Merge pull request #1478 from tlaurion/stenghten_entropy_sources_with_jitter_and_TPM

Have CRNG avail early on boot and maximize ligcrypt entropy sources/efficiency

Author: tlaurion

boards/qemu-coreboot-fbwhiptail-tpm1-hotp/qemu-coreboot-fbwhiptail-tpm1-hotp.md

@@ -32,6 +32,7 @@ Bootstrapping a working system
    * For `<token>`, use one of:
      * `NitrokeyPro` - a Nitrokey Pro by VID/PID
      * `NitrokeyStorage` - a Nitrokey Storage by VID/PID
+     * `Nitrokey3NFC` - a Nitrokey 3 by VID:PID
      * `LibremKey` - a Librem Key by VID/PID
      * `hostbus=#,hostport=#` - indicate a host bus and port (see qemu usb-host)
      * `vendorid=#,productid=#` - indicate a device by VID/PID (decimal, see qemu usb-host)
@@ -40,7 +41,7 @@ Bootstrapping a working system
    * Then Heads will indicate that there is no TOTP code yet, at this point shut down (Continue to main menu -> Power off)
 5. Get the public key that was saved to the virtual USB flash drive
    * `sudo mkdir /media/fd_heads_gpg`
-   * `sudo mount ./build/qemu-coreboot-fbwhiptail-tpm1-hotp/usb_fd.raw /media/fd_heads_gpg`
+   * `sudo mount ./build/x86/qemu-coreboot-fbwhiptail-tpm1-hotp/usb_fd.raw /media/fd_heads_gpg`
    * Look in `/media/fd_heads_gpg` and copy the most recent public key
    * `sudo umount /media/fd_heads_gpg`
 6. Inject the GPG key into the Heads image and run again

boards/x230-hotp-maximized/x230-hotp-maximized.config

@@ -13,6 +13,10 @@ export CONFIG_LINUX_VERSION=5.10.5
 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-maximized.config
 CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
 
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+
 #Additional hardware support
 CONFIG_LINUX_USB=y
 CONFIG_LINUX_E1000E=y

boards/x230-maximized/x230-maximized.config

@@ -13,6 +13,10 @@ export CONFIG_LINUX_VERSION=5.10.5
 CONFIG_COREBOOT_CONFIG=config/coreboot-x230-maximized.config
 CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
 
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+
 #Additional hardware support
 CONFIG_LINUX_USB=y
 CONFIG_LINUX_E1000E=y

config/busybox.config

@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Busybox version: 1.36.1
-# Fri Jul 21 14:38:54 2023
+# Thu Oct  5 11:19:09 2023
 #
 CONFIG_HAVE_DOT_CONFIG=y
 
@@ -368,7 +368,7 @@ CONFIG_FEATURE_WC_LARGE=y
 # Console Utilities
 #
 # CONFIG_CHVT is not set
-# CONFIG_CLEAR is not set
+CONFIG_CLEAR=y
 # CONFIG_DEALLOCVT is not set
 # CONFIG_DUMPKMAP is not set
 # CONFIG_FGCONSOLE is not set
@@ -381,7 +381,7 @@ CONFIG_DEFAULT_SETFONT_DIR=""
 # CONFIG_FEATURE_LOADFONT_RAW is not set
 CONFIG_LOADKMAP=y
 # CONFIG_OPENVT is not set
-# CONFIG_RESET is not set
+CONFIG_RESET=y
 # CONFIG_RESIZE is not set
 # CONFIG_FEATURE_RESIZE_PRINT is not set
 # CONFIG_SETCONSOLE is not set
@@ -1151,7 +1151,7 @@ CONFIG_ASH_SLEEP=y
 CONFIG_ASH_HELP=y
 CONFIG_ASH_GETOPTS=y
 CONFIG_ASH_CMDCMD=y
-# CONFIG_CTTYHACK is not set
+CONFIG_CTTYHACK=y
 # CONFIG_HUSH is not set
 # CONFIG_SHELL_HUSH is not set
 # CONFIG_HUSH_BASH_COMPAT is not set

config/coreboot-t420-maximized.config

@@ -204,7 +204,7 @@ CONFIG_GFX_GMA_PANEL_1_PORT="LVDS"
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=2"
 CONFIG_BOARD_ROMSIZE_KB_8192=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-t420.config

@@ -203,7 +203,7 @@ CONFIG_GFX_GMA_PANEL_1_PORT="LVDS"
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=2"
 CONFIG_BOARD_ROMSIZE_KB_8192=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-t430-legacy.config

@@ -202,7 +202,7 @@ CONFIG_GFX_GMA_PANEL_1_PORT="LVDS"
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=2"
 CONFIG_BOARD_ROMSIZE_KB_12288=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-t430-maximized.config

@@ -204,7 +204,7 @@ CONFIG_GFX_GMA_PANEL_1_PORT="LVDS"
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=2"
 CONFIG_BOARD_ROMSIZE_KB_12288=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-t440p.config

@@ -202,7 +202,7 @@ CONFIG_PCIEXP_CLK_PM=y
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 CONFIG_TPM_MEASURED_BOOT=y
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=2"
 CONFIG_BOARD_ROMSIZE_KB_12288=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set

config/coreboot-t520-maximized.config

@@ -205,7 +205,7 @@ CONFIG_BOARD_LENOVO_BASEBOARD_T520=y
 CONFIG_HEAP_SIZE=0x4000
 CONFIG_EC_GPE_SCI=0x50
 # CONFIG_TPM_MEASURED_BOOT is not set
-CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=3"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet loglevel=2"
 CONFIG_BOARD_ROMSIZE_KB_8192=y
 # CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
 # CONFIG_COREBOOT_ROMSIZE_KB_512 is not set