diff --git a/.circleci/config.yml b/.circleci/config.yml index c23a19e10..b73fea41b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,97 +2,186 @@ version: 2 jobs: build: docker: - - image: osresearch/heads-ubuntu:16.04 + - image: debian:10 steps: - run: name: Install dependencies command: | apt update - apt install -y \ - build-essential \ - zlib1g-dev \ - uuid-dev \ - libdigest-sha-perl \ - libelf-dev \ - bc \ - bzip2 \ - bison \ - flex \ - git \ - gnupg \ - iasl \ - m4 \ - nasm \ - patch \ - python \ - wget \ - gnat \ - cpio \ - ccache \ - lzma \ - + apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev - checkout - run: - name: Bootstrap make + name: git reset command: | - make -j4 bootstrap + git reset --hard "$CIRCLE_SHA1" \ - run: - name: Bootstrap coreboot-gcc + name: Creating all modules and patches digest command: | - ./build/make-4.2.1/make \ - TOOLCHAIN=/home/builder/heads \ - V=1 \ - BOARD=qemu-coreboot \ - coreboot-gcc - + find ./patches/ ./modules/ -type f | sort -h |xargs sha256sum > /tmp/all_modules_and_patches.sha256sums \ - run: - name: qemu-coreboot + name: Creating musl-cross-make and musl-cross-make patches digest command: | - ./build/make-4.2.1/make \ - TOOLCHAIN=/home/builder/heads \ - V=1 \ - -j4 \ - BOARD=qemu-coreboot \ + find ./patches/musl-cross-* modules/musl-cross* -type f | sort -h | xargs sha256sum > /tmp/musl-cross_module_and_patches.sha256sums \ - - store-artifacts: - path: build/qemu-coreboot/coreboot.rom - - store-artifacts: - path: build/qemu-coreboot/hashes.txt + - restore_cache: + keys: + #Restore existing cache for modules checksums validated to be exactly the same as in github current commit + - heads-modules-and-patches-{{ checksum "/tmp/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }} + #If precedent fails. Restore cache for musl-cross module checksum validated to be exactly the same as in github current commit + - heads-cross-musl-{{ checksum "/tmp/musl-cross_module_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }} + +# linuxboot steps need something to pass in the kernel header path +# skipping for now +# - run: +# name: qemu-linuxboot-edk2 +# command: | +# ./build/make-4.2.1/make \ +# CROSS=/cross/bin/x86_64-linux-musl- \ +# BOARD=qemu-linuxboot \ +# `/bin/pwd`/build/linuxboot-git/build/qemu/.configured \ +# # Run first to avoid too many processes +# +# - run: +# name: qemu-linuxboot +# command: | +# ./build/make-4.2.1/make \ +# CROSS=/cross/bin/x86_64-linux-musl- \ +# --load 2 \ +# V=1 \ +# BOARD=qemu-linuxboot \ +# +# - store-artifacts: +# path: build/qemu-linuxboot/linuxboot.rom +# - store-artifacts: +# path: build/qemu-linuxboot/hashes.txt - run: - name: qemu-linuxboot + name: x230-flash + #We delete build/make-4.2.1/ directory until issue #799 is fixed. command: | - ./build/make-4.2.1/make \ - TOOLCHAIN=/home/builder/heads \ + rm -rf build/x230-flash/* build/log/* && make --load 2 \ V=1 \ - -j4 \ - BOARD=qemu-linuxboot \ - + BOARD=x230-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1) \ + no_output_timeout: 3h + - run: + name: Ouput x230-flash hashes + command: | + cat build/x230-flash/hashes.txt \ + - run: + name: Archiving build logs for x230-flash + command: | + tar zcvf build/x230-flash/logs.tar.gz build/log/* - store-artifacts: - path: build/qemu-linuxboot/linuxboot.rom + path: build/x230-flash + + - run: + name: t430-flash + command: | + rm -rf build/t430-flash/* build/log/* && make --load 2 \ + V=1 \ + BOARD=t430-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1) \ + no_output_timeout: 3h + - run: + name: Ouput t430-flash hashes + command: | + cat build/t430-flash/hashes.txt \ + - run: + name: Archiving build logs for t430-flash + command: | + tar zcvf build/t430-flash/logs.tar.gz build/log/* - store-artifacts: - path: build/qemu-linuxboot/hashes.txt + path: build/t430-flash + - run: + name: t430 + command: | + rm -rf build/t430/* build/log/* && make --load 2 \ + V=1 \ + BOARD=t430 || (find ./build/log/ -cmin 1|xargs tail; exit 1) \ + no_output_timeout: 3h + - run: + name: Ouput t430 hashes + command: | + cat build/t430/hashes.txt \ + - run: + name: Archiving build logs for t430 + command: | + tar zcvf build/t430/logs.tar.gz build/log/* + - store-artifacts: + path: build/t430 - run: name: x230 command: | - ./build/make-4.2.1/make \ - TOOLCHAIN=/home/builder/heads \ - -j4 \ + rm -rf build/x230/* build/log/* && make --load 2 \ V=1 \ - BOARD=x230 \ + BOARD=x230 || (find ./build/log/ -cmin 1|xargs tail; exit 1) \ + no_output_timeout: 3h + - run: + name: Ouput x230 hashes + command: | + cat build/x230/hashes.txt \ + - run: + name: Archiving build logs for x230 + command: | + tar zcvf build/x230/logs.tar.gz build/log/* + - store-artifacts: + path: build/x230 + - run: + name: x230-hotp-verification + command: | + rm -rf build/x230-hotp-verification/* build/log/* && make --load 2 \ + V=1 \ + BOARD=x230-hotp-verification || (find ./build/log/ -cmin 1|xargs tail; exit 1) \ + no_output_timeout: 3h + - run: + name: Ouput x230-hotp-verification hashes + command: | + cat build/x230-hotp-verification/hashes.txt \ + - run: + name: Archiving build logs for x230-hotp-verification + command: | + tar zcvf build/x230-hotp-verification/logs.tar.gz build/log/* - store-artifacts: - path: build/x230/coreboot.rom + path: build/x230-hotp-verification + + - run: + name: qemu-coreboot + command: | + rm -rf build/qemu-coreboot/* build/log/* && make --load 2 \ + V=1 \ + BOARD=qemu-coreboot || (find ./build/log/ -cmin 1|xargs tail; exit 1) \ + no_output_timeout: 3h + - run: + name: Output qemu-coreboot hashes + command: | + cat build/qemu-coreboot/hashes.txt \ + - run: + name: Archiving build logs for qemu-coreboot + command: | + tar zcvf build/qemu-coreboot/logs.tar.gz build/log/* - store-artifacts: - path: build/x230/hashes.txt + path: build/qemu-coreboot + - save_cache: + #Generate cache for the same musl-cross module definition if hash is not previously existing + key: heads-cross-musl-{{ checksum "/tmp/musl-cross_module_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }} + paths: + - crossgcc + - build/musl-cross-* + - save_cache: + #Generate cache for the exact same modules definitions if hash is not previously existing + key: heads-modules-and-patches-{{ checksum "/tmp/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }} + paths: + - packages + - crossgcc + - build workflows: version: 2 build_and_test: diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 000000000..545d8b59a --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,87 @@ +image: fedora:30 + +variables: + DOCKER_DRIVER: overlay2 + +stages: + - build + +build: + stage: build + retry: 1 + cache: + paths: + - packages + - crossgcc + - build + key: "heads-$GITLAB_USER_LOGIN-2" + script: + - dnf install -y @development-tools gcc-c++ gcc-gnat zlib-devel perl-Digest-MD5 perl-Digest-SHA uuid-devel pcsc-tools ncurses-devel lbzip2 libuuid-devel lzma elfutils-libelf-devel bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget libusb-devel cmake automake pv bsdiff autoconf libtool cpio texinfo + - git fetch origin + - git reset --hard origin/$CI_COMMIT_REF_NAME + - echo "Removing old x230-flash artifacts..." + - rm -rf ./build/x230-flash/* + - rm -rf ./build/log/* + - echo "Building BOARD=x230-flash board..." + - make BOARD=x230-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1) + - echo "x230-flash hashes:" + - cat ./build/x230-flash/hashes.txt + - echo "Archiving x230-flash logs..." + - tar zcvf ./build/x230-flash/logs.tar.gz ./build/log/* + - echo "Removing old t430-flash artifacts..." + - rm -rf ./build/t430-flash/* + - rm -rf ./build/log/* + - echo "Building BOARD=t430-flash board..." + - make BOARD=t430-flash || (find ./build/log/ -cmin 1|xargs tail; exit 1) + - echo "t430-flash hashes:" + - cat ./build/t430-flash/hashes.txt + - echo "Archiving t430-flash logs..." + - tar zcvf ./build/t430-flash/logs.tar.gz ./build/log/* + - echo "Removing old x230-hotp-verification artifacts..." + - rm -rf ./build/x230-hotp-verification/* + - rm -rf ./build/log/* + - echo "Building BOARD=x230-hotp-verification board..." + - make BOARD=x230-hotp-verification || (find ./build/log/ -cmin 1|xargs tail; exit 1) + - echo "x230-hotp-verification hashes:" + - cat ./build/x230-hotp-verification/hashes.txt + - echo "Archiving x230-hotp-verification logs..." + - tar zcvf ./build/x230-hotp-verification/logs.tar.gz ./build/log/* + - echo "Removing old x230 artifacts..." + - rm -rf ./build/x230/* + - rm -rf ./build/log/* + - echo "Building BOARD=x230 board..." + - make BOARD=x230 || (find ./build/log/ -cmin 1|xargs tail; exit 1) + - echo "x230 hashes:" + - cat ./build/x230/hashes.txt + - echo "Archiving x230 logs..." + - tar zcvf ./build/x230/logs.tar.gz ./build/log/* + + - echo "Removing old t430 artifacts..." + - rm -rf ./build/t430/* + - rm -rf ./build/log/* + - echo "Building BOARD=t430 board..." + - make BOARD=t430 || (find ./build/log/ -cmin 1|xargs tail; exit 1) + - echo "t430 hashes:" + - cat ./build/t430/hashes.txt + - echo "Archiving t430 logs..." + - tar zcvf ./build/t430/logs.tar.gz ./build/log/* + + - echo "Removing old qemu-coreboot artifacts..." + - rm -rf ./build/qemu-coreboot/* + - rm -rf ./build/log/* + - echo "Building BOARD=qemu-coreboot board..." + - make BOARD=qemu-coreboot || (find ./build/log/ -cmin 1|xargs tail; exit 1) + - echo "qemu-coreboot hashes:" + - cat ./build/qemu-coreboot/hashes.txt + - echo "Archiving qemu-coreboot logs..." + - tar zcvf ./build/qemu-coreboot/logs.tar.gz ./build/log/* + - echo "Calculate used space for cache" + - du -shc packages crossgcc build + artifacts: + paths: + - ./build/qemu-coreboot + - ./build/x230-flash + - ./build/t430-flash + - ./build/x230-hotp-verification + - ./build/x230 + - ./build/t430 diff --git a/Makefile b/Makefile index 74818a110..10faebf7b 100644 --- a/Makefile +++ b/Makefile @@ -106,11 +106,13 @@ SHELL := /bin/bash # be defined prior to any other module. include modules/musl-cross -musl_dep := musl -heads_cc := $(INSTALL)/bin/musl-gcc \ +musl_dep := musl-cross +heads_cc := $(CROSS)gcc \ -fdebug-prefix-map=$(pwd)=heads \ -gno-record-gcc-switches \ -D__MUSL__ \ + -I$(INSTALL)/include \ + -L$(INSTALL)/lib \ CROSS_TOOLS_NOCC := \ AR="$(CROSS)ar" \ @@ -145,8 +147,9 @@ all: FORCE: # Make helpers to operate on lists of things +# Prefix is "smart" and doesn't add the prefix for absolute file paths define prefix = -$(foreach _, $2, $1$_) +$(foreach _, $2, $(if $(patsubst /%,,$_),$1$_,$_)) endef define map = $(foreach _,$2,$(eval $(call $1,$_))) @@ -264,9 +267,10 @@ define define_module = # Unpack the tar file and touch the canary so that we know # that the files are all present $(build)/$($1_base_dir)/.canary: $(packages)/.$1-$($1_version)_verify - tar -xf "$(packages)/$($1_tar)" -C "$(build)" + mkdir -p "$$(dir $$@)" + tar -xf "$(packages)/$($1_tar)" $(or $($1_tar_opt),--strip 1) -C "$$(dir $$@)" if [ -r patches/$1-$($1_version).patch ]; then \ - ( cd $(build)/$($1_base_dir) ; patch -p1 ) \ + ( cd $$(dir $$@) ; patch -p1 ) \ < patches/$1-$($1_version).patch \ || exit 1 ; \ fi @@ -274,7 +278,7 @@ define define_module = [ -r patches/$1-$($1_version) ] ; then \ for patch in patches/$1-$($1_version)/*.patch ; do \ echo "Applying patch file : $$$$patch " ; \ - ( cd $(build)/$($1_base_dir) ; patch -p1 ) \ + ( cd $$(dir $$@) ; patch -p1 ) \ < $$$$patch \ || exit 1 ; \ done ; \ @@ -409,6 +413,7 @@ endef # Only some modules have binaries that we install # Shouldn't this be specified in the module file? +#bin_modules-$(CONFIG_MUSL) += musl-cross bin_modules-$(CONFIG_KEXEC) += kexec bin_modules-$(CONFIG_TPMTOTP) += tpmtotp bin_modules-$(CONFIG_PCIUTILS) += pciutils @@ -423,7 +428,8 @@ bin_modules-$(CONFIG_FLASHTOOLS) += flashtools bin_modules-$(CONFIG_NEWT) += newt bin_modules-$(CONFIG_CAIRO) += cairo bin_modules-$(CONFIG_FBWHIPTAIL) += fbwhiptail -bin_modules-$(CONFIG_LIBREMKEY) += libremkey-hotp-verification +bin_modules-$(CONFIG_HOTPKEY) += hotp-verification +bin_modules-$(CONFIG_MSRTOOLS) += msrtools $(foreach m, $(bin_modules-y), \ $(call map,initrd_bin_add,$(call bins,$m)) \ @@ -449,8 +455,7 @@ endif $(COREBOOT_UTIL_DIR)/cbmem/cbmem \ $(COREBOOT_UTIL_DIR)/superiotool/superiotool \ $(COREBOOT_UTIL_DIR)/inteltool/inteltool \ -: $(build)/$(coreboot_base_dir)/.canary \ - $(build)/$(musl_dir)/.build +: $(build)/$(coreboot_base_dir)/.canary +$(call do,MAKE,$(notdir $@),\ $(MAKE) -C "$(dir $@)" $(CROSS_TOOLS) \ ) @@ -562,7 +567,6 @@ modules.clean: real.clean: for dir in \ $(module_dirs) \ - $(musl_dir) \ $(kernel_headers) \ ; do \ if [ ! -z "$$dir" ]; then \ @@ -598,8 +602,8 @@ $(build)/$(make_dir)/.extract: $(packages)/$(make_tar) tar xf "$<" -C "$(build)" touch "$@" -$(build)/$(make_dir)/.patch: patches/make-$(make_version).patch $(build)/$(make_dir)/.extract - ( cd "$(dir $@)" ; patch -p1 ) < "$<" +$(build)/$(make_dir)/.patch: $(build)/$(make_dir)/.extract + ( cd "$(dir $@)" ; patch -p1 ) < "patches/make-$(make_version).patch" touch "$@" $(build)/$(make_dir)/.configured: $(build)/$(make_dir)/.patch diff --git a/README.md b/README.md index 152679131..68f0b5b22 100644 --- a/README.md +++ b/README.md @@ -28,11 +28,12 @@ Please refer to [Heads-wiki](https://github.com/osresearch/heads-wiki/blob/maste Building heads === +`make BOARD=board_name` where board_name is the name of the board directory under `./boards` directory. In order to build reproducible firmware images, Heads builds a specific version of gcc and uses it to compile the Linux kernel and various tools that go into the initrd. Unfortunately this means the first step is a -little slow since it will clone the `musl-cross` tree and build gcc... +little slow since it will clone the `musl-cross-make` tree and build gcc... Once that is done, the top level `Makefile` will handle most of the remaining details -- it downloads the various packages, verifies the @@ -57,7 +58,6 @@ directory and include: * [lvm2](https://sourceware.org/lvm2/) * [gnupg](https://www.gnupg.org/) * [Linux kernel](https://kernel.org) -* [Xen hypervisor](https://www.xenproject.org/) We also recommend installing [Qubes OS](https://www.qubes-os.org/), although there Heads can `kexec` into any Linux or @@ -69,7 +69,7 @@ Notes: * Building coreboot's cross compilers can take a while. Luckily this is only done once. * Builds are finally reproducible! The [reproduciblebuilds tag](https://github.com/osresearch/heads/issues?q=is%3Aopen+is%3Aissue+milestone%3Areproduciblebuilds) tracks any regressions. -* Currently only tested in QEMU, the Thinkpad x230 and the Chell Chromebook. +* Currently only tested in QEMU, the Thinkpad x230, Librem series and the Chell Chromebook. ** Xen and the TPM do not work in QEMU, so it is only for testing the `initrd` image. * Building for the Lenovo X220 requires binary blobs to be placed in the blobs/x220/ folder. See the readme.md file in that folder diff --git a/blobs/dev.cpio b/blobs/dev.cpio index 5e71bf641..43f108809 100644 Binary files a/blobs/dev.cpio and b/blobs/dev.cpio differ diff --git a/blobs/librem_kbl/get_blobs.sh b/blobs/librem_kbl/get_blobs.sh index 7614119f1..ff7087f64 100755 --- a/blobs/librem_kbl/get_blobs.sh +++ b/blobs/librem_kbl/get_blobs.sh @@ -2,15 +2,16 @@ # depends on : wget sha256sum gunzip # Purism source -PURISM_SOURCE="https://source.puri.sm/coreboot/releases/raw/master" +RELEASES_GIT_HASH="9828ffc0fbe7e0da65f10fe5e14f68f0ef061d5d" +PURISM_SOURCE="https://source.puri.sm/coreboot/releases/raw/${RELEASES_GIT_HASH}" # Librem 13 v4 and Librem 15 v4 binary blob hashes -KBL_UCODE_SHA="a420274eecca369fcca465cc46725d61c0ae8ca2e18f201b1751faf9e081fb2e" +KBL_UCODE_SHA="bb07f0f77abe08e553f85b99d18fa129f991bf3613cf73d77c4f0ece87dd251e" KBL_DESCRIPTOR_SHA="642ca36f52aabb5198b82e013bf64a73a5148693a58376fffce322a4d438b524" KBL_ME_SHA="0eec2e1135193941edd39d0ec0f463e353d0c6c9068867a2f32a72b64334fb34" -KBL_FSPM_SHA="5da3ad7718eb3f6700fb9d97be988d9c8bdd2d8b5910273a80928c49122d5b2d" -KBL_FSPS_SHA="c81ffa40df0b6cd6cfde4f476d452a1f6f2217bc96a3b98a4fa4a037ee7039cf" -KBL_VBT_SHA="0ba40c1b8c0fb030a0e1a789eda8b2a7369339a410ad8c4620719e451ea69b98" +KBL_FSPM_SHA="b285fc2240df7fee4fa069444cc2be2ebf5ea70af21b722b0e3dd102321b4877" +KBL_FSPS_SHA="223d0f3d3ff28c46a3ac33442385ffedefe2d3063774784d4fef432013568019" +KBL_VBT_SHA="45135459f7cbc06675fec5688479c2e2f4335d77c61bb58e4016d32ba7daa9d0" # cbfstool, ifdtool, coreboot image from Purism repo CBFSTOOL_FILE="cbfstool.gz" @@ -26,7 +27,7 @@ IFDTOOL_BIN="./ifdtool" COREBOOT_IMAGE="coreboot-l13v4.rom" COREBOOT_IMAGE_FILE="$COREBOOT_IMAGE.gz" COREBOOT_IMAGE_URL="$PURISM_SOURCE/librem_13v4/$COREBOOT_IMAGE_FILE" -COREBOOT_IMAGE_SHA="4491efd0a8b2de5a88fd7491a5d2605884ed956c3d271d7761906269b4cfb601" +COREBOOT_IMAGE_SHA="5a7548e2742289fa66339f817f4247599d51bc7a5a6a9e887efd39fcf7f9e831" die () { local msg=$1 @@ -121,4 +122,4 @@ rm -f $COREBOOT_IMAGE >/dev/null 2>&1 rm -f *.gz >/dev/null 2>&1 echo "" -echo "All blobs have been verified and are ready for use" \ No newline at end of file +echo "All blobs have been verified and are ready for use" diff --git a/blobs/librem_kbl/readme.md b/blobs/librem_kbl/readme.md index 427af8650..b24ec9a80 100644 --- a/blobs/librem_kbl/readme.md +++ b/blobs/librem_kbl/readme.md @@ -14,7 +14,7 @@ The script depends on: wget sha256sum python2.7 bspatch pv You can now compile the image with: ``` -make BOARD=librem13v4 +make BOARD=librem_13v4 or -make BOARD=librem15v4 +make BOARD=librem_15v4 ``` diff --git a/blobs/librem_skl/get_blobs.sh b/blobs/librem_skl/get_blobs.sh index 02ffad77d..e455f3d41 100755 --- a/blobs/librem_skl/get_blobs.sh +++ b/blobs/librem_skl/get_blobs.sh @@ -2,15 +2,16 @@ # depends on : wget sha256sum gunzip # Purism source -PURISM_SOURCE="https://source.puri.sm/coreboot/releases/raw/master" +RELEASES_GIT_HASH="9828ffc0fbe7e0da65f10fe5e14f68f0ef061d5d" +PURISM_SOURCE="https://source.puri.sm/coreboot/releases/raw/${RELEASES_GIT_HASH}" # Librem 13 v2/v3 and Librem 15 v3 binary blob hashes -SKL_UCODE_SHA="9c84936df700d74612a99e6ab581640ecf423d25a0b74a1ea23a6d9872349213" +SKL_UCODE_SHA="e528d2ccc5d76cd04bfabb556a3fbb70b93d9aca43e291e0f0104fbaae5720fd" SKL_DESCRIPTOR_SHA="642ca36f52aabb5198b82e013bf64a73a5148693a58376fffce322a4d438b524" SKL_ME_SHA="cf06d3eb8b24490a1ab46fd988b6cef822e5347cd6a2e92bc332cb4a376eb8bc" -SKL_FSPM_SHA="5da3ad7718eb3f6700fb9d97be988d9c8bdd2d8b5910273a80928c49122d5b2d" -SKL_FSPS_SHA="c81ffa40df0b6cd6cfde4f476d452a1f6f2217bc96a3b98a4fa4a037ee7039cf" -SKL_VBT_SHA="0ba40c1b8c0fb030a0e1a789eda8b2a7369339a410ad8c4620719e451ea69b98" +SKL_FSPM_SHA="5f402416894c324b6cbf8cba85068ac2c3de9be8dd4f37fae3af6cfed7acc38e" +SKL_FSPS_SHA="223d0f3d3ff28c46a3ac33442385ffedefe2d3063774784d4fef432013568019" +SKL_VBT_SHA="45135459f7cbc06675fec5688479c2e2f4335d77c61bb58e4016d32ba7daa9d0" # cbfstool, ifdtool, coreboot image from Purism repo CBFSTOOL_FILE="cbfstool.gz" @@ -23,10 +24,10 @@ IFDTOOL_URL="$PURISM_SOURCE/tools/$IFDTOOL_FILE" IFDTOOL_SHA="08228ece4968794499ebd49a851f7d3f7f1b81352da8cd6e0c7916ac931a7d72" IFDTOOL_BIN="./ifdtool" -COREBOOT_IMAGE="coreboot-l13v3.rom" +COREBOOT_IMAGE="coreboot-l13v2.rom" COREBOOT_IMAGE_FILE="$COREBOOT_IMAGE.gz" -COREBOOT_IMAGE_URL="$PURISM_SOURCE/librem_13v3/$COREBOOT_IMAGE_FILE" -COREBOOT_IMAGE_SHA="34276a7b82624cfb29aed688df7f2b4e747a9e951196e376732e972c8575ece6" +COREBOOT_IMAGE_URL="$PURISM_SOURCE/librem_13v2/$COREBOOT_IMAGE_FILE" +COREBOOT_IMAGE_SHA="c703e0e705554bc7eb90814ae933d4372c0042927a6bbd7f27024cb99a8993d6" die () { local msg=$1 @@ -121,4 +122,4 @@ rm -f $COREBOOT_IMAGE >/dev/null 2>&1 rm -f *.gz >/dev/null 2>&1 echo "" -echo "All blobs have been verified and are ready for use" \ No newline at end of file +echo "All blobs have been verified and are ready for use" diff --git a/blobs/librem_skl/readme.md b/blobs/librem_skl/readme.md index 01d2596b2..39995cdc9 100644 --- a/blobs/librem_skl/readme.md +++ b/blobs/librem_skl/readme.md @@ -14,5 +14,7 @@ The script depends on: wget sha256sum python2.7 bspatch pv You can now compile the image with: ``` -make BOARD=librem13v2 +make BOARD=librem_13v2 +or +make BOARD=librem_15v3 ``` diff --git a/blobs/t420/extract.sh b/blobs/t420/extract.sh new file mode 100755 index 000000000..422924741 --- /dev/null +++ b/blobs/t420/extract.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +function printusage { + echo "Usage: $0 -f -m (optional) -i (optional)" + exit 0 +} + +BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +if [ "$#" -eq 0 ]; then printusage; fi + +while getopts ":f:m:i:" opt; do + case $opt in + f) + FILE="$OPTARG" + ;; + m) + if [ -x "$OPTARG" ]; then + MECLEAN="$OPTARG" + fi + ;; + i) + if [ -x "$OPTARG" ]; then + IFDTOOL="$OPTARG" + fi + ;; + esac +done + +if [ -z "$MECLEAN" ]; then + MECLEAN=`command -v $BLOBDIR/../../build/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1|head -n1` + if [ -z "$MECLEAN" ]; then + echo "me_cleaner.py required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +if [ -z "$IFDTOOL" ]; then + IFDTOOL=`command -v $BLOBDIR/../../build/coreboot-*/util/ifdtool/ifdtool 2>&1|head -n1` + if [ -z "$IFDTOOL" ]; then + echo "ifdtool required but not found or specified with -m. Aborting." + exit 1; + fi +fi + +echo "FILE: $FILE" +echo "ME: $MECLEAN" +echo "IFD: $IFDTOOL" + +bioscopy=$(mktemp) +extractdir=$(mktemp -d) + +cp "$FILE" $bioscopy + +cd "$extractdir" +$IFDTOOL -x $bioscopy +cp "$extractdir/flashregion_3_gbe.bin" "$BLOBDIR/gbe.bin" +$MECLEAN -O "$BLOBDIR/me.bin" -r -t "$extractdir/flashregion_2_intel_me.bin" +$IFDTOOL -n "$BLOBDIR/layout.txt" $bioscopy +$IFDTOOL -x $bioscopy.new +cp "$extractdir/flashregion_0_flashdescriptor.bin" "$BLOBDIR/ifd.bin" + +rm "$bioscopy" +rm "$bioscopy.new" +rm -r "$extractdir" diff --git a/blobs/t420/layout.txt b/blobs/t420/layout.txt new file mode 100644 index 000000000..bbd90962c --- /dev/null +++ b/blobs/t420/layout.txt @@ -0,0 +1,4 @@ +00000000:00000fff fd +00018000:007fffff bios +00003000:00017fff me +00001000:00002fff gbe diff --git a/blobs/t420/readme.md b/blobs/t420/readme.md new file mode 100644 index 000000000..4a40a0528 --- /dev/null +++ b/blobs/t420/readme.md @@ -0,0 +1,29 @@ +To build for T420, we need to have the following files in this folder: +* `me.bin` - ME binary that has been stripped and truncated with me_cleaner +* `gbe.bin` - Network card blob from the original firmware +* `ifd.bin` - Flash layout file has been provided as text + +To get the binaries, start with a copy of the original Lenovo firmware image. +If you do not have one already, you can read one out from the laptops SPI flash with flashrom + +``` +flashrom -p -r original.bin +``` + +Set `` to the flashrom programmer type that you will use (for example, `linux_spi:dev=/dev/spidev0.0` on a Raspberry Pi). + +Once you have the image, the provided extraction script will extract the files needed. + +``` +./extract.sh -f +``` + +Use the options '-m' and '-i' to provide me_cleaner and ifdtool if they can not be located automatically. + +The flash layout will be automatically adjusted and the ME image cleaned and truncated. + +You can now compile the image with: + +``` +make BOARD=t420 +``` diff --git a/blobs/x220/extract.sh b/blobs/x220/extract.sh index 173ed7fc6..422924741 100755 --- a/blobs/x220/extract.sh +++ b/blobs/x220/extract.sh @@ -5,6 +5,8 @@ function printusage { exit 0 } +BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + if [ "$#" -eq 0 ]; then printusage; fi while getopts ":f:m:i:" opt; do @@ -26,7 +28,7 @@ while getopts ":f:m:i:" opt; do done if [ -z "$MECLEAN" ]; then - MECLEAN=`command -v me_cleaner.py 2>&1` + MECLEAN=`command -v $BLOBDIR/../../build/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1|head -n1` if [ -z "$MECLEAN" ]; then echo "me_cleaner.py required but not found or specified with -m. Aborting." exit 1; @@ -34,7 +36,7 @@ if [ -z "$MECLEAN" ]; then fi if [ -z "$IFDTOOL" ]; then - IFDTOOL=`command -v ifdtool 2>&1` + IFDTOOL=`command -v $BLOBDIR/../../build/coreboot-*/util/ifdtool/ifdtool 2>&1|head -n1` if [ -z "$IFDTOOL" ]; then echo "ifdtool required but not found or specified with -m. Aborting." exit 1; @@ -47,7 +49,6 @@ echo "IFD: $IFDTOOL" bioscopy=$(mktemp) extractdir=$(mktemp -d) -BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" cp "$FILE" $bioscopy diff --git a/blobs/x220/readme.md b/blobs/x220/readme.md index ff682f3b6..2d2ce210e 100644 --- a/blobs/x220/readme.md +++ b/blobs/x220/readme.md @@ -7,7 +7,7 @@ To get the binaries, start with a copy of the original Lenovo firmware image. If you do not have one already, you can read one out from the laptops SPI flash. ``` -flashrom --programmer internal:laptop=force_I_want_a_brick -r original.bin +flashrom --programmer internal -r original.bin ``` Once you have the image, the provided extraction script will extract the files needed. diff --git a/boards/kgpe-d16/kgpe-d16.config b/boards/kgpe-d16/kgpe-d16.config index 466fdf015..6c2c4ac60 100644 --- a/boards/kgpe-d16/kgpe-d16.config +++ b/boards/kgpe-d16/kgpe-d16.config @@ -1,5 +1,8 @@ # Configuration for a kgpe-d16 running non-Qubes export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16.config CONFIG_LINUX_CONFIG=config/linux-kgpe-d16.config @@ -28,6 +31,6 @@ export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 " export CONFIG_BOOT_KERNEL_REMOVE="" export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0" +export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal" #export CONFIG_BOOT_STATIC_IP=192.168.1.2 diff --git a/boards/leopard/leopard.config b/boards/leopard/leopard.config index d0471623c..672ed47f8 100644 --- a/boards/leopard/leopard.config +++ b/boards/leopard/leopard.config @@ -42,7 +42,6 @@ export CONFIG_TPM=n export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" $(build)/$(BOARD)/linuxboot.rom: linuxboot.intermediate diff --git a/boards/librem13v2/librem13v2.config b/boards/librem_13v2/librem_13v2.config similarity index 66% rename from boards/librem13v2/librem13v2.config rename to boards/librem_13v2/librem_13v2.config index eca005831..9c84e678c 100644 --- a/boards/librem13v2/librem13v2.config +++ b/boards/librem_13v2/librem_13v2.config @@ -1,8 +1,11 @@ -# Configuration for a librem13v2 -CONFIG_LINUX_CONFIG=config/linux-librem13v2.config -CONFIG_COREBOOT_CONFIG=config/coreboot-librem13v2.config +# Configuration for a librem_13v2 +CONFIG_LINUX_CONFIG=config/linux-librem_common.config +CONFIG_COREBOOT_CONFIG=config/coreboot-librem_13v2.config export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + CONFIG_CRYPTSETUP=y CONFIG_FLASHROM=y CONFIG_FLASHTOOLS=y @@ -20,18 +23,19 @@ CONFIG_TPMTOTP=y #CONFIG_NEWT=y CONFIG_CAIRO=y CONFIG_FBWHIPTAIL=y -CONFIG_LIBREMKEY=y +CONFIG_HOTPKEY=y CONFIG_LINUX_USB=y export CONFIG_TPM=y +export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="" -export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 13v2 Heads Boot Menu" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="-p internal" diff --git a/boards/librem13v4/librem13v4.config b/boards/librem_13v4/librem_13v4.config similarity index 66% rename from boards/librem13v4/librem13v4.config rename to boards/librem_13v4/librem_13v4.config index 12fe04886..09540cfd8 100644 --- a/boards/librem13v4/librem13v4.config +++ b/boards/librem_13v4/librem_13v4.config @@ -1,8 +1,11 @@ -# Configuration for a librem13v4 -CONFIG_LINUX_CONFIG=config/linux-librem13v2.config -CONFIG_COREBOOT_CONFIG=config/coreboot-librem13v4.config +# Configuration for a librem_13v4 +CONFIG_LINUX_CONFIG=config/linux-librem_common.config +CONFIG_COREBOOT_CONFIG=config/coreboot-librem_13v4.config export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + CONFIG_CRYPTSETUP=y CONFIG_FLASHROM=y CONFIG_FLASHTOOLS=y @@ -20,18 +23,19 @@ CONFIG_TPMTOTP=y #CONFIG_NEWT=y CONFIG_CAIRO=y CONFIG_FBWHIPTAIL=y -CONFIG_LIBREMKEY=y +CONFIG_HOTPKEY=y CONFIG_LINUX_USB=y export CONFIG_TPM=y +export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="" -export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 13v2 Heads Boot Menu" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="-p internal" diff --git a/boards/librem15v3/librem15v3.config b/boards/librem_15v3/librem_15v3.config similarity index 54% rename from boards/librem15v3/librem15v3.config rename to boards/librem_15v3/librem_15v3.config index ee99c0cdf..2f1d5ca35 100644 --- a/boards/librem15v3/librem15v3.config +++ b/boards/librem_15v3/librem_15v3.config @@ -1,10 +1,11 @@ -# Configuration for a librem15v3 - -# The L15v3 Linux config is the same as the L13v2 linux config -CONFIG_LINUX_CONFIG=config/linux-librem13v2.config -CONFIG_COREBOOT_CONFIG=config/coreboot-librem15v3.config +# Configuration for a librem_15v3 +CONFIG_LINUX_CONFIG=config/linux-librem_common.config +CONFIG_COREBOOT_CONFIG=config/coreboot-librem_15v3.config export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + CONFIG_CRYPTSETUP=y CONFIG_FLASHROM=y CONFIG_FLASHTOOLS=y @@ -22,16 +23,19 @@ CONFIG_TPMTOTP=y #CONFIG_NEWT=y CONFIG_CAIRO=y CONFIG_FBWHIPTAIL=y -CONFIG_LIBREMKEY=y +CONFIG_HOTPKEY=y CONFIG_LINUX_USB=y export CONFIG_TPM=y +export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="" -export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 15v3 Heads Boot Menu" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="-p internal" diff --git a/boards/librem15v4/librem15v4.config b/boards/librem_15v4/librem_15v4.config similarity index 54% rename from boards/librem15v4/librem15v4.config rename to boards/librem_15v4/librem_15v4.config index 38041122e..f9d0f5d98 100644 --- a/boards/librem15v4/librem15v4.config +++ b/boards/librem_15v4/librem_15v4.config @@ -1,10 +1,11 @@ -# Configuration for a librem15v4 - -# The L15v4 Linux config is the same as the L13v2 linux config -CONFIG_LINUX_CONFIG=config/linux-librem13v2.config -CONFIG_COREBOOT_CONFIG=config/coreboot-librem15v4.config +# Configuration for a librem_15v4 +CONFIG_LINUX_CONFIG=config/linux-librem_common.config +CONFIG_COREBOOT_CONFIG=config/coreboot-librem_15v4.config export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + CONFIG_CRYPTSETUP=y CONFIG_FLASHROM=y CONFIG_FLASHTOOLS=y @@ -22,16 +23,19 @@ CONFIG_TPMTOTP=y #CONFIG_NEWT=y CONFIG_CAIRO=y CONFIG_FBWHIPTAIL=y -CONFIG_LIBREMKEY=y +CONFIG_HOTPKEY=y CONFIG_LINUX_USB=y export CONFIG_TPM=y +export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" export CONFIG_BOOT_KERNEL_REMOVE="" -export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_DEV="/dev/nvme0n1p1" export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem 15v4 Heads Boot Menu" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="-p internal" diff --git a/boards/librem_mini/librem_mini.config b/boards/librem_mini/librem_mini.config new file mode 100644 index 000000000..a68773c0c --- /dev/null +++ b/boards/librem_mini/librem_mini.config @@ -0,0 +1,42 @@ +# Configuration for a librem mini +CONFIG_LINUX_CONFIG=config/linux-librem_common.config +CONFIG_COREBOOT_CONFIG=config/coreboot-librem_mini.config + +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.12 +export CONFIG_LINUX_VERSION=4.19.139 +export CONFIG_PURISM_BLOBS=y + +CONFIG_CRYPTSETUP=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y + +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y +CONFIG_HOTPKEY=y + +CONFIG_LINUX_USB=y + +export CONFIG_TPM=y +export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y + +export CONFIG_BOOTSCRIPT=/bin/gui-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_REMOVE="" +export CONFIG_BOOT_DEV="/dev/nvme0n1p1" +export CONFIG_BOOT_GUI_MENU_NAME="Purism Librem Mini Heads Boot Menu" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="-p internal" +export CONFIG_USB_KEYBOARD=y diff --git a/boards/qemu-coreboot-fbwhiptail/qemu-coreboot-fbwhiptail.config b/boards/qemu-coreboot-fbwhiptail/qemu-coreboot-fbwhiptail.config new file mode 100644 index 000000000..b6210ca77 --- /dev/null +++ b/boards/qemu-coreboot-fbwhiptail/qemu-coreboot-fbwhiptail.config @@ -0,0 +1,56 @@ +# Configuration for building a coreboot ROM that works in +# the qemu emulator in GUI mode thanks to FBWhiptail + +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + +CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-fbwhiptail.config +CONFIG_LINUX_CONFIG=config/linux-qemu.config + +ifeq "$(CONFIG_UROOT)" "y" +CONFIG_BUSYBOX=n +else +CONFIG_KEXEC=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_POPT=y +CONFIG_FLASHTOOLS=y +CONFIG_FLASHROM=y +CONFIG_PCIUTILS=y +CONFIG_UTIL_LINUX=y +CONFIG_CRYPTSETUP=y +CONFIG_GPG2=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_DROPBEAR=y +CONFIG_MSRTOOLS=y + +#Required for graphical gui-init (FBWhiptail) +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +endif + +CONFIG_LINUX_ATA=y +CONFIG_LINUX_AHCI=y +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000=y + +#Whiptail-based init (text-based or FBWhiptail) +export CONFIG_BOOTSCRIPT=/bin/gui-init + +export CONFIG_TPM=n + +export CONFIG_BOOT_DEV="/dev/sda1" + +#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh +run: + qemu-system-x86_64 \ + --machine q35 \ + --bios $(build)/$(BOARD)/coreboot.rom \ + -object rng-random,filename=/dev/urandom,id=rng0 \ + -device virtio-rng-pci,rng=rng0 \ + -netdev user,id=u1 -device e1000,netdev=u1 \ + -serial stdio \ + ; stty sane diff --git a/boards/qemu-coreboot/qemu-coreboot.config b/boards/qemu-coreboot/qemu-coreboot.config index d670dc21a..dce3583ed 100644 --- a/boards/qemu-coreboot/qemu-coreboot.config +++ b/boards/qemu-coreboot/qemu-coreboot.config @@ -2,6 +2,9 @@ # the qemu emulator. Note that the TPM does not work, so this # will just drop into the recovery shell. export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + CONFIG_COREBOOT_CONFIG=config/coreboot-qemu.config CONFIG_LINUX_CONFIG=config/linux-qemu.config @@ -21,6 +24,7 @@ CONFIG_GPG2=y CONFIG_LVM2=y CONFIG_MBEDTLS=y CONFIG_DROPBEAR=y +CONFIG_MSRTOOLS=y #Uncomment only one of the following block #Required for graphical gui-init (FBWhiptail) @@ -48,12 +52,14 @@ export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_TPM=n export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" -#run: coreboot.intermediate +#borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh run: qemu-system-x86_64 \ --machine q35 \ --serial /dev/tty \ --bios $(build)/$(BOARD)/coreboot.rom \ + -object rng-random,filename=/dev/urandom,id=rng0 \ + -device virtio-rng-pci,rng=rng0 \ + -netdev user,id=u1 -device e1000,netdev=u1 \ ; stty sane diff --git a/boards/qemu-linuxboot/qemu-linuxboot.config b/boards/qemu-linuxboot/qemu-linuxboot.config index 730ce633d..645457897 100644 --- a/boards/qemu-linuxboot/qemu-linuxboot.config +++ b/boards/qemu-linuxboot/qemu-linuxboot.config @@ -1,6 +1,8 @@ # Configuration for emulating LinuxBoot+Heads with qemu # export CONFIG_LINUXBOOT=y +export CONFIG_LINUX_VERSION=4.14.62 + CONFIG_LINUXBOOT_BOARD=qemu CONFIG_LINUX_CONFIG=config/linux-linuxboot.config @@ -36,7 +38,6 @@ export CONFIG_BOOTSCRIPT_NETWORK=/bin/network-init-recovery export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_BOOT_STATIC_IP=10.0.2.15 # You can ssh into the qemu instance by running diff --git a/boards/r630/r630.config b/boards/r630/r630.config index 23c8d43b5..2f0ec38e1 100644 --- a/boards/r630/r630.config +++ b/boards/r630/r630.config @@ -5,6 +5,8 @@ CONFIG_LINUXBOOT=y CONFIG_LINUXBOOT_ROM=blobs/r630-1.3.6.rom CONFIG_LINUX_CONFIG=config/linux-linuxboot.config +export CONFIG_LINUX_VERSION=4.14.62 + #CONFIG_CRYPTSETUP=y CONFIG_FLASHROM=y #CONFIG_GPG=y @@ -28,4 +30,3 @@ export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" diff --git a/boards/s2600wf/s2600wf.config b/boards/s2600wf/s2600wf.config index 8af985110..591984b39 100644 --- a/boards/s2600wf/s2600wf.config +++ b/boards/s2600wf/s2600wf.config @@ -13,6 +13,8 @@ CONFIG_LINUXBOOT=y CONFIG_LINUXBOOT_ROM=blobs/s2600wf.rom CONFIG_LINUX_CONFIG=config/linux-linuxboot.config +export CONFIG_LINUX_VERSION=4.14.62 + #CONFIG_CRYPTSETUP=y #CONFIG_FLASHROM=y CONFIG_FLASHTOOLS=y @@ -40,4 +42,3 @@ export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" diff --git a/boards/t420/t420.config b/boards/t420/t420.config new file mode 100644 index 000000000..0dcc865fa --- /dev/null +++ b/boards/t420/t420.config @@ -0,0 +1,39 @@ +# Configuration for a T420 running Qubes and other OS, T420 is identical to X230 on the Linux Side of things. +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + +CONFIG_COREBOOT_CONFIG=config/coreboot-t420.config +CONFIG_LINUX_CONFIG=config/linux-x230.config + +CONFIG_CRYPTSETUP=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_DROPBEAR=y + +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=y + +export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad T420 Heads Boot Menu" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" diff --git a/boards/t430-flash/t430-flash.config b/boards/t430-flash/t430-flash.config new file mode 100644 index 000000000..43be7cb21 --- /dev/null +++ b/boards/t430-flash/t430-flash.config @@ -0,0 +1,26 @@ +# Minimal configuration for a t430 to support flashrom, USB and networking +BOARD=t430.flash + +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_PCIUTILS=y + +CONFIG_LINUX_CONFIG=config/linux-x230-flash.config +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=y + +export CONFIG_BOOTSCRIPT=/bin/t430-flash.init +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" + +# This board is "special" in that we only want the top 4 MB of the ROM +# for flashing into SPI flash 1 on the mainboard. This is enough to +# allow the board to boot into a minimal Heads and read the full +# ROM from an external USB media. +all: $(build)/$(BOARD)/$(BOARD).rom +$(build)/$(BOARD)/$(BOARD).rom: $(build)/$(BOARD)/coreboot.rom + dd of=$@ if=$< bs=65536 count=64 skip=128 + sha256sum $@ diff --git a/boards/t430/t430.config b/boards/t430/t430.config new file mode 100644 index 000000000..dde673299 --- /dev/null +++ b/boards/t430/t430.config @@ -0,0 +1,47 @@ +# Configuration for a t430 running Qubes and other OSes +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + +CONFIG_COREBOOT_CONFIG=config/coreboot-t430.config +CONFIG_LINUX_CONFIG=config/linux-x230.config + +CONFIG_CRYPTSETUP=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_DROPBEAR=y + +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=y + +export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad T430 Heads Boot Menu" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" + +# This board has two SPI flash chips, an 8 MB that holds the IFD, +# the ME image and part of the coreboot image, and a 4 MB one that +# has the rest of the coreboot and the reset vector. +# +# Only flashing to the bios region is safe to do. The easiest is to +# flash internally when the IFD is unlocked for writing, and t430-flash +# is installed first. diff --git a/boards/tioga/tioga.config b/boards/tioga/tioga.config index f1144254e..c0dcb4f99 100644 --- a/boards/tioga/tioga.config +++ b/boards/tioga/tioga.config @@ -4,6 +4,8 @@ CONFIG_LINUXBOOT=y CONFIG_LINUXBOOT_ROM=blobs/tioga.rom CONFIG_LINUX_CONFIG=config/linux-linuxboot.config +export CONFIG_LINUX_VERSION=4.14.62 + # If you want to build with the go-based u-root instead of Heads CONFIG_UROOT ?= n @@ -43,7 +45,6 @@ export CONFIG_TPM=n export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" $(build)/$(BOARD)/linuxboot.rom: linuxboot.intermediate diff --git a/boards/winterfell/winterfell.config b/boards/winterfell/winterfell.config index 8e457c6b5..fe1cc3b4b 100644 --- a/boards/winterfell/winterfell.config +++ b/boards/winterfell/winterfell.config @@ -4,6 +4,8 @@ CONFIG_LINUXBOOT=y CONFIG_LINUXBOOT_ROM=blobs/winterfell.rom CONFIG_LINUX_CONFIG=config/linux-linuxboot.config +export CONFIG_LINUX_VERSION=4.14.62 + # If you want to build with the go-based u-root instead of Heads CONFIG_UROOT ?= y @@ -42,7 +44,6 @@ export CONFIG_TPM=n export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" #$(build)/$(BOARD)/linuxboot.rom: $(build)/$(linuxboot_dir)/ diff --git a/boards/x220/x220.config b/boards/x220/x220.config index 0b901bdba..ae2080e42 100644 --- a/boards/x220/x220.config +++ b/boards/x220/x220.config @@ -1,12 +1,15 @@ -# Configuration for a x220 running Qubes and other OS -# The Linux configuration is close enough to the x230 +# Configuration for a x220 running Qubes and other OS, X220 is identical to X230 on the Linux Side of things. export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + CONFIG_COREBOOT_CONFIG=config/coreboot-x220.config CONFIG_LINUX_CONFIG=config/linux-x230.config CONFIG_CRYPTSETUP=y CONFIG_FLASHROM=y -CONFIG_GPG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y CONFIG_KEXEC=y CONFIG_UTIL_LINUX=y CONFIG_LVM2=y @@ -17,14 +20,20 @@ CONFIG_QRENCODE=y CONFIG_TPMTOTP=y CONFIG_DROPBEAR=y +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y -export CONFIG_BOOTSCRIPT=/bin/generic-init export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on" +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" +export CONFIG_BOOT_GUI_MENU_NAME="ThinkPad X220 Heads Boot Menu" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" diff --git a/boards/x230-flash/x230-flash.config b/boards/x230-flash/x230-flash.config index b10d17aff..edb417ea7 100644 --- a/boards/x230-flash/x230-flash.config +++ b/boards/x230-flash/x230-flash.config @@ -2,6 +2,9 @@ BOARD=x230.flash export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + CONFIG_FLASHROM=y #CONFIG_GPG=y CONFIG_FLASHTOOLS=y @@ -15,8 +18,8 @@ CONFIG_LINUX_CONFIG=config/linux-x230-flash.config CONFIG_LINUX_USB=y CONFIG_LINUX_E1000E=y -export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_BOOTSCRIPT=/bin/x230-flash.init +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" # This board is "special" in that we only want the top 4 MB of the ROM # for flashing into SPI flash 1 on the mainboard. This is enough to diff --git a/boards/x230-hotp-verification/x230-hotp-verification.config b/boards/x230-hotp-verification/x230-hotp-verification.config new file mode 100644 index 000000000..5eef5868c --- /dev/null +++ b/boards/x230-hotp-verification/x230-hotp-verification.config @@ -0,0 +1,51 @@ +# Configuration for a x230-hotp-verification (Nitrokey/Purism USB Security dongle enabled HOTP support) +# running Qubes and other OSes +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + +CONFIG_COREBOOT_CONFIG=config/coreboot-x230-hotp-verification.config +CONFIG_LINUX_CONFIG=config/linux-x230.config + +CONFIG_CRYPTSETUP=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_DROPBEAR=y + +#CONFIG_SLANG=y +#CONFIG_NEWT=y +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y +CONFIG_HOTPKEY=y + +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=y + +export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230 Heads Boot Menu" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" + +# This board has two SPI flash chips, an 8 MB that holds the IFD, +# the ME image and part of the coreboot image, and a 4 MB one that +# has the rest of the coreboot and the reset vector. +# +# Only flashing to the bios region is safe to do. The easiest is to +# flash internally when the IFD is unlocked for writing, and x230-flash +# is installed first. diff --git a/boards/x230/x230.config b/boards/x230/x230.config index 1d46ba920..f52fb3550 100644 --- a/boards/x230/x230.config +++ b/boards/x230/x230.config @@ -1,5 +1,8 @@ # Configuration for a x230 running Qubes and other OSes export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=4.8.1 +export CONFIG_LINUX_VERSION=4.14.62 + CONFIG_COREBOOT_CONFIG=config/coreboot-x230.config CONFIG_LINUX_CONFIG=config/linux-x230.config @@ -31,9 +34,9 @@ export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230 Heads Boot Menu" -export CONFIG_USB_BOOT_DEV="/dev/sdb1" export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" # This board has two SPI flash chips, an 8 MB that holds the IFD, # the ME image and part of the coreboot image, and a 4 MB one that diff --git a/config/busybox.config b/config/busybox.config index e7ef9aaad..23b895e05 100644 --- a/config/busybox.config +++ b/config/busybox.config @@ -227,7 +227,7 @@ CONFIG_EXPR=y CONFIG_EXPR_MATH_SUPPORT_64=y CONFIG_FACTOR=y CONFIG_FALSE=y -# CONFIG_FOLD is not set +CONFIG_FOLD=y # CONFIG_FSYNC is not set CONFIG_HEAD=y CONFIG_FEATURE_FANCY_HEAD=y diff --git a/config/coreboot-kgpe-d16.config b/config/coreboot-kgpe-d16.config index 4be5a04b7..01cf91ee6 100644 --- a/config/coreboot-kgpe-d16.config +++ b/config/coreboot-kgpe-d16.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y CONFIG_USE_OPTION_TABLE=y # CONFIG_COLLECT_TIMESTAMPS is not set CONFIG_VENDOR_ASUS=y diff --git a/config/coreboot-librem13v2.config b/config/coreboot-librem_13v2.config similarity index 80% rename from config/coreboot-librem13v2.config rename to config/coreboot-librem_13v2.config index b56ba9d32..d7c899877 100644 --- a/config/coreboot-librem13v2.config +++ b/config/coreboot-librem_13v2.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="4.8.1-Purism-1-heads-beta" +CONFIG_ANY_TOOLCHAIN=y CONFIG_USE_BLOBS=y CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_PURISM=y @@ -25,8 +26,6 @@ CONFIG_FSP_M_XIP=y # CONFIG_DRIVERS_INTEL_WIFI is not set CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y CONFIG_PAYLOAD_LINUX=y -CONFIG_PAYLOAD_FILE="../../build/librem13v2/bzImage" -CONFIG_LINUX_COMMAND_LINE="intel_iommu=on quiet loglevel=3" -CONFIG_LINUX_INITRD="../../build/librem13v2/initrd.cpio.xz" -CONFIG_COREINFO_SECONDARY_PAYLOAD=y -CONFIG_MEMTEST_SECONDARY_PAYLOAD=y +CONFIG_PAYLOAD_FILE="../../build/librem_13v2/bzImage" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3" +CONFIG_LINUX_INITRD="../../build/librem_13v2/initrd.cpio.xz" diff --git a/config/coreboot-librem13v4.config b/config/coreboot-librem_13v4.config similarity index 80% rename from config/coreboot-librem13v4.config rename to config/coreboot-librem_13v4.config index c2935736c..66fd6aa07 100644 --- a/config/coreboot-librem13v4.config +++ b/config/coreboot-librem_13v4.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="4.8.1-Purism-1-heads-beta" +CONFIG_ANY_TOOLCHAIN=y CONFIG_USE_BLOBS=y CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_PURISM=y @@ -25,8 +26,6 @@ CONFIG_FSP_M_XIP=y # CONFIG_DRIVERS_INTEL_WIFI is not set CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y CONFIG_PAYLOAD_LINUX=y -CONFIG_PAYLOAD_FILE="../../build/librem13v4/bzImage" -CONFIG_LINUX_COMMAND_LINE="intel_iommu=on quiet loglevel=3" -CONFIG_LINUX_INITRD="../../build/librem13v4/initrd.cpio.xz" -CONFIG_COREINFO_SECONDARY_PAYLOAD=y -CONFIG_MEMTEST_SECONDARY_PAYLOAD=y +CONFIG_PAYLOAD_FILE="../../build/librem_13v4/bzImage" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3" +CONFIG_LINUX_INITRD="../../build/librem_13v4/initrd.cpio.xz" diff --git a/config/coreboot-librem15v3.config b/config/coreboot-librem_15v3.config similarity index 80% rename from config/coreboot-librem15v3.config rename to config/coreboot-librem_15v3.config index bf5a2bc14..7be32773d 100644 --- a/config/coreboot-librem15v3.config +++ b/config/coreboot-librem_15v3.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="4.8.1-Purism-1-heads-beta" +CONFIG_ANY_TOOLCHAIN=y CONFIG_USE_BLOBS=y CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_PURISM=y @@ -25,8 +26,6 @@ CONFIG_FSP_M_XIP=y # CONFIG_DRIVERS_INTEL_WIFI is not set CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y CONFIG_PAYLOAD_LINUX=y -CONFIG_PAYLOAD_FILE="../../build/librem15v3/bzImage" -CONFIG_LINUX_COMMAND_LINE="intel_iommu=on quiet loglevel=3" -CONFIG_LINUX_INITRD="../../build/librem15v3/initrd.cpio.xz" -CONFIG_COREINFO_SECONDARY_PAYLOAD=y -CONFIG_MEMTEST_SECONDARY_PAYLOAD=y +CONFIG_PAYLOAD_FILE="../../build/librem_15v3/bzImage" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3" +CONFIG_LINUX_INITRD="../../build/librem_15v3/initrd.cpio.xz" diff --git a/config/coreboot-librem15v4.config b/config/coreboot-librem_15v4.config similarity index 80% rename from config/coreboot-librem15v4.config rename to config/coreboot-librem_15v4.config index 541d558a7..36c0e95b8 100644 --- a/config/coreboot-librem15v4.config +++ b/config/coreboot-librem_15v4.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="4.8.1-Purism-1-heads-beta" +CONFIG_ANY_TOOLCHAIN=y CONFIG_USE_BLOBS=y CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_PURISM=y @@ -25,8 +26,6 @@ CONFIG_FSP_M_XIP=y # CONFIG_DRIVERS_INTEL_WIFI is not set CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y CONFIG_PAYLOAD_LINUX=y -CONFIG_PAYLOAD_FILE="../../build/librem15v4/bzImage" -CONFIG_LINUX_COMMAND_LINE="intel_iommu=on quiet loglevel=3" -CONFIG_LINUX_INITRD="../../build/librem15v4/initrd.cpio.xz" -CONFIG_COREINFO_SECONDARY_PAYLOAD=y -CONFIG_MEMTEST_SECONDARY_PAYLOAD=y +CONFIG_PAYLOAD_FILE="../../build/librem_15v4/bzImage" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3" +CONFIG_LINUX_INITRD="../../build/librem_15v4/initrd.cpio.xz" diff --git a/config/coreboot-librem_mini.config b/config/coreboot-librem_mini.config new file mode 100644 index 000000000..ced1b4d24 --- /dev/null +++ b/config/coreboot-librem_mini.config @@ -0,0 +1,14 @@ +CONFIG_LOCALVERSION="PureBoot-beta" +CONFIG_VENDOR_PURISM=y +CONFIG_INTEL_GMA_VBT_FILE="3rdparty/purism-blobs/mainboard/purism/librem_whl/vbt.bin" +CONFIG_IFD_BIN_PATH="3rdparty/purism-blobs/mainboard/purism/librem_whl/flashdescriptor.bin" +CONFIG_ME_BIN_PATH="3rdparty/purism-blobs/mainboard/purism/librem_whl/me.bin" +CONFIG_HAVE_IFD_BIN=y +CONFIG_BOARD_PURISM_LIBREM_MINI=y +CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_BINS=y +CONFIG_CPU_UCODE_BINARIES="3rdparty/purism-blobs/mainboard/purism/librem_whl/cpu_microcode_blob.bin" +CONFIG_HAVE_ME_BIN=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/librem_mini/bzImage" +CONFIG_LINUX_INITRD="../../build/librem_mini/initrd.cpio.xz" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=2" diff --git a/config/coreboot-qemu-fbwhiptail.config b/config/coreboot-qemu-fbwhiptail.config new file mode 100644 index 000000000..a1a6f4323 --- /dev/null +++ b/config/coreboot-qemu-fbwhiptail.config @@ -0,0 +1,19 @@ +CONFIG_LOCALVERSION="-heads" +CONFIG_ANY_TOOLCHAIN=y +# CONFIG_INCLUDE_CONFIG_FILE is not set +CONFIG_CBFS_SIZE=0x700000 +# CONFIG_POST_IO is not set +CONFIG_BOARD_EMULATION_QEMU_X86_Q35=y +# CONFIG_POST_DEVICE is not set +CONFIG_DRIVERS_PS2_KEYBOARD=y +CONFIG_COREBOOT_ROMSIZE_KB_8192=y +CONFIG_PCIEXP_ASPM=y +CONFIG_PCIEXP_COMMON_CLOCK=y +CONFIG_UART_PCI_ADDR=0 +CONFIG_CPU_MICROCODE_CBFS_GENERATE=y +# CONFIG_CONSOLE_SERIAL is not set +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_LINUX_COMMAND_LINE="debug" +CONFIG_PAYLOAD_FILE="../../build/qemu-coreboot-fbwhiptail/bzImage" +CONFIG_LINUX_INITRD="../../build/qemu-coreboot-fbwhiptail/initrd.cpio.xz" diff --git a/config/coreboot-qemu.config b/config/coreboot-qemu.config index cfccf5269..87d0f64a2 100644 --- a/config/coreboot-qemu.config +++ b/config/coreboot-qemu.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="-heads" +CONFIG_ANY_TOOLCHAIN=y # CONFIG_INCLUDE_CONFIG_FILE is not set CONFIG_CBFS_SIZE=0x700000 # CONFIG_POST_IO is not set @@ -13,5 +14,6 @@ CONFIG_CPU_MICROCODE_CBFS_GENERATE=y # CONFIG_CONSOLE_SERIAL is not set CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6=y CONFIG_PAYLOAD_LINUX=y +CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0 vga=786" CONFIG_PAYLOAD_FILE="../../build/qemu-coreboot/bzImage" CONFIG_LINUX_INITRD="../../build/qemu-coreboot/initrd.cpio.xz" diff --git a/config/coreboot-t420.config b/config/coreboot-t420.config new file mode 100644 index 000000000..793ff17d6 --- /dev/null +++ b/config/coreboot-t420.config @@ -0,0 +1,25 @@ +CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y +# CONFIG_INCLUDE_CONFIG_FILE is not set +# CONFIG_COLLECT_TIMESTAMPS is not set +CONFIG_USE_BLOBS=y +CONFIG_MEASURED_BOOT=y +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x750000 +CONFIG_ONBOARD_VGA_IS_PRIMARY=y +CONFIG_HAVE_IFD_BIN=y +CONFIG_HAVE_ME_BIN=y +CONFIG_HAVE_GBE_BIN=y +CONFIG_IFD_BIN_PATH="../../blobs/t420/ifd.bin" +CONFIG_ME_BIN_PATH="../../blobs/t420/me.bin" +CONFIG_BOARD_LENOVO_T420=y +CONFIG_DRIVERS_PS2_KEYBOARD=y +CONFIG_NO_POST=y +CONFIG_GBE_BIN_PATH="../../blobs/t420/gbe.bin" +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/t420/bzImage" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3" +CONFIG_LINUX_INITRD="../../build/t420/initrd.cpio.xz" +CONFIG_DEBUG_SMM_RELOCATION=y diff --git a/config/coreboot-t430-flash.config b/config/coreboot-t430-flash.config new file mode 100644 index 000000000..c44c75375 --- /dev/null +++ b/config/coreboot-t430-flash.config @@ -0,0 +1,18 @@ +CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y +# CONFIG_INCLUDE_CONFIG_FILE is not set +# CONFIG_COLLECT_TIMESTAMPS is not set +CONFIG_USE_BLOBS=y +CONFIG_MEASURED_BOOT=y +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x400000 +# CONFIG_POST_DEVICE is not set +CONFIG_DRIVERS_UART_8250IO=y +CONFIG_BOARD_LENOVO_THINKPAD_T430=y +CONFIG_DRIVERS_PS2_KEYBOARD=y +CONFIG_UART_PCI_ADDR=0 +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/t430-flash/bzImage" +CONFIG_LINUX_INITRD="../../build/t430-flash/initrd.cpio.xz" diff --git a/config/coreboot-t430.config b/config/coreboot-t430.config new file mode 100644 index 000000000..b90f8d5a9 --- /dev/null +++ b/config/coreboot-t430.config @@ -0,0 +1,26 @@ +CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y +# CONFIG_INCLUDE_CONFIG_FILE is not set +# CONFIG_COLLECT_TIMESTAMPS is not set +CONFIG_USE_BLOBS=y +CONFIG_MEASURED_BOOT=y +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x710000 +# CONFIG_POST_IO is not set +# CONFIG_POST_DEVICE is not set +CONFIG_DRIVERS_UART_8250IO=y +CONFIG_BOARD_LENOVO_THINKPAD_T430=y +CONFIG_DRIVERS_PS2_KEYBOARD=y +CONFIG_UART_PCI_ADDR=0 +# CONFIG_CONSOLE_SERIAL is not set +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/t430/bzImage" +CONFIG_PAYLOAD_OPTIONS="" +# CONFIG_PXE is not set +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet" +CONFIG_LINUX_INITRD="../../build/t430/initrd.cpio.xz" +CONFIG_DEBUG_SMM_RELOCATION=y +CONFIG_USE_OPTION_TABLE=y +CONFIG_STATIC_OPTION_TABLE=y diff --git a/config/coreboot-x220.config b/config/coreboot-x220.config index a91aef7dc..01a66302e 100644 --- a/config/coreboot-x220.config +++ b/config/coreboot-x220.config @@ -1,10 +1,11 @@ CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y # CONFIG_INCLUDE_CONFIG_FILE is not set # CONFIG_COLLECT_TIMESTAMPS is not set CONFIG_USE_BLOBS=y CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_LENOVO=y -CONFIG_CBFS_SIZE=0x7e8000 +CONFIG_CBFS_SIZE=0x750000 CONFIG_ONBOARD_VGA_IS_PRIMARY=y CONFIG_HAVE_IFD_BIN=y CONFIG_HAVE_ME_BIN=y @@ -14,12 +15,11 @@ CONFIG_ME_BIN_PATH="../../blobs/x220/me.bin" CONFIG_BOARD_LENOVO_X220=y CONFIG_DRIVERS_PS2_KEYBOARD=y CONFIG_NO_POST=y -CONFIG_CHECK_ME=y CONFIG_GBE_BIN_PATH="../../blobs/x220/gbe.bin" +#CONFIG_DEBUG_TPM=y CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 -CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y CONFIG_PAYLOAD_LINUX=y CONFIG_PAYLOAD_FILE="../../build/x220/bzImage" -CONFIG_LINUX_COMMAND_LINE="quiet" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3" CONFIG_LINUX_INITRD="../../build/x220/initrd.cpio.xz" CONFIG_DEBUG_SMM_RELOCATION=y diff --git a/config/coreboot-x230-flash.config b/config/coreboot-x230-flash.config index 66f3a53cb..6461d02be 100644 --- a/config/coreboot-x230-flash.config +++ b/config/coreboot-x230-flash.config @@ -1,4 +1,5 @@ CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y # CONFIG_INCLUDE_CONFIG_FILE is not set # CONFIG_COLLECT_TIMESTAMPS is not set CONFIG_USE_BLOBS=y diff --git a/config/coreboot-x230-hotp-verification.config b/config/coreboot-x230-hotp-verification.config new file mode 100644 index 000000000..150c73332 --- /dev/null +++ b/config/coreboot-x230-hotp-verification.config @@ -0,0 +1,15 @@ +CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y +CONFIG_MEASURED_BOOT=y +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x710000 +CONFIG_BOARD_LENOVO_X230=y +CONFIG_NO_POST=y +CONFIG_UART_PCI_ADDR=0 +CONFIG_NO_GFX_INIT=y +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/x230-hotp-verification/bzImage" +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet" +CONFIG_LINUX_INITRD="../../build/x230-hotp-verification/initrd.cpio.xz" diff --git a/config/coreboot-x230.config b/config/coreboot-x230.config index 65b13b581..68ef480c1 100644 --- a/config/coreboot-x230.config +++ b/config/coreboot-x230.config @@ -1,10 +1,11 @@ CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y # CONFIG_INCLUDE_CONFIG_FILE is not set # CONFIG_COLLECT_TIMESTAMPS is not set CONFIG_USE_BLOBS=y CONFIG_MEASURED_BOOT=y CONFIG_VENDOR_LENOVO=y -CONFIG_CBFS_SIZE=0x700000 +CONFIG_CBFS_SIZE=0x710000 # CONFIG_POST_IO is not set # CONFIG_POST_DEVICE is not set CONFIG_DRIVERS_UART_8250IO=y @@ -22,3 +23,5 @@ CONFIG_PAYLOAD_OPTIONS="" CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet" CONFIG_LINUX_INITRD="../../build/x230/initrd.cpio.xz" CONFIG_DEBUG_SMM_RELOCATION=y +CONFIG_USE_OPTION_TABLE=y +CONFIG_STATIC_OPTION_TABLE=y diff --git a/config/linux-librem13v2.config b/config/linux-librem_common.config similarity index 99% rename from config/linux-librem13v2.config rename to config/linux-librem_common.config index 35a3f5ed5..d0742ec1b 100644 --- a/config/linux-librem13v2.config +++ b/config/linux-librem_common.config @@ -319,3 +319,4 @@ CONFIG_CRC8=m CONFIG_XZ_DEC_TEST=m CONFIG_CORDIC=m CONFIG_IRQ_POLL=y +# CONFIG_RETPOLINE is not set diff --git a/config/linux-linuxboot.config b/config/linux-linuxboot.config index a454a0962..ac483be8a 100644 --- a/config/linux-linuxboot.config +++ b/config/linux-linuxboot.config @@ -294,7 +294,7 @@ CONFIG_STACKTRACE=y # CONFIG_RCU_TRACE is not set # CONFIG_FTRACE is not set # CONFIG_STRICT_DEVMEM is not set -# CONFIG_X86_VERBOSE_BOOTUP is not set +CONFIG_X86_VERBOSE_BOOTUP=y # CONFIG_DOUBLEFAULT is not set CONFIG_IO_DELAY_0XED=y CONFIG_OPTIMIZE_INLINING=y diff --git a/initrd/bin/config-gui.sh b/initrd/bin/config-gui.sh index eb3b2f481..f1fce23a6 100755 --- a/initrd/bin/config-gui.sh +++ b/initrd/bin/config-gui.sh @@ -2,64 +2,28 @@ # set -e -o pipefail . /etc/functions +. /etc/gui_functions . /tmp/config -file_selector() { - FILE="" - FILE_LIST=$1 - MENU_MSG=${2:-"Choose the file"} -# create file menu options - if [ `cat "$FILE_LIST" | wc -l` -gt 0 ]; then - option="" - while [ -z "$option" ] - do - MENU_OPTIONS="" - n=0 - while read option - do - n=`expr $n + 1` - option=$(echo $option | tr " " "_") - MENU_OPTIONS="$MENU_OPTIONS $n ${option}" - done < $FILE_LIST - - MENU_OPTIONS="$MENU_OPTIONS a Abort" - whiptail --clear --title "Select your File" \ - --menu "${MENU_MSG} [1-$n, a to abort]:" 20 120 8 \ - -- $MENU_OPTIONS \ - 2>/tmp/whiptail || die "Aborting" - - option_index=$(cat /tmp/whiptail) - - if [ "$option_index" = "a" ]; then - option="a" - return - fi - - option=`head -n $option_index $FILE_LIST | tail -1` - if [ "$option" == "a" ]; then - return - fi - done - if [ -n "$option" ]; then - FILE=$option - fi - else - whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: No Files Found' \ - --msgbox "No Files found matching the pattern. Aborting." 16 60 - exit 1 - fi -} +param=$1 while true; do - unset menu_choice - whiptail --clear --title "Config Management Menu" \ + if [ ! -z "$param" ]; then + # use first char from parameter + menu_choice=${param::1} + unset param + else + unset menu_choice + whiptail --clear --title "Config Management Menu" \ --menu "This menu lets you change settings for the current BIOS session.\n\nAll changes will revert after a reboot,\n\nunless you also save them to the running BIOS." 20 90 10 \ 'b' ' Change the /boot device' \ 's' ' Save the current configuration to the running BIOS' \ - 'x' ' Exit' \ + 'r' ' Clear GPG key(s) and reset all user settings' \ + 'x' ' Return to Main Menu' \ 2>/tmp/whiptail || recovery "GUI menu failed" - menu_choice=$(cat /tmp/whiptail) + menu_choice=$(cat /tmp/whiptail) + fi case "$menu_choice" in "x" ) @@ -67,14 +31,39 @@ while true; do ;; "b" ) CURRENT_OPTION=`grep 'CONFIG_BOOT_DEV=' /tmp/config | tail -n1 | cut -f2 -d '=' | tr -d '"'` - find /dev -name 'sd*' -o -name 'nvme*' > /tmp/filelist.txt - file_selector "/tmp/filelist.txt" "Choose the default /boot device.\n\nCurrently set to $CURRENT_OPTION." + fdisk -l | grep "Disk" | cut -f2 -d " " | cut -f1 -d ":" > /tmp/disklist.txt + # filter out extraneous options + > /tmp/boot_device_list.txt + for i in `cat /tmp/disklist.txt`; do + # remove block device from list if numeric partitions exist, since not bootable + DEV_NUM_PARTITIONS=$((`ls -1 $i* | wc -l`-1)) + if [ ${DEV_NUM_PARTITIONS} -eq 0 ]; then + echo $i >> /tmp/boot_device_list.txt + else + ls $i* | tail -${DEV_NUM_PARTITIONS} >> /tmp/boot_device_list.txt + fi + done + file_selector "/tmp/boot_device_list.txt" \ + "Choose the default /boot device.\n\nCurrently set to $CURRENT_OPTION." \ + "Boot Device Selection" if [ "$FILE" == "" ]; then return else SELECTED_FILE=$FILE fi + # unmount /boot if needed + if grep -q /boot /proc/mounts ; then + umount /boot 2>/dev/null + fi + # mount newly selected /boot device + if ! mount -o ro $SELECTED_FILE /boot 2>/tmp/error ; then + ERROR=`cat /tmp/error` + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: unable to mount /boot' \ + --msgbox " $ERROR\n\n" 16 60 + exit 1 + fi + replace_config /etc/config.user "CONFIG_BOOT_DEV" "$SELECTED_FILE" combine_configs @@ -104,6 +93,43 @@ while true; do exit 0 fi ;; + "r" ) + # prompt for confirmation + if (whiptail --title 'Reset Configuration?' \ + --yesno "This will clear all GPG keys, clear boot signatures and checksums, + \nreset the /boot device, clear/reset the TPM (if present), + \nand reflash your BIOS with the cleaned configuration. + \n\nDo you want to proceed?" 16 90) then + # read current firmware + /bin/flash.sh -r /tmp/config-gui.rom + if [ ! -s /tmp/config-gui.rom ]; then + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: BIOS Read Failed!' \ + --msgbox "Unable to read BIOS" 16 60 + exit 1 + fi + # clear local keyring + rm /.gnupg/* | true + # clear /boot signatures/checksums + mount -o remount,rw /boot + rm /boot/kexec* | true + mount -o remount,ro /boot + # clear GPG keys and user settings + for i in `cbfs -o /tmp/config-gui.rom -l | grep -e "heads/"`; do + cbfs -o /tmp/config-gui.rom -d $i + done + # flash cleared ROM + /bin/flash.sh -c /tmp/config-gui.rom + # reset TPM if present + if [ "$CONFIG_TPM" = "y" ]; then + /bin/tpm-reset + fi + whiptail --title 'Configuration Reset Updated Successfully' \ + --msgbox "Configuration reset and BIOS updated successfully.\n\nPress Enter to reboot" 16 60 + /bin/reboot + else + exit 0 + fi + ;; esac done diff --git a/initrd/bin/flash-gui.sh b/initrd/bin/flash-gui.sh index 3780051a1..6e2a0840a 100755 --- a/initrd/bin/flash-gui.sh +++ b/initrd/bin/flash-gui.sh @@ -2,76 +2,13 @@ # set -e -o pipefail . /etc/functions +. /etc/gui_functions . /tmp/config -mount_usb(){ -# Mount the USB boot device - if ! grep -q /media /proc/mounts ; then - mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 - if [ $USB_FAILED -ne 0 ]; then - if [ ! -e "$CONFIG_USB_BOOT_DEV" ]; then - whiptail --title 'USB Drive Missing' \ - --msgbox "Insert your USB drive and press Enter to continue." 16 60 USB_FAILED=0 - mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 - fi - if [ $USB_FAILED -ne 0 ]; then - whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Mounting /media Failed' \ - --msgbox "Unable to mount $CONFIG_USB_BOOT_DEV" 16 60 - fi - fi - fi -} - -file_selector() { - FILE="" - FILE_LIST=$1 - MENU_MSG=${2:-"Choose the file"} -# create file menu options - if [ `cat "$FILE_LIST" | wc -l` -gt 0 ]; then - option="" - while [ -z "$option" ] - do - MENU_OPTIONS="" - n=0 - while read option - do - n=`expr $n + 1` - option=$(echo $option | tr " " "_") - MENU_OPTIONS="$MENU_OPTIONS $n ${option}" - done < $FILE_LIST - - MENU_OPTIONS="$MENU_OPTIONS a Abort" - whiptail --clear --title "Select your File" \ - --menu "${MENU_MSG} [1-$n, a to abort]:" 20 120 8 \ - -- $MENU_OPTIONS \ - 2>/tmp/whiptail || die "Aborting" - - option_index=$(cat /tmp/whiptail) - - if [ "$option_index" = "a" ]; then - option="a" - return - fi - - option=`head -n $option_index $FILE_LIST | tail -1` - if [ "$option" == "a" ]; then - return - fi - done - if [ -n "$option" ]; then - FILE=$option - fi - else - whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: No Files Found' \ - --msgbox "No Files found matching the pattern. Aborting." 16 60 - exit 1 - fi -} - while true; do unset menu_choice whiptail --clear --title "Firmware Management Menu" \ - --menu "Select the firmware function to perform\n\nRetaining settings copies existing settings to the new firmware:\n* Keeps your GPG keyring\n* Keeps changes to the default /boot device\n\nErasing settings uses the new firmware as-is:\n* Erases any existing GPG keyring\n* Restores firmware to default factory settings\n\nIf you are just updating your firmware, you probably want to retain\nyour settings." 20 90 10 \ + --menu "Select the firmware function to perform\n\nRetaining settings copies existing settings to the new firmware:\n* Keeps your GPG keyring\n* Keeps changes to the default /boot device\n\nErasing settings uses the new firmware as-is:\n* Erases any existing GPG keyring\n* Restores firmware to default factory settings\n* Clears out /boot signatures\n\nIf you are just updating your firmware, you probably want to retain\nyour settings." 20 90 10 \ 'f' ' Flash the firmware with a new ROM, retain settings' \ 'c' ' Flash the firmware with a new ROM, erase settings' \ 'x' ' Exit' \ @@ -85,10 +22,10 @@ while true; do ;; f|c ) if (whiptail --title 'Flash the BIOS with a new ROM' \ - --yesno "This requires you insert a USB drive containing:\n* Your BIOS image (*.rom)\n\nAfter you select this file, this program will reflash your BIOS\n\nDo you want to proceed?" 16 90) then + --yesno "You will need to insert a USB drive containing your BIOS image (*.rom).\n\nAfter you select this file, this program will reflash your BIOS.\n\nDo you want to proceed?" 16 90) then mount_usb if grep -q /media /proc/mounts ; then - find /media -name '*.rom' > /tmp/filelist.txt + find /media ! -path '*/\.*' -type f -name '*.rom' | sort > /tmp/filelist.txt file_selector "/tmp/filelist.txt" "Choose the ROM to flash" if [ "$FILE" == "" ]; then return @@ -97,14 +34,22 @@ while true; do fi if (whiptail --title 'Flash ROM?' \ - --yesno "This will replace your old ROM with $ROM\n\nDo you want to proceed?" 16 90) then + --yesno "This will replace your current ROM with:\n\n$ROM\n\nDo you want to proceed?" 16 60) then if [ "$menu_choice" == "c" ]; then /bin/flash.sh -c "$ROM" + # after flash, /boot signatures are now invalid so go ahead and clear them + if ls /boot/kexec* >/dev/null 2>&1 ; then + ( + mount -o remount,rw /boot 2>/dev/null + rm /boot/kexec* 2>/dev/null + mount -o remount,ro /boot 2>/dev/null + ) + fi else /bin/flash.sh "$ROM" fi whiptail --title 'ROM Flashed Successfully' \ - --msgbox "$ROM flashed successfully.\nPress Enter to reboot" 16 60 + --msgbox "$ROM flashed successfully.\n\nPress Enter to reboot\n" 16 60 umount /media /bin/reboot else diff --git a/initrd/bin/flash.sh b/initrd/bin/flash.sh index e89c9a98c..d82d43b71 100755 --- a/initrd/bin/flash.sh +++ b/initrd/bin/flash.sh @@ -6,15 +6,9 @@ set -e -o pipefail . /etc/functions . /tmp/config -case "$CONFIG_BOARD" in - librem* ) - FLASHROM_OPTIONS='-p internal:laptop=force_I_want_a_brick,ich_spi_mode=hwseq' - ;; - x230* ) - FLASHROM_OPTIONS='--force --noverify-all --programmer internal --ifd --image bios' - ;; - "kgpe-d16" ) - FLASHROM_OPTIONS='--force --noverify --programmer internal' +case "$CONFIG_FLASHROM_OPTIONS" in + -* ) + echo "Board $CONFIG_BOARD detected, continuing..." ;; * ) die "ERROR: No board has been configured!\n\nEach board requires specific flashrom options and it's unsafe to flash without them.\n\nAborting." @@ -24,11 +18,11 @@ esac flash_rom() { ROM=$1 if [ "$READ" -eq 1 ]; then - flashrom $FLASHROM_OPTIONS -r "${ROM}.1" \ + flashrom $CONFIG_FLASHROM_OPTIONS -r "${ROM}.1" \ || die "$ROM: Read failed" - flashrom $FLASHROM_OPTIONS -r "${ROM}.2" \ + flashrom $CONFIG_FLASHROM_OPTIONS -r "${ROM}.2" \ || die "$ROM: Read failed" - flashrom $FLASHROM_OPTIONS -r "${ROM}.3" \ + flashrom $CONFIG_FLASHROM_OPTIONS -r "${ROM}.3" \ || die "$ROM: Read failed" if [ `sha256sum ${ROM}.[123] | cut -f1 -d ' ' | uniq | wc -l` -eq 1 ]; then mv ${ROM}.1 $ROM @@ -43,8 +37,14 @@ flash_rom() { preserve_rom /tmp/${CONFIG_BOARD}.rom \ || die "$ROM: Config preservation failed" fi + # persist serial number from CBFS + if cbfs -r serial_number > /tmp/serial 2>/dev/null; then + echo "Persisting system serial" + cbfs -o /tmp/${CONFIG_BOARD}.rom -d serial_number 2>/dev/null || true + cbfs -o /tmp/${CONFIG_BOARD}.rom -a serial_number -f /tmp/serial + fi - flashrom $FLASHROM_OPTIONS -w /tmp/${CONFIG_BOARD}.rom \ + flashrom $CONFIG_FLASHROM_OPTIONS -w /tmp/${CONFIG_BOARD}.rom \ || die "$ROM: Flash failed" fi } diff --git a/initrd/bin/gpg-gui.sh b/initrd/bin/gpg-gui.sh index 0e93c5380..cb63a660e 100755 --- a/initrd/bin/gpg-gui.sh +++ b/initrd/bin/gpg-gui.sh @@ -2,72 +2,18 @@ # set -e -o pipefail . /etc/functions +. /etc/gui_functions . /tmp/config -mount_usb(){ -# Mount the USB boot device - if ! grep -q /media /proc/mounts ; then - mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 - if [ $USB_FAILED -ne 0 ]; then - if [ ! -e "$CONFIG_USB_BOOT_DEV" ]; then - whiptail --title 'USB Drive Missing' \ - --msgbox "Insert your USB drive and press Enter to continue." 16 60 USB_FAILED=0 - mount-usb "$CONFIG_USB_BOOT_DEV" || USB_FAILED=1 - fi - if [ $USB_FAILED -ne 0 ]; then - whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Mounting /media Failed' \ - --msgbox "Unable to mount $CONFIG_USB_BOOT_DEV" 16 60 - fi - fi - fi -} - -file_selector() { - FILE="" - FILE_LIST=$1 - MENU_MSG=${2:-"Choose the file"} -# create file menu options - if [ `cat "$FILE_LIST" | wc -l` -gt 0 ]; then - option="" - while [ -z "$option" ] - do - MENU_OPTIONS="" - n=0 - while read option - do - n=`expr $n + 1` - option=$(echo $option | tr " " "_") - MENU_OPTIONS="$MENU_OPTIONS $n ${option}" - done < $FILE_LIST - - MENU_OPTIONS="$MENU_OPTIONS a Abort" - whiptail --clear --title "Select your File" \ - --menu "${MENU_MSG} [1-$n, a to abort]:" 20 120 8 \ - -- $MENU_OPTIONS \ - 2>/tmp/whiptail || die "Aborting" - - option_index=$(cat /tmp/whiptail) - - if [ "$option_index" = "a" ]; then - option="a" - return - fi +gpg_flash_rom() { - option=`head -n $option_index $FILE_LIST | tail -1` - if [ "$option" == "a" ]; then - return - fi - done - if [ -n "$option" ]; then - FILE=$option - fi - else - whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: No Files Found' \ - --msgbox "No Files found matching the pattern. Aborting." 16 60 - exit 1 + if [ "$1" = "replace" ]; then + # clear local keyring + [ -e /.gnupg/pubring.gpg ] && rm /.gnupg/pubring.gpg + [ -e /.gnupg/pubring.kbx ] && rm /.gnupg/pubring.kbx + [ -e /.gnupg/trustdb.gpg ] && rm /.gnupg/trustdb.gpg fi -} -gpg_flash_rom() { + cat "$PUBKEY" | gpg --import #update /.gnupg/trustdb.gpg to ultimately trust all user provided public keys gpg --list-keys --fingerprint --with-colons |sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --import-ownertrust @@ -97,23 +43,41 @@ gpg_flash_rom() { if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg" fi - cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg + if [ -e /.gnupg/trustdb.gpg ]; then + cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg + fi #Remove old method owner trust exported file if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/otrust.txt") then cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/otrust.txt" fi + # persist user config changes + if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/etc/config.user") then + cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/etc/config.user" + fi + if [ -e /etc/config.user ]; then + cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/etc/config.user" -f /etc/config.user + fi /bin/flash.sh /tmp/gpg-gui.rom - whiptail --title 'BIOS Flashed Successfully' \ - --msgbox "BIOS flashed successfully.\n\nIf your keys have changed, be sure to re-sign all files in /boot\nafter you reboot.\n\nPress Enter to reboot" 16 60 + + if (whiptail --title 'BIOS Flashed Successfully' \ + --yesno "Would you like to update the checksums and sign all of the files in /boot?\n\nYou will need your GPG key to continue and this will modify your disk.\n\nOtherwise the system will reboot immediately." 16 90) then + update_checksums + else + /bin/reboot + fi + + whiptail --title 'Files in /boot Updated Successfully'\ + --msgbox "Checksums have been updated and /boot files signed.\n\nPress Enter to reboot" 16 60 /bin/reboot + } gpg_post_gen_mgmt() { GPG_GEN_KEY=`grep -A1 pub /tmp/gpg_card_edit_output | tail -n1 | sed -nr 's/^([ ])*//p'` gpg --export --armor $GPG_GEN_KEY > "/tmp/${GPG_GEN_KEY}.asc" if (whiptail --title 'Add Public Key to USB disk?' \ - --yesno "Would you like to copy the GPG public key you generated to a USB disk?\n\nOtherwise you will not be able to copy it outside of Heads later\n\nThe file will show up as ${GPG_GEN_KEY}.asc" 16 90) then + --yesno "Would you like to copy the GPG public key you generated to a USB disk?\n\nYou may need it, if you want to use it outside of Heads later.\n\nThe file will show up as ${GPG_GEN_KEY}.asc" 16 90) then mount_usb mount -o remount,rw /media cp "/tmp/${GPG_GEN_KEY}.asc" "/media/${GPG_GEN_KEY}.asc" @@ -138,28 +102,37 @@ gpg_post_gen_mgmt() { gpg_flash_rom fi } -gpg_sc_oem_reset() { - GPG_KEY_NAME=`date +%Y%m%d%H%M%S` - # Factory reset GPG card - { - echo admin - echo factory-reset - echo y - echo yes - } | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit > /tmp/gpg_card_edit_output || return 1 - # Generate OEM GPG keys - { - echo admin - echo generate - echo n - echo 12345678 - echo 123456 - echo 0 - echo y - echo "OEM Key" - echo "oem-${GPG_KEY_NAME}@example.com" - echo "OEM-generated key" - } | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit > /tmp/gpg_card_edit_output || return 2 + +gpg_add_key_reflash() { + if (whiptail --title 'GPG public key required' \ + --yesno "This requires you insert a USB drive containing:\n* Your GPG public key (*.key or *.asc)\n\nAfter you select this file, this program will copy and reflash your BIOS\n\nDo you want to proceed?" 16 90) then + mount_usb + if grep -q /media /proc/mounts ; then + find /media -name '*.key' > /tmp/filelist.txt + find /media -name '*.asc' >> /tmp/filelist.txt + file_selector "/tmp/filelist.txt" "Choose your GPG public key" + # bail if user didn't select a file + if [ "$FILE" = "" ]; then + return + else + PUBKEY=$FILE + fi + + /bin/flash.sh -r /tmp/gpg-gui.rom + if [ ! -s /tmp/gpg-gui.rom ]; then + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: BIOS Read Failed!' \ + --msgbox "Unable to read BIOS" 16 60 + exit 1 + fi + + if (whiptail --title 'Update ROM?' \ + --yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 16 90) then + gpg_flash_rom + else + exit 0 + fi + fi + fi } while true; do @@ -168,9 +141,10 @@ while true; do --menu 'Select the GPG function to perform' 20 90 10 \ 'r' ' Add GPG key to running BIOS + reflash' \ 'a' ' Add GPG key to standalone BIOS image + flash' \ + 'e' ' Replace GPG key(s) in the current ROM + reflash' \ 'l' ' List GPG keys in your keyring' \ + 'p' ' Export public GPG key to USB drive' \ 'g' ' Generate GPG keys manually on a USB security token' \ - 'o' ' OEM Factory reset + auto keygen USB security token' \ 'x' ' Exit' \ 2>/tmp/whiptail || recovery "GUI menu failed" @@ -213,36 +187,39 @@ while true; do fi ;; "r" ) - if (whiptail --title 'GPG public key required' \ - --yesno "This requires you insert a USB drive containing:\n* Your GPG public key (*.key or *.asc)\n\nAfter you select this file, this program will copy and reflash your BIOS\n\nDo you want to proceed?" 16 90) then - mount_usb - if grep -q /media /proc/mounts ; then - find /media -name '*.key' > /tmp/filelist.txt - find /media -name '*.asc' >> /tmp/filelist.txt - file_selector "/tmp/filelist.txt" "Choose your GPG public key" - PUBKEY=$FILE - - /bin/flash.sh -r /tmp/gpg-gui.rom - if [ ! -s /tmp/gpg-gui.rom ]; then - whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: BIOS Read Failed!' \ - --msgbox "Unable to read BIOS" 16 60 - exit 1 - fi - - if (whiptail --title 'Update ROM?' \ - --yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 16 90) then - gpg_flash_rom - else - exit 0 - fi - fi - fi + gpg_add_key_reflash + exit 0; + ;; + "e" ) + # clear local keyring + [ -e /.gnupg/pubring.gpg ] && rm /.gnupg/pubring.gpg + [ -e /.gnupg/pubring.kbx ] && rm /.gnupg/pubring.kbx + [ -e /.gnupg/trustdb.gpg ] && rm /.gnupg/trustdb.gpg + # add key and reflash + gpg_add_key_reflash ;; "l" ) GPG_KEYRING=`gpg -k` whiptail --title 'GPG Keyring' \ --msgbox "${GPG_KEYRING}" 16 60 ;; + "p" ) + if (whiptail --title 'Export Public Key(s) to USB drive?' \ + --yesno "Would you like to copy GPG public key(s) to a USB drive?\n\nThe file will show up as public-key.asc" 16 90) then + mount_usb + mount -o remount,rw /media + gpg --export --armor > "/tmp/public-key.asc" + cp "/tmp/public-key.asc" "/media/public-key.asc" + if [ $? -eq 0 ]; then + whiptail --title "The GPG Key Copied Successfully" \ + --msgbox "public-key.asc copied successfully." 16 60 + else + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Copy Failed' \ + --msgbox "Unable to copy public-key.asc to /media" 16 60 + fi + umount /media + fi + ;; "g" ) confirm_gpg_card echo -e "\n\n\n\n" @@ -258,24 +235,6 @@ while true; do gpg_post_gen_mgmt fi ;; - "o" ) - if (whiptail $CONFIG_WARNING_BG_COLOR --title 'WARNING: Factory Reset USB Security Token?' \ - --yesno "This will perform a FACTORY RESET of the USB security token!\n\nThis will:\n* Reset all security token passwords to default\n* Erase any keys on the security token\n* Generate new automated GPG keys on the token\n\nAny data now on the USB security token will be LOST!\n\nDo you want to proceed?" 16 120) then - confirm_gpg_card - gpg_sc_oem_reset - if [ $? -eq 0 ]; then - gpg_post_gen_mgmt - elif [ $? -eq 1 ]; then - GPG_OUTPUT=`cat /tmp/gpg_card_edit_output` - whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Factory Reset Failed!' \ - --msgbox "Factory Reset Failed!\n\n$GPG_OUTPUT" 16 120 - elif [ $? -eq 2 ]; then - GPG_OUTPUT=`cat /tmp/gpg_card_edit_output` - whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Automatic Keygen Failed!' \ - --msgbox "Automatic Keygen Failed!\n\n$GPG_OUTPUT" 16 120 - fi - fi - ;; esac done diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 8c4419658..5cbca8c8e 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -8,11 +8,31 @@ CONFIG_BOOT_GUI_MENU_NAME='Heads Boot Menu' mount_boot() { + # Mount local disk if it is not already mounted - if ! grep -q /boot /proc/mounts ; then - mount -o ro /boot \ - || recovery "Unable to mount /boot" - fi + while ! grep -q /boot /proc/mounts ; do + # ensure default boot device is set + if [ ! -e "$CONFIG_BOOT_DEV" ]; then + if (whiptail $CONFIG_ERROR_BG_COLOR --clear --title "ERROR: $CONFIG_BOOT_DEV missing!" \ + --yesno "The /boot device $CONFIG_BOOT_DEV could not be found!\n\nYou will need to configure the correct device for /boot.\n\nWould you like to configure the /boot device now?" 30 90) then + config-gui.sh boot_device_select + else + # exit to main menu + break + fi + fi + # update CONFIG_BOOT_DEV + . /tmp/config + mount -o ro $CONFIG_BOOT_DEV /boot + if [ $? -ne 0 ]; then + if (whiptail $CONFIG_ERROR_BG_COLOR --clear --title 'ERROR: Cannot mount /boot' \ + --yesno "The /boot partition at $CONFIG_BOOT_DEV could not be mounted!\n\nWould you like to configure the /boot device now?" 30 90) then + config-gui.sh boot_device_select + else + recovery "Unable to mount /boot" + fi + fi + done } verify_global_hashes() { @@ -22,7 +42,7 @@ verify_global_hashes() TMP_PACKAGE_TRIGGER_PRE="/tmp/kexec/kexec_package_trigger_pre.txt" TMP_PACKAGE_TRIGGER_POST="/tmp/kexec/kexec_package_trigger_post.txt" - if cd /boot && sha256sum -c "$TMP_HASH_FILE" > /tmp/hash_output ; then + if ( cd /boot && sha256sum -c "$TMP_HASH_FILE" > /tmp/hash_output ) then return 0 elif [ ! -f $TMP_HASH_FILE ]; then if (whiptail $CONFIG_ERROR_BG_COLOR --clear --title 'ERROR: Missing Hash File!' \ @@ -50,7 +70,7 @@ verify_global_hashes() fi else - TEXT="The following files failed the verification process:\n${CHANGED_FILES}\n\nThis could indicate a compromise!\n\nWould you like to update your checksums now?" + TEXT="The following files failed the verification process:\n\n${CHANGED_FILES}\n\nThis could indicate a compromise!\n\nWould you like to update your checksums now?" fi if (whiptail $CONFIG_ERROR_BG_COLOR --clear --title 'ERROR: Boot Hash Mismatch' --yesno "$TEXT" 30 90) then @@ -59,32 +79,11 @@ verify_global_hashes() return 1 fi } -update_checksums() +prompt_update_checksums() { if (whiptail --title 'Update Checksums and sign all files in /boot' \ - --yesno "You have chosen to update the checksums and sign all of the files in /boot.\n\nThis means that you trust that the files in /boot have not been tampered with.\n\nYou will need your GPG key to continue and this change will modify your disk.\n\nDo you want to continue?" 16 90) then - mount_boot - mount -o rw,remount /boot - - cd /boot - find ./ -type f ! -name '*kexec*' | xargs sha256sum > /boot/kexec_hashes.txt - DEFAULT_FILES=$(cat /boot/kexec_default_hashes.txt | cut -f3 -d ' ') - echo $DEFAULT_FILES | xargs sha256sum > /boot/kexec_default_hashes.txt - - # Remove any package trigger log files - # We don't need them after the user decides to sign - rm -f /boot/kexec_package_trigger* - - # sign and auto-roll config counter - extparam= - if [ "$CONFIG_TPM" = "y" ]; then - extparam=-u - fi - kexec-sign-config -p /boot $extparam \ - || die "Failed to sign default config" - - # switch back to ro mode - mount -o ro,remount /boot + --yesno "You have chosen to update the checksums and sign all of the files in /boot.\n\nThis means that you trust that these files have not been tampered with.\n\nYou will need your GPG key available, and this change will modify your disk.\n\nDo you want to continue?" 16 90) then + update_checksums else echo "Returning to the main menu" fi @@ -93,17 +92,61 @@ update_totp() { echo "Scan the QR code to add the new TOTP secret" /bin/seal-totp - if [ -x /bin/libremkey_hotp_verification ]; then - echo "Once you have scanned the QR code, hit Enter to configure your Librem Key" + if [ -x /bin/hotp_verification ]; then + echo "Once you have scanned the QR code, hit Enter to configure your HOTP USB Security Dongle (e.g. Librem Key or Nitrokey)" read - /bin/seal-libremkey + /bin/seal-hotpkey else - echo "Once you have scanned the QR code, hit Enter to reboot" + echo "Once you have scanned the QR code, hit Enter to continue" read fi - /bin/reboot } +clean_boot_check() +{ + # assume /boot mounted + if ! grep -q /boot /proc/mounts ; then + return + fi + + # check for any kexec files in /boot + kexec_files=`find /boot -name kexec*.txt` + [ ! -z "$kexec_files" ] && return + + #check for GPG key in keyring + GPG_KEY_COUNT=`gpg -k 2>/dev/null | wc -l` + [ $GPG_KEY_COUNT -ne 0 ] && return + + # check for USB security token + if [ "$CONFIG_HOTPKEY" = "y" ]; then + enable_usb + if ! gpg --card-status > /dev/null ; then + return + fi + fi + + # OS is installed, no kexec files present, no GPG keys in keyring, security token present + # prompt user to run OEM factory reset + oem-factory-reset \ + "Clean Boot Detected - Perform OEM Factory Reset?" "$CONFIG_WARNING_BG_COLOR" +} + +if detect_boot_device ; then + # /boot device with installed OS found + clean_boot_check +else + # can't determine /boot device or no OS installed, + # so fall back to interactive selection + mount_boot +fi + +# Use stored HOTP key branding +if [ -r /boot/kexec_hotp_key ]; then + HOTPKEY_BRANDING="$(cat /boot/kexec_hotp_key)" +else + HOTPKEY_BRANDING="HOTP USB Security Dongle" +fi + last_half=X while true; do MAIN_MENU_OPTIONS="" @@ -133,8 +176,14 @@ while true; do TOTP=`unseal-totp` if [ $? -ne 0 ]; then whiptail $CONFIG_ERROR_BG_COLOR --clear --title "ERROR: TOTP Generation Failed!" \ - --menu "ERROR: Heads couldn't generate the TOTP code.\n\nIf this is the first time the system has booted, you should reset the TPM\nand set your own password\n\nIf you just reflashed your BIOS, you'll need to generate a new TOTP secret.\n\nIf you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n\nHow would you like to proceed?" 30 90 4 \ - 'g' ' Generate new TOTP/HOTP secret' \ + --menu " ERROR: Heads couldn't generate the TOTP code.\n + If you have just completed a Factory Reset, or just reflashed + your BIOS, you should generate a new HOTP/TOTP secret.\n + If this is the first time the system has booted, you should + reset the TPM and set your own password.\n + If you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n + How would you like to proceed?" 30 90 4 \ + 'g' ' Generate new HOTP/TOTP secret' \ 'i' ' Ignore error and continue to default boot menu' \ 'p' ' Reset the TPM' \ 'x' ' Exit to recovery shell' \ @@ -146,14 +195,16 @@ while true; do fi if [ "$totp_confirm" = "i" -o -z "$totp_confirm" ]; then - if [ -x /bin/libremkey_hotp_verification ]; then + if [ -x /bin/hotp_verification ]; then HOTP=`unseal-hotp` enable_usb - if ! libremkey_hotp_verification info ; then - whiptail $CONFIG_WARNING_BG_COLOR --clear --title 'WARNING: Please Insert Your Librem Key' --msgbox "Your Librem Key was not detected.\n\nPlease insert your Librem Key" 30 90 + if ! hotp_verification info ; then + whiptail $CONFIG_WARNING_BG_COLOR --clear \ + --title "WARNING: Please Insert Your $HOTPKEY_BRANDING" \ + --msgbox "Your $HOTPKEY_BRANDING was not detected.\n\nPlease insert your $HOTPKEY_BRANDING" 30 90 fi # Don't output HOTP codes to screen, so as to make replay attacks harder - libremkey_hotp_verification check $HOTP + hotp_verification check $HOTP case "$?" in 0 ) HOTP="Success" @@ -163,7 +214,7 @@ while true; do MAIN_MENU_BG_COLOR=$CONFIG_ERROR_BG_COLOR ;; * ) - HOTP="Error checking code, Insert Librem Key and retry" + HOTP="Error checking code, Insert $HOTPKEY_BRANDING and retry" MAIN_MENU_BG_COLOR=$CONFIG_WARNING_BG_COLOR ;; esac @@ -175,7 +226,8 @@ while true; do --menu "$date\nTOTP: $TOTP | HOTP: $HOTP" 20 90 10 \ 'y' ' Default boot' \ 'r' ' Refresh TOTP/HOTP' \ - 'a' ' Settings -->' \ + 'a' ' Options -->' \ + 'S' ' System Info' \ 'P' ' Power Off' \ 2>/tmp/whiptail || recovery "GUI menu failed" @@ -183,14 +235,15 @@ while true; do fi if [ "$totp_confirm" = "a" ]; then - whiptail --clear --title "Settings" \ - --menu "Configure Settings" 20 90 10 \ - 'o' ' Other Boot Options -->' \ + whiptail --clear --title "HEADS Options" \ + --menu "" 20 90 10 \ + 'o' ' Boot Options -->' \ 't' ' TPM/TOTP/HOTP Options -->' \ 's' ' Update checksums and sign all files in /boot' \ 'c' ' Change configuration settings -->' \ 'f' ' Flash/Update the BIOS -->' \ 'G' ' GPG Options -->' \ + 'F' ' OEM Factory Reset -->' \ 'x' ' Exit to recovery shell' \ 'r' ' <-- Return to main menu' \ 2>/tmp/whiptail || recovery "GUI menu failed" @@ -199,7 +252,7 @@ while true; do fi if [ "$totp_confirm" = "o" ]; then - whiptail --clear --title "Other Boot Options" \ + whiptail --clear --title "Boot Options" \ --menu "Select A Boot Option" 20 90 10 \ 'm' ' Show OS boot menu' \ 'u' ' USB boot' \ @@ -260,30 +313,34 @@ while true; do fi if [ "$totp_confirm" = "p" ]; then - if (whiptail --title 'Reset the TPM' \ - --yesno "This will clear the TPM and TPM password, replace them with new ones!\n\nDo you want to proceed?" 16 90) then - /bin/tpm-reset + if [ "$CONFIG_TPM" = "y" ]; then + if (whiptail --title 'Reset the TPM' \ + --yesno "This will clear the TPM and TPM password, replace them with new ones!\n\nDo you want to proceed?" 16 90) then + /bin/tpm-reset - # now that the TPM is reset, remove invalid TPM counter files - mount_boot - mount -o rw,remount /boot - rm -f /boot/kexec_rollback.txt + # now that the TPM is reset, remove invalid TPM counter files + mount_boot + mount -o rw,remount /boot + rm -f /boot/kexec_rollback.txt - # create Heads TPM counter before any others - check_tpm_counter /boot/kexec_rollback.txt \ - || die "Unable to find/create tpm counter" - counter="$TPM_COUNTER" + # create Heads TPM counter before any others + check_tpm_counter /boot/kexec_rollback.txt \ + || die "Unable to find/create tpm counter" + counter="$TPM_COUNTER" - increment_tpm_counter $counter \ - || die "Unable to increment tpm counter" + increment_tpm_counter $counter \ + || die "Unable to increment tpm counter" - sha256sum /tmp/counter-$counter > /boot/kexec_rollback.txt \ - || die "Unable to create rollback file" - mount -o ro,remount /boot + sha256sum /tmp/counter-$counter > /boot/kexec_rollback.txt \ + || die "Unable to create rollback file" + mount -o ro,remount /boot - update_totp + update_totp + else + echo "Returning to the main menu" + fi else - echo "Returning to the main menu" + whiptail --clear --title 'ERROR: No TPM Detected' --msgbox "This device does not have a TPM.\n\nPress OK to return to the Main Menu" 30 90 fi continue fi @@ -312,7 +369,7 @@ while true; do fi if [ "$totp_confirm" = "s" ]; then - update_checksums + prompt_update_checksums continue fi @@ -331,6 +388,20 @@ while true; do continue fi + if [ "$totp_confirm" = "S" ]; then + memtotal=$(cat /proc/meminfo | grep 'MemTotal' | tr -s ' ' | cut -f2 -d ' ') + memtotal=$((${memtotal} / 1024 / 1024 + 1)) + cpustr=$(cat /proc/cpuinfo | grep 'model name' | uniq | sed -r 's/\(R\)//;s/\(TM\)//;s/CPU //;s/model name.*: //') + whiptail --title 'System Info' \ + --msgbox "VER: ${FW_VER}\n\nCPU: ${cpustr}\nRAM: ${memtotal} GB\n\n$(fdisk -l | grep -e '/dev/sd.:' -e '/dev/nvme.*:' | sed 's/B,.*/B/')" 16 60 + continue + fi + + if [ "$totp_confirm" = "F" ]; then + oem-factory-reset + continue + fi + if [ "$totp_confirm" = "P" ]; then poweroff fi diff --git a/initrd/bin/kexec-parse-bls b/initrd/bin/kexec-parse-bls index b70363f42..ee2e08818 100755 --- a/initrd/bin/kexec-parse-bls +++ b/initrd/bin/kexec-parse-bls @@ -67,10 +67,10 @@ bls_entry() { name=$val ;; linux*) - kernel=$val + kernel=${val#"$bootdir"} ;; initrd*) - initrd=$val + initrd=${val#"$bootdir"} ;; options) # default is "options $kernelopts" diff --git a/initrd/bin/kexec-parse-boot b/initrd/bin/kexec-parse-boot index 8dfa648d4..fbe31939a 100755 --- a/initrd/bin/kexec-parse-boot +++ b/initrd/bin/kexec-parse-boot @@ -170,11 +170,11 @@ syslinux_entry() { state="search" ;; *) - kernel="$val" + kernel="${val#"$bootdir"}" esac ;; initrd* | INITRD* ) - initrd="$val" + initrd="${val#"$bootdir"}" ;; append* | APPEND* ) if [ "$kexectype" = "multiboot" -o "$kexectype" = "xen" ]; then diff --git a/initrd/bin/kexec-save-default b/initrd/bin/kexec-save-default index 85ac3f27e..fe04e864f 100755 --- a/initrd/bin/kexec-save-default +++ b/initrd/bin/kexec-save-default @@ -45,7 +45,7 @@ fi KEY_DEVICES="$paramsdir/kexec_key_devices.txt" KEY_LVM="$paramsdir/kexec_key_lvm.txt" save_key="n" -if [ "$CONFIG_TPM" = "y" ]; then +if [[ "$CONFIG_TPM" = "y" && "$CONFIG_TPM_NO_LUKS_DISK_UNLOCK" != "y" ]]; then if [ ! -r "$KEY_DEVICES" ]; then read \ -n 1 \ diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key index 46980af8e..7000070b6 100755 --- a/initrd/bin/kexec-seal-key +++ b/initrd/bin/kexec-seal-key @@ -84,9 +84,9 @@ cat "$KEY_DEVICES" | cut -d\ -f1 | xargs /bin/qubes-measure-luks \ || die "Unable to measure the LUKS headers" luks_pcr=`tpm calcfuturepcr -ix 16 -if /tmp/luksDump.txt` -# Librem Key loads USB modules which changes PCR5. -# In the event Librem Key is enabled, skip verification of PCR5 -if [ -x /bin/libremkey_hotp_verification ]; then +# HOTP USB Secrity Dongle loads USB modules which changes PCR5. +# In the event HOTP USB Security Dongle is enabled, skip verification of PCR5 +if [ -x /bin/hotp_verification ]; then pcr_5="X" else pcr_5="0000000000000000000000000000000000000000" diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot index 6a782a82c..ef155be4b 100755 --- a/initrd/bin/kexec-select-boot +++ b/initrd/bin/kexec-select-boot @@ -14,7 +14,8 @@ valid_rollback="n" force_menu="n" gui_menu="n" force_boot="n" -while getopts "b:d:p:a:r:c:uimgf" arg; do +skip_confirm="n" +while getopts "b:d:p:a:r:c:uimgfs" arg; do case $arg in b) bootdir="$OPTARG" ;; d) paramsdev="$OPTARG" ;; @@ -27,6 +28,7 @@ while getopts "b:d:p:a:r:c:uimgf" arg; do i) valid_hash="y"; valid_rollback="y" ;; g) gui_menu="y" ;; f) force_boot="y"; valid_hash="y"; valid_rollback="y" ;; + s) skip_confirm="y" ;; esac done @@ -171,11 +173,11 @@ scan_options() { kexec-parse-bls "$bootdir" "$i" "$bootdir/loader/entries" >> $option_file done fi - if [ ! -r $option_file ]; then + if [ ! -s $option_file ]; then die "Failed to parse any boot options" fi if [ "$unique" = 'y' ]; then - sort $option_file | uniq > $TMP_MENU_FILE + sort -r $option_file | uniq > $TMP_MENU_FILE else cp $option_file $TMP_MENU_FILE fi @@ -184,11 +186,12 @@ scan_options() { save_default_option() { read \ -n 1 \ - -p "Saving a default will modify the disk. Proceed? (y/n): " \ + -p "Saving a default will modify the disk. Proceed? (Y/n): " \ default_confirm echo - if [ "$default_confirm" = "y" ]; then + [ "$default_confirm" = "" ] && default_confirm="y" + if [[ "$default_confirm" = "y" || "$default_confirm" = "Y" ]]; then if kexec-save-default \ -b "$bootdir" \ -d "$paramsdev" \ @@ -255,7 +258,7 @@ user_select() { do get_menu_option # In force boot mode, no need offer the option to set a default, just boot - if [ "$force_boot" = "y" ]; then + if [[ "$force_boot" = "y" || "$skip_confirm" = "y" ]]; then do_boot else confirm_menu_option diff --git a/initrd/bin/mount-usb b/initrd/bin/mount-usb index 94946675a..501171aaf 100755 --- a/initrd/bin/mount-usb +++ b/initrd/bin/mount-usb @@ -5,16 +5,23 @@ enable_usb if ! lsmod | grep -q usb_storage; then - insmod /lib/modules/usb-storage.ko \ + count=$(ls /dev/sd* 2>/dev/null | wc -l) + timeout=0 + echo "Scanning for USB storage devices..." + insmod /lib/modules/usb-storage.ko >/dev/null 2>&1 \ || die "usb_storage: module load failed" - sleep 5 + while [[ $count == $(ls /dev/sd* 2>/dev/null | wc -l) ]]; do + [[ $timeout -ge 4 ]] && break + sleep 1 + timeout=$(($timeout+1)) + done fi if [ ! -d /media ]; then mkdir /media fi -stat -c %N /sys/block/sd* | grep usb | cut -f1 -d ' ' | sed "s/[']//g;s|/sys/block|/dev|" > /tmp/usb_block_devices +stat -c %N /sys/block/sd* 2>/dev/null | grep usb | cut -f1 -d ' ' | sed "s/[']//g;s|/sys/block|/dev|" > /tmp/usb_block_devices if [ -z `cat /tmp/usb_block_devices` ]; then if [ -x /bin/whiptail ]; then whiptail --title 'USB Drive Missing' \ @@ -24,7 +31,7 @@ if [ -z `cat /tmp/usb_block_devices` ]; then read fi sleep 1 - stat -c %N /sys/block/sd* | grep usb | cut -f1 -d ' ' | sed "s/[']//g;s|/sys/block|/dev|" > /tmp/usb_block_devices + stat -c %N /sys/block/sd* 2>/dev/null | grep usb | cut -f1 -d ' ' | sed "s/[']//g;s|/sys/block|/dev|" > /tmp/usb_block_devices if [ -z `cat /tmp/usb_block_devices` ]; then if [ -x /bin/whiptail ]; then whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: USB Drive Missing' \ @@ -55,9 +62,11 @@ if [ -z ${USB_MOUNT_DEVICE} ]; then # remove block device from list if numeric partitions exist, since not bootable let USB_NUM_PARTITIONS=`ls -1 $i* | wc -l`-1 if [ ${USB_NUM_PARTITIONS} -eq 0 ]; then - echo $i >> /tmp/usb_disk_list + echo $i $(blkid | grep $i | grep -o 'LABEL=".*"' | cut -f2 -d '"') >> /tmp/usb_disk_list else - ls $i* | tail -${USB_NUM_PARTITIONS} >> /tmp/usb_disk_list + for j in $(ls $i* | tail -${USB_NUM_PARTITIONS}); do + echo $j $(blkid | grep $j | grep -o 'LABEL=".*"' | cut -f2 -d '"') >> /tmp/usb_disk_list + done fi done @@ -93,9 +102,9 @@ if [ -z ${USB_MOUNT_DEVICE} ]; then fi if [ "$option_index" = "a" ]; then - exit 1 + exit 5 fi - USB_MOUNT_DEVICE=`head -n $option_index /tmp/usb_disk_list | tail -1` + USB_MOUNT_DEVICE=`head -n $option_index /tmp/usb_disk_list | tail -1 | sed 's/\ .*$//'` fi if [ "$1" = "rw" ]; then diff --git a/initrd/bin/network-init-recovery b/initrd/bin/network-init-recovery index 23ebcb259..7f24492ed 100755 --- a/initrd/bin/network-init-recovery +++ b/initrd/bin/network-init-recovery @@ -14,15 +14,34 @@ if [ -e /sys/class/net/eth0 ]; then # Set up static IP if [ ! -z "$CONFIG_BOOT_STATIC_IP" ]; then ifconfig eth0 $CONFIG_BOOT_STATIC_IP + #Get ip from DHCP + elif [ -e /sbin/udhcpc ];then + if udhcpc -T 1 -q; then + if [ -e /sbin/ntpd ]; then + DNS_SERVER=$(grep nameserver /etc/resolv.conf|awk -F " " {'print $2'}) + killall ntpd 2&>1 > /dev/null + if ! ntpd -d -N -n -q -p $DNS_SERVER > /dev/ttyprintk; then + if ! ntpd -d -d -N -n -q -p ntp.pool.org> /dev/ttyprintk; then + echo "NTP sync unsuccessful." > /dev/tty0 + fi + fi + hwclock -w + echo "" > /dev/tty0 + echo "UTC/GMT current date and time:" > /dev/tty0 + date > /dev/tty0 + fi + fi fi - # TODO: Set up DHCP if available + ifconfig eth0 > /dev/ttyprintk - - # Set up the ssh server, allow root logins and log to stderr - if [ ! -d /etc/dropbear ]; then - mkdir /etc/dropbear + + if [ -e /bin/dropbear ]; then + # Set up the ssh server, allow root logins and log to stderr + if [ ! -d /etc/dropbear ]; then + mkdir /etc/dropbear + fi + dropbear -B -R 2>/dev/ttyprintk fi - dropbear -B -R 2>/dev/ttyprintk - - ifconfig eth0 | head -1 > /dev/tty0 + echo "" > /dev/tty0 + ifconfig eth0 | head -2 > /dev/tty0 fi diff --git a/initrd/bin/oem-factory-reset b/initrd/bin/oem-factory-reset new file mode 100755 index 000000000..17b3dce00 --- /dev/null +++ b/initrd/bin/oem-factory-reset @@ -0,0 +1,495 @@ +#!/bin/sh +# Automated setup of TPM, GPG keys, and disk + +set -o pipefail + +# use TERM to exit on error +trap "exit 1" TERM +export TOP_PID=$$ + +## Static local variables + +CLEAR="--clear" +CONTINUE="--yes-button Continue" +CANCEL="--no-button Cancel" +HEIGHT="150" +WIDTH="220" + +USER_PIN_DEF=123456 +ADMIN_PIN_DEF=12345678 +TPM_PASS_DEF=12345678 +CUSTOM_PASS="" + +GPG_USER_NAME="OEM Key" +GPG_KEY_NAME=`date +%Y%m%d%H%M%S` +GPG_USER_MAIL="oem-${GPG_KEY_NAME}@example.com" +GPG_USER_COMMENT="OEM-generated key" + +## External files sourced + +. /etc/functions +. /tmp/config + +## functions + +die() { + + local msg=$1 + if [ -n "$msg" ]; then + echo -e "\n$msg" + fi + kill -s TERM $TOP_PID + exit 1 +} + +whiptail_error() +{ + local msg=$1 + if [ "$msg" = "" ]; then + die "whiptail error: An error msg is required" + fi + whiptail --msgbox "${msg}\n\n" $WIDTH $HEIGHT $CONFIG_ERROR_BG_COLOR --title "Error" +} + +whiptail_error_die() +{ + whiptail_error "$@" + die +} + +gpg_key_reset() +{ + # Factory reset GPG card + { + echo admin + echo factory-reset + echo y + echo yes + } | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \ + > /tmp/gpg_card_edit_output 2>/dev/null + if [ $? -ne 0 ]; then + ERROR=`cat /tmp/gpg_card_edit_output` + whiptail_error_die "GPG Key factory reset failed!\n\n$ERROR" + fi + # If Nitrokey Storage is inserted, reset AES keys as well + if lsusb | grep -q "20a0:4109" && [ -x /bin/hotp_verification ] ; then + /bin/hotp_verification regenerate ${ADMIN_PIN_DEF} + fi + # Generate OEM GPG keys + { + echo admin + echo generate + echo n + echo ${ADMIN_PIN_DEF} + echo ${USER_PIN_DEF} + echo 0 + echo y + echo ${GPG_USER_NAME} + echo ${GPG_USER_MAIL} + echo ${GPG_USER_COMMENT} + } | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \ + > /tmp/gpg_card_edit_output 2>/dev/null + if [ $? -ne 0 ]; then + ERROR=`cat /tmp/gpg_card_edit_output` + whiptail_error_die "GPG Key automatic keygen failed!\n\n$ERROR" + fi +} + +gpg_key_change_pin() +{ + # 1 = user PIN, 3 = admin PIN + PIN_TYPE=$1 + PIN_ORIG=$2 + PIN_NEW=$3 + # Change PIN + { + echo admin + echo passwd + echo ${PIN_TYPE} + echo ${PIN_ORIG} + echo ${PIN_NEW} + echo ${PIN_NEW} + echo q + echo q + } | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \ + > /tmp/gpg_card_edit_output 2>/dev/null + if [ $? -ne 0 ]; then + ERROR=`cat /tmp/gpg_card_edit_output | fold -s` + whiptail_error_die "GPG Key PIN change failed!\n\n$ERROR" + fi +} + +generate_checksums() +{ + # ensure /boot mounted + if ! grep -q /boot /proc/mounts ; then + mount -o rw /boot || whiptail_error_die "Unable to mount /boot" + else + mount -o remount,rw /boot || whiptail_error_die "Unable to mount /boot" + fi + + # clear any existing checksums/signatures + rm /boot/kexec* 2>/dev/null + + # create Heads TPM counter + if [ "$CONFIG_TPM" = "y" ]; then + tpm counter_create \ + -pwdo "$TPM_PASS_DEF" \ + -pwdc '' \ + -la -3135106223 \ + | tee /tmp/counter \ + || whiptail_error_die "Unable to create TPM counter" + TPM_COUNTER=`cut -d: -f1 < /tmp/counter` + + # increment TPM counter + increment_tpm_counter $TPM_COUNTER >/dev/null 2>&1 \ + || whiptail_error_die "Unable to increment tpm counter" + + # create rollback file + sha256sum /tmp/counter-$TPM_COUNTER > /boot/kexec_rollback.txt 2>/dev/null \ + || whiptail_error_die "Unable to create rollback file" + else + ## needs to exist for initial call to unseal-hotp + echo "0" > /boot/kexec_hotp_counter + fi + + # set default boot option + set_default_boot_option + + # generate hashes + find /boot -type f ! -name '*kexec*' \ + | xargs sha256sum > /boot/kexec_hashes.txt 2>/dev/null \ + || whiptail_error_die "Error generating kexec hashes" + + param_files=`find /boot/kexec*.txt` + [ -z "$param_files" ] \ + && whiptail_error_die "No kexec parameter files to sign" + + # sign kexec boot files + if sha256sum $param_files 2>/dev/null | gpg \ + --pinentry-mode loopback \ + --passphrase "$USER_PIN_DEF" \ + --digest-algo SHA256 \ + --detach-sign \ + -a \ + > /boot/kexec.sig 2>/tmp/error; then + # successful - update the validated params + if ! check_config /boot >/dev/null 2>/tmp/error ; then + cat /tmp/error + ret=1 + else + ret=0 + fi + else + cat /tmp/error + ret=1 + fi + + # done writing to /boot, switch back to RO + mount -o ro,remount /boot + + if [ $ret = 1 ] ; then + ERROR=$(tail -n 1 /tmp/error | fold -s) + whiptail_error_die "Error signing kexec boot files:\n\n$ERROR" + fi +} + +set_default_boot_option() +{ + option_file="/tmp/kexec_options.txt" + tmp_menu_file="/tmp/kexec/kexec_menu.txt" + hash_file="/boot/kexec_default_hashes.txt" + + mkdir -p /tmp/kexec/ + rm $option_file 2>/dev/null + # parse boot options from grub.cfg + for i in `find /boot -name "grub.cfg"`; do + kexec-parse-boot "/boot" "$i" >> $option_file + done + # FC29/30+ may use BLS format grub config files + # https://fedoraproject.org/wiki/Changes/BootLoaderSpecByDefault + # only parse these if $option_file is still empty + if [ ! -s $option_file ] && [ -d "/boot/loader/entries" ]; then + for i in `find /boot -name "grub.cfg"`; do + kexec-parse-bls "/boot" "$i" "/boot/loader/entries" >> $option_file + done + fi + [ ! -s $option_file ] \ + && whiptail_error_die "Failed to parse any boot options" + + # sort boot options + sort -r $option_file | uniq > $tmp_menu_file + + ## save first option as default + entry=`head -n 1 $tmp_menu_file | tail -1` + + # clear existing default configs + rm "/boot/kexec_default.*.txt" 2>/dev/null + + # get correct index for entry + index=$(grep -n "$entry" $option_file | cut -f1 -d ':') + + # write new config + echo "$entry" > /boot/kexec_default.$index.txt + + # validate boot option + ( cd /boot && /bin/kexec-boot -b "/boot" -e "$entry" -f \ + | xargs sha256sum > $hash_file 2>/dev/null ) \ + || whiptail_error_die "Failed to create hashes of boot files" +} + +## main script start + +# check for args +if [ "$1" != "" ]; then + title_text=$1 +else + title_text="OEM Factory Reset" +fi +if [ "$2" != "" ]; then + bg_color=$2 +else + bg_color="" +fi + +# show warning prompt +if [ "$CONFIG_TPM" = "y" ]; then + TPM_STR=" * ERASE the TPM and reset it with a default password\n" +else + TPM_STR="" +fi +if ! whiptail --yesno " + This operation will automatically:\n\n +$TPM_STR + * ERASE any keys or passwords on the GPG smart card,\n + reset it to a factory state, and generate new keys\n + * Add the new GPG key to the firmware and reflash it\n + * Sign all of the files in /boot with the new GPG key\n\n + It requires that you already have an OS installed on a\n + dedicated /boot partition. Do you wish to continue?\n" \ + $WIDTH $HEIGHT $CONTINUE $CANCEL $CLEAR $bg_color --title "$title_text" ; then + exit 1 +fi + +# Prompt to change default passwords +echo -e -n "Would you like to set a custom password? [y/N]: " +read -n 1 prompt_output +echo +if [ "$prompt_output" == "y" \ + -o "$prompt_output" == "Y" ] \ +; then + echo -e "\nThe custom password will be used for the +TPM admin and GPG user/admin passwords. +It must be at least 8 characters in length.\n" + CUSTOM_PASS="" + echo + while [[ ${#CUSTOM_PASS} -lt 8 ]] ; do + echo -e -n "Enter the custom password: " + read CUSTOM_PASS + done + echo + TPM_PASS_DEF=$CUSTOM_PASS +fi + +# Prompt to change default GnuPG key information +echo -e -n "Would you like to set custom user information for the GnuPG key? [y/N]: " +read -n 1 prompt_output +echo +if [ "$prompt_output" == "y" \ + -o "$prompt_output" == "Y" ] \ +; then + echo -e "\n\n" + echo -e "We will generate a GnuPG (PGP) keypair identifiable with the following text form:" + echo -e "Real Name (Comment) email@address.org" + + echo -e "\nEnter your Real Name (At least 5 characters long):" + read -r GPG_USER_NAME + while [[ ${#GPG_USER_NAME} -lt 5 ]]; do + { + echo -e "\nEnter your Real Name (At least 5 characters long):" + read -r GPG_USER_NAME + };done + + echo -e "\nEnter your email@adress.org:" + read -r GPG_USER_MAIL + while ! $(expr "$GPG_USER_MAIL" : '.*@' >/dev/null); do + { + echo -e "\nEnter your email@address.org:" + read -r GPG_USER_MAIL + };done + + echo -e "\nEnter Comment (Optional, to distinguish this key from others with same previous attributes. Must be smaller then 60 characters):" + read -r GPG_USER_MAIL + while [[ ${#gpgcard_comment} -gt 60 ]]; do + { + echo -e "\nEnter Comment (Optional, to distinguish this key from others with same previous attributes. Must be smaller then 60 characters):" + read -r GPG_USER_MAIL + };done +fi + +## sanity check the USB, GPG key, and boot device before proceeding further + +# Prompt to insert USB drive if desired +echo -e -n "Would you like to export your public key to an USB drive? [y/N]: " +read -n 1 prompt_output +echo +if [ "$prompt_output" == "y" \ + -o "$prompt_output" == "Y" ] \ +; then + GPG_EXPORT=1 + # mount USB, then remount rw + echo -e "\nPlease insert an USB drive and hit enter.\n" + read + echo -e "\nChecking for USB media...\n" + # ensure /media not mounted + umount /media 2>/dev/null + # mount-usb will detect and prompt if no USB inserted + if ! mount-usb rw 2>/tmp/error; then + ERROR=$(tail -n 1 /tmp/error | fold -s) + whiptail_error_die "Unable to mount USB on /media:\n\n${ERROR}" + fi +else + GPG_EXPORT=0 + # needed for USB Security dongle below and is ensured via mount-usb in case of GPG_EXPORT=1 + enable_usb +fi + +# ensure USB Security Dongle connected +echo -e "\nChecking for USB Security Dongle...\n" +# USB kernel modules already loaded via mount-usb +if ! gpg --card-status >/dev/null 2>&1 ; then + whiptail_error "Can't access USB Security Dongle; \nPlease remove and reinsert, then press Enter." + if ! gpg --card-status >/dev/null 2>/tmp/error ; then + ERROR=$(tail -n 1 /tmp/error | fold -s) + whiptail_error_die "Unable to detect USB Security Dongle:\n\n${ERROR}" + fi +fi + +# detect and set /boot device +echo -e "\nDetecting and setting boot device...\n" +if ! detect_boot_device ; then + whiptail_error_die "Unable to locate /boot files on any mounted disk" +else + echo -e "Boot device set to $CONFIG_BOOT_DEV\n" +fi + +# update configs +replace_config /etc/config.user "CONFIG_BOOT_DEV" "$CONFIG_BOOT_DEV" +combine_configs + +## reset TPM and set default password +if [ "$CONFIG_TPM" = "y" ]; then + echo -e "\nResetting TPM...\n" + { + echo $TPM_PASS_DEF + echo $TPM_PASS_DEF + } | /bin/tpm-reset >/dev/null 2>/tmp/error + if [ $? -ne 0 ]; then + ERROR=$(tail -n 1 /tmp/error | fold -s) + whiptail_error_die "Error resetting TPM:\n\n${ERROR}" + fi +fi + +# clear local keyring +rm /.gnupg/*.gpg 2>/dev/null +rm /.gnupg/*.kbx 2>/dev/null +gpg --list-keys >/dev/null 2>&1 + +## reset the GPG Key +echo -e "\nResetting GPG Key...\n(this will take a minute or two)\n" +gpg_key_reset + +# parse name of generated key +GPG_GEN_KEY=`grep -A1 pub /tmp/gpg_card_edit_output | tail -n1 | sed -nr 's/^([ ])*//p'` +PUBKEY="/tmp/${GPG_GEN_KEY}.asc" + +if [ "$CUSTOM_PASS" != "" ]; then + echo -e "\nChanging default GPG Admin PIN\n" + gpg_key_change_pin "3" "$ADMIN_PIN_DEF" "$CUSTOM_PASS" + echo -e "\nChanging default GPG User PIN\n" + gpg_key_change_pin "1" "$USER_PIN_DEF" "$CUSTOM_PASS" + USER_PIN_DEF=$CUSTOM_PASS + ADMIN_PIN_DEF=$CUSTOM_PASS +fi + +# export pubkey to file +if ! gpg --export --armor $GPG_GEN_KEY > "${PUBKEY}" 2>/tmp/error ; then + ERROR=$(tail -n 1 /tmp/error | fold -s) + whiptail_error_die "GPG Key gpg export to file failed!\n\n$ERROR" +fi + +## export pubkey to USB +if [ $GPG_EXPORT -ne 0 ]; then + echo -e "\nExporting generated key to USB...\n" + # copy to USB + if ! cp "${PUBKEY}" "/media/${GPG_GEN_KEY}.asc" 2>/tmp/error ; then + ERROR=$(tail -n 1 /tmp/error | fold -s) + whiptail_error_die "Key export error: unable to copy ${GPG_GEN_KEY}.asc to /media:\n\n$ERROR" + fi + umount /media 2>/dev/null +fi + +## flash generated key to ROM +echo -e "\nReading current firmware...\n(this will take a minute or two)\n" +/bin/flash.sh -r /tmp/oem-setup.rom >/dev/null 2>/tmp/error +if [ ! -s /tmp/oem-setup.rom ]; then + ERROR=$(tail -n 1 /tmp/error | fold -s) + whiptail_error_die "Error reading current firmware:\n\n$ERROR" +fi + +# ensure key imported locally +if ! cat "$PUBKEY" | gpg --import >/dev/null 2>/tmp/error ; then + ERROR=$(tail -n 1 /tmp/error | fold -s) + whiptail_error_die "Error importing GPG key:\n\n$ERROR" +fi +# update /.gnupg/trustdb.gpg to ultimately trust all user provided public keys +if ! gpg --list-keys --fingerprint --with-colons 2>/dev/null \ + | sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' \ + | gpg --import-ownertrust >/dev/null 2>/tmp/error ; then + ERROR=$(tail -n 1 /tmp/error | fold -s) + whiptail_error_die "Error importing GPG ownertrust:\n\n$ERROR" +fi +if ! gpg --update-trust >/dev/null 2>/tmp/error ; then + ERROR=$(tail -n 1 /tmp/error | fold -s) + whiptail_error_die "Error updating GPG ownertrust:\n\n$ERROR" +fi +# clear any existing heads/gpg files from current firmware +for i in `cbfs -o /tmp/oem-setup.rom -l | grep -e "heads/"`; do + cbfs -o /tmp/oem-setup.rom -d $i +done +# add heads/gpg files to current firmware +if [ -e /.gnupg/pubring.kbx ];then + cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx + if [ -e /.gnupg/pubring.gpg ];then + rm /.gnupg/pubring.gpg + fi +elif [ -e /.gnupg/pubring.gpg ];then + cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg +fi +if [ -e /.gnupg/trustdb.gpg ]; then + cbfs -o /tmp/oem-setup.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg +fi +# persist user config changes (boot device) +if [ -e /etc/config.user ]; then + cbfs -o /tmp/oem-setup.rom -a "heads/initrd/etc/config.user" -f /etc/config.user +fi +# flash updated firmware image +echo -e "\nAdding generated key to current firmware and re-flashing...\n" +if ! /bin/flash.sh /tmp/oem-setup.rom >/dev/null 2>/tmp/error ; then + ERROR=$(tail -n 1 /tmp/error | fold -s) + whiptail_error_die "Error flashing updated firmware image:\n\n$ERROR" +fi + +## sign files in /boot and generate checksums +echo -e "\nSigning boot files and generating checksums...\n" +generate_checksums + +## all done -- reboot +whiptail --msgbox " + The OEM Factory Reset has completed successfully\n\n + After rebooting, you will need to generate new TOTP/HOTP secrets\n + when prompted in order to complete the setup process.\n\n + Press Enter to reboot.\n" \ + $WIDTH $HEIGHT --title "OEM Factory Reset Complete" + +reboot diff --git a/initrd/bin/seal-libremkey b/initrd/bin/seal-hotpkey similarity index 54% rename from initrd/bin/seal-libremkey rename to initrd/bin/seal-hotpkey index 7203b7198..70b0e933f 100755 --- a/initrd/bin/seal-libremkey +++ b/initrd/bin/seal-hotpkey @@ -1,11 +1,12 @@ #!/bin/sh -# Retrieve the sealed TOTP secret and initialize a Librem Key with it +# Retrieve the sealed TOTP secret and initialize a USB Security dongle with it . /etc/functions HOTP_SEALED="/tmp/secret/hotp.sealed" HOTP_SECRET="/tmp/secret/hotp.key" HOTP_COUNTER="/boot/kexec_hotp_counter" +HOTP_KEY="/boot/kexec_hotp_key" mount_boot() { @@ -16,6 +17,13 @@ mount_boot() fi } +# Use stored HOTP key branding (this might be useful after OEM reset) +if [ -r /boot/kexec_hotp_key ]; then + HOTPKEY_BRANDING="$(cat /boot/kexec_hotp_key)" +else + HOTPKEY_BRANDING="HOTP USB Security Dongle" +fi + tpm nv_readvalue \ -in 4d47 \ -sz 312 \ @@ -29,8 +37,6 @@ tpm unsealfile \ || die "Unable to unseal HOTP secret" shred -n 10 -z -u "$HOTP_SEALED" 2> /dev/null -secret="`cat $HOTP_SECRET`" -shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null # Store counter in file instead of TPM for now, as it conflicts with Heads # config TPM counter as TPM 1.2 can only increment one counter between reboots @@ -51,24 +57,43 @@ mount_boot counter_value=1 enable_usb -if ! libremkey_hotp_verification info ; then - echo "Insert your Librem Key and press Enter to configure it" +if ! hotp_verification info ; then + echo "Insert your $HOTPKEY_BRANDING and press Enter to configure it" read - libremkey_hotp_verification info \ - || die "Unable to find Librem Key" + if ! hotp_verification info ; then + # don't leak key on failure + shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null + die "Unable to find $HOTPKEY_BRANDING" + fi fi -read -s -p "Enter your Librem Key Admin PIN" admin_pin -echo +# Set HOTP USB Security Dongle branding based on VID +if lsusb | grep -q "20a0:" ; then + HOTPKEY_BRANDING="Nitrokey" +elif lsusb | grep -q "316d:" ; then + HOTPKEY_BRANDING="Librem Key" +else + HOTPKEY_BRANDING="HOTP USB Security Dongle" +fi -libremkey_hotp_initialize $admin_pin $secret $counter_value +echo -e "" +read -s -p "Enter your $HOTPKEY_BRANDING Admin PIN: " admin_pin +echo -e "\n" + +hotp_initialize "$admin_pin" $HOTP_SECRET $counter_value "$HOTPKEY_BRANDING" if [ $? -ne 0 ]; then - read -s -p "Error setting HOTP secret, re-enter Admin PIN and try again:" admin_pin - libremkey_hotp_initialize $admin_pin $secret $counter_value \ - || die "Setting HOTP secret failed" + echo -e "\n" + read -s -p "Error setting HOTP secret, re-enter Admin PIN and try again: " admin_pin + echo -e "\n" + if ! hotp_initialize "$admin_pin" $HOTP_SECRET $counter_value "$HOTPKEY_BRANDING" ; then + # don't leak key on failure + shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null + die "Setting HOTP secret failed" + fi fi -secret="" +# HOTP key no longer needed +shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null # Make sure our counter is incremented ahead of the next check #increment_tpm_counter $counter > /dev/null \ @@ -82,11 +107,15 @@ counter_value=`expr $counter_value + 1` echo $counter_value > $HOTP_COUNTER \ || die "Unable to create hotp counter file" +# Store/overwrite HOTP USB Security Dongle branding found out beforehand +echo $HOTPKEY_BRANDING > $HOTP_KEY \ +|| die "Unable to store hotp key file" + #sha256sum /tmp/counter-$counter > $HOTP_COUNTER \ #|| die "Unable to create hotp counter file" mount -o remount,ro /boot -echo "Librem Key initialized successfully. Press Enter to continue." +echo -e "\n$HOTPKEY_BRANDING initialized successfully. Press Enter to continue." read exit 0 diff --git a/initrd/bin/x230-flash.init b/initrd/bin/t430-flash.init similarity index 94% rename from initrd/bin/x230-flash.init rename to initrd/bin/t430-flash.init index 0ba456f79..9b97970eb 100755 --- a/initrd/bin/x230-flash.init +++ b/initrd/bin/t430-flash.init @@ -20,7 +20,7 @@ echo '' echo 'To install from flash drive:' echo '' echo ' mount -o ro /dev/sdb1 /media' -echo ' flash.sh /media/x230.rom' +echo ' flash.sh /media/t430.rom' echo '' exec /bin/ash diff --git a/initrd/bin/unseal-hotp b/initrd/bin/unseal-hotp index 5a697f369..0fc3fb28e 100755 --- a/initrd/bin/unseal-hotp +++ b/initrd/bin/unseal-hotp @@ -7,33 +7,19 @@ HOTP_SEALED="/tmp/secret/hotp.sealed" HOTP_SECRET="/tmp/secret/hotp.key" HOTP_COUNTER="/boot/kexec_hotp_counter" -mount_boot() +mount_boot_or_die() { # Mount local disk if it is not already mounted if ! grep -q /boot /proc/mounts ; then mount -o ro /boot \ - || recovery "Unable to mount /boot" + || die "Unable to mount /boot" fi } -tpm nv_readvalue \ - -in 4d47 \ - -sz 312 \ - -of "$HOTP_SEALED" \ -|| die "Unable to retrieve sealed file from TPM NV" - -tpm unsealfile \ - -hk 40000000 \ - -if "$HOTP_SEALED" \ - -of "$HOTP_SECRET" \ -|| die "Unable to unseal HOTP secret" - -shred -n 10 -z -u "$HOTP_SEALED" 2> /dev/null - # Store counter in file instead of TPM for now, as it conflicts with Heads # config TPM counter as TPM 1.2 can only increment one counter between reboots # get current value of HOTP counter in TPM, create if absent -mount_boot +mount_boot_or_die #check_tpm_counter $HOTP_COUNTER hotp \ #|| die "Unable to find/create TPM counter" @@ -50,6 +36,20 @@ fi #counter_value=$(printf "%d" 0x${counter_value}) +tpm nv_readvalue \ + -in 4d47 \ + -sz 312 \ + -of "$HOTP_SEALED" \ +|| die "Unable to retrieve sealed file from TPM NV" + +tpm unsealfile \ + -hk 40000000 \ + -if "$HOTP_SEALED" \ + -of "$HOTP_SECRET" \ +|| die "Unable to unseal HOTP secret" + +shred -n 10 -z -u "$HOTP_SEALED" 2> /dev/null + if ! hotp $counter_value < "$HOTP_SECRET"; then shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null die 'Unable to compute HOTP hash?' diff --git a/initrd/bin/usb-scan b/initrd/bin/usb-scan index 6d3eda27d..d9f26b04b 100755 --- a/initrd/bin/usb-scan +++ b/initrd/bin/usb-scan @@ -2,6 +2,7 @@ # Scan for USB installation options set -e -o pipefail . /etc/functions +. /etc/gui_functions . /tmp/config # Unmount any previous boot device @@ -11,10 +12,10 @@ if grep -q /boot /proc/mounts ; then fi # Mount the USB boot device -if ! grep -q /media /proc/mounts ; then - mount-usb "$CONFIG_USB_BOOT_DEV" \ - || die "Unable to mount /media" -fi +mount_usb || die "Unable to mount /media" + +# Get USB boot device +USB_BOOT_DEV=$(grep "/media" /etc/mtab | cut -f 1 -d' ') # Check for ISO first get_menu_option() { @@ -72,7 +73,7 @@ if [ `cat /tmp/iso_menu.txt | wc -l` -gt 0 ]; then if [ -n "$option" ]; then MOUNTED_ISO=$option ISO=${option:7} # remove /media/ to get device relative path - kexec-iso-init $MOUNTED_ISO $ISO $CONFIG_USB_BOOT_DEV + kexec-iso-init $MOUNTED_ISO $ISO $USB_BOOT_DEV die "Something failed in iso init" fi @@ -81,9 +82,9 @@ fi echo "!!! Could not find any ISO, trying bootable USB" # Attempt to pull verified config from device if [ -x /bin/whiptail ]; then - kexec-select-boot -b /media -c "*.cfg" -u -g + kexec-select-boot -b /media -c "*.cfg" -u -g -s else - kexec-select-boot -b /media -c "*.cfg" -u + kexec-select-boot -b /media -c "*.cfg" -u -s fi die "Something failed in selecting boot" diff --git a/initrd/etc/distro/keys/fedora.key b/initrd/etc/distro/keys/fedora.key index e14b4cadb..684a758a0 100644 --- a/initrd/etc/distro/keys/fedora.key +++ b/initrd/etc/distro/keys/fedora.key @@ -1,194 +1,172 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBFfTPiIBEACnRl8tUymlDOBNJWjtICofXNyM4qt2qfGTme3YZ0ZVOay55pK6 -1OLiyNLXyJfDH9d2U6dZn5UYLNdE3QXRVua5GXlSituY0+pzs7n9doW/U8kdhm9a -zOfyR1Wh/u/FHUmiXUvuwLVzqee7lSU3Ry1voDzPIyM/3/eXDa4wAkbYuestYV2F -G2VqcMgDIEudYlkz6N1OigMWvkvYXFHVC1A55ydHenWffQzQaPpGuJLA61ARZ5Cu -X46xgOCPc+aSvAm/D0cmOS7xhZcUqs1A5uGtViZqsRt59Bp0HVNxftfBCO/rQx+9 -FrV1vYXkbTdzG3unlVCJxxC2dW2W6hb3SNgPbE5fgiG9twvVU+3GsFUwARclRWiZ -HjbWdjlRTkRySzkkdnXalJo3G4UAEDfkvujM2dB4Dt6gVkCPvSKVpK6HTtBdHmDO -scYfazX/j86somO9npHSrb11tYaLbx2PYfEvw6F7rsxr78/GBjzPnKkK3suXxDlS -8q7tT1FYV89EzjME5+ThJOyPxyXHKQQwozIXcB/BUfyWGlfFFh8baD+DA8lNgQvl -/TVFvW6bUV6ll5JoVJJhC87EACL7mlo6AQtwCivUEPxusVXM6u53UKbsc4gVdkZd -WpUyT2YsgKK05/eVDIkMLHXb3efVbJ6NCj88Fq6hYB7+Y5MRbRFJpvS4DQARAQAB -tDxGZWRvcmEgMjYgUHJpbWFyeSAoMjYpIDxmZWRvcmEtMjYtcHJpbWFyeUBmZWRv -cmFwcm9qZWN0Lm9yZz6JAjgEEwECACIFAlfTPiICGw8GCwkIBwMCBhUIAgkKCwQW -AgMBAh4BAheAAAoJEIEqa0tk2rhdFk8P/1WZFEEBfUr9ywRxeVAwiKx9Ggzf8m61 -p98spnUGj8N53bKwguKnMqAUtm9/XQPRGYRfqKKuKF/4AySCOmqFP86zHThnbFcb -fMyiJOxBN5N/5dhUxTkZG1M51vFPQx53dnea3w7ypJekTwfEna46PKUD7dTV3HJg -d2YOojD9mxup0iAmi7/3mi0cHwTCZS9FF/A4eBWjuEd4OM3KzPF7HBdY37a1IBLR -k7wruMEGSq6EXcoeqG2sMmU7RnEeQxy3WqMYdRdzUjbfBN7mCAcuv2yKB1FFW4/v -PhP7ObpCCLiaL46APdGFHZ30EC4oaeqSygJ8+zAIFK40t/a0iNNf8ZKKeeuasinr -qNJAep/WoVjIpx/LlF9vw522fhYXJ75LYLBCQNke/4rQ1Rl29io2Dg29aPrEwFPj -+7zDztdvaGmu5wLPvsC+w5pyqOT2LPC19y3D7T+KfXp0gEwyZedviDwZdIXz1PX1 -IMytlwRXlrhkp/2WzJvAkJCmRSb8QsxY9Y2A4rfqrNCk6kgjc+3pXNdxumaXEp33 -pjm+z61Qrg2XXFHUhQyRiBnEtyo2Hj3tJQdrPxwGIgtKFZCv+oAwewnMw9TFycI6 -rYEfS4wdAIOGoSF/PL9Eq2xoUJQw8QFCrURm7sfS0/VmvXoSjqzZLeWI4e+JvId0 -QFFBR5ZKOqzomQINBFeocJYBEAD0YKTqzt0QVgmHkRO0G8HpwdsNEzPANkDWe4KC -1YnKTDjl4ojvBfGc4bzLb+jXM4364DWGxArW6QJFW0DWI9DsK8+5TO+Zi9xtLi5B -XKImw2cYh7HKbCdNtBxT3xI1UVUuAkL8qbschWTUKgLYC1ywwjiFmjY7fEUpr3jz -QrhYxazqN0NvR/lq9k3VAetXTRfOEOhUrIhrTRQnsK58rspF4nWqZTj6D8jkSGcQ -qs9D3/btbsx69QkFKIIfxvfZxIHccaYfJhjgNU75b4Zl6NQvRm0jB8jpFqMTvG7z -vwubRiCku0YST+jy5RiZyaL5Yue0RP8dW0xfsVdRE7zsNaTRuvwVOBfXIFuGj81q -0JrO7G5HW2Kmo2byOeqidPyrlFtJv1PfByUFKIZ530HM4mnVH8193ZbravjJCpj1 -Ye07cq0yy0Nt2rvEpi63EYCBOaOQ9SJaYf77SZlZj/r7W2Hnnn40RqfzRUS3EAIu -cx1KtqNly5B4zm56J8I9rPmqf/zfj+0/kGj8YRm8MP2+F7Se836PGF5d3zjazamc -f0ORQmG67dwqddB+a5JhAxWl8OlFNsNBdRnu4qY3i6jK8jhI4U6NwQYEcWmnEeK5 -rbU20lEKPKla+1bK5OlU02JINuS0iXyCMEYyLdheCRQVGXGADVgXy790nTb/IpGV -mDj7lQARAQABtEBGZWRvcmEgMjYgU2Vjb25kYXJ5ICgyNikgPGZlZG9yYS0yNi1z -ZWNvbmRhcnlAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMBAgAiBQJXqHCWAhsPBgsJ -CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBFYP1NO5IdCWGXD/wOG5fluN233GHQ -sZ1WQneDaq/zi/GyyNelbR5TVJhmZ/ifi51EGx4/w6ZdWokmVQ6UejatdeQCQhlF -lF1g9Ax/oYoEbdJVmFRP7HzXqWcENXnCSXcpha3C1N8g12a1B3qew0gbuRbhwnnz -cDUQSSrcefS1XpnhRmDUt7WanbWOWQ6kktYdAkfVd2/k/Y5nHUZp25mnjsNPbsff -ev6xTdUB4dVkirBR4quMYwDXzzKKLz5E7pZB94C8WUCAYPOKM5pCuJR3L4pAjHGj -UyrSSxAaCepfiwJcCOQHMJY7CpuRqmhc1o3BaV8nO1HWMzbI78RChYshKCDY38Cz -h6SoeMJzaKUDAsvz7tNhOl816s0dbtVw43Ngou7G7tOxmnI47AMNHBuBbA/qKRg6 -et96lWcjmJiS1xks4FZFSEoA9BzH2G9o5LgYKKTRZIRPVZ61nsKa+as4E5oyDbXn -UmnbanrfUvALL+vOYTEeFCB7qif2Ek58ujIQBLczmU+2S74pdQlu7kSYnrqNkkRx -FOgFWt5udiOw5R2vnUO2VAISDlUnkgyHp2SUnHAE2Q4StccvR9JeZUH9IuVioN/n -AwzYTTKyOiZXzipkxwznSjukiS4WPqdnLrTCNQ7WPpyygQDS/Z1DLt/+Rdxz4wkX -76JjNVL+8hBF07H2vzBvtkCoZXEQ17kCDQRXqHCWEAgA6UwG6HiPE0EY3UpaAJDQ -SibtS5zaId0H8SXhdAk3ZVtzbskmI8FVuAyi6+Phl9Ps2RjVR88p9Uk6dV2QnRp8 -DpXQFeGfjMkfokl5TmnGu5txXWMGdGeiAs/VlMzRuUZI05fJR6eeA8gn4wpBPmuX -BgFre/3tuMxuahBLIhrLuThMMKZrfV42zaYN9waddnN+upM96aKQziNbmU7CSVGX -K1wKtvbSF51BXeO7w7KdTspKedjVLMhWrlUEAKmdeZDj+9slw4QXpqWMP8vmmIxb -rYXm94r6IgYFKYk1eZ2t8JbNdjFfRKGLKsPI2W9uH8+fI9/Xqw+mSwFMGqruBpmx -ZwADBQf/R2o8TOghFlNt90wrfP0XaumUP+aZLvb6ndjESTS7PaX1R1wsHtPaVDWn -aTgfA66rrCp/66vmKf6uHlPeUx0RREaIJ56uKP3n0x8HDn1ZBba83NoriWdVqar6 -f3+UBoZ0u1GBK/F8vG70Xj3x0dJ2psFP62yrDg5z+/TCM+o7EnUl5KYOpa3R25W6 -UEHoEexUIqxZp9+4FGH7+aO2LKbslEL3AVgraUBiFknJl7ikH3ZxljiFVigjBq/J -N2F5CrmeAhdAZedF3lE/epQ+LSQ+TTN7ukGt2l37aJDTRGNHqe6KCy9KqIBr8XAa -z9mJ34QF4hB/tDUSGQP5eg93ecG5PokCHwQYAQIACQUCV6hwlgIbDAAKCRBFYP1N -O5IdCQHSEAC4g0BMaQu5qzLHeh/bFXtxT4vFucXLAenyLH+oIEo43crSUpjQiXzB -itUc9sWMX7/mjj8EWOGbIQNYZO712Ei7fPO7u/auZ7qIlVUKlEHZ+du1ORC5+khK -rimgjP/ZIhTYKHiIJD3BLs2rEGXdx3TQCYRIgRm066KKZ2gQy3YHngqipmOzvz9j -4ctpmD6NabgX3eWjUCzxofd3m67c6sQVKxUNQzujCgtaLIClYQEMO0E7Xq9auq9L -OvD+40dLE63jfYKSIvsQ+3qUmT0CEfk5K3GDYC30xQU4cvqCybOreSTQR0L/f/wU -bTYt7Iyj/8eZwfi9wh2zVY2MOoe2zT6XIW2oKJFD9ka7IZsezMR4PBhEGCg69uWb -PXbwIP3har1pzIrwR1Uto9qCosupnkz3+ILQOiGxY5vtKXUr/0ulQ3gjZiLNL12m -5MvnAUg4aoms0W76wYUQG/NnccBzKE9hUAlgSak8n0gZPSRbG0wjOIcbE/arSpQ2 -k8WkwxkcUuHfOnBq/2ME1njWkNp+h+F/ifZcwcBiRNZ+S8Y/kV2kh36pjkic4mCc -4JjoNLxMic3Jpbf15Q8X0mgDbp1RVPtm4QTagq3kXRGjFpVaUfJF6ZdzPBm5qJ6F -7ZX9p/av2zCpAw7ZjY7u8pfCZttaiaHYd6KYgPX5LEQK5QSTxy/JNJkCDQRYrJKj -ARAA027KAF6Qz5PhbXMARD2UFXtGEGHTqmr30EFQ/0WAHB5yVvytW2YULrAY1CHn -PUnxot7gTTZm84gL6Xf8nDCslh7lkC5gYGyJq6pz2wTzF5sXjRp2YwNYY1Q6dKc4 -9voGUIamFkn+pEMvbvQNZklOtypf7X8O/oV+03NyPH3hgBQh3BUIBEsVIm/DMPzj -hkdwJvXynQPitZCXkCImb1zHDRcftwn6Gr4RXYnLqE9im3Ers0Zu+nbijR5S2j+v -yG2cTYg1ofEg1aRWhT5akf0f/sImwOnvcDH+gmeL31GOzSmH+LWAbNBGHZJ94/yo -SScXW/jOOkP8cKvaL2aO1yIS6yFD7jMPdV/XG75FP2vZBNX33aTZhdXw51HBJLrh -KjpfmjFbFARGwEPOsq8KQ3y+F0/b8JwyJIICmcrw02eqtNFyoNxnqyrmbUAZf2HB -w17gZQdX86RpfGvIav/hnk9rFcY5WMD1467CndTXj+nLULEeoB7j91uaIT+KwK7T -OjjTfK5U4qHQy1RhwaVMyEXYK+0Qi9QKgfb63UNjFWTGrE3FJ1LyqNB+JqbPsdOY -xmqNG9GdEyXOsK+smxx9/DVRtOlV+ayWZX2XIRsJFs5mMWouef+5Z9byZpPpG3Uu -6StI35nlSfAO+1ywi9+qCRQogq2I1fmRoLwfs9PCc8HO7IMAEQEAAbQsRmVkb3Jh -IDI3ICgyNykgPGZlZG9yYS0yN0BmZWRvcmFwcm9qZWN0Lm9yZz6JAjgEEwECACIF -AliskqMCGw8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEPVedDD1KC7k3MMP -/ixT1RMlYLjHlP0AARLBORRDe5HA0XmbXcKu6f2igtvZswsXh4IIrWDhpayDZCdu -gKuqfqFusOycQViZyqEwWCQxczSG6f+hmxuKCnBJ1kGX050S06+WrpFXVgRXr8wt -Ibq2qGys946GESF/NulVM0vwONfM6Zw1T7aaN8fOlfX9vdq6otrZ/UOXEAuQpN/3 -I0AxMJDfYB8+I/3NaGuswTnB2ypGmXVgNnSLOlzsQiB4O/IulUMDDLPr35tr21dw -AgnDlZ3d3ejcSELgyxEMHbXQdsyPEe+G42nKLK3Gnyvhdg55DO1qy0gokyiyQTEQ -8fl9pzo0+aS7rbOBQv12ETtt0jLTwDM0POdmdZZI7GlQ7I8zagmrFAdLwzxy0BPG -o9M3ITQUs7h6CqVzWE8ic7XpFi/0F5FLF7tMezeVoQZWfpZ4ui7WVOdZewSXdZ/m -Sp0OIJo0NX31S24M2/WdTDY3tLOtRXSplCUBlC2Kod9luBlfkS77SOgCVfxJhQlB -H0Sd3gPLSYsinuddsIopv1g4b8xbrjwbqdmd07n4miUDsrC5Tefh1EIrU7XHe4/G -YKbCACGbUljjMWyACVm85/II3yI+GQ3qNGWVx9FYA5F7ab9YPEdmkQM+qG+WGFuV -ZyNlBK+d8dWe5ZlIb/01GZ9uiHlNeowifNJO6Sb0EhfGmQINBFmSAVYBEADakUeJ -gNnAP2CE3vw+iI0Um9XvuBP6NdESRiJIEPgXhKWM058JPZDkpRETS4pbB3xUyPLo -ogoO76lheBEOPEAGp5mb/7vEcwlYqjtuetFi9hcsbNPxDeOLQ9KR7Xs2idU+DlCJ -W1WyU9UiLoyZpQgAqF7Y50MoxPKJtfDuM52YkulYLU+MleRtxJzHYcXArU3x3Czz -1FnemVtol3/1/BvmGQPIyj2HdG4vxWbiX79AUSlchh+MbNqOOpVVK16lLEbJCxCb -PdCsKCTOI+FsdQsB4bnX5ddNcvxxACwHNUifVD/1XH8Ax77DHohRbccRtIZqZEIK -ecHxVyFdr2mAl9mEXSzaFvRzWa+5seCgGoV0INBhj6NEtHhSxBYzLmr5noQ8JNPa -6eRipPvYTle2vstq2YUJ8D0ZbKbxaCPstemCQZrQKzh0tgezIgVXKc2U0i3ZOEYf -4ISMHeBnH36nRMBnaH/HkLyZyHXNE4vswJpwPjNtaofzQDD+TmCe2ObKei8iUqfL -o/8Je8IvnodS9C5l0fyEaMmo5BWc+SYRSTR9libNruwu4j6Kuoxge9SbRuD2S0qz -KK2LYRZrlkxjP8REnpvXxUfeSvNYHrbjzYDv677S6pqWdNqyoPduKiZWy6Vg4g+p -Ymk5T7vrpNizGK6exKiYZ5tAUaO3lrdpHOolUwARAQABtCxGZWRvcmEgMjggKDI4 -KSA8ZmVkb3JhLTI4QGZlZG9yYXByb2plY3Qub3JnPokCOAQTAQIAIgUCWZIBVgIb -DwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ4I5+Yp22L7GMDhAAwwQhpXFX -xegkgi0pFbA98Om3UBiQtcDemQSls0HEJh+J9sm4g0Sj2K7khFnJCKsQNVnJDVxv -xJ9j/AFZErRMjudUF7ACZfKDtNxq3gkH7qICPKk/DzeXblrzPc/RX+kkl9I5jFBh -apypsExa2yilfk8IiKq6nd2Ro7K+gEh/CMhfe7YBGInZ3FmZWsq1+WKTZCUNmA8+ -+eWIbmukrAoieTHTvIcOmc+dfaUAmjWtOnc69E9UmTCwEMEbPVMSmZv0qnp0kByW -UeV5cZR7NoXmaMaTr5aUY6wJuLshbWzgmudorf1udUwqYlpxZJtQCxlHezulrDJG -19d4dC5vGdYbnpeq01s9L9yieccKafWfldBU+YBZbo9e9Uzu/766pxEAtqYYSyZb -oiqsj5NCoq2fRc4DjfCDVEaK7HSPcQpQFA+p18sD2qccEPPo+F2+M8PZLf4khipG -RH1nm9AmM/v25a/9w22bDuUUvpcWwW45YsNToTTM4d6Ts750lCw/4K3jHnrQWxL7 -VfwLw0H1xlxnVqIXlL3HeOIn9EoaygxV2gJtPjB/Gwr2z/K+HoibAxvo7VcpxD+N -38LaPtrx/ERMxeYBJvMgSqGaC3MXj36/qv0zTyyTItYX9JfbOrikoJa+aKQGmTWL -rcuKaYl6Jzsq3vRTbNRRi4SpXwTwMyuW4pWZAg0EWohlNwEQAKOHQMrLA93QfH0j -icZixtRuohTtMZmDFpP2OdVJGCRx19Gq3YI/sR21FvKqQxQrIvbcIvADP5hKZ/0V -/2fEFKXwWIpQI01ZRg7d9oQBmRnmt4OvqHpbhrSeIExZ9UuqZiOlmaRwGqAuCX7b -BWr38T0Wr1LMOS3NzNQXvDABauwpbmvAQSr6LyOToVJRM0ypZmrr3LsO+jHyTxAj -G2i7l0gvdnypB2Rz/TKdOzht1pz3gWwkEzrSopIc/bcxjumnA6XvC20CydojMFoI -PRQgzmq18UE0Vph94nmQfWt/43OAWMnzLUPGJl0Rfa3g7Je+G4BBK9jKi0OsnMJu -6yNdBgxhiqd8ZyoyZMKSAbFht19UZsyzfHWYw5tlYxBtv0cY3QpMFoV3ADsScwGs -IbLcj1bGeAYgYBM49aQ89RTGVoj2PDFPe2pvBhjkqfZGEPgJnKPhUhpC8Z0xqinT -U7vxBUUeF0fbhpuo24+tioQNn5pJOCdgUolykZKxFUv4rD/HXCKTw9jOkL203NTU -tEKL2OxfSmT2A4NKBsotavJkSBloh1wFwkPhTeyUON0F5MNjyklX3P2vvP6AU8Ac -upK0YqPaJxu/zR0wZN+BSbcepYRL9deiZf1lYDW1XRmU04zz8i6eYhLP0w2lzcsK -Glxxx9+Ot+9YF+iQMppc72oJSBy3ABEBAAG0LEZlZG9yYSAyOSAoMjkpIDxmZWRv -cmEtMjlAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMBAgAiBQJaiGU3AhsPBgsJCAcD -AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCiCqVrQpR2tHtrEACW40dD3dPu7/IhBpMK -zi4Zv+MSDupubqFHHmeyqt2beoo2qfJcrrWec82gMk2TVaFnDDhF2u/EIM4bLI2E -ZJ6OO9czpEEMQ5j8qYPqG4+jzE3mLslUb4TaaXBMZ7sdKDjt3TAfJ0M1NEtCpPRV -memTFF7em5DgM00clkbVKxGX9J/ZUjVfIH+EdsUZstL0q8ffaUIgAC23p1sZNFkL -2CwYvpdH/qjsRTl+mPtTmtiINMVpiqaobbUtllX3G2oKgdwoSVjuNftF+aTxafUb -bMLZdHQtft5UfsYF5fDoluYtmPFKB3bfnMTWU1JpIswc4cxyBIdagQL1QvMtgm5N -qCMrdyOTRWQouhxqRFyxv120VzGBkZ1Ad8xfuYP16m4maoHhrpM5mgv+2Krbw5Fq -RRuNh8vP2eCep3+kmSf0w1ZzHLfIG051Nipx77rX9dCThxHa0fxXZ4/t8vxgxug2 -Q89txsqVy8ob9OBpLS1WsUxSYDXGYOKHN/qC6kAA2VwyRijSGb7PWEu+CqiynXih -Ohwl5csAVXDl3Gdv1uaqMHL7vu7+uqtjQSQtB31edeCjBRCXRFI1eBwgh8SRUGKk -v/ZgH4wUGYxApxMNdfuVz+GXpbgEWZWPYoeQ91nNQ4lBVh973RG3eF9cdWJTDXXy -GRNomGsI9XCQVtpRaxwQDY5oUpkCDQRL0ilCARAAyxp1I9uGVSlu5YhTfyQOQoLc -5TZyrO7AYO31WzVq8ohN1EW59SV763cB7ZCsmPev4n2dS3d5RNoDhetWxmdglsCT -Xnu+kqfWforD/EUF2xuY8I/+ATPRyu6YZLahVSfFW2No3043H8UbxjPGAcFxfIcd -Ag2VEQI739cUUkCe4gKOfKnB517cTgL0JgG0fc+kP4fw/mPz4aCCadTleFTRwmwr -PTOx1FQaYAudzw3E1ELsHIHmOqUIKPXk9XizUmVayeQXLYr5dVHA+j+giBpJHk9o -DYaop3UT54FFxl1u0M6Hn3vn1UKiUpu06tqvaKlWeOifeuMGgkSLUckqbluXcWTt -+FjOsLMNgT9jJQAmx+Jd5bqraV6Nwb355PhwBR9x3DLsHWrpcb+82ClwnzaEn4K6 -RH6NhMeCJvyN1nbcDBPxm58Hat1Sc4AMS1RYXMwx8DZI5iHTwJTSff4sUY4qeHYG -bVvFXAQqzaC/i4Q6yH475y3UbrwR8vT97AhexWcnGh5TFj+kYi7R5xDBnG2fEKUB -4tnUXlNcMq/UIILhlPo6kl2Gq9chHLHURmrKaTSGfPkGsG5v2uHaE9dExLTwK4Uq -B5cG76kw2I7X1fdpQv9osIDuoGIBvV6zuFfHVd/RX5u6CxX7024OZr+EPxOgFqP4 -JI5rcZHLpW8gL4xbWAEAEQEAAbQhRVBFTCAoNikgPGVwZWxAZmVkb3JhcHJvamVj -dC5vcmc+iQI2BBMBAgAgBQJL0ilCAhsPBgsJCAcDAgQVAggDBBYCAwECHgECF4AA -CgkQO0nfKgYIuJUfxg/8Cxj7/ajt/Xsm/TZa8HynVBKNbR8Sna4Tc/l2KzuMlQ0w -WUT0rry9smqHkiIUDioTT3xIE/ZnbG7IHH5qB8ZhlXJ/pW4XlrEr3IK17s9IC7fE -xhihhkTgKC16blLG9RzbShDsD0OM9bkNpzs+YS0cgzldCNi8GFfAYxiIwSlDBRFM -RU7C+1zmZKwIP1m0x9j1t4a30lrXEQOxGKJyNwfNHd/X38LO0psim0uT5mY6jj7k -71dhdLTISiIZ3AcKKI1mTxMX7R6SocylYfH3Qzv9z9ctRZNwop/FGwjvTFjBTUdu -31cwgDZRD5Y7BwPtxM+Be7m6BadDjhKL+GMouARG4KmZ7YUxuLm/Z8orqSGd3JDx -6951XA1BnC+pUA/55JjVSHi2D8dbhzzkpVn7qIwGIM0R+iy+yHYOBRxwQNLaOxVv -HUFxSDsjYiRQDk9o/D+frVXavMAdDw0h/MkaZ+B3SfUWKrmruDpI5bsTln9LkWkv -/0lHAmYftfygRDpnLwR2EWQOSZf52pAoMRm9qWkDs6qqTnByr5ci7szubsmzF2oq -SxMUxiVwZV622wEn12v8hmEgBolaxs/QhOuu+nTJZvBfrN11xNd0Ga15o5aHOo8D -pY53wJI0xl44gezlCxEnnfejEV7Xy5NFuQG/aXe7Sg0ekByO64B13wqKUZ2dlVWZ -Ag0EUq5ohAEQALVSmFfAyoIBqs9Qf9mw4WyVpt5NU7akOTlic73p/6uBkHvECsE5 -J5CTsH3SKpInzn9zvY4Cfg5di9PreB8J5ekmzkzt6ZeQ+w1BZZKO732Vb4CpI2aN -haGZGUtEaXQ47uAjCPvvp0he9ww0WXNI+PTQ3bECqMxuOWdXafZpsATmCrpWmo+8 -VdXJ+tVr+5qWiANWZ/qHa3hF2mJ+rypMewcVTfGkLP5Pr90ZYoZDjZlB9NoucMyN -OgCyZjQDJ6+QhtfqJlW3Ma9qdik9xZbhfREM9ymp8U1mTrjfEjiWxn5jYSv1i7lL -/zHSXL62aYiiRoTTDBt1S7vjRhNmMJ6yuhhaJGDnO5DbF8rEmhXkT4SH61jAYMmf -od9aFGCe51FHC+4njnO1hW0q6UrDxBCl3ZJNatxBAMlpFaacyihf88BNOMIETEH1 -2TPfwOu6+TsiQcy2wiqWQA5Ax2xfV3dOi/oETZcOMgbTMXEt24kZtXBz/qshz3lP -TnmPfoTPQeuPF2lMY44fFGowrmb1+UVtrHG0OdLvDvtarNbseMWsPRV5PHa+eOMa -pyEcRCl8OkU7NvwtMWGBiJ3JE1R+VBjflYs7Ms1X6lXd5DcmDXVQXB6VI0up9B+4 -VEZz7NzCQ2MeHnI++b2h1HUEh+onqwoY8Zu081ejsRExHKlbJHPTOLS3ABEBAAG0 -KEZlZG9yYSBFUEVMICg3KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjgEEwEC -ACIFAlKuaIQCGw8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEGovrqI1LGTl -x8YP/iymqmxOO0MzuqnK0oscqu5m2+5aKq3lF+9P3DD0ZRQUxnhlkZfidReDj2qL -EMtrJZHx10b+zmTI6LcLS5f/qKfNpjJGD4GHvRuuopQrXgXUGus+Lb15op8b4a4w -W1d0EbZrs60+bDfK4qar0Sm/oHSY/oTkpJ29JFKola0ZwDrBFL/APNckQ0enmt70 -iybcJjJ2nLQYtEDnCjh88Hm4t1SEsRQO+HYor/98yONrejQv5I3Pw3RoNnKfkDEJ -T1EHcQdxN5wWCjLm6ZGP30Fmt5tHU077iAGuK8h928Ph8k180EdfCFIf0AIYI28e -ddWMdAX2IdYCkqREh6HwWvafl218kQXtIRfwZtfsVuxajb2RcytWA2oc3IOd8AFW -g+5uBB20lkmRVkCRoesy7wDK3BPrZDh42qYkjVpZtlA0jmNZipzpEq4Irr8X32q2 -EVP2Ak7Xv7JG4vpS/b++DNVHVEZ3BUsrCVSMY8CNh+WkJDBYwABLGK/24/Jg8dwS -tKttEbTCMh8BHe+6zU5I7HfFkdmlcV+ZBOwM/vNVE4vNX3xHcnAUDEnj/Gp443i8 -I8VTo6xPeVZDzDuKXmiFj3nCa6N+vqWTz2QTMl05PNyfsMFtSu7fcJAwYpncS+1G -OwLsUNsvTXurFL5lUD8caTJ+K7hymBXxVSduqXl4Bn7UuXoP -=PJUG +mQINBFturGcBEACv0xBo91V2n0uEC2vh69ywCiSyvUgN/AQH8EZpCVtM7NyjKgKm +bbY4G3R0M3ir1xXmvUDvK0493/qOiFrjkplvzXFTGpPTi0ypqGgxc5d0ohRA1M75 +L+0AIlXoOgHQ358/c4uO8X0JAA1NYxCkAW1KSJgFJ3RjukrfqSHWthS1d4o8fhHy +KJKEnirE5hHqB50dafXrBfgZdaOs3C6ppRIePFe2o4vUEapMTCHFw0woQR8Ah4/R +n7Z9G9Ln+0Cinmy0nbIDiZJ+pgLAXCOWBfDUzcOjDGKvcpoZharA07c0q1/5ojzO +4F0Fh4g/BUmtrASwHfcIbjHyCSr1j/3Iz883iy07gJY5Yhiuaqmp0o0f9fgHkG53 +2xCU1owmACqaIBNQMukvXRDtB2GJMuKa/asTZDP6R5re+iXs7+s9ohcRRAKGyAyc +YKIQKcaA+6M8T7/G+TPHZX6HJWqJJiYB+EC2ERblpvq9TPlLguEWcmvjbVc31nyq +SDoO3ncFWKFmVsbQPTbP+pKUmlLfJwtb5XqxNR5GEXSwVv4I7IqBmJz1MmRafnBZ +g0FJUtH668GnldO20XbnSVBr820F5SISMXVwCXDXEvGwwiB8Lt8PvqzXnGIFDAu3 +DlQI5sxSqpPVWSyw08ppKT2Tpmy8adiBotLfaCFl2VTHwOae48X2dMPBvQARAQAB +tDFGZWRvcmEgKDMwKSA8ZmVkb3JhLTMwLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v +cmc+iQI4BBMBAgAiBQJbbqxnAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK +CRDvPBEfz8ZZudTnD/9170LL3nyTVUCFmBjT9wZ4gYnpwtKVPa/pKnxbbS+Bmmac +g9TrT9pZbqOHrNJLiZ3Zx1Hp+8uxr3Lo6kbYwImLhkOEDrf4aP17HfQ6VYFbQZI8 +f79OFxWJ7si9+3gfzeh9UYFEqOQfzIjLWFyfnas0OnV/P+RMQ1Zr+vPRqO7AR2va +N9wg+Xl7157dhXPCGYnGMNSoxCbpRs0JNlzvJMuAea5nTTznRaJZtK/xKsqLn51D +K07k9MHVFXakOH8QtMCUglbwfTfIpO5YRq5imxlWbqsYWVQy1WGJFyW6hWC0+RcJ +Ox5zGtOfi4/dN+xJ+ibnbyvy/il7Qm+vyFhCYqIPyS5m2UVJUuao3eApE38k78/o +8aQOTnFQZ+U1Sw+6woFTxjqRQBXlQm2+7Bt3bqGATg4sXXWPbmwdL87Ic+mxn/ml +SMfQux/5k6iAu1kQhwkO2YJn9eII6HIPkW+2m5N1JsUyJQe4cbtZE5Yh3TRA0dm7 ++zoBRfCXkOW4krchbgww/ptVmzMMP7GINJdROrJnsGl5FVeid9qHzV7aZycWSma7 +CxBYB1J8HCbty5NjtD6XMYRrMLxXugvX6Q4NPPH+2NKjzX4SIDejS6JjgrP3KA3O +pMuo7ZHMfveBngv8yP+ZD/1sS6l+dfExvdaJdOdgFCnp4p3gPbw5+Lv70HrMjJkC +DQRcat0DARAA1IRnwnz9Yo4oIAblW0f6QQ0ljAt01m3wvKbe34WZGK4pc31lDH07 +IpD8pkq4knDjVz+gzcmea+7YKyFXVayb0SKiBUTtJrn6fR8n1igzv/wrcqezkM2M +OjVbYTv2lqchXyaY+rOImbGBqn/YAclfG6wQfL/IxLArVTo9QVN2zGy5DLESPflo +i4w2Mr6KajQULiHvKIMUsaWHW1M+vo8c374UaAc1nYyE3f/xo3fdJJKwTjFpDi06 +jtd9zg9VjE9PBuTbkOCoY2LFb0mwaX3ZE3Dbj/IAT/S8QkA3PntXgIWfeYN6pFy3 +ihCvY/hfsLhvzqxAMQbLHAsV0VAd/EB+ghXt1MRqEjJwYvoxIYnLnaPiLaRTsu6z +2mMkYeD5ruEB3AvN2zY6fDSOs0x6wZlbj6pMTJ9OxjAEGr/XswV4+rpqk1+HFHbC +VGryayd7u609JYQXYhq0Pcz2y9O7tip/jlzwAt3Skn+xvE78DQHa8vXrBkqYt/Gm +tZskGFWbwJbCAZGzd329cLwyROXM1Yc8EO+1dreuo8XoNKPf9jmVR9wqMw9mY79v +Cx7lv450B7bENH1MkGEZh8TRFZFtdBhjO30MMc6cRRUtTv9lxJ3zLu8gR2bIC0qI +31HLdBYS4RDf4PyCDV/WQla8yufw3tuwjY2BNXIGA/5U5kNEso3ylcMAEQEAAbQx +RmVkb3JhICgzMSkgPGZlZG9yYS0zMS1wcmltYXJ5QGZlZG9yYXByb2plY3Qub3Jn +PokCPgQTAQIAKAIbDwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AFAlxq5E0FCRLP +D/0ACgkQUMs5CzwzWcQZgw//dCBcAHxXEKuRDZe/6NgmEPZNmnUx21eUaCDlgv6P +SOf27Z9cvFg4TzlDZrIG1Kkas+rK5VaZYPi5KSI+uz1SwwcKVWwiQvKNX87XdjK8 +lanb7uetllYVKKyCPolu536g9Mr+eZx/W/yUdapaFGvC6XisPOCYL8RecFX8kYnd +VoyNAwZNrWhUeMQn1OU29utn23RY+YgfcbJD+6DXktvfknw45Z8m7ZRaKq/VAJ2N +br4QT5Bpo+OUiZKXz/i/pBmF1WlHdvTP6vz7eOl9Sg76+mdJfG0lBJN833DXY7hI +bRwakstVDzwIpBl9UOcBnbu0e/pr/wEanyOjguOIqaDjDStQIruvrJWz2KYcF4oI +Us/cmLhtBHVre2pHykdEdOCrno+C1y1nMU0eJfFw804WIDz9IPs9F0CawJFYYkq8 +yAngtytRj0olLTQMUky/qlloML0MgDzaD1fzmJmPsFMVJygmaRFj5C+/ZYegjGyc +f85azjM0bpks2jpylvQDpYr4h+EY/PTpg4nwRLENAnsHRzfZcuoOGRSSRmFyeR02 ++Y3QbrUwt7Q37x/Ge3bVynQuIqiQiMY+vfF5/FI1Xn2UNp27+Xl3GS3x7b2zQU07 +9b7wVeBu2ohymEUo+x5sYSwWQvGP55hQHpjqDmA6UeXlJj5kmxWsqC30bBV5ghy7 +O3OZAg0EXVFWqwEQANYwGpi/8bWvg/DKI9AJ+Dl9cUZdXUUJnfaoyL2AtRO/UJfu +tjIfgieP3eiJz6W3WRDSRAKQg07BBzM6SbpcOQR6SYyseScmkUvCtMrgBLbxtgXZ +GMsz5An90ZcMw9iw/S2Qu+jFoev1ZNGrz0D4CY41xQBAgwmDcnFcABp8GLZSzNRQ +Q8hTfkzK58W3Z493WT/qFUA7xLZVPvZPFdJjsdrhfYnSkbNupDoOrcBXOiCyegiL +T0Dt9i61hk9VUAQZFSpq+XS2HwvK5lKEBJnfwJ0AcEy9ZXhtVmCF3/ANXl6/ctdQ +TSiK0sCo1J6IMneCspY3q/Sp1TSXdhrrSy6AAF3fFoT5E57yQMLLdaYBo7nVDzzR +kDaJc5MkU5uqQFM/2P35l5D4o0TxIGiIfUTJsq0FTwebKBm+7xkLVMpTIvmDAZQm +3y96uDLkHDdDtq/nbSw0YPdwhavh8EBVjB0GhlPxFyydTU8/rs2Y4YVzBIUn8umI +4wKlnUgG+M4LsrIoRljb/reSNbveYHs4c53XwEe0ZWQDdAB1WVxK6V7/PrxU4DLp +uKETqZ3E/bwPgg2y2zzDrKvgb7doQg3y7SpFCrrpGLmY5dPKV74425218aDdT2WC +JyDPqhWTXtFPSNX24vorjWwZnWwf/rJNdApqB0BivfDWLHYvjomDML7/7pJLABEB +AAG0MUZlZG9yYSAoMzIpIDxmZWRvcmEtMzItcHJpbWFyeUBmZWRvcmFwcm9qZWN0 +Lm9yZz6JAjgEEwECACIFAl1RVqsCGw8GCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheA +AAoJEGwTAm0SyUTQt0AP/Ap0Ay1/Ovs7bLTr+w4+etvcPf1jYNdsHzLSISZF0Evb +0Grlu3HCYCRrsllElUXE+w5WpnooBGNLT+gIGYlzSMJEA0UK0zhSNUdNKzGsl+4+ +R6W+uU0T21xHo4JGm6P89mBRrf2KJ8X8VNR8OCHhD3XGJCgup8HE4nOtq9Aegr1X +Osw1M67onqXjN4bNj+hyPoOlP7l91Q7/ceAYU2I1g8LoZXN6IDcABVHSwLIYQ26q +p2DBTFXcEiG3TkzlZx2/GDVT3HkjfKOQtDD6J29fil69OIKH3/S77iDzRxP/bULG +x3Hv4NUdp7BdsXztBAhw4CKeDRLlATruva49XGZbL/npMpSoOjI/xI2xXraVPaO6 +2yMt683FSTLTXWDnDdtzrVR5p4quu6sV1Gz5HAFWRea2qb+LqDRlNZnJYY7qAl34 +dYCpjU1iKrj5wy80tq2YDaw6gKxE2YT2rqMz8RJWBofyFKnwZwu7O33+vg9lkaXk +K9R6V06IPbbW7yvO4eYuzh2yDAkn2mAtPRxQCw6lsw8jQmkYg9DZIbrIrsuY7ocU +7FsCTPsgZS3SDLUzM9PIG+cH5aAPUj4hBdewluE/n5353eY6eqx3qgMz+CsoHOuG +hR6g1p1z27OOoqU6uat0hHcHPfxJKJaV17l+7rE+ol2YZlE2Ne1zImVtI9UMiWjH +mQINBEvSKUIBEADLGnUj24ZVKW7liFN/JA5CgtzlNnKs7sBg7fVbNWryiE3URbn1 +JXvrdwHtkKyY96/ifZ1Ld3lE2gOF61bGZ2CWwJNee76Sp9Z+isP8RQXbG5jwj/4B +M9HK7phktqFVJ8VbY2jfTjcfxRvGM8YBwXF8hx0CDZURAjvf1xRSQJ7iAo58qcHn +XtxOAvQmAbR9z6Q/h/D+Y/PhoIJp1OV4VNHCbCs9M7HUVBpgC53PDcTUQuwcgeY6 +pQgo9eT1eLNSZVrJ5Bctivl1UcD6P6CIGkkeT2gNhqindRPngUXGXW7Qzoefe+fV +QqJSm7Tq2q9oqVZ46J964waCRItRySpuW5dxZO34WM6wsw2BP2MlACbH4l3luqtp +Xo3Bvfnk+HAFH3HcMuwdaulxv7zYKXCfNoSfgrpEfo2Ex4Im/I3WdtwME/Gbnwdq +3VJzgAxLVFhczDHwNkjmIdPAlNJ9/ixRjip4dgZtW8VcBCrNoL+LhDrIfjvnLdRu +vBHy9P3sCF7FZycaHlMWP6RiLtHnEMGcbZ8QpQHi2dReU1wyr9QgguGU+jqSXYar +1yEcsdRGasppNIZ8+Qawbm/a4doT10TEtPArhSoHlwbvqTDYjtfV92lC/2iwgO6g +YgG9XrO4V8dV39Ffm7oLFfvTbg5mv4Q/E6AWo/gkjmtxkculbyAvjFtYAQARAQAB +tCFFUEVMICg2KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAjYEEwECACAFAkvS +KUICGw8GCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRA7Sd8qBgi4lR/GD/wLGPv9 +qO39eyb9NlrwfKdUEo1tHxKdrhNz+XYrO4yVDTBZRPSuvL2yaoeSIhQOKhNPfEgT +9mdsbsgcfmoHxmGVcn+lbheWsSvcgrXuz0gLt8TGGKGGROAoLXpuUsb1HNtKEOwP +Q4z1uQ2nOz5hLRyDOV0I2LwYV8BjGIjBKUMFEUxFTsL7XOZkrAg/WbTH2PW3hrfS +WtcRA7EYonI3B80d39ffws7SmyKbS5PmZjqOPuTvV2F0tMhKIhncBwoojWZPExft +HpKhzKVh8fdDO/3P1y1Fk3Cin8UbCO9MWMFNR27fVzCANlEPljsHA+3Ez4F7uboF +p0OOEov4Yyi4BEbgqZnthTG4ub9nyiupIZ3ckPHr3nVcDUGcL6lQD/nkmNVIeLYP +x1uHPOSlWfuojAYgzRH6LL7Idg4FHHBA0to7FW8dQXFIOyNiJFAOT2j8P5+tVdq8 +wB0PDSH8yRpn4HdJ9RYquau4OkjluxOWf0uRaS//SUcCZh+1/KBEOmcvBHYRZA5J +l/nakCgxGb2paQOzqqpOcHKvlyLuzO5uybMXaipLExTGJXBlXrbbASfXa/yGYSAG +iVrGz9CE6676dMlm8F+s3XXE13QZrXmjloc6jwOljnfAkjTGXjiB7OULESed96MR +XtfLk0W5Ab9pd7tKDR6QHI7rgHXfCopRnZ2VVZkCDQRSrmiEARAAtVKYV8DKggGq +z1B/2bDhbJWm3k1TtqQ5OWJzven/q4GQe8QKwTknkJOwfdIqkifOf3O9jgJ+Dl2L +0+t4Hwnl6SbOTO3pl5D7DUFlko7vfZVvgKkjZo2FoZkZS0RpdDju4CMI+++nSF73 +DDRZc0j49NDdsQKozG45Z1dp9mmwBOYKulaaj7xV1cn61Wv7mpaIA1Zn+odreEXa +Yn6vKkx7BxVN8aQs/k+v3RlihkONmUH02i5wzI06ALJmNAMnr5CG1+omVbcxr2p2 +KT3FluF9EQz3KanxTWZOuN8SOJbGfmNhK/WLuUv/MdJcvrZpiKJGhNMMG3VLu+NG +E2YwnrK6GFokYOc7kNsXysSaFeRPhIfrWMBgyZ+h31oUYJ7nUUcL7ieOc7WFbSrp +SsPEEKXdkk1q3EEAyWkVppzKKF/zwE04wgRMQfXZM9/A67r5OyJBzLbCKpZADkDH +bF9Xd06L+gRNlw4yBtMxcS3biRm1cHP+qyHPeU9OeY9+hM9B648XaUxjjh8UajCu +ZvX5RW2scbQ50u8O+1qs1ux4xaw9FXk8dr544xqnIRxEKXw6RTs2/C0xYYGInckT +VH5UGN+VizsyzVfqVd3kNyYNdVBcHpUjS6n0H7hURnPs3MJDYx4ecj75vaHUdQSH +6ierChjxm7TzV6OxETEcqVskc9M4tLcAEQEAAbQoRmVkb3JhIEVQRUwgKDcpIDxl +cGVsQGZlZG9yYXByb2plY3Qub3JnPokCOAQTAQIAIgUCUq5ohAIbDwYLCQgHAwIG +FQgCCQoLBBYCAwECHgECF4AACgkQai+uojUsZOXHxg/+LKaqbE47QzO6qcrSixyq +7mbb7loqreUX70/cMPRlFBTGeGWRl+J1F4OPaosQy2slkfHXRv7OZMjotwtLl/+o +p82mMkYPgYe9G66ilCteBdQa6z4tvXminxvhrjBbV3QRtmuzrT5sN8ripqvRKb+g +dJj+hOSknb0kUqiVrRnAOsEUv8A81yRDR6ea3vSLJtwmMnactBi0QOcKOHzwebi3 +VISxFA74diiv/3zI42t6NC/kjc/DdGg2cp+QMQlPUQdxB3E3nBYKMubpkY/fQWa3 +m0dTTvuIAa4ryH3bw+HyTXzQR18IUh/QAhgjbx511Yx0BfYh1gKSpESHofBa9p+X +bXyRBe0hF/Bm1+xW7FqNvZFzK1YDahzcg53wAVaD7m4EHbSWSZFWQJGh6zLvAMrc +E+tkOHjapiSNWlm2UDSOY1mKnOkSrgiuvxffarYRU/YCTte/skbi+lL9v74M1UdU +RncFSysJVIxjwI2H5aQkMFjAAEsYr/bj8mDx3BK0q20RtMIyHwEd77rNTkjsd8WR +2aVxX5kE7Az+81UTi81ffEdycBQMSeP8anjjeLwjxVOjrE95VkPMO4peaIWPecJr +o36+pZPPZBMyXTk83J+wwW1K7t9wkDBimdxL7UY7AuxQ2y9Ne6sUvmVQPxxpMn4r +uHKYFfFVJ26peXgGftS5eg+ZAg0EXPfO+wEQAMk4ghaWUa53Gem8meTFDPYK2hYj +uCh1WehyWt2XzeRWOpJCn7Z2DG4bmZSIANR9gdpFDPErDx5+5CfDHNT2RnvSeALG +2ZtBYaZSZ9JOGJqk7PTTTXz56jkwVpt3a92IajXL7nWbaxEOk3yp0JqpeSjrlzIy +4teuiMkci69ED/HuKo6tF/JrzHc7ELg8SCXmmAOc/ylUrSUtidwMRAI3voP25uFl +BaEhIX/Mkj57zTpXvWHN/Iv8y3eZCb+WL6VEpTblSyT11Zp/g0f/Bkcwg8CRUni4 +Pgf+5Lj3CpafKJNgZPuFRuJ5wXtyuEsKaVHO8lHyaRE/r/hP8Xe00M9Zl4M0QNUV +SRMUc1Tr+Hb47f3ww1j986HIpo0reecTSDpAnV04ffWVccBGWkU61a3dWZlTQmdY +t5h29qngR9/2pNZkmEjsKrRabwOAtSleA2WSaq68Ts/ZbkQCvYTkCopCgNt/D8aJ +Z1G8dYp40YxEucYjdC6hfdSkCVcPu/XdV1nE3J2+l7Klt/8B9HKsdEqGRSPdxTWl +iQzcM1kTvsLklR7r/SfFu3gRNRkFOAuBgkY/xzs9uRWc7oj8qAvWPD7sxboDPw7H +5FdkvIYxWZtb9MxzyFol8osyhSjdNWTyc+JSGg4LT+QjuP2KUWsHEFTl1S0XghMB +ZzzGcbqMmz8iy9GlABEBAAG0KEZlZG9yYSBFUEVMICg4KSA8ZXBlbEBmZWRvcmFw +cm9qZWN0Lm9yZz6JAjgEEwECACIFAlz3zvsCGw8GCwkIBwMCBhUIAgkKCwQWAgMB +Ah4BAheAAAoJECHqRasvhtahZqAP/jGctbCzfgYHJUNCSOmuTR9fsjKGmb9TsGwg +cqykcsv5jjq8AAZj/28y90TR9yv0STZmnvMTVFaZILPPNSBMboEWhMbUfgWGj/tn +wFcr+PJujBdJl+pedM5+FIVqXAN3CVIm99g1X0xvK9vE3yplFTXPs8RZmsjMUMNO +gVGTRHvXMemc9M0gnn9hdPA2pT07EgjyExCPi58XXXTjQAlBntuvevN6uXIE4H4l +3XNI9WsA+l4zImmlYUdIMAhYrrH5qbXdUgide2oH8LPgYEcsUrl3b8hiylXDjtKi +WPyOIUS2cCrr7UCrlYfeIHhsTZ7rPTQNIX3d+vA7JY3taY8ihzZCw1EmGB8kL6Kw +ZADDCrzEBscQF67IwbwZmPPGiGDQfhs5IS6NUtOMfXFsAbgOeFY7/VVctf4tcQvJ +w7xlBNyOP/gBAq6jjC8w+u/0DXr2gRMb5XBCU13vhUE8YK+GfPAZc1tMr8ofX5ZE +fRhJv7jV+UHc0qExJTp0YjRIa0jENIeFVU2bHb/peJP1T/OetmwbkrDychtsXP70 +wZRRaAkyx3VmX1HyDPtX1+mfsvvLkuEnwc4Iyxj9nv/sdSz638DUwjiDtDmDlS5J +l2CLTPG6SJa4KQt4CIA/jLvMorg6Mnrjg0NxYIdrfrOfBWaTPeLEvxDRq5HXk6qr +YGNH9/KimQINBFvrElgBEACjNft3anFHNzwHW6dzxGinWEzFin3xBUjhre7e23Dg +DRIceDtePOqXGnIN5yGGH4VZrEGHfjTPoCcrRSpM75ryPLa3Pi0UHXRso/OkO2ta ++VaQRlwU2WAYqd3g/eck+x7MZHuKKyfyxDSUywuJumWhIqeJLyG/J9e1riHwaxYw +tLDvHCAtK4osoJ6GZDx95Rr4El/N5CtZBlIzRQUJMo695MIxeKA6RmlQVp8mGPQm +20Hveo0kBsLYFJxTW4D+KnwpQr2mJLsEQnCgKcr8TF5hDowz8+o3wdUrfteiVfkd +X64kXJm85jaR/K0ubnv96iTxoeh2Wf2jNAn3EjKhPzEeYFI2gCm2tzwUEzSuOjtr +x7FqDp7/iJRANmKQJ9KzhCT5JLkeS5do8d196xiI79Zlx8ISQRvCNuu1Or7idwvI +gHy/+BCyPUARv430YvXU4d01FVKTlNrbRsq91SVojek4UXkAk9oh4d3Y/AQF1DLs +4nK1vBukwWIKwcfVA/RidSqXofx6pahTPvguTkAARhMEJPLtbQBzD5kqkdgdP/6s +7ziTwGkGO8iF0TvkCwMXWXHl1B/m6b3h/wWOIFNfAZ0FxZmmD5UhytjVjhdI7jiy +Zf6JjNupVCVx1eqMGZfm3jkZqzWOB9wrVrb6rtI25ZuoRQJ/idnXkxZmq4m1MCZb +CQARAQABtDVGZWRvcmEgKGlvdCAyMDE5KSA8ZmVkb3JhLWlvdC0yMDE5QGZlZG9y +YXByb2plY3Qub3JnPokCPgQTAQIAKAUCW+sSWAIbDwUJEw5BKAYLCQgHAwIGFQgC +CQoLBBYCAwECHgECF4AACgkQe7kHItu9z3xs8Q/9HqL76vo5xZjl78USwgX7t2f8 +Aa6sqD6OIV4V9KPCaNeqP8OF6LqYFxkv3GX3FMHGPHVKOBLQ6LvuGozcnnpZ3ypq +6ChAy2L4W7ytFggpluArxSN5jmHoOXO51wPDPCSjd4rRi1+XnMDiA3VIk0vTcGHU +K13JgvzuUrIbFYhVwwCn8Rt0GvCWVLyvKRbykN3xgFmromREKdDCUymYS/u4hXw5 +xQt2AE9IgX9puLlGH5AdbJumMipcaI9erH/KVoBvtAHA5ozkL0PDocRaWA/W+i8r +XEeI8TJBA7Q/Xb/L12aIOCzeyEKGP911iR3/99UGMgfswKvF4WT4KdAV2VZoPizu +0Am2MUYhoexdnHY6GtU1UKcWt2hW7HmGBCZVdVpUF3W/gebe+ahLPT9UhqNTin2v +w7MxMKy2uWPZri76R165F3TP434dZLNfkNa1rdtQrRaD1Be9/hAQthYWKoCFowbM +LAr1BgzkUs97arxBTzqkr9GTCy5CX+nObIbwkrFYugRfA4bSzNFSpCo71cudqNwK +JEw65lF90+T5ma7lM6ZwijH1A9pYeGQS0eUOrV/0VTsxXQOyS6Mcfper+dkOpypZ +dSnJGzid9HPUSUdjI94wtRYInrcD09v5OnJcoxUDVVjVhH4FIqKVYstucn/LB67n +nn+55uTOKdm729ex0UI= +=FHrh -----END PGP PUBLIC KEY BLOCK----- diff --git a/initrd/etc/distro/keys/tails.key b/initrd/etc/distro/keys/tails.key index b43b9a543..dae415b93 100644 --- a/initrd/etc/distro/keys/tails.key +++ b/initrd/etc/distro/keys/tails.key @@ -12,34 +12,34 @@ zXSl42yg3EEsJlijBSR3wsIJ3+sWvQPMBdjgN0RjvoyI+zI7BeP8LC6ngz3GC8JS D5B8XNUYV32tlCs1ILdUPUF1BbxH2sWxysbpl9RvOG56JArSG2k+KlihXH5fmNiC NMWZ5vBShQ+bpBXh55fu3F7axequpWzocRfH+mfvBh5yvZnjDRGC3UZ06CFWN6JP 8wDFR+o8ZHSsq0Gx/2mIXVsJT6h0mF92Q1iqH2SQhFeRL3M+RcED6Bx33QARAQAB -tEJUYWlscyBkZXZlbG9wZXJzIChvZmZsaW5lIGxvbmctdGVybSBpZGVudGl0eSBr -ZXkpIDx0YWlsc0Bib3VtLm9yZz6JAlQEEwEKAD4CGwEFCwkIBwMFFQoJCAsFFgID -AQACHgECF4AWIQSkkND00xGkFT4rt8rbuAKyWKzYTwUCW4f3egUJCV4TZAAKCRDb -uAKyWKzYTy6iEACJ2vlgJLNN/IYTH1b3rBwRJDreicvOnOYjo8E1fWhsMv+ATs3G -0KgxOz6FzwERqmdbYAf+J39k+uQ8s+bBSgZ2J8YTQnF0unlrVQwCCxWOB2jpBUj+ -yhmFrtP3pcDYf42OFO3TjidIGzOwweYsavRFi66otgCtdCCp6NczLUNasBFlWGeT -QET9RSzhYlJypPTh2WJqTohn1eXqKesWao9B25JlTKosSWgc9v25fBslMZvWpb+V -cm/ePHcDz/8iiUBxZYCTYzmxHfS+j2gSZaphEEC2i5ftJzaRAOQ5JaRYHbpuoOhL -L4lEzGD5vEYg8mSUCUEJlx+fAUviJJ8fQR74mosdU1/7z2CeMzBbccQfhmq4wD0R -89YKmQUrLy+BTB8IqWCBco6Ht8AahIFMUK/ZjquOaPEPQU3iVPhuHv/hOE4mFWNC -/+GKzRnVv3mmZ49BG5tjjPlukJ6N9gV+3xTnjTseZAWGhySuk8+F66+OYHGnFUv+ -/fA9AqQOnNGVVhUpmIpC+V9xw5h6hr72V8zQ9gBdmFHGJjx2ua3AFItQgrJK05JV -64yApq9BjmqMlFfDmcbjNyq4/HY/ibLhzlswofJAwOy5Up3Y3EGxe2fmDO9ktlEY -extaMjQNcgik+e+FbqPDEbxJQ3Z/F4gf4YziHlxN31CE46g53UO2CdRv9rQhVGFp -bHMgZGV2ZWxvcGVycyA8dGFpbHNAYm91bS5vcmc+iQJUBBMBCgA+AhsBBQsJCAcD -BRUKCQgLBRYCAwEAAh4BAheAFiEEpJDQ9NMRpBU+K7fK27gCslis2E8FAluH93MF -CQleE2QACgkQ27gCslis2E+R2Q/+JE4gEhi+e/EMnDRflMYjiCdwssr8ZovyoxWQ -6Cz1AsWuLmRzTIWlMjkfQxs+fAXK/+yys85jiXzzDJkiw13BXTESdWpe7WAZImNy -GLe7lA0A+UMfD52FIjjkcuestH/J1CadykACyARZCL7l2eqY2UZL+oLRH4uNAqK4 -YRs9dey2bEQsZk4fvbEGf5RxY3799AHtcucIkJIzZjiUWZcKtYAW8FrspBj0cX5T -Lyd298or61lQf1IixnHyD2dxy1yTx3SwWyxAF5YFFvwkvTrPiyQSQEhQyUcLzOs5 -v69zd09MOfR+atyxpeG/p6HnOtsAuCc/hvghvsYalGK8eq/Ods6h97xPb01UOCgZ -bcXcy798KZzu9MM1ZZIqz+M+SvCCpch/dKH8yyZUipR+dR8ABYA7noZFdyAwlTzk -PaHwBzJ7g3CuABH8KA2KpP8POIAgyVosxm7q/73NdoH0ngRlx5oTBwblNRNxjd4Z -+FhZsrqN+NVlOOOFQRMeI9SAsXFHEsvZnRUbEwoeroFUUymJfQm5okXz99EZY6pM -Wd79Tr3fLNuBM+sUc8yx/wX31NwQRCrW+RwZj5TfKHTt99M9EIiLlSqUz6Gj5GYC -nf97bq4PqqF7/kGkkaNV+k/T4+mkvHW4IVyvuqhqna0E2WeoSRsSDq/pR0MGDyFZ -pP7t0hy5Ag0EVLvR7AEQAN/E325mECH9+a8jCu0yHu5s5GOT9MOjyChyAFuont9Y +tCFUYWlscyBkZXZlbG9wZXJzIDx0YWlsc0Bib3VtLm9yZz6JAlQEEwEKAD4CGwEF +CwkIBwMFFQoJCAsFFgIDAQACHgECF4AWIQSkkND00xGkFT4rt8rbuAKyWKzYTwUC +XZyG4AUJCsH5xgAKCRDbuAKyWKzYTwa3D/9JVmXlwcyi7F8/VpodUpjDlkJ+0aB4 +XPwunstpF6hq3v66JcCHcIvqXyEvp62pnmFgcANw88f05T+bl5bIOvR3+xlGGUlN +ybAAo7D9JfYbdOmlZSlQB+oxLD70ulGx9ZoC4smMrfOF7z/5zVtk+RRNKCemk2CG +dhAXCwI2OqGDurmAMBiPnrGKMrwInt9LzTLnVi3XmqNjGn10uOCUJLS2PZnIDvXW +KuevABfKbEIAFk2tYlhG27Yz3CL0luZmYzVuqFLn6Wa80NQ0RqDBiUHkvLi1T5f6 +R1QImtaTRB9GesAUhaoXrSNBSSJBcc8Xi4s6feathNcvvLG+GiYDGlJ/qoewVnzM +Ml1YOVBlKOXL6zNvL3mxRRYeV73w8+2jHozYaAhRWybAyybDH4AEzP0JVUe7zaNV +8F6kLgJ3f/vj18imNsSu2SRIKfUMEzQCN0/NBX8Cn8B5k99erYdd11P2oHPXK4qH +kYZrpknyXNqIURuDa45HgkIRAGToGer99R74iOdmMwO5RRjWqc8uAnUVaZD871xx +mF+ns9FXUEn2DcgX6l4Yvsl1QiWI2MR/G615b5Jkihyp5qptKteZnpVUasdSUIOI +93NKH/wEaHAHHiD78AjxZaQBTBVhOVFQvkXYteWZ2V+5PJBk7A67L8inFP1NoHdk +QnbURTdJEIrxJLRCVGFpbHMgZGV2ZWxvcGVycyAob2ZmbGluZSBsb25nLXRlcm0g +aWRlbnRpdHkga2V5KSA8dGFpbHNAYm91bS5vcmc+iQJUBBMBCgA+AhsBBQsJCAcD +BRUKCQgLBRYCAwEAAh4BAheAFiEEpJDQ9NMRpBU+K7fK27gCslis2E8FAl2chtUF +CQrB+cYACgkQ27gCslis2E8vkQ//Z+KpA+LY2xjy6SxAPLxLH30oGpYKPyA1ri0P +NmhGp/cj30iLr4aDXw/N4FM6XRILcce1pSxvaUbx+UGijm6KyDhcOmA309Vm2cEy +14Ik+89csjhfK+Q4kcZAhPEcQoVrM18JtKEDW61iEdkO8FxFKkkZiaui/uEyY22F +KpZQiJos9pyNMxb1bFKgWUKXgZBcSZSbE9Eo76jIIkra/4A8gww/nHcGdoBIcjSd +rAlLUzKF4k9Q3a2nN9UpAzUEoG6VaFVaM9ytgnpigHKuwQmk1EqnNPeynjjmSHxo +q3VAll8oaPO5yDFSM0XXIDypc7aXarzC1rCnZHEOMG4Zmi/SPO0SpdPDq9ZBT4hX +PmQrByRWMkHwxSm9Kcarcl4eCH08aY2akd98MpTByc1s8jO78Dqwpmw0BDR0vfZx +1J8E6+kou2+j3OXuXrPRwkT0/RnUdlM2/nsfWJQ7g6e+qfkZtGyA/etX0nfrutRr +DMtxncy6xHWRHyAEYJx5n/tD+zGzEEBNZ+zI2BX75hBvyF4UnVp4cyqe/6+0rrD7 +hcOSP4svAQXQdGHOcMiaiBFa+2AVzmtKvjX2YnaF0YfjD8Q5+9AqJKdkVWJhIJC2 +1OpXaaSzvQgUzUpmAlrn37vFZeeyCEbyL8Xjx6pSo2ckyNm2nrlXeF3YBlUWNfv3 +pGogBnK5Ag0EVLvR7AEQAN/E325mECH9+a8jCu0yHu5s5GOT9MOjyChyAFuont9Y KiUj+1f3Eu65rHmuGDAjAz6NZS9ONENzIcDvrKvTcQbtfggtQJ5ExUPt6n2X7xdN FW53KkonS+DjXwTQrr2vpnImb42XsNnZVBjaSzqpbxWF6rXWgTMeICWVuvkRfRab 8qNLh4ugPuC+dqVermt98uTf6eKa2sssBw4m36/sPXqoJ/TWahoCglob/uKbh3mr @@ -198,8 +198,8 @@ Z+0fex3DsVwXMdyMS78zfnm21bMpsgfJx7YZI1gFQXAKtVlEWPHajyjd2tCysYHy 1AnbehkHRIsYVqXV1AwF2bSN2rKf+nCTjvNgt5VNAiJGy4N+QuXFy5X4NdgMdYq7 vYT66IeZwlT9HV0wEB1jsX1y+50faxfn2YOPFpKXzNd7VOQDDx19J1IsNw2Q7gnr 4woqqJw+bLG7ClRuNfN861Dlxc52sH6rjdceiFsLKBj7T1mQFAUZB7TCMIvK2rry -lc5iXQARAQABiQRyBBgBCgAmAhsCFiEEpJDQ9NMRpBU+K7fK27gCslis2E8FAluH -+M8FCQR1mLkCQMF0IAQZAQoAHRYhBAVGn7herWWJtD1B09IdrTivKBwLBQJZpDyW +lc5iXQARAQABiQRyBBgBCgAmAhsCFiEEpJDQ9NMRpBU+K7fK27gCslis2E8FAl2c +hw4FCQXZffgCQMF0IAQZAQoAHRYhBAVGn7herWWJtD1B09IdrTivKBwLBQJZpDyW AAoJENIdrTivKBwLz48P/jgM5REXNkh4oW2GHC2ZfPMiupF11zTBKWuIrsjLzUhO IqMypbKDBAQfqV+TSal6RTvvZHQxYUxak4OK/TtjDL47XzHGQmzZbFndH42XVOua kD5dT2Sv+5oWNSZDz+Yk/1tg4aRCD1MqATPD7N2O8Y7+NFU2dtQLV2MPa/70K/Fm @@ -211,17 +211,17 @@ ghRuv6XsgjUz137gNkT2P+PNOBV19sTV3haz4i6gBr180xvvtOArwP1vTxnAa+Pm s9bJt6W60PO6kjWmDXnPykwq7fpmI7qgJ2svlqRcLN3GRLX3bc0jCpspUEWAiq2J QP3ejT2QmNF8GFCITQSB64Vb+aOBE3aifBjt82k+KSvy/P8gkPCc3fsxdYSgnesr k6EngA7vOM/x9unm3yPMctpT2kKav/xh0IYQdsyF6QX/ScKl3kvuRt3LTkx7nd/L -CRDbuAKyWKzYT7FlD/4m0ohmF5KffUQGW0L514b5uU1BkmhLv5kFEPPB3qxClfP/ -SzxdiiCyZHCSOqsGwepf3E+1X1KJEMt2Hv1XAAxLbfgyPv+uBrSjxqi1LWE8+2UB -W2zVAvGksKbzVn/GnGevKxknkvmxN9GEqiRTXdtMCNY/PtG1jISAYM9Li2TmL/IE -mmZlSHhxbaVfrIrsI5Sx20Xwp/WhQ5+ZDMLZEUQ9a1ptVsCHLgs/rJhyCfrZc8VT -KfTklb4dMWYg+8QdUO9YkzSdpwLulfVIYD3wIOZPKLzaxiXxP9lJWEiEuXvt+HAG -kWn1yeIBBqlBFRDF57EN58xPxNJ2Gq6RYW9vb3/h4GWpC6znoHeHYOwJAFPL7Jr3 -7G1YPlYEJWcprLoGsJpiHFixluopp+LVMmqoa6td2JRl4HIjsJy9Ocw/suVX+EXs -hgRfyKEkuODqayHeiP1Pof89/WvMqCC305LvBlT104CA3p4RqBho88tcJQDpVYib -FJOiuOTZn1NE8COo5Uu0j19R/amI4pLOrtfEDy63kaTVmfOrFkdGxDxikyt2DgXG -i41HNbWc0PiinSt5NGoR1oXyV4ouEYWuNEQe90hPtiuOXP5cHcekjUAgofhhtP06 -uUtwaDwLzno/gL/xChXWGboT58+c01lxBpis7grO3dW2siCtXC3HNat+WVn1gbkC +CRDbuAKyWKzYT4rbD/9nPA8b0jGyEJvdCv8y3W3CpgDV8WSs7JTlAojJ+m2826kL +fAmBbbsTSAY6DikZzbiU+il+m/sWUjTvtbmoirIwrbRhom+eQvXTC0IwOCBaqBO8 +lWfr/r2w0v9pypTuU2QzypJD59bf4ozV2+XPhpI3Jo8812/zpPQ2C9vxJzZLIzUb +kPw90uOedX9BIa3gQ5i9kdMrp09K0pa6JHQGr5+V4Q4yHZt0DjFFnU/mjmGr1Lt0 +wZ6D4S5OE+EOmQLHajqKBSklUaCJ/Q+f7BENnMSPvLL7rQmm8X7jE+jB8N27bV5y +qt+Wqdm2l0BJj/IwzWtXO2dZcPo6KYZ63V7J8NQY4pcyU80xjxHCgFtS1rCn7phX +HRFac+klAfTkord+CvsOTdWhO78nY2qlkHl/MErJzZQ2k4BLwgFbIudmOScg0N/g +JDQoPvCmv8WmxflsZx+ZRH1pDSwrB0trCIyzf6cA/t/7S8GhC1Ecd7GFmKr7CE5J +K44faVqQVH0iDYuI4ERBZ9kkf1qtsv9VDc51ghQn8wqe6yXKqyJc2DyOCQsP9AQM +L3+nziTPQ0Rj6AY/qpu+hVO0UDRXI8c/2JvM4LYJPMa24aSJSX0t+7Rl3tUagOle +1mpkxLGyf1jAZzXUgFvstI3iMzGB9sxQZzb4G1PaRMGjP5dhfupCkkPxSuXS9rkC DQRZpDyvARAAtfnSrtM7lNxN5FPfT0V8cUpXW5D3jhM6mC6NUSvKSDAeITNdQ5Rv o+k2GaN2dORrFSTRlBnGlF2DDpXY128zcvJakG3jadgGvAMflrpTDbFN52591u/+ JGbZ3rhTSKb0a+Vmo4MxDPKWF6ic69Ktk2NMze8pgJMpaqBSOqjWGnVpQw/eE/aO @@ -233,7 +233,7 @@ ef7D52q8Kt+DyfLSBjudGV0g7mRXEGDpJxBPhbkGJMwCoXTWlV5mPafpNIk1HR6i gC8ndBGxNk/yENfSGQpAHmVR9LzfXwFBdoDgUL1CzAu0iGfiRO62rGMlx0ZkUADL REpeLqZexYmQ3DJ1G/czh9f6aA1CDbD37kZ83St8GcDSFI+jvud5Dn7/zfOp+B61 Ykn3Zm5dHQ8BO07LbbqyAH+312aBlCWdsj8sIGF4KcxQSzuj1tuCLUUAEQEAAYkE -cgQYAQoAJgIbAhYhBKSQ0PTTEaQVPiu3ytu4ArJYrNhPBQJbh/jPBQkEdZigAkDB +cgQYAQoAJgIbAhYhBKSQ0PTTEaQVPiu3ytu4ArJYrNhPBQJdnIcPBQkF2X3fAkDB dCAEGQEKAB0WIQQvr5ug1luzcfC8LUYwIKepwrcnMwUCWaQ8rwAKCRAwIKepwrcn MxWKEACjpk4elL0hsOygwHaWilUwGIWnM/s8J/COeZ4aPJYL0uBRd4duvewHEf7c Ws9N/69HRY1m5o1wI/lBOKB32QXMaaLVXDuMkuXrZaNkT9D4WdCJ719izhkBQ45d @@ -245,34 +245,34 @@ Lvg07g/JA9p8+6lBlmMUkC7p4zihcUIoNXehfFsumReFea5qzQn7VWOQEYTNwtv/ FKV7kRBGctnHuOYgjmgKxIwmUO6ufA5grrE16peYhkRLeN4+m+pOG9swUwtvVdzS 7zY0Qq0qP5zWrh9P13znHb8zexd9DafgIGbP7lJqPP1Lh2/Kc676/SpyT+2A8teg sFdlc7yU0fHAOcbhOpMccXkYNGjqzAUnqY3K17Pi4JHHKM0xHYmRlZYWJ2fZb5IN -54EM0sGPZsOcIa1qg79qzjrY8ep0XJOLK3DMXKTjlWW+zxhZlAkQ27gCslis2E8X -AA/8CqeuxtsKzSosGloWVUkK7YrhwgMAMVxjdqCSetsO5oTB3OWAHAPlYoTaPcJh -69/Aixib6Ijs0sAf5nUlFRXeMON+gWo+52YW4HYf4+B87KUPye8XL8S9fsibxJ6V -rR5kRAoqxSUfpUhxUoNvaJhGD11SSCnMELxvpm86z1uAEkJH4cZ4vZtrdmD5gQNB -d9Xi58xV8Skzpu2W9PypFupM8K/9z/JfzAnm6HFAOVItAkv8S9sT0F5LGdS/G6Qc -SfDZGZUUSmNwy1+igCQdzReWkSFzzB2UJxX2Ap/b8gy7v8BLeP/VTG7BTZfKLrPv -i1V7Z0+w7iGW+tksP9ElK4cHSLMglcWoebY3DC9r98vBYmPTKHzB99LLcFnJHDJp -wqAUJIvw1NggjkFjNKSMQhJhuo1I4Rg+x/i8zPxcpCMCRol1vWC9Kts1cHDMwlrT -9v3W69gcOkVcfpD0MAE3xLCApR7C0Aky2BgWvQt00O38SCnOzdK/Thja61lSbPij -xmUL52K5d5v3WKKCo9vBCr/hqXwJxDApgn3YMLbndw0skmZ1sWKEGLJisYfrZTCQ -QmgBdN/C7RGf67XaXHjj966XOleBYI9QjciavBl0eX+nIJV1oSa41+/zLXYD90f0 -OPd1CpCoFgq+quk8lv6xlr8jsCLKZp8RNx7tj8UGBV9Bn0W4MwRZpCe2FgkrBgEE +54EM0sGPZsOcIa1qg79qzjrY8ep0XJOLK3DMXKTjlWW+zxhZlAkQ27gCslis2E+5 +hA/9FQDQu1N2EZl7FrrAdP9xO7y1ZUs33gys9eA7bY8ETMlDqchnEbnbqP25W2yO +bzrKtshVn44fWUGOwSmIDfVm0ATkuJgMReMTo3APfOHlV4HKlMZYMF7NufJs4f+0 +/DYCq2FN1ZscQmph8YKAsTFKxXWNw60ilfQoY/KxLbQ6YTw8rfd2FM0ZwjV1PbsF +7HR0FkZjbaJKry1vqtOS+cjs360t1rclm1KRMV9/yJJMow2VV+9FIhbZMowrfZI7 +Qx/Sx1pYNT07D9dBNeGSRnLWEubO/mb8s1Hzgty6CEf6qlEwdRMVELXaVJcf53CK +EqZe6uhVmTq7wrmbpnb/I0Wer6igL+aUvtkM46O8zVCT6T/mnsXyoCV6zmCPYM9R +ECEyRACx4Ik+ExjLnRLezYhOkl7uN3qTS5rxR2otbESgWNx9L85Iz75ahU0zas4F +R1cZ+YC2fCRAqmPveAidJbJ0ZJrx/JH09udX5LafUQIVkY6xmoE/9T8bIVSbDFwi +fig9OdP/OtaDJBS0BOfQ9QdlpIWe2owVZa9Aa54U2jjiupCGY0XB/LoNWe02WGUN +amnXegG+pHGGGt/atMAFAtsAJeXpLIddO3mQdbR25QgJ58fHtkX9y/FMT4bb3FII +Vfd4PMmQibGXEwi641+MtwlJ52QVZRmL+2XahXoqCx3hpPy4MwRZpCe2FgkrBgEE AdpHDwEBB0DtqAgreIYCHrjvjYlBdMOugNUQhW+E0ko4ynwSUi10l4kCswQYAQoA -JgIbAhYhBKSQ0PTTEaQVPiu3ytu4ArJYrNhPBQJbh/jPBQkEda2ZAIF2IAQZFgoA +JgIbAhYhBKSQ0PTTEaQVPiu3ytu4ArJYrNhPBQJdnIcPBQkF2ZLYAIF2IAQZFgoA HRYhBM1NQ1GvppM/V0qa+5CytL167SNfBQJZpCe2AAoJEJCytL167SNfLMcA/iHy x9wWfgOAHlRrf7lWpk5OF5BHNSrTqJay+OiAOJG2AP9PA+oPGmdr3WZpf6OcWc/U -vzu7VzEY4UorRPpt0sEKBgkQ27gCslis2E9pPxAAiCSmy+UOcnMzvtXQqczXPUys -OFmJBZI/AIxa67NtOWPHmbii2KA2YnoHxbXoUJVmq25EHjJQITjOhEM7GvDknkHq -Gq7+bcjvPTQURK/LL+5VEAfapUHHRrlEOJaUBhA5TXIHYMi6ND+IRG1o4e4ljLMp -oHyS4Nl8yqWmjr/mUWXUpw/D4K7+Xy9CCNA7PT7NLgtHp83sdLZ7DR1jUX1GTXNl -vEoILlFEtqSL/cp8nbIvnhPX6LmGoIq1Mh7UtdAp93b+JPDzobZBtRI73jPAxesm -b6Ipnju3jH6Pj6ig88OV9ah3eHmpplti0b/R41oq+JZONxs+e1Mp/T9/QGHH9L+n -j2uPdsFQ+x1FM2HeYjl68RLX1iP1TFUTlHBAIjKzVc1gFMO6mx2dsrhZR/4462/Z -lZg/EhtHK6lIIC0rsM2z5DY2jdvbKvNc24DVxFCtTy74/fuJWmClNVwLz/TstAUK -nVhTM33U/qUwelF63tPvYnna/Iq0NkAAB8UpcEuh0Vmzo/rSokeiuNStJp3eRVHN -PmIt58YVo+kTQSvNYAmXYEFjj4dmv1WaZbi4qdl8Eqq+Y9UXS5QO2GjDZs8+/NkA -fWIjjzHwa/blm0C03b5PkvzUv2qfkFHuYVYvlcEA7F0DyJcHcQlWthB6HEDTwx0L -8yYhRA/TeCS394jPwxe5Ag0EW4f3OwEQAL9qkAF7ImnL8bakmqQ640hqsh4SLjjF +vzu7VzEY4UorRPpt0sEKBgkQ27gCslis2E9AiA//XhNebVlk5rGxYXG/DfV2ulDI +YLAp4gkCD29msFRz57+QOYWnEwjA8cyICK3NHc1CfZFP03vJT0P/CDiZnljxFs9C +YstAjUMF8niiclOzyN7qAHSYQCmTWo88HUru7YhGo8tTSJj4D5gkvuXSgu7TW95M +ZhQnbUehy2H8Y1TbVTh7bv4cUw293RNN8nvoP/JO85u0rwOKwNsuqKjLVM7t6YxF +LW/ObS9CiIoAuPuwy/5zziRy78SfquQTkmrDVzndcurEJJEw51CZpVkOD1uhy3u5 +7/3h4AYeHSttEplRhbf37M/fFH2G0ASuRx2higAA0hEpgmo6oPk9CNWCQTZt/J90 +JzoXwa9xTQjjPP/TvGJ1EmUY6isnV5cQk3BCQaW5Bscp5yHIHe8n+TrJDI2CPzX1 +JFOTKx6eJ3aEROXR7lLBftcf3iP/pi5fcvbAuPkTXc2AJpBMXbPw1Q10v0Of7K/t +sj+FS3G0oPeSNaXNRmB5WDc1wqh3kA8sBgw1k7K6lO+stGQE2RgJFQIXmhyRn6Kr +XurlafdSlrXS30dn676Bus5p8yp2aho5AxkwJm76BSnczjMV1JBJqBJRZ52ntIzq +fW0Cl2qZ4S1SIxShW/vfgGBld0CdhPHpkpZP/jzInUucdZbYsBiLaLdnKFb8q6m2 +KRpjnPmgkok8w6gYDne5Ag0EW4f3OwEQAL9qkAF7ImnL8bakmqQ640hqsh4SLjjF E4XJb/VzXZmYJGbTDBDmNhQUpupyn2W6vJ7HRzW/cCOKZ4IpHxF3qoBYiLMQybjS cSEZcbvxBdhgxxWcPZXsdCnmq70+a3mUa1qODYjR8iAhyibDXZodPkpVSOCa1WSt opJ48EopahUBOkYwa3K/uM/SnCGvMV8iFbnVPfKA0VlJrbi/0jS2lbrOVSJTKxaI @@ -283,30 +283,30 @@ wWVoY0dq3HS0WH/BC4R9oT4euD/7177t8mLpCkFOiTPyn16cfgyubdRB6bXJMiNW jq1vMUNfceZnfR1tLdUEdKbgveIsR4VdNvVqBhwpRvzETa7ansTh9ifdPXIV5Cy+ Q5UJaguDGcHUGIE+QbGE52Wqu7s9MWiO904d4VUt6avJpF7g8Khvf+f6ccltIqS3 zQE+E5f74WmWsjEjGlpSpPo9rptYIGtCV11qyUfrEb1oYGCwn1y8TjqCE6oCkEaM -9n7dCClfYEv/ABEBAAGJBHIEGAEKACYWIQSkkND00xGkFT4rt8rbuAKyWKzYTwUC -W4f3OwIbAgUJApHcgAJACRDbuAKyWKzYT8F0IAQZAQoAHRYhBP4CnLSq1HiOHXgo -6Kiw9ORbG1DiBQJbh/c7AAoJEKiw9ORbG1DiPlsP/3SW95eFOmne+DNYROtGzPba -n3NCY2IkYMaZZgb2PvtnhRFTekCai/W0iemueOupPbNVdapkHADU+kO2RmnJshw+ -agKV/qDsWxldIaaTIiRIKv5yCDV3vNMFaZ/JcxTA7aLU+mWYNmWL0diIWVFqS62/ -1NTmpu2A0mwBNnNVChOH+R8AAgOIc5bc1cVaX6GTInbJMcuBFR3upziO0o4qSEEy -M6nQVNzM8Ejbi0k1OVtToF83oJ8n7ScaVxp8JGeHYXxLBQ/tzhIaM8KiIQo3Au75 -hmVwKTt2oA1swyZ4uBvttmk8DzduyoaCwmWjC556cGAhurDrB2e5Rs4CrzNbqQBa -WMpI/+92679l/Zg5Iw1mOU6qbidciLi70ZkZzbYUV7RXZU6XUKDo54WoEOR3jmGp -m5QTY7XSY5ZFPnAXt8So+YL/MrRC3ncwlKR2LRLa32pytTx3a/Ama8HWaySdnR7d -VQYljMZuNniD1FRjBiJXu/dvRKMyJQv2mU15m+/wAiwuKG70Q4CzkxRZFv/Y184U -57GVx7yiR5m5Og/VWRid2uno1Q+8XrXkyf5yYSEXaA0BUlmltRqiuMl4nEayKj7k -vP9AUVUkv5NbiFOuF7VRMi2hafiUfIowM9fTyV+tCBxk+/nx4O9pM60TSxo8TRQY -pNJ3jTN3WblMfOJ8vK2yXwcP/3EuXy+Wnc0oQ3B3X+riPohxPep6OX6NC6s80Y1N -7nHPP9BUlSTgNGxR4VoHzrRxuAgQeEM0faw0OjmXmaI9KqeJFU4RyMuZaGyOVzxg -jCOeJfxogkVmPpS7IHMOSWkagPaRymBXBZgNMxnLxMew1EnfngvMCV5tJQ1Uv0pP -sBnmdf1+TQnhZyaHUA3VYyC8lA9ZuQhtXzjuCdA4F5w9kIx27CnSAtyqNobyHGke -aB62qPobjIU1Ek7BGrvUDFXPTwr8SM4wbnmwky7eQ9UL6t++/I5d4QMzVp8WRW71 -2KeAgTmO3VGhJ1F1hFz5f2ENOQ/5nt0fvNBsDrigc6XouZDCkYY877TRCBvKr7gN -X5xCpLMRJecyezctAZSegySOWqv/ODmZ7r8Nmf9PMuWeAbGJktUPCHkcKkTT7IoX -cTtxyP5SJ6Pj5BArkX/RGt3RX0JWclqckJ1Lr5U7xFft79nXAmvVHahXJwYNFefv -/sJIGTDaAavQdiujiuxWemtqli3jjII0rrxKEb+WlqhWq4gK6epjixuiKEfyUbEZ -cBEB3KAiwLudRfKp7+7c9j/+Q6/JXdIJ0oCnI/tMndqdBHlWJUHMJGyutg91MfHd -qdDoafsIclj3n7qzixWlJ1iqcfnCK17cOhHGrI5JLz10irjz6hMu4LOUNGWeDO2O -zerI -=B0uR +9n7dCClfYEv/ABEBAAGJBHIEGAEKACYCGwIWIQSkkND00xGkFT4rt8rbuAKyWKzY +TwUCXZyHDwUJA/XDUwJAwXQgBBkBCgAdFiEE/gKctKrUeI4deCjoqLD05FsbUOIF +AluH9zsACgkQqLD05FsbUOI+Ww//dJb3l4U6ad74M1hE60bM9tqfc0JjYiRgxplm +BvY++2eFEVN6QJqL9bSJ6a5466k9s1V1qmQcANT6Q7ZGacmyHD5qApX+oOxbGV0h +ppMiJEgq/nIINXe80wVpn8lzFMDtotT6ZZg2ZYvR2IhZUWpLrb/U1Oam7YDSbAE2 +c1UKE4f5HwACA4hzltzVxVpfoZMidskxy4EVHe6nOI7SjipIQTIzqdBU3MzwSNuL +STU5W1OgXzegnyftJxpXGnwkZ4dhfEsFD+3OEhozwqIhCjcC7vmGZXApO3agDWzD +Jni4G+22aTwPN27KhoLCZaMLnnpwYCG6sOsHZ7lGzgKvM1upAFpYykj/73brv2X9 +mDkjDWY5TqpuJ1yIuLvRmRnNthRXtFdlTpdQoOjnhagQ5HeOYamblBNjtdJjlkU+ +cBe3xKj5gv8ytELedzCUpHYtEtrfanK1PHdr8CZrwdZrJJ2dHt1VBiWMxm42eIPU +VGMGIle7929EozIlC/aZTXmb7/ACLC4obvRDgLOTFFkW/9jXzhTnsZXHvKJHmbk6 +D9VZGJ3a6ejVD7xeteTJ/nJhIRdoDQFSWaW1GqK4yXicRrIqPuS8/0BRVSS/k1uI +U64XtVEyLaFp+JR8ijAz19PJX60IHGT7+fHg72kzrRNLGjxNFBik0neNM3dZuUx8 +4ny8rbIJENu4ArJYrNhP5GYP/AvzdcT6Z8F9qmH1y4WN3fjfqyJcL6rBMNUSQI4z +OhGXJV3NncONmu3gitfkwx8+GA0ieGR7DwS7wSZZRj331vnU67AKqDgxXegF0pfv +DxAuPH06hC9kYHIZJlP4tqvaJNTgUXwdGE88lihhEK6ZpJhj19IYLim72UbaPHWr +WJLKh1V+dUacCTrzvW/Y+U6hHX5gmMN4zXGoLwVQHynwh2yaCraiNcQnpYZCt95I ++xpO0dlF83rcsJab94hmxjmkZG3joih3bCzH+AoUzJ/LjcOjsaULiwgkfig+FE5i +N5OmaBXYRo+AZ8ujAldexvO0fHFawSd2DyU4igN35OVcZmulUoTegDaPDTvSStFO +1deWAP7BtkNFPPJ91BX+GhT6An6hTOI2GTfn45Rbk40n5nqYFqIRsF1p+PdxAGHJ +lu5Hsd37F1Yz7tmN0M/lK7IVsS25+E8ld/mwvuQYCreO0YuveV9HcyB+94GQ24MI +DsJQdNzHFIuxw1PktV33+YTu8qX05x3IgPrkRndq4u4BXRhtcONT52CoPQSlxiaD +QuUDwwJQVA2YHJxWFkSKkbUEOGAQZLm256uGToMMllaDM0jlmZVbP/Trwn/4D2JM +nmSMb56qXS5EANtrvBWB4dw70BHF01qnreMNkMmoF6YNf+8ru9L0V0TlAgaSKb9H +kP8+ +=KGfa -----END PGP PUBLIC KEY BLOCK----- diff --git a/initrd/etc/functions b/initrd/etc/functions index 453590b84..a5935f61c 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -136,8 +136,28 @@ confirm_gpg_card() # setup the USB so we can reach the GPG card enable_usb - gpg --card-status \ - || die "gpg card read failed" + echo -e "\nVerifying presence of GPG card...\n" + # ensure we don't exit without retrying + errexit=$(set -o | grep errexit | awk '{print $2}') + set +e + gpg --card-status > /dev/null + if [ $? -ne 0 ]; then + # prompt for reinsertion and try a second time + read -n1 -r -p \ + "Can't access GPG key; remove and reinsert, then press Enter to retry. " \ + ignored + # restore prev errexit state + if [ "$errexit" = "on" ]; then + set -e + fi + # retry card status + gpg --card-status > /dev/null \ + || die "gpg card read failed" + fi + # restore prev errexit state + if [ "$errexit" = "on" ]; then + set -e + fi } @@ -240,3 +260,89 @@ replace_config() { combine_configs() { cat /etc/config* > /tmp/config } + +update_checksums() +{ + # clear screen + printf "\033c" + # ensure /boot mounted + if ! grep -q /boot /proc/mounts ; then + mount -o ro /boot \ + || recovery "Unable to mount /boot" + fi + # remount RW + mount -o rw,remount /boot + ( + cd /boot + find ./ -type f ! -name '*kexec*' | xargs sha256sum > /boot/kexec_hashes.txt + if [ -e /boot/kexec_default_hashes.txt ]; then + DEFAULT_FILES=$(cat /boot/kexec_default_hashes.txt | cut -f3 -d ' ') + echo $DEFAULT_FILES | xargs sha256sum > /boot/kexec_default_hashes.txt + fi + ) + # Remove any package trigger log files + # We don't need them after the user decides to sign + rm -f /boot/kexec_package_trigger* + + # sign and auto-roll config counter + extparam= + if [ "$CONFIG_TPM" = "y" ]; then + extparam=-u + fi + if ! kexec-sign-config -p /boot $extparam ; then + echo "Failed to sign default config; press Enter to continue." + read + fi + + # switch back to ro mode + mount -o ro,remount /boot +} + +# detect and set /boot device +# mount /boot if successful +detect_boot_device() +{ + # unmount /boot to be safe + cd / && umount /boot 2>/dev/null + + # check $CONFIG_BOOT_DEV if set/valid + if [ -e "$CONFIG_BOOT_DEV" ]; then + if mount -o ro $CONFIG_BOOT_DEV /boot >/dev/null 2>&1; then + if ls -d /boot/grub* >/dev/null 2>&1; then + # CONFIG_BOOT_DEV is valid device and contains an installed OS + return 0 + fi + fi + fi + + # generate list of possible boot devices + fdisk -l | grep "Disk" | cut -f2 -d " " | cut -f1 -d ":" > /tmp/disklist + + # filter out extraneous options + > /tmp/boot_device_list + for i in `cat /tmp/disklist`; do + # remove block device from list if numeric partitions exist, since not bootable + DEV_NUM_PARTITIONS=$((`ls -1 $i* | wc -l`-1)) + if [ ${DEV_NUM_PARTITIONS} -eq 0 ]; then + echo $i >> /tmp/boot_device_list + else + ls $i* | tail -${DEV_NUM_PARTITIONS} >> /tmp/boot_device_list + fi + done + + # iterate thru possible options and check for grub dir + for i in `cat /tmp/boot_device_list`; do + umount /boot 2>/dev/null + if mount -o ro $i /boot >/dev/null 2>&1; then + if ls -d /boot/grub* >/dev/null 2>&1; then + CONFIG_BOOT_DEV="$i" + return 0 + fi + fi + done + + # no valid boot device found + echo "Unable to locate /boot files on any mounted disk" + umount /boot 2>/dev/null + return 1 +} diff --git a/initrd/etc/gui_functions b/initrd/etc/gui_functions new file mode 100755 index 000000000..efdc1384d --- /dev/null +++ b/initrd/etc/gui_functions @@ -0,0 +1,71 @@ +#!/bin/sh +# Shell functions for common operations using fbwhiptail + +mount_usb() +{ + # Unmount any previous USB device + if grep -q /media /proc/mounts ; then + umount /media || die "Unable to unmount /media" + fi + # Mount the USB boot device + mount-usb && USB_FAILED=0 || ( [ $? -eq 5 ] && exit 1 || USB_FAILED=1 ) + if [ $USB_FAILED -ne 0 ]; then + whiptail --title 'USB Drive Missing' \ + --msgbox "Insert your USB drive and press Enter to continue." 16 60 + mount-usb && USB_FAILED=0 || ( [ $? -eq 5 ] && exit 1 || USB_FAILED=1 ) + if [ $USB_FAILED -ne 0 ]; then + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: Mounting /media Failed' \ + --msgbox "Unable to mount USB device" 16 60 + exit 1 + fi + fi +} + +file_selector() +{ + FILE="" + FILE_LIST=$1 + MENU_MSG=${2:-"Choose the file"} + MENU_TITLE=${3:-"Select your File"} + + # create file menu options + if [ `cat "$FILE_LIST" | wc -l` -gt 0 ]; then + option="" + while [ -z "$option" ] + do + MENU_OPTIONS="" + n=0 + while read option + do + n=`expr $n + 1` + option=$(echo $option | tr " " "_") + MENU_OPTIONS="$MENU_OPTIONS $n ${option}" + done < $FILE_LIST + + MENU_OPTIONS="$MENU_OPTIONS a Abort" + whiptail --clear --title "${MENU_TITLE}" \ + --menu "${MENU_MSG} [1-$n, a to abort]:" 20 120 8 \ + -- $MENU_OPTIONS \ + 2>/tmp/whiptail || die "Aborting" + + option_index=$(cat /tmp/whiptail) + + if [ "$option_index" = "a" ]; then + option="a" + return + fi + + option=`head -n $option_index $FILE_LIST | tail -1` + if [ "$option" == "a" ]; then + return + fi + done + if [ -n "$option" ]; then + FILE=$option + fi + else + whiptail $CONFIG_ERROR_BG_COLOR --title 'ERROR: No Files Found' \ + --msgbox "No Files found matching the pattern. Aborting." 16 60 + exit 1 + fi +} diff --git a/initrd/etc/keylime-init b/initrd/etc/keylime-init deleted file mode 100755 index e0974e960..000000000 --- a/initrd/etc/keylime-init +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh -# Bring up the x230's NIC, get a DHCP address and invoke keylime - -insmod /lib/modules/e1000e.ko -udhcpc -n - -cd / -wget-measure.sh 6 http://192.168.1.5/keylime.tar.gz -tar xf keylime.tar.gz - -if [ ! -x /keylime-node ]; then - echo '!!!! Keylime overlay not found?' - tpm extend -ix 4 -ic "recovery" - exec /bin/ash -fi - -exec /keylime-node diff --git a/initrd/init b/initrd/init index fd79d6773..660e4dfea 100755 --- a/initrd/init +++ b/initrd/init @@ -16,7 +16,9 @@ mkdir /proc /sys /dev /tmp /boot /media 2>&- 1>&- mount /dev 2>/dev/ttyprintk mount /proc 2>/dev/ttyprintk mount /sys 2>/dev/ttyprintk -mount /sys/firmware/efi/efivars +if [ "$CONFIG_LINUXBOOT" = "y" ]; then + mount /sys/firmware/efi/efivars +fi # Setup the pty psudeo filesystem mkdir /dev/pts @@ -50,7 +52,7 @@ if [ "$CONFIG_LINUXBOOT" = "y" ]; then fi # Set GPG_TTY before calling gpg in key-init -export GPG_TTY=$(tty) +export GPG_TTY=/dev/console /bin/key-init @@ -62,6 +64,11 @@ if [ ! -z "$CONFIG_BOOT_RECOVERY_SERIAL" ]; then > "$CONFIG_BOOT_RECOVERY_SERIAL" 2>&1 & fi +# load USB modules for boards using a USB keyboard +if [ "$CONFIG_USB_KEYBOARD" = "y" ]; then + enable_usb +fi + # If the user has been holding down r, enter a recovery shell # otherwise immediately start the configured boot script. # We don't print a prompt, since this is a near instant timeout. @@ -85,14 +92,16 @@ fi combine_configs . /tmp/config +# export firmware version +export FW_VER=$(dmesg | grep 'DMI' | grep -o 'BIOS.*' | cut -f2- -d ' ') +# chop off date, since will always be epoch w/timeless builds +FW_VER=${FW_VER::-10} + # Add our boot devices into the /etc/fstab, if they are defined # in the configuration file. if [ ! -z "$CONFIG_BOOT_DEV" ]; then echo >> /etc/fstab "$CONFIG_BOOT_DEV /boot auto defaults,ro 0 0" fi -if [ ! -z "$CONFIG_USB_BOOT_DEV" ]; then - echo >> /etc/fstab "$CONFIG_USB_BOOT_DEV /media auto defaults,ro 0 0" -fi if [ ! -x "$CONFIG_BOOTSCRIPT" -a ! -x "$CONFIG_BOOTSCRIPT_NETWORK" ]; then recovery 'Boot script missing? Entering recovery shell' diff --git a/modules/coreboot b/modules/coreboot index b2dfec590..f9134dac7 100644 --- a/modules/coreboot +++ b/modules/coreboot @@ -1,22 +1,33 @@ modules-$(CONFIG_COREBOOT) += coreboot +ifeq "$(CONFIG_COREBOOT_VERSION)" "4.8.1" + coreboot_version := 4.8.1 + coreboot_hash := f0ddf4db0628c1fe1e8348c40084d9cbeb5771400c963fd419cda3995b69ad23 + coreboot-blobs_hash := 18aa509ae3af005a05d7b1e0b0246dc640249c14fc828f5144b6fd20bb10e295 +else ifeq "$(CONFIG_COREBOOT_VERSION)" "4.12" + coreboot_version := 4.12 + coreboot_hash := edcad000ee9b73183c396ea76155629b3d27c693e0f1ae83e3424c4d936e2be2 + coreboot-blobs_hash := 4735ee6850d55d1e65dee8b08cc9b28b8af00b42acf31365f5d9545406579104 + coreboot_depends := $(if $(CONFIG_PURISM_BLOBS), purism-blobs) +else + $(error "$(BOARD): does not specify coreboot version under CONFIG_COREBOOT_VERSION") +endif + #coreboot_version := git #coreboot_repo := https://github.com/osresearch/coreboot -coreboot_version := 4.8.1 coreboot_base_dir := coreboot-$(coreboot_version) coreboot_dir := $(coreboot_base_dir)/$(BOARD) coreboot_tar := coreboot-$(coreboot_version).tar.xz coreboot_url := https://www.coreboot.org/releases/$(coreboot_tar) -coreboot_hash := f0ddf4db0628c1fe1e8348c40084d9cbeb5771400c963fd419cda3995b69ad23 -# Coreboot builds are specialized on a per-target basis. +# coreboot builds are specialized on a per-target basis. # The builds are done in a per-target subdirectory CONFIG_COREBOOT_CONFIG ?= config/coreboot-$(BOARD).config # Ensure that touching the config file will force a rebuild $(build)/$(coreboot_dir)/.configured: $(CONFIG_COREBOOT_CONFIG) -EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches +EXTRA_FLAGS := -fdebug-prefix-map=$(pwd)=heads -gno-record-gcc-switches -Wno-error=packed-not-aligned coreboot_configure := \ mkdir -p "$(build)/$(coreboot_dir)" \ @@ -29,9 +40,18 @@ coreboot_configure := \ CFLAGS_x86_32="$(EXTRA_FLAGS)" \ CFLAGS_x86_64="$(EXTRA_FLAGS)" \ +COREBOOT_IASL="$(build)/$(coreboot_base_dir)/util/crossgcc/xgcc/bin/iasl" + +# coreboot is built with the 32-bit compiler; ideally we could use the same +# x86_64-linux-musl -m32 to build it, but this causes some link errors that need +# to be tracked down. +# CROSS="$(CROSS)" \ + coreboot_target := \ -C "$(build)/$(coreboot_base_dir)" \ obj="$(build)/$(coreboot_dir)" \ + CROSS="$(dir $(CROSS))i386-linux-musl-" \ + IASL="$(COREBOOT_IASL)" \ DOTCONFIG="$(build)/$(coreboot_dir)/.config" \ BUILD_TIMELESS=1 \ CFLAGS_x86_32="$(EXTRA_FLAGS)" \ @@ -39,36 +59,21 @@ coreboot_target := \ $(MAKE_JOBS) coreboot_output := coreboot.rom -coreboot_depend += linux initrd - -COREBOOT_XGCC_REL := $(coreboot_base_dir)/util/crossgcc/xgcc -COREBOOT_XGCC_PATH := $(build)/$(COREBOOT_XGCC_REL) -COREBOOT_XGCC := $(COREBOOT_XGCC_PATH)/bin/i386-elf-gcc - -# hack to force a build dependency on the cross compiler -coreboot-gcc $(build)/$(coreboot_dir)/.configured: $(COREBOOT_XGCC) +coreboot_depend += linux initrd $(musl_dep) -ifeq "$(TOOLCHAIN)" "" -# Force a rebuild of the entire coreboot toolchain -$(COREBOOT_XGCC): $(build)/$(coreboot_base_dir)/.canary - echo '******* Building crossgcc-i386 (this might take a while) ******' - $(MAKE) -C "$(build)/$(coreboot_base_dir)" CPUS=`nproc` crossgcc-i386 - #echo '******* Building crossgcc-arm (this might take a while) ******' - #$(MAKE) -C "$(build)/$(coreboot_base_dir)" crossgcc-arm +ifeq "$(CONFIG_COREBOOT_VERSION)" "4.8.1" +COREBOOT_TOOLCHAIN="" +$(COREBOOT_TOOLCHAIN): else -# Use the pre-build one from the external toolchain build -$(COREBOOT_XGCC): $(build)/$(coreboot_base_dir)/.canary - if [ ! -e "$(TOOLCHAIN)/build/$(COREBOOT_XGCC_REL)" ]; then \ - echo >&2 "ERROR: TOOLCHAIN=$(TOOLCHAIN) does not have coreboot" ; \ - exit 1 ; \ - fi - if [ ! -e "$(COREBOOT_XGCC_PATH)" ]; then \ - ln -s \ - "$(TOOLCHAIN)/build/$(COREBOOT_XGCC_REL)" \ - "$(COREBOOT_XGCC_PATH)" ; \ - fi +COREBOOT_TOOLCHAIN="$(build)/$(coreboot_base_dir)/.xcompile" +$(COREBOOT_TOOLCHAIN): $(build)/$(coreboot_base_dir)/.canary + $(MAKE) -C "$(build)/$(coreboot_base_dir)" CPUS=`nproc` crossgcc-i386 endif +$(build)/$(coreboot_dir)/.configured: $(COREBOOT_IASL) $(COREBOOT_TOOLCHAIN) +$(COREBOOT_IASL): $(build)/$(coreboot_base_dir)/.canary + $(MAKE) -C "$(build)/$(coreboot_base_dir)" CPUS=`nproc` iasl + # Force a rebuild if the inputs have changed $(build)/$(coreboot_dir)/.build: \ $(build)/$(BOARD)/bzImage \ @@ -108,9 +113,15 @@ modules-y += coreboot-blobs coreboot-blobs_version := $(coreboot_version) coreboot-blobs_tar := coreboot-blobs-$(coreboot-blobs_version).tar.xz -coreboot-blobs_dir := coreboot-$(coreboot-blobs_version)/3rdparty/blobs coreboot-blobs_url := https://www.coreboot.org/releases/$(coreboot-blobs_tar) -coreboot-blobs_hash := 18aa509ae3af005a05d7b1e0b0246dc640249c14fc828f5144b6fd20bb10e295 + +ifeq "$(CONFIG_COREBOOT_VERSION)" "4.8.1" + coreboot-blobs_tar_opt := --strip 3 + coreboot-blobs_dir := coreboot-$(coreboot-blobs_version)/3rdparty/blobs +else + coreboot-blobs_tar_opt := --strip 2 + coreboot-blobs_dir := coreboot-$(coreboot-blobs_version)/3rdparty +endif ## there is nothing to build for the blobs, this should be ## made easier to make happen diff --git a/modules/fbwhiptail b/modules/fbwhiptail index f54a62d82..1965ecc0f 100644 --- a/modules/fbwhiptail +++ b/modules/fbwhiptail @@ -2,9 +2,11 @@ modules-$(CONFIG_FBWHIPTAIL) += fbwhiptail fbwhiptail_depends := cairo $(musl_dep) -fbwhiptail_version := git -fbwhiptail_dir := fbwhiptail -fbwhiptail_repo := https://source.puri.sm/coreboot/fbwhiptail.git +fbwhiptail_version := e5001e925d5ac791d4cb8fb4cf9d3fb97cde3e51 +fbwhiptail_dir := fbwhiptail-$(fbwhiptail_version) +fbwhiptail_tar := fbwhiptail-master.tar.gz +fbwhiptail_url := https://source.puri.sm/coreboot/fbwhiptail/-/archive/$(fbwhiptail_version)/$(fbwhiptail_tar) +fbwhiptail_hash := 51f1a56541f73b70f370a676e170cb5ad71703f3b21d5b6668482cb9ebcf82e6 fbwhiptail_target := \ $(MAKE_JOBS) \ diff --git a/modules/flashrom b/modules/flashrom index 0a29b1846..1f6b1566c 100644 --- a/modules/flashrom +++ b/modules/flashrom @@ -5,11 +5,11 @@ flashrom_depends := pciutils $(musl_dep) #flashrom_version := git #flashrom_repo := https://github.com/osresearch/flashrom -flashrom_version := 1.0 +flashrom_version := v1.2 flashrom_dir := flashrom-$(flashrom_version) flashrom_tar := flashrom-$(flashrom_version).tar.bz2 flashrom_url := https://download.flashrom.org/releases/$(flashrom_tar) -flashrom_hash := 3702fa215ba5fb5af8e54c852d239899cfa1389194c1e51cb2a170c4dc9dee64 +flashrom_hash := e1f8d95881f5a4365dfe58776ce821dfcee0f138f75d0f44f8a3cd032d9ea42b flashrom_target := \ $(MAKE_JOBS) \ diff --git a/modules/hidapi b/modules/hidapi new file mode 100644 index 000000000..d62b4224f --- /dev/null +++ b/modules/hidapi @@ -0,0 +1,2 @@ +# empty placeholder file +# This submodule is defined in modules/hotp-verification diff --git a/modules/hotp-verification b/modules/hotp-verification new file mode 100644 index 000000000..d424f1b80 --- /dev/null +++ b/modules/hotp-verification @@ -0,0 +1,37 @@ +modules-$(CONFIG_HOTPKEY) += hotp-verification + +hotp-verification_depends := libusb $(musl_dep) + +hotp-verification_version := c0956cfa085bcfc2500c1085dad350a440ccbe40 +hotp-verification_dir := hotp-verification-$(hotp-verification_version) +hotp-verification_tar := nitrokey-hotp-verification-$(hotp-verification_version).tar.gz +hotp-verification_url := https://github.com/Nitrokey/nitrokey-hotp-verification/archive/$(hotp-verification_version).tar.gz +hotp-verification_hash := c06e9751bc45bf8e57ddb39f15352442eda07530f6fe0e8e1ed3e54274fc165f + +hotp-verification_target := \ + $(MAKE_JOBS) \ + $(CROSS_TOOLS) \ + +hotp-verification_output := \ + hotp_verification \ + hotp_initialize + +hotp-verification_configure := \ + INSTALL="$(INSTALL)" \ + CROSS="$(CROSS)" \ + $(CROSS_TOOLS) $(MAKE) LDFLAGS="$(INSTALL)/lib/libusb-1.0.so" GITVERSION="" LIBUSB_FLAGS="-I/usr/include/libusb-1.0" PKGCONFIG="" && $(MAKE) install INSTALL="$(INSTALL)" + +hotp-verification_depends += hidapi +modules-y += hidapi + +hidapi_version := e5ae0d30a523c565595bdfba3d5f2e9e1faf0bd0 +hidapi_dir := hotp-verification-$(hotp-verification_version)/hidapi +hidapi_tar := hidapi-$(hidapi_version).tar.xz +hidapi_url := https://github.com/Nitrokey/hidapi/archive/$(hidapi_version).tar.gz +hidapi_hash := acc2a5089a8917085c2b3ebe9446065a21c760ba7e13cb54917043c4122188e0 + + +## hidapi will be built as part of hotp-verification +## so nothing to do here (but need make to be happy) +hidapi_output := .built +hidapi_configure := echo -e 'all:\n\ttouch .built' > Makefile diff --git a/modules/kexec b/modules/kexec index d2311c218..18f27dcf0 100644 --- a/modules/kexec +++ b/modules/kexec @@ -1,10 +1,10 @@ modules-$(CONFIG_KEXEC) += kexec -kexec_version := 2.0.16 +kexec_version := 2.0.20 kexec_dir := kexec-tools-$(kexec_version) kexec_tar := kexec-tools-$(kexec_version).tar.gz kexec_url := https://kernel.org/pub/linux/utils/kernel/kexec/$(kexec_tar) -kexec_hash := cf17fc99bf77c9b39f06ee88ac0e86d0349c4a0c3f8214a3cc78eece872f6f3a +kexec_hash := cb16d79818e0c9de3bb3e33ede5677c34a1d28c646379c7ab44e0faa3eb57a16 kexec_configure := ./configure \ $(CROSS_TOOLS) \ diff --git a/modules/libgcrypt b/modules/libgcrypt index aa7e1ef8e..1ba82fceb 100644 --- a/modules/libgcrypt +++ b/modules/libgcrypt @@ -12,8 +12,7 @@ libgcrypt_configure := ./configure \ --disable-static \ --with-libgpg-error-prefix="$(INSTALL)" \ --disable-asm \ - --disable-nls \ - + libgcrypt_target := $(MAKE_JOBS) \ DESTDIR="$(INSTALL)" \ $(CROSS_TOOLS) \ diff --git a/modules/libpng b/modules/libpng index d6d9e6503..e5c3d7184 100644 --- a/modules/libpng +++ b/modules/libpng @@ -3,7 +3,7 @@ modules-$(CONFIG_CAIRO) += libpng libpng_version := 1.6.34 libpng_dir := libpng-$(libpng_version) libpng_tar := libpng-$(libpng_version).tar.gz -libpng_url := https://download.sourceforge.net/libpng/$(libpng_tar) +libpng_url := https://github.com/glennrp/libpng-releases/raw/master/$(libpng_tar) libpng_hash := 574623a4901a9969080ab4a2df9437026c8a87150dfd5c235e28c94b212964a7 libpng_configure := \ diff --git a/modules/libremkey-hotp-verification b/modules/libremkey-hotp-verification deleted file mode 100644 index c9b9d45ab..000000000 --- a/modules/libremkey-hotp-verification +++ /dev/null @@ -1,19 +0,0 @@ -modules-$(CONFIG_LIBREMKEY) += libremkey-hotp-verification - -libremkey-hotp-verification_depends := libusb $(musl_dep) - -libremkey-hotp-verification_version := git -libremkey-hotp-verification_dir := libremkey-hotp-verification -libremkey-hotp-verification_repo := --recursive https://github.com/Nitrokey/nitrokey-hotp-verification - -libremkey-hotp-verification_target := \ - $(MAKE_JOBS) \ - $(CROSS_TOOLS) \ - -libremkey-hotp-verification_output := \ - libremkey_hotp_verification \ - libremkey_hotp_initialize - -libremkey-hotp-verification_configure := \ - INSTALL="$(INSTALL)" \ - cmake -DCMAKE_TOOLCHAIN_FILE=./Toolchain-heads.cmake -DCMAKE_AR="$(CROSS)ar" . diff --git a/modules/linux b/modules/linux index f8817935b..101f54dac 100644 --- a/modules/linux +++ b/modules/linux @@ -1,6 +1,15 @@ modules-y += linux +ifeq "$(CONFIG_LINUX_VERSION)" "4.14.62" linux_version := 4.14.62 +linux_hash := 51ca4d7e8ee156dc0f19bc7768915cfae41dbb0b4f251e4fa8b178c5674c22ab +else ifeq "$(CONFIG_LINUX_VERSION)" "4.19.139" +linux_version := 4.19.139 +linux_hash := 9c4ebf21fe949f80fbcfbbd6e7fe181040d325e89475e230ab53ef01f9d55605 +else +$(error "$(BOARD): does not specify linux kernel version under CONFIG_LINUX_VERSION") +endif + linux_base_dir := linux-$(linux_version) # TODO: fixup the patch process @@ -15,12 +24,6 @@ linux_dir := $(linux_base_dir)/$(notdir $(basename $(linux_kconfig))) linux_tar := linux-$(linux_version).tar.xz linux_url := https://cdn.kernel.org/pub/linux/kernel/v4.x/$(linux_tar) -linux-4.9.38_hash := 76d789d87dd51d2fd58c095727171984fa4a992f5e25b9e3eb1e5fd5cd129074 -linux-4.9.80_hash := 9e2e83ccc0afc3f23340ed5e58a35d8c6300a7c58aa98ca913848de41226477b -linux-4.14.62_hash := 51ca4d7e8ee156dc0f19bc7768915cfae41dbb0b4f251e4fa8b178c5674c22ab - -linux_hash := $(linux-$(linux_version)_hash) - # Ensure that touching the config file will force a reconfig/rebuild $(build)/$(linux_dir)/.configured: $(linux_kconfig) diff --git a/modules/lvm2 b/modules/lvm2 index 91f0f53f0..e3005f1bd 100644 --- a/modules/lvm2 +++ b/modules/lvm2 @@ -1,7 +1,7 @@ modules-$(CONFIG_LVM2) += lvm2 lvm2_version := 2.02.168 -lvm2_dir := LVM2.$(lvm2_version) +lvm2_dir := lvm2.$(lvm2_version) lvm2_tar := LVM2.$(lvm2_version).tgz lvm2_url := https://mirrors.kernel.org/sourceware/lvm2/$(lvm2_tar) lvm2_hash := 23a3d1cddd41b3ef51812ebf83e9fa491f502fe74130d4263be327a91914660d diff --git a/modules/msrtools b/modules/msrtools new file mode 100644 index 000000000..8a9b6b5b2 --- /dev/null +++ b/modules/msrtools @@ -0,0 +1,27 @@ +modules-$(CONFIG_MSRTOOLS) += msrtools + +msrtools_depends := $(musl_dep) + +#msrtools_version := git +#msrtools_repo := https://github.com/osresearch/msr-tools + +msrtools_version := 572ef8a2b873eda15a322daa48861140a078b92c +msrtools_dir := msrtools-$(msrtools_version) +msrtools_tar := msr-tools-$(msrtools_version).tar.gz +#msrtools_url := https://github.com/intel/msr-tools/archive/msr-tools-$(msrtools_version).tar.gz +msrtools_url := https://github.com/osresearch/msr-tools/archive/$(msrtools_version).tar.gz +msrtools_hash := 80554790d0a404205fe215c9ae8d2de159e980ec23821d636f201f12550e6ac0 + +msrtools_target := \ + $(CROSS_TOOLS) \ + CFLAGS="-I$(INSTALL)/include" \ + LDFLAGS="-L$(INSTALL)/lib" \ + +msrtools_output := \ + wrmsr \ + rdmsr \ + cpuid \ + +msrtools_libraries := \ + +msrtools_configure := diff --git a/modules/musl b/modules/musl deleted file mode 100644 index eec76de34..000000000 --- a/modules/musl +++ /dev/null @@ -1,41 +0,0 @@ -CONFIG_MUSL ?= y -modules-$(CONFIG_MUSL) += musl - -musl_version := 1.1.15 -musl_dir := musl-$(musl_version) -musl_tar := musl-$(musl_version).tar.gz -musl_url := https://www.musl-libc.org/releases/$(musl_tar) -musl_hash := 97e447c7ee2a7f613186ec54a93054fe15469fe34d7d323080f7ef38f5ecb0fa - -musl_output := ../../install/bin/musl-gcc - -# -# Note that for syslibdir to be /lib the install will fail. -# this is unfortunate since it prevents the binaries from running -# and requires that we treat the rest of the build as a cross compile. -# -# That works, with some hacks... -# -musl_configure := ./configure \ - $(CROSS_TOOLS_NOCC) \ - CC="$(CROSS)gcc" \ - --prefix="$(INSTALL)" \ - --syslibdir="/lib" \ - --enable-gcc-wrapper \ - --enable-shared \ - -musl_target := \ - $(MAKE_JOBS) \ - $(CROSS_TOOLS_NOCC) \ - CC="$(CROSS)gcc" \ - install \ - -musl_libraries := \ - lib/libc.so \ - - -musl_depends := musl-cross - -# Fake a target so that musl will force a header install by the -# Linux kernel sources. -$(build)/$(musl_dir)/.build: $(INSTALL)/include/linux/limits.h diff --git a/modules/musl-cross b/modules/musl-cross index 199731859..f9cf79db0 100644 --- a/modules/musl-cross +++ b/modules/musl-cross @@ -1,5 +1,14 @@ +CONFIG_MUSL ?= y + ifeq "$(MUSL_CROSS_ONCE)" "" MUSL_CROSS_ONCE := 1 +modules-$(CONFIG_MUSL) += musl-cross + +musl-cross_version := 38e52db8358c043ae82b346a2e6e66bc86a53bc1 +musl-cross_dir := musl-cross-$(musl-cross_version) +musl-cross_url := https://github.com/richfelker/musl-cross-make/archive/$(musl-cross_version).tar.gz +musl-cross_tar := musl-cross-$(musl-cross_version).tar.gz +musl-cross_hash := b4b85d6d3ddab0f2b8650a53e775673f8c346fa2fb07d652a9880bd206ade100 ifneq "$(CROSS)" "" @@ -7,37 +16,47 @@ ifneq "$(CROSS)" "" # check that $(CROSS)gcc exists or else things just won't work ifneq "y" "$(shell [ -x '$(CROSS)gcc' ] && echo y)" $(error $(CROSS)gcc does not exist - can not build) +else +$(info Using $(CROSS)gcc) endif # The cross compiler has already been built, so the musl-cross target -# is a NOP. -#musl-cross.intermediate: +# is a NOP. We really don't need to check out this code tree, but it is easier +# if we have a target for it. +musl-cross_target := --version -musl-cross_dir := musl-cross-ext -$(build)/$(musl-cross_dir)/.build: - mkdir -p $(dir $@) - touch $@ +# Ask the compiler where to find its own libc.so +musl-cross_libraries := \ + $(shell $(CROSS)gcc --print-file-name=libc.so) \ else # Force a full build of the cross compiler +# have to build both x86_64 and i386 versions for coreboot -modules-y += musl-cross -musl-cross_version := git -musl-cross_dir := musl-cross-$(musl-cross_version) -musl-cross_repo := https://github.com/GregorR/musl-cross +musl-cross_configure := \ + /bin/echo -e >> Makefile 'both:' ; \ + /bin/echo -e >> Makefile '\t$$$$(MAKE) TARGET=x86_64-linux-musl install' ; \ + /bin/echo -e >> Makefile '\t$$$$(MAKE) TARGET=i386-linux-musl install' ; \ -CROSS_TOP := crossgcc/x86_64-linux-musl/bin/x86_64-musl-linux- -CROSS := $(build)/../$(CROSS_TOP) -musl-cross_output := ../../$(CROSS_TOP)gcc +CROSS_PATH ?= $(pwd)/crossgcc -musl-cross_configure := \ - /bin/echo -e > Makefile \ - '$(musl-cross_output):\n\tCC_BASE_PREFIX="$(pwd)/crossgcc" ./build.sh' +musl-cross_target := \ + OUTPUT="$(CROSS_PATH)" \ + MAKE="$(MAKE)" \ + both +CROSS := $(CROSS_PATH)/bin/x86_64-linux-musl- +musl-cross_libraries := $(CROSS_PATH)/x86_64-linux-musl/lib/libc.so endif -musl-cross_target := + +musl-cross_output := $(CROSS)gcc + +## Fake a target so that musl will force a header install by the +## Linux kernel sources. +$(build)/$(musl-cross_dir)/.build: $(INSTALL)/include/linux/limits.h + endif diff --git a/modules/purism-blobs b/modules/purism-blobs new file mode 100644 index 000000000..abac8a3e6 --- /dev/null +++ b/modules/purism-blobs @@ -0,0 +1,12 @@ +modules-$(CONFIG_PURISM_BLOBS) += purism-blobs + +purism-blobs_base_dir := coreboot-$(CONFIG_COREBOOT_VERSION)/3rdparty/purism-blobs +purism-blobs_version := f53d4074a81c70352d39839884caac20181274d1 +purism-blobs_tar := purism-blobs-${purism-blobs_version}.tar.gz +purism-blobs_tar_opt := --strip 1 +purism-blobs_url := https://source.puri.sm/coreboot/purism-blobs/-/archive/${purism-blobs_version}/${purism-blobs_tar} +purism-blobs_hash := f1abd419f085a6d519a2b9b141aee9900553aabf644f0fe1801618fb54157556 + +## there is nothing to be built +purism-blobs_output := .built +purism-blobs_configure := echo -e 'all:\n\ttouch .built' > Makefile diff --git a/modules/tpmtotp b/modules/tpmtotp index 792dd512c..433df8ceb 100644 --- a/modules/tpmtotp +++ b/modules/tpmtotp @@ -2,14 +2,14 @@ modules-$(CONFIG_TPMTOTP) += tpmtotp tpmtotp_depends := mbedtls qrencode $(musl_dep) -tpmtotp_version := git -tpmtotp_repo := https://github.com/osresearch/tpmtotp +#tpmtotp_version := git +#tpmtotp_repo := https://github.com/osresearch/tpmtotp -#tpmtotp_version := 0.3.0 +tpmtotp_version := 18b860fdcf5a55537c8395b891f2b2a5c24fc00a tpmtotp_dir := tpmtotp-$(tpmtotp_version) tpmtotp_tar := tpmtotp-$(tpmtotp_version).tar.gz -tpmtotp_url := https://github.com/osresearch/tpmtotp/archive/v$(tpmtotp_version).tar.gz -tpmtotp_hash := e8205aa3d19e536080f5974ed06ab9a88c4c3f37870c2f6a3a08a2f39302c22c +tpmtotp_url := https://github.com/osresearch/tpmtotp/archive/$(tpmtotp_version).tar.gz +tpmtotp_hash := 1082f2b0e4af833e04220dddedcc21a39eb39ee4dc5668bb010e7bcc795c606c tpmtotp_target := \ $(CROSS_TOOLS) \ diff --git a/patches/coreboot-4.12/0001-soc-cannonlake-me.c-Always-print-ME-status.patch b/patches/coreboot-4.12/0001-soc-cannonlake-me.c-Always-print-ME-status.patch new file mode 100644 index 000000000..e590a336f --- /dev/null +++ b/patches/coreboot-4.12/0001-soc-cannonlake-me.c-Always-print-ME-status.patch @@ -0,0 +1,31 @@ +From 32e60b698d33eec419bf0e4865ece7b86ea1355a Mon Sep 17 00:00:00 2001 +From: Matt DeVillier +Date: Fri, 19 Jun 2020 17:02:22 -0500 +Subject: [PATCH] soc/cannonlake/me.c: Always print ME status + +Print the ME status even if the CSE device is disabled, so +we know which disabled state it's in. + +Change-Id: I939333199aa699039fec727beb094e4eb2ad7149 +Signed-off-by: Matt DeVillier +--- + src/soc/intel/cannonlake/me.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/src/soc/intel/cannonlake/me.c b/src/soc/intel/cannonlake/me.c +index a51b702e6a..3fae0bf534 100644 +--- a/src/soc/intel/cannonlake/me.c ++++ b/src/soc/intel/cannonlake/me.c +@@ -103,9 +103,6 @@ void dump_me_status(void *unused) + union me_hfsts5 hfsts5; + union me_hfsts6 hfsts6; + +- if (!is_cse_enabled()) +- return; +- + hfsts1.data = me_read_config32(PCI_ME_HFSTS1); + hfsts2.raw = me_read_config32(PCI_ME_HFSTS2); + hfsts3.data = me_read_config32(PCI_ME_HFSTS3); +-- +2.20.1 + diff --git a/patches/coreboot-4.12/0002-mb-purism-librem_whl-Add-new-board-Librem-Mini-WHL-U.patch b/patches/coreboot-4.12/0002-mb-purism-librem_whl-Add-new-board-Librem-Mini-WHL-U.patch new file mode 100644 index 000000000..aa660945f --- /dev/null +++ b/patches/coreboot-4.12/0002-mb-purism-librem_whl-Add-new-board-Librem-Mini-WHL-U.patch @@ -0,0 +1,799 @@ +From fcb25d39b270cdd21da3748e2d8f578b405f9a82 Mon Sep 17 00:00:00 2001 +From: Matt DeVillier +Date: Fri, 26 Jun 2020 00:21:39 -0500 +Subject: [PATCH] mb/purism/librem_whl: Add new board Librem Mini (WHL-U) + +Add new librem_whl baseboard and Librem Mini variant + +Signed-off-by: Matt DeVillier +Change-Id: I36af42766f85eb17f86f6ec9b48b87125fb911e6 +--- + src/mainboard/purism/librem_whl/Kconfig | 61 +++++ + src/mainboard/purism/librem_whl/Kconfig.name | 3 + + src/mainboard/purism/librem_whl/Makefile.inc | 10 + + .../purism/librem_whl/acpi/mainboard.asl | 16 ++ + .../purism/librem_whl/board_info.txt | 8 + + src/mainboard/purism/librem_whl/devicetree.cb | 223 +++++++++++++++++ + src/mainboard/purism/librem_whl/dsdt.asl | 26 ++ + src/mainboard/purism/librem_whl/ramstage.c | 16 ++ + src/mainboard/purism/librem_whl/romstage.c | 52 ++++ + .../librem_whl/variants/librem_mini/gpio.c | 229 ++++++++++++++++++ + .../variants/librem_mini/hda_verb.c | 33 +++ + .../librem_mini/include/variant/gpio.h | 11 + + 13 files changed, 688 insertions(+) + create mode 100644 src/mainboard/purism/librem_whl/Kconfig + create mode 100644 src/mainboard/purism/librem_whl/Kconfig.name + create mode 100644 src/mainboard/purism/librem_whl/Makefile.inc + create mode 100644 src/mainboard/purism/librem_whl/acpi/mainboard.asl + create mode 100644 src/mainboard/purism/librem_whl/board_info.txt + create mode 100644 src/mainboard/purism/librem_whl/devicetree.cb + create mode 100644 src/mainboard/purism/librem_whl/dsdt.asl + create mode 100644 src/mainboard/purism/librem_whl/ramstage.c + create mode 100644 src/mainboard/purism/librem_whl/romstage.c + create mode 100644 src/mainboard/purism/librem_whl/variants/librem_mini/gpio.c + create mode 100644 src/mainboard/purism/librem_whl/variants/librem_mini/hda_verb.c + create mode 100644 src/mainboard/purism/librem_whl/variants/librem_mini/include/variant/gpio.h + +diff --git a/src/mainboard/purism/librem_whl/Kconfig b/src/mainboard/purism/librem_whl/Kconfig +new file mode 100644 +index 0000000000..f7662a0e72 +--- /dev/null ++++ b/src/mainboard/purism/librem_whl/Kconfig +@@ -0,0 +1,61 @@ ++config BOARD_PURISM_BASEBOARD_LIBREM_WHL ++ def_bool n ++ select BOARD_ROMSIZE_KB_16384 ++ select DRIVERS_GENERIC_CBFS_SERIAL ++ select HAVE_ACPI_RESUME ++ select HAVE_ACPI_TABLES ++ select INTEL_GMA_HAVE_VBT ++ select NO_UART_ON_SUPERIO ++ select SOC_INTEL_COMMON_BLOCK_HDA ++ select SOC_INTEL_COMMON_BLOCK_HDA_VERB ++ select SOC_INTEL_WHISKEYLAKE ++ select SPD_READ_BY_WORD ++ select USE_LEGACY_8254_TIMER ++ ++if BOARD_PURISM_BASEBOARD_LIBREM_WHL ++ ++config MAINBOARD_DIR ++ string ++ default "purism/librem_whl" ++ ++config MAINBOARD_FAMILY ++ string ++ default "Librem Mini" if BOARD_PURISM_LIBREM_MINI ++ ++config MAINBOARD_PART_NUMBER ++ string ++ default "Librem Mini" if BOARD_PURISM_LIBREM_MINI ++ ++config VARIANT_DIR ++ string ++ default "librem_mini" if BOARD_PURISM_LIBREM_MINI ++ ++config CBFS_SIZE ++ hex ++ default 0x800000 ++ ++config MAX_CPUS ++ int ++ default 8 ++ ++config DIMM_MAX ++ int ++ default 2 ++ ++config DIMM_SPD_SIZE ++ int ++ default 512 ++ ++config VGA_BIOS_ID ++ string ++ default "8086,3ea0" ++ ++config PXE_ROM_ID ++ string ++ default "10ec,8168" ++ ++# This platform has limited means to display POST codes ++config NO_POST ++ default y ++ ++endif +diff --git a/src/mainboard/purism/librem_whl/Kconfig.name b/src/mainboard/purism/librem_whl/Kconfig.name +new file mode 100644 +index 0000000000..41a4003102 +--- /dev/null ++++ b/src/mainboard/purism/librem_whl/Kconfig.name +@@ -0,0 +1,3 @@ ++config BOARD_PURISM_LIBREM_MINI ++ bool "Librem Mini" ++ select BOARD_PURISM_BASEBOARD_LIBREM_WHL +diff --git a/src/mainboard/purism/librem_whl/Makefile.inc b/src/mainboard/purism/librem_whl/Makefile.inc +new file mode 100644 +index 0000000000..c03db05423 +--- /dev/null ++++ b/src/mainboard/purism/librem_whl/Makefile.inc +@@ -0,0 +1,10 @@ ++## ++## ++## ++## SPDX-License-Identifier: GPL-2.0-only ++ ++ramstage-y += variants/$(VARIANT_DIR)/gpio.c ++ramstage-y += variants/$(VARIANT_DIR)/hda_verb.c ++ramstage-y += ramstage.c ++ ++CPPFLAGS_common += -I$(src)/mainboard/$(MAINBOARDDIR)/variants/$(VARIANT_DIR)/include +diff --git a/src/mainboard/purism/librem_whl/acpi/mainboard.asl b/src/mainboard/purism/librem_whl/acpi/mainboard.asl +new file mode 100644 +index 0000000000..999030d2e5 +--- /dev/null ++++ b/src/mainboard/purism/librem_whl/acpi/mainboard.asl +@@ -0,0 +1,16 @@ ++/* SPDX-License-Identifier: GPL-2.0-only */ ++ ++Scope (\_SB.PCI0.LPCB) { ++ ++ Device (AC) ++ { ++ Name (_HID, "ACPI0003") ++ Name (_PCL, Package () { LPCB }) ++ Name (ACFG, One) ++ ++ Method (_PSR, 0, NotSerialized) ++ { ++ Return (ACFG) ++ } ++ } ++} +diff --git a/src/mainboard/purism/librem_whl/board_info.txt b/src/mainboard/purism/librem_whl/board_info.txt +new file mode 100644 +index 0000000000..e72dcdf2b7 +--- /dev/null ++++ b/src/mainboard/purism/librem_whl/board_info.txt +@@ -0,0 +1,8 @@ ++Vendor name: Purism ++Board name: librem_whl ++Category: desktop ++Release year: 2020 ++ROM package: SOIC-8 ++ROM protocol: SPI ++ROM socketed: n ++Flashrom support: y +diff --git a/src/mainboard/purism/librem_whl/devicetree.cb b/src/mainboard/purism/librem_whl/devicetree.cb +new file mode 100644 +index 0000000000..e67d910322 +--- /dev/null ++++ b/src/mainboard/purism/librem_whl/devicetree.cb +@@ -0,0 +1,223 @@ ++chip soc/intel/cannonlake ++ # Lock Down ++ register "common_soc_config" = "{ ++ .chipset_lockdown = CHIPSET_LOCKDOWN_COREBOOT, ++ }" ++ ++ # Send an extra VR mailbox command for the PS4 exit issue ++ register "SendVrMbxCmd" = "2" ++ ++# ACPI (soc/intel/cannonlake/acpi.c) ++ # Disable s0ix ++ register "s0ix_enable" = "0" ++ ++ # PM Timer Enabled ++ register "PmTimerDisabled" = "0" ++ ++ # Disable DPTF ++ register "dptf_enable" = "0" ++ ++# CPU (soc/intel/cannonlake/cpu.c) ++ # Power limit ++ register "tdp_pl1_override" = "15" ++ register "tdp_pl2_override" = "25" ++ ++ # Enable "Intel Speed Shift Technology" ++ register "speed_shift_enable" = "1" ++ ++ # Enable Enhanced Intel SpeedStep ++ register "eist_enable" = "1" ++ ++# FSP Memory (soc/intel/cannonlake/romstage/fsp_params.c) ++ register "SaGv" = "SaGv_Enabled" ++ ++# FSP Silicon (soc/intel/cannonlake/fsp_params.c) ++ # Serial I/O ++ register "SerialIoDevMode" = "{ ++ [PchSerialIoIndexI2C0] = PchSerialIoDisabled, ++ [PchSerialIoIndexI2C1] = PchSerialIoDisabled, ++ [PchSerialIoIndexI2C2] = PchSerialIoDisabled, ++ [PchSerialIoIndexI2C3] = PchSerialIoDisabled, ++ [PchSerialIoIndexI2C4] = PchSerialIoDisabled, ++ [PchSerialIoIndexI2C5] = PchSerialIoDisabled, ++ [PchSerialIoIndexSPI0] = PchSerialIoDisabled, ++ [PchSerialIoIndexSPI1] = PchSerialIoDisabled, ++ [PchSerialIoIndexSPI2] = PchSerialIoDisabled, ++ [PchSerialIoIndexUART0] = PchSerialIoDisabled, ++ [PchSerialIoIndexUART1] = PchSerialIoDisabled, ++ [PchSerialIoIndexUART2] = PchSerialIoDisabled, ++ }" ++ ++ # SATA ++ register "SataMode" = "Sata_AHCI" ++ register "SataSalpSupport" = "0" ++ register "SataPortsEnable[0]" = "1" # 2.5" ++ register "SataPortsEnable[2]" = "1" # m.2 ++ register "SataPortsDevSlp[0]" = "0" ++ register "SataPortsDevSlp[2]" = "0" ++ ++ # Audio ++ register "PchHdaDspEnable" = "0" ++ register "PchHdaAudioLinkHda" = "1" ++ register "PchHdaAudioLinkDmic0" = "0" ++ register "PchHdaAudioLinkDmic1" = "0" ++ register "PchHdaAudioLinkSsp0" = "0" ++ register "PchHdaAudioLinkSsp1" = "0" ++ register "PchHdaAudioLinkSsp2" = "0" ++ register "PchHdaAudioLinkSndw1" = "0" ++ register "PchHdaAudioLinkSndw2" = "0" ++ register "PchHdaAudioLinkSndw3" = "0" ++ register "PchHdaAudioLinkSndw4" = "0" ++ ++ # USB ++ register "SsicPortEnable" = "0" ++ ++ # USB2 ++ register "usb2_ports[0]" = "USB2_PORT_MID(OC_SKIP)" # Type-A front left upper ++ register "usb2_ports[1]" = "USB2_PORT_MID(OC_SKIP)" # Type-A front left lower ++ register "usb2_ports[2]" = "USB2_PORT_MID(OC2)" # Type-A rear upper ++ register "usb2_ports[3]" = "USB2_PORT_MID(OC_SKIP)" # Type-A front right lower ++ register "usb2_ports[4]" = "USB2_PORT_MID(OC_SKIP)" # Type-A front right upper ++ register "usb2_ports[5]" = "USB2_PORT_TYPE_C(OC3)" # Type-C rear ++ register "usb2_ports[6]" = "USB2_PORT_MID(OC_SKIP)" # m.2-2230/Bluetooth ++ register "usb2_ports[7]" = "USB2_PORT_EMPTY" # NC ++ register "usb2_ports[8]" = "USB2_PORT_EMPTY" # NC ++ register "usb2_ports[9]" = "USB2_PORT_MID(OC2)" # Type-A rear lower ++ register "usb2_ports[10]" = "USB2_PORT_EMPTY" # NC ++ register "usb2_ports[11]" = "USB2_PORT_EMPTY" # NC ++ register "usb2_ports[12]" = "USB2_PORT_EMPTY" # NC ++ register "usb2_ports[13]" = "USB2_PORT_EMPTY" # NC ++ register "usb2_ports[14]" = "USB2_PORT_EMPTY" # NC ++ register "usb2_ports[15]" = "USB2_PORT_EMPTY" # NC ++ ++ # USB3 ++ register "usb3_ports[0]" = "USB3_PORT_DEFAULT(OC_SKIP)" # Type-A front left upper ++ register "usb3_ports[1]" = "USB3_PORT_DEFAULT(OC_SKIP)" # Type-A front left lower ++ register "usb3_ports[2]" = "USB3_PORT_EMPTY" # NC ++ register "usb3_ports[3]" = "USB3_PORT_DEFAULT(OC3)" # Type-C rear ++ register "usb3_ports[4]" = "USB3_PORT_DEFAULT(OC2)" # Type-A rear lower ++ register "usb3_ports[5]" = "USB3_PORT_DEFAULT(OC2)" # Type-A rear upper ++ register "usb3_ports[6]" = "USB3_PORT_EMPTY" # NC ++ register "usb3_ports[7]" = "USB3_PORT_EMPTY" # NC ++ register "usb3_ports[8]" = "USB3_PORT_EMPTY" # NC ++ register "usb3_ports[9]" = "USB3_PORT_EMPTY" # NC ++ ++ # All SRCCLKREQ pins mapped directly ++ register "PcieClkSrcClkReq[0]" = "0" ++ register "PcieClkSrcClkReq[1]" = "1" ++ register "PcieClkSrcClkReq[2]" = "2" ++ register "PcieClkSrcClkReq[3]" = "3" ++ register "PcieClkSrcClkReq[4]" = "4" ++ register "PcieClkSrcClkReq[5]" = "5" ++ ++ # Set all SRCCLKREQ pins as free-use ++ register "PcieClkSrcUsage[0]" = "0x80" ++ register "PcieClkSrcUsage[1]" = "0x80" ++ register "PcieClkSrcUsage[2]" = "0x80" ++ register "PcieClkSrcUsage[3]" = "0x80" ++ register "PcieClkSrcUsage[4]" = "0x80" ++ register "PcieClkSrcUsage[5]" = "0x80" ++ ++ # PCI Express Root Port #8 x1, Clock 2 (WLAN) ++ register "PcieRpEnable[7]" = "1" ++ register "PcieRpLtrEnable[7]" = "1" ++ ++ # PCI Express Root Port #10 x1, Clock 3 (LAN) ++ register "PcieRpEnable[9]" = "1" ++ register "PcieRpLtrEnable[9]" = "0" ++ ++ # PCI Express Root port #13 x4, Clock 1 (NVMe) ++ register "PcieRpEnable[12]" = "1" ++ register "PcieRpLtrEnable[12]" = "1" ++ ++ # Misc ++ register "Device4Enable" = "1" ++ # HECI must be enabled w/HAP disable else S3 issues ++ register "HeciEnabled" = "1" ++ register "Heci3Enabled" = "0" ++ register "AcousticNoiseMitigation" = "1" ++ register "satapwroptimize" = "1" ++ ++ # Power ++ register "PchPmSlpS3MinAssert" = "3" # 50ms ++ register "PchPmSlpS4MinAssert" = "1" # 1s ++ register "PchPmSlpSusMinAssert" = "2" # 500ms ++ register "PchPmSlpAMinAssert" = "4" # 2s ++ ++ # Thermal ++ register "tcc_offset" = "12" ++ ++ # Serial IRQ Mode ++ register "serirq_mode" = "SERIRQ_CONTINUOUS" ++ ++# PMC (soc/intel/cannonlake/pmc.c) ++ # Disable deep Sx states ++ register "deep_sx_config" = "0" ++ ++# PM Util (soc/intel/cannonlake/pmutil.c) ++ # GPE configuration ++ # Note that GPE events called out in ASL code rely on this ++ # route. i.e. If this route changes then the affected GPE ++ # offset bits also need to be changed. ++ # sudo devmem2 0xfe001920 (pmc_bar + GPIO_GPE_CFG) ++ register "gpe0_dw0" = "PMC_GPP_C" ++ register "gpe0_dw1" = "PMC_GPP_D" ++ register "gpe0_dw2" = "PMC_GPP_E" ++ ++# Actual device tree ++ device cpu_cluster 0 on ++ device lapic 0 on end ++ end ++ ++ device domain 0 on ++ device pci 00.0 on end # Host Bridge ++ device pci 02.0 on end # Integrated Graphics Device ++ device pci 04.0 on end # SA Thermal device ++ device pci 12.0 on end # Thermal Subsystem ++ device pci 13.0 off end # Integrated Sensor Hub ++ device pci 14.0 on end # USB xHCI ++ device pci 14.1 off end # USB xDCI (OTG) ++ device pci 15.0 off end # I2C #0 ++ device pci 15.1 off end # I2C #1 ++ device pci 15.2 off end # I2C #2 ++ device pci 15.3 off end # I2C #3 ++ device pci 16.0 off end # Management Engine Interface 1 ++ device pci 16.1 off end # Management Engine Interface 2 ++ device pci 16.2 off end # Management Engine IDE-R ++ device pci 16.3 off end # Management Engine KT Redirection ++ device pci 16.4 off end # Management Engine Interface 3 ++ device pci 16.5 off end # Management Engine Interface 4 ++ device pci 17.0 on end # SATA ++ device pci 19.0 off end # I2C #4 ++ device pci 19.1 off end # I2C #5 ++ device pci 19.2 off end # UART #2 ++ device pci 1a.0 off end # eMMC ++ device pci 1c.0 on end # PCI Express Port 1 ++ device pci 1c.1 off end # PCI Express Port 2 ++ device pci 1c.2 off end # PCI Express Port 3 ++ device pci 1c.3 off end # PCI Express Port 4 ++ device pci 1c.4 off end # PCI Express Port 5 ++ device pci 1c.5 off end # PCI Express Port 6 ++ device pci 1c.6 off end # PCI Express Port 7 ++ device pci 1c.7 on end # PCI Express Port 8 (WLAN) ++ device pci 1d.0 on end # PCI Express Port 9 ++ device pci 1d.1 on end # PCI Express Port 10 (LAN) ++ device pci 1d.2 off end # PCI Express Port 11 ++ device pci 1d.3 off end # PCI Express Port 12 ++ device pci 1d.4 on end # PCI Express Port 13 (NVMe) ++ device pci 1d.5 off end # PCI Express Port 14 ++ device pci 1d.6 off end # PCI Express Port 15 ++ device pci 1d.7 off end # PCI Express Port 16 ++ device pci 1e.0 off end # UART #0 ++ device pci 1e.1 off end # UART #1 ++ device pci 1e.2 off end # GSPI #0 ++ device pci 1e.3 off end # GSPI #1 ++ device pci 1f.0 on end # LPC Bridge ++ device pci 1f.1 off end # P2SB ++ device pci 1f.2 off end # Power Management Controller ++ device pci 1f.3 on end # Intel HDA ++ device pci 1f.4 on end # SMBus ++ device pci 1f.5 on end # PCH SPI ++ device pci 1f.6 off end # GbE ++ end ++end +diff --git a/src/mainboard/purism/librem_whl/dsdt.asl b/src/mainboard/purism/librem_whl/dsdt.asl +new file mode 100644 +index 0000000000..296be17b35 +--- /dev/null ++++ b/src/mainboard/purism/librem_whl/dsdt.asl +@@ -0,0 +1,26 @@ ++/* SPDX-License-Identifier: GPL-2.0-only */ ++ ++#include ++DefinitionBlock( ++ "dsdt.aml", ++ "DSDT", ++ 0x02, /* DSDT revision: ACPI v2.0 and up */ ++ OEM_ID, ++ ACPI_TABLE_CREATOR, ++ 0x20110725 /* OEM revision */ ++) ++{ ++ #include ++ #include ++ #include ++ ++ Device (\_SB.PCI0) ++ { ++ #include ++ #include ++ } ++ ++ #include ++ ++ #include "acpi/mainboard.asl" ++} +diff --git a/src/mainboard/purism/librem_whl/ramstage.c b/src/mainboard/purism/librem_whl/ramstage.c +new file mode 100644 +index 0000000000..3479c0d3ed +--- /dev/null ++++ b/src/mainboard/purism/librem_whl/ramstage.c +@@ -0,0 +1,16 @@ ++/* SPDX-License-Identifier: GPL-2.0-only */ ++ ++#include ++#include ++ ++void mainboard_silicon_init_params(FSP_S_CONFIG *params) ++{ ++ /* Configure pads prior to SiliconInit() in case there's any ++ * dependencies during hardware initialization. */ ++ size_t num_gpios; ++ const struct pad_config *gpio_table = variant_gpio_table(&num_gpios); ++ cnl_configure_pads(gpio_table, num_gpios); ++ ++ /* Limit SATA speed to 3Gbps */ ++ params->SataSpeedLimit = 2; ++} +diff --git a/src/mainboard/purism/librem_whl/romstage.c b/src/mainboard/purism/librem_whl/romstage.c +new file mode 100644 +index 0000000000..9f8d600950 +--- /dev/null ++++ b/src/mainboard/purism/librem_whl/romstage.c +@@ -0,0 +1,52 @@ ++/* SPDX-License-Identifier: GPL-2.0-only */ ++ ++#include ++#include ++ ++static const struct cnl_mb_cfg memcfg = { ++ ++ /* Parameters required to access SPD for CH0D0/CH0D1/CH1D0/CH1D1. */ ++ .spd[0] = { ++ .read_type = READ_SMBUS, ++ .spd_spec = {.spd_smbus_address = 0xa0}, ++ }, ++ .spd[1] = {.read_type = NOT_EXISTING}, ++ .spd[2] = { ++ .read_type = READ_SMBUS, ++ .spd_spec = {.spd_smbus_address = 0xa4}, ++ }, ++ .spd[3] = {.read_type = NOT_EXISTING}, ++ ++ /* ++ * Rcomp resistor values. These values represent the resistance in ++ * ohms of the three rcomp resistors attached to the DDR_COMP_0, ++ * DDR_COMP_1, and DDR_COMP_2 pins on the DRAM. ++ */ ++ .rcomp_resistor = { 121, 81, 100 }, ++ ++ /* Rcomp target values */ ++ .rcomp_targets = { 100, 40, 20, 20, 26 }, ++ ++ /* ++ * Indicates whether memory is interleaved. ++ * Set to 1 for an interleaved design, ++ * set to 0 for non-interleaved design. ++ */ ++ .dq_pins_interleaved = 1, ++ ++ /* ++ * VREF_CA configuration. ++ * Set to 0 VREF_CA goes to both CH_A and CH_B, ++ * set to 1 VREF_CA goes to CH_A and VREF_DQ_A goes to CH_B, ++ * set to 2 VREF_CA goes to CH_A and VREF_DQ_B goes to CH_B. ++ */ ++ .vref_ca_config = 2, ++ ++ /* Early Command Training */ ++ .ect = 0, ++}; ++ ++void mainboard_memory_init_params(FSPM_UPD *memupd) ++{ ++ cannonlake_memcfg_init(&memupd->FspmConfig, &memcfg); ++} +diff --git a/src/mainboard/purism/librem_whl/variants/librem_mini/gpio.c b/src/mainboard/purism/librem_whl/variants/librem_mini/gpio.c +new file mode 100644 +index 0000000000..a5b2dcafa3 +--- /dev/null ++++ b/src/mainboard/purism/librem_whl/variants/librem_mini/gpio.c +@@ -0,0 +1,229 @@ ++/* SPDX-License-Identifier: GPL-2.0-only */ ++ ++#include ++ ++/* Pad configuration in ramstage. */ ++static const struct pad_config gpio_table[] = { ++ ++/* ------- GPIO Group GPP_A ------- */ ++ ++_PAD_CFG_STRUCT(GPP_A0, 0x44000702, 0x0000), /* RCIN# */ ++_PAD_CFG_STRUCT(GPP_A1, 0x44000702, 0x3c00), /* LAD0 */ ++_PAD_CFG_STRUCT(GPP_A2, 0x44000702, 0x3c00), /* LAD1 */ ++_PAD_CFG_STRUCT(GPP_A3, 0x44000702, 0x3c00), /* LAD2 */ ++_PAD_CFG_STRUCT(GPP_A4, 0x44000702, 0x3c00), /* LAD3 */ ++_PAD_CFG_STRUCT(GPP_A5, 0x44000700, 0x0000), /* LFRAME# */ ++_PAD_CFG_STRUCT(GPP_A6, 0x44000700, 0x0000), /* SERIRQ */ ++_PAD_CFG_STRUCT(GPP_A7, 0x84000200, 0x0000), /* PIRQA# */ ++_PAD_CFG_STRUCT(GPP_A8, 0x44000700, 0x0000), /* CLKRUN# */ ++_PAD_CFG_STRUCT(GPP_A9, 0x44000700, 0x1000), /* CLKOUT_LPC0 */ ++_PAD_CFG_STRUCT(GPP_A10, 0x44000700, 0x1000), /* CLKOUT_LPC1 */ ++_PAD_CFG_STRUCT(GPP_A11, 0x40880201, 0x0000), /* PME# */ ++_PAD_CFG_STRUCT(GPP_A12, 0x84000201, 0x0000), /* BM_BUSY# */ ++_PAD_CFG_STRUCT(GPP_A13, 0x84000201, 0x0000), /* SUSWARN#/SUSPWRDNACK*/ ++_PAD_CFG_STRUCT(GPP_A14, 0x44000700, 0x0000), /* SUS_STAT# */ ++_PAD_CFG_STRUCT(GPP_A15, 0x84000201, 0x0000), /* SUSACK# */ ++_PAD_CFG_STRUCT(GPP_A16, 0x84000200, 0x3000), /* SD_1P8_SEL */ ++_PAD_CFG_STRUCT(GPP_A17, 0x84000201, 0x0000), /* SD_VDD1_PWR_EN# */ ++_PAD_CFG_STRUCT(GPP_A18, 0x44000300, 0x3000), /* ISH_GP0 */ ++_PAD_CFG_STRUCT(GPP_A19, 0x44000300, 0x3000), /* ISH_GP1 */ ++_PAD_CFG_STRUCT(GPP_A20, 0x44000300, 0x3000), /* ISH_GP2 */ ++_PAD_CFG_STRUCT(GPP_A21, 0x44000300, 0x3000), /* ISH_GP3 */ ++_PAD_CFG_STRUCT(GPP_A22, 0x44000300, 0x3000), /* ISH_GP4 */ ++_PAD_CFG_STRUCT(GPP_A23, 0x44000300, 0x3000), /* ISH_GP5 */ ++ ++/* ------- GPIO Group GPP_B ------- */ ++ ++_PAD_CFG_STRUCT(GPP_B0, 0x84000700, 0x0000), /* Reserved */ ++_PAD_CFG_STRUCT(GPP_B1, 0x84000700, 0x0000), /* Reserved */ ++_PAD_CFG_STRUCT(GPP_B2, 0x84000201, 0x0000), /* VRALERT# */ ++_PAD_CFG_STRUCT(GPP_B3, 0x84000201, 0x0000), /* CPU_GP2 */ ++_PAD_CFG_STRUCT(GPP_B4, 0x84000201, 0x0000), /* CPU_GP3 */ ++_PAD_CFG_STRUCT(GPP_B5, 0x44000300, 0x0000), /* SRCCLKREQ0# */ ++_PAD_CFG_STRUCT(GPP_B6, 0x44000300, 0x0000), /* SRCCLKREQ1# */ ++_PAD_CFG_STRUCT(GPP_B7, 0x44000300, 0x0000), /* SRCCLKREQ2# */ ++_PAD_CFG_STRUCT(GPP_B8, 0x44000300, 0x0000), /* SRCCLKREQ3# */ ++_PAD_CFG_STRUCT(GPP_B9, 0x44000300, 0x0000), /* SRCCLKREQ4# */ ++_PAD_CFG_STRUCT(GPP_B10, 0x44000300, 0x0000), /* SRCCLKREQ5# */ ++_PAD_CFG_STRUCT(GPP_B11, 0x84000201, 0x0000), /* EXT_PWR_GATE# */ ++_PAD_CFG_STRUCT(GPP_B12, 0x44000700, 0x0000), /* SLP_S0# */ ++_PAD_CFG_STRUCT(GPP_B13, 0x44000700, 0x0000), /* PLTRST# */ ++_PAD_CFG_STRUCT(GPP_B14, 0x84000201, 0x0000), /* SPKR */ ++_PAD_CFG_STRUCT(GPP_B15, 0x80000701, 0x0000), /* GSPI0_CS0# */ ++_PAD_CFG_STRUCT(GPP_B16, 0x84000601, 0x0000), /* GSPI0_CLK */ ++_PAD_CFG_STRUCT(GPP_B17, 0x44000502, 0x0000), /* GSPI0_MISO */ ++_PAD_CFG_STRUCT(GPP_B18, 0x84000601, 0x0000), /* GSPI0_MOSI */ ++_PAD_CFG_STRUCT(GPP_B19, 0x84000400, 0x0000), /* GSPI1_CS0# */ ++_PAD_CFG_STRUCT(GPP_B20, 0x84000400, 0x0000), /* GSPI1_CLK */ ++_PAD_CFG_STRUCT(GPP_B21, 0x84000402, 0x0000), /* GSPI1_MISO */ ++_PAD_CFG_STRUCT(GPP_B22, 0x84000400, 0x0000), /* GSPI1_MOSI */ ++_PAD_CFG_STRUCT(GPP_B23, 0x44000201, 0x0000), /* SML1ALERT# */ ++ ++/* ------- GPIO Group GPP_G ------- */ ++ ++_PAD_CFG_STRUCT(GPP_G0, 0x84000200, 0x0000), /* SD_CMD */ ++_PAD_CFG_STRUCT(GPP_G1, 0x84000300, 0x0000), /* SD_DATA0 */ ++_PAD_CFG_STRUCT(GPP_G2, 0x84000300, 0x0000), /* SD_DATA1 */ ++_PAD_CFG_STRUCT(GPP_G3, 0x84000300, 0x0000), /* SD_DATA2 */ ++_PAD_CFG_STRUCT(GPP_G4, 0x84000300, 0x0000), /* SD_DATA3 */ ++_PAD_CFG_STRUCT(GPP_G5, 0x84000300, 0x3000), /* SD3_CD# */ ++_PAD_CFG_STRUCT(GPP_G6, 0x84000300, 0x0000), /* SD3_CLK */ ++_PAD_CFG_STRUCT(GPP_G7, 0x84000300, 0x1000), /* SD3_WP */ ++ ++/* ------- GPIO Group GPP_D ------- */ ++ ++_PAD_CFG_STRUCT(GPP_D0, 0x44000300, 0x0000), /* SPI1_CS# */ ++_PAD_CFG_STRUCT(GPP_D1, 0x44000300, 0x0000), /* SPI1_CLK */ ++_PAD_CFG_STRUCT(GPP_D2, 0x44000300, 0x0000), /* SPI1_MISO */ ++_PAD_CFG_STRUCT(GPP_D3, 0x44000300, 0x0000), /* SPI1_MOSI */ ++_PAD_CFG_STRUCT(GPP_D4, 0x44000300, 0x0000), /* IMGCLKOUT0 */ ++_PAD_CFG_STRUCT(GPP_D5, 0x44000700, 0x0000), /* ISH_I2C0_SDA */ ++_PAD_CFG_STRUCT(GPP_D6, 0x44000700, 0x0000), /* ISH_I2C0_SCL */ ++_PAD_CFG_STRUCT(GPP_D7, 0x84000201, 0x0000), /* ISH_I2C1_SDA */ ++_PAD_CFG_STRUCT(GPP_D8, 0x84000200, 0x0000), /* ISH_I2C1_SCL */ ++_PAD_CFG_STRUCT(GPP_D9, 0x84000201, 0x0000), /* ISH_SPI_CS# */ ++_PAD_CFG_STRUCT(GPP_D10, 0x84000201, 0x0000), /* ISH_SPI_CLK */ ++_PAD_CFG_STRUCT(GPP_D11, 0x44000201, 0x3000), /* ISH_SPI_MISO */ ++_PAD_CFG_STRUCT(GPP_D12, 0x42100102, 0x3000), /* ISH_SPI_MOSI */ ++_PAD_CFG_STRUCT(GPP_D13, 0x44000201, 0x0000), /* ISH_UART0_RXD */ ++_PAD_CFG_STRUCT(GPP_D14, 0x84000201, 0x0000), /* ISH_UART0_TXD */ ++_PAD_CFG_STRUCT(GPP_D15, 0x84000201, 0x0000), /* ISH_UART0_RTS# */ ++_PAD_CFG_STRUCT(GPP_D16, 0x44000200, 0x0000), /* ISH_UART0_CTS# */ ++_PAD_CFG_STRUCT(GPP_D17, 0x44000700, 0x0000), /* DMIC_CLK1 */ ++_PAD_CFG_STRUCT(GPP_D18, 0x44000700, 0x0000), /* DMIC_DATA1 */ ++_PAD_CFG_STRUCT(GPP_D19, 0x44000700, 0x0000), /* DMIC_CLK0 */ ++_PAD_CFG_STRUCT(GPP_D20, 0x44000700, 0x0000), /* DMIC_DATA0 */ ++_PAD_CFG_STRUCT(GPP_D21, 0x44000300, 0x0000), /* SPI1_IO2 */ ++_PAD_CFG_STRUCT(GPP_D22, 0x44000300, 0x0000), /* SPI1_IO3 */ ++_PAD_CFG_STRUCT(GPP_D23, 0x44000300, 0x0000), /* I2S_MCLK */ ++ ++/* ------- GPIO Group GPP_F ------- */ ++ ++_PAD_CFG_STRUCT(GPP_F0, 0x84000301, 0x0000), /* CNV_PA_BLANKING */ ++_PAD_CFG_STRUCT(GPP_F1, 0x84000200, 0x0000), /* GPIO */ ++_PAD_CFG_STRUCT(GPP_F2, 0x84000201, 0x3000), /* GPIO */ ++_PAD_CFG_STRUCT(GPP_F3, 0x84000200, 0x3000), /* GPIO */ ++_PAD_CFG_STRUCT(GPP_F4, 0x44000700, 0x3000), /* CNV_BRI_DT */ ++_PAD_CFG_STRUCT(GPP_F5, 0x44000702, 0x3000), /* CNV_BRI_RSP */ ++_PAD_CFG_STRUCT(GPP_F6, 0x44000700, 0x3000), /* CNV_RGI_DT */ ++_PAD_CFG_STRUCT(GPP_F7, 0x44000702, 0x3000), /* CNV_RGI_RSP */ ++_PAD_CFG_STRUCT(GPP_F8, 0x44000300, 0x0000), /* CNV_MFUART2_RXD */ ++_PAD_CFG_STRUCT(GPP_F9, 0x44000300, 0x0000), /* CNV_MFUART2_TXD */ ++_PAD_CFG_STRUCT(GPP_F10, 0x84000201, 0x0000), /* GPIO */ ++_PAD_CFG_STRUCT(GPP_F11, 0x44000300, 0x0000), /* EMMC_CMD */ ++_PAD_CFG_STRUCT(GPP_F12, 0x44000300, 0x0000), /* EMMC_DATA0 */ ++_PAD_CFG_STRUCT(GPP_F13, 0x44000300, 0x0000), /* EMMC_DATA1 */ ++_PAD_CFG_STRUCT(GPP_F14, 0x44000300, 0x0000), /* EMMC_DATA2 */ ++_PAD_CFG_STRUCT(GPP_F15, 0x44000300, 0x0000), /* EMMC_DATA3 */ ++_PAD_CFG_STRUCT(GPP_F16, 0x44000300, 0x0000), /* EMMC_DATA4 */ ++_PAD_CFG_STRUCT(GPP_F17, 0x44000300, 0x0000), /* EMMC_DATA5 */ ++_PAD_CFG_STRUCT(GPP_F18, 0x44000300, 0x0000), /* EMMC_DATA6 */ ++_PAD_CFG_STRUCT(GPP_F19, 0x44000300, 0x0000), /* EMMC_DATA7 */ ++_PAD_CFG_STRUCT(GPP_F20, 0x44000300, 0x0000), /* EMMC_RCLK */ ++_PAD_CFG_STRUCT(GPP_F21, 0x44000300, 0x0000), /* EMMC_CLK */ ++_PAD_CFG_STRUCT(GPP_F22, 0x44000300, 0x0000), /* EMMC_RESET# */ ++_PAD_CFG_STRUCT(GPP_F23, 0x44000700, 0x1000), /* A4WP_PRESENT */ ++ ++/* ------- GPIO Group GPP_H ------- */ ++ ++_PAD_CFG_STRUCT(GPP_H0, 0x44000300, 0x3000), /* I2S2_SCLK */ ++_PAD_CFG_STRUCT(GPP_H1, 0x44000f00, 0x3000), /* CNV_RF_RESET# */ ++_PAD_CFG_STRUCT(GPP_H2, 0x84000f00, 0x3000), /* MODEM_CLKREQ */ ++_PAD_CFG_STRUCT(GPP_H3, 0x84000300, 0x3000), /* I2S2_RXD */ ++_PAD_CFG_STRUCT(GPP_H4, 0x84000300, 0x0000), /* I2C2_SDA */ ++_PAD_CFG_STRUCT(GPP_H5, 0x84000300, 0x0000), /* I2C2_SCL */ ++_PAD_CFG_STRUCT(GPP_H6, 0x84000702, 0x0000), /* I2C3_SDA */ ++_PAD_CFG_STRUCT(GPP_H7, 0x84000702, 0x0000), /* I2C3_SCL */ ++_PAD_CFG_STRUCT(GPP_H8, 0x84000702, 0x0000), /* I2C4_SDA */ ++_PAD_CFG_STRUCT(GPP_H9, 0x84000702, 0x0000), /* I2C4_SCL */ ++_PAD_CFG_STRUCT(GPP_H10, 0x84000603, 0x0000), /* I2C5_SDA */ ++_PAD_CFG_STRUCT(GPP_H11, 0x84000603, 0x0000), /* I2C5_SCL */ ++_PAD_CFG_STRUCT(GPP_H12, 0x84000201, 0x0000), /* M2_SKT2_CFG0 */ ++_PAD_CFG_STRUCT(GPP_H13, 0x84000201, 0x0000), /* M2_SKT2_CFG1 */ ++_PAD_CFG_STRUCT(GPP_H14, 0x84000200, 0x0000), /* M2_SKT2_CFG2 */ ++_PAD_CFG_STRUCT(GPP_H15, 0x84000201, 0x0000), /* M2_SKT2_CFG3 */ ++_PAD_CFG_STRUCT(GPP_H16, 0x84000201, 0x0000), /* GPIO */ ++_PAD_CFG_STRUCT(GPP_H17, 0x84000201, 0x0000), /* GPIO */ ++_PAD_CFG_STRUCT(GPP_H18, 0x84000700, 0x0000), /* CPU_C10_GATE# */ ++_PAD_CFG_STRUCT(GPP_H19, 0x84000201, 0x0000), /* TIME_SYNC0 */ ++_PAD_CFG_STRUCT(GPP_H20, 0x84000300, 0x0000), /* IMGCLKOUT1 */ ++_PAD_CFG_STRUCT(GPP_H21, 0x84000200, 0x0000), /* GPIO */ ++_PAD_CFG_STRUCT(GPP_H22, 0x84000201, 0x0000), /* GPIO */ ++_PAD_CFG_STRUCT(GPP_H23, 0x84000200, 0x0000), /* GPIO */ ++ ++/* ------- GPIO Group GPD ------- */ ++ ++_PAD_CFG_STRUCT(GPD0, 0x44000702, 0x0000), /* BATLOW# */ ++_PAD_CFG_STRUCT(GPD1, 0x44000702, 0x3c00), /* ACPRESENT */ ++_PAD_CFG_STRUCT(GPD2, 0x44000702, 0x3c00), /* LAN_WAKE# */ ++_PAD_CFG_STRUCT(GPD3, 0x44000702, 0x3000), /* PRWBTN# */ ++_PAD_CFG_STRUCT(GPD4, 0x44000600, 0x0000), /* SLP_S3# */ ++_PAD_CFG_STRUCT(GPD5, 0x44000600, 0x0000), /* SLP_S4# */ ++_PAD_CFG_STRUCT(GPD6, 0x44000600, 0x0000), /* SLP_A# */ ++_PAD_CFG_STRUCT(GPD7, 0x44000200, 0x0000), /* GPIO */ ++_PAD_CFG_STRUCT(GPD8, 0x44000700, 0x0000), /* SUSCLK */ ++_PAD_CFG_STRUCT(GPD9, 0x44000700, 0x0000), /* SLP_WLAN# */ ++_PAD_CFG_STRUCT(GPD10, 0x44000600, 0x0000), /* SLP_S5# */ ++_PAD_CFG_STRUCT(GPD11, 0x44000600, 0x0000), /* LANPHYPC */ ++ ++/* ------- GPIO Group GPP_C ------- */ ++ ++_PAD_CFG_STRUCT(GPP_C0, 0x44000702, 0x0000), /* SMBCLK */ ++_PAD_CFG_STRUCT(GPP_C1, 0x44000702, 0x0000), /* SMBDATA */ ++_PAD_CFG_STRUCT(GPP_C2, 0x44000201, 0x0000), /* SMBALERT# */ ++_PAD_CFG_STRUCT(GPP_C3, 0x44000702, 0x0000), /* SML0CLK */ ++_PAD_CFG_STRUCT(GPP_C4, 0x44000702, 0x0000), /* SML0DATA */ ++_PAD_CFG_STRUCT(GPP_C5, 0x84000201, 0x0000), /* SML0ALERT# */ ++_PAD_CFG_STRUCT(GPP_C6, 0x44000300, 0x0000), /* SML1CLK */ ++_PAD_CFG_STRUCT(GPP_C7, 0x44000300, 0x0000), /* SML1DATA */ ++_PAD_CFG_STRUCT(GPP_C8, 0x84000201, 0x0000), /* UART0_RXD */ ++_PAD_CFG_STRUCT(GPP_C9, 0x84000201, 0x0000), /* UART0_TXD */ ++_PAD_CFG_STRUCT(GPP_C10, 0x84000200, 0x0000), /* UART0_RTS# */ ++_PAD_CFG_STRUCT(GPP_C11, 0x84000201, 0x0000), /* UART0_CTS# */ ++_PAD_CFG_STRUCT(GPP_C12, 0x84000603, 0x0000), /* UART1_RXD */ ++_PAD_CFG_STRUCT(GPP_C13, 0x84000700, 0x0000), /* UART1_TXD */ ++_PAD_CFG_STRUCT(GPP_C14, 0x84000700, 0x0000), /* UART1_RTS# */ ++_PAD_CFG_STRUCT(GPP_C15, 0x84000702, 0x0000), /* UART1_CTS# */ ++_PAD_CFG_STRUCT(GPP_C16, 0x84000402, 0x0000), /* I2C0_SDA */ ++_PAD_CFG_STRUCT(GPP_C17, 0x84000402, 0x0000), /* I2C0_SCL */ ++_PAD_CFG_STRUCT(GPP_C18, 0x44000702, 0x0000), /* I2C1_SDA */ ++_PAD_CFG_STRUCT(GPP_C19, 0x44000702, 0x0000), /* I2C1_SCL */ ++_PAD_CFG_STRUCT(GPP_C20, 0x44000300, 0x0000), /* UART2_RXD */ ++_PAD_CFG_STRUCT(GPP_C21, 0x44000300, 0x0000), /* UART2_TXD */ ++_PAD_CFG_STRUCT(GPP_C22, 0x84000201, 0x0000), /* UART2_RTS# */ ++_PAD_CFG_STRUCT(GPP_C23, 0x40100102, 0x1000), /* UART2_CTS# */ ++ ++/* ------- GPIO Group GPP_E ------- */ ++ ++_PAD_CFG_STRUCT(GPP_E0, 0x84000300, 0x0000), /* SATAXPCIE0 */ ++_PAD_CFG_STRUCT(GPP_E1, 0x84000300, 0x0000), /* SATAXPCIE1 */ ++_PAD_CFG_STRUCT(GPP_E2, 0x84000502, 0x3000), /* SATAXPCIE2 */ ++_PAD_CFG_STRUCT(GPP_E3, 0x82040102, 0x0000), /* CPU_GP0 */ ++_PAD_CFG_STRUCT(GPP_E4, 0x84000201, 0x0000), /* SATA_DEVSLP0 */ ++_PAD_CFG_STRUCT(GPP_E5, 0x84000300, 0x0000), /* SATA_DEVSLP1 */ ++_PAD_CFG_STRUCT(GPP_E6, 0x84000300, 0x0000), /* SATA_DEVSLP2 */ ++_PAD_CFG_STRUCT(GPP_E7, 0x82000102, 0x0000), /* CPU_GP1 */ ++_PAD_CFG_STRUCT(GPP_E8, 0x84000700, 0x0000), /* SATALED# */ ++_PAD_CFG_STRUCT(GPP_E9, 0x44001700, 0x0000), /* USB2_OC0# */ ++_PAD_CFG_STRUCT(GPP_E10, 0x44001700, 0x0000), /* USB2_OC1# */ ++_PAD_CFG_STRUCT(GPP_E11, 0x44000702, 0x0000), /* USB2_OC2# */ ++_PAD_CFG_STRUCT(GPP_E12, 0x44000702, 0x0000), /* USB2_OC3# */ ++_PAD_CFG_STRUCT(GPP_E13, 0x84000700, 0x0000), /* DDPB_HPD0 */ ++_PAD_CFG_STRUCT(GPP_E14, 0x84000702, 0x0000), /* DDPC_HPD1 */ ++_PAD_CFG_STRUCT(GPP_E15, 0x84000201, 0x0000), /* DDPD_HPD2 */ ++_PAD_CFG_STRUCT(GPP_E16, 0x80880102, 0x3000), /* GPIO */ ++_PAD_CFG_STRUCT(GPP_E17, 0x84000700, 0x0000), /* EDP_HPD */ ++_PAD_CFG_STRUCT(GPP_E18, 0x84000702, 0x0000), /* DPPB_CTRLCLK */ ++_PAD_CFG_STRUCT(GPP_E19, 0x84000602, 0x0000), /* DPPB_CTRLDATA */ ++_PAD_CFG_STRUCT(GPP_E20, 0x84000700, 0x0000), /* DPPC_CTRLCLK */ ++_PAD_CFG_STRUCT(GPP_E21, 0x84000602, 0x0000), /* DPPC_CTRLDATA */ ++_PAD_CFG_STRUCT(GPP_E22, 0x84000702, 0x0000), /* DPPD_CTRLCLK */ ++_PAD_CFG_STRUCT(GPP_E23, 0x84000602, 0x0000), /* DPPD_CTRLDATA */ ++ ++}; ++ ++const struct pad_config *variant_gpio_table(size_t *num) ++{ ++ *num = ARRAY_SIZE(gpio_table); ++ return gpio_table; ++} +diff --git a/src/mainboard/purism/librem_whl/variants/librem_mini/hda_verb.c b/src/mainboard/purism/librem_whl/variants/librem_mini/hda_verb.c +new file mode 100644 +index 0000000000..c3daf3c5ed +--- /dev/null ++++ b/src/mainboard/purism/librem_whl/variants/librem_mini/hda_verb.c +@@ -0,0 +1,33 @@ ++/* SPDX-License-Identifier: GPL-2.0-only */ ++ ++#include ++ ++const u32 cim_verb_data[] = { ++ 0x10ec0269, /* Codec Vendor/Device ID: Realtek ALC293 */ ++ 0x10ec0000, /* Subsystem ID */ ++ 11, /* Number of entries */ ++ ++ AZALIA_SUBVENDOR(0, 0x10ec0000), ++ AZALIA_PIN_CFG(0, 0x12, 0x40000000), ++ AZALIA_PIN_CFG(0, 0x15, 0x01214010), ++ AZALIA_PIN_CFG(0, 0x17, 0x411111f0), ++ AZALIA_PIN_CFG(0, 0x18, 0x01a19130), ++ AZALIA_PIN_CFG(0, 0x19, 0x411111f0), ++ AZALIA_PIN_CFG(0, 0x1a, 0x411111f0), ++ AZALIA_PIN_CFG(0, 0x1b, 0x411111f0), ++ AZALIA_PIN_CFG(0, 0x1d, 0x40422201), ++ AZALIA_PIN_CFG(0, 0x1e, 0x411111f0), ++ ++ 0x8086280b, /* Codec Vendor/Device ID: Intel CannonPoint HDMI */ ++ 0x80860101, /* Subsystem ID */ ++ 4, /* Number of entries */ ++ ++ AZALIA_SUBVENDOR(2, 0x80860101), ++ AZALIA_PIN_CFG(2, 0x05, 0x18560010), ++ AZALIA_PIN_CFG(2, 0x06, 0x18560020), ++ AZALIA_PIN_CFG(2, 0x07, 0x18560030), ++}; ++ ++const u32 pc_beep_verbs[] = {}; ++ ++AZALIA_ARRAY_SIZES; +diff --git a/src/mainboard/purism/librem_whl/variants/librem_mini/include/variant/gpio.h b/src/mainboard/purism/librem_whl/variants/librem_mini/include/variant/gpio.h +new file mode 100644 +index 0000000000..9094b0419d +--- /dev/null ++++ b/src/mainboard/purism/librem_whl/variants/librem_mini/include/variant/gpio.h +@@ -0,0 +1,11 @@ ++/* SPDX-License-Identifier: GPL-2.0-only */ ++ ++#ifndef VARIANT_GPIO_H ++#define VARIANT_GPIO_H ++ ++#include ++#include ++ ++const struct pad_config *variant_gpio_table(size_t *num); ++ ++#endif +-- +2.20.1 + diff --git a/patches/coreboot-4.8.1/0000-measuredboot.patch b/patches/coreboot-4.8.1/0000-measuredboot.patch index 7731a5aef..7e3cce95b 100644 --- a/patches/coreboot-4.8.1/0000-measuredboot.patch +++ b/patches/coreboot-4.8.1/0000-measuredboot.patch @@ -167,7 +167,7 @@ index 6fd55d7..b5b7d91 100644 +{ + if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE)) + { -+ tlcl_measure(3, (const void*) start, size); ++ tlcl_measure(2, (const void*) start, size); + } +} + diff --git a/patches/coreboot-4.8.1/0009-Add-heads-TPM-measurements-to-Skylake-Kabylake.patch b/patches/coreboot-4.8.1/0009-Add-heads-TPM-measurements-to-Skylake-Kabylake.patch index 9b3898e72..1d53f90ca 100644 --- a/patches/coreboot-4.8.1/0009-Add-heads-TPM-measurements-to-Skylake-Kabylake.patch +++ b/patches/coreboot-4.8.1/0009-Add-heads-TPM-measurements-to-Skylake-Kabylake.patch @@ -51,9 +51,9 @@ index 30987ce..4957bc0 100644 + tlcl_lib_init(); + const void * const bootblock = (const void*) 0xFFFFF800; + const unsigned bootblock_size = 0x800; -+ tlcl_measure(0, bootblock, bootblock_size); ++ tlcl_measure(2, bootblock, bootblock_size); + -+ tlcl_measure(1, _romstage, _eromstage - _romstage); ++ tlcl_measure(2, _romstage, _eromstage - _romstage); + } + /* Signal that FSP component has been loaded. */ @@ -66,7 +66,7 @@ index 30987ce..4957bc0 100644 +void platform_segment_loaded(uintptr_t start, size_t size, int flags) +{ + if (IS_ENABLED(CONFIG_MEASURED_BOOT) && !(flags & SEG_NO_MEASURE)) { -+ tlcl_measure(1, (const void*) start, size); ++ tlcl_measure(2, (const void*) start, size); + } +} + @@ -87,7 +87,7 @@ index bda88d1..49568f6 100644 die("Failed to read FSPS!\n"); + if (IS_ENABLED(CONFIG_MEASURED_BOOT)) { -+ tlcl_measure(1, (const void*) dest, size); ++ tlcl_measure(2, (const void*) dest, size); + } + if (fsp_component_relocate((uintptr_t)dest, dest, size) < 0) diff --git a/patches/coreboot-4.8.1/0010-cross-compiler-support.patch b/patches/coreboot-4.8.1/0010-cross-compiler-support.patch new file mode 100644 index 000000000..b99941df7 --- /dev/null +++ b/patches/coreboot-4.8.1/0010-cross-compiler-support.patch @@ -0,0 +1,27 @@ +--- clean/coreboot-4.8.1/Makefile 2018-05-16 21:00:17.000000000 +0200 ++++ coreboot-4.8.1/Makefile 2020-01-08 17:01:32.998287979 +0100 +@@ -152,6 +152,24 @@ + + -include .xcompile + ++ifneq "$(CROSS)" "" ++ $(info coreboot: Using $(CROSS)gcc) ++ CROSS_COMPILE_x86_32 := $(CROSS) ++ CC_x86_32 := $(CROSS_COMPILE_x86_32)gcc ++ CPP_x86_32 := $(CROSS_COMPILE_x86_32)cpp ++ AS_x86_32 := $(CROSS_COMPILE_x86_32)as --32 ++ LD_x86_32 := $(CROSS_COMPILE_x86_32)ld.bfd -b elf32-i386 -melf_i386 ++ NM_x86_32 := $(CROSS_COMPILE_x86_32)nm ++ OBJCOPY_x86_32 := $(CROSS_COMPILE_x86_32)objcopy ++ OBJDUMP_x86_32 := $(CROSS_COMPILE_x86_32)objdump ++ READELF_x86_32 := $(CROSS_COMPILE_x86_32)readelf ++ STRIP_x86_32 := $(CROSS_COMPILE_x86_32)strip ++ AR_x86_32 := $(CROSS_COMPILE_x86_32)ar ++ GNATBIND_x86_32 := $(CROSS_COMPILE_x86_32)gnatbind ++ COMPILER_RT_x86_32 := $(shell $(CC_x86_32) --print-libgcc-file-name) ++endif ++ ++ + ifneq ($(XCOMPILE_COMPLETE),1) + $(shell rm -f .xcompile) + $(error .xcompile deleted because it's invalid. \ diff --git a/patches/coreboot-4.8.1/0030-sandybridge.patch b/patches/coreboot-4.8.1/0030-sandybridge.patch index 8559b4090..b6083f085 100644 --- a/patches/coreboot-4.8.1/0030-sandybridge.patch +++ b/patches/coreboot-4.8.1/0030-sandybridge.patch @@ -22,10 +22,10 @@ index 0426b83..d348b9e 100644 + tlcl_lib_init(); + const void * const bootblock = (const void*) 0xFFFFF800; + const unsigned bootblock_size = 0x800; -+ tlcl_measure(0, bootblock, bootblock_size); ++ tlcl_measure(2, bootblock, bootblock_size); + + extern char _romstage, _eromstage; -+ tlcl_measure(1, &_romstage, &_eromstage - &_romstage); ++ tlcl_measure(2, &_romstage, &_eromstage - &_romstage); + } + /* USB is initialized in MRC if MRC is used. */ diff --git a/patches/coreboot-4.8.1/0060-enable-tpm-on-t430.patch b/patches/coreboot-4.8.1/0060-enable-tpm-on-t430.patch new file mode 100644 index 000000000..ed28a72a1 --- /dev/null +++ b/patches/coreboot-4.8.1/0060-enable-tpm-on-t430.patch @@ -0,0 +1,23 @@ +mb/lenovo/t430/devicetree: Add missing TPM entry +Tested on Lenovo T430: +The TPM is advertised through ACPI tables and the version can be +read using tpm_version, tcsd and tpm_tis. +Change-Id: I0b0c39e7aa1be4a479325d4b5eff5892a7e2f69f +Signed-off-by: Patrick Rudolph +Reviewed-on: https://review.coreboot.org/26780 +Tested-by: build bot (Jenkins) +Reviewed-by: Arthur Heymans +Reviewed-by: Paul Menzel +Original Commit at: https://review.coreboot.org/c/coreboot/+/26780 +--- ./src/mainboard/lenovo/t430/devicetree.cb 2020-01-15 17:42:17.441317488 +0000 ++++ ./src/mainboard/lenovo/t430/devicetree.cb 2020-01-15 17:37:39.889846000 +0000 +@@ -165,6 +165,9 @@ + + register "has_thinker1" = "0" + end ++ chip drivers/pc80/tpm ++ device pnp 0c31.0 on end ++ end + end + device pci 1f.2 on # SATA Controller 1 + subsystemid 0x17aa 0x21f3 diff --git a/patches/cryptsetup-1.7.3.patch b/patches/cryptsetup-1.7.3.patch index c36d36fd8..be7350d85 100644 --- a/patches/cryptsetup-1.7.3.patch +++ b/patches/cryptsetup-1.7.3.patch @@ -1,6 +1,512 @@ -diff -u --recursive ../../clean/cryptsetup-1.7.3/src/Makefile.in ./cryptsetup-1.7.3/src/Makefile.in ---- ../../clean/cryptsetup-1.7.3/src/Makefile.in 2016-10-28 09:45:06.000000000 -0400 -+++ cryptsetup-1.7.3/src/Makefile.in 2017-01-27 17:24:13.115962328 -0500 +diff -u -r cryptsetup-1.7.3-clean/configure cryptsetup-1.7.3/configure +--- cryptsetup-1.7.3-clean/configure 2016-10-28 06:45:06.000000000 -0700 ++++ cryptsetup-1.7.3/configure 2020-01-12 14:12:13.835035728 -0800 +@@ -10113,7 +10113,7 @@ + hardcode_automatic=no + hardcode_direct=no + hardcode_direct_absolute=no +- hardcode_libdir_flag_spec= ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator= + hardcode_minus_L=no + hardcode_shlibpath_var=unsupported +@@ -10197,7 +10197,7 @@ + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + export_dynamic_flag_spec='$wl--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then +@@ -10243,7 +10243,7 @@ + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_minus_L=yes + ;; + esac +@@ -10263,7 +10263,7 @@ + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, + # as there is no search path for DLLs. +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + export_dynamic_flag_spec='$wl--export-all-symbols' + allow_undefined_flag=unsupported + always_export_symbols=no +@@ -10293,7 +10293,7 @@ + ;; + + os2*) +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_minus_L=yes + allow_undefined_flag=unsupported + shrext_cmds=.dll +@@ -10323,7 +10323,7 @@ + interix[3-9]*) + hardcode_direct=no + hardcode_shlibpath_var=no +- hardcode_libdir_flag_spec='$wl-rpath,$libdir' ++ hardcode_libdir_flag_spec=" " + export_dynamic_flag_spec='$wl-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by +@@ -10399,7 +10399,7 @@ + xlf* | bgf* | bgxlf* | mpixlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' + if test yes = "$supports_anon_versioning"; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ +@@ -10466,7 +10466,7 @@ + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else +@@ -10495,7 +10495,7 @@ + + if test no = "$ld_shlibs"; then + runpath_var= +- hardcode_libdir_flag_spec= ++ hardcode_libdir_flag_spec=" " + export_dynamic_flag_spec= + whole_archive_flag_spec= + fi +@@ -10613,7 +10613,7 @@ + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L=yes +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator= + fi + ;; +@@ -10697,11 +10697,11 @@ + aix_libpath=$lt_cv_aix_libpath_ + fi + +- hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" ++ hardcode_libdir_flag_spec=" " + archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag + else + if test ia64 = "$host_cpu"; then +- hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib' ++ hardcode_libdir_flag_spec=" " + allow_undefined_flag="-z nodefs" + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" + else +@@ -10750,7 +10750,7 @@ + aix_libpath=$lt_cv_aix_libpath_ + fi + +- hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" ++ hardcode_libdir_flag_spec=" " + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + no_undefined_flag=' $wl-bernotok' +@@ -10790,7 +10790,7 @@ + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_minus_L=yes + ;; + esac +@@ -10808,7 +10808,7 @@ + case $cc_basename in + cl*) + # Native MSVC +- hardcode_libdir_flag_spec=' ' ++ hardcode_libdir_flag_spec=" " + allow_undefined_flag=unsupported + always_export_symbols=yes + file_list_spec='@' +@@ -10849,7 +10849,7 @@ + ;; + *) + # Assume MSVC wrapper +- hardcode_libdir_flag_spec=' ' ++ hardcode_libdir_flag_spec=" " + allow_undefined_flag=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib +@@ -10900,7 +10900,7 @@ + + dgux*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_shlibpath_var=no + ;; + +@@ -10910,7 +10910,7 @@ + # extra space). + freebsd2.2*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' +- hardcode_libdir_flag_spec='-R$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; +@@ -10926,7 +10926,7 @@ + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly*) + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' +- hardcode_libdir_flag_spec='-R$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; +@@ -10937,7 +10937,7 @@ + else + archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + fi +- hardcode_libdir_flag_spec='$wl+b $wl$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator=: + hardcode_direct=yes + +@@ -10954,7 +10954,7 @@ + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test no = "$with_gnu_ld"; then +- hardcode_libdir_flag_spec='$wl+b $wl$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator=: + hardcode_direct=yes + hardcode_direct_absolute=yes +@@ -11031,7 +11031,7 @@ + esac + fi + if test no = "$with_gnu_ld"; then +- hardcode_libdir_flag_spec='$wl+b $wl$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator=: + + case $host_cpu in +@@ -11090,7 +11090,7 @@ + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' + fi + archive_cmds_need_lc='no' +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator=: + inherit_rpath=yes + link_all_deplibs=yes +@@ -11112,7 +11112,7 @@ + else + archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi +- hardcode_libdir_flag_spec='-R$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; +@@ -11120,7 +11120,7 @@ + newsos6) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator=: + hardcode_shlibpath_var=no + ;; +@@ -11136,11 +11136,11 @@ + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' +- hardcode_libdir_flag_spec='$wl-rpath,$libdir' ++ hardcode_libdir_flag_spec=" " + export_dynamic_flag_spec='$wl-E' + else + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' +- hardcode_libdir_flag_spec='$wl-rpath,$libdir' ++ hardcode_libdir_flag_spec=" " + fi + else + ld_shlibs=no +@@ -11148,7 +11148,7 @@ + ;; + + os2*) +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_minus_L=yes + allow_undefined_flag=unsupported + shrext_cmds=.dll +@@ -11184,7 +11184,7 @@ + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + fi + archive_cmds_need_lc='no' +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator=: + ;; + +@@ -11192,7 +11192,7 @@ + if test yes = "$GCC"; then + allow_undefined_flag=' $wl-expect_unresolved $wl\*' + archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' +- hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' ++ hardcode_libdir_flag_spec=" " + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' +@@ -11200,7 +11200,7 @@ + $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' + + # Both c and cxx compiler support -rpath directly +- hardcode_libdir_flag_spec='-rpath $libdir' ++ hardcode_libdir_flag_spec=" " + fi + archive_cmds_need_lc='no' + hardcode_libdir_separator=: +@@ -11229,7 +11229,7 @@ + ;; + esac + fi +- hardcode_libdir_flag_spec='-R$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_shlibpath_var=no + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; +@@ -11256,7 +11256,7 @@ + else + archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no +@@ -11326,7 +11326,7 @@ + allow_undefined_flag='$wl-z,nodefs' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no +- hardcode_libdir_flag_spec='$wl-R,$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator=':' + link_all_deplibs=yes + export_dynamic_flag_spec='$wl-Bexport' +@@ -11343,7 +11343,7 @@ + + uts4*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + hardcode_shlibpath_var=no + ;; + +@@ -11711,7 +11711,7 @@ + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test ia64 = "$host_cpu"; then + # AIX 5 supports IA64 + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' +@@ -12001,16 +12001,16 @@ + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + esac + ;; +@@ -12025,7 +12025,7 @@ + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=no + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + hpux9* | hpux10* | hpux11*) +@@ -12037,7 +12037,7 @@ + case $host_cpu in + ia64*) + shrext_cmds='.so' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -12053,7 +12053,7 @@ + ;; + hppa*64*) + shrext_cmds='.sl' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -12086,7 +12086,7 @@ + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + irix5* | irix6* | nonstopux*) +@@ -12123,7 +12123,7 @@ + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + # No shared lib support for Linux oldld, aout, or coff. +@@ -12144,11 +12144,11 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. +- hardcode_libdir_flag_spec='-L$libdir' ++ hardcode_libdir_flag_spec=" " + ;; + + # This must be glibc/ELF. +@@ -12199,7 +12199,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not +@@ -12229,7 +12229,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='NetBSD ld.elf_so' + ;; + +@@ -12248,7 +12248,7 @@ + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + newsos6) +@@ -12266,7 +12266,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='ldqnx.so' + ;; + +@@ -12338,7 +12338,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; +@@ -12395,7 +12395,7 @@ + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test yes = "$with_gnu_ld"; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else +@@ -12417,7 +12417,7 @@ + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + uts4*) +@@ -14964,7 +14964,7 @@ + wl="$acl_cv_wl" + libext="$acl_cv_libext" + shlibext="$acl_cv_shlibext" +- hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec" ++ hardcode_libdir_flag_spec=" " + hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" + hardcode_direct="$acl_cv_hardcode_direct" + hardcode_minus_L="$acl_cv_hardcode_minus_L" +@@ -19683,7 +19683,7 @@ + with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' + allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' + no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' +-hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`' ++hardcode_libdir_flag_spec=" " + hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' + hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' + hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' +@@ -19714,7 +19714,7 @@ + postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' + finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' + finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' +-hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' ++hardcode_into_libs=no + sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' + configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`' + configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`' +@@ -20877,7 +20877,7 @@ + finish_eval=$lt_finish_eval + + # Whether we should hardcode library paths into libraries. +-hardcode_into_libs=$hardcode_into_libs ++hardcode_into_libs=no + + # Compile-time system search path for libraries. + sys_lib_search_path_spec=$lt_sys_lib_search_path_spec +@@ -20974,7 +20974,7 @@ + + # Flag to hardcode \$libdir into a binary during linking. + # This must work even if \$libdir does not exist +-hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec ++hardcode_libdir_flag_spec=" " + + # Whether we need a single "-rpath" flag with a separated argument. + hardcode_libdir_separator=$lt_hardcode_libdir_separator +diff -u -r cryptsetup-1.7.3-clean/src/Makefile.in cryptsetup-1.7.3/src/Makefile.in +--- cryptsetup-1.7.3-clean/src/Makefile.in 2016-10-28 06:45:06.000000000 -0700 ++++ cryptsetup-1.7.3/src/Makefile.in 2020-01-12 13:42:22.744734385 -0800 @@ -479,6 +479,8 @@ cryptsetup_LDADD = \ $(top_builddir)/lib/libcryptsetup.la \ diff --git a/patches/flashrom-1.0/0100-enable-kgpe-d16.patch b/patches/flashrom-1.0/0100-enable-kgpe-d16.patch deleted file mode 100644 index 429e18677..000000000 --- a/patches/flashrom-1.0/0100-enable-kgpe-d16.patch +++ /dev/null @@ -1,2599 +0,0 @@ -diff --git ./Makefile ./Makefile -index 9cf52b2..3bc0d8c 100644 ---- ./Makefile -+++ ./Makefile -@@ -214,6 +214,16 @@ UNSUPPORTED_FEATURES += CONFIG_GFXNVIDIA=yes - else - override CONFIG_GFXNVIDIA = no - endif -+ifeq ($(CONFIG_AST1100), yes) -+UNSUPPORTED_FEATURES += CONFIG_AST1100=yes -+else -+override CONFIG_AST1100 = no -+endif -+ifeq ($(CONFIG_AST2400), yes) -+UNSUPPORTED_FEATURES += CONFIG_AST2400=yes -+else -+override CONFIG_AST2400 = no -+endif - ifeq ($(CONFIG_SATASII), yes) - UNSUPPORTED_FEATURES += CONFIG_SATASII=yes - else -@@ -441,6 +451,16 @@ UNSUPPORTED_FEATURES += CONFIG_GFXNVIDIA=yes - else - override CONFIG_GFXNVIDIA = no - endif -+ifeq ($(CONFIG_AST1100), yes) -+UNSUPPORTED_FEATURES += CONFIG_AST1100=yes -+else -+override CONFIG_AST1100 = no -+endif -+ifeq ($(CONFIG_AST2400), yes) -+UNSUPPORTED_FEATURES += CONFIG_AST2400=yes -+else -+override CONFIG_AST2400 = no -+endif - ifeq ($(CONFIG_SATASII), yes) - UNSUPPORTED_FEATURES += CONFIG_SATASII=yes - else -@@ -514,7 +534,7 @@ endif - CHIP_OBJS = jedec.o stm50.o w39.o w29ee011.o \ - sst28sf040.o 82802ab.o \ - sst49lfxxxc.o sst_fwhub.o flashchips.o spi.o spi25.o spi25_statusreg.o \ -- opaque.o sfdp.o en29lv640b.o at45db.o -+ spi4ba.o opaque.o sfdp.o en29lv640b.o at45db.o - - ############################################################################### - # Library code. -@@ -565,6 +585,12 @@ CONFIG_NIC3COM ?= yes - # Enable NVIDIA graphics cards. Note: write and erase do not work properly. - CONFIG_GFXNVIDIA ?= yes - -+# Enable AST1100 BMC SoCs. -+CONFIG_AST1100 ?= yes -+ -+# Enable AST2400 BMC SoCs. -+CONFIG_AST2400 ?= yes -+ - # Always enable SiI SATA controllers for now. - CONFIG_SATASII ?= yes - -@@ -664,6 +690,8 @@ ifeq ($(CONFIG_ENABLE_LIBPCI_PROGRAMMERS), no) - override CONFIG_INTERNAL = no - override CONFIG_NIC3COM = no - override CONFIG_GFXNVIDIA = no -+override CONFIG_AST1100 = no -+override CONFIG_AST2400 = no - override CONFIG_SATASII = no - override CONFIG_ATAHPT = no - override CONFIG_ATAVIA = no -@@ -776,6 +804,18 @@ PROGRAMMER_OBJS += gfxnvidia.o - NEED_LIBPCI += CONFIG_GFXNVIDIA - endif - -+ifeq ($(CONFIG_AST1100), yes) -+FEATURE_CFLAGS += -D'CONFIG_AST1100=1' -+PROGRAMMER_OBJS += ast1100.o -+NEED_LIBPCI += CONFIG_AST1100 -+endif -+ -+ifeq ($(CONFIG_AST2400), yes) -+FEATURE_CFLAGS += -D'CONFIG_AST2400=1' -+PROGRAMMER_OBJS += ast2400.o -+NEED_LIBPCI += CONFIG_AST2400 -+endif -+ - ifeq ($(CONFIG_SATASII), yes) - FEATURE_CFLAGS += -D'CONFIG_SATASII=1' - PROGRAMMER_OBJS += satasii.o -diff --git ./ast1100.c ./ast1100.c -new file mode 100644 -index 0000000..cf28422 ---- /dev/null -+++ ./ast1100.c -@@ -0,0 +1,421 @@ -+/* -+ * This file is part of the flashrom project. -+ * -+ * Copyright (C) 2017 Raptor Engineering, LLC -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+ */ -+ -+#include -+#include -+#include "flash.h" -+#include "programmer.h" -+#include "hwaccess.h" -+ -+#define PCI_VENDOR_ID_ASPEED 0x1a03 -+ -+#define ASPEED_MEMMAP_SIZE (128 * 1024) -+#define ASPEED_P2A_OFFSET 0x10000 -+ -+#define AST1100_SCU_APB_ADDR 0x1e6e2000 -+#define AST1100_SCU_APB_BRIDGE_OFFSET (AST1100_SCU_APB_ADDR & 0xffff) -+#define AST1100_SCU_PROT_KEY 0x00 -+#define AST1100_SCU_HW_STRAP 0x70 -+ -+#define AST1100_SCU_PASSWORD 0x1688a8a8 -+#define AST1100_SCU_BOOT_SRC_MASK 0x3 -+#define AST1100_SCU_BOOT_SPI 0x2 -+#define AST1100_SCU_BOOT_NONE 0x3 -+ -+#define AST1100_SMC_APB_ADDR 0x16000000 -+#define AST1100_SMC_SMC00 0x00 -+#define AST1100_SMC_CE_CTL(N) (0x4 + (N * 4)) -+ -+#define AST1100_SMC_SEGMENT_SIZE_MASK 0x3 -+#define AST1100_SMC_SEGMENT_SIZE_32M 0x0 -+#define AST1100_SMC_SEGMENT_SIZE_16M 0x1 -+#define AST1100_SMC_SEGMENT_SIZE_8M 0x2 -+#define AST1100_SMC_SEGMENT_SIZE_4M 0x3 -+ -+#define AST1100_SMC_FLASH_MMIO_ADDR 0x10000000 -+ -+#define AST1100_SPI_CMD_FAST_R_MODE 0x1 -+#define AST1100_SPI_CMD_USER_MODE 0x3 -+#define AST1100_SPI_CMD_MASK 0x3 -+#define AST1100_SPI_STOP_CE_ACTIVE (0x1 << 2) -+#define AST1100_SPI_SPEED_SHIFT 8 -+#define AST1100_SPI_SPEED_MASK (0x7 << AST1100_SPI_SPEED_SHIFT) -+ -+#define AST1100_SPI_FLASH_MMIO_ADDR 0x30000000 -+ -+#define AST1100_WDT_APB_ADDR 0x1e785000 -+#define AST1100_WDT_APB_BRIDGE_OFFSET (AST1100_WDT_APB_ADDR & 0xffff) -+ -+#define AST1100_WDT1_CTR 0x00 -+#define AST1100_WDT1_CTR_RELOAD 0x04 -+#define AST1100_WDT1_CTR_RESTART 0x08 -+#define AST1100_WDT1_CTL 0x0c -+ -+#define AST1100_WDT_SET_CLOCK (0x1 << 4) -+#define AST1100_WDT_RESET_SYSTEM (0x1 << 1) -+#define AST1100_WDT_ENABLE (0x1 << 0) -+ -+uint8_t *ast1100_device_bar = 0; -+uint8_t ast1100_device_spi_bus = 0; -+uint8_t ast1100_device_spi_speed = 0; -+uint8_t ast1100_device_halt_cpu = 0; -+uint8_t ast1100_device_reset_cpu = 0; -+uint8_t ast1100_device_resume_cpu = 0; -+uint8_t ast1100_device_tickle_fw = 0; -+uint32_t ast1100_device_flash_mmio_offset = 0; -+uint32_t ast1100_original_wdt_conf = 0; -+ -+const struct dev_entry bmc_aspeed_ast1100[] = { -+ {PCI_VENDOR_ID_ASPEED, 0x2000, OK, "ASPEED", "AST1100" }, -+ -+ {0}, -+}; -+ -+static int ast1100_spi_send_command(struct flashctx *flash, -+ unsigned int writecnt, unsigned int readcnt, -+ const unsigned char *writearr, -+ unsigned char *readarr); -+ -+static const struct spi_master spi_master_ast1100 = { -+ .type = SPI_CONTROLLER_AST1100, -+ .max_data_read = 256, -+ .max_data_write = 256, -+ .command = ast1100_spi_send_command, -+ .multicommand = default_spi_send_multicommand, -+ .read = default_spi_read, -+ .write_256 = default_spi_write_256, -+ .write_aai = default_spi_write_aai, -+}; -+ -+static int ast1100_set_a2b_bridge_scu(void) -+{ -+ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); -+ pci_mmio_writel(AST1100_SCU_APB_ADDR & 0xffff0000, ast1100_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast1100_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast1100_set_a2b_bridge_wdt(void) -+{ -+ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); -+ pci_mmio_writel(AST1100_WDT_APB_ADDR & 0xffff0000, ast1100_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast1100_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast1100_set_a2b_bridge_smc(void) -+{ -+ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); -+ pci_mmio_writel(AST1100_SMC_APB_ADDR, ast1100_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast1100_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast1100_set_a2b_bridge_smc_flash(void) -+{ -+ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); -+ pci_mmio_writel(AST1100_SMC_FLASH_MMIO_ADDR + ast1100_device_flash_mmio_offset, ast1100_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast1100_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast1100_disable_cpu(void) { -+ uint32_t dword; -+ -+ if (ast1100_device_halt_cpu) { -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_HW_STRAP); -+ if (((dword & AST1100_SCU_BOOT_SRC_MASK) != AST1100_SCU_BOOT_SPI) -+ && ((dword & AST1100_SCU_BOOT_SRC_MASK) != AST1100_SCU_BOOT_NONE)) { /* NONE permitted to allow for BMC recovery after Ctrl+C or crash */ -+ msg_perr("CPU halt requested but CPU firmware source is not SPI.\n"); -+ pci_mmio_writel(0x0, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_PROT_KEY); -+ ast1100_device_halt_cpu = 0; -+ return 1; -+ } -+ -+ /* Disable CPU */ -+ ast1100_set_a2b_bridge_scu(); -+ pci_mmio_writel((dword & ~AST1100_SCU_BOOT_SRC_MASK) | AST1100_SCU_BOOT_NONE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_HW_STRAP); -+ ast1100_original_wdt_conf = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); -+ pci_mmio_writel(ast1100_original_wdt_conf & 0xffff0, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); -+ } -+ -+ return 0; -+} -+ -+static int ast1100_enable_cpu(void) { -+ uint32_t dword; -+ -+ if (ast1100_device_halt_cpu && ast1100_device_resume_cpu) { -+ /* Re-enable CPU */ -+ ast1100_set_a2b_bridge_scu(); -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_HW_STRAP); -+ pci_mmio_writel((dword & ~AST1100_SCU_BOOT_SRC_MASK) | AST1100_SCU_BOOT_SPI, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_HW_STRAP); -+ } -+ -+ return 0; -+} -+ -+static int ast1100_reset_cpu(void) { -+ if (ast1100_device_reset_cpu) { -+ /* Disable WDT from issuing full SoC reset -+ * Without this, OpenPOWER systems will crash when the GPIO blocks are reset on WDT timeout -+ */ -+ msg_pinfo("Configuring P2A bridge for WDT access\n"); -+ ast1100_set_a2b_bridge_wdt(); -+ ast1100_original_wdt_conf = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); -+ -+ /* Initiate reset */ -+ msg_pinfo("Setting WDT to reset CPU immediately\n"); -+ pci_mmio_writel(ast1100_original_wdt_conf & 0xffff0, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); -+ pci_mmio_writel(0xec08ce00, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTR_RELOAD); -+ pci_mmio_writel(0x4755, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTR_RESTART); -+ pci_mmio_writel(AST1100_WDT_SET_CLOCK, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); -+ pci_mmio_writel(AST1100_WDT_RESET_SYSTEM | AST1100_WDT_ENABLE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); -+ -+ } -+ -+ return 0; -+} -+ -+static int ast1100_shutdown(void *data) { -+ /* Reactivate CPU if previously deactivated */ -+ ast1100_enable_cpu(); -+ -+ /* Reset CPU if requested */ -+ ast1100_reset_cpu(); -+ -+ /* Disable backdoor APB access */ -+ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+int ast1100_init(void) -+{ -+ struct pci_dev *dev = NULL; -+ uint32_t dword; -+ -+ char *arg; -+ -+ ast1100_device_spi_bus = 0; -+ arg = extract_programmer_param("spibus"); -+ if (arg) -+ ast1100_device_spi_bus = strtol(arg, NULL, 0); -+ free(arg); -+ -+ ast1100_device_spi_speed = 0; -+ arg = extract_programmer_param("spispeed"); -+ if (arg) -+ ast1100_device_spi_speed = strtol(arg, NULL, 0); -+ free(arg); -+ -+ ast1100_device_halt_cpu = 0; -+ arg = extract_programmer_param("cpu"); -+ if (arg && !strcmp(arg,"pause")) { -+ ast1100_device_halt_cpu = 1; -+ ast1100_device_resume_cpu = 1; -+ ast1100_device_reset_cpu = 0; -+ } -+ else if (arg && !strcmp(arg,"halt")) { -+ ast1100_device_halt_cpu = 1; -+ ast1100_device_resume_cpu = 0; -+ ast1100_device_reset_cpu = 0; -+ } -+ else if (arg && !strcmp(arg,"reset")) { -+ ast1100_device_halt_cpu = 1; -+ ast1100_device_resume_cpu = 1; -+ ast1100_device_reset_cpu = 1; -+ } -+ else if (arg) { -+ msg_perr("Invalid CPU option! Valid values are: pause | halt | reset\n"); -+ return 1; -+ } -+ arg = extract_programmer_param("tickle"); -+ if (arg && !strcmp(arg,"true")) -+ ast1100_device_tickle_fw = 1; -+ free(arg); -+ -+ if ((ast1100_device_spi_bus < 0) || (ast1100_device_spi_bus > 2)) { -+ msg_perr("SPI bus number out of range! Valid values are 0 - 2.\n"); -+ return 1; -+ } -+ -+ if (rget_io_perms()) -+ return 1; -+ -+ dev = pcidev_init(bmc_aspeed_ast1100, PCI_BASE_ADDRESS_1); -+ if (!dev) -+ return 1; -+ -+ uintptr_t io_base_addr = pcidev_readbar(dev, PCI_BASE_ADDRESS_1); -+ if (!io_base_addr) -+ return 1; -+ -+ msg_pinfo("Detected ASPEED MMIO base address: %p.\n", (void*)io_base_addr); -+ -+ ast1100_device_bar = rphysmap("ASPEED", io_base_addr, ASPEED_MEMMAP_SIZE); -+ if (ast1100_device_bar == ERROR_PTR) -+ return 1; -+ -+ if (register_shutdown(ast1100_shutdown, dev)) -+ return 1; -+ -+ io_base_addr += ASPEED_P2A_OFFSET; -+ msg_pinfo("ASPEED P2A base address: %p.\n", (void*)io_base_addr); -+ -+ msg_pinfo("Configuring P2A bridge for SCU access\n"); -+ ast1100_set_a2b_bridge_scu(); -+ pci_mmio_writel(AST1100_SCU_PASSWORD, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_PROT_KEY); -+ -+ /* Halt CPU if requested */ -+ if (ast1100_disable_cpu()) -+ return 1; -+ -+ msg_pinfo("Configuring P2A bridge for SMC access\n"); -+ ast1100_set_a2b_bridge_smc(); -+ -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_SMC00); -+ if (((dword >> ((ast1100_device_spi_bus * 2) + 4)) & 0x3) != 0x2) { -+ msg_perr("CE%01x Flash type is not SPI!\n", ast1100_device_spi_bus); -+ return 1; -+ } -+ -+ msg_pinfo("Setting CE%01x SPI relative clock speed to %d\n", ast1100_device_spi_bus, ast1100_device_spi_speed); -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ dword &= ~AST1100_SPI_SPEED_MASK; -+ pci_mmio_writel(dword | ((ast1100_device_spi_speed << AST1100_SPI_SPEED_SHIFT) & AST1100_SPI_SPEED_MASK), ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ -+ msg_pinfo("Enabling CE%01x write\n", ast1100_device_spi_bus); -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_SMC00); -+ pci_mmio_writel(dword | (0x1 << (10 + ast1100_device_spi_bus)), ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_SMC00); -+ -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_SMC00); -+ dword &= AST1100_SMC_SEGMENT_SIZE_MASK; -+ switch (dword & AST1100_SMC_SEGMENT_SIZE_MASK) { -+ case AST1100_SMC_SEGMENT_SIZE_32M: -+ ast1100_device_flash_mmio_offset = 0x2000000; -+ break; -+ case AST1100_SMC_SEGMENT_SIZE_16M: -+ ast1100_device_flash_mmio_offset = 0x1000000; -+ break; -+ case AST1100_SMC_SEGMENT_SIZE_8M: -+ ast1100_device_flash_mmio_offset = 0x800000; -+ break; -+ case AST1100_SMC_SEGMENT_SIZE_4M: -+ ast1100_device_flash_mmio_offset = 0x400000; -+ break; -+ default: -+ ast1100_device_flash_mmio_offset = 0x2000000; -+ } -+ msg_pinfo("Segment size: 0x%08x\n", ast1100_device_flash_mmio_offset); -+ -+ ast1100_device_flash_mmio_offset = ast1100_device_flash_mmio_offset * ast1100_device_spi_bus; -+ msg_pinfo("Using CE%01x offset 0x%08x\n", ast1100_device_spi_bus, ast1100_device_flash_mmio_offset); -+ -+ register_spi_master(&spi_master_ast1100); -+ -+ return 0; -+} -+ -+static void ast1100_spi_xfer_data(struct flashctx *flash, -+ unsigned int writecnt, unsigned int readcnt, -+ const unsigned char *writearr, -+ unsigned char *readarr) -+{ -+ int i; -+ uint32_t dword; -+ -+ for (i = 0; i < writecnt; i++) -+ msg_pspew("[%02x]", writearr[i]); -+ msg_pspew("\n"); -+ -+ for (i = 0; i < writecnt; i=i+4) { -+ if ((writecnt - i) < 4) -+ break; -+ dword = writearr[i]; -+ dword |= writearr[i + 1] << 8; -+ dword |= writearr[i + 2] << 16; -+ dword |= writearr[i + 3] << 24; -+ pci_mmio_writel(dword, ast1100_device_bar + ASPEED_P2A_OFFSET); -+ } -+ for (; i < writecnt; i++) -+ pci_mmio_writeb(writearr[i], ast1100_device_bar + ASPEED_P2A_OFFSET); -+ programmer_delay(1); -+ for (i = 0; i < readcnt;) { -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET); -+ if (i < readcnt) -+ readarr[i] = dword & 0xff; -+ i++; -+ if (i < readcnt) -+ readarr[i] = (dword >> 8) & 0xff; -+ i++; -+ if (i < readcnt) -+ readarr[i] = (dword >> 16) & 0xff; -+ i++; -+ if (i < readcnt) -+ readarr[i] = (dword >> 24) & 0xff; -+ i++; -+ } -+ -+ for (i = 0; i < readcnt; i++) -+ msg_pspew("[%02x]", readarr[i]); -+ msg_pspew("\n"); -+} -+ -+/* Returns 0 upon success, a negative number upon errors. */ -+static int ast1100_spi_send_command(struct flashctx *flash, -+ unsigned int writecnt, unsigned int readcnt, -+ const unsigned char *writearr, -+ unsigned char *readarr) -+{ -+ uint32_t dword; -+ -+ msg_pspew("%s, cmd=0x%02x, writecnt=%d, readcnt=%d\n", __func__, *writearr, writecnt, readcnt); -+ -+ /* Set up user command mode */ -+ ast1100_set_a2b_bridge_smc(); -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ pci_mmio_writel(dword | AST1100_SPI_CMD_USER_MODE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ pci_mmio_writel(dword & ~AST1100_SPI_STOP_CE_ACTIVE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ -+ /* Transfer data */ -+ ast1100_set_a2b_bridge_smc_flash(); -+ ast1100_spi_xfer_data(flash, writecnt, readcnt, writearr, readarr); -+ -+ /* Tear down user command mode */ -+ ast1100_set_a2b_bridge_smc(); -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ pci_mmio_writel(dword | AST1100_SPI_STOP_CE_ACTIVE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ pci_mmio_writel((dword & ~AST1100_SPI_CMD_MASK) | AST1100_SPI_CMD_FAST_R_MODE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); -+ -+ if (ast1100_device_tickle_fw) { -+ ast1100_enable_cpu(); -+ programmer_delay(100); -+ ast1100_disable_cpu(); -+ } -+ -+ return 0; -+} -diff --git ./ast2400.c ./ast2400.c -new file mode 100644 -index 0000000..01cee76 ---- /dev/null -+++ ./ast2400.c -@@ -0,0 +1,426 @@ -+/* -+ * This file is part of the flashrom project. -+ * -+ * Copyright (C) 2016 - 2017 Raptor Engineering, LLC -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+ */ -+ -+#include -+#include -+#include "flash.h" -+#include "programmer.h" -+#include "hwaccess.h" -+ -+#define PCI_VENDOR_ID_ASPEED 0x1a03 -+ -+#define ASPEED_MEMMAP_SIZE (128 * 1024) -+#define ASPEED_P2A_OFFSET 0x10000 -+ -+#define AST2400_SCU_APB_ADDR 0x1e6e2000 -+#define AST2400_SCU_APB_BRIDGE_OFFSET (AST2400_SCU_APB_ADDR & 0xffff) -+#define AST2400_SCU_PROT_KEY 0x00 -+#define AST2400_SCU_MISC_CTL 0x2c -+#define AST2400_SCU_HW_STRAP 0x70 -+ -+#define AST2400_SCU_PASSWORD 0x1688a8a8 -+#define AST2400_SCU_BOOT_SRC_MASK 0x3 -+#define AST2400_SCU_BOOT_SPI 0x2 -+#define AST2400_SCU_BOOT_NONE 0x3 -+ -+#define AST2400_SMC_APB_ADDR 0x1e620000 -+#define AST2400_SMC_FMC00 0x00 -+#define AST2400_SMC_CE_CTL(N) (0x10 + (N * 4)) -+#define AST2400_SMC_CE_SEG(N) (0x30 + (N * 4)) -+ -+#define AST2400_SMC_FLASH_MMIO_ADDR 0x20000000 -+ -+#define AST2400_SPI_APB_ADDR 0x1e630000 -+#define AST2400_SPI_CFG 0x00 -+#define AST2400_SPI_CTL 0x04 -+ -+#define AST2400_SPI_CFG_WRITE_EN 0x1 -+#define AST2400_SPI_CMD_FAST_R_MODE 0x1 -+#define AST2400_SPI_CMD_USER_MODE 0x3 -+#define AST2400_SPI_CMD_MASK 0x3 -+#define AST2400_SPI_STOP_CE_ACTIVE (0x1 << 2) -+#define AST2400_SPI_CPOL_1 (0x1 << 4) -+#define AST2400_SPI_LSB_FIRST_CTRL (0x1 << 5) -+#define AST2400_SPI_SPEED_MASK (0xf << 8) -+#define AST2400_SPI_IO_MODE_MASK (0x3 << 28) -+ -+#define AST2400_SPI_FLASH_MMIO_ADDR 0x30000000 -+ -+#define AST2400_WDT_APB_ADDR 0x1e785000 -+#define AST2400_WDT_APB_BRIDGE_OFFSET (AST2400_WDT_APB_ADDR & 0xffff) -+ -+#define AST2400_WDT1_CTL 0x0c -+ -+#define AST2400_WDT_RESET_MODE_MASK (0x3 << 5) -+#define AST2400_WDT_RESET_CPU_ONLY (0x2 << 5) -+ -+uint8_t *ast2400_device_bar = 0; -+uint8_t ast2400_device_spi_bus = 0; -+uint8_t ast2400_device_halt_cpu = 0; -+uint8_t ast2400_device_resume_cpu = 0; -+uint8_t ast2400_device_tickle_fw = 0; -+uint32_t ast2400_device_flash_mmio_offset = 0; -+uint32_t ast2400_device_host_mode = 0; -+uint32_t ast2400_original_wdt_conf = 0; -+ -+const struct dev_entry bmc_aspeed_ast2400[] = { -+ {PCI_VENDOR_ID_ASPEED, 0x2000, OK, "ASPEED", "AST2400" }, -+ -+ {0}, -+}; -+ -+static int ast2400_spi_send_command(struct flashctx *flash, -+ unsigned int writecnt, unsigned int readcnt, -+ const unsigned char *writearr, -+ unsigned char *readarr); -+ -+static const struct spi_master spi_master_ast2400 = { -+ .type = SPI_CONTROLLER_AST2400, -+ .max_data_read = 256, -+ .max_data_write = 256, -+ .command = ast2400_spi_send_command, -+ .multicommand = default_spi_send_multicommand, -+ .read = default_spi_read, -+ .write_256 = default_spi_write_256, -+ .write_aai = default_spi_write_aai, -+}; -+ -+static int ast2400_set_a2b_bridge_scu(void) -+{ -+ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); -+ pci_mmio_writel(AST2400_SCU_APB_ADDR & 0xffff0000, ast2400_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast2400_set_a2b_bridge_wdt(void) -+{ -+ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); -+ pci_mmio_writel(AST2400_WDT_APB_ADDR & 0xffff0000, ast2400_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast2400_set_a2b_bridge_smc(void) -+{ -+ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); -+ pci_mmio_writel(AST2400_SMC_APB_ADDR, ast2400_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast2400_set_a2b_bridge_spi(void) -+{ -+ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); -+ pci_mmio_writel(AST2400_SPI_APB_ADDR, ast2400_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast2400_set_a2b_bridge_smc_flash(void) -+{ -+ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); -+ pci_mmio_writel(AST2400_SMC_FLASH_MMIO_ADDR + ast2400_device_flash_mmio_offset, ast2400_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast2400_set_a2b_bridge_spi_flash(void) -+{ -+ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); -+ pci_mmio_writel(AST2400_SPI_FLASH_MMIO_ADDR, ast2400_device_bar + 0xf004); -+ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+static int ast2400_disable_cpu(void) { -+ uint32_t dword; -+ -+ if (ast2400_device_halt_cpu) { -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_HW_STRAP); -+ if (((dword & AST2400_SCU_BOOT_SRC_MASK) != AST2400_SCU_BOOT_SPI) -+ && ((dword & AST2400_SCU_BOOT_SRC_MASK) != AST2400_SCU_BOOT_NONE)) { /* NONE permitted to allow for BMC recovery after Ctrl+C or crash */ -+ msg_perr("CPU halt requested but CPU firmware source is not SPI.\n"); -+ pci_mmio_writel(0x0, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_PROT_KEY); -+ ast2400_device_halt_cpu = 0; -+ return 1; -+ } -+ -+ /* Disable WDT from issuing full SoC reset -+ * Without this, OpenPOWER systems will crash when the GPIO blocks are reset on WDT timeout -+ */ -+ msg_pinfo("Configuring P2A bridge for WDT access\n"); -+ ast2400_set_a2b_bridge_wdt(); -+ ast2400_original_wdt_conf = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_WDT_APB_BRIDGE_OFFSET + AST2400_WDT1_CTL); -+ pci_mmio_writel((ast2400_original_wdt_conf & ~AST2400_WDT_RESET_MODE_MASK) | AST2400_WDT_RESET_CPU_ONLY, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_WDT_APB_BRIDGE_OFFSET + AST2400_WDT1_CTL); -+ -+ /* Disable CPU */ -+ ast2400_set_a2b_bridge_scu(); -+ pci_mmio_writel((dword & ~AST2400_SCU_BOOT_SRC_MASK) | AST2400_SCU_BOOT_NONE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_HW_STRAP); -+ } -+ -+ return 0; -+} -+ -+static int ast2400_enable_cpu(void) { -+ uint32_t dword; -+ -+ if (ast2400_device_halt_cpu && ast2400_device_resume_cpu) { -+ /* Re-enable CPU */ -+ ast2400_set_a2b_bridge_scu(); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_HW_STRAP); -+ pci_mmio_writel((dword & ~AST2400_SCU_BOOT_SRC_MASK) | AST2400_SCU_BOOT_SPI, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_HW_STRAP); -+ -+ /* Reset WDT configuration */ -+ ast2400_set_a2b_bridge_wdt(); -+ pci_mmio_writel((ast2400_original_wdt_conf & ~AST2400_WDT_RESET_MODE_MASK) | AST2400_WDT_RESET_CPU_ONLY, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_WDT_APB_BRIDGE_OFFSET + AST2400_WDT1_CTL); -+ } -+ -+ return 0; -+} -+ -+static int ast2400_shutdown(void *data) { -+ /* Reactivate CPU if previously deactivated */ -+ ast2400_enable_cpu(); -+ -+ /* Disable backdoor APB access */ -+ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); -+ -+ return 0; -+} -+ -+int ast2400_init(void) -+{ -+ struct pci_dev *dev = NULL; -+ uint32_t dword; -+ uint8_t divisor; -+ -+ char *arg; -+ -+ ast2400_device_spi_bus = 0; -+ arg = extract_programmer_param("spibus"); -+ if (arg) { -+ if (!strcmp(arg,"host")) -+ ast2400_device_host_mode = 1; -+ else -+ ast2400_device_spi_bus = strtol(arg, NULL, 0); -+ } -+ free(arg); -+ -+ ast2400_device_halt_cpu = 0; -+ arg = extract_programmer_param("cpu"); -+ if (arg && !strcmp(arg,"pause")) { -+ ast2400_device_halt_cpu = 1; -+ ast2400_device_resume_cpu = 1; -+ } -+ if (arg && !strcmp(arg,"halt")) { -+ ast2400_device_halt_cpu = 1; -+ ast2400_device_resume_cpu = 0; -+ } -+ arg = extract_programmer_param("tickle"); -+ if (arg && !strcmp(arg,"true")) -+ ast2400_device_tickle_fw = 1; -+ free(arg); -+ -+ if ((ast2400_device_host_mode == 0) && ((ast2400_device_spi_bus < 0) || (ast2400_device_spi_bus > 4))) { -+ msg_perr("SPI bus number out of range! Valid values are 0 - 4.\n"); -+ return 1; -+ } -+ -+ if (rget_io_perms()) -+ return 1; -+ -+ dev = pcidev_init(bmc_aspeed_ast2400, PCI_BASE_ADDRESS_1); -+ if (!dev) -+ return 1; -+ -+ uintptr_t io_base_addr = pcidev_readbar(dev, PCI_BASE_ADDRESS_1); -+ if (!io_base_addr) -+ return 1; -+ -+ msg_pinfo("Detected ASPEED MMIO base address: %p.\n", (void*)io_base_addr); -+ -+ ast2400_device_bar = rphysmap("ASPEED", io_base_addr, ASPEED_MEMMAP_SIZE); -+ if (ast2400_device_bar == ERROR_PTR) -+ return 1; -+ -+ if (register_shutdown(ast2400_shutdown, dev)) -+ return 1; -+ -+ io_base_addr += ASPEED_P2A_OFFSET; -+ msg_pinfo("ASPEED P2A base address: %p.\n", (void*)io_base_addr); -+ -+ msg_pinfo("Configuring P2A bridge for SCU access\n"); -+ ast2400_set_a2b_bridge_scu(); -+ pci_mmio_writel(AST2400_SCU_PASSWORD, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_PROT_KEY); -+ -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_MISC_CTL); -+ pci_mmio_writel(dword & ~((0x1 << 24) | (0x2 << 22)), ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_MISC_CTL); -+ -+ /* Halt CPU if requested */ -+ if (ast2400_disable_cpu()) -+ return 1; -+ -+ msg_pinfo("Configuring P2A bridge for SMC access\n"); -+ ast2400_set_a2b_bridge_smc(); -+ -+ if (ast2400_device_host_mode) { -+ msg_pinfo("Configuring P2A bridge for SPI access\n"); -+ ast2400_set_a2b_bridge_spi(); -+ -+ divisor = 0; /* Slowest speed for now */ -+ -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); -+ dword &= ~AST2400_SPI_SPEED_MASK; -+ dword |= (divisor << 8); -+ dword &= ~AST2400_SPI_CPOL_1; -+ dword &= ~AST2400_SPI_LSB_FIRST_CTRL; /* MSB first */ -+ dword &= ~AST2400_SPI_IO_MODE_MASK; /* Single bit I/O mode */ -+ pci_mmio_writel(dword, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); -+ } -+ else { -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_FMC00); -+ if (((dword >> (ast2400_device_spi_bus * 2)) & 0x3) != 0x2) { -+ msg_perr("CE%01x Flash type is not SPI!\n", ast2400_device_spi_bus); -+ return 1; -+ } -+ -+ msg_pinfo("Enabling CE%01x write\n", ast2400_device_spi_bus); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_FMC00); -+ pci_mmio_writel(dword | (0x1 << (16 + ast2400_device_spi_bus)), ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_FMC00); -+ -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_SEG(ast2400_device_spi_bus)); -+ ast2400_device_flash_mmio_offset = ((dword >> 16) & 0x3f) * 0x800000; -+ msg_pinfo("Using CE%01x offset 0x%08x\n", ast2400_device_spi_bus, ast2400_device_flash_mmio_offset); -+ } -+ -+ register_spi_master(&spi_master_ast2400); -+ -+ return 0; -+} -+ -+static void ast2400_spi_xfer_data(struct flashctx *flash, -+ unsigned int writecnt, unsigned int readcnt, -+ const unsigned char *writearr, -+ unsigned char *readarr) -+{ -+ int i; -+ uint32_t dword; -+ -+ for (i = 0; i < writecnt; i++) -+ msg_pspew("[%02x]", writearr[i]); -+ msg_pspew("\n"); -+ -+ for (i = 0; i < writecnt; i=i+4) { -+ if ((writecnt - i) < 4) -+ break; -+ dword = writearr[i]; -+ dword |= writearr[i + 1] << 8; -+ dword |= writearr[i + 2] << 16; -+ dword |= writearr[i + 3] << 24; -+ pci_mmio_writel(dword, ast2400_device_bar + ASPEED_P2A_OFFSET); -+ } -+ for (; i < writecnt; i++) -+ pci_mmio_writeb(writearr[i], ast2400_device_bar + ASPEED_P2A_OFFSET); -+ programmer_delay(1); -+ for (i = 0; i < readcnt;) { -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET); -+ if (i < readcnt) -+ readarr[i] = dword & 0xff; -+ i++; -+ if (i < readcnt) -+ readarr[i] = (dword >> 8) & 0xff; -+ i++; -+ if (i < readcnt) -+ readarr[i] = (dword >> 16) & 0xff; -+ i++; -+ if (i < readcnt) -+ readarr[i] = (dword >> 24) & 0xff; -+ i++; -+ } -+ -+ for (i = 0; i < readcnt; i++) -+ msg_pspew("[%02x]", readarr[i]); -+ msg_pspew("\n"); -+} -+ -+/* Returns 0 upon success, a negative number upon errors. */ -+static int ast2400_spi_send_command(struct flashctx *flash, -+ unsigned int writecnt, unsigned int readcnt, -+ const unsigned char *writearr, -+ unsigned char *readarr) -+{ -+ uint32_t dword; -+ -+ msg_pspew("%s, cmd=0x%02x, writecnt=%d, readcnt=%d\n", __func__, *writearr, writecnt, readcnt); -+ -+ if (ast2400_device_host_mode) { -+ /* Set up user command mode */ -+ ast2400_set_a2b_bridge_spi(); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CFG); -+ pci_mmio_writel(dword | AST2400_SPI_CFG_WRITE_EN, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CFG); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); -+ pci_mmio_writel(dword | AST2400_SPI_CMD_USER_MODE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); -+ -+ /* Transfer data */ -+ ast2400_set_a2b_bridge_spi_flash(); -+ ast2400_spi_xfer_data(flash, writecnt, readcnt, writearr, readarr); -+ -+ /* Tear down user command mode */ -+ ast2400_set_a2b_bridge_spi(); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); -+ pci_mmio_writel((dword & ~AST2400_SPI_CMD_MASK) | AST2400_SPI_CMD_FAST_R_MODE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CFG); -+ pci_mmio_writel(dword & ~AST2400_SPI_CFG_WRITE_EN, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CFG); -+ } -+ else { -+ /* Set up user command mode */ -+ ast2400_set_a2b_bridge_smc(); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ pci_mmio_writel(dword | AST2400_SPI_CMD_USER_MODE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ pci_mmio_writel(dword & ~AST2400_SPI_STOP_CE_ACTIVE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ -+ /* Transfer data */ -+ ast2400_set_a2b_bridge_smc_flash(); -+ ast2400_spi_xfer_data(flash, writecnt, readcnt, writearr, readarr); -+ -+ /* Tear down user command mode */ -+ ast2400_set_a2b_bridge_smc(); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ pci_mmio_writel(dword | AST2400_SPI_STOP_CE_ACTIVE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ pci_mmio_writel((dword & ~AST2400_SPI_CMD_MASK) | AST2400_SPI_CMD_FAST_R_MODE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); -+ } -+ -+ if (ast2400_device_tickle_fw) { -+ ast2400_enable_cpu(); -+ programmer_delay(100); -+ ast2400_disable_cpu(); -+ } -+ -+ return 0; -+} -diff --git ./chipdrivers.h ./chipdrivers.h -index c85eac9..20529d5 100644 ---- ./chipdrivers.h -+++ ./chipdrivers.h -@@ -195,4 +195,26 @@ int erase_sector_stm50(struct flashctx *flash, unsigned int block, unsigned int - int probe_en29lv640b(struct flashctx *flash); - int write_en29lv640b(struct flashctx *flash, const uint8_t *buf, unsigned int start, unsigned int len); - -+/* spi4ba.c */ -+int spi_enter_4ba_b7(struct flashctx *flash); -+int spi_enter_4ba_b7_we(struct flashctx *flash); -+int spi_byte_program_4ba(struct flashctx *flash, unsigned int addr, uint8_t databyte); -+int spi_nbyte_program_4ba(struct flashctx *flash, unsigned int addr, const uint8_t *bytes, unsigned int len); -+int spi_nbyte_read_4ba(struct flashctx *flash, unsigned int addr, uint8_t *bytes, unsigned int len); -+int spi_block_erase_20_4ba(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+int spi_block_erase_52_4ba(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+int spi_block_erase_d8_4ba(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+int spi_byte_program_4ba_ereg(struct flashctx *flash, unsigned int addr, uint8_t databyte); -+int spi_nbyte_program_4ba_ereg(struct flashctx *flash, unsigned int addr, const uint8_t *bytes, unsigned int len); -+int spi_nbyte_read_4ba_ereg(struct flashctx *flash, unsigned int addr, uint8_t *bytes, unsigned int len); -+int spi_block_erase_20_4ba_ereg(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+int spi_block_erase_52_4ba_ereg(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+int spi_block_erase_d8_4ba_ereg(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+int spi_byte_program_4ba_direct(struct flashctx *flash, unsigned int addr, uint8_t databyte); -+int spi_nbyte_program_4ba_direct(struct flashctx *flash, unsigned int addr, const uint8_t *bytes, unsigned int len); -+int spi_nbyte_read_4ba_direct(struct flashctx *flash, unsigned int addr, uint8_t *bytes, unsigned int len); -+int spi_block_erase_21_4ba_direct(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+int spi_block_erase_5c_4ba_direct(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+int spi_block_erase_dc_4ba_direct(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+ - #endif /* !__CHIPDRIVERS_H__ */ -diff --git ./cli_output.c ./cli_output.c -index 61a9af6..4adfd7d 100644 ---- ./cli_output.c -+++ ./cli_output.c -@@ -90,7 +90,8 @@ int flashrom_print_cb(enum flashrom_log_level level, const char *fmt, va_list ap - fflush(output_type); - } - #ifndef STANDALONE -- if ((level <= verbose_logfile) && logfile) { -+ /* skip of msgs starting from '\b' added to skip progress percents */ -+ if ((level <= verbose_logfile) && logfile && (!fmt || fmt[0] != '\b')) { - ret = vfprintf(logfile, fmt, logfile_args); - if (level != FLASHROM_MSG_SPEW) - fflush(logfile); -diff --git ./flash.h ./flash.h -index 9c3784b..58ad387 100644 ---- ./flash.h -+++ ./flash.h -@@ -119,6 +119,14 @@ enum write_granularity { - #define FEATURE_WRSR_EITHER (FEATURE_WRSR_EWSR | FEATURE_WRSR_WREN) - #define FEATURE_OTP (1 << 8) - #define FEATURE_QPI (1 << 9) -+/* Feature bits used for 4-bytes addressing mode */ -+#define FEATURE_4BA_SUPPORT (1 << 10) -+#define FEATURE_4BA_ONLY (1 << 11) -+#define FEATURE_4BA_EXTENDED_ADDR_REG (1 << 12) -+#define FEATURE_4BA_DIRECT_READ (1 << 13) -+#define FEATURE_4BA_DIRECT_WRITE (1 << 14) -+#define FEATURE_4BA_ALL_ERASERS_DIRECT (1 << 15) -+#define FEATURE_4BA_ALL_DIRECT (FEATURE_4BA_DIRECT_READ | FEATURE_4BA_DIRECT_WRITE | FEATURE_4BA_ALL_ERASERS_DIRECT) - - enum test_state { - OK = 0, -@@ -164,6 +172,14 @@ struct flashchip { - unsigned int page_size; - int feature_bits; - -+ /* set of function pointers to use in 4-bytes addressing mode */ -+ struct four_bytes_addr_funcs_set { -+ int (*enter_4ba) (struct flashctx *flash); -+ int (*read_nbyte) (struct flashctx *flash, unsigned int addr, uint8_t *bytes, unsigned int len); -+ int (*program_byte) (struct flashctx *flash, unsigned int addr, const uint8_t databyte); -+ int (*program_nbyte) (struct flashctx *flash, unsigned int addr, const uint8_t *bytes, unsigned int len); -+ } four_bytes_addr_funcs; -+ - /* Indicate how well flashrom supports different operations of this flash chip. */ - struct tested { - enum test_state probe; -@@ -347,6 +363,11 @@ __attribute__((format(printf, 2, 3))); - #define msg_pspew(...) print(FLASHROM_MSG_SPEW, __VA_ARGS__) /* programmer debug spew */ - #define msg_cspew(...) print(FLASHROM_MSG_SPEW, __VA_ARGS__) /* chip debug spew */ - -+/* Read progress will be shown for reads more than 256KB */ -+#define MIN_LENGTH_TO_SHOW_READ_PROGRESS 256 * 1024 -+/* Read progress will be shown for erases and writes more than 64KB */ -+#define MIN_LENGTH_TO_SHOW_ERASE_AND_WRITE_PROGRESS 64 * 1024 -+ - /* layout.c */ - int register_include_arg(char *name); - int read_romlayout(const char *name); -diff --git ./flashchips.c ./flashchips.c -index 7ef361b..c90fd94 100644 ---- ./flashchips.c -+++ ./flashchips.c -@@ -8045,6 +8045,100 @@ const struct flashchip flashchips[] = { - - { - .vendor = "Macronix", -+ .name = "MX25L25635F/MX25L25645E/MX25L25665E", -+ .bustype = BUS_SPI, -+ .manufacture_id = MACRONIX_ID, -+ .model_id = MACRONIX_MX25L25635F, -+ .total_size = 32768, -+ .page_size = 256, -+ /* OTP: 512B total; enter 0xB1, exit 0xC1 */ -+ .feature_bits = FEATURE_WRSR_WREN | FEATURE_OTP | FEATURE_4BA_SUPPORT, -+ .four_bytes_addr_funcs = -+ { -+ .enter_4ba = spi_enter_4ba_b7, /* enter 4-bytes addressing mode by CMD B7 */ -+ .read_nbyte = spi_nbyte_read_4ba, /* read from 4-bytes addressing mode */ -+ .program_byte = spi_byte_program_4ba, /* write from 4-bytes addressing mode */ -+ .program_nbyte = spi_nbyte_program_4ba /* write from 4-bytes addressing mode */ -+ }, -+ .tested = TEST_OK_PREW, -+ .probe = probe_spi_rdid, -+ .probe_timing = TIMING_ZERO, -+ .block_erasers = -+ { -+ { -+ .eraseblocks = { {4 * 1024, 8192} }, -+ .block_erase = spi_block_erase_20_4ba, -+ }, { -+ .eraseblocks = { {32 * 1024, 1024} }, -+ .block_erase = spi_block_erase_52_4ba, -+ }, { -+ .eraseblocks = { {64 * 1024, 512} }, -+ .block_erase = spi_block_erase_d8_4ba, -+ }, { -+ .eraseblocks = { {32 * 1024 * 1024, 1} }, -+ .block_erase = spi_block_erase_60, -+ }, { -+ .eraseblocks = { {32 * 1024 * 1024, 1} }, -+ .block_erase = spi_block_erase_c7, -+ } -+ }, -+ /* TODO: security register and SBLK/SBULK; MX25L12835F: configuration register */ -+ .printlock = spi_prettyprint_status_register_bp3_srwd, /* bit6 is quad enable */ -+ .unlock = spi_disable_blockprotect_bp3_srwd, -+ .write = spi_chip_write_256, -+ .read = spi_chip_read, /* Fast read (0x0B) supported */ -+ .voltage = {2700, 3600}, -+ }, -+ -+ { -+ .vendor = "Macronix", -+ .name = "MX66L51235F", -+ .bustype = BUS_SPI, -+ .manufacture_id = MACRONIX_ID, -+ .model_id = MACRONIX_MX66L51235F, -+ .total_size = 65536, -+ .page_size = 256, -+ /* OTP: 512B total; enter 0xB1, exit 0xC1 */ -+ .feature_bits = FEATURE_WRSR_WREN | FEATURE_OTP | FEATURE_4BA_SUPPORT, -+ .four_bytes_addr_funcs = -+ { -+ .enter_4ba = spi_enter_4ba_b7, /* enter 4-bytes addressing mode by CMD B7 */ -+ .read_nbyte = spi_nbyte_read_4ba, /* read from 4-bytes addressing mode */ -+ .program_byte = spi_byte_program_4ba, /* write from 4-bytes addressing mode */ -+ .program_nbyte = spi_nbyte_program_4ba /* write from 4-bytes addressing mode */ -+ }, -+ .tested = TEST_OK_PREW, -+ .probe = probe_spi_rdid, -+ .probe_timing = TIMING_ZERO, -+ .block_erasers = -+ { -+ { -+ .eraseblocks = { {4 * 1024, 16384} }, -+ .block_erase = spi_block_erase_20_4ba, -+ }, { -+ .eraseblocks = { {32 * 1024, 2048} }, -+ .block_erase = spi_block_erase_52_4ba, -+ }, { -+ .eraseblocks = { {64 * 1024, 1024} }, -+ .block_erase = spi_block_erase_d8_4ba, -+ }, { -+ .eraseblocks = { {64 * 1024 * 1024, 1} }, -+ .block_erase = spi_block_erase_60, -+ }, { -+ .eraseblocks = { {64 * 1024 * 1024, 1} }, -+ .block_erase = spi_block_erase_c7, -+ } -+ }, -+ /* TODO: security register and SBLK/SBULK; MX25L12835F: configuration register */ -+ .printlock = spi_prettyprint_status_register_bp3_srwd, /* bit6 is quad enable */ -+ .unlock = spi_disable_blockprotect_bp3_srwd, -+ .write = spi_chip_write_256, -+ .read = spi_chip_read, /* Fast read (0x0B) supported */ -+ .voltage = {2700, 3600}, -+ }, -+ -+ { -+ .vendor = "Macronix", - .name = "MX25U1635E", - .bustype = BUS_SPI, - .manufacture_id = MACRONIX_ID, -@@ -11747,7 +11841,7 @@ const struct flashchip flashchips[] = { - .total_size = 16384, - .page_size = 256, - .feature_bits = FEATURE_WRSR_WREN, -- .tested = TEST_UNTESTED, -+ .tested = TEST_OK_PREW, - .probe = probe_spi_rdid, - .probe_timing = TIMING_ZERO, - .block_erasers = { -@@ -14588,6 +14682,54 @@ const struct flashchip flashchips[] = { - - { - .vendor = "Winbond", -+ .name = "W25Q256.V", -+ .bustype = BUS_SPI, -+ .manufacture_id = WINBOND_NEX_ID, -+ .model_id = WINBOND_NEX_W25Q256_V, -+ .total_size = 32768, -+ .page_size = 256, -+ /* supports SFDP */ -+ /* OTP: 1024B total, 256B reserved; read 0x48; write 0x42, erase 0x44, read ID 0x4B */ -+ /* FOUR_BYTE_ADDR: supports 4-bytes addressing mode */ -+ .feature_bits = FEATURE_WRSR_WREN | FEATURE_OTP | FEATURE_4BA_SUPPORT | FEATURE_4BA_DIRECT_READ, -+ .four_bytes_addr_funcs = -+ { -+ .enter_4ba = spi_enter_4ba_b7_we, /* enter 4-bytes addressing mode by CMD B7 + WREN */ -+ .read_nbyte = spi_nbyte_read_4ba_direct, /* read directly from any mode, no need to enter 4ba */ -+ .program_byte = spi_byte_program_4ba, /* write from 4-bytes addressing mode */ -+ .program_nbyte = spi_nbyte_program_4ba /* write from 4-bytes addressing mode */ -+ }, -+ .tested = TEST_OK_PREW, -+ .probe = probe_spi_rdid, -+ .probe_timing = TIMING_ZERO, -+ .block_erasers = -+ { -+ { -+ .eraseblocks = { {4 * 1024, 8192} }, -+ .block_erase = spi_block_erase_20_4ba, /* erases 4k from 4-bytes addressing mode */ -+ }, { -+ .eraseblocks = { {32 * 1024, 1024} }, -+ .block_erase = spi_block_erase_52_4ba, /* erases 32k from 4-bytes addressing mode */ -+ }, { -+ .eraseblocks = { {64 * 1024, 512} }, -+ .block_erase = spi_block_erase_d8_4ba, /* erases 64k from 4-bytes addressing mode */ -+ }, { -+ .eraseblocks = { {32 * 1024 * 1024, 1} }, -+ .block_erase = spi_block_erase_60, -+ }, { -+ .eraseblocks = { {32 * 1024 * 1024, 1} }, -+ .block_erase = spi_block_erase_c7, -+ } -+ }, -+ .printlock = spi_prettyprint_status_register_plain, /* TODO: improve */ -+ .unlock = spi_disable_blockprotect, -+ .write = spi_chip_write_256, -+ .read = spi_chip_read, -+ .voltage = {2700, 3600}, -+ }, -+ -+ { -+ .vendor = "Winbond", - .name = "W25Q20.W", - .bustype = BUS_SPI, - .manufacture_id = WINBOND_NEX_ID, -diff --git ./flashchips.h ./flashchips.h -index 15574bb..62eb9a5 100644 ---- ./flashchips.h -+++ ./flashchips.h -@@ -482,6 +482,7 @@ - #define MACRONIX_MX25L25635F 0x2019 /* Same as MX25L25639F, but the latter seems to not support REMS */ - #define MACRONIX_MX25L1635D 0x2415 - #define MACRONIX_MX25L1635E 0x2515 /* MX25L1635{E} */ -+#define MACRONIX_MX66L51235F 0x201a /* MX66L51235F */ - #define MACRONIX_MX25U1635E 0x2535 - #define MACRONIX_MX25U3235E 0x2536 /* Same as MX25U6435F */ - #define MACRONIX_MX25U6435E 0x2537 /* Same as MX25U6435F */ -diff --git ./flashrom.c ./flashrom.c -index c600efc..767c2c4 100644 ---- ./flashrom.c -+++ ./flashrom.c -@@ -6,6 +6,7 @@ - * Copyright (C) 2005-2008 coresystems GmbH - * Copyright (C) 2008,2009 Carl-Daniel Hailfinger - * Copyright (C) 2016 secunet Security Networks AG -+ * Copyright (C) 2016-2017 Raptor Engineering, LLC - * (Written by Nico Huber for secunet) - * - * This program is free software; you can redistribute it and/or modify -@@ -136,6 +137,30 @@ const struct programmer_entry programmer_table[] = { - }, - #endif - -+#if CONFIG_AST1100 == 1 -+ { -+ .name = "ast1100", -+ .type = PCI, -+ .devs.dev = bmc_aspeed_ast1100, -+ .init = ast1100_init, -+ .map_flash_region = fallback_map, -+ .unmap_flash_region = fallback_unmap, -+ .delay = internal_delay, -+ }, -+#endif -+ -+#if CONFIG_AST2400 == 1 -+ { -+ .name = "ast2400", -+ .type = PCI, -+ .devs.dev = bmc_aspeed_ast2400, -+ .init = ast2400_init, -+ .map_flash_region = fallback_map, -+ .unmap_flash_region = fallback_unmap, -+ .delay = internal_delay, -+ }, -+#endif -+ - #if CONFIG_DRKAISER == 1 - { - .name = "drkaiser", -@@ -1600,6 +1625,18 @@ static int walk_eraseblocks(struct flashctx *const flashctx, - bool first = true; - struct block_eraser *const eraser = &flashctx->chip->block_erasers[erasefunction]; - -+ int show_progress = 0; -+ unsigned int percent_last, percent_current; -+ unsigned long size = flashctx->chip->total_size * 1024; -+ -+ /* progress visualizaion init */ -+ if(size >= MIN_LENGTH_TO_SHOW_ERASE_AND_WRITE_PROGRESS) { -+ msg_cinfo(" "); /* only this space will go to logfile but all strings with \b wont. */ -+ msg_cinfo("\b 0%%"); -+ percent_last = percent_current = 0; -+ show_progress = 1; /* enable progress visualizaion */ -+ } -+ - info->erase_start = 0; - for (i = 0; i < NUM_ERASEREGIONS; ++i) { - /* count==0 for all automatically initialized array -@@ -1620,6 +1657,14 @@ static int walk_eraseblocks(struct flashctx *const flashctx, - msg_cdbg(", "); - msg_cdbg("0x%06x-0x%06x:", info->erase_start, info->erase_end); - -+ if(show_progress) { -+ percent_current = (unsigned int) ((unsigned long long)info->erase_start * 100 / size); -+ if(percent_current != percent_last) { -+ msg_cinfo("\b\b\b%2d%%", percent_current); -+ percent_last = percent_current; -+ } -+ } -+ - ret = per_blockfn(flashctx, info, eraser->block_erase); - if (ret) - return ret; -@@ -1627,6 +1672,10 @@ static int walk_eraseblocks(struct flashctx *const flashctx, - if (info->region_end < info->erase_start) - break; - } -+ -+ if(show_progress) -+ msg_cinfo("\b\b\b\b"); /* remove progress percents from the screen */ -+ - msg_cdbg("\n"); - return 0; - } -@@ -2223,6 +2272,44 @@ int prepare_flash_access(struct flashctx *const flash, - if (flash->chip->unlock) - flash->chip->unlock(flash); - -+ /* Switching to 4-Bytes Addressing mode if flash chip supports it */ -+ if(flash->chip->feature_bits & FEATURE_4BA_SUPPORT) { -+ /* Do not switch if chip is already in 4-bytes addressing mode */ -+ if (flash->chip->feature_bits & FEATURE_4BA_ONLY) { -+ msg_cdbg("Flash chip is already in 4-bytes addressing mode.\n"); -+ } -+ /* Do not switch to 4-Bytes Addressing mode if using Extended Address Register */ -+ else if(flash->chip->feature_bits & FEATURE_4BA_EXTENDED_ADDR_REG) { -+ msg_cdbg("Using 4-bytes addressing with extended address register.\n"); -+ } -+ /* Go to 4-Bytes Addressing mode if selected -+ operation requires 4-Bytes Addressing mode -+ (no need if functions are direct-4BA) */ -+ else if(((read_it || verify_it) -+ && (!(flash->chip->feature_bits & FEATURE_4BA_DIRECT_READ))) -+ || ((erase_it || write_it) -+ && ((flash->chip->feature_bits & FEATURE_4BA_ALL_DIRECT) != FEATURE_4BA_ALL_DIRECT))) { -+ -+ if (!flash->chip->four_bytes_addr_funcs.enter_4ba) { -+ msg_cerr("No function for Enter 4-bytes addressing mode for this flash chip.\n" -+ "Please report to flashrom@flashrom.org\n"); -+ return 1; -+ } -+ -+ if(flash->chip->four_bytes_addr_funcs.enter_4ba(flash)) { -+ msg_cerr("Switching to 4-bytes addressing mode failed!\n"); -+ return 1; -+ } -+ -+ msg_cdbg("Switched to 4-bytes addressing mode.\n"); -+ } -+ /* Do not switch to 4-Bytes Addressing mode if all instructions are direct-4BA -+ or if the flash chip is 4-Bytes Addressing Only and always in 4BA-mode */ -+ else { -+ msg_cdbg2("No need to switch to 4-bytes addressing mode.\n"); -+ } -+ } -+ - return 0; - } - -diff --git ./pcidev.c ./pcidev.c -index f4e5542..d36e5c4 100644 ---- ./pcidev.c -+++ ./pcidev.c -@@ -37,11 +37,13 @@ enum pci_bartype { - uintptr_t pcidev_readbar(struct pci_dev *dev, int bar) - { - uint64_t addr; -- uint32_t upperaddr; - uint8_t headertype; - uint16_t supported_cycles; - enum pci_bartype bartype = TYPE_UNKNOWN; - -+#ifndef __PPC64__ -+ uint32_t upperaddr; -+#endif - - headertype = pci_read_byte(dev, PCI_HEADER_TYPE) & 0x7f; - msg_pspew("PCI header type 0x%02x\n", headertype); -@@ -97,6 +99,12 @@ uintptr_t pcidev_readbar(struct pci_dev *dev, int bar) - switch (bartype) { - case TYPE_MEMBAR: - msg_pdbg("MEM"); -+#ifdef __PPC64__ -+ /* PowerPC is able to translate 32-bit BARs into 64-bit host windows. -+ * Use the dev->base_addr[x] mechanism to handle mapping. -+ */ -+ addr = dev->base_addr[(bar - 0x10) / 0x4] & PCI_BASE_ADDRESS_MEM_MASK; -+#else - if (!(supported_cycles & PCI_COMMAND_MEMORY)) { - msg_perr("MEM BAR access requested, but device has MEM space accesses disabled.\n"); - /* TODO: Abort here? */ -@@ -122,6 +130,7 @@ uintptr_t pcidev_readbar(struct pci_dev *dev, int bar) - } - } - addr &= PCI_BASE_ADDRESS_MEM_MASK; -+#endif - break; - case TYPE_IOBAR: - msg_pdbg("I/O\n"); -diff --git ./programmer.h ./programmer.h -index a98b713..c9c3a26 100644 ---- ./programmer.h -+++ ./programmer.h -@@ -5,6 +5,7 @@ - * Copyright (C) 2000 Ronald G. Minnich - * Copyright (C) 2005-2009 coresystems GmbH - * Copyright (C) 2006-2009 Carl-Daniel Hailfinger -+ * Copyright (C) 2016-2017 Raptor Engineering, LLC - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by -@@ -45,6 +46,12 @@ enum programmer { - #if CONFIG_GFXNVIDIA == 1 - PROGRAMMER_GFXNVIDIA, - #endif -+#if CONFIG_AST1100 == 1 -+ PROGRAMMER_AST1100, -+#endif -+#if CONFIG_AST2400 == 1 -+ PROGRAMMER_AST2400, -+#endif - #if CONFIG_DRKAISER == 1 - PROGRAMMER_DRKAISER, - #endif -@@ -404,6 +411,18 @@ int gfxnvidia_init(void); - extern const struct dev_entry gfx_nvidia[]; - #endif - -+/* ast1100.c */ -+#if CONFIG_AST1100 == 1 -+int ast1100_init(void); -+extern const struct dev_entry bmc_aspeed_ast1100[]; -+#endif -+ -+/* ast2400.c */ -+#if CONFIG_AST2400 == 1 -+int ast2400_init(void); -+extern const struct dev_entry bmc_aspeed_ast2400[]; -+#endif -+ - /* drkaiser.c */ - #if CONFIG_DRKAISER == 1 - int drkaiser_init(void); -@@ -605,6 +624,14 @@ enum spi_controller { - #if CONFIG_CH341A_SPI == 1 - SPI_CONTROLLER_CH341A_SPI, - #endif -+ -+#if CONFIG_AST1100 == 1 -+ SPI_CONTROLLER_AST1100, -+#endif -+ -+#if CONFIG_AST2400 == 1 -+ SPI_CONTROLLER_AST2400, -+#endif - }; - - #define MAX_DATA_UNSPECIFIED 0 -diff --git ./spi.c ./spi.c -index c306ac3..817c8de 100644 ---- ./spi.c -+++ ./spi.c -@@ -112,7 +126,10 @@ int spi_chip_read(struct flashctx *flash, uint8_t *buf, unsigned int start, - * means 0xffffff, the highest unsigned 24bit number. - */ - addrbase = spi_get_valid_read_addr(flash); -- if (addrbase + flash->chip->total_size * 1024 > (1 << 24)) { -+ /* Show flash chip size warning if flash chip doesn't support -+ 4-Bytes Addressing mode and last address excedes 24 bits */ -+ if (!(flash->chip->feature_bits & FEATURE_4BA_SUPPORT) && -+ addrbase + flash->chip->total_size * 1024 > (1 << 24)) { - msg_perr("Flash chip size exceeds the allowed access window. "); - msg_perr("Read will probably fail.\n"); - /* Try to get the best alignment subject to constraints. */ -diff --git ./spi25.c ./spi25.c -index 76242be..c324835 100644 ---- ./spi25.c -+++ ./spi25.c -@@ -28,6 +28,7 @@ - #include "chipdrivers.h" - #include "programmer.h" - #include "spi.h" -+#include "spi4ba.h" - - static int spi_rdid(struct flashctx *flash, unsigned char *readarr, int bytes) - { -@@ -967,7 +968,11 @@ int spi_read_chunked(struct flashctx *flash, uint8_t *buf, unsigned int start, - lenhere = min(start + len, (i + 1) * area_size) - starthere; - for (j = 0; j < lenhere; j += chunksize) { - toread = min(chunksize, lenhere - j); -- rc = spi_nbyte_read(flash, starthere + j, buf + starthere - start + j, toread); -+ rc = (flash->chip->feature_bits & FEATURE_4BA_SUPPORT) == 0 -+ ? spi_nbyte_read(flash, starthere + j, buf + starthere - start + j, toread) -+ : flash->chip->four_bytes_addr_funcs.read_nbyte(flash, starthere + j, -+ buf + starthere - start + j, toread); -+ - if (rc) - break; - } -@@ -994,6 +999,16 @@ int spi_write_chunked(struct flashctx *flash, const uint8_t *buf, unsigned int s - * we're OK for now. - */ - unsigned int page_size = flash->chip->page_size; -+ int show_progress = 0; -+ unsigned int percent_last, percent_current; -+ -+ /* progress visualizaion init */ -+ if(len >= MIN_LENGTH_TO_SHOW_READ_PROGRESS) { -+ msg_cinfo(" "); /* only this space will go to logfile but all strings with \b wont. */ -+ msg_cinfo("\b 0%%"); -+ percent_last = percent_current = 0; -+ show_progress = 1; /* enable progress visualizaion */ -+ } - - /* Warning: This loop has a very unusual condition and body. - * The loop needs to go through each page with at least one affected -@@ -1012,7 +1027,10 @@ int spi_write_chunked(struct flashctx *flash, const uint8_t *buf, unsigned int s - lenhere = min(start + len, (i + 1) * page_size) - starthere; - for (j = 0; j < lenhere; j += chunksize) { - towrite = min(chunksize, lenhere - j); -- rc = spi_nbyte_program(flash, starthere + j, buf + starthere - start + j, towrite); -+ rc = (flash->chip->feature_bits & FEATURE_4BA_SUPPORT) == 0 -+ ? spi_nbyte_program(flash, starthere + j, buf + starthere - start + j, towrite) -+ : flash->chip->four_bytes_addr_funcs.program_nbyte(flash, starthere + j, -+ buf + starthere - start + j, towrite); - if (rc) - break; - while (spi_read_status_register(flash) & SPI_SR_WIP) -@@ -1020,8 +1038,20 @@ int spi_write_chunked(struct flashctx *flash, const uint8_t *buf, unsigned int s - } - if (rc) - break; -+ -+ if(show_progress) { -+ percent_current = (unsigned int) ((unsigned long long)(starthere + -+ lenhere - start) * 100 / len); -+ if(percent_current != percent_last) { -+ msg_cinfo("\b\b\b%2d%%", percent_current); -+ percent_last = percent_current; -+ } -+ } - } - -+ if(show_progress && !rc) -+ msg_cinfo("\b\b\b\b"); /* remove progress percents from the screen */ -+ - return rc; - } - -@@ -1038,7 +1068,9 @@ int spi_chip_write_1(struct flashctx *flash, const uint8_t *buf, unsigned int st - int result = 0; - - for (i = start; i < start + len; i++) { -- result = spi_byte_program(flash, i, buf[i - start]); -+ result = (flash->chip->feature_bits & FEATURE_4BA_SUPPORT) == 0 -+ ? spi_byte_program(flash, i, buf[i - start]) -+ : flash->chip->four_bytes_addr_funcs.program_byte(flash, i, buf[i - start]); - if (result) - return 1; - while (spi_read_status_register(flash) & SPI_SR_WIP) -diff --git ./spi4ba.c ./spi4ba.c -new file mode 100644 -index 0000000..6e1cc9b ---- /dev/null -+++ ./spi4ba.c -@@ -0,0 +1,920 @@ -+/* -+ * This file is part of the flashrom project. -+ * -+ * Copyright (C) 2014 Boris Baykov -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; version 2 of the License. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+ */ -+ -+/* -+ * SPI chip driver functions for 4-bytes addressing -+ */ -+ -+#include -+#include "flash.h" -+#include "chipdrivers.h" -+#include "spi.h" -+#include "programmer.h" -+#include "spi4ba.h" -+ -+/* #define MSG_TRACE_4BA_FUNCS 1 */ -+ -+#ifdef MSG_TRACE_4BA_FUNCS -+#define msg_trace(...) print(MSG_DEBUG, __VA_ARGS__) -+#else -+#define msg_trace(...) -+#endif -+ -+/* Enter 4-bytes addressing mode (without sending WREN before) */ -+int spi_enter_4ba_b7(struct flashctx *flash) -+{ -+ const unsigned char cmd[JEDEC_ENTER_4_BYTE_ADDR_MODE_OUTSIZE] = { JEDEC_ENTER_4_BYTE_ADDR_MODE }; -+ -+ msg_trace("-> %s\n", __func__); -+ -+ /* Switch to 4-bytes addressing mode */ -+ return spi_send_command(flash, sizeof(cmd), 0, cmd, NULL); -+} -+ -+/* Enter 4-bytes addressing mode with sending WREN before */ -+int spi_enter_4ba_b7_we(struct flashctx *flash) -+{ -+ int result; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_ENTER_4_BYTE_ADDR_MODE_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_ENTER_4_BYTE_ADDR_MODE }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s\n", __func__); -+ -+ /* Switch to 4-bytes addressing mode */ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution\n", __func__); -+ } -+ return result; -+} -+ -+/* Program one flash byte from 4-bytes addressing mode */ -+int spi_byte_program_4ba(struct flashctx *flash, unsigned int addr, -+ uint8_t databyte) -+{ -+ int result; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_BYTE_PROGRAM_OUTSIZE + 1, -+ .writearr = (const unsigned char[]){ -+ JEDEC_BYTE_PROGRAM, -+ (addr >> 24) & 0xff, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr & 0xff), -+ databyte -+ }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X)\n", __func__, addr); -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ } -+ return result; -+} -+ -+/* Program flash bytes from 4-bytes addressing mode */ -+int spi_nbyte_program_4ba(struct flashctx *flash, unsigned int addr, -+ const uint8_t *bytes, unsigned int len) -+{ -+ int result; -+ unsigned char cmd[(JEDEC_BYTE_PROGRAM_OUTSIZE + 1) - 1 + 256] = { -+ JEDEC_BYTE_PROGRAM, -+ (addr >> 24) & 0xff, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr >> 0) & 0xff -+ }; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = (JEDEC_BYTE_PROGRAM_OUTSIZE + 1) - 1 + len, -+ .writearr = cmd, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + len - 1); -+ -+ if (!len) { -+ msg_cerr("%s called for zero-length write\n", __func__); -+ return 1; -+ } -+ if (len > 256) { -+ msg_cerr("%s called for too long a write\n", __func__); -+ return 1; -+ } -+ -+ memcpy(&cmd[(JEDEC_BYTE_PROGRAM_OUTSIZE + 1) - 1], bytes, len); -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ } -+ return result; -+} -+ -+/* Read flash bytes from 4-bytes addressing mode */ -+int spi_nbyte_read_4ba(struct flashctx *flash, unsigned int addr, -+ uint8_t *bytes, unsigned int len) -+{ -+ const unsigned char cmd[JEDEC_READ_OUTSIZE + 1] = { -+ JEDEC_READ, -+ (addr >> 24) & 0xff, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr >> 0) & 0xff -+ }; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + len - 1); -+ -+ /* Send Read */ -+ return spi_send_command(flash, sizeof(cmd), len, cmd, bytes); -+} -+ -+/* Erases 4 KB of flash from 4-bytes addressing mode */ -+int spi_block_erase_20_4ba(struct flashctx *flash, unsigned int addr, -+ unsigned int blocklen) -+{ -+ int result; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_SE_OUTSIZE + 1, -+ .writearr = (const unsigned char[]){ -+ JEDEC_SE, -+ (addr >> 24) & 0xff, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr & 0xff) -+ }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + blocklen - 1); -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ return result; -+ } -+ /* Wait until the Write-In-Progress bit is cleared. -+ * This usually takes 15-800 ms, so wait in 10 ms steps. -+ */ -+ while (spi_read_status_register(flash) & SPI_SR_WIP) -+ programmer_delay(10 * 1000); -+ /* FIXME: Check the status register for errors. */ -+ return 0; -+} -+ -+/* Erases 32 KB of flash from 4-bytes addressing mode */ -+int spi_block_erase_52_4ba(struct flashctx *flash, unsigned int addr, -+ unsigned int blocklen) -+{ -+ int result; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_BE_52_OUTSIZE + 1, -+ .writearr = (const unsigned char[]){ -+ JEDEC_BE_52, -+ (addr >> 24) & 0xff, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr & 0xff) -+ }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + blocklen - 1); -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ return result; -+ } -+ /* Wait until the Write-In-Progress bit is cleared. -+ * This usually takes 100-4000 ms, so wait in 100 ms steps. -+ */ -+ while (spi_read_status_register(flash) & SPI_SR_WIP) -+ programmer_delay(100 * 1000); -+ /* FIXME: Check the status register for errors. */ -+ return 0; -+} -+ -+/* Erases 64 KB of flash from 4-bytes addressing mode */ -+int spi_block_erase_d8_4ba(struct flashctx *flash, unsigned int addr, -+ unsigned int blocklen) -+{ -+ int result; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_BE_D8_OUTSIZE + 1, -+ .writearr = (const unsigned char[]){ -+ JEDEC_BE_D8, -+ (addr >> 24) & 0xff, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr & 0xff) -+ }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + blocklen - 1); -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ return result; -+ } -+ /* Wait until the Write-In-Progress bit is cleared. -+ * This usually takes 100-4000 ms, so wait in 100 ms steps. -+ */ -+ while (spi_read_status_register(flash) & SPI_SR_WIP) -+ programmer_delay(100 * 1000); -+ /* FIXME: Check the status register for errors. */ -+ return 0; -+} -+ -+/* Write Extended Address Register value */ -+int spi_write_extended_address_register(struct flashctx *flash, uint8_t regdata) -+{ -+ int result; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_WRITE_EXT_ADDR_REG_OUTSIZE, -+ .writearr = (const unsigned char[]){ -+ JEDEC_WRITE_EXT_ADDR_REG, -+ regdata -+ }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (%02X)\n", __func__, regdata); -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution\n", __func__); -+ return result; -+ } -+ return 0; -+} -+ -+/* Assign required value of Extended Address Register. This function -+ keeps last value of the register and writes the register if the -+ value has to be changed only. */ -+int set_extended_address_register(struct flashctx *flash, uint8_t data) -+{ -+ static uint8_t ext_addr_reg_state; /* memory for last register state */ -+ static int ext_addr_reg_state_valid = 0; -+ int result; -+ -+ if (ext_addr_reg_state_valid == 0 || data != ext_addr_reg_state) { -+ result = spi_write_extended_address_register(flash, data); -+ if (result) { -+ ext_addr_reg_state_valid = 0; -+ return result; -+ } -+ ext_addr_reg_state = data; -+ ext_addr_reg_state_valid = 1; -+ } -+ return 0; -+} -+ -+/* Program one flash byte using Extended Address Register -+ from 3-bytes addressing mode */ -+int spi_byte_program_4ba_ereg(struct flashctx *flash, unsigned int addr, -+ uint8_t databyte) -+{ -+ int result; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_BYTE_PROGRAM_OUTSIZE, -+ .writearr = (const unsigned char[]){ -+ JEDEC_BYTE_PROGRAM, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr & 0xff), -+ databyte -+ }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X)\n", __func__, addr); -+ -+ result = set_extended_address_register(flash, (addr >> 24) & 0xff); -+ if (result) -+ return result; -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ } -+ return result; -+} -+ -+/* Program flash bytes using Extended Address Register -+ from 3-bytes addressing mode */ -+int spi_nbyte_program_4ba_ereg(struct flashctx *flash, unsigned int addr, -+ const uint8_t *bytes, unsigned int len) -+{ -+ int result; -+ unsigned char cmd[JEDEC_BYTE_PROGRAM_OUTSIZE - 1 + 256] = { -+ JEDEC_BYTE_PROGRAM, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr >> 0) & 0xff -+ }; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_BYTE_PROGRAM_OUTSIZE - 1 + len, -+ .writearr = cmd, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + len - 1); -+ -+ if (!len) { -+ msg_cerr("%s called for zero-length write\n", __func__); -+ return 1; -+ } -+ if (len > 256) { -+ msg_cerr("%s called for too long a write\n", __func__); -+ return 1; -+ } -+ -+ memcpy(&cmd[JEDEC_BYTE_PROGRAM_OUTSIZE - 1], bytes, len); -+ -+ result = set_extended_address_register(flash, (addr >> 24) & 0xff); -+ if (result) -+ return result; -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ } -+ return result; -+} -+ -+/* Read flash bytes using Extended Address Register -+ from 3-bytes addressing mode */ -+int spi_nbyte_read_4ba_ereg(struct flashctx *flash, unsigned int addr, -+ uint8_t *bytes, unsigned int len) -+{ -+ int result; -+ const unsigned char cmd[JEDEC_READ_OUTSIZE] = { -+ JEDEC_READ, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr >> 0) & 0xff -+ }; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + len - 1); -+ -+ result = set_extended_address_register(flash, (addr >> 24) & 0xff); -+ if (result) -+ return result; -+ -+ /* Send Read */ -+ return spi_send_command(flash, sizeof(cmd), len, cmd, bytes); -+} -+ -+/* Erases 4 KB of flash using Extended Address Register -+ from 3-bytes addressing mode */ -+int spi_block_erase_20_4ba_ereg(struct flashctx *flash, unsigned int addr, -+ unsigned int blocklen) -+{ -+ int result; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_SE_OUTSIZE, -+ .writearr = (const unsigned char[]){ -+ JEDEC_SE, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr & 0xff) -+ }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + blocklen - 1); -+ -+ result = set_extended_address_register(flash, (addr >> 24) & 0xff); -+ if (result) -+ return result; -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ return result; -+ } -+ /* Wait until the Write-In-Progress bit is cleared. -+ * This usually takes 15-800 ms, so wait in 10 ms steps. -+ */ -+ while (spi_read_status_register(flash) & SPI_SR_WIP) -+ programmer_delay(10 * 1000); -+ /* FIXME: Check the status register for errors. */ -+ return 0; -+} -+ -+/* Erases 32 KB of flash using Extended Address Register -+ from 3-bytes addressing mode */ -+int spi_block_erase_52_4ba_ereg(struct flashctx *flash, unsigned int addr, -+ unsigned int blocklen) -+{ -+ int result; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_BE_52_OUTSIZE, -+ .writearr = (const unsigned char[]){ -+ JEDEC_BE_52, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr & 0xff) -+ }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + blocklen - 1); -+ -+ result = set_extended_address_register(flash, (addr >> 24) & 0xff); -+ if (result) -+ return result; -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ return result; -+ } -+ /* Wait until the Write-In-Progress bit is cleared. -+ * This usually takes 100-4000 ms, so wait in 100 ms steps. -+ */ -+ while (spi_read_status_register(flash) & SPI_SR_WIP) -+ programmer_delay(100 * 1000); -+ /* FIXME: Check the status register for errors. */ -+ return 0; -+} -+ -+/* Erases 64 KB of flash using Extended Address Register -+ from 3-bytes addressing mode */ -+int spi_block_erase_d8_4ba_ereg(struct flashctx *flash, unsigned int addr, -+ unsigned int blocklen) -+{ -+ int result; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_BE_D8_OUTSIZE, -+ .writearr = (const unsigned char[]){ -+ JEDEC_BE_D8, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr & 0xff) -+ }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + blocklen - 1); -+ -+ result = set_extended_address_register(flash, (addr >> 24) & 0xff); -+ if (result) -+ return result; -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ return result; -+ } -+ /* Wait until the Write-In-Progress bit is cleared. -+ * This usually takes 100-4000 ms, so wait in 100 ms steps. -+ */ -+ while (spi_read_status_register(flash) & SPI_SR_WIP) -+ programmer_delay(100 * 1000); -+ /* FIXME: Check the status register for errors. */ -+ return 0; -+} -+ -+/* Program one flash byte with 4-bytes address from ANY mode (3-bytes or 4-bytes) -+ JEDEC_BYTE_PROGRAM_4BA (12h) instruction is new for 4-bytes addressing flash chips. -+ The presence of this instruction for an exact chip should be checked -+ by its datasheet or from SFDP 4-Bytes Address Instruction Table (JESD216B). */ -+int spi_byte_program_4ba_direct(struct flashctx *flash, unsigned int addr, -+ uint8_t databyte) -+{ -+ int result; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_BYTE_PROGRAM_4BA_OUTSIZE, -+ .writearr = (const unsigned char[]){ -+ JEDEC_BYTE_PROGRAM_4BA, -+ (addr >> 24) & 0xff, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr & 0xff), -+ databyte -+ }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X)\n", __func__, addr); -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ } -+ return result; -+} -+ -+/* Program flash bytes with 4-bytes address from ANY mode (3-bytes or 4-bytes) -+ JEDEC_BYTE_PROGRAM_4BA (12h) instruction is new for 4-bytes addressing flash chips. -+ The presence of this instruction for an exact chip should be checked -+ by its datasheet or from SFDP 4-Bytes Address Instruction Table (JESD216B). */ -+int spi_nbyte_program_4ba_direct(struct flashctx *flash, unsigned int addr, -+ const uint8_t *bytes, unsigned int len) -+{ -+ int result; -+ unsigned char cmd[JEDEC_BYTE_PROGRAM_4BA_OUTSIZE - 1 + 256] = { -+ JEDEC_BYTE_PROGRAM_4BA, -+ (addr >> 24) & 0xff, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr >> 0) & 0xff -+ }; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_BYTE_PROGRAM_4BA_OUTSIZE - 1 + len, -+ .writearr = cmd, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + len - 1); -+ -+ if (!len) { -+ msg_cerr("%s called for zero-length write\n", __func__); -+ return 1; -+ } -+ if (len > 256) { -+ msg_cerr("%s called for too long a write\n", __func__); -+ return 1; -+ } -+ -+ memcpy(&cmd[JEDEC_BYTE_PROGRAM_4BA_OUTSIZE - 1], bytes, len); -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ } -+ return result; -+} -+ -+/* Read flash bytes with 4-bytes address from ANY mode (3-bytes or 4-bytes) -+ JEDEC_READ_4BA (13h) instruction is new for 4-bytes addressing flash chips. -+ The presence of this instruction for an exact chip should be checked -+ by its datasheet or from SFDP 4-Bytes Address Instruction Table (JESD216B). */ -+int spi_nbyte_read_4ba_direct(struct flashctx *flash, unsigned int addr, -+ uint8_t *bytes, unsigned int len) -+{ -+ const unsigned char cmd[JEDEC_READ_4BA_OUTSIZE] = { -+ JEDEC_READ_4BA, -+ (addr >> 24) & 0xff, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr >> 0) & 0xff -+ }; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + len - 1); -+ -+ /* Send Read */ -+ return spi_send_command(flash, sizeof(cmd), len, cmd, bytes); -+} -+ -+/* Erase 4 KB of flash with 4-bytes address from ANY mode (3-bytes or 4-bytes) -+ JEDEC_SE_4BA (21h) instruction is new for 4-bytes addressing flash chips. -+ The presence of this instruction for an exact chip should be checked -+ by its datasheet or from SFDP 4-Bytes Address Instruction Table (JESD216B). */ -+int spi_block_erase_21_4ba_direct(struct flashctx *flash, unsigned int addr, -+ unsigned int blocklen) -+{ -+ int result; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_SE_4BA_OUTSIZE, -+ .writearr = (const unsigned char[]){ -+ JEDEC_SE_4BA, -+ (addr >> 24) & 0xff, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr & 0xff) -+ }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + blocklen - 1); -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ return result; -+ } -+ /* Wait until the Write-In-Progress bit is cleared. -+ * This usually takes 15-800 ms, so wait in 10 ms steps. -+ */ -+ while (spi_read_status_register(flash) & SPI_SR_WIP) -+ programmer_delay(10 * 1000); -+ /* FIXME: Check the status register for errors. */ -+ return 0; -+} -+ -+/* Erase 32 KB of flash with 4-bytes address from ANY mode (3-bytes or 4-bytes) -+ JEDEC_BE_5C_4BA (5Ch) instruction is new for 4-bytes addressing flash chips. -+ The presence of this instruction for an exact chip should be checked -+ by its datasheet or from SFDP 4-Bytes Address Instruction Table (JESD216B). */ -+int spi_block_erase_5c_4ba_direct(struct flashctx *flash, unsigned int addr, -+ unsigned int blocklen) -+{ -+ int result; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_BE_5C_4BA_OUTSIZE, -+ .writearr = (const unsigned char[]){ -+ JEDEC_BE_5C_4BA, -+ (addr >> 24) & 0xff, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr & 0xff) -+ }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + blocklen - 1); -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ return result; -+ } -+ /* Wait until the Write-In-Progress bit is cleared. -+ * This usually takes 100-4000 ms, so wait in 100 ms steps. -+ */ -+ while (spi_read_status_register(flash) & SPI_SR_WIP) -+ programmer_delay(100 * 1000); -+ /* FIXME: Check the status register for errors. */ -+ return 0; -+} -+ -+/* Erase 64 KB of flash with 4-bytes address from ANY mode (3-bytes or 4-bytes) -+ JEDEC_BE_DC_4BA (DCh) instruction is new for 4-bytes addressing flash chips. -+ The presence of this instruction for an exact chip should be checked -+ by its datasheet or from SFDP 4-Bytes Address Instruction Table (JESD216B). */ -+int spi_block_erase_dc_4ba_direct(struct flashctx *flash, unsigned int addr, -+ unsigned int blocklen) -+{ -+ int result; -+ struct spi_command cmds[] = { -+ { -+ .writecnt = JEDEC_WREN_OUTSIZE, -+ .writearr = (const unsigned char[]){ JEDEC_WREN }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = JEDEC_BE_DC_4BA_OUTSIZE, -+ .writearr = (const unsigned char[]){ -+ JEDEC_BE_DC_4BA, -+ (addr >> 24) & 0xff, -+ (addr >> 16) & 0xff, -+ (addr >> 8) & 0xff, -+ (addr & 0xff) -+ }, -+ .readcnt = 0, -+ .readarr = NULL, -+ }, { -+ .writecnt = 0, -+ .writearr = NULL, -+ .readcnt = 0, -+ .readarr = NULL, -+ }}; -+ -+ msg_trace("-> %s (0x%08X-0x%08X)\n", __func__, addr, addr + blocklen - 1); -+ -+ result = spi_send_multicommand(flash, cmds); -+ if (result) { -+ msg_cerr("%s failed during command execution at address 0x%x\n", -+ __func__, addr); -+ return result; -+ } -+ /* Wait until the Write-In-Progress bit is cleared. -+ * This usually takes 100-4000 ms, so wait in 100 ms steps. -+ */ -+ while (spi_read_status_register(flash) & SPI_SR_WIP) -+ programmer_delay(100 * 1000); -+ /* FIXME: Check the status register for errors. */ -+ return 0; -+} -diff --git ./spi4ba.h ./spi4ba.h -new file mode 100644 -index 0000000..8e500d1 ---- /dev/null -+++ ./spi4ba.h -@@ -0,0 +1,114 @@ -+/* -+ * This file is part of the flashrom project. -+ * -+ * Copyright (C) 2014 Boris Baykov -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+*/ -+ -+/* -+ * JEDEC flash chips instructions for 4-bytes addressing -+ * SPI chip driver functions for 4-bytes addressing -+ */ -+ -+#ifndef __SPI_4BA_H__ -+#define __SPI_4BA_H__ 1 -+ -+/* Enter 4-byte Address Mode */ -+#define JEDEC_ENTER_4_BYTE_ADDR_MODE 0xB7 -+#define JEDEC_ENTER_4_BYTE_ADDR_MODE_OUTSIZE 0x01 -+#define JEDEC_ENTER_4_BYTE_ADDR_MODE_INSIZE 0x00 -+ -+/* Exit 4-byte Address Mode */ -+#define JEDEC_EXIT_4_BYTE_ADDR_MODE 0xE9 -+#define JEDEC_EXIT_4_BYTE_ADDR_MODE_OUTSIZE 0x01 -+#define JEDEC_EXIT_4_BYTE_ADDR_MODE_INSIZE 0x00 -+ -+/* Write Extended Address Register */ -+#define JEDEC_WRITE_EXT_ADDR_REG 0xC5 -+#define JEDEC_WRITE_EXT_ADDR_REG_OUTSIZE 0x02 -+#define JEDEC_WRITE_EXT_ADDR_REG_INSIZE 0x00 -+ -+/* Read Extended Address Register */ -+#define JEDEC_READ_EXT_ADDR_REG 0xC8 -+#define JEDEC_READ_EXT_ADDR_REG_OUTSIZE 0x01 -+#define JEDEC_READ_EXT_ADDR_REG_INSIZE 0x01 -+ -+/* Read the memory with 4-byte address -+ From ANY mode (3-bytes or 4-bytes) it works with 4-byte address */ -+#define JEDEC_READ_4BA 0x13 -+#define JEDEC_READ_4BA_OUTSIZE 0x05 -+/* JEDEC_READ_4BA_INSIZE : any length */ -+ -+/* Write memory byte with 4-byte address -+ From ANY mode (3-bytes or 4-bytes) it works with 4-byte address */ -+#define JEDEC_BYTE_PROGRAM_4BA 0x12 -+#define JEDEC_BYTE_PROGRAM_4BA_OUTSIZE 0x06 -+#define JEDEC_BYTE_PROGRAM_4BA_INSIZE 0x00 -+ -+/* Sector Erase 0x21 (with 4-byte address), usually 4k size. -+ From ANY mode (3-bytes or 4-bytes) it works with 4-byte address */ -+#define JEDEC_SE_4BA 0x21 -+#define JEDEC_SE_4BA_OUTSIZE 0x05 -+#define JEDEC_SE_4BA_INSIZE 0x00 -+ -+/* Block Erase 0x5C (with 4-byte address), usually 32k size. -+ From ANY mode (3-bytes or 4-bytes) it works with 4-byte address */ -+#define JEDEC_BE_5C_4BA 0x5C -+#define JEDEC_BE_5C_4BA_OUTSIZE 0x05 -+#define JEDEC_BE_5C_4BA_INSIZE 0x00 -+ -+/* Block Erase 0xDC (with 4-byte address), usually 64k size. -+ From ANY mode (3-bytes or 4-bytes) it works with 4-byte address */ -+#define JEDEC_BE_DC_4BA 0xdc -+#define JEDEC_BE_DC_4BA_OUTSIZE 0x05 -+#define JEDEC_BE_DC_4BA_INSIZE 0x00 -+ -+/* enter 4-bytes addressing mode */ -+int spi_enter_4ba_b7(struct flashctx *flash); -+int spi_enter_4ba_b7_we(struct flashctx *flash); -+ -+/* read/write flash bytes in 4-bytes addressing mode */ -+int spi_byte_program_4ba(struct flashctx *flash, unsigned int addr, uint8_t databyte); -+int spi_nbyte_program_4ba(struct flashctx *flash, unsigned int addr, const uint8_t *bytes, unsigned int len); -+int spi_nbyte_read_4ba(struct flashctx *flash, unsigned int addr, uint8_t *bytes, unsigned int len); -+ -+/* erase flash bytes in 4-bytes addressing mode */ -+int spi_block_erase_20_4ba(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+int spi_block_erase_52_4ba(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+int spi_block_erase_d8_4ba(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+ -+/* read/write flash bytes from 3-bytes addressing mode using extended address register */ -+int spi_byte_program_4ba_ereg(struct flashctx *flash, unsigned int addr, uint8_t databyte); -+int spi_nbyte_program_4ba_ereg(struct flashctx *flash, unsigned int addr, const uint8_t *bytes, unsigned int len); -+int spi_nbyte_read_4ba_ereg(struct flashctx *flash, unsigned int addr, uint8_t *bytes, unsigned int len); -+ -+/* erase flash bytes from 3-bytes addressing mode using extended address register */ -+int spi_block_erase_20_4ba_ereg(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+int spi_block_erase_52_4ba_ereg(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+int spi_block_erase_d8_4ba_ereg(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+ -+/* read/write flash bytes with 4-bytes address from any mode (3-byte or 4-byte) */ -+int spi_byte_program_4ba_direct(struct flashctx *flash, unsigned int addr, uint8_t databyte); -+int spi_nbyte_program_4ba_direct(struct flashctx *flash, unsigned int addr, const uint8_t *bytes, unsigned int len); -+int spi_nbyte_read_4ba_direct(struct flashctx *flash, unsigned int addr, uint8_t *bytes, unsigned int len); -+ -+/* erase flash bytes with 4-bytes address from any mode (3-byte or 4-byte) */ -+int spi_block_erase_21_4ba_direct(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+int spi_block_erase_5c_4ba_direct(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+int spi_block_erase_dc_4ba_direct(struct flashctx *flash, unsigned int addr, unsigned int blocklen); -+ -+ -+#endif /* __SPI_4BA_H__ */ diff --git a/patches/flashrom-1.0/0101-enable-thinkpad-x220.patch b/patches/flashrom-1.0/0101-enable-thinkpad-x220.patch deleted file mode 100644 index 43f8b5cab..000000000 --- a/patches/flashrom-1.0/0101-enable-thinkpad-x220.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git ./board_enable.c ./board_enable.c -index b6e17ef..23acd7c 100644 ---- ./board_enable.c -+++ ./board_enable.c -@@ -2434,6 +2434,7 @@ const struct board_match board_matches[] = { - {0x8086, 0x27a0, 0x17aa, 0x2017, 0x8086, 0x27b9, 0x17aa, 0x2009, "^ThinkPad T60", NULL, NULL, P2, "IBM/Lenovo", "ThinkPad T60(s)", 0, OK, p2_whitelist_laptop}, - {0x8086, 0x2917, 0x17AA, 0x20F5, 0x8086, 0x2930, 0x17AA, 0x20F9, "^ThinkPad X200", NULL, NULL, P2, "IBM/Lenovo", "ThinkPad X200", 0, OK, p2_whitelist_laptop}, - {0x8086, 0x3B07, 0x17AA, 0x2166, 0x8086, 0x3B30, 0x17AA, 0x2167, "^Lenovo X201", NULL, NULL, P2, "IBM/Lenovo", "ThinkPad X201", 0, OK, p2_whitelist_laptop}, -+ {0x8086, 0x1C22, 0x17AA, 0x21DB, 0x8086, 0x1C4F, 0x17AA, 0x21DB, "^ThinkPad X220", NULL, NULL, P2, "IBM/Lenovo", "ThinkPad X220", 0, OK, p2_whitelist_laptop}, - {0x8086, 0x1E22, 0x17AA, 0x21FA, 0x8086, 0x1E55, 0x17AA, 0x21FA, "^ThinkPad X230", NULL, NULL, P2, "IBM/Lenovo", "ThinkPad X230", 0, OK, p2_whitelist_laptop}, - {0x8086, 0x27A0, 0x17AA, 0x2017, 0x8086, 0x27B9, 0x17AA, 0x2009, "^ThinkPad X60", NULL, NULL, P2, "IBM/Lenovo", "ThinkPad X60(s)", 0, OK, p2_whitelist_laptop}, - {0x8086, 0x2411, 0x8086, 0x2411, 0x8086, 0x7125, 0x0e11, 0xb165, NULL, NULL, NULL, P3, "Mitac", "6513WU", 0, OK, board_mitac_6513wu}, diff --git a/patches/flashrom-v1.2/0100-enable-kgpe-d16.patch b/patches/flashrom-v1.2/0100-enable-kgpe-d16.patch new file mode 100644 index 000000000..b4f8fa0b6 --- /dev/null +++ b/patches/flashrom-v1.2/0100-enable-kgpe-d16.patch @@ -0,0 +1,1097 @@ +diff --git a/Makefile b/Makefile +index 7242b09..c2fb32e 100644 +--- a/Makefile ++++ b/Makefile +@@ -236,6 +236,16 @@ UNSUPPORTED_FEATURES += CONFIG_GFXNVIDIA=yes + else + override CONFIG_GFXNVIDIA = no + endif ++ifeq ($(CONFIG_AST1100), yes) ++UNSUPPORTED_FEATURES += CONFIG_AST1100=yes ++else ++override CONFIG_AST1100 = no ++endif ++ifeq ($(CONFIG_AST2400), yes) ++UNSUPPORTED_FEATURES += CONFIG_AST2400=yes ++else ++override CONFIG_AST2400 = no ++endif + ifeq ($(CONFIG_SATASII), yes) + UNSUPPORTED_FEATURES += CONFIG_SATASII=yes + else +@@ -492,6 +502,16 @@ UNSUPPORTED_FEATURES += CONFIG_GFXNVIDIA=yes + else + override CONFIG_GFXNVIDIA = no + endif ++ifeq ($(CONFIG_AST1100), yes) ++UNSUPPORTED_FEATURES += CONFIG_AST1100=yes ++else ++override CONFIG_AST1100 = no ++endif ++ifeq ($(CONFIG_AST2400), yes) ++UNSUPPORTED_FEATURES += CONFIG_AST2400=yes ++else ++override CONFIG_AST2400 = no ++endif + ifeq ($(CONFIG_SATASII), yes) + UNSUPPORTED_FEATURES += CONFIG_SATASII=yes + else +@@ -616,6 +636,12 @@ CONFIG_NIC3COM ?= yes + # Enable NVIDIA graphics cards. Note: write and erase do not work properly. + CONFIG_GFXNVIDIA ?= yes + ++# Enable AST1100 BMC SoCs. ++CONFIG_AST1100 ?= yes ++ ++# Enable AST2400 BMC SoCs. ++CONFIG_AST2400 ?= yes ++ + # Always enable SiI SATA controllers for now. + CONFIG_SATASII ?= yes + +@@ -728,6 +754,8 @@ ifeq ($(CONFIG_ENABLE_LIBPCI_PROGRAMMERS), no) + override CONFIG_INTERNAL = no + override CONFIG_NIC3COM = no + override CONFIG_GFXNVIDIA = no ++override CONFIG_AST1100 = no ++override CONFIG_AST2400 = no + override CONFIG_SATASII = no + override CONFIG_ATAHPT = no + override CONFIG_ATAVIA = no +@@ -840,6 +868,18 @@ PROGRAMMER_OBJS += gfxnvidia.o + NEED_LIBPCI += CONFIG_GFXNVIDIA + endif + ++ifeq ($(CONFIG_AST1100), yes) ++FEATURE_CFLAGS += -D'CONFIG_AST1100=1' ++PROGRAMMER_OBJS += ast1100.o ++NEED_LIBPCI += CONFIG_AST1100 ++endif ++ ++ifeq ($(CONFIG_AST2400), yes) ++FEATURE_CFLAGS += -D'CONFIG_AST2400=1' ++PROGRAMMER_OBJS += ast2400.o ++NEED_LIBPCI += CONFIG_AST2400 ++endif ++ + ifeq ($(CONFIG_SATASII), yes) + FEATURE_CFLAGS += -D'CONFIG_SATASII=1' + PROGRAMMER_OBJS += satasii.o +diff --git a/ast1100.c b/ast1100.c +new file mode 100644 +index 0000000..c7474e5 +--- /dev/null ++++ b/ast1100.c +@@ -0,0 +1,420 @@ ++/* ++ * This file is part of the flashrom project. ++ * ++ * Copyright (C) 2017 Raptor Engineering, LLC ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ */ ++ ++#include ++#include ++#include "flash.h" ++#include "programmer.h" ++#include "hwaccess.h" ++ ++#define PCI_VENDOR_ID_ASPEED 0x1a03 ++ ++#define ASPEED_MEMMAP_SIZE (128 * 1024) ++#define ASPEED_P2A_OFFSET 0x10000 ++ ++#define AST1100_SCU_APB_ADDR 0x1e6e2000 ++#define AST1100_SCU_APB_BRIDGE_OFFSET (AST1100_SCU_APB_ADDR & 0xffff) ++#define AST1100_SCU_PROT_KEY 0x00 ++#define AST1100_SCU_HW_STRAP 0x70 ++ ++#define AST1100_SCU_PASSWORD 0x1688a8a8 ++#define AST1100_SCU_BOOT_SRC_MASK 0x3 ++#define AST1100_SCU_BOOT_SPI 0x2 ++#define AST1100_SCU_BOOT_NONE 0x3 ++ ++#define AST1100_SMC_APB_ADDR 0x16000000 ++#define AST1100_SMC_SMC00 0x00 ++#define AST1100_SMC_CE_CTL(N) (0x4 + (N * 4)) ++ ++#define AST1100_SMC_SEGMENT_SIZE_MASK 0x3 ++#define AST1100_SMC_SEGMENT_SIZE_32M 0x0 ++#define AST1100_SMC_SEGMENT_SIZE_16M 0x1 ++#define AST1100_SMC_SEGMENT_SIZE_8M 0x2 ++#define AST1100_SMC_SEGMENT_SIZE_4M 0x3 ++ ++#define AST1100_SMC_FLASH_MMIO_ADDR 0x10000000 ++ ++#define AST1100_SPI_CMD_FAST_R_MODE 0x1 ++#define AST1100_SPI_CMD_USER_MODE 0x3 ++#define AST1100_SPI_CMD_MASK 0x3 ++#define AST1100_SPI_STOP_CE_ACTIVE (0x1 << 2) ++#define AST1100_SPI_SPEED_SHIFT 8 ++#define AST1100_SPI_SPEED_MASK (0x7 << AST1100_SPI_SPEED_SHIFT) ++ ++#define AST1100_SPI_FLASH_MMIO_ADDR 0x30000000 ++ ++#define AST1100_WDT_APB_ADDR 0x1e785000 ++#define AST1100_WDT_APB_BRIDGE_OFFSET (AST1100_WDT_APB_ADDR & 0xffff) ++ ++#define AST1100_WDT1_CTR 0x00 ++#define AST1100_WDT1_CTR_RELOAD 0x04 ++#define AST1100_WDT1_CTR_RESTART 0x08 ++#define AST1100_WDT1_CTL 0x0c ++ ++#define AST1100_WDT_SET_CLOCK (0x1 << 4) ++#define AST1100_WDT_RESET_SYSTEM (0x1 << 1) ++#define AST1100_WDT_ENABLE (0x1 << 0) ++ ++uint8_t *ast1100_device_bar = 0; ++uint8_t ast1100_device_spi_bus = 0; ++uint8_t ast1100_device_spi_speed = 0; ++uint8_t ast1100_device_halt_cpu = 0; ++uint8_t ast1100_device_reset_cpu = 0; ++uint8_t ast1100_device_resume_cpu = 0; ++uint8_t ast1100_device_tickle_fw = 0; ++uint32_t ast1100_device_flash_mmio_offset = 0; ++uint32_t ast1100_original_wdt_conf = 0; ++ ++const struct dev_entry bmc_aspeed_ast1100[] = { ++ {PCI_VENDOR_ID_ASPEED, 0x2000, OK, "ASPEED", "AST1100" }, ++ ++ {0}, ++}; ++ ++static int ast1100_spi_send_command(struct flashctx *flash, ++ unsigned int writecnt, unsigned int readcnt, ++ const unsigned char *writearr, ++ unsigned char *readarr); ++ ++static const struct spi_master spi_master_ast1100 = { ++ .max_data_read = 256, ++ .max_data_write = 256, ++ .command = ast1100_spi_send_command, ++ .multicommand = default_spi_send_multicommand, ++ .read = default_spi_read, ++ .write_256 = default_spi_write_256, ++ .write_aai = default_spi_write_aai, ++}; ++ ++static int ast1100_set_a2b_bridge_scu(void) ++{ ++ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); ++ pci_mmio_writel(AST1100_SCU_APB_ADDR & 0xffff0000, ast1100_device_bar + 0xf004); ++ pci_mmio_writel(0x1, ast1100_device_bar + 0xf000); ++ ++ return 0; ++} ++ ++static int ast1100_set_a2b_bridge_wdt(void) ++{ ++ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); ++ pci_mmio_writel(AST1100_WDT_APB_ADDR & 0xffff0000, ast1100_device_bar + 0xf004); ++ pci_mmio_writel(0x1, ast1100_device_bar + 0xf000); ++ ++ return 0; ++} ++ ++static int ast1100_set_a2b_bridge_smc(void) ++{ ++ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); ++ pci_mmio_writel(AST1100_SMC_APB_ADDR, ast1100_device_bar + 0xf004); ++ pci_mmio_writel(0x1, ast1100_device_bar + 0xf000); ++ ++ return 0; ++} ++ ++static int ast1100_set_a2b_bridge_smc_flash(void) ++{ ++ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); ++ pci_mmio_writel(AST1100_SMC_FLASH_MMIO_ADDR + ast1100_device_flash_mmio_offset, ast1100_device_bar + 0xf004); ++ pci_mmio_writel(0x1, ast1100_device_bar + 0xf000); ++ ++ return 0; ++} ++ ++static int ast1100_disable_cpu(void) { ++ uint32_t dword; ++ ++ if (ast1100_device_halt_cpu) { ++ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_HW_STRAP); ++ if (((dword & AST1100_SCU_BOOT_SRC_MASK) != AST1100_SCU_BOOT_SPI) ++ && ((dword & AST1100_SCU_BOOT_SRC_MASK) != AST1100_SCU_BOOT_NONE)) { /* NONE permitted to allow for BMC recovery after Ctrl+C or crash */ ++ msg_perr("CPU halt requested but CPU firmware source is not SPI.\n"); ++ pci_mmio_writel(0x0, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_PROT_KEY); ++ ast1100_device_halt_cpu = 0; ++ return 1; ++ } ++ ++ /* Disable CPU */ ++ ast1100_set_a2b_bridge_scu(); ++ pci_mmio_writel((dword & ~AST1100_SCU_BOOT_SRC_MASK) | AST1100_SCU_BOOT_NONE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_HW_STRAP); ++ ast1100_original_wdt_conf = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); ++ pci_mmio_writel(ast1100_original_wdt_conf & 0xffff0, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); ++ } ++ ++ return 0; ++} ++ ++static int ast1100_enable_cpu(void) { ++ uint32_t dword; ++ ++ if (ast1100_device_halt_cpu && ast1100_device_resume_cpu) { ++ /* Re-enable CPU */ ++ ast1100_set_a2b_bridge_scu(); ++ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_HW_STRAP); ++ pci_mmio_writel((dword & ~AST1100_SCU_BOOT_SRC_MASK) | AST1100_SCU_BOOT_SPI, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_HW_STRAP); ++ } ++ ++ return 0; ++} ++ ++static int ast1100_reset_cpu(void) { ++ if (ast1100_device_reset_cpu) { ++ /* Disable WDT from issuing full SoC reset ++ * Without this, OpenPOWER systems will crash when the GPIO blocks are reset on WDT timeout ++ */ ++ msg_pinfo("Configuring P2A bridge for WDT access\n"); ++ ast1100_set_a2b_bridge_wdt(); ++ ast1100_original_wdt_conf = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); ++ ++ /* Initiate reset */ ++ msg_pinfo("Setting WDT to reset CPU immediately\n"); ++ pci_mmio_writel(ast1100_original_wdt_conf & 0xffff0, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); ++ pci_mmio_writel(0xec08ce00, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTR_RELOAD); ++ pci_mmio_writel(0x4755, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTR_RESTART); ++ pci_mmio_writel(AST1100_WDT_SET_CLOCK, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); ++ pci_mmio_writel(AST1100_WDT_RESET_SYSTEM | AST1100_WDT_ENABLE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_WDT_APB_BRIDGE_OFFSET + AST1100_WDT1_CTL); ++ ++ } ++ ++ return 0; ++} ++ ++static int ast1100_shutdown(void *data) { ++ /* Reactivate CPU if previously deactivated */ ++ ast1100_enable_cpu(); ++ ++ /* Reset CPU if requested */ ++ ast1100_reset_cpu(); ++ ++ /* Disable backdoor APB access */ ++ pci_mmio_writel(0x0, ast1100_device_bar + 0xf000); ++ ++ return 0; ++} ++ ++int ast1100_init(void) ++{ ++ struct pci_dev *dev = NULL; ++ uint32_t dword; ++ ++ char *arg; ++ ++ ast1100_device_spi_bus = 0; ++ arg = extract_programmer_param("spibus"); ++ if (arg) ++ ast1100_device_spi_bus = strtol(arg, NULL, 0); ++ free(arg); ++ ++ ast1100_device_spi_speed = 0; ++ arg = extract_programmer_param("spispeed"); ++ if (arg) ++ ast1100_device_spi_speed = strtol(arg, NULL, 0); ++ free(arg); ++ ++ ast1100_device_halt_cpu = 0; ++ arg = extract_programmer_param("cpu"); ++ if (arg && !strcmp(arg,"pause")) { ++ ast1100_device_halt_cpu = 1; ++ ast1100_device_resume_cpu = 1; ++ ast1100_device_reset_cpu = 0; ++ } ++ else if (arg && !strcmp(arg,"halt")) { ++ ast1100_device_halt_cpu = 1; ++ ast1100_device_resume_cpu = 0; ++ ast1100_device_reset_cpu = 0; ++ } ++ else if (arg && !strcmp(arg,"reset")) { ++ ast1100_device_halt_cpu = 1; ++ ast1100_device_resume_cpu = 1; ++ ast1100_device_reset_cpu = 1; ++ } ++ else if (arg) { ++ msg_perr("Invalid CPU option! Valid values are: pause | halt | reset\n"); ++ return 1; ++ } ++ arg = extract_programmer_param("tickle"); ++ if (arg && !strcmp(arg,"true")) ++ ast1100_device_tickle_fw = 1; ++ free(arg); ++ ++ if (ast1100_device_spi_bus > 2) { ++ msg_perr("SPI bus number out of range! Valid values are 0 - 2.\n"); ++ return 1; ++ } ++ ++ if (rget_io_perms()) ++ return 1; ++ ++ dev = pcidev_init(bmc_aspeed_ast1100, PCI_BASE_ADDRESS_1); ++ if (!dev) ++ return 1; ++ ++ uintptr_t io_base_addr = pcidev_readbar(dev, PCI_BASE_ADDRESS_1); ++ if (!io_base_addr) ++ return 1; ++ ++ msg_pinfo("Detected ASPEED MMIO base address: %p.\n", (void*)io_base_addr); ++ ++ ast1100_device_bar = rphysmap("ASPEED", io_base_addr, ASPEED_MEMMAP_SIZE); ++ if (ast1100_device_bar == ERROR_PTR) ++ return 1; ++ ++ if (register_shutdown(ast1100_shutdown, dev)) ++ return 1; ++ ++ io_base_addr += ASPEED_P2A_OFFSET; ++ msg_pinfo("ASPEED P2A base address: %p.\n", (void*)io_base_addr); ++ ++ msg_pinfo("Configuring P2A bridge for SCU access\n"); ++ ast1100_set_a2b_bridge_scu(); ++ pci_mmio_writel(AST1100_SCU_PASSWORD, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SCU_APB_BRIDGE_OFFSET + AST1100_SCU_PROT_KEY); ++ ++ /* Halt CPU if requested */ ++ if (ast1100_disable_cpu()) ++ return 1; ++ ++ msg_pinfo("Configuring P2A bridge for SMC access\n"); ++ ast1100_set_a2b_bridge_smc(); ++ ++ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_SMC00); ++ if (((dword >> ((ast1100_device_spi_bus * 2) + 4)) & 0x3) != 0x2) { ++ msg_perr("CE%01x Flash type is not SPI!\n", ast1100_device_spi_bus); ++ return 1; ++ } ++ ++ msg_pinfo("Setting CE%01x SPI relative clock speed to %d\n", ast1100_device_spi_bus, ast1100_device_spi_speed); ++ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); ++ dword &= ~AST1100_SPI_SPEED_MASK; ++ pci_mmio_writel(dword | ((ast1100_device_spi_speed << AST1100_SPI_SPEED_SHIFT) & AST1100_SPI_SPEED_MASK), ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); ++ ++ msg_pinfo("Enabling CE%01x write\n", ast1100_device_spi_bus); ++ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_SMC00); ++ pci_mmio_writel(dword | (0x1 << (10 + ast1100_device_spi_bus)), ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_SMC00); ++ ++ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_SMC00); ++ dword &= AST1100_SMC_SEGMENT_SIZE_MASK; ++ switch (dword & AST1100_SMC_SEGMENT_SIZE_MASK) { ++ case AST1100_SMC_SEGMENT_SIZE_32M: ++ ast1100_device_flash_mmio_offset = 0x2000000; ++ break; ++ case AST1100_SMC_SEGMENT_SIZE_16M: ++ ast1100_device_flash_mmio_offset = 0x1000000; ++ break; ++ case AST1100_SMC_SEGMENT_SIZE_8M: ++ ast1100_device_flash_mmio_offset = 0x800000; ++ break; ++ case AST1100_SMC_SEGMENT_SIZE_4M: ++ ast1100_device_flash_mmio_offset = 0x400000; ++ break; ++ default: ++ ast1100_device_flash_mmio_offset = 0x2000000; ++ } ++ msg_pinfo("Segment size: 0x%08x\n", ast1100_device_flash_mmio_offset); ++ ++ ast1100_device_flash_mmio_offset = ast1100_device_flash_mmio_offset * ast1100_device_spi_bus; ++ msg_pinfo("Using CE%01x offset 0x%08x\n", ast1100_device_spi_bus, ast1100_device_flash_mmio_offset); ++ ++ register_spi_master(&spi_master_ast1100); ++ ++ return 0; ++} ++ ++static void ast1100_spi_xfer_data(struct flashctx *flash, ++ unsigned int writecnt, unsigned int readcnt, ++ const unsigned char *writearr, ++ unsigned char *readarr) ++{ ++ unsigned int i; ++ uint32_t dword; ++ ++ for (i = 0; i < writecnt; i++) ++ msg_pspew("[%02x]", writearr[i]); ++ msg_pspew("\n"); ++ ++ for (i = 0; i < writecnt; i=i+4) { ++ if ((writecnt - i) < 4) ++ break; ++ dword = writearr[i]; ++ dword |= writearr[i + 1] << 8; ++ dword |= writearr[i + 2] << 16; ++ dword |= writearr[i + 3] << 24; ++ pci_mmio_writel(dword, ast1100_device_bar + ASPEED_P2A_OFFSET); ++ } ++ for (; i < writecnt; i++) ++ pci_mmio_writeb(writearr[i], ast1100_device_bar + ASPEED_P2A_OFFSET); ++ programmer_delay(1); ++ for (i = 0; i < readcnt;) { ++ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET); ++ if (i < readcnt) ++ readarr[i] = dword & 0xff; ++ i++; ++ if (i < readcnt) ++ readarr[i] = (dword >> 8) & 0xff; ++ i++; ++ if (i < readcnt) ++ readarr[i] = (dword >> 16) & 0xff; ++ i++; ++ if (i < readcnt) ++ readarr[i] = (dword >> 24) & 0xff; ++ i++; ++ } ++ ++ for (i = 0; i < readcnt; i++) ++ msg_pspew("[%02x]", readarr[i]); ++ msg_pspew("\n"); ++} ++ ++/* Returns 0 upon success, a negative number upon errors. */ ++static int ast1100_spi_send_command(struct flashctx *flash, ++ unsigned int writecnt, unsigned int readcnt, ++ const unsigned char *writearr, ++ unsigned char *readarr) ++{ ++ uint32_t dword; ++ ++ msg_pspew("%s, cmd=0x%02x, writecnt=%d, readcnt=%d\n", __func__, *writearr, writecnt, readcnt); ++ ++ /* Set up user command mode */ ++ ast1100_set_a2b_bridge_smc(); ++ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); ++ pci_mmio_writel(dword | AST1100_SPI_CMD_USER_MODE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); ++ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); ++ pci_mmio_writel(dword & ~AST1100_SPI_STOP_CE_ACTIVE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); ++ ++ /* Transfer data */ ++ ast1100_set_a2b_bridge_smc_flash(); ++ ast1100_spi_xfer_data(flash, writecnt, readcnt, writearr, readarr); ++ ++ /* Tear down user command mode */ ++ ast1100_set_a2b_bridge_smc(); ++ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); ++ pci_mmio_writel(dword | AST1100_SPI_STOP_CE_ACTIVE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); ++ dword = pci_mmio_readl(ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); ++ pci_mmio_writel((dword & ~AST1100_SPI_CMD_MASK) | AST1100_SPI_CMD_FAST_R_MODE, ast1100_device_bar + ASPEED_P2A_OFFSET + AST1100_SMC_CE_CTL(ast1100_device_spi_bus)); ++ ++ if (ast1100_device_tickle_fw) { ++ ast1100_enable_cpu(); ++ programmer_delay(100); ++ ast1100_disable_cpu(); ++ } ++ ++ return 0; ++} +diff --git a/ast2400.c b/ast2400.c +new file mode 100644 +index 0000000..761a38d +--- /dev/null ++++ b/ast2400.c +@@ -0,0 +1,425 @@ ++/* ++ * This file is part of the flashrom project. ++ * ++ * Copyright (C) 2016 - 2017 Raptor Engineering, LLC ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License as published by ++ * the Free Software Foundation; either version 2 of the License, or ++ * (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ */ ++ ++#include ++#include ++#include "flash.h" ++#include "programmer.h" ++#include "hwaccess.h" ++ ++#define PCI_VENDOR_ID_ASPEED 0x1a03 ++ ++#define ASPEED_MEMMAP_SIZE (128 * 1024) ++#define ASPEED_P2A_OFFSET 0x10000 ++ ++#define AST2400_SCU_APB_ADDR 0x1e6e2000 ++#define AST2400_SCU_APB_BRIDGE_OFFSET (AST2400_SCU_APB_ADDR & 0xffff) ++#define AST2400_SCU_PROT_KEY 0x00 ++#define AST2400_SCU_MISC_CTL 0x2c ++#define AST2400_SCU_HW_STRAP 0x70 ++ ++#define AST2400_SCU_PASSWORD 0x1688a8a8 ++#define AST2400_SCU_BOOT_SRC_MASK 0x3 ++#define AST2400_SCU_BOOT_SPI 0x2 ++#define AST2400_SCU_BOOT_NONE 0x3 ++ ++#define AST2400_SMC_APB_ADDR 0x1e620000 ++#define AST2400_SMC_FMC00 0x00 ++#define AST2400_SMC_CE_CTL(N) (0x10 + (N * 4)) ++#define AST2400_SMC_CE_SEG(N) (0x30 + (N * 4)) ++ ++#define AST2400_SMC_FLASH_MMIO_ADDR 0x20000000 ++ ++#define AST2400_SPI_APB_ADDR 0x1e630000 ++#define AST2400_SPI_CFG 0x00 ++#define AST2400_SPI_CTL 0x04 ++ ++#define AST2400_SPI_CFG_WRITE_EN 0x1 ++#define AST2400_SPI_CMD_FAST_R_MODE 0x1 ++#define AST2400_SPI_CMD_USER_MODE 0x3 ++#define AST2400_SPI_CMD_MASK 0x3 ++#define AST2400_SPI_STOP_CE_ACTIVE (0x1 << 2) ++#define AST2400_SPI_CPOL_1 (0x1 << 4) ++#define AST2400_SPI_LSB_FIRST_CTRL (0x1 << 5) ++#define AST2400_SPI_SPEED_MASK (0xf << 8) ++#define AST2400_SPI_IO_MODE_MASK (0x3 << 28) ++ ++#define AST2400_SPI_FLASH_MMIO_ADDR 0x30000000 ++ ++#define AST2400_WDT_APB_ADDR 0x1e785000 ++#define AST2400_WDT_APB_BRIDGE_OFFSET (AST2400_WDT_APB_ADDR & 0xffff) ++ ++#define AST2400_WDT1_CTL 0x0c ++ ++#define AST2400_WDT_RESET_MODE_MASK (0x3 << 5) ++#define AST2400_WDT_RESET_CPU_ONLY (0x2 << 5) ++ ++uint8_t *ast2400_device_bar = 0; ++uint8_t ast2400_device_spi_bus = 0; ++uint8_t ast2400_device_halt_cpu = 0; ++uint8_t ast2400_device_resume_cpu = 0; ++uint8_t ast2400_device_tickle_fw = 0; ++uint32_t ast2400_device_flash_mmio_offset = 0; ++uint32_t ast2400_device_host_mode = 0; ++uint32_t ast2400_original_wdt_conf = 0; ++ ++const struct dev_entry bmc_aspeed_ast2400[] = { ++ {PCI_VENDOR_ID_ASPEED, 0x2000, OK, "ASPEED", "AST2400" }, ++ ++ {0}, ++}; ++ ++static int ast2400_spi_send_command(struct flashctx *flash, ++ unsigned int writecnt, unsigned int readcnt, ++ const unsigned char *writearr, ++ unsigned char *readarr); ++ ++static const struct spi_master spi_master_ast2400 = { ++ .max_data_read = 256, ++ .max_data_write = 256, ++ .command = ast2400_spi_send_command, ++ .multicommand = default_spi_send_multicommand, ++ .read = default_spi_read, ++ .write_256 = default_spi_write_256, ++ .write_aai = default_spi_write_aai, ++}; ++ ++static int ast2400_set_a2b_bridge_scu(void) ++{ ++ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); ++ pci_mmio_writel(AST2400_SCU_APB_ADDR & 0xffff0000, ast2400_device_bar + 0xf004); ++ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); ++ ++ return 0; ++} ++ ++static int ast2400_set_a2b_bridge_wdt(void) ++{ ++ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); ++ pci_mmio_writel(AST2400_WDT_APB_ADDR & 0xffff0000, ast2400_device_bar + 0xf004); ++ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); ++ ++ return 0; ++} ++ ++static int ast2400_set_a2b_bridge_smc(void) ++{ ++ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); ++ pci_mmio_writel(AST2400_SMC_APB_ADDR, ast2400_device_bar + 0xf004); ++ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); ++ ++ return 0; ++} ++ ++static int ast2400_set_a2b_bridge_spi(void) ++{ ++ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); ++ pci_mmio_writel(AST2400_SPI_APB_ADDR, ast2400_device_bar + 0xf004); ++ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); ++ ++ return 0; ++} ++ ++static int ast2400_set_a2b_bridge_smc_flash(void) ++{ ++ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); ++ pci_mmio_writel(AST2400_SMC_FLASH_MMIO_ADDR + ast2400_device_flash_mmio_offset, ast2400_device_bar + 0xf004); ++ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); ++ ++ return 0; ++} ++ ++static int ast2400_set_a2b_bridge_spi_flash(void) ++{ ++ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); ++ pci_mmio_writel(AST2400_SPI_FLASH_MMIO_ADDR, ast2400_device_bar + 0xf004); ++ pci_mmio_writel(0x1, ast2400_device_bar + 0xf000); ++ ++ return 0; ++} ++ ++static int ast2400_disable_cpu(void) { ++ uint32_t dword; ++ ++ if (ast2400_device_halt_cpu) { ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_HW_STRAP); ++ if (((dword & AST2400_SCU_BOOT_SRC_MASK) != AST2400_SCU_BOOT_SPI) ++ && ((dword & AST2400_SCU_BOOT_SRC_MASK) != AST2400_SCU_BOOT_NONE)) { /* NONE permitted to allow for BMC recovery after Ctrl+C or crash */ ++ msg_perr("CPU halt requested but CPU firmware source is not SPI.\n"); ++ pci_mmio_writel(0x0, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_PROT_KEY); ++ ast2400_device_halt_cpu = 0; ++ return 1; ++ } ++ ++ /* Disable WDT from issuing full SoC reset ++ * Without this, OpenPOWER systems will crash when the GPIO blocks are reset on WDT timeout ++ */ ++ msg_pinfo("Configuring P2A bridge for WDT access\n"); ++ ast2400_set_a2b_bridge_wdt(); ++ ast2400_original_wdt_conf = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_WDT_APB_BRIDGE_OFFSET + AST2400_WDT1_CTL); ++ pci_mmio_writel((ast2400_original_wdt_conf & ~AST2400_WDT_RESET_MODE_MASK) | AST2400_WDT_RESET_CPU_ONLY, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_WDT_APB_BRIDGE_OFFSET + AST2400_WDT1_CTL); ++ ++ /* Disable CPU */ ++ ast2400_set_a2b_bridge_scu(); ++ pci_mmio_writel((dword & ~AST2400_SCU_BOOT_SRC_MASK) | AST2400_SCU_BOOT_NONE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_HW_STRAP); ++ } ++ ++ return 0; ++} ++ ++static int ast2400_enable_cpu(void) { ++ uint32_t dword; ++ ++ if (ast2400_device_halt_cpu && ast2400_device_resume_cpu) { ++ /* Re-enable CPU */ ++ ast2400_set_a2b_bridge_scu(); ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_HW_STRAP); ++ pci_mmio_writel((dword & ~AST2400_SCU_BOOT_SRC_MASK) | AST2400_SCU_BOOT_SPI, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_HW_STRAP); ++ ++ /* Reset WDT configuration */ ++ ast2400_set_a2b_bridge_wdt(); ++ pci_mmio_writel((ast2400_original_wdt_conf & ~AST2400_WDT_RESET_MODE_MASK) | AST2400_WDT_RESET_CPU_ONLY, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_WDT_APB_BRIDGE_OFFSET + AST2400_WDT1_CTL); ++ } ++ ++ return 0; ++} ++ ++static int ast2400_shutdown(void *data) { ++ /* Reactivate CPU if previously deactivated */ ++ ast2400_enable_cpu(); ++ ++ /* Disable backdoor APB access */ ++ pci_mmio_writel(0x0, ast2400_device_bar + 0xf000); ++ ++ return 0; ++} ++ ++int ast2400_init(void) ++{ ++ struct pci_dev *dev = NULL; ++ uint32_t dword; ++ uint8_t divisor; ++ ++ char *arg; ++ ++ ast2400_device_spi_bus = 0; ++ arg = extract_programmer_param("spibus"); ++ if (arg) { ++ if (!strcmp(arg,"host")) ++ ast2400_device_host_mode = 1; ++ else ++ ast2400_device_spi_bus = strtol(arg, NULL, 0); ++ } ++ free(arg); ++ ++ ast2400_device_halt_cpu = 0; ++ arg = extract_programmer_param("cpu"); ++ if (arg && !strcmp(arg,"pause")) { ++ ast2400_device_halt_cpu = 1; ++ ast2400_device_resume_cpu = 1; ++ } ++ if (arg && !strcmp(arg,"halt")) { ++ ast2400_device_halt_cpu = 1; ++ ast2400_device_resume_cpu = 0; ++ } ++ arg = extract_programmer_param("tickle"); ++ if (arg && !strcmp(arg,"true")) ++ ast2400_device_tickle_fw = 1; ++ free(arg); ++ ++ if ((ast2400_device_host_mode == 0) && (ast2400_device_spi_bus > 4)) { ++ msg_perr("SPI bus number out of range! Valid values are 0 - 4.\n"); ++ return 1; ++ } ++ ++ if (rget_io_perms()) ++ return 1; ++ ++ dev = pcidev_init(bmc_aspeed_ast2400, PCI_BASE_ADDRESS_1); ++ if (!dev) ++ return 1; ++ ++ uintptr_t io_base_addr = pcidev_readbar(dev, PCI_BASE_ADDRESS_1); ++ if (!io_base_addr) ++ return 1; ++ ++ msg_pinfo("Detected ASPEED MMIO base address: %p.\n", (void*)io_base_addr); ++ ++ ast2400_device_bar = rphysmap("ASPEED", io_base_addr, ASPEED_MEMMAP_SIZE); ++ if (ast2400_device_bar == ERROR_PTR) ++ return 1; ++ ++ if (register_shutdown(ast2400_shutdown, dev)) ++ return 1; ++ ++ io_base_addr += ASPEED_P2A_OFFSET; ++ msg_pinfo("ASPEED P2A base address: %p.\n", (void*)io_base_addr); ++ ++ msg_pinfo("Configuring P2A bridge for SCU access\n"); ++ ast2400_set_a2b_bridge_scu(); ++ pci_mmio_writel(AST2400_SCU_PASSWORD, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_PROT_KEY); ++ ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_MISC_CTL); ++ pci_mmio_writel(dword & ~((0x1 << 24) | (0x2 << 22)), ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SCU_APB_BRIDGE_OFFSET + AST2400_SCU_MISC_CTL); ++ ++ /* Halt CPU if requested */ ++ if (ast2400_disable_cpu()) ++ return 1; ++ ++ msg_pinfo("Configuring P2A bridge for SMC access\n"); ++ ast2400_set_a2b_bridge_smc(); ++ ++ if (ast2400_device_host_mode) { ++ msg_pinfo("Configuring P2A bridge for SPI access\n"); ++ ast2400_set_a2b_bridge_spi(); ++ ++ divisor = 0; /* Slowest speed for now */ ++ ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); ++ dword &= ~AST2400_SPI_SPEED_MASK; ++ dword |= (divisor << 8); ++ dword &= ~AST2400_SPI_CPOL_1; ++ dword &= ~AST2400_SPI_LSB_FIRST_CTRL; /* MSB first */ ++ dword &= ~AST2400_SPI_IO_MODE_MASK; /* Single bit I/O mode */ ++ pci_mmio_writel(dword, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); ++ } ++ else { ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_FMC00); ++ if (((dword >> (ast2400_device_spi_bus * 2)) & 0x3) != 0x2) { ++ msg_perr("CE%01x Flash type is not SPI!\n", ast2400_device_spi_bus); ++ return 1; ++ } ++ ++ msg_pinfo("Enabling CE%01x write\n", ast2400_device_spi_bus); ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_FMC00); ++ pci_mmio_writel(dword | (0x1 << (16 + ast2400_device_spi_bus)), ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_FMC00); ++ ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_SEG(ast2400_device_spi_bus)); ++ ast2400_device_flash_mmio_offset = ((dword >> 16) & 0x3f) * 0x800000; ++ msg_pinfo("Using CE%01x offset 0x%08x\n", ast2400_device_spi_bus, ast2400_device_flash_mmio_offset); ++ } ++ ++ register_spi_master(&spi_master_ast2400); ++ ++ return 0; ++} ++ ++static void ast2400_spi_xfer_data(struct flashctx *flash, ++ unsigned int writecnt, unsigned int readcnt, ++ const unsigned char *writearr, ++ unsigned char *readarr) ++{ ++ unsigned int i; ++ uint32_t dword; ++ ++ for (i = 0; i < writecnt; i++) ++ msg_pspew("[%02x]", writearr[i]); ++ msg_pspew("\n"); ++ ++ for (i = 0; i < writecnt; i=i+4) { ++ if ((writecnt - i) < 4) ++ break; ++ dword = writearr[i]; ++ dword |= writearr[i + 1] << 8; ++ dword |= writearr[i + 2] << 16; ++ dword |= writearr[i + 3] << 24; ++ pci_mmio_writel(dword, ast2400_device_bar + ASPEED_P2A_OFFSET); ++ } ++ for (; i < writecnt; i++) ++ pci_mmio_writeb(writearr[i], ast2400_device_bar + ASPEED_P2A_OFFSET); ++ programmer_delay(1); ++ for (i = 0; i < readcnt;) { ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET); ++ if (i < readcnt) ++ readarr[i] = dword & 0xff; ++ i++; ++ if (i < readcnt) ++ readarr[i] = (dword >> 8) & 0xff; ++ i++; ++ if (i < readcnt) ++ readarr[i] = (dword >> 16) & 0xff; ++ i++; ++ if (i < readcnt) ++ readarr[i] = (dword >> 24) & 0xff; ++ i++; ++ } ++ ++ for (i = 0; i < readcnt; i++) ++ msg_pspew("[%02x]", readarr[i]); ++ msg_pspew("\n"); ++} ++ ++/* Returns 0 upon success, a negative number upon errors. */ ++static int ast2400_spi_send_command(struct flashctx *flash, ++ unsigned int writecnt, unsigned int readcnt, ++ const unsigned char *writearr, ++ unsigned char *readarr) ++{ ++ uint32_t dword; ++ ++ msg_pspew("%s, cmd=0x%02x, writecnt=%d, readcnt=%d\n", __func__, *writearr, writecnt, readcnt); ++ ++ if (ast2400_device_host_mode) { ++ /* Set up user command mode */ ++ ast2400_set_a2b_bridge_spi(); ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CFG); ++ pci_mmio_writel(dword | AST2400_SPI_CFG_WRITE_EN, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CFG); ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); ++ pci_mmio_writel(dword | AST2400_SPI_CMD_USER_MODE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); ++ ++ /* Transfer data */ ++ ast2400_set_a2b_bridge_spi_flash(); ++ ast2400_spi_xfer_data(flash, writecnt, readcnt, writearr, readarr); ++ ++ /* Tear down user command mode */ ++ ast2400_set_a2b_bridge_spi(); ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); ++ pci_mmio_writel((dword & ~AST2400_SPI_CMD_MASK) | AST2400_SPI_CMD_FAST_R_MODE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CTL); ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CFG); ++ pci_mmio_writel(dword & ~AST2400_SPI_CFG_WRITE_EN, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SPI_CFG); ++ } ++ else { ++ /* Set up user command mode */ ++ ast2400_set_a2b_bridge_smc(); ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); ++ pci_mmio_writel(dword | AST2400_SPI_CMD_USER_MODE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); ++ pci_mmio_writel(dword & ~AST2400_SPI_STOP_CE_ACTIVE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); ++ ++ /* Transfer data */ ++ ast2400_set_a2b_bridge_smc_flash(); ++ ast2400_spi_xfer_data(flash, writecnt, readcnt, writearr, readarr); ++ ++ /* Tear down user command mode */ ++ ast2400_set_a2b_bridge_smc(); ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); ++ pci_mmio_writel(dword | AST2400_SPI_STOP_CE_ACTIVE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); ++ dword = pci_mmio_readl(ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); ++ pci_mmio_writel((dword & ~AST2400_SPI_CMD_MASK) | AST2400_SPI_CMD_FAST_R_MODE, ast2400_device_bar + ASPEED_P2A_OFFSET + AST2400_SMC_CE_CTL(ast2400_device_spi_bus)); ++ } ++ ++ if (ast2400_device_tickle_fw) { ++ ast2400_enable_cpu(); ++ programmer_delay(100); ++ ast2400_disable_cpu(); ++ } ++ ++ return 0; ++} +diff --git a/flashchips.c b/flashchips.c +index 58dd4f3..719185b 100644 +--- a/flashchips.c ++++ b/flashchips.c +@@ -12273,7 +12273,7 @@ const struct flashchip flashchips[] = { + .total_size = 1024, + .page_size = 256, + .feature_bits = FEATURE_WRSR_WREN, +- .tested = TEST_UNTESTED, ++ .tested = TEST_OK_PREW, + .probe = probe_spi_rdid, + .probe_timing = TIMING_ZERO, + .block_erasers = +@@ -16659,11 +16659,20 @@ const struct flashchip flashchips[] = { + .block_erasers = + { + { ++ .eraseblocks = { {4 * 1024, 8192} }, ++ .block_erase = spi_block_erase_21, ++ }, { + .eraseblocks = { {4 * 1024, 8192} }, + .block_erase = spi_block_erase_20, ++ }, { ++ .eraseblocks = { {32 * 1024, 1024} }, ++ .block_erase = spi_block_erase_5c, + }, { + .eraseblocks = { {32 * 1024, 1024} }, + .block_erase = spi_block_erase_52, ++ }, { ++ .eraseblocks = { {64 * 1024, 512} }, ++ .block_erase = spi_block_erase_dc, + }, { + .eraseblocks = { {64 * 1024, 512} }, + .block_erase = spi_block_erase_d8, +diff --git a/flashrom.c b/flashrom.c +index e540027..75bfd89 100644 +--- a/flashrom.c ++++ b/flashrom.c +@@ -6,6 +6,7 @@ + * Copyright (C) 2005-2008 coresystems GmbH + * Copyright (C) 2008,2009 Carl-Daniel Hailfinger + * Copyright (C) 2016 secunet Security Networks AG ++ * Copyright (C) 2016-2017 Raptor Engineering, LLC + * (Written by Nico Huber for secunet) + * + * This program is free software; you can redistribute it and/or modify +@@ -133,6 +134,30 @@ const struct programmer_entry programmer_table[] = { + }, + #endif + ++#if CONFIG_AST1100 == 1 ++ { ++ .name = "ast1100", ++ .type = PCI, ++ .devs.dev = bmc_aspeed_ast1100, ++ .init = ast1100_init, ++ .map_flash_region = fallback_map, ++ .unmap_flash_region = fallback_unmap, ++ .delay = internal_delay, ++ }, ++#endif ++ ++#if CONFIG_AST2400 == 1 ++ { ++ .name = "ast2400", ++ .type = PCI, ++ .devs.dev = bmc_aspeed_ast2400, ++ .init = ast2400_init, ++ .map_flash_region = fallback_map, ++ .unmap_flash_region = fallback_unmap, ++ .delay = internal_delay, ++ }, ++#endif ++ + #if CONFIG_DRKAISER == 1 + { + .name = "drkaiser", +diff --git a/pcidev.c b/pcidev.c +index 54c1fd3..97c8c1f 100644 +--- a/pcidev.c ++++ b/pcidev.c +@@ -33,11 +33,13 @@ enum pci_bartype { + uintptr_t pcidev_readbar(struct pci_dev *dev, int bar) + { + uint64_t addr; +- uint32_t upperaddr; + uint8_t headertype; + uint16_t supported_cycles; + enum pci_bartype bartype = TYPE_UNKNOWN; + ++#ifndef __PPC64__ ++ uint32_t upperaddr; ++#endif + + headertype = pci_read_byte(dev, PCI_HEADER_TYPE) & 0x7f; + msg_pspew("PCI header type 0x%02x\n", headertype); +@@ -93,6 +95,12 @@ uintptr_t pcidev_readbar(struct pci_dev *dev, int bar) + switch (bartype) { + case TYPE_MEMBAR: + msg_pdbg("MEM"); ++#ifdef __PPC64__ ++ /* PowerPC is able to translate 32-bit BARs into 64-bit host windows. ++ * Use the dev->base_addr[x] mechanism to handle mapping. ++ */ ++ addr = dev->base_addr[(bar - 0x10) / 0x4] & PCI_BASE_ADDRESS_MEM_MASK; ++#else + if (!(supported_cycles & PCI_COMMAND_MEMORY)) { + msg_perr("MEM BAR access requested, but device has MEM space accesses disabled.\n"); + /* TODO: Abort here? */ +@@ -118,6 +126,7 @@ uintptr_t pcidev_readbar(struct pci_dev *dev, int bar) + } + } + addr &= PCI_BASE_ADDRESS_MEM_MASK; ++#endif + break; + case TYPE_IOBAR: + msg_pdbg("I/O\n"); +diff --git a/programmer.h b/programmer.h +index 3cf53b9..7be47d1 100644 +--- a/programmer.h ++++ b/programmer.h +@@ -5,6 +5,7 @@ + * Copyright (C) 2000 Ronald G. Minnich + * Copyright (C) 2005-2009 coresystems GmbH + * Copyright (C) 2006-2009 Carl-Daniel Hailfinger ++ * Copyright (C) 2016-2017 Raptor Engineering, LLC + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by +@@ -43,6 +44,12 @@ enum programmer { + #if CONFIG_GFXNVIDIA == 1 + PROGRAMMER_GFXNVIDIA, + #endif ++#if CONFIG_AST1100 == 1 ++ PROGRAMMER_AST1100, ++#endif ++#if CONFIG_AST2400 == 1 ++ PROGRAMMER_AST2400, ++#endif + #if CONFIG_DRKAISER == 1 + PROGRAMMER_DRKAISER, + #endif +@@ -401,6 +408,18 @@ int gfxnvidia_init(void); + extern const struct dev_entry gfx_nvidia[]; + #endif + ++/* ast1100.c */ ++#if CONFIG_AST1100 == 1 ++int ast1100_init(void); ++extern const struct dev_entry bmc_aspeed_ast1100[]; ++#endif ++ ++/* ast2400.c */ ++#if CONFIG_AST2400 == 1 ++int ast2400_init(void); ++extern const struct dev_entry bmc_aspeed_ast2400[]; ++#endif ++ + /* drkaiser.c */ + #if CONFIG_DRKAISER == 1 + int drkaiser_init(void); diff --git a/patches/kexec-2.0.16.patch b/patches/kexec-2.0.16.patch deleted file mode 100644 index fc9a2579e..000000000 --- a/patches/kexec-2.0.16.patch +++ /dev/null @@ -1,89 +0,0 @@ -diff -u --recursive clean/kexec-tools-2.0.16/Makefile.in kexec-tools-2.0.16/Makefile.in ---- clean/kexec-tools-2.0.16/Makefile.in 2016-12-09 04:42:06.000000000 -0500 -+++ kexec-tools-2.0.16/Makefile.in 2018-02-28 05:39:20.461000000 -0500 -@@ -158,16 +158,16 @@ - - # kdump (read a crashdump from memory) - # --include $(srcdir)/kdump/Makefile -+#include $(srcdir)/kdump/Makefile - - # vmcore-dmesg (read dmesg from a vmcore) - # --include $(srcdir)/vmcore-dmesg/Makefile -+#include $(srcdir)/vmcore-dmesg/Makefile - - # - # kexec_test (test program) - # --include $(srcdir)/kexec_test/Makefile -+#include $(srcdir)/kexec_test/Makefile - - SPEC=$(PACKAGE_NAME).spec - GENERATED_SRCS:= $(SPEC) -diff -u --recursive clean/kexec-tools-2.0.16/include/config.h kexec-tools-2.0.16/include/config.h ---- clean/kexec-tools-2.0.16/include/config.h 2017-11-20 04:17:12.000000000 -0500 -+++ kexec-tools-2.0.16/include/config.h 2018-02-28 05:39:22.420000000 -0500 -@@ -17,7 +17,7 @@ - /* #undef HAVE_LIBXENCTRL */ - - /* Define to 1 if you have the `z' library (-lz). */ --/* #undef HAVE_LIBZ */ -+#define HAVE_LIBZ 1 - - /* Define to 1 if you have the header file. */ - #define HAVE_MEMORY_H 1 -diff -u --recursive clean/kexec-tools-2.0.16/kexec/kexec.c kexec-tools-2.0.16/kexec/kexec.c ---- clean/kexec-tools-2.0.16/kexec/kexec.c 2017-03-02 04:45:46.000000000 -0500 -+++ kexec-tools-2.0.16/kexec/kexec.c 2018-02-28 10:40:01.662000000 -0500 -@@ -794,6 +794,27 @@ - if (sort_segments(&info) < 0) { - return -1; - } -+ -+#if 1 -+ // force segment 0 to have memsz == bufsz -+ // so that it won't overwrite EBDA -+ if (info.segment[0].mem == 0) -+ { -+ if (kexec_debug) -+ printf("hack ebda into segment 0!\n"); -+ -+ uint8_t * ebda = calloc(1, info.segment[0].memsz); -+ memcpy(ebda, info.segment[0].buf, info.segment[0].bufsz); -+ info.segment[0].bufsz = info.segment[0].memsz; -+ info.segment[0].buf = ebda; -+ -+ // install some default EBDA values that are off scale, -+ // which will force Xen to use the multiboot info -+ *(uint16_t*)(ebda + 0x40e) = 0xFFFF; // segment -+ *(uint16_t*)(ebda + 0x413) = 0xFFFF; // size -+ } -+#endif -+ - /* if purgatory is loaded update it */ - update_purgatory(&info); - if (entry) -diff -u --recursive clean/kexec-tools-2.0.16/purgatory/Makefile kexec-tools-2.0.16/purgatory/Makefile ---- clean/kexec-tools-2.0.16/purgatory/Makefile 2017-01-31 06:23:48.000000000 -0500 -+++ kexec-tools-2.0.16/purgatory/Makefile 2018-02-28 05:39:20.461000000 -0500 -@@ -44,7 +44,6 @@ - mkdir -p $(@D) - $(COMPILE.c) -o $@ $^ - --$(PURGATORY): CC=$(TARGET_CC) - $(PURGATORY): CFLAGS+=$(PURGATORY_EXTRA_CFLAGS) \ - $($(ARCH)_PURGATORY_EXTRA_CFLAGS) \ - -Os -fno-builtin -ffreestanding \ -diff -u --recursive clean/kexec-tools-2.0.16/util/Makefile kexec-tools-2.0.16/util/Makefile ---- clean/kexec-tools-2.0.16/util/Makefile 2010-07-29 05:22:16.000000000 -0400 -+++ kexec-tools-2.0.16/util/Makefile 2018-02-28 05:39:20.461000000 -0500 -@@ -2,7 +2,7 @@ - - $(BIN_TO_HEX): $(srcdir)/util/bin-to-hex.c - @$(MKDIR) -p $(@D) -- $(LINK.o) $(CFLAGS) -o $@ $^ -+ $(BUILD_CC) $(BUILD_CFLAGS) -o $@ $^ - - $(BIN_TO_HEX): CC=$(BUILD_CC) - $(BIN_TO_HEX): CFLAGS=$(BUILD_CFLAGS) diff --git a/patches/kexec-2.0.20.patch b/patches/kexec-2.0.20.patch new file mode 100644 index 000000000..c16cda1b6 --- /dev/null +++ b/patches/kexec-2.0.20.patch @@ -0,0 +1,90 @@ +diff --git a/Makefile.in b/Makefile.in +index fb01134..bf1973e 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -157,12 +157,12 @@ include $(srcdir)/kexec/Makefile + + # vmcore-dmesg (read dmesg from a vmcore) + # +-include $(srcdir)/vmcore-dmesg/Makefile ++#include $(srcdir)/vmcore-dmesg/Makefile + + # + # kexec_test (test program) + # +-include $(srcdir)/kexec_test/Makefile ++#include $(srcdir)/kexec_test/Makefile + + SPEC=$(PACKAGE_NAME).spec + GENERATED_SRCS:= $(SPEC) +diff --git a/kexec/arch/i386/x86-linux-setup.c b/kexec/arch/i386/x86-linux-setup.c +index 057ee14..43e017a 100644 +--- a/kexec/arch/i386/x86-linux-setup.c ++++ b/kexec/arch/i386/x86-linux-setup.c +@@ -137,7 +137,8 @@ static int setup_linux_vesafb(struct x86_linux_param_header *real_mode) + goto out; + if (-1 == ioctl(fd, FBIOGET_VSCREENINFO, &var)) + goto out; +- if (0 == strcmp(fix.id, "VESA VGA")) { ++ if (0 == strcmp(fix.id, "VESA VGA") ++ || 0 == strcmp(fix.id, "inteldrmfb")) { + /* VIDEO_TYPE_VLFB */ + real_mode->orig_video_isVGA = 0x23; + } else if (0 == strcmp(fix.id, "EFI VGA")) { +diff --git a/kexec/kexec.c b/kexec/kexec.c +index bc6ab3d..b82725b 100644 +--- a/kexec/kexec.c ++++ b/kexec/kexec.c +@@ -805,6 +805,27 @@ static int my_load(const char *type, int fileind, int argc, char **argv, + if (sort_segments(&info) < 0) { + return -1; + } ++ ++#if 1 ++ // force segment 0 to have memsz == bufsz ++ // so that it won't overwrite EBDA ++ if (info.segment[0].mem == 0) ++ { ++ if (kexec_debug) ++ printf("hack ebda into segment 0!\n"); ++ ++ uint8_t * ebda = calloc(1, info.segment[0].memsz); ++ memcpy(ebda, info.segment[0].buf, info.segment[0].bufsz); ++ info.segment[0].bufsz = info.segment[0].memsz; ++ info.segment[0].buf = ebda; ++ ++ // install some default EBDA values that are off scale, ++ // which will force Xen to use the multiboot info ++ *(uint16_t*)(ebda + 0x40e) = 0xFFFF; // segment ++ *(uint16_t*)(ebda + 0x413) = 0xFFFF; // size ++ } ++#endif ++ + /* if purgatory is loaded update it */ + update_purgatory(&info); + if (entry) +diff --git a/purgatory/Makefile b/purgatory/Makefile +index 2dd6c47..2de8f07 100644 +--- a/purgatory/Makefile ++++ b/purgatory/Makefile +@@ -44,7 +44,6 @@ purgatory/sha256.o: $(srcdir)/util_lib/sha256.c + mkdir -p $(@D) + $(COMPILE.c) -o $@ $^ + +-$(PURGATORY): CC=$(TARGET_CC) + $(PURGATORY): CFLAGS=$(PURGATORY_EXTRA_CFLAGS) \ + $($(ARCH)_PURGATORY_EXTRA_CFLAGS) \ + -Os -fno-builtin -ffreestanding \ +diff --git a/util/Makefile b/util/Makefile +index 948ee63..833a897 100644 +--- a/util/Makefile ++++ b/util/Makefile +@@ -2,7 +2,7 @@ BIN_TO_HEX:= bin/bin-to-hex + + $(BIN_TO_HEX): $(srcdir)/util/bin-to-hex.c + @$(MKDIR) -p $(@D) +- $(LINK.o) $(CFLAGS) -o $@ $^ ++ $(BUILD_CC) $(BUILD_CFLAGS) -o $@ $^ + + $(BIN_TO_HEX): CC=$(BUILD_CC) + $(BIN_TO_HEX): CFLAGS=$(BUILD_CFLAGS) diff --git a/patches/libassuan-2.5.1.patch b/patches/libassuan-2.5.1.patch new file mode 100644 index 000000000..ff27dbd27 --- /dev/null +++ b/patches/libassuan-2.5.1.patch @@ -0,0 +1,176 @@ +diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure +--- libassuan-2.5.1-clean/configure 2017-12-07 06:55:50.000000000 -0800 ++++ libassuan-2.5.1/configure 2020-01-12 13:39:50.655638965 -0800 +@@ -10781,7 +10781,7 @@ + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' +@@ -11020,16 +11020,16 @@ + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + esac + ;; +@@ -11042,7 +11042,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + haiku*) +@@ -11055,7 +11055,7 @@ + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=yes + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + hpux9* | hpux10* | hpux11*) +@@ -11067,7 +11067,7 @@ + case $host_cpu in + ia64*) + shrext_cmds='.so' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -11082,7 +11082,7 @@ + ;; + hppa*64*) + shrext_cmds='.sl' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -11115,7 +11115,7 @@ + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + irix5* | irix6* | nonstopux*) +@@ -11152,7 +11152,7 @@ + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + # No shared lib support for Linux oldld, aout, or coff. +@@ -11173,7 +11173,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. +@@ -11228,7 +11228,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then +@@ -11253,7 +11253,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='NetBSD ld.elf_so' + ;; + +@@ -11272,7 +11272,7 @@ + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + newsos6) +@@ -11290,7 +11290,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='ldqnx.so' + ;; + +@@ -11352,7 +11352,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; +@@ -11409,7 +11409,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else +@@ -11431,7 +11431,7 @@ + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + uts4*) +@@ -15680,7 +15680,7 @@ + postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' + finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' + finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' +-hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' ++hardcode_into_libs=no + sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' + sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' + hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' +@@ -16896,7 +16896,7 @@ + finish_eval=$lt_finish_eval + + # Whether we should hardcode library paths into libraries. +-hardcode_into_libs=$hardcode_into_libs ++hardcode_into_libs=no + + # Compile-time system search path for libraries. + sys_lib_search_path_spec=$lt_sys_lib_search_path_spec diff --git a/patches/libgcrypt-1.8.3.patch b/patches/libgcrypt-1.8.3.patch new file mode 100644 index 000000000..902d96ec2 --- /dev/null +++ b/patches/libgcrypt-1.8.3.patch @@ -0,0 +1,176 @@ +diff -u -r libgcrypt-1.8.3-clean/configure libgcrypt-1.8.3/configure +--- libgcrypt-1.8.3-clean/configure 2018-06-13 00:39:33.000000000 -0700 ++++ libgcrypt-1.8.3/configure 2020-01-12 13:32:34.840010800 -0800 +@@ -11292,7 +11292,7 @@ + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' +@@ -11531,16 +11531,16 @@ + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + esac + ;; +@@ -11553,7 +11553,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + haiku*) +@@ -11566,7 +11566,7 @@ + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=yes + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + hpux9* | hpux10* | hpux11*) +@@ -11578,7 +11578,7 @@ + case $host_cpu in + ia64*) + shrext_cmds='.so' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -11593,7 +11593,7 @@ + ;; + hppa*64*) + shrext_cmds='.sl' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -11626,7 +11626,7 @@ + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + irix5* | irix6* | nonstopux*) +@@ -11663,7 +11663,7 @@ + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + # No shared lib support for Linux oldld, aout, or coff. +@@ -11684,7 +11684,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. +@@ -11739,7 +11739,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then +@@ -11764,7 +11764,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='NetBSD ld.elf_so' + ;; + +@@ -11783,7 +11783,7 @@ + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + newsos6) +@@ -11801,7 +11801,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='ldqnx.so' + ;; + +@@ -11863,7 +11863,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; +@@ -11920,7 +11920,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else +@@ -11942,7 +11942,7 @@ + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + uts4*) +@@ -19824,7 +19824,7 @@ + postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' + finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' + finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' +-hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' ++hardcode_into_libs=no + sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' + sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' + hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' +@@ -21088,7 +21088,7 @@ + finish_eval=$lt_finish_eval + + # Whether we should hardcode library paths into libraries. +-hardcode_into_libs=$hardcode_into_libs ++hardcode_into_libs=no + + # Compile-time system search path for libraries. + sys_lib_search_path_spec=$lt_sys_lib_search_path_spec diff --git a/patches/libksba-1.3.5.patch b/patches/libksba-1.3.5.patch new file mode 100644 index 000000000..8c1ee16e9 --- /dev/null +++ b/patches/libksba-1.3.5.patch @@ -0,0 +1,200 @@ +diff -u -r libksba-1.3.5-clean/configure libksba-1.3.5/configure +--- libksba-1.3.5-clean/configure 2016-08-22 02:56:54.000000000 -0700 ++++ libksba-1.3.5/configure 2020-01-12 13:34:53.557259138 -0800 +@@ -10734,7 +10734,7 @@ + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test "$host_cpu" = ia64; then + # AIX 5 supports IA64 + library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' +@@ -10973,16 +10973,16 @@ + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + esac + ;; +@@ -10995,7 +10995,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + haiku*) +@@ -11008,7 +11008,7 @@ + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=yes + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + hpux9* | hpux10* | hpux11*) +@@ -11020,7 +11020,7 @@ + case $host_cpu in + ia64*) + shrext_cmds='.so' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -11035,7 +11035,7 @@ + ;; + hppa*64*) + shrext_cmds='.sl' +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. +@@ -11068,7 +11068,7 @@ + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + irix5* | irix6* | nonstopux*) +@@ -11105,7 +11105,7 @@ + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" + sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + # No shared lib support for Linux oldld, aout, or coff. +@@ -11126,7 +11126,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. +@@ -11181,7 +11181,7 @@ + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. +- hardcode_into_libs=yes ++ hardcode_into_libs=no + + # Append ld.so.conf contents to the search path + if test -f /etc/ld.so.conf; then +@@ -11206,7 +11206,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='NetBSD ld.elf_so' + ;; + +@@ -11225,7 +11225,7 @@ + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + newsos6) +@@ -11243,7 +11243,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + dynamic_linker='ldqnx.so' + ;; + +@@ -11305,7 +11305,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; +@@ -11362,7 +11362,7 @@ + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes +- hardcode_into_libs=yes ++ hardcode_into_libs=no + if test "$with_gnu_ld" = yes; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else +@@ -11384,7 +11384,7 @@ + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no +- hardcode_into_libs=yes ++ hardcode_into_libs=no + ;; + + uts4*) +@@ -15804,7 +15804,7 @@ + postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' + finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' + finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' +-hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' ++hardcode_into_libs=no + sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' + sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`' + hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' +@@ -17021,7 +17021,7 @@ + finish_eval=$lt_finish_eval + + # Whether we should hardcode library paths into libraries. +-hardcode_into_libs=$hardcode_into_libs ++hardcode_into_libs=no + + # Compile-time system search path for libraries. + sys_lib_search_path_spec=$lt_sys_lib_search_path_spec +diff -u -r libksba-1.3.5-clean/src/asn1-gentables.c libksba-1.3.5/src/asn1-gentables.c +--- libksba-1.3.5-clean/src/asn1-gentables.c 2016-08-22 02:38:21.000000000 -0700 ++++ libksba-1.3.5/src/asn1-gentables.c 2020-01-12 13:34:45.877191990 -0800 +@@ -109,10 +109,17 @@ + static int + cmp_string (const void *aptr, const void *bptr) + { +- const struct name_list_s **a = (const struct name_list_s **)aptr; +- const struct name_list_s **b = (const struct name_list_s **)bptr; ++ const char *a = (*(const struct name_list_s **)aptr)->name; ++ const char *b = (*(const struct name_list_s **)bptr)->name; + +- return strlen ((*a)->name) < strlen ((*b)->name); ++ const size_t len_a = strlen(a); ++ const size_t len_b = strlen(b); ++ ++ if (len_a < len_b) ++ return -1; ++ if (len_a > len_b) ++ return +1; ++ return strcmp(a, b); + } + + static void diff --git a/patches/libremkey-hotp-verification.patch b/patches/libremkey-hotp-verification.patch deleted file mode 100644 index 5376da03b..000000000 --- a/patches/libremkey-hotp-verification.patch +++ /dev/null @@ -1,32 +0,0 @@ ---- nitrokey-hotp-verification-a/Toolchain-heads.cmake 2018-05-22 09:55:46.907209235 -0700 -+++ nitrokey-hotp-verification-b/Toolchain-heads.cmake 2018-05-22 09:55:26.659371966 -0700 -@@ -0,0 +1,18 @@ -+SET(CMAKE_SYSTEM_NAME Linux) -+SET(CMAKE_SYSTEM_VERSION 1) -+ -+# Specify the cross compiler -+SET(CMAKE_C_COMPILER $ENV{INSTALL}/bin/musl-gcc) -+SET(CMAKE_CXX_COMPILER $ENV{INSTALL}/bin/musl-gcc) -+ -+# Where is the target environment -+SET(CMAKE_FIND_ROOT_PATH $ENV{INSTALL}) -+ -+# Search for programs only in the build host directories -+SET(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) -+ -+# Search for libraries and headers only in the target directories -+SET(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) -+SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) -+ -+INCLUDE_DIRECTORIES(hidapi) ---- libremkey-hotp-verification/device.c 2018-06-20 16:13:36.417804210 -0700 -+++ libremkey-hotp-verification-b/device.c 2018-06-20 16:14:34.532367723 -0700 -@@ -34,7 +34,7 @@ - const unsigned short m_vid = 0x20a0; - const unsigned short m_pid = 0x4108; - --static const int CONNECTION_ATTEMPTS_COUNT = 80; -+static const int CONNECTION_ATTEMPTS_COUNT = 2; - - static const int CONNECTION_ATTEMPT_DELAY_MICRO_SECONDS = 1000*1000/2; - diff --git a/patches/linux-4.14.62/0000-efi_bds.patch b/patches/linux-4.14.62/0000-efi_bds.patch index 5ffbf62bd..0d2d76ea3 100644 --- a/patches/linux-4.14.62/0000-efi_bds.patch +++ b/patches/linux-4.14.62/0000-efi_bds.patch @@ -43,3 +43,12 @@ diff -u --recursive ../../clean/linux-4.14.62/arch/x86/boot/compressed/eboot.c l return boot_params; fail2: +--- clean/linux-4.14.62/arch/x86/boot/compressed/early_serial_console.c 2018-08-09 12:16:40.000000000 +0200 ++++ linux-4.14.62/arch/x86/boot/compressed/early_serial_console.c 2018-09-28 11:59:36.824015244 +0200 +@@ -1,5 +1,5 @@ + #include "misc.h" + +-int early_serial_base; ++int early_serial_base = 0x3f8; + + #include "../early_serial_console.c" diff --git a/patches/linux-4.19.139/0000-efi_bds.patch b/patches/linux-4.19.139/0000-efi_bds.patch new file mode 100644 index 000000000..0d2d76ea3 --- /dev/null +++ b/patches/linux-4.19.139/0000-efi_bds.patch @@ -0,0 +1,54 @@ +diff -u --recursive ../../clean/linux-4.14.62/arch/x86/boot/compressed/eboot.c linux-4.14.62/arch/x86/boot/compressed/eboot.c +--- ../../clean/linux-4.14.62/arch/x86/boot/compressed/eboot.c 2018-08-09 06:16:40.000000000 -0400 ++++ linux-4.14.62/arch/x86/boot/compressed/eboot.c 2018-08-09 10:13:11.801000000 -0400 +@@ -630,8 +630,8 @@ + u16 *s2; + u8 *s1; + int i; +- unsigned long ramdisk_addr; +- unsigned long ramdisk_size; ++ unsigned long ramdisk_addr = 0; ++ unsigned long ramdisk_size = 0; + + efi_early = c; + sys_table = (efi_system_table_t *)(unsigned long)efi_early->table; +@@ -686,9 +686,6 @@ + /* Fill in upper bits of command line address, NOP on 32 bit */ + boot_params->ext_cmd_line_ptr = (u64)(unsigned long)cmdline_ptr >> 32; + +- hdr->ramdisk_image = 0; +- hdr->ramdisk_size = 0; +- + /* Clear APM BIOS info */ + memset(bi, 0, sizeof(*bi)); + +@@ -712,10 +709,16 @@ + + if (status != EFI_SUCCESS) + goto fail2; +- hdr->ramdisk_image = ramdisk_addr & 0xffffffff; +- hdr->ramdisk_size = ramdisk_size & 0xffffffff; +- boot_params->ext_ramdisk_image = (u64)ramdisk_addr >> 32; +- boot_params->ext_ramdisk_size = (u64)ramdisk_size >> 32; ++ ++ // don't overwrite the bzImage or loader provided ramdisk pointer ++ // unless the kernel command line specified a different one. ++ if (ramdisk_addr != 0) ++ { ++ hdr->ramdisk_image = ramdisk_addr & 0xffffffff; ++ hdr->ramdisk_size = ramdisk_size & 0xffffffff; ++ boot_params->ext_ramdisk_image = (u64)ramdisk_addr >> 32; ++ boot_params->ext_ramdisk_size = (u64)ramdisk_size >> 32; ++ } + + return boot_params; + fail2: +--- clean/linux-4.14.62/arch/x86/boot/compressed/early_serial_console.c 2018-08-09 12:16:40.000000000 +0200 ++++ linux-4.14.62/arch/x86/boot/compressed/early_serial_console.c 2018-09-28 11:59:36.824015244 +0200 +@@ -1,5 +1,5 @@ + #include "misc.h" + +-int early_serial_base; ++int early_serial_base = 0x3f8; + + #include "../early_serial_console.c" diff --git a/patches/linux-4.19.139/0001-fake-acpi.patch b/patches/linux-4.19.139/0001-fake-acpi.patch new file mode 100644 index 000000000..0c8b3b546 --- /dev/null +++ b/patches/linux-4.19.139/0001-fake-acpi.patch @@ -0,0 +1,32 @@ +diff --recursive -u ./clean/linux-4.9.80/drivers/acpi/acpica/evxfevnt.c linux-4.9.80/drivers/acpi/acpica/evxfevnt.c +--- ./clean/linux-4.9.80/drivers/acpi/acpica/evxfevnt.c 2018-02-03 11:05:43.000000000 -0500 ++++ linux-4.9.80/drivers/acpi/acpica/evxfevnt.c 2018-02-07 15:51:28.786502597 -0500 +@@ -111,6 +111,8 @@ + } + + ACPI_ERROR((AE_INFO, "Hardware did not enter ACPI mode")); ++printk("%s:%d faking ACPI mode\n", __func__, __LINE__); ++ return_ACPI_STATUS(AE_OK); + return_ACPI_STATUS(AE_NO_HARDWARE_RESPONSE); + } + +diff --recursive -u ./clean/linux-4.9.80/drivers/acpi/acpica/hwacpi.c linux-4.9.80/drivers/acpi/acpica/hwacpi.c +--- ./clean/linux-4.9.80/drivers/acpi/acpica/hwacpi.c 2018-02-03 11:05:43.000000000 -0500 ++++ linux-4.9.80/drivers/acpi/acpica/hwacpi.c 2018-02-07 15:51:35.126557868 -0500 +@@ -168,12 +168,16 @@ + + status = acpi_read_bit_register(ACPI_BITREG_SCI_ENABLE, &value); + if (ACPI_FAILURE(status)) { ++printk("%s:%d faking ACPI mode\n", __func__, __LINE__); ++ return_UINT32(ACPI_SYS_MODE_ACPI); + return_UINT32(ACPI_SYS_MODE_LEGACY); + } + + if (value) { + return_UINT32(ACPI_SYS_MODE_ACPI); + } else { ++//printk("%s:%d faking ACPI mode\n", __func__, __LINE__); ++// return_UINT32(ACPI_SYS_MODE_ACPI); + return_UINT32(ACPI_SYS_MODE_LEGACY); + } + } diff --git a/patches/linux-4.19.139/0002-nmi-squelch.patch b/patches/linux-4.19.139/0002-nmi-squelch.patch new file mode 100644 index 000000000..bce1cd2f0 --- /dev/null +++ b/patches/linux-4.19.139/0002-nmi-squelch.patch @@ -0,0 +1,20 @@ +diff --recursive -u ./clean/linux-4.9.80/arch/x86/kernel/nmi.c linux-4.9.80/arch/x86/kernel/nmi.c +--- ./clean/linux-4.9.80/arch/x86/kernel/nmi.c 2018-02-03 11:05:43.000000000 -0500 ++++ linux-4.9.80/arch/x86/kernel/nmi.c 2018-02-07 18:56:10.475613884 -0500 +@@ -303,6 +303,8 @@ + + __this_cpu_add(nmi_stats.unknown, 1); + ++#if 0 ++// qemu generates these for some reason + pr_emerg("Uhhuh. NMI received for unknown reason %02x on CPU %d.\n", + reason, smp_processor_id()); + +@@ -311,6 +313,7 @@ + nmi_panic(regs, "NMI: Not continuing"); + + pr_emerg("Dazed and confused, but trying to continue\n"); ++#endif + } + NOKPROBE_SYMBOL(unknown_nmi_error); + diff --git a/patches/linux-4.19.139/0003-fake-trampoline.patch b/patches/linux-4.19.139/0003-fake-trampoline.patch new file mode 100644 index 000000000..e6ec15c9b --- /dev/null +++ b/patches/linux-4.19.139/0003-fake-trampoline.patch @@ -0,0 +1,28 @@ +diff --recursive -u ./clean/linux-4.9.80/arch/x86/realmode/init.c linux-4.9.80/arch/x86/realmode/init.c +--- ./clean/linux-4.9.80/arch/x86/realmode/init.c 2018-02-03 11:05:43.000000000 -0500 ++++ linux-4.9.80/arch/x86/realmode/init.c 2018-02-07 15:51:28.538500435 -0500 +@@ -35,8 +35,8 @@ + /* Has to be under 1M so we can execute real-mode AP code. */ + mem = memblock_find_in_range(0, 1<<20, size, PAGE_SIZE); + if (!mem) { +- pr_info("No sub-1M memory is available for the trampoline\n"); +- return; ++ mem = 0x4000; ++ pr_info("No sub-1M memory is available for the trampoline, guessing %p\n", mem); + } + + memblock_reserve(mem, size); +@@ -138,7 +138,12 @@ + static int __init init_real_mode(void) + { + if (!real_mode_header) +- panic("Real mode trampoline was not allocated"); ++ { ++ // ignore for now ++ //panic("Real mode trampoline was not allocated"); ++ pr_warn("Real mode trampoline was not allocated"); ++ return 0; ++ } + + setup_real_mode(); + set_real_mode_permissions(); diff --git a/patches/linux-4.19.139/0010-winterfell-ahci.patch b/patches/linux-4.19.139/0010-winterfell-ahci.patch new file mode 100644 index 000000000..9c4df7e28 --- /dev/null +++ b/patches/linux-4.19.139/0010-winterfell-ahci.patch @@ -0,0 +1,18 @@ +diff --recursive -u ./clean/linux-4.9.80/drivers/ata/libahci.c linux-4.9.80/drivers/ata/libahci.c +--- ./clean/linux-4.9.80/drivers/ata/libahci.c 2018-02-03 11:05:43.000000000 -0500 ++++ linux-4.9.80/drivers/ata/libahci.c 2018-02-07 18:02:32.526535910 -0500 +@@ -537,8 +537,12 @@ + } + + /* fabricate port_map from cap.nr_ports for < AHCI 1.3 */ +- if (!port_map && vers < 0x10300) { +- port_map = (1 << ahci_nr_ports(cap)) - 1; ++ if (!port_map) { // && vers < 0x10300) { ++ printk("%s: saved_port=%02x\n", __func__, hpriv->saved_port_map); ++ writel(0x1, mmio + HOST_PORTS_IMPL); ++ port_map = readl(mmio + HOST_PORTS_IMPL); ++ ++ //port_map = (1 << ahci_nr_ports(cap)) - 1; + dev_warn(dev, "forcing PORTS_IMPL to 0x%x\n", port_map); + + /* write the fixed up value to the PI register */ diff --git a/patches/lvm2-2.02.168.patch b/patches/lvm2-2.02.168.patch index d6547c475..0a0956998 100644 --- a/patches/lvm2-2.02.168.patch +++ b/patches/lvm2-2.02.168.patch @@ -1,6 +1,6 @@ -diff -u --recursive ../clean/LVM2.2.02.168/lib/mm/memlock.c LVM2.2.02.168/lib/mm/memlock.c ---- ../clean/LVM2.2.02.168/lib/mm/memlock.c 2016-11-30 18:17:29.000000000 -0500 -+++ LVM2.2.02.168/lib/mm/memlock.c 2017-04-12 08:18:18.533783802 -0400 +diff --recursive -u clean/LVM2.2.02.168/lib/mm/memlock.c lvm2.2.02.168/lib/mm/memlock.c +--- clean/LVM2.2.02.168/lib/mm/memlock.c 2016-12-01 00:17:29.000000000 +0100 ++++ lvm2.2.02.168/lib/mm/memlock.c 2020-01-09 13:23:14.017310025 +0100 @@ -150,6 +150,7 @@ static void _allocate_memory(void) @@ -9,7 +9,7 @@ diff -u --recursive ../clean/LVM2.2.02.168/lib/mm/memlock.c LVM2.2.02.168/lib/mm #ifndef VALGRIND_POOL void *stack_mem; struct rlimit limit; -@@ -208,6 +209,7 @@ +@@ -208,11 +209,14 @@ for (i = 0; i < area; ++i) free(areas[i]); #endif @@ -17,7 +17,14 @@ diff -u --recursive ../clean/LVM2.2.02.168/lib/mm/memlock.c LVM2.2.02.168/lib/mm } static void _release_memory(void) -@@ -288,7 +290,7 @@ + { ++#if 0 + free(_malloc_mem); ++#endif + } + + /* +@@ -288,7 +292,7 @@ if (lock == LVM_MLOCK) { if (mlock((const void*)from, sz) < 0) { @@ -26,9 +33,9 @@ diff -u --recursive ../clean/LVM2.2.02.168/lib/mm/memlock.c LVM2.2.02.168/lib/mm return 0; } } else { -diff -u --recursive ../clean/LVM2.2.02.168/libdm/libdm-stats.c LVM2.2.02.168/libdm/libdm-stats.c ---- ../clean/LVM2.2.02.168/libdm/libdm-stats.c 2016-11-30 18:17:30.000000000 -0500 -+++ LVM2.2.02.168/libdm/libdm-stats.c 2017-04-10 16:50:01.622529656 -0400 +diff --recursive -u clean/LVM2.2.02.168/libdm/libdm-stats.c lvm2.2.02.168/libdm/libdm-stats.c +--- clean/LVM2.2.02.168/libdm/libdm-stats.c 2016-12-01 00:17:30.000000000 +0100 ++++ lvm2.2.02.168/libdm/libdm-stats.c 2020-01-09 13:23:14.017310025 +0100 @@ -17,7 +17,24 @@ #include "dmlib.h" @@ -90,9 +97,9 @@ diff -u --recursive ../clean/LVM2.2.02.168/libdm/libdm-stats.c LVM2.2.02.168/lib buflen += id_len + 1; /* range end plus "-" */ } buflen++; -diff -u --recursive ../clean/LVM2.2.02.168/libdm/Makefile.in LVM2.2.02.168/libdm/Makefile.in ---- ../clean/LVM2.2.02.168/libdm/Makefile.in 2016-11-30 18:17:30.000000000 -0500 -+++ LVM2.2.02.168/libdm/Makefile.in 2017-04-10 16:50:01.622529656 -0400 +diff --recursive -u clean/LVM2.2.02.168/libdm/Makefile.in lvm2.2.02.168/libdm/Makefile.in +--- clean/LVM2.2.02.168/libdm/Makefile.in 2016-12-01 00:17:30.000000000 +0100 ++++ lvm2.2.02.168/libdm/Makefile.in 2020-01-09 13:23:14.017310025 +0100 @@ -56,7 +56,8 @@ CFLAGS += $(UDEV_CFLAGS) $(VALGRIND_CFLAGS) @@ -103,9 +110,9 @@ diff -u --recursive ../clean/LVM2.2.02.168/libdm/Makefile.in LVM2.2.02.168/libdm device-mapper: all -diff -u --recursive ../clean/LVM2.2.02.168/make.tmpl.in LVM2.2.02.168/make.tmpl.in ---- ../clean/LVM2.2.02.168/make.tmpl.in 2016-11-30 18:17:30.000000000 -0500 -+++ LVM2.2.02.168/make.tmpl.in 2017-04-10 16:50:01.626529699 -0400 +diff --recursive -u clean/LVM2.2.02.168/make.tmpl.in lvm2.2.02.168/make.tmpl.in +--- clean/LVM2.2.02.168/make.tmpl.in 2016-12-01 00:17:30.000000000 +0100 ++++ lvm2.2.02.168/make.tmpl.in 2020-01-09 13:23:14.017310025 +0100 @@ -142,7 +142,7 @@ M_INSTALL_PROGRAM = -m 555 M_INSTALL_DATA = -m 444 @@ -126,9 +133,9 @@ diff -u --recursive ../clean/LVM2.2.02.168/make.tmpl.in LVM2.2.02.168/make.tmpl. LVM_VERSION := $(shell cat $(top_srcdir)/VERSION) -diff -u --recursive ../clean/LVM2.2.02.168/tools/lvmcmdline.c LVM2.2.02.168/tools/lvmcmdline.c ---- ../clean/LVM2.2.02.168/tools/lvmcmdline.c 2016-11-30 18:17:32.000000000 -0500 -+++ LVM2.2.02.168/tools/lvmcmdline.c 2017-04-10 16:50:01.626529699 -0400 +diff --recursive -u clean/LVM2.2.02.168/tools/lvmcmdline.c lvm2.2.02.168/tools/lvmcmdline.c +--- clean/LVM2.2.02.168/tools/lvmcmdline.c 2016-12-01 00:17:32.000000000 +0100 ++++ lvm2.2.02.168/tools/lvmcmdline.c 2020-01-09 13:23:49.057418263 +0100 @@ -1817,6 +1817,7 @@ { int err = is_valid_fd(STDERR_FILENO); @@ -145,3 +152,12 @@ diff -u --recursive ../clean/LVM2.2.02.168/tools/lvmcmdline.c LVM2.2.02.168/tool return 1; } +@@ -2023,7 +2025,7 @@ + */ + dm_set_name_mangling_mode(DM_STRING_MANGLING_NONE); + +- if (!(cmd = create_toolcontext(0, NULL, 1, 0, ++ if (!(cmd = create_toolcontext(0, NULL, 0, 0, + set_connections, set_filters))) { + udev_fin_library_context(); + return_NULL; diff --git a/patches/musl-cross.patch b/patches/musl-cross-1952975.patch similarity index 80% rename from patches/musl-cross.patch rename to patches/musl-cross-1952975.patch index 267c339a3..7161e6736 100644 --- a/patches/musl-cross.patch +++ b/patches/musl-cross-1952975.patch @@ -1,5 +1,5 @@ diff --git a/config.sh b/config.sh -index 4e321c9..6d9ea32 100644 +index ec3c1ce..844fb3d 100644 --- a/config.sh +++ b/config.sh @@ -1,13 +1,15 @@ @@ -20,7 +20,7 @@ index 4e321c9..6d9ea32 100644 # If you use arm, you may need more fine-tuning: # arm hardfloat v7 -@@ -20,7 +22,10 @@ CC_BASE_PREFIX=/opt/cross +@@ -20,11 +22,14 @@ CC_BASE_PREFIX=/opt/cross #GCC_BOOTSTRAP_CONFFLAGS="--with-arch=armv7-a --with-float=softfp" #GCC_CONFFLAGS="--with-arch=armv7-a --with-float=softfp" @@ -29,6 +29,10 @@ index 4e321c9..6d9ea32 100644 # Enable this to build the bootstrap gcc (thrown away) without optimization, to reduce build time GCC_STAGE1_NOOPT=1 -+ + +# Build GMP, MPFR and MPC +GCC_BUILTIN_PREREQS=yes ++ + # uncomment these to get smaller/stripped binaries + #export CFLAGS="-Os -g0 -s" + #export CXXFLAGS="-Os -g0"