Bring dasharo+heads MSI boards from downstream Dasharo/heads to upstream

.circleci/config.yml

@@ -518,6 +518,34 @@ workflows:
           requires:
             - nitropad-nv41
 
+      - build:
+          name: msi_z690a_ddr4
+          target: msi_z690a_ddr4
+          subcommand: ""
+          requires:
+            - nitropad-nv41
+
+      - build:
+          name: msi_z690a_ddr5
+          target: msi_z690a_ddr5
+          subcommand: ""
+          requires:
+            - nitropad-nv41
+
+      - build:
+          name: msi_z790p_ddr4
+          target: msi_z790p_ddr4
+          subcommand: ""
+          requires:
+            - nitropad-nv41
+
+      - build:
+          name: msi_z790p_ddr5
+          target: msi_z790p_ddr5
+          subcommand: ""
+          requires:
+            - nitropad-nv41
+
       # coreboot 4.11
       - build:
           name: UNMAINTAINED_kgpe-d16_workstation

boards/msi_z690a_ddr4/msi_z690a_ddr4.config

@@ -0,0 +1,83 @@
+# MSI PRO Z690-A DDR4 board configuration
+# This version requires 
+#  - A supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key)
+#  - A supported dTPM module
+#Notes:
+# - dGPU support known to be problematic, look for Dasharo HCL
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=dasharo
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z690a_ddr4.config
+CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config
+
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_IGC=y
+#CONFIG_MOBILE_TETHERING=y
+export CONFIG_USB_KEYBOARD=y
+
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+
+#Remote attestation support
+# TPM2 requirements
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=y
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+#export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_DEV="/dev/nvme0n1"
+export CONFIG_BOOT_KERNEL_ADD=""
+export CONFIG_BOOT_KERNEL_REMOVE=""
+export CONFIG_BOARD_NAME="MSI PRO Z690-A DDR4"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+
+# Workaround to access > 16MiB BIOS region on ADL+
+export CONFIG_CBFS_VIA_FLASHROM=y

boards/msi_z690a_ddr5/msi_z690a_ddr5.config

@@ -0,0 +1,83 @@
+# MSI PRO Z690-A (DDR5) board configuration
+# This version requires 
+#  - A supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key)
+#  - A supported dTPM module
+#Notes:
+# - dGPU support known to be problematic, look for Dasharo HCL
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=dasharo
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z690a_ddr5.config
+CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config
+
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_IGC=y
+#CONFIG_MOBILE_TETHERING=y
+export CONFIG_USB_KEYBOARD=y
+
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+
+#Remote attestation support
+# TPM2 requirements
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=y
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+#export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_DEV="/dev/nvme0n1"
+export CONFIG_BOOT_KERNEL_ADD=""
+export CONFIG_BOOT_KERNEL_REMOVE=""
+export CONFIG_BOARD_NAME="MSI PRO Z690-A DDR5"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+
+# Workaround to access > 16MiB BIOS region on ADL+
+export CONFIG_CBFS_VIA_FLASHROM=y

boards/msi_z790p_ddr4/msi_z790p_ddr4.config

@@ -0,0 +1,83 @@
+# MSI PRO Z790-P DDR4 board configuration
+# This version requires 
+#  - A supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key)
+#  - A supported dTPM module
+#Notes:
+# - dGPU support known to be problematic, look for Dasharo HCL
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=dasharo
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z790p_ddr4.config
+CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config
+
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_IGC=y
+#CONFIG_MOBILE_TETHERING=y
+export CONFIG_USB_KEYBOARD=y
+
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+
+#Remote attestation support
+# TPM2 requirements
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=y
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+#export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_DEV="/dev/nvme0n1"
+export CONFIG_BOOT_KERNEL_ADD=""
+export CONFIG_BOOT_KERNEL_REMOVE=""
+export CONFIG_BOARD_NAME="MSI PRO Z790-P DDR4"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+
+# Workaround to access > 16MiB BIOS region on ADL+
+export CONFIG_CBFS_VIA_FLASHROM=y

boards/msi_z790p_ddr5/msi_z790p_ddr5.config

@@ -0,0 +1,83 @@
+# MSI PRO Z790-P (DDR5) board configuration
+# This version requires 
+#  - A supported HOTP Security dongle (Nitrokey Pro/Storage or Librem Key)
+#  - A supported dTPM module
+#Notes:
+# - dGPU support known to be problematic, look for Dasharo HCL
+
+export CONFIG_COREBOOT=y
+export CONFIG_COREBOOT_VERSION=dasharo
+export CONFIG_LINUX_VERSION=6.1.8
+
+CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z790p_ddr5.config
+CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config
+
+#Enable DEBUG output
+#export CONFIG_DEBUG_OUTPUT=y
+#export CONFIG_ENABLE_FUNCTION_TRACING_OUTPUT=y
+#Enable TPM2 pcap output under /tmp
+#export CONFIG_TPM2_CAPTURE_PCAP=y
+
+
+#Additional hardware support
+CONFIG_LINUX_USB=y
+CONFIG_LINUX_IGC=y
+#CONFIG_MOBILE_TETHERING=y
+export CONFIG_USB_KEYBOARD=y
+
+CONFIG_CRYPTSETUP2=y
+CONFIG_FLASHROM=y
+CONFIG_FLASHTOOLS=y
+CONFIG_GPG2=y
+CONFIG_KEXEC=y
+CONFIG_UTIL_LINUX=y
+CONFIG_LVM2=y
+CONFIG_MBEDTLS=y
+CONFIG_PCIUTILS=y
+
+#Remote attestation support
+# TPM2 requirements
+CONFIG_TPM2_TSS=y
+CONFIG_OPENSSL=y
+#Remote Attestation common tools
+CONFIG_POPT=y
+CONFIG_QRENCODE=y
+CONFIG_TPMTOTP=y
+#HOTP based remote attestation for supported USB Security dongle
+#With/Without TPM support
+CONFIG_HOTPKEY=y
+#Nitrokey Storage admin tool (deprecated)
+#CONFIG_NKSTORECLI=n
+#GUI Support
+#Console based Whiptail support(Console based, no FB):
+#CONFIG_SLANG=y
+#CONFIG_NEWT=y
+#FBWhiptail based (Graphical):
+CONFIG_CAIRO=y
+CONFIG_FBWHIPTAIL=y
+
+#Additional tools (tools.cpio):
+#SSH server (requires ethernet drivers, eg: CONFIG_LINUX_E1000E)
+CONFIG_DROPBEAR=y
+
+#Runtime configuration
+#Automatically boot if HOTP is valid
+export CONFIG_AUTO_BOOT_TIMEOUT=5
+#TPM2 requirements
+export CONFIG_TPM2_TOOLS=y
+export CONFIG_PRIMARY_KEY_TYPE=ecc
+#TPM1 requirements
+#export CONFIG_TPM=y
+export CONFIG_BOOTSCRIPT=/bin/gui-init
+#text-based original init:
+#export CONFIG_BOOTSCRIPT=/bin/generic-init
+export CONFIG_BOOT_REQ_HASH=n
+export CONFIG_BOOT_REQ_ROLLBACK=n
+export CONFIG_BOOT_DEV="/dev/nvme0n1"
+export CONFIG_BOOT_KERNEL_ADD=""
+export CONFIG_BOOT_KERNEL_REMOVE=""
+export CONFIG_BOARD_NAME="MSI PRO Z790-P DDR5"
+export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"
+
+# Workaround to access > 16MiB BIOS region on ADL+
+export CONFIG_CBFS_VIA_FLASHROM=y