127 Commits (a499113a7a38189e0514860cb8415434a24a3c6c)
 

Author SHA1 Message Date
Adam Joseph 0bf512385d coreboot: add linux-command-line parameter for CONFIG_LINUX_COMMAND_LINE 2 years ago
Adam Joseph 184d2421b2 kgpe: include microcode updates for 63xx cpus 2 years ago
Adam Joseph 9658f9f551 kgpe/coreboot.config: remove extraneous CONFIG_LOCALVERSION 2 years ago
Adam Joseph 1732d9c14e src/coreboot: add console-loglevel parameter 2 years ago
Adam Joseph 040bcdbd79 docs: add platform-specific notes for each platform 2 years ago
Adam Joseph 44caf3407c src/kernel: use 5.10.148 on all platforms
This commit bumps the kgpe and am1i platforms to 5.10.148 for the
pre-kexec() kernel, so all platforms now use the same version.
2 years ago
Adam Joseph 8c8c0017ca em100: fix meta.maintainers 2 years ago
Adam Joseph a180b832e7 kgpe: flashrom.layout no longer needed
Since a6cd35, ownerboot includes a patch to flashrom which allows
nested (but non-overlapping) fmap regions, so the flashrom.layout
file is no longer necessary.
2 years ago
Adam Joseph 1a0e0922ac ok, then care about science 2 years ago
Adam Joseph 2c6a837b48 src/kevin/atf: roll back ~9months to fix suspend-to-ram
ATF v1.6 on gru-kevin causes the laptop to reset itself instead of
waking up from suspend-to-ram.  The cause of this problem is
something in the ~835 commits prior to the v1.6 release.

For now, let's simply use an older commit from upstream;
suspend-to-ram is pretty important for laptops.

TODO: git bisect and revert only the commits that cause this problem.
2 years ago
Adam Joseph 4a2a89d88a src/kernel: bump non-gru-kevin kernels for Linux wifi RCE
This bumps the kernel version on non-gru-kevin to 5.10.148, which
has fixes for the notorious Linux kernel wifi RCE exploits:
CVE-2022-41674, CVE-2022-42719, and CVE-2022-42720.
2 years ago
Adam Joseph b70f108dce platform/kevin: bump kernel to version with wifi RCE fixes
This bumps the kernel version on gru-kevin to 5.10.148, which has
fixes for the notorious Linux kernel wifi RCE exploits:
CVE-2022-41674, CVE-2022-42719, and CVE-2022-42720.

On all other platforms the ownerboot kernel is used only to kexec()
another long-lived kernel, and is therefore built without wifi
support and not vulnerable.

The gru-kevin laptop cannot use kexec() due to unfixable bugs in
mid-2010s versions of ARM's GICv3.

In some cases this bug can be worked around by having the
pre-kexec() kernel not fully initialize the GIC:

  https://lore.kernel.org/lkml/20180921195954.21574-1-marc.zyngier@arm.com/

Unfortunately this workaround leaves the gru-kevin's screen in a
glitchy state post-kexec() which makes the laptop mostly unusable.
2 years ago
Adam Joseph a6cd353a3e src/flashrom: allow nested regions 2 years ago
Adam Joseph 5ed3f4cf89 src/flashrom/0001...patch: reformat for git-am 2 years ago
Adam Joseph bd0335d03a doc/owner-controlled.md: format heading 2 years ago
Adam Joseph ef770e025e doc: remove unfinished footnote (mispush) 2 years ago
Adam Joseph c898388050 userspace: fix ordering typo 2 years ago
Adam Joseph e43f31656d userspace: overhaul 2 years ago
Adam Joseph 4711bd6676 userspace: remember to runHook 2 years ago
Adam Joseph 549cd6add0 initramfs: pass module list as a nix expression rather than a file 2 years ago
Adam Joseph 4c202a6d12 platform/kevin: factor out modules_{no}insmod as a let-block 2 years ago
Adam Joseph 4d5bfd8c48 eliminate CONFIG_LOCALVERSION; it adds complexity 2 years ago
Adam Joseph c15d149350 move userspace to top level to facilitate overriding 2 years ago
Adam Joseph ffdfb0fe19 initramfs: produce a single file in /nix/store rather than a directory 2 years ago
Adam Joseph 25f9d4e927 src/coreboot: fetch patches from upstream where possible 2 years ago
Adam Joseph a9c7c686e5 src/flashrom: add flashrom, including write-protect patch 2 years ago
Adam Joseph a07d0439f3 init 2 years ago