cleanup initrd, improve population of lib directories, remove some extra drivers, add notes on /dev

Author: osresearch

Makefile

@@ -1,5 +1,7 @@
 all: coreboot
 
+force:
+	-rm $(linux_dir)/arch/x86/boot/bzImage
 
 kexec_version := 2.0.12
 kexec_dir := kexec-tools-$(kexec_version)
@@ -27,7 +29,7 @@ busybox_url := https://busybox.net/downloads/$(busybox_tar)
 busybox_hash := 5a0fe06885ee1b805fb459ab6aaa023fe4f2eccee4fb8c0fd9a6c17c0daca2fc
 busybox_config := config/busybox.config
 
-busybox: $(busybox_dir) $(busybox_dir)/.config
+$(busybox_dir)/busybox: $(busybox_dir) $(busybox_dir)/.config
 	make -C "$(busybox_dir)" -j 8
 
 $(busybox_dir): $(busybox_tar)
@@ -57,7 +59,14 @@ $(linux_dir)/.config: $(linux_config)
 	cp "$<" "$@"
 	make -C "$(linux_dir)" oldconfig
 
-$(linux_dir)/arch/x86/boot/bzImage: $(linux_dir) $(linux_dir)/.config
+bzImage: $(linux_dir)/arch/x86/boot/bzImage
+
+$(linux_dir)/arch/x86/boot/bzImage: \
+	$(linux_dir) \
+	$(linux_dir)/.config \
+	initrd/bin/busybox \
+	initrd/libs \
+
 	make -C "$(linux_dir)" bzImage
 	ls -Fla "$@"
 
@@ -81,6 +90,13 @@ $(coreboot_dir)/util/crossgcc/xgcc/bin/iasl:
 $(coreboot_dir)/bzImage: $(linux_dir)/arch/x86/boot/bzImage
 	cp "$<" "$@"
 
+initrd.img:
+	( \
+		cd initrd && \
+		find . \
+		| cpio --quiet -H newc -o \
+	) | xz -9 > "$@"
+
 # initrd image is now included by the Linux kernel build process
 initrd: \
 	initrd/bin/busybox \
@@ -101,12 +117,7 @@ INITRD_LIBS += \
 	libdl.so.2 \
 
 initrd/libs:
-	-mkdir -p initrd/lib/x86_64-linux-gnu
-	-mkdir -p initrd/lib64
-	cp /lib64/ld-linux-x86-64.so.2 initrd/lib64/
-	for lib in $(INITRD_LIBS); do \
-		cp "/lib/x86_64-linux-gnu/$$lib" initrd/lib/x86_64-linux-gnu/; \
-	done
+	./populate-lib ./initrd/lib/x86_64-linux-gnu/ initrd/bin/* initrd/sbin/*
 
 
 $(coreboot_tar):
@@ -134,7 +145,6 @@ $(coreboot_dir)/build/coreboot.rom: \
 	$(coreboot_dir)/.config \
 	$(coreboot_dir)/util/crossgcc/xgcc/bin/iasl \
 	$(coreboot_dir)/bzImage \
-	$(coreboot_dir)/initrd.img \
 	$(coreboot-blobs_canary) \
 
 	make -C "$(coreboot_dir)"

README.md

@@ -21,3 +21,12 @@ Components:
 * kexec
 * tpmtotp
 * QubesOS (Xen)
+
+---
+
+Notes:
+
+`initrd/dev/` must be populated with a few entries for things to work.
+At the least I've found that you need `console`, `mem`, `null`,
+`tty`, `tty0`, and `ttyS0`.
+

config/busybox.config

@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
-# Busybox version: 1.26.0.git
-# Sun Jul 24 22:29:47 2016
+# Busybox version: 1.25.0
+# Wed Jul 27 23:30:27 2016
 #
 CONFIG_HAVE_DOT_CONFIG=y
 
@@ -25,7 +25,7 @@ CONFIG_FEATURE_VERBOSE_USAGE=y
 CONFIG_FEATURE_COMPRESS_USAGE=y
 CONFIG_BUSYBOX=y
 # CONFIG_FEATURE_INSTALLER is not set
-# CONFIG_INSTALL_NO_USR is not set
+CONFIG_INSTALL_NO_USR=y
 # CONFIG_LOCALE_SUPPORT is not set
 CONFIG_UNICODE_SUPPORT=y
 # CONFIG_UNICODE_USING_LOCALE is not set
@@ -354,14 +354,18 @@ CONFIG_FEATURE_MD5_SHA1_SUM_CHECK=y
 # CONFIG_FEATURE_RESIZE_PRINT is not set
 # CONFIG_SETCONSOLE is not set
 # CONFIG_FEATURE_SETCONSOLE_LONG_OPTIONS is not set
-# CONFIG_SETFONT is not set
-# CONFIG_FEATURE_SETFONT_TEXTUAL_MAP is not set
+CONFIG_SETFONT=y
+CONFIG_FEATURE_SETFONT_TEXTUAL_MAP=y
 CONFIG_DEFAULT_SETFONT_DIR=""
 # CONFIG_SETKEYCODES is not set
 # CONFIG_SETLOGCONS is not set
 # CONFIG_SHOWKEY is not set
-# CONFIG_FEATURE_LOADFONT_PSF2 is not set
-# CONFIG_FEATURE_LOADFONT_RAW is not set
+
+#
+# Common options for loadfont and setfont
+#
+CONFIG_FEATURE_LOADFONT_PSF2=y
+CONFIG_FEATURE_LOADFONT_RAW=y
 
 #
 # Debian Utilities

config/coreboot.config

@@ -290,8 +290,8 @@ CONFIG_MAX_PIRQ_LINKS=4
 # CONFIG_SOUTHBRIDGE_AMD_CIMX_SB900 is not set
 CONFIG_SOUTHBRIDGE_INTEL_C216=y
 CONFIG_SOUTH_BRIDGE_OPTIONS=y
-CONFIG_LOCK_SPI_ON_RESUME_NONE=y
-# CONFIG_LOCK_SPI_ON_RESUME_RO is not set
+# CONFIG_LOCK_SPI_ON_RESUME_NONE is not set
+CONFIG_LOCK_SPI_ON_RESUME_RO=y
 # CONFIG_LOCK_SPI_ON_RESUME_NO_ACCESS is not set
 CONFIG_SOUTHBRIDGE_INTEL_COMMON=y
 CONFIG_SOUTHBRIDGE_INTEL_COMMON_GPIO=y

config/linux.config

@@ -138,7 +138,7 @@ CONFIG_ARCH_SUPPORTS_INT128=y
 # CONFIG_SYSFS_DEPRECATED is not set
 # CONFIG_RELAY is not set
 CONFIG_BLK_DEV_INITRD=y
-CONFIG_INITRAMFS_SOURCE="../initrd/"
+CONFIG_INITRAMFS_SOURCE="../initrd"
 CONFIG_INITRAMFS_ROOT_UID=0
 CONFIG_INITRAMFS_ROOT_GID=0
 # CONFIG_RD_GZIP is not set
@@ -833,10 +833,10 @@ CONFIG_DM_VERITY_FEC=y
 # Input device support
 #
 CONFIG_INPUT=y
-CONFIG_INPUT_FF_MEMLESS=m
-CONFIG_INPUT_POLLDEV=m
+# CONFIG_INPUT_FF_MEMLESS is not set
+# CONFIG_INPUT_POLLDEV is not set
 # CONFIG_INPUT_SPARSEKMAP is not set
-CONFIG_INPUT_MATRIXKMAP=m
+# CONFIG_INPUT_MATRIXKMAP is not set
 
 #
 # Userland interfaces
@@ -850,23 +850,23 @@ CONFIG_INPUT_MATRIXKMAP=m
 # Input Device Drivers
 #
 CONFIG_INPUT_KEYBOARD=y
-CONFIG_KEYBOARD_ADP5588=m
-CONFIG_KEYBOARD_ADP5589=m
+# CONFIG_KEYBOARD_ADP5588 is not set
+# CONFIG_KEYBOARD_ADP5589 is not set
 CONFIG_KEYBOARD_ATKBD=y
-CONFIG_KEYBOARD_QT1070=m
-CONFIG_KEYBOARD_QT2160=m
-CONFIG_KEYBOARD_LKKBD=m
-CONFIG_KEYBOARD_TCA6416=m
-CONFIG_KEYBOARD_TCA8418=m
-CONFIG_KEYBOARD_LM8333=m
-CONFIG_KEYBOARD_MAX7359=m
-CONFIG_KEYBOARD_MCS=m
-CONFIG_KEYBOARD_MPR121=m
-CONFIG_KEYBOARD_NEWTON=m
-CONFIG_KEYBOARD_OPENCORES=m
-CONFIG_KEYBOARD_STOWAWAY=m
-CONFIG_KEYBOARD_SUNKBD=m
-CONFIG_KEYBOARD_XTKBD=m
+# CONFIG_KEYBOARD_QT1070 is not set
+# CONFIG_KEYBOARD_QT2160 is not set
+# CONFIG_KEYBOARD_LKKBD is not set
+# CONFIG_KEYBOARD_TCA6416 is not set
+# CONFIG_KEYBOARD_TCA8418 is not set
+# CONFIG_KEYBOARD_LM8333 is not set
+# CONFIG_KEYBOARD_MAX7359 is not set
+# CONFIG_KEYBOARD_MCS is not set
+# CONFIG_KEYBOARD_MPR121 is not set
+# CONFIG_KEYBOARD_NEWTON is not set
+# CONFIG_KEYBOARD_OPENCORES is not set
+# CONFIG_KEYBOARD_STOWAWAY is not set
+# CONFIG_KEYBOARD_SUNKBD is not set
+# CONFIG_KEYBOARD_XTKBD is not set
 # CONFIG_INPUT_MOUSE is not set
 # CONFIG_INPUT_JOYSTICK is not set
 # CONFIG_INPUT_TABLET is not set
@@ -880,7 +880,7 @@ CONFIG_KEYBOARD_XTKBD=m
 CONFIG_SERIO=y
 CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y
 CONFIG_SERIO_I8042=y
-CONFIG_SERIO_SERPORT=m
+# CONFIG_SERIO_SERPORT is not set
 # CONFIG_SERIO_CT82C710 is not set
 # CONFIG_SERIO_PCIPS2 is not set
 CONFIG_SERIO_LIBPS2=y
@@ -956,11 +956,11 @@ CONFIG_HW_RANDOM_TPM=m
 # CONFIG_HANGCHECK_TIMER is not set
 CONFIG_TCG_TPM=y
 CONFIG_TCG_TIS=y
-CONFIG_TCG_TIS_I2C_ATMEL=m
-CONFIG_TCG_TIS_I2C_INFINEON=m
-CONFIG_TCG_TIS_I2C_NUVOTON=m
-CONFIG_TCG_NSC=m
-CONFIG_TCG_ATMEL=m
+# CONFIG_TCG_TIS_I2C_ATMEL is not set
+# CONFIG_TCG_TIS_I2C_INFINEON is not set
+# CONFIG_TCG_TIS_I2C_NUVOTON is not set
+# CONFIG_TCG_NSC is not set
+# CONFIG_TCG_ATMEL is not set
 # CONFIG_TCG_INFINEON is not set
 # CONFIG_TCG_CRB is not set
 # CONFIG_TELCLOCK is not set

initrd/init

@@ -1,11 +1,26 @@
 #!/bin/ash
-echo "Hello coreboot initrd"
+echo '====================================================='
+echo ' _   _                _           ____   ___  __  __ '
+echo '| | | | ___  __ _  __| |___   _  |  _ \ / _ \|  \/  |'
+echo '| |_| |/ _ \/ _` |/ _` / __| (_) | |_) | | | | |\/| |'
+echo '|  _  |  __/ (_| | (_| \__ \  _  |  _ <| |_| | |  | |'
+echo '|_| |_|\___|\__,_|\__,_|___/ (_) |_| \_\\___/|_|  |_|'
+echo ''
+echo '====================================================='
 
 # Mount the system directories
-mkdir /proc /sys /dev /tmp /boot
+mkdir /proc /sys /dev /tmp /boot 2>/dev/null
+
 mount -t proc none /proc
 mount -t sysfs none /sys
 mount -t devtmpfs none /dev
 
+## Ensure that we load libraries from our directory
+#export LD_LIBRARY_PATH=/lib64
+
 # Start an interactive shell
+echo "Run './start-xen' to load the hypervisor"
+echo "Run 'kexec -e' to boot it"
+echo
+
 exec /bin/ash

initrd/lib64/ld-linux-x86-64.so.2

@@ -0,0 +1 @@
+../lib/x86_64-linux-gnu/ld-linux-x86-64.so.2

initrd/start-xen

@@ -6,4 +6,4 @@ exec kexec \
 	--module "/boot/vmlinuz-4.1.13-9.pvops.qubes.x86_64 placeholder root=/dev/mapper/qubes_dom0-root ro i915.preliminary_hw_support=1 rd.lvm.lv=qubes_dom0/root rd.luks.uuid=luks-0f662ac6-2939-48fe-bc95-f5a7e3d6fefb vconsole.font=latarcyrheb-sun16 rd.lvm.lv=qubes_dom0/swap rhgb" \
 	--module "/boot/initramfs-4.1.13-9.pvops.qubes.x86_64.img" \
 	--command-line "console=vga dom0_mem=min:1024M dom0_mem=max:4096M" \
-	/xen-4.6.3.gz
+	/boot/xen-4.6.3.gz

populate-lib

@@ -0,0 +1,63 @@
+#!/usr/bin/perl
+# Find all libraries for the executables
+#
+use warnings;
+use strict;
+use Data::Dumper;
+use File::Copy;
+use File::Basename;
+
+my $dest = shift
+	or die "Usage: $0 dest-dir [programs...]\n";
+
+my %libraries;
+
+for my $file (@ARGV)
+{
+	my @libs = `ldd "$file"`;
+	for (@libs)
+	{
+		if (/ => ([^ ]+)/)
+		{
+			# Normal library
+			$libraries{$1}++;
+		}
+		elsif (/^\s+([^ ]+) \(/)
+		{
+			# Dynamic linker
+			$libraries{$1}++;
+		}
+	}
+}
+
+print Dumper(\%libraries);
+
+unless( -d $dest )
+{
+	system("mkdir", "-p", $dest)
+		and die "$dest: Unable to make directory: $!\n";
+}
+
+my $size = 0;
+
+for my $lib (keys %libraries)
+{
+	$size += -s $lib;
+	my $libname = basename $lib;
+#	my $dirname = dirname "$dest/$lib";
+#
+#	unless( -d $dirname )
+#	{
+#		system("mkdir", "-p", $dirname)
+#			and die "$dirname: Unable to make directory: $!\n";
+#	}
+
+	copy $lib, "$dest/$libname"
+		or die "$lib: Unable to copy: $!\n";
+
+	# make them executable because otherwise chroot barfs
+	system("chmod", "+x", "$dest/$libname");
+}
+
+print "Total size $size\n";
+__END__