X230 flash universal init #579
Conversation
| @@ -16,7 +16,7 @@ CONFIG_LINUX_USB=y | |||
| CONFIG_LINUX_E1000E=y | |||
|
|
|||
| export CONFIG_USB_BOOT_DEV="/dev/sdb1" | |||
| export CONFIG_BOOTSCRIPT=/bin/x230-flash.init | |||
| export CONFIG_BOOTSCRIPT=/bin/install.init | |||
|
|
|||
There was a problem hiding this comment.
"updating" and "x230-flash.config" seems to be wrong in the commit message.
There was a problem hiding this comment.
oh sorry, I was reading it wrong. the commit message is fine :)
There was a problem hiding this comment.
@SebastianMcMillan This part would still be nice.
initrd/bin/install.init
Outdated
| @@ -20,7 +20,7 @@ echo '' | |||
| echo 'To install from flash drive:' | |||
| echo '' | |||
| echo ' mount -o ro /dev/sdb1 /media' | |||
| echo ' flashrom-x230.sh /media/x230.rom' | |||
| echo ' flash.sh /media/<rom-file-name>' | |||
| echo '' | |||
There was a problem hiding this comment.
it wasn't back when those changes were actually made.
There was a problem hiding this comment.
has already been fixed...
@merge, where?
|
I would prefer a new -flash.init script. And if we then see that it really can be exactly the same for different models, we can rename. Adding support for a new board itself would be nice not to touch others. Is it just me? |
|
Seeing how the x230-flash.init doesn't do anything specific to the x230, I figure it would be easier to make a universal install.init, not only reducing the amount of clutter we have in the initrd, but also is easier to work with. |
|
@merge flash specifics are defined under flash.sh anyway. Each board addition should be added to it anyway. I like the idea to generalize! |
@merge: I would love to better understand your stance following past comment |
I think x230-flash.init can indeed be renamed to something more generic, if we add another "xxxx-flash" board. |
@merge: and my point is that the boards specific flashroms options currently need to be defined under flash.sh, the proper flashrom call being selected per $CONFIG_BOARD variable, being put dynamically under /etc/config at build time, sourced by init and all other scripts under Heads. The only current exception in current/future boards inclusion being if the board in question can flash another peripheral SPI (eg: iKVM) from within, like presently the case for the kgpe-d16 to update current openbmc/future u-bmc implementations. I have no objection whatsoever in generalizing that two phases "init script" (2 SPI flash flash phase only used once script) which only uses is to show information to user on next steps to be taken, which is to call mount-usb and flash.sh /media/coreboot.rom. I think the X1 Carbon gen 1 #544 is another board that would use the same two phases rom reprogramming used in x230 for internal reprogramming, but i'm not sure). IMOHO, there is no reason to keep an additional "initrd/bin/x230-flash.init " not being renamed into initrd/bin/flash.init", like proposed here for two phases flashing, since flash.sh is still the script needing to implement flashrom specifics. Sorry if I wasn't clear before. |
Add Full Reset option to clear all GPG keys and user settings, both from the local filesystem and running firmware, and clear/reset the TPM Signed-off-by: Matt DeVillier <[email protected]>
Check that any files added to cbfs exist before attempting to add them, so flashing doesn't fail after a reset. Signed-off-by: Matt DeVillier <[email protected]>
Next prompt will be to ensure GPG key is attached, which defaults to Y, so default here as well for consistency Signed-off-by: Matt DeVillier <[email protected]>
Initial card detection can sometimes fail, so prompt the user to remove/reinsert their GPG card before retrying. Since errexit is likely set, disable it prior to calling --card-status so we can handle the error ourself, then re-set if necessary when done. Signed-off-by: Matt DeVillier <[email protected]>
if user chooses abort option, exit without flashing ROM Signed-off-by: Matt DeVillier <[email protected]>
Librem devices store their serial number as a text file in cbfs; persist this across flashes. Signed-off-by: Matt DeVillier <[email protected]>
UX Tweaks [2/2]
Add function to detect boot device. Start by checking CONFIG_BOOT_DEV, then iterate thru all bootable partitions. Check if partition is mountable, contains grub directory. Update CONFIG_BOOT_DEV and mount on /boot if successful. Signed-off-by: Matt DeVillier <[email protected]>
Add oem-factory-reset script which performs an unattended reset and configuration of the device's TPM, GPG security token, and boot device / boot selection. Signed-off-by: Matt DeVillier <[email protected]>
Add an OEM Factory Reset menu option, which performs an unattended reset and configuration of the device's TPM, GPG security token, and boot device / boot selection. Signed-off-by: Matt DeVillier <[email protected]>
superseded by newer version in main options menu Signed-off-by: Matt DeVillier <[email protected]>
Add a check to determine if first boot after flashing a cleaned ROM, and prompt user to run the OEM Factory Reset if so Signed-off-by: Matt DeVillier <[email protected]>
OEM factory reset
update file hashes to match Purism fork
update file hashes to match Purism fork
update Librem blobs
Signed-off-by: Trammell hudson <[email protected]>
Add `--strip 1` to tar file extraction in the `Makefile`, which ensures that the directory name in `build/` will match the one listed in `$($(MODULE)_dir)`. Signed-off-by: Trammell hudson <[email protected]>
Signed-off-by: Trammell hudson <[email protected]>
Using 'let' in these scripts fails when evaluating to zero for some reason, so replace with '$(())' which works as intended. Test: Boot device selection menu shown properly when new/unpartitioned drive installed. Signed-off-by: Matt DeVillier <[email protected]>
When a new /boot device is selected, wait until after successfully mounting the newly-selected device before updating CONFIG_BOOT_DEV. Also, don't assume /boot already mounted, as this can cause a false failure and prevent mounting of the newly-selected device. Lastly, tidy up the error output in case mounting /boot fails. Signed-off-by: Matt DeVillier <[email protected]>
Make gnupg pubkey export an option only in oem-factory-reset
GUI / Boot Device Tweaks
Delete AES keys of Nitrokey Storage after reset
CircleCI: two cache save/restore mechanisms. One bound to musl-cross+patches, one for modules + patches. * Replacing the generic cache bound to CircleCI user to have two caches levels. One for musl-cross and its patchsets, one for all modules and their patchset being the same. So if modules changed, we use the cache for musl-cross as a fallback to economize one hour of precious build time out of two, while most of Heads changes are on the scripts and can be built on top of packages+patches cache
As part of migration to coreboot 4.12, which includes measured boot without additional patches, measure all parts of the firmware and the payload into PCR2. The same is done in coreboot 4.12. This commit ensures that boards not migrated yet will show the same behaviour. TODO: Update heads-wiki. Signed-off-by: Patrick Rudolph <[email protected]>
Add version and hash for coreboot and coreboot-blobs modules. Adjust to use own toolchain, fix blobs path and extraction depth. Test: build Librem 13v4 using both coreboot 4.8.1 and coreboot 4.12 (after adjusting board defconfig), verify correct toolchains used to build each, and that teh result is a bootable ROM. Signed-off-by: Matt DeVillier <[email protected]>
Add option to build against coreboot 4.12
* CircleCI: debian:10 docker based. Give possitility to override CACHE_VERSION through CircleCI when needed * Makefile: fix linuxboot#799 with implementation of @osresearch's recommended linuxboot#799 (comment) * modules/coreboot : indentation fix and putting version hashes together to facilitate future maintainership.
* modules/linux: Add support for multiple kernel versions Follow same pattern as used for coreboot. Add existing kernel version as default for all existing boards. Signed-off-by: Matt DeVillier <[email protected]> * modules/linux: Add option to use 4.19 LTS kernel Add option to use kernel 4.19.139 (current LTS version). Duplicate existing patches from 4.14.62 as they all apply cleanly. Signed-off-by: Matt DeVillier <[email protected]>
…xboot#804) Some grub configs/bls entries contain the full paths to the kernel/initrd files, which the parsers currently fail to handle, causing a failed boot without any useful error being presented to the user. To fix this, strip the bootdir prefix from the menu entries when parsing, should it exist. Test: build/boot Librem 13v2 w/F32 and bls entries containing absolute paths. Signed-off-by: Matt DeVillier <[email protected]>
* patches/coreboot-4.12: Add patch for Cannonlake ME status Add patch print ME status regardless of enablement state Signed-off-by: Matt DeVillier <[email protected]> * modules: add purism-blobs module Rather than require users to manually run a script to download the required blobs to build Purism Librem boards, automate it so the correct version is automatically downloaded/extracted. Restrict to coreboot 4.12 for now since 4.8.1 still needs FSP blobs, which are not in module. Signed-off-by: Matt DeVillier <[email protected]> * configs/linux-librem13v2: unset CONFIG_RETPOLINE Fixes compilation issue with newer kernels, ignored by older ones which don't need it Signed-off-by: Matt DeVillier <[email protected]> * Add new board: Librem Mini Add Librem Mini board patch for coreboot 4.12, board config and coreboot config. Continue reusing existing librem13v2 Linux config, same as all other Librem boards currently. Use new purism-blobs module. Signed-off-by: Matt DeVillier <[email protected]> * board/librem*: rename for consistency Use 'librem_<board>' notation for consistency across all models. Rename linux config file since used by multiple Librem models. Signed-off-by: Matt DeVillier <[email protected]> * CircleCI: add librem_mini board to test Signed-off-by: Matt DeVillier <[email protected]>
…mit would produce the same binary signature long term. (linuxboot#820)
xx30 boards: fixing CONFIG_CBFS_SIZE=0x710000 for x230 and t430 boards
Coreboot 4.12, on which the librem_mini depends, doesn't build under debian:10 docker image as of right now. It was building over debian:bullseye (where 4.8.1 boards didn't) which constructed a valid cache that was reused when building linuxboot#806 (https://app.circleci.com/pipelines/github/tlaurion/heads/364/workflows/df9bad8d-8ff1-40da-b8d8-1b87a05be509/jobs/392) Consequently, more troubleshooting would need to be done under local debian:10 docker image.
Command returns a list of utilities found. This can happen if multiple
coreboot folders are present.
Use only one to fix a crash in the following lines.
Test: Being able to extract blobs when two coreboot folders are present,
both containing an IFDTOOL.
Signed-off-by: Patrick Rudolph <[email protected]>
|
Now that I've got an X230 again, I'll have to take a look at it sometime
soon.
Edit: I may end up opening a new PR, that rebase was not clean at all.
…On Fri, Sep 4, 2020, 13:06 tlaurion ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In boards/x230-flash/x230-flash.config
<#579 (comment)>:
> @@ -16,7 +16,7 @@ CONFIG_LINUX_USB=y
CONFIG_LINUX_E1000E=y
export CONFIG_USB_BOOT_DEV="/dev/sdb1"
-export CONFIG_BOOTSCRIPT=/bin/x230-flash.init
+export CONFIG_BOOTSCRIPT=/bin/install.init
@SebastianMcMillan <https://github.com/SebastianMcMillan> This part would
still be nice.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#579 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFNTUND6QVQVW4332ECGUETSEEUC3ANCNFSM4HVNFEJA>
.
|
|
Yeah, this branch is toast, I'm gonna make a new PR. |
This change makes the x230-flash.init file into a universal install.init, letting one reuse the install.init for other split SPI flash boards, such as the T430.