forked from linuxboot/heads
-
-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gcc8 #1
Merged
Merged
Gcc8 #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a bug in the "force" boot mode where it would still fail if signatures didn't match. This was because the check_config function validates the signatures for kexec files. I've added a few conditionals here so that in the case of a forced boot mode, we can bypass those signature checks that would prevent boot and error out to a recovery console.
Part of the Heads workflow involves handling legitimate changes to /boot as part of the package manager. This is a challenging workflow to handle as package managers on many systems work in a completely unattended way (and some even reboot first, apply updates, and then reboot again). We need to be able to detect changes that are potentially caused by a package manager so to do that I've set up a trigger within the OS (currently just for Debian) that runs both before and after package updates. It verifies the signatures in /boot and if they fail before package updates it creates a log file in /boot/kexec_package_trigger_pre.txt. If they fail after package updates run /boot/kexec_package_trigger_post.txt is created. These files contain the following fields: CHANGED_FILES: A list of files in /boot that failed the sha256sum check UPDATE_INITRAMFS_PACKAGE: An (optional) list of packages known to trigger initramfs changes Following those fields is a list of log output from the last package manager run which contains its own formatted fields (I'm pulling from /var/lib/dpkg/info). When a user selects a boot option, gui-init first verifies the checksums just to catch errors before calling kexec-select-boot. If there are any errors it looks for these package logs and if they exist, it displays appropriate warnings. If the files are absent it displays a more generic warning. The user is also given an opportunity to re-sign the /boot hashes.
By enabling Pass-through iommu, it fixes the GPU glitching issues we've had with IOMMU, and it also allows us to boot a target kernel without having to give it intel_iommu=igfx_off as argument.
Fixes access to the EC through the Index I/O interface Fixes AC and DC LoadLine values to avoid overheating problems Fix Turbo mode value from EC Change version name to have '-heads' suffix
Currently when the boot entries change, kexec-select-boot dies. Given the normal loop is set up to catch this event and display a regular boot menu at the next iteration of the loop, instead of dying it would be better to just warn and then return from that function back into the main loop. In addition to that I added a GUI menu for the same warning when in GUI mode.
In the event a user does pick the insecure "force" boot option that bypasses checksum and signing checks in Heads, it would be nice to provide a clear visual warning during the boot process that they are in this state. This change will add a kernel argument that changes the boot console background to be red and removes any boot splash that might obscure it, in the event the user picks the insecure boot mode. Since a user should only boot into this mode during emergencies, having it be apparent that it's an unsafe mode helps ensure the user doesn't pick this boot option needlessly.
also fix verbiage in comments
Also added convenience call to import keys and removed credentials
When a user gets confirmation of their boot menu choice, that's largely to give them the option of making their boot choice the default. In the case of "force mode" there's no reason for the user to be presented with that dialog so this change skips right ahead to the boot once they have
Needed to identify which files should be preserved between upgrades such as "heads/initrd/*" or "heads/counter"
missing librem patches
also fix indentation issues
Purism coreboot-files repo moves from code.puri.sm to source.puri.sm and the ME rar file moved from a mediafire to a mega.nz file which doesn't allow us to get a direct link to the file, so we need to tell the user about it and ask them to download the file manually.
crossgcc is now using gcc 8.1.0 which will compile without issues if your host system has gcc 8.x This is required if we are to build on a new system (such as latest Fedora)
These patches add RMRR fixes to the DMAR which alows GPU iommu without glitching. This also updates the config to show the new proper local version and enables the option to clean the ME
tlaurion
pushed a commit
that referenced
this pull request
Sep 27, 2022
Add support for t430 dgpu-versions
tlaurion
added a commit
that referenced
this pull request
Jul 26, 2023
…changes otherwise yubiky don't work (And having weird issues on qemu tests vs hardware here...) Have librem key nitrokey pro nitrokey storage and nitrokey 3 mini... And only Nitrokey storage works once in a while otherwise can't set config #1, error -32 lsusb sees all proper devices, but gpg --card-status fails on all but storage
tlaurion
added a commit
that referenced
this pull request
Aug 24, 2023
… jitter entropy but set settings for high mem - jitterentropy_rng.kcapi=1 was missing to activate jitter - random.trust_cpu=1 is needed so the kernel trusts the CPU's hardware random number generator and use it as one of the sources of entropy for its pseudo-random number generator. - kernel.jitterentropy.ll and kernel.jitterentropy.ml The default values are 0 and 0, which means that the jitterentropy library will use a variable number of loop iterations based on the CPU speed. - kernel.jitterentropy.bs and kernel.jitterentropy.bc to use more RAM in the memory access loop. The default values are 64 and 16, which means that the memory access loop will use a buffer size of 64 bytes and a cache line size of 16 bytes. However, you can set them to larger values, such as 256 and 64, or even higher, such as 1024 and 256. This will make the memory access loop consume more memory, but may also generate more noise and entropy - kernel.jitterentropy.bs and kernel.jitterentropy.bc to use more RAM in the memory access loop. The default values are 64 and 16, which means that the memory access loop will use a buffer size of 64 bytes and a cache line size of 16 bytes. However, setting them to larger values, such as 256 and 64, or even higher, such as 1024 and 256 will make the memory access loop consume more memory, but may also generate more noise and entropy Test guidelines: - To see the test points for jitter, you can run `dmesg | grep -i jitter`. You should see something like this: ``` [ 0.000000] Linux version 5.14.0-arch1-1 (linux@archlinux) (gcc (GCC) 11.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP PREEMPT Sun, 29 Aug 2021 12:50:37 +0000 [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1 [ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1 [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' [ 0.000000] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format. ... [ 3.123456] jitterentropy_rng: Jitter RNG initialized with kcapi hash ¹ ... ``` This shows that the jitter entropy generator is enabled and initialized with the kcapi hash option, which uses the kernel crypto API to perform the hashing operation ². The jitter entropy generator will inject entropy into the kernel's random pool using the RNDADDENTROPY ioctl ³. - To see the test points for cpu extension, you can run `dmesg | grep -i rdrand`. You should see something like this: ``` [ 0.000000] Linux version 5.14.0-arch1-1 (linux@archlinux) (gcc (GCC) 11.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP PREEMPT Sun, 29 Aug 2021 12:50:37 +0000 [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1 [ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1 [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' [ 0.000000] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format. ... [ 3.456789] random: crng done (trusting CPU's manufacturer) ⁴ ... ``` This shows that the rdrand instruction is enabled and trusted as a source of entropy for the kernel's PRNG . The kernel will use rdrand to improve the entropy of its PRNG, by xor'ing the values received from rdrand with other sources of randomness . - To see the test points for tpm, you can run `dmesg | grep -i tpm`. You should see something like this: ``` [ 0.000000] Linux version 5.14.0-arch1-1 (linux@archlinux) (gcc (GCC) 11.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP PREEMPT Sun, 29 Aug 2021 12:50:37 +0000 [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1 [ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1 [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' [ 0.000000] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format. ... [ 3.789012] tpm_tis MSFT0101:00: [Firmware Bug]: ACPI region does not cover the entire command/response buffer. [mem 0xfed40000-0xfed4087f flags 0x200] vs fed40080 f80 [ 3.789012] tpm_tis MSFT0101:00: [Firmware Bug]: ACPI region does not cover the entire command/response buffer. [mem 0xfed40000-0xfed4087f flags 0x200] vs fed40080 f80 [ 3.789012] tpm_tis MSFT0101:00: TPM2 command buffer too small! Adjusting to minimum size [ 3.789012] tpm_tis MSFT0101:00: TPM2 command buffer too small! Adjusting to minimum size [ 3.789012] tpm_tis MSFT0101:00: [Firmware Bug]: TPM interrupt not working, polling instead [ 3.789012] tpm_tis MSFT0101:00: [Firmware Bug]: TPM interrupt not working, polling instead ... ``` This shows that the tpm device is detected and initialized by the kernel, but with some firmware bugs that affect its functionality . The tpm device can provide random numbers through its Get Random command . The kernel can use the tpm device as an entropy source for its PRNG, by reading from /dev/tpm0 or /dev/tpmrm0 .
tlaurion
added a commit
that referenced
this pull request
Aug 29, 2023
… jitter entropy but set settings for high mem - jitterentropy_rng.kcapi=1 was missing to activate jitter - random.trust_cpu=1 is needed so the kernel trusts the CPU's hardware random number generator and use it as one of the sources of entropy for its pseudo-random number generator. - kernel.jitterentropy.ll and kernel.jitterentropy.ml The default values are 0 and 0, which means that the jitterentropy library will use a variable number of loop iterations based on the CPU speed. - kernel.jitterentropy.bs and kernel.jitterentropy.bc to use more RAM in the memory access loop. The default values are 64 and 16, which means that the memory access loop will use a buffer size of 64 bytes and a cache line size of 16 bytes. However, you can set them to larger values, such as 256 and 64, or even higher, such as 1024 and 256. This will make the memory access loop consume more memory, but may also generate more noise and entropy - kernel.jitterentropy.bs and kernel.jitterentropy.bc to use more RAM in the memory access loop. The default values are 64 and 16, which means that the memory access loop will use a buffer size of 64 bytes and a cache line size of 16 bytes. However, setting them to larger values, such as 256 and 64, or even higher, such as 1024 and 256 will make the memory access loop consume more memory, but may also generate more noise and entropy Test guidelines: - To see the test points for jitter, you can run `dmesg | grep -i jitter`. You should see something like this: ``` [ 0.000000] Linux version 5.14.0-arch1-1 (linux@archlinux) (gcc (GCC) 11.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP PREEMPT Sun, 29 Aug 2021 12:50:37 +0000 [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1 [ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1 [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' [ 0.000000] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format. ... [ 3.123456] jitterentropy_rng: Jitter RNG initialized with kcapi hash ¹ ... ``` This shows that the jitter entropy generator is enabled and initialized with the kcapi hash option, which uses the kernel crypto API to perform the hashing operation ². The jitter entropy generator will inject entropy into the kernel's random pool using the RNDADDENTROPY ioctl ³. - To see the test points for cpu extension, you can run `dmesg | grep -i rdrand`. You should see something like this: ``` [ 0.000000] Linux version 5.14.0-arch1-1 (linux@archlinux) (gcc (GCC) 11.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP PREEMPT Sun, 29 Aug 2021 12:50:37 +0000 [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1 [ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1 [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' [ 0.000000] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format. ... [ 3.456789] random: crng done (trusting CPU's manufacturer) ⁴ ... ``` This shows that the rdrand instruction is enabled and trusted as a source of entropy for the kernel's PRNG . The kernel will use rdrand to improve the entropy of its PRNG, by xor'ing the values received from rdrand with other sources of randomness . - To see the test points for tpm, you can run `dmesg | grep -i tpm`. You should see something like this: ``` [ 0.000000] Linux version 5.14.0-arch1-1 (linux@archlinux) (gcc (GCC) 11.1.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP PREEMPT Sun, 29 Aug 2021 12:50:37 +0000 [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1 [ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-linux root=UUID=... rw random.trust_cpu=1 kernel.jitterentropy.ll=100 kernel.jitterentropy.ml=100 kernel.jitterentropy.bs=256 kernel.jitterentropy.bc=64 rng_core.default_quality=500 jitterentropy_rng.kcapi=1 [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' [ 0.000000] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format. ... [ 3.789012] tpm_tis MSFT0101:00: [Firmware Bug]: ACPI region does not cover the entire command/response buffer. [mem 0xfed40000-0xfed4087f flags 0x200] vs fed40080 f80 [ 3.789012] tpm_tis MSFT0101:00: [Firmware Bug]: ACPI region does not cover the entire command/response buffer. [mem 0xfed40000-0xfed4087f flags 0x200] vs fed40080 f80 [ 3.789012] tpm_tis MSFT0101:00: TPM2 command buffer too small! Adjusting to minimum size [ 3.789012] tpm_tis MSFT0101:00: TPM2 command buffer too small! Adjusting to minimum size [ 3.789012] tpm_tis MSFT0101:00: [Firmware Bug]: TPM interrupt not working, polling instead [ 3.789012] tpm_tis MSFT0101:00: [Firmware Bug]: TPM interrupt not working, polling instead ... ``` This shows that the tpm device is detected and initialized by the kernel, but with some firmware bugs that affect its functionality . The tpm device can provide random numbers through its Get Random command . The kernel can use the tpm device as an entropy source for its PRNG, by reading from /dev/tpm0 or /dev/tpmrm0 .
tlaurion
added a commit
that referenced
this pull request
Jan 5, 2024
…r comparison Buggy as of now, will reverify next week ~ # tpmr verify_coreboot_measured_boot_tpm_event_log_vs_content_measured #Valida te coreboot TPM event log against cbmem FMAP+cbfs content [ 293.267413] TRACE: Under /bin/tpmr [ 293.390454] TRACE: Under /bin/tpmr [ 293.441752] TRACE: Under /bin/tpmr:replay_pcr [ 293.551759] TRACE: Under /bin/tpmr:extend_pcr_state [ 293.574966] DEBUG: Initial PCR state: 0000000000000000000000000000000000000000000000000000000000000000 [ 293.639890] DEBUG: Extending PCR state with passed argument #1 hash: 02778dad5303b911adc8828cf5101a251a9b2a5a2b711a44159fb89a5a0b5198 [ 293.761500] DEBUG: Extending PCR state with passed argument #2 hash: 5444dba991b48df882ed1e2b85f0c90f947f6c7f8ed3dd6c91dc70dd661b66cb [ 293.899682] DEBUG: Extending PCR state with passed argument #3 hash: 13d3cacde02deff3d5e1ae2b52e5647c67046fb359b58d3899365a87a7161090 [ 294.028814] DEBUG: Extending PCR state with passed argument #4 hash: cea785e25dfdc94b8296a0a2bcc75d2f44f93543d0eb4236a0efa5add87fc97a [ 294.137824] DEBUG: Extending PCR state with passed argument #5 hash: bb2ff5833f90c09916fb972f49963653cf207cc65033276d458e00ce31d4b3d7 [ 294.259655] DEBUG: Extending PCR state with passed argument #6 hash: bc172d6c3551a44fbd6beef7ebbb2d4fa1452c46fcfdeebef1c519f13d668f1b [ 294.400277] DEBUG: Extending PCR state with passed argument linuxboot#7 hash: bf037ed20105da5af9affb40353a4bccc9c8e69f2b03b81260573821ccbfa6d8 [ 294.514983] DEBUG: Extended final PCR state: ab50d5acd93870448844392a2582099650614e0c75f3b6c3f3a5f7a811ab3bca [ 294.561181] DEBUG: Replayed cbmem -L clean boot state of PCR=2 ALG=sha256 : ab50d5acd93870448844392a2582099650614e0c75f3b6c3f3a5f7a811ab3bca [ 294.699187] TRACE: Under /bin/tpmr [ 294.765450] TRACE: Under /bin/tpmr:recalculate_firmware_pcr_from_cbfs [ 294.812153] TRACE: Under /bin/tpmr:read_and_pad_FMAP_from_cbmem [ 295.853558] TRACE: Under /bin/tpmr:calc_pcr [ 295.909978] TRACE: Under /bin/tpmr:extend_pcr_state [ 295.955343] DEBUG: Initial PCR state: 0000000000000000000000000000000000000000000000000000000000000000 [ 296.036572] DEBUG: Extending PCR state with passed argument #1 hash: 02778dad5303b911adc8828cf5101a251a9b2a5a2b711a44159fb89a5a0b5198 [ 296.196037] DEBUG: Extending PCR state with passed argument #2 hash: 5444dba991b48df882ed1e2b85f0c90f947f6c7f8ed3dd6c91dc70dd661b66cb [ 296.364665] DEBUG: Extending PCR state with passed argument #3 hash: 13d3cacde02deff3d5e1ae2b52e5647c67046fb359b58d3899365a87a7161090 [ 296.528953] DEBUG: Extending PCR state with passed argument #4 hash: cea785e25dfdc94b8296a0a2bcc75d2f44f93543d0eb4236a0efa5add87fc97a [ 296.683826] DEBUG: Extending PCR state with passed argument #5 hash: bb2ff5833f90c09916fb972f49963653cf207cc65033276d458e00ce31d4b3d7 [ 296.843403] DEBUG: Extending PCR state with passed argument #6 hash: bc172d6c3551a44fbd6beef7ebbb2d4fa1452c46fcfdeebef1c519f13d668f1b [ 297.011405] DEBUG: Extending PCR state with passed argument linuxboot#7 hash: bf037ed20105da5af9affb40353a4bccc9c8e69f2b03b81260573821ccbfa6d8 [ 297.142107] DEBUG: Extended final PCR state: ab50d5acd93870448844392a2582099650614e0c75f3b6c3f3a5f7a811ab3bca [ 297.200198] DEBUG: Replayed cbmem -L clean boot state of PCR=2 ALG=sha256 : ab50d5acd93870448844392a2582099650614e0c75f3b6c3f3a5f7a811ab3bca [ 297.375755] DEBUG: Original TPM PCR2 value: 2 : 0xAB50D5ACD93870448844392A2582099650614E0C75F3B6C3F3A5F7A811AB3BCA [ 297.438635] DEBUG: TPM event log reported by cbmem -L: coreboot TPM log: [ 297.472275] [ 297.514744] PCR-2 02778dad5303b911adc8828cf5101a251a9b2a5a2b711a44159fb89a5a0b5198 SHA256 [FMAP: FMAP] [ 297.559260] PCR-2 5444dba991b48df882ed1e2b85f0c90f947f6c7f8ed3dd6c91dc70dd661b66cb SHA256 [CBFS: bootblock] [ 297.594767] PCR-2 13d3cacde02deff3d5e1ae2b52e5647c67046fb359b58d3899365a87a7161090 SHA256 [CBFS: fallback/romstage] [ 297.632653] PCR-2 cea785e25dfdc94b8296a0a2bcc75d2f44f93543d0eb4236a0efa5add87fc97a SHA256 [CBFS: fallback/postcar] [ 297.688218] PCR-2 bb2ff5833f90c09916fb972f49963653cf207cc65033276d458e00ce31d4b3d7 SHA256 [CBFS: fallback/ramstage] [ 297.723743] PCR-2 bc172d6c3551a44fbd6beef7ebbb2d4fa1452c46fcfdeebef1c519f13d668f1b SHA256 [CBFS: bootsplash.jpg] [ 297.760327] PCR-2 bf037ed20105da5af9affb40353a4bccc9c8e69f2b03b81260573821ccbfa6d8 SHA256 [CBFS: fallback/payload] [ 297.823487] DEBUG: Calculated TPM PCR2 value from files: ab50d5acd93870448844392a2582099650614e0c75f3b6c3f3a5f7a811ab3bca [ 297.872171] DEBUG: Measured boot from TPM event log: ab50d5acd93870448844392a2582099650614e0c75f3b6c3f3a5f7a811ab [ 297.905953] 3bca [ 297.955757] DEBUG: Measured boot from content measured by coreboot: ab50d5acd93870448844392a2582099650614e0c75f3b6c3f3a5f7a811ab3bca Failed: TPM event log does not match content measured by coreboot [ 298.008151] !!! ERROR: TPM event log does not match content measured by coreboot !!! the 3cba on second line is weird. Close but not good enough Signed-off-by: Thierry Laurion <insurgo@riseup.net>
tlaurion
added a commit
that referenced
this pull request
Jan 14, 2024
…r comparison Buggy as of now, will reverify next week ~ # tpmr verify_coreboot_measured_boot_tpm_event_log_vs_content_measured #Valida te coreboot TPM event log against cbmem FMAP+cbfs content [ 293.267413] TRACE: Under /bin/tpmr [ 293.390454] TRACE: Under /bin/tpmr [ 293.441752] TRACE: Under /bin/tpmr:replay_pcr [ 293.551759] TRACE: Under /bin/tpmr:extend_pcr_state [ 293.574966] DEBUG: Initial PCR state: 0000000000000000000000000000000000000000000000000000000000000000 [ 293.639890] DEBUG: Extending PCR state with passed argument #1 hash: 02778dad5303b911adc8828cf5101a251a9b2a5a2b711a44159fb89a5a0b5198 [ 293.761500] DEBUG: Extending PCR state with passed argument #2 hash: 5444dba991b48df882ed1e2b85f0c90f947f6c7f8ed3dd6c91dc70dd661b66cb [ 293.899682] DEBUG: Extending PCR state with passed argument #3 hash: 13d3cacde02deff3d5e1ae2b52e5647c67046fb359b58d3899365a87a7161090 [ 294.028814] DEBUG: Extending PCR state with passed argument #4 hash: cea785e25dfdc94b8296a0a2bcc75d2f44f93543d0eb4236a0efa5add87fc97a [ 294.137824] DEBUG: Extending PCR state with passed argument #5 hash: bb2ff5833f90c09916fb972f49963653cf207cc65033276d458e00ce31d4b3d7 [ 294.259655] DEBUG: Extending PCR state with passed argument #6 hash: bc172d6c3551a44fbd6beef7ebbb2d4fa1452c46fcfdeebef1c519f13d668f1b [ 294.400277] DEBUG: Extending PCR state with passed argument linuxboot#7 hash: bf037ed20105da5af9affb40353a4bccc9c8e69f2b03b81260573821ccbfa6d8 [ 294.514983] DEBUG: Extended final PCR state: ab50d5acd93870448844392a2582099650614e0c75f3b6c3f3a5f7a811ab3bca [ 294.561181] DEBUG: Replayed cbmem -L clean boot state of PCR=2 ALG=sha256 : ab50d5acd93870448844392a2582099650614e0c75f3b6c3f3a5f7a811ab3bca [ 294.699187] TRACE: Under /bin/tpmr [ 294.765450] TRACE: Under /bin/tpmr:recalculate_firmware_pcr_from_cbfs [ 294.812153] TRACE: Under /bin/tpmr:read_and_pad_FMAP_from_cbmem [ 295.853558] TRACE: Under /bin/tpmr:calc_pcr [ 295.909978] TRACE: Under /bin/tpmr:extend_pcr_state [ 295.955343] DEBUG: Initial PCR state: 0000000000000000000000000000000000000000000000000000000000000000 [ 296.036572] DEBUG: Extending PCR state with passed argument #1 hash: 02778dad5303b911adc8828cf5101a251a9b2a5a2b711a44159fb89a5a0b5198 [ 296.196037] DEBUG: Extending PCR state with passed argument #2 hash: 5444dba991b48df882ed1e2b85f0c90f947f6c7f8ed3dd6c91dc70dd661b66cb [ 296.364665] DEBUG: Extending PCR state with passed argument #3 hash: 13d3cacde02deff3d5e1ae2b52e5647c67046fb359b58d3899365a87a7161090 [ 296.528953] DEBUG: Extending PCR state with passed argument #4 hash: cea785e25dfdc94b8296a0a2bcc75d2f44f93543d0eb4236a0efa5add87fc97a [ 296.683826] DEBUG: Extending PCR state with passed argument #5 hash: bb2ff5833f90c09916fb972f49963653cf207cc65033276d458e00ce31d4b3d7 [ 296.843403] DEBUG: Extending PCR state with passed argument #6 hash: bc172d6c3551a44fbd6beef7ebbb2d4fa1452c46fcfdeebef1c519f13d668f1b [ 297.011405] DEBUG: Extending PCR state with passed argument linuxboot#7 hash: bf037ed20105da5af9affb40353a4bccc9c8e69f2b03b81260573821ccbfa6d8 [ 297.142107] DEBUG: Extended final PCR state: ab50d5acd93870448844392a2582099650614e0c75f3b6c3f3a5f7a811ab3bca [ 297.200198] DEBUG: Replayed cbmem -L clean boot state of PCR=2 ALG=sha256 : ab50d5acd93870448844392a2582099650614e0c75f3b6c3f3a5f7a811ab3bca [ 297.375755] DEBUG: Original TPM PCR2 value: 2 : 0xAB50D5ACD93870448844392A2582099650614E0C75F3B6C3F3A5F7A811AB3BCA [ 297.438635] DEBUG: TPM event log reported by cbmem -L: coreboot TPM log: [ 297.472275] [ 297.514744] PCR-2 02778dad5303b911adc8828cf5101a251a9b2a5a2b711a44159fb89a5a0b5198 SHA256 [FMAP: FMAP] [ 297.559260] PCR-2 5444dba991b48df882ed1e2b85f0c90f947f6c7f8ed3dd6c91dc70dd661b66cb SHA256 [CBFS: bootblock] [ 297.594767] PCR-2 13d3cacde02deff3d5e1ae2b52e5647c67046fb359b58d3899365a87a7161090 SHA256 [CBFS: fallback/romstage] [ 297.632653] PCR-2 cea785e25dfdc94b8296a0a2bcc75d2f44f93543d0eb4236a0efa5add87fc97a SHA256 [CBFS: fallback/postcar] [ 297.688218] PCR-2 bb2ff5833f90c09916fb972f49963653cf207cc65033276d458e00ce31d4b3d7 SHA256 [CBFS: fallback/ramstage] [ 297.723743] PCR-2 bc172d6c3551a44fbd6beef7ebbb2d4fa1452c46fcfdeebef1c519f13d668f1b SHA256 [CBFS: bootsplash.jpg] [ 297.760327] PCR-2 bf037ed20105da5af9affb40353a4bccc9c8e69f2b03b81260573821ccbfa6d8 SHA256 [CBFS: fallback/payload] [ 297.823487] DEBUG: Calculated TPM PCR2 value from files: ab50d5acd93870448844392a2582099650614e0c75f3b6c3f3a5f7a811ab3bca [ 297.872171] DEBUG: Measured boot from TPM event log: ab50d5acd93870448844392a2582099650614e0c75f3b6c3f3a5f7a811ab [ 297.905953] 3bca [ 297.955757] DEBUG: Measured boot from content measured by coreboot: ab50d5acd93870448844392a2582099650614e0c75f3b6c3f3a5f7a811ab3bca Failed: TPM event log does not match content measured by coreboot [ 298.008151] !!! ERROR: TPM event log does not match content measured by coreboot !!! the 3cba on second line is weird. Close but not good enough Signed-off-by: Thierry Laurion <insurgo@riseup.net>
tlaurion
added a commit
that referenced
this pull request
Aug 9, 2024
… released 2 weeks ago. Expected that patches from 2 years ago were merged upstream - delete unapplied kgpe-d16 patch (will need to be brought back, was not applied currently on master - add patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch which was not submitted to flashrom and needed by MSI - point modules/flashrom to release 1.4.0 commit FAILED: https://github.com/Dasharo/flashrom/commit/24b8fcfccef31fbb95bc1dd308180f57d5cdb64c.patch Cannot be applied over 1.4.0: if [ -d patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38 ] && [ -r patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38 ] ; then for patch in patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/*.patch ; do echo "Applying patch file : $patch " ; ( git apply --verbose --reject --binary --directory build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38 ) < $patch || exit 1 ; done ; fi Applying patch file : patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c... error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_ELKHART_LAKE: case CHIPSET_APOLLO_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:607 error: while searching for: break; case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: boot_straps = boot_straps_pch500; break; error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:714 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:749 Hunk #4 succeeded at 1017 (offset 5 lines). error: while searching for: {0x8086, 0x7a83, B_S, NT, "Intel", "Q670", enable_flash_pch600}, {0x8086, 0x7a84, B_S, DEP, "Intel", "Z690", enable_flash_pch600}, {0x8086, 0x7a88, B_S, NT, "Intel", "W680", enable_flash_pch600}, {0x8086, 0x7a8a, B_S, NT, "Intel", "W685", enable_flash_pch600}, {0x8086, 0x7a8d, B_S, NT, "Intel", "WM690", enable_flash_pch600}, {0x8086, 0x7a8c, B_S, NT, "Intel", "HM670", enable_flash_pch600}, {0x8086, 0x7e23, B_S, DEP, "Intel", "Meteor Lake-P/M", enable_flash_mtl}, {0}, error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:2175 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c... error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_ELKHART_LAKE: case CHIPSET_JASPER_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:48 error: while searching for: case CHIPSET_C620_SERIES_LEWISBURG: case CHIPSET_APOLLO_LAKE: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_GEMINI_LAKE: case CHIPSET_JASPER_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:77 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:215 error: while searching for: return freq_str[2][value]; case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: return freq_str[3][value]; case CHIPSET_ELKHART_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:313 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:361 error: while searching for: cs == CHIPSET_400_SERIES_COMET_POINT || cs == CHIPSET_500_SERIES_TIGER_POINT || cs == CHIPSET_600_SERIES_ALDER_POINT || cs == CHIPSET_JASPER_LAKE || cs == CHIPSET_METEOR_LAKE) { const char *const master_names[] = { "BIOS", "ME", "GbE", "unknown", "EC", error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:489 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_GEMINI_LAKE: case CHIPSET_JASPER_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:1087 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:1246 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:1291 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c... error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:1884 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:1923 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:1984 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:2064 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:2103 error: while searching for: ich_gen == CHIPSET_300_SERIES_CANNON_POINT || ich_gen == CHIPSET_400_SERIES_COMET_POINT || ich_gen == CHIPSET_500_SERIES_TIGER_POINT || ich_gen == CHIPSET_600_SERIES_ALDER_POINT)) { msg_pdbg("Enabling hardware sequencing by default for 100+ series PCH.\n"); ich_spi_mode = ich_hwseq; } error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:2140 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/include/programmer.h... error: while searching for: CHIPSET_400_SERIES_COMET_POINT, CHIPSET_500_SERIES_TIGER_POINT, CHIPSET_600_SERIES_ALDER_POINT, CHIPSET_METEOR_LAKE, CHIPSET_APOLLO_LAKE, CHIPSET_GEMINI_LAKE, error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/include/programmer.h:376 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/util/ich_descriptors_tool/ich_descriptors_tool.c... Hunk #1 succeeded at 239 (offset 1 line). Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c with 4 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Hunk #4 applied cleanly. Rejected hunk #5. Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c with 9 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Rejected hunk #4. Rejected hunk #5. Rejected hunk #6. Rejected hunk linuxboot#7. Rejected hunk #8. Rejected hunk #9. Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c with 6 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Rejected hunk #4. Rejected hunk #5. Rejected hunk #6. Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/include/programmer.h with 1 reject... Rejected hunk #1. Applied patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/util/ich_descriptors_tool/ich_descriptors_tool.c cleanly. make: *** [Makefile:565: /home/user/heads/build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/.canary] Error 1 Signed-off-by: Thierry Laurion <insurgo@riseup.net>
tlaurion
added a commit
that referenced
this pull request
Sep 9, 2024
… released 2 weeks ago. Expected that patches from 2 years ago were merged upstream - delete unapplied kgpe-d16 patch (will need to be brought back, was not applied currently on master - add patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch which was not submitted to flashrom and needed by MSI - point modules/flashrom to release 1.4.0 commit FAILED: https://github.com/Dasharo/flashrom/commit/24b8fcfccef31fbb95bc1dd308180f57d5cdb64c.patch Cannot be applied over 1.4.0: if [ -d patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38 ] && [ -r patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38 ] ; then for patch in patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/*.patch ; do echo "Applying patch file : $patch " ; ( git apply --verbose --reject --binary --directory build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38 ) < $patch || exit 1 ; done ; fi Applying patch file : patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c... error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_ELKHART_LAKE: case CHIPSET_APOLLO_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:607 error: while searching for: break; case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: boot_straps = boot_straps_pch500; break; error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:714 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:749 Hunk #4 succeeded at 1017 (offset 5 lines). error: while searching for: {0x8086, 0x7a83, B_S, NT, "Intel", "Q670", enable_flash_pch600}, {0x8086, 0x7a84, B_S, DEP, "Intel", "Z690", enable_flash_pch600}, {0x8086, 0x7a88, B_S, NT, "Intel", "W680", enable_flash_pch600}, {0x8086, 0x7a8a, B_S, NT, "Intel", "W685", enable_flash_pch600}, {0x8086, 0x7a8d, B_S, NT, "Intel", "WM690", enable_flash_pch600}, {0x8086, 0x7a8c, B_S, NT, "Intel", "HM670", enable_flash_pch600}, {0x8086, 0x7e23, B_S, DEP, "Intel", "Meteor Lake-P/M", enable_flash_mtl}, {0}, error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:2175 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c... error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_ELKHART_LAKE: case CHIPSET_JASPER_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:48 error: while searching for: case CHIPSET_C620_SERIES_LEWISBURG: case CHIPSET_APOLLO_LAKE: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_GEMINI_LAKE: case CHIPSET_JASPER_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:77 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:215 error: while searching for: return freq_str[2][value]; case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: return freq_str[3][value]; case CHIPSET_ELKHART_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:313 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:361 error: while searching for: cs == CHIPSET_400_SERIES_COMET_POINT || cs == CHIPSET_500_SERIES_TIGER_POINT || cs == CHIPSET_600_SERIES_ALDER_POINT || cs == CHIPSET_JASPER_LAKE || cs == CHIPSET_METEOR_LAKE) { const char *const master_names[] = { "BIOS", "ME", "GbE", "unknown", "EC", error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:489 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_GEMINI_LAKE: case CHIPSET_JASPER_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:1087 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:1246 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:1291 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c... error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:1884 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:1923 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:1984 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:2064 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:2103 error: while searching for: ich_gen == CHIPSET_300_SERIES_CANNON_POINT || ich_gen == CHIPSET_400_SERIES_COMET_POINT || ich_gen == CHIPSET_500_SERIES_TIGER_POINT || ich_gen == CHIPSET_600_SERIES_ALDER_POINT)) { msg_pdbg("Enabling hardware sequencing by default for 100+ series PCH.\n"); ich_spi_mode = ich_hwseq; } error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:2140 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/include/programmer.h... error: while searching for: CHIPSET_400_SERIES_COMET_POINT, CHIPSET_500_SERIES_TIGER_POINT, CHIPSET_600_SERIES_ALDER_POINT, CHIPSET_METEOR_LAKE, CHIPSET_APOLLO_LAKE, CHIPSET_GEMINI_LAKE, error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/include/programmer.h:376 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/util/ich_descriptors_tool/ich_descriptors_tool.c... Hunk #1 succeeded at 239 (offset 1 line). Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c with 4 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Hunk #4 applied cleanly. Rejected hunk #5. Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c with 9 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Rejected hunk #4. Rejected hunk #5. Rejected hunk #6. Rejected hunk linuxboot#7. Rejected hunk #8. Rejected hunk #9. Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c with 6 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Rejected hunk #4. Rejected hunk #5. Rejected hunk #6. Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/include/programmer.h with 1 reject... Rejected hunk #1. Applied patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/util/ich_descriptors_tool/ich_descriptors_tool.c cleanly. make: *** [Makefile:565: /home/user/heads/build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/.canary] Error 1 Signed-off-by: Thierry Laurion <insurgo@riseup.net>
tlaurion
added a commit
that referenced
this pull request
Oct 30, 2024
… released 2 weeks ago. Expected that patches from 2 years ago were merged upstream - delete unapplied kgpe-d16 patch (will need to be brought back, was not applied currently on master - add patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch which was not submitted to flashrom and needed by MSI - point modules/flashrom to release 1.4.0 commit FAILED: https://github.com/Dasharo/flashrom/commit/24b8fcfccef31fbb95bc1dd308180f57d5cdb64c.patch Cannot be applied over 1.4.0: if [ -d patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38 ] && [ -r patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38 ] ; then for patch in patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/*.patch ; do echo "Applying patch file : $patch " ; ( git apply --verbose --reject --binary --directory build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38 ) < $patch || exit 1 ; done ; fi Applying patch file : patches/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/0001-Add_RaptorPoint_PCH_support.patch Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c... error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_ELKHART_LAKE: case CHIPSET_APOLLO_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:607 error: while searching for: break; case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: boot_straps = boot_straps_pch500; break; error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:714 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:749 Hunk #4 succeeded at 1017 (offset 5 lines). error: while searching for: {0x8086, 0x7a83, B_S, NT, "Intel", "Q670", enable_flash_pch600}, {0x8086, 0x7a84, B_S, DEP, "Intel", "Z690", enable_flash_pch600}, {0x8086, 0x7a88, B_S, NT, "Intel", "W680", enable_flash_pch600}, {0x8086, 0x7a8a, B_S, NT, "Intel", "W685", enable_flash_pch600}, {0x8086, 0x7a8d, B_S, NT, "Intel", "WM690", enable_flash_pch600}, {0x8086, 0x7a8c, B_S, NT, "Intel", "HM670", enable_flash_pch600}, {0x8086, 0x7e23, B_S, DEP, "Intel", "Meteor Lake-P/M", enable_flash_mtl}, {0}, error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c:2175 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c... error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_ELKHART_LAKE: case CHIPSET_JASPER_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:48 error: while searching for: case CHIPSET_C620_SERIES_LEWISBURG: case CHIPSET_APOLLO_LAKE: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_GEMINI_LAKE: case CHIPSET_JASPER_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:77 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:215 error: while searching for: return freq_str[2][value]; case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: return freq_str[3][value]; case CHIPSET_ELKHART_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:313 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:361 error: while searching for: cs == CHIPSET_400_SERIES_COMET_POINT || cs == CHIPSET_500_SERIES_TIGER_POINT || cs == CHIPSET_600_SERIES_ALDER_POINT || cs == CHIPSET_JASPER_LAKE || cs == CHIPSET_METEOR_LAKE) { const char *const master_names[] = { "BIOS", "ME", "GbE", "unknown", "EC", error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:489 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_GEMINI_LAKE: case CHIPSET_JASPER_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:1087 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:1246 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c:1291 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c... error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:1884 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:1923 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:1984 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:2064 error: while searching for: case CHIPSET_400_SERIES_COMET_POINT: case CHIPSET_500_SERIES_TIGER_POINT: case CHIPSET_600_SERIES_ALDER_POINT: case CHIPSET_METEOR_LAKE: case CHIPSET_APOLLO_LAKE: case CHIPSET_GEMINI_LAKE: error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:2103 error: while searching for: ich_gen == CHIPSET_300_SERIES_CANNON_POINT || ich_gen == CHIPSET_400_SERIES_COMET_POINT || ich_gen == CHIPSET_500_SERIES_TIGER_POINT || ich_gen == CHIPSET_600_SERIES_ALDER_POINT)) { msg_pdbg("Enabling hardware sequencing by default for 100+ series PCH.\n"); ich_spi_mode = ich_hwseq; } error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c:2140 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/include/programmer.h... error: while searching for: CHIPSET_400_SERIES_COMET_POINT, CHIPSET_500_SERIES_TIGER_POINT, CHIPSET_600_SERIES_ALDER_POINT, CHIPSET_METEOR_LAKE, CHIPSET_APOLLO_LAKE, CHIPSET_GEMINI_LAKE, error: patch failed: build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/include/programmer.h:376 Checking patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/util/ich_descriptors_tool/ich_descriptors_tool.c... Hunk #1 succeeded at 239 (offset 1 line). Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/chipset_enable.c with 4 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Hunk #4 applied cleanly. Rejected hunk #5. Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ich_descriptors.c with 9 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Rejected hunk #4. Rejected hunk #5. Rejected hunk #6. Rejected hunk linuxboot#7. Rejected hunk #8. Rejected hunk #9. Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/ichspi.c with 6 rejects... Rejected hunk #1. Rejected hunk #2. Rejected hunk #3. Rejected hunk #4. Rejected hunk #5. Rejected hunk #6. Applying patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/include/programmer.h with 1 reject... Rejected hunk #1. Applied patch build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/util/ich_descriptors_tool/ich_descriptors_tool.c cleanly. make: *** [Makefile:565: /home/user/heads/build/x86/flashrom-eace095b15eb034e42d97202cad70ce979d8ca38/.canary] Error 1 Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Testing Gcc8