-
-
Notifications
You must be signed in to change notification settings - Fork 190
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
safeboot: restore qemu-coreboot.config, add safeboot.config
- Loading branch information
1 parent
2bbf769
commit 2715851
Showing
2 changed files
with
102 additions
and
37 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,86 @@ | ||
| # Configuration for building a coreboot ROM that works in the. | ||
| # the qemu emulator. Note that the TPM does not work, so this | ||
| # will just drop into the recovery shell. | ||
| export CONFIG_COREBOOT=y | ||
| export CONFIG_COREBOOT_VERSION=4.8.1 | ||
| export CONFIG_LINUX_VERSION=5.4.69 | ||
|
|
||
| CONFIG_COREBOOT_CONFIG=config/coreboot-qemu.config | ||
| CONFIG_LINUX_CONFIG=config/linux-safeboot.config | ||
|
|
||
| ifeq "$(CONFIG_UROOT)" "y" | ||
| CONFIG_BUSYBOX=n | ||
| else | ||
| CONFIG_KEXEC=y | ||
| #CONFIG_QRENCODE=y | ||
| #CONFIG_TPMTOTP=y | ||
| CONFIG_POPT=y | ||
| #CONFIG_FLASHTOOLS=y | ||
| #CONFIG_FLASHROM=y | ||
| CONFIG_PCIUTILS=y | ||
| CONFIG_UTIL_LINUX=y | ||
| CONFIG_CRYPTSETUP=y | ||
| #CONFIG_GPG2=y | ||
| CONFIG_LVM2=y | ||
| #CONFIG_MBEDTLS=y | ||
| #CONFIG_DROPBEAR=y | ||
| CONFIG_MSRTOOLS=y | ||
|
|
||
| CONFIG_BASH=y | ||
| CONFIG_CURL=y | ||
| CONFIG_SAFEBOOT=y | ||
| CONFIG_TPM2_TOOLS=$(CONFIG_SAFEBOOT) | ||
| CONFIG_TPM2_TSS=$(CONFIG_TPM2_TOOLS) | ||
| CONFIG_OPENSSL=$(CONFIG_TPM2_TSS) | ||
|
|
||
| #Uncomment only one of the following block | ||
| #Required for graphical gui-init (FBWhiptail) | ||
| #CONFIG_CAIRO=y | ||
| #CONFIG_FBWHIPTAIL=y | ||
| # | ||
| #text-based init (generic-init and gui-init) | ||
| CONFIG_NEWT=y | ||
| CONFIG_SLANG=y | ||
|
|
||
| endif | ||
|
|
||
| #CONFIG_LINUX_ATA=y | ||
| #CONFIG_LINUX_AHCI=y | ||
| #CONFIG_LINUX_USB=y | ||
| #CONFIG_LINUX_E1000=y | ||
|
|
||
| #Uncomment only one BOOTSCRIPT: | ||
| #Whiptail-based init (text-based or FBWhiptail) | ||
| #export CONFIG_BOOTSCRIPT=/bin/gui-init | ||
| # | ||
| #text-based original init: | ||
| export CONFIG_BOOTSCRIPT=/bin/safeboot-init | ||
|
|
||
| export CONFIG_TPM=n | ||
|
|
||
| export CONFIG_BOOT_DEV="/dev/sda1" | ||
|
|
||
| #borrowed from https://github.com/orangecms/webboot/blob/boot-via-qemu/run-webboot.sh | ||
| TPMDIR=$(build)/$(BOARD)/vtpm | ||
| run: | ||
| @mkdir -p "$(TPMDIR)" | ||
| swtpm socket \ | ||
| --tpm2 \ | ||
| --tpmstate dir="$(TPMDIR)" \ | ||
| --flags "startup-clear" \ | ||
| --ctrl type=unixio,path="$(TPMDIR)/sock" & | ||
| sleep 0.5 | ||
|
|
||
| -qemu-system-x86_64 \ | ||
| --machine q35 \ | ||
| -m 4G \ | ||
| --serial /dev/tty \ | ||
| --bios $(build)/$(BOARD)/$(CB_OUTPUT_FILE) \ | ||
| -object rng-random,filename=/dev/urandom,id=rng0 \ | ||
| -device virtio-rng-pci,rng=rng0 \ | ||
| -netdev user,id=u1 -device e1000,netdev=u1 \ | ||
| -chardev socket,id=chrtpm,path="$(TPMDIR)/sock" \ | ||
| -tpmdev emulator,id=tpm0,chardev=chrtpm \ | ||
| -device tpm-tis,tpmdev=tpm0 \ | ||
|
|
||
| stty sane |