diff --git a/boards/t430-flash/t430-flash.config b/boards/t430-flash/t430-flash.config new file mode 100644 index 00000000..16b3617f --- /dev/null +++ b/boards/t430-flash/t430-flash.config @@ -0,0 +1,23 @@ +# Minimal configuration for a t430 to support flashrom, USB and networking +BOARD=t430.flash + +export CONFIG_COREBOOT=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_PCIUTILS=y + +CONFIG_LINUX_CONFIG=config/linux-x230-flash.config +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=y + +export CONFIG_BOOTSCRIPT=/bin/t430-flash.init +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" + +# This board is "special" in that we only want the top 4 MB of the ROM +# for flashing into SPI flash 1 on the mainboard. This is enough to +# allow the board to boot into a minimal Heads and read the full +# ROM from an external USB media. +all: $(build)/$(BOARD)/$(BOARD).rom +$(build)/$(BOARD)/$(BOARD).rom: $(build)/$(BOARD)/coreboot.rom + dd of=$@ if=$< bs=65536 count=64 skip=128 + sha256sum $@ diff --git a/boards/t430/t430.config b/boards/t430/t430.config new file mode 100644 index 00000000..b2487e43 --- /dev/null +++ b/boards/t430/t430.config @@ -0,0 +1,44 @@ +# Configuration for a t430 running Qubes and other OSes +export CONFIG_COREBOOT=y +CONFIG_COREBOOT_CONFIG=config/coreboot-t430.config +CONFIG_LINUX_CONFIG=config/linux-x230.config + +CONFIG_CRYPTSETUP=y +CONFIG_FLASHROM=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +CONFIG_DROPBEAR=y + +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=y + +export CONFIG_TPM=y +export CONFIG_BOOTSCRIPT=/bin/gui-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOOT_KERNEL_REMOVE="quiet" +export CONFIG_BOOT_DEV="/dev/sda1" +export CONFIG_BOOT_GUI_MENU_NAME="Thinkpad T430 Heads Boot Menu" +export CONFIG_WARNING_BG_COLOR="--background-gradient 0 0 0 150 125 0" +export CONFIG_ERROR_BG_COLOR="--background-gradient 0 0 0 150 0 0" +export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal --ifd --image bios" + +# This board has two SPI flash chips, an 8 MB that holds the IFD, +# the ME image and part of the coreboot image, and a 4 MB one that +# has the rest of the coreboot and the reset vector. +# +# Only flashing to the bios region is safe to do. The easiest is to +# flash internally when the IFD is unlocked for writing, and t430-flash +# is installed first. diff --git a/config/coreboot-t430-flash.config b/config/coreboot-t430-flash.config new file mode 100644 index 00000000..c44c7537 --- /dev/null +++ b/config/coreboot-t430-flash.config @@ -0,0 +1,18 @@ +CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y +# CONFIG_INCLUDE_CONFIG_FILE is not set +# CONFIG_COLLECT_TIMESTAMPS is not set +CONFIG_USE_BLOBS=y +CONFIG_MEASURED_BOOT=y +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x400000 +# CONFIG_POST_DEVICE is not set +CONFIG_DRIVERS_UART_8250IO=y +CONFIG_BOARD_LENOVO_THINKPAD_T430=y +CONFIG_DRIVERS_PS2_KEYBOARD=y +CONFIG_UART_PCI_ADDR=0 +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/t430-flash/bzImage" +CONFIG_LINUX_INITRD="../../build/t430-flash/initrd.cpio.xz" diff --git a/config/coreboot-t430.config b/config/coreboot-t430.config new file mode 100644 index 00000000..f16bb852 --- /dev/null +++ b/config/coreboot-t430.config @@ -0,0 +1,26 @@ +CONFIG_LOCALVERSION="heads" +CONFIG_ANY_TOOLCHAIN=y +# CONFIG_INCLUDE_CONFIG_FILE is not set +# CONFIG_COLLECT_TIMESTAMPS is not set +CONFIG_USE_BLOBS=y +CONFIG_MEASURED_BOOT=y +CONFIG_VENDOR_LENOVO=y +CONFIG_CBFS_SIZE=0x800000 +# CONFIG_POST_IO is not set +# CONFIG_POST_DEVICE is not set +CONFIG_DRIVERS_UART_8250IO=y +CONFIG_BOARD_LENOVO_THINKPAD_T430=y +CONFIG_DRIVERS_PS2_KEYBOARD=y +CONFIG_UART_PCI_ADDR=0 +# CONFIG_CONSOLE_SERIAL is not set +CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x80000 +CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5=y +CONFIG_PAYLOAD_LINUX=y +CONFIG_PAYLOAD_FILE="../../build/t430/bzImage" +CONFIG_PAYLOAD_OPTIONS="" +# CONFIG_PXE is not set +CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off quiet" +CONFIG_LINUX_INITRD="../../build/t430/initrd.cpio.xz" +CONFIG_DEBUG_SMM_RELOCATION=y +CONFIG_USE_OPTION_TABLE=y +CONFIG_STATIC_OPTION_TABLE=y diff --git a/initrd/bin/t430-flash.init b/initrd/bin/t430-flash.init new file mode 100755 index 00000000..9b97970e --- /dev/null +++ b/initrd/bin/t430-flash.init @@ -0,0 +1,26 @@ +#!/bin/sh +# Initialize the USB and network device drivers, +# invoke a recovery shell and prompt the user for how to proceed + +. /etc/functions +. /tmp/config + +insmod /lib/modules/ehci-hcd.ko +insmod /lib/modules/ehci-pci.ko +insmod /lib/modules/xhci-hcd.ko +insmod /lib/modules/xhci-pci.ko +insmod /lib/modules/e1000e.ko +insmod /lib/modules/usb-storage.ko + +tpm extend -ix 4 -ic recovery +sleep 2 + +echo '***** Starting recovery shell' +echo '' +echo 'To install from flash drive:' +echo '' +echo ' mount -o ro /dev/sdb1 /media' +echo ' flash.sh /media/t430.rom' +echo '' + +exec /bin/ash diff --git a/patches/coreboot-4.8.1/0060-enable-tpm-on-t430.patch b/patches/coreboot-4.8.1/0060-enable-tpm-on-t430.patch new file mode 100644 index 00000000..ed28a72a --- /dev/null +++ b/patches/coreboot-4.8.1/0060-enable-tpm-on-t430.patch @@ -0,0 +1,23 @@ +mb/lenovo/t430/devicetree: Add missing TPM entry +Tested on Lenovo T430: +The TPM is advertised through ACPI tables and the version can be +read using tpm_version, tcsd and tpm_tis. +Change-Id: I0b0c39e7aa1be4a479325d4b5eff5892a7e2f69f +Signed-off-by: Patrick Rudolph +Reviewed-on: https://review.coreboot.org/26780 +Tested-by: build bot (Jenkins) +Reviewed-by: Arthur Heymans +Reviewed-by: Paul Menzel +Original Commit at: https://review.coreboot.org/c/coreboot/+/26780 +--- ./src/mainboard/lenovo/t430/devicetree.cb 2020-01-15 17:42:17.441317488 +0000 ++++ ./src/mainboard/lenovo/t430/devicetree.cb 2020-01-15 17:37:39.889846000 +0000 +@@ -165,6 +165,9 @@ + + register "has_thinker1" = "0" + end ++ chip drivers/pc80/tpm ++ device pnp 0c31.0 on end ++ end + end + device pci 1f.2 on # SATA Controller 1 + subsystemid 0x17aa 0x21f3