Closed tlaurion closed 7 months ago
A few other ideas:
Clean up board-specific files from other devices. (Example is flashrom-kgpe-d16-openbmc.sh is present in X230 builds, x230-flash.init being in main X230 or on Chell Chromebook). This change will likely need to happen during the build process.
Move flash definitions from flash.sh to the board config files. As we support more boards, this will be critical, as all maintained boards are presently defined in flash.sh, and as this project supports more and more boards, flash.sh will get larger and larger. I've started work on this.
These may not be as high priority as other changes, but ones to certainly look at to help reduce firmware size, especially as the project grows.
@SebastianMcMillan : Those are good cleanup ideas, but unfortunately, will not impact the initrd.cpio.xz (including heads.cpio and tools.cpio), those text files being highly compressed.
The problem lies in binaries, not higly compressed under initrd.cpio.xz
This article (or the series it comes from) may yield some inspiration: https://lwn.net/Articles/748198/ Edit: this one is probably more useful https://lwn.net/Articles/741494/
Solution lies in #307
@zaolin pointed out:
Update: Getting rid of libgcrypt and replacement for gpg would be a good way to safe 2MB in total. See, https://sequoia-pgp.org/ as alternative
Update: Getting rid of libgcrypt and replacement for gpg would be a good way to safe 2MB in total. See, https://sequoia-pgp.org/ as alternative
@zaolin : Unfortunately, there is no smartcard support in sequoia-pgp ATM, on which Heads relies on for verified /boot integrity.
@tlaurion ask them for support, they should have basic support for it. They are on IRC #sequoia at Freenode
Here we go again, since
To troubleshoot:
make BOARD=x230
cd build/x230
xz -d initrd.cpio.xz ; for i in initrd.cpio modules.cpio tools.cpio heads.cpio; do cpio -i < $i; done && find . -type f -ls | sort -r -n -k7 |grep -v cpio
Output:
28192 2956 -rw-r--r-- 1 user user 3023312 May 3 12:25 ./bzImage
61393 1592 -rwx------ 1 user user 1627856 May 3 12:45 ./bin/lvm
61507 1132 -rwx------ 1 user user 1156424 May 3 12:45 ./lib/libgcrypt.so.20
61352 892 -rwx------ 1 user user 911264 May 3 12:45 ./bin/gpg
61504 740 -rwx------ 1 user user 757232 May 3 12:45 ./lib/libcairo.so.2
61515 652 -rwx------ 1 user user 666216 May 3 12:45 ./lib/libpixman-1.so.0
61502 584 -rwx------ 1 user user 596544 May 3 12:45 ./lib/libc.so
61347 556 -rwx------ 1 user user 568264 May 3 12:45 ./bin/flashrom
61313 472 -rwx------ 1 user user 483160 May 3 12:45 ./bin/busybox
61424 400 -rwx------ 1 user user 407784 May 3 12:45 ./bin/scdaemon
61353 368 -rwx------ 1 user user 376024 May 3 12:45 ./bin/gpg-agent
61519 332 -rwx------ 1 user user 339304 May 3 12:45 ./lib/libtpm.so
61506 328 -rwx------ 1 user user 333240 May 3 12:45 ./lib/libdevmapper.so.1.02
61511 320 -rwx------ 1 user user 325104 May 3 12:45 ./lib/libmbedcrypto.so.0
61524 300 -rw------- 1 user user 304272 May 3 12:45 ./lib/modules/e1000e.ko
61510 224 -rwx------ 1 user user 227696 May 3 12:45 ./lib/libksba.so.8
61516 204 -rwx------ 1 user user 207912 May 3 12:45 ./lib/libpng16.so.16
61335 184 -rwx------ 1 user user 184824 May 3 12:45 ./bin/dropbear
61442 176 -rwx------ 1 user user 176408 May 3 12:45 ./bin/ssh
61369 168 -rwx------ 1 user user 170984 May 3 12:45 ./bin/kexec
61528 160 -rw------- 1 user user 159840 May 3 12:45 ./lib/modules/xhci-hcd.ko
61505 156 -rwx------ 1 user user 159000 May 3 12:45 ./lib/libcryptsetup.so.4
61334 136 -rwx------ 1 user user 137464 May 3 12:45 ./bin/dmsetup
61527 132 -rw------- 1 user user 132360 May 3 12:45 ./lib/modules/usb-storage.ko
61509 128 -rwx------ 1 user user 130000 May 3 12:45 ./lib/libgpg-error.so.0
61456 124 -rwx------ 1 user user 126584 May 3 12:45 ./bin/tpm
61523 108 -rwx------ 1 user user 108832 May 3 12:45 ./lib/libz.so.1
61521 96 -rwx------ 1 user user 96896 May 3 12:45 ./lib/libusb-1.0.so.0
61501 76 -rwx------ 1 user user 76736 May 3 12:45 ./lib/libassuan.so.0
61390 72 -rwx------ 1 user user 73600 May 3 12:45 ./bin/lspci
61525 64 -rw------- 1 user user 64800 May 3 12:45 ./lib/modules/ehci-hcd.ko
61326 64 -rwx------ 1 user user 62328 May 3 12:45 ./bin/cryptsetup-reencrypt
61325 60 -rwx------ 1 user user 59144 May 3 12:45 ./bin/cryptsetup
61514 52 -rwx------ 1 user user 52272 May 3 12:45 ./lib/libpci.so.3.5.4
61513 52 -rwx------ 1 user user 52272 May 3 12:45 ./lib/libpci.so.3
61411 52 -rwx------ 1 user user 52200 May 3 12:45 ./bin/pinentry-tty
61343 52 -rwx------ 1 user user 51616 May 3 12:45 ./bin/fbwhiptail
61517 48 -rwx------ 1 user user 48088 May 3 12:45 ./lib/libpopt.so.0
61518 48 -rwx------ 1 user user 47448 May 3 12:45 ./lib/libqrencode.so.3
61473 32 -rwx------ 1 user user 32560 May 3 12:45 ./bin/veritysetup
61319 28 -rwx------ 1 user user 27048 May 3 12:45 ./bin/cbmem
61425 24 -rwx------ 1 user user 22664 May 3 12:45 ./bin/scp
61349 24 -rwx------ 1 user user 22432 May 3 12:45 ./bin/flashtool
61488 20 -rw------- 1 user user 19992 May 3 12:45 ./etc/distro/keys/tails.key
61495 20 -rw------- 1 user user 18852 May 3 12:45 ./etc/oem/keys/insurgo.key
61520 20 -rwx------ 1 user user 18464 May 3 12:45 ./lib/libusb-0.1.so.4
61317 20 -rwx------ 1 user user 18352 May 3 12:45 ./bin/cbfs
61461 20 -rwx------ 1 user user 18320 May 3 12:45 ./bin/uefi
61358 16 -rwx------ 1 user user 14657 May 3 12:45 ./bin/gui-init
61522 16 -rwx------ 1 user user 14656 May 3 12:45 ./lib/libuuid.so.1
61512 16 -rwx------ 1 user user 14552 May 3 12:45 ./lib/libnpth.so.0
61414 16 -rwx------ 1 user user 14200 May 3 12:45 ./bin/poke
61407 12 -rwx------ 1 user user 12056 May 3 12:45 ./bin/oem-factory-reset
61486 12 -rw------- 1 user user 10955 May 3 12:45 ./etc/distro/keys/fedora.key
61526 12 -rw------- 1 user user 10728 May 3 12:45 ./lib/modules/ehci-pci.ko
61529 12 -rw------- 1 user user 10568 May 3 12:45 ./lib/modules/xhci-pci.ko
61409 12 -rwx------ 1 user user 10096 May 3 12:45 ./bin/peek
61309 12 -rwx------ 1 user user 10088 May 3 12:45 ./bin/base32
100 12 -rw-r--r-- 1 user user 10056 May 3 12:39 ./hashes.txt
61454 12 -rwx------ 1 user user 10048 May 3 12:45 ./bin/totp
61366 12 -rwx------ 1 user user 10024 May 3 12:45 ./bin/hotp
61378 12 -rwx------ 1 user user 9894 May 3 12:45 ./bin/kexec-select-boot
61354 12 -rwx------ 1 user user 9681 May 3 12:45 ./bin/gpg-gui.sh
61490 8 -rwx------ 1 user user 8173 May 3 12:45 ./etc/functions
61322 8 -rwx------ 1 user user 5924 May 3 12:45 ./bin/config-gui.sh
61418 8 -rwx------ 1 user user 5912 May 3 12:45 ./bin/qrenc
61377 8 -rwx------ 1 user user 4178 May 3 12:45 ./bin/kexec-seal-key
61345 4 -rwx------ 1 user user 4074 May 3 12:45 ./bin/flash-gui.sh
61374 4 -rwx------ 1 user user 3654 May 3 12:45 ./bin/kexec-parse-boot
61375 4 -rwx------ 1 user user 3364 May 3 12:45 ./bin/kexec-save-default
61498 4 -rwx------ 1 user user 3322 May 3 12:45 ./init
61370 4 -rwx------ 1 user user 3099 May 3 12:45 ./bin/kexec-boot
61400 4 -rwx------ 1 user user 3043 May 3 12:45 ./bin/mount-usb
61426 4 -rwx------ 1 user user 2717 May 3 12:45 ./bin/seal-libremkey
61371 4 -rwx------ 1 user user 2344 May 3 12:45 ./bin/kexec-insert-key
61471 4 -rwx------ 1 user user 2130 May 3 12:45 ./bin/usb-scan
61373 4 -rwx------ 1 user user 2033 May 3 12:45 ./bin/kexec-parse-bls
61427 4 -rwx------ 1 user user 2027 May 3 12:45 ./bin/seal-totp
61466 4 -rwx------ 1 user user 1838 May 3 12:45 ./bin/unseal-hotp
61346 4 -rwx------ 1 user user 1724 May 3 12:45 ./bin/flash.sh
61376 4 -rwx------ 1 user user 1677 May 3 12:45 ./bin/kexec-save-key
61487 4 -rw------- 1 user user 1629 May 3 12:45 ./etc/distro/keys/qubes-4.key
61379 4 -rwx------ 1 user user 1407 May 3 12:45 ./bin/kexec-sign-config
61372 4 -rwx------ 1 user user 1375 May 3 12:45 ./bin/kexec-iso-init
61530 4 -rwx------ 1 user user 1373 May 3 12:45 ./mount-boot
61350 4 -rwx------ 1 user user 1299 May 3 12:45 ./bin/generic-init
60093 4 -rw------- 1 user user 1247 May 3 12:45 ./.ash_history
61380 4 -rwx------ 1 user user 1044 May 3 12:45 ./bin/kexec-unseal-key
61546 4 -rwx------ 1 user user 1000 May 3 12:45 ./sbin/insmod
61535 4 -rwx------ 1 user user 922 May 3 12:45 ./sbin/config-dhcp.sh
61318 4 -rwx------ 1 user user 799 May 3 12:45 ./bin/cbfs-init
61381 4 -rwx------ 1 user user 770 May 3 12:45 ./bin/key-init
61485 4 -rw------- 1 user user 700 May 3 12:45 ./etc/config
61457 4 -rwx------ 1 user user 694 May 3 12:45 ./bin/tpm-reset
61403 4 -rwx------ 1 user user 675 May 3 12:45 ./bin/network-init-recovery
61462 4 -rwx------ 1 user user 661 May 3 12:45 ./bin/uefi-init
61467 4 -rwx------ 1 user user 634 May 3 12:45 ./bin/unseal-totp
61479 4 -rwx------ 1 user user 574 May 3 12:45 ./bin/x230-flash.init
61419 4 -rwx------ 1 user user 366 May 3 12:45 ./bin/qubes-measure-luks
61348 4 -rwx------ 1 user user 360 May 3 12:45 ./bin/flashrom-kgpe-d16-openbmc.sh
61477 4 -rwx------ 1 user user 320 May 3 12:45 ./bin/wget-measure.sh
61420 4 -rwx------ 1 user user 258 May 3 12:45 ./bin/reboot
61470 4 -rwx------ 1 user user 220 May 3 12:45 ./bin/usb-init
61415 4 -rwx------ 1 user user 205 May 3 12:45 ./bin/poweroff
61489 4 -rw------- 1 user user 197 May 3 12:45 ./etc/fstab
61493 4 -rw------- 1 user user 174 May 3 12:45 ./etc/motd
61355 4 -rwx------ 1 user user 106 May 3 12:45 ./bin/gpgv
60437 4 -rw------- 1 user user 73 May 3 12:45 ./.gnupg/gpg-agent.conf
61478 4 -rwx------ 1 user user 35 May 3 12:45 ./bin/whiptail
61497 4 -rw------- 1 user user 27 May 3 12:45 ./etc/shells
61496 4 -rw------- 1 user user 27 May 3 12:45 ./etc/passwd
61492 4 -rw------- 1 user user 20 May 3 12:45 ./etc/hosts
61491 4 -rw------- 1 user user 10 May 3 12:45 ./etc/group
61303 4 -rw------- 1 user user 10 May 3 12:45 ./.gnupg/gpg.conf
A public build showing that not moving along with this actual ticket or with #703 is breaking x230 support and 12Mb boards altogether, Heads having become too big.
@flammit: This build will fail at coreboot integration of cpios (CBFS region not being big enough), but artifacts will include initird.cpio.xz, heads.cpio, tools.cpio and modules.cpio for others to see the limit and dead end we are now facing.
Now what?
@tlaurion is reducing the kernel size not an option, or simply too much effort?
@MrChromebox : my reluctance in attacking Kernel size reduction comes with the conclusions of #453 where some 300k were obtained. Of course, those recommendations should be investigated.
Will reread myself. I have tagged you in #517 to resume there if you can reduce FBWhiptail general footprint, which are the next in line (when combined) after kernel, while lvm and gpg would also to be addressed.
I'll revisit gpg2 myself, in the goal of fixing #668 for #710
@MrChromebox #668 and #710 being resolved, I've been looking at multiple source on kernel debloating to do some state of the art.
It seems that be most interesting articles are...
Runtime collection based optimizations:
LTO:
Reading.
Playing around with information found under this "Shrinking the kernel with an AXE" blog post to reduce kernel size prior of going the LTO way.
git diff osresearch/master> patch
cat patch
diff --git a/config/linux-x230.config b/config/linux-x230.config
index dd5af0c..6cb7ea8 100644
--- a/config/linux-x230.config
+++ b/config/linux-x230.config
@@ -14,6 +14,7 @@ CONFIG_INITRAMFS_SOURCE="../../../blobs/dev.cpio"
# CONFIG_RD_LZO is not set
# CONFIG_RD_LZ4 is not set
CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+# CONFIG_MULTIUSER is not set
# CONFIG_SGETMASK_SYSCALL is not set
# CONFIG_SYSFS_SYSCALL is not set
# CONFIG_BASE_FULL is not set
@@ -25,18 +26,18 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y
# CONFIG_MEMBARRIER is not set
CONFIG_EMBEDDED=y
# CONFIG_VM_EVENT_COUNTERS is not set
-# CONFIG_SLUB_DEBUG is not set
# CONFIG_COMPAT_BRK is not set
+CONFIG_SLOB=y
CONFIG_JUMP_LABEL=y
CONFIG_CC_STACKPROTECTOR_STRONG=y
CONFIG_MODULES=y
+CONFIG_TRIM_UNUSED_KSYMS=y
# CONFIG_IOSCHED_DEADLINE is not set
# CONFIG_IOSCHED_CFQ is not set
CONFIG_SMP=y
# CONFIG_X86_EXTENDED_PLATFORM is not set
CONFIG_PROCESSOR_SELECT=y
# CONFIG_CPU_SUP_CENTAUR is not set
-CONFIG_PREEMPT_VOLUNTARY=y
CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
# CONFIG_X86_MCE_AMD is not set
# CONFIG_PERF_EVENTS_INTEL_RAPL is not set
@@ -56,7 +57,6 @@ CONFIG_KEXEC_FILE=y
CONFIG_PHYSICAL_ALIGN=0x1000000
# CONFIG_MODIFY_LDT_SYSCALL is not set
# CONFIG_SUSPEND is not set
-CONFIG_ACPI_VIDEO=y
CONFIG_PCI_MSI=y
# CONFIG_HT_IRQ is not set
CONFIG_PCI_IOV=y
@@ -184,9 +184,7 @@ CONFIG_MFD_SYSCON=y
CONFIG_DRM=y
CONFIG_DRM_I915=y
CONFIG_FB_VESA=y
-CONFIG_BACKLIGHT_LCD_SUPPORT=y
# CONFIG_LCD_CLASS_DEVICE is not set
-CONFIG_BACKLIGHT_CLASS_DEVICE=y
# CONFIG_BACKLIGHT_GENERIC is not set
CONFIG_FRAMEBUFFER_CONSOLE=y
CONFIG_USB=y
@@ -207,9 +205,7 @@ CONFIG_GENERIC_PHY=y
# CONFIG_DMIID is not set
CONFIG_GOOGLE_FIRMWARE=y
CONFIG_GOOGLE_MEMCONSOLE_X86_LEGACY=y
-# CONFIG_EXT2_FS is not set
CONFIG_EXT4_FS=y
-CONFIG_EXT4_USE_FOR_EXT2=y
# CONFIG_DNOTIFY is not set
# CONFIG_INOTIFY_USER is not set
CONFIG_ISO9660_FS=y
@@ -218,7 +214,6 @@ CONFIG_MSDOS_FS=y
CONFIG_VFAT_FS=y
# CONFIG_PROC_SYSCTL is not set
# CONFIG_PROC_PAGE_MONITOR is not set
-CONFIG_TMPFS=y
# CONFIG_MISC_FILESYSTEMS is not set
CONFIG_NLS_DEFAULT="utf8"
CONFIG_NLS_CODEPAGE_437=y
@@ -238,13 +233,11 @@ CONFIG_STACKTRACE=y
# CONFIG_DEBUG_BUGVERBOSE is not set
# CONFIG_RCU_TRACE is not set
# CONFIG_FTRACE is not set
-# CONFIG_STRICT_DEVMEM is not set
# CONFIG_X86_VERBOSE_BOOTUP is not set
# CONFIG_DOUBLEFAULT is not set
CONFIG_IO_DELAY_0XED=y
CONFIG_OPTIMIZE_INLINING=y
# CONFIG_X86_DEBUG_FPU is not set
-CONFIG_HARDENED_USERCOPY=y
CONFIG_CRYPTO_RSA=m
CONFIG_CRYPTO_USER=y
CONFIG_CRYPTO_MCRYPTD=m
Raw results
Before:
28192 2956 -rw-r--r-- 1 user user 3023312 May 3 12:25 ./bzImage
Now:
31097 2876 -rw-r--r-- 1 user user 2941392 May 26 10:46 ./bzImage
Gain: 81.92Kb without LTO following this blog post.
Edit: Meanwhile, trying to upgrade the kernel breaks x230-flash board support because not enough space is available under CBFS on the 4MB flash chip alone.
LTO attempt is continuing under #730. Maybe extend the use to other tools being built, let's see...
Any help welcome!
@MrChromebox @Matthew-Bradley @merge @SebastianMcMillan ?
The goal of the 3 different commits linked to this issue is to show different use cases linked to previous discussions over Slack that happened in the past days.
We take #703 pipeline as a reference where the x230-hotp-maximized build output will serve as a reference for compressed saved space between feature deactivation.
This board has has the following board config initially, from which we will deactivate features to compare gained space.
Initially, this board is fully loaded with
Here is an exerpt of used space:
"/root/project/build/coreboot-4.8.1/x230-hotp-maximized/cbfstool" "/root/project/build/coreboot-4.8.1/x230-hotp-maximized/coreboot.rom" print
Name Offset Type Size Comp
cbfs master header 0x0 cbfs header 32 none
fallback/romstage 0x80 stage 84708 none
cpu_microcode_blob.bin 0x14c00 microcode 25600 none
fallback/ramstage 0x1b080 stage 81122 none
config 0x2edc0 raw 768 none
revision 0x2f100 raw 581 none
cmos_layout.bin 0x2f380 cmos_layout 1804 none
fallback/dsdt.aml 0x2fb00 raw 13646 none
fallback/payload 0x330c0 simple elf 7191492 none
(empty) 0x70ecc0 null 4524824 none
bootblock 0xb5f800 bootblock 1968 none
Where total size of the Heads linux payload itself:
fallback/payload 0x330c0 simple elf 7191492 none
Where free room in defined CBFS region created for the coreboot rom in coreboot config for that board:
(empty) 0x70ecc0 null 4524824 none
Now let's compare.
x230-hotp-maximized: testing compressed gain from removing E1000E and DROPBEAR (User side network tools for https://github.com/osresearch/heads/issues/590) where build output:
Name Offset Type Size Comp
cbfs master header 0x0 cbfs header 32 none
fallback/romstage 0x80 stage 84708 none
cpu_microcode_blob.bin 0x14c00 microcode 25600 none
fallback/ramstage 0x1b080 stage 81123 none
config 0x2edc0 raw 768 none
revision 0x2f100 raw 581 none
cmos_layout.bin 0x2f380 cmos_layout 1804 none
fallback/dsdt.aml 0x2fb00 raw 13646 none
fallback/payload 0x330c0 simple elf 7028676 none
(empty) 0x6e70c0 null 4687640 none
bootblock 0xb5f800 bootblock 1968 none
x230-hotp-maximized: reverting network tools deactivation. Testing compressed gain from removing FBwhiptail support(Deactivating CAIRO and FBWHIPTAIL) and switching to SLANG and NEWT for console only output without fancyness for https://github.com/osresearch/heads/issues/590) where build output:
Name Offset Type Size Comp
cbfs master header 0x0 cbfs header 32 none
fallback/romstage 0x80 stage 84708 none
cpu_microcode_blob.bin 0x14c00 microcode 25600 none
fallback/ramstage 0x1b080 stage 81122 none
config 0x2edc0 raw 768 none
revision 0x2f100 raw 581 none
cmos_layout.bin 0x2f380 cmos_layout 1804 none
fallback/dsdt.aml 0x2fb00 raw 13646 none
fallback/payload 0x330c0 simple elf 6910916 none
(empty) 0x6ca4c0 null 4805400 none
bootblock 0xb5f800 bootblock 1968 none
x230-hotp-maximized: Testing compressed gain from removing Whiptail altogether and switching back to generic-init for https://github.com/osresearch/heads/issues/590) where build output:
cbfs master header 0x0 cbfs header 32 none
fallback/romstage 0x80 stage 84708 none
cpu_microcode_blob.bin 0x14c00 microcode 25600 none
fallback/ramstage 0x1b080 stage 81110 none
config 0x2edc0 raw 768 none
revision 0x2f100 raw 581 none
cmos_layout.bin 0x2f380 cmos_layout 1804 none
fallback/dsdt.aml 0x2fb00 raw 13646 none
fallback/payload 0x330c0 simple elf 6588868 none
(empty) 0x67bac0 null 5127448 none
bootblock 0xb5f800 bootblock 1968 none
For comparison available in CI, the current X230-hotp-verification board, with E1000E and DROPBEAR already deactivated in tree build's log:
cbfs master header 0x0 cbfs header 32 none
fallback/romstage 0x80 stage 84708 none
cpu_microcode_blob.bin 0x14c00 microcode 25600 none
fallback/ramstage 0x1b080 stage 81111 none
config 0x2edc0 raw 570 none
revision 0x2f040 raw 581 none
cmos_layout.bin 0x2f2c0 cmos_layout 1804 none
fallback/dsdt.aml 0x2fa40 raw 13646 none
fallback/payload 0x33000 simple elf 6860228 none
(empty) 0x6bde00 null 137688 none
bootblock 0x6df800 bootblock 1968 none
As we can see from past reffered commit failing CI build failing log
E: Could not add [../../build/x230/bzImage, 7015364 bytes (6850 KB)@0x0]; too big?
E: Failed to add '../../build/x230/bzImage' into ROM image.
E: Failed while operating on 'COREBOOT' region!
E: The image will be left unmodified.
make[1]: *** [Makefile.inc:920: x230/coreboot.pre] Error 1
make[1]: Leaving directory '/root/project/build/coreboot-4.8.1'
tail /root/project/build/log/coreboot.log
-----
CBFS revision
x230/util/cbfstool/cbfstool x230/coreboot.pre.tmp add -f ./x230/build.h -n revision -t raw -r COREBOOT
printf " CBFS cmos.default\n"
CBFS cmos.default
x230/util/cbfstool/cbfstool x230/coreboot.pre.tmp add -f x230/mainboard/lenovo/x230/cbfs-file.I1T2KJ.out -n cmos.default -t cmos_default -r COREBOOT
printf " CBFS cmos_layout.bin\n"
CBFS cmos_layout.bin
x230/util/cbfstool/cbfstool x230/coreboot.pre.tmp add -f x230/cmos_layout.bin -n cmos_layout.bin -t cmos_layout -r COREBOOT
printf " CBFS fallback/dsdt.aml\n"
CBFS fallback/dsdt.aml
x230/util/cbfstool/cbfstool x230/coreboot.pre.tmp add -f x230/dsdt.aml -n fallback/dsdt.aml -t raw -c none -r COREBOOT
printf " CBFS fallback/payload\n"
CBFS fallback/payload
x230/util/cbfstool/cbfstool x230/coreboot.pre.tmp add-payload -f ../../build/x230/bzImage -n fallback/payload -c none -r COREBOOT -C "intel_iommu=igfx_off quiet" -I "../../build/x230/initrd.cpio.xz"
E: Could not add [../../build/x230/bzImage, 7015364 bytes (6850 KB)@0x0]; too big?
E: Failed to add '../../build/x230/bzImage' into ROM image.
E: Failed while operating on 'COREBOOT' region!
E: The image will be left unmodified.
make[1]: *** [Makefile.inc:920: x230/coreboot.pre] Error 1
Where the x230 coreboot config specifies the maximal usable space without neutering ME of CONFIG_CBFS_SIZE=0x700000
.
Let's note that x220 and x220/t420 current configs sets that limit to CONFIG_CBFS_SIZE=0x750000
which implies external ME neutering, where the x230 is not.
Should we change that?
@flammit @Thrilleratplay
@tlaurion so basically we'd be splitting the xx20/30 boards into two versions:
1) stock IFD / BIOS region size - reduced capability, no networking, UI, etc 2) 'max' versions which assume modified IFD, cleaned/shrunk ME, etc - full capability
@tlaurion If you are only asking if the current xx20 CONFIG_CBFS_SIZE
should be set to stock for these boards, I am not sure. This is roughly 3Mb. Is this enough for even the most striped down version of Heads? Maybe only have the xx20 maximum versions?
Also note, that these boards are not supported by 1vyrain and would have needed to have been flashed externally initially.
@tlaurion so basically we'd be splitting the xx20/30 boards into two versions:
1. stock IFD / BIOS region size - reduced capability, no networking, UI, etc
Well, the x230 board config is already reducing its functionalities to fit in stock BIOS region. So yes, no more DROPBEAR nor E1000E as of right now. That baseline was made to have x230-hotp-verification board, which could compile only from x230 version + HOTP.
I'm just letting eveyone know the challenges, and choices that are ahead of us in specializing boards with current force functionnalities since we rely on GPG for key generation, that GNU toolstack is huge and I wasn't able to reduce it further more. The same logic applied with FBWHIPTAIL and its WHIPTAIL equivalents for servers, as detailed in previous posts. I just thought that those extracted binaries in first posts were irrelevant for comparison, since what matters is their compressed sizes.
2. 'max' versions which assume modified IFD, cleaned/shrunk ME, etc - full capability
Correct.
@tlaurion If you are only asking if the current xx20
CONFIG_CBFS_SIZE
should be set to stock for these boards, I am not sure. This is roughly 3Mb. Is this enough for even the most striped down version of Heads? Maybe only have the xx20 maximum versions?Also note, that these boards are not supported by 1vyrain and would have needed to have been flashed externally initially.
Right. Forgot about that, but original ROM version was really small for x220 stock. We can imply that xx20 users are already well aware of those restrictions. Funny enough, the x230 base board limits to 7mb where x220 limits to 7.5mb. Consequently, the base boards (xx20 xx30) already differ in base functionalities. Like I said on slack to @flammit which proposed to maintain minimal boards, I will focus on adding functionalities and will stray away of the base boards which will probably soon enough requir features to be removed further more, or adjusted to have users do decisions they cannot do, or all those answers. We are drifting from having Heads accessible, which i'm strongly against.
As I raised the flag a while ago, it is really difficult to maintain mutliple versions and different toolstacks. More people are welcome, but we need to face the reality that new OSes install with LUKS2 which require new version of cryptsetup part of #893, which will result soon enough into cryptsetup2 module, which will require maximized versions. Or.... users, once again, technical and knowledgeable enough, to make aware choices of going into manual mode when partitionning hteir drives to force (forced kickstart at install or equivalent???) to force LUKS1 encrypted partition, or choose an older kernel or coreboot version to keep their xx20/board board... instead of moving to the -maximized
ones. We are asking people (I'm in the consumer field) to do decisions they cannot do because they are not understanding those low levels choices. I think it is silly, I already answer 20+ questions a day and diagnosed, troubleshooted, documented and explained a lot of time (#897 #815 and others...) the joys of having the user play with different stock bios versions, not following instructions, bricking their devices, not following upgrade paths... I just want fwupd for everyone. And that requires CI builds for boards. And that requires blobs. And that requires space for developers to want to contribute... I'm tired of the same viscious circles and need a way out. -maximized
boards are my way out. You can choose maintainership if you want and you would be more then welcome! :)
Note also that the stalled #709 wil lalso required available space. So there will be a need to minimize the base boards and a choice to continue supporting those from community members. Otherwise, as @flammit said, we wil lbe able to bring back gpg1 still in modules and require users to generate their 4096 bits keys outside and import their public key inside of heads, modify the scripts to valide which version of modules is used etc.... Which means more maintainserhip, not less, on which I do not personally agree from lack of time already.
So this opens the debate on where to go from now for the base boards and who will take the lead into pursuing space reduction or feature reduction when CI builds will start to fail. My only option at that point will be to remove those boards from CI.
@tlaurion Something that needs to be defined is "what is included in the stock builds"?. For the sake of argument, lets say Heads is stripped down to just a Linux payload. No encryption functionality, no e1000, module, no dropbear, no fbwhiptail, and maybe no flashrom. Basically, drops to a shell and the user would run a kexec command to boot from the hard drive or usb or whatever. Would Heads fit within the 3Mb? If so, how close because if I remember correctly, the Linux 5.x kernel is larger. With such a limited space, what is the possible longevity of this build if the most fundamental part of Heads will not fit?
Would the stock builds be the same for xx20 and xx30 boards given the significant difference in available space? I would suspect yes, so a break down of features added to each build would need to be added to the documentation.
The flip side to these questions are "what can be remove?". How basic can Heads become and still be considered Heads? While the idea of removing all of the security functionality may sound ludicrous to you, it was something I was going thinking about building for myself. I miss the days when you flip a switch on a VIC20 and get a prompt almost instantly; security wouldn't be moved to the BIOS, it would not be user friendly, but turning on my computer and getting a prompt in 2 seconds sounds damn sexy to me. However, this would no longer be Heads at this point. So a line in the sand must be drawn saying that Heads must include certain functionality to be called Heads if the hardware supports it. Heads for a X200 does not need to include TPM functionality as the device doesn't support it.
To give concrete details to this discussion, all you would need to do is disable the UI bits and that gives you enough space for everything else (including cryptsetup2 and gpg2) to fit into a 6.4M payload which fits for standard x230 and ME-shrunked x220 (seems like the only route for that hardware) and 600k of free space to play with on an x230. (Note: there are other combinations of configs that work as well if you consider gpg1).
If that's not a trade off that is acceptable to you as the x230 hardware owner (no luck for x220 yet), there's a perfectly reasonable alternative by installing the "max" version.
Just based on my quick tests past last hour, I think if you clean up the kernel config to remove the networking bits (not relevant for laptop boot), you can also fit in the UI bits with at least 300k of space for user config. It's tight but it doesn't seem like there's really a problem.
Then again if there's a need for even more space for future features/modules, it can be accommodated in the "max" version.
Just based on my quick tests past last hour, I think if you clean up the kernel config to remove the networking bits (not relevant for laptop boot), you can also fit in the UI bits with at least 300k of space for user config. It's tight but it doesn't seem like there's really a problem.
Then again if there's a need for even more space for future features/modules, it can be accommodated in the "max" version.
@flammit: please revive https://github.com/osresearch/heads/issues/564, that was investigated with some effort in the past and for which conclusions are the original post:
remove networking ( #564 ), with corresponding PR attempt to remove networking with cleanup ( #572 ) while cryptsetup seemed to depend on CONFIG_NET and some explicit crypto modules in the past ( #79 ), while putting CONFIG_LINUX_E1000E=n in board config liberates 295688 bytes. @merge : Is that enough?
@tlaurion Something that needs to be defined is "what is included in the stock builds"?. For the sake of argument, lets say Heads is stripped down to just a Linux payload. No encryption functionality, no e1000, module, no dropbear, no fbwhiptail, and maybe no flashrom. Basically, drops to a shell and the user would run a kexec command to boot from the hard drive or usb or whatever. Would Heads fit within the 3Mb? If so, how close because if I remember correctly, the Linux 5.x kernel is larger. With such a limited space, what is the possible longevity of this build if the most fundamental part of Heads will not fit?
Would the stock builds be the same for xx20 and xx30 boards given the significant difference in available space? I would suspect yes, so a break down of features added to each build would need to be added to the documentation.
The flip side to these questions are "what can be remove?". How basic can Heads become and still be considered Heads? While the idea of removing all of the security functionality may sound ludicrous to you, it was something I was going thinking about building for myself. I miss the days when you flip a switch on a VIC20 and get a prompt almost instantly; security wouldn't be moved to the BIOS, it would not be user friendly, but turning on my computer and getting a prompt in 2 seconds sounds damn sexy to me. However, this would no longer be Heads at this point. So a line in the sand must be drawn saying that Heads must include certain functionality to be called Heads if the hardware supports it. Heads for a X200 does not need to include TPM functionality as the device doesn't support it.
I invite you @flammit @Thrilleratplay both to jump into #818. (sooner then later this time :) )
I think the simplest from now on, to check for x220 space limitations, is to follow xx30 boards already in CI, which informs us quite quickly of the compressed CBFS space still available.
For example, busybox 1.32 inclusion PR ( #900 ) CI's x230 board build informs us that:
"/root/project/build/coreboot-4.8.1/x230/cbfstool" "/root/project/build/coreboot-4.8.1/x230/coreboot.rom" print
Name Offset Type Size Comp
cbfs master header 0x0 cbfs header 32 none
fallback/romstage 0x80 stage 85188 none
cpu_microcode_blob.bin 0x14dc0 microcode 25600 none
fallback/ramstage 0x1b240 stage 81881 none
config 0x2f280 raw 589 none
revision 0x2f540 raw 581 none
cmos.default 0x2f7c0 cmos_default 256 none
cmos_layout.bin 0x2f900 cmos_layout 1804 none
fallback/dsdt.aml 0x30080 raw 13646 none
fallback/payload 0x33640 simple elf 6863812 none
(empty) 0x6bf240 null 131480 none
bootblock 0x6df400 bootblock 3000 none
From this point of time, Heads payload consumes 6863812
and leaves us 131480
to play with, after which the CBFS region of 7mb will be filled. This is interesting to follow and could be used as a deprecation warning and need of changes, since the xx20 has 7.5mb to play with, and will tolerate more changes before failing (and is not under CI for regression validation and ROM production at each merged commit).
Where last master commit CircleCI build of x230 board:
touch /root/project/build/coreboot-4.8.1/x230/.build
"/root/project/build/coreboot-4.8.1/x230/cbfstool" "/root/project/build/coreboot-4.8.1/x230/coreboot.rom" print
Name Offset Type Size Comp
cbfs master header 0x0 cbfs header 32 none
fallback/romstage 0x80 stage 85188 none
cpu_microcode_blob.bin 0x14dc0 microcode 25600 none
fallback/ramstage 0x1b240 stage 81876 none
config 0x2f280 raw 589 none
revision 0x2f540 raw 581 none
cmos.default 0x2f7c0 cmos_default 256 none
cmos_layout.bin 0x2f900 cmos_layout 1804 none
fallback/dsdt.aml 0x30080 raw 13646 none
fallback/payload 0x33640 simple elf 6851524 none
(empty) 0x6bc240 null 143768 none
bootblock 0x6df400 bootblock 3000 none
2020-12-03 22:12:25+00:00 INSTALL build/coreboot-4.8.1/x230/coreboot.rom => build/x230/heads-x230-v0.2.0-972-g671522e.rom
So a change from 6851524 -> 6863812 in consumed compressed space. Coherent reduction of free space being 143768 -> 131480 being useable.
TL;DR: when x230 board will start to fail building in CI, this will be the sign that some modules will need to be removed even more and modules, specialized, or when users will need to consider moving away of basic boards to their maximized counterpart.
Apologies is this is patently obvious but isn't the most obvious thing to do is to set the -Os flag in gcc? Currently the Makefiles all use the -O2 flag. Using GPG2 as my test, I manually patched all the generated Makefiles using
find . | grep "Makefile" | grep -v "Makefile." | xargs sed -i 's/O2/Os/g'
and running make, which yielded about 15% space reduction in the gpg2 binary and about 5% in the scdaemon and 5% in gpg-agent. Is there some limitation (breaking reproducibility? just really hard to patch the makefiles?) preventhing this?
find . | grep "Makefile" | grep -v "Makefile." | xargs sed -i 's/O2/Os/g'
@aesrentai excellent insight! Yes, this would require creation of patches under patches/* to patch all related Makefiles after decompresion of the archives and prior of compilation.
On reproducibility, as far as I know, since musl-cross-make is used to create the final binaries, it should be a magic gain without impact. Note that kernel modules are stripped prior of being injected into modules.cpio and prior en compression of that cpio into modules.cpio.xz
Do you have a PoC of this?
Quick test i'm doing locally right now:
make BOARD=t430-hotp-verification modules.clean
find . | grep "Makefile" | grep -v "Makefile." | xargs sed -i 's/O2/Os/g'
make BOARD=t430-hotp-verification
Before:
FMAP REGION: COREBOOT
Name Offset Type Size Comp
cbfs master header 0x0 cbfs header 32 none
fallback/romstage 0x80 stage 87948 none
fallback/ramstage 0x15880 stage 99973 none
config 0x2df40 raw 684 none
revision 0x2e240 raw 690 none
fallback/dsdt.aml 0x2e540 raw 14609 none
cmos.default 0x31ec0 cmos_default 256 none
vbt.bin 0x32000 raw 1409 LZMA (4459 decompressed)
cmos_layout.bin 0x325c0 cmos_layout 1980 none
fallback/postcar 0x32dc0 stage 27288 none
fallback/payload 0x398c0 simple elf 6854599 none
(empty) 0x6c30c0 null 117976 none
bootblock 0x6dfdc0 bootblock 65536 none
After:
FMAP REGION: COREBOOT
Name Offset Type Size Comp
cbfs master header 0x0 cbfs header 32 none
fallback/romstage 0x80 stage 87948 none
fallback/ramstage 0x15880 stage 99973 none
config 0x2df40 raw 684 none
revision 0x2e240 raw 690 none
fallback/dsdt.aml 0x2e540 raw 14609 none
cmos.default 0x31ec0 cmos_default 256 none
vbt.bin 0x32000 raw 1409 LZMA (4459 decompressed)
cmos_layout.bin 0x325c0 cmos_layout 1980 none
fallback/postcar 0x32dc0 stage 27288 none
fallback/payload 0x398c0 simple elf 6839751 none
(empty) 0x6bf6c0 null 132824 none
bootblock 0x6dfdc0 bootblock 65536 none
With:
user@heads-tests:~/heads/build/x230-hotp-maximized$ git diff
diff --git a/modules/cairo b/modules/cairo
index 647ed2ca..217137c0 100644
--- a/modules/cairo
+++ b/modules/cairo
@@ -8,7 +8,7 @@ cairo_hash := 8c90f00c500b2299c0a323dd9beead2a00353752b2092ead558139bd67f7bf16
cairo_configure := \
$(CROSS_TOOLS) \
- CFLAGS="-DCAIRO_NO_MUTEX=1 -O3" \
+ CFLAGS="-DCAIRO_NO_MUTEX=1 -O2" \
./configure \
--host i386-elf-linux \
--prefix="/" \
Before:
3434539 740 -rwx------ 1 user user 757232 Feb 21 16:48 ./lib/libcairo.so.2
After:
284396 740 -rwx------ 1 user user 757232 Feb 21 17:08 ./lib/libcairo.so.2
diff --git a/modules/pixman b/modules/pixman
index 65a2e200..b8202672 100644
--- a/modules/pixman
+++ b/modules/pixman
@@ -8,6 +8,7 @@ pixman_hash := 21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3997aa20a88e
pixman_configure := \
$(CROSS_TOOLS) \
+ CFLAGS="-O2" \
./configure \
--host i386-elf-linux \
--prefix="/" \
Before:
3434550 652 -rwx------ 1 user user 666216 Feb 21 16:48 ./lib/libpixman-1.so.0
After:
284407 652 -rwx------ 1 user user 666216 Feb 21 17:08 ./lib/libpixman-1.so.0
diff --git a/modules/cairo b/modules/cairo
index 647ed2ca..7fc92331 100644
--- a/modules/cairo
+++ b/modules/cairo
@@ -8,7 +8,7 @@ cairo_hash := 8c90f00c500b2299c0a323dd9beead2a00353752b2092ead558139bd67f7bf16
cairo_configure := \
$(CROSS_TOOLS) \
- CFLAGS="-DCAIRO_NO_MUTEX=1 -O3" \
+ CFLAGS="-DCAIRO_NO_MUTEX=1 -Os" \
./configure \
--host i386-elf-linux \
--prefix="/" \
diff --git a/modules/libpng b/modules/libpng
index e5c3d718..8debbda4 100644
--- a/modules/libpng
+++ b/modules/libpng
@@ -8,6 +8,7 @@ libpng_hash := 574623a4901a9969080ab4a2df9437026c8a87150dfd5c235e28c94b212964a7
libpng_configure := \
$(CROSS_TOOLS) \
+ CFLAGS="-Os" \
./configure \
--host i386-elf-linux \
--prefix="/" \
diff --git a/modules/pixman b/modules/pixman
index 65a2e200..e7ec1bd8 100644
--- a/modules/pixman
+++ b/modules/pixman
@@ -8,6 +8,7 @@ pixman_hash := 21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3997aa20a88e
pixman_configure := \
$(CROSS_TOOLS) \
+ CFLAGS="-Os" \
./configure \
--host i386-elf-linux \
--prefix="/" \
diff --git a/modules/tpmtotp b/modules/tpmtotp
index 433df8ce..1ce561d0 100644
--- a/modules/tpmtotp
+++ b/modules/tpmtotp
@@ -13,7 +13,7 @@ tpmtotp_hash := 1082f2b0e4af833e04220dddedcc21a39eb39ee4dc5668bb010e7bcc795c606c
tpmtotp_target := \
$(CROSS_TOOLS) \
- CFLAGS="-I$(INSTALL)/include" \
+ CFLAGS="-I$(INSTALL)/include -Os" \
LDFLAGS="-L$(INSTALL)/lib" \
tpmtotp_output := \
diff --git a/modules/zlib b/modules/zlib
index dbdb44e3..b1d2adf5 100644
--- a/modules/zlib
+++ b/modules/zlib
@@ -9,6 +9,7 @@ zlib_hash := c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1
zlib_configure := \
$(CROSS_TOOLS) \
+ CFLAGS="-Os" \
./configure \
--prefix="/" \
xz -d initrd.cpio.xz ; for i in initrd.cpio modules.cpio tools.cpio heads.cpio; do cpio -i < $i; done && find . -type f -ls | sort -r -n -k7 |grep -v cpio
Before :
3434331 12288 -rw-r--r-- 1 user user 12582912 Feb 21 12:56 ./heads-x230-hotp-maximized-v0.2.1.bis2-35-g3fabfa20-dirty.rom
3434335 8192 -rw-r--r-- 1 user user 8388608 Feb 21 12:56 ./heads-x230-hotp-maximized-v0.2.1.bis2-35-g3fabfa20-dirty-bottom.rom
3424621 8192 -rw-r--r-- 1 user user 8388608 Feb 17 12:34 ./heads-x230-hotp-maximized-v0.2.1.bis2-32-g9fd9c0d4-dirty-bottom.rom
3434336 4096 -rw-r--r-- 1 user user 4194304 Feb 21 12:56 ./heads-x230-hotp-maximized-v0.2.1.bis2-35-g3fabfa20-dirty-top.rom
3424622 4096 -rw-r--r-- 1 user user 4194304 Feb 17 12:34 ./heads-x230-hotp-maximized-v0.2.1.bis2-32-g9fd9c0d4-dirty-top.rom
3423309 2956 -rw-r--r-- 1 user user 3023312 Feb 21 12:41 ./bzImage
3434095 1592 -rwx------ 1 user user 1627856 Feb 21 16:48 ./bin/lvm
3434542 1136 -rwx------ 1 user user 1160520 Feb 21 16:48 ./lib/libgcrypt.so.20
3434052 896 -rwx------ 1 user user 915328 Feb 21 16:48 ./bin/gpg
3434539 740 -rwx------ 1 user user 757232 Feb 21 16:48 ./lib/libcairo.so.2
3434550 652 -rwx------ 1 user user 666216 Feb 21 16:48 ./lib/libpixman-1.so.0
3434538 584 -rwx------ 1 user user 596544 Feb 21 16:48 ./lib/libc.so
3434046 568 -rwx------ 1 user user 580568 Feb 21 16:48 ./bin/flashrom
3434010 496 -rwx------ 1 user user 507776 Feb 21 16:48 ./bin/busybox
3434540 456 -rwx------ 1 user user 464560 Feb 21 16:48 ./lib/libcryptsetup.so.12
3434455 408 -rwx------ 1 user user 416040 Feb 21 16:48 ./bin/scdaemon
3434053 372 -rwx------ 1 user user 380120 Feb 21 16:48 ./bin/gpg-agent
3434554 332 -rwx------ 1 user user 339304 Feb 21 16:48 ./lib/libtpm.so
3434541 328 -rwx------ 1 user user 333240 Feb 21 16:48 ./lib/libdevmapper.so.1.02
3434546 320 -rwx------ 1 user user 325104 Feb 21 16:48 ./lib/libmbedcrypto.so.0
3434559 300 -rw------- 1 user user 304272 Feb 21 16:48 ./lib/modules/e1000e.ko
3434537 268 -rwx------ 1 user user 271040 Feb 21 16:48 ./lib/libblkid.so.1
3434545 252 -rwx------ 1 user user 256376 Feb 21 16:48 ./lib/libksba.so.8
3434551 204 -rwx------ 1 user user 207912 Feb 21 16:48 ./lib/libpng16.so.16
3434034 184 -rwx------ 1 user user 184824 Feb 21 16:48 ./bin/dropbear
3434473 176 -rwx------ 1 user user 176408 Feb 21 16:48 ./bin/ssh
3434071 168 -rwx------ 1 user user 170984 Feb 21 16:48 ./bin/kexec
3434563 160 -rw------- 1 user user 159840 Feb 21 16:48 ./lib/modules/xhci-hcd.ko
3434033 136 -rwx------ 1 user user 137464 Feb 21 16:48 ./bin/dmsetup
3434562 132 -rw------- 1 user user 132360 Feb 21 16:48 ./lib/modules/usb-storage.ko
3434543 128 -rwx------ 1 user user 130000 Feb 21 16:48 ./lib/libgpg-error.so.0
3434489 124 -rwx------ 1 user user 126584 Feb 21 16:48 ./bin/tpm
3434023 116 -rwx------ 1 user user 115192 Feb 21 16:48 ./bin/cryptsetup
3434558 108 -rwx------ 1 user user 108832 Feb 21 16:48 ./lib/libz.so.1
3434556 96 -rwx------ 1 user user 96896 Feb 21 16:48 ./lib/libusb-1.0.so.0
3434024 88 -rwx------ 1 user user 87968 Feb 21 16:48 ./bin/cryptsetup-reencrypt
3434544 80 -rwx------ 1 user user 81024 Feb 21 16:48 ./lib/libjson-c.so.5
3434536 76 -rwx------ 1 user user 76736 Feb 21 16:48 ./lib/libassuan.so.0
3434092 72 -rwx------ 1 user user 73600 Feb 21 16:48 ./bin/lspci
3434560 64 -rw------- 1 user user 64800 Feb 21 16:48 ./lib/modules/ehci-hcd.ko
3434549 52 -rwx------ 1 user user 52272 Feb 21 16:48 ./lib/libpci.so.3.5.4
3434548 52 -rwx------ 1 user user 52272 Feb 21 16:48 ./lib/libpci.so.3
3434116 52 -rwx------ 1 user user 52200 Feb 21 16:48 ./bin/pinentry-tty
3434042 52 -rwx------ 1 user user 51616 Feb 21 16:48 ./bin/fbwhiptail
3434552 48 -rwx------ 1 user user 48088 Feb 21 16:48 ./lib/libpopt.so.0
3434553 48 -rwx------ 1 user user 47448 Feb 21 16:48 ./lib/libqrencode.so.3
3434506 48 -rwx------ 1 user user 45264 Feb 21 16:48 ./bin/veritysetup
3434068 32 -rwx------ 1 user user 29944 Feb 21 16:48 ./bin/hotp_verification
3434523 28 -rw------- 1 user user 27936 Feb 21 16:48 ./etc/distro/keys/tails.key
3434016 28 -rwx------ 1 user user 27048 Feb 21 16:48 ./bin/cbmem
3434456 24 -rwx------ 1 user user 22664 Feb 21 16:48 ./bin/scp
3434048 24 -rwx------ 1 user user 22432 Feb 21 16:48 ./bin/flashtool
3434555 20 -rwx------ 1 user user 18464 Feb 21 16:48 ./lib/libusb-0.1.so.4
3434058 20 -rwx------ 1 user user 18412 Feb 21 16:48 ./bin/gui-init
3434014 20 -rwx------ 1 user user 18352 Feb 21 16:48 ./bin/cbfs
3434494 20 -rwx------ 1 user user 18320 Feb 21 16:48 ./bin/uefi
3434110 16 -rwx------ 1 user user 15960 Feb 21 16:48 ./bin/oem-factory-reset
3434557 16 -rwx------ 1 user user 14656 Feb 21 16:48 ./lib/libuuid.so.1
3434547 16 -rwx------ 1 user user 14552 Feb 21 16:48 ./lib/libnpth.so.0
3434444 16 -rwx------ 1 user user 14200 Feb 21 16:48 ./bin/poke
3434520 12 -rw------- 1 user user 10955 Feb 21 16:48 ./etc/distro/keys/fedora.key
3434561 12 -rw------- 1 user user 10728 Feb 21 16:48 ./lib/modules/ehci-pci.ko
3434564 12 -rw------- 1 user user 10568 Feb 21 16:48 ./lib/modules/xhci-pci.ko
3423306 12 -rw-r--r-- 1 user user 10159 Feb 21 12:56 ./hashes.txt
3434113 12 -rwx------ 1 user user 10096 Feb 21 16:48 ./bin/peek
3434005 12 -rwx------ 1 user user 10088 Feb 21 16:48 ./bin/base32
3434487 12 -rwx------ 1 user user 10048 Feb 21 16:48 ./bin/totp
3434066 12 -rwx------ 1 user user 10024 Feb 21 16:48 ./bin/hotp
3434080 12 -rwx------ 1 user user 9891 Feb 21 16:48 ./bin/kexec-select-boot
3434054 12 -rwx------ 1 user user 9003 Feb 21 16:48 ./bin/gpg-gui.sh
3434525 12 -rwx------ 1 user user 8388 Feb 21 16:48 ./etc/functions
3434449 8 -rwx------ 1 user user 5912 Feb 21 16:48 ./bin/qrenc
3434045 8 -rwx------ 1 user user 5268 Feb 21 16:48 ./bin/flash.sh
3434020 8 -rwx------ 1 user user 5030 Feb 21 16:48 ./bin/config-gui.sh
3434079 8 -rwx------ 1 user user 4195 Feb 21 16:48 ./bin/kexec-seal-key
3434533 4 -rwx------ 1 user user 3891 Feb 21 16:48 ./init
3434076 4 -rwx------ 1 user user 3785 Feb 21 16:48 ./bin/kexec-parse-boot
3434103 4 -rwx------ 1 user user 3510 Feb 21 16:48 ./bin/mount-usb
3434077 4 -rwx------ 1 user user 3408 Feb 21 16:48 ./bin/kexec-save-default
3434457 4 -rwx------ 1 user user 3381 Feb 21 16:48 ./bin/seal-hotpkey
3434072 4 -rwx------ 1 user user 3118 Feb 21 16:48 ./bin/kexec-boot
3434522 4 -rw------- 1 user user 3078 Feb 21 16:48 ./etc/distro/keys/qubes-testing.key
3434044 4 -rwx------ 1 user user 2557 Feb 21 16:48 ./bin/flash-gui.sh
3434073 4 -rwx------ 1 user user 2344 Feb 21 16:48 ./bin/kexec-insert-key
3434504 4 -rwx------ 1 user user 2101 Feb 21 16:48 ./bin/usb-scan
3434075 4 -rwx------ 1 user user 2059 Feb 21 16:48 ./bin/kexec-parse-bls
3434458 4 -rwx------ 1 user user 2026 Feb 21 16:48 ./bin/seal-totp
3434081 4 -rwx------ 1 user user 1909 Feb 21 16:48 ./bin/kexec-sign-config
3434527 4 -rwx------ 1 user user 1888 Feb 21 16:48 ./etc/gui_functions
3434499 4 -rwx------ 1 user user 1838 Feb 21 16:48 ./bin/unseal-hotp
3434519 4 -rw------- 1 user user 1725 Feb 21 16:48 ./etc/distro/keys/archlinux.key
3434078 4 -rwx------ 1 user user 1677 Feb 21 16:48 ./bin/kexec-save-key
3434521 4 -rw------- 1 user user 1629 Feb 21 16:48 ./etc/distro/keys/qubes-4.key
3434074 4 -rwx------ 1 user user 1430 Feb 21 16:48 ./bin/kexec-iso-init
3434565 4 -rwx------ 1 user user 1373 Feb 21 16:48 ./mount-boot
3434050 4 -rwx------ 1 user user 1299 Feb 21 16:48 ./bin/generic-init
3421973 4 -rw------- 1 user user 1247 Feb 21 16:48 ./.ash_history
3434106 4 -rwx------ 1 user user 1244 Feb 21 16:48 ./bin/network-init-recovery
3434067 4 -rwx------ 1 user user 1087 Feb 21 16:48 ./bin/hotp_initialize
3434082 4 -rwx------ 1 user user 1044 Feb 21 16:48 ./bin/kexec-unseal-key
2641524 4 -rwx------ 1 user user 1000 Feb 21 16:48 ./sbin/insmod
2641513 4 -rwx------ 1 user user 922 Feb 21 16:48 ./sbin/config-dhcp.sh
3434015 4 -rwx------ 1 user user 799 Feb 21 16:48 ./bin/cbfs-init
3434083 4 -rwx------ 1 user user 770 Feb 21 16:48 ./bin/key-init
3434490 4 -rwx------ 1 user user 694 Feb 21 16:48 ./bin/tpm-reset
3434495 4 -rwx------ 1 user user 661 Feb 21 16:48 ./bin/uefi-init
3434500 4 -rwx------ 1 user user 634 Feb 21 16:48 ./bin/unseal-totp
3434518 4 -rw------- 1 user user 625 Feb 21 16:48 ./etc/config
3434512 4 -rwx------ 1 user user 574 Feb 21 16:48 ./bin/x230-flash.init
3434479 4 -rwx------ 1 user user 574 Feb 21 16:48 ./bin/t430-flash.init
3434450 4 -rwx------ 1 user user 538 Feb 21 16:48 ./bin/qubes-measure-luks
3434047 4 -rwx------ 1 user user 360 Feb 21 16:48 ./bin/flashrom-kgpe-d16-openbmc.sh
3434510 4 -rwx------ 1 user user 320 Feb 21 16:48 ./bin/wget-measure.sh
3434451 4 -rwx------ 1 user user 258 Feb 21 16:48 ./bin/reboot
3434503 4 -rwx------ 1 user user 220 Feb 21 16:48 ./bin/usb-init
3434445 4 -rwx------ 1 user user 205 Feb 21 16:48 ./bin/poweroff
3434524 4 -rw------- 1 user user 197 Feb 21 16:48 ./etc/fstab
3434529 4 -rw------- 1 user user 174 Feb 21 16:48 ./etc/motd
3434055 4 -rwx------ 1 user user 106 Feb 21 16:48 ./bin/gpgv
3433998 4 -rw------- 1 user user 73 Feb 21 16:48 ./.gnupg/gpg-agent.conf
3434511 4 -rwx------ 1 user user 35 Feb 21 16:48 ./bin/whiptail
3434532 4 -rw------- 1 user user 27 Feb 21 16:48 ./etc/shells
3434531 4 -rw------- 1 user user 27 Feb 21 16:48 ./etc/passwd
3434528 4 -rw------- 1 user user 20 Feb 21 16:48 ./etc/hosts
3434526 4 -rw------- 1 user user 10 Feb 21 16:48 ./etc/group
3433999 4 -rw------- 1 user user 10 Feb 21 16:48 ./.gnupg/gpg.conf
666243 0 -rw------- 1 user user 0 Feb 21 16:48 ./run/cryptsetup/.placeholder
After:
281273 12288 -rw-r--r-- 1 user user 12582912 Feb 21 17:53 ./heads-x230-hotp-maximized-v0.2.1.bis2-31-g0670bcd1-dirty.rom
281274 8192 -rw-r--r-- 1 user user 8388608 Feb 21 17:53 ./heads-x230-hotp-maximized-v0.2.1.bis2-31-g0670bcd1-dirty-bottom.rom
281275 4096 -rw-r--r-- 1 user user 4194304 Feb 21 17:53 ./heads-x230-hotp-maximized-v0.2.1.bis2-31-g0670bcd1-dirty-top.rom
281230 2956 -rw-r--r-- 1 user user 3023312 Feb 21 17:49 ./bzImage
281372 1592 -rwx------ 1 user user 1627856 Feb 21 17:56 ./bin/lvm
281498 1136 -rwx------ 1 user user 1160520 Feb 21 17:56 ./lib/libgcrypt.so.20
281329 896 -rwx------ 1 user user 915328 Feb 21 17:56 ./bin/gpg
281494 584 -rwx------ 1 user user 596544 Feb 21 17:56 ./lib/libc.so
281323 568 -rwx------ 1 user user 580568 Feb 21 17:56 ./bin/flashrom
281506 560 -rwx------ 1 user user 572016 Feb 21 17:56 ./lib/libpixman-1.so.0
281287 496 -rwx------ 1 user user 507776 Feb 21 17:56 ./bin/busybox
281495 480 -rwx------ 1 user user 491024 Feb 21 17:56 ./lib/libcairo.so.2
281496 456 -rwx------ 1 user user 464560 Feb 21 17:56 ./lib/libcryptsetup.so.12
281407 408 -rwx------ 1 user user 416040 Feb 21 17:56 ./bin/scdaemon
281330 372 -rwx------ 1 user user 380120 Feb 21 17:56 ./bin/gpg-agent
281497 328 -rwx------ 1 user user 333240 Feb 21 17:56 ./lib/libdevmapper.so.1.02
281502 320 -rwx------ 1 user user 325104 Feb 21 17:56 ./lib/libmbedcrypto.so.0
281510 308 -rwx------ 1 user user 314728 Feb 21 17:56 ./lib/libtpm.so
400850 300 -rw------- 1 user user 304272 Feb 21 17:56 ./lib/modules/e1000e.ko
281493 268 -rwx------ 1 user user 271040 Feb 21 17:56 ./lib/libblkid.so.1
281501 252 -rwx------ 1 user user 256376 Feb 21 17:56 ./lib/libksba.so.8
281311 184 -rwx------ 1 user user 184824 Feb 21 17:56 ./bin/dropbear
281425 176 -rwx------ 1 user user 176408 Feb 21 17:56 ./bin/ssh
281507 168 -rwx------ 1 user user 171032 Feb 21 17:56 ./lib/libpng16.so.16
281348 168 -rwx------ 1 user user 170984 Feb 21 17:56 ./bin/kexec
400854 160 -rw------- 1 user user 159840 Feb 21 17:56 ./lib/modules/xhci-hcd.ko
281310 136 -rwx------ 1 user user 137464 Feb 21 17:56 ./bin/dmsetup
400853 132 -rw------- 1 user user 132360 Feb 21 17:56 ./lib/modules/usb-storage.ko
281499 128 -rwx------ 1 user user 130000 Feb 21 17:56 ./lib/libgpg-error.so.0
281441 116 -rwx------ 1 user user 118392 Feb 21 17:56 ./bin/tpm
281300 116 -rwx------ 1 user user 115192 Feb 21 17:56 ./bin/cryptsetup
281512 96 -rwx------ 1 user user 96896 Feb 21 17:56 ./lib/libusb-1.0.so.0
281301 88 -rwx------ 1 user user 87968 Feb 21 17:56 ./bin/cryptsetup-reencrypt
281500 80 -rwx------ 1 user user 81024 Feb 21 17:56 ./lib/libjson-c.so.5
281492 76 -rwx------ 1 user user 76736 Feb 21 17:56 ./lib/libassuan.so.0
281514 76 -rwx------ 1 user user 76040 Feb 21 17:56 ./lib/libz.so.1
281369 72 -rwx------ 1 user user 73600 Feb 21 17:56 ./bin/lspci
400851 64 -rw------- 1 user user 64800 Feb 21 17:56 ./lib/modules/ehci-hcd.ko
281505 52 -rwx------ 1 user user 52272 Feb 21 17:56 ./lib/libpci.so.3.5.4
281504 52 -rwx------ 1 user user 52272 Feb 21 17:56 ./lib/libpci.so.3
281393 52 -rwx------ 1 user user 52200 Feb 21 17:56 ./bin/pinentry-tty
281319 52 -rwx------ 1 user user 51616 Feb 21 17:56 ./bin/fbwhiptail
281508 48 -rwx------ 1 user user 48088 Feb 21 17:56 ./lib/libpopt.so.0
281509 48 -rwx------ 1 user user 47448 Feb 21 17:56 ./lib/libqrencode.so.3
281458 48 -rwx------ 1 user user 45264 Feb 21 17:56 ./bin/veritysetup
281345 32 -rwx------ 1 user user 29944 Feb 21 17:56 ./bin/hotp_verification
281478 28 -rw------- 1 user user 27936 Feb 21 17:56 ./etc/distro/keys/tails.key
281293 28 -rwx------ 1 user user 27048 Feb 21 17:56 ./bin/cbmem
281408 24 -rwx------ 1 user user 22664 Feb 21 17:56 ./bin/scp
281325 24 -rwx------ 1 user user 22432 Feb 21 17:56 ./bin/flashtool
281511 20 -rwx------ 1 user user 18464 Feb 21 17:56 ./lib/libusb-0.1.so.4
281335 20 -rwx------ 1 user user 18412 Feb 21 17:56 ./bin/gui-init
281291 20 -rwx------ 1 user user 18352 Feb 21 17:56 ./bin/cbfs
281446 20 -rwx------ 1 user user 18320 Feb 21 17:56 ./bin/uefi
281387 16 -rwx------ 1 user user 15960 Feb 21 17:56 ./bin/oem-factory-reset
281513 16 -rwx------ 1 user user 14656 Feb 21 17:56 ./lib/libuuid.so.1
281503 16 -rwx------ 1 user user 14552 Feb 21 17:56 ./lib/libnpth.so.0
281396 16 -rwx------ 1 user user 14200 Feb 21 17:56 ./bin/poke
281475 12 -rw------- 1 user user 10955 Feb 21 17:56 ./etc/distro/keys/fedora.key
281229 12 -rw-r--r-- 1 user user 10865 Feb 21 17:53 ./hashes.txt
400852 12 -rw------- 1 user user 10728 Feb 21 17:56 ./lib/modules/ehci-pci.ko
400855 12 -rw------- 1 user user 10568 Feb 21 17:56 ./lib/modules/xhci-pci.ko
281390 12 -rwx------ 1 user user 10096 Feb 21 17:56 ./bin/peek
281439 12 -rwx------ 1 user user 10032 Feb 21 17:56 ./bin/totp
281357 12 -rwx------ 1 user user 9891 Feb 21 17:56 ./bin/kexec-select-boot
281331 12 -rwx------ 1 user user 9003 Feb 21 17:56 ./bin/gpg-gui.sh
281480 12 -rwx------ 1 user user 8388 Feb 21 17:56 ./etc/functions
281343 8 -rwx------ 1 user user 5912 Feb 21 17:56 ./bin/hotp
281282 8 -rwx------ 1 user user 5912 Feb 21 17:56 ./bin/base32
281401 8 -rwx------ 1 user user 5904 Feb 21 17:56 ./bin/qrenc
281322 8 -rwx------ 1 user user 5268 Feb 21 17:56 ./bin/flash.sh
281297 8 -rwx------ 1 user user 5030 Feb 21 17:56 ./bin/config-gui.sh
281356 8 -rwx------ 1 user user 4195 Feb 21 17:56 ./bin/kexec-seal-key
281488 4 -rwx------ 1 user user 3891 Feb 21 17:56 ./init
281353 4 -rwx------ 1 user user 3680 Feb 21 17:56 ./bin/kexec-parse-boot
281380 4 -rwx------ 1 user user 3510 Feb 21 17:56 ./bin/mount-usb
281354 4 -rwx------ 1 user user 3408 Feb 21 17:56 ./bin/kexec-save-default
281409 4 -rwx------ 1 user user 3381 Feb 21 17:56 ./bin/seal-hotpkey
281349 4 -rwx------ 1 user user 3118 Feb 21 17:56 ./bin/kexec-boot
281477 4 -rw------- 1 user user 3078 Feb 21 17:56 ./etc/distro/keys/qubes-testing.key
281321 4 -rwx------ 1 user user 2557 Feb 21 17:56 ./bin/flash-gui.sh
281350 4 -rwx------ 1 user user 2344 Feb 21 17:56 ./bin/kexec-insert-key
281456 4 -rwx------ 1 user user 2101 Feb 21 17:56 ./bin/usb-scan
281352 4 -rwx------ 1 user user 2059 Feb 21 17:56 ./bin/kexec-parse-bls
281410 4 -rwx------ 1 user user 2026 Feb 21 17:56 ./bin/seal-totp
281358 4 -rwx------ 1 user user 1909 Feb 21 17:56 ./bin/kexec-sign-config
281482 4 -rwx------ 1 user user 1888 Feb 21 17:56 ./etc/gui_functions
281451 4 -rwx------ 1 user user 1838 Feb 21 17:56 ./bin/unseal-hotp
281516 4 -rw-r--r-- 1 user user 1767 Feb 21 17:57 ./listchange
281355 4 -rwx------ 1 user user 1677 Feb 21 17:56 ./bin/kexec-save-key
281476 4 -rw------- 1 user user 1629 Feb 21 17:56 ./etc/distro/keys/qubes-4.key
281351 4 -rwx------ 1 user user 1375 Feb 21 17:56 ./bin/kexec-iso-init
281515 4 -rwx------ 1 user user 1373 Feb 21 17:56 ./mount-boot
281327 4 -rwx------ 1 user user 1299 Feb 21 17:56 ./bin/generic-init
284045 4 -rw------- 1 user user 1247 Feb 21 17:08 ./.ash_history
281383 4 -rwx------ 1 user user 1244 Feb 21 17:56 ./bin/network-init-recovery
281344 4 -rwx------ 1 user user 1087 Feb 21 17:56 ./bin/hotp_initialize
281359 4 -rwx------ 1 user user 1044 Feb 21 17:56 ./bin/kexec-unseal-key
1084916 4 -rwx------ 1 user user 1000 Feb 21 17:56 ./sbin/insmod
1084905 4 -rwx------ 1 user user 922 Feb 21 17:56 ./sbin/config-dhcp.sh
281292 4 -rwx------ 1 user user 799 Feb 21 17:56 ./bin/cbfs-init
281360 4 -rwx------ 1 user user 770 Feb 21 17:56 ./bin/key-init
281442 4 -rwx------ 1 user user 694 Feb 21 17:56 ./bin/tpm-reset
281447 4 -rwx------ 1 user user 661 Feb 21 17:56 ./bin/uefi-init
281452 4 -rwx------ 1 user user 634 Feb 21 17:56 ./bin/unseal-totp
281472 4 -rw------- 1 user user 625 Feb 21 17:56 ./etc/config
281464 4 -rwx------ 1 user user 574 Feb 21 17:56 ./bin/x230-flash.init
281431 4 -rwx------ 1 user user 574 Feb 21 17:56 ./bin/t430-flash.init
281402 4 -rwx------ 1 user user 538 Feb 21 17:56 ./bin/qubes-measure-luks
281324 4 -rwx------ 1 user user 360 Feb 21 17:56 ./bin/flashrom-kgpe-d16-openbmc.sh
281462 4 -rwx------ 1 user user 320 Feb 21 17:56 ./bin/wget-measure.sh
281403 4 -rwx------ 1 user user 258 Feb 21 17:56 ./bin/reboot
281455 4 -rwx------ 1 user user 220 Feb 21 17:56 ./bin/usb-init
281397 4 -rwx------ 1 user user 205 Feb 21 17:56 ./bin/poweroff
281479 4 -rw------- 1 user user 197 Feb 21 17:56 ./etc/fstab
281484 4 -rw------- 1 user user 174 Feb 21 17:56 ./etc/motd
281332 4 -rwx------ 1 user user 106 Feb 21 17:56 ./bin/gpgv
284192 4 -rw------- 1 user user 73 Feb 21 17:08 ./.gnupg/gpg-agent.conf
281463 4 -rwx------ 1 user user 35 Feb 21 17:56 ./bin/whiptail
281487 4 -rw------- 1 user user 27 Feb 21 17:56 ./etc/shells
281486 4 -rw------- 1 user user 27 Feb 21 17:56 ./etc/passwd
281483 4 -rw------- 1 user user 20 Feb 21 17:56 ./etc/hosts
284193 4 -rw------- 1 user user 10 Feb 21 17:08 ./.gnupg/gpg.conf
281481 4 -rw------- 1 user user 10 Feb 21 17:56 ./etc/group
677025 0 -rw------- 1 user user 0 Feb 21 17:56 ./run/cryptsetup/.placeholder
Ok ok.... Its useful!
diff --git a/modules/cairo b/modules/cairo
index 647ed2ca..7fc92331 100644
--- a/modules/cairo
+++ b/modules/cairo
@@ -8,7 +8,7 @@ cairo_hash := 8c90f00c500b2299c0a323dd9beead2a00353752b2092ead558139bd67f7bf16
cairo_configure := \
$(CROSS_TOOLS) \
- CFLAGS="-DCAIRO_NO_MUTEX=1 -O3" \
+ CFLAGS="-DCAIRO_NO_MUTEX=1 -Os" \
./configure \
--host i386-elf-linux \
--prefix="/" \
diff --git a/modules/cryptsetup b/modules/cryptsetup
index 4cea7f35..cddffa18 100644
--- a/modules/cryptsetup
+++ b/modules/cryptsetup
@@ -10,8 +10,10 @@ cryptsetup_hash := af2b04e8475cf40b8d9ffd97a1acfa73aa787c890430afd89804fb544d6ad
# Use an empty prefix so that the executables will not include the
# build path.
-cryptsetup_configure := ./configure \
+cryptsetup_configure := \
$(CROSS_TOOLS) \
+ CFLAGS="-Os" \
+ ./configure \
--host i386-elf-linux \
--prefix "/" \
--disable-gcrypt-pbkdf2 \
diff --git a/modules/flashrom b/modules/flashrom
index e8cecb63..aaad7325 100644
--- a/modules/flashrom
+++ b/modules/flashrom
@@ -9,6 +9,7 @@ flashrom_url := https://github.com/flashrom/flashrom/archive/$(flashrom_version)
flashrom_hash := 4873ad50f500629c244fc3fbee64b56403a82307d7f555dfa235336a200c336c
flashrom_target := \
+ CFLAGS="-Os" \
$(MAKE_JOBS) \
$(CROSS_TOOLS) \
WARNERROR=no \
diff --git a/modules/gpg b/modules/gpg
index 4d4440a1..493bf6dc 100644
--- a/modules/gpg
+++ b/modules/gpg
@@ -19,6 +19,7 @@ gpg_hash := 6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276
#
gpg_configure := ./configure \
$(CROSS_TOOLS) \
+ CFLAGS="-Os" \
--build i386-elf-linux \
--host x86_64-linux-musl \
--with-libusb="$(INSTALL)" \
diff --git a/modules/libgcrypt b/modules/libgcrypt
index 3c2e5d9a..5cf97d79 100644
--- a/modules/libgcrypt
+++ b/modules/libgcrypt
@@ -7,6 +7,7 @@ libgcrypt_hash := 0cba2700617b99fc33864a0c16b1fa7fdf9781d9ed3509f5d767178e5fd7b9
libgcrypt_configure := ./configure \
$(CROSS_TOOLS) \
+ CFLAGS="-Os" \
--host=x86_64-linux-musl \
--prefix "/" \
--disable-static \
diff --git a/modules/libgpg-error b/modules/libgpg-error
index 00bd0644..482f80f3 100644
--- a/modules/libgpg-error
+++ b/modules/libgpg-error
@@ -5,8 +5,10 @@ libgpg-error_tar := libgpg-error-$(libgpg-error_version).tar.bz2
libgpg-error_url := https://gnupg.org/ftp/gcrypt/libgpg-error/$(libgpg-error_tar)
libgpg-error_hash := b32d6ff72a73cf79797f7f2d039e95e9c6f92f0c1450215410840ab62aea9763
-libgpg-error_configure := ./configure \
+libgpg-error_configure := \
$(CROSS_TOOLS) \
+ CFLAGS="-Os" \
+ ./configure \
--prefix "/" \
--host=x86_64-linux-musl \
--disable-static \
diff --git a/modules/libpng b/modules/libpng
index e5c3d718..8debbda4 100644
--- a/modules/libpng
+++ b/modules/libpng
@@ -8,6 +8,7 @@ libpng_hash := 574623a4901a9969080ab4a2df9437026c8a87150dfd5c235e28c94b212964a7
libpng_configure := \
$(CROSS_TOOLS) \
+ CFLAGS="-Os" \
./configure \
--host i386-elf-linux \
--prefix="/" \
diff --git a/modules/lvm2 b/modules/lvm2
index e3005f1b..f6edd667 100644
--- a/modules/lvm2
+++ b/modules/lvm2
@@ -10,6 +10,7 @@ lvm2_hash := 23a3d1cddd41b3ef51812ebf83e9fa491f502fe74130d4263be327a91914660d
# so we force it via the configure cache.
lvm2_configure := \
$(CROSS_TOOLS) \
+ CFLAGS="-Os" \
PKG_CONFIG=/bin/false \
MODPROBE_CMD=/bin/false \
ac_cv_func_malloc_0_nonnull=yes \
diff --git a/modules/pixman b/modules/pixman
index 65a2e200..e7ec1bd8 100644
--- a/modules/pixman
+++ b/modules/pixman
@@ -8,6 +8,7 @@ pixman_hash := 21b6b249b51c6800dc9553b65106e1e37d0e25df942c90531d4c3997aa20a88e
pixman_configure := \
$(CROSS_TOOLS) \
+ CFLAGS="-Os" \
./configure \
--host i386-elf-linux \
--prefix="/" \
diff --git a/modules/tpmtotp b/modules/tpmtotp
index 433df8ce..1ce561d0 100644
--- a/modules/tpmtotp
+++ b/modules/tpmtotp
@@ -13,7 +13,7 @@ tpmtotp_hash := 1082f2b0e4af833e04220dddedcc21a39eb39ee4dc5668bb010e7bcc795c606c
tpmtotp_target := \
$(CROSS_TOOLS) \
- CFLAGS="-I$(INSTALL)/include" \
+ CFLAGS="-I$(INSTALL)/include -Os" \
LDFLAGS="-L$(INSTALL)/lib" \
tpmtotp_output := \
diff --git a/modules/util-linux b/modules/util-linux
index 908ff3e7..6ea85f8a 100644
--- a/modules/util-linux
+++ b/modules/util-linux
@@ -8,6 +8,7 @@ util-linux_hash := accea4d678209f97f634f40a93b7e9fcad5915d1f4749f6c47bee6bf110fe
util-linux_configure := ./configure \
$(CROSS_TOOLS) \
+ CFLAGS="-Os" \
--host i386-elf-linux \
--prefix "/" \
--oldincludedir "$(INSTALL)/include" \
diff --git a/modules/zlib b/modules/zlib
index dbdb44e3..b1d2adf5 100644
--- a/modules/zlib
+++ b/modules/zlib
@@ -9,6 +9,7 @@ zlib_hash := c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1
zlib_configure := \
$(CROSS_TOOLS) \
+ CFLAGS="-Os" \
./configure \
--prefix="/" \
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz -d initrd.cpio.xz ; for i in initrd.cpio modules.cpio tools.cpio heads.cpio; do cpio -i < $i; done && find . -type f -ls | sort -r -n -k7
Before:
3433968 12552 -rw-r--r-- 1 user user 12868096 Feb 21 12:56 ./initrd.cpio
3434331 12288 -rw-r--r-- 1 user user 12582912 Feb 21 12:56 ./heads-x230-hotp-maximized-v0.2.1.bis2-35-g3fabfa20-dirty.rom
3421972 11720 -rw-r--r-- 1 user user 11998208 Feb 21 12:42 ./tools.cpio
3434335 8192 -rw-r--r-- 1 user user 8388608 Feb 21 12:56 ./heads-x230-hotp-maximized-v0.2.1.bis2-35-g3fabfa20-dirty-bottom.rom
3424621 8192 -rw-r--r-- 1 user user 8388608 Feb 17 12:34 ./heads-x230-hotp-maximized-v0.2.1.bis2-32-g9fd9c0d4-dirty-bottom.rom
3434336 4096 -rw-r--r-- 1 user user 4194304 Feb 21 12:56 ./heads-x230-hotp-maximized-v0.2.1.bis2-35-g3fabfa20-dirty-top.rom
3424622 4096 -rw-r--r-- 1 user user 4194304 Feb 17 12:34 ./heads-x230-hotp-maximized-v0.2.1.bis2-32-g9fd9c0d4-dirty-top.rom
3423309 2956 -rw-r--r-- 1 user user 3023312 Feb 21 12:41 ./bzImage
3434095 1592 -rwx------ 1 user user 1627856 Feb 21 16:48 ./bin/lvm
3434542 1136 -rwx------ 1 user user 1160520 Feb 21 16:48 ./lib/libgcrypt.so.20
3434052 896 -rwx------ 1 user user 915328 Feb 21 16:48 ./bin/gpg
3434539 740 -rwx------ 1 user user 757232 Feb 21 16:48 ./lib/libcairo.so.2
3421971 668 -rw-r--r-- 1 user user 684032 Feb 21 12:41 ./modules.cpio
3434550 652 -rwx------ 1 user user 666216 Feb 21 16:48 ./lib/libpixman-1.so.0
3434538 584 -rwx------ 1 user user 596544 Feb 21 16:48 ./lib/libc.so
3434046 568 -rwx------ 1 user user 580568 Feb 21 16:48 ./bin/flashrom
3434010 496 -rwx------ 1 user user 507776 Feb 21 16:48 ./bin/busybox
3434540 456 -rwx------ 1 user user 464560 Feb 21 16:48 ./lib/libcryptsetup.so.12
3434455 408 -rwx------ 1 user user 416040 Feb 21 16:48 ./bin/scdaemon
3434053 372 -rwx------ 1 user user 380120 Feb 21 16:48 ./bin/gpg-agent
3434554 332 -rwx------ 1 user user 339304 Feb 21 16:48 ./lib/libtpm.so
3434541 328 -rwx------ 1 user user 333240 Feb 21 16:48 ./lib/libdevmapper.so.1.02
3434546 320 -rwx------ 1 user user 325104 Feb 21 16:48 ./lib/libmbedcrypto.so.0
3434559 300 -rw------- 1 user user 304272 Feb 21 16:48 ./lib/modules/e1000e.ko
3434537 268 -rwx------ 1 user user 271040 Feb 21 16:48 ./lib/libblkid.so.1
3434545 252 -rwx------ 1 user user 256376 Feb 21 16:48 ./lib/libksba.so.8
3434551 204 -rwx------ 1 user user 207912 Feb 21 16:48 ./lib/libpng16.so.16
3434337 184 -rw-r--r-- 1 user user 186880 Feb 21 12:56 ./heads.cpio
3434034 184 -rwx------ 1 user user 184824 Feb 21 16:48 ./bin/dropbear
3434473 176 -rwx------ 1 user user 176408 Feb 21 16:48 ./bin/ssh
3434071 168 -rwx------ 1 user user 170984 Feb 21 16:48 ./bin/kexec
3434563 160 -rw------- 1 user user 159840 Feb 21 16:48 ./lib/modules/xhci-hcd.ko
3434033 136 -rwx------ 1 user user 137464 Feb 21 16:48 ./bin/dmsetup
3434562 132 -rw------- 1 user user 132360 Feb 21 16:48 ./lib/modules/usb-storage.ko
3434543 128 -rwx------ 1 user user 130000 Feb 21 16:48 ./lib/libgpg-error.so.0
3434489 124 -rwx------ 1 user user 126584 Feb 21 16:48 ./bin/tpm
3434023 116 -rwx------ 1 user user 115192 Feb 21 16:48 ./bin/cryptsetup
3434558 108 -rwx------ 1 user user 108832 Feb 21 16:48 ./lib/libz.so.1
3434556 96 -rwx------ 1 user user 96896 Feb 21 16:48 ./lib/libusb-1.0.so.0
3434024 88 -rwx------ 1 user user 87968 Feb 21 16:48 ./bin/cryptsetup-reencrypt
3434544 80 -rwx------ 1 user user 81024 Feb 21 16:48 ./lib/libjson-c.so.5
3434536 76 -rwx------ 1 user user 76736 Feb 21 16:48 ./lib/libassuan.so.0
3434092 72 -rwx------ 1 user user 73600 Feb 21 16:48 ./bin/lspci
3434560 64 -rw------- 1 user user 64800 Feb 21 16:48 ./lib/modules/ehci-hcd.ko
3434549 52 -rwx------ 1 user user 52272 Feb 21 16:48 ./lib/libpci.so.3.5.4
3434548 52 -rwx------ 1 user user 52272 Feb 21 16:48 ./lib/libpci.so.3
3434116 52 -rwx------ 1 user user 52200 Feb 21 16:48 ./bin/pinentry-tty
3434042 52 -rwx------ 1 user user 51616 Feb 21 16:48 ./bin/fbwhiptail
3434552 48 -rwx------ 1 user user 48088 Feb 21 16:48 ./lib/libpopt.so.0
3434553 48 -rwx------ 1 user user 47448 Feb 21 16:48 ./lib/libqrencode.so.3
3434506 48 -rwx------ 1 user user 45264 Feb 21 16:48 ./bin/veritysetup
3434068 32 -rwx------ 1 user user 29944 Feb 21 16:48 ./bin/hotp_verification
3434523 28 -rw------- 1 user user 27936 Feb 21 16:48 ./etc/distro/keys/tails.key
3434016 28 -rwx------ 1 user user 27048 Feb 21 16:48 ./bin/cbmem
3434456 24 -rwx------ 1 user user 22664 Feb 21 16:48 ./bin/scp
3434048 24 -rwx------ 1 user user 22432 Feb 21 16:48 ./bin/flashtool
3434555 20 -rwx------ 1 user user 18464 Feb 21 16:48 ./lib/libusb-0.1.so.4
3434058 20 -rwx------ 1 user user 18412 Feb 21 16:48 ./bin/gui-init
3434014 20 -rwx------ 1 user user 18352 Feb 21 16:48 ./bin/cbfs
3434494 20 -rwx------ 1 user user 18320 Feb 21 16:48 ./bin/uefi
3434110 16 -rwx------ 1 user user 15960 Feb 21 16:48 ./bin/oem-factory-reset
3434557 16 -rwx------ 1 user user 14656 Feb 21 16:48 ./lib/libuuid.so.1
3434547 16 -rwx------ 1 user user 14552 Feb 21 16:48 ./lib/libnpth.so.0
3434444 16 -rwx------ 1 user user 14200 Feb 21 16:48 ./bin/poke
3434520 12 -rw------- 1 user user 10955 Feb 21 16:48 ./etc/distro/keys/fedora.key
3434561 12 -rw------- 1 user user 10728 Feb 21 16:48 ./lib/modules/ehci-pci.ko
3434564 12 -rw------- 1 user user 10568 Feb 21 16:48 ./lib/modules/xhci-pci.ko
3423306 12 -rw-r--r-- 1 user user 10159 Feb 21 12:56 ./hashes.txt
3434113 12 -rwx------ 1 user user 10096 Feb 21 16:48 ./bin/peek
3434005 12 -rwx------ 1 user user 10088 Feb 21 16:48 ./bin/base32
3434487 12 -rwx------ 1 user user 10048 Feb 21 16:48 ./bin/totp
3434066 12 -rwx------ 1 user user 10024 Feb 21 16:48 ./bin/hotp
3434080 12 -rwx------ 1 user user 9891 Feb 21 16:48 ./bin/kexec-select-boot
3434054 12 -rwx------ 1 user user 9003 Feb 21 16:48 ./bin/gpg-gui.sh
3434525 12 -rwx------ 1 user user 8388 Feb 21 16:48 ./etc/functions
3434449 8 -rwx------ 1 user user 5912 Feb 21 16:48 ./bin/qrenc
3434045 8 -rwx------ 1 user user 5268 Feb 21 16:48 ./bin/flash.sh
3434020 8 -rwx------ 1 user user 5030 Feb 21 16:48 ./bin/config-gui.sh
3434079 8 -rwx------ 1 user user 4195 Feb 21 16:48 ./bin/kexec-seal-key
3434533 4 -rwx------ 1 user user 3891 Feb 21 16:48 ./init
3434076 4 -rwx------ 1 user user 3785 Feb 21 16:48 ./bin/kexec-parse-boot
3434103 4 -rwx------ 1 user user 3510 Feb 21 16:48 ./bin/mount-usb
3434077 4 -rwx------ 1 user user 3408 Feb 21 16:48 ./bin/kexec-save-default
3434457 4 -rwx------ 1 user user 3381 Feb 21 16:48 ./bin/seal-hotpkey
3434072 4 -rwx------ 1 user user 3118 Feb 21 16:48 ./bin/kexec-boot
3434522 4 -rw------- 1 user user 3078 Feb 21 16:48 ./etc/distro/keys/qubes-testing.key
3434044 4 -rwx------ 1 user user 2557 Feb 21 16:48 ./bin/flash-gui.sh
3434073 4 -rwx------ 1 user user 2344 Feb 21 16:48 ./bin/kexec-insert-key
3434504 4 -rwx------ 1 user user 2101 Feb 21 16:48 ./bin/usb-scan
3434075 4 -rwx------ 1 user user 2059 Feb 21 16:48 ./bin/kexec-parse-bls
3434458 4 -rwx------ 1 user user 2026 Feb 21 16:48 ./bin/seal-totp
3434081 4 -rwx------ 1 user user 1909 Feb 21 16:48 ./bin/kexec-sign-config
3434527 4 -rwx------ 1 user user 1888 Feb 21 16:48 ./etc/gui_functions
3434499 4 -rwx------ 1 user user 1838 Feb 21 16:48 ./bin/unseal-hotp
3434519 4 -rw------- 1 user user 1725 Feb 21 16:48 ./etc/distro/keys/archlinux.key
3434078 4 -rwx------ 1 user user 1677 Feb 21 16:48 ./bin/kexec-save-key
3434521 4 -rw------- 1 user user 1629 Feb 21 16:48 ./etc/distro/keys/qubes-4.key
3434074 4 -rwx------ 1 user user 1430 Feb 21 16:48 ./bin/kexec-iso-init
3434565 4 -rwx------ 1 user user 1373 Feb 21 16:48 ./mount-boot
3434050 4 -rwx------ 1 user user 1299 Feb 21 16:48 ./bin/generic-init
3421973 4 -rw------- 1 user user 1247 Feb 21 16:48 ./.ash_history
3434106 4 -rwx------ 1 user user 1244 Feb 21 16:48 ./bin/network-init-recovery
3434067 4 -rwx------ 1 user user 1087 Feb 21 16:48 ./bin/hotp_initialize
3434082 4 -rwx------ 1 user user 1044 Feb 21 16:48 ./bin/kexec-unseal-key
2641524 4 -rwx------ 1 user user 1000 Feb 21 16:48 ./sbin/insmod
2641513 4 -rwx------ 1 user user 922 Feb 21 16:48 ./sbin/config-dhcp.sh
3434015 4 -rwx------ 1 user user 799 Feb 21 16:48 ./bin/cbfs-init
3434083 4 -rwx------ 1 user user 770 Feb 21 16:48 ./bin/key-init
3434490 4 -rwx------ 1 user user 694 Feb 21 16:48 ./bin/tpm-reset
3434495 4 -rwx------ 1 user user 661 Feb 21 16:48 ./bin/uefi-init
3434500 4 -rwx------ 1 user user 634 Feb 21 16:48 ./bin/unseal-totp
3434518 4 -rw------- 1 user user 625 Feb 21 16:48 ./etc/config
3434512 4 -rwx------ 1 user user 574 Feb 21 16:48 ./bin/x230-flash.init
3434479 4 -rwx------ 1 user user 574 Feb 21 16:48 ./bin/t430-flash.init
3434450 4 -rwx------ 1 user user 538 Feb 21 16:48 ./bin/qubes-measure-luks
3434047 4 -rwx------ 1 user user 360 Feb 21 16:48 ./bin/flashrom-kgpe-d16-openbmc.sh
3434510 4 -rwx------ 1 user user 320 Feb 21 16:48 ./bin/wget-measure.sh
3434451 4 -rwx------ 1 user user 258 Feb 21 16:48 ./bin/reboot
3434503 4 -rwx------ 1 user user 220 Feb 21 16:48 ./bin/usb-init
3434445 4 -rwx------ 1 user user 205 Feb 21 16:48 ./bin/poweroff
3434524 4 -rw------- 1 user user 197 Feb 21 16:48 ./etc/fstab
3434529 4 -rw------- 1 user user 174 Feb 21 16:48 ./etc/motd
3434055 4 -rwx------ 1 user user 106 Feb 21 16:48 ./bin/gpgv
3433998 4 -rw------- 1 user user 73 Feb 21 16:48 ./.gnupg/gpg-agent.conf
3434511 4 -rwx------ 1 user user 35 Feb 21 16:48 ./bin/whiptail
3434532 4 -rw------- 1 user user 27 Feb 21 16:48 ./etc/shells
3434531 4 -rw------- 1 user user 27 Feb 21 16:48 ./etc/passwd
3434528 4 -rw------- 1 user user 20 Feb 21 16:48 ./etc/hosts
3434526 4 -rw------- 1 user user 10 Feb 21 16:48 ./etc/group
3433999 4 -rw------- 1 user user 10 Feb 21 16:48 ./.gnupg/gpg.conf
666243 0 -rw------- 1 user user 0 Feb 21 16:48 ./run/cryptsetup/.placeholder
After:
281354 12288 -rw-r--r-- 1 user user 12582912 Feb 21 18:19 ./heads-x230-hotp-maximized-v0.2.1.bis2-31-g0670bcd1-dirty.rom
281287 11676 -rw-r--r-- 1 user user 11969536 Feb 21 18:15 ./initrd.cpio
281351 10844 -rw-r--r-- 1 user user 11101184 Feb 21 18:14 ./tools.cpio
281355 8192 -rw-r--r-- 1 user user 8388608 Feb 21 18:19 ./heads-x230-hotp-maximized-v0.2.1.bis2-31-g0670bcd1-dirty-bottom.rom
281356 4096 -rw-r--r-- 1 user user 4194304 Feb 21 18:19 ./heads-x230-hotp-maximized-v0.2.1.bis2-31-g0670bcd1-dirty-top.rom
281229 2956 -rw-r--r-- 1 user user 3023312 Feb 21 18:08 ./bzImage
281398 1384 -rwx------ 1 user user 1414928 Feb 21 18:19 ./bin/lvm
281523 1032 -rwx------ 1 user user 1054216 Feb 21 18:19 ./lib/libgcrypt.so.20
281342 896 -rwx------ 1 user user 915328 Feb 21 18:19 ./bin/gpg
281230 668 -rw-r--r-- 1 user user 684032 Feb 21 18:08 ./modules.cpio
281519 584 -rwx------ 1 user user 596544 Feb 21 18:19 ./lib/libc.so
281336 568 -rwx------ 1 user user 580568 Feb 21 18:19 ./bin/flashrom
281531 560 -rwx------ 1 user user 572016 Feb 21 18:19 ./lib/libpixman-1.so.0
281299 496 -rwx------ 1 user user 507776 Feb 21 18:19 ./bin/busybox
281520 480 -rwx------ 1 user user 491024 Feb 21 18:19 ./lib/libcairo.so.2
281521 456 -rwx------ 1 user user 464560 Feb 21 18:19 ./lib/libcryptsetup.so.12
281433 408 -rwx------ 1 user user 416040 Feb 21 18:19 ./bin/scdaemon
281353 372 -rwx------ 1 user user 380120 Feb 21 18:19 ./bin/gpg-agent
281527 320 -rwx------ 1 user user 325104 Feb 21 18:19 ./lib/libmbedcrypto.so.0
281535 308 -rwx------ 1 user user 314728 Feb 21 18:19 ./lib/libtpm.so
281345 300 -rw------- 1 user user 304272 Feb 21 18:13 ./lib/modules/e1000e.ko
281522 280 -rwx------ 1 user user 284184 Feb 21 18:19 ./lib/libdevmapper.so.1.02
281526 252 -rwx------ 1 user user 256376 Feb 21 18:19 ./lib/libksba.so.8
281518 248 -rwx------ 1 user user 250528 Feb 21 18:19 ./lib/libblkid.so.1
281352 184 -rw-r--r-- 1 user user 184832 Feb 21 18:14 ./heads.cpio
281324 184 -rwx------ 1 user user 184824 Feb 21 18:19 ./bin/dropbear
281451 176 -rwx------ 1 user user 176408 Feb 21 18:19 ./bin/ssh
281532 168 -rwx------ 1 user user 171032 Feb 21 18:19 ./lib/libpng16.so.16
281374 168 -rwx------ 1 user user 170984 Feb 21 18:19 ./bin/kexec
281349 160 -rw------- 1 user user 159840 Feb 21 18:13 ./lib/modules/xhci-hcd.ko
281348 132 -rw------- 1 user user 132360 Feb 21 18:13 ./lib/modules/usb-storage.ko
281323 120 -rwx------ 1 user user 121080 Feb 21 18:19 ./bin/dmsetup
281467 116 -rwx------ 1 user user 118392 Feb 21 18:19 ./bin/tpm
281313 116 -rwx------ 1 user user 115192 Feb 21 18:19 ./bin/cryptsetup
281524 108 -rwx------ 1 user user 109520 Feb 21 18:19 ./lib/libgpg-error.so.0
281537 96 -rwx------ 1 user user 96896 Feb 21 18:19 ./lib/libusb-1.0.so.0
281314 88 -rwx------ 1 user user 87968 Feb 21 18:19 ./bin/cryptsetup-reencrypt
281525 80 -rwx------ 1 user user 81024 Feb 21 18:19 ./lib/libjson-c.so.5
281517 76 -rwx------ 1 user user 76736 Feb 21 18:19 ./lib/libassuan.so.0
281539 76 -rwx------ 1 user user 76040 Feb 21 18:19 ./lib/libz.so.1
281395 72 -rwx------ 1 user user 73600 Feb 21 18:19 ./bin/lspci
281346 64 -rw------- 1 user user 64800 Feb 21 18:13 ./lib/modules/ehci-hcd.ko
281530 52 -rwx------ 1 user user 52272 Feb 21 18:19 ./lib/libpci.so.3.5.4
281529 52 -rwx------ 1 user user 52272 Feb 21 18:19 ./lib/libpci.so.3
281419 52 -rwx------ 1 user user 52200 Feb 21 18:19 ./bin/pinentry-tty
281332 52 -rwx------ 1 user user 51616 Feb 21 18:19 ./bin/fbwhiptail
281533 48 -rwx------ 1 user user 48088 Feb 21 18:19 ./lib/libpopt.so.0
281534 48 -rwx------ 1 user user 47448 Feb 21 18:19 ./lib/libqrencode.so.3
281484 48 -rwx------ 1 user user 45264 Feb 21 18:19 ./bin/veritysetup
281371 32 -rwx------ 1 user user 29944 Feb 21 18:19 ./bin/hotp_verification
281504 28 -rw------- 1 user user 27936 Feb 21 18:19 ./etc/distro/keys/tails.key
281305 28 -rwx------ 1 user user 27048 Feb 21 18:19 ./bin/cbmem
281434 24 -rwx------ 1 user user 22664 Feb 21 18:19 ./bin/scp
281338 24 -rwx------ 1 user user 22432 Feb 21 18:19 ./bin/flashtool
281536 20 -rwx------ 1 user user 18464 Feb 21 18:19 ./lib/libusb-0.1.so.4
281361 20 -rwx------ 1 user user 18412 Feb 21 18:19 ./bin/gui-init
281303 20 -rwx------ 1 user user 18352 Feb 21 18:19 ./bin/cbfs
281472 20 -rwx------ 1 user user 18320 Feb 21 18:19 ./bin/uefi
281413 16 -rwx------ 1 user user 15960 Feb 21 18:19 ./bin/oem-factory-reset
281538 16 -rwx------ 1 user user 14656 Feb 21 18:19 ./lib/libuuid.so.1
281528 16 -rwx------ 1 user user 14552 Feb 21 18:19 ./lib/libnpth.so.0
281422 16 -rwx------ 1 user user 14200 Feb 21 18:19 ./bin/poke
281501 12 -rw------- 1 user user 10955 Feb 21 18:19 ./etc/distro/keys/fedora.key
281347 12 -rw------- 1 user user 10728 Feb 21 18:13 ./lib/modules/ehci-pci.ko
281350 12 -rw------- 1 user user 10568 Feb 21 18:13 ./lib/modules/xhci-pci.ko
281416 12 -rwx------ 1 user user 10096 Feb 21 18:19 ./bin/peek
281465 12 -rwx------ 1 user user 10032 Feb 21 18:19 ./bin/totp
280171 12 -rw-r--r-- 1 user user 9954 Feb 21 18:19 ./hashes.txt
281383 12 -rwx------ 1 user user 9891 Feb 21 18:19 ./bin/kexec-select-boot
281357 12 -rwx------ 1 user user 9003 Feb 21 18:19 ./bin/gpg-gui.sh
281506 12 -rwx------ 1 user user 8388 Feb 21 18:19 ./etc/functions
281369 8 -rwx------ 1 user user 5912 Feb 21 18:19 ./bin/hotp
281294 8 -rwx------ 1 user user 5912 Feb 21 18:19 ./bin/base32
281427 8 -rwx------ 1 user user 5904 Feb 21 18:19 ./bin/qrenc
281335 8 -rwx------ 1 user user 5268 Feb 21 18:19 ./bin/flash.sh
281309 8 -rwx------ 1 user user 5030 Feb 21 18:19 ./bin/config-gui.sh
281382 8 -rwx------ 1 user user 4195 Feb 21 18:19 ./bin/kexec-seal-key
281514 4 -rwx------ 1 user user 3891 Feb 21 18:19 ./init
281379 4 -rwx------ 1 user user 3680 Feb 21 18:19 ./bin/kexec-parse-boot
281406 4 -rwx------ 1 user user 3510 Feb 21 18:19 ./bin/mount-usb
281380 4 -rwx------ 1 user user 3408 Feb 21 18:19 ./bin/kexec-save-default
281435 4 -rwx------ 1 user user 3381 Feb 21 18:19 ./bin/seal-hotpkey
281375 4 -rwx------ 1 user user 3118 Feb 21 18:19 ./bin/kexec-boot
281503 4 -rw------- 1 user user 3078 Feb 21 18:19 ./etc/distro/keys/qubes-testing.key
281334 4 -rwx------ 1 user user 2557 Feb 21 18:19 ./bin/flash-gui.sh
281376 4 -rwx------ 1 user user 2344 Feb 21 18:19 ./bin/kexec-insert-key
281482 4 -rwx------ 1 user user 2101 Feb 21 18:19 ./bin/usb-scan
281378 4 -rwx------ 1 user user 2059 Feb 21 18:19 ./bin/kexec-parse-bls
281436 4 -rwx------ 1 user user 2026 Feb 21 18:19 ./bin/seal-totp
281384 4 -rwx------ 1 user user 1909 Feb 21 18:19 ./bin/kexec-sign-config
281508 4 -rwx------ 1 user user 1888 Feb 21 18:19 ./etc/gui_functions
281477 4 -rwx------ 1 user user 1838 Feb 21 18:19 ./bin/unseal-hotp
281381 4 -rwx------ 1 user user 1677 Feb 21 18:19 ./bin/kexec-save-key
281502 4 -rw------- 1 user user 1629 Feb 21 18:19 ./etc/distro/keys/qubes-4.key
281377 4 -rwx------ 1 user user 1375 Feb 21 18:19 ./bin/kexec-iso-init
281540 4 -rwx------ 1 user user 1373 Feb 21 18:19 ./mount-boot
281340 4 -rwx------ 1 user user 1299 Feb 21 18:19 ./bin/generic-init
284045 4 -rw------- 1 user user 1247 Feb 21 17:08 ./.ash_history
281409 4 -rwx------ 1 user user 1244 Feb 21 18:19 ./bin/network-init-recovery
281370 4 -rwx------ 1 user user 1087 Feb 21 18:19 ./bin/hotp_initialize
281385 4 -rwx------ 1 user user 1044 Feb 21 18:19 ./bin/kexec-unseal-key
281560 4 -rwx------ 1 user user 1000 Feb 21 18:19 ./sbin/insmod
281549 4 -rwx------ 1 user user 922 Feb 21 18:19 ./sbin/config-dhcp.sh
281304 4 -rwx------ 1 user user 799 Feb 21 18:19 ./bin/cbfs-init
281386 4 -rwx------ 1 user user 770 Feb 21 18:19 ./bin/key-init
281468 4 -rwx------ 1 user user 694 Feb 21 18:19 ./bin/tpm-reset
281473 4 -rwx------ 1 user user 661 Feb 21 18:19 ./bin/uefi-init
281478 4 -rwx------ 1 user user 634 Feb 21 18:19 ./bin/unseal-totp
281498 4 -rw------- 1 user user 625 Feb 21 18:19 ./etc/config
281490 4 -rwx------ 1 user user 574 Feb 21 18:19 ./bin/x230-flash.init
281457 4 -rwx------ 1 user user 574 Feb 21 18:19 ./bin/t430-flash.init
281428 4 -rwx------ 1 user user 538 Feb 21 18:19 ./bin/qubes-measure-luks
281337 4 -rwx------ 1 user user 360 Feb 21 18:19 ./bin/flashrom-kgpe-d16-openbmc.sh
281488 4 -rwx------ 1 user user 320 Feb 21 18:19 ./bin/wget-measure.sh
281429 4 -rwx------ 1 user user 258 Feb 21 18:19 ./bin/reboot
281481 4 -rwx------ 1 user user 220 Feb 21 18:19 ./bin/usb-init
281423 4 -rwx------ 1 user user 205 Feb 21 18:19 ./bin/poweroff
281505 4 -rw------- 1 user user 197 Feb 21 18:19 ./etc/fstab
281510 4 -rw------- 1 user user 174 Feb 21 18:19 ./etc/motd
281358 4 -rwx------ 1 user user 106 Feb 21 18:19 ./bin/gpgv
284192 4 -rw------- 1 user user 73 Feb 21 17:08 ./.gnupg/gpg-agent.conf
281489 4 -rwx------ 1 user user 35 Feb 21 18:19 ./bin/whiptail
281513 4 -rw------- 1 user user 27 Feb 21 18:19 ./etc/shells
281512 4 -rw------- 1 user user 27 Feb 21 18:19 ./etc/passwd
281509 4 -rw------- 1 user user 20 Feb 21 18:19 ./etc/hosts
284193 4 -rw------- 1 user user 10 Feb 21 17:08 ./.gnupg/gpg.conf
281507 4 -rw------- 1 user user 10 Feb 21 18:19 ./etc/group
281543 0 -rw------- 1 user user 0 Feb 21 18:19 ./run/cryptsetup/.placeholder
Before a3b058de:
FMAP REGION: COREBOOT
Name Offset Type Size Comp
cbfs master header 0x0 cbfs header 32 none
fallback/romstage 0x80 stage 85100 none
cpu_microcode_blob.bin 0x14d80 microcode 26624 none
fallback/ramstage 0x1b600 stage 97721 none
config 0x33400 raw 790 none
revision 0x33780 raw 695 none
fallback/dsdt.aml 0x33a80 raw 14615 none
vbt.bin 0x37400 raw 1433 LZMA (4281 decompressed)
cmos_layout.bin 0x37a00 cmos_layout 1884 none
fallback/postcar 0x381c0 stage 25816 none
fallback/payload 0x3e700 simple elf 7305159 none
(empty) 0x735f00 null 4365976 none
bootblock 0xb5fdc0 bootblock 65536 none
After da3e653:
FMAP REGION: COREBOOT
Name Offset Type Size Comp
cbfs master header 0x0 cbfs header 32 none
fallback/romstage 0x80 stage 85100 none
cpu_microcode_blob.bin 0x14d80 microcode 26624 none
fallback/ramstage 0x1b600 stage 97723 none
config 0x33400 raw 790 none
revision 0x33780 raw 695 none
fallback/dsdt.aml 0x33a80 raw 14615 none
vbt.bin 0x37400 raw 1433 LZMA (4281 decompressed)
cmos_layout.bin 0x37a00 cmos_layout 1884 none
fallback/postcar 0x381c0 stage 25816 none
fallback/payload 0x3e700 simple elf 7013831 none
(empty) 0x6eed00 null 4657304 none
bootblock 0xb5fdc0 bootblock 65536 none
So free space has increased by 4657304 - 4365976 = 291328 bytes. Not bad
Combined, they free 5148824 - 4360856 787968 bytes (0.7mb)
If anybody can guide into tuning even more, please be my guest.
try tcc. you mentioned in the other thread about musl, but tcc is a great c compiler that can produce (usually) smaller binaries (especially when compressed) than gcc or clang, even with -Os etc used.
where gcc is used, try using link-time optimization
also, busybox isn't the smallest posix userland... look at chimera linux, some of freebsd's tools are smaller than busybox's, e.g. freebsd sh is 12k sloc, busybox sh is about 19k last i checked
i've been working on and off porting openbsd userland to linux+musl and stripping it down, their code is even more efficient than freebsd's and often (with features stripped to match busybox) can result in lower amount of code
with bsd-based userland you could probably shave off quite a bit of space used in cbfs. i hope to have something to show later in the year.
(chimera is a linux distro with freebsd userland, they recently ported sh)
(also tcc is pretty much a drop-in on most codebases, i rarely see it b0rk and most of the time it really does beat gcc/clang: e.g. binary that is 18k from gcc, in tcc i can get that down to 12k easy. you can pretty much just modify your makefile for a project to use tcc, or do e.g. make CC=tcc and see what works)
tcc is great and i really recommend using it. even if you don't use it for every program, using it will probably save you quite a bit of space in cbfs
oh also, try bearssl tls library if you haven't already. super super duper small tls lib, alpine is considering using it in their distro
you can mix and match binaries built with tcc or gcc
you could try integrating tcc into your build system, for your portable cross compiler setup that you described earlier. i didn't know heads had that!
i should clarify that tcc produces small binaries, not fast binaries. for speed you want gcc, it's the best one (clang is about as good too). but yeah you want small bins. try tcc!
@githubisnonfree interesting hints.
Yes, @osresearch chose musl-cross then changed it to musl-cross-make as a cross compiler. Enabling LTO was not concluding on my side but things improved a lot there.
Problem as of now is to go back to reproducible builds, totp tool is build against mbetls and everything is linked against musl-cross-make compiled libc.
We could reevaluated the choices here, but opened PRs for passing O3 O2 to Os freed 700kb, while cleaning Linux configurations (which are already minimalist) in another PR freed another 400kb.
With 1mb additional space across all boards using board configured modules, those are the first things to test, which requires t430/w530/x220/t420/t530 board owners which all depend on the shared linux-x230* configurations.
But you got my attention on busybox which is not bash compliant. Busybox is dash and requires people to code with posix style and prevents us to use shellcheck against code base.
I will try to find time to check that up first. But following your work, as you can see with nvmutil :)
i should clarify that tcc produces small binaries, not fast binaries. for speed you want gcc, it's the best one (clang is about as good too). but yeah you want small bins. try tcc
Thank you. Will see how it can also generalise to Power. But learned that musl musl-cross musl-cross-make was the beat path for safe, small, and generalized upon embedded world.
You have some references to share?
btw freebsd sh is also posix-only. it's basically the original bourne shell, rebourne
https://www.freebsd.org/cgi/man.cgi?query=sh&sektion=&n=1
not to be confused with csh which freebsd also has. here is sh, the posix one:
https://cgit.freebsd.org/src/tree/bin/sh
https://github.com/chimera-linux/bsdutils/commit/547ebb8dcfb0c6be55bb728732729cef86834a9a
the sh that i'm currently working on is oksh. someone already ported ksh to linux, so i didn't need to do that:
but this is about 19k same as busybox's shell, though with a ton of features. i have a hunch that if i strip down ksh it might be possible to make it smaller than freebsd sh
besides freebsd sh there's also mrsh aiming for full posix, it's slightly smaller than freebsd sh but incomplete. freebsd's is currently the best imo
as for reference, you mean a website or something?
https://en.wikipedia.org/wiki/Tiny_C_Compiler has some information and the website is https://bellard.org/tcc/ though the author himself doesn't maintain it anymoer, but you can check the mailing list, other people work on it now
by the way, the linux kernel can be compiled with tcc
as can musl, and many other things. i'm willing to bet that everything in your build system can be done with tcc
it's possible that you might maybe find a few programs that need minor patching here and there, but tcc is pretty complete. it doesn't have as robust warnings/errors as gcc though, so a thing i normally do is (with -Wall, -Wextra and -Werror set) test code with gcc and clang first, but (if size is a priority) i compile with tcc for what i put into production
in fact, one of the things people talk about with tcc is how quickly it compiles linux
that's another benefit. it only does a single pass, compiling line by line. it compiles very quickly
so in addition to reducing code size, it will reduce compile time aswell
try it. just literally modify your build system and/or musl-cross-build to use tcc. try using it as a drop-in replacement, and then see what breaks, if anything. then patch everything up and boot it, see if it works
tcc is a very competent compiler, it's much more "correct" than gcc/clang. the kind of hackiness you see in other compilers simply doesn't exist in tcc. it just compiles your code exactly as written, it doesn't mess around (no optimizer of any kind)
coreboot components probably still have to be built with coreboot crossgcc. modifying coreboot to work nicely with tcc might be nice but there's a lot of gcc-ish stuff in their codebase. but everything in your linux distro can probably be built and work nicely with tcc
xz -9e
and proper dictionary sizes both initrd.cpio.xz and linux wrapper script. Pointers under https://github.com/osresearch/heads/pull/1195#issuecomment-1218046547
Sorry about commit messages above. All were related to -9e, and aimed to see what would pass for all boards and see which changes are actually reducing both kernel and initrd compression. As of now, passing to -9e shows an increase of size, but none of previous commit were just changing to -9e, they were also changing the dictionary size. It is also to note that xz has built-ins default that normally also change the disctionary size, so blunt tests playing with extremes above (dict 1Mib and 100Mib) shows that the defaults are better then random sizes. Nothing else is proven good or wrong at this point, just that changing dict to random sizes is not helping.
Post will be edited with results when builds are done (those are clean builds if global Makefile is changed, as per master comparison which included CircleCI fix so that CircleCI can now be used to test and compare such builds and have build logs referred directly to proper lines for references). If Makefile is not touched but a patch in modules change outside of coreboot, coreboot + musl-cross-make cache will be reused, speeding up builds.
This might explain the increase of size when increasing past 1Mib of dictionary size, the computed dictionary seems to be added as well, while the actual dictionary should be at least the size of uncompressed
From https://www.kernel.org/doc/html/latest/staging/xz.html
In userspace, LZMA2 is typically used with dictionary sizes of several megabytes. The decoder needs to have the dictionary in RAM, thus big dictionaries cannot be used for files that are intended to be decoded by the kernel. 1 MiB is probably the maximum reasonable dictionary size for in-kernel use (maybe more is OK for initramfs). The presets in XZ Utils may not be optimal when creating files for the kernel, so don’t hesitate to use custom settings. Example:
xz --check=crc32 --lzma2=dict=512KiB inputfile
An exception to above dictionary size limitation is when the decoder is used in single-call mode. Decompressing the kernel itself is an example of this situation. In single-call mode, the memory usage doesn’t depend on the dictionary size, and it is perfectly fine to use a big dictionary: for maximum compression, the dictionary should be at least as big as the uncompressed data itself.
Also:
scripts/xz_wrap.sh is a wrapper for the xz command line tool found from XZ Utils. The wrapper sets compression options to values suitable for compressing the kernel image.
So:
comparison around x230-hotp-maximized's coreboot payload's (compressed initrd.cpio.xz + bzImage xz compressed size)
@githubisnonfree: So basically, those results seem to prove that since initrd content is stripped before being added into tools.cpio (libs and binaries), same for modules.cpio (kernel drivers) while heads.cpio is text scripts but negligible in size, when they are packed into initrd.cpio.xz without so much gain possible with higher compression from bzImage wrapper script, while changing dictionary and compression to -9e seems to require a higher dictionary size (adding size) which is not showing any gain, since content is already stripped and no additional gain are showing when either changing dict size nor compression mode.
Some additional tests directly on bzImage (vmlinux) locally on built linux kernel prior of compression:
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ ls -al vmlinux
-rwxr-xr-x 1 user user 21999528 Aug 2 16:18 vmlinux
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ xz --check=crc32 -9 --lzma2=dict=32MiB vmlinux
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ ls -al vmlinux.xz
-rwxr-xr-x 1 user user 3561164 Aug 2 16:18 vmlinux.xz
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ xz --decompress vmlinux.xz
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ xz --check=crc32 -9e vmlinux
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ ls -al vmlinux.xz
-rwxr-xr-x 1 user user 3556864 Aug 2 16:18 vmlinux.xz
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ xz --decompress vmlinux.xz
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ xz --check=crc32 -6 vmlinux
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ ls -al vmlinux.xz
-rwxr-xr-x 1 user user 3567516 Aug 2 16:18 vmlinux.xz
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ xz --decompress vmlinux.xz
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ xz --check=crc32 -9e --lzma2=dict=32MiB vmlinux
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ ls -al vmlinux.xz
-rwxr-xr-x 1 user user 3561164 Aug 2 16:18 vmlinux.xz
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ xz --decompress vmlinux.xz
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ xz --check=crc32 -9e --lzma2=dict=22MiB vmlinux
user@heads-tests:~/heads/build/linux-4.14.62-hardlink/linux-x230-maximized$ ls -al vmlinux.xz
-rwxr-xr-x 1 user user 3561164 Aug 2 16:18 vmlinux.xz
So here, the best compression scenario is obtained with:
Some tests on local initrd.cpio.xz, decompressed and re-compressed with different modes:
user@heads-tests:~/heads/build/x230-hotp-maximized$ ls -al initrd.cpio
-rw-r--r-- 1 user user 12856832 Aug 16 14:00 initrd.cpio
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz --check=crc32 -9 initrd.cpio
user@heads-tests:~/heads/build/x230-hotp-maximized$ ls -al initrd.cpio.xz
-rw-r--r-- 1 user user 4283464 Aug 16 14:00 initrd.cpio.xz
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz --decompress initrd.cpio.xz
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz --check=crc32 -9e initrd.cpio
user@heads-tests:~/heads/build/x230-hotp-maximized$ ls -al initrd.cpio.xz
-rw-r--r-- 1 user user 4294176 Aug 16 14:00 initrd.cpio.xz
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz --check=crc32 -9e --lzma2=dict=64MiB initrd.cpio
user@heads-tests:~/heads/build/x230-hotp-maximized$ ls -al initrd.cpio.xz
-rw-r--r-- 1 user user 4283464 Aug 16 14:00 initrd.cpio.xz
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz --decompress initrd.cpio.xz
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz --check=crc32 -9e --lzma2=dict=32MiB initrd.cpio
user@heads-tests:~/heads/build/x230-hotp-maximized$ ls -al initrd.cpio.xz
-rw-r--r-- 1 user user 4283464 Aug 16 14:00 initrd.cpio.xz
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz --decompress initrd.cpio.xz
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz --check=crc32 -9e --lzma2=dict=1MiB initrd.cpio
user@heads-tests:~/heads/build/x230-hotp-maximized$ ls -al initrd.cpio.xz
-rw-r--r-- 1 user user 4482392 Aug 16 14:00 initrd.cpio.xz
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz --decompress initrd.cpio.xz
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz --check=crc32 -9 --lzma2=dict=1MiB initrd.cpio
user@heads-tests:~/heads/build/x230-hotp-maximized$ ls -al initrd.cpio.xz
-rw-r--r-- 1 user user 4482392 Aug 16 14:00 initrd.cpio.xz
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz --check=crc32 -9 --lzma2=dict=16MiB initrd.cpio
user@heads-tests:~/heads/build/x230-hotp-maximized$ ls -al initrd.cpio.xz
-rw-r--r-- 1 user user 4283464 Aug 16 14:00 initrd.cpio.xz
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz --decompress initrd.cpio.xz
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz --check=crc32 -9e --lzma2=dict=16MiB initrd.cpio
user@heads-tests:~/heads/build/x230-hotp-maximized$ ls -al initrd.cpio.xz
-rw-r--r-- 1 user user 4283464 Aug 16 14:00 initrd.cpio.xz
So we could gain 4482392 - 4283464 = 198928 bytes (0.1897 MiB)
Baseline:
user@heads-tests:~/heads/build/x230-hotp-maximized$ xz --check=crc32 -9 --lzma2=dict=1MiB initrd.cpio
user@heads-tests:~/heads/build/x230-hotp-maximized$ ls -al initrd.cpio.xz
-rw-r--r-- 1 user user 4482392 Aug 16 14:00 initrd.cpio.xz
Best size is 4283464 which is either obtained with:
So one last test implementing:
So as of now, not sure what that -9e equivalent would be for bzImage: it is still an unknown. @githubisnonfree: review of results and advice more then welcome where fb7a132 should show result, where bzImage -9e implemented dictionary size (we would need to fixate it) is needed (now patch doesn't fixate it, which is not good for reproducibility)
I may forget about this: but if fb7a132 passes and reduce payload's size and increases coreboot's rom free space, we have a (non-completely explained) win. Once again, passed way too much time testing this and I welcome anyone jumping in this "Quest to reduce firmware size" (payload's size).
No gain compared to master: 7329735
Moving on
Hello guys/gals
There is tickets opened to:
CONFIG_LINUX_E1000E=n
in board config liberates 295688 bytes. @merge : Is that enough?The priorities should be, see below for binaries/libraries footprints:
EDIT: one liner to decompress and differenciate builds space
To help in finding consumed space, here is what I do.
find . -type f -ls | sort -r -n -k7