linuxboot · tlaurion · Oct 19, 2020 · Jul 12, 2020 · Sep 7, 2020 · Sep 27, 2020
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -8,7 +8,7 @@ jobs:
           name: Install dependencies
           command: |
             apt update
-            apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev
+            apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool
       - checkout
 
       - run:
@@ -186,6 +186,24 @@ jobs:
       - store-artifacts:
           path: build/x230-hotp-verification
 
+      - run:
+          name: x230-nkstorecli
+          command: |
+            rm -rf build/x230-nkstorecli/* build/log/* && make CPUS=4 \
+                V=1 \
+                BOARD=x230-nkstorecli || (find ./build/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1) \
+          no_output_timeout: 3h
+      - run:
+          name: Ouput x230-nkstorecli hashes
+          command: |
+            cat build/x230-nkstorecli/hashes.txt \
+      - run:
+          name: Archiving build logs for x230-nkstorecli
+          command: |
+             tar zcvf build/x230-nkstorecli/logs.tar.gz build/log/*
+      - store-artifacts:
+          path: build/x230-nkstorecli
+
       - run:
           name: qemu-coreboot
           command: |

diff --git a/Makefile b/Makefile
@@ -486,6 +486,7 @@ bin_modules-$(CONFIG_CAIRO) += cairo
 bin_modules-$(CONFIG_FBWHIPTAIL) += fbwhiptail
 bin_modules-$(CONFIG_HOTPKEY) += hotp-verification
 bin_modules-$(CONFIG_MSRTOOLS) += msrtools
+bin_modules-$(CONFIG_NKSTORECLI) += nkstorecli
 
 $(foreach m, $(bin_modules-y), \
 	$(call map,initrd_bin_add,$(call bins,$m)) \

diff --git a/boards/x230-nkstorecli/x230-nkstorecli.config b/boards/x230-nkstorecli/x230-nkstorecli.config
@@ -0,0 +1,53 @@
+# Configuration for a x230-nkstorecli (Nitrokey Storage client + HOTP support) 
+# running Qubes and other OSes
+# Note that CBFS region is too small. So e1000e (ethernet) and dropbear (ssh client/server) has been disabled.
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.8.1
+export CONFIG_LINUX_VERSION=4.14.62
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-x230-nkstorecli.config
+CONFIG_LINUX_CONFIG=config/linux-x230.config
+
+CONFIG_CRYPTSETUP=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+CONFIG_DROPBEAR=n
+CONFIG_NKSTORECLI=y
+
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+CONFIG_HOTPKEY=y
+
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=n
+
+export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad X230-nkstorecli Heads Boot Menu"
+export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
+export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios"
+
+# This board has two SPI flash chips, an 8 MB that holds the IFD,
+# the ME image and part of the coreboot image, and a 4 MB one that
+# has the rest of the coreboot and the reset vector.
+#
+# Only flashing to the bios region is safe to do. The easiest is to
+# flash internally when the IFD is unlocked for writing, and x230-flash
+# is installed first.
diff --git a/config/coreboot-x230-nkstorecli.config b/config/coreboot-x230-nkstorecli.config
@@ -0,0 +1,15 @@
+CONFIG_LOCALVERSION="heads"
+CONFIG_ANY_TOOLCHAIN=y
+CONFIG_MEASURED_BOOT=y
+CONFIG_VENDOR_LENOVO=y
+CONFIG_CBFS_SIZE=0x710000
+CONFIG_BOARD_LENOVO_X230=y
+CONFIG_NO_POST=y
+CONFIG_UART_PCI_ADDR=0
+CONFIG_NO_GFX_INIT=y
+CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="../../build/x230-nkstorecli/bzImage"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_INITRD="../../build/x230-nkstorecli/initrd.cpio.xz"
diff --git a/modules/libhidapi-libusb b/modules/libhidapi-libusb
@@ -0,0 +1,28 @@
+modules-$(CONFIG_NKSTORECLI) += libhidapi-libusb
+
+libhidapi-libusb_depends  += libusb
+
+libhidapi-libusb_version := 0.9.0
+libhidapi-libusb_dir := hidapi-hidapi-$(libhidapi-libusb_version)
+libhidapi-libusb_tar := hidapi-$(libhidapi-libusb_version).tar.gz
+libhidapi-libusb_url := https://github.com/libusb/hidapi/archive/$(libhidapi-libusb_tar)
+libhidapi-libusb_hash := 630ee1834bdd5c5761ab079fd04f463a89585df8fcae51a7bfe4229b1e02a652
+
+MY_CROSS_TOOLS := \
+	CC="$(heads_cc) -Os" \
+	$(CROSS_TOOLS_NOCC) \
+
+
+libhidapi-libusb_configure := ./bootstrap && \
+	./configure \
+	$(MY_CROSS_TOOLS) \
+	--host i386-elf-linux\
+	--prefix "/"
+
+
+libhidapi-libusb_target := $(MAKE_JOBS) -C libusb \
+	DESTDIR="$(INSTALL)" \
+	$(MY_CROSS_TOOLS) \
+	install && \
+	cp $(INSTALL)/../build/$(libhidapi-libusb_dir)/pc/hidapi-libusb.pc $(INSTALL)/lib/pkgconfig/ \
+
diff --git a/modules/libnitrokey b/modules/libnitrokey
@@ -0,0 +1,37 @@
+modules-$(CONFIG_NKSTORECLI) += libnitrokey
+
+libnitrokey_depends := libhidapi-libusb libusb $(musl_dep)
+
+libnitrokey_version := 3.6
+libnitrokey_dir := libnitrokey-$(libnitrokey_version)
+libnitrokey_tar := libnitrokey-v$(libnitrokey_version).tar.gz
+libnitrokey_url := https://github.com/Nitrokey/libnitrokey/releases/download/v$(libnitrokey_version)/$(libnitrokey_tar)
+libnitrokey_hash := 4f3382b6193afe69c2001321038fce9490bc28803ed687152a397ccd89146ae6
+
+# currently the dynamic lib is not included
+#libnitrokey_libraries := \
+#	build/libnitrokey.so.3 
+
+cmake_cross := "-DCMAKE_AR=$(CROSS)ar" \
+	-DCMAKE_CXX_COMPILER="$(CROSS)g++" \
+	-DCMAKE_C_COMPILER="$(CROSS)gcc" \
+	-DCMAKE_CXX_FLAGS="-Os -fdata-sections -ffunction-sections -ffile-prefix-map=$(pwd)=heads -gno-record-gcc-switches -D__MUSL__ -I$(INSTALL)/include -L$(INSTALL)/lib " \
+	-DCMAKE_LINKER="$(CROSS)ld"
+	-DCMAKE_SHARED_LINKER_FLAGS="-gc-sections"
+	-DCMAKE_CXX_COMPILER_AR="$(CROSS)ar" \
+	-DCMAKE_NM="$(CROSS)nm" \
+	-DCMAKE_OBJDUMP="$(CROSS)objdump" \
+	-DCMAKE_OBCOPY="$(CROSS)obcopy" \
+	-DCMAKE_STRIP="$(CROSS)strip" 
+
+libnitrokey_configure := \
+	mkdir build -p && \
+	cd build && \
+	$(CROSS_TOOLS) cmake .. -DNO_LOG=ON -DBUILD_SHARED_LIBS=OFF -DCOMPILE_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/ -DCMAKE_INSTALL_LIBDIR=lib -DCMAKE_BUILD_TYPE=MinSizeRel $(cmake_cross) 
+
+# install "by-hand" as INSTALL_PREFIX is not working as expected
+libnitrokey_target := $(CROSS_TOOLS) $(MAKE_JOBS) -C build DESTDIR="$(INSTALL)" && \
+	cp build/$(libnitrokey_dir)/build/libnitrokey.a $(INSTALL)/lib/libnitrokey.a && \
+	mkdir -p $(INSTALL)/include/libnitrokey/ && \
+	cp -r build/$(libnitrokey_dir)/NK_C_API.h $(INSTALL)/include/libnitrokey/ && \
+	cp -r build/$(libnitrokey_dir)/libnitrokey/*.h $(INSTALL)/include/libnitrokey 
diff --git a/modules/nkstorecli b/modules/nkstorecli
@@ -0,0 +1,15 @@
+modules-$(CONFIG_NKSTORECLI) += nkstorecli
+
+nkstorecli_depends := libnitrokey libusb $(musl_dep)
+
+nkstorecli_version := 0.4.1
+nkstorecli_dir := nkstorecli-$(nkstorecli_version)
+nkstorecli_tar := nkstorecli-$(nkstorecli_version).tar.gz
+nkstorecli_url := https://github.com/Nitrokey/nitrokey-storage-cli/releases/download/v$(nkstorecli_version)/nkstorecli-$(nkstorecli_version).tar.gz
+nkstorecli_hash := 0fa7dbbede453b9c40d920c0563afdd2b0f7d08625aeb68f065512613b6fbb6b
+
+nkstorecli_target := $(MAKE_JOBS) -C src $(CROSS_TOOLS) DESTDIR=$(INSTALL) install 
+
+nkstorecli_output := \
+	src/nkstorecli 
+