Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

ROM image builds are not reproducible #1

Closed
osresearch opened this issue Aug 3, 2016 · 1 comment
Closed

ROM image builds are not reproducible #1

osresearch opened this issue Aug 3, 2016 · 1 comment
Milestone
reproduciblebuilds

Comments

@osresearch
Copy link
Collaborator

osresearch commented Aug 3, 2016
edited
Loading

The various pieces are not reproducible in their builds.
@osresearch osresearch added this to the reproduciblebuilds milestone Aug 3, 2016
@osresearch osresearch changed the title Builds are not reproducible ROM image builds are not reproducible Aug 3, 2016
osresearch pushed a commit that referenced this issue Nov 29, 2016
Merge pull request #1 from osresearch/master
c51a73a 
check PGP signatures on xen, kernel and initrd (partial fix for #43)
osresearch added a commit that referenced this issue Dec 28, 2016
@osresearch
Download and build almost all dependencies.
5fd9878 
As part of issue #1, we should build all libraries and programs that we
deploy into the Heads initrd.  This modifies the module configurations
for all of them to install into heads/install so that we can build
against them.

Add dmsetup, cryptsetup and veritysetup (issue #46).

Build gpgv 1.4 as a standalone tool (issue #23).

Modify populate-lib to use the install directory by setting
LD_LIBRARY_PATH (issue #35).
osresearch added a commit that referenced this issue Jan 28, 2017
@osresearch
Make modules not depend on build path (issue #1).
1411dff 
Use --prefix="" to ensure that no destination paths are in libraries.

Use -fdebug-prefix-map to rewrite build path so that it does not
appear in the executables.

Use -gno-record-gcc-switches to ensure that the -fdebug-prefix-map
does not appear in the executables.
@osresearch
Copy link
Collaborator Author

osresearch commented Jan 29, 2017
edited
Loading

Ubuntu and Qubes build identical qemu.rom and x230.rom from a clean checkout!

@tlaurion tlaurion mentioned this issue Jan 27, 2018
Closed
osresearch pushed a commit that referenced this issue Feb 26, 2018
@kylerankin
Merge pull request #1 from persmule/clean_up_init
3211ce7 
fix the broken if syntax
@JeffreyAbbinante JeffreyAbbinante mentioned this issue Dec 27, 2018
Closed
@kylerankin kylerankin mentioned this issue Aug 30, 2019
Closed
@tlaurion tlaurion mentioned this issue Dec 12, 2019
Merged
@EDmitry EDmitry mentioned this issue Jan 1, 2020
Closed
@alexmaloteaux alexmaloteaux mentioned this issue Nov 8, 2020
Closed
@Thrilleratplay Thrilleratplay mentioned this issue Nov 13, 2020
Closed
@icequbes1 icequbes1 mentioned this issue Dec 8, 2021
Closed
@aluciani aluciani mentioned this issue Apr 4, 2023
Closed
15 tasks
gaspar-ilom pushed a commit to gaspar-ilom/heads that referenced this issue Feb 13, 2025
@tlaurion
patches/coreboot-t480/85278-post-skylake-pr0.patch: add unmerged upst…
7f673d4 
…ream PR0 patchset https://review.coreboot.org/c/coreboot/+/85278

Repro:
git fetch https://review.coreboot.org/coreboot refs/changes/78/85278/3 && git format-patch -1 --stdout FETCH_HEAD > patches/coreboot-t480/85278-post-skylake-pr0.patch

Unfortunately
Applying patch file : patches/coreboot-t480/85278-post-skylake-pr0.patch
Checking patch build/x86/coreboot-t480/src/soc/intel/alderlake/finalize.c...
Checking patch build/x86/coreboot-t480/src/soc/intel/cannonlake/finalize.c...
Checking patch build/x86/coreboot-t480/src/soc/intel/common/block/lpc/Makefile.mk...
Checking patch build/x86/coreboot-t480/src/soc/intel/common/block/smm/smihandler.c...
Checking patch build/x86/coreboot-t480/src/soc/intel/common/pch/include/intelpch/lockdown.h...
Checking patch build/x86/coreboot-t480/src/soc/intel/common/pch/lockdown/Kconfig...
Checking patch build/x86/coreboot-t480/src/soc/intel/common/pch/lockdown/Makefile.mk...
Checking patch build/x86/coreboot-t480/src/soc/intel/common/pch/lockdown/lockdown.c...
Checking patch build/x86/coreboot-t480/src/soc/intel/common/pch/lockdown/lockdown_lpc.c...
Checking patch build/x86/coreboot-t480/src/soc/intel/common/pch/lockdown/lockdown_spi.c...
Checking patch build/x86/coreboot-t480/src/soc/intel/denverton_ns/lpc.c...
Checking patch build/x86/coreboot-t480/src/soc/intel/elkhartlake/finalize.c...
Checking patch build/x86/coreboot-t480/src/soc/intel/jasperlake/finalize.c...
Checking patch build/x86/coreboot-t480/src/soc/intel/meteorlake/finalize.c...
Checking patch build/x86/coreboot-t480/src/soc/intel/pantherlake/finalize.c...
Checking patch build/x86/coreboot-t480/src/soc/intel/skylake/finalize.c...
Checking patch build/x86/coreboot-t480/src/soc/intel/tigerlake/finalize.c...
Checking patch build/x86/coreboot-t480/src/soc/intel/xeon_sp/finalize.c...
Checking patch build/x86/coreboot-t480/src/soc/intel/xeon_sp/lockdown.c...
error: while searching for:

static void lpc_lockdown_config(void)
{
	/* Set BIOS Interface Lock, BIOS Lock */
	lpc_set_bios_interface_lock_down();

	/* Only allow writes in SMM */
	if (CONFIG(BOOTMEDIA_SMM_BWP)) {
		lpc_set_eiss();
		lpc_enable_wp();
	}
	lpc_set_lock_enable();
}

void soc_lockdown_config(int chipset_lockdown)
{
	if (chipset_lockdown == CHIPSET_LOCKDOWN_FSP)
		return;

	lpc_lockdown_config();
	pmc_lockdown_config();
	sata_lockdown_config(chipset_lockdown);
	spi_lockdown_config(chipset_lockdown);

error: patch failed: build/x86/coreboot-t480/src/soc/intel/xeon_sp/lockdown.c:6
Applied patch build/x86/coreboot-t480/src/soc/intel/alderlake/finalize.c cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/cannonlake/finalize.c cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/common/block/lpc/Makefile.mk cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/common/block/smm/smihandler.c cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/common/pch/include/intelpch/lockdown.h cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/common/pch/lockdown/Kconfig cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/common/pch/lockdown/Makefile.mk cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/common/pch/lockdown/lockdown.c cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/common/pch/lockdown/lockdown_lpc.c cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/common/pch/lockdown/lockdown_spi.c cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/denverton_ns/lpc.c cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/elkhartlake/finalize.c cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/jasperlake/finalize.c cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/meteorlake/finalize.c cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/pantherlake/finalize.c cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/skylake/finalize.c cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/tigerlake/finalize.c cleanly.
Applied patch build/x86/coreboot-t480/src/soc/intel/xeon_sp/finalize.c cleanly.
Applying patch build/x86/coreboot-t480/src/soc/intel/xeon_sp/lockdown.c with 1 reject...
Rejected hunk linuxboot#1.
make: *** [Makefile:570: /home/user/heads/build/x86/coreboot-t480/.canary] Error 1

Will have to edit patch

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
reproduciblebuilds
Development

No branches or pull requests
1 participant
@osresearch