Merge pull request #1485 from Nitrokey/nx-nitropad

add Nitropad NV41/NS50 TPM2 boards (2nd)
linuxboot · Sep 6, 2023 · 2c3987f · 2c3987f
2 parents 54bce87 + 2cc7164
commit 2c3987f
Show file tree

Hide file tree

Showing 16 changed files with 5,397 additions and 8 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -215,23 +215,35 @@ workflows:
 # version. The last board in the sequence is the dependency
 # for the parallel boards built at the end, and also save_cache.
 
-      # Coreboot 4.19
+      # coreboot 4.19
       - build_and_persist:
           name: x230-hotp-maximized
           target: x230-hotp-maximized
           subcommand: ""
           requires:
             - prep_env
 
-      # Coreboot 4.17
+      # coreboot-git librems
       - build_and_persist:
           name: librem_14
           target: librem_14
           subcommand: ""
           requires:
             - x230-hotp-maximized
 
-      # Coreboot for Talos (PPC)
+      # coreboot-git Nitropads depending on x230-hotp-maximized cache
+      # since kernel is 6.x and coreboot is git is unshared
+      # We use nitropad's coreboot's fork crossgcc
+      # No need to wait further for other board's cache.
+      # We reuse built modules from x230-hotp-maximized cache only
+      - build_and_persist:
+          name: nitropad-nv41
+          target: nitropad-nv41
+          subcommand: ""
+          requires:
+            - x230-hotp-maximized
+
+      # coreboot-git Talos II (PPC)
       - build_and_persist:
           name: talos-2
           arch: ppc64
@@ -243,10 +255,9 @@ workflows:
       #Cache one workspace per architecture. Make sure workspace caches are chainloaded and the last in chain for an arch is saved.
       - save_cache:
           requires:
-            - librem_14
             - talos-2
+            - nitropad-nv41
 
-#
 #
 # Those onboarding new boards should add their entries below.
 #
@@ -498,7 +509,7 @@ workflows:
           requires:
             - x230-hotp-maximized
 
-#Coreboot 4.17 boards
+#coreboot-git librem boards
       - build:
           name: librem_13v2
           target: librem_13v2
@@ -541,6 +552,14 @@ workflows:
           requires:
             - librem_14
 
+#coreboot-git dasharo clevo_release + staging IASL patch
+      - build:
+          name: nitropad-ns50
+          target: nitropad-ns50
+          subcommand: ""
+          requires:
+            - nitropad-nv41
+
 #      - build:
 #          name: UNTESTED_kgpe-d16_workstation-usb_keyboard
 #          target: UNTESTED_kgpe-d16_workstation-usb_keyboard

diff --git a/Makefile b/Makefile
@@ -304,11 +304,17 @@ define define_module =
 		echo -n '$($1_repo)|$($1_commit_hash)' > "$$@"; \
 	elif [ "$$$$(cat "$$@")" != '$($1_repo)|$($1_commit_hash)' ]; then \
 		echo "Switching $1 to $($1_repo) at $($1_commit_hash)" && \
-		git -C "$(build)/$($1_base_dir)" fetch $($1_repo) $($1_commit_hash) && \
+		git -C "$(build)/$($1_base_dir)" reset --hard HEAD^ && \
+		echo "git fetch $($1_repo) $($1_commit_hash) --recurse-submodules=no" && \
+		git -C "$(build)/$($1_base_dir)" fetch $($1_repo) $($1_commit_hash) --recurse-submodules=no && \
+		echo "git reset --hard $($1_commit_hash)" && \
 		git -C "$(build)/$($1_base_dir)" reset --hard $($1_commit_hash) && \
+		echo "git clean" && \
 		git -C "$(build)/$($1_base_dir)" clean -df && \
 		git -C "$(build)/$($1_base_dir)" clean -dffx payloads util/cbmem && \
+		echo "git submodule sync" && \
 		git -C "$(build)/$($1_base_dir)" submodule sync && \
+		echo "git submodule update" && \
 		git -C "$(build)/$($1_base_dir)" submodule update --init --checkout && \
 		echo -n '$($1_repo)|$($1_commit_hash)' > "$$@"; \
 	fi
@@ -527,6 +533,7 @@ bin_modules-$(CONFIG_KBD) += kbd
 bin_modules-$(CONFIG_ZSTD) += zstd
 bin_modules-$(CONFIG_E2FSPROGS) += e2fsprogs
 bin_modules-$(CONFIG_EXFATPROGS) += exfatprogs
+bin_modules-$(CONFIG_IOTOOLS) += iotools
 
 $(foreach m, $(bin_modules-y), \
 	$(call map,initrd_bin_add,$(call bins,$m)) \

diff --git a/boards/nitropad-ns50/nitropad-ns50.config b/boards/nitropad-ns50/nitropad-ns50.config
@@ -0,0 +1,55 @@
+# Nitrokey Nitropad NS51 board configuration
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=nitrokey
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-nitropad-ns50.config
+CONFIG_LINUX_CONFIG=config/linux-nitropad-x.config
+
+CONFIG_NITROKEY_BLOBS=y
+
+CONFIG_KEXEC=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+CONFIG_POPT=y
+CONFIG_FLASHTOOLS=y
+CONFIG_FLASHROM=y
+CONFIG_PCIUTILS=y
+CONFIG_UTIL_LINUX=y
+CONFIG_CRYPTSETUP2=y
+CONFIG_GPG2=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+
+CONFIG_IOTOOLS=y
+
+CONFIG_DROPBEAR=y
+
+CONFIG_MSRTOOLS=y
+CONFIG_HOTPKEY=y
+
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+CONFIG_LINUX_USB=y
+
+CONFIG_LINUX_E1000=y
+
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
+
+# TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+
+export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
+
+export CONFIG_BOOT_DEV="/dev/nvme0n1"
+export CONFIG_BOARD_NAME="Nitropad NS50"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+
diff --git a/boards/nitropad-nv41/nitropad-nv41.config b/boards/nitropad-nv41/nitropad-nv41.config
@@ -0,0 +1,55 @@
+# Nitrokey Nitropad NV41 board configuration
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=nitrokey
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-nitropad-nv41.config
+CONFIG_LINUX_CONFIG=config/linux-nitropad-x.config
+
+CONFIG_NITROKEY_BLOBS=y
+
+CONFIG_KEXEC=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+CONFIG_POPT=y
+CONFIG_FLASHTOOLS=y
+CONFIG_FLASHROM=y
+CONFIG_PCIUTILS=y
+CONFIG_UTIL_LINUX=y
+CONFIG_CRYPTSETUP2=y
+CONFIG_GPG2=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+
+CONFIG_IOTOOLS=y
+
+CONFIG_DROPBEAR=y
+
+CONFIG_MSRTOOLS=y
+CONFIG_HOTPKEY=y
+
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+CONFIG_LINUX_USB=y
+
+CONFIG_LINUX_E1000=y
+
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
+
+# TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+
+export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
+
+export CONFIG_BOOT_DEV="/dev/nvme0n1"
+export CONFIG_BOARD_NAME="Nitropad NV41"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+