Further optimization for space (-Os -> -Oz): musl-cross-make-> bump to gcc 15.1.0 & related changes

Makefile

@@ -65,6 +65,11 @@ $(info **LOADAVG** (default: 1.5 times CPUS, e.g., 'make LOADAVG=54'))
 $(info **AVAILABLE_MEM_GB** (default: memory available on the system in GB, e.g., 'make AVAILABLE_MEM_GB=4'))
 $(info **MEM_PER_JOB_GB** (default: 1GB per job, e.g., 'make MEM_PER_JOB_GB=2'))
 $(info ----------------------------------------------------------------------)
+ifeq "$(V)" ""
+$(info Hint: If the build fails, re-run with V=1 for full configure + validation output)
+$(info Verbose example: ./docker_repro.sh make BOARD=$(BOARD) V=1)
+$(info ----------------------------------------------------------------------)
+endif
 $(info !!!!!! Build starts !!!!!!)
 
 
@@ -284,6 +289,34 @@ all payload:
 	@sha256sum $< | tee -a "$(HASHES)"
 	@stat -c "%8s:%n" $< | tee -a "$(SIZES)"
 
+# Validate coreboot CBFS size against IFD BIOS region
+validate_cbfs_ifd:
+ifneq ($(CONFIG_COREBOOT),)
+	@echo "Validating $(BOARD) CBFS size against IFD BIOS region..."
+	@$(pwd)/bin/validate_cbfs_ifd_fit.sh \
+		--coreboot-dir "$(build)/$(coreboot_dir)" \
+		--board-dir "$(build)/$(BOARD)" \
+		--config "$(pwd)/$(CONFIG_COREBOOT_CONFIG)" || exit 1
+	@echo "✓ CBFS configuration is valid"
+else
+	@echo "Board $(BOARD) does not use coreboot, skipping validation"
+endif
+
+# Auto-fix coreboot CBFS size to match IFD BIOS region
+fix_cbfs_ifd:
+ifneq ($(CONFIG_COREBOOT),)
+	@echo "Auto-fixing $(BOARD) CBFS size to match IFD BIOS region..."
+	@$(pwd)/bin/validate_cbfs_ifd_fit.sh \
+		--coreboot-dir "$(build)/$(coreboot_dir)" \
+		--board-dir "$(build)/$(BOARD)" \
+		--config "$(pwd)/$(CONFIG_COREBOOT_CONFIG)" \
+		--fix || exit 1
+	@echo ""
+	@echo "If CONFIG_CBFS_SIZE was adjusted, next build will use the new size."
+else
+	@echo "Board $(BOARD) does not use coreboot, nothing to fix"
+endif
+
 # Disable all built in rules
 .INTERMEDIATE:
 .SUFFIXES:
@@ -649,21 +682,21 @@ endef
 define initrd_bin_add =
 $(initrd_bin_dir)/$(notdir $1): $1
 	$(call do,INSTALL-BIN,$$(<:$(pwd)/%=%),cp -a --remove-destination "$$<" "$$@")
-	@$(CROSS)strip --preserve-dates "$$@" 2>&-; true
+	@$(CROSS)strip --preserve-dates --strip-all "$$@" 2>&-; true
 initrd_bins += $(initrd_bin_dir)/$(notdir $1)
 endef
 
 define initrd_lib_add =
 $(initrd_lib_dir)/$(notdir $1): $1
 	$(call do,INSTALL-LIB,$(1:$(pwd)/%=%),\
-		$(CROSS)strip --preserve-dates -o "$$@" "$$<")
+		$(CROSS)strip --preserve-dates --strip-all -o "$$@" "$$<")
 initrd_libs += $(initrd_lib_dir)/$(notdir $1)
 endef
 
 # Only some modules have binaries that we install
 # Shouldn't this be specified in the module file?
 #bin_modules-$(CONFIG_MUSL) += musl-cross-make
-bin_modules-$(CONFIG_KEXEC) += kexec
+bin_modules-$(CONFIG_KEXEC) += kexec-tools
 bin_modules-$(CONFIG_TPMTOTP) += tpmtotp
 bin_modules-$(CONFIG_PCIUTILS) += pciutils
 bin_modules-$(CONFIG_FLASHROM) += flashrom
@@ -712,6 +745,16 @@ $(foreach m, $(modules-y), \
 # this must be built *AFTER* musl, but since coreboot depends on other things
 # that depend on musl it should be ok.
 #
+# TODO_GCC_15_COREBOOT_CBMEM: GCC 15.1.0 compatibility fix for coreboot cbmem utility
+# The coreboot cbmem utility uses -Werror and GCC 15.1.0 generates new warnings 
+# about string initialization that weren't present in earlier versions.
+# Added -Wno-unterminated-string-initialization to suppress these warnings.
+# This should be moved to a proper coreboot module configuration when 
+# modules/coreboot is refactored to use standard module variables like other modules.
+# See: error "initializer-string for array of 'char' truncates NUL terminator"
+# Related modules: modules/coreboot (needs _configure and _target variables)
+# Alternative: Move this to use heads_cc extension or per-module CC override pattern
+#
 COREBOOT_UTIL_DIR=$(build)/$(coreboot_base_dir)/util
 ifeq ($(CONFIG_COREBOOT),y)
 $(eval $(call initrd_bin_add,$(COREBOOT_UTIL_DIR)/cbmem/cbmem))
@@ -725,6 +768,7 @@ $(COREBOOT_UTIL_DIR)/inteltool/inteltool \
 : $(build)/$(coreboot_base_dir)/.canary musl-cross-make
 	+$(call do,MAKE,$(notdir $@),\
 		$(MAKE) -C "$(dir $@)" $(CROSS_TOOLS) \
+			CC="$(heads_cc) -Wno-unterminated-string-initialization" \
 	)
 
 # superio depends on zlib and pciutils
@@ -898,11 +942,26 @@ modules.clean:
 # PUBKEY_ASC.
 inject_gpg: $(board_build)/$(CB_OUTPUT_FILE_GPG_INJ)
 
-$(board_build)/$(CB_OUTPUT_BASENAME)-gpg-injected.rom: $(board_build)/$(CB_OUTPUT_FILE)
-	cp "$(board_build)/$(CB_OUTPUT_FILE)" \
-		"$(board_build)/$(CB_OUTPUT_FILE_GPG_INJ)"
-	./bin/inject_gpg_key.sh --cbfstool "$(build)/$(coreboot_dir)/cbfstool" \
-		"$(board_build)/$(CB_OUTPUT_FILE_GPG_INJ)" "$(PUBKEY_ASC)"
+$(board_build)/$(CB_OUTPUT_BASENAME)-gpg-injected.rom: $(board_build)/$(CB_OUTPUT_FILE) $(PUBKEY_ASC)
+	@set -e; \
+	src="$(board_build)/$(CB_OUTPUT_FILE)"; \
+	tgt="$(board_build)/$(CB_OUTPUT_FILE_GPG_INJ)"; \
+	key="$(PUBKEY_ASC)"; \
+	meta="$(board_build)/$(CB_OUTPUT_FILE_GPG_INJ).meta"; \
+	if [ -f "$$tgt" ] && [ -f "$$meta" ]; then \
+		. "$$meta" 2>/dev/null || true; \
+		src_sum=$$(sha256sum "$$src" | awk '{print $$1}'); \
+		key_sum=$$(sha256sum "$$key" | awk '{print $$1}'); \
+		if [ "$$src_sum" = "$$SRC_SHA256" ] && [ "$$key_sum" = "$$KEY_SHA256" ]; then \
+			echo "GPG injection up-to-date; skipping"; \
+			exit 0; \
+		fi; \
+	fi; \
+	cp "$$src" "$$tgt"; \
+	./bin/inject_gpg_key.sh --cbfstool "$(build)/$(coreboot_dir)/cbfstool" "$$tgt" "$$key"; \
+	SRC_SHA256=$$(sha256sum "$$src" | awk '{print $$1}'); \
+	KEY_SHA256=$$(sha256sum "$$key" | awk '{print $$1}'); \
+	printf 'SRC_SHA256=%s\nKEY_SHA256=%s\n' "$$SRC_SHA256" "$$KEY_SHA256" > "$$meta"