mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-25 07:31:07 +00:00
3574e12be9
repro: sed -i '/CONFIG_BOOT_DEV/d' boards/*/*.config unmaintained_boards/*/*.config qemu debug trace on preinstalled OS: [ 3.999725] [U] hello world [ 4.286215] DEBUG: Debug output enabled from board CONFIG_DEBUG_OUTPUT=y option (/etc/config) [ 4.315239] TRACE: Under init [ 4.369379] DEBUG: Applying panic_on_oom setting to sysctl [ 4.588333] TRACE: /bin/cbfs-init(5): main [ 4.728310] TRACE: /bin/cbfs-init(24): main [ 4.867039] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/pubring.kbx [ 4.946757] TRACE: /bin/tpmr(788): main [ 5.006987] DEBUG: TPM: Extending PCR[7] with hash 7ccf4f64044946cf4e5b0efe3d959f00562227ae [ 5.068692] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/pubring.kbx [ 5.326365] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/pubring.kbx [ 5.399511] TRACE: /bin/tpmr(788): main [ 5.460618] DEBUG: TPM: Extending PCR[7] with hash 547ca343719d3aa62af4763357d8c10cb35eae55 [ 5.524608] DEBUG: exec tpm extend -ix 7 -if /.gnupg/pubring.kbx [ 5.752340] TRACE: /bin/cbfs-init(24): main [ 5.908677] DEBUG: TPM: Will extend PCR[7] with hash of filename /.gnupg/trustdb.gpg [ 5.988169] TRACE: /bin/tpmr(788): main [ 6.044996] DEBUG: TPM: Extending PCR[7] with hash 7236ea8e612c1435259a8a0f8e0a8f1f5dba7042 [ 6.101604] DEBUG: exec tpm extend -ix 7 -ic /.gnupg/trustdb.gpg [ 6.371341] DEBUG: TPM: Will extend PCR[7] hash content of file /.gnupg/trustdb.gpg [ 6.451878] TRACE: /bin/tpmr(788): main [ 6.511948] DEBUG: TPM: Extending PCR[7] with hash 4697c489f359b40dd8aec55df52a33b1f580a3df [ 6.572785] DEBUG: exec tpm extend -ix 7 -if /.gnupg/trustdb.gpg [ 6.879519] TRACE: /bin/key-init(6): main [ 8.239618] TRACE: Under /etc/ash_functions:combine_configs [ 8.323781] TRACE: Under /etc/ash_functions:pause_recovery !!! Hit enter to proceed to recovery shell !!! [ 8.572855] TRACE: /bin/setconsolefont.sh(6): main [ 8.631296] DEBUG: Board does not ship setfont, not checking console font [ 8.887295] TRACE: /bin/gui-init(641): main [ 8.920627] TRACE: /etc/functions(715): detect_boot_device [ 9.251212] TRACE: /etc/functions(682): mount_possible_boot_device [ 9.312602] TRACE: /etc/functions(642): is_gpt_bios_grub [ 9.410830] TRACE: /dev/vda1 is partition 1 of vda [ 9.540007] TRACE: /etc/functions(619): find_lvm_vg_name [ 9.707187] TRACE: Try mounting /dev/vda1 as /boot [ 9.766843] EXT4-fs (vda1): mounted filesystem with ordered data mode. Opts: (null) [ 9.825028] TRACE: /bin/gui-init(319): clean_boot_check Signed-off-by: Thierry Laurion <insurgo@riseup.net>
92 lines
3.9 KiB
Makefile
92 lines
3.9 KiB
Makefile
# Configuration for Asus P8Z77-M Pro
|
|
#This board is a better choice over the P8H61 for a cost effective Heads + QubesOS desktop with ME neuter+disable compatibility.
|
|
#The P8H61 ecosystem was complex with multiple variants
|
|
#(some not even having a TPM header, and others having RamInit issues with some memory sticks),
|
|
##while less feature rich than the P8Z77 family. The P8H61s that were compatible still required
|
|
#some ME #sections (FCRS,EFFS) to be whitelisted in order to post, which introduced unknowns.
|
|
#The P8H61s #also needed a larger flash chip to work with heads than the manufacturer supplied
|
|
#4M, which add#ed complexity for the average user.
|
|
#
|
|
#The P8Z77-M Pro is able to offer more SATA connectors (2x 6Gb, 4x 3Gb, 2x eSATA) as well as
|
|
#more full size expansion ports. The board has a PS/2 keyboard port as recommended for QubesOS.
|
|
##The board comes with 8M flash chip as standard.
|
|
#
|
|
#The i7-3770 is the best CPU available for the board, with VT-x & VT-d both present
|
|
|
|
#ME & ROM
|
|
#The board supports Intel LGA1155, which allow for ME removal (both neuter+disable work), ME
|
|
#region resize/shrinking (aka 'maximized' board), as well as VSCC table modification..
|
|
#The blob download script uses the manufacturer supplied ME and IFD and performs the necessary
|
|
#hashing. The download script also removes the VSCC table by overwriting a NULL at the VSCC
|
|
#length table and FF bytes at the VSCC identifier table - using a printf with dd. The download
|
|
#script also resizes the rom layout and minimizes ME while maximizing space.
|
|
#The P8Z77-M Pro comes as standard with an 8Mb Flash chip, which means that no modification is
|
|
#needed to replace the chip is order to use heads as we shrink ME and 'maximize' this board by
|
|
#default, leaving just 335396 bytes available.
|
|
#The P8Z77-M Pro has both TPM1 and TPM2 modules available, though at time of writing only the
|
|
#TPM1 module would be usable with heads until the TPM2 work is completed. All testing was done
|
|
#with a TPM1 module
|
|
#
|
|
#Test platform
|
|
#BOARD: Asus P8Z77-M Pro
|
|
#RAM: 32Gb - 4x TimeTec DDRL3 75TT16NUL2R8-8G
|
|
#CPU: Intel i7 3770
|
|
#TPM: Modules tested: Asus branded TPM 1.02H & Foxconn TPM Krypton Rev 1.0
|
|
#
|
|
# note: nohz=off is an optional CONFIG_LINUX_COMMAND_LINE parameter to supress repeated NOHZ: local_softirq_pending console output
|
|
#
|
|
CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
|
|
CONFIG_COREBOOT_CONFIG=config/coreboot-p8z77-m_pro-tpm1.config
|
|
|
|
export CONFIG_COREBOOT=y
|
|
export CONFIG_COREBOOT_VERSION=4.22.01
|
|
export CONFIG_LINUX_VERSION=5.10.5
|
|
|
|
CONFIG_CRYPTSETUP2=y
|
|
CONFIG_FLASHROM=y
|
|
CONFIG_FLASHTOOLS=y
|
|
CONFIG_GPG2=y
|
|
CONFIG_KEXEC=y
|
|
CONFIG_UTIL_LINUX=y
|
|
CONFIG_LVM2=y
|
|
CONFIG_MBEDTLS=y
|
|
CONFIG_PCIUTILS=y
|
|
CONFIG_POPT=y
|
|
CONFIG_QRENCODE=y
|
|
CONFIG_TPMTOTP=y
|
|
|
|
#platform locking finalization (PR0)
|
|
CONFIG_IO386=y
|
|
export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y
|
|
|
|
# Dependencies for a graphical menu. Enable CONFIG_SLANG and CONFIG_NEWT instead
|
|
# for a console-based menu.
|
|
CONFIG_CAIRO=y
|
|
CONFIG_FBWHIPTAIL=y
|
|
|
|
CONFIG_LINUX_USB=y
|
|
CONFIG_MOBILE_TETHERING=y
|
|
|
|
export CONFIG_TPM=y
|
|
export CONFIG_BOOTSCRIPT=/bin/gui-init
|
|
export CONFIG_BOOT_REQ_HASH=n
|
|
export CONFIG_BOOT_REQ_ROLLBACK=n
|
|
export CONFIG_BOOT_KERNEL_ADD=""
|
|
export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
|
|
export CONFIG_BOARD_NAME="P8Z77-M PRO"
|
|
export CONFIG_FLASHROM_OPTIONS="-p internal"
|
|
#Set this option to zero out the VSCC table https://github.com/osresearch/heads/pull/1358#discussion_r1153251399
|
|
export CONFIG_ZERO_IFD_VSCC=y
|
|
|
|
# Make the Coreboot build depend on the following 3rd party blobs:
|
|
$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \
|
|
$(pwd)/blobs/p8z77-m_pro/me.bin $(pwd)/blobs/p8z77-m_pro/ifd.bin
|
|
|
|
$(pwd)/blobs/p8z77-m_pro/me.bin:
|
|
COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \
|
|
$(pwd)/blobs/p8z77-m_pro/download_BIOS_clean.sh
|
|
|
|
$(pwd)/blobs/p8z77-m_pro/ifd.bin:
|
|
COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \
|
|
$(pwd)/blobs/p8z77-m_pro/download_BIOS_clean.sh
|