diff options
28 files changed, 391 insertions, 43 deletions
diff --git a/docs/gnulinux/configuring_parabola.md b/docs/gnulinux/configuring_parabola.md index 1e525f59..935ff099 100644 --- a/docs/gnulinux/configuring_parabola.md +++ b/docs/gnulinux/configuring_parabola.md @@ -63,7 +63,7 @@ For more information related to `pacman`, review the following articles on the A * [Configuring pacman](https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman) * [Using pacman](https://wiki.archlinux.org/index.php/Pacman) -* [Additional Repositories](https://wiki.parabolagnulinux.org/Official_Repositories>) +* [Additional Repositories](https://wiki.parabolagnulinux.org/Official_Repositories) ## Updating Parabola Parabola is kept up-to-date, using `pacman`. When you are updating Parabola, diff --git a/docs/gnulinux/encrypted_parabola.md b/docs/gnulinux/encrypted_parabola.md index d65d076e..5ff070a6 100644 --- a/docs/gnulinux/encrypted_parabola.md +++ b/docs/gnulinux/encrypted_parabola.md @@ -102,7 +102,7 @@ You can either fill the header with zeroes, or with random data; again, I chose Also, if you're using an SSD, there are a two things you should keep in mind: - There are issues with TRIM; it's not enabled by default through LUKS, -and there are security issues, if you do enable it. See [this page](https://wiki.archlinux.org/index.php/Dm-cryptSpecialties#Discard.2FTRIM_support_for_solid_state_drives_.28SSD.29) for more info. +and there are security issues, if you do enable it. See [this page](https://wiki.archlinux.org/index.php/Dm-crypt#Specialties) for more info. - Make sure to read [this article](https://wiki.archlinux.org/index.php/Solid_State_Drives), for information on managing SSD's in Arch Linux (the information applies to Parabola, as well). @@ -381,7 +381,7 @@ for the LUKS passphrase, apply here as well. You will set this password with the ### Extra Security Tweaks There are some final changes that we can make to the installation, to make it -significantly more secure; these are based on the [Security](https://wiki.archlinux.org/index.php/Securit) section of the Arch wiki. +significantly more secure; these are based on the [Security](https://wiki.archlinux.org/index.php/Security) section of the Arch wiki. #### Key Strengthening We will want to open the configuration file for password settings, and increase diff --git a/docs/gnulinux/grub_boot_installer.md b/docs/gnulinux/grub_boot_installer.md index 7086b71d..7d4375e6 100644 --- a/docs/gnulinux/grub_boot_installer.md +++ b/docs/gnulinux/grub_boot_installer.md @@ -25,7 +25,7 @@ Overwrite the drive, writing your distro ISO to it with `dd`. For example, if we That's it! You should now be able to boot the installer from your USB drive (the instructions for doing so will be given later). ## Prepare the USB drive in NetBSD -[This page](https://wiki.netbsd.org/tutorials how_to_install_netbsd_from_an_usb_memory_stick/) on the NetBSD website shows how to create a NetBSD bootable USB drive, from within NetBSD itself. You should the `dd` method documented there. This will work with any GNU+Linux ISO image. +[This page](https://wiki.netbsd.org/tutorials/how_to_install_netbsd_from_an_usb_memory_stick/) on the NetBSD website shows how to create a NetBSD bootable USB drive, from within NetBSD itself. You should the `dd` method documented there. This will work with any GNU+Linux ISO image. ## Prepare the USB drive in FreeBSD [This page](https://www.freebsd.org/doc/handbook/bsdinstall-pre.html) on the FreeBSD website shows how to create a bootable USB drive for installing FreeBSD. Use the `dd` method documented. This will work with any GNU+Linux ISO image. diff --git a/docs/gnulinux/grub_cbfs.md b/docs/gnulinux/grub_cbfs.md index 5283b4fc..4879d9cf 100644 --- a/docs/gnulinux/grub_cbfs.md +++ b/docs/gnulinux/grub_cbfs.md @@ -152,19 +152,17 @@ used by coreboot native graphics initialization. I'll choose **x200_8mb_usqwerty_vesafb.rom**; I'll copy the file (to the `cbfstool` directory), and rename it with one command: - $ mv "x200_8mb_usqwerty_vesafb.rom" ../cbfstool/x86_64/cbfstool/x86_64/libreboot.rom + $ mv "x200_8mb_usqwerty_vesafb.rom" ../cbfstool/x86_64/libreboot.rom #### 2. Create an Image from the Current ROM The simpler way to get a ROM image is to just create it from your current ROM, using `flashrom`, making sure to save it in the `cbfstool` folder, inside **libreboot\_util**: - $ sudo flashrom -p internal -r ~/Downloads/libreboot_util/cbfstool/\ - >x86_64/cbfstool/x86_64/libreboot.rom + $ sudo flashrom -p internal -r ~/Downloads/libreboot_util/cbfstool/x86_64/libreboot.rom If you are told to specify the chip, add the option `-c {your chip}` to the command, like this: - $ sudo flashrom -c MX25L6405 -p internal -r ~/Downloads/libreboot_util/\ - >cbfstool/x86_64/cbfstool/x86_64/libreboot.rom + $ sudo flashrom -c MX25L6405 -p internal -r ~/Downloads/libreboot_util/cbfstool/x86_64/libreboot.rom Now you are ready to extract the GRUB configuration files from the ROM, and modify them the way you want. @@ -173,7 +171,7 @@ Now you are ready to extract the GRUB configuration files from the ROM, and modi You can check the contents of the ROM image, inside CBFS, using `cbfstool`. First, navigate to the cbfstool folder: - $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/ + $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/ Then, run the `cbfstool` commmand, with the `print` option; this will display a list of all the files located in the ROM: @@ -215,7 +213,7 @@ Or, replace it with this, if you are using a Debian-based distribution (e.g., Tr cryptomount -a set root='lvm/matrix-rootvol' - linux /vmlinuz root=/dev/mapper/matrix-rootvolcryptdevice=/dev/mapper/matrix-rootvol:root + linux /vmlinuz root=/dev/mapper/matrix-rootvol cryptdevice=/dev/mapper/matrix-rootvol:root initrd /initrd.img Remember, that these names come from the instructions to install GNU+Linux @@ -243,8 +241,7 @@ the main storage for **/boot/grub/libreboot\_grub.cfg** or **/grub/libreboot\_gr Therefore, we need to either copy **libreboot\_grub.cfg** to **/grub**, or to **/boot/grub**: - $ sudo cp ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/grubtest.cfg \ - >/boot/grub # or /grub + $ sudo cp ~/Downloads/libreboot_util/cbfstool/x86_64/grubtest.cfg /boot/grub # or /grub Now, the next time we boot our computer, GRUB (in Libreboot) will automatically switch to this configuration file. *This means that you do not have to re-flash, @@ -354,7 +351,7 @@ of **grubtest.cfg**, called **grub.cfg**. First, go to the `cbfstool` directory: - $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/cbfstool/x86_64/ + $ cd ~/Downloads/libreboot_util/cbfstool/x86_64/ Then, create a copy of **grubest.cfg**, named **grub.cfg**: diff --git a/docs/hardware/gm45_remove_me.md b/docs/hardware/gm45_remove_me.md index 0ac2f49b..26e5f9f6 100644 --- a/docs/hardware/gm45_remove_me.md +++ b/docs/hardware/gm45_remove_me.md @@ -418,7 +418,7 @@ region. According to the datasheet, it's supposed to add up to 0xBABA but can actually be others on the X200. -<https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums> +<https://web.archive.org/web/20150912070329/https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums> *"One of those engineers loves classic rock music, so they selected 0xBABA"* diff --git a/docs/hardware/index.md b/docs/hardware/index.md index 259fc854..12580cf8 100644 --- a/docs/hardware/index.md +++ b/docs/hardware/index.md @@ -242,11 +242,11 @@ Tested LCD panels: (working) works) - BOE-Hydis HV150UX1-100 (15.1" 1600x1200) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board) +- Samsung LTN141XA-L01 (14.1" 1024x768) Tested LCD panels: *not working yet (incompatible; see [../future/\#lcd\_i945\_incompatibility](../future/#lcd_i945_incompatibility))* -- Samsung LTN141XA-L01 (14.1" 1024x768) - LG-Philips LP150X09 (15.1" 1024x768) - Samsung LTN150XG (15.1" 1024x768) - LG-Philips LP150E06-A5K4 (15.1" 1400x1050) (also, not an official diff --git a/docs/hardware/t400.md b/docs/hardware/t400.md index df7f0082..f7c4d437 100644 --- a/docs/hardware/t400.md +++ b/docs/hardware/t400.md @@ -2,7 +2,7 @@ title: ThinkPad T400 ... -It is believed that all or most T400 laptops are compatible. See notes +It is believed that all or most laptops of the model T400 are compatible. See notes about [CPU compatibility](../install/t400_external.html#cpu_compatibility) for potential incompatibilities. diff --git a/docs/hardware/x200.md b/docs/hardware/x200.md index 10f5f621..fdf992d1 100644 --- a/docs/hardware/x200.md +++ b/docs/hardware/x200.md @@ -132,12 +132,6 @@ comparing it with X200 (factory BIOS) and X200 (gm45 raminit code in coreboot), to see what the differences are. Then tweak raminit code based on that. -Trouble undocking (button doesn't work) ----------------------------------------- - -This person seems to have a workaround: -<https://github.com/the-unconventional/libreboot-undock> - LCD compatibility list {#lcd_supported_list} ---------------------- diff --git a/docs/install/index.md b/docs/install/index.md index 67c5d722..b54dca15 100644 --- a/docs/install/index.md +++ b/docs/install/index.md @@ -171,7 +171,7 @@ ASUS KCMA-D8? ------------- If you have the proprietary BIOS, you need to flash libreboot -externally. See [kcma-d8.md](kgpe-d8.md). +externally. See [kcma-d8.md](kcma-d8.md). If you already have coreboot or libreboot installed, without write protection on the flash chip, then you can do it in software (otherwise, @@ -266,13 +266,13 @@ executables from the libreboot source code archives. How to update the flash chip contents: -`$ sudo ./flash update `[`yourrom.rom`](#rom) +`$ sudo ./flash update `[`yourrom.rom`](#rom) Ocassionally, coreboot changes the name of a given board. If flashrom complains about a board mismatch, but you are sure that you chose the correct ROM image, then run this alternative command: - `$ sudo ./flash forceupdate `[`yourrom.rom`](#rom) + `$ sudo ./flash forceupdate `[`yourrom.rom`](#rom) You should see `Verifying flash... VERIFIED.` written at the end of the flashrom output. *Shut down* after you see this, and then boot @@ -307,7 +307,7 @@ the flashing script. do this: * The first half of the procedure is as follows: -`$ sudo ./flash i945lenovo_firstflash `[`yourrom.rom`](#rom) +`$ sudo ./flash i945lenovo_firstflash `[`yourrom.rom`](#rom) You should see within the output the following: @@ -334,11 +334,11 @@ needed (see below). When you have booted up again, you must also do this: -`$ sudo ./flash i945lenovo_secondflash `[`yourrom.rom`](#rom) +`$ sudo ./flash i945lenovo_secondflash `[`yourrom.rom`](#rom) If flashing fails at this stage, try the following: -`$ sudo ./flashrom/i686/flashrom -p internal:laptop=force_I_want_a_brick -w `[`yourrom.rom`](#rom) +`$ sudo ./flashrom/i686/flashrom -p internal:laptop=force_I_want_a_brick -w `[`yourrom.rom`](#rom) You should see within the output the following: @@ -374,7 +374,7 @@ with your device. Use this flashing script, to install libreboot: -`$ sudo ./flash i945apple_firstflash `[`yourrom.rom`](#rom) +`$ sudo ./flash i945apple_firstflash `[`yourrom.rom`](#rom) You should also see within the output the following: diff --git a/docs/install/rpi_setup.md b/docs/install/rpi_setup.md index e46191e7..b083aac9 100644 --- a/docs/install/rpi_setup.md +++ b/docs/install/rpi_setup.md @@ -150,7 +150,7 @@ successfully. If not, just flash again. Pi](http://scruss.com/blog/2013/02/02/simple-adc-with-the-raspberry-pi/) - [Flashing coreboot on a T60 with a Raspberry Pi - the\_unconventional's - blog](https://blogs.fsfe.org/the_unconventional/2015/05/08/flashing-coreboot-on-a-t60-with-a-raspberry-pi/) + blog](https://web.archive.org/web/20150709043222/http://blogs.fsfe.org:80/the_unconventional/2015/05/08/coreboot-t60-raspberry-pi/) - *Pomona SOIC Clip flashing* - [Arch Linux Wiki - Installing Arch Linux on Chromebook](https://wiki.archlinux.org/index.php/Chromebook) diff --git a/projects/grub/patches/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch b/projects/grub/patches/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch new file mode 100644 index 00000000..1d537e87 --- /dev/null +++ b/projects/grub/patches/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch @@ -0,0 +1,73 @@ +From 8dde1d7be2dd321a375570b7ff7e22bb01293044 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens <lynxis@fe80.eu> +Date: Fri, 4 Dec 2015 17:10:42 +0100 +Subject: [PATCH 08/10] mkstandalone: add argument --fixed-time to override + mtime of files + +mkstandalone adds several files to an archive. Doing this it uses the +mtime to give these files a timestamp. +--fixed-time <TIME_EPOCH> overrides these timestamps with a given. + +Replacing all timestamps with a specific one is required +to get reproducible builds. See source epoch specification of +reproducible-builds.org +--- + util/grub-mkstandalone.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c +index 4907d44..047f0cd 100644 +--- a/util/grub-mkstandalone.c ++++ b/util/grub-mkstandalone.c +@@ -30,6 +30,7 @@ + #pragma GCC diagnostic error "-Wmissing-prototypes" + #pragma GCC diagnostic error "-Wmissing-declarations" + ++static time_t fixed_time; + static char *output_image; + static char **files; + static int nfiles; +@@ -48,6 +49,7 @@ static struct argp_option options[] = { + 0, N_("save output in FILE [required]"), 2}, + {"format", 'O', N_("FILE"), 0, 0, 2}, + {"compression", 'C', "xz|none|auto", OPTION_HIDDEN, 0, 2}, ++ {"fixed-time", 't', N_("TIMEEPOCH"), 0, N_("Use a fixed timestamp to override mtime of all files. Time since epoch is used."), 2}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -72,6 +74,7 @@ help_filter (int key, const char *text, void *input __attribute__ ((unused))) + static error_t + argp_parser (int key, char *arg, struct argp_state *state) + { ++ char *b; + if (key == 'C') + key = GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS; + +@@ -80,6 +83,14 @@ argp_parser (int key, char *arg, struct argp_state *state) + + switch (key) + { ++ case 't': ++ fixed_time = strtoll (arg, &b, 10); ++ if (*b !='\0') { ++ printf (_("invalid fixed time number: %s\n"), arg); ++ argp_usage (state); ++ exit (1); ++ } ++ break; + + case 'o': + if (output_image) +@@ -192,7 +203,8 @@ add_tar_file (const char *from, + if (grub_util_is_special_file (from)) + return; + +- mtime = grub_util_get_mtime (from); ++ /* use fixed_time if given for mtime */ ++ mtime = fixed_time != -1 ? fixed_time : grub_util_get_mtime (from); + + optr = tcn = xmalloc (strlen (to) + 1); + for (iptr = to; *iptr == '/'; iptr++); +-- +1.9.1 + diff --git a/projects/grub/patches/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch b/projects/grub/patches/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch new file mode 100644 index 00000000..0612ade0 --- /dev/null +++ b/projects/grub/patches/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch @@ -0,0 +1,68 @@ +From 0f1e1a29d4d019e7b2b1a3ac3db7ca22c75e8d88 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens <lynxis@fe80.eu> +Date: Fri, 4 Dec 2015 17:10:43 +0100 +Subject: [PATCH 09/10] mkrescue: add argument --fixed-time to get reproducible + uuids + +The uuid generation is based on the time. +--- + util/grub-mkrescue.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c +index 238d484..a3e0155 100644 +--- a/util/grub-mkrescue.c ++++ b/util/grub-mkrescue.c +@@ -52,6 +52,7 @@ static int xorriso_arg_alloc; + static char **xorriso_argv; + static char *iso_uuid; + static char *iso9660_dir; ++static time_t fixed_time; + + static void + xorriso_push (const char *val) +@@ -110,6 +111,7 @@ static struct argp_option options[] = { + {"product-version", OPTION_PRODUCT_VERSION, N_("STRING"), 0, N_("use STRING as product version"), 2}, + {"sparc-boot", OPTION_SPARC_BOOT, 0, 0, N_("enable sparc boot. Disables HFS+, APM, ARCS and boot as disk image for i386-pc"), 2}, + {"arcs-boot", OPTION_ARCS_BOOT, 0, 0, N_("enable ARCS (big-endian mips machines, mostly SGI) boot. Disables HFS+, APM, sparc64 and boot as disk image for i386-pc"), 2}, ++ {"fixed-time", 't', N_("TIMEEPOCH"), 0, N_("use a fixed timestamp for uuid generation"), 2}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -153,6 +155,8 @@ enum { + static error_t + argp_parser (int key, char *arg, struct argp_state *state) + { ++ char *b; ++ + if (grub_install_parse (key, arg)) + return 0; + switch (key) +@@ -212,6 +216,15 @@ argp_parser (int key, char *arg, struct argp_state *state) + xorriso = xstrdup (arg); + return 0; + ++ case 't': ++ fixed_time = strtoll (arg, &b, 10); ++ if (*b !='\0') { ++ printf (_("invalid fixed time number: %s\n"), arg); ++ argp_usage (state); ++ exit (1); ++ } ++ return 0; ++ + default: + return ARGP_ERR_UNKNOWN; + } +@@ -542,7 +555,7 @@ main (int argc, char *argv[]) + { + time_t tim; + struct tm *tmm; +- tim = time (NULL); ++ tim = fixed_time != -1 ? fixed_time : time (NULL); + tmm = gmtime (&tim); + iso_uuid = xmalloc (55); + grub_snprintf (iso_uuid, 50, +-- +1.9.1 + diff --git a/projects/grub/patches/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch b/projects/grub/patches/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch new file mode 100644 index 00000000..f06dbfb5 --- /dev/null +++ b/projects/grub/patches/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch @@ -0,0 +1,30 @@ +From 57174ed960905be4f9c229bbf3913b25745dbfd9 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens <lynxis@fe80.eu> +Date: Fri, 4 Dec 2015 17:10:44 +0100 +Subject: [PATCH 10/10] Makefile: use FIXED_TIMESTAMP for mkstandalone if set + +mkstandalone sets timestamps for files which can be overriden by a fixed_timestamp. +This makes it possible to build reproducible builds for coreboot. + +To build a reproducible build of grub for coreboot do: +make default_payload.elf FIXED_TIMESTAMP=1134242 +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 00a9663..ed7f148 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -411,7 +411,7 @@ bootcheck: $(BOOTCHECKS) + if COND_i386_coreboot + default_payload.elf: grub-mkstandalone grub-mkimage FORCE + test -f $@ && rm $@ || true +- pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help syslinuxcfg xnu $(shell cat grub-core/fs.lst) password_pbkdf2 $(EXTRA_PAYLOAD_MODULES)' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg ++ pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help syslinuxcfg xnu $(shell cat grub-core/fs.lst) password_pbkdf2 $(EXTRA_PAYLOAD_MODULES)' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg $(if $(FIXED_TIMESTAMP),-t $(FIXED_TIMESTAMP)) + endif + + endif +-- +1.9.1 + diff --git a/projects/ich9gen/sources/src/gbe/gbe.h b/projects/ich9gen/sources/src/gbe/gbe.h index 14548e71..f28f4421 100644 --- a/projects/ich9gen/sources/src/gbe/gbe.h +++ b/projects/ich9gen/sources/src/gbe/gbe.h @@ -35,7 +35,7 @@ * * Info about Gbe region (read whole datasheet): * http://www.intel.co.uk/content/dam/doc/application-note/i-o-controller-hub-9m-82567lf-lm-v-nvm-map-appl-note.pdf - * https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums + * https://web.archive.org/web/20150912070329/https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums */ #ifndef GBESTRUCT_H diff --git a/projects/ich9gen/sources/src/ich9deblob.c b/projects/ich9gen/sources/src/ich9deblob.c index b9153ed6..d7a57c51 100644 --- a/projects/ich9gen/sources/src/ich9deblob.c +++ b/projects/ich9gen/sources/src/ich9deblob.c @@ -42,7 +42,7 @@ * * Info about Gbe region (read whole datasheet): * http://www.intel.co.uk/content/dam/doc/application-note/i-o-controller-hub-9m-82567lf-lm-v-nvm-map-appl-note.pdf - * https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums + * https://web.archive.org/web/20150912070329/https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums */ #include "ich9deblob.h" diff --git a/resources/grub/config/menuentries/common.cfg b/resources/grub/config/menuentries/common.cfg index d65f86fb..59e1e32e 100644 --- a/resources/grub/config/menuentries/common.cfg +++ b/resources/grub/config/menuentries/common.cfg @@ -64,13 +64,13 @@ menuentry 'Load Operating System (incl. fully encrypted disks) [o]' --hotkey='o # on raw crypto devices as well as inside LVM volumes this time. # The user will be prompted for a passphrase if a LUKS header was found. - for dev in ahci0 ata0 usb0 ${lvm}; do + for dev usb1 usb0 ahci1 ahci0 ata1 ata0 ${lvm}; do cryptomount "(${dev})" done # 3) encrypted devices/partitions - for i in 0 1; do + for i in 1 0; do for part in 1 2 3 4 5; do - for type in ahci ata; do + for type in usb ahci ata; do cryptomount "(${type}${i},${part})" done done diff --git a/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch b/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch new file mode 100644 index 00000000..1d537e87 --- /dev/null +++ b/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch @@ -0,0 +1,73 @@ +From 8dde1d7be2dd321a375570b7ff7e22bb01293044 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens <lynxis@fe80.eu> +Date: Fri, 4 Dec 2015 17:10:42 +0100 +Subject: [PATCH 08/10] mkstandalone: add argument --fixed-time to override + mtime of files + +mkstandalone adds several files to an archive. Doing this it uses the +mtime to give these files a timestamp. +--fixed-time <TIME_EPOCH> overrides these timestamps with a given. + +Replacing all timestamps with a specific one is required +to get reproducible builds. See source epoch specification of +reproducible-builds.org +--- + util/grub-mkstandalone.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c +index 4907d44..047f0cd 100644 +--- a/util/grub-mkstandalone.c ++++ b/util/grub-mkstandalone.c +@@ -30,6 +30,7 @@ + #pragma GCC diagnostic error "-Wmissing-prototypes" + #pragma GCC diagnostic error "-Wmissing-declarations" + ++static time_t fixed_time; + static char *output_image; + static char **files; + static int nfiles; +@@ -48,6 +49,7 @@ static struct argp_option options[] = { + 0, N_("save output in FILE [required]"), 2}, + {"format", 'O', N_("FILE"), 0, 0, 2}, + {"compression", 'C', "xz|none|auto", OPTION_HIDDEN, 0, 2}, ++ {"fixed-time", 't', N_("TIMEEPOCH"), 0, N_("Use a fixed timestamp to override mtime of all files. Time since epoch is used."), 2}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -72,6 +74,7 @@ help_filter (int key, const char *text, void *input __attribute__ ((unused))) + static error_t + argp_parser (int key, char *arg, struct argp_state *state) + { ++ char *b; + if (key == 'C') + key = GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS; + +@@ -80,6 +83,14 @@ argp_parser (int key, char *arg, struct argp_state *state) + + switch (key) + { ++ case 't': ++ fixed_time = strtoll (arg, &b, 10); ++ if (*b !='\0') { ++ printf (_("invalid fixed time number: %s\n"), arg); ++ argp_usage (state); ++ exit (1); ++ } ++ break; + + case 'o': + if (output_image) +@@ -192,7 +203,8 @@ add_tar_file (const char *from, + if (grub_util_is_special_file (from)) + return; + +- mtime = grub_util_get_mtime (from); ++ /* use fixed_time if given for mtime */ ++ mtime = fixed_time != -1 ? fixed_time : grub_util_get_mtime (from); + + optr = tcn = xmalloc (strlen (to) + 1); + for (iptr = to; *iptr == '/'; iptr++); +-- +1.9.1 + diff --git a/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch b/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch new file mode 100644 index 00000000..0612ade0 --- /dev/null +++ b/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch @@ -0,0 +1,68 @@ +From 0f1e1a29d4d019e7b2b1a3ac3db7ca22c75e8d88 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens <lynxis@fe80.eu> +Date: Fri, 4 Dec 2015 17:10:43 +0100 +Subject: [PATCH 09/10] mkrescue: add argument --fixed-time to get reproducible + uuids + +The uuid generation is based on the time. +--- + util/grub-mkrescue.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c +index 238d484..a3e0155 100644 +--- a/util/grub-mkrescue.c ++++ b/util/grub-mkrescue.c +@@ -52,6 +52,7 @@ static int xorriso_arg_alloc; + static char **xorriso_argv; + static char *iso_uuid; + static char *iso9660_dir; ++static time_t fixed_time; + + static void + xorriso_push (const char *val) +@@ -110,6 +111,7 @@ static struct argp_option options[] = { + {"product-version", OPTION_PRODUCT_VERSION, N_("STRING"), 0, N_("use STRING as product version"), 2}, + {"sparc-boot", OPTION_SPARC_BOOT, 0, 0, N_("enable sparc boot. Disables HFS+, APM, ARCS and boot as disk image for i386-pc"), 2}, + {"arcs-boot", OPTION_ARCS_BOOT, 0, 0, N_("enable ARCS (big-endian mips machines, mostly SGI) boot. Disables HFS+, APM, sparc64 and boot as disk image for i386-pc"), 2}, ++ {"fixed-time", 't', N_("TIMEEPOCH"), 0, N_("use a fixed timestamp for uuid generation"), 2}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -153,6 +155,8 @@ enum { + static error_t + argp_parser (int key, char *arg, struct argp_state *state) + { ++ char *b; ++ + if (grub_install_parse (key, arg)) + return 0; + switch (key) +@@ -212,6 +216,15 @@ argp_parser (int key, char *arg, struct argp_state *state) + xorriso = xstrdup (arg); + return 0; + ++ case 't': ++ fixed_time = strtoll (arg, &b, 10); ++ if (*b !='\0') { ++ printf (_("invalid fixed time number: %s\n"), arg); ++ argp_usage (state); ++ exit (1); ++ } ++ return 0; ++ + default: + return ARGP_ERR_UNKNOWN; + } +@@ -542,7 +555,7 @@ main (int argc, char *argv[]) + { + time_t tim; + struct tm *tmm; +- tim = time (NULL); ++ tim = fixed_time != -1 ? fixed_time : time (NULL); + tmm = gmtime (&tim); + iso_uuid = xmalloc (55); + grub_snprintf (iso_uuid, 50, +-- +1.9.1 + diff --git a/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch b/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch new file mode 100644 index 00000000..f06dbfb5 --- /dev/null +++ b/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch @@ -0,0 +1,30 @@ +From 57174ed960905be4f9c229bbf3913b25745dbfd9 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens <lynxis@fe80.eu> +Date: Fri, 4 Dec 2015 17:10:44 +0100 +Subject: [PATCH 10/10] Makefile: use FIXED_TIMESTAMP for mkstandalone if set + +mkstandalone sets timestamps for files which can be overriden by a fixed_timestamp. +This makes it possible to build reproducible builds for coreboot. + +To build a reproducible build of grub for coreboot do: +make default_payload.elf FIXED_TIMESTAMP=1134242 +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 00a9663..ed7f148 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -411,7 +411,7 @@ bootcheck: $(BOOTCHECKS) + if COND_i386_coreboot + default_payload.elf: grub-mkstandalone grub-mkimage FORCE + test -f $@ && rm $@ || true +- pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help syslinuxcfg xnu $(shell cat grub-core/fs.lst) password_pbkdf2 $(EXTRA_PAYLOAD_MODULES)' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg ++ pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help syslinuxcfg xnu $(shell cat grub-core/fs.lst) password_pbkdf2 $(EXTRA_PAYLOAD_MODULES)' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg $(if $(FIXED_TIMESTAMP),-t $(FIXED_TIMESTAMP)) + endif + + endif +-- +1.9.1 + diff --git a/resources/scripts/helpers/download/bucts b/resources/scripts/helpers/download/bucts index 7bea3e65..b57df1fd 100755 --- a/resources/scripts/helpers/download/bucts +++ b/resources/scripts/helpers/download/bucts @@ -37,7 +37,7 @@ rm -Rf "bucts/" # ------------------------------------------------------------------------------ # download it using git -git clone git://git.stuge.se/bucts.git +git clone https://notabug.org/libreboot/bucts.git # modifications are required cd "bucts/" diff --git a/resources/scripts/helpers/download/grub b/resources/scripts/helpers/download/grub index c0a298cb..3ec8a8fb 100755 --- a/resources/scripts/helpers/download/grub +++ b/resources/scripts/helpers/download/grub @@ -49,6 +49,11 @@ git reset --hard e54c99aaff5e5f6f5d3b06028506c57e66d8ef77 # Replace "GNU GRUB version" in GRUB screen with "FREE AS IN FREEDOM" git am "../resources/grub/patch/0001-grub-core-normal-main.c-Display-FREE-AS-IN-FREEDOM-n.patch" +# Enable reproducible builds +git am "../resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch" +git am "../resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch" +git am "../resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch" + cd "../" # Also download SeaBIOS, which we use with GRUB, to implement SeaGRUB diff --git a/resources/scripts/helpers/download/seabios b/resources/scripts/helpers/download/seabios index 75299f2d..b773ec59 100755 --- a/resources/scripts/helpers/download/seabios +++ b/resources/scripts/helpers/download/seabios @@ -35,7 +35,7 @@ rm -rf "seabios/" # ------------------------------------------------------------------------------ # download it using git -git clone git://git.seabios.org/seabios.git seabios +git clone https://git.seabios.org/seabios.git seabios ( # modifications are required diff --git a/resources/utilities/ich9deblob/src/gbe/gbe.h b/resources/utilities/ich9deblob/src/gbe/gbe.h index a1350fdd..454ab2a2 100644 --- a/resources/utilities/ich9deblob/src/gbe/gbe.h +++ b/resources/utilities/ich9deblob/src/gbe/gbe.h @@ -35,7 +35,7 @@ * * Info about Gbe region (read whole datasheet): * http://www.intel.co.uk/content/dam/doc/application-note/i-o-controller-hub-9m-82567lf-lm-v-nvm-map-appl-note.pdf - * https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums + * https://web.archive.org/web/20150912070329/https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums */ #ifndef GBESTRUCT_H diff --git a/resources/utilities/ich9deblob/src/ich9deblob.c b/resources/utilities/ich9deblob/src/ich9deblob.c index d79a3a89..d0fc537a 100644 --- a/resources/utilities/ich9deblob/src/ich9deblob.c +++ b/resources/utilities/ich9deblob/src/ich9deblob.c @@ -42,7 +42,7 @@ * * Info about Gbe region (read whole datasheet): * http://www.intel.co.uk/content/dam/doc/application-note/i-o-controller-hub-9m-82567lf-lm-v-nvm-map-appl-note.pdf - * https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums + * https://web.archive.org/web/20150912070329/https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums */ #include "ich9deblob.h" @@ -13,6 +13,10 @@ You can submit your patches via Information about how the Libreboot project is governed is documented in our [general management guidelines](management.md). +Libreboot development is done using the Git version control system. +Refer to the [official Git documentation](https://git-scm.com/doc) if you don't +know how to use Git. + Editing the website and documentation, wiki-style ------------------------------------------------- diff --git a/www/news/andrew-robbins-new-maintainer.md b/www/news/andrew-robbins-new-maintainer.md index 50c43d3a..65fd8a3c 100644 --- a/www/news/andrew-robbins-new-maintainer.md +++ b/www/news/andrew-robbins-new-maintainer.md @@ -9,7 +9,7 @@ voted on by the maintainers with community input. These policies formalise our democratic standards. Today, we welcome Andrew Robbins (IRC nick `and_who` and -[NotABug](https://notabug.org) user [kragle](https://notabug.org/kragle)) as +[NotABug](https://notabug.org) user [and_who](https://notabug.org/and_who)) as our first new maintainer under the new policy. Going forward, Andrew will gain push access to Libreboot in order to review patches, as well as voting rights and IRC operator status. diff --git a/www/news/leah-fundraiser.md b/www/news/leah-fundraiser.md index 5a5b7b20..529547eb 100644 --- a/www/news/leah-fundraiser.md +++ b/www/news/leah-fundraiser.md @@ -1,6 +1,6 @@ % Help Leah, founder of Libreboot, get Gender Reassignment Surgery % Leah Rowe -% 19 April 2017 +% 19 April 2018 I spoke with Andrew Robbins and Swift Geek on #libreboot IRC. These are two other members of the core Libreboot community. This news post was submitted to diff --git a/www/suppliers.md b/www/suppliers.md index 78b56f9f..4432d86b 100644 --- a/www/suppliers.md +++ b/www/suppliers.md @@ -22,7 +22,7 @@ endorsement on a computer system, and invests money directly into Libreboot. Laptops: -- [Libreboot X200 Tablet laptop](https://minifree.org/product/libreboot-x200-tablet/) (FSF RYF certification pending) +- [Libreboot X200 Tablet laptop](https://minifree.org/product/libreboot-x200-tablet/) (FSF RYF certified) - [Libreboot X200 laptop](https://minifree.org/product/libreboot-x200/) (FSF RYF certified) - [Libreboot T400 laptop](https://minifree.org/product/libreboot-t400/) (FSF RYF certified) @@ -58,6 +58,12 @@ firmware and operating system preinstalled, *from the factory*. Website for pre-orders: <https://www.raptorcs.com/TALOSII/> +They have 2 systems available: + +- [TALOS II Lite](https://secure.raptorcs.com/content/TL1BC1/purchase.html) + (this is the cheaper version) +- [TALOS II](https://secure.raptorcs.com/content/TL2WK2/intro.html) + NOTE: this isn't technically Libreboot, but the boot firmware is entirely free. This is the same company that ported the ASUS KFSN4-DRE, KGPE-D16 and KCMA-D8 |