WIP: Update coreboot to version 4.9 #515
Conversation
|
I forgot: IMO we need to put the measured boot implementation up to review.coreboot.org for discussion. (or is it already? where?) After a successful test, which brings me to the next point: How would you test our measure boot firmware attestation (totp) in a practical way? (without hardware flashing?) thanks! (and sorry, I'm just being lazy, I know :) |
This does a few steps in order to retain a working build: * bump coreboot from 4.8.1 to 4.9 (module version and hashes) * remove _all_ patches against coreboot 4.8.1 (they're still in git) * port the patches we apply to coreboot 4.9 (INCOMPLETE!) First, what's important: This is NOT tested. It only builds. ===== TODO ===== Second, the following patches are still MISSING and need to be ported: * 0009-Add-heads-TPM-measurements-to-Skylake-Kabylake.patch * 0020-kgpe-d16.patch * 0007-intel-fsp-fsp2_0-Fix-FSP-2.0-headers-to-match-github.patch has to be either ported or dealt with in configs, if possible. * This has to be tested; especially if measured boot really works == END OF TODO == The rest of the patches against 4.8.1 are part of coreboot 4.9. For the release notes, see https://doc.coreboot.org/releases/coreboot-4.9-relnotes.html
|
#500 (comment) mentions the FSP format config. what option is that? thanks! |
|
@merge: As stated here, measured boot is not present in coreboot 4.9; the releases notes are misleading. Here is the coreboot review. |
I know. That's why we implement it in the first of our patches against coreboot; that I rebased. Either I am confused or you haven't looked at my commit :) thanks for the link! I've done useless work then :) |
|
Just looked at the text :)
I'll check it out!
…On February 8, 2019 12:41:25 AM EST, Martin Kepplinger ***@***.***> wrote:
> @merge: As stated
[here](#500 (comment)),
measured boot is not present in coreboot 4.9; the releases notes are
misleading.
>
> Here is the [coreboot
review](https://review.coreboot.org/c/coreboot/+/29547/43).
I know. That's why we implement it in the first of our patches against
coreboot; that I rebased. Either I am confused or you haven't looked at
my commit :)
--
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
#515 (comment)
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
|
|
Should I close the other pull request if you all have it from here? |
dropped and configs adjusted, since fsp is now in 3rdparty submodule and github configs/binaries can be used |
|
Adding link to #287 so that we can close those when measured boot is merged upstream to coreboot. |
|
so, with coreboot 4.10 being just around the corner: @zaolin why is https://review.coreboot.org/c/coreboot/+/29815/1 not yet in? and again, how does it apply to the x230 too, as there is https://review.coreboot.org/c/coreboot/+/29816/5 for the t530. anything missing in coreboot-gerrit for the x230 in order to move to or test the new interface for measured boot? |
|
Nobody reviewed nor tested it. I just wrote the necessary "code" to support it :) |
|
Let's rebase this on top of coreboot's master branch HEAD in a new PR. Measured boot should stay just as it is right now. Moving to vboot-measured-boot is a totally different task (with some work still missing) and will thus be an independent pull request (ideally: dropping all patches we still have right here, plus some coreboot config changes). |
might as well do it on top of 4.10 once that's released in a week :) |
|
continued in #568 |
DISCLAIMER: I've done this really quick in order to be able to test on an x230. Please review and help out with the TODOs. thanks! I put this up as a PR in case it is a useful starting point for you to help.
This does a few steps in order to retain a working build:
First, what's important: This is NOT tested. It only builds.
===== TODO =====
Second, the following patches are still MISSING and need to be ported:
to be either ported or dealt with in configs, if possible.
== END OF TODO ==
The rest of the patches against 4.8.1 are part of coreboot 4.9.
For the release notes, see
https://doc.coreboot.org/releases/coreboot-4.9-relnotes.html