From 65abba9946991f80515261e68bca3bb42ae80deb Mon Sep 17 00:00:00 2001 From: Markus Meissner Date: Mon, 18 Dec 2023 20:43:17 +0100 Subject: [PATCH 1/3] coreboot-nitrokey: update dasharo to v1.7.2 * remove all previous coreboot patches (as they are already included) * to be investigated: linux trampoline patch * add new patch to hardcode sleep configuration * activate smmstore as dasharo vendor code requires it Signed-off-by: Markus Meissner --- config/coreboot-nitropad-ns50.config | 2 +- config/coreboot-nitropad-nv41.config | 2 +- modules/coreboot | 2 +- ...ge_acpica-unix2_location_to_a_mirror.patch | 23 --- ...0001-dasharo-hardcode-configurations.patch | 16 ++ ...er_bootsplash_on_bigger_framebuffers.patch | 150 ------------------ .../0002-s3-sleep-hardcode.patch | 12 -- ...ampoline-handle_coreboot_framebuffer.patch | 99 ------------ ...04-bootsplash-Add_ImageMagick_voodoo.patch | 136 ---------------- 9 files changed, 19 insertions(+), 423 deletions(-) delete mode 100644 patches/coreboot-nitrokey-clevo_release/0001-change_acpica-unix2_location_to_a_mirror.patch create mode 100644 patches/coreboot-nitrokey-clevo_release/0001-dasharo-hardcode-configurations.patch delete mode 100644 patches/coreboot-nitrokey-clevo_release/0002-libgfxinit-center_bootsplash_on_bigger_framebuffers.patch delete mode 100644 patches/coreboot-nitrokey-clevo_release/0002-s3-sleep-hardcode.patch delete mode 100644 patches/coreboot-nitrokey-clevo_release/0003-linux_trampoline-handle_coreboot_framebuffer.patch delete mode 100644 patches/coreboot-nitrokey-clevo_release/0004-bootsplash-Add_ImageMagick_voodoo.patch diff --git a/config/coreboot-nitropad-ns50.config b/config/coreboot-nitropad-ns50.config index 8f4c14c98..19c43d6d8 100644 --- a/config/coreboot-nitropad-ns50.config +++ b/config/coreboot-nitropad-ns50.config @@ -560,7 +560,7 @@ CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 # CONFIG_ELOG is not set CONFIG_CACHE_MRC_SETTINGS=y CONFIG_MRC_SETTINGS_PROTECT=y -# CONFIG_SMMSTORE is not set +CONFIG_SMMSTORE=y CONFIG_SPI_FLASH=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y diff --git a/config/coreboot-nitropad-nv41.config b/config/coreboot-nitropad-nv41.config index b7a1ac0f5..631e61766 100644 --- a/config/coreboot-nitropad-nv41.config +++ b/config/coreboot-nitropad-nv41.config @@ -560,7 +560,7 @@ CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000 # CONFIG_ELOG is not set CONFIG_CACHE_MRC_SETTINGS=y CONFIG_MRC_SETTINGS_PROTECT=y -# CONFIG_SMMSTORE is not set +CONFIG_SMMSTORE=y CONFIG_SPI_FLASH=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y diff --git a/modules/coreboot b/modules/coreboot index 0671d0914..25196e24b 100644 --- a/modules/coreboot +++ b/modules/coreboot @@ -88,7 +88,7 @@ $(eval $(call coreboot_module,purism,)) #Nitrokey nv41/ns50 are based on Dasharo coreboot port, # with patches staging under coreboot-clevo_release coreboot-nitrokey_repo := https://github.com/dasharo/coreboot -coreboot-nitrokey_commit_hash := ae10b20f5c6abc9c23f709b65c46be6525da8c13 +coreboot-nitrokey_commit_hash := 1bcb338682b612cfcca8bba02846f78139b2e0c8 coreboot-nitrokey_patch_version := clevo_release #We use clevo_release's crossgcc for now, unshared but between nitropad nv41/ns50 $(eval $(call coreboot_module,nitrokey,)) diff --git a/patches/coreboot-nitrokey-clevo_release/0001-change_acpica-unix2_location_to_a_mirror.patch b/patches/coreboot-nitrokey-clevo_release/0001-change_acpica-unix2_location_to_a_mirror.patch deleted file mode 100644 index f5dd9ec26..000000000 --- a/patches/coreboot-nitrokey-clevo_release/0001-change_acpica-unix2_location_to_a_mirror.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 6328eebb101fd0ded7168e1377da6a1a82a8e2da Mon Sep 17 00:00:00 2001 -From: Markus Meissner -Date: Wed, 19 Jul 2023 20:36:57 +0200 -Subject: [PATCH] change acpica-unix2 location to a mirror - ---- - util/crossgcc/buildgcc | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/util/crossgcc/buildgcc b/util/crossgcc/buildgcc -index 03c24da1be9..8880c89ea66 100755 ---- a/util/crossgcc/buildgcc -+++ b/util/crossgcc/buildgcc -@@ -52,7 +52,7 @@ MPFR_ARCHIVE="https://ftpmirror.gnu.org/mpfr/mpfr-${MPFR_VERSION}.tar.xz" - MPC_ARCHIVE="https://ftpmirror.gnu.org/mpc/mpc-${MPC_VERSION}.tar.gz" - GCC_ARCHIVE="https://ftpmirror.gnu.org/gcc/gcc-${GCC_VERSION}/gcc-${GCC_VERSION}.tar.xz" - BINUTILS_ARCHIVE="https://ftpmirror.gnu.org/binutils/binutils-${BINUTILS_VERSION}.tar.xz" --IASL_ARCHIVE="https://acpica.org/sites/acpica/files/acpica-unix2-${IASL_VERSION}.tar.gz" -+IASL_ARCHIVE="https://gsdview.appspot.com/chromeos-localmirror/distfiles/acpica-unix2-${IASL_VERSION}.tar.gz" - # CLANG toolchain archive locations - LLVM_ARCHIVE="https://github.com/llvm/llvm-project/releases/download/llvmorg-${CLANG_VERSION}/llvm-${CLANG_VERSION}.src.tar.xz" - CLANG_ARCHIVE="https://github.com/llvm/llvm-project/releases/download/llvmorg-${CLANG_VERSION}/clang-${CLANG_VERSION}.src.tar.xz" - diff --git a/patches/coreboot-nitrokey-clevo_release/0001-dasharo-hardcode-configurations.patch b/patches/coreboot-nitrokey-clevo_release/0001-dasharo-hardcode-configurations.patch new file mode 100644 index 000000000..5bc9754dc --- /dev/null +++ b/patches/coreboot-nitrokey-clevo_release/0001-dasharo-hardcode-configurations.patch @@ -0,0 +1,16 @@ +diff -ur dasharo_cb.org/src/vendorcode/dasharo/options.c dasharo_cb/src/vendorcode/dasharo/options.c +--- dasharo_cb.org/src/vendorcode/dasharo/options.c 2023-12-18 21:57:46.915582991 +0100 ++++ dasharo_cb/src/vendorcode/dasharo/options.c 2023-12-19 19:16:13.077019389 +0100 +@@ -189,7 +189,12 @@ + + uint8_t get_sleep_type_option(void) + { ++ ++#if CONFIG(BOARD_NOVACUSTOM_NV4X_ADLP) ++ uint8_t sleep_type = SLEEP_TYPE_OPTION_S3; ++#else + uint8_t sleep_type = SLEEP_TYPE_OPTION_S0IX; ++#endif + + if (CONFIG(DRIVERS_EFI_VARIABLE_STORE)) + read_u8_var("SleepType", &sleep_type); diff --git a/patches/coreboot-nitrokey-clevo_release/0002-libgfxinit-center_bootsplash_on_bigger_framebuffers.patch b/patches/coreboot-nitrokey-clevo_release/0002-libgfxinit-center_bootsplash_on_bigger_framebuffers.patch deleted file mode 100644 index fd16e2245..000000000 --- a/patches/coreboot-nitrokey-clevo_release/0002-libgfxinit-center_bootsplash_on_bigger_framebuffers.patch +++ /dev/null @@ -1,150 +0,0 @@ -From 4fafe82b67dfe6919fe7be93459083549aac9f25 Mon Sep 17 00:00:00 2001 -From: Nico Huber -Date: Fri, 14 Jul 2023 00:09:00 +0200 -Subject: [PATCH] Center bootsplash on bigger framebuffers - -In the JPEG decoder, use `bytes_per_line` instead of `width` for -address calculations, to allow for bigger framebuffers. When -calling jpeg_decode(), add an offset to the framebuffer address -so the picture gets centered. - -Change-Id: I0174bdccfaad425e708a5fa50bcb28a1b98a23f7 -Signed-off-by: Nico Huber ---- - -diff --git a/src/include/bootsplash.h b/src/include/bootsplash.h -index 10da5aa..9d1bae3 100644 ---- a/src/include/bootsplash.h -+++ b/src/include/bootsplash.h -@@ -12,7 +12,8 @@ - * and >0 on jpeg errors. - */ - void set_bootsplash(unsigned char *framebuffer, unsigned int x_resolution, -- unsigned int y_resolution, unsigned int fb_resolution); -+ unsigned int y_resolution, unsigned int bytes_per_line, -+ unsigned int fb_resolution); - - - void bmp_load_logo(uint32_t *logo_ptr, uint32_t *logo_size); -diff --git a/src/lib/bootsplash.c b/src/lib/bootsplash.c -index 0eb94dc..3ab11ac 100644 ---- a/src/lib/bootsplash.c -+++ b/src/lib/bootsplash.c -@@ -11,7 +11,8 @@ - - - void set_bootsplash(unsigned char *framebuffer, unsigned int x_resolution, -- unsigned int y_resolution, unsigned int fb_resolution) -+ unsigned int y_resolution, unsigned int bytes_per_line, -+ unsigned int fb_resolution) - { - printk(BIOS_INFO, "Setting up bootsplash in %dx%d@%d\n", x_resolution, y_resolution, - fb_resolution); -@@ -27,9 +28,20 @@ - - printk(BIOS_DEBUG, "Bootsplash image resolution: %dx%d\n", image_width, image_height); - -+ if (image_width > x_resolution || image_height > y_resolution) { -+ printk(BIOS_NOTICE, "Bootsplash image can't fit framebuffer.\n"); -+ cbfs_unmap(jpeg); -+ return; -+ } -+ -+ /* center image: */ -+ framebuffer += (y_resolution - image_height) / 2 * bytes_per_line + -+ (x_resolution - image_width) / 2 * (fb_resolution / 8); -+ - decdata = malloc(sizeof(*decdata)); -- int ret = jpeg_decode(jpeg, framebuffer, x_resolution, y_resolution, fb_resolution, -- decdata); -+ int ret = jpeg_decode(jpeg, framebuffer, image_width, image_height, -+ bytes_per_line, fb_resolution, decdata); -+ free(decdata); - cbfs_unmap(jpeg); - if (ret != 0) { - printk(BIOS_ERR, "Bootsplash could not be decoded. jpeg_decode returned %d.\n", -diff --git a/src/lib/coreboot_table.c b/src/lib/coreboot_table.c -index bee389d..800d2d4 100644 ---- a/src/lib/coreboot_table.c -+++ b/src/lib/coreboot_table.c -@@ -155,8 +155,9 @@ - uint8_t *fb_ptr = (uint8_t *)(uintptr_t)framebuffer->physical_address; - unsigned int width = framebuffer->x_resolution; - unsigned int height = framebuffer->y_resolution; -+ unsigned int bytes_per_line = framebuffer->bytes_per_line; - unsigned int depth = framebuffer->bits_per_pixel; -- set_bootsplash(fb_ptr, width, height, depth); -+ set_bootsplash(fb_ptr, width, height, bytes_per_line, depth); - } - } - -diff --git a/src/lib/jpeg.c b/src/lib/jpeg.c -index b3d4c89..ed4377f 100644 ---- a/src/lib/jpeg.c -+++ b/src/lib/jpeg.c -@@ -267,7 +267,8 @@ - } - - int jpeg_decode(unsigned char *buf, unsigned char *pic, -- int width, int height, int depth, struct jpeg_decdata *decdata) -+ int width, int height, int bytes_per_line, int depth, -+ struct jpeg_decdata *decdata) - { - int i, j, m, tac, tdc; - int mcusx, mcusy, mx, my; -@@ -382,19 +383,19 @@ - - switch (depth) { - case 32: -- col221111_32(decdata->out, pic -- + (my * 16 * mcusx + mx) * 16 * 4, -- mcusx * 16 * 4); -+ col221111_32(decdata->out, -+ pic + my * 16 * bytes_per_line + mx * 16 * 4, -+ bytes_per_line); - break; - case 24: -- col221111(decdata->out, pic -- + (my * 16 * mcusx + mx) * 16 * 3, -- mcusx * 16 * 3); -+ col221111(decdata->out, -+ pic + my * 16 * bytes_per_line + mx * 16 * 3, -+ bytes_per_line); - break; - case 16: -- col221111_16(decdata->out, pic -- + (my * 16 * mcusx + mx) * (16 * 2), -- mcusx * (16 * 2)); -+ col221111_16(decdata->out, -+ pic + my * 16 * bytes_per_line + mx * 16 * 2, -+ bytes_per_line); - break; - default: - return ERR_DEPTH_MISMATCH; -diff --git a/src/lib/jpeg.h b/src/lib/jpeg.h -index 237da9f..fdb2def 100644 ---- a/src/lib/jpeg.h -+++ b/src/lib/jpeg.h -@@ -31,8 +31,7 @@ - int dquant[3][64]; - }; - --int jpeg_decode(unsigned char *, unsigned char *, int, int, int, -- struct jpeg_decdata *); -+int jpeg_decode(unsigned char *, unsigned char *, int, int, int, int, struct jpeg_decdata *); - void jpeg_fetch_size(unsigned char *buf, int *width, int *height); - int jpeg_check_size(unsigned char *, int, int); - -diff --git a/util/fuzz-tests/jpeg-test.c b/util/fuzz-tests/jpeg-test.c -index 69e6c8d..da21824 100644 ---- a/util/fuzz-tests/jpeg-test.c -+++ b/util/fuzz-tests/jpeg-test.c -@@ -30,7 +30,7 @@ - jpeg_fetch_size(buf, &width, &height); - //printf("width: %d, height: %d\n", width, height); - char *pic = malloc(depth / 8 * width * height); -- int ret = jpeg_decode(buf, pic, width, height, depth, decdata); -+ int ret = jpeg_decode(buf, pic, width, height, width * depth / 8, depth, decdata); - //printf("ret: %x\n", ret); - return ret; - } diff --git a/patches/coreboot-nitrokey-clevo_release/0002-s3-sleep-hardcode.patch b/patches/coreboot-nitrokey-clevo_release/0002-s3-sleep-hardcode.patch deleted file mode 100644 index f6ce05544..000000000 --- a/patches/coreboot-nitrokey-clevo_release/0002-s3-sleep-hardcode.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -u --recursive coreboot-git.org/src/mainboard/clevo/adl-p/ramstage.c coreboot-git/src/mainboard/clevo/adl-p/ramstage.c ---- coreboot-git.org/src/mainboard/clevo/adl-p/ramstage.c 2023-09-25 13:59:42.737397657 +0200 -+++ coreboot-git/src/mainboard/clevo/adl-p/ramstage.c 2023-09-25 14:00:19.384660682 +0200 -@@ -50,7 +50,7 @@ - #define SLEEP_TYPE_OPTION_S0IX 0 - #define SLEEP_TYPE_OPTION_S3 1 - --#define SLEEP_TYPE_OPTION_DEFAULT SLEEP_TYPE_OPTION_S0IX -+#define SLEEP_TYPE_OPTION_DEFAULT SLEEP_TYPE_OPTION_S3 - - const char *smbios_system_sku(void) - { diff --git a/patches/coreboot-nitrokey-clevo_release/0003-linux_trampoline-handle_coreboot_framebuffer.patch b/patches/coreboot-nitrokey-clevo_release/0003-linux_trampoline-handle_coreboot_framebuffer.patch deleted file mode 100644 index 1cb6d7b50..000000000 --- a/patches/coreboot-nitrokey-clevo_release/0003-linux_trampoline-handle_coreboot_framebuffer.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 295f6bf8d4bc93d1aedef218f14c8f20f101a1af Mon Sep 17 00:00:00 2001 -From: Nico Huber -Date: Fri, 14 Jul 2023 14:20:39 +0200 -Subject: [PATCH] linux_trampoline: Handle coreboot framebuffer - -Translate the coreboot framebuffer info from coreboot tables to -the Linux zero page. - -Tested in QEMU/Q35 with a kernel w/ efifb enabled. - -Change-Id: I2447b2366df8dd8ffe741c943de544d8b4d02dff -Signed-off-by: Nico Huber -Co-authored-by: Bill XIE -Reviewed-on: https://review.coreboot.org/c/coreboot/+/76431 -Reviewed-by: Paul Menzel -Tested-by: build bot (Jenkins) -Reviewed-by: Tim Wawrzynczak -Reviewed-by: Samuel Holland -Reviewed-by: Bill XIE ---- - -diff --git a/util/cbfstool/linux_trampoline.S b/util/cbfstool/linux_trampoline.S -index 767c8be..d36e60d 100644 ---- a/util/cbfstool/linux_trampoline.S -+++ b/util/cbfstool/linux_trampoline.S -@@ -102,7 +102,36 @@ - .testFramebuffer: - cmp $CB_TAG_FRAMEBUFFER, (%ebx) - jne .endScan --/* TODO: handle framebuffer tag */ -+ -+cmpl $0, 0x0c(%ebx) /* check if upper 32-bit of framebuffer address are 0 */ -+jne .endScan -+ -+mov $LINUX_PARAM_LOC, %edi /* translate the framebuffer entry into Linux' struct screen_info */ -+mov 0x08(%ebx), %eax /* physical_address */ -+mov %eax, 0x18(%edi) /* -> lfb_base */ -+mov 0x10(%ebx), %eax /* x_resolution */ -+mov %ax, 0x12(%edi) /* -> lfb_width */ -+mov 0x14(%ebx), %eax /* y_resolution */ -+mov %ax, 0x14(%edi) /* -> lfb_height */ -+mov 0x18(%ebx), %edx /* bytes_per_line */ -+mov %dx, 0x24(%edi) /* -> lfb_linelength */ -+ -+mul %edx /* bytes_per_line * y_resolution */ -+mov %eax, 0x1c(%edi) /* -> lfb_size */ -+ -+movzbw 0x1c(%ebx), %ax /* bits_per_pixel */ -+mov %ax, 0x16(%edi) /* -> lfb_depth */ -+ -+mov $4, %esi /* Copy 4 color components' pos and size, each 1 byte. */ -+1: -+mov 0x1b(%ebx, %esi, 2), %ax -+rol %ax /* Order is reversed for Linux, hence swap. */ -+mov %ax, 0x24(%edi, %esi, 2) -+dec %esi -+jnz 1b -+ -+#define LFB_EFI_SIMPLE 0x70 /* VIDEO_TYPE_EFI in Linux */ -+movb $LFB_EFI_SIMPLE, 0x0f(%edi) /* -> orig_video_isVGA */ - - .endScan: - add 4(%ebx), %ebx -diff --git a/util/cbfstool/linux_trampoline.c b/util/cbfstool/linux_trampoline.c -index 46bb800..87c595a 100644 ---- a/util/cbfstool/linux_trampoline.c -+++ b/util/cbfstool/linux_trampoline.c -@@ -3,18 +3,23 @@ - unsigned char trampoline[] = { - 0xfc, 0x31, 0xd2, 0xb9, 0x00, 0x00, 0x00, 0x00, 0xbb, 0x00, 0x00, 0x01, 0x00, 0x01, 0xcb, 0x8b, - 0x01, 0x3d, 0x4c, 0x42, 0x49, 0x4f, 0x74, 0x07, 0x83, 0xc1, 0x10, 0x39, 0xcb, 0x75, 0xe9, 0x39, -- 0xcb, 0x0f, 0x84, 0xc5, 0x00, 0x00, 0x00, 0x8b, 0x59, 0x04, 0x01, 0xcb, 0x8b, 0x49, 0x14, 0x83, -+ 0xcb, 0x0f, 0x84, 0x12, 0x01, 0x00, 0x00, 0x8b, 0x59, 0x04, 0x01, 0xcb, 0x8b, 0x49, 0x14, 0x83, - 0x3b, 0x11, 0x75, 0x05, 0x8b, 0x4b, 0x08, 0xeb, 0xcf, 0x83, 0x3b, 0x01, 0x75, 0x53, 0x8b, 0x43, - 0x04, 0x83, 0xe8, 0x08, 0xc1, 0xe8, 0x02, 0x3d, 0xa0, 0x00, 0x00, 0x00, 0x7e, 0x05, 0xb8, 0xa0, - 0x00, 0x00, 0x00, 0x89, 0xc6, 0xbf, 0x05, 0x00, 0x00, 0x00, 0xf7, 0xf7, 0xa3, 0xe8, 0x01, 0x09, - 0x00, 0x89, 0xf0, 0x91, 0x8d, 0x73, 0x08, 0xbf, 0xd0, 0x02, 0x09, 0x00, 0xf3, 0xa5, 0x91, 0xa1, -- 0xe8, 0x01, 0x09, 0x00, 0xbf, 0xd0, 0x02, 0x09, 0x00, 0x83, 0xf8, 0x00, 0x74, 0x2f, 0x83, 0x7f, -+ 0xe8, 0x01, 0x09, 0x00, 0xbf, 0xd0, 0x02, 0x09, 0x00, 0x83, 0xf8, 0x00, 0x74, 0x7c, 0x83, 0x7f, - 0x10, 0x0c, 0x7e, 0x07, 0xc7, 0x47, 0x10, 0x02, 0x00, 0x00, 0x00, 0x48, 0x83, 0xc7, 0x14, 0xeb, - 0xe8, 0x83, 0x3b, 0x43, 0x75, 0x12, 0x8b, 0x43, 0x08, 0xa3, 0x70, 0x00, 0x09, 0x00, 0x8b, 0x43, -- 0x0c, 0xa3, 0x74, 0x00, 0x09, 0x00, 0xeb, 0x05, 0x83, 0x3b, 0x12, 0x75, 0x00, 0x03, 0x5b, 0x04, -- 0x49, 0x0f, 0x85, 0x78, 0xff, 0xff, 0xff, 0xb8, 0x00, 0x00, 0x04, 0x00, 0xc7, 0x40, 0x10, 0xff, -- 0xff, 0x00, 0x00, 0xc7, 0x40, 0x14, 0x00, 0x9b, 0xcf, 0x00, 0xc7, 0x40, 0x18, 0xff, 0xff, 0x00, -- 0x00, 0xc7, 0x40, 0x1c, 0x00, 0x93, 0xcf, 0x00, 0xc6, 0x00, 0x2b, 0x89, 0x40, 0x02, 0x0f, 0x01, -- 0x10, 0xbe, 0x00, 0x00, 0x09, 0x00, 0xff, 0x25, 0x14, 0x02, 0x09, 0x00, 0xf4, 0xeb, 0xfd -+ 0x0c, 0xa3, 0x74, 0x00, 0x09, 0x00, 0xeb, 0x52, 0x83, 0x3b, 0x12, 0x75, 0x4d, 0x83, 0x7b, 0x0c, -+ 0x00, 0x75, 0x47, 0xbf, 0x00, 0x00, 0x09, 0x00, 0x8b, 0x43, 0x08, 0x89, 0x47, 0x18, 0x8b, 0x43, -+ 0x10, 0x66, 0x89, 0x47, 0x12, 0x8b, 0x43, 0x14, 0x66, 0x89, 0x47, 0x14, 0x8b, 0x53, 0x18, 0x66, -+ 0x89, 0x57, 0x24, 0xf7, 0xe2, 0x89, 0x47, 0x1c, 0x66, 0x0f, 0xb6, 0x43, 0x1c, 0x66, 0x89, 0x47, -+ 0x16, 0xbe, 0x04, 0x00, 0x00, 0x00, 0x66, 0x8b, 0x44, 0x73, 0x1b, 0x66, 0xd1, 0xc0, 0x66, 0x89, -+ 0x44, 0x77, 0x24, 0x4e, 0x75, 0xf0, 0xc6, 0x47, 0x0f, 0x70, 0x03, 0x5b, 0x04, 0x49, 0x0f, 0x85, -+ 0x2b, 0xff, 0xff, 0xff, 0xb8, 0x00, 0x00, 0x04, 0x00, 0xc7, 0x40, 0x10, 0xff, 0xff, 0x00, 0x00, -+ 0xc7, 0x40, 0x14, 0x00, 0x9b, 0xcf, 0x00, 0xc7, 0x40, 0x18, 0xff, 0xff, 0x00, 0x00, 0xc7, 0x40, -+ 0x1c, 0x00, 0x93, 0xcf, 0x00, 0xc6, 0x00, 0x2b, 0x89, 0x40, 0x02, 0x0f, 0x01, 0x10, 0xbe, 0x00, -+ 0x00, 0x09, 0x00, 0xff, 0x25, 0x14, 0x02, 0x09, 0x00, 0xf4, 0xeb, 0xfd - }; --unsigned int trampoline_len = 239; -+unsigned int trampoline_len = 316; diff --git a/patches/coreboot-nitrokey-clevo_release/0004-bootsplash-Add_ImageMagick_voodoo.patch b/patches/coreboot-nitrokey-clevo_release/0004-bootsplash-Add_ImageMagick_voodoo.patch deleted file mode 100644 index 852a4eba6..000000000 --- a/patches/coreboot-nitrokey-clevo_release/0004-bootsplash-Add_ImageMagick_voodoo.patch +++ /dev/null @@ -1,136 +0,0 @@ -From 0c9e832ea1fe321737b1980588407f283ec92ef2 Mon Sep 17 00:00:00 2001 -From: Nico Huber -Date: Sun, 16 Jul 2023 19:24:13 +0200 -Subject: [PATCH] bootsplash: Add ImageMagick voodoo - -Ta-da! - -(commit message tbd) - -Change-Id: I564e0d89fb46503ff4c11e095726616700009968 -Signed-off-by: Nico Huber ---- - -diff --git a/Makefile.inc b/Makefile.inc -index 0d38ea3..5e1dcee 100644 ---- a/Makefile.inc -+++ b/Makefile.inc -@@ -357,6 +357,24 @@ - $(eval DEPENDENCIES += $(2).d) - - ####################################################################### -+# Convert image to YCC 4:2:0 JPEG -+# arg1: image input file -+# arg2: output jpg -+cbfs-files-processor-jpg420= \ -+ $(eval $(2): $(1) $(KCONFIG_AUTOCONFIG); \ -+ printf " CONVERT $$<\n"; \ -+ convert $$< $(BOOTSPLASH_RESIZE-y) $(BOOTSPLASH_COLORSWAP-y) \ -+ -quality $(CONFIG_BOOTSPLASH_CONVERT_QUALITY)% \ -+ -interlace none -colorspace YCC -sampling-factor 4:2:0 \ -+ jpg:$$@) -+BOOTSPLASH_RESOLUTION = $(shell res=$(CONFIG_BOOTSPLASH_CONVERT_RESOLUTION); \ -+ echo $$(($${res%%x*}/16*16))x$$(($${res##*x}/16*16)) 2>/dev/null) -+BOOTSPLASH_RESIZE-$(CONFIG_BOOTSPLASH_CONVERT_RESIZE) = \ -+ -resize $(BOOTSPLASH_RESOLUTION) -background black \ -+ -gravity center -extent $(BOOTSPLASH_RESOLUTION) -+BOOTSPLASH_COLORSWAP-$(CONFIG_BOOTSPLASH_CONVERT_COLORSWAP) := -channel-fx 'red<=>blue' -+ -+####################################################################### - # Add handler for arbitrary files in CBFS - $(call add-special-class,cbfs-files) - cbfs-files-handler= \ -@@ -1281,10 +1299,16 @@ - build_info-file := $(obj)/build_info - build_info-type := raw - -+ifeq ($(CONFIG_BOOTSPLASH_CONVERT),y) -+cbfs-files-$(CONFIG_BOOTSPLASH_IMAGE) += bootsplash.jpg -+bootsplash.jpg-file := $(call strip_quotes,$(CONFIG_BOOTSPLASH_FILE)):jpg420 -+bootsplash.jpg-type := bootsplash -+else - BOOTSPLASH_SUFFIX=$(suffix $(call strip_quotes,$(CONFIG_BOOTSPLASH_FILE))) - cbfs-files-$(CONFIG_BOOTSPLASH_IMAGE) += bootsplash$(BOOTSPLASH_SUFFIX) - bootsplash$(BOOTSPLASH_SUFFIX)-file := $(call strip_quotes,$(CONFIG_BOOTSPLASH_FILE)) - bootsplash$(BOOTSPLASH_SUFFIX)-type := bootsplash -+endif - - # Ensure that no payload segment overlaps with memory regions used by ramstage - # (not for x86 since it can relocate itself in that case) -diff --git a/src/Kconfig b/src/Kconfig -index f5ba4fc..e906130 100644 ---- a/src/Kconfig -+++ b/src/Kconfig -@@ -447,7 +447,52 @@ - # Default value set at the end of the file - help - The path and filename of the file to use as graphical bootsplash -- screen. The file format has to be jpg. -+ screen. The file format has to be JPEG with YCC 4:2:0 color sampling -+ unless converted with "Pre-process bootsplash file with ImageMagick". -+ -+ The image can only be displayed by coreboot if it's smaller or has -+ the same size as the framebuffer resolution. Width and height have -+ to be a multiple of 16 pixels. -+ -+ Setting these constraints allows a leaner implementation in coreboot. -+ The minimum necessary ImageMagick command line seems to be: -+ $ convert input.img -colorspace YCC -sampling-factor 4:2:0 bootsplash.jpg -+ -+config BOOTSPLASH_CONVERT -+ bool "Pre-process bootsplash file with ImageMagick" -+ depends on BOOTSPLASH_IMAGE -+ # Default value set at the end of the file -+ help -+ Use ImageMagick (`convert` program) to convert a bootsplash image -+ to the supported JPEG format. -+ -+config BOOTSPLASH_CONVERT_QUALITY -+ int "Bootsplash JPEG target quality (%)" -+ depends on BOOTSPLASH_CONVERT -+ range 1 100 -+ # Default value set at the end of the file -+ -+config BOOTSPLASH_CONVERT_RESIZE -+ bool "Resize bootsplash image" -+ depends on BOOTSPLASH_CONVERT -+ help -+ Resize the image to the given resolution. Aspect ratio will be kept, -+ adding black bars as necessary. -+ -+config BOOTSPLASH_CONVERT_RESOLUTION -+ string "Bootsplash image target size" -+ depends on BOOTSPLASH_CONVERT_RESIZE -+ # Default value set at the end of the file -+ help -+ Target image resolution given as x, e.g. 1024x768. -+ Values not divisible by 16 will be rounded down. -+ -+config BOOTSPLASH_CONVERT_COLORSWAP -+ bool "Swap red and blue color channels" -+ depends on BOOTSPLASH_CONVERT -+ help -+ The JPEG decoder currently ignores the framebuffer color order. -+ If your colors seem all wrong, try this option. - - config FW_CONFIG - bool "Firmware Configuration Probing" -@@ -1444,6 +1489,18 @@ - depends on BOOTSPLASH_IMAGE - default "bootsplash.jpg" - -+config BOOTSPLASH_CONVERT -+ depends on BOOTSPLASH_IMAGE -+ default y -+ -+config BOOTSPLASH_CONVERT_QUALITY -+ depends on BOOTSPLASH_CONVERT -+ default 70 -+ -+config BOOTSPLASH_CONVERT_RESOLUTION -+ depends on BOOTSPLASH_CONVERT_RESIZE -+ default "1024x768" -+ - config CBFS_SIZE - default ROM_SIZE - From a1c13ff13224fae4e367270b2b6c1069facd584f Mon Sep 17 00:00:00 2001 From: Markus Meissner Date: Mon, 18 Dec 2023 22:29:15 +0100 Subject: [PATCH 2/3] nitropad-nx: fix EC-based poweroff/reboot Signed-off-by: Markus Meissner --- initrd/bin/poweroff | 2 +- initrd/bin/reboot | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/initrd/bin/poweroff b/initrd/bin/poweroff index 9e97d95c7..a27da23b8 100755 --- a/initrd/bin/poweroff +++ b/initrd/bin/poweroff @@ -9,7 +9,7 @@ if [ "$CONFIG_TPM" = "y" ]; then fi # Run special EC-based poweroff for Nitropad-Nxx -if [ "${CONFIG_BOARD%_*}" = nitropad-nv41 || "${CONFIG_BOARD%_*}" = nitropad-ns51 ]; then +if [ "$CONFIG_BOARD" = "nitropad-nv41" ] || [ "$CONFIG_BOARD" = "nitropad-ns50" ]; then /bin/nitropad-shutdown.sh fi diff --git a/initrd/bin/reboot b/initrd/bin/reboot index eb63f253a..26255f12c 100755 --- a/initrd/bin/reboot +++ b/initrd/bin/reboot @@ -18,7 +18,7 @@ if [ "$CONFIG_TPM" = "y" ]; then fi # Run special EC-based poweroff for Nitropad-Nxx -if [ "${CONFIG_BOARD%_*}" = nitropad-nv41 ] || [ "${CONFIG_BOARD%_*}" = nitropad-ns51 ]; then +if [ "$CONFIG_BOARD" = "nitropad-nv41" ] || [ "$CONFIG_BOARD" = "nitropad-ns50" ]; then /bin/nitropad-shutdown.sh fi From 5e43bcd2f4db917598968db1a13ec93ac790392d Mon Sep 17 00:00:00 2001 From: Markus Meissner Date: Wed, 20 Dec 2023 11:58:09 +0100 Subject: [PATCH 3/3] hotp-verification: adapt to nk3 v1.6 security model * overwriting a hotp secret is not possible anymore * make sure to delete the hotp secret before setting a new one * requires one additional user presence check during HOTP setup * bump to v1.5 Signed-off-by: Markus Meissner --- modules/hotp-verification | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/hotp-verification b/modules/hotp-verification index 97fd3557c..6085a7680 100644 --- a/modules/hotp-verification +++ b/modules/hotp-verification @@ -2,12 +2,12 @@ modules-$(CONFIG_HOTPKEY) += hotp-verification hotp-verification_depends := libusb $(musl_dep) -# v1.4 -hotp-verification_version := b69bb20119d3cea5ec5c13d11b213dd80dfd8334 +# v1.5 +hotp-verification_version := 70c04f51387eee8f777e943ba83b6405764a3cd2 hotp-verification_dir := hotp-verification-$(hotp-verification_version) hotp-verification_tar := nitrokey-hotp-verification-$(hotp-verification_version).tar.gz hotp-verification_url := https://github.com/Nitrokey/nitrokey-hotp-verification/archive/$(hotp-verification_version).tar.gz -hotp-verification_hash := ee6bcb7fc48bd5e7c290b2b344ce50713f4199425b1a6b324d0b27c80257241d +hotp-verification_hash := 5244b6b514117f955a03be2363fd51567a125cb8dc904d1bd89351be27eb8bb3 hotp-verification_target := \ $(MAKE_JOBS) \