diff options
24 files changed, 420 insertions, 40 deletions
diff --git a/docs/gnulinux/configuring_parabola.md b/docs/gnulinux/configuring_parabola.md index 1e525f59..935ff099 100644 --- a/docs/gnulinux/configuring_parabola.md +++ b/docs/gnulinux/configuring_parabola.md @@ -63,7 +63,7 @@ For more information related to `pacman`, review the following articles on the A * [Configuring pacman](https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman) * [Using pacman](https://wiki.archlinux.org/index.php/Pacman) -* [Additional Repositories](https://wiki.parabolagnulinux.org/Official_Repositories>) +* [Additional Repositories](https://wiki.parabolagnulinux.org/Official_Repositories) ## Updating Parabola Parabola is kept up-to-date, using `pacman`. When you are updating Parabola, diff --git a/docs/gnulinux/encrypted_parabola.md b/docs/gnulinux/encrypted_parabola.md index 74c74fce..5ff070a6 100644 --- a/docs/gnulinux/encrypted_parabola.md +++ b/docs/gnulinux/encrypted_parabola.md @@ -102,7 +102,7 @@ You can either fill the header with zeroes, or with random data; again, I chose Also, if you're using an SSD, there are a two things you should keep in mind: - There are issues with TRIM; it's not enabled by default through LUKS, -and there are security issues, if you do enable it. See [this page](https://wiki.archlinux.org/index.php/Dm-cryptSpecialties#Discard.2FTRIM_support_for_solid_state_drives_.28SSD.29) for more info. +and there are security issues, if you do enable it. See [this page](https://wiki.archlinux.org/index.php/Dm-crypt#Specialties) for more info. - Make sure to read [this article](https://wiki.archlinux.org/index.php/Solid_State_Drives), for information on managing SSD's in Arch Linux (the information applies to Parabola, as well). @@ -381,7 +381,7 @@ for the LUKS passphrase, apply here as well. You will set this password with the ### Extra Security Tweaks There are some final changes that we can make to the installation, to make it -significantly more secure; these are based on the [Security](https://wiki.archlinux.org/index.php/Securit) section of the Arch wiki. +significantly more secure; these are based on the [Security](https://wiki.archlinux.org/index.php/Security) section of the Arch wiki. #### Key Strengthening We will want to open the configuration file for password settings, and increase @@ -422,7 +422,7 @@ Edit configuration in `/etc/default/grub`, remembering to use UUID when poitning Use `blkid` to get list of devices with their respective UUIDs. Next generate grub.cfg with - # grub-mkconfig /boot/grub/grub.cfg + # grub-mkconfig -o /boot/grub/grub.cfg If you have separate `/boot` partition, don't forget to add `boot` symlink inside that points to current directory diff --git a/docs/gnulinux/grub_boot_installer.md b/docs/gnulinux/grub_boot_installer.md index 7086b71d..7d4375e6 100644 --- a/docs/gnulinux/grub_boot_installer.md +++ b/docs/gnulinux/grub_boot_installer.md @@ -25,7 +25,7 @@ Overwrite the drive, writing your distro ISO to it with `dd`. For example, if we That's it! You should now be able to boot the installer from your USB drive (the instructions for doing so will be given later). ## Prepare the USB drive in NetBSD -[This page](https://wiki.netbsd.org/tutorials how_to_install_netbsd_from_an_usb_memory_stick/) on the NetBSD website shows how to create a NetBSD bootable USB drive, from within NetBSD itself. You should the `dd` method documented there. This will work with any GNU+Linux ISO image. +[This page](https://wiki.netbsd.org/tutorials/how_to_install_netbsd_from_an_usb_memory_stick/) on the NetBSD website shows how to create a NetBSD bootable USB drive, from within NetBSD itself. You should the `dd` method documented there. This will work with any GNU+Linux ISO image. ## Prepare the USB drive in FreeBSD [This page](https://www.freebsd.org/doc/handbook/bsdinstall-pre.html) on the FreeBSD website shows how to create a bootable USB drive for installing FreeBSD. Use the `dd` method documented. This will work with any GNU+Linux ISO image. diff --git a/docs/gnulinux/grub_hardening.md b/docs/gnulinux/grub_hardening.md index 9eb7237e..e1329f21 100644 --- a/docs/gnulinux/grub_hardening.md +++ b/docs/gnulinux/grub_hardening.md @@ -33,7 +33,7 @@ Helpful links: - [GRUB manual](https://www.gnu.org/software/grub/manual/html_node/Security.html#Security) - [GRUB info pages](http://git.savannah.gnu.org/cgit/grub.git/tree/docs/grub.texi) -- [SATA connected storage considered dangerous.](../../faq.md#firmware-hddssd) +- [SATA connected storage considered dangerous.](../../faq.md#hddssd-firmware) - [Coreboot GRUB security howto](https://www.coreboot.org/GRUB2#Security) GRUB Password diff --git a/docs/hardware/gm45_remove_me.md b/docs/hardware/gm45_remove_me.md index 0ac2f49b..26e5f9f6 100644 --- a/docs/hardware/gm45_remove_me.md +++ b/docs/hardware/gm45_remove_me.md @@ -418,7 +418,7 @@ region. According to the datasheet, it's supposed to add up to 0xBABA but can actually be others on the X200. -<https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums> +<https://web.archive.org/web/20150912070329/https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums> *"One of those engineers loves classic rock music, so they selected 0xBABA"* diff --git a/docs/hardware/x200.md b/docs/hardware/x200.md index 10f5f621..fdf992d1 100644 --- a/docs/hardware/x200.md +++ b/docs/hardware/x200.md @@ -132,12 +132,6 @@ comparing it with X200 (factory BIOS) and X200 (gm45 raminit code in coreboot), to see what the differences are. Then tweak raminit code based on that. -Trouble undocking (button doesn't work) ----------------------------------------- - -This person seems to have a workaround: -<https://github.com/the-unconventional/libreboot-undock> - LCD compatibility list {#lcd_supported_list} ---------------------- diff --git a/docs/install/index.md b/docs/install/index.md index d4ac2f13..b54dca15 100644 --- a/docs/install/index.md +++ b/docs/install/index.md @@ -62,10 +62,12 @@ they don't have to build anything from source on their own. The ROM images in each archive use the following at the end of the file name, if they are built with the GRUB payload: `*_*keymap*_*mode*.rom` -Available `modes`: `vesafb` or `txtmode`. The `vesafb` ROM images -are recommended, in most cases; `txtmode` ROM images come with -MemTest86+, which requires text-mode instead of the usual framebuffer -used by coreboot native graphics initialization. +Available modes: vesafb or txtmode. The vesafb ROM images are recommended +for regular use, but when flashing for the first time use txtmode version, +as it comes with Memtest86+, which requires text-mode instead of the usual +framebuffer used by coreboot native graphics initialization. +Machine should be tested with Memtest86+ after each reassembly or changing +from vendor bios to libreboot due to differences in raminit code. `keymap` can be one of several keymaps that keyboard supports (there are quite a few), which affects the keyboard layout configuration that is @@ -169,7 +171,7 @@ ASUS KCMA-D8? ------------- If you have the proprietary BIOS, you need to flash libreboot -externally. See [kcma-d8.md](kgpe-d8.md). +externally. See [kcma-d8.md](kcma-d8.md). If you already have coreboot or libreboot installed, without write protection on the flash chip, then you can do it in software (otherwise, @@ -244,7 +246,7 @@ Flash chip size Use this to find out: - # flashrom -p internal -V + # flashrom -p internal All good? --------- @@ -264,13 +266,13 @@ executables from the libreboot source code archives. How to update the flash chip contents: -`$ sudo ./flash update `[`yourrom.rom`](#rom) +`$ sudo ./flash update `[`yourrom.rom`](#rom) Ocassionally, coreboot changes the name of a given board. If flashrom complains about a board mismatch, but you are sure that you chose the correct ROM image, then run this alternative command: - `$ sudo ./flash forceupdate `[`yourrom.rom`](#rom) + `$ sudo ./flash forceupdate `[`yourrom.rom`](#rom) You should see `Verifying flash... VERIFIED.` written at the end of the flashrom output. *Shut down* after you see this, and then boot @@ -305,7 +307,7 @@ the flashing script. do this: * The first half of the procedure is as follows: -`$ sudo ./flash i945lenovo_firstflash `[`yourrom.rom`](#rom) +`$ sudo ./flash i945lenovo_firstflash `[`yourrom.rom`](#rom) You should see within the output the following: @@ -332,11 +334,11 @@ needed (see below). When you have booted up again, you must also do this: -`$ sudo ./flash i945lenovo_secondflash `[`yourrom.rom`](#rom) +`$ sudo ./flash i945lenovo_secondflash `[`yourrom.rom`](#rom) If flashing fails at this stage, try the following: -`$ sudo ./flashrom/i686/flashrom -p internal:laptop=force_I_want_a_brick -w `[`yourrom.rom`](#rom) +`$ sudo ./flashrom/i686/flashrom -p internal:laptop=force_I_want_a_brick -w `[`yourrom.rom`](#rom) You should see within the output the following: @@ -372,7 +374,7 @@ with your device. Use this flashing script, to install libreboot: -`$ sudo ./flash i945apple_firstflash `[`yourrom.rom`](#rom) +`$ sudo ./flash i945apple_firstflash `[`yourrom.rom`](#rom) You should also see within the output the following: diff --git a/docs/install/rpi_setup.md b/docs/install/rpi_setup.md index e46191e7..b083aac9 100644 --- a/docs/install/rpi_setup.md +++ b/docs/install/rpi_setup.md @@ -150,7 +150,7 @@ successfully. If not, just flash again. Pi](http://scruss.com/blog/2013/02/02/simple-adc-with-the-raspberry-pi/) - [Flashing coreboot on a T60 with a Raspberry Pi - the\_unconventional's - blog](https://blogs.fsfe.org/the_unconventional/2015/05/08/flashing-coreboot-on-a-t60-with-a-raspberry-pi/) + blog](https://web.archive.org/web/20150709043222/http://blogs.fsfe.org:80/the_unconventional/2015/05/08/coreboot-t60-raspberry-pi/) - *Pomona SOIC Clip flashing* - [Arch Linux Wiki - Installing Arch Linux on Chromebook](https://wiki.archlinux.org/index.php/Chromebook) diff --git a/docs/install/t500_external.md b/docs/install/t500_external.md index c9b85a5d..9e114bca 100644 --- a/docs/install/t500_external.md +++ b/docs/install/t500_external.md @@ -362,11 +362,12 @@ Not to be confused with wifi (wifi is fine). Memory ====== -You need DDR3 SODIMM PC3-8500 RAM installed, in matching pairs -(speed/size). Non-matching pairs won't work. You can also install a +DDR3 SO-DIMM sticks will work at PC3-8500 clock and voltage, so make sure that +timings of sticks are matched while they operate at its frequency. +Non-matching pairs won't work. You can also install a single module (meaning, one of the slots will be empty) in slot 0. -Make sure that the RAM you buy is the 2Rx8 density. +Make sure that the RAM you buy has 2Rx8 arrangement when buying 4GiB modules. [This page](http://www.forum.thinkpads.com/viewtopic.php?p=760721) might be useful for RAM compatibility info (note: coreboot raminit is diff --git a/projects/grub/patches/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch b/projects/grub/patches/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch new file mode 100644 index 00000000..1d537e87 --- /dev/null +++ b/projects/grub/patches/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch @@ -0,0 +1,73 @@ +From 8dde1d7be2dd321a375570b7ff7e22bb01293044 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens <lynxis@fe80.eu> +Date: Fri, 4 Dec 2015 17:10:42 +0100 +Subject: [PATCH 08/10] mkstandalone: add argument --fixed-time to override + mtime of files + +mkstandalone adds several files to an archive. Doing this it uses the +mtime to give these files a timestamp. +--fixed-time <TIME_EPOCH> overrides these timestamps with a given. + +Replacing all timestamps with a specific one is required +to get reproducible builds. See source epoch specification of +reproducible-builds.org +--- + util/grub-mkstandalone.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c +index 4907d44..047f0cd 100644 +--- a/util/grub-mkstandalone.c ++++ b/util/grub-mkstandalone.c +@@ -30,6 +30,7 @@ + #pragma GCC diagnostic error "-Wmissing-prototypes" + #pragma GCC diagnostic error "-Wmissing-declarations" + ++static time_t fixed_time; + static char *output_image; + static char **files; + static int nfiles; +@@ -48,6 +49,7 @@ static struct argp_option options[] = { + 0, N_("save output in FILE [required]"), 2}, + {"format", 'O', N_("FILE"), 0, 0, 2}, + {"compression", 'C', "xz|none|auto", OPTION_HIDDEN, 0, 2}, ++ {"fixed-time", 't', N_("TIMEEPOCH"), 0, N_("Use a fixed timestamp to override mtime of all files. Time since epoch is used."), 2}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -72,6 +74,7 @@ help_filter (int key, const char *text, void *input __attribute__ ((unused))) + static error_t + argp_parser (int key, char *arg, struct argp_state *state) + { ++ char *b; + if (key == 'C') + key = GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS; + +@@ -80,6 +83,14 @@ argp_parser (int key, char *arg, struct argp_state *state) + + switch (key) + { ++ case 't': ++ fixed_time = strtoll (arg, &b, 10); ++ if (*b !='\0') { ++ printf (_("invalid fixed time number: %s\n"), arg); ++ argp_usage (state); ++ exit (1); ++ } ++ break; + + case 'o': + if (output_image) +@@ -192,7 +203,8 @@ add_tar_file (const char *from, + if (grub_util_is_special_file (from)) + return; + +- mtime = grub_util_get_mtime (from); ++ /* use fixed_time if given for mtime */ ++ mtime = fixed_time != -1 ? fixed_time : grub_util_get_mtime (from); + + optr = tcn = xmalloc (strlen (to) + 1); + for (iptr = to; *iptr == '/'; iptr++); +-- +1.9.1 + diff --git a/projects/grub/patches/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch b/projects/grub/patches/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch new file mode 100644 index 00000000..0612ade0 --- /dev/null +++ b/projects/grub/patches/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch @@ -0,0 +1,68 @@ +From 0f1e1a29d4d019e7b2b1a3ac3db7ca22c75e8d88 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens <lynxis@fe80.eu> +Date: Fri, 4 Dec 2015 17:10:43 +0100 +Subject: [PATCH 09/10] mkrescue: add argument --fixed-time to get reproducible + uuids + +The uuid generation is based on the time. +--- + util/grub-mkrescue.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c +index 238d484..a3e0155 100644 +--- a/util/grub-mkrescue.c ++++ b/util/grub-mkrescue.c +@@ -52,6 +52,7 @@ static int xorriso_arg_alloc; + static char **xorriso_argv; + static char *iso_uuid; + static char *iso9660_dir; ++static time_t fixed_time; + + static void + xorriso_push (const char *val) +@@ -110,6 +111,7 @@ static struct argp_option options[] = { + {"product-version", OPTION_PRODUCT_VERSION, N_("STRING"), 0, N_("use STRING as product version"), 2}, + {"sparc-boot", OPTION_SPARC_BOOT, 0, 0, N_("enable sparc boot. Disables HFS+, APM, ARCS and boot as disk image for i386-pc"), 2}, + {"arcs-boot", OPTION_ARCS_BOOT, 0, 0, N_("enable ARCS (big-endian mips machines, mostly SGI) boot. Disables HFS+, APM, sparc64 and boot as disk image for i386-pc"), 2}, ++ {"fixed-time", 't', N_("TIMEEPOCH"), 0, N_("use a fixed timestamp for uuid generation"), 2}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -153,6 +155,8 @@ enum { + static error_t + argp_parser (int key, char *arg, struct argp_state *state) + { ++ char *b; ++ + if (grub_install_parse (key, arg)) + return 0; + switch (key) +@@ -212,6 +216,15 @@ argp_parser (int key, char *arg, struct argp_state *state) + xorriso = xstrdup (arg); + return 0; + ++ case 't': ++ fixed_time = strtoll (arg, &b, 10); ++ if (*b !='\0') { ++ printf (_("invalid fixed time number: %s\n"), arg); ++ argp_usage (state); ++ exit (1); ++ } ++ return 0; ++ + default: + return ARGP_ERR_UNKNOWN; + } +@@ -542,7 +555,7 @@ main (int argc, char *argv[]) + { + time_t tim; + struct tm *tmm; +- tim = time (NULL); ++ tim = fixed_time != -1 ? fixed_time : time (NULL); + tmm = gmtime (&tim); + iso_uuid = xmalloc (55); + grub_snprintf (iso_uuid, 50, +-- +1.9.1 + diff --git a/projects/grub/patches/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch b/projects/grub/patches/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch new file mode 100644 index 00000000..f06dbfb5 --- /dev/null +++ b/projects/grub/patches/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch @@ -0,0 +1,30 @@ +From 57174ed960905be4f9c229bbf3913b25745dbfd9 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens <lynxis@fe80.eu> +Date: Fri, 4 Dec 2015 17:10:44 +0100 +Subject: [PATCH 10/10] Makefile: use FIXED_TIMESTAMP for mkstandalone if set + +mkstandalone sets timestamps for files which can be overriden by a fixed_timestamp. +This makes it possible to build reproducible builds for coreboot. + +To build a reproducible build of grub for coreboot do: +make default_payload.elf FIXED_TIMESTAMP=1134242 +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 00a9663..ed7f148 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -411,7 +411,7 @@ bootcheck: $(BOOTCHECKS) + if COND_i386_coreboot + default_payload.elf: grub-mkstandalone grub-mkimage FORCE + test -f $@ && rm $@ || true +- pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help syslinuxcfg xnu $(shell cat grub-core/fs.lst) password_pbkdf2 $(EXTRA_PAYLOAD_MODULES)' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg ++ pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help syslinuxcfg xnu $(shell cat grub-core/fs.lst) password_pbkdf2 $(EXTRA_PAYLOAD_MODULES)' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg $(if $(FIXED_TIMESTAMP),-t $(FIXED_TIMESTAMP)) + endif + + endif +-- +1.9.1 + diff --git a/projects/ich9gen/sources/src/gbe/gbe.h b/projects/ich9gen/sources/src/gbe/gbe.h index 14548e71..f28f4421 100644 --- a/projects/ich9gen/sources/src/gbe/gbe.h +++ b/projects/ich9gen/sources/src/gbe/gbe.h @@ -35,7 +35,7 @@ * * Info about Gbe region (read whole datasheet): * http://www.intel.co.uk/content/dam/doc/application-note/i-o-controller-hub-9m-82567lf-lm-v-nvm-map-appl-note.pdf - * https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums + * https://web.archive.org/web/20150912070329/https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums */ #ifndef GBESTRUCT_H diff --git a/projects/ich9gen/sources/src/ich9deblob.c b/projects/ich9gen/sources/src/ich9deblob.c index b9153ed6..d7a57c51 100644 --- a/projects/ich9gen/sources/src/ich9deblob.c +++ b/projects/ich9gen/sources/src/ich9deblob.c @@ -42,7 +42,7 @@ * * Info about Gbe region (read whole datasheet): * http://www.intel.co.uk/content/dam/doc/application-note/i-o-controller-hub-9m-82567lf-lm-v-nvm-map-appl-note.pdf - * https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums + * https://web.archive.org/web/20150912070329/https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums */ #include "ich9deblob.h" diff --git a/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch b/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch new file mode 100644 index 00000000..1d537e87 --- /dev/null +++ b/resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch @@ -0,0 +1,73 @@ +From 8dde1d7be2dd321a375570b7ff7e22bb01293044 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens <lynxis@fe80.eu> +Date: Fri, 4 Dec 2015 17:10:42 +0100 +Subject: [PATCH 08/10] mkstandalone: add argument --fixed-time to override + mtime of files + +mkstandalone adds several files to an archive. Doing this it uses the +mtime to give these files a timestamp. +--fixed-time <TIME_EPOCH> overrides these timestamps with a given. + +Replacing all timestamps with a specific one is required +to get reproducible builds. See source epoch specification of +reproducible-builds.org +--- + util/grub-mkstandalone.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkstandalone.c b/util/grub-mkstandalone.c +index 4907d44..047f0cd 100644 +--- a/util/grub-mkstandalone.c ++++ b/util/grub-mkstandalone.c +@@ -30,6 +30,7 @@ + #pragma GCC diagnostic error "-Wmissing-prototypes" + #pragma GCC diagnostic error "-Wmissing-declarations" + ++static time_t fixed_time; + static char *output_image; + static char **files; + static int nfiles; +@@ -48,6 +49,7 @@ static struct argp_option options[] = { + 0, N_("save output in FILE [required]"), 2}, + {"format", 'O', N_("FILE"), 0, 0, 2}, + {"compression", 'C', "xz|none|auto", OPTION_HIDDEN, 0, 2}, ++ {"fixed-time", 't', N_("TIMEEPOCH"), 0, N_("Use a fixed timestamp to override mtime of all files. Time since epoch is used."), 2}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -72,6 +74,7 @@ help_filter (int key, const char *text, void *input __attribute__ ((unused))) + static error_t + argp_parser (int key, char *arg, struct argp_state *state) + { ++ char *b; + if (key == 'C') + key = GRUB_INSTALL_OPTIONS_INSTALL_CORE_COMPRESS; + +@@ -80,6 +83,14 @@ argp_parser (int key, char *arg, struct argp_state *state) + + switch (key) + { ++ case 't': ++ fixed_time = strtoll (arg, &b, 10); ++ if (*b !='\0') { ++ printf (_("invalid fixed time number: %s\n"), arg); ++ argp_usage (state); ++ exit (1); ++ } ++ break; + + case 'o': + if (output_image) +@@ -192,7 +203,8 @@ add_tar_file (const char *from, + if (grub_util_is_special_file (from)) + return; + +- mtime = grub_util_get_mtime (from); ++ /* use fixed_time if given for mtime */ ++ mtime = fixed_time != -1 ? fixed_time : grub_util_get_mtime (from); + + optr = tcn = xmalloc (strlen (to) + 1); + for (iptr = to; *iptr == '/'; iptr++); +-- +1.9.1 + diff --git a/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch b/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch new file mode 100644 index 00000000..0612ade0 --- /dev/null +++ b/resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch @@ -0,0 +1,68 @@ +From 0f1e1a29d4d019e7b2b1a3ac3db7ca22c75e8d88 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens <lynxis@fe80.eu> +Date: Fri, 4 Dec 2015 17:10:43 +0100 +Subject: [PATCH 09/10] mkrescue: add argument --fixed-time to get reproducible + uuids + +The uuid generation is based on the time. +--- + util/grub-mkrescue.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/util/grub-mkrescue.c b/util/grub-mkrescue.c +index 238d484..a3e0155 100644 +--- a/util/grub-mkrescue.c ++++ b/util/grub-mkrescue.c +@@ -52,6 +52,7 @@ static int xorriso_arg_alloc; + static char **xorriso_argv; + static char *iso_uuid; + static char *iso9660_dir; ++static time_t fixed_time; + + static void + xorriso_push (const char *val) +@@ -110,6 +111,7 @@ static struct argp_option options[] = { + {"product-version", OPTION_PRODUCT_VERSION, N_("STRING"), 0, N_("use STRING as product version"), 2}, + {"sparc-boot", OPTION_SPARC_BOOT, 0, 0, N_("enable sparc boot. Disables HFS+, APM, ARCS and boot as disk image for i386-pc"), 2}, + {"arcs-boot", OPTION_ARCS_BOOT, 0, 0, N_("enable ARCS (big-endian mips machines, mostly SGI) boot. Disables HFS+, APM, sparc64 and boot as disk image for i386-pc"), 2}, ++ {"fixed-time", 't', N_("TIMEEPOCH"), 0, N_("use a fixed timestamp for uuid generation"), 2}, + {0, 0, 0, 0, 0, 0} + }; + +@@ -153,6 +155,8 @@ enum { + static error_t + argp_parser (int key, char *arg, struct argp_state *state) + { ++ char *b; ++ + if (grub_install_parse (key, arg)) + return 0; + switch (key) +@@ -212,6 +216,15 @@ argp_parser (int key, char *arg, struct argp_state *state) + xorriso = xstrdup (arg); + return 0; + ++ case 't': ++ fixed_time = strtoll (arg, &b, 10); ++ if (*b !='\0') { ++ printf (_("invalid fixed time number: %s\n"), arg); ++ argp_usage (state); ++ exit (1); ++ } ++ return 0; ++ + default: + return ARGP_ERR_UNKNOWN; + } +@@ -542,7 +555,7 @@ main (int argc, char *argv[]) + { + time_t tim; + struct tm *tmm; +- tim = time (NULL); ++ tim = fixed_time != -1 ? fixed_time : time (NULL); + tmm = gmtime (&tim); + iso_uuid = xmalloc (55); + grub_snprintf (iso_uuid, 50, +-- +1.9.1 + diff --git a/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch b/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch new file mode 100644 index 00000000..f06dbfb5 --- /dev/null +++ b/resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch @@ -0,0 +1,30 @@ +From 57174ed960905be4f9c229bbf3913b25745dbfd9 Mon Sep 17 00:00:00 2001 +From: Alexander Couzens <lynxis@fe80.eu> +Date: Fri, 4 Dec 2015 17:10:44 +0100 +Subject: [PATCH 10/10] Makefile: use FIXED_TIMESTAMP for mkstandalone if set + +mkstandalone sets timestamps for files which can be overriden by a fixed_timestamp. +This makes it possible to build reproducible builds for coreboot. + +To build a reproducible build of grub for coreboot do: +make default_payload.elf FIXED_TIMESTAMP=1134242 +--- + Makefile.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.am b/Makefile.am +index 00a9663..ed7f148 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -411,7 +411,7 @@ bootcheck: $(BOOTCHECKS) + if COND_i386_coreboot + default_payload.elf: grub-mkstandalone grub-mkimage FORCE + test -f $@ && rm $@ || true +- pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help syslinuxcfg xnu $(shell cat grub-core/fs.lst) password_pbkdf2 $(EXTRA_PAYLOAD_MODULES)' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg ++ pkgdatadir=. ./grub-mkstandalone --grub-mkimage=./grub-mkimage -O i386-coreboot -o $@ --modules='ahci pata ehci uhci ohci usb_keyboard usbms part_msdos ext2 fat at_keyboard part_gpt usbserial_usbdebug cbfs' --install-modules='ls linux search configfile normal cbtime cbls memrw iorw minicmd lsmmap lspci halt reboot hexdump pcidump regexp setpci lsacpi chain test serial multiboot cbmemc linux16 gzio echo help syslinuxcfg xnu $(shell cat grub-core/fs.lst) password_pbkdf2 $(EXTRA_PAYLOAD_MODULES)' --fonts= --themes= --locales= -d grub-core/ /boot/grub/grub.cfg=$(srcdir)/coreboot.cfg $(if $(FIXED_TIMESTAMP),-t $(FIXED_TIMESTAMP)) + endif + + endif +-- +1.9.1 + diff --git a/resources/scripts/helpers/download/grub b/resources/scripts/helpers/download/grub index c0a298cb..3ec8a8fb 100755 --- a/resources/scripts/helpers/download/grub +++ b/resources/scripts/helpers/download/grub @@ -49,6 +49,11 @@ git reset --hard e54c99aaff5e5f6f5d3b06028506c57e66d8ef77 # Replace "GNU GRUB version" in GRUB screen with "FREE AS IN FREEDOM" git am "../resources/grub/patch/0001-grub-core-normal-main.c-Display-FREE-AS-IN-FREEDOM-n.patch" +# Enable reproducible builds +git am "../resources/grub/patch/reproducible/0001-mkstandalone-add-argument-fixed-time-to-override-mti.patch" +git am "../resources/grub/patch/reproducible/0002-mkrescue-add-argument-fixed-time-to-get-reproducible.patch" +git am "../resources/grub/patch/reproducible/0003-Makefile-use-FIXED_TIMESTAMP-for-mkstandalone-if-set.patch" + cd "../" # Also download SeaBIOS, which we use with GRUB, to implement SeaGRUB diff --git a/resources/scripts/helpers/download/seabios b/resources/scripts/helpers/download/seabios index 75299f2d..b773ec59 100755 --- a/resources/scripts/helpers/download/seabios +++ b/resources/scripts/helpers/download/seabios @@ -35,7 +35,7 @@ rm -rf "seabios/" # ------------------------------------------------------------------------------ # download it using git -git clone git://git.seabios.org/seabios.git seabios +git clone https://git.seabios.org/seabios.git seabios ( # modifications are required diff --git a/resources/utilities/ich9deblob/src/gbe/gbe.h b/resources/utilities/ich9deblob/src/gbe/gbe.h index a1350fdd..454ab2a2 100644 --- a/resources/utilities/ich9deblob/src/gbe/gbe.h +++ b/resources/utilities/ich9deblob/src/gbe/gbe.h @@ -35,7 +35,7 @@ * * Info about Gbe region (read whole datasheet): * http://www.intel.co.uk/content/dam/doc/application-note/i-o-controller-hub-9m-82567lf-lm-v-nvm-map-appl-note.pdf - * https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums + * https://web.archive.org/web/20150912070329/https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums */ #ifndef GBESTRUCT_H diff --git a/resources/utilities/ich9deblob/src/ich9deblob.c b/resources/utilities/ich9deblob/src/ich9deblob.c index d79a3a89..d0fc537a 100644 --- a/resources/utilities/ich9deblob/src/ich9deblob.c +++ b/resources/utilities/ich9deblob/src/ich9deblob.c @@ -42,7 +42,7 @@ * * Info about Gbe region (read whole datasheet): * http://www.intel.co.uk/content/dam/doc/application-note/i-o-controller-hub-9m-82567lf-lm-v-nvm-map-appl-note.pdf - * https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums + * https://web.archive.org/web/20150912070329/https://communities.intel.com/community/wired/blog/2010/10/14/how-to-basic-eeprom-checksums */ #include "ich9deblob.h" @@ -140,6 +140,15 @@ around this by running the following command: You can find *cbfstool* in the \_util archive with the libreboot release that you are using. +What are the ata/ahci errors I see in libreboot's GRUB? +----------------------------------------------------------------------- + +You can safely ignore those errors, they exist because we can't quiet down +cryptomount command from `for` loop in libreboot's +[grub.cfg](https://notabug.org/libreboot/libreboot/src/r20160907/resources/grub/config/menuentries/common.cfg#L66). +It could be fixed in upstream grub by contributing patch that would add +quiet flag to it. + Hardware compatibility ====================== @@ -900,10 +909,8 @@ connect SATA HDDs via USB. Libreboot documents how to install several distributions with full disk encryption. You can adapt these for use with USB drives: -- [Full disk encryption with - Debian](../docs/gnulinux/encrypted_debian.md) -- [Full disk encryption with - Parabola](../docs/gnulinux/encrypted_parabola.md) +- [Full disk encryption with Debian](../docs/gnulinux/encrypted_debian.md) +- [Full disk encryption with Parabola](../docs/gnulinux/encrypted_parabola.md) The current theory (unproven) is that this will at least prevent malicious drives from wrongly manipulating data being read from or @@ -1034,3 +1041,32 @@ Are other operating systems compatible? Unknown. Probably not. +Where can I learn more about electronics +========================================== + +* Basics of soldering and rework by PACE + Both series of videos are mandatory regardless of your soldering skill. + * [Basic Soldering](https://www.youtube.com/watch?v=vIT4ra6Mo0s&list=PL926EC0F1F93C1837) + * [Rework and Repair](https://www.youtube.com/watch?v=HKX-GBe_lUI&list=PL958FF32927823D12) +* [edX course on basics of electronics](https://www.edx.org/course/circuits-electronics-1-basic-circuit-mitx-6-002-1x-0) + In most countries contents of this course is covered during + middle and high school. It will also serve well to refresh your memory + if you haven't used that knowledge ever since. +* Impedance intro + * [Similiarities of Wave Behavior](https://www.youtube.com/watch?v=DovunOxlY1k) + * [Reflections in tranmission line](https://www.youtube.com/watch?v=y8GMH7vMAsQ) + * Stubs: + * [Wikipedia article on stubs](https://en.wikipedia.org/wiki/Stub_(electronics)) + * [Polar Instruments article on stubs](http://www.polarinstruments.com/support/si/AP8166.html) + With external SPI flashing we only care about unintended PCB stubs +* Other YouTube channels with useful content about electronics + * [EEVblog](https://www.youtube.com/channel/UC2DjFE7Xf11URZqWBigcVOQ) + * [Louis Rossmann](https://www.youtube.com/channel/UCl2mFZoRqjw_ELax4Yisf6w) + * [mikeselectricstuff](https://www.youtube.com/channel/UCcs0ZkP_as4PpHDhFcmCHyA) + * [bigclive](https://www.youtube.com/channel/UCtM5z2gkrGRuWd0JQMx76qA) + * [ElectroBOOM](https://www.youtube.com/channel/UCJ0-OtVpF0wOKEqT2Z1HEtA) + * [Jeri Ellsworth](https://www.youtube.com/user/jeriellsworth/playlists) +* Boardview files can be open with [OpenBoardview](https://github.com/OpenBoardView/OpenBoardView), +which is free software under MIT license. + +Use of youtube-dl with mpv would be recommended for youtube links diff --git a/www/news/andrew-robbins-new-maintainer.md b/www/news/andrew-robbins-new-maintainer.md index 50c43d3a..65fd8a3c 100644 --- a/www/news/andrew-robbins-new-maintainer.md +++ b/www/news/andrew-robbins-new-maintainer.md @@ -9,7 +9,7 @@ voted on by the maintainers with community input. These policies formalise our democratic standards. Today, we welcome Andrew Robbins (IRC nick `and_who` and -[NotABug](https://notabug.org) user [kragle](https://notabug.org/kragle)) as +[NotABug](https://notabug.org) user [and_who](https://notabug.org/and_who)) as our first new maintainer under the new policy. Going forward, Andrew will gain push access to Libreboot in order to review patches, as well as voting rights and IRC operator status. diff --git a/www/news/leah-fundraiser.md b/www/news/leah-fundraiser.md index 5a5b7b20..529547eb 100644 --- a/www/news/leah-fundraiser.md +++ b/www/news/leah-fundraiser.md @@ -1,6 +1,6 @@ % Help Leah, founder of Libreboot, get Gender Reassignment Surgery % Leah Rowe -% 19 April 2017 +% 19 April 2018 I spoke with Andrew Robbins and Swift Geek on #libreboot IRC. These are two other members of the core Libreboot community. This news post was submitted to |