Add P8Z77-V

Add files via upload Delete placeholder Create z220-cmt-maximized.config Create z220-cmt-hotp-maximized.config Add files via upload Update config.yml Update linux-x230-maximized.config I use an NVME drive. Admittedly adding this to the X230 config isn't ideal because the X230 itself is far from ideal for an NVME SSD. However I suspect someone using something like this or a Z77 board would well like to have the ability to boot from NVME. Update config.yml Delete download_BIOS_clean.sh Create ph Add files via upload Create p8z77-v-tpm1-maximized.config Delete z220-cmt-hotp-maximized.config Delete z220-cmt-maximized.config Delete ph Delete coreboot-z220-cmt.config Add files via upload Create p8z77-v-tpm1-hotp-maximized.config Update config.yml chmod +x blob download script
linuxboot · May 10, 2023 · dd91b09 · dd91b09
1 parent bc148f1
commit dd91b09
Show file tree

Hide file tree

Showing 6 changed files with 192 additions and 0 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -533,6 +533,20 @@ workflows:
           requires:
             - librem_14
 
+      - build:
+          name: p8z77-v-tpm1-maximized
+          target: p8z77-v-tpm1-maximized
+          subcommand: ""
+          requires:
+            - librem_14
+
+      - build:
+          name: p8z77-v-tpm1-hotp-maximized
+          target: p8z77-v-tpm1-hotp-maximized
+          subcommand: ""
+          requires:
+            - librem_14
+
 #      - build:
 #          name: kgpe-d16_workstation-usb_keyboard
 #          target: kgpe-d16_workstation-usb_keyboard

diff --git a/blobs/p8z77-v/download_BIOS_clean.sh b/blobs/p8z77-v/download_BIOS_clean.sh
@@ -0,0 +1,73 @@
+#!/bin/bash
+# P7 ASUS
+
+function printusage {
+  echo "Usage: $0 -m <me_cleaner>(optional)"
+}
+
+BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+if [ "$#" -eq 0 ]; then printusage; fi
+
+while getopts ":m:i:" opt; do
+  case $opt in
+    m)
+      if [ -x "$OPTARG" ]; then
+        MECLEAN="$OPTARG"
+      fi
+      ;;
+  esac
+
+done
+
+if [ -z "$MECLEAN" ]; then
+  MECLEAN=`command -v $BLOBDIR/../../build/x86/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1|head -n1`
+  if [ -z "$MECLEAN" ]; then
+    echo "me_cleaner.py required but not found or specified with -m. Aborting."
+    exit 1;
+  fi
+fi
+
+CAP_ZIP_SHA256SUM="06c034597edeeaaeace86d8b5d4780d1ac9e510b4736f7259cea83bface8fc51  P8Z77-V-ASUS-2104.zip"
+CAP_FILE_SHA256SUM="bd60e7b7d5227147a47509979a748316dd30b314266a92bd8105984f6d540ba4  P8Z77-V-ASUS-2104.CAP"
+#FINAL_IFD_SHA256SUM="f076be608c189da9532484b8152bc34029d1b1a8e28f630799fd474c47cb3f88  $BLOBDIR/ifd.bin"
+FINAL_IFD_SHA256SUM="62a080f5e94c9366ae2f341a03a82c6e1b3fd18c223f250290312c08efd1db06  $BLOBDIR/ifd.bin"
+FINAL_ME_SHA256SUM="8dda1e8360fbb2da05bfcd187f6e7b8a272a67d66bc0074bbfd1410eb35e3e17  $BLOBDIR/me.bin"
+ZIPURL="https://dlcdnets.asus.com/pub/ASUS/mb/LGA1155/P8Z77-V/P8Z77-V-ASUS-2104.zip"
+
+ZIPFILENAME=`echo $ZIPURL | sed 's/.*\///'`
+ROMFILENAME=`echo $ZIPFILENAME | sed 's/\.zip$/\.ROM/'`
+
+extractdir=$(mktemp -d)
+echo "### Creating temp dir $extractdir "
+cd "$extractdir"
+
+echo "### Downloading $ZIPURL"
+wget $ZIPURL || { echo "ERROR: wget failed $ZIPURL" && exit 1; }
+echo "### Verifying expected hash of $ZIPFILENAME"
+echo "$CAP_ZIP_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on downloaded binary..." && exit 1; }
+
+echo "### Extracting Archives"
+unzip $ZIPFILENAME || { echo "Failed unzipping $ZIPFILENAME - Tool installed on host?" && exit 1;}
+
+echo "### Verifying expected hash of $ROMFILENAME"
+echo "$CAP_FILE_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on extracted binary..." && exit 1; }
+
+echo "### extracing BIOS from Capsule"
+dd bs=1024 skip=2 if=P8Z77-V-ASUS-2104.CAP of=P8Z77-V-ASUS-2104.ROM || { echo "Failed to de-cap the ROM..." && exit 1; }
+
+echo "### Applying me_cleaner to neuter and truncate. EFFS,FCRS whitelisted"
+$MECLEAN -S -r -t -d -O  /tmp/unneeded.bin -D "$BLOBDIR/ifd.bin" -M "$BLOBDIR/me.bin" P8Z77-V-ASUS-2104.ROM
+
+#echo "### Modifying VSCC length and identifiers"
+
+#printf '\x00' | dd of="$BLOBDIR/ifd.bin" bs=1 seek=3837 count=1 conv=notrunc
+#printf '\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF' | dd of="$BLOBDIR/ifd.bin" bs=1 seek=3568 count=32 conv=notrunc
+
+echo "### Verifying expected hashes"
+echo "$FINAL_IFD_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on generated IFD bin..." && exit 1; }
+echo "$FINAL_ME_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on generated ME binary..." && exit 1; }
+
+echo "###Cleaning up..."
+cd -
+rm -r "$extractdir"
diff --git a/boards/p8z77-v-tpm1-hotp-maximized/p8z77-v-tpm1-hotp-maximized.config b/boards/p8z77-v-tpm1-hotp-maximized/p8z77-v-tpm1-hotp-maximized.config
@@ -0,0 +1,6 @@
+# Inherit the rest from the base Asus P8Z77-V config.
+include $(pwd)/boards/p8z77-v-tpm1-maximized/p8z77-v-tpm1-maximized.config
+
+CONFIG_HOTPKEY=y
+
+export CONFIG_BOARD_NAME="P8Z77-V-HOTP"
diff --git a/boards/p8z77-v-tpm1-maximized/p8z77-v-tpm1-maximized.config b/boards/p8z77-v-tpm1-maximized/p8z77-v-tpm1-maximized.config
@@ -0,0 +1,81 @@
+# Configuration for Asus P8Z77-V
+#This board is a better choice over the P8H61 for a cost effective Heads + QubesOS desktop with ME neuter+disable compatibility. 
+#The P8H61 ecosystem was complex with multiple variants 
+#(some not even having a TPM header, and others having RamInit issues with some memory sticks), 
+##while less feature rich than the P8Z77 family. The P8H61s that were compatible still required 
+#some ME #sections (FCRS,EFFS) to be whitelisted in order to post, which introduced unknowns. 
+#The P8H61s #also needed a larger flash chip to work with heads than the manufacturer supplied 
+#4M, which add#ed complexity for the average user.
+#
+#The P8Z77-V is able to offer more SATA connectors (2x 6Gb, 4x 3Gb, 2x eSATA) as well as 
+#more full size expansion ports. The board has a PS/2 keyboard port as recommended for QubesOS. 
+##The board comes with 8M flash chip as standard.
+#
+#The i7-3770 is the best CPU available for the board, with VT-x & VT-d both present
+
+#ME & ROM
+#The board supports Intel LGA1155, which allow for ME removal (both neuter+disable work), ME 
+#region resize/shrinking (aka 'maximized' board), as well as VSCC table modification..
+#The blob download script uses the manufacturer supplied ME and IFD and performs the necessary 
+#hashing. The download script also removes the VSCC table by overwriting a NULL at the VSCC 
+#length table and FF bytes at the VSCC identifier table - using a printf with dd. The download 
+#script also resizes the rom layout and minimizes ME while maximizing space.
+#The P8Z77-V comes as standard with an 8Mb Flash chip, which means that no modification is 
+#needed to replace the chip is order to use heads as we shrink ME and 'maximize' this board by 
+#default, leaving just 335396 bytes available.
+#The P8Z77-V has both TPM1 and TPM2 modules available, though at time of writing only the 
+#TPM1 module would be usable with heads until the TPM2 work is completed. All testing was done 
+#with a TPM1 module
+#
+#Test platform
+#BOARD: Asus P8Z77-V
+#RAM: 
+#CPU: Intel E3-1275v2
+#TPM: Modules tested: -
+#
+# note: nohz=off is an optional CONFIG_LINUX_COMMAND_LINE parameter to supress repeated NOHZ: local_softirq_pending console output
+#
+CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
+CONFIG_COREBOOT_CONFIG=config/coreboot-p8z77-v-tpm1.config
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=4.17
+export CONFIG_LINUX_VERSION=4.14.62
+
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+
+# Dependencies for a graphical menu. Enable CONFIG_SLANG and CONFIG_NEWT instead
+# for a console-based menu.
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+CONFIG_LINUX_USB=y
+
+export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_KERNEL_ADD="intel_iommu=igfx_off"
+export CONFIG_BOOT_KERNEL_REMOVE="quiet"
+export CONFIG_BOOT_DEV="/dev/sda1"
+export CONFIG_BOARD_NAME="P8Z77-V"
+export CONFIG_FLASHROM_OPTIONS="-p internal"
+
+# Make the Coreboot build depend on the following 3rd party blobs:
+$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \
+    $(pwd)/blobs/p8z77-v/me.bin $(pwd)/blobs/p8z77-v/ifd.bin
+
+$(pwd)/blobs/p8z77-v/me.bin:
+	COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \
+		$(pwd)/blobs/p8z77-v/download_BIOS_clean.sh
diff --git a/config/coreboot-p8z77-v-tpm1.config b/config/coreboot-p8z77-v-tpm1.config
@@ -0,0 +1,17 @@
+CONFIG_VENDOR_ASUS=y
+CONFIG_CBFS_SIZE=0x7E7000
+CONFIG_BOARD_ASUS_P8Z77_V=y
+CONFIG_HAVE_IFD_BIN=y
+CONFIG_HAVE_ME_BIN=y
+CONFIG_IFD_BIN_PATH="@BLOB_DIR@/p8z77-v/ifd.bin"
+CONFIG_ME_BIN_PATH="@BLOB_DIR@/p8z77-v/me.bin"
+CONFIG_NO_GFX_INIT=y
+CONFIG_TPM_MEASURED_BOOT=y
+CONFIG_TPM1=y
+CONFIG_DRIVERS_PS2_KEYBOARD=y
+CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y
+CONFIG_PAYLOAD_LINUX=y
+CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
+CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"
+CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off nohz=off"
+CONFIG_ONBOARD_VGA_IS_PRIMARY=y
diff --git a/config/linux-x230-maximized.config b/config/linux-x230-maximized.config
@@ -330,3 +330,4 @@ CONFIG_CRC8=m
 CONFIG_XZ_DEC_TEST=m
 CONFIG_CORDIC=m
 CONFIG_IRQ_POLL=y
+CONFIG_BLK_DEV_NVME=y