Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add P8Z77-V #1400

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -533,6 +533,20 @@ workflows:
requires:
- librem_14

- build:
name: p8z77-v-tpm1-maximized
target: p8z77-v-tpm1-maximized
subcommand: ""
requires:
- librem_14

- build:
name: p8z77-v-tpm1-hotp-maximized
target: p8z77-v-tpm1-hotp-maximized
subcommand: ""
requires:
- librem_14

# - build:
# name: kgpe-d16_workstation-usb_keyboard
# target: kgpe-d16_workstation-usb_keyboard
Expand Down
73 changes: 73 additions & 0 deletions blobs/p8z77-v/download_BIOS_clean.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
#!/bin/bash
# P7 ASUS

function printusage {
echo "Usage: $0 -m <me_cleaner>(optional)"
}

BLOBDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

if [ "$#" -eq 0 ]; then printusage; fi

while getopts ":m:i:" opt; do
case $opt in
m)
if [ -x "$OPTARG" ]; then
MECLEAN="$OPTARG"
fi
;;
esac

done

if [ -z "$MECLEAN" ]; then
MECLEAN=`command -v $BLOBDIR/../../build/x86/coreboot-*/util/me_cleaner/me_cleaner.py 2>&1|head -n1`
if [ -z "$MECLEAN" ]; then
echo "me_cleaner.py required but not found or specified with -m. Aborting."
exit 1;
fi
fi

CAP_ZIP_SHA256SUM="06c034597edeeaaeace86d8b5d4780d1ac9e510b4736f7259cea83bface8fc51 P8Z77-V-ASUS-2104.zip"
CAP_FILE_SHA256SUM="bd60e7b7d5227147a47509979a748316dd30b314266a92bd8105984f6d540ba4 P8Z77-V-ASUS-2104.CAP"
#FINAL_IFD_SHA256SUM="f076be608c189da9532484b8152bc34029d1b1a8e28f630799fd474c47cb3f88 $BLOBDIR/ifd.bin"
FINAL_IFD_SHA256SUM="62a080f5e94c9366ae2f341a03a82c6e1b3fd18c223f250290312c08efd1db06 $BLOBDIR/ifd.bin"
FINAL_ME_SHA256SUM="8dda1e8360fbb2da05bfcd187f6e7b8a272a67d66bc0074bbfd1410eb35e3e17 $BLOBDIR/me.bin"
ZIPURL="https://dlcdnets.asus.com/pub/ASUS/mb/LGA1155/P8Z77-V/P8Z77-V-ASUS-2104.zip"

ZIPFILENAME=`echo $ZIPURL | sed 's/.*\///'`
ROMFILENAME=`echo $ZIPFILENAME | sed 's/\.zip$/\.ROM/'`

extractdir=$(mktemp -d)
echo "### Creating temp dir $extractdir "
cd "$extractdir"

echo "### Downloading $ZIPURL"
wget $ZIPURL || { echo "ERROR: wget failed $ZIPURL" && exit 1; }
echo "### Verifying expected hash of $ZIPFILENAME"
echo "$CAP_ZIP_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on downloaded binary..." && exit 1; }

echo "### Extracting Archives"
unzip $ZIPFILENAME || { echo "Failed unzipping $ZIPFILENAME - Tool installed on host?" && exit 1;}

echo "### Verifying expected hash of $ROMFILENAME"
echo "$CAP_FILE_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on extracted binary..." && exit 1; }

echo "### extracing BIOS from Capsule"
dd bs=1024 skip=2 if=P8Z77-V-ASUS-2104.CAP of=P8Z77-V-ASUS-2104.ROM || { echo "Failed to de-cap the ROM..." && exit 1; }

echo "### Applying me_cleaner to neuter and truncate. EFFS,FCRS whitelisted"
$MECLEAN -S -r -t -d -O /tmp/unneeded.bin -D "$BLOBDIR/ifd.bin" -M "$BLOBDIR/me.bin" P8Z77-V-ASUS-2104.ROM

#echo "### Modifying VSCC length and identifiers"

#printf '\x00' | dd of="$BLOBDIR/ifd.bin" bs=1 seek=3837 count=1 conv=notrunc
#printf '\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF' | dd of="$BLOBDIR/ifd.bin" bs=1 seek=3568 count=32 conv=notrunc

echo "### Verifying expected hashes"
echo "$FINAL_IFD_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on generated IFD bin..." && exit 1; }
echo "$FINAL_ME_SHA256SUM" | sha256sum --check || { echo "Failed sha256sum verification on generated ME binary..." && exit 1; }

echo "###Cleaning up..."
cd -
rm -r "$extractdir"
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
# Inherit the rest from the base Asus P8Z77-V config.
include $(pwd)/boards/p8z77-v-tpm1-maximized/p8z77-v-tpm1-maximized.config

CONFIG_HOTPKEY=y

export CONFIG_BOARD_NAME="P8Z77-V-HOTP"
81 changes: 81 additions & 0 deletions boards/p8z77-v-tpm1-maximized/p8z77-v-tpm1-maximized.config
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
# Configuration for Asus P8Z77-V
#This board is a better choice over the P8H61 for a cost effective Heads + QubesOS desktop with ME neuter+disable compatibility.
#The P8H61 ecosystem was complex with multiple variants
#(some not even having a TPM header, and others having RamInit issues with some memory sticks),
##while less feature rich than the P8Z77 family. The P8H61s that were compatible still required
#some ME #sections (FCRS,EFFS) to be whitelisted in order to post, which introduced unknowns.
#The P8H61s #also needed a larger flash chip to work with heads than the manufacturer supplied
#4M, which add#ed complexity for the average user.
#
#The P8Z77-V is able to offer more SATA connectors (2x 6Gb, 4x 3Gb, 2x eSATA) as well as
#more full size expansion ports. The board has a PS/2 keyboard port as recommended for QubesOS.
##The board comes with 8M flash chip as standard.
#
#The i7-3770 is the best CPU available for the board, with VT-x & VT-d both present

#ME & ROM
#The board supports Intel LGA1155, which allow for ME removal (both neuter+disable work), ME
#region resize/shrinking (aka 'maximized' board), as well as VSCC table modification..
#The blob download script uses the manufacturer supplied ME and IFD and performs the necessary
#hashing. The download script also removes the VSCC table by overwriting a NULL at the VSCC
#length table and FF bytes at the VSCC identifier table - using a printf with dd. The download
#script also resizes the rom layout and minimizes ME while maximizing space.
#The P8Z77-V comes as standard with an 8Mb Flash chip, which means that no modification is
#needed to replace the chip is order to use heads as we shrink ME and 'maximize' this board by
#default, leaving just 335396 bytes available.
#The P8Z77-V has both TPM1 and TPM2 modules available, though at time of writing only the
#TPM1 module would be usable with heads until the TPM2 work is completed. All testing was done
#with a TPM1 module
#
#Test platform
#BOARD: Asus P8Z77-V
#RAM:
#CPU: Intel E3-1275v2
#TPM: Modules tested: -
#
# note: nohz=off is an optional CONFIG_LINUX_COMMAND_LINE parameter to supress repeated NOHZ: local_softirq_pending console output
#
CONFIG_LINUX_CONFIG=config/linux-x230-maximized.config
CONFIG_COREBOOT_CONFIG=config/coreboot-p8z77-v-tpm1.config

export CONFIG_COREBOOT=y
export CONFIG_COREBOOT_VERSION=4.17
export CONFIG_LINUX_VERSION=4.14.62

CONFIG_CRYPTSETUP2=y
CONFIG_FLASHROM=y
CONFIG_FLASHTOOLS=y
CONFIG_GPG2=y
CONFIG_KEXEC=y
CONFIG_UTIL_LINUX=y
CONFIG_LVM2=y
CONFIG_MBEDTLS=y
CONFIG_PCIUTILS=y
CONFIG_POPT=y
CONFIG_QRENCODE=y
CONFIG_TPMTOTP=y

# Dependencies for a graphical menu. Enable CONFIG_SLANG and CONFIG_NEWT instead
# for a console-based menu.
CONFIG_CAIRO=y
CONFIG_FBWHIPTAIL=y

CONFIG_LINUX_USB=y

export CONFIG_TPM=y
export CONFIG_BOOTSCRIPT=/bin/gui-init
export CONFIG_BOOT_REQ_HASH=n
export CONFIG_BOOT_REQ_ROLLBACK=n
export CONFIG_BOOT_KERNEL_ADD="intel_iommu=igfx_off"
export CONFIG_BOOT_KERNEL_REMOVE="quiet"
export CONFIG_BOOT_DEV="/dev/sda1"
export CONFIG_BOARD_NAME="P8Z77-V"
export CONFIG_FLASHROM_OPTIONS="-p internal"

# Make the Coreboot build depend on the following 3rd party blobs:
$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \
$(pwd)/blobs/p8z77-v/me.bin $(pwd)/blobs/p8z77-v/ifd.bin

$(pwd)/blobs/p8z77-v/me.bin:
COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \
$(pwd)/blobs/p8z77-v/download_BIOS_clean.sh
17 changes: 17 additions & 0 deletions config/coreboot-p8z77-v-tpm1.config
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
CONFIG_VENDOR_ASUS=y
CONFIG_CBFS_SIZE=0x7E7000
CONFIG_BOARD_ASUS_P8Z77_V=y
CONFIG_HAVE_IFD_BIN=y
CONFIG_HAVE_ME_BIN=y
CONFIG_IFD_BIN_PATH="@BLOB_DIR@/p8z77-v/ifd.bin"
CONFIG_ME_BIN_PATH="@BLOB_DIR@/p8z77-v/me.bin"
CONFIG_NO_GFX_INIT=y
CONFIG_TPM_MEASURED_BOOT=y
CONFIG_TPM1=y
CONFIG_DRIVERS_PS2_KEYBOARD=y
CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8=y
CONFIG_PAYLOAD_LINUX=y
CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"
CONFIG_LINUX_COMMAND_LINE="intel_iommu=igfx_off nohz=off"
CONFIG_ONBOARD_VGA_IS_PRIMARY=y
1 change: 1 addition & 0 deletions config/linux-x230-maximized.config
Original file line number Diff line number Diff line change
Expand Up @@ -330,3 +330,4 @@ CONFIG_CRC8=m
CONFIG_XZ_DEC_TEST=m
CONFIG_CORDIC=m
CONFIG_IRQ_POLL=y
CONFIG_BLK_DEV_NVME=y