(WIP) KGPE-D16 migration to coreboot 4.11 (community effort) #795
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Next step: migrate only needed coreboot 4.8.1 patches to 4.11 |
|
Mmmmmm. Might have to play with https://github.com/osresearch/heads/pull/709/files#diff-8d39c7575f026b40d86f213a4fcea2d6R54-R59 and https://github.com/osresearch/heads/pull/709/files#diff-c09320c1f30b18f150b674a2f1b2e57c . Out of my league. Additionally, current build fails at: Which seems to depend on https://doc.coreboot.org/security/vboot/index.html#build-flags, |
|
@tlaurion do we know yet if vboot requires a relocatable ramstage? If it does I'm assuming the work to implement that is going to be substantial. |
Specifying in this boards KConfig fixes that error, however build still fails with this error: |
|
@Tonux599 the precedent suggested config statements addtitions ( CONFIG_C_ENVIRONMENT_BOOTBLOCK and CONFIG_VBOOT_STARTS_IN_BOOTBLOCK are not taken cared into consideration for the KGPE-D16 under vanilla coreboot 4.11. Proof/replication: Adding in .config: results in
or To only show diff against dcc86a7 Shows those added CONFIG statements are discarded. Conclusion on those points: are not recognized valid options for that board under vanilla coreboot 4.11 proof: returns nothing. Other stored statements for the kgpe-d16 on coreboot 4.11 without additional patches: We have To play with though. |
I thought that was a requirement for coreboot 4.12, not for VBOOT, but that would be a question for @miczyg1 easy to answer. |
|
@tlaurion sorry I should have been more specific, the options can be specified in Edit: make |
|
@Tonux599 @tlaurion AFAIk KGPE-D16 does not have C_ENVIRONMENT_BOOTBLOCK implemented, so you cannot use this option to create bootable image. As for the S3NV, you may add it to the These options should be closer to what KGPE-D16 would need for vboot: |
|
As for the relocatable ramstage I don't think it is necessary for vboot. You may find the rationale of relocatable ramstage in coreboot's docs : |
|
maybe somebody can help as well for some local test here. When i compile cb with USE_OPTION_TABLE , then on hbsd i can see that c-state c2 is enable. It makes a permanent difference in power consumption of 15 - 30 W. However if i then launch a cpu consuming task like recompiling /usr/src i almost always end up with a mce exception (mc4 ) with always the same signature. From what i understood , the default parameter does not represent the default cb parameter when USE_OPTION_TABLE is disabled. Anybody knows if c2 is dead/buggy by design or if the mce is triggered by the smp option_table code. Then maybe one can have a custom fork to enable the required parameter for c2 without cmos. |
tlaurion
added a commit
to tlaurion/heads
that referenced
this pull request
Aug 11, 2020
tlaurion
added a commit
to tlaurion/heads
that referenced
this pull request
Aug 11, 2020
…that it is not measured at term) per @miczyg1 recommendation under linuxboot#795 (comment)
|
I presume there are security implications having vboot start in romstage as opposed to the bootblock? |
|
@Tonux599 yes, there are. The earlier you start vboot the better, but for KGPE-D16 it is impossible to start vboot right after bootblock (limitation of not having C environment bootblock) |
|
Note that coreboot configs are savedefconfig results under heads (delta from default coreboot config, which we just patched). ee827e0 local build now fails with: EDIT: Direct link to produced output from CI: https://app.circleci.com/pipelines/github/tlaurion/heads/282/workflows/f9890ad5-9109-43f8-a100-eca97caf6748/jobs/307/parallel-runs/0/steps/0-125 Where total build logs will be available here when CI build fails for scrutiny. @miczyg1 any additional insight welcome, as usual. |
|
Community, might be interesting to see if #837 (comment) is relevant to coreboot 4.11 and to validate that the compiling problem above was getting its root from. Please tag me in it you test this forward. |
tlaurion
added a commit
to tlaurion/heads
that referenced
this pull request
Sep 19, 2020
tlaurion
added a commit
to tlaurion/heads
that referenced
this pull request
Sep 19, 2020
…that it is not measured at term) per @miczyg1 recommendation under linuxboot#795 (comment)
tlaurion
force-pushed
the
kgpe_coreboot_411_WIP
branch
3 times, most recently
from
7e3996e to
a488498
Compare
|
I don't know anything about CircleCi, but build still fails for me with the same error as here |
tlaurion
force-pushed
the
kgpe_coreboot_411_WIP
branch
4 times, most recently
from
01448ae to
4b3ea5b
Compare
…number of CPUs, since each thread is expected to have 1Gb of ram.
tlaurion
force-pushed
the
kgpe_coreboot_411_WIP
branch
2 times, most recently
from
0b2a1e7 to
2f7cf90
Compare
tlaurion
force-pushed
the
kgpe_coreboot_411_WIP
branch
from
2f7cf90 to
be7fac4
Compare
|
@tonux Build fails (x on next commit, login with oauth from github to see log) because of invalid fmaps |
|
@tlaurion @Tonux599 I ran into this error yesterday after cherry-picking the commits from #802 and #849 building for the x230. After a lot of trial and error, it was fixed but revering |
|
@tlaurion I'm still convinced that the cross compiler is to blame here. Note this branch which is based off this PR builds because of the cross compiler being disabled. Suggestions are welcome on how to make it compatible with the cross compiler. |
|
@tonux @Thrilleratplay innocent build at https://app.circleci.com/pipelines/github/tlaurion/heads/514/workflows/7c5a6b61-4b68-43a7-8ab6-b8641931e53e/jobs/551 @Tonux599 your branch, compared against this one here, had the following changes missing: Those were merged under https://github.com/tlaurion/heads/tree/tonux_kgpe-d16_coreboot_411 |
@Tonux599 : there is two distinctives approaches.
|
@tlaurion Do you mean the patches akin to the ones in 4.8.1? If so, my branch uses the measured boot that vboot provides. Is this sufficient? It measures bootblock, romstage, ramstage etc. |
|
@Tonux599 : I made a local branch, duplicating yours using coreboot instead of musl-cross-make here which triggered an automatic CircleCI build . We arrive at the same failing since xcompile is invalid, which made @MrChromebox fix coreboot module to depend on musl-cross-make and the coreboot config for 4.12 depend on ANY_TOOLCHAIN, which needs to be the path we take until we switch to another build toolchain altogether. (Maybe fixate docker images used to build coreboot 4.81 being different then 4.11 being different then 4.12... I have no clue what is happening on 4.11 where I doubt the fmd errors are linked to musl-cross-make here) Yesterday I made another branch, taking your patches and putting them on top of coreboot, it also failed with fmd errors. |
@Tonux599 following the upstream discussions, I understand that the bootblock measurements will be impossible, so the RoT for this board needs to go in romstage. My brief understanding of the current failing is that we have misalignment on fmd (down of the log) The patches coming from 4.81 are applied directly in the bootblock for measured boot without VBOOT. What I understand is that VBOOT+measuredboot was incomplete until 4.9+, where the fixes were not brought to the kgpe-d16. VBOOT+measuredboot needs to take root into the romstage (bootblock not beig implemented properly) so the path here is VBOOT+measuredboot, not Measured boot without VBOOT as in 4.81. For the rest, i'm clueless. @miczyg1 ? |
|
@Tonux599 what is the branch that permitted you to have TPM support + VBOOT+Measureboot with screen captures you provided over slack/matrix? |
Looks to me like that failed because
This branch:
Just rebuilt to confirm. Builds without error. |
@Tonux599 ...Duh. Restarted build... |
tlaurion
pushed a commit
to tlaurion/heads
that referenced
this pull request
Oct 18, 2020
…present" Original credit: Bill XIE <[email protected]> [Available at: https://review.coreboot.org/c/coreboot/+/34977] Thanks @miczyg1 for the suggestion. Points to linuxboot#795 build errors troubleshooting and won't be merged upstream in the form of this PR.
Can't replicate success. Wrong branch? |
|
Ha. you updated https://github.com/Tonux599/heads/tree/kgpe-d16_coreboot_411 yesterday. Would strongly advise in creating account on CircleCI and following your repo for automatic builds of your branches on detected pushed commits. Meanwhile I'll clone and point to this PR. |
tlaurion
pushed a commit
to tlaurion/heads
that referenced
this pull request
Oct 18, 2020
…present" Original credit: Bill XIE <[email protected]> [Available at: https://review.coreboot.org/c/coreboot/+/34977] Thanks @miczyg1 for the suggestion. Points to linuxboot#795 build errors troubleshooting and won't be merged upstream in the form of this PR.
Not an error I have encountered. Differences in our branches: I really don't know anything about CircleCI so don't know if your error is attributed to that. |
tlaurion
added a commit
to tlaurion/heads
that referenced
this pull request
Oct 23, 2020
tlaurion
added a commit
to tlaurion/heads
that referenced
this pull request
Oct 23, 2020
…that it is not measured at term) per @miczyg1 recommendation under linuxboot#795 (comment)
|
Effort continues here: #867 |
Tonux599
pushed a commit
to Tonux599/heads
that referenced
this pull request
Nov 28, 2020
Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC Adding dual console to OpenBmc and tty0 putting kgpe-d16-coreboot.conf in defconfig format NO_HZ wasn't included in kernel config. Adding it. Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation Removing serial configuration and static IP stuff since we have a workstation here. Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then. Placing files in good directories Corrrect flashrom options for kgpe-d16 server and workstation boards kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH. kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation) kgpe-d16_workstation in defconfig format kgpe-d16 boards: pass from GPG to GPG2 board definitions kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging kgpe-d16 : expressively export CONFIG_TPM=n kgpe-d16_wokstation gui-init variables were missing kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized linux-kgpe-d16*: add support for Pike kgpe-d16_workstation-usb_keyboard board support addition kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based GitlabCI: kgpe-d16 fixes and upstream merge of change kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file KGPE-D16: community work migration to coreboot 4.11 to fix issue linuxboot#740 KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per linuxboot#709 kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under linuxboot#795 (comment) KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under linuxboot#795 (comment) kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch kgpe-d16 boards: add Linux kernel version where missing. CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master coreboot module: typo correction (tabs vs spaces) CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large" CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support At this stage: - job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32) - "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console. coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM) coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram. CircleCI & coreboot config: fix merge conflict rebasing on master coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599 Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for linuxboot#867
Tonux599
pushed a commit
to Tonux599/heads
that referenced
this pull request
Dec 2, 2020
Changing CONFIG_USB_BOOT_DEV to sdc1, adding back CONFIG_BOOT_STATIC_IP to 192.168.2.3, adding dual console to OpenBMC and tty0 in attempt to have QubesOS graphic installer which complains with no networking when attempting to start VNC Adding dual console to OpenBmc and tty0 putting kgpe-d16-coreboot.conf in defconfig format NO_HZ wasn't included in kernel config. Adding it. Wasn't able to have both console firing up QubesOS gui installer, complaining about hvc1 console errors. Splitting up Workstation and server config. This one works for Worstation Removing serial configuration and static IP stuff since we have a workstation here. Seperate Workstation and Server board configurations until dual console truely works through QubesOS gui installation. kgpe-d16 board config removed until then. Placing files in good directories Corrrect flashrom options for kgpe-d16 server and workstation boards kgpe-d16 linux: NO_HZ_IDLE instead of NO_HZ kgpe-d16: seperate board for workstation to be AST and gui-init based, while kgpe-d16-> kgpe-d16_server kgpe-d16_server: boots, shows ASpeed text on VGA, controllable through BMC via SSH. kgpe-d16_workstation on ASpeed console. WIP. (Includes CIs configs to build server and workstation) kgpe-d16_workstation in defconfig format kgpe-d16 boards: pass from GPG to GPG2 board definitions kgpe-d16_workstation : Adding Cairo and FbWhpitail in board config for gui-init to work in FB mode kgpe-d16: removing plymouth.ignore-serial-consoles to fix server terminal output kgpe-d16: bring par with staging branch https://gitlab.com/tlaurion/heads/commits/kgpe-d16_staging kgpe-d16 : expressively export CONFIG_TPM=n kgpe-d16_wokstation gui-init variables were missing kgpe-d16 boards: add CONFIG_LINUX_USB_COMPANION_CONTROLLER so that usb is recognized linux-kgpe-d16*: add support for Pike kgpe-d16_workstation-usb_keyboard board support addition kgpe-d16_server-whiptail: Add board and dependencies to have gui-init in whiptail (console mode, not FbWhiptail based GitlabCI: kgpe-d16 fixes and upstream merge of change kgpe-d16* board: add statement to fixate coreboot version to 4.8.1 for the moment kgpe-d16: add missing config/linux-kgpe-d16_server-whiptail.config file KGPE-D16: community work migration to coreboot 4.11 to fix issue linuxboot#740 KGPE-D16 boards: Adding VBOOT+measured boot, musl-cross patch and 4.11 patch brought up per linuxboot#709 kgpe-d16* boards: add VBOOT Kconfig patch per @miczyg1 recommendation under linuxboot#795 (comment) KGPE-D16* coreboot configs: Add S3NV as a Runtime data whitelist (so that it is not measured at term) per @miczyg1 recommendation under linuxboot#795 (comment) kgpe-d16 coreboot 4.11: add https://review.coreboot.org/c/coreboot/+/36908 patch kgpe-d16 boards: add Linux kernel version where missing. CircleCI: Add debug output on fail for kgpe-d16 board builds to bring par with upstream after rebasing on master coreboot module: typo correction (tabs vs spaces) CircleCI: trying to address "g++: fatal error: Killed signal terminated program cc1plus." happening under coreboot 4.11 and coreboot 4.12 builds CircleCI: remove past addition to test recommendation from CircleCI: "resource_class: large" CircleCi: Ok.... lets output dmesg content prior of other logs.... I'm out of ideas. Next step, ask CircleCI for support At this stage: - job's "make --load" is supposed to guarantee that the number of thread doesn't exhaust pass of a load of 2 (medium, free class, CircleCI has 32 cores so possibility of a load of 32) - "--max_old_space_size=4096" in CircleCI environement is supposed to limit memory consumption to 4096Mb of memory, the max of a medium class free tier CircleCI node CircleCI: remove verbose build (no more V=1), in case of failed build, find all logs modified in last minute and output each of them on console. coreboot module: implement load average respect inside of problematic CI build for coreboot 4.11+ being killed in the action (32 cores with 4Gb ram get gcc OOM) coreboot module: replace nproc by number of Gb actually available as number of CPUs, since each thread is expected to have 1Gb of ram. CircleCI & coreboot config: fix merge conflict rebasing on master coreboot 4.11 kgpe-d16 vboot patches addendum, credits goes to @Tonux599 Fix merge conflicts and make sure all boards are inside of CircleCI builds. PoC build for linuxboot#867
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is based on #472 and will be very verbose in the commits.
Similar work will be required for any board leaving coreboot 4.8.1 to go 4.11+
Similar work will be required to upgrade kernel to newer version so that each board can be tested prior of merging changes, permitting to keep coreboot+linux modules while we migrate.
Comments and partitipation welcome in the goal of fixing #740