# Configuration for Asus P8Z77-M Pro #This board is a better choice over the P8H61 for a cost effective Heads + QubesOS desktop with ME neuter+disable compatibility. #The P8H61 ecosystem was complex with multiple variants #(some not even having a TPM header, and others having RamInit issues with some memory sticks), ##while less feature rich than the P8Z77 family. The P8H61s that were compatible still required #some ME #sections (FCRS,EFFS) to be whitelisted in order to post, which introduced unknowns. #The P8H61s #also needed a larger flash chip to work with heads than the manufacturer supplied #4M, which add#ed complexity for the average user. # #The P8Z77-M Pro is able to offer more SATA connectors (2x 6Gb, 4x 3Gb, 2x eSATA) as well as #more full size expansion ports. The board has a PS/2 keyboard port as recommended for QubesOS. ##The board comes with 8M flash chip as standard. # #The i7-3770 is the best CPU available for the board, with VT-x & VT-d both present #ME & ROM #The board supports Intel LGA1155, which allow for ME removal (both neuter+disable work), ME #region resize/shrinking (aka 'maximized' board), as well as VSCC table modification.. #The blob download script uses the manufacturer supplied ME and IFD and performs the necessary #hashing. The download script also removes the VSCC table by overwriting a NULL at the VSCC #length table and FF bytes at the VSCC identifier table - using a printf with dd. The download #script also resizes the rom layout and minimizes ME while maximizing space. #The P8Z77-M Pro comes as standard with an 8Mb Flash chip, which means that no modification is #needed to replace the chip is order to use heads as we shrink ME and 'maximize' this board by #default, leaving just 335396 bytes available. #The P8Z77-M Pro has both TPM1 and TPM2 modules available, though at time of writing only the #TPM1 module would be usable with heads until the TPM2 work is completed. All testing was done #with a TPM1 module # #Test platform #BOARD: Asus P8Z77-M Pro #RAM: 32Gb - 4x TimeTec DDRL3 75TT16NUL2R8-8G #CPU: Intel i7 3770 #TPM: Modules tested: Asus branded TPM 1.02H & Foxconn TPM Krypton Rev 1.0 # # note: nohz=off is an optional CONFIG_LINUX_COMMAND_LINE parameter to supress repeated NOHZ: local_softirq_pending console output # CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config CONFIG_COREBOOT_CONFIG=config/coreboot-p8z77-m_pro-tpm1.config export CONFIG_COREBOOT=y export CONFIG_COREBOOT_VERSION=4.19 export CONFIG_LINUX_VERSION=5.10.5 CONFIG_CRYPTSETUP2=y CONFIG_FLASHROM=y CONFIG_FLASHTOOLS=y CONFIG_GPG2=y CONFIG_KEXEC=y CONFIG_UTIL_LINUX=y CONFIG_LVM2=y CONFIG_MBEDTLS=y CONFIG_PCIUTILS=y CONFIG_POPT=y CONFIG_QRENCODE=y CONFIG_TPMTOTP=y #platform locking finalization (PR0) CONFIG_IO386=y export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y # Dependencies for a graphical menu. Enable CONFIG_SLANG and CONFIG_NEWT instead # for a console-based menu. CONFIG_CAIRO=y CONFIG_FBWHIPTAIL=y CONFIG_LINUX_USB=y export CONFIG_TPM=y export CONFIG_BOOTSCRIPT=/bin/gui-init export CONFIG_BOOT_REQ_HASH=n export CONFIG_BOOT_REQ_ROLLBACK=n export CONFIG_BOOT_KERNEL_ADD="intel_iommu=on intel_iommu=igfx_off" export CONFIG_BOOT_KERNEL_REMOVE="quiet" export CONFIG_BOOT_DEV="/dev/sda1" export CONFIG_BOARD_NAME="P8Z77-M PRO" export CONFIG_FLASHROM_OPTIONS="-p internal" #Set this option to zero out the VSCC table https://github.com/osresearch/heads/pull/1358#discussion_r1153251399 export CONFIG_ZERO_IFD_VSCC=y # Make the Coreboot build depend on the following 3rd party blobs: $(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \ $(pwd)/blobs/p8z77-m_pro/me.bin $(pwd)/blobs/p8z77-m_pro/ifd.bin $(pwd)/blobs/p8z77-m_pro/me.bin: COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ $(pwd)/blobs/p8z77-m_pro/download_BIOS_clean.sh $(pwd)/blobs/p8z77-m_pro/ifd.bin: COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \ $(pwd)/blobs/p8z77-m_pro/download_BIOS_clean.sh