Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

KGPE-D16 Coreboot 4.11 + Measured Boot #867

Merged
merged 4 commits into from
Dec 2, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 71 additions & 1 deletion .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,77 @@ jobs:
# - store-artifacts:
# path: build/qemu-linuxboot/hashes.txt

- run:
name: kgpe-d16_workstation
command: |
rm -rf build/kgpe-d16_workstation/* build/log/* && \
make CPUS=4 V=1 BOARD=kgpe-d16_workstation || \
(find ./build/ -name "*.log" -type f -mmin -1 | while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log; done; exit 1) \
no_output_timeout: 3h
- run:
name: Ouput kgpe-d16_workstation hashes
command: |
cat build/kgpe-d16_workstation/hashes.txt \
- run:
name: Archiving build logs for kgpe-d16_workstation
command: |
tar zcvf build/kgpe-d16_workstation/logs.tar.gz build/log/*
- store-artifacts:
path: build/kgpe-d16_workstation

- run:
name: kgpe-d16_workstation-usb_keyboard
command: |
rm -rf build/kgpe-d16_workstation-usb_keyboard/* build/log/* && \
make CPUS=4 V=1 BOARD=kgpe-d16_workstation-usb_keyboard || \
(find ./build/ -name "*.log" -type f -mmin -1 | while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log; done; exit 1) \
no_output_timeout: 3h
- run:
name: Ouput kgpe-d16_workstation-usb_keyboard hashes
command: |
cat build/kgpe-d16_workstation-usb_keyboard/hashes.txt \
- run:
name: Archiving build logs for kgpe-d16_workstation-usb_keyboard
command: |
tar zcvf build/kgpe-d16_workstation-usb_keyboard/logs.tar.gz build/log/*
- store-artifacts:
path: build/kgpe-d16_workstation-usb_keyboard

- run:
name: kgpe-d16_server
command: |
rm -rf build/kgpe-d16_server/* build/log/* && \
make CPUS=4 V=1 BOARD=kgpe-d16_server || \
(find ./build/ -name "*.log" -type f -mmin -1 | while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log; done; exit 1) \
no_output_timeout: 3h
- run:
name: Ouput kgpe-d16_server hashes
command: |
cat build/kgpe-d16_server/hashes.txt \
- run:
name: Archiving build logs for kgpe-d16_server
command: |
tar zcvf build/kgpe-d16_server/logs.tar.gz build/log/*
- store-artifacts:
path: build/kgpe-d16_server

- run:
name: kgpe-d16_server-whiptail
command: |
rm -rf build/kgpe-d16_server-whiptail/* build/log/* && \
make CPUS=4 V=1 BOARD=kgpe-d16_server-whiptail || \
(find ./build/ -name "*.log" -type f -mmin -1 | while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log; done; exit 1) \
no_output_timeout: 3h
- run:
name: Ouput kgpe-d16_server-whiptail hashes
command: |
cat build/kgpe-d16_server-whiptail/hashes.txt \
- run:
name: Archiving build logs for kgpe-d16_server-whiptail
command: |
tar zcvf build/kgpe-d16_server-whiptail/logs.tar.gz build/log/*
- store-artifacts:
path: build/kgpe-d16_server-whiptail
- run:
name: librem_l1um
command: |
Expand Down Expand Up @@ -121,7 +192,6 @@ jobs:

- run:
name: x230-flash
#We delete build/make-4.2.1/ directory until issue #799 is fixed.
command: |
rm -rf build/x230-flash/* build/log/* && make CPUS=4 V=1 BOARD=x230-flash || touch /tmp/failed_build
no_output_timeout: 3h
Expand Down
46 changes: 41 additions & 5 deletions .gitlab-ci.yml.deprecated
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ stages:

build:
stage: build
retry: 1
retry: 2
cache:
paths:
- packages
Expand Down Expand Up @@ -55,7 +55,6 @@ build:
- cat ./build/x230/hashes.txt
- echo "Archiving x230 logs..."
- tar zcvf ./build/x230/logs.tar.gz ./build/log/*

- echo "Removing old t430 artifacts..."
- rm -rf ./build/t430/*
- rm -rf ./build/log/*
Expand All @@ -65,8 +64,43 @@ build:
- cat ./build/t430/hashes.txt
- echo "Archiving t430 logs..."
- tar zcvf ./build/t430/logs.tar.gz ./build/log/*

- echo "Removing old qemu-coreboot artifacts..."
- echo "Removing old kgpe-d16_workstation artifacts..."
- rm -rf ./build/kgpe-d16_workstation/*
- rm -rf ./build/log/*
- echo "Building BOARD=kgpe-d16_workstation board..."
- make BOARD=kgpe-d16_workstation || (find ./build/log/ -cmin 1|xargs tail; exit 1)
- echo "kgpe-d16_workstation hashes:"
- cat ./build/kgpe-d16_workstation/hashes.txt
- echo "Archiving kgpe-d16_workstation logs..."
- tar zcvf ./build/kgpe-d16_workstation/logs.tar.gz ./build/log/*
- echo "Removing old kgpe-d16_workstation-usb_keyboard artifacts..."
- rm -rf ./build/kgpe-d16_workstation-usb_keyboard/*
- rm -rf ./build/log/*
- echo "Building BOARD=kgpe-d16_workstation-usb_keyboard board..."
- make BOARD=kgpe-d16_workstation || (find ./build/log/ -cmin 1|xargs tail; exit 1)
- echo "kgpe-d16_workstation-usb_keyboard hashes:"
- cat ./build/kgpe-d16_workstation-usb_keyboard/hashes.txt
- echo "Archiving kgpe-d16_workstation-usb_keyboard logs..."
- tar zcvf ./build/kgpe-d16_workstation-usb_keyboard/logs.tar.gz ./build/log/*
- echo "Removing old kgpe-d16_server-whiptail artifacts..."
- rm -rf ./build/kgpe-d16_server-whiptail/*
- rm -rf ./build/log/*
- echo "Building BOARD=kgpe-d16_server-whiptail board..."
- make BOARD=kgpe-d16_server-whiptail || (find ./build/log/ -cmin 1|xargs tail; exit 1)
- echo "kgpe-d16_server-whiptail hashes:"
- cat ./build/kgpe-d16_server-whiptail/hashes.txt
- echo "Archiving kgpe-d16_server-whiptail logs..."
- tar zcvf ./build/kgpe-d16_server-whiptail/logs.tar.gz ./build/log/*
- echo "Removing old kgpe-d16_server artifacts..."
- rm -rf ./build/kgpe-d16_server/*
- rm -rf ./build/log/*
- echo "Building BOARD=kgpe-d16_server board..."
- make BOARD=kgpe-d16_server || (find ./build/log/ -cmin 1|xargs tail; exit 1)
- echo "kgpe-d16_server hashes:"
- cat ./build/kgpe-d16_server/hashes.txt
- echo "Archiving kgpe-d16_server logs..."
- tar zcvf ./build/kgpe-d16_server/logs.tar.gz ./build/log/*
- echo "Removing old qemu-coreboot artifacts..."
- rm -rf ./build/qemu-coreboot/*
- rm -rf ./build/log/*
- echo "Building BOARD=qemu-coreboot board..."
Expand All @@ -79,9 +113,11 @@ build:
- du -shc packages crossgcc build
artifacts:
paths:
- ./build/kgpe-d16_workstation
- ./build/kgpe-d16_workstation-usb_keyboard
- ./build/kgpe-d16_server
- ./build/qemu-coreboot
- ./build/x230-flash
- ./build/t430-flash
- ./build/x230-hotp-verification
- ./build/x230
- ./build/t430
36 changes: 0 additions & 36 deletions boards/kgpe-d16/kgpe-d16.config

This file was deleted.

77 changes: 77 additions & 0 deletions boards/kgpe-d16_server-whiptail/kgpe-d16_server-whiptail.config
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
# Configuration for a kgpe-d16_server with whiptail, permitting usage of gui-init on console without FB graphic
# per https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-status.php work, with patches merged into Heads
#
# Tested: ASMBV4 reprogrammed per https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-status.php
#
# Status:
# - ASpeed text output given on VGA
# - All console output rerirected to sttyS0
# - TPM support in romstage (not bootblock) with TPM SLB9635 TT 1.2 by Infineon
#
# - To connect to BMC: https://github.com/osresearch/heads/issues/134#issuecomment-368922440
# - Please contribute documentation on heads-wiki
# - Please support https://github.com/osresearch/heads/issues/719
# - Disk Unlock Key released by TPM since not deactivated

export CONFIG_COREBOOT=y
export CONFIG_COREBOOT_VERSION=4.11
export CONFIG_LINUX_VERSION=4.14.62

CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_server-whiptail.config
CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_server-whiptail.config

CONFIG_CRYPTSETUP=y
CONFIG_FLASHROM=y
CONFIG_FLASHTOOLS=y
CONFIG_GPG2=y
CONFIG_KEXEC=y
CONFIG_UTIL_LINUX=y
CONFIG_LVM2=y
CONFIG_MBEDTLS=y
CONFIG_PCIUTILS=y
CONFIG_POPT=y
CONFIG_QRENCODE=y
CONFIG_TPMTOTP=y
CONFIG_DROPBEAR=y

#Whiptail
CONFIG_SLANG=y
CONFIG_NEWT=y
#FBWhiptail
#CONFIG_CAIRO=y
#CONFIG_FBWHIPTAIL=y

CONFIG_LINUX_USB=y
CONFIG_LINUX_E1000E=y
export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y

export CONFIG_TPM=y
#BOOT SCRIPT SELECTION
#export CONFIG_BOOTSCRIPT=/bin/generic-init
export CONFIG_BOOTSCRIPT=/bin/gui-init
#export CONFIG_BOOTSCRIPT_NETWORK=/bin/network-init-recovery
export CONFIG_BOOT_GUI_MENU_NAME="KGPE-D16 Heads Boot Menu"
export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"

#CONSOLE SELECTION
#Single output to OpenBMC
export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 "

#Dual output to local console (tty0) and OpenBmc (ttyS1)
#export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 console=tty0"

#Single output to tty0
#export CONFIG_BOOT_KERNEL_ADD="nohz=on"
export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
export CONFIG_BOOT_STATIC_IP=192.168.2.3


export CONFIG_BOOT_REQ_HASH=n
export CONFIG_BOOT_REQ_ROLLBACK=n
export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles"
export CONFIG_BOOT_DEV="/dev/sda1"
export CONFIG_USB_BOOT_DEV="/dev/sdb1"

export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal"
#export CONFIG_BOOT_STATIC_IP=192.168.1.2
59 changes: 59 additions & 0 deletions boards/kgpe-d16_server/kgpe-d16_server.config
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
# Configuration for a kgpe-d16_server
# per https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-status.php work, with patches merged into Heads
#
# Tested: ASMBV4 reprogrammed per https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-status.php
#
# Status:
# - ASpeed text output given on VGA
# - All console output rerirected to sttyS0
# - TPM support in romstage (not bootblock) with TPM SLB9635 TT 1.2 by Infineon
#
# - To connect to BMC: https://github.com/osresearch/heads/issues/134#issuecomment-368922440
# - Please contribute documentation on heads-wiki
# - Please support https://github.com/osresearch/heads/issues/719
export CONFIG_COREBOOT=y
export CONFIG_COREBOOT_VERSION=4.11
export CONFIG_LINUX_VERSION=4.14.62

CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_server.config
CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_server.config

CONFIG_CRYPTSETUP=y
CONFIG_FLASHROM=y
CONFIG_FLASHTOOLS=y
CONFIG_GPG2=y
CONFIG_KEXEC=y
CONFIG_UTIL_LINUX=y
CONFIG_LVM2=y
CONFIG_MBEDTLS=y
CONFIG_PCIUTILS=y
CONFIG_POPT=y
CONFIG_QRENCODE=y
CONFIG_TPMTOTP=y
CONFIG_DROPBEAR=y

CONFIG_LINUX_USB=y
CONFIG_LINUX_E1000E=y
export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y

export CONFIG_TPM=y
#BOOT SCRIPT SELECTION
export CONFIG_BOOTSCRIPT=/bin/generic-init
#export CONFIG_BOOTSCRIPT_NETWORK=/bin/network-init-recovery

#CONSOLE SELECTION
#Single output to OpenBMC
#export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 "
#Dual output to local console (tty0) and OpenBmc (ttyS1)
export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 console=tty0"
export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
export CONFIG_BOOT_STATIC_IP=192.168.2.3

export CONFIG_BOOT_REQ_HASH=n
export CONFIG_BOOT_REQ_ROLLBACK=n
export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles"
export CONFIG_BOOT_DEV="/dev/sda1"
export CONFIG_USB_BOOT_DEV="/dev/sdb1"

export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal"
#export CONFIG_BOOT_STATIC_IP=192.168.1.2
Loading