG_HID_ELECOM is not set -# CONFIG_HID_ELO is not set -# CONFIG_HID_EZKEY is not set -# CONFIG_HID_GEMBIRD is not set -# CONFIG_HID_GFRM is not set -# CONFIG_HID_GLORIOUS is not set -# CONFIG_HID_HOLTEK is not set -# CONFIG_HID_VIVALDI is not set -# CONFIG_HID_KEYTOUCH is not set -# CONFIG_HID_KYE is not set -# CONFIG_HID_UCLOGIC is not set -# CONFIG_HID_WALTOP is not set -# CONFIG_HID_VIEWSONIC is not set -# CONFIG_HID_GYRATION is not set -# CONFIG_HID_ICADE is not set -# CONFIG_HID_ITE is not set -# CONFIG_HID_JABRA is not set -# CONFIG_HID_TWINHAN is not set -# CONFIG_HID_KENSINGTON is not set -# CONFIG_HID_LCPOWER is not set -# CONFIG_HID_LENOVO is not set -# CONFIG_HID_MAGICMOUSE is not set -# CONFIG_HID_MALTRON is not set -# CONFIG_HID_MAYFLASH is not set -# CONFIG_HID_REDRAGON is not set -# CONFIG_HID_MICROSOFT is not set -# CONFIG_HID_MONTEREY is not set -# CONFIG_HID_MULTITOUCH is not set -# CONFIG_HID_NTI is not set -# CONFIG_HID_NTRIG is not set -# CONFIG_HID_ORTEK is not set -# CONFIG_HID_PANTHERLORD is not set -# CONFIG_HID_PENMOUNT is not set -# CONFIG_HID_PETALYNX is not set -# CONFIG_HID_PICOLCD is not set -# CONFIG_HID_PLANTRONICS is not set -# CONFIG_HID_PRIMAX is not set -# CONFIG_HID_RETRODE is not set -# CONFIG_HID_ROCCAT is not set -# CONFIG_HID_SAITEK is not set -# CONFIG_HID_SAMSUNG is not set -# CONFIG_HID_SPEEDLINK is not set -# CONFIG_HID_STEAM is not set -# CONFIG_HID_STEELSERIES is not set -# CONFIG_HID_SUNPLUS is not set -# CONFIG_HID_RMI is not set -# CONFIG_HID_GREENASIA is not set -# CONFIG_HID_SMARTJOYPLUS is not set -# CONFIG_HID_TIVO is not set -# CONFIG_HID_TOPSEED is not set -# CONFIG_HID_THRUSTMASTER is not set -# CONFIG_HID_UDRAW_PS3 is not set -# CONFIG_HID_WACOM is not set -# CONFIG_HID_XINMO is not set -# CONFIG_HID_ZEROPLUS is not set -# CONFIG_HID_ZYDACRON is not set -# CONFIG_HID_SENSOR_HUB is not set -# CONFIG_HID_ALPS is not set -# end of Special HID drivers - -# -# USB HID support -# CONFIG_USB_HID=m -# CONFIG_HID_PID is not set -# CONFIG_USB_HIDDEV is not set - -# -# USB HID Boot Protocol drivers -# -# CONFIG_USB_KBD is not set -# CONFIG_USB_MOUSE is not set -# end of USB HID Boot Protocol drivers -# end of USB HID support - -# -# I2C HID support -# -# CONFIG_I2C_HID is not set -# end of I2C HID support - -# -# Intel ISH HID support -# -# CONFIG_INTEL_ISH_HID is not set -# end of Intel ISH HID support -# end of HID support - -CONFIG_USB_OHCI_LITTLE_ENDIAN=y -CONFIG_USB_SUPPORT=y -CONFIG_USB_COMMON=y -# CONFIG_USB_ULPI_BUS is not set -CONFIG_USB_ARCH_HAS_HCD=y CONFIG_USB=y -CONFIG_USB_PCI=y -# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set - -# -# Miscellaneous USB options -# -CONFIG_USB_DEFAULT_PERSIST=y -# CONFIG_USB_FEW_INIT_RETRIES is not set -# CONFIG_USB_DYNAMIC_MINORS is not set -# CONFIG_USB_OTG_PRODUCTLIST is not set -# CONFIG_USB_OTG_DISABLE_EXTERNAL_HUB is not set -CONFIG_USB_AUTOSUSPEND_DELAY=2 -# CONFIG_USB_MON is not set - -# -# USB Host Controller Drivers -# -# CONFIG_USB_C67X00_HCD is not set CONFIG_USB_XHCI_HCD=m -# CONFIG_USB_XHCI_DBGCAP is not set -CONFIG_USB_XHCI_PCI=m -# CONFIG_USB_XHCI_PCI_RENESAS is not set CONFIG_USB_XHCI_PLATFORM=m CONFIG_USB_EHCI_HCD=m -# CONFIG_USB_EHCI_ROOT_HUB_TT is not set -CONFIG_USB_EHCI_TT_NEWSCHED=y -CONFIG_USB_EHCI_PCI=m -# CONFIG_USB_EHCI_FSL is not set CONFIG_USB_EHCI_HCD_PLATFORM=m -# CONFIG_USB_OXU210HP_HCD is not set -# CONFIG_USB_ISP116X_HCD is not set -# CONFIG_USB_FOTG210_HCD is not set CONFIG_USB_OHCI_HCD=m -CONFIG_USB_OHCI_HCD_PCI=m -# CONFIG_USB_OHCI_HCD_PLATFORM is not set -# CONFIG_USB_UHCI_HCD is not set -# CONFIG_USB_SL811_HCD is not set -# CONFIG_USB_R8A66597_HCD is not set -# CONFIG_USB_HCD_TEST_MODE is not set - -# -# USB Device Class drivers -# -# CONFIG_USB_ACM is not set -# CONFIG_USB_PRINTER is not set -# CONFIG_USB_WDM is not set -# CONFIG_USB_TMC is not set - -# -# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may -# - -# -# also be needed; see USB_STORAGE Help for more info -# CONFIG_USB_STORAGE=m -# CONFIG_USB_STORAGE_DEBUG is not set -# CONFIG_USB_STORAGE_REALTEK is not set -# CONFIG_USB_STORAGE_DATAFAB is not set -# CONFIG_USB_STORAGE_FREECOM is not set -# CONFIG_USB_STORAGE_ISD200 is not set -# CONFIG_USB_STORAGE_USBAT is not set -# CONFIG_USB_STORAGE_SDDR09 is not set -# CONFIG_USB_STORAGE_SDDR55 is not set -# CONFIG_USB_STORAGE_JUMPSHOT is not set -# CONFIG_USB_STORAGE_ALAUDA is not set -# CONFIG_USB_STORAGE_ONETOUCH is not set -# CONFIG_USB_STORAGE_KARMA is not set -# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set -# CONFIG_USB_STORAGE_ENE_UB6250 is not set -# CONFIG_USB_UAS is not set - -# -# USB Imaging devices -# -# CONFIG_USB_MDC800 is not set -# CONFIG_USB_MICROTEK is not set -# CONFIG_USBIP_CORE is not set -# CONFIG_USB_CDNS3 is not set -# CONFIG_USB_MUSB_HDRC is not set -# CONFIG_USB_DWC3 is not set -# CONFIG_USB_DWC2 is not set -# CONFIG_USB_CHIPIDEA is not set -# CONFIG_USB_ISP1760 is not set - -# -# USB port drivers -# -# CONFIG_USB_SERIAL is not set - -# -# USB Miscellaneous drivers -# -# CONFIG_USB_EMI62 is not set -# CONFIG_USB_EMI26 is not set -# CONFIG_USB_ADUTUX is not set -# CONFIG_USB_SEVSEG is not set -# CONFIG_USB_LEGOTOWER is not set -# CONFIG_USB_LCD is not set -# CONFIG_USB_CYPRESS_CY7C63 is not set -# CONFIG_USB_CYTHERM is not set -# CONFIG_USB_IDMOUSE is not set -# CONFIG_USB_FTDI_ELAN is not set -# CONFIG_USB_APPLEDISPLAY is not set -# CONFIG_APPLE_MFI_FASTCHARGE is not set -# CONFIG_USB_SISUSBVGA is not set -# CONFIG_USB_LD is not set -# CONFIG_USB_TRANCEVIBRATOR is not set -# CONFIG_USB_IOWARRIOR is not set -# CONFIG_USB_TEST is not set -# CONFIG_USB_EHSET_TEST_FIXTURE is not set -# CONFIG_USB_ISIGHTFW is not set -# CONFIG_USB_YUREX is not set -# CONFIG_USB_EZUSB_FX2 is not set -# CONFIG_USB_HUB_USB251XB is not set -# CONFIG_USB_HSIC_USB3503 is not set -# CONFIG_USB_HSIC_USB4604 is not set -# CONFIG_USB_LINK_LAYER_TEST is not set -# CONFIG_USB_CHAOSKEY is not set - -# -# USB Physical Layer drivers -# -# CONFIG_NOP_USB_XCEIV is not set -# CONFIG_USB_ISP1301 is not set -# end of USB Physical Layer drivers - -# CONFIG_USB_GADGET is not set -# CONFIG_TYPEC is not set -# CONFIG_USB_ROLE_SWITCH is not set CONFIG_MMC=m -CONFIG_MMC_BLOCK=m -CONFIG_MMC_BLOCK_MINORS=8 -# CONFIG_SDIO_UART is not set -# CONFIG_MMC_TEST is not set - -# -# MMC/SD/SDIO Host Controller Drivers -# -# CONFIG_MMC_DEBUG is not set CONFIG_MMC_SDHCI=m -# CONFIG_MMC_SDHCI_PCI is not set -# CONFIG_MMC_SDHCI_ACPI is not set -# CONFIG_MMC_SDHCI_PLTFM is not set -# CONFIG_MMC_WBSD is not set -# CONFIG_MMC_TIFM_SD is not set -# CONFIG_MMC_CB710 is not set -# CONFIG_MMC_VIA_SDMMC is not set -# CONFIG_MMC_VUB300 is not set -# CONFIG_MMC_USHC is not set -# CONFIG_MMC_USDHI6ROL0 is not set CONFIG_MMC_CQHCI=m -# CONFIG_MMC_HSQ is not set -# CONFIG_MMC_TOSHIBA_PCI is not set -# CONFIG_MMC_MTK is not set -# CONFIG_MEMSTICK is not set -# CONFIG_NEW_LEDS is not set -# CONFIG_ACCESSIBILITY is not set -# CONFIG_INFINIBAND is not set -CONFIG_EDAC_ATOMIC_SCRUB=y -CONFIG_EDAC_SUPPORT=y -CONFIG_RTC_LIB=y -CONFIG_RTC_MC146818_LIB=y CONFIG_RTC_CLASS=y -CONFIG_RTC_HCTOSYS=y -CONFIG_RTC_HCTOSYS_DEVICE="rtc0" -CONFIG_RTC_SYSTOHC=y -CONFIG_RTC_SYSTOHC_DEVICE="rtc0" -# CONFIG_RTC_DEBUG is not set -CONFIG_RTC_NVMEM=y - -# -# RTC interfaces -# -CONFIG_RTC_INTF_SYSFS=y -CONFIG_RTC_INTF_PROC=y -CONFIG_RTC_INTF_DEV=y -# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set -# CONFIG_RTC_DRV_TEST is not set - -# -# I2C RTC drivers -# -# CONFIG_RTC_DRV_ABB5ZES3 is not set -# CONFIG_RTC_DRV_ABEOZ9 is not set -# CONFIG_RTC_DRV_ABX80X is not set -# CONFIG_RTC_DRV_DS1307 is not set -# CONFIG_RTC_DRV_DS1374 is not set -# CONFIG_RTC_DRV_DS1672 is not set -# CONFIG_RTC_DRV_MAX6900 is not set -# CONFIG_RTC_DRV_RS5C372 is not set -# CONFIG_RTC_DRV_ISL1208 is not set -# CONFIG_RTC_DRV_ISL12022 is not set -# CONFIG_RTC_DRV_X1205 is not set -# CONFIG_RTC_DRV_PCF8523 is not set -# CONFIG_RTC_DRV_PCF85063 is not set -# CONFIG_RTC_DRV_PCF85363 is not set -# CONFIG_RTC_DRV_PCF8563 is not set -# CONFIG_RTC_DRV_PCF8583 is not set -# CONFIG_RTC_DRV_M41T80 is not set -# CONFIG_RTC_DRV_BQ32K is not set -# CONFIG_RTC_DRV_S35390A is not set -# CONFIG_RTC_DRV_FM3130 is not set -# CONFIG_RTC_DRV_RX8010 is not set -# CONFIG_RTC_DRV_RX8581 is not set -# CONFIG_RTC_DRV_RX8025 is not set -# CONFIG_RTC_DRV_EM3027 is not set -# CONFIG_RTC_DRV_RV3028 is not set -# CONFIG_RTC_DRV_RV3032 is not set -# CONFIG_RTC_DRV_RV8803 is not set -# CONFIG_RTC_DRV_SD3078 is not set - -# -# SPI RTC drivers -# -CONFIG_RTC_I2C_AND_SPI=y - -# -# SPI and I2C RTC drivers -# -# CONFIG_RTC_DRV_DS3232 is not set -# CONFIG_RTC_DRV_PCF2127 is not set -# CONFIG_RTC_DRV_RV3029C2 is not set - -# -# Platform RTC drivers -# -CONFIG_RTC_DRV_CMOS=y -# CONFIG_RTC_DRV_DS1286 is not set -# CONFIG_RTC_DRV_DS1511 is not set -# CONFIG_RTC_DRV_DS1553 is not set -# CONFIG_RTC_DRV_DS1685_FAMILY is not set -# CONFIG_RTC_DRV_DS1742 is not set -# CONFIG_RTC_DRV_DS2404 is not set -# CONFIG_RTC_DRV_STK17TA8 is not set -# CONFIG_RTC_DRV_M48T86 is not set -# CONFIG_RTC_DRV_M48T35 is not set -# CONFIG_RTC_DRV_M48T59 is not set -# CONFIG_RTC_DRV_MSM6242 is not set -# CONFIG_RTC_DRV_BQ4802 is not set -# CONFIG_RTC_DRV_RP5C01 is not set -# CONFIG_RTC_DRV_V3020 is not set - -# -# on-CPU RTC drivers -# -# CONFIG_RTC_DRV_FTRTC010 is not set - -# -# HID Sensor RTC drivers -# -# CONFIG_DMADEVICES is not set - -# -# DMABUF options -# CONFIG_SYNC_FILE=y -# CONFIG_DMABUF_MOVE_NOTIFY is not set -# CONFIG_DMABUF_SELFTESTS is not set -# CONFIG_DMABUF_HEAPS is not set -# end of DMABUF options - -# CONFIG_AUXDISPLAY is not set -# CONFIG_UIO is not set -# CONFIG_VFIO is not set -# CONFIG_VIRT_DRIVERS is not set # CONFIG_VIRTIO_MENU is not set -# CONFIG_VDPA is not set # CONFIG_VHOST_MENU is not set - -# -# Microsoft Hyper-V guest support -# -# end of Microsoft Hyper-V guest support - -# CONFIG_GREYBUS is not set -# CONFIG_STAGING is not set # CONFIG_X86_PLATFORM_DEVICES is not set -CONFIG_PMC_ATOM=y -# CONFIG_CHROME_PLATFORMS is not set -# CONFIG_MELLANOX_PLATFORM is not set -CONFIG_HAVE_CLK=y -CONFIG_CLKDEV_LOOKUP=y -CONFIG_HAVE_CLK_PREPARE=y -CONFIG_COMMON_CLK=y -# CONFIG_COMMON_CLK_MAX9485 is not set -# CONFIG_COMMON_CLK_SI5341 is not set -# CONFIG_COMMON_CLK_SI5351 is not set -# CONFIG_COMMON_CLK_SI544 is not set -# CONFIG_COMMON_CLK_CDCE706 is not set -# CONFIG_COMMON_CLK_CS2000_CP is not set -# CONFIG_HWSPINLOCK is not set - -# -# Clock Source drivers -# -CONFIG_CLKEVT_I8253=y -CONFIG_I8253_LOCK=y -CONFIG_CLKBLD_I8253=y -# end of Clock Source drivers - -CONFIG_MAILBOX=y -CONFIG_PCC=y -# CONFIG_ALTERA_MBOX is not set -CONFIG_IOMMU_IOVA=y -CONFIG_IOASID=y -CONFIG_IOMMU_API=y -CONFIG_IOMMU_SUPPORT=y - -# -# Generic IOMMU Pagetable Support -# -# end of Generic IOMMU Pagetable Support - -# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set -# CONFIG_AMD_IOMMU is not set -CONFIG_DMAR_TABLE=y CONFIG_INTEL_IOMMU=y CONFIG_INTEL_IOMMU_SVM=y -CONFIG_INTEL_IOMMU_DEFAULT_ON=y -CONFIG_INTEL_IOMMU_FLOPPY_WA=y -# CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON is not set -# CONFIG_IRQ_REMAP is not set - -# -# Remoteproc drivers -# -# CONFIG_REMOTEPROC is not set -# end of Remoteproc drivers - -# -# Rpmsg drivers -# -# CONFIG_RPMSG_QCOM_GLINK_RPM is not set -# CONFIG_RPMSG_VIRTIO is not set -# end of Rpmsg drivers - -# CONFIG_SOUNDWIRE is not set - -# -# SOC (System On Chip) specific Drivers -# - -# -# Amlogic SoC drivers -# -# end of Amlogic SoC drivers - -# -# Aspeed SoC drivers -# -# end of Aspeed SoC drivers - -# -# Broadcom SoC drivers -# -# end of Broadcom SoC drivers - -# -# NXP/Freescale QorIQ SoC drivers -# -# end of NXP/Freescale QorIQ SoC drivers - -# -# i.MX SoC drivers -# -# end of i.MX SoC drivers - -# -# Qualcomm SoC drivers -# -# end of Qualcomm SoC drivers - -# CONFIG_SOC_TI is not set - -# -# Xilinx SoC drivers -# -# CONFIG_XILINX_VCU is not set -# end of Xilinx SoC drivers -# end of SOC (System On Chip) specific Drivers - -# CONFIG_PM_DEVFREQ is not set -# CONFIG_EXTCON is not set -# CONFIG_MEMORY is not set -# CONFIG_IIO is not set -# CONFIG_NTB is not set -# CONFIG_VME_BUS is not set -# CONFIG_PWM is not set - -# -# IRQ chip support -# -# end of IRQ chip support - -# CONFIG_IPACK_BUS is not set -# CONFIG_RESET_CONTROLLER is not set - -# -# PHY Subsystem -# CONFIG_GENERIC_PHY=y -# CONFIG_USB_LGM_PHY is not set -# CONFIG_BCM_KONA_USB2_PHY is not set -# CONFIG_PHY_PXA_28NM_HSIC is not set -# CONFIG_PHY_PXA_28NM_USB2 is not set -# CONFIG_PHY_INTEL_LGM_EMMC is not set -# end of PHY Subsystem - -# CONFIG_POWERCAP is not set -# CONFIG_MCB is not set - -# -# Performance monitor support -# -# end of Performance monitor support - -# CONFIG_RAS is not set -# CONFIG_USB4 is not set - -# -# Android -# -# CONFIG_ANDROID is not set -# end of Android - -CONFIG_LIBNVDIMM=y # CONFIG_BLK_DEV_PMEM is not set # CONFIG_ND_BLK is not set # CONFIG_BTT is not set -# CONFIG_DAX is not set -CONFIG_NVMEM=y # CONFIG_NVMEM_SYSFS is not set - -# -# HW tracing support -# -# CONFIG_STM is not set -# CONFIG_INTEL_TH is not set -# end of HW tracing support - -# CONFIG_FPGA is not set -# CONFIG_UNISYS_VISORBUS is not set -# CONFIG_SIOX is not set -# CONFIG_SLIMBUS is not set -# CONFIG_INTERCONNECT is not set -# CONFIG_COUNTER is not set -# end of Device Drivers - -# -# File systems -# -CONFIG_DCACHE_WORD_ACCESS=y -# CONFIG_VALIDATE_FS_PARSER is not set -CONFIG_FS_IOMAP=y -# CONFIG_EXT2_FS is not set -# CONFIG_EXT3_FS is not set CONFIG_EXT4_FS=y -CONFIG_EXT4_USE_FOR_EXT2=y -# CONFIG_EXT4_FS_POSIX_ACL is not set -# CONFIG_EXT4_FS_SECURITY is not set -# CONFIG_EXT4_DEBUG is not set -CONFIG_JBD2=y -# CONFIG_JBD2_DEBUG is not set -CONFIG_FS_MBCACHE=y -# CONFIG_REISERFS_FS is not set -# CONFIG_JFS_FS is not set -# CONFIG_XFS_FS is not set -# CONFIG_GFS2_FS is not set -# CONFIG_BTRFS_FS is not set -# CONFIG_NILFS2_FS is not set -# CONFIG_F2FS_FS is not set -# CONFIG_FS_DAX is not set -# CONFIG_EXPORTFS_BLOCK_OPS is not set -CONFIG_FILE_LOCKING=y -CONFIG_MANDATORY_FILE_LOCKING=y -# CONFIG_FS_ENCRYPTION is not set -# CONFIG_FS_VERITY is not set # CONFIG_DNOTIFY is not set # CONFIG_INOTIFY_USER is not set -# CONFIG_FANOTIFY is not set -# CONFIG_QUOTA is not set -# CONFIG_AUTOFS4_FS is not set -# CONFIG_AUTOFS_FS is not set -# CONFIG_FUSE_FS is not set -# CONFIG_OVERLAY_FS is not set - -# -# Caches -# -# CONFIG_FSCACHE is not set -# end of Caches - -# -# CD-ROM/DVD Filesystems -# CONFIG_ISO9660_FS=y CONFIG_JOLIET=y -# CONFIG_ZISOFS is not set -# CONFIG_UDF_FS is not set -# end of CD-ROM/DVD Filesystems - -# -# DOS/FAT/EXFAT/NT Filesystems -# -CONFIG_FAT_FS=y CONFIG_MSDOS_FS=y CONFIG_VFAT_FS=y -CONFIG_FAT_DEFAULT_CODEPAGE=437 -CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" -# CONFIG_FAT_DEFAULT_UTF8 is not set CONFIG_EXFAT_FS=y -CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" -# CONFIG_NTFS_FS is not set -# end of DOS/FAT/EXFAT/NT Filesystems - -# -# Pseudo filesystems -# -CONFIG_PROC_FS=y -# CONFIG_PROC_KCORE is not set -CONFIG_PROC_SYSCTL=y # CONFIG_PROC_PAGE_MONITOR is not set -# CONFIG_PROC_CHILDREN is not set -CONFIG_PROC_PID_ARCH_STATUS=y -CONFIG_KERNFS=y -CONFIG_SYSFS=y -# CONFIG_TMPFS is not set -# CONFIG_HUGETLBFS is not set -CONFIG_ARCH_HAS_GIGANTIC_PAGE=y -# CONFIG_CONFIGFS_FS is not set -CONFIG_EFIVAR_FS=m -# end of Pseudo filesystems - # CONFIG_MISC_FILESYSTEMS is not set -CONFIG_NETWORK_FILESYSTEMS=y -# CONFIG_CEPH_FS is not set -# CONFIG_CIFS is not set -# CONFIG_CODA_FS is not set -# CONFIG_AFS_FS is not set -CONFIG_NLS=y CONFIG_NLS_DEFAULT="utf8" CONFIG_NLS_CODEPAGE_437=y -# CONFIG_NLS_CODEPAGE_737 is not set -# CONFIG_NLS_CODEPAGE_775 is not set -# CONFIG_NLS_CODEPAGE_850 is not set -# CONFIG_NLS_CODEPAGE_852 is not set -# CONFIG_NLS_CODEPAGE_855 is not set -# CONFIG_NLS_CODEPAGE_857 is not set -# CONFIG_NLS_CODEPAGE_860 is not set -# CONFIG_NLS_CODEPAGE_861 is not set -# CONFIG_NLS_CODEPAGE_862 is not set -# CONFIG_NLS_CODEPAGE_863 is not set -# CONFIG_NLS_CODEPAGE_864 is not set -# CONFIG_NLS_CODEPAGE_865 is not set -# CONFIG_NLS_CODEPAGE_866 is not set -# CONFIG_NLS_CODEPAGE_869 is not set -# CONFIG_NLS_CODEPAGE_936 is not set -# CONFIG_NLS_CODEPAGE_950 is not set -# CONFIG_NLS_CODEPAGE_932 is not set -# CONFIG_NLS_CODEPAGE_949 is not set -# CONFIG_NLS_CODEPAGE_874 is not set -# CONFIG_NLS_ISO8859_8 is not set -# CONFIG_NLS_CODEPAGE_1250 is not set -# CONFIG_NLS_CODEPAGE_1251 is not set -# CONFIG_NLS_ASCII is not set CONFIG_NLS_ISO8859_1=y -# CONFIG_NLS_ISO8859_2 is not set -# CONFIG_NLS_ISO8859_3 is not set -# CONFIG_NLS_ISO8859_4 is not set -# CONFIG_NLS_ISO8859_5 is not set -# CONFIG_NLS_ISO8859_6 is not set -# CONFIG_NLS_ISO8859_7 is not set -# CONFIG_NLS_ISO8859_9 is not set -# CONFIG_NLS_ISO8859_13 is not set -# CONFIG_NLS_ISO8859_14 is not set -# CONFIG_NLS_ISO8859_15 is not set -# CONFIG_NLS_KOI8_R is not set -# CONFIG_NLS_KOI8_U is not set -# CONFIG_NLS_MAC_ROMAN is not set -# CONFIG_NLS_MAC_CELTIC is not set -# CONFIG_NLS_MAC_CENTEURO is not set -# CONFIG_NLS_MAC_CROATIAN is not set -# CONFIG_NLS_MAC_CYRILLIC is not set -# CONFIG_NLS_MAC_GAELIC is not set -# CONFIG_NLS_MAC_GREEK is not set -# CONFIG_NLS_MAC_ICELAND is not set -# CONFIG_NLS_MAC_INUIT is not set -# CONFIG_NLS_MAC_ROMANIAN is not set -# CONFIG_NLS_MAC_TURKISH is not set CONFIG_NLS_UTF8=y -# CONFIG_UNICODE is not set -CONFIG_IO_WQ=y -# end of File systems - -# -# Security options -# -# CONFIG_KEYS is not set -# CONFIG_SECURITY_DMESG_RESTRICT is not set # CONFIG_SECURITYFS is not set -# CONFIG_PAGE_TABLE_ISOLATION is not set CONFIG_INTEL_TXT=y -CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y -CONFIG_HARDENED_USERCOPY_FALLBACK=y -# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set -# CONFIG_FORTIFY_SOURCE is not set -# CONFIG_STATIC_USERMODEHELPER is not set -# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set -CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf" - -# -# Kernel hardening options -# - -# -# Memory initialization -# -CONFIG_INIT_STACK_NONE=y -# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set -# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set -# end of Memory initialization -# end of Kernel hardening options -# end of Security options - -CONFIG_CRYPTO=y - -# -# Crypto core or helper -# -CONFIG_CRYPTO_ALGAPI=y -CONFIG_CRYPTO_ALGAPI2=y -CONFIG_CRYPTO_AEAD=y -CONFIG_CRYPTO_AEAD2=y -CONFIG_CRYPTO_SKCIPHER=y -CONFIG_CRYPTO_SKCIPHER2=y -CONFIG_CRYPTO_HASH=y -CONFIG_CRYPTO_HASH2=y -CONFIG_CRYPTO_RNG=y -CONFIG_CRYPTO_RNG2=y -CONFIG_CRYPTO_AKCIPHER2=y -CONFIG_CRYPTO_KPP2=y -CONFIG_CRYPTO_ACOMP2=y -CONFIG_CRYPTO_MANAGER=y -CONFIG_CRYPTO_MANAGER2=y CONFIG_CRYPTO_USER=y -CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y -CONFIG_CRYPTO_NULL=y -CONFIG_CRYPTO_NULL2=y -# CONFIG_CRYPTO_PCRYPT is not set -CONFIG_CRYPTO_CRYPTD=y -CONFIG_CRYPTO_AUTHENC=y -# CONFIG_CRYPTO_TEST is not set -CONFIG_CRYPTO_SIMD=y -CONFIG_CRYPTO_GLUE_HELPER_X86=y - -# -# Public-key cryptography -# -# CONFIG_CRYPTO_RSA is not set -# CONFIG_CRYPTO_DH is not set -# CONFIG_CRYPTO_ECDH is not set -# CONFIG_CRYPTO_ECRDSA is not set -# CONFIG_CRYPTO_SM2 is not set -# CONFIG_CRYPTO_CURVE25519 is not set -# CONFIG_CRYPTO_CURVE25519_X86 is not set - -# -# Authenticated Encryption with Associated Data -# -# CONFIG_CRYPTO_CCM is not set -# CONFIG_CRYPTO_GCM is not set -# CONFIG_CRYPTO_CHACHA20POLY1305 is not set -# CONFIG_CRYPTO_AEGIS128 is not set -# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set -# CONFIG_CRYPTO_SEQIV is not set -# CONFIG_CRYPTO_ECHAINIV is not set - -# -# Block modes -# -CONFIG_CRYPTO_CBC=y -# CONFIG_CRYPTO_CFB is not set -# CONFIG_CRYPTO_CTR is not set -# CONFIG_CRYPTO_CTS is not set -CONFIG_CRYPTO_ECB=y -# CONFIG_CRYPTO_LRW is not set -# CONFIG_CRYPTO_OFB is not set -# CONFIG_CRYPTO_PCBC is not set CONFIG_CRYPTO_XTS=y -# CONFIG_CRYPTO_KEYWRAP is not set -# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set -# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set -# CONFIG_CRYPTO_ADIANTUM is not set -CONFIG_CRYPTO_ESSIV=y - -# -# Hash modes -# -# CONFIG_CRYPTO_CMAC is not set CONFIG_CRYPTO_HMAC=y -# CONFIG_CRYPTO_XCBC is not set -# CONFIG_CRYPTO_VMAC is not set - -# -# Digest -# -CONFIG_CRYPTO_CRC32C=y CONFIG_CRYPTO_CRC32C_INTEL=y -# CONFIG_CRYPTO_CRC32 is not set -# CONFIG_CRYPTO_CRC32_PCLMUL is not set -# CONFIG_CRYPTO_XXHASH is not set -# CONFIG_CRYPTO_BLAKE2B is not set -# CONFIG_CRYPTO_BLAKE2S is not set -# CONFIG_CRYPTO_BLAKE2S_X86 is not set -# CONFIG_CRYPTO_CRCT10DIF is not set -# CONFIG_CRYPTO_GHASH is not set -# CONFIG_CRYPTO_POLY1305 is not set -# CONFIG_CRYPTO_POLY1305_X86_64 is not set -# CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y -# CONFIG_CRYPTO_MICHAEL_MIC is not set -# CONFIG_CRYPTO_RMD128 is not set -# CONFIG_CRYPTO_RMD160 is not set -# CONFIG_CRYPTO_RMD256 is not set -# CONFIG_CRYPTO_RMD320 is not set -CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA1_SSSE3=y CONFIG_CRYPTO_SHA256_SSSE3=y CONFIG_CRYPTO_SHA512_SSSE3=y -CONFIG_CRYPTO_SHA256=y -CONFIG_CRYPTO_SHA512=y -# CONFIG_CRYPTO_SHA3 is not set -# CONFIG_CRYPTO_SM3 is not set -# CONFIG_CRYPTO_STREEBOG is not set -# CONFIG_CRYPTO_TGR192 is not set -# CONFIG_CRYPTO_WP512 is not set -# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set - -# -# Ciphers -# -# CONFIG_CRYPTO_AES is not set -# CONFIG_CRYPTO_AES_TI is not set CONFIG_CRYPTO_AES_NI_INTEL=y -# CONFIG_CRYPTO_BLOWFISH is not set -# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA is not set -# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set -# CONFIG_CRYPTO_CAST5 is not set -# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set -# CONFIG_CRYPTO_CAST6 is not set -# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set -# CONFIG_CRYPTO_DES is not set -# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set -# CONFIG_CRYPTO_FCRYPT is not set -# CONFIG_CRYPTO_SALSA20 is not set -# CONFIG_CRYPTO_CHACHA20 is not set -# CONFIG_CRYPTO_CHACHA20_X86_64 is not set -# CONFIG_CRYPTO_SERPENT is not set -# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set -# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set -# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set -# CONFIG_CRYPTO_SM4 is not set -# CONFIG_CRYPTO_TWOFISH is not set -# CONFIG_CRYPTO_TWOFISH_X86_64 is not set -# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set -# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set - -# -# Compression -# -# CONFIG_CRYPTO_DEFLATE is not set -# CONFIG_CRYPTO_LZO is not set -# CONFIG_CRYPTO_842 is not set -# CONFIG_CRYPTO_LZ4 is not set -# CONFIG_CRYPTO_LZ4HC is not set -# CONFIG_CRYPTO_ZSTD is not set - -# -# Random Number Generation -# -# CONFIG_CRYPTO_ANSI_CPRNG is not set -# CONFIG_CRYPTO_DRBG_MENU is not set -# CONFIG_CRYPTO_JITTERENTROPY is not set -CONFIG_CRYPTO_USER_API=y CONFIG_CRYPTO_USER_API_HASH=y CONFIG_CRYPTO_USER_API_SKCIPHER=y CONFIG_CRYPTO_USER_API_RNG=y CONFIG_CRYPTO_USER_API_AEAD=y # CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set -# CONFIG_CRYPTO_STATS is not set -CONFIG_CRYPTO_HASH_INFO=y - -# -# Crypto library routines -# -CONFIG_CRYPTO_LIB_AES=y -# CONFIG_CRYPTO_LIB_BLAKE2S is not set -# CONFIG_CRYPTO_LIB_CHACHA is not set -# CONFIG_CRYPTO_LIB_CURVE25519 is not set -CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 -# CONFIG_CRYPTO_LIB_POLY1305 is not set -# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set -CONFIG_CRYPTO_LIB_SHA256=y # CONFIG_CRYPTO_HW is not set - -# -# Certificates for signature checking -# -# end of Certificates for signature checking - -# -# Library routines -# -# CONFIG_PACKING is not set -CONFIG_BITREVERSE=y -CONFIG_GENERIC_STRNCPY_FROM_USER=y -CONFIG_GENERIC_STRNLEN_USER=y -CONFIG_GENERIC_NET_UTILS=y -CONFIG_GENERIC_FIND_FIRST_BIT=y -# CONFIG_CORDIC is not set -# CONFIG_PRIME_NUMBERS is not set -CONFIG_RATIONAL=y -CONFIG_GENERIC_PCI_IOMAP=y -CONFIG_GENERIC_IOMAP=y -CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y -CONFIG_ARCH_HAS_FAST_MULTIPLIER=y -CONFIG_ARCH_USE_SYM_ANNOTATIONS=y -# CONFIG_CRC_CCITT is not set -CONFIG_CRC16=y -# CONFIG_CRC_T10DIF is not set -# CONFIG_CRC_ITU_T is not set -CONFIG_CRC32=y -# CONFIG_CRC32_SELFTEST is not set -CONFIG_CRC32_SLICEBY8=y -# CONFIG_CRC32_SLICEBY4 is not set -# CONFIG_CRC32_SARWATE is not set -# CONFIG_CRC32_BIT is not set -# CONFIG_CRC64 is not set -# CONFIG_CRC4 is not set -# CONFIG_CRC7 is not set -CONFIG_LIBCRC32C=y -# CONFIG_CRC8 is not set -# CONFIG_RANDOM32_SELFTEST is not set -CONFIG_XZ_DEC=y -CONFIG_XZ_DEC_X86=y # CONFIG_XZ_DEC_POWERPC is not set # CONFIG_XZ_DEC_IA64 is not set # CONFIG_XZ_DEC_ARM is not set # CONFIG_XZ_DEC_ARMTHUMB is not set # CONFIG_XZ_DEC_SPARC is not set -CONFIG_XZ_DEC_BCJ=y -# CONFIG_XZ_DEC_TEST is not set -CONFIG_DECOMPRESS_XZ=y -CONFIG_GENERIC_ALLOCATOR=y -CONFIG_REED_SOLOMON=y -CONFIG_REED_SOLOMON_DEC8=y -CONFIG_INTERVAL_TREE=y -CONFIG_HAS_IOMEM=y -CONFIG_HAS_IOPORT_MAP=y -CONFIG_HAS_DMA=y -CONFIG_DMA_OPS=y -CONFIG_NEED_SG_DMA_LENGTH=y -CONFIG_NEED_DMA_MAP_STATE=y -CONFIG_ARCH_DMA_ADDR_T_64BIT=y -CONFIG_SWIOTLB=y -# CONFIG_DMA_API_DEBUG is not set -CONFIG_SGL_ALLOC=y -CONFIG_CPU_RMAP=y -CONFIG_DQL=y -CONFIG_GLOB=y -# CONFIG_GLOB_SELFTEST is not set -CONFIG_NLATTR=y -# CONFIG_IRQ_POLL is not set -CONFIG_UCS2_STRING=y -CONFIG_HAVE_GENERIC_VDSO=y -CONFIG_GENERIC_GETTIMEOFDAY=y -CONFIG_GENERIC_VDSO_TIME_NS=y -CONFIG_FONT_SUPPORT=y -# CONFIG_FONTS is not set -CONFIG_FONT_8x8=y -CONFIG_FONT_8x16=y -CONFIG_SG_POOL=y -CONFIG_ARCH_HAS_PMEM_API=y -CONFIG_MEMREGION=y -CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y -CONFIG_ARCH_HAS_COPY_MC=y -CONFIG_ARCH_STACKWALK=y -CONFIG_SBITMAP=y -# CONFIG_STRING_SELFTEST is not set -# end of Library routines - -# -# Kernel hacking -# - -# -# printk and dmesg options -# CONFIG_PRINTK_TIME=y -# CONFIG_PRINTK_CALLER is not set -CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 -CONFIG_CONSOLE_LOGLEVEL_QUIET=4 -CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 CONFIG_BOOT_PRINTK_DELAY=y -# CONFIG_DYNAMIC_DEBUG is not set -# CONFIG_DYNAMIC_DEBUG_CORE is not set -CONFIG_SYMBOLIC_ERRNAME=y # CONFIG_DEBUG_BUGVERBOSE is not set -# end of printk and dmesg options - -# -# Compile-time checks and compiler options -# -# CONFIG_DEBUG_INFO is not set # CONFIG_ENABLE_MUST_CHECK is not set CONFIG_FRAME_WARN=1024 -# CONFIG_STRIP_ASM_SYMS is not set -# CONFIG_READABLE_ASM is not set -# CONFIG_HEADERS_INSTALL is not set -# CONFIG_DEBUG_SECTION_MISMATCH is not set -CONFIG_SECTION_MISMATCH_WARN_ONLY=y -# CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_32B is not set -CONFIG_STACK_VALIDATION=y -# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set -# end of Compile-time checks and compiler options - -# -# Generic Kernel Debugging Instruments -# CONFIG_MAGIC_SYSRQ=y -CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1 -CONFIG_MAGIC_SYSRQ_SERIAL=y -CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE="" -# CONFIG_DEBUG_FS is not set -CONFIG_HAVE_ARCH_KGDB=y -# CONFIG_KGDB is not set -CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y -# CONFIG_UBSAN is not set -CONFIG_HAVE_ARCH_KCSAN=y -# end of Generic Kernel Debugging Instruments - -CONFIG_DEBUG_KERNEL=y # CONFIG_DEBUG_MISC is not set - -# -# Memory Debugging -# -# CONFIG_PAGE_EXTENSION is not set -# CONFIG_DEBUG_PAGEALLOC is not set -# CONFIG_PAGE_OWNER is not set -# CONFIG_PAGE_POISONING is not set -# CONFIG_DEBUG_RODATA_TEST is not set -CONFIG_ARCH_HAS_DEBUG_WX=y -# CONFIG_DEBUG_WX is not set -CONFIG_GENERIC_PTDUMP=y -# CONFIG_DEBUG_OBJECTS is not set -# CONFIG_SLUB_STATS is not set -CONFIG_HAVE_DEBUG_KMEMLEAK=y -# CONFIG_DEBUG_KMEMLEAK is not set -# CONFIG_DEBUG_STACK_USAGE is not set -# CONFIG_SCHED_STACK_END_CHECK is not set -CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y -# CONFIG_DEBUG_VM is not set -# CONFIG_DEBUG_VM_PGTABLE is not set -CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y -# CONFIG_DEBUG_VIRTUAL is not set -# CONFIG_DEBUG_MEMORY_INIT is not set -# CONFIG_DEBUG_PER_CPU_MAPS is not set -CONFIG_HAVE_ARCH_KASAN=y -CONFIG_HAVE_ARCH_KASAN_VMALLOC=y -CONFIG_CC_HAS_KASAN_GENERIC=y -CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y -# CONFIG_KASAN is not set -# end of Memory Debugging - -# CONFIG_DEBUG_SHIRQ is not set - -# -# Debug Oops, Lockups and Hangs -# -# CONFIG_PANIC_ON_OOPS is not set -CONFIG_PANIC_ON_OOPS_VALUE=0 -CONFIG_PANIC_TIMEOUT=0 -CONFIG_LOCKUP_DETECTOR=y -CONFIG_SOFTLOCKUP_DETECTOR=y -# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set -CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0 -CONFIG_HARDLOCKUP_DETECTOR_PERF=y -CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y CONFIG_HARDLOCKUP_DETECTOR=y -# CONFIG_BOOTPARAM_HARDLOCKUP_PANIC is not set -CONFIG_BOOTPARAM_HARDLOCKUP_PANIC_VALUE=0 -CONFIG_DETECT_HUNG_TASK=y -CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 -# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set -CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 CONFIG_WQ_WATCHDOG=y -# CONFIG_TEST_LOCKUP is not set -# end of Debug Oops, Lockups and Hangs - -# -# Scheduler Debugging -# # CONFIG_SCHED_DEBUG is not set -# CONFIG_SCHEDSTATS is not set -# end of Scheduler Debugging - -# CONFIG_DEBUG_TIMEKEEPING is not set - -# -# Lock Debugging (spinlocks, mutexes, etc...) -# -CONFIG_LOCK_DEBUGGING_SUPPORT=y -# CONFIG_PROVE_LOCKING is not set -# CONFIG_LOCK_STAT is not set -# CONFIG_DEBUG_RT_MUTEXES is not set -# CONFIG_DEBUG_SPINLOCK is not set -# CONFIG_DEBUG_MUTEXES is not set -# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set -# CONFIG_DEBUG_RWSEMS is not set -# CONFIG_DEBUG_LOCK_ALLOC is not set -# CONFIG_DEBUG_ATOMIC_SLEEP is not set -# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set -# CONFIG_LOCK_TORTURE_TEST is not set -# CONFIG_WW_MUTEX_SELFTEST is not set -# CONFIG_SCF_TORTURE_TEST is not set -# CONFIG_CSD_LOCK_WAIT_DEBUG is not set -# end of Lock Debugging (spinlocks, mutexes, etc...) - -# CONFIG_STACKTRACE is not set -# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set -# CONFIG_DEBUG_KOBJECT is not set - -# -# Debug kernel data structures -# -# CONFIG_DEBUG_LIST is not set -# CONFIG_DEBUG_PLIST is not set -# CONFIG_DEBUG_SG is not set -# CONFIG_DEBUG_NOTIFIERS is not set -# CONFIG_BUG_ON_DATA_CORRUPTION is not set -# end of Debug kernel data structures - -# CONFIG_DEBUG_CREDENTIALS is not set - -# -# RCU Debugging -# -# CONFIG_RCU_SCALE_TEST is not set -# CONFIG_RCU_TORTURE_TEST is not set -# CONFIG_RCU_REF_SCALE_TEST is not set -CONFIG_RCU_CPU_STALL_TIMEOUT=21 # CONFIG_RCU_TRACE is not set -# CONFIG_RCU_EQS_DEBUG is not set -# end of RCU Debugging - -# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set -# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set -# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set -# CONFIG_LATENCYTOP is not set -CONFIG_USER_STACKTRACE_SUPPORT=y -CONFIG_HAVE_FUNCTION_TRACER=y -CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y -CONFIG_HAVE_DYNAMIC_FTRACE=y -CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y -CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y -CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y -CONFIG_HAVE_SYSCALL_TRACEPOINTS=y -CONFIG_HAVE_FENTRY=y -CONFIG_HAVE_C_RECORDMCOUNT=y -CONFIG_TRACING_SUPPORT=y # CONFIG_FTRACE is not set -# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set -# CONFIG_SAMPLES is not set -CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y # CONFIG_STRICT_DEVMEM is not set - -# -# x86 Debugging -# -CONFIG_TRACE_IRQFLAGS_SUPPORT=y -CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y # CONFIG_X86_VERBOSE_BOOTUP is not set -CONFIG_EARLY_PRINTK=y -# CONFIG_EARLY_PRINTK_DBGP is not set -# CONFIG_EARLY_PRINTK_USB_XDBC is not set -# CONFIG_EFI_PGT_DUMP is not set -# CONFIG_DEBUG_TLBFLUSH is not set -CONFIG_HAVE_MMIOTRACE_SUPPORT=y -# CONFIG_X86_DECODER_SELFTEST is not set -CONFIG_IO_DELAY_0X80=y -# CONFIG_IO_DELAY_0XED is not set -# CONFIG_IO_DELAY_UDELAY is not set -# CONFIG_IO_DELAY_NONE is not set -# CONFIG_CPA_DEBUG is not set -# CONFIG_DEBUG_ENTRY is not set -# CONFIG_DEBUG_NMI_SELFTEST is not set # CONFIG_X86_DEBUG_FPU is not set -# CONFIG_PUNIT_ATOM_DEBUG is not set -CONFIG_UNWINDER_ORC=y -# CONFIG_UNWINDER_FRAME_POINTER is not set -# CONFIG_UNWINDER_GUESS is not set -# end of x86 Debugging - -# -# Kernel Testing and Coverage -# -# CONFIG_KUNIT is not set -# CONFIG_NOTIFIER_ERROR_INJECTION is not set -# CONFIG_FAULT_INJECTION is not set -CONFIG_ARCH_HAS_KCOV=y -CONFIG_CC_HAS_SANCOV_TRACE_PC=y -# CONFIG_KCOV is not set # CONFIG_RUNTIME_TESTING_MENU is not set -# CONFIG_MEMTEST is not set -# end of Kernel Testing and Coverage -# end of Kernel hacking diff --git a/config/linux-librem_common.config b/config/linux-librem_common.config index e65f907d1..65311e1f5 100644 --- a/config/linux-librem_common.config +++ b/config/linux-librem_common.config @@ -1,12 +1,14 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.10.5 Kernel Configuration +# Linux/x86 5.10.214 Kernel Configuration # CONFIG_CC_VERSION_TEXT="x86_64-linux-musl-gcc (GCC) 8.3.0" CONFIG_CC_IS_GCC=y CONFIG_GCC_VERSION=80300 CONFIG_LD_VERSION=232000000 CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=23200 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y @@ -188,6 +190,7 @@ CONFIG_MEMBARRIER=y CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y # CONFIG_USERFAULTFD is not set CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +CONFIG_KCMP=y # CONFIG_RSEQ is not set CONFIG_EMBEDDED=y CONFIG_HAVE_PERF_EVENTS=y @@ -258,7 +261,6 @@ CONFIG_SMP=y CONFIG_X86_FEATURE_NAMES=y # CONFIG_X86_MPPARSE is not set # CONFIG_GOLDFISH is not set -# CONFIG_RETPOLINE is not set # CONFIG_X86_CPU_RESCTRL is not set # CONFIG_X86_EXTENDED_PLATFORM is not set # CONFIG_X86_INTEL_LPSS is not set @@ -320,7 +322,6 @@ CONFIG_X86_THERMAL_VECTOR=y # CONFIG_X86_VSYSCALL_EMULATION is not set CONFIG_X86_IOPL_IOPERM=y -# CONFIG_I8K is not set # CONFIG_MICROCODE is not set # CONFIG_X86_MSR is not set # CONFIG_X86_CPUID is not set @@ -368,6 +369,12 @@ CONFIG_LEGACY_VSYSCALL_NONE=y CONFIG_HAVE_LIVEPATCH=y # end of Processor type and features +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_PAGE_TABLE_ISOLATION=y +# CONFIG_RETPOLINE is not set +CONFIG_CPU_IBRS_ENTRY=y +# CONFIG_GDS_FORCE_MITIGATION is not set CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y @@ -536,6 +543,7 @@ CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_ARCH_HAS_FORTIFY_SOURCE=y CONFIG_ARCH_HAS_SET_MEMORY=y CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y CONFIG_HAVE_ASM_MODVERSIONS=y @@ -600,6 +608,10 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y # end of GCOV-based kernel profiling CONFIG_HAVE_GCC_PLUGINS=y +CONFIG_GCC_PLUGINS=y +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set +# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set # end of General architecture-dependent options CONFIG_RT_MUTEXES=y @@ -735,6 +747,7 @@ CONFIG_INET=y # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set +CONFIG_INET_TABLE_PERTURB_ORDER=16 # CONFIG_INET_DIAG is not set # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y @@ -756,7 +769,6 @@ CONFIG_DEFAULT_TCP_CONG="cubic" CONFIG_HAVE_NET_DSA=y # CONFIG_NET_DSA is not set # CONFIG_VLAN_8021Q is not set -# CONFIG_DECNET is not set # CONFIG_LLC2 is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set @@ -943,7 +955,6 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 # CONFIG_BLK_DEV_DRBD is not set # CONFIG_BLK_DEV_NBD is not set # CONFIG_BLK_DEV_SKD is not set -# CONFIG_BLK_DEV_SX8 is not set CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=65536 @@ -1350,7 +1361,6 @@ CONFIG_USB_NET_CDC_SUBSET=m # CONFIG_FUJITSU_ES is not set # CONFIG_NET_FAILOVER is not set # CONFIG_ISDN is not set -# CONFIG_NVM is not set # # Input device support @@ -1510,10 +1520,9 @@ CONFIG_TCG_TIS=y # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TELCLOCK is not set # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -1648,6 +1657,7 @@ CONFIG_POWER_SUPPLY=y # CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_SMB347 is not set # CONFIG_BATTERY_GAUGE_LTC2941 is not set +# CONFIG_BATTERY_RT5033 is not set # CONFIG_CHARGER_BD99954 is not set # CONFIG_HWMON is not set CONFIG_THERMAL=y @@ -1738,7 +1748,6 @@ CONFIG_BCMA_POSSIBLE=y # CONFIG_MFD_SKY81452 is not set # CONFIG_ABX500_CORE is not set CONFIG_MFD_SYSCON=y -# CONFIG_MFD_TI_AM335X_TSCADC is not set # CONFIG_MFD_LP3943 is not set # CONFIG_MFD_LP8788 is not set # CONFIG_MFD_TI_LMU is not set @@ -1970,6 +1979,7 @@ CONFIG_DUMMY_CONSOLE=y CONFIG_DUMMY_CONSOLE_COLUMNS=80 CONFIG_DUMMY_CONSOLE_ROWS=25 CONFIG_FRAMEBUFFER_CONSOLE=y +# CONFIG_FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION is not set CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y # CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set # CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set @@ -2682,7 +2692,6 @@ CONFIG_IO_WQ=y # CONFIG_KEYS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITYFS=y -CONFIG_PAGE_TABLE_ISOLATION=y # CONFIG_INTEL_TXT is not set CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y @@ -2701,6 +2710,10 @@ CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf" # Memory initialization # CONFIG_INIT_STACK_NONE=y +# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set +# CONFIG_GCC_PLUGIN_STACKLEAK is not set # CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set # end of Memory initialization @@ -2877,18 +2890,6 @@ CONFIG_CRYPTO_USER_API_AEAD=y # CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set # CONFIG_CRYPTO_STATS is not set CONFIG_CRYPTO_HASH_INFO=y - -# -# Crypto library routines -# -CONFIG_CRYPTO_LIB_AES=y -# CONFIG_CRYPTO_LIB_BLAKE2S is not set -# CONFIG_CRYPTO_LIB_CHACHA is not set -# CONFIG_CRYPTO_LIB_CURVE25519 is not set -CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 -# CONFIG_CRYPTO_LIB_POLY1305 is not set -# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set -CONFIG_CRYPTO_LIB_SHA256=y # CONFIG_CRYPTO_HW is not set # @@ -2913,6 +2914,21 @@ CONFIG_GENERIC_IOMAP=y CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y CONFIG_ARCH_HAS_FAST_MULTIPLIER=y CONFIG_ARCH_USE_SYM_ANNOTATIONS=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +# CONFIG_CRYPTO_LIB_CHACHA is not set +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +CONFIG_LIB_MEMNEQ=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set diff --git a/config/linux-qemu.config b/config/linux-qemu.config index 113e0ae0a..e16a59171 100644 --- a/config/linux-qemu.config +++ b/config/linux-qemu.config @@ -1,12 +1,14 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.10.5 Kernel Configuration +# Linux/x86 5.10.214 Kernel Configuration # CONFIG_CC_VERSION_TEXT="x86_64-linux-musl-gcc (GCC) 8.3.0" CONFIG_CC_IS_GCC=y CONFIG_GCC_VERSION=80300 CONFIG_LD_VERSION=232000000 CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=23200 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y @@ -211,6 +213,7 @@ CONFIG_KALLSYMS_BASE_RELATIVE=y CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y # CONFIG_USERFAULTFD is not set CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +# CONFIG_KCMP is not set CONFIG_RSEQ=y # CONFIG_DEBUG_RSEQ is not set CONFIG_EMBEDDED=y @@ -284,7 +287,6 @@ CONFIG_X86_FEATURE_NAMES=y # CONFIG_X86_X2APIC is not set # CONFIG_X86_MPPARSE is not set # CONFIG_GOLDFISH is not set -CONFIG_RETPOLINE=y # CONFIG_X86_CPU_RESCTRL is not set # CONFIG_X86_EXTENDED_PLATFORM is not set # CONFIG_X86_INTEL_LPSS is not set @@ -348,11 +350,10 @@ CONFIG_PERF_EVENTS_INTEL_CSTATE=y # CONFIG_X86_VSYSCALL_EMULATION is not set CONFIG_X86_IOPL_IOPERM=y -# CONFIG_I8K is not set CONFIG_MICROCODE=y CONFIG_MICROCODE_INTEL=y CONFIG_MICROCODE_AMD=y -# CONFIG_MICROCODE_OLD_INTERFACE is not set +# CONFIG_MICROCODE_LATE_LOADING is not set CONFIG_X86_MSR=y CONFIG_X86_CPUID=y # CONFIG_X86_5LEVEL is not set @@ -407,6 +408,16 @@ CONFIG_LEGACY_VSYSCALL_NONE=y CONFIG_HAVE_LIVEPATCH=y # end of Processor type and features +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_RETPOLINE=y +CONFIG_RETHUNK=y +CONFIG_CPU_UNRET_ENTRY=y +CONFIG_CPU_IBPB_ENTRY=y +CONFIG_CPU_IBRS_ENTRY=y +CONFIG_CPU_SRSO=y +# CONFIG_GDS_FORCE_MITIGATION is not set CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y @@ -601,6 +612,7 @@ CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_ARCH_HAS_FORTIFY_SOURCE=y CONFIG_ARCH_HAS_SET_MEMORY=y CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y CONFIG_HAVE_ASM_MODVERSIONS=y @@ -668,6 +680,10 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y # end of GCOV-based kernel profiling CONFIG_HAVE_GCC_PLUGINS=y +CONFIG_GCC_PLUGINS=y +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set +# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set # end of General architecture-dependent options CONFIG_RT_MUTEXES=y @@ -808,6 +824,7 @@ CONFIG_SYN_COOKIES=y # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set +CONFIG_INET_TABLE_PERTURB_ORDER=16 # CONFIG_INET_DIAG is not set # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y @@ -829,7 +846,6 @@ CONFIG_DEFAULT_TCP_CONG="cubic" CONFIG_HAVE_NET_DSA=y # CONFIG_NET_DSA is not set # CONFIG_VLAN_8021Q is not set -# CONFIG_DECNET is not set # CONFIG_LLC2 is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set @@ -1020,7 +1036,6 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 # CONFIG_BLK_DEV_DRBD is not set # CONFIG_BLK_DEV_NBD is not set # CONFIG_BLK_DEV_SKD is not set -# CONFIG_BLK_DEV_SX8 is not set CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=65536 @@ -1035,6 +1050,7 @@ CONFIG_VIRTIO_BLK=y # # CONFIG_BLK_DEV_NVME is not set # CONFIG_NVME_FC is not set +# CONFIG_NVME_TCP is not set # CONFIG_NVME_TARGET is not set # end of NVME Support @@ -1394,7 +1410,6 @@ CONFIG_IGB=m # CONFIG_NETDEVSIM is not set # CONFIG_NET_FAILOVER is not set # CONFIG_ISDN is not set -# CONFIG_NVM is not set # # Input device support @@ -1563,10 +1578,9 @@ CONFIG_TCG_TIS_ST33ZP24=y CONFIG_TCG_TIS_ST33ZP24_I2C=y # CONFIG_TELCLOCK is not set # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -1691,6 +1705,7 @@ CONFIG_POWER_SUPPLY=y # CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_SMB347 is not set # CONFIG_BATTERY_GAUGE_LTC2941 is not set +# CONFIG_BATTERY_RT5033 is not set # CONFIG_CHARGER_BD99954 is not set # CONFIG_HWMON is not set CONFIG_THERMAL=y @@ -1783,7 +1798,6 @@ CONFIG_BCMA_POSSIBLE=y # CONFIG_MFD_SKY81452 is not set # CONFIG_ABX500_CORE is not set CONFIG_MFD_SYSCON=y -# CONFIG_MFD_TI_AM335X_TSCADC is not set # CONFIG_MFD_LP3943 is not set # CONFIG_MFD_LP8788 is not set # CONFIG_MFD_TI_LMU is not set @@ -1904,6 +1918,7 @@ CONFIG_DUMMY_CONSOLE=y CONFIG_DUMMY_CONSOLE_COLUMNS=80 CONFIG_DUMMY_CONSOLE_ROWS=25 CONFIG_FRAMEBUFFER_CONSOLE=y +# CONFIG_FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION is not set CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y # CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set # CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set @@ -2636,7 +2651,6 @@ CONFIG_IO_WQ=y # CONFIG_KEYS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITYFS=y -CONFIG_PAGE_TABLE_ISOLATION=y # CONFIG_INTEL_TXT is not set CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y @@ -2656,6 +2670,10 @@ CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf" # Memory initialization # CONFIG_INIT_STACK_NONE=y +# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set +# CONFIG_GCC_PLUGIN_STACKLEAK is not set # CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set # end of Memory initialization @@ -2832,18 +2850,6 @@ CONFIG_CRYPTO_USER_API_AEAD=y # CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set # CONFIG_CRYPTO_STATS is not set CONFIG_CRYPTO_HASH_INFO=y - -# -# Crypto library routines -# -CONFIG_CRYPTO_LIB_AES=y -# CONFIG_CRYPTO_LIB_BLAKE2S is not set -# CONFIG_CRYPTO_LIB_CHACHA is not set -# CONFIG_CRYPTO_LIB_CURVE25519 is not set -CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 -# CONFIG_CRYPTO_LIB_POLY1305 is not set -# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set -CONFIG_CRYPTO_LIB_SHA256=y # CONFIG_CRYPTO_HW is not set # @@ -2868,6 +2874,21 @@ CONFIG_GENERIC_IOMAP=y CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y CONFIG_ARCH_HAS_FAST_MULTIPLIER=y CONFIG_ARCH_USE_SYM_ANNOTATIONS=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +# CONFIG_CRYPTO_LIB_CHACHA is not set +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +CONFIG_LIB_MEMNEQ=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set diff --git a/config/linux-t440p.config b/config/linux-t440p.config index 2ba0a56af..ab90c3126 100644 --- a/config/linux-t440p.config +++ b/config/linux-t440p.config @@ -1,12 +1,14 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.10.5 Kernel Configuration +# Linux/x86 5.10.214 Kernel Configuration # CONFIG_CC_VERSION_TEXT="x86_64-linux-musl-gcc (GCC) 8.3.0" CONFIG_CC_IS_GCC=y CONFIG_GCC_VERSION=80300 CONFIG_LD_VERSION=232000000 CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=23200 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y @@ -188,6 +190,7 @@ CONFIG_MEMBARRIER=y CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y # CONFIG_USERFAULTFD is not set CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +# CONFIG_KCMP is not set # CONFIG_RSEQ is not set CONFIG_EMBEDDED=y CONFIG_HAVE_PERF_EVENTS=y @@ -258,7 +261,6 @@ CONFIG_SMP=y CONFIG_X86_FEATURE_NAMES=y # CONFIG_X86_MPPARSE is not set # CONFIG_GOLDFISH is not set -# CONFIG_RETPOLINE is not set # CONFIG_X86_CPU_RESCTRL is not set # CONFIG_X86_EXTENDED_PLATFORM is not set # CONFIG_X86_INTEL_LPSS is not set @@ -320,7 +322,6 @@ CONFIG_X86_THERMAL_VECTOR=y # CONFIG_X86_VSYSCALL_EMULATION is not set CONFIG_X86_IOPL_IOPERM=y -# CONFIG_I8K is not set # CONFIG_MICROCODE is not set # CONFIG_X86_MSR is not set # CONFIG_X86_CPUID is not set @@ -369,6 +370,12 @@ CONFIG_LEGACY_VSYSCALL_NONE=y CONFIG_HAVE_LIVEPATCH=y # end of Processor type and features +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_PAGE_TABLE_ISOLATION=y +# CONFIG_RETPOLINE is not set +CONFIG_CPU_IBRS_ENTRY=y +# CONFIG_GDS_FORCE_MITIGATION is not set CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y @@ -561,6 +568,7 @@ CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_ARCH_HAS_FORTIFY_SOURCE=y CONFIG_ARCH_HAS_SET_MEMORY=y CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y CONFIG_HAVE_ASM_MODVERSIONS=y @@ -613,6 +621,7 @@ CONFIG_STRICT_KERNEL_RWX=y CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y CONFIG_STRICT_MODULE_RWX=y CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y +CONFIG_ARCH_USE_MEMREMAP_PROT=y CONFIG_ARCH_HAS_MEM_ENCRYPT=y CONFIG_HAVE_STATIC_CALL=y CONFIG_HAVE_STATIC_CALL_INLINE=y @@ -625,6 +634,10 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y # end of GCOV-based kernel profiling CONFIG_HAVE_GCC_PLUGINS=y +CONFIG_GCC_PLUGINS=y +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set +# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set # end of General architecture-dependent options CONFIG_RT_MUTEXES=y @@ -759,6 +772,7 @@ CONFIG_INET=y # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set +CONFIG_INET_TABLE_PERTURB_ORDER=16 # CONFIG_INET_DIAG is not set # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y @@ -780,7 +794,6 @@ CONFIG_DEFAULT_TCP_CONG="cubic" CONFIG_HAVE_NET_DSA=y # CONFIG_NET_DSA is not set # CONFIG_VLAN_8021Q is not set -# CONFIG_DECNET is not set # CONFIG_LLC2 is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set @@ -967,7 +980,6 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 # CONFIG_BLK_DEV_DRBD is not set # CONFIG_BLK_DEV_NBD is not set # CONFIG_BLK_DEV_SKD is not set -# CONFIG_BLK_DEV_SX8 is not set CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=65536 @@ -981,6 +993,7 @@ CONFIG_BLK_DEV_RAM_SIZE=65536 # # CONFIG_BLK_DEV_NVME is not set # CONFIG_NVME_FC is not set +# CONFIG_NVME_TCP is not set # end of NVME Support # @@ -1370,7 +1383,6 @@ CONFIG_USB_NET_CDC_SUBSET=m # CONFIG_FUJITSU_ES is not set # CONFIG_NET_FAILOVER is not set # CONFIG_ISDN is not set -# CONFIG_NVM is not set # # Input device support @@ -1530,10 +1542,9 @@ CONFIG_TCG_TIS=y # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TELCLOCK is not set # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -1668,6 +1679,7 @@ CONFIG_POWER_SUPPLY=y # CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_SMB347 is not set # CONFIG_BATTERY_GAUGE_LTC2941 is not set +# CONFIG_BATTERY_RT5033 is not set # CONFIG_CHARGER_BD99954 is not set # CONFIG_HWMON is not set CONFIG_THERMAL=y @@ -1758,7 +1770,6 @@ CONFIG_BCMA_POSSIBLE=y # CONFIG_MFD_SKY81452 is not set # CONFIG_ABX500_CORE is not set CONFIG_MFD_SYSCON=y -# CONFIG_MFD_TI_AM335X_TSCADC is not set # CONFIG_MFD_LP3943 is not set # CONFIG_MFD_LP8788 is not set # CONFIG_MFD_TI_LMU is not set @@ -1889,6 +1900,7 @@ CONFIG_DUMMY_CONSOLE=y CONFIG_DUMMY_CONSOLE_COLUMNS=80 CONFIG_DUMMY_CONSOLE_ROWS=25 CONFIG_FRAMEBUFFER_CONSOLE=y +# CONFIG_FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION is not set CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y # CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set # CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set @@ -2597,7 +2609,6 @@ CONFIG_IO_WQ=y # CONFIG_KEYS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITYFS=y -CONFIG_PAGE_TABLE_ISOLATION=y # CONFIG_INTEL_TXT is not set CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y @@ -2617,6 +2628,10 @@ CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf" # Memory initialization # CONFIG_INIT_STACK_NONE=y +# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set +# CONFIG_GCC_PLUGIN_STACKLEAK is not set # CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set # end of Memory initialization @@ -2793,18 +2808,6 @@ CONFIG_CRYPTO_USER_API_AEAD=y # CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set # CONFIG_CRYPTO_STATS is not set CONFIG_CRYPTO_HASH_INFO=y - -# -# Crypto library routines -# -CONFIG_CRYPTO_LIB_AES=y -# CONFIG_CRYPTO_LIB_BLAKE2S is not set -# CONFIG_CRYPTO_LIB_CHACHA is not set -# CONFIG_CRYPTO_LIB_CURVE25519 is not set -CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 -# CONFIG_CRYPTO_LIB_POLY1305 is not set -# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set -CONFIG_CRYPTO_LIB_SHA256=y # CONFIG_CRYPTO_HW is not set # @@ -2829,6 +2832,21 @@ CONFIG_GENERIC_IOMAP=y CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y CONFIG_ARCH_HAS_FAST_MULTIPLIER=y CONFIG_ARCH_USE_SYM_ANNOTATIONS=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +# CONFIG_CRYPTO_LIB_CHACHA is not set +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +CONFIG_LIB_MEMNEQ=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set diff --git a/config/linux-w541.config b/config/linux-w541.config index 2ba0a56af..56bd86ccd 100644 --- a/config/linux-w541.config +++ b/config/linux-w541.config @@ -1,1235 +1,129 @@ -# -# Automatically generated file; DO NOT EDIT. -# Linux/x86 5.10.5 Kernel Configuration -# -CONFIG_CC_VERSION_TEXT="x86_64-linux-musl-gcc (GCC) 8.3.0" -CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=80300 -CONFIG_LD_VERSION=232000000 -CONFIG_CLANG_VERSION=0 -CONFIG_LLD_VERSION=0 -CONFIG_CC_CAN_LINK=y -CONFIG_CC_CAN_LINK_STATIC=y -CONFIG_CC_HAS_ASM_GOTO=y -CONFIG_CC_HAS_ASM_INLINE=y -CONFIG_IRQ_WORK=y -CONFIG_BUILDTIME_TABLE_SORT=y -CONFIG_THREAD_INFO_IN_TASK=y - -# -# General setup -# -CONFIG_INIT_ENV_ARG_LIMIT=32 -# CONFIG_COMPILE_TEST is not set CONFIG_LOCALVERSION="-@BRAND_NAME@" # CONFIG_LOCALVERSION_AUTO is not set -CONFIG_BUILD_SALT="" -CONFIG_HAVE_KERNEL_GZIP=y -CONFIG_HAVE_KERNEL_BZIP2=y -CONFIG_HAVE_KERNEL_LZMA=y -CONFIG_HAVE_KERNEL_XZ=y -CONFIG_HAVE_KERNEL_LZO=y -CONFIG_HAVE_KERNEL_LZ4=y -CONFIG_HAVE_KERNEL_ZSTD=y -# CONFIG_KERNEL_GZIP is not set -# CONFIG_KERNEL_BZIP2 is not set -# CONFIG_KERNEL_LZMA is not set CONFIG_KERNEL_XZ=y -# CONFIG_KERNEL_LZO is not set -# CONFIG_KERNEL_LZ4 is not set -# CONFIG_KERNEL_ZSTD is not set -CONFIG_DEFAULT_INIT="" -CONFIG_DEFAULT_HOSTNAME="(none)" # CONFIG_SWAP is not set -# CONFIG_SYSVIPC is not set -# CONFIG_POSIX_MQUEUE is not set -# CONFIG_WATCH_QUEUE is not set # CONFIG_CROSS_MEMORY_ATTACH is not set -# CONFIG_USELIB is not set -# CONFIG_AUDIT is not set -CONFIG_HAVE_ARCH_AUDITSYSCALL=y - -# -# IRQ subsystem -# -CONFIG_GENERIC_IRQ_PROBE=y -CONFIG_GENERIC_IRQ_SHOW=y -CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y -CONFIG_GENERIC_PENDING_IRQ=y -CONFIG_GENERIC_IRQ_MIGRATION=y -CONFIG_HARDIRQS_SW_RESEND=y -CONFIG_IRQ_DOMAIN=y -CONFIG_IRQ_DOMAIN_HIERARCHY=y -CONFIG_GENERIC_MSI_IRQ=y -CONFIG_GENERIC_MSI_IRQ_DOMAIN=y -CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y -CONFIG_GENERIC_IRQ_RESERVATION_MODE=y -CONFIG_IRQ_FORCED_THREADING=y -CONFIG_SPARSE_IRQ=y -# end of IRQ subsystem - -CONFIG_CLOCKSOURCE_WATCHDOG=y -CONFIG_ARCH_CLOCKSOURCE_INIT=y -CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y -CONFIG_GENERIC_TIME_VSYSCALL=y -CONFIG_GENERIC_CLOCKEVENTS=y -CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y -CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y -CONFIG_GENERIC_CMOS_UPDATE=y -CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y -CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y - -# -# Timers subsystem -# -CONFIG_TICK_ONESHOT=y -CONFIG_NO_HZ_COMMON=y -# CONFIG_HZ_PERIODIC is not set CONFIG_NO_HZ_IDLE=y -# CONFIG_NO_HZ_FULL is not set -# CONFIG_NO_HZ is not set -# CONFIG_HIGH_RES_TIMERS is not set -# end of Timers subsystem - -CONFIG_PREEMPT_NONE=y -# CONFIG_PREEMPT_VOLUNTARY is not set -# CONFIG_PREEMPT is not set - -# -# CPU/Task time and stats accounting -# -CONFIG_TICK_CPU_ACCOUNTING=y -# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set -# CONFIG_IRQ_TIME_ACCOUNTING is not set -# CONFIG_PSI is not set -# end of CPU/Task time and stats accounting - # CONFIG_CPU_ISOLATION is not set - -# -# RCU Subsystem -# -CONFIG_TREE_RCU=y -# CONFIG_RCU_EXPERT is not set -CONFIG_SRCU=y -CONFIG_TREE_SRCU=y -CONFIG_RCU_STALL_COMMON=y -CONFIG_RCU_NEED_SEGCBLIST=y -# end of RCU Subsystem - -CONFIG_BUILD_BIN2C=y -# CONFIG_IKCONFIG is not set -# CONFIG_IKHEADERS is not set CONFIG_LOG_BUF_SHIFT=18 -CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 -CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 -CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y - -# -# Scheduler features -# -# CONFIG_UCLAMP_TASK is not set -# end of Scheduler features - -CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y -CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y -CONFIG_CC_HAS_INT128=y -CONFIG_ARCH_SUPPORTS_INT128=y -# CONFIG_CGROUPS is not set -# CONFIG_CHECKPOINT_RESTORE is not set -# CONFIG_SCHED_AUTOGROUP is not set -# CONFIG_SYSFS_DEPRECATED is not set CONFIG_RELAY=y CONFIG_BLK_DEV_INITRD=y CONFIG_INITRAMFS_SOURCE="@BLOB_DIR@/dev.cpio" -CONFIG_INITRAMFS_ROOT_UID=0 -CONFIG_INITRAMFS_ROOT_GID=0 # CONFIG_RD_GZIP is not set # CONFIG_RD_BZIP2 is not set # CONFIG_RD_LZMA is not set -CONFIG_RD_XZ=y # CONFIG_RD_LZO is not set # CONFIG_RD_LZ4 is not set # CONFIG_RD_ZSTD is not set -CONFIG_INITRAMFS_COMPRESSION_XZ=y -# CONFIG_INITRAMFS_COMPRESSION_NONE is not set -# CONFIG_BOOT_CONFIG is not set -# CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set CONFIG_CC_OPTIMIZE_FOR_SIZE=y -CONFIG_LD_ORPHAN_WARN=y -CONFIG_SYSCTL=y -CONFIG_SYSCTL_EXCEPTION_TRACE=y -CONFIG_HAVE_PCSPKR_PLATFORM=y -CONFIG_BPF=y -CONFIG_EXPERT=y # CONFIG_MULTIUSER is not set # CONFIG_SGETMASK_SYSCALL is not set # CONFIG_SYSFS_SYSCALL is not set # CONFIG_FHANDLE is not set -CONFIG_POSIX_TIMERS=y -CONFIG_PRINTK=y -CONFIG_PRINTK_NMI=y -CONFIG_BUG=y -CONFIG_PCSPKR_PLATFORM=y # CONFIG_BASE_FULL is not set -CONFIG_FUTEX=y -CONFIG_FUTEX_PI=y -CONFIG_EPOLL=y # CONFIG_SIGNALFD is not set # CONFIG_TIMERFD is not set # CONFIG_EVENTFD is not set -CONFIG_SHMEM=y # CONFIG_AIO is not set -CONFIG_IO_URING=y # CONFIG_ADVISE_SYSCALLS is not set -CONFIG_MEMBARRIER=y # CONFIG_KALLSYMS is not set -# CONFIG_BPF_SYSCALL is not set -CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y -# CONFIG_USERFAULTFD is not set -CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y # CONFIG_RSEQ is not set CONFIG_EMBEDDED=y -CONFIG_HAVE_PERF_EVENTS=y -# CONFIG_PC104 is not set - -# -# Kernel Performance Events And Counters -# -CONFIG_PERF_EVENTS=y -# CONFIG_DEBUG_PERF_USE_VMALLOC is not set -# end of Kernel Performance Events And Counters - # CONFIG_VM_EVENT_COUNTERS is not set # CONFIG_SLUB_DEBUG is not set # CONFIG_COMPAT_BRK is not set -# CONFIG_SLAB is not set -CONFIG_SLUB=y -# CONFIG_SLOB is not set -CONFIG_SLAB_MERGE_DEFAULT=y -# CONFIG_SLAB_FREELIST_RANDOM is not set -# CONFIG_SLAB_FREELIST_HARDENED is not set -# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set -CONFIG_SLUB_CPU_PARTIAL=y -# CONFIG_PROFILING is not set -# end of General setup - -CONFIG_64BIT=y -CONFIG_X86_64=y -CONFIG_X86=y -CONFIG_INSTRUCTION_DECODER=y -CONFIG_OUTPUT_FORMAT="elf64-x86-64" -CONFIG_LOCKDEP_SUPPORT=y -CONFIG_STACKTRACE_SUPPORT=y -CONFIG_MMU=y -CONFIG_ARCH_MMAP_RND_BITS_MIN=28 -CONFIG_ARCH_MMAP_RND_BITS_MAX=32 -CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 -CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 -CONFIG_GENERIC_ISA_DMA=y -CONFIG_GENERIC_BUG=y -CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y -CONFIG_ARCH_MAY_HAVE_PC_FDC=y -CONFIG_GENERIC_CALIBRATE_DELAY=y -CONFIG_ARCH_HAS_CPU_RELAX=y -CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y -CONFIG_ARCH_HAS_FILTER_PGPROT=y -CONFIG_HAVE_SETUP_PER_CPU_AREA=y -CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y -CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y -CONFIG_ARCH_HIBERNATION_POSSIBLE=y -CONFIG_ARCH_SUSPEND_POSSIBLE=y -CONFIG_ARCH_WANT_GENERAL_HUGETLB=y -CONFIG_ZONE_DMA32=y -CONFIG_AUDIT_ARCH=y -CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y -CONFIG_HAVE_INTEL_TXT=y -CONFIG_X86_64_SMP=y -CONFIG_ARCH_SUPPORTS_UPROBES=y -CONFIG_FIX_EARLYCON_MEM=y -CONFIG_PGTABLE_LEVELS=4 -CONFIG_CC_HAS_SANE_STACKPROTECTOR=y - -# -# Processor type and features -# # CONFIG_ZONE_DMA is not set CONFIG_SMP=y -CONFIG_X86_FEATURE_NAMES=y # CONFIG_X86_MPPARSE is not set -# CONFIG_GOLDFISH is not set -# CONFIG_RETPOLINE is not set -# CONFIG_X86_CPU_RESCTRL is not set # CONFIG_X86_EXTENDED_PLATFORM is not set -# CONFIG_X86_INTEL_LPSS is not set -# CONFIG_X86_AMD_PLATFORM_DEVICE is not set CONFIG_IOSF_MBI=y -CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y -CONFIG_SCHED_OMIT_FRAME_POINTER=y -# CONFIG_HYPERVISOR_GUEST is not set -# CONFIG_MK8 is not set -# CONFIG_MPSC is not set CONFIG_MCORE2=y -# CONFIG_MATOM is not set -# CONFIG_GENERIC_CPU is not set -CONFIG_X86_INTERNODE_CACHE_SHIFT=6 -CONFIG_X86_L1_CACHE_SHIFT=6 -CONFIG_X86_INTEL_USERCOPY=y -CONFIG_X86_USE_PPRO_CHECKSUM=y -CONFIG_X86_P6_NOP=y -CONFIG_X86_TSC=y -CONFIG_X86_CMPXCHG64=y -CONFIG_X86_CMOV=y -CONFIG_X86_MINIMUM_CPU_FAMILY=64 -CONFIG_X86_DEBUGCTLMSR=y -CONFIG_IA32_FEAT_CTL=y -CONFIG_X86_VMX_FEATURE_NAMES=y CONFIG_PROCESSOR_SELECT=y -CONFIG_CPU_SUP_INTEL=y # CONFIG_CPU_SUP_AMD is not set # CONFIG_CPU_SUP_HYGON is not set # CONFIG_CPU_SUP_CENTAUR is not set # CONFIG_CPU_SUP_ZHAOXIN is not set -CONFIG_HPET_TIMER=y -CONFIG_HPET_EMULATE_RTC=y -CONFIG_DMI=y -# CONFIG_MAXSMP is not set -CONFIG_NR_CPUS_RANGE_BEGIN=2 -CONFIG_NR_CPUS_RANGE_END=512 -CONFIG_NR_CPUS_DEFAULT=64 CONFIG_NR_CPUS=32 -CONFIG_SCHED_SMT=y -CONFIG_SCHED_MC=y -CONFIG_SCHED_MC_PRIO=y -CONFIG_X86_LOCAL_APIC=y -CONFIG_X86_IO_APIC=y -# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set -CONFIG_X86_MCE=y -# CONFIG_X86_MCELOG_LEGACY is not set -CONFIG_X86_MCE_INTEL=y -CONFIG_X86_MCE_THRESHOLD=y -CONFIG_X86_THERMAL_VECTOR=y - -# -# Performance monitoring -# # CONFIG_PERF_EVENTS_INTEL_UNCORE is not set # CONFIG_PERF_EVENTS_INTEL_RAPL is not set # CONFIG_PERF_EVENTS_INTEL_CSTATE is not set -# end of Performance monitoring - # CONFIG_X86_VSYSCALL_EMULATION is not set -CONFIG_X86_IOPL_IOPERM=y -# CONFIG_I8K is not set # CONFIG_MICROCODE is not set -# CONFIG_X86_MSR is not set -# CONFIG_X86_CPUID is not set # CONFIG_X86_5LEVEL is not set -CONFIG_X86_DIRECT_GBPAGES=y -# CONFIG_NUMA is not set -CONFIG_ARCH_SPARSEMEM_ENABLE=y -CONFIG_ARCH_SPARSEMEM_DEFAULT=y -CONFIG_ARCH_SELECT_MEMORY_MODEL=y -CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 -CONFIG_X86_PMEM_LEGACY_DEVICE=y CONFIG_X86_PMEM_LEGACY=y -# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set -CONFIG_X86_RESERVE_LOW=64 # CONFIG_MTRR is not set -CONFIG_ARCH_RANDOM=y # CONFIG_X86_SMAP is not set -CONFIG_X86_UMIP=y # CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set -CONFIG_X86_INTEL_TSX_MODE_OFF=y -# CONFIG_X86_INTEL_TSX_MODE_ON is not set -# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set CONFIG_EFI=y -# CONFIG_EFI_STUB is not set -# CONFIG_HZ_100 is not set -CONFIG_HZ_250=y -# CONFIG_HZ_300 is not set -# CONFIG_HZ_1000 is not set -CONFIG_HZ=250 CONFIG_KEXEC=y CONFIG_KEXEC_FILE=y -CONFIG_ARCH_HAS_KEXEC_PURGATORY=y -# CONFIG_KEXEC_SIG is not set -# CONFIG_CRASH_DUMP is not set -CONFIG_PHYSICAL_START=0x1000000 # CONFIG_RELOCATABLE is not set CONFIG_PHYSICAL_ALIGN=0x1000000 -CONFIG_HOTPLUG_CPU=y -# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set -# CONFIG_DEBUG_HOTPLUG_CPU0 is not set -# CONFIG_LEGACY_VSYSCALL_EMULATE is not set -# CONFIG_LEGACY_VSYSCALL_XONLY is not set CONFIG_LEGACY_VSYSCALL_NONE=y -# CONFIG_CMDLINE_BOOL is not set # CONFIG_MODIFY_LDT_SYSCALL is not set -CONFIG_HAVE_LIVEPATCH=y -# end of Processor type and features - -CONFIG_ARCH_HAS_ADD_PAGES=y -CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y -CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y - -# -# Power management and ACPI options -# +# CONFIG_RETPOLINE is not set # CONFIG_SUSPEND is not set -# CONFIG_PM is not set -# CONFIG_ENERGY_MODEL is not set -CONFIG_ARCH_SUPPORTS_ACPI=y -CONFIG_ACPI=y -CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y -CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y -CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y -# CONFIG_ACPI_DEBUGGER is not set -CONFIG_ACPI_SPCR_TABLE=y -CONFIG_ACPI_LPIT=y -CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y -# CONFIG_ACPI_EC_DEBUGFS is not set -CONFIG_ACPI_AC=y -CONFIG_ACPI_BATTERY=y -CONFIG_ACPI_BUTTON=y CONFIG_ACPI_VIDEO=y -CONFIG_ACPI_FAN=y -# CONFIG_ACPI_DOCK is not set -CONFIG_ACPI_CPU_FREQ_PSS=y -CONFIG_ACPI_PROCESSOR_CSTATE=y -CONFIG_ACPI_PROCESSOR_IDLE=y -CONFIG_ACPI_CPPC_LIB=y -CONFIG_ACPI_PROCESSOR=y -CONFIG_ACPI_HOTPLUG_CPU=y -# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set -CONFIG_ACPI_THERMAL=y -CONFIG_ACPI_CUSTOM_DSDT_FILE="" -CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y -CONFIG_ACPI_TABLE_UPGRADE=y -# CONFIG_ACPI_DEBUG is not set -# CONFIG_ACPI_PCI_SLOT is not set -CONFIG_ACPI_CONTAINER=y -CONFIG_ACPI_HOTPLUG_IOAPIC=y -# CONFIG_ACPI_SBS is not set -# CONFIG_ACPI_HED is not set -# CONFIG_ACPI_BGRT is not set -# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set -# CONFIG_ACPI_NFIT is not set -CONFIG_HAVE_ACPI_APEI=y -CONFIG_HAVE_ACPI_APEI_NMI=y -# CONFIG_ACPI_APEI is not set -# CONFIG_ACPI_DPTF is not set -# CONFIG_ACPI_CONFIGFS is not set -# CONFIG_PMIC_OPREGION is not set -CONFIG_X86_PM_TIMER=y -# CONFIG_SFI is not set - -# -# CPU Frequency scaling -# -CONFIG_CPU_FREQ=y -CONFIG_CPU_FREQ_GOV_ATTR_SET=y -# CONFIG_CPU_FREQ_STAT is not set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y -# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set -# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set -# CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL is not set -CONFIG_CPU_FREQ_GOV_PERFORMANCE=y -# CONFIG_CPU_FREQ_GOV_POWERSAVE is not set -# CONFIG_CPU_FREQ_GOV_USERSPACE is not set -# CONFIG_CPU_FREQ_GOV_ONDEMAND is not set -# CONFIG_CPU_FREQ_GOV_CONSERVATIVE is not set -CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y - -# -# CPU frequency scaling drivers -# -CONFIG_X86_INTEL_PSTATE=y -# CONFIG_X86_PCC_CPUFREQ is not set -# CONFIG_X86_ACPI_CPUFREQ is not set -# CONFIG_X86_SPEEDSTEP_CENTRINO is not set -# CONFIG_X86_P4_CLOCKMOD is not set - -# -# shared options -# -# end of CPU Frequency scaling - -# -# CPU Idle -# -CONFIG_CPU_IDLE=y -# CONFIG_CPU_IDLE_GOV_LADDER is not set -CONFIG_CPU_IDLE_GOV_MENU=y -# CONFIG_CPU_IDLE_GOV_TEO is not set -# end of CPU Idle - -# CONFIG_INTEL_IDLE is not set -# end of Power management and ACPI options - -# -# Bus options (PCI etc.) -# -CONFIG_PCI_DIRECT=y # CONFIG_PCI_MMCONFIG is not set -# CONFIG_PCI_CNB20LE_QUIRK is not set -# CONFIG_ISA_BUS is not set -CONFIG_ISA_DMA_API=y -# CONFIG_X86_SYSFB is not set -# end of Bus options (PCI etc.) - -# -# Binary Emulations -# -# CONFIG_IA32_EMULATION is not set -# CONFIG_X86_X32 is not set -# end of Binary Emulations - -# -# Firmware Drivers -# -# CONFIG_EDD is not set # CONFIG_FIRMWARE_MEMMAP is not set # CONFIG_DMIID is not set -# CONFIG_DMI_SYSFS is not set -CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y -# CONFIG_ISCSI_IBFT is not set -# CONFIG_FW_CFG_SYSFS is not set CONFIG_GOOGLE_FIRMWARE=y -# CONFIG_GOOGLE_SMI is not set CONFIG_GOOGLE_COREBOOT_TABLE=y -CONFIG_GOOGLE_MEMCONSOLE=y CONFIG_GOOGLE_MEMCONSOLE_X86_LEGACY=y CONFIG_GOOGLE_MEMCONSOLE_COREBOOT=y -# CONFIG_GOOGLE_VPD is not set - -# -# EFI (Extensible Firmware Interface) Support -# -# CONFIG_EFI_VARS is not set -CONFIG_EFI_ESRT=y -CONFIG_EFI_RUNTIME_MAP=y -# CONFIG_EFI_FAKE_MEMMAP is not set -CONFIG_EFI_RUNTIME_WRAPPERS=y -# CONFIG_EFI_BOOTLOADER_CONTROL is not set -# CONFIG_EFI_CAPSULE_LOADER is not set -# CONFIG_EFI_TEST is not set -# CONFIG_EFI_RCI2_TABLE is not set -# CONFIG_EFI_DISABLE_PCI_DMA is not set -# end of EFI (Extensible Firmware Interface) Support - -CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y - -# -# Tegra firmware driver -# -# end of Tegra firmware driver -# end of Firmware Drivers - -CONFIG_HAVE_KVM=y # CONFIG_VIRTUALIZATION is not set -CONFIG_AS_AVX512=y -CONFIG_AS_SHA1_NI=y -CONFIG_AS_SHA256_NI=y -CONFIG_AS_TPAUSE=y - -# -# General architecture-dependent options -# -CONFIG_CRASH_CORE=y -CONFIG_KEXEC_CORE=y -CONFIG_HOTPLUG_SMT=y -CONFIG_GENERIC_ENTRY=y -CONFIG_HAVE_OPROFILE=y -CONFIG_OPROFILE_NMI_TIMER=y -# CONFIG_KPROBES is not set CONFIG_JUMP_LABEL=y -# CONFIG_STATIC_KEYS_SELFTEST is not set -# CONFIG_STATIC_CALL_SELFTEST is not set -CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y -CONFIG_ARCH_USE_BUILTIN_BSWAP=y -CONFIG_HAVE_IOREMAP_PROT=y -CONFIG_HAVE_KPROBES=y -CONFIG_HAVE_KRETPROBES=y -CONFIG_HAVE_OPTPROBES=y -CONFIG_HAVE_KPROBES_ON_FTRACE=y -CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y -CONFIG_HAVE_NMI=y -CONFIG_HAVE_ARCH_TRACEHOOK=y -CONFIG_HAVE_DMA_CONTIGUOUS=y -CONFIG_GENERIC_SMP_IDLE_THREAD=y -CONFIG_ARCH_HAS_FORTIFY_SOURCE=y -CONFIG_ARCH_HAS_SET_MEMORY=y -CONFIG_ARCH_HAS_SET_DIRECT_MAP=y -CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y -CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y -CONFIG_HAVE_ASM_MODVERSIONS=y -CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y -CONFIG_HAVE_RSEQ=y -CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y -CONFIG_HAVE_HW_BREAKPOINT=y -CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y -CONFIG_HAVE_USER_RETURN_NOTIFIER=y -CONFIG_HAVE_PERF_EVENTS_NMI=y -CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y -CONFIG_HAVE_PERF_REGS=y -CONFIG_HAVE_PERF_USER_STACK_DUMP=y -CONFIG_HAVE_ARCH_JUMP_LABEL=y -CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y -CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y -CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y -CONFIG_HAVE_CMPXCHG_LOCAL=y -CONFIG_HAVE_CMPXCHG_DOUBLE=y -CONFIG_HAVE_ARCH_SECCOMP=y -CONFIG_HAVE_ARCH_SECCOMP_FILTER=y # CONFIG_SECCOMP is not set -CONFIG_HAVE_ARCH_STACKLEAK=y -CONFIG_HAVE_STACKPROTECTOR=y -CONFIG_STACKPROTECTOR=y -CONFIG_STACKPROTECTOR_STRONG=y -CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y -CONFIG_HAVE_CONTEXT_TRACKING=y -CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y -CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y -CONFIG_HAVE_MOVE_PMD=y -CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y -CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y -CONFIG_HAVE_ARCH_HUGE_VMAP=y -CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y -CONFIG_HAVE_ARCH_SOFT_DIRTY=y -CONFIG_HAVE_MOD_ARCH_SPECIFIC=y -CONFIG_MODULES_USE_ELF_RELA=y -CONFIG_ARCH_HAS_ELF_RANDOMIZE=y -CONFIG_HAVE_ARCH_MMAP_RND_BITS=y -CONFIG_HAVE_EXIT_THREAD=y -CONFIG_ARCH_MMAP_RND_BITS=28 -CONFIG_HAVE_STACK_VALIDATION=y -CONFIG_HAVE_RELIABLE_STACKTRACE=y -# CONFIG_COMPAT_32BIT_TIME is not set -CONFIG_HAVE_ARCH_VMAP_STACK=y -CONFIG_VMAP_STACK=y -CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y -CONFIG_STRICT_KERNEL_RWX=y -CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y -CONFIG_STRICT_MODULE_RWX=y -CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y -CONFIG_ARCH_HAS_MEM_ENCRYPT=y -CONFIG_HAVE_STATIC_CALL=y -CONFIG_HAVE_STATIC_CALL_INLINE=y -CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y - -# -# GCOV-based kernel profiling -# -CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y -# end of GCOV-based kernel profiling - -CONFIG_HAVE_GCC_PLUGINS=y -# end of General architecture-dependent options - -CONFIG_RT_MUTEXES=y -CONFIG_BASE_SMALL=1 CONFIG_MODULES=y -# CONFIG_MODULE_FORCE_LOAD is not set -# CONFIG_MODULE_UNLOAD is not set -# CONFIG_MODVERSIONS is not set -# CONFIG_MODULE_SRCVERSION_ALL is not set -# CONFIG_MODULE_SIG is not set -# CONFIG_MODULE_COMPRESS is not set -# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set # CONFIG_UNUSED_SYMBOLS is not set CONFIG_TRIM_UNUSED_KSYMS=y -CONFIG_UNUSED_KSYMS_WHITELIST="" -CONFIG_MODULES_TREE_LOOKUP=y -CONFIG_BLOCK=y -CONFIG_BLK_SCSI_REQUEST=y -CONFIG_BLK_DEV_BSG=y -CONFIG_BLK_DEV_BSGLIB=y -# CONFIG_BLK_DEV_INTEGRITY is not set -# CONFIG_BLK_DEV_ZONED is not set -# CONFIG_BLK_CMDLINE_PARSER is not set -# CONFIG_BLK_WBT is not set -# CONFIG_BLK_SED_OPAL is not set -# CONFIG_BLK_INLINE_ENCRYPTION is not set - -# -# Partition Types -# -# CONFIG_PARTITION_ADVANCED is not set -CONFIG_MSDOS_PARTITION=y -CONFIG_EFI_PARTITION=y -# end of Partition Types - -CONFIG_BLK_MQ_PCI=y - -# -# IO Schedulers -# -CONFIG_MQ_IOSCHED_DEADLINE=y # CONFIG_MQ_IOSCHED_KYBER is not set -# CONFIG_IOSCHED_BFQ is not set -# end of IO Schedulers - -CONFIG_INLINE_SPIN_UNLOCK_IRQ=y -CONFIG_INLINE_READ_UNLOCK=y -CONFIG_INLINE_READ_UNLOCK_IRQ=y -CONFIG_INLINE_WRITE_UNLOCK=y -CONFIG_INLINE_WRITE_UNLOCK_IRQ=y -CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y -CONFIG_MUTEX_SPIN_ON_OWNER=y -CONFIG_RWSEM_SPIN_ON_OWNER=y -CONFIG_LOCK_SPIN_ON_OWNER=y -CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y -CONFIG_QUEUED_SPINLOCKS=y -CONFIG_ARCH_USE_QUEUED_RWLOCKS=y -CONFIG_QUEUED_RWLOCKS=y -CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y -CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y -CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y - -# -# Executable file formats -# -CONFIG_BINFMT_ELF=y -CONFIG_ELFCORE=y -CONFIG_BINFMT_SCRIPT=y -# CONFIG_BINFMT_MISC is not set # CONFIG_COREDUMP is not set -# end of Executable file formats - -# -# Memory Management options -# -CONFIG_SELECT_MEMORY_MODEL=y -CONFIG_SPARSEMEM_MANUAL=y -CONFIG_SPARSEMEM=y -CONFIG_SPARSEMEM_EXTREME=y -CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y -CONFIG_SPARSEMEM_VMEMMAP=y -CONFIG_HAVE_FAST_GUP=y -# CONFIG_MEMORY_HOTPLUG is not set -CONFIG_SPLIT_PTLOCK_CPUS=4 # CONFIG_COMPACTION is not set -# CONFIG_PAGE_REPORTING is not set -CONFIG_PHYS_ADDR_T_64BIT=y -CONFIG_VIRT_TO_BUS=y -CONFIG_MMU_NOTIFIER=y -# CONFIG_KSM is not set CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 -CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y -# CONFIG_MEMORY_FAILURE is not set -# CONFIG_TRANSPARENT_HUGEPAGE is not set -CONFIG_ARCH_WANTS_THP_SWAP=y -# CONFIG_CLEANCACHE is not set -# CONFIG_CMA is not set -# CONFIG_ZPOOL is not set -# CONFIG_ZBUD is not set -# CONFIG_ZSMALLOC is not set -CONFIG_GENERIC_EARLY_IOREMAP=y -# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set -# CONFIG_IDLE_PAGE_TRACKING is not set -CONFIG_ARCH_HAS_PTE_DEVMAP=y -# CONFIG_PERCPU_STATS is not set -# CONFIG_GUP_BENCHMARK is not set -CONFIG_ARCH_HAS_PTE_SPECIAL=y -# end of Memory Management options - CONFIG_NET=y - -# -# Networking options -# CONFIG_PACKET=y -# CONFIG_PACKET_DIAG is not set CONFIG_UNIX=y -CONFIG_UNIX_SCM=y -# CONFIG_UNIX_DIAG is not set -# CONFIG_TLS is not set -# CONFIG_XFRM_USER is not set -# CONFIG_NET_KEY is not set CONFIG_INET=y -# CONFIG_IP_MULTICAST is not set -# CONFIG_IP_ADVANCED_ROUTER is not set -# CONFIG_IP_PNP is not set -# CONFIG_NET_IPIP is not set -# CONFIG_NET_IPGRE_DEMUX is not set -# CONFIG_SYN_COOKIES is not set -# CONFIG_NET_IPVTI is not set -# CONFIG_NET_FOU is not set -# CONFIG_INET_AH is not set -# CONFIG_INET_ESP is not set -# CONFIG_INET_IPCOMP is not set # CONFIG_INET_DIAG is not set -# CONFIG_TCP_CONG_ADVANCED is not set -CONFIG_TCP_CONG_CUBIC=y -CONFIG_DEFAULT_TCP_CONG="cubic" -# CONFIG_TCP_MD5SIG is not set # CONFIG_IPV6 is not set -# CONFIG_MPTCP is not set -# CONFIG_NETWORK_SECMARK is not set -# CONFIG_NETWORK_PHY_TIMESTAMPING is not set -# CONFIG_NETFILTER is not set -# CONFIG_BPFILTER is not set -# CONFIG_IP_DCCP is not set -# CONFIG_IP_SCTP is not set -# CONFIG_RDS is not set -# CONFIG_TIPC is not set -# CONFIG_ATM is not set -# CONFIG_L2TP is not set -# CONFIG_BRIDGE is not set -CONFIG_HAVE_NET_DSA=y -# CONFIG_NET_DSA is not set -# CONFIG_VLAN_8021Q is not set -# CONFIG_DECNET is not set -# CONFIG_LLC2 is not set -# CONFIG_ATALK is not set -# CONFIG_X25 is not set -# CONFIG_LAPB is not set -# CONFIG_PHONET is not set -# CONFIG_IEEE802154 is not set -# CONFIG_NET_SCHED is not set -# CONFIG_DCB is not set -# CONFIG_BATMAN_ADV is not set -# CONFIG_OPENVSWITCH is not set -# CONFIG_VSOCKETS is not set -# CONFIG_NETLINK_DIAG is not set -# CONFIG_MPLS is not set -# CONFIG_NET_NSH is not set -# CONFIG_HSR is not set -# CONFIG_NET_SWITCHDEV is not set -# CONFIG_NET_L3_MASTER_DEV is not set -# CONFIG_QRTR is not set -# CONFIG_NET_NCSI is not set -CONFIG_RPS=y -CONFIG_RFS_ACCEL=y -CONFIG_XPS=y -CONFIG_NET_RX_BUSY_POLL=y -CONFIG_BQL=y -# CONFIG_BPF_JIT is not set -CONFIG_NET_FLOW_LIMIT=y - -# -# Network testing -# -# CONFIG_NET_PKTGEN is not set -# end of Network testing -# end of Networking options - -# CONFIG_HAMRADIO is not set -# CONFIG_CAN is not set -# CONFIG_BT is not set -# CONFIG_AF_RXRPC is not set -# CONFIG_AF_KCM is not set # CONFIG_WIRELESS is not set -# CONFIG_WIMAX is not set -# CONFIG_RFKILL is not set -# CONFIG_NET_9P is not set -# CONFIG_CAIF is not set -# CONFIG_CEPH_LIB is not set -# CONFIG_NFC is not set -# CONFIG_PSAMPLE is not set -# CONFIG_NET_IFE is not set -# CONFIG_LWTUNNEL is not set -# CONFIG_FAILOVER is not set -CONFIG_ETHTOOL_NETLINK=y -CONFIG_HAVE_EBPF_JIT=y - -# -# Device Drivers -# -CONFIG_HAVE_EISA=y -# CONFIG_EISA is not set -CONFIG_HAVE_PCI=y CONFIG_PCI=y -CONFIG_PCI_DOMAINS=y -# CONFIG_PCIEPORTBUS is not set -CONFIG_PCIEASPM=y -CONFIG_PCIEASPM_DEFAULT=y -# CONFIG_PCIEASPM_POWERSAVE is not set -# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set -# CONFIG_PCIEASPM_PERFORMANCE is not set -# CONFIG_PCIE_PTM is not set CONFIG_PCI_MSI=y -CONFIG_PCI_MSI_IRQ_DOMAIN=y -CONFIG_PCI_QUIRKS=y -# CONFIG_PCI_DEBUG is not set -# CONFIG_PCI_STUB is not set -CONFIG_PCI_ATS=y -CONFIG_PCI_LOCKLESS_CONFIG=y -# CONFIG_PCI_IOV is not set -CONFIG_PCI_PRI=y -CONFIG_PCI_PASID=y -CONFIG_PCI_LABEL=y -# CONFIG_PCIE_BUS_TUNE_OFF is not set -CONFIG_PCIE_BUS_DEFAULT=y -# CONFIG_PCIE_BUS_SAFE is not set -# CONFIG_PCIE_BUS_PERFORMANCE is not set -# CONFIG_PCIE_BUS_PEER2PEER is not set -# CONFIG_HOTPLUG_PCI is not set - -# -# PCI controller drivers -# -# CONFIG_VMD is not set - -# -# DesignWare PCI Core Support -# -# CONFIG_PCIE_DW_PLAT_HOST is not set -# CONFIG_PCI_MESON is not set -# end of DesignWare PCI Core Support - -# -# Mobiveil PCIe Core Support -# -# end of Mobiveil PCIe Core Support - -# -# Cadence PCIe controllers support -# -# end of Cadence PCIe controllers support -# end of PCI controller drivers - -# -# PCI Endpoint -# -# CONFIG_PCI_ENDPOINT is not set -# end of PCI Endpoint - -# -# PCI switch controller drivers -# -# CONFIG_PCI_SW_SWITCHTEC is not set -# end of PCI switch controller drivers - -# CONFIG_PCCARD is not set -# CONFIG_RAPIDIO is not set - -# -# Generic Driver Options -# -# CONFIG_UEVENT_HELPER is not set CONFIG_DEVTMPFS=y CONFIG_DEVTMPFS_MOUNT=y # CONFIG_STANDALONE is not set -CONFIG_PREVENT_FIRMWARE_BUILD=y - -# -# Firmware loader -# -CONFIG_FW_LOADER=y -CONFIG_EXTRA_FIRMWARE="" -# CONFIG_FW_LOADER_USER_HELPER is not set -# CONFIG_FW_LOADER_COMPRESS is not set -# end of Firmware loader - # CONFIG_ALLOW_DEV_COREDUMP is not set -# CONFIG_DEBUG_DRIVER is not set -# CONFIG_DEBUG_DEVRES is not set -# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set -# CONFIG_TEST_ASYNC_DRIVER_PROBE is not set -CONFIG_GENERIC_CPU_AUTOPROBE=y -CONFIG_GENERIC_CPU_VULNERABILITIES=y -CONFIG_REGMAP=y -CONFIG_REGMAP_MMIO=y -CONFIG_DMA_SHARED_BUFFER=y -# CONFIG_DMA_FENCE_TRACE is not set -# end of Generic Driver Options - -# -# Bus devices -# -# CONFIG_MHI_BUS is not set -# end of Bus devices - -# CONFIG_CONNECTOR is not set -# CONFIG_GNSS is not set -# CONFIG_MTD is not set -# CONFIG_OF is not set -CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y -# CONFIG_PARPORT is not set -CONFIG_PNP=y # CONFIG_PNP_DEBUG_MESSAGES is not set - -# -# Protocols -# -CONFIG_PNPACPI=y -CONFIG_BLK_DEV=y -# CONFIG_BLK_DEV_NULL_BLK is not set -# CONFIG_BLK_DEV_FD is not set -CONFIG_CDROM=y -# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set -# CONFIG_BLK_DEV_UMEM is not set CONFIG_BLK_DEV_LOOP=y -CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 -# CONFIG_BLK_DEV_CRYPTOLOOP is not set -# CONFIG_BLK_DEV_DRBD is not set -# CONFIG_BLK_DEV_NBD is not set -# CONFIG_BLK_DEV_SKD is not set -# CONFIG_BLK_DEV_SX8 is not set CONFIG_BLK_DEV_RAM=y -CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=65536 -# CONFIG_CDROM_PKTCDVD is not set -# CONFIG_ATA_OVER_ETH is not set -# CONFIG_BLK_DEV_RBD is not set -# CONFIG_BLK_DEV_RSXX is not set - -# -# NVME Support -# -# CONFIG_BLK_DEV_NVME is not set -# CONFIG_NVME_FC is not set -# end of NVME Support - -# -# Misc devices -# -# CONFIG_AD525X_DPOT is not set -# CONFIG_DUMMY_IRQ is not set -# CONFIG_IBM_ASM is not set -# CONFIG_PHANTOM is not set -# CONFIG_TIFM_CORE is not set -# CONFIG_ICS932S401 is not set -# CONFIG_ENCLOSURE_SERVICES is not set -# CONFIG_HP_ILO is not set -# CONFIG_APDS9802ALS is not set -# CONFIG_ISL29003 is not set -# CONFIG_ISL29020 is not set -# CONFIG_SENSORS_TSL2550 is not set -# CONFIG_SENSORS_BH1770 is not set -# CONFIG_SENSORS_APDS990X is not set -# CONFIG_HMC6352 is not set -# CONFIG_DS1682 is not set -# CONFIG_SRAM is not set -# CONFIG_PCI_ENDPOINT_TEST is not set -# CONFIG_XILINX_SDFEC is not set -# CONFIG_PVPANIC is not set -# CONFIG_C2PORT is not set - -# -# EEPROM support -# -# CONFIG_EEPROM_AT24 is not set -# CONFIG_EEPROM_LEGACY is not set -# CONFIG_EEPROM_MAX6875 is not set -# CONFIG_EEPROM_93CX6 is not set -# CONFIG_EEPROM_IDT_89HPESX is not set -# CONFIG_EEPROM_EE1004 is not set -# end of EEPROM support - -# CONFIG_CB710_CORE is not set - -# -# Texas Instruments shared transport line discipline -# -# end of Texas Instruments shared transport line discipline - -# CONFIG_SENSORS_LIS3_I2C is not set -# CONFIG_ALTERA_STAPL is not set -CONFIG_INTEL_MEI=m CONFIG_INTEL_MEI_ME=m CONFIG_INTEL_MEI_TXE=m -# CONFIG_VMWARE_VMCI is not set -# CONFIG_GENWQE is not set -# CONFIG_ECHO is not set -# CONFIG_MISC_ALCOR_PCI is not set -# CONFIG_MISC_RTSX_PCI is not set -# CONFIG_MISC_RTSX_USB is not set -# CONFIG_HABANA_AI is not set -# CONFIG_UACCE is not set -# end of Misc devices - -CONFIG_HAVE_IDE=y -# CONFIG_IDE is not set - -# -# SCSI device support -# -CONFIG_SCSI_MOD=y -# CONFIG_RAID_ATTRS is not set -CONFIG_SCSI=y -CONFIG_SCSI_DMA=y # CONFIG_SCSI_PROC_FS is not set - -# -# SCSI support type (disk, tape, CD-ROM) -# CONFIG_BLK_DEV_SD=y -# CONFIG_CHR_DEV_ST is not set CONFIG_BLK_DEV_SR=y CONFIG_CHR_DEV_SG=y -# CONFIG_CHR_DEV_SCH is not set -# CONFIG_SCSI_CONSTANTS is not set -# CONFIG_SCSI_LOGGING is not set CONFIG_SCSI_SCAN_ASYNC=y - -# -# SCSI Transports -# -# CONFIG_SCSI_SPI_ATTRS is not set -# CONFIG_SCSI_FC_ATTRS is not set -CONFIG_SCSI_ISCSI_ATTRS=y -# CONFIG_SCSI_SAS_ATTRS is not set -# CONFIG_SCSI_SAS_LIBSAS is not set -# CONFIG_SCSI_SRP_ATTRS is not set -# end of SCSI Transports - -CONFIG_SCSI_LOWLEVEL=y CONFIG_ISCSI_TCP=y -# CONFIG_ISCSI_BOOT_SYSFS is not set -# CONFIG_SCSI_CXGB3_ISCSI is not set -# CONFIG_SCSI_CXGB4_ISCSI is not set -# CONFIG_SCSI_BNX2_ISCSI is not set -# CONFIG_BE2ISCSI is not set -# CONFIG_BLK_DEV_3W_XXXX_RAID is not set -# CONFIG_SCSI_HPSA is not set -# CONFIG_SCSI_3W_9XXX is not set -# CONFIG_SCSI_3W_SAS is not set -# CONFIG_SCSI_ACARD is not set -# CONFIG_SCSI_AACRAID is not set -# CONFIG_SCSI_AIC7XXX is not set -# CONFIG_SCSI_AIC79XX is not set -# CONFIG_SCSI_AIC94XX is not set -# CONFIG_SCSI_MVSAS is not set -# CONFIG_SCSI_MVUMI is not set -# CONFIG_SCSI_DPT_I2O is not set -# CONFIG_SCSI_ADVANSYS is not set -# CONFIG_SCSI_ARCMSR is not set -# CONFIG_SCSI_ESAS2R is not set -# CONFIG_MEGARAID_NEWGEN is not set -# CONFIG_MEGARAID_LEGACY is not set -# CONFIG_MEGARAID_SAS is not set -# CONFIG_SCSI_MPT3SAS is not set -# CONFIG_SCSI_MPT2SAS is not set -# CONFIG_SCSI_SMARTPQI is not set -# CONFIG_SCSI_UFSHCD is not set -# CONFIG_SCSI_HPTIOP is not set -# CONFIG_SCSI_BUSLOGIC is not set -# CONFIG_SCSI_MYRB is not set -# CONFIG_SCSI_MYRS is not set -# CONFIG_VMWARE_PVSCSI is not set -# CONFIG_SCSI_SNIC is not set -# CONFIG_SCSI_DMX3191D is not set -# CONFIG_SCSI_FDOMAIN_PCI is not set -# CONFIG_SCSI_GDTH is not set -# CONFIG_SCSI_ISCI is not set -# CONFIG_SCSI_IPS is not set -# CONFIG_SCSI_INITIO is not set -# CONFIG_SCSI_INIA100 is not set -# CONFIG_SCSI_STEX is not set -# CONFIG_SCSI_SYM53C8XX_2 is not set -# CONFIG_SCSI_IPR is not set -# CONFIG_SCSI_QLOGIC_1280 is not set -# CONFIG_SCSI_QLA_ISCSI is not set -# CONFIG_SCSI_DC395x is not set -# CONFIG_SCSI_AM53C974 is not set -# CONFIG_SCSI_WD719X is not set -# CONFIG_SCSI_DEBUG is not set -# CONFIG_SCSI_PMCRAID is not set -# CONFIG_SCSI_PM8001 is not set -# CONFIG_SCSI_DH is not set -# end of SCSI device support - CONFIG_ATA=y -CONFIG_SATA_HOST=y -CONFIG_PATA_TIMINGS=y # CONFIG_ATA_VERBOSE_ERROR is not set -CONFIG_ATA_FORCE=y -CONFIG_ATA_ACPI=y -CONFIG_SATA_PMP=y - -# -# Controllers with non-SFF native interface -# CONFIG_SATA_AHCI=y -CONFIG_SATA_MOBILE_LPM_POLICY=0 -# CONFIG_SATA_AHCI_PLATFORM is not set -# CONFIG_SATA_INIC162X is not set -# CONFIG_SATA_ACARD_AHCI is not set -# CONFIG_SATA_SIL24 is not set # CONFIG_ATA_SFF is not set CONFIG_MD=y -# CONFIG_BLK_DEV_MD is not set -# CONFIG_BCACHE is not set -CONFIG_BLK_DEV_DM_BUILTIN=y CONFIG_BLK_DEV_DM=y -# CONFIG_DM_DEBUG is not set -CONFIG_DM_BUFIO=y -# CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set -CONFIG_DM_BIO_PRISON=y -CONFIG_DM_PERSISTENT_DATA=y -# CONFIG_DM_UNSTRIPED is not set CONFIG_DM_CRYPT=y CONFIG_DM_SNAPSHOT=y CONFIG_DM_THIN_PROVISIONING=y -# CONFIG_DM_CACHE is not set -# CONFIG_DM_WRITECACHE is not set -# CONFIG_DM_EBS is not set -# CONFIG_DM_ERA is not set -# CONFIG_DM_CLONE is not set -# CONFIG_DM_MIRROR is not set -# CONFIG_DM_RAID is not set -# CONFIG_DM_ZERO is not set -# CONFIG_DM_MULTIPATH is not set -# CONFIG_DM_DELAY is not set -# CONFIG_DM_DUST is not set -# CONFIG_DM_INIT is not set -# CONFIG_DM_UEVENT is not set -# CONFIG_DM_FLAKEY is not set CONFIG_DM_VERITY=y -# CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG is not set CONFIG_DM_VERITY_FEC=y -# CONFIG_DM_SWITCH is not set -# CONFIG_DM_LOG_WRITES is not set -# CONFIG_DM_INTEGRITY is not set -# CONFIG_TARGET_CORE is not set -# CONFIG_FUSION is not set - -# -# IEEE 1394 (FireWire) support -# -# CONFIG_FIREWIRE is not set -# CONFIG_FIREWIRE_NOSY is not set -# end of IEEE 1394 (FireWire) support - -# CONFIG_MACINTOSH_DRIVERS is not set CONFIG_NETDEVICES=y -CONFIG_MII=m -CONFIG_NET_CORE=y -# CONFIG_BONDING is not set -# CONFIG_DUMMY is not set -# CONFIG_WIREGUARD is not set -# CONFIG_EQUALIZER is not set -# CONFIG_NET_FC is not set -# CONFIG_NET_TEAM is not set -# CONFIG_MACVLAN is not set -# CONFIG_IPVLAN is not set -# CONFIG_VXLAN is not set -# CONFIG_GENEVE is not set -# CONFIG_BAREUDP is not set -# CONFIG_GTP is not set -# CONFIG_MACSEC is not set -# CONFIG_NETCONSOLE is not set -# CONFIG_TUN is not set -# CONFIG_TUN_VNET_CROSS_LE is not set -# CONFIG_VETH is not set -# CONFIG_NLMON is not set -# CONFIG_ARCNET is not set - -# -# Distributed Switch Architecture drivers -# -# end of Distributed Switch Architecture drivers - -CONFIG_ETHERNET=y # CONFIG_NET_VENDOR_3COM is not set # CONFIG_NET_VENDOR_ADAPTEC is not set # CONFIG_NET_VENDOR_AGERE is not set # CONFIG_NET_VENDOR_ALACRITECH is not set # CONFIG_NET_VENDOR_ALTEON is not set -# CONFIG_ALTERA_TSE is not set # CONFIG_NET_VENDOR_AMAZON is not set # CONFIG_NET_VENDOR_AMD is not set # CONFIG_NET_VENDOR_AQUANTIA is not set @@ -1243,8 +137,6 @@ CONFIG_ETHERNET=y # CONFIG_NET_VENDOR_CHELSIO is not set # CONFIG_NET_VENDOR_CISCO is not set # CONFIG_NET_VENDOR_CORTINA is not set -# CONFIG_CX_ECAT is not set -# CONFIG_DNET is not set # CONFIG_NET_VENDOR_DEC is not set # CONFIG_NET_VENDOR_DLINK is not set # CONFIG_NET_VENDOR_EMULEX is not set @@ -1252,36 +144,20 @@ CONFIG_ETHERNET=y # CONFIG_NET_VENDOR_GOOGLE is not set # CONFIG_NET_VENDOR_HUAWEI is not set # CONFIG_NET_VENDOR_I825XX is not set -CONFIG_NET_VENDOR_INTEL=y -# CONFIG_E100 is not set CONFIG_E1000=m CONFIG_E1000E=m -CONFIG_E1000E_HWTS=y -# CONFIG_IGB is not set -# CONFIG_IGBVF is not set -# CONFIG_IXGB is not set -# CONFIG_IXGBE is not set -# CONFIG_IXGBEVF is not set -# CONFIG_I40E is not set -# CONFIG_I40EVF is not set -# CONFIG_ICE is not set -# CONFIG_FM10K is not set -# CONFIG_IGC is not set -# CONFIG_JME is not set # CONFIG_NET_VENDOR_MARVELL is not set # CONFIG_NET_VENDOR_MELLANOX is not set # CONFIG_NET_VENDOR_MICREL is not set # CONFIG_NET_VENDOR_MICROCHIP is not set # CONFIG_NET_VENDOR_MICROSEMI is not set # CONFIG_NET_VENDOR_MYRI is not set -# CONFIG_FEALNX is not set # CONFIG_NET_VENDOR_NATSEMI is not set # CONFIG_NET_VENDOR_NETERION is not set # CONFIG_NET_VENDOR_NETRONOME is not set # CONFIG_NET_VENDOR_NI is not set # CONFIG_NET_VENDOR_NVIDIA is not set # CONFIG_NET_VENDOR_OKI is not set -# CONFIG_ETHOC is not set # CONFIG_NET_VENDOR_PACKET_ENGINES is not set # CONFIG_NET_VENDOR_PENSANDO is not set # CONFIG_NET_VENDOR_QLOGIC is not set @@ -1305,1817 +181,116 @@ CONFIG_E1000E_HWTS=y # CONFIG_NET_VENDOR_VIA is not set # CONFIG_NET_VENDOR_WIZNET is not set # CONFIG_NET_VENDOR_XILINX is not set -# CONFIG_FDDI is not set -# CONFIG_HIPPI is not set -# CONFIG_NET_SB1000 is not set -# CONFIG_PHYLIB is not set -# CONFIG_MDIO_DEVICE is not set - -# -# PCS device drivers -# -# end of PCS device drivers - -# CONFIG_PPP is not set -# CONFIG_SLIP is not set CONFIG_USB_NET_DRIVERS=m -# CONFIG_USB_CATC is not set -# CONFIG_USB_KAWETH is not set -# CONFIG_USB_PEGASUS is not set -# CONFIG_USB_RTL8150 is not set -# CONFIG_USB_RTL8152 is not set -# CONFIG_USB_LAN78XX is not set CONFIG_USB_USBNET=m # CONFIG_USB_NET_AX8817X is not set # CONFIG_USB_NET_AX88179_178A is not set -CONFIG_USB_NET_CDCETHER=m CONFIG_USB_NET_CDC_EEM=m -CONFIG_USB_NET_CDC_NCM=m -# CONFIG_USB_NET_HUAWEI_CDC_NCM is not set -# CONFIG_USB_NET_CDC_MBIM is not set -# CONFIG_USB_NET_DM9601 is not set -# CONFIG_USB_NET_SR9700 is not set -# CONFIG_USB_NET_SR9800 is not set -# CONFIG_USB_NET_SMSC75XX is not set -# CONFIG_USB_NET_SMSC95XX is not set -# CONFIG_USB_NET_GL620A is not set # CONFIG_USB_NET_NET1080 is not set -# CONFIG_USB_NET_PLUSB is not set -# CONFIG_USB_NET_MCS7830 is not set -# CONFIG_USB_NET_RNDIS_HOST is not set -CONFIG_USB_NET_CDC_SUBSET=m -# CONFIG_USB_ALI_M5632 is not set -# CONFIG_USB_AN2720 is not set # CONFIG_USB_BELKIN is not set # CONFIG_USB_ARMLINUX is not set -# CONFIG_USB_EPSON2888 is not set -# CONFIG_USB_KC2190 is not set # CONFIG_USB_NET_ZAURUS is not set -# CONFIG_USB_NET_CX82310_ETH is not set -# CONFIG_USB_NET_KALMIA is not set -# CONFIG_USB_NET_QMI_WWAN is not set -# CONFIG_USB_NET_INT51X1 is not set -# CONFIG_USB_IPHETH is not set -# CONFIG_USB_SIERRA_NET is not set -# CONFIG_USB_VL600 is not set -# CONFIG_USB_NET_CH9200 is not set -# CONFIG_USB_NET_AQC111 is not set # CONFIG_WLAN is not set - -# -# Enable WiMAX (Networking options) to see the WiMAX drivers -# -# CONFIG_WAN is not set -# CONFIG_VMXNET3 is not set -# CONFIG_FUJITSU_ES is not set -# CONFIG_NET_FAILOVER is not set -# CONFIG_ISDN is not set -# CONFIG_NVM is not set - -# -# Input device support -# -CONFIG_INPUT=y -# CONFIG_INPUT_FF_MEMLESS is not set -# CONFIG_INPUT_POLLDEV is not set -# CONFIG_INPUT_SPARSEKMAP is not set -# CONFIG_INPUT_MATRIXKMAP is not set - -# -# Userland interfaces -# -# CONFIG_INPUT_MOUSEDEV is not set -# CONFIG_INPUT_JOYDEV is not set -# CONFIG_INPUT_EVDEV is not set -# CONFIG_INPUT_EVBUG is not set - -# -# Input Device Drivers -# -CONFIG_INPUT_KEYBOARD=y -# CONFIG_KEYBOARD_ADP5588 is not set -# CONFIG_KEYBOARD_ADP5589 is not set -CONFIG_KEYBOARD_ATKBD=y -# CONFIG_KEYBOARD_QT1050 is not set -# CONFIG_KEYBOARD_QT1070 is not set -# CONFIG_KEYBOARD_QT2160 is not set -# CONFIG_KEYBOARD_DLINK_DIR685 is not set -# CONFIG_KEYBOARD_LKKBD is not set -# CONFIG_KEYBOARD_TCA6416 is not set -# CONFIG_KEYBOARD_TCA8418 is not set -# CONFIG_KEYBOARD_LM8333 is not set -# CONFIG_KEYBOARD_MAX7359 is not set -# CONFIG_KEYBOARD_MCS is not set -# CONFIG_KEYBOARD_MPR121 is not set -# CONFIG_KEYBOARD_NEWTON is not set -# CONFIG_KEYBOARD_OPENCORES is not set -# CONFIG_KEYBOARD_SAMSUNG is not set -# CONFIG_KEYBOARD_STOWAWAY is not set -# CONFIG_KEYBOARD_SUNKBD is not set -# CONFIG_KEYBOARD_XTKBD is not set # CONFIG_INPUT_MOUSE is not set -# CONFIG_INPUT_JOYSTICK is not set -# CONFIG_INPUT_TABLET is not set -# CONFIG_INPUT_TOUCHSCREEN is not set -# CONFIG_INPUT_MISC is not set -# CONFIG_RMI4_CORE is not set - -# -# Hardware I/O ports -# -CONFIG_SERIO=y -CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y -CONFIG_SERIO_I8042=y # CONFIG_SERIO_SERPORT is not set -# CONFIG_SERIO_CT82C710 is not set -# CONFIG_SERIO_PCIPS2 is not set -CONFIG_SERIO_LIBPS2=y -# CONFIG_SERIO_RAW is not set -# CONFIG_SERIO_ALTERA_PS2 is not set -# CONFIG_SERIO_PS2MULT is not set -# CONFIG_SERIO_ARC_PS2 is not set -# CONFIG_USERIO is not set -# CONFIG_GAMEPORT is not set -# end of Hardware I/O ports -# end of Input device support - -# -# Character devices -# -CONFIG_TTY=y -CONFIG_VT=y -CONFIG_CONSOLE_TRANSLATIONS=y -CONFIG_VT_CONSOLE=y -CONFIG_HW_CONSOLE=y -CONFIG_VT_HW_CONSOLE_BINDING=y -CONFIG_UNIX98_PTYS=y # CONFIG_LEGACY_PTYS is not set -CONFIG_LDISC_AUTOLOAD=y - -# -# Serial drivers -# CONFIG_SERIAL_8250=y # CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set # CONFIG_SERIAL_8250_PNP is not set -# CONFIG_SERIAL_8250_16550A_VARIANTS is not set -# CONFIG_SERIAL_8250_FINTEK is not set -# CONFIG_SERIAL_8250_CONSOLE is not set # CONFIG_SERIAL_8250_PCI is not set -CONFIG_SERIAL_8250_NR_UARTS=4 -CONFIG_SERIAL_8250_RUNTIME_UARTS=4 -# CONFIG_SERIAL_8250_EXTENDED is not set -# CONFIG_SERIAL_8250_DW is not set -# CONFIG_SERIAL_8250_RT288X is not set # CONFIG_SERIAL_8250_LPSS is not set # CONFIG_SERIAL_8250_MID is not set - -# -# Non-8250 serial port support -# -# CONFIG_SERIAL_UARTLITE is not set -CONFIG_SERIAL_CORE=y -# CONFIG_SERIAL_JSM is not set -# CONFIG_SERIAL_LANTIQ is not set -# CONFIG_SERIAL_SCCNXP is not set -# CONFIG_SERIAL_SC16IS7XX is not set -# CONFIG_SERIAL_ALTERA_JTAGUART is not set -# CONFIG_SERIAL_ALTERA_UART is not set -# CONFIG_SERIAL_ARC is not set -# CONFIG_SERIAL_RP2 is not set -# CONFIG_SERIAL_FSL_LPUART is not set -# CONFIG_SERIAL_FSL_LINFLEXUART is not set -# CONFIG_SERIAL_SPRD is not set -# end of Serial drivers - -# CONFIG_SERIAL_NONSTANDARD is not set -# CONFIG_N_GSM is not set -# CONFIG_NOZOMI is not set -# CONFIG_NULL_TTY is not set -# CONFIG_TRACE_SINK is not set -# CONFIG_SERIAL_DEV_BUS is not set CONFIG_TTY_PRINTK=y -CONFIG_TTY_PRINTK_LEVEL=6 -# CONFIG_VIRTIO_CONSOLE is not set -# CONFIG_IPMI_HANDLER is not set -# CONFIG_IPMB_DEVICE_INTERFACE is not set CONFIG_HW_RANDOM=y -# CONFIG_HW_RANDOM_TIMERIOMEM is not set -CONFIG_HW_RANDOM_INTEL=y # CONFIG_HW_RANDOM_AMD is not set -# CONFIG_HW_RANDOM_BA431 is not set # CONFIG_HW_RANDOM_VIA is not set -# CONFIG_HW_RANDOM_XIPHERA is not set -# CONFIG_APPLICOM is not set -# CONFIG_MWAVE is not set -CONFIG_DEVMEM=y -# CONFIG_DEVKMEM is not set -# CONFIG_NVRAM is not set -# CONFIG_RAW_DRIVER is not set -CONFIG_DEVPORT=y -# CONFIG_HPET is not set -# CONFIG_HANGCHECK_TIMER is not set CONFIG_TCG_TPM=y # CONFIG_HW_RANDOM_TPM is not set -CONFIG_TCG_TIS_CORE=y CONFIG_TCG_TIS=y -# CONFIG_TCG_TIS_I2C_ATMEL is not set -# CONFIG_TCG_TIS_I2C_INFINEON is not set -# CONFIG_TCG_TIS_I2C_NUVOTON is not set -# CONFIG_TCG_NSC is not set -# CONFIG_TCG_ATMEL is not set -# CONFIG_TCG_INFINEON is not set -# CONFIG_TCG_CRB is not set -# CONFIG_TCG_VTPM_PROXY is not set -# CONFIG_TCG_TIS_ST33ZP24_I2C is not set -# CONFIG_TELCLOCK is not set -# CONFIG_XILLYBUS is not set -# end of Character devices - -CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set - -# -# I2C support -# CONFIG_I2C=y -CONFIG_ACPI_I2C_OPREGION=y -CONFIG_I2C_BOARDINFO=y # CONFIG_I2C_COMPAT is not set -# CONFIG_I2C_CHARDEV is not set CONFIG_I2C_MUX=m - -# -# Multiplexer I2C Chip support -# -# CONFIG_I2C_MUX_LTC4306 is not set CONFIG_I2C_MUX_PCA9541=m CONFIG_I2C_MUX_REG=m -# CONFIG_I2C_MUX_MLXCPLD is not set -# end of Multiplexer I2C Chip support - # CONFIG_I2C_HELPER_AUTO is not set -# CONFIG_I2C_SMBUS is not set - -# -# I2C Algorithms -# CONFIG_I2C_ALGOBIT=y -# CONFIG_I2C_ALGOPCF is not set -# CONFIG_I2C_ALGOPCA is not set -# end of I2C Algorithms - -# -# I2C Hardware Bus support -# - -# -# PC SMBus host controller drivers -# -# CONFIG_I2C_ALI1535 is not set -# CONFIG_I2C_ALI1563 is not set -# CONFIG_I2C_ALI15X3 is not set -# CONFIG_I2C_AMD756 is not set -# CONFIG_I2C_AMD8111 is not set -# CONFIG_I2C_AMD_MP2 is not set -# CONFIG_I2C_I801 is not set -# CONFIG_I2C_ISCH is not set -# CONFIG_I2C_ISMT is not set -# CONFIG_I2C_PIIX4 is not set -# CONFIG_I2C_NFORCE2 is not set -# CONFIG_I2C_NVIDIA_GPU is not set -# CONFIG_I2C_SIS5595 is not set -# CONFIG_I2C_SIS630 is not set -# CONFIG_I2C_SIS96X is not set -# CONFIG_I2C_VIA is not set -# CONFIG_I2C_VIAPRO is not set - -# -# ACPI drivers -# -# CONFIG_I2C_SCMI is not set - -# -# I2C system bus drivers (mostly embedded / system-on-chip) -# -# CONFIG_I2C_DESIGNWARE_PLATFORM is not set -# CONFIG_I2C_DESIGNWARE_PCI is not set -# CONFIG_I2C_EMEV2 is not set -# CONFIG_I2C_OCORES is not set -# CONFIG_I2C_PCA_PLATFORM is not set -# CONFIG_I2C_SIMTEC is not set -# CONFIG_I2C_XILINX is not set - -# -# External I2C/SMBus adapter drivers -# -# CONFIG_I2C_DIOLAN_U2C is not set -# CONFIG_I2C_ROBOTFUZZ_OSIF is not set -# CONFIG_I2C_TAOS_EVM is not set -# CONFIG_I2C_TINY_USB is not set - -# -# Other I2C/SMBus bus drivers -# -# CONFIG_I2C_MLXCPLD is not set -# end of I2C Hardware Bus support - -# CONFIG_I2C_STUB is not set CONFIG_I2C_SLAVE=y -# CONFIG_I2C_SLAVE_EEPROM is not set -# CONFIG_I2C_SLAVE_TESTUNIT is not set -# CONFIG_I2C_DEBUG_CORE is not set -# CONFIG_I2C_DEBUG_ALGO is not set -# CONFIG_I2C_DEBUG_BUS is not set -# end of I2C support - -# CONFIG_I3C is not set -# CONFIG_SPI is not set -# CONFIG_SPMI is not set -# CONFIG_HSI is not set -# CONFIG_PPS is not set - -# -# PTP clock support -# # CONFIG_PTP_1588_CLOCK is not set - -# -# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. -# -# end of PTP clock support - -# CONFIG_PINCTRL is not set -# CONFIG_GPIOLIB is not set -# CONFIG_W1 is not set -# CONFIG_POWER_RESET is not set -CONFIG_POWER_SUPPLY=y -# CONFIG_POWER_SUPPLY_DEBUG is not set -# CONFIG_PDA_POWER is not set -# CONFIG_TEST_POWER is not set -# CONFIG_CHARGER_ADP5061 is not set -# CONFIG_BATTERY_CW2015 is not set -# CONFIG_BATTERY_DS2780 is not set -# CONFIG_BATTERY_DS2781 is not set -# CONFIG_BATTERY_DS2782 is not set -# CONFIG_BATTERY_SBS is not set -# CONFIG_CHARGER_SBS is not set -# CONFIG_BATTERY_BQ27XXX is not set -# CONFIG_BATTERY_MAX17040 is not set -# CONFIG_BATTERY_MAX17042 is not set -# CONFIG_CHARGER_MAX8903 is not set -# CONFIG_CHARGER_LP8727 is not set -# CONFIG_CHARGER_BQ2415X is not set -# CONFIG_CHARGER_SMB347 is not set -# CONFIG_BATTERY_GAUGE_LTC2941 is not set -# CONFIG_CHARGER_BD99954 is not set # CONFIG_HWMON is not set -CONFIG_THERMAL=y -# CONFIG_THERMAL_NETLINK is not set -# CONFIG_THERMAL_STATISTICS is not set -CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 -# CONFIG_THERMAL_WRITABLE_TRIPS is not set -CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y -# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set -# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set -# CONFIG_THERMAL_GOV_FAIR_SHARE is not set -CONFIG_THERMAL_GOV_STEP_WISE=y -# CONFIG_THERMAL_GOV_BANG_BANG is not set -# CONFIG_THERMAL_GOV_USER_SPACE is not set -# CONFIG_THERMAL_EMULATION is not set - -# -# Intel thermal drivers -# -# CONFIG_INTEL_POWERCLAMP is not set # CONFIG_X86_PKG_TEMP_THERMAL is not set -# CONFIG_INTEL_SOC_DTS_THERMAL is not set - -# -# ACPI INT340X thermal drivers -# -# CONFIG_INT340X_THERMAL is not set -# end of ACPI INT340X thermal drivers - -# CONFIG_INTEL_PCH_THERMAL is not set -# end of Intel thermal drivers - -# CONFIG_WATCHDOG is not set -CONFIG_SSB_POSSIBLE=y -# CONFIG_SSB is not set -CONFIG_BCMA_POSSIBLE=y -# CONFIG_BCMA is not set - -# -# Multifunction device drivers -# -# CONFIG_MFD_AS3711 is not set -# CONFIG_PMIC_ADP5520 is not set -# CONFIG_MFD_BCM590XX is not set -# CONFIG_MFD_BD9571MWV is not set -# CONFIG_MFD_AXP20X_I2C is not set -# CONFIG_MFD_MADERA is not set -# CONFIG_PMIC_DA903X is not set -# CONFIG_MFD_DA9052_I2C is not set -# CONFIG_MFD_DA9055 is not set -# CONFIG_MFD_DA9062 is not set -# CONFIG_MFD_DA9063 is not set -# CONFIG_MFD_DA9150 is not set -# CONFIG_MFD_DLN2 is not set -# CONFIG_MFD_MC13XXX_I2C is not set -# CONFIG_MFD_MP2629 is not set -# CONFIG_HTC_PASIC3 is not set -# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set -# CONFIG_LPC_ICH is not set -# CONFIG_LPC_SCH is not set -# CONFIG_MFD_INTEL_LPSS_ACPI is not set -# CONFIG_MFD_INTEL_LPSS_PCI is not set -# CONFIG_MFD_IQS62X is not set -# CONFIG_MFD_JANZ_CMODIO is not set -# CONFIG_MFD_KEMPLD is not set -# CONFIG_MFD_88PM800 is not set -# CONFIG_MFD_88PM805 is not set -# CONFIG_MFD_88PM860X is not set -# CONFIG_MFD_MAX14577 is not set -# CONFIG_MFD_MAX77693 is not set -# CONFIG_MFD_MAX77843 is not set -# CONFIG_MFD_MAX8907 is not set -# CONFIG_MFD_MAX8925 is not set -# CONFIG_MFD_MAX8997 is not set -# CONFIG_MFD_MAX8998 is not set -# CONFIG_MFD_MT6360 is not set -# CONFIG_MFD_MT6397 is not set -# CONFIG_MFD_MENF21BMC is not set -# CONFIG_MFD_VIPERBOARD is not set -# CONFIG_MFD_RETU is not set -# CONFIG_MFD_PCF50633 is not set -# CONFIG_MFD_RDC321X is not set -# CONFIG_MFD_RT5033 is not set -# CONFIG_MFD_RC5T583 is not set -# CONFIG_MFD_SEC_CORE is not set -# CONFIG_MFD_SI476X_CORE is not set -# CONFIG_MFD_SM501 is not set -# CONFIG_MFD_SKY81452 is not set -# CONFIG_ABX500_CORE is not set CONFIG_MFD_SYSCON=y -# CONFIG_MFD_TI_AM335X_TSCADC is not set -# CONFIG_MFD_LP3943 is not set -# CONFIG_MFD_LP8788 is not set -# CONFIG_MFD_TI_LMU is not set -# CONFIG_MFD_PALMAS is not set -# CONFIG_TPS6105X is not set -# CONFIG_TPS6507X is not set -# CONFIG_MFD_TPS65086 is not set -# CONFIG_MFD_TPS65090 is not set -# CONFIG_MFD_TI_LP873X is not set -# CONFIG_MFD_TPS6586X is not set -# CONFIG_MFD_TPS65912_I2C is not set -# CONFIG_MFD_TPS80031 is not set -# CONFIG_TWL4030_CORE is not set -# CONFIG_TWL6040_CORE is not set -# CONFIG_MFD_WL1273_CORE is not set -# CONFIG_MFD_LM3533 is not set -# CONFIG_MFD_TQMX86 is not set -# CONFIG_MFD_VX855 is not set -# CONFIG_MFD_ARIZONA_I2C is not set -# CONFIG_MFD_WM8400 is not set -# CONFIG_MFD_WM831X_I2C is not set -# CONFIG_MFD_WM8350_I2C is not set -# CONFIG_MFD_WM8994 is not set -# end of Multifunction device drivers - -# CONFIG_REGULATOR is not set -# CONFIG_RC_CORE is not set -# CONFIG_MEDIA_CEC_SUPPORT is not set -# CONFIG_MEDIA_SUPPORT is not set - -# -# Graphics support -# -# CONFIG_AGP is not set -CONFIG_VGA_ARB=y -CONFIG_VGA_ARB_MAX_GPUS=16 -# CONFIG_VGA_SWITCHEROO is not set -# CONFIG_DRM is not set - -# -# ARM devices -# -# end of ARM devices - -CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y - -# -# Frame buffer Devices -# -CONFIG_FB_CMDLINE=y -CONFIG_FB_NOTIFY=y CONFIG_FB=y -# CONFIG_FIRMWARE_EDID is not set -CONFIG_FB_CFB_FILLRECT=y -CONFIG_FB_CFB_COPYAREA=y -CONFIG_FB_CFB_IMAGEBLIT=y -# CONFIG_FB_FOREIGN_ENDIAN is not set -# CONFIG_FB_MODE_HELPERS is not set -# CONFIG_FB_TILEBLITTING is not set - -# -# Frame buffer hardware drivers -# -# CONFIG_FB_CIRRUS is not set -# CONFIG_FB_PM2 is not set -# CONFIG_FB_CYBER2000 is not set -# CONFIG_FB_ARC is not set -# CONFIG_FB_ASILIANT is not set -# CONFIG_FB_IMSTT is not set -# CONFIG_FB_VGA16 is not set -# CONFIG_FB_VESA is not set CONFIG_FB_EFI=y -# CONFIG_FB_N411 is not set -# CONFIG_FB_HGA is not set -# CONFIG_FB_OPENCORES is not set -# CONFIG_FB_S1D13XXX is not set -# CONFIG_FB_NVIDIA is not set -# CONFIG_FB_RIVA is not set -# CONFIG_FB_I740 is not set -# CONFIG_FB_LE80578 is not set -# CONFIG_FB_MATROX is not set -# CONFIG_FB_RADEON is not set -# CONFIG_FB_ATY128 is not set -# CONFIG_FB_ATY is not set -# CONFIG_FB_S3 is not set -# CONFIG_FB_SAVAGE is not set -# CONFIG_FB_SIS is not set -# CONFIG_FB_NEOMAGIC is not set -# CONFIG_FB_KYRO is not set -# CONFIG_FB_3DFX is not set -# CONFIG_FB_VOODOO1 is not set -# CONFIG_FB_VT8623 is not set -# CONFIG_FB_TRIDENT is not set -# CONFIG_FB_ARK is not set -# CONFIG_FB_PM3 is not set -# CONFIG_FB_CARMINE is not set -# CONFIG_FB_SMSCUFX is not set -# CONFIG_FB_UDL is not set -# CONFIG_FB_IBM_GXT4500 is not set -# CONFIG_FB_VIRTUAL is not set -# CONFIG_FB_METRONOME is not set -# CONFIG_FB_MB862XX is not set -# CONFIG_FB_SIMPLE is not set -# CONFIG_FB_SM712 is not set -# end of Frame buffer Devices - -# -# Backlight & LCD device support -# -# CONFIG_LCD_CLASS_DEVICE is not set CONFIG_BACKLIGHT_CLASS_DEVICE=y -# CONFIG_BACKLIGHT_APPLE is not set -# CONFIG_BACKLIGHT_QCOM_WLED is not set -# CONFIG_BACKLIGHT_SAHARA is not set -# CONFIG_BACKLIGHT_ADP8860 is not set -# CONFIG_BACKLIGHT_ADP8870 is not set -# CONFIG_BACKLIGHT_LM3639 is not set -# CONFIG_BACKLIGHT_LV5207LP is not set -# CONFIG_BACKLIGHT_BD6107 is not set -# CONFIG_BACKLIGHT_ARCXCNN is not set -# end of Backlight & LCD device support - -# -# Console display driver support -# -CONFIG_VGA_CONSOLE=y -CONFIG_DUMMY_CONSOLE=y -CONFIG_DUMMY_CONSOLE_COLUMNS=80 -CONFIG_DUMMY_CONSOLE_ROWS=25 CONFIG_FRAMEBUFFER_CONSOLE=y CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y -# CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set -# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set -# end of Console display driver support - -# CONFIG_LOGO is not set -# end of Graphics support - -# CONFIG_SOUND is not set - -# -# HID support -# -CONFIG_HID=y -# CONFIG_HID_BATTERY_STRENGTH is not set -# CONFIG_HIDRAW is not set -# CONFIG_UHID is not set -CONFIG_HID_GENERIC=y - -# -# Special HID drivers -# -# CONFIG_HID_A4TECH is not set -# CONFIG_HID_ACCUTOUCH is not set -# CONFIG_HID_ACRUX is not set -# CONFIG_HID_APPLE is not set -# CONFIG_HID_APPLEIR is not set -# CONFIG_HID_AUREAL is not set -# CONFIG_HID_BELKIN is not set -# CONFIG_HID_BETOP_FF is not set -# CONFIG_HID_CHERRY is not set -# CONFIG_HID_CHICONY is not set -# CONFIG_HID_COUGAR is not set -# CONFIG_HID_MACALLY is not set -# CONFIG_HID_CMEDIA is not set -# CONFIG_HID_CREATIVE_SB0540 is not set -# CONFIG_HID_CYPRESS is not set -# CONFIG_HID_DRAGONRISE is not set -# CONFIG_HID_EMS_FF is not set -# CONFIG_HID_ELECOM is not set -# CONFIG_HID_ELO is not set -# CONFIG_HID_EZKEY is not set -# CONFIG_HID_GEMBIRD is not set -# CONFIG_HID_GFRM is not set -# CONFIG_HID_GLORIOUS is not set -# CONFIG_HID_HOLTEK is not set -# CONFIG_HID_VIVALDI is not set -# CONFIG_HID_KEYTOUCH is not set -# CONFIG_HID_KYE is not set -# CONFIG_HID_UCLOGIC is not set -# CONFIG_HID_WALTOP is not set -# CONFIG_HID_VIEWSONIC is not set -# CONFIG_HID_GYRATION is not set -# CONFIG_HID_ICADE is not set -# CONFIG_HID_ITE is not set -# CONFIG_HID_JABRA is not set -# CONFIG_HID_TWINHAN is not set -# CONFIG_HID_KENSINGTON is not set -# CONFIG_HID_LCPOWER is not set -# CONFIG_HID_LENOVO is not set -# CONFIG_HID_MAGICMOUSE is not set -# CONFIG_HID_MALTRON is not set -# CONFIG_HID_MAYFLASH is not set -# CONFIG_HID_REDRAGON is not set -# CONFIG_HID_MICROSOFT is not set -# CONFIG_HID_MONTEREY is not set -# CONFIG_HID_MULTITOUCH is not set -# CONFIG_HID_NTI is not set -# CONFIG_HID_NTRIG is not set -# CONFIG_HID_ORTEK is not set -# CONFIG_HID_PANTHERLORD is not set -# CONFIG_HID_PENMOUNT is not set -# CONFIG_HID_PETALYNX is not set -# CONFIG_HID_PICOLCD is not set -# CONFIG_HID_PLANTRONICS is not set -# CONFIG_HID_PRIMAX is not set -# CONFIG_HID_RETRODE is not set -# CONFIG_HID_ROCCAT is not set -# CONFIG_HID_SAITEK is not set -# CONFIG_HID_SAMSUNG is not set -# CONFIG_HID_SPEEDLINK is not set -# CONFIG_HID_STEAM is not set -# CONFIG_HID_STEELSERIES is not set -# CONFIG_HID_SUNPLUS is not set -# CONFIG_HID_RMI is not set -# CONFIG_HID_GREENASIA is not set -# CONFIG_HID_SMARTJOYPLUS is not set -# CONFIG_HID_TIVO is not set -# CONFIG_HID_TOPSEED is not set -# CONFIG_HID_THRUSTMASTER is not set -# CONFIG_HID_UDRAW_PS3 is not set -# CONFIG_HID_WACOM is not set -# CONFIG_HID_XINMO is not set -# CONFIG_HID_ZEROPLUS is not set -# CONFIG_HID_ZYDACRON is not set -# CONFIG_HID_SENSOR_HUB is not set -# CONFIG_HID_ALPS is not set -# end of Special HID drivers - -# -# USB HID support -# CONFIG_USB_HID=m -# CONFIG_HID_PID is not set -# CONFIG_USB_HIDDEV is not set - -# -# USB HID Boot Protocol drivers -# -# CONFIG_USB_KBD is not set -# CONFIG_USB_MOUSE is not set -# end of USB HID Boot Protocol drivers -# end of USB HID support - -# -# I2C HID support -# -# CONFIG_I2C_HID is not set -# end of I2C HID support - -# -# Intel ISH HID support -# -# CONFIG_INTEL_ISH_HID is not set -# end of Intel ISH HID support -# end of HID support - -CONFIG_USB_OHCI_LITTLE_ENDIAN=y -CONFIG_USB_SUPPORT=y -CONFIG_USB_COMMON=y -# CONFIG_USB_ULPI_BUS is not set -CONFIG_USB_ARCH_HAS_HCD=y CONFIG_USB=y -CONFIG_USB_PCI=y -# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set - -# -# Miscellaneous USB options -# -CONFIG_USB_DEFAULT_PERSIST=y -# CONFIG_USB_FEW_INIT_RETRIES is not set -# CONFIG_USB_DYNAMIC_MINORS is not set -# CONFIG_USB_OTG_PRODUCTLIST is not set -# CONFIG_USB_OTG_DISABLE_EXTERNAL_HUB is not set -CONFIG_USB_AUTOSUSPEND_DELAY=2 -# CONFIG_USB_MON is not set - -# -# USB Host Controller Drivers -# -# CONFIG_USB_C67X00_HCD is not set CONFIG_USB_XHCI_HCD=m -# CONFIG_USB_XHCI_DBGCAP is not set -CONFIG_USB_XHCI_PCI=m -# CONFIG_USB_XHCI_PCI_RENESAS is not set CONFIG_USB_XHCI_PLATFORM=m CONFIG_USB_EHCI_HCD=m -# CONFIG_USB_EHCI_ROOT_HUB_TT is not set -CONFIG_USB_EHCI_TT_NEWSCHED=y -CONFIG_USB_EHCI_PCI=m -# CONFIG_USB_EHCI_FSL is not set CONFIG_USB_EHCI_HCD_PLATFORM=m -# CONFIG_USB_OXU210HP_HCD is not set -# CONFIG_USB_ISP116X_HCD is not set -# CONFIG_USB_FOTG210_HCD is not set -# CONFIG_USB_OHCI_HCD is not set -# CONFIG_USB_UHCI_HCD is not set -# CONFIG_USB_SL811_HCD is not set -# CONFIG_USB_R8A66597_HCD is not set -# CONFIG_USB_HCD_TEST_MODE is not set - -# -# USB Device Class drivers -# -# CONFIG_USB_ACM is not set -# CONFIG_USB_PRINTER is not set -# CONFIG_USB_WDM is not set -# CONFIG_USB_TMC is not set - -# -# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may -# - -# -# also be needed; see USB_STORAGE Help for more info -# CONFIG_USB_STORAGE=m -# CONFIG_USB_STORAGE_DEBUG is not set -# CONFIG_USB_STORAGE_REALTEK is not set -# CONFIG_USB_STORAGE_DATAFAB is not set -# CONFIG_USB_STORAGE_FREECOM is not set -# CONFIG_USB_STORAGE_ISD200 is not set -# CONFIG_USB_STORAGE_USBAT is not set -# CONFIG_USB_STORAGE_SDDR09 is not set -# CONFIG_USB_STORAGE_SDDR55 is not set -# CONFIG_USB_STORAGE_JUMPSHOT is not set -# CONFIG_USB_STORAGE_ALAUDA is not set -# CONFIG_USB_STORAGE_ONETOUCH is not set -# CONFIG_USB_STORAGE_KARMA is not set -# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set -# CONFIG_USB_STORAGE_ENE_UB6250 is not set -# CONFIG_USB_UAS is not set - -# -# USB Imaging devices -# -# CONFIG_USB_MDC800 is not set -# CONFIG_USB_MICROTEK is not set -# CONFIG_USBIP_CORE is not set -# CONFIG_USB_CDNS3 is not set -# CONFIG_USB_MUSB_HDRC is not set -# CONFIG_USB_DWC3 is not set -# CONFIG_USB_DWC2 is not set -# CONFIG_USB_CHIPIDEA is not set -# CONFIG_USB_ISP1760 is not set - -# -# USB port drivers -# -# CONFIG_USB_SERIAL is not set - -# -# USB Miscellaneous drivers -# -# CONFIG_USB_EMI62 is not set -# CONFIG_USB_EMI26 is not set -# CONFIG_USB_ADUTUX is not set -# CONFIG_USB_SEVSEG is not set -# CONFIG_USB_LEGOTOWER is not set -# CONFIG_USB_LCD is not set -# CONFIG_USB_CYPRESS_CY7C63 is not set -# CONFIG_USB_CYTHERM is not set -# CONFIG_USB_IDMOUSE is not set -# CONFIG_USB_FTDI_ELAN is not set -# CONFIG_USB_APPLEDISPLAY is not set -# CONFIG_APPLE_MFI_FASTCHARGE is not set -# CONFIG_USB_SISUSBVGA is not set -# CONFIG_USB_LD is not set -# CONFIG_USB_TRANCEVIBRATOR is not set -# CONFIG_USB_IOWARRIOR is not set -# CONFIG_USB_TEST is not set -# CONFIG_USB_EHSET_TEST_FIXTURE is not set -# CONFIG_USB_ISIGHTFW is not set -# CONFIG_USB_YUREX is not set -# CONFIG_USB_EZUSB_FX2 is not set -# CONFIG_USB_HUB_USB251XB is not set -# CONFIG_USB_HSIC_USB3503 is not set -# CONFIG_USB_HSIC_USB4604 is not set -# CONFIG_USB_LINK_LAYER_TEST is not set -# CONFIG_USB_CHAOSKEY is not set - -# -# USB Physical Layer drivers -# -# CONFIG_NOP_USB_XCEIV is not set -# CONFIG_USB_ISP1301 is not set -# end of USB Physical Layer drivers - -# CONFIG_USB_GADGET is not set -# CONFIG_TYPEC is not set -# CONFIG_USB_ROLE_SWITCH is not set -# CONFIG_MMC is not set -# CONFIG_MEMSTICK is not set -# CONFIG_NEW_LEDS is not set -# CONFIG_ACCESSIBILITY is not set -# CONFIG_INFINIBAND is not set -CONFIG_EDAC_ATOMIC_SCRUB=y -CONFIG_EDAC_SUPPORT=y -CONFIG_RTC_LIB=y -CONFIG_RTC_MC146818_LIB=y CONFIG_RTC_CLASS=y -CONFIG_RTC_HCTOSYS=y -CONFIG_RTC_HCTOSYS_DEVICE="rtc0" -CONFIG_RTC_SYSTOHC=y -CONFIG_RTC_SYSTOHC_DEVICE="rtc0" -# CONFIG_RTC_DEBUG is not set -CONFIG_RTC_NVMEM=y - -# -# RTC interfaces -# -CONFIG_RTC_INTF_SYSFS=y -CONFIG_RTC_INTF_PROC=y -CONFIG_RTC_INTF_DEV=y -# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set -# CONFIG_RTC_DRV_TEST is not set - -# -# I2C RTC drivers -# -# CONFIG_RTC_DRV_ABB5ZES3 is not set -# CONFIG_RTC_DRV_ABEOZ9 is not set -# CONFIG_RTC_DRV_ABX80X is not set -# CONFIG_RTC_DRV_DS1307 is not set -# CONFIG_RTC_DRV_DS1374 is not set -# CONFIG_RTC_DRV_DS1672 is not set -# CONFIG_RTC_DRV_MAX6900 is not set -# CONFIG_RTC_DRV_RS5C372 is not set -# CONFIG_RTC_DRV_ISL1208 is not set -# CONFIG_RTC_DRV_ISL12022 is not set -# CONFIG_RTC_DRV_X1205 is not set -# CONFIG_RTC_DRV_PCF8523 is not set -# CONFIG_RTC_DRV_PCF85063 is not set -# CONFIG_RTC_DRV_PCF85363 is not set -# CONFIG_RTC_DRV_PCF8563 is not set -# CONFIG_RTC_DRV_PCF8583 is not set -# CONFIG_RTC_DRV_M41T80 is not set -# CONFIG_RTC_DRV_BQ32K is not set -# CONFIG_RTC_DRV_S35390A is not set -# CONFIG_RTC_DRV_FM3130 is not set -# CONFIG_RTC_DRV_RX8010 is not set -# CONFIG_RTC_DRV_RX8581 is not set -# CONFIG_RTC_DRV_RX8025 is not set -# CONFIG_RTC_DRV_EM3027 is not set -# CONFIG_RTC_DRV_RV3028 is not set -# CONFIG_RTC_DRV_RV3032 is not set -# CONFIG_RTC_DRV_RV8803 is not set -# CONFIG_RTC_DRV_SD3078 is not set - -# -# SPI RTC drivers -# -CONFIG_RTC_I2C_AND_SPI=y - -# -# SPI and I2C RTC drivers -# -# CONFIG_RTC_DRV_DS3232 is not set -# CONFIG_RTC_DRV_PCF2127 is not set -# CONFIG_RTC_DRV_RV3029C2 is not set - -# -# Platform RTC drivers -# -CONFIG_RTC_DRV_CMOS=y -# CONFIG_RTC_DRV_DS1286 is not set -# CONFIG_RTC_DRV_DS1511 is not set -# CONFIG_RTC_DRV_DS1553 is not set -# CONFIG_RTC_DRV_DS1685_FAMILY is not set -# CONFIG_RTC_DRV_DS1742 is not set -# CONFIG_RTC_DRV_DS2404 is not set -# CONFIG_RTC_DRV_STK17TA8 is not set -# CONFIG_RTC_DRV_M48T86 is not set -# CONFIG_RTC_DRV_M48T35 is not set -# CONFIG_RTC_DRV_M48T59 is not set -# CONFIG_RTC_DRV_MSM6242 is not set -# CONFIG_RTC_DRV_BQ4802 is not set -# CONFIG_RTC_DRV_RP5C01 is not set -# CONFIG_RTC_DRV_V3020 is not set - -# -# on-CPU RTC drivers -# -# CONFIG_RTC_DRV_FTRTC010 is not set - -# -# HID Sensor RTC drivers -# -# CONFIG_DMADEVICES is not set - -# -# DMABUF options -# CONFIG_SYNC_FILE=y -# CONFIG_DMABUF_MOVE_NOTIFY is not set -# CONFIG_DMABUF_SELFTESTS is not set -# CONFIG_DMABUF_HEAPS is not set -# end of DMABUF options - -# CONFIG_AUXDISPLAY is not set -# CONFIG_UIO is not set -# CONFIG_VFIO is not set -# CONFIG_VIRT_DRIVERS is not set # CONFIG_VIRTIO_MENU is not set -# CONFIG_VDPA is not set # CONFIG_VHOST_MENU is not set - -# -# Microsoft Hyper-V guest support -# -# end of Microsoft Hyper-V guest support - -# CONFIG_GREYBUS is not set -# CONFIG_STAGING is not set # CONFIG_X86_PLATFORM_DEVICES is not set -CONFIG_PMC_ATOM=y -# CONFIG_CHROME_PLATFORMS is not set -# CONFIG_MELLANOX_PLATFORM is not set -CONFIG_HAVE_CLK=y -CONFIG_CLKDEV_LOOKUP=y -CONFIG_HAVE_CLK_PREPARE=y -CONFIG_COMMON_CLK=y -# CONFIG_COMMON_CLK_MAX9485 is not set -# CONFIG_COMMON_CLK_SI5341 is not set -# CONFIG_COMMON_CLK_SI5351 is not set -# CONFIG_COMMON_CLK_SI544 is not set -# CONFIG_COMMON_CLK_CDCE706 is not set -# CONFIG_COMMON_CLK_CS2000_CP is not set -# CONFIG_HWSPINLOCK is not set - -# -# Clock Source drivers -# -CONFIG_CLKEVT_I8253=y -CONFIG_I8253_LOCK=y -CONFIG_CLKBLD_I8253=y -# end of Clock Source drivers - -CONFIG_MAILBOX=y -CONFIG_PCC=y -# CONFIG_ALTERA_MBOX is not set -CONFIG_IOMMU_IOVA=y -CONFIG_IOASID=y -CONFIG_IOMMU_API=y -CONFIG_IOMMU_SUPPORT=y - -# -# Generic IOMMU Pagetable Support -# -# end of Generic IOMMU Pagetable Support - -# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set -# CONFIG_AMD_IOMMU is not set -CONFIG_DMAR_TABLE=y CONFIG_INTEL_IOMMU=y CONFIG_INTEL_IOMMU_SVM=y -CONFIG_INTEL_IOMMU_DEFAULT_ON=y -CONFIG_INTEL_IOMMU_FLOPPY_WA=y -# CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON is not set -# CONFIG_IRQ_REMAP is not set - -# -# Remoteproc drivers -# -# CONFIG_REMOTEPROC is not set -# end of Remoteproc drivers - -# -# Rpmsg drivers -# -# CONFIG_RPMSG_QCOM_GLINK_RPM is not set -# CONFIG_RPMSG_VIRTIO is not set -# end of Rpmsg drivers - -# CONFIG_SOUNDWIRE is not set - -# -# SOC (System On Chip) specific Drivers -# - -# -# Amlogic SoC drivers -# -# end of Amlogic SoC drivers - -# -# Aspeed SoC drivers -# -# end of Aspeed SoC drivers - -# -# Broadcom SoC drivers -# -# end of Broadcom SoC drivers - -# -# NXP/Freescale QorIQ SoC drivers -# -# end of NXP/Freescale QorIQ SoC drivers - -# -# i.MX SoC drivers -# -# end of i.MX SoC drivers - -# -# Qualcomm SoC drivers -# -# end of Qualcomm SoC drivers - -# CONFIG_SOC_TI is not set - -# -# Xilinx SoC drivers -# -# CONFIG_XILINX_VCU is not set -# end of Xilinx SoC drivers -# end of SOC (System On Chip) specific Drivers - -# CONFIG_PM_DEVFREQ is not set -# CONFIG_EXTCON is not set -# CONFIG_MEMORY is not set -# CONFIG_IIO is not set -# CONFIG_NTB is not set -# CONFIG_VME_BUS is not set -# CONFIG_PWM is not set - -# -# IRQ chip support -# -# end of IRQ chip support - -# CONFIG_IPACK_BUS is not set -# CONFIG_RESET_CONTROLLER is not set - -# -# PHY Subsystem -# CONFIG_GENERIC_PHY=y -# CONFIG_USB_LGM_PHY is not set -# CONFIG_BCM_KONA_USB2_PHY is not set -# CONFIG_PHY_PXA_28NM_HSIC is not set -# CONFIG_PHY_PXA_28NM_USB2 is not set -# CONFIG_PHY_INTEL_LGM_EMMC is not set -# end of PHY Subsystem - -# CONFIG_POWERCAP is not set -# CONFIG_MCB is not set - -# -# Performance monitor support -# -# end of Performance monitor support - -# CONFIG_RAS is not set -# CONFIG_USB4 is not set - -# -# Android -# -# CONFIG_ANDROID is not set -# end of Android - -CONFIG_LIBNVDIMM=y # CONFIG_BLK_DEV_PMEM is not set # CONFIG_ND_BLK is not set # CONFIG_BTT is not set -# CONFIG_DAX is not set -CONFIG_NVMEM=y -CONFIG_NVMEM_SYSFS=y - -# -# HW tracing support -# -# CONFIG_STM is not set -# CONFIG_INTEL_TH is not set -# end of HW tracing support - -# CONFIG_FPGA is not set -# CONFIG_UNISYS_VISORBUS is not set -# CONFIG_SIOX is not set -# CONFIG_SLIMBUS is not set -# CONFIG_INTERCONNECT is not set -# CONFIG_COUNTER is not set -# end of Device Drivers - -# -# File systems -# -CONFIG_DCACHE_WORD_ACCESS=y -# CONFIG_VALIDATE_FS_PARSER is not set -CONFIG_FS_IOMAP=y -# CONFIG_EXT2_FS is not set -# CONFIG_EXT3_FS is not set CONFIG_EXT4_FS=y -CONFIG_EXT4_USE_FOR_EXT2=y -# CONFIG_EXT4_FS_POSIX_ACL is not set -# CONFIG_EXT4_FS_SECURITY is not set -# CONFIG_EXT4_DEBUG is not set -CONFIG_JBD2=y -# CONFIG_JBD2_DEBUG is not set -CONFIG_FS_MBCACHE=y -# CONFIG_REISERFS_FS is not set -# CONFIG_JFS_FS is not set -# CONFIG_XFS_FS is not set -# CONFIG_GFS2_FS is not set -# CONFIG_BTRFS_FS is not set -# CONFIG_NILFS2_FS is not set -# CONFIG_F2FS_FS is not set -# CONFIG_FS_DAX is not set -# CONFIG_EXPORTFS_BLOCK_OPS is not set -CONFIG_FILE_LOCKING=y -CONFIG_MANDATORY_FILE_LOCKING=y -# CONFIG_FS_ENCRYPTION is not set -# CONFIG_FS_VERITY is not set # CONFIG_DNOTIFY is not set # CONFIG_INOTIFY_USER is not set -# CONFIG_FANOTIFY is not set -# CONFIG_QUOTA is not set -# CONFIG_AUTOFS4_FS is not set -# CONFIG_AUTOFS_FS is not set -# CONFIG_FUSE_FS is not set -# CONFIG_OVERLAY_FS is not set - -# -# Caches -# -# CONFIG_FSCACHE is not set -# end of Caches - -# -# CD-ROM/DVD Filesystems -# CONFIG_ISO9660_FS=y CONFIG_JOLIET=y -# CONFIG_ZISOFS is not set -# CONFIG_UDF_FS is not set -# end of CD-ROM/DVD Filesystems - -# -# DOS/FAT/EXFAT/NT Filesystems -# -CONFIG_FAT_FS=y CONFIG_MSDOS_FS=y CONFIG_VFAT_FS=y -CONFIG_FAT_DEFAULT_CODEPAGE=437 -CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" -# CONFIG_FAT_DEFAULT_UTF8 is not set CONFIG_EXFAT_FS=y -CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" -# CONFIG_NTFS_FS is not set -# end of DOS/FAT/EXFAT/NT Filesystems - -# -# Pseudo filesystems -# -CONFIG_PROC_FS=y -# CONFIG_PROC_KCORE is not set -CONFIG_PROC_SYSCTL=y # CONFIG_PROC_PAGE_MONITOR is not set -# CONFIG_PROC_CHILDREN is not set -CONFIG_PROC_PID_ARCH_STATUS=y -CONFIG_KERNFS=y -CONFIG_SYSFS=y -# CONFIG_TMPFS is not set -# CONFIG_HUGETLBFS is not set -CONFIG_ARCH_HAS_GIGANTIC_PAGE=y -# CONFIG_CONFIGFS_FS is not set -CONFIG_EFIVAR_FS=m -# end of Pseudo filesystems - # CONFIG_MISC_FILESYSTEMS is not set -CONFIG_NETWORK_FILESYSTEMS=y -# CONFIG_CEPH_FS is not set -# CONFIG_CIFS is not set -# CONFIG_CODA_FS is not set -# CONFIG_AFS_FS is not set -CONFIG_NLS=y CONFIG_NLS_DEFAULT="utf8" CONFIG_NLS_CODEPAGE_437=y -# CONFIG_NLS_CODEPAGE_737 is not set -# CONFIG_NLS_CODEPAGE_775 is not set -# CONFIG_NLS_CODEPAGE_850 is not set -# CONFIG_NLS_CODEPAGE_852 is not set -# CONFIG_NLS_CODEPAGE_855 is not set -# CONFIG_NLS_CODEPAGE_857 is not set -# CONFIG_NLS_CODEPAGE_860 is not set -# CONFIG_NLS_CODEPAGE_861 is not set -# CONFIG_NLS_CODEPAGE_862 is not set -# CONFIG_NLS_CODEPAGE_863 is not set -# CONFIG_NLS_CODEPAGE_864 is not set -# CONFIG_NLS_CODEPAGE_865 is not set -# CONFIG_NLS_CODEPAGE_866 is not set -# CONFIG_NLS_CODEPAGE_869 is not set -# CONFIG_NLS_CODEPAGE_936 is not set -# CONFIG_NLS_CODEPAGE_950 is not set -# CONFIG_NLS_CODEPAGE_932 is not set -# CONFIG_NLS_CODEPAGE_949 is not set -# CONFIG_NLS_CODEPAGE_874 is not set -# CONFIG_NLS_ISO8859_8 is not set -# CONFIG_NLS_CODEPAGE_1250 is not set -# CONFIG_NLS_CODEPAGE_1251 is not set -# CONFIG_NLS_ASCII is not set CONFIG_NLS_ISO8859_1=y -# CONFIG_NLS_ISO8859_2 is not set -# CONFIG_NLS_ISO8859_3 is not set -# CONFIG_NLS_ISO8859_4 is not set -# CONFIG_NLS_ISO8859_5 is not set -# CONFIG_NLS_ISO8859_6 is not set -# CONFIG_NLS_ISO8859_7 is not set -# CONFIG_NLS_ISO8859_9 is not set -# CONFIG_NLS_ISO8859_13 is not set -# CONFIG_NLS_ISO8859_14 is not set -# CONFIG_NLS_ISO8859_15 is not set -# CONFIG_NLS_KOI8_R is not set -# CONFIG_NLS_KOI8_U is not set -# CONFIG_NLS_MAC_ROMAN is not set -# CONFIG_NLS_MAC_CELTIC is not set -# CONFIG_NLS_MAC_CENTEURO is not set -# CONFIG_NLS_MAC_CROATIAN is not set -# CONFIG_NLS_MAC_CYRILLIC is not set -# CONFIG_NLS_MAC_GAELIC is not set -# CONFIG_NLS_MAC_GREEK is not set -# CONFIG_NLS_MAC_ICELAND is not set -# CONFIG_NLS_MAC_INUIT is not set -# CONFIG_NLS_MAC_ROMANIAN is not set -# CONFIG_NLS_MAC_TURKISH is not set CONFIG_NLS_UTF8=y -# CONFIG_UNICODE is not set -CONFIG_IO_WQ=y -# end of File systems - -# -# Security options -# -# CONFIG_KEYS is not set -# CONFIG_SECURITY_DMESG_RESTRICT is not set -CONFIG_SECURITYFS=y -CONFIG_PAGE_TABLE_ISOLATION=y -# CONFIG_INTEL_TXT is not set -CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y -CONFIG_HARDENED_USERCOPY_FALLBACK=y -# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set -# CONFIG_FORTIFY_SOURCE is not set -# CONFIG_STATIC_USERMODEHELPER is not set -# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set -CONFIG_DEFAULT_SECURITY_DAC=y -CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf" - -# -# Kernel hardening options -# - -# -# Memory initialization -# -CONFIG_INIT_STACK_NONE=y -# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set -# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set -# end of Memory initialization -# end of Kernel hardening options -# end of Security options - -CONFIG_CRYPTO=y - -# -# Crypto core or helper -# -CONFIG_CRYPTO_ALGAPI=y -CONFIG_CRYPTO_ALGAPI2=y -CONFIG_CRYPTO_AEAD=y -CONFIG_CRYPTO_AEAD2=y -CONFIG_CRYPTO_SKCIPHER=y -CONFIG_CRYPTO_SKCIPHER2=y -CONFIG_CRYPTO_HASH=y -CONFIG_CRYPTO_HASH2=y -CONFIG_CRYPTO_RNG=y -CONFIG_CRYPTO_RNG2=y -CONFIG_CRYPTO_AKCIPHER2=y -CONFIG_CRYPTO_KPP2=y -CONFIG_CRYPTO_ACOMP2=y -CONFIG_CRYPTO_MANAGER=y -CONFIG_CRYPTO_MANAGER2=y CONFIG_CRYPTO_USER=y -CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y -CONFIG_CRYPTO_NULL=y -CONFIG_CRYPTO_NULL2=y -# CONFIG_CRYPTO_PCRYPT is not set -CONFIG_CRYPTO_CRYPTD=y -CONFIG_CRYPTO_AUTHENC=y -# CONFIG_CRYPTO_TEST is not set -CONFIG_CRYPTO_SIMD=y -CONFIG_CRYPTO_GLUE_HELPER_X86=y - -# -# Public-key cryptography -# -# CONFIG_CRYPTO_RSA is not set -# CONFIG_CRYPTO_DH is not set -# CONFIG_CRYPTO_ECDH is not set -# CONFIG_CRYPTO_ECRDSA is not set -# CONFIG_CRYPTO_SM2 is not set -# CONFIG_CRYPTO_CURVE25519 is not set -# CONFIG_CRYPTO_CURVE25519_X86 is not set - -# -# Authenticated Encryption with Associated Data -# -# CONFIG_CRYPTO_CCM is not set -# CONFIG_CRYPTO_GCM is not set -# CONFIG_CRYPTO_CHACHA20POLY1305 is not set -# CONFIG_CRYPTO_AEGIS128 is not set -# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set -# CONFIG_CRYPTO_SEQIV is not set -# CONFIG_CRYPTO_ECHAINIV is not set - -# -# Block modes -# -CONFIG_CRYPTO_CBC=y -# CONFIG_CRYPTO_CFB is not set -# CONFIG_CRYPTO_CTR is not set -# CONFIG_CRYPTO_CTS is not set -CONFIG_CRYPTO_ECB=y -# CONFIG_CRYPTO_LRW is not set -# CONFIG_CRYPTO_OFB is not set -# CONFIG_CRYPTO_PCBC is not set CONFIG_CRYPTO_XTS=y -# CONFIG_CRYPTO_KEYWRAP is not set -# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set -# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set -# CONFIG_CRYPTO_ADIANTUM is not set -CONFIG_CRYPTO_ESSIV=y - -# -# Hash modes -# -# CONFIG_CRYPTO_CMAC is not set CONFIG_CRYPTO_HMAC=y -# CONFIG_CRYPTO_XCBC is not set -# CONFIG_CRYPTO_VMAC is not set - -# -# Digest -# -CONFIG_CRYPTO_CRC32C=y CONFIG_CRYPTO_CRC32C_INTEL=y -# CONFIG_CRYPTO_CRC32 is not set -# CONFIG_CRYPTO_CRC32_PCLMUL is not set -# CONFIG_CRYPTO_XXHASH is not set -# CONFIG_CRYPTO_BLAKE2B is not set -# CONFIG_CRYPTO_BLAKE2S is not set -# CONFIG_CRYPTO_BLAKE2S_X86 is not set -# CONFIG_CRYPTO_CRCT10DIF is not set -# CONFIG_CRYPTO_GHASH is not set -# CONFIG_CRYPTO_POLY1305 is not set -# CONFIG_CRYPTO_POLY1305_X86_64 is not set -# CONFIG_CRYPTO_MD4 is not set -CONFIG_CRYPTO_MD5=y -# CONFIG_CRYPTO_MICHAEL_MIC is not set -# CONFIG_CRYPTO_RMD128 is not set -# CONFIG_CRYPTO_RMD160 is not set -# CONFIG_CRYPTO_RMD256 is not set -# CONFIG_CRYPTO_RMD320 is not set -CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA1_SSSE3=y CONFIG_CRYPTO_SHA256_SSSE3=y CONFIG_CRYPTO_SHA512_SSSE3=y -CONFIG_CRYPTO_SHA256=y -CONFIG_CRYPTO_SHA512=y -# CONFIG_CRYPTO_SHA3 is not set -# CONFIG_CRYPTO_SM3 is not set -# CONFIG_CRYPTO_STREEBOG is not set -# CONFIG_CRYPTO_TGR192 is not set -# CONFIG_CRYPTO_WP512 is not set -# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set - -# -# Ciphers -# -# CONFIG_CRYPTO_AES is not set -# CONFIG_CRYPTO_AES_TI is not set CONFIG_CRYPTO_AES_NI_INTEL=y -# CONFIG_CRYPTO_BLOWFISH is not set -# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA is not set -# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set -# CONFIG_CRYPTO_CAST5 is not set -# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set -# CONFIG_CRYPTO_CAST6 is not set -# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set -# CONFIG_CRYPTO_DES is not set -# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set -# CONFIG_CRYPTO_FCRYPT is not set -# CONFIG_CRYPTO_SALSA20 is not set -# CONFIG_CRYPTO_CHACHA20 is not set -# CONFIG_CRYPTO_CHACHA20_X86_64 is not set -# CONFIG_CRYPTO_SERPENT is not set -# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set -# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set -# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set -# CONFIG_CRYPTO_SM4 is not set -# CONFIG_CRYPTO_TWOFISH is not set -# CONFIG_CRYPTO_TWOFISH_X86_64 is not set -# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set -# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set - -# -# Compression -# -# CONFIG_CRYPTO_DEFLATE is not set -# CONFIG_CRYPTO_LZO is not set -# CONFIG_CRYPTO_842 is not set -# CONFIG_CRYPTO_LZ4 is not set -# CONFIG_CRYPTO_LZ4HC is not set -# CONFIG_CRYPTO_ZSTD is not set - -# -# Random Number Generation -# -# CONFIG_CRYPTO_ANSI_CPRNG is not set -# CONFIG_CRYPTO_DRBG_MENU is not set -# CONFIG_CRYPTO_JITTERENTROPY is not set -CONFIG_CRYPTO_USER_API=y CONFIG_CRYPTO_USER_API_HASH=y CONFIG_CRYPTO_USER_API_SKCIPHER=y CONFIG_CRYPTO_USER_API_RNG=y CONFIG_CRYPTO_USER_API_AEAD=y # CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set -# CONFIG_CRYPTO_STATS is not set -CONFIG_CRYPTO_HASH_INFO=y - -# -# Crypto library routines -# -CONFIG_CRYPTO_LIB_AES=y -# CONFIG_CRYPTO_LIB_BLAKE2S is not set -# CONFIG_CRYPTO_LIB_CHACHA is not set -# CONFIG_CRYPTO_LIB_CURVE25519 is not set -CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 -# CONFIG_CRYPTO_LIB_POLY1305 is not set -# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set -CONFIG_CRYPTO_LIB_SHA256=y # CONFIG_CRYPTO_HW is not set - -# -# Certificates for signature checking -# -# end of Certificates for signature checking - -# -# Library routines -# -# CONFIG_PACKING is not set -CONFIG_BITREVERSE=y -CONFIG_GENERIC_STRNCPY_FROM_USER=y -CONFIG_GENERIC_STRNLEN_USER=y -CONFIG_GENERIC_NET_UTILS=y -CONFIG_GENERIC_FIND_FIRST_BIT=y -# CONFIG_CORDIC is not set -# CONFIG_PRIME_NUMBERS is not set -CONFIG_RATIONAL=y -CONFIG_GENERIC_PCI_IOMAP=y -CONFIG_GENERIC_IOMAP=y -CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y -CONFIG_ARCH_HAS_FAST_MULTIPLIER=y -CONFIG_ARCH_USE_SYM_ANNOTATIONS=y -# CONFIG_CRC_CCITT is not set -CONFIG_CRC16=y -# CONFIG_CRC_T10DIF is not set -# CONFIG_CRC_ITU_T is not set -CONFIG_CRC32=y -# CONFIG_CRC32_SELFTEST is not set -CONFIG_CRC32_SLICEBY8=y -# CONFIG_CRC32_SLICEBY4 is not set -# CONFIG_CRC32_SARWATE is not set -# CONFIG_CRC32_BIT is not set -# CONFIG_CRC64 is not set -# CONFIG_CRC4 is not set -# CONFIG_CRC7 is not set -CONFIG_LIBCRC32C=y -# CONFIG_CRC8 is not set -# CONFIG_RANDOM32_SELFTEST is not set -CONFIG_XZ_DEC=y -CONFIG_XZ_DEC_X86=y # CONFIG_XZ_DEC_POWERPC is not set # CONFIG_XZ_DEC_IA64 is not set # CONFIG_XZ_DEC_ARM is not set # CONFIG_XZ_DEC_ARMTHUMB is not set # CONFIG_XZ_DEC_SPARC is not set -CONFIG_XZ_DEC_BCJ=y -# CONFIG_XZ_DEC_TEST is not set -CONFIG_DECOMPRESS_XZ=y -CONFIG_GENERIC_ALLOCATOR=y -CONFIG_REED_SOLOMON=y -CONFIG_REED_SOLOMON_DEC8=y -CONFIG_INTERVAL_TREE=y -CONFIG_HAS_IOMEM=y -CONFIG_HAS_IOPORT_MAP=y -CONFIG_HAS_DMA=y -CONFIG_DMA_OPS=y -CONFIG_NEED_SG_DMA_LENGTH=y -CONFIG_NEED_DMA_MAP_STATE=y -CONFIG_ARCH_DMA_ADDR_T_64BIT=y -CONFIG_SWIOTLB=y -# CONFIG_DMA_API_DEBUG is not set -CONFIG_SGL_ALLOC=y -CONFIG_CPU_RMAP=y -CONFIG_DQL=y -CONFIG_GLOB=y -# CONFIG_GLOB_SELFTEST is not set -CONFIG_NLATTR=y -# CONFIG_IRQ_POLL is not set -CONFIG_UCS2_STRING=y -CONFIG_HAVE_GENERIC_VDSO=y -CONFIG_GENERIC_GETTIMEOFDAY=y -CONFIG_GENERIC_VDSO_TIME_NS=y -CONFIG_FONT_SUPPORT=y -# CONFIG_FONTS is not set -CONFIG_FONT_8x8=y -CONFIG_FONT_8x16=y -CONFIG_SG_POOL=y -CONFIG_ARCH_HAS_PMEM_API=y -CONFIG_MEMREGION=y -CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y -CONFIG_ARCH_HAS_COPY_MC=y -CONFIG_ARCH_STACKWALK=y -CONFIG_SBITMAP=y -# CONFIG_STRING_SELFTEST is not set -# end of Library routines - -# -# Kernel hacking -# - -# -# printk and dmesg options -# CONFIG_PRINTK_TIME=y -# CONFIG_PRINTK_CALLER is not set -CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 -CONFIG_CONSOLE_LOGLEVEL_QUIET=4 -CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 CONFIG_BOOT_PRINTK_DELAY=y -# CONFIG_DYNAMIC_DEBUG is not set -# CONFIG_DYNAMIC_DEBUG_CORE is not set -CONFIG_SYMBOLIC_ERRNAME=y # CONFIG_DEBUG_BUGVERBOSE is not set -# end of printk and dmesg options - -# -# Compile-time checks and compiler options -# -# CONFIG_DEBUG_INFO is not set # CONFIG_ENABLE_MUST_CHECK is not set CONFIG_FRAME_WARN=1024 -# CONFIG_STRIP_ASM_SYMS is not set -# CONFIG_READABLE_ASM is not set -# CONFIG_HEADERS_INSTALL is not set -# CONFIG_DEBUG_SECTION_MISMATCH is not set -CONFIG_SECTION_MISMATCH_WARN_ONLY=y -# CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_32B is not set -CONFIG_STACK_VALIDATION=y -# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set -# end of Compile-time checks and compiler options - -# -# Generic Kernel Debugging Instruments -# CONFIG_MAGIC_SYSRQ=y -CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1 -CONFIG_MAGIC_SYSRQ_SERIAL=y -CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE="" -# CONFIG_DEBUG_FS is not set -CONFIG_HAVE_ARCH_KGDB=y -# CONFIG_KGDB is not set -CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y -# CONFIG_UBSAN is not set -CONFIG_HAVE_ARCH_KCSAN=y -# end of Generic Kernel Debugging Instruments - -CONFIG_DEBUG_KERNEL=y # CONFIG_DEBUG_MISC is not set - -# -# Memory Debugging -# -# CONFIG_PAGE_EXTENSION is not set -# CONFIG_DEBUG_PAGEALLOC is not set -# CONFIG_PAGE_OWNER is not set -# CONFIG_PAGE_POISONING is not set -# CONFIG_DEBUG_RODATA_TEST is not set -CONFIG_ARCH_HAS_DEBUG_WX=y -# CONFIG_DEBUG_WX is not set -CONFIG_GENERIC_PTDUMP=y -# CONFIG_DEBUG_OBJECTS is not set -# CONFIG_SLUB_STATS is not set -CONFIG_HAVE_DEBUG_KMEMLEAK=y -# CONFIG_DEBUG_KMEMLEAK is not set -# CONFIG_DEBUG_STACK_USAGE is not set -# CONFIG_SCHED_STACK_END_CHECK is not set -CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y -# CONFIG_DEBUG_VM is not set -# CONFIG_DEBUG_VM_PGTABLE is not set -CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y -# CONFIG_DEBUG_VIRTUAL is not set -# CONFIG_DEBUG_MEMORY_INIT is not set -# CONFIG_DEBUG_PER_CPU_MAPS is not set -CONFIG_HAVE_ARCH_KASAN=y -CONFIG_HAVE_ARCH_KASAN_VMALLOC=y -CONFIG_CC_HAS_KASAN_GENERIC=y -CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y -# CONFIG_KASAN is not set -# end of Memory Debugging - -# CONFIG_DEBUG_SHIRQ is not set - -# -# Debug Oops, Lockups and Hangs -# -# CONFIG_PANIC_ON_OOPS is not set -CONFIG_PANIC_ON_OOPS_VALUE=0 -CONFIG_PANIC_TIMEOUT=0 -CONFIG_LOCKUP_DETECTOR=y -CONFIG_SOFTLOCKUP_DETECTOR=y -# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set -CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0 -CONFIG_HARDLOCKUP_DETECTOR_PERF=y -CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y CONFIG_HARDLOCKUP_DETECTOR=y -# CONFIG_BOOTPARAM_HARDLOCKUP_PANIC is not set -CONFIG_BOOTPARAM_HARDLOCKUP_PANIC_VALUE=0 -CONFIG_DETECT_HUNG_TASK=y -CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 -# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set -CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 CONFIG_WQ_WATCHDOG=y -# CONFIG_TEST_LOCKUP is not set -# end of Debug Oops, Lockups and Hangs - -# -# Scheduler Debugging -# # CONFIG_SCHED_DEBUG is not set -# CONFIG_SCHEDSTATS is not set -# end of Scheduler Debugging - -# CONFIG_DEBUG_TIMEKEEPING is not set - -# -# Lock Debugging (spinlocks, mutexes, etc...) -# -CONFIG_LOCK_DEBUGGING_SUPPORT=y -# CONFIG_PROVE_LOCKING is not set -# CONFIG_LOCK_STAT is not set -# CONFIG_DEBUG_RT_MUTEXES is not set -# CONFIG_DEBUG_SPINLOCK is not set -# CONFIG_DEBUG_MUTEXES is not set -# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set -# CONFIG_DEBUG_RWSEMS is not set -# CONFIG_DEBUG_LOCK_ALLOC is not set -# CONFIG_DEBUG_ATOMIC_SLEEP is not set -# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set -# CONFIG_LOCK_TORTURE_TEST is not set -# CONFIG_WW_MUTEX_SELFTEST is not set -# CONFIG_SCF_TORTURE_TEST is not set -# CONFIG_CSD_LOCK_WAIT_DEBUG is not set -# end of Lock Debugging (spinlocks, mutexes, etc...) - -# CONFIG_STACKTRACE is not set -# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set -# CONFIG_DEBUG_KOBJECT is not set - -# -# Debug kernel data structures -# -# CONFIG_DEBUG_LIST is not set -# CONFIG_DEBUG_PLIST is not set -# CONFIG_DEBUG_SG is not set -# CONFIG_DEBUG_NOTIFIERS is not set -# CONFIG_BUG_ON_DATA_CORRUPTION is not set -# end of Debug kernel data structures - -# CONFIG_DEBUG_CREDENTIALS is not set - -# -# RCU Debugging -# -# CONFIG_RCU_SCALE_TEST is not set -# CONFIG_RCU_TORTURE_TEST is not set -# CONFIG_RCU_REF_SCALE_TEST is not set -CONFIG_RCU_CPU_STALL_TIMEOUT=21 # CONFIG_RCU_TRACE is not set -# CONFIG_RCU_EQS_DEBUG is not set -# end of RCU Debugging - -# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set -# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set -# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set -# CONFIG_LATENCYTOP is not set -CONFIG_USER_STACKTRACE_SUPPORT=y -CONFIG_HAVE_FUNCTION_TRACER=y -CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y -CONFIG_HAVE_DYNAMIC_FTRACE=y -CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y -CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y -CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y -CONFIG_HAVE_SYSCALL_TRACEPOINTS=y -CONFIG_HAVE_FENTRY=y -CONFIG_HAVE_C_RECORDMCOUNT=y -CONFIG_TRACING_SUPPORT=y # CONFIG_FTRACE is not set -# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set -# CONFIG_SAMPLES is not set -CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y # CONFIG_STRICT_DEVMEM is not set - -# -# x86 Debugging -# -CONFIG_TRACE_IRQFLAGS_SUPPORT=y -CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y # CONFIG_X86_VERBOSE_BOOTUP is not set -CONFIG_EARLY_PRINTK=y -# CONFIG_EARLY_PRINTK_DBGP is not set -# CONFIG_EARLY_PRINTK_USB_XDBC is not set -# CONFIG_EFI_PGT_DUMP is not set -# CONFIG_DEBUG_TLBFLUSH is not set -CONFIG_HAVE_MMIOTRACE_SUPPORT=y -# CONFIG_X86_DECODER_SELFTEST is not set -# CONFIG_IO_DELAY_0X80 is not set CONFIG_IO_DELAY_0XED=y -# CONFIG_IO_DELAY_UDELAY is not set -# CONFIG_IO_DELAY_NONE is not set -# CONFIG_CPA_DEBUG is not set -# CONFIG_DEBUG_ENTRY is not set -# CONFIG_DEBUG_NMI_SELFTEST is not set # CONFIG_X86_DEBUG_FPU is not set -# CONFIG_PUNIT_ATOM_DEBUG is not set -CONFIG_UNWINDER_ORC=y -# CONFIG_UNWINDER_FRAME_POINTER is not set -# CONFIG_UNWINDER_GUESS is not set -# end of x86 Debugging - -# -# Kernel Testing and Coverage -# -# CONFIG_KUNIT is not set -# CONFIG_NOTIFIER_ERROR_INJECTION is not set -# CONFIG_FAULT_INJECTION is not set -CONFIG_ARCH_HAS_KCOV=y -CONFIG_CC_HAS_SANCOV_TRACE_PC=y -# CONFIG_KCOV is not set # CONFIG_RUNTIME_TESTING_MENU is not set -# CONFIG_MEMTEST is not set -# end of Kernel Testing and Coverage -# end of Kernel hacking diff --git a/config/linux-x230-maximized.config b/config/linux-x230-maximized.config index 2ebbc1781..1b5534089 100644 --- a/config/linux-x230-maximized.config +++ b/config/linux-x230-maximized.config @@ -1,12 +1,14 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.10.5 Kernel Configuration +# Linux/x86 5.10.214 Kernel Configuration # CONFIG_CC_VERSION_TEXT="x86_64-linux-musl-gcc (GCC) 8.3.0" CONFIG_CC_IS_GCC=y CONFIG_GCC_VERSION=80300 CONFIG_LD_VERSION=232000000 CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=23200 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y @@ -188,6 +190,7 @@ CONFIG_MEMBARRIER=y CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y # CONFIG_USERFAULTFD is not set CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +# CONFIG_KCMP is not set # CONFIG_RSEQ is not set CONFIG_EMBEDDED=y CONFIG_HAVE_PERF_EVENTS=y @@ -258,7 +261,6 @@ CONFIG_SMP=y CONFIG_X86_FEATURE_NAMES=y # CONFIG_X86_MPPARSE is not set # CONFIG_GOLDFISH is not set -CONFIG_RETPOLINE=y # CONFIG_X86_CPU_RESCTRL is not set # CONFIG_X86_EXTENDED_PLATFORM is not set # CONFIG_X86_INTEL_LPSS is not set @@ -320,7 +322,6 @@ CONFIG_X86_THERMAL_VECTOR=y # CONFIG_X86_VSYSCALL_EMULATION is not set CONFIG_X86_IOPL_IOPERM=y -# CONFIG_I8K is not set # CONFIG_MICROCODE is not set # CONFIG_X86_MSR is not set # CONFIG_X86_CPUID is not set @@ -369,6 +370,13 @@ CONFIG_LEGACY_VSYSCALL_NONE=y CONFIG_HAVE_LIVEPATCH=y # end of Processor type and features +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +# CONFIG_PAGE_TABLE_ISOLATION is not set +CONFIG_RETPOLINE=y +CONFIG_RETHUNK=y +CONFIG_CPU_IBRS_ENTRY=y +# CONFIG_GDS_FORCE_MITIGATION is not set CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y @@ -560,6 +568,7 @@ CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_ARCH_HAS_FORTIFY_SOURCE=y CONFIG_ARCH_HAS_SET_MEMORY=y CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y CONFIG_HAVE_ASM_MODVERSIONS=y @@ -612,6 +621,7 @@ CONFIG_STRICT_KERNEL_RWX=y CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y CONFIG_STRICT_MODULE_RWX=y CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y +CONFIG_ARCH_USE_MEMREMAP_PROT=y CONFIG_ARCH_HAS_MEM_ENCRYPT=y CONFIG_HAVE_STATIC_CALL=y CONFIG_HAVE_STATIC_CALL_INLINE=y @@ -624,6 +634,10 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y # end of GCOV-based kernel profiling CONFIG_HAVE_GCC_PLUGINS=y +CONFIG_GCC_PLUGINS=y +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set +# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set # end of General architecture-dependent options CONFIG_RT_MUTEXES=y @@ -758,6 +772,7 @@ CONFIG_SYN_COOKIES=y # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set +CONFIG_INET_TABLE_PERTURB_ORDER=16 # CONFIG_INET_DIAG is not set # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y @@ -779,7 +794,6 @@ CONFIG_DEFAULT_TCP_CONG="cubic" CONFIG_HAVE_NET_DSA=y # CONFIG_NET_DSA is not set # CONFIG_VLAN_8021Q is not set -# CONFIG_DECNET is not set # CONFIG_LLC2 is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set @@ -962,7 +976,6 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 # CONFIG_BLK_DEV_DRBD is not set # CONFIG_BLK_DEV_NBD is not set # CONFIG_BLK_DEV_SKD is not set -# CONFIG_BLK_DEV_SX8 is not set CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=65536 @@ -976,6 +989,7 @@ CONFIG_BLK_DEV_RAM_SIZE=65536 # # CONFIG_BLK_DEV_NVME is not set # CONFIG_NVME_FC is not set +# CONFIG_NVME_TCP is not set # end of NVME Support # @@ -1313,7 +1327,6 @@ CONFIG_USB_NET_CDC_SUBSET=m # CONFIG_FUJITSU_ES is not set # CONFIG_NET_FAILOVER is not set # CONFIG_ISDN is not set -# CONFIG_NVM is not set # # Input device support @@ -1497,10 +1510,9 @@ CONFIG_TCG_TIS=y # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TELCLOCK is not set # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -1625,6 +1637,7 @@ CONFIG_POWER_SUPPLY=y # CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_SMB347 is not set # CONFIG_BATTERY_GAUGE_LTC2941 is not set +# CONFIG_BATTERY_RT5033 is not set # CONFIG_CHARGER_BD99954 is not set # CONFIG_HWMON is not set CONFIG_THERMAL=y @@ -1715,7 +1728,6 @@ CONFIG_BCMA_POSSIBLE=y # CONFIG_MFD_SKY81452 is not set # CONFIG_ABX500_CORE is not set CONFIG_MFD_SYSCON=y -# CONFIG_MFD_TI_AM335X_TSCADC is not set # CONFIG_MFD_LP3943 is not set # CONFIG_MFD_LP8788 is not set # CONFIG_MFD_TI_LMU is not set @@ -1846,6 +1858,7 @@ CONFIG_DUMMY_CONSOLE=y CONFIG_DUMMY_CONSOLE_COLUMNS=80 CONFIG_DUMMY_CONSOLE_ROWS=25 CONFIG_FRAMEBUFFER_CONSOLE=y +# CONFIG_FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION is not set CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y # CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set # CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set @@ -2580,7 +2593,6 @@ CONFIG_IO_WQ=y # CONFIG_KEYS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set # CONFIG_SECURITYFS is not set -# CONFIG_PAGE_TABLE_ISOLATION is not set CONFIG_INTEL_TXT=y CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y @@ -2600,6 +2612,10 @@ CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf" # Memory initialization # CONFIG_INIT_STACK_NONE=y +# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set +# CONFIG_GCC_PLUGIN_STACKLEAK is not set # CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set # end of Memory initialization @@ -2776,18 +2792,6 @@ CONFIG_CRYPTO_USER_API_AEAD=y # CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set # CONFIG_CRYPTO_STATS is not set CONFIG_CRYPTO_HASH_INFO=y - -# -# Crypto library routines -# -CONFIG_CRYPTO_LIB_AES=y -# CONFIG_CRYPTO_LIB_BLAKE2S is not set -# CONFIG_CRYPTO_LIB_CHACHA is not set -# CONFIG_CRYPTO_LIB_CURVE25519 is not set -CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 -# CONFIG_CRYPTO_LIB_POLY1305 is not set -# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set -CONFIG_CRYPTO_LIB_SHA256=y # CONFIG_CRYPTO_HW is not set # @@ -2812,6 +2816,21 @@ CONFIG_GENERIC_IOMAP=y CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y CONFIG_ARCH_HAS_FAST_MULTIPLIER=y CONFIG_ARCH_USE_SYM_ANNOTATIONS=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +# CONFIG_CRYPTO_LIB_CHACHA is not set +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +CONFIG_LIB_MEMNEQ=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set diff --git a/modules/linux b/modules/linux index ea08916d9..23ddcec85 100644 --- a/modules/linux +++ b/modules/linux @@ -28,9 +28,9 @@ linux_hash := a6fbd4ee903c128367892c2393ee0d9657b6ed3ea90016d4dc6f1f6da20b2330 # been done. This is because `0000-efi_bds.patch` did not cleanly port # from 5.4.69 to 5.10.5 which directly affects linuxboot systems. # -else ifeq "$(CONFIG_LINUX_VERSION)" "5.10.5" -linux_version := 5.10.5 -linux_hash := 3991a9e16a187d78d5f414d89236ae5d7f404a69e60c4c42a9d262ee19612ef4 +else ifeq "$(CONFIG_LINUX_VERSION)" "5.10.214" +linux_version := 5.10.214 +linux_hash := 40f014d53e81f204f6d2a364aae4201ae07970dd1b70dc602d7c66c1a140f558 else ifeq "$(CONFIG_LINUX_VERSION)" "6.1.8" linux_version := 6.1.8 linux_hash := b60bb53ab8ba370a270454b11e93d41af29126fc72bd6ede517673e2e57b816d From 7bb0676f916de6a2cad750b2751d07314a12ff67 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 7 Apr 2024 16:32:21 -0400 Subject: [PATCH 05/84] /etc/luks-functions: add workaround from cryptsetup call to bypass kernel IO queuing on kernel 5.10.9+ kernels TODO: any positive impact if AIO is added in kernel config for async ops (otherwise direct-io fallback as of now)? Signed-off-by: Thierry Laurion --- initrd/etc/luks-functions | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index fc95776ca..e3f4baec7 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -362,7 +362,11 @@ luks_reencrypt() { echo -e "\nReencrypting "$LUKS" LUKS encrypted drive content with current Recovery Disk Key passphrase..." warn "DO NOT POWER DOWN MACHINE, UNPLUG AC OR REMOVE BATTERY DURING REENCRYPTION PROCESS" cryptsetup reencrypt --resilience=none --force-offline-reencrypt --disable-locks \ + --perf-no_read_workqueue --perf-no_write_workqueue \ "$LUKS" --key-slot 0 --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase + #--perf-no_read_workqueue and/or --perf-no_write_workqueue improve encryption/reencrypton performance on kernel 5.10.9+ + # bypassing dm-crypt queues. + #Ref https://github.com/cloudflare/linux/issues/1#issuecomment-729695518 #Validate past cryptsetup reencrypt attempts if [ $? -ne 0 ]; then From a498be9dc1a312c94e73275d70f8c6922015909d Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 11 Apr 2024 16:27:09 -0400 Subject: [PATCH 06/84] WiP testing with AIO (Async IO) in kernel config and stage luk-functions thought about future changes config/linux-*: Deactivate AIO for new round of tests on clean Q4.2.1 install for perf diff Signed-off-by: Thierry Laurion --- config/linux-talos-2.config | 2 +- initrd/etc/luks-functions | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/config/linux-talos-2.config b/config/linux-talos-2.config index 0aa3ac5b1..cee4cb742 100644 --- a/config/linux-talos-2.config +++ b/config/linux-talos-2.config @@ -162,7 +162,7 @@ CONFIG_SIGNALFD=y CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y -CONFIG_AIO=y +CONFIG_AIO is not set CONFIG_IO_URING=y CONFIG_ADVISE_SYSCALLS=y CONFIG_MEMBARRIER=y diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index e3f4baec7..a6f63d445 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -367,6 +367,24 @@ luks_reencrypt() { #--perf-no_read_workqueue and/or --perf-no_write_workqueue improve encryption/reencrypton performance on kernel 5.10.9+ # bypassing dm-crypt queues. #Ref https://github.com/cloudflare/linux/issues/1#issuecomment-729695518 + # + #TODO: cryptsetup nows use specified --key-slot to test passphrase but moves keyslot to next available keyslot... + # therefore, we cannot take for granted that DRK is under slot 0. + # We could: + # - not rely on keyslot anymore so that all keyslot are tested until DRK matches; + # - Move DUK to slot 8? + # This way + # - luksChangeKey would change passphrase on same slot found + # - reencrypt would rotate keyslot with next keyslot found + # But then what to do with previous DUK. + # We could: + # - If 2+ keyslot, iterate through slot numbers to test passphrase. + # - When passphrase matching keyslot is found, keep trace of it (expected 0, might be 1) + # - If DRK is 1, DUK must be 2 if we have 2 keyslots used + # - We don't touch passphrase matched DRK slot + # - We wipe the others + # - We move DUK keyslot to 8. + # Bad approach? #Validate past cryptsetup reencrypt attempts if [ $? -ne 0 ]; then From cb43f657955a4dbe9c949d3c0b552a0d3dd134b5 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 12 Apr 2024 11:33:26 -0400 Subject: [PATCH 07/84] kexec-seal-key: refactor to first test against passphrase, if good check which slots unlocks against passphrase, and wipe all other slots with user confirmation when not 1/8, then create DUK in slot 8 not 1 Signed-off-by: Thierry Laurion --- initrd/bin/kexec-seal-key | 106 ++++++++++++++++++++------------------ 1 file changed, 56 insertions(+), 50 deletions(-) diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key index 0481ebb2a..82f421e40 100755 --- a/initrd/bin/kexec-seal-key +++ b/initrd/bin/kexec-seal-key @@ -70,59 +70,65 @@ dd \ 2>/dev/null || die "Unable to generate 128 random bytes" -# Count the number of slots used on each device for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do - DEBUG "Checking number of slots used on $dev LUKS header" - #check if the device is a LUKS device with luks[1,2] - # Get the number of key slots used on the LUKS header. - # LUKS1 Format is : - # Slot 0: ENABLED - # Slot 1: ENABLED - # Slot 2: DISABLED - # Slot 3: DISABLED - #... - # Slot 7: DISABLED - # Luks2 only reports on enabled slots. - # luks2 Format is : - # 0: luks2 - # 1: luks2 - # Meaning that the number of slots used is the number of lines returned by a grep on the LUKS2 above format. - # We need to count the number of ENABLED slots for both LUKS1 and LUKS2 - # create regex pattern for both LUKS1 and LUKS2 - regex="Slot [0-9]*: ENABLED" - regex+="\|" - regex+="[0-9]*: luks2" - slots_used=$(cryptsetup luksDump "$dev" | grep -c "$regex" || die "Unable to get number of slots used on $dev") - - DEBUG "Number of slots used on $dev LUKS header: $slots_used" - # If slot1 is the only one used, warn and die with proper messages - if [ "$slots_used" -eq 1 ]; then - # Check if slot 1 is the only one existing - if [ "$(cryptsetup luksDump "$dev" | grep -c "Slot 1: ENABLED")" -eq 1 ] || [ "$(cryptsetup luksDump "$dev" | grep -c "1: luks2")" -eq 1 ]; then - warn "Slot 1 is the only one existing on $dev LUKS header. Heads cannot use it to store TPM sealed LUKS Disk Unlock Key" - warn "Slot 1 should not be the only slot existing on $dev LUKS header. Slot 0 should be used to store LUKS Disk Recovery Key/passphrase" - die "You can safely fix this before continuing through Heads recovery shell: cryptsetup luksAddKey $dev" - fi - else - DEBUG "Slot 1 is not the only existing slot on $dev LUKS header." - DEBUG "$dev LUKS header's slot 1 will store LUKS Disk Unlock Key that TPM will seal/unseal with LUKS TPM Disk Unlock Key passphrase" + DEBUG "Testing $RECOVERY_KEY keyfile created from provided passphrase against $dev" + if ! cryptsetup luksOpen --test-passphrase --key-file "$RECOVERY_KEY" $dev; then + die "$dev: Unable to unlock LUKS device with privided passphrase. Exiting..." fi -done -# Remove all the old keys from slot 1 -for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do - echo "++++++ $dev: Removing old LUKS TPM Disk Unlock Key in LUKS slot 1" - cryptsetup luksKillSlot \ - --key-file "$RECOVERY_KEY" \ - $dev 1 || - warn "$dev: removal of LUKS TPM Disk Unlock Key in LUKS slot 1 failed: might not exist. Continuing" - - echo "++++++ $dev: Adding LUKS TPM Disk Unlock Key to LUKS slot 1" - cryptsetup luksAddKey \ - --key-file "$RECOVERY_KEY" \ - --key-slot 1 \ - $dev "$KEY_FILE" || - die "$dev: Unable to add LUKS TPM Disk Unlock Key to LUKS slot 1" + # We will use the following regex to find the slots that are enabled + regex="Slot ([0-9]+): ENABLED|\b([0-9]+): luks2" + + # good_slot will be the slot number where the passphrase was tested against as valid. We will keep that slot + good_slot=-1 + + # test each possible existing key slot of dev against keyfile $RECOVERY_KEY + for slot in $(cryptsetup luksDump "$dev" | grep -E "$regex" | sed -r 's/Slot ([0-9]+): ENABLED|\b([0-9]+): luks2/\1\2/'); do + if [ "$good_slot" -eq "-1" ]; then + if cryptsetup luksOpen --test-passphrase --key-file "$RECOVERY_KEY" $dev $slot; then + good_slot="$slot" + break; + fi + fi + done + + # if we found a good slot, we wipe all the other slots on current $dev + for slot in $(cryptsetup luksDump "$dev" | grep -E "$regex" | sed -r 's/Slot ([0-9]+): ENABLED|\b([0-9]+): luks2/\1\2/'); do + if [ "$slot" -ne "$good_slot" ]; then + #set wipe_desired to no by default + wipe_desired="no" + + if [ "$slot" -ne "1" ] && [ "$slot" -ne "8" ]; then + # Heads expects key-slot 1 or 8 to be used for TPM DUK setup. Ask user to confirm with big fat warning + read -p "WARNING: LUKS key-slot $slot is not typically used for TPM Disk Unlock Key setup. Are you sure you want to wipe it? [y/N] " -n 1 -r + # If user does not confirm, skip this slot + if [[ ! $REPLY =~ ^[Yy]$ ]]; then + wipe_desired="yes" + fi + else + # If slot is 1 or 8, we wipe it without asking since not DRK's good keyslot + wipe_desired="yes" + fi + + if [ "$wipe_desired" == "yes" ]; then + echo "++++++ $dev: Wiping LUKS key-slot $slot" + cryptsetup luksKillSlot \ + --key-file "$RECOVERY_KEY" \ + $dev $slot || + warn "$dev: removal of LUKS slot $slot failed: Continuing" + fi + fi + done + + # We then add the new key to the luks key slot 8 + for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do + echo "++++++ $dev: Adding LUKS TPM Disk Unlock Key to LUKS key-slot 8" + cryptsetup luksAddKey \ + --key-file "$RECOVERY_KEY" \ + --new-key-slot 8 \ + $dev "$KEY_FILE" > /dev/null 2>&1|| + die "$dev: Unable to add LUKS TPM Disk Unlock Key to LUKS key-slot #8" + done done # Now that we have setup the new keys, measure the PCRs From 6ace11c5d006fcd2af27583973305971da8e03d8 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 12 Apr 2024 13:32:04 -0400 Subject: [PATCH 08/84] luks-functions: remove key-slots being hardcoded for DRK handling since DUK code is now dynamic TODO: multi LUKS volumes (Q4.2.1 non-default BRTFS deployment) not supported still with reencryption. Not a regression, just not yet handled since no OEM known to ship such setup. Signed-off-by: Thierry Laurion --- initrd/etc/luks-functions | 24 +++--------------------- 1 file changed, 3 insertions(+), 21 deletions(-) diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index a6f63d445..d319ce8fc 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -363,29 +363,11 @@ luks_reencrypt() { warn "DO NOT POWER DOWN MACHINE, UNPLUG AC OR REMOVE BATTERY DURING REENCRYPTION PROCESS" cryptsetup reencrypt --resilience=none --force-offline-reencrypt --disable-locks \ --perf-no_read_workqueue --perf-no_write_workqueue \ - "$LUKS" --key-slot 0 --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase + "$LUKS" --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase #--perf-no_read_workqueue and/or --perf-no_write_workqueue improve encryption/reencrypton performance on kernel 5.10.9+ # bypassing dm-crypt queues. #Ref https://github.com/cloudflare/linux/issues/1#issuecomment-729695518 - # - #TODO: cryptsetup nows use specified --key-slot to test passphrase but moves keyslot to next available keyslot... - # therefore, we cannot take for granted that DRK is under slot 0. - # We could: - # - not rely on keyslot anymore so that all keyslot are tested until DRK matches; - # - Move DUK to slot 8? - # This way - # - luksChangeKey would change passphrase on same slot found - # - reencrypt would rotate keyslot with next keyslot found - # But then what to do with previous DUK. - # We could: - # - If 2+ keyslot, iterate through slot numbers to test passphrase. - # - When passphrase matching keyslot is found, keep trace of it (expected 0, might be 1) - # - If DRK is 1, DUK must be 2 if we have 2 keyslots used - # - We don't touch passphrase matched DRK slot - # - We wipe the others - # - We move DUK keyslot to 8. - # Bad approach? - + #Validate past cryptsetup reencrypt attempts if [ $? -ne 0 ]; then whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ @@ -444,7 +426,7 @@ luks_change_passphrase() #output and do cryptsetup luksChangeKey op echo -e "\nChanging "$LUKS" LUKS encrypted disk passphrase to the new LUKS Disk Recovery Key passphrase..." - cryptsetup luksChangeKey "$LUKS" --key-slot 0 --key-file=/tmp/luks_current_Disk_Recovery_Key_passphrase /tmp/luks_new_Disk_Recovery_Key_passphrase + cryptsetup luksChangeKey "$LUKS" --key-file=/tmp/luks_current_Disk_Recovery_Key_passphrase /tmp/luks_new_Disk_Recovery_Key_passphrase #Validate past cryptsetup attempts if [ $? -ne 0 ]; then From cf3bd4b72246a66ab2f4d05c7b80a7b0f9c27a7a Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 12 Apr 2024 13:56:41 -0400 Subject: [PATCH 09/84] ash_functions: move sleep 2 after all usb modules being loaded Otherwise we get ehci-pci and xhci_hcd kernel messages in dmesg debug AFTER "Verifying presence of GPG card" which explains why dongle might not be found in time and fails in oem-factory-reset Fixes https://github.com/Nitrokey/heads/issues/48 Signed-off-by: Thierry Laurion --- initrd/etc/ash_functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions index 8b52ab6a4..9ee01a70d 100644 --- a/initrd/etc/ash_functions +++ b/initrd/etc/ash_functions @@ -324,11 +324,11 @@ enable_usb() insmod /lib/modules/uhci-hcd.ko || die "uhci_hcd: module load failed" insmod /lib/modules/ohci-hcd.ko || die "ohci_hcd: module load failed" insmod /lib/modules/ohci-pci.ko || die "ohci_pci: module load failed" - sleep 2 fi insmod /lib/modules/ehci-pci.ko || die "ehci_pci: module load failed" insmod /lib/modules/xhci-hcd.ko || die "xhci_hcd: module load failed" insmod /lib/modules/xhci-pci.ko || die "xhci_pci: module load failed" + sleep 2 # For resiliency, test CONFIG_USB_KEYBOARD_REQUIRED explicitly rather # than having it imply CONFIG_USER_USB_KEYBOARD at build time. From e4d26ee0295b94191077258a6df722c5a84cc9cf Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 12 Apr 2024 15:59:23 -0400 Subject: [PATCH 10/84] luks-functions: reencrypt requires a key-slot to use keyfile. Add keyslot testing and reuse found keyslot unlocked by passphrase to reencrypt Signed-off-by: Thierry Laurion --- initrd/etc/luks-functions | 41 ++++++++++++++++++++++++++++++++++----- 1 file changed, 36 insertions(+), 5 deletions(-) diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index d319ce8fc..0605bb201 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -307,7 +307,7 @@ test_luks_current_disk_recovery_key_passphrase() #output test coming and do cryptsetup open call echo -e "\nTesting opening "$LUKS" LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase..." - cryptsetup open $LUKS test --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase + cryptsetup luksOpen --test-passphrase $LUKS --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase #Validate past cryptsetup reencrypt attempts if [ $? -ne 0 ]; then @@ -327,9 +327,8 @@ test_luks_current_disk_recovery_key_passphrase() #LuksOpen test was successful. Cleanup should be called only when done #Exporting successfully used passphrase possibly reused by oem-factory-reset echo "Success." - - #We close the volume - cryptsetup close test + + #Exporting successfully used passphrase possibly reused by oem-factory-reset export luks_current_Disk_Recovery_Key_passphrase #We export the LUKS volume the was tested valid with passphrase test @@ -361,12 +360,44 @@ luks_reencrypt() { #Warn and launch actual reencryption echo -e "\nReencrypting "$LUKS" LUKS encrypted drive content with current Recovery Disk Key passphrase..." warn "DO NOT POWER DOWN MACHINE, UNPLUG AC OR REMOVE BATTERY DURING REENCRYPTION PROCESS" - cryptsetup reencrypt --resilience=none --force-offline-reencrypt --disable-locks \ + # fist obtain which luks1/luks2 key-slot can be unlocked with the key-file + DRK_KEYSLOT=-1 + for i in $(seq 0 7); do + cryptsetup luksOpen --test-passphrase $LUKS --key-slot $i --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase > /dev/null 2>&1 + if [ $? -eq 0 ]; then + DRK_KEYSLOT=$i + break + fi + done + + #Validate if a key-slot was found + if [ $DRK_KEYSLOT -eq -1 ]; then + whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ + "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 + shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null + #unsetting luks_current_Disk_Recovery_Key_passphrase so we prompt for it again LUKS Disk Recovery Key passphrase prompt on next round + unset luks_current_Disk_Recovery_Key_passphrase + #remove "known good" selected LUKS container so that next pass asks again user to select LUKS container. + #maybe the container was not the right one + detect_boot_device + mount -o remount,rw /boot + rm -f /boot/kexec_key_devices.txt + mount -o remount,ro /boot + unset LUKS + continue + fi + + #now reencrypt the LUKS container with the same key-slot + cryptsetup reencrypt --key-slot $DRK_KEYSLOT \ --perf-no_read_workqueue --perf-no_write_workqueue \ + --resilience=none --force-offline-reencrypt --disable-locks \ "$LUKS" --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase #--perf-no_read_workqueue and/or --perf-no_write_workqueue improve encryption/reencrypton performance on kernel 5.10.9+ # bypassing dm-crypt queues. #Ref https://github.com/cloudflare/linux/issues/1#issuecomment-729695518 + #--resilience=none disables the resilience feature of cryptsetup, which is enabled by default + #--force-offline-reencrypt forces the reencryption to be done offline (no read/write operations on the device) + #--disable-locks disables the lock feature of cryptsetup, which is enabled by default #Validate past cryptsetup reencrypt attempts if [ $? -ne 0 ]; then From 0bdd58c38236567d0a3cd1cc1ae291cff4d32efd Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 18 Apr 2024 12:21:27 -0400 Subject: [PATCH 11/84] Improve DEBUG and DO_WITH_DEBUG output handling to also keep output of kexec -l when BOARD is in DEBUG+TRACE mode (configuration settings menu + flash) Signed-off-by: Thierry Laurion --- initrd/bin/kexec-boot | 2 +- initrd/bin/kexec-insert-key | 3 ++- initrd/etc/ash_functions | 5 +++-- initrd/etc/functions | 30 ++++++++++++++++++++---------- 4 files changed, 26 insertions(+), 14 deletions(-) diff --git a/initrd/bin/kexec-boot b/initrd/bin/kexec-boot index bb39dbb05..6eede6ea6 100755 --- a/initrd/bin/kexec-boot +++ b/initrd/bin/kexec-boot @@ -151,7 +151,7 @@ if [ "$dryrun" = "y" ]; then exit 0; fi echo "Loading the new kernel:" echo "$kexeccmd" -eval "$kexeccmd" \ +DO_WITH_DEBUG "$kexeccmd" \ || die "Failed to load the new kernel" if [ "$CONFIG_DEBUG_OUTPUT" = "y" ];then diff --git a/initrd/bin/kexec-insert-key b/initrd/bin/kexec-insert-key index f06c54833..29aa852cb 100755 --- a/initrd/bin/kexec-insert-key +++ b/initrd/bin/kexec-insert-key @@ -61,7 +61,8 @@ if [ "$unseal_failed" = "y" ]; then -n 1 \ -p "Do you wish to boot and use the LUKS Disk Recovery Key? [Y/n] " \ confirm_boot - + echo + if [ "$confirm_boot" != 'y' \ -a "$confirm_boot" != 'Y' \ -a -n "$confirm_boot" ] \ diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions index 9ee01a70d..627f93d6a 100644 --- a/initrd/etc/ash_functions +++ b/initrd/etc/ash_functions @@ -23,8 +23,9 @@ warn() { } DEBUG() { - if [ "$CONFIG_DEBUG_OUTPUT" = "y" ];then - echo "DEBUG: $*" | while read line; do + if [ "$CONFIG_DEBUG_OUTPUT" = "y" ]; then + # fold -s -w 960 will wrap lines at 960 characters on the last space before the limit + echo "DEBUG: $*" | fold -s -w 960 | while read line; do echo "$line" | tee -a /tmp/debug.log /dev/kmsg >/dev/null done fi diff --git a/initrd/etc/functions b/initrd/etc/functions index f5df01695..dc4163e95 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -19,18 +19,28 @@ mask_param() { # N=0 is the name of the command to be executed, N=1 is its first parameter, # etc. DO_WITH_DEBUG() { - if [ "$1" == "--mask-position" ]; then - mask_position="$2" + local exit_status + local cmd_output + DEBUG "PATH: $PATH" + local cmd=("$@") + if [[ "$1" == "--mask-position" ]]; then + local mask_position="$2" shift shift - DEBUG_ARGS=("$@") - - DEBUG_ARGS[$mask_position]="$(mask_param "${DEBUG_ARGS[$mask_position]}")" - DEBUG "${DEBUG_ARGS[@]}" - else - DEBUG "$@" + cmd=("$@") + cmd[$mask_position]="$(mask_param "${cmd[$mask_position]}")" + fi + if [[ ${#cmd[@]} -eq 1 ]]; then + # If there's only one argument, try to split it into multiple arguments + read -a cmd <<< "${cmd[0]}" fi - "$@" + DEBUG "Executing command with cmd: ${cmd[*]}" + # Sanitize the command output by removing special characters + cmd_output=$("${cmd[@]}" 2>&1 | sed 's/[&;|`$(){}<>]//g') + exit_status=$? + DEBUG "Command output: $cmd_output" + DEBUG "Command exited with status: $exit_status" + return $exit_status } # Trace the current script and function. @@ -682,7 +692,7 @@ scan_boot_options() { if [ -r $option_file ]; then rm $option_file; fi for i in $(find $bootdir -name "$config"); do - DO_WITH_DEBUG kexec-parse-boot "$bootdir" "$i" >>$option_file + kexec-parse-boot "$bootdir" "$i" >>$option_file done # FC29/30+ may use BLS format grub config files # https://fedoraproject.org/wiki/Changes/BootLoaderSpecByDefault From d46661ab92231413ba3dd550ad0c9c0dd4bed136 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Fri, 19 Apr 2024 09:45:39 -0400 Subject: [PATCH 12/84] functions: Add visibility to DO_WITH_DEBUG without affecting command DO_WITH_DEBUG traces command exit status (if failed), stdout/stderr (if not empty), and PATH (if command was not found). The caller still observes the exit status, and stdout/stderr still go to the caller as well. This way, DO_WITH_DEBUG can be inserted anywhere with minimal spam in the logs and without affecting the script. Signed-off-by: Jonathon Hall --- initrd/etc/functions | 107 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 89 insertions(+), 18 deletions(-) diff --git a/initrd/etc/functions b/initrd/etc/functions index dc4163e95..6224a2b00 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -12,35 +12,106 @@ mask_param() { fi } -# Trace a command with DEBUG, then execute it. +# Pipe input to this to sink it to the debug log, with a name prefix. +# If the input is empty, no output is produced, so actual output is +# readily visible in logs. +# +# For example: +# ls /boot/vmlinux* | SINK_DEBUG "/boot kernels" +SINK_DEBUG() { + local name="$1" + local line haveblank + # If the input doesn't end with a line break, read won't give us the + # last (unterminated) line. Add a line break with echo to ensure we + # don't lose any input. Buffer up to one blank line so we can avoid + # emitting a final (or only) blank line. + (cat; echo) | while IFS= read -r line; do + [[ -n "$haveblank" ]] && DEBUG "$name: " # Emit buffered blank line + if [[ -z "$line" ]]; then + haveblank=y + else + haveblank= + DEBUG "$name: $line" + fi + done +} + +# Trace a command with DEBUG, then execute it. Trace failed exit status, stdout +# and stderr, etc. +# +# DO_WITH_DEBUG is designed so it can be dropped in to most command invocations +# without side effects - it adds visibility without actually affecting the +# execution of the script. Exit statuses, stdout, and stderr are traced, but +# they are still returned/written to the caller. +# # A password parameter can be masked by passing --mask-position N before the # command to execute, the debug trace will just indicate whether the password # was empty or nonempty (which is important when use of a password is optional). # N=0 is the name of the command to be executed, N=1 is its first parameter, # etc. +# +# DO_WITH_DEBUG() can be added in most places where a command is executed to +# add visibility in the debug log. For example: +# +# [DO_WITH_DEBUG] mount "$BLOCK" "$MOUNTPOINT" +# ^-- adding DO_WITH_DEBUG will show the block device, mountpoint, and whether +# the mount fails +# +# [DO_WITH_DEBUG --mask-position 7] tpmr seal "$KEY" "$IDX" "$pcrs" "$pcrf" "$size" "$PASSWORD" +# ^-- trace the resulting invocation, but mask the password in the log +# +# if ! [DO_WITH_DEBUG] umount "$MOUNTPOINT"; then [...] +# ^-- it can be used when the exit status is checked, like the condition of `if` +# +# hotp_token_info="$([DO_WITH_DEBUG] hotp_verification info)" +# ^-- output of hotp_verification info becomes visible in debug log while +# still being captured by script +# +# [DO_WITH_DEBUG] umount "$MOUNTPOINT" &>/dev/null || true +# ^-- if the command's stdout/stderr/failure are ignored, this still works the +# same way with DO_WITH_DEBUG DO_WITH_DEBUG() { - local exit_status + local exit_status=0 local cmd_output - DEBUG "PATH: $PATH" - local cmd=("$@") if [[ "$1" == "--mask-position" ]]; then local mask_position="$2" shift shift - cmd=("$@") - cmd[$mask_position]="$(mask_param "${cmd[$mask_position]}")" - fi - if [[ ${#cmd[@]} -eq 1 ]]; then - # If there's only one argument, try to split it into multiple arguments - read -a cmd <<< "${cmd[0]}" - fi - DEBUG "Executing command with cmd: ${cmd[*]}" - # Sanitize the command output by removing special characters - cmd_output=$("${cmd[@]}" 2>&1 | sed 's/[&;|`$(){}<>]//g') - exit_status=$? - DEBUG "Command output: $cmd_output" - DEBUG "Command exited with status: $exit_status" - return $exit_status + local show_args=("$@") + show_args[$mask_position]="$(mask_param "${show_args[$mask_position]}")" + DEBUG "${show_args[@]}" + else + DEBUG "$@" + fi + + # Execute the command and capture the exit status. Tee stdout/stderr to + # debug sinks, so they're visible but still can be used by the caller + # + # This is tricky when set -e / set -o pipefail may or may not be in + # effect. + # - Putting the command in an `if` ensures set -e won't terminate us, + # and also does not overwrite $? (like `|| true` would). + # - We capture PIPESTATUS[0] whether the command succeeds or fails, + # since we don't know whether the pipeline status will be that of the + # command or 'tee' (depends on set -o pipefail). + if ! "$@" 2> >(tee /dev/stderr | SINK_DEBUG "$1 err") | tee >(SINK_DEBUG "$1 out"); then + exit_status="${PIPESTATUS[0]}" + else + exit_status="${PIPESTATUS[0]}" + fi + if [[ "$exit_status" -ne 0 ]]; then + # Trace unsuccessful exit status, but only at DEBUG because this + # may be expected. Include the command name in case the command + # also invoked a DO_WITH_DEBUG (it could be a script). + DEBUG "$1: exited with status $exit_status" + fi + # If the command was (probably) not found, trace PATH in case it + # prevented the command from being found + if [[ "$exit_status" -eq 127 ]]; then + DEBUG "$1: PATH=$PATH" + fi + + return "$exit_status" } # Trace the current script and function. From dfca1591af8f5520df648d885950bea37d4c3256 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Fri, 19 Apr 2024 13:31:29 -0400 Subject: [PATCH 13/84] functions: DO_WITH_DEBUG: Label stderr/stdout more clearly "$1 err:" looked like an error, but often there's output on stderr that's diagnostic (like kexec -d). "$1 stderr:" is clearer. Signed-off-by: Jonathon Hall --- initrd/etc/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/etc/functions b/initrd/etc/functions index 6224a2b00..e817aea04 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -94,7 +94,7 @@ DO_WITH_DEBUG() { # - We capture PIPESTATUS[0] whether the command succeeds or fails, # since we don't know whether the pipeline status will be that of the # command or 'tee' (depends on set -o pipefail). - if ! "$@" 2> >(tee /dev/stderr | SINK_DEBUG "$1 err") | tee >(SINK_DEBUG "$1 out"); then + if ! "$@" 2> >(tee /dev/stderr | SINK_DEBUG "$1 stderr") | tee >(SINK_DEBUG "$1 stdout"); then exit_status="${PIPESTATUS[0]}" else exit_status="${PIPESTATUS[0]}" From 56bc669077b420c9d6c646479765b5192c45cdc9 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Fri, 19 Apr 2024 13:35:17 -0400 Subject: [PATCH 14/84] kexec-boot, functions: Restore eval and DO_WITH_DEBUG that were deleted `eval "$kexeccmd"` should become `DO_WITH_DEBUG eval "$kexeccmd"` when adding DO_WITH_DEBUG, command invocation is still the same, still needs eval. Restore DO_WITH_DEBUG in front of kexec-parse-boot that had been removed. Signed-off-by: Jonathon Hall --- initrd/bin/kexec-boot | 2 +- initrd/etc/functions | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/initrd/bin/kexec-boot b/initrd/bin/kexec-boot index 6eede6ea6..ccc59a01b 100755 --- a/initrd/bin/kexec-boot +++ b/initrd/bin/kexec-boot @@ -151,7 +151,7 @@ if [ "$dryrun" = "y" ]; then exit 0; fi echo "Loading the new kernel:" echo "$kexeccmd" -DO_WITH_DEBUG "$kexeccmd" \ +DO_WITH_DEBUG eval "$kexeccmd" \ || die "Failed to load the new kernel" if [ "$CONFIG_DEBUG_OUTPUT" = "y" ];then diff --git a/initrd/etc/functions b/initrd/etc/functions index e817aea04..7ad0d794d 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -763,7 +763,7 @@ scan_boot_options() { if [ -r $option_file ]; then rm $option_file; fi for i in $(find $bootdir -name "$config"); do - kexec-parse-boot "$bootdir" "$i" >>$option_file + DO_WITH_DEBUG kexec-parse-boot "$bootdir" "$i" >>$option_file done # FC29/30+ may use BLS format grub config files # https://fedoraproject.org/wiki/Changes/BootLoaderSpecByDefault From ba2ceeaf3c8ac895160ea415b4fe3ed4a5b101e6 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Fri, 19 Apr 2024 14:14:54 -0400 Subject: [PATCH 15/84] kexec-boot: Only capture kexec -d output to log, not console/kmsg LOG() is added to log to the log only (not kmsg, more verbose than TRACE). DO_WITH_DEBUG only captures stdout/stderr to the log with LOG(). kexec-boot silences stderr from kexec, we don't want it on the console. No need to repeat the kexec command when asking in debug to continue boot, it's no longer hidden behind verbose output from kexec. Signed-off-by: Jonathon Hall --- initrd/bin/kexec-boot | 7 +++---- initrd/etc/ash_functions | 5 +++++ initrd/etc/functions | 8 ++++---- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/initrd/bin/kexec-boot b/initrd/bin/kexec-boot index ccc59a01b..144788791 100755 --- a/initrd/bin/kexec-boot +++ b/initrd/bin/kexec-boot @@ -151,13 +151,12 @@ if [ "$dryrun" = "y" ]; then exit 0; fi echo "Loading the new kernel:" echo "$kexeccmd" -DO_WITH_DEBUG eval "$kexeccmd" \ +# DO_WITH_DEBUG captures the debug output from stderr to the log, we don't need +# it on the console as well +DO_WITH_DEBUG eval "$kexeccmd" 2>/dev/null \ || die "Failed to load the new kernel" if [ "$CONFIG_DEBUG_OUTPUT" = "y" ];then - #Repeat kexec command that will be executed since in debug - DEBUG "kexeccmd= $kexeccmd" - #Ask user if they want to continue booting without echoing back the input (-s) read -s -n 1 -p "[DEBUG] Continue booting? [Y/n]: " debug_boot_confirm echo diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions index 627f93d6a..db591a55d 100644 --- a/initrd/etc/ash_functions +++ b/initrd/etc/ash_functions @@ -37,6 +37,11 @@ TRACE() { fi } +# Write directly to the debug log (but not kmsg), never appears on console +LOG() { + echo "LOG: $*" >>/tmp/debug.log +} + preserve_rom() { TRACE "Under /etc/ash_functions:preserve_rom" new_rom="$1" diff --git a/initrd/etc/functions b/initrd/etc/functions index 7ad0d794d..94f77d3e2 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -17,8 +17,8 @@ mask_param() { # readily visible in logs. # # For example: -# ls /boot/vmlinux* | SINK_DEBUG "/boot kernels" -SINK_DEBUG() { +# ls /boot/vmlinux* | SINK_LOG "/boot kernels" +SINK_LOG() { local name="$1" local line haveblank # If the input doesn't end with a line break, read won't give us the @@ -31,7 +31,7 @@ SINK_DEBUG() { haveblank=y else haveblank= - DEBUG "$name: $line" + LOG "$name: $line" fi done } @@ -94,7 +94,7 @@ DO_WITH_DEBUG() { # - We capture PIPESTATUS[0] whether the command succeeds or fails, # since we don't know whether the pipeline status will be that of the # command or 'tee' (depends on set -o pipefail). - if ! "$@" 2> >(tee /dev/stderr | SINK_DEBUG "$1 stderr") | tee >(SINK_DEBUG "$1 stdout"); then + if ! "$@" 2> >(tee /dev/stderr | SINK_LOG "$1 stderr") | tee >(SINK_LOG "$1 stdout"); then exit_status="${PIPESTATUS[0]}" else exit_status="${PIPESTATUS[0]}" From 402acb18a95640599e59881360df2a7faa048806 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Fri, 19 Apr 2024 14:16:41 -0400 Subject: [PATCH 16/84] ash_functions: Log board and version when entering recovery shell Log the board and version when entering the recovery shell. Extract the firmware version logic from init. Currently this is the only way to get the debug log. If we add a way from the GUI, we may want to log the board and version somewhere else too. Signed-off-by: Jonathon Hall --- initrd/etc/ash_functions | 8 ++++++++ initrd/init | 4 +--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions index db591a55d..54b721085 100644 --- a/initrd/etc/ash_functions +++ b/initrd/etc/ash_functions @@ -42,6 +42,12 @@ LOG() { echo "LOG: $*" >>/tmp/debug.log } +fw_version() { + local FW_VER=$(dmesg | grep 'DMI' | grep -o 'BIOS.*' | cut -f2- -d ' ') + # chop off date, since will always be epoch w/timeless builds + echo "${FW_VER::-10}" +} + preserve_rom() { TRACE "Under /etc/ash_functions:preserve_rom" new_rom="$1" @@ -232,6 +238,8 @@ recovery() { touch /tmp/config . /tmp/config + DEBUG "Board $CONFIG_BOARD - version $(fw_version)" + if [ "$CONFIG_TPM" = "y" ]; then DEBUG "Extending TPM PCR 4 for recovery shell access" tpmr extend -ix 4 -ic recovery diff --git a/initrd/init b/initrd/init index 67a179b76..93bd5222f 100755 --- a/initrd/init +++ b/initrd/init @@ -203,9 +203,7 @@ if [ "$CONFIG_BASIC" = "y" ]; then fi # export firmware version -export FW_VER=$(dmesg | grep 'DMI' | grep -o 'BIOS.*' | cut -f2- -d ' ') -# chop off date, since will always be epoch w/timeless builds -FW_VER=${FW_VER::-10} +export FW_VER=$(fw_version) # Add our boot devices into the /etc/fstab, if they are defined # in the configuration file. From ec1134751e95e7dbf5c422b34ade49f687b3fe5c Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 19 Apr 2024 14:30:55 -0400 Subject: [PATCH 17/84] oem-factory-reset + seal-hotpkey: Give debug output to underatand in what state is the USB Security dongle Signed-off-by: Thierry Laurion --- initrd/bin/oem-factory-reset | 2 ++ initrd/bin/seal-hotpkey | 2 ++ 2 files changed, 4 insertions(+) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index ba47bb11d..256406bef 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -496,7 +496,9 @@ gpg_key_factory_reset() { fi # If Nitrokey Storage is inserted, reset AES keys as well if lsusb | grep -q "20a0:4109" && [ -x /bin/hotp_verification ]; then + DEBUG "Nitrokey Storage detected, resetting AES keys..." /bin/hotp_verification regenerate ${ADMIN_PIN_DEF} + DEBUG "Restarting scdaemon to remove possible exclusive lock of dongle" killall -9 scdaemon fi # Toggle forced sig (good security practice, forcing PIN request for each signature request) diff --git a/initrd/bin/seal-hotpkey b/initrd/bin/seal-hotpkey index 77940dcad..a0cb1ddad 100755 --- a/initrd/bin/seal-hotpkey +++ b/initrd/bin/seal-hotpkey @@ -26,6 +26,8 @@ fatal_error() { echo -e "\nERROR: ${1}; press Enter to continue." read + # get lsusb output for debugging + DEBUG "lsusb output: $(lsusb)" die "$1" } From 36071c88d64b7a9f09223cfc1af1c6f767ae905b Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 19 Apr 2024 15:13:38 -0400 Subject: [PATCH 18/84] QEMU/KVM board configs: logical reorganization of requirements for board configs. Next step is creating fbwhiptail/whiptail/tpm1/tpm2 mk files and include them in all boards Signed-off-by: Thierry Laurion --- .../qemu-coreboot-fbwhiptail-tpm1-hotp.config | 74 ++++++++++++------ .../qemu-coreboot-fbwhiptail-tpm1.config | 70 +++++++++++------ .../qemu-coreboot-fbwhiptail-tpm2-hotp.config | 76 ++++++++++++------- .../qemu-coreboot-fbwhiptail-tpm2.config | 74 +++++++++++------- .../qemu-coreboot-whiptail-tpm1-hotp.config | 74 ++++++++++++------ .../qemu-coreboot-whiptail-tpm1.config | 72 ++++++++++++------ .../qemu-coreboot-whiptail-tpm2-hotp.config | 76 ++++++++++++------- .../qemu-coreboot-whiptail-tpm2.config | 72 +++++++++++------- 8 files changed, 374 insertions(+), 214 deletions(-) diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config index 2b821baaf..c8f28e090 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config @@ -8,56 +8,83 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 export CONFIG_LINUX_VERSION=5.10.214 +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y #export CONFIG_BASIC=y +#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing)) +#export CONFIG_HAVE_GPG_KEY_BACKUP=y + #Enable DEBUG output export CONFIG_DEBUG_OUTPUT=y export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config -CONFIG_LINUX_CONFIG=config/linux-qemu.config + +#Modules packed into tools.cpio ifeq "$(CONFIG_UROOT)" "y" CONFIG_BUSYBOX=n else -CONFIG_KEXEC=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y -CONFIG_POPT=y -CONFIG_FLASHTOOLS=y -CONFIG_FLASHROM=y -CONFIG_PCIUTILS=y -CONFIG_UTIL_LINUX=y CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y CONFIG_LVM2=y CONFIG_MBEDTLS=y -CONFIG_DROPBEAR=y +CONFIG_PCIUTILS=y +#Runtime tools to write to EC/MSR +CONFIG_IOTOOLS=y CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +#CONFIG_TPM2_TSS=y +#CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support CONFIG_HOTPKEY=y -export CONFIG_AUTO_BOOT_TIMEOUT=5 - -#Uncomment only one of the following block -#Required for graphical gui-init (FBWhiptail) +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#FBWhiptail based (Graphical): CONFIG_CAIRO=y CONFIG_FBWHIPTAIL=y -# #text-based init (generic-init and gui-init) #CONFIG_NEWT=y #CONFIG_SLANG=y - +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y endif +#Runtime on-demand additional hardware support (modules.cpio) export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y -CONFIG_LINUX_USB=y -CONFIG_LINUX_E1000=y -#Uncomment only one BOOTSCRIPT: -#Whiptail-based init (text-based or FBWhiptail) + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +#export CONFIG_TPM2_TOOLS=y +#export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init -# #text-based original init: #export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_BOOT_REQ_HASH=n @@ -65,9 +92,6 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" - -export CONFIG_TPM=y - export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1-hotp" diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config index be800d950..c242b0103 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config @@ -6,6 +6,9 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 export CONFIG_LINUX_VERSION=5.10.214 +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y #export CONFIG_BASIC=y @@ -16,48 +19,70 @@ export CONFIG_LINUX_VERSION=5.10.214 #Enable DEBUG output export CONFIG_DEBUG_OUTPUT=y export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config -CONFIG_LINUX_CONFIG=config/linux-qemu.config +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y + + +#Modules packed into tools.cpio ifeq "$(CONFIG_UROOT)" "y" CONFIG_BUSYBOX=n else -CONFIG_KEXEC=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y -CONFIG_POPT=y -CONFIG_FLASHTOOLS=y -CONFIG_FLASHROM=y -CONFIG_PCIUTILS=y -CONFIG_UTIL_LINUX=y CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y CONFIG_LVM2=y CONFIG_MBEDTLS=y -CONFIG_DROPBEAR=y +CONFIG_PCIUTILS=y +#Runtime tools to write to EC/MSR +CONFIG_IOTOOLS=y CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +#CONFIG_TPM2_TSS=y +#CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support #CONFIG_HOTPKEY=y - -#Uncomment only one of the following block -#Required for graphical gui-init (FBWhiptail) +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#FBWhiptail based (Graphical): CONFIG_CAIRO=y CONFIG_FBWHIPTAIL=y -# #text-based init (generic-init and gui-init) #CONFIG_NEWT=y #CONFIG_SLANG=y - +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y endif +#Runtime on-demand additional hardware support (modules.cpio) export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y -CONFIG_LINUX_USB=y -CONFIG_LINUX_E1000=y -#Uncomment only one BOOTSCRIPT: -#Whiptail-based init (text-based or FBWhiptail) + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +#export CONFIG_TPM2_TOOLS=y +#export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init -# #text-based original init: #export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_BOOT_REQ_HASH=n @@ -65,9 +90,6 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" - -export CONFIG_TPM=y - export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1" diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config index 112bbd24e..0850ee3b5 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config @@ -7,58 +7,83 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 export CONFIG_LINUX_VERSION=5.10.214 +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y #export CONFIG_BASIC=y +#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing)) +#export CONFIG_HAVE_GPG_KEY_BACKUP=y + #Enable DEBUG output export CONFIG_DEBUG_OUTPUT=y export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y #Enable TPM2 pcap output under /tmp export CONFIG_TPM2_CAPTURE_PCAP=y -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config -CONFIG_LINUX_CONFIG=config/linux-qemu.config +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y + + +#Modules packed into tools.cpio ifeq "$(CONFIG_UROOT)" "y" CONFIG_BUSYBOX=n else -CONFIG_KEXEC=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y -CONFIG_POPT=y -CONFIG_FLASHTOOLS=y -CONFIG_FLASHROM=y -CONFIG_PCIUTILS=y -CONFIG_UTIL_LINUX=y CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y CONFIG_LVM2=y CONFIG_MBEDTLS=y -CONFIG_DROPBEAR=y +CONFIG_PCIUTILS=y +#Runtime tools to write to EC/MSR +CONFIG_IOTOOLS=y CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support CONFIG_HOTPKEY=y -export CONFIG_AUTO_BOOT_TIMEOUT=5 - -#Uncomment only one of the following block -#Required for graphical gui-init (FBWhiptail) +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#FBWhiptail based (Graphical): CONFIG_CAIRO=y CONFIG_FBWHIPTAIL=y -# #text-based init (generic-init and gui-init) #CONFIG_NEWT=y #CONFIG_SLANG=y - +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y endif +#Runtime on-demand additional hardware support (modules.cpio) export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y -CONFIG_LINUX_USB=y -CONFIG_LINUX_E1000=y -#Uncomment only one BOOTSCRIPT: -#Whiptail-based init (text-based or FBWhiptail) + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +export CONFIG_TPM2_TOOLS=y +export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +#export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init -# #text-based original init: #export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_BOOT_REQ_HASH=n @@ -66,13 +91,6 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" - -#TPM2 requirements -export CONFIG_TPM2_TOOLS=y -export CONFIG_PRIMARY_KEY_TYPE=ecc -CONFIG_TPM2_TSS=y -CONFIG_OPENSSL=y - export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2-hotp" diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config index f0a2132bd..a6a7431a0 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config @@ -6,6 +6,9 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 export CONFIG_LINUX_VERSION=5.10.214 +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y #export CONFIG_BASIC=y @@ -19,47 +22,67 @@ export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y #Enable TPM2 pcap output under /tmp export CONFIG_TPM2_CAPTURE_PCAP=y -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config -CONFIG_LINUX_CONFIG=config/linux-qemu.config +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y + + +#Modules packed into tools.cpio ifeq "$(CONFIG_UROOT)" "y" CONFIG_BUSYBOX=n else -CONFIG_KEXEC=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y -CONFIG_POPT=y -CONFIG_FLASHTOOLS=y -CONFIG_FLASHROM=y -CONFIG_PCIUTILS=y -CONFIG_UTIL_LINUX=y CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y CONFIG_LVM2=y CONFIG_MBEDTLS=y -CONFIG_DROPBEAR=y +CONFIG_PCIUTILS=y +#Runtime tools to write to EC/MSR +CONFIG_IOTOOLS=y CONFIG_MSRTOOLS=y -CONFIG_HOTPKEY=n - -#Uncomment only one of the following block -#Required for graphical gui-init (FBWhiptail) +#Remote attestation support +# TPM2 requirements +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +#CONFIG_HOTPKEY=y +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#FBWhiptail based (Graphical): CONFIG_CAIRO=y CONFIG_FBWHIPTAIL=y -# #text-based init (generic-init and gui-init) #CONFIG_NEWT=y #CONFIG_SLANG=y - +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y endif +#Runtime on-demand additional hardware support (modules.cpio) export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y -CONFIG_LINUX_USB=y -CONFIG_LINUX_E1000=y -#Uncomment only one BOOTSCRIPT: -#Whiptail-based init (text-based or FBWhiptail) + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +export CONFIG_TPM2_TOOLS=y +export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +#export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init -# #text-based original init: #export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_BOOT_REQ_HASH=n @@ -67,13 +90,6 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" - -#TPM2 requirements -export CONFIG_TPM2_TOOLS=y -export CONFIG_PRIMARY_KEY_TYPE=ecc -CONFIG_TPM2_TSS=y -CONFIG_OPENSSL=y - export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2" diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config index a2d554f3a..56fbddb88 100644 --- a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config @@ -8,56 +8,83 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 export CONFIG_LINUX_VERSION=5.10.214 +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y #export CONFIG_BASIC=y +#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing)) +#export CONFIG_HAVE_GPG_KEY_BACKUP=y + #Enable DEBUG output export CONFIG_DEBUG_OUTPUT=y export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config -CONFIG_LINUX_CONFIG=config/linux-qemu.config + +#Modules packed into tools.cpio ifeq "$(CONFIG_UROOT)" "y" CONFIG_BUSYBOX=n else -CONFIG_KEXEC=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y -CONFIG_POPT=y -CONFIG_FLASHTOOLS=y -CONFIG_FLASHROM=y -CONFIG_PCIUTILS=y -CONFIG_UTIL_LINUX=y CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y CONFIG_LVM2=y CONFIG_MBEDTLS=y -CONFIG_DROPBEAR=y +CONFIG_PCIUTILS=y +#Runtime tools to write to EC/MSR +CONFIG_IOTOOLS=y CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +#CONFIG_TPM2_TSS=y +#CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support CONFIG_HOTPKEY=y -export CONFIG_AUTO_BOOT_TIMEOUT=5 - -#Uncomment only one of the following block -#Required for graphical gui-init (FBWhiptail) +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#FBWhiptail based (Graphical): #CONFIG_CAIRO=y #CONFIG_FBWHIPTAIL=y -# #text-based init (generic-init and gui-init) CONFIG_NEWT=y CONFIG_SLANG=y - +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y endif +#Runtime on-demand additional hardware support (modules.cpio) export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y -CONFIG_LINUX_USB=y -CONFIG_LINUX_E1000=y -#Uncomment only one BOOTSCRIPT: -#Whiptail-based init (text-based or FBWhiptail) + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +#export CONFIG_TPM2_TOOLS=y +#export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init -# #text-based original init: #export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_BOOT_REQ_HASH=n @@ -65,9 +92,6 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" - -export CONFIG_TPM=y - export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1-hotp" diff --git a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config index 54c82f869..99612f7e8 100644 --- a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config +++ b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config @@ -6,7 +6,10 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 export CONFIG_LINUX_VERSION=5.10.214 -#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing)) +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + +#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y #export CONFIG_BASIC=y @@ -16,48 +19,70 @@ export CONFIG_LINUX_VERSION=5.10.214 #Enable DEBUG output export CONFIG_DEBUG_OUTPUT=y export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1.config -CONFIG_LINUX_CONFIG=config/linux-qemu.config + +#Modules packed into tools.cpio ifeq "$(CONFIG_UROOT)" "y" CONFIG_BUSYBOX=n else -CONFIG_KEXEC=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y -CONFIG_POPT=y -CONFIG_FLASHTOOLS=y -CONFIG_FLASHROM=y -CONFIG_PCIUTILS=y -CONFIG_UTIL_LINUX=y CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y CONFIG_LVM2=y CONFIG_MBEDTLS=y -CONFIG_DROPBEAR=y +CONFIG_PCIUTILS=y +#Runtime tools to write to EC/MSR +CONFIG_IOTOOLS=y CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +#CONFIG_TPM2_TSS=y +#CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support #CONFIG_HOTPKEY=y - -#Uncomment only one of the following block -#Required for graphical gui-init (FBWhiptail) +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#FBWhiptail based (Graphical): #CONFIG_CAIRO=y #CONFIG_FBWHIPTAIL=y -# #text-based init (generic-init and gui-init) CONFIG_NEWT=y CONFIG_SLANG=y - +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y endif +#Runtime on-demand additional hardware support (modules.cpio) export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y -CONFIG_LINUX_USB=y -CONFIG_LINUX_E1000=y -#Uncomment only one BOOTSCRIPT: -#Whiptail-based init (text-based or FBWhiptail) + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +#export CONFIG_TPM2_TOOLS=y +#export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init -# #text-based original init: #export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_BOOT_REQ_HASH=n @@ -65,9 +90,6 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" - -export CONFIG_TPM=y - export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1" diff --git a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config index 1a9f756da..f4e984020 100644 --- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config @@ -7,58 +7,83 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 export CONFIG_LINUX_VERSION=5.10.214 +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y #export CONFIG_BASIC=y +#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing)) +#export CONFIG_HAVE_GPG_KEY_BACKUP=y + #Enable DEBUG output export CONFIG_DEBUG_OUTPUT=y export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y #Enable TPM2 pcap output under /tmp export CONFIG_TPM2_CAPTURE_PCAP=y -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config -CONFIG_LINUX_CONFIG=config/linux-qemu.config +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y + + +#Modules packed into tools.cpio ifeq "$(CONFIG_UROOT)" "y" CONFIG_BUSYBOX=n else -CONFIG_KEXEC=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y -CONFIG_POPT=y -CONFIG_FLASHTOOLS=y -CONFIG_FLASHROM=y -CONFIG_PCIUTILS=y -CONFIG_UTIL_LINUX=y CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y CONFIG_LVM2=y CONFIG_MBEDTLS=y -CONFIG_DROPBEAR=y +CONFIG_PCIUTILS=y +#Runtime tools to write to EC/MSR +CONFIG_IOTOOLS=y CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support CONFIG_HOTPKEY=y -export CONFIG_AUTO_BOOT_TIMEOUT=5 - -#Uncomment only one of the following block -#Required for graphical gui-init (FBWhiptail) +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#FBWhiptail based (Graphical): #CONFIG_CAIRO=y #CONFIG_FBWHIPTAIL=y -# #text-based init (generic-init and gui-init) CONFIG_NEWT=y CONFIG_SLANG=y - +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y endif +#Runtime on-demand additional hardware support (modules.cpio) export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y -CONFIG_LINUX_USB=y -CONFIG_LINUX_E1000=y -#Uncomment only one BOOTSCRIPT: -#Whiptail-based init (text-based or FBWhiptail) + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +export CONFIG_TPM2_TOOLS=y +export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +#export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init -# #text-based original init: #export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_BOOT_REQ_HASH=n @@ -66,13 +91,6 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" - -#TPM2 requirements -export CONFIG_TPM2_TOOLS=y -export CONFIG_PRIMARY_KEY_TYPE=ecc -CONFIG_TPM2_TSS=y -CONFIG_OPENSSL=y - export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2-hotp" diff --git a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config index 5bbdb6b56..148410bc0 100644 --- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config +++ b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config @@ -6,6 +6,9 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.22.01 export CONFIG_LINUX_VERSION=5.10.214 +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + #Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing) #export CONFIG_RESTRICTED_BOOT=y #export CONFIG_BASIC=y @@ -19,47 +22,67 @@ export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y #Enable TPM2 pcap output under /tmp export CONFIG_TPM2_CAPTURE_PCAP=y -CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2.config -CONFIG_LINUX_CONFIG=config/linux-qemu.config +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y +#CONFIG_MOBILE_TETHERING=y + + +#Modules packed into tools.cpio ifeq "$(CONFIG_UROOT)" "y" CONFIG_BUSYBOX=n else -CONFIG_KEXEC=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y -CONFIG_POPT=y -CONFIG_FLASHTOOLS=y -CONFIG_FLASHROM=y -CONFIG_PCIUTILS=y -CONFIG_UTIL_LINUX=y CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y CONFIG_LVM2=y CONFIG_MBEDTLS=y -CONFIG_DROPBEAR=y +CONFIG_PCIUTILS=y +#Runtime tools to write to EC/MSR +CONFIG_IOTOOLS=y CONFIG_MSRTOOLS=y +#Remote attestation support +# TPM2 requirements +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support #CONFIG_HOTPKEY=y - -#Uncomment only one of the following block -#Required for graphical gui-init (FBWhiptail) +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#FBWhiptail based (Graphical): #CONFIG_CAIRO=y #CONFIG_FBWHIPTAIL=y -# #text-based init (generic-init and gui-init) CONFIG_NEWT=y CONFIG_SLANG=y - +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y endif +#Runtime on-demand additional hardware support (modules.cpio) export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y -CONFIG_LINUX_USB=y -CONFIG_LINUX_E1000=y -#Uncomment only one BOOTSCRIPT: -#Whiptail-based init (text-based or FBWhiptail) + +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements +export CONFIG_TPM2_TOOLS=y +export CONFIG_PRIMARY_KEY_TYPE=ecc +#TPM1 requirements +#export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init -# #text-based original init: #export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_BOOT_REQ_HASH=n @@ -67,13 +90,6 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" - -#TPM2 requirements -export CONFIG_TPM2_TOOLS=y -export CONFIG_PRIMARY_KEY_TYPE=ecc -CONFIG_TPM2_TSS=y -CONFIG_OPENSSL=y - export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2" From cdeab8238ca187cebabce469e0552b41dd917697 Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Sun, 21 Apr 2024 18:31:43 +0200 Subject: [PATCH 19/84] UX improvements PIN questions Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 256406bef..e76d820e3 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -988,11 +988,11 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then luks_new_Disk_Recovery_Key_passphrase=${CUSTOM_SINGLE_PASS} fi else - echo -e -n "Would you like to set distinct PINs/passwords to configure previously stated security components? [y/N]: " + echo -e -n "Would you like to set distinct PINs/passwords to configure previously stated security components? [Y/n]: " read -n 1 prompt_output echo - if [ "$prompt_output" == "y" \ - -o "$prompt_output" == "Y" ]; then + if [ "$prompt_output" != "n" \ + -a "$prompt_output" != "N" ]; then echo -e "\nThey must be each at least 8 characters in length.\n" echo if [ "$CONFIG_TPM" = "y" ]; then @@ -1010,7 +1010,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then # That is, if keys were NOT generated in memory (on smartcard only) or # if keys were generated in memory but are to be moved from local keyring to smartcard if [ "$GPG_GEN_KEY_IN_MEMORY" = "n" -o "$GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD" = "y" ]; then - while [[ ${#USER_PIN} -lt 8 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do + while [[ ${#USER_PIN} -lt 6 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG User PIN: " read USER_PIN From 50340bc0d337256f325377c607e38ee651f53e7b Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Sun, 21 Apr 2024 18:42:52 +0200 Subject: [PATCH 20/84] fix small incongruency with previous commit Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index e76d820e3..ce8c25589 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -1011,7 +1011,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then # if keys were generated in memory but are to be moved from local keyring to smartcard if [ "$GPG_GEN_KEY_IN_MEMORY" = "n" -o "$GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD" = "y" ]; then while [[ ${#USER_PIN} -lt 6 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do - echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" + echo -e -n "\nThis PIN should be between 6 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG User PIN: " read USER_PIN done From 06b6b5f34dc17bb558dc430bf4d6b99c2a0e5f0e Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Sun, 21 Apr 2024 19:00:29 +0200 Subject: [PATCH 21/84] fix another small incongruency with previous commit Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index ce8c25589..90594f03c 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -993,7 +993,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then echo if [ "$prompt_output" != "n" \ -a "$prompt_output" != "N" ]; then - echo -e "\nThey must be each at least 8 characters in length.\n" + echo -e "\nThe TPM Owner Password and Admin PIN must be at least 8, the User PIN at least 6 characters in length.\n" echo if [ "$CONFIG_TPM" = "y" ]; then while [[ ${#TPM_PASS} -lt 8 ]]; do From 216fce94b0c4c4f82ae230e68ad3ac3f61bb9152 Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Mon, 22 Apr 2024 22:50:34 +0200 Subject: [PATCH 22/84] Revert "fix another small incongruency with previous commit" This reverts commit cc70e772f8a0dcdb319d4d06e27af227a5cae51e. Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 90594f03c..ce8c25589 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -993,7 +993,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then echo if [ "$prompt_output" != "n" \ -a "$prompt_output" != "N" ]; then - echo -e "\nThe TPM Owner Password and Admin PIN must be at least 8, the User PIN at least 6 characters in length.\n" + echo -e "\nThey must be each at least 8 characters in length.\n" echo if [ "$CONFIG_TPM" = "y" ]; then while [[ ${#TPM_PASS} -lt 8 ]]; do From f0f927a8ef55b1be4156194f589a9314b2db9071 Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Mon, 22 Apr 2024 22:51:17 +0200 Subject: [PATCH 23/84] Revert "fix small incongruency with previous commit" This reverts commit be65c4be5b5fbeca9cdb97268135507252efe171. Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index ce8c25589..e76d820e3 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -1011,7 +1011,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then # if keys were generated in memory but are to be moved from local keyring to smartcard if [ "$GPG_GEN_KEY_IN_MEMORY" = "n" -o "$GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD" = "y" ]; then while [[ ${#USER_PIN} -lt 6 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do - echo -e -n "\nThis PIN should be between 6 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" + echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG User PIN: " read USER_PIN done From 877d640ef8d6ce5ef1e9a096630b46bb07386524 Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Mon, 22 Apr 2024 22:51:25 +0200 Subject: [PATCH 24/84] Revert "UX improvements PIN questions" This reverts commit ba20d98bdd8c39ad506ef4a2a3e1f51bc84db9f8. Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index e76d820e3..256406bef 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -988,11 +988,11 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then luks_new_Disk_Recovery_Key_passphrase=${CUSTOM_SINGLE_PASS} fi else - echo -e -n "Would you like to set distinct PINs/passwords to configure previously stated security components? [Y/n]: " + echo -e -n "Would you like to set distinct PINs/passwords to configure previously stated security components? [y/N]: " read -n 1 prompt_output echo - if [ "$prompt_output" != "n" \ - -a "$prompt_output" != "N" ]; then + if [ "$prompt_output" == "y" \ + -o "$prompt_output" == "Y" ]; then echo -e "\nThey must be each at least 8 characters in length.\n" echo if [ "$CONFIG_TPM" = "y" ]; then @@ -1010,7 +1010,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then # That is, if keys were NOT generated in memory (on smartcard only) or # if keys were generated in memory but are to be moved from local keyring to smartcard if [ "$GPG_GEN_KEY_IN_MEMORY" = "n" -o "$GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD" = "y" ]; then - while [[ ${#USER_PIN} -lt 6 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do + while [[ ${#USER_PIN} -lt 8 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG User PIN: " read USER_PIN From f4ff137abd19d6654b0a264654b2e29341508bb2 Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Mon, 22 Apr 2024 22:56:13 +0200 Subject: [PATCH 25/84] only change user PIN minimum requirement to 6 Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 256406bef..87a0ca65e 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -993,7 +993,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then echo if [ "$prompt_output" == "y" \ -o "$prompt_output" == "Y" ]; then - echo -e "\nThey must be each at least 8 characters in length.\n" + echo -e "\nThe TPM Owner Password and Admin PIN must be at least 8, the User PIN at least 6 characters in length.\n" echo if [ "$CONFIG_TPM" = "y" ]; then while [[ ${#TPM_PASS} -lt 8 ]]; do @@ -1001,8 +1001,8 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then read TPM_PASS done fi - while [[ ${#ADMIN_PIN} -lt 8 ]] || [[ ${#ADMIN_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do - echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" + while [[ ${#ADMIN_PIN} -lt 6 ]] || [[ ${#ADMIN_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do + echo -e -n "\nThis PIN should be between 6 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG Admin PIN: " read ADMIN_PIN done From f9cbbdbfed5b3071d43049d5d2a92effcc4a9060 Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Tue, 23 Apr 2024 01:10:53 +0200 Subject: [PATCH 26/84] change correct PIN minimum Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 87a0ca65e..5eddc0b88 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -1001,8 +1001,8 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then read TPM_PASS done fi - while [[ ${#ADMIN_PIN} -lt 6 ]] || [[ ${#ADMIN_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do - echo -e -n "\nThis PIN should be between 6 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" + while [[ ${#ADMIN_PIN} -lt 8 ]] || [[ ${#ADMIN_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do + echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG Admin PIN: " read ADMIN_PIN done @@ -1010,8 +1010,8 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then # That is, if keys were NOT generated in memory (on smartcard only) or # if keys were generated in memory but are to be moved from local keyring to smartcard if [ "$GPG_GEN_KEY_IN_MEMORY" = "n" -o "$GPG_GEN_KEY_IN_MEMORY_COPY_TO_SMARTCARD" = "y" ]; then - while [[ ${#USER_PIN} -lt 8 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do - echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" + while [[ ${#USER_PIN} -lt 6 ]] || [[ ${#USER_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do + echo -e -n "\nThis PIN should be between 6 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG User PIN: " read USER_PIN done From 91ee4eb1fa36538fe166acaa83cbf5547a6e69c5 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 22 Apr 2024 17:24:21 -0400 Subject: [PATCH 27/84] Fix HOTP verification logic (and counter increment) in gui-init and oem-factory-reset scripts Signed-off-by: Thierry Laurion --- initrd/bin/gui-init | 3 ++- initrd/bin/oem-factory-reset | 16 ++++++++++--- initrd/bin/unseal-hotp | 46 ++++++++++++++++++------------------ 3 files changed, 38 insertions(+), 27 deletions(-) diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index cd69e87c6..dfd412f2d 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -250,8 +250,8 @@ update_totp() update_hotp() { TRACE_FUNC + HOTP="Unverified" if [ -x /bin/hotp_verification ]; then - HOTP=`unseal-hotp` if ! hotp_verification info ; then if [ "$skip_to_menu" = "true" ]; then return 1 # Already asked to skip to menu from a prior error @@ -265,6 +265,7 @@ update_hotp() return fi fi + HOTP=`unseal-hotp` # Don't output HOTP codes to screen, so as to make replay attacks harder hotp_verification check "$HOTP" case "$?" in diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 5eddc0b88..05ef89523 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -783,12 +783,22 @@ report_integrity_measurements() { # Check and report on HOTP status if [ -x /bin/hotp_verification ]; then - HOTP=$(unseal-hotp) >/dev/null 2>&1 + HOTP="Unverified" enable_usb - if ! hotp_verification info >/dev/null 2>&1; then - whiptail $CONFIG_WARNING_BG_COLOR --title 'WARNING: Please insert your HOTP enabled USB Security Dongle' --msgbox "Your HOTP enabled USB Security Dongle was not detected.\n\nPlease remove it and insert it again." 0 80 + for attempt in 1 2 3; do + if ! hotp_verification info >/dev/null 2>&1; then + whiptail $CONFIG_WARNING_BG_COLOR --title "WARNING: Please insert your HOTP enabled USB Security Dongle (Attempt $attempt/3)" --msgbox "Your HOTP enabled USB Security Dongle was not detected.\n\nPlease remove it and insert it again." 0 80 + else + break + fi + done + + if [ $attempt -eq 3 ]; then + die "No HOTP enabled USB Security Dongle detected. Please disable 'CONFIG_HOTPKEY' in the board config and rebuild." fi + # Don't output HOTP codes to screen, so as to make replay attacks harder + HOTP=$(unseal-hotp) >/dev/null 2>&1 hotp_verification check $HOTP case "$?" in 0) diff --git a/initrd/bin/unseal-hotp b/initrd/bin/unseal-hotp index 031c6d278..8565ac612 100755 --- a/initrd/bin/unseal-hotp +++ b/initrd/bin/unseal-hotp @@ -6,13 +6,12 @@ HOTP_SECRET="/tmp/secret/hotp.key" HOTP_COUNTER="/boot/kexec_hotp_counter" -mount_boot_or_die() -{ +mount_boot_or_die() { TRACE_FUNC # Mount local disk if it is not already mounted - if ! grep -q /boot /proc/mounts ; then - mount -o ro /boot \ - || die "Unable to mount /boot" + if ! grep -q /boot /proc/mounts; then + mount -o ro /boot || + die "Unable to mount /boot" fi } @@ -38,34 +37,35 @@ fi #counter_value=$(printf "%d" 0x${counter_value}) if [ "$CONFIG_TPM" = "y" ]; then - DEBUG "Unsealing HOTP secret reuses TOTP sealed secret..." - tpmr unseal 4d47 0,1,2,3,4,7 312 "$HOTP_SECRET" || die "Unable to unseal HOTP secret" + DEBUG "Unsealing HOTP secret reuses TOTP sealed secret..." + tpmr unseal 4d47 0,1,2,3,4,7 312 "$HOTP_SECRET" || die "Unable to unseal HOTP secret" else - # without a TPM, generate a secret based on the SHA-256 of the ROM - secret_from_rom_hash > "$HOTP_SECRET" || die "Reading ROM failed" + # without a TPM, generate a secret based on the SHA-256 of the ROM + secret_from_rom_hash >"$HOTP_SECRET" || die "Reading ROM failed" fi # Truncate the secret if it is longer than the maximum HOTP secret truncate_max_bytes 20 "$HOTP_SECRET" -if ! hotp $counter_value < "$HOTP_SECRET"; then - shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null - die 'Unable to compute HOTP hash?' +if ! hotp $counter_value <"$HOTP_SECRET"; then + shred -n 10 -z -u "$HOTP_SECRET" 2>/dev/null + die 'Unable to compute HOTP hash?' fi -shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null - -#increment_tpm_counter $counter > /dev/null \ -#|| die "Unable to increment tpm counter" +shred -n 10 -z -u "$HOTP_SECRET" 2>/dev/null +#Incrementing counter under $HOTP_COUNTER +# +# If for whatever reason, this counter is 5 counts different then on HOTP USB Security dongle, HOTP unseal fails. +#Note: HOTP_COUNTER="/boot/kexec_hotp_counter" is not detached signed under kexec.sig since it changes +# +# TODO: figure out a better alternative then a counter that can be modified on disk +# As of now, this counter isincreased only in the validated presence of the HOTP dongle being connected per callers mount -o remount,rw /boot - -counter_value=`expr $counter_value + 1` -echo $counter_value > $HOTP_COUNTER \ -|| die "Unable to create hotp counter file" - -#sha256sum /tmp/counter-$counter > $HOTP_COUNTER \ -#|| die "Unable to create hotp counter file" +DEBUG "Incrementing HOTP counter under $HOTP_COUNTER" +counter_value=$(expr $counter_value + 1) +echo $counter_value >$HOTP_COUNTER || + die "Unable to create hotp counter file" mount -o remount,ro /boot exit 0 From f683a1993abebf6d51ca3d47cf8915425712b58a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Kope=C4=87?= Date: Wed, 24 Apr 2024 10:53:13 +0200 Subject: [PATCH 28/84] config/coreboot-nitropad-*.config: disable power on AC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The coreboot power failure state Kconfig options are wired up to the Power on AC feature on Clevo mainboards. Set the power failure state to 0 to prevent these boards from powering on or waking up with AC attach. Signed-off-by: Michał Kopeć --- config/coreboot-nitropad-ns50.config | 6 +++--- config/coreboot-nitropad-nv41.config | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/config/coreboot-nitropad-ns50.config b/config/coreboot-nitropad-ns50.config index 19c43d6d8..867ee36c6 100644 --- a/config/coreboot-nitropad-ns50.config +++ b/config/coreboot-nitropad-ns50.config @@ -200,10 +200,10 @@ CONFIG_COREBOOT_ROMSIZE_KB=32768 CONFIG_ROM_SIZE=0x02000000 CONFIG_HAVE_POWER_STATE_AFTER_FAILURE=y CONFIG_HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE=y -# CONFIG_POWER_STATE_OFF_AFTER_FAILURE is not set -CONFIG_POWER_STATE_ON_AFTER_FAILURE=y +CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y +#CONFIG_POWER_STATE_ON_AFTER_FAILURE is not set # CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set -CONFIG_MAINBOARD_POWER_FAILURE_STATE=1 +CONFIG_MAINBOARD_POWER_FAILURE_STATE=0 # end of Mainboard CONFIG_SYSTEM_TYPE_LAPTOP=y diff --git a/config/coreboot-nitropad-nv41.config b/config/coreboot-nitropad-nv41.config index 631e61766..1e819f3a6 100644 --- a/config/coreboot-nitropad-nv41.config +++ b/config/coreboot-nitropad-nv41.config @@ -200,10 +200,10 @@ CONFIG_COREBOOT_ROMSIZE_KB=32768 CONFIG_ROM_SIZE=0x02000000 CONFIG_HAVE_POWER_STATE_AFTER_FAILURE=y CONFIG_HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE=y -# CONFIG_POWER_STATE_OFF_AFTER_FAILURE is not set -CONFIG_POWER_STATE_ON_AFTER_FAILURE=y +CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y +#CONFIG_POWER_STATE_ON_AFTER_FAILURE is not set # CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set -CONFIG_MAINBOARD_POWER_FAILURE_STATE=1 +CONFIG_MAINBOARD_POWER_FAILURE_STATE=0 # end of Mainboard CONFIG_SYSTEM_TYPE_LAPTOP=y From d8323f6aea7030ccd3d64efa8e51a29a53bf08e8 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 2 Apr 2024 17:06:12 -0400 Subject: [PATCH 29/84] Makefile: add real.gitclean target which calls 'git clean -fxd' Ease cleaning up everything. IMOH better then real.clean target Signed-off-by: Thierry Laurion --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index a64d4b09f..4f113d9c9 100644 --- a/Makefile +++ b/Makefile @@ -793,3 +793,5 @@ real.clean: fi; \ done cd install && rm -rf -- * +real.gitclean: + git clean -fxd From 8a7257ddac453640d64aad68d9f1cfb8c939fae7 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 26 Mar 2024 14:20:48 -0400 Subject: [PATCH 30/84] LUKS header change validation at both sealing and unsealing of TPM Disk Unlock Key. Fixes linuxboot#1092. Supersedes linuxboot#1093 - Cherry-picks ed1c23a (credit to @hardened-vault) thank you!) - Addresses and correct self-review under linuxboot#1093 (@hardened-vault: you don't answer often here!) - kexec-unseal-key: Warn a user who attempts to default boot while his Disk Unlock Key passphrase fails to unseal because LUKS headers changed. (linuxboot#1093 (comment)) - kexec-seal-key: Identical as in ed1c23a - kexec-add-key: Tell the user that the Headers did not change when changing TPM released Disk Unlock Key (Through changing default boot at Options->Boot Options -> Show OS boot options: select a new boot option and set a Disk Unlock Key in TPM, accept to modify disk and sign /boot options) - Here, we cancel the diff output shown on screen linuxboot#1093 (comment) - And we change the warning given to the user to past tense "Headers of LUKS containers to be unlocked via TPM Disk Unlock Key passphrase did not change." Signed-off-by: Thierry Laurion --- initrd/bin/kexec-insert-key | 3 +++ initrd/bin/kexec-unseal-key | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/initrd/bin/kexec-insert-key b/initrd/bin/kexec-insert-key index 29aa852cb..08f40eb18 100755 --- a/initrd/bin/kexec-insert-key +++ b/initrd/bin/kexec-insert-key @@ -57,6 +57,9 @@ tpmr extend -ix 4 -ic generic || # Check to continue if [ "$unseal_failed" = "y" ]; then confirm_boot="n" + if diff "$(dirname $INITRD)/kexec_lukshdr_hash.txt" /tmp/luksDump.txt > /dev/null 2>&1; then + echo "Headers of LUKS containers to be unlocked via TPM Disk Unlock Key passphrase did not change." + fi read \ -n 1 \ -p "Do you wish to boot and use the LUKS Disk Recovery Key? [Y/n] " \ diff --git a/initrd/bin/kexec-unseal-key b/initrd/bin/kexec-unseal-key index 3f18c4358..6f5cbd9f2 100755 --- a/initrd/bin/kexec-unseal-key +++ b/initrd/bin/kexec-unseal-key @@ -40,6 +40,14 @@ for tries in 1 2 3; do DEBUG $(pcrs) warn "Unable to unseal disk encryption key" + if [ -e /boot/kexec_lukshdr_hash.txt -a -e /tmp/luksDump.txt ]; then + if ! diff /boot/kexec_lukshdr_hash.txt /tmp/luksDump.txt > /dev/null 2>&1; then + warn "Encrypted LUKS(es) container(s) headers changed since they were measured and sealed in TPM for Disk Unlock key. You might want to investigate." + fi + else + warn "No encrypted LUKS container(s) headers were found/comparable under /boot/kexec_lukshdr_hash.txt" + warn "You might need to setup a new boot default and Disk Unlock Key from Options->Boot Options->Show OS boot menu." + fi done die "Retry count exceeded..." From 28ceac9120c7b18df0951eff53d5d8e7f5dfe62f Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Wed, 27 Mar 2024 10:04:10 -0400 Subject: [PATCH 31/84] Change disk encryption -> LUKS Disk Key and other relative/relative verbiage, remove irrelevant DEBUG trace under kexec-unseal-key TODO: - $(pcrs) call sometimes fail in DEBUG call, outputting too many chars to be inserted in kmesg. Call removed here since redundant (PCR6 already extended with LUKS header) - Notes added for TPM2 simplification over TPM1 in code as TODO Signed-off-by: Thierry Laurion --- FAQ.md | 4 ++-- initrd/bin/kexec-insert-key | 14 +++++++------- initrd/bin/kexec-save-default | 2 +- initrd/bin/kexec-select-boot | 4 +++- initrd/bin/kexec-unseal-key | 13 ++++++------- initrd/bin/oem-factory-reset | 2 +- initrd/init | 2 +- 7 files changed, 21 insertions(+), 20 deletions(-) diff --git a/FAQ.md b/FAQ.md index e3909b1d6..1e2c1c609 100644 --- a/FAQ.md +++ b/FAQ.md @@ -112,8 +112,8 @@ your disk password, which is perhaps an improvement. Disk key in TPM (LUKS TPM Disk Unlock Key) or user passphrase? --- -Depends on your threat model. With the disk key in the TPM an attacker -would need to have the entire machine (or a backdoor in the TPM) +Depends on your threat model. With the Disk Unlock Key in the TPM an +attacker would need to have the entire machine (or a backdoor in the TPM) to get the key and their attempts to unlock it can be rate limited by the TPM hardware. diff --git a/initrd/bin/kexec-insert-key b/initrd/bin/kexec-insert-key index 08f40eb18..f6ae33c6a 100755 --- a/initrd/bin/kexec-insert-key +++ b/initrd/bin/kexec-insert-key @@ -1,5 +1,5 @@ #!/bin/bash -# Unseal a disk key from TPM and add to a new initramfs +# Unseal a LUKS Disk Unlock Key from TPM and add to a new initramfs set -e -o pipefail . /etc/functions @@ -28,7 +28,7 @@ if [ -r "$TMP_KEY_LVM" ]; then die "$VOLUME_GROUP: unable to activate volume group" fi -# Measure the LUKS headers before we unseal the disk key +# Measure the LUKS headers before we unseal the LUKS Disk Unlock Key from TPM cat "$TMP_KEY_DEVICES" | cut -d\ -f1 | xargs /bin/qubes-measure-luks || die "LUKS measure failed" @@ -40,13 +40,13 @@ SECRET_CPIO=/tmp/secret/initrd.cpio bootdir=$(dirname "$INITRD") mkdir -p "$INITRD_DIR/etc" -# Attempt to unseal the disk key from the TPM +# Attempt to unseal the Disk Unlok Key from the TPM # should we give this some number of tries? unseal_failed="n" if ! kexec-unseal-key "$INITRD_DIR/secret.key"; then unseal_failed="y" echo - echo "!!! Failed to unseal the TPM LUKS disk key" + echo "!!! Failed to unseal the TPM LUKS Disk Unlock Key" fi # Override PCR 4 so that user can't read the key @@ -57,8 +57,8 @@ tpmr extend -ix 4 -ic generic || # Check to continue if [ "$unseal_failed" = "y" ]; then confirm_boot="n" - if diff "$(dirname $INITRD)/kexec_lukshdr_hash.txt" /tmp/luksDump.txt > /dev/null 2>&1; then - echo "Headers of LUKS containers to be unlocked via TPM Disk Unlock Key passphrase did not change." + if cmp -s "$bootdir/kexec_lukshdr_hash.txt" /tmp/luksDump.txt > /dev/null 2>&1; then + echo "Encrypted disk keys(s) have not been changed since sealed in TPM Disk Unlock Key" fi read \ -n 1 \ @@ -70,7 +70,7 @@ if [ "$unseal_failed" = "y" ]; then -a "$confirm_boot" != 'Y' \ -a -n "$confirm_boot" ] \ ; then - die "!!! Aborting boot due to failure to unseal TPM disk key" + die "!!! Aborting boot due to failure to unseal TPM Disk Unlock Key" fi fi diff --git a/initrd/bin/kexec-save-default b/initrd/bin/kexec-save-default index 1e5fcd810..c7a4f04fa 100755 --- a/initrd/bin/kexec-save-default +++ b/initrd/bin/kexec-save-default @@ -195,7 +195,7 @@ if [ "$CONFIG_TPM" = "y" ] && [ "$CONFIG_TPM_NO_LUKS_DISK_UNLOCK" != "y" ] && [ DEBUG "LUKS TPM Disk Unlock Key was previously set up from $KEY_DEVICES" read \ -n 1 \ - -p "Do you want to reseal a disk key to the TPM [y/N]: " \ + -p "Do you want to reseal a Disk Unlock Key in the TPM [y/N]: " \ change_key_confirm echo diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot index 4161af4ae..54ce4064b 100755 --- a/initrd/bin/kexec-select-boot +++ b/initrd/bin/kexec-select-boot @@ -70,6 +70,8 @@ if [ "$CONFIG_TPM2_TOOLS" = "y" ]; then else warn "Hash of TPM2 primary key handle does not exist" warn "Please rebuild the boot hash tree" + warn "Select Options-> Update checksums and sign all files in /boot" + #TODO: Simplify/Automatize TPM2 firmware upgrade process. Today: upgrade, reboot, reseal(type TPM owner pass), resign, boot default_failed="y" DEBUG "Hash of TPM2 primary key handle does not exist under $PRIMHASH_FILE" fi @@ -340,7 +342,7 @@ do_boot() { fi kexec-insert-key $INITRD || - die "!!! Failed to insert disk key into a new initrd" + die "!!! Failed to prepare TPM Disk Unlock Key for boot" kexec-boot -b "$bootdir" -e "$option" \ -a "$add" -r "$remove" -o "/tmp/secret/initrd.cpio" || diff --git a/initrd/bin/kexec-unseal-key b/initrd/bin/kexec-unseal-key index 6f5cbd9f2..77597b4ea 100755 --- a/initrd/bin/kexec-unseal-key +++ b/initrd/bin/kexec-unseal-key @@ -38,15 +38,14 @@ for tries in 1 2 3; do exit 0 fi - DEBUG $(pcrs) - warn "Unable to unseal disk encryption key" - if [ -e /boot/kexec_lukshdr_hash.txt -a -e /tmp/luksDump.txt ]; then - if ! diff /boot/kexec_lukshdr_hash.txt /tmp/luksDump.txt > /dev/null 2>&1; then - warn "Encrypted LUKS(es) container(s) headers changed since they were measured and sealed in TPM for Disk Unlock key. You might want to investigate." + warn "Unable to unseal LUKS Disk Unlock Key from TPM" + if [ -e /boot/kexec_lukshdr_hash.txt ] && [ -e /tmp/luksDump.txt ]; then + if ! cmp -s /boot/kexec_lukshdr_hash.txt /tmp/luksDump.txt > /dev/null 2>&1; then + warn "Encrypted disk keys(s) have changed since sealed in TPM Disk Unlock Key. You might want to investigate." fi else - warn "No encrypted LUKS container(s) headers were found/comparable under /boot/kexec_lukshdr_hash.txt" - warn "You might need to setup a new boot default and Disk Unlock Key from Options->Boot Options->Show OS boot menu." + warn "Could not check for tampering of Encrypted disk keys(s)" + warn "Re-seal the TPM Disk Unlock Key by re-selecting your default boot option to enable this check (Options -> Boot Options -> Show OS boot menu)." fi done diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 05ef89523..6b1345101 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -905,7 +905,7 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then echo "Each prompt requires a single letter answer: eg. (Y/n)." echo -e "If you don't know what to answer, pressing Enter will select the default answer for that prompt: eg. Y, above.\n" - # Re-ownership of encrypted disk key, content and passphrase + # Re-ownership of LUKS encrypted Disk: key, content and passphrase echo -e -n "\n\nWould you like to change the current LUKS Disk Recovery Key passphrase?\n (Highly recommended if you didn't install the Operating System yourself, so that past configured passphrase would not permit to access content.\n Note that without re-encrypting disk, a backed up header could be restored to access encrypted content with old passphrase) [y/N]: " read -n 1 prompt_output echo diff --git a/initrd/init b/initrd/init index 93bd5222f..0bf166578 100755 --- a/initrd/init +++ b/initrd/init @@ -12,7 +12,7 @@ export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin # running out of the ram disk. There are no fileysstems mounted. # It is important to have a way to invoke a recovery shell in case # the boot scripts are messed up, but also important to modify the -# PCRs if this happens to prevent the TPM disk keys from being revealed. +# PCRs if this happens to prevent the TPM Disk Unlock Keys from being revealed. # First thing it is vital to mount the /dev and other system directories mkdir /proc /sys /dev /tmp /boot /media 2>&- 1>&- From 13375e29cc03566a15b5460e4dd34e474283c93e Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 8 Apr 2024 16:22:57 -0400 Subject: [PATCH 32/84] kexec-insert-key: refactor tampering check for encrypted disk keys prior of TPM unsealing ops move code from kexec-unseal-key to kexec-insert-key, address code review and apply verbiage suggestion changes Signed-off-by: Thierry Laurion --- initrd/bin/kexec-insert-key | 20 ++++++++++++++++---- initrd/bin/kexec-unseal-key | 8 -------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/initrd/bin/kexec-insert-key b/initrd/bin/kexec-insert-key index f6ae33c6a..8f7cd502b 100755 --- a/initrd/bin/kexec-insert-key +++ b/initrd/bin/kexec-insert-key @@ -40,7 +40,22 @@ SECRET_CPIO=/tmp/secret/initrd.cpio bootdir=$(dirname "$INITRD") mkdir -p "$INITRD_DIR/etc" -# Attempt to unseal the Disk Unlok Key from the TPM +if [ -e /boot/kexec_lukshdr_hash.txt ] && [ -e /tmp/luksDump.txt ]; then + if ! cmp -s /boot/kexec_lukshdr_hash.txt /tmp/luksDump.txt >/dev/null 2>&1; then + #LUKS header hash part of detached signed hash digest under boot doesn't match qubes-measure-luks tmp file + warn "Encrypted disk keys have changed since the TPM Disk Unlock Key was sealed. If you did not make this change, the disk may be compromised" + exit 1 + else + #LUKS header hash part of detached signed hash digest matches + echo "+++ Encrypted disk keys have not been changed since sealed in TPM Disk Unlock Key" + #TODO: remove "+++" with boot info helper when added, same with "!!!" currently for info. + fi +else + warn "Could not check for tampering of Encrypted disk keys" + warn "Re-seal the TPM Disk Unlock Key by re-selecting your default boot option to enable this check (Options -> Boot Options -> Show OS boot menu)." +fi + +# Attempt to unseal the Disk Unlock Key from the TPM # should we give this some number of tries? unseal_failed="n" if ! kexec-unseal-key "$INITRD_DIR/secret.key"; then @@ -57,9 +72,6 @@ tpmr extend -ix 4 -ic generic || # Check to continue if [ "$unseal_failed" = "y" ]; then confirm_boot="n" - if cmp -s "$bootdir/kexec_lukshdr_hash.txt" /tmp/luksDump.txt > /dev/null 2>&1; then - echo "Encrypted disk keys(s) have not been changed since sealed in TPM Disk Unlock Key" - fi read \ -n 1 \ -p "Do you wish to boot and use the LUKS Disk Recovery Key? [Y/n] " \ diff --git a/initrd/bin/kexec-unseal-key b/initrd/bin/kexec-unseal-key index 77597b4ea..346eda9b8 100755 --- a/initrd/bin/kexec-unseal-key +++ b/initrd/bin/kexec-unseal-key @@ -39,14 +39,6 @@ for tries in 1 2 3; do fi warn "Unable to unseal LUKS Disk Unlock Key from TPM" - if [ -e /boot/kexec_lukshdr_hash.txt ] && [ -e /tmp/luksDump.txt ]; then - if ! cmp -s /boot/kexec_lukshdr_hash.txt /tmp/luksDump.txt > /dev/null 2>&1; then - warn "Encrypted disk keys(s) have changed since sealed in TPM Disk Unlock Key. You might want to investigate." - fi - else - warn "Could not check for tampering of Encrypted disk keys(s)" - warn "Re-seal the TPM Disk Unlock Key by re-selecting your default boot option to enable this check (Options -> Boot Options -> Show OS boot menu)." - fi done die "Retry count exceeded..." From 38f8cc4730503b993ee6d5e215251a3f8e91aa27 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Wed, 27 Mar 2024 16:14:31 -0400 Subject: [PATCH 33/84] OpenSSL (libcrypto): patch so that crypto/buildinfo.h generated by perl script contains reproducible date and fake compiler_flags hardcode VERSION='reproducible_build' into generated configure script to get rid of generate random git abbrev 8/12 chars (could not find source) patches/openssl-3.0.8.patch: clean up tpm2-tools/tpm2-tss: hack configure scripts to not contain hardcoded libs and other rpath related strings, using sed instead of patching configure script like cryptsetup2 patch Will be clened up in other commits. Leaving here as trace for autotools sed patching for reproducible builds. CircleCI: change working dir from project->heads so that CircleCI and local builds are from heads directory, helping reproducible builds TODO: change other patches a well and generalize to gpg toolstack, removing patches that are a maintainership burden. Signed-off-by: Thierry Laurion --- .circleci/config.yml | 17 ++++++++++------- modules/tpm2-tools | 13 ++++++++++++- modules/tpm2-tss | 14 ++++++++++++++ patches/openssl-3.0.8.patch | 35 +++++++++++++++++++++++++++++++++++ 4 files changed, 71 insertions(+), 8 deletions(-) create mode 100644 patches/openssl-3.0.8.patch diff --git a/.circleci/config.yml b/.circleci/config.yml index dab0fa2dd..6809ea977 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -45,6 +45,7 @@ jobs: docker: - image: debian:11 resource_class: large + working_directory: ~/heads steps: - run: name: Install dependencies @@ -53,7 +54,6 @@ jobs: apt update apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg gawk iasl m4 nasm patch python python2 python3 wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool rsync innoextract sudo imagemagick libncurses5-dev - checkout - - run: name: git reset command: | @@ -120,6 +120,7 @@ jobs: docker: - image: debian:11 resource_class: large + working_directory: ~/heads parameters: arch: type: string @@ -138,15 +139,16 @@ jobs: - persist_to_workspace: root: ~/ paths: - - project/packages/<> - - project/build/<> - - project/crossgcc/<> - - project/install/<> + - heads/packages/<> + - heads/build/<> + - heads/crossgcc/<> + - heads/install/<> build: docker: - image: debian:11 resource_class: large + working_directory: ~/heads parameters: arch: type: string @@ -167,6 +169,7 @@ jobs: docker: - image: debian:11 resource_class: large + working_directory: ~/heads steps: - attach_workspace: at: ~/ @@ -236,13 +239,12 @@ workflows: # since kernel is 6.x and coreboot is git is unshared # We use nitropad's coreboot's fork crossgcc # No need to wait further for other board's cache. - # We reuse built modules from x230-hotp-maximized cache only - build_and_persist: name: nitropad-nv41 target: nitropad-nv41 subcommand: "" requires: - - x230-hotp-maximized + - prep_env # coreboot-git Talos II (PPC) - build_and_persist: @@ -506,3 +508,4 @@ workflows: # path: build/UNMAINTAINED_qemu-linuxboot/linuxboot.rom # - store-artifacts: # path: build/UNMAINTAINED_qemu-linuxboot/hashes.txt + diff --git a/modules/tpm2-tools b/modules/tpm2-tools index 98711195a..7407dae0c 100644 --- a/modules/tpm2-tools +++ b/modules/tpm2-tools @@ -18,7 +18,18 @@ tpm2-tools_url := https://github.com/tpm2-software/tpm2-tools/releases/download/ tpm2-tools_hash := c0b402f6a7b3456e8eb2445211e2d41c46c7e769e05fe4d8909ff64119f7a630 # we have ESYS 3.0, but it doesn't figure that out on its own -tpm2-tools_configure := ./bootstrap && ./configure \ +tpm2-tools_configure := \ + ./bootstrap \ + && sed -i 's/hardcode_direct=yes/hardcode_direct=no/g' configure \ + && sed -i 's/hardcode_libdir_flag_spec=.*/hardcode_libdir_flag_spec=" "/' configure \ + && sed -i 's/hardcode_minus_L=yes/hardcode_minus_L=no/g' configure \ + && sed -i 's/hardcode_automatic=yes/hardcode_automatic=no/g' configure \ + && sed -i 's/hardcode_runpath_var=yes/hardcode_runpath_var=no/g' configure \ + && sed -i 's/hardcode_into_libs=yes/hardcode_into_libs=no/g' configure \ + && sed -i 's/hardcode_direct_absolute=yes/hardcode_direct_absolute=no/g' configure \ + && sed -i 's/inherit_rpath=yes/inherit_rpath=no/g' configure \ + && sed -i "s/VERSION='.*'/VERSION='reproducible_build'/g" configure \ + && ./configure \ $(CROSS_TOOLS) \ --host $(MUSL_ARCH)-elf-linux \ --prefix "/" \ diff --git a/modules/tpm2-tss b/modules/tpm2-tss index 0fad79ef5..eb5af1b47 100644 --- a/modules/tpm2-tss +++ b/modules/tpm2-tss @@ -8,6 +8,20 @@ tpm2-tss_url := https://github.com/tpm2-software/tpm2-tss/releases/download/$(tp tpm2-tss_hash := 48305e4144dcf6d10f3b25b7bccf0189fd2d1186feafd8cd68c6b17ecf0d7912 tpm2-tss_configure := aclocal && automake --add-missing && autoreconf -fi \ + && sed -i 's/hardcode_direct=yes/hardcode_direct=no/g' configure \ + && sed -i 's/hardcode_libdir_flag_spec=.*/hardcode_libdir_flag_spec=" "/' configure \ + && sed -i 's/hardcode_minus_L=yes/hardcode_minus_L=no/g' configure \ + && sed -i 's/hardcode_direct_absolute=yes/hardcode_direct_absolute=no/g' configure \ + && sed -i 's/hardcode_into_libs=yes/hardcode_into_libs=no/g' configure \ + && sed -i 's/hardcode_libdir_flag_spec_CXX=.*/hardcode_libdir_flag_spec_CXX=" "/' configure \ + && sed -i 's/hardcode_automatic=yes/hardcode_automatic=no/g' configure \ + && sed -i 's/hardcode_runpath_var=yes/hardcode_runpath_var=no/g' configure \ + && sed -i 's/hardcode_direct_CXX=yes/hardcode_direct_CXX=no/g' configure \ + && sed -i 's/hardcode_direct_absolute_CXX=yes/hardcode_direct_absolute_CXX=no/g' configure \ + && sed -i 's/hardcode_minus_L_CXX=yes/hardcode_minus_L_CXX=no/g' configure \ + && sed -i 's/hardcode_automatic_CXX=yes/hardcode_automatic_CXX=no/g' configure \ + && sed -i 's/inherit_rpath=yes/inherit_rpath=no/g' configure \ + && sed -i 's/inherit_rpath_CXX=yes/inherit_rpath_CXX=no/g' configure \ && ./configure \ $(CROSS_TOOLS) \ --host $(MUSL_ARCH)-elf-linux \ diff --git a/patches/openssl-3.0.8.patch b/patches/openssl-3.0.8.patch new file mode 100644 index 000000000..db4e79e4d --- /dev/null +++ b/patches/openssl-3.0.8.patch @@ -0,0 +1,35 @@ +--- ./util/mkbuildinf.pl.orig 2023-02-07 08:43:33.000000000 -0500 ++++ ./util/mkbuildinf.pl 2024-03-27 14:36:49.974651246 -0400 +@@ -12,7 +12,7 @@ + my ($cflags, $platform) = @ARGV; + $cflags = "compiler: $cflags"; + +-my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} || time()) . " UTC"; ++my $date = gmtime($ENV{'SOURCE_DATE_EPOCH'} || '0') . " UTC"; + + print <<"END_OUTPUT"; + /* +@@ -36,21 +36,7 @@ + * literal + */ + static const char compiler_flags[] = { +-END_OUTPUT +- +-my $ctr = 0; +-foreach my $c (split //, $cflags) { +- $c =~ s|([\\'])|\\$1|; +- # Max 16 characters per line +- if (($ctr++ % 16) == 0) { +- if ($ctr != 1) { +- print "\n"; +- } +- print " "; +- } +- print "'$c',"; +-} +-print <<"END_OUTPUT"; +-'\\0' ++ 'r','e','p','r','o','d','u','c','i','b','l','e',' ','b','u','i', ++ 'l','d','\\0' + }; + END_OUTPUT From d9dc75f99eae18ceab261b63300f3a3b513496d8 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 2 Apr 2024 12:18:39 -0400 Subject: [PATCH 34/84] modules-tpm2-tools: bump from 5.2->5.6 (removes need to hack around PACKAGE_VERSION string which configure.ac points to ./VERSION already tpm2-tools-5.6 patch: comment out git versioning output under ./VERSION; module: output current version under ./VERSION instead. Document under module Signed-off-by: Thierry Laurion --- modules/tpm2-tools | 26 ++++++++++------------ patches/tpm2-tools-5.2.patch | 33 ---------------------------- patches/tpm2-tools-5.6.patch | 42 ++++++++++++++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 48 deletions(-) delete mode 100644 patches/tpm2-tools-5.2.patch create mode 100644 patches/tpm2-tools-5.6.patch diff --git a/modules/tpm2-tools b/modules/tpm2-tools index 7407dae0c..df06afaf3 100644 --- a/modules/tpm2-tools +++ b/modules/tpm2-tools @@ -8,34 +8,30 @@ ifeq "$(CONFIG_TPM2_TOOLS)" "y" export CONFIG_TPM=y endif -tpm2-tools_version := 5.2 +tpm2-tools_version := 5.6 #tpm2-tools_version := 78a7681 #tpm2-tools_repo := https://github.com/tpm2-software/tpm2-tools.git tpm2-tools_dir := tpm2-tools-$(tpm2-tools_version) tpm2-tools_tar := tpm2-tools-$(tpm2-tools_version).tar.gz tpm2-tools_url := https://github.com/tpm2-software/tpm2-tools/releases/download/$(tpm2-tools_version)/$(tpm2-tools_tar) -tpm2-tools_hash := c0b402f6a7b3456e8eb2445211e2d41c46c7e769e05fe4d8909ff64119f7a630 +tpm2-tools_hash := 52c8bcbaadca082abfe5eb7ee4967d2d632d84b1677675f2f071b6d2ec22cec3 -# we have ESYS 3.0, but it doesn't figure that out on its own +#tpm2-tools 5.6 adds release version based on git, while tarball downloaded doesn't include any .git +# the patch comments out git output to ./VERSION, and we fill it here based on this Makefile's version +#tpm2-tools doesn't play nice with reproducible builds, hardcoding lib paths without providing a configure option to remove rpaths +# We make sure no hardcoding of libdir flags exist in configure script prior of calling the script with sed call +# We pass additional remapping of prefix-map from $INSTALL to local dir tpm2-tools_configure := \ - ./bootstrap \ - && sed -i 's/hardcode_direct=yes/hardcode_direct=no/g' configure \ - && sed -i 's/hardcode_libdir_flag_spec=.*/hardcode_libdir_flag_spec=" "/' configure \ - && sed -i 's/hardcode_minus_L=yes/hardcode_minus_L=no/g' configure \ - && sed -i 's/hardcode_automatic=yes/hardcode_automatic=no/g' configure \ - && sed -i 's/hardcode_runpath_var=yes/hardcode_runpath_var=no/g' configure \ - && sed -i 's/hardcode_into_libs=yes/hardcode_into_libs=no/g' configure \ - && sed -i 's/hardcode_direct_absolute=yes/hardcode_direct_absolute=no/g' configure \ - && sed -i 's/inherit_rpath=yes/inherit_rpath=no/g' configure \ - && sed -i "s/VERSION='.*'/VERSION='reproducible_build'/g" configure \ + echo "$(tpm2-tools_version)" > ./VERSION \ + && ./bootstrap \ + && sed -i 's/hardcode_libdir_flag_spec=.*/hardcode_libdir_flag_spec=/' configure \ && ./configure \ $(CROSS_TOOLS) \ --host $(MUSL_ARCH)-elf-linux \ --prefix "/" \ --disable-fapi \ - TSS2_ESYS_3_0_CFLAGS="-I$(INSTALL)/include" \ - TSS2_ESYS_3_0_LIBS="-ltss2-esys" \ + CFLAGS="-fdebug-prefix-map=$(INSTALL)=." \ tpm2-tools_target := $(MAKE_JOBS) \ DESTDIR="$(INSTALL)" \ diff --git a/patches/tpm2-tools-5.2.patch b/patches/tpm2-tools-5.2.patch deleted file mode 100644 index f4720f230..000000000 --- a/patches/tpm2-tools-5.2.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff --git a/Makefile.am b/Makefile.am -index 7132215..32e2193 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -93,7 +93,7 @@ tss2_tools = \ - - # Bundle all the tools into a single program similar to busybox - bin_PROGRAMS += tools/tpm2 --tools_tpm2_LDADD = $(LDADD) $(CURL_LIBS) -+tools_tpm2_LDADD = $(LDADD) - tools_tpm2_CFLAGS = $(AM_CFLAGS) -DTPM2_TOOLS_MAX="$(words $(tpm2_tools))" - tools_tpm2_SOURCES = \ - tools/tpm2_tool.c \ -@@ -127,7 +127,6 @@ tpm2_tools = \ - tools/tpm2_encryptdecrypt.c \ - tools/tpm2_evictcontrol.c \ - tools/tpm2_flushcontext.c \ -- tools/tpm2_getekcertificate.c \ - tools/tpm2_getrandom.c \ - tools/tpm2_gettime.c \ - tools/tpm2_hash.c \ -diff --git a/configure.ac b/configure.ac -index f1c1711..7279baa 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -59,7 +59,6 @@ PKG_CHECK_MODULES([TSS2_MU], [tss2-mu]) - PKG_CHECK_MODULES([TSS2_RC], [tss2-rc]) - PKG_CHECK_MODULES([TSS2_SYS], [tss2-sys]) - PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.1.0]) --PKG_CHECK_MODULES([CURL], [libcurl]) - - # pretty print of devicepath if efivar library is present - PKG_CHECK_MODULES([EFIVAR], [efivar],,[true]) diff --git a/patches/tpm2-tools-5.6.patch b/patches/tpm2-tools-5.6.patch new file mode 100644 index 000000000..991d0791c --- /dev/null +++ b/patches/tpm2-tools-5.6.patch @@ -0,0 +1,42 @@ +--- ./bootstrap.orig 2023-11-08 02:19:36.000000000 -0500 ++++ ./bootstrap 2024-04-03 12:18:46.722995465 -0400 +@@ -5,7 +5,7 @@ + + # Generate a VERSION file that is included in the dist tarball to avoid needed git + # when calling autoreconf in a release tarball. +-git describe --tags --always --dirty > VERSION ++#git describe --tags --always --dirty > VERSION + + # generate list of source files for use in Makefile.am + # if you add new source files, you must run ./bootstrap again +diff --git a/Makefile.am b/Makefile.am +index 7132215..32e2193 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -93,7 +93,7 @@ tss2_tools = \ + + # Bundle all the tools into a single program similar to busybox + bin_PROGRAMS += tools/tpm2 +-tools_tpm2_LDADD = $(LDADD) $(CURL_LIBS) ++tools_tpm2_LDADD = $(LDADD) + tools_tpm2_CFLAGS = $(AM_CFLAGS) -DTPM2_TOOLS_MAX="$(words $(tpm2_tools))" + tools_tpm2_SOURCES = \ + tools/tpm2_tool.c \ +@@ -127,7 +127,6 @@ tpm2_tools = \ + tools/tpm2_encryptdecrypt.c \ + tools/tpm2_evictcontrol.c \ + tools/tpm2_flushcontext.c \ +- tools/tpm2_getekcertificate.c \ + tools/tpm2_getrandom.c \ + tools/tpm2_gettime.c \ + tools/tpm2_hash.c \ +--- ./configure.ac.orig 2023-11-08 02:19:36.000000000 -0500 ++++ ./configure.ac 2024-04-02 12:05:00.270985575 -0400 +@@ -80,7 +80,6 @@ + AC_CHECK_LIB(crypto, [EVP_sm4_cfb128], [ + AC_DEFINE([HAVE_EVP_SM4_CFB], [1], [Support EVP_sm4_cfb in openssl])], + []) +-PKG_CHECK_MODULES([CURL], [libcurl]) + + # pretty print of devicepath if efivar library is present + # auto detect if not specified via the --with-efivar option. From ec84238f2dbe277b78b16249835fe3075c6afa87 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 2 Apr 2024 16:02:13 -0400 Subject: [PATCH 35/84] modules/tpm2-tss: sed configure script to remove hardcoding of libs, move patch 3.2.0->3.2.2 disable static lib builds Signed-off-by: Thierry Laurion --- modules/tpm2-tss | 26 ++++++++----------- ...2-tss-3.2.0.patch => tpm2-tss-3.2.2.patch} | 0 2 files changed, 11 insertions(+), 15 deletions(-) rename patches/{tpm2-tss-3.2.0.patch => tpm2-tss-3.2.2.patch} (100%) diff --git a/modules/tpm2-tss b/modules/tpm2-tss index eb5af1b47..3795e21f5 100644 --- a/modules/tpm2-tss +++ b/modules/tpm2-tss @@ -1,27 +1,22 @@ # TPM2 TSS library modules-$(CONFIG_TPM2_TSS) += tpm2-tss -tpm2-tss_version := 3.2.0 +tpm2-tss_version := 3.2.2 tpm2-tss_dir := tpm2-tss-$(tpm2-tss_version) tpm2-tss_tar := tpm2-tss-$(tpm2-tss_version).tar.gz tpm2-tss_url := https://github.com/tpm2-software/tpm2-tss/releases/download/$(tpm2-tss_version)/$(tpm2-tss_tar) -tpm2-tss_hash := 48305e4144dcf6d10f3b25b7bccf0189fd2d1186feafd8cd68c6b17ecf0d7912 +tpm2-tss_hash := ba9e52117f254f357ff502e7d60fce652b3bfb26327d236bbf5ab634235e40f1 +#Repro checks: +# find build/x86/tpm2-tss-3.2.2/src/*/.libs/libtss2-*so* | while read file; do echo "library $file:"; strings $file|grep heads; done +# Should not return any result + +#NEEDED otherwise output on previous command +#sed -i 's/hardcode_into_libs=yes/hardcode_into_libs=no/g' configure +# needed otherwise library build/x86/tpm2-tss-3.2.2/src/tss2-tcti/.libs/libtss2-tcti-pcap.so.0.0.0: +# contains: /home/user/heads/build/x86/tpm2-tss-3.2.2/src/tss2-tcti/.libs:/home/user/heads/build/x86/tpm2-tss-3.2.2/src/tss2-mu/.libs://lib tpm2-tss_configure := aclocal && automake --add-missing && autoreconf -fi \ - && sed -i 's/hardcode_direct=yes/hardcode_direct=no/g' configure \ - && sed -i 's/hardcode_libdir_flag_spec=.*/hardcode_libdir_flag_spec=" "/' configure \ - && sed -i 's/hardcode_minus_L=yes/hardcode_minus_L=no/g' configure \ - && sed -i 's/hardcode_direct_absolute=yes/hardcode_direct_absolute=no/g' configure \ && sed -i 's/hardcode_into_libs=yes/hardcode_into_libs=no/g' configure \ - && sed -i 's/hardcode_libdir_flag_spec_CXX=.*/hardcode_libdir_flag_spec_CXX=" "/' configure \ - && sed -i 's/hardcode_automatic=yes/hardcode_automatic=no/g' configure \ - && sed -i 's/hardcode_runpath_var=yes/hardcode_runpath_var=no/g' configure \ - && sed -i 's/hardcode_direct_CXX=yes/hardcode_direct_CXX=no/g' configure \ - && sed -i 's/hardcode_direct_absolute_CXX=yes/hardcode_direct_absolute_CXX=no/g' configure \ - && sed -i 's/hardcode_minus_L_CXX=yes/hardcode_minus_L_CXX=no/g' configure \ - && sed -i 's/hardcode_automatic_CXX=yes/hardcode_automatic_CXX=no/g' configure \ - && sed -i 's/inherit_rpath=yes/inherit_rpath=no/g' configure \ - && sed -i 's/inherit_rpath_CXX=yes/inherit_rpath_CXX=no/g' configure \ && ./configure \ $(CROSS_TOOLS) \ --host $(MUSL_ARCH)-elf-linux \ @@ -31,6 +26,7 @@ tpm2-tss_configure := aclocal && automake --add-missing && autoreconf -fi \ --disable-doxygen-rtf \ --disable-doxygen-html \ --disable-fapi \ + --disable-static \ # Run one build to generate the executables with the pre-defined # exec_prefix and datarootdir, then a second make to install the binaries diff --git a/patches/tpm2-tss-3.2.0.patch b/patches/tpm2-tss-3.2.2.patch similarity index 100% rename from patches/tpm2-tss-3.2.0.patch rename to patches/tpm2-tss-3.2.2.patch From c3758f18b443ea85dfe3580e5378bb98eb0906f8 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 9 Apr 2024 12:36:03 -0400 Subject: [PATCH 36/84] modules/tpm2-tools: Add TODO to uniformize live patching through sed calls as opposed to patch version specific autotools/configure scripts to force reproducible builds Signed-off-by: Thierry Laurion --- modules/tpm2-tools | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/tpm2-tools b/modules/tpm2-tools index df06afaf3..bba25bc5d 100644 --- a/modules/tpm2-tools +++ b/modules/tpm2-tools @@ -9,8 +9,6 @@ ifeq "$(CONFIG_TPM2_TOOLS)" "y" endif tpm2-tools_version := 5.6 -#tpm2-tools_version := 78a7681 -#tpm2-tools_repo := https://github.com/tpm2-software/tpm2-tools.git tpm2-tools_dir := tpm2-tools-$(tpm2-tools_version) tpm2-tools_tar := tpm2-tools-$(tpm2-tools_version).tar.gz @@ -22,10 +20,12 @@ tpm2-tools_hash := 52c8bcbaadca082abfe5eb7ee4967d2d632d84b1677675f2f071b6d2ec22c #tpm2-tools doesn't play nice with reproducible builds, hardcoding lib paths without providing a configure option to remove rpaths # We make sure no hardcoding of libdir flags exist in configure script prior of calling the script with sed call # We pass additional remapping of prefix-map from $INSTALL to local dir +# +# TODO: remove all patches and uniformize with similar sed calls. tpm2-tools_configure := \ echo "$(tpm2-tools_version)" > ./VERSION \ && ./bootstrap \ - && sed -i 's/hardcode_libdir_flag_spec=.*/hardcode_libdir_flag_spec=/' configure \ + && sed -i 's/hardcode_libdir_flag_spec=.*/hardcode_libdir_flag_spec=" "/' configure \ && ./configure \ $(CROSS_TOOLS) \ --host $(MUSL_ARCH)-elf-linux \ From 4f1529757cd68c87390a499a12c0a0f1aa49aad3 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 25 Apr 2024 20:23:28 -0400 Subject: [PATCH 37/84] tpmr: remove warning "Warn: check public portion of the tpmkey manually" Discussed under https://github.com/linuxboot/heads/pull/1630#issuecomment-2075120429 TODO added in code. Signed-off-by: Thierry Laurion --- initrd/bin/tpmr | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/initrd/bin/tpmr b/initrd/bin/tpmr index 630454e17..a740d4a03 100755 --- a/initrd/bin/tpmr +++ b/initrd/bin/tpmr @@ -347,8 +347,10 @@ tpm2_startsession() { --saved-session || die "tpm2_flushcontext: unable to flush saved session" tpm2 readpublic -Q -c "$PRIMARY_HANDLE" -t "$PRIMARY_HANDLE_FILE" - tpm2 startauthsession -Q -c "$PRIMARY_HANDLE_FILE" --hmac-session -S "$ENC_SESSION_FILE" - tpm2 startauthsession -Q -c "$PRIMARY_HANDLE_FILE" --hmac-session -S "$DEC_SESSION_FILE" + #TODO: do the right thing to not have to suppress "WARN: check public portion the tpmkey manually" see https://github.com/linuxboot/heads/pull/1630#issuecomment-2075120429 + tpm2 startauthsession -Q -c "$PRIMARY_HANDLE_FILE" --hmac-session -S "$ENC_SESSION_FILE" 2>&1 > /dev/null + #TODO: do the right thing to not have to suppress "WARN: check public portion the tpmkey manually" see https://github.com/linuxboot/heads/pull/1630#issuecomment-2075120429 + tpm2 startauthsession -Q -c "$PRIMARY_HANDLE_FILE" --hmac-session -S "$DEC_SESSION_FILE" 2>&1 > /dev/null tpm2 sessionconfig -Q --disable-encrypt "$DEC_SESSION_FILE" } From 72fe2c98edbe43b07674f20131faad9e11c565c2 Mon Sep 17 00:00:00 2001 From: Christian Foerster Date: Mon, 22 Apr 2024 22:56:13 +0200 Subject: [PATCH 38/84] only change user PIN minimum requirement to 6 Signed-off-by: Christian Foerster --- initrd/bin/oem-factory-reset | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 6b1345101..a688f670b 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -1011,8 +1011,8 @@ if [ "$use_defaults" == "n" -o "$use_defaults" == "N" ]; then read TPM_PASS done fi - while [[ ${#ADMIN_PIN} -lt 8 ]] || [[ ${#ADMIN_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do - echo -e -n "\nThis PIN should be between 8 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" + while [[ ${#ADMIN_PIN} -lt 6 ]] || [[ ${#ADMIN_PIN} -gt $MAX_HOTP_GPG_PIN_LENGTH ]]; do + echo -e -n "\nThis PIN should be between 6 to $MAX_HOTP_GPG_PIN_LENGTH characters in length.\n" echo -e -n "Enter desired GPG Admin PIN: " read ADMIN_PIN done From 08d8d3c9bbe026c22aa4ae5dcfeb1671eeb28233 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 25 Mar 2024 16:05:27 -0400 Subject: [PATCH 39/84] Move boards/UNTESTED_* boards to untested_boards/UNMAINTAINED_*, remove them from CircleCI, add Makefile helper and document untested_boards/README.md Signed-off-by: Thierry Laurion --- .circleci/config.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 6809ea977..12a750103 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -259,7 +259,7 @@ workflows: - save_cache: requires: - talos-2 - - librem_14 + - nitropad-nv41 # # Those onboarding new boards should add their entries below. @@ -295,6 +295,13 @@ workflows: requires: - x230-hotp-maximized + - build: + name: t420-maximized + target: t420-maximized + subcommand: "" + requires: + - x230-hotp-maximized + - build: name: x230-hotp-maximized_usb-kb target: x230-hotp-maximized_usb-kb @@ -508,4 +515,3 @@ workflows: # path: build/UNMAINTAINED_qemu-linuxboot/linuxboot.rom # - store-artifacts: # path: build/UNMAINTAINED_qemu-linuxboot/hashes.txt - From 14dd80993e93643786d3ccebb6aa7e9b32fc1fc2 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 23 Apr 2024 11:58:33 -0400 Subject: [PATCH 40/84] Makefile: add yet another developer helper: real.gitclean_keep_packages to not delete already downloaded packages to economize bandwidth Signed-off-by: Thierry Laurion --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index 4f113d9c9..93bf7555f 100644 --- a/Makefile +++ b/Makefile @@ -795,3 +795,5 @@ real.clean: cd install && rm -rf -- * real.gitclean: git clean -fxd +real.gitclean_keep_packages: + git clean -fxd -e "packages" From f8a6dfeb7eed5df667b96b332bb53c96fe0ded59 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 26 Apr 2024 19:34:53 -0400 Subject: [PATCH 41/84] WiP Adressing review Signed-off-by: Thierry Laurion --- initrd/bin/kexec-seal-key | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key index 82f421e40..0b2e9de6b 100755 --- a/initrd/bin/kexec-seal-key +++ b/initrd/bin/kexec-seal-key @@ -102,7 +102,7 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do # Heads expects key-slot 1 or 8 to be used for TPM DUK setup. Ask user to confirm with big fat warning read -p "WARNING: LUKS key-slot $slot is not typically used for TPM Disk Unlock Key setup. Are you sure you want to wipe it? [y/N] " -n 1 -r # If user does not confirm, skip this slot - if [[ ! $REPLY =~ ^[Yy]$ ]]; then + if [[ $REPLY =~ ^[Yy]$ ]]; then wipe_desired="yes" fi else From 04d233f3d8b676b94590aa3c4431460dc158dcd7 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 9 May 2024 10:56:30 -0400 Subject: [PATCH 42/84] etc/ash_functions: move enable_usb prior of verifying presence of GPG card QEMU TCG is not so good at getting exclusive access, so assigning SUB device to testing qube needs to be done AFTER kernel modules are loaded otherwise race codition between host and qemu. Otherwise error -32, requiring to kill sys-usb and restart testing qube, and let the first attempt which loads drivers to fail prior of assigning USB Security dongle so that drivers are loaded. Makes testing through QEMU TCG (not KVM which is better at getting exclusive USB device access) a little bit more usable (helps me keep sanity in development cycles) --- @JonathonHall-Purism I could do PR seperately for this against master if you agree. Signed-off-by: Thierry Laurion --- initrd/etc/ash_functions | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions index 54b721085..04579e5c8 100644 --- a/initrd/etc/ash_functions +++ b/initrd/etc/ash_functions @@ -67,6 +67,11 @@ preserve_rom() { confirm_gpg_card() { TRACE "Under /etc/ash_functions:confirm_gpg_card" + + # Setup the USB so we can reach the USB Security Dongle's smartcard + # Otherwise QEMU TCG is having issues... + enable_usb + #Skip prompts if we are currently using a known GPG key material Thumb drive backup and keys are unlocked pinentry #TODO: probably export CONFIG_GPG_KEY_BACKUP_IN_USE but not under /etc/user.config? #Toggle to come in next PR, but currently we don't have a way to toggle it back to n if config.user flashed back in rom @@ -138,9 +143,6 @@ confirm_gpg_card() { fi fi - # setup the USB so we can reach the USB Security Dongle's smartcard - enable_usb - echo -e "\nVerifying presence of GPG card...\n" # ensure we don't exit without retrying errexit=$(set -o | grep errexit | awk '{print $2}') From e406cf20b774e6d1d84444ebfd150482f4c01d49 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 9 May 2024 10:59:59 -0400 Subject: [PATCH 43/84] WiP Signed-off-by: Thierry Laurion --- initrd/bin/kexec-seal-key | 170 +++++++++++++++++++++++++++----------- initrd/etc/luks-functions | 10 +-- 2 files changed, 125 insertions(+), 55 deletions(-) diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key index 0b2e9de6b..c1847fa79 100755 --- a/initrd/bin/kexec-seal-key +++ b/initrd/bin/kexec-seal-key @@ -1,5 +1,5 @@ #!/bin/bash -# This will generate a disk encryption key and seal / ecncrypt +# This will generate a disk encryption key and seal / encrypt # with the current PCRs and then store it in the TPM NVRAM. # It will then need to be bundled into initrd that is booted. set -e -o pipefail @@ -7,9 +7,9 @@ set -e -o pipefail TPM_INDEX=3 TPM_SIZE=312 -KEY_FILE="/tmp/secret/secret.key" +DUK_KEY_FILE="/tmp/secret/secret.key" TPM_SEALED="/tmp/secret/secret.sealed" -RECOVERY_KEY="/tmp/secret/recovery.key" +DISK_RECOVERY_KEY_FILE="/tmp/secret/recovery.key" . /etc/functions . /tmp/config @@ -44,90 +44,160 @@ fi DEBUG "$(pcrs)" -# LUKS Key slot 0 is the manual recovery pass phrase -# that they user entered when they installed OS, -# key slot 1 is the one that we've generated. -read -s -p "Enter LUKS Disk Recovery Key/passphrase: " disk_password -echo -n "$disk_password" >"$RECOVERY_KEY" -echo -read -s -p "New LUKS TPM Disk Unlock Key passphrase for booting: " key_password -echo -read -s -p "Repeat LUKS TPM Disk Unlock Key passphrase for booting: " key_password2 -echo +for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do + attempts=0 + while [ $attempts -lt 3 ]; do + read -s -p "Enter LUKS Disk Recovery Key/passphrase for $dev: " disk_password + echo -n "$disk_password" >"$DISK_RECOVERY_KEY_FILE" + echo + + DEBUG "Testing $DISK_RECOVERY_KEY_FILE keyfile created from provided passphrase against $dev" + if cryptsetup open $dev --test-passphrase --key-file "$DISK_RECOVERY_KEY_FILE"; then + DEBUG "LUKS device $dev unlocked successfully with the provided passphrase" + break + else + attempts=$((attempts + 1)) + if [ $attempts -eq 3 ]; then + die "Failed to unlock LUKS device $dev with the provided passphrase. Exiting..." + else + echo "Incorrect passphrase. Please try again." + fi + fi + done +done -if [ "$key_password" != "$key_password2" ]; then - die "Key passphrases do not match" -fi +attempts=0 +while [ $attempts -lt 3 ]; do + read -s -p "New LUKS TPM Disk Unlock Key passphrase for booting: " key_password + echo + read -s -p "Repeat LUKS TPM Disk Unlock Key passphrase for booting: " key_password2 + echo + if [ "$key_password" != "$key_password2" ]; then + attempts=$((attempts + 1)) + if [ $attempts -eq 3 ]; then + die "Key passphrases do not match. Exiting..." + else + echo "Key passphrases do not match. Please try again." + fi + else + break + fi +done # Generate key file echo "++++++ Generating new randomized 128 bytes key file that will be sealed/unsealed by LUKS TPM Disk Unlock Key passphrase" dd \ if=/dev/urandom \ - of="$KEY_FILE" \ + of="$DUK_KEY_FILE" \ bs=1 \ count=128 \ 2>/dev/null || die "Unable to generate 128 random bytes" +previous_luks_header_version=0 for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do - DEBUG "Testing $RECOVERY_KEY keyfile created from provided passphrase against $dev" - if ! cryptsetup luksOpen --test-passphrase --key-file "$RECOVERY_KEY" $dev; then - die "$dev: Unable to unlock LUKS device with privided passphrase. Exiting..." + # Test the recovery key against the device before going any further + DEBUG "Testing $DISK_RECOVERY_KEY_FILE keyfile created from provided passphrase against $dev" + if ! cryptsetup open $dev --test-passphrase --key-file "$DISK_RECOVERY_KEY_FILE"; then + rm "$DISK_RECOVERY_KEY_FILE" + die "$dev: Unable to unlock LUKS device $dev with the provided passphrase. Exiting..." + fi + DEBUG "LUKS device $dev unlocked successfully with the provided passphrase" + # Check and store LUKS version of the devices to be used later + luks_version=$(cryptsetup luksDump "$dev" | grep "Version" | cut -d: -f2 | tr -d '[:space:]') + if [ "$luks_version" == "2" ] && [ "$previous_luks_header_version" == "1" ]; then + die "$dev: LUKSv2 device detected but LUKSv1 device was detected previously. Exiting..." + fi + + if [ $luks_version -eq 1 ] && [ $previous_luks_header_version -eq 2 ]; then + die "$dev: LUKSv1 device detected but LUKSv2 device was detected previously. Exiting..." + fi + + if [ "$luks_version" == "2" ]; then + #keyslot is the last slot for LUKSv2 which is 31 + duk_keyslot=31 + regex="^ ([0-9]+): luks2$" + sed_command="s/^ \([0-9]+\): luks2$/\1/" + + previous_luks_header_version=2 + DEBUG "LUKSv2 device detected for $dev" + elif [ "$luks_version" == "1" ]; then + #keyslot is the last slot for LUKSv1 which is 7 + duk_keyslot=7 + regex="Key Slot ([0-9]+): ENABLED" + sed_command='s/Key Slot ([0-9]+): ENABLED/\1/' + previous_luks_header_version=1 + DEBUG "LUKSv1 device detected for $dev" + else + die "$dev: Unsupported LUKS version $luks_version" fi - # We will use the following regex to find the slots that are enabled - regex="Slot ([0-9]+): ENABLED|\b([0-9]+): luks2" + # drk_key_slot will be the slot number where the passphrase was tested against as valid. We will keep that slot + drk_key_slot=-1 - # good_slot will be the slot number where the passphrase was tested against as valid. We will keep that slot - good_slot=-1 + TRACE_FUNC + luksDump=$(cryptsetup luksDump "$dev" | grep -E "$regex" | sed -r "$sed_command") + DEBUG "LUKS key slots for $dev: $luksDump" + TRACE_FUNC - # test each possible existing key slot of dev against keyfile $RECOVERY_KEY - for slot in $(cryptsetup luksDump "$dev" | grep -E "$regex" | sed -r 's/Slot ([0-9]+): ENABLED|\b([0-9]+): luks2/\1\2/'); do - if [ "$good_slot" -eq "-1" ]; then - if cryptsetup luksOpen --test-passphrase --key-file "$RECOVERY_KEY" $dev $slot; then - good_slot="$slot" + # test each possible existing key slot of dev against keyfile $DISK_RECOVERY_KEY_FILE + for slot in $luksDump; do + if [ "$drk_key_slot" == "-1" ]; then + if DO_WITH_DEBUG cryptsetup open --test-passphrase --key-slot $keyslot --key-file "$DISK_RECOVERY_KEY_FILE" $dev; then + drk_key_slot="$keyslot" + DEBUG "DRK slot is $drk_key_slot and key slot is $keyslot" break; fi fi done - # if we found a good slot, we wipe all the other slots on current $dev - for slot in $(cryptsetup luksDump "$dev" | grep -E "$regex" | sed -r 's/Slot ([0-9]+): ENABLED|\b([0-9]+): luks2/\1\2/'); do - if [ "$slot" -ne "$good_slot" ]; then + # if we didn't find the DRK key slot, we can't continue + if [ "$drk_key_slot" == "-1" ]; then + die "$dev: Unable to find the key slot where the passphrase was tested against as valid. Exiting..." + fi + + + # if we found the DRK key slot, we wipe all the other slots on current $dev + for slot in $luksDump; do + if [ "$keyslot" != "$drk_key_slot" ]; then #set wipe_desired to no by default wipe_desired="no" + DEBUG "wipe not desired for dev $dev's key slot $keyslot while DRK slot is $drk_key_slot" - if [ "$slot" -ne "1" ] && [ "$slot" -ne "8" ]; then - # Heads expects key-slot 1 or 8 to be used for TPM DUK setup. Ask user to confirm with big fat warning - read -p "WARNING: LUKS key-slot $slot is not typically used for TPM Disk Unlock Key setup. Are you sure you want to wipe it? [y/N] " -n 1 -r + if [ "$keyslot" -ne "1" ] && [ "$keyslot" != "$drk_key_slot" ]; then + # Heads expects key-slot LUKSv1:7 or LUKSv2:31 to be used for TPM DUK setup. + #Ask user to confirm with big fat warning otherwise + read -p "WARNING: LUKS key-slot $keyslot is not typically used for TPM Disk Unlock Key setup. Are you sure you want to wipe it? [y/N] " -n 1 -r + echo # If user does not confirm, skip this slot if [[ $REPLY =~ ^[Yy]$ ]]; then wipe_desired="yes" fi else - # If slot is 1 or 8, we wipe it without asking since not DRK's good keyslot + # If key slot is 1 (prior behavior) or LUKsv1:7 LUKSv2:31, we wipe it without asking since not DRK's good keyslot wipe_desired="yes" + DEBUG "wipe key desired for $keyslot" fi if [ "$wipe_desired" == "yes" ]; then - echo "++++++ $dev: Wiping LUKS key-slot $slot" - cryptsetup luksKillSlot \ - --key-file "$RECOVERY_KEY" \ - $dev $slot || - warn "$dev: removal of LUKS slot $slot failed: Continuing" + echo "++++++ $dev: Wiping LUKS key-slot $keyslot" + DO_WITH_DEBUG cryptsetup luksKillSlot \ + --key-file "$DISK_RECOVERY_KEY_FILE" \ + $dev $keyslot || + warn "$dev: removal of LUKS slot $keyslot failed: Continuing" fi fi done - # We then add the new key to the luks key slot 8 + # We then add the new key to the luks key slot LUKSv1:7 or LUKSv2:31 for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do - echo "++++++ $dev: Adding LUKS TPM Disk Unlock Key to LUKS key-slot 8" - cryptsetup luksAddKey \ - --key-file "$RECOVERY_KEY" \ - --new-key-slot 8 \ - $dev "$KEY_FILE" > /dev/null 2>&1|| - die "$dev: Unable to add LUKS TPM Disk Unlock Key to LUKS key-slot #8" + echo "++++++ $dev: Adding LUKS TPM Disk Unlock Key to LUKS key-slot $duk_keyslot" + DO_WITH_DEBUG cryptsetup luksAddKey \ + --key-file "$DISK_RECOVERY_KEY_FILE" \ + --new-key-slot $duk_keyslot \ + $dev "$DUK_KEY_FILE" || + die "$dev: Unable to add LUKS TPM Disk Unlock Key to LUKS key-slot $duk_keyslot" done done @@ -161,13 +231,13 @@ tpmr calcfuturepcr 6 "/tmp/luksDump.txt" >>"$pcrf" tpmr pcrread -a 7 "$pcrf" DO_WITH_DEBUG --mask-position 7 \ - tpmr seal "$KEY_FILE" "$TPM_INDEX" 0,1,2,3,4,5,6,7 "$pcrf" \ + tpmr seal "$DUK_KEY_FILE" "$TPM_INDEX" 0,1,2,3,4,5,6,7 "$pcrf" \ "$TPM_SIZE" "$key_password" || die "Unable to write LUKS TPM Disk Unlock Key to NVRAM" # should be okay if this fails shred -n 10 -z -u "$pcrf" 2>/dev/null || warn "Failed to delete pcrf file - continuing" -shred -n 10 -z -u "$KEY_FILE" 2>/dev/null || +shred -n 10 -z -u "$DUK_KEY_FILE" 2>/dev/null || warn "Failed to delete key file - continuing" mount -o rw,remount $paramsdir || warn "Failed to remount $paramsdir in RW - continuing" diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index 0605bb201..85a08d99b 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -307,7 +307,7 @@ test_luks_current_disk_recovery_key_passphrase() #output test coming and do cryptsetup open call echo -e "\nTesting opening "$LUKS" LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase..." - cryptsetup luksOpen --test-passphrase $LUKS --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase + DO_WITH_DEBUG cryptsetup open --test-passphrase $LUKS --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase #Validate past cryptsetup reencrypt attempts if [ $? -ne 0 ]; then @@ -331,7 +331,7 @@ test_luks_current_disk_recovery_key_passphrase() #Exporting successfully used passphrase possibly reused by oem-factory-reset export luks_current_Disk_Recovery_Key_passphrase - #We export the LUKS volume the was tested valid with passphrase test + #We export the LUKS volume that was validated via passphrase test export LUKS #TODO what about non-standard BRTFS multi LUKS containers? @@ -363,7 +363,7 @@ luks_reencrypt() { # fist obtain which luks1/luks2 key-slot can be unlocked with the key-file DRK_KEYSLOT=-1 for i in $(seq 0 7); do - cryptsetup luksOpen --test-passphrase $LUKS --key-slot $i --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase > /dev/null 2>&1 + DO_WITH_DEBUG cryptsetup open --test-passphrase $LUKS --key-slot $i --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase > /dev/null 2>&1 if [ $? -eq 0 ]; then DRK_KEYSLOT=$i break @@ -476,7 +476,7 @@ luks_change_passphrase() #Cryptsetup was successful. echo "Success." - #Cleanup should be called seperately. + #Cleanup should be called separately #Exporting successfully used passphrase possibly reused by oem-factory-reset luks_current_Disk_Recovery_Key_passphrase=$luks_new_Disk_Recovery_Key_passphrase export luks_current_Disk_Recovery_Key_passphrase @@ -498,7 +498,7 @@ luks_secrets_cleanup() shred -n 10 -z -u /tmp/luks_new_Disk_Recovery_Key_passphrase 2>/dev/null || true shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null || true - #Unset variables if launched in same boot + #Unset variables (when in same boot) unset luks_current_Disk_Recovery_Key_passphrase unset luks_new_Disk_Recovery_Key_passphrase unset LUKS From 39516341e2a9ce8c9e1b2c56402f28ceae5ed211 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 17 May 2024 12:27:41 -0400 Subject: [PATCH 44/84] linux kernel 5.10.214: add patches, modify nix required shebangs.patch from #1661 (less and less required but still some). Cannot remove 5.10.5 because kgpe-d16 uses it. Signed-off-by: Thierry Laurion --- patches/linux-5.10.214/0001-fake-acpi.patch | 32 +++++++++++++++ patches/linux-5.10.214/0002-nmi-squelch.patch | 20 ++++++++++ .../linux-5.10.214/0003-fake-trampoline.patch | 28 +++++++++++++ .../linux-5.10.214/0010-winterfell-ahci.patch | 18 +++++++++ patches/linux-5.10.214/shebangs.patch | 40 +++++++++++++++++++ 5 files changed, 138 insertions(+) create mode 100644 patches/linux-5.10.214/0001-fake-acpi.patch create mode 100644 patches/linux-5.10.214/0002-nmi-squelch.patch create mode 100644 patches/linux-5.10.214/0003-fake-trampoline.patch create mode 100644 patches/linux-5.10.214/0010-winterfell-ahci.patch create mode 100644 patches/linux-5.10.214/shebangs.patch diff --git a/patches/linux-5.10.214/0001-fake-acpi.patch b/patches/linux-5.10.214/0001-fake-acpi.patch new file mode 100644 index 000000000..0c8b3b546 --- /dev/null +++ b/patches/linux-5.10.214/0001-fake-acpi.patch @@ -0,0 +1,32 @@ +diff --recursive -u ./clean/linux-4.9.80/drivers/acpi/acpica/evxfevnt.c linux-4.9.80/drivers/acpi/acpica/evxfevnt.c +--- ./clean/linux-4.9.80/drivers/acpi/acpica/evxfevnt.c 2018-02-03 11:05:43.000000000 -0500 ++++ linux-4.9.80/drivers/acpi/acpica/evxfevnt.c 2018-02-07 15:51:28.786502597 -0500 +@@ -111,6 +111,8 @@ + } + + ACPI_ERROR((AE_INFO, "Hardware did not enter ACPI mode")); ++printk("%s:%d faking ACPI mode\n", __func__, __LINE__); ++ return_ACPI_STATUS(AE_OK); + return_ACPI_STATUS(AE_NO_HARDWARE_RESPONSE); + } + +diff --recursive -u ./clean/linux-4.9.80/drivers/acpi/acpica/hwacpi.c linux-4.9.80/drivers/acpi/acpica/hwacpi.c +--- ./clean/linux-4.9.80/drivers/acpi/acpica/hwacpi.c 2018-02-03 11:05:43.000000000 -0500 ++++ linux-4.9.80/drivers/acpi/acpica/hwacpi.c 2018-02-07 15:51:35.126557868 -0500 +@@ -168,12 +168,16 @@ + + status = acpi_read_bit_register(ACPI_BITREG_SCI_ENABLE, &value); + if (ACPI_FAILURE(status)) { ++printk("%s:%d faking ACPI mode\n", __func__, __LINE__); ++ return_UINT32(ACPI_SYS_MODE_ACPI); + return_UINT32(ACPI_SYS_MODE_LEGACY); + } + + if (value) { + return_UINT32(ACPI_SYS_MODE_ACPI); + } else { ++//printk("%s:%d faking ACPI mode\n", __func__, __LINE__); ++// return_UINT32(ACPI_SYS_MODE_ACPI); + return_UINT32(ACPI_SYS_MODE_LEGACY); + } + } diff --git a/patches/linux-5.10.214/0002-nmi-squelch.patch b/patches/linux-5.10.214/0002-nmi-squelch.patch new file mode 100644 index 000000000..bce1cd2f0 --- /dev/null +++ b/patches/linux-5.10.214/0002-nmi-squelch.patch @@ -0,0 +1,20 @@ +diff --recursive -u ./clean/linux-4.9.80/arch/x86/kernel/nmi.c linux-4.9.80/arch/x86/kernel/nmi.c +--- ./clean/linux-4.9.80/arch/x86/kernel/nmi.c 2018-02-03 11:05:43.000000000 -0500 ++++ linux-4.9.80/arch/x86/kernel/nmi.c 2018-02-07 18:56:10.475613884 -0500 +@@ -303,6 +303,8 @@ + + __this_cpu_add(nmi_stats.unknown, 1); + ++#if 0 ++// qemu generates these for some reason + pr_emerg("Uhhuh. NMI received for unknown reason %02x on CPU %d.\n", + reason, smp_processor_id()); + +@@ -311,6 +313,7 @@ + nmi_panic(regs, "NMI: Not continuing"); + + pr_emerg("Dazed and confused, but trying to continue\n"); ++#endif + } + NOKPROBE_SYMBOL(unknown_nmi_error); + diff --git a/patches/linux-5.10.214/0003-fake-trampoline.patch b/patches/linux-5.10.214/0003-fake-trampoline.patch new file mode 100644 index 000000000..e6ec15c9b --- /dev/null +++ b/patches/linux-5.10.214/0003-fake-trampoline.patch @@ -0,0 +1,28 @@ +diff --recursive -u ./clean/linux-4.9.80/arch/x86/realmode/init.c linux-4.9.80/arch/x86/realmode/init.c +--- ./clean/linux-4.9.80/arch/x86/realmode/init.c 2018-02-03 11:05:43.000000000 -0500 ++++ linux-4.9.80/arch/x86/realmode/init.c 2018-02-07 15:51:28.538500435 -0500 +@@ -35,8 +35,8 @@ + /* Has to be under 1M so we can execute real-mode AP code. */ + mem = memblock_find_in_range(0, 1<<20, size, PAGE_SIZE); + if (!mem) { +- pr_info("No sub-1M memory is available for the trampoline\n"); +- return; ++ mem = 0x4000; ++ pr_info("No sub-1M memory is available for the trampoline, guessing %p\n", mem); + } + + memblock_reserve(mem, size); +@@ -138,7 +138,12 @@ + static int __init init_real_mode(void) + { + if (!real_mode_header) +- panic("Real mode trampoline was not allocated"); ++ { ++ // ignore for now ++ //panic("Real mode trampoline was not allocated"); ++ pr_warn("Real mode trampoline was not allocated"); ++ return 0; ++ } + + setup_real_mode(); + set_real_mode_permissions(); diff --git a/patches/linux-5.10.214/0010-winterfell-ahci.patch b/patches/linux-5.10.214/0010-winterfell-ahci.patch new file mode 100644 index 000000000..9c4df7e28 --- /dev/null +++ b/patches/linux-5.10.214/0010-winterfell-ahci.patch @@ -0,0 +1,18 @@ +diff --recursive -u ./clean/linux-4.9.80/drivers/ata/libahci.c linux-4.9.80/drivers/ata/libahci.c +--- ./clean/linux-4.9.80/drivers/ata/libahci.c 2018-02-03 11:05:43.000000000 -0500 ++++ linux-4.9.80/drivers/ata/libahci.c 2018-02-07 18:02:32.526535910 -0500 +@@ -537,8 +537,12 @@ + } + + /* fabricate port_map from cap.nr_ports for < AHCI 1.3 */ +- if (!port_map && vers < 0x10300) { +- port_map = (1 << ahci_nr_ports(cap)) - 1; ++ if (!port_map) { // && vers < 0x10300) { ++ printk("%s: saved_port=%02x\n", __func__, hpriv->saved_port_map); ++ writel(0x1, mmio + HOST_PORTS_IMPL); ++ port_map = readl(mmio + HOST_PORTS_IMPL); ++ ++ //port_map = (1 << ahci_nr_ports(cap)) - 1; + dev_warn(dev, "forcing PORTS_IMPL to 0x%x\n", port_map); + + /* write the fixed up value to the PI register */ diff --git a/patches/linux-5.10.214/shebangs.patch b/patches/linux-5.10.214/shebangs.patch new file mode 100644 index 000000000..34164d291 --- /dev/null +++ b/patches/linux-5.10.214/shebangs.patch @@ -0,0 +1,40 @@ +diff --git a/scripts/check-sysctl-docs b/scripts/check-sysctl-docs +index 8bcb9e26c7bc..90137319c50a 100755 +--- a/scripts/check-sysctl-docs ++++ b/scripts/check-sysctl-docs +@@ -1,4 +1,4 @@ +-#!/usr/bin/gawk -f ++#!/usr/bin/env -S gawk -f + # SPDX-License-Identifier: GPL-2.0 + + # Script to check sysctl documentation against source files +diff --git a/scripts/ld-version.sh b/scripts/ld-version.sh +index f2be0ff9a738..7a5b546ece16 100755 +--- a/scripts/ld-version.sh ++++ b/scripts/ld-version.sh +@@ -1,4 +1,4 @@ +-#!/usr/bin/awk -f ++#!/usr/bin/env -S awk -f + # SPDX-License-Identifier: GPL-2.0 + # extract linker version number from stdin and turn into single number + { +diff --git a/scripts/parse-maintainers.pl b/scripts/parse-maintainers.pl +index 2ca4eb3f190d..9515765158fa 100755 +--- a/scripts/parse-maintainers.pl ++++ b/scripts/parse-maintainers.pl +@@ -1,4 +1,4 @@ +-#!/usr/bin/perl -w ++#!/usr/bin/env -S perl -w + # SPDX-License-Identifier: GPL-2.0 + + use strict; +diff --git a/scripts/ver_linux b/scripts/ver_linux +index 0968a3070eff..345b92f71d2d 100755 +--- a/scripts/ver_linux ++++ b/scripts/ver_linux +@@ -1,4 +1,4 @@ +-#!/usr/bin/awk -f ++#!/usr/bin/env -S awk -f + # SPDX-License-Identifier: GPL-2.0 + # Before running this script please ensure that your PATH is + # typical as you use for compilation/installation. I use From 96d78fd631afd2bd00ca8d224b560922a797e8b0 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 17 May 2024 12:41:52 -0400 Subject: [PATCH 45/84] modules/openssl: keep hack, silence error on console when openssl is included for builds (affects tpm2 boards builds) Signed-off-by: Thierry Laurion --- modules/openssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/openssl b/modules/openssl index 47072442b..a3101c009 100644 --- a/modules/openssl +++ b/modules/openssl @@ -8,7 +8,7 @@ openssl_url := https://www.openssl.org/source/$(openssl_tar) openssl_hash := 6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e # hack to provide path to libgcc -LIBGCC_DIR := $(dir $(shell $(heads_cc) -print-libgcc-file-name)) +LIBGCC_DIR := $(dir $(shell $(heads_cc) -print-libgcc-file-name 2>/dev/null)) # The only optional algorithm that's enabled is SM3. tpm2-tss uses SHA, AES, # and SM3. From f70a924be555aeeb26d2bb605bbeebd9bae58cfb Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 17 May 2024 14:06:00 -0400 Subject: [PATCH 46/84] WIP (taking relevant changes from https://github.com/tlaurion/heads/tree/cryptsetup_version_bump-reencryption_cleanup-staging - LUKSv1 works Signed-off-by: Thierry Laurion --- initrd/bin/kexec-seal-key | 70 ++++++++++++++++++++++----------------- 1 file changed, 40 insertions(+), 30 deletions(-) diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key index c1847fa79..54d043e0e 100755 --- a/initrd/bin/kexec-seal-key +++ b/initrd/bin/kexec-seal-key @@ -5,6 +5,23 @@ set -e -o pipefail . /etc/functions +find_drk_key_slot() { + local temp_drk_key_slot="" + local keyslot + + for keyslot in "${luks_used_keyslots[@]}"; do + if [ -z "$temp_drk_key_slot" ]; then + if DO_WITH_DEBUG cryptsetup open --test-passphrase --key-slot "$keyslot" --key-file "$DISK_RECOVERY_KEY_FILE" "$dev"; then + temp_drk_key_slot="$keyslot" + DEBUG "DRK slot is $temp_drk_key_slot and key slot is $keyslot" + break + fi + fi + done + + echo "$temp_drk_key_slot" +} + TPM_INDEX=3 TPM_SIZE=312 DUK_KEY_FILE="/tmp/secret/secret.key" @@ -44,7 +61,6 @@ fi DEBUG "$(pcrs)" - for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do attempts=0 while [ $attempts -lt 3 ]; do @@ -53,7 +69,7 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do echo DEBUG "Testing $DISK_RECOVERY_KEY_FILE keyfile created from provided passphrase against $dev" - if cryptsetup open $dev --test-passphrase --key-file "$DISK_RECOVERY_KEY_FILE"; then + if cryptsetup open $dev --test-passphrase --key-file "$DISK_RECOVERY_KEY_FILE" >/dev/null 2>&1; then DEBUG "LUKS device $dev unlocked successfully with the provided passphrase" break else @@ -100,7 +116,7 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do # Test the recovery key against the device before going any further DEBUG "Testing $DISK_RECOVERY_KEY_FILE keyfile created from provided passphrase against $dev" if ! cryptsetup open $dev --test-passphrase --key-file "$DISK_RECOVERY_KEY_FILE"; then - rm "$DISK_RECOVERY_KEY_FILE" + rm "$DISK_RECOVERY_KEY_FILE" die "$dev: Unable to unlock LUKS device $dev with the provided passphrase. Exiting..." fi DEBUG "LUKS device $dev unlocked successfully with the provided passphrase" @@ -113,13 +129,12 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do if [ $luks_version -eq 1 ] && [ $previous_luks_header_version -eq 2 ]; then die "$dev: LUKSv1 device detected but LUKSv2 device was detected previously. Exiting..." fi - + if [ "$luks_version" == "2" ]; then #keyslot is the last slot for LUKSv2 which is 31 duk_keyslot=31 regex="^ ([0-9]+): luks2$" - sed_command="s/^ \([0-9]+\): luks2$/\1/" - + sed_command="s/^ \([0-9]+\): luks2/\1/" previous_luks_header_version=2 DEBUG "LUKSv2 device detected for $dev" elif [ "$luks_version" == "1" ]; then @@ -134,52 +149,47 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do fi # drk_key_slot will be the slot number where the passphrase was tested against as valid. We will keep that slot - drk_key_slot=-1 + drk_key_slot="-1" TRACE_FUNC - luksDump=$(cryptsetup luksDump "$dev" | grep -E "$regex" | sed -r "$sed_command") - DEBUG "LUKS key slots for $dev: $luksDump" + luks_used_keyslots=( $(cryptsetup luksDump "$dev" | grep -E "$regex" | sed -r "$sed_command") ) + DEBUG "LUKS key slots for $dev: ${luks_used_keyslots[*]}" TRACE_FUNC - # test each possible existing key slot of dev against keyfile $DISK_RECOVERY_KEY_FILE - for slot in $luksDump; do - if [ "$drk_key_slot" == "-1" ]; then - if DO_WITH_DEBUG cryptsetup open --test-passphrase --key-slot $keyslot --key-file "$DISK_RECOVERY_KEY_FILE" $dev; then - drk_key_slot="$keyslot" - DEBUG "DRK slot is $drk_key_slot and key slot is $keyslot" - break; - fi - fi - done + # Assign the temporary variable to drk_key_slot after the loop + drk_key_slot=$(find_drk_key_slot) - # if we didn't find the DRK key slot, we can't continue + #if we didn't find the DRK key slot, we can't continue (we should not arrive here) if [ "$drk_key_slot" == "-1" ]; then die "$dev: Unable to find the key slot where the passphrase was tested against as valid. Exiting..." fi - # if we found the DRK key slot, we wipe all the other slots on current $dev - for slot in $luksDump; do + for keyslot in "${luks_used_keyslots[@]}"; do if [ "$keyslot" != "$drk_key_slot" ]; then #set wipe_desired to no by default wipe_desired="no" - DEBUG "wipe not desired for dev $dev's key slot $keyslot while DRK slot is $drk_key_slot" - if [ "$keyslot" -ne "1" ] && [ "$keyslot" != "$drk_key_slot" ]; then - # Heads expects key-slot LUKSv1:7 or LUKSv2:31 to be used for TPM DUK setup. + if [ "$keyslot" != "$drk_key_slot" ] && [ "$keyslot" == "1" ]; then + # If keyslot is 1 (earlier DUK fixated behavior) or LUKsv1:7/LUKSv2:31 + # we wipe it without asking since not DRK's good keyslot. + wipe_desired="yes" + DEBUG "LUKS keyslot $keyslot not DRK. Will wipe this DUK keyslot silently" + elif [ "$keyslot" != "$drk_key_slot" ] && [ "$keyslot" != "$duk_keyslot" ]; then + # Heads expects key-slot LUKSv1:7 or LUKSv2:31 to be used for TPM DUK setup. #Ask user to confirm with big fat warning otherwise - read -p "WARNING: LUKS key-slot $keyslot is not typically used for TPM Disk Unlock Key setup. Are you sure you want to wipe it? [y/N] " -n 1 -r + read -p "WARNING: LUKS key-slot $keyslot is not typical ($duk_keyslot expected) for TPM Disk Unlock Key setup. Are you sure you want to wipe it? [y/N] " -n 1 -r echo # If user does not confirm, skip this slot if [[ $REPLY =~ ^[Yy]$ ]]; then wipe_desired="yes" fi - else - # If key slot is 1 (prior behavior) or LUKsv1:7 LUKSv2:31, we wipe it without asking since not DRK's good keyslot + elif [ "$keyslot" == "$duk_keyslot" ]; then + # If keyslot is the expected DUK keyslot, we wipe it silently + DEBUG "LUKS keyslot $keyslot is the expected DUK keyslot. Will wipe this DUK keyslot silently" wipe_desired="yes" - DEBUG "wipe key desired for $keyslot" fi - + if [ "$wipe_desired" == "yes" ]; then echo "++++++ $dev: Wiping LUKS key-slot $keyslot" DO_WITH_DEBUG cryptsetup luksKillSlot \ From 7fee8241fc9090b5b8586841ed9c812e0b4c7e45 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 17 May 2024 15:39:24 -0400 Subject: [PATCH 47/84] kexec-seal-key: works with both LUKS2/LUKSv1 Signed-off-by: Thierry Laurion --- initrd/bin/kexec-seal-key | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key index a9085a7c7..6f144be95 100755 --- a/initrd/bin/kexec-seal-key +++ b/initrd/bin/kexec-seal-key @@ -6,20 +6,20 @@ set -e -o pipefail . /etc/functions find_drk_key_slot() { - local temp_drk_key_slot="" - local keyslot + local temp_drk_key_slot="" + local keyslot - for keyslot in "${luks_used_keyslots[@]}"; do - if [ -z "$temp_drk_key_slot" ]; then - if DO_WITH_DEBUG cryptsetup open --test-passphrase --key-slot "$keyslot" --key-file "$DISK_RECOVERY_KEY_FILE" "$dev"; then - temp_drk_key_slot="$keyslot" - DEBUG "DRK slot is $temp_drk_key_slot and key slot is $keyslot" - break - fi - fi - done + for keyslot in "${luks_used_keyslots[@]}"; do + if [ -z "$temp_drk_key_slot" ]; then + if DO_WITH_DEBUG cryptsetup open --test-passphrase --key-slot "$keyslot" --key-file "$DISK_RECOVERY_KEY_FILE" "$dev"; then + temp_drk_key_slot="$keyslot" + DEBUG "DRK slot is $temp_drk_key_slot and key slot is $keyslot" + break + fi + fi + done - echo "$temp_drk_key_slot" + echo "$temp_drk_key_slot" } TPM_INDEX=3 @@ -131,17 +131,17 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do fi if [ "$luks_version" == "2" ]; then - #keyslot is the last slot for LUKSv2 which is 31 + # keyslot is the last slot for LUKSv2 which is 31 duk_keyslot=31 - regex="([0-9]+): luks2" - sed_command="s/\([0-9]+\): luks2/\1/" + regex="^\s+([0-9]+):\s*luks2" + sed_command="s/^\s\+\([0-9]\+\):\s*luks2/\1/g" previous_luks_header_version=2 DEBUG "LUKSv2 device detected for $dev" elif [ "$luks_version" == "1" ]; then - #keyslot is the last slot for LUKSv1 which is 7 + # keyslot is the last slot for LUKSv1 which is 7 duk_keyslot=7 regex="Key Slot ([0-9]+): ENABLED" - sed_command='s/Key Slot ([0-9]+): ENABLED/\1/' + sed_command='s/Key Slot \([0-9]\+\): ENABLED/\1/' previous_luks_header_version=1 DEBUG "LUKSv1 device detected for $dev" else @@ -152,7 +152,7 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do drk_key_slot="-1" TRACE_FUNC - luks_used_keyslots=( $(cryptsetup luksDump "$dev" | grep -E "$regex" | sed -r "$sed_command") ) + luks_used_keyslots=($(cryptsetup luksDump "$dev" | grep -E "$regex" | sed "$sed_command")) DEBUG "LUKS key slots for $dev: ${luks_used_keyslots[*]}" TRACE_FUNC @@ -190,7 +190,7 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do wipe_desired="yes" fi - if [ "$wipe_desired" == "yes" ]; then + if [ "$wipe_desired" == "yes" ] && [ "$keyslot" != "$drk_key_slot" ]; then echo "++++++ $dev: Wiping LUKS key-slot $keyslot" DO_WITH_DEBUG cryptsetup luksKillSlot \ --key-file "$DISK_RECOVERY_KEY_FILE" \ From 38cd42c81262e607254d8c7171f595853be97153 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sat, 18 May 2024 15:10:01 -0400 Subject: [PATCH 48/84] WiP : testing on Q4.2.1 with BTRFS (two luks) shows some logic issues. Caching of DUK should happen but doesn't so: two prompts for DRK wiping only occurs on first LUKS TODO fix and revert changes unneaded in this commit, context switching Signed-off-by: Thierry Laurion --- initrd/bin/kexec-seal-key | 58 ++++++++++++++++-------------------- initrd/bin/oem-factory-reset | 2 +- 2 files changed, 26 insertions(+), 34 deletions(-) diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key index 6f144be95..12537c807 100755 --- a/initrd/bin/kexec-seal-key +++ b/initrd/bin/kexec-seal-key @@ -11,9 +11,10 @@ find_drk_key_slot() { for keyslot in "${luks_used_keyslots[@]}"; do if [ -z "$temp_drk_key_slot" ]; then + DEBUG "Testing LUKS key-slot $keyslot against $DISK_RECOVERY_KEY_FILE for Disk Recovery Key slot..." if DO_WITH_DEBUG cryptsetup open --test-passphrase --key-slot "$keyslot" --key-file "$DISK_RECOVERY_KEY_FILE" "$dev"; then temp_drk_key_slot="$keyslot" - DEBUG "DRK slot is $temp_drk_key_slot and key slot is $keyslot" + DEBUG "Disk Recovery key slot is $temp_drk_key_slot" break fi fi @@ -64,17 +65,17 @@ DEBUG "$(pcrs)" for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do attempts=0 while [ $attempts -lt 3 ]; do - read -s -p "Enter LUKS Disk Recovery Key/passphrase for $dev: " disk_password + read -s -p "Enter LUKS Disk Recovery Key (DRK) passphrase for $dev: " disk_password echo -n "$disk_password" >"$DISK_RECOVERY_KEY_FILE" echo DEBUG "Testing $DISK_RECOVERY_KEY_FILE keyfile created from provided passphrase against $dev" if cryptsetup open $dev --test-passphrase --key-file "$DISK_RECOVERY_KEY_FILE" >/dev/null 2>&1; then - DEBUG "LUKS device $dev unlocked successfully with the provided passphrase" + DEBUG "LUKS device $dev unlocked successfully with the DRK passphrase" break else attempts=$((attempts + 1)) - if [ $attempts -eq 3 ]; then + if [ "$attempts" == "3" ]; then die "Failed to unlock LUKS device $dev with the provided passphrase. Exiting..." else echo "Incorrect passphrase. Please try again." @@ -85,16 +86,16 @@ done attempts=0 while [ $attempts -lt 3 ]; do - read -s -p "New LUKS TPM Disk Unlock Key passphrase for booting: " key_password + read -s -p "New LUKS TPM Disk Unlock Key passphrase (DUK) for booting: " key_password echo - read -s -p "Repeat LUKS TPM Disk Unlock Key passphrase for booting: " key_password2 + read -s -p "Repeat LUKS TPM Disk Unlock Key (DUK) passphrase for booting: " key_password2 echo if [ "$key_password" != "$key_password2" ]; then attempts=$((attempts + 1)) - if [ $attempts -eq 3 ]; then - die "Key passphrases do not match. Exiting..." + if [ "$attempts" == "3" ]; then + die "Disk Unlock Key passphrases do not match. Exiting..." else - echo "Key passphrases do not match. Please try again." + echo "Disk Unlock Key passphrases do not match. Please try again." fi else break @@ -113,21 +114,14 @@ dd \ previous_luks_header_version=0 for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do - # Test the recovery key against the device before going any further - DEBUG "Testing $DISK_RECOVERY_KEY_FILE keyfile created from provided passphrase against $dev" - if ! cryptsetup open $dev --test-passphrase --key-file "$DISK_RECOVERY_KEY_FILE"; then - rm "$DISK_RECOVERY_KEY_FILE" - die "$dev: Unable to unlock LUKS device $dev with the provided passphrase. Exiting..." - fi - DEBUG "LUKS device $dev unlocked successfully with the provided passphrase" # Check and store LUKS version of the devices to be used later luks_version=$(cryptsetup luksDump "$dev" | grep "Version" | cut -d: -f2 | tr -d '[:space:]') if [ "$luks_version" == "2" ] && [ "$previous_luks_header_version" == "1" ]; then - die "$dev: LUKSv2 device detected but LUKSv1 device was detected previously. Exiting..." + die "$dev: LUKSv2 device detected while LUKSv1 device was detected previously. Exiting..." fi - if [ $luks_version -eq 1 ] && [ $previous_luks_header_version -eq 2 ]; then - die "$dev: LUKSv1 device detected but LUKSv2 device was detected previously. Exiting..." + if [ "$luks_version" == "1" ] && [ "$previous_luks_header_version" == "2" ]; then + die "$dev: LUKSv1 device detected while LUKSv2 device was detected previously. Exiting..." fi if [ "$luks_version" == "2" ]; then @@ -136,14 +130,14 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do regex="^\s+([0-9]+):\s*luks2" sed_command="s/^\s\+\([0-9]\+\):\s*luks2/\1/g" previous_luks_header_version=2 - DEBUG "LUKSv2 device detected for $dev" + DEBUG "$dev: LUKSv2 device detected" elif [ "$luks_version" == "1" ]; then # keyslot is the last slot for LUKSv1 which is 7 duk_keyslot=7 regex="Key Slot ([0-9]+): ENABLED" sed_command='s/Key Slot \([0-9]\+\): ENABLED/\1/' previous_luks_header_version=1 - DEBUG "LUKSv1 device detected for $dev" + DEBUG "$dev: LUKSv1 device detected" else die "$dev: Unsupported LUKS version $luks_version" fi @@ -151,34 +145,32 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do # drk_key_slot will be the slot number where the passphrase was tested against as valid. We will keep that slot drk_key_slot="-1" - TRACE_FUNC + # Get all the key slots that are used on $dev luks_used_keyslots=($(cryptsetup luksDump "$dev" | grep -E "$regex" | sed "$sed_command")) - DEBUG "LUKS key slots for $dev: ${luks_used_keyslots[*]}" - TRACE_FUNC - - # Assign the temporary variable to drk_key_slot after the loop + DEBUG "$dev LUKS key slots: ${luks_used_keyslots[*]}" + + #Find the key slot that can be unlocked with the provided passphrase drk_key_slot=$(find_drk_key_slot) - #if we didn't find the DRK key slot, we can't continue (we should not arrive here) + # If we didn't find the DRK key slot, we exit (this should never happen) if [ "$drk_key_slot" == "-1" ]; then - die "$dev: Unable to find the key slot where the passphrase was tested against as valid. Exiting..." + die "$dev: Unable to find a key slot that can be unlocked with provided passphrase. Exiting..." fi - # if we found the DRK key slot, we wipe all the other slots on current $dev + # If the key slot is not the expected DUK o FRK key slot, we will ask the user to confirm the wipe for keyslot in "${luks_used_keyslots[@]}"; do if [ "$keyslot" != "$drk_key_slot" ]; then #set wipe_desired to no by default wipe_desired="no" if [ "$keyslot" != "$drk_key_slot" ] && [ "$keyslot" == "1" ]; then - # If keyslot is 1 (earlier DUK fixated behavior) or LUKsv1:7/LUKSv2:31 - # we wipe it without asking since not DRK's good keyslot. wipe_desired="yes" DEBUG "LUKS keyslot $keyslot not DRK. Will wipe this DUK keyslot silently" elif [ "$keyslot" != "$drk_key_slot" ] && [ "$keyslot" != "$duk_keyslot" ]; then # Heads expects key-slot LUKSv1:7 or LUKSv2:31 to be used for TPM DUK setup. - #Ask user to confirm with big fat warning otherwise - read -p "WARNING: LUKS key-slot $keyslot is not typical ($duk_keyslot expected) for TPM Disk Unlock Key setup. Are you sure you want to wipe it? [y/N] " -n 1 -r + # Ask user to confirm otherwise + wan "LUKS key-slot $keyslot is not typical ($duk_keyslot expected) for TPM Disk Unlock Key setup" + read -p "Are you sure you want to wipe it? [y/N] " -n 1 -r echo # If user does not confirm, skip this slot if [[ $REPLY =~ ^[Yy]$ ]]; then diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index ed28d2111..8c4c128f0 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -41,7 +41,7 @@ CUSTOM_PASS_AFFECTED_COMPONENTS="" # p256 also supported (TODO: nk3 supports RSA 4096 in secure element in firmare v1.7.1. Switch!? GPG_ALGO="RSA" # Default RSA key length is 3072 bits for OEM key gen. 4096 are way longer to generate in smartcard -RSA_KEY_LENGTH=3072 +RSA_KEY_LENGTH=2048 #TODO REVERT GPG_USER_NAME="OEM Key" GPG_KEY_NAME=$(date +%Y%m%d%H%M%S) From 5d7c6555a2af68ef64d676cb896e55d3924d6217 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 23 May 2024 15:44:53 -0400 Subject: [PATCH 49/84] WiP double luks setup works, still double luks passphrase prompt Signed-off-by: Thierry Laurion --- initrd/bin/kexec-seal-key | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key index 12537c807..6475f7d45 100755 --- a/initrd/bin/kexec-seal-key +++ b/initrd/bin/kexec-seal-key @@ -192,15 +192,13 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do fi done - # We then add the new key to the luks key slot LUKSv1:7 or LUKSv2:31 - for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do - echo "++++++ $dev: Adding LUKS TPM Disk Unlock Key to LUKS key-slot $duk_keyslot" - DO_WITH_DEBUG cryptsetup luksAddKey \ - --key-file "$DISK_RECOVERY_KEY_FILE" \ - --new-key-slot $duk_keyslot \ - $dev "$DUK_KEY_FILE" || - die "$dev: Unable to add LUKS TPM Disk Unlock Key to LUKS key-slot $duk_keyslot" - done + + echo "++++++ $dev: Adding LUKS TPM Disk Unlock Key to LUKS key-slot $duk_keyslot" + DO_WITH_DEBUG cryptsetup luksAddKey \ + --key-file "$DISK_RECOVERY_KEY_FILE" \ + --new-key-slot $duk_keyslot \ + $dev "$DUK_KEY_FILE" || + die "$dev: Unable to add LUKS TPM Disk Unlock Key to LUKS key-slot $duk_keyslot" done # Now that we have setup the new keys, measure the PCRs From a401d056118e97b2c9473aa180a435ae4d005b98 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 23 May 2024 20:17:01 -0400 Subject: [PATCH 50/84] WiP: done testing LUKS passphrase for Q4.2.1 BTRFS deployment(multiple LUKS containers scenario), cleanup keyslot-> key slot everywhere Signed-off-by: Thierry Laurion --- initrd/bin/kexec-save-default | 6 ++-- initrd/bin/kexec-seal-key | 55 +++++++++++++++++++++-------------- initrd/bin/oem-factory-reset | 6 ++-- initrd/etc/luks-functions | 4 +-- 4 files changed, 41 insertions(+), 30 deletions(-) diff --git a/initrd/bin/kexec-save-default b/initrd/bin/kexec-save-default index c7a4f04fa..b2df396c5 100755 --- a/initrd/bin/kexec-save-default +++ b/initrd/bin/kexec-save-default @@ -218,16 +218,16 @@ if [ "$CONFIG_TPM" = "y" ] && [ "$CONFIG_TPM_NO_LUKS_DISK_UNLOCK" != "y" ] && [ save_key="y" fi else - DEBUG "No previous LUKS TPM Disk Unlock Key was set up, confirming to add a Disk Encryption Key to the TPM" + DEBUG "No previous LUKS TPM Disk Unlock Key was set up, confirming to add a Disk Unlock Key (DUK) to the TPM" read \ -n 1 \ - -p "Do you wish to add a disk encryption to the TPM [y/N]: " \ + -p "Do you wish to add a disk encryption key to the TPM [y/N]: " \ add_key_confirm echo if [ "$add_key_confirm" = "y" \ -o "$add_key_confirm" = "Y" ]; then - DEBUG "User confirmed desire to add a Disk Encryption Key to the TPM" + DEBUG "User confirmed desire to add a Disk Unlock Key (DUK) to the TPM" save_key="y" fi fi diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key index 6475f7d45..0765d8b9e 100755 --- a/initrd/bin/kexec-seal-key +++ b/initrd/bin/kexec-seal-key @@ -11,7 +11,7 @@ find_drk_key_slot() { for keyslot in "${luks_used_keyslots[@]}"; do if [ -z "$temp_drk_key_slot" ]; then - DEBUG "Testing LUKS key-slot $keyslot against $DISK_RECOVERY_KEY_FILE for Disk Recovery Key slot..." + DEBUG "Testing LUKS key slot $keyslot against $DISK_RECOVERY_KEY_FILE for Disk Recovery Key slot..." if DO_WITH_DEBUG cryptsetup open --test-passphrase --key-slot "$keyslot" --key-file "$DISK_RECOVERY_KEY_FILE" "$dev"; then temp_drk_key_slot="$keyslot" DEBUG "Disk Recovery key slot is $temp_drk_key_slot" @@ -41,11 +41,12 @@ fi KEY_DEVICES="$paramsdir/kexec_key_devices.txt" KEY_LVM="$paramsdir/kexec_key_lvm.txt" +key_devices=$(cat "$KEY_DEVICES" | cut -d\ -f1 | tr '\n' ' ') if [ ! -r "$KEY_DEVICES" ]; then die "No devices defined for disk encryption" else - DEBUG "Devices defined for disk encryption: $(cat "$KEY_DEVICES" | cut -d\ -f1 | tr '\n' ' ')" + DEBUG "Devices defined for disk encryption: $key_devices" fi if [ -r "$KEY_LVM" ]; then @@ -62,23 +63,33 @@ fi DEBUG "$(pcrs)" -for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do + +luks_drk_passphrase_valid=0 +for dev in $key_devices ; do attempts=0 while [ $attempts -lt 3 ]; do - read -s -p "Enter LUKS Disk Recovery Key (DRK) passphrase for $dev: " disk_password - echo -n "$disk_password" >"$DISK_RECOVERY_KEY_FILE" - echo + if [ "$luks_drk_passphrase_valid" == "0" ]; then + # Ask for the passphrase only once + read -s -p "Enter LUKS Disk Recovery Key (DRK) passphrase that can unlock: $key_devices: " disk_recovery_key_passphrase + #Using he provided passphrase as the DRK "keyfile" for unattended operations + echo -n "$disk_recovery_key_passphrase" >"$DISK_RECOVERY_KEY_FILE" + echo + fi - DEBUG "Testing $DISK_RECOVERY_KEY_FILE keyfile created from provided passphrase against $dev" + DEBUG "Testing $DISK_RECOVERY_KEY_FILE keyfile created from provided passphrase against $dev individual key slots" if cryptsetup open $dev --test-passphrase --key-file "$DISK_RECOVERY_KEY_FILE" >/dev/null 2>&1; then DEBUG "LUKS device $dev unlocked successfully with the DRK passphrase" + luks_drk_passphrase_valid=1 break else attempts=$((attempts + 1)) - if [ "$attempts" == "3" ]; then + if [ "$attempts" == "3" ] && [ "$luks_drk_passphrase_valid" == "0" ]; then die "Failed to unlock LUKS device $dev with the provided passphrase. Exiting..." + elif [ "$attempts" != "3" ] && [ "$luks_drk_passphrase_valid" == "1" ]; then + #We failed unlocking with DRK passphrase another LUKS container + die "LUKS device $key_devices cannot all be unlocked with same passphrase. Please make $key_devices devices unlockable with the same passphrase. Exiting" else - echo "Incorrect passphrase. Please try again." + warn "Failed to unlock LUKS device $dev with the provided passphrase. Please try again." fi fi done @@ -95,7 +106,7 @@ while [ $attempts -lt 3 ]; do if [ "$attempts" == "3" ]; then die "Disk Unlock Key passphrases do not match. Exiting..." else - echo "Disk Unlock Key passphrases do not match. Please try again." + warn "Disk Unlock Key passphrases do not match. Please try again." fi else break @@ -113,7 +124,7 @@ dd \ die "Unable to generate 128 random bytes" previous_luks_header_version=0 -for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do +for dev in $key_devices; do # Check and store LUKS version of the devices to be used later luks_version=$(cryptsetup luksDump "$dev" | grep "Version" | cut -d: -f2 | tr -d '[:space:]') if [ "$luks_version" == "2" ] && [ "$previous_luks_header_version" == "1" ]; then @@ -125,14 +136,14 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do fi if [ "$luks_version" == "2" ]; then - # keyslot is the last slot for LUKSv2 which is 31 + # LUKSv2 last key slot is 31 duk_keyslot=31 regex="^\s+([0-9]+):\s*luks2" sed_command="s/^\s\+\([0-9]\+\):\s*luks2/\1/g" previous_luks_header_version=2 DEBUG "$dev: LUKSv2 device detected" elif [ "$luks_version" == "1" ]; then - # keyslot is the last slot for LUKSv1 which is 7 + # LUKSv1 last key slot is 7 duk_keyslot=7 regex="Key Slot ([0-9]+): ENABLED" sed_command='s/Key Slot \([0-9]\+\): ENABLED/\1/' @@ -165,11 +176,11 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do if [ "$keyslot" != "$drk_key_slot" ] && [ "$keyslot" == "1" ]; then wipe_desired="yes" - DEBUG "LUKS keyslot $keyslot not DRK. Will wipe this DUK keyslot silently" + DEBUG "LUKS key slot $keyslot not DRK. Will wipe this DUK key slot silently" elif [ "$keyslot" != "$drk_key_slot" ] && [ "$keyslot" != "$duk_keyslot" ]; then - # Heads expects key-slot LUKSv1:7 or LUKSv2:31 to be used for TPM DUK setup. + # Heads expects key slot LUKSv1:7 or LUKSv2:31 to be used for TPM DUK setup. # Ask user to confirm otherwise - wan "LUKS key-slot $keyslot is not typical ($duk_keyslot expected) for TPM Disk Unlock Key setup" + warn "LUKS key slot $keyslot is not typical ($duk_keyslot expected) for TPM Disk Unlock Key setup" read -p "Are you sure you want to wipe it? [y/N] " -n 1 -r echo # If user does not confirm, skip this slot @@ -177,13 +188,13 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do wipe_desired="yes" fi elif [ "$keyslot" == "$duk_keyslot" ]; then - # If keyslot is the expected DUK keyslot, we wipe it silently - DEBUG "LUKS keyslot $keyslot is the expected DUK keyslot. Will wipe this DUK keyslot silently" + # If key slot is the expected DUK keyslot, we wipe it silently + DEBUG "LUKS key slot $keyslot is the expected DUK key slot. Will wipe this DUK key slot silently" wipe_desired="yes" fi if [ "$wipe_desired" == "yes" ] && [ "$keyslot" != "$drk_key_slot" ]; then - echo "++++++ $dev: Wiping LUKS key-slot $keyslot" + echo "++++++ $dev: Wiping LUKS key slot $keyslot" DO_WITH_DEBUG cryptsetup luksKillSlot \ --key-file "$DISK_RECOVERY_KEY_FILE" \ $dev $keyslot || @@ -193,19 +204,19 @@ for dev in $(cat "$KEY_DEVICES" | cut -d\ -f1); do done - echo "++++++ $dev: Adding LUKS TPM Disk Unlock Key to LUKS key-slot $duk_keyslot" + echo "++++++ $dev: Adding LUKS TPM Disk Unlock Key to LUKS key slot $duk_keyslot" DO_WITH_DEBUG cryptsetup luksAddKey \ --key-file "$DISK_RECOVERY_KEY_FILE" \ --new-key-slot $duk_keyslot \ $dev "$DUK_KEY_FILE" || - die "$dev: Unable to add LUKS TPM Disk Unlock Key to LUKS key-slot $duk_keyslot" + die "$dev: Unable to add LUKS TPM Disk Unlock Key to LUKS key slot $duk_keyslot" done # Now that we have setup the new keys, measure the PCRs # We don't care what ends up in PCR 6; we just want # to get the /tmp/luksDump.txt file. We use PCR16 # since it should still be zero -cat "$KEY_DEVICES" | cut -d\ -f1 | xargs /bin/qubes-measure-luks || +echo "$key_devices" | xargs /bin/qubes-measure-luks || die "Unable to measure the LUKS headers" pcrf="/tmp/secret/pcrf.bin" diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset index 8c4c128f0..fa6da1bf1 100755 --- a/initrd/bin/oem-factory-reset +++ b/initrd/bin/oem-factory-reset @@ -265,20 +265,20 @@ keytocard_subkeys_to_smartcard() { { echo "key 1" #Toggle on Signature key in --edit-key mode on local keyring echo "keytocard" #Move Signature key to smartcard - echo "1" #Select Signature key keyslot on smartcard + echo "1" #Select Signature key key slot on smartcard echo "${ADMIN_PIN}" #Local keyring Subkey PIN echo "${ADMIN_PIN_DEF}" #Smartcard Admin PIN echo "0" #No expiration date echo "key 1" #Toggle off Signature key echo "key 2" #Toggle on Encryption key echo "keytocard" #Move Encryption key to smartcard - echo "2" #Select Encryption key keyslot on smartcard + echo "2" #Select Encryption key key slot on smartcard echo "${ADMIN_PIN}" #Local keyring Subkey PIN echo "${ADMIN_PIN_DEF}" #Smartcard Admin PIN echo "key 2" #Toggle off Encryption key echo "key 3" #Toggle on Authentication key echo "keytocard" #Move Authentication key to smartcard - echo "3" #Select Authentication key keyslot on smartcard + echo "3" #Select Authentication key key slot on smartcard echo "${ADMIN_PIN}" #Local keyring Subkey PIN echo "${ADMIN_PIN_DEF}" #Smartcard Admin PIN echo "key 3" #Toggle off Authentication key diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index 85a08d99b..0b5ec5170 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -370,7 +370,7 @@ luks_reencrypt() { fi done - #Validate if a key-slot was found + #Validate if a key slot was found if [ $DRK_KEYSLOT -eq -1 ]; then whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 @@ -387,7 +387,7 @@ luks_reencrypt() { continue fi - #now reencrypt the LUKS container with the same key-slot + #now reencrypt the LUKS container with the same key slot cryptsetup reencrypt --key-slot $DRK_KEYSLOT \ --perf-no_read_workqueue --perf-no_write_workqueue \ --resilience=none --force-offline-reencrypt --disable-locks \ From 33c0c92cded1fcd56d6b9d95166e878b1acef6c5 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 24 May 2024 09:43:50 -0400 Subject: [PATCH 51/84] kgpe-d16: bump linux kernel version used and config through linux.modify_and_save_oldconfig_in_place helper Signed-off-by: Thierry Laurion --- ...MAINTAINED_kgpe-d16_server-whiptail.config | 2 +- .../UNMAINTAINED_kgpe-d16_server.config | 2 +- ...D_kgpe-d16_workstation-usb_keyboard.config | 2 +- .../UNMAINTAINED_kgpe-d16_workstation.config | 2 +- config/linux-kgpe-d16_workstation.config | 64 ++++++++++++------- 5 files changed, 45 insertions(+), 27 deletions(-) diff --git a/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config b/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config index 045ccf01e..4dcbcfc6e 100644 --- a/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config +++ b/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config @@ -19,7 +19,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.11 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_server-whiptail.config CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_server-whiptail.config diff --git a/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config b/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config index 26a261ec9..07adbaaa9 100644 --- a/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config +++ b/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config @@ -17,7 +17,7 @@ # - Please support https://github.com/osresearch/heads/issues/719 export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.11 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_server.config CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_server.config diff --git a/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config b/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config index 519c78109..c9e0e83ef 100644 --- a/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config +++ b/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config @@ -13,7 +13,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.11 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_workstation-usb_keyboard.config CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_workstation.config diff --git a/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config b/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config index 6cee65ca1..c9fdddad7 100644 --- a/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config +++ b/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config @@ -17,7 +17,7 @@ export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.11 -export CONFIG_LINUX_VERSION=5.10.5 +export CONFIG_LINUX_VERSION=5.10.214 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_workstation.config CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_workstation.config diff --git a/config/linux-kgpe-d16_workstation.config b/config/linux-kgpe-d16_workstation.config index 40edf7261..88afbf860 100644 --- a/config/linux-kgpe-d16_workstation.config +++ b/config/linux-kgpe-d16_workstation.config @@ -1,12 +1,14 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.10.5 Kernel Configuration +# Linux/x86 5.10.214 Kernel Configuration # CONFIG_CC_VERSION_TEXT="x86_64-linux-musl-gcc (GCC) 8.3.0" CONFIG_CC_IS_GCC=y CONFIG_GCC_VERSION=80300 CONFIG_LD_VERSION=232000000 CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=23200 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y @@ -194,6 +196,7 @@ CONFIG_KALLSYMS_BASE_RELATIVE=y CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y # CONFIG_USERFAULTFD is not set CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +CONFIG_KCMP=y CONFIG_RSEQ=y # CONFIG_DEBUG_RSEQ is not set CONFIG_EMBEDDED=y @@ -264,7 +267,6 @@ CONFIG_SMP=y CONFIG_X86_FEATURE_NAMES=y # CONFIG_X86_MPPARSE is not set # CONFIG_GOLDFISH is not set -CONFIG_RETPOLINE=y # CONFIG_X86_CPU_RESCTRL is not set # CONFIG_X86_EXTENDED_PLATFORM is not set # CONFIG_X86_INTEL_LPSS is not set @@ -369,6 +371,14 @@ CONFIG_LEGACY_VSYSCALL_XONLY=y CONFIG_HAVE_LIVEPATCH=y # end of Processor type and features +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_RETPOLINE=y +CONFIG_RETHUNK=y +CONFIG_CPU_UNRET_ENTRY=y +CONFIG_CPU_IBPB_ENTRY=y +CONFIG_CPU_SRSO=y CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y @@ -539,6 +549,7 @@ CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_ARCH_HAS_FORTIFY_SOURCE=y CONFIG_ARCH_HAS_SET_MEMORY=y CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y CONFIG_HAVE_ASM_MODVERSIONS=y @@ -605,6 +616,10 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y # end of GCOV-based kernel profiling CONFIG_HAVE_GCC_PLUGINS=y +CONFIG_GCC_PLUGINS=y +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set +# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set # end of General architecture-dependent options CONFIG_RT_MUTEXES=y @@ -738,6 +753,7 @@ CONFIG_SYN_COOKIES=y # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set +CONFIG_INET_TABLE_PERTURB_ORDER=16 # CONFIG_INET_DIAG is not set # CONFIG_TCP_CONG_ADVANCED is not set CONFIG_TCP_CONG_CUBIC=y @@ -759,7 +775,6 @@ CONFIG_DEFAULT_TCP_CONG="cubic" CONFIG_HAVE_NET_DSA=y # CONFIG_NET_DSA is not set # CONFIG_VLAN_8021Q is not set -# CONFIG_DECNET is not set # CONFIG_LLC2 is not set # CONFIG_ATALK is not set # CONFIG_X25 is not set @@ -948,7 +963,6 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 # CONFIG_BLK_DEV_DRBD is not set # CONFIG_BLK_DEV_NBD is not set # CONFIG_BLK_DEV_SKD is not set -# CONFIG_BLK_DEV_SX8 is not set CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=65536 @@ -962,6 +976,7 @@ CONFIG_BLK_DEV_RAM_SIZE=65536 # # CONFIG_BLK_DEV_NVME is not set # CONFIG_NVME_FC is not set +# CONFIG_NVME_TCP is not set # end of NVME Support # @@ -1329,7 +1344,6 @@ CONFIG_NET_VENDOR_XILINX=y # CONFIG_NETDEVSIM is not set # CONFIG_NET_FAILOVER is not set # CONFIG_ISDN is not set -# CONFIG_NVM is not set # # Input device support @@ -1491,10 +1505,9 @@ CONFIG_TCG_TIS=y # CONFIG_TCG_TIS_ST33ZP24_I2C is not set # CONFIG_TELCLOCK is not set # CONFIG_XILLYBUS is not set -# end of Character devices - CONFIG_RANDOM_TRUST_CPU=y # CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices # # I2C support @@ -1630,6 +1643,7 @@ CONFIG_POWER_SUPPLY_HWMON=y # CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_SMB347 is not set # CONFIG_BATTERY_GAUGE_LTC2941 is not set +# CONFIG_BATTERY_RT5033 is not set # CONFIG_CHARGER_BD99954 is not set CONFIG_HWMON=y # CONFIG_HWMON_DEBUG_CHIP is not set @@ -1868,7 +1882,6 @@ CONFIG_BCMA_POSSIBLE=y # CONFIG_MFD_SKY81452 is not set # CONFIG_ABX500_CORE is not set CONFIG_MFD_SYSCON=y -# CONFIG_MFD_TI_AM335X_TSCADC is not set # CONFIG_MFD_LP3943 is not set # CONFIG_MFD_LP8788 is not set # CONFIG_MFD_TI_LMU is not set @@ -1960,7 +1973,6 @@ CONFIG_DRM_AMD_DC=y CONFIG_DRM_AMD_DC_DCN=y # CONFIG_DRM_AMD_DC_DCN3_0 is not set # CONFIG_DRM_AMD_DC_HDCP is not set -# CONFIG_DRM_AMD_DC_SI is not set # end of Display Engine Configuration # CONFIG_HSA_AMD is not set @@ -2100,6 +2112,7 @@ CONFIG_DUMMY_CONSOLE=y CONFIG_DUMMY_CONSOLE_COLUMNS=80 CONFIG_DUMMY_CONSOLE_ROWS=25 CONFIG_FRAMEBUFFER_CONSOLE=y +# CONFIG_FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION is not set CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y # CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set # CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set @@ -2467,7 +2480,6 @@ CONFIG_RTC_DRV_CMOS=y # CONFIG_SYNC_FILE=y # CONFIG_SW_SYNC is not set -# CONFIG_UDMABUF is not set # CONFIG_DMABUF_MOVE_NOTIFY is not set # CONFIG_DMABUF_SELFTESTS is not set # CONFIG_DMABUF_HEAPS is not set @@ -2873,7 +2885,6 @@ CONFIG_IO_WQ=y # CONFIG_KEYS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITYFS=y -CONFIG_PAGE_TABLE_ISOLATION=y CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y CONFIG_HARDENED_USERCOPY_FALLBACK=y @@ -2891,6 +2902,10 @@ CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity,bpf" # Memory initialization # CONFIG_INIT_STACK_NONE=y +# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set +# CONFIG_GCC_PLUGIN_STACKLEAK is not set # CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set # CONFIG_INIT_ON_FREE_DEFAULT_ON is not set # end of Memory initialization @@ -3065,18 +3080,6 @@ CONFIG_CRYPTO_USER_API_AEAD=y # CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set # CONFIG_CRYPTO_STATS is not set CONFIG_CRYPTO_HASH_INFO=y - -# -# Crypto library routines -# -CONFIG_CRYPTO_LIB_AES=y -# CONFIG_CRYPTO_LIB_BLAKE2S is not set -# CONFIG_CRYPTO_LIB_CHACHA is not set -# CONFIG_CRYPTO_LIB_CURVE25519 is not set -CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 -# CONFIG_CRYPTO_LIB_POLY1305 is not set -# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set -CONFIG_CRYPTO_LIB_SHA256=y # CONFIG_CRYPTO_HW is not set # @@ -3101,6 +3104,21 @@ CONFIG_GENERIC_IOMAP=y CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y CONFIG_ARCH_HAS_FAST_MULTIPLIER=y CONFIG_ARCH_USE_SYM_ANNOTATIONS=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +# CONFIG_CRYPTO_LIB_CHACHA is not set +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +CONFIG_LIB_MEMNEQ=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y # CONFIG_CRC_T10DIF is not set From 2e831273057080d1ebecb62b731ee76c0f571e44 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 27 May 2024 12:00:38 -0400 Subject: [PATCH 52/84] WiP: Otherwise we just passwd change/reencrypt one luks container and create discrepencies betweeen passphrases. Check possibilities MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit user@heads-tests-d12-nix-cryptsetup:~/heads$ docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env -- make BOARD=qemu-coreboot-whiptail-tpm1 run ---------------------------------------------------------------------- !!!!!! BUILD SYSTEM INFO !!!!!! System CPUS: 12 System Available Memory: 14940 GB System Load Average: 0.18 ---------------------------------------------------------------------- Used **CPUS**: 12 Used **LOADAVG**: 18 Used **AVAILABLE_MEM_GB**: 14940 GB ---------------------------------------------------------------------- **MAKE_JOBS**: -j12 --load-average=18 Variables available for override (use 'make VAR_NAME=value'): **CPUS** (default: number of processors, e.g., 'make CPUS=4') **LOADAVG** (default: 1.5 times CPUS, e.g., 'make LOADAVG=54') **AVAILABLE_MEM_GB** (default: memory available on the system in GB, e.g., 'make AVAILABLE_MEM_GB=4') **MEM_PER_JOB_GB** (default: 1GB per job, e.g., 'make MEM_PER_JOB_GB=2') ---------------------------------------------------------------------- !!!!!! Build starts !!!!!! swtpm socket \ \ --tpmstate dir="/home/user/heads/build/x86/qemu-coreboot-whiptail-tpm1/vtpm" \ --flags "startup-clear" \ --terminate \ --ctrl type=unixio,path="/home/user/heads/build/x86/qemu-coreboot-whiptail-tpm1/vtpm/sock" & sleep 0.5 qemu-system-x86_64 -drive file="/home/user/heads/build/x86/qemu-coreboot-whiptail-tpm1/root.qcow2",if=virtio \ --machine q35,accel=kvm:tcg \ -rtc base=utc \ -smp 1 \ -vga std \ -m "$(cat "/home/user/heads/build/x86/qemu-coreboot-whiptail-tpm1/memory")" \ -serial stdio \ --bios "/home/user/heads/build/x86/qemu-coreboot-whiptail-tpm1/heads-qemu-coreboot-whiptail-tpm1-v0.2.0-2236-g33c0c92.rom" \ -object rng-random,filename=/dev/urandom,id=rng0 \ -device virtio-rng-pci,rng=rng0 \ -netdev user,id=u1 -device e1000,netdev=u1 \ -chardev socket,id=chrtpm,path="/home/user/heads/build/x86/qemu-coreboot-whiptail-tpm1/vtpm/sock" \ -tpmdev emulator,id=tpm0,chardev=chrtpm \ -device tpm-tis,tpmdev=tpm0 \ -device qemu-xhci,id=usb \ -device usb-tablet \ -drive file="/home/user/heads/build/x86/qemu-coreboot-whiptail-tpm1/usb_fd.raw",if=none,id=usb-fd-drive,format=raw \ -device usb-storage,bus=usb.0,drive=usb-fd-drive \ -usb -device canokey,file=/home/user/heads/build/x86/qemu-coreboot-whiptail-tpm1/.canokey-file \ qemu-system-x86_64: Gdk: gdk_atom_intern: assertion 'atom_name != NULL' failed qemu-system-x86_64: Gdk: gdk_atom_intern: assertion 'atom_name != NULL' failed qemu-system-x86_64: warning: dbind: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: No such file or directory Could not access KVM kernel module: No such file or directory qemu-system-x86_64: failed to initialize kvm: No such file or directory qemu-system-x86_64: falling back to tcg Fontconfig error: Cannot load default config file: No such file: (null) Fontconfig error: No writable cache directories Fontconfig error: No writable cache directories Fontconfig error: No writable cache directories Fontconfig error: No writable cache directories [ 0.000000] Linux version 5.10.214-Heads (linux-qemu.config@linuxboot) (x86_64-linux-musl-gcc (GCC) 8.3.0, GNU ld (GNU Binutils) 2.32) #0 SMP 1970-00-00 [ 0.000000] Command line: debug console=ttyS0,115200 console=tty [ 0.000000] KERNEL supported cpus: [ 0.000000] Intel GenuineIntel [ 0.000000] AMD AuthenticAMD [ 0.000000] BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x0000000000000fff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000000001000-0x000000000009ffff] usable [ 0.000000] BIOS-e820: [mem 0x00000000000a0000-0x00000000000fffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000007ff42fff] usable [ 0.000000] BIOS-e820: [mem 0x000000007ff43000-0x000000007fffffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000b0000000-0x00000000bfffffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fed40000-0x00000000fed44fff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000017fffffff] usable [ 0.000000] NX (Execute Disable) protection: active [ 0.000000] SMBIOS 3.0 present. [ 0.000000] DMI: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Heads-v0.2.0-2236-g33c0c92 01/01/1970 [ 0.000000] tsc: Fast TSC calibration using PIT [ 0.000000] tsc: Detected 2495.959 MHz processor [ 0.001357] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved [ 0.001541] e820: remove [mem 0x000a0000-0x000fffff] usable [ 0.001732] last_pfn = 0x180000 max_arch_pfn = 0x400000000 [ 0.002335] MTRR default type: uncachable [ 0.002382] MTRR fixed ranges disabled: [ 0.002517] 00000-FFFFF uncachable [ 0.002547] MTRR variable ranges enabled: [ 0.002692] 0 base 00FF000000 mask FFFF000000 write-protect [ 0.002726] 1 disabled [ 0.002737] 2 disabled [ 0.002747] 3 disabled [ 0.002757] 4 disabled [ 0.002767] 5 disabled [ 0.002776] 6 disabled [ 0.002786] 7 disabled [ 0.003161] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT [ 0.003557] CPU MTRRs all blank - virtualized system. [ 0.003631] last_pfn = 0x7ff43 max_arch_pfn = 0x400000000 [ 0.009206] RAMDISK: [mem 0x04000000-0x044a9fff] [ 0.009667] ACPI: Early table checksum verification disabled [ 0.010157] ACPI: RSDP 0x000000007FF4B000 000024 (v02 ) [ 0.010533] ACPI: XSDT 0x000000007FF7B040 00005C (v01 COREv4 COREBOOT 00000000 CORE 20230628) [ 0.011289] ACPI: FACP 0x000000007FF5D409 0000F4 (v03 BOCHS BXPC 00000001 BXPC 00000001) [ 0.011953] ACPI: DSDT 0x000000007FF5B080 002389 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.012061] ACPI: FACS 0x000000007FF5B040 000040 [ 0.012138] ACPI: APIC 0x000000007FF5D4FD 000078 (v03 BOCHS BXPC 00000001 BXPC 00000001) [ 0.012181] ACPI: HPET 0x000000007FF5D575 000038 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.012219] ACPI: TCPA 0x000000007FF5D5AD 000032 (v02 BOCHS BXPC 00000001 BXPC 00000001) [ 0.012254] ACPI: MCFG 0x000000007FF5D5DF 00003C (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.012289] ACPI: WAET 0x000000007FF5D61B 000028 (v01 BOCHS BXPC 00000001 BXPC 00000001) [ 0.012323] ACPI: SSDT 0x000000007FF7B170 000383 (v02 COREv4 COREBOOT 0000002A CORE 20230628) [ 0.012443] ACPI: Reserving FACP table memory at [mem 0x7ff5d409-0x7ff5d4fc] [ 0.012481] ACPI: Reserving DSDT table memory at [mem 0x7ff5b080-0x7ff5d408] [ 0.012495] ACPI: Reserving FACS table memory at [mem 0x7ff5b040-0x7ff5b07f] [ 0.012509] ACPI: Reserving APIC table memory at [mem 0x7ff5d4fd-0x7ff5d574] [ 0.012521] ACPI: Reserving HPET table memory at [mem 0x7ff5d575-0x7ff5d5ac] [ 0.012533] ACPI: Reserving TCPA table memory at [mem 0x7ff5d5ad-0x7ff5d5de] [ 0.012544] ACPI: Reserving MCFG table memory at [mem 0x7ff5d5df-0x7ff5d61a] [ 0.012556] ACPI: Reserving WAET table memory at [mem 0x7ff5d61b-0x7ff5d642] [ 0.012567] ACPI: Reserving SSDT table memory at [mem 0x7ff7b170-0x7ff7b4f2] [ 0.013184] ACPI: Local APIC address 0xfee00000 [ 0.015495] Zone ranges: [ 0.015536] DMA32 [mem 0x0000000000001000-0x00000000ffffffff] [ 0.015593] Normal [mem 0x0000000100000000-0x000000017fffffff] [ 0.015618] Movable zone start for each node [ 0.015661] Early memory node ranges [ 0.015704] node 0: [mem 0x0000000000001000-0x000000000009ffff] [ 0.015739] node 0: [mem 0x0000000000100000-0x000000007ff42fff] [ 0.015750] node 0: [mem 0x0000000100000000-0x000000017fffffff] [ 0.015883] Initmem setup node 0 [mem 0x0000000000001000-0x000000017fffffff] [ 0.016167] On node 0 totalpages: 1048290 [ 0.016272] DMA32 zone: 8188 pages used for memmap [ 0.016306] DMA32 zone: 22 pages reserved [ 0.016380] DMA32 zone: 524002 pages, LIFO batch:63 [ 0.016496] Normal zone: 8192 pages used for memmap [ 0.016509] Normal zone: 524288 pages, LIFO batch:63 [ 0.017082] On node 0, zone DMA32: 1 pages in unavailable ranges [ 0.061888] On node 0, zone DMA32: 96 pages in unavailable ranges [ 0.107038] On node 0, zone Normal: 189 pages in unavailable ranges [ 0.107538] ACPI: PM-Timer IO Port: 0x608 [ 0.107592] ACPI: Local APIC address 0xfee00000 [ 0.108108] ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1]) [ 0.108614] IOAPIC[0]: apic_id 0, version 32, address 0xfec00000, GSI 0-23 [ 0.108742] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl) [ 0.109010] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level) [ 0.109072] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) [ 0.109174] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level) [ 0.109190] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level) [ 0.109307] ACPI: IRQ0 used by override. [ 0.109377] ACPI: IRQ5 used by override. [ 0.109391] ACPI: IRQ9 used by override. [ 0.109401] ACPI: IRQ10 used by override. [ 0.109411] ACPI: IRQ11 used by override. [ 0.109484] Using ACPI (MADT) for SMP configuration information [ 0.109542] ACPI: HPET id: 0x8086a201 base: 0xfed00000 [ 0.109846] smpboot: Allowing 1 CPUs, 0 hotplug CPUs [ 0.110639] [mem 0xc0000000-0xfed3ffff] available for PCI devices [ 0.111036] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645519600211568 ns [ 0.123287] setup_percpu: NR_CPUS:64 nr_cpumask_bits:64 nr_cpu_ids:1 nr_node_ids:1 [ 0.130518] percpu: Embedded 47 pages/cpu s153944 r8192 d30376 u2097152 [ 0.130938] pcpu-alloc: s153944 r8192 d30376 u2097152 alloc=1*2097152 [ 0.131032] pcpu-alloc: [0] 0 [ 0.132894] Built 1 zonelists, mobility grouping on. Total pages: 1031888 [ 0.133099] Kernel command line: debug console=ttyS0,115200 console=tty [ 0.145248] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes, linear) [ 0.151062] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes, linear) [ 0.152916] mem auto-init: stack:off, heap alloc:off, heap free:off [ 0.448236] Memory: 4031744K/4193160K available (8194K kernel code, 1468K rwdata, 1988K rodata, 1104K init, 1896K bss, 161160K reserved, 0K cma-reserved) [ 0.452037] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1 [ 0.459609] rcu: Hierarchical RCU implementation. [ 0.459672] rcu: RCU restricting CPUs from NR_CPUS=64 to nr_cpu_ids=1. [ 0.459865] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies. [ 0.459907] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1 [ 0.460712] NR_IRQS: 4352, nr_irqs: 256, preallocated irqs: 16 [ 0.473945] Console: colour dummy device 80x25 [ 0.477120] printk: console [tty0] enabled [ 0.516684] printk: console [ttyS0] enabled [ 0.517516] ACPI: Core revision 20200925 [ 0.522307] ACPI BIOS Warning (bug): Incorrect checksum in table [SSDT] - 0x05, should be 0x36 (20200925/tbprint-177) [ 0.528661] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604467 ns [ 0.537811] APIC: Switch to symmetric I/O mode setup [ 0.546152] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=0 pin2=0 [ 0.568164] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x23fa509ef93, max_idle_ns: 440795283110 ns [ 0.570789] Calibrating delay loop (skipped), value calculated using timer frequency.. 4991.91 BogoMIPS (lpj=9983836) [ 0.580126] process: using AMD E400 aware idle routine [ 0.580600] Last level iTLB entries: 4KB 512, 2MB 255, 4MB 127 [ 0.580866] Last level dTLB entries: 4KB 512, 2MB 255, 4MB 127, 1GB 0 [ 0.581610] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization [ 0.582280] Spectre V2 : Mitigation: Retpolines [ 0.582520] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch [ 0.583093] Spectre V2 : Spectre v2 / SpectreRSB : Filling RSB on VMEXIT [ 0.586427] x86/fpu: x87 FPU will use FXSAVE [ 0.782370] Freeing SMP alternatives memory: 12K [ 0.783775] pid_max: default: 4096 minimum: 301 [ 0.790154] Mount-cache hash table entries: 8192 (order: 4, 65536 bytes, linear) [ 0.790608] Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes, linear) [ 0.925158] smpboot: CPU0: AMD QEMU Virtual CPU version 2.5+ (family: 0xf, model: 0x6b, stepping: 0x1) [ 0.927305] Performance Events: PMU not available due to virtualization, using software events only. [ 0.929076] rcu: Hierarchical SRCU implementation. [ 0.932310] NMI watchdog: Perf NMI watchdog permanently disabled [ 0.934335] smp: Bringing up secondary CPUs ... [ 0.934513] smp: Brought up 1 node, 1 CPU [ 0.934695] smpboot: Max logical packages: 1 [ 0.934845] smpboot: Total of 1 processors activated (4991.91 BogoMIPS) [ 0.946462] devtmpfs: initialized [ 0.952034] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns [ 0.952495] futex hash table entries: 16 (order: -2, 1024 bytes, linear) [ 0.960200] NET: Registered protocol family 16 [ 0.969911] thermal_sys: Registered thermal governor 'step_wise' [ 0.969977] thermal_sys: Registered thermal governor 'user_space' [ 0.970661] cpuidle: using governor menu [ 0.972553] ACPI: bus type PCI registered [ 0.974659] PCI: Using configuration type 1 for base access [ 1.004364] cryptd: max_cpu_qlen set to 1000 [ 1.007305] ACPI: Added _OSI(Module Device) [ 1.007392] ACPI: Added _OSI(Processor Device) [ 1.007462] ACPI: Added _OSI(3.0 _SCP Extensions) [ 1.007519] ACPI: Added _OSI(Processor Aggregator Device) [ 1.007665] ACPI: Added _OSI(Linux-Dell-Video) [ 1.007731] ACPI: Added _OSI(Linux-Lenovo-NV-HDMI-Audio) [ 1.007803] ACPI: Added _OSI(Linux-HPI-Hybrid-Graphics) [ 1.035505] ACPI BIOS Error (bug): Failure creating named object [\_SB.PCI0._PRT], AE_ALREADY_EXISTS (20200925/dswload2-327) [ 1.036879] ACPI Error: AE_ALREADY_EXISTS, During name lookup/catalog (20200925/psobject-221) [ 1.037185] ACPI: Skipping parse of AML opcode: Method (0x0014) [ 1.037952] ACPI: 2 ACPI AML tables successfully acquired and loaded [ 1.056897] ACPI: Interpreter enabled [ 1.057670] ACPI: (supports S0 S5) [ 1.058064] ACPI: Using IOAPIC for interrupt routing [ 1.059908] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug [ 1.062038] ACPI: Enabled 2 GPEs in block 00 to 3F [ 1.095615] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff]) [ 1.096537] acpi PNP0A08:00: _OSC: OS supports [ASPM ClockPM Segments MSI HPX-Type3] [ 1.097987] acpi PNP0A08:00: PCIe port services disabled; not requesting _OSC control [ 1.103477] PCI host bridge to bus 0000:00 [ 1.103872] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window] [ 1.104077] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window] [ 1.104296] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window] [ 1.104708] pci_bus 0000:00: root bus resource [mem 0x80000000-0xafffffff window] [ 1.104974] pci_bus 0000:00: root bus resource [mem 0xc0000000-0xfebfffff window] [ 1.105227] pci_bus 0000:00: root bus resource [mem 0x180000000-0x97fffffff window] [ 1.105469] pci_bus 0000:00: root bus resource [mem 0xfed40000-0xfed44fff] [ 1.106015] pci_bus 0000:00: root bus resource [bus 00-ff] [ 1.108059] pci 0000:00:00.0: [8086:29c0] type 00 class 0x060000 [ 1.113296] pci 0000:00:01.0: [1234:1111] type 00 class 0x030000 [ 1.115317] pci 0000:00:01.0: reg 0x10: [mem 0xc0000000-0xc0ffffff pref] [ 1.117495] pci 0000:00:01.0: reg 0x18: [mem 0xc107c000-0xc107cfff] [ 1.118427] pci 0000:00:01.0: reg 0x30: [mem 0xc1060000-0xc106ffff pref] [ 1.118967] pci 0000:00:01.0: BAR 0: assigned to efifb [ 1.119922] pci 0000:00:02.0: [1af4:1005] type 00 class 0x00ff00 [ 1.122482] pci 0000:00:02.0: reg 0x10: [io 0x10c0-0x10df] [ 1.123543] pci 0000:00:02.0: reg 0x14: [mem 0xc107d000-0xc107dfff] [ 1.127232] pci 0000:00:02.0: reg 0x20: [mem 0xc1070000-0xc1073fff 64bit pref] [ 1.130852] pci 0000:00:03.0: [8086:100e] type 00 class 0x020000 [ 1.132266] pci 0000:00:03.0: reg 0x10: [mem 0xc1040000-0xc105ffff] [ 1.133730] pci 0000:00:03.0: reg 0x14: [io 0x1080-0x10bf] [ 1.136991] pci 0000:00:03.0: reg 0x30: [mem 0xc1000000-0xc103ffff pref] [ 1.139184] pci 0000:00:04.0: [1b36:000d] type 00 class 0x0c0330 [ 1.139636] pci 0000:00:04.0: reg 0x10: [mem 0xc1074000-0xc1077fff 64bit] [ 1.142062] pci 0000:00:05.0: [1af4:1001] type 00 class 0x010000 [ 1.142872] pci 0000:00:05.0: reg 0x10: [io 0x1000-0x107f] [ 1.144388] pci 0000:00:05.0: reg 0x14: [mem 0xc107e000-0xc107efff] [ 1.150893] pci 0000:00:05.0: reg 0x20: [mem 0xc1078000-0xc107bfff 64bit pref] [ 1.152445] pci 0000:00:1d.0: [8086:2934] type 00 class 0x0c0300 [ 1.155671] pci 0000:00:1d.0: reg 0x20: [io 0x10e0-0x10ff] [ 1.156930] pci 0000:00:1d.1: [8086:2935] type 00 class 0x0c0300 [ 1.158128] pci 0000:00:1d.1: reg 0x20: [io 0x1100-0x111f] [ 1.159414] pci 0000:00:1d.2: [8086:2936] type 00 class 0x0c0300 [ 1.161381] pci 0000:00:1d.2: reg 0x20: [io 0x1120-0x113f] [ 1.162881] pci 0000:00:1d.7: [8086:293a] type 00 class 0x0c0320 [ 1.163226] pci 0000:00:1d.7: reg 0x10: [mem 0xc107f000-0xc107ffff] [ 1.166913] pci 0000:00:1f.0: [8086:2918] type 00 class 0x060100 [ 1.167696] pci 0000:00:1f.0: quirk: [io 0x0600-0x067f] claimed by ICH6 ACPI/GPIO/TCO [ 1.167952] pci 0000:00:1f.0: quirk: [io 0x0580-0x05bf] claimed by ICH6 GPIO [ 1.168556] pci 0000:00:1f.2: [8086:2922] type 00 class 0x010601 [ 1.171301] pci 0000:00:1f.2: reg 0x20: [io 0x1140-0x115f] [ 1.171939] pci 0000:00:1f.2: reg 0x24: [mem 0xc1080000-0xc1080fff] [ 1.173311] pci 0000:00:1f.3: [8086:2930] type 00 class 0x0c0500 [ 1.178514] pci 0000:00:1f.3: reg 0x20: [io 0x0400-0x043f] [ 1.181944] pci_bus 0000:00: on NUMA node 0 [ 1.186760] ACPI: PCI Interrupt Link [LNKA] (IRQs 5 10 11) *0 [ 1.188131] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 10 11) *0 [ 1.189103] ACPI: PCI Interrupt Link [LNKC] (IRQs 5 10 11) *0 [ 1.190087] ACPI: PCI Interrupt Link [LNKD] (IRQs 5 10 11) *0 [ 1.191177] ACPI: PCI Interrupt Link [LNKE] (IRQs 5 10 11) *0 [ 1.192259] ACPI: PCI Interrupt Link [LNKF] (IRQs 5 10 11) *0 [ 1.193416] ACPI: PCI Interrupt Link [LNKG] (IRQs 5 10 11) *0 [ 1.195093] ACPI: PCI Interrupt Link [LNKH] (IRQs 5 10 11) *0 [ 1.195807] ACPI: PCI Interrupt Link [GSIA] (IRQs *16) [ 1.196292] ACPI: PCI Interrupt Link [GSIB] (IRQs *17) [ 1.196657] ACPI: PCI Interrupt Link [GSIC] (IRQs *18) [ 1.196921] ACPI: PCI Interrupt Link [GSID] (IRQs *19) [ 1.197178] ACPI: PCI Interrupt Link [GSIE] (IRQs *20) [ 1.197502] ACPI: PCI Interrupt Link [GSIF] (IRQs *21) [ 1.197802] ACPI: PCI Interrupt Link [GSIG] (IRQs *22) [ 1.198094] ACPI: PCI Interrupt Link [GSIH] (IRQs *23) [ 1.204033] iommu: Default domain type: Translated [ 1.206821] SCSI subsystem initialized [ 1.207845] libata version 3.00 loaded. [ 1.208348] ACPI: bus type USB registered [ 1.209026] usbcore: registered new interface driver usbfs [ 1.209613] usbcore: registered new interface driver hub [ 1.209978] usbcore: registered new device driver usb [ 1.220060] PCI: Using ACPI for IRQ routing [ 1.220278] PCI: pci_cache_line_size set to 64 bytes [ 1.220860] e820: reserve RAM buffer [mem 0x7ff43000-0x7fffffff] [ 1.221769] hpet: 3 channels of 0 reserved for per-cpu timers [ 1.223374] clocksource: Switched to clocksource tsc-early [ 1.225210] pnp: PnP ACPI init [ 1.226654] pnp 00:00: Plug and Play ACPI device, IDs PNP0c31 (active) [ 1.228067] pnp 00:01: Plug and Play ACPI device, IDs PNP0303 (active) [ 1.228810] pnp 00:02: Plug and Play ACPI device, IDs PNP0f13 (active) [ 1.229182] pnp 00:03: Plug and Play ACPI device, IDs PNP0400 (active) [ 1.229606] pnp 00:04: Plug and Play ACPI device, IDs PNP0501 (active) [ 1.230109] pnp 00:05: Plug and Play ACPI device, IDs PNP0b00 (active) [ 1.230828] pnp 00:06: Plug and Play ACPI device, IDs PNP0c31 (active) [ 1.232508] system 00:07: [mem 0xb0000000-0xbfffffff window] has been reserved [ 1.233295] system 00:07: Plug and Play ACPI device, IDs PNP0c01 (active) [ 1.236100] pnp: PnP ACPI: found 8 devices [ 1.263351] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns [ 1.263981] NET: Registered protocol family 2 [ 1.265186] IP idents hash table entries: 65536 (order: 7, 524288 bytes, linear) [ 1.269566] tcp_listen_portaddr_hash hash table entries: 2048 (order: 3, 32768 bytes, linear) [ 1.270669] TCP established hash table entries: 32768 (order: 6, 262144 bytes, linear) [ 1.271906] TCP bind hash table entries: 32768 (order: 7, 524288 bytes, linear) [ 1.272957] TCP: Hash tables configured (established 32768 bind 32768) [ 1.274775] UDP hash table entries: 2048 (order: 4, 65536 bytes, linear) [ 1.275209] UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes, linear) [ 1.276687] NET: Registered protocol family 1 [ 1.277887] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window] [ 1.278270] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window] [ 1.278673] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window] [ 1.279155] pci_bus 0000:00: resource 7 [mem 0x80000000-0xafffffff window] [ 1.279539] pci_bus 0000:00: resource 8 [mem 0xc0000000-0xfebfffff window] [ 1.280015] pci_bus 0000:00: resource 9 [mem 0x180000000-0x97fffffff window] [ 1.280429] pci_bus 0000:00: resource 10 [mem 0xfed40000-0xfed44fff] [ 1.281496] pci 0000:00:01.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff] [ 1.286658] PCI Interrupt Link [GSIE] enabled at IRQ 20 [ 1.293801] pci 0000:00:04.0: quirk_usb_early_handoff+0x0/0x62c took 10955 usecs [ 1.297288] PCI Interrupt Link [GSIA] enabled at IRQ 16 [ 1.302459] PCI Interrupt Link [GSIB] enabled at IRQ 17 [ 1.308171] PCI Interrupt Link [GSIC] enabled at IRQ 18 [ 1.313464] PCI Interrupt Link [GSID] enabled at IRQ 19 [ 1.316564] PCI: CLS 64 bytes, default 64 [ 1.323320] Trying to unpack rootfs image as initramfs... [ 2.943071] Freeing initrd memory: 4776K [ 2.943562] PCI-DMA: Using software bounce buffering for IO (SWIOTLB) [ 2.943845] software IO TLB: mapped [mem 0x000000007bf43000-0x000000007ff43000] (64MB) [ 2.949679] workingset: timestamp_bits=46 max_order=20 bucket_order=0 [ 2.958202] SGI XFS with security attributes, no debug enabled [ 2.962667] NET: Registered protocol family 38 [ 2.963227] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 249) [ 2.963527] io scheduler mq-deadline registered [ 2.965725] efifb: probing for efifb [ 2.966811] efifb: framebuffer at 0xc0000000, using 3072k, total 3072k [ 2.967354] efifb: mode is 1024x768x32, linelength=4096, pages=1 [ 2.968458] efifb: scrolling: redraw [ 2.968838] efifb: Truecolor: size=8:8:8:8, shift=24:16:8:0 [ 2.992832] Console: switching to colour frame buffer device 128x48 [ 3.003452] fb0: EFI VGA frame buffer device [ 3.007750] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 [ 3.013649] ACPI: Power Button [PWRF] [ 3.023407] PCI Interrupt Link [GSIG] enabled at IRQ 22 [ 3.030857] PCI Interrupt Link [GSIF] enabled at IRQ 21 [ 3.037518] Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled [ 3.041854] 00:04: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A [ 3.049518] Non-volatile memory driver v1.3 [ 3.070723] random: crng init done [ 3.072586] tpm_tis 00:00: 1.2 TPM (device-id 0x1, rev-id 1) [ 3.100088] tpm_tis 00:06: can't request region for resource [mem 0xfed40000-0xfed44fff] [ 3.101091] tpm_tis: probe of 00:06 failed with error -16 [ 3.104601] AMD-Vi: AMD IOMMUv2 functionality not available on this system - This is not a bug. [ 3.146690] brd: module loaded [ 3.164378] loop: module loaded [ 3.173788] virtio_blk virtio1: [vda] 41943040 512-byte logical blocks (21.5 GB/20.0 GiB) [ 3.174829] vda: detected capacity change from 0 to 21474836480 [ 3.203684] vda: vda1 vda2 < vda5 > vda3 [ 3.208445] Loading iSCSI transport class v2.0-870. [ 3.212527] iscsi: registered transport (tcp) [ 3.214410] ahci 0000:00:1f.2: version 3.0 [ 3.221907] ahci 0000:00:1f.2: AHCI 0001.0000 32 slots 6 ports 1.5 Gbps 0x3f impl SATA mode [ 3.222549] ahci 0000:00:1f.2: flags: 64bit ncq only [ 3.236903] scsi host0: ahci [ 3.248032] scsi host1: ahci [ 3.253186] scsi host2: ahci [ 3.258463] scsi host3: ahci [ 3.269146] scsi host4: ahci [ 3.274076] scsi host5: ahci [ 3.279672] ata1: SATA max UDMA/133 abar m4096@0xc1080000 port 0xc1080100 irq 28 [ 3.284624] ata2: SATA max UDMA/133 abar m4096@0xc1080000 port 0xc1080180 irq 28 [ 3.288775] ata3: SATA max UDMA/133 abar m4096@0xc1080000 port 0xc1080200 irq 28 [ 3.293097] ata4: SATA max UDMA/133 abar m4096@0xc1080000 port 0xc1080280 irq 28 [ 3.297411] ata5: SATA max UDMA/133 abar m4096@0xc1080000 port 0xc1080300 irq 28 [ 3.300612] ata6: SATA max UDMA/133 abar m4096@0xc1080000 port 0xc1080380 irq 28 [ 3.307565] i8042: PNP: PS/2 Controller [PNP0303:KBD,PNP0f13:MOU] at 0x60,0x64 irq 1,12 [ 3.315477] serio: i8042 KBD port at 0x60,0x64 irq 1 [ 3.319388] serio: i8042 AUX port at 0x60,0x64 irq 12 [ 3.323920] rtc_cmos 00:05: RTC can wake from S4 [ 3.336706] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input1 [ 3.352978] rtc_cmos 00:05: registered as rtc0 [ 3.360480] rtc_cmos 00:05: setting system clock to 2024-05-27T15:52:30 UTC (1716825150) [ 3.368800] rtc_cmos 00:05: alarms up to one day, y3k, 242 bytes nvram, hpet irqs [ 3.376906] i801_smbus 0000:00:1f.3: SMBus using PCI interrupt [ 3.383352] i2c i2c-0: 1/1 memory slots populated (from DMI) [ 3.387339] i2c i2c-0: Memory type 0x07 not supported yet, not instantiating SPD [ 3.396422] device-mapper: ioctl: 4.43.0-ioctl (2020-10-01) initialised: dm-devel@redhat.com [ 3.405510] NET: Registered protocol family 17 [ 3.420548] IPI shorthand broadcast: enabled [ 3.428621] sched_clock: Marking stable (3361782024, 65863750)->(3431691428, -4045654) [ 3.706716] ata2: SATA link down (SStatus 0 SControl 300) [ 3.711943] ata1: SATA link down (SStatus 0 SControl 300) [ 3.714891] ata4: SATA link down (SStatus 0 SControl 300) [ 3.718216] ata3: SATA link up 1.5 Gbps (SStatus 113 SControl 300) [ 3.727435] ata3.00: ATAPI: QEMU DVD-ROM, 2.5+, max UDMA/100 [ 3.730891] ata3.00: applying bridge limits [ 3.735031] ata3.00: configured for UDMA/100 [ 3.739480] ata5: SATA link down (SStatus 0 SControl 300) [ 3.743073] ata6: SATA link down (SStatus 0 SControl 300) [ 3.760009] scsi 2:0:0:0: CD-ROM QEMU QEMU DVD-ROM 2.5+ PQ: 0 ANSI: 5 [ 3.791903] sr 2:0:0:0: [sr0] scsi3-mmc drive: 4x/4x cd/rw xa/form2 tray [ 3.795666] cdrom: Uniform CD-ROM driver Revision: 3.20 [ 3.823522] sr 2:0:0:0: Attached scsi CD-ROM sr0 [ 3.830867] sr 2:0:0:0: Attached scsi generic sg0 type 5 [ 4.053435] Freeing unused kernel image (initmem) memory: 1104K [ 4.057245] tsc: Refined TSC clocksource calibration: 2495.997 MHz [ 4.063272] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x23fa7454d2a, max_idle_ns: 440795253903 ns [ 4.067419] clocksource: Switched to clocksource tsc [ 4.070828] Write protecting the kernel read-only data: 12288k [ 4.080468] Freeing unused kernel image (text/rodata gap) memory: 2044K [ 4.084568] Freeing unused kernel image (rodata/data gap) memory: 60K [ 4.087965] Run /init as init process [ 4.091279] with arguments: [ 4.095800] /init [ 4.099096] with environment: [ 4.103714] HOME=/ [ 4.109606] TERM=linux [ 4.169820] [U] hello world [ 4.371287] DEBUG: Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config) [ 4.392830] TRACE: Under init [ 4.433899] DEBUG: Applying panic_on_oom setting to sysctl [ 4.539072] TRACE: /bin/tpmr(32): main [ 4.633463] TRACE: /bin/cbfs-init(5): main [ 4.728134] TRACE: /bin/key-init(5): main [ 5.824993] TRACE: Under /etc/ash_functions:combine_configs [ 5.904298] TRACE: Under /etc/ash_functions:pause_recovery !!! Hit enter to proceed to recovery shell !!! [ 6.137010] TRACE: /bin/setconsolefont.sh(6): main [ 6.188579] DEBUG: Board does not ship setfont, not checking console font [ 6.451536] TRACE: /bin/gui-init(643): main [ 6.482343] TRACE: /etc/functions(715): detect_boot_device [ 6.541819] TRACE: /etc/functions(682): mount_possible_boot_device [ 6.604383] TRACE: /etc/functions(642): is_gpt_bios_grub [ 6.731484] TRACE: /dev/vda1 is partition 1 of vda [ 6.871167] TRACE: /etc/functions(619): find_lvm_vg_name [ 7.119158] TRACE: Try mounting /dev/vda1 as /boot [ 7.175186] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null) [ 7.237208] TRACE: /bin/gui-init(317): clean_boot_check [ 7.348743] TRACE: /bin/gui-init(346): check_gpg_key [ 12.484804] TRACE: Under /etc/ash_functions:recovery !!!!! Console recovery shell [ 12.660433] DEBUG: Board qemu-coreboot-whiptail-tpm1 - version Heads-v0.2.0-2236-g33c0c92 [ 12.694824] DEBUG: Extending TPM PCR 4 for recovery shell access [ 12.782961] TRACE: /bin/tpmr(32): main [ 12.844959] DEBUG: Direct translation from tpmr to tpm1 call [ 12.889837] DEBUG: exec tpm extend -ix 4 -ic recovery New value of PCR[4]: 8a6a96fde1a8dd96271479dc40742b36aba3c2b3 !!!!! Starting recovery shell ~ # oem-factory-reset [ 19.391027] TRACE: /bin/oem-factory-reset(11): main Would you like to use default configuration options? If N, you will be prompted for each option [Y/n]: n **************************************************** **** Factory Reset / Re-Ownership Questionnaire **** **************************************************** The following questionnaire will help you configure the security components of your system. Each prompt requires a single letter answer: eg. (Y/n). If you don't know what to answer, pressing Enter will select the default answer for that prompt: eg. Y, above. Would you like to change the current LUKS Disk Recovery Key passphrase? (Highly recommended if you didn't install the Operating System yourself, so that past configured passphrase would not permit to access content. Note that without re-encrypting disk, a backed up header could be restored to access encrypted content with old passphrase) [y/N]: y Would you like to re-encrypt LUKS encrypted container and generate new LUKS Disk Recovery Key? (Highly recommended if you didn't install the operating system yourself: this would prevent any LUKS backed up header to be restored to access encrypted data) [y/N]: y [ 23.007856] TRACE: /etc/luks-functions(296): test_luks_current_disk_recovery_key_passphrase [ 23.029224] TRACE: /etc/luks-functions(270): select_luks_container Failed to set up async io, using sync io. [ 23.367334] TRACE: /etc/gui_functions(83): file_selector ────────────────────┤ Select your File ├──────────────────────────────────────── ner device [1-2, a to abort]: 1 /dev/vda3 2 /dev/vda5 a Abort ──────────────────────────────────────────────────────────────────────────────── Enter the current LUKS Disk Recovery Key passphrase (Configured at OS installation or by OEM): PleaseChangeMe Testing opening /dev/vda3 LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase... [ 37.855527] DEBUG: cryptsetup open --test-passphrase /dev/vda3 --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase Success. Would you like to format an encrypted USB Thumb drive to store GPG key material? (Required to enable GPG authentication) [y/N]: y ++++ Master key and subkeys will be generated in memory, backed up to dedicated LUKS container +++ Would you like in-memory generated subkeys to be copied to USB Security Dongle's smartcard? (Highly recommended so the smartcard is used on daily basis and backup is kept safe, but not required) [Y/n]: y ++++ Subkeys will be copied to USB Security Dongle's smartcard ++++ [ 49.945161] *** WARNING: Please keep your GPG key material backup thumb drive safe *** The following Security Components will be configured with defaults or further chosen PINs/passwords: LUKS Disk Recovery Key passphrase TPM Owner Password GPG Key material backup passphrase (Same as GPG Admin PIN) GPG Admin PIN GPG User PIN Would you like to set a single custom password to all previously stated security components? [y/N]: y The chosen custom password must be between 8 and 25 characters in length. Enter the custom password: PleaseChangeMe Would you like to set custom user information for the GnuPG key? [y/N]: n [ 68.395411] TRACE: /bin/oem-factory-reset(396): select_thumb_drive_for_key_material [ 68.424600] TRACE: Under /etc/ash_functions:enable_usb [ 68.500643] TRACE: /sbin/insmod(9): main [ 68.640669] DEBUG: Extending TPM PCR 5 with /lib/modules/ehci-hcd.ko prior of usage [ 68.729157] TRACE: /bin/tpmr(32): main [ 68.789771] DEBUG: Direct translation from tpmr to tpm1 call [ 68.834212] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ehci-hcd.ko New value of PCR[5]: 21633d409dd476cc5f4a0150a36d5950f5d64f68 [ 68.997245] DEBUG: Loading /lib/modules/ehci-hcd.ko with busybox insmod [ 69.034636] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver [ 69.133241] TRACE: /sbin/insmod(9): main [ 69.298849] DEBUG: Extending TPM PCR 5 with /lib/modules/uhci-hcd.ko prior of usage [ 69.391626] TRACE: /bin/tpmr(32): main [ 69.457393] DEBUG: Direct translation from tpmr to tpm1 call [ 69.511547] DEBUG: exec tpm extend -ix 5 -if /lib/modules/uhci-hcd.ko New value of PCR[5]: 59a733f2744b73a686aadb622bf21b6cb2e857e1 [ 69.678876] DEBUG: Loading /lib/modules/uhci-hcd.ko with busybox insmod [ 69.715292] uhci_hcd: USB Universal Host Controller Interface driver [ 69.730616] uhci_hcd 0000:00:1d.0: UHCI Host Controller [ 69.737232] uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1 [ 69.754386] uhci_hcd 0000:00:1d.0: detected 2 ports [ 69.763973] uhci_hcd 0000:00:1d.0: irq 16, io base 0x000010e0 [ 69.782620] hub 1-0:1.0: USB hub found [ 69.793768] hub 1-0:1.0: 2 ports detected [ 69.808344] uhci_hcd 0000:00:1d.1: UHCI Host Controller [ 69.817408] uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2 [ 69.824656] uhci_hcd 0000:00:1d.1: detected 2 ports [ 69.833349] uhci_hcd 0000:00:1d.1: irq 17, io base 0x00001100 [ 69.844305] hub 2-0:1.0: USB hub found [ 69.850634] hub 2-0:1.0: 2 ports detected [ 69.863831] uhci_hcd 0000:00:1d.2: UHCI Host Controller [ 69.869789] uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3 [ 69.881549] uhci_hcd 0000:00:1d.2: detected 2 ports [ 69.890176] uhci_hcd 0000:00:1d.2: irq 18, io base 0x00001120 [ 69.898990] hub 3-0:1.0: USB hub found [ 69.906946] hub 3-0:1.0: 2 ports detected [ 69.995004] TRACE: /sbin/insmod(9): main [ 70.138781] DEBUG: Extending TPM PCR 5 with /lib/modules/ohci-hcd.ko prior of usage [ 70.239829] TRACE: /bin/tpmr(32): main [ 70.313655] DEBUG: Direct translation from tpmr to tpm1 call [ 70.386398] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ohci-hcd.ko New value of PCR[5]: cc5c54502fbba28806e9a56466a8f595b8b40581 [ 70.548351] DEBUG: Loading /lib/modules/ohci-hcd.ko with busybox insmod [ 70.576662] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver [ 70.664555] TRACE: /sbin/insmod(9): main [ 70.818989] DEBUG: Extending TPM PCR 5 with /lib/modules/ohci-pci.ko prior of usage [ 70.908984] TRACE: /bin/tpmr(32): main [ 70.979160] DEBUG: Direct translation from tpmr to tpm1 call [ 71.031400] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ohci-pci.ko New value of PCR[5]: 32f59488f65d9b9a712f5ff35d89c3053492fa65 [ 71.198320] DEBUG: Loading /lib/modules/ohci-pci.ko with busybox insmod [ 71.230458] ohci-pci: OHCI PCI platform driver [ 71.319015] TRACE: /sbin/insmod(9): main [ 71.466523] DEBUG: Extending TPM PCR 5 with /lib/modules/ehci-pci.ko prior of usage [ 71.554317] TRACE: /bin/tpmr(32): main [ 71.621898] DEBUG: Direct translation from tpmr to tpm1 call [ 71.676368] DEBUG: exec tpm extend -ix 5 -if /lib/modules/ehci-pci.ko New value of PCR[5]: 57dd398e1d34495588e88c04ec803c68d2e8a880 [ 71.865504] DEBUG: Loading /lib/modules/ehci-pci.ko with busybox insmod [ 71.895471] ehci-pci: EHCI PCI platform driver [ 71.915057] ehci-pci 0000:00:1d.7: EHCI Host Controller [ 71.922375] ehci-pci 0000:00:1d.7: new USB bus registered, assigned bus number 4 [ 71.931944] ehci-pci 0000:00:1d.7: irq 19, io mem 0xc107f000 [ 71.954678] ehci-pci 0000:00:1d.7: USB 2.0 started, EHCI 1.00 [ 71.972250] hub 4-0:1.0: USB hub found [ 71.978783] hub 4-0:1.0: 6 ports detected [ 71.988734] hub 1-0:1.0: USB hub found [ 71.994990] hub 1-0:1.0: 2 ports detected [ 72.003349] hub 2-0:1.0: USB hub found [ 72.009942] hub 2-0:1.0: 2 ports detected [ 72.018163] hub 3-0:1.0: USB hub found [ 72.033954] hub 3-0:1.0: 2 ports detected [ 72.135439] TRACE: /sbin/insmod(9): main [ 72.315577] DEBUG: Extending TPM PCR 5 with /lib/modules/xhci-hcd.ko prior of usage [ 72.409790] TRACE: /bin/tpmr(32): main [ 72.474356] DEBUG: Direct translation from tpmr to tpm1 call [ 72.522906] DEBUG: exec tpm extend -ix 5 -if /lib/modules/xhci-hcd.ko New value of PCR[5]: 8600091b27a18d60649ae54e943376f58d2e267c [ 72.693318] DEBUG: Loading /lib/modules/xhci-hcd.ko with busybox insmod [ 72.807533] TRACE: /sbin/insmod(9): main [ 72.939792] DEBUG: Extending TPM PCR 5 with /lib/modules/xhci-pci.ko prior of usage [ 73.027008] TRACE: /bin/tpmr(32): main [ 73.096260] DEBUG: Direct translation from tpmr to tpm1 call [ 73.145608] DEBUG: exec tpm extend -ix 5 -if /lib/modules/xhci-pci.ko New value of PCR[5]: c93b075b09b770746b1a1b45d6e3d63feaf83443 [ 73.312686] DEBUG: Loading /lib/modules/xhci-pci.ko with busybox insmod [ 73.340372] xhci_hcd 0000:00:04.0: xHCI Host Controller [ 73.345734] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 5 [ 73.357649] xhci_hcd 0000:00:04.0: hcc params 0x00087001 hci version 0x100 quirks 0x0000000000000010 [ 73.366477] xhci_hcd 0000:00:04.0: xHCI Host Controller [ 73.373721] xhci_hcd 0000:00:04.0: new USB bus registered, assigned bus number 6 [ 73.380270] xhci_hcd 0000:00:04.0: Host supports USB 3.0 SuperSpeed [ 73.389371] hub 5-0:1.0: USB hub found [ 73.395743] hub 5-0:1.0: 4 ports detected [ 73.404306] usb usb6: We don't know the algorithms for LPM for this host, disabling LPM. [ 73.416743] hub 6-0:1.0: USB hub found [ 73.424014] hub 6-0:1.0: 4 ports detected [ 73.670772] usb 5-1: new high-speed USB device number 2 using xhci_hcd [ 73.954700] usb 6-2: new SuperSpeed Gen 1 USB device number 2 using xhci_hcd [ 74.106242] usb 5-3: new full-speed USB device number 3 using xhci_hcd [ 75.470413] TRACE: /etc/functions(224): enable_usb_storage Scanning for USB storage devices... [ 75.584285] TRACE: /sbin/insmod(9): main [ 75.738969] DEBUG: Extending TPM PCR 5 with /lib/modules/usb-storage.ko prior of usage [ 75.827679] TRACE: /bin/tpmr(32): main [ 75.896708] DEBUG: Direct translation from tpmr to tpm1 call [ 75.949769] DEBUG: exec tpm extend -ix 5 -if /lib/modules/usb-storage.ko [ 76.104403] DEBUG: Loading /lib/modules/usb-storage.ko with busybox insmod [ 76.128919] usb-storage 6-2:1.0: USB Mass Storage device detected [ 76.138181] scsi host6: usb-storage 6-2:1.0 [ 76.145825] usbcore: registered new interface driver usb-storage [ 76.197467] TRACE: /etc/functions(261): list_usb_storage [ 76.253448] DEBUG: Listing USB storage devices (including partitions) [ 77.150291] scsi 6:0:0:0: Direct-Access QEMU QEMU HARDDISK 2.5+ PQ: 0 ANSI: 5 [ 77.160923] sd 6:0:0:0: Power-on or device reset occurred [ 77.166811] sd 6:0:0:0: Attached scsi generic sg1 type 0 [ 77.175608] sd 6:0:0:0: [sda] 524288 512-byte logical blocks: (268 MB/256 MiB) [ 77.183599] sd 6:0:0:0: [sda] Write Protect is off [ 77.196370] sd 6:0:0:0: [sda] Mode Sense: 63 00 00 08 [ 77.207786] sd 6:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 77.225782] sda: [ 77.239543] sd 6:0:0:0: [sda] Attached SCSI disk [ 77.394171] TRACE: /etc/functions(261): list_usb_storage [ 77.444845] DEBUG: Listing USB storage devices (including partitions) [ 77.585183] DEBUG: USB storage device of size greater then 0: /sys/block/sda [ 77.708205] DEBUG: USB storage device without partition table: /dev/sda [ 77.751699] TRACE: /bin/oem-factory-reset(298): prompt_insert_to_be_wiped_thumb_drive ┌────────────┤ WARNING: Please insert the thumb drive to be wiped ├────────────┐ │ │ │ The thumb drive will be WIPED next. │ │ │ │ Please connect only the thumb drive to be wiped and disconnect others. │ │ │ │ │ │ │ └──────────────────────────────────────────────────────────────────────────────┘ [ 86.972495] TRACE: /etc/functions(261): list_usb_storage [ 87.020445] DEBUG: Listing USB storage devices (disks only) since list_usb_storage was called with 'disks' argument [ 87.156871] DEBUG: USB storage device of size greater then 0: /sys/block/sda [ 87.276470] DEBUG: USB storage device without partition table: /dev/sda [ 87.349246] TRACE: /etc/gui_functions(83): file_selector ────────────────────┤ Select your File ├──────────────────────────────────────── to partition [1-1, a to abort]: 1 /dev/sda - 256 MB a Abort ──────────────────────────────────────────────────────────────────────────────── [ 88.878599] TRACE: /etc/luks-functions(19): select_luks_container_size_percent ┌─────────────┤ Select LUKS container size percentage of device ├──────────────┐ │ Select LUKS container size percentage of device: │ │ │ │ 10 10% │ │ 25 25% │ │ 50 50% │ │ 75 75% │ │ │ │ │ │ │ │ │ └──────────────────────────────────────────────────────────────────────────────┘ [ 89.637742] TRACE: /etc/luks-functions(191): confirm_thumb_drive_format ┌───────────┤ WARNING: Wiping and repartitioning /dev/sda (256 MB) ├───────────┐ │ │ │ WARNING: Wiping and repartitioning /dev/sda (256 MB) with 25 MB │ │ assigned to private LUKS ext4 partition, │ │ rest assigned to exFAT public partition. │ │ │ │ Are you sure you want to continue? │ │ │ │ │ │ │ └──────────────────────────────────────────────────────────────────────────────┘ Checking for USB Security Dongle... [ 90.384067] TRACE: Under /etc/ash_functions:enable_usb [ 90.469650] TRACE: /sbin/insmod(9): main [ 90.609009] DEBUG: /lib/modules/ehci-hcd.ko: already loaded [ 90.707119] TRACE: /sbin/insmod(9): main [ 90.847934] DEBUG: /lib/modules/uhci-hcd.ko: already loaded [ 90.933045] TRACE: /sbin/insmod(9): main [ 91.070657] DEBUG: /lib/modules/ohci-hcd.ko: already loaded [ 91.162513] TRACE: /sbin/insmod(9): main [ 91.306892] DEBUG: /lib/modules/ohci-pci.ko: already loaded [ 91.391118] TRACE: /sbin/insmod(9): main [ 91.524929] DEBUG: /lib/modules/ehci-pci.ko: already loaded [ 91.603619] TRACE: /sbin/insmod(9): main [ 91.756308] DEBUG: /lib/modules/xhci-hcd.ko: already loaded [ 91.841776] TRACE: /sbin/insmod(9): main [ 91.979223] DEBUG: /lib/modules/xhci-pci.ko: already loaded [ 94.223028] TRACE: /bin/oem-factory-reset(823): usb_security_token_capabilities_check [ 94.254971] TRACE: Under /etc/ash_functions:enable_usb [ 94.339009] TRACE: /sbin/insmod(9): main [ 94.477943] DEBUG: /lib/modules/ehci-hcd.ko: already loaded [ 94.564028] TRACE: /sbin/insmod(9): main [ 94.712265] DEBUG: /lib/modules/uhci-hcd.ko: already loaded [ 94.799991] TRACE: /sbin/insmod(9): main [ 94.936861] DEBUG: /lib/modules/ohci-hcd.ko: already loaded [ 95.033428] TRACE: /sbin/insmod(9): main [ 95.168483] DEBUG: /lib/modules/ohci-pci.ko: already loaded [ 95.267025] TRACE: /sbin/insmod(9): main [ 95.407182] DEBUG: /lib/modules/ehci-pci.ko: already loaded [ 95.488336] TRACE: /sbin/insmod(9): main [ 95.623872] DEBUG: /lib/modules/xhci-hcd.ko: already loaded [ 95.712048] TRACE: /sbin/insmod(9): main [ 95.853145] DEBUG: /lib/modules/xhci-pci.ko: already loaded [ 97.965156] TRACE: /etc/functions(568): assert_signable Detecting and setting boot device... [ 98.143017] TRACE: /etc/functions(715): detect_boot_device [ 98.208597] TRACE: /etc/functions(682): mount_possible_boot_device [ 98.260205] TRACE: /etc/functions(642): is_gpt_bios_grub [ 98.345172] TRACE: /dev/vda1 is partition 1 of vda [ 98.447506] TRACE: /etc/functions(619): find_lvm_vg_name [ 98.573805] TRACE: Try mounting /dev/vda1 as /boot [ 98.603662] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null) Boot device set to /dev/vda1 [ 98.655448] TRACE: /etc/functions(437): replace_config [ 98.828296] TRACE: Under /etc/ash_functions:combine_configs [ 98.869857] TRACE: /etc/luks-functions(430): luks_change_passphrase [ 98.904659] TRACE: /etc/luks-functions(270): select_luks_container Changing /dev/vda3 LUKS encrypted disk passphrase to the new LUKS Disk Recovery Key passphrase... Success. [ 115.276667] TRACE: /etc/luks-functions(345): luks_reencrypt [ 115.308592] TRACE: /etc/luks-functions(270): select_luks_container Reencrypting /dev/vda3 LUKS encrypted drive content with current Recovery Disk Key passphrase... [ 115.343396] *** WARNING: DO NOT POWER DOWN MACHINE, UNPLUG AC OR REMOVE BATTERY DURING REENCRYPTION PROCESS *** [ 116.414815] DEBUG: cryptsetup open --test-passphrase /dev/vda3 --key-slot 0 --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase Resuming LUKS reencryption in forced offline mode. Progress: 1.9%, ETA 32m27s, 360 MiB written, speed 9.3 MiB/sqemu: terminating on signal 2 make: *** wait: No child processes. Stop. user@heads-tests-d12-nix-cryptsetup:~/heads$ sudo qemu-img snapshot ~/qemu-disks/debian-12-2_luks.qcow2 -l Snapshot list: ID TAG VM SIZE DATE VM CLOCK ICOUNT 1 clean-install_2-luks 0 B 2024-05-23 13:49:47 00:00:00.000 0 2 duk_worked_against_2luks_slots 0 B 2024-05-23 16:31:32 00:00:00.000 0 3 before_reencrypt 0 B 2024-05-27 11:20:40 00:00:00.000 0 user@heads-tests-d12-nix-cryptsetup:~/heads$ sudo qemu-img snapshot ~/qemu-disks/debian-12-2_luks.qcow2 -a before_reencrypt Signed-off-by: Thierry Laurion --- initrd/etc/luks-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index 0b5ec5170..5f7f6d1b4 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -343,6 +343,7 @@ test_luks_current_disk_recovery_key_passphrase() luks_reencrypt() { TRACE_FUNC + #TODO: REFACTOR This and luks passphrase change function needs to loop on same drive discovered luks containers so that reencrypt/passwd change is done on all luks containers of same drive while :; do select_luks_container || return 1 if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ]; then From 466f60f9f0d1a38041b8eceb60ae19c64c09354e Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 28 May 2024 12:14:59 -0400 Subject: [PATCH 53/84] WiP test encrtption key now supports testing multiple luks containers on same disk only when DUK already setuped TODO: generalize and make reencryption and passphrase work again Signed-off-by: Thierry Laurion --- initrd/etc/luks-functions | 122 ++++++++++++++++++++++++++------------ 1 file changed, 84 insertions(+), 38 deletions(-) diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index 5f7f6d1b4..b2c4908ee 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -267,11 +267,13 @@ prepare_thumb_drive() select_luks_container() { + #TODO: extend logic to prompt for block devices with model if multiple luks is found on block device instead of partitions + # Then feek luks with those partitions so that reencrypt and passphrase change can use passphrase to test all selected TRACE_FUNC if [ -s /boot/kexec_key_devices.txt ]; then DEBUG "Reusing known good LUKS container device from /boot/kexec_key_devices.txt" - DEBUG "LUKS container device: $(cut -d ' ' -f1 /boot/kexec_key_devices.txt)" - LUKS=$(cut -d ' ' -f1 /boot/kexec_key_devices.txt) + LUKS=$(cut -d ' ' -f1 /boot/kexec_key_devices.txt) + DEBUG "LUKS container device: $(echo $LUKS)" # LUKS variable not exported yet, prompt for LUKS device elif [ -z $LUKS ]; then list_luks_devices > /tmp/luks_devices.txt @@ -282,7 +284,20 @@ select_luks_container() return 1 else #TODO: What about BRTFS multi LUKS setup of QubesOS? - LUKS=$FILE + # if multiple LUKS containers are found on same block device + # select all of the luks containers on same block device instead of just one + # note that block devices for example under /dev/sda will be /dev/sda1, /dev/sda2, etc + # so we need to select all of the partitions on the same block device from /tmp/luks_devices.txt + # and then export them to LUKS variable + # then reencrypt and passphrase change functions will loop on all of the LUKS containers + # and test passphrase on all of them + if [ grep -q $(echo $FILE | sed 's/[0-9]*$//') /tmp/luks_devices.txt ]; then + DEBUG "Multiple LUKS containers found on same block device, selecting them all" + LUKS=$(grep $(echo $FILE | sed 's/[0-9]*$//') /tmp/luks_devices.txt) + else + DEBUG "Single LUKS container found on block device, assigning to LUKS variable" + LUKS=$FILE + fi fi else warn "No encrypted device found" @@ -291,13 +306,13 @@ select_luks_container() fi } -test_luks_current_disk_recovery_key_passphrase() -{ +test_luks_current_disk_recovery_key_passphrase() { TRACE_FUNC + select_luks_container || return 1 while :; do - select_luks_container || return 1 + TRACE_FUNC if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ]; then - #if no external provisioning provides current LUKS Disk Recovery Key passphrase + # if no external provisioning provides current LUKS Disk Recovery Key passphrase echo -e "\nEnter the current LUKS Disk Recovery Key passphrase (Configured at OS installation or by OEM):" read -r luks_current_Disk_Recovery_Key_passphrase echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase @@ -305,37 +320,41 @@ test_luks_current_disk_recovery_key_passphrase() echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase fi - #output test coming and do cryptsetup open call - echo -e "\nTesting opening "$LUKS" LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase..." - DO_WITH_DEBUG cryptsetup open --test-passphrase $LUKS --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase + # test all LUKS containers on same block device as returned by select_luks_container + echo -e "\n$LUKS: Testing opening LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase..." + + # Loop on all LUKS containers on same block device + for luks_container in $LUKS; do + DEBUG "$luks_container: Testing opening LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase" + DO_WITH_DEBUG cryptsetup open --test-passphrase "$luks_container" --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase + # Validate past cryptsetup reencrypt attempts + if [ $? -ne 0 ]; then + whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ + "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 + shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null + # unsetting luks_current_Disk_Recovery_Key_passphrase so we prompt for it again LUKS Disk Recovery Key passphrase prompt on next round + unset luks_current_Disk_Recovery_Key_passphrase + # remove "known good" selected LUKS container so that next pass asks again user to select LUKS container. + # maybe the container was not the right one + detect_boot_device + mount -o remount,rw /boot + rm -f /boot/kexec_key_devices.txt + mount -o remount,ro /boot + unset LUKS + else + # LuksOpen test was successful. Cleanup should be called only when done + # Exporting successfully used passphrase possibly reused by oem-factory-reset + echo "Success." - #Validate past cryptsetup reencrypt attempts - if [ $? -ne 0 ]; then - whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ - "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 - shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null - #unsetting luks_current_Disk_Recovery_Key_passphrase so we prompt for it again LUKS Disk Recovery Key passphrase prompt on next round - unset luks_current_Disk_Recovery_Key_passphrase - #remove "known good" selected LUKS container so that next pass asks again user to select LUKS container. - #maybe the container was not the right one - detect_boot_device - mount -o remount,rw /boot - rm -f /boot/kexec_key_devices.txt - mount -o remount,ro /boot - unset LUKS - else - #LuksOpen test was successful. Cleanup should be called only when done - #Exporting successfully used passphrase possibly reused by oem-factory-reset - echo "Success." + # Exporting successfully used passphrase possibly reused by oem-factory-reset + export luks_current_Disk_Recovery_Key_passphrase + fi + done - #Exporting successfully used passphrase possibly reused by oem-factory-reset - export luks_current_Disk_Recovery_Key_passphrase - - #We export the LUKS volume that was validated via passphrase test + # exit while loop if LUKS variable is not empty + if [ -n "$LUKS" ]; then + # We export the LUKS volume that were validated via passphrase test export LUKS - #TODO what about non-standard BRTFS multi LUKS containers? - - #exit while loop break; fi done @@ -344,6 +363,8 @@ test_luks_current_disk_recovery_key_passphrase() luks_reencrypt() { TRACE_FUNC #TODO: REFACTOR This and luks passphrase change function needs to loop on same drive discovered luks containers so that reencrypt/passwd change is done on all luks containers of same drive + # Ideal would be to list luks devices and then try keep and append LUKS devices to a list of devices to reencrypt or change passphrase + # then loop on that list of devices that could be opened and reencrypt/change passphrase for all the devices that could be tested opened with that passphrase while :; do select_luks_container || return 1 if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ]; then @@ -358,12 +379,37 @@ luks_reencrypt() { echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase fi + #$LUKS can contain multiple LUKS containers on diffent drives + #Test early for DRK against all LUKS containers to fail early + #output test coming and do cryptsetup open call + for luks_container in $LUKS; do + DEBUG "$luks_container: Testing opening LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase" + DO_WITH_DEBUG cryptsetup open --test-passphrase $luks_container --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase + #Validate past cryptsetup reencrypt attempts + if [ $? -ne 0 ]; then + whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ + "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 + shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null + #unsetting luks_current_Disk_Recovery_Key_passphrase so we prompt for it again LUKS Disk Recovery Key passphrase prompt on next round + unset luks_current_Disk_Recovery_Key_passphrase + #remove "known good" selected LUKS container so that next pass asks again user to select LUKS container. + #maybe the container was not the right one + detect_boot_device + mount -o remount,rw /boot + rm -f /boot/kexec_key_devices.txt + mount -o remount,ro /boot + unset LUKS + continue + fi + done + + for luks_container in #Warn and launch actual reencryption - echo -e "\nReencrypting "$LUKS" LUKS encrypted drive content with current Recovery Disk Key passphrase..." + echo -e "\nReencrypting $LUKS LUKS encrypted drive content with current Recovery Disk Key passphrase..." warn "DO NOT POWER DOWN MACHINE, UNPLUG AC OR REMOVE BATTERY DURING REENCRYPTION PROCESS" # fist obtain which luks1/luks2 key-slot can be unlocked with the key-file DRK_KEYSLOT=-1 - for i in $(seq 0 7); do + for i in $(seq 0 31); do DO_WITH_DEBUG cryptsetup open --test-passphrase $LUKS --key-slot $i --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase > /dev/null 2>&1 if [ $? -eq 0 ]; then DRK_KEYSLOT=$i @@ -503,4 +549,4 @@ luks_secrets_cleanup() unset luks_current_Disk_Recovery_Key_passphrase unset luks_new_Disk_Recovery_Key_passphrase unset LUKS -} +} \ No newline at end of file From fed02f70f92a8b26d46ce4b2fe04cc9febc21619 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 3 Jun 2024 12:08:29 -0400 Subject: [PATCH 54/84] WiP: work being done under reencrypt function Logic problem is that we first - Check if passphrase can unlock all kuks containers on same block device (UX is weird) - If passphrase can unlock all LUKS container (fast) we need to tracck which keyslot did that (do we? maybe not) - Then we try to reuse the same keyslot to reencrypt that luks container, so we need to do this for the same keyslot of each luks container Signed-off-by: Thierry Laurion --- initrd/etc/luks-functions | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index b2c4908ee..7b1e3b82e 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -275,7 +275,7 @@ select_luks_container() LUKS=$(cut -d ' ' -f1 /boot/kexec_key_devices.txt) DEBUG "LUKS container device: $(echo $LUKS)" # LUKS variable not exported yet, prompt for LUKS device - elif [ -z $LUKS ]; then + elif [ -z "$LUKS" ]; then list_luks_devices > /tmp/luks_devices.txt #if /tmp/luks_devices.txt exists and is not empty if [ -s /tmp/luks_devices.txt ]; then @@ -291,7 +291,7 @@ select_luks_container() # and then export them to LUKS variable # then reencrypt and passphrase change functions will loop on all of the LUKS containers # and test passphrase on all of them - if [ grep -q $(echo $FILE | sed 's/[0-9]*$//') /tmp/luks_devices.txt ]; then + if grep -q "$(echo $FILE | sed 's/[0-9]*$//')" /tmp/luks_devices.txt; then DEBUG "Multiple LUKS containers found on same block device, selecting them all" LUKS=$(grep $(echo $FILE | sed 's/[0-9]*$//') /tmp/luks_devices.txt) else @@ -379,12 +379,13 @@ luks_reencrypt() { echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase fi - #$LUKS can contain multiple LUKS containers on diffent drives - #Test early for DRK against all LUKS containers to fail early - #output test coming and do cryptsetup open call - for luks_container in $LUKS; do + # Split the $LUKS variable into an array of LUKS containers + luks_containers=($LUKS) + + # Loop through each LUKS container + for luks_container in "${luks_containers[@]}"; do DEBUG "$luks_container: Testing opening LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase" - DO_WITH_DEBUG cryptsetup open --test-passphrase $luks_container --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase + DO_WITH_DEBUG cryptsetup open --test-passphrase "$luks_container" --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase #Validate past cryptsetup reencrypt attempts if [ $? -ne 0 ]; then whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ @@ -403,14 +404,10 @@ luks_reencrypt() { fi done - for luks_container in - #Warn and launch actual reencryption - echo -e "\nReencrypting $LUKS LUKS encrypted drive content with current Recovery Disk Key passphrase..." - warn "DO NOT POWER DOWN MACHINE, UNPLUG AC OR REMOVE BATTERY DURING REENCRYPTION PROCESS" - # fist obtain which luks1/luks2 key-slot can be unlocked with the key-file + # first obtain which luks1/luks2 key-slot can be unlocked with the key-file DRK_KEYSLOT=-1 for i in $(seq 0 31); do - DO_WITH_DEBUG cryptsetup open --test-passphrase $LUKS --key-slot $i --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase > /dev/null 2>&1 + DO_WITH_DEBUG cryptsetup open --test-passphrase "$LUKS" --key-slot $i --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase > /dev/null 2>&1 if [ $? -eq 0 ]; then DRK_KEYSLOT=$i break @@ -434,7 +431,12 @@ luks_reencrypt() { continue fi + #Warn and launch actual reencryption + echo -e "\nReencrypting $LUKS LUKS encrypted drive content with current Recovery Disk Key passphrase..." + warn "DO NOT POWER DOWN MACHINE, UNPLUG AC OR REMOVE BATTERY DURING REENCRYPTION PROCESS" + #now reencrypt the LUKS container with the same key slot + #TODO: loop in case of multiple LUKS containers on same block device cryptsetup reencrypt --key-slot $DRK_KEYSLOT \ --perf-no_read_workqueue --perf-no_write_workqueue \ --resilience=none --force-offline-reencrypt --disable-locks \ @@ -549,4 +551,4 @@ luks_secrets_cleanup() unset luks_current_Disk_Recovery_Key_passphrase unset luks_new_Disk_Recovery_Key_passphrase unset LUKS -} \ No newline at end of file +} From 62a902f7337f4457d58661d350d3f338b24e81c5 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 3 Jun 2024 15:42:39 -0400 Subject: [PATCH 55/84] luks_reencrypt works with both containers but never exits Signed-off-by: Thierry Laurion --- initrd/etc/luks-functions | 134 ++++++++++++++++++++------------------ 1 file changed, 70 insertions(+), 64 deletions(-) diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index 7b1e3b82e..c3050061f 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -365,8 +365,9 @@ luks_reencrypt() { #TODO: REFACTOR This and luks passphrase change function needs to loop on same drive discovered luks containers so that reencrypt/passwd change is done on all luks containers of same drive # Ideal would be to list luks devices and then try keep and append LUKS devices to a list of devices to reencrypt or change passphrase # then loop on that list of devices that could be opened and reencrypt/change passphrase for all the devices that could be tested opened with that passphrase + select_luks_container || return 1 + while :; do - select_luks_container || return 1 if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ]; then #if no external provisioning provides current LUKS Disk Recovery Key passphrase msg=$(echo -e "This will replace the encrypted container content and its LUKS Disk Recovery Key.\n\nThe passphrase associated with this key will be asked from the user under the following conditions:\n 1-Every boot if no Disk Unlock Key was added to the TPM\n 2-If the TPM fails (hardware failure)\n 3-If the firmware has been tampered with/modified by the user\n\nThis process requires you to type the current LUKS Disk Recovery Key passphrase and will delete the LUKS TPM Disk Unlock Key slot, if set up, by setting a default boot LUKS key slot (1) if present.\n\nAt the next prompt, you may be asked to select which file corresponds to the LUKS device container.\n\nHit Enter to continue." | fold -w 70 -s) @@ -404,73 +405,78 @@ luks_reencrypt() { fi done - # first obtain which luks1/luks2 key-slot can be unlocked with the key-file - DRK_KEYSLOT=-1 - for i in $(seq 0 31); do - DO_WITH_DEBUG cryptsetup open --test-passphrase "$LUKS" --key-slot $i --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase > /dev/null 2>&1 - if [ $? -eq 0 ]; then - DRK_KEYSLOT=$i - break - fi - done + for luks_container in "${luks_containers[@]}"; do + # first obtain which luks1/luks2 key-slot can be unlocked with the key-file + DRK_KEYSLOT=-1 + DEBUG "$luks_container: Testing key slots for LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase" + for i in $(seq 0 31); do + DO_WITH_DEBUG cryptsetup open --test-passphrase $luks_container --key-slot $i --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase > /dev/null 2>&1 + if [ $? -eq 0 ]; then + DRK_KEYSLOT=$i + break + fi + done - #Validate if a key slot was found - if [ $DRK_KEYSLOT -eq -1 ]; then - whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ + #Validate if a key slot was found + if [ $DRK_KEYSLOT -eq -1 ]; then + whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 - shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null - #unsetting luks_current_Disk_Recovery_Key_passphrase so we prompt for it again LUKS Disk Recovery Key passphrase prompt on next round - unset luks_current_Disk_Recovery_Key_passphrase - #remove "known good" selected LUKS container so that next pass asks again user to select LUKS container. - #maybe the container was not the right one - detect_boot_device - mount -o remount,rw /boot - rm -f /boot/kexec_key_devices.txt - mount -o remount,ro /boot - unset LUKS - continue - fi + shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null + #unsetting luks_current_Disk_Recovery_Key_passphrase so we prompt for it again LUKS Disk Recovery Key passphrase prompt on next round + unset luks_current_Disk_Recovery_Key_passphrase + #remove "known good" selected LUKS container so that next pass asks again user to select LUKS container. + #maybe the container was not the right one + detect_boot_device + mount -o remount,rw /boot + rm -f /boot/kexec_key_devices.txt + mount -o remount,ro /boot + unset LUKS + continue + fi - #Warn and launch actual reencryption - echo -e "\nReencrypting $LUKS LUKS encrypted drive content with current Recovery Disk Key passphrase..." - warn "DO NOT POWER DOWN MACHINE, UNPLUG AC OR REMOVE BATTERY DURING REENCRYPTION PROCESS" - - #now reencrypt the LUKS container with the same key slot - #TODO: loop in case of multiple LUKS containers on same block device - cryptsetup reencrypt --key-slot $DRK_KEYSLOT \ - --perf-no_read_workqueue --perf-no_write_workqueue \ - --resilience=none --force-offline-reencrypt --disable-locks \ - "$LUKS" --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase - #--perf-no_read_workqueue and/or --perf-no_write_workqueue improve encryption/reencrypton performance on kernel 5.10.9+ - # bypassing dm-crypt queues. - #Ref https://github.com/cloudflare/linux/issues/1#issuecomment-729695518 - #--resilience=none disables the resilience feature of cryptsetup, which is enabled by default - #--force-offline-reencrypt forces the reencryption to be done offline (no read/write operations on the device) - #--disable-locks disables the lock feature of cryptsetup, which is enabled by default - - #Validate past cryptsetup reencrypt attempts - if [ $? -ne 0 ]; then - whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ - "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 - shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null - #unsetting luks_current_Disk_Recovery_Key_passphrase so we prompt for it again LUKS Disk Recovery Key passphrase prompt on next round - unset luks_current_Disk_Recovery_Key_passphrase - #remove "known good" selected LUKS container so that next pass asks again user to select LUKS container. - #maybe the container was not the right one - detect_boot_device - mount -o remount,rw /boot - rm -f /boot/kexec_key_devices.txt - mount -o remount,ro /boot - unset LUKS - else - #Reencryption was successful. Cleanup should be called only when done - #Exporting successfully used passphrase possibly reused by oem-factory-reset - export luks_current_Disk_Recovery_Key_passphrase - export LUKS + #now reencrypt the LUKS container with the same key slot + #Warn and launch actual reencryption + echo -e "\nReencrypting $luks_container LUKS encrypted drive content with current Recovery Disk Key passphrase..." + warn "DO NOT POWER DOWN MACHINE, UNPLUG AC OR REMOVE BATTERY DURING REENCRYPTION PROCESS" + + #TODO: uncomment + DO_WITH_DEBUG echo "faking cryptsetup reencrypt command for testing purposes on $luks_container LUKS container..." + #DO_WITH_DEBUG cryptsetup reencrypt \ + #--perf-no_read_workqueue --perf-no_write_workqueue \ + #--resilience=none --force-offline-reencrypt --disable-locks \ + #"$luks_container" --key-slot $DRK_KEYSLOT \ + #--key-file /tmp/luks_current_Disk_Recovery_Key_passphrase + #--perf-no_read_workqueue and/or --perf-no_write_workqueue improve encryption/reencrypton performance on kernel 5.10.9+ + # bypassing dm-crypt queues. + #Ref https://github.com/cloudflare/linux/issues/1#issuecomment-729695518 + #--resilience=none disables the resilience feature of cryptsetup, which is enabled by default + #--force-offline-reencrypt forces the reencryption to be done offline (no read/write operations on the device) + #--disable-locks disables the lock feature of cryptsetup, which is enabled by default - # we break loop since success - break; - fi + #Validate past cryptsetup reencrypt attempts + if [ $? -ne 0 ]; then + whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ + "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 + shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null + #unsetting luks_current_Disk_Recovery_Key_passphrase so we prompt for it again LUKS Disk Recovery Key passphrase prompt on next round + unset luks_current_Disk_Recovery_Key_passphrase + #remove "known good" selected LUKS container so that next pass asks again user to select LUKS container. + #maybe the container was not the right one + detect_boot_device + mount -o remount,rw /boot + rm -f /boot/kexec_key_devices.txt + mount -o remount,ro /boot + unset LUKS + else + #Reencryption was successful. Cleanup should be called only when done + #Exporting successfully used passphrase possibly reused by oem-factory-reset + export luks_current_Disk_Recovery_Key_passphrase + export LUKS + + # we break loop since success + break; + fi + done done } From 8f4d5b9f89ce2fe14aab3123834386398a787944 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 4 Jun 2024 15:02:43 -0400 Subject: [PATCH 56/84] WiP Signed-off-by: Thierry Laurion --- initrd/etc/luks-functions | 67 +++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 31 deletions(-) diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index c3050061f..60e6b5b27 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -367,7 +367,11 @@ luks_reencrypt() { # then loop on that list of devices that could be opened and reencrypt/change passphrase for all the devices that could be tested opened with that passphrase select_luks_container || return 1 - while :; do + # Count the number of containers to be reencrypted + num_containers=$(echo "$LUKS" | wc -w) + reencrypted_containers=0 + + while [ $reencrypted_containers -lt $num_containers ]; do if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ]; then #if no external provisioning provides current LUKS Disk Recovery Key passphrase msg=$(echo -e "This will replace the encrypted container content and its LUKS Disk Recovery Key.\n\nThe passphrase associated with this key will be asked from the user under the following conditions:\n 1-Every boot if no Disk Unlock Key was added to the TPM\n 2-If the TPM fails (hardware failure)\n 3-If the firmware has been tampered with/modified by the user\n\nThis process requires you to type the current LUKS Disk Recovery Key passphrase and will delete the LUKS TPM Disk Unlock Key slot, if set up, by setting a default boot LUKS key slot (1) if present.\n\nAt the next prompt, you may be asked to select which file corresponds to the LUKS device container.\n\nHit Enter to continue." | fold -w 70 -s) @@ -386,16 +390,14 @@ luks_reencrypt() { # Loop through each LUKS container for luks_container in "${luks_containers[@]}"; do DEBUG "$luks_container: Testing opening LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase" - DO_WITH_DEBUG cryptsetup open --test-passphrase "$luks_container" --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase - #Validate past cryptsetup reencrypt attempts - if [ $? -ne 0 ]; then + if ! DO_WITH_DEBUG cryptsetup open --test-passphrase "$luks_container" --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase > /dev/null 2>&1; then whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null - #unsetting luks_current_Disk_Recovery_Key_passphrase so we prompt for it again LUKS Disk Recovery Key passphrase prompt on next round + # Unsetting luks_current_Disk_Recovery_Key_passphrase so we prompt for it again LUKS Disk Recovery Key passphrase prompt on next round unset luks_current_Disk_Recovery_Key_passphrase - #remove "known good" selected LUKS container so that next pass asks again user to select LUKS container. - #maybe the container was not the right one + # Remove "known good" selected LUKS container so that next pass asks again user to select LUKS container. + # Maybe the container was not the right one detect_boot_device mount -o remount,rw /boot rm -f /boot/kexec_key_devices.txt @@ -406,26 +408,25 @@ luks_reencrypt() { done for luks_container in "${luks_containers[@]}"; do - # first obtain which luks1/luks2 key-slot can be unlocked with the key-file + # First obtain which luks1/luks2 key-slot can be unlocked with the key-file DRK_KEYSLOT=-1 DEBUG "$luks_container: Testing key slots for LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase" for i in $(seq 0 31); do - DO_WITH_DEBUG cryptsetup open --test-passphrase $luks_container --key-slot $i --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase > /dev/null 2>&1 - if [ $? -eq 0 ]; then + if DO_WITH_DEBUG cryptsetup open --test-passphrase $luks_container --key-slot $i --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase > /dev/null 2>&1; then DRK_KEYSLOT=$i break fi done - #Validate if a key slot was found + # Validate if a key slot was found if [ $DRK_KEYSLOT -eq -1 ]; then whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null - #unsetting luks_current_Disk_Recovery_Key_passphrase so we prompt for it again LUKS Disk Recovery Key passphrase prompt on next round + # Unsetting luks_current_Disk_Recovery_Key_passphrase so we prompt for it again LUKS Disk Recovery Key passphrase prompt on next round unset luks_current_Disk_Recovery_Key_passphrase - #remove "known good" selected LUKS container so that next pass asks again user to select LUKS container. - #maybe the container was not the right one + # Remove "known good" selected LUKS container so that next pass asks again user to select LUKS container. + # Maybe the container was not the right one detect_boot_device mount -o remount,rw /boot rm -f /boot/kexec_key_devices.txt @@ -434,27 +435,31 @@ luks_reencrypt() { continue fi - #now reencrypt the LUKS container with the same key slot - #Warn and launch actual reencryption + # Now reencrypt the LUKS container with the same key slot + # Warn and launch actual reencryption echo -e "\nReencrypting $luks_container LUKS encrypted drive content with current Recovery Disk Key passphrase..." warn "DO NOT POWER DOWN MACHINE, UNPLUG AC OR REMOVE BATTERY DURING REENCRYPTION PROCESS" - #TODO: uncomment + # TODO: uncomment DO_WITH_DEBUG echo "faking cryptsetup reencrypt command for testing purposes on $luks_container LUKS container..." - #DO_WITH_DEBUG cryptsetup reencrypt \ - #--perf-no_read_workqueue --perf-no_write_workqueue \ - #--resilience=none --force-offline-reencrypt --disable-locks \ - #"$luks_container" --key-slot $DRK_KEYSLOT \ - #--key-file /tmp/luks_current_Disk_Recovery_Key_passphrase - #--perf-no_read_workqueue and/or --perf-no_write_workqueue improve encryption/reencrypton performance on kernel 5.10.9+ + # DO_WITH_DEBUG cryptsetup reencrypt \ + # --perf-no_read_workqueue --perf-no_write_workqueue \ + # --resilience=none --force-offline-reencrypt --disable-locks \ + # "$luks_container" --key-slot "$DRK_KEYSLOT" \ + # --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase + # --perf-no_read_workqueue and/or --perf-no_write_workqueue improve encryption/reencrypton performance on kernel 5.10.9+ # bypassing dm-crypt queues. - #Ref https://github.com/cloudflare/linux/issues/1#issuecomment-729695518 - #--resilience=none disables the resilience feature of cryptsetup, which is enabled by default - #--force-offline-reencrypt forces the reencryption to be done offline (no read/write operations on the device) - #--disable-locks disables the lock feature of cryptsetup, which is enabled by default + # Ref https://github.com/cloudflare/linux/issues/1#issuecomment-729695518 + # --resilience=none disables the resilience feature of cryptsetup, which is enabled by default + # --force-offline-reencrypt forces the reencryption to be done offline (no read/write operations on the device) + # --disable-locks disables the lock feature of cryptsetup, which is enabled by default - #Validate past cryptsetup reencrypt attempts - if [ $? -ne 0 ]; then + # Validate past cryptsetup reencrypt attempts + if ! DO_WITH_DEBUG cryptsetup reencrypt \ + --perf-no_read_workqueue --perf-no_write_workqueue \ + --resilience=none --force-offline-reencrypt --disable-locks \ + "$luks_container" --key-slot "$DRK_KEYSLOT" \ + --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase; then whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null @@ -473,8 +478,8 @@ luks_reencrypt() { export luks_current_Disk_Recovery_Key_passphrase export LUKS - # we break loop since success - break; + # Increment the count of reencrypted containers + reencrypted_containers=$((reencrypted_containers + 1)) fi done done From 135ecbe4017ccb1d92c4e677ab0c71143880344f Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Wed, 31 Jul 2024 10:00:39 -0400 Subject: [PATCH 57/84] WiP : Add additional fake cryptsetup reencrypt calls replacement since we know reencrypt work ( optimize qemu slow testings ) Signed-off-by: Thierry Laurion --- initrd/etc/luks-functions | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index 0d9d86b2c..c6a2d6525 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -455,11 +455,12 @@ luks_reencrypt() { # --disable-locks disables the lock feature of cryptsetup, which is enabled by default # Validate past cryptsetup reencrypt attempts - if ! DO_WITH_DEBUG cryptsetup reencrypt \ - --perf-no_read_workqueue --perf-no_write_workqueue \ - --resilience=none --force-offline-reencrypt --disable-locks \ - "$luks_container" --key-slot "$DRK_KEYSLOT" \ - --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase; then + #if ! DO_WITH_DEBUG cryptsetup reencrypt \ + #--perf-no_read_workqueue --perf-no_write_workqueue \ + #--resilience=none --force-offline-reencrypt --disable-locks \ + #"$luks_container" --key-slot "$DRK_KEYSLOT" \ + #--key-file /tmp/luks_current_Disk_Recovery_Key_passphrase; then + if ! DO_WITH_DEBUG echo "fake cryptsetup reencrypt call"; then whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ "If you previously changed it and do not remember it, you will have to\n reinstall the OS from a an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 shred -n 10 -z -u /tmp/luks_current_Disk_Recovery_Key_passphrase 2>/dev/null From 6bf46e96ba568a63af816041ba0ee1e7f33b3a46 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Wed, 31 Jul 2024 12:36:05 -0400 Subject: [PATCH 58/84] WiP : fix luks_change_passphrase to match luks_reencrypt. TODO: fix authenticated heads thumb drive LUKS now failing Narrow bug domain: - Factory reset works with - LUKS Reencryption: Y - LUKS Passphrase change: N - Gen private keys in memory + copy to card (authenticated Head) : N - public key backup to usb thumb drive containing public/encrypted partition: Y Signed-off-by: Thierry Laurion --- initrd/etc/luks-functions | 132 +++++++++++++++++++------------------- 1 file changed, 67 insertions(+), 65 deletions(-) diff --git a/initrd/etc/luks-functions b/initrd/etc/luks-functions index c6a2d6525..dfac73301 100644 --- a/initrd/etc/luks-functions +++ b/initrd/etc/luks-functions @@ -486,71 +486,73 @@ luks_reencrypt() { done } -luks_change_passphrase() -{ - TRACE_FUNC - while :; do - select_luks_container || return 1 - #if actual or new LUKS Disk Recovery Key is not provisioned by oem-provisioning file - if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ] || [ -z "$luks_new_Disk_Recovery_Key_passphrase" ]; then - whiptail --title 'Changing LUKS Disk Recovery Key passphrase' --msgbox \ - "Please enter the current LUKS Disk Recovery Key passphrase (slot 0).\nThen choose a strong passphrase of your own.\n\n**DICEWARE passphrase methodology is STRONGLY ADVISED.**\n\nHit Enter to continue" 0 80 - if [ -z "$luks_new_Disk_Recovery_Key_passphrase" ]; then - echo -e "\nEnter your desired replacement for the actual LUKS Disk Recovery Key passphrase (At least 8 characters long):" - while [[ ${#luks_new_Disk_Recovery_Key_passphrase} -lt 8 ]]; do - { - read -r luks_new_Disk_Recovery_Key_passphrase - };done - fi - if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ]; then - echo -e "\nEnter the current LUKS Disk Recovery Key passphrase (Configured at OS installation or by OEM):" - read -r luks_current_Disk_Recovery_Key_passphrase - fi - export luks_current_Disk_Recovery_Key_passphrase - export luks_new_Disk_Recovery_Key_passphrase - echo -n "$luks_new_Disk_Recovery_Key_passphrase" >/tmp/luks_new_Disk_Recovery_Key_passphrase - echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase - else - #If current and new LUKS Disk Recovery Key were exported - echo -n "$luks_new_Disk_Recovery_Key_passphrase" >/tmp/luks_new_Disk_Recovery_Key_passphrase - echo -n "$luks_current_Disk_Recovery_Key_passphrase" >/tmp/luks_current_Disk_Recovery_Key_passphrase - fi - - #output and do cryptsetup luksChangeKey op - echo -e "\nChanging "$LUKS" LUKS encrypted disk passphrase to the new LUKS Disk Recovery Key passphrase..." - cryptsetup luksChangeKey "$LUKS" --key-file=/tmp/luks_current_Disk_Recovery_Key_passphrase /tmp/luks_new_Disk_Recovery_Key_passphrase - - #Validate past cryptsetup attempts - if [ $? -ne 0 ]; then - #Cryptsetup luksChangeKey was unsuccessful - whiptail --title 'Invalid LUKS passphrase?' --msgbox \ - "The LUKS Disk Recovery Key passphrase was provided to you by the OEM over\n a secure communication channel.\n\nIf you previously changed it and do not remember it,\n you will have to reinstall the OS from a USB drive.\nTo do so, put OS ISO file and it's signature file on root of a USB drive,\n and select Boot from USB\n\nHit Enter to continue." 0 80 - unset luks_current_Disk_Recovery_Key_passphrase - unset luks_new_Disk_Recovery_Key_passphrase - #remove "known good" selected LUKS container so that next pass asks again user to select LUKS container. - #maybe the container was not the right one - detect_boot_device - mount -o remount,rw /boot - rm -f /boot/kexec_key_devices.txt - mount -o remount,ro /boot - else - #Cryptsetup was successful. - echo "Success." - - #Cleanup should be called separately - #Exporting successfully used passphrase possibly reused by oem-factory-reset - luks_current_Disk_Recovery_Key_passphrase=$luks_new_Disk_Recovery_Key_passphrase - export luks_current_Disk_Recovery_Key_passphrase - export luks_new_Disk_Recovery_Key_passphrase - - #Export chosen LUKS volume - export LUKS - - #break loop - #TODO: What about QubesSOS multi LUKS BRTFS deployment? - break; - fi - done +luks_change_passphrase() { + TRACE_FUNC + + select_luks_container || return 1 + + # Count the number of containers to be processed + num_containers=$(echo "$LUKS" | wc -w) + changed_containers=0 + + # Split the $LUKS variable into an array of LUKS containers + IFS=' ' read -ra luks_containers <<< "$LUKS" + + for luks_container in "${luks_containers[@]}"; do + if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ] || [ -z "$luks_new_Disk_Recovery_Key_passphrase" ]; then + whiptail --title 'Changing LUKS Disk Recovery Key passphrase' --msgbox \ + "Please enter the current LUKS Disk Recovery Key passphrase (slot 0).\nThen choose a strong passphrase of your own.\n\n**DICEWARE passphrase methodology is STRONGLY ADVISED.**\n\nHit Enter to continue" 0 80 + + if [ -z "$luks_new_Disk_Recovery_Key_passphrase" ]; then + echo -e "\nEnter your desired replacement for the actual LUKS Disk Recovery Key passphrase (At least 8 characters long):" + while [[ ${#luks_new_Disk_Recovery_Key_passphrase} -lt 8 ]]; do + read -r luks_new_Disk_Recovery_Key_passphrase + done + fi + + if [ -z "$luks_current_Disk_Recovery_Key_passphrase" ]; then + echo -e "\nEnter the current LUKS Disk Recovery Key passphrase (Configured at OS installation or by OEM):" + read -r luks_current_Disk_Recovery_Key_passphrase + fi + fi + + echo -n "$luks_current_Disk_Recovery_Key_passphrase" > /tmp/luks_current_Disk_Recovery_Key_passphrase + echo -n "$luks_new_Disk_Recovery_Key_passphrase" > /tmp/luks_new_Disk_Recovery_Key_passphrase + + DEBUG "$luks_container: Testing opening LUKS encrypted drive content with the current LUKS Disk Recovery Key passphrase" + if ! DO_WITH_DEBUG cryptsetup open --test-passphrase "$luks_container" --key-file /tmp/luks_current_Disk_Recovery_Key_passphrase > /dev/null 2>&1; then + whiptail --title 'Invalid Actual LUKS Disk Recovery Key passphrase?' --msgbox \ + "If you previously changed it and do not remember it, you will have to\n reinstall the OS from an external drive.\n\nTo do so, place the ISO file and its signature file on root of an\n external drive, and select Options-> Boot from USB \n\nHit Enter to retry." 0 80 + unset luks_current_Disk_Recovery_Key_passphrase + unset luks_new_Disk_Recovery_Key_passphrase + detect_boot_device + mount -o remount,rw /boot + rm -f /boot/kexec_key_devices.txt + mount -o remount,ro /boot + unset LUKS + continue + fi + + echo -e "\nChanging $luks_container LUKS encrypted disk passphrase to the new LUKS Disk Recovery Key passphrase..." + if ! DO_WITH_DEBUG cryptsetup luksChangeKey "$luks_container" --key-file=/tmp/luks_current_Disk_Recovery_Key_passphrase /tmp/luks_new_Disk_Recovery_Key_passphrase; then + whiptail --title 'Failed to change LUKS passphrase' --msgbox \ + "Failed to change the passphrase for $luks_container.\nPlease try again." 0 80 + continue + fi + + echo "Success changing passphrase for $luks_container." + changed_containers=$((changed_containers + 1)) + done + + if [ $changed_containers -eq $num_containers ]; then + # All containers processed successfully + luks_current_Disk_Recovery_Key_passphrase=$luks_new_Disk_Recovery_Key_passphrase + export luks_current_Disk_Recovery_Key_passphrase + export luks_new_Disk_Recovery_Key_passphrase + export LUKS + fi + + luks_secrets_cleanup } luks_secrets_cleanup() From ab1c25de20eebeba728bd4c93f722b4b44932485 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Wed, 31 Jul 2024 15:46:41 -0400 Subject: [PATCH 59/84] WiP: having issue with dirmngr again upon factory reset with qemu, not sure I get source now. This was diff then master Signed-off-by: Thierry Laurion --- initrd/etc/ash_functions | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions index 04579e5c8..54b721085 100644 --- a/initrd/etc/ash_functions +++ b/initrd/etc/ash_functions @@ -67,11 +67,6 @@ preserve_rom() { confirm_gpg_card() { TRACE "Under /etc/ash_functions:confirm_gpg_card" - - # Setup the USB so we can reach the USB Security Dongle's smartcard - # Otherwise QEMU TCG is having issues... - enable_usb - #Skip prompts if we are currently using a known GPG key material Thumb drive backup and keys are unlocked pinentry #TODO: probably export CONFIG_GPG_KEY_BACKUP_IN_USE but not under /etc/user.config? #Toggle to come in next PR, but currently we don't have a way to toggle it back to n if config.user flashed back in rom @@ -143,6 +138,9 @@ confirm_gpg_card() { fi fi + # setup the USB so we can reach the USB Security Dongle's smartcard + enable_usb + echo -e "\nVerifying presence of GPG card...\n" # ensure we don't exit without retrying errexit=$(set -o | grep errexit | awk '{print $2}') From 4c4a8c626459a1dfdf4528864c50aee3227de331 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 9 Aug 2024 09:21:45 -0400 Subject: [PATCH 60/84] Bring dasharo+heads MSI boards + code changes from downstream Dasharo/heads fork to upstream - files: boards + coreboot + linux, borrowed directly from https://github.com/Dasharo/heads/commit/cb430394e289fcfdaace8123aed4f76148041759 tip - cbfs-init modified as per downstream fork dasharo+heads used modifications (flashrom) - ash_functions modified as per downstream fork dasharo+heads used modifications (CBFS) - network-init-recovery modified as per downstream fork dasharo+heads used modifications (igc) - modules/linux modified as per downstream fork dasharo+heads used modifications (igc) - modules/coreboot modified as per downstream fork dasharo+heads used modifications (also impact nv41/ns50: coreboot version bump) - Circleci: added boards being dependent of nv41 This requires Nk3 firmware to be 1.7.1+ as per https://www.nitrokey.com/blog/2024/heads-v25-and-nitrokey-3-firmware-v171-security-updatehttps://www.nitrokey.com/blog/2024/heads-v25-and-nitrokey-3-firmware-v171-security-update DISCLAIMER: UNTESTED Sorry, not gonna cherry-pick commits here, way too messy. Signed-off-by: Thierry Laurion --- .circleci/config.yml | 28 + boards/msi_z690a_ddr4/msi_z690a_ddr4.config | 51 + boards/msi_z690a_ddr5/msi_z690a_ddr5.config | 51 + boards/msi_z790p_ddr4/msi_z790p_ddr4.config | 51 + boards/msi_z790p_ddr5/msi_z790p_ddr5.config | 51 + config/coreboot-msi_z690a_ddr4.config | 861 +++++ config/coreboot-msi_z690a_ddr5.config | 861 +++++ config/coreboot-msi_z790p_ddr4.config | 862 +++++ config/coreboot-msi_z790p_ddr5.config | 862 +++++ config/linux-msi-z690-z790.config | 3394 +++++++++++++++++++ initrd/bin/cbfs-init | 11 +- initrd/bin/network-init-recovery | 2 +- initrd/etc/ash_functions | 9 +- modules/coreboot | 2 +- modules/linux | 1 + 15 files changed, 7091 insertions(+), 6 deletions(-) create mode 100644 boards/msi_z690a_ddr4/msi_z690a_ddr4.config create mode 100644 boards/msi_z690a_ddr5/msi_z690a_ddr5.config create mode 100644 boards/msi_z790p_ddr4/msi_z790p_ddr4.config create mode 100644 boards/msi_z790p_ddr5/msi_z790p_ddr5.config create mode 100644 config/coreboot-msi_z690a_ddr4.config create mode 100644 config/coreboot-msi_z690a_ddr5.config create mode 100644 config/coreboot-msi_z790p_ddr4.config create mode 100644 config/coreboot-msi_z790p_ddr5.config create mode 100644 config/linux-msi-z690-z790.config diff --git a/.circleci/config.yml b/.circleci/config.yml index e30f374a4..430e96220 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -499,6 +499,34 @@ workflows: requires: - nitropad-nv41 + - build: + name: msi_z690a_ddr4 + target: msi_z690a_ddr4 + subcommand: "" + requires: + - nitropad-nv41 + + - build: + name: msi_z690a_ddr5 + target: msi_z690a_ddr5 + subcommand: "" + requires: + - nitropad-nv41 + + - build: + name: msi_z790p_ddr4 + target: msi_z790p_ddr4 + subcommand: "" + requires: + - nitropad-nv41 + + - build: + name: msi_z790p_ddr5 + target: msi_z790p_ddr5 + subcommand: "" + requires: + - nitropad-nv41 + # coreboot 4.11 - build: name: UNMAINTAINED_kgpe-d16_workstation diff --git a/boards/msi_z690a_ddr4/msi_z690a_ddr4.config b/boards/msi_z690a_ddr4/msi_z690a_ddr4.config new file mode 100644 index 000000000..3e6dfcf45 --- /dev/null +++ b/boards/msi_z690a_ddr4/msi_z690a_ddr4.config @@ -0,0 +1,51 @@ +# MSI PRO Z690-A DDR4 board configuration + +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=dasharo +export CONFIG_LINUX_VERSION=6.1.8 + +CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z690a_ddr4.config +CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config + +CONFIG_KEXEC=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_POPT=y +CONFIG_FLASHTOOLS=y +CONFIG_FLASHROM=y +CONFIG_PCIUTILS=y +CONFIG_UTIL_LINUX=y +CONFIG_CRYPTSETUP2=y +CONFIG_GPG2=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y + +CONFIG_DROPBEAR=y + +CONFIG_HOTPKEY=y + +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +CONFIG_LINUX_USB=y +CONFIG_LINUX_IGC=y + +export CONFIG_USB_KEYBOARD=y + +export CONFIG_BOOTSCRIPT=/bin/gui-init + +export CONFIG_BOOT_KERNEL_ADD="" +export CONFIG_BOOT_KERNEL_REMOVE="" + +# TPM2 requirements +export CONFIG_TPM2_TOOLS=y +export CONFIG_PRIMARY_KEY_TYPE=ecc +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y + +export CONFIG_BOOT_DEV="/dev/nvme0n1" +export CONFIG_BOARD_NAME="MSI PRO Z690-A DDR4" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" + +# Workaround to access > 16MiB BIOS region on ADL+ +export CONFIG_CBFS_VIA_FLASHROM=y diff --git a/boards/msi_z690a_ddr5/msi_z690a_ddr5.config b/boards/msi_z690a_ddr5/msi_z690a_ddr5.config new file mode 100644 index 000000000..5b694c51a --- /dev/null +++ b/boards/msi_z690a_ddr5/msi_z690a_ddr5.config @@ -0,0 +1,51 @@ +# MSI PRO Z690-A (DDR5) board configuration + +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=dasharo +export CONFIG_LINUX_VERSION=6.1.8 + +CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z690a_ddr5.config +CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config + +CONFIG_KEXEC=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_POPT=y +CONFIG_FLASHTOOLS=y +CONFIG_FLASHROM=y +CONFIG_PCIUTILS=y +CONFIG_UTIL_LINUX=y +CONFIG_CRYPTSETUP2=y +CONFIG_GPG2=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y + +CONFIG_DROPBEAR=y + +CONFIG_HOTPKEY=y + +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +CONFIG_LINUX_USB=y +CONFIG_LINUX_IGC=y + +export CONFIG_USB_KEYBOARD=y + +export CONFIG_BOOTSCRIPT=/bin/gui-init + +export CONFIG_BOOT_KERNEL_ADD="" +export CONFIG_BOOT_KERNEL_REMOVE="" + +# TPM2 requirements +export CONFIG_TPM2_TOOLS=y +export CONFIG_PRIMARY_KEY_TYPE=ecc +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y + +export CONFIG_BOOT_DEV="/dev/nvme0n1" +export CONFIG_BOARD_NAME="MSI PRO Z690-A" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" + +# Workaround to access > 16MiB BIOS region on ADL+ +export CONFIG_CBFS_VIA_FLASHROM=y diff --git a/boards/msi_z790p_ddr4/msi_z790p_ddr4.config b/boards/msi_z790p_ddr4/msi_z790p_ddr4.config new file mode 100644 index 000000000..8181b6c72 --- /dev/null +++ b/boards/msi_z790p_ddr4/msi_z790p_ddr4.config @@ -0,0 +1,51 @@ +# MSI PRO Z790-P DDR4 board configuration + +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=dasharo +export CONFIG_LINUX_VERSION=6.1.8 + +CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z790p_ddr4.config +CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config + +CONFIG_KEXEC=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_POPT=y +CONFIG_FLASHTOOLS=y +CONFIG_FLASHROM=y +CONFIG_PCIUTILS=y +CONFIG_UTIL_LINUX=y +CONFIG_CRYPTSETUP2=y +CONFIG_GPG2=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y + +CONFIG_DROPBEAR=y + +CONFIG_HOTPKEY=y + +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +CONFIG_LINUX_USB=y +CONFIG_LINUX_IGC=y + +export CONFIG_USB_KEYBOARD=y + +export CONFIG_BOOTSCRIPT=/bin/gui-init + +export CONFIG_BOOT_KERNEL_ADD="" +export CONFIG_BOOT_KERNEL_REMOVE="" + +# TPM2 requirements +export CONFIG_TPM2_TOOLS=y +export CONFIG_PRIMARY_KEY_TYPE=ecc +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y + +export CONFIG_BOOT_DEV="/dev/nvme0n1" +export CONFIG_BOARD_NAME="MSI PRO Z790-P DDR4" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" + +# Workaround to access > 16MiB BIOS region on ADL+ +export CONFIG_CBFS_VIA_FLASHROM=y diff --git a/boards/msi_z790p_ddr5/msi_z790p_ddr5.config b/boards/msi_z790p_ddr5/msi_z790p_ddr5.config new file mode 100644 index 000000000..f7ef7012f --- /dev/null +++ b/boards/msi_z790p_ddr5/msi_z790p_ddr5.config @@ -0,0 +1,51 @@ +# MSI PRO Z790-P (DDR5) board configuration + +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=dasharo +export CONFIG_LINUX_VERSION=6.1.8 + +CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z790p_ddr5.config +CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config + +CONFIG_KEXEC=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_POPT=y +CONFIG_FLASHTOOLS=y +CONFIG_FLASHROM=y +CONFIG_PCIUTILS=y +CONFIG_UTIL_LINUX=y +CONFIG_CRYPTSETUP2=y +CONFIG_GPG2=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y + +CONFIG_DROPBEAR=y + +CONFIG_HOTPKEY=y + +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +CONFIG_LINUX_USB=y +CONFIG_LINUX_IGC=y + +export CONFIG_USB_KEYBOARD=y + +export CONFIG_BOOTSCRIPT=/bin/gui-init + +export CONFIG_BOOT_KERNEL_ADD="" +export CONFIG_BOOT_KERNEL_REMOVE="" + +# TPM2 requirements +export CONFIG_TPM2_TOOLS=y +export CONFIG_PRIMARY_KEY_TYPE=ecc +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y + +export CONFIG_BOOT_DEV="/dev/nvme0n1" +export CONFIG_BOARD_NAME="MSI PRO Z790-P" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" + +# Workaround to access > 16MiB BIOS region on ADL+ +export CONFIG_CBFS_VIA_FLASHROM=y diff --git a/config/coreboot-msi_z690a_ddr4.config b/config/coreboot-msi_z690a_ddr4.config new file mode 100644 index 000000000..27e58396e --- /dev/null +++ b/config/coreboot-msi_z690a_ddr4.config @@ -0,0 +1,861 @@ +# +# Automatically generated file; DO NOT EDIT. +# coreboot configuration +# + +# +# General setup +# +CONFIG_COREBOOT_BUILD=y +CONFIG_LOCALVERSION="" +CONFIG_CBFS_PREFIX="fallback" +CONFIG_COMPILER_GCC=y +# CONFIG_COMPILER_LLVM_CLANG is not set +CONFIG_ARCH_SUPPORTS_CLANG=y +# CONFIG_ANY_TOOLCHAIN is not set +# CONFIG_CCACHE is not set +# CONFIG_IWYU is not set +# CONFIG_FMD_GENPARSER is not set +# CONFIG_UTIL_GENPARSER is not set +CONFIG_OPTION_BACKEND_NONE=y +CONFIG_COMPRESS_RAMSTAGE_LZMA=y +# CONFIG_COMPRESS_RAMSTAGE_LZ4 is not set +CONFIG_INCLUDE_CONFIG_FILE=y +CONFIG_COLLECT_TIMESTAMPS=y +# CONFIG_TIMESTAMPS_ON_CONSOLE is not set +CONFIG_USE_BLOBS=y +# CONFIG_USE_AMD_BLOBS is not set +# CONFIG_USE_QC_BLOBS is not set +# CONFIG_COVERAGE is not set +# CONFIG_UBSAN is not set +CONFIG_HAVE_ASAN_IN_RAMSTAGE=y +# CONFIG_ASAN is not set +# CONFIG_NO_STAGE_CACHE is not set +CONFIG_TSEG_STAGE_CACHE=y +# CONFIG_UPDATE_IMAGE is not set +CONFIG_BOOTSPLASH_IMAGE=y +CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg" +CONFIG_BOOTSPLASH_CONVERT=y +CONFIG_BOOTSPLASH_CONVERT_QUALITY=90 +# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set +# CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set +# CONFIG_FW_CONFIG is not set + +# +# Software Bill Of Materials (SBOM) +# +# CONFIG_SBOM is not set +# end of Software Bill Of Materials (SBOM) +# end of General setup + +# +# Mainboard +# + +# +# Important: Run 'make distclean' before switching boards +# +# CONFIG_VENDOR_51NB is not set +# CONFIG_VENDOR_ACER is not set +# CONFIG_VENDOR_ADLINK is not set +# CONFIG_VENDOR_AMD is not set +# CONFIG_VENDOR_AOPEN is not set +# CONFIG_VENDOR_APPLE is not set +# CONFIG_VENDOR_ASROCK is not set +# CONFIG_VENDOR_ASUS is not set +# CONFIG_VENDOR_BIOSTAR is not set +# CONFIG_VENDOR_BOSTENTECH is not set +# CONFIG_VENDOR_BYTEDANCE is not set +# CONFIG_VENDOR_CAVIUM is not set +# CONFIG_VENDOR_CLEVO is not set +# CONFIG_VENDOR_COMPULAB is not set +# CONFIG_VENDOR_DELL is not set +# CONFIG_VENDOR_EMULATION is not set +# CONFIG_VENDOR_EXAMPLE is not set +# CONFIG_VENDOR_FACEBOOK is not set +# CONFIG_VENDOR_FOXCONN is not set +# CONFIG_VENDOR_GETAC is not set +# CONFIG_VENDOR_GIGABYTE is not set +# CONFIG_VENDOR_GOOGLE is not set +# CONFIG_VENDOR_HP is not set +# CONFIG_VENDOR_IBASE is not set +# CONFIG_VENDOR_IBM is not set +# CONFIG_VENDOR_INTEL is not set +# CONFIG_VENDOR_INVENTEC is not set +# CONFIG_VENDOR_KONTRON is not set +# CONFIG_VENDOR_LENOVO is not set +# CONFIG_VENDOR_LIBRETREND is not set +CONFIG_VENDOR_MSI=y +# CONFIG_VENDOR_NOVACUSTOM is not set +# CONFIG_VENDOR_OCP is not set +# CONFIG_VENDOR_OPENCELLULAR is not set +# CONFIG_VENDOR_PACKARDBELL is not set +# CONFIG_VENDOR_PCENGINES is not set +# CONFIG_VENDOR_PINE64 is not set +# CONFIG_VENDOR_PORTWELL is not set +# CONFIG_VENDOR_PRODRIVE is not set +# CONFIG_VENDOR_PROTECTLI is not set +# CONFIG_VENDOR_PURISM is not set +# CONFIG_VENDOR_RAZER is not set +# CONFIG_VENDOR_RODA is not set +# CONFIG_VENDOR_SAMSUNG is not set +# CONFIG_VENDOR_SAPPHIRE is not set +# CONFIG_VENDOR_SIEMENS is not set +# CONFIG_VENDOR_SIFIVE is not set +# CONFIG_VENDOR_STARLABS is not set +# CONFIG_VENDOR_SUPERMICRO is not set +# CONFIG_VENDOR_SYSTEM76 is not set +# CONFIG_VENDOR_TI is not set +# CONFIG_VENDOR_UP is not set +CONFIG_MAINBOARD_FAMILY="Default string" +CONFIG_MAINBOARD_PART_NUMBER="PRO Z690-A WIFI DDR4(MS-7D25)" +CONFIG_MAINBOARD_VERSION="1.0" +CONFIG_MAINBOARD_DIR="msi/ms7d25" +CONFIG_DIMM_MAX=4 +CONFIG_DIMM_SPD_SIZE=512 +CONFIG_FMDFILE="" +# CONFIG_NO_POST is not set +CONFIG_MAINBOARD_VENDOR="Micro-Star International Co., Ltd." +CONFIG_CBFS_SIZE=0x1c00000 +CONFIG_CONSOLE_SERIAL=y +CONFIG_MAX_CPUS=32 +CONFIG_ONBOARD_VGA_IS_PRIMARY=y +CONFIG_POST_DEVICE=y +CONFIG_POST_IO=y +CONFIG_UART_FOR_CONSOLE=0 +CONFIG_DEVICETREE="devicetree.cb" +# CONFIG_VBOOT is not set +CONFIG_OVERRIDE_DEVICETREE="" +# CONFIG_VGA_BIOS is not set +CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Micro-Star International Co., Ltd." +CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/data.vbt" +# CONFIG_DISABLE_HECI1_AT_PRE_BOOT is not set +CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0x4000 +CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0 +CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="PRO Z690-A WIFI DDR4(MS-7D25)" +# CONFIG_CONSOLE_POST is not set +# CONFIG_USE_PM_ACPI_TIMER is not set +CONFIG_TPM_PIRQ=0x3f +# CONFIG_SOC_INTEL_CSE_SEND_EOP_EARLY is not set +CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xc0000000 +CONFIG_ECAM_MMCONF_BUS_NUMBER=256 +CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld" +CONFIG_DCACHE_RAM_BASE=0xfef00000 +CONFIG_DCACHE_RAM_SIZE=0xc0000 +CONFIG_C_ENV_BOOTBLOCK_SIZE=0x40000 +CONFIG_DCACHE_BSP_STACK_SIZE=0x80400 +CONFIG_MAX_ACPI_TABLE_SIZE_KB=144 +CONFIG_HAVE_INTEL_FIRMWARE=y +CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000 +CONFIG_DRIVERS_INTEL_WIFI=y +CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/$(MAINBOARDDIR)/descriptor.bin" +CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/$(MAINBOARDDIR)/me.bin" +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x100000 +CONFIG_PCIEXP_DEFAULT_MAX_RESIZABLE_BAR_BITS=37 +CONFIG_VBT_DATA_SIZE_KB=9 +CONFIG_CARDBUS_PLUGIN_SUPPORT=y +CONFIG_SPI_FLASH_DONT_INCLUDE_ALL_DRIVERS=y +CONFIG_USE_LEGACY_8254_TIMER=y +CONFIG_GBB_HWID="MSI_MS7D25" +# CONFIG_DEBUG_SMI is not set +CONFIG_HAVE_IFD_BIN=y +CONFIG_PS2K_EISAID="PNP0303" +CONFIG_PS2M_EISAID="PNP0F13" +# CONFIG_BOARD_MSI_H81M_P33 is not set +# CONFIG_BOARD_MSI_MS7707 is not set +CONFIG_BOARD_MSI_Z690_A_PRO_WIFI_DDR4=y +# CONFIG_BOARD_MSI_Z690_A_PRO_WIFI_DDR5 is not set +# CONFIG_BOARD_MSI_Z790_P_PRO_WIFI_DDR4 is not set +# CONFIG_BOARD_MSI_Z790_P_PRO_WIFI_DDR5 is not set +CONFIG_BOARD_MSI_MS7D25=y +CONFIG_CPU_MICROCODE_CBFS_LOC=0xff800000 +CONFIG_INTEL_FIT_LOC=0xfffc0000 +CONFIG_BOARD_HAS_MSI_ROMHOLE=y +CONFIG_MSI_ROMHOLE_IN_CBFS=y +CONFIG_MSI_ROMHOLE_ADDRESS_IN_CBFS=0xff7c0000 +CONFIG_MSI_ROMHOLE_SIZE_IN_CBFS=0x20000 +CONFIG_TTYS0_BAUD=115200 +CONFIG_POWER_STATE_DEFAULT_ON_AFTER_FAILURE=y +CONFIG_D3COLD_SUPPORT=y +# CONFIG_PCIEXP_ASPM is not set +# CONFIG_PCIEXP_L1_SUB_STATE is not set +# CONFIG_PCIEXP_CLK_PM is not set +CONFIG_DRIVERS_UART_8250IO=y +CONFIG_PC_CMOS_BASE_PORT_BANK1=0x72 +CONFIG_HEAP_SIZE=0x10000 +CONFIG_EC_GPE_SCI=0x50 +CONFIG_TPM_MEASURED_BOOT=y +CONFIG_LINUX_COMMAND_LINE="quiet splash" +CONFIG_BOARD_ROMSIZE_KB_32768=y +# CONFIG_COREBOOT_ROMSIZE_KB_256 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_512 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_1024 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_2048 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_4096 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_5120 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_6144 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_8192 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_10240 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_12288 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_16384 is not set +CONFIG_COREBOOT_ROMSIZE_KB_32768=y +# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set +CONFIG_COREBOOT_ROMSIZE_KB=32768 +CONFIG_ROM_SIZE=0x02000000 +CONFIG_HAVE_POWER_STATE_AFTER_FAILURE=y +CONFIG_HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE=y +CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y +# CONFIG_POWER_STATE_ON_AFTER_FAILURE is not set +# CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set +CONFIG_MAINBOARD_POWER_FAILURE_STATE=0 +# end of Mainboard + +# +# Chipset +# + +# +# SoC +# +CONFIG_CHIPSET_DEVICETREE="soc/intel/alderlake/chipset_pch_s.cb" +CONFIG_FSP_M_FILE="$(obj)/Fsp_M.fd" +CONFIG_FSP_S_FILE="$(obj)/Fsp_S.fd" +CONFIG_CBFS_MCACHE_SIZE=0x4000 +CONFIG_ROMSTAGE_ADDR=0x2000000 +CONFIG_FSP_TEMP_RAM_SIZE=0x20000 +CONFIG_VERSTAGE_ADDR=0x2000000 +CONFIG_SMM_TSEG_SIZE=0x800000 +CONFIG_SMM_RESERVED_SIZE=0x200000 +CONFIG_SMM_MODULE_STACK_SIZE=0x800 +CONFIG_ACPI_BERT_SIZE=0x0 +CONFIG_DRIVERS_I2C_DESIGNWARE_CLOCK_MHZ=133 +CONFIG_VBOOT_HASH_BLOCK_SIZE=0x1000 +CONFIG_ACPI_CPU_STRING="CP%02X" +CONFIG_STACK_SIZE=0x2000 +CONFIG_SOC_INTEL_ALDERLAKE=y +CONFIG_SOC_INTEL_RAPTORLAKE=y +CONFIG_SOC_INTEL_ALDERLAKE_PCH_S=y +CONFIG_ALDERLAKE_CAR_ENHANCED_NEM=y +CONFIG_EXT_BIOS_WIN_BASE=0xf8000000 +CONFIG_EXT_BIOS_WIN_SIZE=0x2000000 +CONFIG_IFD_CHIPSET="adl" +CONFIG_IED_REGION_SIZE=0x400000 +CONFIG_MAX_PCH_ROOT_PORTS=28 +CONFIG_MAX_CPU_ROOT_PORTS=3 +CONFIG_MAX_TBT_ROOT_PORTS=0 +CONFIG_MAX_ROOT_PORTS=28 +CONFIG_MAX_PCIE_CLOCK_SRC=18 +CONFIG_MAX_PCIE_CLOCK_REQ=18 +CONFIG_PCR_BASE_ADDRESS=0xe0000000 +CONFIG_CPU_BCLK_MHZ=100 +CONFIG_SOC_INTEL_PERFORMANCE_CORE_SCALE_FACTOR=127 +CONFIG_SOC_INTEL_EFFICIENT_CORE_SCALE_FACTOR=100 +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_CLOCK_MHZ=120 +CONFIG_CPU_XTAL_HZ=38400000 +CONFIG_SOC_INTEL_UFS_CLK_FREQ_HZ=19200000 +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_MAX=7 +CONFIG_SOC_INTEL_I2C_DEV_MAX=8 +# CONFIG_ENABLE_SATA_TEST_MODE is not set +CONFIG_SOC_INTEL_UART_DEV_MAX=7 +CONFIG_SOC_INTEL_COMMON_LPSS_UART_CLK_M_VAL=0x25a +CONFIG_SOC_INTEL_COMMON_LPSS_UART_CLK_N_VAL=0x7fff +CONFIG_FSP_HEADER_PATH="3rdparty/fsp/RaptorLakeFspBinPkg/Client/RaptorLakeS/Include/" +CONFIG_FSP_FD_PATH="3rdparty/fsp/RaptorLakeFspBinPkg/Client/RaptorLakeS/Fsp.fd" +CONFIG_SOC_INTEL_ALDERLAKE_DEBUG_CONSENT=0 +CONFIG_DATA_BUS_WIDTH=128 +CONFIG_DIMMS_PER_CHANNEL=2 +CONFIG_MRC_CHANNEL_WIDTH=16 +CONFIG_ACPI_ADL_IPU_ES_SUPPORT=y +CONFIG_ALDERLAKE_ENABLE_SOC_WORKAROUND=y +CONFIG_SI_DESC_REGION="SI_DESC" +CONFIG_SI_DESC_REGION_SZ=4096 +# CONFIG_BUILDING_WITH_DEBUG_FSP is not set +CONFIG_INTEL_GMA_BCLV_OFFSET=0xc8258 +CONFIG_INTEL_GMA_BCLV_WIDTH=32 +CONFIG_INTEL_GMA_BCLM_OFFSET=0xc8254 +CONFIG_INTEL_GMA_BCLM_WIDTH=32 +CONFIG_FSP_PUBLISH_MBP_HOB=y +CONFIG_INCLUDE_HSPHY_IN_FMAP=y +CONFIG_HSPHY_FW_FILE="" +CONFIG_HSPHY_FW_MAX_SIZE=0x8000 +CONFIG_MAX_HECI_DEVICES=6 +CONFIG_BOOTBLOCK_IN_CBFS=y +CONFIG_HAVE_PAM0_REGISTER=y +CONFIG_PCIEXP_COMMON_CLOCK=y +CONFIG_CPU_INTEL_NUM_FIT_ENTRIES=4 +CONFIG_SOC_INTEL_GFX_FRAMEBUFFER_OFFSET=0x0 +CONFIG_PCIE_LTR_MAX_SNOOP_LATENCY=0x1003 +CONFIG_PCIE_LTR_MAX_NO_SNOOP_LATENCY=0x1003 +CONFIG_INTEL_TME=y +CONFIG_SOC_INTEL_COMMON_BLOCK_P2SB=y +CONFIG_FIXED_SMBUS_IO_BASE=0xefa0 +CONFIG_CBFS_CACHE_ALIGN=8 +CONFIG_SOC_INTEL_COMMON=y + +# +# Intel SoC Common Code for IP blocks +# +CONFIG_SOC_INTEL_COMMON_BLOCK=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_GPIO=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_LPIT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_PEP=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_PEP_LPM_REQ=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_CPPC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_CPU_HYBRID=y +CONFIG_SOC_INTEL_UFS_OCP_TIMER_DISABLE=y +CONFIG_SOC_INTEL_UFS_LTR_DISQUALIFY=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CHIP_CONFIG=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CNVI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CPU=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CPU_MPINIT=y +CONFIG_USE_FSP_FEATURE_PROGRAM_ON_APS=y +# CONFIG_USE_COREBOOT_MP_INIT is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_CPU_SMMRELOCATE=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CAR=y +CONFIG_INTEL_CAR_NEM_ENHANCED=y +CONFIG_CAR_HAS_SF_MASKS=y +CONFIG_COS_MAPPED_TO_MSB=y +CONFIG_CAR_HAS_L3_PROTECTED_WAYS=y +CONFIG_USE_INTEL_FSP_TO_CALL_COREBOOT_PUBLISH_MP_PPI=y +CONFIG_CPU_SUPPORTS_INTEL_TME=y +# CONFIG_TME_KEY_REGENERATION_ON_WARM_BOOT is not set +CONFIG_CPU_SUPPORTS_PM_TIMER_EMULATION=y +CONFIG_HAVE_HYPERTHREADING=y +CONFIG_FSP_HYPERTHREADING=y +# CONFIG_INTEL_KEYLOCKER is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_CSE=y +CONFIG_SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PMC_IPC=y +CONFIG_SOC_INTEL_CSE_SEND_EOP_LATE=y +CONFIG_SOC_INTEL_CSE_FMAP_NAME="SI_ME" +CONFIG_SOC_INTEL_CSE_RW_A_FMAP_NAME="ME_RW_A" +CONFIG_SOC_INTEL_CSE_RW_B_FMAP_NAME="ME_RW_B" +CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME="me_rw" +CONFIG_SOC_INTEL_CSE_RW_HASH_CBFS_NAME="me_rw.hash" +CONFIG_SOC_INTEL_CSE_RW_VERSION_CBFS_NAME="me_rw.version" +CONFIG_SOC_INTEL_CSE_RW_FILE="" +CONFIG_SOC_INTEL_CSE_RW_VERSION="" +CONFIG_SOC_INTEL_CSE_SET_EOP=y +CONFIG_SOC_INTEL_CSE_IOM_CBFS_NAME="cse_iom" +CONFIG_SOC_INTEL_CSE_IOM_CBFS_FILE="" +CONFIG_SOC_INTEL_CSE_NPHY_CBFS_NAME="cse_nphy" +CONFIG_SOC_INTEL_CSE_NPHY_CBFS_FILE="" +CONFIG_SOC_INTEL_CSE_HAVE_SPEC_SUPPORT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ME_SPEC_16=y +CONFIG_ME_SPEC=16 +CONFIG_SOC_INTEL_COMMON_BLOCK_DSP=y +CONFIG_SOC_INTEL_COMMON_BLOCK_DTT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_FAST_SPI=y +CONFIG_FAST_SPI_DISABLE_WRITE_STATUS=y +CONFIG_FAST_SPI_SUPPORTS_EXT_BIOS_WINDOW=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_ITSS_POL_CFG=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_DUAL_ROUTE_SUPPORT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_LOCK_USING_SBI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPMR=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GRAPHICS=y +# CONFIG_SOC_INTEL_DISABLE_IGD is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_VERSION_2=y +CONFIG_SOC_INTEL_COMMON_BLOCK_HDA=y +CONFIG_SOC_INTEL_COMMON_BLOCK_HDA_VERB=y +CONFIG_SOC_INTEL_COMMON_BLOCK_I2C=y +CONFIG_SOC_INTEL_COMMON_BLOCK_IRQ=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ITSS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_LPC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_LPC_MIRROR_TO_GPMR=y +CONFIG_SOC_INTEL_COMMON_BLOCK_LPSS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_MEMINIT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_OC_WDT=y +# CONFIG_SOC_INTEL_COMMON_OC_WDT_ENABLE is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_BASE_P2SB=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PCIE=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PCIE_RTD3=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PCR=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PMC=y +CONFIG_SOC_INTEL_MEM_MAPPED_PM_CONFIGURATION=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PMC_EPOC=y +CONFIG_PMC_IPC_ACPI_INTERFACE=y +CONFIG_PMC_GLOBAL_RESET_ENABLE_LOCK=y +CONFIG_SOC_INTEL_COMMON_BLOCK_POWER_LIMIT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_RTC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SATA=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SMBUS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_TCO=y +CONFIG_SOC_INTEL_COMMON_BLOCK_TCO_ENABLE_THROUGH_SMBUS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_IO_TRAP=y +# CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_S5_DELAY_MS=0 +CONFIG_SOC_INTEL_COMMON_BLOCK_SPI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SA=y +CONFIG_DOMAIN_RESOURCE_32BIT_LIMIT=0xe0000000 +CONFIG_SOC_INTEL_COMMON_BLOCK_THERMAL=y +CONFIG_SOC_INTEL_COMMON_BLOCK_THERMAL_BEHIND_PMC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_TIMER=y +CONFIG_SOC_INTEL_COMMON_BLOCK_UART=y +CONFIG_SOC_INTEL_COMMON_BLOCK_VTD=y +# CONFIG_ENABLE_EARLY_DMA_PROTECTION is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_XDCI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI_ELOG=y + +# +# Intel SoC Common PCH Code +# +CONFIG_SOC_INTEL_COMMON_PCH_CLIENT=y +CONFIG_SOC_INTEL_COMMON_PCH_BASE=y +CONFIG_SOC_INTEL_COMMON_PCH_LOCKDOWN=y +CONFIG_PCH_SPECIFIC_BASE_OPTIONS=y +CONFIG_PCH_SPECIFIC_DISCRETE_OPTIONS=y +CONFIG_PCH_SPECIFIC_CLIENT_OPTIONS=y + +# +# Intel SoC Common coreboot stages and non-IP blocks +# +CONFIG_SOC_INTEL_COMMON_BASECODE=y +CONFIG_SOC_INTEL_COMMON_BASECODE_RAMTOP=y +CONFIG_SOC_INTEL_COMMON_RESET=y +CONFIG_SOC_INTEL_COMMON_ACPI_WAKE_SOURCE=y +CONFIG_PAVP=y +# CONFIG_SOC_INTEL_DEBUG_CONSENT is not set +CONFIG_HAVE_INTEL_COMPLIANCE_TEST_MODE=y +# CONFIG_SOC_INTEL_COMPLIANCE_TEST_MODE is not set + +# +# CPU +# +CONFIG_CPU_INTEL_FIRMWARE_INTERFACE_TABLE=y +CONFIG_CPU_INTEL_COMMON=y +CONFIG_ENABLE_VMX=y +CONFIG_SET_IA32_FC_LOCK_BIT=y +CONFIG_SET_MSR_AESNI_LOCK_BIT=y +CONFIG_CPU_INTEL_COMMON_VOLTAGE=y +CONFIG_CPU_INTEL_COMMON_SMM=y +CONFIG_PARALLEL_MP=y +CONFIG_PARALLEL_MP_AP_WORK=y +CONFIG_XAPIC_ONLY=y +# CONFIG_X2APIC_ONLY is not set +# CONFIG_X2APIC_RUNTIME is not set +# CONFIG_X2APIC_LATE_WORKAROUND is not set +CONFIG_UDELAY_TSC=y +CONFIG_TSC_MONOTONIC_TIMER=y +CONFIG_X86_CLFLUSH_CAR=y +CONFIG_HAVE_SMI_HANDLER=y +CONFIG_SMM_TSEG=y +CONFIG_SMM_PCI_RESOURCE_STORE_NUM_SLOTS=8 +CONFIG_X86_INIT_NEED_1_SIPI=y +CONFIG_AP_STACK_SIZE=0x800 +CONFIG_SMP=y +CONFIG_SSE=y +CONFIG_SSE2=y +CONFIG_SUPPORT_CPU_UCODE_IN_CBFS=y +CONFIG_USE_CPU_MICROCODE_CBFS_BINS=y +CONFIG_CPU_MICROCODE_CBFS_DEFAULT_BINS=y +# CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_BINS is not set +# CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_HEADER is not set +# CONFIG_CPU_MICROCODE_CBFS_NONE is not set + +# +# Northbridge +# + +# +# Southbridge +# +# CONFIG_PCIEXP_HOTPLUG is not set +CONFIG_INTEL_DESCRIPTOR_MODE_REQUIRED=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y +CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y +# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set +CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000 +CONFIG_RCBA_LENGTH=0x4000 + +# +# Super I/O +# +CONFIG_SUPERIO_NUVOTON_COMMON_PRE_RAM=y +CONFIG_SUPERIO_NUVOTON_NCT6687D=y + +# +# Embedded Controllers +# + +# +# Intel Firmware +# +CONFIG_IFDTOOL_DISABLE_ME=y +CONFIG_HAVE_ME_BIN=y +# CONFIG_STITCH_ME_BIN is not set +# CONFIG_ME_REGION_ALLOW_CPU_READ_ACCESS is not set +CONFIG_HAVE_INTEL_ME_HAP=y +# CONFIG_INTEL_ME_DISABLED_HECI is not set +CONFIG_INTEL_ME_DISABLED_HAP=y +# CONFIG_INTEL_ME_ENABLED is not set +CONFIG_INTEL_ME_DEFAULT_STATE=2 +# CONFIG_DO_NOT_TOUCH_DESCRIPTOR_REGION is not set +# CONFIG_LOCK_MANAGEMENT_ENGINE is not set +CONFIG_UNLOCK_FLASH_REGIONS=y +CONFIG_BIOS_VENDOR="3mdeb" + +# +# Dasharo +# + +# +# Dasharo Configuration +# +CONFIG_DASHARO_PREFER_S3_SLEEP=y +# end of Dasharo Configuration + +CONFIG_UDK_BASE=y +CONFIG_UDK_202005_BINDING=y +CONFIG_UDK_2013_VERSION=2013 +CONFIG_UDK_2017_VERSION=2017 +CONFIG_UDK_202005_VERSION=202005 +CONFIG_UDK_202302_VERSION=202302 +CONFIG_UDK_VERSION=202005 +CONFIG_ARCH_X86=y +CONFIG_ARCH_BOOTBLOCK_X86_32=y +CONFIG_ARCH_VERSTAGE_X86_32=y +CONFIG_ARCH_ROMSTAGE_X86_32=y +CONFIG_ARCH_POSTCAR_X86_32=y +CONFIG_ARCH_RAMSTAGE_X86_32=y +CONFIG_ARCH_ALL_STAGES_X86_32=y +CONFIG_X86_CUSTOM_BOOTMEDIA=y +CONFIG_PC80_SYSTEM=y +CONFIG_POSTCAR_STAGE=y +CONFIG_BOOTBLOCK_SIMPLE=y +# CONFIG_BOOTBLOCK_NORMAL is not set +CONFIG_COLLECT_TIMESTAMPS_TSC=y +CONFIG_IDT_IN_EVERY_STAGE=y +CONFIG_HAVE_CF9_RESET=y +CONFIG_DEBUG_HW_BREAKPOINTS=y +CONFIG_DEBUG_HW_BREAKPOINTS_IN_ALL_STAGES=y +CONFIG_DEBUG_NULL_DEREF_BREAKPOINTS=y +CONFIG_DEBUG_NULL_DEREF_BREAKPOINTS_IN_ALL_STAGES=y +# CONFIG_DUMP_SMBIOS_TYPE17 is not set +# end of Chipset + +# +# Devices +# +CONFIG_HAVE_LINEAR_FRAMEBUFFER=y +CONFIG_HAVE_FSP_GOP=y +# CONFIG_VGA_ROM_RUN is not set +CONFIG_RUN_FSP_GOP=y +# CONFIG_NO_GFX_INIT is not set +CONFIG_NO_EARLY_GFX_INIT=y + +# +# Display +# +CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y +CONFIG_LINEAR_FRAMEBUFFER=y +CONFIG_BOOTSPLASH=y +# end of Display + +CONFIG_PCI=y +CONFIG_ECAM_MMCONF_SUPPORT=y +CONFIG_PCIX_PLUGIN_SUPPORT=y +CONFIG_AZALIA_PLUGIN_SUPPORT=y +CONFIG_AZALIA_LOCK_DOWN_R_WO_GCAP=y +CONFIG_PCIEXP_PLUGIN_SUPPORT=y +CONFIG_ECAM_MMCONF_LENGTH=0x10000000 +CONFIG_PCI_ALLOW_BUS_MASTER=y +CONFIG_PCI_SET_BUS_MASTER_PCI_BRIDGES=y +CONFIG_PCI_ALLOW_BUS_MASTER_ANY_DEVICE=y +CONFIG_PCIEXP_SUPPORT_RESIZABLE_BARS=y +CONFIG_PCIEXP_LANE_ERR_STAT_CLEAR=y +CONFIG_FIRMWARE_CONNECTION_MANAGER=y +# CONFIG_SOFTWARE_CONNECTION_MANAGER is not set +# CONFIG_EARLY_PCI_BRIDGE is not set +CONFIG_SUBSYSTEM_VENDOR_ID=0x0000 +CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 +CONFIG_INTEL_GMA_HAVE_VBT=y +CONFIG_INTEL_GMA_ADD_VBT=y +# CONFIG_SOFTWARE_I2C is not set +CONFIG_I2C_TRANSFER_TIMEOUT_US=500000 +# CONFIG_RESOURCE_ALLOCATION_TOP_DOWN is not set +# end of Devices + +# +# Generic Drivers +# +CONFIG_CRB_TPM=y +CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 +# CONFIG_DRIVERS_EFI_VARIABLE_STORE is not set +# CONFIG_ELOG is not set +CONFIG_CACHE_MRC_SETTINGS=y +CONFIG_MRC_SETTINGS_PROTECT=y +# CONFIG_SMMSTORE is not set +CONFIG_SPI_FLASH=y +CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y +CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y +# CONFIG_SPI_FLASH_NO_FAST_READ is not set +# CONFIG_TPM_INIT_RAMSTAGE is not set +# CONFIG_TPM_PPI is not set +CONFIG_DRIVERS_UART=y +# CONFIG_DRIVERS_UART_OXPCIE is not set +# CONFIG_VPD is not set +# CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set +# CONFIG_DRIVERS_GENERIC_CBFS_UUID is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9750 is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9755 is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9763E is not set +CONFIG_DRIVERS_I2C_DESIGNWARE=y +# CONFIG_DRIVERS_I2C_MAX98396 is not set +CONFIG_FSP_USE_REPO=y +# CONFIG_DISPLAY_HOBS is not set +# CONFIG_DISPLAY_UPD_DATA is not set +CONFIG_PLATFORM_USES_FSP2_0=y +CONFIG_PLATFORM_USES_FSP2_1=y +CONFIG_PLATFORM_USES_FSP2_2=y +CONFIG_PLATFORM_USES_FSP2_3=y +CONFIG_PLATFORM_USES_FSP2_X86_32=y +CONFIG_HAVE_INTEL_FSP_REPO=y +CONFIG_ADD_FSP_BINARIES=y +CONFIG_FSP_T_LOCATION=0xfffe0000 +CONFIG_FSP_S_CBFS="fsps.bin" +CONFIG_FSP_M_CBFS="fspm.bin" +CONFIG_FSP_FULL_FD=y +CONFIG_FSP_T_RESERVED_SIZE=0x0 +CONFIG_FSP_M_XIP=y +CONFIG_FSP_USES_CB_STACK=y +CONFIG_FSP_COMPRESS_FSP_S_LZ4=y +CONFIG_FSP_STATUS_GLOBAL_RESET_REQUIRED_3=y +CONFIG_FSP_STATUS_GLOBAL_RESET=0x40000003 +CONFIG_SOC_INTEL_COMMON_FSP_RESET=y +CONFIG_FSPS_HAS_ARCH_UPD=y +CONFIG_FSP_USES_CB_DEBUG_EVENT_HANDLER=y +# CONFIG_DISPLAY_FSP_TIMESTAMPS is not set +CONFIG_FSP_ENABLE_SERIAL_DEBUG=y +CONFIG_FSP_MULTIPHASE_SI_INIT_RETURN_BROKEN=y +CONFIG_INTEL_GMA_ACPI=y +CONFIG_INTEL_GMA_OPREGION_2_1=y +CONFIG_HAVE_INTEL_PTT=y +# CONFIG_DRIVERS_NXP_UWB_SR1XX is not set +# CONFIG_DRIVERS_PS2_KEYBOARD is not set +CONFIG_DRIVERS_MC146818=y +CONFIG_USE_PC_CMOS_ALTCENTURY=y +CONFIG_PC_CMOS_BASE_PORT_BANK0=0x70 +CONFIG_MEMORY_MAPPED_TPM=y +CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 +# CONFIG_DRIVERS_SIL_3114 is not set +CONFIG_DRIVERS_USB_ACPI=y +CONFIG_DRIVERS_WIFI_GENERIC=y +CONFIG_MP_SERVICES_PPI=y +CONFIG_MP_SERVICES_PPI_V2=y +# end of Generic Drivers + +# +# Security +# + +# +# CBFS verification +# +# CONFIG_CBFS_VERIFICATION is not set +# end of CBFS verification + +# +# Verified Boot (vboot) +# +CONFIG_VBOOT_LIB=y +# end of Verified Boot (vboot) + +# +# Trusted Platform Module +# +# CONFIG_TPM1 is not set +CONFIG_TPM2=y +CONFIG_TPM=y +# CONFIG_DEBUG_TPM is not set +# CONFIG_TPM_RDRESP_NEED_DELAY is not set +# CONFIG_TPM_LOG_CB is not set +CONFIG_TPM_LOG_TPM2=y +# CONFIG_TPM_HASH_SHA1 is not set +CONFIG_TPM_HASH_SHA256=y +# CONFIG_TPM_HASH_SHA384 is not set +# CONFIG_TPM_HASH_SHA512 is not set +CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA="" +CONFIG_TPM_MEASURED_BOOT_INIT_BOOTBLOCK=y +CONFIG_PCR_BOOT_MODE=1 +CONFIG_PCR_HWID=1 +CONFIG_PCR_SRTM=2 +CONFIG_PCR_RUNTIME_DATA=3 +# end of Trusted Platform Module + +# +# Memory initialization +# +CONFIG_PLATFORM_HAS_DRAM_CLEAR=y +# CONFIG_SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT is not set +# end of Memory initialization + +CONFIG_INTEL_TXT_LIB=y +# CONFIG_INTEL_TXT is not set +# CONFIG_STM is not set +# CONFIG_INTEL_CBNT_SUPPORT is not set +CONFIG_BOOTMEDIA_LOCK_NONE=y +# CONFIG_BOOTMEDIA_LOCK_CONTROLLER is not set +# CONFIG_BOOTMEDIA_LOCK_CHIP is not set +# CONFIG_BOOTMEDIA_SMM_BWP is not set +# end of Security + +CONFIG_ACPI_HAVE_PCAT_8259=y +CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES=y +CONFIG_ACPI_SOC_NVS=y +CONFIG_ACPI_CUSTOM_MADT=y +CONFIG_ACPI_COMMON_MADT_IOAPIC=y +CONFIG_HAVE_ACPI_TABLES=y +CONFIG_ACPI_LPIT=y +CONFIG_BOOT_DEVICE_SPI_FLASH=y +CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y +CONFIG_BOOT_DEVICE_SUPPORTS_WRITES=y +CONFIG_RTC=y + +# +# Console +# +CONFIG_BOOTBLOCK_CONSOLE=y +CONFIG_POSTCAR_CONSOLE=y +CONFIG_SQUELCH_EARLY_SMP=y + +# +# I/O mapped, 8250-compatible +# +CONFIG_TTYS0_BASE=0x3f8 + +# +# Serial port base address = 0x3f8 +# +# CONFIG_CONSOLE_SERIAL_921600 is not set +# CONFIG_CONSOLE_SERIAL_460800 is not set +# CONFIG_CONSOLE_SERIAL_230400 is not set +CONFIG_CONSOLE_SERIAL_115200=y +# CONFIG_CONSOLE_SERIAL_57600 is not set +# CONFIG_CONSOLE_SERIAL_38400 is not set +# CONFIG_CONSOLE_SERIAL_19200 is not set +# CONFIG_CONSOLE_SERIAL_9600 is not set +CONFIG_TTYS0_LCS=3 +# CONFIG_SPKMODEM is not set +# CONFIG_CONSOLE_NE2K is not set +CONFIG_CONSOLE_CBMEM=y +# CONFIG_CONSOLE_SPI_FLASH is not set +# CONFIG_CONSOLE_I2C_SMBUS is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_4 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_3 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_2 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y +CONFIG_DEFAULT_CONSOLE_LOGLEVEL=0 +# CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX is not set +# CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set +# CONFIG_CMOS_POST is not set +CONFIG_POST_DEVICE_NONE=y +# CONFIG_POST_DEVICE_LPC is not set +# CONFIG_POST_DEVICE_PCI_PCIE is not set +CONFIG_POST_IO_PORT=0x80 +CONFIG_HWBASE_DEBUG_NULL=y +# end of Console + +CONFIG_ACPI_S1_NOT_SUPPORTED=y +CONFIG_HAVE_ACPI_RESUME=y +CONFIG_RESUME_PATH_SAME_AS_BOOT=y +CONFIG_HAVE_MONOTONIC_TIMER=y +CONFIG_IOAPIC=y + +# +# System tables +# +CONFIG_GENERATE_SMBIOS_TABLES=y +CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" +# end of System tables + +# +# Payload +# +# CONFIG_PAYLOAD_NONE is not set +# CONFIG_PAYLOAD_ELF is not set +# CONFIG_PAYLOAD_BOOTBOOT is not set +# CONFIG_PAYLOAD_FILO is not set +# CONFIG_PAYLOAD_GRUB2 is not set +# CONFIG_PAYLOAD_SEAGRUB is not set +# CONFIG_PAYLOAD_LINUXBOOT is not set +# CONFIG_PAYLOAD_SEABIOS is not set +# CONFIG_PAYLOAD_UBOOT is not set +# CONFIG_PAYLOAD_EDK2 is not set +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage" +CONFIG_PAYLOAD_OPTIONS="" +# CONFIG_PXE is not set +CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz" +CONFIG_COMPRESS_SECONDARY_PAYLOAD=y + +# +# Secondary Payloads +# +# CONFIG_COREINFO_SECONDARY_PAYLOAD is not set +# CONFIG_GRUB2_SECONDARY_PAYLOAD is not set +# CONFIG_MEMTEST_SECONDARY_PAYLOAD is not set +# CONFIG_SEABIOS_SECONDARY_PAYLOAD is not set +# CONFIG_TINT_SECONDARY_PAYLOAD is not set +# CONFIG_COREDOOM_SECONDARY_PAYLOAD is not set +# end of Secondary Payloads +# end of Payload + +# +# Debugging +# + +# +# CPU Debug Settings +# +# CONFIG_DISPLAY_MTRRS is not set + +# +# BLOB Debug Settings +# +# CONFIG_DISPLAY_FSP_CALLS_AND_STATUS is not set +# CONFIG_DISPLAY_FSP_HEADER is not set +# CONFIG_VERIFY_HOBS is not set +CONFIG_DISPLAY_FSP_VERSION_INFO=y +# CONFIG_ENABLE_FSP_ERROR_INFO is not set +CONFIG_HAVE_GPIO_SNAPSHOT_VERIFY_SUPPORT=y +# CONFIG_CHECK_GPIO_CONFIG_CHANGES is not set + +# +# General Debug Settings +# +# CONFIG_GDB_STUB is not set +# CONFIG_FATAL_ASSERTS is not set +CONFIG_HAVE_DEBUG_GPIO=y +# CONFIG_DEBUG_GPIO is not set +# CONFIG_DEBUG_CBFS is not set +CONFIG_HAVE_DEBUG_RAM_SETUP=y +# CONFIG_DEBUG_RAM_SETUP is not set +CONFIG_HAVE_DEBUG_SMBUS=y +# CONFIG_DEBUG_SMBUS is not set +# CONFIG_DEBUG_CONSOLE_INIT is not set +# CONFIG_DEBUG_SPI_FLASH is not set +# CONFIG_DEBUG_BOOT_STATE is not set +# CONFIG_DEBUG_ADA_CODE is not set +CONFIG_HAVE_EM100_SUPPORT=y +# CONFIG_EM100 is not set +# CONFIG_DEBUG_ACPICA_COMPATIBLE is not set +# end of Debugging + +CONFIG_DECOMPRESS_OFAST=y +CONFIG_WARNINGS_ARE_ERRORS=y +CONFIG_MAX_REBOOT_CNT=3 +CONFIG_RELOCATABLE_MODULES=y +CONFIG_GENERIC_GPIO_LIB=y +CONFIG_HAVE_BOOTBLOCK=y +CONFIG_HAVE_ROMSTAGE=y +CONFIG_HAVE_RAMSTAGE=y diff --git a/config/coreboot-msi_z690a_ddr5.config b/config/coreboot-msi_z690a_ddr5.config new file mode 100644 index 000000000..59cef0344 --- /dev/null +++ b/config/coreboot-msi_z690a_ddr5.config @@ -0,0 +1,861 @@ +# +# Automatically generated file; DO NOT EDIT. +# coreboot configuration +# + +# +# General setup +# +CONFIG_COREBOOT_BUILD=y +CONFIG_LOCALVERSION="" +CONFIG_CBFS_PREFIX="fallback" +CONFIG_COMPILER_GCC=y +# CONFIG_COMPILER_LLVM_CLANG is not set +CONFIG_ARCH_SUPPORTS_CLANG=y +# CONFIG_ANY_TOOLCHAIN is not set +# CONFIG_CCACHE is not set +# CONFIG_IWYU is not set +# CONFIG_FMD_GENPARSER is not set +# CONFIG_UTIL_GENPARSER is not set +CONFIG_OPTION_BACKEND_NONE=y +CONFIG_COMPRESS_RAMSTAGE_LZMA=y +# CONFIG_COMPRESS_RAMSTAGE_LZ4 is not set +CONFIG_INCLUDE_CONFIG_FILE=y +CONFIG_COLLECT_TIMESTAMPS=y +# CONFIG_TIMESTAMPS_ON_CONSOLE is not set +CONFIG_USE_BLOBS=y +# CONFIG_USE_AMD_BLOBS is not set +# CONFIG_USE_QC_BLOBS is not set +# CONFIG_COVERAGE is not set +# CONFIG_UBSAN is not set +CONFIG_HAVE_ASAN_IN_RAMSTAGE=y +# CONFIG_ASAN is not set +# CONFIG_NO_STAGE_CACHE is not set +CONFIG_TSEG_STAGE_CACHE=y +# CONFIG_UPDATE_IMAGE is not set +CONFIG_BOOTSPLASH_IMAGE=y +CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg" +CONFIG_BOOTSPLASH_CONVERT=y +CONFIG_BOOTSPLASH_CONVERT_QUALITY=90 +# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set +# CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set +# CONFIG_FW_CONFIG is not set + +# +# Software Bill Of Materials (SBOM) +# +# CONFIG_SBOM is not set +# end of Software Bill Of Materials (SBOM) +# end of General setup + +# +# Mainboard +# + +# +# Important: Run 'make distclean' before switching boards +# +# CONFIG_VENDOR_51NB is not set +# CONFIG_VENDOR_ACER is not set +# CONFIG_VENDOR_ADLINK is not set +# CONFIG_VENDOR_AMD is not set +# CONFIG_VENDOR_AOPEN is not set +# CONFIG_VENDOR_APPLE is not set +# CONFIG_VENDOR_ASROCK is not set +# CONFIG_VENDOR_ASUS is not set +# CONFIG_VENDOR_BIOSTAR is not set +# CONFIG_VENDOR_BOSTENTECH is not set +# CONFIG_VENDOR_BYTEDANCE is not set +# CONFIG_VENDOR_CAVIUM is not set +# CONFIG_VENDOR_CLEVO is not set +# CONFIG_VENDOR_COMPULAB is not set +# CONFIG_VENDOR_DELL is not set +# CONFIG_VENDOR_EMULATION is not set +# CONFIG_VENDOR_EXAMPLE is not set +# CONFIG_VENDOR_FACEBOOK is not set +# CONFIG_VENDOR_FOXCONN is not set +# CONFIG_VENDOR_GETAC is not set +# CONFIG_VENDOR_GIGABYTE is not set +# CONFIG_VENDOR_GOOGLE is not set +# CONFIG_VENDOR_HP is not set +# CONFIG_VENDOR_IBASE is not set +# CONFIG_VENDOR_IBM is not set +# CONFIG_VENDOR_INTEL is not set +# CONFIG_VENDOR_INVENTEC is not set +# CONFIG_VENDOR_KONTRON is not set +# CONFIG_VENDOR_LENOVO is not set +# CONFIG_VENDOR_LIBRETREND is not set +CONFIG_VENDOR_MSI=y +# CONFIG_VENDOR_NOVACUSTOM is not set +# CONFIG_VENDOR_OCP is not set +# CONFIG_VENDOR_OPENCELLULAR is not set +# CONFIG_VENDOR_PACKARDBELL is not set +# CONFIG_VENDOR_PCENGINES is not set +# CONFIG_VENDOR_PINE64 is not set +# CONFIG_VENDOR_PORTWELL is not set +# CONFIG_VENDOR_PRODRIVE is not set +# CONFIG_VENDOR_PROTECTLI is not set +# CONFIG_VENDOR_PURISM is not set +# CONFIG_VENDOR_RAZER is not set +# CONFIG_VENDOR_RODA is not set +# CONFIG_VENDOR_SAMSUNG is not set +# CONFIG_VENDOR_SAPPHIRE is not set +# CONFIG_VENDOR_SIEMENS is not set +# CONFIG_VENDOR_SIFIVE is not set +# CONFIG_VENDOR_STARLABS is not set +# CONFIG_VENDOR_SUPERMICRO is not set +# CONFIG_VENDOR_SYSTEM76 is not set +# CONFIG_VENDOR_TI is not set +# CONFIG_VENDOR_UP is not set +CONFIG_MAINBOARD_FAMILY="Default string" +CONFIG_MAINBOARD_PART_NUMBER="PRO Z690-A WIFI (MS-7D25)" +CONFIG_MAINBOARD_VERSION="2.0" +CONFIG_MAINBOARD_DIR="msi/ms7d25" +CONFIG_DIMM_MAX=4 +CONFIG_DIMM_SPD_SIZE=512 +CONFIG_FMDFILE="" +# CONFIG_NO_POST is not set +CONFIG_MAINBOARD_VENDOR="Micro-Star International Co., Ltd." +CONFIG_CBFS_SIZE=0x1c00000 +CONFIG_CONSOLE_SERIAL=y +CONFIG_MAX_CPUS=32 +CONFIG_ONBOARD_VGA_IS_PRIMARY=y +CONFIG_POST_DEVICE=y +CONFIG_POST_IO=y +CONFIG_UART_FOR_CONSOLE=0 +CONFIG_DEVICETREE="devicetree.cb" +# CONFIG_VBOOT is not set +CONFIG_OVERRIDE_DEVICETREE="" +# CONFIG_VGA_BIOS is not set +CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Micro-Star International Co., Ltd." +CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/data.vbt" +# CONFIG_DISABLE_HECI1_AT_PRE_BOOT is not set +CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0x4000 +CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0 +CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="PRO Z690-A WIFI (MS-7D25)" +# CONFIG_CONSOLE_POST is not set +# CONFIG_USE_PM_ACPI_TIMER is not set +CONFIG_TPM_PIRQ=0x3f +# CONFIG_SOC_INTEL_CSE_SEND_EOP_EARLY is not set +CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xc0000000 +CONFIG_ECAM_MMCONF_BUS_NUMBER=256 +CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld" +CONFIG_DCACHE_RAM_BASE=0xfef00000 +CONFIG_DCACHE_RAM_SIZE=0xc0000 +CONFIG_C_ENV_BOOTBLOCK_SIZE=0x40000 +CONFIG_DCACHE_BSP_STACK_SIZE=0x80400 +CONFIG_MAX_ACPI_TABLE_SIZE_KB=144 +CONFIG_HAVE_INTEL_FIRMWARE=y +CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000 +CONFIG_DRIVERS_INTEL_WIFI=y +CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/$(MAINBOARDDIR)/descriptor.bin" +CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/$(MAINBOARDDIR)/me.bin" +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x100000 +CONFIG_PCIEXP_DEFAULT_MAX_RESIZABLE_BAR_BITS=37 +CONFIG_VBT_DATA_SIZE_KB=9 +CONFIG_CARDBUS_PLUGIN_SUPPORT=y +CONFIG_SPI_FLASH_DONT_INCLUDE_ALL_DRIVERS=y +CONFIG_USE_LEGACY_8254_TIMER=y +CONFIG_GBB_HWID="MSI_MS7D25" +# CONFIG_DEBUG_SMI is not set +CONFIG_HAVE_IFD_BIN=y +CONFIG_PS2K_EISAID="PNP0303" +CONFIG_PS2M_EISAID="PNP0F13" +# CONFIG_BOARD_MSI_H81M_P33 is not set +# CONFIG_BOARD_MSI_MS7707 is not set +# CONFIG_BOARD_MSI_Z690_A_PRO_WIFI_DDR4 is not set +CONFIG_BOARD_MSI_Z690_A_PRO_WIFI_DDR5=y +# CONFIG_BOARD_MSI_Z790_P_PRO_WIFI_DDR4 is not set +# CONFIG_BOARD_MSI_Z790_P_PRO_WIFI_DDR5 is not set +CONFIG_BOARD_MSI_MS7D25=y +CONFIG_CPU_MICROCODE_CBFS_LOC=0xff800000 +CONFIG_INTEL_FIT_LOC=0xfffc0000 +CONFIG_BOARD_HAS_MSI_ROMHOLE=y +CONFIG_MSI_ROMHOLE_IN_CBFS=y +CONFIG_MSI_ROMHOLE_ADDRESS_IN_CBFS=0xff7c0000 +CONFIG_MSI_ROMHOLE_SIZE_IN_CBFS=0x20000 +CONFIG_TTYS0_BAUD=115200 +CONFIG_POWER_STATE_DEFAULT_ON_AFTER_FAILURE=y +CONFIG_D3COLD_SUPPORT=y +# CONFIG_PCIEXP_ASPM is not set +# CONFIG_PCIEXP_L1_SUB_STATE is not set +# CONFIG_PCIEXP_CLK_PM is not set +CONFIG_DRIVERS_UART_8250IO=y +CONFIG_PC_CMOS_BASE_PORT_BANK1=0x72 +CONFIG_HEAP_SIZE=0x10000 +CONFIG_EC_GPE_SCI=0x50 +CONFIG_TPM_MEASURED_BOOT=y +CONFIG_LINUX_COMMAND_LINE="quiet splash" +CONFIG_BOARD_ROMSIZE_KB_32768=y +# CONFIG_COREBOOT_ROMSIZE_KB_256 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_512 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_1024 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_2048 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_4096 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_5120 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_6144 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_8192 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_10240 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_12288 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_16384 is not set +CONFIG_COREBOOT_ROMSIZE_KB_32768=y +# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set +CONFIG_COREBOOT_ROMSIZE_KB=32768 +CONFIG_ROM_SIZE=0x02000000 +CONFIG_HAVE_POWER_STATE_AFTER_FAILURE=y +CONFIG_HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE=y +CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y +# CONFIG_POWER_STATE_ON_AFTER_FAILURE is not set +# CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set +CONFIG_MAINBOARD_POWER_FAILURE_STATE=0 +# end of Mainboard + +# +# Chipset +# + +# +# SoC +# +CONFIG_CHIPSET_DEVICETREE="soc/intel/alderlake/chipset_pch_s.cb" +CONFIG_FSP_M_FILE="$(obj)/Fsp_M.fd" +CONFIG_FSP_S_FILE="$(obj)/Fsp_S.fd" +CONFIG_CBFS_MCACHE_SIZE=0x4000 +CONFIG_ROMSTAGE_ADDR=0x2000000 +CONFIG_FSP_TEMP_RAM_SIZE=0x20000 +CONFIG_VERSTAGE_ADDR=0x2000000 +CONFIG_SMM_TSEG_SIZE=0x800000 +CONFIG_SMM_RESERVED_SIZE=0x200000 +CONFIG_SMM_MODULE_STACK_SIZE=0x800 +CONFIG_ACPI_BERT_SIZE=0x0 +CONFIG_DRIVERS_I2C_DESIGNWARE_CLOCK_MHZ=133 +CONFIG_VBOOT_HASH_BLOCK_SIZE=0x1000 +CONFIG_ACPI_CPU_STRING="CP%02X" +CONFIG_STACK_SIZE=0x2000 +CONFIG_SOC_INTEL_ALDERLAKE=y +CONFIG_SOC_INTEL_RAPTORLAKE=y +CONFIG_SOC_INTEL_ALDERLAKE_PCH_S=y +CONFIG_ALDERLAKE_CAR_ENHANCED_NEM=y +CONFIG_EXT_BIOS_WIN_BASE=0xf8000000 +CONFIG_EXT_BIOS_WIN_SIZE=0x2000000 +CONFIG_IFD_CHIPSET="adl" +CONFIG_IED_REGION_SIZE=0x400000 +CONFIG_MAX_PCH_ROOT_PORTS=28 +CONFIG_MAX_CPU_ROOT_PORTS=3 +CONFIG_MAX_TBT_ROOT_PORTS=0 +CONFIG_MAX_ROOT_PORTS=28 +CONFIG_MAX_PCIE_CLOCK_SRC=18 +CONFIG_MAX_PCIE_CLOCK_REQ=18 +CONFIG_PCR_BASE_ADDRESS=0xe0000000 +CONFIG_CPU_BCLK_MHZ=100 +CONFIG_SOC_INTEL_PERFORMANCE_CORE_SCALE_FACTOR=127 +CONFIG_SOC_INTEL_EFFICIENT_CORE_SCALE_FACTOR=100 +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_CLOCK_MHZ=120 +CONFIG_CPU_XTAL_HZ=38400000 +CONFIG_SOC_INTEL_UFS_CLK_FREQ_HZ=19200000 +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_MAX=7 +CONFIG_SOC_INTEL_I2C_DEV_MAX=8 +# CONFIG_ENABLE_SATA_TEST_MODE is not set +CONFIG_SOC_INTEL_UART_DEV_MAX=7 +CONFIG_SOC_INTEL_COMMON_LPSS_UART_CLK_M_VAL=0x25a +CONFIG_SOC_INTEL_COMMON_LPSS_UART_CLK_N_VAL=0x7fff +CONFIG_FSP_HEADER_PATH="3rdparty/fsp/RaptorLakeFspBinPkg/Client/RaptorLakeS/Include/" +CONFIG_FSP_FD_PATH="3rdparty/fsp/RaptorLakeFspBinPkg/Client/RaptorLakeS/Fsp.fd" +CONFIG_SOC_INTEL_ALDERLAKE_DEBUG_CONSENT=0 +CONFIG_DATA_BUS_WIDTH=128 +CONFIG_DIMMS_PER_CHANNEL=2 +CONFIG_MRC_CHANNEL_WIDTH=16 +CONFIG_ACPI_ADL_IPU_ES_SUPPORT=y +CONFIG_ALDERLAKE_ENABLE_SOC_WORKAROUND=y +CONFIG_SI_DESC_REGION="SI_DESC" +CONFIG_SI_DESC_REGION_SZ=4096 +# CONFIG_BUILDING_WITH_DEBUG_FSP is not set +CONFIG_INTEL_GMA_BCLV_OFFSET=0xc8258 +CONFIG_INTEL_GMA_BCLV_WIDTH=32 +CONFIG_INTEL_GMA_BCLM_OFFSET=0xc8254 +CONFIG_INTEL_GMA_BCLM_WIDTH=32 +CONFIG_FSP_PUBLISH_MBP_HOB=y +CONFIG_INCLUDE_HSPHY_IN_FMAP=y +CONFIG_HSPHY_FW_FILE="" +CONFIG_HSPHY_FW_MAX_SIZE=0x8000 +CONFIG_MAX_HECI_DEVICES=6 +CONFIG_BOOTBLOCK_IN_CBFS=y +CONFIG_HAVE_PAM0_REGISTER=y +CONFIG_PCIEXP_COMMON_CLOCK=y +CONFIG_CPU_INTEL_NUM_FIT_ENTRIES=4 +CONFIG_SOC_INTEL_GFX_FRAMEBUFFER_OFFSET=0x0 +CONFIG_PCIE_LTR_MAX_SNOOP_LATENCY=0x1003 +CONFIG_PCIE_LTR_MAX_NO_SNOOP_LATENCY=0x1003 +CONFIG_INTEL_TME=y +CONFIG_SOC_INTEL_COMMON_BLOCK_P2SB=y +CONFIG_FIXED_SMBUS_IO_BASE=0xefa0 +CONFIG_CBFS_CACHE_ALIGN=8 +CONFIG_SOC_INTEL_COMMON=y + +# +# Intel SoC Common Code for IP blocks +# +CONFIG_SOC_INTEL_COMMON_BLOCK=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_GPIO=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_LPIT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_PEP=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_PEP_LPM_REQ=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_CPPC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_CPU_HYBRID=y +CONFIG_SOC_INTEL_UFS_OCP_TIMER_DISABLE=y +CONFIG_SOC_INTEL_UFS_LTR_DISQUALIFY=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CHIP_CONFIG=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CNVI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CPU=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CPU_MPINIT=y +CONFIG_USE_FSP_FEATURE_PROGRAM_ON_APS=y +# CONFIG_USE_COREBOOT_MP_INIT is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_CPU_SMMRELOCATE=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CAR=y +CONFIG_INTEL_CAR_NEM_ENHANCED=y +CONFIG_CAR_HAS_SF_MASKS=y +CONFIG_COS_MAPPED_TO_MSB=y +CONFIG_CAR_HAS_L3_PROTECTED_WAYS=y +CONFIG_USE_INTEL_FSP_TO_CALL_COREBOOT_PUBLISH_MP_PPI=y +CONFIG_CPU_SUPPORTS_INTEL_TME=y +# CONFIG_TME_KEY_REGENERATION_ON_WARM_BOOT is not set +CONFIG_CPU_SUPPORTS_PM_TIMER_EMULATION=y +CONFIG_HAVE_HYPERTHREADING=y +CONFIG_FSP_HYPERTHREADING=y +# CONFIG_INTEL_KEYLOCKER is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_CSE=y +CONFIG_SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PMC_IPC=y +CONFIG_SOC_INTEL_CSE_SEND_EOP_LATE=y +CONFIG_SOC_INTEL_CSE_FMAP_NAME="SI_ME" +CONFIG_SOC_INTEL_CSE_RW_A_FMAP_NAME="ME_RW_A" +CONFIG_SOC_INTEL_CSE_RW_B_FMAP_NAME="ME_RW_B" +CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME="me_rw" +CONFIG_SOC_INTEL_CSE_RW_HASH_CBFS_NAME="me_rw.hash" +CONFIG_SOC_INTEL_CSE_RW_VERSION_CBFS_NAME="me_rw.version" +CONFIG_SOC_INTEL_CSE_RW_FILE="" +CONFIG_SOC_INTEL_CSE_RW_VERSION="" +CONFIG_SOC_INTEL_CSE_SET_EOP=y +CONFIG_SOC_INTEL_CSE_IOM_CBFS_NAME="cse_iom" +CONFIG_SOC_INTEL_CSE_IOM_CBFS_FILE="" +CONFIG_SOC_INTEL_CSE_NPHY_CBFS_NAME="cse_nphy" +CONFIG_SOC_INTEL_CSE_NPHY_CBFS_FILE="" +CONFIG_SOC_INTEL_CSE_HAVE_SPEC_SUPPORT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ME_SPEC_16=y +CONFIG_ME_SPEC=16 +CONFIG_SOC_INTEL_COMMON_BLOCK_DSP=y +CONFIG_SOC_INTEL_COMMON_BLOCK_DTT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_FAST_SPI=y +CONFIG_FAST_SPI_DISABLE_WRITE_STATUS=y +CONFIG_FAST_SPI_SUPPORTS_EXT_BIOS_WINDOW=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_ITSS_POL_CFG=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_DUAL_ROUTE_SUPPORT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_LOCK_USING_SBI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPMR=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GRAPHICS=y +# CONFIG_SOC_INTEL_DISABLE_IGD is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_VERSION_2=y +CONFIG_SOC_INTEL_COMMON_BLOCK_HDA=y +CONFIG_SOC_INTEL_COMMON_BLOCK_HDA_VERB=y +CONFIG_SOC_INTEL_COMMON_BLOCK_I2C=y +CONFIG_SOC_INTEL_COMMON_BLOCK_IRQ=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ITSS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_LPC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_LPC_MIRROR_TO_GPMR=y +CONFIG_SOC_INTEL_COMMON_BLOCK_LPSS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_MEMINIT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_OC_WDT=y +# CONFIG_SOC_INTEL_COMMON_OC_WDT_ENABLE is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_BASE_P2SB=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PCIE=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PCIE_RTD3=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PCR=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PMC=y +CONFIG_SOC_INTEL_MEM_MAPPED_PM_CONFIGURATION=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PMC_EPOC=y +CONFIG_PMC_IPC_ACPI_INTERFACE=y +CONFIG_PMC_GLOBAL_RESET_ENABLE_LOCK=y +CONFIG_SOC_INTEL_COMMON_BLOCK_POWER_LIMIT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_RTC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SATA=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SMBUS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_TCO=y +CONFIG_SOC_INTEL_COMMON_BLOCK_TCO_ENABLE_THROUGH_SMBUS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_IO_TRAP=y +# CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_S5_DELAY_MS=0 +CONFIG_SOC_INTEL_COMMON_BLOCK_SPI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SA=y +CONFIG_DOMAIN_RESOURCE_32BIT_LIMIT=0xe0000000 +CONFIG_SOC_INTEL_COMMON_BLOCK_THERMAL=y +CONFIG_SOC_INTEL_COMMON_BLOCK_THERMAL_BEHIND_PMC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_TIMER=y +CONFIG_SOC_INTEL_COMMON_BLOCK_UART=y +CONFIG_SOC_INTEL_COMMON_BLOCK_VTD=y +# CONFIG_ENABLE_EARLY_DMA_PROTECTION is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_XDCI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI_ELOG=y + +# +# Intel SoC Common PCH Code +# +CONFIG_SOC_INTEL_COMMON_PCH_CLIENT=y +CONFIG_SOC_INTEL_COMMON_PCH_BASE=y +CONFIG_SOC_INTEL_COMMON_PCH_LOCKDOWN=y +CONFIG_PCH_SPECIFIC_BASE_OPTIONS=y +CONFIG_PCH_SPECIFIC_DISCRETE_OPTIONS=y +CONFIG_PCH_SPECIFIC_CLIENT_OPTIONS=y + +# +# Intel SoC Common coreboot stages and non-IP blocks +# +CONFIG_SOC_INTEL_COMMON_BASECODE=y +CONFIG_SOC_INTEL_COMMON_BASECODE_RAMTOP=y +CONFIG_SOC_INTEL_COMMON_RESET=y +CONFIG_SOC_INTEL_COMMON_ACPI_WAKE_SOURCE=y +CONFIG_PAVP=y +# CONFIG_SOC_INTEL_DEBUG_CONSENT is not set +CONFIG_HAVE_INTEL_COMPLIANCE_TEST_MODE=y +# CONFIG_SOC_INTEL_COMPLIANCE_TEST_MODE is not set + +# +# CPU +# +CONFIG_CPU_INTEL_FIRMWARE_INTERFACE_TABLE=y +CONFIG_CPU_INTEL_COMMON=y +CONFIG_ENABLE_VMX=y +CONFIG_SET_IA32_FC_LOCK_BIT=y +CONFIG_SET_MSR_AESNI_LOCK_BIT=y +CONFIG_CPU_INTEL_COMMON_VOLTAGE=y +CONFIG_CPU_INTEL_COMMON_SMM=y +CONFIG_PARALLEL_MP=y +CONFIG_PARALLEL_MP_AP_WORK=y +CONFIG_XAPIC_ONLY=y +# CONFIG_X2APIC_ONLY is not set +# CONFIG_X2APIC_RUNTIME is not set +# CONFIG_X2APIC_LATE_WORKAROUND is not set +CONFIG_UDELAY_TSC=y +CONFIG_TSC_MONOTONIC_TIMER=y +CONFIG_X86_CLFLUSH_CAR=y +CONFIG_HAVE_SMI_HANDLER=y +CONFIG_SMM_TSEG=y +CONFIG_SMM_PCI_RESOURCE_STORE_NUM_SLOTS=8 +CONFIG_X86_INIT_NEED_1_SIPI=y +CONFIG_AP_STACK_SIZE=0x800 +CONFIG_SMP=y +CONFIG_SSE=y +CONFIG_SSE2=y +CONFIG_SUPPORT_CPU_UCODE_IN_CBFS=y +CONFIG_USE_CPU_MICROCODE_CBFS_BINS=y +CONFIG_CPU_MICROCODE_CBFS_DEFAULT_BINS=y +# CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_BINS is not set +# CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_HEADER is not set +# CONFIG_CPU_MICROCODE_CBFS_NONE is not set + +# +# Northbridge +# + +# +# Southbridge +# +# CONFIG_PCIEXP_HOTPLUG is not set +CONFIG_INTEL_DESCRIPTOR_MODE_REQUIRED=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y +CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y +# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set +CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000 +CONFIG_RCBA_LENGTH=0x4000 + +# +# Super I/O +# +CONFIG_SUPERIO_NUVOTON_COMMON_PRE_RAM=y +CONFIG_SUPERIO_NUVOTON_NCT6687D=y + +# +# Embedded Controllers +# + +# +# Intel Firmware +# +CONFIG_IFDTOOL_DISABLE_ME=y +CONFIG_HAVE_ME_BIN=y +# CONFIG_STITCH_ME_BIN is not set +# CONFIG_ME_REGION_ALLOW_CPU_READ_ACCESS is not set +CONFIG_HAVE_INTEL_ME_HAP=y +# CONFIG_INTEL_ME_DISABLED_HECI is not set +CONFIG_INTEL_ME_DISABLED_HAP=y +# CONFIG_INTEL_ME_ENABLED is not set +CONFIG_INTEL_ME_DEFAULT_STATE=2 +# CONFIG_DO_NOT_TOUCH_DESCRIPTOR_REGION is not set +# CONFIG_LOCK_MANAGEMENT_ENGINE is not set +CONFIG_UNLOCK_FLASH_REGIONS=y +CONFIG_BIOS_VENDOR="3mdeb" + +# +# Dasharo +# + +# +# Dasharo Configuration +# +CONFIG_DASHARO_PREFER_S3_SLEEP=y +# end of Dasharo Configuration + +CONFIG_UDK_BASE=y +CONFIG_UDK_202005_BINDING=y +CONFIG_UDK_2013_VERSION=2013 +CONFIG_UDK_2017_VERSION=2017 +CONFIG_UDK_202005_VERSION=202005 +CONFIG_UDK_202302_VERSION=202302 +CONFIG_UDK_VERSION=202005 +CONFIG_ARCH_X86=y +CONFIG_ARCH_BOOTBLOCK_X86_32=y +CONFIG_ARCH_VERSTAGE_X86_32=y +CONFIG_ARCH_ROMSTAGE_X86_32=y +CONFIG_ARCH_POSTCAR_X86_32=y +CONFIG_ARCH_RAMSTAGE_X86_32=y +CONFIG_ARCH_ALL_STAGES_X86_32=y +CONFIG_X86_CUSTOM_BOOTMEDIA=y +CONFIG_PC80_SYSTEM=y +CONFIG_POSTCAR_STAGE=y +CONFIG_BOOTBLOCK_SIMPLE=y +# CONFIG_BOOTBLOCK_NORMAL is not set +CONFIG_COLLECT_TIMESTAMPS_TSC=y +CONFIG_IDT_IN_EVERY_STAGE=y +CONFIG_HAVE_CF9_RESET=y +CONFIG_DEBUG_HW_BREAKPOINTS=y +CONFIG_DEBUG_HW_BREAKPOINTS_IN_ALL_STAGES=y +CONFIG_DEBUG_NULL_DEREF_BREAKPOINTS=y +CONFIG_DEBUG_NULL_DEREF_BREAKPOINTS_IN_ALL_STAGES=y +# CONFIG_DUMP_SMBIOS_TYPE17 is not set +# end of Chipset + +# +# Devices +# +CONFIG_HAVE_LINEAR_FRAMEBUFFER=y +CONFIG_HAVE_FSP_GOP=y +# CONFIG_VGA_ROM_RUN is not set +CONFIG_RUN_FSP_GOP=y +# CONFIG_NO_GFX_INIT is not set +CONFIG_NO_EARLY_GFX_INIT=y + +# +# Display +# +CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y +CONFIG_LINEAR_FRAMEBUFFER=y +CONFIG_BOOTSPLASH=y +# end of Display + +CONFIG_PCI=y +CONFIG_ECAM_MMCONF_SUPPORT=y +CONFIG_PCIX_PLUGIN_SUPPORT=y +CONFIG_AZALIA_PLUGIN_SUPPORT=y +CONFIG_AZALIA_LOCK_DOWN_R_WO_GCAP=y +CONFIG_PCIEXP_PLUGIN_SUPPORT=y +CONFIG_ECAM_MMCONF_LENGTH=0x10000000 +CONFIG_PCI_ALLOW_BUS_MASTER=y +CONFIG_PCI_SET_BUS_MASTER_PCI_BRIDGES=y +CONFIG_PCI_ALLOW_BUS_MASTER_ANY_DEVICE=y +CONFIG_PCIEXP_SUPPORT_RESIZABLE_BARS=y +CONFIG_PCIEXP_LANE_ERR_STAT_CLEAR=y +CONFIG_FIRMWARE_CONNECTION_MANAGER=y +# CONFIG_SOFTWARE_CONNECTION_MANAGER is not set +# CONFIG_EARLY_PCI_BRIDGE is not set +CONFIG_SUBSYSTEM_VENDOR_ID=0x0000 +CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 +CONFIG_INTEL_GMA_HAVE_VBT=y +CONFIG_INTEL_GMA_ADD_VBT=y +# CONFIG_SOFTWARE_I2C is not set +CONFIG_I2C_TRANSFER_TIMEOUT_US=500000 +# CONFIG_RESOURCE_ALLOCATION_TOP_DOWN is not set +# end of Devices + +# +# Generic Drivers +# +CONFIG_CRB_TPM=y +CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 +# CONFIG_DRIVERS_EFI_VARIABLE_STORE is not set +# CONFIG_ELOG is not set +CONFIG_CACHE_MRC_SETTINGS=y +CONFIG_MRC_SETTINGS_PROTECT=y +# CONFIG_SMMSTORE is not set +CONFIG_SPI_FLASH=y +CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y +CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y +# CONFIG_SPI_FLASH_NO_FAST_READ is not set +# CONFIG_TPM_INIT_RAMSTAGE is not set +# CONFIG_TPM_PPI is not set +CONFIG_DRIVERS_UART=y +# CONFIG_DRIVERS_UART_OXPCIE is not set +# CONFIG_VPD is not set +# CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set +# CONFIG_DRIVERS_GENERIC_CBFS_UUID is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9750 is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9755 is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9763E is not set +CONFIG_DRIVERS_I2C_DESIGNWARE=y +# CONFIG_DRIVERS_I2C_MAX98396 is not set +CONFIG_FSP_USE_REPO=y +# CONFIG_DISPLAY_HOBS is not set +# CONFIG_DISPLAY_UPD_DATA is not set +CONFIG_PLATFORM_USES_FSP2_0=y +CONFIG_PLATFORM_USES_FSP2_1=y +CONFIG_PLATFORM_USES_FSP2_2=y +CONFIG_PLATFORM_USES_FSP2_3=y +CONFIG_PLATFORM_USES_FSP2_X86_32=y +CONFIG_HAVE_INTEL_FSP_REPO=y +CONFIG_ADD_FSP_BINARIES=y +CONFIG_FSP_T_LOCATION=0xfffe0000 +CONFIG_FSP_S_CBFS="fsps.bin" +CONFIG_FSP_M_CBFS="fspm.bin" +CONFIG_FSP_FULL_FD=y +CONFIG_FSP_T_RESERVED_SIZE=0x0 +CONFIG_FSP_M_XIP=y +CONFIG_FSP_USES_CB_STACK=y +CONFIG_FSP_COMPRESS_FSP_S_LZ4=y +CONFIG_FSP_STATUS_GLOBAL_RESET_REQUIRED_3=y +CONFIG_FSP_STATUS_GLOBAL_RESET=0x40000003 +CONFIG_SOC_INTEL_COMMON_FSP_RESET=y +CONFIG_FSPS_HAS_ARCH_UPD=y +CONFIG_FSP_USES_CB_DEBUG_EVENT_HANDLER=y +# CONFIG_DISPLAY_FSP_TIMESTAMPS is not set +CONFIG_FSP_ENABLE_SERIAL_DEBUG=y +CONFIG_FSP_MULTIPHASE_SI_INIT_RETURN_BROKEN=y +CONFIG_INTEL_GMA_ACPI=y +CONFIG_INTEL_GMA_OPREGION_2_1=y +CONFIG_HAVE_INTEL_PTT=y +# CONFIG_DRIVERS_NXP_UWB_SR1XX is not set +# CONFIG_DRIVERS_PS2_KEYBOARD is not set +CONFIG_DRIVERS_MC146818=y +CONFIG_USE_PC_CMOS_ALTCENTURY=y +CONFIG_PC_CMOS_BASE_PORT_BANK0=0x70 +CONFIG_MEMORY_MAPPED_TPM=y +CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 +# CONFIG_DRIVERS_SIL_3114 is not set +CONFIG_DRIVERS_USB_ACPI=y +CONFIG_DRIVERS_WIFI_GENERIC=y +CONFIG_MP_SERVICES_PPI=y +CONFIG_MP_SERVICES_PPI_V2=y +# end of Generic Drivers + +# +# Security +# + +# +# CBFS verification +# +# CONFIG_CBFS_VERIFICATION is not set +# end of CBFS verification + +# +# Verified Boot (vboot) +# +CONFIG_VBOOT_LIB=y +# end of Verified Boot (vboot) + +# +# Trusted Platform Module +# +# CONFIG_TPM1 is not set +CONFIG_TPM2=y +CONFIG_TPM=y +# CONFIG_DEBUG_TPM is not set +# CONFIG_TPM_RDRESP_NEED_DELAY is not set +# CONFIG_TPM_LOG_CB is not set +CONFIG_TPM_LOG_TPM2=y +# CONFIG_TPM_HASH_SHA1 is not set +CONFIG_TPM_HASH_SHA256=y +# CONFIG_TPM_HASH_SHA384 is not set +# CONFIG_TPM_HASH_SHA512 is not set +CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA="" +CONFIG_TPM_MEASURED_BOOT_INIT_BOOTBLOCK=y +CONFIG_PCR_BOOT_MODE=1 +CONFIG_PCR_HWID=1 +CONFIG_PCR_SRTM=2 +CONFIG_PCR_RUNTIME_DATA=3 +# end of Trusted Platform Module + +# +# Memory initialization +# +CONFIG_PLATFORM_HAS_DRAM_CLEAR=y +# CONFIG_SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT is not set +# end of Memory initialization + +CONFIG_INTEL_TXT_LIB=y +# CONFIG_INTEL_TXT is not set +# CONFIG_STM is not set +# CONFIG_INTEL_CBNT_SUPPORT is not set +CONFIG_BOOTMEDIA_LOCK_NONE=y +# CONFIG_BOOTMEDIA_LOCK_CONTROLLER is not set +# CONFIG_BOOTMEDIA_LOCK_CHIP is not set +# CONFIG_BOOTMEDIA_SMM_BWP is not set +# end of Security + +CONFIG_ACPI_HAVE_PCAT_8259=y +CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES=y +CONFIG_ACPI_SOC_NVS=y +CONFIG_ACPI_CUSTOM_MADT=y +CONFIG_ACPI_COMMON_MADT_IOAPIC=y +CONFIG_HAVE_ACPI_TABLES=y +CONFIG_ACPI_LPIT=y +CONFIG_BOOT_DEVICE_SPI_FLASH=y +CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y +CONFIG_BOOT_DEVICE_SUPPORTS_WRITES=y +CONFIG_RTC=y + +# +# Console +# +CONFIG_BOOTBLOCK_CONSOLE=y +CONFIG_POSTCAR_CONSOLE=y +CONFIG_SQUELCH_EARLY_SMP=y + +# +# I/O mapped, 8250-compatible +# +CONFIG_TTYS0_BASE=0x3f8 + +# +# Serial port base address = 0x3f8 +# +# CONFIG_CONSOLE_SERIAL_921600 is not set +# CONFIG_CONSOLE_SERIAL_460800 is not set +# CONFIG_CONSOLE_SERIAL_230400 is not set +CONFIG_CONSOLE_SERIAL_115200=y +# CONFIG_CONSOLE_SERIAL_57600 is not set +# CONFIG_CONSOLE_SERIAL_38400 is not set +# CONFIG_CONSOLE_SERIAL_19200 is not set +# CONFIG_CONSOLE_SERIAL_9600 is not set +CONFIG_TTYS0_LCS=3 +# CONFIG_SPKMODEM is not set +# CONFIG_CONSOLE_NE2K is not set +CONFIG_CONSOLE_CBMEM=y +# CONFIG_CONSOLE_SPI_FLASH is not set +# CONFIG_CONSOLE_I2C_SMBUS is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_4 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_3 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_2 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y +CONFIG_DEFAULT_CONSOLE_LOGLEVEL=0 +# CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX is not set +# CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set +# CONFIG_CMOS_POST is not set +CONFIG_POST_DEVICE_NONE=y +# CONFIG_POST_DEVICE_LPC is not set +# CONFIG_POST_DEVICE_PCI_PCIE is not set +CONFIG_POST_IO_PORT=0x80 +CONFIG_HWBASE_DEBUG_NULL=y +# end of Console + +CONFIG_ACPI_S1_NOT_SUPPORTED=y +CONFIG_HAVE_ACPI_RESUME=y +CONFIG_RESUME_PATH_SAME_AS_BOOT=y +CONFIG_HAVE_MONOTONIC_TIMER=y +CONFIG_IOAPIC=y + +# +# System tables +# +CONFIG_GENERATE_SMBIOS_TABLES=y +CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" +# end of System tables + +# +# Payload +# +# CONFIG_PAYLOAD_NONE is not set +# CONFIG_PAYLOAD_ELF is not set +# CONFIG_PAYLOAD_BOOTBOOT is not set +# CONFIG_PAYLOAD_FILO is not set +# CONFIG_PAYLOAD_GRUB2 is not set +# CONFIG_PAYLOAD_SEAGRUB is not set +# CONFIG_PAYLOAD_LINUXBOOT is not set +# CONFIG_PAYLOAD_SEABIOS is not set +# CONFIG_PAYLOAD_UBOOT is not set +# CONFIG_PAYLOAD_EDK2 is not set +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage" +CONFIG_PAYLOAD_OPTIONS="" +# CONFIG_PXE is not set +CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz" +CONFIG_COMPRESS_SECONDARY_PAYLOAD=y + +# +# Secondary Payloads +# +# CONFIG_COREINFO_SECONDARY_PAYLOAD is not set +# CONFIG_GRUB2_SECONDARY_PAYLOAD is not set +# CONFIG_MEMTEST_SECONDARY_PAYLOAD is not set +# CONFIG_SEABIOS_SECONDARY_PAYLOAD is not set +# CONFIG_TINT_SECONDARY_PAYLOAD is not set +# CONFIG_COREDOOM_SECONDARY_PAYLOAD is not set +# end of Secondary Payloads +# end of Payload + +# +# Debugging +# + +# +# CPU Debug Settings +# +# CONFIG_DISPLAY_MTRRS is not set + +# +# BLOB Debug Settings +# +# CONFIG_DISPLAY_FSP_CALLS_AND_STATUS is not set +# CONFIG_DISPLAY_FSP_HEADER is not set +# CONFIG_VERIFY_HOBS is not set +CONFIG_DISPLAY_FSP_VERSION_INFO=y +# CONFIG_ENABLE_FSP_ERROR_INFO is not set +CONFIG_HAVE_GPIO_SNAPSHOT_VERIFY_SUPPORT=y +# CONFIG_CHECK_GPIO_CONFIG_CHANGES is not set + +# +# General Debug Settings +# +# CONFIG_GDB_STUB is not set +# CONFIG_FATAL_ASSERTS is not set +CONFIG_HAVE_DEBUG_GPIO=y +# CONFIG_DEBUG_GPIO is not set +# CONFIG_DEBUG_CBFS is not set +CONFIG_HAVE_DEBUG_RAM_SETUP=y +# CONFIG_DEBUG_RAM_SETUP is not set +CONFIG_HAVE_DEBUG_SMBUS=y +# CONFIG_DEBUG_SMBUS is not set +# CONFIG_DEBUG_CONSOLE_INIT is not set +# CONFIG_DEBUG_SPI_FLASH is not set +# CONFIG_DEBUG_BOOT_STATE is not set +# CONFIG_DEBUG_ADA_CODE is not set +CONFIG_HAVE_EM100_SUPPORT=y +# CONFIG_EM100 is not set +# CONFIG_DEBUG_ACPICA_COMPATIBLE is not set +# end of Debugging + +CONFIG_DECOMPRESS_OFAST=y +CONFIG_WARNINGS_ARE_ERRORS=y +CONFIG_MAX_REBOOT_CNT=3 +CONFIG_RELOCATABLE_MODULES=y +CONFIG_GENERIC_GPIO_LIB=y +CONFIG_HAVE_BOOTBLOCK=y +CONFIG_HAVE_ROMSTAGE=y +CONFIG_HAVE_RAMSTAGE=y diff --git a/config/coreboot-msi_z790p_ddr4.config b/config/coreboot-msi_z790p_ddr4.config new file mode 100644 index 000000000..c963e0d0f --- /dev/null +++ b/config/coreboot-msi_z790p_ddr4.config @@ -0,0 +1,862 @@ +# +# Automatically generated file; DO NOT EDIT. +# coreboot configuration +# + +# +# General setup +# +CONFIG_COREBOOT_BUILD=y +CONFIG_LOCALVERSION="" +CONFIG_CBFS_PREFIX="fallback" +CONFIG_COMPILER_GCC=y +# CONFIG_COMPILER_LLVM_CLANG is not set +CONFIG_ARCH_SUPPORTS_CLANG=y +# CONFIG_ANY_TOOLCHAIN is not set +# CONFIG_CCACHE is not set +# CONFIG_IWYU is not set +# CONFIG_FMD_GENPARSER is not set +# CONFIG_UTIL_GENPARSER is not set +CONFIG_OPTION_BACKEND_NONE=y +CONFIG_COMPRESS_RAMSTAGE_LZMA=y +# CONFIG_COMPRESS_RAMSTAGE_LZ4 is not set +CONFIG_INCLUDE_CONFIG_FILE=y +CONFIG_COLLECT_TIMESTAMPS=y +# CONFIG_TIMESTAMPS_ON_CONSOLE is not set +CONFIG_USE_BLOBS=y +# CONFIG_USE_AMD_BLOBS is not set +# CONFIG_USE_QC_BLOBS is not set +# CONFIG_COVERAGE is not set +# CONFIG_UBSAN is not set +CONFIG_HAVE_ASAN_IN_RAMSTAGE=y +# CONFIG_ASAN is not set +# CONFIG_NO_STAGE_CACHE is not set +CONFIG_TSEG_STAGE_CACHE=y +# CONFIG_UPDATE_IMAGE is not set +CONFIG_BOOTSPLASH_IMAGE=y +CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg" +CONFIG_BOOTSPLASH_CONVERT=y +CONFIG_BOOTSPLASH_CONVERT_QUALITY=90 +# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set +# CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set +# CONFIG_FW_CONFIG is not set + +# +# Software Bill Of Materials (SBOM) +# +# CONFIG_SBOM is not set +# end of Software Bill Of Materials (SBOM) +# end of General setup + +# +# Mainboard +# + +# +# Important: Run 'make distclean' before switching boards +# +# CONFIG_VENDOR_51NB is not set +# CONFIG_VENDOR_ACER is not set +# CONFIG_VENDOR_ADLINK is not set +# CONFIG_VENDOR_AMD is not set +# CONFIG_VENDOR_AOPEN is not set +# CONFIG_VENDOR_APPLE is not set +# CONFIG_VENDOR_ASROCK is not set +# CONFIG_VENDOR_ASUS is not set +# CONFIG_VENDOR_BIOSTAR is not set +# CONFIG_VENDOR_BOSTENTECH is not set +# CONFIG_VENDOR_BYTEDANCE is not set +# CONFIG_VENDOR_CAVIUM is not set +# CONFIG_VENDOR_CLEVO is not set +# CONFIG_VENDOR_COMPULAB is not set +# CONFIG_VENDOR_DELL is not set +# CONFIG_VENDOR_EMULATION is not set +# CONFIG_VENDOR_EXAMPLE is not set +# CONFIG_VENDOR_FACEBOOK is not set +# CONFIG_VENDOR_FOXCONN is not set +# CONFIG_VENDOR_GETAC is not set +# CONFIG_VENDOR_GIGABYTE is not set +# CONFIG_VENDOR_GOOGLE is not set +# CONFIG_VENDOR_HP is not set +# CONFIG_VENDOR_IBASE is not set +# CONFIG_VENDOR_IBM is not set +# CONFIG_VENDOR_INTEL is not set +# CONFIG_VENDOR_INVENTEC is not set +# CONFIG_VENDOR_KONTRON is not set +# CONFIG_VENDOR_LENOVO is not set +# CONFIG_VENDOR_LIBRETREND is not set +CONFIG_VENDOR_MSI=y +# CONFIG_VENDOR_NOVACUSTOM is not set +# CONFIG_VENDOR_OCP is not set +# CONFIG_VENDOR_OPENCELLULAR is not set +# CONFIG_VENDOR_PACKARDBELL is not set +# CONFIG_VENDOR_PCENGINES is not set +# CONFIG_VENDOR_PINE64 is not set +# CONFIG_VENDOR_PORTWELL is not set +# CONFIG_VENDOR_PRODRIVE is not set +# CONFIG_VENDOR_PROTECTLI is not set +# CONFIG_VENDOR_PURISM is not set +# CONFIG_VENDOR_RAZER is not set +# CONFIG_VENDOR_RODA is not set +# CONFIG_VENDOR_SAMSUNG is not set +# CONFIG_VENDOR_SAPPHIRE is not set +# CONFIG_VENDOR_SIEMENS is not set +# CONFIG_VENDOR_SIFIVE is not set +# CONFIG_VENDOR_STARLABS is not set +# CONFIG_VENDOR_SUPERMICRO is not set +# CONFIG_VENDOR_SYSTEM76 is not set +# CONFIG_VENDOR_TI is not set +# CONFIG_VENDOR_UP is not set +CONFIG_MAINBOARD_FAMILY="Default string" +CONFIG_MAINBOARD_PART_NUMBER="PRO Z790-P WIFI DDR4 (MS-7E06)" +CONFIG_MAINBOARD_VERSION="1.0" +CONFIG_MAINBOARD_DIR="msi/ms7e06" +CONFIG_DIMM_MAX=4 +CONFIG_DIMM_SPD_SIZE=512 +CONFIG_FMDFILE="" +# CONFIG_NO_POST is not set +CONFIG_MAINBOARD_VENDOR="Micro-Star International Co., Ltd." +CONFIG_CBFS_SIZE=0x1c00000 +CONFIG_CONSOLE_SERIAL=y +CONFIG_MAX_CPUS=32 +CONFIG_ONBOARD_VGA_IS_PRIMARY=y +CONFIG_POST_DEVICE=y +CONFIG_POST_IO=y +CONFIG_UART_FOR_CONSOLE=0 +CONFIG_DEVICETREE="devicetree.cb" +# CONFIG_VBOOT is not set +CONFIG_OVERRIDE_DEVICETREE="" +# CONFIG_VGA_BIOS is not set +CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Micro-Star International Co., Ltd." +CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/data.vbt" +# CONFIG_DISABLE_HECI1_AT_PRE_BOOT is not set +CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0x4000 +CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0 +CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="PRO Z790-P WIFI DDR4 (MS-7E06)" +# CONFIG_CONSOLE_POST is not set +# CONFIG_USE_PM_ACPI_TIMER is not set +CONFIG_TPM_PIRQ=0x3f +# CONFIG_SOC_INTEL_CSE_SEND_EOP_EARLY is not set +CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xc0000000 +CONFIG_ECAM_MMCONF_BUS_NUMBER=256 +CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld" +CONFIG_DCACHE_RAM_BASE=0xfef00000 +CONFIG_DCACHE_RAM_SIZE=0xc0000 +CONFIG_C_ENV_BOOTBLOCK_SIZE=0x40000 +CONFIG_DCACHE_BSP_STACK_SIZE=0x80400 +CONFIG_MAX_ACPI_TABLE_SIZE_KB=144 +CONFIG_HAVE_INTEL_FIRMWARE=y +CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000 +CONFIG_DRIVERS_INTEL_WIFI=y +CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/$(MAINBOARDDIR)/descriptor.bin" +CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/$(MAINBOARDDIR)/me.bin" +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x100000 +CONFIG_PCIEXP_DEFAULT_MAX_RESIZABLE_BAR_BITS=37 +CONFIG_VBT_DATA_SIZE_KB=9 +CONFIG_CARDBUS_PLUGIN_SUPPORT=y +CONFIG_SPI_FLASH_DONT_INCLUDE_ALL_DRIVERS=y +CONFIG_USE_LEGACY_8254_TIMER=y +CONFIG_GBB_HWID="MSI_MS7E06" +# CONFIG_DEBUG_SMI is not set +CONFIG_HAVE_IFD_BIN=y +CONFIG_PS2K_EISAID="PNP0303" +CONFIG_PS2M_EISAID="PNP0F13" +# CONFIG_BOARD_MSI_H81M_P33 is not set +# CONFIG_BOARD_MSI_MS7707 is not set +# CONFIG_BOARD_MSI_Z690_A_PRO_WIFI_DDR4 is not set +# CONFIG_BOARD_MSI_Z690_A_PRO_WIFI_DDR5 is not set +CONFIG_BOARD_MSI_Z790_P_PRO_WIFI_DDR4=y +# CONFIG_BOARD_MSI_Z790_P_PRO_WIFI_DDR5 is not set +CONFIG_CPU_MICROCODE_CBFS_LOC=0xff800000 +CONFIG_INTEL_FIT_LOC=0xfffc0000 +CONFIG_BOARD_MSI_MS7E06=y +CONFIG_BOARD_HAS_MSI_ROMHOLE=y +CONFIG_MSI_ROMHOLE_IN_CBFS=y +CONFIG_MSI_ROMHOLE_ADDRESS_IN_CBFS=0xff7c0000 +CONFIG_MSI_ROMHOLE_SIZE_IN_CBFS=0x20000 +CONFIG_TTYS0_BAUD=115200 +CONFIG_POWER_STATE_DEFAULT_ON_AFTER_FAILURE=y +CONFIG_D3COLD_SUPPORT=y +# CONFIG_PCIEXP_ASPM is not set +# CONFIG_PCIEXP_L1_SUB_STATE is not set +# CONFIG_PCIEXP_CLK_PM is not set +CONFIG_DRIVERS_UART_8250IO=y +CONFIG_PC_CMOS_BASE_PORT_BANK1=0x72 +CONFIG_HEAP_SIZE=0x10000 +CONFIG_EC_GPE_SCI=0x50 +CONFIG_TPM_MEASURED_BOOT=y +CONFIG_LINUX_COMMAND_LINE="quiet splash" +CONFIG_BOARD_ROMSIZE_KB_32768=y +# CONFIG_COREBOOT_ROMSIZE_KB_256 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_512 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_1024 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_2048 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_4096 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_5120 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_6144 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_8192 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_10240 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_12288 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_16384 is not set +CONFIG_COREBOOT_ROMSIZE_KB_32768=y +# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set +CONFIG_COREBOOT_ROMSIZE_KB=32768 +CONFIG_ROM_SIZE=0x02000000 +CONFIG_HAVE_POWER_STATE_AFTER_FAILURE=y +CONFIG_HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE=y +CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y +# CONFIG_POWER_STATE_ON_AFTER_FAILURE is not set +# CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set +CONFIG_MAINBOARD_POWER_FAILURE_STATE=0 +# end of Mainboard + +# +# Chipset +# + +# +# SoC +# +CONFIG_CHIPSET_DEVICETREE="soc/intel/alderlake/chipset_pch_s.cb" +CONFIG_FSP_M_FILE="$(obj)/Fsp_M.fd" +CONFIG_FSP_S_FILE="$(obj)/Fsp_S.fd" +CONFIG_CBFS_MCACHE_SIZE=0x4000 +CONFIG_ROMSTAGE_ADDR=0x2000000 +CONFIG_FSP_TEMP_RAM_SIZE=0x20000 +CONFIG_VERSTAGE_ADDR=0x2000000 +CONFIG_SMM_TSEG_SIZE=0x800000 +CONFIG_SMM_RESERVED_SIZE=0x200000 +CONFIG_SMM_MODULE_STACK_SIZE=0x800 +CONFIG_ACPI_BERT_SIZE=0x0 +CONFIG_DRIVERS_I2C_DESIGNWARE_CLOCK_MHZ=133 +CONFIG_VBOOT_HASH_BLOCK_SIZE=0x1000 +CONFIG_ACPI_CPU_STRING="CP%02X" +CONFIG_STACK_SIZE=0x2000 +CONFIG_SOC_INTEL_ALDERLAKE=y +CONFIG_SOC_INTEL_RAPTORLAKE=y +CONFIG_SOC_INTEL_ALDERLAKE_PCH_S=y +CONFIG_SOC_INTEL_RAPTORLAKE_PCH_S=y +CONFIG_ALDERLAKE_CAR_ENHANCED_NEM=y +CONFIG_EXT_BIOS_WIN_BASE=0xf8000000 +CONFIG_EXT_BIOS_WIN_SIZE=0x2000000 +CONFIG_IFD_CHIPSET="adl" +CONFIG_IED_REGION_SIZE=0x400000 +CONFIG_MAX_PCH_ROOT_PORTS=28 +CONFIG_MAX_CPU_ROOT_PORTS=3 +CONFIG_MAX_TBT_ROOT_PORTS=0 +CONFIG_MAX_ROOT_PORTS=28 +CONFIG_MAX_PCIE_CLOCK_SRC=18 +CONFIG_MAX_PCIE_CLOCK_REQ=18 +CONFIG_PCR_BASE_ADDRESS=0xe0000000 +CONFIG_CPU_BCLK_MHZ=100 +CONFIG_SOC_INTEL_PERFORMANCE_CORE_SCALE_FACTOR=127 +CONFIG_SOC_INTEL_EFFICIENT_CORE_SCALE_FACTOR=100 +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_CLOCK_MHZ=120 +CONFIG_CPU_XTAL_HZ=38400000 +CONFIG_SOC_INTEL_UFS_CLK_FREQ_HZ=19200000 +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_MAX=7 +CONFIG_SOC_INTEL_I2C_DEV_MAX=8 +# CONFIG_ENABLE_SATA_TEST_MODE is not set +CONFIG_SOC_INTEL_UART_DEV_MAX=7 +CONFIG_SOC_INTEL_COMMON_LPSS_UART_CLK_M_VAL=0x25a +CONFIG_SOC_INTEL_COMMON_LPSS_UART_CLK_N_VAL=0x7fff +CONFIG_FSP_HEADER_PATH="3rdparty/fsp/RaptorLakeFspBinPkg/Client/RaptorLakeS/Include/" +CONFIG_FSP_FD_PATH="3rdparty/fsp/RaptorLakeFspBinPkg/Client/RaptorLakeS/Fsp.fd" +CONFIG_SOC_INTEL_ALDERLAKE_DEBUG_CONSENT=0 +CONFIG_DATA_BUS_WIDTH=128 +CONFIG_DIMMS_PER_CHANNEL=2 +CONFIG_MRC_CHANNEL_WIDTH=16 +CONFIG_ACPI_ADL_IPU_ES_SUPPORT=y +CONFIG_ALDERLAKE_ENABLE_SOC_WORKAROUND=y +CONFIG_SI_DESC_REGION="SI_DESC" +CONFIG_SI_DESC_REGION_SZ=4096 +# CONFIG_BUILDING_WITH_DEBUG_FSP is not set +CONFIG_INTEL_GMA_BCLV_OFFSET=0xc8258 +CONFIG_INTEL_GMA_BCLV_WIDTH=32 +CONFIG_INTEL_GMA_BCLM_OFFSET=0xc8254 +CONFIG_INTEL_GMA_BCLM_WIDTH=32 +CONFIG_FSP_PUBLISH_MBP_HOB=y +CONFIG_INCLUDE_HSPHY_IN_FMAP=y +CONFIG_HSPHY_FW_FILE="" +CONFIG_HSPHY_FW_MAX_SIZE=0x8000 +CONFIG_MAX_HECI_DEVICES=6 +CONFIG_BOOTBLOCK_IN_CBFS=y +CONFIG_HAVE_PAM0_REGISTER=y +CONFIG_PCIEXP_COMMON_CLOCK=y +CONFIG_CPU_INTEL_NUM_FIT_ENTRIES=4 +CONFIG_SOC_INTEL_GFX_FRAMEBUFFER_OFFSET=0x0 +CONFIG_PCIE_LTR_MAX_SNOOP_LATENCY=0x1003 +CONFIG_PCIE_LTR_MAX_NO_SNOOP_LATENCY=0x1003 +CONFIG_INTEL_TME=y +CONFIG_SOC_INTEL_COMMON_BLOCK_P2SB=y +CONFIG_FIXED_SMBUS_IO_BASE=0xefa0 +CONFIG_CBFS_CACHE_ALIGN=8 +CONFIG_SOC_INTEL_COMMON=y + +# +# Intel SoC Common Code for IP blocks +# +CONFIG_SOC_INTEL_COMMON_BLOCK=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_GPIO=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_LPIT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_PEP=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_PEP_LPM_REQ=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_CPPC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_CPU_HYBRID=y +CONFIG_SOC_INTEL_UFS_OCP_TIMER_DISABLE=y +CONFIG_SOC_INTEL_UFS_LTR_DISQUALIFY=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CHIP_CONFIG=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CNVI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CPU=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CPU_MPINIT=y +CONFIG_USE_FSP_FEATURE_PROGRAM_ON_APS=y +# CONFIG_USE_COREBOOT_MP_INIT is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_CPU_SMMRELOCATE=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CAR=y +CONFIG_INTEL_CAR_NEM_ENHANCED=y +CONFIG_CAR_HAS_SF_MASKS=y +CONFIG_COS_MAPPED_TO_MSB=y +CONFIG_CAR_HAS_L3_PROTECTED_WAYS=y +CONFIG_USE_INTEL_FSP_TO_CALL_COREBOOT_PUBLISH_MP_PPI=y +CONFIG_CPU_SUPPORTS_INTEL_TME=y +# CONFIG_TME_KEY_REGENERATION_ON_WARM_BOOT is not set +CONFIG_CPU_SUPPORTS_PM_TIMER_EMULATION=y +CONFIG_HAVE_HYPERTHREADING=y +CONFIG_FSP_HYPERTHREADING=y +# CONFIG_INTEL_KEYLOCKER is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_CSE=y +CONFIG_SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PMC_IPC=y +CONFIG_SOC_INTEL_CSE_SEND_EOP_LATE=y +CONFIG_SOC_INTEL_CSE_FMAP_NAME="SI_ME" +CONFIG_SOC_INTEL_CSE_RW_A_FMAP_NAME="ME_RW_A" +CONFIG_SOC_INTEL_CSE_RW_B_FMAP_NAME="ME_RW_B" +CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME="me_rw" +CONFIG_SOC_INTEL_CSE_RW_HASH_CBFS_NAME="me_rw.hash" +CONFIG_SOC_INTEL_CSE_RW_VERSION_CBFS_NAME="me_rw.version" +CONFIG_SOC_INTEL_CSE_RW_FILE="" +CONFIG_SOC_INTEL_CSE_RW_VERSION="" +CONFIG_SOC_INTEL_CSE_SET_EOP=y +CONFIG_SOC_INTEL_CSE_IOM_CBFS_NAME="cse_iom" +CONFIG_SOC_INTEL_CSE_IOM_CBFS_FILE="" +CONFIG_SOC_INTEL_CSE_NPHY_CBFS_NAME="cse_nphy" +CONFIG_SOC_INTEL_CSE_NPHY_CBFS_FILE="" +CONFIG_SOC_INTEL_CSE_HAVE_SPEC_SUPPORT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ME_SPEC_16=y +CONFIG_ME_SPEC=16 +CONFIG_SOC_INTEL_COMMON_BLOCK_DSP=y +CONFIG_SOC_INTEL_COMMON_BLOCK_DTT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_FAST_SPI=y +CONFIG_FAST_SPI_DISABLE_WRITE_STATUS=y +CONFIG_FAST_SPI_SUPPORTS_EXT_BIOS_WINDOW=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_ITSS_POL_CFG=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_DUAL_ROUTE_SUPPORT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_LOCK_USING_SBI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPMR=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GRAPHICS=y +# CONFIG_SOC_INTEL_DISABLE_IGD is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_VERSION_2=y +CONFIG_SOC_INTEL_COMMON_BLOCK_HDA=y +CONFIG_SOC_INTEL_COMMON_BLOCK_HDA_VERB=y +CONFIG_SOC_INTEL_COMMON_BLOCK_I2C=y +CONFIG_SOC_INTEL_COMMON_BLOCK_IRQ=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ITSS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_LPC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_LPC_MIRROR_TO_GPMR=y +CONFIG_SOC_INTEL_COMMON_BLOCK_LPSS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_MEMINIT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_OC_WDT=y +# CONFIG_SOC_INTEL_COMMON_OC_WDT_ENABLE is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_BASE_P2SB=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PCIE=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PCIE_RTD3=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PCR=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PMC=y +CONFIG_SOC_INTEL_MEM_MAPPED_PM_CONFIGURATION=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PMC_EPOC=y +CONFIG_PMC_IPC_ACPI_INTERFACE=y +CONFIG_PMC_GLOBAL_RESET_ENABLE_LOCK=y +CONFIG_SOC_INTEL_COMMON_BLOCK_POWER_LIMIT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_RTC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SATA=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SMBUS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_TCO=y +CONFIG_SOC_INTEL_COMMON_BLOCK_TCO_ENABLE_THROUGH_SMBUS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_IO_TRAP=y +# CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_S5_DELAY_MS=0 +CONFIG_SOC_INTEL_COMMON_BLOCK_SPI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SA=y +CONFIG_DOMAIN_RESOURCE_32BIT_LIMIT=0xe0000000 +CONFIG_SOC_INTEL_COMMON_BLOCK_THERMAL=y +CONFIG_SOC_INTEL_COMMON_BLOCK_THERMAL_BEHIND_PMC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_TIMER=y +CONFIG_SOC_INTEL_COMMON_BLOCK_UART=y +CONFIG_SOC_INTEL_COMMON_BLOCK_VTD=y +# CONFIG_ENABLE_EARLY_DMA_PROTECTION is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_XDCI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI_ELOG=y + +# +# Intel SoC Common PCH Code +# +CONFIG_SOC_INTEL_COMMON_PCH_CLIENT=y +CONFIG_SOC_INTEL_COMMON_PCH_BASE=y +CONFIG_SOC_INTEL_COMMON_PCH_LOCKDOWN=y +CONFIG_PCH_SPECIFIC_BASE_OPTIONS=y +CONFIG_PCH_SPECIFIC_DISCRETE_OPTIONS=y +CONFIG_PCH_SPECIFIC_CLIENT_OPTIONS=y + +# +# Intel SoC Common coreboot stages and non-IP blocks +# +CONFIG_SOC_INTEL_COMMON_BASECODE=y +CONFIG_SOC_INTEL_COMMON_BASECODE_RAMTOP=y +CONFIG_SOC_INTEL_COMMON_RESET=y +CONFIG_SOC_INTEL_COMMON_ACPI_WAKE_SOURCE=y +CONFIG_PAVP=y +# CONFIG_SOC_INTEL_DEBUG_CONSENT is not set +CONFIG_HAVE_INTEL_COMPLIANCE_TEST_MODE=y +# CONFIG_SOC_INTEL_COMPLIANCE_TEST_MODE is not set + +# +# CPU +# +CONFIG_CPU_INTEL_FIRMWARE_INTERFACE_TABLE=y +CONFIG_CPU_INTEL_COMMON=y +CONFIG_ENABLE_VMX=y +CONFIG_SET_IA32_FC_LOCK_BIT=y +CONFIG_SET_MSR_AESNI_LOCK_BIT=y +CONFIG_CPU_INTEL_COMMON_VOLTAGE=y +CONFIG_CPU_INTEL_COMMON_SMM=y +CONFIG_PARALLEL_MP=y +CONFIG_PARALLEL_MP_AP_WORK=y +CONFIG_XAPIC_ONLY=y +# CONFIG_X2APIC_ONLY is not set +# CONFIG_X2APIC_RUNTIME is not set +# CONFIG_X2APIC_LATE_WORKAROUND is not set +CONFIG_UDELAY_TSC=y +CONFIG_TSC_MONOTONIC_TIMER=y +CONFIG_X86_CLFLUSH_CAR=y +CONFIG_HAVE_SMI_HANDLER=y +CONFIG_SMM_TSEG=y +CONFIG_SMM_PCI_RESOURCE_STORE_NUM_SLOTS=8 +CONFIG_X86_INIT_NEED_1_SIPI=y +CONFIG_AP_STACK_SIZE=0x800 +CONFIG_SMP=y +CONFIG_SSE=y +CONFIG_SSE2=y +CONFIG_SUPPORT_CPU_UCODE_IN_CBFS=y +CONFIG_USE_CPU_MICROCODE_CBFS_BINS=y +CONFIG_CPU_MICROCODE_CBFS_DEFAULT_BINS=y +# CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_BINS is not set +# CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_HEADER is not set +# CONFIG_CPU_MICROCODE_CBFS_NONE is not set + +# +# Northbridge +# + +# +# Southbridge +# +# CONFIG_PCIEXP_HOTPLUG is not set +CONFIG_INTEL_DESCRIPTOR_MODE_REQUIRED=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y +CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y +# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set +CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000 +CONFIG_RCBA_LENGTH=0x4000 + +# +# Super I/O +# +CONFIG_SUPERIO_NUVOTON_COMMON_PRE_RAM=y +CONFIG_SUPERIO_NUVOTON_NCT6687D=y + +# +# Embedded Controllers +# + +# +# Intel Firmware +# +CONFIG_IFDTOOL_DISABLE_ME=y +CONFIG_HAVE_ME_BIN=y +# CONFIG_STITCH_ME_BIN is not set +# CONFIG_ME_REGION_ALLOW_CPU_READ_ACCESS is not set +CONFIG_HAVE_INTEL_ME_HAP=y +# CONFIG_INTEL_ME_DISABLED_HECI is not set +CONFIG_INTEL_ME_DISABLED_HAP=y +# CONFIG_INTEL_ME_ENABLED is not set +CONFIG_INTEL_ME_DEFAULT_STATE=2 +# CONFIG_DO_NOT_TOUCH_DESCRIPTOR_REGION is not set +# CONFIG_LOCK_MANAGEMENT_ENGINE is not set +CONFIG_UNLOCK_FLASH_REGIONS=y +CONFIG_BIOS_VENDOR="3mdeb" + +# +# Dasharo +# + +# +# Dasharo Configuration +# +CONFIG_DASHARO_PREFER_S3_SLEEP=y +# end of Dasharo Configuration + +CONFIG_UDK_BASE=y +CONFIG_UDK_202005_BINDING=y +CONFIG_UDK_2013_VERSION=2013 +CONFIG_UDK_2017_VERSION=2017 +CONFIG_UDK_202005_VERSION=202005 +CONFIG_UDK_202302_VERSION=202302 +CONFIG_UDK_VERSION=202005 +CONFIG_ARCH_X86=y +CONFIG_ARCH_BOOTBLOCK_X86_32=y +CONFIG_ARCH_VERSTAGE_X86_32=y +CONFIG_ARCH_ROMSTAGE_X86_32=y +CONFIG_ARCH_POSTCAR_X86_32=y +CONFIG_ARCH_RAMSTAGE_X86_32=y +CONFIG_ARCH_ALL_STAGES_X86_32=y +CONFIG_X86_CUSTOM_BOOTMEDIA=y +CONFIG_PC80_SYSTEM=y +CONFIG_POSTCAR_STAGE=y +CONFIG_BOOTBLOCK_SIMPLE=y +# CONFIG_BOOTBLOCK_NORMAL is not set +CONFIG_COLLECT_TIMESTAMPS_TSC=y +CONFIG_IDT_IN_EVERY_STAGE=y +CONFIG_HAVE_CF9_RESET=y +CONFIG_DEBUG_HW_BREAKPOINTS=y +CONFIG_DEBUG_HW_BREAKPOINTS_IN_ALL_STAGES=y +CONFIG_DEBUG_NULL_DEREF_BREAKPOINTS=y +CONFIG_DEBUG_NULL_DEREF_BREAKPOINTS_IN_ALL_STAGES=y +# CONFIG_DUMP_SMBIOS_TYPE17 is not set +# end of Chipset + +# +# Devices +# +CONFIG_HAVE_LINEAR_FRAMEBUFFER=y +CONFIG_HAVE_FSP_GOP=y +# CONFIG_VGA_ROM_RUN is not set +CONFIG_RUN_FSP_GOP=y +# CONFIG_NO_GFX_INIT is not set +CONFIG_NO_EARLY_GFX_INIT=y + +# +# Display +# +CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y +CONFIG_LINEAR_FRAMEBUFFER=y +CONFIG_BOOTSPLASH=y +# end of Display + +CONFIG_PCI=y +CONFIG_ECAM_MMCONF_SUPPORT=y +CONFIG_PCIX_PLUGIN_SUPPORT=y +CONFIG_AZALIA_PLUGIN_SUPPORT=y +CONFIG_AZALIA_LOCK_DOWN_R_WO_GCAP=y +CONFIG_PCIEXP_PLUGIN_SUPPORT=y +CONFIG_ECAM_MMCONF_LENGTH=0x10000000 +CONFIG_PCI_ALLOW_BUS_MASTER=y +CONFIG_PCI_SET_BUS_MASTER_PCI_BRIDGES=y +CONFIG_PCI_ALLOW_BUS_MASTER_ANY_DEVICE=y +CONFIG_PCIEXP_SUPPORT_RESIZABLE_BARS=y +CONFIG_PCIEXP_LANE_ERR_STAT_CLEAR=y +CONFIG_FIRMWARE_CONNECTION_MANAGER=y +# CONFIG_SOFTWARE_CONNECTION_MANAGER is not set +# CONFIG_EARLY_PCI_BRIDGE is not set +CONFIG_SUBSYSTEM_VENDOR_ID=0x0000 +CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 +CONFIG_INTEL_GMA_HAVE_VBT=y +CONFIG_INTEL_GMA_ADD_VBT=y +# CONFIG_SOFTWARE_I2C is not set +CONFIG_I2C_TRANSFER_TIMEOUT_US=500000 +# CONFIG_RESOURCE_ALLOCATION_TOP_DOWN is not set +# end of Devices + +# +# Generic Drivers +# +CONFIG_CRB_TPM=y +CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 +# CONFIG_DRIVERS_EFI_VARIABLE_STORE is not set +# CONFIG_ELOG is not set +CONFIG_CACHE_MRC_SETTINGS=y +CONFIG_MRC_SETTINGS_PROTECT=y +# CONFIG_SMMSTORE is not set +CONFIG_SPI_FLASH=y +CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y +CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y +# CONFIG_SPI_FLASH_NO_FAST_READ is not set +# CONFIG_TPM_INIT_RAMSTAGE is not set +# CONFIG_TPM_PPI is not set +CONFIG_DRIVERS_UART=y +# CONFIG_DRIVERS_UART_OXPCIE is not set +# CONFIG_VPD is not set +# CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set +# CONFIG_DRIVERS_GENERIC_CBFS_UUID is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9750 is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9755 is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9763E is not set +CONFIG_DRIVERS_I2C_DESIGNWARE=y +# CONFIG_DRIVERS_I2C_MAX98396 is not set +CONFIG_FSP_USE_REPO=y +# CONFIG_DISPLAY_HOBS is not set +# CONFIG_DISPLAY_UPD_DATA is not set +CONFIG_PLATFORM_USES_FSP2_0=y +CONFIG_PLATFORM_USES_FSP2_1=y +CONFIG_PLATFORM_USES_FSP2_2=y +CONFIG_PLATFORM_USES_FSP2_3=y +CONFIG_PLATFORM_USES_FSP2_X86_32=y +CONFIG_HAVE_INTEL_FSP_REPO=y +CONFIG_ADD_FSP_BINARIES=y +CONFIG_FSP_T_LOCATION=0xfffe0000 +CONFIG_FSP_S_CBFS="fsps.bin" +CONFIG_FSP_M_CBFS="fspm.bin" +CONFIG_FSP_FULL_FD=y +CONFIG_FSP_T_RESERVED_SIZE=0x0 +CONFIG_FSP_M_XIP=y +CONFIG_FSP_USES_CB_STACK=y +CONFIG_FSP_COMPRESS_FSP_S_LZ4=y +CONFIG_FSP_STATUS_GLOBAL_RESET_REQUIRED_3=y +CONFIG_FSP_STATUS_GLOBAL_RESET=0x40000003 +CONFIG_SOC_INTEL_COMMON_FSP_RESET=y +CONFIG_FSPS_HAS_ARCH_UPD=y +CONFIG_FSP_USES_CB_DEBUG_EVENT_HANDLER=y +# CONFIG_DISPLAY_FSP_TIMESTAMPS is not set +CONFIG_FSP_ENABLE_SERIAL_DEBUG=y +CONFIG_FSP_MULTIPHASE_SI_INIT_RETURN_BROKEN=y +CONFIG_INTEL_GMA_ACPI=y +CONFIG_INTEL_GMA_OPREGION_2_1=y +CONFIG_HAVE_INTEL_PTT=y +# CONFIG_DRIVERS_NXP_UWB_SR1XX is not set +# CONFIG_DRIVERS_PS2_KEYBOARD is not set +CONFIG_DRIVERS_MC146818=y +CONFIG_USE_PC_CMOS_ALTCENTURY=y +CONFIG_PC_CMOS_BASE_PORT_BANK0=0x70 +CONFIG_MEMORY_MAPPED_TPM=y +CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 +# CONFIG_DRIVERS_SIL_3114 is not set +CONFIG_DRIVERS_USB_ACPI=y +CONFIG_DRIVERS_WIFI_GENERIC=y +CONFIG_MP_SERVICES_PPI=y +CONFIG_MP_SERVICES_PPI_V2=y +# end of Generic Drivers + +# +# Security +# + +# +# CBFS verification +# +# CONFIG_CBFS_VERIFICATION is not set +# end of CBFS verification + +# +# Verified Boot (vboot) +# +CONFIG_VBOOT_LIB=y +# end of Verified Boot (vboot) + +# +# Trusted Platform Module +# +# CONFIG_TPM1 is not set +CONFIG_TPM2=y +CONFIG_TPM=y +# CONFIG_DEBUG_TPM is not set +# CONFIG_TPM_RDRESP_NEED_DELAY is not set +# CONFIG_TPM_LOG_CB is not set +CONFIG_TPM_LOG_TPM2=y +# CONFIG_TPM_HASH_SHA1 is not set +CONFIG_TPM_HASH_SHA256=y +# CONFIG_TPM_HASH_SHA384 is not set +# CONFIG_TPM_HASH_SHA512 is not set +CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA="" +CONFIG_TPM_MEASURED_BOOT_INIT_BOOTBLOCK=y +CONFIG_PCR_BOOT_MODE=1 +CONFIG_PCR_HWID=1 +CONFIG_PCR_SRTM=2 +CONFIG_PCR_RUNTIME_DATA=3 +# end of Trusted Platform Module + +# +# Memory initialization +# +CONFIG_PLATFORM_HAS_DRAM_CLEAR=y +# CONFIG_SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT is not set +# end of Memory initialization + +CONFIG_INTEL_TXT_LIB=y +# CONFIG_INTEL_TXT is not set +# CONFIG_STM is not set +# CONFIG_INTEL_CBNT_SUPPORT is not set +CONFIG_BOOTMEDIA_LOCK_NONE=y +# CONFIG_BOOTMEDIA_LOCK_CONTROLLER is not set +# CONFIG_BOOTMEDIA_LOCK_CHIP is not set +# CONFIG_BOOTMEDIA_SMM_BWP is not set +# end of Security + +CONFIG_ACPI_HAVE_PCAT_8259=y +CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES=y +CONFIG_ACPI_SOC_NVS=y +CONFIG_ACPI_CUSTOM_MADT=y +CONFIG_ACPI_COMMON_MADT_IOAPIC=y +CONFIG_HAVE_ACPI_TABLES=y +CONFIG_ACPI_LPIT=y +CONFIG_BOOT_DEVICE_SPI_FLASH=y +CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y +CONFIG_BOOT_DEVICE_SUPPORTS_WRITES=y +CONFIG_RTC=y + +# +# Console +# +CONFIG_BOOTBLOCK_CONSOLE=y +CONFIG_POSTCAR_CONSOLE=y +CONFIG_SQUELCH_EARLY_SMP=y + +# +# I/O mapped, 8250-compatible +# +CONFIG_TTYS0_BASE=0x3f8 + +# +# Serial port base address = 0x3f8 +# +# CONFIG_CONSOLE_SERIAL_921600 is not set +# CONFIG_CONSOLE_SERIAL_460800 is not set +# CONFIG_CONSOLE_SERIAL_230400 is not set +CONFIG_CONSOLE_SERIAL_115200=y +# CONFIG_CONSOLE_SERIAL_57600 is not set +# CONFIG_CONSOLE_SERIAL_38400 is not set +# CONFIG_CONSOLE_SERIAL_19200 is not set +# CONFIG_CONSOLE_SERIAL_9600 is not set +CONFIG_TTYS0_LCS=3 +# CONFIG_SPKMODEM is not set +# CONFIG_CONSOLE_NE2K is not set +CONFIG_CONSOLE_CBMEM=y +# CONFIG_CONSOLE_SPI_FLASH is not set +# CONFIG_CONSOLE_I2C_SMBUS is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_4 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_3 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_2 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y +CONFIG_DEFAULT_CONSOLE_LOGLEVEL=0 +# CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX is not set +# CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set +# CONFIG_CMOS_POST is not set +CONFIG_POST_DEVICE_NONE=y +# CONFIG_POST_DEVICE_LPC is not set +# CONFIG_POST_DEVICE_PCI_PCIE is not set +CONFIG_POST_IO_PORT=0x80 +CONFIG_HWBASE_DEBUG_NULL=y +# end of Console + +CONFIG_ACPI_S1_NOT_SUPPORTED=y +CONFIG_HAVE_ACPI_RESUME=y +CONFIG_RESUME_PATH_SAME_AS_BOOT=y +CONFIG_HAVE_MONOTONIC_TIMER=y +CONFIG_IOAPIC=y + +# +# System tables +# +CONFIG_GENERATE_SMBIOS_TABLES=y +CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" +# end of System tables + +# +# Payload +# +# CONFIG_PAYLOAD_NONE is not set +# CONFIG_PAYLOAD_ELF is not set +# CONFIG_PAYLOAD_BOOTBOOT is not set +# CONFIG_PAYLOAD_FILO is not set +# CONFIG_PAYLOAD_GRUB2 is not set +# CONFIG_PAYLOAD_SEAGRUB is not set +# CONFIG_PAYLOAD_LINUXBOOT is not set +# CONFIG_PAYLOAD_SEABIOS is not set +# CONFIG_PAYLOAD_UBOOT is not set +# CONFIG_PAYLOAD_EDK2 is not set +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage" +CONFIG_PAYLOAD_OPTIONS="" +# CONFIG_PXE is not set +CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz" +CONFIG_COMPRESS_SECONDARY_PAYLOAD=y + +# +# Secondary Payloads +# +# CONFIG_COREINFO_SECONDARY_PAYLOAD is not set +# CONFIG_GRUB2_SECONDARY_PAYLOAD is not set +# CONFIG_MEMTEST_SECONDARY_PAYLOAD is not set +# CONFIG_SEABIOS_SECONDARY_PAYLOAD is not set +# CONFIG_TINT_SECONDARY_PAYLOAD is not set +# CONFIG_COREDOOM_SECONDARY_PAYLOAD is not set +# end of Secondary Payloads +# end of Payload + +# +# Debugging +# + +# +# CPU Debug Settings +# +# CONFIG_DISPLAY_MTRRS is not set + +# +# BLOB Debug Settings +# +# CONFIG_DISPLAY_FSP_CALLS_AND_STATUS is not set +# CONFIG_DISPLAY_FSP_HEADER is not set +# CONFIG_VERIFY_HOBS is not set +CONFIG_DISPLAY_FSP_VERSION_INFO=y +# CONFIG_ENABLE_FSP_ERROR_INFO is not set +CONFIG_HAVE_GPIO_SNAPSHOT_VERIFY_SUPPORT=y +# CONFIG_CHECK_GPIO_CONFIG_CHANGES is not set + +# +# General Debug Settings +# +# CONFIG_GDB_STUB is not set +# CONFIG_FATAL_ASSERTS is not set +CONFIG_HAVE_DEBUG_GPIO=y +# CONFIG_DEBUG_GPIO is not set +# CONFIG_DEBUG_CBFS is not set +CONFIG_HAVE_DEBUG_RAM_SETUP=y +# CONFIG_DEBUG_RAM_SETUP is not set +CONFIG_HAVE_DEBUG_SMBUS=y +# CONFIG_DEBUG_SMBUS is not set +# CONFIG_DEBUG_CONSOLE_INIT is not set +# CONFIG_DEBUG_SPI_FLASH is not set +# CONFIG_DEBUG_BOOT_STATE is not set +# CONFIG_DEBUG_ADA_CODE is not set +CONFIG_HAVE_EM100_SUPPORT=y +# CONFIG_EM100 is not set +# CONFIG_DEBUG_ACPICA_COMPATIBLE is not set +# end of Debugging + +CONFIG_DECOMPRESS_OFAST=y +CONFIG_WARNINGS_ARE_ERRORS=y +CONFIG_MAX_REBOOT_CNT=3 +CONFIG_RELOCATABLE_MODULES=y +CONFIG_GENERIC_GPIO_LIB=y +CONFIG_HAVE_BOOTBLOCK=y +CONFIG_HAVE_ROMSTAGE=y +CONFIG_HAVE_RAMSTAGE=y diff --git a/config/coreboot-msi_z790p_ddr5.config b/config/coreboot-msi_z790p_ddr5.config new file mode 100644 index 000000000..5b75f0ad9 --- /dev/null +++ b/config/coreboot-msi_z790p_ddr5.config @@ -0,0 +1,862 @@ +# +# Automatically generated file; DO NOT EDIT. +# coreboot configuration +# + +# +# General setup +# +CONFIG_COREBOOT_BUILD=y +CONFIG_LOCALVERSION="" +CONFIG_CBFS_PREFIX="fallback" +CONFIG_COMPILER_GCC=y +# CONFIG_COMPILER_LLVM_CLANG is not set +CONFIG_ARCH_SUPPORTS_CLANG=y +# CONFIG_ANY_TOOLCHAIN is not set +# CONFIG_CCACHE is not set +# CONFIG_IWYU is not set +# CONFIG_FMD_GENPARSER is not set +# CONFIG_UTIL_GENPARSER is not set +CONFIG_OPTION_BACKEND_NONE=y +CONFIG_COMPRESS_RAMSTAGE_LZMA=y +# CONFIG_COMPRESS_RAMSTAGE_LZ4 is not set +CONFIG_INCLUDE_CONFIG_FILE=y +CONFIG_COLLECT_TIMESTAMPS=y +# CONFIG_TIMESTAMPS_ON_CONSOLE is not set +CONFIG_USE_BLOBS=y +# CONFIG_USE_AMD_BLOBS is not set +# CONFIG_USE_QC_BLOBS is not set +# CONFIG_COVERAGE is not set +# CONFIG_UBSAN is not set +CONFIG_HAVE_ASAN_IN_RAMSTAGE=y +# CONFIG_ASAN is not set +# CONFIG_NO_STAGE_CACHE is not set +CONFIG_TSEG_STAGE_CACHE=y +# CONFIG_UPDATE_IMAGE is not set +CONFIG_BOOTSPLASH_IMAGE=y +CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg" +CONFIG_BOOTSPLASH_CONVERT=y +CONFIG_BOOTSPLASH_CONVERT_QUALITY=90 +# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set +# CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set +# CONFIG_FW_CONFIG is not set + +# +# Software Bill Of Materials (SBOM) +# +# CONFIG_SBOM is not set +# end of Software Bill Of Materials (SBOM) +# end of General setup + +# +# Mainboard +# + +# +# Important: Run 'make distclean' before switching boards +# +# CONFIG_VENDOR_51NB is not set +# CONFIG_VENDOR_ACER is not set +# CONFIG_VENDOR_ADLINK is not set +# CONFIG_VENDOR_AMD is not set +# CONFIG_VENDOR_AOPEN is not set +# CONFIG_VENDOR_APPLE is not set +# CONFIG_VENDOR_ASROCK is not set +# CONFIG_VENDOR_ASUS is not set +# CONFIG_VENDOR_BIOSTAR is not set +# CONFIG_VENDOR_BOSTENTECH is not set +# CONFIG_VENDOR_BYTEDANCE is not set +# CONFIG_VENDOR_CAVIUM is not set +# CONFIG_VENDOR_CLEVO is not set +# CONFIG_VENDOR_COMPULAB is not set +# CONFIG_VENDOR_DELL is not set +# CONFIG_VENDOR_EMULATION is not set +# CONFIG_VENDOR_EXAMPLE is not set +# CONFIG_VENDOR_FACEBOOK is not set +# CONFIG_VENDOR_FOXCONN is not set +# CONFIG_VENDOR_GETAC is not set +# CONFIG_VENDOR_GIGABYTE is not set +# CONFIG_VENDOR_GOOGLE is not set +# CONFIG_VENDOR_HP is not set +# CONFIG_VENDOR_IBASE is not set +# CONFIG_VENDOR_IBM is not set +# CONFIG_VENDOR_INTEL is not set +# CONFIG_VENDOR_INVENTEC is not set +# CONFIG_VENDOR_KONTRON is not set +# CONFIG_VENDOR_LENOVO is not set +# CONFIG_VENDOR_LIBRETREND is not set +CONFIG_VENDOR_MSI=y +# CONFIG_VENDOR_NOVACUSTOM is not set +# CONFIG_VENDOR_OCP is not set +# CONFIG_VENDOR_OPENCELLULAR is not set +# CONFIG_VENDOR_PACKARDBELL is not set +# CONFIG_VENDOR_PCENGINES is not set +# CONFIG_VENDOR_PINE64 is not set +# CONFIG_VENDOR_PORTWELL is not set +# CONFIG_VENDOR_PRODRIVE is not set +# CONFIG_VENDOR_PROTECTLI is not set +# CONFIG_VENDOR_PURISM is not set +# CONFIG_VENDOR_RAZER is not set +# CONFIG_VENDOR_RODA is not set +# CONFIG_VENDOR_SAMSUNG is not set +# CONFIG_VENDOR_SAPPHIRE is not set +# CONFIG_VENDOR_SIEMENS is not set +# CONFIG_VENDOR_SIFIVE is not set +# CONFIG_VENDOR_STARLABS is not set +# CONFIG_VENDOR_SUPERMICRO is not set +# CONFIG_VENDOR_SYSTEM76 is not set +# CONFIG_VENDOR_TI is not set +# CONFIG_VENDOR_UP is not set +CONFIG_MAINBOARD_FAMILY="Default string" +CONFIG_MAINBOARD_PART_NUMBER="PRO Z790-P WIFI (MS-7E06)" +CONFIG_MAINBOARD_VERSION="2.0" +CONFIG_MAINBOARD_DIR="msi/ms7e06" +CONFIG_DIMM_MAX=4 +CONFIG_DIMM_SPD_SIZE=512 +CONFIG_FMDFILE="" +# CONFIG_NO_POST is not set +CONFIG_MAINBOARD_VENDOR="Micro-Star International Co., Ltd." +CONFIG_CBFS_SIZE=0x1c00000 +CONFIG_CONSOLE_SERIAL=y +CONFIG_MAX_CPUS=32 +CONFIG_ONBOARD_VGA_IS_PRIMARY=y +CONFIG_POST_DEVICE=y +CONFIG_POST_IO=y +CONFIG_UART_FOR_CONSOLE=0 +CONFIG_DEVICETREE="devicetree.cb" +# CONFIG_VBOOT is not set +CONFIG_OVERRIDE_DEVICETREE="" +# CONFIG_VGA_BIOS is not set +CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Micro-Star International Co., Ltd." +CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/data.vbt" +# CONFIG_DISABLE_HECI1_AT_PRE_BOOT is not set +CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0x4000 +CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0 +CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="PRO Z790-P WIFI (MS-7E06)" +# CONFIG_CONSOLE_POST is not set +# CONFIG_USE_PM_ACPI_TIMER is not set +CONFIG_TPM_PIRQ=0x3f +# CONFIG_SOC_INTEL_CSE_SEND_EOP_EARLY is not set +CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xc0000000 +CONFIG_ECAM_MMCONF_BUS_NUMBER=256 +CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld" +CONFIG_DCACHE_RAM_BASE=0xfef00000 +CONFIG_DCACHE_RAM_SIZE=0xc0000 +CONFIG_C_ENV_BOOTBLOCK_SIZE=0x40000 +CONFIG_DCACHE_BSP_STACK_SIZE=0x80400 +CONFIG_MAX_ACPI_TABLE_SIZE_KB=144 +CONFIG_HAVE_INTEL_FIRMWARE=y +CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000 +CONFIG_DRIVERS_INTEL_WIFI=y +CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/$(MAINBOARDDIR)/descriptor.bin" +CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/$(MAINBOARDDIR)/me.bin" +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x100000 +CONFIG_PCIEXP_DEFAULT_MAX_RESIZABLE_BAR_BITS=37 +CONFIG_VBT_DATA_SIZE_KB=9 +CONFIG_CARDBUS_PLUGIN_SUPPORT=y +CONFIG_SPI_FLASH_DONT_INCLUDE_ALL_DRIVERS=y +CONFIG_USE_LEGACY_8254_TIMER=y +CONFIG_GBB_HWID="MSI_MS7E06" +# CONFIG_DEBUG_SMI is not set +CONFIG_HAVE_IFD_BIN=y +CONFIG_PS2K_EISAID="PNP0303" +CONFIG_PS2M_EISAID="PNP0F13" +# CONFIG_BOARD_MSI_H81M_P33 is not set +# CONFIG_BOARD_MSI_MS7707 is not set +# CONFIG_BOARD_MSI_Z690_A_PRO_WIFI_DDR4 is not set +# CONFIG_BOARD_MSI_Z690_A_PRO_WIFI_DDR5 is not set +# CONFIG_BOARD_MSI_Z790_P_PRO_WIFI_DDR4 is not set +CONFIG_BOARD_MSI_Z790_P_PRO_WIFI_DDR5=y +CONFIG_CPU_MICROCODE_CBFS_LOC=0xff800000 +CONFIG_INTEL_FIT_LOC=0xfffc0000 +CONFIG_BOARD_MSI_MS7E06=y +CONFIG_BOARD_HAS_MSI_ROMHOLE=y +CONFIG_MSI_ROMHOLE_IN_CBFS=y +CONFIG_MSI_ROMHOLE_ADDRESS_IN_CBFS=0xff7c0000 +CONFIG_MSI_ROMHOLE_SIZE_IN_CBFS=0x20000 +CONFIG_TTYS0_BAUD=115200 +CONFIG_POWER_STATE_DEFAULT_ON_AFTER_FAILURE=y +CONFIG_D3COLD_SUPPORT=y +# CONFIG_PCIEXP_ASPM is not set +# CONFIG_PCIEXP_L1_SUB_STATE is not set +# CONFIG_PCIEXP_CLK_PM is not set +CONFIG_DRIVERS_UART_8250IO=y +CONFIG_PC_CMOS_BASE_PORT_BANK1=0x72 +CONFIG_HEAP_SIZE=0x10000 +CONFIG_EC_GPE_SCI=0x50 +CONFIG_TPM_MEASURED_BOOT=y +CONFIG_LINUX_COMMAND_LINE="quiet splash" +CONFIG_BOARD_ROMSIZE_KB_32768=y +# CONFIG_COREBOOT_ROMSIZE_KB_256 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_512 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_1024 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_2048 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_4096 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_5120 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_6144 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_8192 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_10240 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_12288 is not set +# CONFIG_COREBOOT_ROMSIZE_KB_16384 is not set +CONFIG_COREBOOT_ROMSIZE_KB_32768=y +# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set +CONFIG_COREBOOT_ROMSIZE_KB=32768 +CONFIG_ROM_SIZE=0x02000000 +CONFIG_HAVE_POWER_STATE_AFTER_FAILURE=y +CONFIG_HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE=y +CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y +# CONFIG_POWER_STATE_ON_AFTER_FAILURE is not set +# CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set +CONFIG_MAINBOARD_POWER_FAILURE_STATE=0 +# end of Mainboard + +# +# Chipset +# + +# +# SoC +# +CONFIG_CHIPSET_DEVICETREE="soc/intel/alderlake/chipset_pch_s.cb" +CONFIG_FSP_M_FILE="$(obj)/Fsp_M.fd" +CONFIG_FSP_S_FILE="$(obj)/Fsp_S.fd" +CONFIG_CBFS_MCACHE_SIZE=0x4000 +CONFIG_ROMSTAGE_ADDR=0x2000000 +CONFIG_FSP_TEMP_RAM_SIZE=0x20000 +CONFIG_VERSTAGE_ADDR=0x2000000 +CONFIG_SMM_TSEG_SIZE=0x800000 +CONFIG_SMM_RESERVED_SIZE=0x200000 +CONFIG_SMM_MODULE_STACK_SIZE=0x800 +CONFIG_ACPI_BERT_SIZE=0x0 +CONFIG_DRIVERS_I2C_DESIGNWARE_CLOCK_MHZ=133 +CONFIG_VBOOT_HASH_BLOCK_SIZE=0x1000 +CONFIG_ACPI_CPU_STRING="CP%02X" +CONFIG_STACK_SIZE=0x2000 +CONFIG_SOC_INTEL_ALDERLAKE=y +CONFIG_SOC_INTEL_RAPTORLAKE=y +CONFIG_SOC_INTEL_ALDERLAKE_PCH_S=y +CONFIG_SOC_INTEL_RAPTORLAKE_PCH_S=y +CONFIG_ALDERLAKE_CAR_ENHANCED_NEM=y +CONFIG_EXT_BIOS_WIN_BASE=0xf8000000 +CONFIG_EXT_BIOS_WIN_SIZE=0x2000000 +CONFIG_IFD_CHIPSET="adl" +CONFIG_IED_REGION_SIZE=0x400000 +CONFIG_MAX_PCH_ROOT_PORTS=28 +CONFIG_MAX_CPU_ROOT_PORTS=3 +CONFIG_MAX_TBT_ROOT_PORTS=0 +CONFIG_MAX_ROOT_PORTS=28 +CONFIG_MAX_PCIE_CLOCK_SRC=18 +CONFIG_MAX_PCIE_CLOCK_REQ=18 +CONFIG_PCR_BASE_ADDRESS=0xe0000000 +CONFIG_CPU_BCLK_MHZ=100 +CONFIG_SOC_INTEL_PERFORMANCE_CORE_SCALE_FACTOR=127 +CONFIG_SOC_INTEL_EFFICIENT_CORE_SCALE_FACTOR=100 +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_CLOCK_MHZ=120 +CONFIG_CPU_XTAL_HZ=38400000 +CONFIG_SOC_INTEL_UFS_CLK_FREQ_HZ=19200000 +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_MAX=7 +CONFIG_SOC_INTEL_I2C_DEV_MAX=8 +# CONFIG_ENABLE_SATA_TEST_MODE is not set +CONFIG_SOC_INTEL_UART_DEV_MAX=7 +CONFIG_SOC_INTEL_COMMON_LPSS_UART_CLK_M_VAL=0x25a +CONFIG_SOC_INTEL_COMMON_LPSS_UART_CLK_N_VAL=0x7fff +CONFIG_FSP_HEADER_PATH="3rdparty/fsp/RaptorLakeFspBinPkg/Client/RaptorLakeS/Include/" +CONFIG_FSP_FD_PATH="3rdparty/fsp/RaptorLakeFspBinPkg/Client/RaptorLakeS/Fsp.fd" +CONFIG_SOC_INTEL_ALDERLAKE_DEBUG_CONSENT=0 +CONFIG_DATA_BUS_WIDTH=128 +CONFIG_DIMMS_PER_CHANNEL=2 +CONFIG_MRC_CHANNEL_WIDTH=16 +CONFIG_ACPI_ADL_IPU_ES_SUPPORT=y +CONFIG_ALDERLAKE_ENABLE_SOC_WORKAROUND=y +CONFIG_SI_DESC_REGION="SI_DESC" +CONFIG_SI_DESC_REGION_SZ=4096 +# CONFIG_BUILDING_WITH_DEBUG_FSP is not set +CONFIG_INTEL_GMA_BCLV_OFFSET=0xc8258 +CONFIG_INTEL_GMA_BCLV_WIDTH=32 +CONFIG_INTEL_GMA_BCLM_OFFSET=0xc8254 +CONFIG_INTEL_GMA_BCLM_WIDTH=32 +CONFIG_FSP_PUBLISH_MBP_HOB=y +CONFIG_INCLUDE_HSPHY_IN_FMAP=y +CONFIG_HSPHY_FW_FILE="" +CONFIG_HSPHY_FW_MAX_SIZE=0x8000 +CONFIG_MAX_HECI_DEVICES=6 +CONFIG_BOOTBLOCK_IN_CBFS=y +CONFIG_HAVE_PAM0_REGISTER=y +CONFIG_PCIEXP_COMMON_CLOCK=y +CONFIG_CPU_INTEL_NUM_FIT_ENTRIES=4 +CONFIG_SOC_INTEL_GFX_FRAMEBUFFER_OFFSET=0x0 +CONFIG_PCIE_LTR_MAX_SNOOP_LATENCY=0x1003 +CONFIG_PCIE_LTR_MAX_NO_SNOOP_LATENCY=0x1003 +CONFIG_INTEL_TME=y +CONFIG_SOC_INTEL_COMMON_BLOCK_P2SB=y +CONFIG_FIXED_SMBUS_IO_BASE=0xefa0 +CONFIG_CBFS_CACHE_ALIGN=8 +CONFIG_SOC_INTEL_COMMON=y + +# +# Intel SoC Common Code for IP blocks +# +CONFIG_SOC_INTEL_COMMON_BLOCK=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_GPIO=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_LPIT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_PEP=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_PEP_LPM_REQ=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_CPPC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_CPU_HYBRID=y +CONFIG_SOC_INTEL_UFS_OCP_TIMER_DISABLE=y +CONFIG_SOC_INTEL_UFS_LTR_DISQUALIFY=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CHIP_CONFIG=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CNVI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CPU=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CPU_MPINIT=y +CONFIG_USE_FSP_FEATURE_PROGRAM_ON_APS=y +# CONFIG_USE_COREBOOT_MP_INIT is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_CPU_SMMRELOCATE=y +CONFIG_SOC_INTEL_COMMON_BLOCK_CAR=y +CONFIG_INTEL_CAR_NEM_ENHANCED=y +CONFIG_CAR_HAS_SF_MASKS=y +CONFIG_COS_MAPPED_TO_MSB=y +CONFIG_CAR_HAS_L3_PROTECTED_WAYS=y +CONFIG_USE_INTEL_FSP_TO_CALL_COREBOOT_PUBLISH_MP_PPI=y +CONFIG_CPU_SUPPORTS_INTEL_TME=y +# CONFIG_TME_KEY_REGENERATION_ON_WARM_BOOT is not set +CONFIG_CPU_SUPPORTS_PM_TIMER_EMULATION=y +CONFIG_HAVE_HYPERTHREADING=y +CONFIG_FSP_HYPERTHREADING=y +# CONFIG_INTEL_KEYLOCKER is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_CSE=y +CONFIG_SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PMC_IPC=y +CONFIG_SOC_INTEL_CSE_SEND_EOP_LATE=y +CONFIG_SOC_INTEL_CSE_FMAP_NAME="SI_ME" +CONFIG_SOC_INTEL_CSE_RW_A_FMAP_NAME="ME_RW_A" +CONFIG_SOC_INTEL_CSE_RW_B_FMAP_NAME="ME_RW_B" +CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME="me_rw" +CONFIG_SOC_INTEL_CSE_RW_HASH_CBFS_NAME="me_rw.hash" +CONFIG_SOC_INTEL_CSE_RW_VERSION_CBFS_NAME="me_rw.version" +CONFIG_SOC_INTEL_CSE_RW_FILE="" +CONFIG_SOC_INTEL_CSE_RW_VERSION="" +CONFIG_SOC_INTEL_CSE_SET_EOP=y +CONFIG_SOC_INTEL_CSE_IOM_CBFS_NAME="cse_iom" +CONFIG_SOC_INTEL_CSE_IOM_CBFS_FILE="" +CONFIG_SOC_INTEL_CSE_NPHY_CBFS_NAME="cse_nphy" +CONFIG_SOC_INTEL_CSE_NPHY_CBFS_FILE="" +CONFIG_SOC_INTEL_CSE_HAVE_SPEC_SUPPORT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ME_SPEC_16=y +CONFIG_ME_SPEC=16 +CONFIG_SOC_INTEL_COMMON_BLOCK_DSP=y +CONFIG_SOC_INTEL_COMMON_BLOCK_DTT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_FAST_SPI=y +CONFIG_FAST_SPI_DISABLE_WRITE_STATUS=y +CONFIG_FAST_SPI_SUPPORTS_EXT_BIOS_WINDOW=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_ITSS_POL_CFG=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_DUAL_ROUTE_SUPPORT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_LOCK_USING_SBI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GPMR=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GRAPHICS=y +# CONFIG_SOC_INTEL_DISABLE_IGD is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_VERSION_2=y +CONFIG_SOC_INTEL_COMMON_BLOCK_HDA=y +CONFIG_SOC_INTEL_COMMON_BLOCK_HDA_VERB=y +CONFIG_SOC_INTEL_COMMON_BLOCK_I2C=y +CONFIG_SOC_INTEL_COMMON_BLOCK_IRQ=y +CONFIG_SOC_INTEL_COMMON_BLOCK_ITSS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_LPC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_LPC_MIRROR_TO_GPMR=y +CONFIG_SOC_INTEL_COMMON_BLOCK_LPSS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_MEMINIT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_OC_WDT=y +# CONFIG_SOC_INTEL_COMMON_OC_WDT_ENABLE is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_BASE_P2SB=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PCIE=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PCIE_RTD3=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PCR=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PMC=y +CONFIG_SOC_INTEL_MEM_MAPPED_PM_CONFIGURATION=y +CONFIG_SOC_INTEL_COMMON_BLOCK_PMC_EPOC=y +CONFIG_PMC_IPC_ACPI_INTERFACE=y +CONFIG_PMC_GLOBAL_RESET_ENABLE_LOCK=y +CONFIG_SOC_INTEL_COMMON_BLOCK_POWER_LIMIT=y +CONFIG_SOC_INTEL_COMMON_BLOCK_RTC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SATA=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SMBUS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_TCO=y +CONFIG_SOC_INTEL_COMMON_BLOCK_TCO_ENABLE_THROUGH_SMBUS=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_IO_TRAP=y +# CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_S5_DELAY_MS=0 +CONFIG_SOC_INTEL_COMMON_BLOCK_SPI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_SA=y +CONFIG_DOMAIN_RESOURCE_32BIT_LIMIT=0xe0000000 +CONFIG_SOC_INTEL_COMMON_BLOCK_THERMAL=y +CONFIG_SOC_INTEL_COMMON_BLOCK_THERMAL_BEHIND_PMC=y +CONFIG_SOC_INTEL_COMMON_BLOCK_TIMER=y +CONFIG_SOC_INTEL_COMMON_BLOCK_UART=y +CONFIG_SOC_INTEL_COMMON_BLOCK_VTD=y +# CONFIG_ENABLE_EARLY_DMA_PROTECTION is not set +CONFIG_SOC_INTEL_COMMON_BLOCK_XDCI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI=y +CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI_ELOG=y + +# +# Intel SoC Common PCH Code +# +CONFIG_SOC_INTEL_COMMON_PCH_CLIENT=y +CONFIG_SOC_INTEL_COMMON_PCH_BASE=y +CONFIG_SOC_INTEL_COMMON_PCH_LOCKDOWN=y +CONFIG_PCH_SPECIFIC_BASE_OPTIONS=y +CONFIG_PCH_SPECIFIC_DISCRETE_OPTIONS=y +CONFIG_PCH_SPECIFIC_CLIENT_OPTIONS=y + +# +# Intel SoC Common coreboot stages and non-IP blocks +# +CONFIG_SOC_INTEL_COMMON_BASECODE=y +CONFIG_SOC_INTEL_COMMON_BASECODE_RAMTOP=y +CONFIG_SOC_INTEL_COMMON_RESET=y +CONFIG_SOC_INTEL_COMMON_ACPI_WAKE_SOURCE=y +CONFIG_PAVP=y +# CONFIG_SOC_INTEL_DEBUG_CONSENT is not set +CONFIG_HAVE_INTEL_COMPLIANCE_TEST_MODE=y +# CONFIG_SOC_INTEL_COMPLIANCE_TEST_MODE is not set + +# +# CPU +# +CONFIG_CPU_INTEL_FIRMWARE_INTERFACE_TABLE=y +CONFIG_CPU_INTEL_COMMON=y +CONFIG_ENABLE_VMX=y +CONFIG_SET_IA32_FC_LOCK_BIT=y +CONFIG_SET_MSR_AESNI_LOCK_BIT=y +CONFIG_CPU_INTEL_COMMON_VOLTAGE=y +CONFIG_CPU_INTEL_COMMON_SMM=y +CONFIG_PARALLEL_MP=y +CONFIG_PARALLEL_MP_AP_WORK=y +CONFIG_XAPIC_ONLY=y +# CONFIG_X2APIC_ONLY is not set +# CONFIG_X2APIC_RUNTIME is not set +# CONFIG_X2APIC_LATE_WORKAROUND is not set +CONFIG_UDELAY_TSC=y +CONFIG_TSC_MONOTONIC_TIMER=y +CONFIG_X86_CLFLUSH_CAR=y +CONFIG_HAVE_SMI_HANDLER=y +CONFIG_SMM_TSEG=y +CONFIG_SMM_PCI_RESOURCE_STORE_NUM_SLOTS=8 +CONFIG_X86_INIT_NEED_1_SIPI=y +CONFIG_AP_STACK_SIZE=0x800 +CONFIG_SMP=y +CONFIG_SSE=y +CONFIG_SSE2=y +CONFIG_SUPPORT_CPU_UCODE_IN_CBFS=y +CONFIG_USE_CPU_MICROCODE_CBFS_BINS=y +CONFIG_CPU_MICROCODE_CBFS_DEFAULT_BINS=y +# CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_BINS is not set +# CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_HEADER is not set +# CONFIG_CPU_MICROCODE_CBFS_NONE is not set + +# +# Northbridge +# + +# +# Southbridge +# +# CONFIG_PCIEXP_HOTPLUG is not set +CONFIG_INTEL_DESCRIPTOR_MODE_REQUIRED=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS=y +CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y +CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y +# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set +CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000 +CONFIG_RCBA_LENGTH=0x4000 + +# +# Super I/O +# +CONFIG_SUPERIO_NUVOTON_COMMON_PRE_RAM=y +CONFIG_SUPERIO_NUVOTON_NCT6687D=y + +# +# Embedded Controllers +# + +# +# Intel Firmware +# +CONFIG_IFDTOOL_DISABLE_ME=y +CONFIG_HAVE_ME_BIN=y +# CONFIG_STITCH_ME_BIN is not set +# CONFIG_ME_REGION_ALLOW_CPU_READ_ACCESS is not set +CONFIG_HAVE_INTEL_ME_HAP=y +# CONFIG_INTEL_ME_DISABLED_HECI is not set +CONFIG_INTEL_ME_DISABLED_HAP=y +# CONFIG_INTEL_ME_ENABLED is not set +CONFIG_INTEL_ME_DEFAULT_STATE=2 +# CONFIG_DO_NOT_TOUCH_DESCRIPTOR_REGION is not set +# CONFIG_LOCK_MANAGEMENT_ENGINE is not set +CONFIG_UNLOCK_FLASH_REGIONS=y +CONFIG_BIOS_VENDOR="3mdeb" + +# +# Dasharo +# + +# +# Dasharo Configuration +# +CONFIG_DASHARO_PREFER_S3_SLEEP=y +# end of Dasharo Configuration + +CONFIG_UDK_BASE=y +CONFIG_UDK_202005_BINDING=y +CONFIG_UDK_2013_VERSION=2013 +CONFIG_UDK_2017_VERSION=2017 +CONFIG_UDK_202005_VERSION=202005 +CONFIG_UDK_202302_VERSION=202302 +CONFIG_UDK_VERSION=202005 +CONFIG_ARCH_X86=y +CONFIG_ARCH_BOOTBLOCK_X86_32=y +CONFIG_ARCH_VERSTAGE_X86_32=y +CONFIG_ARCH_ROMSTAGE_X86_32=y +CONFIG_ARCH_POSTCAR_X86_32=y +CONFIG_ARCH_RAMSTAGE_X86_32=y +CONFIG_ARCH_ALL_STAGES_X86_32=y +CONFIG_X86_CUSTOM_BOOTMEDIA=y +CONFIG_PC80_SYSTEM=y +CONFIG_POSTCAR_STAGE=y +CONFIG_BOOTBLOCK_SIMPLE=y +# CONFIG_BOOTBLOCK_NORMAL is not set +CONFIG_COLLECT_TIMESTAMPS_TSC=y +CONFIG_IDT_IN_EVERY_STAGE=y +CONFIG_HAVE_CF9_RESET=y +CONFIG_DEBUG_HW_BREAKPOINTS=y +CONFIG_DEBUG_HW_BREAKPOINTS_IN_ALL_STAGES=y +CONFIG_DEBUG_NULL_DEREF_BREAKPOINTS=y +CONFIG_DEBUG_NULL_DEREF_BREAKPOINTS_IN_ALL_STAGES=y +# CONFIG_DUMP_SMBIOS_TYPE17 is not set +# end of Chipset + +# +# Devices +# +CONFIG_HAVE_LINEAR_FRAMEBUFFER=y +CONFIG_HAVE_FSP_GOP=y +# CONFIG_VGA_ROM_RUN is not set +CONFIG_RUN_FSP_GOP=y +# CONFIG_NO_GFX_INIT is not set +CONFIG_NO_EARLY_GFX_INIT=y + +# +# Display +# +CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y +CONFIG_LINEAR_FRAMEBUFFER=y +CONFIG_BOOTSPLASH=y +# end of Display + +CONFIG_PCI=y +CONFIG_ECAM_MMCONF_SUPPORT=y +CONFIG_PCIX_PLUGIN_SUPPORT=y +CONFIG_AZALIA_PLUGIN_SUPPORT=y +CONFIG_AZALIA_LOCK_DOWN_R_WO_GCAP=y +CONFIG_PCIEXP_PLUGIN_SUPPORT=y +CONFIG_ECAM_MMCONF_LENGTH=0x10000000 +CONFIG_PCI_ALLOW_BUS_MASTER=y +CONFIG_PCI_SET_BUS_MASTER_PCI_BRIDGES=y +CONFIG_PCI_ALLOW_BUS_MASTER_ANY_DEVICE=y +CONFIG_PCIEXP_SUPPORT_RESIZABLE_BARS=y +CONFIG_PCIEXP_LANE_ERR_STAT_CLEAR=y +CONFIG_FIRMWARE_CONNECTION_MANAGER=y +# CONFIG_SOFTWARE_CONNECTION_MANAGER is not set +# CONFIG_EARLY_PCI_BRIDGE is not set +CONFIG_SUBSYSTEM_VENDOR_ID=0x0000 +CONFIG_SUBSYSTEM_DEVICE_ID=0x0000 +CONFIG_INTEL_GMA_HAVE_VBT=y +CONFIG_INTEL_GMA_ADD_VBT=y +# CONFIG_SOFTWARE_I2C is not set +CONFIG_I2C_TRANSFER_TIMEOUT_US=500000 +# CONFIG_RESOURCE_ALLOCATION_TOP_DOWN is not set +# end of Devices + +# +# Generic Drivers +# +CONFIG_CRB_TPM=y +CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 +# CONFIG_DRIVERS_EFI_VARIABLE_STORE is not set +# CONFIG_ELOG is not set +CONFIG_CACHE_MRC_SETTINGS=y +CONFIG_MRC_SETTINGS_PROTECT=y +# CONFIG_SMMSTORE is not set +CONFIG_SPI_FLASH=y +CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y +CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y +# CONFIG_SPI_FLASH_NO_FAST_READ is not set +# CONFIG_TPM_INIT_RAMSTAGE is not set +# CONFIG_TPM_PPI is not set +CONFIG_DRIVERS_UART=y +# CONFIG_DRIVERS_UART_OXPCIE is not set +# CONFIG_VPD is not set +# CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set +# CONFIG_DRIVERS_GENERIC_CBFS_UUID is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9750 is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9755 is not set +# CONFIG_DRIVERS_GENESYSLOGIC_GL9763E is not set +CONFIG_DRIVERS_I2C_DESIGNWARE=y +# CONFIG_DRIVERS_I2C_MAX98396 is not set +CONFIG_FSP_USE_REPO=y +# CONFIG_DISPLAY_HOBS is not set +# CONFIG_DISPLAY_UPD_DATA is not set +CONFIG_PLATFORM_USES_FSP2_0=y +CONFIG_PLATFORM_USES_FSP2_1=y +CONFIG_PLATFORM_USES_FSP2_2=y +CONFIG_PLATFORM_USES_FSP2_3=y +CONFIG_PLATFORM_USES_FSP2_X86_32=y +CONFIG_HAVE_INTEL_FSP_REPO=y +CONFIG_ADD_FSP_BINARIES=y +CONFIG_FSP_T_LOCATION=0xfffe0000 +CONFIG_FSP_S_CBFS="fsps.bin" +CONFIG_FSP_M_CBFS="fspm.bin" +CONFIG_FSP_FULL_FD=y +CONFIG_FSP_T_RESERVED_SIZE=0x0 +CONFIG_FSP_M_XIP=y +CONFIG_FSP_USES_CB_STACK=y +CONFIG_FSP_COMPRESS_FSP_S_LZ4=y +CONFIG_FSP_STATUS_GLOBAL_RESET_REQUIRED_3=y +CONFIG_FSP_STATUS_GLOBAL_RESET=0x40000003 +CONFIG_SOC_INTEL_COMMON_FSP_RESET=y +CONFIG_FSPS_HAS_ARCH_UPD=y +CONFIG_FSP_USES_CB_DEBUG_EVENT_HANDLER=y +# CONFIG_DISPLAY_FSP_TIMESTAMPS is not set +CONFIG_FSP_ENABLE_SERIAL_DEBUG=y +CONFIG_FSP_MULTIPHASE_SI_INIT_RETURN_BROKEN=y +CONFIG_INTEL_GMA_ACPI=y +CONFIG_INTEL_GMA_OPREGION_2_1=y +CONFIG_HAVE_INTEL_PTT=y +# CONFIG_DRIVERS_NXP_UWB_SR1XX is not set +# CONFIG_DRIVERS_PS2_KEYBOARD is not set +CONFIG_DRIVERS_MC146818=y +CONFIG_USE_PC_CMOS_ALTCENTURY=y +CONFIG_PC_CMOS_BASE_PORT_BANK0=0x70 +CONFIG_MEMORY_MAPPED_TPM=y +CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000 +# CONFIG_DRIVERS_SIL_3114 is not set +CONFIG_DRIVERS_USB_ACPI=y +CONFIG_DRIVERS_WIFI_GENERIC=y +CONFIG_MP_SERVICES_PPI=y +CONFIG_MP_SERVICES_PPI_V2=y +# end of Generic Drivers + +# +# Security +# + +# +# CBFS verification +# +# CONFIG_CBFS_VERIFICATION is not set +# end of CBFS verification + +# +# Verified Boot (vboot) +# +CONFIG_VBOOT_LIB=y +# end of Verified Boot (vboot) + +# +# Trusted Platform Module +# +# CONFIG_TPM1 is not set +CONFIG_TPM2=y +CONFIG_TPM=y +# CONFIG_DEBUG_TPM is not set +# CONFIG_TPM_RDRESP_NEED_DELAY is not set +# CONFIG_TPM_LOG_CB is not set +CONFIG_TPM_LOG_TPM2=y +# CONFIG_TPM_HASH_SHA1 is not set +CONFIG_TPM_HASH_SHA256=y +# CONFIG_TPM_HASH_SHA384 is not set +# CONFIG_TPM_HASH_SHA512 is not set +CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA="" +CONFIG_TPM_MEASURED_BOOT_INIT_BOOTBLOCK=y +CONFIG_PCR_BOOT_MODE=1 +CONFIG_PCR_HWID=1 +CONFIG_PCR_SRTM=2 +CONFIG_PCR_RUNTIME_DATA=3 +# end of Trusted Platform Module + +# +# Memory initialization +# +CONFIG_PLATFORM_HAS_DRAM_CLEAR=y +# CONFIG_SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT is not set +# end of Memory initialization + +CONFIG_INTEL_TXT_LIB=y +# CONFIG_INTEL_TXT is not set +# CONFIG_STM is not set +# CONFIG_INTEL_CBNT_SUPPORT is not set +CONFIG_BOOTMEDIA_LOCK_NONE=y +# CONFIG_BOOTMEDIA_LOCK_CONTROLLER is not set +# CONFIG_BOOTMEDIA_LOCK_CHIP is not set +# CONFIG_BOOTMEDIA_SMM_BWP is not set +# end of Security + +CONFIG_ACPI_HAVE_PCAT_8259=y +CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES=y +CONFIG_ACPI_SOC_NVS=y +CONFIG_ACPI_CUSTOM_MADT=y +CONFIG_ACPI_COMMON_MADT_IOAPIC=y +CONFIG_HAVE_ACPI_TABLES=y +CONFIG_ACPI_LPIT=y +CONFIG_BOOT_DEVICE_SPI_FLASH=y +CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y +CONFIG_BOOT_DEVICE_SUPPORTS_WRITES=y +CONFIG_RTC=y + +# +# Console +# +CONFIG_BOOTBLOCK_CONSOLE=y +CONFIG_POSTCAR_CONSOLE=y +CONFIG_SQUELCH_EARLY_SMP=y + +# +# I/O mapped, 8250-compatible +# +CONFIG_TTYS0_BASE=0x3f8 + +# +# Serial port base address = 0x3f8 +# +# CONFIG_CONSOLE_SERIAL_921600 is not set +# CONFIG_CONSOLE_SERIAL_460800 is not set +# CONFIG_CONSOLE_SERIAL_230400 is not set +CONFIG_CONSOLE_SERIAL_115200=y +# CONFIG_CONSOLE_SERIAL_57600 is not set +# CONFIG_CONSOLE_SERIAL_38400 is not set +# CONFIG_CONSOLE_SERIAL_19200 is not set +# CONFIG_CONSOLE_SERIAL_9600 is not set +CONFIG_TTYS0_LCS=3 +# CONFIG_SPKMODEM is not set +# CONFIG_CONSOLE_NE2K is not set +CONFIG_CONSOLE_CBMEM=y +# CONFIG_CONSOLE_SPI_FLASH is not set +# CONFIG_CONSOLE_I2C_SMBUS is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_4 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_3 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_2 is not set +# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y +CONFIG_DEFAULT_CONSOLE_LOGLEVEL=0 +# CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX is not set +# CONFIG_CONSOLE_USE_ANSI_ESCAPES is not set +# CONFIG_CMOS_POST is not set +CONFIG_POST_DEVICE_NONE=y +# CONFIG_POST_DEVICE_LPC is not set +# CONFIG_POST_DEVICE_PCI_PCIE is not set +CONFIG_POST_IO_PORT=0x80 +CONFIG_HWBASE_DEBUG_NULL=y +# end of Console + +CONFIG_ACPI_S1_NOT_SUPPORTED=y +CONFIG_HAVE_ACPI_RESUME=y +CONFIG_RESUME_PATH_SAME_AS_BOOT=y +CONFIG_HAVE_MONOTONIC_TIMER=y +CONFIG_IOAPIC=y + +# +# System tables +# +CONFIG_GENERATE_SMBIOS_TABLES=y +CONFIG_MAINBOARD_SERIAL_NUMBER="123456789" +# end of System tables + +# +# Payload +# +# CONFIG_PAYLOAD_NONE is not set +# CONFIG_PAYLOAD_ELF is not set +# CONFIG_PAYLOAD_BOOTBOOT is not set +# CONFIG_PAYLOAD_FILO is not set +# CONFIG_PAYLOAD_GRUB2 is not set +# CONFIG_PAYLOAD_SEAGRUB is not set +# CONFIG_PAYLOAD_LINUXBOOT is not set +# CONFIG_PAYLOAD_SEABIOS is not set +# CONFIG_PAYLOAD_UBOOT is not set +# CONFIG_PAYLOAD_EDK2 is not set +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage" +CONFIG_PAYLOAD_OPTIONS="" +# CONFIG_PXE is not set +CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz" +CONFIG_COMPRESS_SECONDARY_PAYLOAD=y + +# +# Secondary Payloads +# +# CONFIG_COREINFO_SECONDARY_PAYLOAD is not set +# CONFIG_GRUB2_SECONDARY_PAYLOAD is not set +# CONFIG_MEMTEST_SECONDARY_PAYLOAD is not set +# CONFIG_SEABIOS_SECONDARY_PAYLOAD is not set +# CONFIG_TINT_SECONDARY_PAYLOAD is not set +# CONFIG_COREDOOM_SECONDARY_PAYLOAD is not set +# end of Secondary Payloads +# end of Payload + +# +# Debugging +# + +# +# CPU Debug Settings +# +# CONFIG_DISPLAY_MTRRS is not set + +# +# BLOB Debug Settings +# +# CONFIG_DISPLAY_FSP_CALLS_AND_STATUS is not set +# CONFIG_DISPLAY_FSP_HEADER is not set +# CONFIG_VERIFY_HOBS is not set +CONFIG_DISPLAY_FSP_VERSION_INFO=y +# CONFIG_ENABLE_FSP_ERROR_INFO is not set +CONFIG_HAVE_GPIO_SNAPSHOT_VERIFY_SUPPORT=y +# CONFIG_CHECK_GPIO_CONFIG_CHANGES is not set + +# +# General Debug Settings +# +# CONFIG_GDB_STUB is not set +# CONFIG_FATAL_ASSERTS is not set +CONFIG_HAVE_DEBUG_GPIO=y +# CONFIG_DEBUG_GPIO is not set +# CONFIG_DEBUG_CBFS is not set +CONFIG_HAVE_DEBUG_RAM_SETUP=y +# CONFIG_DEBUG_RAM_SETUP is not set +CONFIG_HAVE_DEBUG_SMBUS=y +# CONFIG_DEBUG_SMBUS is not set +# CONFIG_DEBUG_CONSOLE_INIT is not set +# CONFIG_DEBUG_SPI_FLASH is not set +# CONFIG_DEBUG_BOOT_STATE is not set +# CONFIG_DEBUG_ADA_CODE is not set +CONFIG_HAVE_EM100_SUPPORT=y +# CONFIG_EM100 is not set +# CONFIG_DEBUG_ACPICA_COMPATIBLE is not set +# end of Debugging + +CONFIG_DECOMPRESS_OFAST=y +CONFIG_WARNINGS_ARE_ERRORS=y +CONFIG_MAX_REBOOT_CNT=3 +CONFIG_RELOCATABLE_MODULES=y +CONFIG_GENERIC_GPIO_LIB=y +CONFIG_HAVE_BOOTBLOCK=y +CONFIG_HAVE_ROMSTAGE=y +CONFIG_HAVE_RAMSTAGE=y diff --git a/config/linux-msi-z690-z790.config b/config/linux-msi-z690-z790.config new file mode 100644 index 000000000..3c8f5eccf --- /dev/null +++ b/config/linux-msi-z690-z790.config @@ -0,0 +1,3394 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86 6.1.8 Kernel Configuration +# +CONFIG_CC_VERSION_TEXT="x86_64-linux-musl-gcc (GCC) 8.3.0" +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=80300 +CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=23200 +CONFIG_LD_IS_BFD=y +CONFIG_LD_VERSION=23200 +CONFIG_LLD_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_CAN_LINK_STATIC=y +CONFIG_CC_HAS_ASM_INLINE=y +CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y +CONFIG_PAHOLE_VERSION=0 +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_TABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_INIT_ENV_ARG_LIMIT=32 +# CONFIG_COMPILE_TEST is not set +# CONFIG_WERROR is not set +CONFIG_LOCALVERSION="-@BRAND_NAME@" +# CONFIG_LOCALVERSION_AUTO is not set +CONFIG_BUILD_SALT="" +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_HAVE_KERNEL_ZSTD=y +# CONFIG_KERNEL_GZIP is not set +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +CONFIG_KERNEL_XZ=y +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +# CONFIG_KERNEL_ZSTD is not set +CONFIG_DEFAULT_INIT="" +CONFIG_DEFAULT_HOSTNAME="(none)" +# CONFIG_SYSVIPC is not set +# CONFIG_POSIX_MQUEUE is not set +# CONFIG_WATCH_QUEUE is not set +# CONFIG_CROSS_MEMORY_ATTACH is not set +# CONFIG_USELIB is not set +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y +CONFIG_GENERIC_PENDING_IRQ=y +CONFIG_GENERIC_IRQ_MIGRATION=y +CONFIG_HARDIRQS_SW_RESEND=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_IRQ_MSI_IOMMU=y +CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y +CONFIG_GENERIC_IRQ_RESERVATION_MODE=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +# end of IRQ subsystem + +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_INIT=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y +CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_CONTEXT_TRACKING=y +CONFIG_CONTEXT_TRACKING_IDLE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +# CONFIG_NO_HZ_FULL is not set +# CONFIG_NO_HZ is not set +# CONFIG_HIGH_RES_TIMERS is not set +CONFIG_CLOCKSOURCE_WATCHDOG_MAX_SKEW_US=100 +# end of Timers subsystem + +CONFIG_BPF=y +CONFIG_HAVE_EBPF_JIT=y +CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y + +# +# BPF subsystem +# +# CONFIG_BPF_SYSCALL is not set +# CONFIG_BPF_JIT is not set +# end of BPF subsystem + +CONFIG_PREEMPT_BUILD=y +# CONFIG_PREEMPT_NONE is not set +CONFIG_PREEMPT_VOLUNTARY=y +# CONFIG_PREEMPT is not set +CONFIG_PREEMPT_COUNT=y +CONFIG_PREEMPTION=y +CONFIG_PREEMPT_DYNAMIC=y +# CONFIG_SCHED_CORE is not set + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +# CONFIG_PSI is not set +# end of CPU/Task time and stats accounting + +# CONFIG_CPU_ISOLATION is not set + +# +# RCU Subsystem +# +CONFIG_TREE_RCU=y +CONFIG_PREEMPT_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +CONFIG_TREE_SRCU=y +CONFIG_RCU_STALL_COMMON=y +CONFIG_RCU_NEED_SEGCBLIST=y +# end of RCU Subsystem + +# CONFIG_IKCONFIG is not set +# CONFIG_IKHEADERS is not set +CONFIG_LOG_BUF_SHIFT=18 +CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 +CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y + +# +# Scheduler features +# +# CONFIG_UCLAMP_TASK is not set +# end of Scheduler features + +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y +CONFIG_CC_HAS_INT128=y +CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" +CONFIG_GCC11_NO_ARRAY_BOUNDS=y +CONFIG_GCC12_NO_ARRAY_BOUNDS=y +CONFIG_ARCH_SUPPORTS_INT128=y +# CONFIG_CGROUPS is not set +# CONFIG_CHECKPOINT_RESTORE is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +CONFIG_RELAY=y +CONFIG_BLK_DEV_INITRD=y +CONFIG_INITRAMFS_SOURCE="@BLOB_DIR@/dev.cpio" +CONFIG_INITRAMFS_ROOT_UID=0 +CONFIG_INITRAMFS_ROOT_GID=0 +# CONFIG_RD_GZIP is not set +# CONFIG_RD_BZIP2 is not set +# CONFIG_RD_LZMA is not set +CONFIG_RD_XZ=y +# CONFIG_RD_LZO is not set +# CONFIG_RD_LZ4 is not set +# CONFIG_RD_ZSTD is not set +CONFIG_INITRAMFS_COMPRESSION_XZ=y +# CONFIG_INITRAMFS_COMPRESSION_NONE is not set +# CONFIG_BOOT_CONFIG is not set +CONFIG_INITRAMFS_PRESERVE_MTIME=y +# CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +CONFIG_LD_ORPHAN_WARN=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_EXPERT=y +# CONFIG_MULTIUSER is not set +# CONFIG_SGETMASK_SYSCALL is not set +# CONFIG_SYSFS_SYSCALL is not set +# CONFIG_FHANDLE is not set +CONFIG_POSIX_TIMERS=y +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_PCSPKR_PLATFORM=y +# CONFIG_BASE_FULL is not set +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_EPOLL=y +# CONFIG_SIGNALFD is not set +# CONFIG_TIMERFD is not set +# CONFIG_EVENTFD is not set +CONFIG_SHMEM=y +# CONFIG_AIO is not set +CONFIG_IO_URING=y +# CONFIG_ADVISE_SYSCALLS is not set +CONFIG_MEMBARRIER=y +# CONFIG_KALLSYMS is not set +CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +CONFIG_KCMP=y +# CONFIG_RSEQ is not set +CONFIG_EMBEDDED=y +CONFIG_HAVE_PERF_EVENTS=y +# CONFIG_PC104 is not set + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +# end of Kernel Performance Events And Counters + +# CONFIG_PROFILING is not set +# end of General setup + +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_NR_GPIO=1024 +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_AUDIT_ARCH=y +CONFIG_HAVE_INTEL_TXT=y +CONFIG_X86_64_SMP=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_CC_HAS_SANE_STACKPROTECTOR=y + +# +# Processor type and features +# +CONFIG_SMP=y +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_MPPARSE=y +# CONFIG_GOLDFISH is not set +# CONFIG_X86_CPU_RESCTRL is not set +# CONFIG_X86_EXTENDED_PLATFORM is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +# CONFIG_HYPERVISOR_GUEST is not set +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +# CONFIG_MCORE2 is not set +# CONFIG_MATOM is not set +CONFIG_GENERIC_CPU=y +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_IA32_FEAT_CTL=y +CONFIG_X86_VMX_FEATURE_NAMES=y +CONFIG_PROCESSOR_SELECT=y +CONFIG_CPU_SUP_INTEL=y +# CONFIG_CPU_SUP_AMD is not set +# CONFIG_CPU_SUP_HYGON is not set +# CONFIG_CPU_SUP_CENTAUR is not set +# CONFIG_CPU_SUP_ZHAOXIN is not set +CONFIG_HPET_TIMER=y +CONFIG_HPET_EMULATE_RTC=y +CONFIG_DMI=y +CONFIG_BOOT_VESA_SUPPORT=y +# CONFIG_MAXSMP is not set +CONFIG_NR_CPUS_RANGE_BEGIN=2 +CONFIG_NR_CPUS_RANGE_END=512 +CONFIG_NR_CPUS_DEFAULT=64 +CONFIG_NR_CPUS=64 +CONFIG_SCHED_CLUSTER=y +CONFIG_SCHED_SMT=y +CONFIG_SCHED_MC=y +CONFIG_SCHED_MC_PRIO=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +CONFIG_X86_MCE=y +# CONFIG_X86_MCELOG_LEGACY is not set +CONFIG_X86_MCE_INTEL=y +CONFIG_X86_MCE_THRESHOLD=y + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +# CONFIG_PERF_EVENTS_INTEL_RAPL is not set +CONFIG_PERF_EVENTS_INTEL_CSTATE=y +# end of Performance monitoring + +# CONFIG_X86_VSYSCALL_EMULATION is not set +CONFIG_X86_IOPL_IOPERM=y +# CONFIG_MICROCODE is not set +# CONFIG_X86_MSR is not set +# CONFIG_X86_CPUID is not set +# CONFIG_X86_5LEVEL is not set +CONFIG_X86_DIRECT_GBPAGES=y +# CONFIG_NUMA is not set +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_X86_PMEM_LEGACY_DEVICE=y +CONFIG_X86_PMEM_LEGACY=y +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +# CONFIG_MTRR is not set +CONFIG_X86_UMIP=y +CONFIG_CC_HAS_IBT=y +# CONFIG_X86_KERNEL_IBT is not set +# CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set +CONFIG_EFI=y +# CONFIG_EFI_STUB is not set +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_KEXEC=y +CONFIG_KEXEC_FILE=y +CONFIG_ARCH_HAS_KEXEC_PURGATORY=y +# CONFIG_KEXEC_SIG is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +# CONFIG_RELOCATABLE is not set +CONFIG_PHYSICAL_ALIGN=0x1000000 +CONFIG_HOTPLUG_CPU=y +# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set +# CONFIG_DEBUG_HOTPLUG_CPU0 is not set +# CONFIG_LEGACY_VSYSCALL_XONLY is not set +CONFIG_LEGACY_VSYSCALL_NONE=y +# CONFIG_CMDLINE_BOOL is not set +# CONFIG_MODIFY_LDT_SYSCALL is not set +# CONFIG_STRICT_SIGALTSTACK_SIZE is not set +CONFIG_HAVE_LIVEPATCH=y +# end of Processor type and features + +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_PAGE_TABLE_ISOLATION=y +# CONFIG_RETPOLINE is not set +CONFIG_CPU_IBRS_ENTRY=y +CONFIG_ARCH_HAS_ADD_PAGES=y +CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y + +# +# Power management and ACPI options +# +# CONFIG_SUSPEND is not set +# CONFIG_PM is not set +# CONFIG_ENERGY_MODEL is not set +CONFIG_ARCH_SUPPORTS_ACPI=y +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SPCR_TABLE=y +# CONFIG_ACPI_FPDT is not set +CONFIG_ACPI_LPIT=y +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=y +CONFIG_ACPI_BATTERY=y +CONFIG_ACPI_BUTTON=y +CONFIG_ACPI_FAN=y +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_CPPC_LIB=y +CONFIG_ACPI_PROCESSOR=y +CONFIG_ACPI_HOTPLUG_CPU=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +CONFIG_ACPI_CUSTOM_DSDT_FILE="" +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +CONFIG_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_DEBUG is not set +# CONFIG_ACPI_PCI_SLOT is not set +CONFIG_ACPI_CONTAINER=y +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +# CONFIG_ACPI_BGRT is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +# CONFIG_ACPI_NFIT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_ACPI_DPTF is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_ACPI_PFRUT is not set +CONFIG_ACPI_PCC=y +# CONFIG_PMIC_OPREGION is not set +CONFIG_ACPI_PRMT=y +CONFIG_X86_PM_TIMER=y + +# +# CPU Frequency scaling +# +CONFIG_CPU_FREQ=y +CONFIG_CPU_FREQ_GOV_ATTR_SET=y +# CONFIG_CPU_FREQ_STAT is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set +CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL=y +CONFIG_CPU_FREQ_GOV_PERFORMANCE=y +# CONFIG_CPU_FREQ_GOV_POWERSAVE is not set +# CONFIG_CPU_FREQ_GOV_USERSPACE is not set +# CONFIG_CPU_FREQ_GOV_ONDEMAND is not set +# CONFIG_CPU_FREQ_GOV_CONSERVATIVE is not set +CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y + +# +# CPU frequency scaling drivers +# +CONFIG_X86_INTEL_PSTATE=y +# CONFIG_X86_PCC_CPUFREQ is not set +# CONFIG_X86_AMD_PSTATE is not set +# CONFIG_X86_AMD_PSTATE_UT is not set +# CONFIG_X86_ACPI_CPUFREQ is not set +# CONFIG_X86_SPEEDSTEP_CENTRINO is not set +# CONFIG_X86_P4_CLOCKMOD is not set + +# +# shared options +# +# end of CPU Frequency scaling + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +# CONFIG_CPU_IDLE_GOV_LADDER is not set +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_CPU_IDLE_GOV_TEO is not set +# end of CPU Idle + +# CONFIG_INTEL_IDLE is not set +# end of Power management and ACPI options + +# +# Bus options (PCI etc.) +# +CONFIG_PCI_DIRECT=y +CONFIG_PCI_MMCONFIG=y +CONFIG_MMCONF_FAM10H=y +# CONFIG_PCI_CNB20LE_QUIRK is not set +# CONFIG_ISA_BUS is not set +CONFIG_ISA_DMA_API=y +# end of Bus options (PCI etc.) + +# +# Binary Emulations +# +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32_ABI is not set +# end of Binary Emulations + +CONFIG_HAVE_KVM=y +# CONFIG_VIRTUALIZATION is not set +CONFIG_AS_AVX512=y +CONFIG_AS_SHA1_NI=y +CONFIG_AS_SHA256_NI=y +CONFIG_AS_TPAUSE=y + +# +# General architecture-dependent options +# +CONFIG_CRASH_CORE=y +CONFIG_KEXEC_CORE=y +CONFIG_HOTPLUG_SMT=y +CONFIG_GENERIC_ENTRY=y +# CONFIG_KPROBES is not set +CONFIG_JUMP_LABEL=y +# CONFIG_STATIC_KEYS_SELFTEST is not set +# CONFIG_STATIC_CALL_SELFTEST is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_ARCH_CORRECT_STACKTRACE_ON_KRETPROBE=y +CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y +CONFIG_HAVE_NMI=y +CONFIG_TRACE_IRQFLAGS_SUPPORT=y +CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_HAS_FORTIFY_SOURCE=y +CONFIG_ARCH_HAS_SET_MEMORY=y +CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_ARCH_WANTS_NO_INSTR=y +CONFIG_HAVE_ASM_MODVERSIONS=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_RSEQ=y +CONFIG_HAVE_RUST=y +CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y +CONFIG_MMU_GATHER_MERGE_VMAS=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +# CONFIG_SECCOMP is not set +CONFIG_HAVE_ARCH_STACKLEAK=y +CONFIG_HAVE_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR_STRONG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y +CONFIG_LTO_NONE=y +CONFIG_ARCH_SUPPORTS_CFI_CLANG=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING_USER=y +CONFIG_HAVE_CONTEXT_TRACKING_USER_OFFSTACK=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_MOVE_PUD=y +CONFIG_HAVE_MOVE_PMD=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_HUGE_VMALLOC=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_HAVE_MOD_ARCH_SPECIFIC=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK=y +CONFIG_SOFTIRQ_ON_OWN_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_PAGE_SIZE_LESS_THAN_64KB=y +CONFIG_PAGE_SIZE_LESS_THAN_256KB=y +CONFIG_HAVE_OBJTOOL=y +CONFIG_HAVE_JUMP_LABEL_HACK=y +CONFIG_HAVE_NOINSTR_HACK=y +CONFIG_HAVE_NOINSTR_VALIDATION=y +CONFIG_HAVE_UACCESS_VALIDATION=y +CONFIG_HAVE_STACK_VALIDATION=y +CONFIG_HAVE_RELIABLE_STACKTRACE=y +# CONFIG_COMPAT_32BIT_TIME is not set +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y +CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y +CONFIG_RANDOMIZE_KSTACK_OFFSET=y +# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set +CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y +CONFIG_STRICT_MODULE_RWX=y +CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y +CONFIG_ARCH_USE_MEMREMAP_PROT=y +CONFIG_ARCH_HAS_MEM_ENCRYPT=y +CONFIG_HAVE_STATIC_CALL=y +CONFIG_HAVE_STATIC_CALL_INLINE=y +CONFIG_HAVE_PREEMPT_DYNAMIC=y +CONFIG_HAVE_PREEMPT_DYNAMIC_CALL=y +CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_PAGE_TABLE_CHECK=y +CONFIG_ARCH_HAS_ELFCORE_COMPAT=y +CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y +CONFIG_DYNAMIC_SIGFRAME=y +CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG=y + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# end of GCOV-based kernel profiling + +CONFIG_HAVE_GCC_PLUGINS=y +CONFIG_GCC_PLUGINS=y +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set +# end of General architecture-dependent options + +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=1 +CONFIG_MODULES=y +# CONFIG_MODULE_FORCE_LOAD is not set +# CONFIG_MODULE_UNLOAD is not set +# CONFIG_MODVERSIONS is not set +# CONFIG_MODULE_SRCVERSION_ALL is not set +# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_COMPRESS_NONE=y +# CONFIG_MODULE_COMPRESS_GZIP is not set +# CONFIG_MODULE_COMPRESS_XZ is not set +# CONFIG_MODULE_COMPRESS_ZSTD is not set +# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set +CONFIG_MODPROBE_PATH="/sbin/modprobe" +# CONFIG_TRIM_UNUSED_KSYMS is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +CONFIG_BLOCK_LEGACY_AUTOLOAD=y +CONFIG_BLK_DEV_BSG_COMMON=y +CONFIG_BLK_DEV_BSGLIB=y +# CONFIG_BLK_DEV_INTEGRITY is not set +# CONFIG_BLK_DEV_ZONED is not set +# CONFIG_BLK_WBT is not set +# CONFIG_BLK_SED_OPAL is not set +# CONFIG_BLK_INLINE_ENCRYPTION is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y +# end of Partition Types + +CONFIG_BLK_MQ_PCI=y +CONFIG_BLOCK_HOLDER_DEPRECATED=y +CONFIG_BLK_MQ_STACKING=y + +# +# IO Schedulers +# +CONFIG_MQ_IOSCHED_DEADLINE=y +# CONFIG_MQ_IOSCHED_KYBER is not set +# CONFIG_IOSCHED_BFQ is not set +# end of IO Schedulers + +CONFIG_ASN1=m +CONFIG_UNINLINE_SPIN_UNLOCK=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_MUTEX_SPIN_ON_OWNER=y +CONFIG_RWSEM_SPIN_ON_OWNER=y +CONFIG_LOCK_SPIN_ON_OWNER=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_QUEUED_RWLOCKS=y +CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y +CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y +CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y + +# +# Executable file formats +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +CONFIG_BINFMT_SCRIPT=y +# CONFIG_BINFMT_MISC is not set +# CONFIG_COREDUMP is not set +# end of Executable file formats + +# +# Memory Management options +# +# CONFIG_SWAP is not set + +# +# SLAB allocator options +# +# CONFIG_SLAB is not set +CONFIG_SLUB=y +# CONFIG_SLOB is not set +CONFIG_SLAB_MERGE_DEFAULT=y +# CONFIG_SLAB_FREELIST_RANDOM is not set +# CONFIG_SLAB_FREELIST_HARDENED is not set +# CONFIG_SLUB_STATS is not set +CONFIG_SLUB_CPU_PARTIAL=y +# end of SLAB allocator options + +# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set +# CONFIG_COMPAT_BRK is not set +CONFIG_SPARSEMEM=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_FAST_GUP=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +# CONFIG_MEMORY_HOTPLUG is not set +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +# CONFIG_COMPACTION is not set +# CONFIG_PAGE_REPORTING is not set +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_MMU_NOTIFIER=y +# CONFIG_KSM is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 +CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y +# CONFIG_MEMORY_FAILURE is not set +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ARCH_WANTS_THP_SWAP=y +# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +# CONFIG_CMA is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_ARCH_HAS_CURRENT_STACK_POINTER=y +CONFIG_ARCH_HAS_PTE_DEVMAP=y +CONFIG_ARCH_HAS_ZONE_DMA_SET=y +# CONFIG_ZONE_DMA is not set +CONFIG_ZONE_DMA32=y +# CONFIG_VM_EVENT_COUNTERS is not set +# CONFIG_PERCPU_STATS is not set + +# +# GUP_TEST needs to have DEBUG_FS enabled +# +CONFIG_ARCH_HAS_PTE_SPECIAL=y +# CONFIG_USERFAULTFD is not set +# CONFIG_LRU_GEN is not set + +# +# Data Access Monitoring +# +# CONFIG_DAMON is not set +# end of Data Access Monitoring +# end of Memory Management options + +CONFIG_NET=y + +# +# Networking options +# +CONFIG_PACKET=y +# CONFIG_PACKET_DIAG is not set +CONFIG_UNIX=y +CONFIG_UNIX_SCM=y +CONFIG_AF_UNIX_OOB=y +# CONFIG_UNIX_DIAG is not set +# CONFIG_TLS is not set +# CONFIG_XFRM_USER is not set +# CONFIG_NET_KEY is not set +CONFIG_INET=y +# CONFIG_IP_MULTICAST is not set +# CONFIG_IP_ADVANCED_ROUTER is not set +# CONFIG_IP_PNP is not set +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +# CONFIG_SYN_COOKIES is not set +# CONFIG_NET_IPVTI is not set +# CONFIG_NET_FOU is not set +# CONFIG_INET_AH is not set +# CONFIG_INET_ESP is not set +# CONFIG_INET_IPCOMP is not set +CONFIG_INET_TABLE_PERTURB_ORDER=16 +# CONFIG_INET_DIAG is not set +# CONFIG_TCP_CONG_ADVANCED is not set +CONFIG_TCP_CONG_CUBIC=y +CONFIG_DEFAULT_TCP_CONG="cubic" +# CONFIG_TCP_MD5SIG is not set +# CONFIG_IPV6 is not set +# CONFIG_MPTCP is not set +# CONFIG_NETWORK_SECMARK is not set +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +# CONFIG_NETFILTER is not set +# CONFIG_BPFILTER is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +# CONFIG_L2TP is not set +# CONFIG_BRIDGE is not set +# CONFIG_NET_DSA is not set +# CONFIG_VLAN_8021Q is not set +# CONFIG_LLC2 is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_IEEE802154 is not set +# CONFIG_NET_SCHED is not set +# CONFIG_DCB is not set +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +# CONFIG_VSOCKETS is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_NET_NSH is not set +# CONFIG_HSR is not set +# CONFIG_NET_SWITCHDEV is not set +# CONFIG_NET_L3_MASTER_DEV is not set +# CONFIG_QRTR is not set +# CONFIG_NET_NCSI is not set +CONFIG_PCPU_DEV_REFCNT=y +CONFIG_RPS=y +CONFIG_RFS_ACCEL=y +CONFIG_SOCK_RX_QUEUE_MAPPING=y +CONFIG_XPS=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y +CONFIG_NET_FLOW_LIMIT=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# end of Network testing +# end of Networking options + +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +# CONFIG_MCTP is not set +# CONFIG_WIRELESS is not set +# CONFIG_RFKILL is not set +# CONFIG_NET_9P is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_PSAMPLE is not set +# CONFIG_NET_IFE is not set +# CONFIG_LWTUNNEL is not set +# CONFIG_FAILOVER is not set +CONFIG_ETHTOOL_NETLINK=y + +# +# Device Drivers +# +CONFIG_HAVE_EISA=y +# CONFIG_EISA is not set +CONFIG_HAVE_PCI=y +CONFIG_PCI=y +CONFIG_PCI_DOMAINS=y +# CONFIG_PCIEPORTBUS is not set +CONFIG_PCIEASPM=y +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +# CONFIG_PCIE_PTM is not set +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +CONFIG_PCI_QUIRKS=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set +# CONFIG_PCI_STUB is not set +# CONFIG_PCI_PF_STUB is not set +CONFIG_PCI_ATS=y +CONFIG_PCI_LOCKLESS_CONFIG=y +CONFIG_PCI_IOV=y +CONFIG_PCI_PRI=y +CONFIG_PCI_PASID=y +CONFIG_PCI_LABEL=y +# CONFIG_PCIE_BUS_TUNE_OFF is not set +CONFIG_PCIE_BUS_DEFAULT=y +# CONFIG_PCIE_BUS_SAFE is not set +# CONFIG_PCIE_BUS_PERFORMANCE is not set +# CONFIG_PCIE_BUS_PEER2PEER is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_HOTPLUG_PCI is not set + +# +# PCI controller drivers +# +# CONFIG_VMD is not set + +# +# DesignWare PCI Core Support +# +# CONFIG_PCIE_DW_PLAT_HOST is not set +# CONFIG_PCI_MESON is not set +# end of DesignWare PCI Core Support + +# +# Mobiveil PCIe Core Support +# +# end of Mobiveil PCIe Core Support + +# +# Cadence PCIe controllers support +# +# end of Cadence PCIe controllers support +# end of PCI controller drivers + +# +# PCI Endpoint +# +# CONFIG_PCI_ENDPOINT is not set +# end of PCI Endpoint + +# +# PCI switch controller drivers +# +# CONFIG_PCI_SW_SWITCHTEC is not set +# end of PCI switch controller drivers + +# CONFIG_CXL_BUS is not set +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set + +# +# Generic Driver Options +# +# CONFIG_UEVENT_HELPER is not set +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +# CONFIG_DEVTMPFS_SAFE is not set +# CONFIG_STANDALONE is not set +CONFIG_PREVENT_FIRMWARE_BUILD=y + +# +# Firmware loader +# +CONFIG_FW_LOADER=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER is not set +# CONFIG_FW_LOADER_COMPRESS is not set +# CONFIG_FW_UPLOAD is not set +# end of Firmware loader + +# CONFIG_ALLOW_DEV_COREDUMP is not set +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +# CONFIG_TEST_ASYNC_DRIVER_PROBE is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y +CONFIG_REGMAP=y +CONFIG_REGMAP_MMIO=y +CONFIG_DMA_SHARED_BUFFER=y +# CONFIG_DMA_FENCE_TRACE is not set +# end of Generic Driver Options + +# +# Bus devices +# +# CONFIG_MHI_BUS is not set +# CONFIG_MHI_BUS_EP is not set +# end of Bus devices + +# CONFIG_CONNECTOR is not set + +# +# Firmware Drivers +# + +# +# ARM System Control and Management Interface Protocol +# +# end of ARM System Control and Management Interface Protocol + +# CONFIG_EDD is not set +# CONFIG_FIRMWARE_MEMMAP is not set +# CONFIG_DMIID is not set +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT is not set +# CONFIG_FW_CFG_SYSFS is not set +CONFIG_SYSFB=y +# CONFIG_SYSFB_SIMPLEFB is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# EFI (Extensible Firmware Interface) Support +# +CONFIG_EFI_ESRT=y +CONFIG_EFI_RUNTIME_MAP=y +# CONFIG_EFI_FAKE_MEMMAP is not set +CONFIG_EFI_RUNTIME_WRAPPERS=y +# CONFIG_EFI_BOOTLOADER_CONTROL is not set +# CONFIG_EFI_CAPSULE_LOADER is not set +# CONFIG_EFI_TEST is not set +# CONFIG_EFI_RCI2_TABLE is not set +# CONFIG_EFI_DISABLE_PCI_DMA is not set +CONFIG_EFI_CUSTOM_SSDT_OVERLAYS=y +# CONFIG_EFI_DISABLE_RUNTIME is not set +# CONFIG_EFI_COCO_SECRET is not set +# end of EFI (Extensible Firmware Interface) Support + +# +# Tegra firmware driver +# +# end of Tegra firmware driver +# end of Firmware Drivers + +# CONFIG_GNSS is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +CONFIG_PNP_DEBUG_MESSAGES=y + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +CONFIG_CDROM=y +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +# CONFIG_ZRAM is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_DRBD is not set +# CONFIG_BLK_DEV_NBD is not set +CONFIG_BLK_DEV_RAM=y +CONFIG_BLK_DEV_RAM_COUNT=16 +CONFIG_BLK_DEV_RAM_SIZE=65536 +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_UBLK is not set + +# +# NVME Support +# +CONFIG_NVME_CORE=y +CONFIG_BLK_DEV_NVME=y +# CONFIG_NVME_MULTIPATH is not set +# CONFIG_NVME_VERBOSE_ERRORS is not set +# CONFIG_NVME_FC is not set +# CONFIG_NVME_TCP is not set +# CONFIG_NVME_AUTH is not set +# end of NVME Support + +# +# Misc devices +# +# CONFIG_AD525X_DPOT is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ICS932S401 is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_APDS9802ALS is not set +# CONFIG_ISL29003 is not set +# CONFIG_ISL29020 is not set +# CONFIG_SENSORS_TSL2550 is not set +# CONFIG_SENSORS_BH1770 is not set +# CONFIG_SENSORS_APDS990X is not set +# CONFIG_HMC6352 is not set +# CONFIG_DS1682 is not set +# CONFIG_SRAM is not set +# CONFIG_DW_XDATA_PCIE is not set +# CONFIG_PCI_ENDPOINT_TEST is not set +# CONFIG_XILINX_SDFEC is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_AT24 is not set +# CONFIG_EEPROM_LEGACY is not set +# CONFIG_EEPROM_MAX6875 is not set +CONFIG_EEPROM_93CX6=m +# CONFIG_EEPROM_IDT_89HPESX is not set +# CONFIG_EEPROM_EE1004 is not set +# end of EEPROM support + +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# +# end of Texas Instruments shared transport line discipline + +# CONFIG_SENSORS_LIS3_I2C is not set +# CONFIG_ALTERA_STAPL is not set +CONFIG_INTEL_MEI=m +CONFIG_INTEL_MEI_ME=m +CONFIG_INTEL_MEI_TXE=m +# CONFIG_VMWARE_VMCI is not set +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_BCM_VK is not set +# CONFIG_MISC_ALCOR_PCI is not set +# CONFIG_MISC_RTSX_PCI is not set +# CONFIG_MISC_RTSX_USB is not set +# CONFIG_HABANA_AI is not set +# CONFIG_UACCE is not set +# CONFIG_PVPANIC is not set +# end of Misc devices + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +CONFIG_SCSI_COMMON=y +CONFIG_SCSI=y +CONFIG_SCSI_DMA=y +# CONFIG_SCSI_PROC_FS is not set + +# +# SCSI support type (disk, tape, CD-ROM) +# +CONFIG_BLK_DEV_SD=y +# CONFIG_CHR_DEV_ST is not set +CONFIG_BLK_DEV_SR=y +CONFIG_CHR_DEV_SG=y +CONFIG_BLK_DEV_BSG=y +# CONFIG_CHR_DEV_SCH is not set +# CONFIG_SCSI_CONSTANTS is not set +# CONFIG_SCSI_LOGGING is not set +CONFIG_SCSI_SCAN_ASYNC=y + +# +# SCSI Transports +# +# CONFIG_SCSI_SPI_ATTRS is not set +# CONFIG_SCSI_FC_ATTRS is not set +CONFIG_SCSI_ISCSI_ATTRS=y +# CONFIG_SCSI_SAS_ATTRS is not set +# CONFIG_SCSI_SAS_LIBSAS is not set +# CONFIG_SCSI_SRP_ATTRS is not set +# end of SCSI Transports + +CONFIG_SCSI_LOWLEVEL=y +CONFIG_ISCSI_TCP=y +# CONFIG_ISCSI_BOOT_SYSFS is not set +# CONFIG_SCSI_CXGB3_ISCSI is not set +# CONFIG_SCSI_CXGB4_ISCSI is not set +# CONFIG_SCSI_BNX2_ISCSI is not set +# CONFIG_BE2ISCSI is not set +# CONFIG_BLK_DEV_3W_XXXX_RAID is not set +# CONFIG_SCSI_HPSA is not set +# CONFIG_SCSI_3W_9XXX is not set +# CONFIG_SCSI_3W_SAS is not set +# CONFIG_SCSI_ACARD is not set +# CONFIG_SCSI_AACRAID is not set +# CONFIG_SCSI_AIC7XXX is not set +# CONFIG_SCSI_AIC79XX is not set +# CONFIG_SCSI_AIC94XX is not set +# CONFIG_SCSI_MVSAS is not set +# CONFIG_SCSI_MVUMI is not set +# CONFIG_SCSI_ADVANSYS is not set +# CONFIG_SCSI_ARCMSR is not set +# CONFIG_SCSI_ESAS2R is not set +# CONFIG_MEGARAID_NEWGEN is not set +# CONFIG_MEGARAID_LEGACY is not set +# CONFIG_MEGARAID_SAS is not set +# CONFIG_SCSI_MPT3SAS is not set +# CONFIG_SCSI_MPT2SAS is not set +# CONFIG_SCSI_MPI3MR is not set +# CONFIG_SCSI_SMARTPQI is not set +# CONFIG_SCSI_HPTIOP is not set +# CONFIG_SCSI_BUSLOGIC is not set +# CONFIG_SCSI_MYRB is not set +# CONFIG_SCSI_MYRS is not set +# CONFIG_VMWARE_PVSCSI is not set +# CONFIG_SCSI_SNIC is not set +# CONFIG_SCSI_DMX3191D is not set +# CONFIG_SCSI_FDOMAIN_PCI is not set +# CONFIG_SCSI_ISCI is not set +# CONFIG_SCSI_IPS is not set +# CONFIG_SCSI_INITIO is not set +# CONFIG_SCSI_INIA100 is not set +# CONFIG_SCSI_STEX is not set +# CONFIG_SCSI_SYM53C8XX_2 is not set +# CONFIG_SCSI_IPR is not set +# CONFIG_SCSI_QLOGIC_1280 is not set +# CONFIG_SCSI_QLA_ISCSI is not set +# CONFIG_SCSI_DC395x is not set +# CONFIG_SCSI_AM53C974 is not set +# CONFIG_SCSI_WD719X is not set +# CONFIG_SCSI_DEBUG is not set +# CONFIG_SCSI_PMCRAID is not set +# CONFIG_SCSI_PM8001 is not set +# CONFIG_SCSI_DH is not set +# end of SCSI device support + +CONFIG_ATA=y +CONFIG_SATA_HOST=y +CONFIG_PATA_TIMINGS=y +CONFIG_ATA_VERBOSE_ERROR=y +CONFIG_ATA_FORCE=y +CONFIG_ATA_ACPI=y +CONFIG_SATA_PMP=y + +# +# Controllers with non-SFF native interface +# +CONFIG_SATA_AHCI=y +CONFIG_SATA_MOBILE_LPM_POLICY=0 +# CONFIG_SATA_AHCI_PLATFORM is not set +# CONFIG_AHCI_DWC is not set +# CONFIG_SATA_INIC162X is not set +# CONFIG_SATA_ACARD_AHCI is not set +# CONFIG_SATA_SIL24 is not set +# CONFIG_ATA_SFF is not set +CONFIG_MD=y +# CONFIG_BLK_DEV_MD is not set +# CONFIG_BCACHE is not set +CONFIG_BLK_DEV_DM_BUILTIN=y +CONFIG_BLK_DEV_DM=y +# CONFIG_DM_DEBUG is not set +CONFIG_DM_BUFIO=y +# CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set +# CONFIG_DM_UNSTRIPED is not set +CONFIG_DM_CRYPT=y +# CONFIG_DM_SNAPSHOT is not set +# CONFIG_DM_THIN_PROVISIONING is not set +# CONFIG_DM_CACHE is not set +# CONFIG_DM_WRITECACHE is not set +# CONFIG_DM_EBS is not set +# CONFIG_DM_ERA is not set +# CONFIG_DM_CLONE is not set +# CONFIG_DM_MIRROR is not set +# CONFIG_DM_RAID is not set +# CONFIG_DM_ZERO is not set +# CONFIG_DM_MULTIPATH is not set +# CONFIG_DM_DELAY is not set +# CONFIG_DM_DUST is not set +# CONFIG_DM_INIT is not set +# CONFIG_DM_UEVENT is not set +# CONFIG_DM_FLAKEY is not set +CONFIG_DM_VERITY=y +# CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG is not set +CONFIG_DM_VERITY_FEC=y +# CONFIG_DM_SWITCH is not set +# CONFIG_DM_LOG_WRITES is not set +# CONFIG_DM_INTEGRITY is not set +# CONFIG_TARGET_CORE is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# end of IEEE 1394 (FireWire) support + +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +# CONFIG_DUMMY is not set +# CONFIG_WIREGUARD is not set +# CONFIG_EQUALIZER is not set +# CONFIG_NET_FC is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_IPVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_BAREUDP is not set +# CONFIG_GTP is not set +# CONFIG_MACSEC is not set +# CONFIG_NETCONSOLE is not set +# CONFIG_TUN is not set +# CONFIG_TUN_VNET_CROSS_LE is not set +# CONFIG_VETH is not set +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set +CONFIG_ETHERNET=y +# CONFIG_NET_VENDOR_3COM is not set +# CONFIG_NET_VENDOR_ADAPTEC is not set +# CONFIG_NET_VENDOR_AGERE is not set +# CONFIG_NET_VENDOR_ALACRITECH is not set +# CONFIG_NET_VENDOR_ALTEON is not set +# CONFIG_ALTERA_TSE is not set +# CONFIG_NET_VENDOR_AMAZON is not set +# CONFIG_NET_VENDOR_AMD is not set +# CONFIG_NET_VENDOR_AQUANTIA is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ASIX=y +# CONFIG_NET_VENDOR_ATHEROS is not set +# CONFIG_CX_ECAT is not set +# CONFIG_NET_VENDOR_BROADCOM is not set +# CONFIG_NET_VENDOR_CADENCE is not set +# CONFIG_NET_VENDOR_CAVIUM is not set +# CONFIG_NET_VENDOR_CHELSIO is not set +# CONFIG_NET_VENDOR_CISCO is not set +# CONFIG_NET_VENDOR_CORTINA is not set +CONFIG_NET_VENDOR_DAVICOM=y +# CONFIG_DNET is not set +# CONFIG_NET_VENDOR_DEC is not set +# CONFIG_NET_VENDOR_DLINK is not set +# CONFIG_NET_VENDOR_EMULEX is not set +CONFIG_NET_VENDOR_ENGLEDER=y +# CONFIG_TSNEP is not set +# CONFIG_NET_VENDOR_EZCHIP is not set +CONFIG_NET_VENDOR_FUNGIBLE=y +# CONFIG_FUN_ETH is not set +# CONFIG_NET_VENDOR_GOOGLE is not set +# CONFIG_NET_VENDOR_HUAWEI is not set +# CONFIG_NET_VENDOR_I825XX is not set +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +CONFIG_E1000=m +CONFIG_E1000E=m +CONFIG_E1000E_HWTS=y +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_ICE is not set +# CONFIG_FM10K is not set +CONFIG_IGC=m +CONFIG_NET_VENDOR_WANGXUN=y +# CONFIG_NGBE is not set +# CONFIG_TXGBE is not set +# CONFIG_JME is not set +CONFIG_NET_VENDOR_LITEX=y +# CONFIG_NET_VENDOR_MARVELL is not set +# CONFIG_NET_VENDOR_MELLANOX is not set +# CONFIG_NET_VENDOR_MICREL is not set +# CONFIG_NET_VENDOR_MICROCHIP is not set +# CONFIG_NET_VENDOR_MICROSEMI is not set +CONFIG_NET_VENDOR_MICROSOFT=y +# CONFIG_NET_VENDOR_MYRI is not set +# CONFIG_FEALNX is not set +# CONFIG_NET_VENDOR_NI is not set +# CONFIG_NET_VENDOR_NATSEMI is not set +# CONFIG_NET_VENDOR_NETERION is not set +# CONFIG_NET_VENDOR_NETRONOME is not set +# CONFIG_NET_VENDOR_NVIDIA is not set +# CONFIG_NET_VENDOR_OKI is not set +# CONFIG_ETHOC is not set +# CONFIG_NET_VENDOR_PACKET_ENGINES is not set +# CONFIG_NET_VENDOR_PENSANDO is not set +# CONFIG_NET_VENDOR_QLOGIC is not set +# CONFIG_NET_VENDOR_BROCADE is not set +# CONFIG_NET_VENDOR_QUALCOMM is not set +# CONFIG_NET_VENDOR_RDC is not set +# CONFIG_NET_VENDOR_REALTEK is not set +# CONFIG_NET_VENDOR_RENESAS is not set +# CONFIG_NET_VENDOR_ROCKER is not set +# CONFIG_NET_VENDOR_SAMSUNG is not set +# CONFIG_NET_VENDOR_SEEQ is not set +# CONFIG_NET_VENDOR_SILAN is not set +# CONFIG_NET_VENDOR_SIS is not set +# CONFIG_NET_VENDOR_SOLARFLARE is not set +# CONFIG_NET_VENDOR_SMSC is not set +# CONFIG_NET_VENDOR_SOCIONEXT is not set +# CONFIG_NET_VENDOR_STMICRO is not set +# CONFIG_NET_VENDOR_SUN is not set +# CONFIG_NET_VENDOR_SYNOPSYS is not set +# CONFIG_NET_VENDOR_TEHUTI is not set +# CONFIG_NET_VENDOR_TI is not set +CONFIG_NET_VENDOR_VERTEXCOM=y +# CONFIG_NET_VENDOR_VIA is not set +# CONFIG_NET_VENDOR_WIZNET is not set +# CONFIG_NET_VENDOR_XILINX is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_PHYLIB is not set +# CONFIG_PSE_CONTROLLER is not set +# CONFIG_MDIO_DEVICE is not set + +# +# PCS device drivers +# +# end of PCS device drivers + +# CONFIG_PPP is not set +# CONFIG_SLIP is not set +# CONFIG_USB_NET_DRIVERS is not set +# CONFIG_WLAN is not set +# CONFIG_WAN is not set + +# +# Wireless WAN +# +# CONFIG_WWAN is not set +# end of Wireless WAN + +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_NET_FAILOVER is not set +# CONFIG_ISDN is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set +CONFIG_INPUT_VIVALDIFMAP=y + +# +# Userland interfaces +# +# CONFIG_INPUT_MOUSEDEV is not set +# CONFIG_INPUT_JOYDEV is not set +# CONFIG_INPUT_EVDEV is not set +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +# CONFIG_KEYBOARD_ADP5588 is not set +# CONFIG_KEYBOARD_ADP5589 is not set +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_QT1050 is not set +# CONFIG_KEYBOARD_QT1070 is not set +# CONFIG_KEYBOARD_QT2160 is not set +# CONFIG_KEYBOARD_DLINK_DIR685 is not set +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_TCA6416 is not set +# CONFIG_KEYBOARD_TCA8418 is not set +# CONFIG_KEYBOARD_LM8333 is not set +# CONFIG_KEYBOARD_MAX7359 is not set +# CONFIG_KEYBOARD_MCS is not set +# CONFIG_KEYBOARD_MPR121 is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set +# CONFIG_KEYBOARD_CYPRESS_SF is not set +# CONFIG_INPUT_MOUSE is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +# CONFIG_SERIO_SERPORT is not set +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set +# end of Hardware I/O ports +# end of Input device support + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_HW_CONSOLE=y +CONFIG_VT_HW_CONSOLE_BINDING=y +CONFIG_UNIX98_PTYS=y +# CONFIG_LEGACY_PTYS is not set +CONFIG_LDISC_AUTOLOAD=y + +# +# Serial drivers +# +CONFIG_SERIAL_8250=y +# CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set +# CONFIG_SERIAL_8250_PNP is not set +# CONFIG_SERIAL_8250_16550A_VARIANTS is not set +# CONFIG_SERIAL_8250_FINTEK is not set +# CONFIG_SERIAL_8250_CONSOLE is not set +# CONFIG_SERIAL_8250_PCI is not set +CONFIG_SERIAL_8250_NR_UARTS=4 +CONFIG_SERIAL_8250_RUNTIME_UARTS=4 +# CONFIG_SERIAL_8250_EXTENDED is not set +# CONFIG_SERIAL_8250_DW is not set +# CONFIG_SERIAL_8250_RT288X is not set +# CONFIG_SERIAL_8250_LPSS is not set +# CONFIG_SERIAL_8250_MID is not set +CONFIG_SERIAL_8250_PERICOM=y + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +CONFIG_SERIAL_CORE=y +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_LANTIQ is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_SC16IS7XX is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_FSL_LINFLEXUART is not set +# end of Serial drivers + +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_N_GSM is not set +# CONFIG_NOZOMI is not set +# CONFIG_NULL_TTY is not set +# CONFIG_SERIAL_DEV_BUS is not set +CONFIG_TTY_PRINTK=y +CONFIG_TTY_PRINTK_LEVEL=6 +# CONFIG_VIRTIO_CONSOLE is not set +# CONFIG_IPMI_HANDLER is not set +# CONFIG_IPMB_DEVICE_INTERFACE is not set +CONFIG_HW_RANDOM=y +CONFIG_HW_RANDOM_TIMERIOMEM=m +CONFIG_HW_RANDOM_INTEL=y +CONFIG_HW_RANDOM_AMD=m +# CONFIG_HW_RANDOM_BA431 is not set +CONFIG_HW_RANDOM_VIA=m +# CONFIG_HW_RANDOM_XIPHERA is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +CONFIG_DEVMEM=y +# CONFIG_NVRAM is not set +CONFIG_DEVPORT=y +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +CONFIG_TCG_TPM=y +# CONFIG_HW_RANDOM_TPM is not set +CONFIG_TCG_TIS_CORE=y +CONFIG_TCG_TIS=y +# CONFIG_TCG_TIS_I2C is not set +# CONFIG_TCG_TIS_I2C_CR50 is not set +# CONFIG_TCG_TIS_I2C_ATMEL is not set +# CONFIG_TCG_TIS_I2C_INFINEON is not set +# CONFIG_TCG_TIS_I2C_NUVOTON is not set +# CONFIG_TCG_NSC is not set +# CONFIG_TCG_ATMEL is not set +# CONFIG_TCG_INFINEON is not set +CONFIG_TCG_CRB=y +# CONFIG_TCG_VTPM_PROXY is not set +# CONFIG_TCG_TIS_ST33ZP24_I2C is not set +# CONFIG_TELCLOCK is not set +# CONFIG_XILLYBUS is not set +# CONFIG_XILLYUSB is not set +CONFIG_RANDOM_TRUST_CPU=y +# CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices + +# +# I2C support +# +CONFIG_I2C=y +CONFIG_ACPI_I2C_OPREGION=y +CONFIG_I2C_BOARDINFO=y +# CONFIG_I2C_COMPAT is not set +# CONFIG_I2C_CHARDEV is not set +CONFIG_I2C_MUX=m + +# +# Multiplexer I2C Chip support +# +# CONFIG_I2C_MUX_LTC4306 is not set +CONFIG_I2C_MUX_PCA9541=m +CONFIG_I2C_MUX_REG=m +# CONFIG_I2C_MUX_MLXCPLD is not set +# end of Multiplexer I2C Chip support + +# CONFIG_I2C_HELPER_AUTO is not set +# CONFIG_I2C_SMBUS is not set + +# +# I2C Algorithms +# +CONFIG_I2C_ALGOBIT=y +# CONFIG_I2C_ALGOPCF is not set +# CONFIG_I2C_ALGOPCA is not set +# end of I2C Algorithms + +# +# I2C Hardware Bus support +# + +# +# PC SMBus host controller drivers +# +# CONFIG_I2C_ALI1535 is not set +# CONFIG_I2C_ALI1563 is not set +# CONFIG_I2C_ALI15X3 is not set +# CONFIG_I2C_AMD756 is not set +# CONFIG_I2C_AMD8111 is not set +# CONFIG_I2C_AMD_MP2 is not set +# CONFIG_I2C_I801 is not set +# CONFIG_I2C_ISCH is not set +# CONFIG_I2C_ISMT is not set +# CONFIG_I2C_PIIX4 is not set +# CONFIG_I2C_NFORCE2 is not set +# CONFIG_I2C_NVIDIA_GPU is not set +# CONFIG_I2C_SIS5595 is not set +# CONFIG_I2C_SIS630 is not set +# CONFIG_I2C_SIS96X is not set +# CONFIG_I2C_VIA is not set +# CONFIG_I2C_VIAPRO is not set + +# +# ACPI drivers +# +# CONFIG_I2C_SCMI is not set + +# +# I2C system bus drivers (mostly embedded / system-on-chip) +# +# CONFIG_I2C_DESIGNWARE_PCI is not set +# CONFIG_I2C_OCORES is not set +# CONFIG_I2C_PCA_PLATFORM is not set +# CONFIG_I2C_SIMTEC is not set +# CONFIG_I2C_XILINX is not set + +# +# External I2C/SMBus adapter drivers +# +# CONFIG_I2C_DIOLAN_U2C is not set +# CONFIG_I2C_CP2615 is not set +# CONFIG_I2C_PCI1XXXX is not set +# CONFIG_I2C_ROBOTFUZZ_OSIF is not set +# CONFIG_I2C_TAOS_EVM is not set +# CONFIG_I2C_TINY_USB is not set + +# +# Other I2C/SMBus bus drivers +# +# CONFIG_I2C_MLXCPLD is not set +# CONFIG_I2C_VIRTIO is not set +# end of I2C Hardware Bus support + +# CONFIG_I2C_STUB is not set +CONFIG_I2C_SLAVE=y +# CONFIG_I2C_SLAVE_EEPROM is not set +# CONFIG_I2C_SLAVE_TESTUNIT is not set +# CONFIG_I2C_DEBUG_CORE is not set +# CONFIG_I2C_DEBUG_ALGO is not set +# CONFIG_I2C_DEBUG_BUS is not set +# end of I2C support + +# CONFIG_I3C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set +# CONFIG_PPS is not set + +# +# PTP clock support +# +# CONFIG_PTP_1588_CLOCK is not set +CONFIG_PTP_1588_CLOCK_OPTIONAL=y + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +# end of PTP clock support + +# CONFIG_PINCTRL is not set +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +# CONFIG_POWER_RESET is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +# CONFIG_PDA_POWER is not set +# CONFIG_IP5XXX_POWER is not set +# CONFIG_TEST_POWER is not set +# CONFIG_CHARGER_ADP5061 is not set +# CONFIG_BATTERY_CW2015 is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_DS2782 is not set +# CONFIG_BATTERY_SAMSUNG_SDI is not set +# CONFIG_BATTERY_SBS is not set +# CONFIG_CHARGER_SBS is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_BATTERY_MAX17040 is not set +# CONFIG_BATTERY_MAX17042 is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_CHARGER_LP8727 is not set +# CONFIG_CHARGER_LTC4162L is not set +# CONFIG_CHARGER_MAX77976 is not set +# CONFIG_CHARGER_BQ2415X is not set +# CONFIG_BATTERY_GAUGE_LTC2941 is not set +# CONFIG_BATTERY_GOLDFISH is not set +# CONFIG_BATTERY_RT5033 is not set +# CONFIG_CHARGER_BD99954 is not set +# CONFIG_BATTERY_UG3105 is not set +# CONFIG_HWMON is not set +CONFIG_THERMAL=y +# CONFIG_THERMAL_NETLINK is not set +# CONFIG_THERMAL_STATISTICS is not set +CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 +# CONFIG_THERMAL_WRITABLE_TRIPS is not set +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +# CONFIG_THERMAL_GOV_USER_SPACE is not set +# CONFIG_THERMAL_EMULATION is not set + +# +# Intel thermal drivers +# +# CONFIG_INTEL_POWERCLAMP is not set +CONFIG_X86_THERMAL_VECTOR=y +# CONFIG_X86_PKG_TEMP_THERMAL is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# end of ACPI INT340X thermal drivers + +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_INTEL_TCC_COOLING is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_INTEL_HFI_THERMAL is not set +# end of Intel thermal drivers + +# CONFIG_WATCHDOG is not set +CONFIG_SSB_POSSIBLE=y +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_AS3711 is not set +# CONFIG_PMIC_ADP5520 is not set +# CONFIG_MFD_BCM590XX is not set +# CONFIG_MFD_BD9571MWV is not set +# CONFIG_MFD_AXP20X_I2C is not set +# CONFIG_MFD_MADERA is not set +# CONFIG_PMIC_DA903X is not set +# CONFIG_MFD_DA9052_I2C is not set +# CONFIG_MFD_DA9055 is not set +# CONFIG_MFD_DA9062 is not set +# CONFIG_MFD_DA9063 is not set +# CONFIG_MFD_DA9150 is not set +# CONFIG_MFD_DLN2 is not set +# CONFIG_MFD_MC13XXX_I2C is not set +# CONFIG_MFD_MP2629 is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_INTEL_PMC_BXT is not set +# CONFIG_MFD_IQS62X is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_88PM800 is not set +# CONFIG_MFD_88PM805 is not set +# CONFIG_MFD_88PM860X is not set +# CONFIG_MFD_MAX14577 is not set +# CONFIG_MFD_MAX77693 is not set +# CONFIG_MFD_MAX77843 is not set +# CONFIG_MFD_MAX8907 is not set +# CONFIG_MFD_MAX8925 is not set +# CONFIG_MFD_MAX8997 is not set +# CONFIG_MFD_MAX8998 is not set +# CONFIG_MFD_MT6360 is not set +# CONFIG_MFD_MT6370 is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_MENF21BMC is not set +# CONFIG_MFD_VIPERBOARD is not set +# CONFIG_MFD_RETU is not set +# CONFIG_MFD_PCF50633 is not set +# CONFIG_MFD_SY7636A is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RT4831 is not set +# CONFIG_MFD_RT5033 is not set +# CONFIG_MFD_RT5120 is not set +# CONFIG_MFD_RC5T583 is not set +# CONFIG_MFD_SI476X_CORE is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_MFD_SKY81452 is not set +CONFIG_MFD_SYSCON=y +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_LP3943 is not set +# CONFIG_MFD_LP8788 is not set +# CONFIG_MFD_TI_LMU is not set +# CONFIG_MFD_PALMAS is not set +# CONFIG_TPS6105X is not set +# CONFIG_TPS6507X is not set +# CONFIG_MFD_TPS65086 is not set +# CONFIG_MFD_TPS65090 is not set +# CONFIG_MFD_TI_LP873X is not set +# CONFIG_MFD_TPS6586X is not set +# CONFIG_MFD_TPS65912_I2C is not set +# CONFIG_TWL4030_CORE is not set +# CONFIG_TWL6040_CORE is not set +# CONFIG_MFD_WL1273_CORE is not set +# CONFIG_MFD_LM3533 is not set +# CONFIG_MFD_TQMX86 is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_MFD_ARIZONA_I2C is not set +# CONFIG_MFD_WM8400 is not set +# CONFIG_MFD_WM831X_I2C is not set +# CONFIG_MFD_WM8350_I2C is not set +# CONFIG_MFD_WM8994 is not set +# CONFIG_MFD_ATC260X_I2C is not set +# end of Multifunction device drivers + +# CONFIG_REGULATOR is not set +# CONFIG_RC_CORE is not set + +# +# CEC support +# +# CONFIG_MEDIA_CEC_SUPPORT is not set +# end of CEC support + +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +CONFIG_APERTURE_HELPERS=y +# CONFIG_AGP is not set +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set +# CONFIG_DRM_DEBUG_MODESET_LOCK is not set + +# +# ARM devices +# +# end of ARM devices + +CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y + +# +# Frame buffer Devices +# +CONFIG_FB_CMDLINE=y +CONFIG_FB_NOTIFY=y +CONFIG_FB=y +# CONFIG_FIRMWARE_EDID is not set +CONFIG_FB_CFB_FILLRECT=y +CONFIG_FB_CFB_COPYAREA=y +CONFIG_FB_CFB_IMAGEBLIT=y +# CONFIG_FB_FOREIGN_ENDIAN is not set +# CONFIG_FB_MODE_HELPERS is not set +# CONFIG_FB_TILEBLITTING is not set + +# +# Frame buffer hardware drivers +# +# CONFIG_FB_CIRRUS is not set +# CONFIG_FB_PM2 is not set +# CONFIG_FB_CYBER2000 is not set +# CONFIG_FB_ARC is not set +# CONFIG_FB_ASILIANT is not set +# CONFIG_FB_IMSTT is not set +# CONFIG_FB_VGA16 is not set +CONFIG_FB_VESA=y +CONFIG_FB_EFI=y +# CONFIG_FB_N411 is not set +# CONFIG_FB_HGA is not set +# CONFIG_FB_OPENCORES is not set +# CONFIG_FB_S1D13XXX is not set +# CONFIG_FB_NVIDIA is not set +# CONFIG_FB_RIVA is not set +# CONFIG_FB_I740 is not set +# CONFIG_FB_LE80578 is not set +# CONFIG_FB_MATROX is not set +# CONFIG_FB_RADEON is not set +# CONFIG_FB_ATY128 is not set +# CONFIG_FB_ATY is not set +# CONFIG_FB_S3 is not set +# CONFIG_FB_SAVAGE is not set +# CONFIG_FB_SIS is not set +# CONFIG_FB_NEOMAGIC is not set +# CONFIG_FB_KYRO is not set +# CONFIG_FB_3DFX is not set +# CONFIG_FB_VOODOO1 is not set +# CONFIG_FB_VT8623 is not set +# CONFIG_FB_TRIDENT is not set +# CONFIG_FB_ARK is not set +# CONFIG_FB_PM3 is not set +# CONFIG_FB_CARMINE is not set +# CONFIG_FB_SMSCUFX is not set +# CONFIG_FB_UDL is not set +# CONFIG_FB_IBM_GXT4500 is not set +# CONFIG_FB_VIRTUAL is not set +# CONFIG_FB_METRONOME is not set +# CONFIG_FB_MB862XX is not set +# CONFIG_FB_SIMPLE is not set +# CONFIG_FB_SM712 is not set +# end of Frame buffer Devices + +# +# Backlight & LCD device support +# +# CONFIG_LCD_CLASS_DEVICE is not set +# CONFIG_BACKLIGHT_CLASS_DEVICE is not set +# end of Backlight & LCD device support + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_FRAMEBUFFER_CONSOLE=y +CONFIG_FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION=y +# CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY is not set +# CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set +# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set +# end of Console display driver support + +# CONFIG_LOGO is not set +# end of Graphics support + +# CONFIG_SOUND is not set + +# +# HID support +# +CONFIG_HID=y +# CONFIG_HID_BATTERY_STRENGTH is not set +CONFIG_HIDRAW=y +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=y + +# +# Special HID drivers +# +# CONFIG_HID_A4TECH is not set +# CONFIG_HID_ACCUTOUCH is not set +# CONFIG_HID_ACRUX is not set +# CONFIG_HID_APPLEIR is not set +# CONFIG_HID_AUREAL is not set +# CONFIG_HID_BELKIN is not set +# CONFIG_HID_BETOP_FF is not set +# CONFIG_HID_CHERRY is not set +# CONFIG_HID_CHICONY is not set +# CONFIG_HID_COUGAR is not set +# CONFIG_HID_MACALLY is not set +# CONFIG_HID_CMEDIA is not set +# CONFIG_HID_CREATIVE_SB0540 is not set +# CONFIG_HID_CYPRESS is not set +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELECOM is not set +# CONFIG_HID_ELO is not set +# CONFIG_HID_EZKEY is not set +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_GLORIOUS is not set +# CONFIG_HID_HOLTEK is not set +# CONFIG_HID_VIVALDI is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_UCLOGIC is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_VIEWSONIC is not set +# CONFIG_HID_VRC2 is not set +# CONFIG_HID_XIAOMI is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_ITE is not set +# CONFIG_HID_JABRA is not set +# CONFIG_HID_TWINHAN is not set +# CONFIG_HID_KENSINGTON is not set +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LENOVO is not set +# CONFIG_HID_LETSKETCH is not set +# CONFIG_HID_MAGICMOUSE is not set +# CONFIG_HID_MALTRON is not set +# CONFIG_HID_MAYFLASH is not set +# CONFIG_HID_MEGAWORLD_FF is not set +# CONFIG_HID_REDRAGON is not set +# CONFIG_HID_MICROSOFT is not set +# CONFIG_HID_MONTEREY is not set +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_NTI is not set +# CONFIG_HID_NTRIG is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PENMOUNT is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +# CONFIG_HID_PLANTRONICS is not set +# CONFIG_HID_PXRC is not set +# CONFIG_HID_RAZER is not set +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_RETRODE is not set +# CONFIG_HID_ROCCAT is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SEMITEK is not set +# CONFIG_HID_SIGMAMICRO is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEAM is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_TOPRE is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_UDRAW_PS3 is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set +# end of Special HID drivers + +# +# USB HID support +# +CONFIG_USB_HID=m +# CONFIG_HID_PID is not set +# CONFIG_USB_HIDDEV is not set + +# +# USB HID Boot Protocol drivers +# +# CONFIG_USB_KBD is not set +# CONFIG_USB_MOUSE is not set +# end of USB HID Boot Protocol drivers +# end of USB HID support + +# +# I2C HID support +# +# CONFIG_I2C_HID_ACPI is not set +# end of I2C HID support + +# +# Intel ISH HID support +# +# CONFIG_INTEL_ISH_HID is not set +# end of Intel ISH HID support + +# +# AMD SFH HID Support +# +# CONFIG_AMD_SFH_HID is not set +# end of AMD SFH HID Support +# end of HID support + +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_COMMON=y +# CONFIG_USB_ULPI_BUS is not set +CONFIG_USB_ARCH_HAS_HCD=y +CONFIG_USB=y +CONFIG_USB_PCI=y +# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set + +# +# Miscellaneous USB options +# +CONFIG_USB_DEFAULT_PERSIST=y +# CONFIG_USB_FEW_INIT_RETRIES is not set +# CONFIG_USB_DYNAMIC_MINORS is not set +# CONFIG_USB_OTG_PRODUCTLIST is not set +# CONFIG_USB_OTG_DISABLE_EXTERNAL_HUB is not set +CONFIG_USB_AUTOSUSPEND_DELAY=2 +# CONFIG_USB_MON is not set + +# +# USB Host Controller Drivers +# +# CONFIG_USB_C67X00_HCD is not set +CONFIG_USB_XHCI_HCD=m +# CONFIG_USB_XHCI_DBGCAP is not set +CONFIG_USB_XHCI_PCI=m +# CONFIG_USB_XHCI_PCI_RENESAS is not set +CONFIG_USB_XHCI_PLATFORM=m +CONFIG_USB_EHCI_HCD=m +# CONFIG_USB_EHCI_ROOT_HUB_TT is not set +CONFIG_USB_EHCI_TT_NEWSCHED=y +CONFIG_USB_EHCI_PCI=m +# CONFIG_USB_EHCI_FSL is not set +CONFIG_USB_EHCI_HCD_PLATFORM=m +# CONFIG_USB_OXU210HP_HCD is not set +# CONFIG_USB_ISP116X_HCD is not set +# CONFIG_USB_FOTG210_HCD is not set +CONFIG_USB_OHCI_HCD=m +CONFIG_USB_OHCI_HCD_PCI=m +# CONFIG_USB_OHCI_HCD_PLATFORM is not set +CONFIG_USB_UHCI_HCD=m +# CONFIG_USB_SL811_HCD is not set +# CONFIG_USB_R8A66597_HCD is not set +# CONFIG_USB_HCD_TEST_MODE is not set + +# +# USB Device Class drivers +# +# CONFIG_USB_ACM is not set +# CONFIG_USB_PRINTER is not set +# CONFIG_USB_WDM is not set +# CONFIG_USB_TMC is not set + +# +# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may +# + +# +# also be needed; see USB_STORAGE Help for more info +# +CONFIG_USB_STORAGE=m +# CONFIG_USB_STORAGE_DEBUG is not set +# CONFIG_USB_STORAGE_REALTEK is not set +# CONFIG_USB_STORAGE_DATAFAB is not set +# CONFIG_USB_STORAGE_FREECOM is not set +# CONFIG_USB_STORAGE_ISD200 is not set +# CONFIG_USB_STORAGE_USBAT is not set +# CONFIG_USB_STORAGE_SDDR09 is not set +# CONFIG_USB_STORAGE_SDDR55 is not set +# CONFIG_USB_STORAGE_JUMPSHOT is not set +# CONFIG_USB_STORAGE_ALAUDA is not set +# CONFIG_USB_STORAGE_ONETOUCH is not set +# CONFIG_USB_STORAGE_KARMA is not set +# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set +# CONFIG_USB_STORAGE_ENE_UB6250 is not set +# CONFIG_USB_UAS is not set + +# +# USB Imaging devices +# +# CONFIG_USB_MDC800 is not set +# CONFIG_USB_MICROTEK is not set +# CONFIG_USBIP_CORE is not set +# CONFIG_USB_CDNS_SUPPORT is not set +# CONFIG_USB_MUSB_HDRC is not set +# CONFIG_USB_DWC3 is not set +# CONFIG_USB_DWC2 is not set +# CONFIG_USB_CHIPIDEA is not set +# CONFIG_USB_ISP1760 is not set + +# +# USB port drivers +# +# CONFIG_USB_SERIAL is not set + +# +# USB Miscellaneous drivers +# +# CONFIG_USB_EMI62 is not set +# CONFIG_USB_EMI26 is not set +# CONFIG_USB_ADUTUX is not set +# CONFIG_USB_SEVSEG is not set +# CONFIG_USB_LEGOTOWER is not set +# CONFIG_USB_LCD is not set +# CONFIG_USB_CYPRESS_CY7C63 is not set +# CONFIG_USB_CYTHERM is not set +# CONFIG_USB_IDMOUSE is not set +# CONFIG_USB_FTDI_ELAN is not set +# CONFIG_USB_APPLEDISPLAY is not set +# CONFIG_APPLE_MFI_FASTCHARGE is not set +# CONFIG_USB_SISUSBVGA is not set +# CONFIG_USB_LD is not set +# CONFIG_USB_TRANCEVIBRATOR is not set +# CONFIG_USB_IOWARRIOR is not set +# CONFIG_USB_TEST is not set +# CONFIG_USB_EHSET_TEST_FIXTURE is not set +# CONFIG_USB_ISIGHTFW is not set +# CONFIG_USB_YUREX is not set +# CONFIG_USB_EZUSB_FX2 is not set +# CONFIG_USB_HUB_USB251XB is not set +# CONFIG_USB_HSIC_USB3503 is not set +# CONFIG_USB_HSIC_USB4604 is not set +# CONFIG_USB_LINK_LAYER_TEST is not set +# CONFIG_USB_CHAOSKEY is not set + +# +# USB Physical Layer drivers +# +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_ISP1301 is not set +# end of USB Physical Layer drivers + +# CONFIG_USB_GADGET is not set +# CONFIG_TYPEC is not set +# CONFIG_USB_ROLE_SWITCH is not set +# CONFIG_MMC is not set +# CONFIG_SCSI_UFSHCD is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +CONFIG_RTC_CLASS=y +CONFIG_RTC_HCTOSYS=y +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" +CONFIG_RTC_SYSTOHC=y +CONFIG_RTC_SYSTOHC_DEVICE="rtc0" +# CONFIG_RTC_DEBUG is not set +CONFIG_RTC_NVMEM=y + +# +# RTC interfaces +# +CONFIG_RTC_INTF_SYSFS=y +CONFIG_RTC_INTF_PROC=y +CONFIG_RTC_INTF_DEV=y +# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set +# CONFIG_RTC_DRV_TEST is not set + +# +# I2C RTC drivers +# +# CONFIG_RTC_DRV_ABB5ZES3 is not set +# CONFIG_RTC_DRV_ABEOZ9 is not set +# CONFIG_RTC_DRV_ABX80X is not set +# CONFIG_RTC_DRV_DS1307 is not set +# CONFIG_RTC_DRV_DS1374 is not set +# CONFIG_RTC_DRV_DS1672 is not set +# CONFIG_RTC_DRV_MAX6900 is not set +# CONFIG_RTC_DRV_RS5C372 is not set +# CONFIG_RTC_DRV_ISL1208 is not set +# CONFIG_RTC_DRV_ISL12022 is not set +# CONFIG_RTC_DRV_X1205 is not set +# CONFIG_RTC_DRV_PCF8523 is not set +# CONFIG_RTC_DRV_PCF85063 is not set +# CONFIG_RTC_DRV_PCF85363 is not set +# CONFIG_RTC_DRV_PCF8563 is not set +# CONFIG_RTC_DRV_PCF8583 is not set +# CONFIG_RTC_DRV_M41T80 is not set +# CONFIG_RTC_DRV_BQ32K is not set +# CONFIG_RTC_DRV_S35390A is not set +# CONFIG_RTC_DRV_FM3130 is not set +# CONFIG_RTC_DRV_RX8010 is not set +# CONFIG_RTC_DRV_RX8581 is not set +# CONFIG_RTC_DRV_RX8025 is not set +# CONFIG_RTC_DRV_EM3027 is not set +# CONFIG_RTC_DRV_RV3028 is not set +# CONFIG_RTC_DRV_RV3032 is not set +# CONFIG_RTC_DRV_RV8803 is not set +# CONFIG_RTC_DRV_SD3078 is not set + +# +# SPI RTC drivers +# +CONFIG_RTC_I2C_AND_SPI=y + +# +# SPI and I2C RTC drivers +# +# CONFIG_RTC_DRV_DS3232 is not set +# CONFIG_RTC_DRV_PCF2127 is not set +# CONFIG_RTC_DRV_RV3029C2 is not set +# CONFIG_RTC_DRV_RX6110 is not set + +# +# Platform RTC drivers +# +CONFIG_RTC_DRV_CMOS=y +# CONFIG_RTC_DRV_DS1286 is not set +# CONFIG_RTC_DRV_DS1511 is not set +# CONFIG_RTC_DRV_DS1553 is not set +# CONFIG_RTC_DRV_DS1685_FAMILY is not set +# CONFIG_RTC_DRV_DS1742 is not set +# CONFIG_RTC_DRV_DS2404 is not set +# CONFIG_RTC_DRV_STK17TA8 is not set +# CONFIG_RTC_DRV_M48T86 is not set +# CONFIG_RTC_DRV_M48T35 is not set +# CONFIG_RTC_DRV_M48T59 is not set +# CONFIG_RTC_DRV_MSM6242 is not set +# CONFIG_RTC_DRV_BQ4802 is not set +# CONFIG_RTC_DRV_RP5C01 is not set +# CONFIG_RTC_DRV_V3020 is not set + +# +# on-CPU RTC drivers +# +# CONFIG_RTC_DRV_FTRTC010 is not set + +# +# HID Sensor RTC drivers +# +# CONFIG_RTC_DRV_GOLDFISH is not set +# CONFIG_DMADEVICES is not set + +# +# DMABUF options +# +CONFIG_SYNC_FILE=y +# CONFIG_UDMABUF is not set +# CONFIG_DMABUF_MOVE_NOTIFY is not set +# CONFIG_DMABUF_DEBUG is not set +# CONFIG_DMABUF_SELFTESTS is not set +# CONFIG_DMABUF_HEAPS is not set +# CONFIG_DMABUF_SYSFS_STATS is not set +# end of DMABUF options + +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +# CONFIG_VFIO is not set +# CONFIG_VIRT_DRIVERS is not set +# CONFIG_VIRTIO_MENU is not set +# CONFIG_VDPA is not set +# CONFIG_VHOST_MENU is not set + +# +# Microsoft Hyper-V guest support +# +# end of Microsoft Hyper-V guest support + +# CONFIG_GREYBUS is not set +# CONFIG_COMEDI is not set +# CONFIG_STAGING is not set +# CONFIG_CHROME_PLATFORMS is not set +# CONFIG_MELLANOX_PLATFORM is not set +CONFIG_SURFACE_PLATFORMS=y +# CONFIG_SURFACE_3_POWER_OPREGION is not set +# CONFIG_SURFACE_GPE is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +CONFIG_X86_PLATFORM_DEVICES=y +# CONFIG_ACPI_WMI is not set +# CONFIG_ACERHDF is not set +# CONFIG_ACER_WIRELESS is not set +# CONFIG_AMD_PMF is not set +# CONFIG_AMD_PMC is not set +# CONFIG_ADV_SWBUTTON is not set +# CONFIG_ASUS_WIRELESS is not set +# CONFIG_X86_PLATFORM_DRIVERS_DELL is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_GPD_POCKET_FAN is not set +# CONFIG_HP_ACCEL is not set +# CONFIG_WIRELESS_HOTKEY is not set +# CONFIG_IBM_RTL is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_INTEL_SAR_INT1092 is not set +# CONFIG_INTEL_PMC_CORE is not set + +# +# Intel Speed Select Technology interface support +# +# CONFIG_INTEL_SPEED_SELECT_INTERFACE is not set +# end of Intel Speed Select Technology interface support + +# +# Intel Uncore Frequency Control +# +# CONFIG_INTEL_UNCORE_FREQ_CONTROL is not set +# end of Intel Uncore Frequency Control + +# CONFIG_INTEL_HID_EVENT is not set +# CONFIG_INTEL_VBTN is not set +# CONFIG_INTEL_PUNIT_IPC is not set +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_INTEL_TURBO_MAX_3 is not set +# CONFIG_INTEL_VSEC is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_MLX_PLATFORM is not set +# CONFIG_INTEL_IPS is not set +# CONFIG_INTEL_SCU_PCI is not set +# CONFIG_INTEL_SCU_PLATFORM is not set +# CONFIG_SIEMENS_SIMATIC_IPC is not set +# CONFIG_WINMATE_FM07_KEYS is not set +# CONFIG_P2SB is not set +# CONFIG_COMMON_CLK is not set +# CONFIG_HWSPINLOCK is not set + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# end of Clock Source drivers + +CONFIG_MAILBOX=y +CONFIG_PCC=y +# CONFIG_ALTERA_MBOX is not set +CONFIG_IOMMU_IOVA=y +CONFIG_IOASID=y +CONFIG_IOMMU_API=y +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +# end of Generic IOMMU Pagetable Support + +# CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set +CONFIG_IOMMU_DEFAULT_DMA_LAZY=y +# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set +CONFIG_IOMMU_DMA=y +CONFIG_IOMMU_SVA=y +# CONFIG_AMD_IOMMU is not set +CONFIG_DMAR_TABLE=y +CONFIG_INTEL_IOMMU=y +CONFIG_INTEL_IOMMU_SVM=y +CONFIG_INTEL_IOMMU_DEFAULT_ON=y +CONFIG_INTEL_IOMMU_FLOPPY_WA=y +# CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON is not set +# CONFIG_IRQ_REMAP is not set + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set +# end of Remoteproc drivers + +# +# Rpmsg drivers +# +# CONFIG_RPMSG_QCOM_GLINK_RPM is not set +# CONFIG_RPMSG_VIRTIO is not set +# end of Rpmsg drivers + +# CONFIG_SOUNDWIRE is not set + +# +# SOC (System On Chip) specific Drivers +# + +# +# Amlogic SoC drivers +# +# end of Amlogic SoC drivers + +# +# Broadcom SoC drivers +# +# end of Broadcom SoC drivers + +# +# NXP/Freescale QorIQ SoC drivers +# +# end of NXP/Freescale QorIQ SoC drivers + +# +# fujitsu SoC drivers +# +# end of fujitsu SoC drivers + +# +# i.MX SoC drivers +# +# end of i.MX SoC drivers + +# +# Enable LiteX SoC Builder specific drivers +# +# end of Enable LiteX SoC Builder specific drivers + +# +# Qualcomm SoC drivers +# +# end of Qualcomm SoC drivers + +# CONFIG_SOC_TI is not set + +# +# Xilinx SoC drivers +# +# end of Xilinx SoC drivers +# end of SOC (System On Chip) specific Drivers + +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_PWM is not set + +# +# IRQ chip support +# +# end of IRQ chip support + +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set + +# +# PHY Subsystem +# +CONFIG_GENERIC_PHY=y +# CONFIG_USB_LGM_PHY is not set +# CONFIG_PHY_CAN_TRANSCEIVER is not set + +# +# PHY drivers for Broadcom platforms +# +# CONFIG_BCM_KONA_USB2_PHY is not set +# end of PHY drivers for Broadcom platforms + +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_PHY_INTEL_LGM_EMMC is not set +# end of PHY Subsystem + +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# end of Performance monitor support + +# CONFIG_RAS is not set +# CONFIG_USB4 is not set + +# +# Android +# +# CONFIG_ANDROID_BINDER_IPC is not set +# end of Android + +CONFIG_LIBNVDIMM=y +# CONFIG_BLK_DEV_PMEM is not set +# CONFIG_BTT is not set +# CONFIG_DAX is not set +CONFIG_NVMEM=y +CONFIG_NVMEM_SYSFS=y +# CONFIG_NVMEM_RMEM is not set + +# +# HW tracing support +# +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set +# end of HW tracing support + +# CONFIG_FPGA is not set +# CONFIG_SIOX is not set +# CONFIG_SLIMBUS is not set +# CONFIG_INTERCONNECT is not set +# CONFIG_COUNTER is not set +# CONFIG_PECI is not set +# CONFIG_HTE is not set +# end of Device Drivers + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +# CONFIG_VALIDATE_FS_PARSER is not set +CONFIG_FS_IOMAP=y +# CONFIG_EXT2_FS is not set +# CONFIG_EXT3_FS is not set +CONFIG_EXT4_FS=y +CONFIG_EXT4_USE_FOR_EXT2=y +# CONFIG_EXT4_FS_POSIX_ACL is not set +# CONFIG_EXT4_FS_SECURITY is not set +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +# CONFIG_REISERFS_FS is not set +# CONFIG_JFS_FS is not set +# CONFIG_XFS_FS is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_EXPORTFS_BLOCK_OPS is not set +CONFIG_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +# CONFIG_FS_VERITY is not set +# CONFIG_DNOTIFY is not set +# CONFIG_INOTIFY_USER is not set +# CONFIG_FANOTIFY is not set +# CONFIG_QUOTA is not set +# CONFIG_AUTOFS4_FS is not set +# CONFIG_AUTOFS_FS is not set +# CONFIG_FUSE_FS is not set +# CONFIG_OVERLAY_FS is not set + +# +# Caches +# +# CONFIG_FSCACHE is not set +# end of Caches + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +# CONFIG_ZISOFS is not set +# CONFIG_UDF_FS is not set +# end of CD-ROM/DVD Filesystems + +# +# DOS/FAT/EXFAT/NT Filesystems +# +CONFIG_FAT_FS=y +CONFIG_MSDOS_FS=y +CONFIG_VFAT_FS=y +CONFIG_FAT_DEFAULT_CODEPAGE=437 +CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" +# CONFIG_FAT_DEFAULT_UTF8 is not set +CONFIG_EXFAT_FS=y +CONFIG_EXFAT_DEFAULT_IOCHARSET="utf8" +# CONFIG_NTFS_FS is not set +# CONFIG_NTFS3_FS is not set +# end of DOS/FAT/EXFAT/NT Filesystems + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +# CONFIG_PROC_KCORE is not set +# CONFIG_PROC_SYSCTL is not set +# CONFIG_PROC_PAGE_MONITOR is not set +# CONFIG_PROC_CHILDREN is not set +CONFIG_PROC_PID_ARCH_STATUS=y +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_TMPFS_INODE64 is not set +# CONFIG_HUGETLBFS is not set +CONFIG_ARCH_WANT_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y +CONFIG_MEMFD_CREATE=y +CONFIG_ARCH_HAS_GIGANTIC_PAGE=y +# CONFIG_CONFIGFS_FS is not set +CONFIG_EFIVAR_FS=m +# end of Pseudo filesystems + +# CONFIG_MISC_FILESYSTEMS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="utf8" +CONFIG_NLS_CODEPAGE_437=y +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +# CONFIG_NLS_ASCII is not set +CONFIG_NLS_ISO8859_1=y +# CONFIG_NLS_ISO8859_2 is not set +# CONFIG_NLS_ISO8859_3 is not set +# CONFIG_NLS_ISO8859_4 is not set +# CONFIG_NLS_ISO8859_5 is not set +# CONFIG_NLS_ISO8859_6 is not set +# CONFIG_NLS_ISO8859_7 is not set +# CONFIG_NLS_ISO8859_9 is not set +# CONFIG_NLS_ISO8859_13 is not set +# CONFIG_NLS_ISO8859_14 is not set +# CONFIG_NLS_ISO8859_15 is not set +# CONFIG_NLS_KOI8_R is not set +# CONFIG_NLS_KOI8_U is not set +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +CONFIG_NLS_UTF8=y +# CONFIG_UNICODE is not set +CONFIG_IO_WQ=y +# end of File systems + +# +# Security options +# +# CONFIG_KEYS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +CONFIG_SECURITYFS=y +# CONFIG_INTEL_TXT is not set +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +CONFIG_HARDENED_USERCOPY=y +# CONFIG_FORTIFY_SOURCE is not set +# CONFIG_STATIC_USERMODEHELPER is not set +# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,bpf" + +# +# Kernel hardening options +# + +# +# Memory initialization +# +CONFIG_INIT_STACK_NONE=y +# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set +# CONFIG_GCC_PLUGIN_STACKLEAK is not set +# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set +# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set +# end of Memory initialization + +CONFIG_RANDSTRUCT_NONE=y +# CONFIG_RANDSTRUCT_FULL is not set +# CONFIG_RANDSTRUCT_PERFORMANCE is not set +# end of Kernel hardening options +# end of Security options + +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SKCIPHER=y +CONFIG_CRYPTO_SKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_AKCIPHER=m +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_ACOMP2=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=y +CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +# CONFIG_CRYPTO_PCRYPT is not set +CONFIG_CRYPTO_CRYPTD=y +CONFIG_CRYPTO_AUTHENC=y +# CONFIG_CRYPTO_TEST is not set +CONFIG_CRYPTO_SIMD=y +# end of Crypto core or helper + +# +# Public-key cryptography +# +CONFIG_CRYPTO_RSA=m +# CONFIG_CRYPTO_DH is not set +# CONFIG_CRYPTO_ECDH is not set +# CONFIG_CRYPTO_ECDSA is not set +# CONFIG_CRYPTO_ECRDSA is not set +# CONFIG_CRYPTO_SM2 is not set +# CONFIG_CRYPTO_CURVE25519 is not set +# end of Public-key cryptography + +# +# Block ciphers +# +CONFIG_CRYPTO_AES=m +# CONFIG_CRYPTO_AES_TI is not set +CONFIG_CRYPTO_ANUBIS=m +# CONFIG_CRYPTO_ARIA is not set +CONFIG_CRYPTO_BLOWFISH=m +CONFIG_CRYPTO_BLOWFISH_COMMON=m +CONFIG_CRYPTO_CAMELLIA=m +CONFIG_CRYPTO_CAST_COMMON=m +CONFIG_CRYPTO_CAST5=m +CONFIG_CRYPTO_CAST6=m +# CONFIG_CRYPTO_DES is not set +CONFIG_CRYPTO_FCRYPT=m +CONFIG_CRYPTO_KHAZAD=m +CONFIG_CRYPTO_SEED=m +CONFIG_CRYPTO_SERPENT=m +# CONFIG_CRYPTO_SM4_GENERIC is not set +CONFIG_CRYPTO_TEA=m +CONFIG_CRYPTO_TWOFISH=m +CONFIG_CRYPTO_TWOFISH_COMMON=m +# end of Block ciphers + +# +# Length-preserving ciphers and modes +# +# CONFIG_CRYPTO_ADIANTUM is not set +CONFIG_CRYPTO_ARC4=m +CONFIG_CRYPTO_CHACHA20=m +CONFIG_CRYPTO_CBC=y +# CONFIG_CRYPTO_CFB is not set +CONFIG_CRYPTO_CTR=m +CONFIG_CRYPTO_CTS=m +CONFIG_CRYPTO_ECB=y +# CONFIG_CRYPTO_HCTR2 is not set +CONFIG_CRYPTO_KEYWRAP=m +CONFIG_CRYPTO_LRW=y +# CONFIG_CRYPTO_OFB is not set +CONFIG_CRYPTO_PCBC=m +CONFIG_CRYPTO_XTS=y +# end of Length-preserving ciphers and modes + +# +# AEAD (authenticated encryption with associated data) ciphers +# +# CONFIG_CRYPTO_AEGIS128 is not set +CONFIG_CRYPTO_CHACHA20POLY1305=m +CONFIG_CRYPTO_CCM=m +CONFIG_CRYPTO_GCM=m +# CONFIG_CRYPTO_SEQIV is not set +# CONFIG_CRYPTO_ECHAINIV is not set +CONFIG_CRYPTO_ESSIV=y +# end of AEAD (authenticated encryption with associated data) ciphers + +# +# Hashes, digests, and MACs +# +# CONFIG_CRYPTO_BLAKE2B is not set +CONFIG_CRYPTO_CMAC=m +CONFIG_CRYPTO_GHASH=m +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_MD4=m +CONFIG_CRYPTO_MD5=y +CONFIG_CRYPTO_MICHAEL_MIC=m +CONFIG_CRYPTO_POLY1305=m +CONFIG_CRYPTO_RMD160=m +CONFIG_CRYPTO_SHA1=y +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +# CONFIG_CRYPTO_SHA3 is not set +# CONFIG_CRYPTO_SM3_GENERIC is not set +# CONFIG_CRYPTO_STREEBOG is not set +CONFIG_CRYPTO_VMAC=m +CONFIG_CRYPTO_WP512=m +CONFIG_CRYPTO_XCBC=m +# CONFIG_CRYPTO_XXHASH is not set +# end of Hashes, digests, and MACs + +# +# CRCs (cyclic redundancy checks) +# +CONFIG_CRYPTO_CRC32C=y +CONFIG_CRYPTO_CRC32=m +CONFIG_CRYPTO_CRCT10DIF=y +# end of CRCs (cyclic redundancy checks) + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=m +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_842=m +CONFIG_CRYPTO_LZ4=m +CONFIG_CRYPTO_LZ4HC=m +# CONFIG_CRYPTO_ZSTD is not set +# end of Compression + +# +# Random number generation +# +CONFIG_CRYPTO_ANSI_CPRNG=m +# CONFIG_CRYPTO_DRBG_MENU is not set +# CONFIG_CRYPTO_JITTERENTROPY is not set +# end of Random number generation + +# +# Userspace interface +# +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +CONFIG_CRYPTO_USER_API_RNG=y +CONFIG_CRYPTO_USER_API_AEAD=y +CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE=y +# CONFIG_CRYPTO_STATS is not set +# end of Userspace interface + +CONFIG_CRYPTO_HASH_INFO=y + +# +# Accelerated Cryptographic Algorithms for CPU (x86) +# +# CONFIG_CRYPTO_CURVE25519_X86 is not set +CONFIG_CRYPTO_AES_NI_INTEL=y +CONFIG_CRYPTO_BLOWFISH_X86_64=m +CONFIG_CRYPTO_CAMELLIA_X86_64=m +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m +CONFIG_CRYPTO_CAST5_AVX_X86_64=m +CONFIG_CRYPTO_CAST6_AVX_X86_64=m +CONFIG_CRYPTO_DES3_EDE_X86_64=m +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m +CONFIG_CRYPTO_SERPENT_AVX_X86_64=m +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m +# CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64 is not set +CONFIG_CRYPTO_TWOFISH_X86_64=m +CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m +# CONFIG_CRYPTO_ARIA_AESNI_AVX_X86_64 is not set +CONFIG_CRYPTO_CHACHA20_X86_64=m +# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set +# CONFIG_CRYPTO_BLAKE2S_X86 is not set +# CONFIG_CRYPTO_POLYVAL_CLMUL_NI is not set +CONFIG_CRYPTO_POLY1305_X86_64=m +CONFIG_CRYPTO_SHA1_SSSE3=y +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y +# CONFIG_CRYPTO_SM3_AVX_X86_64 is not set +CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m +CONFIG_CRYPTO_CRC32C_INTEL=y +CONFIG_CRYPTO_CRC32_PCLMUL=m +CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m +# end of Accelerated Cryptographic Algorithms for CPU (x86) + +# CONFIG_CRYPTO_HW is not set + +# +# Certificates for signature checking +# +# end of Certificates for signature checking + +# +# Library routines +# +# CONFIG_PACKING is not set +CONFIG_BITREVERSE=y +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_CORDIC=m +# CONFIG_PRIME_NUMBERS is not set +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_ARCH_USE_SYM_ANNOTATIONS=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_UTILS=y +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_ARC4=m +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=m +CONFIG_CRYPTO_LIB_CHACHA_GENERIC=m +# CONFIG_CRYPTO_LIB_CHACHA is not set +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_DES=m +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=m +CONFIG_CRYPTO_LIB_POLY1305_GENERIC=m +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA1=y +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +CONFIG_CRC_CCITT=m +CONFIG_CRC16=y +CONFIG_CRC_T10DIF=y +# CONFIG_CRC64_ROCKSOFT is not set +CONFIG_CRC_ITU_T=m +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +# CONFIG_CRC64 is not set +# CONFIG_CRC4 is not set +CONFIG_CRC7=m +# CONFIG_LIBCRC32C is not set +CONFIG_CRC8=m +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_842_COMPRESS=m +CONFIG_842_DECOMPRESS=m +CONFIG_ZLIB_INFLATE=m +CONFIG_ZLIB_DEFLATE=m +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_COMPRESS=m +CONFIG_LZ4HC_COMPRESS=m +CONFIG_LZ4_DECOMPRESS=m +CONFIG_XZ_DEC=y +CONFIG_XZ_DEC_X86=y +# CONFIG_XZ_DEC_POWERPC is not set +# CONFIG_XZ_DEC_IA64 is not set +# CONFIG_XZ_DEC_ARM is not set +# CONFIG_XZ_DEC_ARMTHUMB is not set +# CONFIG_XZ_DEC_SPARC is not set +# CONFIG_XZ_DEC_MICROLZMA is not set +CONFIG_XZ_DEC_BCJ=y +CONFIG_XZ_DEC_TEST=m +CONFIG_DECOMPRESS_XZ=y +CONFIG_GENERIC_ALLOCATOR=y +CONFIG_REED_SOLOMON=y +CONFIG_REED_SOLOMON_DEC8=y +CONFIG_INTERVAL_TREE=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DMA_OPS=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_SWIOTLB=y +# CONFIG_DMA_API_DEBUG is not set +CONFIG_SGL_ALLOC=y +# CONFIG_FORCE_NR_CPUS is not set +CONFIG_CPU_RMAP=y +CONFIG_DQL=y +CONFIG_GLOB=y +# CONFIG_GLOB_SELFTEST is not set +CONFIG_NLATTR=y +CONFIG_CLZ_TAB=y +CONFIG_IRQ_POLL=y +CONFIG_MPILIB=m +CONFIG_UCS2_STRING=y +CONFIG_HAVE_GENERIC_VDSO=y +CONFIG_GENERIC_GETTIMEOFDAY=y +CONFIG_GENERIC_VDSO_TIME_NS=y +CONFIG_FONT_SUPPORT=y +# CONFIG_FONTS is not set +CONFIG_FONT_8x8=y +CONFIG_FONT_8x16=y +CONFIG_SG_POOL=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_MEMREGION=y +CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y +CONFIG_ARCH_HAS_COPY_MC=y +CONFIG_ARCH_STACKWALK=y +CONFIG_SBITMAP=y +# end of Library routines + +# +# Kernel hacking +# + +# +# printk and dmesg options +# +CONFIG_PRINTK_TIME=y +# CONFIG_PRINTK_CALLER is not set +# CONFIG_STACKTRACE_BUILD_ID is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_CONSOLE_LOGLEVEL_QUIET=4 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +CONFIG_BOOT_PRINTK_DELAY=y +# CONFIG_DYNAMIC_DEBUG is not set +# CONFIG_DYNAMIC_DEBUG_CORE is not set +CONFIG_SYMBOLIC_ERRNAME=y +# CONFIG_DEBUG_BUGVERBOSE is not set +# end of printk and dmesg options + +CONFIG_DEBUG_KERNEL=y +CONFIG_DEBUG_MISC=y + +# +# Compile-time checks and compiler options +# +CONFIG_AS_HAS_NON_CONST_LEB128=y +CONFIG_DEBUG_INFO_NONE=y +# CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_DEBUG_INFO_DWARF5 is not set +CONFIG_FRAME_WARN=1024 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_HEADERS_INSTALL is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +# CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B is not set +CONFIG_OBJTOOL=y +# CONFIG_VMLINUX_MAP is not set +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# end of Compile-time checks and compiler options + +# +# Generic Kernel Debugging Instruments +# +CONFIG_MAGIC_SYSRQ=y +CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x1 +CONFIG_MAGIC_SYSRQ_SERIAL=y +CONFIG_MAGIC_SYSRQ_SERIAL_SEQUENCE="" +# CONFIG_DEBUG_FS is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN is not set +CONFIG_HAVE_ARCH_KCSAN=y +# end of Generic Kernel Debugging Instruments + +# +# Networking Debugging +# +# CONFIG_NET_DEV_REFCNT_TRACKER is not set +# CONFIG_NET_NS_REFCNT_TRACKER is not set +# CONFIG_DEBUG_NET is not set +# end of Networking Debugging + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_SLUB_DEBUG is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_PAGE_TABLE_CHECK is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_RODATA_TEST is not set +CONFIG_ARCH_HAS_DEBUG_WX=y +# CONFIG_DEBUG_WX is not set +CONFIG_GENERIC_PTDUMP=y +# CONFIG_DEBUG_OBJECTS is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VM_PGTABLE is not set +CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y +# CONFIG_DEBUG_VIRTUAL is not set +# CONFIG_DEBUG_MEMORY_INIT is not set +# CONFIG_DEBUG_PER_CPU_MAPS is not set +CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y +# CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP is not set +CONFIG_HAVE_ARCH_KASAN=y +CONFIG_HAVE_ARCH_KASAN_VMALLOC=y +CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y +# CONFIG_KASAN is not set +CONFIG_HAVE_ARCH_KFENCE=y +# CONFIG_KFENCE is not set +CONFIG_HAVE_ARCH_KMSAN=y +# end of Memory Debugging + +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Oops, Lockups and Hangs +# +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +CONFIG_LOCKUP_DETECTOR=y +CONFIG_SOFTLOCKUP_DETECTOR=y +# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set +CONFIG_HARDLOCKUP_DETECTOR_PERF=y +CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +CONFIG_HARDLOCKUP_DETECTOR=y +# CONFIG_BOOTPARAM_HARDLOCKUP_PANIC is not set +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=120 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +CONFIG_WQ_WATCHDOG=y +# CONFIG_TEST_LOCKUP is not set +# end of Debug Oops, Lockups and Hangs + +# +# Scheduler Debugging +# +# CONFIG_SCHED_DEBUG is not set +# CONFIG_SCHEDSTATS is not set +# end of Scheduler Debugging + +# CONFIG_DEBUG_TIMEKEEPING is not set +CONFIG_DEBUG_PREEMPT=y + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +CONFIG_LOCK_DEBUGGING_SUPPORT=y +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_RWSEMS is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_WW_MUTEX_SELFTEST is not set +# CONFIG_SCF_TORTURE_TEST is not set +# CONFIG_CSD_LOCK_WAIT_DEBUG is not set +# end of Lock Debugging (spinlocks, mutexes, etc...) + +# CONFIG_DEBUG_IRQFLAGS is not set +# CONFIG_STACKTRACE is not set +# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set +# CONFIG_DEBUG_KOBJECT is not set + +# +# Debug kernel data structures +# +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PLIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_BUG_ON_DATA_CORRUPTION is not set +# CONFIG_DEBUG_MAPLE_TREE is not set +# end of Debug kernel data structures + +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_RCU_SCALE_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_REF_SCALE_TEST is not set +CONFIG_RCU_CPU_STALL_TIMEOUT=21 +CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0 +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# end of RCU Debugging + +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set +# CONFIG_LATENCYTOP is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_RETHOOK=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_NO_PATCHABLE=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_OBJTOOL_MCOUNT=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_HAVE_BUILDTIME_MCOUNT_SORT=y +CONFIG_TRACING_SUPPORT=y +# CONFIG_FTRACE is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_SAMPLE_FTRACE_DIRECT=y +CONFIG_HAVE_SAMPLE_FTRACE_DIRECT_MULTI=y +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +# CONFIG_STRICT_DEVMEM is not set + +# +# x86 Debugging +# +# CONFIG_X86_VERBOSE_BOOTUP is not set +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_EARLY_PRINTK_USB_XDBC is not set +# CONFIG_EFI_PGT_DUMP is not set +# CONFIG_DEBUG_TLBFLUSH is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +# CONFIG_X86_DECODER_SELFTEST is not set +# CONFIG_IO_DELAY_0X80 is not set +CONFIG_IO_DELAY_0XED=y +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +# CONFIG_CPA_DEBUG is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +# CONFIG_X86_DEBUG_FPU is not set +# CONFIG_PUNIT_ATOM_DEBUG is not set +CONFIG_UNWINDER_ORC=y +# CONFIG_UNWINDER_FRAME_POINTER is not set +# CONFIG_UNWINDER_GUESS is not set +# end of x86 Debugging + +# +# Kernel Testing and Coverage +# +# CONFIG_KUNIT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +CONFIG_ARCH_HAS_KCOV=y +CONFIG_CC_HAS_SANCOV_TRACE_PC=y +# CONFIG_KCOV is not set +CONFIG_RUNTIME_TESTING_MENU=y +# CONFIG_TEST_MIN_HEAP is not set +# CONFIG_TEST_DIV64 is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_TEST_REF_TRACKER is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_REED_SOLOMON_TEST is not set +# CONFIG_INTERVAL_TREE_TEST is not set +# CONFIG_PERCPU_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_STRING_SELFTEST is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_STRSCPY is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_SCANF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_XARRAY is not set +# CONFIG_TEST_MAPLE_TREE is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_SIPHASH is not set +# CONFIG_TEST_IDA is not set +# CONFIG_TEST_LKM is not set +# CONFIG_TEST_BITOPS is not set +# CONFIG_TEST_VMALLOC is not set +# CONFIG_TEST_USER_COPY is not set +# CONFIG_TEST_BPF is not set +# CONFIG_TEST_BLACKHOLE_DEV is not set +# CONFIG_FIND_BIT_BENCHMARK is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_TEST_STATIC_KEYS is not set +# CONFIG_TEST_KMOD is not set +# CONFIG_TEST_MEMCAT_P is not set +# CONFIG_TEST_MEMINIT is not set +# CONFIG_TEST_FREE_PAGES is not set +# CONFIG_TEST_FPU is not set +# CONFIG_TEST_CLOCKSOURCE_WATCHDOG is not set +CONFIG_ARCH_USE_MEMTEST=y +# CONFIG_MEMTEST is not set +# end of Kernel Testing and Coverage + +# +# Rust hacking +# +# end of Rust hacking +# end of Kernel hacking diff --git a/initrd/bin/cbfs-init b/initrd/bin/cbfs-init index 09456198d..fc01b304e 100755 --- a/initrd/bin/cbfs-init +++ b/initrd/bin/cbfs-init @@ -9,8 +9,15 @@ if [ -z "$CONFIG_PCR" ]; then CONFIG_PCR=7 fi +if [ "$CONFIG_CBFS_VIA_FLASHROM" = "y" ]; then + # Use flashrom directly, because we don't have /tmp/config with params for flash.sh yet + /bin/flashrom -p internal --fmap -i COREBOOT -i FMAP -r /tmp/cbfs-init.rom > /dev/null 2>&1 \ + && CBFS_ARG=" -o /tmp/cbfs-init.rom" \ + || echo "Failed reading Heads configuration from flash! Some features may not be available." +fi + # Load individual files -cbfsfiles=`cbfs -t 50 -l 2>/dev/null | grep "^heads/initrd/"` +cbfsfiles=`cbfs -t 50 -l $CBFS_ARG 2>/dev/null | grep "^heads/initrd/"` for cbfsname in `echo $cbfsfiles`; do filename=${cbfsname:12} @@ -18,7 +25,7 @@ for cbfsname in `echo $cbfsfiles`; do echo "Loading $filename from CBFS" mkdir -p `dirname $filename` \ || die "$filename: mkdir failed" - cbfs -t 50 -r $cbfsname > "$filename" \ + cbfs -t 50 $CBFS_ARG -r $cbfsname > "$filename" \ || die "$filename: cbfs file read failed" if [ "$CONFIG_TPM" = "y" ]; then TMPFILE=/tmp/cbfs.$$ diff --git a/initrd/bin/network-init-recovery b/initrd/bin/network-init-recovery index fb09d2ff9..d35dbb565 100755 --- a/initrd/bin/network-init-recovery +++ b/initrd/bin/network-init-recovery @@ -61,7 +61,7 @@ ethernet_activation() fi echo "Loading Ethernet network modules..." - network_modules="e1000 e1000e igb sfc mdio mlx4_core mlx4_en" + network_modules="e1000 e1000e igb igc sfc mdio mlx4_core mlx4_en" for module in $(echo $network_modules); do if [ -f /lib/modules/$module.ko ]; then insmod /lib/modules/$module.ko diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions index 54b721085..8af63f6df 100644 --- a/initrd/etc/ash_functions +++ b/initrd/etc/ash_functions @@ -50,14 +50,19 @@ fw_version() { preserve_rom() { TRACE "Under /etc/ash_functions:preserve_rom" + if [ "$CONFIG_CBFS_VIA_FLASHROM" = "y" ]; then + CBFS_ARG=" -o /tmp/cbfs-init.rom" + else + CBFS_ARG="" + fi new_rom="$1" - old_files=`cbfs -t 50 -l 2>/dev/null | grep "^heads/"` + old_files=`cbfs -t 50 -l $CBFS_ARG 2>/dev/null | grep "^heads/"` for old_file in `echo $old_files`; do new_file=`cbfs.sh -o $1 -l | grep -x $old_file` if [ -z "$new_file" ]; then echo "+++ Adding $old_file to $1" - cbfs -t 50 -r $old_file >/tmp/rom.$$ \ + cbfs -t 50 $CBFS_ARG -r $old_file >/tmp/rom.$$ \ || die "Failed to read cbfs file from ROM" cbfs.sh -o $1 -a $old_file -f /tmp/rom.$$ \ || die "Failed to write cbfs file to new ROM file" diff --git a/modules/coreboot b/modules/coreboot index 13fc943f4..01dde2099 100644 --- a/modules/coreboot +++ b/modules/coreboot @@ -93,7 +93,7 @@ $(eval $(call coreboot_module,purism,24.02.01)) # MSI and Nitropad NV41 / NS50 boards are based on Dasharo coreboot port coreboot-dasharo_repo := https://github.com/dasharo/coreboot -coreboot-dasharo_commit_hash := 3a9aa3a4692f3dd49732f5b4e3ec54be385f0969 +coreboot-dasharo_commit_hash := 38215f5a2bb3ea8ead10bf9c481caeb07d3a19ad coreboot-dasharo_patch_version := unreleased $(eval $(call coreboot_module,dasharo,)) diff --git a/modules/linux b/modules/linux index ea08916d9..01801d004 100644 --- a/modules/linux +++ b/modules/linux @@ -88,6 +88,7 @@ linux_modules-$(CONFIG_LINUX_E1000E) += drivers/net/ethernet/intel/e1000e/e1000e # Dell R630 ethernet and RAID controller linux_modules-$(CONFIG_LINUX_IGB) += drivers/net/ethernet/intel/igb/igb.ko +linux_modules-$(CONFIG_LINUX_IGC) += drivers/net/ethernet/intel/igc/igc.ko linux_modules-$(CONFIG_LINUX_MEGARAID) += drivers/scsi/megaraid/megaraid_mm.ko linux_modules-$(CONFIG_LINUX_MEGARAID) += drivers/scsi/megaraid/megaraid_sas.ko linux_modules-$(CONFIG_LINUX_MEGARAID) += drivers/scsi/megaraid/megaraid_mbox.ko From b2c435151eb8e7334fb81f718e651c57fe8d6414 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 9 Aug 2024 09:48:03 -0400 Subject: [PATCH 61/84] flashrom: switch to Dasharo fork Signed-off-by: Thierry Laurion --- modules/flashrom | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/flashrom b/modules/flashrom index 63143d9dd..43e5a3383 100644 --- a/modules/flashrom +++ b/modules/flashrom @@ -2,11 +2,11 @@ modules-$(CONFIG_FLASHROM) += flashrom flashrom_depends := pciutils $(musl_dep) -flashrom_version := 1776bb46ba6ea3d1ab2ec3f0cd88158aabed7400 +flashrom_version := 24b8fcfccef31fbb95bc1dd308180f57d5cdb64c flashrom_dir := flashrom-$(flashrom_version) flashrom_tar := $(flashrom_dir).tar.gz -flashrom_url := https://github.com/flashrom/flashrom/archive/$(flashrom_version).tar.gz -flashrom_hash := 65e262ca4428a0ceddd73f481ed0d8444393b73a78469f266a4457dfc834ecb7 +flashrom_url := https://github.com/Dasharo/flashrom/archive/$(flashrom_version).tar.gz +flashrom_hash := caf756af8177bb3eedff33071a089b8db0b1da82adb0260a90217e06fcf9844b # Default options for flashrom flashrom_cfg := \ From 88513e3f064ebc3122ddc781bf13f74b26896920 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 9 Aug 2024 10:54:19 -0400 Subject: [PATCH 62/84] flashrom: switch back to flashrom upstream, but bump to release 1.4.0 released 2 weeks ago. Expected that patches from 2 years ago were merged upstream - delete unapplied kgpe-d16 patch (will need to be brought back, was not applied currently on master - add patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch which was not submitted to flashrom and needed by MSI - point modules/flashrom to release 1.4.0 commit FAILED: https://github.com/Dasharo/flashrom/commit/24b8fcfccef31fbb95bc1dd308180f57d5cdb64c.patch Cannot be applied over 1.4.0: if [ -d patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38 ] && [ -r patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38 ] ; then for patch in patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/*.patch ; do echo "Applying patch file : $patch " ; ( git apply --verbose --reject --binary --directory build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38 ) < $patch || exit 1 ; done ; fi Applying patch file : patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c... error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_ELKHART_LAKE: case CHIPSET_APOLLO_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:607 error: while searching for: break; case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: boot_straps = boot_straps_pch500; break; error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:714 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:749 Hunk #4 succeeded at 1017 (offset 5 lines). error: while searching for: {0x8086, 0x7a83, B_S, NT, "Intel", "Q670", enable_flash_pch600}, {0x8086, 0x7a84, B_S, DEP, "Intel", "Z690", enable_flash_pch600}, {0x8086, 0x7a88, B_S, NT, "Intel", "W680", enable_flash_pch600}, {0x8086, 0x7a8a, B_S, NT, "Intel", "W685", enable_flash_pch600}, {0x8086, 0x7a8d, B_S, NT, "Intel", "WM690", enable_flash_pch600}, {0x8086, 0x7a8c, B_S, NT, "Intel", "HM670", enable_flash_pch600}, {0x8086, 0x7e23, B_S, DEP, "Intel", "Meteor Lake-P/M", enable_flash_mtl}, {0}, error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:2175 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c... error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_ELKHART_LAKE: case CHIPSET_JASPER_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:48 error: while searching for: case CHIPSET_C620_SERIES_LEWISBURG: case CHIPSET_APOLLO_LAKE: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_GEMINI_LAKE: case CHIPSET_JASPER_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:77 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:215 error: while searching for: return freq_str[2][value]; case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: return freq_str[3][value]; case CHIPSET_ELKHART_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:313 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:361 error: while searching for: cs == CHIPSET_400_SERIES_COMET_POINT || cs == CHIPSET_500_SERIES_TIGER_POINT || cs == CHIPSET_600_SERIES_ALDER_POINT || cs == CHIPSET_JASPER_LAKE || cs == CHIPSET_METEOR_LAKE) { const char *const master_names[] = { "BIOS", "ME", "GbE", "unknown", "EC", error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:489 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_GEMINI_LAKE: case CHIPSET_JASPER_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:1087 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:1246 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:1291 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c... error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:1884 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:1923 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:1984 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:2064 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:2103 error: while searching for: ich_gen == CHIPSET_300_SERIES_CANNON_POINT || ich_gen == CHIPSET_400_SERIES_COMET_POINT || ich_gen == CHIPSET_500_SERIES_TIGER_POINT || ich_gen == CHIPSET_600_SERIES_ALDER_POINT)) { msg_pdbg("Enabling hardware sequencing by default for 100+ series PCH.\n"); ich_spi_mode = ich_hwseq; } error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:2140 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/include/programmer.h... error: while searching for: CHIPSET_400_SERIES_COMET_POINT, CHIPSET_500_SERIES_TIGER_POINT, CHIPSET_600_SERIES_ALDER_POINT, CHIPSET_METEOR_LAKE, CHIPSET_APOLLO_LAKE, CHIPSET_GEMINI_LAKE, error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/include/programmer.h:376 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/util/ich_descriptors_tool/ich_descriptors_tool.c... Hunk #1 succeeded at 239 (offset 1 line). Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c with 4 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Hunk #4 applied cleanly. Rejected hunk #5. Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c with 9 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Rejected hunk #4. Rejected hunk #5. Rejected hunk #6. Rejected hunk #7. Rejected hunk #8. Rejected hunk #9. Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c with 6 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Rejected hunk #4. Rejected hunk #5. Rejected hunk #6. Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/include/programmer.h with 1 reject... Rejected hunk #1. Applied patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/util/ich_descriptors_tool/ich_descriptors_tool.c cleanly. make: *** [Makefile:565: /home/user/heads/build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/.canary] Error 1 Signed-off-by: Thierry Laurion --- modules/flashrom | 6 +- .../0100-enable-kgpe-d16.patch | 1097 ----------------- .../0001-Add_RaptorPoint_PCH_support.patch | 234 ++++ 3 files changed, 237 insertions(+), 1100 deletions(-) delete mode 100644 patches/flashrom-b1f858f65b2abd276542650d8cb9e382da258967/0100-enable-kgpe-d16.patch create mode 100644 patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch diff --git a/modules/flashrom b/modules/flashrom index 43e5a3383..02f65e596 100644 --- a/modules/flashrom +++ b/modules/flashrom @@ -2,11 +2,11 @@ modules-$(CONFIG_FLASHROM) += flashrom flashrom_depends := pciutils $(musl_dep) -flashrom_version := 24b8fcfccef31fbb95bc1dd308180f57d5cdb64c +flashrom_version := eace095b15eb034e42d97202cad70ce979d8ca38 flashrom_dir := flashrom-$(flashrom_version) flashrom_tar := $(flashrom_dir).tar.gz -flashrom_url := https://github.com/Dasharo/flashrom/archive/$(flashrom_version).tar.gz -flashrom_hash := caf756af8177bb3eedff33071a089b8db0b1da82adb0260a90217e06fcf9844b +flashrom_url := https://github.com/flashrom/flashrom/archive/$(flashrom_version).tar.gz +flashrom_hash := 9eb81ec00d6c0ebe8ccd1b6a242b61e2b6b242ca1a6a66650d2701ca2a1f1972 # Default options for flashrom flashrom_cfg := \ diff --git a/patches/flashrom-b1f858f65b2abd276542650d8cb9e382da258967/0100-enable-kgpe-d16.patch b/patches/flashrom-b1f858f65b2abd276542650d8cb9e382da258967/0100-enable-kgpe-d16.patch deleted file mode 100644 index 2cca15b52..000000000 --- a/patches/flashrom-b1f858f65b2abd276542650d8cb9e382da258967/0100-enable-kgpe-d16.patch +++ /dev/null @@ -1,1097 +0,0 @@ -diff --git a/Makefile b/Makefile -index e475cbdb..27197f08 100644 ---- a/Makefile -+++ b/Makefile -@@ -263,6 +263,16 @@ UNSUPPORTED_FEATURES += CONFIG_GFXNVIDIA=yes - else - override CONFIG_GFXNVIDIA = no - endif -+ifeq ($(CONFIG_AST1100), yes) -+UNSUPPORTED_FEATURES += CONFIG_AST1100=yes -+else -+override CONFIG_AST1100 = no -+endif -+ifeq ($(CONFIG_AST2400), yes) -+UNSUPPORTED_FEATURES += CONFIG_AST2400=yes -+else -+override CONFIG_AST2400 = no -+endif - ifeq ($(CONFIG_SATASII), yes) - UNSUPPORTED_FEATURES += CONFIG_SATASII=yes - else -@@ -565,6 +575,16 @@ UNSUPPORTED_FEATURES += CONFIG_GFXNVIDIA=yes - else - override CONFIG_GFXNVIDIA = no - endif -+ifeq ($(CONFIG_AST1100), yes) -+UNSUPPORTED_FEATURES += CONFIG_AST1100=yes -+else -+override CONFIG_AST1100 = no -+endif -+ifeq ($(CONFIG_AST2400), yes) -+UNSUPPORTED_FEATURES += CONFIG_AST2400=yes -+else -+override CONFIG_AST2400 = no -+endif - ifeq ($(CONFIG_SATASII), yes) - UNSUPPORTED_FEATURES += CONFIG_SATASII=yes - else -@@ -692,6 +712,12 @@ CONFIG_NIC3COM ?= yes - # Enable NVIDIA graphics cards. Note: write and erase do not work properly. - CONFIG_GFXNVIDIA ?= yes - -+# Enable AST1100 BMC SoCs. -+CONFIG_AST1100 ?= yes -+ -+# Enable AST2400 BMC SoCs. -+CONFIG_AST2400 ?= yes -+ - # Always enable SiI SATA controllers for now. - CONFIG_SATASII ?= yes - -@@ -819,6 +845,8 @@ ifeq ($(CONFIG_ENABLE_LIBPCI_PROGRAMMERS), no) - override CONFIG_INTERNAL = no - override CONFIG_NIC3COM = no - override CONFIG_GFXNVIDIA = no -+override CONFIG_AST1100 = no -+override CONFIG_AST2400 = no - override CONFIG_SATASII = no - override CONFIG_ATAHPT = no - override CONFIG_ATAVIA = no -@@ -946,6 +974,18 @@ PROGRAMMER_OBJS += gfxnvidia.o - NEED_LIBPCI += CONFIG_GFXNVIDIA - endif - -+ifeq ($(CONFIG_AST1100), yes) -+FEATURE_CFLAGS += -D'CONFIG_AST1100=1' -+PROGRAMMER_OBJS += ast1100.o -+NEED_LIBPCI += CONFIG_AST1100 -+endif -+ -+ifeq ($(CONFIG_AST2400), yes) -+FEATURE_CFLAGS += -D'CONFIG_AST2400=1' -+PROGRAMMER_OBJS += ast2400.o -+NEED_LIBPCI += CONFIG_AST2400 -+endif -+ - ifeq ($(CONFIG_SATASII), yes) - FEATURE_CFLAGS += -D'CONFIG_SATASII=1' - PROGRAMMER_OBJS += satasii.o -diff --git a/ast1100.c b/ast1100.c -new file mode 100644 -index 00000000..c7474e5d ---- /dev/null -+++ b/ast1100.c -@@ -0,0 +1,420 @@ -+/* -+ * This file is part of the flashrom project. -+ * -+ * Copyright (C) 2017 Raptor Engineering, LLC -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+ */ -+ -+#include -+#include -+#include "flash.h" -+#include "programmer.h" -+#include "hwaccess.h" -+ -+#define PCI_VENDOR_ID_ASPEED 0x1a03 -+ -+#define ASPEED_MEMMAP_SIZE (128 * 1024) -+#define ASPEED_P2A_OFFSET 0x10000 -+ -+#define AST1100_SCU_APB_ADDR 0x1e6e2000 -+#define AST1100_SCU_APB_BRIDGE_OFFSET (AST1100_SCU_APB_ADDR & 0xffff) -+#define AST1100_SCU_PROT_KEY 0x00 -+#define AST1100_SCU_HW_STRAP 0x70 -+ -+#define AST1100_SCU_PASSWORD 0x1688a8a8 -+#define AST1100_SCU_BOOT_SRC_MASK 0x3 -+#define AST1100_SCU_BOOT_SPI 0x2 -+#define AST1100_SCU_BOOT_NONE 0x3 -+ -+#define AST1100_SMC_APB_ADDR 0x16000000 -+#define AST1100_SMC_SMC00 0x00 -+#define AST1100_SMC_CE_CTL(N) (0x4 + (N * 4)) -+ -+#define AST1100_SMC_SEGMENT_SIZE_MASK 0x3 -+#define AST1100_SMC_SEGMENT_SIZE_32M 0x0 -+#define AST1100_SMC_SEGMENT_SIZE_16M 0x1 -+#define AST1100_SMC_SEGMENT_SIZE_8M 0x2 -+#define AST1100_SMC_SEGMENT_SIZE_4M 0x3 -+ -+#define AST1100_SMC_FLASH_MMIO_ADDR 0x10000000 -+ -+#define AST1100_SPI_CMD_FAST_R_MODE 0x1 -+#define AST1100_SPI_CMD_USER_MODE 0x3 -+#define AST1100_SPI_CMD_MASK 0x3 -+#define AST1100_SPI_STOP_CE_ACTIVE (0x1 << 2) -+#define AST1100_SPI_SPEED_SHIFT 8 -+#define AST1100_SPI_SPEED_MASK (0x7 << AST1100_SPI_SPEED_SHIFT) -+ -+#define AST1100_SPI_FLASH_MMIO_ADDR 0x30000000 -+ -+#define AST1100_WDT_APB_ADDR 0x1e785000 -+#define AST1100_WDT_APB_BRIDGE_OFFSET (AST1100_WDT_APB_ADDR & 0xffff) -+ -+#define AST1100_WDT1_CTR 0x00 -+#define AST1100_WDT1_CTR_RELOAD 0x04 -+#define AST1100_WDT1_CTR_RESTART 0x08 -+#define AST1100_WDT1_CTL 0x0c -+ -+#define AST1100_WDT_SET_CLOCK (0x1 << 4) -+#define AST1100_WDT_RESET_SYSTEM (0x1 << 1) -+#define AST1100_WDT_ENABLE (0x1 << 0) -+ -+uint8_t *ast1100_device_bar = 0; -+uint8_t ast1100_device_spi_bus = 0; -+uint8_t ast1100_device_spi_speed = 0; -+uint8_t ast1100_device_halt_cpu = 0; -+uint8_t ast1100_device_reset_cpu = 0; -+uint8_t ast1100_device_resume_cpu = 0; -+uint8_t ast1100_device_tickle_fw = 0; -+uint32_t ast1100_device_flash_mmio_offset = 0; -+uint32_t ast1100_original_wdt_conf = 0; -+ -+const struct dev_entry bmc_aspeed_ast1100[] = { -+ {PCI_VENDOR_ID_ASPEED, 0x2000, OK, "ASPEED", "AST1100" }, -+ -+ {0}, -+}; -+ -+static int ast1100_spi_send_command(struct flashctx *flash, -+ unsigned int writecnt, unsigned int readcnt, -+ const unsigned char *writearr, -+ unsigned char *readarr); -+ -+static const struct spi_master spi_master_ast1100 = { -+ .max_data_read = 256, -+ .max_data_write = 256, -+ .command = ast1100_spi_send_command, -+ .multicommand = default_spi_send_multicommand, -+ .read = default_spi_read, -+ .write_256 = default_spi_write_256, -+ .write_aai = default_spi_write_aai, -+}; -+ -+static int ast1100_set_a2b_bridge_scu(void) -+{ -+ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); -+ pci_mmio_writel(AST1100_SCU_APB_ADDR & 0xffff0000, ast1100_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast1100_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast1100_set_a2b_bridge_wdt(void) -+{ -+ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); -+ pci_mmio_writel(AST1100_WDT_APB_ADDR & 0xffff0000, ast1100_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast1100_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast1100_set_a2b_bridge_smc(void) -+{ -+ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); -+ pci_mmio_writel(AST1100_SMC_APB_ADDR, ast1100_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast1100_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast1100_set_a2b_bridge_smc_flash(void) -+{ -+ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); -+ pci_mmio_writel(AST1100_SMC_FLASH_MMIO_ADDR + ast1100_device_flash_mmio_offset, ast1100_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast1100_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast1100_disable_cpu(void) { -+ uint32_t dword; -+ -+ if (ast1100_device_halt_cpu) { -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_HW_STRAP); -+ if (((dword & AST1100_SCU_BOOT_SRC_MASK) != AST1100_SCU_BOOT_SPI) -+ && ((dword & AST1100_SCU_BOOT_SRC_MASK) != AST1100_SCU_BOOT_NONE)) { /* NONE permitted to allow for BMC recovery after Ctrl+C or crash */ -+ msg_perr("CPU halt requested but CPU firmware source is not SPI.\n"); -+ pci_mmio_writel(0x0, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_PROT_KEY); -+ ast1100_device_halt_cpu = 0; -+ return 1; -+ } -+ -+ /* Disable CPU */ -+ ast1100_set_a2b_bridge_scu(); -+ pci_mmio_writel((dword & ~AST1100_SCU_BOOT_SRC_MASK) | AST1100_SCU_BOOT_NONE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_HW_STRAP); -+ ast1100_original_wdt_conf = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); -+ pci_mmio_writel(ast1100_original_wdt_conf & 0xffff0, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); -+ } -+ -+ return 0; -+} -+ -+static int ast1100_enable_cpu(void) { -+ uint32_t dword; -+ -+ if (ast1100_device_halt_cpu && ast1100_device_resume_cpu) { -+ /* Re-enable CPU */ -+ ast1100_set_a2b_bridge_scu(); -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_HW_STRAP); -+ pci_mmio_writel((dword & ~AST1100_SCU_BOOT_SRC_MASK) | AST1100_SCU_BOOT_SPI, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_HW_STRAP); -+ } -+ -+ return 0; -+} -+ -+static int ast1100_reset_cpu(void) { -+ if (ast1100_device_reset_cpu) { -+ /* Disable WDT from issuing full SoC reset -+ * Without this, OpenPOWER systems will crash when the GPIO blocks are reset on WDT timeout -+ */ -+ msg_pinfo("Configuring P2A bridge for WDT access\n"); -+ ast1100_set_a2b_bridge_wdt(); -+ ast1100_original_wdt_conf = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); -+ -+ /* Initiate reset */ -+ msg_pinfo("Setting WDT to reset CPU immediately\n"); -+ pci_mmio_writel(ast1100_original_wdt_conf & 0xffff0, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); -+ pci_mmio_writel(0xec08ce00, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTR_RELOAD); -+ pci_mmio_writel(0x4755, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTR_RESTART); -+ pci_mmio_writel(AST1100_WDT_SET_CLOCK, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); -+ pci_mmio_writel(AST1100_WDT_RESET_SYSTEM | AST1100_WDT_ENABLE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); -+ -+ } -+ -+ return 0; -+} -+ -+static int ast1100_shutdown(void *data) { -+ /* Reactivate CPU if previously deactivated */ -+ ast1100_enable_cpu(); -+ -+ /* Reset CPU if requested */ -+ ast1100_reset_cpu(); -+ -+ /* Disable backdoor APB access */ -+ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+int ast1100_init(void) -+{ -+ struct pci_dev *dev = NULL; -+ uint32_t dword; -+ -+ char *arg; -+ -+ ast1100_device_spi_bus = 0; -+ arg = extract_programmer_param("spibus"); -+ if (arg) -+ ast1100_device_spi_bus = strtol(arg, NULL, 0); -+ free(arg); -+ -+ ast1100_device_spi_speed = 0; -+ arg = extract_programmer_param("spispeed"); -+ if (arg) -+ ast1100_device_spi_speed = strtol(arg, NULL, 0); -+ free(arg); -+ -+ ast1100_device_halt_cpu = 0; -+ arg = extract_programmer_param("cpu"); -+ if (arg && !strcmp(arg,"pause")) { -+ ast1100_device_halt_cpu = 1; -+ ast1100_device_resume_cpu = 1; -+ ast1100_device_reset_cpu = 0; -+ } -+ else if (arg && !strcmp(arg,"halt")) { -+ ast1100_device_halt_cpu = 1; -+ ast1100_device_resume_cpu = 0; -+ ast1100_device_reset_cpu = 0; -+ } -+ else if (arg && !strcmp(arg,"reset")) { -+ ast1100_device_halt_cpu = 1; -+ ast1100_device_resume_cpu = 1; -+ ast1100_device_reset_cpu = 1; -+ } -+ else if (arg) { -+ msg_perr("Invalid CPU option! Valid values are: pause | halt | reset\n"); -+ return 1; -+ } -+ arg = extract_programmer_param("tickle"); -+ if (arg && !strcmp(arg,"true")) -+ ast1100_device_tickle_fw = 1; -+ free(arg); -+ -+ if (ast1100_device_spi_bus > 2) { -+ msg_perr("SPI bus number out of range! Valid values are 0 - 2.\n"); -+ return 1; -+ } -+ -+ if (rget_io_perms()) -+ return 1; -+ -+ dev = pcidev_init(bmc_aspeed_ast1100, PCI_BASE_ADDRESS_1); -+ if (!dev) -+ return 1; -+ -+ uintptr_t io_base_addr = pcidev_readbar(dev, PCI_BASE_ADDRESS_1); -+ if (!io_base_addr) -+ return 1; -+ -+ msg_pinfo("Detected ASPEED MMIO base address: %p.\n", (void*)io_base_addr); -+ -+ ast1100_device_bar = rphysmap("ASPEED", io_base_addr, ASPEED_MEMMAP_SIZE); -+ if (ast1100_device_bar == ERROR_PTR) -+ return 1; -+ -+ if (register_shutdown(ast1100_shutdown, dev)) -+ return 1; -+ -+ io_base_addr += ASPEED_P2A_OFFSET; -+ msg_pinfo("ASPEED P2A base address: %p.\n", (void*)io_base_addr); -+ -+ msg_pinfo("Configuring P2A bridge for SCU access\n"); -+ ast1100_set_a2b_bridge_scu(); -+ pci_mmio_writel(AST1100_SCU_PASSWORD, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_PROT_KEY); -+ -+ /* Halt CPU if requested */ -+ if (ast1100_disable_cpu()) -+ return 1; -+ -+ msg_pinfo("Configuring P2A bridge for SMC access\n"); -+ ast1100_set_a2b_bridge_smc(); -+ -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_SMC00); -+ if (((dword >> ((ast1100_device_spi_bus * 2) + 4)) & 0x3) != 0x2) { -+ msg_perr("CE%01x Flash type is not SPI!\n", ast1100_device_spi_bus); -+ return 1; -+ } -+ -+ msg_pinfo("Setting CE%01x SPI relative clock speed to %d\n", ast1100_device_spi_bus, ast1100_device_spi_speed); -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ dword &= ~AST1100_SPI_SPEED_MASK; -+ pci_mmio_writel(dword | ((ast1100_device_spi_speed << AST1100_SPI_SPEED_SHIFT) & AST1100_SPI_SPEED_MASK), ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ -+ msg_pinfo("Enabling CE%01x write\n", ast1100_device_spi_bus); -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_SMC00); -+ pci_mmio_writel(dword | (0x1 << (10 + ast1100_device_spi_bus)), ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_SMC00); -+ -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_SMC00); -+ dword &= AST1100_SMC_SEGMENT_SIZE_MASK; -+ switch (dword & AST1100_SMC_SEGMENT_SIZE_MASK) { -+ case AST1100_SMC_SEGMENT_SIZE_32M: -+ ast1100_device_flash_mmio_offset = 0x2000000; -+ break; -+ case AST1100_SMC_SEGMENT_SIZE_16M: -+ ast1100_device_flash_mmio_offset = 0x1000000; -+ break; -+ case AST1100_SMC_SEGMENT_SIZE_8M: -+ ast1100_device_flash_mmio_offset = 0x800000; -+ break; -+ case AST1100_SMC_SEGMENT_SIZE_4M: -+ ast1100_device_flash_mmio_offset = 0x400000; -+ break; -+ default: -+ ast1100_device_flash_mmio_offset = 0x2000000; -+ } -+ msg_pinfo("Segment size: 0x%08x\n", ast1100_device_flash_mmio_offset); -+ -+ ast1100_device_flash_mmio_offset = ast1100_device_flash_mmio_offset * ast1100_device_spi_bus; -+ msg_pinfo("Using CE%01x offset 0x%08x\n", ast1100_device_spi_bus, ast1100_device_flash_mmio_offset); -+ -+ register_spi_master(&spi_master_ast1100); -+ -+ return 0; -+} -+ -+static void ast1100_spi_xfer_data(struct flashctx *flash, -+ unsigned int writecnt, unsigned int readcnt, -+ const unsigned char *writearr, -+ unsigned char *readarr) -+{ -+ unsigned int i; -+ uint32_t dword; -+ -+ for (i = 0; i < writecnt; i++) -+ msg_pspew("[%02x]", writearr[i]); -+ msg_pspew("\n"); -+ -+ for (i = 0; i < writecnt; i=i+4) { -+ if ((writecnt - i) < 4) -+ break; -+ dword = writearr[i]; -+ dword |= writearr[i + 1] << 8; -+ dword |= writearr[i + 2] << 16; -+ dword |= writearr[i + 3] << 24; -+ pci_mmio_writel(dword, ast1100_device_bar + ASPEED_P2A_OFFSET); -+ } -+ for (; i < writecnt; i++) -+ pci_mmio_writeb(writearr[i], ast1100_device_bar + ASPEED_P2A_OFFSET); -+ programmer_delay(1); -+ for (i = 0; i < readcnt;) { -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET); -+ if (i < readcnt) -+ readarr[i] = dword & 0xff; -+ i++; -+ if (i < readcnt) -+ readarr[i] = (dword >> 8) & 0xff; -+ i++; -+ if (i < readcnt) -+ readarr[i] = (dword >> 16) & 0xff; -+ i++; -+ if (i < readcnt) -+ readarr[i] = (dword >> 24) & 0xff; -+ i++; -+ } -+ -+ for (i = 0; i < readcnt; i++) -+ msg_pspew("[%02x]", readarr[i]); -+ msg_pspew("\n"); -+} -+ -+/* Returns 0 upon success, a negative number upon errors. */ -+static int ast1100_spi_send_command(struct flashctx *flash, -+ unsigned int writecnt, unsigned int readcnt, -+ const unsigned char *writearr, -+ unsigned char *readarr) -+{ -+ uint32_t dword; -+ -+ msg_pspew("%s, cmd=0x%02x, writecnt=%d, readcnt=%d\n", __func__, *writearr, writecnt, readcnt); -+ -+ /* Set up user command mode */ -+ ast1100_set_a2b_bridge_smc(); -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ pci_mmio_writel(dword | AST1100_SPI_CMD_USER_MODE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ pci_mmio_writel(dword & ~AST1100_SPI_STOP_CE_ACTIVE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ -+ /* Transfer data */ -+ ast1100_set_a2b_bridge_smc_flash(); -+ ast1100_spi_xfer_data(flash, writecnt, readcnt, writearr, readarr); -+ -+ /* Tear down user command mode */ -+ ast1100_set_a2b_bridge_smc(); -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ pci_mmio_writel(dword | AST1100_SPI_STOP_CE_ACTIVE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ pci_mmio_writel((dword & ~AST1100_SPI_CMD_MASK) | AST1100_SPI_CMD_FAST_R_MODE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ -+ if (ast1100_device_tickle_fw) { -+ ast1100_enable_cpu(); -+ programmer_delay(100); -+ ast1100_disable_cpu(); -+ } -+ -+ return 0; -+} -diff --git a/ast2400.c b/ast2400.c -new file mode 100644 -index 00000000..761a38d4 ---- /dev/null -+++ b/ast2400.c -@@ -0,0 +1,425 @@ -+/* -+ * This file is part of the flashrom project. -+ * -+ * Copyright (C) 2016 - 2017 Raptor Engineering, LLC -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+ */ -+ -+#include -+#include -+#include "flash.h" -+#include "programmer.h" -+#include "hwaccess.h" -+ -+#define PCI_VENDOR_ID_ASPEED 0x1a03 -+ -+#define ASPEED_MEMMAP_SIZE (128 * 1024) -+#define ASPEED_P2A_OFFSET 0x10000 -+ -+#define AST2400_SCU_APB_ADDR 0x1e6e2000 -+#define AST2400_SCU_APB_BRIDGE_OFFSET (AST2400_SCU_APB_ADDR & 0xffff) -+#define AST2400_SCU_PROT_KEY 0x00 -+#define AST2400_SCU_MISC_CTL 0x2c -+#define AST2400_SCU_HW_STRAP 0x70 -+ -+#define AST2400_SCU_PASSWORD 0x1688a8a8 -+#define AST2400_SCU_BOOT_SRC_MASK 0x3 -+#define AST2400_SCU_BOOT_SPI 0x2 -+#define AST2400_SCU_BOOT_NONE 0x3 -+ -+#define AST2400_SMC_APB_ADDR 0x1e620000 -+#define AST2400_SMC_FMC00 0x00 -+#define AST2400_SMC_CE_CTL(N) (0x10 + (N * 4)) -+#define AST2400_SMC_CE_SEG(N) (0x30 + (N * 4)) -+ -+#define AST2400_SMC_FLASH_MMIO_ADDR 0x20000000 -+ -+#define AST2400_SPI_APB_ADDR 0x1e630000 -+#define AST2400_SPI_CFG 0x00 -+#define AST2400_SPI_CTL 0x04 -+ -+#define AST2400_SPI_CFG_WRITE_EN 0x1 -+#define AST2400_SPI_CMD_FAST_R_MODE 0x1 -+#define AST2400_SPI_CMD_USER_MODE 0x3 -+#define AST2400_SPI_CMD_MASK 0x3 -+#define AST2400_SPI_STOP_CE_ACTIVE (0x1 << 2) -+#define AST2400_SPI_CPOL_1 (0x1 << 4) -+#define AST2400_SPI_LSB_FIRST_CTRL (0x1 << 5) -+#define AST2400_SPI_SPEED_MASK (0xf << 8) -+#define AST2400_SPI_IO_MODE_MASK (0x3 << 28) -+ -+#define AST2400_SPI_FLASH_MMIO_ADDR 0x30000000 -+ -+#define AST2400_WDT_APB_ADDR 0x1e785000 -+#define AST2400_WDT_APB_BRIDGE_OFFSET (AST2400_WDT_APB_ADDR & 0xffff) -+ -+#define AST2400_WDT1_CTL 0x0c -+ -+#define AST2400_WDT_RESET_MODE_MASK (0x3 << 5) -+#define AST2400_WDT_RESET_CPU_ONLY (0x2 << 5) -+ -+uint8_t *ast2400_device_bar = 0; -+uint8_t ast2400_device_spi_bus = 0; -+uint8_t ast2400_device_halt_cpu = 0; -+uint8_t ast2400_device_resume_cpu = 0; -+uint8_t ast2400_device_tickle_fw = 0; -+uint32_t ast2400_device_flash_mmio_offset = 0; -+uint32_t ast2400_device_host_mode = 0; -+uint32_t ast2400_original_wdt_conf = 0; -+ -+const struct dev_entry bmc_aspeed_ast2400[] = { -+ {PCI_VENDOR_ID_ASPEED, 0x2000, OK, "ASPEED", "AST2400" }, -+ -+ {0}, -+}; -+ -+static int ast2400_spi_send_command(struct flashctx *flash, -+ unsigned int writecnt, unsigned int readcnt, -+ const unsigned char *writearr, -+ unsigned char *readarr); -+ -+static const struct spi_master spi_master_ast2400 = { -+ .max_data_read = 256, -+ .max_data_write = 256, -+ .command = ast2400_spi_send_command, -+ .multicommand = default_spi_send_multicommand, -+ .read = default_spi_read, -+ .write_256 = default_spi_write_256, -+ .write_aai = default_spi_write_aai, -+}; -+ -+static int ast2400_set_a2b_bridge_scu(void) -+{ -+ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); -+ pci_mmio_writel(AST2400_SCU_APB_ADDR & 0xffff0000, ast2400_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast2400_set_a2b_bridge_wdt(void) -+{ -+ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); -+ pci_mmio_writel(AST2400_WDT_APB_ADDR & 0xffff0000, ast2400_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast2400_set_a2b_bridge_smc(void) -+{ -+ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); -+ pci_mmio_writel(AST2400_SMC_APB_ADDR, ast2400_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast2400_set_a2b_bridge_spi(void) -+{ -+ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); -+ pci_mmio_writel(AST2400_SPI_APB_ADDR, ast2400_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast2400_set_a2b_bridge_smc_flash(void) -+{ -+ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); -+ pci_mmio_writel(AST2400_SMC_FLASH_MMIO_ADDR + ast2400_device_flash_mmio_offset, ast2400_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast2400_set_a2b_bridge_spi_flash(void) -+{ -+ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); -+ pci_mmio_writel(AST2400_SPI_FLASH_MMIO_ADDR, ast2400_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast2400_disable_cpu(void) { -+ uint32_t dword; -+ -+ if (ast2400_device_halt_cpu) { -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_HW_STRAP); -+ if (((dword & AST2400_SCU_BOOT_SRC_MASK) != AST2400_SCU_BOOT_SPI) -+ && ((dword & AST2400_SCU_BOOT_SRC_MASK) != AST2400_SCU_BOOT_NONE)) { /* NONE permitted to allow for BMC recovery after Ctrl+C or crash */ -+ msg_perr("CPU halt requested but CPU firmware source is not SPI.\n"); -+ pci_mmio_writel(0x0, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_PROT_KEY); -+ ast2400_device_halt_cpu = 0; -+ return 1; -+ } -+ -+ /* Disable WDT from issuing full SoC reset -+ * Without this, OpenPOWER systems will crash when the GPIO blocks are reset on WDT timeout -+ */ -+ msg_pinfo("Configuring P2A bridge for WDT access\n"); -+ ast2400_set_a2b_bridge_wdt(); -+ ast2400_original_wdt_conf = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_WDT_APB_BRIDGE_OFFSET + AST2400_WDT1_CTL); -+ pci_mmio_writel((ast2400_original_wdt_conf & ~AST2400_WDT_RESET_MODE_MASK) | AST2400_WDT_RESET_CPU_ONLY, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_WDT_APB_BRIDGE_OFFSET + AST2400_WDT1_CTL); -+ -+ /* Disable CPU */ -+ ast2400_set_a2b_bridge_scu(); -+ pci_mmio_writel((dword & ~AST2400_SCU_BOOT_SRC_MASK) | AST2400_SCU_BOOT_NONE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_HW_STRAP); -+ } -+ -+ return 0; -+} -+ -+static int ast2400_enable_cpu(void) { -+ uint32_t dword; -+ -+ if (ast2400_device_halt_cpu && ast2400_device_resume_cpu) { -+ /* Re-enable CPU */ -+ ast2400_set_a2b_bridge_scu(); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_HW_STRAP); -+ pci_mmio_writel((dword & ~AST2400_SCU_BOOT_SRC_MASK) | AST2400_SCU_BOOT_SPI, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_HW_STRAP); -+ -+ /* Reset WDT configuration */ -+ ast2400_set_a2b_bridge_wdt(); -+ pci_mmio_writel((ast2400_original_wdt_conf & ~AST2400_WDT_RESET_MODE_MASK) | AST2400_WDT_RESET_CPU_ONLY, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_WDT_APB_BRIDGE_OFFSET + AST2400_WDT1_CTL); -+ } -+ -+ return 0; -+} -+ -+static int ast2400_shutdown(void *data) { -+ /* Reactivate CPU if previously deactivated */ -+ ast2400_enable_cpu(); -+ -+ /* Disable backdoor APB access */ -+ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+int ast2400_init(void) -+{ -+ struct pci_dev *dev = NULL; -+ uint32_t dword; -+ uint8_t divisor; -+ -+ char *arg; -+ -+ ast2400_device_spi_bus = 0; -+ arg = extract_programmer_param("spibus"); -+ if (arg) { -+ if (!strcmp(arg,"host")) -+ ast2400_device_host_mode = 1; -+ else -+ ast2400_device_spi_bus = strtol(arg, NULL, 0); -+ } -+ free(arg); -+ -+ ast2400_device_halt_cpu = 0; -+ arg = extract_programmer_param("cpu"); -+ if (arg && !strcmp(arg,"pause")) { -+ ast2400_device_halt_cpu = 1; -+ ast2400_device_resume_cpu = 1; -+ } -+ if (arg && !strcmp(arg,"halt")) { -+ ast2400_device_halt_cpu = 1; -+ ast2400_device_resume_cpu = 0; -+ } -+ arg = extract_programmer_param("tickle"); -+ if (arg && !strcmp(arg,"true")) -+ ast2400_device_tickle_fw = 1; -+ free(arg); -+ -+ if ((ast2400_device_host_mode == 0) && (ast2400_device_spi_bus > 4)) { -+ msg_perr("SPI bus number out of range! Valid values are 0 - 4.\n"); -+ return 1; -+ } -+ -+ if (rget_io_perms()) -+ return 1; -+ -+ dev = pcidev_init(bmc_aspeed_ast2400, PCI_BASE_ADDRESS_1); -+ if (!dev) -+ return 1; -+ -+ uintptr_t io_base_addr = pcidev_readbar(dev, PCI_BASE_ADDRESS_1); -+ if (!io_base_addr) -+ return 1; -+ -+ msg_pinfo("Detected ASPEED MMIO base address: %p.\n", (void*)io_base_addr); -+ -+ ast2400_device_bar = rphysmap("ASPEED", io_base_addr, ASPEED_MEMMAP_SIZE); -+ if (ast2400_device_bar == ERROR_PTR) -+ return 1; -+ -+ if (register_shutdown(ast2400_shutdown, dev)) -+ return 1; -+ -+ io_base_addr += ASPEED_P2A_OFFSET; -+ msg_pinfo("ASPEED P2A base address: %p.\n", (void*)io_base_addr); -+ -+ msg_pinfo("Configuring P2A bridge for SCU access\n"); -+ ast2400_set_a2b_bridge_scu(); -+ pci_mmio_writel(AST2400_SCU_PASSWORD, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_PROT_KEY); -+ -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_MISC_CTL); -+ pci_mmio_writel(dword & ~((0x1 << 24) | (0x2 << 22)), ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_MISC_CTL); -+ -+ /* Halt CPU if requested */ -+ if (ast2400_disable_cpu()) -+ return 1; -+ -+ msg_pinfo("Configuring P2A bridge for SMC access\n"); -+ ast2400_set_a2b_bridge_smc(); -+ -+ if (ast2400_device_host_mode) { -+ msg_pinfo("Configuring P2A bridge for SPI access\n"); -+ ast2400_set_a2b_bridge_spi(); -+ -+ divisor = 0; /* Slowest speed for now */ -+ -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); -+ dword &= ~AST2400_SPI_SPEED_MASK; -+ dword |= (divisor << 8); -+ dword &= ~AST2400_SPI_CPOL_1; -+ dword &= ~AST2400_SPI_LSB_FIRST_CTRL; /* MSB first */ -+ dword &= ~AST2400_SPI_IO_MODE_MASK; /* Single bit I/O mode */ -+ pci_mmio_writel(dword, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); -+ } -+ else { -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_FMC00); -+ if (((dword >> (ast2400_device_spi_bus * 2)) & 0x3) != 0x2) { -+ msg_perr("CE%01x Flash type is not SPI!\n", ast2400_device_spi_bus); -+ return 1; -+ } -+ -+ msg_pinfo("Enabling CE%01x write\n", ast2400_device_spi_bus); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_FMC00); -+ pci_mmio_writel(dword | (0x1 << (16 + ast2400_device_spi_bus)), ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_FMC00); -+ -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_SEG(ast2400_device_spi_bus)); -+ ast2400_device_flash_mmio_offset = ((dword >> 16) & 0x3f) * 0x800000; -+ msg_pinfo("Using CE%01x offset 0x%08x\n", ast2400_device_spi_bus, ast2400_device_flash_mmio_offset); -+ } -+ -+ register_spi_master(&spi_master_ast2400); -+ -+ return 0; -+} -+ -+static void ast2400_spi_xfer_data(struct flashctx *flash, -+ unsigned int writecnt, unsigned int readcnt, -+ const unsigned char *writearr, -+ unsigned char *readarr) -+{ -+ unsigned int i; -+ uint32_t dword; -+ -+ for (i = 0; i < writecnt; i++) -+ msg_pspew("[%02x]", writearr[i]); -+ msg_pspew("\n"); -+ -+ for (i = 0; i < writecnt; i=i+4) { -+ if ((writecnt - i) < 4) -+ break; -+ dword = writearr[i]; -+ dword |= writearr[i + 1] << 8; -+ dword |= writearr[i + 2] << 16; -+ dword |= writearr[i + 3] << 24; -+ pci_mmio_writel(dword, ast2400_device_bar + ASPEED_P2A_OFFSET); -+ } -+ for (; i < writecnt; i++) -+ pci_mmio_writeb(writearr[i], ast2400_device_bar + ASPEED_P2A_OFFSET); -+ programmer_delay(1); -+ for (i = 0; i < readcnt;) { -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET); -+ if (i < readcnt) -+ readarr[i] = dword & 0xff; -+ i++; -+ if (i < readcnt) -+ readarr[i] = (dword >> 8) & 0xff; -+ i++; -+ if (i < readcnt) -+ readarr[i] = (dword >> 16) & 0xff; -+ i++; -+ if (i < readcnt) -+ readarr[i] = (dword >> 24) & 0xff; -+ i++; -+ } -+ -+ for (i = 0; i < readcnt; i++) -+ msg_pspew("[%02x]", readarr[i]); -+ msg_pspew("\n"); -+} -+ -+/* Returns 0 upon success, a negative number upon errors. */ -+static int ast2400_spi_send_command(struct flashctx *flash, -+ unsigned int writecnt, unsigned int readcnt, -+ const unsigned char *writearr, -+ unsigned char *readarr) -+{ -+ uint32_t dword; -+ -+ msg_pspew("%s, cmd=0x%02x, writecnt=%d, readcnt=%d\n", __func__, *writearr, writecnt, readcnt); -+ -+ if (ast2400_device_host_mode) { -+ /* Set up user command mode */ -+ ast2400_set_a2b_bridge_spi(); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CFG); -+ pci_mmio_writel(dword | AST2400_SPI_CFG_WRITE_EN, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CFG); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); -+ pci_mmio_writel(dword | AST2400_SPI_CMD_USER_MODE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); -+ -+ /* Transfer data */ -+ ast2400_set_a2b_bridge_spi_flash(); -+ ast2400_spi_xfer_data(flash, writecnt, readcnt, writearr, readarr); -+ -+ /* Tear down user command mode */ -+ ast2400_set_a2b_bridge_spi(); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); -+ pci_mmio_writel((dword & ~AST2400_SPI_CMD_MASK) | AST2400_SPI_CMD_FAST_R_MODE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CFG); -+ pci_mmio_writel(dword & ~AST2400_SPI_CFG_WRITE_EN, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CFG); -+ } -+ else { -+ /* Set up user command mode */ -+ ast2400_set_a2b_bridge_smc(); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ pci_mmio_writel(dword | AST2400_SPI_CMD_USER_MODE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ pci_mmio_writel(dword & ~AST2400_SPI_STOP_CE_ACTIVE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ -+ /* Transfer data */ -+ ast2400_set_a2b_bridge_smc_flash(); -+ ast2400_spi_xfer_data(flash, writecnt, readcnt, writearr, readarr); -+ -+ /* Tear down user command mode */ -+ ast2400_set_a2b_bridge_smc(); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ pci_mmio_writel(dword | AST2400_SPI_STOP_CE_ACTIVE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ pci_mmio_writel((dword & ~AST2400_SPI_CMD_MASK) | AST2400_SPI_CMD_FAST_R_MODE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ } -+ -+ if (ast2400_device_tickle_fw) { -+ ast2400_enable_cpu(); -+ programmer_delay(100); -+ ast2400_disable_cpu(); -+ } -+ -+ return 0; -+} -diff --git a/flashchips.c b/flashchips.c -index 7d10abf5..7d4b3ee8 100644 ---- a/flashchips.c -+++ b/flashchips.c -@@ -12388,7 +12388,7 @@ const struct flashchip flashchips[] = { - .total_size = 1024, - .page_size = 256, - .feature_bits = FEATURE_WRSR_WREN, -- .tested = TEST_UNTESTED, -+ .tested = TEST_OK_PREW, - .probe = probe_spi_rdid, - .probe_timing = TIMING_ZERO, - .block_erasers = -@@ -16774,11 +16774,20 @@ const struct flashchip flashchips[] = { - .block_erasers = - { - { -+ .eraseblocks = { {4 * 1024, 8192} }, -+ .block_erase = spi_block_erase_21, -+ }, { - .eraseblocks = { {4 * 1024, 8192} }, - .block_erase = spi_block_erase_20, -+ }, { -+ .eraseblocks = { {32 * 1024, 1024} }, -+ .block_erase = spi_block_erase_5c, - }, { - .eraseblocks = { {32 * 1024, 1024} }, - .block_erase = spi_block_erase_52, -+ }, { -+ .eraseblocks = { {64 * 1024, 512} }, -+ .block_erase = spi_block_erase_dc, - }, { - .eraseblocks = { {64 * 1024, 512} }, - .block_erase = spi_block_erase_d8, -diff --git a/flashrom.c b/flashrom.c -index c18a04fc..42ce989a 100644 ---- a/flashrom.c -+++ b/flashrom.c -@@ -6,6 +6,7 @@ - * Copyright (C) 2005-2008 coresystems GmbH - * Copyright (C) 2008,2009 Carl-Daniel Hailfinger - * Copyright (C) 2016 secunet Security Networks AG -+ * Copyright (C) 2016-2017 Raptor Engineering, LLC - * (Written by Nico Huber for secunet) - * - * This program is free software; you can redistribute it and/or modify -@@ -157,6 +158,30 @@ const struct programmer_entry programmer_table[] = { - }, - #endif - -+#if CONFIG_AST1100 == 1 -+ { -+ .name = "ast1100", -+ .type = PCI, -+ .devs.dev = bmc_aspeed_ast1100, -+ .init = ast1100_init, -+ .map_flash_region = fallback_map, -+ .unmap_flash_region = fallback_unmap, -+ .delay = internal_delay, -+ }, -+#endif -+ -+#if CONFIG_AST2400 == 1 -+ { -+ .name = "ast2400", -+ .type = PCI, -+ .devs.dev = bmc_aspeed_ast2400, -+ .init = ast2400_init, -+ .map_flash_region = fallback_map, -+ .unmap_flash_region = fallback_unmap, -+ .delay = internal_delay, -+ }, -+#endif -+ - #if CONFIG_DRKAISER == 1 - { - .name = "drkaiser", -diff --git a/pcidev.c b/pcidev.c -index e13b78ce..4af1c556 100644 ---- a/pcidev.c -+++ b/pcidev.c -@@ -33,11 +33,13 @@ enum pci_bartype { - uintptr_t pcidev_readbar(struct pci_dev *dev, int bar) - { - uint64_t addr; -- uint32_t upperaddr; - uint8_t headertype; - uint16_t supported_cycles; - enum pci_bartype bartype = TYPE_UNKNOWN; - -+#ifndef __PPC64__ -+ uint32_t upperaddr; -+#endif - - headertype = pci_read_byte(dev, PCI_HEADER_TYPE) & 0x7f; - msg_pspew("PCI header type 0x%02x\n", headertype); -@@ -93,6 +95,12 @@ uintptr_t pcidev_readbar(struct pci_dev *dev, int bar) - switch (bartype) { - case TYPE_MEMBAR: - msg_pdbg("MEM"); -+#ifdef __PPC64__ -+ /* PowerPC is able to translate 32-bit BARs into 64-bit host windows. -+ * Use the dev->base_addr[x] mechanism to handle mapping. -+ */ -+ addr = dev->base_addr[(bar - 0x10) / 0x4] & PCI_BASE_ADDRESS_MEM_MASK; -+#else - if (!(supported_cycles & PCI_COMMAND_MEMORY)) { - msg_perr("MEM BAR access requested, but device has MEM space accesses disabled.\n"); - /* TODO: Abort here? */ -@@ -118,6 +126,7 @@ uintptr_t pcidev_readbar(struct pci_dev *dev, int bar) - } - } - addr &= PCI_BASE_ADDRESS_MEM_MASK; -+#endif - break; - case TYPE_IOBAR: - msg_pdbg("I/O\n"); -diff --git a/programmer.h b/programmer.h -index 9a7892d7..192bff1e 100644 ---- a/programmer.h -+++ b/programmer.h -@@ -5,6 +5,7 @@ - * Copyright (C) 2000 Ronald G. Minnich - * Copyright (C) 2005-2009 coresystems GmbH - * Copyright (C) 2006-2009 Carl-Daniel Hailfinger -+ * Copyright (C) 2016-2017 Raptor Engineering, LLC - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by -@@ -43,6 +44,12 @@ enum programmer { - #if CONFIG_GFXNVIDIA == 1 - PROGRAMMER_GFXNVIDIA, - #endif -+#if CONFIG_AST1100 == 1 -+ PROGRAMMER_AST1100, -+#endif -+#if CONFIG_AST2400 == 1 -+ PROGRAMMER_AST2400, -+#endif - #if CONFIG_RAIDEN == 1 - PROGRAMMER_RAIDEN, - #endif -@@ -416,6 +423,18 @@ int gfxnvidia_init(void); - extern const struct dev_entry gfx_nvidia[]; - #endif - -+/* ast1100.c */ -+#if CONFIG_AST1100 == 1 -+int ast1100_init(void); -+extern const struct dev_entry bmc_aspeed_ast1100[]; -+#endif -+ -+/* ast2400.c */ -+#if CONFIG_AST2400 == 1 -+int ast2400_init(void); -+extern const struct dev_entry bmc_aspeed_ast2400[]; -+#endif -+ - /* raiden_debug_spi.c */ - #if CONFIG_RAIDEN == 1 - int raiden_debug_spi_init(void); diff --git a/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch b/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch new file mode 100644 index 000000000..cddb5d1a8 --- /dev/null +++ b/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch @@ -0,0 +1,234 @@ +From 24b8fcfccef31fbb95bc1dd308180f57d5cdb64c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= +Date: Mon, 19 Jun 2023 09:36:52 +0200 +Subject: [PATCH] Add RaptorPoint PCH support +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Change-Id: I13ac52d5400c0e2260e12d605077fc2182c379ef +Signed-off-by: Michał Żygowski +--- + chipset_enable.c | 20 ++++++++++++++++++- + ich_descriptors.c | 9 +++++++++ + ichspi.c | 8 +++++++- + include/programmer.h | 1 + + .../ich_descriptors_tool.c | 2 ++ + 5 files changed, 38 insertions(+), 2 deletions(-) + +diff --git a/chipset_enable.c b/chipset_enable.c +index d6103c13b..3a07d6093 100644 +--- a/chipset_enable.c ++++ b/chipset_enable.c +@@ -607,6 +607,7 @@ static enum chipbustype enable_flash_ich_report_gcs( + case CHIPSET_400_SERIES_COMET_POINT: + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + case CHIPSET_ELKHART_LAKE: + case CHIPSET_APOLLO_LAKE: +@@ -714,6 +715,7 @@ static enum chipbustype enable_flash_ich_report_gcs( + break; + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + boot_straps = boot_straps_pch500; + break; +@@ -749,6 +751,7 @@ static enum chipbustype enable_flash_ich_report_gcs( + case CHIPSET_400_SERIES_COMET_POINT: + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + case CHIPSET_APOLLO_LAKE: + case CHIPSET_GEMINI_LAKE: +@@ -1009,6 +1012,11 @@ static int enable_flash_pch600(const struct programmer_cfg *cfg, struct pci_dev + return enable_flash_pch100_or_c620(cfg, dev, name, 0x1f, 5, CHIPSET_600_SERIES_ALDER_POINT); + } + ++static int enable_flash_pch700(const struct programmer_cfg *cfg, struct pci_dev *const dev, const char *const name) ++{ ++ return enable_flash_pch100_or_c620(cfg, dev, name, 0x1f, 5, CHIPSET_700_SERIES_RAPTOR_POINT); ++} ++ + static int enable_flash_mtl(const struct programmer_cfg *cfg, struct pci_dev *const dev, const char *const name) + { + return enable_flash_pch100_or_c620(cfg, dev, name, 0x1f, 5, CHIPSET_METEOR_LAKE); +@@ -2175,9 +2183,19 @@ const struct penable chipset_enables[] = { + {0x8086, 0x7a83, B_S, NT, "Intel", "Q670", enable_flash_pch600}, + {0x8086, 0x7a84, B_S, DEP, "Intel", "Z690", enable_flash_pch600}, + {0x8086, 0x7a88, B_S, NT, "Intel", "W680", enable_flash_pch600}, +- {0x8086, 0x7a8a, B_S, NT, "Intel", "W685", enable_flash_pch600}, + {0x8086, 0x7a8d, B_S, NT, "Intel", "WM690", enable_flash_pch600}, + {0x8086, 0x7a8c, B_S, NT, "Intel", "HM670", enable_flash_pch600}, ++ {0x8086, 0x7a90, B_S, NT, "Intel", "R680E", enable_flash_pch600}, ++ {0x8086, 0x7a91, B_S, NT, "Intel", "Q670E", enable_flash_pch600}, ++ {0x8086, 0x7a92, B_S, NT, "Intel", "H610E", enable_flash_pch600}, ++ {0x8086, 0x7a8a, B_S, NT, "Intel", "W790", enable_flash_pch700}, ++ {0x8086, 0x7a04, B_S, DEP, "Intel", "Z790", enable_flash_pch700}, ++ {0x8086, 0x7a05, B_S, NT, "Intel", "H770", enable_flash_pch700}, ++ {0x8086, 0x7a06, B_S, NT, "Intel", "B760", enable_flash_pch700}, ++ {0x8086, 0x7a0c, B_S, NT, "Intel", "HM770", enable_flash_pch700}, ++ {0x8086, 0x7a0d, B_S, NT, "Intel", "WM790", enable_flash_pch700}, ++ {0x8086, 0x7a14, B_S, NT, "Intel", "C262", enable_flash_pch700}, ++ {0x8086, 0x7a13, B_S, NT, "Intel", "C266", enable_flash_pch700}, + {0x8086, 0x7e23, B_S, DEP, "Intel", "Meteor Lake-P/M", enable_flash_mtl}, + #endif + {0}, +diff --git a/ich_descriptors.c b/ich_descriptors.c +index b37ce6d51..416b610cc 100644 +--- a/ich_descriptors.c ++++ b/ich_descriptors.c +@@ -48,6 +48,7 @@ ssize_t ich_number_of_regions(const enum ich_chipset cs, const struct ich_desc_c + case CHIPSET_400_SERIES_COMET_POINT: + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + case CHIPSET_ELKHART_LAKE: + case CHIPSET_JASPER_LAKE: +@@ -77,6 +78,7 @@ ssize_t ich_number_of_masters(const enum ich_chipset cs, const struct ich_desc_c + case CHIPSET_C620_SERIES_LEWISBURG: + case CHIPSET_APOLLO_LAKE: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + case CHIPSET_GEMINI_LAKE: + case CHIPSET_JASPER_LAKE: +@@ -215,6 +217,7 @@ static const char *pprint_density(enum ich_chipset cs, const struct ich_descript + case CHIPSET_400_SERIES_COMET_POINT: + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + case CHIPSET_APOLLO_LAKE: + case CHIPSET_GEMINI_LAKE: +@@ -313,6 +316,7 @@ static const char *pprint_freq(enum ich_chipset cs, uint8_t value) + return freq_str[2][value]; + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + return freq_str[3][value]; + case CHIPSET_ELKHART_LAKE: +@@ -361,6 +365,7 @@ void prettyprint_ich_descriptor_component(enum ich_chipset cs, const struct ich_ + case CHIPSET_400_SERIES_COMET_POINT: + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + case CHIPSET_APOLLO_LAKE: + case CHIPSET_GEMINI_LAKE: +@@ -489,6 +494,7 @@ void prettyprint_ich_descriptor_master(const enum ich_chipset cs, const struct i + cs == CHIPSET_400_SERIES_COMET_POINT || + cs == CHIPSET_500_SERIES_TIGER_POINT || + cs == CHIPSET_600_SERIES_ALDER_POINT || ++ cs == CHIPSET_700_SERIES_RAPTOR_POINT || + cs == CHIPSET_JASPER_LAKE || cs == CHIPSET_METEOR_LAKE) { + const char *const master_names[] = { + "BIOS", "ME", "GbE", "unknown", "EC", +@@ -1087,6 +1093,7 @@ static enum ich_chipset guess_ich_chipset(const struct ich_desc_content *const c + case CHIPSET_400_SERIES_COMET_POINT: + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + case CHIPSET_GEMINI_LAKE: + case CHIPSET_JASPER_LAKE: +@@ -1246,6 +1253,7 @@ int getFCBA_component_density(enum ich_chipset cs, const struct ich_descriptors + case CHIPSET_400_SERIES_COMET_POINT: + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + case CHIPSET_APOLLO_LAKE: + case CHIPSET_GEMINI_LAKE: +@@ -1291,6 +1299,7 @@ static uint32_t read_descriptor_reg(enum ich_chipset cs, uint8_t section, uint16 + case CHIPSET_400_SERIES_COMET_POINT: + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + case CHIPSET_APOLLO_LAKE: + case CHIPSET_GEMINI_LAKE: +diff --git a/ichspi.c b/ichspi.c +index c94d9971f..f50654784 100644 +--- a/ichspi.c ++++ b/ichspi.c +@@ -1884,6 +1884,7 @@ static void init_chipset_properties(struct swseq_data *swseq, struct hwseq_data + case CHIPSET_400_SERIES_COMET_POINT: + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + case CHIPSET_APOLLO_LAKE: + case CHIPSET_GEMINI_LAKE: +@@ -1923,6 +1924,7 @@ static void init_chipset_properties(struct swseq_data *swseq, struct hwseq_data + case CHIPSET_400_SERIES_COMET_POINT: + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + case CHIPSET_APOLLO_LAKE: + case CHIPSET_GEMINI_LAKE: +@@ -1984,6 +1986,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum + case CHIPSET_400_SERIES_COMET_POINT: + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + case CHIPSET_APOLLO_LAKE: + case CHIPSET_GEMINI_LAKE: +@@ -2064,6 +2067,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum + case CHIPSET_400_SERIES_COMET_POINT: + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + case CHIPSET_APOLLO_LAKE: + case CHIPSET_GEMINI_LAKE: +@@ -2103,6 +2107,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum + case CHIPSET_400_SERIES_COMET_POINT: + case CHIPSET_500_SERIES_TIGER_POINT: + case CHIPSET_600_SERIES_ALDER_POINT: ++ case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_METEOR_LAKE: + case CHIPSET_APOLLO_LAKE: + case CHIPSET_GEMINI_LAKE: +@@ -2140,7 +2145,8 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum + ich_gen == CHIPSET_300_SERIES_CANNON_POINT || + ich_gen == CHIPSET_400_SERIES_COMET_POINT || + ich_gen == CHIPSET_500_SERIES_TIGER_POINT || +- ich_gen == CHIPSET_600_SERIES_ALDER_POINT)) { ++ ich_gen == CHIPSET_600_SERIES_ALDER_POINT || ++ ich_gen == CHIPSET_700_SERIES_RAPTOR_POINT)) { + msg_pdbg("Enabling hardware sequencing by default for 100+ series PCH.\n"); + ich_spi_mode = ich_hwseq; + } +diff --git a/include/programmer.h b/include/programmer.h +index 1c5d82096..c64dbac7a 100644 +--- a/include/programmer.h ++++ b/include/programmer.h +@@ -376,6 +376,7 @@ enum ich_chipset { + CHIPSET_400_SERIES_COMET_POINT, + CHIPSET_500_SERIES_TIGER_POINT, + CHIPSET_600_SERIES_ALDER_POINT, ++ CHIPSET_700_SERIES_RAPTOR_POINT, + CHIPSET_METEOR_LAKE, + CHIPSET_APOLLO_LAKE, + CHIPSET_GEMINI_LAKE, +diff --git a/util/ich_descriptors_tool/ich_descriptors_tool.c b/util/ich_descriptors_tool/ich_descriptors_tool.c +index a5a59ad29..44af49b6a 100644 +--- a/util/ich_descriptors_tool/ich_descriptors_tool.c ++++ b/util/ich_descriptors_tool/ich_descriptors_tool.c +@@ -238,6 +238,8 @@ int main(int argc, char *argv[]) + cs = CHIPSET_500_SERIES_TIGER_POINT; + else if (strcmp(csn, "600") == 0) + cs = CHIPSET_600_SERIES_ALDER_POINT; ++ else if (strcmp(csn, "700") == 0) ++ cs = CHIPSET_700_SERIES_RAPTOR_POINT; + else if (strcmp(csn, "apollo") == 0) + cs = CHIPSET_APOLLO_LAKE; + else if (strcmp(csn, "gemini") == 0) From e8aaaabf43acd9aaba42bed317c82e86d647ddca Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 9 Aug 2024 11:09:45 -0400 Subject: [PATCH 63/84] flashrom: Applying upstreamed RaptorPoint PCH support patch proposed upstream fails to build on 1.4.0 2024-08-09 15:08:07+00:00 MAKE flashrom tail /home/user/heads/build/x86/log/flashrom.log ----- ichspi.c:2152:2: note: previously used here case CHIPSET_METEOR_LAKE: ^~~~ /home/user/heads/crossgcc/x86/bin/x86_64-linux-musl-gcc -fdebug-prefix-map=/home/user/heads=heads -gno-record-gcc-switches -D__MUSL__ --sysroot /home/user/heads/install/x86 -isystem /home/user/heads/install/x86/include -L/home/user/heads/install/x86/lib -MMD -Os -I/home/user/heads/install/x86/include/pci -Iinclude -I/home/user/heads/install/x86//include -D'HAVE_GETOPT_H=1' -D'IS_WINDOWS=0' -D'__FLASHROM_LITTLE_ENDIAN__=1' -D'CONFIG_DEFAULT_PROGRAMMER_NAME=NULL' -D'CONFIG_DEFAULT_PROGRAMMER_ARGS=""' -D'CONFIG_DELAY_MINIMUM_SLEEP_US=100000' -D'CONFIG_INTERNAL=1' -D'CONFIG_INTERNAL_DMI=1' -D'__FLASHROM_HAVE_OUTB__=1' -D'HAVE_UTSNAME=1' -D'HAVE_CLOCK_GETTIME=1' -D'FLASHROM_VERSION="1.4.0 (git:v0.2.0-2284-g88513e3f06)"' -o hwaccess_x86_io.o -c hwaccess_x86_io.c ichspi.c: In function 'init_ich_default': ichspi.c:2381:48: error: expected ';' before ')' token ich_gen == CHIPSET_C740_SERIES_EMMITSBURG)) { ^ ; ichspi.c:2381:48: error: expected statement before ')' token ichspi.c:2381:49: error: expected statement before ')' token ich_gen == CHIPSET_C740_SERIES_EMMITSBURG)) { ^ ichspi.c:2504:1: error: expected declaration or statement at end of input } ^ /home/user/heads/crossgcc/x86/bin/x86_64-linux-musl-gcc -fdebug-prefix-map=/home/user/heads=heads -gno-record-gcc-switches -D__MUSL__ --sysroot /home/user/heads/install/x86 -isystem /home/user/heads/install/x86/include -L/home/user/heads/install/x86/lib -MMD -Os -I/home/user/heads/install/x86/include/pci -Iinclude -I/home/user/heads/install/x86//include -D'HAVE_GETOPT_H=1' -D'IS_WINDOWS=0' -D'__FLASHROM_LITTLE_ENDIAN__=1' -D'CONFIG_DEFAULT_PROGRAMMER_NAME=NULL' -D'CONFIG_DEFAULT_PROGRAMMER_ARGS=""' -D'CONFIG_DELAY_MINIMUM_SLEEP_US=100000' -D'CONFIG_INTERNAL=1' -D'CONFIG_INTERNAL_DMI=1' -D'__FLASHROM_HAVE_OUTB__=1' -D'HAVE_UTSNAME=1' -D'HAVE_CLOCK_GETTIME=1' -D'FLASHROM_VERSION="1.4.0 (git:v0.2.0-2284-g88513e3f06)"' -o hwaccess_physmap.o -c hwaccess_physmap.c make[1]: *** [Makefile:1050: ichspi.o] Error 1 Signed-off-by: Thierry Laurion --- .../0001-Add_RaptorPoint_PCH_support.patch | 120 +++++++++--------- 1 file changed, 61 insertions(+), 59 deletions(-) diff --git a/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch b/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch index cddb5d1a8..5a2b7cb6b 100644 --- a/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch +++ b/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch @@ -1,7 +1,7 @@ -From 24b8fcfccef31fbb95bc1dd308180f57d5cdb64c Mon Sep 17 00:00:00 2001 +From 91be4b39e6c32463b506097f916352f6795800cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 19 Jun 2023 09:36:52 +0200 -Subject: [PATCH] Add RaptorPoint PCH support +Subject: [PATCH] ichspi: Add RaptorPoint PCH support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -11,40 +11,40 @@ Signed-off-by: Michał Żygowski --- chipset_enable.c | 20 ++++++++++++++++++- ich_descriptors.c | 9 +++++++++ - ichspi.c | 8 +++++++- + ichspi.c | 7 +++++++ include/programmer.h | 1 + .../ich_descriptors_tool.c | 2 ++ - 5 files changed, 38 insertions(+), 2 deletions(-) + 5 files changed, 38 insertions(+), 1 deletion(-) diff --git a/chipset_enable.c b/chipset_enable.c -index d6103c13b..3a07d6093 100644 +index facf29e500..6b1c1b5c99 100644 --- a/chipset_enable.c +++ b/chipset_enable.c -@@ -607,6 +607,7 @@ static enum chipbustype enable_flash_ich_report_gcs( +@@ -606,6 +606,7 @@ static enum chipbustype enable_flash_ich_report_gcs( case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: case CHIPSET_METEOR_LAKE: + case CHIPSET_PANTHER_LAKE: case CHIPSET_ELKHART_LAKE: - case CHIPSET_APOLLO_LAKE: @@ -714,6 +715,7 @@ static enum chipbustype enable_flash_ich_report_gcs( break; case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_C740_SERIES_EMMITSBURG: case CHIPSET_METEOR_LAKE: - boot_straps = boot_straps_pch500; - break; -@@ -749,6 +751,7 @@ static enum chipbustype enable_flash_ich_report_gcs( + case CHIPSET_PANTHER_LAKE: +@@ -751,6 +753,7 @@ static enum chipbustype enable_flash_ich_report_gcs( case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: case CHIPSET_METEOR_LAKE: + case CHIPSET_PANTHER_LAKE: case CHIPSET_APOLLO_LAKE: - case CHIPSET_GEMINI_LAKE: -@@ -1009,6 +1012,11 @@ static int enable_flash_pch600(const struct programmer_cfg *cfg, struct pci_dev +@@ -1017,6 +1020,11 @@ static int enable_flash_pch600(const struct programmer_cfg *cfg, struct pci_dev return enable_flash_pch100_or_c620(cfg, dev, name, 0x1f, 5, CHIPSET_600_SERIES_ALDER_POINT); } @@ -56,7 +56,7 @@ index d6103c13b..3a07d6093 100644 static int enable_flash_mtl(const struct programmer_cfg *cfg, struct pci_dev *const dev, const char *const name) { return enable_flash_pch100_or_c620(cfg, dev, name, 0x1f, 5, CHIPSET_METEOR_LAKE); -@@ -2175,9 +2183,19 @@ const struct penable chipset_enables[] = { +@@ -2190,9 +2198,19 @@ const struct penable chipset_enables[] = { {0x8086, 0x7a83, B_S, NT, "Intel", "Q670", enable_flash_pch600}, {0x8086, 0x7a84, B_S, DEP, "Intel", "Z690", enable_flash_pch600}, {0x8086, 0x7a88, B_S, NT, "Intel", "W680", enable_flash_pch600}, @@ -75,155 +75,154 @@ index d6103c13b..3a07d6093 100644 + {0x8086, 0x7a14, B_S, NT, "Intel", "C262", enable_flash_pch700}, + {0x8086, 0x7a13, B_S, NT, "Intel", "C266", enable_flash_pch700}, {0x8086, 0x7e23, B_S, DEP, "Intel", "Meteor Lake-P/M", enable_flash_mtl}, - #endif - {0}, + {0x8086, 0xe323, B_S, DEP, "Intel", "Panther Lake-U/H 12Xe", enable_flash_ptl}, + {0x8086, 0xe423, B_S, DEP, "Intel", "Panther Lake-H 4Xe", enable_flash_ptl}, diff --git a/ich_descriptors.c b/ich_descriptors.c -index b37ce6d51..416b610cc 100644 +index eaf44b0693..c436fabd37 100644 --- a/ich_descriptors.c +++ b/ich_descriptors.c -@@ -48,6 +48,7 @@ ssize_t ich_number_of_regions(const enum ich_chipset cs, const struct ich_desc_c +@@ -49,6 +49,7 @@ ssize_t ich_number_of_regions(const enum ich_chipset cs, const struct ich_desc_c case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: case CHIPSET_METEOR_LAKE: + case CHIPSET_PANTHER_LAKE: case CHIPSET_ELKHART_LAKE: - case CHIPSET_JASPER_LAKE: -@@ -77,6 +78,7 @@ ssize_t ich_number_of_masters(const enum ich_chipset cs, const struct ich_desc_c - case CHIPSET_C620_SERIES_LEWISBURG: +@@ -80,6 +81,7 @@ ssize_t ich_number_of_masters(const enum ich_chipset cs, const struct ich_desc_c + case CHIPSET_C740_SERIES_EMMITSBURG: case CHIPSET_APOLLO_LAKE: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: case CHIPSET_METEOR_LAKE: + case CHIPSET_PANTHER_LAKE: case CHIPSET_GEMINI_LAKE: - case CHIPSET_JASPER_LAKE: -@@ -215,6 +217,7 @@ static const char *pprint_density(enum ich_chipset cs, const struct ich_descript +@@ -221,6 +223,7 @@ static const char *pprint_density(enum ich_chipset cs, const struct ich_descript case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: case CHIPSET_METEOR_LAKE: + case CHIPSET_PANTHER_LAKE: case CHIPSET_APOLLO_LAKE: - case CHIPSET_GEMINI_LAKE: -@@ -313,6 +316,7 @@ static const char *pprint_freq(enum ich_chipset cs, uint8_t value) +@@ -320,6 +323,7 @@ static const char *pprint_freq(enum ich_chipset cs, uint8_t value) return freq_str[2][value]; case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: + case CHIPSET_C740_SERIES_EMMITSBURG: case CHIPSET_METEOR_LAKE: - return freq_str[3][value]; - case CHIPSET_ELKHART_LAKE: -@@ -361,6 +365,7 @@ void prettyprint_ich_descriptor_component(enum ich_chipset cs, const struct ich_ + case CHIPSET_PANTHER_LAKE: +@@ -371,6 +375,7 @@ void prettyprint_ich_descriptor_component(enum ich_chipset cs, const struct ich_ case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: case CHIPSET_METEOR_LAKE: + case CHIPSET_PANTHER_LAKE: case CHIPSET_APOLLO_LAKE: - case CHIPSET_GEMINI_LAKE: -@@ -489,6 +494,7 @@ void prettyprint_ich_descriptor_master(const enum ich_chipset cs, const struct i +@@ -512,6 +517,7 @@ void prettyprint_ich_descriptor_master(const enum ich_chipset cs, const struct i cs == CHIPSET_400_SERIES_COMET_POINT || cs == CHIPSET_500_SERIES_TIGER_POINT || cs == CHIPSET_600_SERIES_ALDER_POINT || + cs == CHIPSET_700_SERIES_RAPTOR_POINT || - cs == CHIPSET_JASPER_LAKE || cs == CHIPSET_METEOR_LAKE) { - const char *const master_names[] = { - "BIOS", "ME", "GbE", "unknown", "EC", -@@ -1087,6 +1093,7 @@ static enum ich_chipset guess_ich_chipset(const struct ich_desc_content *const c + cs == CHIPSET_C740_SERIES_EMMITSBURG || + cs == CHIPSET_JASPER_LAKE || + cs == CHIPSET_METEOR_LAKE || +@@ -1115,6 +1121,7 @@ static enum ich_chipset guess_ich_chipset(const struct ich_desc_content *const c case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: case CHIPSET_METEOR_LAKE: + case CHIPSET_PANTHER_LAKE: case CHIPSET_GEMINI_LAKE: - case CHIPSET_JASPER_LAKE: -@@ -1246,6 +1253,7 @@ int getFCBA_component_density(enum ich_chipset cs, const struct ich_descriptors +@@ -1277,6 +1284,7 @@ int getFCBA_component_density(enum ich_chipset cs, const struct ich_descriptors case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: case CHIPSET_METEOR_LAKE: + case CHIPSET_PANTHER_LAKE: case CHIPSET_APOLLO_LAKE: - case CHIPSET_GEMINI_LAKE: -@@ -1291,6 +1299,7 @@ static uint32_t read_descriptor_reg(enum ich_chipset cs, uint8_t section, uint16 +@@ -1324,6 +1332,7 @@ static uint32_t read_descriptor_reg(enum ich_chipset cs, uint8_t section, uint16 case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: case CHIPSET_METEOR_LAKE: + case CHIPSET_PANTHER_LAKE: case CHIPSET_APOLLO_LAKE: - case CHIPSET_GEMINI_LAKE: diff --git a/ichspi.c b/ichspi.c -index c94d9971f..f50654784 100644 +index f74fb05c9e..9718600b91 100644 --- a/ichspi.c +++ b/ichspi.c -@@ -1884,6 +1884,7 @@ static void init_chipset_properties(struct swseq_data *swseq, struct hwseq_data +@@ -2106,6 +2106,7 @@ static void init_chipset_properties(struct swseq_data *swseq, struct hwseq_data case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: - case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: -@@ -1923,6 +1924,7 @@ static void init_chipset_properties(struct swseq_data *swseq, struct hwseq_data + case CHIPSET_JASPER_LAKE: +@@ -2147,6 +2148,8 @@ static void init_chipset_properties(struct swseq_data *swseq, struct hwseq_data case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: - case CHIPSET_METEOR_LAKE: ++ case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: -@@ -1984,6 +1986,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum + case CHIPSET_JASPER_LAKE: +@@ -2210,6 +2213,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: - case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: -@@ -2064,6 +2067,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum + case CHIPSET_JASPER_LAKE: +@@ -2291,6 +2295,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: - case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: -@@ -2103,6 +2107,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum + case CHIPSET_JASPER_LAKE: +@@ -2332,6 +2337,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: - case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: -@@ -2140,7 +2145,8 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum - ich_gen == CHIPSET_300_SERIES_CANNON_POINT || + case CHIPSET_JASPER_LAKE: +@@ -2371,6 +2377,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum ich_gen == CHIPSET_400_SERIES_COMET_POINT || ich_gen == CHIPSET_500_SERIES_TIGER_POINT || -- ich_gen == CHIPSET_600_SERIES_ALDER_POINT)) { -+ ich_gen == CHIPSET_600_SERIES_ALDER_POINT || + ich_gen == CHIPSET_600_SERIES_ALDER_POINT || + ich_gen == CHIPSET_700_SERIES_RAPTOR_POINT)) { + ich_gen == CHIPSET_C740_SERIES_EMMITSBURG)) { msg_pdbg("Enabling hardware sequencing by default for 100+ series PCH.\n"); ich_spi_mode = ich_hwseq; - } diff --git a/include/programmer.h b/include/programmer.h -index 1c5d82096..c64dbac7a 100644 +index a90624b13c..0210038892 100644 --- a/include/programmer.h +++ b/include/programmer.h -@@ -376,6 +376,7 @@ enum ich_chipset { +@@ -357,6 +357,7 @@ enum ich_chipset { CHIPSET_400_SERIES_COMET_POINT, CHIPSET_500_SERIES_TIGER_POINT, CHIPSET_600_SERIES_ALDER_POINT, + CHIPSET_700_SERIES_RAPTOR_POINT, - CHIPSET_METEOR_LAKE, CHIPSET_APOLLO_LAKE, CHIPSET_GEMINI_LAKE, + CHIPSET_JASPER_LAKE, diff --git a/util/ich_descriptors_tool/ich_descriptors_tool.c b/util/ich_descriptors_tool/ich_descriptors_tool.c -index a5a59ad29..44af49b6a 100644 +index 09587f7528..d5289b9534 100644 --- a/util/ich_descriptors_tool/ich_descriptors_tool.c +++ b/util/ich_descriptors_tool/ich_descriptors_tool.c -@@ -238,6 +238,8 @@ int main(int argc, char *argv[]) +@@ -239,6 +239,8 @@ int main(int argc, char *argv[]) cs = CHIPSET_500_SERIES_TIGER_POINT; else if (strcmp(csn, "600") == 0) cs = CHIPSET_600_SERIES_ALDER_POINT; @@ -232,3 +231,6 @@ index a5a59ad29..44af49b6a 100644 else if (strcmp(csn, "apollo") == 0) cs = CHIPSET_APOLLO_LAKE; else if (strcmp(csn, "gemini") == 0) +-- +2.39.2 + From a60e6a1203f889a4391215e84e6f4774cd4deddd Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 9 Aug 2024 11:49:49 -0400 Subject: [PATCH 64/84] flashrom: 1.4.0: update pending patch to upstream master downstream under Heads repro: git fetch https://review.coreboot.org/flashrom refs/changes/54/83854/3 && git format-patch -1 --stdout FETCH_HEAD > patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch Signed-off-by: Thierry Laurion --- .../0001-Add_RaptorPoint_PCH_support.patch | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch b/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch index 5a2b7cb6b..a295fed63 100644 --- a/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch +++ b/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch @@ -1,4 +1,4 @@ -From 91be4b39e6c32463b506097f916352f6795800cd Mon Sep 17 00:00:00 2001 +From 99d16ef516b6080ceaaa866984b7e7fb471eaef0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Mon, 19 Jun 2023 09:36:52 +0200 Subject: [PATCH] ichspi: Add RaptorPoint PCH support @@ -6,15 +6,17 @@ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit +TEST=probe flash on Z790 chipset + Change-Id: I13ac52d5400c0e2260e12d605077fc2182c379ef Signed-off-by: Michał Żygowski --- chipset_enable.c | 20 ++++++++++++++++++- ich_descriptors.c | 9 +++++++++ - ichspi.c | 7 +++++++ + ichspi.c | 6 ++++++ include/programmer.h | 1 + .../ich_descriptors_tool.c | 2 ++ - 5 files changed, 38 insertions(+), 1 deletion(-) + 5 files changed, 37 insertions(+), 1 deletion(-) diff --git a/chipset_enable.c b/chipset_enable.c index facf29e500..6b1c1b5c99 100644 @@ -154,7 +156,7 @@ index eaf44b0693..c436fabd37 100644 case CHIPSET_PANTHER_LAKE: case CHIPSET_APOLLO_LAKE: diff --git a/ichspi.c b/ichspi.c -index f74fb05c9e..9718600b91 100644 +index f74fb05c9e..d01f2f3887 100644 --- a/ichspi.c +++ b/ichspi.c @@ -2106,6 +2106,7 @@ static void init_chipset_properties(struct swseq_data *swseq, struct hwseq_data @@ -165,16 +167,15 @@ index f74fb05c9e..9718600b91 100644 case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: case CHIPSET_JASPER_LAKE: -@@ -2147,6 +2148,8 @@ static void init_chipset_properties(struct swseq_data *swseq, struct hwseq_data +@@ -2147,6 +2148,7 @@ static void init_chipset_properties(struct swseq_data *swseq, struct hwseq_data case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: + case CHIPSET_700_SERIES_RAPTOR_POINT: -+ case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: case CHIPSET_JASPER_LAKE: -@@ -2210,6 +2213,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum +@@ -2210,6 +2212,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: @@ -182,7 +183,7 @@ index f74fb05c9e..9718600b91 100644 case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: case CHIPSET_JASPER_LAKE: -@@ -2291,6 +2295,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum +@@ -2291,6 +2294,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: @@ -190,7 +191,7 @@ index f74fb05c9e..9718600b91 100644 case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: case CHIPSET_JASPER_LAKE: -@@ -2332,6 +2337,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum +@@ -2332,6 +2336,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: @@ -198,11 +199,11 @@ index f74fb05c9e..9718600b91 100644 case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: case CHIPSET_JASPER_LAKE: -@@ -2371,6 +2377,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum +@@ -2371,6 +2376,7 @@ static int init_ich_default(const struct programmer_cfg *cfg, void *spibar, enum ich_gen == CHIPSET_400_SERIES_COMET_POINT || ich_gen == CHIPSET_500_SERIES_TIGER_POINT || ich_gen == CHIPSET_600_SERIES_ALDER_POINT || -+ ich_gen == CHIPSET_700_SERIES_RAPTOR_POINT)) { ++ ich_gen == CHIPSET_700_SERIES_RAPTOR_POINT || ich_gen == CHIPSET_C740_SERIES_EMMITSBURG)) { msg_pdbg("Enabling hardware sequencing by default for 100+ series PCH.\n"); ich_spi_mode = ich_hwseq; From f7c9930fefc5e2fc72fb8d0e71832b07635a2233 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 9 Aug 2024 12:21:49 -0400 Subject: [PATCH 65/84] MSI board configs: clarify requirements, DDR4/DDR5 board names, unify config layout against qemu-coreboot-fbwhiptail-tpm2 Signed-off-by: Thierry Laurion --- boards/msi_z690a_ddr4/msi_z690a_ddr4.config | 80 ++++++++++++++------ boards/msi_z690a_ddr5/msi_z690a_ddr5.config | 82 ++++++++++++++------- boards/msi_z790p_ddr4/msi_z790p_ddr4.config | 80 ++++++++++++++------ boards/msi_z790p_ddr5/msi_z790p_ddr5.config | 82 ++++++++++++++------- 4 files changed, 226 insertions(+), 98 deletions(-) diff --git a/boards/msi_z690a_ddr4/msi_z690a_ddr4.config b/boards/msi_z690a_ddr4/msi_z690a_ddr4.config index 3e6dfcf45..3329fcaa1 100644 --- a/boards/msi_z690a_ddr4/msi_z690a_ddr4.config +++ b/boards/msi_z690a_ddr4/msi_z690a_ddr4.config @@ -1,4 +1,9 @@ # MSI PRO Z690-A DDR4 board configuration +# This version requires +# - A supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key) +# - A supported dTPM module +#Notes: +# - dGPU support known to be problematic, look for Dasharo HCL export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=dasharo @@ -7,43 +12,70 @@ export CONFIG_LINUX_VERSION=6.1.8 CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z690a_ddr4.config CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config -CONFIG_KEXEC=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y -CONFIG_POPT=y -CONFIG_FLASHTOOLS=y -CONFIG_FLASHROM=y -CONFIG_PCIUTILS=y -CONFIG_UTIL_LINUX=y +#Enable DEBUG output +#export CONFIG_DEBUG_OUTPUT=y +#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + + +#Additional hardware support +CONFIG_LINUX_USB=y +CONFIG_LINUX_IGC=y +#CONFIG_MOBILE_TETHERING=y +export CONFIG_USB_KEYBOARD=y + CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y CONFIG_LVM2=y CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y -CONFIG_DROPBEAR=y - +#Remote attestation support +# TPM2 requirements +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support CONFIG_HOTPKEY=y - +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#Console based Whiptail support(Console based, no FB): +#CONFIG_SLANG=y +#CONFIG_NEWT=y +#FBWhiptail based (Graphical): CONFIG_CAIRO=y CONFIG_FBWHIPTAIL=y -CONFIG_LINUX_USB=y -CONFIG_LINUX_IGC=y - -export CONFIG_USB_KEYBOARD=y - -export CONFIG_BOOTSCRIPT=/bin/gui-init - -export CONFIG_BOOT_KERNEL_ADD="" -export CONFIG_BOOT_KERNEL_REMOVE="" +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y -# TPM2 requirements +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements export CONFIG_TPM2_TOOLS=y export CONFIG_PRIMARY_KEY_TYPE=ecc -CONFIG_TPM2_TSS=y -CONFIG_OPENSSL=y - +#TPM1 requirements +#export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +#text-based original init: +#export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/nvme0n1" +export CONFIG_BOOT_KERNEL_ADD="" +export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOARD_NAME="MSI PRO Z690-A DDR4" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" diff --git a/boards/msi_z690a_ddr5/msi_z690a_ddr5.config b/boards/msi_z690a_ddr5/msi_z690a_ddr5.config index 5b694c51a..a2c21a009 100644 --- a/boards/msi_z690a_ddr5/msi_z690a_ddr5.config +++ b/boards/msi_z690a_ddr5/msi_z690a_ddr5.config @@ -1,4 +1,9 @@ # MSI PRO Z690-A (DDR5) board configuration +# This version requires +# - A supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key) +# - A supported dTPM module +#Notes: +# - dGPU support known to be problematic, look for Dasharo HCL export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=dasharo @@ -7,44 +12,71 @@ export CONFIG_LINUX_VERSION=6.1.8 CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z690a_ddr5.config CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config -CONFIG_KEXEC=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y -CONFIG_POPT=y -CONFIG_FLASHTOOLS=y -CONFIG_FLASHROM=y -CONFIG_PCIUTILS=y -CONFIG_UTIL_LINUX=y +#Enable DEBUG output +#export CONFIG_DEBUG_OUTPUT=y +#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + + +#Additional hardware support +CONFIG_LINUX_USB=y +CONFIG_LINUX_IGC=y +#CONFIG_MOBILE_TETHERING=y +export CONFIG_USB_KEYBOARD=y + CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y CONFIG_LVM2=y CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y -CONFIG_DROPBEAR=y - +#Remote attestation support +# TPM2 requirements +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support CONFIG_HOTPKEY=y - +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#Console based Whiptail support(Console based, no FB): +#CONFIG_SLANG=y +#CONFIG_NEWT=y +#FBWhiptail based (Graphical): CONFIG_CAIRO=y CONFIG_FBWHIPTAIL=y -CONFIG_LINUX_USB=y -CONFIG_LINUX_IGC=y - -export CONFIG_USB_KEYBOARD=y - -export CONFIG_BOOTSCRIPT=/bin/gui-init - -export CONFIG_BOOT_KERNEL_ADD="" -export CONFIG_BOOT_KERNEL_REMOVE="" +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y -# TPM2 requirements +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements export CONFIG_TPM2_TOOLS=y export CONFIG_PRIMARY_KEY_TYPE=ecc -CONFIG_TPM2_TSS=y -CONFIG_OPENSSL=y - +#TPM1 requirements +#export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +#text-based original init: +#export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/nvme0n1" -export CONFIG_BOARD_NAME="MSI PRO Z690-A" +export CONFIG_BOOT_KERNEL_ADD="" +export CONFIG_BOOT_KERNEL_REMOVE="" +export CONFIG_BOARD_NAME="MSI PRO Z690-A DDR5" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # Workaround to access > 16MiB BIOS region on ADL+ diff --git a/boards/msi_z790p_ddr4/msi_z790p_ddr4.config b/boards/msi_z790p_ddr4/msi_z790p_ddr4.config index 8181b6c72..f6a0ad03a 100644 --- a/boards/msi_z790p_ddr4/msi_z790p_ddr4.config +++ b/boards/msi_z790p_ddr4/msi_z790p_ddr4.config @@ -1,4 +1,9 @@ # MSI PRO Z790-P DDR4 board configuration +# This version requires +# - A supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key) +# - A supported dTPM module +#Notes: +# - dGPU support known to be problematic, look for Dasharo HCL export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=dasharo @@ -7,43 +12,70 @@ export CONFIG_LINUX_VERSION=6.1.8 CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z790p_ddr4.config CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config -CONFIG_KEXEC=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y -CONFIG_POPT=y -CONFIG_FLASHTOOLS=y -CONFIG_FLASHROM=y -CONFIG_PCIUTILS=y -CONFIG_UTIL_LINUX=y +#Enable DEBUG output +#export CONFIG_DEBUG_OUTPUT=y +#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + + +#Additional hardware support +CONFIG_LINUX_USB=y +CONFIG_LINUX_IGC=y +#CONFIG_MOBILE_TETHERING=y +export CONFIG_USB_KEYBOARD=y + CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y CONFIG_LVM2=y CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y -CONFIG_DROPBEAR=y - +#Remote attestation support +# TPM2 requirements +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support CONFIG_HOTPKEY=y - +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#Console based Whiptail support(Console based, no FB): +#CONFIG_SLANG=y +#CONFIG_NEWT=y +#FBWhiptail based (Graphical): CONFIG_CAIRO=y CONFIG_FBWHIPTAIL=y -CONFIG_LINUX_USB=y -CONFIG_LINUX_IGC=y - -export CONFIG_USB_KEYBOARD=y - -export CONFIG_BOOTSCRIPT=/bin/gui-init - -export CONFIG_BOOT_KERNEL_ADD="" -export CONFIG_BOOT_KERNEL_REMOVE="" +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y -# TPM2 requirements +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements export CONFIG_TPM2_TOOLS=y export CONFIG_PRIMARY_KEY_TYPE=ecc -CONFIG_TPM2_TSS=y -CONFIG_OPENSSL=y - +#TPM1 requirements +#export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +#text-based original init: +#export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/nvme0n1" +export CONFIG_BOOT_KERNEL_ADD="" +export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOARD_NAME="MSI PRO Z790-P DDR4" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" diff --git a/boards/msi_z790p_ddr5/msi_z790p_ddr5.config b/boards/msi_z790p_ddr5/msi_z790p_ddr5.config index f7ef7012f..2bdfb01a3 100644 --- a/boards/msi_z790p_ddr5/msi_z790p_ddr5.config +++ b/boards/msi_z790p_ddr5/msi_z790p_ddr5.config @@ -1,4 +1,9 @@ # MSI PRO Z790-P (DDR5) board configuration +# This version requires +# - A supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key) +# - A supported dTPM module +#Notes: +# - dGPU support known to be problematic, look for Dasharo HCL export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=dasharo @@ -7,44 +12,71 @@ export CONFIG_LINUX_VERSION=6.1.8 CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z790p_ddr5.config CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config -CONFIG_KEXEC=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y -CONFIG_POPT=y -CONFIG_FLASHTOOLS=y -CONFIG_FLASHROM=y -CONFIG_PCIUTILS=y -CONFIG_UTIL_LINUX=y +#Enable DEBUG output +#export CONFIG_DEBUG_OUTPUT=y +#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y +#Enable TPM2 pcap output under /tmp +#export CONFIG_TPM2_CAPTURE_PCAP=y + + +#Additional hardware support +CONFIG_LINUX_USB=y +CONFIG_LINUX_IGC=y +#CONFIG_MOBILE_TETHERING=y +export CONFIG_USB_KEYBOARD=y + CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y CONFIG_LVM2=y CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y -CONFIG_DROPBEAR=y - +#Remote attestation support +# TPM2 requirements +CONFIG_TPM2_TSS=y +CONFIG_OPENSSL=y +#Remote Attestation common tools +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support CONFIG_HOTPKEY=y - +#Nitrokey Storage admin tool (deprecated) +#CONFIG_NKSTORECLI=n +#GUI Support +#Console based Whiptail support(Console based, no FB): +#CONFIG_SLANG=y +#CONFIG_NEWT=y +#FBWhiptail based (Graphical): CONFIG_CAIRO=y CONFIG_FBWHIPTAIL=y -CONFIG_LINUX_USB=y -CONFIG_LINUX_IGC=y - -export CONFIG_USB_KEYBOARD=y - -export CONFIG_BOOTSCRIPT=/bin/gui-init - -export CONFIG_BOOT_KERNEL_ADD="" -export CONFIG_BOOT_KERNEL_REMOVE="" +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y -# TPM2 requirements +#Runtime configuration +#Automatically boot if HOTP is valid +export CONFIG_AUTO_BOOT_TIMEOUT=5 +#TPM2 requirements export CONFIG_TPM2_TOOLS=y export CONFIG_PRIMARY_KEY_TYPE=ecc -CONFIG_TPM2_TSS=y -CONFIG_OPENSSL=y - +#TPM1 requirements +#export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +#text-based original init: +#export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/nvme0n1" -export CONFIG_BOARD_NAME="MSI PRO Z790-P" +export CONFIG_BOOT_KERNEL_ADD="" +export CONFIG_BOOT_KERNEL_REMOVE="" +export CONFIG_BOARD_NAME="MSI PRO Z790-P DDR5" export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" # Workaround to access > 16MiB BIOS region on ADL+ From 664df3b69189e6e60e4508a381d632624c731b5f Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 11 Aug 2024 00:50:47 -0400 Subject: [PATCH 66/84] flashrom: disable prettyprint_ich9_reg_hsfc so that Heads flash progress workaround works in absence of flashrom --progress Respin of https://github.com/Dasharo/flashrom/commit/6b2061bc0699202f81aeb782f301f1bba9f8a826.patch which cannot be cherry-picked See https://github.com/Dasharo/flashrom/pull/11#issuecomment-1409142374 Signed-off-by: Thierry Laurion --- ...002-disable-prettyprint_ich9_reg_hsfc.patch | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0002-disable-prettyprint_ich9_reg_hsfc.patch diff --git a/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0002-disable-prettyprint_ich9_reg_hsfc.patch b/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0002-disable-prettyprint_ich9_reg_hsfc.patch new file mode 100644 index 000000000..32de8eff4 --- /dev/null +++ b/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0002-disable-prettyprint_ich9_reg_hsfc.patch @@ -0,0 +1,18 @@ +--- ./ichspi.c.orig 2024-08-11 00:40:38.777007492 -0400 ++++ ./ichspi.c 2024-08-11 00:46:03.904024919 -0400 +@@ -492,6 +492,7 @@ + + static void prettyprint_ich9_reg_hsfc(uint16_t reg_val, enum ich_chipset ich_gen) + { ++#if 0 + msg_pdbg("HSFC: "); + pprint_reg16(HSFC, FGO, reg_val, ", "); + switch (ich_gen) { +@@ -511,6 +512,7 @@ + } + pprint_reg16(HSFC, FDBC, reg_val, ", "); + pprint_reg16(HSFC, SME, reg_val, "\n"); ++#endif + } + + static void prettyprint_ich9_reg_ssfs(uint32_t reg_val) From d2d33bce6e3e104793342647b6c81623c1f10257 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 23 Aug 2024 08:21:05 -0400 Subject: [PATCH 67/84] flash.sh: drop inhouse progress output on console when flashing with flashrom Signed-off-by: Thierry Laurion --- initrd/bin/flash.sh | 104 +------------------------------------------- 1 file changed, 1 insertion(+), 103 deletions(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 6ef16a52e..d807ff265 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -21,106 +21,6 @@ case "$CONFIG_FLASHROM_OPTIONS" in ;; esac -flashrom_progress() { - # The ichspi programmer now spews register status lines constantly that are - # brutally slow to feed through the parser in flashrom_progress_tokenize. - # Filter the input with grep for only lines containing at least one token - # that we care about. - grep -E -e 'contents\.\.\.' -e 'done\.' -e '0x[0-9a-f]+-(0x[0-9a-f]+):' \ - -e 'identical' -e 'VERIFIED\.' -e 'FAILED' | \ - tr ' ' '\n' | flashrom_progress_tokenize "$1" -} - -print_flashing_progress() { - local spaces=' ' - local hashes='##################################################' - local percent pct1 pct2 progressbar progressbar2 - percent="$1" - pct1=$((percent / 2)) - pct2=$((50 - percent / 2)) - progressbar=${hashes:0:$pct1} - progressbar2=${spaces:0:$pct2} - echo -ne "Flashing: [${progressbar}${spin:$spin_idx:1}${progressbar2}] (${percent}%)\\r" -} - -flashrom_progress_tokenize() { - local current=0 - local total_bytes="$1" - local percent=0 - local IN='' - local spin='-\|/' - local spin_idx=0 - local status='init' - local prev_word='' - local prev_prev_word='' - - echo "Initializing Flash Programmer" - while true ; do - prev_prev_word=$prev_word - prev_word=$IN - IFS= read -r -t 0.2 IN - spin_idx=$(( (spin_idx+1) %4 )) - if [ "$status" == "init" ]; then - if [ "$IN" == "contents..." ]; then - status="reading" - echo "Reading old flash contents. Please wait..." - fi - fi - if [ "$status" == "reading" ]; then - if echo "${IN}" | grep "done." > /dev/null ; then - status="writing" - IN= - fi - fi - if [ "$status" == "writing" ]; then - # walk_eraseblocks() prints info for each block, of the form - # , 0xAAAAAA-0xBBBBBB:X - # The 'X' is a char indicating the action, but the debug from actually erasing - # and writing is mixed into the output so it may be separated. It can also be - # interrupted occasionally, so only match a complete token. - current=$(echo "$IN" | sed -nE 's/^0x[0-9a-f]+-(0x[0-9a-f]+):.*$/\1/p') - if [ "$current" != "" ]; then - percent=$((100 * (current + 1) / total_bytes)) - fi - print_flashing_progress "$percent" - if [ "$IN" == "done." ]; then - status="verifying" - IN= - print_flashing_progress 100 - echo "" - echo "Verifying flash contents. Please wait..." - fi - # This appears before "Erase/write done."; skip the verifying state - if [ "$IN" == "identical" ]; then - status="done" - IN= - print_flashing_progress 100 - echo "" - echo "The flash contents are identical to the image being flashed." - break - fi - fi - if [ "$status" == "verifying" ]; then - if echo "${IN}" | grep "VERIFIED." > /dev/null ; then - status="done" - echo "The flash contents were verified and the image was flashed correctly." - break - elif echo "${IN}" | grep "FAILED" > /dev/null ; then - echo 'Error while verifying flash content' - break - fi - fi - done - echo "" - if [ "$status" == "done" ]; then - return 0 - else - echo 'Error flashing coreboot -- see timestampped flashrom log in /tmp for more info' - echo "" - return 1 - fi -} - flash_rom() { ROM=$1 if [ "$READ" -eq 1 ]; then @@ -148,9 +48,7 @@ flash_rom() { dd if=/tmp/pchstrp9.bin bs=1 count=4 seek=292 of=/tmp/${CONFIG_BOARD}.rom conv=notrunc >/dev/null 2>&1 fi - flashrom $CONFIG_FLASHROM_OPTIONS -w /tmp/${CONFIG_BOARD}.rom \ - -V -o "/tmp/flashrom-$(date '+%Y%m%d-%H%M%S').log" 2>&1 | \ - flashrom_progress "$(stat -c %s "/tmp/${CONFIG_BOARD}.rom")" \ + flashrom $CONFIG_FLASHROM_OPTIONS -w /tmp/${CONFIG_BOARD}.rom 2>&1 \ || die "$ROM: Flash failed" fi } From 35b43b0968dd669e892bbf9ee185f249f864d40e Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 23 Aug 2024 08:47:31 -0400 Subject: [PATCH 68/84] flashrom 1.4: remove verbose output patch that was not working anyway Signed-off-by: Thierry Laurion --- ...002-disable-prettyprint_ich9_reg_hsfc.patch | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0002-disable-prettyprint_ich9_reg_hsfc.patch diff --git a/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0002-disable-prettyprint_ich9_reg_hsfc.patch b/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0002-disable-prettyprint_ich9_reg_hsfc.patch deleted file mode 100644 index 32de8eff4..000000000 --- a/patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0002-disable-prettyprint_ich9_reg_hsfc.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- ./ichspi.c.orig 2024-08-11 00:40:38.777007492 -0400 -+++ ./ichspi.c 2024-08-11 00:46:03.904024919 -0400 -@@ -492,6 +492,7 @@ - - static void prettyprint_ich9_reg_hsfc(uint16_t reg_val, enum ich_chipset ich_gen) - { -+#if 0 - msg_pdbg("HSFC: "); - pprint_reg16(HSFC, FGO, reg_val, ", "); - switch (ich_gen) { -@@ -511,6 +512,7 @@ - } - pprint_reg16(HSFC, FDBC, reg_val, ", "); - pprint_reg16(HSFC, SME, reg_val, "\n"); -+#endif - } - - static void prettyprint_ich9_reg_ssfs(uint32_t reg_val) From 6559d2618f97f23e40f16f5b728aa75e2a42bd1c Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 23 Aug 2024 13:00:29 -0400 Subject: [PATCH 69/84] flash.sh: Add warning to remind user to not interfere with flashrom operations that will follow Signed-off-by: Thierry Laurion --- initrd/bin/flash.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index d807ff265..00f2801f1 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -48,6 +48,7 @@ flash_rom() { dd if=/tmp/pchstrp9.bin bs=1 count=4 seek=292 of=/tmp/${CONFIG_BOARD}.rom conv=notrunc >/dev/null 2>&1 fi + warn "Do not power off computer. Updating firmware, this will take a few minutes..." flashrom $CONFIG_FLASHROM_OPTIONS -w /tmp/${CONFIG_BOARD}.rom 2>&1 \ || die "$ROM: Flash failed" fi From 199acb90c3d0973820ee39d54f44a1dbffefca3f Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 23 Aug 2024 17:15:04 -0400 Subject: [PATCH 70/84] boards: noverify-all replaced by noverify Per docs, noverify-all: -N | --noverify-all verify included regions only (cf. -i) Where noverify: -n | --noverify don't auto-verify Seems like we always intended to skip verification since we use internal programmer here and there would not be any misconnection from probe/clip. Also, on nv41, verification fails, which made me write older rom before rebooting and caused a brick. Could not replicate. But reviewing board configs options made noverify-all obviously not pertinent outside of boards specifying -i/--ifd, which still is non-sense for internal programmer. Signed-off-by: Thierry Laurion --- boards/msi_z690a_ddr4/msi_z690a_ddr4.config | 2 +- boards/msi_z690a_ddr5/msi_z690a_ddr5.config | 2 +- boards/msi_z790p_ddr4/msi_z790p_ddr4.config | 2 +- boards/msi_z790p_ddr5/msi_z790p_ddr5.config | 2 +- boards/nitropad-ns50/nitropad-ns50.config | 2 +- boards/nitropad-nv41/nitropad-nv41.config | 2 +- boards/t420-hotp-maximized/t420-hotp-maximized.config | 2 +- boards/t420-maximized/t420-maximized.config | 2 +- boards/t430-hotp-maximized/t430-hotp-maximized.config | 2 +- boards/t430-maximized/t430-maximized.config | 2 +- boards/t530-hotp-maximized/t530-hotp-maximized.config | 2 +- boards/t530-maximized/t530-maximized.config | 2 +- boards/talos-2/talos-2.config | 2 +- boards/w530-hotp-maximized/w530-hotp-maximized.config | 2 +- boards/w530-maximized/w530-maximized.config | 2 +- boards/x220-hotp-maximized/x220-hotp-maximized.config | 2 +- boards/x220-maximized/x220-maximized.config | 2 +- boards/x230-hotp-legacy/x230-hotp-legacy.config | 2 +- .../x230-hotp-maximized-fhd_edp.config | 2 +- boards/x230-hotp-maximized/x230-hotp-maximized.config | 2 +- .../x230-hotp-maximized_usb-kb.config | 2 +- boards/x230-legacy-flash/x230-legacy-flash.config | 2 +- boards/x230-legacy/x230-legacy.config | 2 +- boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config | 2 +- boards/x230-maximized/x230-maximized.config | 2 +- 25 files changed, 25 insertions(+), 25 deletions(-) diff --git a/boards/msi_z690a_ddr4/msi_z690a_ddr4.config b/boards/msi_z690a_ddr4/msi_z690a_ddr4.config index 3329fcaa1..a0781be24 100644 --- a/boards/msi_z690a_ddr4/msi_z690a_ddr4.config +++ b/boards/msi_z690a_ddr4/msi_z690a_ddr4.config @@ -77,7 +77,7 @@ export CONFIG_BOOT_DEV="/dev/nvme0n1" export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOARD_NAME="MSI PRO Z690-A DDR4" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" # Workaround to access > 16MiB BIOS region on ADL+ export CONFIG_CBFS_VIA_FLASHROM=y diff --git a/boards/msi_z690a_ddr5/msi_z690a_ddr5.config b/boards/msi_z690a_ddr5/msi_z690a_ddr5.config index a2c21a009..a2d08279d 100644 --- a/boards/msi_z690a_ddr5/msi_z690a_ddr5.config +++ b/boards/msi_z690a_ddr5/msi_z690a_ddr5.config @@ -77,7 +77,7 @@ export CONFIG_BOOT_DEV="/dev/nvme0n1" export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOARD_NAME="MSI PRO Z690-A DDR5" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" # Workaround to access > 16MiB BIOS region on ADL+ export CONFIG_CBFS_VIA_FLASHROM=y diff --git a/boards/msi_z790p_ddr4/msi_z790p_ddr4.config b/boards/msi_z790p_ddr4/msi_z790p_ddr4.config index f6a0ad03a..c81dce0ba 100644 --- a/boards/msi_z790p_ddr4/msi_z790p_ddr4.config +++ b/boards/msi_z790p_ddr4/msi_z790p_ddr4.config @@ -77,7 +77,7 @@ export CONFIG_BOOT_DEV="/dev/nvme0n1" export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOARD_NAME="MSI PRO Z790-P DDR4" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" # Workaround to access > 16MiB BIOS region on ADL+ export CONFIG_CBFS_VIA_FLASHROM=y diff --git a/boards/msi_z790p_ddr5/msi_z790p_ddr5.config b/boards/msi_z790p_ddr5/msi_z790p_ddr5.config index 2bdfb01a3..aaf322a6f 100644 --- a/boards/msi_z790p_ddr5/msi_z790p_ddr5.config +++ b/boards/msi_z790p_ddr5/msi_z790p_ddr5.config @@ -77,7 +77,7 @@ export CONFIG_BOOT_DEV="/dev/nvme0n1" export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOARD_NAME="MSI PRO Z790-P DDR5" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" # Workaround to access > 16MiB BIOS region on ADL+ export CONFIG_CBFS_VIA_FLASHROM=y diff --git a/boards/nitropad-ns50/nitropad-ns50.config b/boards/nitropad-ns50/nitropad-ns50.config index 2c9e2b284..6d371895c 100644 --- a/boards/nitropad-ns50/nitropad-ns50.config +++ b/boards/nitropad-ns50/nitropad-ns50.config @@ -69,5 +69,5 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/nvme0n1" export CONFIG_BOARD_NAME="Nitropad NS50" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 diff --git a/boards/nitropad-nv41/nitropad-nv41.config b/boards/nitropad-nv41/nitropad-nv41.config index ff68302fb..af8c06ef0 100644 --- a/boards/nitropad-nv41/nitropad-nv41.config +++ b/boards/nitropad-nv41/nitropad-nv41.config @@ -69,5 +69,5 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/nvme0n1" export CONFIG_BOARD_NAME="Nitropad NV41" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 diff --git a/boards/t420-hotp-maximized/t420-hotp-maximized.config b/boards/t420-hotp-maximized/t420-hotp-maximized.config index 9a8a39a54..4eae9842e 100644 --- a/boards/t420-hotp-maximized/t420-hotp-maximized.config +++ b/boards/t420-hotp-maximized/t420-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal:ich_spi_mode=hwseq" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/boards/t420-maximized/t420-maximized.config b/boards/t420-maximized/t420-maximized.config index 372a3b675..a893c4c80 100644 --- a/boards/t420-maximized/t420-maximized.config +++ b/boards/t420-maximized/t420-maximized.config @@ -65,7 +65,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal:ich_spi_mode=hwseq" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/boards/t430-hotp-maximized/t430-hotp-maximized.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config index 44c466e35..b68081de3 100644 --- a/boards/t430-hotp-maximized/t430-hotp-maximized.config +++ b/boards/t430-hotp-maximized/t430-hotp-maximized.config @@ -65,7 +65,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/t430-maximized/t430-maximized.config b/boards/t430-maximized/t430-maximized.config index 32e9e0ff9..81abde7bb 100644 --- a/boards/t430-maximized/t430-maximized.config +++ b/boards/t430-maximized/t430-maximized.config @@ -65,7 +65,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/t530-hotp-maximized/t530-hotp-maximized.config b/boards/t530-hotp-maximized/t530-hotp-maximized.config index 55a5b36be..5b881a4c2 100644 --- a/boards/t530-hotp-maximized/t530-hotp-maximized.config +++ b/boards/t530-hotp-maximized/t530-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/t530-maximized/t530-maximized.config b/boards/t530-maximized/t530-maximized.config index 6a604c932..a170dae94 100644 --- a/boards/t530-maximized/t530-maximized.config +++ b/boards/t530-maximized/t530-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/talos-2/talos-2.config b/boards/talos-2/talos-2.config index cc92b6944..82d2abbcb 100644 --- a/boards/talos-2/talos-2.config +++ b/boards/talos-2/talos-2.config @@ -48,6 +48,6 @@ export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_KERNEL_ADD="console=tty0 console=hvc0 rootdelay=3 rootwait panic=10" export CONFIG_BOOT_DEV="/dev/nvme0n1p2" export CONFIG_BOARD_NAME="Talos 2" -export CONFIG_FLASHROM_OPTIONS="--noverify-all -p linux_mtd" +export CONFIG_FLASHROM_OPTIONS="--noverify -p linux_mtd" BOARD_TARGETS := ppc_tgz diff --git a/boards/w530-hotp-maximized/w530-hotp-maximized.config b/boards/w530-hotp-maximized/w530-hotp-maximized.config index 34318979d..9229fadfd 100644 --- a/boards/w530-hotp-maximized/w530-hotp-maximized.config +++ b/boards/w530-hotp-maximized/w530-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/w530-maximized/w530-maximized.config b/boards/w530-maximized/w530-maximized.config index 7ee6cf1ec..9ffd711ee 100644 --- a/boards/w530-maximized/w530-maximized.config +++ b/boards/w530-maximized/w530-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x220-hotp-maximized/x220-hotp-maximized.config b/boards/x220-hotp-maximized/x220-hotp-maximized.config index ce67877bb..6cdc0db18 100644 --- a/boards/x220-hotp-maximized/x220-hotp-maximized.config +++ b/boards/x220-hotp-maximized/x220-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal:ich_spi_mode=hwseq" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/boards/x220-maximized/x220-maximized.config b/boards/x220-maximized/x220-maximized.config index 992f89256..4a34be810 100644 --- a/boards/x220-maximized/x220-maximized.config +++ b/boards/x220-maximized/x220-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal:ich_spi_mode=hwseq" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS += xx20_me_blobs diff --git a/boards/x230-hotp-legacy/x230-hotp-legacy.config b/boards/x230-hotp-legacy/x230-hotp-legacy.config index 960aded5d..55c8e900f 100644 --- a/boards/x230-hotp-legacy/x230-hotp-legacy.config +++ b/boards/x230-hotp-legacy/x230-hotp-legacy.config @@ -63,7 +63,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-legacy" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config index 31b43f108..a307a07ac 100644 --- a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config +++ b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config @@ -79,7 +79,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized-eDP" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config index a1f5c3cec..01538a520 100644 --- a/boards/x230-hotp-maximized/x230-hotp-maximized.config +++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config @@ -81,7 +81,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config index 987e8bb23..1fc8758d9 100644 --- a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config +++ b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config @@ -75,7 +75,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized_usb-kb" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-legacy-flash/x230-legacy-flash.config b/boards/x230-legacy-flash/x230-legacy-flash.config index 5122468c4..cf8b35b36 100644 --- a/boards/x230-legacy-flash/x230-legacy-flash.config +++ b/boards/x230-legacy-flash/x230-legacy-flash.config @@ -29,7 +29,7 @@ CONFIG_LINUX_USB=y export CONFIG_BOOTSCRIPT=/bin/xx30-flash.init export CONFIG_BOARD_NAME="ThinkPad X230-legacy-flash" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal --ifd --image bios" CONFIG_LEGACY_FLASH=y diff --git a/boards/x230-legacy/x230-legacy.config b/boards/x230-legacy/x230-legacy.config index 88d86fce9..65cee45aa 100644 --- a/boards/x230-legacy/x230-legacy.config +++ b/boards/x230-legacy/x230-legacy.config @@ -56,7 +56,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-legacy" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config index b6e1016c4..1f283d210 100644 --- a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config +++ b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config @@ -78,7 +78,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-maximized-eDP" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-maximized/x230-maximized.config b/boards/x230-maximized/x230-maximized.config index eafb4d365..a9a593ab4 100644 --- a/boards/x230-maximized/x230-maximized.config +++ b/boards/x230-maximized/x230-maximized.config @@ -69,7 +69,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs From 52992664ea72ffb85714b395e7ac57dc7c1e5ab2 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sat, 24 Aug 2024 12:49:10 -0400 Subject: [PATCH 71/84] Improve TPM Extend infor in normal and DEBUG mode cbfs-init: remove temp files, measure direct cbfs output, extend PCR with proper introspection tracing flash.sh: do not die but go to recovery if flashrom fails, cosmetic fix for warning given to user kexec-insert-key: extend PCR with proper introspection tracing kexec-select-boot: extend PCR with proper introspection tracing kexec-measure-luks: extend PCR with proper introspection tracing tpmr: Add missing TRACE_FUNC, fix comments, extend give hash that was extended to tpm call in DEBUG, fix TPM startsession unsuppressed output still present ash_functions: extend PCR with proper introspection tracing insmod: DEBUG info more pertinent, extend PCR with proper introspection tracing Signed-off-by: Thierry Laurion --- initrd/bin/cbfs-init | 11 ++++------- initrd/bin/flash.sh | 4 ++-- initrd/bin/kexec-insert-key | 2 +- initrd/bin/kexec-select-boot | 4 ++-- initrd/bin/qubes-measure-luks | 2 +- initrd/bin/tpmr | 24 +++++++++++++++++------- initrd/etc/ash_functions | 2 +- initrd/sbin/insmod | 11 ++++------- 8 files changed, 32 insertions(+), 28 deletions(-) diff --git a/initrd/bin/cbfs-init b/initrd/bin/cbfs-init index 09456198d..efec2ca53 100755 --- a/initrd/bin/cbfs-init +++ b/initrd/bin/cbfs-init @@ -15,17 +15,14 @@ cbfsfiles=`cbfs -t 50 -l 2>/dev/null | grep "^heads/initrd/"` for cbfsname in `echo $cbfsfiles`; do filename=${cbfsname:12} if [ ! -z "$filename" ]; then - echo "Loading $filename from CBFS" mkdir -p `dirname $filename` \ || die "$filename: mkdir failed" - cbfs -t 50 -r $cbfsname > "$filename" \ + echo "Extracting CBFS file $cbfsname into $filename" + cbfs -t 50 $CBFS_ARG -r $cbfsname > "$filename" \ || die "$filename: cbfs file read failed" if [ "$CONFIG_TPM" = "y" ]; then - TMPFILE=/tmp/cbfs.$$ - echo "$filename" > $TMPFILE - cat $filename >> $TMPFILE - DEBUG "Extending TPM PCR $CONFIG_PCR with $filename" - tpmr extend -ix "$CONFIG_PCR" -if $TMPFILE \ + echo "TPM: Extending PCR[$CONFIG_PCR with] with $filename" + tpmr extend -ix "$CONFIG_PCR" -if $filename \ || die "$filename: tpm extend failed" fi fi diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 00f2801f1..845d46617 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -48,9 +48,9 @@ flash_rom() { dd if=/tmp/pchstrp9.bin bs=1 count=4 seek=292 of=/tmp/${CONFIG_BOARD}.rom conv=notrunc >/dev/null 2>&1 fi - warn "Do not power off computer. Updating firmware, this will take a few minutes..." + warn "Do not power off computer. Updating firmware, this will take a few minutes" flashrom $CONFIG_FLASHROM_OPTIONS -w /tmp/${CONFIG_BOARD}.rom 2>&1 \ - || die "$ROM: Flash failed" + || recovery "$ROM: Flash failed" fi } diff --git a/initrd/bin/kexec-insert-key b/initrd/bin/kexec-insert-key index 8f7cd502b..84bff4558 100755 --- a/initrd/bin/kexec-insert-key +++ b/initrd/bin/kexec-insert-key @@ -65,7 +65,7 @@ if ! kexec-unseal-key "$INITRD_DIR/secret.key"; then fi # Override PCR 4 so that user can't read the key -DEBUG "Extending TPM PCR 4 to prevent further secret unsealing" +echo "TPM: Extending PCR[4] to prevent any future secret unsealing" tpmr extend -ix 4 -ic generic || die 'Unable to scramble PCR' diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot index a58972662..f56c6e768 100755 --- a/initrd/bin/kexec-select-boot +++ b/initrd/bin/kexec-select-boot @@ -384,9 +384,9 @@ while true; do if [ "$CONFIG_TPM" = "y" ]; then if [ ! -r "$TMP_KEY_DEVICES" ]; then # Extend PCR4 as soon as possible - DEBUG "Extending TPM PCR 4 to prevent further secret unsealing" + DEBUG "TPM: Extending PCR[4] to prevent further secret unsealing" tpmr extend -ix 4 -ic generic || - die "Failed to extend PCR 4" + die "Failed to extend TPM PCR[4]" fi fi diff --git a/initrd/bin/qubes-measure-luks b/initrd/bin/qubes-measure-luks index 4f0ca281e..03db5915d 100755 --- a/initrd/bin/qubes-measure-luks +++ b/initrd/bin/qubes-measure-luks @@ -19,6 +19,6 @@ sha256sum /tmp/lukshdr-* >/tmp/luksDump.txt || die "Unable to hash LUKS headers" DEBUG "Removing /tmp/lukshdr-*" rm /tmp/lukshdr-* -DEBUG "Extending TPM PCR 6 with hash of LUKS headers from /tmp/luksDump.txt" +echo "TPM: Extending PCR[6] with hash of LUKS headers from /tmp/luksDump.txt" tpmr extend -ix 6 -if /tmp/luksDump.txt || die "Unable to extend PCR" diff --git a/initrd/bin/tpmr b/initrd/bin/tpmr index a740d4a03..b96eaf4f8 100755 --- a/initrd/bin/tpmr +++ b/initrd/bin/tpmr @@ -29,11 +29,11 @@ else . /etc/config fi -TRACE_FUNC # Busybox xxd lacks -r, and we get hex dumps from TPM1 commands. This converts # a hex dump to binary data using sed and printf hex2bin() { + TRACE_FUNC sed 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf } @@ -43,6 +43,7 @@ hex2bin() { # as a file still chokes if the password begins with 'hex:', oddly tpm2-tools # accepts 'hex:' in the file content.) tpm2_password_hex() { + TRACE_FUNC echo "hex:$(echo -n "$1" | xxd -p | tr -d ' \n')" } @@ -61,7 +62,7 @@ tpm2_pcrread() { if [ -z "$APPEND" ]; then # Don't append - truncate file now so real command always - # appends + # overwrites true >"$file" fi @@ -79,7 +80,7 @@ tpm1_pcrread() { if [ -z "$APPEND" ]; then # Don't append - truncate file now so real command always - # appends + # overwrites true >"$file" fi @@ -102,9 +103,10 @@ is_hash() { # usage: # extend_pcr_state # alg - either 'sha1' or 'sha256' to specify algorithm -# initial_state - a hash value setting the initial state +# state - a hash value setting the initial state # files/hashes... - any number of files or hashes, state is extended once for each item extend_pcr_state() { + TRACE_FUNC local alg="$1" local state="$2" local next extend @@ -250,7 +252,8 @@ tpm2_extend() { esac done tpm2 pcrextend "$index:sha256=$hash" - DO_WITH_DEBUG tpm2 pcrread "sha256:$index" + tpm2 pcrread "sha256:$index" + DEBUG "TPM: Extended PCR[$index] with $hash" } tpm2_counter_read() { @@ -348,9 +351,9 @@ tpm2_startsession() { die "tpm2_flushcontext: unable to flush saved session" tpm2 readpublic -Q -c "$PRIMARY_HANDLE" -t "$PRIMARY_HANDLE_FILE" #TODO: do the right thing to not have to suppress "WARN: check public portion the tpmkey manually" see https://github.com/linuxboot/heads/pull/1630#issuecomment-2075120429 - tpm2 startauthsession -Q -c "$PRIMARY_HANDLE_FILE" --hmac-session -S "$ENC_SESSION_FILE" 2>&1 > /dev/null + tpm2 startauthsession -Q -c "$PRIMARY_HANDLE_FILE" --hmac-session -S "$ENC_SESSION_FILE" > /dev/null 2>&1 #TODO: do the right thing to not have to suppress "WARN: check public portion the tpmkey manually" see https://github.com/linuxboot/heads/pull/1630#issuecomment-2075120429 - tpm2 startauthsession -Q -c "$PRIMARY_HANDLE_FILE" --hmac-session -S "$DEC_SESSION_FILE" 2>&1 > /dev/null + tpm2 startauthsession -Q -c "$PRIMARY_HANDLE_FILE" --hmac-session -S "$DEC_SESSION_FILE" > /dev/null 2>&1 tpm2 sessionconfig -Q --disable-encrypt "$DEC_SESSION_FILE" } @@ -381,6 +384,7 @@ cleanup_shred() { # tpm2_destroy: Destroy a sealed file in the TPM. The mechanism differs by # TPM version - TPM2 evicts the file object, so it no longer exists. tpm2_destroy() { + TRACE_FUNC index="$1" # Index of the sealed file size="$2" # Size of zeroes to overwrite for TPM1 (unused in TPM2) @@ -396,6 +400,7 @@ tpm2_destroy() { # TPM version - TPM1 overwrites the file with zeroes, since this can be done # without authorization. (Deletion requires authorization.) tpm1_destroy() { + TRACE_FUNC index="$1" # Index of the sealed file size="$2" # Size of zeroes to overwrite for TPM1 @@ -761,6 +766,10 @@ if [ "$CONFIG_TPM2_TOOLS" != "y" ]; then shift tpm1_destroy "$@" ;; + extend) + DEBUG "TPM: Extending PCR[$3] with $5" + DO_WITH_DEBUG exec tpm "$@" + ;; seal) shift tpm1_seal "$@" @@ -799,6 +808,7 @@ calcfuturepcr) replay_pcr "sha256" "$@" ;; extend) + DEBUG "TPM: Extending PCR[$2] with $4" tpm2_extend "$@" ;; counter_read) diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions index 54b721085..bf6c6307a 100644 --- a/initrd/etc/ash_functions +++ b/initrd/etc/ash_functions @@ -241,7 +241,7 @@ recovery() { DEBUG "Board $CONFIG_BOARD - version $(fw_version)" if [ "$CONFIG_TPM" = "y" ]; then - DEBUG "Extending TPM PCR 4 for recovery shell access" + echo "TPM: Extending PCR[4] to prevent any further secret unsealing" tpmr extend -ix 4 -ic recovery fi diff --git a/initrd/sbin/insmod b/initrd/sbin/insmod index 97614fc65..e383eaf44 100755 --- a/initrd/sbin/insmod +++ b/initrd/sbin/insmod @@ -28,7 +28,7 @@ fi # Unify lsmod output to use - instead of _ for comparison module_name=$(basename "$MODULE" | sed 's/_/-/g' | sed 's/\.ko$//') if lsmod | sed 's/_/-/g' | grep -q "^$module_name\\b"; then - DEBUG "$MODULE: already loaded" + DEBUG "$MODULE: already loaded, skipping" exit 0 fi @@ -39,17 +39,14 @@ if [ ! -r /sys/class/tpm/tpm0/pcrs -o ! -x /bin/tpm ]; then fi if [ -z "$tpm_missing" ]; then - DEBUG "Extending TPM PCR $MODULE_PCR with $MODULE prior of usage" + echo "TPM: Extending PCR[$MODULE_PCR] with $MODULE prior of loading into kernel" tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \ || die "$MODULE: tpm extend failed" fi if [ ! -z "$*" -a -z "$tpm_missing" ]; then - DEBUG "Extending TPM PCR $MODULE_PCR with $*" - TMPFILE=/tmp/insmod.$$ - echo "$@" > $TMPFILE - DEBUG "Extending TPM PCR $MODULE_PCR with $MODULE prior of usage" - tpmr extend -ix "$MODULE_PCR" -if $TMPFILE \ + echo "TPM: Extending PCR[$MODULE_PCR] with $MODULE prior of loading into kernel" + tpmr extend -ix "$MODULE_PCR" -if "$MODULE" \ || die "$MODULE: tpm extend on arguments failed" fi From 57aaccc669e335e7070a23cf46025c5915cbb90d Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Wed, 28 Aug 2024 09:57:50 -0400 Subject: [PATCH 72/84] WiP TPM pubkey early boot verification troubleshoot and fix Signed-off-by: Thierry Laurion --- initrd/bin/tpmr | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/initrd/bin/tpmr b/initrd/bin/tpmr index a740d4a03..92388ffa1 100755 --- a/initrd/bin/tpmr +++ b/initrd/bin/tpmr @@ -335,22 +335,32 @@ tpm2_counter_create() { tpm2_startsession() { TRACE_FUNC mkdir -p "$SECRET_DIR" + + TRACE_FUNC tpm2 flushcontext -Q \ --transient-object || die "tpm2_flushcontext: unable to flush transient handles" + TRACE_FUNC tpm2 flushcontext -Q \ --loaded-session || die "tpm2_flushcontext: unable to flush sessions" - + TRACE_FUNC tpm2 flushcontext -Q \ --saved-session || die "tpm2_flushcontext: unable to flush saved session" - tpm2 readpublic -Q -c "$PRIMARY_HANDLE" -t "$PRIMARY_HANDLE_FILE" + #TODO: do the right thing to not have to suppress "WARN: check public portion the tpmkey manually" see https://github.com/linuxboot/heads/pull/1630#issuecomment-2075120429 + TRACE_FUNC + tpm2 readpublic -Q -c "$PRIMARY_HANDLE" -t "$PRIMARY_HANDLE_FILE" 2>&1 > /dev/null + #TODO: do the right thing to not have to suppress "WARN: check public portion the tpmkey manually" see https://github.com/linuxboot/heads/pull/1630#issuecomment-2075120429 + TRACE_FUNC tpm2 startauthsession -Q -c "$PRIMARY_HANDLE_FILE" --hmac-session -S "$ENC_SESSION_FILE" 2>&1 > /dev/null #TODO: do the right thing to not have to suppress "WARN: check public portion the tpmkey manually" see https://github.com/linuxboot/heads/pull/1630#issuecomment-2075120429 + TRACE_FUNC tpm2 startauthsession -Q -c "$PRIMARY_HANDLE_FILE" --hmac-session -S "$DEC_SESSION_FILE" 2>&1 > /dev/null + #TODO: do the right thing to not have to suppress "WARN: check public portion the tpmkey manually" see https://github.com/linuxboot/heads/pull/1630#issuecomment-2075120429 + TRACE_FUNC tpm2 sessionconfig -Q --disable-encrypt "$DEC_SESSION_FILE" } From 7ca8d42cde0cf41591e2e1d757a779cde3a656b4 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Wed, 28 Aug 2024 14:09:18 -0400 Subject: [PATCH 73/84] tpmr : match desc of function in comment Co-authored-by: JonathonHall-Purism <109107914+JonathonHall-Purism@users.noreply.github.com> Signed-off-by: Thierry Laurion --- initrd/bin/tpmr | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/tpmr b/initrd/bin/tpmr index b96eaf4f8..fb10f0c7a 100755 --- a/initrd/bin/tpmr +++ b/initrd/bin/tpmr @@ -101,7 +101,7 @@ is_hash() { # extend_pcr_state - extend a PCR state value with more hashes or raw data (which is hashed) # usage: -# extend_pcr_state +# extend_pcr_state # alg - either 'sha1' or 'sha256' to specify algorithm # state - a hash value setting the initial state # files/hashes... - any number of files or hashes, state is extended once for each item From cab0aa2583eff0634a132205ee0b2cffe8a09dc7 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sat, 31 Aug 2024 09:43:03 -0400 Subject: [PATCH 74/84] add flashprog support: failed attempt to use review.sourcearcade.org for tarballs download MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add Makefile new app dep verification - Add modules/flashprog pointing to review.sourcearcade.org: website faisl to produce reproducible tarballs. Notes: - Unfortunately, we cannot use review platform to renerate reproducible tarballs, those don't have the same checksum on each download: user@heads-tests-deb12-nix:~/heads$ wget https://review.sourcearcade.org/changes/flashprog~72991/revisions/5/archive?format=tgz -O test.tar.gz --2024-08-31 09:38:14-- https://review.sourcearcade.org/changes/flashprog~72991/revisions/5/archive?format=tgz Resolving review.sourcearcade.org (review.sourcearcade.org)... 88.99.35.89 Connecting to review.sourcearcade.org (review.sourcearcade.org)|88.99.35.89|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [application/x-gzip] Saving to: ‘test.tar.gz’ test.tar.gz [ <=> ] 508.19K 225KB/s in 2.3s 2024-08-31 09:38:18 (225 KB/s) - ‘test.tar.gz’ saved [520389] user@heads-tests-deb12-nix:~/heads$ sha256sum test.tar.gz af2fb823c2699d37db284c1b3066352a59446b7ea491a585df4eeaa25d932a29 test.tar.gz user@heads-tests-deb12-nix:~/heads$ sha256sum test.tar.gz af2fb823c2699d37db284c1b3066352a59446b7ea491a585df4eeaa25d932a29 test.tar.gz user@heads-tests-deb12-nix:~/heads$ wget https://review.sourcearcade.org/changes/flashprog~72991/revisions/5/archive?format=tgz -O test.tar.gz --2024-08-31 09:38:37-- https://review.sourcearcade.org/changes/flashprog~72991/revisions/5/archive?format=tgz Resolving review.sourcearcade.org (review.sourcearcade.org)... 88.99.35.89 Connecting to review.sourcearcade.org (review.sourcearcade.org)|88.99.35.89|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [application/x-gzip] Saving to: ‘test.tar.gz’ test.tar.gz [ <=> ] 508.22K 855KB/s in 0.6s 2024-08-31 09:38:38 (855 KB/s) - ‘test.tar.gz’ saved [520417] user@heads-tests-deb12-nix:~/heads$ sha256sum test.tar.gz 9225002d508bd8e2fc42a2bdcd0741cb93ed2cfc811fcd7e03b0242205d4954b test.tar.gz user@heads-tests-deb12-nix:~/heads$ wget https://review.sourcearcade.org/changes/flashprog~72991/revisions/5/archive?format=tgz -O test.tar.gz --2024-08-31 09:38:43-- https://review.sourcearcade.org/changes/flashprog~72991/revisions/5/archive?format=tgz Resolving review.sourcearcade.org (review.sourcearcade.org)... 88.99.35.89 Connecting to review.sourcearcade.org (review.sourcearcade.org)|88.99.35.89|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [application/x-gzip] Saving to: ‘test.tar.gz’ test.tar.gz [ <=> ] 508.18K 367KB/s in 1.4s 2024-08-31 09:38:45 (367 KB/s) - ‘test.tar.gz’ saved [520378] user@heads-tests-deb12-nix:~/heads$ sha256sum test.tar.gz ebdb7ac0c964178bc312d50547cc7ec82c1c5ffb7d04167fe0ac83deca94ee81 test.tar.gz - Github mirror is only for commited code. Will have to work around that somehow : https://github.com/SourceArcade/flashprog Signed-off-by: Thierry Laurion --- Makefile | 1 + .../qemu-coreboot-whiptail-tpm2.config | 3 +- modules/flashprog | 48 +++++++++++++++++++ 3 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 modules/flashprog diff --git a/Makefile b/Makefile index c952ab001..616a2570c 100644 --- a/Makefile +++ b/Makefile @@ -604,6 +604,7 @@ bin_modules-$(CONFIG_KEXEC) += kexec bin_modules-$(CONFIG_TPMTOTP) += tpmtotp bin_modules-$(CONFIG_PCIUTILS) += pciutils bin_modules-$(CONFIG_FLASHROM) += flashrom +bin_modules-$(CONFIG_FLASHPROG) += flashprog bin_modules-$(CONFIG_CRYPTSETUP) += cryptsetup bin_modules-$(CONFIG_CRYPTSETUP2) += cryptsetup2 bin_modules-$(CONFIG_GPG) += gpg diff --git a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config index cdcd3946c..63e4c740b 100644 --- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config +++ b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config @@ -37,7 +37,8 @@ CONFIG_BUSYBOX=n else #Modules packed into tools.cpio CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +#CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y diff --git a/modules/flashprog b/modules/flashprog new file mode 100644 index 000000000..11ac22712 --- /dev/null +++ b/modules/flashprog @@ -0,0 +1,48 @@ +modules-$(CONFIG_FLASHPROG) += flashprog + +flashprog_depends := pciutils $(musl_dep) + +flashprog_change := 72991 +flashprog_revision := 5 +flashprog_version := $(flashprog_change)_$(flashprog_revision) +flashprog_dir := flashprog-$(flashprog_version) +flashprog_tar := $(flashprog_dir).tar.gz +flashprog_url := https://review.sourcearcade.org/changes/flashprog~$(flashprog_change)/revisions/$(flashprog_revision)/archive?format=tgz +flashprog_hash := 8e8e6d901d3bc37b80db1f10dd21b9490709bdb54a0ca06892f8922a284f2ed9 + +# Default options for flashprog +flashprog_cfg := \ + WARNERROR=no \ + CONFIG_NOTHING=yes \ + CONFIG_INTERNAL=yes \ + CONFIG_INTERNAL_X86=yes \ + +ifeq "$(CONFIG_TARGET_ARCH)" "ppc64" +flashprog_cfg := \ + WARNERROR=no \ + CONFIG_NOTHING=yes \ + CONFIG_LINUX_MTD=yes +endif + +#Only enable AST1100 if requested per board configs +ifeq "$(CONFIG_FLASHPROG_AST1100)" "y" +flashprog_cfg += CONFIG_AST1100=yes +endif + +flashprog_target := \ + $(MAKE_JOBS) \ + CFLAGS="-Os -I$(INSTALL)/include/pci" \ + DESTDIR="$(INSTALL)" \ + INSTALL="$(INSTALL)" \ + LDFLAGS="-L$(INSTALL)/lib" \ + PREFIX="$(INSTALL)" \ + $(CROSS_TOOLS) \ + $(flashprog_cfg) \ + flashprog + +flashprog_output := \ + flashprog + +flashprog_libraries := \ + +flashprog_configure := From cba46e4ed84c11bd294614ea4d357abf79b77ebf Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 1 Sep 2024 14:45:38 -0400 Subject: [PATCH 75/84] flashprog: use latest head commit of wp_cli branch which is experimental branch This is https://github.com/SourceArcade/flashprog/tree/wp_cli Signed-off-by: Thierry Laurion --- modules/flashprog | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/modules/flashprog b/modules/flashprog index 11ac22712..1e257b04f 100644 --- a/modules/flashprog +++ b/modules/flashprog @@ -2,13 +2,11 @@ modules-$(CONFIG_FLASHPROG) += flashprog flashprog_depends := pciutils $(musl_dep) -flashprog_change := 72991 -flashprog_revision := 5 -flashprog_version := $(flashprog_change)_$(flashprog_revision) +flashprog_version := 9dc6d843b0678001c9baf0e8602ecb25b16329d2 flashprog_dir := flashprog-$(flashprog_version) flashprog_tar := $(flashprog_dir).tar.gz -flashprog_url := https://review.sourcearcade.org/changes/flashprog~$(flashprog_change)/revisions/$(flashprog_revision)/archive?format=tgz -flashprog_hash := 8e8e6d901d3bc37b80db1f10dd21b9490709bdb54a0ca06892f8922a284f2ed9 +flashprog_url := https://github.com/SourceArcade/flashprog/archive/$(flashprog_version).tar.gz +flashprog_hash := fa4ddf3b60314994a37e4599122ae4c7f42135c13c782e580bc580d715cfa2fc # Default options for flashprog flashprog_cfg := \ From 91cbc66e98ef4f171f1f7e85c29b8c12fd3785e6 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 1 Sep 2024 15:53:39 -0400 Subject: [PATCH 76/84] ash_functions: make sure newlines are passed, fix error redirection Signed-off-by: Thierry Laurion --- initrd/etc/ash_functions | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions index 54b721085..8daea0146 100644 --- a/initrd/etc/ash_functions +++ b/initrd/etc/ash_functions @@ -5,9 +5,9 @@ die() { if [ "$CONFIG_DEBUG_OUTPUT" = "y" ];then - echo " !!! ERROR: $* !!!" | tee -a /tmp/debug.log /dev/kmsg > /dev/null; + echo -e " !!! ERROR: $* !!!" | tee -a /tmp/debug.log /dev/kmsg > /dev/null; else - echo >&2 "!!! ERROR: $* !!!"; + echo -e "!!! ERROR: $* !!!" > &2; fi sleep 2; exit 1; @@ -15,9 +15,9 @@ die() { warn() { if [ "$CONFIG_DEBUG_OUTPUT" = "y" ];then - echo " *** WARNING: $* ***" | tee -a /tmp/debug.log /dev/kmsg > /dev/null; + echo -e " *** WARNING: $* ***" | tee -a /tmp/debug.log /dev/kmsg > /dev/null; else - echo >&2 " *** WARNING: $* ***"; + echo -e " *** WARNING: $* ***" > &2; fi sleep 1; } From c1f0fbb505238bb426c1c984c853e296e9933303 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 1 Sep 2024 15:02:42 -0400 Subject: [PATCH 77/84] flash.sh: FLASHROM_OPTIONS->FLASH_OPTIONS: require FLASH_OPTIONS to specify flash program in board configs - boards: switch flashrom->flashprog, FLASH_OPTIONS: flashprog memory --progress --programmer internal TODO: check, Might break: - xx20 : x220/t420/t520: used hwseq: verify compat - legacy : not sure --ifd bios are support: verify compat (and drop, future PR drop legacy boards anyway...) - talos: linux_mtd is used: verify compat Tested: - x230 works with awesome progress bar on read, erase and write. Signed-off-by: Thierry Laurion --- ...UNMAINTAINED_kgpe-d16_server-whiptail.config | 4 ++-- .../UNMAINTAINED_kgpe-d16_server.config | 4 ++-- ...NED_kgpe-d16_workstation-usb_keyboard.config | 4 ++-- .../UNMAINTAINED_kgpe-d16_workstation.config | 4 ++-- boards/librem_11/librem_11.config | 4 ++-- boards/librem_13v2/librem_13v2.config | 4 ++-- boards/librem_13v4/librem_13v4.config | 4 ++-- boards/librem_14/librem_14.config | 4 ++-- boards/librem_15v3/librem_15v3.config | 4 ++-- boards/librem_15v4/librem_15v4.config | 4 ++-- boards/librem_l1um/librem_l1um.config | 4 ++-- boards/librem_l1um_v2/librem_l1um_v2.config | 4 ++-- boards/librem_mini/librem_mini.config | 4 ++-- boards/librem_mini_v2/librem_mini_v2.config | 4 ++-- boards/nitropad-ns50/nitropad-ns50.config | 4 ++-- boards/nitropad-nv41/nitropad-nv41.config | 4 ++-- .../qemu-coreboot-fbwhiptail-tpm1-hotp.config | 4 ++-- .../qemu-coreboot-fbwhiptail-tpm1.config | 4 ++-- .../qemu-coreboot-fbwhiptail-tpm2-hotp.config | 4 ++-- .../qemu-coreboot-fbwhiptail-tpm2.config | 4 ++-- .../qemu-coreboot-whiptail-tpm1-hotp.config | 4 ++-- .../qemu-coreboot-whiptail-tpm1.config | 4 ++-- .../qemu-coreboot-whiptail-tpm2-hotp.config | 4 ++-- .../qemu-coreboot-whiptail-tpm2.config | 3 +-- .../t420-hotp-maximized.config | 4 ++-- boards/t420-maximized/t420-maximized.config | 4 ++-- .../t430-hotp-maximized.config | 4 ++-- boards/t430-maximized/t430-maximized.config | 4 ++-- boards/t440p-maximized/t440p-maximized.config | 4 ++-- .../t530-hotp-maximized.config | 4 ++-- boards/t530-maximized/t530-maximized.config | 4 ++-- boards/talos-2/talos-2.config | 4 ++-- .../w530-hotp-maximized.config | 4 ++-- boards/w530-maximized/w530-maximized.config | 4 ++-- boards/w541-maximized/w541-maximized.config | 4 ++-- .../x220-hotp-maximized.config | 4 ++-- boards/x220-maximized/x220-maximized.config | 4 ++-- boards/x230-hotp-legacy/x230-hotp-legacy.config | 4 ++-- .../x230-hotp-maximized-fhd_edp.config | 4 ++-- .../x230-hotp-maximized.config | 4 ++-- .../x230-hotp-maximized_usb-kb.config | 4 ++-- .../x230-legacy-flash/x230-legacy-flash.config | 4 ++-- boards/x230-legacy/x230-legacy.config | 4 ++-- .../x230-maximized-fhd_edp.config | 4 ++-- boards/x230-maximized/x230-maximized.config | 4 ++-- .../z220-cmt-maximized.config | 6 +++--- initrd/bin/flash.sh | 17 +++++++++-------- initrd/etc/ash_functions | 4 ++-- ...MAINTAINED_p8z77-m_pro-tpm1-maximized.config | 4 ++-- .../UNMAINTAINED_qemu-linuxboot.config | 2 +- .../UNMAINTAINED_t420/UNMAINTAINED_t420.config | 4 ++-- .../UNMAINTAINED_t430-hotp-legacy.config | 4 ++-- .../UNMAINTAINED_t430-legacy-flash.config | 4 ++-- .../UNMAINTAINED_t430-legacy.config | 4 ++-- .../UNMAINTAINED_t520-hotp-maximized.config | 4 ++-- .../UNMAINTAINED_t520-maximized.config | 4 ++-- ...UNMAINTAINED_t530-dgpu-hotp-maximized.config | 4 ++-- .../UNMAINTAINED_t530-dgpu-maximized.config | 4 ++-- ...AINED_w530-dgpu-K1000m-hotp-maximized.config | 4 ++-- ...MAINTAINED_w530-dgpu-K1000m-maximized.config | 4 ++-- ...AINED_w530-dgpu-K2000m-hotp-maximized.config | 4 ++-- ...MAINTAINED_w530-dgpu-K2000m-maximized.config | 4 ++-- .../UNMAINTAINED_x220/UNMAINTAINED_x220.config | 4 ++-- .../UNTESTED_leopard/UNTESTED_leopard.config | 2 +- .../UNTESTED_r630/UNTESTED_r630.config | 2 +- .../UNTESTED_s2600wf/UNTESTED_s2600wf.config | 2 +- .../UNTESTED_tioga/UNTESTED_tioga.config | 2 +- .../UNTESTED_winterfell.config | 2 +- 68 files changed, 137 insertions(+), 137 deletions(-) diff --git a/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config b/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config index 045ccf01e..4f92c1f70 100644 --- a/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config +++ b/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config @@ -25,7 +25,7 @@ CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_server-whiptail.config CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_server-whiptail.config CONFIG_CRYPTSETUP=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -73,5 +73,5 @@ export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="KGPE-D16 Server-whiptail" export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #export CONFIG_BOOT_STATIC_IP=192.168.1.2 diff --git a/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config b/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config index 26a261ec9..ab1198fd6 100644 --- a/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config +++ b/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config @@ -23,7 +23,7 @@ CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_server.config CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_server.config CONFIG_CRYPTSETUP=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -60,5 +60,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="KGPE-D16 Server" export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #export CONFIG_BOOT_STATIC_IP=192.168.1.2 diff --git a/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config b/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config index 519c78109..a6cfd3763 100644 --- a/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config +++ b/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config @@ -19,7 +19,7 @@ CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_workstation-usb_keyboard.config CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_workstation.config CONFIG_CRYPTSETUP=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -68,4 +68,4 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="KGPE-D16 Workstation-USB-Keyboard" export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" diff --git a/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config b/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config index 6cee65ca1..e59855efc 100644 --- a/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config +++ b/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config @@ -23,7 +23,7 @@ CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_workstation.config CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_workstation.config CONFIG_CRYPTSETUP=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -69,4 +69,4 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="KGPE-D16 Workstation" export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" diff --git a/boards/librem_11/librem_11.config b/boards/librem_11/librem_11.config index 63025aff3..8a8c6836f 100644 --- a/boards/librem_11/librem_11.config +++ b/boards/librem_11/librem_11.config @@ -7,7 +7,7 @@ export CONFIG_COREBOOT_VERSION=purism export CONFIG_LINUX_VERSION=6.1.8 CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 11" -export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" diff --git a/boards/librem_13v2/librem_13v2.config b/boards/librem_13v2/librem_13v2.config index 835831aad..bca162b9e 100644 --- a/boards/librem_13v2/librem_13v2.config +++ b/boards/librem_13v2/librem_13v2.config @@ -7,7 +7,7 @@ export CONFIG_COREBOOT_VERSION=purism export CONFIG_LINUX_VERSION=6.1.8 CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 13 v2/v3" -export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_13v4/librem_13v4.config b/boards/librem_13v4/librem_13v4.config index afded52a7..c0402e449 100644 --- a/boards/librem_13v4/librem_13v4.config +++ b/boards/librem_13v4/librem_13v4.config @@ -7,7 +7,7 @@ export CONFIG_COREBOOT_VERSION=purism export CONFIG_LINUX_VERSION=6.1.8 CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 13 v4" -export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_14/librem_14.config b/boards/librem_14/librem_14.config index 7eb296d60..bbb3c1cca 100644 --- a/boards/librem_14/librem_14.config +++ b/boards/librem_14/librem_14.config @@ -7,7 +7,7 @@ export CONFIG_COREBOOT_VERSION=purism export CONFIG_LINUX_VERSION=6.1.8 CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -36,7 +36,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 14" -export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" diff --git a/boards/librem_15v3/librem_15v3.config b/boards/librem_15v3/librem_15v3.config index e3c55575a..384f82dad 100644 --- a/boards/librem_15v3/librem_15v3.config +++ b/boards/librem_15v3/librem_15v3.config @@ -7,7 +7,7 @@ export CONFIG_COREBOOT_VERSION=purism export CONFIG_LINUX_VERSION=6.1.8 CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 15 v3" -export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_15v4/librem_15v4.config b/boards/librem_15v4/librem_15v4.config index d57830552..75922796b 100644 --- a/boards/librem_15v4/librem_15v4.config +++ b/boards/librem_15v4/librem_15v4.config @@ -7,7 +7,7 @@ export CONFIG_COREBOOT_VERSION=purism export CONFIG_LINUX_VERSION=6.1.8 CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KBD=y @@ -38,7 +38,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 15 v4" -export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_l1um/librem_l1um.config b/boards/librem_l1um/librem_l1um.config index 1956c63a6..05c3d7b5f 100644 --- a/boards/librem_l1um/librem_l1um.config +++ b/boards/librem_l1um/librem_l1um.config @@ -8,7 +8,7 @@ export CONFIG_LINUX_VERSION=5.10.5 export CONFIG_PURISM_BLOBS=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem Server L1UM" export CONFIG_AUTO_BOOT_TIMEOUT=5 -export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_l1um_v2/librem_l1um_v2.config b/boards/librem_l1um_v2/librem_l1um_v2.config index bc5153516..008393f3d 100644 --- a/boards/librem_l1um_v2/librem_l1um_v2.config +++ b/boards/librem_l1um_v2/librem_l1um_v2.config @@ -7,7 +7,7 @@ export CONFIG_COREBOOT_VERSION=purism export CONFIG_LINUX_VERSION=6.1.8 CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -41,7 +41,7 @@ export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem Server L1UM v2" export CONFIG_AUTO_BOOT_TIMEOUT=5 -export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_mini/librem_mini.config b/boards/librem_mini/librem_mini.config index bc0208789..78c818b56 100644 --- a/boards/librem_mini/librem_mini.config +++ b/boards/librem_mini/librem_mini.config @@ -7,7 +7,7 @@ export CONFIG_COREBOOT_VERSION=purism export CONFIG_LINUX_VERSION=6.1.8 CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_IOPORT=y @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem Mini" -export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" diff --git a/boards/librem_mini_v2/librem_mini_v2.config b/boards/librem_mini_v2/librem_mini_v2.config index eb0349c12..ddebbe4c7 100644 --- a/boards/librem_mini_v2/librem_mini_v2.config +++ b/boards/librem_mini_v2/librem_mini_v2.config @@ -7,7 +7,7 @@ export CONFIG_COREBOOT_VERSION=purism export CONFIG_LINUX_VERSION=6.1.8 CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_IOPORT=y @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem Mini v2" -export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" diff --git a/boards/nitropad-ns50/nitropad-ns50.config b/boards/nitropad-ns50/nitropad-ns50.config index 2c9e2b284..f598218dd 100644 --- a/boards/nitropad-ns50/nitropad-ns50.config +++ b/boards/nitropad-ns50/nitropad-ns50.config @@ -21,7 +21,7 @@ CONFIG_MOBILE_TETHERING=y #Modules packed into tools.cpio CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -69,5 +69,5 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/nvme0n1" export CONFIG_BOARD_NAME="Nitropad NS50" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 diff --git a/boards/nitropad-nv41/nitropad-nv41.config b/boards/nitropad-nv41/nitropad-nv41.config index ff68302fb..6e5d3650d 100644 --- a/boards/nitropad-nv41/nitropad-nv41.config +++ b/boards/nitropad-nv41/nitropad-nv41.config @@ -21,7 +21,7 @@ CONFIG_MOBILE_TETHERING=y #Modules packed into tools.cpio CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -69,5 +69,5 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/nvme0n1" export CONFIG_BOARD_NAME="Nitropad NV41" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config index e455bbdfb..0cd68738b 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config @@ -39,7 +39,7 @@ CONFIG_BUSYBOX=n else #Modules packed into tools.cpio CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -92,7 +92,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1-hotp" -#export CONFIG_FLASHROM_OPTIONS="-p internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config index 127b3a0d5..52cfeed79 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config @@ -37,7 +37,7 @@ CONFIG_BUSYBOX=n else #Modules packed into tools.cpio CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -90,7 +90,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1" -#export CONFIG_FLASHROM_OPTIONS="-p internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config index 11f6fccd9..9d1ef0ae8 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config @@ -38,7 +38,7 @@ CONFIG_BUSYBOX=n else #Modules packed into tools.cpio CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -91,7 +91,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2-hotp" -#export CONFIG_FLASHROM_OPTIONS="-p internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config index 1619f8329..ca27a3d54 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config @@ -37,7 +37,7 @@ CONFIG_BUSYBOX=n else #Modules packed into tools.cpio CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -90,7 +90,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2" -#export CONFIG_FLASHROM_OPTIONS="-p internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config index 4cea2c60a..f989c3ba5 100644 --- a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config @@ -39,7 +39,7 @@ CONFIG_BUSYBOX=n else #Modules packed into tools.cpio CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -92,7 +92,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1-hotp" -#export CONFIG_FLASHROM_OPTIONS="-p internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config index 7f787362e..6f1213b1e 100644 --- a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config +++ b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config @@ -37,7 +37,7 @@ CONFIG_BUSYBOX=n else #Modules packed into tools.cpio CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -90,7 +90,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1" -#export CONFIG_FLASHROM_OPTIONS="-p internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config index d7a606e7b..713fc6c9f 100644 --- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config @@ -38,7 +38,7 @@ CONFIG_BUSYBOX=n else #Modules packed into tools.cpio CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -91,7 +91,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2-hotp" -#export CONFIG_FLASHROM_OPTIONS="-p internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config index 63e4c740b..108faace5 100644 --- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config +++ b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config @@ -37,7 +37,6 @@ CONFIG_BUSYBOX=n else #Modules packed into tools.cpio CONFIG_CRYPTSETUP2=y -#CONFIG_FLASHROM=y CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y @@ -91,7 +90,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2" -#export CONFIG_FLASHROM_OPTIONS="-p internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/t420-hotp-maximized/t420-hotp-maximized.config b/boards/t420-hotp-maximized/t420-hotp-maximized.config index 9a8a39a54..b0db09ea6 100644 --- a/boards/t420-hotp-maximized/t420-hotp-maximized.config +++ b/boards/t420-hotp-maximized/t420-hotp-maximized.config @@ -21,7 +21,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/boards/t420-maximized/t420-maximized.config b/boards/t420-maximized/t420-maximized.config index 372a3b675..4a23bd273 100644 --- a/boards/t420-maximized/t420-maximized.config +++ b/boards/t420-maximized/t420-maximized.config @@ -20,7 +20,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -65,7 +65,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/boards/t430-hotp-maximized/t430-hotp-maximized.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config index 44c466e35..921677e70 100644 --- a/boards/t430-hotp-maximized/t430-hotp-maximized.config +++ b/boards/t430-hotp-maximized/t430-hotp-maximized.config @@ -19,7 +19,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -65,7 +65,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/t430-maximized/t430-maximized.config b/boards/t430-maximized/t430-maximized.config index 32e9e0ff9..a6cb3cd9f 100644 --- a/boards/t430-maximized/t430-maximized.config +++ b/boards/t430-maximized/t430-maximized.config @@ -19,7 +19,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -65,7 +65,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/t440p-maximized/t440p-maximized.config b/boards/t440p-maximized/t440p-maximized.config index c1c9ac89d..c0da647cf 100644 --- a/boards/t440p-maximized/t440p-maximized.config +++ b/boards/t440p-maximized/t440p-maximized.config @@ -8,7 +8,7 @@ export CONFIG_COREBOOT_VERSION=24.02.01 export CONFIG_LINUX_VERSION=5.10.5 CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -39,7 +39,7 @@ export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T440p-maximized" -export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ diff --git a/boards/t530-hotp-maximized/t530-hotp-maximized.config b/boards/t530-hotp-maximized/t530-hotp-maximized.config index 55a5b36be..81fa5d401 100644 --- a/boards/t530-hotp-maximized/t530-hotp-maximized.config +++ b/boards/t530-hotp-maximized/t530-hotp-maximized.config @@ -20,7 +20,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/t530-maximized/t530-maximized.config b/boards/t530-maximized/t530-maximized.config index 6a604c932..1079cded6 100644 --- a/boards/t530-maximized/t530-maximized.config +++ b/boards/t530-maximized/t530-maximized.config @@ -20,7 +20,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/talos-2/talos-2.config b/boards/talos-2/talos-2.config index cc92b6944..26378e74b 100644 --- a/boards/talos-2/talos-2.config +++ b/boards/talos-2/talos-2.config @@ -21,7 +21,7 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_GPG2=y CONFIG_PCIUTILS=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_POWERPC_UTILS=y @@ -48,6 +48,6 @@ export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_KERNEL_ADD="console=tty0 console=hvc0 rootdelay=3 rootwait panic=10" export CONFIG_BOOT_DEV="/dev/nvme0n1p2" export CONFIG_BOARD_NAME="Talos 2" -export CONFIG_FLASHROM_OPTIONS="--noverify-all -p linux_mtd" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer linux_mtd" BOARD_TARGETS := ppc_tgz diff --git a/boards/w530-hotp-maximized/w530-hotp-maximized.config b/boards/w530-hotp-maximized/w530-hotp-maximized.config index 34318979d..d56fcfd89 100644 --- a/boards/w530-hotp-maximized/w530-hotp-maximized.config +++ b/boards/w530-hotp-maximized/w530-hotp-maximized.config @@ -20,7 +20,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/w530-maximized/w530-maximized.config b/boards/w530-maximized/w530-maximized.config index 7ee6cf1ec..692e4c301 100644 --- a/boards/w530-maximized/w530-maximized.config +++ b/boards/w530-maximized/w530-maximized.config @@ -20,7 +20,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/w541-maximized/w541-maximized.config b/boards/w541-maximized/w541-maximized.config index fc720b34e..5fbc15e9e 100644 --- a/boards/w541-maximized/w541-maximized.config +++ b/boards/w541-maximized/w541-maximized.config @@ -8,7 +8,7 @@ export CONFIG_COREBOOT_VERSION=24.02.01 export CONFIG_LINUX_VERSION=5.10.5 CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -39,7 +39,7 @@ export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad W541-maximized" -export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ diff --git a/boards/x220-hotp-maximized/x220-hotp-maximized.config b/boards/x220-hotp-maximized/x220-hotp-maximized.config index ce67877bb..5fdab13b5 100644 --- a/boards/x220-hotp-maximized/x220-hotp-maximized.config +++ b/boards/x220-hotp-maximized/x220-hotp-maximized.config @@ -21,7 +21,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/boards/x220-maximized/x220-maximized.config b/boards/x220-maximized/x220-maximized.config index 992f89256..c21d2dd6b 100644 --- a/boards/x220-maximized/x220-maximized.config +++ b/boards/x220-maximized/x220-maximized.config @@ -21,7 +21,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS += xx20_me_blobs diff --git a/boards/x230-hotp-legacy/x230-hotp-legacy.config b/boards/x230-hotp-legacy/x230-hotp-legacy.config index 960aded5d..e6d6c031d 100644 --- a/boards/x230-hotp-legacy/x230-hotp-legacy.config +++ b/boards/x230-hotp-legacy/x230-hotp-legacy.config @@ -19,7 +19,7 @@ CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=n CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -63,7 +63,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-legacy" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config index 31b43f108..8cbd7b887 100644 --- a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config +++ b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config @@ -31,7 +31,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KBD=y @@ -79,7 +79,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized-eDP" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config index a1f5c3cec..b40278f7a 100644 --- a/boards/x230-hotp-maximized/x230-hotp-maximized.config +++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config @@ -24,7 +24,7 @@ CONFIG_MOBILE_TETHERING=y #Modules packed into tools.cpio CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -81,7 +81,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config index 987e8bb23..69967efac 100644 --- a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config +++ b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config @@ -28,7 +28,7 @@ CONFIG_MOBILE_TETHERING=y export CONFIG_USB_KEYBOARD_REQUIRED=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -75,7 +75,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized_usb-kb" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-legacy-flash/x230-legacy-flash.config b/boards/x230-legacy-flash/x230-legacy-flash.config index 5122468c4..1ffaec0d9 100644 --- a/boards/x230-legacy-flash/x230-legacy-flash.config +++ b/boards/x230-legacy-flash/x230-legacy-flash.config @@ -12,7 +12,7 @@ CONFIG_LINUX_CONFIG=config/linux-x230-flash.config #Add bare minimal tools for flashing boards CONFIG_BASH=n -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_ZSTD=n #CONFIG_GPG=y #CONFIG_FLASHTOOLS=y @@ -29,7 +29,7 @@ CONFIG_LINUX_USB=y export CONFIG_BOOTSCRIPT=/bin/xx30-flash.init export CONFIG_BOARD_NAME="ThinkPad X230-legacy-flash" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" CONFIG_LEGACY_FLASH=y diff --git a/boards/x230-legacy/x230-legacy.config b/boards/x230-legacy/x230-legacy.config index 88d86fce9..2ba6bc212 100644 --- a/boards/x230-legacy/x230-legacy.config +++ b/boards/x230-legacy/x230-legacy.config @@ -15,7 +15,7 @@ CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=n CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -56,7 +56,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-legacy" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config index b6e1016c4..8b2bafa7f 100644 --- a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config +++ b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config @@ -31,7 +31,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KBD=y @@ -78,7 +78,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-maximized-eDP" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-maximized/x230-maximized.config b/boards/x230-maximized/x230-maximized.config index eafb4d365..07aa0bfec 100644 --- a/boards/x230-maximized/x230-maximized.config +++ b/boards/x230-maximized/x230-maximized.config @@ -23,7 +23,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -69,7 +69,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/z220-cmt-maximized/z220-cmt-maximized.config b/boards/z220-cmt-maximized/z220-cmt-maximized.config index ed6aa92a7..17e925ac9 100644 --- a/boards/z220-cmt-maximized/z220-cmt-maximized.config +++ b/boards/z220-cmt-maximized/z220-cmt-maximized.config @@ -29,7 +29,7 @@ export CONFIG_COREBOOT_VERSION=24.02.01 export CONFIG_LINUX_VERSION=5.10.5 CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -61,7 +61,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Hewlett-Packard Z220 Convertible Minitower" -export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ @@ -73,4 +73,4 @@ $(pwd)/blobs/z220/me.bin: $(pwd)/blobs/z220/ifd.bin: COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ - $(pwd)/blobs/z220/download_BIOS_clean.sh \ No newline at end of file + $(pwd)/blobs/z220/download_BIOS_clean.sh diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 00f2801f1..c96eb2ccb 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -12,19 +12,20 @@ echo TRACE "Under /bin/flash.sh" -case "$CONFIG_FLASHROM_OPTIONS" in - -* ) - echo "Board $CONFIG_BOARD detected, continuing..." +case "$CONFIG_FLASH_OPTIONS" in + "" ) + die "ERROR: No flash options have been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." ;; * ) - die "ERROR: No board has been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." + DEBUG "Flash options detected: $CONFIG_FLASH_OPTIONS" + echo "Board $CONFIG_BOARD detected with flash options configured. Continuing..." ;; esac flash_rom() { ROM=$1 if [ "$READ" -eq 1 ]; then - flashrom $CONFIG_FLASHROM_OPTIONS -r "${ROM}" \ + $CONFIG_FLASH_OPTIONS -r "${ROM}" \ || die "Backup to $ROM failed" else cp "$ROM" /tmp/${CONFIG_BOARD}.rom @@ -42,14 +43,14 @@ flash_rom() { # persist PCHSTRP9 from flash descriptor if [ "$CONFIG_BOARD" = "librem_l1um" ]; then echo "Persisting PCHSTRP9" - flashrom $CONFIG_FLASHROM_OPTIONS -r /tmp/ifd.bin --ifd -i fd >/dev/null 2>&1 \ + $CONFIG_FLASH_OPTIONS -r /tmp/ifd.bin --ifd -i fd >/dev/null 2>&1 \ || die "Failed to read flash descriptor" dd if=/tmp/ifd.bin bs=1 count=4 skip=292 of=/tmp/pchstrp9.bin >/dev/null 2>&1 dd if=/tmp/pchstrp9.bin bs=1 count=4 seek=292 of=/tmp/${CONFIG_BOARD}.rom conv=notrunc >/dev/null 2>&1 fi warn "Do not power off computer. Updating firmware, this will take a few minutes..." - flashrom $CONFIG_FLASHROM_OPTIONS -w /tmp/${CONFIG_BOARD}.rom 2>&1 \ + $CONFIG_FLASH_OPTIONS -w /tmp/${CONFIG_BOARD}.rom 2>&1 \ || die "$ROM: Flash failed" fi } @@ -84,7 +85,7 @@ if [ "$READ" -eq 0 ] && [ "${ROM##*.}" = tgz ]; then fi echo "Reading current flash and building an update image" - flashrom $CONFIG_FLASHROM_OPTIONS -r /tmp/flash.sh.bak \ + $CONFIG_FLASH_OPTIONS -r /tmp/flash.sh.bak \ || die "Read of flash has failed" # ROM and bootblock already have ECC diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions index 8daea0146..21008f37d 100644 --- a/initrd/etc/ash_functions +++ b/initrd/etc/ash_functions @@ -7,7 +7,7 @@ die() { if [ "$CONFIG_DEBUG_OUTPUT" = "y" ];then echo -e " !!! ERROR: $* !!!" | tee -a /tmp/debug.log /dev/kmsg > /dev/null; else - echo -e "!!! ERROR: $* !!!" > &2; + echo -e >&2 "!!! ERROR: $* !!!"; fi sleep 2; exit 1; @@ -17,7 +17,7 @@ warn() { if [ "$CONFIG_DEBUG_OUTPUT" = "y" ];then echo -e " *** WARNING: $* ***" | tee -a /tmp/debug.log /dev/kmsg > /dev/null; else - echo -e " *** WARNING: $* ***" > &2; + echo -e >&2 " *** WARNING: $* ***"; fi sleep 1; } diff --git a/unmaintained_boards/UNMAINTAINED_p8z77-m_pro-tpm1-maximized/UNMAINTAINED_p8z77-m_pro-tpm1-maximized.config b/unmaintained_boards/UNMAINTAINED_p8z77-m_pro-tpm1-maximized/UNMAINTAINED_p8z77-m_pro-tpm1-maximized.config index ce5cd055d..d96fa5a5c 100644 --- a/unmaintained_boards/UNMAINTAINED_p8z77-m_pro-tpm1-maximized/UNMAINTAINED_p8z77-m_pro-tpm1-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_p8z77-m_pro-tpm1-maximized/UNMAINTAINED_p8z77-m_pro-tpm1-maximized.config @@ -43,7 +43,7 @@ export CONFIG_COREBOOT_VERSION=4.22.01 export CONFIG_LINUX_VERSION=5.10.5 CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -75,7 +75,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="P8Z77-M PRO" -export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Set this option to zero out the VSCC table https://github.com/osresearch/heads/pull/1358#discussion_r1153251399 export CONFIG_ZERO_IFD_VSCC=y diff --git a/unmaintained_boards/UNMAINTAINED_qemu-linuxboot/UNMAINTAINED_qemu-linuxboot.config b/unmaintained_boards/UNMAINTAINED_qemu-linuxboot/UNMAINTAINED_qemu-linuxboot.config index c47edd571..70084f7de 100644 --- a/unmaintained_boards/UNMAINTAINED_qemu-linuxboot/UNMAINTAINED_qemu-linuxboot.config +++ b/unmaintained_boards/UNMAINTAINED_qemu-linuxboot/UNMAINTAINED_qemu-linuxboot.config @@ -18,7 +18,7 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y endif -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y diff --git a/unmaintained_boards/UNMAINTAINED_t420/UNMAINTAINED_t420.config b/unmaintained_boards/UNMAINTAINED_t420/UNMAINTAINED_t420.config index 7018efa6f..66095d129 100644 --- a/unmaintained_boards/UNMAINTAINED_t420/UNMAINTAINED_t420.config +++ b/unmaintained_boards/UNMAINTAINED_t420/UNMAINTAINED_t420.config @@ -7,7 +7,7 @@ CONFIG_COREBOOT_CONFIG=config/coreboot-t420.config CONFIG_LINUX_CONFIG=config/linux-x230-legacy.config CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -34,4 +34,4 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" diff --git a/unmaintained_boards/UNMAINTAINED_t430-hotp-legacy/UNMAINTAINED_t430-hotp-legacy.config b/unmaintained_boards/UNMAINTAINED_t430-hotp-legacy/UNMAINTAINED_t430-hotp-legacy.config index 5a3672bad..c08d43d6c 100644 --- a/unmaintained_boards/UNMAINTAINED_t430-hotp-legacy/UNMAINTAINED_t430-hotp-legacy.config +++ b/unmaintained_boards/UNMAINTAINED_t430-hotp-legacy/UNMAINTAINED_t430-hotp-legacy.config @@ -19,7 +19,7 @@ CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=n CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -63,7 +63,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-hotp-legacy" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/unmaintained_boards/UNMAINTAINED_t430-legacy-flash/UNMAINTAINED_t430-legacy-flash.config b/unmaintained_boards/UNMAINTAINED_t430-legacy-flash/UNMAINTAINED_t430-legacy-flash.config index d99b7ef17..ec87605ab 100644 --- a/unmaintained_boards/UNMAINTAINED_t430-legacy-flash/UNMAINTAINED_t430-legacy-flash.config +++ b/unmaintained_boards/UNMAINTAINED_t430-legacy-flash/UNMAINTAINED_t430-legacy-flash.config @@ -12,7 +12,7 @@ CONFIG_LINUX_CONFIG=config/linux-x230-flash.config #Add bare minimal tools for flashing boards CONFIG_BASH=n -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_ZSTD=n #CONFIG_GPG=y #CONFIG_FLASHTOOLS=y @@ -28,7 +28,7 @@ CONFIG_LINUX_USB=y export CONFIG_BOOTSCRIPT=/bin/xx30-flash.init export CONFIG_BOARD_NAME="ThinkPad T430-legacy-flash" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" CONFIG_LEGACY_FLASH=y diff --git a/unmaintained_boards/UNMAINTAINED_t430-legacy/UNMAINTAINED_t430-legacy.config b/unmaintained_boards/UNMAINTAINED_t430-legacy/UNMAINTAINED_t430-legacy.config index 2f3e53e5c..57d542e94 100644 --- a/unmaintained_boards/UNMAINTAINED_t430-legacy/UNMAINTAINED_t430-legacy.config +++ b/unmaintained_boards/UNMAINTAINED_t430-legacy/UNMAINTAINED_t430-legacy.config @@ -16,7 +16,7 @@ CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=n CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -57,7 +57,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-legacy" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/unmaintained_boards/UNMAINTAINED_t520-hotp-maximized/UNMAINTAINED_t520-hotp-maximized.config b/unmaintained_boards/UNMAINTAINED_t520-hotp-maximized/UNMAINTAINED_t520-hotp-maximized.config index b5d45a334..3dda67cca 100644 --- a/unmaintained_boards/UNMAINTAINED_t520-hotp-maximized/UNMAINTAINED_t520-hotp-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_t520-hotp-maximized/UNMAINTAINED_t520-hotp-maximized.config @@ -17,7 +17,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -63,7 +63,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T520-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/unmaintained_boards/UNMAINTAINED_t520-maximized/UNMAINTAINED_t520-maximized.config b/unmaintained_boards/UNMAINTAINED_t520-maximized/UNMAINTAINED_t520-maximized.config index 76909aae9..3b391e97f 100644 --- a/unmaintained_boards/UNMAINTAINED_t520-maximized/UNMAINTAINED_t520-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_t520-maximized/UNMAINTAINED_t520-maximized.config @@ -17,7 +17,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -62,7 +62,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T520-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/unmaintained_boards/UNMAINTAINED_t530-dgpu-hotp-maximized/UNMAINTAINED_t530-dgpu-hotp-maximized.config b/unmaintained_boards/UNMAINTAINED_t530-dgpu-hotp-maximized/UNMAINTAINED_t530-dgpu-hotp-maximized.config index 86adbe84f..7383a50aa 100644 --- a/unmaintained_boards/UNMAINTAINED_t530-dgpu-hotp-maximized/UNMAINTAINED_t530-dgpu-hotp-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_t530-dgpu-hotp-maximized/UNMAINTAINED_t530-dgpu-hotp-maximized.config @@ -20,7 +20,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-dgpu-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ diff --git a/unmaintained_boards/UNMAINTAINED_t530-dgpu-maximized/UNMAINTAINED_t530-dgpu-maximized.config b/unmaintained_boards/UNMAINTAINED_t530-dgpu-maximized/UNMAINTAINED_t530-dgpu-maximized.config index cd4cae89f..90f8baae5 100644 --- a/unmaintained_boards/UNMAINTAINED_t530-dgpu-maximized/UNMAINTAINED_t530-dgpu-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_t530-dgpu-maximized/UNMAINTAINED_t530-dgpu-maximized.config @@ -20,7 +20,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-dgpu-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ diff --git a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized.config b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized.config index 8efa3206a..2731fba68 100644 --- a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized.config @@ -20,7 +20,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-dgpu-K1000m-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # xx30-*-maximized boards require of you initially call one of the # following to have gbe.bin ifd.bin and me.bin diff --git a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-maximized/UNMAINTAINED_w530-dgpu-K1000m-maximized.config b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-maximized/UNMAINTAINED_w530-dgpu-K1000m-maximized.config index ae6d17646..e0f04b7a7 100644 --- a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-maximized/UNMAINTAINED_w530-dgpu-K1000m-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-maximized/UNMAINTAINED_w530-dgpu-K1000m-maximized.config @@ -20,7 +20,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-dgpu-K1000m-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # xx30-*-maximized boards require of you initially call one of the # following to have gbe.bin ifd.bin and me.bin diff --git a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized.config b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized.config index d662d600b..08bdc4f6e 100644 --- a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized.config @@ -20,7 +20,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-dgpu-K2000m-hotp-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # xx30-*-maximized boards require of you initially call one of the # following to have gbe.bin ifd.bin and me.bin diff --git a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-maximized/UNMAINTAINED_w530-dgpu-K2000m-maximized.config b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-maximized/UNMAINTAINED_w530-dgpu-K2000m-maximized.config index 7faac9137..090031b13 100644 --- a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-maximized/UNMAINTAINED_w530-dgpu-K2000m-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-maximized/UNMAINTAINED_w530-dgpu-K2000m-maximized.config @@ -20,7 +20,7 @@ CONFIG_LINUX_E1000E=y CONFIG_MOBILE_TETHERING=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-dgpu-K2000m-maximized" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # xx30-*-maximized boards require of you initially call one of the # following to have gbe.bin ifd.bin and me.bin diff --git a/unmaintained_boards/UNMAINTAINED_x220/UNMAINTAINED_x220.config b/unmaintained_boards/UNMAINTAINED_x220/UNMAINTAINED_x220.config index 035f90925..aec0b4a4f 100644 --- a/unmaintained_boards/UNMAINTAINED_x220/UNMAINTAINED_x220.config +++ b/unmaintained_boards/UNMAINTAINED_x220/UNMAINTAINED_x220.config @@ -11,7 +11,7 @@ CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y CONFIG_CRYPTSETUP2=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y @@ -57,4 +57,4 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220" -export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:ich_spi_mode=hwseq --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" --ifd --image bios" diff --git a/unmaintained_boards/UNTESTED_leopard/UNTESTED_leopard.config b/unmaintained_boards/UNTESTED_leopard/UNTESTED_leopard.config index fe9866ab0..6b3763b47 100644 --- a/unmaintained_boards/UNTESTED_leopard/UNTESTED_leopard.config +++ b/unmaintained_boards/UNTESTED_leopard/UNTESTED_leopard.config @@ -15,7 +15,7 @@ CONFIG_MUSL=n else # These don't fit if u-root is turned on #CONFIG_CRYPTSETUP=y -#CONFIG_FLASHROM=y +#CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y #CONFIG_GPG=y CONFIG_KEXEC=y diff --git a/unmaintained_boards/UNTESTED_r630/UNTESTED_r630.config b/unmaintained_boards/UNTESTED_r630/UNTESTED_r630.config index 2f0ec38e1..9903304b2 100644 --- a/unmaintained_boards/UNTESTED_r630/UNTESTED_r630.config +++ b/unmaintained_boards/UNTESTED_r630/UNTESTED_r630.config @@ -8,7 +8,7 @@ CONFIG_LINUX_CONFIG=config/linux-linuxboot.config export CONFIG_LINUX_VERSION=4.14.62 #CONFIG_CRYPTSETUP=y -CONFIG_FLASHROM=y +CONFIG_FLASHPROG=y #CONFIG_GPG=y CONFIG_KEXEC=y CONFIG_UTIL_LINUX=y diff --git a/unmaintained_boards/UNTESTED_s2600wf/UNTESTED_s2600wf.config b/unmaintained_boards/UNTESTED_s2600wf/UNTESTED_s2600wf.config index 591984b39..390a6715e 100644 --- a/unmaintained_boards/UNTESTED_s2600wf/UNTESTED_s2600wf.config +++ b/unmaintained_boards/UNTESTED_s2600wf/UNTESTED_s2600wf.config @@ -16,7 +16,7 @@ CONFIG_LINUX_CONFIG=config/linux-linuxboot.config export CONFIG_LINUX_VERSION=4.14.62 #CONFIG_CRYPTSETUP=y -#CONFIG_FLASHROM=y +#CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG=y CONFIG_KEXEC=y diff --git a/unmaintained_boards/UNTESTED_tioga/UNTESTED_tioga.config b/unmaintained_boards/UNTESTED_tioga/UNTESTED_tioga.config index 7d72429ba..59996b3c8 100644 --- a/unmaintained_boards/UNTESTED_tioga/UNTESTED_tioga.config +++ b/unmaintained_boards/UNTESTED_tioga/UNTESTED_tioga.config @@ -17,7 +17,7 @@ CONFIG_MUSL=n else # These don't fit if u-root is turned on #CONFIG_CRYPTSETUP=y -#CONFIG_FLASHROM=y +#CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y #CONFIG_GPG=y CONFIG_KEXEC=y diff --git a/unmaintained_boards/UNTESTED_winterfell/UNTESTED_winterfell.config b/unmaintained_boards/UNTESTED_winterfell/UNTESTED_winterfell.config index 22e87dd5c..fc89bc7ba 100644 --- a/unmaintained_boards/UNTESTED_winterfell/UNTESTED_winterfell.config +++ b/unmaintained_boards/UNTESTED_winterfell/UNTESTED_winterfell.config @@ -17,7 +17,7 @@ CONFIG_MUSL=n else # These don't fit if u-root is turned on #CONFIG_CRYPTSETUP=y -#CONFIG_FLASHROM=y +#CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y CONFIG_GPG=y CONFIG_KEXEC=y From d58a94b6497bbc757788929f6ee1a28263a9a49e Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 1 Sep 2024 18:26:43 -0400 Subject: [PATCH 78/84] boards FLASH_OPTIONS: add --noverify. No point verifying flash with internal programmer? Signed-off-by: Thierry Laurion --- .../UNMAINTAINED_kgpe-d16_server-whiptail.config | 2 +- .../UNMAINTAINED_kgpe-d16_server.config | 2 +- .../UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config | 2 +- .../UNMAINTAINED_kgpe-d16_workstation.config | 2 +- boards/librem_11/librem_11.config | 2 +- boards/librem_13v2/librem_13v2.config | 2 +- boards/librem_13v4/librem_13v4.config | 2 +- boards/librem_14/librem_14.config | 2 +- boards/librem_15v3/librem_15v3.config | 2 +- boards/librem_15v4/librem_15v4.config | 2 +- boards/librem_l1um/librem_l1um.config | 2 +- boards/librem_l1um_v2/librem_l1um_v2.config | 2 +- boards/librem_mini/librem_mini.config | 2 +- boards/librem_mini_v2/librem_mini_v2.config | 2 +- boards/nitropad-ns50/nitropad-ns50.config | 2 +- boards/nitropad-nv41/nitropad-nv41.config | 2 +- .../qemu-coreboot-fbwhiptail-tpm1-hotp.config | 2 +- .../qemu-coreboot-fbwhiptail-tpm1.config | 2 +- .../qemu-coreboot-fbwhiptail-tpm2-hotp.config | 2 +- .../qemu-coreboot-fbwhiptail-tpm2.config | 2 +- .../qemu-coreboot-whiptail-tpm1-hotp.config | 2 +- .../qemu-coreboot-whiptail-tpm1.config | 2 +- .../qemu-coreboot-whiptail-tpm2-hotp.config | 2 +- .../qemu-coreboot-whiptail-tpm2.config | 2 +- boards/t420-hotp-maximized/t420-hotp-maximized.config | 2 +- boards/t420-maximized/t420-maximized.config | 2 +- boards/t430-hotp-maximized/t430-hotp-maximized.config | 2 +- boards/t430-maximized/t430-maximized.config | 2 +- boards/t440p-maximized/t440p-maximized.config | 2 +- boards/t530-hotp-maximized/t530-hotp-maximized.config | 2 +- boards/t530-maximized/t530-maximized.config | 2 +- boards/w530-hotp-maximized/w530-hotp-maximized.config | 2 +- boards/w530-maximized/w530-maximized.config | 2 +- boards/w541-maximized/w541-maximized.config | 2 +- boards/x220-hotp-maximized/x220-hotp-maximized.config | 2 +- boards/x220-maximized/x220-maximized.config | 2 +- boards/x230-hotp-legacy/x230-hotp-legacy.config | 2 +- .../x230-hotp-maximized-fhd_edp.config | 2 +- boards/x230-hotp-maximized/x230-hotp-maximized.config | 2 +- .../x230-hotp-maximized_usb-kb.config | 2 +- boards/x230-legacy-flash/x230-legacy-flash.config | 2 +- boards/x230-legacy/x230-legacy.config | 2 +- boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config | 2 +- boards/x230-maximized/x230-maximized.config | 2 +- boards/z220-cmt-maximized/z220-cmt-maximized.config | 2 +- .../UNMAINTAINED_p8z77-m_pro-tpm1-maximized.config | 2 +- unmaintained_boards/UNMAINTAINED_t420/UNMAINTAINED_t420.config | 2 +- .../UNMAINTAINED_t430-hotp-legacy.config | 2 +- .../UNMAINTAINED_t430-legacy-flash.config | 2 +- .../UNMAINTAINED_t430-legacy/UNMAINTAINED_t430-legacy.config | 2 +- .../UNMAINTAINED_t520-hotp-maximized.config | 2 +- .../UNMAINTAINED_t520-maximized.config | 2 +- .../UNMAINTAINED_t530-dgpu-hotp-maximized.config | 2 +- .../UNMAINTAINED_t530-dgpu-maximized.config | 2 +- .../UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized.config | 2 +- .../UNMAINTAINED_w530-dgpu-K1000m-maximized.config | 2 +- .../UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized.config | 2 +- .../UNMAINTAINED_w530-dgpu-K2000m-maximized.config | 2 +- unmaintained_boards/UNMAINTAINED_x220/UNMAINTAINED_x220.config | 2 +- 59 files changed, 59 insertions(+), 59 deletions(-) diff --git a/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config b/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config index 4f92c1f70..f4488eb97 100644 --- a/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config +++ b/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config @@ -73,5 +73,5 @@ export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="KGPE-D16 Server-whiptail" export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #export CONFIG_BOOT_STATIC_IP=192.168.1.2 diff --git a/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config b/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config index ab1198fd6..3f67ae2d3 100644 --- a/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config +++ b/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config @@ -60,5 +60,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="KGPE-D16 Server" export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #export CONFIG_BOOT_STATIC_IP=192.168.1.2 diff --git a/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config b/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config index a6cfd3763..13952bd89 100644 --- a/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config +++ b/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config @@ -68,4 +68,4 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="KGPE-D16 Workstation-USB-Keyboard" export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" diff --git a/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config b/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config index e59855efc..5ad6b9d5b 100644 --- a/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config +++ b/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config @@ -69,4 +69,4 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="KGPE-D16 Workstation" export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" diff --git a/boards/librem_11/librem_11.config b/boards/librem_11/librem_11.config index 8a8c6836f..1389fb75c 100644 --- a/boards/librem_11/librem_11.config +++ b/boards/librem_11/librem_11.config @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 11" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" diff --git a/boards/librem_13v2/librem_13v2.config b/boards/librem_13v2/librem_13v2.config index bca162b9e..d40fb70b1 100644 --- a/boards/librem_13v2/librem_13v2.config +++ b/boards/librem_13v2/librem_13v2.config @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 13 v2/v3" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_13v4/librem_13v4.config b/boards/librem_13v4/librem_13v4.config index c0402e449..d706983f4 100644 --- a/boards/librem_13v4/librem_13v4.config +++ b/boards/librem_13v4/librem_13v4.config @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 13 v4" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_14/librem_14.config b/boards/librem_14/librem_14.config index bbb3c1cca..097a45632 100644 --- a/boards/librem_14/librem_14.config +++ b/boards/librem_14/librem_14.config @@ -36,7 +36,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 14" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" diff --git a/boards/librem_15v3/librem_15v3.config b/boards/librem_15v3/librem_15v3.config index 384f82dad..b10aa5fb5 100644 --- a/boards/librem_15v3/librem_15v3.config +++ b/boards/librem_15v3/librem_15v3.config @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 15 v3" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_15v4/librem_15v4.config b/boards/librem_15v4/librem_15v4.config index 75922796b..9dfb46ecc 100644 --- a/boards/librem_15v4/librem_15v4.config +++ b/boards/librem_15v4/librem_15v4.config @@ -38,7 +38,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 15 v4" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_l1um/librem_l1um.config b/boards/librem_l1um/librem_l1um.config index 05c3d7b5f..3c468000a 100644 --- a/boards/librem_l1um/librem_l1um.config +++ b/boards/librem_l1um/librem_l1um.config @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem Server L1UM" export CONFIG_AUTO_BOOT_TIMEOUT=5 -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_l1um_v2/librem_l1um_v2.config b/boards/librem_l1um_v2/librem_l1um_v2.config index 008393f3d..26deb08d9 100644 --- a/boards/librem_l1um_v2/librem_l1um_v2.config +++ b/boards/librem_l1um_v2/librem_l1um_v2.config @@ -41,7 +41,7 @@ export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem Server L1UM v2" export CONFIG_AUTO_BOOT_TIMEOUT=5 -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_mini/librem_mini.config b/boards/librem_mini/librem_mini.config index 78c818b56..51041867b 100644 --- a/boards/librem_mini/librem_mini.config +++ b/boards/librem_mini/librem_mini.config @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem Mini" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" diff --git a/boards/librem_mini_v2/librem_mini_v2.config b/boards/librem_mini_v2/librem_mini_v2.config index ddebbe4c7..e34cbd3a0 100644 --- a/boards/librem_mini_v2/librem_mini_v2.config +++ b/boards/librem_mini_v2/librem_mini_v2.config @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem Mini v2" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" diff --git a/boards/nitropad-ns50/nitropad-ns50.config b/boards/nitropad-ns50/nitropad-ns50.config index f598218dd..0660efdc9 100644 --- a/boards/nitropad-ns50/nitropad-ns50.config +++ b/boards/nitropad-ns50/nitropad-ns50.config @@ -69,5 +69,5 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/nvme0n1" export CONFIG_BOARD_NAME="Nitropad NS50" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_AUTO_BOOT_TIMEOUT=5 diff --git a/boards/nitropad-nv41/nitropad-nv41.config b/boards/nitropad-nv41/nitropad-nv41.config index 6e5d3650d..8aa619d33 100644 --- a/boards/nitropad-nv41/nitropad-nv41.config +++ b/boards/nitropad-nv41/nitropad-nv41.config @@ -69,5 +69,5 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/nvme0n1" export CONFIG_BOARD_NAME="Nitropad NV41" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_AUTO_BOOT_TIMEOUT=5 diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config index 0cd68738b..4de696b1a 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config @@ -92,7 +92,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1-hotp" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config index 52cfeed79..259fdc94d 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config @@ -90,7 +90,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config index 9d1ef0ae8..2712d9624 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config @@ -91,7 +91,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2-hotp" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config index ca27a3d54..b2c3b56b7 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config @@ -90,7 +90,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config index f989c3ba5..9dbf71702 100644 --- a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config @@ -92,7 +92,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1-hotp" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config index 6f1213b1e..c3c95bd53 100644 --- a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config +++ b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config @@ -90,7 +90,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config index 713fc6c9f..383a4d5cc 100644 --- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config @@ -91,7 +91,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2-hotp" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config index 108faace5..0f88327e9 100644 --- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config +++ b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config @@ -90,7 +90,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/t420-hotp-maximized/t420-hotp-maximized.config b/boards/t420-hotp-maximized/t420-hotp-maximized.config index b0db09ea6..602aa0e17 100644 --- a/boards/t420-hotp-maximized/t420-hotp-maximized.config +++ b/boards/t420-hotp-maximized/t420-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/boards/t420-maximized/t420-maximized.config b/boards/t420-maximized/t420-maximized.config index 4a23bd273..a4d636f69 100644 --- a/boards/t420-maximized/t420-maximized.config +++ b/boards/t420-maximized/t420-maximized.config @@ -65,7 +65,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/boards/t430-hotp-maximized/t430-hotp-maximized.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config index 921677e70..ff5dda0cb 100644 --- a/boards/t430-hotp-maximized/t430-hotp-maximized.config +++ b/boards/t430-hotp-maximized/t430-hotp-maximized.config @@ -65,7 +65,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/t430-maximized/t430-maximized.config b/boards/t430-maximized/t430-maximized.config index a6cb3cd9f..7c90ad368 100644 --- a/boards/t430-maximized/t430-maximized.config +++ b/boards/t430-maximized/t430-maximized.config @@ -65,7 +65,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/t440p-maximized/t440p-maximized.config b/boards/t440p-maximized/t440p-maximized.config index c0da647cf..2e5da7c6e 100644 --- a/boards/t440p-maximized/t440p-maximized.config +++ b/boards/t440p-maximized/t440p-maximized.config @@ -39,7 +39,7 @@ export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T440p-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ diff --git a/boards/t530-hotp-maximized/t530-hotp-maximized.config b/boards/t530-hotp-maximized/t530-hotp-maximized.config index 81fa5d401..2283c0eb9 100644 --- a/boards/t530-hotp-maximized/t530-hotp-maximized.config +++ b/boards/t530-hotp-maximized/t530-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/t530-maximized/t530-maximized.config b/boards/t530-maximized/t530-maximized.config index 1079cded6..b89866842 100644 --- a/boards/t530-maximized/t530-maximized.config +++ b/boards/t530-maximized/t530-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/w530-hotp-maximized/w530-hotp-maximized.config b/boards/w530-hotp-maximized/w530-hotp-maximized.config index d56fcfd89..072669cfb 100644 --- a/boards/w530-hotp-maximized/w530-hotp-maximized.config +++ b/boards/w530-hotp-maximized/w530-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/w530-maximized/w530-maximized.config b/boards/w530-maximized/w530-maximized.config index 692e4c301..9f0577dfd 100644 --- a/boards/w530-maximized/w530-maximized.config +++ b/boards/w530-maximized/w530-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/w541-maximized/w541-maximized.config b/boards/w541-maximized/w541-maximized.config index 5fbc15e9e..94d61dffc 100644 --- a/boards/w541-maximized/w541-maximized.config +++ b/boards/w541-maximized/w541-maximized.config @@ -39,7 +39,7 @@ export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad W541-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ diff --git a/boards/x220-hotp-maximized/x220-hotp-maximized.config b/boards/x220-hotp-maximized/x220-hotp-maximized.config index 5fdab13b5..60c1a204b 100644 --- a/boards/x220-hotp-maximized/x220-hotp-maximized.config +++ b/boards/x220-hotp-maximized/x220-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/boards/x220-maximized/x220-maximized.config b/boards/x220-maximized/x220-maximized.config index c21d2dd6b..10582f9f1 100644 --- a/boards/x220-maximized/x220-maximized.config +++ b/boards/x220-maximized/x220-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS += xx20_me_blobs diff --git a/boards/x230-hotp-legacy/x230-hotp-legacy.config b/boards/x230-hotp-legacy/x230-hotp-legacy.config index e6d6c031d..860bc7cc5 100644 --- a/boards/x230-hotp-legacy/x230-hotp-legacy.config +++ b/boards/x230-hotp-legacy/x230-hotp-legacy.config @@ -63,7 +63,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-legacy" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config index 8cbd7b887..dec922177 100644 --- a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config +++ b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config @@ -79,7 +79,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized-eDP" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config index b40278f7a..e4544179b 100644 --- a/boards/x230-hotp-maximized/x230-hotp-maximized.config +++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config @@ -81,7 +81,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config index 69967efac..4dfc842bb 100644 --- a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config +++ b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config @@ -75,7 +75,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized_usb-kb" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-legacy-flash/x230-legacy-flash.config b/boards/x230-legacy-flash/x230-legacy-flash.config index 1ffaec0d9..0d53ed55c 100644 --- a/boards/x230-legacy-flash/x230-legacy-flash.config +++ b/boards/x230-legacy-flash/x230-legacy-flash.config @@ -29,7 +29,7 @@ CONFIG_LINUX_USB=y export CONFIG_BOOTSCRIPT=/bin/xx30-flash.init export CONFIG_BOARD_NAME="ThinkPad X230-legacy-flash" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" CONFIG_LEGACY_FLASH=y diff --git a/boards/x230-legacy/x230-legacy.config b/boards/x230-legacy/x230-legacy.config index 2ba6bc212..056f2fb34 100644 --- a/boards/x230-legacy/x230-legacy.config +++ b/boards/x230-legacy/x230-legacy.config @@ -56,7 +56,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-legacy" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config index 8b2bafa7f..f698f8162 100644 --- a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config +++ b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config @@ -78,7 +78,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-maximized-eDP" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-maximized/x230-maximized.config b/boards/x230-maximized/x230-maximized.config index 07aa0bfec..451cc06a4 100644 --- a/boards/x230-maximized/x230-maximized.config +++ b/boards/x230-maximized/x230-maximized.config @@ -69,7 +69,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/z220-cmt-maximized/z220-cmt-maximized.config b/boards/z220-cmt-maximized/z220-cmt-maximized.config index 17e925ac9..d3ebf2d64 100644 --- a/boards/z220-cmt-maximized/z220-cmt-maximized.config +++ b/boards/z220-cmt-maximized/z220-cmt-maximized.config @@ -61,7 +61,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Hewlett-Packard Z220 Convertible Minitower" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ diff --git a/unmaintained_boards/UNMAINTAINED_p8z77-m_pro-tpm1-maximized/UNMAINTAINED_p8z77-m_pro-tpm1-maximized.config b/unmaintained_boards/UNMAINTAINED_p8z77-m_pro-tpm1-maximized/UNMAINTAINED_p8z77-m_pro-tpm1-maximized.config index d96fa5a5c..7bb16aa52 100644 --- a/unmaintained_boards/UNMAINTAINED_p8z77-m_pro-tpm1-maximized/UNMAINTAINED_p8z77-m_pro-tpm1-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_p8z77-m_pro-tpm1-maximized/UNMAINTAINED_p8z77-m_pro-tpm1-maximized.config @@ -75,7 +75,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="P8Z77-M PRO" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Set this option to zero out the VSCC table https://github.com/osresearch/heads/pull/1358#discussion_r1153251399 export CONFIG_ZERO_IFD_VSCC=y diff --git a/unmaintained_boards/UNMAINTAINED_t420/UNMAINTAINED_t420.config b/unmaintained_boards/UNMAINTAINED_t420/UNMAINTAINED_t420.config index 66095d129..929c707de 100644 --- a/unmaintained_boards/UNMAINTAINED_t420/UNMAINTAINED_t420.config +++ b/unmaintained_boards/UNMAINTAINED_t420/UNMAINTAINED_t420.config @@ -34,4 +34,4 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" diff --git a/unmaintained_boards/UNMAINTAINED_t430-hotp-legacy/UNMAINTAINED_t430-hotp-legacy.config b/unmaintained_boards/UNMAINTAINED_t430-hotp-legacy/UNMAINTAINED_t430-hotp-legacy.config index c08d43d6c..36dfd5ad6 100644 --- a/unmaintained_boards/UNMAINTAINED_t430-hotp-legacy/UNMAINTAINED_t430-hotp-legacy.config +++ b/unmaintained_boards/UNMAINTAINED_t430-hotp-legacy/UNMAINTAINED_t430-hotp-legacy.config @@ -63,7 +63,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-hotp-legacy" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/unmaintained_boards/UNMAINTAINED_t430-legacy-flash/UNMAINTAINED_t430-legacy-flash.config b/unmaintained_boards/UNMAINTAINED_t430-legacy-flash/UNMAINTAINED_t430-legacy-flash.config index ec87605ab..02ddd011f 100644 --- a/unmaintained_boards/UNMAINTAINED_t430-legacy-flash/UNMAINTAINED_t430-legacy-flash.config +++ b/unmaintained_boards/UNMAINTAINED_t430-legacy-flash/UNMAINTAINED_t430-legacy-flash.config @@ -28,7 +28,7 @@ CONFIG_LINUX_USB=y export CONFIG_BOOTSCRIPT=/bin/xx30-flash.init export CONFIG_BOARD_NAME="ThinkPad T430-legacy-flash" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" CONFIG_LEGACY_FLASH=y diff --git a/unmaintained_boards/UNMAINTAINED_t430-legacy/UNMAINTAINED_t430-legacy.config b/unmaintained_boards/UNMAINTAINED_t430-legacy/UNMAINTAINED_t430-legacy.config index 57d542e94..3a99ae467 100644 --- a/unmaintained_boards/UNMAINTAINED_t430-legacy/UNMAINTAINED_t430-legacy.config +++ b/unmaintained_boards/UNMAINTAINED_t430-legacy/UNMAINTAINED_t430-legacy.config @@ -57,7 +57,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-legacy" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/unmaintained_boards/UNMAINTAINED_t520-hotp-maximized/UNMAINTAINED_t520-hotp-maximized.config b/unmaintained_boards/UNMAINTAINED_t520-hotp-maximized/UNMAINTAINED_t520-hotp-maximized.config index 3dda67cca..9160fa571 100644 --- a/unmaintained_boards/UNMAINTAINED_t520-hotp-maximized/UNMAINTAINED_t520-hotp-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_t520-hotp-maximized/UNMAINTAINED_t520-hotp-maximized.config @@ -63,7 +63,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T520-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/unmaintained_boards/UNMAINTAINED_t520-maximized/UNMAINTAINED_t520-maximized.config b/unmaintained_boards/UNMAINTAINED_t520-maximized/UNMAINTAINED_t520-maximized.config index 3b391e97f..d685e6f90 100644 --- a/unmaintained_boards/UNMAINTAINED_t520-maximized/UNMAINTAINED_t520-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_t520-maximized/UNMAINTAINED_t520-maximized.config @@ -62,7 +62,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T520-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/unmaintained_boards/UNMAINTAINED_t530-dgpu-hotp-maximized/UNMAINTAINED_t530-dgpu-hotp-maximized.config b/unmaintained_boards/UNMAINTAINED_t530-dgpu-hotp-maximized/UNMAINTAINED_t530-dgpu-hotp-maximized.config index 7383a50aa..5828cd98c 100644 --- a/unmaintained_boards/UNMAINTAINED_t530-dgpu-hotp-maximized/UNMAINTAINED_t530-dgpu-hotp-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_t530-dgpu-hotp-maximized/UNMAINTAINED_t530-dgpu-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-dgpu-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ diff --git a/unmaintained_boards/UNMAINTAINED_t530-dgpu-maximized/UNMAINTAINED_t530-dgpu-maximized.config b/unmaintained_boards/UNMAINTAINED_t530-dgpu-maximized/UNMAINTAINED_t530-dgpu-maximized.config index 90f8baae5..1a409581a 100644 --- a/unmaintained_boards/UNMAINTAINED_t530-dgpu-maximized/UNMAINTAINED_t530-dgpu-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_t530-dgpu-maximized/UNMAINTAINED_t530-dgpu-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-dgpu-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ diff --git a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized.config b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized.config index 2731fba68..822dbe140 100644 --- a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-dgpu-K1000m-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" # xx30-*-maximized boards require of you initially call one of the # following to have gbe.bin ifd.bin and me.bin diff --git a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-maximized/UNMAINTAINED_w530-dgpu-K1000m-maximized.config b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-maximized/UNMAINTAINED_w530-dgpu-K1000m-maximized.config index e0f04b7a7..da2bc8c84 100644 --- a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-maximized/UNMAINTAINED_w530-dgpu-K1000m-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-maximized/UNMAINTAINED_w530-dgpu-K1000m-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-dgpu-K1000m-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" # xx30-*-maximized boards require of you initially call one of the # following to have gbe.bin ifd.bin and me.bin diff --git a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized.config b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized.config index 08bdc4f6e..09326aacc 100644 --- a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-dgpu-K2000m-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" # xx30-*-maximized boards require of you initially call one of the # following to have gbe.bin ifd.bin and me.bin diff --git a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-maximized/UNMAINTAINED_w530-dgpu-K2000m-maximized.config b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-maximized/UNMAINTAINED_w530-dgpu-K2000m-maximized.config index 090031b13..eb9d29855 100644 --- a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-maximized/UNMAINTAINED_w530-dgpu-K2000m-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-maximized/UNMAINTAINED_w530-dgpu-K2000m-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-dgpu-K2000m-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" # xx30-*-maximized boards require of you initially call one of the # following to have gbe.bin ifd.bin and me.bin diff --git a/unmaintained_boards/UNMAINTAINED_x220/UNMAINTAINED_x220.config b/unmaintained_boards/UNMAINTAINED_x220/UNMAINTAINED_x220.config index aec0b4a4f..a5641f7e0 100644 --- a/unmaintained_boards/UNMAINTAINED_x220/UNMAINTAINED_x220.config +++ b/unmaintained_boards/UNMAINTAINED_x220/UNMAINTAINED_x220.config @@ -57,4 +57,4 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" From a4ef189533a30daa3394db2e3b3521733cc39616 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 1 Sep 2024 18:38:01 -0400 Subject: [PATCH 79/84] boards FLASH_OPTIONS: remove --noverify/--noverify-all for now Signed-off-by: Thierry Laurion --- .../UNMAINTAINED_kgpe-d16_server-whiptail.config | 2 +- .../UNMAINTAINED_kgpe-d16_server.config | 2 +- .../UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config | 2 +- .../UNMAINTAINED_kgpe-d16_workstation.config | 2 +- boards/librem_11/librem_11.config | 2 +- boards/librem_13v2/librem_13v2.config | 2 +- boards/librem_13v4/librem_13v4.config | 2 +- boards/librem_14/librem_14.config | 2 +- boards/librem_15v3/librem_15v3.config | 2 +- boards/librem_15v4/librem_15v4.config | 2 +- boards/librem_l1um/librem_l1um.config | 2 +- boards/librem_l1um_v2/librem_l1um_v2.config | 2 +- boards/librem_mini/librem_mini.config | 2 +- boards/librem_mini_v2/librem_mini_v2.config | 2 +- boards/nitropad-ns50/nitropad-ns50.config | 2 +- boards/nitropad-nv41/nitropad-nv41.config | 2 +- .../qemu-coreboot-fbwhiptail-tpm1-hotp.config | 2 +- .../qemu-coreboot-fbwhiptail-tpm1.config | 2 +- .../qemu-coreboot-fbwhiptail-tpm2-hotp.config | 2 +- .../qemu-coreboot-fbwhiptail-tpm2.config | 2 +- .../qemu-coreboot-whiptail-tpm1-hotp.config | 2 +- .../qemu-coreboot-whiptail-tpm1.config | 2 +- .../qemu-coreboot-whiptail-tpm2-hotp.config | 2 +- .../qemu-coreboot-whiptail-tpm2.config | 2 +- boards/t420-hotp-maximized/t420-hotp-maximized.config | 2 +- boards/t420-maximized/t420-maximized.config | 2 +- boards/t430-hotp-maximized/t430-hotp-maximized.config | 2 +- boards/t430-maximized/t430-maximized.config | 2 +- boards/t440p-maximized/t440p-maximized.config | 2 +- boards/t530-hotp-maximized/t530-hotp-maximized.config | 2 +- boards/t530-maximized/t530-maximized.config | 2 +- boards/w530-hotp-maximized/w530-hotp-maximized.config | 2 +- boards/w530-maximized/w530-maximized.config | 2 +- boards/w541-maximized/w541-maximized.config | 2 +- boards/x220-hotp-maximized/x220-hotp-maximized.config | 2 +- boards/x220-maximized/x220-maximized.config | 2 +- boards/x230-hotp-legacy/x230-hotp-legacy.config | 2 +- .../x230-hotp-maximized-fhd_edp.config | 2 +- boards/x230-hotp-maximized/x230-hotp-maximized.config | 2 +- .../x230-hotp-maximized_usb-kb.config | 2 +- boards/x230-legacy-flash/x230-legacy-flash.config | 2 +- boards/x230-legacy/x230-legacy.config | 2 +- boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config | 2 +- boards/x230-maximized/x230-maximized.config | 2 +- boards/z220-cmt-maximized/z220-cmt-maximized.config | 2 +- .../UNMAINTAINED_p8z77-m_pro-tpm1-maximized.config | 2 +- unmaintained_boards/UNMAINTAINED_t420/UNMAINTAINED_t420.config | 2 +- .../UNMAINTAINED_t430-hotp-legacy.config | 2 +- .../UNMAINTAINED_t430-legacy-flash.config | 2 +- .../UNMAINTAINED_t430-legacy/UNMAINTAINED_t430-legacy.config | 2 +- .../UNMAINTAINED_t520-hotp-maximized.config | 2 +- .../UNMAINTAINED_t520-maximized.config | 2 +- .../UNMAINTAINED_t530-dgpu-hotp-maximized.config | 2 +- .../UNMAINTAINED_t530-dgpu-maximized.config | 2 +- .../UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized.config | 2 +- .../UNMAINTAINED_w530-dgpu-K1000m-maximized.config | 2 +- .../UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized.config | 2 +- .../UNMAINTAINED_w530-dgpu-K2000m-maximized.config | 2 +- unmaintained_boards/UNMAINTAINED_x220/UNMAINTAINED_x220.config | 2 +- 59 files changed, 59 insertions(+), 59 deletions(-) diff --git a/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config b/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config index f4488eb97..4f92c1f70 100644 --- a/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config +++ b/boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config @@ -73,5 +73,5 @@ export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="KGPE-D16 Server-whiptail" export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #export CONFIG_BOOT_STATIC_IP=192.168.1.2 diff --git a/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config b/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config index 3f67ae2d3..ab1198fd6 100644 --- a/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config +++ b/boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config @@ -60,5 +60,5 @@ export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="KGPE-D16 Server" export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #export CONFIG_BOOT_STATIC_IP=192.168.1.2 diff --git a/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config b/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config index 13952bd89..a6cfd3763 100644 --- a/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config +++ b/boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config @@ -68,4 +68,4 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="KGPE-D16 Workstation-USB-Keyboard" export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" diff --git a/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config b/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config index 5ad6b9d5b..e59855efc 100644 --- a/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config +++ b/boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config @@ -69,4 +69,4 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="KGPE-D16 Workstation" export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" diff --git a/boards/librem_11/librem_11.config b/boards/librem_11/librem_11.config index 1389fb75c..8a8c6836f 100644 --- a/boards/librem_11/librem_11.config +++ b/boards/librem_11/librem_11.config @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 11" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" diff --git a/boards/librem_13v2/librem_13v2.config b/boards/librem_13v2/librem_13v2.config index d40fb70b1..bca162b9e 100644 --- a/boards/librem_13v2/librem_13v2.config +++ b/boards/librem_13v2/librem_13v2.config @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 13 v2/v3" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_13v4/librem_13v4.config b/boards/librem_13v4/librem_13v4.config index d706983f4..c0402e449 100644 --- a/boards/librem_13v4/librem_13v4.config +++ b/boards/librem_13v4/librem_13v4.config @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 13 v4" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_14/librem_14.config b/boards/librem_14/librem_14.config index 097a45632..bbb3c1cca 100644 --- a/boards/librem_14/librem_14.config +++ b/boards/librem_14/librem_14.config @@ -36,7 +36,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 14" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" diff --git a/boards/librem_15v3/librem_15v3.config b/boards/librem_15v3/librem_15v3.config index b10aa5fb5..384f82dad 100644 --- a/boards/librem_15v3/librem_15v3.config +++ b/boards/librem_15v3/librem_15v3.config @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 15 v3" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_15v4/librem_15v4.config b/boards/librem_15v4/librem_15v4.config index 9dfb46ecc..75922796b 100644 --- a/boards/librem_15v4/librem_15v4.config +++ b/boards/librem_15v4/librem_15v4.config @@ -38,7 +38,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem 15 v4" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_l1um/librem_l1um.config b/boards/librem_l1um/librem_l1um.config index 3c468000a..05c3d7b5f 100644 --- a/boards/librem_l1um/librem_l1um.config +++ b/boards/librem_l1um/librem_l1um.config @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem Server L1UM" export CONFIG_AUTO_BOOT_TIMEOUT=5 -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_l1um_v2/librem_l1um_v2.config b/boards/librem_l1um_v2/librem_l1um_v2.config index 26deb08d9..008393f3d 100644 --- a/boards/librem_l1um_v2/librem_l1um_v2.config +++ b/boards/librem_l1um_v2/librem_l1um_v2.config @@ -41,7 +41,7 @@ export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem Server L1UM v2" export CONFIG_AUTO_BOOT_TIMEOUT=5 -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_ROOT_DEV="/dev/nvme0n1p2" export CONFIG_ROOT_DIRLIST="bin boot lib sbin usr" diff --git a/boards/librem_mini/librem_mini.config b/boards/librem_mini/librem_mini.config index 51041867b..78c818b56 100644 --- a/boards/librem_mini/librem_mini.config +++ b/boards/librem_mini/librem_mini.config @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem Mini" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" diff --git a/boards/librem_mini_v2/librem_mini_v2.config b/boards/librem_mini_v2/librem_mini_v2.config index e34cbd3a0..ddebbe4c7 100644 --- a/boards/librem_mini_v2/librem_mini_v2.config +++ b/boards/librem_mini_v2/librem_mini_v2.config @@ -37,7 +37,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOARD_NAME="Librem Mini v2" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_USB_KEYBOARD_REQUIRED=y export CONFIG_AUTO_BOOT_TIMEOUT=5 export CONFIG_ROOT_DEV="/dev/nvme0n1p2" diff --git a/boards/nitropad-ns50/nitropad-ns50.config b/boards/nitropad-ns50/nitropad-ns50.config index 0660efdc9..f598218dd 100644 --- a/boards/nitropad-ns50/nitropad-ns50.config +++ b/boards/nitropad-ns50/nitropad-ns50.config @@ -69,5 +69,5 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/nvme0n1" export CONFIG_BOARD_NAME="Nitropad NS50" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 diff --git a/boards/nitropad-nv41/nitropad-nv41.config b/boards/nitropad-nv41/nitropad-nv41.config index 8aa619d33..6e5d3650d 100644 --- a/boards/nitropad-nv41/nitropad-nv41.config +++ b/boards/nitropad-nv41/nitropad-nv41.config @@ -69,5 +69,5 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/nvme0n1" export CONFIG_BOARD_NAME="Nitropad NV41" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config index 4de696b1a..0cd68738b 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.config @@ -92,7 +92,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1-hotp" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config index 259fdc94d..52cfeed79 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm1/qemu-coreboot-fbwhiptail-tpm1.config @@ -90,7 +90,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config index 2712d9624..9d1ef0ae8 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2-hotp/qemu-coreboot-fbwhiptail-tpm2-hotp.config @@ -91,7 +91,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2-hotp" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config index b2c3b56b7..ca27a3d54 100644 --- a/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config +++ b/boards/qemu-coreboot-fbwhiptail-tpm2/qemu-coreboot-fbwhiptail-tpm2.config @@ -90,7 +90,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config index 9dbf71702..f989c3ba5 100644 --- a/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm1-hotp/qemu-coreboot-whiptail-tpm1-hotp.config @@ -92,7 +92,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1-hotp" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config index c3c95bd53..6f1213b1e 100644 --- a/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config +++ b/boards/qemu-coreboot-whiptail-tpm1/qemu-coreboot-whiptail-tpm1.config @@ -90,7 +90,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config index 383a4d5cc..713fc6c9f 100644 --- a/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config +++ b/boards/qemu-coreboot-whiptail-tpm2-hotp/qemu-coreboot-whiptail-tpm2-hotp.config @@ -91,7 +91,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2-hotp" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config index 0f88327e9..108faace5 100644 --- a/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config +++ b/boards/qemu-coreboot-whiptail-tpm2/qemu-coreboot-whiptail-tpm2.config @@ -90,7 +90,7 @@ export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0" export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash" export CONFIG_BOOT_DEV="/dev/vda1" export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2" -#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +#export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #export CONFIG_AUTO_BOOT_TIMEOUT=5 BOARD_TARGETS := qemu diff --git a/boards/t420-hotp-maximized/t420-hotp-maximized.config b/boards/t420-hotp-maximized/t420-hotp-maximized.config index 602aa0e17..b0db09ea6 100644 --- a/boards/t420-hotp-maximized/t420-hotp-maximized.config +++ b/boards/t420-hotp-maximized/t420-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/boards/t420-maximized/t420-maximized.config b/boards/t420-maximized/t420-maximized.config index a4d636f69..4a23bd273 100644 --- a/boards/t420-maximized/t420-maximized.config +++ b/boards/t420-maximized/t420-maximized.config @@ -65,7 +65,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/boards/t430-hotp-maximized/t430-hotp-maximized.config b/boards/t430-hotp-maximized/t430-hotp-maximized.config index ff5dda0cb..921677e70 100644 --- a/boards/t430-hotp-maximized/t430-hotp-maximized.config +++ b/boards/t430-hotp-maximized/t430-hotp-maximized.config @@ -65,7 +65,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/t430-maximized/t430-maximized.config b/boards/t430-maximized/t430-maximized.config index 7c90ad368..a6cb3cd9f 100644 --- a/boards/t430-maximized/t430-maximized.config +++ b/boards/t430-maximized/t430-maximized.config @@ -65,7 +65,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/t440p-maximized/t440p-maximized.config b/boards/t440p-maximized/t440p-maximized.config index 2e5da7c6e..c0da647cf 100644 --- a/boards/t440p-maximized/t440p-maximized.config +++ b/boards/t440p-maximized/t440p-maximized.config @@ -39,7 +39,7 @@ export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T440p-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ diff --git a/boards/t530-hotp-maximized/t530-hotp-maximized.config b/boards/t530-hotp-maximized/t530-hotp-maximized.config index 2283c0eb9..81fa5d401 100644 --- a/boards/t530-hotp-maximized/t530-hotp-maximized.config +++ b/boards/t530-hotp-maximized/t530-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/t530-maximized/t530-maximized.config b/boards/t530-maximized/t530-maximized.config index b89866842..1079cded6 100644 --- a/boards/t530-maximized/t530-maximized.config +++ b/boards/t530-maximized/t530-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/w530-hotp-maximized/w530-hotp-maximized.config b/boards/w530-hotp-maximized/w530-hotp-maximized.config index 072669cfb..d56fcfd89 100644 --- a/boards/w530-hotp-maximized/w530-hotp-maximized.config +++ b/boards/w530-hotp-maximized/w530-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/w530-maximized/w530-maximized.config b/boards/w530-maximized/w530-maximized.config index 9f0577dfd..692e4c301 100644 --- a/boards/w530-maximized/w530-maximized.config +++ b/boards/w530-maximized/w530-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/w541-maximized/w541-maximized.config b/boards/w541-maximized/w541-maximized.config index 94d61dffc..5fbc15e9e 100644 --- a/boards/w541-maximized/w541-maximized.config +++ b/boards/w541-maximized/w541-maximized.config @@ -39,7 +39,7 @@ export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad W541-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ diff --git a/boards/x220-hotp-maximized/x220-hotp-maximized.config b/boards/x220-hotp-maximized/x220-hotp-maximized.config index 60c1a204b..5fdab13b5 100644 --- a/boards/x220-hotp-maximized/x220-hotp-maximized.config +++ b/boards/x220-hotp-maximized/x220-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/boards/x220-maximized/x220-maximized.config b/boards/x220-maximized/x220-maximized.config index 10582f9f1..c21d2dd6b 100644 --- a/boards/x220-maximized/x220-maximized.config +++ b/boards/x220-maximized/x220-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS += xx20_me_blobs diff --git a/boards/x230-hotp-legacy/x230-hotp-legacy.config b/boards/x230-hotp-legacy/x230-hotp-legacy.config index 860bc7cc5..e6d6c031d 100644 --- a/boards/x230-hotp-legacy/x230-hotp-legacy.config +++ b/boards/x230-hotp-legacy/x230-hotp-legacy.config @@ -63,7 +63,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-legacy" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config index dec922177..8cbd7b887 100644 --- a/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config +++ b/boards/x230-hotp-maximized-fhd_edp/x230-hotp-maximized-fhd_edp.config @@ -79,7 +79,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized-eDP" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-hotp-maximized/x230-hotp-maximized.config b/boards/x230-hotp-maximized/x230-hotp-maximized.config index e4544179b..b40278f7a 100644 --- a/boards/x230-hotp-maximized/x230-hotp-maximized.config +++ b/boards/x230-hotp-maximized/x230-hotp-maximized.config @@ -81,7 +81,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config index 4dfc842bb..69967efac 100644 --- a/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config +++ b/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config @@ -75,7 +75,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized_usb-kb" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-legacy-flash/x230-legacy-flash.config b/boards/x230-legacy-flash/x230-legacy-flash.config index 0d53ed55c..1ffaec0d9 100644 --- a/boards/x230-legacy-flash/x230-legacy-flash.config +++ b/boards/x230-legacy-flash/x230-legacy-flash.config @@ -29,7 +29,7 @@ CONFIG_LINUX_USB=y export CONFIG_BOOTSCRIPT=/bin/xx30-flash.init export CONFIG_BOARD_NAME="ThinkPad X230-legacy-flash" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" CONFIG_LEGACY_FLASH=y diff --git a/boards/x230-legacy/x230-legacy.config b/boards/x230-legacy/x230-legacy.config index 056f2fb34..2ba6bc212 100644 --- a/boards/x230-legacy/x230-legacy.config +++ b/boards/x230-legacy/x230-legacy.config @@ -56,7 +56,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-legacy" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config index f698f8162..8b2bafa7f 100644 --- a/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config +++ b/boards/x230-maximized-fhd_edp/x230-maximized-fhd_edp.config @@ -78,7 +78,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-maximized-eDP" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/x230-maximized/x230-maximized.config b/boards/x230-maximized/x230-maximized.config index 451cc06a4..07aa0bfec 100644 --- a/boards/x230-maximized/x230-maximized.config +++ b/boards/x230-maximized/x230-maximized.config @@ -69,7 +69,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad X230-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP BOARD_TARGETS := xx30_me_blobs diff --git a/boards/z220-cmt-maximized/z220-cmt-maximized.config b/boards/z220-cmt-maximized/z220-cmt-maximized.config index d3ebf2d64..17e925ac9 100644 --- a/boards/z220-cmt-maximized/z220-cmt-maximized.config +++ b/boards/z220-cmt-maximized/z220-cmt-maximized.config @@ -61,7 +61,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Hewlett-Packard Z220 Convertible Minitower" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ diff --git a/unmaintained_boards/UNMAINTAINED_p8z77-m_pro-tpm1-maximized/UNMAINTAINED_p8z77-m_pro-tpm1-maximized.config b/unmaintained_boards/UNMAINTAINED_p8z77-m_pro-tpm1-maximized/UNMAINTAINED_p8z77-m_pro-tpm1-maximized.config index 7bb16aa52..d96fa5a5c 100644 --- a/unmaintained_boards/UNMAINTAINED_p8z77-m_pro-tpm1-maximized/UNMAINTAINED_p8z77-m_pro-tpm1-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_p8z77-m_pro-tpm1-maximized/UNMAINTAINED_p8z77-m_pro-tpm1-maximized.config @@ -75,7 +75,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="P8Z77-M PRO" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Set this option to zero out the VSCC table https://github.com/osresearch/heads/pull/1358#discussion_r1153251399 export CONFIG_ZERO_IFD_VSCC=y diff --git a/unmaintained_boards/UNMAINTAINED_t420/UNMAINTAINED_t420.config b/unmaintained_boards/UNMAINTAINED_t420/UNMAINTAINED_t420.config index 929c707de..66095d129 100644 --- a/unmaintained_boards/UNMAINTAINED_t420/UNMAINTAINED_t420.config +++ b/unmaintained_boards/UNMAINTAINED_t420/UNMAINTAINED_t420.config @@ -34,4 +34,4 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T420" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" diff --git a/unmaintained_boards/UNMAINTAINED_t430-hotp-legacy/UNMAINTAINED_t430-hotp-legacy.config b/unmaintained_boards/UNMAINTAINED_t430-hotp-legacy/UNMAINTAINED_t430-hotp-legacy.config index 36dfd5ad6..c08d43d6c 100644 --- a/unmaintained_boards/UNMAINTAINED_t430-hotp-legacy/UNMAINTAINED_t430-hotp-legacy.config +++ b/unmaintained_boards/UNMAINTAINED_t430-hotp-legacy/UNMAINTAINED_t430-hotp-legacy.config @@ -63,7 +63,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-hotp-legacy" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/unmaintained_boards/UNMAINTAINED_t430-legacy-flash/UNMAINTAINED_t430-legacy-flash.config b/unmaintained_boards/UNMAINTAINED_t430-legacy-flash/UNMAINTAINED_t430-legacy-flash.config index 02ddd011f..ec87605ab 100644 --- a/unmaintained_boards/UNMAINTAINED_t430-legacy-flash/UNMAINTAINED_t430-legacy-flash.config +++ b/unmaintained_boards/UNMAINTAINED_t430-legacy-flash/UNMAINTAINED_t430-legacy-flash.config @@ -28,7 +28,7 @@ CONFIG_LINUX_USB=y export CONFIG_BOOTSCRIPT=/bin/xx30-flash.init export CONFIG_BOARD_NAME="ThinkPad T430-legacy-flash" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" CONFIG_LEGACY_FLASH=y diff --git a/unmaintained_boards/UNMAINTAINED_t430-legacy/UNMAINTAINED_t430-legacy.config b/unmaintained_boards/UNMAINTAINED_t430-legacy/UNMAINTAINED_t430-legacy.config index 3a99ae467..4746c722c 100644 --- a/unmaintained_boards/UNMAINTAINED_t430-legacy/UNMAINTAINED_t430-legacy.config +++ b/unmaintained_boards/UNMAINTAINED_t430-legacy/UNMAINTAINED_t430-legacy.config @@ -57,7 +57,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T430-legacy" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/unmaintained_boards/UNMAINTAINED_t520-hotp-maximized/UNMAINTAINED_t520-hotp-maximized.config b/unmaintained_boards/UNMAINTAINED_t520-hotp-maximized/UNMAINTAINED_t520-hotp-maximized.config index 9160fa571..3dda67cca 100644 --- a/unmaintained_boards/UNMAINTAINED_t520-hotp-maximized/UNMAINTAINED_t520-hotp-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_t520-hotp-maximized/UNMAINTAINED_t520-hotp-maximized.config @@ -63,7 +63,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T520-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/unmaintained_boards/UNMAINTAINED_t520-maximized/UNMAINTAINED_t520-maximized.config b/unmaintained_boards/UNMAINTAINED_t520-maximized/UNMAINTAINED_t520-maximized.config index d685e6f90..3b391e97f 100644 --- a/unmaintained_boards/UNMAINTAINED_t520-maximized/UNMAINTAINED_t520-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_t520-maximized/UNMAINTAINED_t520-maximized.config @@ -62,7 +62,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad T520-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" #Include bits related to sandybridge ME blob download/neutering down to BUP BOARD_TARGETS := xx20_me_blobs diff --git a/unmaintained_boards/UNMAINTAINED_t530-dgpu-hotp-maximized/UNMAINTAINED_t530-dgpu-hotp-maximized.config b/unmaintained_boards/UNMAINTAINED_t530-dgpu-hotp-maximized/UNMAINTAINED_t530-dgpu-hotp-maximized.config index 5828cd98c..7383a50aa 100644 --- a/unmaintained_boards/UNMAINTAINED_t530-dgpu-hotp-maximized/UNMAINTAINED_t530-dgpu-hotp-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_t530-dgpu-hotp-maximized/UNMAINTAINED_t530-dgpu-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-dgpu-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ diff --git a/unmaintained_boards/UNMAINTAINED_t530-dgpu-maximized/UNMAINTAINED_t530-dgpu-maximized.config b/unmaintained_boards/UNMAINTAINED_t530-dgpu-maximized/UNMAINTAINED_t530-dgpu-maximized.config index 1a409581a..90f8baae5 100644 --- a/unmaintained_boards/UNMAINTAINED_t530-dgpu-maximized/UNMAINTAINED_t530-dgpu-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_t530-dgpu-maximized/UNMAINTAINED_t530-dgpu-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad T530-dgpu-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ diff --git a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized.config b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized.config index 822dbe140..2731fba68 100644 --- a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K1000m-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-dgpu-K1000m-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # xx30-*-maximized boards require of you initially call one of the # following to have gbe.bin ifd.bin and me.bin diff --git a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-maximized/UNMAINTAINED_w530-dgpu-K1000m-maximized.config b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-maximized/UNMAINTAINED_w530-dgpu-K1000m-maximized.config index da2bc8c84..e0f04b7a7 100644 --- a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-maximized/UNMAINTAINED_w530-dgpu-K1000m-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K1000m-maximized/UNMAINTAINED_w530-dgpu-K1000m-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-dgpu-K1000m-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # xx30-*-maximized boards require of you initially call one of the # following to have gbe.bin ifd.bin and me.bin diff --git a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized.config b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized.config index 09326aacc..08bdc4f6e 100644 --- a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized/UNMAINTAINED_w530-dgpu-K2000m-hotp-maximized.config @@ -67,7 +67,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-dgpu-K2000m-hotp-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # xx30-*-maximized boards require of you initially call one of the # following to have gbe.bin ifd.bin and me.bin diff --git a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-maximized/UNMAINTAINED_w530-dgpu-K2000m-maximized.config b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-maximized/UNMAINTAINED_w530-dgpu-K2000m-maximized.config index eb9d29855..090031b13 100644 --- a/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-maximized/UNMAINTAINED_w530-dgpu-K2000m-maximized.config +++ b/unmaintained_boards/UNMAINTAINED_w530-dgpu-K2000m-maximized/UNMAINTAINED_w530-dgpu-K2000m-maximized.config @@ -66,7 +66,7 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="Thinkpad W530-dgpu-K2000m-maximized" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal" # xx30-*-maximized boards require of you initially call one of the # following to have gbe.bin ifd.bin and me.bin diff --git a/unmaintained_boards/UNMAINTAINED_x220/UNMAINTAINED_x220.config b/unmaintained_boards/UNMAINTAINED_x220/UNMAINTAINED_x220.config index a5641f7e0..a530fd828 100644 --- a/unmaintained_boards/UNMAINTAINED_x220/UNMAINTAINED_x220.config +++ b/unmaintained_boards/UNMAINTAINED_x220/UNMAINTAINED_x220.config @@ -57,4 +57,4 @@ export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="ThinkPad X220" -export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --noverify --ifd --image bios" +export CONFIG_FLASH_OPTIONS="flashprog memory --progress --programmer internal --ifd --image bios" From 2f3754d71cf007d9a730f4c540ea2e3c893642a3 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 1 Sep 2024 18:44:52 -0400 Subject: [PATCH 80/84] flash.sh: replace die calls by recovery calls where relevant otherwise returning to caller without being useful Signed-off-by: Thierry Laurion --- initrd/bin/flash.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index c96eb2ccb..2ddca2ac8 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -26,13 +26,13 @@ flash_rom() { ROM=$1 if [ "$READ" -eq 1 ]; then $CONFIG_FLASH_OPTIONS -r "${ROM}" \ - || die "Backup to $ROM failed" + || recovery "Backup to $ROM failed" else cp "$ROM" /tmp/${CONFIG_BOARD}.rom sha256sum /tmp/${CONFIG_BOARD}.rom if [ "$CLEAN" -eq 0 ]; then preserve_rom /tmp/${CONFIG_BOARD}.rom \ - || die "$ROM: Config preservation failed" + || recovery "$ROM: Config preservation failed" fi # persist serial number from CBFS if cbfs.sh -r serial_number > /tmp/serial 2>/dev/null; then @@ -51,7 +51,7 @@ flash_rom() { warn "Do not power off computer. Updating firmware, this will take a few minutes..." $CONFIG_FLASH_OPTIONS -w /tmp/${CONFIG_BOARD}.rom 2>&1 \ - || die "$ROM: Flash failed" + || recovery "$ROM: Flash failed" fi } @@ -86,7 +86,7 @@ if [ "$READ" -eq 0 ] && [ "${ROM##*.}" = tgz ]; then echo "Reading current flash and building an update image" $CONFIG_FLASH_OPTIONS -r /tmp/flash.sh.bak \ - || die "Read of flash has failed" + || recovery "Read of flash has failed" # ROM and bootblock already have ECC bootblock=$(echo /tmp/verified_rom/*.bootblock) From da240c7033e90eaaae287beab1459b5330b5bdc3 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 1 Sep 2024 21:01:04 -0400 Subject: [PATCH 81/84] init: make sure config.user is overriden only with new values so that going DEBUG/undoing can work reproducibly Signed-off-by: Thierry Laurion --- initrd/init | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/initrd/init b/initrd/init index 8eccbff0b..a33e601c5 100755 --- a/initrd/init +++ b/initrd/init @@ -140,8 +140,14 @@ fi # # Values in user config have higher priority during combining thus effectively # changing the value for the rest of the scripts which source /tmp/config. -echo "export CONFIG_TPM=\"$CONFIG_TPM\"" >> /etc/config.user -echo "export CONFIG_TPM2_TOOLS=\"$CONFIG_TPM2_TOOLS\"" >> /etc/config.user + +#Only set CONFIG_TPM and CONFIG_TPM2_TOOLS if they are not already set in /etc/config.user +if ! grep -q 'CONFIG_TPM=' /etc/config.user; then + echo "export CONFIG_TPM=\"$CONFIG_TPM\"" >> /etc/config.user +fi +if ! grep -q 'CONFIG_TPM2_TOOLS=' /etc/config.user; then + echo "export CONFIG_TPM2_TOOLS=\"$CONFIG_TPM2_TOOLS\"" >> /etc/config.user +fi # CONFIG_BASIC was previously CONFIG_PUREBOOT_BASIC in the PureBoot distribution. # Substitute it in config.user if present for backward compatibility. From 7f2279e0fe5f3fcf429bcd4e2fb4743899a78209 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Sun, 1 Sep 2024 22:10:29 -0400 Subject: [PATCH 82/84] config-gui.sh: unset DEBUG and TRACE configs instead of setting no 'n' ash_functions: add unset_user_config; unset variable, delete from configs and source /tmp/config in running console Signed-off-by: Thierry Laurion --- initrd/bin/config-gui.sh | 7 ++++--- initrd/etc/ash_functions | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index 730a2a38e..62d41bb90 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -564,9 +564,10 @@ while true; do --yesno "This will disable DEBUG and TRACE output from scripts. \n\nDo you want to proceed?" 0 80) then - set_user_config "CONFIG_DEBUG_OUTPUT" "n" - set_user_config "CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT" "n" - + # Unset both debugging and tracing output + unset_user_config "CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT" + unset_user_config "CONFIG_DEBUG_OUTPUT" + whiptail --title 'Config change successful' \ --msgbox "Debugging and Tracing output disabled;\nsave the config change and reboot for it to go into effect." 0 80 fi diff --git a/initrd/etc/ash_functions b/initrd/etc/ash_functions index 21008f37d..918bb9a45 100644 --- a/initrd/etc/ash_functions +++ b/initrd/etc/ash_functions @@ -328,6 +328,24 @@ load_config_value() { fi } +# Unset a config variable in running config and use +unset_user_config() +{ + # check if the running config has option set + if grep -q "$1" /tmp/config; then + DEBUG "$1 found in /tmp/config" + # unset the config in the current environment + # NOTE: only unsets on running console!!! + unset $1 + # remove the whole line from the config files + sed -i "/$1/d" /tmp/config /etc/config* + # source the new config + . /tmp/config + else + DEBUG "$1 not found in /tmp/config. Doing nothing." + fi +} + enable_usb() { TRACE "Under /etc/ash_functions:enable_usb" From c745e04604296f38f387eaedc93852e82f161c01 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 2 Sep 2024 09:14:19 -0400 Subject: [PATCH 83/84] config-gui.sh: revert unsetting of CONFIG_DEBUG_OUTPUT and CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT back to set_user_config 'n' for security reason By playing with this, I came to realize an attacker could: - Turn machine on, Enable DEBUG mode, flash user.config to CBFS, reboot - Refuse to reseal TOTP/HOTP, Extract secrets from DEBUG screen captures/mount-usb --mode rw + cp /tmp/debug.log /media, reboot - Turn Machine on, Disable DEBUG mode which called unset_user_config, flash user.config back to CBFS, reboot TOTP/HOTP/TpM DUK would be unchanged from prior commit where new unset_user_config was called TODO: Debate this. Convenience: - User could switch debug on, output log without resealing, send to devs, swith debug mode off Security: - We arrive to a point where authentication to prevent flashing/booting from usb/going to recovery shell is needed. The only possible trade-off between UX convenience without security loss is by enabling Authenticated Heads. Signed-off-by: Thierry Laurion --- initrd/bin/config-gui.sh | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index 62d41bb90..730a2a38e 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -564,10 +564,9 @@ while true; do --yesno "This will disable DEBUG and TRACE output from scripts. \n\nDo you want to proceed?" 0 80) then - # Unset both debugging and tracing output - unset_user_config "CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT" - unset_user_config "CONFIG_DEBUG_OUTPUT" - + set_user_config "CONFIG_DEBUG_OUTPUT" "n" + set_user_config "CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT" "n" + whiptail --title 'Config change successful' \ --msgbox "Debugging and Tracing output disabled;\nsave the config change and reboot for it to go into effect." 0 80 fi From cb135b3aedb47b132501c42c70cf8fc9abc0f4b6 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 2 Sep 2024 10:41:29 -0400 Subject: [PATCH 84/84] Revert "config-gui.sh: revert unsetting of CONFIG_DEBUG_OUTPUT and CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT back to set_user_config 'n' for security reason" I prefer this with Authenticated Heads. Todo: maybe we want to use log vs DEBUG calls to log under /tmp/debug.log for PCRs and stuff, requiring access to console to get traces behind auth. This reverts commit c745e04604296f38f387eaedc93852e82f161c01. --- initrd/bin/config-gui.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index 730a2a38e..62d41bb90 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -564,9 +564,10 @@ while true; do --yesno "This will disable DEBUG and TRACE output from scripts. \n\nDo you want to proceed?" 0 80) then - set_user_config "CONFIG_DEBUG_OUTPUT" "n" - set_user_config "CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT" "n" - + # Unset both debugging and tracing output + unset_user_config "CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT" + unset_user_config "CONFIG_DEBUG_OUTPUT" + whiptail --title 'Config change successful' \ --msgbox "Debugging and Tracing output disabled;\nsave the config change and reboot for it to go into effect." 0 80 fi