X200 board bringback without TPM nor HOTP support. Basically useable …

…to boot Tails from USB SDCARD adapter, with SDCARD set in read only mode.

Based on past work https://github.com/tlaurion/heads/tree/x200_readd

TODO:
- upgrade coreboot to 4.12
- upgrade kernel to 5.x
- Test and merge linuxboot#836

Addresses linuxboot#878

.circleci/config.yml

@@ -326,6 +326,26 @@ jobs:
  - store-artifacts:
  path: build/t430-flash
 
+ - run:
+ name: x200-maximized
+ command: |
+ rm -rf build/x200-maximized/* build/log/* && make CPUS=4 V=1 BOARD=x200-maximized || touch /tmp/failed_build
+ no_output_timeout: 3h
+ - run:
+ name: Output build failing logs
+ command: |
+ if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
+ - run:
+ name: Ouput x200-maximized hashes
+ command: |
+ cat build/x200-maximized/hashes.txt \
+ - run:
+ name: Archiving build logs for x200-maximized
+ command: |
+ tar zcvf build/x200-maximized/logs.tar.gz build/log/*
+ - store-artifacts:
+ path: build/x200-maximized
+
  - run:
  name: t430
  command: |

blobs/xxx0/README

@@ -0,0 +1,23 @@
+Coreboot supports generating modified ifd and gbe out of the box.
+To replicate the blobs in this directory (based on coreboot 4.8.1 but simply replace version in paths):
+
+make BOARDS=x200
+
+This will create the ROM.
+
+Then (considering you git clone heads under ~)
+
+cd ~/heads/build/coreboot-4.8.1/util/bincfg
+make gen-gbe-ich9m
+make gen-ifd-x200
+mv flashregion_0_fd.bin ../../../../blobs/xxx0/ifd.bin
+mv flashregion_3_gbe.bin ../../../../blobs/xxx0/gbe.bin
+
+cd -
+sha256sum -c hashes.txt
+
+should output:
+gbe.bin: OK
+ifd.bin: OK
+
+DISCLAIMER: Considering neither gbe.bin not ifd.bin is proprietary firmware (generated from specifications), those blobs are in tree. 

blobs/xxx0/hashes.txt

@@ -0,0 +1,2 @@
+7917e0f0eb16c895da25d8acf01155e88ca189724c48a14cd1645d0d09f1cf5b gbe.bin
+a2768b73c10593ea2ce7af1f5befc2fb4457fd6a01bbc5499e32aa2b47baa442 ifd.bin

boards/x200-maximized/x200-mazimized.config

@@ -0,0 +1,62 @@
+# Configuration for a x200 running non-Qubes OSes.
+#
+# Deactivated to fit in coreboot's CONFIG_CBFS_SIZE=0x700000 :
+# dropbear support(ssh client/server)
+# e1000e (ethernet driver)
+#
+# Includes (read blobs/xxx0/README) 
+# - Generated IFD from bincfg 
+# - Forged 00:DE:AD:C0:FF:EE MAC address 
+# - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/ifd-x200.set
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_LINUX_VERSION=4.14.62
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-x200-maximized.config
+CONFIG_LINUX_CONFIG=config/linux-x200.config
+
+CONFIG_CRYPTSETUP=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+
+#Remote attestation support
+#TPM based requirements
+export CONFIG_TPM=n
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+#CONFIG_HOTPKEY=n
+
+#Nitrokey Storage admin tool
+CONFIG_NKSTORECLI=n
+
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+#Additional tools:
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off i915.modeset=1 video=1280x800"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOARD_NAME="Thinkpad X200-maximized"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+

config/coreboot-x200-maximized.config

@@ -0,0 +1,15 @@
+CONFIG_ANY_TOOLCHAIN=y
+CONFIG_VENDOR_LENOVO=y
+CONFIG_CBFS_SIZE=0x700000
+CONFIG_BOARD_LENOVO_X200=y
+CONFIG_HAVE_IFD_BIN=y
+CONFIG_HAVE_GBE_BIN=y
+CONFIG_IFD_BIN_PATH="../../blobs/xxx0/ifd.bin"
+CONFIG_GBE_BIN_PATH="../../blobs/xxx0/gbe.bin"
+CONFIG_NO_GFX_INIT=y
+CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="../../build/x200-mazimized/bzImage"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_INITRD="../../build/x200-mazimized/initrd.cpio.xz"