linuxboot
PoC : D16 - Bump kernel 6.1.8 + coreboot to fam15h (justmike80386) branch
WARNING: No measured boot is occurring until patches 0001, 0020 and 0021 are ported over
Based on #1803 + switching to fam15h's coreboot fork (without patches/coreboot-4.11 patches)
Discussion leading to this PR around https://matrix.to/#/!OkpUfvLEYpLyALVvaW:dodoid.com/$4ydLUMFeRvt9eQLOK_Us3v8yFC9JekLAGG0ly5w02_I?via=dodoid.com&via=matrix.org&via=envs.net (for those already part of d16 club -> fam15h matrix room)
CI Pipeline for 46783ee at https://app.circleci.com/pipelines/github/tlaurion/heads/2881/workflows/dc549dd9-b036-4e7b-96c7-579cbc999eb8
(Github slow at receiving CircleCI API calls once builds lauched prior of PR created)
With patches 0001, 0020 and 0021 copied over (not ported from patches/coreboot-4.11)
Local logs (CircleCI will provide same for that branch containing those patches, not here):
tail /home/user/heads/build/x86/log/coreboot-fam15h.log
-----
return tlcl_extend(pcr_num, hash, NULL);
^~~~
src/security/tpm/tss/tcg-1.2/tss.c:345:45: note: expected 'uint16_t' {aka 'short unsigned int'} but argument is of type 'const uint8_t *' {aka 'const unsigned char *'}
uint32_t tlcl_extend(int pcr_num, uint16_t algorithm,
~~~~~~~~~^~~~~~~~~
src/security/tpm/tss/tcg-1.2/tss.c:385:9: error: too few arguments to function 'tlcl_extend'
return tlcl_extend(pcr_num, hash, NULL);
^~~~~~~~~~~
src/security/tpm/tss/tcg-1.2/tss.c:345:10: note: declared here
uint32_t tlcl_extend(int pcr_num, uint16_t algorithm,
^~~~~~~~~~~
src/security/tpm/tss/tcg-1.2/tss.c:386:1: error: control reaches end of non-void function [-Werror=return-type]
}
^
src/security/tpm/tss/tcg-1.2/tss.c: At top level:
cc1: error: unrecognized command line option '-Wno-address-of-packed-member' [-Werror]
cc1: all warnings being treated as errors
make[1]: *** [Makefile:370: UNMAINTAINED_kgpe-d16_workstation/romstage/security/tpm/tss/tcg-1.2/tss.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: Leaving directory '/home/user/heads/build/x86/coreboot-fam15h'
make: *** [Makefile:563: /home/user/heads/build/x86/coreboot-fam15h/UNMAINTAINED_kgpe-d16_workstation/.build] Error 1
Patches welcome.
Ideally:
- Patches from dasharo (bootblock instead of romstage measured boot) would replace the patches/coreboot-4.11 patches currently missing)
Other branch with 4.11 measured boot in romstage patches in at https://app.circleci.com/pipelines/github/tlaurion/heads/2882/workflows/b16fb6a4-5aa8-4dc5-a8f3-87f8031b815c, will fail and logs will be observable there for those interested in moving things forward.
As said in OP: the desirable patches are not those from https://github.com/tlaurion/heads/commit/9b8257cd1b1f7c22b0b49ae9b3786d53d7f273a0 but backporting Dasharo ~4.15 (commit based between 4.14-4.15 from their branch) patches to 4.11 so measured boot is in bootblock.
Please comment here and/or provide needed patches.
Thank you.
613931c saves coreboot config changes for all 4 boards flavors, and expose changes using that branch.
Saved with
docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=UNMAINTAINED_kgpe-d16_workstation-usb_keyboard coreboot.modify_and_save_oldconfig_in_place
While changing BOARD=xyz for the 4 variants in tree
29732a0 moves Viking HCL in board configs where they should have landed, not in coreboot configs which are wiped when modified...
- Re-ownership works (TPM, USB Security dongle provisioning of in smartcard keys, injecting public key in flashrom backup, flashrom flashing of cbfs injected keyring + trustdb).
- Signing /boot works
- boot options- show boot options-> define default boot + TPM Disk Unlock Key works
- PR0 works
Will add HOTP variants
I was able to compile d16_15h_coreboot_fork without any problems with measured boot enabled through menuconfig
works without any issue so far
