KGPE-D16 Coreboot 4.11 + Measured Boot #867

@miczyg1

Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC Adding dual console to OpenBmc and tty0 putting kgpe-d16-coreboot.conf in defconfig format NO_HZ wasn't included in kernel config. Adding it. Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation Removing serial configuration and static IP stuff since we have a workstation here. Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then. Placing files in good directories Corrrect flashrom options for kgpe-d16 server and workstation boards kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH. kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation) kgpe-d16_workstation in defconfig format kgpe-d16 boards: pass from GPG to GPG2 board definitions kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging kgpe-d16 : expressively export CONFIG_TPM=n kgpe-d16_wokstation gui-init variables were missing kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized linux-kgpe-d16*: add support for Pike kgpe-d16_workstation-usb_keyboard board support addition kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based GitlabCI: kgpe-d16 fixes and upstream merge of change kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file KGPE-D16: community work migration to coreboot 4.11 to fix issue linuxboot#740 KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per linuxboot#709 kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under linuxboot#795 (comment) KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under linuxboot#795 (comment) kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch kgpe-d16 boards: add Linux kernel version where missing. CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master coreboot module: typo correction (tabs vs spaces) CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large" CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support At this stage: - job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32) - "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console. coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM) coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram. CircleCI & coreboot config: fix merge conflict rebasing on master coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599 Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for linuxboot#867

Bring patches/coreboot-4.11 on par with master Removed patches/coreboot-4.11/0020-kgpe-d16-vboot.patch Removed Vboot options from KGPE-D16 coreboot configs Enabled TPM in kgpe-d16 board configs Enabled measured boot in kgpe-d16 coreboot configs. Added support for video cards that require nouveau, radeon and amdgpu drivers in linux-kgpe-d16_workstation.config `nouveau.config=NvForcePost=1` to be added to kexec'd kernels for better Nvidia card support.

…t defined, describe better board configs applications

cp config/linux.. ./build/linux*/.config cd build/linux* make savedefconfig cp defconfig ../../config/linux.. Resulting in only linux-kgpe-d16_workstation.config being updated. For KGPE-D16 workstation boards: Remove `console=tty0` from `CONFIG_BOOT_KERNEL_ADD` as was blocking Qubes graphical installer (CLI installer was launched). Comment out `export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles"` to provide a more desktop like experience. Removed 0001-cpu-x86-smm-Use-PRIxPTR-to-print-uintptr_t.patch as already exists as 0000-cpu-x86-smm-Use-PRIxPTR-to-print-uintptr_t.patch Added 0020-kgpe-d16_measured-boot-support.patch for coreboot 4.11 Fix TPM errors when microcode is measured by initialising TPM earlier and loading the microcode later. Thanks to Michał Żygowski <miczyg1> for condition suggestion: `if (CONFIG(MEASURED_BOOT) && CONFIG(LPC_TPM) && boot_cpu())` Locate bootblock location and size with CBFS API. Credit to: Michał Żygowski <miczyg1>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

KGPE-D16 Coreboot 4.11 + Measured Boot #867

KGPE-D16 Coreboot 4.11 + Measured Boot #867

Commits on Dec 2, 2020