heads/boards/p8z77-m_pro-tpm1-maximized/p8z77-m_pro-tpm1-maximized.config

92 lines
3.9 KiB
Makefile
Raw Normal View History

2023-03-30 09:28:40 +00:00
# Configuration for Asus P8Z77-M Pro
#This board is a better choice over the P8H61 for a cost effective Heads + QubesOS desktop with ME neuter+disable compatibility.
#The P8H61 ecosystem was complex with multiple variants
#(some not even having a TPM header, and others having RamInit issues with some memory sticks),
##while less feature rich than the P8Z77 family. The P8H61s that were compatible still required
#some ME #sections (FCRS,EFFS) to be whitelisted in order to post, which introduced unknowns.
#The P8H61s #also needed a larger flash chip to work with heads than the manufacturer supplied
#4M, which add#ed complexity for the average user.
#
#The P8Z77-M Pro is able to offer more SATA connectors (2x 6Gb, 4x 3Gb, 2x eSATA) as well as
#more full size expansion ports. The board has a PS/2 keyboard port as recommended for QubesOS.
##The board comes with 8M flash chip as standard.
#
#The i7-3770 is the best CPU available for the board, with VT-x & VT-d both present
#ME & ROM
#The board supports Intel LGA1155, which allow for ME removal (both neuter+disable work), ME
#region resize/shrinking (aka 'maximized' board), as well as VSCC table modification..
#The blob download script uses the manufacturer supplied ME and IFD and performs the necessary
#hashing. The download script also removes the VSCC table by overwriting a NULL at the VSCC
#length table and FF bytes at the VSCC identifier table - using a printf with dd. The download
#script also resizes the rom layout and minimizes ME while maximizing space.
#The P8Z77-M Pro comes as standard with an 8Mb Flash chip, which means that no modification is
#needed to replace the chip is order to use heads as we shrink ME and 'maximize' this board by
#default, leaving just 335396 bytes available.
#The P8Z77-M Pro has both TPM1 and TPM2 modules available, though at time of writing only the
#TPM1 module would be usable with heads until the TPM2 work is completed. All testing was done
#with a TPM1 module
#
#Test platform
#BOARD: Asus P8Z77-M Pro
#RAM: 32Gb - 4x TimeTec DDRL3 75TT16NUL2R8-8G
#CPU: Intel i7 3770
#TPM: Modules tested: Asus branded TPM 1.02H & Foxconn TPM Krypton Rev 1.0
#
# note: nohz=off is an optional CONFIG_LINUX_COMMAND_LINE parameter to supress repeated NOHZ: local_softirq_pending console output
#
CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
CONFIG_COREBOOT_CONFIG=config/coreboot-p8z77-m_pro-tpm1.config
export CONFIG_COREBOOT=y
export CONFIG_COREBOOT_VERSION=4.19
export CONFIG_LINUX_VERSION=5.10.5
2023-03-30 09:28:40 +00:00
CONFIG_CRYPTSETUP2=y
CONFIG_FLASHROM=y
CONFIG_FLASHTOOLS=y
CONFIG_GPG2=y
CONFIG_KEXEC=y
CONFIG_UTIL_LINUX=y
CONFIG_LVM2=y
CONFIG_MBEDTLS=y
CONFIG_PCIUTILS=y
CONFIG_POPT=y
CONFIG_QRENCODE=y
CONFIG_TPMTOTP=y
#platform locking finalization (PR0)
CONFIG_IO386=y
export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y
2023-03-30 09:28:40 +00:00
# Dependencies for a graphical menu. Enable CONFIG_SLANG and CONFIG_NEWT instead
# for a console-based menu.
CONFIG_CAIRO=y
CONFIG_FBWHIPTAIL=y
CONFIG_LINUX_USB=y
export CONFIG_TPM=y
export CONFIG_BOOTSCRIPT=/bin/gui-init
export CONFIG_BOOT_REQ_HASH=n
export CONFIG_BOOT_REQ_ROLLBACK=n
export CONFIG_BOOT_KERNEL_ADD=""
export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
2023-03-30 09:28:40 +00:00
export CONFIG_BOOT_DEV="/dev/sda1"
export CONFIG_BOARD_NAME="P8Z77-M PRO"
export CONFIG_FLASHROM_OPTIONS="-p internal"
#Set this option to zero out the VSCC table https://github.com/osresearch/heads/pull/1358#discussion_r1153251399
export CONFIG_ZERO_IFD_VSCC=y
2023-03-30 09:28:40 +00:00
# Make the Coreboot build depend on the following 3rd party blobs:
$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \
$(pwd)/blobs/p8z77-m_pro/me.bin $(pwd)/blobs/p8z77-m_pro/ifd.bin
$(pwd)/blobs/p8z77-m_pro/me.bin:
COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \
$(pwd)/blobs/p8z77-m_pro/download_BIOS_clean.sh
$(pwd)/blobs/p8z77-m_pro/ifd.bin:
COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \
$(pwd)/blobs/p8z77-m_pro/download_BIOS_clean.sh