Skip to content

Commit

Permalink
Bring dasharo+heads MSI boards + code changes from downstream Dasharo…
Browse files Browse the repository at this point in the history 
…/heads fork to upstream

- files: boards + coreboot + linux, borrowed directly from Dasharo@cb43039 tip
- cbfs-init modified as per downstream fork dasharo+heads used modifications (flashrom)
- ash_functions modified as per downstream fork dasharo+heads used modifications (CBFS)
- network-init-recovery modified as per downstream fork dasharo+heads used modifications (igc)
- modules/linux modified as per downstream fork dasharo+heads used modifications (igc)
- modules/coreboot modified as per downstream fork dasharo+heads used modifications (also impact nv41/ns50: coreboot version bump)
- Circleci: added boards being dependent of nv41

This requires Nk3 firmware to be 1.7.1+ as per https://www.nitrokey.com/blog/2024/heads-v25-and-nitrokey-3-firmware-v171-security-updatehttps://www.nitrokey.com/blog/2024/heads-v25-and-nitrokey-3-firmware-v171-security-update

DISCLAIMER: UNTESTED

Sorry, not gonna cherry-pick commits here, way too messy.

Signed-off-by: Thierry Laurion <[email protected]>
  • Loading branch information
@tlaurion
tlaurion committed Aug 9, 2024
1 parent d9e5087 commit 4c4a8c6
Show file tree
Hide file tree
Showing 15 changed files with 7,091 additions and 6 deletions.
28 changes: 28 additions & 0 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -499,6 +499,34 @@ workflows:
requires:
- nitropad-nv41

- build:
name: msi_z690a_ddr4
target: msi_z690a_ddr4
subcommand: ""
requires:
- nitropad-nv41

- build:
name: msi_z690a_ddr5
target: msi_z690a_ddr5
subcommand: ""
requires:
- nitropad-nv41

- build:
name: msi_z790p_ddr4
target: msi_z790p_ddr4
subcommand: ""
requires:
- nitropad-nv41

- build:
name: msi_z790p_ddr5
target: msi_z790p_ddr5
subcommand: ""
requires:
- nitropad-nv41

# coreboot 4.11
- build:
name: UNMAINTAINED_kgpe-d16_workstation
Expand Down
51 changes: 51 additions & 0 deletions boards/msi_z690a_ddr4/msi_z690a_ddr4.config
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# MSI PRO Z690-A DDR4 board configuration

export CONFIG_COREBOOT=y
export CONFIG_COREBOOT_VERSION=dasharo
export CONFIG_LINUX_VERSION=6.1.8

CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z690a_ddr4.config
CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config

CONFIG_KEXEC=y
CONFIG_QRENCODE=y
CONFIG_TPMTOTP=y
CONFIG_POPT=y
CONFIG_FLASHTOOLS=y
CONFIG_FLASHROM=y
CONFIG_PCIUTILS=y
CONFIG_UTIL_LINUX=y
CONFIG_CRYPTSETUP2=y
CONFIG_GPG2=y
CONFIG_LVM2=y
CONFIG_MBEDTLS=y

CONFIG_DROPBEAR=y

CONFIG_HOTPKEY=y

CONFIG_CAIRO=y
CONFIG_FBWHIPTAIL=y

CONFIG_LINUX_USB=y
CONFIG_LINUX_IGC=y

export CONFIG_USB_KEYBOARD=y

export CONFIG_BOOTSCRIPT=/bin/gui-init

export CONFIG_BOOT_KERNEL_ADD=""
export CONFIG_BOOT_KERNEL_REMOVE=""

# TPM2 requirements
export CONFIG_TPM2_TOOLS=y
export CONFIG_PRIMARY_KEY_TYPE=ecc
CONFIG_TPM2_TSS=y
CONFIG_OPENSSL=y

export CONFIG_BOOT_DEV="/dev/nvme0n1"
export CONFIG_BOARD_NAME="MSI PRO Z690-A DDR4"
export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"

# Workaround to access > 16MiB BIOS region on ADL+
export CONFIG_CBFS_VIA_FLASHROM=y
51 changes: 51 additions & 0 deletions boards/msi_z690a_ddr5/msi_z690a_ddr5.config
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# MSI PRO Z690-A (DDR5) board configuration

export CONFIG_COREBOOT=y
export CONFIG_COREBOOT_VERSION=dasharo
export CONFIG_LINUX_VERSION=6.1.8

CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z690a_ddr5.config
CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config

CONFIG_KEXEC=y
CONFIG_QRENCODE=y
CONFIG_TPMTOTP=y
CONFIG_POPT=y
CONFIG_FLASHTOOLS=y
CONFIG_FLASHROM=y
CONFIG_PCIUTILS=y
CONFIG_UTIL_LINUX=y
CONFIG_CRYPTSETUP2=y
CONFIG_GPG2=y
CONFIG_LVM2=y
CONFIG_MBEDTLS=y

CONFIG_DROPBEAR=y

CONFIG_HOTPKEY=y

CONFIG_CAIRO=y
CONFIG_FBWHIPTAIL=y

CONFIG_LINUX_USB=y
CONFIG_LINUX_IGC=y

export CONFIG_USB_KEYBOARD=y

export CONFIG_BOOTSCRIPT=/bin/gui-init

export CONFIG_BOOT_KERNEL_ADD=""
export CONFIG_BOOT_KERNEL_REMOVE=""

# TPM2 requirements
export CONFIG_TPM2_TOOLS=y
export CONFIG_PRIMARY_KEY_TYPE=ecc
CONFIG_TPM2_TSS=y
CONFIG_OPENSSL=y

export CONFIG_BOOT_DEV="/dev/nvme0n1"
export CONFIG_BOARD_NAME="MSI PRO Z690-A"
export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"

# Workaround to access > 16MiB BIOS region on ADL+
export CONFIG_CBFS_VIA_FLASHROM=y
51 changes: 51 additions & 0 deletions boards/msi_z790p_ddr4/msi_z790p_ddr4.config
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# MSI PRO Z790-P DDR4 board configuration

export CONFIG_COREBOOT=y
export CONFIG_COREBOOT_VERSION=dasharo
export CONFIG_LINUX_VERSION=6.1.8

CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z790p_ddr4.config
CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config

CONFIG_KEXEC=y
CONFIG_QRENCODE=y
CONFIG_TPMTOTP=y
CONFIG_POPT=y
CONFIG_FLASHTOOLS=y
CONFIG_FLASHROM=y
CONFIG_PCIUTILS=y
CONFIG_UTIL_LINUX=y
CONFIG_CRYPTSETUP2=y
CONFIG_GPG2=y
CONFIG_LVM2=y
CONFIG_MBEDTLS=y

CONFIG_DROPBEAR=y

CONFIG_HOTPKEY=y

CONFIG_CAIRO=y
CONFIG_FBWHIPTAIL=y

CONFIG_LINUX_USB=y
CONFIG_LINUX_IGC=y

export CONFIG_USB_KEYBOARD=y

export CONFIG_BOOTSCRIPT=/bin/gui-init

export CONFIG_BOOT_KERNEL_ADD=""
export CONFIG_BOOT_KERNEL_REMOVE=""

# TPM2 requirements
export CONFIG_TPM2_TOOLS=y
export CONFIG_PRIMARY_KEY_TYPE=ecc
CONFIG_TPM2_TSS=y
CONFIG_OPENSSL=y

export CONFIG_BOOT_DEV="/dev/nvme0n1"
export CONFIG_BOARD_NAME="MSI PRO Z790-P DDR4"
export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"

# Workaround to access > 16MiB BIOS region on ADL+
export CONFIG_CBFS_VIA_FLASHROM=y
51 changes: 51 additions & 0 deletions boards/msi_z790p_ddr5/msi_z790p_ddr5.config
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# MSI PRO Z790-P (DDR5) board configuration

export CONFIG_COREBOOT=y
export CONFIG_COREBOOT_VERSION=dasharo
export CONFIG_LINUX_VERSION=6.1.8

CONFIG_COREBOOT_CONFIG=config/coreboot-msi_z790p_ddr5.config
CONFIG_LINUX_CONFIG=config/linux-msi-z690-z790.config

CONFIG_KEXEC=y
CONFIG_QRENCODE=y
CONFIG_TPMTOTP=y
CONFIG_POPT=y
CONFIG_FLASHTOOLS=y
CONFIG_FLASHROM=y
CONFIG_PCIUTILS=y
CONFIG_UTIL_LINUX=y
CONFIG_CRYPTSETUP2=y
CONFIG_GPG2=y
CONFIG_LVM2=y
CONFIG_MBEDTLS=y

CONFIG_DROPBEAR=y

CONFIG_HOTPKEY=y

CONFIG_CAIRO=y
CONFIG_FBWHIPTAIL=y

CONFIG_LINUX_USB=y
CONFIG_LINUX_IGC=y

export CONFIG_USB_KEYBOARD=y

export CONFIG_BOOTSCRIPT=/bin/gui-init

export CONFIG_BOOT_KERNEL_ADD=""
export CONFIG_BOOT_KERNEL_REMOVE=""

# TPM2 requirements
export CONFIG_TPM2_TOOLS=y
export CONFIG_PRIMARY_KEY_TYPE=ecc
CONFIG_TPM2_TSS=y
CONFIG_OPENSSL=y

export CONFIG_BOOT_DEV="/dev/nvme0n1"
export CONFIG_BOARD_NAME="MSI PRO Z790-P"
export CONFIG_FLASHROM_OPTIONS="--force --noverify-all -p internal"

# Workaround to access > 16MiB BIOS region on ADL+
export CONFIG_CBFS_VIA_FLASHROM=y
Loading

0 comments on commit 4c4a8c6

Please sign in to comment.