platform/x230: init
Raito Bezarius
7 months ago
parent
59c5ffbda6
commit
94e542b2a8
@ -0,0 +1,18 @@
|
||||
#
|
||||
# Note: on x86 platforms the SPI flash is mapped into or copied into
|
||||
# the topmost X bytes of memory, and the very topmost word of memory
|
||||
# is the "reset vector" which points to the BIOS entry point. Because
|
||||
# of this we must protect the TOPMOST half of memory; if an attacker
|
||||
# controls the reset vector and any other chunk of the flash, the game
|
||||
# is over.
|
||||
#
|
||||
FLASH@0 0x1000000 {
|
||||
BIOS@0 0x1000000 {
|
||||
# read-write zone
|
||||
NORMAL(CBFS) @ 0x400 0x7FFC00
|
||||
|
||||
# read-only zone (eventually)
|
||||
FMAP @ 0x800000 0x400
|
||||
FALLBACK(CBFS) @ 0x800400 0x7FFC00
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,102 @@
|
||||
{ lib
|
||||
, common_amd64
|
||||
}:
|
||||
{
|
||||
overlays = common_amd64.overlays ++ [(final: prev:
|
||||
let
|
||||
flash-chip-bytes-per-image = final.flash-chip-size-in-bytes / final.images-per-flash-chip;
|
||||
default-flash-chip-size-in-bytes = 12 * 1024 * 1024;
|
||||
default-bios-offset-in-bytes = 8 * 1024 * 1024;
|
||||
fmap-size-in-bytes = 1024;
|
||||
cbfs-size-in-bytes = flash-chip-bytes-per-image - fmap-size-in-bytes;
|
||||
initramfs_lzma = initramfs: final.nixpkgsOnBuildForBuild.runCommand "initramfs.lzma" { } ''
|
||||
lzma < ${initramfs} > $out;
|
||||
'';
|
||||
in {
|
||||
|
||||
platform_name = "x230";
|
||||
|
||||
kernel =
|
||||
final.lib.makeOverridable (prev.kernel.override {
|
||||
# config = ./linux.config;
|
||||
# buildTargets = [ "bzImage" ];
|
||||
}).overrideAttrs (a: {
|
||||
postInstall = (a.postInstall or "") + ''
|
||||
cp arch/x86/boot/compressed/vmlinux $out/vmlinuz
|
||||
'';
|
||||
});
|
||||
initramfs = initramfs_lzma prev.initramfs;
|
||||
device = ./device.nix;
|
||||
console-device = "ttyS1";
|
||||
payload = "${final.kernel}/bzImage";
|
||||
fmap = final.nixpkgsOnBuildForBuild.writeText "custom.fmap" (''
|
||||
#
|
||||
# Note: on x86 platforms the SPI flash is mapped into or copied into
|
||||
# the topmost X bytes of memory, and the very topmost word of memory
|
||||
# is the "reset vector" which points to the BIOS entry point. Because
|
||||
# of this we must protect the TOPMOST half of memory; if an attacker
|
||||
# controls the reset vector and any other chunk of the flash, the game
|
||||
# is over.
|
||||
# The X230 has a quite special situation.
|
||||
# It contains *2* flash chips, one of 8MB and one of 4MB.
|
||||
# The 8MB contains mostly opaque stuff, e.g. embedded controller, Intel Management Engine and a chunk of the BIOS.
|
||||
# It is not supposed to be modified, except by me_cleaner for example.
|
||||
# The 4MB on the contrary contains most of the BIOS.
|
||||
# It is enough to flash the 4MB one to achieve the desired effect for now.
|
||||
# TODO: eat the extra 1MB on the other chip.
|
||||
FLASH@0 0x${lib.toHexString default-flash-chip-size-in-bytes} {
|
||||
BIOS@0x${lib.toHexString default-bios-offset-in-bytes} 0x${lib.toHexString final.flash-chip-size-in-bytes} {
|
||||
${lib.optionalString (final.images-per-flash-chip > 1) ''
|
||||
# read-write zone
|
||||
NORMAL(CBFS) @ 0x${lib.toHexString fmap-size-in-bytes} 0x${lib.toHexString cbfs-size-in-bytes}
|
||||
''}
|
||||
# read-only zone (eventually)
|
||||
FMAP @ 0x${lib.toHexString flash-chip-bytes-per-image} 0x${lib.toHexString fmap-size-in-bytes}
|
||||
FALLBACK(CBFS) @ 0x${lib.toHexString (flash-chip-bytes-per-image + fmap-size-in-bytes)} 0x${lib.toHexString cbfs-size-in-bytes}
|
||||
}
|
||||
}
|
||||
'');
|
||||
|
||||
|
||||
coreboot = (prev.coreboot.override {
|
||||
iasl = final.iasl_20180531;
|
||||
coreboot-toolchain = with final.coreboot-toolchain; [ x64 i386 ];
|
||||
config = with lib.kernel; {
|
||||
# CBFS_PREFIX = lib.mkForce (freeform "prefix");
|
||||
|
||||
# COLLECT_TIMESTAMPS = yes;
|
||||
# VBOOT = yes;
|
||||
# MEASURED_BOOT = yes;
|
||||
# VBOOT_SLOTS_RW_AB = yes;
|
||||
|
||||
VENDOR_LENOVO = lib.mkForce yes;
|
||||
BOARD_LENOVO_X230 = lib.mkForce yes;
|
||||
|
||||
CONSOLE_CBMEM = lib.mkForce no;
|
||||
|
||||
# ON_DEVICE_ROM_LOAD = lib.mkForce no;
|
||||
POST_DEVICE = lib.mkForce no;
|
||||
POST_IO = lib.mkForce no;
|
||||
|
||||
DEFAULT_CONSOLE_LOGLEVEL = lib.mkForce (freeform "7");
|
||||
ONBOARD_VGA_IS_PRIMARY = lib.mkForce yes;
|
||||
|
||||
USE_NATIVE_RAMINIT = lib.mkForce yes;
|
||||
MAINBOARD_USE_LIBGFXINIT = lib.mkForce yes;
|
||||
|
||||
# MAINBOARD_SMBIOS_MANUFACTURER = lib.mkForce (freeform "LENOVO");
|
||||
# MAINBOARD_SMBIOS_PRODUCT_NAME = lib.mkForce (freeform "ThinkPad X230");
|
||||
};
|
||||
uart-for-console =
|
||||
if final.console-device == "ttyS0" then 0 # IDC ribbon-cable header on the motherboarod
|
||||
else if final.console-device == "ttyS1" then 1 # DB9 connector on rear I/O panel; omitted from some board variants
|
||||
else if final.console-device == null then null
|
||||
else throw "x230 currently supports only `null` and `ttyS{0,1}` for `console-device`";
|
||||
}).overrideAttrs (a: {
|
||||
postInstall = (a.postInstall or "") + ''
|
||||
cp src/mainboard/lenovo/x230/cmos.layout $out/
|
||||
'';
|
||||
});
|
||||
})];
|
||||
}
|
||||
|
||||
@ -0,0 +1,10 @@
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./minify.nix
|
||||
./kernel-config.nix
|
||||
];
|
||||
|
||||
hardware.cpu = "generic-x86_64";
|
||||
# wip.kernel.defconfig = "allnoconfig";
|
||||
}
|
||||
@ -0,0 +1,82 @@
|
||||
{ lib, ... }:
|
||||
|
||||
{
|
||||
wip.kernel = {
|
||||
structuredConfig = lib.mkMerge [
|
||||
(with lib.kernel; {
|
||||
# SPI_INTEL = yes; /* deps: */ SPI = yes;
|
||||
# PINCTRL_INTEL = yes; /* deps: */ PINCTRL = yes;
|
||||
})
|
||||
(with lib.kernel; {
|
||||
/* deps: */
|
||||
# REGMAP = yes;
|
||||
# I2C_DESIGNWARE_PLATFORM = yes; /* deps: */ I2C = yes;
|
||||
})
|
||||
(with lib.kernel; {
|
||||
# FB_EFI = yes;
|
||||
# BACKLIGHT_CLASS_DEVICE = yes;
|
||||
# FRAMEBUFFER_CONSOLE_ROTATION = yes;
|
||||
# FRAMEBUFFER_CONSOLE_DETECT_PRIMARY = yes;
|
||||
})
|
||||
# TODO: Somehow make configurable
|
||||
# (with lib.kernel; {
|
||||
# LTRF216A = yes; /* deps: */ IIO = yes; I2C = yes;
|
||||
# })
|
||||
# TODO: allow introspecting current config to `mkIf SND != no`
|
||||
# (with lib.kernel; {
|
||||
# SND_SOC_CS35L41 = yes;
|
||||
# SND_SOC_CS35L41_SPI = yes;
|
||||
|
||||
# SND_SOC_AMD_ACP5x = yes;
|
||||
# SND_SOC_AMD_VANGOGH_MACH = yes;
|
||||
# SND_SOC_WM_ADSP = yes;
|
||||
# # CONFIG_SND_SOC_CS35L41_I2C is not set
|
||||
# SND_SOC_NAU8821 = yes;
|
||||
# # Doesn't build on latest tag, not used in neptune hardware (?)
|
||||
# SND_SOC_CS35L36 = no;
|
||||
# })
|
||||
|
||||
(with lib.kernel; {
|
||||
# SD card reader
|
||||
MMC = lib.mkForce no;
|
||||
KERNEL_XZ = lib.mkForce yes;
|
||||
|
||||
# Internal storage
|
||||
# BLK_DEV_NVME = yes; /* deps: */ PCI = yes;
|
||||
|
||||
# USB interface
|
||||
# USB = yes;
|
||||
# USB_DWC3 = yes;
|
||||
# #USB_DWC3_GADGET = yes;
|
||||
# USB_DWC3_HOST = yes;
|
||||
# # USB_DWC3_DUAL_ROLE = yes;
|
||||
# # NOP_USB_XCEIV = yes;
|
||||
# USB_PHY = yes;
|
||||
#
|
||||
# # Keyboard input
|
||||
# USB_HIDDEV = yes;
|
||||
# HID_PID = yes;
|
||||
# USB_XHCI_HCD = yes;
|
||||
#
|
||||
# TYPEC = yes;
|
||||
# TYPEC_TCPM = yes;
|
||||
#
|
||||
# #TYPEC_FUSB302 = yes;
|
||||
# #I2C = yes;
|
||||
#
|
||||
# PCIEPORTBUS = yes;
|
||||
# HOTPLUG_PCI_PCIE = yes;
|
||||
# PCI_MSI = yes;
|
||||
# HOTPLUG_PCI = yes;
|
||||
# HOTPLUG_PCI_ACPI = yes;
|
||||
# ACPI_PCI_SLOT = yes;
|
||||
#
|
||||
# # Unlikely:
|
||||
# PCIE_DW = yes;
|
||||
# PCIE_DW_HOST = yes;
|
||||
# PCIE_DW_PLAT = yes;
|
||||
# PCIE_DW_PLAT_HOST = yes;
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
||||
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,179 @@
|
||||
{ lib, ... }:
|
||||
|
||||
{
|
||||
wip.kernel = {
|
||||
structuredConfig = lib.mkMerge [
|
||||
# Slim down config somewhat
|
||||
# TODO: move into more general options
|
||||
(with lib.kernel; {
|
||||
NET = no;
|
||||
ETHERNET = no;
|
||||
NETFILTER = no;
|
||||
BPFILTER = no;
|
||||
USB_NET_DRIVERS = no;
|
||||
WIRELESS = no;
|
||||
WIREGUARD = no;
|
||||
BT = no;
|
||||
WLAN = no;
|
||||
NETDEVICES = no;
|
||||
MMC = no;
|
||||
INET = no; # No TCP/IP networking
|
||||
ETHTOOL_NETLINK = no;
|
||||
SERIO = no;
|
||||
LEGACY_PTYS = no;
|
||||
HW_RANDOM = no;
|
||||
SND = no;
|
||||
IKHEADERS = no;
|
||||
|
||||
CRYPTO_DEFLATE = no;
|
||||
CRYPTO_842 = no;
|
||||
CRYPTO_LZ4 = no;
|
||||
CRYPTO_LZ4HC = no;
|
||||
CRYPTO_ZSTD = no;
|
||||
|
||||
# It's an AMD!
|
||||
PROCESSOR_SELECT = yes; /* deps: */ EXPERT = yes;
|
||||
CPU_SUP_AMD = no;
|
||||
CPU_SUP_CENTAUR = no;
|
||||
CPU_SUP_HYGON = no;
|
||||
CPU_SUP_INTEL = yes;
|
||||
CPU_SUP_ZHAOXIN = no;
|
||||
})
|
||||
|
||||
(with lib.kernel; {
|
||||
# Relying on efifb is better for this specific use case
|
||||
DRM = no;
|
||||
})
|
||||
|
||||
(with lib.kernel; {
|
||||
DEBUG_FS = no;
|
||||
BLK_DEBUG_FS = no;
|
||||
|
||||
AFFS_FS = no;
|
||||
AUTOFS4_FS = no;
|
||||
AUTOFS_FS = no;
|
||||
BEFS_FS = no;
|
||||
BTRFS_FS = no;
|
||||
ECRYPT_FS = no;
|
||||
EFIVAR_FS = no;
|
||||
EROFS_FS = no;
|
||||
EXFAT_FS = no;
|
||||
EXT2_FS = no;
|
||||
EXT4_FS = no;
|
||||
F2FS_FS = no;
|
||||
FAT_FS = no;
|
||||
FSCACHE = no;
|
||||
FUSE_FS = no;
|
||||
GFS2_FS = no;
|
||||
HFS_FS = no;
|
||||
HFSPLUS_FS = no;
|
||||
ISO9660_FS = no;
|
||||
JFFS2_FS = no;
|
||||
JFS_FS = no;
|
||||
MINIX_FS = no;
|
||||
MSDOS_FS = no;
|
||||
NILFS2_FS = no;
|
||||
OMFS_FS = no;
|
||||
ORANGEFS_FS = no;
|
||||
OVERLAY_FS = no;
|
||||
REISERFS_FS = no;
|
||||
ROMFS_FS = no;
|
||||
UBIFS_FS = no;
|
||||
UDF_FS = no;
|
||||
UFS_FS = no;
|
||||
VBOXSF_FS = no;
|
||||
VFAT_FS = no;
|
||||
VIRTIO_FS = no;
|
||||
XFS_FS = no;
|
||||
ZONEFS_FS = no;
|
||||
ZONE_FS = no;
|
||||
CONFIGFS_FS = no;
|
||||
|
||||
BINFMT_SCRIPT = no;
|
||||
BINFMT_ELF = no;
|
||||
KERNFS = no;
|
||||
SYSFS = no;
|
||||
PROCFS = no;
|
||||
PROC_KCORE = no;
|
||||
PROC_SYSCTL = no;
|
||||
PROC_PAGE_MONITOR = no;
|
||||
PROC_CHILDREN = no;
|
||||
# PERF_EVENTS = no;
|
||||
TRACING = no;
|
||||
IO_URING = no;
|
||||
UPROBE_EVENTS = no;
|
||||
})
|
||||
|
||||
(with lib.kernel; {
|
||||
SYSVIPC = no;
|
||||
POSIX_MQUEUE = no;
|
||||
NO_HZ = no;
|
||||
HIGH_RES_TIMERS = no;
|
||||
PREEMPT_VOLUNTARY = no;
|
||||
CC_OPTIMIZE_FOR_SIZE = yes;
|
||||
JUMP_LABEL = no;
|
||||
NET = no;
|
||||
PACKET = no;
|
||||
PACKET_DIAG = no;
|
||||
UNIX = no;
|
||||
UNIX_DIAG = no;
|
||||
#INPUT_EVDEV = yes;
|
||||
#INPUT_TOUCHSCREEN = yes;
|
||||
#LOGO = yes;
|
||||
NEW_LEDS = no;
|
||||
LEDS_CLASS = no;
|
||||
RTC_CLASS = no;
|
||||
CONSOLE_LOGLEVEL_DEFAULT = freeform "3";
|
||||
FRAME_WARN = freeform "1024";
|
||||
MAGIC_SYSRQ = no;
|
||||
# DEBUG_FS = yes;
|
||||
STACKTRACE = no;
|
||||
|
||||
STACKPROTECTOR = no;
|
||||
GCC_PLUGINS = no;
|
||||
WIRELESS = no;
|
||||
INPUT_MOUSEDEV = no;
|
||||
RTC_INTF_PROC = no;
|
||||
})
|
||||
|
||||
# Disabling generally unneeded things
|
||||
(with lib.kernel; {
|
||||
MEDIA_SUBDRV_AUTOSELECT = no;
|
||||
NETWORK_FILESYSTEMS = no;
|
||||
RAID6_PQ_BENCHMARK = no;
|
||||
RUNTIME_TESTING_MENU = no;
|
||||
STRICT_DEVMEM = no;
|
||||
REMOTEPROC = no;
|
||||
RPMSG = no;
|
||||
VHOST_MENU = no;
|
||||
VIRTIO = no;
|
||||
I2C_VIRTIO = no;
|
||||
VIRTIO_CONSOLE = no;
|
||||
VIRTIO_MENU = no;
|
||||
})
|
||||
|
||||
(with lib.kernel; {
|
||||
#MODULES_TREE_LOOKUP = no;
|
||||
#PERF_EVENTS = no;
|
||||
})
|
||||
|
||||
(with lib.kernel; {
|
||||
HID_A4TECH = no;
|
||||
HID_APPLE = no;
|
||||
HID_BELKIN = no;
|
||||
HID_CHERRY = no;
|
||||
HID_CHICONY = no;
|
||||
HID_CYPRESS = no;
|
||||
HID_EZKEY = no;
|
||||
HID_ITE = no;
|
||||
HID_KENSINGTON = no;
|
||||
HID_LOGITECH = no;
|
||||
HID_REDRAGON = no;
|
||||
HID_MICROSOFT = no;
|
||||
HID_MONTEREY = no;
|
||||
INPUT_MOUSE = no;
|
||||
KEYBOARD_ATKBD = no;
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
||||
Loading…
Reference in New Issue