Skip to content

configs/config.hardkernel_odroid_h4_btg: add intel boot guard config #636

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: dasharo-24.02.1
Choose a base branch
from
Open

configs/config.hardkernel_odroid_h4_btg: add intel boot guard config #636

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 68 additions & 0 deletions configs/config.hardkernel_odroid_h4_btg
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
CONFIG_LOCALVERSION="v0.9.0"
CONFIG_OPTION_BACKEND_NONE=y
CONFIG_VENDOR_HARDKERNEL=y
CONFIG_VBOOT=y
CONFIG_EDK2_CPU_THROTTLING_THRESHOLD_DEFAULT=10
CONFIG_IFD_BIN_PATH="3rdparty/dasharo-blobs/$(MAINBOARDDIR)/descriptor.bin"
CONFIG_ME_BIN_PATH="3rdparty/dasharo-blobs/$(MAINBOARDDIR)/me.bin"
CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x100000
CONFIG_PCIEXP_DEFAULT_MAX_RESIZABLE_BAR_BITS=37
CONFIG_HAVE_IFD_BIN=y
CONFIG_EDK2_BOOTSPLASH_FILE="3rdparty/dasharo-blobs/dasharo/bootsplash.bmp"
CONFIG_TPM_MEASURED_BOOT=y
CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y
CONFIG_HAVE_ME_BIN=y
CONFIG_DASHARO_PREFER_S3_SLEEP=y
CONFIG_PCIEXP_SUPPORT_RESIZABLE_BARS=y
CONFIG_DRIVERS_EFI_VARIABLE_STORE=y
CONFIG_DRIVERS_GENERIC_CBFS_SERIAL=y
CONFIG_DRIVERS_GENERIC_CBFS_UUID=y
# CONFIG_DRIVERS_MTK_WIFI is not set
CONFIG_CBFS_VERIFICATION=y
CONFIG_VBOOT_CBFS_INTEGRATION=y
CONFIG_TPM2=y
CONFIG_INTEL_TXT_BIOSACM_FILE="ADL_BIOSAC_v1_18_16_20230427_REL_NT_O1.PW_signed_256K.bin"
CONFIG_INTEL_CBNT_SUPPORT=y
CONFIG_INTEL_CBNT_LOGGING=y
# CONFIG_INTEL_CBNT_GENERATE_KM is not set
# CONFIG_INTEL_CBNT_GENERATE_BPM is not set
Comment on lines +27 to +28
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Besides not generating the KM and BPM, we need to reserve space for the in CBFS so that the tools will replace them with proper manifests later during provisioning and signing. For that to happen we must include dummy manifests (empty 4K files). Example:

fc3babc#diff-d63ca25a460a4aa425dcdc66c092c4df677aa2678c1de4e7e192ddfa2f3760ceR47-R48

CONFIG_INTEL_CBNT_KEY_MANIFEST_BINARY="key_manifest.bin"
CONFIG_INTEL_CBNT_BOOT_POLICY_MANIFEST_BINARY="bpm_manifest.bin"
CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
CONFIG_BOOTMEDIA_LOCK_WPRO_VBOOT_RO=y
CONFIG_BOOTMEDIA_LOCK_IN_VERSTAGE=y
CONFIG_BOOTMEDIA_SMM_BWP=y
CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0=y
CONFIG_PAYLOAD_EDK2=y
CONFIG_EDK2_REPOSITORY="https://github.com/Dasharo/edk2"
CONFIG_EDK2_TAG_OR_REV="7dbfe58ba5dc08e07c253e53b5c1bfed7758ddf6"
CONFIG_EDK2_CBMEM_LOGGING=y
CONFIG_EDK2_FOLLOW_BGRT_SPEC=y
CONFIG_EDK2_SERIAL_SUPPORT=y
CONFIG_BUILD_IPXE=y
CONFIG_IPXE_NO_PROMPT=y
CONFIG_IPXE_ADD_SCRIPT=y
CONFIG_IPXE_SCRIPT="3rdparty/dasharo-blobs/dasharo/dasharo.ipxe"
CONFIG_IPXE_CUSTOM_BUILD_ID="0123456789"
CONFIG_EDK2_SKIP_PS2_DETECT=y
CONFIG_EDK2_ENABLE_IPXE=y
# CONFIG_EDK2_SECURE_BOOT_DEFAULT_ENABLE is not set
CONFIG_EDK2_SATA_PASSWORD=y
CONFIG_EDK2_OPAL_PASSWORD=y
CONFIG_EDK2_SETUP_PASSWORD=y
CONFIG_EDK2_DASHARO_SYSTEM_FEATURES=y
CONFIG_EDK2_DASHARO_SECURITY_OPTIONS=y
CONFIG_EDK2_DASHARO_USB_CONFIG=y
CONFIG_EDK2_DASHARO_NETWORK_CONFIG=y
CONFIG_EDK2_DASHARO_POWER_CONFIG=y
CONFIG_EDK2_CPU_THROTTLING_THRESHOLD_OPTION=y
CONFIG_EDK2_DASHARO_PCI_CONFIG=y
CONFIG_EDK2_DASHARO_SERIAL_REDIRECTION_DEFAULT_ENABLE=y
CONFIG_EDK2_DASHARO_CPU_CONFIG=y
CONFIG_EDK2_CORE_DISABLE_OPTION=y
CONFIG_EDK2_HYPERTHREADING_OPTION=y
CONFIG_EDK2_BOOT_MENU_KEY=0x0015
CONFIG_EDK2_SETUP_MENU_KEY=0x0008
CONFIG_EDK2_CREATE_PREINSTALLED_BOOT_OPTIONS=y
CONFIG_DISPLAY_FSP_CALLS_AND_STATUS=y
CONFIG_DISPLAY_FSP_HEADER=y