Nitrokey:up-pr-nitropads-nx + circleci config fix + Makefile fix

.circleci/config.yml

@@ -215,23 +215,31 @@ workflows:
 # version. The last board in the sequence is the dependency
 # for the parallel boards built at the end, and also save_cache.
 
-      # Coreboot 4.19
+      # coreboot 4.19
       - build_and_persist:
           name: x230-hotp-maximized
           target: x230-hotp-maximized
           subcommand: ""
           requires:
             - prep_env
 
-      # Coreboot 4.17
+      # coreboot-git librems
       - build_and_persist:
           name: librem_14
           target: librem_14
           subcommand: ""
           requires:
             - x230-hotp-maximized
 
-      # Coreboot for Talos (PPC)
+      # coreboot-git Nitropads on top of coreboot-git librems
+      - build_and_persist:
+          name: nitropad-nv41
+          target: nitropad-nv41
+          subcommand: ""
+          requires:
+            - librem_14
+
+      # coreboot-git Talos II (PPC)
       - build_and_persist:
           name: talos-2
           arch: ppc64
@@ -243,10 +251,9 @@ workflows:
       #Cache one workspace per architecture. Make sure workspace caches are chainloaded and the last in chain for an arch is saved.
       - save_cache:
           requires:
-            - librem_14
             - talos-2
+            - nitropad-nv41
 
-#
 #
 # Those onboarding new boards should add their entries below.
 #
@@ -498,7 +505,7 @@ workflows:
           requires:
             - x230-hotp-maximized
 
-#Coreboot 4.17 boards
+#coreboot-git librem boards
       - build:
           name: librem_13v2
           target: librem_13v2
@@ -541,6 +548,14 @@ workflows:
           requires:
             - librem_14
 
+#coreboot-git Nitrokey NV
+      - build:
+          name: nitropad-ns50
+          target: nitropad-ns50
+          subcommand: ""
+          requires:
+            - nitropad-nv41
+
 #      - build:
 #          name: UNTESTED_kgpe-d16_workstation-usb_keyboard
 #          target: UNTESTED_kgpe-d16_workstation-usb_keyboard

Makefile

@@ -302,11 +302,17 @@ define define_module =
 		echo -n '$($1_repo)|$($1_commit_hash)' > "$$@"; \
 	elif [ "$$$$(cat "$$@")" != '$($1_repo)|$($1_commit_hash)' ]; then \
 		echo "Switching $1 to $($1_repo) at $($1_commit_hash)" && \
-		git -C "$(build)/$($1_base_dir)" fetch $($1_repo) $($1_commit_hash) && \
+		git -C "$(build)/$($1_base_dir)" reset --hard HEAD^ && \
+		echo "git fetch $($1_repo) $($1_commit_hash) --recurse-submodules=no" && \
+		git -C "$(build)/$($1_base_dir)" fetch $($1_repo) $($1_commit_hash) --recurse-submodules=no && \
+		echo "git reset --hard $($1_commit_hash)" && \
 		git -C "$(build)/$($1_base_dir)" reset --hard $($1_commit_hash) && \
+		echo "git clean" && \
 		git -C "$(build)/$($1_base_dir)" clean -df && \
 		git -C "$(build)/$($1_base_dir)" clean -dffx payloads util/cbmem && \
+		echo "git submodule sync" && \
 		git -C "$(build)/$($1_base_dir)" submodule sync && \
+		echo "git submodule update" && \
 		git -C "$(build)/$($1_base_dir)" submodule update --init --checkout && \
 		echo -n '$($1_repo)|$($1_commit_hash)' > "$$@"; \
 	fi
@@ -519,6 +525,7 @@ bin_modules-$(CONFIG_POWERPC_UTILS) += powerpc-utils
 bin_modules-$(CONFIG_IO386) += io386
 bin_modules-$(CONFIG_IOPORT) += ioport
 bin_modules-$(CONFIG_ZSTD) += zstd
+bin_modules-$(CONFIG_IOTOOLS) += iotools
 
 $(foreach m, $(bin_modules-y), \
 	$(call map,initrd_bin_add,$(call bins,$m)) \

boards/nitropad-ns50/nitropad-ns50.config

@@ -0,0 +1,57 @@
+# Nitrokey Nitropad NS51 board configuration
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=nitrokey
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-nitropad-ns50.config
+CONFIG_LINUX_CONFIG=config/linux-nitropad-x.config
+
+CONFIG_NITROKEY_BLOBS=y
+
+CONFIG_KEXEC=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+CONFIG_POPT=y
+CONFIG_FLASHTOOLS=y
+CONFIG_FLASHROM=y
+CONFIG_PCIUTILS=y
+CONFIG_UTIL_LINUX=y
+CONFIG_CRYPTSETUP2=y
+CONFIG_GPG2=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+
+CONFIG_IOTOOLS=y
+
+CONFIG_DROPBEAR=y
+
+CONFIG_MSRTOOLS=y
+CONFIG_HOTPKEY=y
+
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+CONFIG_LINUX_USB=y
+
+CONFIG_LINUX_E1000=y
+
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
+
+export CONFIG_GPG_DEFAULT_ALGO=p256
+
+# TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+
+export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
+
+export CONFIG_BOOT_DEV="/dev/nvme0n1"
+export CONFIG_BOARD_NAME="Nitropad NS50"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+

boards/nitropad-nv41/nitropad-nv41.config

@@ -0,0 +1,57 @@
+# Nitrokey Nitropad NV41 board configuration
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=nitrokey
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-nitropad-nv41.config
+CONFIG_LINUX_CONFIG=config/linux-nitropad-x.config
+
+CONFIG_NITROKEY_BLOBS=y
+
+CONFIG_KEXEC=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+CONFIG_POPT=y
+CONFIG_FLASHTOOLS=y
+CONFIG_FLASHROM=y
+CONFIG_PCIUTILS=y
+CONFIG_UTIL_LINUX=y
+CONFIG_CRYPTSETUP2=y
+CONFIG_GPG2=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+
+CONFIG_IOTOOLS=y
+
+CONFIG_DROPBEAR=y
+
+CONFIG_MSRTOOLS=y
+CONFIG_HOTPKEY=y
+
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+CONFIG_LINUX_USB=y
+
+CONFIG_LINUX_E1000=y
+
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
+
+export CONFIG_GPG_DEFAULT_ALGO=p256
+
+# TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+
+export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
+
+export CONFIG_BOOT_DEV="/dev/nvme0n1"
+export CONFIG_BOARD_NAME="Nitropad NV41"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+