4.22.01 fhd patch merged upstream (4.24) + bump all 4.19 boards to 4.22.01

[tlaurion]

Revisiting 4.22 coreboot bump with fhd patch (superseeds and replaces #1524), Might fix #1603)

- patches/coreboot-4.22.01/0001-x230-fhd-variant.patch created per
  - git fetch https://review.coreboot.org/coreboot refs/changes/50/28950/27 && git format-patch -1 --stdout FETCH_HEAD > ~/heads/patches/coreboot-4.22.01/0001-x230-fhd-variant.patch
- all boards configs bumped with:
  - sed 's/4.19/4.22.01/g' boards/*/*.config -i
  - grep -Rn 4.22 boards/ | awk -F "/" {'print $2'}| while read line; do make BOARD=$line coreboot.save_in_oldconfig_format_in_place ; done
  - sed 's/4.19/4.22.01/g' .circleci/config.yml -i
- CircleCI caches updated
- modules/coreboot: remove 4.19 references
- All 4.19 boards switched to TCG event log format which segfaults `cbmem -L` https://github.com/linuxboot/heads/issues/1608#issuecomment-1953036042
  - Note that Purism boards already switched to TCG format where https://github.com/linuxboot/heads/pull/1609 doesn't fix anything (coreboot custom event log format is broken since 4.21
    - **More details under https://github.com/linuxboot/heads/issues/1608 which isn't blocking this PR** 

Testing report at https://github.com/linuxboot/heads/pull/1604#issuecomment-1953128002

---

4.22 didn't include the patchset in time as https://github.com/linuxboot/heads/issues/1523 related. ~Hopefully this is the last time we pick a patchset. Please board owners, report your edp/fhd kit (PRECISELY) and passing/failing results under https://review.coreboot.org/c/coreboot/+/28950~ EDIT: https://review.coreboot.org/coreboot refs/changes/50/28950/27 was merged.

[tlaurion]

Testing https://output.circle-artifacts.com/output/job/921af8c2-40cd-4b91-886b-f48c99d8749e/artifacts/0/build/x86/x230-hotp-maximized/heads-x230-hotp-maximized-v0.2.0-2023-g1a6aacb.zip which passed to 4.22.

cbmem states Unknown TPM log specification. Something changed there...

[JonathonHall-Purism]

(realize it's WIP but took a quick look :slightly_smiling_face: ) Do any boards remain on 4.19 after this change? If not, IMO we should remove it from modules/coreboot.

[pcm720]

Works perfectly on eDP 4.0-modded X230 with 1440p display. "Unknown TPM log specification" doesn't prevent TPM from unlocking encrypted root partition.

[tlaurion]

Works perfectly on eDP 4.0-modded X230 with 1440p display. "Unknown TPM log specification" doesn't prevent TPM from unlocking encrypted root partition.

Cannot replicate with qemu-coreboot-whpitail-tpm1/tpm2 boards, this is weird.

[tlaurion]

Passing to tpm 1.2 event log format makes cbmem crash... Something has not followed upstream changes inside of cbmem?!?!

Another rabbit hole.

[JonathonHall-Purism]

@tlaurion I'm working on PureBoot 29 release candidates now (updating coreboot to 4.22.01 there as well) and I get something similar with cbmem -L, but I'm not sure it's exactly the same.

It does appear to show the TPM log correctly, but then it shows a huge garbage entry and crashes. Sealing still works because the correct part of the log is interpreted correctly by tpmr. It looks like cbmem is wandering off into uninitialized space following the TPM log (but haven't confirmed that).

Is that similar to what you see?

Next steps IMO would be to build cbmem in the host OS see if it's the same (see if it's specific to the Heads build/environment or not, since it would surprise me if it was doing this across the board upstream), then probably bisect coreboot and/or cbmem based on that result.

[tlaurion]

Checking at history of cbmem https://github.com/coreboot/coreboot/commits/7201602a18b63fc5236f025d22dc726637866cb6/util/cbmem/cbmem.c, it seems something went wrong either at https://github.com/coreboot/coreboot/commit/6da62684dee6b2df49fa1d51e74e14c181c9349e when supporting tpm1.2/tpm2.0 format or https://github.com/coreboot/coreboot/commit/fc2f304f062bc51cf51ad999caf13a6acc64a1b3 when attempting to standardize c99 arrays.

@tlaurion I'm working on PureBoot 29 release candidates now (updating coreboot to 4.22.01 there as well) and I get something similar with cbmem -L, but I'm not sure it's exactly the same.

On x230 I only get "Unknown TPM log specification:" (note the ':' and nothing else) at https://github.com/coreboot/coreboot/blob/fc2f304f062bc51cf51ad999caf13a6acc64a1b3/util/cbmem/cbmem.c#L1059-L1061

It does appear to show the TPM log correctly, but then it shows a huge garbage entry and crashes. Sealing still works because the correct part of the log is interpreted correctly by tpmr. It looks like cbmem is wandering off into uninitialized space following the TPM log (but haven't confirmed that).

Is that similar to what you see?

No. I get this when I switch the TPM log format to 1.2 though, not when using coreboot custom format that we currently use.

Next steps IMO would be to build cbmem in the host OS see if it's the same (see if it's specific to the Heads build/environment or not, since it would surprise me if it was doing this across the board upstream), then probably bisect coreboot and/or cbmem based on that result.

Well, TBH I'm not sure a lot of other use so much measured boot outside of Heads @JonathonHall-Purism ? This shows its not tested a lot, or as you said, since cbmem is built by musl-cross-make, that might as well be an undesired artifact of those?

[tlaurion]

@JonathonHall-Purism tested bumping musl-cross-make to latest avail commit but same error on x230-maximized and clean built: "Unknown TPM log specification:"

https://github.com/tlaurion/heads/tree/422_fhd_newer-musl

[tlaurion]

@JonathonHall-Purism

Well, TBH I'm not sure a lot of other use so much measured boot outside of Heads @JonathonHall-Purism ? This shows its not tested a lot, or as you said, since cbmem is built by musl-cross-make related doubts, which is compiler buillding everything tools.cpio related under Heads, including cbmem here), that might as well be an undesired artifact of those? (modified quote)

I took the time to use rom produced here (4.22.01 tag release codebase built with measured boot and coreboot custom event log format) and test cbmem built on top of ubuntu 23.10/debian trixie OS (to remove musl-cross-make doubts).

Interestingly enough:

• sudo ~/Downloada/coreboot-4.22.01/util/cbmem/cbmem -L : Unknown TPM log specification: : FAIL
• sudo ~/Downloada/coreboot-4.19/util/cbmem/cbmem -L : coreboot TPM log: [...] : OK

So now, let's test cbmem behavior in between those release versions:

• sudo ~/Downloada/coreboot-4.21/util/cbmem/cbmem -L : Unknown TPM log specification: : FAIL
• sudo ~/Downloada/coreboot-4.20.1/util/cbmem/cbmem -L : coreboot TPM log: [...] : OK

So cbmem -L broke somewhere between 4.20.1 and 4.21.

---

Raised awareness under #coreboot channel at https://matrix.to/#/!EhaGFZyYcbyhdSgStq:matrix.org/$DJW_mF5d1PfhJIvoM-_HvX8s3BpzNvtNu77auhvKBo0?via=matrix.org&via=sibnsk.net&via=datanauten.de. @miczyg1 said he would take a look at https://matrix.to/#/!EhaGFZyYcbyhdSgStq:matrix.org/$34SHe96Ef5Qrv2pIXtmi2lqpSwnh1GsKXlZCR9I7PpY?via=matrix.org&via=sibnsk.net&via=datanauten.de

[tlaurion]

Thanks to you all, edp/fhd was merged upstream (~4.24 to be)

EDIT: coreboot switches to date based releases. So coreboot 24.02 it will be...

[tlaurion]

Testing FHD+4.23 coreboot is under https://github.com/tlaurion/heads/tree/pre423-edp_fhd_in-tpm_tcg_event_log-CircleCi_coreboot_cache_fixed

As of now, the branch is just to show that cbmem -L fails (just as here) but for fixes to be made upstream as reported at https://github.com/linuxboot/heads/pull/1609#issuecomment-1944461330

[tlaurion]

Updated to match coreboot merged https://review.coreboot.org/c/coreboot/+/28950. Might need manual fix (since other things changed for 4.23)

EDIT: yep. Manual fixes needed for 4.22

[tlaurion]

Traces to debug coreboot custom TPM event log for 4bb8317 at https://github.com/linuxboot/heads/issues/1608#issuecomment-1952968828

Switching to TPM TCG event log format on next commit

[tlaurion]

Logs for 6b61f61 segfaulting TCG event log cbmem -L output under https://github.com/linuxboot/heads/issues/1608#issuecomment-1953036042

Not a blocker: tpmr (pcr replay) works, but dmesg will show segfault until fixed.

[tlaurion]

@pcm720 can you confirm upstream merged+modified(minimal: only filename changes) edp/fhd patchset works as expected here? Should.

[tlaurion]

@lethedata: https://github.com/linuxboot/heads/issues/1603#issuecomment-1953074868 "reboot issue" might not be fixed by this and as of today, is outside of my comprehension.

[tlaurion]

Tested:

• [x] w530-hotp-maximized (@tlaurion main station: iGPU only)
• [x] x230-maximized (@tlaurion testing station)
• [x] x230-fhd/edp variant: @n4ru @computer-user123 (nitro caster board) @Tonux599 @househead @pcm720 (eDP 4.0 board and 1440p display) : (thanks @pcm720)
• [x] t420 (xx20): @alexmaloteaux @natterangell (iGPU) @akfhasodh @doob85 (thanks @natterangell)
• [x] x220 (xx20): @Thrilleratplay @BlackMaria @srgrint : @srgrint thanks for testing.
• [x] t430 (xx30): @nestire(t430-legacy, t430-maximized) @Thrilleratplay @alexmaloteaux @lsafd @bwachter(iGPU maximized) @shamen123 @eganonoa(iGPU) @nitrosimon @jans23 @icequbes1 (iGPU) @weyounsix (t430-dgpu) : Thanks @srgrint for testing
• [x] t440p: @ThePlexus @srgrint @akunterkontrolle @rbreslow : Thanks @srgrint for testing.
• [x] w541 (similar to t440p): @resende-gustavo @gaspar-ilom : thanks @gaspar-ilom for testing.
• [x] x230 (xx30): @nestire(x230-legacy, x230-maximized) @tlaurion(maximized) @osresearch @merge @jan23 @MrChromebox @shamen123 @eganonoa @bwachter @Thrilleratplay @jnscmns @doob85 : Thnaks to myself for testing.
• [x] HP Z220 CMT (Ivy bridge): @d-wid : Thanks @d-wid for testing.

Needs testing:

• [ ] t430-dgpu (xx30): @weyounsix (t430-dgpu)
• [ ] t520 (xx30): NOBODY
• [ ] t530 (xx30): @3hhh
• [ ] w530-dgpu (xx30): @weyounsix (dGPU: w530-k2000m) @jnscmns (dGPU K1000M) @computer-user123 (w530 / & w530 k2000 : prefers iGPU)
• [x] X230i (x230): @natterangell
• [ ] ASUS P8Z77 M PRO (Ivy bridge): @ThePlexus

As of now, HOTP+TPM DUK+suspend+resume works as expected and no regression reported on tested boards above.

[pcm720]

@pcm720 can you confirm upstream merged+modified(minimal: only filename changes) edp/fhd patchset works as expected here? Should.

Yes, everything works as expected, no issues with disk decryption or OS reboots.

[tlaurion]

Testing needed, everyone!

[tlaurion]

Untested boards will move to UNTESTED. UNTESTED boards that were untested prior of this PR will go to UNMAINTAINED in future commit prior of merging.

[natterangell]

t420-hotp-maximized tested and works!

[d-wid]

I'll get to it next Wednesday or, if you don't mind

On 21 February 2024 21:18:25 UTC, Thierry Laurion @.***> wrote:

Tested:

• [x] w530-hotp-maximized @.*** main station: iGPU only)
• [x] x230-maximized @.*** testing station)
• [x] x230-maximized-fhd_edp (thanks @pcm720)

Needs testing:

• [ ] x220 (xx20): @Thrilleratplay @BlackMaria @srgrint
• [ ] t420 (xx20): @alexmaloteaux @natterangell (iGPU) @akfhasodh @doob85
• [ ] t430 (xx30): @nestire(t430-legacy, t430-maximized) @Thrilleratplay @alexmaloteaux @lsafd @bwachter(iGPU maximized) @shamen123 @eganonoa(iGPU) @nitrosimon @jans23 @icequbes1 (iGPU) @weyounsix (t430-dgpu)
• [ ] t430-dgpu (xx30): @weyounsix (t430-dgpu)
• [ ] t520 (xx30): NOBODY
• [ ] t530 (xx30): @3hhh
• [ ] w530-dgpu (xx30): @weyounsix (dGPU: w530-k2000m) @jnscmns (dGPU K1000M) @computer-user123 (w530 / & w530 k2000 : prefers iGPU)
• [ ] x230 (xx30): @nestire(x230-legacy, x230-maximized) @tlaurion(maximized) @osresearch @merge @jan23 @MrChromebox @shamen123 @eganonoa @bwachter @Thrilleratplay @jnscmns @doob85
• [ ] X230i (x230): @natterangell
• [ ] x230-fhd/edp variant: @n4ru @computer-user123 (nitro caster board) @Tonux599 @househead @pcm720 (eDP 4.0 board and 1440p display)
• [ ] t440p: @ThePlexus @srgrint @akunterkontrolle @rbreslow
• [ ] w541 (similar to t440p): @resende-gustavo @gaspar-ilom
• [ ] ASUS P8Z77 M PRO (Ivy bridge): @ThePlexus
• [ ] HP Z220 CMT (Ivy bridge): @d-wid

As of now, HOTP+TPM DUK+suspend+resume works as expected and no regression reported on tested boards above.

-- Reply to this email directly or view it on GitHub: https://github.com/linuxboot/heads/pull/1604#issuecomment-1953128002 You are receiving this because you were mentioned.

Message ID: @.***>

[JonathonHall-Purism]

I'll get to it next Wednesday or, if you don't mind

tlaurion is away until March 20th, so no rush :+1:

[tlaurion]

I'll get to it next Wednesday or, if you don't mind

tlaurion is away until March 20th, so no rush :+1:

@d-wid @JonathonHall-Purism it was intentional to push for testing before leaving on my side. Last time I asked for testing, it took more then 3weeks to get the results.

So @d-wid and others: please have your testing reports before march 20th. Happy testing!

[srgrint]

Have tested heads-x220-maximized-v0.2.0-2027-g6b61f61.rom Seems to work fine.

[gaspar-ilom]

I have regression tested W541 (heads-w541-hotp-maximized-v0.2.0-2027-g6b61f61.rom). No findings. You may mark it as tested.

[srgrint]

Have also tested t440p - also seems to work fine.

[srgrint]

Tested on my intel graphics T430. Seems to work fine.

[d-wid]

Seems to work fine on the HP Z220 too.

[tlaurion]

Thanks to all testing reports per https://github.com/linuxboot/heads/pull/1604#issuecomment-1953128002, last call for testing for :

• [ ] t430-dgpu (xx30): @weyounsix (t430-dgpu)
• [ ] t520 (xx30): NOBODY
• [ ] t530 (xx30): @3hhh
• [ ] w530-dgpu (xx30): @weyounsix (dGPU: w530-k2000m) @jnscmns (dGPU K1000M) @computer-user123 (w530 / & w530 k2000 : prefers iGPU)
• [x] X230i (x230): @natterangell
• [ ] ASUS P8Z77 M PRO (Ivy bridge): @ThePlexus

Some boards will go to UNTESTED, and current UNTESTED boards will go UNMAINTAINTED.