Merge remote-tracking branch 'osresearch/master' into pr0_skylake_and_more_recent

.circleci/config.yml

@@ -45,7 +45,7 @@ commands:
 jobs:
   prep_env:
     docker:
-      - image: tlaurion/heads-dev-env:v0.2.3
+      - image: tlaurion/heads-dev-env:v0.2.4
     resource_class: large
     working_directory: ~/heads
     steps:
@@ -65,11 +65,11 @@ jobs:
       - run:
           name: Creating coreboot (and associated patches) and musl-cross-make modules digest (musl-cross-make and coreboot cache digest)
           command: |
-            find .circleci/config.yml ./Makefile ./flake.lock ./modules/coreboot ./modules/musl-cross* ./patches/coreboot* -type f | sort -h | xargs sha256sum > ./tmpDir/coreboot_musl-cross.sha256sums
+            find .circleci/config.yml ./Makefile ./flake.lock ./modules/coreboot ./modules/musl-cross-make* ./patches/coreboot* -type f | sort -h | xargs sha256sum > ./tmpDir/coreboot_musl-cross-make.sha256sums
       - run:
           name: Creating musl-cross-make and musl-cross-make patches digest (musl-cross-make cache digest)
           command: |
-            find .circleci/config.yml ./Makefile ./flake.lock modules/musl-cross* -type f | sort -h | xargs sha256sum > ./tmpDir/musl-cross.sha256sums
+            find .circleci/config.yml ./Makefile ./flake.lock modules/musl-cross-make* -type f | sort -h | xargs sha256sum > ./tmpDir/musl-cross-make.sha256sums
       - restore_cache:
           # First matched/found key wins and following keys are not tried
           keys:
@@ -79,10 +79,10 @@ jobs:
             - nix-docker-heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
 
             # Cache for coreboot module (and patches) and musl-cross-make digests (coreboot: triannual release)
-            - nix-docker-heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
+            - nix-docker-heads-coreboot-musl-cross-make-{{ checksum "./tmpDir/coreboot_musl-cross-make.sha256sums" }}{{ .Environment.CACHE_VERSION }}
 
             # Cache for musl-cross-make module digest (rarely modified).
-            - nix-docker-heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
+            - nix-docker-heads-musl-cross-make-{{ checksum "./tmpDir/musl-cross-make.sha256sums" }}{{ .Environment.CACHE_VERSION }}
       - run:
           name: Download and neuter xx20 ME (keep generated GBE and extracted IFD in tree)
           command: |
@@ -115,7 +115,7 @@ jobs:
 
   build_and_persist:
     docker:
-      - image: tlaurion/heads-dev-env:v0.2.3
+      - image: tlaurion/heads-dev-env:v0.2.4
     resource_class: large
     working_directory: ~/heads
     parameters:
@@ -143,7 +143,7 @@ jobs:
 
   build:
     docker:
-      - image: tlaurion/heads-dev-env:v0.2.3
+      - image: tlaurion/heads-dev-env:v0.2.4
     resource_class: large
     working_directory: ~/heads
     parameters:
@@ -164,33 +164,33 @@ jobs:
 
   save_cache:
     docker:
-      - image: tlaurion/heads-dev-env:v0.2.3
+      - image: tlaurion/heads-dev-env:v0.2.4
     resource_class: large
     working_directory: ~/heads
     steps:
       - attach_workspace:
           at: ~/heads
       - save_cache:
-          # Generate cache for the same musl-cross module definition if hash is not previously existing
+          # Generate cache for the same musl-cross-make module definition if hash is not previously existing
           # CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names
-          key: nix-docker-heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
+          key: nix-docker-heads-musl-cross-make-{{ checksum "./tmpDir/musl-cross-make.sha256sums" }}{{ .Environment.CACHE_VERSION }}
           paths:
-            - build/ppc64/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
-            - build/x86/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
+            - build/ppc64/musl-cross-make-38e52db8358c043ae82b346a2e6e66bc86a53bc1
+            - build/x86/musl-cross-make-38e52db8358c043ae82b346a2e6e66bc86a53bc1
             - crossgcc
             - packages
       - save_cache:
           # Generate cache for the same coreboot and musl-cross-make modules definition if hash is not previously existing
           # CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names
-          key: nix-docker-heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
+          key: nix-docker-heads-coreboot-musl-cross-make-{{ checksum "./tmpDir/coreboot_musl-cross-make.sha256sums" }}{{ .Environment.CACHE_VERSION }}
           paths:
             - build/ppc64/coreboot-talos_2
-            - build/ppc64/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
+            - build/ppc64/musl-cross-make-38e52db8358c043ae82b346a2e6e66bc86a53bc1
             - build/x86/coreboot-4.11
             - build/x86/coreboot-24.02.01
             - build/x86/coreboot-dasharo
             - build/x86/coreboot-purism
-            - build/x86/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
+            - build/x86/musl-cross-make-38e52db8358c043ae82b346a2e6e66bc86a53bc1
             - crossgcc
             - packages
       - save_cache:
@@ -208,20 +208,20 @@ workflows:
     jobs:
       - prep_env
 
-      # This step builds musl-cross for x86 architecture, which will be used by subsequent x86 board builds
+      # This step builds musl-cross-make for x86 architecture, which will be used by subsequent x86 board builds
       - build_and_persist:
-          name: x86-musl-cross
+          name: x86-musl-cross-make
           target: x230-hotp-maximized
-          subcommand: "musl-cross"
+          subcommand: "musl-cross-make"
           requires:
             - prep_env
 
-      # This step builds musl-cross for ppc64 architecture, which will be used by subsequent ppc64 board builds
+      # This step builds musl-cross-make for ppc64 architecture, which will be used by subsequent ppc64 board builds
       - build_and_persist:
-          name: ppc64-musl-cross
+          name: ppc64-musl-cross-make
           arch: ppc64
-          target: talos-2
-          subcommand: "musl-cross"
+          target: UNTESTED_talos-2
+          subcommand: "musl-cross-make"
           requires:
             - prep_env
 
@@ -234,7 +234,7 @@ workflows:
           target: x230-hotp-maximized
           subcommand: ""
           requires:
-            - x86-musl-cross
+            - x86-musl-cross-make
 
       # coreboot purism
       - build_and_persist:
@@ -250,20 +250,20 @@ workflows:
       # No need to wait further for other board's cache
       # We reuse built modules from x230-hotp-maximized cache only
       - build_and_persist:
-          name: nitropad-nv41
-          target: nitropad-nv41
+          name: novacustom_nv4x_adl
+          target: novacustom_nv4x_adl
           subcommand: ""
           requires:
-            - x86-musl-cross
+            - x86-musl-cross-make
 
       # coreboot talos_2
       - build_and_persist:
-          name: talos-2
+          name: UNTESTED_talos-2
           arch: ppc64
-          target: talos-2
+          target: UNTESTED_talos-2
           subcommand: ""
           requires:
-            - ppc64-musl-cross
+            - ppc64-musl-cross-make
 
       # coreboot 4.11
       - build_and_persist:
@@ -271,13 +271,13 @@ workflows:
           target: librem_l1um
           subcommand: ""
           requires:
-            - x86-musl-cross
+            - x86-musl-cross-make
 
       # Cache one workspace per architecture
       # Make sure workspace caches are chainloaded and the last in chain for an arch is saved
       - save_cache:
           requires:
-            - talos-2
+            - UNTESTED_talos-2
             - librem_14
 
       # Those onboarding new boards should add their entries below.
@@ -516,7 +516,7 @@ workflows:
           target: nitropad-ns50
           subcommand: ""
           requires:
-            - nitropad-nv41
+            - novacustom_nv4x_adl
 
       # coreboot 4.11
       - build:

Makefile

@@ -189,11 +189,11 @@ $(shell mkdir -p "$(initrd_lib_dir)" "$(initrd_bin_dir)" "$(initrd_data_dir)")
 SHELL := /usr/bin/env bash
 .SHELLFLAGS := -o pipefail -c
 
-# Include the musl-cross module early so that $(CROSS) will
+# Include the musl-cross-make module early so that $(CROSS) will
 # be defined prior to any other module.
-include modules/musl-cross
+include modules/musl-cross-make
 
-musl_dep	:= musl-cross
+musl_dep	:= musl-cross-make
 target		:= $(shell echo $(CROSS) | grep -Eoe '([^/]*?)-linux-musl')
 arch		:= $(subst -linux-musl, , $(target))
 heads_cc	:= $(CROSS)gcc \
@@ -231,9 +231,9 @@ ifeq ($(CONFIG_COREBOOT), y)
 # Legacy flash boards don't generate an update package, the only purpose of
 # those boards is to be flashed over vendor firmware via an exploit.
 ifneq ($(CONFIG_LEGACY_FLASH), y)
-# talos-2 builds its own update package, which is not integrated with the ZIP
-# method currently
-ifneq ($(BOARD), talos-2)
+# Boards containing 'talos-2' build their own update package, which is not integrated with the ZIP method currently
+ifneq ($(findstring talos-2, $(BOARD)),)
+else
 # Coreboot targets create an update package that can be applied with integrity
 # verification before flashing (see flash-gui.sh).  The ZIP package format
 # allows other metadata that might be needed to added in the future without
@@ -245,7 +245,14 @@ $(board_build)/$(CB_UPDATE_PKG_FILE): $(board_build)/$(CB_OUTPUT_FILE)
 	cd "$(board_build)/update_pkg" && sha256sum "$(CB_OUTPUT_FILE)" >sha256sum.txt
 	cd "$(board_build)/update_pkg" && zip -9 "$@" "$(CB_OUTPUT_FILE)" sha256sum.txt
 
+# Only add the hash and size if split_8mb4mb.mk is not included
+ifeq ($(wildcard split_8mb4mb.mk),)
 all: $(board_build)/$(CB_OUTPUT_FILE) $(board_build)/$(CB_UPDATE_PKG_FILE)
+	@sha256sum $(board_build)/$(CB_OUTPUT_FILE) | tee -a "$(HASHES)"
+	@stat -c "%8s:%n" $(board_build)/$(CB_OUTPUT_FILE) | tee -a "$(SIZES)"
+else
+all: $(board_build)/$(CB_OUTPUT_FILE) $(board_build)/$(CB_UPDATE_PKG_FILE)
+endif
 endif
 endif
 
@@ -561,8 +568,8 @@ endef
 
 $(call map, define_module, $(modules-y))
 
-# hack to force musl-cross to be built before musl
-#$(build)/$(musl_dir)/.configured: $(build)/$(musl-cross_dir)/../../crossgcc/x86_64-linux-musl/bin/x86_64-musl-linux-gcc
+# hack to force musl-cross-make to be built before musl
+#$(build)/$(musl_dir)/.configured: $(build)/$(musl-cross-make_dir)/../../crossgcc/x86_64-linux-musl/bin/x86_64-musl-linux-gcc
 
 #
 # Install a file into the initrd, if it changed from
@@ -599,7 +606,7 @@ endef
 
 # Only some modules have binaries that we install
 # Shouldn't this be specified in the module file?
-#bin_modules-$(CONFIG_MUSL) += musl-cross
+#bin_modules-$(CONFIG_MUSL) += musl-cross-make
 bin_modules-$(CONFIG_KEXEC) += kexec
 bin_modules-$(CONFIG_TPMTOTP) += tpmtotp
 bin_modules-$(CONFIG_PCIUTILS) += pciutils
@@ -659,7 +666,7 @@ endif
 $(COREBOOT_UTIL_DIR)/cbmem/cbmem \
 $(COREBOOT_UTIL_DIR)/superiotool/superiotool \
 $(COREBOOT_UTIL_DIR)/inteltool/inteltool \
-: $(build)/$(coreboot_base_dir)/.canary musl-cross
+: $(build)/$(coreboot_base_dir)/.canary musl-cross-make
 	+$(call do,MAKE,$(notdir $@),\
 		$(MAKE) -C "$(dir $@)" $(CROSS_TOOLS) \
 	)
@@ -778,7 +785,7 @@ $(build)/$(initrd_dir)/tools.cpio: $(foreach d,$(bin_modules-y),$(build)/$($d_di
 
 
 # List of all modules, excluding the slow to-build modules
-modules-slow := musl musl-cross kernel_headers
+modules-slow := musl musl-cross-make kernel_headers
 module_dirs := $(foreach m,$(filter-out $(modules-slow),$(modules-y)),$($m_dir))
 
 echo_modules:

README.md

@@ -55,10 +55,10 @@ Build docker from nix develop layer locally
 
 #### Build image
 
+* Have docker and Nix installed
+
 * Build nix developer local environment with flakes locked to specified versions  
-    * `nix --print-build-logs --verbose develop --ignore-environment --command true`  
-* Build docker image with current develop created environment (this will take a while and create "linuxboot/heads:dev-env" local docker image):  
-    * `nix --print-build-logs --verbose build .#dockerImage && docker load < result` 
+    * `./docker_local_dev.sh`
 
 On some hardened OSes, you may encounter problems with ptrace.
 ```
@@ -75,12 +75,16 @@ sudo sysctl -w kernel.yama.ptrace_scope=1 #setup the value to let nix+docker run
 
 Done!
 
-Your local docker image "linuxboot/heads:dev-env" is ready to use, reproducible for the specific Heads commit used and will produce ROMs reproducible for that Heads commit ID.
+Your local docker image "linuxboot/heads:dev-env" is ready to use, reproducible for the specific Heads commit used to build it, and will produce ROMs reproducible for that Heads commit ID.
 
 Jump into nix develop created docker image for interactive workflow
 ====
-`docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env`
+There is 3 helpers:
+- `./docker_local_dev.sh`: for developers wanting to customize docker image built from flake.nix(nix devenv creation) and flake.lock (pinned versions used by flake.nix)
+- `./docker_latest.sh`: for Heads developers, wanting to use latest published docker images to develop Heads
+- `./docker_repro.sh`: versioned docker image used under CircleCI to produce reproducivle builds, both locally and under CircleCI. **Use this one if in doubt**
 
+ie: `./docker_repro.sh` will jump into CircleCI used versioned docker image for that Heads commit id to build images reproducibly if git repo is clean (not dirty).
 
 From there you can use the docker image interactively.
 
@@ -92,22 +96,22 @@ Please refer to [qemu documentation](targets/qemu.md) for more information.
 
 Eg:
 ```
-make BOARD=qemu-coreboot-fbwhiptail-tpm2 # Build rom, export public key to emulated usb storage from qemu runtime
-make BOARD=qemu-coreboot-fbwhiptail-tpm2 PUBKEY_ASC=~/pubkey.asc inject_gpg # Inject pubkey into rom image
-make BOARD=qemu-coreboot-fbwhiptail-tpm2 USB_TOKEN=Nitrokey3NFC PUBKEY_ASC=~/pubkey.asc ROOT_DISK_IMG=~/qemu-disks/debian-9.cow2 INSTALL_IMG=~/Downloads/debian-9.13.0-amd64-xfce-CD-1.iso run # Install
+./docker_repro.sh make BOARD=qemu-coreboot-fbwhiptail-tpm2 # Build rom, export public key to emulated usb storage from qemu runtime
+./docker_repro.sh make BOARD=qemu-coreboot-fbwhiptail-tpm2 PUBKEY_ASC=~/pubkey.asc inject_gpg # Inject pubkey into rom image
+./docker_repro.sh make BOARD=qemu-coreboot-fbwhiptail-tpm2 USB_TOKEN=Nitrokey3NFC PUBKEY_ASC=~/pubkey.asc ROOT_DISK_IMG=~/qemu-disks/debian-9.cow2 INSTALL_IMG=~/Downloads/debian-9.13.0-amd64-xfce-CD-1.iso run # Install
 ```
 
-Alternatively, you can use locally built docker image to build a board ROM image in a single call.
+Alternatively, you can use locally built docker image to build a board ROM image in a single call **but do not expect reproducible builds if not using versioned docker images as per CircleCI as per usage of `./docker_repro.sh`**
 
 Eg:
-`docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) linuxboot/heads:dev-env -- make BOARD=nitropad-nv41`
+`./docker_local_dev.sh make BOARD=nitropad-nv41`
 
 
 Pull docker hub image to prepare reproducible ROMs as CircleCI in one call
 ====
 ```
-docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=x230-hotp-maximized
-docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) tlaurion/heads-dev-env:latest -- make BOARD=nitropad-nv41
+./docker_repro.sh make BOARD=x230-hotp-maximized
+./docker_repro.sh make BOARD=nitropad-nv41
 ```
 
 Maintenance notes on docker image

boards/UNMAINTAINED_kgpe-d16_server-whiptail/UNMAINTAINED_kgpe-d16_server-whiptail.config

@@ -24,7 +24,7 @@ export CONFIG_LINUX_VERSION=6.1.8
 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_server-whiptail.config
 CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_server-whiptail.config
 
-CONFIG_CRYPTSETUP=y
+CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHPROG=y
 CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y

boards/UNMAINTAINED_kgpe-d16_server/UNMAINTAINED_kgpe-d16_server.config

@@ -22,7 +22,7 @@ export CONFIG_LINUX_VERSION=6.1.8
 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_server.config
 CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_server.config
 
-CONFIG_CRYPTSETUP=y
+CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHPROG=y
 #flashprog to support internal flashing of BMC
 CONFIG_FLASHPROG_AST1100=y

boards/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard/UNMAINTAINED_kgpe-d16_workstation-usb_keyboard.config

@@ -18,7 +18,7 @@ export CONFIG_LINUX_VERSION=6.1.8
 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_workstation-usb_keyboard.config
 CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_workstation.config
 
-CONFIG_CRYPTSETUP=y
+CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHPROG=y
 CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y

boards/UNMAINTAINED_kgpe-d16_workstation/UNMAINTAINED_kgpe-d16_workstation.config

@@ -22,7 +22,7 @@ export CONFIG_LINUX_VERSION=6.1.8
 CONFIG_COREBOOT_CONFIG=config/coreboot-kgpe-d16_workstation.config
 CONFIG_LINUX_CONFIG=config/linux-kgpe-d16_workstation.config
 
-CONFIG_CRYPTSETUP=y
+CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHPROG=y
 CONFIG_FLASHTOOLS=y
 CONFIG_GPG2=y

boards/librem_13v2/librem_13v2.config

@@ -27,7 +27,6 @@ CONFIG_HOTPKEY=y
 
 CONFIG_LINUX_USB=y
 CONFIG_MOBILE_TETHERING=y
-export CONFIG_SUPPORT_USB_KEYBOARD=y
 
 export CONFIG_TPM=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init

boards/librem_13v4/librem_13v4.config

@@ -27,7 +27,6 @@ CONFIG_HOTPKEY=y
 
 CONFIG_LINUX_USB=y
 CONFIG_MOBILE_TETHERING=y
-export CONFIG_SUPPORT_USB_KEYBOARD=y
 
 export CONFIG_TPM=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init

boards/librem_14/librem_14.config

@@ -27,7 +27,6 @@ CONFIG_LINUX_USB=y
 CONFIG_MOBILE_TETHERING=y
 
 export CONFIG_TPM=y
-export CONFIG_SUPPORT_USB_KEYBOARD=y
 
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n

boards/librem_15v3/librem_15v3.config

@@ -27,7 +27,6 @@ CONFIG_HOTPKEY=y
 
 CONFIG_LINUX_USB=y
 CONFIG_MOBILE_TETHERING=y
-export CONFIG_SUPPORT_USB_KEYBOARD=y
 
 export CONFIG_TPM=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init

boards/librem_15v4/librem_15v4.config

@@ -28,7 +28,6 @@ CONFIG_HOTPKEY=y
 
 CONFIG_LINUX_USB=y
 CONFIG_MOBILE_TETHERING=y
-export CONFIG_SUPPORT_USB_KEYBOARD=y
 
 export CONFIG_TPM=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init

boards/novacustom_nv4x_adl/novacustom_nv4x_adl.config

@@ -1,11 +1,11 @@
-# Nitrokey Nitropad NV41 board configuration
+# NovaCustom NV4x 12th Gen (nv40pz: Alder Lake) board configuration
 # Note: for reference, other GOP enabled FB board is librem_11
 
 export CONFIG_COREBOOT=y
 export CONFIG_COREBOOT_VERSION=dasharo
 export CONFIG_LINUX_VERSION=6.1.8
 
-CONFIG_COREBOOT_CONFIG=config/coreboot-nitropad-nv41.config
+CONFIG_COREBOOT_CONFIG=config/coreboot-novacustom_nv4x_adl.config
 CONFIG_LINUX_CONFIG=config/linux-nitropad-x.config
 
 #Enable DEBUG output
@@ -72,6 +72,6 @@ export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
 export CONFIG_BOOT_KERNEL_ADD=""
 export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
-export CONFIG_BOARD_NAME="Nitropad NV41"
+export CONFIG_BOARD_NAME="NovaCustom NV4x 12th Gen"
 export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal"
 export CONFIG_AUTO_BOOT_TIMEOUT=5

boards/qemu-coreboot-fbwhiptail-tpm1-hotp-prod/qemu-coreboot-fbwhiptail-tpm1-hotp-prod.config

@@ -0,0 +1,97 @@
+# Configuration for building a coreboot ROM that works in
+# the qemu emulator in console mode thanks to Whiptail
+#
+# TPM can be used with a qemu software TPM (TIS, 1.2).  A Librem Key or
+# Nitrokey Pro can also be used by forwarding the USB device from the host to
+# the VM.
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=24.02.01
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1-prod.config
+CONFIG_LINUX_CONFIG=config/linux-qemu.config
+
+#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing)
+#export CONFIG_RESTRICTED_BOOT=y
+#export CONFIG_BASIC=y
+
+#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing))
+#export CONFIG_HAVE_GPG_KEY_BACKUP=y
+
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+#On-demand hardware support (modules.cpio)
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000=y
+#CONFIG_MOBILE_TETHERING=y
+#Runtime on-demand additional hardware support (modules.cpio)
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
+
+
+
+#Modules packed into tools.cpio
+ifeq "$(CONFIG_UROOT)" "y"
+CONFIG_BUSYBOX=n
+else
+#Modules packed into tools.cpio
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHPROG=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+#Runtime tools to write to MSR
+#CONFIG_MSRTOOLS=y
+#Remote attestation support
+# TPM2 requirements
+#CONFIG_TPM2_TSS=y
+#CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=y
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+endif
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+#export CONFIG_TPM2_TOOLS=y
+#export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
+export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
+export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1-hotp"
+#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal"
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+
+BOARD_TARGETS := qemu

boards/qemu-coreboot-fbwhiptail-tpm1-prod/qemu-coreboot-fbwhiptail-tpm1-prod.config

@@ -0,0 +1,95 @@
+# Configuration for building a coreboot ROM that works in
+# the qemu emulator in console mode thanks to Whiptail
+#
+# TPM can be used with a qemu software TPM (TIS, 1.2).
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=24.02.01
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2-prod.config
+CONFIG_LINUX_CONFIG=config/linux-qemu.config
+
+#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing)
+#export CONFIG_RESTRICTED_BOOT=y
+#export CONFIG_BASIC=y
+
+#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing))
+#export CONFIG_HAVE_GPG_KEY_BACKUP=y
+
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+#On-demand hardware support (modules.cpio)
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000=y
+#CONFIG_MOBILE_TETHERING=y
+#Runtime on-demand additional hardware support (modules.cpio)
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
+
+
+
+#Modules packed into tools.cpio
+ifeq "$(CONFIG_UROOT)" "y"
+CONFIG_BUSYBOX=n
+else
+#Modules packed into tools.cpio
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHPROG=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+#Runtime tools to write to MSR
+CONFIG_MSRTOOLS=y
+#Remote attestation support
+# TPM2 requirements
+#CONFIG_TPM2_TSS=y
+#CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+#CONFIG_HOTPKEY=y
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+endif
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+#export CONFIG_TPM2_TOOLS=y
+#export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
+export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
+export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm1"
+#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal"
+#export CONFIG_AUTO_BOOT_TIMEOUT=5
+
+BOARD_TARGETS := qemu

boards/qemu-coreboot-fbwhiptail-tpm2-hotp-prod/qemu-coreboot-fbwhiptail-tpm2-hotp-prod.config

@@ -0,0 +1,96 @@
+# Configuration for building a coreboot ROM that works in
+# the qemu emulator in graphical mode thanks to FBWhiptail
+# This version requires a supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key)
+#
+# TPM can be used with a qemu software TPM (TIS, 2.0).
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=24.02.01
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2-prod.config
+CONFIG_LINUX_CONFIG=config/linux-qemu.config
+
+#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing)
+#export CONFIG_RESTRICTED_BOOT=y
+#export CONFIG_BASIC=y
+
+#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing))
+#export CONFIG_HAVE_GPG_KEY_BACKUP=y
+
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+#On-demand hardware support (modules.cpio)
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000=y
+#CONFIG_MOBILE_TETHERING=y
+#Runtime on-demand additional hardware support (modules.cpio)
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
+
+
+
+#Modules packed into tools.cpio
+ifeq "$(CONFIG_UROOT)" "y"
+CONFIG_BUSYBOX=n
+else
+#Modules packed into tools.cpio
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHPROG=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+#Runtime tools to write to MSR
+CONFIG_MSRTOOLS=y
+#Remote attestation support
+# TPM2 requirements
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=y
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+endif
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+#export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
+export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
+export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2-hotp"
+#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal"
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+
+BOARD_TARGETS := qemu

boards/qemu-coreboot-fbwhiptail-tpm2-prod/qemu-coreboot-fbwhiptail-tpm2-prod.config

@@ -0,0 +1,95 @@
+# Configuration for building a coreboot ROM that works in
+# the qemu emulator in graphical mode thanks to FBWhiptail
+#
+# TPM can be used with a qemu software TPM (TIS, 2.0).
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=24.02.01
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2-prod.config
+CONFIG_LINUX_CONFIG=config/linux-qemu.config
+
+#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing)
+#export CONFIG_RESTRICTED_BOOT=y
+#export CONFIG_BASIC=y
+
+#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing))
+#export CONFIG_HAVE_GPG_KEY_BACKUP=y
+
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+#On-demand hardware support (modules.cpio)
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000=y
+#CONFIG_MOBILE_TETHERING=y
+#Runtime on-demand additional hardware support (modules.cpio)
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
+
+
+
+#Modules packed into tools.cpio
+ifeq "$(CONFIG_UROOT)" "y"
+CONFIG_BUSYBOX=n
+else
+#Modules packed into tools.cpio
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHPROG=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+#Runtime tools to write to MSR
+CONFIG_MSRTOOLS=y
+#Remote attestation support
+# TPM2 requirements
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+#CONFIG_HOTPKEY=y
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+endif
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+#export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
+export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
+export CONFIG_BOARD_NAME="qemu-coreboot-fbwhiptail-tpm2"
+#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal"
+#export CONFIG_AUTO_BOOT_TIMEOUT=5
+
+BOARD_TARGETS := qemu

boards/qemu-coreboot-whiptail-tpm1-hotp-prod/qemu-coreboot-whiptail-tpm1-hotp-prod.config

@@ -0,0 +1,97 @@
+# Configuration for building a coreboot ROM that works in
+# the qemu emulator in console mode thanks to Whiptail
+#
+# TPM can be used with a qemu software TPM (TIS, 1.2).  A Librem Key or
+# Nitrokey Pro can also be used by forwarding the USB device from the host to
+# the VM.
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=24.02.01
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1-prod.config
+CONFIG_LINUX_CONFIG=config/linux-qemu.config
+
+#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing)
+#export CONFIG_RESTRICTED_BOOT=y
+#export CONFIG_BASIC=y
+
+#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing))
+#export CONFIG_HAVE_GPG_KEY_BACKUP=y
+
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+#On-demand hardware support (modules.cpio)
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000=y
+#CONFIG_MOBILE_TETHERING=y
+#Runtime on-demand additional hardware support (modules.cpio)
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
+
+
+
+#Modules packed into tools.cpio
+ifeq "$(CONFIG_UROOT)" "y"
+CONFIG_BUSYBOX=n
+else
+#Modules packed into tools.cpio
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHPROG=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+#Runtime tools to write to MSR
+CONFIG_MSRTOOLS=y
+#Remote attestation support
+# TPM2 requirements
+#CONFIG_TPM2_TSS=y
+#CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=y
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+CONFIG_SLANG=y
+CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+#CONFIG_CAIRO=y
+#CONFIG_FBWHIPTAIL=y
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+endif
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+#export CONFIG_TPM2_TOOLS=y
+#export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
+export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
+export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1-hotp"
+#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal"
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+
+BOARD_TARGETS := qemu

boards/qemu-coreboot-whiptail-tpm1-prod/qemu-coreboot-whiptail-tpm1-prod.config

@@ -0,0 +1,95 @@
+# Configuration for building a coreboot ROM that works in
+# the qemu emulator in console mode thanks to Whiptail
+#
+# TPM can be used with a qemu software TPM (TIS, 1.2).
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=24.02.01
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm1-prod.config
+CONFIG_LINUX_CONFIG=config/linux-qemu.config
+
+#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing)
+#export CONFIG_RESTRICTED_BOOT=y
+#export CONFIG_BASIC=y
+
+#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing))
+#export CONFIG_HAVE_GPG_KEY_BACKUP=y
+
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+#On-demand hardware support (modules.cpio)
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000=y
+#CONFIG_MOBILE_TETHERING=y
+#Runtime on-demand additional hardware support (modules.cpio)
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
+
+
+
+#Modules packed into tools.cpio
+ifeq "$(CONFIG_UROOT)" "y"
+CONFIG_BUSYBOX=n
+else
+#Modules packed into tools.cpio
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHPROG=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+#Runtime tools to write to MSR
+CONFIG_MSRTOOLS=y
+#Remote attestation support
+# TPM2 requirements
+#CONFIG_TPM2_TSS=y
+#CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+#CONFIG_HOTPKEY=y
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+CONFIG_SLANG=y
+CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+#CONFIG_CAIRO=y
+#CONFIG_FBWHIPTAIL=y
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+endif
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+#export CONFIG_TPM2_TOOLS=y
+#export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
+export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
+export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm1"
+#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal"
+#export CONFIG_AUTO_BOOT_TIMEOUT=5
+
+BOARD_TARGETS := qemu

boards/qemu-coreboot-whiptail-tpm2-hotp-prod/qemu-coreboot-whiptail-tpm2-hotp-prod.config

@@ -0,0 +1,96 @@
+# Configuration for building a coreboot ROM that works in
+# the qemu emulator in console mode thanks to Whiptail
+# This version requires a supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key)
+#
+# TPM can be used with a qemu software TPM (TIS, 2.0).
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=24.02.01
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2-prod.config
+CONFIG_LINUX_CONFIG=config/linux-qemu.config
+
+#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing)
+#export CONFIG_RESTRICTED_BOOT=y
+#export CONFIG_BASIC=y
+
+#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing))
+#export CONFIG_HAVE_GPG_KEY_BACKUP=y
+
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+#On-demand hardware support (modules.cpio)
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000=y
+#CONFIG_MOBILE_TETHERING=y
+#Runtime on-demand additional hardware support (modules.cpio)
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
+
+
+
+#Modules packed into tools.cpio
+ifeq "$(CONFIG_UROOT)" "y"
+CONFIG_BUSYBOX=n
+else
+#Modules packed into tools.cpio
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHPROG=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+#Runtime tools to write to MSR
+#CONFIG_MSRTOOLS=y
+#Remote attestation support
+# TPM2 requirements
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=y
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+CONFIG_SLANG=y
+CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+#CONFIG_CAIRO=y
+#CONFIG_FBWHIPTAIL=y
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+endif
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+#export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
+export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
+export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2-hotp"
+#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal"
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+
+BOARD_TARGETS := qemu

boards/qemu-coreboot-whiptail-tpm2-prod/qemu-coreboot-whiptail-tpm2-prod.config

@@ -0,0 +1,95 @@
+# Configuration for building a coreboot ROM that works in
+# the qemu emulator in console mode thanks to Whiptail
+#
+# TPM can be used with a qemu software TPM (TIS, 2.0).
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=24.02.01
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-qemu-tpm2-prod.config
+CONFIG_LINUX_CONFIG=config/linux-qemu.config
+
+#Enable only one RESTRICTED/BASIC boot modes below to test them manually (we cannot inject config under QEMU (no internal flashing)
+#export CONFIG_RESTRICTED_BOOT=y
+#export CONFIG_BASIC=y
+
+#Enable HAVE_GPG_KEY_BACKUP to test GPG key backup drive (we cannot inject config under QEMU (no internal flashing))
+#export CONFIG_HAVE_GPG_KEY_BACKUP=y
+
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+#On-demand hardware support (modules.cpio)
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000=y
+#CONFIG_MOBILE_TETHERING=y
+#Runtime on-demand additional hardware support (modules.cpio)
+export CONFIG_LINUX_USB_COMPANION_CONTROLLER=y
+
+
+
+#Modules packed into tools.cpio
+ifeq "$(CONFIG_UROOT)" "y"
+CONFIG_BUSYBOX=n
+else
+#Modules packed into tools.cpio
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHPROG=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+#Runtime tools to write to MSR
+#CONFIG_MSRTOOLS=y
+#Remote attestation support
+# TPM2 requirements
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+#CONFIG_HOTPKEY=y
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+CONFIG_SLANG=y
+CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+#CONFIG_CAIRO=y
+#CONFIG_FBWHIPTAIL=y
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+endif
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+#export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_RECOVERY_SERIAL="/dev/ttyS0"
+export CONFIG_BOOT_KERNEL_ADD="console=ttyS0 console=tty systemd.zram=0"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet rhgb splash"
+export CONFIG_BOARD_NAME="qemu-coreboot-whiptail-tpm2"
+#export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal"
+#export CONFIG_AUTO_BOOT_TIMEOUT=5
+
+BOARD_TARGETS := qemu

config/coreboot-novacustom_nv4x_adl.config

@@ -131,7 +131,7 @@ CONFIG_VBOOT_VBNV_OFFSET=0x28
 CONFIG_VARIANT_DIR="nv40pz"
 CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb"
 # CONFIG_VGA_BIOS is not set
-CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Nitrokey"
+CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Notebook"
 CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/variants/$(VARIANT_DIR)/data.vbt"
 # CONFIG_DISABLE_HECI1_AT_PRE_BOOT is not set
 CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0x4000
@@ -140,7 +140,7 @@ CONFIG_CMOS_LAYOUT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.layout"
 CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0
 CONFIG_BOARD_CLEVO_ADLP_COMMON=y
 CONFIG_BOARD_CLEVO_NV40PZ_BASE=y
-CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="Nitropad NV41"
+CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="NV4xPZ"
 CONFIG_CONSOLE_POST=y
 # CONFIG_USE_PM_ACPI_TIMER is not set
 CONFIG_TPM_PIRQ=0x27

config/coreboot-qemu-fbwhiptail-tpm1-hotp.config

@@ -1,21 +0,0 @@
-# CONFIG_INCLUDE_CONFIG_FILE is not set
-CONFIG_ONBOARD_VGA_IS_PRIMARY=y
-CONFIG_CBFS_SIZE=0x980000
-# CONFIG_POST_IO is not set
-# CONFIG_POST_DEVICE is not set
-CONFIG_BOARD_EMULATION_QEMU_X86_Q35=y
-# CONFIG_CONSOLE_SERIAL is not set
-CONFIG_LINUX_COMMAND_LINE="debug console=ttyS0,115200 console=tty"
-CONFIG_COREBOOT_ROMSIZE_KB_10240=y
-CONFIG_PCIEXP_ASPM=y
-CONFIG_PCIEXP_COMMON_CLOCK=y
-CONFIG_UART_PCI_ADDR=0
-CONFIG_DRIVERS_PS2_KEYBOARD=y
-CONFIG_USER_TPM1=y
-CONFIG_TPM_MEASURED_BOOT=y
-# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set
-CONFIG_PAYLOAD_LINUX=y
-CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
-CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"
-CONFIG_USBDEBUG=y
-CONFIG_USBDEBUG=n

config/coreboot-qemu-tpm1-prod.config

@@ -0,0 +1,562 @@
+#
+# Automatically generated file; DO NOT EDIT.
+# coreboot configuration
+#
+
+#
+# General setup
+#
+CONFIG_COREBOOT_BUILD=y
+CONFIG_LOCALVERSION=""
+CONFIG_CBFS_PREFIX="fallback"
+CONFIG_COMPILER_GCC=y
+# CONFIG_COMPILER_LLVM_CLANG is not set
+CONFIG_ARCH_SUPPORTS_CLANG=y
+# CONFIG_ANY_TOOLCHAIN is not set
+CONFIG_CCACHE=y
+# CONFIG_IWYU is not set
+# CONFIG_FMD_GENPARSER is not set
+# CONFIG_UTIL_GENPARSER is not set
+CONFIG_OPTION_BACKEND_NONE=y
+# CONFIG_USE_OPTION_TABLE is not set
+CONFIG_COMPRESS_RAMSTAGE_LZMA=y
+# CONFIG_COMPRESS_RAMSTAGE_LZ4 is not set
+CONFIG_SEPARATE_ROMSTAGE=y
+# CONFIG_INCLUDE_CONFIG_FILE is not set
+CONFIG_COLLECT_TIMESTAMPS=y
+# CONFIG_TIMESTAMPS_ON_CONSOLE is not set
+CONFIG_USE_BLOBS=y
+# CONFIG_USE_AMD_BLOBS is not set
+# CONFIG_USE_QC_BLOBS is not set
+# CONFIG_COVERAGE is not set
+# CONFIG_UBSAN is not set
+CONFIG_HAVE_ASAN_IN_RAMSTAGE=y
+# CONFIG_ASAN is not set
+CONFIG_NO_STAGE_CACHE=y
+# CONFIG_CBMEM_STAGE_CACHE is not set
+# CONFIG_UPDATE_IMAGE is not set
+CONFIG_BOOTSPLASH_IMAGE=y
+CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg"
+CONFIG_BOOTSPLASH_CONVERT=y
+CONFIG_BOOTSPLASH_CONVERT_QUALITY=70
+# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set
+# CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set
+# CONFIG_FW_CONFIG is not set
+
+#
+# Software Bill Of Materials (SBOM)
+#
+# CONFIG_SBOM is not set
+# end of Software Bill Of Materials (SBOM)
+# end of General setup
+
+#
+# Mainboard
+#
+
+#
+# Important: Run 'make distclean' before switching boards
+#
+# CONFIG_VENDOR_51NB is not set
+# CONFIG_VENDOR_ACER is not set
+# CONFIG_VENDOR_ADLINK is not set
+# CONFIG_VENDOR_AMD is not set
+# CONFIG_VENDOR_AOPEN is not set
+# CONFIG_VENDOR_APPLE is not set
+# CONFIG_VENDOR_ASROCK is not set
+# CONFIG_VENDOR_ASUS is not set
+# CONFIG_VENDOR_BIOSTAR is not set
+# CONFIG_VENDOR_BOSTENTECH is not set
+# CONFIG_VENDOR_BYTEDANCE is not set
+# CONFIG_VENDOR_CAVIUM is not set
+# CONFIG_VENDOR_CLEVO is not set
+# CONFIG_VENDOR_COMPULAB is not set
+# CONFIG_VENDOR_DELL is not set
+CONFIG_VENDOR_EMULATION=y
+# CONFIG_VENDOR_EXAMPLE is not set
+# CONFIG_VENDOR_FACEBOOK is not set
+# CONFIG_VENDOR_FOXCONN is not set
+# CONFIG_VENDOR_GETAC is not set
+# CONFIG_VENDOR_GIGABYTE is not set
+# CONFIG_VENDOR_GOOGLE is not set
+# CONFIG_VENDOR_HP is not set
+# CONFIG_VENDOR_IBASE is not set
+# CONFIG_VENDOR_IBM is not set
+# CONFIG_VENDOR_INTEL is not set
+# CONFIG_VENDOR_INVENTEC is not set
+# CONFIG_VENDOR_KONTRON is not set
+# CONFIG_VENDOR_LENOVO is not set
+# CONFIG_VENDOR_LIBRETREND is not set
+# CONFIG_VENDOR_MSI is not set
+# CONFIG_VENDOR_OCP is not set
+# CONFIG_VENDOR_OPENCELLULAR is not set
+# CONFIG_VENDOR_PACKARDBELL is not set
+# CONFIG_VENDOR_PCENGINES is not set
+# CONFIG_VENDOR_PINE64 is not set
+# CONFIG_VENDOR_PORTWELL is not set
+# CONFIG_VENDOR_PRODRIVE is not set
+# CONFIG_VENDOR_PROTECTLI is not set
+# CONFIG_VENDOR_PURISM is not set
+# CONFIG_VENDOR_RAZER is not set
+# CONFIG_VENDOR_RODA is not set
+# CONFIG_VENDOR_SAMSUNG is not set
+# CONFIG_VENDOR_SAPPHIRE is not set
+# CONFIG_VENDOR_SIEMENS is not set
+# CONFIG_VENDOR_SIFIVE is not set
+# CONFIG_VENDOR_STARLABS is not set
+# CONFIG_VENDOR_SUPERMICRO is not set
+# CONFIG_VENDOR_SYSTEM76 is not set
+# CONFIG_VENDOR_TI is not set
+# CONFIG_VENDOR_UP is not set
+CONFIG_BOARD_SPECIFIC_OPTIONS=y
+CONFIG_MAINBOARD_PART_NUMBER="QEMU x86 q35/ich9"
+CONFIG_MAINBOARD_VERSION="1.0"
+CONFIG_MAINBOARD_DIR="emulation/qemu-q35"
+CONFIG_DIMM_MAX=4
+CONFIG_DIMM_SPD_SIZE=256
+CONFIG_FMDFILE=""
+# CONFIG_NO_POST is not set
+CONFIG_MAINBOARD_VENDOR="Emulation"
+CONFIG_CBFS_SIZE=0x980000
+# CONFIG_CONSOLE_SERIAL is not set
+CONFIG_MAX_CPUS=4
+CONFIG_ONBOARD_VGA_IS_PRIMARY=y
+# CONFIG_POST_DEVICE is not set
+# CONFIG_POST_IO is not set
+CONFIG_DEVICETREE="devicetree.cb"
+# CONFIG_VBOOT is not set
+CONFIG_VBOOT_VBNV_OFFSET=0x2c
+# CONFIG_CHROMEOS is not set
+CONFIG_OVERRIDE_DEVICETREE=""
+# CONFIG_VGA_BIOS is not set
+CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Emulation"
+CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00
+CONFIG_CMOS_DEFAULT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.default"
+CONFIG_CMOS_LAYOUT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.layout"
+# CONFIG_CONSOLE_POST is not set
+CONFIG_TPM_PIRQ=0x0
+# CONFIG_BOARD_EMULATION_QEMU_AARCH64 is not set
+# CONFIG_BOARD_EMULATION_QEMU_ARMV7 is not set
+# CONFIG_BOARD_EMULATION_QEMU_X86_I440FX is not set
+# CONFIG_BOARD_EMULATION_QEMU_POWER8 is not set
+# CONFIG_BOARD_EMULATION_QEMU_POWER9 is not set
+CONFIG_BOARD_EMULATION_QEMU_X86_Q35=y
+# CONFIG_BOARD_EMULATION_QEMU_RISCV_RV64 is not set
+# CONFIG_BOARD_EMULATION_QEMU_RISCV_RV32 is not set
+# CONFIG_BOARD_EMULATION_SPIKE_RISCV is not set
+CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xb0000000
+CONFIG_ECAM_MMCONF_BUS_NUMBER=256
+CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld"
+CONFIG_DCACHE_RAM_BASE=0x10000
+CONFIG_DCACHE_RAM_SIZE=0x90000
+CONFIG_C_ENV_BOOTBLOCK_SIZE=0x40000
+CONFIG_DCACHE_BSP_STACK_SIZE=0x4000
+CONFIG_MAX_ACPI_TABLE_SIZE_KB=224
+# CONFIG_DRIVERS_INTEL_WIFI is not set
+CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000
+CONFIG_CARDBUS_PLUGIN_SUPPORT=y
+# CONFIG_DEBUG_SMI is not set
+CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="QEMU x86 q35/ich9"
+CONFIG_PCIEXP_HOTPLUG_BUSES=32
+CONFIG_PCIEXP_HOTPLUG_MEM=0x800000
+CONFIG_PCIEXP_HOTPLUG_PREFETCH_MEM=0x10000000
+CONFIG_PS2K_EISAID="PNP0303"
+CONFIG_PS2M_EISAID="PNP0F13"
+CONFIG_D3COLD_SUPPORT=y
+CONFIG_PCIEXP_ASPM=y
+# CONFIG_PCIEXP_L1_SUB_STATE is not set
+# CONFIG_PCIEXP_CLK_PM is not set
+CONFIG_DRIVERS_UART_8250IO=y
+CONFIG_PC_CMOS_BASE_PORT_BANK1=0x72
+CONFIG_EC_GPE_SCI=0x50
+CONFIG_TPM_MEASURED_BOOT=y
+CONFIG_LINUX_COMMAND_LINE="console=ttyS0,115200 console=tty quiet loglevel=2"
+CONFIG_BOARD_ROMSIZE_KB_16384=y
+# CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_512 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_1024 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_2048 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_4096 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_5120 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_6144 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_8192 is not set
+CONFIG_COREBOOT_ROMSIZE_KB_10240=y
+# CONFIG_COREBOOT_ROMSIZE_KB_12288 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_16384 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_24576 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_32768 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set
+CONFIG_COREBOOT_ROMSIZE_KB=10240
+CONFIG_ROM_SIZE=0x00a00000
+CONFIG_HAVE_POWER_STATE_AFTER_FAILURE=y
+CONFIG_HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE=y
+CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y
+# CONFIG_POWER_STATE_ON_AFTER_FAILURE is not set
+# CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set
+CONFIG_MAINBOARD_POWER_FAILURE_STATE=0
+# end of Mainboard
+
+#
+# Chipset
+#
+
+#
+# SoC
+#
+CONFIG_CHIPSET_DEVICETREE=""
+CONFIG_CBFS_MCACHE_SIZE=0x4000
+CONFIG_ROMSTAGE_ADDR=0x2000000
+CONFIG_VERSTAGE_ADDR=0x2000000
+CONFIG_SMM_MODULE_STACK_SIZE=0x400
+# CONFIG_USE_EXP_X86_64_SUPPORT is not set
+CONFIG_PRERAM_CBFS_CACHE_SIZE=0x4000
+CONFIG_DOMAIN_RESOURCE_32BIT_LIMIT=0xfe000000
+CONFIG_EHCI_BAR=0xfef00000
+CONFIG_ACPI_CPU_STRING="CP%02X"
+CONFIG_STACK_SIZE=0x2000
+CONFIG_INTEL_GMA_BCLV_OFFSET=0xc8254
+CONFIG_INTEL_GMA_BCLV_WIDTH=16
+CONFIG_INTEL_GMA_BCLM_OFFSET=0xc8256
+CONFIG_INTEL_GMA_BCLM_WIDTH=16
+CONFIG_BOOTBLOCK_IN_CBFS=y
+CONFIG_HPET_MIN_TICKS=0x80
+CONFIG_PCIEXP_COMMON_CLOCK=y
+CONFIG_SOC_PHYSICAL_ADDRESS_WIDTH=0
+CONFIG_FIXED_SMBUS_IO_BASE=0x400
+CONFIG_CBFS_CACHE_ALIGN=8
+
+#
+# CPU
+#
+CONFIG_CPU_QEMU_X86=y
+# CONFIG_CPU_QEMU_X86_NO_SMM is not set
+CONFIG_CPU_QEMU_X86_ASEG_SMM=y
+# CONFIG_CPU_QEMU_X86_TSEG_SMM is not set
+CONFIG_PARALLEL_MP=y
+CONFIG_XAPIC_ONLY=y
+# CONFIG_X2APIC_ONLY is not set
+# CONFIG_X2APIC_RUNTIME is not set
+# CONFIG_X2APIC_LATE_WORKAROUND is not set
+CONFIG_UDELAY_TSC=y
+CONFIG_UNKNOWN_TSC_RATE=y
+CONFIG_TSC_MONOTONIC_TIMER=y
+CONFIG_HAVE_SMI_HANDLER=y
+CONFIG_SMM_ASEG=y
+CONFIG_SMM_PCI_RESOURCE_STORE_NUM_SLOTS=8
+CONFIG_AP_STACK_SIZE=0x800
+CONFIG_SMP=y
+
+#
+# Northbridge
+#
+
+#
+# Southbridge
+#
+CONFIG_PCIEXP_HOTPLUG=y
+CONFIG_SOUTHBRIDGE_INTEL_I82801IX=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_RESET=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_RTC=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_PMCLIB=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_PMBASE=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_GPIO=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_EARLY_SMBUS=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y
+CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
+# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
+CONFIG_TCO_SPACE_NOT_YET_SPLIT=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y
+CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000
+CONFIG_RCBA_LENGTH=0x4000
+
+#
+# Super I/O
+#
+
+#
+# Embedded Controllers
+#
+CONFIG_MAINBOARD_HAS_CHROMEOS=y
+
+#
+# ChromeOS
+#
+# end of ChromeOS
+
+CONFIG_ARCH_X86=y
+CONFIG_ARCH_BOOTBLOCK_X86_32=y
+CONFIG_ARCH_VERSTAGE_X86_32=y
+CONFIG_ARCH_ROMSTAGE_X86_32=y
+CONFIG_ARCH_POSTCAR_X86_32=y
+CONFIG_ARCH_RAMSTAGE_X86_32=y
+CONFIG_ARCH_ALL_STAGES_X86_32=y
+CONFIG_HAVE_EXP_X86_64_SUPPORT=y
+CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y
+CONFIG_POSTRAM_CBFS_CACHE_IN_BSS=y
+CONFIG_RAMSTAGE_CBFS_CACHE_SIZE=0x4000
+CONFIG_PC80_SYSTEM=y
+CONFIG_HAVE_CMOS_DEFAULT=y
+CONFIG_POSTCAR_STAGE=y
+CONFIG_BOOTBLOCK_SIMPLE=y
+# CONFIG_BOOTBLOCK_NORMAL is not set
+CONFIG_COLLECT_TIMESTAMPS_TSC=y
+CONFIG_HAVE_CF9_RESET=y
+CONFIG_DEBUG_HW_BREAKPOINTS=y
+CONFIG_DEBUG_NULL_DEREF_BREAKPOINTS=y
+# CONFIG_DUMP_SMBIOS_TYPE17 is not set
+# end of Chipset
+
+#
+# Devices
+#
+CONFIG_HAVE_VGA_TEXT_FRAMEBUFFER=y
+CONFIG_HAVE_LINEAR_FRAMEBUFFER=y
+CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT=y
+CONFIG_MAINBOARD_FORCE_NATIVE_VGA_INIT=y
+CONFIG_MAINBOARD_DO_NATIVE_VGA_INIT=y
+CONFIG_NO_EARLY_GFX_INIT=y
+
+#
+# Display
+#
+# CONFIG_VGA_TEXT_FRAMEBUFFER is not set
+CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y
+CONFIG_LINEAR_FRAMEBUFFER=y
+CONFIG_BOOTSPLASH=y
+# end of Display
+
+CONFIG_PCI=y
+CONFIG_ECAM_MMCONF_SUPPORT=y
+CONFIG_PCIX_PLUGIN_SUPPORT=y
+CONFIG_AZALIA_HDA_CODEC_SUPPORT=y
+CONFIG_PCIEXP_PLUGIN_SUPPORT=y
+CONFIG_ECAM_MMCONF_LENGTH=0x10000000
+CONFIG_PCI_ALLOW_BUS_MASTER=y
+CONFIG_PCI_SET_BUS_MASTER_PCI_BRIDGES=y
+CONFIG_PCI_ALLOW_BUS_MASTER_ANY_DEVICE=y
+# CONFIG_PCIEXP_SUPPORT_RESIZABLE_BARS is not set
+# CONFIG_PCIEXP_LANE_ERR_STAT_CLEAR is not set
+CONFIG_PCIEXP_HOTPLUG_PREFETCH_MEM_ABOVE_4G=y
+# CONFIG_PCIEXP_HOTPLUG_PREFETCH_MEM_BELOW_4G is not set
+CONFIG_PCIEXP_HOTPLUG_IO=0x2000
+# CONFIG_EARLY_PCI_BRIDGE is not set
+CONFIG_SUBSYSTEM_VENDOR_ID=0x0000
+CONFIG_SUBSYSTEM_DEVICE_ID=0x0000
+# CONFIG_SOFTWARE_I2C is not set
+CONFIG_I2C_TRANSFER_TIMEOUT_US=500000
+CONFIG_RESOURCE_ALLOCATION_TOP_DOWN=y
+# end of Devices
+
+#
+# Generic Drivers
+#
+CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000
+CONFIG_TPM_INIT_RAMSTAGE=y
+# CONFIG_TPM_PPI is not set
+CONFIG_DRIVERS_UART=y
+# CONFIG_DRIVERS_UART_OXPCIE is not set
+CONFIG_HAVE_USBDEBUG=y
+CONFIG_HAVE_USBDEBUG_OPTIONS=y
+# CONFIG_USBDEBUG is not set
+# CONFIG_VPD is not set
+CONFIG_DRIVERS_EMULATION_QEMU_BOCHS=y
+CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_XRES=1440
+CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_YRES=810
+# CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set
+# CONFIG_DRIVERS_GENERIC_CBFS_UUID is not set
+# CONFIG_DRIVERS_GENESYSLOGIC_GL9750 is not set
+# CONFIG_DRIVERS_GENESYSLOGIC_GL9755 is not set
+# CONFIG_DRIVERS_GENESYSLOGIC_GL9763E is not set
+# CONFIG_DRIVERS_I2C_MAX98396 is not set
+# CONFIG_DRIVERS_NXP_UWB_SR1XX is not set
+CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_DRIVERS_MC146818=y
+CONFIG_USE_PC_CMOS_ALTCENTURY=y
+CONFIG_PC_CMOS_BASE_PORT_BANK0=0x70
+CONFIG_MEMORY_MAPPED_TPM=y
+CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000
+CONFIG_VGA=y
+# CONFIG_DRIVERS_SIL_3114 is not set
+# CONFIG_DRIVERS_MTK_WIFI is not set
+# end of Generic Drivers
+
+#
+# Security
+#
+
+#
+# CBFS verification
+#
+# CONFIG_CBFS_VERIFICATION is not set
+# end of CBFS verification
+
+#
+# Verified Boot (vboot)
+#
+CONFIG_VBOOT_LIB=y
+# end of Verified Boot (vboot)
+
+#
+# Trusted Platform Module
+#
+# CONFIG_NO_TPM is not set
+CONFIG_TPM1=y
+# CONFIG_TPM2 is not set
+CONFIG_TPM=y
+# CONFIG_TPM_DEACTIVATE is not set
+# CONFIG_DEBUG_TPM is not set
+# CONFIG_TPM_RDRESP_NEED_DELAY is not set
+# CONFIG_TPM_LOG_CB is not set
+CONFIG_TPM_LOG_TPM1=y
+CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA=""
+CONFIG_PCR_BOOT_MODE=1
+CONFIG_PCR_HWID=1
+CONFIG_PCR_SRTM=2
+CONFIG_PCR_FW_VER=10
+CONFIG_PCR_RUNTIME_DATA=3
+# end of Trusted Platform Module
+
+#
+# Memory initialization
+#
+CONFIG_PLATFORM_HAS_DRAM_CLEAR=y
+# CONFIG_SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT is not set
+# end of Memory initialization
+
+# CONFIG_INTEL_TXT is not set
+CONFIG_BOOTMEDIA_LOCK_NONE=y
+# CONFIG_BOOTMEDIA_LOCK_CONTROLLER is not set
+# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
+# end of Security
+
+CONFIG_ACPI_HAVE_PCAT_8259=y
+CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES=y
+CONFIG_ACPI_SOC_NVS=y
+CONFIG_ACPI_NO_CUSTOM_MADT=y
+CONFIG_ACPI_COMMON_MADT_LAPIC=y
+CONFIG_ACPI_COMMON_MADT_IOAPIC=y
+CONFIG_HAVE_ACPI_TABLES=y
+CONFIG_BOOT_DEVICE_NOT_SPI_FLASH=y
+CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y
+CONFIG_HEAP_SIZE=0x100000
+
+#
+# Console
+#
+CONFIG_BOOTBLOCK_CONSOLE=y
+CONFIG_POSTCAR_CONSOLE=y
+CONFIG_SQUELCH_EARLY_SMP=y
+# CONFIG_SPKMODEM is not set
+# CONFIG_CONSOLE_NE2K is not set
+CONFIG_CONSOLE_CBMEM=y
+# CONFIG_CONSOLE_CBMEM_DUMP_TO_UART is not set
+# CONFIG_CONSOLE_I2C_SMBUS is not set
+CONFIG_CONSOLE_QEMU_DEBUGCON=y
+CONFIG_CONSOLE_QEMU_DEBUGCON_PORT=0x402
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8 is not set
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7=y
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_4 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_3 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_2 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7
+CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX=y
+CONFIG_CONSOLE_USE_ANSI_ESCAPES=y
+# CONFIG_CMOS_POST is not set
+CONFIG_HWBASE_DEBUG_CB=y
+# end of Console
+
+CONFIG_HAVE_MONOTONIC_TIMER=y
+CONFIG_HAVE_OPTION_TABLE=y
+CONFIG_IOAPIC=y
+CONFIG_USE_WATCHDOG_ON_BOOT=y
+
+#
+# System tables
+#
+CONFIG_GENERATE_SMBIOS_TABLES=y
+CONFIG_BIOS_VENDOR="coreboot"
+CONFIG_MAINBOARD_SERIAL_NUMBER="123456789"
+# end of System tables
+
+#
+# Payload
+#
+# CONFIG_PAYLOAD_NONE is not set
+# CONFIG_PAYLOAD_ELF is not set
+# CONFIG_PAYLOAD_BOOTBOOT is not set
+# CONFIG_PAYLOAD_FILO is not set
+# CONFIG_PAYLOAD_GRUB2 is not set
+# CONFIG_PAYLOAD_SEAGRUB is not set
+# CONFIG_PAYLOAD_LINUXBOOT is not set
+# CONFIG_PAYLOAD_SEABIOS is not set
+# CONFIG_PAYLOAD_UBOOT is not set
+# CONFIG_PAYLOAD_EDK2 is not set
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
+CONFIG_PAYLOAD_OPTIONS=""
+# CONFIG_PXE is not set
+CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"
+# CONFIG_PAYLOAD_IS_FLAT_BINARY is not set
+CONFIG_COMPRESS_SECONDARY_PAYLOAD=y
+
+#
+# Secondary Payloads
+#
+# CONFIG_COREINFO_SECONDARY_PAYLOAD is not set
+# CONFIG_GRUB2_SECONDARY_PAYLOAD is not set
+# CONFIG_MEMTEST_SECONDARY_PAYLOAD is not set
+# CONFIG_NVRAMCUI_SECONDARY_PAYLOAD is not set
+# CONFIG_SEABIOS_SECONDARY_PAYLOAD is not set
+# CONFIG_TINT_SECONDARY_PAYLOAD is not set
+# CONFIG_COREDOOM_SECONDARY_PAYLOAD is not set
+# end of Secondary Payloads
+# end of Payload
+
+#
+# Debugging
+#
+
+#
+# CPU Debug Settings
+#
+# CONFIG_DISPLAY_MTRRS is not set
+
+#
+# Vendorcode Debug Settings
+#
+
+#
+# BLOB Debug Settings
+#
+
+#
+# General Debug Settings
+#
+# CONFIG_GDB_STUB is not set
+# CONFIG_FATAL_ASSERTS is not set
+# CONFIG_DEBUG_CBFS is not set
+CONFIG_HAVE_DEBUG_SMBUS=y
+# CONFIG_DEBUG_SMBUS is not set
+# CONFIG_DEBUG_MALLOC is not set
+# CONFIG_DEBUG_CONSOLE_INIT is not set
+# CONFIG_DEBUG_BOOT_STATE is not set
+# CONFIG_DEBUG_ADA_CODE is not set
+# CONFIG_DEBUG_ACPICA_COMPATIBLE is not set
+# end of Debugging
+
+CONFIG_DECOMPRESS_OFAST=y
+CONFIG_PROBE_RAM=y
+CONFIG_WARNINGS_ARE_ERRORS=y
+CONFIG_MAX_REBOOT_CNT=3
+CONFIG_RELOCATABLE_MODULES=y
+CONFIG_HAVE_BOOTBLOCK=y
+CONFIG_HAVE_ROMSTAGE=y
+CONFIG_HAVE_RAMSTAGE=y

config/coreboot-qemu-tpm2-prod.config

@@ -0,0 +1,555 @@
+#
+# Automatically generated file; DO NOT EDIT.
+# coreboot configuration
+#
+
+#
+# General setup
+#
+CONFIG_COREBOOT_BUILD=y
+CONFIG_LOCALVERSION=""
+CONFIG_CBFS_PREFIX="fallback"
+CONFIG_COMPILER_GCC=y
+# CONFIG_COMPILER_LLVM_CLANG is not set
+CONFIG_ARCH_SUPPORTS_CLANG=y
+# CONFIG_ANY_TOOLCHAIN is not set
+CONFIG_CCACHE=y
+# CONFIG_IWYU is not set
+# CONFIG_FMD_GENPARSER is not set
+# CONFIG_UTIL_GENPARSER is not set
+CONFIG_OPTION_BACKEND_NONE=y
+# CONFIG_USE_OPTION_TABLE is not set
+CONFIG_COMPRESS_RAMSTAGE_LZMA=y
+# CONFIG_COMPRESS_RAMSTAGE_LZ4 is not set
+CONFIG_SEPARATE_ROMSTAGE=y
+# CONFIG_INCLUDE_CONFIG_FILE is not set
+CONFIG_COLLECT_TIMESTAMPS=y
+# CONFIG_TIMESTAMPS_ON_CONSOLE is not set
+CONFIG_USE_BLOBS=y
+# CONFIG_USE_AMD_BLOBS is not set
+# CONFIG_USE_QC_BLOBS is not set
+# CONFIG_COVERAGE is not set
+# CONFIG_UBSAN is not set
+CONFIG_HAVE_ASAN_IN_RAMSTAGE=y
+# CONFIG_ASAN is not set
+CONFIG_NO_STAGE_CACHE=y
+# CONFIG_CBMEM_STAGE_CACHE is not set
+# CONFIG_UPDATE_IMAGE is not set
+CONFIG_BOOTSPLASH_IMAGE=y
+CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg"
+CONFIG_BOOTSPLASH_CONVERT=y
+CONFIG_BOOTSPLASH_CONVERT_QUALITY=70
+# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set
+# CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set
+# CONFIG_FW_CONFIG is not set
+
+#
+# Software Bill Of Materials (SBOM)
+#
+# CONFIG_SBOM is not set
+# end of Software Bill Of Materials (SBOM)
+# end of General setup
+
+#
+# Mainboard
+#
+
+#
+# Important: Run 'make distclean' before switching boards
+#
+# CONFIG_VENDOR_51NB is not set
+# CONFIG_VENDOR_ACER is not set
+# CONFIG_VENDOR_ADLINK is not set
+# CONFIG_VENDOR_AMD is not set
+# CONFIG_VENDOR_AOPEN is not set
+# CONFIG_VENDOR_APPLE is not set
+# CONFIG_VENDOR_ASROCK is not set
+# CONFIG_VENDOR_ASUS is not set
+# CONFIG_VENDOR_BIOSTAR is not set
+# CONFIG_VENDOR_BOSTENTECH is not set
+# CONFIG_VENDOR_BYTEDANCE is not set
+# CONFIG_VENDOR_CAVIUM is not set
+# CONFIG_VENDOR_CLEVO is not set
+# CONFIG_VENDOR_COMPULAB is not set
+# CONFIG_VENDOR_DELL is not set
+CONFIG_VENDOR_EMULATION=y
+# CONFIG_VENDOR_EXAMPLE is not set
+# CONFIG_VENDOR_FACEBOOK is not set
+# CONFIG_VENDOR_FOXCONN is not set
+# CONFIG_VENDOR_GETAC is not set
+# CONFIG_VENDOR_GIGABYTE is not set
+# CONFIG_VENDOR_GOOGLE is not set
+# CONFIG_VENDOR_HP is not set
+# CONFIG_VENDOR_IBASE is not set
+# CONFIG_VENDOR_IBM is not set
+# CONFIG_VENDOR_INTEL is not set
+# CONFIG_VENDOR_INVENTEC is not set
+# CONFIG_VENDOR_KONTRON is not set
+# CONFIG_VENDOR_LENOVO is not set
+# CONFIG_VENDOR_LIBRETREND is not set
+# CONFIG_VENDOR_MSI is not set
+# CONFIG_VENDOR_OCP is not set
+# CONFIG_VENDOR_OPENCELLULAR is not set
+# CONFIG_VENDOR_PACKARDBELL is not set
+# CONFIG_VENDOR_PCENGINES is not set
+# CONFIG_VENDOR_PINE64 is not set
+# CONFIG_VENDOR_PORTWELL is not set
+# CONFIG_VENDOR_PRODRIVE is not set
+# CONFIG_VENDOR_PROTECTLI is not set
+# CONFIG_VENDOR_PURISM is not set
+# CONFIG_VENDOR_RAZER is not set
+# CONFIG_VENDOR_RODA is not set
+# CONFIG_VENDOR_SAMSUNG is not set
+# CONFIG_VENDOR_SAPPHIRE is not set
+# CONFIG_VENDOR_SIEMENS is not set
+# CONFIG_VENDOR_SIFIVE is not set
+# CONFIG_VENDOR_STARLABS is not set
+# CONFIG_VENDOR_SUPERMICRO is not set
+# CONFIG_VENDOR_SYSTEM76 is not set
+# CONFIG_VENDOR_TI is not set
+# CONFIG_VENDOR_UP is not set
+CONFIG_BOARD_SPECIFIC_OPTIONS=y
+CONFIG_MAINBOARD_PART_NUMBER="QEMU x86 q35/ich9"
+CONFIG_MAINBOARD_VERSION="1.0"
+CONFIG_MAINBOARD_DIR="emulation/qemu-q35"
+CONFIG_DIMM_MAX=4
+CONFIG_DIMM_SPD_SIZE=256
+CONFIG_FMDFILE=""
+# CONFIG_NO_POST is not set
+CONFIG_MAINBOARD_VENDOR="Emulation"
+CONFIG_CBFS_SIZE=0xfe0000
+# CONFIG_CONSOLE_SERIAL is not set
+CONFIG_MAX_CPUS=4
+CONFIG_ONBOARD_VGA_IS_PRIMARY=y
+# CONFIG_POST_DEVICE is not set
+# CONFIG_POST_IO is not set
+CONFIG_DEVICETREE="devicetree.cb"
+# CONFIG_VBOOT is not set
+CONFIG_VBOOT_VBNV_OFFSET=0x2c
+# CONFIG_CHROMEOS is not set
+CONFIG_OVERRIDE_DEVICETREE=""
+# CONFIG_VGA_BIOS is not set
+CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="Emulation"
+CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00
+CONFIG_CMOS_DEFAULT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.default"
+CONFIG_CMOS_LAYOUT_FILE="src/mainboard/$(MAINBOARDDIR)/cmos.layout"
+# CONFIG_CONSOLE_POST is not set
+CONFIG_TPM_PIRQ=0x0
+# CONFIG_BOARD_EMULATION_QEMU_AARCH64 is not set
+# CONFIG_BOARD_EMULATION_QEMU_ARMV7 is not set
+# CONFIG_BOARD_EMULATION_QEMU_X86_I440FX is not set
+# CONFIG_BOARD_EMULATION_QEMU_POWER8 is not set
+# CONFIG_BOARD_EMULATION_QEMU_POWER9 is not set
+CONFIG_BOARD_EMULATION_QEMU_X86_Q35=y
+# CONFIG_BOARD_EMULATION_QEMU_RISCV_RV64 is not set
+# CONFIG_BOARD_EMULATION_QEMU_RISCV_RV32 is not set
+# CONFIG_BOARD_EMULATION_SPIKE_RISCV is not set
+CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xb0000000
+CONFIG_ECAM_MMCONF_BUS_NUMBER=256
+CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld"
+CONFIG_DCACHE_RAM_BASE=0x10000
+CONFIG_DCACHE_RAM_SIZE=0x90000
+CONFIG_C_ENV_BOOTBLOCK_SIZE=0x40000
+CONFIG_DCACHE_BSP_STACK_SIZE=0x4000
+CONFIG_MAX_ACPI_TABLE_SIZE_KB=224
+# CONFIG_DRIVERS_INTEL_WIFI is not set
+CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000
+CONFIG_CARDBUS_PLUGIN_SUPPORT=y
+# CONFIG_DEBUG_SMI is not set
+CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="QEMU x86 q35/ich9"
+CONFIG_PS2K_EISAID="PNP0303"
+CONFIG_PS2M_EISAID="PNP0F13"
+CONFIG_D3COLD_SUPPORT=y
+CONFIG_PCIEXP_ASPM=y
+# CONFIG_PCIEXP_L1_SUB_STATE is not set
+# CONFIG_PCIEXP_CLK_PM is not set
+CONFIG_DRIVERS_UART_8250IO=y
+CONFIG_PC_CMOS_BASE_PORT_BANK1=0x72
+CONFIG_EC_GPE_SCI=0x50
+CONFIG_TPM_MEASURED_BOOT=y
+CONFIG_LINUX_COMMAND_LINE="console=ttyS0,115200 console=tty quiet loglevel=2"
+CONFIG_BOARD_ROMSIZE_KB_16384=y
+# CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_512 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_1024 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_2048 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_4096 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_5120 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_6144 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_8192 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_10240 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_12288 is not set
+CONFIG_COREBOOT_ROMSIZE_KB_16384=y
+# CONFIG_COREBOOT_ROMSIZE_KB_24576 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_32768 is not set
+# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set
+CONFIG_COREBOOT_ROMSIZE_KB=16384
+CONFIG_ROM_SIZE=0x01000000
+CONFIG_HAVE_POWER_STATE_AFTER_FAILURE=y
+CONFIG_HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE=y
+CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y
+# CONFIG_POWER_STATE_ON_AFTER_FAILURE is not set
+# CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set
+CONFIG_MAINBOARD_POWER_FAILURE_STATE=0
+# end of Mainboard
+
+#
+# Chipset
+#
+
+#
+# SoC
+#
+CONFIG_CHIPSET_DEVICETREE=""
+CONFIG_CBFS_MCACHE_SIZE=0x4000
+CONFIG_ROMSTAGE_ADDR=0x2000000
+CONFIG_VERSTAGE_ADDR=0x2000000
+CONFIG_SMM_MODULE_STACK_SIZE=0x400
+# CONFIG_USE_EXP_X86_64_SUPPORT is not set
+CONFIG_PRERAM_CBFS_CACHE_SIZE=0x4000
+CONFIG_DOMAIN_RESOURCE_32BIT_LIMIT=0xfe000000
+CONFIG_EHCI_BAR=0xfef00000
+CONFIG_ACPI_CPU_STRING="CP%02X"
+CONFIG_STACK_SIZE=0x2000
+CONFIG_INTEL_GMA_BCLV_OFFSET=0xc8254
+CONFIG_INTEL_GMA_BCLV_WIDTH=16
+CONFIG_INTEL_GMA_BCLM_OFFSET=0xc8256
+CONFIG_INTEL_GMA_BCLM_WIDTH=16
+CONFIG_BOOTBLOCK_IN_CBFS=y
+CONFIG_HPET_MIN_TICKS=0x80
+CONFIG_PCIEXP_COMMON_CLOCK=y
+CONFIG_SOC_PHYSICAL_ADDRESS_WIDTH=0
+CONFIG_FIXED_SMBUS_IO_BASE=0x400
+CONFIG_CBFS_CACHE_ALIGN=8
+
+#
+# CPU
+#
+CONFIG_CPU_QEMU_X86=y
+# CONFIG_CPU_QEMU_X86_NO_SMM is not set
+CONFIG_CPU_QEMU_X86_ASEG_SMM=y
+# CONFIG_CPU_QEMU_X86_TSEG_SMM is not set
+CONFIG_PARALLEL_MP=y
+CONFIG_XAPIC_ONLY=y
+# CONFIG_X2APIC_ONLY is not set
+# CONFIG_X2APIC_RUNTIME is not set
+# CONFIG_X2APIC_LATE_WORKAROUND is not set
+CONFIG_UDELAY_TSC=y
+CONFIG_UNKNOWN_TSC_RATE=y
+CONFIG_TSC_MONOTONIC_TIMER=y
+CONFIG_HAVE_SMI_HANDLER=y
+CONFIG_SMM_ASEG=y
+CONFIG_SMM_PCI_RESOURCE_STORE_NUM_SLOTS=8
+CONFIG_AP_STACK_SIZE=0x800
+CONFIG_SMP=y
+
+#
+# Northbridge
+#
+
+#
+# Southbridge
+#
+# CONFIG_PCIEXP_HOTPLUG is not set
+CONFIG_SOUTHBRIDGE_INTEL_I82801IX=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_RESET=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_RTC=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_PMCLIB=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_PMBASE=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_GPIO=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_EARLY_SMBUS=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_PIRQ_ACPI_GEN=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_RCBA_PIRQ=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMM=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_USB_DEBUG=y
+CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
+# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
+CONFIG_TCO_SPACE_NOT_YET_SPLIT=y
+CONFIG_SOUTHBRIDGE_INTEL_COMMON_WATCHDOG=y
+CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000
+CONFIG_RCBA_LENGTH=0x4000
+
+#
+# Super I/O
+#
+
+#
+# Embedded Controllers
+#
+CONFIG_MAINBOARD_HAS_CHROMEOS=y
+
+#
+# ChromeOS
+#
+# end of ChromeOS
+
+CONFIG_ARCH_X86=y
+CONFIG_ARCH_BOOTBLOCK_X86_32=y
+CONFIG_ARCH_VERSTAGE_X86_32=y
+CONFIG_ARCH_ROMSTAGE_X86_32=y
+CONFIG_ARCH_POSTCAR_X86_32=y
+CONFIG_ARCH_RAMSTAGE_X86_32=y
+CONFIG_ARCH_ALL_STAGES_X86_32=y
+CONFIG_HAVE_EXP_X86_64_SUPPORT=y
+CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y
+CONFIG_POSTRAM_CBFS_CACHE_IN_BSS=y
+CONFIG_RAMSTAGE_CBFS_CACHE_SIZE=0x4000
+CONFIG_PC80_SYSTEM=y
+CONFIG_HAVE_CMOS_DEFAULT=y
+CONFIG_POSTCAR_STAGE=y
+CONFIG_BOOTBLOCK_SIMPLE=y
+# CONFIG_BOOTBLOCK_NORMAL is not set
+CONFIG_COLLECT_TIMESTAMPS_TSC=y
+CONFIG_HAVE_CF9_RESET=y
+CONFIG_DEBUG_HW_BREAKPOINTS=y
+CONFIG_DEBUG_NULL_DEREF_BREAKPOINTS=y
+# CONFIG_DUMP_SMBIOS_TYPE17 is not set
+# end of Chipset
+
+#
+# Devices
+#
+CONFIG_HAVE_VGA_TEXT_FRAMEBUFFER=y
+CONFIG_HAVE_LINEAR_FRAMEBUFFER=y
+CONFIG_MAINBOARD_HAS_NATIVE_VGA_INIT=y
+CONFIG_MAINBOARD_FORCE_NATIVE_VGA_INIT=y
+CONFIG_MAINBOARD_DO_NATIVE_VGA_INIT=y
+CONFIG_NO_EARLY_GFX_INIT=y
+
+#
+# Display
+#
+# CONFIG_VGA_TEXT_FRAMEBUFFER is not set
+CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y
+CONFIG_LINEAR_FRAMEBUFFER=y
+CONFIG_BOOTSPLASH=y
+# end of Display
+
+CONFIG_PCI=y
+CONFIG_ECAM_MMCONF_SUPPORT=y
+CONFIG_PCIX_PLUGIN_SUPPORT=y
+CONFIG_AZALIA_HDA_CODEC_SUPPORT=y
+CONFIG_PCIEXP_PLUGIN_SUPPORT=y
+CONFIG_ECAM_MMCONF_LENGTH=0x10000000
+CONFIG_PCI_ALLOW_BUS_MASTER=y
+CONFIG_PCI_SET_BUS_MASTER_PCI_BRIDGES=y
+CONFIG_PCI_ALLOW_BUS_MASTER_ANY_DEVICE=y
+# CONFIG_PCIEXP_SUPPORT_RESIZABLE_BARS is not set
+# CONFIG_PCIEXP_LANE_ERR_STAT_CLEAR is not set
+# CONFIG_EARLY_PCI_BRIDGE is not set
+CONFIG_SUBSYSTEM_VENDOR_ID=0x0000
+CONFIG_SUBSYSTEM_DEVICE_ID=0x0000
+# CONFIG_SOFTWARE_I2C is not set
+CONFIG_I2C_TRANSFER_TIMEOUT_US=500000
+CONFIG_RESOURCE_ALLOCATION_TOP_DOWN=y
+# end of Devices
+
+#
+# Generic Drivers
+#
+CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000
+CONFIG_TPM_INIT_RAMSTAGE=y
+# CONFIG_TPM_PPI is not set
+CONFIG_DRIVERS_UART=y
+# CONFIG_DRIVERS_UART_OXPCIE is not set
+CONFIG_HAVE_USBDEBUG=y
+CONFIG_HAVE_USBDEBUG_OPTIONS=y
+# CONFIG_USBDEBUG is not set
+# CONFIG_VPD is not set
+CONFIG_DRIVERS_EMULATION_QEMU_BOCHS=y
+CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_XRES=1440
+CONFIG_DRIVERS_EMULATION_QEMU_BOCHS_YRES=810
+# CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set
+# CONFIG_DRIVERS_GENERIC_CBFS_UUID is not set
+# CONFIG_DRIVERS_GENESYSLOGIC_GL9750 is not set
+# CONFIG_DRIVERS_GENESYSLOGIC_GL9755 is not set
+# CONFIG_DRIVERS_GENESYSLOGIC_GL9763E is not set
+# CONFIG_DRIVERS_I2C_MAX98396 is not set
+# CONFIG_DRIVERS_NXP_UWB_SR1XX is not set
+CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_DRIVERS_MC146818=y
+CONFIG_USE_PC_CMOS_ALTCENTURY=y
+CONFIG_PC_CMOS_BASE_PORT_BANK0=0x70
+CONFIG_MEMORY_MAPPED_TPM=y
+CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000
+CONFIG_VGA=y
+# CONFIG_DRIVERS_SIL_3114 is not set
+# CONFIG_DRIVERS_MTK_WIFI is not set
+# end of Generic Drivers
+
+#
+# Security
+#
+
+#
+# CBFS verification
+#
+# CONFIG_CBFS_VERIFICATION is not set
+# end of CBFS verification
+
+#
+# Verified Boot (vboot)
+#
+CONFIG_VBOOT_LIB=y
+# end of Verified Boot (vboot)
+
+#
+# Trusted Platform Module
+#
+# CONFIG_NO_TPM is not set
+# CONFIG_TPM1 is not set
+CONFIG_TPM2=y
+CONFIG_TPM=y
+# CONFIG_DEBUG_TPM is not set
+# CONFIG_TPM_RDRESP_NEED_DELAY is not set
+CONFIG_TPM_LOG_CB=y
+# CONFIG_TPM_LOG_TPM2 is not set
+CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA=""
+CONFIG_PCR_BOOT_MODE=1
+CONFIG_PCR_HWID=1
+CONFIG_PCR_SRTM=2
+CONFIG_PCR_FW_VER=10
+CONFIG_PCR_RUNTIME_DATA=3
+# end of Trusted Platform Module
+
+#
+# Memory initialization
+#
+CONFIG_PLATFORM_HAS_DRAM_CLEAR=y
+# CONFIG_SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT is not set
+# end of Memory initialization
+
+# CONFIG_INTEL_TXT is not set
+CONFIG_BOOTMEDIA_LOCK_NONE=y
+# CONFIG_BOOTMEDIA_LOCK_CONTROLLER is not set
+# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
+# end of Security
+
+CONFIG_ACPI_HAVE_PCAT_8259=y
+CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES=y
+CONFIG_ACPI_SOC_NVS=y
+CONFIG_ACPI_NO_CUSTOM_MADT=y
+CONFIG_ACPI_COMMON_MADT_LAPIC=y
+CONFIG_ACPI_COMMON_MADT_IOAPIC=y
+CONFIG_HAVE_ACPI_TABLES=y
+CONFIG_BOOT_DEVICE_NOT_SPI_FLASH=y
+CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y
+CONFIG_HEAP_SIZE=0x100000
+
+#
+# Console
+#
+CONFIG_BOOTBLOCK_CONSOLE=y
+CONFIG_POSTCAR_CONSOLE=y
+CONFIG_SQUELCH_EARLY_SMP=y
+# CONFIG_SPKMODEM is not set
+# CONFIG_CONSOLE_NE2K is not set
+CONFIG_CONSOLE_CBMEM=y
+# CONFIG_CONSOLE_CBMEM_DUMP_TO_UART is not set
+# CONFIG_CONSOLE_I2C_SMBUS is not set
+CONFIG_CONSOLE_QEMU_DEBUGCON=y
+CONFIG_CONSOLE_QEMU_DEBUGCON_PORT=0x402
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8 is not set
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7=y
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_4 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_3 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_2 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set
+# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7
+CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX=y
+CONFIG_CONSOLE_USE_ANSI_ESCAPES=y
+# CONFIG_CMOS_POST is not set
+CONFIG_HWBASE_DEBUG_CB=y
+# end of Console
+
+CONFIG_HAVE_MONOTONIC_TIMER=y
+CONFIG_HAVE_OPTION_TABLE=y
+CONFIG_IOAPIC=y
+CONFIG_USE_WATCHDOG_ON_BOOT=y
+
+#
+# System tables
+#
+CONFIG_GENERATE_SMBIOS_TABLES=y
+CONFIG_BIOS_VENDOR="coreboot"
+CONFIG_MAINBOARD_SERIAL_NUMBER="123456789"
+# end of System tables
+
+#
+# Payload
+#
+# CONFIG_PAYLOAD_NONE is not set
+# CONFIG_PAYLOAD_ELF is not set
+# CONFIG_PAYLOAD_BOOTBOOT is not set
+# CONFIG_PAYLOAD_FILO is not set
+# CONFIG_PAYLOAD_GRUB2 is not set
+# CONFIG_PAYLOAD_SEAGRUB is not set
+# CONFIG_PAYLOAD_LINUXBOOT is not set
+# CONFIG_PAYLOAD_SEABIOS is not set
+# CONFIG_PAYLOAD_UBOOT is not set
+# CONFIG_PAYLOAD_EDK2 is not set
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
+CONFIG_PAYLOAD_OPTIONS=""
+# CONFIG_PXE is not set
+CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"
+# CONFIG_PAYLOAD_IS_FLAT_BINARY is not set
+CONFIG_COMPRESS_SECONDARY_PAYLOAD=y
+
+#
+# Secondary Payloads
+#
+# CONFIG_COREINFO_SECONDARY_PAYLOAD is not set
+# CONFIG_GRUB2_SECONDARY_PAYLOAD is not set
+# CONFIG_MEMTEST_SECONDARY_PAYLOAD is not set
+# CONFIG_NVRAMCUI_SECONDARY_PAYLOAD is not set
+# CONFIG_SEABIOS_SECONDARY_PAYLOAD is not set
+# CONFIG_TINT_SECONDARY_PAYLOAD is not set
+# CONFIG_COREDOOM_SECONDARY_PAYLOAD is not set
+# end of Secondary Payloads
+# end of Payload
+
+#
+# Debugging
+#
+
+#
+# CPU Debug Settings
+#
+# CONFIG_DISPLAY_MTRRS is not set
+
+#
+# Vendorcode Debug Settings
+#
+
+#
+# BLOB Debug Settings
+#
+
+#
+# General Debug Settings
+#
+# CONFIG_GDB_STUB is not set
+# CONFIG_FATAL_ASSERTS is not set
+# CONFIG_DEBUG_CBFS is not set
+CONFIG_HAVE_DEBUG_SMBUS=y
+# CONFIG_DEBUG_SMBUS is not set
+# CONFIG_DEBUG_MALLOC is not set
+# CONFIG_DEBUG_CONSOLE_INIT is not set
+# CONFIG_DEBUG_BOOT_STATE is not set
+# CONFIG_DEBUG_ADA_CODE is not set
+# CONFIG_DEBUG_ACPICA_COMPATIBLE is not set
+# end of Debugging
+
+CONFIG_DECOMPRESS_OFAST=y
+CONFIG_PROBE_RAM=y
+CONFIG_WARNINGS_ARE_ERRORS=y
+CONFIG_MAX_REBOOT_CNT=3
+CONFIG_RELOCATABLE_MODULES=y
+CONFIG_HAVE_BOOTBLOCK=y
+CONFIG_HAVE_ROMSTAGE=y
+CONFIG_HAVE_RAMSTAGE=y

config/coreboot-talos-2.config

@@ -7,7 +7,7 @@
 # General setup
 #
 CONFIG_COREBOOT_BUILD=y
-CONFIG_LOCALVERSION="Heads-v0.2.0-2215-g21ab781-dirty"
+CONFIG_LOCALVERSION=""
 CONFIG_CBFS_PREFIX="fallback"
 CONFIG_COMPILER_GCC=y
 # CONFIG_ALLOW_EXPERIMENTAL_CLANG is not set

config/linux-linuxboot.config

@@ -1,4 +1,4 @@
-CONFIG_LOCALVERSION="-heads"
+CONFIG_LOCALVERSION="-@BRAND_NAME@"
 # CONFIG_LOCALVERSION_AUTO is not set
 CONFIG_KERNEL_XZ=y
 CONFIG_DEFAULT_HOSTNAME="linuxboot"

config/linux-talos-2.config

@@ -128,7 +128,7 @@ CONFIG_CC_HAS_INT128=y
 # CONFIG_SYSFS_DEPRECATED is not set
 CONFIG_RELAY=y
 CONFIG_BLK_DEV_INITRD=y
-CONFIG_INITRAMFS_SOURCE="../../talos-2/initrd.cpio"
+CONFIG_INITRAMFS_SOURCE="../@BOARD_BUILD_DIR@/initrd.cpio"
 CONFIG_INITRAMFS_ROOT_UID=0
 CONFIG_INITRAMFS_ROOT_GID=0
 # CONFIG_RD_GZIP is not set

docker_latest.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+
+# Inform the user that the latest published Docker image is being used
+echo "Using the latest Docker image: tlaurion/heads-dev-env:latest"
+DOCKER_IMAGE="tlaurion/heads-dev-env:latest"
+
+# Function to display usage information
+usage() {
+	echo "Usage: $0 [OPTIONS] -- [COMMAND]"
+	echo "Options:"
+	echo "  CPUS=N  Set the number of CPUs"
+	echo "  V=1     Enable verbose mode"
+	echo "Command:"
+	echo "  The command to run inside the Docker container, e.g., make BOARD=BOARD_NAME"
+}
+
+# Function to kill GPG toolstack related processes using USB devices
+kill_usb_processes() {
+	# check if scdaemon or pcscd processes are using USB devices
+	if [ -d /dev/bus/usb ]; then
+		if sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' >/dev/null; then
+			echo "Killing GPG toolstack related processes using USB devices..."
+			sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print $1}' | xargs -r sudo kill -9
+		fi
+	fi
+}
+
+# Handle Ctrl-C (SIGINT) to exit gracefully
+trap "echo 'Script interrupted. Exiting...'; exit 1" SIGINT
+
+# Check if --help or -h is provided
+for arg in "$@"; do
+	if [[ "$arg" == "--help" || "$arg" == "-h" ]]; then
+		usage
+		exit 0
+	fi
+done
+
+# Kill processes using USB devices
+kill_usb_processes
+
+# Inform the user about entering the Docker container
+echo "----"
+echo "Usage reminder: The minimal command is 'make BOARD=XYZ', where additional options, including 'V=1' or 'CPUS=N' are optional."
+echo "For more advanced QEMU testing options, refer to targets/qemu.md and boards/qemu-*/*.config."
+echo
+echo "Type exit within docker image to get back to host if launched interactively!"
+echo "----"
+echo
+
+# Execute the docker run command with the provided parameters
+if [ -d "/dev/bus/usb" ]; then
+	echo "--->Launching container with access to host's USB buses (some USB devices were connected to host)..."
+	docker run --device=/dev/bus/usb:/dev/bus/usb -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) $DOCKER_IMAGE -- "$@"
+else
+	echo "--->Launching container without access to host's USB buses (no USB devices was connected to host)..."
+	docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) $DOCKER_IMAGE -- "$@"
+fi

docker_local_dev.sh

@@ -0,0 +1,93 @@
+#!/bin/bash
+
+#locally build docker name is linuxboot/heads:dev-env
+DOCKER_IMAGE="linuxboot/heads:dev-env"
+
+# Check if Nix is installed
+if ! command -v nix &>/dev/null; then
+	echo "Nix is not installed or not in the PATH. Please install Nix before running this script."
+	echo "Refer to the README.md at the root of the repository for installation instructions."
+	exit 1
+fi
+
+# Check if Docker is installed
+if ! command -v docker &>/dev/null; then
+	echo "Docker is not installed or not in the PATH. Please install Docker before running this script."
+	echo "Refer to the README.md at the root of the repository for installation instructions."
+	exit 1
+fi
+
+# Inform the user about the Docker image being used
+echo "!!! This ./docker_local_dev.sh script is for developers usage only. !!!"
+echo ""
+echo "Using the last locally built Docker image when flake.nix/flake.lock was modified and repo was dirty: linuxboot/heads:dev-env"
+echo "!!! Warning: Using anything other than the published Docker image might lead to non-reproducible builds. !!!"
+echo ""
+echo "For using the latest published Docker image, refer to ./docker_latest.sh."
+echo "For producing reproducible builds as CircleCI, refer to ./docker_repro.sh."
+echo ""
+
+# Function to display usage information
+usage() {
+	echo "Usage: $0 [OPTIONS] -- [COMMAND]"
+	echo "Options:"
+	echo "  CPUS=N  Set the number of CPUs"
+	echo "  V=1     Enable verbose mode"
+	echo "Command:"
+	echo "  The command to run inside the Docker container, e.g., make BOARD=BOARD_NAME"
+}
+
+# Function to kill GPG toolstack related processes using USB devices
+kill_usb_processes() {
+	# check if scdaemon or pcscd processes are using USB devices
+	if [ -d /dev/bus/usb ]; then
+		if sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' >/dev/null; then
+			echo "Killing GPG toolstack related processes using USB devices..."
+			sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print $1}' | xargs -r sudo kill -9
+		fi
+	fi
+}
+
+# Handle Ctrl-C (SIGINT) to exit gracefully
+trap "echo 'Script interrupted. Exiting...'; exit 1" SIGINT
+
+# Check if --help or -h is provided
+for arg in "$@"; do
+	if [[ "$arg" == "--help" || "$arg" == "-h" ]]; then
+		usage
+		exit 0
+	fi
+done
+
+# Check if the git repository is dirty and if flake.nix or flake.lock are part of the uncommitted changes
+if [ -n "$(git status --porcelain | grep -E 'flake\.nix|flake\.lock')" ]; then
+	echo "**Warning: Uncommitted changes detected in flake.nix or flake.lock. The Docker image will be rebuilt!**"
+	echo "If this was not intended, please CTRL-C now, commit your changes and rerun the script."
+	echo "Building the Docker image from flake.nix..."
+	nix --print-build-logs --verbose develop --ignore-environment --command true
+	nix --print-build-logs --verbose build .#dockerImage && docker load <result
+else
+	echo "Git repository is clean. Using the previously built Docker image when repository was unclean and flake.nix/flake.lock changes were uncommited."
+	sleep 1
+fi
+
+# Kill processes using USB devices
+kill_usb_processes
+
+# Inform the user about entering the Docker container
+echo "----"
+echo "Usage reminder: The minimal command is 'make BOARD=XYZ', where additional options, including 'V=1' or 'CPUS=N' are optional."
+echo "For more advanced QEMU testing options, refer to targets/qemu.md and boards/qemu-*/*.config."
+echo
+echo "Type exit within docker image to get back to host if launched interactively!"
+echo "----"
+echo
+
+# Execute the docker run command with the provided parameters
+if [ -d "/dev/bus/usb" ]; then
+	echo "--->Launching container with access to host's USB buses (some USB devices were connected to host)..."
+	docker run --device=/dev/bus/usb:/dev/bus/usb -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) $DOCKER_IMAGE -- "$@"
+else
+	echo "--->Launching container without access to host's USB buses (no USB devices was connected to host)..."
+	docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) $DOCKER_IMAGE -- "$@"
+fi

docker_repro.sh

@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# Extract the Docker image version from the CircleCI config file
+DOCKER_IMAGE=$(grep -oP '^\s*-?\s*image:\s*\K(tlaurion/heads-dev-env:[^\s]+)' .circleci/config.yml | head -n 1)
+
+# Check if the Docker image was found
+if [ -z "$DOCKER_IMAGE" ]; then
+	echo "Error: Docker image not found in .circleci/config.yml"
+	exit 1
+fi
+
+# Inform the user about the versioned CircleCI Docker image being used
+echo "Using CircleCI Docker image: $DOCKER_IMAGE"
+
+# Function to display usage information
+usage() {
+	echo "Usage: $0 [OPTIONS] -- [COMMAND]"
+	echo "Options:"
+	echo "  CPUS=N  Set the number of CPUs"
+	echo "  V=1     Enable verbose mode"
+	echo "Command:"
+	echo "  The command to run inside the Docker container, e.g., make BOARD=BOARD_NAME"
+}
+
+# Function to kill GPG toolstack related processes using USB devices
+kill_usb_processes() {
+	# check if scdaemon or pcscd processes are using USB devices
+	if [ -d /dev/bus/usb ]; then
+		if sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' >/dev/null; then
+			echo "Killing GPG toolstack related processes using USB devices..."
+			sudo lsof /dev/bus/usb/00*/0* 2>/dev/null | awk 'NR>1 {print $2}' | xargs -r ps -p | grep -E 'scdaemon|pcscd' | awk '{print $1}' | xargs -r sudo kill -9
+		fi
+	fi
+}
+
+# Handle Ctrl-C (SIGINT) to exit gracefully
+trap "echo 'Script interrupted. Exiting...'; exit 1" SIGINT
+
+# Check if --help or -h is provided
+for arg in "$@"; do
+	if [[ "$arg" == "--help" || "$arg" == "-h" ]]; then
+		usage
+		exit 0
+	fi
+done
+
+# Kill processes using USB devices
+kill_usb_processes
+
+# Inform the user about entering the Docker container
+echo "----"
+echo "Usage reminder: The minimal command is 'make BOARD=XYZ', where additional options, including 'V=1' or 'CPUS=N' are optional."
+echo "For more advanced QEMU testing options, refer to targets/qemu.md and boards/qemu-*/*.config."
+echo
+echo "Type exit within docker image to get back to host if launched interactively!"
+echo "----"
+echo
+
+# Execute the docker run command with the provided parameters
+if [ -d "/dev/bus/usb" ]; then
+	echo "--->Launching container with access to host's USB buses (some USB devices were connected to host)..."
+	docker run --device=/dev/bus/usb:/dev/bus/usb -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) $DOCKER_IMAGE -- "$@"
+else
+	echo "--->Launching container without access to host's USB buses (no USB devices was connected to host)..."
+	docker run -e DISPLAY=$DISPLAY --network host --rm -ti -v $(pwd):$(pwd) -w $(pwd) $DOCKER_IMAGE -- "$@"
+fi

flake.nix

@@ -139,15 +139,17 @@
             -e ACLOCAL_PATH \
             ${self.devShell.${system}} >/devenv.sh
 
-          # Git configuration for safe directory access.
-          printf '[safe]\n\tdirectory = *\n' >/.gitconfig
           mkdir /tmp; # Temporary directory for various operations.
+          chmod 1777 /tmp
 
           # Ensure /etc/passwd and /etc/group exist with root entries
           echo "root:x:0:0:root:/root:/bin/bash" > /etc/passwd
           echo "root:x:0:" > /etc/group
           mkdir -p /root
           chmod 700 /root
+
+          # Git configuration for safe directory access.
+          echo -e '[safe]\n\tdirectory = *\n' > /root/.gitconfig
         '';
       };
     });

initrd/bin/config-gui.sh

@@ -71,12 +71,10 @@ while true; do
     )
 
     # Boards with built-in keyboards can support optional USB keyboards as well.
-    # Export CONFIG_SUPPORT_USB_KEYBOARD=y to enable optional support.
-    # Boards that do not have a built-in keyboard export
+    # Boards that do not have a built-in keyboard/internal keyboard is USB connected export
     # CONFIG_USB_KEYBOARD_REQUIRED=y; this hides the config option and ensures
     # USB keyboard support always loads.
-    [ "$CONFIG_SUPPORT_USB_KEYBOARD" = y ] && [ "$CONFIG_USB_KEYBOARD_REQUIRED" != y ] \
-        && dynamic_config_options+=(
+    [ "$CONFIG_USB_KEYBOARD_REQUIRED" != y ] && dynamic_config_options+=(
             'K' " $(get_config_display_action "$CONFIG_USER_USB_KEYBOARD") USB keyboard"
         )
 

initrd/bin/oem-factory-reset

@@ -680,7 +680,7 @@ generate_checksums() {
     fi
 
     DEBUG "Detach-signing boot files under kexec.sig: ${param_files}"
-    if sha256sum $param_files 2>/dev/null | DO_WITH_DEBUG gpg \
+    if sha256sum $param_files 2>/dev/null | DO_WITH_DEBUG --mask-position 4 gpg \
         --pinentry-mode loopback \
         --passphrase "${USER_PIN}" \
         --digest-algo SHA256 \

initrd/bin/unpack_initramfs.sh

@@ -45,7 +45,10 @@ consume_zeros() {
 
 unpack_cpio() {
 	TRACE_FUNC
-    (cd "$dest_dir"; cpio -i "${CPIO_ARGS[@]}" 2>/dev/null)
+	(
+		cd "$dest_dir"
+		cpio -i "${CPIO_ARGS[@]}" 2>/dev/null
+	)
 }
 
 # unpack the first segment of an archive, then write the rest to another file
@@ -72,14 +75,14 @@ unpack_first_segment() {
 			# Copy the remaining data
 			cat
 			;;
-            303730373031*|303730373032*)    # plain cpio
+		303730373031* | 303730373032*) # plain cpio
 			DEBUG "archive segment $magic: plain cpio"
 			# Unpack the plain cpio, this stops reading after the trailer
 			unpack_cpio
 			# Copy the remaining data
 			cat
 			;;
-            1f8b*|1f9e*)    # gzip
+		1f8b* | 1f9e*) # gzip
 			DEBUG "archive segment $magic: gzip"
 			# gunzip won't stop when reaching the end of the gzipped member,
 			# so we can't read another segment after this.  We can't
@@ -87,6 +90,10 @@ unpack_first_segment() {
 			# walking all the compressed blocks.
 			gunzip | unpack_cpio
 			;;
+		fd37*) # xz
+			DEBUG "archive segment $magic: xz"
+			unxz | unpack_cpio
+			;;
 		28b5*) # zstd
 			DEBUG "archive segment $magic: zstd"
 			# Like gunzip, this will not stop when reaching the end of the
@@ -96,6 +103,26 @@ unpack_first_segment() {
 			;;
 		*) # unknown
 			die "Can't decompress initramfs archive, unknown type: $magic"
+			# The following are magic values for other compression formats
+			#  but not added because not tested.
+			# TODO: open an issue for unsupported magic number reported on die.
+			# 
+			#425a*) # bzip2
+			#	DEBUG "archive segment $magic: bzip2"
+			#	bunzip2 | unpack_cpio
+			#;;
+			#5d00*) # lzma
+			#	DEBUG "archive segment $magic: lzma"
+			#	unlzma | unpack_cpio
+			#;;
+			#894c*) # lzo
+			#	DEBUG "archive segment $magic: lzo"
+			#	lzop -d | unpack_cpio
+			#;;
+			#0221*) # lz4
+			#	DEBUG "archive segment $magic: lz4"
+			#	lz4 -d | unpack_cpio
+			#	;;
 			;;
 		esac
 	) <"$unpack_archive" >"$rest_archive"

modules/linux

@@ -79,6 +79,8 @@ $(INSTALL)/include/linux/limits.h: $(build)/$(linux_base_dir)/.canary
 		KCONFIG_CONFIG="$(pwd)/$(linux_kconfig)" \
 		headers_install
 
+# Inconditional: add USB keyboard support to all boards (linux_modules-y)
+linux_modules-y	+= drivers/hid/usbhid/usbhid.ko
 
 # qemu
 linux_modules-$(CONFIG_LINUX_E1000)	+= drivers/net/ethernet/intel/e1000/e1000.ko
@@ -122,9 +124,6 @@ linux_modules-$(CONFIG_LINUX_USB)	+= drivers/usb/host/xhci-hcd.ko
 linux_modules-$(CONFIG_LINUX_USB)	+= drivers/usb/host/xhci-pci.ko
 linux_modules-$(CONFIG_LINUX_USB)	+= drivers/usb/storage/usb-storage.ko
 
-#USB modules when a USB keyboard is defined in board config
-linux_modules-$(CONFIG_SUPPORT_USB_KEYBOARD)	+= drivers/hid/usbhid/usbhid.ko
-
 #USB modules for Mobile USB Tethering (Most Android phones, Librem phone, etc)
 linux_modules-$(CONFIG_MOBILE_TETHERING)	+= drivers/net/mii.ko
 linux_modules-$(CONFIG_MOBILE_TETHERING)	+= drivers/net/usb/usbnet.ko
@@ -160,7 +159,7 @@ linux_target := \
 	$(MAKE_JOBS) \
 
 # We cross compile linux now
-linux_depends := musl-cross
+linux_depends := musl-cross-make
 
 #
 # Linux kernel module installation

modules/lvm2

@@ -16,6 +16,9 @@ lvm2_configure := \
 	--host $(MUSL_ARCH)-elf-linux \
 	--prefix "" \
 	--libexecdir "/bin" \
+	--with-default-pid-dir=/run \
+	--with-default-dm-run-dir=/run \
+	--with-default-run-dir=/run/lvm \
 	--with-optimisation=-Os \
 	--enable-devmapper \
 	--disable-selinux \

modules/musl-cross-make

@@ -2,13 +2,13 @@ CONFIG_MUSL ?= y
 
 ifeq "$(MUSL_CROSS_ONCE)" ""
 MUSL_CROSS_ONCE := 1
-modules-$(CONFIG_MUSL) += musl-cross
+modules-$(CONFIG_MUSL) += musl-cross-make
 
-musl-cross_version := 38e52db8358c043ae82b346a2e6e66bc86a53bc1
-musl-cross_dir := musl-cross-$(musl-cross_version)
-musl-cross_url := https://github.com/richfelker/musl-cross-make/archive/$(musl-cross_version).tar.gz
-musl-cross_tar := musl-cross-$(musl-cross_version).tar.gz
-musl-cross_hash := b4b85d6d3ddab0f2b8650a53e775673f8c346fa2fb07d652a9880bd206ade100
+musl-cross-make_version := fd6be58297ee21fcba89216ccd0d4aca1e3f1c5c
+musl-cross-make_dir := musl-cross-make-$(musl-cross-make_version)
+musl-cross-make_url := https://github.com/richfelker/musl-cross-make/archive/$(musl-cross-make_version).tar.gz
+musl-cross-make_tar := musl-cross-make-$(musl-cross-make_version).tar.gz
+musl-cross-make_hash := 15b8e0a287d738a46e069e90d67a8d96213b357b79aaf3e8cf0cd40e4b230d9e
 
 
 ifneq "$(CROSS)" ""
@@ -20,42 +20,42 @@ else
 $(info Using $(CROSS)gcc)
 endif
 
-# The cross compiler has already been built, so the musl-cross target
+# The cross compiler has already been built, so the musl-cross-make target
 # is a NOP.  We really don't need to check out this code tree, but it is easier
 # if we have a target for it.
-musl-cross_target := --version
+musl-cross-make_target := --version
 
 # Ask the compiler where to find its own libc.so
-musl-cross_libraries := \
+musl-cross-make_libraries := \
 	$(shell $(CROSS)gcc --print-file-name=libc.so) \
 
 else
 
 # Force a full build of the cross compiler for target platform
 # No need to build i386 for x86 since coreboot uses its own compiler
-musl-cross_configure := \
+musl-cross-make_configure := \
 	echo -e >> Makefile 'musl-target:' ; \
 	echo -e >> Makefile '\t$$$$(MAKE) TARGET="$(MUSL_ARCH)-linux-musl" install' ;
 
 CROSS_PATH ?= $(pwd)/crossgcc/$(CONFIG_TARGET_ARCH)
 
-musl-cross_target := \
+musl-cross-make_target := \
 	OUTPUT="$(CROSS_PATH)" \
 	MAKE="$(MAKE)" \
 	$(MAKE_JOBS) \
 	"musl-target"
 
 CROSS := $(CROSS_PATH)/bin/$(subst -,_,$(MUSL_ARCH))-linux-musl-
-musl-cross_libraries := $(CROSS_PATH)/$(subst -,_,$(MUSL_ARCH))-linux-musl/lib/libc.so
+musl-cross-make_libraries := $(CROSS_PATH)/$(subst -,_,$(MUSL_ARCH))-linux-musl/lib/libc.so
 
 endif
 
 
-musl-cross_output := $(CROSS)gcc
+musl-cross-make_output := $(CROSS)gcc
 
 ## Fake a target so that musl will force a header install by the
 ## Linux kernel sources.
-$(build)/$(musl-cross_dir)/.build: $(INSTALL)/include/linux/limits.h
+$(build)/$(musl-cross-make_dir)/.build: $(INSTALL)/include/linux/limits.h
 
 
 endif

modules/newt

@@ -2,16 +2,15 @@ modules-$(CONFIG_NEWT) += newt
 
 newt_depends := popt slang $(musl_dep)
 
-newt_version := 0.52.20
+newt_version := 0.52.24
 newt_dir := newt-$(newt_version)
 newt_tar := newt-$(newt_version).tar.gz
 newt_url := https://releases.pagure.org/newt/$(newt_tar)
-newt_hash := 8d66ba6beffc3f786d4ccfee9d2b43d93484680ef8db9397a4fb70b5adbb6dbc
+newt_hash := 5ded7e221f85f642521c49b1826c8de19845aa372baf5d630a51774b544fbdbb
 
 newt_target := \
 	#We remove Makefile passed number of jobs to only pass one job, otherwise fails to build
 	#$(MAKE_JOBS) \
-	-j1 \
 	$(CROSS_TOOLS) \
 
 newt_output := \

patches/coreboot-talos_2/0003-ugly_skiboot-patch_fix_for_newer_gcc_from_musl_125.patch

@@ -0,0 +1,17 @@
+diff --git a/payloads/external/skiboot/patches/0002-ugly_fix_for_newer_gcc_from_musl_125.patch b/payloads/external/skiboot/patches/0002-ugly_fix_for_newer_gcc_from_musl_125.patch
+new file mode 100644
+index 0000000..5db9bca
+--- /dev/null
++++ b/payloads/external/skiboot/patches/0002-ugly_fix_for_newer_gcc_from_musl_125.patch
+@@ -0,0 +1,11 @@
++--- Makefile.main.orig	2024-11-06 16:19:12.161240140 -0500
+++++ Makefile.main	2024-11-06 16:23:01.119252412 -0500
++@@ -74,7 +74,7 @@
++ CPPFLAGS += -DDEBUG -DCCAN_LIST_DEBUG
++ endif
++ 
++-CFLAGS := -fno-strict-aliasing -pie -fpie -fno-pic -mbig-endian -m64 -fno-asynchronous-unwind-tables
+++CFLAGS := -Wno-error=address-of-packed-member -Wno-error=format-overflow -fno-strict-aliasing -pie -fpie -fno-pic -mbig-endian -m64 -fno-asynchronous-unwind-tables
++ CFLAGS += -mcpu=power7
++ CFLAGS += -Wl,--oformat,elf64-powerpc -ggdb
++ CFLAGS += $(call try-cflag,$(CC),-ffixed-r13)

targets/split_8mb4mb.mk

@@ -7,12 +7,24 @@
 #
 # When flashing via an external programmer it is easiest to have
 # two separate files for these pieces.
-all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom
-$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE)
-	$(call do,DD 8MB,$@,dd of=$@ if=$< bs=65536 count=128 skip=0 status=none)
-	@sha256sum $@ | tee -a "$(HASHES)"
+all: bottom top
 
-all: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom
-$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE)
-	$(call do,DD 4MB,$@,dd of=$@ if=$< bs=65536 count=64 skip=128 status=none)
-	@sha256sum $@ | tee -a "$(HASHES)"
+bottom: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom
+
+$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom: $(board_build)/$(CB_OUTPUT_FILE) FORCE
+	@rm -f $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom
+	$(call do,DD 8MB,$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom,dd if=$< of=$@ bs=65536 count=128 skip=0 status=none)
+	@sha256sum $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom | tee -a "$(HASHES)"
+	@stat -c "%8s:%n" $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-bottom.rom | tee -a "$(SIZES)"
+
+top: $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom
+
+$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom: $(board_build)/$(CB_OUTPUT_FILE) FORCE
+	@rm -f $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom
+	$(call do,DD 4MB,$(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom,dd if=$< of=$@ bs=65536 count=64 skip=128 status=none)
+	@sha256sum $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom | tee -a "$(HASHES)"
+	@stat -c "%8s:%n" $(board_build)/heads-$(BOARD)-$(HEADS_GIT_VERSION)-top.rom | tee -a "$(SIZES)"
+
+FORCE:
+
+.PHONY: all bottom top FORCE