Add x230-external-flash board, working CIs and replacing x230 default…

… building board with x230-external-flash in both CircleCI and GitlabCI configurations so people can test this PR prior of merging upstream.
linuxboot · Apr 12, 2020 · 960efdc · 960efdc
1 parent 83c22f3
commit 960efdc
Show file tree

Hide file tree

Showing 8 changed files with 514 additions and 13 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -2,14 +2,22 @@ version: 2
 jobs:
   build:
     docker:
-      - image: osresearch/musl-cross:38e52db
+      - image: ubuntu:18.04
     steps:
+      - run:
+          name: Install dependencies
+          command: |
+            apt update
+            apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo
       - checkout
 
+      - restore_cache:
+          key: heads-{{ .Branch }}{{ .Environment.CACHE_VERSION }}
+
       - run:
-          name: Bootstrap make
+          name: git reset
           command: |
-            make -j4 bootstrap
+            git reset --hard "$CIRCLE_SHA1" \
 
 # linuxboot steps need something to pass in the kernel header path
 # skipping for now
@@ -40,31 +48,54 @@ jobs:
       - run:
           name: qemu-coreboot
           command: |
-            ./build/make-4.2.1/make \
-                CROSS=/cross/bin/x86_64-linux-musl- \
-                --load 2 \
+            rm -rf build/make-4.2.1/ build/qemu-coreboot/* && make --load 2 \
                 V=1 \
                 BOARD=qemu-coreboot \
+          no_output_timeout: 3h
+      - run:
+          name: Output qemu-coreboot hashes
+          command: |
+             cat build/qemu-coreboot/hashes.txt \
 
       - store-artifacts:
           path: build/qemu-coreboot/coreboot.rom
       - store-artifacts:
           path: build/qemu-coreboot/hashes.txt
 
       - run:
-          name: x230
+          name: x230-external-flash
           command: |
-            ./build/make-4.2.1/make \
-                CROSS=/cross/bin/x86_64-linux-musl- \
-                --load 2 \
+            make --load 2 \
                 V=1 \
-                BOARD=x230 \
+                BOARD=x230-external-flash \
+          no_output_timeout: 3h
+      - run:
+          name: Ouput x230-external-flash hashes
+          command: |
+            cat build/x230-external-flash/hashes.txt \
+      - run:
+          name: Archiving build logs to bundle in artifacts
+          command: |
+            tar zcvf logs.tar.gz ./build/log/*
+
 
       - store-artifacts:
-          path: build/x230/coreboot.rom
+          path: build/x230-external-flash/coreboot.rom
+      - store-artifacts:
+          path: build/x230-external-flash/x230-external-flash-bottom.rom
+      - store-artifacts:
+          path: build/x230-external-flash/x230-external-flash-top.rom
+      - store-artifacts:
+          path: build/x230-external-flash/initrd.cpio.xz
       - store-artifacts:
-          path: build/x230/hashes.txt
+          path: logs.tar.gz
 
+      - save_cache:
+          key: heads-{{ .Branch }}{{ .Environment.CACHE_VERSION }}
+          paths:
+            - packages
+            - crossgcc
+            - build
 
 workflows:
   version: 2

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -0,0 +1,31 @@
+image: fedora:30
+
+variables:
+  DOCKER_DRIVER: overlay2
+
+stages:
+  - build
+
+build:
+  stage: build
+  retry: 2
+  cache:
+    paths:
+      - ./
+    key: "$CI_COMMIT_REF_SLUG"
+  script:
+    - dnf install -y @development-tools gcc-c++ gcc-gnat zlib-devel perl-Digest-MD5 perl-Digest-SHA uuid-devel pcsc-tools ncurses-devel lbzip2 libuuid-devel lzma elfutils-libelf-devel bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget libusb-devel cmake automake pv bsdiff autoconf libtool expat-devel boost-devel libaio-devel cpio texinfo
+    - git fetch origin 
+    - git reset --hard origin/$CI_COMMIT_REF_NAME
+    - make BOARD=x230-external-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1)
+    - echo "x230-external-flash hashes:"
+    - cat ./build/x230-external-flash/hashes.txt
+    - tar zcvf logs.tar.gz ./build/log/*
+  artifacts:
+    paths:
+      - ./build/x230-external-flash/coreboot.rom
+      - ./build/x230-external-flash/x230-external-flash-top.rom
+      - ./build/x230-external-flash/x230-external-flash-bottom.rom
+      - ./build/x230-external-flash/hashes.txt
+      - ./build/x230-external-flash/initrd.cpio.xz
+      - ./logs.tar.gz
diff --git a/blobs/xx30/README b/blobs/xx30/README
@@ -0,0 +1,28 @@
+The ME blobs dumped in this directory come from the following link: https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/thinkpad-t-series-laptops/thinkpad-t430/downloads/DS032435
+
+You can arrive to the same result by doing the following:
+wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe && innoextract g1rg24ww.exe && python ~/me_cleaner/me_cleaner.py -r -t -O ~/heads/blobs/xx30/me.bin app/ME8_5M_Production.bin
+
+sha256sums:
+f60e1990e2da2b7efa58a645502d22d50afd97b53a092781beee9b0322b61153  g1rg24ww.exe
+821c6fa16e62e15bc902ce2e958ffb61f63349a471685bed0dc78ce721a01bfa  app/ME8_5M_Production.bin
+c140d04d792bed555e616065d48bdc327bb78f0213ccc54c0ae95f12b28896a4  blobs/x230/me.bin
+
+x230-ifd.bin is extracted from an external flashrom backup (no way found to be able to extract it from Lenovo firmware upgrades as of now):
+python ~/me_cleaner/me_cleaner.py -S -r -t -d -O discarded.bin -D ~/haeds/blobs/xx30/x230-ifd.bin -M temporary_me.bin x230_bottom_spi_backup.rom
+
+sha256sum:
+68c1e9be8e2f99b2432e86219515f7f2fea61a4d00c7f9ea936d76d9dab2869b  blobs/x230/x230-ifd.bin
+
+ls -al blobs/x230/*.bin
+-rw-r--r-- 1 user user  4096 Mar 15 12:55 blobs/x230/x230-ifd.bin
+-rw-r--r-- 1 user user 98304 Mar 15 14:33 blobs/x230/me.bin
+
+Notes: as specified in first link, this ME can be deployed to:
+    Helix (Type 3xxx)
+    T430, T430i, T430s, T430si, T431s
+    T530, T530i
+    W530
+    X1 Carbon (Type 34xx), X1 Helix (Type 3xxx), X1 Helix (Type 3xxx) 3G
+    X230, X230i, X230 Tablet, X230i Tablet, X230s
+
diff --git a/blobs/xx30/me.bin b/blobs/xx30/me.bin
diff --git a/blobs/xx30/x230-ifd.bin b/blobs/xx30/x230-ifd.bin
diff --git a/boards/x230-external-flash/x230-external-flash.config b/boards/x230-external-flash/x230-external-flash.config
@@ -0,0 +1,60 @@
+# Configuration for a x230 running Qubes and other OSes
+#Includes deactivated+neutered ME and expended consequent IFD 
+export CONFIG_COREBOOT=y
+CONFIG_COREBOOT_CONFIG=config/coreboot-x230-external-flash.config
+CONFIG_LINUX_CONFIG=config/linux-x230-external-flash.config
+
+CONFIG_CRYPTSETUP=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+CONFIG_DROPBEAR=y
+
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+
+export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-Neutered_ME Heads Boot Menu"
+export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
+export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq"
+
+# This board has two SPI flash chips, an 8 MB that holds the IFD,
+# the ME image and part of the coreboot image, and a 4 MB one that
+# has the rest of the coreboot and the reset vector.
+#
+# This x230-external-flash board includes neutralized+deactivated Intel ME produced from the following command: 
+#   wget https://download.lenovo.com/pccbbs/mobiles/g1rg24ww.exe && innoextract g1rg24ww.exe && python ~/me_cleaner/me_cleaner.py -r -t -O heads/blobs/xx30/me.bin app/ME8_5M_Production.bin
+#       
+# As a consequence, this replaces the need of having to flash x230-flash and expends available CBFS region (11.5Mb available CBFS space)
+#
+# When flashing via an external programmer it is easiest to have
+# to separate files for these pieces.
+all: $(build)/$(BOARD)/$(BOARD)-bottom.rom
+$(build)/$(BOARD)/$(BOARD)-bottom.rom: $(build)/$(BOARD)/coreboot.rom
+	$(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none)
+	@sha256sum $@
+
+all: $(build)/$(BOARD)/$(BOARD)-top.rom
+$(build)/$(BOARD)/$(BOARD)-top.rom: $(build)/$(BOARD)/coreboot.rom
+	$(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none)
+	@sha256sum $@
diff --git a/config/coreboot-x230-external-flash.config b/config/coreboot-x230-external-flash.config
@@ -0,0 +1,29 @@
+CONFIG_LOCALVERSION="heads"
+CONFIG_ANY_TOOLCHAIN=y
+# CONFIG_INCLUDE_CONFIG_FILE is not set
+# CONFIG_COLLECT_TIMESTAMPS is not set
+CONFIG_USE_BLOBS=y
+CONFIG_MEASURED_BOOT=y
+CONFIG_VENDOR_LENOVO=y
+CONFIG_CBFS_SIZE=0xB80000
+CONFIG_HAVE_IFD_BIN=y
+CONFIG_IFD_BIN_PATH="../../blobs/xx30/x230-ifd.bin"
+CONFIG_HAVE_ME_BIN=y
+CONFIG_ME_BIN_PATH="../../blobs/xx30/me.bin"
+# CONFIG_POST_IO is not set
+# CONFIG_POST_DEVICE is not set
+CONFIG_DRIVERS_UART_8250IO=y
+CONFIG_BOARD_LENOVO_X230=y
+CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_UART_PCI_ADDR=0
+CONFIG_NO_GFX_INIT=y
+# CONFIG_CONSOLE_SERIAL is not set
+CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="../../build/x230-external-flash/bzImage"
+CONFIG_PAYLOAD_OPTIONS=""
+# CONFIG_PXE is not set
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_INITRD="../../build/x230-external-flash/initrd.cpio.xz"
+CONFIG_DEBUG_SMM_RELOCATION=y