X200 board bringback without TPM nor HOTP support. Basically useable …

…to boot Tails from USB SDCARD adapter, with SDCARD set in read only mode. Based on past work https://github.com/tlaurion/heads/tree/x200_readd TODO: - upgrade coreboot to 4.12 - upgrade kernel to 5.x - Test and merge linuxboot#836 Addresses linuxboot#878
tlaurion · Dec 15, 2020 · 1b6c914 · 1b6c914
1 parent a81ae6e
commit 1b6c914
Show file tree

Hide file tree

Showing 8 changed files with 446 additions and 0 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -326,6 +326,26 @@ jobs:
       - store-artifacts:
           path: build/t430-flash
 
+      - run:
+          name: x200-maximized
+          command: |
+            rm -rf build/x200-maximized/* build/log/* && make CPUS=4 V=1 BOARD=x200-maximized  || touch /tmp/failed_build
+          no_output_timeout: 3h
+      - run:
+          name: Output build failing logs
+          command: |
+            if [[ -f /tmp/failed_build ]]; then find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Not failing. Continuing..."; fi
+      - run:
+          name: Ouput x200-maximized hashes
+          command: |
+            cat build/x200-maximized/hashes.txt \
+      - run:
+          name: Archiving build logs for x200-maximized
+          command: |
+             tar zcvf build/x200-maximized/logs.tar.gz build/log/*
+      - store-artifacts:
+          path: build/x200-maximized
+
       - run:
           name: t430
           command: |

diff --git a/blobs/xxx0/README b/blobs/xxx0/README
@@ -0,0 +1,23 @@
+Coreboot supports generating modified ifd and gbe out of the box.
+To replicate the blobs in this directory (based on coreboot 4.8.1 but simply replace version in paths):
+
+make BOARDS=x200
+
+This will create the ROM.
+
+Then (considering you git clone heads under ~)
+
+cd ~/heads/build/coreboot-4.8.1/util/bincfg
+make gen-gbe-ich9m
+make gen-ifd-x200
+mv flashregion_0_fd.bin ../../../../blobs/xxx0/ifd.bin
+mv flashregion_3_gbe.bin ../../../../blobs/xxx0/gbe.bin
+
+cd -
+sha256sum -c hashes.txt
+
+should output:
+gbe.bin: OK
+ifd.bin: OK
+
+DISCLAIMER: Considering neither gbe.bin not ifd.bin is proprietary firmware (generated from specifications), those blobs are in tree. 
diff --git a/blobs/xxx0/gbe.bin b/blobs/xxx0/gbe.bin
diff --git a/blobs/xxx0/hashes.txt b/blobs/xxx0/hashes.txt
@@ -0,0 +1,2 @@
+7917e0f0eb16c895da25d8acf01155e88ca189724c48a14cd1645d0d09f1cf5b  gbe.bin
+a2768b73c10593ea2ce7af1f5befc2fb4457fd6a01bbc5499e32aa2b47baa442  ifd.bin
diff --git a/blobs/xxx0/ifd.bin b/blobs/xxx0/ifd.bin
diff --git a/boards/x200-maximized/x200-maximized.config b/boards/x200-maximized/x200-maximized.config
@@ -0,0 +1,62 @@
+# Configuration for a x200 running non-Qubes OSes.
+#
+# Deactivated to fit in coreboot's CONFIG_CBFS_SIZE=0x700000 :
+# dropbear support(ssh client/server)
+# e1000e (ethernet driver)
+#
+# Includes (read blobs/xxx0/README) 
+# - Generated IFD from bincfg 
+# - Forged 00:DE:AD:C0:FF:EE MAC address  
+#   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/ifd-x200.set
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_LINUX_VERSION=4.14.62
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-x200-maximized.config
+CONFIG_LINUX_CONFIG=config/linux-x200.config
+
+CONFIG_CRYPTSETUP=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+
+#Remote attestation support
+#TPM based requirements
+export CONFIG_TPM=n
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+#CONFIG_HOTPKEY=n
+
+#Nitrokey Storage admin tool
+CONFIG_NKSTORECLI=n
+
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+#Additional tools:
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off i915.modeset=1 video=1280x800"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOARD_NAME="Thinkpad X200-maximized"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+
diff --git a/config/coreboot-x200-maximized.config b/config/coreboot-x200-maximized.config
@@ -0,0 +1,15 @@
+CONFIG_ANY_TOOLCHAIN=y
+CONFIG_VENDOR_LENOVO=y
+CONFIG_CBFS_SIZE=0x700000
+CONFIG_BOARD_LENOVO_X200=y
+CONFIG_HAVE_IFD_BIN=y
+CONFIG_HAVE_GBE_BIN=y
+CONFIG_IFD_BIN_PATH="../../blobs/xxx0/ifd.bin"
+CONFIG_GBE_BIN_PATH="../../blobs/xxx0/gbe.bin"
+CONFIG_NO_GFX_INIT=y
+CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="../../build/x200-maximized/bzImage"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_INITRD="../../build/x200-maximized/initrd.cpio.xz"
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		7917e0f0eb16c895da25d8acf01155e88ca189724c48a14cd1645d0d09f1cf5b gbe.bin
		a2768b73c10593ea2ce7af1f5befc2fb4457fd6a01bbc5499e32aa2b47baa442 ifd.bin