ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-21 05:53:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
0a823cb491
heads/boards/x230-hotp-maximized_usb-kb/x230-hotp-maximized_usb-kb.config
Jonathon Hall 0a823cb491
Allow laptops to include optional USB keyboard support 
Laptops can include optional USB keyboard support (default off unless
the board also sets the default to 'y').  The setting is in the
configuration GUI.

CONFIG_USER_USB_KEYBOARD is now the user-controlled setting on those
boards.  'CONFIG_USB_KEYBOARD' is no longer used to avoid any conflict
with prior releases that expect this to be a compile-time setting only
(conflicts risk total lock out requiring hardware flash, so some
caution is justified IMO).

Boards previously exporting CONFIG_USB_KEYBOARD now export
CONFIG_USB_KEYBOARD_REQUIRED.  Those boards don't have built-in
keyboards, USB keyboard is always enabled. (librem_mini,
librem_mini_v2, librem_11, librem_l1um, librem_l1um_v2, talos-2,
kgpe-d16_workstation-usb_keyboard, x230-hotp-maximized_usb-kb).

Librem laptops now export CONFIG_SUPPORT_USB_KEYBOARD to enable
optional support.  The default is still 'off'.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2024-01-10 15:38:06 -05:00

78 lines
2.2 KiB
Makefile
Raw Blame History

# Configuration for a X230 running Qubes 4.1 and other Linux Based OSes (through kexec)
#
# Includes
# - Deactivated+neutered ME and expanded consequent IFD BIOS regions
# - Forged 00:DE:AD:C0:FF:EE MAC address (if not extracting gbe.bin from backup with blobs/xx30/extract.sh)
# - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
#
# - Includes:
# Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
# USB Keyboard support
export CONFIG_COREBOOT=y
export CONFIG_COREBOOT_VERSION=4.19
export CONFIG_LINUX_VERSION=5.10.5
CONFIG_COREBOOT_CONFIG=config/coreboot-x230-maximized.config
CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
#Additional hardware support
CONFIG_LINUX_USB=y
CONFIG_LINUX_E1000E=y
export CONFIG_USB_KEYBOARD_REQUIRED=y
CONFIG_CRYPTSETUP2=y
CONFIG_FLASHROM=y
CONFIG_FLASHTOOLS=y
CONFIG_GPG2=y
CONFIG_KEXEC=y
CONFIG_UTIL_LINUX=y
CONFIG_LVM2=y
CONFIG_MBEDTLS=y
CONFIG_PCIUTILS=y
#platform locking finalization (PR0)
CONFIG_IO386=y
export CONFIG_FINALIZE_PLATFORM_LOCKING_PRESKYLAKE=y
#Remote attestation support
#TPM based requirements
export CONFIG_TPM=y
CONFIG_POPT=y
CONFIG_QRENCODE=y
CONFIG_TPMTOTP=y
#HOTP based remote attestation for supported USB Security dongle
#With/Without TPM support
CONFIG_HOTPKEY=y
export CONFIG_AUTO_BOOT_TIMEOUT=5
#Nitrokey Storage admin tool
CONFIG_NKSTORECLI=n
#GUI Support
#Console based Whiptail support(Console based, no FB):
#CONFIG_SLANG=y
#CONFIG_NEWT=y
#FBWhiptail based (Graphical):
CONFIG_CAIRO=y
CONFIG_FBWHIPTAIL=y
#Additional tools:
#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
CONFIG_DROPBEAR=y
export CONFIG_BOOTSCRIPT=/bin/gui-init
export CONFIG_BOOT_REQ_HASH=n
export CONFIG_BOOT_REQ_ROLLBACK=n
export CONFIG_BOOT_KERNEL_ADD=""
export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
export CONFIG_BOOT_DEV="/dev/sda1"
export CONFIG_BOARD_NAME="Thinkpad X230-hotp-maximized_usb-kb"
export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP
BOARD_TARGETS := xx30_me_blobs
# Generate split 4MB top / 8MB bottom ROMs
BOARD_TARGETS += split_8mb4mb
Reference in New Issue View Git Blame Copy Permalink