Heads Versions Save

This release adds several new features, the most important of which is an easier way to configure which pieces are included into the ROM image. There are is also a overhaul of the initialization scripts, which makes a more streamlined boot process for Qubes and management of encryption keys. Documentation has moved to http://osresearch.net/ and can be edited via osresearch/heads-wiki.

sha256 hashes for a clean checkout of 0.2.0 (verified on Fedora 23+25, Ubuntu 12.04, 16.04 and 16.10):

1b97745538d99702340c8b42d548e892678da421f8d5ff609c57f59af79e632f  qemu.rom
5b0026c87e6b4f7ae72df420f2a56fdd2bda341c0c9149a7cc924485fc02667d  x230.rom
a0843fe080598c8a8f7fa6b1293cf3afb5d6b5587d4f33a386ce4d3146bf42e1  x230.flash.rom

General updates

• flashrom is in the recovery shell and can be used to reflash the system firmware without requiring a hardware programmer to upgrade Heads.
• A full version of gpg is installed with Yubikey support. You can now sign files in /boot as well as the root hashes for dm-verity filesystems using an external hardware token.
• lvm is installed in the firmware image, allowing volume management instead of partitions.
• TPM counters are used to prevent roll-back attacks on previously signed versions.
• TPM owner password is no longer required after initial setup of NVRAM and counters.
• TPM TOTP value is updated every thirty seconds while waiting for disk unlock code.
• Loading kernel modules with insmod will adjust PCR 4 to prevent the TPM from unsealing secrets if any unexpected modules are loaded.
• Network devices drivers are available as loadable kernel modules for server bootstrapping.
• Networking tools like ssh and scp are available to fetch new firmware images or kernels.
• Makefile documentation on how to add new submodules.

Hardware updates

• Preliminary support for the Puri.sm Librem 13 laptop and plans to ship pre-installed on their next hardware rev.
• x230 Thinkpad image now uses all available 7 MB to fit these extra features. There is a separate x230-flash.rom that fits into the top 4MB chip to help bootstrap the installation process.
• x230 ethernet and both side USB ports work (although note that if you have run ME cleaner on the ROM the ethernet port will not function)

Qubes specific updates

• qubes-install script to simplify initial setup, qubes-update script to sign after a Qubes update.
• seal-key / unseal-key takes into account the encrypted disk LUKS headers, as suggested by the Qubes AEM tools.
• Qubes' initramfs is modified on bootup to install the key unsealed by the TPM.
• ROM configuration no longer depends on hardcoded values for the UUID of / filesystem.
• Xen 4.6.4 works with Heads (although note that the Qubes' Xen tree is not tracked, issue #159)

Known issues

Please file any you run into: https://github.com/osresearch/heads/issues

• BP# bits are not set (issue #12)
• PRR and FLOCKDN are not set (issue #184)
• MRC region on x230 is measured before being written, requiring two reboots after flashing (issue #150)
• Clean builds take a long time (issue #162 and #163 )
• Chell chromebook builds are broken (issue #38)

This release adds several new features, the most important of which is an easier way to configure which pieces are included into the ROM image. There are is also a overhaul of the initialization scripts, which makes a more streamlined boot process for Qubes and management of encryption keys. Documentation has moved to http://osresearch.net/ and can be edited via osresearch/heads-wiki.

sha256 hashes for a clean checkout of 0.2.0 (verified on Fedora 23+25, Ubuntu 12.04, 16.04 and 16.10):

b7db7ecfddd8707b8a49a7ff82c5d37eac62c482f8f9681ffd6a18ff23fde49b  qemu.rom
1b8503ed0d916fa19eb02e22c33c30cac44b0d0ede6ee46ec6acd784566c3b00  x230.flash.rom
d0850cfc3f8eb3bb3c17911577868cbbc811fe00040e2b9128ccd7647a558982  x230.rom

General updates

• flashrom is in the recovery shell and can be used to reflash the system firmware without requiring a hardware programmer to upgrade Heads.
• A full version of gpg is installed with Yubikey support. You can now sign files in /boot as well as the root hashes for dm-verity filesystems using an external hardware token.
• lvm is installed in the firmware image, allowing volume management instead of partitions.
• TPM counters are used to prevent roll-back attacks on previously signed versions.
• TPM owner password is no longer required after initial setup of NVRAM and counters.
• TPM TOTP value is updated every thirty seconds while waiting for disk unlock code.
• Loading kernel modules with insmod will adjust PCR 4 to prevent the TPM from unsealing secrets if any unexpected modules are loaded.
• Network devices drivers are available as loadable kernel modules for server bootstrapping.
• Networking tools like ssh and scp are available to fetch new firmware images or kernels.
• Makefile documentation on how to add new submodules.

Hardware updates

• Preliminary support for the Puri.sm Librem 13 laptop and plans to ship pre-installed on their next hardware rev.
• x230 Thinkpad image now uses all available 7 MB to fit these extra features. There is a separate x230-flash.rom that fits into the top 4MB chip to help bootstrap the installation process.
• x230 ethernet and both side USB ports work (although note that if you have run ME cleaner on the ROM the ethernet port will not function)

Qubes specific updates

• qubes-install script to simplify initial setup, qubes-update script to sign after a Qubes update.
• seal-key / unseal-key takes into account the encrypted disk LUKS headers, as suggested by the Qubes AEM tools.
• Qubes' initramfs is modified on bootup to install the key unsealed by the TPM.
• ROM configuration no longer depends on hardcoded values for the UUID of / filesystem.
• Xen 4.6.4 works with Heads (although note that the Qubes' Xen tree is not tracked, issue #159)

Known issues

Please file any you run into: https://github.com/osresearch/heads/issues

• BP# bits are not set (issue #12)
• PRR and FLOCKDN are not set (issue #184)
• MRC region on x230 is measured before being written, requiring two reboots after flashing (issue #150)
• Clean builds take a long time (issue #162 and #163 )
• Chell chromebook builds are broken (issue #38)

A clean checkout takes about 30-50 minutes to build since it makes multiple versions of gcc and binutils. When the build is done it should produce the following sha256 hashes for the two currently working boards:

a7ca26f3b874c52b8284d3d74294fed3937274b699af0b66d50c512455306a9f  qemu.rom
83df0b6845fdd6b335119f7e89e08c47ec3566f515fe93bc528fcd955587a43e  x230.rom

This includes an update to Linux 4.9.7 and coreboot 4.5, and replaces the system libc with musl-libc to ensure that there are no dependencies on the build system's utilities. It still requires reflashing via a hardware SPi programmer and it is still difficult to install Qubes. Hopefully the UX will improve in the next release.

The Chell chromebook can be made to work, but needs attention to become part of the functioning build again.

Xen is not built as part of the normal make. Run make xen.intermediate to generate build/xen-4.6.3/xen/xen.gz. Please note the xen build is reproducible for a given compiler, but is not yet reproducible across systems.

Lots of cleanup, with some new features:

• Builds from a clean checkout
• Coreboot clones from github tree
• Patched to include TPM support in romstage (bootblock in PCR0, romstage in 1)
• romstage and ramstage measure all CBFS files into PCR2 and 3.
• Fixes SMM uninitialized memory that was causing bad measurements.

This is a the first release that is capable of a full build from a clean checkout. There are many issues remaining and, while it works on at least one x230, that is no guarantee that it will work on your x230.