2023-03-30 09:28:40 +00:00
|
|
|
# Configuration for Asus P8Z77-M Pro
|
|
|
|
#This board is a better choice over the P8H61 for a cost effective Heads + QubesOS desktop with ME neuter+disable compatibility.
|
|
|
|
#The P8H61 ecosystem was complex with multiple variants
|
|
|
|
#(some not even having a TPM header, and others having RamInit issues with some memory sticks),
|
|
|
|
##while less feature rich than the P8Z77 family. The P8H61s that were compatible still required
|
|
|
|
#some ME #sections (FCRS,EFFS) to be whitelisted in order to post, which introduced unknowns.
|
|
|
|
#The P8H61s #also needed a larger flash chip to work with heads than the manufacturer supplied
|
|
|
|
#4M, which add#ed complexity for the average user.
|
|
|
|
#
|
|
|
|
#The P8Z77-M Pro is able to offer more SATA connectors (2x 6Gb, 4x 3Gb, 2x eSATA) as well as
|
|
|
|
#more full size expansion ports. The board has a PS/2 keyboard port as recommended for QubesOS.
|
|
|
|
##The board comes with 8M flash chip as standard.
|
|
|
|
#
|
|
|
|
#The i7-3770 is the best CPU available for the board, with VT-x & VT-d both present
|
|
|
|
|
|
|
|
#ME & ROM
|
|
|
|
#The board supports Intel LGA1155, which allow for ME removal (both neuter+disable work), ME
|
|
|
|
#region resize/shrinking (aka 'maximized' board), as well as VSCC table modification..
|
|
|
|
#The blob download script uses the manufacturer supplied ME and IFD and performs the necessary
|
|
|
|
#hashing. The download script also removes the VSCC table by overwriting a NULL at the VSCC
|
|
|
|
#length table and FF bytes at the VSCC identifier table - using a printf with dd. The download
|
|
|
|
#script also resizes the rom layout and minimizes ME while maximizing space.
|
|
|
|
#The P8Z77-M Pro comes as standard with an 8Mb Flash chip, which means that no modification is
|
|
|
|
#needed to replace the chip is order to use heads as we shrink ME and 'maximize' this board by
|
|
|
|
#default, leaving just 335396 bytes available.
|
|
|
|
#The P8Z77-M Pro has both TPM1 and TPM2 modules available, though at time of writing only the
|
|
|
|
#TPM1 module would be usable with heads until the TPM2 work is completed. All testing was done
|
|
|
|
#with a TPM1 module
|
|
|
|
#
|
|
|
|
#Test platform
|
|
|
|
#BOARD: Asus P8Z77-M Pro
|
|
|
|
#RAM: 32Gb - 4x TimeTec DDRL3 75TT16NUL2R8-8G
|
|
|
|
#CPU: Intel i7 3770
|
|
|
|
#TPM: Modules tested: Asus branded TPM 1.02H & Foxconn TPM Krypton Rev 1.0
|
|
|
|
#
|
|
|
|
# note: nohz=off is an optional CONFIG_LINUX_COMMAND_LINE parameter to supress repeated NOHZ: local_softirq_pending console output
|
|
|
|
#
|
|
|
|
CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
|
|
|
|
CONFIG_COREBOOT_CONFIG=config/coreboot-p8z77-m_pro-tpm1.config
|
|
|
|
|
|
|
|
export CONFIG_COREBOOT=y
|
2024-02-05 16:06:11 +00:00
|
|
|
export CONFIG_COREBOOT_VERSION=4.22.01
|
2023-04-19 14:53:52 +00:00
|
|
|
export CONFIG_LINUX_VERSION=5.10.5
|
2023-03-30 09:28:40 +00:00
|
|
|
|
|
|
|
CONFIG_CRYPTSETUP2=y
|
|
|
|
CONFIG_FLASHROM=y
|
|
|
|
CONFIG_FLASHTOOLS=y
|
|
|
|
CONFIG_GPG2=y
|
|
|
|
CONFIG_KEXEC=y
|
|
|
|
CONFIG_UTIL_LINUX=y
|
|
|
|
CONFIG_LVM2=y
|
|
|
|
CONFIG_MBEDTLS=y
|
|
|
|
CONFIG_PCIUTILS=y
|
|
|
|
CONFIG_POPT=y
|
|
|
|
CONFIG_QRENCODE=y
|
|
|
|
CONFIG_TPMTOTP=y
|
|
|
|
|
2023-04-12 19:08:49 +00:00
|
|
|
#platform locking finalization (PR0)
|
|
|
|
CONFIG_IO386=y
|
|
|
|
export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y
|
|
|
|
|
2023-03-30 09:28:40 +00:00
|
|
|
# Dependencies for a graphical menu. Enable CONFIG_SLANG and CONFIG_NEWT instead
|
|
|
|
# for a console-based menu.
|
|
|
|
CONFIG_CAIRO=y
|
|
|
|
CONFIG_FBWHIPTAIL=y
|
|
|
|
|
|
|
|
CONFIG_LINUX_USB=y
|
2023-11-25 19:50:32 +00:00
|
|
|
CONFIG_MOBILE_TETHERING=y
|
2023-03-30 09:28:40 +00:00
|
|
|
|
|
|
|
export CONFIG_TPM=y
|
|
|
|
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
|
|
|
export CONFIG_BOOT_REQ_HASH=n
|
|
|
|
export CONFIG_BOOT_REQ_ROLLBACK=n
|
2023-11-08 16:47:18 +00:00
|
|
|
export CONFIG_BOOT_KERNEL_ADD=""
|
|
|
|
export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
|
2023-03-30 09:28:40 +00:00
|
|
|
export CONFIG_BOOT_DEV="/dev/sda1"
|
|
|
|
export CONFIG_BOARD_NAME="P8Z77-M PRO"
|
|
|
|
export CONFIG_FLASHROM_OPTIONS="-p internal"
|
2023-04-10 12:43:54 +00:00
|
|
|
#Set this option to zero out the VSCC table https://github.com/osresearch/heads/pull/1358#discussion_r1153251399
|
|
|
|
export CONFIG_ZERO_IFD_VSCC=y
|
2023-03-30 09:28:40 +00:00
|
|
|
|
|
|
|
# Make the Coreboot build depend on the following 3rd party blobs:
|
|
|
|
$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \
|
|
|
|
$(pwd)/blobs/p8z77-m_pro/me.bin $(pwd)/blobs/p8z77-m_pro/ifd.bin
|
|
|
|
|
|
|
|
$(pwd)/blobs/p8z77-m_pro/me.bin:
|
|
|
|
COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \
|
|
|
|
$(pwd)/blobs/p8z77-m_pro/download_BIOS_clean.sh
|
2023-04-10 12:43:54 +00:00
|
|
|
|
|
|
|
$(pwd)/blobs/p8z77-m_pro/ifd.bin:
|
|
|
|
COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \
|
|
|
|
$(pwd)/blobs/p8z77-m_pro/download_BIOS_clean.sh
|