diff --git a/.circleci/config.yml b/.circleci/config.yml index d85279e3..0f0ba68c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -510,13 +510,21 @@ workflows: requires: - librem_14 + # t480 is based on 24.12 coreboot release, not sharing any buildstack from now, depend on muscl-cross cache + - build: + name: t480-hotp-maximized + target: t480-hotp-maximized + subcommand: "" + requires: + - x86-musl-cross-make + # t480 is based on 24.12 coreboot release, not sharing any buildstack from now, depend on muscl-cross cache - build: name: t480-maximized target: t480-maximized subcommand: "" requires: - - x86-musl-cross-make + - t480-hotp-maximized # dasharo release, share 24.02.01 utils/crossgcc - build: diff --git a/boards/t480-hotp-maximized/t480-hotp-maximized.config b/boards/t480-hotp-maximized/t480-hotp-maximized.config new file mode 100644 index 00000000..fd79aaa9 --- /dev/null +++ b/boards/t480-hotp-maximized/t480-hotp-maximized.config @@ -0,0 +1,75 @@ +# Configuration for a ThinkPad T480. + +export CONFIG_COREBOOT=y +export CONFIG_COREBOOT_VERSION=t480 +export CONFIG_LINUX_VERSION=6.1.8 + +CONFIG_COREBOOT_CONFIG=config/coreboot-t480.config +# TODO: Make a ThinkPad-common Linux config file. +CONFIG_LINUX_CONFIG=config/linux-t480.config + +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=y +CONFIG_MOBILE_TETHERING=y + +#Modules packed into tools.cpio +CONFIG_CRYPTSETUP2=y +CONFIG_FLASHPROG=y +CONFIG_FLASHTOOLS=y +CONFIG_GPG2=y +CONFIG_KEXEC=y +CONFIG_UTIL_LINUX=y +CONFIG_LVM2=y +CONFIG_MBEDTLS=y +CONFIG_PCIUTILS=y + +#platform locking finalization (PR0) +CONFIG_IO386=y +export CONFIG_FINALIZE_PLATFORM_LOCKING=y + + +#Remote attestation support +# TPM2 requirements +#CONFIG_TPM2_TSS=y +#CONFIG_OPENSSL=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +CONFIG_HOTPKEY=y + +#Nitrokey Storage admin tool +CONFIG_NKSTORECLI=n + +#GUI Support +#Console based Whiptail support(Console based, no FB): +#CONFIG_SLANG=y +#CONFIG_NEWT=y +#FBWhiptail based (Graphical): +CONFIG_CAIRO=y +CONFIG_FBWHIPTAIL=y + +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y + +export CONFIG_TPM=y +#Enable DEBUG output, debug output probably a good idea for first tests +export CONFIG_DEBUG_OUTPUT=y +export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=n +#Enable TPM2 pcap output under /tmp +export CONFIG_TPM2_CAPTURE_PCAP=n +#Enable quiet mode: technical information logged under /tmp/debug.log, not quiet for first test +export CONFIG_QUIET_MODE=n +export CONFIG_BOOTSCRIPT=/bin/gui-init +export CONFIG_BOOT_REQ_HASH=n +export CONFIG_BOOT_REQ_ROLLBACK=n +export CONFIG_BOOT_KERNEL_ADD="" +export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOARD_NAME="Thinkpad T480-hotp-maximized" +export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal" + +# t480 blobs requirements +BOARD_TARGETS += t480_me_blobs diff --git a/boards/t480-maximized/t480-maximized.config b/boards/t480-maximized/t480-maximized.config index ba349d35..e7068d5b 100644 --- a/boards/t480-maximized/t480-maximized.config +++ b/boards/t480-maximized/t480-maximized.config @@ -1,12 +1,20 @@ # Configuration for a ThinkPad T480. -CONFIG_COREBOOT_CONFIG=config/coreboot-t480.config -# TODO: Make a ThinkPad-common Linux config file. -CONFIG_LINUX_CONFIG=config/linux-t480.config +# - DOES NOT INCLUDE Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code) export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=t480 export CONFIG_LINUX_VERSION=6.1.8 +CONFIG_COREBOOT_CONFIG=config/coreboot-t480.config +# TODO: Make a ThinkPad-common Linux config file. +CONFIG_LINUX_CONFIG=config/linux-t480.config + +#On-demand hardware support (modules.cpio) +CONFIG_LINUX_USB=y +CONFIG_LINUX_E1000E=y +CONFIG_MOBILE_TETHERING=y + +#Modules packed into tools.cpio CONFIG_CRYPTSETUP2=y CONFIG_FLASHPROG=y CONFIG_FLASHTOOLS=y @@ -16,23 +24,37 @@ CONFIG_UTIL_LINUX=y CONFIG_LVM2=y CONFIG_MBEDTLS=y CONFIG_PCIUTILS=y -CONFIG_POPT=y -CONFIG_QRENCODE=y -CONFIG_TPMTOTP=y #platform locking finalization (PR0) -# Disable for first try, enable when rest works CONFIG_IO386=y export CONFIG_FINALIZE_PLATFORM_LOCKING=y -# Dependencies for a graphical menu. Enable CONFIG_SLANG and CONFIG_NEWT instead -# for a console-based menu. +#Remote attestation support +# TPM2 requirements +#CONFIG_TPM2_TSS=y +#CONFIG_OPENSSL=y +CONFIG_POPT=y +CONFIG_QRENCODE=y +CONFIG_TPMTOTP=y +#HOTP based remote attestation for supported USB Security dongle +#With/Without TPM support +#CONFIG_HOTPKEY=y + +#Nitrokey Storage admin tool +CONFIG_NKSTORECLI=n + +#GUI Support +#Console based Whiptail support(Console based, no FB): +#CONFIG_SLANG=y +#CONFIG_NEWT=y +#FBWhiptail based (Graphical): CONFIG_CAIRO=y CONFIG_FBWHIPTAIL=y -CONFIG_LINUX_USB=y -CONFIG_MOBILE_TETHERING=y +#Additional tools (tools.cpio): +#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E) +CONFIG_DROPBEAR=y export CONFIG_TPM=y #Enable DEBUG output, debug output probably a good idea for first tests @@ -45,7 +67,9 @@ export CONFIG_QUIET_MODE=n export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n -export CONFIG_BOARD_NAME="ThinkPad T480" +export CONFIG_BOOT_KERNEL_ADD="" +export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off" +export CONFIG_BOARD_NAME="Thinkpad T480-maximized" export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal" # t480 blobs requirements diff --git a/boards/t480p-hotp-maximized/t480-hotp-maximized.config b/boards/t480p-hotp-maximized/t480-hotp-maximized.config deleted file mode 100644 index e48ee2fe..00000000 --- a/boards/t480p-hotp-maximized/t480-hotp-maximized.config +++ /dev/null @@ -1,7 +0,0 @@ -# Inherit the rest from the base T440p config. -include $(pwd)/boards/t480-maximized/t480-maximized.config - -CONFIG_HOTPKEY=y -export CONFIG_AUTO_BOOT_TIMEOUT=5 - -export CONFIG_BOARD_NAME="ThinkPad T480-hotp-maximized"