diff --git a/.circleci/config.yml b/.circleci/config.yml index 6edb6d36b..e85d448c5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -326,6 +326,26 @@ jobs: - store-artifacts: path: build/t430-flash + - run: + name: x200 + command: | + rm -rf build/x200/* build/log/* && make CPUS=4 V=1 BOARD=x200 || touch /tmp/failed_build + no_output_timeout: 3h + - run: + name: Output build failing logs + command: | + if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi + - run: + name: Ouput x200 hashes + command: | + cat build/x200/hashes.txt \ + - run: + name: Archiving build logs for x200 + command: | + tar zcvf build/x200/logs.tar.gz build/log/* + - store-artifacts: + path: build/x200 + - run: name: t430 command: | diff --git a/blobs/xxx0/README b/blobs/xxx0/README new file mode 100644 index 000000000..f7b5ab8b7 --- /dev/null +++ b/blobs/xxx0/README @@ -0,0 +1,23 @@ +Coreboot supports generating modified ifd and gbe out of the box. +To replicate the blobs in this directory (based on coreboot 4.8.1 but simply replace version in paths): + +make BOARDS=x200 + +This will create the ROM. + +Then (considering you git clone heads under ~) + +cd ~/heads/build/coreboot-4.8.1/util/bincfg +make gen-gbe-ich9m +make gen-ifd-x200 +mv flashregion_0_fd.bin ../../../../blobs/xxx0/ifd.bin +mv flashregion_3_gbe.bin ../../../../blobs/xxx0/gbe.bin + +cd - +sha256sum -c hashes.txt + +should output: +gbe.bin: OK +ifd.bin: OK + +DISCLAIMER: Considering neither gbe.bin not ifd.bin is proprietary firmware (generated from specifications), those blobs are in tree. diff --git a/blobs/xxx0/gbe.bin b/blobs/xxx0/gbe.bin new file mode 100644 index 000000000..2ce44063f Binary files /dev/null and b/blobs/xxx0/gbe.bin differ diff --git a/blobs/xxx0/hashes.txt b/blobs/xxx0/hashes.txt new file mode 100644 index 000000000..8b39537a4 --- /dev/null +++ b/blobs/xxx0/hashes.txt @@ -0,0 +1,2 @@ +7917e0f0eb16c895da25d8acf01155e88ca189724c48a14cd1645d0d09f1cf5b gbe.bin +a2768b73c10593ea2ce7af1f5befc2fb4457fd6a01bbc5499e32aa2b47baa442 ifd.bin diff --git a/blobs/xxx0/ifd.bin b/blobs/xxx0/ifd.bin new file mode 100644 index 000000000..fcdc6b7e6 Binary files /dev/null and b/blobs/xxx0/ifd.bin differ diff --git a/boards/x200-maximized/x200-mazimized.config b/boards/x200-maximized/x200-mazimized.config new file mode 100644 index 000000000..8235c7584 --- /dev/null +++ b/boards/x200-maximized/x200-mazimized.config @@ -0,0 +1,62 @@ +# Configuration for a x200 running non-Qubes OSes. +# +# Deactivated to fit in coreboot's CONFIG_CBFS_SIZE=0x700000 : +# dropbear support(ssh client/server) +# e1000e (ethernet driver) +# +# Includes (read blobs/xxx0/README) +# - Generated IFD from bincfg +# - Forged 00:DE:AD:C0:FF:EE MAC address +# - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/ifd-x200.set + +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + +CONFIG_COREBOOT_CONFIG=config/coreboot-x200-maximized.config +CONFIG_LINUX_CONFIG=config/linux-x200.config + +CONFIG_CRYPTSETUP=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y + +#Remote attestation support +#TPM based requirements +export CONFIG_TPM=n +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +#CONFIG_HOTPKEY=n + +#Nitrokey Storage admin tool +CONFIG_NKSTORECLI=n + +#GUI Support +#Console based Whiptail support(Console based, no FB): +#CONFIG_SLANG=y +#CONFIG_NEWT=y +#FBWhiptail based (Graphical): +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +#Additional tools: +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y + +export CONFIG_BOOTSCRIPT=/bin/gui-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off i915.modeset=1 video=1280x800" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOARD_NAME="Thinkpad X200-maximized" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" + diff --git a/config/coreboot-x200-maximized.config b/config/coreboot-x200-maximized.config new file mode 100644 index 000000000..c91c54cd7 --- /dev/null +++ b/config/coreboot-x200-maximized.config @@ -0,0 +1,15 @@ +CONFIG_ANY_TOOLCHAIN=y +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x700000 +CONFIG_BOARD_LENOVO_X200=y +CONFIG_HAVE_IFD_BIN=y +CONFIG_HAVE_GBE_BIN=y +CONFIG_IFD_BIN_PATH="../../blobs/xxx0/ifd.bin" +CONFIG_GBE_BIN_PATH="../../blobs/xxx0/gbe.bin" +CONFIG_NO_GFX_INIT=y +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/x200-mazimized/bzImage" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet" +CONFIG_LINUX_INITRD="../../build/x200-mazimized/initrd.cpio.xz" diff --git a/config/linux-x200.config b/config/linux-x200.config new file mode 100644 index 000000000..6bd7c081c --- /dev/null +++ b/config/linux-x200.config @@ -0,0 +1,324 @@ +CONFIG_LOCALVERSION="-heads" +# CONFIG_LOCALVERSION_AUTO is not set +CONFIG_KERNEL_XZ=y +# CONFIG_SWAP is not set +# CONFIG_CROSS_MEMORY_ATTACH is not set +# CONFIG_FHANDLE is not set +CONFIG_NO_HZ_IDLE=y +CONFIG_LOG_BUF_SHIFT=18 +CONFIG_BLK_DEV_INITRD=y +CONFIG_INITRAMFS_SOURCE="../../../blobs/dev.cpio" +# CONFIG_RD_GZIP is not set +# CONFIG_RD_BZIP2 is not set +# CONFIG_RD_LZMA is not set +# CONFIG_RD_LZO is not set +# CONFIG_RD_LZ4 is not set +CONFIG_CC_OPTIMIZE_FOR_SIZE=y +# CONFIG_SGETMASK_SYSCALL is not set +# CONFIG_SYSFS_SYSCALL is not set +# CONFIG_BASE_FULL is not set +# CONFIG_SIGNALFD is not set +# CONFIG_TIMERFD is not set +# CONFIG_EVENTFD is not set +# CONFIG_AIO is not set +# CONFIG_ADVISE_SYSCALLS is not set +# CONFIG_MEMBARRIER is not set +CONFIG_EMBEDDED=y +# CONFIG_VM_EVENT_COUNTERS is not set +# CONFIG_SLUB_DEBUG is not set +# CONFIG_COMPAT_BRK is not set +CONFIG_JUMP_LABEL=y +CONFIG_CC_STACKPROTECTOR_STRONG=y +CONFIG_MODULES=y +# CONFIG_IOSCHED_DEADLINE is not set +# CONFIG_IOSCHED_CFQ is not set +CONFIG_SMP=y +# CONFIG_X86_EXTENDED_PLATFORM is not set +CONFIG_PROCESSOR_SELECT=y +# CONFIG_CPU_SUP_CENTAUR is not set +CONFIG_PREEMPT_VOLUNTARY=y +CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y +# CONFIG_X86_MCE_AMD is not set +# CONFIG_PERF_EVENTS_INTEL_RAPL is not set +# CONFIG_MICROCODE is not set +# CONFIG_SPARSEMEM_VMEMMAP is not set +# CONFIG_COMPACTION is not set +# CONFIG_BOUNCE is not set +CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 +CONFIG_X86_PMEM_LEGACY=y +# CONFIG_MTRR is not set +# CONFIG_X86_SMAP is not set +# CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set +# CONFIG_SECCOMP is not set +CONFIG_KEXEC=y +CONFIG_KEXEC_FILE=y +# CONFIG_RELOCATABLE is not set +CONFIG_PHYSICAL_ALIGN=0x1000000 +# CONFIG_MODIFY_LDT_SYSCALL is not set +# CONFIG_SUSPEND is not set +CONFIG_PCI_MSI=y +# CONFIG_HT_IRQ is not set +CONFIG_PCI_IOV=y +CONFIG_PCI_PRI=y +# CONFIG_COREDUMP is not set +CONFIG_NET=y +CONFIG_PACKET=y +CONFIG_UNIX=y +CONFIG_INET=y +CONFIG_SYN_COOKIES=y +# CONFIG_INET_XFRM_MODE_TRANSPORT is not set +# CONFIG_INET_XFRM_MODE_TUNNEL is not set +# CONFIG_INET_XFRM_MODE_BEET is not set +# CONFIG_INET_DIAG is not set +# CONFIG_IPV6 is not set +# CONFIG_WIRELESS is not set +# CONFIG_UEVENT_HELPER is not set +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +# CONFIG_STANDALONE is not set +# CONFIG_FIRMWARE_IN_KERNEL is not set +# CONFIG_ALLOW_DEV_COREDUMP is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_RAM=y +CONFIG_BLK_DEV_RAM_SIZE=65536 +CONFIG_EEPROM_93CX6=m +CONFIG_INTEL_MEI_ME=m +CONFIG_INTEL_MEI_TXE=m +# CONFIG_SCSI_PROC_FS is not set +CONFIG_BLK_DEV_SD=y +CONFIG_BLK_DEV_SR=y +CONFIG_CHR_DEV_SG=y +CONFIG_SCSI_SCAN_ASYNC=y +CONFIG_ISCSI_TCP=y +CONFIG_ATA=y +CONFIG_SATA_AHCI=y +# CONFIG_ATA_SFF is not set +CONFIG_MD=y +CONFIG_BLK_DEV_DM=y +CONFIG_DM_CRYPT=y +CONFIG_DM_VERITY=y +CONFIG_DM_VERITY_FEC=y +CONFIG_NETDEVICES=y +# CONFIG_NET_VENDOR_3COM is not set +# CONFIG_NET_VENDOR_ADAPTEC is not set +# CONFIG_NET_VENDOR_AGERE is not set +# CONFIG_NET_VENDOR_ALTEON is not set +# CONFIG_NET_VENDOR_AMAZON is not set +# CONFIG_NET_VENDOR_AMD is not set +# CONFIG_NET_VENDOR_ARC is not set +# CONFIG_NET_VENDOR_ATHEROS is not set +# CONFIG_NET_CADENCE is not set +# CONFIG_NET_VENDOR_BROADCOM is not set +# CONFIG_NET_VENDOR_BROCADE is not set +# CONFIG_NET_VENDOR_CAVIUM is not set +# CONFIG_NET_VENDOR_CHELSIO is not set +# CONFIG_NET_VENDOR_CISCO is not set +# CONFIG_NET_VENDOR_DEC is not set +# CONFIG_NET_VENDOR_DLINK is not set +# CONFIG_NET_VENDOR_EMULEX is not set +# CONFIG_NET_VENDOR_EZCHIP is not set +# CONFIG_NET_VENDOR_EXAR is not set +# CONFIG_NET_VENDOR_HP is not set +CONFIG_E1000=m +CONFIG_E1000E=m +# CONFIG_NET_VENDOR_I825XX is not set +# CONFIG_NET_VENDOR_MARVELL is not set +# CONFIG_NET_VENDOR_MELLANOX is not set +# CONFIG_NET_VENDOR_MICREL is not set +# CONFIG_NET_VENDOR_MYRI is not set +# CONFIG_NET_VENDOR_NATSEMI is not set +# CONFIG_NET_VENDOR_NETRONOME is not set +# CONFIG_NET_VENDOR_NVIDIA is not set +# CONFIG_NET_VENDOR_OKI is not set +# CONFIG_NET_PACKET_ENGINE is not set +# CONFIG_NET_VENDOR_QLOGIC is not set +# CONFIG_NET_VENDOR_QUALCOMM is not set +# CONFIG_NET_VENDOR_REALTEK is not set +# CONFIG_NET_VENDOR_RENESAS is not set +# CONFIG_NET_VENDOR_RDC is not set +# CONFIG_NET_VENDOR_ROCKER is not set +# CONFIG_NET_VENDOR_SAMSUNG is not set +# CONFIG_NET_VENDOR_SEEQ is not set +# CONFIG_NET_VENDOR_SILAN is not set +# CONFIG_NET_VENDOR_SIS is not set +# CONFIG_NET_VENDOR_SMSC is not set +# CONFIG_NET_VENDOR_STMICRO is not set +# CONFIG_NET_VENDOR_SUN is not set +# CONFIG_NET_VENDOR_TEHUTI is not set +# CONFIG_NET_VENDOR_TI is not set +# CONFIG_NET_VENDOR_VIA is not set +# CONFIG_NET_VENDOR_WIZNET is not set +# CONFIG_NET_VENDOR_SYNOPSYS is not set +# CONFIG_USB_NET_DRIVERS is not set +# CONFIG_WLAN is not set +# CONFIG_INPUT_MOUSE is not set +# CONFIG_SERIO_SERPORT is not set +# CONFIG_UNIX98_PTYS is not set +# CONFIG_LEGACY_PTYS is not set +CONFIG_SERIAL_8250=y +# CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set +# CONFIG_SERIAL_8250_PNP is not set +# CONFIG_SERIAL_8250_PCI is not set +# CONFIG_SERIAL_8250_LPSS is not set +# CONFIG_SERIAL_8250_MID is not set +CONFIG_TTY_PRINTK=y +CONFIG_HW_RANDOM=y +CONFIG_HW_RANDOM_TIMERIOMEM=m +CONFIG_HW_RANDOM_INTEL=m +CONFIG_HW_RANDOM_AMD=m +CONFIG_HW_RANDOM_VIA=m +CONFIG_HW_RANDOM_TPM=m +CONFIG_TCG_TPM=y +CONFIG_TCG_TIS=y +# CONFIG_I2C_COMPAT is not set +CONFIG_I2C_MUX=m +CONFIG_I2C_MUX_PCA9541=m +CONFIG_I2C_MUX_REG=m +# CONFIG_I2C_HELPER_AUTO is not set +CONFIG_I2C_SLAVE=y +CONFIG_PTP_1588_CLOCK=y +# CONFIG_HWMON is not set +# CONFIG_X86_PKG_TEMP_THERMAL is not set +CONFIG_MFD_SYSCON=y +CONFIG_DRM=y +CONFIG_DRM_I915=y +CONFIG_DRM_I915_ALPHA_SUPPORT=y +CONFIG_FB_MODE_HELPERS=y +CONFIG_FB_VESA=y +# CONFIG_LCD_CLASS_DEVICE is not set +# CONFIG_BACKLIGHT_GENERIC is not set +CONFIG_FRAMEBUFFER_CONSOLE=y +CONFIG_USB=y +CONFIG_USB_XHCI_HCD=m +CONFIG_USB_XHCI_PLATFORM=m +CONFIG_USB_EHCI_HCD=m +CONFIG_USB_EHCI_HCD_PLATFORM=m +CONFIG_USB_OHCI_HCD=m +CONFIG_USB_UHCI_HCD=m +CONFIG_USB_STORAGE=m +CONFIG_RTC_CLASS=y +# CONFIG_X86_PLATFORM_DEVICES is not set +CONFIG_INTEL_IOMMU=y +CONFIG_INTEL_IOMMU_SVM=y +CONFIG_GENERIC_PHY=y +# CONFIG_BLK_DEV_PMEM is not set +# CONFIG_ND_BLK is not set +# CONFIG_BTT is not set +# CONFIG_FIRMWARE_MEMMAP is not set +# CONFIG_DMIID is not set +CONFIG_GOOGLE_FIRMWARE=y +CONFIG_GOOGLE_MEMCONSOLE_X86_LEGACY=y +CONFIG_EXT4_FS=y +# CONFIG_DNOTIFY is not set +# CONFIG_INOTIFY_USER is not set +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +CONFIG_MSDOS_FS=y +CONFIG_VFAT_FS=y +# CONFIG_PROC_SYSCTL is not set +# CONFIG_PROC_PAGE_MONITOR is not set +# CONFIG_MISC_FILESYSTEMS is not set +CONFIG_NLS_DEFAULT="utf8" +CONFIG_NLS_CODEPAGE_437=y +CONFIG_NLS_ISO8859_1=y +CONFIG_NLS_UTF8=y +CONFIG_PRINTK_TIME=y +CONFIG_BOOT_PRINTK_DELAY=y +CONFIG_DYNAMIC_DEBUG=y +CONFIG_DEBUG_INFO=y +CONFIG_DEBUG_INFO_DWARF4=y +CONFIG_GDB_SCRIPTS=y +# CONFIG_ENABLE_WARN_DEPRECATED is not set +# CONFIG_ENABLE_MUST_CHECK is not set +CONFIG_FRAME_WARN=1024 +CONFIG_DEBUG_FS=y +CONFIG_MAGIC_SYSRQ=y +CONFIG_HARDLOCKUP_DETECTOR=y +CONFIG_WQ_WATCHDOG=y +# CONFIG_SCHED_DEBUG is not set +CONFIG_STACKTRACE=y +# CONFIG_DEBUG_BUGVERBOSE is not set +# CONFIG_RCU_TRACE is not set +# CONFIG_FTRACE is not set +# CONFIG_STRICT_DEVMEM is not set +# CONFIG_X86_VERBOSE_BOOTUP is not set +# CONFIG_DOUBLEFAULT is not set +CONFIG_IO_DELAY_0XED=y +CONFIG_OPTIMIZE_INLINING=y +# CONFIG_X86_DEBUG_FPU is not set +CONFIG_HARDENED_USERCOPY=y +CONFIG_CRYPTO_RSA=m +CONFIG_CRYPTO_USER=y +CONFIG_CRYPTO_MCRYPTD=m +CONFIG_CRYPTO_AUTHENC=m +CONFIG_CRYPTO_CCM=m +CONFIG_CRYPTO_GCM=m +CONFIG_CRYPTO_CHACHA20POLY1305=m +CONFIG_CRYPTO_CTS=m +CONFIG_CRYPTO_LRW=y +CONFIG_CRYPTO_PCBC=m +CONFIG_CRYPTO_XTS=y +CONFIG_CRYPTO_KEYWRAP=m +CONFIG_CRYPTO_CMAC=m +CONFIG_CRYPTO_HMAC=y +CONFIG_CRYPTO_XCBC=m +CONFIG_CRYPTO_VMAC=m +CONFIG_CRYPTO_CRC32C_INTEL=y +CONFIG_CRYPTO_CRC32=m +CONFIG_CRYPTO_CRC32_PCLMUL=m +CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m +CONFIG_CRYPTO_POLY1305_X86_64=m +CONFIG_CRYPTO_MD4=m +CONFIG_CRYPTO_MICHAEL_MIC=m +CONFIG_CRYPTO_RMD128=m +CONFIG_CRYPTO_RMD160=m +CONFIG_CRYPTO_RMD256=m +CONFIG_CRYPTO_RMD320=m +CONFIG_CRYPTO_SHA1_SSSE3=y +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_TGR192=m +CONFIG_CRYPTO_WP512=m +CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m +CONFIG_CRYPTO_AES_NI_INTEL=y +CONFIG_CRYPTO_ANUBIS=m +CONFIG_CRYPTO_ARC4=m +CONFIG_CRYPTO_BLOWFISH=m +CONFIG_CRYPTO_BLOWFISH_X86_64=m +CONFIG_CRYPTO_CAMELLIA=m +CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m +CONFIG_CRYPTO_CAST5_AVX_X86_64=m +CONFIG_CRYPTO_CAST6_AVX_X86_64=m +CONFIG_CRYPTO_DES3_EDE_X86_64=m +CONFIG_CRYPTO_FCRYPT=m +CONFIG_CRYPTO_KHAZAD=m +CONFIG_CRYPTO_SALSA20=m +CONFIG_CRYPTO_CHACHA20_X86_64=m +CONFIG_CRYPTO_SEED=m +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m +CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m +CONFIG_CRYPTO_TEA=m +CONFIG_CRYPTO_TWOFISH=m +CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m +CONFIG_CRYPTO_DEFLATE=m +CONFIG_CRYPTO_LZO=y +CONFIG_CRYPTO_842=m +CONFIG_CRYPTO_LZ4=m +CONFIG_CRYPTO_LZ4HC=m +CONFIG_CRYPTO_ANSI_CPRNG=m +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_USER_API_HASH=y +CONFIG_CRYPTO_USER_API_SKCIPHER=y +CONFIG_CRYPTO_USER_API_RNG=y +CONFIG_CRYPTO_USER_API_AEAD=y +# CONFIG_CRYPTO_HW is not set +# CONFIG_VIRTUALIZATION is not set +CONFIG_CRC_CCITT=m +CONFIG_CRC_T10DIF=y +CONFIG_CRC_ITU_T=m +CONFIG_CRC7=m +CONFIG_LIBCRC32C=m +CONFIG_CRC8=m +CONFIG_XZ_DEC_TEST=m +CONFIG_CORDIC=m +CONFIG_IRQ_POLL=y