-
-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option to build against coreboot 4.12 #721
Conversation
CBFS size on T420 and X220 is already at absolute maximum (pending PR). |
@SebastianMcMillan #693 you mean? I'll rebase on top of that once merged |
1e57b1f
to
12dda6c
Compare
@SebastianMcMillan all good now I think |
This PR is the followup of #709? |
@MrChromebox @SebastianMcMillan : 4.12 is populating exactly the same as here? Will try to test in the next days on x230. |
bit of a circular reference :) Assume you meant a different PR? |
@MrChromebox corrected past reference. Questioning it now. Well I do not know if it was expected to work but from my results, neither of the following are populated PCRs supposedly measured by Heads:
While PCRs 0-3 are supposed to be filled by coreboot and do not represent what Heads is supposed to measure by its coreboot patch:
While PCRs 6-7 of Heads, not conflicting by coreboot, are still measured here per screenshot:
Heads measurements doc @MrChromebox only done functional testing here, setting a default boot option and mystyping disk unlock key passphrase to have Was it thought to be functional and a simple repackaging of #709? |
@MrChromebox : |
@tlaurion I don't see any coreboot-related patches in #709, with the exception of the SMM patch, which is already merged in coreboot 4.12. And with 4.12, measured boot is decoupled from vboot, so vboot isn't necessary (though it would certainly make sense to rebase #709 to add vboot in addition to measured boot). |
The PCRs are extended like it's documented here: https://doc.coreboot.org/security/vboot/measured_boot.html |
@MrChromebox : i'm not sure everybody will agree here, but since patches are applied to versions and commit ids now, I do not think removing patches is a good idea. coreboot 4.8.1 patches could stay in repo forever. We could force boards to use specific versions of coreboot (kgpe-d16) instead of deleting boards. @PatrickRudolph @MrChromebox : I'm not sure what are the next steps here. |
@tlaurion are you suggesting we keep older versions of modules and patches in tree and buildable? that's a nightmare to maintain w/r/t build tools etc. If anything, branch off for older devices and they can be maintained by interested parties, but let's not carry everything forward forever The coreboot 4.11+vboot PR has the same issue with PCRs being used differently by coreboot. I'll take a look at coreboot 4.11+'s measured boot and see if I can extend the PCRs to match the previous implementation, but won't have time to do that until next week |
@MrChromebox I was talking about a way to say:
This way, someone wanting to build kgpe-d16 could still make Limitation:
The outcome of this would be to be able to produce reproducible board roms as artifacts. As of today, the x230-hotp-board is build from CircleCI (debian) and GitlabCI (Fedora). |
@tlaurion but it's not just keeping coreboot 4.8.1 and patches, it's maintaining the toolchain, and likely a fixed version of flashrom and the kernel as well. If we decide we want to fix those for all boards, then there's an exponential increase in work to maintain, and an inertia to keep boards on older versions if they work there. I feel like the way coreboot does things with periodic versioned releases, and dropping non-compliant boards after a new release is the only sane way to do things. Tag/branch a release before we move to coreboot 4.12, and let legacy boards live there. |
What I propose is to keep/modify:
Limitations:
Effect:
@MrChromebox @SebastianMcMillan @merge : thoughts? |
my main concern is with the toolchain, and changes to it now affecting 2 (or more) versions of coreboot |
Hi. Compiling of this completes succesfull, but flashing the rom gives me no video output on my x230 with modded fhd display even if I swap the data.vbt and gma-mainboard.ads in the coreboot files with their patched equivalents. It used to work with the merge:coreboot_next patch. Any ideas what could cause this? How can I get this to work on the x230 with fhd mod? |
@AdmerStroh does coreboot 4.12 + SeaBIOS/Tianocore work properly with the FHD modifications? I don't know what changes might have affected the FHD mod between 4.11 and 4.12, but I'm guessing something on the libgfxinit side. What's the modded gma-mainboard file look like? |
@MrChromebox It does (the latest version of Skulls works just fine without any additional modifications). The modded gma-mainboard file has just LVDS output removed (see https://review.coreboot.org/c/coreboot/+/28950/10/src/mainboard/lenovo/x230/variants/x230_fhd/gma-mainboard.ads). It is strange regarding that stock coreboot 4.12 works just fine.. Maybe someone with a fhd-modded x230 could test if it works for them?.. |
@AdmerStroh is the screen backlight coming on? the default config for the x230 w/coreboot 4.12 under Heads should leave libgfxinit as the default display init. Unfortunately I only have a standard x230 here to test, not a FHD one |
@MrChromebox The backlight is coming on and can be dimmed via press on the power button. I will try to force output over the mini-dp port and get something on an external monitor. I will report the results. |
@MrChromebox unfortunately, even with only HDMI1 in gma-mainboard file enabled, no video output over external monitor (mini-dp). Maybe I made a fault merging your patch? For now, I will just use skulls or revert back to 4.11. Maybe someone more experienced than me with a x230 fhd mod could try and share their experience. Nonetheless thank you! |
@AdmerStroh : my intuition here may be how you cleaned me. Edit: maybe not, since this seems valid even if ME wasn't cleaned completely: https://github.com/osresearch/heads/pull/721/files#diff-2d4ed2860b55bb308eacc61e6c18a86fR5 |
@tlaurion I used the skulls script with the me-cleaning option on the bottom spi chip. Will it be reinstalled when I internally flash the full 12mb rom image? By the way, compiling and externally flashing the 4MB x230-flash rom with this patch works and I get a console output |
@AdmerStroh @MrChromebox this is why I'm wondering where your absence of console comes from on full rom image (230's coreboot.rom) since x230-flash.rom image gives console output. |
@tlaurion @MrChromebox Ok. I could succesfully resolve my issue by applying this patch #703 and flashing both the top and the bottom image externally. So probably tlaurion was right with the me not properly cleaned in the bottom chip.. Thank you very much for the help :) |
@AdmerStroh : please make sure you read the big fat warning I just added here If you intend to flash through x230-flash image, you are not supposed to play with #703 at all. #703 is WiP and is not ready, hence why it is not merged in master. If you come from x230-flash or Skulls, you need to apply x230 image from within x230-flash, and stay with x230 board upgrades. Images built from master can be downloaded from artifacts here and here. Note that as you can see, the builds are not yet reproducible since this issue is not yet resolved |
28d3b7c being merged, #721 #709 are next. |
@MrChromebox ok. So logic is inverted and fallsback to 4.12 default for boards not specifying other version. Testing with x230-htop-verification board removing coreboot 4.8.1 version here: https://app.circleci.com/pipelines/github/tlaurion/heads/292/workflows/8cb5121b-dc5d-4099-8aed-ad80cd1cdea0/jobs/317 |
@MrChromebox : not specifying the coreboot version under test board x230-hotp-verification resulted in this error:
Doing manual tests locally. |
@tlaurion yeah was about to say, the behavior w/r/t specifying the coreboot version is unchanged. No logic inverted, no fallback |
@tlaurion I don't see why you need to patch anything outside of the board/coreboot configs, unless your fork isn't up to date. The 'libremkey-hotp-verification' module doesn't exist anymore so that tells me it isn't. Any reason the Librem boards (which need to stay on 4.8.1 for now) aren't being built (without blobs) as part of CI testing? |
@PatrickRudolph : unfortunately, the x230-hotp-verification build here (and I suspect all other xx30 boards) still suffer from #770. As said in other tickets, that regression came out after changing the buildchain from musl-cross to musl-cross-make, since https://gitlab.com/tlaurion/heads/-/jobs/312958349/artifacts/raw/build/x230-libremkey/coreboot.rom (same coreboot 4.8.1, same QubesOS) is able to resume from suspend. Would need help here. Interestingly enough, #765 is gone. Any idea? Rest is feature pair in terms of measurements and basic testing works as a direct replacement. Personally, as for @jans23 and the general community, #770 is a show stopper. |
also, even if issues migrating boards to 4.12, we should still go ahead and merge this, since no impact to existing boards and it will allow adding of other new boards (like the Librem Mini) which require 4.12 |
I don't see why #770 would block this PR. |
@MrChromebox rebased my branch over osresearch/master just to make sure. Here is comparison over this branch
Just because I didn't added them yet and thought that blobs needed to be present as specified into blobs dir and extracted from full roms, just like the xx20 boards. With #798, adding those boards into CIs configs will not add much build time. Want to do provide a PR? Please put boards in blocks with similarities of coreboot+linux near of each other in CircleCI and GitlabCI configs. |
@MrChromebox added missing boards in latest commit MrChromebox@d643838 Building here: https://app.circleci.com/pipelines/github/tlaurion/heads/301/workflows/086cf9e6-d2d4-4892-9b43-225e927eb563/jobs/327 |
@tlaurion comparing branches isn't helpful when commits get merged out of order (changing the hashes) and there is no unique ID associated with a given commit. We should think about adding one as part of a commit hook like coreboot does. I still maintain that this PR is completely sufficient as-is. It touches a single file and only adds the option to build against coreboot 4.12. Building boards using it and the changes needed there should be handed in separate PRs and not affect this one. edit: I've rebased this patch on master to avoid any confusion, though it shouldn't have been required |
Add version and hash for coreboot and coreboot-blobs modules. Adjust to use own toolchain, fix blobs path and extraction depth. Test: build Librem 13v4 using both coreboot 4.8.1 and coreboot 4.12 (after adjusting board defconfig), verify correct toolchains used to build each, and that teh result is a bootable ROM. Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
87d4d0d
to
5f9e59a
Compare
@MrChromebox agreed. This needs to be changed and it builds for all current boards. I'll do a seperate PR for CI changes and coreboot CBFS change needed for x230 to build this was simply to provide roms for people to test prior of merging. |
well, as part of migrating boards to 4.12, we should update the defconfigs as well -- increasing the CBFS size as needed, dropping config items that make no sense, etc |
…ble boards (x230 and qemu-coreboot boards CBFS regions expended)
…ble boards (x230 and qemu-coreboot boards CBFS regions expended)
…ble boards (x230 and qemu-coreboot boards CBFS regions expended)
Update Heads to allow building with coreboot 4.12:
Build/boot tested on Librem 13v2/13v4/15v3/15v4, x230, qemu-coreboot-fbwhiptail
Outstanding issues: