move all other boards (but KGPE-D16) to coreboot 4.13

- xx30 legacy boards (x230, x230-flash, t430, t430-flash) now rely also on coreboot 4.13
  - DOWNSIDE: x230 and t430 legacy boards now rely on WHIPTAIL (NOT FBWhiptail) to have enough space to fit under 7mb)
- xx20 boards moved to 4.13 without downside (no need of xx20-flash boards here. xx20 boards are already similar to maximized boards with 7.5mb useable)
- qemu-coreboot and qemu-coreboot-fbwhiptail switched to coreboot 4.13 WITHOUT TPM SUPPORT
- CircleCi build recipe removes 4.8.1 boards altogether
  - KGPE-D16 workstation is used as new base build to save workspace layer (we removed one workspace layer)
  - Removing one workspace layer will save approx 2 hours of build time on fresh builds
  - Removing one coreboot version will save us approx 2 hours of build time on fresh builds
  - KGPE-D16 will stay to coreboot 4.11 until forward notice.
  - All other board configs SHOULD be built on latest coreboot versions

.circleci/config.yml

@@ -165,19 +165,12 @@ workflows:
 # version. The last board in the sequence is the dependency
 # for the parallel boards built at the end, and also save_cache.
 
-      # Coreboot 4.8.1
-      - build_and_persist:
-          name: qemu-coreboot
-          target: qemu-coreboot
-          requires:
-            - prep_env
-
       # Coreboot 4.11
       - build_and_persist:
           name: kgpe-d16_workstation
           target: kgpe-d16_workstation
           requires:
-            - qemu-coreboot
+            - prep_env
 
       # Coreboot 4.13
       - build_and_persist:
@@ -275,6 +268,12 @@ workflows:
           requires:
             - librem_mini
 
+      - build:
+          name: qemu-coreboot
+          target: qemu-coreboot
+          requires:
+            - librem_mini
+
       - build:
           name: qemu-coreboot-fbwhiptail
           target: qemu-coreboot-fbwhiptail

boards/qemu-coreboot-fbwhiptail/qemu-coreboot-fbwhiptail.config

@@ -1,8 +1,9 @@
 # Configuration for building a coreboot ROM that works in
 # the qemu emulator in GUI mode thanks to FBWhiptail
-
+#
+# Note that the TPM does not work.
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-fbwhiptail.config
@@ -19,16 +20,21 @@ CONFIG_FLASHTOOLS=y
 CONFIG_FLASHROM=y
 CONFIG_PCIUTILS=y
 CONFIG_UTIL_LINUX=y
-CONFIG_CRYPTSETUP=y
+CONFIG_CRYPTSETUP2=y
 CONFIG_GPG2=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_DROPBEAR=y
 CONFIG_MSRTOOLS=y
 
+#Uncomment only one of the following block
 #Required for graphical gui-init (FBWhiptail)
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
+#
+#text-based init (generic-init and gui-init)
+#CONFIG_NEWT=y
+#CONFIG_SLANG=y
 
 endif
 
@@ -37,13 +43,17 @@ CONFIG_LINUX_AHCI=y
 CONFIG_LINUX_USB=y
 CONFIG_LINUX_E1000=y
 
+#Uncomment only one BOOTSCRIPT:
 #Whiptail-based init (text-based or FBWhiptail)
-export CONFIG_BOOTSCRIPT=/bin/gui-init
+#export CONFIG_BOOTSCRIPT=/bin/gui-init
+#
+#text-based original init:
+export CONFIG_BOOTSCRIPT=/bin/generic-init
 
 export CONFIG_TPM=n
 
 export CONFIG_BOOT_DEV="/dev/sda1"
-export CONFIG_BOARD_NAME="QEMU-fbwhiptail"
+export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail"
 
 #borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
 run:

boards/qemu-coreboot/qemu-coreboot.config

@@ -1,8 +1,10 @@
 # Configuration for building a coreboot ROM that works in the.
-# the qemu emulator.  Note that the TPM does not work, so this
+# the qemu emulator.  
+# 
+# Note that the TPM does not work, so this
 # will just drop into the recovery shell.
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-qemu.config
@@ -19,7 +21,7 @@ CONFIG_FLASHTOOLS=y
 CONFIG_FLASHROM=y
 CONFIG_PCIUTILS=y
 CONFIG_UTIL_LINUX=y
-CONFIG_CRYPTSETUP=y
+CONFIG_CRYPTSETUP2=y
 CONFIG_GPG2=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
@@ -52,6 +54,7 @@ export CONFIG_BOOTSCRIPT=/bin/generic-init
 export CONFIG_TPM=n
 
 export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOARD_NAME="qemu-coreboot"
 
 #borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh
 run:

boards/t430-flash/t430-flash.config

@@ -2,7 +2,7 @@
 BOARD=t430.flash
 
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_FLASHROM=y

boards/t430/t430.config

@@ -1,17 +1,21 @@
-# Configuration for a t430 running Qubes and other OSes
+# Configuration for a t430 running Qubes 4.1 and other OSes
 # STATIC_OPTION_TABLE is set inside of coreboot config
 #
 # Deactivated to fit in coreboot's CONFIG_CBFS_SIZE=0x700000 :
 # dropbear support(ssh client/server)
 # e1000e (ethernet driver)
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-t430.config
 CONFIG_LINUX_CONFIG=config/linux-x230.config
 
-CONFIG_CRYPTSETUP=y
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=n
+
+CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y
@@ -20,26 +24,32 @@ CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_PCIUTILS=y
+
+#Remote attestation support
+#TPM based requirements
+export CONFIG_TPM=y
 CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=n
 
-#Whiptail in console mode
-#CONFIG_SLANG=y
-#CONFIG_NEWT=y
+#Nitrokey Storage admin tool
+CONFIG_NKSTORECLI=n
 
-#whiptail in graphical mode
-CONFIG_CAIRO=y
-CONFIG_FBWHIPTAIL=y
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+CONFIG_SLANG=y
+CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+#CONFIG_CAIRO=y
+#CONFIG_FBWHIPTAIL=y
 
-CONFIG_LINUX_USB=y
-
-#SSH client/server
+#Additional tools:
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
 CONFIG_DROPBEAR=n
-#Ethernet driver (Heads only)
-CONFIG_LINUX_E1000E=n
 
-export CONFIG_TPM=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n

boards/x220/x220.config

@@ -1,12 +1,12 @@
-# Configuration for a x220 running Qubes and other OS, X220 is identical to X230 on the Linux Side of things.
+# Configuration for a x220 running Qubes 4.1 and other OS, X220 is identical to X230 on the Linux Side of things.
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-x220.config
 CONFIG_LINUX_CONFIG=config/linux-x230.config
 
-CONFIG_CRYPTSETUP=y
+CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y
@@ -18,7 +18,7 @@ CONFIG_PCIUTILS=y
 CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
-CONFIG_DROPBEAR=y
+CONFIG_DROPBEAR=n
 
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y

boards/x230-flash/x230-flash.config

@@ -1,8 +1,7 @@
 # Minimal configuration for a x230 to support flashrom, USB and networking
-BOARD=x230.flash
 
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_FLASHROM=y

boards/x230/x230.config

@@ -1,17 +1,20 @@
-# Configuration for a x230 running Qubes and other OSes
-# STATIC_OPTION_TABLE is set inside of coreboot config
+# Configuration for a X230 running Qubes 4.1 and other Linux Based OSes (through kexec)
 #
 # Deactivated to fit in coreboot's CONFIG_CBFS_SIZE=0x700000 :
 # dropbear support(ssh client/server)
 # e1000e (ethernet driver)
 export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_COREBOOT_VERSION=4.13
 export CONFIG_LINUX_VERSION=4.14.62
 
 CONFIG_COREBOOT_CONFIG=config/coreboot-x230.config
 CONFIG_LINUX_CONFIG=config/linux-x230.config
 
-CONFIG_CRYPTSETUP=y
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=n
+
+CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y
@@ -20,23 +23,32 @@ CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_PCIUTILS=y
+
+#Remote attestation support
+#TPM based requirements
+export CONFIG_TPM=y
 CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=n
 
-#CONFIG_SLANG=y
-#CONFIG_NEWT=y
-CONFIG_CAIRO=y
-CONFIG_FBWHIPTAIL=y
+#Nitrokey Storage admin tool
+CONFIG_NKSTORECLI=n
 
-CONFIG_LINUX_USB=y
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+CONFIG_SLANG=y
+CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+#CONFIG_CAIRO=y
+#CONFIG_FBWHIPTAIL=y
 
-#SSH client/server
+#Additional tools:
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
 CONFIG_DROPBEAR=n
-#Ethernet driver (Heads only)
-CONFIG_LINUX_E1000E=n
 
-export CONFIG_TPM=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n

config/coreboot-qemu-fbwhiptail.config

@@ -1,17 +1,16 @@
 # CONFIG_INCLUDE_CONFIG_FILE is not set
 CONFIG_CBFS_SIZE=0x750000
 # CONFIG_POST_IO is not set
-CONFIG_BOARD_EMULATION_QEMU_X86_Q35=y
 # CONFIG_POST_DEVICE is not set
-CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_BOARD_EMULATION_QEMU_X86_Q35=y
+# CONFIG_CONSOLE_SERIAL is not set
+CONFIG_LINUX_COMMAND_LINE="debug"
 CONFIG_COREBOOT_ROMSIZE_KB_8192=y
 CONFIG_PCIEXP_ASPM=y
 CONFIG_PCIEXP_COMMON_CLOCK=y
 CONFIG_UART_PCI_ADDR=0
-CONFIG_CPU_MICROCODE_CBFS_GENERATE=y
-# CONFIG_CONSOLE_SERIAL is not set
+CONFIG_DRIVERS_PS2_KEYBOARD=y
 CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6=y
 CONFIG_PAYLOAD_LINUX=y
-CONFIG_LINUX_COMMAND_LINE="debug"
 CONFIG_PAYLOAD_FILE="../../build/qemu-coreboot-fbwhiptail/bzImage"
 CONFIG_LINUX_INITRD="../../build/qemu-coreboot-fbwhiptail/initrd.cpio.xz"

config/coreboot-qemu.config

@@ -1,17 +1,16 @@
 # CONFIG_INCLUDE_CONFIG_FILE is not set
 CONFIG_CBFS_SIZE=0x700000
 # CONFIG_POST_IO is not set
-CONFIG_BOARD_EMULATION_QEMU_X86_Q35=y
 # CONFIG_POST_DEVICE is not set
-CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_BOARD_EMULATION_QEMU_X86_Q35=y
+# CONFIG_CONSOLE_SERIAL is not set
+CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0 vga=786"
 CONFIG_COREBOOT_ROMSIZE_KB_8192=y
 CONFIG_PCIEXP_ASPM=y
 CONFIG_PCIEXP_COMMON_CLOCK=y
 CONFIG_UART_PCI_ADDR=0
-CONFIG_CPU_MICROCODE_CBFS_GENERATE=y
-# CONFIG_CONSOLE_SERIAL is not set
+CONFIG_DRIVERS_PS2_KEYBOARD=y
 CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6=y
 CONFIG_PAYLOAD_LINUX=y
-CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0 vga=786"
 CONFIG_PAYLOAD_FILE="../../build/qemu-coreboot/bzImage"
 CONFIG_LINUX_INITRD="../../build/qemu-coreboot/initrd.cpio.xz"

config/coreboot-t430-flash.config

@@ -1,14 +1,14 @@
-# CONFIG_INCLUDE_CONFIG_FILE is not set
-# CONFIG_COLLECT_TIMESTAMPS is not set
-CONFIG_USE_BLOBS=y
-CONFIG_MEASURED_BOOT=y
+# CONFIG_USE_BLOBS is not set
 CONFIG_VENDOR_LENOVO=y
-CONFIG_CBFS_SIZE=0x400000
-# CONFIG_POST_DEVICE is not set
-CONFIG_DRIVERS_UART_8250IO=y
-CONFIG_BOARD_LENOVO_THINKPAD_T430=y
+CONFIG_NO_POST=y
+CONFIG_CBFS_SIZE=0x700000
+CONFIG_BOARD_LENOVO_X230=y
 CONFIG_DRIVERS_PS2_KEYBOARD=y
 CONFIG_UART_PCI_ADDR=0
+CONFIG_CPU_MICROCODE_CBFS_NONE=y
+CONFIG_NO_GFX_INIT=y
+CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_TPM_MEASURED_BOOT=y
 CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
 CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y
 CONFIG_PAYLOAD_LINUX=y

config/coreboot-t430.config

@@ -1,12 +1,15 @@
-CONFIG_MEASURED_BOOT=y
+# CONFIG_USE_BLOBS is not set
 CONFIG_VENDOR_LENOVO=y
-CONFIG_CBFS_SIZE=0x700000
-CONFIG_BOARD_LENOVO_THINKPAD_T430=y
 CONFIG_NO_POST=y
+CONFIG_CBFS_SIZE=0x700000
+CONFIG_BOARD_LENOVO_X230=y
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
 CONFIG_UART_PCI_ADDR=0
-# CONFIG_CONSOLE_SERIAL is not set
+CONFIG_CPU_MICROCODE_CBFS_NONE=y
+CONFIG_NO_GFX_INIT=y
+CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_TPM_MEASURED_BOOT=y
 CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
-CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
 CONFIG_PAYLOAD_LINUX=y
 CONFIG_PAYLOAD_FILE="../../build/t430/bzImage"
 CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"