Merge pull request #867 from Tonux599/kgpe-d16_411_measured-boot

KGPE-D16 Coreboot 4.11 + Measured Boot

.circleci/config.yml

@@ -59,6 +59,77 @@ jobs:
 #      - store-artifacts:
 #          path: build/qemu-linuxboot/hashes.txt
 
+      - run:
+          name: kgpe-d16_workstation
+          command: |
+            rm -rf build/kgpe-d16_workstation/* build/log/* && \
+            make CPUS=4 V=1 BOARD=kgpe-d16_workstation || \
+            (find ./build/ -name "*.log" -type f -mmin -1 | while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log; done; exit 1) \
+          no_output_timeout: 3h
+      - run:
+          name: Ouput kgpe-d16_workstation hashes
+          command: |
+            cat build/kgpe-d16_workstation/hashes.txt \
+      - run:
+          name: Archiving build logs for kgpe-d16_workstation
+          command: |
+             tar zcvf build/kgpe-d16_workstation/logs.tar.gz build/log/*
+      - store-artifacts:
+          path: build/kgpe-d16_workstation
+     
+      - run:
+          name: kgpe-d16_workstation-usb_keyboard
+          command: |
+            rm -rf build/kgpe-d16_workstation-usb_keyboard/* build/log/* && \
+            make CPUS=4 V=1 BOARD=kgpe-d16_workstation-usb_keyboard || \
+            (find ./build/ -name "*.log" -type f -mmin -1 | while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log; done; exit 1) \
+          no_output_timeout: 3h
+      - run:
+          name: Ouput kgpe-d16_workstation-usb_keyboard hashes
+          command: |
+            cat build/kgpe-d16_workstation-usb_keyboard/hashes.txt \
+      - run:
+          name: Archiving build logs for kgpe-d16_workstation-usb_keyboard
+          command: |
+             tar zcvf build/kgpe-d16_workstation-usb_keyboard/logs.tar.gz build/log/*
+      - store-artifacts:
+          path: build/kgpe-d16_workstation-usb_keyboard
+
+      - run:
+          name: kgpe-d16_server
+          command: |
+            rm -rf build/kgpe-d16_server/* build/log/* && \
+            make CPUS=4 V=1 BOARD=kgpe-d16_server || \
+            (find ./build/ -name "*.log" -type f -mmin -1 | while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log; done; exit 1) \
+          no_output_timeout: 3h
+      - run:
+          name: Ouput kgpe-d16_server hashes
+          command: |
+            cat build/kgpe-d16_server/hashes.txt \
+      - run:
+          name: Archiving build logs for kgpe-d16_server
+          command: |
+             tar zcvf build/kgpe-d16_server/logs.tar.gz build/log/*
+      - store-artifacts:
+          path: build/kgpe-d16_server
+
+      - run:
+          name: kgpe-d16_server-whiptail
+          command: |
+            rm -rf build/kgpe-d16_server-whiptail/* build/log/* && \
+            make CPUS=4 V=1 BOARD=kgpe-d16_server-whiptail || \
+            (find ./build/ -name "*.log" -type f -mmin -1 | while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log; done; exit 1) \
+          no_output_timeout: 3h
+      - run:
+          name: Ouput kgpe-d16_server-whiptail hashes
+          command: |
+            cat build/kgpe-d16_server-whiptail/hashes.txt \
+      - run:
+          name: Archiving build logs for kgpe-d16_server-whiptail
+          command: |
+             tar zcvf build/kgpe-d16_server-whiptail/logs.tar.gz build/log/*
+      - store-artifacts:
+          path: build/kgpe-d16_server-whiptail
       - run:
           name: librem_l1um
           command: |

.gitlab-ci.yml.deprecated

@@ -8,7 +8,7 @@ stages:
 
 build:
   stage: build
-  retry: 1
+  retry: 2
   cache:
     paths:
       - packages
@@ -69,7 +69,6 @@ build:
     - cat ./build/x230/hashes.txt
     - echo "Archiving x230 logs..."
     - tar zcvf ./build/x230/logs.tar.gz ./build/log/*
-
     - echo "Removing old t430 artifacts..."
     - rm -rf ./build/t430/*
     - rm -rf ./build/log/*
@@ -79,7 +78,42 @@ build:
     - cat ./build/t430/hashes.txt
     - echo "Archiving t430 logs..."
     - tar zcvf ./build/t430/logs.tar.gz ./build/log/*
-
+    - echo "Removing old kgpe-d16_workstation artifacts..."
+    - rm -rf ./build/kgpe-d16_workstation/*
+    - rm -rf ./build/log/*
+    - echo "Building BOARD=kgpe-d16_workstation board..."
+    - make BOARD=kgpe-d16_workstation || (find ./build/log/ -cmin 1|xargs tail; exit 1)
+    - echo "kgpe-d16_workstation hashes:"
+    - cat ./build/kgpe-d16_workstation/hashes.txt
+    - echo "Archiving kgpe-d16_workstation logs..."
+    - tar zcvf ./build/kgpe-d16_workstation/logs.tar.gz ./build/log/*
+    - echo "Removing old kgpe-d16_workstation-usb_keyboard artifacts..."
+    - rm -rf ./build/kgpe-d16_workstation-usb_keyboard/*
+    - rm -rf ./build/log/*
+    - echo "Building BOARD=kgpe-d16_workstation-usb_keyboard board..."
+    - make BOARD=kgpe-d16_workstation || (find ./build/log/ -cmin 1|xargs tail; exit 1)
+    - echo "kgpe-d16_workstation-usb_keyboard hashes:"
+    - cat ./build/kgpe-d16_workstation-usb_keyboard/hashes.txt
+    - echo "Archiving kgpe-d16_workstation-usb_keyboard logs..."
+    - tar zcvf ./build/kgpe-d16_workstation-usb_keyboard/logs.tar.gz ./build/log/*
+    - echo "Removing old kgpe-d16_server-whiptail artifacts..."
+    - rm -rf ./build/kgpe-d16_server-whiptail/*
+    - rm -rf ./build/log/*
+    - echo "Building BOARD=kgpe-d16_server-whiptail board..."
+    - make BOARD=kgpe-d16_server-whiptail || (find ./build/log/ -cmin 1|xargs tail; exit 1)
+    - echo "kgpe-d16_server-whiptail hashes:"
+    - cat ./build/kgpe-d16_server-whiptail/hashes.txt
+    - echo "Archiving kgpe-d16_server-whiptail logs..."
+    - tar zcvf ./build/kgpe-d16_server-whiptail/logs.tar.gz ./build/log/*
+    - echo "Removing old kgpe-d16_server artifacts..."
+    - rm -rf ./build/kgpe-d16_server/*
+    - rm -rf ./build/log/*
+    - echo "Building BOARD=kgpe-d16_server board..."
+    - make BOARD=kgpe-d16_server || (find ./build/log/ -cmin 1|xargs tail; exit 1)
+    - echo "kgpe-d16_server hashes:"
+    - cat ./build/kgpe-d16_server/hashes.txt
+    - echo "Archiving kgpe-d16_server logs..."
+    - tar zcvf ./build/kgpe-d16_server/logs.tar.gz ./build/log/*
    - echo "Removing old qemu-coreboot artifacts..."
     - rm -rf ./build/qemu-coreboot/*
     - rm -rf ./build/log/*
@@ -94,10 +128,12 @@ build:
     - du -shc packages crossgcc build
   artifacts:
     paths:
+      - ./build/kgpe-d16_workstation
+      - ./build/kgpe-d16_workstation-usb_keyboard
+      - ./build/kgpe-d16_server
       - ./build/qemu-coreboot
       - ./build/x230-flash
       - ./build/t430-flash
       - ./build/x230-hotp-verification
       - ./build/x230-external-flash
       - ./build/x230
-      - ./build/t430

boards/kgpe-d16/kgpe-d16.config

@@ -1,36 +0,0 @@
-# Configuration for a kgpe-d16 running non-Qubes
-export CONFIG_COREBOOT=y
-export CONFIG_COREBOOT_VERSION=4.8.1
-export CONFIG_LINUX_VERSION=4.14.62
-
-CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16.config
-CONFIG_LINUX_CONFIG=config/linux-kgpe-d16.config
-
-CONFIG_CRYPTSETUP=y
-CONFIG_FLASHROM=y
-CONFIG_FLASHTOOLS=y
-CONFIG_GPG=y
-CONFIG_KEXEC=y
-CONFIG_UTIL_LINUX=y
-CONFIG_LVM2=y
-CONFIG_MBEDTLS=y
-CONFIG_PCIUTILS=y
-CONFIG_POPT=y
-CONFIG_QRENCODE=y
-CONFIG_TPMTOTP=y
-CONFIG_DROPBEAR=y
-
-CONFIG_LINUX_USB=y
-CONFIG_LINUX_E1000E=y
-
-export CONFIG_BOOTSCRIPT=/bin/generic-init
-#export CONFIG_BOOTSCRIPT_NETWORK=/bin/network-init-recovery
-
-export CONFIG_BOOT_REQ_HASH=n
-export CONFIG_BOOT_REQ_ROLLBACK=n
-export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 "
-export CONFIG_BOOT_KERNEL_REMOVE=""
-export CONFIG_BOOT_DEV="/dev/sda1"
-export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
-export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal"
-#export CONFIG_BOOT_STATIC_IP=192.168.1.2

boards/kgpe-d16_server-whiptail/kgpe-d16_server-whiptail.config

@@ -0,0 +1,77 @@
+# Configuration for a kgpe-d16_server with whiptail, permitting usage of gui-init on console without FB graphic
+# per https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-status.php work, with patches merged into Heads
+#
+# Tested: ASMBV4 reprogrammed per https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-status.php
+#
+# Status:
+# - ASpeed text output given on VGA
+# - All console output rerirected to sttyS0
+# - TPM support in romstage (not bootblock) with TPM SLB9635 TT 1.2 by Infineon
+#
+# - To connect to BMC: https://github.com/osresearch/heads/issues/134#issuecomment-368922440
+# - Please contribute documentation on heads-wiki
+# - Please support https://github.com/osresearch/heads/issues/719
+# - Disk Unlock Key released by TPM since not deactivated
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.11
+export CONFIG_LINUX_VERSION=4.14.62
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_server-whiptail.config
+CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_server-whiptail.config
+
+CONFIG_CRYPTSETUP=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+CONFIG_DROPBEAR=y
+
+#Whiptail
+CONFIG_SLANG=y
+CONFIG_NEWT=y
+#FBWhiptail
+#CONFIG_CAIRO=y
+#CONFIG_FBWHIPTAIL=y
+
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
+
+export CONFIG_TPM=y
+#BOOT SCRIPT SELECTION
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#export CONFIG_BOOTSCRIPT_NETWORK=/bin/network-init-recovery
+export CONFIG_BOOT_GUI_MENU_NAME="KGPE-D16 Heads Boot Menu"
+export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
+export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
+
+#CONSOLE SELECTION
+#Single output to OpenBMC
+export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 "
+
+#Dual output to local console (tty0) and OpenBmc (ttyS1)
+#export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 console=tty0"
+
+#Single output to tty0
+#export CONFIG_BOOT_KERNEL_ADD="nohz=on"
+export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
+export CONFIG_BOOT_STATIC_IP=192.168.2.3
+
+
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_USB_BOOT_DEV="/dev/sdb1"
+
+export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal"
+#export CONFIG_BOOT_STATIC_IP=192.168.1.2

boards/kgpe-d16_server/kgpe-d16_server.config

@@ -0,0 +1,59 @@
+# Configuration for a kgpe-d16_server
+# per https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-status.php work, with patches merged into Heads
+#
+# Tested: ASMBV4 reprogrammed per https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-status.php
+#
+# Status:
+# - ASpeed text output given on VGA
+# - All console output rerirected to sttyS0
+# - TPM support in romstage (not bootblock) with TPM SLB9635 TT 1.2 by Infineon
+#
+# - To connect to BMC: https://github.com/osresearch/heads/issues/134#issuecomment-368922440
+# - Please contribute documentation on heads-wiki
+# - Please support https://github.com/osresearch/heads/issues/719
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.11
+export CONFIG_LINUX_VERSION=4.14.62
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_server.config
+CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_server.config
+
+CONFIG_CRYPTSETUP=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+CONFIG_DROPBEAR=y
+
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
+
+export CONFIG_TPM=y
+#BOOT SCRIPT SELECTION
+export CONFIG_BOOTSCRIPT=/bin/generic-init
+#export CONFIG_BOOTSCRIPT_NETWORK=/bin/network-init-recovery
+
+#CONSOLE SELECTION
+#Single output to OpenBMC
+#export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 "
+#Dual output to local console (tty0) and OpenBmc (ttyS1)
+export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 console=tty0"
+export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
+export CONFIG_BOOT_STATIC_IP=192.168.2.3
+
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_USB_BOOT_DEV="/dev/sdb1"
+
+export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal"
+#export CONFIG_BOOT_STATIC_IP=192.168.1.2

boards/kgpe-d16_workstation-usb_keyboard/kgpe-d16_workstation-usb_keyboard.config

@@ -0,0 +1,69 @@
+# Configuration for a kgpe-d16_workstation-usb_keyboard
+# Linux configuration supporting Nvidia, AMD GPUs, enforcing post on nvidia.
+# Please make sure jumper forces external GPU
+#
+# Status:
+# - TPM support in romstage (not bootblock) with TPM SLB9635 TT 1.2 by Infineon
+# - USB ealy support activated for USB keyboard
+# - Disk Unlock Key released by TPM since not deactivated
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.11
+export CONFIG_LINUX_VERSION=4.14.62
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_workstation-usb_keyboard.config
+CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_workstation.config
+
+CONFIG_CRYPTSETUP=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+CONFIG_DROPBEAR=y
+
+#Whiptail
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
+
+#Enable USB Keyboard support
+export CONFIG_USB_KEYBOARD=y
+
+export CONFIG_TPM=y
+#BOOT SCRIPT SELECTION
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#export CONFIG_BOOTSCRIPT_NETWORK=/bin/network-init-recovery
+export CONFIG_BOOT_GUI_MENU_NAME="KGPE-D16 Heads Boot Menu"
+export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
+export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
+
+#CONSOLE SELECTION
+#Single output to OpenBMC
+#export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 "
+#Dual output to local console (tty0) and OpenBmc (ttyS1)
+#export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 console=tty0"
+#Single output to tty0
+export CONFIG_BOOT_KERNEL_ADD="nohz=on nouveau.config=NvForcePost=1"
+#export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
+#export CONFIG_BOOT_STATIC_IP=192.168.2.3
+
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+#export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_USB_BOOT_DEV="/dev/sdb1"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal"

boards/kgpe-d16_workstation/kgpe-d16_workstation.config

@@ -0,0 +1,70 @@
+# Configuration for a kgpe-d16_workstation
+# Linux configuration supporting Nvidia, AMD GPUs, enforcing post on nvidia.
+# Please make sure jumper forces external GPU
+#
+#
+# Status:
+# - TPM support in romstage (not bootblock) with TPM SLB9635 TT 1.2 by Infineon
+# - To connect to BMC: https://github.com/osresearch/heads/issues/134#issuecomment-368922440
+# - Please contribute documentation on heads-wiki
+# - Please support https://github.com/osresearch/heads/issues/719
+# - Disk Unlock Key released by TPM since not deactivated
+
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.11
+export CONFIG_LINUX_VERSION=4.14.62
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_workstation.config
+CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_workstation.config
+
+CONFIG_CRYPTSETUP=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+CONFIG_DROPBEAR=y
+
+#Whiptail
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
+
+export CONFIG_TPM=y
+#BOOT SCRIPT SELECTION
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#export CONFIG_BOOTSCRIPT_NETWORK=/bin/network-init-recovery
+export CONFIG_BOOT_GUI_MENU_NAME="KGPE-D16 Heads Boot Menu"
+export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0"
+export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0"
+
+#CONSOLE SELECTION
+#Single output to OpenBMC
+#export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 "
+#Dual output to local console (tty0) and OpenBmc (ttyS1)
+#export CONFIG_BOOT_KERNEL_ADD="nohz=on console=ttyS1,115200n8 console=tty0"
+#Single output to tty0
+export CONFIG_BOOT_KERNEL_ADD="nohz=on nouveau.config=NvForcePost=1"
+#export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
+#export CONFIG_BOOT_STATIC_IP=192.168.2.3
+
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+#export CONFIG_BOOT_KERNEL_REMOVE="plymouth.ignore-serial-consoles"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_USB_BOOT_DEV="/dev/sdb1"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify -p internal"

config/coreboot-kgpe-d16_server-whiptail.config

@@ -0,0 +1,18 @@
+CONFIG_ANY_TOOLCHAIN=y
+CONFIG_USE_OPTION_TABLE=y
+# CONFIG_COLLECT_TIMESTAMPS is not set
+CONFIG_VENDOR_ASUS=y
+CONFIG_UART_FOR_CONSOLE=1
+CONFIG_BOARD_ASUS_KGPE_D16=y
+CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_COREBOOT_ROMSIZE_KB_16384=y
+CONFIG_SOUTHBRIDGE_AMD_SB700_33MHZ_SPI=y
+# CONFIG_DRIVERS_INTEL_WIFI is not set
+CONFIG_MEASURED_BOOT=y
+CONFIG_USER_TPM1=y
+CONFIG_TPM_RDRESP_NEED_DELAY=y
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="../../build/kgpe-d16_server-whiptail/bzImage"
+CONFIG_LINUX_COMMAND_LINE="nohz=on console=tty0 earlyprintk=tty0"
+CONFIG_LINUX_INITRD="../../build/kgpe-d16_server-whiptail/initrd.cpio.xz"

config/coreboot-kgpe-d16_server.config

@@ -6,9 +6,13 @@ CONFIG_UART_FOR_CONSOLE=1
 CONFIG_BOARD_ASUS_KGPE_D16=y
 CONFIG_DRIVERS_PS2_KEYBOARD=y
 CONFIG_COREBOOT_ROMSIZE_KB_16384=y
+CONFIG_SOUTHBRIDGE_AMD_SB700_33MHZ_SPI=y
 # CONFIG_DRIVERS_INTEL_WIFI is not set
+CONFIG_MEASURED_BOOT=y
+CONFIG_USER_TPM1=y
+CONFIG_TPM_RDRESP_NEED_DELAY=y
 CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y
 CONFIG_PAYLOAD_LINUX=y
-CONFIG_PAYLOAD_FILE="../../build/kgpe-d16/bzImage"
 CONFIG_LINUX_COMMAND_LINE="nohz=on console=ttyS1,115200n8 earlyprintk=ttyS1,115200"
-CONFIG_LINUX_INITRD="../../build/kgpe-d16/initrd.cpio.xz"
+CONFIG_PAYLOAD_FILE="../../build/kgpe-d16_server/bzImage"
+CONFIG_LINUX_INITRD="../../build/kgpe-d16_server/initrd.cpio.xz"

config/coreboot-kgpe-d16_workstation-usb_keyboard.config

@@ -0,0 +1,18 @@
+CONFIG_ANY_TOOLCHAIN=y
+CONFIG_USE_OPTION_TABLE=y
+# CONFIG_COLLECT_TIMESTAMPS is not set
+CONFIG_VENDOR_ASUS=y
+CONFIG_UART_FOR_CONSOLE=1
+CONFIG_BOARD_ASUS_KGPE_D16=y
+CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_COREBOOT_ROMSIZE_KB_16384=y
+CONFIG_SOUTHBRIDGE_AMD_SB700_33MHZ_SPI=y
+# CONFIG_DRIVERS_INTEL_WIFI is not set
+CONFIG_MEASURED_BOOT=y
+CONFIG_USER_TPM1=y
+CONFIG_TPM_RDRESP_NEED_DELAY=y
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="../../build/kgpe-d16_workstation-usb_keyboard/bzImage"
+CONFIG_LINUX_COMMAND_LINE="nohz=on console=tty0 earlyprintk=tty0"
+CONFIG_LINUX_INITRD="../../build/kgpe-d16_workstation-usb_keyboard/initrd.cpio.xz"

config/coreboot-kgpe-d16_workstation.config

@@ -0,0 +1,18 @@
+CONFIG_ANY_TOOLCHAIN=y
+CONFIG_USE_OPTION_TABLE=y
+# CONFIG_COLLECT_TIMESTAMPS is not set
+CONFIG_VENDOR_ASUS=y
+CONFIG_UART_FOR_CONSOLE=1
+CONFIG_BOARD_ASUS_KGPE_D16=y
+CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_COREBOOT_ROMSIZE_KB_16384=y
+CONFIG_SOUTHBRIDGE_AMD_SB700_33MHZ_SPI=y
+# CONFIG_DRIVERS_INTEL_WIFI is not set
+CONFIG_MEASURED_BOOT=y
+CONFIG_USER_TPM1=y
+CONFIG_TPM_RDRESP_NEED_DELAY=y
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="../../build/kgpe-d16_workstation/bzImage"
+CONFIG_LINUX_COMMAND_LINE="nohz=on console=tty0 earlyprintk=tty0"
+CONFIG_LINUX_INITRD="../../build/kgpe-d16_workstation/initrd.cpio.xz"

config/linux-kgpe-d16_server-whiptail.config

@@ -91,6 +91,7 @@ CONFIG_BLK_DEV_SR=y
 CONFIG_CHR_DEV_SG=y
 CONFIG_SCSI_SCAN_ASYNC=y
 CONFIG_ISCSI_TCP=y
+CONFIG_SCSI_MPT3SAS=y
 CONFIG_ATA=y
 CONFIG_SATA_AHCI=y
 # CONFIG_ATA_SFF is not set
@@ -182,6 +183,7 @@ CONFIG_PTP_1588_CLOCK=y
 # CONFIG_X86_PKG_TEMP_THERMAL is not set
 CONFIG_MFD_SYSCON=y
 CONFIG_DRM=y
+CONFIG_DRM_AST=y
 CONFIG_FB_VESA=y
 CONFIG_BACKLIGHT_LCD_SUPPORT=y
 # CONFIG_LCD_CLASS_DEVICE is not set
@@ -193,6 +195,9 @@ CONFIG_USB_XHCI_HCD=m
 CONFIG_USB_XHCI_PLATFORM=m
 CONFIG_USB_EHCI_HCD=m
 CONFIG_USB_EHCI_HCD_PLATFORM=m
+CONFIG_USB_OHCI_HCD=m
+CONFIG_USB_OHCI_HCD_PLATFORM=m
+CONFIG_USB_UHCI_HCD=m
 CONFIG_USB_STORAGE=m
 CONFIG_RTC_CLASS=y
 # CONFIG_X86_PLATFORM_DEVICES is not set
@@ -204,9 +209,7 @@ CONFIG_GENERIC_PHY=y
 # CONFIG_BTT is not set
 # CONFIG_FIRMWARE_MEMMAP is not set
 # CONFIG_DMIID is not set
-# CONFIG_EXT2_FS is not set
 CONFIG_EXT4_FS=y
-CONFIG_EXT4_USE_FOR_EXT2=y
 # CONFIG_DNOTIFY is not set
 # CONFIG_INOTIFY_USER is not set
 CONFIG_ISO9660_FS=y

config/linux-kgpe-d16_server.config

@@ -0,0 +1,326 @@
+CONFIG_LOCALVERSION="-heads"
+# CONFIG_LOCALVERSION_AUTO is not set
+CONFIG_KERNEL_XZ=y
+# CONFIG_SWAP is not set
+# CONFIG_CROSS_MEMORY_ATTACH is not set
+# CONFIG_FHANDLE is not set
+CONFIG_NO_HZ_IDLE=y
+CONFIG_LOG_BUF_SHIFT=18
+CONFIG_BLK_DEV_INITRD=y
+CONFIG_INITRAMFS_SOURCE="../../../blobs/dev.cpio"
+# CONFIG_RD_GZIP is not set
+# CONFIG_RD_BZIP2 is not set
+# CONFIG_RD_LZMA is not set
+# CONFIG_RD_LZO is not set
+# CONFIG_RD_LZ4 is not set
+CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+# CONFIG_SGETMASK_SYSCALL is not set
+# CONFIG_SYSFS_SYSCALL is not set
+# CONFIG_BASE_FULL is not set
+# CONFIG_SIGNALFD is not set
+# CONFIG_TIMERFD is not set
+# CONFIG_EVENTFD is not set
+# CONFIG_AIO is not set
+# CONFIG_ADVISE_SYSCALLS is not set
+# CONFIG_MEMBARRIER is not set
+CONFIG_EMBEDDED=y
+# CONFIG_VM_EVENT_COUNTERS is not set
+# CONFIG_SLUB_DEBUG is not set
+# CONFIG_COMPAT_BRK is not set
+CONFIG_JUMP_LABEL=y
+CONFIG_CC_STACKPROTECTOR_STRONG=y
+CONFIG_MODULES=y
+# CONFIG_IOSCHED_DEADLINE is not set
+# CONFIG_IOSCHED_CFQ is not set
+CONFIG_SMP=y
+# CONFIG_X86_EXTENDED_PLATFORM is not set
+CONFIG_PROCESSOR_SELECT=y
+# CONFIG_CPU_SUP_CENTAUR is not set
+CONFIG_PREEMPT_VOLUNTARY=y
+CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
+# CONFIG_X86_MCE_AMD is not set
+# CONFIG_PERF_EVENTS_INTEL_RAPL is not set
+# CONFIG_MICROCODE is not set
+# CONFIG_SPARSEMEM_VMEMMAP is not set
+# CONFIG_COMPACTION is not set
+# CONFIG_BOUNCE is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
+CONFIG_X86_PMEM_LEGACY=y
+# CONFIG_MTRR is not set
+# CONFIG_X86_SMAP is not set
+# CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set
+# CONFIG_SECCOMP is not set
+CONFIG_KEXEC=y
+CONFIG_KEXEC_FILE=y
+# CONFIG_RELOCATABLE is not set
+CONFIG_PHYSICAL_ALIGN=0x1000000
+# CONFIG_MODIFY_LDT_SYSCALL is not set
+# CONFIG_SUSPEND is not set
+CONFIG_ACPI_VIDEO=y
+CONFIG_PCI_MSI=y
+# CONFIG_HT_IRQ is not set
+CONFIG_PCI_IOV=y
+CONFIG_PCI_PRI=y
+# CONFIG_COREDUMP is not set
+CONFIG_NET=y
+CONFIG_PACKET=y
+CONFIG_UNIX=y
+CONFIG_INET=y
+CONFIG_SYN_COOKIES=y
+# CONFIG_INET_XFRM_MODE_TRANSPORT is not set
+# CONFIG_INET_XFRM_MODE_TUNNEL is not set
+# CONFIG_INET_XFRM_MODE_BEET is not set
+# CONFIG_INET_DIAG is not set
+# CONFIG_IPV6 is not set
+# CONFIG_WIRELESS is not set
+# CONFIG_UEVENT_HELPER is not set
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
+# CONFIG_STANDALONE is not set
+# CONFIG_FIRMWARE_IN_KERNEL is not set
+# CONFIG_ALLOW_DEV_COREDUMP is not set
+CONFIG_BLK_DEV_LOOP=y
+CONFIG_BLK_DEV_RAM=y
+CONFIG_BLK_DEV_RAM_SIZE=65536
+CONFIG_EEPROM_93CX6=m
+CONFIG_INTEL_MEI_ME=m
+CONFIG_INTEL_MEI_TXE=m
+# CONFIG_SCSI_PROC_FS is not set
+CONFIG_BLK_DEV_SD=y
+CONFIG_BLK_DEV_SR=y
+CONFIG_CHR_DEV_SG=y
+CONFIG_SCSI_SCAN_ASYNC=y
+CONFIG_ISCSI_TCP=y
+CONFIG_SCSI_MPT3SAS=y
+CONFIG_ATA=y
+CONFIG_SATA_AHCI=y
+# CONFIG_ATA_SFF is not set
+CONFIG_MD=y
+CONFIG_BLK_DEV_DM=y
+CONFIG_DM_CRYPT=y
+CONFIG_DM_VERITY=y
+CONFIG_DM_VERITY_FEC=y
+CONFIG_NETDEVICES=y
+# CONFIG_NET_VENDOR_3COM is not set
+# CONFIG_NET_VENDOR_ADAPTEC is not set
+# CONFIG_NET_VENDOR_AGERE is not set
+# CONFIG_NET_VENDOR_ALTEON is not set
+# CONFIG_NET_VENDOR_AMAZON is not set
+# CONFIG_NET_VENDOR_AMD is not set
+# CONFIG_NET_VENDOR_ARC is not set
+# CONFIG_NET_VENDOR_ATHEROS is not set
+# CONFIG_NET_CADENCE is not set
+# CONFIG_NET_VENDOR_BROADCOM is not set
+# CONFIG_NET_VENDOR_BROCADE is not set
+# CONFIG_NET_VENDOR_CAVIUM is not set
+# CONFIG_NET_VENDOR_CHELSIO is not set
+# CONFIG_NET_VENDOR_CISCO is not set
+# CONFIG_NET_VENDOR_DEC is not set
+# CONFIG_NET_VENDOR_DLINK is not set
+# CONFIG_NET_VENDOR_EMULEX is not set
+# CONFIG_NET_VENDOR_EZCHIP is not set
+# CONFIG_NET_VENDOR_EXAR is not set
+# CONFIG_NET_VENDOR_HP is not set
+CONFIG_E1000=m
+CONFIG_E1000E=m
+# CONFIG_NET_VENDOR_I825XX is not set
+# CONFIG_NET_VENDOR_MARVELL is not set
+# CONFIG_NET_VENDOR_MELLANOX is not set
+# CONFIG_NET_VENDOR_MICREL is not set
+# CONFIG_NET_VENDOR_MYRI is not set
+# CONFIG_NET_VENDOR_NATSEMI is not set
+# CONFIG_NET_VENDOR_NETRONOME is not set
+# CONFIG_NET_VENDOR_NVIDIA is not set
+# CONFIG_NET_VENDOR_OKI is not set
+# CONFIG_NET_PACKET_ENGINE is not set
+# CONFIG_NET_VENDOR_QLOGIC is not set
+# CONFIG_NET_VENDOR_QUALCOMM is not set
+# CONFIG_NET_VENDOR_REALTEK is not set
+# CONFIG_NET_VENDOR_RENESAS is not set
+# CONFIG_NET_VENDOR_RDC is not set
+# CONFIG_NET_VENDOR_ROCKER is not set
+# CONFIG_NET_VENDOR_SAMSUNG is not set
+# CONFIG_NET_VENDOR_SEEQ is not set
+# CONFIG_NET_VENDOR_SILAN is not set
+# CONFIG_NET_VENDOR_SIS is not set
+# CONFIG_NET_VENDOR_SMSC is not set
+# CONFIG_NET_VENDOR_STMICRO is not set
+# CONFIG_NET_VENDOR_SUN is not set
+# CONFIG_NET_VENDOR_TEHUTI is not set
+# CONFIG_NET_VENDOR_TI is not set
+# CONFIG_NET_VENDOR_VIA is not set
+# CONFIG_NET_VENDOR_WIZNET is not set
+# CONFIG_NET_VENDOR_SYNOPSYS is not set
+# CONFIG_USB_NET_DRIVERS is not set
+# CONFIG_WLAN is not set
+# CONFIG_INPUT_MOUSE is not set
+# CONFIG_SERIO_SERPORT is not set
+# CONFIG_LEGACY_PTYS is not set
+CONFIG_SERIAL_8250=y
+# CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set
+# CONFIG_SERIAL_8250_PNP is not set
+CONFIG_SERIAL_8250_CONSOLE=y
+# CONFIG_SERIAL_8250_PCI is not set
+# CONFIG_SERIAL_8250_LPSS is not set
+# CONFIG_SERIAL_8250_MID is not set
+CONFIG_TTY_PRINTK=y
+CONFIG_HW_RANDOM=y
+CONFIG_HW_RANDOM_TIMERIOMEM=m
+CONFIG_HW_RANDOM_INTEL=m
+CONFIG_HW_RANDOM_AMD=m
+CONFIG_HW_RANDOM_VIA=m
+CONFIG_HW_RANDOM_TPM=m
+CONFIG_TCG_TPM=y
+CONFIG_TCG_TIS=y
+# CONFIG_I2C_COMPAT is not set
+CONFIG_I2C_MUX=m
+CONFIG_I2C_MUX_PCA9541=m
+CONFIG_I2C_MUX_REG=m
+# CONFIG_I2C_HELPER_AUTO is not set
+CONFIG_I2C_SLAVE=y
+CONFIG_PTP_1588_CLOCK=y
+# CONFIG_HWMON is not set
+# CONFIG_X86_PKG_TEMP_THERMAL is not set
+CONFIG_MFD_SYSCON=y
+CONFIG_DRM=y
+CONFIG_DRM_AST=y
+CONFIG_FB_VESA=y
+CONFIG_BACKLIGHT_LCD_SUPPORT=y
+# CONFIG_LCD_CLASS_DEVICE is not set
+CONFIG_BACKLIGHT_CLASS_DEVICE=y
+# CONFIG_BACKLIGHT_GENERIC is not set
+CONFIG_FRAMEBUFFER_CONSOLE=y
+CONFIG_USB=y
+CONFIG_USB_XHCI_HCD=m
+CONFIG_USB_XHCI_PLATFORM=m
+CONFIG_USB_EHCI_HCD=m
+CONFIG_USB_EHCI_HCD_PLATFORM=m
+CONFIG_USB_OHCI_HCD=m
+CONFIG_USB_OHCI_HCD_PLATFORM=m
+CONFIG_USB_UHCI_HCD=m
+CONFIG_USB_STORAGE=m
+CONFIG_RTC_CLASS=y
+# CONFIG_X86_PLATFORM_DEVICES is not set
+CONFIG_INTEL_IOMMU=y
+CONFIG_INTEL_IOMMU_SVM=y
+CONFIG_GENERIC_PHY=y
+# CONFIG_BLK_DEV_PMEM is not set
+# CONFIG_ND_BLK is not set
+# CONFIG_BTT is not set
+# CONFIG_FIRMWARE_MEMMAP is not set
+# CONFIG_DMIID is not set
+CONFIG_EXT4_FS=y
+# CONFIG_DNOTIFY is not set
+# CONFIG_INOTIFY_USER is not set
+CONFIG_ISO9660_FS=y
+CONFIG_JOLIET=y
+CONFIG_MSDOS_FS=y
+CONFIG_VFAT_FS=y
+# CONFIG_PROC_SYSCTL is not set
+# CONFIG_PROC_PAGE_MONITOR is not set
+CONFIG_TMPFS=y
+# CONFIG_MISC_FILESYSTEMS is not set
+CONFIG_NLS_DEFAULT="utf8"
+CONFIG_NLS_CODEPAGE_437=y
+CONFIG_NLS_ISO8859_1=y
+CONFIG_NLS_UTF8=y
+CONFIG_PRINTK_TIME=y
+CONFIG_BOOT_PRINTK_DELAY=y
+CONFIG_DYNAMIC_DEBUG=y
+CONFIG_DEBUG_INFO=y
+CONFIG_DEBUG_INFO_DWARF4=y
+CONFIG_GDB_SCRIPTS=y
+# CONFIG_ENABLE_WARN_DEPRECATED is not set
+# CONFIG_ENABLE_MUST_CHECK is not set
+CONFIG_FRAME_WARN=1024
+CONFIG_DEBUG_FS=y
+CONFIG_MAGIC_SYSRQ=y
+CONFIG_HARDLOCKUP_DETECTOR=y
+CONFIG_WQ_WATCHDOG=y
+# CONFIG_SCHED_DEBUG is not set
+CONFIG_STACKTRACE=y
+# CONFIG_DEBUG_BUGVERBOSE is not set
+# CONFIG_RCU_TRACE is not set
+# CONFIG_FTRACE is not set
+# CONFIG_STRICT_DEVMEM is not set
+# CONFIG_X86_VERBOSE_BOOTUP is not set
+# CONFIG_DOUBLEFAULT is not set
+CONFIG_IO_DELAY_0XED=y
+CONFIG_OPTIMIZE_INLINING=y
+# CONFIG_X86_DEBUG_FPU is not set
+CONFIG_HARDENED_USERCOPY=y
+CONFIG_CRYPTO_RSA=m
+CONFIG_CRYPTO_USER=y
+CONFIG_CRYPTO_MCRYPTD=m
+CONFIG_CRYPTO_AUTHENC=m
+CONFIG_CRYPTO_CCM=m
+CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_CHACHA20POLY1305=m
+CONFIG_CRYPTO_CTS=m
+CONFIG_CRYPTO_LRW=y
+CONFIG_CRYPTO_PCBC=m
+CONFIG_CRYPTO_XTS=y
+CONFIG_CRYPTO_KEYWRAP=m
+CONFIG_CRYPTO_CMAC=m
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_XCBC=m
+CONFIG_CRYPTO_VMAC=m
+CONFIG_CRYPTO_CRC32C_INTEL=y
+CONFIG_CRYPTO_CRC32=m
+CONFIG_CRYPTO_CRC32_PCLMUL=m
+CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
+CONFIG_CRYPTO_POLY1305_X86_64=m
+CONFIG_CRYPTO_MD4=m
+CONFIG_CRYPTO_MICHAEL_MIC=m
+CONFIG_CRYPTO_RMD128=m
+CONFIG_CRYPTO_RMD160=m
+CONFIG_CRYPTO_RMD256=m
+CONFIG_CRYPTO_RMD320=m
+CONFIG_CRYPTO_SHA1_SSSE3=y
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_TGR192=m
+CONFIG_CRYPTO_WP512=m
+CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
+CONFIG_CRYPTO_AES_NI_INTEL=y
+CONFIG_CRYPTO_ANUBIS=m
+CONFIG_CRYPTO_ARC4=m
+CONFIG_CRYPTO_BLOWFISH=m
+CONFIG_CRYPTO_BLOWFISH_X86_64=m
+CONFIG_CRYPTO_CAMELLIA=m
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m
+CONFIG_CRYPTO_CAST5_AVX_X86_64=m
+CONFIG_CRYPTO_CAST6_AVX_X86_64=m
+CONFIG_CRYPTO_DES3_EDE_X86_64=m
+CONFIG_CRYPTO_FCRYPT=m
+CONFIG_CRYPTO_KHAZAD=m
+CONFIG_CRYPTO_SALSA20=m
+CONFIG_CRYPTO_CHACHA20_X86_64=m
+CONFIG_CRYPTO_SEED=m
+CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m
+CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
+CONFIG_CRYPTO_TEA=m
+CONFIG_CRYPTO_TWOFISH=m
+CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
+CONFIG_CRYPTO_DEFLATE=m
+CONFIG_CRYPTO_LZO=y
+CONFIG_CRYPTO_842=m
+CONFIG_CRYPTO_LZ4=m
+CONFIG_CRYPTO_LZ4HC=m
+CONFIG_CRYPTO_ANSI_CPRNG=m
+CONFIG_CRYPTO_DRBG_HASH=y
+CONFIG_CRYPTO_DRBG_CTR=y
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
+CONFIG_CRYPTO_USER_API_RNG=y
+CONFIG_CRYPTO_USER_API_AEAD=y
+# CONFIG_CRYPTO_HW is not set
+# CONFIG_VIRTUALIZATION is not set
+CONFIG_CRC_CCITT=m
+CONFIG_CRC_T10DIF=y
+CONFIG_CRC_ITU_T=m
+CONFIG_CRC7=m
+CONFIG_LIBCRC32C=m
+CONFIG_CRC8=m
+CONFIG_XZ_DEC_TEST=m
+CONFIG_CORDIC=m
+CONFIG_IRQ_POLL=y

config/linux-kgpe-d16_workstation.config

@@ -0,0 +1,324 @@
+CONFIG_LOCALVERSION="-heads"
+# CONFIG_LOCALVERSION_AUTO is not set
+CONFIG_KERNEL_XZ=y
+# CONFIG_SWAP is not set
+# CONFIG_CROSS_MEMORY_ATTACH is not set
+# CONFIG_FHANDLE is not set
+CONFIG_NO_HZ_IDLE=y
+CONFIG_LOG_BUF_SHIFT=18
+CONFIG_BLK_DEV_INITRD=y
+CONFIG_INITRAMFS_SOURCE="../../../blobs/dev.cpio"
+# CONFIG_RD_GZIP is not set
+# CONFIG_RD_BZIP2 is not set
+# CONFIG_RD_LZMA is not set
+# CONFIG_RD_LZO is not set
+# CONFIG_RD_LZ4 is not set
+CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+# CONFIG_SGETMASK_SYSCALL is not set
+# CONFIG_SYSFS_SYSCALL is not set
+# CONFIG_BASE_FULL is not set
+# CONFIG_SIGNALFD is not set
+# CONFIG_TIMERFD is not set
+# CONFIG_EVENTFD is not set
+# CONFIG_AIO is not set
+# CONFIG_ADVISE_SYSCALLS is not set
+# CONFIG_MEMBARRIER is not set
+CONFIG_EMBEDDED=y
+# CONFIG_VM_EVENT_COUNTERS is not set
+# CONFIG_SLUB_DEBUG is not set
+# CONFIG_COMPAT_BRK is not set
+CONFIG_JUMP_LABEL=y
+CONFIG_CC_STACKPROTECTOR_STRONG=y
+CONFIG_MODULES=y
+# CONFIG_IOSCHED_DEADLINE is not set
+# CONFIG_IOSCHED_CFQ is not set
+CONFIG_SMP=y
+# CONFIG_X86_EXTENDED_PLATFORM is not set
+CONFIG_PROCESSOR_SELECT=y
+# CONFIG_CPU_SUP_CENTAUR is not set
+CONFIG_PREEMPT_VOLUNTARY=y
+CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y
+# CONFIG_X86_MCE_AMD is not set
+# CONFIG_PERF_EVENTS_INTEL_RAPL is not set
+# CONFIG_MICROCODE is not set
+# CONFIG_SPARSEMEM_VMEMMAP is not set
+# CONFIG_COMPACTION is not set
+# CONFIG_BOUNCE is not set
+CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
+CONFIG_X86_PMEM_LEGACY=y
+# CONFIG_MTRR is not set
+# CONFIG_X86_SMAP is not set
+# CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set
+# CONFIG_SECCOMP is not set
+CONFIG_KEXEC=y
+CONFIG_KEXEC_FILE=y
+# CONFIG_RELOCATABLE is not set
+CONFIG_PHYSICAL_ALIGN=0x1000000
+# CONFIG_MODIFY_LDT_SYSCALL is not set
+# CONFIG_SUSPEND is not set
+CONFIG_PCI_MSI=y
+# CONFIG_HT_IRQ is not set
+CONFIG_PCI_IOV=y
+CONFIG_PCI_PRI=y
+# CONFIG_COREDUMP is not set
+CONFIG_NET=y
+CONFIG_PACKET=y
+CONFIG_UNIX=y
+CONFIG_INET=y
+CONFIG_SYN_COOKIES=y
+# CONFIG_INET_XFRM_MODE_TRANSPORT is not set
+# CONFIG_INET_XFRM_MODE_TUNNEL is not set
+# CONFIG_INET_XFRM_MODE_BEET is not set
+# CONFIG_INET_DIAG is not set
+# CONFIG_IPV6 is not set
+# CONFIG_WIRELESS is not set
+# CONFIG_UEVENT_HELPER is not set
+CONFIG_DEVTMPFS=y
+CONFIG_DEVTMPFS_MOUNT=y
+# CONFIG_STANDALONE is not set
+# CONFIG_FIRMWARE_IN_KERNEL is not set
+# CONFIG_ALLOW_DEV_COREDUMP is not set
+CONFIG_BLK_DEV_LOOP=y
+CONFIG_BLK_DEV_RAM=y
+CONFIG_BLK_DEV_RAM_SIZE=65536
+CONFIG_EEPROM_93CX6=m
+CONFIG_INTEL_MEI_ME=m
+CONFIG_INTEL_MEI_TXE=m
+# CONFIG_SCSI_PROC_FS is not set
+CONFIG_BLK_DEV_SD=y
+CONFIG_BLK_DEV_SR=y
+CONFIG_CHR_DEV_SG=y
+CONFIG_SCSI_SCAN_ASYNC=y
+CONFIG_ISCSI_TCP=y
+CONFIG_SCSI_MPT3SAS=y
+CONFIG_ATA=y
+CONFIG_SATA_AHCI=y
+# CONFIG_ATA_SFF is not set
+CONFIG_MD=y
+CONFIG_BLK_DEV_DM=y
+CONFIG_DM_CRYPT=y
+CONFIG_DM_VERITY=y
+CONFIG_DM_VERITY_FEC=y
+CONFIG_NETDEVICES=y
+# CONFIG_NET_VENDOR_3COM is not set
+# CONFIG_NET_VENDOR_ADAPTEC is not set
+# CONFIG_NET_VENDOR_AGERE is not set
+# CONFIG_NET_VENDOR_ALTEON is not set
+# CONFIG_NET_VENDOR_AMAZON is not set
+# CONFIG_NET_VENDOR_AMD is not set
+# CONFIG_NET_VENDOR_ARC is not set
+# CONFIG_NET_VENDOR_ATHEROS is not set
+# CONFIG_NET_CADENCE is not set
+# CONFIG_NET_VENDOR_BROADCOM is not set
+# CONFIG_NET_VENDOR_BROCADE is not set
+# CONFIG_NET_VENDOR_CAVIUM is not set
+# CONFIG_NET_VENDOR_CHELSIO is not set
+# CONFIG_NET_VENDOR_CISCO is not set
+# CONFIG_NET_VENDOR_DEC is not set
+# CONFIG_NET_VENDOR_DLINK is not set
+# CONFIG_NET_VENDOR_EMULEX is not set
+# CONFIG_NET_VENDOR_EZCHIP is not set
+# CONFIG_NET_VENDOR_EXAR is not set
+# CONFIG_NET_VENDOR_HP is not set
+CONFIG_E1000=m
+CONFIG_E1000E=m
+# CONFIG_NET_VENDOR_I825XX is not set
+# CONFIG_NET_VENDOR_MARVELL is not set
+# CONFIG_NET_VENDOR_MELLANOX is not set
+# CONFIG_NET_VENDOR_MICREL is not set
+# CONFIG_NET_VENDOR_MYRI is not set
+# CONFIG_NET_VENDOR_NATSEMI is not set
+# CONFIG_NET_VENDOR_NETRONOME is not set
+# CONFIG_NET_VENDOR_NVIDIA is not set
+# CONFIG_NET_VENDOR_OKI is not set
+# CONFIG_NET_PACKET_ENGINE is not set
+# CONFIG_NET_VENDOR_QLOGIC is not set
+# CONFIG_NET_VENDOR_QUALCOMM is not set
+# CONFIG_NET_VENDOR_REALTEK is not set
+# CONFIG_NET_VENDOR_RENESAS is not set
+# CONFIG_NET_VENDOR_RDC is not set
+# CONFIG_NET_VENDOR_ROCKER is not set
+# CONFIG_NET_VENDOR_SAMSUNG is not set
+# CONFIG_NET_VENDOR_SEEQ is not set
+# CONFIG_NET_VENDOR_SILAN is not set
+# CONFIG_NET_VENDOR_SIS is not set
+# CONFIG_NET_VENDOR_SMSC is not set
+# CONFIG_NET_VENDOR_STMICRO is not set
+# CONFIG_NET_VENDOR_SUN is not set
+# CONFIG_NET_VENDOR_TEHUTI is not set
+# CONFIG_NET_VENDOR_TI is not set
+# CONFIG_NET_VENDOR_VIA is not set
+# CONFIG_NET_VENDOR_WIZNET is not set
+# CONFIG_NET_VENDOR_SYNOPSYS is not set
+# CONFIG_USB_NET_DRIVERS is not set
+# CONFIG_WLAN is not set
+# CONFIG_INPUT_MOUSE is not set
+# CONFIG_SERIO_SERPORT is not set
+# CONFIG_LEGACY_PTYS is not set
+CONFIG_SERIAL_8250=y
+# CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set
+# CONFIG_SERIAL_8250_PNP is not set
+CONFIG_SERIAL_8250_CONSOLE=y
+# CONFIG_SERIAL_8250_PCI is not set
+# CONFIG_SERIAL_8250_LPSS is not set
+# CONFIG_SERIAL_8250_MID is not set
+CONFIG_TTY_PRINTK=y
+CONFIG_HW_RANDOM=y
+CONFIG_HW_RANDOM_TIMERIOMEM=m
+CONFIG_HW_RANDOM_INTEL=m
+CONFIG_HW_RANDOM_AMD=m
+CONFIG_HW_RANDOM_VIA=m
+CONFIG_HW_RANDOM_TPM=m
+CONFIG_TCG_TPM=y
+CONFIG_TCG_TIS=y
+# CONFIG_I2C_COMPAT is not set
+CONFIG_I2C_MUX=m
+CONFIG_I2C_MUX_PCA9541=m
+CONFIG_I2C_MUX_REG=m
+# CONFIG_I2C_HELPER_AUTO is not set
+CONFIG_I2C_SLAVE=y
+CONFIG_PTP_1588_CLOCK=y
+# CONFIG_X86_PKG_TEMP_THERMAL is not set
+CONFIG_MFD_SYSCON=y
+CONFIG_DRM=y
+CONFIG_DRM_RADEON=y
+CONFIG_DRM_AMDGPU=y
+CONFIG_DRM_NOUVEAU=y
+CONFIG_DRM_AST=y
+CONFIG_FB_VESA=y
+# CONFIG_LCD_CLASS_DEVICE is not set
+# CONFIG_BACKLIGHT_GENERIC is not set
+CONFIG_FRAMEBUFFER_CONSOLE=y
+CONFIG_USB=y
+CONFIG_USB_XHCI_HCD=m
+CONFIG_USB_XHCI_PLATFORM=m
+CONFIG_USB_EHCI_HCD=m
+CONFIG_USB_EHCI_HCD_PLATFORM=m
+CONFIG_USB_OHCI_HCD=m
+CONFIG_USB_OHCI_HCD_PLATFORM=m
+CONFIG_USB_UHCI_HCD=m
+CONFIG_USB_STORAGE=m
+CONFIG_RTC_CLASS=y
+CONFIG_INTEL_IOMMU=y
+CONFIG_INTEL_IOMMU_SVM=y
+CONFIG_GENERIC_PHY=y
+# CONFIG_BLK_DEV_PMEM is not set
+# CONFIG_ND_BLK is not set
+# CONFIG_BTT is not set
+# CONFIG_FIRMWARE_MEMMAP is not set
+# CONFIG_DMIID is not set
+CONFIG_EXT4_FS=y
+# CONFIG_DNOTIFY is not set
+# CONFIG_INOTIFY_USER is not set
+CONFIG_ISO9660_FS=y
+CONFIG_JOLIET=y
+CONFIG_MSDOS_FS=y
+CONFIG_VFAT_FS=y
+# CONFIG_PROC_SYSCTL is not set
+# CONFIG_PROC_PAGE_MONITOR is not set
+CONFIG_TMPFS=y
+# CONFIG_MISC_FILESYSTEMS is not set
+CONFIG_NLS_DEFAULT="utf8"
+CONFIG_NLS_CODEPAGE_437=y
+CONFIG_NLS_ISO8859_1=y
+CONFIG_NLS_UTF8=y
+CONFIG_PRINTK_TIME=y
+CONFIG_BOOT_PRINTK_DELAY=y
+CONFIG_DYNAMIC_DEBUG=y
+CONFIG_DEBUG_INFO=y
+CONFIG_DEBUG_INFO_DWARF4=y
+CONFIG_GDB_SCRIPTS=y
+# CONFIG_ENABLE_WARN_DEPRECATED is not set
+# CONFIG_ENABLE_MUST_CHECK is not set
+CONFIG_FRAME_WARN=1024
+CONFIG_DEBUG_FS=y
+CONFIG_MAGIC_SYSRQ=y
+CONFIG_HARDLOCKUP_DETECTOR=y
+CONFIG_WQ_WATCHDOG=y
+# CONFIG_SCHED_DEBUG is not set
+CONFIG_STACKTRACE=y
+# CONFIG_DEBUG_BUGVERBOSE is not set
+# CONFIG_RCU_TRACE is not set
+# CONFIG_FTRACE is not set
+# CONFIG_STRICT_DEVMEM is not set
+# CONFIG_X86_VERBOSE_BOOTUP is not set
+# CONFIG_DOUBLEFAULT is not set
+CONFIG_IO_DELAY_0XED=y
+CONFIG_OPTIMIZE_INLINING=y
+# CONFIG_X86_DEBUG_FPU is not set
+CONFIG_HARDENED_USERCOPY=y
+CONFIG_CRYPTO_RSA=m
+CONFIG_CRYPTO_USER=y
+CONFIG_CRYPTO_MCRYPTD=m
+CONFIG_CRYPTO_AUTHENC=m
+CONFIG_CRYPTO_CCM=m
+CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_CHACHA20POLY1305=m
+CONFIG_CRYPTO_CTS=m
+CONFIG_CRYPTO_LRW=y
+CONFIG_CRYPTO_PCBC=m
+CONFIG_CRYPTO_XTS=y
+CONFIG_CRYPTO_KEYWRAP=m
+CONFIG_CRYPTO_CMAC=m
+CONFIG_CRYPTO_HMAC=y
+CONFIG_CRYPTO_XCBC=m
+CONFIG_CRYPTO_VMAC=m
+CONFIG_CRYPTO_CRC32C_INTEL=y
+CONFIG_CRYPTO_CRC32=m
+CONFIG_CRYPTO_CRC32_PCLMUL=m
+CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
+CONFIG_CRYPTO_POLY1305_X86_64=m
+CONFIG_CRYPTO_MD4=m
+CONFIG_CRYPTO_MICHAEL_MIC=m
+CONFIG_CRYPTO_RMD128=m
+CONFIG_CRYPTO_RMD160=m
+CONFIG_CRYPTO_RMD256=m
+CONFIG_CRYPTO_RMD320=m
+CONFIG_CRYPTO_SHA1_SSSE3=y
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_TGR192=m
+CONFIG_CRYPTO_WP512=m
+CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m
+CONFIG_CRYPTO_AES_NI_INTEL=y
+CONFIG_CRYPTO_ANUBIS=m
+CONFIG_CRYPTO_ARC4=m
+CONFIG_CRYPTO_BLOWFISH=m
+CONFIG_CRYPTO_BLOWFISH_X86_64=m
+CONFIG_CRYPTO_CAMELLIA=m
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m
+CONFIG_CRYPTO_CAST5_AVX_X86_64=m
+CONFIG_CRYPTO_CAST6_AVX_X86_64=m
+CONFIG_CRYPTO_DES3_EDE_X86_64=m
+CONFIG_CRYPTO_FCRYPT=m
+CONFIG_CRYPTO_KHAZAD=m
+CONFIG_CRYPTO_SALSA20=m
+CONFIG_CRYPTO_CHACHA20_X86_64=m
+CONFIG_CRYPTO_SEED=m
+CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m
+CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
+CONFIG_CRYPTO_TEA=m
+CONFIG_CRYPTO_TWOFISH=m
+CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
+CONFIG_CRYPTO_DEFLATE=m
+CONFIG_CRYPTO_LZO=y
+CONFIG_CRYPTO_842=m
+CONFIG_CRYPTO_LZ4=m
+CONFIG_CRYPTO_LZ4HC=m
+CONFIG_CRYPTO_ANSI_CPRNG=m
+CONFIG_CRYPTO_DRBG_HASH=y
+CONFIG_CRYPTO_DRBG_CTR=y
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
+CONFIG_CRYPTO_USER_API_RNG=y
+CONFIG_CRYPTO_USER_API_AEAD=y
+# CONFIG_CRYPTO_HW is not set
+# CONFIG_VIRTUALIZATION is not set
+CONFIG_CRC_CCITT=m
+CONFIG_CRC_T10DIF=y
+CONFIG_CRC_ITU_T=m
+CONFIG_CRC7=m
+CONFIG_LIBCRC32C=m
+CONFIG_CRC8=m
+CONFIG_XZ_DEC_TEST=m
+CONFIG_CORDIC=m
+CONFIG_IRQ_POLL=y

patches/coreboot-4.11/0020-kgpe-d16_measured-boot-support.patch

@@ -0,0 +1,67 @@
+diff --git a/src/mainboard/asus/kgpe-d16/romstage.c b/src/mainboard/asus/kgpe-d16/romstage.c
+index 637ec42109..8a92f88375 100644
+--- a/src/mainboard/asus/kgpe-d16/romstage.c
++++ b/src/mainboard/asus/kgpe-d16/romstage.c
+@@ -46,6 +46,12 @@
+ #include <cbmem.h>
+ #include <types.h>
+ 
++#include <security/tpm/tss.h>
++#include <security/tpm/tspi.h>
++#include <program_loading.h>
++#include <smp/node.h>
++#include <cbfs.h>
++
+ #include "cpu/amd/quadcore/quadcore.c"
+ 
+ #define SERIAL_0_DEV PNP_DEV(0x2e, W83667HG_A_SP1)
+@@ -547,7 +553,6 @@ void cache_as_ram_main(unsigned long bist, unsigned long cpu_init_detectedx)
+ 		power_on_reset = 1;
+ 
+ 	initialize_mca(1, power_on_reset);
+-	update_microcode(val);
+ 
+ 	post_code(0x33);
+ 
+@@ -573,6 +578,13 @@ void cache_as_ram_main(unsigned long bist, unsigned long cpu_init_detectedx)
+ 	sr5650_early_setup();
+ 	sb7xx_51xx_early_setup();
+ 
++	if (CONFIG(MEASURED_BOOT) && CONFIG(LPC_TPM) && boot_cpu()) {
++		tpm_setup(0);
++		tlcl_lib_init();
++	}
++
++	update_microcode(val);
++
+ 	if (CONFIG(LOGICAL_CPUS)) {
+ 		/* Core0 on each node is configured. Now setup any additional cores. */
+ 		printk(BIOS_DEBUG, "start_other_cores()\n");
+@@ -687,6 +699,17 @@ void cache_as_ram_main(unsigned long bist, unsigned long cpu_init_detectedx)
+ 	pci_write_config16(PCI_DEV(0, 0x14, 0), 0x54, 0x0707);
+ 	pci_write_config16(PCI_DEV(0, 0x14, 0), 0x56, 0x0bb0);
+ 	pci_write_config16(PCI_DEV(0, 0x14, 0), 0x5a, 0x0ff0);
++
++	if (CONFIG(MEASURED_BOOT) && CONFIG(LPC_TPM)) {
++		size_t bootblock_size = 0;
++		const void *bootblock = cbfs_boot_map_with_leak("bootblock", 1, &bootblock_size);
++		tlcl_measure(2, bootblock, bootblock_size);
++
++		extern char _romstage, _eromstage;
++		tlcl_measure(2, &_romstage, &_eromstage - &_romstage);
++	}
++
++
+ }
+ 
+ /**
+@@ -718,3 +741,9 @@ BOOL AMD_CB_ManualBUIDSwapList (u8 node, u8 link, const u8 **List)
+ 
+ 	return 0;
+ }
++
++void platform_segment_loaded(uintptr_t start, size_t size, int flags)
++{
++	if (CONFIG(MEASURED_BOOT) && !(flags & SEG_NO_MEASURE))
++		tlcl_measure(2, (const void *) start, size);
++}

patches/coreboot-4.11/0021-kgpe-d16_c-environment_bootblock.patch

@@ -0,0 +1,50 @@
+From 92023c6cfc3db86f9236a01897754a1579afdf64 Mon Sep 17 00:00:00 2001
+From: Arthur Heymans <arthur@aheymans.xyz>
+Date: Sun, 17 Nov 2019 12:20:30 +0100
+Subject: [PATCH] lib/fmap.c: Properly handle cache for
+ !C_ENVIRONMENT_BOOTBLOCK
+
+On platforms without C_ENVIRONMENT_BOOTBLOCK the first stage
+accessing FMAP is romstage.
+
+Change-Id: I7d70585b0c076707e73e20c2ed3f11e4c9ffdf37
+Signed-off-by: Arthur Heymans <arthur@aheymans.xyz>
+---
+ src/lib/fmap.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/src/lib/fmap.c b/src/lib/fmap.c
+index 48aab8f3d5..06e9e202b6 100644
+--- a/src/lib/fmap.c
++++ b/src/lib/fmap.c
+@@ -58,6 +58,12 @@ static void report(const struct fmap *fmap)
+ 	car_set_var(fmap_print_once, 1);
+ }
+ 
++#if CONFIG(C_ENVIRONMENT_BOOTBLOCK)
++#define FIRST_C_STAGE ENV_BOOTBLOCK
++#else
++#define FIRST_C_STAGE ENV_ROMSTAGE
++#endif
++
+ static void setup_preram_cache(struct mem_region_device *cache_mrdev)
+ {
+ 	if (CONFIG(NO_FMAP_CACHE))
+@@ -81,10 +87,10 @@ static void setup_preram_cache(struct mem_region_device *cache_mrdev)
+ 	}
+ 
+ 	struct fmap *fmap = (struct fmap *)_fmap_cache;
+-	if (!ENV_BOOTBLOCK) {
+-		/* NOTE: This assumes that for all platforms running this code,
+-		   the bootblock is the first stage and the bootblock will make
+-		   at least one FMAP access (usually from finding CBFS). */
++	/* NOTE: This assumes that for all platforms running this code,
++	   the first stage running in a C (!romcc) environment does
++	   at least one FMAP access (usually from finding CBFS). */
++	if (!FIRST_C_STAGE) {
+ 		if (!check_signature(fmap))
+ 			goto register_cache;
+ 
+-- 
+2.20.1
+