Hardware definition refactoring #541

mbssrc · 2024-04-03T19:25:23Z

Description of changes

This PR introduces

Refactoring of hardware definition:
- Moving hardware from common into a dedicated flake-module. This implies that hardware definition is no longer part of the VM namespace by default.
- Re-factoring generation parameter, which is now an option
Moving TPM related code to generic-x86_64 as hardware dependent module
Enabling fingerprint reader in the guivm

Checklist for things done

Testing

Tested by author:

Build + run .#lenovo-x1-carbon-gen11-debug
Builld + run .#vm-debug
Build + run .#generic-x86_64-debug (on x1)
Verified TPM stack running on x1 host
Fingerprint: (more info in commit message)
- tested enrollment (+multiple fingers)
- tested verification: sudo, systemd, and swaylock

Test instructions:

Normal build + run on all x86-based targets with functionality test
TPM: Verify that abrmd service runs on host
Fingerprint:
- In terminal, use fprintd-enroll to enroll fingerprint. Run a sudo command and systemctl restart systemd-timesyncd.service, authenticate with fingerprint. In-depth testing not required at this point, as features are missing (see commit message). Expected outcome: fingerprint enrollment works, sudo and systemctl (system) commands can be authenticated with fingerprint
- To test swaylock, enable config.ghaf.graphics.labwc.lock.enable and build, enroll fingerprint, then run swaylock (e.g., run in terminal), press Enter and use fingerprint reader to authenticate. Expected outcome: fingerprint authentication unlocks swaylock

modules/hardware/lenovo-x1/modules/fprint.nix

targets/lenovo-x1/guivmExtraModules.nix

targets/lenovo-x1/everything.nix

modules/desktop/graphics/hardware.nix

modules/hardware/lenovo-x1/definitions/default.nix

Mic92 · 2024-04-08T12:10:20Z

General approach taken here, looks good to me.

mikatammi · 2024-04-21T12:26:39Z

This is now in conflict, please rebase

- moved hardware from common to a flake-module - re-factored 'generation' as parameter to hardware definition - quick fixed network device required in desktop stack (hw definition not available in vm namespaces) - fix references to modules/common/hardware Signed-off-by: Manuel Bluhm <manuel@ssrc.tii.ae>

…t module. Signed-off-by: Manuel Bluhm <manuel@ssrc.tii.ae>

- module with qemu rules, required packages and services, and polkit/pam configs; conditionally applied to guivmExtraModules - allows ghaf user to enroll and verify fingerprints - works with swaylock, sudo, systemctl (note: swaylock needs to be enabled) - swaylock works with password w/o fingerprint, when fp is enrolled it allows either password or fp. To use fp auth, press Enter and then do fp auth Further work required: - persistent fingerprint data storage required - proper integration with login manager (when ready) - potential enrollment application - swaylock bugs have been observed (some even w/o fingerprint) Signed-off-by: Manuel Bluhm <manuel@ssrc.tii.ae>

Signed-off-by: Manuel Bluhm <manuel@ssrc.tii.ae>

barnabakos · 2024-05-06T13:10:37Z

ci-test-automation passed;
apps launch;
missing fingerprint testing instructions, though it works;
missing tpm testing instructions

barnabakos

updated test instructions look good enough

mikatammi

Test sets also run nicely 👍

mbssrc requested review from Mic92, mikatammi and brianmcgillion April 3, 2024 19:25

mbssrc temporarily deployed to internal-build-workflow April 3, 2024 19:25 — with GitHub Actions Inactive

mbssrc force-pushed the fprint branch from 58a4d9e to 0b70146 Compare April 3, 2024 19:29

mbssrc temporarily deployed to internal-build-workflow April 3, 2024 19:29 — with GitHub Actions Inactive

mbssrc force-pushed the fprint branch from 0b70146 to d0c0eea Compare April 4, 2024 17:27

mbssrc temporarily deployed to internal-build-workflow April 4, 2024 17:27 — with GitHub Actions Inactive

mbssrc temporarily deployed to internal-build-workflow April 4, 2024 17:28 — with GitHub Actions Inactive

mbssrc force-pushed the fprint branch from 94c0652 to d3455e8 Compare April 4, 2024 17:32

mbssrc temporarily deployed to internal-build-workflow April 4, 2024 17:32 — with GitHub Actions Inactive

mbssrc force-pushed the fprint branch from d3455e8 to 4061ca4 Compare April 4, 2024 17:40

mbssrc temporarily deployed to internal-build-workflow April 4, 2024 17:40 — with GitHub Actions Inactive

mbssrc force-pushed the fprint branch from 4061ca4 to 103766e Compare April 4, 2024 17:41

mbssrc temporarily deployed to internal-build-workflow April 4, 2024 17:42 — with GitHub Actions Inactive

mbssrc temporarily deployed to internal-build-workflow April 4, 2024 18:09 — with GitHub Actions Inactive

mbssrc force-pushed the fprint branch from 2d3c7bf to b0aab8e Compare April 4, 2024 18:34

mbssrc temporarily deployed to internal-build-workflow April 4, 2024 18:34 — with GitHub Actions Inactive

mbssrc force-pushed the fprint branch from b0aab8e to cbc8ab7 Compare April 4, 2024 18:46

mbssrc temporarily deployed to internal-build-workflow April 4, 2024 18:46 — with GitHub Actions Inactive

mbssrc marked this pull request as ready for review April 5, 2024 09:21