diff --git a/boards/optiplex-7010_9010-hotp-maximized/optiplex-7010_9010-hotp-maximized.config b/boards/optiplex-7010_9010-hotp-maximized/optiplex-7010_9010-hotp-maximized.config
new file mode 100644
index 00000000..d562e43b
--- /dev/null
+++ b/boards/optiplex-7010_9010-hotp-maximized/optiplex-7010_9010-hotp-maximized.config
@@ -0,0 +1,93 @@
+# Configuration for a Optiplex 7010/9010 SFF running Qubes 4.1 and other Linux Based OSes (through kexec)
+#
+# Includes 
+# - Deactivated+neutered ME and expanded consequent IFD BIOS regions 
+# - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx30/extract.sh)
+#   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
+#
+# - Includes: Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=24.02.01
+export CONFIG_LINUX_VERSION=5.10.5
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-optiplex-7019_9010-maximized.config
+CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
+
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+CONFIG_MOBILE_TETHERING=y
+
+#Modules packed into tools.cpio
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+#Runtime tools to write to MSR
+#CONFIG_MSRTOOLS=y
+#Remote attestation support
+# TPM2 requirements
+#CONFIG_TPM2_TSS=y
+#CONFIG_OPENSSL=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=y
+
+
+#platform locking finalization (PR0)
+# This prevents SPI from being writeable outside of Heads
+CONFIG_IO386=y
+export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y
+
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+#export CONFIG_TPM2_TOOLS=y
+#export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD=""
+export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOARD_NAME="Dell Optiplex 7010/9010 HOTP maximized"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+
+#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP
+BOARD_TARGETS := xx30_me_blobs
+
+#Include bits related to Optiplex blobs (not enabling TXT in coreboot config)
+BOARD_TARGETS += optiplex_blobs
+
+# Generate split 4MB top / 8MB bottom ROMs
+BOARD_TARGETS += split_8mb4mb
diff --git a/boards/optiplex-7010_9010-maximized/optiplex-7010_9010-maximized.config b/boards/optiplex-7010_9010-maximized/optiplex-7010_9010-maximized.config
index f2ddca8f..704c63eb 100644
--- a/boards/optiplex-7010_9010-maximized/optiplex-7010_9010-maximized.config
+++ b/boards/optiplex-7010_9010-maximized/optiplex-7010_9010-maximized.config
@@ -22,6 +22,7 @@ CONFIG_LINUX_USB=y
 CONFIG_LINUX_E1000E=y
 CONFIG_MOBILE_TETHERING=y
 
+#Modules packed into tools.cpio
 CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
@@ -31,15 +32,12 @@ CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_PCIUTILS=y
-
-#platform locking finalization (PR0)
-CONFIG_IO386=y
-export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y
-
-
+#Runtime tools to write to MSR
+#CONFIG_MSRTOOLS=y
 #Remote attestation support
-#TPM based requirements
-export CONFIG_TPM=y
+# TPM2 requirements
+#CONFIG_TPM2_TSS=y
+#CONFIG_OPENSSL=y
 CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
@@ -47,8 +45,14 @@ CONFIG_TPMTOTP=y
 #With/Without TPM support
 #CONFIG_HOTPKEY=y
 
-#Nitrokey Storage admin tool
-CONFIG_NKSTORECLI=n
+
+#platform locking finalization (PR0)
+# This prevents SPI from being writeable outside of Heads
+CONFIG_IO386=y
+export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y
+
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
 
 #GUI Support
 #Console based Whiptail support(Console based, no FB):
@@ -58,10 +62,18 @@ CONFIG_NKSTORECLI=n
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
 
-#Additional tools:
+#Additional tools (tools.cpio):
 #SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
 CONFIG_DROPBEAR=y
 
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+#export CONFIG_TPM2_TOOLS=y
+#export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+export CONFIG_TPM=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n
diff --git a/boards/optiplex-7010_9010_TXT-hotp-maximized/optiplex-7010_9010_TXT-hotp-maximized.config b/boards/optiplex-7010_9010_TXT-hotp-maximized/optiplex-7010_9010_TXT-hotp-maximized.config
new file mode 100644
index 00000000..e93b9b5d
--- /dev/null
+++ b/boards/optiplex-7010_9010_TXT-hotp-maximized/optiplex-7010_9010_TXT-hotp-maximized.config
@@ -0,0 +1,93 @@
+# Configuration for a Optiplex 7010/9010 SFF running Qubes 4.1 and other Linux Based OSes (through kexec)
+#
+# Includes 
+# - Deactivated+neutered ME and expanded consequent IFD BIOS regions 
+# - Forged 00:DE:AD:C0:FF:EE MAC address  (if not extracting gbe.bin from backup with blobs/xx30/extract.sh)
+#   - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
+#
+# - Includes: Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=24.02.01
+export CONFIG_LINUX_VERSION=5.10.5
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-optiplex-7019_9010_TXT-maximized.config
+CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
+
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_E1000E=y
+CONFIG_MOBILE_TETHERING=y
+
+#Modules packed into tools.cpio
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+#Runtime tools to write to MSR
+#CONFIG_MSRTOOLS=y
+#Remote attestation support
+# TPM2 requirements
+#CONFIG_TPM2_TSS=y
+#CONFIG_OPENSSL=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=y
+
+
+#platform locking finalization (PR0)
+# This prevents SPI from being writeable outside of Heads
+CONFIG_IO386=y
+export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y
+
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+#export CONFIG_TPM2_TOOLS=y
+#export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD=""
+export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOARD_NAME="Dell Optiplex 7010/9010 HOTP maximized (TXT enabled)"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+
+#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP
+BOARD_TARGETS := xx30_me_blobs
+
+#Include bits related to Optiplex blobs (enabling TXT in coreboot config)
+BOARD_TARGETS += optiplex_blobs
+
+# Generate split 4MB top / 8MB bottom ROMs
+BOARD_TARGETS += split_8mb4mb
diff --git a/boards/optiplex-7010_9010_TXT-maximized/optiplex-7010_9010_TXT-maximized.config b/boards/optiplex-7010_9010_TXT-maximized/optiplex-7010_9010_TXT-maximized.config
index b2de24b4..3729eead 100644
--- a/boards/optiplex-7010_9010_TXT-maximized/optiplex-7010_9010_TXT-maximized.config
+++ b/boards/optiplex-7010_9010_TXT-maximized/optiplex-7010_9010_TXT-maximized.config
@@ -22,6 +22,7 @@ CONFIG_LINUX_USB=y
 CONFIG_LINUX_E1000E=y
 CONFIG_MOBILE_TETHERING=y
 
+#Modules packed into tools.cpio
 CONFIG_CRYPTSETUP2=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
@@ -31,15 +32,12 @@ CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_PCIUTILS=y
-
-#platform locking finalization (PR0)
-CONFIG_IO386=y
-export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y
-
-
+#Runtime tools to write to MSR
+#CONFIG_MSRTOOLS=y
 #Remote attestation support
-#TPM based requirements
-export CONFIG_TPM=y
+# TPM2 requirements
+#CONFIG_TPM2_TSS=y
+#CONFIG_OPENSSL=y
 CONFIG_POPT=y
 CONFIG_QRENCODE=y
 CONFIG_TPMTOTP=y
@@ -47,8 +45,14 @@ CONFIG_TPMTOTP=y
 #With/Without TPM support
 #CONFIG_HOTPKEY=y
 
-#Nitrokey Storage admin tool
-CONFIG_NKSTORECLI=n
+
+#platform locking finalization (PR0)
+# This prevents SPI from being writeable outside of Heads
+CONFIG_IO386=y
+export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y
+
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
 
 #GUI Support
 #Console based Whiptail support(Console based, no FB):
@@ -58,10 +62,18 @@ CONFIG_NKSTORECLI=n
 CONFIG_CAIRO=y
 CONFIG_FBWHIPTAIL=y
 
-#Additional tools:
+#Additional tools (tools.cpio):
 #SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
 CONFIG_DROPBEAR=y
 
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+#export CONFIG_TPM2_TOOLS=y
+#export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+export CONFIG_TPM=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n