46 Commits (821fba4722a7ba16146cf3c9413626f47bc982c3)

Author SHA1 Message Date
Adam Joseph 821fba4722 default.nix: formatting 2 years ago
Adam Joseph ad5cee037a remove accidentally-checked-in file
I accidentally checked in "ectool-patches-of-unclear-provenance.patch",
which was never used in any way by the build expressions.

This file contained my local patches to a very old version of
ectool, some of which came from Debian and some of which I wrote
myself.  The `ectool.nix` expression uses a newer version of ectool,
which has upstreamed the relevant changes from Debian.  So those
patches no longer need to be carried.  The other patches delete
functionality which I don't need, but other people might, so those
patches won't be included in ownerboot.
2 years ago
Adam Joseph 276723681d kevin/linux.config: enable ath9k spectral scan and debugfs 2 years ago
Adam Joseph 0f15fd86a8 kgpe/linux.config: remove sb700 watchdog-related settings
The KGPE-D16 southbridge contains a watchdog; the kernel module for
this watchdog is sp5100_tco.

Unfortunately this watchdog keeps its counter in the main system CPU
RAM.  This means that the IOMMU will block the watchdog's attempts
to read and write its own counter (through the SMBus, which is PCI
device 0000:00:14.0), resulting in massive amounts of dmesg spam
like this:

```
        pci 0000:00:14.0: AMD-Vi: Event logged [IO_PAGE_FAULT domain=0x0004 address=0xfdf9103300 flags=0x0030]
piix4_smbus 0000:00:14.0: AMD-Vi: Event logged [IO_PAGE_FAULT domain=0x0004 address=0xfdf9103300 flags=0x0030]
```

Setting the IOMMU to allow these accesses is a headache, and
pointless anyways: the KGPE-D16 board disallows the use of the
watchdog by the CPU; it is reserved for the exclusive use of the
BMC.  Attempting to enable the watchdog does nothing; the enable bit
will not turn on.  Recent kernels check for this situation and
report when it is detected:

  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f7781b067522aa269213e8025c80cbed1868d349

Fortunately there is *another* watchdog on the motherboard, inside
the `W83667HG-A` SuperIO chip, and it is supported by
`w83627hf_wdt.ko`.  Subsequent commits to ownerboot will use *that*
watchdog instead.

Dump of my collection of possibly-related links:

- https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266325
- https://forums.freebsd.org/threads/ivhd-errors-after-upgrade-host-to-13-1.85234/
- https://lists.linuxfoundation.org/pipermail/iommu/2015-October/014523.html
- https://lkml.org/lkml/2014/4/22/562
- https://bugzilla.kernel.org/show_bug.cgi?id=170741
- https://marc.info/?l=linuxbios&m=152035277020470&w=2
2 years ago
Adam Joseph 6cf5223d41 ecfw: move flashing scripts to separate derivation 2 years ago
Adam Joseph e5824b756d ecfw: fix comment 2 years ago
Adam Joseph 4cf0b70ae3 ecfw: fix version attr 2 years ago
Adam Joseph bdebb940c9 platform/kevin/ecfw: init 2 years ago
Adam Joseph 1b9d35c10d flashrom: append -chromebook to pname and $out/bin-name when forChromebook==true 2 years ago
Adam Joseph 9ff6fba57c ectool: remove redundant EXTRA_CFLAGS 2 years ago
Adam Joseph 9e592c9751 ectool: make boardName a non-package argument 2 years ago
Adam Joseph 30ac75903b src/util/ectool/: init 2 years ago
Adam Joseph c40ed36e6b src/util/flashrom: move from src/flashrom 2 years ago
Adam Joseph 709bb2104d src/plat/*: allow to override hostPlatform 2 years ago
Adam Joseph 0bdf6e9355 src/plat/*: pass `lib` as a parameter instead of reimporting it 2 years ago
Adam Joseph ed0d745ca4 kgpe: add missing `mkdir` and path component 2 years ago
Adam Joseph d90863f36b coreboot: use python3 2 years ago
Adam Joseph 576e50fc85 flashrom: add option for google chromebook fork 2 years ago
Adam Joseph 6243fa9245 src/coreboot: expose src attr in passthru.src 2 years ago
Adam Joseph 018e75000a optionally build nvramtool, put it and the .layout files in the initramfs 2 years ago
Adam Joseph 7a93f3a128 update coreboot-toolchain to deal with changes in nixpkgs 21.11 2 years ago
Adam Joseph bceb4820f4 factor out lib as an optional argument 2 years ago
Adam Joseph 5fa23513f9 factor out pkgsFun as an optional argument 2 years ago
Adam Joseph 0bf512385d coreboot: add linux-command-line parameter for CONFIG_LINUX_COMMAND_LINE 2 years ago
Adam Joseph 184d2421b2 kgpe: include microcode updates for 63xx cpus 2 years ago
Adam Joseph 9658f9f551 kgpe/coreboot.config: remove extraneous CONFIG_LOCALVERSION 2 years ago
Adam Joseph 1732d9c14e src/coreboot: add console-loglevel parameter 2 years ago
Adam Joseph 44caf3407c src/kernel: use 5.10.148 on all platforms
This commit bumps the kgpe and am1i platforms to 5.10.148 for the
pre-kexec() kernel, so all platforms now use the same version.
2 years ago
Adam Joseph 8c8c0017ca em100: fix meta.maintainers 2 years ago
Adam Joseph a180b832e7 kgpe: flashrom.layout no longer needed
Since a6cd35, ownerboot includes a patch to flashrom which allows
nested (but non-overlapping) fmap regions, so the flashrom.layout
file is no longer necessary.
2 years ago
Adam Joseph 2c6a837b48 src/kevin/atf: roll back ~9months to fix suspend-to-ram
ATF v1.6 on gru-kevin causes the laptop to reset itself instead of
waking up from suspend-to-ram.  The cause of this problem is
something in the ~835 commits prior to the v1.6 release.

For now, let's simply use an older commit from upstream;
suspend-to-ram is pretty important for laptops.

TODO: git bisect and revert only the commits that cause this problem.
2 years ago
Adam Joseph 4a2a89d88a src/kernel: bump non-gru-kevin kernels for Linux wifi RCE
This bumps the kernel version on non-gru-kevin to 5.10.148, which
has fixes for the notorious Linux kernel wifi RCE exploits:
CVE-2022-41674, CVE-2022-42719, and CVE-2022-42720.
2 years ago
Adam Joseph b70f108dce platform/kevin: bump kernel to version with wifi RCE fixes
This bumps the kernel version on gru-kevin to 5.10.148, which has
fixes for the notorious Linux kernel wifi RCE exploits:
CVE-2022-41674, CVE-2022-42719, and CVE-2022-42720.

On all other platforms the ownerboot kernel is used only to kexec()
another long-lived kernel, and is therefore built without wifi
support and not vulnerable.

The gru-kevin laptop cannot use kexec() due to unfixable bugs in
mid-2010s versions of ARM's GICv3.

In some cases this bug can be worked around by having the
pre-kexec() kernel not fully initialize the GIC:

  https://lore.kernel.org/lkml/20180921195954.21574-1-marc.zyngier@arm.com/

Unfortunately this workaround leaves the gru-kevin's screen in a
glitchy state post-kexec() which makes the laptop mostly unusable.
2 years ago
Adam Joseph a6cd353a3e src/flashrom: allow nested regions 2 years ago
Adam Joseph 5ed3f4cf89 src/flashrom/0001...patch: reformat for git-am 2 years ago
Adam Joseph c898388050 userspace: fix ordering typo 2 years ago
Adam Joseph e43f31656d userspace: overhaul 2 years ago
Adam Joseph 4711bd6676 userspace: remember to runHook 2 years ago
Adam Joseph 549cd6add0 initramfs: pass module list as a nix expression rather than a file 2 years ago
Adam Joseph 4c202a6d12 platform/kevin: factor out modules_{no}insmod as a let-block 2 years ago
Adam Joseph 4d5bfd8c48 eliminate CONFIG_LOCALVERSION; it adds complexity 2 years ago
Adam Joseph c15d149350 move userspace to top level to facilitate overriding 2 years ago
Adam Joseph ffdfb0fe19 initramfs: produce a single file in /nix/store rather than a directory 2 years ago
Adam Joseph 25f9d4e927 src/coreboot: fetch patches from upstream where possible 2 years ago
Adam Joseph a9c7c686e5 src/flashrom: add flashrom, including write-protect patch 2 years ago
Adam Joseph a07d0439f3 init 2 years ago