From cbde51febc9e84c88a1c37ef0b02ee922d4b2d5f Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Fri, 3 Mar 2023 11:05:10 -0500 Subject: [PATCH] WiP : add t400-maximized, t400-maximized-debug and x200-maximized --- .circleci/config.yml | 20 ++++++ blobs/xxx0/README | 39 +++++++++++ blobs/xxx0/extract.sh | 52 +++++++++++++++ blobs/xxx0/gbe.bin | Bin 0 -> 8192 bytes blobs/xxx0/hashes.txt | 2 + blobs/xxx0/ifd.bin | Bin 0 -> 4096 bytes blobs/xxx0/layout.txt | 3 + .../t400-maximized-debug.config | 61 ++++++++++++++++++ boards/t400-maximized/t400-maximized.config | 61 ++++++++++++++++++ boards/x200-maximized/x200-maximized.config | 61 ++++++++++++++++++ config/coreboot-t400-maximized-debug.config | 15 +++++ config/coreboot-t400-maximized.config | 14 ++++ config/coreboot-x200-maximized.config | 14 ++++ 13 files changed, 342 insertions(+) create mode 100644 blobs/xxx0/README create mode 100755 blobs/xxx0/extract.sh create mode 100644 blobs/xxx0/gbe.bin create mode 100644 blobs/xxx0/hashes.txt create mode 100644 blobs/xxx0/ifd.bin create mode 100644 blobs/xxx0/layout.txt create mode 100644 boards/t400-maximized-debug/t400-maximized-debug.config create mode 100644 boards/t400-maximized/t400-maximized.config create mode 100644 boards/x200-maximized/x200-maximized.config create mode 100644 config/coreboot-t400-maximized-debug.config create mode 100644 config/coreboot-t400-maximized.config create mode 100644 config/coreboot-x200-maximized.config diff --git a/.circleci/config.yml b/.circleci/config.yml index 22244e08b..8bb0a1e78 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -470,6 +470,26 @@ workflows: requires: - x230-hotp-maximized + - build: + name: t400-maximized + target: t400-maximized + subcommand: "" + requires: + - x230-hotp-maximized + + - build: + name: t400-maximized-debug + target: t400-maximized-debug + subcommand: "" + requires: + - x230-hotp-maximized + - build: + name: x200-maximized + target: x200-maximized + subcommand: "" + requires: + - x230-hotp-maximized + - build: name: librem_13v2 target: librem_13v2 diff --git a/blobs/xxx0/README b/blobs/xxx0/README new file mode 100644 index 000000000..93e6cb808 --- /dev/null +++ b/blobs/xxx0/README @@ -0,0 +1,39 @@ +Coreboot supports generating modified ifd and gbe out of the box. +To replicate the blobs in this directory (based on coreboot 4.8.1 but simply replace version in paths): + +make BOARDS=t400-maximized + +This will create the ROM. + +Then (considering you git clone heads under ~) + +#To generate GBE and IFD +cd ~/heads/build/coreboot-4.8.1/util/bincfg +make gen-gbe-ich9m +make gen-ifd-x200 +mv flashregion_0_fd.bin ../../../../blobs/xxx0/ifd.bin +mv flashregion_3_gbe.bin ../../../../blobs/xxx0/gbe.bin + +#To unlock IFD, permitting to reflash whole flash internally +cd ~/heads/build/coreboot-4.8.1/util/ifdtool +make +cd ~/heads/blobs/xxx0/ +~/heads/build/coreboot-4.8.1/util/ifdtool/ifdtool -u ifd.bin +mv ifd.bin.new ifd.bin + +sha256sum -c hashes.txt + +should output: +gbe.bin: OK +ifd.bin: OK + +IFD contains regions that were outputed to layout.txt through ifdtool -f layout.txt ifd.bin +It defines a BIOS region of 007fffff – 00003000 = 7FCFFF +Which 7FCFFF has been defined as CBFS_SIZE under coreboot config to use the whole region + +DISCLAIMER: Considering neither gbe.bin nor ifd.bin are proprietary blobs (generated from specifications), those blobs are in tree to ease ROM reproducibility. + +Note that MAC address is fixed under gbe-ich9m.spec to DE:AD:C0:FF:EE. +- If you want to keep your MAC, call extract.sh prior of building ROM. +- If you want to fixate your MAC to a custom address, change it under ~/heads/build/coreboot-4.8.1/util/bincfg/gbe-ich9m.spec prior of generating the gbe.bin above + diff --git a/blobs/xxx0/extract.sh b/blobs/xxx0/extract.sh new file mode 100755 index 000000000..d971a3ac2 --- /dev/null +++ b/blobs/xxx0/extract.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +function printusage { + echo "Usage: $0 -f -i (optional)" + exit 0 +} + +BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +if [ "$#" -eq 0 ]; then printusage; fi + +while getopts ":f:m:i:" opt; do + case $opt in + f) + FILE="$OPTARG" + ;; + i) + if [ -x "$OPTARG" ]; then + IFDTOOL="$OPTARG" + fi + ;; + esac +done + +if [ -z "$IFDTOOL" ]; then + IFDTOOL=`command -v $BLOBDIR/../../build/coreboot-*/util/ifdtool/ifdtool 2>&1|head -n1` + if [ -z "$IFDTOOL" ]; then + echo "ifdtool required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +echo "FILE: $FILE" +echo "IFD: $IFDTOOL" + +bioscopy=$(mktemp) +extractdir=$(mktemp -d) + +echo "###Copying $FILE under $bioscopy" +cp "$FILE" $bioscopy + +cd "$extractdir" +echo "###Unlocking $bioscopy IFD..." +$IFDTOOL -u $bioscopy +echo "###Extracting regions from ROM..." +$IFDTOOL -x $bioscopy.new +echo "###Copying GBE region under $BLOBDIR/gbe.bin..." +cp "$extractdir/flashregion_3_gbe.bin" "$BLOBDIR/gbe.bin" + +echo "###Cleaning up..." +rm "$bioscopy" +rm -r "$extractdir" diff --git a/blobs/xxx0/gbe.bin b/blobs/xxx0/gbe.bin new file mode 100644 index 0000000000000000000000000000000000000000..2ce44063f8787ef4e0fecb734dad3b9c1a7c9bcc GIT binary patch literal 8192 zcmeI#F$#k)6vpwF7I7$r2M+4y-lazf^kPE6MS2mz3%EEqdI3+-EpwXCItZ>phyMpj zcu9D}Z+jx&c>h%Y%cSqB%bhm0h`Gl1q^a(bh_tVhvA0LKaoP_~$FR>~^+Wu%m!&@2 zB1`SsdwZ6bZB2y$0tg_000IagfB*srAbc8rF=Xb6mkz-S1JhQMeDjE2By2#kinXb6mk w03AZ$kb*b^s{*USdjkk9@4>(zsvxQWvicnx1A~vJlWUM;h$|hOGAOM80H#oypa1{> literal 0 HcmV?d00001 diff --git a/blobs/xxx0/layout.txt b/blobs/xxx0/layout.txt new file mode 100644 index 000000000..4a20bf0e3 --- /dev/null +++ b/blobs/xxx0/layout.txt @@ -0,0 +1,3 @@ +00000000:00000fff fd +00003000:007fffff bios +00001000:00002fff gbe diff --git a/boards/t400-maximized-debug/t400-maximized-debug.config b/boards/t400-maximized-debug/t400-maximized-debug.config new file mode 100644 index 000000000..02b5eec14 --- /dev/null +++ b/boards/t400-maximized-debug/t400-maximized-debug.config @@ -0,0 +1,61 @@ +# Configuration for a t400 running non-Qubes OSes with USBDEBUG activated under coreboot config +# +# Deactivated to fit in coreboot's CONFIG_CBFS_SIZE=0x7FCFFF: +# dropbear support(ssh client/server) +# e1000e (ethernet driver) +# +# Includes (read blobs/xxx0/README) +# - Generated IFD from bincfg +# - Forged 00:DE:AD:C0:FF:EE MAC address +# - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/ifd-x200.set + +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.13 +export CONFIG_LINUX_VERSION=4.14.62 + +CONFIG_COREBOOT_CONFIG=config/coreboot-t400-maximized-debug.config +CONFIG_LINUX_CONFIG=config/linux-x230-legacy.config + +CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y + +#Remote attestation support +#TPM based requirements +export CONFIG_TPM=n +CONFIG_POPT=y +CONFIG_QRENCODE=n +CONFIG_TPMTOTP=n +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +#CONFIG_HOTPKEY=n + +#Nitrokey Storage admin tool +CONFIG_NKSTORECLI=n + +#GUI Support +#Console based Whiptail support(Console based, no FB): +#CONFIG_SLANG=y +#CONFIG_NEWT=y +#FBWhiptail based (Graphical): +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +#Additional tools: +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=n + +export CONFIG_BOOTSCRIPT=/bin/gui-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOARD_NAME="Thinkpad T400-maximized" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" diff --git a/boards/t400-maximized/t400-maximized.config b/boards/t400-maximized/t400-maximized.config new file mode 100644 index 000000000..3606845b3 --- /dev/null +++ b/boards/t400-maximized/t400-maximized.config @@ -0,0 +1,61 @@ +# Configuration for a t400 running non-Qubes OSes. +# +# Deactivated to fit in coreboot's CONFIG_CBFS_SIZE=0x7FCFFF: +# dropbear support(ssh client/server) +# e1000e (ethernet driver) +# +# Includes (read blobs/xxx0/README) +# - Generated IFD from bincfg +# - Forged 00:DE:AD:C0:FF:EE MAC address +# - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/ifd-x200.set + +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.13 +export CONFIG_LINUX_VERSION=4.14.62 + +CONFIG_COREBOOT_CONFIG=config/coreboot-t400-maximized.config +CONFIG_LINUX_CONFIG=config/linux-x230-legacy.config + +CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y + +#Remote attestation support +#TPM based requirements +export CONFIG_TPM=n +CONFIG_POPT=y +CONFIG_QRENCODE=n +CONFIG_TPMTOTP=n +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +#CONFIG_HOTPKEY=n + +#Nitrokey Storage admin tool +CONFIG_NKSTORECLI=n + +#GUI Support +#Console based Whiptail support(Console based, no FB): +#CONFIG_SLANG=y +#CONFIG_NEWT=y +#FBWhiptail based (Graphical): +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +#Additional tools: +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=n + +export CONFIG_BOOTSCRIPT=/bin/gui-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOARD_NAME="Thinkpad T400-maximized" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" diff --git a/boards/x200-maximized/x200-maximized.config b/boards/x200-maximized/x200-maximized.config new file mode 100644 index 000000000..a37c105a8 --- /dev/null +++ b/boards/x200-maximized/x200-maximized.config @@ -0,0 +1,61 @@ +# Configuration for a x200 running non-Qubes OSes. +# +# Deactivated to fit in coreboot's CONFIG_CBFS_SIZE=0x7FCFFF: +# dropbear support(ssh client/server) +# e1000e (ethernet driver) +# +# Includes (read blobs/xxx0/README) +# - Generated IFD from bincfg +# - Forged 00:DE:AD:C0:FF:EE MAC address +# - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/ifd-x200.set + +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.13 +export CONFIG_LINUX_VERSION=4.14.62 + +CONFIG_COREBOOT_CONFIG=config/coreboot-x200-maximized.config +CONFIG_LINUX_CONFIG=config/linux-x230-legacy.config + +CONFIG_CRYPTSETUP2=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y + +#Remote attestation support +#TPM based requirements +export CONFIG_TPM=n +CONFIG_POPT=y +CONFIG_QRENCODE=n +CONFIG_TPMTOTP=n +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +#CONFIG_HOTPKEY=n + +#Nitrokey Storage admin tool +CONFIG_NKSTORECLI=n + +#GUI Support +#Console based Whiptail support(Console based, no FB): +#CONFIG_SLANG=y +#CONFIG_NEWT=y +#FBWhiptail based (Graphical): +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +#Additional tools: +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=n + +export CONFIG_BOOTSCRIPT=/bin/gui-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOARD_NAME="Thinkpad X200-maximized" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal" diff --git a/config/coreboot-t400-maximized-debug.config b/config/coreboot-t400-maximized-debug.config new file mode 100644 index 000000000..67187e25c --- /dev/null +++ b/config/coreboot-t400-maximized-debug.config @@ -0,0 +1,15 @@ +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x7FCFFF +CONFIG_IFD_BIN_PATH="@BLOB_DIR@/xxx0/ifd.bin" +CONFIG_GBE_BIN_PATH="@BLOB_DIR@/xxx0/gbe.bin" +CONFIG_HAVE_IFD_BIN=y +CONFIG_BOARD_LENOVO_T400=y +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet" +CONFIG_HAVE_GBE_BIN=y +CONFIG_NO_GFX_INIT=y +CONFIG_USBDEBUG=y +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage" +CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz" diff --git a/config/coreboot-t400-maximized.config b/config/coreboot-t400-maximized.config new file mode 100644 index 000000000..1e819495b --- /dev/null +++ b/config/coreboot-t400-maximized.config @@ -0,0 +1,14 @@ +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x7FCFFF +CONFIG_IFD_BIN_PATH="@BLOB_DIR@/xxx0/ifd.bin" +CONFIG_GBE_BIN_PATH="@BLOB_DIR@/xxx0/gbe.bin" +CONFIG_HAVE_IFD_BIN=y +CONFIG_BOARD_LENOVO_T400=y +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet" +CONFIG_HAVE_GBE_BIN=y +CONFIG_NO_GFX_INIT=y +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage" +CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz" diff --git a/config/coreboot-x200-maximized.config b/config/coreboot-x200-maximized.config new file mode 100644 index 000000000..5cf96bde2 --- /dev/null +++ b/config/coreboot-x200-maximized.config @@ -0,0 +1,14 @@ +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x7FCFFF +CONFIG_IFD_BIN_PATH="@BLOB_DIR@/xxx0/ifd.bin" +CONFIG_GBE_BIN_PATH="@BLOB_DIR@/xxx0/gbe.bin" +CONFIG_HAVE_IFD_BIN=y +CONFIG_BOARD_LENOVO_X200=y +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet" +CONFIG_HAVE_GBE_BIN=y +CONFIG_NO_GFX_INIT=y +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage" +CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"