From 662a1ddad8b971b196d5aae085101cd4a1037e73 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 20 Mar 2019 09:14:29 -0500 Subject: [PATCH 01/22] Add support for the Lenovo ThinkPad T420. --- blobs/t420/.gitignore | 3 ++ blobs/t420/extract.sh | 65 +++++++++++++++++++++++++++++++++++++ blobs/t420/layout.txt | 4 +++ blobs/t420/readme.md | 29 +++++++++++++++++ boards/t420/t420.config | 30 +++++++++++++++++ config/coreboot-t420.config | 25 ++++++++++++++ 6 files changed, 156 insertions(+) create mode 100644 blobs/t420/.gitignore create mode 100755 blobs/t420/extract.sh create mode 100644 blobs/t420/layout.txt create mode 100644 blobs/t420/readme.md create mode 100644 boards/t420/t420.config create mode 100644 config/coreboot-t420.config diff --git a/blobs/t420/.gitignore b/blobs/t420/.gitignore new file mode 100644 index 000000000..62887eff3 --- /dev/null +++ b/blobs/t420/.gitignore @@ -0,0 +1,3 @@ +gbe.bin +me.bin +ifd.bin diff --git a/blobs/t420/extract.sh b/blobs/t420/extract.sh new file mode 100755 index 000000000..e34c3f907 --- /dev/null +++ b/blobs/t420/extract.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +function printusage { + echo "Usage: $0 -f -m (optional) -i (optional)" + exit 0 +} + +BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +if [ "$#" -eq 0 ]; then printusage; fi + +while getopts ":f:m:i:" opt; do + case $opt in + f) + FILE="$OPTARG" + ;; + m) + if [ -x "$OPTARG" ]; then + MECLEAN="$OPTARG" + fi + ;; + i) + if [ -x "$OPTARG" ]; then + IFDTOOL="$OPTARG" + fi + ;; + esac +done + +if [ -z "$MECLEAN" ]; then + MECLEAN=`command -v $BLOBDIR/../../build/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1` + if [ -z "$MECLEAN" ]; then + echo "me_cleaner.py required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +if [ -z "$IFDTOOL" ]; then + IFDTOOL=`command -v $BLOBDIR/../../build/coreboot-*/util/ifdtool/ifdtool 2>&1` + if [ -z "$IFDTOOL" ]; then + echo "ifdtool required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +echo "FILE: $FILE" +echo "ME: $MECLEAN" +echo "IFD: $IFDTOOL" + +bioscopy=$(mktemp) +extractdir=$(mktemp -d) + +cp "$FILE" $bioscopy + +cd "$extractdir" +$IFDTOOL -x $bioscopy +cp "$extractdir/flashregion_3_gbe.bin" "$BLOBDIR/gbe.bin" +$MECLEAN -O "$BLOBDIR/me.bin" -r -t "$extractdir/flashregion_2_intel_me.bin" +$IFDTOOL -n "$BLOBDIR/layout.txt" $bioscopy +$IFDTOOL -x $bioscopy.new +cp "$extractdir/flashregion_0_flashdescriptor.bin" "$BLOBDIR/ifd.bin" + +rm "$bioscopy" +rm "$bioscopy.new" +rm -r "$extractdir" diff --git a/blobs/t420/layout.txt b/blobs/t420/layout.txt new file mode 100644 index 000000000..bbd90962c --- /dev/null +++ b/blobs/t420/layout.txt @@ -0,0 +1,4 @@ +00000000:00000fff fd +00018000:007fffff bios +00003000:00017fff me +00001000:00002fff gbe diff --git a/blobs/t420/readme.md b/blobs/t420/readme.md new file mode 100644 index 000000000..4a40a0528 --- /dev/null +++ b/blobs/t420/readme.md @@ -0,0 +1,29 @@ +To build for T420, we need to have the following files in this folder: +* `me.bin` - ME binary that has been stripped and truncated with me_cleaner +* `gbe.bin` - Network card blob from the original firmware +* `ifd.bin` - Flash layout file has been provided as text + +To get the binaries, start with a copy of the original Lenovo firmware image. +If you do not have one already, you can read one out from the laptops SPI flash with flashrom + +``` +flashrom -p -r original.bin +``` + +Set `` to the flashrom programmer type that you will use (for example, `linux_spi:dev=/dev/spidev0.0` on a Raspberry Pi). + +Once you have the image, the provided extraction script will extract the files needed. + +``` +./extract.sh -f +``` + +Use the options '-m' and '-i' to provide me_cleaner and ifdtool if they can not be located automatically. + +The flash layout will be automatically adjusted and the ME image cleaned and truncated. + +You can now compile the image with: + +``` +make BOARD=t420 +``` diff --git a/boards/t420/t420.config b/boards/t420/t420.config new file mode 100644 index 000000000..0b901bdba --- /dev/null +++ b/boards/t420/t420.config @@ -0,0 +1,30 @@ +# Configuration for a x220 running Qubes and other OS +# The Linux configuration is close enough to the x230 +export CONFIG_COREBOOT=y +CONFIG_COREBOOT_CONFIG=config/coreboot-x220.config +CONFIG_LINUX_CONFIG=config/linux-x230.config + +CONFIG_CRYPTSETUP=y +CONFIG_FLASHROM=y +CONFIG_GPG=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_DROPBEAR=y + +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=y + +export CONFIG_BOOTSCRIPT=/bin/generic-init +export CONFIG_TPM=y +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_USB_BOOT_DEV="/dev/sdb1" diff --git a/config/coreboot-t420.config b/config/coreboot-t420.config new file mode 100644 index 000000000..dcd0cda30 --- /dev/null +++ b/config/coreboot-t420.config @@ -0,0 +1,25 @@ +CONFIG_LOCALVERSION="heads" +# CONFIG_INCLUDE_CONFIG_FILE is not set +# CONFIG_COLLECT_TIMESTAMPS is not set +CONFIG_USE_BLOBS=y +CONFIG_MEASURED_BOOT=y +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x7e8000 +CONFIG_ONBOARD_VGA_IS_PRIMARY=y +CONFIG_HAVE_IFD_BIN=y +CONFIG_HAVE_ME_BIN=y +CONFIG_HAVE_GBE_BIN=y +CONFIG_IFD_BIN_PATH="../../blobs/t420/ifd.bin" +CONFIG_ME_BIN_PATH="../../blobs/t420/me.bin" +CONFIG_BOARD_LENOVO_T420=y +CONFIG_DRIVERS_PS2_KEYBOARD=y +CONFIG_NO_POST=y +CONFIG_CHECK_ME=y +CONFIG_GBE_BIN_PATH="../../blobs/t420/gbe.bin" +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/t420/bzImage" +CONFIG_LINUX_COMMAND_LINE="quiet" +CONFIG_LINUX_INITRD="../../build/t420/initrd.cpio.xz" +CONFIG_DEBUG_SMM_RELOCATION=y From 94e6e09ca8b83bd717f9eae8620474e1fbe4c5c0 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 20 Mar 2019 09:15:30 -0500 Subject: [PATCH 02/22] Fix the autodetection of ifdtool and me_cleaner. --- blobs/x220/extract.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/blobs/x220/extract.sh b/blobs/x220/extract.sh index 173ed7fc6..e34c3f907 100755 --- a/blobs/x220/extract.sh +++ b/blobs/x220/extract.sh @@ -5,6 +5,8 @@ function printusage { exit 0 } +BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + if [ "$#" -eq 0 ]; then printusage; fi while getopts ":f:m:i:" opt; do @@ -26,7 +28,7 @@ while getopts ":f:m:i:" opt; do done if [ -z "$MECLEAN" ]; then - MECLEAN=`command -v me_cleaner.py 2>&1` + MECLEAN=`command -v $BLOBDIR/../../build/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1` if [ -z "$MECLEAN" ]; then echo "me_cleaner.py required but not found or specified with -m. Aborting." exit 1; @@ -34,7 +36,7 @@ if [ -z "$MECLEAN" ]; then fi if [ -z "$IFDTOOL" ]; then - IFDTOOL=`command -v ifdtool 2>&1` + IFDTOOL=`command -v $BLOBDIR/../../build/coreboot-*/util/ifdtool/ifdtool 2>&1` if [ -z "$IFDTOOL" ]; then echo "ifdtool required but not found or specified with -m. Aborting." exit 1; @@ -47,7 +49,6 @@ echo "IFD: $IFDTOOL" bioscopy=$(mktemp) extractdir=$(mktemp -d) -BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" cp "$FILE" $bioscopy From be2122034d3e41c0d4740d1a3ce6f08809644368 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 20 Mar 2019 16:07:51 -0500 Subject: [PATCH 03/22] Whoops, added the entire directory! --- blobs/t420/.gitignore | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 blobs/t420/.gitignore diff --git a/blobs/t420/.gitignore b/blobs/t420/.gitignore deleted file mode 100644 index 62887eff3..000000000 --- a/blobs/t420/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -gbe.bin -me.bin -ifd.bin From d38190ebe5cab395072d556985f11162f483049d Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 20 Mar 2019 17:49:34 -0500 Subject: [PATCH 04/22] Actually point to the T420 coreboot config file... --- boards/t420/t420.config | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boards/t420/t420.config b/boards/t420/t420.config index 0b901bdba..93457917b 100644 --- a/boards/t420/t420.config +++ b/boards/t420/t420.config @@ -1,7 +1,7 @@ -# Configuration for a x220 running Qubes and other OS +# Configuration for a T420 running Qubes and other OS # The Linux configuration is close enough to the x230 export CONFIG_COREBOOT=y -CONFIG_COREBOOT_CONFIG=config/coreboot-x220.config +CONFIG_COREBOOT_CONFIG=config/coreboot-t420.config CONFIG_LINUX_CONFIG=config/linux-x230.config CONFIG_CRYPTSETUP=y From 62d6a6c3a1dca03afec182e991ba0cb38b6aea87 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Tue, 26 Mar 2019 17:07:36 -0500 Subject: [PATCH 05/22] Enable FBWhiptail mode for X220 and T420 --- boards/t420/t420.config | 18 ++++++++++++------ boards/x220/x220.config | 16 +++++++++++----- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/boards/t420/t420.config b/boards/t420/t420.config index 93457917b..3eb832c04 100644 --- a/boards/t420/t420.config +++ b/boards/t420/t420.config @@ -1,12 +1,12 @@ -# Configuration for a T420 running Qubes and other OS -# The Linux configuration is close enough to the x230 +# Configuration for a T420 running Qubes and other OS, X220 is identical to X230 on the Linux Side of things. export CONFIG_COREBOOT=y -CONFIG_COREBOOT_CONFIG=config/coreboot-t420.config +CONFIG_COREBOOT_CONFIG=config/coreboot-T420.config CONFIG_LINUX_CONFIG=config/linux-x230.config CONFIG_CRYPTSETUP=y CONFIG_FLASHROM=y -CONFIG_GPG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y CONFIG_KEXEC=y CONFIG_UTIL_LINUX=y CONFIG_LVM2=y @@ -17,14 +17,20 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_DROPBEAR=y +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y -export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad T420 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" diff --git a/boards/x220/x220.config b/boards/x220/x220.config index 0b901bdba..f3e4372c3 100644 --- a/boards/x220/x220.config +++ b/boards/x220/x220.config @@ -1,12 +1,12 @@ -# Configuration for a x220 running Qubes and other OS -# The Linux configuration is close enough to the x230 +# Configuration for a x220 running Qubes and other OS, X220 is identical to X230 on the Linux Side of things. export CONFIG_COREBOOT=y CONFIG_COREBOOT_CONFIG=config/coreboot-x220.config CONFIG_LINUX_CONFIG=config/linux-x230.config CONFIG_CRYPTSETUP=y CONFIG_FLASHROM=y -CONFIG_GPG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y CONFIG_KEXEC=y CONFIG_UTIL_LINUX=y CONFIG_LVM2=y @@ -17,14 +17,20 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_DROPBEAR=y +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y -export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad X220 Heads Boot Menu" export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" From 6fb0a9d28391bdf9ab3c590116a7f21cc0eac215 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 27 Mar 2019 13:42:25 -0500 Subject: [PATCH 06/22] Don't use iommu settings because it breaks graphics after kexec. --- boards/t420/t420.config | 6 +++--- boards/x220/x220.config | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/boards/t420/t420.config b/boards/t420/t420.config index 3eb832c04..a103f895b 100644 --- a/boards/t420/t420.config +++ b/boards/t420/t420.config @@ -1,6 +1,6 @@ -# Configuration for a T420 running Qubes and other OS, X220 is identical to X230 on the Linux Side of things. +# Configuration for a T420 running Qubes and other OS, T420 is identical to X230 on the Linux Side of things. export CONFIG_COREBOOT=y -CONFIG_COREBOOT_CONFIG=config/coreboot-T420.config +CONFIG_COREBOOT_CONFIG=config/coreboot-t420.config CONFIG_LINUX_CONFIG=config/linux-x230.config CONFIG_CRYPTSETUP=y @@ -27,7 +27,7 @@ export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad T420 Heads Boot Menu" diff --git a/boards/x220/x220.config b/boards/x220/x220.config index f3e4372c3..7a17562c3 100644 --- a/boards/x220/x220.config +++ b/boards/x220/x220.config @@ -27,7 +27,7 @@ export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_ADD="" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad X220 Heads Boot Menu" From 41e5301747fc6ab93320e63bd2585f7fd4c5dcc5 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 27 Mar 2019 13:47:05 -0500 Subject: [PATCH 07/22] Remove sandybridge patches. Causes 50 second delay when booting up, restarting, or during S3 resume. If they actually bring functionality to builds, replace the patch with something that is tested. --- patches/coreboot-4.8.1/0030-sandybridge.patch | 58 ------------------- 1 file changed, 58 deletions(-) delete mode 100644 patches/coreboot-4.8.1/0030-sandybridge.patch diff --git a/patches/coreboot-4.8.1/0030-sandybridge.patch b/patches/coreboot-4.8.1/0030-sandybridge.patch deleted file mode 100644 index 8559b4090..000000000 --- a/patches/coreboot-4.8.1/0030-sandybridge.patch +++ /dev/null @@ -1,58 +0,0 @@ -diff --git ./src/northbridge/intel/sandybridge/romstage.c ./src/northbridge/intel/sandybridge/romstage.c -index 0426b83..d348b9e 100644 ---- ./src/northbridge/intel/sandybridge/romstage.c -+++ ./src/northbridge/intel/sandybridge/romstage.c -@@ -29,6 +29,8 @@ - #include - #include - #include -+#include -+#include - #include - #include "southbridge/intel/bd82x6x/pch.h" - #include -@@ -72,6 +74,19 @@ void mainboard_romstage_entry(unsigned long bist) - /* Initialize superio */ - mainboard_config_superio(); - -+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { -+ // we don't know if we are coming out of a resume -+ // at this point, but want to setup the tpm ASAP -+ init_tpm(0); -+ tlcl_lib_init(); -+ const void * const bootblock = (const void*) 0xFFFFF800; -+ const unsigned bootblock_size = 0x800; -+ tlcl_measure(0, bootblock, bootblock_size); -+ -+ extern char _romstage, _eromstage; -+ tlcl_measure(1, &_romstage, &_eromstage - &_romstage); -+ } -+ - /* USB is initialized in MRC if MRC is used. */ - if (CONFIG_USE_NATIVE_RAMINIT) { - early_usb_init(mainboard_usb_ports); -@@ -117,9 +132,23 @@ void mainboard_romstage_entry(unsigned long bist) - - northbridge_romstage_finalize(s3resume); - -- if (IS_ENABLED(CONFIG_LPC_TPM)) { -+ // the normal TPM init happens here, if we haven't already -+ // set it up as part of the measured boot. -+ if (!IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { - init_tpm(s3resume); - } - -+ printk(BIOS_DEBUG, "%s: romstage complete\n", __FILE__); -+ - post_code(0x3f); - } -+ -+ -+void platform_segment_loaded(uintptr_t start, size_t size, int flags) -+{ -+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE)) -+ { -+ tlcl_measure(2, (const void*) start, size); -+ } -+} -+ From 584690fb2a1b4a601430317c783486fb56b507a4 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 27 Mar 2019 18:44:10 -0500 Subject: [PATCH 08/22] Fixed TPM romstage measurements. --- patches/coreboot-4.8.1/0030-sandybridge.patch | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 patches/coreboot-4.8.1/0030-sandybridge.patch diff --git a/patches/coreboot-4.8.1/0030-sandybridge.patch b/patches/coreboot-4.8.1/0030-sandybridge.patch new file mode 100644 index 000000000..291b80c80 --- /dev/null +++ b/patches/coreboot-4.8.1/0030-sandybridge.patch @@ -0,0 +1,58 @@ +diff --git ./src/northbridge/intel/sandybridge/romstage.c ./src/northbridge/intel/sandybridge/romstage.c +index 0426b83..d348b9e 100644 +--- ./src/northbridge/intel/sandybridge/romstage.c ++++ ./src/northbridge/intel/sandybridge/romstage.c +@@ -29,6 +29,8 @@ + #include + #include + #include ++#include ++#include + #include + #include "southbridge/intel/bd82x6x/pch.h" + #include +@@ -72,6 +74,19 @@ void mainboard_romstage_entry(unsigned long bist) + /* Initialize superio */ + mainboard_config_superio(); + ++ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { ++ // we don't know if we are coming out of a resume ++ // at this point, but want to setup the tpm ASAP ++ init_tpm(0); ++ tlcl_lib_init(); ++ const void * const bootblock = (const void*) 0xFFFFF800; ++ const unsigned bootblock_size = 0x800; ++ tlcl_measure(0, bootblock, bootblock_size); ++ ++ extern char _romstage, _eromstage; ++ tlcl_measure(1, _romstage, _eromstage - _romstage); ++ } ++ + /* USB is initialized in MRC if MRC is used. */ + if (CONFIG_USE_NATIVE_RAMINIT) { + early_usb_init(mainboard_usb_ports); +@@ -117,9 +132,23 @@ void mainboard_romstage_entry(unsigned long bist) + + northbridge_romstage_finalize(s3resume); + +- if (IS_ENABLED(CONFIG_LPC_TPM)) { ++ // the normal TPM init happens here, if we haven't already ++ // set it up as part of the measured boot. ++ if (!IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { + init_tpm(s3resume); + } + ++ printk(BIOS_DEBUG, "%s: romstage complete\n", __FILE__); ++ + post_code(0x3f); + } ++ ++ ++void platform_segment_loaded(uintptr_t start, size_t size, int flags) ++{ ++ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE)) ++ { ++ tlcl_measure(2, (const void*) start, size); ++ } ++} ++ From 04d7df7353521d83df5f162136df23a067b0d80b Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Wed, 27 Mar 2019 18:49:19 -0500 Subject: [PATCH 09/22] Turn on iommu, but do not enable igfx-off --- boards/t420/t420.config | 2 +- boards/x220/x220.config | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/boards/t420/t420.config b/boards/t420/t420.config index a103f895b..77f51f2e7 100644 --- a/boards/t420/t420.config +++ b/boards/t420/t420.config @@ -27,7 +27,7 @@ export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="" +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad T420 Heads Boot Menu" diff --git a/boards/x220/x220.config b/boards/x220/x220.config index 7a17562c3..4f89ae09d 100644 --- a/boards/x220/x220.config +++ b/boards/x220/x220.config @@ -27,7 +27,7 @@ export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="" +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad X220 Heads Boot Menu" From cb74314705a19a41815e3abab0f38d60bb93219f Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Thu, 28 Mar 2019 16:13:18 -0500 Subject: [PATCH 10/22] Revert "Fixed TPM romstage measurements." This reverts commit 584690fb2a1b4a601430317c783486fb56b507a4. --- patches/coreboot-4.8.1/0030-sandybridge.patch | 58 ------------------- 1 file changed, 58 deletions(-) delete mode 100644 patches/coreboot-4.8.1/0030-sandybridge.patch diff --git a/patches/coreboot-4.8.1/0030-sandybridge.patch b/patches/coreboot-4.8.1/0030-sandybridge.patch deleted file mode 100644 index 291b80c80..000000000 --- a/patches/coreboot-4.8.1/0030-sandybridge.patch +++ /dev/null @@ -1,58 +0,0 @@ -diff --git ./src/northbridge/intel/sandybridge/romstage.c ./src/northbridge/intel/sandybridge/romstage.c -index 0426b83..d348b9e 100644 ---- ./src/northbridge/intel/sandybridge/romstage.c -+++ ./src/northbridge/intel/sandybridge/romstage.c -@@ -29,6 +29,8 @@ - #include - #include - #include -+#include -+#include - #include - #include "southbridge/intel/bd82x6x/pch.h" - #include -@@ -72,6 +74,19 @@ void mainboard_romstage_entry(unsigned long bist) - /* Initialize superio */ - mainboard_config_superio(); - -+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { -+ // we don't know if we are coming out of a resume -+ // at this point, but want to setup the tpm ASAP -+ init_tpm(0); -+ tlcl_lib_init(); -+ const void * const bootblock = (const void*) 0xFFFFF800; -+ const unsigned bootblock_size = 0x800; -+ tlcl_measure(0, bootblock, bootblock_size); -+ -+ extern char _romstage, _eromstage; -+ tlcl_measure(1, _romstage, _eromstage - _romstage); -+ } -+ - /* USB is initialized in MRC if MRC is used. */ - if (CONFIG_USE_NATIVE_RAMINIT) { - early_usb_init(mainboard_usb_ports); -@@ -117,9 +132,23 @@ void mainboard_romstage_entry(unsigned long bist) - - northbridge_romstage_finalize(s3resume); - -- if (IS_ENABLED(CONFIG_LPC_TPM)) { -+ // the normal TPM init happens here, if we haven't already -+ // set it up as part of the measured boot. -+ if (!IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { - init_tpm(s3resume); - } - -+ printk(BIOS_DEBUG, "%s: romstage complete\n", __FILE__); -+ - post_code(0x3f); - } -+ -+ -+void platform_segment_loaded(uintptr_t start, size_t size, int flags) -+{ -+ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE)) -+ { -+ tlcl_measure(2, (const void*) start, size); -+ } -+} -+ From 04b59d24b1236f215ef8ff1e51354f58148084f6 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Thu, 28 Mar 2019 16:13:44 -0500 Subject: [PATCH 11/22] Revert "Remove sandybridge patches. Causes 50 second delay when booting up, restarting, or during S3 resume. If they actually bring functionality to builds, replace the patch with something that is tested." This reverts commit 41e5301747fc6ab93320e63bd2585f7fd4c5dcc5. --- patches/coreboot-4.8.1/0030-sandybridge.patch | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 patches/coreboot-4.8.1/0030-sandybridge.patch diff --git a/patches/coreboot-4.8.1/0030-sandybridge.patch b/patches/coreboot-4.8.1/0030-sandybridge.patch new file mode 100644 index 000000000..8559b4090 --- /dev/null +++ b/patches/coreboot-4.8.1/0030-sandybridge.patch @@ -0,0 +1,58 @@ +diff --git ./src/northbridge/intel/sandybridge/romstage.c ./src/northbridge/intel/sandybridge/romstage.c +index 0426b83..d348b9e 100644 +--- ./src/northbridge/intel/sandybridge/romstage.c ++++ ./src/northbridge/intel/sandybridge/romstage.c +@@ -29,6 +29,8 @@ + #include + #include + #include ++#include ++#include + #include + #include "southbridge/intel/bd82x6x/pch.h" + #include +@@ -72,6 +74,19 @@ void mainboard_romstage_entry(unsigned long bist) + /* Initialize superio */ + mainboard_config_superio(); + ++ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { ++ // we don't know if we are coming out of a resume ++ // at this point, but want to setup the tpm ASAP ++ init_tpm(0); ++ tlcl_lib_init(); ++ const void * const bootblock = (const void*) 0xFFFFF800; ++ const unsigned bootblock_size = 0x800; ++ tlcl_measure(0, bootblock, bootblock_size); ++ ++ extern char _romstage, _eromstage; ++ tlcl_measure(1, &_romstage, &_eromstage - &_romstage); ++ } ++ + /* USB is initialized in MRC if MRC is used. */ + if (CONFIG_USE_NATIVE_RAMINIT) { + early_usb_init(mainboard_usb_ports); +@@ -117,9 +132,23 @@ void mainboard_romstage_entry(unsigned long bist) + + northbridge_romstage_finalize(s3resume); + +- if (IS_ENABLED(CONFIG_LPC_TPM)) { ++ // the normal TPM init happens here, if we haven't already ++ // set it up as part of the measured boot. ++ if (!IS_ENABLED(CONFIG_MEASURED_BOOT) && IS_ENABLED(CONFIG_LPC_TPM)) { + init_tpm(s3resume); + } + ++ printk(BIOS_DEBUG, "%s: romstage complete\n", __FILE__); ++ + post_code(0x3f); + } ++ ++ ++void platform_segment_loaded(uintptr_t start, size_t size, int flags) ++{ ++ if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE)) ++ { ++ tlcl_measure(2, (const void*) start, size); ++ } ++} ++ From fe03f791733962dc70b04e9dbc5262e037c21f42 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Thu, 28 Mar 2019 16:22:16 -0500 Subject: [PATCH 12/22] One more thing: Add flash.sh definitions for X220 and T420. --- initrd/bin/flash.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index e89c9a98c..7c2c49e90 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -13,11 +13,17 @@ case "$CONFIG_BOARD" in x230* ) FLASHROM_OPTIONS='--force --noverify-all --programmer internal --ifd --image bios' ;; + t420* ) + FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' + ;; + x220* ) + FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' + ;; "kgpe-d16" ) FLASHROM_OPTIONS='--force --noverify --programmer internal' ;; * ) - die "ERROR: No board has been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." + die "ERROR: No board has been configured!\nEach board requires specific flashrom options and it's unsafe to flash without them.\nAborting." ;; esac From f17c519fad50768a57d25d1ef02c9bddbef1c3ed Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 9 Apr 2019 14:43:25 -0400 Subject: [PATCH 13/22] Required SPI flash chip option to flahs internally --- initrd/bin/flash.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 7c2c49e90..4814cc6dc 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -17,7 +17,7 @@ case "$CONFIG_BOARD" in FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' ;; x220* ) - FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' + FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios -c MX25L6405D' ;; "kgpe-d16" ) FLASHROM_OPTIONS='--force --noverify --programmer internal' From 5a437ea6795f83a039fc57c2965235804b40cb8f Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 9 Apr 2019 15:11:04 -0400 Subject: [PATCH 14/22] Temporary coreboot config required to debug through cbmem under heads --- config/coreboot-x220.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/coreboot-x220.config b/config/coreboot-x220.config index a91aef7dc..263fd0454 100644 --- a/config/coreboot-x220.config +++ b/config/coreboot-x220.config @@ -16,8 +16,8 @@ CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_NO_POST=y CONFIG_CHECK_ME=y CONFIG_GBE_BIN_PATH="../../blobs/x220/gbe.bin" +CONFIG_DEBUG_TPM=y CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 -CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y CONFIG_PAYLOAD_LINUX=y CONFIG_PAYLOAD_FILE="../../build/x220/bzImage" CONFIG_LINUX_COMMAND_LINE="quiet" From f3c8a2d2ca555748ccb9eee302a54096d1e018a6 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Tue, 9 Apr 2019 15:33:13 -0400 Subject: [PATCH 15/22] Revert "Required SPI flash chip option to flahs internally" This reverts commit f17c519fad50768a57d25d1ef02c9bddbef1c3ed. --- initrd/bin/flash.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 4814cc6dc..7c2c49e90 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -17,7 +17,7 @@ case "$CONFIG_BOARD" in FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' ;; x220* ) - FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios -c MX25L6405D' + FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' ;; "kgpe-d16" ) FLASHROM_OPTIONS='--force --noverify --programmer internal' From 4b5c9153e2029cd5a0f4c1bc993f6d61e7fdb43e Mon Sep 17 00:00:00 2001 From: Sebastian McMillan Date: Thu, 11 Apr 2019 08:53:56 -0500 Subject: [PATCH 16/22] Add preliminary support for T430, use universal install-phase init to support both T430 and X230 and fix installation instructions to use flash.sh, and update x230-flash to use the new init file. --- boards/t430-flash/t430-flash.config | 28 +++++++++++++ boards/t430/t430.config | 44 ++++++++++++++++++++ boards/x230-flash/x230-flash.config | 2 +- config/coreboot-t430-flash.config | 18 ++++++++ config/coreboot-t430.config | 24 +++++++++++ initrd/bin/{x230-flash.init => install.init} | 2 +- 6 files changed, 116 insertions(+), 2 deletions(-) create mode 100644 boards/t430-flash/t430-flash.config create mode 100644 boards/t430/t430.config create mode 100644 config/coreboot-t430-flash.config create mode 100644 config/coreboot-t430.config rename initrd/bin/{x230-flash.init => install.init} (92%) diff --git a/boards/t430-flash/t430-flash.config b/boards/t430-flash/t430-flash.config new file mode 100644 index 000000000..80bee434a --- /dev/null +++ b/boards/t430-flash/t430-flash.config @@ -0,0 +1,28 @@ +# Minimal configuration for a t430 to support flashrom, USB and networking +BOARD=t430.flash + +export CONFIG_COREBOOT=y +CONFIG_FLASHROM=y +#CONFIG_GPG=y +CONFIG_FLASHTOOLS=y +CONFIG_PCIUTILS=y +#CONFIG_MBEDTLS=y +#CONFIG_QRENCODE=y +#CONFIG_TPMTOTP=y +#CONFIG_DROPBEAR=y + +CONFIG_LINUX_CONFIG=config/linux-x230-flash.config +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=y + +export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_BOOTSCRIPT=/bin/install.init + +# This board is "special" in that we only want the top 4 MB of the ROM +# for flashing into SPI flash 1 on the mainboard. This is enough to +# allow the board to boot into a minimal Heads and read the full +# ROM from an external USB media. +all: $(build)/$(BOARD)/$(BOARD).rom +$(build)/$(BOARD)/$(BOARD).rom: $(build)/$(BOARD)/coreboot.rom + dd of=$@ if=$< bs=65536 count=64 skip=128 + sha256sum $@ diff --git a/boards/t430/t430.config b/boards/t430/t430.config new file mode 100644 index 000000000..4ed35901f --- /dev/null +++ b/boards/t430/t430.config @@ -0,0 +1,44 @@ +# Configuration for a t430 running Qubes and other OSes +export CONFIG_COREBOOT=y +CONFIG_COREBOOT_CONFIG=config/coreboot-t430.config +CONFIG_LINUX_CONFIG=config/linux-x230.config + +CONFIG_CRYPTSETUP=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_DROPBEAR=y + +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=y + +export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad T430 Heads Boot Menu" +export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" + +# This board has two SPI flash chips, an 8 MB that holds the IFD, +# the ME image and part of the coreboot image, and a 4 MB one that +# has the rest of the coreboot and the reset vector. +# +# Only flashing to the bios region is safe to do. The easiest is to +# flash internally when the IFD is unlocked for writing, and x230-flash +# is installed first. diff --git a/boards/x230-flash/x230-flash.config b/boards/x230-flash/x230-flash.config index b10d17aff..17be7fafd 100644 --- a/boards/x230-flash/x230-flash.config +++ b/boards/x230-flash/x230-flash.config @@ -16,7 +16,7 @@ CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y export CONFIG_USB_BOOT_DEV="/dev/sdb1" -export CONFIG_BOOTSCRIPT=/bin/x230-flash.init +export CONFIG_BOOTSCRIPT=/bin/install.init # This board is "special" in that we only want the top 4 MB of the ROM # for flashing into SPI flash 1 on the mainboard. This is enough to diff --git a/config/coreboot-t430-flash.config b/config/coreboot-t430-flash.config new file mode 100644 index 000000000..4774ac1ec --- /dev/null +++ b/config/coreboot-t430-flash.config @@ -0,0 +1,18 @@ +CONFIG_LOCALVERSION="heads" +# CONFIG_INCLUDE_CONFIG_FILE is not set +# CONFIG_COLLECT_TIMESTAMPS is not set +CONFIG_USE_BLOBS=y +CONFIG_MEASURED_BOOT=y +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x400000 +# CONFIG_POST_DEVICE is not set +CONFIG_DRIVERS_UART_8250IO=y +CONFIG_BOARD_LENOVO_T430=y +CONFIG_DRIVERS_PS2_KEYBOARD=y +CONFIG_UART_PCI_ADDR=0 +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/t430-flash/bzImage" +CONFIG_LINUX_INITRD="../../build/t430-flash/initrd.cpio.xz" +CONFIG_DEBUG_SMM_RELOCATION=y diff --git a/config/coreboot-t430.config b/config/coreboot-t430.config new file mode 100644 index 000000000..5304d8255 --- /dev/null +++ b/config/coreboot-t430.config @@ -0,0 +1,24 @@ +CONFIG_LOCALVERSION="heads" +# CONFIG_INCLUDE_CONFIG_FILE is not set +# CONFIG_COLLECT_TIMESTAMPS is not set +CONFIG_USE_BLOBS=y +CONFIG_MEASURED_BOOT=y +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x700000 +# CONFIG_POST_IO is not set +# CONFIG_POST_DEVICE is not set +CONFIG_DRIVERS_UART_8250IO=y +CONFIG_BOARD_LENOVO_T430=y +CONFIG_DRIVERS_PS2_KEYBOARD=y +CONFIG_UART_PCI_ADDR=0 +CONFIG_NO_GFX_INIT=y +# CONFIG_CONSOLE_SERIAL is not set +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/t430/bzImage" +CONFIG_PAYLOAD_OPTIONS="" +# CONFIG_PXE is not set +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet" +CONFIG_LINUX_INITRD="../../build/t430/initrd.cpio.xz" +CONFIG_DEBUG_SMM_RELOCATION=y diff --git a/initrd/bin/x230-flash.init b/initrd/bin/install.init similarity index 92% rename from initrd/bin/x230-flash.init rename to initrd/bin/install.init index e02dcf5d8..872ebb861 100755 --- a/initrd/bin/x230-flash.init +++ b/initrd/bin/install.init @@ -20,7 +20,7 @@ echo '' echo 'To install from flash drive:' echo '' echo ' mount -o ro /dev/sdb1 /media' -echo ' flashrom-x230.sh /media/x230.rom' +echo ' flash.sh /media/' echo '' exec /bin/ash From 92e7a37fe9219f92b53c7e88ccc60e0f4bda0da6 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Wed, 17 Apr 2019 08:33:18 -0500 Subject: [PATCH 17/22] Remove debugging config options to ready the updated X220 config for merging into master. --- config/coreboot-x220.config | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/config/coreboot-x220.config b/config/coreboot-x220.config index 263fd0454..03f227f01 100644 --- a/config/coreboot-x220.config +++ b/config/coreboot-x220.config @@ -16,10 +16,9 @@ CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_NO_POST=y CONFIG_CHECK_ME=y CONFIG_GBE_BIN_PATH="../../blobs/x220/gbe.bin" -CONFIG_DEBUG_TPM=y CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 CONFIG_PAYLOAD_LINUX=y CONFIG_PAYLOAD_FILE="../../build/x220/bzImage" -CONFIG_LINUX_COMMAND_LINE="quiet" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3" CONFIG_LINUX_INITRD="../../build/x220/initrd.cpio.xz" CONFIG_DEBUG_SMM_RELOCATION=y From 3b0f2cf24838e082165a9e102bb1f3282b0d57e7 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Wed, 17 Apr 2019 08:35:42 -0500 Subject: [PATCH 18/22] Update X220 configs to prepare FBWhiptail X220 for merge. --- boards/x220/x220.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boards/x220/x220.config b/boards/x220/x220.config index 4f89ae09d..f3e4372c3 100644 --- a/boards/x220/x220.config +++ b/boards/x220/x220.config @@ -27,7 +27,7 @@ export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad X220 Heads Boot Menu" From 472759b9fe9d757bc35a947c7baa570084a0c6c0 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Mon, 22 Apr 2019 09:14:54 -0500 Subject: [PATCH 19/22] fix T430 coreboot name for main config silly inconsistent names! --- config/coreboot-t430-flash.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/coreboot-t430-flash.config b/config/coreboot-t430-flash.config index 4774ac1ec..c0b0c9777 100644 --- a/config/coreboot-t430-flash.config +++ b/config/coreboot-t430-flash.config @@ -7,7 +7,7 @@ CONFIG_VENDOR_LENOVO=y CONFIG_CBFS_SIZE=0x400000 # CONFIG_POST_DEVICE is not set CONFIG_DRIVERS_UART_8250IO=y -CONFIG_BOARD_LENOVO_T430=y +CONFIG_BOARD_LENOVO_THINKPAD_T430=y CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_UART_PCI_ADDR=0 CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 From c6ba34f94360fd51e352ae07e6c5bce0b2b1a3e5 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Mon, 22 Apr 2019 09:15:17 -0500 Subject: [PATCH 20/22] fix board name for t430 --- config/coreboot-t430.config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/coreboot-t430.config b/config/coreboot-t430.config index 5304d8255..b21181194 100644 --- a/config/coreboot-t430.config +++ b/config/coreboot-t430.config @@ -8,7 +8,7 @@ CONFIG_CBFS_SIZE=0x700000 # CONFIG_POST_IO is not set # CONFIG_POST_DEVICE is not set CONFIG_DRIVERS_UART_8250IO=y -CONFIG_BOARD_LENOVO_T430=y +CONFIG_BOARD_LENOVO_THINKPAD_T430=y CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_UART_PCI_ADDR=0 CONFIG_NO_GFX_INIT=y From 350a344ce40b717ea38764872a411df62ce998d3 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Mon, 22 Apr 2019 09:19:58 -0500 Subject: [PATCH 21/22] Fix X220 flash.sh support and add T430 support --- initrd/bin/flash.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index 7c2c49e90..e68eab357 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -13,11 +13,14 @@ case "$CONFIG_BOARD" in x230* ) FLASHROM_OPTIONS='--force --noverify-all --programmer internal --ifd --image bios' ;; + t430* ) + FLASHROM_OPTIONS='--force --noverify-all --programmer internal:laptop=force_I_want_a_brick --ifd --image bios' + ;; t420* ) FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' ;; x220* ) - FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' + FLASHROM_OPTIONS='--force --noverify-all -p internal --ifd -image bios -c MX25L6405D' ;; "kgpe-d16" ) FLASHROM_OPTIONS='--force --noverify --programmer internal' From 1e500d8d693d2731d343a6469ec3cf666f43d361 Mon Sep 17 00:00:00 2001 From: Sebastian McMillan <22755892+SebastianMcMillan@users.noreply.github.com> Date: Tue, 28 May 2019 17:44:08 -0500 Subject: [PATCH 22/22] Fixed typo in flash.sh --- initrd/bin/flash.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index e68eab357..b33bfcdf4 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -20,7 +20,7 @@ case "$CONFIG_BOARD" in FLASHROM_OPTIONS='--force --noverify-all -p internal:laptop=force_I_want_a_brick --ifd --image bios' ;; x220* ) - FLASHROM_OPTIONS='--force --noverify-all -p internal --ifd -image bios -c MX25L6405D' + FLASHROM_OPTIONS='--force --noverify-all -p internal --ifd --image bios -c MX25L6405D' ;; "kgpe-d16" ) FLASHROM_OPTIONS='--force --noverify --programmer internal'