Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KGPE-D16 port (no TPM) #335

Merged
merged 9 commits into from
Mar 7, 2018
Merged

KGPE-D16 port (no TPM) #335

merged 9 commits into from
Mar 7, 2018

Conversation

tlaurion
Copy link
Collaborator

@tlaurion tlaurion commented Mar 1, 2018
edited
Loading

Contains flammit's modifications made atop of this branch

  • kexec-boot script calls Xen from grub parsed configuration. No more Xen into the firmware!

Usage:

  • KVM chip gets it's IP from DHCP. You can ssh to it. From there, connect to the system serial console with screen /dev/ttyS0 115200.
  • Flashing heads update firmwares is done through flashrom-kgpe-d16.sh /media/coreboot.rom from bmc or serial. Thanks to Timothy Pearson.
  • Flashing the BMC is done from a local serial connection. Flammit proposes dropbear ssh server to connect to heads.
  • Qubes disk password is prompted through OpenBMC console.
  • User's keys can be merged into rom following these instructions

Limitation:

  • It is currently impossible to reflash the KVM chip from within the KVM itself. It's possible to do it from the console connection: flashrom-kgpe-d16-openbmc.sh /media/flash-asus-XXXXXXXXXXXX. Do not forget to turn off REST api access and changing default ssh password when building OpenBMC

Still missing:

  • TPM2.0 toolset to properly acquire, measure and attest system integrity.

flammit and others added 9 commits February 19, 2018 14:29
@flammit
Update qubes xen version for Qubes 4.0rc4
a6a5fef
@flammit
update mpc url for musl-cross patch
ffa857d
@flammit
Make TPM dependency optional and controlled by flag CONFIG_TPM
b507239 
if "CONFIG_TPM=y" is not present in the config file, functionalities
needing TPM could be disabled, while leaving other functionalities intact.

This will make Heads a more general-usage bootloader payload atop coreboot.
@flammit
Cleanup of init to support server and desktop
e9312e1 
Guarded linuxboot specific init entries
Removed Makefile entries into separate file (conflicts with srcing /etc/config)
Added CONFIG_BOOT_LOCAL/_REMOTE to control interface setup
Fixed CONFIG_TPM usage
@tlaurion
Board, linux and coreboot configs
23ae788
@tlaurion
IKVM4 and alike SMB support into coreboot from here: https://review.c…
0f299fe 
…oreboot.org/#/c/coreboot/+/19820/. Flashing scripts and flashrom patches.
@tlaurion
Merging to osresearch master
9eadb07
@tlaurion
reverting changes that were not merged from other branches
1c1a1a2
@tlaurion
reverted remote configuration from board config, which will be pushed…
77d2fc9 
… by flammit
@tlaurion tlaurion mentioned this pull request Mar 2, 2018
Closed
@osresearch
Copy link
Collaborator

This is an exciting addition and I'm so glad to merge it.

@osresearch osresearch merged commit 77d2fc9 into linuxboot:master Mar 7, 2018
@tlaurion
Copy link
Collaborator Author

tlaurion commented Aug 5, 2018

TPMv2 support should be working out of the box as of coreboot/coreboot@bce49c2

To be tested.

@tlaurion tlaurion mentioned this pull request May 1, 2020
Merged
@tlaurion tlaurion mentioned this pull request May 13, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tlaurion @osresearch @flammit